This will allow to import just the configuration file into iOS and establish the VPN connection. Also works with many other OpenVPN clients.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- html/cgi-bin/ovpnmain.cgi | 59 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 56 insertions(+), 3 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 7c9ff95..bdbd229 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2267,11 +2267,14 @@ else my $file_crt = new File::Temp( UNLINK => 1 ); my $file_key = new File::Temp( UNLINK => 1 ); + my $include_certs = 0;
if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { if ($cgiparams{'MODE'} eq 'insecure') { + $include_certs = 1; + # Add the CA - print CLIENTCONF "ca cacert.pem\r\n"; + print CLIENTCONF ";ca cacert.pem\r\n"; $zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
# Extract the certificate @@ -2282,7 +2285,7 @@ else }
$zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die; - print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n"; + print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n";
# Extract the key system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", @@ -2292,7 +2295,7 @@ else }
$zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die; - print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n"; + print CLIENTCONF ";key $confighash{$cgiparams{'KEY'}}[1].key\r\n"; } else { print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; @@ -2311,6 +2314,9 @@ else print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n"; } if ($vpnsettings{'TLSAUTH'} eq 'on') { + if ($cgiparams{'MODE'} eq 'insecure') { + print CLIENTCONF ";"; + } print CLIENTCONF "tls-auth ta.key\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n"; } @@ -2335,6 +2341,53 @@ else print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n"; } } + + if ($include_certs) { + print CLIENTCONF "\r\n"; + + # CA + open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem"); + print CLIENTCONF "<ca>\r\n"; + while (<FILE>) { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "</ca>\r\n\r\n"; + close(FILE); + + # Cert + open(FILE, "<$file_crt"); + print CLIENTCONF "<cert>\r\n"; + while (<FILE>) { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "</cert>\r\n\r\n"; + close(FILE); + + # Key + open(FILE, "<$file_key"); + print CLIENTCONF "<key>\r\n"; + while (<FILE>) { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "</key>\r\n\r\n"; + close(FILE); + + # TLS auth + if ($vpnsettings{'TLSAUTH'} eq 'on') { + open(FILE, "<${General::swroot}/ovpn/certs/ta.key"); + print CLIENTCONF "<tls-auth>\r\n"; + while (<FILE>) { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "</tls-auth>\r\n\r\n"; + close(FILE); + } + } + # Print client.conf.local if entries exist to client.ovpn if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') { open (LCC, "$local_clientconf");