diff --git a/cookbooks-override/ariadne/recipes/default.rb b/cookbooks-override/ariadne/recipes/default.rb
index 281728e..d547fdc 100644
--- a/cookbooks-override/ariadne/recipes/default.rb
+++ b/cookbooks-override/ariadne/recipes/default.rb
@@ -19,6 +19,16 @@
 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
+# If varnish recipe is in run-list, set template for correct version of varnish.
+if node.run_list.expand(node.chef_environment, 'disk').recipes.include?("varnish::default")
+  case node['varnish']['version']
+  when "2.0", "2.1"
+    set.node['varnish']['vcl_source'] = "drupal-varnish2.vcl.erb"
+  when "3.0"
+    set.node['varnish']['vcl_source'] = "drupal-varnish3.vcl.erb"
+  end
+end
+
 # Drush can't create when run by vagrant user
 directory "/tmp/drush" do
   owner "vagrant"
diff --git a/cookbooks-override/varnish/templates/default/default.vcl.erb b/cookbooks-override/ariadne/templates/default/drupal-varnish2.vcl.erb
similarity index 90%
rename from cookbooks-override/varnish/templates/default/default.vcl.erb
rename to cookbooks-override/ariadne/templates/default/drupal-varnish2.vcl.erb
index ae08865..0bef708 100644
--- a/cookbooks-override/varnish/templates/default/default.vcl.erb
+++ b/cookbooks-override/ariadne/templates/default/drupal-varnish2.vcl.erb
@@ -1,8 +1,8 @@
 #
 # Generated by Chef
 #
-# Based on the Drupal default.vcl for Varnish 2.1:
-# https://wiki.fourkitchens.com/pages/viewpage.action?pageId=22874789
+# Based on the Drupal default.vcl for Varnish 2.x:
+# https://pressflow.atlassian.net/wiki/pages/viewpreviousversions.action?pageId=589831
 
 backend default {
   .host = "<%= node['varnish']['backend_host'] %>";
@@ -11,7 +11,7 @@ backend default {
   .first_byte_timeout = 600s;
   .between_bytes_timeout = 600s;
 }
- 
+
 sub vcl_recv {
   if (req.request != "GET" &&
     req.request != "HEAD" &&
@@ -23,15 +23,15 @@ sub vcl_recv {
       /* Non-RFC2616 or CONNECT which is weird. */
       return (pipe);
   }
- 
+
   if (req.request != "GET" && req.request != "HEAD") {
     /* We only deal with GET and HEAD by default */
     return (pass);
   }
- 
+
   // Remove has_js and Google Analytics salary of a wedding planner cookies.
   set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|__utma_a2a|has_js)=[^;]*", "");
- 
+
   // To users: if you have additional cookies being set by your system (e.g.
   // from a javascript analytics file or similar) you will need to add VCL
   // at this point to strip these cookies from the req object, otherwise
@@ -41,25 +41,25 @@ sub vcl_recv {
   // Again, the common example is an analytics or other Javascript add-on.
   // You should do this here, before the other cookie stuff, or by adding
   // to the regular-expression above.
- 
- 
+
+
   // Remove a ";" prefix, if present.
   set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
   // Remove empty cookies.
   if (req.http.Cookie ~ "^\s*$") {
     unset req.http.Cookie;
   }
- 
+
   if (req.http.Authorization || req.http.Cookie) {
     /* Not cacheable by default */
     return (pass);
   }
- 
+
   // Skip the Varnish cache for install, update, and cron
   if (req.url ~ "install\.php|update\.php|cron\.php") {
     return (pass);
   }
- 
+
   // Normalize the Accept-Encoding header
   // as per: http://varnish-cache.org/wiki/FAQ/Compression
   if (req.http.Accept-Encoding) {
@@ -75,28 +75,31 @@ sub vcl_recv {
       remove req.http.Accept-Encoding;
     }
   }
- 
+
   // Let's have a little grace
   set req.grace = 30s;
- 
+
   return (lookup);
 }
- 
+
 sub vcl_hash {
   if (req.http.Cookie) {
     set req.hash += req.http.Cookie;
   }
 }
- 
+
 // Strip any cookies before an image/js/css is inserted into cache.
 sub vcl_fetch {
   if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
-    // For Varnish 2.0 or earlier, replace beresp with obj:
-    // unset obj.http.set-cookie;
+  <% case node['varnish']['version'] -%>
+  <% when "2.0" -%>
+    unset obj.http.set-cookie;
+  <% when "2.1" -%>
     unset beresp.http.set-cookie;
+  <% end -%>
   }
 }
- 
+
 // Set a header to track a cache HIT/MISS.
 sub vcl_deliver {
   if (obj.hits > 0) {
@@ -106,7 +109,7 @@ sub vcl_deliver {
     set resp.http.X-Varnish-Cache = "MISS";
   }
 }
- 
+
 sub vcl_error {
   // Let's deliver a friendlier error page.
   // You can customize this as you wish.
@@ -137,5 +140,10 @@ XID: "} req.xid {"</pre>
     </body>
    </html>
   "};
-  return(deliver);
+  <% case node['varnish']['version'] -%>
+  <% when "2.0" -%>
+    deliver;
+  <% when "2.1" -%>
+    return(deliver);
+  <% end -%>
 }
diff --git a/cookbooks-override/ariadne/templates/default/drupal-varnish3.vcl.erb b/cookbooks-override/ariadne/templates/default/drupal-varnish3.vcl.erb
new file mode 100644
index 0000000..6bd9d3e
--- /dev/null
+++ b/cookbooks-override/ariadne/templates/default/drupal-varnish3.vcl.erb
@@ -0,0 +1,280 @@
+#
+# Generated by Chef
+#
+# Based on the Drupal default.vcl for Varnish 3.0:
+# https://fourkitchens.atlassian.net/wiki/display/TECH/Configure+Varnish+3+for+Drupal+7
+
+# This is a basic VCL configuration file for varnish.  See the vcl(7)
+# man page for details on VCL syntax and semantics.
+#
+
+# TODO: Update internal subnet ACL and security.
+
+# Define the internal network subnet.
+# These are used below to allow internal access to certain files while not
+# allowing access from the public internet.
+# acl internal {
+#  "192.10.0.0"/24;
+# }
+
+# Default backend definition.  Set this to point to your content
+# server.
+#
+backend default {
+  .host = "<%= node['varnish']['backend_host'] %>";
+  .port = "<%= node['varnish']['backend_port'] %>";
+}
+
+# Respond to incoming requests.
+sub vcl_recv {
+  # Use anonymous, cached pages if all backends are down.
+  if (!req.backend.healthy) {
+    unset req.http.Cookie;
+  }
+
+  # Allow the backend to serve up stale content if it is responding slowly.
+  set req.grace = 6h;
+
+  # Pipe these paths directly to Apache for streaming.
+  #if (req.url ~ "^/admin/content/backup_migrate/export") {
+  #  return (pipe);
+  #}
+
+  # Do not cache these paths.
+  if (req.url ~ "^/status\.php$" ||
+      req.url ~ "^/update\.php$" ||
+      req.url ~ "^/admin$" ||
+      req.url ~ "^/admin/.*$" ||
+      req.url ~ "^/flag/.*$" ||
+      req.url ~ "^.*/ajax/.*$" ||
+      req.url ~ "^.*/ahah/.*$") {
+       return (pass);
+  }
+
+  # Do not allow outside access to cron.php or install.php.
+  #if (req.url ~ "^/(cron|install)\.php$" && !client.ip ~ internal) {
+    # Have Varnish throw the error directly.
+  #  error 404 "Page not found.";
+    # Use a custom error page that you've defined in Drupal at the path "404".
+    # set req.url = "/404";
+  #}
+
+  # Always cache the following file types for all users. This list of extensions
+  # appears twice, once here and again in vcl_fetch so make sure you edit both
+  # and keep them equal.
+  if (req.url ~ "(?i)\.(pdf|asc|dat|txt|doc|xls|ppt|tgz|csv|png|gif|jpeg|jpg|ico|swf|css|js)(\?.*)?$") {
+    unset req.http.Cookie;
+  }
+
+  # Remove all cookies that Drupal doesn't need to know about. We explicitly
+  # list the ones that Drupal does need, the SESS and NO_CACHE. If, after
+  # running this code we find that either of these two cookies remains, we
+  # will pass as the page cannot be cached.
+  if (req.http.Cookie) {
+    # 1. Append a semi-colon to the front of the cookie string.
+    # 2. Remove all spaces that appear after semi-colons.
+    # 3. Match the cookies we want to keep, adding the space we removed
+    #    previously back. (\1) is first matching group in the regsuball.
+    # 4. Remove all other cookies, identifying them by the fact that they have
+    #    no space after the preceding semi-colon.
+    # 5. Remove all spaces and semi-colons from the beginning and end of the
+    #    cookie string.
+    set req.http.Cookie = ";" + req.http.Cookie;
+    set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
+    set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=", "; \1=");
+    set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
+
+    if (req.http.Cookie == "") {
+      # If there are no remaining cookies, remove the cookie header. If there
+      # aren't any cookie headers, Varnish's default behavior will be to cache
+      # the page.
+      unset req.http.Cookie;
+    }
+    else {
+      # If there is any cookies left (a session or NO_CACHE cookie), do not
+      # cache the page. Pass it on to Apache directly.
+      return (pass);
+    }
+  }
+}
+
+# Set a header to track a cache HIT/MISS.
+sub vcl_deliver {
+  if (obj.hits > 0) {
+    set resp.http.X-Varnish-Cache = "HIT";
+  }
+  else {
+    set resp.http.X-Varnish-Cache = "MISS";
+  }
+}
+
+# Code determining what to do when serving items from the Apache servers.
+# beresp == Back-end response from the web server.
+sub vcl_fetch {
+  # We need this to cache 404s, 301s, 500s. Otherwise, depending on backend but
+  # definitely in Drupal's case these responses are not cacheable by default.
+  if (beresp.status == 404 || beresp.status == 301 || beresp.status == 500) {
+    set beresp.ttl = 10m;
+  }
+
+  # Don't allow static files to set cookies.
+  # (?i) denotes case insensitive in PCRE (perl compatible regular expressions).
+  # This list of extensions appears twice, once here and again in vcl_recv so
+  # make sure you edit both and keep them equal.
+  if (req.url ~ "(?i)\.(pdf|asc|dat|txt|doc|xls|ppt|tgz|csv|png|gif|jpeg|jpg|ico|swf|css|js)(\?.*)?$") {
+    unset beresp.http.set-cookie;
+  }
+
+  # Allow items to be stale if needed.
+  set beresp.grace = 6h;
+}
+
+# In the event of an error, show friendlier messages.
+sub vcl_error {
+  # Redirect to some other URL in the case of a homepage failure.
+  #if (req.url ~ "^/?$") {
+  #  set obj.status = 302;
+  #  set obj.http.Location = "http://backup.example.com/";
+  #}
+
+  # Otherwise redirect to the homepage, which will likely be in the cache.
+  set obj.http.Content-Type = "text/html; charset=utf-8";
+  synthetic {"
+<html>
+<head>
+  <title>Page Unavailable</title>
+  <style>
+    body { background: #303030; text-align: center; color: white; }
+    #page { border: 1px solid #CCC; width: 500px; margin: 100px auto 0; padding: 30px; background: #323232; }
+    a, a:link, a:visited { color: #CCC; }
+    .error { color: #222; }
+  </style>
+</head>
+<body onload="setTimeout(function() { window.location = '/' }, 5000)">
+  <div id="page">
+    <h1 class="title">Page Unavailable</h1>
+    <p>The page you requested is temporarily unavailable.</p>
+    <p>We're redirecting you to the <a href="/">homepage</a> in 5 seconds.</p>
+    <div class="error">(Error "} + obj.status + " " + obj.response + {")</div>
+  </div>
+</body>
+</html>
+"};
+  return (deliver);
+}
+
+#
+# Below is a commented-out copy of the default VCL logic.  If you
+# redefine any of these subroutines, the built-in logic will be
+# appended to your code.
+# sub vcl_recv {
+#     if (req.restarts == 0) {
+#   if (req.http.x-forwarded-for) {
+#       set req.http.X-Forwarded-For =
+#       req.http.X-Forwarded-For + ", " + client.ip;
+#   } else {
+#       set req.http.X-Forwarded-For = client.ip;
+#   }
+#     }
+#     if (req.request != "GET" &&
+#       req.request != "HEAD" &&
+#       req.request != "PUT" &&
+#       req.request != "POST" &&
+#       req.request != "TRACE" &&
+#       req.request != "OPTIONS" &&
+#       req.request != "DELETE") {
+#         /* Non-RFC2616 or CONNECT which is weird. */
+#         return (pipe);
+#     }
+#     if (req.request != "GET" && req.request != "HEAD") {
+#         /* We only deal with GET and HEAD by default */
+#         return (pass);
+#     }
+#     if (req.http.Authorization || req.http.Cookie) {
+#         /* Not cacheable by default */
+#         return (pass);
+#     }
+#     return (lookup);
+# }
+#
+# sub vcl_pipe {
+#     # Note that only the first request to the backend will have
+#     # X-Forwarded-For set.  If you use X-Forwarded-For and want to
+#     # have it set for all requests, make sure to have:
+#     # set bereq.http.connection = "close";
+#     # here.  It is not set by default as it might break some broken web
+#     # applications, like IIS with NTLM authentication.
+#     return (pipe);
+# }
+#
+# sub vcl_pass {
+#     return (pass);
+# }
+#
+# sub vcl_hash {
+#     hash_data(req.url);
+#     if (req.http.host) {
+#         hash_data(req.http.host);
+#     } else {
+#         hash_data(server.ip);
+#     }
+#     return (hash);
+# }
+#
+# sub vcl_hit {
+#     return (deliver);
+# }
+#
+# sub vcl_miss {
+#     return (fetch);
+# }
+#
+# sub vcl_fetch {
+#     if (beresp.ttl <= 0s ||
+#         beresp.http.Set-Cookie ||
+#         beresp.http.Vary == "*") {
+#       /*
+#        * Mark as "Hit-For-Pass" for the next 2 minutes
+#        */
+#       set beresp.ttl = 120 s;
+#       return (hit_for_pass);
+#     }
+#     return (deliver);
+# }
+#
+# sub vcl_deliver {
+#     return (deliver);
+# }
+#
+# sub vcl_error {
+#     set obj.http.Content-Type = "text/html; charset=utf-8";
+#     set obj.http.Retry-After = "5";
+#     synthetic {"
+# <?xml version="1.0" encoding="utf-8"?>
+# <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+#  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+# <html>
+#   <head>
+#     <title>"} + obj.status + " " + obj.response + {"</title>
+#   </head>
+#   <body>
+#     <h1>Error "} + obj.status + " " + obj.response + {"</h1>
+#     <p>"} + obj.response + {"</p>
+#     <h3>Guru Meditation:</h3>
+#     <p>XID: "} + req.xid + {"</p>
+#     <hr>
+#     <p>Varnish cache server</p>
+#   </body>
+# </html>
+# "};
+#     return (deliver);
+# }
+#
+# sub vcl_init {
+#   return (ok);
+# }
+#
+# sub vcl_fini {
+#   return (ok);
+# }
diff --git a/roles/varnish.rb b/roles/varnish.rb
index 7519cac..64a8325 100644
--- a/roles/varnish.rb
+++ b/roles/varnish.rb
@@ -7,6 +7,8 @@
 default_attributes(
   :varnish => {
     :version => "2.1",
+    :vcl_conf => "drupal.vcl",
+    :vcl_cookbook => "ariadne",
     :listen_port => "80",
     :backend_host => "127.0.0.1",
     :backend_port => "8080",