Instead of using a wildcard tun+ interface, use a fixed number of tun
interfaces and hope OpenVPN will use one of them.
Fixes: #1438.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Set permissions properly as if they are created newly.
- Ensure that configuration file is rewritten so that new certificate paths are
used.
- Run easyrsa init-pki to ensure that configuration file is present.
- Create necessary empty directories as per new structure.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Change file and directory structure from easy-rsa 2's flat format to easy-rsa
3's format.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This takes care of the case where a user has tried the "setup" step and
failed. The new configuration will overwrite the old one.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Earlier only openvpn@.service file was available. Currently, Debian is using
openvpn-server@.service and openvpn-client@.service. Start using this and
upgrade our current users to this approach. This fixes the problem with
incorrect enabling/disabling of OpenVPN app in Plinth.
Tested primarily three cases:
- Install version 2 of the app directly. Make sure daemon runs,
enabling/disabling the app works.
- Install version 1 of the app. Disable it. Upgrade to version 2 make sure
everything is upgraded but disabled. Enabling make the app work properly.
- Install version 1 of the app. Enable it. Upgrade to version 2 make sure
everything is upgraded, app is enabled and running.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Set unique_subject attribute to no in index.txt.attr file. This
allows regenerating a certificate for a user.
Signed-off-by: Hemanth Kumar Veeranki <hemanthveeranki@gmail.com>
The Service object now offers handling services on a system level,
and gathering information whether it's enabled or running.
New methods: enable, disable, is_enabled, is_running;
For this it needs the correct (system-level) service name.
All of the methods can be overridden/customized.
This changes all modules to the new Service object and deletes
action scripts that are not required anymore.
- Authentication using client certificates. Extra password based
authentication for later.
- Auto setup of CA, server and client certificates.
- Provides a .ovpn profile for each user for easy setup.
- Use 4096 bit Diffie-Hellman parameters for better security. If this
takes to much time, reduce it to 2048 or 1024, at least during
debugging.
