allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity
337 Commits 5 Branches 6 Tags
14c45f418c6665db69ed9b6ad10912c54a753d24
Commit Graph

133 Commits

Author SHA1 Message Date
Tilo Spannagel
abdf537da5 Added IPv6 support to client script 
Signed-off-by: Tilo Spannagel <development@tilosp.de>
 2017-02-08 09:41:48 +01:00
Tilo Spannagel
1d2a2e8b29 Added IPv6 support 
Signed-off-by: Tilo Spannagel <development@tilosp.de>
 2017-02-08 09:29:47 +01:00
yanndegat
1a984ba9cd Fix OVPN_ADDITIONAL_CLIENT_CONFIG 
OVPN_ADDITIONAL_CLIENT_CONFIG isn't available in combined mode
 2017-02-06 15:49:31 +01:00
Kyle Manna
be165e209e Merge pull request #208 from lhopki01/master 
Fix issue with connection resetting every hour when using otp.
 2017-01-26 22:42:04 -08:00
Luke
ef8221372d change test to bring in line with others 2017-01-26 17:53:53 +00:00
Jan Kunzmann
8f304ea3fe bugfix: custom route definition didn't override default 2017-01-25 01:25:08 +01:00
Luke
fbdc8e32c6 remove debugging extra 2017-01-24 14:40:48 +00:00
Luke
3ebc4903d8 automatically add reneg-sec 0 to client and server configs when otp is being used to avoid connection resetting every hour. Edit docs to make clear that a more secure cipher needs to be selected to use with otp to avoid the connection being reset every 64 MB of data 2017-01-24 14:37:48 +00:00
gergely.mentsik
4fd33ab077 bugfix: combined-saved was not making directory 2017-01-12 12:49:24 +01:00
Kyle Manna
093fc9fafc bin: copy_server_files: Backup crl.pem 
* Back-up the crl.pem file if present.
* Closes #198
 2017-01-05 15:58:10 -08:00
Kyle Manna
51270aae82 Merge pull request #162 from slamont/master 
Too many arguments while pushing route
 2016-09-24 18:02:28 -07:00
Sylvain Lamontagne
72a3c8a001 Fix for regression 
As I reworked the push options, a bug got introduced where a duplication
of push in the config for the DNS dhcp-options would make it to fail.
There was no tests covering this, so I did not catch it earlier.

I've add the missing tests and fix the bug
 2016-09-22 18:12:45 -04:00
Sylvain Lamontagne
2e943378d1 Too many arguments while pushing route 
So I was trying to push a route to my client and the script failed with
'too many arguments', I reworked this part and took the opportunity to
rework a little bit the way push and routes were handled.

I also added some tests and validated that what I changed would not
break what was there before.
 2016-09-22 16:02:59 -04:00
Kyle Manna
bdeaff217c Merge pull request #161 from slamont/master 
Add doc for extra config use and fixed unlikely unbound variable
 2016-09-20 10:10:14 -07:00
Sylvain Lamontagne
e8eb1dda0c Added extra config doc in faqs and fixed an unlikely unbound variable 2016-09-20 12:53:29 -04:00
Kyle Manna
97f8677a03 Merge pull request #160 from slamont/master 
Add multiple extra config option
 2016-09-20 09:36:01 -07:00
Sylvain Lamontagne
39996ed568 Fix Unbound Variables 2016-09-16 18:50:48 -04:00
Sylvain Lamontagne
1807bc6dc4 Add multiple extra config option 
Add bash traceback in case an error occured
 2016-09-16 18:42:45 -04:00
Kyle Manna
a17dfd7808 copy_server_files: Include ccd directory 
* Include the client configuration directory
* Related to #133
 2016-09-16 07:38:19 -07:00
Kyle Manna
9e7b363758 genconfig: Clean-up usage() display 
* Semi-sorted order.
* Move arguments with flags up.
 2016-09-03 15:45:55 -07:00
Kyle Manna
dcc33e2483 Merge pull request #143 from sandhu/master 
Fix for Windows 10 DNS Leak
 2016-07-05 11:44:18 -07:00
Kyle Manna
0a5a792519 Merge pull request #138 from Caerbannog/patch-1 
Add "key-direction 1" to client .ovpn
 2016-07-05 11:44:05 -07:00
Achint Sandhu
bcedc8d6d6 Fix for Windows 10 DNS Leak 
The patch includes an update to the OpenVPN server config to
address a DNS leak when using Windows 10, as documented at:
https://community.openvpn.net/openvpn/ticket/605
 2016-07-05 13:29:45 -04:00
Emmanuel Frecon
3e747b353e Sending key to proper location! 2016-06-23 12:20:13 +02:00
Martin d'Allens
dac38246bd Add "key-direction 1" to client .ovpn 
Adding this setting avoids connection errors on some clients, when the .ovpn file is imported directly in Gnome NetworkManager.

Server logs:
    Authenticate/Decrypt packet error: packet HMAC authentication failed
    TLS Error: incoming packet authentication failed from ...

Client logs:
    nm-openvpn: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    nm-openvpn: TLS Error: TLS handshake failed

NetworkManager version: 1.2.0
openvpn version: OpenVPN 2.3.10
 2016-06-13 12:09:54 +02:00
Emmanuel Frecon
c12fdcd83f Automatically creating CCD directory 2016-06-08 09:14:08 +02:00
Dave Burke
d77ba5e1e8 Combine user args with generated args 
Generated arguments will be added only if matching arguments were not
specified by the user. User arguments will be placed after generated
arguments. This allows the user to override any generated configuration
values.
 2016-05-31 21:11:03 -05:00
Dave Burke
097376db75 Set working dir in ovpn_run instead of Dockerfile 2016-05-28 22:34:41 -05:00
Nate Jones
191cb45106 allow specifying extra config 2016-05-16 09:56:27 -07:00
Nate Jones
d3fcec15f1 adding ovpn_listclients script 2016-05-11 16:02:27 -07:00
Rudi Starcevic
74bfad0aac Add openvpn.conf gerneration -f fragment directive option 2016-04-06 15:06:02 +08:00
Fabio Napoleoni
d481313311 Back to Alpine Linux using packaged version of google-authenticator 2016-02-11 18:10:51 +01:00
Fabio Napoleoni
e8d93ea4fa Use $USER@$OVPN_CN for OTP label. 2016-02-07 13:22:20 +01:00
Fabio Napoleoni
607063b358 Do not cache user credentials 2016-02-07 02:53:43 +01:00
Fabio Napoleoni
bb3d1add3c Export user pass option in client when OTP is enabled 2016-02-06 21:40:11 +01:00
Fabio Napoleoni
c24a22deea Allow interactive usage 2016-02-06 21:38:26 +01:00
Fabio Napoleoni
6084261943 Improved script for user OTP generation, tested with pamtester 2016-02-06 21:31:08 +01:00
Fabio Napoleoni
dd719c1f11 Save OTP variable in server env 2016-02-06 20:25:03 +01:00
Fabio Napoleoni
6fcebf9adb Server side configuration for OTP 2016-02-06 20:23:59 +01:00
Kyle Manna
e7d0d4ea0e ovpn_run: Fix sysctl IPv6 forwarding write 
* I'm not sure if this ever worked without the `-w` flag.  Perhaps in an
  old version of sysctl?
 2015-12-29 13:33:55 -08:00
unknown
2fa3abe064 fixed getopts argument typo. removed ":" before "z" 2015-11-29 10:15:15 -08:00
Christian Tawfik
2650d4a286 COMP-lzo param is set in client config, if defined in server. 2015-11-29 10:15:15 -08:00
Christian Tawfik
2abbcf1999 added config param to enable COMP-LZO compression 2015-11-29 10:14:07 -08:00
Greg Brockman
ded4414ef4 Respect the -D flag 
It looks like edfbffb85f caused the
OVPN_DNS variable to start being ignored, meaning the -D flag was a
no-op.
 2015-10-31 19:39:32 -07:00
Johannes 'fish' Ziemke
edfbffb85f Support pushing custom DNS servers 2015-10-16 15:41:22 +02:00
Kyle Manna
1498795de2 ovpn_copy_server_files: Use short flags with rm 
* The busybox tool in the alpine distro doesn't support long flags.
 2015-09-29 11:42:17 -07:00
Kyle Manna
f00de363c7 ovpn_copy_server_files: Copy files without rsync 
* Hack around the missing rsync by using tar to preserve the directory
  structure.
* Fixes #73
 2015-09-29 11:28:04 -07:00
Robin Schneider
3df53012b6 ovpn_copy_server_files: Copy openvpn.conf instead of symlinking locally. 
Symlinked files can be resolved by rsync when using the configuration on remote
servers but for local testing having the actual file is beneficial.
 2015-08-27 21:19:27 +02:00
Kyle Manna
b96a91e876 Merge pull request #63 from ypid/allow_ciper_setting 
Allow to change security related options tls-cipher, cipher and auth.
 2015-08-26 08:42:30 -07:00
Robin Schneider
050d4a1f82 ovpn_copy_server_files: Ensure that no other keys then the one for the server is present. 
When creating a multi-server setup I used a partly copied, partly
symlinked directory structure for the different servers after creating a
certificate for each server with `easyrsa build-server-full`. In that
process I also copied the `server` directory.
The rsync command does not delete files which are not excluded so it
included the correct server key and the original one which can be a
security risk.
 2015-08-26 13:00:17 +02:00