allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity
558 Commits 5 Branches 6 Tags 707 KiB
2a1b2fadce
Commit Graph

558 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Denis Zamataev
f75f2e17a3 implements pushing comp-lzo setting 2018-04-27 14:34:29 +03:00
Kyle Manna
23120e4757
Merge pull request #361 from fossabot/master 
Add license scan report and status
 2018-03-15 14:04:44 -07:00
fossabot
02e92db6bd Add license scan report and status 
Signed-off-by: fossabot <badges@fossa.io>
 2018-03-15 13:56:02 -07:00
Kyle Manna
d5497ba74a
Merge pull request #351 from w2ak/master 
ovpn_getclient: key-direction before tls-auth
 2018-01-04 23:18:36 -08:00
w2ak
26589a118e
[ovpn_getclient] key-direction before tls-auth 
NetworkManager seems to be ignoring the `key-direction` directive when
it is after the `tls-auth` key, leading to issues as #268.

Signed-off-by: w2ak <w2ak@users.noreply.github.com>
 2018-01-04 19:10:46 +01:00
Kyle Manna
30fcd3c6da
Merge pull request #348 from miesgre/fix-genconfig-arm 
Fix ovpn_genconfig script to work in arm architecture
 2017-12-22 13:51:27 -08:00
Miguel Escriva
00ec5214e0 Fix ovpn_genconfig to work in arm architecture 2017-12-22 14:29:57 +01:00
Kyle Manna
fd8daa133a
Merge pull request #331 from buchdag/patch-1 
Add port sharing example to tcp doc
 2017-11-23 14:03:51 -08:00
Nicolas Duchon
7b181c05d5 Add port sharing example to tcp doc 2017-11-23 21:41:34 +01:00
Kyle Manna
054a60c32d
Merge pull request #325 from Silex/master 
Fix outdated docs.
 2017-11-01 20:11:02 -07:00
Philippe Vaucher
391f7e0b2f Fix outdated docs. 2017-11-01 17:30:54 +01:00
Kyle Manna
e82c2ce530
Merge pull request #324 from cglewis/master 
MAINTAINER is deprecated, using LABEL now
 2017-10-31 22:30:09 -07:00
cglewis
d7cf0c7e93 MAINTAINER is deprecated, using LABEL now 2017-10-31 20:12:28 -07:00
Kyle Manna
727231444b Merge pull request #321 from Silex/patch-1 
Fix typos
 2017-10-22 20:05:35 -07:00
Philippe Vaucher
0686b100b1 Fix typos 2017-10-20 14:35:40 +02:00
Kyle Manna
83d61c7c18 Merge pull request #306 from andrewrembrandt/patch-1 
Typo/outdated edit config command?
 2017-08-12 06:26:45 -07:00
Andrew Rembrandt
493865f441 Typo/outdated edit config command? 
Looks like this was written for an earlier iteration?
 2017-08-11 13:12:57 +01:00
Kyle Manna
84c87f5f7f Merge pull request #294 from mypetyak/systemd/capabilities 
systemd: reduce container privilege by whitelisting NET_ADMIN capability
 2017-07-10 22:23:33 -07:00
Kyle Manna
9f1ae1b989 Merge pull request #293 from mypetyak/docs/escape_contributing_markdown 
docs: properly escape CONTRIBUTING markdown
 2017-07-10 22:16:57 -07:00
Christopher Bunn
8f09769fdd systemd: reduce container privilege by whitelisting NET_ADMIN capability 2017-07-10 20:10:39 -07:00
Christopher Bunn
571e181152 docs: properly escape CONTRIBUTING markdown 2017-07-10 20:06:05 -07:00
Kyle Manna
925b08fec4 Merge pull request #283 from buchdag/genconfig-fix 
Fix ovpn_genconfig repeatability issue
 2017-07-08 11:06:36 -07:00
Nicolas Duchon
7a29e8e39b Extra client config is now an array 2017-06-21 02:21:52 +02:00
Nicolas Duchon
16fbc4019d Fix ovpn_genconfig for repeatability 2017-06-21 02:21:52 +02:00
Nicolas Duchon
63a2449705 Add test for ovpn_genconfig repeatability 2017-06-21 01:03:49 +02:00
Kyle Manna
1b8374f818 Merge pull request #281 from buchdag/crl-expire 
Defaults easy_rsa CRL next update to 3650 days
 2017-06-17 09:15:27 -07:00
Nicolas Duchon
8d7bc7e2c5 Set CRL next update to 3650 days 2017-06-17 13:17:20 +02:00
Nicolas Duchon
e30ee8eecf Add CRL next update test 2017-06-17 13:17:08 +02:00
Kyle Manna
e00a72a3f6 Dockerfile: master branch follows alpine:latest 
The master branch will follow alpine:latest.  See `openvpn-2.x` branches
for more stability.

Related #267
 2017-05-26 12:25:43 -07:00
Kyle Manna
d974c0ac6a README: Mention passphrase prompt and systemd init 
* Enhance the documentation to mention that user interaction is
  necessary during the `ovpn_initpki`.
* Re-arrange the next steps part to point people to systemd init as well
  as docs directory.

Closes #266
 2017-05-20 08:44:22 -07:00
Kyle Manna
c0ed8d468d Dockerfile: Drop edge/community for google-authenticator 
* Use the primary repository now that google-authenticator is available
  from alpine:v3.5.

Related to #262
 2017-05-17 09:27:30 -07:00
Kyle Manna
2a9059aa36 tests: Clean-up client + conf_options 
Clean-up the mess that was here.  It's less error prone, shorter and
easier to read.
 2017-05-13 10:52:47 -07:00
Kyle Manna
074a07e40e genconfig: Fix missing MTU required argument 
This must have beeen broken for a long time.  Test case added to prevent
it from breaking again.

Closes #259
 2017-05-13 09:50:18 -07:00
Kyle Manna
8c9d88b316 tests: client: Add client config test suite 
* Test the client configuration to detect breakages
 2017-05-13 09:50:18 -07:00
Kyle Manna
78d612d181 Merge pull request #253 from chepurko/patch-1 2017-05-11 11:21:14 -07:00
Kyle Manna
6bff62eb79 Dockerfile: Swtich from dl-4 to dl-cdn.alpinelinux.org 
* At the time of this commit dl-4.alpinelinux.org was unreachable.
* Switch to the CDN instead of some hardcoded server.
 2017-05-11 11:20:40 -07:00
Alexander Chepurko
8f2f27486c Add quoting into test.sh push options. 2017-05-11 10:55:46 -07:00
Alexander Chepurko
3ee5479d78 Push options need to be quoted. 
Move the implementation to process_push_config.
 2017-05-11 10:55:46 -07:00
Kyle Manna
909744dd78 Merge pull request #251 from buchdag/buchdag-revoke1 
Fix certificate revocation
 2017-05-10 09:37:03 -07:00
Nicolas Duchon
5aea8b914c Update documentation 
Add ovpn_revokeclient usage to client.md and docker-compose.md
 2017-05-10 18:08:11 +02:00
Nicolas Duchon
a091bef13b Create a script to handle client revocation 
This script revoke the certificate corresponding to the commonName passed as first parameter, generate a new CRL, copies it to /etc/openvpn, make it readable by OpenVPN and optionally remove the crt, key and req file corresponding to the revoked certificate using "remove" as second parameter (removal of those files are required to generate a new client certificate using the revoked certificate's CN).
 2017-05-10 18:08:11 +02:00
Nicolas Duchon
59644d953d Replace hardlinking of crl.pem with a copy 
easyrsa gen-crl does not modify the crl.pem in place but rather remove the old file and create a new one, which means any hardlink to it will get broken again at each invocation of easyrsa gen-crl.

If hardlink to this file is not going to work anyway and we still need it to be readable by OpenVPN, we're better off copying it and chmod-ing it every time a new one is detected on container start, using the conditional expression file1 -nt file2.
 2017-05-10 18:08:11 +02:00
Nicolas Duchon
dcf3791d54 Generate a CRL during PKI initialization 2017-05-10 18:08:11 +02:00
Nicolas Duchon
76546e1823 Add client revocation test 2017-05-10 18:08:11 +02:00
Kyle Manna
f996bbaa8e README: Clarify volume naming convention 
* Use a better default that works with systemd service out of the box.
* Update upstart init script to follow convention.
 2017-05-10 08:14:51 -07:00
Kyle Manna
861ed05c48 Merge pull request #254 from buchdag/buchdag-systemd.md 
Clarify and complete systemd.md
 2017-05-06 07:04:18 -07:00
Kyle Manna
ce690e5ab1 ovpn_run: Explicitly enable ipv6 
On a recent build I ran in to the following error messages:

    Wed May  3 14:31:43 2017 /sbin/ip -6 addr add 2001:db8:0:4::1/64 dev tun0
    Wed May  3 14:31:43 2017 Linux ip -6 addr add failed: external program exited with error status: 2

This appears to be do to the fact that somewhere something defaulted the
kernel in the container to disable IPv6.  Not sure if this is my host or
the docker daemon.  Re-enable it explicitly for now until Docker gets
it's IPv6 act together.
 2017-05-03 07:48:15 -07:00
Nicolas Duchon
e4821ec709 Clarify and complete systemd.md 2017-05-02 22:24:37 +02:00
Kyle Manna
808e2448b1 Merge pull request #244 from DerEnderKeks/patch-1 
Removed double entry
 2017-05-02 10:48:14 -07:00
DerEnderKeks
fe2cdebea2 Removed double entry 
the removed line contained the same option as line 63
 2017-03-25 19:41:31 +01:00