Vox Pupuli Tasks Repositories About
Log in

GitHub puppet-openvpn
OpenVPN module for puppet including client config/cert creation

Repo Checks ( 16 of 26 successfull )
Metadata Valid
No translation
passed
Correct Puppet Version Range
Supported Puppet version range is %{PUPPET_SUPPORT_RANGE}
passed
With Puppet Version Range
Puppet version range is present in requirements in metadata.json
passed
With Operatingsystem Support
No translation
passed
Operatingsystems
No translation
passed
Supports Only Current Ubuntu
No translation
passed
Supports Latest Ubuntu
No translation
failed
Supports Only Current Debian
No translation
failed
Supports Latest Debian
No translation
passed
Supports Only Current Redhat
No translation
passed
Supports Latest Redhat
No translation
passed
Supports Only Current Centos
No translation
passed
Supports Latest Centos
No translation
failed
Supports Only Current Archlinux
No translation
failed
Supports Latest Archlinux
No translation
failed
Supports Only Current Freebsd
No translation
failed
Supports Latest Freebsd
No translation
failed
Supports Only Current Solaris
No translation
failed
Supports Latest Solaris
No translation
failed
In Modulesync Repo
Is listed as a module managed using modulesync_config
passed
Synced
Has a .msync.yml file
passed
Latest Modulesync
Has been synchronized with the latest tagged version of modulesync_config
failed
Has Modulesync
Is present in voxpupuli/modulesync_config/managed_modules.yml
passed
Released
Is in modulesync_config and in forge releases.
passed
Valid Sync File
If a (optional) sync file is present, it must not contain a `.travis.yml` entry.
passed
Reference Dot Md
The repository has a REFERENCE.md. It needs to be generated / puppet-strings documentation is missing.
passed

Open Pull Requests

easy-rsa 3.0 by default for FreeBSD
enhancement
needs-work
tests-fail
merge-conflicts

easy-rsa2 was removed from FreeBSD ports tree, see:
https://svnweb.freebsd.org/ports?view=revision&revision=r504939

switch to easy-rsa 3, tested on FreeBSD 12.0-RELEASE, FreeBSD 13-CURENT

Open PR in GitHub
modulesync 7.5.0
modulesync

modulesync 5.3.0

Open PR in GitHub
puppetlabs/stdlib: Allow 9.x
enhancement
Open PR in GitHub
add route_ipv6 to openvpn::client_specific_config

Pull Request (PR) description

When configuring IPv6 routes, I noticed that I can add client-specific routes for IPv4, but not for IPv6.

This PR resolves this.

This Pull Request (PR) fixes the following issues

no issue created.

Open PR in GitHub
Fixing issue #211; allow to not manage client service or correctly manage it
bug
merge-conflicts

Fixes #211

Should manage the service for openvpn client service correctly. Service restart on configuration changes does not work due to dependency cycles I wasn't able to solve.

Only tested on Amazon linux (like RedHat 7).

Open PR in GitHub
Add Puppet 8 support
enhancement
Open PR in GitHub
Add RHEL9

Pull Request (PR) description

RHEL 9 has the same layout as RHEL 8

Open PR in GitHub
Remove legacy top-scope syntax
Open PR in GitHub
Explicitly specify the path to the easy-rsa vars file

Pull Request (PR) description

When puppet-openvpn runs ./easyrsa gen-crl, it fails with:
```
Found: /opt/local/etc/easyrsa/vars
Found: /opt/local/etc/openvpn/someName/easy-rsa/vars

Easy-RSA error:

Conflicting 'vars' files found.

Priority should be given to your PKI vars file:
* /opt/local/etc/openvpn/someName/easy-rsa/pki/vars

EasyRSA Version Information
Version: 3.1.4
Generated: Wed May 24 07:02:30 CDT 2023
SSL Lib: OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)
Git Commit: a7284a1857dcd157d5f606561c86cb79c9c5091f
Source Repo: https://github.com/OpenVPN/easy-rsa
Host: 3.1.4 | nix | SunOS | /bin/bash
```

This PR sets the EASYRSA_VARS_FILE environment variable, so that easyrsa knows which vars file to use.

This Pull Request (PR) fixes the following issues

n/a

Open PR in GitHub
puppetlabs/stdlib: Allow 9.x
enhancement
tests-fail
Open PR in GitHub
puppetlabs/concat: Allow 9.x
enhancement

contains: #453

Open PR in GitHub
Drop CentOs 8 support
backwards-incompatible

contains: #453 #458 #457 #459

Open PR in GitHub
Add CentOs 9 support
enhancement

contains: #453 #458 #457

Open PR in GitHub
Easyrsa version range

Pull Request (PR) description

This pull request addresses 3 problems:
1. Since easy-rsa version 3.0.3 the name of the easy-rsa configuration file did change from "openssl-1.0.cnf" to "openssl-easyrsa.cnf"
The following is a link to the corresponding commit:
https://github.com/OpenVPN/easy-rsa/commit/e8cd6c980742bb86c34286e655346778275cc36d.
To tackle that problem I would like to introduce easy-rsa version ranges and change the file name if a version above 3.0.3 is used.
2. I did also run into a problem with the "./easy-rsa build-server-full" command which opened an input prompt, which could be suppressed using the "--batch" option
3. The whole openssl output with text gets copied to the client configuration file. I've added a exec resource which runs the "openssl" command with the "-noout" option to suppress the unnecessary text output.

Open PR in GitHub
Relax dependencies version requirements
enhancement
  • Allow puppetlabs-stdlib 9.x
  • Allow puppetlabs-concat 9.x
Open PR in GitHub
Support data-ciphers and data-ciphers-fallback options

Pull Request (PR) description

Support data-ciphers and data-ciphers-fallback options for OpenVPN 2.5.

This Pull Request (PR) fixes the following issues: n/a

Open PR in GitHub
add service-notify to scheduled crl_auto_renew exec
needs-feedback

Pull Request (PR) description

If using crlautorenew and the crl is recreated, the service has to be reloaded,
otherwise clients can't connect if crl is getting verified. (seen on centos7)

This Pull Request (PR) fixes the following issues

no issue created, but i can if it helps

Open PR in GitHub
set proto correct if running as tcp-client
tests-fail

See documentation for proto:
–proto p
Use protocol p for communicating with remote host. p can be udp, tcp-client, or tcp-server.The default protocol is udp when –proto is not specified.

This might be wron implemented as there is also a proto field for the
remote argument:
–remote host [port] [proto]
Remote host name or IP address. On the client, multiple –remote options may be specified for redundancy, each referring to a different OpenVPN server. Specifying multiple –remote options for this purpose is a special case of the more general connection-profile feature. See the documentation below.The OpenVPN client will try to connect to a server at host:port in the order specified by the list of –remote options.
proto indicates the protocol to use when connecting with the remote, and may be “tcp” or “udp”.

For forcing IPv4 or IPv6 connection suffix tcp or udp with 4/6 like udp4/udp6/tcp4/tcp6.

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

<!--
Replace this comment with a description of your pull request.
-->

This Pull Request (PR) fixes the following issues

<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->

Open PR in GitHub
Fix of deprecation warning
needs-work
tests-fail

Pull Request (PR) description

Fix of deprecation warning:
Warning: The source_permissions parameter is deprecated. Explicitly set owner, group, and mode.
(file: .../manifests/ca.pp, line: 127)

This Pull Request (PR) fixes the following issues

Replaced:
source_permissions => 'use',

With:
owner => 'root',
mode => '0755',

This is tested on puppet-agent 5.5.7-1 on Ubuntu Xenial, puppetserver 5.3.6-1 Ubuntu Xenial.

Open PR in GitHub
Add Puppet 8 support
enhancement

includes: #453 #458

Open PR in GitHub
Update to the latest EasyRSA 3.x vars file syntax

Pull Request (PR) description

Fixes issue where EasyRSA 3.1.3 and later would fail with the following error:

These problems have been found in your 'vars' settings:
Use of 'export':
Remove 'export' or replace it with 'set_var'.

This Pull Request (PR) fixes the following issues

Fixes #417

Open PR in GitHub