-
Notifications
You must be signed in to change notification settings - Fork 52
pfsense_openvpn_client
Orion Poplawski edited this page Jan 13, 2023
·
3 revisions
Manage pfSense OpenVPN configuration
ADDED IN: version 0.5.0 of pfsensible.core
OPTIONS (= is mandatory):
- authmode
Authentication clients. Required if mode == client_tls_user.
default: []
elements: str
type: list
- ca
Certificate Authority name.
default: null
type: str
- cert
Client certificate name.
default: null
type: str
- cert_depth
Depth of certificates to check.
default: 1
type: int
- client2client
Allow communication between clients connected to this client.
default: false
type: bool
- compression
Allowed compression to be used with this VPN instance.
choices: [adaptive, '']
default: adaptive
type: str
- compression_push
Push the selected Compression setting to connecting clients.
default: false
type: bool
- create_gw
Which gateway types to create.
choices: [both]
default: both
type: str
- crl
Certificate Revocation List name.
default: null
type: str
- custom_options
Custom openvpn options.
default: null
type: str
- data_ciphers
Allowed cryptographic algorithms.
choices: [AES-256-CBC, AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305]
default: null
elements: str
type: list
- data_ciphers_fallback
Fallback cryptographic algorithm.
choices: [AES-256-CBC, AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305]
default: AES-256-CBC
type: str
- dev_mode
Device mode.
choices: [tun, tap]
default: tun
type: str
- dh_length
DH parameter length.
default: 2048
type: int
- digest
Auth digest algorithm.
choices: [SHA256, SHA1]
default: SHA256
type: str
- disable
Is the OpenVPN config disabled.
default: false
type: bool
- dns_client1
DNS client 1.
default: ''
type: str
- dns_client2
DNS client 2.
default: ''
type: str
- dns_client3
DNS client 3.
default: ''
type: str
- dns_client4
DNS client 4.
default: ''
type: str
- dns_domain
DNS default domain.
default: ''
type: str
- dynamic_ip
Allow connected clients to retain their connections if their
IP address changes.
default: false
type: bool
- ecdh_curve
Elliptic Curve to use for key exchange.
choices: [none, prime256v1, secp384r1, secp521r1]
default: none
type: str
- gwredir
Redirect IPv4 gateway.
default: false
type: bool
- gwredir6
Redirect IPv6 gateway.
default: false
type: bool
- interface
The interface for OpenVPN to listen on.
default: wan
type: str
- maxclients
The maximum number of clients allowed to concurrently connect
to this client.
default: null
type: int
- mode
The client mode.
choices: [p2p_tls, p2p_shared_key]
default: p2p_tls
type: str
= name
The name of the OpenVPN configuration.
type: str
- ncp_enable
Enable data encryption negotiation.
default: false
type: bool
- passtos
Set the TOS IP header value of tunnel packets to match the
encapsulated packet value.
default: false
type: bool
- protocol
The protocol.
choices: [UDP4, TCP4]
default: UDP4
type: str
- push_register_dns
Push DNS to client.
default: false
type: bool
- remote_network
IPv4 networks that will be routed through the tunnel.
default: ''
type: str
- remote_networkv6
IPv6 networks that will be routed through the tunnel.
default: ''
type: str
= server_addr
The address for OpenVPN to connect to.
type: str
- server_port
The port for OpenVPN to connect to.
default: 1194
type: int
- shared_key
Pre-shared key for shared key modes.
default: null
type: str
- state
State in which to leave the OpenVPN config.
choices: [present, absent]
default: present
type: str
- strictuserdn
Enforce a match between the common name of the client
certificate and the username given at login.
default: false
type: bool
- tls
TLS Key. If set to 'generate' it will create a key if one
does not already exist.
default: null
type: str
- topology
The method used to supply a virtual adapter IP address to
clients when using TUN mode on IPv4.
choices: [net30, subnet]
default: subnet
type: str
- tunnel_network
IPv4 virtual network used for private communications between
this client and client hosts expressed using CIDR notation.
default: ''
type: str
- tunnel_networkv6
IPv6 virtual network used for private communications between
this client and client hosts expressed using CIDR notation.
default: ''
type: str
- verbosity_level
Verbosity level.
default: 3
type: int
AUTHOR: Orion Poplawski (@opoplawski)
EXAMPLES:
- name: "Add OpenVPN client"
pfsense_openvpn_client:
name: 'OpenVPN Client'