sebschrader/openvpn.yml

## openvpn.yml
openvpn_virtual_server_defaults: &openvpn_virtual_server_defaults
  port: 1194
  scheduler: wlc
  type: tun
  method: NAT
  control_cipher: AES-256-GCM
  control_mac: SHA384
  tunnel_mtu: 1400
  # Renegotiate after half a day
  renegotiation_interval: 43200
  ecdh_curve: secp384r1
  tls12_ciphers: TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
  tls13_ciphers: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
  client_verbosity: 4
  server_verbosity: 4

openvpn_virtual_servers:
  - <<: *openvpn_virtual_server_defaults
    name: default-udp
    protocol: udp
    instances: >
      [
      {# Warning: The following are Jinja2 not YAML literals  #}
      {% for vpn_id in range(16) %}
      {{ {
        "id": vpn_id,
        "name": "vpn-udp-%02d"|format(vpn_id),
        "tunnel_interface": "tun%d"|format(vpn_id),
        "tunnel_address": "10.100.%d.1/24"|format(vpn_id),
        "real_address": "10.30.10.%d"|format(vpn_id),
      } }},
      {% endfor %}
      ]
  - <<: *openvpn_virtual_server_defaults
    protocol: tcp-server
    name: default-tcp
    instances:
      - id: 16
        name: vpn-tcp-16
        tunnel_address: 10.100.16.1/24
        real_address: 10.30.10.16
        tunnel_interface: tun16

## result.yml
  openvpn_virtual_servers:
  - client_verbosity: 4
    control_cipher: AES-256-GCM
    control_mac: SHA384
    ecdh_curve: secp384r1
    instances:
    - id: 0
      name: vpn-udp-00
      real_address: 10.30.10.0
      tunnel_address: 10.100.0.1/24
      tunnel_interface: tun0
    - id: 1
      name: vpn-udp-01
      real_address: 10.30.10.1
      tunnel_address: 10.100.1.1/24
      tunnel_interface: tun1
    - id: 2
      name: vpn-udp-02
      real_address: 10.30.10.2
      tunnel_address: 10.100.2.1/24
      tunnel_interface: tun2
    - id: 3
      name: vpn-udp-03
      real_address: 10.30.10.3
      tunnel_address: 10.100.3.1/24
      tunnel_interface: tun3
    - id: 4
      name: vpn-udp-04
      real_address: 10.30.10.4
      tunnel_address: 10.100.4.1/24
      tunnel_interface: tun4
    - id: 5
      name: vpn-udp-05
      real_address: 10.30.10.5
      tunnel_address: 10.100.5.1/24
      tunnel_interface: tun5
    - id: 6
      name: vpn-udp-06
      real_address: 10.30.10.6
      tunnel_address: 10.100.6.1/24
      tunnel_interface: tun6
    - id: 7
      name: vpn-udp-07
      real_address: 10.30.10.7
      tunnel_address: 10.100.7.1/24
      tunnel_interface: tun7
    - id: 8
      name: vpn-udp-08
      real_address: 10.30.10.8
      tunnel_address: 10.100.8.1/24
      tunnel_interface: tun8
    - id: 9
      name: vpn-udp-09
      real_address: 10.30.10.9
      tunnel_address: 10.100.9.1/24
      tunnel_interface: tun9
    - id: 10
      name: vpn-udp-10
      real_address: 10.30.10.10
      tunnel_address: 10.100.10.1/24
      tunnel_interface: tun10
    - id: 11
      name: vpn-udp-11
      real_address: 10.30.10.11
      tunnel_address: 10.100.11.1/24
      tunnel_interface: tun11
    - id: 12
      name: vpn-udp-12
      real_address: 10.30.10.12
      tunnel_address: 10.100.12.1/24
      tunnel_interface: tun12
    - id: 13
      name: vpn-udp-13
      real_address: 10.30.10.13
      tunnel_address: 10.100.13.1/24
      tunnel_interface: tun13
    - id: 14
      name: vpn-udp-14
      real_address: 10.30.10.14
      tunnel_address: 10.100.14.1/24
      tunnel_interface: tun14
    - id: 15
      name: vpn-udp-15
      real_address: 10.30.10.15
      tunnel_address: 10.100.15.1/24
      tunnel_interface: tun15
    method: NAT
    name: default-udp
    port: 1194
    protocol: udp
    renegotiation_interval: 43200
    scheduler: wlc
    server_verbosity: 4
    tls12_ciphers: TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
    tls13_ciphers: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    tunnel_mtu: 1400
    type: tun
  - client_verbosity: 4
    control_cipher: AES-256-GCM
    control_mac: SHA384
    ecdh_curve: secp384r1
    instances:
    - id: 16
      name: vpn-tcp-16
      real_address: 10.30.10.16
      tunnel_address: 10.100.16.1/24
      tunnel_interface: tun16
    method: NAT
    name: default-tcp
    port: 1194
    protocol: tcp-server
    renegotiation_interval: 43200
    scheduler: wlc
    server_verbosity: 4
    tls12_ciphers: TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
    tls13_ciphers: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    tunnel_mtu: 1400
    type: tun
	openvpn_virtual_server_defaults: &openvpn_virtual_server_defaults
	port: 1194
	scheduler: wlc
	type: tun
	method: NAT
	control_cipher: AES-256-GCM
	control_mac: SHA384
	tunnel_mtu: 1400
	# Renegotiate after half a day
	renegotiation_interval: 43200
	ecdh_curve: secp384r1
	tls12_ciphers: TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
	tls13_ciphers: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
	client_verbosity: 4
	server_verbosity: 4

	openvpn_virtual_servers:
	- <<: *openvpn_virtual_server_defaults
	name: default-udp
	protocol: udp
	instances: >
	[
	{# Warning: The following are Jinja2 not YAML literals #}
	{% for vpn_id in range(16) %}
	{{ {
	"id": vpn_id,
	"name": "vpn-udp-%02d"\|format(vpn_id),
	"tunnel_interface": "tun%d"\|format(vpn_id),
	"tunnel_address": "10.100.%d.1/24"\|format(vpn_id),
	"real_address": "10.30.10.%d"\|format(vpn_id),
	} }},
	{% endfor %}
	]
	- <<: *openvpn_virtual_server_defaults
	protocol: tcp-server
	name: default-tcp
	instances:
	- id: 16
	name: vpn-tcp-16
	tunnel_address: 10.100.16.1/24
	real_address: 10.30.10.16
	tunnel_interface: tun16
	openvpn_virtual_servers:
	- client_verbosity: 4
	control_cipher: AES-256-GCM
	control_mac: SHA384
	ecdh_curve: secp384r1
	instances:
	- id: 0
	name: vpn-udp-00
	real_address: 10.30.10.0
	tunnel_address: 10.100.0.1/24
	tunnel_interface: tun0
	- id: 1
	name: vpn-udp-01
	real_address: 10.30.10.1
	tunnel_address: 10.100.1.1/24
	tunnel_interface: tun1
	- id: 2
	name: vpn-udp-02
	real_address: 10.30.10.2
	tunnel_address: 10.100.2.1/24
	tunnel_interface: tun2
	- id: 3
	name: vpn-udp-03
	real_address: 10.30.10.3
	tunnel_address: 10.100.3.1/24
	tunnel_interface: tun3
	- id: 4
	name: vpn-udp-04
	real_address: 10.30.10.4
	tunnel_address: 10.100.4.1/24
	tunnel_interface: tun4
	- id: 5
	name: vpn-udp-05
	real_address: 10.30.10.5
	tunnel_address: 10.100.5.1/24
	tunnel_interface: tun5
	- id: 6
	name: vpn-udp-06
	real_address: 10.30.10.6
	tunnel_address: 10.100.6.1/24
	tunnel_interface: tun6
	- id: 7
	name: vpn-udp-07
	real_address: 10.30.10.7
	tunnel_address: 10.100.7.1/24
	tunnel_interface: tun7
	- id: 8
	name: vpn-udp-08
	real_address: 10.30.10.8
	tunnel_address: 10.100.8.1/24
	tunnel_interface: tun8
	- id: 9
	name: vpn-udp-09
	real_address: 10.30.10.9
	tunnel_address: 10.100.9.1/24
	tunnel_interface: tun9
	- id: 10
	name: vpn-udp-10
	real_address: 10.30.10.10
	tunnel_address: 10.100.10.1/24
	tunnel_interface: tun10
	- id: 11
	name: vpn-udp-11
	real_address: 10.30.10.11
	tunnel_address: 10.100.11.1/24
	tunnel_interface: tun11
	- id: 12
	name: vpn-udp-12
	real_address: 10.30.10.12
	tunnel_address: 10.100.12.1/24
	tunnel_interface: tun12
	- id: 13
	name: vpn-udp-13
	real_address: 10.30.10.13
	tunnel_address: 10.100.13.1/24
	tunnel_interface: tun13
	- id: 14
	name: vpn-udp-14
	real_address: 10.30.10.14
	tunnel_address: 10.100.14.1/24
	tunnel_interface: tun14
	- id: 15
	name: vpn-udp-15
	real_address: 10.30.10.15
	tunnel_address: 10.100.15.1/24
	tunnel_interface: tun15
	method: NAT
	name: default-udp
	port: 1194
	protocol: udp
	renegotiation_interval: 43200
	scheduler: wlc
	server_verbosity: 4
	tls12_ciphers: TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
	tls13_ciphers: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
	tunnel_mtu: 1400
	type: tun
	- client_verbosity: 4
	control_cipher: AES-256-GCM
	control_mac: SHA384
	ecdh_curve: secp384r1
	instances:
	- id: 16
	name: vpn-tcp-16
	real_address: 10.30.10.16
	tunnel_address: 10.100.16.1/24
	tunnel_interface: tun16
	method: NAT
	name: default-tcp
	port: 1194
	protocol: tcp-server
	renegotiation_interval: 43200
	scheduler: wlc
	server_verbosity: 4
	tls12_ciphers: TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
	tls13_ciphers: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
	tunnel_mtu: 1400
	type: tun