Could someone who owns an iPhone please test this? Best, -Michael On Fri, 2015-10-30 at 15:47 +0000, Michael Tremer wrote: > This will allow to import just the configuration file > into iOS and establish the VPN connection. Also works > with many other OpenVPN clients. > > Signed-off-by: Michael Tremer > --- > html/cgi-bin/ovpnmain.cgi | 59 > ++++++++++++++++++++++++++++++++++++++++++++--- > 1 file changed, 56 insertions(+), 3 deletions(-) > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi > index 7c9ff95..bdbd229 100644 > --- a/html/cgi-bin/ovpnmain.cgi > +++ b/html/cgi-bin/ovpnmain.cgi > @@ -2267,11 +2267,14 @@ else > > my $file_crt = new File::Temp( UNLINK => 1 ); > my $file_key = new File::Temp( UNLINK => 1 ); > + my $include_certs = 0; > > if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f > "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12" > ) { > if ($cgiparams{'MODE'} eq 'insecure') { > + $include_certs = 1; > + > # Add the CA > - print CLIENTCONF "ca cacert.pem\r\n"; > + print CLIENTCONF ";ca cacert.pem\r\n"; > $zip > ->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or > die "Can't add file cacert.pem\n"; > > # Extract the certificate > @@ -2282,7 +2285,7 @@ else > } > > $zip->addFile("$file_crt", > "$confighash{$cgiparams{'KEY'}}[1].pem") or die; > - print CLIENTCONF "cert > $confighash{$cgiparams{'KEY'}}[1].pem\r\n"; > + print CLIENTCONF ";cert > $confighash{$cgiparams{'KEY'}}[1].pem\r\n"; > > # Extract the key > system('/usr/bin/openssl', 'pkcs12', '-in', > "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12" > , > @@ -2292,7 +2295,7 @@ else > } > > $zip->addFile("$file_key", > "$confighash{$cgiparams{'KEY'}}[1].key") or die; > - print CLIENTCONF "key > $confighash{$cgiparams{'KEY'}}[1].key\r\n"; > + print CLIENTCONF ";key > $confighash{$cgiparams{'KEY'}}[1].key\r\n"; > } else { > print CLIENTCONF "pkcs12 > $confighash{$cgiparams{'KEY'}}[1].p12\r\n"; > $zip->addFile( > "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12" > , "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file > $confighash{$cgiparams{'KEY'}}[1].p12\n"; > @@ -2311,6 +2314,9 @@ else > print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n"; > } > if ($vpnsettings{'TLSAUTH'} eq 'on') { > + if ($cgiparams{'MODE'} eq 'insecure') { > + print CLIENTCONF ";"; > + } > print CLIENTCONF "tls-auth ta.key\r\n"; > $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", > "ta.key") or die "Can't add file ta.key\n"; > } > @@ -2335,6 +2341,53 @@ else > print CLIENTCONF "mtu-disc > $vpnsettings{'PMTU_DISCOVERY'}\r\n"; > } > } > + > + if ($include_certs) { > + print CLIENTCONF "\r\n"; > + > + # CA > + open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem"); > + print CLIENTCONF "\r\n"; > + while () { > + chomp($_); > + print CLIENTCONF "$_\r\n"; > + } > + print CLIENTCONF "\r\n\r\n"; > + close(FILE); > + > + # Cert > + open(FILE, "<$file_crt"); > + print CLIENTCONF "\r\n"; > + while () { > + chomp($_); > + print CLIENTCONF "$_\r\n"; > + } > + print CLIENTCONF "\r\n\r\n"; > + close(FILE); > + > + # Key > + open(FILE, "<$file_key"); > + print CLIENTCONF "\r\n"; > + while () { > + chomp($_); > + print CLIENTCONF "$_\r\n"; > + } > + print CLIENTCONF "\r\n\r\n"; > + close(FILE); > + > + # TLS auth > + if ($vpnsettings{'TLSAUTH'} eq 'on') { > + open(FILE, "<${General::swroot}/ovpn/certs/ta.key"); > + print CLIENTCONF "\r\n"; > + while () { > + chomp($_); > + print CLIENTCONF "$_\r\n"; > + } > + print CLIENTCONF "\r\n\r\n"; > + close(FILE); > + } > + } > + > # Print client.conf.local if entries exist to client.ovpn > if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} > eq 'on') { > open (LCC, "$local_clientconf");