mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
cli: Improved strongSwan gateway setup heuristics
This commit is contained in:
parent
4c9f4ffd47
commit
42916a7ccc
@ -44,6 +44,7 @@ assert hasattr(crypto.X509Req(), "get_extensions"), "You're running too old vers
|
|||||||
|
|
||||||
# Parse command-line argument defaults from environment
|
# Parse command-line argument defaults from environment
|
||||||
HOSTNAME = socket.gethostname()
|
HOSTNAME = socket.gethostname()
|
||||||
|
FQDN = socket.getaddrinfo(HOSTNAME, 0, flags=socket.AI_CANONNAME)[0][3]
|
||||||
USERNAME = os.environ.get("USER")
|
USERNAME = os.environ.get("USER")
|
||||||
NOW = datetime.utcnow().replace(tzinfo=None)
|
NOW = datetime.utcnow().replace(tzinfo=None)
|
||||||
FIRST_NAME = None
|
FIRST_NAME = None
|
||||||
@ -292,10 +293,10 @@ def certidude_setup_openvpn_client(url, config, email_address, common_name, org_
|
|||||||
@click.argument("url")
|
@click.argument("url")
|
||||||
@click.option("--common-name", "-cn", default=HOSTNAME, help="Common name, %s by default" % HOSTNAME)
|
@click.option("--common-name", "-cn", default=HOSTNAME, help="Common name, %s by default" % HOSTNAME)
|
||||||
@click.option("--org-unit", "-ou", help="Organizational unit")
|
@click.option("--org-unit", "-ou", help="Organizational unit")
|
||||||
@click.option("--fqdn", "-f", default=HOSTNAME, help="Fully qualified hostname, %s by default" % HOSTNAME)
|
@click.option("--fqdn", "-f", default=FQDN, help="Fully qualified hostname associated with the certificate")
|
||||||
@click.option("--email-address", "-m", default=EMAIL, help="E-mail associated with the request, %s by default" % EMAIL)
|
@click.option("--email-address", "-m", default=EMAIL, help="E-mail associated with the request, %s by default" % EMAIL)
|
||||||
@click.option("--subnet", "-s", default="192.168.33.0/24", type=ip_network, help="IPsec virtual subnet, 192.168.33.0/24 by default")
|
@click.option("--subnet", "-s", default="192.168.33.0/24", type=ip_network, help="IPsec virtual subnet, 192.168.33.0/24 by default")
|
||||||
@click.option("--local", "-l", default="127.0.0.1", type=ip_address, help="IPsec gateway address, defaults to 127.0.0.1")
|
@click.option("--local", "-l", default=None, type=ip_address, help="IP address associated with the certificate, none by default")
|
||||||
@click.option("--route", "-r", type=ip_network, multiple=True, help="Subnets to advertise via this connection, multiple allowed")
|
@click.option("--route", "-r", type=ip_network, multiple=True, help="Subnets to advertise via this connection, multiple allowed")
|
||||||
@click.option("--config", "-o",
|
@click.option("--config", "-o",
|
||||||
default="/etc/ipsec.conf",
|
default="/etc/ipsec.conf",
|
||||||
@ -330,8 +331,8 @@ def certidude_setup_strongswan_server(url, config, secrets, subnet, route, email
|
|||||||
email_address,
|
email_address,
|
||||||
key_usage="nonRepudiation,digitalSignature,keyEncipherment",
|
key_usage="nonRepudiation,digitalSignature,keyEncipherment",
|
||||||
extended_key_usage="serverAuth,1.3.6.1.5.5.8.2.2",
|
extended_key_usage="serverAuth,1.3.6.1.5.5.8.2.2",
|
||||||
ip_address=None if local.is_private else local,
|
ip_address=local,
|
||||||
dns=None if local.is_private or "." not in fdqn else fdqn,
|
dns=fqdn,
|
||||||
wait=True)
|
wait=True)
|
||||||
|
|
||||||
if retval:
|
if retval:
|
||||||
|
Loading…
Reference in New Issue
Block a user