d7cf0c7e93
MAINTAINER is deprecated, using LABEL now
2017-10-31 20:12:28 -07:00
727231444b
Merge pull request #321 from Silex/patch-1
...
Fix typos
2017-10-22 20:05:35 -07:00
0686b100b1
Fix typos
2017-10-20 14:35:40 +02:00
83d61c7c18
Merge pull request #306 from andrewrembrandt/patch-1
...
Typo/outdated edit config command?
2017-08-12 06:26:45 -07:00
493865f441
Typo/outdated edit config command?
...
Looks like this was written for an earlier iteration?
2017-08-11 13:12:57 +01:00
84c87f5f7f
Merge pull request #294 from mypetyak/systemd/capabilities
...
systemd: reduce container privilege by whitelisting NET_ADMIN capability
2017-07-10 22:23:33 -07:00
9f1ae1b989
Merge pull request #293 from mypetyak/docs/escape_contributing_markdown
...
docs: properly escape CONTRIBUTING markdown
2017-07-10 22:16:57 -07:00
8f09769fdd
systemd: reduce container privilege by whitelisting NET_ADMIN capability
2017-07-10 20:10:39 -07:00
571e181152
docs: properly escape CONTRIBUTING markdown
2017-07-10 20:06:05 -07:00
925b08fec4
Merge pull request #283 from buchdag/genconfig-fix
...
Fix ovpn_genconfig repeatability issue
2017-07-08 11:06:36 -07:00
7a29e8e39b
Extra client config is now an array
2017-06-21 02:21:52 +02:00
16fbc4019d
Fix ovpn_genconfig for repeatability
2017-06-21 02:21:52 +02:00
63a2449705
Add test for ovpn_genconfig repeatability
2017-06-21 01:03:49 +02:00
1b8374f818
Merge pull request #281 from buchdag/crl-expire
...
Defaults easy_rsa CRL next update to 3650 days
2017-06-17 09:15:27 -07:00
8d7bc7e2c5
Set CRL next update to 3650 days
2017-06-17 13:17:20 +02:00
e30ee8eecf
Add CRL next update test
2017-06-17 13:17:08 +02:00
e00a72a3f6
Dockerfile: master branch follows alpine:latest
...
The master branch will follow alpine:latest. See `openvpn-2.x` branches
for more stability.
Related #267
2017-05-26 12:25:43 -07:00
d974c0ac6a
README: Mention passphrase prompt and systemd init
...
* Enhance the documentation to mention that user interaction is
necessary during the `ovpn_initpki`.
* Re-arrange the next steps part to point people to systemd init as well
as docs directory.
Closes #266
2017-05-20 08:44:22 -07:00
c0ed8d468d
Dockerfile: Drop edge/community for google-authenticator
...
* Use the primary repository now that google-authenticator is available
from alpine:v3.5.
Related to #262
2017-05-17 09:27:30 -07:00
2a9059aa36
tests: Clean-up client + conf_options
...
Clean-up the mess that was here. It's less error prone, shorter and
easier to read.
2017-05-13 10:52:47 -07:00
074a07e40e
genconfig: Fix missing MTU required argument
...
This must have beeen broken for a long time. Test case added to prevent
it from breaking again.
Closes #259
2017-05-13 09:50:18 -07:00
8c9d88b316
tests: client: Add client config test suite
...
* Test the client configuration to detect breakages
2017-05-13 09:50:18 -07:00
78d612d181
Merge pull request #253 from chepurko/patch-1
2017-05-11 11:21:14 -07:00
6bff62eb79
Dockerfile: Swtich from dl-4 to dl-cdn.alpinelinux.org
...
* At the time of this commit dl-4.alpinelinux.org was unreachable.
* Switch to the CDN instead of some hardcoded server.
2017-05-11 11:20:40 -07:00
8f2f27486c
Add quoting into test.sh push options.
2017-05-11 10:55:46 -07:00
3ee5479d78
Push options need to be quoted.
...
Move the implementation to process_push_config.
2017-05-11 10:55:46 -07:00
909744dd78
Merge pull request #251 from buchdag/buchdag-revoke1
...
Fix certificate revocation
2017-05-10 09:37:03 -07:00
5aea8b914c
Update documentation
...
Add ovpn_revokeclient usage to client.md and docker-compose.md
2017-05-10 18:08:11 +02:00
a091bef13b
Create a script to handle client revocation
...
This script revoke the certificate corresponding to the commonName passed as first parameter, generate a new CRL, copies it to /etc/openvpn, make it readable by OpenVPN and optionally remove the crt, key and req file corresponding to the revoked certificate using "remove" as second parameter (removal of those files are required to generate a new client certificate using the revoked certificate's CN).
2017-05-10 18:08:11 +02:00
59644d953d
Replace hardlinking of crl.pem with a copy
...
easyrsa gen-crl does not modify the crl.pem in place but rather remove the old file and create a new one, which means any hardlink to it will get broken again at each invocation of easyrsa gen-crl.
If hardlink to this file is not going to work anyway and we still need it to be readable by OpenVPN, we're better off copying it and chmod-ing it every time a new one is detected on container start, using the conditional expression file1 -nt file2.
2017-05-10 18:08:11 +02:00
dcf3791d54
Generate a CRL during PKI initialization
2017-05-10 18:08:11 +02:00
76546e1823
Add client revocation test
2017-05-10 18:08:11 +02:00
f996bbaa8e
README: Clarify volume naming convention
...
* Use a better default that works with systemd service out of the box.
* Update upstart init script to follow convention.
2017-05-10 08:14:51 -07:00
861ed05c48
Merge pull request #254 from buchdag/buchdag-systemd.md
...
Clarify and complete systemd.md
2017-05-06 07:04:18 -07:00
ce690e5ab1
ovpn_run: Explicitly enable ipv6
...
On a recent build I ran in to the following error messages:
Wed May 3 14:31:43 2017 /sbin/ip -6 addr add 2001:db8:0:4::1/64 dev tun0
Wed May 3 14:31:43 2017 Linux ip -6 addr add failed: external program exited with error status: 2
This appears to be do to the fact that somewhere something defaulted the
kernel in the container to disable IPv6. Not sure if this is my host or
the docker daemon. Re-enable it explicitly for now until Docker gets
it's IPv6 act together.
2017-05-03 07:48:15 -07:00
e4821ec709
Clarify and complete systemd.md
2017-05-02 22:24:37 +02:00
808e2448b1
Merge pull request #244 from DerEnderKeks/patch-1
...
Removed double entry
2017-05-02 10:48:14 -07:00
fe2cdebea2
Removed double entry
...
the removed line contained the same option as line 63
2017-03-25 19:41:31 +01:00
892a3c9a1c
Merge pull request #234 from slamont/master
...
Add an option for setting different values for keepalive
2017-03-09 20:30:49 -08:00
a3c96bc881
Add test for keepalive
2017-03-09 20:58:46 -05:00
22fcaf9477
Add configuration for keepalive
...
* Add parameter to disable the push of block-outside-dns
* -d should really do what it was supposed to do
* Fix problem where comp-lzo would always be set regardless of the parameter
2017-03-09 20:35:52 -05:00
d454a20e80
Merge pull request #231 from mediatemple/only_block_when_road_warrior
...
Only block external dns when default route is pushed
2017-03-07 16:24:34 -08:00
c8ba567333
only block external dns when default route is pushed
2017-03-07 23:21:17 +00:00
21ae2fcef4
fix block-external-dns tests
2017-03-07 23:20:50 +00:00
24944b0a11
Merge pull request #226 from vielmetti/patch-1
...
Create Dockerfile.aarch64
2017-02-24 09:06:58 -08:00
b74cbd5c74
Create Dockerfile.aarch64
...
New Dockerfile to support aarch64 (ARMv8, arm64).
2017-02-23 13:59:43 -05:00
93c3a0453d
README: Fix docker-compose mention
...
Previously rendered poorly on both GitHub and Docker Hub.
2017-02-23 08:01:08 -08:00
b868fa9093
Merge pull request #223 from outstand/extra-client-config
...
Add -E flag for adding extra client config
2017-02-19 09:34:09 -08:00
fbb97918cf
Only load config from temp file if not empty
2017-02-18 14:09:19 -08:00
e282e1eed0
Add -E flag for adding extra client config
2017-02-18 13:53:35 -08:00
cglewis
Kyle Manna
Philippe Vaucher
Andrew Rembrandt
Christopher Bunn
Nicolas Duchon
Alexander Chepurko
DerEnderKeks
Sylvain Lamontagne
Nate Jones
Edward Vielmetti
Ryan Schlesinger