container-openvpn

Author	SHA1	Message	Date
Nicolas Duchon	5aea8b914c	Update documentation Add ovpn_revokeclient usage to client.md and docker-compose.md	2017-05-10 18:08:11 +02:00
Nicolas Duchon	a091bef13b	Create a script to handle client revocation This script revoke the certificate corresponding to the commonName passed as first parameter, generate a new CRL, copies it to /etc/openvpn, make it readable by OpenVPN and optionally remove the crt, key and req file corresponding to the revoked certificate using "remove" as second parameter (removal of those files are required to generate a new client certificate using the revoked certificate's CN).	2017-05-10 18:08:11 +02:00
Nicolas Duchon	59644d953d	Replace hardlinking of crl.pem with a copy easyrsa gen-crl does not modify the crl.pem in place but rather remove the old file and create a new one, which means any hardlink to it will get broken again at each invocation of easyrsa gen-crl. If hardlink to this file is not going to work anyway and we still need it to be readable by OpenVPN, we're better off copying it and chmod-ing it every time a new one is detected on container start, using the conditional expression file1 -nt file2.	2017-05-10 18:08:11 +02:00
Nicolas Duchon	dcf3791d54	Generate a CRL during PKI initialization	2017-05-10 18:08:11 +02:00
Nicolas Duchon	76546e1823	Add client revocation test	2017-05-10 18:08:11 +02:00
Kyle Manna	f996bbaa8e	README: Clarify volume naming convention * Use a better default that works with systemd service out of the box. * Update upstart init script to follow convention.	2017-05-10 08:14:51 -07:00
Kyle Manna	861ed05c48	Merge pull request #254 from buchdag/buchdag-systemd.md Clarify and complete systemd.md	2017-05-06 07:04:18 -07:00
Kyle Manna	ce690e5ab1	ovpn_run: Explicitly enable ipv6 On a recent build I ran in to the following error messages: Wed May 3 14:31:43 2017 /sbin/ip -6 addr add 2001:db8:0:4::1/64 dev tun0 Wed May 3 14:31:43 2017 Linux ip -6 addr add failed: external program exited with error status: 2 This appears to be do to the fact that somewhere something defaulted the kernel in the container to disable IPv6. Not sure if this is my host or the docker daemon. Re-enable it explicitly for now until Docker gets it's IPv6 act together.	2017-05-03 07:48:15 -07:00
Nicolas Duchon	e4821ec709	Clarify and complete systemd.md	2017-05-02 22:24:37 +02:00
Kyle Manna	808e2448b1	Merge pull request #244 from DerEnderKeks/patch-1 Removed double entry	2017-05-02 10:48:14 -07:00
DerEnderKeks	fe2cdebea2	Removed double entry the removed line contained the same option as line 63	2017-03-25 19:41:31 +01:00
Kyle Manna	892a3c9a1c	Merge pull request #234 from slamont/master Add an option for setting different values for keepalive	2017-03-09 20:30:49 -08:00
Sylvain Lamontagne	a3c96bc881	Add test for keepalive	2017-03-09 20:58:46 -05:00
Sylvain Lamontagne	22fcaf9477	Add configuration for keepalive * Add parameter to disable the push of block-outside-dns * -d should really do what it was supposed to do * Fix problem where comp-lzo would always be set regardless of the parameter	2017-03-09 20:35:52 -05:00
Kyle Manna	d454a20e80	Merge pull request #231 from mediatemple/only_block_when_road_warrior Only block external dns when default route is pushed	2017-03-07 16:24:34 -08:00
Nate Jones	c8ba567333	only block external dns when default route is pushed	2017-03-07 23:21:17 +00:00
Nate Jones	21ae2fcef4	fix block-external-dns tests	2017-03-07 23:20:50 +00:00
Kyle Manna	24944b0a11	Merge pull request #226 from vielmetti/patch-1 Create Dockerfile.aarch64	2017-02-24 09:06:58 -08:00
Edward Vielmetti	b74cbd5c74	Create Dockerfile.aarch64 New Dockerfile to support aarch64 (ARMv8, arm64).	2017-02-23 13:59:43 -05:00
Kyle Manna	93c3a0453d	README: Fix docker-compose mention Previously rendered poorly on both GitHub and Docker Hub. v2.1.0	2017-02-23 08:01:08 -08:00
Kyle Manna	b868fa9093	Merge pull request #223 from outstand/extra-client-config Add -E flag for adding extra client config	2017-02-19 09:34:09 -08:00
Ryan Schlesinger	fbb97918cf	Only load config from temp file if not empty	2017-02-18 14:09:19 -08:00
Ryan Schlesinger	e282e1eed0	Add -E flag for adding extra client config	2017-02-18 13:53:35 -08:00
Kyle Manna	5236365fe1	Merge pull request #222 from maxromanovsky/patch-1 Docs: Fixed configuration restore instructions	2017-02-18 07:09:28 -08:00
Max Romanovsky	a293af4246	Fixed configuration restore instructions	2017-02-18 15:29:01 +03:00
Kyle Manna	47de917de5	Merge pull request #219 from r0p0s3c/iptables move iptables/nat functionality to a function	2017-02-16 13:37:19 -08:00
r0p0s3c	cbf9cbf433	fix permission on test script	2017-02-16 15:28:31 -05:00
r0p0s3c	4fd8296a62	add iptables test to list of tests	2017-02-16 15:09:22 -05:00
r0p0s3c	0e3f34effd	add test for iptables rules customization functionality	2017-02-16 15:04:06 -05:00
r0p0s3c	e8b568a0b9	add additional documentation clarifying calling of function, purpose, and how to override it	2017-02-16 14:57:52 -05:00
r0p0s3c	a2adb59d69	move iptables/nat functionality to a function (setupIptablesAndRouting) This allows iptables rule update to be overridden by creating/supplying that function in, for example, ovpn_env.sh	2017-02-16 14:57:52 -05:00
Kyle Manna	f4351bb0dd	Merge pull request #216 from peterrus/patch-1 using run instead of exec	2017-02-12 09:34:14 -08:00
peterrus	14c45f418c	using run instead of exec It is more in line with the other commands we run earlier. Shouldn't have any negative effects right?	2017-02-12 13:50:42 +01:00
Kyle Manna	7627f8e9f9	Merge pull request #215 from tilosp-docker/dev Connect to the OpenVPN Server over IPv6	2017-02-08 09:10:23 -08:00
Tilo Spannagel	26635395b2	README: Connect to the OpenVPN Server Over IPv6	2017-02-08 16:20:31 +01:00
Tilo Spannagel	abdf537da5	Added IPv6 support to client script Signed-off-by: Tilo Spannagel <development@tilosp.de>	2017-02-08 09:41:48 +01:00
Tilo Spannagel	1d2a2e8b29	Added IPv6 support Signed-off-by: Tilo Spannagel <development@tilosp.de>	2017-02-08 09:29:47 +01:00
Kyle Manna	f487184a4a	Merge pull request #214 from yanndegat/master Fix OVPN_ADDITIONAL_CLIENT_CONFIG	2017-02-06 06:59:43 -08:00
yanndegat	1a984ba9cd	Fix OVPN_ADDITIONAL_CLIENT_CONFIG OVPN_ADDITIONAL_CLIENT_CONFIG isn't available in combined mode	2017-02-06 15:49:31 +01:00
Kyle Manna	aaf2c0fee1	Merge pull request #212 from hadim/compose-doc Update documentation for docker-compose	2017-01-29 09:02:11 -08:00
Hadrien Mary	c4fc888dca	Update documentation for docker-compose	2017-01-28 19:07:51 -05:00
Kyle Manna	be165e209e	Merge pull request #208 from lhopki01/master Fix issue with connection resetting every hour when using otp.	2017-01-26 22:42:04 -08:00
Luke	ef8221372d	change test to bring in line with others	2017-01-26 17:53:53 +00:00
Luke	c9ada1eac4	reneg-sec needs to be set to 0 when using otp because otherwise the connection will be ask for a otp every hour. Tests added to make sure it's there when otp is enabled	2017-01-25 14:06:19 +00:00
Kyle Manna	2cc170f001	Merge pull request #209 from DrMurx/fix-custom-route bugfix: custom route definition didn't override default	2017-01-24 17:29:23 -08:00
Jan Kunzmann	8f304ea3fe	bugfix: custom route definition didn't override default	2017-01-25 01:25:08 +01:00
Luke	a20c63893e	modify command in documentation too	2017-01-24 14:42:51 +00:00
Luke	fbdc8e32c6	remove debugging extra	2017-01-24 14:40:48 +00:00
Luke	3ebc4903d8	automatically add reneg-sec 0 to client and server configs when otp is being used to avoid connection resetting every hour. Edit docs to make clear that a more secure cipher needs to be selected to use with otp to avoid the connection being reset every 64 MB of data	2017-01-24 14:37:48 +00:00
Kyle Manna	1129eb09bc	systemd: Remove read-only flag on volume * The read-only flag will create issues with those trying to add certificates to the data volume.	2017-01-17 07:27:21 -08:00

1 2 3 4 5 ...

419 Commits