diff options
| author | jim-p <jimp@pfsense.org> | 2012-07-01 15:40:52 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2012-07-01 15:40:52 -0400 |
| commit | e27491c9f1609c76e4189806386ef45071efef1d (patch) | |
| tree | e25b7c94235470ab6e836b33ce491683dcbc8f9b /config/openvpn-client-export/openvpn-client-export.inc | |
| parent | e27c484b01b55b6d1198f46aefb84ac6fc23afb0 (diff) | |
| download | pfsense-packages-e27491c9f1609c76e4189806386ef45071efef1d.tar.gz pfsense-packages-e27491c9f1609c76e4189806386ef45071efef1d.tar.bz2 pfsense-packages-e27491c9f1609c76e4189806386ef45071efef1d.zip | |
Add inline config format that the openvpn client for android likes (ca, cert, key, tls-auth inside single config file) to the export package.
Diffstat (limited to 'config/openvpn-client-export/openvpn-client-export.inc')
| -rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 105 |
1 files changed, 65 insertions, 40 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 1852be46..c2082374 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -227,17 +227,28 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $prefix = openvpn_client_export_prefix($srvid); $cafile = "{$prefix}-ca.crt"; if($nokeys == false) { - if ($usetoken) { + if ($expformat == "inline") { + $conf .= "ca [inline]{$nl}"; + $conf .= "cert [inline]{$nl}"; + $conf .= "key [inline]{$nl}"; + } elseif ($usetoken) { $conf .= "ca {$cafile}{$nl}"; $conf .= "cryptoapicert \"SUBJ:{$user['name']}\"{$nl}"; } else { $conf .= "pkcs12 {$prefix}.p12{$nl}"; } - } else if ($settings['mode'] == "server_user") - $conf .= "ca {$cafile}{$nl}"; + } else if ($settings['mode'] == "server_user") { + if ($expformat == "inline") + $conf .= "ca [inline]{$nl}"; + else + $conf .= "ca {$cafile}{$nl}"; + } if ($settings['tls'] && !$skiptls) { - $conf .= "tls-auth {$prefix}-tls.key 1{$nl}"; + if ($expformat == "inline") + $conf .= "tls-auth [inline] 1{$nl}"; + else + $conf .= "tls-auth {$prefix}-tls.key 1{$nl}"; } // Prevent MITM attacks by verifying the server certificate. @@ -264,42 +275,56 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= $advancedoptions; $conf .= $nl; - if ($expformat == "zip") { - // create template directory - $tempdir = "{$g['tmp_path']}/{$prefix}"; - mkdir($tempdir, 0700, true); - - file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf); - - $cafile = "{$tempdir}/{$cafile}"; - file_put_contents("{$cafile}", base64_decode($server_ca['crt'])); - if ($settings['tls']) { - $tlsfile = "{$tempdir}/{$prefix}-tls.key"; - file_put_contents($tlsfile, base64_decode($settings['tls'])); - } - - // write key files - if ($settings['mode'] != "server_user") { - $crtfile = "{$tempdir}/{$prefix}-cert.crt"; - file_put_contents($crtfile, base64_decode($cert['crt'])); - $keyfile = "{$tempdir}/{$prefix}.key"; - file_put_contents($keyfile, base64_decode($cert['prv'])); - - // convert to pkcs12 format - $p12file = "{$tempdir}/{$prefix}.p12"; - if ($usetoken) - openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); - else - openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); - - } - exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}"); - - // Remove temporary directory - exec("rm -rf {$tempdir}"); - return $g['tmp_path'] . "/{$prefix}-config.zip"; - } else - return $conf; + switch ($expformat) { + case "zip": + // create template directory + $tempdir = "{$g['tmp_path']}/{$prefix}"; + mkdir($tempdir, 0700, true); + + file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf); + + $cafile = "{$tempdir}/{$cafile}"; + file_put_contents("{$cafile}", base64_decode($server_ca['crt'])); + if ($settings['tls']) { + $tlsfile = "{$tempdir}/{$prefix}-tls.key"; + file_put_contents($tlsfile, base64_decode($settings['tls'])); + } + + // write key files + if ($settings['mode'] != "server_user") { + $crtfile = "{$tempdir}/{$prefix}-cert.crt"; + file_put_contents($crtfile, base64_decode($cert['crt'])); + $keyfile = "{$tempdir}/{$prefix}.key"; + file_put_contents($keyfile, base64_decode($cert['prv'])); + + // convert to pkcs12 format + $p12file = "{$tempdir}/{$prefix}.p12"; + if ($usetoken) + openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); + else + openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); + } + exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}"); + // Remove temporary directory + exec("rm -rf {$tempdir}"); + return $g['tmp_path'] . "/{$prefix}-config.zip"; + break; + case "inline": + // Inline CA + $conf .= "<ca>{$nl}" . base64_decode($server_ca['crt']) . "</ca>{$nl}"; + if ($settings['mode'] != "server_user") { + // Inline Cert + $conf .= "<cert>{$nl}" . base64_decode($cert['crt']) . "</cert>{$nl}"; + // Inline Key + $conf .= "<key>{$nl}" . base64_decode($cert['prv']) . "</key>{$nl}"; + } + // Inline TLS + if ($settings['tls']) { + $conf .= "<tls-auth>{$nl}" . base64_decode($settings['tls']) . "</tls-auth>{$nl} key-direction 1{$nl}"; + } + default: + return $conf; + } } function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) { |