Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-05-13 | openvpn server config: script-security should be "1", since we don't need ↵ | elijah | |
"2"; add tcp-nodelay to tcp servers. | |||
2014-05-06 | set the ipv6 configuration options on the server | Micah Anderson | |
some important things to note: We are hard-coding the pushing of the ipv6 route '2000::/3' and configuring the server-ipv6 to be 2001:db8:123::/64. This netblock is a reserved ipv6 prefix that is used for documentation purposes only (http://www.apnic.net/info/faq/ipv6-documentation-prefix-faq.html), and the route being pushed redirects all internet-bound traffic. When LEAP fully supports ipv6, these network values should be turned into variables, but for now, to make sure we are blocking any clients that have functional ipv6, this will work. Change-Id: Icb65f3169264e0178a2e98825b266a779feac6b5 | |||
2014-04-24 | make sure concat fragments are put together before the openvpn service | Micah Anderson | |
is run, otherwise the openvpn service is restarted before config files are deployed (#4154) Change-Id: Ide38615714c1978bb90237986baea530c54153c3 | |||
2014-04-24 | update indentation to be standard | Micah Anderson | |
Change-Id: Ic0ac3a7e6c9ce0e5f95bab023dbbf890c31d9e1c | |||
2014-04-05 | openvpn: allow for configurable keepalive (aka ping & ping-restart) closes ↵ | elijah | |
https://leap.se/code/issues/4127 | |||
2014-03-20 | allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵ | elijah | |
cipher config options. | |||
2013-09-18 | openvpn should use /usr/local/share/ca-certificates/leap_ca.crt (Feature #3831) | varac | |
2013-07-23 | fix linting error | Micah Anderson | |
Change-Id: I975e1bd480d756a85e556b440a0e28e3899c9af8 | |||
2013-07-16 | lint site_openvpn manifests | Micah Anderson | |
Change-Id: I314031d93aa9f4a0f217680870678e39c096d46a | |||
2013-07-04 | more robust openvpn restarting | Micah Anderson | |
this ensures that an actual restart is run on the service when config files are added or removed, instead of relying on the status parameter of the initscript, which can be confused if config files are removed out from under it Change-Id: I1c69fff26933338b707acf7dc4593547f32f92e3 | |||
2013-03-17 | added support for "limited" service levels (although vpn is not yet actually ↵ | elijah | |
rate limited). | |||
2013-02-27 | openvpn -- added support for optional "free" rate-limited service via ↵ | elijah | |
special client certificates with the FREE prefix in the common name. | |||
2013-02-21 | linted a bit | varac | |
2013-01-31 | added /etc/openvpn/ca_bundle.pem in order to allow multiple CA certs to be used. | elijah | |
2013-01-30 | linted | varac | |
2013-01-29 | added support for client ca cert in site openvpn. | elijah | |
2012-12-10 | openvpn: use x509 module to deploy certs (fixes #1064) | varac | |
2012-11-23 | openvpn -- enforce certain cipher choices on the server | elijah | |
2012-10-30 | prettyfying | varac | |
2012-10-29 | no need for server-up.sh right now | varac | |
2012-10-04 | different parameter for each config | varac | |
2012-10-04 | dh1204.pem -> dh.pen | varac | |
2012-10-04 | finished site_openvpn::server_config | varac | |
2012-10-04 | adopted most static parameters | varac | |
2012-10-04 | include openvpn keys | varac | |
2012-10-04 | cosmetics for server_config.pp | varac | |
2012-09-21 | basic configuration for openvpn server files | varac | |
2012-09-21 | oved things around | root | |