gnu: services: Add openvpn options.
* gnu/services/vpn.scm (openvpn-client-configuration) (openvpn-server-configuration): Add fast-io? and auth-user-pass options.
This commit is contained in:
Julien Lepiller
parent
0372dd1a1e
commit
c6c447701c
2 changed files with 34 additions and 0 deletions
|
|
@ -21794,6 +21794,13 @@ Defaults to @samp{#t}.
|
|||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{openvpn-client-configuration} parameter} boolean fast-io?
|
||||
(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to
|
||||
poll/epoll/select prior to the write operation.
|
||||
|
||||
Defaults to @samp{#f}.
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{openvpn-client-configuration} parameter} number verbosity
|
||||
Verbosity level.
|
||||
|
||||
|
|
@ -21809,6 +21816,14 @@ Defaults to @samp{#f}.
|
|||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string auth-user-pass
|
||||
Authenticate with server using username/password. The option is a file
|
||||
containing username/password on 2 lines. Do not use a file-like object as it
|
||||
would be added to the store and readable by any user.
|
||||
|
||||
Defaults to @samp{'disabled}.
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{openvpn-client-configuration} parameter} key-usage verify-key-usage?
|
||||
Whether to check the server certificate has server usage extension.
|
||||
|
||||
|
|
@ -21930,6 +21945,13 @@ Defaults to @samp{#t}.
|
|||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{openvpn-server-configuration} parameter} boolean fast-io?
|
||||
(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to
|
||||
poll/epoll/select prior to the write operation.
|
||||
|
||||
Defaults to @samp{#f}.
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{openvpn-server-configuration} parameter} number verbosity
|
||||
Verbosity level.
|
||||
|
||||
|
|
|
|||
|
|
@ -59,6 +59,7 @@
|
|||
(format #t "")
|
||||
(format #t "~a ~a\n" (uglify-field-name field-name) val)))
|
||||
(define serialize-string serialize-field)
|
||||
(define-maybe string)
|
||||
(define (serialize-boolean field-name val)
|
||||
(if val
|
||||
(serialize-field field-name "")
|
||||
|
|
@ -298,6 +299,11 @@ certificate is @code{cert}.")
|
|||
"Don't close and reopen TUN/TAP device or run up/down scripts across
|
||||
SIGUSR1 or --ping-restart restarts.")
|
||||
|
||||
(fast-io?
|
||||
(boolean #f)
|
||||
"(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to
|
||||
poll/epoll/select prior to the write operation.")
|
||||
|
||||
(verbosity
|
||||
(number 3)
|
||||
"Verbosity level."))
|
||||
|
|
@ -307,6 +313,12 @@ SIGUSR1 or --ping-restart restarts.")
|
|||
"Add an additional layer of HMAC authentication on top of the TLS control
|
||||
channel to protect against DoS attacks.")
|
||||
|
||||
(auth-user-pass
|
||||
(maybe-string 'disabled)
|
||||
"Authenticate with server using username/password. The option is a file
|
||||
containing username/password on 2 lines. Do not use a file-like object as it
|
||||
would be added to the store and readable by any user.")
|
||||
|
||||
(verify-key-usage?
|
||||
(key-usage #t)
|
||||
"Whether to check the server certificate has server usage extension.")
|
||||
|
|
|
|||
Reference in a new issue