diff --git a/pillars/roles/ca/vpnclients.sls b/pillars/roles/ca/vpnclients.sls index 03a555f..194cb11 100644 --- a/pillars/roles/ca/vpnclients.sls +++ b/pillars/roles/ca/vpnclients.sls @@ -3,3 +3,5 @@ ca: type: client masau-llm.actcur.com: type: client + masau-apm.actcur.com: + type: client diff --git a/pillars/roles/services/vpnserver.sls b/pillars/roles/services/vpnserver.sls new file mode 100644 index 0000000..eca6655 --- /dev/null +++ b/pillars/roles/services/vpnserver.sls @@ -0,0 +1,3 @@ +services: + vpnserver: + openvpn-server@server.service: [] diff --git a/states/roles/maintain/pass/php.ini b/states/roles/maintain/pass/php.ini index 70768ed..798b3db 100644 --- a/states/roles/maintain/pass/php.ini +++ b/states/roles/maintain/pass/php.ini @@ -897,7 +897,7 @@ extension=gd.so extension=iconv.so ;extension=imap.so ;extension=intl.so -;extension=ldap.so +extension=ldap.so extension=mcrypt.so extension=mysqli.so ;extension=odbc.so diff --git a/states/roles/maintain/vpnserver/init.sls b/states/roles/maintain/vpnserver/init.sls index c429895..af86d10 100644 --- a/states/roles/maintain/vpnserver/init.sls +++ b/states/roles/maintain/vpnserver/init.sls @@ -39,3 +39,10 @@ vpn-ca-cert: - user: root - group: root - mode: 644 + +vpn-server-service: + service.running: + - name: openvpn-server@server.service + - enable: true + - watch: + - file: vpn-server-conf diff --git a/states/roles/maintain/vpnserver/server.conf b/states/roles/maintain/vpnserver/server.conf index ed08e21..bd7eb2f 100644 --- a/states/roles/maintain/vpnserver/server.conf +++ b/states/roles/maintain/vpnserver/server.conf @@ -98,7 +98,7 @@ dh dh.pem # Each client will be able to reach the server # on 10.8.0.1. Comment this line out if you are # ethernet bridging. See the man page for more info. -server 10.8.0.0 255.255.255.0 +server 172.16.50.0 255.255.255.0 # Maintain a record of client <-> virtual IP address # associations in this file. If OpenVPN goes down or @@ -138,7 +138,7 @@ ifconfig-pool-persist ipp.txt # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. -;push "route 192.168.10.0 255.255.255.0" +push "route 172.16.0.0 255.255.0.0" ;push "route 192.168.20.0 255.255.255.0" # To assign specific IP addresses to specific @@ -189,7 +189,7 @@ ifconfig-pool-persist ipp.txt # (The OpenVPN server machine may need to NAT # or bridge the TUN/TAP interface to the internet # in order for this to work properly). -;push "redirect-gateway def1 bypass-dhcp" +push "redirect-gateway def1 bypass-dhcp" # Certain Windows-specific network settings # can be pushed to clients, such as DNS @@ -197,7 +197,7 @@ ifconfig-pool-persist ipp.txt # http://openvpn.net/faq.html#dhcpcaveats # The addresses below refer to the public # DNS servers provided by opendns.com. -;push "dhcp-option DNS 208.67.222.222" +push "dhcp-option DNS 172.16.40.20" ;push "dhcp-option DNS 208.67.220.220" # Uncomment this directive to allow different