4fd33ab077
bugfix: combined-saved was not making directory
2017-01-12 12:49:24 +01:00
093fc9fafc
bin: copy_server_files: Backup crl.pem
...
* Back-up the crl.pem file if present.
* Closes #198
2017-01-05 15:58:10 -08:00
51270aae82
Merge pull request #162 from slamont/master
...
Too many arguments while pushing route
2016-09-24 18:02:28 -07:00
72a3c8a001
Fix for regression
...
As I reworked the push options, a bug got introduced where a duplication
of push in the config for the DNS dhcp-options would make it to fail.
There was no tests covering this, so I did not catch it earlier.
I've add the missing tests and fix the bug
2016-09-22 18:12:45 -04:00
2e943378d1
Too many arguments while pushing route
...
So I was trying to push a route to my client and the script failed with
'too many arguments', I reworked this part and took the opportunity to
rework a little bit the way push and routes were handled.
I also added some tests and validated that what I changed would not
break what was there before.
2016-09-22 16:02:59 -04:00
bdeaff217c
Merge pull request #161 from slamont/master
...
Add doc for extra config use and fixed unlikely unbound variable
2016-09-20 10:10:14 -07:00
e8eb1dda0c
Added extra config doc in faqs and fixed an unlikely unbound variable
2016-09-20 12:53:29 -04:00
97f8677a03
Merge pull request #160 from slamont/master
...
Add multiple extra config option
2016-09-20 09:36:01 -07:00
39996ed568
Fix Unbound Variables
2016-09-16 18:50:48 -04:00
1807bc6dc4
Add multiple extra config option
...
Add bash traceback in case an error occured
2016-09-16 18:42:45 -04:00
a17dfd7808
copy_server_files: Include ccd directory
...
* Include the client configuration directory
* Related to #133
2016-09-16 07:38:19 -07:00
9e7b363758
genconfig: Clean-up usage() display
...
* Semi-sorted order.
* Move arguments with flags up.
2016-09-03 15:45:55 -07:00
dcc33e2483
Merge pull request #143 from sandhu/master
...
Fix for Windows 10 DNS Leak
2016-07-05 11:44:18 -07:00
0a5a792519
Merge pull request #138 from Caerbannog/patch-1
...
Add "key-direction 1" to client .ovpn
2016-07-05 11:44:05 -07:00
bcedc8d6d6
Fix for Windows 10 DNS Leak
...
The patch includes an update to the OpenVPN server config to
address a DNS leak when using Windows 10, as documented at:
https://community.openvpn.net/openvpn/ticket/605
2016-07-05 13:29:45 -04:00
3e747b353e
Sending key to proper location!
2016-06-23 12:20:13 +02:00
dac38246bd
Add "key-direction 1" to client .ovpn
...
Adding this setting avoids connection errors on some clients, when the .ovpn file is imported directly in Gnome NetworkManager.
Server logs:
Authenticate/Decrypt packet error: packet HMAC authentication failed
TLS Error: incoming packet authentication failed from ...
Client logs:
nm-openvpn: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
nm-openvpn: TLS Error: TLS handshake failed
NetworkManager version: 1.2.0
openvpn version: OpenVPN 2.3.10
2016-06-13 12:09:54 +02:00
c12fdcd83f
Automatically creating CCD directory
2016-06-08 09:14:08 +02:00
d77ba5e1e8
Combine user args with generated args
...
Generated arguments will be added only if matching arguments were not
specified by the user. User arguments will be placed after generated
arguments. This allows the user to override any generated configuration
values.
2016-05-31 21:11:03 -05:00
097376db75
Set working dir in ovpn_run instead of Dockerfile
2016-05-28 22:34:41 -05:00
191cb45106
allow specifying extra config
2016-05-16 09:56:27 -07:00
d3fcec15f1
adding ovpn_listclients script
2016-05-11 16:02:27 -07:00
74bfad0aac
Add openvpn.conf gerneration -f fragment directive option
2016-04-06 15:06:02 +08:00
d481313311
Back to Alpine Linux using packaged version of google-authenticator
2016-02-11 18:10:51 +01:00
e8d93ea4fa
Use $USER@$OVPN_CN for OTP label.
2016-02-07 13:22:20 +01:00
607063b358
Do not cache user credentials
2016-02-07 02:53:43 +01:00
bb3d1add3c
Export user pass option in client when OTP is enabled
2016-02-06 21:40:11 +01:00
c24a22deea
Allow interactive usage
2016-02-06 21:38:26 +01:00
6084261943
Improved script for user OTP generation, tested with pamtester
2016-02-06 21:31:08 +01:00
dd719c1f11
Save OTP variable in server env
2016-02-06 20:25:03 +01:00
6fcebf9adb
Server side configuration for OTP
2016-02-06 20:23:59 +01:00
e7d0d4ea0e
ovpn_run: Fix sysctl IPv6 forwarding write
...
* I'm not sure if this ever worked without the `-w` flag. Perhaps in an
old version of sysctl?
2015-12-29 13:33:55 -08:00
2fa3abe064
fixed getopts argument typo. removed ":" before "z"
2015-11-29 10:15:15 -08:00
2650d4a286
COMP-lzo param is set in client config, if defined in server.
2015-11-29 10:15:15 -08:00
2abbcf1999
added config param to enable COMP-LZO compression
2015-11-29 10:14:07 -08:00
ded4414ef4
Respect the -D flag
...
It looks like edfbffb85f
2015-10-31 19:39:32 -07:00
edfbffb85f
Support pushing custom DNS servers
2015-10-16 15:41:22 +02:00
1498795de2
ovpn_copy_server_files: Use short flags with rm
...
* The busybox tool in the alpine distro doesn't support long flags.
2015-09-29 11:42:17 -07:00
f00de363c7
ovpn_copy_server_files: Copy files without rsync
...
* Hack around the missing rsync by using tar to preserve the directory
structure.
* Fixes #73
2015-09-29 11:28:04 -07:00
3df53012b6
ovpn_copy_server_files: Copy openvpn.conf instead of symlinking locally.
...
Symlinked files can be resolved by rsync when using the configuration on remote
servers but for local testing having the actual file is beneficial.
2015-08-27 21:19:27 +02:00
b96a91e876
Merge pull request #63 from ypid/allow_ciper_setting
...
Allow to change security related options tls-cipher, cipher and auth.
2015-08-26 08:42:30 -07:00
050d4a1f82
ovpn_copy_server_files: Ensure that no other keys then the one for the server is present.
...
When creating a multi-server setup I used a partly copied, partly
symlinked directory structure for the different servers after creating a
certificate for each server with `easyrsa build-server-full`. In that
process I also copied the `server` directory.
The rsync command does not delete files which are not excluded so it
included the correct server key and the original one which can be a
security risk.
2015-08-26 13:00:17 +02:00
d6209eebc2
Allow to change security related options tls-cipher, cipher and auth.
2015-08-26 12:56:40 +02:00
0181bb93d6
Add ability to set OVPN_NATDEVICE to target specific interface when using net=host
2015-08-24 17:19:40 +02:00
3703d3afc3
Add a parameter to use TAP instead of TUN device.
2015-08-19 00:46:07 +02:00
2508abd5ad
run: Fail gracefully when IPv6 fails
...
* Fail gracefully but complain in the log when --privileged isn't used
for docker run.
* IPv6 is in development for the time being.
* Closes #56
2015-08-09 18:04:05 -07:00
1f47f361eb
Merge pull request #55 from kylemanna/dev
...
Merge Development Branch
2015-08-07 11:14:59 -07:00
02c3ee63a1
Remove dh param from client config
2015-08-04 23:07:47 -04:00
34d9601e6e
ovpn_run: Assume /etc/openvpn is read-only
...
* Systemd service currently marks the mount as read-only, and this is
regarded as good practice for server/daemon only operation.
* Don't create /etc/openvpn/ccd as the mount may be read-only.
* Append the client-config-dir command line argument if it is found to
avoid mkdir operation.
* Mount can easily be modified using a different docker run line with
":ro" on the volume mount.
2015-07-27 20:26:43 -07:00
e6f7904344
run: Add IPv6 forwarding if default route
...
* Enable IPv6 forwarding if docker daemon provided a default route
* For now this requires the --privileged flag, but this could be hacked
around using `ip netns` madness.
2015-07-05 21:07:06 -07:00
