Commit Graph

34 Commits

Author SHA1 Message Date
lawtancool
b6de5e4a40
change client config to use tls-crypt instead of tls-auth 2020-02-21 21:15:32 -08:00
w2ak
26589a118e
[ovpn_getclient] key-direction before tls-auth
NetworkManager seems to be ignoring the `key-direction` directive when
it is after the `tls-auth` key, leading to issues as #268.

Signed-off-by: w2ak <w2ak@users.noreply.github.com>
2018-01-04 19:10:46 +01:00
Nicolas Duchon
7a29e8e39b Extra client config is now an array 2017-06-21 02:21:52 +02:00
DerEnderKeks
fe2cdebea2 Removed double entry
the removed line contained the same option as line 63
2017-03-25 19:41:31 +01:00
Sylvain Lamontagne
22fcaf9477 Add configuration for keepalive
* Add parameter to disable the push of block-outside-dns
* -d should really do what it was supposed to do
* Fix problem where comp-lzo would always be set regardless of the parameter
2017-03-09 20:35:52 -05:00
Tilo Spannagel
abdf537da5
Added IPv6 support to client script
Signed-off-by: Tilo Spannagel <development@tilosp.de>
2017-02-08 09:41:48 +01:00
yanndegat
1a984ba9cd Fix OVPN_ADDITIONAL_CLIENT_CONFIG
OVPN_ADDITIONAL_CLIENT_CONFIG isn't available in combined mode
2017-02-06 15:49:31 +01:00
Luke
ef8221372d change test to bring in line with others 2017-01-26 17:53:53 +00:00
Luke
3ebc4903d8 automatically add reneg-sec 0 to client and server configs when otp is being used to avoid connection resetting every hour. Edit docs to make clear that a more secure cipher needs to be selected to use with otp to avoid the connection being reset every 64 MB of data 2017-01-24 14:37:48 +00:00
gergely.mentsik
4fd33ab077 bugfix: combined-saved was not making directory 2017-01-12 12:49:24 +01:00
Martin d'Allens
dac38246bd Add "key-direction 1" to client .ovpn
Adding this setting avoids connection errors on some clients, when the .ovpn file is imported directly in Gnome NetworkManager.

Server logs:
    Authenticate/Decrypt packet error: packet HMAC authentication failed
    TLS Error: incoming packet authentication failed from ...

Client logs:
    nm-openvpn: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    nm-openvpn: TLS Error: TLS handshake failed

NetworkManager version: 1.2.0
openvpn version: OpenVPN 2.3.10
2016-06-13 12:09:54 +02:00
Fabio Napoleoni
607063b358 Do not cache user credentials 2016-02-07 02:53:43 +01:00
Fabio Napoleoni
bb3d1add3c Export user pass option in client when OTP is enabled 2016-02-06 21:40:11 +01:00
Christian Tawfik
2650d4a286 COMP-lzo param is set in client config, if defined in server. 2015-11-29 10:15:15 -08:00
Robin Schneider
d6209eebc2
Allow to change security related options tls-cipher, cipher and auth. 2015-08-26 12:56:40 +02:00
Thomas Emmerling
3703d3afc3 Add a parameter to use TAP instead of TUN device. 2015-08-19 00:46:07 +02:00
Kyle Manna
1f47f361eb Merge pull request #55 from kylemanna/dev
Merge Development Branch
2015-08-07 11:14:59 -07:00
Justin Li
02c3ee63a1 Remove dh param from client config 2015-08-04 23:07:47 -04:00
Kyle Manna
6aca273d89 getclient: Use openssl to prune comments
* The EasyRSA tools create a certificate file with all the metadata
  readable.  This makes the config file larger then it needs to be, so
  prune it.
* Retrieve text files with `openssl x509 -in <crt> -noout -text`
2015-07-05 21:07:04 -07:00
Robin Schneider
ca78b46723
Added variable OVPN_ADDITIONAL_CLIENT_CONFIG use arbitrary openvpn configuration options. 2015-05-30 23:03:17 +02:00
Robin Schneider
47cc0e3ae6
Fixed based on the review by @kylemanna. Thanks. 2015-03-14 13:22:28 +01:00
Robin Schneider
fd4a5dc38e
EASYRSA_PKI might not be defined. 2015-03-13 00:43:50 +01:00
Robin Schneider
e6e2221d8b
Allow to export separated client config and wrote ovpn_getclient_all. 2015-03-13 00:32:40 +01:00
omriiluz
e9d1022eb4 Disable bash debug (xtrace) by default, re-enable with -e DEBUG=1 2015-02-28 02:45:31 -08:00
Nui Narongwet
e959dca048 Return correct exit status 2015-02-21 02:46:50 +07:00
omriiluz
1cb38ce146 Support client mtu push 2015-01-17 01:07:52 -08:00
Timo Zingel
f2148d99ae no connection block in client config 2014-12-08 21:07:46 +01:00
Kyle Manna
d36bb7ecba getclient: Do not autogenerate key
* Do not autogenerate a key if it does not exist.  Instead fail.
* Requires users to explicitly generate keys and prevents generating
  erroneous keys in the event of a typo.
2014-07-10 09:55:06 -07:00
Kyle Manna
d412ce9f7e getclient: Fix sourced env variables
* Update to use the sourced environemental variables.
* Add switch for not using default gateway.
2014-07-06 00:25:14 -07:00
Kyle Manna
852d404c12 env: Re-work environment code
* Instead of storing just a server_url which was necessary to
  regenerate the OpenVPN configs, instead store an env file.
* Move all the env parsing to `ovpn_genconfig` so that it can be re-run
  from genconfig instead of from `ovpn_init`.
* Remove all the parsing and env defaults except for genconfig.

NOTE: This breaks the older config method, uesrs will need to re-run
genconfig with an arg[1] as the previous server_url, this will create
the necessary env file the rest of the tools expect.

Example recovery for legacy users:

    host$ docker run --rm -it kylemanna/openvpn bash -l
    container# ovpn_genconfig $(cat /etc/openvpn/server_url)
2014-07-05 22:07:24 -07:00
Kyle Manna
34eca5b96f ovpn: Convert from servername -> server_url
* Previously the server name cached the common name generated during
  init and assumed always 1194/udp.
* The new configuration allows for users to pass in a url in a new form
  that allows the protocol to be specified as well as the port.
* Example: udp://vpn.example.com:1194
* Try to be backwards compatible.
2014-06-30 23:27:00 -07:00
Kyle Manna
4728990da3 ovpn_getclient: Verify server certificate
* Verify the server's certificate to avoid MITM attacks
2014-06-04 15:38:49 -07:00
Kyle Manna
bc4165e587 tls-auth: Enable tls-auth for security
* Enabling tls-auth improves security and helps protect against DDoS.
2014-06-04 15:35:18 -07:00
Kyle Manna
1869cd85d0 openvpn.sh: Split in to smaller scripts
* Split soon to be massive wrapper into smaller managable scripts.
* Re-organized Dockerfile to exploit cache when rebuilding
2014-06-04 11:13:59 -07:00