unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#42544: openvpn service requires cert and key configuration
@ 2020-07-26  4:53 david larsson
  2020-07-28  4:27 ` david larsson
  2020-07-31 23:44 ` bug#42544: [PATCH]: gnu: services: Make some openvpn options optional to include in the openvpn config file david larsson
  0 siblings, 2 replies; 3+ messages in thread
From: david larsson @ 2020-07-26  4:53 UTC (permalink / raw)
  To: 42544

Hi,
I have a vpn configuration that doesn't use cert and key configuration 
lines so I receive errors like the following in /var/log/messages when 
trying to start the vpn-client service:

localhost openvpn[1660]: Options error: --cert fails with 'disabled': No 
such file or directory (errno=2)
localhost openvpn[1660]: Options error: --key fails with 'disabled': No 
such file or directory (errno=2)

(the lines would say the default /etc/openvpn/client.crt if I wouldn't 
have specified (cert "disabled") etc. in the guix service config)


I need a way to disable that these lines are being generated to the 
config-file.


On a related note; it would be great if other configuration options are 
added to this service as well. Below is my openvpn-client-service config 
where the commented lines are from the regular config-file which Im 
trying to define; as you can see many of the config-options can't be 
specified by openvpn-client-service (e.g. the cipher option, the 
replay-window option etc):

                   (openvpn-client-service
                    #:config
                    (let* (
                          (myuser "myuser")
                          [base-dir (string-append "/home/" myuser 
"/src/my-guixsd-config/etc_openvpn/") ])
                      (openvpn-client-configuration
                       ;; client
                       (dev 'tun)
                       ;; remote-random
                       (proto 'udp)
                       ;; mute-replay-warnings
                       ;; replay-window 256

                       ;; remote-cert-tls server lines is generated 
somehow
                       ;; remote-cert-tls server

                       ;; cipher aes-256-cbc
                       ;; ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM
                       ;; pull
                       ;; nobind
                       (bind? #f)
                       ;; reneg-sec 432000
                       ;; resolv-retry infinite
                       (resolv-retry? #t)
                       ;; compress lzo
                       (comp-lzo? #t)
                       ;; verb 3
                       (verbosity 3)
                       ;; persist-key
                       (persist-key? #t)
                       ;; persist-tun
                       (persist-tun? #t)
                       ;; auth-user-pass /etc/openvpn/credentials
                       (auth-user-pass (string-append base-dir 
"credentials"))
                       ;; ca /etc/openvpn/ovpn-ca.crt
                       (ca (string-append base-dir "ovpn-ca.crt"))
                       ;; tls-auth /etc/openvpn/ovpn-tls.key 1
                       (tls-auth (string-append base-dir "ovpn-tls.key"))
                       ;; Generates error messages in /var/log/messages 
about missing /etc/openvpn/client.crt etc
                       (key "disabled")
                       (cert "disabled")

                       ;; log /tmp/openvpn.log
                       ;; script-security 2
                       ;; resolv-conf scripts not needed for guix
                       ;; up /etc/openvpn/update-resolv-conf
                       ;; down /etc/openvpn/update-resolv-conf

                       (fast-io? #t)
                       (remote
                        (list
                         ;; Resolves to multiple vpn servers in location
                         (openvpn-remote-configuration
                          (name "pool-1.prd.se.sthlm.ovpn.com")
                          (port 1196))
                         (openvpn-remote-configuration
                          (name "pool-1.prd.se.sthlm.ovpn.com")
                          (port 1197))
                         (openvpn-remote-configuration
                          (name "pool-2.prd.se.sthlm.ovpn.com")
                          (port 1196))
                         (openvpn-remote-configuration
                          (name "pool-2.prd.se.sthlm.ovpn.com")
                          (port 1197))
                        )))))

Best regards,
David




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2020-07-31 23:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-26  4:53 bug#42544: openvpn service requires cert and key configuration david larsson
2020-07-28  4:27 ` david larsson
2020-07-31 23:44 ` bug#42544: [PATCH]: gnu: services: Make some openvpn options optional to include in the openvpn config file david larsson

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).