/usr/share/zentyal/stubs/openvpn/openvpn.conf.mas is in zentyal-openvpn 2.3.10+quantal1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 | <%args>
$name
$dev
$port
$proto
$caCertificatePath
$certificatePath
$key
$crlVerify => undef
$subnet
$subnetNetmask
$local => undef
$clientToClient => 0
$user
$group
$dh
$tlsRemote => undef
$logFile
$statusLogFile
$pidFile => undef
$ippFile
@advertisedNets => ()
$clientConfigDir => undef
$redirectGw => undef
$dns1 => undef
$dns2 => undef
$searchDomain => undef
$wins => undef
</%args>
<%init>
my $multihome = 0;
# multihomed UDP server ?
if ($proto eq 'udp') {
if (not $local) {
$multihome = 1;
}
}
</%init>
# EBox OpenVPN 2.0 config file for server <% $name %>
# Which local IP address should OpenVPN
# listen on? (optional)
<& valueEntry, entry => 'local', value => $local &>
<& boolEntry, entry => 'multihome', value => $multihome &>
# Which TCP/UDP port should OpenVPN listen on?
<& valueEntry, entry => 'port', value => $port &>
# TCP or UDP server?
<& valueEntry, entry => 'proto', value => $proto &>
# virtual device
<& valueEntry, entry => 'dev', value => $dev &>
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key).
<& valueEntry, entry => 'ca', value => "'$caCertificatePath'" &>
<& valueEntry, entry => 'cert', value => "'$certificatePath'" &>
<& valueEntry, entry => 'key', value => "'$key'" &> # This file should be kept secret
# check peer certificate against certificate revokation list
<& valueEntry, entry => 'crl-verify', value => $crlVerify &>
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
#dh /etc/openvpn/dh1024.pem
<& valueEntry, entry => 'dh', value => $dh &>
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
server <% $subnet %> <% $subnetNetmask %>
# Maintain a record of client <-> virtual IP address
# associations in this file.
ifconfig-pool-persist <% "'$ippFile'" %>
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN
;push "redirect-gateway"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
<& boolEntry, entry => 'client-to-client', value => $clientToClient &>
# The keepalive directive causes ping-like
# messages to be sent back and forth over
keepalive 10 120
# client certificate common name authentication
<& valueEntry, entry=> 'tls-remote', value => $tlsRemote &>
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
;tls-auth ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# group and user for the OpenVPN
# daemon's privileges after initialization.
<& valueEntry, entry => 'user', value => $user &>
<& valueEntry, entry => 'group', value => $group &>
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
# Write the PID file for compatibility with Ubuntu init.d script
<& valueEntry, entry => 'writepid', value => $pidFile &>
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status <% "'$statusLogFile'" %>
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
log-append <% "'$logFile'" %>
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
% if ($redirectGw) {
push "redirect-gateway def1"
% }
% if ($dns1) {
push "dhcp-option DNS <% $dns1 %>"
% }
% if ($dns2) {
push "dhcp-option DNS <% $dns2 %>"
% }
% if ($wins) {
push "dhcp-option WINS <% $wins %>"
% }
% if ($searchDomain) {
push "dhcp-option DOMAIN <% $searchDomain %>"
% }
% if ($clientConfigDir) {
client-config-dir <% $clientConfigDir %>
% }
<& advertisedNets, nets => \@advertisedNets &>
<%def valueEntry>
<%args>
$entry
$value
</%args>
% if (defined $value) {
<% $entry %> <% $value %>
%}
</%def>
<%def boolEntry>
<%args>
$entry
$value
</%args>
% if ($value) {
<% $entry %>
%}
</%def>
<%def advertisedNets>
<%args>
@nets
</%args>
% foreach my $net (@nets) {
% my ($net, $netmask) = @{ $net };
push "route <% $net %> <% $netmask %>"
%}
</%def>
|