d481313311
Back to Alpine Linux using packaged version of google-authenticator
2016-02-11 18:10:51 +01:00
e8d93ea4fa
Use $USER@$OVPN_CN for OTP label.
2016-02-07 13:22:20 +01:00
607063b358
Do not cache user credentials
2016-02-07 02:53:43 +01:00
bb3d1add3c
Export user pass option in client when OTP is enabled
2016-02-06 21:40:11 +01:00
c24a22deea
Allow interactive usage
2016-02-06 21:38:26 +01:00
6084261943
Improved script for user OTP generation, tested with pamtester
2016-02-06 21:31:08 +01:00
dd719c1f11
Save OTP variable in server env
2016-02-06 20:25:03 +01:00
6fcebf9adb
Server side configuration for OTP
2016-02-06 20:23:59 +01:00
e7d0d4ea0e
ovpn_run: Fix sysctl IPv6 forwarding write
...
* I'm not sure if this ever worked without the `-w` flag. Perhaps in an
old version of sysctl?
2015-12-29 13:33:55 -08:00
2fa3abe064
fixed getopts argument typo. removed ":" before "z"
2015-11-29 10:15:15 -08:00
2650d4a286
COMP-lzo param is set in client config, if defined in server.
2015-11-29 10:15:15 -08:00
2abbcf1999
added config param to enable COMP-LZO compression
2015-11-29 10:14:07 -08:00
ded4414ef4
Respect the -D flag
...
It looks like edfbffb85f
2015-10-31 19:39:32 -07:00
edfbffb85f
Support pushing custom DNS servers
2015-10-16 15:41:22 +02:00
1498795de2
ovpn_copy_server_files: Use short flags with rm
...
* The busybox tool in the alpine distro doesn't support long flags.
2015-09-29 11:42:17 -07:00
f00de363c7
ovpn_copy_server_files: Copy files without rsync
...
* Hack around the missing rsync by using tar to preserve the directory
structure.
* Fixes #73
2015-09-29 11:28:04 -07:00
3df53012b6
ovpn_copy_server_files: Copy openvpn.conf instead of symlinking locally.
...
Symlinked files can be resolved by rsync when using the configuration on remote
servers but for local testing having the actual file is beneficial.
2015-08-27 21:19:27 +02:00
b96a91e876
Merge pull request #63 from ypid/allow_ciper_setting
...
Allow to change security related options tls-cipher, cipher and auth.
2015-08-26 08:42:30 -07:00
050d4a1f82
ovpn_copy_server_files: Ensure that no other keys then the one for the server is present.
...
When creating a multi-server setup I used a partly copied, partly
symlinked directory structure for the different servers after creating a
certificate for each server with `easyrsa build-server-full`. In that
process I also copied the `server` directory.
The rsync command does not delete files which are not excluded so it
included the correct server key and the original one which can be a
security risk.
2015-08-26 13:00:17 +02:00
d6209eebc2
Allow to change security related options tls-cipher, cipher and auth.
2015-08-26 12:56:40 +02:00
0181bb93d6
Add ability to set OVPN_NATDEVICE to target specific interface when using net=host
2015-08-24 17:19:40 +02:00
3703d3afc3
Add a parameter to use TAP instead of TUN device.
2015-08-19 00:46:07 +02:00
2508abd5ad
run: Fail gracefully when IPv6 fails
...
* Fail gracefully but complain in the log when --privileged isn't used
for docker run.
* IPv6 is in development for the time being.
* Closes #56
2015-08-09 18:04:05 -07:00
1f47f361eb
Merge pull request #55 from kylemanna/dev
...
Merge Development Branch
2015-08-07 11:14:59 -07:00
02c3ee63a1
Remove dh param from client config
2015-08-04 23:07:47 -04:00
34d9601e6e
ovpn_run: Assume /etc/openvpn is read-only
...
* Systemd service currently marks the mount as read-only, and this is
regarded as good practice for server/daemon only operation.
* Don't create /etc/openvpn/ccd as the mount may be read-only.
* Append the client-config-dir command line argument if it is found to
avoid mkdir operation.
* Mount can easily be modified using a different docker run line with
":ro" on the volume mount.
2015-07-27 20:26:43 -07:00
e6f7904344
run: Add IPv6 forwarding if default route
...
* Enable IPv6 forwarding if docker daemon provided a default route
* For now this requires the --privileged flag, but this could be hacked
around using `ip netns` madness.
2015-07-05 21:07:06 -07:00
6aca273d89
getclient: Use openssl to prune comments
...
* The EasyRSA tools create a certificate file with all the metadata
readable. This makes the config file larger then it needs to be, so
prune it.
* Retrieve text files with `openssl x509 -in <crt> -noout -text`
2015-07-05 21:07:04 -07:00
7399ff7bbd
Create ccd directory to prevent error if /etc is mounted read-only.
...
* mkdir: cannot create directory '/etc/openvpn/ccd': Read-only file system
2015-05-31 22:10:54 +02:00
e0f7856e6f
Merge pull request #48 from ypid/optimized-copy-server-script
...
Optimized ovpn_copy_server_files script. No need to copy the config files.
2015-05-30 16:09:50 -07:00
e361e757da
Optimized ovpn_copy_server_files script. No need to copy the config files.
...
* rsync can copy the actual files.
* This change makes it easier to modifier the configuration and sync it
to the server. You only have to execute the ovpn_copy_server_files
once.
2015-05-31 00:52:33 +02:00
ca78b46723
Added variable OVPN_ADDITIONAL_CLIENT_CONFIG use arbitrary openvpn configuration options.
2015-05-30 23:03:17 +02:00
debf45ae46
Changed license of scripts I wrote to MIT. Related to #43 .
2015-05-12 21:24:59 +02:00
e53492850f
crl: Pass crl-verify if found
...
* Empty CRLs don't work.
* Avoids confusing easyrsa during the init step where it thinks an
existing PKI configuration exists.
* Add to ovpn_run to help users that are upgrading and ran genconfig
which now depends on the file being present.
* Use a hardlink to tip toe around permissions issues.
2015-05-12 02:10:43 -07:00
5021bad597
ovpn: Add support for revoking certificates (CRL)
...
* Add this much needed missing feature. Easy RSA makes it... easy.
2015-05-11 10:41:25 -07:00
c3024ce335
genconfig: Remove duplicate-cn mention
...
* Remove the commented out duplicate-cn configuration option
* Leads to confusion
* Related #42
2015-05-09 15:19:24 -07:00
2f9947c8e4
run: Pass cmd line arguments to openvpn
...
* Pass command line arguments to openvpn if passed in. Enables users to
easily override or add settings.
* Resolves #42
2015-05-09 15:18:53 -07:00
bf34f341fc
Merge remote-tracking branch 'ypid/getclient' into dev
2015-03-20 16:54:22 -07:00
47cc0e3ae6
Fixed based on the review by @kylemanna. Thanks.
2015-03-14 13:22:28 +01:00
f208847f54
Merge pull request #34 from ypid/master
...
Wrote script to copy only the needed files to the docker host which runs the docker openvpn server.
2015-03-12 21:03:28 -07:00
fd4a5dc38e
EASYRSA_PKI might not be defined.
2015-03-13 00:43:50 +01:00
e6e2221d8b
Allow to export separated client config and wrote ovpn_getclient_all.
2015-03-13 00:32:40 +01:00
3c64367583
Removed the --dry-run from rsync. Make it actually do something.
2015-03-12 23:49:49 +01:00
5e514721ff
Added documentation for ovpn_copy_server_files.
2015-03-12 23:11:33 +01:00
88c76c787e
genconfig: Turn off exit on error at end
...
* Need to check return status of diff, but don't want a false return
code to exit the script.
* Fixes #35
2015-03-09 09:19:38 -07:00
3d2d839d0b
Wrote script to copy only the needed files to the docker host which runs the docker openvpn server.
...
* For the truly paranoid users, never keep any keys (i.e. client and
certificate authority) in the docker container to begin with :).
2015-03-08 22:40:08 +01:00
8d8f19d951
genconfig: Describe backup conf deletion
...
* Handle back-up configuration deletion better by informing the user
why the back-up vanished and why.
* Closes #33
2015-03-07 16:35:08 -08:00
43ae3eb61d
properly clone arrays
2015-02-28 03:22:08 -08:00
6b23cf8d88
do not accumulate routes and push directives from default if new directives were defined
2015-02-28 03:01:00 -08:00
e9d1022eb4
Disable bash debug (xtrace) by default, re-enable with -e DEBUG=1
2015-02-28 02:45:31 -08:00
