GNU bug report logs - #42544
openvpn service requires cert and key configuration

Previous Next

Full log

Message #8 received at 42544 <at> debbugs.gnu.org (full text, mbox):

From: david larsson <david.larsson <at> selfhosted.xyz>
To: 42544 <at> debbugs.gnu.org
Cc: bug-Guix <bug-guix-bounces+someone=selfhosted.xyz <at> gnu.org>
Subject: Re: bug#42544: openvpn service requires cert and key configuration
Date: Tue, 28 Jul 2020 04:27:30 +0000

On 2020-07-26 04:53, david larsson wrote:
> Hi,
> I have a vpn configuration that doesn't use cert and key configuration
> lines so I receive errors like the following in /var/log/messages when
> trying to start the vpn-client service:
> 
> localhost openvpn[1660]: Options error: --cert fails with 'disabled':
> No such file or directory (errno=2)
> localhost openvpn[1660]: Options error: --key fails with 'disabled':
> No such file or directory (errno=2)
> 
> (the lines would say the default /etc/openvpn/client.crt if I wouldn't
> have specified (cert "disabled") etc. in the guix service config)
> 
> 
> I need a way to disable that these lines are being generated to the 
> config-file.
> 

Can be solved by changing those options to maybe-strings in 
gnu/services/vpn.scm and setting the default to disabled:

   (cert
    ;;(string "/etc/openvpn/client.crt")
    (maybe-string 'disabled)
    "The certificate of the machine the daemon is running on. It should 
be signed
by the authority given in @code{ca}.")

   (key
    ;;(string "/etc/openvpn/client.key")
    (maybe-string 'disabled)
    "The key of the machine the daemon is running on. It must be the key 
whose
certificate is @code{cert}.")

I may eventually send some patches, including the addition of some more 
config-options.

Best regards,
David

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.