From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH v2 2/2] openvpn: Embed the certificate and key file into configuration Date: Fri, 30 Oct 2015 15:47:22 +0000 Message-ID: <1446220042-22681-2-git-send-email-michael.tremer@ipfire.org> In-Reply-To: <1446220042-22681-1-git-send-email-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0281436244583566496==" List-Id: --===============0281436244583566496== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This will allow to import just the configuration file into iOS and establish the VPN connection. Also works with many other OpenVPN clients. Signed-off-by: Michael Tremer --- html/cgi-bin/ovpnmain.cgi | 59 ++++++++++++++++++++++++++++++++++++++++++++-= -- 1 file changed, 56 insertions(+), 3 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 7c9ff95..bdbd229 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2267,11 +2267,14 @@ else =09 my $file_crt =3D new File::Temp( UNLINK =3D> 1 ); my $file_key =3D new File::Temp( UNLINK =3D> 1 ); + my $include_certs =3D 0; =20 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot= }/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {=20 if ($cgiparams{'MODE'} eq 'insecure') { + $include_certs =3D 1; + # Add the CA - print CLIENTCONF "ca cacert.pem\r\n"; + print CLIENTCONF ";ca cacert.pem\r\n"; $zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or d= ie "Can't add file cacert.pem\n"; =20 # Extract the certificate @@ -2282,7 +2285,7 @@ else } =20 $zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die; - print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n"; + print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n"; =20 # Extract the key system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs= /$confighash{$cgiparams{'KEY'}}[1].p12", @@ -2292,7 +2295,7 @@ else } =20 $zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die; - print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n"; + print CLIENTCONF ";key $confighash{$cgiparams{'KEY'}}[1].key\r\n"; } else { print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'= }}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $= confighash{$cgiparams{'KEY'}}[1].p12\n"; @@ -2311,6 +2314,9 @@ else print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n"; } if ($vpnsettings{'TLSAUTH'} eq 'on') { + if ($cgiparams{'MODE'} eq 'insecure') { + print CLIENTCONF ";"; + } print CLIENTCONF "tls-auth ta.key\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "C= an't add file ta.key\n"; } @@ -2335,6 +2341,53 @@ else print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n"; } } + + if ($include_certs) { + print CLIENTCONF "\r\n"; + + # CA + open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + + # Cert + open(FILE, "<$file_crt"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + + # Key + open(FILE, "<$file_key"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + + # TLS auth + if ($vpnsettings{'TLSAUTH'} eq 'on') { + open(FILE, "<${General::swroot}/ovpn/certs/ta.key"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + } + } + # Print client.conf.local if entries exist to client.ovpn if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} eq 'on')= { open (LCC, "$local_clientconf"); --=20 2.4.4 --===============0281436244583566496==--