puppet6-case

大猫喵小猫
104 阅读1分钟
  • openvpn
# temp enable
sysctl -w net.ipv4.ip_forward=1
# permanent enable
vi /etc/sysctl.conf

#SNAT
iptables -vnL POSTROUTING -t nat --line-number
iptables -t nat -A POSTROUTING -s 10.10.8.0/24 -o eth0 -j MASQUERADE
iptables -I INPUT -p tcp --dport '1195' -m comment --comment "openvpn" -j ACCEPT

puppet module install puppet-openvpn --version 9.1.0
#在modules目录下每一个模块都是一个目录
cd /etc/puppetlabs/code/modules/
mkdir vpn/{manifests,files} -pv
cd vpn
#需要在主目录下创建一个init.pp里面创建一个类,类名必须与模块名相同
vim ./manifests/init.pp
echo > ./manifests/init.pp <<-EOF
include ::openvpn

    openvpn::server { 'vpn':
          country      => 'CH',
          province     => 'ZH',
          city         => 'BeiJing',
          organization => 'join.com',
          email        => 'join@join.com',
          logfile		=>'vpn.logs',
          local			=> '172.1.1.2',
          port			=> '1195',
          compression		=> '',
          sndbuf	       =>393216,
	  rcvbuf 	       =>393216,
          server       => '10.10.9.0 255.255.255.0',#admin
          push         => [
           		"sndbuf 393216",
            	"rcvbuf 393216",
              "dhcp-option DNS 114.114.114.114",
              "dhcp-option DNS 1.2.4.8",
            ],
            keepalive   => '10 60',
            duplicate_cn => false,
            c2c          => true,
            custom_options =>{
            	max-clients => 12,
            	script-security => 3,
            }
    }

     # Create the VPN client configs
     # no limit
     openvpn::client { 'vpn_x':
        server   	=> 'vpn',
        port		=>'1195',
	compression		=> '',
        ns_cert_type    => false,
        remote_cert_tls => true,
        remote_host => '<replace public ip>',
      }

      openvpn::client_specific_config { 'vpn_x':
	    server => 'vpn',
	    ifconfig => '10.10.8.5 10.10.8.6',
	  }

EOF

puppet apply -v -d -e 'include vpn'

#ubuntu openvpn client
sudo apt-get install openssl libssl-dev
sudo apt-get install lzop
sudo apt-get install openvpn

# lanuch client
sudo openvpn --config client.ovpn
  • docker case
avatar
文章
阅读
粉丝