openvpn-formula

Travis CI Build Status Semantic Release

Formula to install and configure openvpn server and client.

1. General notes

See the full SaltStack Formulas installation and usage instructions.

If you are interested in writing or contributing to formulas, please pay attention to the Writing Formula Section.

If you want to use this formula, please pay attention to the FORMULA file and/or git tag, which contains the currently released version. This formula is versioned according to Semantic Versioning.

See Formula Versioning Section for more details.

If you need (non-default) configuration, please refer to:

2. Contributing to this repo

Commit message formatting is significant!!

Please see How to contribute for more details.

3. Available states

3.1. openvpn

Installs OpenVPN.

3.2. openvpn.config

Configures OpenVPN client and server. Multiple clients and servers are possible.

3.3. openvpn.gui

Configures OpenVPN GUI (Windows only). Sets global registry settings as described here.

3.4. openvpn.adapters

Manages TAP-Windows device adapters (Windows only). Ensures that any devices specified with dev_node in pillar exist.

3.5. openvpn.ifconfig_pool_persist

Installs and configures an ifconfig_pool_persist file. Used to assign host IPs.

3.6. openvpn.network_manager_networks

Don’t setup a OpenVPN client service, but add ready-to-use NetworkManager configurations.

4. Examples

See openvpn/pillar.example.

5. Notes

This formula does can optionally deploy certificates and keys, but does not generate them. This must be done manually or with another formula.

6. Testing

Linux testing is done with kitchen-salt.

6.1. Requirements

  • Ruby

  • Docker

$ gem install bundler
$ bundle install
$ bin/kitchen test [platform]

Where [platform] is the platform name defined in kitchen.yml, e.g. debian-9-2019-2-py3.

6.2. bin/kitchen converge

Creates the docker instance and runs the openvpn main state, ready for testing.

6.3. bin/kitchen verify

Runs the inspec tests on the actual instance.

6.4. bin/kitchen destroy

Removes the docker instance.

6.5. bin/kitchen test

Runs all of the stages above in one go: i.e. destroy + converge
verify + destroy.

6.6. bin/kitchen login

Gives you SSH access to the instance for manual testing.

7. Testing with Vagrant

Windows/FreeBSD/OpenBSD testing is done with kitchen-salt.

7.1. Requirements

  • Ruby

  • Virtualbox

  • Vagrant

7.2. Setup

$ gem install bundler
$ bundle install --with=vagrant
$ bin/kitchen test [platform]

Where [platform] is the platform name defined in kitchen.vagrant.yml, e.g. windows-81-latest-py3.

7.3. Note

When testing using Vagrant you must set the environment variable KITCHEN_LOCAL_YAML to kitchen.vagrant.yml. For example:

$ KITCHEN_LOCAL_YAML=kitchen.vagrant.yml bin/kitchen test      # Alternatively,
$ export KITCHEN_LOCAL_YAML=kitchen.vagrant.yml
$ bin/kitchen test

Then run the following commands as needed.

7.4. bin/kitchen converge

Creates the Vagrant instance and runs the openvpn main state, ready for testing.

7.5. bin/kitchen verify

Runs the inspec tests on the actual instance.

7.6. bin/kitchen destroy

Removes the Vagrant instance.

7.7. bin/kitchen test

Runs all of the stages above in one go: i.e. destroy + converge
verify + destroy.

7.8. bin/kitchen login

Gives you RDP/SSH access to the instance for manual testing.