Nicolas Duchon
16fbc4019d
Fix ovpn_genconfig for repeatability
2017-06-21 02:21:52 +02:00
Kyle Manna
074a07e40e
genconfig: Fix missing MTU required argument
...
This must have beeen broken for a long time. Test case added to prevent
it from breaking again.
Closes #259
2017-05-13 09:50:18 -07:00
Alexander Chepurko
3ee5479d78
Push options need to be quoted.
...
Move the implementation to process_push_config.
2017-05-11 10:55:46 -07:00
Sylvain Lamontagne
22fcaf9477
Add configuration for keepalive
...
* Add parameter to disable the push of block-outside-dns
* -d should really do what it was supposed to do
* Fix problem where comp-lzo would always be set regardless of the parameter
2017-03-09 20:35:52 -05:00
Nate Jones
c8ba567333
only block external dns when default route is pushed
2017-03-07 23:21:17 +00:00
Ryan Schlesinger
fbb97918cf
Only load config from temp file if not empty
2017-02-18 14:09:19 -08:00
Ryan Schlesinger
e282e1eed0
Add -E flag for adding extra client config
2017-02-18 13:53:35 -08:00
Tilo Spannagel
1d2a2e8b29
Added IPv6 support
...
Signed-off-by: Tilo Spannagel <development@tilosp.de>
2017-02-08 09:29:47 +01:00
Kyle Manna
be165e209e
Merge pull request #208 from lhopki01/master
...
Fix issue with connection resetting every hour when using otp.
2017-01-26 22:42:04 -08:00
Jan Kunzmann
8f304ea3fe
bugfix: custom route definition didn't override default
2017-01-25 01:25:08 +01:00
Luke
fbdc8e32c6
remove debugging extra
2017-01-24 14:40:48 +00:00
Luke
3ebc4903d8
automatically add reneg-sec 0 to client and server configs when otp is being used to avoid connection resetting every hour. Edit docs to make clear that a more secure cipher needs to be selected to use with otp to avoid the connection being reset every 64 MB of data
2017-01-24 14:37:48 +00:00
Sylvain Lamontagne
72a3c8a001
Fix for regression
...
As I reworked the push options, a bug got introduced where a duplication
of push in the config for the DNS dhcp-options would make it to fail.
There was no tests covering this, so I did not catch it earlier.
I've add the missing tests and fix the bug
2016-09-22 18:12:45 -04:00
Sylvain Lamontagne
2e943378d1
Too many arguments while pushing route
...
So I was trying to push a route to my client and the script failed with
'too many arguments', I reworked this part and took the opportunity to
rework a little bit the way push and routes were handled.
I also added some tests and validated that what I changed would not
break what was there before.
2016-09-22 16:02:59 -04:00
Sylvain Lamontagne
e8eb1dda0c
Added extra config doc in faqs and fixed an unlikely unbound variable
2016-09-20 12:53:29 -04:00
Sylvain Lamontagne
39996ed568
Fix Unbound Variables
2016-09-16 18:50:48 -04:00
Sylvain Lamontagne
1807bc6dc4
Add multiple extra config option
...
Add bash traceback in case an error occured
2016-09-16 18:42:45 -04:00
Kyle Manna
9e7b363758
genconfig: Clean-up usage() display
...
* Semi-sorted order.
* Move arguments with flags up.
2016-09-03 15:45:55 -07:00
Achint Sandhu
bcedc8d6d6
Fix for Windows 10 DNS Leak
...
The patch includes an update to the OpenVPN server config to
address a DNS leak when using Windows 10, as documented at:
https://community.openvpn.net/openvpn/ticket/605
2016-07-05 13:29:45 -04:00
Emmanuel Frecon
c12fdcd83f
Automatically creating CCD directory
2016-06-08 09:14:08 +02:00
Nate Jones
191cb45106
allow specifying extra config
2016-05-16 09:56:27 -07:00
Rudi Starcevic
74bfad0aac
Add openvpn.conf gerneration -f fragment directive option
2016-04-06 15:06:02 +08:00
Fabio Napoleoni
d481313311
Back to Alpine Linux using packaged version of google-authenticator
2016-02-11 18:10:51 +01:00
Fabio Napoleoni
dd719c1f11
Save OTP variable in server env
2016-02-06 20:25:03 +01:00
Fabio Napoleoni
6fcebf9adb
Server side configuration for OTP
2016-02-06 20:23:59 +01:00
unknown
2fa3abe064
fixed getopts argument typo. removed ":" before "z"
2015-11-29 10:15:15 -08:00
Christian Tawfik
2abbcf1999
added config param to enable COMP-LZO compression
2015-11-29 10:14:07 -08:00
Greg Brockman
ded4414ef4
Respect the -D flag
...
It looks like edfbffb85f
caused the
OVPN_DNS variable to start being ignored, meaning the -D flag was a
no-op.
2015-10-31 19:39:32 -07:00
Johannes 'fish' Ziemke
edfbffb85f
Support pushing custom DNS servers
2015-10-16 15:41:22 +02:00
Robin Schneider
d6209eebc2
Allow to change security related options tls-cipher, cipher and auth.
2015-08-26 12:56:40 +02:00
Thomas Emmerling
3703d3afc3
Add a parameter to use TAP instead of TUN device.
2015-08-19 00:46:07 +02:00
Kyle Manna
34d9601e6e
ovpn_run: Assume /etc/openvpn is read-only
...
* Systemd service currently marks the mount as read-only, and this is
regarded as good practice for server/daemon only operation.
* Don't create /etc/openvpn/ccd as the mount may be read-only.
* Append the client-config-dir command line argument if it is found to
avoid mkdir operation.
* Mount can easily be modified using a different docker run line with
":ro" on the volume mount.
2015-07-27 20:26:43 -07:00
Kyle Manna
e53492850f
crl: Pass crl-verify if found
...
* Empty CRLs don't work.
* Avoids confusing easyrsa during the init step where it thinks an
existing PKI configuration exists.
* Add to ovpn_run to help users that are upgrading and ran genconfig
which now depends on the file being present.
* Use a hardlink to tip toe around permissions issues.
2015-05-12 02:10:43 -07:00
Kyle Manna
5021bad597
ovpn: Add support for revoking certificates (CRL)
...
* Add this much needed missing feature. Easy RSA makes it... easy.
2015-05-11 10:41:25 -07:00
Kyle Manna
c3024ce335
genconfig: Remove duplicate-cn mention
...
* Remove the commented out duplicate-cn configuration option
* Leads to confusion
* Related #42
2015-05-09 15:19:24 -07:00
Kyle Manna
88c76c787e
genconfig: Turn off exit on error at end
...
* Need to check return status of diff, but don't want a false return
code to exit the script.
* Fixes #35
2015-03-09 09:19:38 -07:00
Kyle Manna
8d8f19d951
genconfig: Describe backup conf deletion
...
* Handle back-up configuration deletion better by informing the user
why the back-up vanished and why.
* Closes #33
2015-03-07 16:35:08 -08:00
omriiluz
43ae3eb61d
properly clone arrays
2015-02-28 03:22:08 -08:00
omriiluz
6b23cf8d88
do not accumulate routes and push directives from default if new directives were defined
2015-02-28 03:01:00 -08:00
omriiluz
e9d1022eb4
Disable bash debug (xtrace) by default, re-enable with -e DEBUG=1
2015-02-28 02:45:31 -08:00
omriiluz
1cb38ce146
Support client mtu push
2015-01-17 01:07:52 -08:00
Omri Iluz
1e2418ae37
Control external NAT creation
2015-01-17 00:56:46 -08:00
Omri Iluz
97f231b4e7
Control default DNS push with -D flag
2015-01-17 00:56:21 -08:00
Omri Iluz
bf50da4ee2
Remove hard coded DNS push.
...
TODO: control with cmdline option
2015-01-16 03:36:47 -08:00
Jimmy Wong
31a8584685
Run daemon as nobody
2015-01-01 22:57:28 -08:00
Samuel Leathers
f1616f7196
fixing regexp to allow dashes in OVPN_SERVER_URL
2014-08-16 22:32:16 -04:00
Kyle Manna
b9cc5b347a
genconfig: Convert OVPN_ROUTES to array
...
* Convert to an array to simplify the code.
* This breaks running `ovpn_genconfig` multiple times with the same
route argument as the array will just grow. This needs to be fixed in
the future.
* Recommended way to work around this is to remove ovpn_env.sh.
2014-07-09 11:06:02 -07:00
Kyle Manna
20be0f90a5
genconfig: Add push support
...
* Add ability to specify push commands with `-p` argument.
2014-07-09 10:55:02 -07:00
Kyle Manna
0c873ab4cf
genconfig: Print success
...
* Print success message to console. Provides positive feedback.
2014-07-09 10:53:41 -07:00
Kyle Manna
f263eb9a61
genconfig: Add client-to-client support
2014-07-09 10:53:25 -07:00