vpn: fix cert/username params and conditions

2014-06-22 22:41:53 +02:00 · 2014-06-22 22:41:53 +02:00 · 207c82e834
parent 9e93f9a9e5
commit 207c82e834
1 changed files with 5 additions and 4 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -3,11 +3,12 @@ class ff_gw(
  $ff_mesh_net,
  $ff_as,
  $mesh_mac,
-  $gw_ipv4, $gw_ipv4_netmask = '255.255.192.0',
+  $gw_ipv4, $gw_ipv4_netmask   = '255.255.192.0',
  $gw_ipv6, $gw_ipv6_prefixlen = '64',
  $secret_key,                                      # for fastd
  $vpn_provider = 'mullvad',                        # supported: mullvad or hideme
-  $vpn_ca_crt, $vpn_usr_crt, $vpn_usr_key,          # openvpn x.509 credentials
+  $vpn_ca_crt   = false,                            # openvpn CA cert to verify server
+  $vpn_usr_crt  = false, $vpn_usr_key = false,      # openvpn x.509 credentials
  $vpn_usr_name = false,                            # openvpn user for auth-user-pass
  $vpn_usr_pass = false,                            # openvpn password for auth-user-pass
  $dhcprange_start, $dhcprange_end,
@ -410,7 +411,7 @@ class ff_gw::vpn($provider, $ca_crt, $usr_crt, $usr_key, $usr_name, $usr_pass, $

  # TODO: maybe we should check that provider and auth methods match
  #       atm we trust the caller to give the right combination
-  if str2bool($usr_name) {
+  if $usr_name {
    # hideme config with user/pass file
    file {
      "/etc/openvpn/${provider}/auth.txt":
@ -418,7 +419,7 @@ class ff_gw::vpn($provider, $ca_crt, $usr_crt, $usr_key, $usr_name, $usr_pass, $
        mode    => '0600',
        content => "$usr_name\n$usr_pass\n";
    }
-  } else {
+  } elsif $usr_crt {
    # mullvad config with x.509
    file {
      "/etc/openvpn/${provider}/client.crt":