aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2012-07-01 15:40:52 -0400
committerjim-p <jimp@pfsense.org>2012-07-01 15:40:52 -0400
commite27491c9f1609c76e4189806386ef45071efef1d (patch)
treee25b7c94235470ab6e836b33ce491683dcbc8f9b
parente27c484b01b55b6d1198f46aefb84ac6fc23afb0 (diff)
downloadpfsense-packages-e27491c9f1609c76e4189806386ef45071efef1d.tar.gz
pfsense-packages-e27491c9f1609c76e4189806386ef45071efef1d.tar.bz2
pfsense-packages-e27491c9f1609c76e4189806386ef45071efef1d.zip
Add inline config format that the openvpn client for android likes (ca, cert, key, tls-auth inside single config file) to the export package.
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc105
-rwxr-xr-xconfig/openvpn-client-export/vpn_openvpn_export.php32
2 files changed, 88 insertions, 49 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 1852be46..c2082374 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -227,17 +227,28 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
$prefix = openvpn_client_export_prefix($srvid);
$cafile = "{$prefix}-ca.crt";
if($nokeys == false) {
- if ($usetoken) {
+ if ($expformat == "inline") {
+ $conf .= "ca [inline]{$nl}";
+ $conf .= "cert [inline]{$nl}";
+ $conf .= "key [inline]{$nl}";
+ } elseif ($usetoken) {
$conf .= "ca {$cafile}{$nl}";
$conf .= "cryptoapicert \"SUBJ:{$user['name']}\"{$nl}";
} else {
$conf .= "pkcs12 {$prefix}.p12{$nl}";
}
- } else if ($settings['mode'] == "server_user")
- $conf .= "ca {$cafile}{$nl}";
+ } else if ($settings['mode'] == "server_user") {
+ if ($expformat == "inline")
+ $conf .= "ca [inline]{$nl}";
+ else
+ $conf .= "ca {$cafile}{$nl}";
+ }
if ($settings['tls'] && !$skiptls) {
- $conf .= "tls-auth {$prefix}-tls.key 1{$nl}";
+ if ($expformat == "inline")
+ $conf .= "tls-auth [inline] 1{$nl}";
+ else
+ $conf .= "tls-auth {$prefix}-tls.key 1{$nl}";
}
// Prevent MITM attacks by verifying the server certificate.
@@ -264,42 +275,56 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
$conf .= $advancedoptions;
$conf .= $nl;
- if ($expformat == "zip") {
- // create template directory
- $tempdir = "{$g['tmp_path']}/{$prefix}";
- mkdir($tempdir, 0700, true);
-
- file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf);
-
- $cafile = "{$tempdir}/{$cafile}";
- file_put_contents("{$cafile}", base64_decode($server_ca['crt']));
- if ($settings['tls']) {
- $tlsfile = "{$tempdir}/{$prefix}-tls.key";
- file_put_contents($tlsfile, base64_decode($settings['tls']));
- }
-
- // write key files
- if ($settings['mode'] != "server_user") {
- $crtfile = "{$tempdir}/{$prefix}-cert.crt";
- file_put_contents($crtfile, base64_decode($cert['crt']));
- $keyfile = "{$tempdir}/{$prefix}.key";
- file_put_contents($keyfile, base64_decode($cert['prv']));
-
- // convert to pkcs12 format
- $p12file = "{$tempdir}/{$prefix}.p12";
- if ($usetoken)
- openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile);
- else
- openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile);
-
- }
- exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
-
- // Remove temporary directory
- exec("rm -rf {$tempdir}");
- return $g['tmp_path'] . "/{$prefix}-config.zip";
- } else
- return $conf;
+ switch ($expformat) {
+ case "zip":
+ // create template directory
+ $tempdir = "{$g['tmp_path']}/{$prefix}";
+ mkdir($tempdir, 0700, true);
+
+ file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf);
+
+ $cafile = "{$tempdir}/{$cafile}";
+ file_put_contents("{$cafile}", base64_decode($server_ca['crt']));
+ if ($settings['tls']) {
+ $tlsfile = "{$tempdir}/{$prefix}-tls.key";
+ file_put_contents($tlsfile, base64_decode($settings['tls']));
+ }
+
+ // write key files
+ if ($settings['mode'] != "server_user") {
+ $crtfile = "{$tempdir}/{$prefix}-cert.crt";
+ file_put_contents($crtfile, base64_decode($cert['crt']));
+ $keyfile = "{$tempdir}/{$prefix}.key";
+ file_put_contents($keyfile, base64_decode($cert['prv']));
+
+ // convert to pkcs12 format
+ $p12file = "{$tempdir}/{$prefix}.p12";
+ if ($usetoken)
+ openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile);
+ else
+ openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile);
+ }
+ exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
+ // Remove temporary directory
+ exec("rm -rf {$tempdir}");
+ return $g['tmp_path'] . "/{$prefix}-config.zip";
+ break;
+ case "inline":
+ // Inline CA
+ $conf .= "<ca>{$nl}" . base64_decode($server_ca['crt']) . "</ca>{$nl}";
+ if ($settings['mode'] != "server_user") {
+ // Inline Cert
+ $conf .= "<cert>{$nl}" . base64_decode($cert['crt']) . "</cert>{$nl}";
+ // Inline Key
+ $conf .= "<key>{$nl}" . base64_decode($cert['prv']) . "</key>{$nl}";
+ }
+ // Inline TLS
+ if ($settings['tls']) {
+ $conf .= "<tls-auth>{$nl}" . base64_decode($settings['tls']) . "</tls-auth>{$nl} key-direction 1{$nl}";
+ }
+ default:
+ return $conf;
+ }
}
function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) {
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index dceaf20f..dd56ee0e 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -138,6 +138,8 @@ if (!empty($act)) {
$advancedoptions = $_GET['advancedoptions'];
$usetoken = $_GET['usetoken'];
+ if ($usetoken && ($act == "confinline"))
+ $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration.";
$password = "";
if ($_GET['password'])
$password = $_GET['password'];
@@ -168,13 +170,19 @@ if (!empty($act)) {
$exp_name = openvpn_client_export_prefix($srvid);
- if($act == "conf" || $act == "confzip") {
- if ($act == "confzip") {
- $exp_name = urlencode($exp_name."-config.zip");
- $expformat = "zip";
- } else {
- $exp_name = urlencode($exp_name."-config.ovpn");
- $expformat = "baseconf";
+ if(substr($act, 0, 4) == "conf") {
+ switch ($act) {
+ case "confzip":
+ $exp_name = urlencode($exp_name."-config.zip");
+ $expformat = "zip";
+ break;
+ case "confinline":
+ $exp_name = urlencode($exp_name."-config.ovpn");
+ $expformat = "inline";
+ break;
+ default:
+ $exp_name = urlencode($exp_name."-config.ovpn");
+ $expformat = "baseconf";
}
$exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $advancedoptions);
}
@@ -194,7 +202,7 @@ if (!empty($act)) {
}
if (empty($input_errors)) {
- if ($act == "conf") {
+ if (($act == "conf") || ($act == "confinline")) {
$exp_size = strlen($exp_path);
} else {
$exp_size = filesize($exp_path);
@@ -204,7 +212,7 @@ if (!empty($act)) {
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename={$exp_name}");
header("Content-Length: $exp_size");
- if ($act == "conf") {
+ if (($act == "conf") || ($act == "confinline")) {
echo $exp_path;
} else {
readfile($exp_path);
@@ -374,6 +382,8 @@ function server_changed() {
cell2.className = "listr";
cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ", -1)'>Configuration</a>";
cell2.innerHTML += "<br/>";
+ cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ", -1)'>Inline Configuration</a>";
+ cell2.innerHTML += "<br/>";
cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\"," + i + ", -1)'>Configuration archive</a>";
cell2.innerHTML += "<br/>";
cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ", -1)'>Windows Installer</a>";
@@ -396,6 +406,8 @@ function server_changed() {
cell2.className = "listr";
cell2.innerHTML = "<a href='javascript:download_begin(\"conf\", -1," + j + ")'>Configuration</a>";
cell2.innerHTML += "<br/>";
+ cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\", -1," + j + ")'>Inline Configuration</a>";
+ cell2.innerHTML += "<br/>";
cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\", -1," + j + ")'>Configuration archive</a>";
cell2.innerHTML += "<br/>";
cell2.innerHTML += "<a href='javascript:download_begin(\"inst\", -1," + j + ")'>Windows Installer</a>";
@@ -414,6 +426,8 @@ function server_changed() {
cell2.className = "listr";
cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ")'>Configuration</a>";
cell2.innerHTML += "<br/>";
+ cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ")'>Inline Configuration</a>";
+ cell2.innerHTML += "<br/>";
cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\"," + i + ")'>Configuration archive</a>";
cell2.innerHTML += "<br/>";
cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>Windows Installer</a>";