mirror of
https://github.com/angristan/openvpn-install.git
synced 2024-11-21 16:29:04 +01:00
Remove hardcoded ciphers from Fedora systemd service
This commit is contained in:
parent
bbea708175
commit
0f117352c7
@ -799,10 +799,16 @@ verb 3" >> /etc/openvpn/server.conf
|
||||
if [[ "$OS" = 'arch' || "$OS" = 'fedora' ]]; then
|
||||
# Don't modify package-provided service
|
||||
cp /usr/lib/systemd/system/openvpn-server@.service /etc/systemd/system/openvpn-server@.service
|
||||
|
||||
# Workaround to fix OpenVPN service on OpenVZ
|
||||
sed -i 's|LimitNPROC|#LimitNPROC|' /etc/systemd/system/openvpn-server@.service
|
||||
# Another workaround to keep using /etc/openvpn/
|
||||
sed -i 's|/etc/openvpn/server|/etc/openvpn|' /etc/systemd/system/openvpn-server@.service
|
||||
# On fedora, the service hardcodes the ciphers. We want to manage the cipher ourselves, so we remove it from the service
|
||||
if [[ "$OS" == "fedora" ]];then
|
||||
sed -i 's|--cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC||' /etc/systemd/system/openvpn-server@.service
|
||||
fi
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl restart openvpn-server@server
|
||||
systemctl enable openvpn-server@server
|
||||
@ -814,10 +820,12 @@ verb 3" >> /etc/openvpn/server.conf
|
||||
else
|
||||
# Don't modify package-provided service
|
||||
cp /lib/systemd/system/openvpn\@.service /etc/systemd/system/openvpn\@.service
|
||||
|
||||
# Workaround to fix OpenVPN service on OpenVZ
|
||||
sed -i 's|LimitNPROC|#LimitNPROC|' /etc/systemd/system/openvpn\@.service
|
||||
# Another workaround to keep using /etc/openvpn/
|
||||
sed -i 's|/etc/openvpn/server|/etc/openvpn|' /etc/systemd/system/openvpn\@.service
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl restart openvpn@server
|
||||
systemctl enable openvpn@server
|
||||
|
Loading…
Reference in New Issue
Block a user