2020-05-15 08:34:57 +00:00
|
|
|
#jinja2: lstrip_blocks: True
|
|
|
|
{{ ansible_managed | comment }}
|
|
|
|
dev tun
|
|
|
|
persist-tun
|
|
|
|
persist-key
|
|
|
|
cipher {{ openvpn_client_cipher }}
|
|
|
|
ncp-disable
|
|
|
|
auth {{ openvpn_client_auth }}
|
|
|
|
tls-client
|
|
|
|
client
|
|
|
|
resolv-retry infinite
|
|
|
|
remote {{ openvpn_client_server }}
|
|
|
|
nobind
|
|
|
|
{% if openvpn_client_x509_name is defined %}
|
|
|
|
verify-x509-name "{{ openvpn_client_x509_name }}" name
|
|
|
|
{% endif %}
|
2020-05-15 12:57:08 +00:00
|
|
|
{% if openvpn_client_ca_file is defined %}
|
2020-05-15 08:34:57 +00:00
|
|
|
ca /etc/openvpn/certs/{{ openvpn_client_ca_file }}
|
|
|
|
{% endif %}
|
|
|
|
{% if openvpn_client_cert_file is defined and openvpn_client_cert_source is defined %}
|
|
|
|
cert /etc/openvpn/certs/{{ openvpn_client_cert_file }}
|
|
|
|
{% endif %}
|
|
|
|
{% if openvpn_client_key_file is defined and openvpn_client_key_source is defined %}
|
|
|
|
key /etc/openvpn/certs/{{ openvpn_client_key_file }}
|
|
|
|
{% endif %}
|
|
|
|
{% if openvpn_client_ta_file is defined and openvpn_client_ta_source is defined %}
|
|
|
|
tls-auth /etc/openvpn/certs/{{ openvpn_client_ta_file }}
|
|
|
|
{% endif %}
|
|
|
|
key-direction 1
|
|
|
|
remote-cert-tls server
|
|
|
|
comp-lzo adaptive
|