From e303bfaa76afca75c6c6e4444cbf2ffb034e6bee Mon Sep 17 00:00:00 2001 From: tobyxdd Date: Tue, 6 Aug 2019 00:16:23 +0800 Subject: [PATCH 1/3] Change tls-auth to tls-crypt --- Dockerfile | 2 +- Dockerfile.aarch64 | 2 +- bin/ovpn_genconfig | 2 +- bin/ovpn_getclient | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index a85cb24b..2a016a81 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # Smallest base image FROM alpine:latest -LABEL maintainer="Kyle Manna " +LABEL maintainer="Toby " # Testing: pamtester RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 7207a09e..8e3611cf 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -3,7 +3,7 @@ # Smallest base image FROM aarch64/alpine:3.5 -LABEL maintainer="Kyle Manna " +LABEL maintainer="Toby " RUN echo "http://dl-4.alpinelinux.org/alpine/edge/community/" >> /etc/apk/repositories && \ echo "http://dl-4.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories && \ diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index c2ebca6c..2d4694ec 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -324,7 +324,7 @@ key $EASYRSA_PKI/private/${OVPN_CN}.key ca $EASYRSA_PKI/ca.crt cert $EASYRSA_PKI/issued/${OVPN_CN}.crt dh $EASYRSA_PKI/dh.pem -tls-auth $EASYRSA_PKI/ta.key +tls-crypt $EASYRSA_PKI/ta.key key-direction 0 keepalive $OVPN_KEEPALIVE persist-key diff --git a/bin/ovpn_getclient b/bin/ovpn_getclient index 092aeea9..24d9959a 100755 --- a/bin/ovpn_getclient +++ b/bin/ovpn_getclient @@ -59,16 +59,16 @@ $(openssl x509 -in $EASYRSA_PKI/issued/${cn}.crt) $(cat $EASYRSA_PKI/ca.crt) key-direction 1 - + $(cat $EASYRSA_PKI/ta.key) - + " elif [ "$mode" == "separated" ]; then echo " key ${cn}.key ca ca.crt cert ${cn}.crt -tls-auth ta.key 1 +tls-crypt ta.key 1 " fi From b5c7383973c628a254b2f3b570d53dd3b6ee19f7 Mon Sep 17 00:00:00 2001 From: tobyxdd Date: Tue, 6 Aug 2019 00:29:50 +0800 Subject: [PATCH 2/3] Update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cd110301..da9e1a9b 100644 --- a/README.md +++ b/README.md @@ -193,7 +193,7 @@ of a guarantee in the future. * Proper PKI support integrated into image * OpenVPN config files, PKI keys and certs are stored on a storage volume for re-use across containers -* Addition of tls-auth for HMAC security +* Addition of tls-crypt for security & censorship circumvention in some regions ## Originally Tested On From 0f58c02f7f6e024465ef191efa05653744425857 Mon Sep 17 00:00:00 2001 From: tobyxdd Date: Tue, 6 Aug 2019 00:32:22 +0800 Subject: [PATCH 3/3] Restore maintainer --- Dockerfile | 2 +- Dockerfile.aarch64 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2a016a81..a85cb24b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # Smallest base image FROM alpine:latest -LABEL maintainer="Toby " +LABEL maintainer="Kyle Manna " # Testing: pamtester RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 8e3611cf..7207a09e 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -3,7 +3,7 @@ # Smallest base image FROM aarch64/alpine:3.5 -LABEL maintainer="Toby " +LABEL maintainer="Kyle Manna " RUN echo "http://dl-4.alpinelinux.org/alpine/edge/community/" >> /etc/apk/repositories && \ echo "http://dl-4.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories && \