Le 21 février 2020 12:10:44 GMT-05:00, Joshua Branson via Bug reports for GNU Guix <bug-guix@gnu.org> a écrit : > >Julien and I discussed on irc that guix currently does not have a >method of generating my config file. Here is just an updated list of >the options that I (and possibly others) may need or want. > >#+BEGIN_SRC org >These are all the options that my config file has. If the box does >not have an X, then we should add this in the service definition. > >- [ ] "persist-key" >- [ ] "persist-tun" We already have both of them. Are they not documented? They should be persist-key? and persist-tun? respectively.
>- [ ] "remote-random" >- [ ] "pull" >- [X] "comp-lzo no" >- [ ] "tls-client" does tls-auth provide this option??? tls-auth and tls-client are different options. tls-client replaces the client directive we currently generate for all openvpn-client-configuration. >- [ ] "verify-x509-name Server name-prefix" >- [ ] "ns-cert-type server" This is possibly deprecated? >- [ ] "key-direction 1" This is another way of specifying tls-auth? >- [X] "route-method exe" This is only useful on Windows. >- [ ] "route-delay 2" >- [X] "tun-mtu 1500" The documentation says most cases...I should > leave this to it's default parameter. So unless needed, we probably > shouldn't need to add it to guix. > >- The next two options only make sense when we are using the protocol > udp. We should probably specify them someway that you can only use > them if protocol is upd. Something like: > > #+BEGIN_SRC scheme > (proto udp > (upd-options > (fragment 1300) > (mssfix 1200)) > #+END_SRC > >- [X] "fragment 1300" >- [X] "mssfix 1200" > > >- [ ] "cipher AES-256-CBC" >- [X] keysize 256 deprecated. Do not need. and my key size is the >cipher size anyway. The documentation does not reccommend manually >changing your keysize. >- [X] auth SHA512 I have no idea where this is in the documentation >- [X] sndbuf 524288 The documentation says that the default should >work. >- [X] rcvbuf 524288 as above >- [X] auth-user-pass login.conf >#+END_SRC > >We should also probably allow a file option. Some users may have a >working file. Perhaps we should support this: > >#+BEGIN_SRC scheme >(openvpn-client-service > #:file "/path/to/openvpn.conf") >#+END_SRC > >Joshua
