leap_platform.git - [leap

Age	Commit message (Collapse)	Author
2017-02-23	assume systemd is always present now	varac

2016-05-17	[lint] make future parser happy	varac

2016-04-12	Put openvpn logs into leap directory (#8021)	Micah
	Have openvpn logs go to /var/log/leap/openvpn_$protocol, instead of to /var/log/daemon.log. Change-Id: I1fc33de660648ab0dba1ce98de2864649c104719
2016-01-19	Ensure openvpn services are running on jessie	varac

2016-01-16	[bug] Enable openvpn services on jessie	varac
	- Tested: [unstable.bitmask.net] - Resolves: #7798
2015-01-05	vpn: each openvpn process needs a unique status file name. closes #6608	elijah

2014-11-10	openvpn - support customizing --fragment, and set default to 1400	elijah

2014-05-13	openvpn server config: script-security should be "1", since we don't need ↵	elijah
	"2"; add tcp-nodelay to tcp servers.
2014-05-06	set the ipv6 configuration options on the server	Micah Anderson
	some important things to note: We are hard-coding the pushing of the ipv6 route '2000::/3' and configuring the server-ipv6 to be 2001:db8:123::/64. This netblock is a reserved ipv6 prefix that is used for documentation purposes only (http://www.apnic.net/info/faq/ipv6-documentation-prefix-faq.html), and the route being pushed redirects all internet-bound traffic. When LEAP fully supports ipv6, these network values should be turned into variables, but for now, to make sure we are blocking any clients that have functional ipv6, this will work. Change-Id: Icb65f3169264e0178a2e98825b266a779feac6b5
2014-04-24	make sure concat fragments are put together before the openvpn service	Micah Anderson
	is run, otherwise the openvpn service is restarted before config files are deployed (#4154) Change-Id: Ide38615714c1978bb90237986baea530c54153c3
2014-04-24	update indentation to be standard	Micah Anderson
	Change-Id: Ic0ac3a7e6c9ce0e5f95bab023dbbf890c31d9e1c
2014-04-05	openvpn: allow for configurable keepalive (aka ping & ping-restart) closes ↵	elijah
	https://leap.se/code/issues/4127
2014-03-20	allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵	elijah
	cipher config options.
2013-09-18	openvpn should use /usr/local/share/ca-certificates/leap_ca.crt (Feature #3831)	varac

2013-07-23	fix linting error	Micah Anderson
	Change-Id: I975e1bd480d756a85e556b440a0e28e3899c9af8
2013-07-16	lint site_openvpn manifests	Micah Anderson
	Change-Id: I314031d93aa9f4a0f217680870678e39c096d46a
2013-07-04	more robust openvpn restarting	Micah Anderson
	this ensures that an actual restart is run on the service when config files are added or removed, instead of relying on the status parameter of the initscript, which can be confused if config files are removed out from under it Change-Id: I1c69fff26933338b707acf7dc4593547f32f92e3
2013-03-17	added support for "limited" service levels (although vpn is not yet actually ↵	elijah
	rate limited).
2013-02-27	openvpn -- added support for optional "free" rate-limited service via ↵	elijah
	special client certificates with the FREE prefix in the common name.
2013-02-21	linted a bit	varac

2013-01-31	added /etc/openvpn/ca_bundle.pem in order to allow multiple CA certs to be used.	elijah

2013-01-30	linted	varac

2013-01-29	added support for client ca cert in site openvpn.	elijah

2012-12-10	openvpn: use x509 module to deploy certs (fixes #1064)	varac

2012-11-23	openvpn -- enforce certain cipher choices on the server	elijah

2012-10-30	prettyfying	varac

2012-10-29	no need for server-up.sh right now	varac

2012-10-04	different parameter for each config	varac

2012-10-04	dh1204.pem -> dh.pen	varac

2012-10-04	finished site_openvpn::server_config	varac

2012-10-04	adopted most static parameters	varac

2012-10-04	include openvpn keys	varac

2012-10-04	cosmetics for server_config.pp	varac

2012-09-21	basic configuration for openvpn server files	varac

2012-09-21	oved things around	root