diff options
author | jim-p <jimp@pfsense.org> | 2012-07-01 15:40:52 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-07-01 15:40:52 -0400 |
commit | e27491c9f1609c76e4189806386ef45071efef1d (patch) | |
tree | e25b7c94235470ab6e836b33ce491683dcbc8f9b /config | |
parent | e27c484b01b55b6d1198f46aefb84ac6fc23afb0 (diff) | |
download | pfsense-packages-e27491c9f1609c76e4189806386ef45071efef1d.tar.gz pfsense-packages-e27491c9f1609c76e4189806386ef45071efef1d.tar.bz2 pfsense-packages-e27491c9f1609c76e4189806386ef45071efef1d.zip |
Add inline config format that the openvpn client for android likes (ca, cert, key, tls-auth inside single config file) to the export package.
Diffstat (limited to 'config')
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 105 | ||||
-rwxr-xr-x | config/openvpn-client-export/vpn_openvpn_export.php | 32 |
2 files changed, 88 insertions, 49 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 1852be46..c2082374 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -227,17 +227,28 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $prefix = openvpn_client_export_prefix($srvid); $cafile = "{$prefix}-ca.crt"; if($nokeys == false) { - if ($usetoken) { + if ($expformat == "inline") { + $conf .= "ca [inline]{$nl}"; + $conf .= "cert [inline]{$nl}"; + $conf .= "key [inline]{$nl}"; + } elseif ($usetoken) { $conf .= "ca {$cafile}{$nl}"; $conf .= "cryptoapicert \"SUBJ:{$user['name']}\"{$nl}"; } else { $conf .= "pkcs12 {$prefix}.p12{$nl}"; } - } else if ($settings['mode'] == "server_user") - $conf .= "ca {$cafile}{$nl}"; + } else if ($settings['mode'] == "server_user") { + if ($expformat == "inline") + $conf .= "ca [inline]{$nl}"; + else + $conf .= "ca {$cafile}{$nl}"; + } if ($settings['tls'] && !$skiptls) { - $conf .= "tls-auth {$prefix}-tls.key 1{$nl}"; + if ($expformat == "inline") + $conf .= "tls-auth [inline] 1{$nl}"; + else + $conf .= "tls-auth {$prefix}-tls.key 1{$nl}"; } // Prevent MITM attacks by verifying the server certificate. @@ -264,42 +275,56 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= $advancedoptions; $conf .= $nl; - if ($expformat == "zip") { - // create template directory - $tempdir = "{$g['tmp_path']}/{$prefix}"; - mkdir($tempdir, 0700, true); - - file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf); - - $cafile = "{$tempdir}/{$cafile}"; - file_put_contents("{$cafile}", base64_decode($server_ca['crt'])); - if ($settings['tls']) { - $tlsfile = "{$tempdir}/{$prefix}-tls.key"; - file_put_contents($tlsfile, base64_decode($settings['tls'])); - } - - // write key files - if ($settings['mode'] != "server_user") { - $crtfile = "{$tempdir}/{$prefix}-cert.crt"; - file_put_contents($crtfile, base64_decode($cert['crt'])); - $keyfile = "{$tempdir}/{$prefix}.key"; - file_put_contents($keyfile, base64_decode($cert['prv'])); - - // convert to pkcs12 format - $p12file = "{$tempdir}/{$prefix}.p12"; - if ($usetoken) - openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); - else - openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); - - } - exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}"); - - // Remove temporary directory - exec("rm -rf {$tempdir}"); - return $g['tmp_path'] . "/{$prefix}-config.zip"; - } else - return $conf; + switch ($expformat) { + case "zip": + // create template directory + $tempdir = "{$g['tmp_path']}/{$prefix}"; + mkdir($tempdir, 0700, true); + + file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf); + + $cafile = "{$tempdir}/{$cafile}"; + file_put_contents("{$cafile}", base64_decode($server_ca['crt'])); + if ($settings['tls']) { + $tlsfile = "{$tempdir}/{$prefix}-tls.key"; + file_put_contents($tlsfile, base64_decode($settings['tls'])); + } + + // write key files + if ($settings['mode'] != "server_user") { + $crtfile = "{$tempdir}/{$prefix}-cert.crt"; + file_put_contents($crtfile, base64_decode($cert['crt'])); + $keyfile = "{$tempdir}/{$prefix}.key"; + file_put_contents($keyfile, base64_decode($cert['prv'])); + + // convert to pkcs12 format + $p12file = "{$tempdir}/{$prefix}.p12"; + if ($usetoken) + openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); + else + openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); + } + exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}"); + // Remove temporary directory + exec("rm -rf {$tempdir}"); + return $g['tmp_path'] . "/{$prefix}-config.zip"; + break; + case "inline": + // Inline CA + $conf .= "<ca>{$nl}" . base64_decode($server_ca['crt']) . "</ca>{$nl}"; + if ($settings['mode'] != "server_user") { + // Inline Cert + $conf .= "<cert>{$nl}" . base64_decode($cert['crt']) . "</cert>{$nl}"; + // Inline Key + $conf .= "<key>{$nl}" . base64_decode($cert['prv']) . "</key>{$nl}"; + } + // Inline TLS + if ($settings['tls']) { + $conf .= "<tls-auth>{$nl}" . base64_decode($settings['tls']) . "</tls-auth>{$nl} key-direction 1{$nl}"; + } + default: + return $conf; + } } function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) { diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index dceaf20f..dd56ee0e 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -138,6 +138,8 @@ if (!empty($act)) { $advancedoptions = $_GET['advancedoptions']; $usetoken = $_GET['usetoken']; + if ($usetoken && ($act == "confinline")) + $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration."; $password = ""; if ($_GET['password']) $password = $_GET['password']; @@ -168,13 +170,19 @@ if (!empty($act)) { $exp_name = openvpn_client_export_prefix($srvid); - if($act == "conf" || $act == "confzip") { - if ($act == "confzip") { - $exp_name = urlencode($exp_name."-config.zip"); - $expformat = "zip"; - } else { - $exp_name = urlencode($exp_name."-config.ovpn"); - $expformat = "baseconf"; + if(substr($act, 0, 4) == "conf") { + switch ($act) { + case "confzip": + $exp_name = urlencode($exp_name."-config.zip"); + $expformat = "zip"; + break; + case "confinline": + $exp_name = urlencode($exp_name."-config.ovpn"); + $expformat = "inline"; + break; + default: + $exp_name = urlencode($exp_name."-config.ovpn"); + $expformat = "baseconf"; } $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $advancedoptions); } @@ -194,7 +202,7 @@ if (!empty($act)) { } if (empty($input_errors)) { - if ($act == "conf") { + if (($act == "conf") || ($act == "confinline")) { $exp_size = strlen($exp_path); } else { $exp_size = filesize($exp_path); @@ -204,7 +212,7 @@ if (!empty($act)) { header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); - if ($act == "conf") { + if (($act == "conf") || ($act == "confinline")) { echo $exp_path; } else { readfile($exp_path); @@ -374,6 +382,8 @@ function server_changed() { cell2.className = "listr"; cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ", -1)'>Configuration</a>"; cell2.innerHTML += "<br/>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ", -1)'>Inline Configuration</a>"; + cell2.innerHTML += "<br/>"; cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\"," + i + ", -1)'>Configuration archive</a>"; cell2.innerHTML += "<br/>"; cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ", -1)'>Windows Installer</a>"; @@ -396,6 +406,8 @@ function server_changed() { cell2.className = "listr"; cell2.innerHTML = "<a href='javascript:download_begin(\"conf\", -1," + j + ")'>Configuration</a>"; cell2.innerHTML += "<br/>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\", -1," + j + ")'>Inline Configuration</a>"; + cell2.innerHTML += "<br/>"; cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\", -1," + j + ")'>Configuration archive</a>"; cell2.innerHTML += "<br/>"; cell2.innerHTML += "<a href='javascript:download_begin(\"inst\", -1," + j + ")'>Windows Installer</a>"; @@ -414,6 +426,8 @@ function server_changed() { cell2.className = "listr"; cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ")'>Configuration</a>"; cell2.innerHTML += "<br/>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ")'>Inline Configuration</a>"; + cell2.innerHTML += "<br/>"; cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\"," + i + ")'>Configuration archive</a>"; cell2.innerHTML += "<br/>"; cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>Windows Installer</a>"; |