agregamos conexiones tcp 443

Desarrollo-CeSPI · Apr 12, 2017 · c0be033 · c0be033
1 parent 4d68ab7
commit c0be033
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 2 deletions.
diff --git a/attributes/default.rb b/attributes/default.rb
@@ -21,6 +21,7 @@
 
 # Network configuration.
 default['mo_openvpn']['config']['server']                 = '10.8.0.0 255.255.255.0'
+default['mo_openvpn']['config']['server_tcp']                 = '10.9.0.0 255.255.255.0'
 
 # Server specific
 # client 'push routes', attribute is treated as a helper

diff --git a/metadata.rb b/metadata.rb
@@ -4,7 +4,7 @@
 license          'MIT'
 description      'Installs/Configures mo_openvpn'
 long_description 'Installs/Configures mo_openvpn'
-version          '0.1.0'
+version          '0.1.2'
 
 depends 'apt',              '~> 2.7.0'
 depends 'simple_iptables',  '~> 0.7.0'

diff --git a/recipes/default.rb b/recipes/default.rb
@@ -47,6 +47,19 @@
   notifies :restart, 'service[openvpn]'
 end
 
+template '/etc/openvpn/server-tcp.conf' do
+  source 'server-tcp.conf.erb'
+  owner 'root'
+  group 'root'
+  variables({
+    server_network: node['mo_openvpn']['config']['server_tcp'],
+    routes: node['mo_openvpn']['push_routes'],
+    cert_filename: "#{node['fqdn']}.crt",
+    key_filename: "#{node['fqdn']}.key"
+  })
+  notifies :restart, 'service[openvpn]'
+end
+
 cookbook_file '/etc/default/openvpn' do
   source 'openvpn'
   mode 0644
@@ -64,10 +77,14 @@
 
 node.set["simple_iptables"]["ipv4"]["tables"] = (Array(node["simple_iptables"]["ipv4"]["tables"]) + [ "nat" ]).uniq
 
+nets = [node['mo_openvpn']['config']['server'],node['mo_openvpn']['config']['server_tcp']].map do |net|
+  "--source #{net.gsub(' ', '/')}"
+end
+
 simple_iptables_rule "nat" do
   table "nat"
   chain "POSTROUTING"
+  rule nets
   direction "POSTROUTING"
-  rule "--source #{node['mo_openvpn']['config']['server'].gsub(' ', '/')}"
   jump "SNAT --to-source #{node['ipaddress']}"
 end
diff --git a/templates/default/server-tcp.conf.erb b/templates/default/server-tcp.conf.erb
@@ -0,0 +1,26 @@
+port 443
+proto tcp
+dev tun
+
+ca keys/ca.crt
+cert keys/<%= @cert_filename %>
+key keys/<%= @key_filename %>
+dh keys/dh.pem
+crl-verify keys/crl.pem
+
+server <%= @server_network %>
+
+ifconfig-pool-persist ipp.txt
+
+<% @routes.each do |route| %>
+  push "route <%= route %>"
+<% end %>
+
+keepalive 10 120
+comp-lzo
+persist-key
+persist-tun
+verb 3
+status openvpn-status.log
+
+plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth