30 lines
1.1 KiB
Plaintext
30 lines
1.1 KiB
Plaintext
[connection]
|
|
certidude managed = true
|
|
id = {{ session.service.title }}
|
|
uuid = {{ uuid }}
|
|
type = vpn
|
|
|
|
[vpn]
|
|
service-type = org.freedesktop.NetworkManager.openvpn
|
|
connection-type = tls
|
|
cert-pass-flags 0
|
|
tap-dev = no
|
|
remote-cert-tls = server
|
|
remote = {{ routers[0] }}
|
|
key = {% if key_path %}{{ key_path }}{% else %}/etc/certidude/authority/{{ session.authority.hostname }}/host_key.pem{% endif %}
|
|
cert = {% if certificate_path %}{{ certificate_path }}{% else %}/etc/certidude/authority/{{ session.authority.hostname }}/host_cert.pem{% endif %}
|
|
ca = {% if authority_path %}{{ authority_path }}{% else %}/etc/certidude/authority/{{ session.authority.hostname }}/ca_cert.pem{% endif %}
|
|
tls-cipher = TLS-{% if authority_public_key.algorithm == "ec" %}ECDHE-ECDSA{% else %}DHE-RSA{% endif %}-WITH-AES-256-GCM-SHA384
|
|
cipher = AES-128-GCM
|
|
auth = SHA384
|
|
{% if port %};port = {{ port }}{% else %};port = 1194{% endif %}
|
|
{% if not proto or not proto.startswith('tcp') %};{% endif %}proto-tcp = yes
|
|
|
|
[ipv4]
|
|
# Route only pushed subnets to tunnel
|
|
never-default = true
|
|
method = auto
|
|
|
|
[ipv6]
|
|
method = auto
|