From patchwork Mon Mar 4 16:15:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3634 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:1888:b0:559:d8ef:cc57 with SMTP id r8csp2754824max; Mon, 4 Mar 2024 08:16:44 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCV8QtiwSOy2DcnN1/ufJICDqwpO+0T+1S/FDaildbNHljWmU1fSI9fxJQeWB6fEiPzqhbgoeVMHNNwKeaWTu39FaHEIQck= X-Google-Smtp-Source: AGHT+IEdHjC/tw/yjMQOo0S0+Vw3r1QY9/S6S8xMSGz5vBQam2mhndbnDyR0VXjM9CMctfQYucqP X-Received: by 2002:a17:903:4d1:b0:1dc:c8b8:3c98 with SMTP id jm17-20020a17090304d100b001dcc8b83c98mr10552526plb.0.1709569004223; Mon, 04 Mar 2024 08:16:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1709569004; cv=none; d=google.com; s=arc-20160816; b=iwST8dglRiJFUTsIMbDNIUl0rm29rT9svY+YI42O15IqtlY79BHCjPm+kzYQ/1m6Dy 0/OibvGWJ4g9IuLYZ1gphz8OzC+W/z2dE5uGrKV0UeHh5u0rFNm0xblWDoIvIr3tnKUj KVaiInX2dF3gGS8Q1hm09lvNwuP7xSGsLhGi5WisxiLQ6JZz4RAC0WUtSV6Z+aY2grpS dr42+IUWPrNd6UfXaiGi1j04IpSWb5VkZ5jlliHsg4whulGYNEgbZvET7JeO2F49opTm 24KupB5DTMLVQhz+7HROCw0lbnQEb2UHh55QFV76g2Pf4LMJL8CIcfszbNdln1LnfaEZ RNow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=nvRelhgq+JZVqZDMGL8nXrv57mbHy0vC86P9iu7p5oE=; fh=rRyziUjtlg7VqhlVNPduuipGMqeP91E0BunyLdrDR7A=; b=GEZCsvq78dcCRorRFwnk9SU5KyELeda/CAWk7POyyIHIaJWX289frq/GBnoRf5D1V6 k6uDq/ILOyp4CrL7hzQcb1cmmmTYtzpeuwqjcO6Fb1dxRXmszXGVvFWdkt0aO++OECkh L8SrO/n3pWtf9yShEGeJ9VPhjU6+aJ6oK3ThAPHeOIqimAEs3YnEtt6PPoG9zyy4RRPp hHWiZIBtK5kSlXhqujueDbnDzOiwUBEW4feTLp/ByK1bHWgSJ1dRiqnTfU6F/ZhML/17 IblaOnYtXk6nZ9JKwEI45b/WI7sTAGW+4UzUymkxz+Ic3SWfpZAJKfHY7TddtvsJm9tR t6ZQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=BgcS3Yfz; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="mWj/hS6c"; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b="AkK/HcI0"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id lm3-20020a170903298300b001dcf7bfc4aasi4542730plb.21.2024.03.04.08.16.44 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Mar 2024 08:16:44 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=BgcS3Yfz; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="mWj/hS6c"; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b="AkK/HcI0"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rhAz8-0005lj-4z; Mon, 04 Mar 2024 16:16:14 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rhAz4-0005lZ-3U for openvpn-devel@lists.sourceforge.net; Mon, 04 Mar 2024 16:16:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jwgImhgGF3DjYbDBSz6cEGJBWWYfkS1kP2SLPxgYEwk=; b=BgcS3YfzvTLI83ChtmzMJQYHXI D0tsnvIo8M76sYv21JhHNyFzStT7WGwVzdODCeryTBoA+M3Q+LggBeoxnfMUIY0m4g8kP1zo/8+GH wCIIZXP4OdsXw2vBi00qqFbfFDVTkefZn+mUH7RNSGPlrg1E7JGwcFFBTATz7pJ+h0A4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=jwgImhgGF3DjYbDBSz6cEGJBWWYfkS1kP2SLPxgYEwk=; b=mWj/hS6cNEUjC+7258EHWGcuK0 fzIk1xPbWogY8ds31GTbajdUp5T91M3ne1shaAdbYMmhZ57TNWMlkAjcEAQMYXG1Z8y8jZqgQzaEd sMk3trg2B996g5vf4zY5+IcovNDtviETg8bz7mULm8wiizcJN+RtNMZJT1XaAgVTfmkU=; Received: from mout-p-201.mailbox.org ([80.241.56.171]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rhAyu-00046A-NP for openvpn-devel@lists.sourceforge.net; Mon, 04 Mar 2024 16:16:10 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:b231:465::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4TpP263Vddz9tYL; Mon, 4 Mar 2024 17:15:58 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1709568958; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jwgImhgGF3DjYbDBSz6cEGJBWWYfkS1kP2SLPxgYEwk=; b=AkK/HcI0+NgXc6SW23NTYDHWEV2UadBy1+yIROQirg8B6qeMqCYdAIKp6ioLNudM6Up7iV U1ySjRsa0HkhaFP2hKWnDsnM3gQWkPvwxYIwWb2gFQWPfo6E3vXnpM5T1T9muw6nfF40dk JO/xsZypOn/QPsVOFJzlispmwn1KE227Tj2fjdPo0qJqkrOrmw8oiw84uqRVGk8GdGZ5HW 71uksPaYJKhZ3X2gMFspyHwfM7aC0pDZ3NQRyJU4SwK9w3u9LTwZfA+qdgaDcQmJ7ypoxI ra9TeBgApCTRoP6inEkbbGAVVrBgd5kToj0aiKcXkq8GoPXt7TWXwGTkCXngyw== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Mon, 4 Mar 2024 17:15:56 +0100 Message-Id: <20240304161556.2036270-1-frank@lichtenheld.com> In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: 4TpP263Vddz9tYL X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: These are mostly redundant with client/server.conf Let's try to manage to maintain one set of sample configurations before we branch out further. Change-Id: I199541fea5a76c8edef7f67d2dbfc476987dc2f7 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Acked-by: Antonio Quartulli List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli , Arne Schwabe Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1792613028505684144?= X-GMAIL-MSGID: =?utf-8?q?1792613028505684144?= These are mostly redundant with client/server.conf Let's try to manage to maintain one set of sample configurations before we branch out further. Change-Id: I199541fea5a76c8edef7f67d2dbfc476987dc2f7 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Acked-by: Antonio Quartulli --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master and release/2.6. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/531 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe Antonio Quartulli diff --git a/sample/sample-config-files/home.up b/sample/sample-config-files/home.up deleted file mode 100755 index 9c347cc..0000000 --- a/sample/sample-config-files/home.up +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -route add -net 10.0.0.0 netmask 255.255.255.0 gw $5 diff --git a/sample/sample-config-files/office.up b/sample/sample-config-files/office.up deleted file mode 100755 index 74a71a3..0000000 --- a/sample/sample-config-files/office.up +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -route add -net 10.0.1.0 netmask 255.255.255.0 gw $5 diff --git a/sample/sample-config-files/tls-home.conf b/sample/sample-config-files/tls-home.conf deleted file mode 100644 index ff19d50..0000000 --- a/sample/sample-config-files/tls-home.conf +++ /dev/null @@ -1,83 +0,0 @@ -# -# Sample OpenVPN configuration file for -# home using SSL/TLS mode and RSA certificates/keys. -# -# '#' or ';' may be used to delimit comments. - -# Use a dynamic tun device. For non-Linux OSes, you may want to use an -# explicit unit number such as "tun1". -# OpenVPN also supports virtual ethernet "tap" devices. -dev tun - -# Our OpenVPN peer is the office gateway. -remote 1.2.3.4 - -# 10.1.0.2 is our local VPN endpoint (home). -# 10.1.0.1 is our remote VPN endpoint (office). -ifconfig 10.1.0.2 10.1.0.1 - -# Our up script will establish routes -# once the VPN is alive. -up ./home.up - -# In SSL/TLS key exchange, Office will -# assume server role and Home -# will assume client role. -tls-client - -# Certificate Authority file -ca my-ca.crt - -# Our certificate/public key -cert home.crt - -# Our private key -key home.key - -# Our data channel cipher (must match peer config) -cipher AES-256-GCM - -# OpenVPN 2.0 uses UDP port 1194 by default -# (official port assignment by iana.org 11/04). -# OpenVPN 1.x uses UDP port 5000 by default. -# Each OpenVPN tunnel must use -# a different port number. -# lport or rport can be used -# to denote different ports -# for local and remote. -; port 1194 - -# Downgrade UID and GID to an -# unpriviledged user after initialization -# for extra security. -; user openvpn -; group openvpn - -# If you built OpenVPN with -# LZO compression, uncomment -# out the following line. -; comp-lzo - -# Send a UDP ping to remote once -# every 15 seconds to keep -# stateful firewall connection -# alive. Uncomment this -# out if you are using a stateful -# firewall. -; ping 15 - -# Uncomment this section for a more reliable detection when a system -# loses its connection. For example, dial-ups or laptops that -# travel to other locations. -; ping 15 -; ping-restart 45 -; ping-timer-rem -; persist-tun -; persist-key - -# Verbosity level. -# 0 -- quiet except for fatal errors. -# 1 -- mostly quiet, but display non-fatal network errors. -# 3 -- medium output, good for normal operation. -# 9 -- verbose, good for troubleshooting -verb 3 diff --git a/sample/sample-config-files/tls-office.conf b/sample/sample-config-files/tls-office.conf deleted file mode 100644 index 152e58a..0000000 --- a/sample/sample-config-files/tls-office.conf +++ /dev/null @@ -1,86 +0,0 @@ -# -# Sample OpenVPN configuration file for -# office using SSL/TLS mode and RSA certificates/keys. -# -# '#' or ';' may be used to delimit comments. - -# Use a dynamic tun device. -# For Linux 2.2 or non-Linux OSes, -# you may want to use an explicit -# unit number such as "tun1". -# OpenVPN also supports virtual -# ethernet "tap" devices. -dev tun - -# 10.1.0.1 is our local VPN endpoint (office). -# 10.1.0.2 is our remote VPN endpoint (home). -ifconfig 10.1.0.1 10.1.0.2 - -# Our up script will establish routes -# once the VPN is alive. -up ./office.up - -# In SSL/TLS key exchange, Office will -# assume server role and Home -# will assume client role. -tls-server - -# Diffie-Hellman Parameters (tls-server only) -dh dh2048.pem - -# Certificate Authority file -ca my-ca.crt - -# Our certificate/public key -cert office.crt - -# Our private key -key office.key - -# Our data channel cipher (must match peer config) -cipher AES-256-GCM - -# OpenVPN 2.0 uses UDP port 1194 by default -# (official port assignment by iana.org 11/04). -# OpenVPN 1.x uses UDP port 5000 by default. -# Each OpenVPN tunnel must use -# a different port number. -# lport or rport can be used -# to denote different ports -# for local and remote. -; port 1194 - -# Downgrade UID and GID to an -# unpriviledged user after initialization -# for extra security. -; user openvpn -; group openvpn - -# If you built OpenVPN with -# LZO compression, uncomment -# out the following line. -; comp-lzo - -# Send a UDP ping to remote once -# every 15 seconds to keep -# stateful firewall connection -# alive. Uncomment this -# out if you are using a stateful -# firewall. -; ping 15 - -# Uncomment this section for a more reliable detection when a system -# loses its connection. For example, dial-ups or laptops that -# travel to other locations. -; ping 15 -; ping-restart 45 -; ping-timer-rem -; persist-tun -; persist-key - -# Verbosity level. -# 0 -- quiet except for fatal errors. -# 1 -- mostly quiet, but display non-fatal network errors. -# 3 -- medium output, good for normal operation. -# 9 -- verbose, good for troubleshooting -verb 3