lawtancool
9b23df2a6a
change server config to tls-crypt instead of tls-auth
2020-02-21 21:16:30 -08:00
lawtancool
b6de5e4a40
change client config to use tls-crypt instead of tls-auth
2020-02-21 21:15:32 -08:00
lawtancool
dbc54eb880
remove x509-types copying from ovpn_genclientcert
2019-06-22 21:51:41 -07:00
lawtancool
3351f38155
Create ovpn_genclientcert
2019-06-22 21:38:15 -07:00
lawtancool
af3b10e731
fix easyrsa path part 2
2019-06-21 22:34:34 -07:00
lawtancool
83d7af491a
fix easyrsa path
2019-06-21 22:34:11 -07:00
lawtancool
dff16d9a4f
export EASYRSA="EasyRSA-unix-v3.0.6/"
2019-06-21 22:33:08 -07:00
lawtancool
4afd4c1f90
bump to EasyRSA-unix-v3.0.6
2019-06-21 22:22:05 -07:00
lawtancool
951b98d758
clean up x509-types folder
2019-06-21 21:55:28 -07:00
lawtancool
33e5786326
fix unknown key type server" error
2019-06-21 21:55:01 -07:00
lawtancool
971dbb4bb5
fix EASYRSA_SSL_CONF
2019-06-21 21:37:35 -07:00
lawtancool
a0fc7f8288
fix easyrsa The OpenSSL config file cannot be found
2019-06-21 21:10:55 -07:00
lawtancool
bc8c2bc3fe
fix easyrsa pathing part 2
2019-06-21 20:54:11 -07:00
lawtancool
10ae840c31
fix easyrsa path
2019-06-21 20:53:24 -07:00
lawtancool
42ec170420
add note about removing easyrsa after finishing
2019-06-21 20:19:22 -07:00
lawtancool
ff3a97062b
cleanup EasyRSA once we're done
2019-06-21 20:17:01 -07:00
lawtancool
a3ec8a4bcf
download easyrsa in pki generation script
...
because ubuntu doesn't have it on CLI
2019-06-21 20:12:59 -07:00
Jochen Bauer
3771097bc9
corrected the output line, was accidentially wrong
2018-08-30 17:08:04 +02:00
Bauer, Jochen
ea19fbe932
extended client status for EXPIRED or other errors
2018-09-01 15:40:38 +02:00
Denis Zamataev
49d36c2d64
implements setting 'comp-lzo no' on server conf by default
2018-05-03 15:19:02 +03:00
Denis Zamataev
e1bd5b6450
removes pushing 'comp-lzo' when it is enabled
2018-05-01 21:04:31 +03:00
SizL75
092affef43
fixed type
...
missing space in line 372
2018-04-29 18:15:52 +02:00
Denis Zamataev
f75f2e17a3
implements pushing comp-lzo setting
2018-04-27 14:34:29 +03:00
w2ak
26589a118e
[ovpn_getclient] key-direction before tls-auth
...
NetworkManager seems to be ignoring the `key-direction` directive when
it is after the `tls-auth` key, leading to issues as #268 .
Signed-off-by: w2ak <w2ak@users.noreply.github.com>
2018-01-04 19:10:46 +01:00
Miguel Escriva
00ec5214e0
Fix ovpn_genconfig to work in arm architecture
2017-12-22 14:29:57 +01:00
Nicolas Duchon
7a29e8e39b
Extra client config is now an array
2017-06-21 02:21:52 +02:00
Nicolas Duchon
16fbc4019d
Fix ovpn_genconfig for repeatability
2017-06-21 02:21:52 +02:00
Kyle Manna
074a07e40e
genconfig: Fix missing MTU required argument
...
This must have beeen broken for a long time. Test case added to prevent
it from breaking again.
Closes #259
2017-05-13 09:50:18 -07:00
Alexander Chepurko
3ee5479d78
Push options need to be quoted.
...
Move the implementation to process_push_config.
2017-05-11 10:55:46 -07:00
Nicolas Duchon
a091bef13b
Create a script to handle client revocation
...
This script revoke the certificate corresponding to the commonName passed as first parameter, generate a new CRL, copies it to /etc/openvpn, make it readable by OpenVPN and optionally remove the crt, key and req file corresponding to the revoked certificate using "remove" as second parameter (removal of those files are required to generate a new client certificate using the revoked certificate's CN).
2017-05-10 18:08:11 +02:00
Nicolas Duchon
59644d953d
Replace hardlinking of crl.pem with a copy
...
easyrsa gen-crl does not modify the crl.pem in place but rather remove the old file and create a new one, which means any hardlink to it will get broken again at each invocation of easyrsa gen-crl.
If hardlink to this file is not going to work anyway and we still need it to be readable by OpenVPN, we're better off copying it and chmod-ing it every time a new one is detected on container start, using the conditional expression file1 -nt file2.
2017-05-10 18:08:11 +02:00
Nicolas Duchon
dcf3791d54
Generate a CRL during PKI initialization
2017-05-10 18:08:11 +02:00
Kyle Manna
ce690e5ab1
ovpn_run: Explicitly enable ipv6
...
On a recent build I ran in to the following error messages:
Wed May 3 14:31:43 2017 /sbin/ip -6 addr add 2001:db8:0:4::1/64 dev tun0
Wed May 3 14:31:43 2017 Linux ip -6 addr add failed: external program exited with error status: 2
This appears to be do to the fact that somewhere something defaulted the
kernel in the container to disable IPv6. Not sure if this is my host or
the docker daemon. Re-enable it explicitly for now until Docker gets
it's IPv6 act together.
2017-05-03 07:48:15 -07:00
DerEnderKeks
fe2cdebea2
Removed double entry
...
the removed line contained the same option as line 63
2017-03-25 19:41:31 +01:00
Sylvain Lamontagne
22fcaf9477
Add configuration for keepalive
...
* Add parameter to disable the push of block-outside-dns
* -d should really do what it was supposed to do
* Fix problem where comp-lzo would always be set regardless of the parameter
2017-03-09 20:35:52 -05:00
Nate Jones
c8ba567333
only block external dns when default route is pushed
2017-03-07 23:21:17 +00:00
Ryan Schlesinger
fbb97918cf
Only load config from temp file if not empty
2017-02-18 14:09:19 -08:00
Ryan Schlesinger
e282e1eed0
Add -E flag for adding extra client config
2017-02-18 13:53:35 -08:00
r0p0s3c
e8b568a0b9
add additional documentation clarifying calling of function, purpose, and how to override it
2017-02-16 14:57:52 -05:00
r0p0s3c
a2adb59d69
move iptables/nat functionality to a function (setupIptablesAndRouting)
...
This allows iptables rule update to be overridden by creating/supplying
that function in, for example, ovpn_env.sh
2017-02-16 14:57:52 -05:00
Tilo Spannagel
abdf537da5
Added IPv6 support to client script
...
Signed-off-by: Tilo Spannagel <development@tilosp.de>
2017-02-08 09:41:48 +01:00
Tilo Spannagel
1d2a2e8b29
Added IPv6 support
...
Signed-off-by: Tilo Spannagel <development@tilosp.de>
2017-02-08 09:29:47 +01:00
yanndegat
1a984ba9cd
Fix OVPN_ADDITIONAL_CLIENT_CONFIG
...
OVPN_ADDITIONAL_CLIENT_CONFIG isn't available in combined mode
2017-02-06 15:49:31 +01:00
Kyle Manna
be165e209e
Merge pull request #208 from lhopki01/master
...
Fix issue with connection resetting every hour when using otp.
2017-01-26 22:42:04 -08:00
Luke
ef8221372d
change test to bring in line with others
2017-01-26 17:53:53 +00:00
Jan Kunzmann
8f304ea3fe
bugfix: custom route definition didn't override default
2017-01-25 01:25:08 +01:00
Luke
fbdc8e32c6
remove debugging extra
2017-01-24 14:40:48 +00:00
Luke
3ebc4903d8
automatically add reneg-sec 0 to client and server configs when otp is being used to avoid connection resetting every hour. Edit docs to make clear that a more secure cipher needs to be selected to use with otp to avoid the connection being reset every 64 MB of data
2017-01-24 14:37:48 +00:00
gergely.mentsik
4fd33ab077
bugfix: combined-saved was not making directory
2017-01-12 12:49:24 +01:00
Kyle Manna
093fc9fafc
bin: copy_server_files: Backup crl.pem
...
* Back-up the crl.pem file if present.
* Closes #198
2017-01-05 15:58:10 -08:00