me/guix
Archived
1
0
Fork 0
Code Activity

gnu: services: Add openvpn options.

Browse source 
* gnu/services/vpn.scm (openvpn-client-configuration)
(openvpn-server-configuration): Add fast-io? and auth-user-pass options.
This commit is contained in:
Julien Lepiller 2020-02-19 03:33:12 +01:00
parent 0372dd1a1e
commit c6c447701c
No known key found for this signature in database
GPG key ID: 53D457B2D636EE82
2 changed files with 34 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
doc/guix.texi
View file

@ -21794,6 +21794,13 @@ Defaults to @samp{#t}.
@end deftypevr @end deftypevr
@deftypevr {@code{openvpn-client-configuration} parameter} boolean fast-io?
(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to
poll/epoll/select prior to the write operation.
Defaults to @samp{#f}.
@end deftypevr
@deftypevr {@code{openvpn-client-configuration} parameter} number verbosity @deftypevr {@code{openvpn-client-configuration} parameter} number verbosity
Verbosity level. Verbosity level.
@ -21809,6 +21816,14 @@ Defaults to @samp{#f}.
@end deftypevr @end deftypevr
@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string auth-user-pass
Authenticate with server using username/password. The option is a file
containing username/password on 2 lines. Do not use a file-like object as it
would be added to the store and readable by any user.
Defaults to @samp{'disabled}.
@end deftypevr
@deftypevr {@code{openvpn-client-configuration} parameter} key-usage verify-key-usage? @deftypevr {@code{openvpn-client-configuration} parameter} key-usage verify-key-usage?
Whether to check the server certificate has server usage extension. Whether to check the server certificate has server usage extension.
@ -21930,6 +21945,13 @@ Defaults to @samp{#t}.
@end deftypevr @end deftypevr
@deftypevr {@code{openvpn-server-configuration} parameter} boolean fast-io?
(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to
poll/epoll/select prior to the write operation.
Defaults to @samp{#f}.
@end deftypevr
@deftypevr {@code{openvpn-server-configuration} parameter} number verbosity @deftypevr {@code{openvpn-server-configuration} parameter} number verbosity
Verbosity level. Verbosity level.

12
gnu/services/vpn.scm
View file

@ -59,6 +59,7 @@
(format #t "") (format #t "")
(format #t "~a ~a\n" (uglify-field-name field-name) val))) (format #t "~a ~a\n" (uglify-field-name field-name) val)))
(define serialize-string serialize-field) (define serialize-string serialize-field)
(define-maybe string)
(define (serialize-boolean field-name val) (define (serialize-boolean field-name val)
(if val (if val
(serialize-field field-name "") (serialize-field field-name "")
@ -298,6 +299,11 @@ certificate is @code{cert}.")
"Don't close and reopen TUN/TAP device or run up/down scripts across "Don't close and reopen TUN/TAP device or run up/down scripts across
SIGUSR1 or --ping-restart restarts.") SIGUSR1 or --ping-restart restarts.")
(fast-io?
(boolean #f)
"(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to
poll/epoll/select prior to the write operation.")
(verbosity (verbosity
(number 3) (number 3)
"Verbosity level.")) "Verbosity level."))
@ -307,6 +313,12 @@ SIGUSR1 or --ping-restart restarts.")
"Add an additional layer of HMAC authentication on top of the TLS control "Add an additional layer of HMAC authentication on top of the TLS control
channel to protect against DoS attacks.") channel to protect against DoS attacks.")
(auth-user-pass
(maybe-string 'disabled)
"Authenticate with server using username/password. The option is a file
containing username/password on 2 lines. Do not use a file-like object as it
would be added to the store and readable by any user.")
(verify-key-usage? (verify-key-usage?
(key-usage #t) (key-usage #t)
"Whether to check the server certificate has server usage extension.") "Whether to check the server certificate has server usage extension.")