net-openvpn 0.8 → 0.8.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +21 -6
- data/lib/net/openvpn.rb +1 -0
- data/lib/net/openvpn/generators/keys/base.rb +4 -0
- data/lib/net/openvpn/generators/keys/client.rb +10 -5
- data/lib/net/openvpn/generators/keys/server.rb +11 -5
- data/lib/net/openvpn/version.rb +1 -1
- data/spec/lib/net/openvpn/generators/keys/client_spec.rb +24 -4
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 633bb26e297d2b0e773773ad7fb82dfb9a832789
|
|
4
|
+
data.tar.gz: ab2732d96900e530d1ba279dccafcfb66a864700
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9f3315e63797e7deabc8a7dbb6e82e7ec61b9e54c7e87057ad9bddc45db982904978b8657f098233b958933d22710c54a34498e7b922d8e99a64be0e72803ff5
|
|
7
|
+
data.tar.gz: e98fac962d3b9bccc8faf0d1717937a2f448732e1c8704d30ad5a09566a3ae9aa5b578d9e897cd15e27edd0b2b91bbff99c6340a4e28c80dccdd969f718d4416
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -4,6 +4,8 @@ Net-Openvpn is a gem for configuring a local OpenVPN installation.
|
|
|
4
4
|
|
|
5
5
|
## Requirements
|
|
6
6
|
|
|
7
|
+
You will need these packages.
|
|
8
|
+
|
|
7
9
|
* openvpn
|
|
8
10
|
* easy-rsa
|
|
9
11
|
|
|
@@ -13,9 +15,25 @@ You can install these on Debian based systems by running this command:
|
|
|
13
15
|
apt-get install openvpn easy-rsa
|
|
14
16
|
```
|
|
15
17
|
|
|
18
|
+
### Easy RSA
|
|
19
|
+
|
|
20
|
+
Easy RSA is only needed for key generation, so if you are not doing any of that then you don't need to worry.
|
|
21
|
+
|
|
16
22
|
Sometimes `easy-rsa` is packaged with `openvpn` so if you can't find the `easy-rsa` package anywhere have a
|
|
17
|
-
look in `/usr/share/doc/openvpn/examples` for the `easy-rsa` folder.
|
|
18
|
-
|
|
23
|
+
look in `/usr/share/doc/openvpn/examples` for the `easy-rsa` folder.
|
|
24
|
+
|
|
25
|
+
```sh
|
|
26
|
+
sudo cp /usr/share/doc/openvpn/examples/easy-rsa/2.0 /usr/local/easy-rsa
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
You could also clone the `release/2.x` branch from the `easy-rsa` repo at `https://github.com/OpenVPN/easy-rsa.git` then copy the `easy-rsa/2.0` folder to wherever you want.
|
|
30
|
+
|
|
31
|
+
```sh
|
|
32
|
+
git clone https://github.com/OpenVPN/easy-rsa.git -b release/2.x
|
|
33
|
+
sudo cp easy-rsa/easy-rsa/2.0 /usr/local/easy-rsa
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
Then you can just globally override the property for `:easy_rsa` to specify the location of the scripts folder (see below).
|
|
19
37
|
|
|
20
38
|
## Usage
|
|
21
39
|
|
|
@@ -193,7 +211,6 @@ ca.exist?
|
|
|
193
211
|
|
|
194
212
|
This should generate the following files/folders:
|
|
195
213
|
|
|
196
|
-
* /etc/openvpn/keys
|
|
197
214
|
* /etc/openvpn/keys/ca.crt
|
|
198
215
|
* /etc/openvpn/keys/ca.key
|
|
199
216
|
* /etc/openvpn/keys/dh1024.pem
|
|
@@ -210,7 +227,6 @@ keys.valid? # returns true if the keys are valid in the index
|
|
|
210
227
|
|
|
211
228
|
This should generate the following files/folders:
|
|
212
229
|
|
|
213
|
-
* /etc/openvpn/keys
|
|
214
230
|
* /etc/openvpn/keys/swzvpn04.key
|
|
215
231
|
* /etc/openvpn/keys/swzvpn04.crt
|
|
216
232
|
|
|
@@ -226,7 +242,6 @@ keys.valid? # returns true if the keys are valid in the index
|
|
|
226
242
|
|
|
227
243
|
This should generate the following files/folders:
|
|
228
244
|
|
|
229
|
-
* /etc/openvpn/keys
|
|
230
245
|
* /etc/openvpn/keys/fred.key
|
|
231
246
|
* /etc/openvpn/keys/fred.crt
|
|
232
247
|
|
|
@@ -258,4 +273,4 @@ Then override the following properties in your `/etc/openvpn/props.yml` file:
|
|
|
258
273
|
---
|
|
259
274
|
:key_dir_group: "openvpn"
|
|
260
275
|
:key_dir_permission: 0700
|
|
261
|
-
```
|
|
276
|
+
```
|
data/lib/net/openvpn.rb
CHANGED
|
@@ -3,6 +3,8 @@ module Net
|
|
|
3
3
|
module Generators
|
|
4
4
|
module Keys
|
|
5
5
|
class Base
|
|
6
|
+
attr_reader :props
|
|
7
|
+
|
|
6
8
|
def initialize(name, props)
|
|
7
9
|
@name = name
|
|
8
10
|
@props = Openvpn.props.merge props
|
|
@@ -28,6 +30,8 @@ module Net
|
|
|
28
30
|
# the key index and then checking the pemfile against the crt
|
|
29
31
|
# file.
|
|
30
32
|
def valid?
|
|
33
|
+
return false unless @key_dir.exist?
|
|
34
|
+
|
|
31
35
|
# read the index file
|
|
32
36
|
m = File.read(Openvpn.props[:key_index]).match /^V.*CN=#{@name}.*$/
|
|
33
37
|
|
|
@@ -18,7 +18,7 @@ module Net
|
|
|
18
18
|
@key_dir.exist? or raise Errors::KeyGeneration, "Key directory has not been generated yet"
|
|
19
19
|
Authority.exist? or raise Errors::KeyGeneration, "Certificate Authority has not been created"
|
|
20
20
|
|
|
21
|
-
revoke! if
|
|
21
|
+
revoke! if valid?
|
|
22
22
|
|
|
23
23
|
FileUtils.cd(@props[:easy_rsa]) do
|
|
24
24
|
system "#{cli_prop_vars} ./pkitool #{@name}"
|
|
@@ -32,10 +32,15 @@ module Net
|
|
|
32
32
|
|
|
33
33
|
# Returns an array containing the paths to the generated keys
|
|
34
34
|
def filepaths
|
|
35
|
-
[
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
35
|
+
[ key, certificate ]
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def certificate
|
|
39
|
+
"#{@props[:key_dir]}/#{@name}.crt"
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def key
|
|
43
|
+
"#{@props[:key_dir]}/#{@name}.key"
|
|
39
44
|
end
|
|
40
45
|
|
|
41
46
|
end
|
|
@@ -12,7 +12,7 @@ module Net
|
|
|
12
12
|
@key_dir.exist? or raise Errors::KeyGeneration, "Key directory has not been generated yet"
|
|
13
13
|
Authority.exist? or raise Errors::KeyGeneration, "Certificate Authority has not been created"
|
|
14
14
|
|
|
15
|
-
revoke! if
|
|
15
|
+
revoke! if valid?
|
|
16
16
|
|
|
17
17
|
FileUtils.cd(@props[:easy_rsa]) do
|
|
18
18
|
system "#{cli_prop_vars} ./pkitool --server #{@name}"
|
|
@@ -23,11 +23,17 @@ module Net
|
|
|
23
23
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
+
# Returns an array containing the paths to the generated keys
|
|
26
27
|
def filepaths
|
|
27
|
-
[
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
28
|
+
[ key, certificate ]
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def certificate
|
|
32
|
+
"#{@props[:key_dir]}/#{@name}.crt"
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def key
|
|
36
|
+
"#{@props[:key_dir]}/#{@name}.key"
|
|
31
37
|
end
|
|
32
38
|
|
|
33
39
|
end
|
data/lib/net/openvpn/version.rb
CHANGED
|
@@ -10,10 +10,18 @@ describe Net::Openvpn::Generators::Keys::Client do
|
|
|
10
10
|
before(:each) { setup_filesystem(:tmp) }
|
|
11
11
|
after(:each) { destroy_filesystem(:tmp) }
|
|
12
12
|
|
|
13
|
+
it "should set the CN to the name" do
|
|
14
|
+
expect(client.props[:key_cn]).to eq name
|
|
15
|
+
end
|
|
16
|
+
|
|
13
17
|
context "when a client has not been generated" do
|
|
14
18
|
it "should not exist" do
|
|
15
19
|
expect(client).to_not exist
|
|
16
|
-
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
it "should not be valid" do
|
|
23
|
+
expect(client).to_not be_valid
|
|
24
|
+
end
|
|
17
25
|
end
|
|
18
26
|
|
|
19
27
|
context "when the key directory has not been generated" do
|
|
@@ -58,9 +66,7 @@ describe Net::Openvpn::Generators::Keys::Client do
|
|
|
58
66
|
end
|
|
59
67
|
|
|
60
68
|
context "and the client has been generated" do
|
|
61
|
-
before(:each)
|
|
62
|
-
client.generate
|
|
63
|
-
end
|
|
69
|
+
before(:each) { client.generate }
|
|
64
70
|
|
|
65
71
|
it "should exist" do
|
|
66
72
|
expect(client).to exist
|
|
@@ -69,6 +75,20 @@ describe Net::Openvpn::Generators::Keys::Client do
|
|
|
69
75
|
it "should be valid" do
|
|
70
76
|
expect(client).to be_valid
|
|
71
77
|
end
|
|
78
|
+
|
|
79
|
+
it "should allow revocation" do
|
|
80
|
+
expect(client.revoke!).to be_true
|
|
81
|
+
expect(client).to_not be_valid
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
context "and the common name was changed" do
|
|
85
|
+
let(:name) { "test2" }
|
|
86
|
+
|
|
87
|
+
it "should not be valid" do
|
|
88
|
+
puts client.props
|
|
89
|
+
expect(client).to_not be_valid
|
|
90
|
+
end
|
|
91
|
+
end
|
|
72
92
|
end
|
|
73
93
|
end
|
|
74
94
|
|