Skip to content

pfsense_openvpn_client

Orion Poplawski edited this page Jan 13, 2023 · 3 revisions

pfsensible.core.pfsense_openvpn_client


        Manage pfSense OpenVPN configuration

ADDED IN: version 0.5.0 of pfsensible.core

OPTIONS (= is mandatory):

- authmode
        Authentication clients.  Required if mode == client_tls_user.
        default: []
        elements: str
        type: list

- ca
        Certificate Authority name.
        default: null
        type: str

- cert
        Client certificate name.
        default: null
        type: str

- cert_depth
        Depth of certificates to check.
        default: 1
        type: int

- client2client
        Allow communication between clients connected to this client.
        default: false
        type: bool

- compression
        Allowed compression to be used with this VPN instance.
        choices: [adaptive, '']
        default: adaptive
        type: str

- compression_push
        Push the selected Compression setting to connecting clients.
        default: false
        type: bool

- create_gw
        Which gateway types to create.
        choices: [both]
        default: both
        type: str

- crl
        Certificate Revocation List name.
        default: null
        type: str

- custom_options
        Custom openvpn options.
        default: null
        type: str

- data_ciphers
        Allowed cryptographic algorithms.
        choices: [AES-256-CBC, AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305]
        default: null
        elements: str
        type: list

- data_ciphers_fallback
        Fallback cryptographic algorithm.
        choices: [AES-256-CBC, AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305]
        default: AES-256-CBC
        type: str

- dev_mode
        Device mode.
        choices: [tun, tap]
        default: tun
        type: str

- dh_length
        DH parameter length.
        default: 2048
        type: int

- digest
        Auth digest algorithm.
        choices: [SHA256, SHA1]
        default: SHA256
        type: str

- disable
        Is the OpenVPN config disabled.
        default: false
        type: bool

- dns_client1
        DNS client 1.
        default: ''
        type: str

- dns_client2
        DNS client 2.
        default: ''
        type: str

- dns_client3
        DNS client 3.
        default: ''
        type: str

- dns_client4
        DNS client 4.
        default: ''
        type: str

- dns_domain
        DNS default domain.
        default: ''
        type: str

- dynamic_ip
        Allow connected clients to retain their connections if their
        IP address changes.
        default: false
        type: bool

- ecdh_curve
        Elliptic Curve to use for key exchange.
        choices: [none, prime256v1, secp384r1, secp521r1]
        default: none
        type: str

- gwredir
        Redirect IPv4 gateway.
        default: false
        type: bool

- gwredir6
        Redirect IPv6 gateway.
        default: false
        type: bool

- interface
        The interface for OpenVPN to listen on.
        default: wan
        type: str

- maxclients
        The maximum number of clients allowed to concurrently connect
        to this client.
        default: null
        type: int

- mode
        The client mode.
        choices: [p2p_tls, p2p_shared_key]
        default: p2p_tls
        type: str

= name
        The name of the OpenVPN configuration.
        type: str

- ncp_enable
        Enable data encryption negotiation.
        default: false
        type: bool

- passtos
        Set the TOS IP header value of tunnel packets to match the
        encapsulated packet value.
        default: false
        type: bool

- protocol
        The protocol.
        choices: [UDP4, TCP4]
        default: UDP4
        type: str

- push_register_dns
        Push DNS to client.
        default: false
        type: bool

- remote_network
        IPv4 networks that will be routed through the tunnel.
        default: ''
        type: str

- remote_networkv6
        IPv6 networks that will be routed through the tunnel.
        default: ''
        type: str

= server_addr
        The address for OpenVPN to connect to.
        type: str

- server_port
        The port for OpenVPN to connect to.
        default: 1194
        type: int

- shared_key
        Pre-shared key for shared key modes.
        default: null
        type: str

- state
        State in which to leave the OpenVPN config.
        choices: [present, absent]
        default: present
        type: str

- strictuserdn
        Enforce a match between the common name of the client
        certificate and the username given at login.
        default: false
        type: bool

- tls
        TLS Key.  If set to 'generate' it will create a key if one
        does not already exist.
        default: null
        type: str

- topology
        The method used to supply a virtual adapter IP address to
        clients when using TUN mode on IPv4.
        choices: [net30, subnet]
        default: subnet
        type: str

- tunnel_network
        IPv4 virtual network used for private communications between
        this client and client hosts expressed using CIDR notation.
        default: ''
        type: str

- tunnel_networkv6
        IPv6 virtual network used for private communications between
        this client and client hosts expressed using CIDR notation.
        default: ''
        type: str

- verbosity_level
        Verbosity level.
        default: 3
        type: int


AUTHOR: Orion Poplawski (@opoplawski)

EXAMPLES:

- name: "Add OpenVPN client"
  pfsense_openvpn_client:
    name: 'OpenVPN Client'