[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
workin on openvpn service
|
From: |
Julien Lepiller |
|
Subject: |
workin on openvpn service |
|
Date: |
Wed, 19 Oct 2016 22:41:53 +0200 |
Hi,
I'm currently writing an openvpn service. Here is the patch (wip). It
works for the client part, I didn't test the server part yet (but it
generates a configuration file).
First, how could I make openvpn-config-file look better?
Also, I need to document all of this patch.
When running as a server, the configuration may specify a ccd directory
that contains files with information about clients (one client per
file, named after the CN of the client's certificate). This file can be
used to assign a specific IP to the client, or allow its subnet to
access the VPN. They are tightly coupled with the configuration file.
For instance, to allow "Alice"'s subnet to access the VPN, you would:
create a ccd/Alice file with content:
> iroute 192.168.1.0/24
and add this configuration in the main server's configuration file:
> route 192.168.1.0/24
and optionally (in conjunction with client-to-client):
> push "route 192.168.1.0/24"
So I would like to create a record to contain information for each
client, something like <openvpn-client-ccd>, that would contain a
name, a subnet and a specific VPN IP address ("ifconfig-push" in the ccd
file). The VPN IP has some restrictions on its last byte (should be one
of 1, 5, 9, 13, 17, ..., 253). How would you verify that?
Is this the good approach? Also, how would you create multiple ccd
files for different clients in the same directory (preferably
in /gnu/store)?
0001-gnu-Add-openvpn-services.patch
Description: Text Data
- workin on openvpn service,
Julien Lepiller <=