├── .gitignore ├── .travis.yml ├── Gemfile ├── Guardfile ├── LICENSE ├── README.md ├── Rakefile ├── attributes ├── default.rb └── use_community_repos.rb ├── files └── default │ └── tests │ └── minitest │ ├── default_test.rb │ └── support │ └── helpers.rb ├── metadata.rb ├── recipes ├── client.rb ├── default.rb ├── logrotate.rb ├── use_community_repos.rb └── users.rb ├── spec ├── client_spec.rb ├── default_spec.rb ├── logrotate_spec.rb ├── spec_helper.rb ├── support │ ├── Cheffile │ ├── data_bags │ │ ├── test1-users │ │ │ └── foo.json │ │ ├── test2-users │ │ │ └── foo.json │ │ └── test3-users │ │ │ └── foo.json │ ├── gemfiles │ │ └── Gemfile.chef11 │ ├── helpers.rb │ └── my-cookbooks │ │ └── openvpn-files │ │ └── files │ │ └── default │ │ ├── test1-ca.crt │ │ ├── test1-dh.pem │ │ ├── test1.crt │ │ ├── test1.key │ │ ├── test11-ca.crt │ │ ├── test11-foo.conf │ │ ├── test12-ca.crt │ │ ├── test12-foo.conf │ │ ├── test12-foo.crt │ │ ├── test12-foo.key │ │ ├── test13-ca.crt │ │ ├── test13-foo.conf │ │ ├── test13-foo.crt │ │ ├── test13-foo.key │ │ ├── test2-ca.crt │ │ ├── test2-dh.pem │ │ ├── test2-foo.crt │ │ ├── test2-foo.key │ │ ├── test2.crt │ │ ├── test2.key │ │ ├── test3-ca.crt │ │ ├── test3-dh.pem │ │ ├── test3-foo.crt │ │ ├── test3-foo.key │ │ ├── test3.crt │ │ └── test3.key ├── use_community_repos_spec.rb └── users_spec.rb ├── templates └── default │ ├── auth.rb.erb │ ├── client.conf.erb │ └── server.conf.erb └── test └── kitchen ├── Kitchenfile └── cookbooks └── openvpn_test ├── LICENSE ├── README.md ├── attributes └── default.rb ├── files └── default │ ├── test1-ca.crt │ ├── test1.crt │ ├── test1.key │ ├── test2-ca.crt │ ├── test2.crt │ ├── test2.key │ ├── test3-ca.crt │ ├── test3.crt │ └── test3.key ├── metadata.rb └── recipes └── default.rb /.gitignore: -------------------------------------------------------------------------------- 1 | *.lock 2 | .kitchen 3 | spec/support/cookbooks/ 4 | spec/support/tmp/ 5 | tmp/ 6 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: ruby 2 | 3 | rvm: 4 | - 1.9.3 5 | 6 | gemfile: 7 | - Gemfile 8 | - spec/support/gemfiles/Gemfile.chef11 9 | 10 | env: 11 | - RUBYOPT=W0 12 | 13 | before_script: 14 | - ln -s chef-openvpn ../openvpn 15 | - cd spec/support/; librarian-chef install; cd ../.. 16 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'chef', '~> 10.0' 4 | 5 | gem 'rake' 6 | gem 'foodcritic', '~> 3.0', :platform => :ruby_19 7 | gem 'chefspec', '~> 2.0' 8 | gem 'librarian-chef', :platform => :ruby_19 9 | 10 | gem 'guard-rspec', require: false 11 | gem 'rb-readline', require: false 12 | 13 | #gem 'test-kitchen', :platform => :ruby_19 14 | -------------------------------------------------------------------------------- /Guardfile: -------------------------------------------------------------------------------- 1 | 2 | guard 'rspec', :all_after_pass => false, :all_on_start => false do 3 | # general pathes for cookbooks 4 | watch(%r{^attributes/(.+)\.rb$}) { "spec" } 5 | watch(%r{^files/(.+)\.rb$}) { "spec" } 6 | watch(%r{^libraries/(.+)\.rb$}) { "spec" } 7 | watch(%r{^templates/(.+)\.rb$}) { "spec" } 8 | 9 | # directly related to a specific recipe 10 | watch(%r{^recipes/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" } 11 | watch(%r{^spec/(.+)_spec\.rb$}) { |m| "spec/#{m[1]}_spec.rb" } 12 | 13 | # general pathes for rspec 14 | watch(%r{^spec/support/(.+)\.rb$}) { "spec" } 15 | watch('spec/spec_helper.rb') { "spec" } 16 | end 17 | 18 | # load Guardfile.local 19 | local_guardfile = File.dirname(__FILE__) + "/Guardfile.local" 20 | if File.file?(local_guardfile) 21 | self.instance_eval(Bundler.read_file(local_guardfile)) 22 | end 23 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # chef-openvpn 2 | 3 | [![Build Status](https://travis-ci.org/cmur2/chef-openvpn.png)](https://travis-ci.org/cmur2/chef-openvpn) 4 | 5 | ## Description 6 | 7 | A multi-configuration OpenVPN client/server cookbook featuring IPv6 support and easy generation of client configuration files. 8 | 9 | ## Usage 10 | 11 | Include `recipe[openvpn::default]` in your `run_list` and do further configuration via node attributes. To automatically generate client configuration file stubs include `recipe[openvpn::users]`. With `recipe[openvpn::logrotate]` your logs (of all OpenVPN configurations) will be automatically rotated if the logrotate cookbook is present. To setup one or multiple OpenVPN clients use `recipe[openvpn::client]`. 12 | 13 | For full, out-of-the-box IPv6 support you will need OpenVPN 2.3 or higher which is not available on older versions of Debian and Ubuntu - therefore and for those who only want more recent OpenVPN packages on their system the `recipe[openvpn::use_community_repos]` registers new APT repositories maintained by the OpenVPN community (needs the apt cookbook). 14 | 15 | ## Requirements 16 | 17 | ### Platform 18 | 19 | It should work on all OSes that provide a (recent, versions above 2.0) openvpn package. 20 | 21 | For supported Chef/Ruby version see [Travis](https://travis-ci.org/cmur2/chef-openvpn). 22 | 23 | ## Recipes 24 | 25 | ### default 26 | 27 | Configures and starts an OpenVPN server for each configuration (config_name => config_hash mappings) found in `node['openvpn']['configs']`. A configuration may contain several options (most of them being required as long as not stated otherwise) such as: 28 | 29 | * `config['port']` - port number the server listens on 30 | * `config['proto']` - 'udp' or 'tcp' 31 | * `config['dev']` - 'tun', 'tap' or a specific device like 'tun0' 32 | * `config['mode']` - 'routed' (uses server directive) or 'bridged' (uses server-bridge directive) 33 | * `config['remote_host']` - host name that clients can use to reach the server 34 | * `config['remote_port']` - port that clients can use to reach the server (may be omitted, defaults to `config['port']`) 35 | * `config['topology']` - the topology to use in 'routed' mode 36 | * `config['subnet']` - the IPv4 subnet (*don't* use CIDR here) used for VPN addresses in 'routed' mode 37 | * `config['subnet6']` - the IPv6 subnet (use CIDR here) used for VPN addresses in 'routed' mode - requires OpenVPN 2.3 or higher 38 | * `config['server_ip']` - the server's VPN address in 'bridged' mode 39 | * `config['dhcp_start']` - the lower bound for DHCP addresses in 'bridged' mode 40 | * `config['dhcp_end']` - the upper bound for DHCP addresses in 'bridged' mode 41 | * `config['netmask']` - the VPN internal IPv4 netmask, applies for 'routed' and 'bridged' mode 42 | * `config['auth']['type']` - 'cert', 'cert_passwd' or 'passwd' - combines client certificates and/or user passwords if enabled 43 | * `config['dh_keysize']` - may be omitted, if specified will be the number of bits generated for the Diffie Hellman key file, if missing a cookbook_file has to be provided 44 | * `config['file_cookbook']` - may be omitted, if specified will be used as the name of a cookbook where certificates and key file will be loaded from instead of the current cookbook 45 | * `config['redirect_gateway']` - may be omitted, if specified and true pushes redirect-gateway option to clients 46 | * `config['push_dns_server']` - may be omitted, if specified pushes the DNS specified server to clients 47 | * `config['allow_duplicate_cn']` - may be omitted, if specified and true allows duplicate common names of clients 48 | * `config['allow_client_to_client']` - may be omitted, if specified and true allows client-to-client traffic 49 | * `config['comp_lzo']` - may be omitted, if specified and true enables compression (must match client setting) 50 | * `config['keepalive_interval']` - may be omitted, if specified together with `config['keepalive_timeout']` enables the keepalive setting with specified interval 51 | * `config['keepalive_timeout']` - may be omitted, if specified together with `config['keepalive_interval']` enables the keepalive setting with specified timeout 52 | * `config['tls_cipher_algos']` - may be omitted, if specified sets the list of allowable TLS ciphers (must match client setting) 53 | * `config['cipher_algo']` - may be omitted, if specified sets the cipher, e.g. AES-256-CBC (must match client setting) 54 | * `config['keysize']` - may be omitted, if specified sets the keysize for variable ciphers (must match client setting) 55 | * `config['auth_algo']` - may be omitted, if specified sets the auth, e.g. SHA256 (must match client setting) 56 | * `config['push']` - array of generic push directives to include into the config 57 | * `config['routes']` - array of route specifications 58 | 59 | There are no defaults for this attributes so missing specific attributes may lead to errors. 60 | 61 | Example node configuration: 62 | 63 | ```ruby 64 | 'openvpn': { 65 | 'community_repo_flavor': 'snapshots', 66 | 'configs': { 67 | 'openvpn6': { 68 | 'port': 1194, 69 | 'proto': 'udp', 70 | 'dev': 'tun', 71 | 'mode': 'routed', 72 | 'remote_host': 'vpn.example.org', 73 | 'subnet': '10.8.0.0', 74 | 'subnet6': '2001:0db8:0:0::0/64', 75 | 'netmask': '255.255.0.0', 76 | 'auth': { 77 | 'type': 'passwd' 78 | }, 79 | 'allow_duplicate_cn': true, 80 | 'push': [ 81 | 'route 192.168.10.0 255.255.255.0' 82 | ], 83 | 'routes': [ 84 | '192.168.40.128 255.255.255.248' 85 | ] 86 | } 87 | } 88 | } 89 | ``` 90 | 91 | The certificate files needed for the server should be placed in the cookbook's files directory (or via an overlay site-cookbooks directory that leaves the original cookbook untouched) as follows: 92 | 93 | * *config_name*-ca.crt - certificate authority (CA) file in .pem format 94 | * *config_name*.crt - local peer's signed certificate in .pem format 95 | * *config_name*.key - local peer's private key in .pem format 96 | * optional: *config_name*-dh.pem - file containing Diffie Hellman parameters in .pem format (needed only if config['dh_keysize'] is missing) 97 | 98 | Each authentication mode requires you to specify your users database in a data_bag named *config_name*-users (dots transformed to underscores) that contains one item per user (id is the username). A user's password is stored at the 'pass' key. 99 | 100 | Example data_bag: 101 | 102 | ```json 103 | { 104 | "id": "foo", 105 | "pass": "secret" 106 | } 107 | ``` 108 | 109 | The recipe also generates a `ccd` (client config directory) and populates it with per-client information found in the data_bag mentioned above. Supported data_bag keys: 110 | 111 | * `'ifconfig-push'`: value is the ifconfig to push (varies between point-to-point and bridged modes!) 112 | * `'push'`: value is either an array of push directives or a single push directive as a string 113 | * `'push-reset'`: if true places a push-reset in the client config 114 | * `'iroute'`: value is either an array of routes to announce or a single route as a string 115 | 116 | Example data_bag: 117 | 118 | ```json 119 | { 120 | "id": "foo", 121 | "ifconfig-push": "10.8.0.6 10.8.0.5", 122 | "iroute": "192.168.40.128 255.255.255.248", 123 | "push": [ 124 | "redirect-gateway" 125 | ] 126 | } 127 | ``` 128 | 129 | ### users 130 | 131 | Generates OpenVPN configuration stub files in a subdirectory of the configuration's directory on the server. All known options will be prefilled but in a client OS-independent manner (e.g. for windows clients some options are missing). Plans are to extend this to even generate Windows-specific or Tunnelblick-specific files. 132 | Next to the configuration file all needed certificates and keys are stored. 133 | 134 | This recipe will generate the user's configuration files in the *users* subdirectory of the server configuration directory it belongs to. 135 | It requires a data_bag named *config_name*-users (dots transformed to underscores) that contains one item per user and the following cookbook files per user: 136 | 137 | * *config_name*-ca.crt - server's CA certificate (may/should be present for the server config too) 138 | * *config_name*-*user_name*.crt - client's signed certificate in .pem format 139 | * *config_name*-*user_name*.key - client's private key in .pem format 140 | 141 | The **username** comes from the 'name' property of each item if given, else the data_bag ID (which sufferes from some limitation, e.g. underscores are not allowed) will be used automatically as username. 142 | 143 | ### client 144 | 145 | The is completely seperated from the default (server) recipe and can be used standalone. It configures and starts an OpenVPN client for each configuration (client_config_name => config_hash) found in `node['openvpn']['client_configs']`. A configuration may contain several options such as: 146 | 147 | * `config['user_name']` - the user_name the server awaits (used for identifying need cert and key files) 148 | * `config['auth']['type']` - 'cert', 'cert_passwd' or 'passwd' - combines client certificates with user passwords if enabled 149 | * `config['file_cookbook']` - may be omitted, if specified will be used as the name of a cookbook where certificates and key file will be loaded from instead of the current cookbook 150 | 151 | The certificate files should be placed in the cookbook's files directory (or via an overlay site-cookbooks directory that leaves the original cookbook untouched) as follows: 152 | 153 | * *config_name*-*user_name*.conf - configuration file for this client (manually crafted or generated via users recipe) 154 | * *config_name*-ca.crt - server's CA certificate 155 | * *config_name*-*user_name*.crt - client's signed certificate in .pem format 156 | * *config_name*-*user_name*.key - client's private key in .pem format 157 | 158 | ### use_community_repos 159 | 160 | When run on supported platforms (Debian, Ubuntu) adds a new APT repository that uses the OpenVPN community repos. For Debian Lenny and Ubuntu Lucid (2. gen, relying on the old [repos.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos#Notesonoldaptyumrepositories)) you may choose between the two flavors stable (default) or snapshots, for newer OSes there is only one repository using the new, 3. gen [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos). 161 | 162 | * `node['openvpn']['community_repo_flavor']` - 'stable' or 'snapshots' (default is 'snapshots') 163 | 164 | ### logrotate 165 | 166 | Adds a OpenVPN specific logrotate configuration when logrotate cookbook is found. No attributes needed. 167 | 168 | ## License 169 | 170 | chef-openvpn is licensed under the Apache License, Version 2.0. See LICENSE for more information. 171 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | 2 | # use rspec 3 | require 'rspec/core/rake_task' 4 | 5 | RSpec::Core::RakeTask.new(:spec) do |task| 6 | # exclude spec files from other cookbooks 7 | task.pattern = FileList['spec/**/*_spec.rb'].exclude('spec/support/**/*_spec.rb') 8 | end 9 | 10 | # try to use foodcritic 11 | begin 12 | require 'foodcritic' 13 | 14 | FoodCritic::Rake::LintTask.new do |task| 15 | task.options = { :fail_tags => [ 'any' ], :tags => [ '~FC007' ] } 16 | end 17 | 18 | task :default => [ :foodcritic, :spec ] 19 | rescue LoadError 20 | task :default => [ :spec ] 21 | end 22 | -------------------------------------------------------------------------------- /attributes/default.rb: -------------------------------------------------------------------------------- 1 | default[:openvpn][:configs] = {} 2 | default[:openvpn][:client_configs] = {} -------------------------------------------------------------------------------- /attributes/use_community_repos.rb: -------------------------------------------------------------------------------- 1 | default[:openvpn][:community_repo_flavor] = "stable" 2 | -------------------------------------------------------------------------------- /files/default/tests/minitest/default_test.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path('../support/helpers', __FILE__) 2 | 3 | describe 'openvpn::default' do 4 | include Helpers::OpenVPN 5 | 6 | it 'installs openvpn' do 7 | package('openvpn').must_be_installed 8 | end 9 | 10 | it 'creates openvpn user and group' do 11 | user('openvpn').must_exist 12 | group('openvpn').must_exist 13 | end 14 | 15 | it 'creates log directory' do 16 | directory('/var/log/openvpn').must_exist 17 | end 18 | 19 | it 'starts openvpn service per configuration' do 20 | service('openvpn').must_be_running 21 | end 22 | 23 | it 'enables openvpn service' do 24 | service('openvpn').must_be_enabled 25 | end 26 | 27 | it 'creates .conf file per configuration' do 28 | configs.each do |config_name| 29 | config_file(config_name).must_exist 30 | end 31 | end 32 | 33 | it 'creates conf directory per configuration' do 34 | configs.each do |config_name| 35 | config_dir(config_name).must_exist 36 | end 37 | end 38 | 39 | it 'creates necessary cert/key files per configuration' do 40 | configs.each do |config_name| 41 | config_sub_file(config_name, "#{config_name}-dh.pem") 42 | config_sub_file(config_name, "#{config_name}-ca.crt") 43 | config_sub_file(config_name, "#{config_name}.crt") 44 | config_sub_file(config_name, "#{config_name}.key") 45 | end 46 | end 47 | 48 | it 'creates authentication script if needed' do 49 | config_sub_file('test1', 'auth.rb') 50 | config_sub_file('test2', 'auth.rb') 51 | end 52 | end 53 | -------------------------------------------------------------------------------- /files/default/tests/minitest/support/helpers.rb: -------------------------------------------------------------------------------- 1 | module Helpers 2 | module OpenVPN 3 | require 'chef/mixin/shell_out' 4 | include Chef::Mixin::ShellOut 5 | include MiniTest::Chef::Assertions 6 | include MiniTest::Chef::Context 7 | include MiniTest::Chef::Resources 8 | 9 | def configs 10 | ['test1', 'test2', 'test3'] 11 | end 12 | 13 | def config_file(config_name) 14 | file("/etc/openvpn/#{config_name}.conf") 15 | end 16 | 17 | def config_dir(config_name) 18 | directory("/etc/openvpn/#{config_name}") 19 | end 20 | 21 | def config_sub_file(config_name, sub_file) 22 | file("/etc/openvpn/#{config_name}/#{sub_file}") 23 | end 24 | end 25 | end 26 | -------------------------------------------------------------------------------- /metadata.rb: -------------------------------------------------------------------------------- 1 | name "openvpn" 2 | maintainer "Christian Nicolai" 3 | maintainer_email "cn@mycrobase.de" 4 | license "Apache 2.0" 5 | description "A multi-configuration OpenVPN server cookbook featuring IPv6 support and easy setup of client files." 6 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 7 | version "3.0.2" 8 | 9 | suggests "logrotate" # for openvpn::logrotate 10 | suggests "apt" # for openvpn::use_community_repos 11 | 12 | supports "debian" 13 | supports "ubuntu" 14 | -------------------------------------------------------------------------------- /recipes/client.rb: -------------------------------------------------------------------------------- 1 | 2 | package "openvpn" 3 | 4 | # create openvpn user and group 5 | user "openvpn" 6 | group "openvpn" do 7 | members ["openvpn"] 8 | end 9 | 10 | directory "/var/log/openvpn" do 11 | owner "root" 12 | group "root" 13 | mode 00755 14 | end 15 | 16 | # setup each client_config 17 | configurtions = node[:openvpn][:client_configs] 18 | configurtions.each do |config_name,config| 19 | 20 | # user_name required for given vpn server/config 21 | user_name = config[:user_name] 22 | 23 | cookbook_file "/etc/openvpn/#{config_name}-#{user_name}-ca.crt" do 24 | source "#{config_name}-ca.crt" 25 | owner "root" 26 | group "openvpn" 27 | mode 00640 28 | cookbook config[:file_cookbook] if config[:file_cookbook] 29 | end 30 | 31 | if (config[:auth][:type] == "cert") or (config[:auth][:type] == "cert_passwd") 32 | cookbook_file "/etc/openvpn/#{config_name}-#{user_name}.crt" do 33 | source "#{config_name}-#{user_name}.crt" 34 | owner "root" 35 | group "openvpn" 36 | mode 00640 37 | cookbook config[:file_cookbook] if config[:file_cookbook] 38 | end 39 | 40 | cookbook_file "/etc/openvpn/#{config_name}-#{user_name}.key" do 41 | source "#{config_name}-#{user_name}.key" 42 | owner "root" 43 | group "openvpn" 44 | mode 00600 # not group or others accesible 45 | cookbook config[:file_cookbook] if config[:file_cookbook] 46 | end 47 | end 48 | 49 | cookbook_file "/etc/openvpn/#{config_name}-#{user_name}.conf" do 50 | source "#{config_name}-#{user_name}.conf" 51 | owner "root" 52 | group "openvpn" 53 | mode 00640 54 | notifies :restart, "service[openvpn]" 55 | cookbook config[:file_cookbook] if config[:file_cookbook] 56 | end 57 | end 58 | 59 | service "openvpn" do 60 | action [:enable, :start] 61 | end 62 | -------------------------------------------------------------------------------- /recipes/default.rb: -------------------------------------------------------------------------------- 1 | 2 | # TODO: pushing routes 3 | # TODO: cert files as cookbook files 4 | # TODO: better client configs 5 | 6 | package "openvpn" 7 | 8 | # create openvpn user and group 9 | user "openvpn" 10 | group "openvpn" do 11 | members ["openvpn"] 12 | end 13 | 14 | directory "/var/log/openvpn" do 15 | owner "root" 16 | group "root" 17 | mode 00755 18 | end 19 | 20 | # setup each config 21 | configurtions = node[:openvpn][:configs] 22 | configurtions.each do |config_name,config| 23 | 24 | if config[:mode] == "routed" and config[:subnet6] and not config[:subnet] 25 | raise "OpenVPN configuration '#{config_name}': You need to specify an IPv4 subnet too when using an IPv6 subnet!" 26 | end 27 | 28 | directory "/etc/openvpn/#{config_name}" do 29 | owner "root" 30 | group "openvpn" 31 | mode 00770 32 | end 33 | 34 | # client-config-directory 35 | directory "/etc/openvpn/#{config_name}/ccd" do 36 | owner "root" 37 | group "openvpn" 38 | mode 00770 39 | end 40 | 41 | if config[:dh_keysize] 42 | unless ::File.exists?("/etc/openvpn/#{config_name}/#{config_name}-dh.pem") 43 | require 'openssl' 44 | file "/etc/openvpn/#{config_name}/#{config_name}-dh.pem" do 45 | content OpenSSL::PKey::DH.new(config[:dh_keysize]).to_s 46 | owner "root" 47 | group "openvpn" 48 | mode 00640 49 | end 50 | end 51 | else 52 | cookbook_file "/etc/openvpn/#{config_name}/#{config_name}-dh.pem" do 53 | source "#{config_name}-dh.pem" 54 | owner "root" 55 | group "openvpn" 56 | mode 00640 57 | cookbook config[:file_cookbook] if config[:file_cookbook] 58 | end 59 | end 60 | 61 | cookbook_file "/etc/openvpn/#{config_name}/#{config_name}-ca.crt" do 62 | source "#{config_name}-ca.crt" 63 | owner "root" 64 | group "openvpn" 65 | mode 00640 66 | cookbook config[:file_cookbook] if config[:file_cookbook] 67 | end 68 | 69 | cookbook_file "/etc/openvpn/#{config_name}/#{config_name}.crt" do 70 | source "#{config_name}.crt" 71 | owner "root" 72 | group "openvpn" 73 | mode 00640 74 | cookbook config[:file_cookbook] if config[:file_cookbook] 75 | end 76 | 77 | cookbook_file "/etc/openvpn/#{config_name}/#{config_name}.key" do 78 | source "#{config_name}.key" 79 | owner "root" 80 | group "openvpn" 81 | mode 00600 # not group or others accesible 82 | cookbook config[:file_cookbook] if config[:file_cookbook] 83 | end 84 | 85 | if (config[:auth][:type] == "cert_passwd") or (config[:auth][:type] == "passwd") 86 | # read users from data bag 87 | users = {} 88 | users_databag_name = "#{config_name}-users".gsub(/\./, '_') 89 | data_bag(users_databag_name).each do |item_name| 90 | user = data_bag_item(users_databag_name, item_name) 91 | # use name property if given, else fall back to id 92 | user_name = user['name'] ? user['name'] : user['id'] 93 | users[user_name] = user['pass'] 94 | end 95 | 96 | template "/etc/openvpn/#{config_name}/auth.rb" do 97 | source "auth.rb.erb" 98 | variables :users => users 99 | owner "root" 100 | group "openvpn" 101 | mode 00750 102 | end 103 | end 104 | 105 | # try to find client config information in data bag 106 | users_databag_name = "#{config_name}-users".gsub(/\./, '_') 107 | data_bag(users_databag_name).each do |item_name| 108 | user = data_bag_item(users_databag_name, item_name) 109 | # use name property if given, else fall back to id 110 | user_name = user['name'] ? user['name'] : user['id'] 111 | 112 | lines = [] 113 | 114 | lines << "ifconfig-push #{user['ifconfig-push']}" if user.key? 'ifconfig-push' 115 | 116 | if user.key? 'push' 117 | if user['push'].is_a? Array 118 | user['push'].each do |directive| lines << "push #{directive}" end 119 | else 120 | lines << "push #{user['push'].to_s}" 121 | end 122 | end 123 | 124 | lines << "push-reset" if user['push-reset'] 125 | 126 | if user.key? 'iroute' 127 | if user['iroute'].is_a? Array 128 | user['iroute'].each do |route| lines << "iroute #{route}" end 129 | else 130 | lines << "iroute #{user['iroute'].to_s}" 131 | end 132 | end 133 | 134 | # force trailing newline 135 | lines << '' 136 | 137 | file "/etc/openvpn/#{config_name}/ccd/#{user_name}" do 138 | content lines.join("\n") 139 | owner "root" 140 | group "openvpn" 141 | mode 00640 142 | notifies :restart, "service[openvpn]" 143 | only_if { lines.size > 1 } 144 | end 145 | end 146 | 147 | template "/etc/openvpn/#{config_name}.conf" do 148 | source "server.conf.erb" 149 | variables :config_name => config_name, :config => config 150 | owner "root" 151 | group "openvpn" 152 | mode 00640 153 | notifies :restart, "service[openvpn]" 154 | end 155 | end 156 | 157 | service "openvpn" do 158 | action [:enable, :start] 159 | end 160 | -------------------------------------------------------------------------------- /recipes/logrotate.rb: -------------------------------------------------------------------------------- 1 | 2 | begin 3 | include_recipe "logrotate" 4 | 5 | logs = [] 6 | node[:openvpn][:configs].each do |config_name,config| 7 | logs << "/var/log/openvpn/#{config_name}.log" 8 | end 9 | node[:openvpn][:client_configs].each do |config_name,config| 10 | logs << "/var/log/openvpn/#{config_name}.log" 11 | end 12 | 13 | logrotate_app "openvpn" do 14 | cookbook "logrotate" 15 | path logs 16 | options ["missingok", "compress", "copytruncate"] 17 | frequency "weekly" 18 | create "600 root root" 19 | rotate 4 20 | end 21 | rescue 22 | Chef::Log.error "openvpn::logrotate requires the logrotate cookbook!" 23 | end 24 | -------------------------------------------------------------------------------- /recipes/use_community_repos.rb: -------------------------------------------------------------------------------- 1 | 2 | flavor = node[:openvpn][:community_repo_flavor] 3 | 4 | case node[:platform] 5 | when "debian" 6 | case node[:platform_version].to_i 7 | when 7 8 | apt_repository "openvpn-wheezy" do 9 | uri "http://build.openvpn.net/debian/openvpn/release/2.3" 10 | components ["wheezy", "main"] 11 | key "https://swupdate.openvpn.net/repos/repo-public.gpg" 12 | end 13 | when 8 14 | apt_repository "openvpn-jessie" do 15 | uri "http://build.openvpn.net/debian/openvpn/release/2.3" 16 | components ["jessie", "main"] 17 | key "https://swupdate.openvpn.net/repos/repo-public.gpg" 18 | end 19 | end 20 | when "ubuntu" 21 | case node[:platform_version] 22 | when "12.04" 23 | apt_repository "openvpn-precise" do 24 | uri "http://build.openvpn.net/debian/openvpn/release/2.3" 25 | components ["precise", "main"] 26 | key "https://swupdate.openvpn.net/repos/repo-public.gpg" 27 | end 28 | when "14.04" 29 | apt_repository "openvpn-trusty" do 30 | uri "http://build.openvpn.net/debian/openvpn/release/2.3" 31 | components ["trusty", "main"] 32 | key "https://swupdate.openvpn.net/repos/repo-public.gpg" 33 | end 34 | when "16.04" 35 | apt_repository "openvpn-xenial" do 36 | uri "http://build.openvpn.net/debian/openvpn/release/2.3" 37 | components ["xenial", "main"] 38 | key "https://swupdate.openvpn.net/repos/repo-public.gpg" 39 | end 40 | end 41 | end 42 | -------------------------------------------------------------------------------- /recipes/users.rb: -------------------------------------------------------------------------------- 1 | 2 | # setup each config 3 | configurtions = node[:openvpn][:configs] 4 | configurtions.each do |config_name,config| 5 | 6 | directory "/etc/openvpn/#{config_name}/users" do 7 | owner "root" 8 | group "openvpn" 9 | mode 00750 10 | end 11 | 12 | users_databag_name = "#{config_name}-users".gsub(/\./, '_') 13 | data_bag(users_databag_name).each do |item| 14 | user = data_bag_item(users_databag_name, item) 15 | # use name property if given, else fall back to id 16 | user_name = user['name'] ? user['name'] : user['id'] 17 | 18 | cookbook_file "/etc/openvpn/#{config_name}/users/#{config_name}-#{user_name}-ca.crt" do 19 | source "#{config_name}-ca.crt" 20 | owner "root" 21 | group "openvpn" 22 | mode 00640 23 | cookbook config[:file_cookbook] if config[:file_cookbook] 24 | end 25 | 26 | if (config[:auth][:type] == "cert") or (config[:auth][:type] == "cert_passwd") 27 | cookbook_file "/etc/openvpn/#{config_name}/users/#{config_name}-#{user_name}.crt" do 28 | source "#{config_name}-#{user_name}.crt" 29 | owner "root" 30 | group "openvpn" 31 | mode 00640 32 | cookbook config[:file_cookbook] if config[:file_cookbook] 33 | end 34 | 35 | cookbook_file "/etc/openvpn/#{config_name}/users/#{config_name}-#{user_name}.key" do 36 | source "#{config_name}-#{user_name}.key" 37 | owner "root" 38 | group "openvpn" 39 | mode 00600 # not group or others accesible 40 | cookbook config[:file_cookbook] if config[:file_cookbook] 41 | end 42 | end 43 | 44 | template "/etc/openvpn/#{config_name}/users/#{config_name}-#{user_name}.conf" do 45 | source "client.conf.erb" 46 | variables :config_name => config_name, :config => config, :user_name => user_name 47 | owner "root" 48 | group "openvpn" 49 | mode 00640 50 | end 51 | end 52 | end 53 | -------------------------------------------------------------------------------- /spec/client_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'openvpn::client' do 4 | let(:chef_runner) do 5 | runner = ChefSpec::ChefRunner.new(:cookbook_path => cb_path) 6 | runner.node.set['openvpn']['client_configs'] = client_configs 7 | runner 8 | end 9 | 10 | let(:chef_run) do 11 | chef_runner.converge 'openvpn::client' 12 | end 13 | 14 | before do 15 | Chef::Config[:data_bag_path] = 'spec/support/data_bags' 16 | end 17 | 18 | it 'installs openvpn' do 19 | expect(chef_run).to install_package 'openvpn' 20 | end 21 | 22 | it 'creates openvpn user and group' do 23 | expect(chef_run).to create_user 'openvpn' 24 | expect(chef_run).to create_group 'openvpn' 25 | end 26 | 27 | it 'creates log directory' do 28 | expect(chef_run).to create_directory '/var/log/openvpn' 29 | end 30 | 31 | it 'enables and starts openvpn' do 32 | expect(chef_run).to start_service 'openvpn' 33 | expect(chef_run).to set_service_to_start_on_boot 'openvpn' 34 | end 35 | 36 | client_configs.keys.each do |config_name| 37 | context "for config #{config_name}" do 38 | it 'creates .conf file' do 39 | expect(chef_run).to create_file_with_content "/etc/openvpn/#{config_name}-foo.conf", "" 40 | end 41 | 42 | it 'creates necessary cert/key files if needed' do 43 | if config_name == 'test12' or config_name == 'test13' 44 | expect(chef_run).to create_file_with_content "/etc/openvpn/#{config_name}-foo-ca.crt", "" 45 | expect(chef_run).to create_file_with_content "/etc/openvpn/#{config_name}-foo.crt", "" 46 | expect(chef_run).to create_file_with_content "/etc/openvpn/#{config_name}-foo.key", "" 47 | end 48 | end 49 | end 50 | end 51 | end 52 | -------------------------------------------------------------------------------- /spec/default_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'openvpn::default' do 4 | let(:chef_runner) do 5 | runner = ChefSpec::ChefRunner.new(:cookbook_path => cb_path) 6 | runner.node.set['openvpn']['configs'] = configs 7 | runner 8 | end 9 | 10 | let(:chef_run) do 11 | chef_runner.converge 'openvpn::default' 12 | end 13 | 14 | before do 15 | Chef::Config[:data_bag_path] = 'spec/support/data_bags' 16 | end 17 | 18 | it 'installs openvpn' do 19 | expect(chef_run).to install_package 'openvpn' 20 | end 21 | 22 | it 'creates openvpn user and group' do 23 | expect(chef_run).to create_user 'openvpn' 24 | expect(chef_run).to create_group 'openvpn' 25 | end 26 | 27 | it 'creates log directory' do 28 | expect(chef_run).to create_directory '/var/log/openvpn' 29 | end 30 | 31 | it 'enables and starts openvpn' do 32 | expect(chef_run).to start_service 'openvpn' 33 | expect(chef_run).to set_service_to_start_on_boot 'openvpn' 34 | end 35 | 36 | configs.keys.each do |config_name| 37 | context "for config #{config_name}" do 38 | it 'creates .conf file' do 39 | expect(chef_run).to create_file_with_content config_file(config_name), "" 40 | end 41 | 42 | it 'creates conf directory' do 43 | expect(chef_run).to create_directory config_dir(config_name) 44 | end 45 | 46 | it 'creates the client-config-directory (ccd)' do 47 | expect(chef_run).to create_directory "/etc/openvpn/#{config_name}/ccd" 48 | end 49 | 50 | it 'creates necessary cert/key files' do 51 | expect(chef_run).to create_file_with_content config_sub_file(config_name, "#{config_name}-dh.pem"), "" 52 | expect(chef_run).to create_file_with_content config_sub_file(config_name, "#{config_name}-ca.crt"), "" 53 | expect(chef_run).to create_file_with_content config_sub_file(config_name, "#{config_name}.crt"), "" 54 | expect(chef_run).to create_file_with_content config_sub_file(config_name, "#{config_name}.key"), "" 55 | end 56 | 57 | it 'creates authentication script if needed' do 58 | expect(chef_run).to create_file_with_content config_sub_file(config_name, 'auth.rb'), "" if config_name != "test3" 59 | end 60 | 61 | it 'creates client-config-entries per user' do 62 | expect(chef_run).to create_file_with_content config_sub_file(config_name, 'ccd/foo'), "" 63 | end 64 | end 65 | end 66 | end 67 | -------------------------------------------------------------------------------- /spec/logrotate_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'openvpn::logrotate' do 4 | let(:chef_runner) do 5 | ChefSpec::ChefRunner.new(:cookbook_path => cb_path, :step_into => ['logrotate_app']) 6 | end 7 | 8 | let(:chef_run) do 9 | chef_runner.converge 'logrotate', 'openvpn::logrotate' 10 | end 11 | 12 | it 'creates openvpn logrotate config' do 13 | expect(chef_run).to create_file_with_content "/etc/logrotate.d/openvpn", "" 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | 2 | require 'chefspec' 3 | require 'support/helpers' 4 | -------------------------------------------------------------------------------- /spec/support/Cheffile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | site 'http://community.opscode.com/api/v1' 4 | 5 | cookbook 'logrotate' 6 | 7 | cookbook 'apt', 8 | :git => 'https://github.com/opscode-cookbooks/apt', 9 | :ref => '1.10.0' 10 | -------------------------------------------------------------------------------- /spec/support/data_bags/test1-users/foo.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "foo", 3 | "ifconfig-push": "10.8.0.6 10.8.0.5" 4 | } 5 | -------------------------------------------------------------------------------- /spec/support/data_bags/test2-users/foo.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "foo", 3 | "ifconfig-push": "10.9.0.6 10.9.0.5" 4 | } 5 | -------------------------------------------------------------------------------- /spec/support/data_bags/test3-users/foo.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "foo", 3 | "ifconfig-push": "10.10.0.6 10.10.0.5" 4 | } 5 | -------------------------------------------------------------------------------- /spec/support/gemfiles/Gemfile.chef11: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'chef', '~> 11.0' 4 | 5 | gem 'rake' 6 | gem 'foodcritic', '~> 3.0', :platform => :ruby_19 7 | gem 'chefspec', '~> 2.0' 8 | gem 'librarian-chef', :platform => :ruby_19 9 | 10 | #gem 'test-kitchen', :platform => :ruby_19 11 | -------------------------------------------------------------------------------- /spec/support/helpers.rb: -------------------------------------------------------------------------------- 1 | 2 | def cb_path 3 | [Pathname.new(File.join(File.dirname(__FILE__), '..', '..', '..')).cleanpath.to_s, 'spec/support/cookbooks', 'spec/support/my-cookbooks'] 4 | end 5 | 6 | def config_file(config_name) 7 | "/etc/openvpn/#{config_name}.conf" 8 | end 9 | 10 | def config_dir(config_name) 11 | "/etc/openvpn/#{config_name}" 12 | end 13 | 14 | def config_sub_file(config_name, sub_file) 15 | "/etc/openvpn/#{config_name}/#{sub_file}" 16 | end 17 | 18 | def configs 19 | { 20 | 'test1' => { 21 | :port => 1194, 22 | :proto => 'udp', 23 | :dev => 'tun', 24 | :mode => 'routed', 25 | :remote_host => 'localhost', 26 | :subnet => '10.8.0.0', 27 | :netmask => '255.255.255.0', 28 | :auth => { 29 | :type => 'passwd' 30 | }, 31 | :file_cookbook => 'openvpn-files' 32 | }, 33 | 'test2' => { 34 | :port => 1195, 35 | :proto => 'udp', 36 | :dev => 'tun', 37 | :mode => 'routed', 38 | :remote_host => 'localhost', 39 | :subnet => '10.9.0.0', 40 | :netmask => '255.255.255.0', 41 | :auth => { 42 | :type => 'cert_passwd' 43 | }, 44 | :file_cookbook => 'openvpn-files' 45 | }, 46 | 'test3' => { 47 | :port => 1196, 48 | :proto => 'udp', 49 | :dev => 'tun', 50 | :mode => 'routed', 51 | :remote_host => 'localhost', 52 | :subnet => '10.10.0.0', 53 | :netmask => '255.255.255.0', 54 | :auth => { 55 | :type => 'cert' 56 | }, 57 | :file_cookbook => 'openvpn-files' 58 | } 59 | } 60 | end 61 | 62 | def client_configs 63 | { 64 | 'test11' => { 65 | :user_name => 'foo', 66 | :auth => { 67 | :type => 'passwd' 68 | }, 69 | :file_cookbook => 'openvpn-files' 70 | }, 71 | 'test12' => { 72 | :user_name => 'foo', 73 | :auth => { 74 | :type => 'cert_passwd' 75 | }, 76 | :file_cookbook => 'openvpn-files' 77 | }, 78 | 'test13' => { 79 | :user_name => 'foo', 80 | :auth => { 81 | :type => 'cert' 82 | }, 83 | :file_cookbook => 'openvpn-files' 84 | } 85 | } 86 | end 87 | -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test1-ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFEjCCA/qgAwIBAgIJAMhXQk8+fsSgMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD 3 | VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG 4 | A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p 5 | dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw 6 | HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTMwMjIxMjMwNDM3 7 | WhcNMjMwMjE5MjMwNDM3WjCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw 8 | EwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsG 9 | A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv 10 | biBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0 11 | Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUjipiJn 12 | Kfa81hjmfBP1OlNJfGIebMCNzrvvMhdrBUP+iEuv8hxd+Cv8O/3r/CxGBuHqYFU/ 13 | 05dF9guVeJ6q9wYFimRVjoMAvB6rHVBouLFO8bxtiKKmQ7R7lEVgyvAYuDeeiQmg 14 | pAqwEioSNTskEtLT0vHf5KPkHGtbHLlAWaeVOA41Ksfc46uSbz29jDvAHFECOU0U 15 | 8JXkUFZp+r/H0lw66al275TpO1JNaP4mKTzXRYKEseRIAwDeV20h+phrH331lguj 16 | 0g5gDVEohPR2zLfXmT4PxAaUffyr5nkM7lieKvVcnU3bF0ACJyGOC1b1YtkPKx5s 17 | DHpm3A/ZDnmc5QIDAQABo4IBHzCCARswHQYDVR0OBBYEFObotfzfLd8Y5hqr+ddX 18 | UEme4r/bMIHrBgNVHSMEgeMwgeCAFObotfzfLd8Y5hqr+ddXUEme4r/boYG8pIG5 19 | MIG2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5j 20 | aXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXph 21 | dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF 22 | YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQDIV0JP 23 | Pn7EoDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCER8yRCqsGfE1o 24 | q4f6aui1qqlS6y8oxr0B2xKYFOnvje8n/qjSdo3t8hmr+7HNgGV77O0H6lyYxVBs 25 | a3N7hHyTjAvGC6BSWtNFIcHV9FeJf8J3MV0skbVra9HaCSEZDym/6SDOQw4hEuQ6 26 | jc9udQkPniVDokcacdnU/ccCFSTH1VHnwzNf04/i8KhUgeoIrd2dnwwtjm/8/2hE 27 | Uuq5GT8k5YDHKbiy/Dtuq/Esgqc/ayqLgvJ29qjOCsyjEyhad09peNdsD9II1XEv 28 | +0zTpS77LD3pPWuUDF6SHO4imJ1uw/W+WX6rVq2uUiiyE1T/pjWXotMBNJ+5007p 29 | o0crd/Vq 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test1-dh.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAJyt319BBVXAAoFcua9P3L9Q9hC00vpqKHgFJhJrRB+JX7WbZdTqI2ED 3 | 5L5ZFXgL3P/qRcP3qx96WhXxo9Cjk1PRv5EtduOoYT2IA72n52uPcPYx8eTQazzV 4 | WybpOe5nFEpnCetkW6LzssEC/n94hsQrBDnDOIzlUs68thOtoRfjAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test1.crt: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 1 (0x1) 5 | Signature Algorithm: sha256WithRSAEncryption 6 | Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain 7 | Validity 8 | Not Before: Feb 21 23:05:34 2013 GMT 9 | Not After : Feb 19 23:05:34 2023 GMT 10 | Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server/name=EasyRSA/emailAddress=me@myhost.mydomain 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | RSA Public Key: (2048 bit) 14 | Modulus (2048 bit): 15 | 00:d4:b8:bd:8c:14:85:c7:af:e1:d1:e2:06:a6:43: 16 | aa:a6:18:f4:58:a1:72:8a:ee:15:b4:32:5e:d2:4c: 17 | ad:71:67:20:d3:eb:4e:86:62:51:e8:ef:63:10:77: 18 | c2:f7:0e:85:94:a6:34:f5:97:bd:8d:31:2a:98:71: 19 | 20:49:90:b0:71:87:3e:05:1a:f6:20:a6:3c:f6:83: 20 | 01:fc:68:a5:0b:2e:dc:c9:40:94:50:61:66:56:cf: 21 | 19:e1:b7:79:6d:ec:7c:99:3c:89:51:35:65:df:58: 22 | 54:d2:be:ff:3f:b0:8b:6c:01:79:4e:11:a2:f8:d0: 23 | 1e:18:f4:24:7e:a5:0a:d2:3b:75:42:95:04:88:dc: 24 | 11:ee:36:2e:13:de:a2:4e:7c:49:71:12:2d:23:d7: 25 | 79:68:78:ee:e8:b4:bc:42:df:21:a3:4b:cc:0d:48: 26 | 6e:fe:d0:2e:3e:54:25:65:a5:8c:31:4c:64:52:ba: 27 | d3:52:19:84:31:eb:58:69:21:21:f9:43:81:5e:98: 28 | 23:38:3e:0b:e4:26:26:b3:e8:81:e2:e5:92:56:aa: 29 | 30:83:c4:28:93:3f:00:7d:3f:aa:e9:ec:75:84:ee: 30 | fe:37:b5:08:25:2a:bf:7e:8d:f1:9e:8e:db:a7:80: 31 | 3e:d6:a7:8b:80:ce:f9:d6:eb:de:82:19:f3:a3:b6: 32 | c6:eb 33 | Exponent: 65537 (0x10001) 34 | X509v3 extensions: 35 | X509v3 Basic Constraints: 36 | CA:FALSE 37 | Netscape Cert Type: 38 | SSL Server 39 | Netscape Comment: 40 | Easy-RSA Generated Server Certificate 41 | X509v3 Subject Key Identifier: 42 | 18:32:6C:0C:1C:FB:8E:72:7E:6E:D8:46:1D:53:33:7C:C8:D1:FE:9C 43 | X509v3 Authority Key Identifier: 44 | keyid:E6:E8:B5:FC:DF:2D:DF:18:E6:1A:AB:F9:D7:57:50:49:9E:E2:BF:DB 45 | DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain 46 | serial:C8:57:42:4F:3E:7E:C4:A0 47 | 48 | X509v3 Extended Key Usage: 49 | TLS Web Server Authentication 50 | X509v3 Key Usage: 51 | Digital Signature, Key Encipherment 52 | Signature Algorithm: sha256WithRSAEncryption 53 | 66:0a:6c:54:17:92:ac:50:91:c7:8e:96:9f:3f:f4:21:f8:47: 54 | e6:63:a2:97:ce:8d:b7:97:89:2c:3d:d9:d7:fb:3c:09:38:b7: 55 | c1:4c:35:d2:01:9f:c8:0a:84:d2:02:ef:0e:a0:2d:51:c9:5c: 56 | 5a:da:da:f2:76:43:e1:b3:c9:15:8e:fe:53:b7:1b:32:70:82: 57 | 3b:ac:b8:3a:e0:00:d6:c0:53:99:48:1e:46:5d:33:40:6c:ed: 58 | 14:2a:2a:c5:32:c9:e7:9a:d8:e3:82:d3:b1:6a:54:00:94:96: 59 | a7:4a:af:48:6b:0a:0b:e8:06:74:40:0b:ae:5a:25:09:42:fe: 60 | 71:51:03:5b:7e:9e:43:fe:5a:f8:c1:4b:4b:55:d6:82:16:41: 61 | ec:23:75:33:3d:1c:81:bd:26:7a:36:0c:cd:f3:b6:74:e2:c4: 62 | 15:e9:ed:00:b5:f9:e4:b6:b3:59:dd:b9:be:cc:39:b2:9b:a6: 63 | e6:5b:e3:19:f7:fe:28:8e:0f:00:a9:3a:1c:ac:f1:06:19:06: 64 | 23:2e:24:7f:7d:e5:3b:11:56:a3:8f:aa:93:b8:1b:d9:b0:b2: 65 | cd:33:13:70:43:4c:14:7c:80:da:72:a7:6d:e5:3d:7a:f2:c4: 66 | 4b:93:70:5a:6e:22:c9:8b:ca:e8:cb:38:d6:13:db:0e:8f:cf: 67 | 4b:f1:b7:9d 68 | -----BEGIN CERTIFICATE----- 69 | MIIFaTCCBFGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx 70 | CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv 71 | cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV 72 | BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 73 | DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTEzMDIyMTIzMDUzNFoXDTIzMDIx 74 | OTIzMDUzNFowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM 75 | U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 76 | T3JnYW5pemF0aW9uYWxVbml0MQ8wDQYDVQQDEwZzZXJ2ZXIxEDAOBgNVBCkTB0Vh 77 | c3lSU0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCCASIwDQYJ 78 | KoZIhvcNAQEBBQADggEPADCCAQoCggEBANS4vYwUhcev4dHiBqZDqqYY9Fihcoru 79 | FbQyXtJMrXFnINPrToZiUejvYxB3wvcOhZSmNPWXvY0xKphxIEmQsHGHPgUa9iCm 80 | PPaDAfxopQsu3MlAlFBhZlbPGeG3eW3sfJk8iVE1Zd9YVNK+/z+wi2wBeU4RovjQ 81 | Hhj0JH6lCtI7dUKVBIjcEe42LhPeok58SXESLSPXeWh47ui0vELfIaNLzA1Ibv7Q 82 | Lj5UJWWljDFMZFK601IZhDHrWGkhIflDgV6YIzg+C+QmJrPogeLlklaqMIPEKJM/ 83 | AH0/qunsdYTu/je1CCUqv36N8Z6O26eAPtani4DO+dbr3oIZ86O2xusCAwEAAaOC 84 | AYcwggGDMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB 85 | DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud 86 | DgQWBBQYMmwMHPuOcn5u2EYdUzN8yNH+nDCB6wYDVR0jBIHjMIHggBTm6LX83y3f 87 | GOYaq/nXV1BJnuK/26GBvKSBuTCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB 88 | MRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEd 89 | MBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVu 90 | c3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlo 91 | b3N0Lm15ZG9tYWluggkAyFdCTz5+xKAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYD 92 | VR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQBmCmxUF5KsUJHHjpafP/Qh+Efm 93 | Y6KXzo23l4ksPdnX+zwJOLfBTDXSAZ/ICoTSAu8OoC1RyVxa2trydkPhs8kVjv5T 94 | txsycII7rLg64ADWwFOZSB5GXTNAbO0UKirFMsnnmtjjgtOxalQAlJanSq9IawoL 95 | 6AZ0QAuuWiUJQv5xUQNbfp5D/lr4wUtLVdaCFkHsI3UzPRyBvSZ6NgzN87Z04sQV 96 | 6e0AtfnktrNZ3bm+zDmym6bmW+MZ9/4ojg8AqTocrPEGGQYjLiR/feU7EVajj6qT 97 | uBvZsLLNMxNwQ0wUfIDacqdt5T168sRLk3BabiLJi8royzjWE9sOj89L8bed 98 | -----END CERTIFICATE----- 99 | -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test1.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEA1Li9jBSFx6/h0eIGpkOqphj0WKFyiu4VtDJe0kytcWcg0+tO 3 | hmJR6O9jEHfC9w6FlKY09Ze9jTEqmHEgSZCwcYc+BRr2IKY89oMB/GilCy7cyUCU 4 | UGFmVs8Z4bd5bex8mTyJUTVl31hU0r7/P7CLbAF5ThGi+NAeGPQkfqUK0jt1QpUE 5 | iNwR7jYuE96iTnxJcRItI9d5aHju6LS8Qt8ho0vMDUhu/tAuPlQlZaWMMUxkUrrT 6 | UhmEMetYaSEh+UOBXpgjOD4L5CYms+iB4uWSVqowg8Qokz8AfT+q6ex1hO7+N7UI 7 | JSq/fo3xno7bp4A+1qeLgM751uveghnzo7bG6wIDAQABAoIBAQCuJfQfuyluumIA 8 | Zq+U7G7HfkSETuAsNxATru0L8/RGk+w/MjPeNp3iOiD6+WDmy7+2W3+d1DU9YxQB 9 | KxQIxeh9eP/gRBtdzVq5YbV9g9oiVqIwLKt/Rs32oaQJsyA5StMSzImKr1GQUItY 10 | 4T6sUIdDy80Yib3HPvJ08WLzP4ClbMPCcWbfABpqoQZneYCK7ggAUN3ImS8YSQhq 11 | YHywEa16d8L9I6YCTbSS8vI34XrEXrihIlEx61FC6v1kaXPj4ETiyqO+CUSkrJlE 12 | tZt/8b4HFA2p17AeBUH/aNi2/ZY7AEoVaYlle+1MkBnacxrmj4ZLLfDXXGHevK+b 13 | fIL/VKRhAoGBAO2J3yBBF+zh5lGCTlYkFgi8bJ1Y5M4JcflTrtO9bFvAQRkwuT9m 14 | Zl9yjomISvzHW8UnLoAfiCg9/xjJG6zEAT4j1xzubSBrfsdarz8PDvKXrQ+sJp9D 15 | du4LkOIVv18mNlIAhl/CYDAW1lWJzCNR4VCYz3ZMF1W22h78LOLZDD0xAoGBAOVB 16 | GuLwChFPYaYzbKLP7RfHmW/ky3WiKQJrhZrg3dwWZ5/S+uZMHX1ki4B98QS71+4E 17 | qVabourGKL0nalQfH6DOUkcdOPdtv/94c/3BCbO14AFAVObKIMW2RIKuMb98GK61 18 | KJqQJFIg432DS4xAyW9aMwtzpXOQ7yYo8fao0c7bAoGACpgqnnqowYT1y87fBZKI 19 | dQ1KXt43HkVnkvI7ivAY5CK4BJKawIwlpr4qQ1IT3iBaJHnx5f8CCKFzPjzCAjuf 20 | vpDEqGKt9VM2DVgrFsnqJcHEEz3fXx0YMdfMN3k21tyScafaVm0J8zshhiEmPLEL 21 | NpgKMMGGDOmh4t3mdputoxECgYEA2eVheqUPzJgYhfGGpdDe1qU97x4VS79PHx+3 22 | Ixfrhw48e6n6Ev3xYYc5GG2bsRYhC/eeQ9U1qdOiUPavlzjlxN+VUEY0KOhFfrmr 23 | 9VmOsSKCwG22xI0FTSYKQ/LxEcEPbK5+4zlxbCYaUueB3NKPIqkmrxHCBe+RfkGY 24 | iQq4L9UCgYA7Zk3UVSdHh2PjAES2PXgIWevbT1L4Lr5w1Aqw21uaCB7K5ibRiaWm 25 | 4zgTjVY4+HAmzJSPTF/G4AjHHdVnbWMCsjUqDLvA5zrX+gPHCyVj5yjTF4npH1AN 26 | 3jz0ZiGxYoZ5LTdbNbeG12yEsojVg6pd+faW7mccVI8T7yrjrpbf3Q== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test11-ca.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test11-ca.crt -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test11-foo.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test11-foo.conf -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test12-ca.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test12-ca.crt -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test12-foo.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test12-foo.conf -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test12-foo.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test12-foo.crt -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test12-foo.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test12-foo.key -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test13-ca.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test13-ca.crt -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test13-foo.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test13-foo.conf -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test13-foo.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test13-foo.crt -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test13-foo.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test13-foo.key -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test2-ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFEjCCA/qgAwIBAgIJAMhXQk8+fsSgMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD 3 | VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG 4 | A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p 5 | dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw 6 | HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTMwMjIxMjMwNDM3 7 | WhcNMjMwMjE5MjMwNDM3WjCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw 8 | EwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsG 9 | A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv 10 | biBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0 11 | Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUjipiJn 12 | Kfa81hjmfBP1OlNJfGIebMCNzrvvMhdrBUP+iEuv8hxd+Cv8O/3r/CxGBuHqYFU/ 13 | 05dF9guVeJ6q9wYFimRVjoMAvB6rHVBouLFO8bxtiKKmQ7R7lEVgyvAYuDeeiQmg 14 | pAqwEioSNTskEtLT0vHf5KPkHGtbHLlAWaeVOA41Ksfc46uSbz29jDvAHFECOU0U 15 | 8JXkUFZp+r/H0lw66al275TpO1JNaP4mKTzXRYKEseRIAwDeV20h+phrH331lguj 16 | 0g5gDVEohPR2zLfXmT4PxAaUffyr5nkM7lieKvVcnU3bF0ACJyGOC1b1YtkPKx5s 17 | DHpm3A/ZDnmc5QIDAQABo4IBHzCCARswHQYDVR0OBBYEFObotfzfLd8Y5hqr+ddX 18 | UEme4r/bMIHrBgNVHSMEgeMwgeCAFObotfzfLd8Y5hqr+ddXUEme4r/boYG8pIG5 19 | MIG2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5j 20 | aXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXph 21 | dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF 22 | YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQDIV0JP 23 | Pn7EoDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCER8yRCqsGfE1o 24 | q4f6aui1qqlS6y8oxr0B2xKYFOnvje8n/qjSdo3t8hmr+7HNgGV77O0H6lyYxVBs 25 | a3N7hHyTjAvGC6BSWtNFIcHV9FeJf8J3MV0skbVra9HaCSEZDym/6SDOQw4hEuQ6 26 | jc9udQkPniVDokcacdnU/ccCFSTH1VHnwzNf04/i8KhUgeoIrd2dnwwtjm/8/2hE 27 | Uuq5GT8k5YDHKbiy/Dtuq/Esgqc/ayqLgvJ29qjOCsyjEyhad09peNdsD9II1XEv 28 | +0zTpS77LD3pPWuUDF6SHO4imJ1uw/W+WX6rVq2uUiiyE1T/pjWXotMBNJ+5007p 29 | o0crd/Vq 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test2-dh.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAJyt319BBVXAAoFcua9P3L9Q9hC00vpqKHgFJhJrRB+JX7WbZdTqI2ED 3 | 5L5ZFXgL3P/qRcP3qx96WhXxo9Cjk1PRv5EtduOoYT2IA72n52uPcPYx8eTQazzV 4 | WybpOe5nFEpnCetkW6LzssEC/n94hsQrBDnDOIzlUs68thOtoRfjAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test2-foo.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test2-foo.crt -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test2-foo.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test2-foo.key -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test2.crt: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 1 (0x1) 5 | Signature Algorithm: sha256WithRSAEncryption 6 | Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain 7 | Validity 8 | Not Before: Feb 21 23:05:34 2013 GMT 9 | Not After : Feb 19 23:05:34 2023 GMT 10 | Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server/name=EasyRSA/emailAddress=me@myhost.mydomain 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | RSA Public Key: (2048 bit) 14 | Modulus (2048 bit): 15 | 00:d4:b8:bd:8c:14:85:c7:af:e1:d1:e2:06:a6:43: 16 | aa:a6:18:f4:58:a1:72:8a:ee:15:b4:32:5e:d2:4c: 17 | ad:71:67:20:d3:eb:4e:86:62:51:e8:ef:63:10:77: 18 | c2:f7:0e:85:94:a6:34:f5:97:bd:8d:31:2a:98:71: 19 | 20:49:90:b0:71:87:3e:05:1a:f6:20:a6:3c:f6:83: 20 | 01:fc:68:a5:0b:2e:dc:c9:40:94:50:61:66:56:cf: 21 | 19:e1:b7:79:6d:ec:7c:99:3c:89:51:35:65:df:58: 22 | 54:d2:be:ff:3f:b0:8b:6c:01:79:4e:11:a2:f8:d0: 23 | 1e:18:f4:24:7e:a5:0a:d2:3b:75:42:95:04:88:dc: 24 | 11:ee:36:2e:13:de:a2:4e:7c:49:71:12:2d:23:d7: 25 | 79:68:78:ee:e8:b4:bc:42:df:21:a3:4b:cc:0d:48: 26 | 6e:fe:d0:2e:3e:54:25:65:a5:8c:31:4c:64:52:ba: 27 | d3:52:19:84:31:eb:58:69:21:21:f9:43:81:5e:98: 28 | 23:38:3e:0b:e4:26:26:b3:e8:81:e2:e5:92:56:aa: 29 | 30:83:c4:28:93:3f:00:7d:3f:aa:e9:ec:75:84:ee: 30 | fe:37:b5:08:25:2a:bf:7e:8d:f1:9e:8e:db:a7:80: 31 | 3e:d6:a7:8b:80:ce:f9:d6:eb:de:82:19:f3:a3:b6: 32 | c6:eb 33 | Exponent: 65537 (0x10001) 34 | X509v3 extensions: 35 | X509v3 Basic Constraints: 36 | CA:FALSE 37 | Netscape Cert Type: 38 | SSL Server 39 | Netscape Comment: 40 | Easy-RSA Generated Server Certificate 41 | X509v3 Subject Key Identifier: 42 | 18:32:6C:0C:1C:FB:8E:72:7E:6E:D8:46:1D:53:33:7C:C8:D1:FE:9C 43 | X509v3 Authority Key Identifier: 44 | keyid:E6:E8:B5:FC:DF:2D:DF:18:E6:1A:AB:F9:D7:57:50:49:9E:E2:BF:DB 45 | DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain 46 | serial:C8:57:42:4F:3E:7E:C4:A0 47 | 48 | X509v3 Extended Key Usage: 49 | TLS Web Server Authentication 50 | X509v3 Key Usage: 51 | Digital Signature, Key Encipherment 52 | Signature Algorithm: sha256WithRSAEncryption 53 | 66:0a:6c:54:17:92:ac:50:91:c7:8e:96:9f:3f:f4:21:f8:47: 54 | e6:63:a2:97:ce:8d:b7:97:89:2c:3d:d9:d7:fb:3c:09:38:b7: 55 | c1:4c:35:d2:01:9f:c8:0a:84:d2:02:ef:0e:a0:2d:51:c9:5c: 56 | 5a:da:da:f2:76:43:e1:b3:c9:15:8e:fe:53:b7:1b:32:70:82: 57 | 3b:ac:b8:3a:e0:00:d6:c0:53:99:48:1e:46:5d:33:40:6c:ed: 58 | 14:2a:2a:c5:32:c9:e7:9a:d8:e3:82:d3:b1:6a:54:00:94:96: 59 | a7:4a:af:48:6b:0a:0b:e8:06:74:40:0b:ae:5a:25:09:42:fe: 60 | 71:51:03:5b:7e:9e:43:fe:5a:f8:c1:4b:4b:55:d6:82:16:41: 61 | ec:23:75:33:3d:1c:81:bd:26:7a:36:0c:cd:f3:b6:74:e2:c4: 62 | 15:e9:ed:00:b5:f9:e4:b6:b3:59:dd:b9:be:cc:39:b2:9b:a6: 63 | e6:5b:e3:19:f7:fe:28:8e:0f:00:a9:3a:1c:ac:f1:06:19:06: 64 | 23:2e:24:7f:7d:e5:3b:11:56:a3:8f:aa:93:b8:1b:d9:b0:b2: 65 | cd:33:13:70:43:4c:14:7c:80:da:72:a7:6d:e5:3d:7a:f2:c4: 66 | 4b:93:70:5a:6e:22:c9:8b:ca:e8:cb:38:d6:13:db:0e:8f:cf: 67 | 4b:f1:b7:9d 68 | -----BEGIN CERTIFICATE----- 69 | MIIFaTCCBFGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx 70 | CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv 71 | cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV 72 | BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 73 | DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTEzMDIyMTIzMDUzNFoXDTIzMDIx 74 | OTIzMDUzNFowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM 75 | U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 76 | T3JnYW5pemF0aW9uYWxVbml0MQ8wDQYDVQQDEwZzZXJ2ZXIxEDAOBgNVBCkTB0Vh 77 | c3lSU0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCCASIwDQYJ 78 | KoZIhvcNAQEBBQADggEPADCCAQoCggEBANS4vYwUhcev4dHiBqZDqqYY9Fihcoru 79 | FbQyXtJMrXFnINPrToZiUejvYxB3wvcOhZSmNPWXvY0xKphxIEmQsHGHPgUa9iCm 80 | PPaDAfxopQsu3MlAlFBhZlbPGeG3eW3sfJk8iVE1Zd9YVNK+/z+wi2wBeU4RovjQ 81 | Hhj0JH6lCtI7dUKVBIjcEe42LhPeok58SXESLSPXeWh47ui0vELfIaNLzA1Ibv7Q 82 | Lj5UJWWljDFMZFK601IZhDHrWGkhIflDgV6YIzg+C+QmJrPogeLlklaqMIPEKJM/ 83 | AH0/qunsdYTu/je1CCUqv36N8Z6O26eAPtani4DO+dbr3oIZ86O2xusCAwEAAaOC 84 | AYcwggGDMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB 85 | DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud 86 | DgQWBBQYMmwMHPuOcn5u2EYdUzN8yNH+nDCB6wYDVR0jBIHjMIHggBTm6LX83y3f 87 | GOYaq/nXV1BJnuK/26GBvKSBuTCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB 88 | MRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEd 89 | MBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVu 90 | c3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlo 91 | b3N0Lm15ZG9tYWluggkAyFdCTz5+xKAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYD 92 | VR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQBmCmxUF5KsUJHHjpafP/Qh+Efm 93 | Y6KXzo23l4ksPdnX+zwJOLfBTDXSAZ/ICoTSAu8OoC1RyVxa2trydkPhs8kVjv5T 94 | txsycII7rLg64ADWwFOZSB5GXTNAbO0UKirFMsnnmtjjgtOxalQAlJanSq9IawoL 95 | 6AZ0QAuuWiUJQv5xUQNbfp5D/lr4wUtLVdaCFkHsI3UzPRyBvSZ6NgzN87Z04sQV 96 | 6e0AtfnktrNZ3bm+zDmym6bmW+MZ9/4ojg8AqTocrPEGGQYjLiR/feU7EVajj6qT 97 | uBvZsLLNMxNwQ0wUfIDacqdt5T168sRLk3BabiLJi8royzjWE9sOj89L8bed 98 | -----END CERTIFICATE----- 99 | -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test2.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEA1Li9jBSFx6/h0eIGpkOqphj0WKFyiu4VtDJe0kytcWcg0+tO 3 | hmJR6O9jEHfC9w6FlKY09Ze9jTEqmHEgSZCwcYc+BRr2IKY89oMB/GilCy7cyUCU 4 | UGFmVs8Z4bd5bex8mTyJUTVl31hU0r7/P7CLbAF5ThGi+NAeGPQkfqUK0jt1QpUE 5 | iNwR7jYuE96iTnxJcRItI9d5aHju6LS8Qt8ho0vMDUhu/tAuPlQlZaWMMUxkUrrT 6 | UhmEMetYaSEh+UOBXpgjOD4L5CYms+iB4uWSVqowg8Qokz8AfT+q6ex1hO7+N7UI 7 | JSq/fo3xno7bp4A+1qeLgM751uveghnzo7bG6wIDAQABAoIBAQCuJfQfuyluumIA 8 | Zq+U7G7HfkSETuAsNxATru0L8/RGk+w/MjPeNp3iOiD6+WDmy7+2W3+d1DU9YxQB 9 | KxQIxeh9eP/gRBtdzVq5YbV9g9oiVqIwLKt/Rs32oaQJsyA5StMSzImKr1GQUItY 10 | 4T6sUIdDy80Yib3HPvJ08WLzP4ClbMPCcWbfABpqoQZneYCK7ggAUN3ImS8YSQhq 11 | YHywEa16d8L9I6YCTbSS8vI34XrEXrihIlEx61FC6v1kaXPj4ETiyqO+CUSkrJlE 12 | tZt/8b4HFA2p17AeBUH/aNi2/ZY7AEoVaYlle+1MkBnacxrmj4ZLLfDXXGHevK+b 13 | fIL/VKRhAoGBAO2J3yBBF+zh5lGCTlYkFgi8bJ1Y5M4JcflTrtO9bFvAQRkwuT9m 14 | Zl9yjomISvzHW8UnLoAfiCg9/xjJG6zEAT4j1xzubSBrfsdarz8PDvKXrQ+sJp9D 15 | du4LkOIVv18mNlIAhl/CYDAW1lWJzCNR4VCYz3ZMF1W22h78LOLZDD0xAoGBAOVB 16 | GuLwChFPYaYzbKLP7RfHmW/ky3WiKQJrhZrg3dwWZ5/S+uZMHX1ki4B98QS71+4E 17 | qVabourGKL0nalQfH6DOUkcdOPdtv/94c/3BCbO14AFAVObKIMW2RIKuMb98GK61 18 | KJqQJFIg432DS4xAyW9aMwtzpXOQ7yYo8fao0c7bAoGACpgqnnqowYT1y87fBZKI 19 | dQ1KXt43HkVnkvI7ivAY5CK4BJKawIwlpr4qQ1IT3iBaJHnx5f8CCKFzPjzCAjuf 20 | vpDEqGKt9VM2DVgrFsnqJcHEEz3fXx0YMdfMN3k21tyScafaVm0J8zshhiEmPLEL 21 | NpgKMMGGDOmh4t3mdputoxECgYEA2eVheqUPzJgYhfGGpdDe1qU97x4VS79PHx+3 22 | Ixfrhw48e6n6Ev3xYYc5GG2bsRYhC/eeQ9U1qdOiUPavlzjlxN+VUEY0KOhFfrmr 23 | 9VmOsSKCwG22xI0FTSYKQ/LxEcEPbK5+4zlxbCYaUueB3NKPIqkmrxHCBe+RfkGY 24 | iQq4L9UCgYA7Zk3UVSdHh2PjAES2PXgIWevbT1L4Lr5w1Aqw21uaCB7K5ibRiaWm 25 | 4zgTjVY4+HAmzJSPTF/G4AjHHdVnbWMCsjUqDLvA5zrX+gPHCyVj5yjTF4npH1AN 26 | 3jz0ZiGxYoZ5LTdbNbeG12yEsojVg6pd+faW7mccVI8T7yrjrpbf3Q== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test3-ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFEjCCA/qgAwIBAgIJAMhXQk8+fsSgMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD 3 | VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG 4 | A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p 5 | dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw 6 | HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTMwMjIxMjMwNDM3 7 | WhcNMjMwMjE5MjMwNDM3WjCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw 8 | EwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsG 9 | A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv 10 | biBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0 11 | Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUjipiJn 12 | Kfa81hjmfBP1OlNJfGIebMCNzrvvMhdrBUP+iEuv8hxd+Cv8O/3r/CxGBuHqYFU/ 13 | 05dF9guVeJ6q9wYFimRVjoMAvB6rHVBouLFO8bxtiKKmQ7R7lEVgyvAYuDeeiQmg 14 | pAqwEioSNTskEtLT0vHf5KPkHGtbHLlAWaeVOA41Ksfc46uSbz29jDvAHFECOU0U 15 | 8JXkUFZp+r/H0lw66al275TpO1JNaP4mKTzXRYKEseRIAwDeV20h+phrH331lguj 16 | 0g5gDVEohPR2zLfXmT4PxAaUffyr5nkM7lieKvVcnU3bF0ACJyGOC1b1YtkPKx5s 17 | DHpm3A/ZDnmc5QIDAQABo4IBHzCCARswHQYDVR0OBBYEFObotfzfLd8Y5hqr+ddX 18 | UEme4r/bMIHrBgNVHSMEgeMwgeCAFObotfzfLd8Y5hqr+ddXUEme4r/boYG8pIG5 19 | MIG2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5j 20 | aXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXph 21 | dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF 22 | YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQDIV0JP 23 | Pn7EoDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCER8yRCqsGfE1o 24 | q4f6aui1qqlS6y8oxr0B2xKYFOnvje8n/qjSdo3t8hmr+7HNgGV77O0H6lyYxVBs 25 | a3N7hHyTjAvGC6BSWtNFIcHV9FeJf8J3MV0skbVra9HaCSEZDym/6SDOQw4hEuQ6 26 | jc9udQkPniVDokcacdnU/ccCFSTH1VHnwzNf04/i8KhUgeoIrd2dnwwtjm/8/2hE 27 | Uuq5GT8k5YDHKbiy/Dtuq/Esgqc/ayqLgvJ29qjOCsyjEyhad09peNdsD9II1XEv 28 | +0zTpS77LD3pPWuUDF6SHO4imJ1uw/W+WX6rVq2uUiiyE1T/pjWXotMBNJ+5007p 29 | o0crd/Vq 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test3-dh.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAJyt319BBVXAAoFcua9P3L9Q9hC00vpqKHgFJhJrRB+JX7WbZdTqI2ED 3 | 5L5ZFXgL3P/qRcP3qx96WhXxo9Cjk1PRv5EtduOoYT2IA72n52uPcPYx8eTQazzV 4 | WybpOe5nFEpnCetkW6LzssEC/n94hsQrBDnDOIzlUs68thOtoRfjAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test3-foo.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test3-foo.crt -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test3-foo.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/spec/support/my-cookbooks/openvpn-files/files/default/test3-foo.key -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test3.crt: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 1 (0x1) 5 | Signature Algorithm: sha256WithRSAEncryption 6 | Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain 7 | Validity 8 | Not Before: Feb 21 23:05:34 2013 GMT 9 | Not After : Feb 19 23:05:34 2023 GMT 10 | Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server/name=EasyRSA/emailAddress=me@myhost.mydomain 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | RSA Public Key: (2048 bit) 14 | Modulus (2048 bit): 15 | 00:d4:b8:bd:8c:14:85:c7:af:e1:d1:e2:06:a6:43: 16 | aa:a6:18:f4:58:a1:72:8a:ee:15:b4:32:5e:d2:4c: 17 | ad:71:67:20:d3:eb:4e:86:62:51:e8:ef:63:10:77: 18 | c2:f7:0e:85:94:a6:34:f5:97:bd:8d:31:2a:98:71: 19 | 20:49:90:b0:71:87:3e:05:1a:f6:20:a6:3c:f6:83: 20 | 01:fc:68:a5:0b:2e:dc:c9:40:94:50:61:66:56:cf: 21 | 19:e1:b7:79:6d:ec:7c:99:3c:89:51:35:65:df:58: 22 | 54:d2:be:ff:3f:b0:8b:6c:01:79:4e:11:a2:f8:d0: 23 | 1e:18:f4:24:7e:a5:0a:d2:3b:75:42:95:04:88:dc: 24 | 11:ee:36:2e:13:de:a2:4e:7c:49:71:12:2d:23:d7: 25 | 79:68:78:ee:e8:b4:bc:42:df:21:a3:4b:cc:0d:48: 26 | 6e:fe:d0:2e:3e:54:25:65:a5:8c:31:4c:64:52:ba: 27 | d3:52:19:84:31:eb:58:69:21:21:f9:43:81:5e:98: 28 | 23:38:3e:0b:e4:26:26:b3:e8:81:e2:e5:92:56:aa: 29 | 30:83:c4:28:93:3f:00:7d:3f:aa:e9:ec:75:84:ee: 30 | fe:37:b5:08:25:2a:bf:7e:8d:f1:9e:8e:db:a7:80: 31 | 3e:d6:a7:8b:80:ce:f9:d6:eb:de:82:19:f3:a3:b6: 32 | c6:eb 33 | Exponent: 65537 (0x10001) 34 | X509v3 extensions: 35 | X509v3 Basic Constraints: 36 | CA:FALSE 37 | Netscape Cert Type: 38 | SSL Server 39 | Netscape Comment: 40 | Easy-RSA Generated Server Certificate 41 | X509v3 Subject Key Identifier: 42 | 18:32:6C:0C:1C:FB:8E:72:7E:6E:D8:46:1D:53:33:7C:C8:D1:FE:9C 43 | X509v3 Authority Key Identifier: 44 | keyid:E6:E8:B5:FC:DF:2D:DF:18:E6:1A:AB:F9:D7:57:50:49:9E:E2:BF:DB 45 | DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain 46 | serial:C8:57:42:4F:3E:7E:C4:A0 47 | 48 | X509v3 Extended Key Usage: 49 | TLS Web Server Authentication 50 | X509v3 Key Usage: 51 | Digital Signature, Key Encipherment 52 | Signature Algorithm: sha256WithRSAEncryption 53 | 66:0a:6c:54:17:92:ac:50:91:c7:8e:96:9f:3f:f4:21:f8:47: 54 | e6:63:a2:97:ce:8d:b7:97:89:2c:3d:d9:d7:fb:3c:09:38:b7: 55 | c1:4c:35:d2:01:9f:c8:0a:84:d2:02:ef:0e:a0:2d:51:c9:5c: 56 | 5a:da:da:f2:76:43:e1:b3:c9:15:8e:fe:53:b7:1b:32:70:82: 57 | 3b:ac:b8:3a:e0:00:d6:c0:53:99:48:1e:46:5d:33:40:6c:ed: 58 | 14:2a:2a:c5:32:c9:e7:9a:d8:e3:82:d3:b1:6a:54:00:94:96: 59 | a7:4a:af:48:6b:0a:0b:e8:06:74:40:0b:ae:5a:25:09:42:fe: 60 | 71:51:03:5b:7e:9e:43:fe:5a:f8:c1:4b:4b:55:d6:82:16:41: 61 | ec:23:75:33:3d:1c:81:bd:26:7a:36:0c:cd:f3:b6:74:e2:c4: 62 | 15:e9:ed:00:b5:f9:e4:b6:b3:59:dd:b9:be:cc:39:b2:9b:a6: 63 | e6:5b:e3:19:f7:fe:28:8e:0f:00:a9:3a:1c:ac:f1:06:19:06: 64 | 23:2e:24:7f:7d:e5:3b:11:56:a3:8f:aa:93:b8:1b:d9:b0:b2: 65 | cd:33:13:70:43:4c:14:7c:80:da:72:a7:6d:e5:3d:7a:f2:c4: 66 | 4b:93:70:5a:6e:22:c9:8b:ca:e8:cb:38:d6:13:db:0e:8f:cf: 67 | 4b:f1:b7:9d 68 | -----BEGIN CERTIFICATE----- 69 | MIIFaTCCBFGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx 70 | CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv 71 | cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV 72 | BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 73 | DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTEzMDIyMTIzMDUzNFoXDTIzMDIx 74 | OTIzMDUzNFowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM 75 | U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 76 | T3JnYW5pemF0aW9uYWxVbml0MQ8wDQYDVQQDEwZzZXJ2ZXIxEDAOBgNVBCkTB0Vh 77 | c3lSU0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCCASIwDQYJ 78 | KoZIhvcNAQEBBQADggEPADCCAQoCggEBANS4vYwUhcev4dHiBqZDqqYY9Fihcoru 79 | FbQyXtJMrXFnINPrToZiUejvYxB3wvcOhZSmNPWXvY0xKphxIEmQsHGHPgUa9iCm 80 | PPaDAfxopQsu3MlAlFBhZlbPGeG3eW3sfJk8iVE1Zd9YVNK+/z+wi2wBeU4RovjQ 81 | Hhj0JH6lCtI7dUKVBIjcEe42LhPeok58SXESLSPXeWh47ui0vELfIaNLzA1Ibv7Q 82 | Lj5UJWWljDFMZFK601IZhDHrWGkhIflDgV6YIzg+C+QmJrPogeLlklaqMIPEKJM/ 83 | AH0/qunsdYTu/je1CCUqv36N8Z6O26eAPtani4DO+dbr3oIZ86O2xusCAwEAAaOC 84 | AYcwggGDMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB 85 | DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud 86 | DgQWBBQYMmwMHPuOcn5u2EYdUzN8yNH+nDCB6wYDVR0jBIHjMIHggBTm6LX83y3f 87 | GOYaq/nXV1BJnuK/26GBvKSBuTCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB 88 | MRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEd 89 | MBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVu 90 | c3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlo 91 | b3N0Lm15ZG9tYWluggkAyFdCTz5+xKAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYD 92 | VR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQBmCmxUF5KsUJHHjpafP/Qh+Efm 93 | Y6KXzo23l4ksPdnX+zwJOLfBTDXSAZ/ICoTSAu8OoC1RyVxa2trydkPhs8kVjv5T 94 | txsycII7rLg64ADWwFOZSB5GXTNAbO0UKirFMsnnmtjjgtOxalQAlJanSq9IawoL 95 | 6AZ0QAuuWiUJQv5xUQNbfp5D/lr4wUtLVdaCFkHsI3UzPRyBvSZ6NgzN87Z04sQV 96 | 6e0AtfnktrNZ3bm+zDmym6bmW+MZ9/4ojg8AqTocrPEGGQYjLiR/feU7EVajj6qT 97 | uBvZsLLNMxNwQ0wUfIDacqdt5T168sRLk3BabiLJi8royzjWE9sOj89L8bed 98 | -----END CERTIFICATE----- 99 | -------------------------------------------------------------------------------- /spec/support/my-cookbooks/openvpn-files/files/default/test3.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEA1Li9jBSFx6/h0eIGpkOqphj0WKFyiu4VtDJe0kytcWcg0+tO 3 | hmJR6O9jEHfC9w6FlKY09Ze9jTEqmHEgSZCwcYc+BRr2IKY89oMB/GilCy7cyUCU 4 | UGFmVs8Z4bd5bex8mTyJUTVl31hU0r7/P7CLbAF5ThGi+NAeGPQkfqUK0jt1QpUE 5 | iNwR7jYuE96iTnxJcRItI9d5aHju6LS8Qt8ho0vMDUhu/tAuPlQlZaWMMUxkUrrT 6 | UhmEMetYaSEh+UOBXpgjOD4L5CYms+iB4uWSVqowg8Qokz8AfT+q6ex1hO7+N7UI 7 | JSq/fo3xno7bp4A+1qeLgM751uveghnzo7bG6wIDAQABAoIBAQCuJfQfuyluumIA 8 | Zq+U7G7HfkSETuAsNxATru0L8/RGk+w/MjPeNp3iOiD6+WDmy7+2W3+d1DU9YxQB 9 | KxQIxeh9eP/gRBtdzVq5YbV9g9oiVqIwLKt/Rs32oaQJsyA5StMSzImKr1GQUItY 10 | 4T6sUIdDy80Yib3HPvJ08WLzP4ClbMPCcWbfABpqoQZneYCK7ggAUN3ImS8YSQhq 11 | YHywEa16d8L9I6YCTbSS8vI34XrEXrihIlEx61FC6v1kaXPj4ETiyqO+CUSkrJlE 12 | tZt/8b4HFA2p17AeBUH/aNi2/ZY7AEoVaYlle+1MkBnacxrmj4ZLLfDXXGHevK+b 13 | fIL/VKRhAoGBAO2J3yBBF+zh5lGCTlYkFgi8bJ1Y5M4JcflTrtO9bFvAQRkwuT9m 14 | Zl9yjomISvzHW8UnLoAfiCg9/xjJG6zEAT4j1xzubSBrfsdarz8PDvKXrQ+sJp9D 15 | du4LkOIVv18mNlIAhl/CYDAW1lWJzCNR4VCYz3ZMF1W22h78LOLZDD0xAoGBAOVB 16 | GuLwChFPYaYzbKLP7RfHmW/ky3WiKQJrhZrg3dwWZ5/S+uZMHX1ki4B98QS71+4E 17 | qVabourGKL0nalQfH6DOUkcdOPdtv/94c/3BCbO14AFAVObKIMW2RIKuMb98GK61 18 | KJqQJFIg432DS4xAyW9aMwtzpXOQ7yYo8fao0c7bAoGACpgqnnqowYT1y87fBZKI 19 | dQ1KXt43HkVnkvI7ivAY5CK4BJKawIwlpr4qQ1IT3iBaJHnx5f8CCKFzPjzCAjuf 20 | vpDEqGKt9VM2DVgrFsnqJcHEEz3fXx0YMdfMN3k21tyScafaVm0J8zshhiEmPLEL 21 | NpgKMMGGDOmh4t3mdputoxECgYEA2eVheqUPzJgYhfGGpdDe1qU97x4VS79PHx+3 22 | Ixfrhw48e6n6Ev3xYYc5GG2bsRYhC/eeQ9U1qdOiUPavlzjlxN+VUEY0KOhFfrmr 23 | 9VmOsSKCwG22xI0FTSYKQ/LxEcEPbK5+4zlxbCYaUueB3NKPIqkmrxHCBe+RfkGY 24 | iQq4L9UCgYA7Zk3UVSdHh2PjAES2PXgIWevbT1L4Lr5w1Aqw21uaCB7K5ibRiaWm 25 | 4zgTjVY4+HAmzJSPTF/G4AjHHdVnbWMCsjUqDLvA5zrX+gPHCyVj5yjTF4npH1AN 26 | 3jz0ZiGxYoZ5LTdbNbeG12yEsojVg6pd+faW7mccVI8T7yrjrpbf3Q== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /spec/use_community_repos_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'openvpn::use_community_repos' do 4 | let(:chef_runner) do 5 | ChefSpec::ChefRunner.new(:cookbook_path => cb_path, :step_into => ['apt_repository']) 6 | end 7 | 8 | let(:chef_run) do 9 | chef_runner.converge 'apt', 'openvpn::use_community_repos' 10 | end 11 | 12 | { 13 | '5.0.0' => 'openvpn-lenny', 14 | '6.0.0' => 'openvpn-squeeze', 15 | '7.0.0' => 'openvpn-wheezy' 16 | }.each do |version, repo| 17 | context "on Debian #{version}" do 18 | it "creates #{repo} list" do 19 | chef_runner.node.automatic_attrs['platform'] = 'debian' 20 | chef_runner.node.automatic_attrs['platform_version'] = version 21 | chef_run = chef_runner.converge 'apt', 'openvpn::use_community_repos' 22 | expect(chef_run).to create_file "/etc/apt/sources.list.d/#{repo}.list" 23 | end 24 | end 25 | end 26 | 27 | { 28 | '10.04' => 'openvpn-lucid', 29 | '10.10' => 'openvpn-lucid', 30 | '11.04' => 'openvpn-lucid', 31 | '11.10' => 'openvpn-lucid', 32 | '12.04' => 'openvpn-precise', 33 | '13.04' => 'openvpn-raring', 34 | '13.10' => 'openvpn-saucy' 35 | }.each do |version, repo| 36 | context "on Ubuntu #{version}" do 37 | it "creates #{repo} list" do 38 | chef_runner.node.automatic_attrs['platform'] = 'ubuntu' 39 | chef_runner.node.automatic_attrs['platform_version'] = version 40 | chef_run = chef_runner.converge 'apt', 'openvpn::use_community_repos' 41 | expect(chef_run).to create_file "/etc/apt/sources.list.d/#{repo}.list" 42 | end 43 | end 44 | end 45 | end 46 | -------------------------------------------------------------------------------- /spec/users_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'openvpn::users' do 4 | let(:chef_runner) do 5 | runner = ChefSpec::ChefRunner.new(:cookbook_path => cb_path) 6 | runner.node.set['openvpn']['configs'] = configs 7 | runner 8 | end 9 | 10 | let(:chef_run) do 11 | chef_runner.converge 'openvpn::users' 12 | end 13 | 14 | before do 15 | Chef::Config[:data_bag_path] = 'spec/support/data_bags' 16 | end 17 | 18 | configs.keys.each do |config_name| 19 | context "for config #{config_name}" do 20 | it 'creates users directory' do 21 | expect(chef_run).to create_directory "/etc/openvpn/#{config_name}/users" 22 | end 23 | 24 | it 'creates .conf file' do 25 | expect(chef_run).to create_file_with_content config_sub_file(config_name, "users/#{config_name}-foo.conf"), "" 26 | end 27 | 28 | it 'creates necessary cert/key files if needed' do 29 | if config_name == 'test2' or config_name == 'test3' 30 | expect(chef_run).to create_file_with_content config_sub_file(config_name, "users/#{config_name}-foo.crt"), "" 31 | expect(chef_run).to create_file_with_content config_sub_file(config_name, "users/#{config_name}-foo.key"), "" 32 | end 33 | end 34 | end 35 | end 36 | end 37 | -------------------------------------------------------------------------------- /templates/default/auth.rb.erb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/ruby 2 | 3 | # Generated by Chef - local changes will be overwritten 4 | 5 | f = File.open(ARGV[0], 'rb') 6 | 7 | user = f.readline.chomp 8 | pass = f.readline.chomp 9 | 10 | $users = <%= @users.inspect %> 11 | 12 | if $users[user] == pass 13 | exit 0 14 | end 15 | 16 | exit 1 17 | -------------------------------------------------------------------------------- /templates/default/client.conf.erb: -------------------------------------------------------------------------------- 1 | # OpenVPN client config file 2 | # 3 | # Generated by Chef 4 | 5 | client 6 | 7 | remote <%= @config[:remote_host] %> <%= @config[:remote_port] ? @config[:remote_port] : @config[:port] %> 8 | proto <%= @config[:proto] %> 9 | dev <%= @config[:dev] %> 10 | ;dev-node OpenVPN-TAP 11 | 12 | <% if (@config[:auth][:type] == "cert_passwd") or (@config[:auth][:type] == "passwd") -%> 13 | auth-user-pass 14 | ;auth-nocache 15 | <% end -%> 16 | 17 | <% if (@config[:auth][:type] == "cert") or (@config[:auth][:type] == "cert_passwd") -%> 18 | cert <%= @config_name %>-<%= @user_name %>.crt 19 | key <%= @config_name %>-<%= @user_name %>.key 20 | <% end -%> 21 | 22 | ca <%= @config_name %>-<%= @user_name %>-ca.crt 23 | 24 | ns-cert-type server 25 | 26 | resolv-retry infinite 27 | nobind 28 | 29 | <%= "comp-lzo" if @config[:comp_lzo] %> 30 | 31 | <%= "tls-cipher #{@config[:tls_cipher_algos]}" if @config[:tls_cipher_algos] %> 32 | <%= "cipher #{@config[:cipher_algo]}" if @config[:cipher_algo] %> 33 | <%= "keysize #{@config[:keysize]}" if @config[:keysize] %> 34 | <%= "auth #{@config[:auth_algo]}" if @config[:auth_algo] %> 35 | 36 | user openvpn 37 | group openvpn 38 | 39 | persist-key 40 | persist-tun 41 | 42 | tmp-dir /tmp 43 | log-append /var/log/openvpn/<%= @config_name %>.log 44 | ;mute-replay-warnings 45 | verb 3 46 | mute 20 47 | -------------------------------------------------------------------------------- /templates/default/server.conf.erb: -------------------------------------------------------------------------------- 1 | # OpenVPN server config file 2 | # 3 | # Generated by Chef - local changes will be overwritten 4 | 5 | port <%= @config[:port] %> 6 | proto <%= @config[:proto] %> 7 | dev <%= @config[:dev] %> 8 | 9 | <% if (@config[:auth][:type] == "cert_passwd") or (@config[:auth][:type] == "passwd") -%> 10 | script-security 2 11 | auth-user-pass-verify /etc/openvpn/<%= @config_name %>/auth.rb via-file 12 | <% end -%> 13 | 14 | <% if @config[:auth][:type] == "passwd" -%> 15 | client-cert-not-required 16 | username-as-common-name 17 | <% end -%> 18 | 19 | client-config-dir /etc/openvpn/<%= @config_name %>/ccd 20 | 21 | ca /etc/openvpn/<%= @config_name %>/<%= @config_name %>-ca.crt 22 | cert /etc/openvpn/<%= @config_name %>/<%= @config_name %>.crt 23 | key /etc/openvpn/<%= @config_name %>/<%= @config_name %>.key 24 | dh /etc/openvpn/<%= @config_name %>/<%= @config_name %>-dh.pem 25 | 26 | <% if @config[:auth][:type] != "passwd" -%> 27 | ifconfig-pool-persist /etc/openvpn/<%= @config_name %>/<%= @config_name %>.ipp 28 | <% end -%> 29 | 30 | <% if @config[:mode] == "routed" -%> 31 | <%= "topology #{@config[:topology]}" if @config[:topology] %> 32 | <%= "server #{@config[:subnet]} #{@config[:netmask]}" if @config[:subnet] %> 33 | <%= "server-ipv6 #{@config[:subnet6]}" if @config[:subnet6] %> 34 | <% end -%> 35 | 36 | <% if @config[:mode] == "bridged" -%> 37 | <%= "server-bridge #{@config[:server_ip]} #{@config[:netmask]} #{@config[:dhcp_start]} #{@config[:dhcp_end]}" %> 38 | <% end -%> 39 | 40 | <%= "push \"redirect-gateway def1\"" if @config[:redirect_gateway] %> 41 | <%= "push \"dhcp-option DNS #{@config[:push_dns_server]}\"" if @config[:push_dns_server] %> 42 | 43 | <% (@config[:push] || []).each do |directive| -%> 44 | <%= "push \"#{directive}\"" %> 45 | <% end -%> 46 | 47 | <% (@config[:routes] || []).each do |route| -%> 48 | <%= "route #{route}" %> 49 | <% end -%> 50 | 51 | <%= "duplicate-cn" if @config[:allow_duplicate_cn] %> 52 | <%= "client-to-client" if @config[:allow_client_to_client] %> 53 | 54 | <%= "keepalive #{@config[:keepalive_interval]} #{@config[:keepalive_timeout]}" if @config[:keepalive_interval] and @config[:keepalive_timeout] %> 55 | 56 | <%= "comp-lzo" if @config[:comp_lzo] %> 57 | 58 | <%= "tls-cipher #{@config[:tls_cipher_algos]}" if @config[:tls_cipher_algos] %> 59 | <%= "cipher #{@config[:cipher_algo]}" if @config[:cipher_algo] %> 60 | <%= "keysize #{@config[:keysize]}" if @config[:keysize] %> 61 | <%= "auth #{@config[:auth_algo]}" if @config[:auth_algo] %> 62 | 63 | user openvpn 64 | group openvpn 65 | 66 | persist-key 67 | persist-tun 68 | 69 | tmp-dir /tmp 70 | status /var/log/openvpn/<%= @config_name %>-status.log 71 | log-append /var/log/openvpn/<%= @config_name %>.log 72 | verb 3 73 | mute 20 74 | -------------------------------------------------------------------------------- /test/kitchen/Kitchenfile: -------------------------------------------------------------------------------- 1 | 2 | platform :debian do 3 | version "6.0.6" do 4 | box "squeeze32" 5 | # locally importet into vagrant, no download! 6 | box_url "http://bogus.url" 7 | end 8 | end 9 | 10 | cookbook "openvpn" do 11 | exclude :platform => 'ubuntu' 12 | # call test cookbook 13 | run_list_extras ['openvpn_test::default'] 14 | end 15 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/README.md: -------------------------------------------------------------------------------- 1 | # chef-openvpn_test 2 | 3 | ## Description 4 | 5 | This cookbook serves the purpose of providing OpenVPN configuration for testing. 6 | 7 | ## License 8 | 9 | chef-openvpn_test is licensed under the Apache License, Version 2.0. See LICENSE for more information. 10 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/attributes/default.rb: -------------------------------------------------------------------------------- 1 | 2 | # configure the openvpn cookbook from here 3 | default[:openvpn][:configs] = { 4 | 'test1' => { 5 | :port => 1194, 6 | :proto => 'udp', 7 | :dev => 'tun', 8 | :mode => 'routed', 9 | :remote_host => 'localhost', 10 | :subnet => '10.8.0.0', 11 | :netmask => '255.255.255.0', 12 | :auth => { 13 | :type => :passwd 14 | }, 15 | :dh_keysize => 1024, 16 | # load cert/key files from here too 17 | :file_cookbook => 'openvpn_test' 18 | }, 19 | 'test2' => { 20 | :port => 1195, 21 | :proto => 'udp', 22 | :dev => 'tun', 23 | :mode => 'routed', 24 | :remote_host => 'localhost', 25 | :subnet => '10.9.0.0', 26 | :netmask => '255.255.255.0', 27 | :auth => { 28 | :type => :cert_passwd 29 | }, 30 | :dh_keysize => 1024, 31 | # load cert/key files from here too 32 | :file_cookbook => 'openvpn_test' 33 | }, 34 | 'test3' => { 35 | :port => 1196, 36 | :proto => 'udp', 37 | :dev => 'tun', 38 | :mode => 'routed', 39 | :remote_host => 'localhost', 40 | :subnet => '10.10.0.0', 41 | :netmask => '255.255.255.0', 42 | :auth => { 43 | :type => :cert 44 | }, 45 | :dh_keysize => 1024, 46 | # load cert/key files from here too 47 | :file_cookbook => 'openvpn_test' 48 | } 49 | } 50 | 51 | default[:openvpn][:client_configs] = {} 52 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/files/default/test1-ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFEjCCA/qgAwIBAgIJAMhXQk8+fsSgMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD 3 | VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG 4 | A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p 5 | dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw 6 | HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTMwMjIxMjMwNDM3 7 | WhcNMjMwMjE5MjMwNDM3WjCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw 8 | EwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsG 9 | A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv 10 | biBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0 11 | Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUjipiJn 12 | Kfa81hjmfBP1OlNJfGIebMCNzrvvMhdrBUP+iEuv8hxd+Cv8O/3r/CxGBuHqYFU/ 13 | 05dF9guVeJ6q9wYFimRVjoMAvB6rHVBouLFO8bxtiKKmQ7R7lEVgyvAYuDeeiQmg 14 | pAqwEioSNTskEtLT0vHf5KPkHGtbHLlAWaeVOA41Ksfc46uSbz29jDvAHFECOU0U 15 | 8JXkUFZp+r/H0lw66al275TpO1JNaP4mKTzXRYKEseRIAwDeV20h+phrH331lguj 16 | 0g5gDVEohPR2zLfXmT4PxAaUffyr5nkM7lieKvVcnU3bF0ACJyGOC1b1YtkPKx5s 17 | DHpm3A/ZDnmc5QIDAQABo4IBHzCCARswHQYDVR0OBBYEFObotfzfLd8Y5hqr+ddX 18 | UEme4r/bMIHrBgNVHSMEgeMwgeCAFObotfzfLd8Y5hqr+ddXUEme4r/boYG8pIG5 19 | MIG2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5j 20 | aXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXph 21 | dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF 22 | YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQDIV0JP 23 | Pn7EoDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCER8yRCqsGfE1o 24 | q4f6aui1qqlS6y8oxr0B2xKYFOnvje8n/qjSdo3t8hmr+7HNgGV77O0H6lyYxVBs 25 | a3N7hHyTjAvGC6BSWtNFIcHV9FeJf8J3MV0skbVra9HaCSEZDym/6SDOQw4hEuQ6 26 | jc9udQkPniVDokcacdnU/ccCFSTH1VHnwzNf04/i8KhUgeoIrd2dnwwtjm/8/2hE 27 | Uuq5GT8k5YDHKbiy/Dtuq/Esgqc/ayqLgvJ29qjOCsyjEyhad09peNdsD9II1XEv 28 | +0zTpS77LD3pPWuUDF6SHO4imJ1uw/W+WX6rVq2uUiiyE1T/pjWXotMBNJ+5007p 29 | o0crd/Vq 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/files/default/test1.crt: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 1 (0x1) 5 | Signature Algorithm: sha256WithRSAEncryption 6 | Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain 7 | Validity 8 | Not Before: Feb 21 23:05:34 2013 GMT 9 | Not After : Feb 19 23:05:34 2023 GMT 10 | Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server/name=EasyRSA/emailAddress=me@myhost.mydomain 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | RSA Public Key: (2048 bit) 14 | Modulus (2048 bit): 15 | 00:d4:b8:bd:8c:14:85:c7:af:e1:d1:e2:06:a6:43: 16 | aa:a6:18:f4:58:a1:72:8a:ee:15:b4:32:5e:d2:4c: 17 | ad:71:67:20:d3:eb:4e:86:62:51:e8:ef:63:10:77: 18 | c2:f7:0e:85:94:a6:34:f5:97:bd:8d:31:2a:98:71: 19 | 20:49:90:b0:71:87:3e:05:1a:f6:20:a6:3c:f6:83: 20 | 01:fc:68:a5:0b:2e:dc:c9:40:94:50:61:66:56:cf: 21 | 19:e1:b7:79:6d:ec:7c:99:3c:89:51:35:65:df:58: 22 | 54:d2:be:ff:3f:b0:8b:6c:01:79:4e:11:a2:f8:d0: 23 | 1e:18:f4:24:7e:a5:0a:d2:3b:75:42:95:04:88:dc: 24 | 11:ee:36:2e:13:de:a2:4e:7c:49:71:12:2d:23:d7: 25 | 79:68:78:ee:e8:b4:bc:42:df:21:a3:4b:cc:0d:48: 26 | 6e:fe:d0:2e:3e:54:25:65:a5:8c:31:4c:64:52:ba: 27 | d3:52:19:84:31:eb:58:69:21:21:f9:43:81:5e:98: 28 | 23:38:3e:0b:e4:26:26:b3:e8:81:e2:e5:92:56:aa: 29 | 30:83:c4:28:93:3f:00:7d:3f:aa:e9:ec:75:84:ee: 30 | fe:37:b5:08:25:2a:bf:7e:8d:f1:9e:8e:db:a7:80: 31 | 3e:d6:a7:8b:80:ce:f9:d6:eb:de:82:19:f3:a3:b6: 32 | c6:eb 33 | Exponent: 65537 (0x10001) 34 | X509v3 extensions: 35 | X509v3 Basic Constraints: 36 | CA:FALSE 37 | Netscape Cert Type: 38 | SSL Server 39 | Netscape Comment: 40 | Easy-RSA Generated Server Certificate 41 | X509v3 Subject Key Identifier: 42 | 18:32:6C:0C:1C:FB:8E:72:7E:6E:D8:46:1D:53:33:7C:C8:D1:FE:9C 43 | X509v3 Authority Key Identifier: 44 | keyid:E6:E8:B5:FC:DF:2D:DF:18:E6:1A:AB:F9:D7:57:50:49:9E:E2:BF:DB 45 | DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain 46 | serial:C8:57:42:4F:3E:7E:C4:A0 47 | 48 | X509v3 Extended Key Usage: 49 | TLS Web Server Authentication 50 | X509v3 Key Usage: 51 | Digital Signature, Key Encipherment 52 | Signature Algorithm: sha256WithRSAEncryption 53 | 66:0a:6c:54:17:92:ac:50:91:c7:8e:96:9f:3f:f4:21:f8:47: 54 | e6:63:a2:97:ce:8d:b7:97:89:2c:3d:d9:d7:fb:3c:09:38:b7: 55 | c1:4c:35:d2:01:9f:c8:0a:84:d2:02:ef:0e:a0:2d:51:c9:5c: 56 | 5a:da:da:f2:76:43:e1:b3:c9:15:8e:fe:53:b7:1b:32:70:82: 57 | 3b:ac:b8:3a:e0:00:d6:c0:53:99:48:1e:46:5d:33:40:6c:ed: 58 | 14:2a:2a:c5:32:c9:e7:9a:d8:e3:82:d3:b1:6a:54:00:94:96: 59 | a7:4a:af:48:6b:0a:0b:e8:06:74:40:0b:ae:5a:25:09:42:fe: 60 | 71:51:03:5b:7e:9e:43:fe:5a:f8:c1:4b:4b:55:d6:82:16:41: 61 | ec:23:75:33:3d:1c:81:bd:26:7a:36:0c:cd:f3:b6:74:e2:c4: 62 | 15:e9:ed:00:b5:f9:e4:b6:b3:59:dd:b9:be:cc:39:b2:9b:a6: 63 | e6:5b:e3:19:f7:fe:28:8e:0f:00:a9:3a:1c:ac:f1:06:19:06: 64 | 23:2e:24:7f:7d:e5:3b:11:56:a3:8f:aa:93:b8:1b:d9:b0:b2: 65 | cd:33:13:70:43:4c:14:7c:80:da:72:a7:6d:e5:3d:7a:f2:c4: 66 | 4b:93:70:5a:6e:22:c9:8b:ca:e8:cb:38:d6:13:db:0e:8f:cf: 67 | 4b:f1:b7:9d 68 | -----BEGIN CERTIFICATE----- 69 | MIIFaTCCBFGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx 70 | CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv 71 | cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV 72 | BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 73 | DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTEzMDIyMTIzMDUzNFoXDTIzMDIx 74 | OTIzMDUzNFowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM 75 | U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 76 | T3JnYW5pemF0aW9uYWxVbml0MQ8wDQYDVQQDEwZzZXJ2ZXIxEDAOBgNVBCkTB0Vh 77 | c3lSU0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCCASIwDQYJ 78 | KoZIhvcNAQEBBQADggEPADCCAQoCggEBANS4vYwUhcev4dHiBqZDqqYY9Fihcoru 79 | FbQyXtJMrXFnINPrToZiUejvYxB3wvcOhZSmNPWXvY0xKphxIEmQsHGHPgUa9iCm 80 | PPaDAfxopQsu3MlAlFBhZlbPGeG3eW3sfJk8iVE1Zd9YVNK+/z+wi2wBeU4RovjQ 81 | Hhj0JH6lCtI7dUKVBIjcEe42LhPeok58SXESLSPXeWh47ui0vELfIaNLzA1Ibv7Q 82 | Lj5UJWWljDFMZFK601IZhDHrWGkhIflDgV6YIzg+C+QmJrPogeLlklaqMIPEKJM/ 83 | AH0/qunsdYTu/je1CCUqv36N8Z6O26eAPtani4DO+dbr3oIZ86O2xusCAwEAAaOC 84 | AYcwggGDMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB 85 | DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud 86 | DgQWBBQYMmwMHPuOcn5u2EYdUzN8yNH+nDCB6wYDVR0jBIHjMIHggBTm6LX83y3f 87 | GOYaq/nXV1BJnuK/26GBvKSBuTCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB 88 | MRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEd 89 | MBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVu 90 | c3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlo 91 | b3N0Lm15ZG9tYWluggkAyFdCTz5+xKAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYD 92 | VR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQBmCmxUF5KsUJHHjpafP/Qh+Efm 93 | Y6KXzo23l4ksPdnX+zwJOLfBTDXSAZ/ICoTSAu8OoC1RyVxa2trydkPhs8kVjv5T 94 | txsycII7rLg64ADWwFOZSB5GXTNAbO0UKirFMsnnmtjjgtOxalQAlJanSq9IawoL 95 | 6AZ0QAuuWiUJQv5xUQNbfp5D/lr4wUtLVdaCFkHsI3UzPRyBvSZ6NgzN87Z04sQV 96 | 6e0AtfnktrNZ3bm+zDmym6bmW+MZ9/4ojg8AqTocrPEGGQYjLiR/feU7EVajj6qT 97 | uBvZsLLNMxNwQ0wUfIDacqdt5T168sRLk3BabiLJi8royzjWE9sOj89L8bed 98 | -----END CERTIFICATE----- 99 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/files/default/test1.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEA1Li9jBSFx6/h0eIGpkOqphj0WKFyiu4VtDJe0kytcWcg0+tO 3 | hmJR6O9jEHfC9w6FlKY09Ze9jTEqmHEgSZCwcYc+BRr2IKY89oMB/GilCy7cyUCU 4 | UGFmVs8Z4bd5bex8mTyJUTVl31hU0r7/P7CLbAF5ThGi+NAeGPQkfqUK0jt1QpUE 5 | iNwR7jYuE96iTnxJcRItI9d5aHju6LS8Qt8ho0vMDUhu/tAuPlQlZaWMMUxkUrrT 6 | UhmEMetYaSEh+UOBXpgjOD4L5CYms+iB4uWSVqowg8Qokz8AfT+q6ex1hO7+N7UI 7 | JSq/fo3xno7bp4A+1qeLgM751uveghnzo7bG6wIDAQABAoIBAQCuJfQfuyluumIA 8 | Zq+U7G7HfkSETuAsNxATru0L8/RGk+w/MjPeNp3iOiD6+WDmy7+2W3+d1DU9YxQB 9 | KxQIxeh9eP/gRBtdzVq5YbV9g9oiVqIwLKt/Rs32oaQJsyA5StMSzImKr1GQUItY 10 | 4T6sUIdDy80Yib3HPvJ08WLzP4ClbMPCcWbfABpqoQZneYCK7ggAUN3ImS8YSQhq 11 | YHywEa16d8L9I6YCTbSS8vI34XrEXrihIlEx61FC6v1kaXPj4ETiyqO+CUSkrJlE 12 | tZt/8b4HFA2p17AeBUH/aNi2/ZY7AEoVaYlle+1MkBnacxrmj4ZLLfDXXGHevK+b 13 | fIL/VKRhAoGBAO2J3yBBF+zh5lGCTlYkFgi8bJ1Y5M4JcflTrtO9bFvAQRkwuT9m 14 | Zl9yjomISvzHW8UnLoAfiCg9/xjJG6zEAT4j1xzubSBrfsdarz8PDvKXrQ+sJp9D 15 | du4LkOIVv18mNlIAhl/CYDAW1lWJzCNR4VCYz3ZMF1W22h78LOLZDD0xAoGBAOVB 16 | GuLwChFPYaYzbKLP7RfHmW/ky3WiKQJrhZrg3dwWZ5/S+uZMHX1ki4B98QS71+4E 17 | qVabourGKL0nalQfH6DOUkcdOPdtv/94c/3BCbO14AFAVObKIMW2RIKuMb98GK61 18 | KJqQJFIg432DS4xAyW9aMwtzpXOQ7yYo8fao0c7bAoGACpgqnnqowYT1y87fBZKI 19 | dQ1KXt43HkVnkvI7ivAY5CK4BJKawIwlpr4qQ1IT3iBaJHnx5f8CCKFzPjzCAjuf 20 | vpDEqGKt9VM2DVgrFsnqJcHEEz3fXx0YMdfMN3k21tyScafaVm0J8zshhiEmPLEL 21 | NpgKMMGGDOmh4t3mdputoxECgYEA2eVheqUPzJgYhfGGpdDe1qU97x4VS79PHx+3 22 | Ixfrhw48e6n6Ev3xYYc5GG2bsRYhC/eeQ9U1qdOiUPavlzjlxN+VUEY0KOhFfrmr 23 | 9VmOsSKCwG22xI0FTSYKQ/LxEcEPbK5+4zlxbCYaUueB3NKPIqkmrxHCBe+RfkGY 24 | iQq4L9UCgYA7Zk3UVSdHh2PjAES2PXgIWevbT1L4Lr5w1Aqw21uaCB7K5ibRiaWm 25 | 4zgTjVY4+HAmzJSPTF/G4AjHHdVnbWMCsjUqDLvA5zrX+gPHCyVj5yjTF4npH1AN 26 | 3jz0ZiGxYoZ5LTdbNbeG12yEsojVg6pd+faW7mccVI8T7yrjrpbf3Q== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/files/default/test2-ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFEjCCA/qgAwIBAgIJAMhXQk8+fsSgMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD 3 | VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG 4 | A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p 5 | dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw 6 | HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTMwMjIxMjMwNDM3 7 | WhcNMjMwMjE5MjMwNDM3WjCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw 8 | EwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsG 9 | A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv 10 | biBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0 11 | Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUjipiJn 12 | Kfa81hjmfBP1OlNJfGIebMCNzrvvMhdrBUP+iEuv8hxd+Cv8O/3r/CxGBuHqYFU/ 13 | 05dF9guVeJ6q9wYFimRVjoMAvB6rHVBouLFO8bxtiKKmQ7R7lEVgyvAYuDeeiQmg 14 | pAqwEioSNTskEtLT0vHf5KPkHGtbHLlAWaeVOA41Ksfc46uSbz29jDvAHFECOU0U 15 | 8JXkUFZp+r/H0lw66al275TpO1JNaP4mKTzXRYKEseRIAwDeV20h+phrH331lguj 16 | 0g5gDVEohPR2zLfXmT4PxAaUffyr5nkM7lieKvVcnU3bF0ACJyGOC1b1YtkPKx5s 17 | DHpm3A/ZDnmc5QIDAQABo4IBHzCCARswHQYDVR0OBBYEFObotfzfLd8Y5hqr+ddX 18 | UEme4r/bMIHrBgNVHSMEgeMwgeCAFObotfzfLd8Y5hqr+ddXUEme4r/boYG8pIG5 19 | MIG2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5j 20 | aXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXph 21 | dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF 22 | YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQDIV0JP 23 | Pn7EoDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCER8yRCqsGfE1o 24 | q4f6aui1qqlS6y8oxr0B2xKYFOnvje8n/qjSdo3t8hmr+7HNgGV77O0H6lyYxVBs 25 | a3N7hHyTjAvGC6BSWtNFIcHV9FeJf8J3MV0skbVra9HaCSEZDym/6SDOQw4hEuQ6 26 | jc9udQkPniVDokcacdnU/ccCFSTH1VHnwzNf04/i8KhUgeoIrd2dnwwtjm/8/2hE 27 | Uuq5GT8k5YDHKbiy/Dtuq/Esgqc/ayqLgvJ29qjOCsyjEyhad09peNdsD9II1XEv 28 | +0zTpS77LD3pPWuUDF6SHO4imJ1uw/W+WX6rVq2uUiiyE1T/pjWXotMBNJ+5007p 29 | o0crd/Vq 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/files/default/test2.crt: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 1 (0x1) 5 | Signature Algorithm: sha256WithRSAEncryption 6 | Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain 7 | Validity 8 | Not Before: Feb 21 23:05:34 2013 GMT 9 | Not After : Feb 19 23:05:34 2023 GMT 10 | Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server/name=EasyRSA/emailAddress=me@myhost.mydomain 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | RSA Public Key: (2048 bit) 14 | Modulus (2048 bit): 15 | 00:d4:b8:bd:8c:14:85:c7:af:e1:d1:e2:06:a6:43: 16 | aa:a6:18:f4:58:a1:72:8a:ee:15:b4:32:5e:d2:4c: 17 | ad:71:67:20:d3:eb:4e:86:62:51:e8:ef:63:10:77: 18 | c2:f7:0e:85:94:a6:34:f5:97:bd:8d:31:2a:98:71: 19 | 20:49:90:b0:71:87:3e:05:1a:f6:20:a6:3c:f6:83: 20 | 01:fc:68:a5:0b:2e:dc:c9:40:94:50:61:66:56:cf: 21 | 19:e1:b7:79:6d:ec:7c:99:3c:89:51:35:65:df:58: 22 | 54:d2:be:ff:3f:b0:8b:6c:01:79:4e:11:a2:f8:d0: 23 | 1e:18:f4:24:7e:a5:0a:d2:3b:75:42:95:04:88:dc: 24 | 11:ee:36:2e:13:de:a2:4e:7c:49:71:12:2d:23:d7: 25 | 79:68:78:ee:e8:b4:bc:42:df:21:a3:4b:cc:0d:48: 26 | 6e:fe:d0:2e:3e:54:25:65:a5:8c:31:4c:64:52:ba: 27 | d3:52:19:84:31:eb:58:69:21:21:f9:43:81:5e:98: 28 | 23:38:3e:0b:e4:26:26:b3:e8:81:e2:e5:92:56:aa: 29 | 30:83:c4:28:93:3f:00:7d:3f:aa:e9:ec:75:84:ee: 30 | fe:37:b5:08:25:2a:bf:7e:8d:f1:9e:8e:db:a7:80: 31 | 3e:d6:a7:8b:80:ce:f9:d6:eb:de:82:19:f3:a3:b6: 32 | c6:eb 33 | Exponent: 65537 (0x10001) 34 | X509v3 extensions: 35 | X509v3 Basic Constraints: 36 | CA:FALSE 37 | Netscape Cert Type: 38 | SSL Server 39 | Netscape Comment: 40 | Easy-RSA Generated Server Certificate 41 | X509v3 Subject Key Identifier: 42 | 18:32:6C:0C:1C:FB:8E:72:7E:6E:D8:46:1D:53:33:7C:C8:D1:FE:9C 43 | X509v3 Authority Key Identifier: 44 | keyid:E6:E8:B5:FC:DF:2D:DF:18:E6:1A:AB:F9:D7:57:50:49:9E:E2:BF:DB 45 | DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain 46 | serial:C8:57:42:4F:3E:7E:C4:A0 47 | 48 | X509v3 Extended Key Usage: 49 | TLS Web Server Authentication 50 | X509v3 Key Usage: 51 | Digital Signature, Key Encipherment 52 | Signature Algorithm: sha256WithRSAEncryption 53 | 66:0a:6c:54:17:92:ac:50:91:c7:8e:96:9f:3f:f4:21:f8:47: 54 | e6:63:a2:97:ce:8d:b7:97:89:2c:3d:d9:d7:fb:3c:09:38:b7: 55 | c1:4c:35:d2:01:9f:c8:0a:84:d2:02:ef:0e:a0:2d:51:c9:5c: 56 | 5a:da:da:f2:76:43:e1:b3:c9:15:8e:fe:53:b7:1b:32:70:82: 57 | 3b:ac:b8:3a:e0:00:d6:c0:53:99:48:1e:46:5d:33:40:6c:ed: 58 | 14:2a:2a:c5:32:c9:e7:9a:d8:e3:82:d3:b1:6a:54:00:94:96: 59 | a7:4a:af:48:6b:0a:0b:e8:06:74:40:0b:ae:5a:25:09:42:fe: 60 | 71:51:03:5b:7e:9e:43:fe:5a:f8:c1:4b:4b:55:d6:82:16:41: 61 | ec:23:75:33:3d:1c:81:bd:26:7a:36:0c:cd:f3:b6:74:e2:c4: 62 | 15:e9:ed:00:b5:f9:e4:b6:b3:59:dd:b9:be:cc:39:b2:9b:a6: 63 | e6:5b:e3:19:f7:fe:28:8e:0f:00:a9:3a:1c:ac:f1:06:19:06: 64 | 23:2e:24:7f:7d:e5:3b:11:56:a3:8f:aa:93:b8:1b:d9:b0:b2: 65 | cd:33:13:70:43:4c:14:7c:80:da:72:a7:6d:e5:3d:7a:f2:c4: 66 | 4b:93:70:5a:6e:22:c9:8b:ca:e8:cb:38:d6:13:db:0e:8f:cf: 67 | 4b:f1:b7:9d 68 | -----BEGIN CERTIFICATE----- 69 | MIIFaTCCBFGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx 70 | CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv 71 | cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV 72 | BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 73 | DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTEzMDIyMTIzMDUzNFoXDTIzMDIx 74 | OTIzMDUzNFowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM 75 | U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 76 | T3JnYW5pemF0aW9uYWxVbml0MQ8wDQYDVQQDEwZzZXJ2ZXIxEDAOBgNVBCkTB0Vh 77 | c3lSU0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCCASIwDQYJ 78 | KoZIhvcNAQEBBQADggEPADCCAQoCggEBANS4vYwUhcev4dHiBqZDqqYY9Fihcoru 79 | FbQyXtJMrXFnINPrToZiUejvYxB3wvcOhZSmNPWXvY0xKphxIEmQsHGHPgUa9iCm 80 | PPaDAfxopQsu3MlAlFBhZlbPGeG3eW3sfJk8iVE1Zd9YVNK+/z+wi2wBeU4RovjQ 81 | Hhj0JH6lCtI7dUKVBIjcEe42LhPeok58SXESLSPXeWh47ui0vELfIaNLzA1Ibv7Q 82 | Lj5UJWWljDFMZFK601IZhDHrWGkhIflDgV6YIzg+C+QmJrPogeLlklaqMIPEKJM/ 83 | AH0/qunsdYTu/je1CCUqv36N8Z6O26eAPtani4DO+dbr3oIZ86O2xusCAwEAAaOC 84 | AYcwggGDMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB 85 | DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud 86 | DgQWBBQYMmwMHPuOcn5u2EYdUzN8yNH+nDCB6wYDVR0jBIHjMIHggBTm6LX83y3f 87 | GOYaq/nXV1BJnuK/26GBvKSBuTCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB 88 | MRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEd 89 | MBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVu 90 | c3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlo 91 | b3N0Lm15ZG9tYWluggkAyFdCTz5+xKAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYD 92 | VR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQBmCmxUF5KsUJHHjpafP/Qh+Efm 93 | Y6KXzo23l4ksPdnX+zwJOLfBTDXSAZ/ICoTSAu8OoC1RyVxa2trydkPhs8kVjv5T 94 | txsycII7rLg64ADWwFOZSB5GXTNAbO0UKirFMsnnmtjjgtOxalQAlJanSq9IawoL 95 | 6AZ0QAuuWiUJQv5xUQNbfp5D/lr4wUtLVdaCFkHsI3UzPRyBvSZ6NgzN87Z04sQV 96 | 6e0AtfnktrNZ3bm+zDmym6bmW+MZ9/4ojg8AqTocrPEGGQYjLiR/feU7EVajj6qT 97 | uBvZsLLNMxNwQ0wUfIDacqdt5T168sRLk3BabiLJi8royzjWE9sOj89L8bed 98 | -----END CERTIFICATE----- 99 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/files/default/test2.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEA1Li9jBSFx6/h0eIGpkOqphj0WKFyiu4VtDJe0kytcWcg0+tO 3 | hmJR6O9jEHfC9w6FlKY09Ze9jTEqmHEgSZCwcYc+BRr2IKY89oMB/GilCy7cyUCU 4 | UGFmVs8Z4bd5bex8mTyJUTVl31hU0r7/P7CLbAF5ThGi+NAeGPQkfqUK0jt1QpUE 5 | iNwR7jYuE96iTnxJcRItI9d5aHju6LS8Qt8ho0vMDUhu/tAuPlQlZaWMMUxkUrrT 6 | UhmEMetYaSEh+UOBXpgjOD4L5CYms+iB4uWSVqowg8Qokz8AfT+q6ex1hO7+N7UI 7 | JSq/fo3xno7bp4A+1qeLgM751uveghnzo7bG6wIDAQABAoIBAQCuJfQfuyluumIA 8 | Zq+U7G7HfkSETuAsNxATru0L8/RGk+w/MjPeNp3iOiD6+WDmy7+2W3+d1DU9YxQB 9 | KxQIxeh9eP/gRBtdzVq5YbV9g9oiVqIwLKt/Rs32oaQJsyA5StMSzImKr1GQUItY 10 | 4T6sUIdDy80Yib3HPvJ08WLzP4ClbMPCcWbfABpqoQZneYCK7ggAUN3ImS8YSQhq 11 | YHywEa16d8L9I6YCTbSS8vI34XrEXrihIlEx61FC6v1kaXPj4ETiyqO+CUSkrJlE 12 | tZt/8b4HFA2p17AeBUH/aNi2/ZY7AEoVaYlle+1MkBnacxrmj4ZLLfDXXGHevK+b 13 | fIL/VKRhAoGBAO2J3yBBF+zh5lGCTlYkFgi8bJ1Y5M4JcflTrtO9bFvAQRkwuT9m 14 | Zl9yjomISvzHW8UnLoAfiCg9/xjJG6zEAT4j1xzubSBrfsdarz8PDvKXrQ+sJp9D 15 | du4LkOIVv18mNlIAhl/CYDAW1lWJzCNR4VCYz3ZMF1W22h78LOLZDD0xAoGBAOVB 16 | GuLwChFPYaYzbKLP7RfHmW/ky3WiKQJrhZrg3dwWZ5/S+uZMHX1ki4B98QS71+4E 17 | qVabourGKL0nalQfH6DOUkcdOPdtv/94c/3BCbO14AFAVObKIMW2RIKuMb98GK61 18 | KJqQJFIg432DS4xAyW9aMwtzpXOQ7yYo8fao0c7bAoGACpgqnnqowYT1y87fBZKI 19 | dQ1KXt43HkVnkvI7ivAY5CK4BJKawIwlpr4qQ1IT3iBaJHnx5f8CCKFzPjzCAjuf 20 | vpDEqGKt9VM2DVgrFsnqJcHEEz3fXx0YMdfMN3k21tyScafaVm0J8zshhiEmPLEL 21 | NpgKMMGGDOmh4t3mdputoxECgYEA2eVheqUPzJgYhfGGpdDe1qU97x4VS79PHx+3 22 | Ixfrhw48e6n6Ev3xYYc5GG2bsRYhC/eeQ9U1qdOiUPavlzjlxN+VUEY0KOhFfrmr 23 | 9VmOsSKCwG22xI0FTSYKQ/LxEcEPbK5+4zlxbCYaUueB3NKPIqkmrxHCBe+RfkGY 24 | iQq4L9UCgYA7Zk3UVSdHh2PjAES2PXgIWevbT1L4Lr5w1Aqw21uaCB7K5ibRiaWm 25 | 4zgTjVY4+HAmzJSPTF/G4AjHHdVnbWMCsjUqDLvA5zrX+gPHCyVj5yjTF4npH1AN 26 | 3jz0ZiGxYoZ5LTdbNbeG12yEsojVg6pd+faW7mccVI8T7yrjrpbf3Q== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/files/default/test3-ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFEjCCA/qgAwIBAgIJAMhXQk8+fsSgMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD 3 | VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG 4 | A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p 5 | dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw 6 | HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTMwMjIxMjMwNDM3 7 | WhcNMjMwMjE5MjMwNDM3WjCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw 8 | EwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsG 9 | A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv 10 | biBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0 11 | Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUjipiJn 12 | Kfa81hjmfBP1OlNJfGIebMCNzrvvMhdrBUP+iEuv8hxd+Cv8O/3r/CxGBuHqYFU/ 13 | 05dF9guVeJ6q9wYFimRVjoMAvB6rHVBouLFO8bxtiKKmQ7R7lEVgyvAYuDeeiQmg 14 | pAqwEioSNTskEtLT0vHf5KPkHGtbHLlAWaeVOA41Ksfc46uSbz29jDvAHFECOU0U 15 | 8JXkUFZp+r/H0lw66al275TpO1JNaP4mKTzXRYKEseRIAwDeV20h+phrH331lguj 16 | 0g5gDVEohPR2zLfXmT4PxAaUffyr5nkM7lieKvVcnU3bF0ACJyGOC1b1YtkPKx5s 17 | DHpm3A/ZDnmc5QIDAQABo4IBHzCCARswHQYDVR0OBBYEFObotfzfLd8Y5hqr+ddX 18 | UEme4r/bMIHrBgNVHSMEgeMwgeCAFObotfzfLd8Y5hqr+ddXUEme4r/boYG8pIG5 19 | MIG2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5j 20 | aXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXph 21 | dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF 22 | YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQDIV0JP 23 | Pn7EoDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCER8yRCqsGfE1o 24 | q4f6aui1qqlS6y8oxr0B2xKYFOnvje8n/qjSdo3t8hmr+7HNgGV77O0H6lyYxVBs 25 | a3N7hHyTjAvGC6BSWtNFIcHV9FeJf8J3MV0skbVra9HaCSEZDym/6SDOQw4hEuQ6 26 | jc9udQkPniVDokcacdnU/ccCFSTH1VHnwzNf04/i8KhUgeoIrd2dnwwtjm/8/2hE 27 | Uuq5GT8k5YDHKbiy/Dtuq/Esgqc/ayqLgvJ29qjOCsyjEyhad09peNdsD9II1XEv 28 | +0zTpS77LD3pPWuUDF6SHO4imJ1uw/W+WX6rVq2uUiiyE1T/pjWXotMBNJ+5007p 29 | o0crd/Vq 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/files/default/test3.crt: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 1 (0x1) 5 | Signature Algorithm: sha256WithRSAEncryption 6 | Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain 7 | Validity 8 | Not Before: Feb 21 23:05:34 2013 GMT 9 | Not After : Feb 19 23:05:34 2023 GMT 10 | Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server/name=EasyRSA/emailAddress=me@myhost.mydomain 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | RSA Public Key: (2048 bit) 14 | Modulus (2048 bit): 15 | 00:d4:b8:bd:8c:14:85:c7:af:e1:d1:e2:06:a6:43: 16 | aa:a6:18:f4:58:a1:72:8a:ee:15:b4:32:5e:d2:4c: 17 | ad:71:67:20:d3:eb:4e:86:62:51:e8:ef:63:10:77: 18 | c2:f7:0e:85:94:a6:34:f5:97:bd:8d:31:2a:98:71: 19 | 20:49:90:b0:71:87:3e:05:1a:f6:20:a6:3c:f6:83: 20 | 01:fc:68:a5:0b:2e:dc:c9:40:94:50:61:66:56:cf: 21 | 19:e1:b7:79:6d:ec:7c:99:3c:89:51:35:65:df:58: 22 | 54:d2:be:ff:3f:b0:8b:6c:01:79:4e:11:a2:f8:d0: 23 | 1e:18:f4:24:7e:a5:0a:d2:3b:75:42:95:04:88:dc: 24 | 11:ee:36:2e:13:de:a2:4e:7c:49:71:12:2d:23:d7: 25 | 79:68:78:ee:e8:b4:bc:42:df:21:a3:4b:cc:0d:48: 26 | 6e:fe:d0:2e:3e:54:25:65:a5:8c:31:4c:64:52:ba: 27 | d3:52:19:84:31:eb:58:69:21:21:f9:43:81:5e:98: 28 | 23:38:3e:0b:e4:26:26:b3:e8:81:e2:e5:92:56:aa: 29 | 30:83:c4:28:93:3f:00:7d:3f:aa:e9:ec:75:84:ee: 30 | fe:37:b5:08:25:2a:bf:7e:8d:f1:9e:8e:db:a7:80: 31 | 3e:d6:a7:8b:80:ce:f9:d6:eb:de:82:19:f3:a3:b6: 32 | c6:eb 33 | Exponent: 65537 (0x10001) 34 | X509v3 extensions: 35 | X509v3 Basic Constraints: 36 | CA:FALSE 37 | Netscape Cert Type: 38 | SSL Server 39 | Netscape Comment: 40 | Easy-RSA Generated Server Certificate 41 | X509v3 Subject Key Identifier: 42 | 18:32:6C:0C:1C:FB:8E:72:7E:6E:D8:46:1D:53:33:7C:C8:D1:FE:9C 43 | X509v3 Authority Key Identifier: 44 | keyid:E6:E8:B5:FC:DF:2D:DF:18:E6:1A:AB:F9:D7:57:50:49:9E:E2:BF:DB 45 | DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain 46 | serial:C8:57:42:4F:3E:7E:C4:A0 47 | 48 | X509v3 Extended Key Usage: 49 | TLS Web Server Authentication 50 | X509v3 Key Usage: 51 | Digital Signature, Key Encipherment 52 | Signature Algorithm: sha256WithRSAEncryption 53 | 66:0a:6c:54:17:92:ac:50:91:c7:8e:96:9f:3f:f4:21:f8:47: 54 | e6:63:a2:97:ce:8d:b7:97:89:2c:3d:d9:d7:fb:3c:09:38:b7: 55 | c1:4c:35:d2:01:9f:c8:0a:84:d2:02:ef:0e:a0:2d:51:c9:5c: 56 | 5a:da:da:f2:76:43:e1:b3:c9:15:8e:fe:53:b7:1b:32:70:82: 57 | 3b:ac:b8:3a:e0:00:d6:c0:53:99:48:1e:46:5d:33:40:6c:ed: 58 | 14:2a:2a:c5:32:c9:e7:9a:d8:e3:82:d3:b1:6a:54:00:94:96: 59 | a7:4a:af:48:6b:0a:0b:e8:06:74:40:0b:ae:5a:25:09:42:fe: 60 | 71:51:03:5b:7e:9e:43:fe:5a:f8:c1:4b:4b:55:d6:82:16:41: 61 | ec:23:75:33:3d:1c:81:bd:26:7a:36:0c:cd:f3:b6:74:e2:c4: 62 | 15:e9:ed:00:b5:f9:e4:b6:b3:59:dd:b9:be:cc:39:b2:9b:a6: 63 | e6:5b:e3:19:f7:fe:28:8e:0f:00:a9:3a:1c:ac:f1:06:19:06: 64 | 23:2e:24:7f:7d:e5:3b:11:56:a3:8f:aa:93:b8:1b:d9:b0:b2: 65 | cd:33:13:70:43:4c:14:7c:80:da:72:a7:6d:e5:3d:7a:f2:c4: 66 | 4b:93:70:5a:6e:22:c9:8b:ca:e8:cb:38:d6:13:db:0e:8f:cf: 67 | 4b:f1:b7:9d 68 | -----BEGIN CERTIFICATE----- 69 | MIIFaTCCBFGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx 70 | CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv 71 | cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV 72 | BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 73 | DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTEzMDIyMTIzMDUzNFoXDTIzMDIx 74 | OTIzMDUzNFowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM 75 | U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 76 | T3JnYW5pemF0aW9uYWxVbml0MQ8wDQYDVQQDEwZzZXJ2ZXIxEDAOBgNVBCkTB0Vh 77 | c3lSU0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCCASIwDQYJ 78 | KoZIhvcNAQEBBQADggEPADCCAQoCggEBANS4vYwUhcev4dHiBqZDqqYY9Fihcoru 79 | FbQyXtJMrXFnINPrToZiUejvYxB3wvcOhZSmNPWXvY0xKphxIEmQsHGHPgUa9iCm 80 | PPaDAfxopQsu3MlAlFBhZlbPGeG3eW3sfJk8iVE1Zd9YVNK+/z+wi2wBeU4RovjQ 81 | Hhj0JH6lCtI7dUKVBIjcEe42LhPeok58SXESLSPXeWh47ui0vELfIaNLzA1Ibv7Q 82 | Lj5UJWWljDFMZFK601IZhDHrWGkhIflDgV6YIzg+C+QmJrPogeLlklaqMIPEKJM/ 83 | AH0/qunsdYTu/je1CCUqv36N8Z6O26eAPtani4DO+dbr3oIZ86O2xusCAwEAAaOC 84 | AYcwggGDMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB 85 | DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud 86 | DgQWBBQYMmwMHPuOcn5u2EYdUzN8yNH+nDCB6wYDVR0jBIHjMIHggBTm6LX83y3f 87 | GOYaq/nXV1BJnuK/26GBvKSBuTCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB 88 | MRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEd 89 | MBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVu 90 | c3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlo 91 | b3N0Lm15ZG9tYWluggkAyFdCTz5+xKAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYD 92 | VR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQBmCmxUF5KsUJHHjpafP/Qh+Efm 93 | Y6KXzo23l4ksPdnX+zwJOLfBTDXSAZ/ICoTSAu8OoC1RyVxa2trydkPhs8kVjv5T 94 | txsycII7rLg64ADWwFOZSB5GXTNAbO0UKirFMsnnmtjjgtOxalQAlJanSq9IawoL 95 | 6AZ0QAuuWiUJQv5xUQNbfp5D/lr4wUtLVdaCFkHsI3UzPRyBvSZ6NgzN87Z04sQV 96 | 6e0AtfnktrNZ3bm+zDmym6bmW+MZ9/4ojg8AqTocrPEGGQYjLiR/feU7EVajj6qT 97 | uBvZsLLNMxNwQ0wUfIDacqdt5T168sRLk3BabiLJi8royzjWE9sOj89L8bed 98 | -----END CERTIFICATE----- 99 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/files/default/test3.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEA1Li9jBSFx6/h0eIGpkOqphj0WKFyiu4VtDJe0kytcWcg0+tO 3 | hmJR6O9jEHfC9w6FlKY09Ze9jTEqmHEgSZCwcYc+BRr2IKY89oMB/GilCy7cyUCU 4 | UGFmVs8Z4bd5bex8mTyJUTVl31hU0r7/P7CLbAF5ThGi+NAeGPQkfqUK0jt1QpUE 5 | iNwR7jYuE96iTnxJcRItI9d5aHju6LS8Qt8ho0vMDUhu/tAuPlQlZaWMMUxkUrrT 6 | UhmEMetYaSEh+UOBXpgjOD4L5CYms+iB4uWSVqowg8Qokz8AfT+q6ex1hO7+N7UI 7 | JSq/fo3xno7bp4A+1qeLgM751uveghnzo7bG6wIDAQABAoIBAQCuJfQfuyluumIA 8 | Zq+U7G7HfkSETuAsNxATru0L8/RGk+w/MjPeNp3iOiD6+WDmy7+2W3+d1DU9YxQB 9 | KxQIxeh9eP/gRBtdzVq5YbV9g9oiVqIwLKt/Rs32oaQJsyA5StMSzImKr1GQUItY 10 | 4T6sUIdDy80Yib3HPvJ08WLzP4ClbMPCcWbfABpqoQZneYCK7ggAUN3ImS8YSQhq 11 | YHywEa16d8L9I6YCTbSS8vI34XrEXrihIlEx61FC6v1kaXPj4ETiyqO+CUSkrJlE 12 | tZt/8b4HFA2p17AeBUH/aNi2/ZY7AEoVaYlle+1MkBnacxrmj4ZLLfDXXGHevK+b 13 | fIL/VKRhAoGBAO2J3yBBF+zh5lGCTlYkFgi8bJ1Y5M4JcflTrtO9bFvAQRkwuT9m 14 | Zl9yjomISvzHW8UnLoAfiCg9/xjJG6zEAT4j1xzubSBrfsdarz8PDvKXrQ+sJp9D 15 | du4LkOIVv18mNlIAhl/CYDAW1lWJzCNR4VCYz3ZMF1W22h78LOLZDD0xAoGBAOVB 16 | GuLwChFPYaYzbKLP7RfHmW/ky3WiKQJrhZrg3dwWZ5/S+uZMHX1ki4B98QS71+4E 17 | qVabourGKL0nalQfH6DOUkcdOPdtv/94c/3BCbO14AFAVObKIMW2RIKuMb98GK61 18 | KJqQJFIg432DS4xAyW9aMwtzpXOQ7yYo8fao0c7bAoGACpgqnnqowYT1y87fBZKI 19 | dQ1KXt43HkVnkvI7ivAY5CK4BJKawIwlpr4qQ1IT3iBaJHnx5f8CCKFzPjzCAjuf 20 | vpDEqGKt9VM2DVgrFsnqJcHEEz3fXx0YMdfMN3k21tyScafaVm0J8zshhiEmPLEL 21 | NpgKMMGGDOmh4t3mdputoxECgYEA2eVheqUPzJgYhfGGpdDe1qU97x4VS79PHx+3 22 | Ixfrhw48e6n6Ev3xYYc5GG2bsRYhC/eeQ9U1qdOiUPavlzjlxN+VUEY0KOhFfrmr 23 | 9VmOsSKCwG22xI0FTSYKQ/LxEcEPbK5+4zlxbCYaUueB3NKPIqkmrxHCBe+RfkGY 24 | iQq4L9UCgYA7Zk3UVSdHh2PjAES2PXgIWevbT1L4Lr5w1Aqw21uaCB7K5ibRiaWm 25 | 4zgTjVY4+HAmzJSPTF/G4AjHHdVnbWMCsjUqDLvA5zrX+gPHCyVj5yjTF4npH1AN 26 | 3jz0ZiGxYoZ5LTdbNbeG12yEsojVg6pd+faW7mccVI8T7yrjrpbf3Q== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/metadata.rb: -------------------------------------------------------------------------------- 1 | name "openvpn_test" 2 | maintainer "Christian Nicolai" 3 | maintainer_email "cn@mycrobase.de" 4 | license "Apache 2.0" 5 | description "" 6 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 7 | version "1.0.0" 8 | 9 | depends "openvpn" 10 | 11 | supports "debian" 12 | supports "ubuntu" 13 | -------------------------------------------------------------------------------- /test/kitchen/cookbooks/openvpn_test/recipes/default.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cmur2/chef-openvpn/1ff457229a265b1fbfdad1057b8d1797ea1f32b3/test/kitchen/cookbooks/openvpn_test/recipes/default.rb --------------------------------------------------------------------------------