Skip to content
Snippets Groups Projects
Commit 0fb116cd authored by cyberta's avatar cyberta Committed by flipsimon
Browse files

add ca-file and client-cert-url flags to menshen section of the config

parent e7a53af0
No related branches found
Tags v0.1
1 merge request!11add ca-file and client-cert-url flags to menshen section of the config
......@@ -26,6 +26,7 @@ auto-tls = true
server-name = <domain name of the remote machine>
...
```
The option `ca-file` defines a file path to the CA cert that is used for the communication to `from-eip-url` and `client-cert-url`. The impliceit assumtion here is that both endpoints are part of a Lilypad v3 deployment.
### Example config
```ini
......@@ -38,6 +39,8 @@ openvpn =
enabled = true
auto-tls = false
from-eip-url = https://api.black.riseup.net:4430/3/config/eip-service.json
ca-file = ~/ca.crt
client-cert-url = https://api.black.riseup.net:4430/3/cert
allow-gateway-list = true
allow-bridge-list = true
port = 80
......
......@@ -36,6 +36,8 @@ type Config struct {
MenshenAllowBridgeList bool
MenshenAutoTLS bool
MenshenFromEIPURL string
MenshenClientCertURL string
MenshenCAFile string
MenshenPort int
MenshenServerName string
LocalBridges []string
......
......@@ -106,6 +106,8 @@ func RunVPN() {
fmt.Sprintf("MENSHEN_AUTO_TLS=%v", cfg.MenshenAutoTLS),
fmt.Sprintf("MENSHEN_PORT=%v", cfg.MenshenPort),
fmt.Sprintf("MENSHEN_SERVER_NAME=%v", cfg.MenshenServerName),
fmt.Sprintf("MENSHEN_CA_FILE=%v", cfg.MenshenCAFile),
fmt.Sprintf("MENSHEN_CLIENT_CERT_URL=%v", cfg.MenshenClientCertURL),
fmt.Sprintf("MENSHEN_FROM_EIP_URL=%s", cfg.MenshenFromEIPURL),
fmt.Sprintf("MENSHEN_LOCALBRIDGES=%s", strings.Join(cfg.LocalBridges, `,`)),
},
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment