From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id KDRwGnYMHV9FaAAA0tVLHw (envelope-from ) for ; Sun, 26 Jul 2020 04:54:14 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id uBhfFnYMHV+MMAAAB5/wlQ (envelope-from ) for ; Sun, 26 Jul 2020 04:54:14 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id AD5E69403D3 for ; Sun, 26 Jul 2020 04:54:12 +0000 (UTC) Received: from localhost ([::1]:45430 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jzYfp-000580-Qh for larch@yhetil.org; Sun, 26 Jul 2020 00:54:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37892) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jzYfi-00057g-HQ for bug-guix@gnu.org; Sun, 26 Jul 2020 00:54:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:40020) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jzYfi-0007cH-8p for bug-guix@gnu.org; Sun, 26 Jul 2020 00:54:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jzYfi-0006GC-7G for bug-guix@gnu.org; Sun, 26 Jul 2020 00:54:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#42544: openvpn service requires cert and key configuration Resent-From: david larsson Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 26 Jul 2020 04:54:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 42544 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 42544@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.159573923824052 (code B ref -1); Sun, 26 Jul 2020 04:54:02 +0000 Received: (at submit) by debbugs.gnu.org; 26 Jul 2020 04:53:58 +0000 Received: from localhost ([127.0.0.1]:51566 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jzYfa-0006Fo-Af for submit@debbugs.gnu.org; Sun, 26 Jul 2020 00:53:58 -0400 Received: from lists.gnu.org ([209.51.188.17]:47896) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jzYfX-0006Fg-ST for submit@debbugs.gnu.org; Sun, 26 Jul 2020 00:53:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37878) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jzYfX-00057T-Hf for bug-guix@gnu.org; Sun, 26 Jul 2020 00:53:51 -0400 Received: from server0.selfhosted.xyz ([217.64.149.7]:36856) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jzYfV-0007bl-3L for bug-guix@gnu.org; Sun, 26 Jul 2020 00:53:51 -0400 Received: from [127.0.0.1] (localhost [127.0.0.1]) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=selfhosted.xyz; s=dkim; t=1595739221; bh=TFNgMLmdRukyA/Id56PDh2joILoqkOAXDnYMq0TroEQ=; h=Date:From:To:Subject; b=iKCw95ClKp/YHeuXjaf/JkecV4esYapaMFKMNHMGVHa+y+mEfVFin1n+v/JIv4FIB HFh40J1ENfxfvjm5KSMwuLMSDwsw9ZvyE8WzOh3T+IbHjNuJpfPnG1VEq+Gcqo+2oV JYsWKSlKZcCa/N5/8JlK7Sjz0u+MZW2mYr9sDWXlH02zNTZnkgVsoCD3b9fbD9qcI1 dg/vhd77koYMG54eL+K/mU64IS2jPVdqs86kVEeT0h6fzZHzglPb1EW8OjCiFyg2KB FKaJnf5cWeIrogQZjeQasL99KLnSecnAfXPl8i3w5U5DuIThg5L8jwUk96C+E4asJF 9/9M3SokhILkQ== X-Fuglu-Suspect: cd089750817941438111f70a78a5260d X-Fuglu-Spamstatus: NO Received: from [127.0.0.1] (localhost [127.0.0.1]) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sun, 26 Jul 2020 04:53:35 +0000 From: david larsson Message-ID: <029ee37c6910a0136916fd1673a517bd@selfhosted.xyz> X-Sender: david.larsson@selfhosted.xyz Received-SPF: pass client-ip=217.64.149.7; envelope-from=david.larsson@selfhosted.xyz; helo=server0.selfhosted.xyz X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/26 00:53:41 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -13 X-Spam_score: -1.4 X-Spam_bar: - X-Spam_report: (-1.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_SUSPICIOUS_NTLD=1, FROM_SUSPICIOUS_NTLD_FP=1, PDS_OTHER_BAD_TLD=1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -0.4 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.9 (-) X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=selfhosted.xyz header.s=dkim header.b=iKCw95Cl; dmarc=fail reason="SPF not aligned (relaxed)" header.from=selfhosted.xyz (policy=none); spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Spam-Score: 1.59 X-TUID: vIVyXTMK0aIa Hi, I have a vpn configuration that doesn't use cert and key configuration lines so I receive errors like the following in /var/log/messages when trying to start the vpn-client service: localhost openvpn[1660]: Options error: --cert fails with 'disabled': No such file or directory (errno=2) localhost openvpn[1660]: Options error: --key fails with 'disabled': No such file or directory (errno=2) (the lines would say the default /etc/openvpn/client.crt if I wouldn't have specified (cert "disabled") etc. in the guix service config) I need a way to disable that these lines are being generated to the config-file. On a related note; it would be great if other configuration options are added to this service as well. Below is my openvpn-client-service config where the commented lines are from the regular config-file which Im trying to define; as you can see many of the config-options can't be specified by openvpn-client-service (e.g. the cipher option, the replay-window option etc): (openvpn-client-service #:config (let* ( (myuser "myuser") [base-dir (string-append "/home/" myuser "/src/my-guixsd-config/etc_openvpn/") ]) (openvpn-client-configuration ;; client (dev 'tun) ;; remote-random (proto 'udp) ;; mute-replay-warnings ;; replay-window 256 ;; remote-cert-tls server lines is generated somehow ;; remote-cert-tls server ;; cipher aes-256-cbc ;; ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM ;; pull ;; nobind (bind? #f) ;; reneg-sec 432000 ;; resolv-retry infinite (resolv-retry? #t) ;; compress lzo (comp-lzo? #t) ;; verb 3 (verbosity 3) ;; persist-key (persist-key? #t) ;; persist-tun (persist-tun? #t) ;; auth-user-pass /etc/openvpn/credentials (auth-user-pass (string-append base-dir "credentials")) ;; ca /etc/openvpn/ovpn-ca.crt (ca (string-append base-dir "ovpn-ca.crt")) ;; tls-auth /etc/openvpn/ovpn-tls.key 1 (tls-auth (string-append base-dir "ovpn-tls.key")) ;; Generates error messages in /var/log/messages about missing /etc/openvpn/client.crt etc (key "disabled") (cert "disabled") ;; log /tmp/openvpn.log ;; script-security 2 ;; resolv-conf scripts not needed for guix ;; up /etc/openvpn/update-resolv-conf ;; down /etc/openvpn/update-resolv-conf (fast-io? #t) (remote (list ;; Resolves to multiple vpn servers in location (openvpn-remote-configuration (name "pool-1.prd.se.sthlm.ovpn.com") (port 1196)) (openvpn-remote-configuration (name "pool-1.prd.se.sthlm.ovpn.com") (port 1197)) (openvpn-remote-configuration (name "pool-2.prd.se.sthlm.ovpn.com") (port 1196)) (openvpn-remote-configuration (name "pool-2.prd.se.sthlm.ovpn.com") (port 1197)) ))))) Best regards, David