Forge Home


Installs and configures an OpenSwan VPN server for use for iOS and OSX devices


9,418 latest version

2.9 quality score

Version information

  • 0.1.0 (latest)
released Aug 31st 2014

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'rogierslag-openswan', '0.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add rogierslag-openswan
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install rogierslag-openswan --version 0.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



rogierslag/openswan — version 0.1.0 Aug 31st 2014


Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with openswan
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module


This module allows for an easy VPN server configuration. This is especially useful for mobile devices, it works out-of-the-box with iOS and OSX.

Module Description

The module installs a server, which you can also configure through the module. Furthermore, users can be added directly with their respective passwords.


What openswan affects

  • OpenSWAN
  • Sysctl
  • Iptables
  • ppp

Beginning with openswan

Just install the module and call it, just set the IP and gateway of your server and define a secret. Next you can use the users class to add any user to the system


class { 'openswan': ip => $::ipaddress_eth0, gateway => '', secret => 'somerandomstring', range => 100, block => 2 }

This creates an openswan server on the IP of eth0 with the specified gatewy (since facter cannot determine the gateway, you will have to provide it yourself). Additionally a random string is defined. The block and range combination yield the VPN ip's to be in the range of If you'd like to use the 10.x.x.x range, provide block => 1 instead. This will yield an VPN ip range o f10.100.100.1-

Fair word of warning: the range you specify here should not be in use on any of the NAT layers you may be connecting through, or the VPN cannot be built! Hence if your internal home network uses 192.168.178.x, you cannot use this range. Because of this reason, the module defaults to the range (I have not seen this one in use so decided it was a safe bet).


In case you have any suggestions or problems, please create an issue directly on Github.