tests real vpn client/server setup

.travis.yml

@@ -28,127 +28,127 @@ matrix:
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1804-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1804-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-ubuntu1804-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1804-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1804-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-ubuntu1804-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=ubuntu1804-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=ubuntu1804-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-ubuntu1804-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta}  CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1604-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1604-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-ubuntu1604-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1604-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1604-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-ubuntu1604-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=ubuntu1604-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=ubuntu1604-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-ubuntu1604-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1404-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1404-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-ubuntu1604-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1404-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1404-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-ubuntu1604-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=ubuntu1404-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=ubuntu1404-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-ubuntu1604-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=centos7-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=centos7-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-centos7-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=centos7-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=centos7-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-centos7-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=centos7-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=centos7-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-centos7-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=centos6-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=centos6-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-centos7-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=centos6-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=centos6-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-centos7-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=centos6-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=centos6-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-centos7-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian9-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian9-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-debian9-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian9-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian9-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-debian9-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=debian9-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=debian9-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-debian9-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian8-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian8-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-debian8-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian8-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian8-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-debian8-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
   - rvm: 2.5.1
     bundler_args: --without development release
     dist: trusty
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=debian8-64{hypervisor=docker} CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6-nightly BEAKER_debug=true BEAKER_setfile=debian8-64vpnserver.ma{hypervisor=docker\,hostname=vpnserver}-debian8-64vpnclienta.a{hypervisor=docker\,hostname=vpnclienta} CHECK=beaker
     services: docker
     sudo: required
 branches:

README.md

@@ -26,15 +26,14 @@ Puppet module to manage OpenVPN servers and clients.
 * Debian
 * CentOS
 * RedHat
-* Amazon
 
 ## Dependencies
   - [puppetlabs-concat 3.0.0+](https://github.com/puppetlabs/puppetlabs-concat)
   - [puppetlabs-stdlib 4.25.0+](https://github.com/puppetlabs/puppetlabs-stdlib)
 
 ## Puppet
 
-* Version >= 4.7.1
+* Version >= 4.25.0
 
 ## Example
 
@@ -126,8 +125,7 @@ Don't forget the sysctl directive ```net.ipv4.ip_forward```!
 
 ## Encryption Choices
 
-This module provides certain default parameters for the openvpn encryption
-settings.
+This module provides certain default parameters for the openvpn encryption settings.
 
 These settings have been applied in line with current "best practices" but no
 guarantee is given for their saftey and they could change in future.
@@ -169,7 +167,6 @@ This setting also affects the size of the dhparam file.
 > 2048 bits is OK, but both [NSA](https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf) and [ANSSI](https://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf) recommend at least a 3072 bits for a future-proof key. As the size of the key will have an impact on speed, I leave the choice to use 2048, 3072 or 4096 bits RSA key. 4096 bits is what's most used and recommened today, but 3072 bits is still good.
 
 
-
 ### Cipher
 
 The default data channel cipher is now set to `AES-256-CBC`
@@ -180,18 +177,16 @@ OpenVPN was setting its default value to `BF-CBC`. In newer versions of OpenVPN
 it warns that this is no longer a secure cipher.
 The OpenVPN documentation recommends using this setting.
 
-
-
 ### tls_cipher
 
 The default tls_cipher option is now set to: `TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256`
 
 ##### Why
 
-Details of these ciphers and their uses can be found in the documentation links
-above.
-
+Details of these ciphers and their uses can be found in the documentation links above.
 
+Note : TLS ciphers suites shipped with OSes ubuntu14.04 and debian8 are too old compared to our default values.
+If these OSes hosts the server with clients more moderns, you will probably have to use custom value for option `tls_cipher`.
 
 ## Contributions