allanger
/
container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Activity
546 Commits 3 Branches 6 Tags 628 KiB
Commit Graph

175 Commits

Author SHA1 Message Date
Nikolai Rodionov 2ec840ff63
Take over the project
continuous-integration/drone/push Build is passing Details 
I've decided to maintain the project myself now, so I've forked it and
create a drone pipeline to push image to my registry
 2023-08-18 17:18:48 +02:00
Lawrence Tan 6a86b23ed8
Update ovpn_revokeclient 2022-06-07 16:40:54 -07:00
lawtancool 9b23df2a6a
change server config to tls-crypt instead of tls-auth 2020-02-21 21:16:30 -08:00
lawtancool b6de5e4a40
change client config to use tls-crypt instead of tls-auth 2020-02-21 21:15:32 -08:00
lawtancool dbc54eb880
remove x509-types copying from ovpn_genclientcert 2019-06-22 21:51:41 -07:00
lawtancool 3351f38155
Create ovpn_genclientcert 2019-06-22 21:38:15 -07:00
lawtancool af3b10e731
fix easyrsa path part 2 2019-06-21 22:34:34 -07:00
lawtancool 83d7af491a
fix easyrsa path 2019-06-21 22:34:11 -07:00
lawtancool dff16d9a4f
export EASYRSA="EasyRSA-unix-v3.0.6/" 2019-06-21 22:33:08 -07:00
lawtancool 4afd4c1f90
bump to EasyRSA-unix-v3.0.6 2019-06-21 22:22:05 -07:00
lawtancool 951b98d758
clean up x509-types folder 2019-06-21 21:55:28 -07:00
lawtancool 33e5786326
fix unknown key type server" error 2019-06-21 21:55:01 -07:00
lawtancool 971dbb4bb5
fix EASYRSA_SSL_CONF 2019-06-21 21:37:35 -07:00
lawtancool a0fc7f8288
fix easyrsa The OpenSSL config file cannot be found 2019-06-21 21:10:55 -07:00
lawtancool bc8c2bc3fe
fix easyrsa pathing part 2 2019-06-21 20:54:11 -07:00
lawtancool 10ae840c31
fix easyrsa path 2019-06-21 20:53:24 -07:00
lawtancool 42ec170420
add note about removing easyrsa after finishing 2019-06-21 20:19:22 -07:00
lawtancool ff3a97062b
cleanup EasyRSA once we're done 2019-06-21 20:17:01 -07:00
lawtancool a3ec8a4bcf
download easyrsa in pki generation script 
because ubuntu doesn't have it on CLI
 2019-06-21 20:12:59 -07:00
Jochen Bauer 3771097bc9
corrected the output line, was accidentially wrong 2018-08-30 17:08:04 +02:00
Bauer, Jochen ea19fbe932 extended client status for EXPIRED or other errors 2018-09-01 15:40:38 +02:00
Denis Zamataev 49d36c2d64 implements setting 'comp-lzo no' on server conf by default 2018-05-03 15:19:02 +03:00
Denis Zamataev e1bd5b6450 removes pushing 'comp-lzo' when it is enabled 2018-05-01 21:04:31 +03:00
SizL75 092affef43
fixed type 
missing space in line 372
 2018-04-29 18:15:52 +02:00
Denis Zamataev f75f2e17a3 implements pushing comp-lzo setting 2018-04-27 14:34:29 +03:00
w2ak 26589a118e
[ovpn_getclient] key-direction before tls-auth 
NetworkManager seems to be ignoring the `key-direction` directive when
it is after the `tls-auth` key, leading to issues as #268.

Signed-off-by: w2ak <w2ak@users.noreply.github.com>
 2018-01-04 19:10:46 +01:00
Miguel Escriva 00ec5214e0 Fix ovpn_genconfig to work in arm architecture 2017-12-22 14:29:57 +01:00
Nicolas Duchon 7a29e8e39b Extra client config is now an array 2017-06-21 02:21:52 +02:00
Nicolas Duchon 16fbc4019d Fix ovpn_genconfig for repeatability 2017-06-21 02:21:52 +02:00
Kyle Manna 074a07e40e genconfig: Fix missing MTU required argument 
This must have beeen broken for a long time.  Test case added to prevent
it from breaking again.

Closes #259
 2017-05-13 09:50:18 -07:00
Alexander Chepurko 3ee5479d78 Push options need to be quoted. 
Move the implementation to process_push_config.
 2017-05-11 10:55:46 -07:00
Nicolas Duchon a091bef13b Create a script to handle client revocation 
This script revoke the certificate corresponding to the commonName passed as first parameter, generate a new CRL, copies it to /etc/openvpn, make it readable by OpenVPN and optionally remove the crt, key and req file corresponding to the revoked certificate using "remove" as second parameter (removal of those files are required to generate a new client certificate using the revoked certificate's CN).
 2017-05-10 18:08:11 +02:00
Nicolas Duchon 59644d953d Replace hardlinking of crl.pem with a copy 
easyrsa gen-crl does not modify the crl.pem in place but rather remove the old file and create a new one, which means any hardlink to it will get broken again at each invocation of easyrsa gen-crl.

If hardlink to this file is not going to work anyway and we still need it to be readable by OpenVPN, we're better off copying it and chmod-ing it every time a new one is detected on container start, using the conditional expression file1 -nt file2.
 2017-05-10 18:08:11 +02:00
Nicolas Duchon dcf3791d54 Generate a CRL during PKI initialization 2017-05-10 18:08:11 +02:00
Kyle Manna ce690e5ab1 ovpn_run: Explicitly enable ipv6 
On a recent build I ran in to the following error messages:

    Wed May  3 14:31:43 2017 /sbin/ip -6 addr add 2001:db8:0:4::1/64 dev tun0
    Wed May  3 14:31:43 2017 Linux ip -6 addr add failed: external program exited with error status: 2

This appears to be do to the fact that somewhere something defaulted the
kernel in the container to disable IPv6.  Not sure if this is my host or
the docker daemon.  Re-enable it explicitly for now until Docker gets
it's IPv6 act together.
 2017-05-03 07:48:15 -07:00
DerEnderKeks fe2cdebea2 Removed double entry 
the removed line contained the same option as line 63
 2017-03-25 19:41:31 +01:00
Sylvain Lamontagne 22fcaf9477 Add configuration for keepalive 
* Add parameter to disable the push of block-outside-dns
* -d should really do what it was supposed to do
* Fix problem where comp-lzo would always be set regardless of the parameter
 2017-03-09 20:35:52 -05:00
Nate Jones c8ba567333 only block external dns when default route is pushed 2017-03-07 23:21:17 +00:00
Ryan Schlesinger fbb97918cf
Only load config from temp file if not empty 2017-02-18 14:09:19 -08:00
Ryan Schlesinger e282e1eed0
Add -E flag for adding extra client config 2017-02-18 13:53:35 -08:00
r0p0s3c e8b568a0b9 add additional documentation clarifying calling of function, purpose, and how to override it 2017-02-16 14:57:52 -05:00
r0p0s3c a2adb59d69 move iptables/nat functionality to a function (setupIptablesAndRouting) 
This allows iptables rule update to be overridden by creating/supplying
that function in, for example, ovpn_env.sh
 2017-02-16 14:57:52 -05:00
Tilo Spannagel abdf537da5
Added IPv6 support to client script 
Signed-off-by: Tilo Spannagel <development@tilosp.de>
 2017-02-08 09:41:48 +01:00
Tilo Spannagel 1d2a2e8b29
Added IPv6 support 
Signed-off-by: Tilo Spannagel <development@tilosp.de>
 2017-02-08 09:29:47 +01:00
yanndegat 1a984ba9cd Fix OVPN_ADDITIONAL_CLIENT_CONFIG 
OVPN_ADDITIONAL_CLIENT_CONFIG isn't available in combined mode
 2017-02-06 15:49:31 +01:00
Kyle Manna be165e209e Merge pull request #208 from lhopki01/master 
Fix issue with connection resetting every hour when using otp.
 2017-01-26 22:42:04 -08:00
Luke ef8221372d change test to bring in line with others 2017-01-26 17:53:53 +00:00
Jan Kunzmann 8f304ea3fe bugfix: custom route definition didn't override default 2017-01-25 01:25:08 +01:00
Luke fbdc8e32c6 remove debugging extra 2017-01-24 14:40:48 +00:00
Luke 3ebc4903d8 automatically add reneg-sec 0 to client and server configs when otp is being used to avoid connection resetting every hour. Edit docs to make clear that a more secure cipher needs to be selected to use with otp to avoid the connection being reset every 64 MB of data 2017-01-24 14:37:48 +00:00