reneg-sec needs to be set to 0 when using otp because otherwise the connection will be ask for a otp every hour. Tests added to make sure it's there when otp is enabled
This commit is contained in:
Luke
parent
a20c63893e
commit
c9ada1eac4
|
|
@ -17,6 +17,9 @@ SERV_IP=$(ip -4 -o addr show scope global | awk '{print $4}' | sed -e 's:/.*::'
|
|||
# Configure server with two factor authentication
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --rm $IMG ovpn_genconfig -u udp://$SERV_IP -2
|
||||
|
||||
# Ensure reneg-sec 0 in server config when two factor is enabled
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --rm $IMG cat /etc/openvpn/openvpn.conf | grep 'reneg-sec 0' || abort 'reneg-sec not set to 0 in server config'
|
||||
|
||||
# nopass is insecure
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --rm -it -e "EASYRSA_BATCH=1" -e "EASYRSA_REQ_CN=Travis-CI Test CA" $IMG ovpn_initpki nopass
|
||||
|
||||
|
|
@ -40,6 +43,9 @@ echo -e "$OTP_USER\n$OTP_TOKEN" > $CLIENT_DIR/credentials.txt
|
|||
# Override the auth-user-pass directive to use a credentials file
|
||||
docker run -v $OVPN_DATA:/etc/openvpn --rm $IMG ovpn_getclient $CLIENT | sed 's/auth-user-pass/auth-user-pass \/client\/credentials.txt/' | tee $CLIENT_DIR/config.ovpn
|
||||
|
||||
# Ensure reneg-sec 0 in client config when two factor is enabled
|
||||
grep 'reneg-sec 0' $CLIENT_DIR/config.ovpn || abort 'reneg-sec not set to 0 in client config'
|
||||
|
||||
#
|
||||
# Fire up the server
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in New Issue