-
Notifications
You must be signed in to change notification settings - Fork 52
pfsense_openvpn_override
Orion Poplawski edited this page Jan 13, 2023
·
1 revision
Manage pfSense OpenVPN Client Specific Overrides
ADDED IN: version 0.5.0 of pfsensible.core
OPTIONS (= is mandatory):
- block
Block this client connection based on its common name.
default: false
type: bool
- custom_options
Additional options to add for this client specific override,
separated by a semicolon.
default: null
type: str
- descr
The description of the override.
default: null
type: str
- disable
Disable this override.
default: false
type: bool
- gwredir
Redirect IPv4 gateway.
default: false
type: bool
- local_network
IPv4 networks that will be accessible from the remote
endpoint.
default: null
type: str
- local_networkv6
IPv6 networks that will be accessible from the remote
endpoint.
default: null
type: str
= name
The name of the override. The X.509 common name for the client
certificate, or the username for VPNs utilizing password
authentication.
This match is case sensitive.
type: str
- netbios_enable
Enable NetBIOS over TCP/IP.
default: false
type: bool
- netbios_ntype
NetBIOS Node Type. Possible options: b-node (broadcasts),
p-node (point-to-point name queries to a WINS server),
m-node (broadcast then query name server), and h-node (query
name server, then broadcast). Default is 'none'.
choices: [none, b-node, p-node, m-node, h-node]
default: null
type: str
- netbios_scope
A NetBIOS Scope ID provides an extended naming service for
NetBIOS over TCP/IP. The NetBIOS scope ID isolates NetBIOS
traffic on a single network to
only those nodes with the same NetBIOS scope ID.
default: null
type: str
- push_reset
Prevent this client from receiving any server-defined client
settings.
default: false
type: bool
- remote_network
IPv4 networks that will be routed through the tunnel.
default: null
type: str
- remote_networkv6
IPv6 networks that will be routed through the tunnel.
default: null
type: str
- server_list
A list of OpenVPN servers this applies to.
default: null
elements: str
type: list
- state
State in which to leave the override
choices: [present, absent]
default: present
type: str
- tunnel_network
IPv4 virtual network used for private communications between
this server and client hosts expressed using CIDR notation.
default: null
type: str
- tunnel_networkv6
IPv6 virtual network used for private communications between
this server and client hosts expressed using CIDR notation.
default: null
type: str
- wins_server_enable
Provide a WINS server list to clients,
default: false
type: bool
AUTHOR: Orion Poplawski (@opoplawski)
METADATA:
metadata_version: '1.1'
status:
- preview
supported_by: community
EXAMPLES:
- name: Set IP address for user
pfsense_openvpn_override:
name: username
custom_options: ifconfig-push 10.8.0.2 255.255.255.0
state: present
- name: Remove override for user
pfsense_opevpn_override:
name: username
state: absent
RETURN VALUES:
- commands
The set of commands that would be pushed to the remote device
(if pfSense had a CLI).
returned: always
sample: [create OpenVPN override 'username']
type: list
- vpnids
A list of VPN IDs that the override applies to.
returned: always
sample: [1, 2]
type: list