Compare commits
9 Commits
| Author | SHA1 | Date |
|---|---|---|
graysky
|
5fa9fe5c02 | |
|
graysky
|
5cbf1c8f3b | |
|
graysky
|
6348d0b2bd | |
|
graysky
|
a5e33545e9 | |
|
graysky
|
53a738c728 | |
|
graysky
|
cb19b7ffec | |
|
graysky
|
a506341991 | |
|
graysky
|
16bce04c29 | |
|
graysky
|
17c5440205 |
|
|
@ -0,0 +1,7 @@
|
|||
Copyright (c) 2016-2018 graysky
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
19
README.md
19
README.md
|
|
@ -1,5 +1,8 @@
|
|||
## Overview
|
||||
A simple shell script that creates OpenVPN compatible tunnel profiles in the unified file format. Tested on iOS version 1.0.7 build 199 of OpenVPN Connect and likely works with the Android app as well as the official Linux client.
|
||||
A simple shell script that creates OpenVPN compatible tunnel profiles in the unified file format. Tested on:
|
||||
* Linux OpenVPN version 2.4.6
|
||||
* iOS version 3.0.0.(712) of OpenVPN Connect
|
||||
* Android version 0.6.73 of OpenVPN for Android
|
||||
|
||||
## Usage
|
||||
Invoke the script with 5 tokens and the profile is outputted to stdout.
|
||||
|
|
@ -11,12 +14,20 @@ Invoke the script with 5 tokens and the profile is outputted to stdout.
|
|||
6. Optionally define a port number (defaults to 1194 if left blank).
|
||||
7. Optionally define a protocol (defaults to udp if left blank).
|
||||
|
||||
### Example
|
||||
### Example (run as root) using all 7 arguments to setup a profile working port 443 using TCP
|
||||
```
|
||||
sudo ./ovpngen titty.nipples.org /etc/easy-rsa/pki/ca.crt /etc/easy-rsa/pki/issued/client.crt /etc/easy-rsa/pki/private/client.key /etc/openvpn/ta.key > myprofile.ovpn
|
||||
CLIENT=foo
|
||||
|
||||
./ovpngen nipple.titty.org \
|
||||
/etc/openvpn/server/ca.crt \
|
||||
/etc/easy-rsa/pki/signed/$CLIENT.crt \
|
||||
/etc/easy-rsa/pki/private/$CLIENT.key \
|
||||
/etc/openvpn/server/ta.key \
|
||||
443 \
|
||||
tcp > $CLIENT.ovpn
|
||||
```
|
||||
|
||||
The resulting myprofile.ovpn can be edited if desired.
|
||||
The resulting foo.ovpn may need to be edited. Pay attention to the commented lines!
|
||||
|
||||
### Credit
|
||||
Majority of the credit goes to the script's original author, [trovao](https://github.com/trovao). His version can be found [here](https://gist.github.com/trovao/18e428b5a758df24455b).
|
||||
|
|
|
|||
81
ovpngen
81
ovpngen
|
|
@ -1,32 +1,56 @@
|
|||
#!/bin/sh
|
||||
#!/bin/bash
|
||||
|
||||
## Tested and works with OpenVPN Connect 1.0.7 build 199 (iOS 64-bit) on iOS 9.3.3
|
||||
## Tested and works with OpenVPN Connect 1.2.9 build 0 (iOS 64-bit) on iOS 11.4.1
|
||||
##
|
||||
## Majority of the credit goes to the script's original author, trovao
|
||||
## Link to original script: https://gist.github.com/trovao/18e428b5a758df24455b
|
||||
|
||||
if [[ -z ${1} ]]; then
|
||||
echo "Usage: $0 SERVER CA_CERT CLIENT_CERT CLIENT_KEY SHARED_SECRET PORT PROTO"
|
||||
echo
|
||||
echo "The first 5 tokens are required while the last are optional"
|
||||
echo " SERVER = Fully qualified domain name"
|
||||
echo " CA_CERT = Full path to the CA cert"
|
||||
echo " CLIENT_CERT = Full path to the client cert"
|
||||
echo " CLIENT_KEY = Full path to the client private key"
|
||||
echo " SHARED_SECRET = Full path to the server TLS shared secret key"
|
||||
echo " PORT = Port number (defaults to 1194 if left blank)"
|
||||
echo " PROTO = Protocol (defaults to udp if left blank)"
|
||||
echo
|
||||
echo "For example:"
|
||||
echo "ovpngen titty.nipples.org /etc/easy-rsa/pki/ca.crt /etc/easy-rsa/pki/issued/client.crt /etc/easy-rsa/pki/private/client.key /etc/openvpn/ta.key > iphone.ovpn"
|
||||
exit 0
|
||||
fi
|
||||
usage() {
|
||||
echo "Usage: $0 SERVER CA_CERT CLIENT_CERT CLIENT_KEY SHARED_SECRET PORT PROTO"
|
||||
echo
|
||||
cat << EOF
|
||||
The first 5 tokens are required while the last are optional
|
||||
SERVER = Fully qualified domain name
|
||||
CA_CERT = Full path to the CA cert
|
||||
CLIENT_CERT = Full path to the client cert
|
||||
CLIENT_KEY = Full path to the client private key
|
||||
SHARED_SECRET = Full path to the server TLS shared secret key
|
||||
PORT = Port number (defaults to 1194 if left blank)
|
||||
PROTO = Protocol (defaults to udp if left blank)
|
||||
EOF
|
||||
echo
|
||||
echo 'For example:'
|
||||
echo
|
||||
echo 'CLIENT=jason'
|
||||
echo "$0 my.openvpn-server.com \\"
|
||||
echo ' /etc/openvpn/server/ca.crt \'
|
||||
echo ' /etc/easy-rsa/pki/signed/$CLIENT.crt \'
|
||||
echo ' /etc/easy-rsa/pki/private/$CLIENT.key \'
|
||||
echo ' /etc/openvpn/server/ta.key > $CLIENT.ovpn'
|
||||
exit 0
|
||||
}
|
||||
|
||||
[[ -z "$1" ]] && usage
|
||||
|
||||
server=${1?"The server address is required"}
|
||||
cacert=${2?"The path to the ca certificate file is required"}
|
||||
client_cert=${3?"The path to the client certificate file is required"}
|
||||
client_key=${4?"The path to the client private key file is required"}
|
||||
tls_key=${5?"The path to the TLS shared secret file is required"}
|
||||
|
||||
# test for readable files
|
||||
for i in "$cacert" "$client_cert" "$client_key" "$tls_key"; do
|
||||
[[ -f "$i" ]] || {
|
||||
echo " I cannot find $i on the filesystem."
|
||||
echo " This could be due to permissions or that you did not define the full path correctly."
|
||||
echo " Check the path and try again."
|
||||
exit 1
|
||||
}
|
||||
[[ -r "$i" ]] || {
|
||||
echo " I cannot read $i. Try invoking $0 as root."
|
||||
exit 1
|
||||
}
|
||||
done
|
||||
[[ -z "$6" ]] && port=1194 || port="$6"
|
||||
[[ -z "$7" ]] && proto='udp' || proto="$7"
|
||||
|
||||
|
|
@ -39,31 +63,38 @@ nobind
|
|||
persist-key
|
||||
persist-tun
|
||||
verb 3
|
||||
# optionally uncomment and change to exactly match the values specified
|
||||
# in /etc/openvpn/server.conf
|
||||
###
|
||||
### optionally uncomment and change both the cipher and auth lines to EXACTLY
|
||||
### match the values specified in ${server}
|
||||
#cipher AES-256-CBC
|
||||
#auth SHA512
|
||||
comp-lzo
|
||||
###
|
||||
### scroll down and optionally change the <tls-auth> tag set to <tls-crypt>
|
||||
### to match how the server is configured since these options are mutually
|
||||
### exclusive!
|
||||
###
|
||||
remote-cert-tls server
|
||||
key-direction 1
|
||||
<ca>
|
||||
EOF
|
||||
cat ${cacert}
|
||||
cat "${cacert}"
|
||||
cat << EOF
|
||||
</ca>
|
||||
<cert>
|
||||
EOF
|
||||
cat ${client_cert}
|
||||
cat "${client_cert}"
|
||||
cat << EOF
|
||||
</cert>
|
||||
<key>
|
||||
EOF
|
||||
cat ${client_key}
|
||||
cat "${client_key}"
|
||||
cat << EOF
|
||||
</key>
|
||||
<tls-auth>
|
||||
EOF
|
||||
cat ${tls_key}
|
||||
cat "${tls_key}"
|
||||
cat << EOF
|
||||
</tls-auth>
|
||||
EOF
|
||||
|
||||
# vim:set ts=2 sw=2 et:
|
||||
|
|
|
|||
Loading…
Reference in New Issue