Kyle Manna
5e3c9719c8
run: Always ensure client dir exists
...
* OpenVPN will fail to start if this directory doesn't exist.
2014-06-29 23:26:23 -07:00
Kyle Manna
7b9d82630d
genconfig: Backup old config file
...
* Backup previous config file before overwriting.
2014-06-29 23:26:23 -07:00
Kyle Manna
1aaf6a4359
genconfig: Use servername if $1 not specified
...
* Set the common name to servername set during last ovpn_init if $1 is
not passed in.
* Simplies re-running ovpn_genconfig when features are added.
2014-06-29 23:26:23 -07:00
Kyle Manna
20dc3d6ea0
genconfig: Expand the subnet
...
* Use a larger subnet (2x the size) to allow for more hard-coded
configurations.
2014-06-29 23:26:23 -07:00
Kyle Manna
353019b0e9
genconfig: Add client-config-dir
...
* Add client config directory for client specific configuration options
such as IP addresses.
2014-06-29 23:26:23 -07:00
Kyle Manna
126f3a4557
ovpn_init: Protect the CA key by default
...
* Protect the CA key with a passphrase by default to protect it from a
filsystem compromise. An attacker could still steal the other keys
stored (ie the server's cert key), but not issue new keys.
* This is a good compromise for now.
2014-06-04 17:07:07 -07:00
Kyle Manna
e1902bc2cd
ovpn_genconfig: Add generate config script
...
* Create a generate config script so that the new docker containers can
regenerate the OpenVPN configuration without clobbering the PKI setup.
2014-06-04 16:50:53 -07:00
Kyle Manna
4728990da3
ovpn_getclient: Verify server certificate
...
* Verify the server's certificate to avoid MITM attacks
2014-06-04 15:38:49 -07:00
Kyle Manna
bc4165e587
tls-auth: Enable tls-auth for security
...
* Enabling tls-auth improves security and helps protect against DDoS.
2014-06-04 15:35:18 -07:00
Kyle Manna
939cf7ab67
ovpen_init: Remove external IP resolution
...
* Disable auto guessing the external IP in favor of the user explicitly
specifying the server name. Save the servername for client cert
generation later.
* Remove dnsutils from build since dig is no longer necessary. Favor
learn and mean images.
2014-06-04 11:15:43 -07:00
Kyle Manna
1869cd85d0
openvpn.sh: Split in to smaller scripts
...
* Split soon to be massive wrapper into smaller managable scripts.
* Re-organized Dockerfile to exploit cache when rebuilding
2014-06-04 11:13:59 -07:00
Kyle Manna
035ff64200
Dockerfile: Add ENV configuration
...
* Add ENV configuration options to Dockerfile as opposed to keeping in
the wrapper script.
* First step to splitting up openvpn.sh in to smaller scripts.
2014-06-04 10:52:59 -07:00
Kyle Manna
2d26b87343
run: Remove run script
...
* Replaced by openvpn.sh
2014-06-04 09:29:45 -07:00
Kyle Manna
161acca6a2
openvpn.sh: Add log tail function
...
* Add ability to tail log file as original repo did.
2014-06-04 09:29:17 -07:00
Kyle Manna
7944bcd9fe
serveconfig: Remove
...
* Use the openvpn.sh wrapper script instead
2014-06-04 09:26:53 -07:00
Kyle Manna
422c2a302d
openvpn.sh: Add getclientconfig
...
* Add mechanism to generate and return a client configuration
* Seemlessly Generates certificate if necessary
2014-06-04 09:18:25 -07:00
Kyle Manna
f673ee83ce
openvpn.sh: Save servername used during init
...
* Save the DNS domain name or IP address the server was configured with
* Useful for generating client configurations
2014-06-04 09:08:09 -07:00
Kyle Manna
a1c174f6f5
openvpn.sh: Implement init step and cert gen
...
* Initialize and configure the OpenVPN server
* Generate PKI keys, CA, and certs when needed
2014-06-04 01:39:38 -07:00
Kyle Manna
9e4de074d0
openvpn.sh: Add easyrsa to wrapper
...
* Provide a way to invoke easyrsa form the wrapper
* Add ability to set the EasyRSA vars file which manages the default
settings for the EasyRSA PKI CA.
2014-06-04 00:21:14 -07:00
Kyle Manna
023cfe6596
openvpn.sh: Add wrapper script
...
* Add the beginning of a wrapper script that will handle cert generation
and OpenVPN invocation.
2014-06-03 20:58:13 -07:00
Paimpozhil
83e47bb3be
adding google nameservers into the DHCP push
2014-04-29 16:05:53 -04:00
Yeri Tiete
b3a5a89ab3
forgot .log
...
It's not that important but it's cleaner.
2013-09-11 00:33:55 +02:00
Jérôme Petazzoni
c6b94b5726
Add mention of SSL for configuration download.
2013-09-04 14:22:24 -07:00
Jerome Petazzoni
0f56065a90
Docker can haz VPN nao!
2013-09-02 23:46:19 +00:00