2020-05-15 10:34:57 +02:00
|
|
|
#jinja2: lstrip_blocks: True
|
|
|
|
|
{{ ansible_managed | comment }}
|
|
|
|
|
dev tun
|
|
|
|
|
persist-tun
|
|
|
|
|
persist-key
|
2023-06-13 12:19:44 +02:00
|
|
|
{% if openvpn_client_cipher is defined %}
|
2020-05-15 10:34:57 +02:00
|
|
|
cipher {{ openvpn_client_cipher }}
|
2023-06-13 12:19:44 +02:00
|
|
|
{% endif %}
|
2020-05-15 10:34:57 +02:00
|
|
|
auth {{ openvpn_client_auth }}
|
|
|
|
|
client
|
|
|
|
|
resolv-retry infinite
|
2023-06-13 12:19:44 +02:00
|
|
|
remote {{ openvpn_client_server }} {{ openvpn_client_port }} {{ openvpn_client_proto }}
|
|
|
|
|
lport 0
|
|
|
|
|
{% if openvpn_client_x509_subject is defined %}
|
|
|
|
|
verify-x509-name "{{ openvpn_client_x509_subject }}" subject
|
2020-05-15 10:34:57 +02:00
|
|
|
{% endif %}
|
2023-06-13 12:19:44 +02:00
|
|
|
remote-cert-tls server
|
2020-05-15 14:57:08 +02:00
|
|
|
{% if openvpn_client_ca_file is defined %}
|
2020-05-15 10:34:57 +02:00
|
|
|
ca /etc/openvpn/certs/{{ openvpn_client_ca_file }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if openvpn_client_cert_file is defined and openvpn_client_cert_source is defined %}
|
|
|
|
|
cert /etc/openvpn/certs/{{ openvpn_client_cert_file }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if openvpn_client_key_file is defined and openvpn_client_key_source is defined %}
|
|
|
|
|
key /etc/openvpn/certs/{{ openvpn_client_key_file }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if openvpn_client_ta_file is defined and openvpn_client_ta_source is defined %}
|
|
|
|
|
tls-auth /etc/openvpn/certs/{{ openvpn_client_ta_file }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
key-direction 1
|
