AZEN-SGG/amnezia-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

moved crl-verify crl.pem to openvpn config templates

Browse source
This commit is contained in:
vladimir.kuznetsov 2023-01-19 17:49:17 +03:00
parent 8ea80a616e
commit 45016b76e7
8 changed files with 7 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
client/server_scripts/openvpn/configure_container.sh
View file

@ -18,6 +18,7 @@ user nobody
group nobody group nobody
persist-key persist-key
persist-tun persist-tun
crl-verify crl.pem
status openvpn-status.log status openvpn-status.log
verb 1 verb 1
tls-server tls-server

1
client/server_scripts/openvpn/template.ovpn
View file

@ -5,6 +5,7 @@ resolv-retry infinite
nobind nobind
persist-key persist-key
persist-tun persist-tun
crl-verify crl.pem
$OPENVPN_NCP_DISABLE $OPENVPN_NCP_DISABLE
cipher $OPENVPN_CIPHER cipher $OPENVPN_CIPHER
auth $OPENVPN_HASH auth $OPENVPN_HASH

1
client/server_scripts/openvpn_cloak/configure_container.sh
View file

@ -18,6 +18,7 @@ user nobody
group nobody group nobody
persist-key persist-key
persist-tun persist-tun
crl-verify crl.pem
status openvpn-status.log status openvpn-status.log
verb 1 verb 1
tls-server tls-server

1
client/server_scripts/openvpn_cloak/template.ovpn
View file

@ -5,6 +5,7 @@ resolv-retry infinite
nobind nobind
persist-key persist-key
persist-tun persist-tun
crl-verify crl.pem
$OPENVPN_NCP_DISABLE $OPENVPN_NCP_DISABLE
cipher $OPENVPN_CIPHER cipher $OPENVPN_CIPHER
auth $OPENVPN_HASH auth $OPENVPN_HASH

1
client/server_scripts/openvpn_shadowsocks/configure_container.sh
View file

@ -18,6 +18,7 @@ user nobody
group nobody group nobody
persist-key persist-key
persist-tun persist-tun
crl-verify crl.pem
status openvpn-status.log status openvpn-status.log
verb 1 verb 1
tls-server tls-server

1
client/server_scripts/openvpn_shadowsocks/template.ovpn
View file

@ -5,6 +5,7 @@ resolv-retry infinite
nobind nobind
persist-key persist-key
persist-tun persist-tun
crl-verify crl.pem
$OPENVPN_NCP_DISABLE $OPENVPN_NCP_DISABLE
cipher $OPENVPN_CIPHER cipher $OPENVPN_CIPHER
auth $OPENVPN_HASH auth $OPENVPN_HASH

9
client/ui/pages_logic/ClientInfoLogic.cpp
View file

@ -125,6 +125,7 @@ void ClientInfoLogic::onRevokeOpenVpnCertificateClicked()
auto error = m_serverController->runScript(credentials, script); auto error = m_serverController->runScript(credentials, script);
if (isErrorOccured(error)) { if (isErrorOccured(error)) {
set_busyIndicatorIsRunning(false); set_busyIndicatorIsRunning(false);
emit uiLogic()->goToPage(Page::ServerSettings);
return; return;
} }
@ -136,14 +137,6 @@ void ClientInfoLogic::onRevokeOpenVpnCertificateClicked()
return; return;
} }
error = m_serverController->uploadTextFileToContainer(container, credentials, "crl-verify crl.pem\n",
protocols::openvpn::serverConfigPath,
QSsh::SftpOverwriteMode::SftpAppendToExisting);
if (isErrorOccured(error)) {
set_busyIndicatorIsRunning(false);
return;
}
const QJsonObject &containerConfig = m_settings->containerConfig(uiLogic()->selectedServerIndex, container); const QJsonObject &containerConfig = m_settings->containerConfig(uiLogic()->selectedServerIndex, container);
error = m_serverController->startupContainerWorker(credentials, container, containerConfig); error = m_serverController->startupContainerWorker(credentials, container, containerConfig);
if (isErrorOccured(error)) { if (isErrorOccured(error)) {

1
docs/openVpnRevokeClientCertificate.plantuml
View file

@ -12,7 +12,6 @@ cont -> cont: cd /opt/amnezia/openvpn
cont -> cont: easyrsa revoke openvpnCertId cont -> cont: easyrsa revoke openvpnCertId
cont -> cont: easyrsa gen-crl cont -> cont: easyrsa gen-crl
cont -> cont: cp pki/crl.pem crl.pem cont -> cont: cp pki/crl.pem crl.pem
cont -> cont: add crl-verify crl.pem to server.conf
cont -> ovpn: restart openvpn service cont -> ovpn: restart openvpn service
note right note right
In the OpenVpn config In the OpenVpn config