voronind/nix
0
0
Fork 0
Code Issues 38 Pull requests Packages Projects Releases Wiki Activity

Vpn: Use crl.

Browse source
This commit is contained in:
Dmitry Voronin 2024-11-27 02:50:09 +03:00
parent 9406dd3270
commit b415baed04
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
container/Vpn.nix
View file

@ -2,6 +2,7 @@
# easyrsa --days=36500 build-ca
# easyrsa --days=36500 build-server-full <SERVER_NAME> nopass
# easyrsa --days=36500 build-client-full <CLIENT_NAME> nopass
# easyrsa gen-crl
# openssl dhparam -out dh2048.pem 2048
# Don't forget to set tls hostname on the client to match SERVER_NAME *AND* disable ipv6 ?
@ -91,6 +92,7 @@ in {
ca /data/pki/ca.crt
cert /data/pki/issued/home.crt
client-to-client
crl-verify /data/pki/crl.pem
dev tun
dh /data/dh2048.pem
explicit-exit-notify 1