From 41a8cf4c2d48e9c9012b6e4e8f15b69015f1b2f3 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 30 Oct 2015 15:40:47 +0000 Subject: [PATCH] openvpn: Embed the certificate and key file into configuration This will allow to import just the configuration file into iOS and establish the VPN connection. Also works with many other OpenVPN clients. Signed-off-by: Michael Tremer --- html/cgi-bin/ovpnmain.cgi | 59 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 56 insertions(+), 3 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 7c9ff95ff7..bdbd22925a 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2267,11 +2267,14 @@ else my $file_crt = new File::Temp( UNLINK => 1 ); my $file_key = new File::Temp( UNLINK => 1 ); + my $include_certs = 0; if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { if ($cgiparams{'MODE'} eq 'insecure') { + $include_certs = 1; + # Add the CA - print CLIENTCONF "ca cacert.pem\r\n"; + print CLIENTCONF ";ca cacert.pem\r\n"; $zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n"; # Extract the certificate @@ -2282,7 +2285,7 @@ else } $zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die; - print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n"; + print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n"; # Extract the key system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", @@ -2292,7 +2295,7 @@ else } $zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die; - print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n"; + print CLIENTCONF ";key $confighash{$cgiparams{'KEY'}}[1].key\r\n"; } else { print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; @@ -2311,6 +2314,9 @@ else print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n"; } if ($vpnsettings{'TLSAUTH'} eq 'on') { + if ($cgiparams{'MODE'} eq 'insecure') { + print CLIENTCONF ";"; + } print CLIENTCONF "tls-auth ta.key\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n"; } @@ -2335,6 +2341,53 @@ else print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n"; } } + + if ($include_certs) { + print CLIENTCONF "\r\n"; + + # CA + open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + + # Cert + open(FILE, "<$file_crt"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + + # Key + open(FILE, "<$file_key"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + + # TLS auth + if ($vpnsettings{'TLSAUTH'} eq 'on') { + open(FILE, "<${General::swroot}/ovpn/certs/ta.key"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + } + } + # Print client.conf.local if entries exist to client.ovpn if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') { open (LCC, "$local_clientconf"); -- 2.39.5