New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openvpn-service should re-run os-config if root ca is expired #2569
Comments
This is being addressed in #2587 |
ab77
added a commit
that referenced
this issue
Apr 18, 2022
* Fixes #2569 * ensure OpenVPN client always starts with the latest CA certificate from API config endpoint as this certificate may have changed and we don't want VPN to be down for ~24 hours until os-config is triggered by systemd timer Change-type: minor
klutchell
pushed a commit
that referenced
this issue
Apr 21, 2022
* Fixes #2569 * ensure OpenVPN client always starts with the latest CA certificate from API config endpoint as this certificate may have changed and we don't want VPN to be down for ~24 hours until os-config is triggered by systemd timer Change-type: minor
klutchell
pushed a commit
that referenced
this issue
Apr 22, 2022
* Fixes #2569 * ensure OpenVPN client always starts with the latest CA certificate from API config endpoint as this certificate may have changed and we don't want VPN to be down for ~24 hours until os-config is triggered by systemd timer Change-type: minor
klutchell
pushed a commit
that referenced
this issue
Apr 22, 2022
* Fixes #2569 * ensure OpenVPN client always starts with the latest CA certificate from API config endpoint as this certificate may have changed and we don't want VPN to be down for ~24 hours until os-config is triggered by systemd timer Change-type: minor
ghost
pushed a commit
that referenced
this issue
Apr 23, 2022
* Fixes #2569 * ensure OpenVPN client always starts with the latest CA certificate from API config endpoint as this certificate may have changed and we don't want VPN to be down for ~24 hours until os-config is triggered by systemd timer Change-type: minor
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From brainstorm topic (restricted access)
https://jel.ly.fish/brainstorm-topic-6bb0fc78-cc85-496b-ab8c-65b1d58709e3
We currently run os-config to ensure the VPN certificates are up-to-date on a daily schedule, as per
https://github.com/balena-os/meta-balena/tree/master/meta-balena-common/recipes-core/os-config/os-config
This issue is to validate the root certificate with openssh utils prior to openvpn service restarts to ensure that an expired certificate will trigger a new os-config pull, rather than waiting up to 24-hours.
The text was updated successfully, but these errors were encountered: