Commit Graph

431 Commits

Author SHA1 Message Date
Fabio Napoleoni
d481313311 Back to Alpine Linux using packaged version of google-authenticator 2016-02-11 18:10:51 +01:00
David Butler
9b824fb35a Fix typo 2016-02-10 13:01:54 -06:00
David Butler
7a9abf4c14 Update README.md 2016-02-10 12:37:56 -06:00
David Butler
44055aa687 added docs for SELinux policy file 2016-02-10 12:34:35 -06:00
David Butler
8356a664d8 Added linux policy file 2016-02-10 12:25:45 -06:00
Fabio Napoleoni
ba7b925a9f Using a different volume name for otp test, should allow tests to run 2016-02-10 17:12:49 +01:00
Fabio Napoleoni
517ad6aeb2 Implemented tests for 2 factor authentication 2016-02-10 16:59:15 +01:00
Fabio Napoleoni
9c6f3311a1 Fix for Dockerfile, trailing slash is needed. 2016-02-07 14:45:28 +01:00
Fabio Napoleoni
dc4656ef48 OTP documentation 2016-02-07 14:30:56 +01:00
Fabio Napoleoni
e8d93ea4fa Use $USER@$OVPN_CN for OTP label. 2016-02-07 13:22:20 +01:00
Fabio Napoleoni
10dd404159 Fixes pam authentication when dealing with virtual users 2016-02-07 03:48:44 +01:00
Fabio Napoleoni
607063b358 Do not cache user credentials 2016-02-07 02:53:43 +01:00
Fabio Napoleoni
bb3d1add3c Export user pass option in client when OTP is enabled 2016-02-06 21:40:11 +01:00
Fabio Napoleoni
c24a22deea Allow interactive usage 2016-02-06 21:38:26 +01:00
Fabio Napoleoni
6084261943 Improved script for user OTP generation, tested with pamtester 2016-02-06 21:31:08 +01:00
Fabio Napoleoni
5ca92a2c5e Fixed configuration for pam module to allow login of non existing user accounts, i.e. VPN only users. 2016-02-06 21:20:34 +01:00
Fabio Napoleoni
dd719c1f11 Save OTP variable in server env 2016-02-06 20:25:03 +01:00
Fabio Napoleoni
6fcebf9adb Server side configuration for OTP 2016-02-06 20:23:59 +01:00
Fabio Napoleoni
86d2a52f85 Install google authenticator in jessie 2016-02-06 19:45:42 +01:00
Fabio Napoleoni
1623afe651 Reverted to debian jessie 2016-02-06 19:40:54 +01:00
Kyle Manna
e7d0d4ea0e ovpn_run: Fix sysctl IPv6 forwarding write
* I'm not sure if this ever worked without the `-w` flag.  Perhaps in an
  old version of sysctl?
2015-12-29 13:33:55 -08:00
Kyle Manna
e50f4dcc23 Merge pull request #90 from ypid/added-badges
Added badges showing a few key facts next to the CI status.
2015-12-21 16:05:35 -08:00
Robin Schneider
96d17bb5a7
Added badges showing a few key facts next to the CI status.
* Updated Docker Hub URL to new schema.
2015-12-21 22:19:22 +01:00
Kyle Manna
f2111006ad Merge pull request #82 from vielmetti/patch-1
Split tunnels, as documented in #51
2015-11-30 13:43:22 -08:00
Edward Vielmetti
d520a58ec4 Split tunnels, as documented in #51
Taking text from #51 and putting in into the FAQ to make it that much easier to find.
2015-11-30 16:27:46 -05:00
Kyle Manna
1c290e60db Merge branch 'compression'
Closes #81
2015-11-29 10:16:13 -08:00
unknown
2fa3abe064 fixed getopts argument typo. removed ":" before "z" 2015-11-29 10:15:15 -08:00
Christian Tawfik
2650d4a286 COMP-lzo param is set in client config, if defined in server. 2015-11-29 10:15:15 -08:00
Christian Tawfik
2abbcf1999 added config param to enable COMP-LZO compression 2015-11-29 10:14:07 -08:00
Kyle Manna
818e8682d1 Dockerfile: EasyRSA is in community now
* No longer in testing.
2015-11-28 09:10:55 -08:00
Kyle Manna
3edc12a6b7 Merge pull request #78 from gdb/gdb/master
Respect the -D flag
2015-11-01 10:38:26 -08:00
Greg Brockman
ded4414ef4 Respect the -D flag
It looks like edfbffb85f caused the
OVPN_DNS variable to start being ignored, meaning the -D flag was a
no-op.
2015-10-31 19:39:32 -07:00
Kyle Manna
f277449569 Merge pull request #76 from discordianfish/push-custom-dns-servers
Support pushing custom DNS servers
2015-10-16 07:44:53 -07:00
Johannes 'fish' Ziemke
edfbffb85f Support pushing custom DNS servers 2015-10-16 15:41:22 +02:00
Kyle Manna
98cf2128c7 Merge pull request #70 from kylemanna/alpine
Switch to Alpine for Base
2015-10-04 08:24:18 -07:00
Kyle Manna
c3d526fd67 Merge branch 'master' into alpine 2015-09-29 11:43:08 -07:00
Kyle Manna
1498795de2 ovpn_copy_server_files: Use short flags with rm
* The busybox tool in the alpine distro doesn't support long flags.
2015-09-29 11:42:17 -07:00
Kyle Manna
f00de363c7 ovpn_copy_server_files: Copy files without rsync
* Hack around the missing rsync by using tar to preserve the directory
  structure.
* Fixes #73
2015-09-29 11:28:04 -07:00
Kyle Manna
7f58926aa2 tests: Add test for paranoid ovpn_copy_server_files
* Make sure this works
* Related to #73
2015-09-29 10:44:53 -07:00
Kyle Manna
ba7860cced Merge branch 'travis-ci' into alpine 2015-09-22 15:03:20 -07:00
Kyle Manna
98340d7602 Merge pull request #71 from kylemanna/travis-ci
Add Travis CI Testing
2015-09-22 15:02:50 -07:00
Kyle Manna
9459804a1d README: Add Travis CI build status
* Keeps people honest
2015-09-22 14:36:19 -07:00
Kyle Manna
b298eb16bc travis-ci: Extend test to actually do a connection
* Start the server
* Start the client
* Connect
* Profit
2015-09-22 14:32:55 -07:00
Kyle Manna
2c3284acd6 travis-ci: Initial build test
* Build and reports package version.
2015-09-22 08:59:15 -07:00
Kyle Manna
23f66094ff alpine: Use easy-rsa in testing branch of alpine
* Simplifes the Dockerfile significantly.
* No need for curl.
2015-09-10 10:33:05 -07:00
Kyle Manna
3da0efa5bc alpine: Use alpine as base image instead of Debian
* Debian Jessie -> Alpine 3.2: 150MB -> 15MB
2015-09-08 10:07:16 -07:00
Kyle Manna
314eb15507 Merge pull request #69 from ypid/docker_no_network_paranoid_doc
Only setup networking for containers which need it.
2015-09-08 06:54:42 -07:00
Robin Schneider
ee9f4531ad
Only setup networking for containers which need it.
This should mitigate a hypothetical compromise of the scripts used to
manage the CA and other sensitive material.

The examples should still work and make sense although I have not tried
all of them with this change applied.

Note that I did not append the --net=none to all examples because in
some cases network is probably wanted.

* Changing this for all docs was not accepted by @kylemanna.
  https://github.com/kylemanna/docker-openvpn/pull/65#issuecomment-138559257
2015-09-08 15:34:58 +02:00
Kyle Manna
41f7fd22ad Merge pull request #66 from ypid/copy_server_not_symlink
ovpn_copy_server_files: Copy openvpn.conf instead of symlinking locally.
2015-09-07 20:03:09 -07:00
Kyle Manna
d08df0189b Dockerfile: Chmod everything in /usr/local/bin
* Keep it simple.
* Nothing should ever be put in bin that isn't excutable.
2015-09-07 19:21:55 -07:00