From: Michael Tremer Date: Fri, 30 Oct 2015 15:40:47 +0000 (+0000) Subject: openvpn: Embed the certificate and key file into configuration X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=41a8cf4c2d48e9c9012b6e4e8f15b69015f1b2f3;p=people%2Fms%2Fipfire-2.x.git openvpn: Embed the certificate and key file into configuration This will allow to import just the configuration file into iOS and establish the VPN connection. Also works with many other OpenVPN clients. Signed-off-by: Michael Tremer --- diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 7c9ff95ff7..bdbd22925a 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2267,11 +2267,14 @@ else my $file_crt = new File::Temp( UNLINK => 1 ); my $file_key = new File::Temp( UNLINK => 1 ); + my $include_certs = 0; if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { if ($cgiparams{'MODE'} eq 'insecure') { + $include_certs = 1; + # Add the CA - print CLIENTCONF "ca cacert.pem\r\n"; + print CLIENTCONF ";ca cacert.pem\r\n"; $zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n"; # Extract the certificate @@ -2282,7 +2285,7 @@ else } $zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die; - print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n"; + print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n"; # Extract the key system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", @@ -2292,7 +2295,7 @@ else } $zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die; - print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n"; + print CLIENTCONF ";key $confighash{$cgiparams{'KEY'}}[1].key\r\n"; } else { print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; @@ -2311,6 +2314,9 @@ else print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n"; } if ($vpnsettings{'TLSAUTH'} eq 'on') { + if ($cgiparams{'MODE'} eq 'insecure') { + print CLIENTCONF ";"; + } print CLIENTCONF "tls-auth ta.key\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n"; } @@ -2335,6 +2341,53 @@ else print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n"; } } + + if ($include_certs) { + print CLIENTCONF "\r\n"; + + # CA + open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + + # Cert + open(FILE, "<$file_crt"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + + # Key + open(FILE, "<$file_key"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + + # TLS auth + if ($vpnsettings{'TLSAUTH'} eq 'on') { + open(FILE, "<${General::swroot}/ovpn/certs/ta.key"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + } + } + # Print client.conf.local if entries exist to client.ovpn if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') { open (LCC, "$local_clientconf");