allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity

crl: Pass crl-verify if found

Browse Source 
* Empty CRLs don't work.
* Avoids confusing easyrsa during the init step where it thinks an
  existing PKI configuration exists.
* Add to ovpn_run to help users that are upgrading and ran genconfig
  which now depends on the file being present.
* Use a hardlink to tip toe around permissions issues.
This commit is contained in:
Kyle Manna
2015-05-12 00:59:43 -07:00
parent 978e072d29
commit e53492850f
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bin/ovpn_genconfig
View File

@ -160,7 +160,6 @@ ca $EASYRSA_PKI/ca.crt
cert $EASYRSA_PKI/issued/${OVPN_CN}.crt
dh $EASYRSA_PKI/dh.pem
tls-auth $EASYRSA_PKI/ta.key
crl-verify $EASYRSA_PKI/crl.pem
key-direction 0
keepalive 10 60
persist-key
@ -179,9 +178,6 @@ group nogroup
EOF
# Create an empty CRL
[ ! -f "$EASYRSA_PKI/crl.pem" ] && touch $EASYRSA_PKI/crl.pem
[ -n "$OVPN_CLIENT_TO_CLIENT" ] && echo "client-to-client" >> "$conf"
[ "$OVPN_DNS" == "1" ] && echo push "dhcp-option DNS 8.8.4.4" >> "$conf"
[ "$OVPN_DNS" == "1" ] && echo push "dhcp-option DNS 8.8.8.8" >> "$conf"