mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Fixed strongswan server setup helper
This commit is contained in:
parent
34823d6739
commit
fcb770aa7c
@ -17,7 +17,7 @@ from certidude.signer import SignServer
|
|||||||
from certidude.wrappers import CertificateAuthorityConfig, subject2dn
|
from certidude.wrappers import CertificateAuthorityConfig, subject2dn
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from humanize import naturaltime
|
from humanize import naturaltime
|
||||||
from ipaddress import ip_network
|
from ipaddress import ip_network, ip_address
|
||||||
from jinja2 import Environment, PackageLoader
|
from jinja2 import Environment, PackageLoader
|
||||||
from time import sleep
|
from time import sleep
|
||||||
from setproctitle import setproctitle
|
from setproctitle import setproctitle
|
||||||
@ -293,7 +293,7 @@ def certidude_setup_openvpn_client(url, config, email_address, common_name, org_
|
|||||||
@click.option("--fqdn", "-f", default=HOSTNAME, help="Fully qualified hostname, %s by default" % HOSTNAME)
|
@click.option("--fqdn", "-f", default=HOSTNAME, help="Fully qualified hostname, %s by default" % HOSTNAME)
|
||||||
@click.option("--email-address", "-m", default=EMAIL, help="E-mail associated with the request, %s by default" % EMAIL)
|
@click.option("--email-address", "-m", default=EMAIL, help="E-mail associated with the request, %s by default" % EMAIL)
|
||||||
@click.option("--subnet", "-s", default="192.168.33.0/24", type=ip_network, help="IPsec virtual subnet, 192.168.33.0/24 by default")
|
@click.option("--subnet", "-s", default="192.168.33.0/24", type=ip_network, help="IPsec virtual subnet, 192.168.33.0/24 by default")
|
||||||
@click.option("--local", "-l", default="127.0.0.1", help="IPsec gateway address, defaults to 127.0.0.1")
|
@click.option("--local", "-l", default="127.0.0.1", type=ip_address, help="IPsec gateway address, defaults to 127.0.0.1")
|
||||||
@click.option("--route", "-r", type=ip_network, multiple=True, help="Subnets to advertise via this connection, multiple allowed")
|
@click.option("--route", "-r", type=ip_network, multiple=True, help="Subnets to advertise via this connection, multiple allowed")
|
||||||
@click.option("--config", "-o",
|
@click.option("--config", "-o",
|
||||||
default="/etc/ipsec.conf",
|
default="/etc/ipsec.conf",
|
||||||
@ -309,7 +309,7 @@ def certidude_setup_openvpn_client(url, config, email_address, common_name, org_
|
|||||||
@click.option("--certificate-path", "-crt", default="certs/%s.pem" % HOSTNAME, help="Certificate path, certs/%s.pem by default" % HOSTNAME)
|
@click.option("--certificate-path", "-crt", default="certs/%s.pem" % HOSTNAME, help="Certificate path, certs/%s.pem by default" % HOSTNAME)
|
||||||
@click.option("--authority-path", "-ca", default="cacerts/ca.pem", help="Certificate authority certificate path, cacerts/ca.pem by default")
|
@click.option("--authority-path", "-ca", default="cacerts/ca.pem", help="Certificate authority certificate path, cacerts/ca.pem by default")
|
||||||
@expand_paths()
|
@expand_paths()
|
||||||
def certidude_setup_strongswan_server(url, config, secrets, subnet, route, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, local, ip_address, fqdn):
|
def certidude_setup_strongswan_server(url, config, secrets, subnet, route, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, local, fqdn):
|
||||||
|
|
||||||
config.write(env.get_template("strongswan-site-to-client.conf").render(locals()))
|
config.write(env.get_template("strongswan-site-to-client.conf").render(locals()))
|
||||||
|
|
||||||
@ -329,8 +329,8 @@ def certidude_setup_strongswan_server(url, config, secrets, subnet, route, email
|
|||||||
org_unit,
|
org_unit,
|
||||||
email_address,
|
email_address,
|
||||||
key_usage="nonRepudiation,digitalSignature,keyEncipherment",
|
key_usage="nonRepudiation,digitalSignature,keyEncipherment",
|
||||||
extended_key_usage="serverAuth,ikeIntermediate",
|
extended_key_usage="serverAuth",
|
||||||
ipv4_address=None if local.is_private else local,
|
ip_address=None if local.is_private else local,
|
||||||
dns=None if local.is_private or "." not in fdqn else fdqn,
|
dns=None if local.is_private or "." not in fdqn else fdqn,
|
||||||
wait=True)
|
wait=True)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user