Refactor

* Remove PyOpenSSL based wrapper classes * Remove unused API calls * Add certificate renewal via X-Renewal-Signature header * Remove (extended) key usage handling * Clean up OpenVPN and nginx server setup code * Use UDP port 51900 for OpenVPN by default * Add basic auth fallback for iOS in addition to Android * Reduce complexity
2025-09-06 05:41:04 +00:00 · 2017-03-13 11:42:58 +00:00
parent d1aa2f2073
commit 06010ceaf3
30 changed files with 757 additions and 952 deletions
--- a/doc/template.ovpn
+++ b/doc/template.ovpn
@@ -1,47 +0,0 @@
-# Copy this file to /etc/certidude/template.ovpn and customize gateway IP addresses
-
-# Run as client
-client # tls-client; pull
-nobind
-
-# OpenVPN gateway(s), uncomment remote-random to load balance
-comp-lzo
-proto udp
-remote 1.2.3.4
-;remote 1.2.3.5
-;remote-random
-
-# Virtual network interface settings
-dev tun
-persist-tun
-
-# Customize crypto settings
-;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA384
-;cipher AES-256-CBC
-;auth SHA384
-
-# Check that server presented certificate has TLS Server flag present
-remote-cert-tls server
-
-# X.509 business
-persist-key
-<ca>
-{{ca}}
-</ca>
-<key>
-{{key}}
-</key>
-<cert>
-{{cert}}
-</cert>
-
-# Revocation list
-<crl-verify>
-{{crl}}
-</crl-verify>
-
-# Pre-shared key for extra layer of security
-;<ta>
-;...
-;</ta>
-