From 1435bf2e2a133ac282aeb57c60563153202141f5 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Tue, 13 Jun 2023 12:19:44 +0200 Subject: [PATCH] chore: drop deprecated options --- defaults/main.yml | 5 +++-- templates/etc/openvpn/client.conf.j2 | 15 +++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 7db34ff..ad60263 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,15 +2,16 @@ openvpn_client_name: client openvpn_client_server: vpn.example.com openvpn_client_port: 1194 +openvpn_client_proto: udp openvpn_service_state: started openvpn_client_packages_extra: [] -openvpn_client_cipher: AES-256-CBC +# openvpn_client_cipher: AES-256-CBC openvpn_client_auth: SHA512 -# openvpn_client_x509_name: +# openvpn_client_x509_subject: openvpn_client_ca_file: "/etc/pki/tls/certs/ca-bundle.crt" # openvpn_client_ca_source: diff --git a/templates/etc/openvpn/client.conf.j2 b/templates/etc/openvpn/client.conf.j2 index 78621b4..44d9f07 100644 --- a/templates/etc/openvpn/client.conf.j2 +++ b/templates/etc/openvpn/client.conf.j2 @@ -3,17 +3,18 @@ dev tun persist-tun persist-key +{% if openvpn_client_cipher is defined %} cipher {{ openvpn_client_cipher }} -ncp-disable +{% endif %} auth {{ openvpn_client_auth }} -tls-client client resolv-retry infinite -remote {{ openvpn_client_server }} {{ openvpn_client_port }} -nobind -{% if openvpn_client_x509_name is defined %} -verify-x509-name "{{ openvpn_client_x509_name }}" name +remote {{ openvpn_client_server }} {{ openvpn_client_port }} {{ openvpn_client_proto }} +lport 0 +{% if openvpn_client_x509_subject is defined %} +verify-x509-name "{{ openvpn_client_x509_subject }}" subject {% endif %} +remote-cert-tls server {% if openvpn_client_ca_file is defined %} ca /etc/openvpn/certs/{{ openvpn_client_ca_file }} {% endif %} @@ -27,5 +28,3 @@ key /etc/openvpn/certs/{{ openvpn_client_key_file }} tls-auth /etc/openvpn/certs/{{ openvpn_client_ta_file }} {% endif %} key-direction 1 -remote-cert-tls server -comp-lzo adaptive