aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien Lepiller <julien@lepiller.eu>2020-02-19 03:33:12 +0100
committerJulien Lepiller <julien@lepiller.eu>2020-02-19 04:08:55 +0100
commitc6c447701c9cfdeedf77224399faa9c07b12d045 (patch)
treee3d4a333dbf3e508a214c8a60d956964b5315b38
parent0372dd1a1e51e39382ee5d1aa968589b40506b8f (diff)
downloadpatches-c6c447701c9cfdeedf77224399faa9c07b12d045.tar
patches-c6c447701c9cfdeedf77224399faa9c07b12d045.tar.gz
gnu: services: Add openvpn options.
* gnu/services/vpn.scm (openvpn-client-configuration) (openvpn-server-configuration): Add fast-io? and auth-user-pass options.
-rw-r--r--doc/guix.texi22
-rw-r--r--gnu/services/vpn.scm12
2 files changed, 34 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index aa50340fe2..afb70d5378 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -21794,6 +21794,13 @@ Defaults to @samp{#t}.
@end deftypevr
+@deftypevr {@code{openvpn-client-configuration} parameter} boolean fast-io?
+(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to
+poll/epoll/select prior to the write operation.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
@deftypevr {@code{openvpn-client-configuration} parameter} number verbosity
Verbosity level.
@@ -21809,6 +21816,14 @@ Defaults to @samp{#f}.
@end deftypevr
+@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string auth-user-pass
+Authenticate with server using username/password. The option is a file
+containing username/password on 2 lines. Do not use a file-like object as it
+would be added to the store and readable by any user.
+
+Defaults to @samp{'disabled}.
+@end deftypevr
+
@deftypevr {@code{openvpn-client-configuration} parameter} key-usage verify-key-usage?
Whether to check the server certificate has server usage extension.
@@ -21930,6 +21945,13 @@ Defaults to @samp{#t}.
@end deftypevr
+@deftypevr {@code{openvpn-server-configuration} parameter} boolean fast-io?
+(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to
+poll/epoll/select prior to the write operation.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
@deftypevr {@code{openvpn-server-configuration} parameter} number verbosity
Verbosity level.
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
index 4602b3f3db..658d5c3e88 100644
--- a/gnu/services/vpn.scm
+++ b/gnu/services/vpn.scm
@@ -59,6 +59,7 @@
(format #t "")
(format #t "~a ~a\n" (uglify-field-name field-name) val)))
(define serialize-string serialize-field)
+(define-maybe string)
(define (serialize-boolean field-name val)
(if val
(serialize-field field-name "")
@@ -298,6 +299,11 @@ certificate is @code{cert}.")
"Don't close and reopen TUN/TAP device or run up/down scripts across
SIGUSR1 or --ping-restart restarts.")
+ (fast-io?
+ (boolean #f)
+ "(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to
+poll/epoll/select prior to the write operation.")
+
(verbosity
(number 3)
"Verbosity level."))
@@ -307,6 +313,12 @@ SIGUSR1 or --ping-restart restarts.")
"Add an additional layer of HMAC authentication on top of the TLS control
channel to protect against DoS attacks.")
+ (auth-user-pass
+ (maybe-string 'disabled)
+ "Authenticate with server using username/password. The option is a file
+containing username/password on 2 lines. Do not use a file-like object as it
+would be added to the store and readable by any user.")
+
(verify-key-usage?
(key-usage #t)
"Whether to check the server certificate has server usage extension.")