network/salt/vpn/openvpn.conf

{%- set conf = pillar['openvpn'][name] %}
client
dev {{ name }}
dev-type tun
tun-ipv6
proto udp

remote {{ conf['server'] }}
resolv-retry infinite
nobind

user nobody
group nogroup
persist-key
persist-tun

log /var/log/openvpn-{{ name }}.log

#ifconfig-noexec
route 0.0.0.0 0.0.0.0
#route-nopull
up /etc/openvpn/{{ name }}.up
script-security 2

auth-user-pass /etc/openvpn/{{ name }}.auth
auth-retry nointeract

ca [inline]

tls-client
tls-auth [inline]
ns-cert-type server

keepalive 10 30
cipher AES-256-CBC
persist-key
persist-tun
comp-lzo


passtos
verb 0


<ca>
{{ conf['ca'] }}
</ca>

<tls-auth>
{{ conf['key'] }}
</tls-auth>
this is the shit 2016-11-15 01:33:17 +01:00			`{%- set conf = pillar['openvpn'][name] %}`
			`client`
			`dev {{ name }}`
			`dev-type tun`
			`tun-ipv6`
			`proto udp`

			`remote {{ conf['server'] }}`
			`resolv-retry infinite`
			`nobind`

			`user nobody`
			`group nogroup`
			`persist-key`
			`persist-tun`

			`log /var/log/openvpn-{{ name }}.log`

			`#ifconfig-noexec`
			`route 0.0.0.0 0.0.0.0`
			`#route-nopull`
more of the good stuff 2016-11-16 01:17:28 +01:00			`up /etc/openvpn/{{ name }}.up`
this is the shit 2016-11-15 01:33:17 +01:00			`script-security 2`

			`auth-user-pass /etc/openvpn/{{ name }}.auth`
			`auth-retry nointeract`

			`ca [inline]`

			`tls-client`
			`tls-auth [inline]`
			`ns-cert-type server`

			`keepalive 10 30`
			`cipher AES-256-CBC`
			`persist-key`
			`persist-tun`
			`comp-lzo`


			`passtos`
			`verb 0`


			`<ca>`
			`{{ conf['ca'] }}`
			`</ca>`

			`<tls-auth>`
			`{{ conf['key'] }}`
			`</tls-auth>`