From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Lepiller Subject: bug#39660: openvpn-client-service does not support auth-user-pass Date: Fri, 21 Feb 2020 12:27:11 -0500 Message-ID: <9BF96819-AE31-4DA1-9D0D-44B749992914@lepiller.eu> References: <86pnec9cs5.fsf@dismail.de> <8636b33lyj.fsf@dismail.de> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:37507) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j5C5r-00056t-Nr for bug-guix@gnu.org; Fri, 21 Feb 2020 12:28:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1j5C5q-0006gF-MU for bug-guix@gnu.org; Fri, 21 Feb 2020 12:28:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:42055) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1j5C5q-0006fh-JW for bug-guix@gnu.org; Fri, 21 Feb 2020 12:28:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1j5C5q-0002Ik-Du for bug-guix@gnu.org; Fri, 21 Feb 2020 12:28:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:470:142:3::10]:37428) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j5C5M-0004xN-Sw for bug-guix@gnu.org; Fri, 21 Feb 2020 12:27:33 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1j5C5L-0006F0-Ht for bug-guix@gnu.org; Fri, 21 Feb 2020 12:27:32 -0500 Received: from lepiller.eu ([2a00:5884:8208::1]:38732) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1j5C5K-0006DL-Tv for bug-guix@gnu.org; Fri, 21 Feb 2020 12:27:31 -0500 In-Reply-To: <8636b33lyj.fsf@dismail.de> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org Sender: "bug-Guix" To: jbranso@dismail.de, 39660@debbugs.gnu.org Le 21 f=C3=A9vrier 2020 12:10:44 GMT-05:00, Joshua Branson via Bug reports = for GNU Guix a =C3=A9crit : > >Julien and I discussed on irc that guix currently does not have a >method of generating my config file=2E Here is just an updated list of >the options that I (and possibly others) may need or want=2E > >#+BEGIN_SRC org >These are all the options that my config file has=2E If the box does >not have an X, then we should add this in the service definition=2E > >- [ ] "persist-key" >- [ ] "persist-tun" We already have both of them=2E Are they not documented? They should be pe= rsist-key? and persist-tun? respectively=2E >- [ ] "remote-random" >- [ ] "pull" >- [X] "comp-lzo no" >- [ ] "tls-client" does tls-auth provide this option??? tls-auth and tls-client are different options=2E tls-client replaces the c= lient directive we currently generate for all openvpn-client-configuration= =2E >- [ ] "verify-x509-name Server name-prefix" >- [ ] "ns-cert-type server" This is possibly deprecated? >- [ ] "key-direction 1" This is another way of specifying tls-auth? >- [X] "route-method exe" This is only useful on Windows=2E >- [ ] "route-delay 2" >- [X] "tun-mtu 1500" The documentation says most cases=2E=2E=2EI should > leave this to it's default parameter=2E So unless needed, we probably > shouldn't need to add it to guix=2E > =20 >- The next two options only make sense when we are using the protocol > udp=2E We should probably specify them someway that you can only use > them if protocol is upd=2E Something like: > > #+BEGIN_SRC scheme > (proto udp > (upd-options > (fragment 1300) > (mssfix 1200)) > #+END_SRC > >- [X] "fragment 1300" >- [X] "mssfix 1200" > > >- [ ] "cipher AES-256-CBC" >- [X] keysize 256 deprecated=2E Do not need=2E and my key size is the >cipher size anyway=2E The documentation does not reccommend manually >changing your keysize=2E >- [X] auth SHA512 I have no idea where this is in the documentation >- [X] sndbuf 524288 The documentation says that the default should >work=2E >- [X] rcvbuf 524288 as above >- [X] auth-user-pass login=2Econf >#+END_SRC > >We should also probably allow a file option=2E Some users may have a >working file=2E Perhaps we should support this: > >#+BEGIN_SRC scheme >(openvpn-client-service > #:file "/path/to/openvpn=2Econf") >#+END_SRC > >Joshua