Could someone who owns an iPhone please test this?
Best, -Michael
On Fri, 2015-10-30 at 15:47 +0000, Michael Tremer wrote:
This will allow to import just the configuration file into iOS and establish the VPN connection. Also works with many other OpenVPN clients.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
html/cgi-bin/ovpnmain.cgi | 59 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 56 insertions(+), 3 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 7c9ff95..bdbd229 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2267,11 +2267,14 @@ else my $file_crt = new File::Temp( UNLINK => 1 ); my $file_key = new File::Temp( UNLINK => 1 );
my $include_certs = 0;
if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f
"${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12" ) { if ($cgiparams{'MODE'} eq 'insecure') {
$include_certs = 1;- # Add the CA
print CLIENTCONF "ca cacert.pem\r\n";
print CLIENTCONF ";ca cacert.pem\r\n";->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
# Extract the certificate@@ -2282,7 +2285,7 @@ else }
$zip->addFile("$file_crt","$confighash{$cgiparams{'KEY'}}[1].pem") or die;
print CLIENTCONF "cert$confighash{$cgiparams{'KEY'}}[1].pem\r\n";
print CLIENTCONF ";cert$confighash{$cgiparams{'KEY'}}[1].pem\r\n";
# Extract the key system('/usr/bin/openssl', 'pkcs12', '-in',"${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12" , @@ -2292,7 +2295,7 @@ else }
$zip->addFile("$file_key","$confighash{$cgiparams{'KEY'}}[1].key") or die;
print CLIENTCONF "key$confighash{$cgiparams{'KEY'}}[1].key\r\n";
print CLIENTCONF ";key$confighash{$cgiparams{'KEY'}}[1].key\r\n"; } else { print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12" , "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; @@ -2311,6 +2314,9 @@ else print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n"; } if ($vpnsettings{'TLSAUTH'} eq 'on') {
- if ($cgiparams{'MODE'} eq 'insecure') {
print CLIENTCONF ";";- } print CLIENTCONF "tls-auth ta.key\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/ta.key",
"ta.key") or die "Can't add file ta.key\n"; } @@ -2335,6 +2341,53 @@ else print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n"; } }
- if ($include_certs) {
- print CLIENTCONF "\r\n";
- # CA
- open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem");
- print CLIENTCONF "<ca>\r\n";
- while (<FILE>) {
chomp($_);print CLIENTCONF "$_\r\n";- }
- print CLIENTCONF "</ca>\r\n\r\n";
- close(FILE);
- # Cert
- open(FILE, "<$file_crt");
- print CLIENTCONF "<cert>\r\n";
- while (<FILE>) {
chomp($_);print CLIENTCONF "$_\r\n";- }
- print CLIENTCONF "</cert>\r\n\r\n";
- close(FILE);
- # Key
- open(FILE, "<$file_key");
- print CLIENTCONF "<key>\r\n";
- while (<FILE>) {
chomp($_);print CLIENTCONF "$_\r\n";- }
- print CLIENTCONF "</key>\r\n\r\n";
- close(FILE);
- # TLS auth
- if ($vpnsettings{'TLSAUTH'} eq 'on') {
open(FILE, "<${General::swroot}/ovpn/certs/ta.key");print CLIENTCONF "<tls-auth>\r\n";while (<FILE>) {chomp($_);print CLIENTCONF "$_\r\n";}print CLIENTCONF "</tls-auth>\r\n\r\n";close(FILE);- }
- }
- # Print client.conf.local if entries exist to client.ovpn if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'}
eq 'on') { open (LCC, "$local_clientconf");