From e27491c9f1609c76e4189806386ef45071efef1d Mon Sep 17 00:00:00 2001 From: jim-p Date: Sun, 1 Jul 2012 15:40:52 -0400 Subject: Add inline config format that the openvpn client for android likes (ca, cert, key, tls-auth inside single config file) to the export package. --- .../openvpn-client-export.inc | 105 +++++++++++++-------- 1 file changed, 65 insertions(+), 40 deletions(-) (limited to 'config/openvpn-client-export/openvpn-client-export.inc') diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 1852be46..c2082374 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -227,17 +227,28 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $prefix = openvpn_client_export_prefix($srvid); $cafile = "{$prefix}-ca.crt"; if($nokeys == false) { - if ($usetoken) { + if ($expformat == "inline") { + $conf .= "ca [inline]{$nl}"; + $conf .= "cert [inline]{$nl}"; + $conf .= "key [inline]{$nl}"; + } elseif ($usetoken) { $conf .= "ca {$cafile}{$nl}"; $conf .= "cryptoapicert \"SUBJ:{$user['name']}\"{$nl}"; } else { $conf .= "pkcs12 {$prefix}.p12{$nl}"; } - } else if ($settings['mode'] == "server_user") - $conf .= "ca {$cafile}{$nl}"; + } else if ($settings['mode'] == "server_user") { + if ($expformat == "inline") + $conf .= "ca [inline]{$nl}"; + else + $conf .= "ca {$cafile}{$nl}"; + } if ($settings['tls'] && !$skiptls) { - $conf .= "tls-auth {$prefix}-tls.key 1{$nl}"; + if ($expformat == "inline") + $conf .= "tls-auth [inline] 1{$nl}"; + else + $conf .= "tls-auth {$prefix}-tls.key 1{$nl}"; } // Prevent MITM attacks by verifying the server certificate. @@ -264,42 +275,56 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= $advancedoptions; $conf .= $nl; - if ($expformat == "zip") { - // create template directory - $tempdir = "{$g['tmp_path']}/{$prefix}"; - mkdir($tempdir, 0700, true); - - file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf); - - $cafile = "{$tempdir}/{$cafile}"; - file_put_contents("{$cafile}", base64_decode($server_ca['crt'])); - if ($settings['tls']) { - $tlsfile = "{$tempdir}/{$prefix}-tls.key"; - file_put_contents($tlsfile, base64_decode($settings['tls'])); - } - - // write key files - if ($settings['mode'] != "server_user") { - $crtfile = "{$tempdir}/{$prefix}-cert.crt"; - file_put_contents($crtfile, base64_decode($cert['crt'])); - $keyfile = "{$tempdir}/{$prefix}.key"; - file_put_contents($keyfile, base64_decode($cert['prv'])); - - // convert to pkcs12 format - $p12file = "{$tempdir}/{$prefix}.p12"; - if ($usetoken) - openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); - else - openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); - - } - exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}"); - - // Remove temporary directory - exec("rm -rf {$tempdir}"); - return $g['tmp_path'] . "/{$prefix}-config.zip"; - } else - return $conf; + switch ($expformat) { + case "zip": + // create template directory + $tempdir = "{$g['tmp_path']}/{$prefix}"; + mkdir($tempdir, 0700, true); + + file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf); + + $cafile = "{$tempdir}/{$cafile}"; + file_put_contents("{$cafile}", base64_decode($server_ca['crt'])); + if ($settings['tls']) { + $tlsfile = "{$tempdir}/{$prefix}-tls.key"; + file_put_contents($tlsfile, base64_decode($settings['tls'])); + } + + // write key files + if ($settings['mode'] != "server_user") { + $crtfile = "{$tempdir}/{$prefix}-cert.crt"; + file_put_contents($crtfile, base64_decode($cert['crt'])); + $keyfile = "{$tempdir}/{$prefix}.key"; + file_put_contents($keyfile, base64_decode($cert['prv'])); + + // convert to pkcs12 format + $p12file = "{$tempdir}/{$prefix}.p12"; + if ($usetoken) + openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); + else + openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); + } + exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}"); + // Remove temporary directory + exec("rm -rf {$tempdir}"); + return $g['tmp_path'] . "/{$prefix}-config.zip"; + break; + case "inline": + // Inline CA + $conf .= "{$nl}" . base64_decode($server_ca['crt']) . "{$nl}"; + if ($settings['mode'] != "server_user") { + // Inline Cert + $conf .= "{$nl}" . base64_decode($cert['crt']) . "{$nl}"; + // Inline Key + $conf .= "{$nl}" . base64_decode($cert['prv']) . "{$nl}"; + } + // Inline TLS + if ($settings['tls']) { + $conf .= "{$nl}" . base64_decode($settings['tls']) . "{$nl} key-direction 1{$nl}"; + } + default: + return $conf; + } } function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) { -- cgit v1.2.3