937c75e097
ocserv: notify users about certificates about to expire
2025-08-12 10:59:02 +02:00
292ddbb7e7
ocserv: fix firewall config
...
Oops, let’s not drop everything but VPN packets in postrouting.
2025-08-11 12:26:55 +02:00
11e456cff1
ocserv: add playbook for creating client certificates
2025-08-04 16:13:30 +02:00
ec9883ca29
ocserv: reload service on certificate renewal
2025-08-01 15:20:55 +02:00
d442940975
ocserv: use numeric ID instead of arbitrary USERNAME for nft chain name
...
Putting a @ in a name is a bad.
2025-05-16 14:26:39 +02:00
245b4a0dcd
ocserv: support UDP
2025-05-16 14:26:26 +02:00
6e72987863
ocserv: only support certificate auth for clients
2025-05-16 14:10:11 +02:00
aa78b407c8
ocserv: disable TLS<1.2
2025-05-08 15:04:38 +02:00
ade6a8e1e2
Add nginx as a role dependency where required
...
This is pretty much anywhere a LE certificate is needed. Similar for
nginx-php for PHP sites. Drop these roles from setup.yml.
2025-04-12 18:51:31 +02:00
cf6b682cf8
Add ocserv role
...
Create a self-signed CA, set up group configs, add script to allow new
connections through the firewall.
In the base debian role, drop the default nftables forward chain with
drop policy because it clashes with this. If you enable forwarding on
a debian host, make sure to configure the firewall.
2025-04-12 18:38:48 +02:00
