diff --git a/entrypoint-openvpn.sh b/entrypoint-openvpn.sh index 9036062..a0f9328 100755 --- a/entrypoint-openvpn.sh +++ b/entrypoint-openvpn.sh @@ -3,10 +3,5 @@ sleep 10 set -e $@ AUTHORITY=$3 -echo "Client config:" -cat /etc/certidude/client.conf -echo -echo "Generated VPN config:" -cat /etc/openvpn/$AUTHORITY.conf -echo +test -f /etc/certidude/authority/ca5.dev.lan/host_cert.pem openvpn --config /etc/openvpn/$AUTHORITY.conf diff --git a/entrypoint-strongswan.sh b/entrypoint-strongswan.sh index 5fa945e..a66918a 100755 --- a/entrypoint-strongswan.sh +++ b/entrypoint-strongswan.sh @@ -3,10 +3,5 @@ sleep 10 set -e $@ AUTHORITY=$3 -echo "Client config:" -cat /etc/certidude/client.conf -echo -echo "Generated VPN config:" -cat /etc/ipsec.conf -echo +test -f /etc/certidude/authority/ca5.dev.lan/host_cert.pem /usr/sbin/ipsec start --nofork diff --git a/pinecrypt/client/cli.py b/pinecrypt/client/cli.py index eec2fc4..62eb1d2 100644 --- a/pinecrypt/client/cli.py +++ b/pinecrypt/client/cli.py @@ -378,7 +378,6 @@ def certidude_enroll(fork, no_wait, kerberos): # OpenVPN set up with initscripts if method == "init/openvpn": openvpn_config_path = "/etc/openvpn/%s.conf" % endpoint - print(bootstrap) with open(openvpn_config_path + ".part", "w") as fh: fh.write("client\n") fh.write("nobind\n") @@ -425,16 +424,17 @@ def certidude_enroll(fork, no_wait, kerberos): config["conn", endpoint]["keyingtries"] = "%forever" config["conn", endpoint]["dpdaction"] = "restart" config["conn", endpoint]["closeaction"] = "restart" + config["conn", endpoint]["rightsubnet"] = "0.0.0.0/0" config["conn", endpoint]["ike"] = "%s!" % bootstrap["strongswan"]["ike"] config["conn", endpoint]["esp"] = "%s!" % bootstrap["strongswan"]["esp"] - config["conn", endpoint]["left"] = "%defaultroute" + config["conn", endpoint]["leftsourceip"] = "%config" config["conn", endpoint]["leftcert"] = certificate_path # leftca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME" # rightca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME" with open(strongswan_secrets_path + ".part", "w") as fh: - fh.write(": %s %s`n" % ( + fh.write(": %s %s\n" % ( "ECDSA" if authority_public_key.algorithm == "ec" else "RSA", key_path ))