vpn: fix cert/username params and conditions
This commit is contained in:
parent
9e93f9a9e5
commit
207c82e834
|
@ -3,11 +3,12 @@ class ff_gw(
|
||||||
$ff_mesh_net,
|
$ff_mesh_net,
|
||||||
$ff_as,
|
$ff_as,
|
||||||
$mesh_mac,
|
$mesh_mac,
|
||||||
$gw_ipv4, $gw_ipv4_netmask = '255.255.192.0',
|
$gw_ipv4, $gw_ipv4_netmask = '255.255.192.0',
|
||||||
$gw_ipv6, $gw_ipv6_prefixlen = '64',
|
$gw_ipv6, $gw_ipv6_prefixlen = '64',
|
||||||
$secret_key, # for fastd
|
$secret_key, # for fastd
|
||||||
$vpn_provider = 'mullvad', # supported: mullvad or hideme
|
$vpn_provider = 'mullvad', # supported: mullvad or hideme
|
||||||
$vpn_ca_crt, $vpn_usr_crt, $vpn_usr_key, # openvpn x.509 credentials
|
$vpn_ca_crt = false, # openvpn CA cert to verify server
|
||||||
|
$vpn_usr_crt = false, $vpn_usr_key = false, # openvpn x.509 credentials
|
||||||
$vpn_usr_name = false, # openvpn user for auth-user-pass
|
$vpn_usr_name = false, # openvpn user for auth-user-pass
|
||||||
$vpn_usr_pass = false, # openvpn password for auth-user-pass
|
$vpn_usr_pass = false, # openvpn password for auth-user-pass
|
||||||
$dhcprange_start, $dhcprange_end,
|
$dhcprange_start, $dhcprange_end,
|
||||||
|
@ -410,7 +411,7 @@ class ff_gw::vpn($provider, $ca_crt, $usr_crt, $usr_key, $usr_name, $usr_pass, $
|
||||||
|
|
||||||
# TODO: maybe we should check that provider and auth methods match
|
# TODO: maybe we should check that provider and auth methods match
|
||||||
# atm we trust the caller to give the right combination
|
# atm we trust the caller to give the right combination
|
||||||
if str2bool($usr_name) {
|
if $usr_name {
|
||||||
# hideme config with user/pass file
|
# hideme config with user/pass file
|
||||||
file {
|
file {
|
||||||
"/etc/openvpn/${provider}/auth.txt":
|
"/etc/openvpn/${provider}/auth.txt":
|
||||||
|
@ -418,7 +419,7 @@ class ff_gw::vpn($provider, $ca_crt, $usr_crt, $usr_key, $usr_name, $usr_pass, $
|
||||||
mode => '0600',
|
mode => '0600',
|
||||||
content => "$usr_name\n$usr_pass\n";
|
content => "$usr_name\n$usr_pass\n";
|
||||||
}
|
}
|
||||||
} else {
|
} elsif $usr_crt {
|
||||||
# mullvad config with x.509
|
# mullvad config with x.509
|
||||||
file {
|
file {
|
||||||
"/etc/openvpn/${provider}/client.crt":
|
"/etc/openvpn/${provider}/client.crt":
|
||||||
|
|
Loading…
Reference in a new issue