1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Improve init/openvpn handler

* Create systemd service for signaling OpenVPN client after suspend
* Use tun instead of tap
* Update DNS server/domain upon (dis)connect
* Include necessary templates
This commit is contained in:
Lauri Võsandi 2017-04-29 22:09:31 +03:00
parent e87d1c574b
commit cc4f13086e
3 changed files with 17 additions and 1 deletions

View File

@ -5,6 +5,8 @@ include certidude/templates/*.ovpn
include certidude/templates/*.conf include certidude/templates/*.conf
include certidude/templates/*.ini include certidude/templates/*.ini
include certidude/templates/mail/*.md include certidude/templates/mail/*.md
include certidude/templates/client/*.timer
include certidude/templates/client/*.service
include certidude/static/js/*.js include certidude/static/js/*.js
include certidude/static/css/*.css include certidude/static/css/*.css
include certidude/static/fonts/*.woff2 include certidude/static/fonts/*.woff2

View File

@ -190,6 +190,10 @@ def certidude_request(fork, renew):
if os.path.exists("/bin/systemctl"): if os.path.exists("/bin/systemctl"):
click.echo("Re-running systemd generators for OpenVPN...") click.echo("Re-running systemd generators for OpenVPN...")
os.system("systemctl daemon-reload") os.system("systemctl daemon-reload")
if not os.path.exists("/etc/systemd/system/openvpn-reconnect.service"):
with open("/etc/systemd/system/openvpn-reconnect.service", "wb") as fh:
fh.write(env.get_template("client/openvpn-reconnect.service").render(context))
click.echo("Created /etc/systemd/system/openvpn-reconnect.service")
click.echo("Starting OpenVPN...") click.echo("Starting OpenVPN...")
os.system("service openvpn start") os.system("service openvpn start")
continue continue
@ -534,7 +538,7 @@ def certidude_setup_openvpn_client(authority, remote, config, proto):
config.write("remote %s\n" % remote) config.write("remote %s\n" % remote)
config.write("remote-cert-tls server\n") config.write("remote-cert-tls server\n")
config.write("proto %s\n" % proto) config.write("proto %s\n" % proto)
config.write("dev tap\n") config.write("dev tun\n")
config.write("nobind\n") config.write("nobind\n")
config.write("key %s\n" % client_config.get(authority, "key path")) config.write("key %s\n" % client_config.get(authority, "key path"))
config.write("cert %s\n" % client_config.get(authority, "certificate path")) config.write("cert %s\n" % client_config.get(authority, "certificate path"))
@ -545,6 +549,8 @@ def certidude_setup_openvpn_client(authority, remote, config, proto):
config.write("group nogroup\n") config.write("group nogroup\n")
config.write("persist-tun\n") config.write("persist-tun\n")
config.write("persist-key\n") config.write("persist-key\n")
config.write("up /etc/openvpn/update-resolv-conf")
config.write("down /etc/openvpn/update-resolv-conf")
click.echo("Generated %s" % config.name) click.echo("Generated %s" % config.name)
click.echo("Inspect generated files and issue following to request certificate:") click.echo("Inspect generated files and issue following to request certificate:")

View File

@ -0,0 +1,8 @@
[Unit]
Description=Restart OpenVPN after suspend
[Service]
ExecStart=/usr/bin/pkill --signal SIGHUP --exact openvpn
[Install]
WantedBy=sleep.target