summaryrefslogtreecommitdiff
path: root/data/templates/openvpn/server.conf.tmpl
AgeCommit message (Collapse)Author
2022-04-13openvpn: T4333: migrate to new vyos_defined Jinja2 testChristian Poessinger
2022-02-09openvpn: T3686: Fix for check local-address in script and tmplViacheslav Hletenko
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template
2021-11-01Merge branch 'current' into T3350-sagittazdc
2021-10-07Merge branch 'current' into 2faKim
2021-10-07openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-10-07pull request fixesKim Hagen
2021-10-04OpenVPN: T3350: Changed custom options for OpenVPN processingzsdc
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing.
2021-09-27openvpn: T690: Fix template for gateway and metricViacheslav
Some OpenVPN clients doesnt support option gateway and metric. Set metric option only when 'metric' was added in config explicity. (cherry picked from commit 96681d8bf1ede069b573a4cbe3a2493c374d048e)
2021-09-23openvpn: T3642: Openvpn does not work without dh parameter in EC modeNicolas Riebesel
2021-09-17Revert "openvpn: T3736: openvpn-option keeps and adds double dashes (--)"Kim Hagen
This reverts commit 415e572dfba776a981e2ec1e4331c30cd5cb59f3.
2021-09-17update the location of the openvpn-otp.so pluginKim Hagen
2021-09-08openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-09-03do not use capitals in opmodeKim Hagen
rename t0 to drift add subnemu for 2fa to make it more readable
2021-09-03fix configure error if 2fa is defined but no option is definedKim Hagen
2021-09-03change secret file location in templateKim Hagen
2021-09-03fix file location and use correct variableKim Hagen
2021-09-02add 2fa op files and update templateKim Hagen
2021-08-17add part 2faKim Hagen
2021-08-16openvpn: T690: Add metric for pushed routesViacheslav
2021-08-11openvpn: T3736: openvpn-option keeps and adds double dashes (--)Kim Hagen
2021-07-21pki: openvpn: T3642: Migrate OpenVPN to PKI and refactorsarthurdev
2021-06-25openvpn: T1704: drop deprecated disable-ncp optionChristian Poessinger
2021-06-24openvpn: T1512: T3641: drop deprecated "compat-names" optionChristian Poessinger
2021-06-24openvpn: T3641: remove deprecated iproute optionChristian Poessinger
Executing iproute2 commands as unprivileged member of the openvpn group is now handled via a sudoers file.
2021-01-17openvpn: T2381: bugfix rendering multiple openvpn-options from CLIChristian Poessinger
The CLI statement "set interfaces openvpn vtun10 openvpn-option '--tun-mtu 1500 --fragment 1300 --mssfix'" will render in vtun10.conf to: --tun-mtu 1500 --fragment 1300 --mssfix On startup OpenVPN complains about: openvpn-vtun10: Options error: Unrecognized option or missing or extra parameter(s) in vtun10.conf:76: tun-mtu (2.4.7) The options must be split on -- to a new configuration line.
2020-12-31openvpn: T2994: fix ipv6 server modeChristian Poessinger
2020-12-21openvpn: T3143: Push routes in correct format <IP> <NETMASK>DmitriyEshenko
2020-12-08openvpn: T3117: fix generated ncp-ciphers in server configChristian Poessinger
2020-11-23openvpn: T3074: fix site-2-site operation modeChristian Poessinger
When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected.
2020-11-22openvpn: T3080: add missing multiplication on keepalive config optionChristian Poessinger
2020-11-21openvpn: T3060: always listen op IPv4 and IPv6 socketsChristian Poessinger
2020-11-14openvpn: T2550: default connection protocol to udpChristian Poessinger
setting this to udp will allow both IPv4 and IPv6 connections. According to the MAN page: proto indicates the protocol to use when connecting with the remote, and may be "tcp" or "udp". For forcing IPv4 or IPv6 connection suffix tcp or udp with 4/6 like udp4/udp6/tcp4/tcp6.
2020-11-13openvpn: T3060: fix CLI to real config mapping for protocol nodeChristian Poessinger
2020-11-13vyos.template: provide general is_ip(v4|v6) helpersChristian Poessinger
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts.
2020-11-13openvpn: T3051: fix creation of ifconfig-pool for client communicationChristian Poessinger
2020-11-01openvpn: T2994: re-add ifconfig-pool statement in server configChristian Poessinger
Re-organize the template code and add addtitional Jinja2 filters for processing the ifconfig-pool statement. This reverts the changes from commit 7e546be9 ("openvpn: T2994: temporary revert to 1.2 crux behavior for client pools").
2020-11-01openvpn: T2994: remove workarounds for individual ipv4 and ipv6 keysChristian Poessinger
Remove workaround which split (local|remote)_address and also subnet keys into individual keys for the assigned IP address family (4/6). During template rendering check IP version by introducing new ipv4 and ipv6 Jinja2 filters {% if foo | ipv4 %} or {% if bar | ipv6 %} options.
2020-10-31openvpn: T2994: temporary revert to 1.2 crux behavior for client poolsChristian Poessinger
2020-10-31openvpn: T2994: bugfix evaluating replace-default-route in templateChristian Poessinger
2020-10-30openvpn: T2994: migrate to get_config_dict()Christian Poessinger
2020-09-22openvpn: T2906: tls-auth missing key directionMarcus Hoff
2020-09-22openvpn: T2907: add 'none' encryption option to not encrypt any dataMarcus Hoff
2020-05-04openvpn: T2241: remove redundant bridge_member variableJernej Jakob
2020-04-20openvpn: T2339: fix for IPv4 local-host addressesJernej Jakob
Commit bb9f998 introduced a bug where openvpn fails to start if 'local-host' is an IPv4 address due to 'proto' wanting a IPv6 socket. This adds a conditional check and uses normal proto if it's IPv4.
2020-04-19openvpn: T2308: fix path to UNIX control socketChristian Poessinger
Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to systemd") as not all relevant configuration files have been re-rendered into /run/openvpn.
2020-04-19openvpn: T2336: fix auth-user-pass file generationChristian Poessinger
Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to systemd") as not all relevant configuration files have been re-rendered into /run/openvpn
2020-04-16openvpn: T149: IPv6 supportJernej Jakob
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool)
2020-04-15openvpn: T2335: allow disabling client-ip-poolJernej Jakob
2020-04-13Merge pull request #325 from jjakob/openvpn-poolChristian Poessinger
openvpn: T2235: add custom server pool handling
2020-04-13openvpn: T2235: add custom server pool handlingjjakob
- add config options and logic for server client-ip-pool - add function for determining default IPs for the server in different configurations - verify for pool IPs and maximum subnet prefix length - move remote netmask logic for client ifconfig-push to use new function - add topology 'net30' , set it as default (as it already was) - replace generic ip_* with IPv4* where necessary - print warning to console when server client IP is in server pool - fix server subnet help field