54 lines
1.4 KiB
Text
54 lines
1.4 KiB
Text
|
# Specify that we are a client and that we
|
||
|
# will be pulling certain config file directives
|
||
|
# from the server.
|
||
|
client
|
||
|
|
||
|
# Use the same setting as you are using on
|
||
|
# the server.
|
||
|
# On most systems, the VPN will not function
|
||
|
# unless you partially or fully disable
|
||
|
# the firewall for the TUN/TAP interface.
|
||
|
dev tun
|
||
|
|
||
|
# Are we connecting to a TCP or
|
||
|
# UDP server? Use the same setting as
|
||
|
# on the server.
|
||
|
proto udp
|
||
|
|
||
|
# The hostname/IP and port of the server.
|
||
|
# You can have multiple remote entries
|
||
|
# to load balance between the servers.
|
||
|
remote {{ salt['mine.get']('roles:kubernetes-master', 'network.ip_addrs', 'grain').keys()[0] }} 1194
|
||
|
|
||
|
# Keep trying indefinitely to resolve the
|
||
|
# host name of the OpenVPN server. Very useful
|
||
|
# on machines which are not permanently connected
|
||
|
# to the internet such as laptops.
|
||
|
resolv-retry infinite
|
||
|
|
||
|
# Most clients don't need to bind to
|
||
|
# a specific local port number.
|
||
|
nobind
|
||
|
|
||
|
# Try to preserve some state across restarts.
|
||
|
persist-key
|
||
|
persist-tun
|
||
|
|
||
|
# SSL/TLS parms.
|
||
|
# See the server config file for more
|
||
|
# description. It's best to use
|
||
|
# a separate .crt/.key file pair
|
||
|
# for each client. A single ca
|
||
|
# file can be used for all clients.
|
||
|
ca /etc/openvpn/ca.crt
|
||
|
cert /etc/openvpn/client.crt
|
||
|
key /etc/openvpn/client.key
|
||
|
|
||
|
# Enable compression on the VPN link.
|
||
|
# Don't enable this unless it is also
|
||
|
# enabled in the server config file.
|
||
|
comp-lzo
|
||
|
|
||
|
# Set log file verbosity.
|
||
|
verb 3
|