Kyle Manna
ce690e5ab1
ovpn_run: Explicitly enable ipv6
...
On a recent build I ran in to the following error messages:
Wed May 3 14:31:43 2017 /sbin/ip -6 addr add 2001:db8:0:4::1/64 dev tun0
Wed May 3 14:31:43 2017 Linux ip -6 addr add failed: external program exited with error status: 2
This appears to be do to the fact that somewhere something defaulted the
kernel in the container to disable IPv6. Not sure if this is my host or
the docker daemon. Re-enable it explicitly for now until Docker gets
it's IPv6 act together.
2017-05-03 07:48:15 -07:00
DerEnderKeks
fe2cdebea2
Removed double entry
...
the removed line contained the same option as line 63
2017-03-25 19:41:31 +01:00
Sylvain Lamontagne
22fcaf9477
Add configuration for keepalive
...
* Add parameter to disable the push of block-outside-dns
* -d should really do what it was supposed to do
* Fix problem where comp-lzo would always be set regardless of the parameter
2017-03-09 20:35:52 -05:00
Nate Jones
c8ba567333
only block external dns when default route is pushed
2017-03-07 23:21:17 +00:00
Ryan Schlesinger
fbb97918cf
Only load config from temp file if not empty
2017-02-18 14:09:19 -08:00
Ryan Schlesinger
e282e1eed0
Add -E flag for adding extra client config
2017-02-18 13:53:35 -08:00
r0p0s3c
e8b568a0b9
add additional documentation clarifying calling of function, purpose, and how to override it
2017-02-16 14:57:52 -05:00
r0p0s3c
a2adb59d69
move iptables/nat functionality to a function (setupIptablesAndRouting)
...
This allows iptables rule update to be overridden by creating/supplying
that function in, for example, ovpn_env.sh
2017-02-16 14:57:52 -05:00
Tilo Spannagel
abdf537da5
Added IPv6 support to client script
...
Signed-off-by: Tilo Spannagel <development@tilosp.de>
2017-02-08 09:41:48 +01:00
Tilo Spannagel
1d2a2e8b29
Added IPv6 support
...
Signed-off-by: Tilo Spannagel <development@tilosp.de>
2017-02-08 09:29:47 +01:00
yanndegat
1a984ba9cd
Fix OVPN_ADDITIONAL_CLIENT_CONFIG
...
OVPN_ADDITIONAL_CLIENT_CONFIG isn't available in combined mode
2017-02-06 15:49:31 +01:00
Kyle Manna
be165e209e
Merge pull request #208 from lhopki01/master
...
Fix issue with connection resetting every hour when using otp.
2017-01-26 22:42:04 -08:00
Luke
ef8221372d
change test to bring in line with others
2017-01-26 17:53:53 +00:00
Jan Kunzmann
8f304ea3fe
bugfix: custom route definition didn't override default
2017-01-25 01:25:08 +01:00
Luke
fbdc8e32c6
remove debugging extra
2017-01-24 14:40:48 +00:00
Luke
3ebc4903d8
automatically add reneg-sec 0 to client and server configs when otp is being used to avoid connection resetting every hour. Edit docs to make clear that a more secure cipher needs to be selected to use with otp to avoid the connection being reset every 64 MB of data
2017-01-24 14:37:48 +00:00
gergely.mentsik
4fd33ab077
bugfix: combined-saved was not making directory
2017-01-12 12:49:24 +01:00
Kyle Manna
093fc9fafc
bin: copy_server_files: Backup crl.pem
...
* Back-up the crl.pem file if present.
* Closes #198
2017-01-05 15:58:10 -08:00
Kyle Manna
51270aae82
Merge pull request #162 from slamont/master
...
Too many arguments while pushing route
2016-09-24 18:02:28 -07:00
Sylvain Lamontagne
72a3c8a001
Fix for regression
...
As I reworked the push options, a bug got introduced where a duplication
of push in the config for the DNS dhcp-options would make it to fail.
There was no tests covering this, so I did not catch it earlier.
I've add the missing tests and fix the bug
2016-09-22 18:12:45 -04:00
Sylvain Lamontagne
2e943378d1
Too many arguments while pushing route
...
So I was trying to push a route to my client and the script failed with
'too many arguments', I reworked this part and took the opportunity to
rework a little bit the way push and routes were handled.
I also added some tests and validated that what I changed would not
break what was there before.
2016-09-22 16:02:59 -04:00
Kyle Manna
bdeaff217c
Merge pull request #161 from slamont/master
...
Add doc for extra config use and fixed unlikely unbound variable
2016-09-20 10:10:14 -07:00
Sylvain Lamontagne
e8eb1dda0c
Added extra config doc in faqs and fixed an unlikely unbound variable
2016-09-20 12:53:29 -04:00
Kyle Manna
97f8677a03
Merge pull request #160 from slamont/master
...
Add multiple extra config option
2016-09-20 09:36:01 -07:00
Sylvain Lamontagne
39996ed568
Fix Unbound Variables
2016-09-16 18:50:48 -04:00
Sylvain Lamontagne
1807bc6dc4
Add multiple extra config option
...
Add bash traceback in case an error occured
2016-09-16 18:42:45 -04:00
Kyle Manna
a17dfd7808
copy_server_files: Include ccd directory
...
* Include the client configuration directory
* Related to #133
2016-09-16 07:38:19 -07:00
Kyle Manna
9e7b363758
genconfig: Clean-up usage() display
...
* Semi-sorted order.
* Move arguments with flags up.
2016-09-03 15:45:55 -07:00
Kyle Manna
dcc33e2483
Merge pull request #143 from sandhu/master
...
Fix for Windows 10 DNS Leak
2016-07-05 11:44:18 -07:00
Kyle Manna
0a5a792519
Merge pull request #138 from Caerbannog/patch-1
...
Add "key-direction 1" to client .ovpn
2016-07-05 11:44:05 -07:00
Achint Sandhu
bcedc8d6d6
Fix for Windows 10 DNS Leak
...
The patch includes an update to the OpenVPN server config to
address a DNS leak when using Windows 10, as documented at:
https://community.openvpn.net/openvpn/ticket/605
2016-07-05 13:29:45 -04:00
Emmanuel Frecon
3e747b353e
Sending key to proper location!
2016-06-23 12:20:13 +02:00
Martin d'Allens
dac38246bd
Add "key-direction 1" to client .ovpn
...
Adding this setting avoids connection errors on some clients, when the .ovpn file is imported directly in Gnome NetworkManager.
Server logs:
Authenticate/Decrypt packet error: packet HMAC authentication failed
TLS Error: incoming packet authentication failed from ...
Client logs:
nm-openvpn: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
nm-openvpn: TLS Error: TLS handshake failed
NetworkManager version: 1.2.0
openvpn version: OpenVPN 2.3.10
2016-06-13 12:09:54 +02:00
Emmanuel Frecon
c12fdcd83f
Automatically creating CCD directory
2016-06-08 09:14:08 +02:00
Dave Burke
d77ba5e1e8
Combine user args with generated args
...
Generated arguments will be added only if matching arguments were not
specified by the user. User arguments will be placed after generated
arguments. This allows the user to override any generated configuration
values.
2016-05-31 21:11:03 -05:00
Dave Burke
097376db75
Set working dir in ovpn_run instead of Dockerfile
2016-05-28 22:34:41 -05:00
Nate Jones
191cb45106
allow specifying extra config
2016-05-16 09:56:27 -07:00
Nate Jones
d3fcec15f1
adding ovpn_listclients script
2016-05-11 16:02:27 -07:00
Rudi Starcevic
74bfad0aac
Add openvpn.conf gerneration -f fragment directive option
2016-04-06 15:06:02 +08:00
Fabio Napoleoni
d481313311
Back to Alpine Linux using packaged version of google-authenticator
2016-02-11 18:10:51 +01:00
Fabio Napoleoni
e8d93ea4fa
Use $USER@$OVPN_CN for OTP label.
2016-02-07 13:22:20 +01:00
Fabio Napoleoni
607063b358
Do not cache user credentials
2016-02-07 02:53:43 +01:00
Fabio Napoleoni
bb3d1add3c
Export user pass option in client when OTP is enabled
2016-02-06 21:40:11 +01:00
Fabio Napoleoni
c24a22deea
Allow interactive usage
2016-02-06 21:38:26 +01:00
Fabio Napoleoni
6084261943
Improved script for user OTP generation, tested with pamtester
2016-02-06 21:31:08 +01:00
Fabio Napoleoni
dd719c1f11
Save OTP variable in server env
2016-02-06 20:25:03 +01:00
Fabio Napoleoni
6fcebf9adb
Server side configuration for OTP
2016-02-06 20:23:59 +01:00
Kyle Manna
e7d0d4ea0e
ovpn_run: Fix sysctl IPv6 forwarding write
...
* I'm not sure if this ever worked without the `-w` flag. Perhaps in an
old version of sysctl?
2015-12-29 13:33:55 -08:00
unknown
2fa3abe064
fixed getopts argument typo. removed ":" before "z"
2015-11-29 10:15:15 -08:00
Christian Tawfik
2650d4a286
COMP-lzo param is set in client config, if defined in server.
2015-11-29 10:15:15 -08:00