crl: Pass crl-verify if found
* Empty CRLs don't work. * Avoids confusing easyrsa during the init step where it thinks an existing PKI configuration exists. * Add to ovpn_run to help users that are upgrading and ran genconfig which now depends on the file being present. * Use a hardlink to tip toe around permissions issues.
This commit is contained in:
Kyle Manna
12
bin/ovpn_run
12
bin/ovpn_run
@ -33,8 +33,18 @@ if [ "$OVPN_DEFROUTE" != "0" ] || [ "$OVPN_NAT" == "1" ] ; then
|
||||
done
|
||||
fi
|
||||
|
||||
# Use a hacky hardlink as the CRL Needs to be readable by the user/group
|
||||
# OpenVPN is running as. Only pass arguments to OpenVPN if it's found.
|
||||
if [ -r "$EASYRSA_PKI/crl.pem" ]; then
|
||||
if [ ! -r "$OPENVPN/crl.pem" ]; then
|
||||
ln "$EASYRSA_PKI/crl.pem" "$OPENVPN/crl.pem"
|
||||
chmod 644 "$OPENVPN/crl.pem"
|
||||
fi
|
||||
ARGS=("--crl-verify" "$OPENVPN/crl.pem")
|
||||
fi
|
||||
|
||||
if [ "$#" -gt 0 ]; then
|
||||
exec openvpn "$@"
|
||||
else
|
||||
exec openvpn --config "$OPENVPN/openvpn.conf"
|
||||
exec openvpn ${ARGS[@]} --config "$OPENVPN/openvpn.conf"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user