From 0c159b85f9b810859a51d06088c5e0cd2ba5fefb Mon Sep 17 00:00:00 2001 From: Frank Lichtenheld Date: Tue, 3 Jun 2025 14:22:55 +0200 Subject: [PATCH] server: Support multiple "local" options Starting with OpenVPN 2.7 "local" can be specified multiple times (with differing addresses/ports/protocols). Signed-off-by: Frank Lichtenheld --- REFERENCE.md | 4 ++-- manifests/server.pp | 4 ++-- spec/defines/openvpn_server_spec.rb | 37 +++++++++++++++++++++++++++++ templates/server.erb | 7 ++++-- 4 files changed, 46 insertions(+), 6 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 92d83e53..511438b9 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1188,9 +1188,9 @@ Default value: `false` ##### `local` -Data type: `String` +Data type: `Variant[String, Array[String]]` -Interface for openvpn to bind to. +Interface(s) for openvpn to bind to. To use the array form you need OpenVPN 2.7 or newer. Default value: `$facts['networking']['ip']` diff --git a/manifests/server.pp b/manifests/server.pp index bc1102bc..fb7a36b7 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -17,7 +17,7 @@ # @param group User to drop privileges to after startup # @param ipp Persist ifconfig information to a file to retain client IP addresses between sessions # @param duplicate_cn Allow multiple connections on one cn -# @param local Interface for openvpn to bind to. +# @param local Interface(s) for openvpn to bind to. To use the array form you need OpenVPN 2.7 or newer. # @param logfile Logfile for this openvpn server # @param manage_logfile_directory Manage the directory that the logfile is located in # @param logdirectory_user The owner user of the logfile directory @@ -163,7 +163,7 @@ Optional[String] $group = undef, Boolean $ipp = false, Boolean $duplicate_cn = false, - String $local = $facts['networking']['ip'], + Variant[String, Array[String]] $local = $facts['networking']['ip'], Variant[Boolean, String] $logfile = false, Boolean $manage_logfile_directory = false, String[1] $logdirectory_user = 'nobody', diff --git a/spec/defines/openvpn_server_spec.rb b/spec/defines/openvpn_server_spec.rb index 3bf18db0..62e587ce 100644 --- a/spec/defines/openvpn_server_spec.rb +++ b/spec/defines/openvpn_server_spec.rb @@ -201,6 +201,43 @@ it { is_expected.to contain_file("#{server_directory}/test_server.conf").with_content(%r{^rcvbuf\s+393215$}) } end + context 'with empty local' do + let(:params) do + { + 'country' => 'CO', + 'province' => 'ST', + 'city' => 'Some City', + 'organization' => 'example.org', + 'email' => 'testemail@example.org', + 'local' => '', + } + end + + it { + is_expected.to contain_file("#{server_directory}/test_server.conf"). + without_content(%r{^local}) + } + end + + context 'with array local' do + let(:params) do + { + 'country' => 'CO', + 'province' => 'ST', + 'city' => 'Some City', + 'organization' => 'example.org', + 'email' => 'testemail@example.org', + 'local' => ['1.2.3.4 1194 udp4', '1111::2:3:4 1194 udp6'], + } + end + + it { + is_expected.to contain_file("#{server_directory}/test_server.conf"). + with_content(%r{^local\s+1\.2\.3\.4 1194 udp4}). + with_content(%r{^local\s+1111::2:3:4 1194 udp6}) + } + end + %w[udp tcp udp4 tcp4 udp6 tcp6].each do |proto| context "with proto=#{proto}" do let(:params) do diff --git a/templates/server.erb b/templates/server.erb index 8638804a..6586b639 100644 --- a/templates/server.erb +++ b/templates/server.erb @@ -88,8 +88,11 @@ status <%= @status_log %> status-version <%= @status_version %> <% end -%> dev <%= @dev %> -<% if @local != '' -%> -local <%= @local %> +<% @local = [@local] unless @local.kind_of?(Array) -%> +<% @local.each do |item| -%> +<% if item != '' -%> +local <%= item %> +<% end -%> <% end -%> <% if @ipp -%> ifconfig-pool-persist <%= @name %>/vpn-ipp.txt