Commit Graph

420 Commits

Author SHA1 Message Date
Kyle Manna
909744dd78 Merge pull request #251 from buchdag/buchdag-revoke1
Fix certificate revocation
2017-05-10 09:37:03 -07:00
Nicolas Duchon
5aea8b914c Update documentation
Add ovpn_revokeclient usage to client.md and docker-compose.md
2017-05-10 18:08:11 +02:00
Nicolas Duchon
a091bef13b Create a script to handle client revocation
This script revoke the certificate corresponding to the commonName passed as first parameter, generate a new CRL, copies it to /etc/openvpn, make it readable by OpenVPN and optionally remove the crt, key and req file corresponding to the revoked certificate using "remove" as second parameter (removal of those files are required to generate a new client certificate using the revoked certificate's CN).
2017-05-10 18:08:11 +02:00
Nicolas Duchon
59644d953d Replace hardlinking of crl.pem with a copy
easyrsa gen-crl does not modify the crl.pem in place but rather remove the old file and create a new one, which means any hardlink to it will get broken again at each invocation of easyrsa gen-crl.

If hardlink to this file is not going to work anyway and we still need it to be readable by OpenVPN, we're better off copying it and chmod-ing it every time a new one is detected on container start, using the conditional expression file1 -nt file2.
2017-05-10 18:08:11 +02:00
Nicolas Duchon
dcf3791d54 Generate a CRL during PKI initialization 2017-05-10 18:08:11 +02:00
Nicolas Duchon
76546e1823 Add client revocation test 2017-05-10 18:08:11 +02:00
Kyle Manna
f996bbaa8e README: Clarify volume naming convention
* Use a better default that works with systemd service out of the box.
* Update upstart init script to follow convention.
2017-05-10 08:14:51 -07:00
Kyle Manna
861ed05c48 Merge pull request #254 from buchdag/buchdag-systemd.md
Clarify and complete systemd.md
2017-05-06 07:04:18 -07:00
Kyle Manna
ce690e5ab1 ovpn_run: Explicitly enable ipv6
On a recent build I ran in to the following error messages:

    Wed May  3 14:31:43 2017 /sbin/ip -6 addr add 2001:db8:0:4::1/64 dev tun0
    Wed May  3 14:31:43 2017 Linux ip -6 addr add failed: external program exited with error status: 2

This appears to be do to the fact that somewhere something defaulted the
kernel in the container to disable IPv6.  Not sure if this is my host or
the docker daemon.  Re-enable it explicitly for now until Docker gets
it's IPv6 act together.
2017-05-03 07:48:15 -07:00
Nicolas Duchon
e4821ec709 Clarify and complete systemd.md 2017-05-02 22:24:37 +02:00
Kyle Manna
808e2448b1 Merge pull request #244 from DerEnderKeks/patch-1
Removed double entry
2017-05-02 10:48:14 -07:00
DerEnderKeks
fe2cdebea2 Removed double entry
the removed line contained the same option as line 63
2017-03-25 19:41:31 +01:00
Kyle Manna
892a3c9a1c Merge pull request #234 from slamont/master
Add an option for setting different values for keepalive
2017-03-09 20:30:49 -08:00
Sylvain Lamontagne
a3c96bc881 Add test for keepalive 2017-03-09 20:58:46 -05:00
Sylvain Lamontagne
22fcaf9477 Add configuration for keepalive
* Add parameter to disable the push of block-outside-dns
* -d should really do what it was supposed to do
* Fix problem where comp-lzo would always be set regardless of the parameter
2017-03-09 20:35:52 -05:00
Kyle Manna
d454a20e80 Merge pull request #231 from mediatemple/only_block_when_road_warrior
Only block external dns when default route is pushed
2017-03-07 16:24:34 -08:00
Nate Jones
c8ba567333 only block external dns when default route is pushed 2017-03-07 23:21:17 +00:00
Nate Jones
21ae2fcef4 fix block-external-dns tests 2017-03-07 23:20:50 +00:00
Kyle Manna
24944b0a11 Merge pull request #226 from vielmetti/patch-1
Create Dockerfile.aarch64
2017-02-24 09:06:58 -08:00
Edward Vielmetti
b74cbd5c74 Create Dockerfile.aarch64
New Dockerfile to support aarch64 (ARMv8, arm64).
2017-02-23 13:59:43 -05:00
Kyle Manna
93c3a0453d README: Fix docker-compose mention
Previously rendered poorly on both GitHub and Docker Hub.
2017-02-23 08:01:08 -08:00
Kyle Manna
b868fa9093 Merge pull request #223 from outstand/extra-client-config
Add -E flag for adding extra client config
2017-02-19 09:34:09 -08:00
Ryan Schlesinger
fbb97918cf
Only load config from temp file if not empty 2017-02-18 14:09:19 -08:00
Ryan Schlesinger
e282e1eed0
Add -E flag for adding extra client config 2017-02-18 13:53:35 -08:00
Kyle Manna
5236365fe1 Merge pull request #222 from maxromanovsky/patch-1
Docs: Fixed configuration restore instructions
2017-02-18 07:09:28 -08:00
Max Romanovsky
a293af4246 Fixed configuration restore instructions 2017-02-18 15:29:01 +03:00
Kyle Manna
47de917de5 Merge pull request #219 from r0p0s3c/iptables
move iptables/nat functionality to a function
2017-02-16 13:37:19 -08:00
r0p0s3c
cbf9cbf433 fix permission on test script 2017-02-16 15:28:31 -05:00
r0p0s3c
4fd8296a62 add iptables test to list of tests 2017-02-16 15:09:22 -05:00
r0p0s3c
0e3f34effd add test for iptables rules customization functionality 2017-02-16 15:04:06 -05:00
r0p0s3c
e8b568a0b9 add additional documentation clarifying calling of function, purpose, and how to override it 2017-02-16 14:57:52 -05:00
r0p0s3c
a2adb59d69 move iptables/nat functionality to a function (setupIptablesAndRouting)
This allows iptables rule update to be overridden by creating/supplying
that function in, for example, ovpn_env.sh
2017-02-16 14:57:52 -05:00
Kyle Manna
f4351bb0dd Merge pull request #216 from peterrus/patch-1
using run instead of exec
2017-02-12 09:34:14 -08:00
peterrus
14c45f418c using run instead of exec
It is more in line with the other commands we run earlier. Shouldn't have any negative effects right?
2017-02-12 13:50:42 +01:00
Kyle Manna
7627f8e9f9 Merge pull request #215 from tilosp-docker/dev
Connect to the OpenVPN Server over IPv6
2017-02-08 09:10:23 -08:00
Tilo Spannagel
26635395b2
README: Connect to the OpenVPN Server Over IPv6 2017-02-08 16:20:31 +01:00
Tilo Spannagel
abdf537da5
Added IPv6 support to client script
Signed-off-by: Tilo Spannagel <development@tilosp.de>
2017-02-08 09:41:48 +01:00
Tilo Spannagel
1d2a2e8b29
Added IPv6 support
Signed-off-by: Tilo Spannagel <development@tilosp.de>
2017-02-08 09:29:47 +01:00
Kyle Manna
f487184a4a Merge pull request #214 from yanndegat/master
Fix  OVPN_ADDITIONAL_CLIENT_CONFIG
2017-02-06 06:59:43 -08:00
yanndegat
1a984ba9cd Fix OVPN_ADDITIONAL_CLIENT_CONFIG
OVPN_ADDITIONAL_CLIENT_CONFIG isn't available in combined mode
2017-02-06 15:49:31 +01:00
Kyle Manna
aaf2c0fee1 Merge pull request #212 from hadim/compose-doc
Update documentation for docker-compose
2017-01-29 09:02:11 -08:00
Hadrien Mary
c4fc888dca Update documentation for docker-compose 2017-01-28 19:07:51 -05:00
Kyle Manna
be165e209e Merge pull request #208 from lhopki01/master
Fix issue with connection resetting every hour when using otp.
2017-01-26 22:42:04 -08:00
Luke
ef8221372d change test to bring in line with others 2017-01-26 17:53:53 +00:00
Luke
c9ada1eac4 reneg-sec needs to be set to 0 when using otp because otherwise the connection will be ask for a otp every hour. Tests added to make sure it's there when otp is enabled 2017-01-25 14:06:19 +00:00
Kyle Manna
2cc170f001 Merge pull request #209 from DrMurx/fix-custom-route
bugfix: custom route definition didn't override default
2017-01-24 17:29:23 -08:00
Jan Kunzmann
8f304ea3fe bugfix: custom route definition didn't override default 2017-01-25 01:25:08 +01:00
Luke
a20c63893e modify command in documentation too 2017-01-24 14:42:51 +00:00
Luke
fbdc8e32c6 remove debugging extra 2017-01-24 14:40:48 +00:00
Luke
3ebc4903d8 automatically add reneg-sec 0 to client and server configs when otp is being used to avoid connection resetting every hour. Edit docs to make clear that a more secure cipher needs to be selected to use with otp to avoid the connection being reset every 64 MB of data 2017-01-24 14:37:48 +00:00