mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Improve init/openvpn handler
* Create systemd service for signaling OpenVPN client after suspend * Use tun instead of tap * Update DNS server/domain upon (dis)connect * Include necessary templates
This commit is contained in:
parent
e87d1c574b
commit
cc4f13086e
@ -5,6 +5,8 @@ include certidude/templates/*.ovpn
|
|||||||
include certidude/templates/*.conf
|
include certidude/templates/*.conf
|
||||||
include certidude/templates/*.ini
|
include certidude/templates/*.ini
|
||||||
include certidude/templates/mail/*.md
|
include certidude/templates/mail/*.md
|
||||||
|
include certidude/templates/client/*.timer
|
||||||
|
include certidude/templates/client/*.service
|
||||||
include certidude/static/js/*.js
|
include certidude/static/js/*.js
|
||||||
include certidude/static/css/*.css
|
include certidude/static/css/*.css
|
||||||
include certidude/static/fonts/*.woff2
|
include certidude/static/fonts/*.woff2
|
||||||
|
@ -190,6 +190,10 @@ def certidude_request(fork, renew):
|
|||||||
if os.path.exists("/bin/systemctl"):
|
if os.path.exists("/bin/systemctl"):
|
||||||
click.echo("Re-running systemd generators for OpenVPN...")
|
click.echo("Re-running systemd generators for OpenVPN...")
|
||||||
os.system("systemctl daemon-reload")
|
os.system("systemctl daemon-reload")
|
||||||
|
if not os.path.exists("/etc/systemd/system/openvpn-reconnect.service"):
|
||||||
|
with open("/etc/systemd/system/openvpn-reconnect.service", "wb") as fh:
|
||||||
|
fh.write(env.get_template("client/openvpn-reconnect.service").render(context))
|
||||||
|
click.echo("Created /etc/systemd/system/openvpn-reconnect.service")
|
||||||
click.echo("Starting OpenVPN...")
|
click.echo("Starting OpenVPN...")
|
||||||
os.system("service openvpn start")
|
os.system("service openvpn start")
|
||||||
continue
|
continue
|
||||||
@ -534,7 +538,7 @@ def certidude_setup_openvpn_client(authority, remote, config, proto):
|
|||||||
config.write("remote %s\n" % remote)
|
config.write("remote %s\n" % remote)
|
||||||
config.write("remote-cert-tls server\n")
|
config.write("remote-cert-tls server\n")
|
||||||
config.write("proto %s\n" % proto)
|
config.write("proto %s\n" % proto)
|
||||||
config.write("dev tap\n")
|
config.write("dev tun\n")
|
||||||
config.write("nobind\n")
|
config.write("nobind\n")
|
||||||
config.write("key %s\n" % client_config.get(authority, "key path"))
|
config.write("key %s\n" % client_config.get(authority, "key path"))
|
||||||
config.write("cert %s\n" % client_config.get(authority, "certificate path"))
|
config.write("cert %s\n" % client_config.get(authority, "certificate path"))
|
||||||
@ -545,6 +549,8 @@ def certidude_setup_openvpn_client(authority, remote, config, proto):
|
|||||||
config.write("group nogroup\n")
|
config.write("group nogroup\n")
|
||||||
config.write("persist-tun\n")
|
config.write("persist-tun\n")
|
||||||
config.write("persist-key\n")
|
config.write("persist-key\n")
|
||||||
|
config.write("up /etc/openvpn/update-resolv-conf")
|
||||||
|
config.write("down /etc/openvpn/update-resolv-conf")
|
||||||
|
|
||||||
click.echo("Generated %s" % config.name)
|
click.echo("Generated %s" % config.name)
|
||||||
click.echo("Inspect generated files and issue following to request certificate:")
|
click.echo("Inspect generated files and issue following to request certificate:")
|
||||||
|
8
certidude/templates/client/openvpn-reconnect.service
Normal file
8
certidude/templates/client/openvpn-reconnect.service
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Restart OpenVPN after suspend
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/bin/pkill --signal SIGHUP --exact openvpn
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sleep.target
|
Loading…
Reference in New Issue
Block a user