Last active
March 23, 2016 20:17
-
-
Save piotr-dobrogost/8e13d962604443e9f278 to your computer and use it in GitHub Desktop.
Revisions
-
Piotr Dobrogost revised this gist
Mar 23, 2016 . 2 changed files with 1 addition and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,5 @@ # This works > sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config /etc/openvpn/xxx.conf # `sudo journalctl` (...) This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,3 @@ # /usr/lib/systemd/system/openvpn@.service [Unit] Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I -
Mar 23, 2016 . 1 changed file with 19 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,19 @@ [piotr@demon system]$ systemctl cat openvpn@xxx # /usr/lib/systemd/system/openvpn@.service [Unit] Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I After=network.target [Service] PrivateTmp=true Type=forking PIDFile=/var/run/openvpn/%i.pid Environment=OPENSSL_ENABLE_MD5_VERIFY=1 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf [Install] WantedBy=multi-user.target # /etc/systemd/system/openvpn@xxx.service.d/env.conf [Service] Environment="OPENSSL_ENABLE_MD5_VERIFY=1" -
Mar 22, 2016 . No changes.There are no files selected for viewing
-
Mar 22, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,26 @@ client dev tun proto udp remote x.x.x.x 1194 remote y.y.y.y 1194 resolv-retry infinite nobind script-security 2 up /etc/openvpn/client.up plugin /usr/lib64/openvpn/plugins/openvpn-plugin-down-root.so "/etc/openvpn/client.down" persist-key persist-tun pkcs12 /etc/openvpn/xxx/piotr.dobrogost.xxx.vpn.p12 cipher AES-256-CBC comp-lzo # logowanie mute-replay-warnings verb 3 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,2 @@ [Service] Environment=OPENSSL_ENABLE_MD5_VERIFY=1 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,12 @@ [Unit] Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I After=network.target [Service] PrivateTmp=true Type=forking PIDFile=/var/run/openvpn/%i.pid ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf [Install] WantedBy=multi-user.target This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,19 @@ # This works > sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --user piotr --config /etc/openvpn/xxx.conf # `sudo journalctl` (...) Mar 22 21:45:08 demon openvpn[31225]: VERIFY OK: depth=2, (...) Mar 22 21:45:08 demon openvpn[31225]: VERIFY OK: depth=1, (...) Mar 22 21:45:08 demon openvpn[31225]: VERIFY OK: depth=0, (...) (...) # This does not work > sudo systemctl start openvpn@xxx # `sudo journalctl` (...) Mar 22 21:51:47 demon openvpn[31587]: VERIFY OK: depth=2, (...) Mar 22 21:51:47 demon openvpn[31587]: VERIFY ERROR: depth=1, error=certificate signature failure: (...) (...)
Piotr Dobrogost
revised
this gist