Commit Graph

154 Commits

Author SHA1 Message Date
Denis Zamataev
49d36c2d64 implements setting 'comp-lzo no' on server conf by default 2018-05-03 15:19:02 +03:00
Denis Zamataev
e1bd5b6450 removes pushing 'comp-lzo' when it is enabled 2018-05-01 21:04:31 +03:00
SizL75
092affef43
fixed type
missing space in line 372
2018-04-29 18:15:52 +02:00
Denis Zamataev
f75f2e17a3 implements pushing comp-lzo setting 2018-04-27 14:34:29 +03:00
w2ak
26589a118e
[ovpn_getclient] key-direction before tls-auth
NetworkManager seems to be ignoring the `key-direction` directive when
it is after the `tls-auth` key, leading to issues as #268.

Signed-off-by: w2ak <w2ak@users.noreply.github.com>
2018-01-04 19:10:46 +01:00
Miguel Escriva
00ec5214e0 Fix ovpn_genconfig to work in arm architecture 2017-12-22 14:29:57 +01:00
Nicolas Duchon
7a29e8e39b Extra client config is now an array 2017-06-21 02:21:52 +02:00
Nicolas Duchon
16fbc4019d Fix ovpn_genconfig for repeatability 2017-06-21 02:21:52 +02:00
Kyle Manna
074a07e40e genconfig: Fix missing MTU required argument
This must have beeen broken for a long time.  Test case added to prevent
it from breaking again.

Closes #259
2017-05-13 09:50:18 -07:00
Alexander Chepurko
3ee5479d78 Push options need to be quoted.
Move the implementation to process_push_config.
2017-05-11 10:55:46 -07:00
Nicolas Duchon
a091bef13b Create a script to handle client revocation
This script revoke the certificate corresponding to the commonName passed as first parameter, generate a new CRL, copies it to /etc/openvpn, make it readable by OpenVPN and optionally remove the crt, key and req file corresponding to the revoked certificate using "remove" as second parameter (removal of those files are required to generate a new client certificate using the revoked certificate's CN).
2017-05-10 18:08:11 +02:00
Nicolas Duchon
59644d953d Replace hardlinking of crl.pem with a copy
easyrsa gen-crl does not modify the crl.pem in place but rather remove the old file and create a new one, which means any hardlink to it will get broken again at each invocation of easyrsa gen-crl.

If hardlink to this file is not going to work anyway and we still need it to be readable by OpenVPN, we're better off copying it and chmod-ing it every time a new one is detected on container start, using the conditional expression file1 -nt file2.
2017-05-10 18:08:11 +02:00
Nicolas Duchon
dcf3791d54 Generate a CRL during PKI initialization 2017-05-10 18:08:11 +02:00
Kyle Manna
ce690e5ab1 ovpn_run: Explicitly enable ipv6
On a recent build I ran in to the following error messages:

    Wed May  3 14:31:43 2017 /sbin/ip -6 addr add 2001:db8:0:4::1/64 dev tun0
    Wed May  3 14:31:43 2017 Linux ip -6 addr add failed: external program exited with error status: 2

This appears to be do to the fact that somewhere something defaulted the
kernel in the container to disable IPv6.  Not sure if this is my host or
the docker daemon.  Re-enable it explicitly for now until Docker gets
it's IPv6 act together.
2017-05-03 07:48:15 -07:00
DerEnderKeks
fe2cdebea2 Removed double entry
the removed line contained the same option as line 63
2017-03-25 19:41:31 +01:00
Sylvain Lamontagne
22fcaf9477 Add configuration for keepalive
* Add parameter to disable the push of block-outside-dns
* -d should really do what it was supposed to do
* Fix problem where comp-lzo would always be set regardless of the parameter
2017-03-09 20:35:52 -05:00
Nate Jones
c8ba567333 only block external dns when default route is pushed 2017-03-07 23:21:17 +00:00
Ryan Schlesinger
fbb97918cf
Only load config from temp file if not empty 2017-02-18 14:09:19 -08:00
Ryan Schlesinger
e282e1eed0
Add -E flag for adding extra client config 2017-02-18 13:53:35 -08:00
r0p0s3c
e8b568a0b9 add additional documentation clarifying calling of function, purpose, and how to override it 2017-02-16 14:57:52 -05:00
r0p0s3c
a2adb59d69 move iptables/nat functionality to a function (setupIptablesAndRouting)
This allows iptables rule update to be overridden by creating/supplying
that function in, for example, ovpn_env.sh
2017-02-16 14:57:52 -05:00
Tilo Spannagel
abdf537da5
Added IPv6 support to client script
Signed-off-by: Tilo Spannagel <development@tilosp.de>
2017-02-08 09:41:48 +01:00
Tilo Spannagel
1d2a2e8b29
Added IPv6 support
Signed-off-by: Tilo Spannagel <development@tilosp.de>
2017-02-08 09:29:47 +01:00
yanndegat
1a984ba9cd Fix OVPN_ADDITIONAL_CLIENT_CONFIG
OVPN_ADDITIONAL_CLIENT_CONFIG isn't available in combined mode
2017-02-06 15:49:31 +01:00
Kyle Manna
be165e209e Merge pull request #208 from lhopki01/master
Fix issue with connection resetting every hour when using otp.
2017-01-26 22:42:04 -08:00
Luke
ef8221372d change test to bring in line with others 2017-01-26 17:53:53 +00:00
Jan Kunzmann
8f304ea3fe bugfix: custom route definition didn't override default 2017-01-25 01:25:08 +01:00
Luke
fbdc8e32c6 remove debugging extra 2017-01-24 14:40:48 +00:00
Luke
3ebc4903d8 automatically add reneg-sec 0 to client and server configs when otp is being used to avoid connection resetting every hour. Edit docs to make clear that a more secure cipher needs to be selected to use with otp to avoid the connection being reset every 64 MB of data 2017-01-24 14:37:48 +00:00
gergely.mentsik
4fd33ab077 bugfix: combined-saved was not making directory 2017-01-12 12:49:24 +01:00
Kyle Manna
093fc9fafc bin: copy_server_files: Backup crl.pem
* Back-up the crl.pem file if present.
* Closes #198
2017-01-05 15:58:10 -08:00
Kyle Manna
51270aae82 Merge pull request #162 from slamont/master
Too many arguments while pushing route
2016-09-24 18:02:28 -07:00
Sylvain Lamontagne
72a3c8a001 Fix for regression
As I reworked the push options, a bug got introduced where a duplication
of push in the config for the DNS dhcp-options would make it to fail.
There was no tests covering this, so I did not catch it earlier.

I've add the missing tests and fix the bug
2016-09-22 18:12:45 -04:00
Sylvain Lamontagne
2e943378d1 Too many arguments while pushing route
So I was trying to push a route to my client and the script failed with
'too many arguments', I reworked this part and took the opportunity to
rework a little bit the way push and routes were handled.

I also added some tests and validated that what I changed would not
break what was there before.
2016-09-22 16:02:59 -04:00
Kyle Manna
bdeaff217c Merge pull request #161 from slamont/master
Add doc for extra config use and fixed unlikely unbound variable
2016-09-20 10:10:14 -07:00
Sylvain Lamontagne
e8eb1dda0c Added extra config doc in faqs and fixed an unlikely unbound variable 2016-09-20 12:53:29 -04:00
Kyle Manna
97f8677a03 Merge pull request #160 from slamont/master
Add multiple extra config option
2016-09-20 09:36:01 -07:00
Sylvain Lamontagne
39996ed568 Fix Unbound Variables 2016-09-16 18:50:48 -04:00
Sylvain Lamontagne
1807bc6dc4 Add multiple extra config option
Add bash traceback in case an error occured
2016-09-16 18:42:45 -04:00
Kyle Manna
a17dfd7808 copy_server_files: Include ccd directory
* Include the client configuration directory
* Related to #133
2016-09-16 07:38:19 -07:00
Kyle Manna
9e7b363758 genconfig: Clean-up usage() display
* Semi-sorted order.
* Move arguments with flags up.
2016-09-03 15:45:55 -07:00
Kyle Manna
dcc33e2483 Merge pull request #143 from sandhu/master
Fix for Windows 10 DNS Leak
2016-07-05 11:44:18 -07:00
Kyle Manna
0a5a792519 Merge pull request #138 from Caerbannog/patch-1
Add "key-direction 1" to client .ovpn
2016-07-05 11:44:05 -07:00
Achint Sandhu
bcedc8d6d6 Fix for Windows 10 DNS Leak
The patch includes an update to the OpenVPN server config to
address a DNS leak when using Windows 10, as documented at:
https://community.openvpn.net/openvpn/ticket/605
2016-07-05 13:29:45 -04:00
Emmanuel Frecon
3e747b353e Sending key to proper location! 2016-06-23 12:20:13 +02:00
Martin d'Allens
dac38246bd Add "key-direction 1" to client .ovpn
Adding this setting avoids connection errors on some clients, when the .ovpn file is imported directly in Gnome NetworkManager.

Server logs:
    Authenticate/Decrypt packet error: packet HMAC authentication failed
    TLS Error: incoming packet authentication failed from ...

Client logs:
    nm-openvpn: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    nm-openvpn: TLS Error: TLS handshake failed

NetworkManager version: 1.2.0
openvpn version: OpenVPN 2.3.10
2016-06-13 12:09:54 +02:00
Emmanuel Frecon
c12fdcd83f Automatically creating CCD directory 2016-06-08 09:14:08 +02:00
Dave Burke
d77ba5e1e8 Combine user args with generated args
Generated arguments will be added only if matching arguments were not
specified by the user. User arguments will be placed after generated
arguments. This allows the user to override any generated configuration
values.
2016-05-31 21:11:03 -05:00
Dave Burke
097376db75 Set working dir in ovpn_run instead of Dockerfile 2016-05-28 22:34:41 -05:00
Nate Jones
191cb45106 allow specifying extra config 2016-05-16 09:56:27 -07:00