Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[5956] branches/1.0
|
From: <abe...@us...> - 2013-02-15 18:40:42
|
Revision: 5956
http://astlinux.svn.sourceforge.net/astlinux/?rev=5956&view=rev
Author: abelbeck
Date: 2013-02-15 18:40:33 +0000 (Fri, 15 Feb 2013)
Log Message:
-----------
web interface, OpenVPN Server sub-tab, add 'client.ovpn' certificate profile file in zip download
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php
branches/1.0/package/webinterface/altweb/admin/openvpn.php
branches/1.0/package/webinterface/altweb/admin/siptlscert.php
branches/1.0/package/webinterface/altweb/common/openssl.php
branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
Modified: branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php 2013-02-14 21:33:03 UTC (rev 5955)
+++ branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php 2013-02-15 18:40:33 UTC (rev 5956)
@@ -334,9 +334,9 @@
$p12pass = opensslRANDOMpass(12);
if (($p12 = opensslPKCS12str($openssl, $value, $p12pass)) !== '') {
$zip->addFromString($value.'/'.$value.'.p12', $p12);
- $zip->addFromString($value.'/README.txt', opensslREADMEstr(TRUE, $value, $p12pass));
+ $zip->addFromString($value.'/README.txt', opensslREADMEstr('p12', $value, $p12pass));
} else {
- $zip->addFromString($value.'/README.txt', opensslREADMEstr(FALSE, $value, $p12pass));
+ $zip->addFromString($value.'/README.txt', opensslREADMEstr('', $value, $p12pass));
}
$zip->close();
Modified: branches/1.0/package/webinterface/altweb/admin/openvpn.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/openvpn.php 2013-02-14 21:33:03 UTC (rev 5955)
+++ branches/1.0/package/webinterface/altweb/admin/openvpn.php 2013-02-15 18:40:33 UTC (rev 5956)
@@ -120,6 +120,25 @@
'subnet' => '[subnet] latest, requires OpenVPN 2.1+ clients'
);
+// Function: get_HOSTNAME_DOMAIN
+//
+function get_HOSTNAME_DOMAIN() {
+ $hostname_domain = '';
+
+ // System location of gui.network.conf file
+ $NETCONFFILE = '/mnt/kd/rc.conf.d/gui.network.conf';
+
+ if (is_file($NETCONFFILE)) {
+ $netvars = parseRCconf($NETCONFFILE);
+ if (($hostname = getVARdef($netvars, 'HOSTNAME')) !== '') {
+ if (($domain = getVARdef($netvars, 'DOMAIN')) !== '') {
+ $hostname_domain = $hostname.'.'.$domain;
+ }
+ }
+ }
+ return($hostname_domain);
+}
+
// Function: saveOVPNsettings
//
function saveOVPNsettings($conf_dir, $conf_file, $disabled = NULL) {
@@ -162,6 +181,9 @@
$value = 'OVPN_TUNNEL_HOSTS="'.trim($_POST['tunnel_external_hosts']).'"';
fwrite($fp, "### Allowed External Hosts\n".$value."\n");
+ $value = 'OVPN_HOSTNAME="'.trim($_POST['server_hostname']).'"';
+ fwrite($fp, "### Server Hostname\n".$value."\n");
+
$value = 'OVPN_SERVER="'.trim($_POST['server']).'"';
fwrite($fp, "### Server IPv4 Network\n".$value."\n");
@@ -261,6 +283,53 @@
return(TRUE);
}
+// Function: ovpnProfile
+//
+function ovpnProfile($db, $ca_file) {
+
+ $default = array (
+ 'client',
+ 'ns-cert-type server',
+ 'nobind',
+ 'persist-key',
+ 'persist-tun',
+ 'dev tun',
+ 'verb 3'
+ );
+
+ if (($server_hostname = getVARdef($db, 'OVPN_HOSTNAME')) === '') {
+ $server_hostname = get_HOSTNAME_DOMAIN();
+ }
+ if (($port = getVARdef($db, 'OVPN_PORT')) === '') {
+ return(FALSE);
+ }
+ if (($protocol = substr(getVARdef($db, 'OVPN_PROTOCOL'), 0 , 3)) === '') {
+ return(FALSE);
+ }
+
+ $str = "remote $server_hostname $port $protocol\n";
+
+ $str .= "comp-lzo ".getVARdef($db, 'OVPN_LZO')."\n";
+
+ if (getVARdef($db, 'OVPN_USER_PASS_VERIFY') === 'yes') {
+ $str .= "auth-user-pass\n";
+ $str .= "auth-retry interact\n";
+ $str .= "auth-nocache\n";
+ }
+ if (($cipher = getVARdef($db, 'OVPN_CIPHER')) !== '') {
+ $str .= "cipher $cipher\n";
+ }
+ foreach ($default as $value) {
+ $str .= "$value\n";
+ }
+ if (($caStr = @file_get_contents($ca_file)) !== FALSE) {
+ $str .= "<ca>\n";
+ $str .= $caStr;
+ $str .= "</ca>\n";
+ }
+ return($str);
+}
+
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$result = 1;
if (! $global_admin) {
@@ -356,9 +425,14 @@
$p12pass = opensslRANDOMpass(12);
if (($p12 = opensslPKCS12str($openssl, $value, $p12pass)) !== '') {
$zip->addFromString($value.'/'.$value.'.p12', $p12);
- $zip->addFromString($value.'/README.txt', opensslREADMEstr(TRUE, $value, $p12pass));
+ if (($ovpn = ovpnProfile($db, $openssl['key_dir'].'/ca.crt')) !== FALSE) {
+ $zip->addFromString($value.'/'.$value.'.ovpn', $ovpn);
+ $zip->addFromString($value.'/README.txt', opensslREADMEstr('ovpn', $value, $p12pass));
+ } else {
+ $zip->addFromString($value.'/README.txt', opensslREADMEstr('p12', $value, $p12pass));
+ }
} else {
- $zip->addFromString($value.'/README.txt', opensslREADMEstr(FALSE, $value, $p12pass));
+ $zip->addFromString($value.'/README.txt', opensslREADMEstr('', $value, $p12pass));
}
$zip->close();
@@ -570,6 +644,15 @@
putHtml('</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
+ putHtml('Server Hostname:');
+ putHtml('</td><td style="text-align: left;" colspan="4">');
+ if (($server_hostname = getVARdef($db, 'OVPN_HOSTNAME')) === '') {
+ $server_hostname = get_HOSTNAME_DOMAIN();
+ }
+ putHtml('<input type="text" size="48" maxlength="128" value="'.$server_hostname.'" name="server_hostname" />');
+ putHtml('</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
putHtml('Network IPv4 NM:');
putHtml('</td><td style="text-align: left;" colspan="4">');
if (($value = getVARdef($db, 'OVPN_SERVER')) === '') {
Modified: branches/1.0/package/webinterface/altweb/admin/siptlscert.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/siptlscert.php 2013-02-14 21:33:03 UTC (rev 5955)
+++ branches/1.0/package/webinterface/altweb/admin/siptlscert.php 2013-02-15 18:40:33 UTC (rev 5956)
@@ -193,9 +193,9 @@
// $p12pass = opensslRANDOMpass(12);
// if (($p12 = opensslPKCS12str($openssl, $value, $p12pass)) !== '') {
// $zip->addFromString($value.'/'.$value.'.p12', $p12);
-// $zip->addFromString($value.'/README.txt', opensslREADMEstr(TRUE, $value, $p12pass));
+// $zip->addFromString($value.'/README.txt', opensslREADMEstr('p12', $value, $p12pass));
// } else {
-// $zip->addFromString($value.'/README.txt', opensslREADMEstr(FALSE, $value, $p12pass));
+// $zip->addFromString($value.'/README.txt', opensslREADMEstr('', $value, $p12pass));
// }
$readme = "Asterisk SIP-TLS Server \"".$openssl['dn']['commonName']."\" Credentials.\n\n";
$readme .= "ca.crt - A self-signed Certificate Authority (CA).\n\n";
Modified: branches/1.0/package/webinterface/altweb/common/openssl.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/openssl.php 2013-02-14 21:33:03 UTC (rev 5955)
+++ branches/1.0/package/webinterface/altweb/common/openssl.php 2013-02-15 18:40:33 UTC (rev 5956)
@@ -244,17 +244,20 @@
// Function: opensslREADMEstr()
//
-function opensslREADMEstr($pkcs12, $commonName, $pass) {
+function opensslREADMEstr($type, $commonName, $pass) {
- $readme = 'Client "'.$commonName.'" Credentials'."\n\n";
+ $readme = "Client \"$commonName\" Credentials\n\n";
$readme .= "ca.crt - A self-signed Certificate Authority (CA).\n\n";
- $readme .= $commonName.".crt - This client's public key certificate, signed by ca.crt.\n\n";
- $readme .= $commonName.".key - This client's private key.\n";
- $readme .= "Note: File ".$commonName.".key is not encrypted and must be kept secure.\n\n";
- if ($pkcs12) {
- $readme .= $commonName.".p12 - A password protected PKCS#12 container combining the credentials from the above three files.\n\n";
- $readme .= "PKCS#12 Container Password: ".$pass."\n";
+ $readme .= "$commonName.crt - This client's public key certificate, signed by ca.crt.\n\n";
+ $readme .= "$commonName.key - This client's private key.\n";
+ $readme .= "Note: File '$commonName.key' is not encrypted and must be kept secure.\n\n";
+ if ($type === 'p12' || $type === 'ovpn') {
+ $readme .= "$commonName.p12 - A password protected PKCS#12 container combining the credentials from the above three files.\n\n";
+ $readme .= "PKCS#12 Container Password: $pass\n";
$readme .= "Keep it secure.\n\n";
+ if ($type === 'ovpn') {
+ $readme .= "$commonName.ovpn - OpenVPN certificate profile, use with file '$commonName.p12' for client devices.\n\n";
+ }
}
return($readme);
Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2013-02-14 21:33:03 UTC (rev 5955)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2013-02-15 18:40:33 UTC (rev 5956)
@@ -495,6 +495,7 @@
#OVPN_CERT="/etc/openvpn/easy-rsa/keys/server.crt"
#OVPN_KEY="/etc/openvpn/easy-rsa/keys/server.key"
#OVPN_DH="/etc/openvpn/easy-rsa/keys/dh1024.pem"
+#OVPN_HOSTNAME="vpn.example.com" # DNS name, IPv4 or IPv6 address of OpenVPN Server - Only used by the web interface.
#OVPN_SERVER="10.8.0.0 255.255.255.0"
#OVPN_SERVERV6="2001:db8:108::1/64" # valid OVPN_SERVER also required if defined
#OVPN_TOPOLOGY="subnet" # "net30", "p2p" or "subnet", defaults to OpenVPN default
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
