starred/certidude-laurivosandi
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude.git synced 2026-04-25 00:25:57 +03:00
Code Issues 29 Projects Releases Packages Wiki Activity

[GH-ISSUE #44] Bootstrapping API call #35

New issue
Open
opened 2026-02-26 03:33:32 +03:00 by kerem · 1 comment
kerem commented 2026-02-26 03:33:32 +03:00
Owner
Copy link

Originally created by @laurivosandi on GitHub (Feb 26, 2018).
Original GitHub issue: https://github.com/laurivosandi/certidude/issues/44

To automate VPN setup even more the server could export basically the client's services.conf file which tells clients which services to configure once the certificates have been deployed to basically make it possible to acquire the certificate and configure related services with single command:

certidude bootstrap ca.example.lan

By default assume clients to have sort of dumb config which accepts anything that eg VPN gateway suggests during negotiation.

However in certain cases it makes sense to constrain config on the client side:

  • Which VPN client software is to be configured (OpenVPN or StrongSwan)
  • How is the service configured eg as a service running in the background or user controlled (eg via NetworkManager)
  • Which ciphers are used
  • Which DNS domains are forwarded and to which IP address
  • Which subnets are routed to VPN tunnel
Originally created by @laurivosandi on GitHub (Feb 26, 2018). Original GitHub issue: https://github.com/laurivosandi/certidude/issues/44 To automate VPN setup even more the server could export basically the client's services.conf file which tells clients which services to configure once the certificates have been deployed to basically make it possible to acquire the certificate *and* configure related services with single command: ``` certidude bootstrap ca.example.lan ``` By default assume clients to have sort of dumb config which accepts anything that eg VPN gateway suggests during negotiation. However in certain cases it makes sense to constrain config on the client side: - Which VPN client software is to be configured (OpenVPN or StrongSwan) - How is the service configured eg as a service running in the background or user controlled (eg via NetworkManager) - Which ciphers are used - Which DNS domains are forwarded and to which IP address - Which subnets are routed to VPN tunnel
kerem commented 2026-02-26 03:33:32 +03:00
Author
Owner
Copy link

@laurivosandi commented on GitHub (Feb 26, 2018):

Note: NetworkManager's StrongSwan plugin doesn't pull DNS settings (domain and IP) on Fedora 27 and Ubuntu 16.04

<!-- gh-comment-id:368450372 --> @laurivosandi commented on GitHub (Feb 26, 2018): Note: NetworkManager's StrongSwan plugin doesn't pull DNS settings (domain and IP) on Fedora 27 and Ubuntu 16.04
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dev
No results found.
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/certidude-laurivosandi#35
No description provided.