cfn-vpn 1.5.0 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Dockerfile +1 -1
- data/docs/certificate-users.md +2 -1
- data/lib/cfnvpn/actions/revoke.rb +6 -0
- data/lib/cfnvpn/certificates.rb +2 -1
- data/lib/cfnvpn/templates/vpn.rb +1 -1
- data/lib/cfnvpn/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ef9cd59cf1876c3b909d920e68d331e6a6c7985eb6e4a9ad069cc065d7e5e79b
|
|
4
|
+
data.tar.gz: 3beaf85c7b146bb7df165661b9a0a66268a6372e34865c62b7b9ddc238982a75
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f4221735ef37e25221dd6802baace032d1330d980fd0827aa9c2907042b0b6ceb18888d7f431553e4cbc027af96382166a3662d63bd936db250443d3baa6cd4c
|
|
7
|
+
data.tar.gz: 8ab592bdc27770b1eb61fd4532e6b572c895d94d7e5225d7a5518fc22242975be58a71e31d8465d770b88c95f6992ff8074ff0ce02356b1feb2bb35233b18282
|
data/Dockerfile
CHANGED
data/docs/certificate-users.md
CHANGED
|
@@ -25,6 +25,7 @@ This will revoke the client certificate and apply to the client VPN endpoint.
|
|
|
25
25
|
Note this wont terminate the session but will stop the client from reconnecting using the certificate.
|
|
26
26
|
|
|
27
27
|
```sh
|
|
28
|
+
# please ensure that you are using the latest cfn-vpn version before revoking cert since previous versions have issues maintaining the CRL
|
|
28
29
|
cfn-vpn revoke myvpn --client-cn user1 --bucket mybucket
|
|
29
30
|
```
|
|
30
31
|
|
|
@@ -93,4 +94,4 @@ Modify base2-ciinabox.config.ovpn to include the full location of your extracted
|
|
|
93
94
|
echo "cert /<path>/user1.crt" >> myvpn.config.ovpn
|
|
94
95
|
|
|
95
96
|
Open myvpn.config.ovpn with your favorite openvpn client.
|
|
96
|
-
```
|
|
97
|
+
```
|
|
@@ -38,6 +38,12 @@ module CfnVpn::Actions
|
|
|
38
38
|
s3.get_object("#{@cert_dir}/#{@options['client_cn']}.tar.gz")
|
|
39
39
|
CfnVpn::Log.logger.info "Generating new client certificate #{@options['client_cn']} using openvpn easy-rsa"
|
|
40
40
|
CfnVpn::Log.logger.debug cert.revoke_client(@options['client_cn'])
|
|
41
|
+
|
|
42
|
+
# persist index.txt which contains previous CRL back to s3
|
|
43
|
+
system("tar xzfv #{@cert_dir}/ca.tar.gz --directory #{@build_dir}")
|
|
44
|
+
FileUtils.cp(["#{@cert_dir}/index.txt"], "#{@build_dir}/pki/")
|
|
45
|
+
system("tar czfv #{@cert_dir}/ca.tar.gz -C #{@build_dir} pki/")
|
|
46
|
+
s3.store_object("#{@cert_dir}/ca.tar.gz")
|
|
41
47
|
end
|
|
42
48
|
|
|
43
49
|
def apply_rekocation_list
|
data/lib/cfnvpn/certificates.rb
CHANGED
|
@@ -142,11 +142,12 @@ module CfnVpn
|
|
|
142
142
|
system("easyrsa revoke #{client_cn}")
|
|
143
143
|
system("easyrsa gen-crl")
|
|
144
144
|
FileUtils.cp("#{@pki_dir}/crl.pem", @cert_dir)
|
|
145
|
+
FileUtils.cp("#{@pki_dir}/index.txt", @cert_dir)
|
|
145
146
|
else
|
|
146
147
|
@docker_cmd << "-e EASYRSA_CLIENT_CN=#{client_cn}"
|
|
147
148
|
@docker_cmd << "-v #{@cert_dir}:/easy-rsa/output"
|
|
148
149
|
@docker_cmd << @easyrsa_image
|
|
149
|
-
@docker_cmd << "sh -c 'revoke-client'"
|
|
150
|
+
@docker_cmd << "sh -c 'revoke-client && cp pki/index.txt output/index.txt'"
|
|
150
151
|
CfnVpn::Log.logger.debug `#{@docker_cmd.join(' ')}`
|
|
151
152
|
end
|
|
152
153
|
end
|
data/lib/cfnvpn/templates/vpn.rb
CHANGED
|
@@ -83,7 +83,7 @@ module CfnVpn
|
|
|
83
83
|
network_assoc_dependson << "ClientVpnTargetNetworkAssociation#{suffix}"
|
|
84
84
|
end
|
|
85
85
|
|
|
86
|
-
if config[:default_groups].any?
|
|
86
|
+
if !config[:default_groups].nil? && config[:default_groups].any?
|
|
87
87
|
config[:default_groups].each do |group|
|
|
88
88
|
EC2_ClientVpnAuthorizationRule(:"TargetNetworkAuthorizationRule#{group.resource_safe}"[0..255]) {
|
|
89
89
|
Condition(:EnableSubnetAssociation)
|
data/lib/cfnvpn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-vpn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guslington
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-11-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -290,7 +290,7 @@ licenses:
|
|
|
290
290
|
metadata:
|
|
291
291
|
homepage_uri: https://github.com/base2services/aws-client-vpn
|
|
292
292
|
source_code_uri: https://github.com/base2services/aws-client-vpn
|
|
293
|
-
post_install_message:
|
|
293
|
+
post_install_message:
|
|
294
294
|
rdoc_options: []
|
|
295
295
|
require_paths:
|
|
296
296
|
- lib
|
|
@@ -306,7 +306,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
306
306
|
version: '0'
|
|
307
307
|
requirements: []
|
|
308
308
|
rubygems_version: 3.1.6
|
|
309
|
-
signing_key:
|
|
309
|
+
signing_key:
|
|
310
310
|
specification_version: 4
|
|
311
311
|
summary: creates and manages resources for the aws client vpn
|
|
312
312
|
test_files: []
|