webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 02:55:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

openvpn: Embed the certificate and key file into configuration

Browse Source 
This will allow to import just the configuration file
into iOS and establish the VPN connection. Also works
with many other OpenVPN clients.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2015-10-30 15:47:22 +00:00
parent 71af643cda
commit b22d8aaf4a
1 changed files with 56 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
html/cgi-bin/ovpnmain.cgi
View File

@@ -2268,11 +2268,14 @@ else
my $file_crt = new File::Temp( UNLINK => 1 );
my $file_key = new File::Temp( UNLINK => 1 );
my $include_certs = 0;
if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
if ($cgiparams{'MODE'} eq 'insecure') {
$include_certs = 1;
# Add the CA
print CLIENTCONF "ca cacert.pem\r\n";
print CLIENTCONF ";ca cacert.pem\r\n";
$zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
# Extract the certificate
@@ -2283,7 +2286,7 @@ else
}
$zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die;
print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n";
print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n";
# Extract the key
system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
@@ -2293,7 +2296,7 @@ else
}
$zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die;
print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
print CLIENTCONF ";key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
} else {
print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
@@ -2312,6 +2315,9 @@ else
print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
}
if ($vpnsettings{'TLSAUTH'} eq 'on') {
if ($cgiparams{'MODE'} eq 'insecure') {
print CLIENTCONF ";";
}
print CLIENTCONF "tls-auth ta.key\r\n";
$zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n";
}
@@ -2336,6 +2342,53 @@ else
print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n";
}
}
if ($include_certs) {
print CLIENTCONF "\r\n";
# CA
open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem");
print CLIENTCONF "<ca>\r\n";
while (<FILE>) {
chomp($_);
print CLIENTCONF "$_\r\n";
}
print CLIENTCONF "</ca>\r\n\r\n";
close(FILE);
# Cert
open(FILE, "<$file_crt");
print CLIENTCONF "<cert>\r\n";
while (<FILE>) {
chomp($_);
print CLIENTCONF "$_\r\n";
}
print CLIENTCONF "</cert>\r\n\r\n";
close(FILE);
# Key
open(FILE, "<$file_key");
print CLIENTCONF "<key>\r\n";
while (<FILE>) {
chomp($_);
print CLIENTCONF "$_\r\n";
}
print CLIENTCONF "</key>\r\n\r\n";
close(FILE);
# TLS auth
if ($vpnsettings{'TLSAUTH'} eq 'on') {
open(FILE, "<${General::swroot}/ovpn/certs/ta.key");
print CLIENTCONF "<tls-auth>\r\n";
while (<FILE>) {
chomp($_);
print CLIENTCONF "$_\r\n";
}
print CLIENTCONF "</tls-auth>\r\n\r\n";
close(FILE);
}
}
# Print client.conf.local if entries exist to client.ovpn
if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
open (LCC, "$local_clientconf");