diff options
author | Julien Lepiller <julien@lepiller.eu> | 2020-02-19 03:33:12 +0100 |
---|---|---|
committer | Julien Lepiller <julien@lepiller.eu> | 2020-02-19 04:08:55 +0100 |
commit | c6c447701c9cfdeedf77224399faa9c07b12d045 (patch) | |
tree | e3d4a333dbf3e508a214c8a60d956964b5315b38 | |
parent | 0372dd1a1e51e39382ee5d1aa968589b40506b8f (diff) | |
download | patches-c6c447701c9cfdeedf77224399faa9c07b12d045.tar patches-c6c447701c9cfdeedf77224399faa9c07b12d045.tar.gz |
gnu: services: Add openvpn options.
* gnu/services/vpn.scm (openvpn-client-configuration)
(openvpn-server-configuration): Add fast-io? and auth-user-pass options.
-rw-r--r-- | doc/guix.texi | 22 | ||||
-rw-r--r-- | gnu/services/vpn.scm | 12 |
2 files changed, 34 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index aa50340fe2..afb70d5378 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -21794,6 +21794,13 @@ Defaults to @samp{#t}. @end deftypevr +@deftypevr {@code{openvpn-client-configuration} parameter} boolean fast-io? +(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to +poll/epoll/select prior to the write operation. + +Defaults to @samp{#f}. +@end deftypevr + @deftypevr {@code{openvpn-client-configuration} parameter} number verbosity Verbosity level. @@ -21809,6 +21816,14 @@ Defaults to @samp{#f}. @end deftypevr +@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string auth-user-pass +Authenticate with server using username/password. The option is a file +containing username/password on 2 lines. Do not use a file-like object as it +would be added to the store and readable by any user. + +Defaults to @samp{'disabled}. +@end deftypevr + @deftypevr {@code{openvpn-client-configuration} parameter} key-usage verify-key-usage? Whether to check the server certificate has server usage extension. @@ -21930,6 +21945,13 @@ Defaults to @samp{#t}. @end deftypevr +@deftypevr {@code{openvpn-server-configuration} parameter} boolean fast-io? +(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to +poll/epoll/select prior to the write operation. + +Defaults to @samp{#f}. +@end deftypevr + @deftypevr {@code{openvpn-server-configuration} parameter} number verbosity Verbosity level. diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index 4602b3f3db..658d5c3e88 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -59,6 +59,7 @@ (format #t "") (format #t "~a ~a\n" (uglify-field-name field-name) val))) (define serialize-string serialize-field) +(define-maybe string) (define (serialize-boolean field-name val) (if val (serialize-field field-name "") @@ -298,6 +299,11 @@ certificate is @code{cert}.") "Don't close and reopen TUN/TAP device or run up/down scripts across SIGUSR1 or --ping-restart restarts.") + (fast-io? + (boolean #f) + "(Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to +poll/epoll/select prior to the write operation.") + (verbosity (number 3) "Verbosity level.")) @@ -307,6 +313,12 @@ SIGUSR1 or --ping-restart restarts.") "Add an additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.") + (auth-user-pass + (maybe-string 'disabled) + "Authenticate with server using username/password. The option is a file +containing username/password on 2 lines. Do not use a file-like object as it +would be added to the store and readable by any user.") + (verify-key-usage? (key-usage #t) "Whether to check the server certificate has server usage extension.") |