diff options
Diffstat (limited to 'config/openvpn-client-export')
14 files changed, 912 insertions, 0 deletions
diff --git a/config/openvpn-client-export/client-export/template/7zS.sfx b/config/openvpn-client-export/client-export/template/7zS.sfx Binary files differnew file mode 100755 index 00000000..f72ac75e --- /dev/null +++ b/config/openvpn-client-export/client-export/template/7zS.sfx diff --git a/config/openvpn-client-export/client-export/template/config-import b/config/openvpn-client-export/client-export/template/config-import new file mode 100755 index 00000000..6b4465c2 --- /dev/null +++ b/config/openvpn-client-export/client-export/template/config-import @@ -0,0 +1,3 @@ +;!@Install@!UTF-8!
+RunProgram="procchain.exe procchain-import"
+;!@InstallEnd@!
diff --git a/config/openvpn-client-export/client-export/template/config-standard b/config/openvpn-client-export/client-export/template/config-standard new file mode 100755 index 00000000..19e410e9 --- /dev/null +++ b/config/openvpn-client-export/client-export/template/config-standard @@ -0,0 +1,3 @@ +;!@Install@!UTF-8!
+RunProgram="procchain.exe procchain-standard"
+;!@InstallEnd@!
diff --git a/config/openvpn-client-export/client-export/template/openvpn-postinstall.exe b/config/openvpn-client-export/client-export/template/openvpn-postinstall.exe Binary files differnew file mode 100755 index 00000000..903885d8 --- /dev/null +++ b/config/openvpn-client-export/client-export/template/openvpn-postinstall.exe diff --git a/config/openvpn-client-export/client-export/template/procchain-import b/config/openvpn-client-export/client-export/template/procchain-import new file mode 100755 index 00000000..3b7c74fb --- /dev/null +++ b/config/openvpn-client-export/client-export/template/procchain-import @@ -0,0 +1,2 @@ +"openvpn-install.exe"
+"openvpn-postinstall.exe" /Import
diff --git a/config/openvpn-client-export/client-export/template/procchain-standard b/config/openvpn-client-export/client-export/template/procchain-standard new file mode 100755 index 00000000..b9d1a1e5 --- /dev/null +++ b/config/openvpn-client-export/client-export/template/procchain-standard @@ -0,0 +1,2 @@ +"openvpn-install.exe"
+"openvpn-postinstall.exe"
diff --git a/config/openvpn-client-export/client-export/template/procchain.exe b/config/openvpn-client-export/client-export/template/procchain.exe Binary files differnew file mode 100755 index 00000000..924e7a47 --- /dev/null +++ b/config/openvpn-client-export/client-export/template/procchain.exe diff --git a/config/openvpn-client-export/client-export/vpn_openvpn_export.php b/config/openvpn-client-export/client-export/vpn_openvpn_export.php new file mode 100755 index 00000000..e5d474cb --- /dev/null +++ b/config/openvpn-client-export/client-export/vpn_openvpn_export.php @@ -0,0 +1,362 @@ +<?php +/* + vpn_openvpn_export.php + + Copyright (C) 2008 Shrew Soft Inc. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + DISABLE_PHP_LINT_CHECKING +*/ + +require("guiconfig.inc"); +require("openvpn-client-export.inc"); + +$pgtitle = array("OpenVPN", "Client Export Utility"); + +if (!is_array($config['openvpn']['openvpn-server'])) + $config['openvpn']['openvpn-server'] = array(); + +$a_server = $config['openvpn']['openvpn-server']; + +if (!is_array($config['system']['user'])) + $config['system']['user'] = array(); + +$a_user = $config['system']['user']; + +$ras_server = array(); +foreach($a_server as $sindex => & $server) { + $ras_user = array(); + if (stripos($server['mode'], "server") === false) + continue; + foreach($a_user as $uindex => & $user) { + if (!is_array($user['cert'])) + continue; + foreach($user['cert'] as $cindex => & $cert) { + if ($cert['caref'] != $server['caref']) + continue; + $ras_userent = array(); + $ras_userent['uindex'] = $uindex; + $ras_userent['cindex'] = $cindex; + $ras_userent['name'] = $user['name']; + $ras_userent['certname'] = $cert['name']; + $ras_user[] = $ras_userent; + } + } + if (!count($ras_user)) + continue; + $ras_serverent = array(); + $prot = $server['protocol']; + $port = $server['local_port']; + if ($server['description']) + $name = "{$server['description']} {$prot}:{$port}"; + else + $name = "Server {$prot}:{$port}"; + $ras_serverent['index'] = $sindex; + $ras_serverent['name'] = $name; + $ras_serverent['users'] = $ras_user; + $ras_server[] = $ras_serverent; +} + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +$act = $_GET['act']; +if (isset($_POST['act'])) + $act = $_POST['act']; + +if($act == "conf") { + $srvid = $_GET['srvid']; + $usrid = $_GET['usrid']; + $crtid = $_GET['crtid']; + if (($srvid === false) || ($usrid === false) || ($crtid === false)) { + pfSenseHeader("vpn_openvpn_export.php"); + exit; + } + $useaddr = $_GET['useaddr']; + $usetoken = $_GET['usetoken']; + + $exp_name = openvpn_client_export_prefix($srvid); + $exp_name = urlencode($exp_name."-config.ovpn"); + $exp_data = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken); + $exp_size = strlen($exp_data); + + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; +} + +if($act == "inst") { + $srvid = $_GET['srvid']; + $usrid = $_GET['usrid']; + $crtid = $_GET['crtid']; + if (($srvid === false) || ($usrid === false) || ($crtid === false)) { + pfSenseHeader("vpn_openvpn_export.php"); + exit; + } + $useaddr = $_GET['useaddr']; + $usetoken = $_GET['usetoken']; + $password = ""; + if ($_GET['password']) + $password = $_GET['password']; ; + + $exp_name = openvpn_client_export_prefix($srvid); + $exp_name = urlencode($exp_name."-install.exe"); + $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $password); + $exp_size = filesize($exp_path); + + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + readfile($exp_path); + unlink($exp_path); + exit; +} + +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<script language="JavaScript"> +<!-- + +var servers = new Array(); +<?php foreach ($ras_server as $sindex => & $server): ?> +servers[<?=$sindex;?>] = new Array(); +servers[<?=$sindex;?>][0] = '<?=$server['index'];?>'; +servers[<?=$sindex;?>][1] = new Array(); +<?php foreach ($server['users'] as $uindex => & $user): ?> +servers[<?=$sindex;?>][1][<?=$uindex;?>] = new Array(); +servers[<?=$sindex;?>][1][<?=$uindex;?>][0] = '<?=$user['uindex'];?>'; +servers[<?=$sindex;?>][1][<?=$uindex;?>][1] = '<?=$user['cindex'];?>'; +servers[<?=$sindex;?>][1][<?=$uindex;?>][2] = '<?=$user['name'];?>'; +servers[<?=$sindex;?>][1][<?=$uindex;?>][3] = '<?=$user['certname'];?>'; +<? endforeach; ?> +<? endforeach; ?> + +function download_begin(act, i) { + + var index = document.getElementById("server").selectedIndex; + var users = servers[index][1]; + + var useaddr = 0; + if (document.getElementById("useaddr").checked) + useaddr = 1; + var usetoken = 0; + if (document.getElementById("usetoken").checked) + usetoken = 1; + var usepass = 0; + if (document.getElementById("usepass").checked) + usepass = 1; + + var pass = document.getElementById("pass").value; + var conf = document.getElementById("conf").value; + if (usepass && (act == "inst")) { + if (!pass || !conf) { + alert("The password or confirm field is empty"); + return; + } + if (pass != conf) { + alert("The password and confirm fields must match"); + return; + } + } + + var dlurl; + dlurl = "/vpn_openvpn_export.php?act=" + act; + dlurl += "&srvid=" + servers[index][0]; + dlurl += "&usrid=" + users[i][0]; + dlurl += "&crtid=" + users[i][1]; + dlurl += "&useaddr=" + useaddr; + dlurl += "&usetoken=" + usetoken; + if (usepass) + dlurl += "&password=" + pass; + + window.open(dlurl,"_self"); +} + +function server_changed() { + + var table = document.getElementById("users"); + while (table.rows.length > 1 ) + table.deleteRow(1); + + var index = document.getElementById("server").selectedIndex; + var users = servers[index][1]; + for (i=0; i < users.length; i++) { + var row = table.insertRow(table.rows.length); + var cell0 = row.insertCell(0); + var cell1 = row.insertCell(1); + var cell2 = row.insertCell(2); + cell0.className = "listlr"; + cell0.innerHTML = users[i][2]; + cell1.className = "listr"; + cell1.innerHTML = users[i][3]; + cell2.className = "listr"; + cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ")'>Configuration</a>"; + cell2.innerHTML += " / "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>Windows Installer</a>"; + } +} + +function usepass_changed() { + + if (document.getElementById("usepass").checked) + document.getElementById("usepass_opts").style.display = ""; + else + document.getElementById("usepass_opts").style.display = "none"; +} + +//--> +</script> +<?php + if ($input_errors) + print_input_errors($input_errors); + if ($savemsg) + print_info_box($savemsg); +?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php"); + $tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php"); + $tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php"); + $tab_array[] = array(gettext("Client Export"), true, "vpn_openvpn_export.php"); + display_top_tabs($tab_array); + ?> + </td> + </tr> + <tr> + <td id="mainarea"> + <div class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vncellreq">Remote Access Server</td> + <td width="78%" class="vtable"> + <select name="server" id="server" class="formselect" onChange="server_changed()"> + <?php foreach($ras_server as & $server): ?> + <option value="<?=$server['sindex'];?>"><?=$server['name'];?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Host Name Resolution</td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0"> + <tr> + <td> + <input name="useaddr" id="useaddr" type="checkbox" value="yes"> + </td> + <td> + <span class="vexpl"> + Use the server IP address instead of the hostname. + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Certificate Export Options</td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0"> + <tr> + <td> + <input name="usetoken" id="usetoken" type="checkbox" value="yes"> + </td> + <td> + <span class="vexpl"> + Use Microsoft Certificate Storage instead of local files. + </span> + </td> + </tr> + </table> + <table border="0" cellpadding="2" cellspacing="0"> + <tr> + <td> + <input name="usepass" id="usepass" type="checkbox" value="yes" onClick="usepass_changed()" checked> + </td> + <td> + <span class="vexpl"> + Use a password to protect the pkcs12 file contents. + </span> + </td> + </tr> + </table> + <table border="0" cellpadding="2" cellspacing="0" id="usepass_opts"> + <tr> + <td align="right"> + <span class="vexpl"> + Password : + </span> + </td> + <td> + <input name="pass" id="pass" type="password" class="formfld pwd" size="20" value="" /> + </td> + </tr> + <tr> + <td align="right"> + <span class="vexpl"> + Confirm : + </span> + </td> + <td> + <input name="conf" id="conf" type="password" class="formfld pwd" size="20" value="" /> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td colspan="2" class="list" height="12"> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Client Install Packages</td> + </tr> + </table> + <table width="100%" id="users" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="25%" class="listhdrr"><?=gettext("User");?></td> + <td width="50%" class="listhdrr"><?=gettext("Certificate Name");?></td> + <td width="25%" class="listhdrr"><?=gettext("Export");?></td> + </tr> + </table> + </div> + </td> + </tr> +</table> +<script language="JavaScript"> +<!-- +server_changed(); +//--> +</script> +</body> +<?php include("fend.inc"); ?> diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc new file mode 100755 index 00000000..222fe71b --- /dev/null +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -0,0 +1,256 @@ +<?php +/* + openvpn-client-export.inc + Copyright (C) 2008 Shrew Soft Inc + All rights reserved. + + Parts of this code was originally based on vpn_ipsec_sad.php + Copyright (C) 2003-2004 Manuel Kasper + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("globals.inc"); + +function openvpn_client_export_install() { + $tarpath = "/tmp/openvpn-client-export.tgz"; + $phpfile = "vpn_openvpn_export.php"; + $ovpndir = "/usr/local/share/openvpn"; + $workdir = "{$ovpndir}/client-export"; + + if(!is_dir("/usr/local/share/openvpn")) + mkdir("/usr/local/share/openvpn"); + + exec("/usr/bin/tar zxf {$tarpath} -C {$ovpndir}"); + unlink($tarpath); + rename("{$workdir}/{$phpfile}", "/usr/local/www/{$phpfile}"); +} + +function openvpn_client_export_deinstall() { + $phpfile = "vpn_openvpn_export.php"; + $ovpndir = "/usr/local/share/openvpn"; + $workdir = "{$ovpndir}/client-export"; + + unlink_if_exists("/usr/local/www/{$phpfile}"); + exec("/bin/rm -r {$workdir}"); +} + +function openvpn_client_export_prefix($srvid) { + global $config; + + // lookup server settings + $settings = $config['openvpn']['openvpn-server'][$srvid]; + if (empty($settings)) + return false; + if ($settings['disable']) + return false; + + $host = $config['system']['hostname']; + $prot = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-{$mode}"); + $port = $settings['local_port']; + + return "{$host}-{$prot}-{$port}"; +} + +function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $capath = false) { + + if ($capath) + exec("/usr/bin/openssl pkcs12 -export -in {$crtpath} -inkey {$keypath} -certfile {$capath} -out {$outpath} -passout pass:{$outpass}"); + else + exec("/usr/bin/openssl pkcs12 -export -in {$crtpath} -inkey {$keypath} -out {$outpath} -passout pass:{$outpass}"); + + unlink($crtpath); + unlink($keypath); + if ($capath) + unlink($capath); +} + +function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken) { + global $config; + + // lookup server settings + $settings = $config['openvpn']['openvpn-server'][$srvid]; + if (empty($settings)) + return false; + if ($settings['disable']) + return false; + + // lookup server certificate info + $server_cert =& lookup_cert($settings['certref']); + $server_ca =& lookup_ca($server_cert['caref']); + if (!$server_cert || !$server_ca) + return false; + + // lookup user info + $user =& $config['system']['user'][$usrid]; + if (!$user) + return false; + + // determine basic variables + if ($useaddr) { + $interface = $settings['interface']; + if (!$interface) + $interface = 'WAN'; + $iface = convert_friendly_interface_to_real_interface_name($interface); + $lines = explode(' ', trim(shell_exec("ifconfig {$iface} | grep inet | grep -v inet6"))); + $server_host = $lines[1]; + } else + $server_host = "{$config['system']['hostname']}.{$config['system']['domain']}"; + $server_port = $settings['local_port']; + $proto = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-client"); + $cipher = $settings['crypto']; + + // add basic settings + $conf = "dev tun\n"; + $conf .= "persist-tun\n"; + $conf .= "persist-key\n"; + $conf .= "proto {$proto}\n"; + $conf .= "cipher {$cipher}\n"; + $conf .= "tls-client\n"; + $conf .= "client\n"; + $conf .= "resolv-retry infinite\n"; + $conf .= "remote {$server_host} {$server_port}\n"; + + // add user auth settings + switch($settings['mode']) { + case 'server_user': + case 'server_tls_user': + $conf .= "auth-user-pass\n"; + break; + } + + // add key settings + $prefix = openvpn_client_export_prefix($srvid); + if ($usetoken) { + $conf .= "ca {$prefix}-ca.crt\n"; + $conf .= "cryptoapicert \"SUBJ:{$user['name']}\"\n"; + } else { + $conf .= "pkcs12 {$prefix}.p12\n"; + } + + if ($settings['tls']) + $conf .= "tls-auth {$prefix}-tls.key\n"; + + // add optional settings + if ($settings['compression']) + $conf .= "comp-lzo\n"; + if ($settings['passtos']) + $conf .= "passtos\n"; + + return $conf; +} + +function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass) { + global $config, $g; + + $ovpndir = "/usr/local/share/openvpn"; + $workdir = "{$ovpndir}/client-export"; + + // lookup server settings + $settings = $config['openvpn']['openvpn-server'][$srvid]; + if (empty($settings)) + return false; + if ($settings['disable']) + return false; + + // lookup server certificate info + $server_cert =& lookup_cert($settings['certref']); + $server_ca =& lookup_ca($server_cert['caref']); + if (!$server_cert || !$server_ca) + return false; + + // lookup user info + $user =& $config['system']['user'][$usrid]; + if (!$user) + return false; + + // lookup user certificate info + $cert =& $user['cert'][$crtid]; + if (!$cert) + return false; + + // create template directory + $tempdir = $g['tmp_path']."/openvpn-export-".uniqid(); + mkdir($tempdir, 0700, true); + + // create config directory + $confdir = "{$tempdir}/config"; + if (!is_dir($conf_dir)) + mkdir($confdir, 0700, true); + + // copy the template directory + exec("cp -r {$workdir}/template/* {$tempdir}"); + + // write cofiguration file + $prefix = openvpn_client_export_prefix($srvid); + $cfgfile = "{$confdir}/{$prefix}-config.ovpn"; + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken); + if (!$conf) + return false; + file_put_contents($cfgfile, $conf); + + // write key files + $cafile = "{$tempdir}/config/{$prefix}-ca.crt"; + file_put_contents($cafile, base64_decode($server_ca['crt'])); + $crtfile = "{$tempdir}/config/{$prefix}-{$user['name']}.crt"; + file_put_contents($crtfile, base64_decode($cert['crt'])); + $keyfile = "{$tempdir}/config/{$prefix}-{$user['name']}.key"; + file_put_contents($keyfile, base64_decode($cert['prv'])); + if ($settings['tls']) { + $tlsfile = "{$tempdir}/config/{$prefix}-tls.key"; + file_put_contents($tlsfile, base64_decode($settings['tls'])); + } + + // convert to pkcs12 format + $p12file = "{$tempdir}/config/{$prefix}.p12"; + if ($usetoken) + openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); + else + openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); + + // 7zip the configuration data + chdir($tempdir); + $files = "config "; + $files .= "procchain.exe "; + $files .= "openvpn-install.exe "; + $files .= "openvpn-postinstall.exe "; + if ($usetoken) + $files .= "procchain-import"; + else + $files .= "procchain-standard"; + exec("/usr/local/libexec/p7zip/7z -y a archive.7z {$files}"); + + // create the final installer + $outfile = "{$tempdir}-install.exe"; + chdir($g['tmp_path']); + if ($usetoken) + exec("/bin/cat {$tempdir}/7zS.sfx {$tempdir}/config-import {$tempdir}/archive.7z > {$outfile}"); + else + exec("/bin/cat {$tempdir}/7zS.sfx {$tempdir}/config-standard {$tempdir}/archive.7z > {$outfile}"); + + // cleanup + exec("/bin/rm -r {$tempdir}"); + + return $outfile; +} + +?> diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml new file mode 100755 index 00000000..611d6a83 --- /dev/null +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="utf-8" ?> +<packagegui> + <name>OpenVPN Client Export</name> + <version>0.0.1</version> + <title>OpenVPN Client Export</title> + <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> + <backup_file></backup_file> + <aftersaveredirect></aftersaveredirect> + <configpath></configpath> + <tabs> + <tab> + <name>Client Export</name> + <tabgroup>OpenVPN</tabgroup> + <url>/vpn_openvpn_export.php</url> + </tab> + </tabs> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/tmp/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.tgz</item> + </additional_files_needed> + <adddeleteeditpagefields> + <columnitem> + <fielddescr></fielddescr> + <fieldname></fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <fielddescr></fielddescr> + <fieldname></fieldname> + <description></description> + <size></size> + <type></type> + </field> + </fields> + <custom_php_install_command> + openvpn_client_export_install(); + </custom_php_install_command> + <custom_php_deinstall_command> + openvpn_client_export_deinstall(); + </custom_php_deinstall_command> +</packagegui> diff --git a/config/openvpn-client-export/readme.txt b/config/openvpn-client-export/readme.txt new file mode 100755 index 00000000..c1c0e3b7 --- /dev/null +++ b/config/openvpn-client-export/readme.txt @@ -0,0 +1,44 @@ +pfSense OpenVPN Client Export Package
+-------------------------------------
+
+This package includes a webConfigurator interface that allows for easy
+expory of user based OpenVPN configurations and pre-configured windows
+installer packages.
+
+Contents
+--------
+client-export - tgz archive root path
+client-export/vpn_openvpn_export.php - pfSense php interface code
+client-export/template - installer template path
+client-export/template/7zS.sfx - 7zip windows self extractor
+client-export/template/config-import - 7zip sfx configuration
+client-export/template/config-standard - 7zip sfx configuration
+client-export/template/procchain.exe - process chain utility
+client-export/template/openvpn-install.exe - openvpn installer
+client-export/template/openvpn-postinstall.exe - post installer
+client-export/template/procchain-import - procchain configuration
+client-export/template/procchain-standard - procchain configuration
+client-export/template/config - OpenVPN configuration import path
+source/openvpn-postinstall.nsi - post install NSIS script
+source/openvpn-postinstall.ico - post install icon
+source/procchain.cpp - C++ source for process chain utility
+openvpn-client-export.inc - pfSense php pagkage include file
+openvpn-client-export.xml - pfSense xml package description
+
+Configuration
+-------------
+Before the package can be used, place the OpenVPN installer of your
+choice in the template directory and name it 'openvpn-install.exe'.
+Then use tar to archive the entire client-export directory from the
+root package directory using the following command ...
+
+tar zcvf openvpn-client-export.tgz client-export
+
+With the archive created, you will have three relevent files in the
+root package directory ...
+
+openvpn-client-export.inc
+openvpn-client-export.tgz
+openvpn-client-export.xml
+
+These files are the only files required for distribution.
diff --git a/config/openvpn-client-export/source/openvpn-postinstall.ico b/config/openvpn-client-export/source/openvpn-postinstall.ico Binary files differnew file mode 100755 index 00000000..03ea0b1d --- /dev/null +++ b/config/openvpn-client-export/source/openvpn-postinstall.ico diff --git a/config/openvpn-client-export/source/openvpn-postinstall.nsi b/config/openvpn-client-export/source/openvpn-postinstall.nsi new file mode 100755 index 00000000..d23ecdb4 --- /dev/null +++ b/config/openvpn-client-export/source/openvpn-postinstall.nsi @@ -0,0 +1,112 @@ +;--------------------------------
+; OpenVPN NSIS Post-Installer
+;--------------------------------
+
+;--------------------------------
+;Include Modern UI
+
+ !include "MUI.nsh"
+ !include "FileFunc.nsh"
+ !include "LogicLib.nsh"
+
+;--------------------------------
+; General
+;--------------------------------
+
+ Name "OpenVPN Configuration"
+ OutFile "openvpn-postinstall.exe"
+ SetCompressor /SOLID lzma
+
+ ShowInstDetails show
+
+;--------------------------------
+;Include Settings
+;--------------------------------
+
+ !define MUI_ICON "openvpn-postinstall.ico"
+ !define MUI_ABORTWARNING
+
+;--------------------------------
+;Pages
+;--------------------------------
+
+ !insertmacro MUI_PAGE_INSTFILES
+ !insertmacro Locate
+ !insertmacro GetParameters
+ !insertmacro GetOptions
+
+;--------------------------------
+;Languages
+;--------------------------------
+
+ !insertmacro MUI_LANGUAGE "English"
+
+;--------------------------------
+;Functions
+;--------------------------------
+
+Function .onInit
+
+ Var /GLOBAL CONFPATH
+ ReadRegStr $CONFPATH HKLM "Software\OpenVPN" "config_dir"
+
+FunctionEnd
+
+Function CopyConfFile
+
+ CopyFiles $R9 $CONFPATH\$R7
+ Push $0
+
+FunctionEnd
+
+Function ImportConfFile
+
+ ExecWait "rundll32.exe cryptext.dll,CryptExtAddPFX $R9"
+ Push $0
+
+FunctionEnd
+
+;--------------------------------
+;Installer Sections
+;--------------------------------
+
+Section "Imort Configuration" SectionImport
+
+ DetailPrint "Installing configuration files ..."
+ ${Locate} ".\config" "/L=F /M=*.ovpn" "CopyConfFile"
+
+ DetailPrint "Installing certificate and key files ..."
+ ${Locate} ".\config" "/L=F /M=*.crt" "CopyConfFile"
+ ${Locate} ".\config" "/L=F /M=*.key" "CopyConfFile"
+
+ ${GetParameters} $R0
+ ${GetOptions} $R0 "/Import" $R1
+ IfErrors p12_copy p12_import
+
+ p12_copy:
+ ${Locate} ".\config" "/L=F /M=*.p12" "CopyConfFile"
+ Goto p12_done
+
+ p12_import:
+ ${Locate} ".\config" "/L=F /M=*.p12" "ImportConfFile"
+ Goto p12_done
+
+ p12_done:
+
+SectionEnd
+
+;--------------------------------
+;Descriptions
+;--------------------------------
+
+ ;Language strings
+ LangString DESC_SectionImport ${LANG_ENGLISH} "Import OpenVPN Configurations and Key Files."
+
+ ;Assign language strings to sections
+ !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN
+ !insertmacro MUI_DESCRIPTION_TEXT ${SectionImport} $(DESC_SectionImport)
+ !insertmacro MUI_FUNCTION_DESCRIPTION_END
+
+;--------------------------------
+; END
+;--------------------------------
diff --git a/config/openvpn-client-export/source/procchain.cpp b/config/openvpn-client-export/source/procchain.cpp new file mode 100755 index 00000000..b95536cc --- /dev/null +++ b/config/openvpn-client-export/source/procchain.cpp @@ -0,0 +1,80 @@ +
+/*
+ * Copyright (c) 2008
+ * Shrew Soft Inc. All rights reserved.
+ *
+ * AUTHOR : Matthew Grooms
+ * mgrooms@shrew.net
+ *
+ */
+
+#include <windows.h>
+#include <stdio.h>
+
+bool runproc( char * path )
+{
+ STARTUPINFO si;
+ memset( &si, 0, sizeof( si ) );
+ si.cb = sizeof( si );
+
+ PROCESS_INFORMATION pi;
+ memset( &pi, 0, sizeof( pi ) );
+
+ // Start the child process.
+ if( !CreateProcess(
+ NULL, // No module name (use command line).
+ path, // Command line.
+ NULL, // Process handle not inheritable.
+ NULL, // Thread handle not inheritable.
+ FALSE, // Set handle inheritance to FALSE.
+ 0, // No creation flags.
+ NULL, // Use parent's environment block.
+ NULL, // Use parent's starting directory.
+ &si, // Pointer to STARTUPINFO structure.
+ &pi ) ) // Pointer to PROCESS_INFORMATION structure.
+ {
+ return false;
+ }
+
+ // Wait until child process exits.
+ WaitForSingleObject( pi.hProcess, INFINITE );
+
+ // Get the exit code
+ DWORD ExitCode;
+ GetExitCodeProcess( pi.hProcess, &ExitCode );
+
+ // Close process and thread handles.
+ CloseHandle( pi.hProcess );
+ CloseHandle( pi.hThread );
+
+ return ( ExitCode == 0 );
+}
+
+int APIENTRY WinMain(
+ HINSTANCE hinstance,
+ HINSTANCE hPrevInstance,
+ LPSTR lpCmdLine,
+ int nCmdShow )
+{
+ FILE * fp;
+ if( fopen_s( &fp, lpCmdLine, "r" ) )
+ return -1;
+
+ while( true )
+ {
+ char cmd[ MAX_PATH ];
+ memset( cmd, 0, MAX_PATH );
+ if( fgets( cmd, MAX_PATH, fp ) == NULL )
+ break;
+
+ char * term = strchr( cmd, '\n' );
+ if( term != NULL )
+ *term = 0;
+
+ if( !runproc( cmd ) )
+ return -2;
+ }
+
+ return 0;
+}
+
|