30 lines
1.0 KiB
Plaintext
30 lines
1.0 KiB
Plaintext
|
[connection]
|
||
|
|
certidude managed = true
|
||
|
|
id = {{ session.service.title }}
|
||
|
|
uuid = {{ uuid }}
|
||
|
|
type = vpn
|
||
|
|
|
||
|
|
[vpn]
|
||
|
|
service-type = org.freedesktop.NetworkManager.openvpn
|
||
|
|
connection-type = tls
|
||
|
|
cert-pass-flags 0
|
||
|
|
tap-dev = no
|
||
|
|
remote-cert-tls = server
|
||
|
|
remote = {{ authority.namespace }}
|
||
|
|
key = {% if key_path %}{{ key_path }}{% else %}/etc/certidude/authority/{{ authority.namespace }}/host_key.pem{% endif %}
|
||
|
|
cert = {% if certificate_path %}{{ certificate_path }}{% else %}/etc/certidude/authority/{{ authority.namespace }}/host_cert.pem{% endif %}
|
||
|
|
ca = {% if authority_path %}{{ authority_path }}{% else %}/etc/certidude/authority/{{ authority.namespace }}/ca_cert.pem{% endif %}
|
||
|
|
tls-cipher = {{ authority.openvpn.tls_cipher }}
|
||
|
|
cipher = {{ authority.openvpn.cipher }}
|
||
|
|
auth = {{ authority.openvpn.auth }}
|
||
|
|
{% if port %};port = {{ port }}{% else %};port = 1194{% endif %}
|
||
|
|
{% if not proto or not proto.startswith('tcp') %};{% endif %}proto-tcp = yes
|
||
|
|
|
||
|
|
[ipv4]
|
||
|
|
# Route only pushed subnets to tunnel
|
||
|
|
never-default = true
|
||
|
|
method = auto
|
||
|
|
|
||
|
|
[ipv6]
|
||
|
|
method = auto
|