[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#42544: openvpn service requires cert and key configuration
|
From: |
david larsson |
|
Subject: |
bug#42544: openvpn service requires cert and key configuration |
|
Date: |
Sun, 26 Jul 2020 04:53:35 +0000 |
Hi,
I have a vpn configuration that doesn't use cert and key configuration
lines so I receive errors like the following in /var/log/messages when
trying to start the vpn-client service:
localhost openvpn[1660]: Options error: --cert fails with 'disabled': No
such file or directory (errno=2)
localhost openvpn[1660]: Options error: --key fails with 'disabled': No
such file or directory (errno=2)
(the lines would say the default /etc/openvpn/client.crt if I wouldn't
have specified (cert "disabled") etc. in the guix service config)
I need a way to disable that these lines are being generated to the
config-file.
On a related note; it would be great if other configuration options are
added to this service as well. Below is my openvpn-client-service config
where the commented lines are from the regular config-file which Im
trying to define; as you can see many of the config-options can't be
specified by openvpn-client-service (e.g. the cipher option, the
replay-window option etc):
(openvpn-client-service
#:config
(let* (
(myuser "myuser")
[base-dir (string-append "/home/" myuser
"/src/my-guixsd-config/etc_openvpn/") ])
(openvpn-client-configuration
;; client
(dev 'tun)
;; remote-random
(proto 'udp)
;; mute-replay-warnings
;; replay-window 256
;; remote-cert-tls server lines is generated
somehow
;; remote-cert-tls server
;; cipher aes-256-cbc
;; ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM
;; pull
;; nobind
(bind? #f)
;; reneg-sec 432000
;; resolv-retry infinite
(resolv-retry? #t)
;; compress lzo
(comp-lzo? #t)
;; verb 3
(verbosity 3)
;; persist-key
(persist-key? #t)
;; persist-tun
(persist-tun? #t)
;; auth-user-pass /etc/openvpn/credentials
(auth-user-pass (string-append base-dir
"credentials"))
;; ca /etc/openvpn/ovpn-ca.crt
(ca (string-append base-dir "ovpn-ca.crt"))
;; tls-auth /etc/openvpn/ovpn-tls.key 1
(tls-auth (string-append base-dir "ovpn-tls.key"))
;; Generates error messages in /var/log/messages
about missing /etc/openvpn/client.crt etc
(key "disabled")
(cert "disabled")
;; log /tmp/openvpn.log
;; script-security 2
;; resolv-conf scripts not needed for guix
;; up /etc/openvpn/update-resolv-conf
;; down /etc/openvpn/update-resolv-conf
(fast-io? #t)
(remote
(list
;; Resolves to multiple vpn servers in location
(openvpn-remote-configuration
(name "pool-1.prd.se.sthlm.ovpn.com")
(port 1196))
(openvpn-remote-configuration
(name "pool-1.prd.se.sthlm.ovpn.com")
(port 1197))
(openvpn-remote-configuration
(name "pool-2.prd.se.sthlm.ovpn.com")
(port 1196))
(openvpn-remote-configuration
(name "pool-2.prd.se.sthlm.ovpn.com")
(port 1197))
)))))
Best regards,
David
- bug#42544: openvpn service requires cert and key configuration,
david larsson <=