Skip to content

Instantly share code, notes, and snippets.

@luxflux

luxflux/local.pp

Last active August 29, 2015 14:16
Show Gist options
  • Save luxflux/e8c8ff07f3c5739733af to your computer and use it in GitHub Desktop.
Save luxflux/e8c8ff07f3c5739733af to your computer and use it in GitHub Desktop.
Download ZIP
Raw
local.pp
node default {
yumrepo { "epel": enabled => 1 }
Package { require => Yumrepo['epel'] }
openvpn::server { 'winterthur':
country => 'CH',
province => 'ZH',
city => 'Winterthur',
organization => 'example.org',
email => '[email protected]',
server => '10.200.200.0 255.255.255.0',
}
# define clients
openvpn::client { 'client1':
server => 'winterthur',
}
}
Raw
output_server_local_client
[root@ip-10-1-3-85 ec2-user]# cd /etc/openvpn/winterthur/download-configs/client1/
[root@ip-10-1-3-85 client1]# openvpn --config client1.conf
Tue Mar 3 09:15:23 2015 OpenVPN 2.3.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 10 2014
Tue Mar 3 09:15:23 2015 library versions: OpenSSL 1.0.1k-fips 8 Jan 2015, LZO 2.08
Tue Mar 3 09:15:23 2015 Socket Buffers: R=[87380->131072] S=[20480->131072]
Tue Mar 3 09:15:23 2015 Attempting to establish TCP connection with [AF_INET]10.1.3.85:1194 [nonblock]
Tue Mar 3 09:15:23 2015 TCP connection established with [AF_INET]10.1.3.85:1194
Tue Mar 3 09:15:23 2015 TCPv4_CLIENT link local: [undef]
Tue Mar 3 09:15:23 2015 TCPv4_CLIENT link remote: [AF_INET]10.1.3.85:1194
Tue Mar 3 09:15:23 2015 TLS: Initial packet from [AF_INET]10.1.3.85:1194, sid=388ec1a6 1a44ac4b
Tue Mar 3 09:15:23 2015 VERIFY OK: depth=1, C=CH, ST=ZH, L=Winterthur, O=example.org, CN=example.org CA, [email protected]
Tue Mar 3 09:15:23 2015 VERIFY OK: nsCertType=SERVER
Tue Mar 3 09:15:23 2015 VERIFY OK: depth=0, C=CH, ST=ZH, L=Winterthur, O=example.org, CN=server, [email protected]
Tue Mar 3 09:15:23 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Mar 3 09:15:23 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 3 09:15:23 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Mar 3 09:15:23 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 3 09:15:23 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Mar 3 09:15:23 2015 [server] Peer Connection Initiated with [AF_INET]10.1.3.85:1194
Tue Mar 3 09:15:26 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Mar 3 09:15:26 2015 PUSH: Received control message: 'PUSH_REPLY,route 10.200.200.1,topology net30,ifconfig 10.200.200.6 10.200.200.5'
Tue Mar 3 09:15:26 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar 3 09:15:26 2015 OPTIONS IMPORT: route options modified
Tue Mar 3 09:15:26 2015 ROUTE_GATEWAY 10.1.3.1/255.255.255.0 IFACE=eth0 HWADDR=0a:ee:76:49:fe:11
Tue Mar 3 09:15:26 2015 TUN/TAP device tun1 opened
Tue Mar 3 09:15:26 2015 TUN/TAP TX queue length set to 100
Tue Mar 3 09:15:26 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Mar 3 09:15:26 2015 /sbin/ip link set dev tun1 up mtu 1500
Tue Mar 3 09:15:26 2015 /sbin/ip addr add dev tun1 local 10.200.200.6 peer 10.200.200.5
Tue Mar 3 09:15:26 2015 /sbin/ip route add 10.200.200.1/32 via 10.200.200.5
Tue Mar 3 09:15:26 2015 Initialization Sequence Completed
Raw
output_tunnelblick
2015-03-03 10:23:34 *Tunnelblick: OS X 10.10.2; Tunnelblick 3.4.3 (build 4055.4198); prior version 3.3.4 (build 3518.3872)
2015-03-03 10:23:34 *Tunnelblick: Attempting connection with client1 using shadow copy; Set nameserver = 1; monitoring connection
2015-03-03 10:23:34 *Tunnelblick: openvpnstart start client1.tblk 1337 1 0 1 0 16688 -ptADGNWradsgnw 2.3.6
2015-03-03 10:23:34 *Tunnelblick: openvpnstart starting OpenVPN
2015-03-03 10:23:35 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 8 2015
2015-03-03 10:23:35 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
2015-03-03 10:23:35 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2015-03-03 10:23:35 Need hold release from management interface, waiting...
2015-03-03 10:23:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2015-03-03 10:23:36 *Tunnelblick: Established communication with OpenVPN
2015-03-03 10:23:36 MANAGEMENT: CMD 'pid'
2015-03-03 10:23:36 MANAGEMENT: CMD 'state on'
2015-03-03 10:23:36 MANAGEMENT: CMD 'state'
2015-03-03 10:23:36 MANAGEMENT: CMD 'bytecount 1'
2015-03-03 10:23:36 MANAGEMENT: CMD 'hold release'
2015-03-03 10:23:36 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-03-03 10:23:36 Socket Buffers: R=[196724->65536] S=[9216->65536]
2015-03-03 10:23:36 UDPv4 link local: [undef]
2015-03-03 10:23:36 UDPv4 link remote: [AF_INET]54.165.251.188:1194
2015-03-03 10:23:36 MANAGEMENT: >STATE:1425374616,WAIT,,,
2015-03-03 10:23:37 MANAGEMENT: >STATE:1425374617,AUTH,,,
2015-03-03 10:23:37 TLS: Initial packet from [AF_INET]54.165.251.188:1194, sid=cbdac1a2 7a34ec9d
2015-03-03 10:23:37 VERIFY OK: depth=1, C=CH, ST=ZH, L=Winterthur, O=example.org, CN=example.org CA, [email protected]
2015-03-03 10:23:37 VERIFY OK: nsCertType=SERVER
2015-03-03 10:23:37 VERIFY OK: depth=0, C=CH, ST=ZH, L=Winterthur, O=example.org, CN=server, [email protected]
2015-03-03 10:23:39 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2015-03-03 10:23:39 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-03 10:23:39 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2015-03-03 10:23:39 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-03 10:23:39 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2015-03-03 10:23:39 [server] Peer Connection Initiated with [AF_INET]54.165.251.188:1194
2015-03-03 10:23:40 MANAGEMENT: >STATE:1425374620,GET_CONFIG,,,
2015-03-03 10:23:41 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2015-03-03 10:23:41 PUSH: Received control message: 'PUSH_REPLY,route 10.200.200.1,topology net30,ifconfig 10.200.200.6 10.200.200.5'
2015-03-03 10:23:41 OPTIONS IMPORT: --ifconfig/up options modified
2015-03-03 10:23:41 OPTIONS IMPORT: route options modified
2015-03-03 10:23:41 Opened utun device utun0
2015-03-03 10:23:41 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2015-03-03 10:23:41 MANAGEMENT: >STATE:1425374621,ASSIGN_IP,,10.200.200.6,
2015-03-03 10:23:41 /sbin/ifconfig utun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2015-03-03 10:23:41 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2015-03-03 10:23:41 /sbin/ifconfig utun0 10.200.200.6 10.200.200.5 mtu 1500 netmask 255.255.255.255 up
2015-03-03 10:23:41 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw utun0 1500 1542 10.200.200.6 10.200.200.5 init
**********************************************
Start of output from client.up.tunnelblick.sh
No network configuration changes need to be made.
Will NOT monitor for other network configuration changes.
End of output from client.up.tunnelblick.sh
**********************************************
2015-03-03 10:23:43 MANAGEMENT: >STATE:1425374623,ADD_ROUTES,,,
2015-03-03 10:23:43 /sbin/route add -net 10.200.200.1 10.200.200.5 255.255.255.255
add net 10.200.200.1: gateway 10.200.200.5
2015-03-03 10:23:43 Initialization Sequence Completed
2015-03-03 10:23:43 MANAGEMENT: >STATE:1425374623,CONNECTED,SUCCESS,10.200.200.6,54.165.251.188
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment