Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bootstrapping API call #44

Open
laurivosandi opened this issue Feb 26, 2018 · 1 comment
Open

Bootstrapping API call #44

laurivosandi opened this issue Feb 26, 2018 · 1 comment
Milestone
Native IPSec/IKEv...

Comments

@laurivosandi
Copy link
Owner

To automate VPN setup even more the server could export basically the client's services.conf file which tells clients which services to configure once the certificates have been deployed to basically make it possible to acquire the certificate and configure related services with single command:

certidude bootstrap ca.example.lan

By default assume clients to have sort of dumb config which accepts anything that eg VPN gateway suggests during negotiation.

However in certain cases it makes sense to constrain config on the client side:

  • Which VPN client software is to be configured (OpenVPN or StrongSwan)
  • How is the service configured eg as a service running in the background or user controlled (eg via NetworkManager)
  • Which ciphers are used
  • Which DNS domains are forwarded and to which IP address
  • Which subnets are routed to VPN tunnel
@laurivosandi
Copy link
Owner Author

Note: NetworkManager's StrongSwan plugin doesn't pull DNS settings (domain and IP) on Fedora 27 and Ubuntu 16.04

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Native IPSec/IKEv2 support
Development

No branches or pull requests
1 participant
@laurivosandi