ovpn-key 0.7.2 → 0.7.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +8 -4
- data/bin/ovpn-key +11 -2
- data/defaults/ovpn-key.yml +1 -0
- data/lib/functions.rb +2 -2
- data/lib/version.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f3c5c58642f5c151172f602aa1b0182ecf8f45239b5de9c03aca65e9923e2b15
|
|
4
|
+
data.tar.gz: b19dbc262c6a83c41f01152b90583afb09a9823a3b4689938ba455429ecba4b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a4f9f7bad183e3b5360dfc4e1d70320a7fcaa2ed2590060cf6f86049a1a3789308a4036d6dae2d10feaf304df657677cb42019cbd8efcfc376575680066c1a12
|
|
7
|
+
data.tar.gz: 3b03ffa591731f274e90ed97be56fcce4c1a196c2384f8347f52d2c13e554754d2533b653d485656aa79b00cad1c2fa950c9b96f79a9c7fdbc2429b17d375006
|
data/README.md
CHANGED
|
@@ -12,9 +12,12 @@ It supports encrypting `.key` files with a passphrase (there is an option to dis
|
|
|
12
12
|
|
|
13
13
|
It can be used with a non-self signed CA, just place your `ca.key` and `ca.crt` in the keys directory and skip the `--ca` step.
|
|
14
14
|
|
|
15
|
-
It can be used to manage a non-OpenVPN CA, in that case `--zip`
|
|
15
|
+
It can be used to manage a non-OpenVPN CA, in that case `--zip` and `--static` steps will be useless, but all others will work.
|
|
16
16
|
|
|
17
|
-
|
|
17
|
+
OpenVPN static keys are supported partially, as they should be used for `tls-auth`/`tls-crypt` only.
|
|
18
|
+
Please note that they are not encrypted regardless of `--nopass` option.
|
|
19
|
+
|
|
20
|
+
For now this utility should be considered experimental and rather undocumented.
|
|
18
21
|
If you're brave, [let me know](https://github.com/chillum/ovpn-key/issues), where the problems are.
|
|
19
22
|
|
|
20
23
|
### Installation
|
|
@@ -27,11 +30,12 @@ If you're brave, [let me know](https://github.com/chillum/ovpn-key/issues), wher
|
|
|
27
30
|
1. `ovpn-key --init`
|
|
28
31
|
2. edit `ovpn-key.yml` and `openssl.ini`
|
|
29
32
|
3. `ovpn-key --ca --dh --server --nopass`
|
|
30
|
-
4. `ovpn-key --client somebody`
|
|
33
|
+
4. `ovpn-key --client somebody [--nopass]`
|
|
31
34
|
5. `ovpn-key --revoke somebody`
|
|
32
35
|
6. add a file with `.ovpn` extension to the directory
|
|
33
36
|
it should contain every setting except for `cert` and `key`
|
|
34
|
-
7. `ovpn-key --zip somebody-else`
|
|
37
|
+
7. `ovpn-key --zip somebody-else [--nopass]`
|
|
38
|
+
8. `ovpn-key --static` (generates `ta.key`)
|
|
35
39
|
|
|
36
40
|
### Configuration
|
|
37
41
|
|
data/bin/ovpn-key
CHANGED
|
@@ -23,6 +23,10 @@ OptionParser.new do |opts|
|
|
|
23
23
|
# it's safe to overwrite this file
|
|
24
24
|
options[:generate_dh] = v
|
|
25
25
|
end
|
|
26
|
+
opts.on("--static [name]", "Generate OpenVPN static key (defaults to 'ta')") do |v|
|
|
27
|
+
options[:generate_static] = v ? v : "ta"
|
|
28
|
+
check_crt(options[:generate_static])
|
|
29
|
+
end
|
|
26
30
|
opts.on("--server [name]", "Generate a server key (defaults to 'server')") do |v|
|
|
27
31
|
options[:generate_server] = v ? v : "server"
|
|
28
32
|
check_crt(options[:generate_server])
|
|
@@ -46,8 +50,8 @@ end.parse!
|
|
|
46
50
|
if ARGV.length > 0
|
|
47
51
|
abort "Error: invalid args: #{ARGV.join ' '}\nSee `#{File.basename $0} -h` for help"
|
|
48
52
|
end
|
|
49
|
-
unless options[:init] || options[:generate_ca] || options[:generate_dh] || options[:
|
|
50
|
-
|| options[:generate_client] || options[:generate_zip] || options[:revoke]
|
|
53
|
+
unless options[:init] || options[:generate_ca] || options[:generate_dh] || options[:generate_static] \
|
|
54
|
+
|| options[:generate_server] || options[:generate_client] || options[:generate_zip] || options[:revoke]
|
|
51
55
|
abort "See `#{File.basename $0} -h` for usage"
|
|
52
56
|
end
|
|
53
57
|
if options[:generate_client] and options[:generate_zip]
|
|
@@ -83,6 +87,7 @@ rescue Errno::ENOENT
|
|
|
83
87
|
abort "Run `#{File.basename $0} --init` before generating certificates"
|
|
84
88
|
end
|
|
85
89
|
ZIP_DIR = settings['zip_dir'] || '~'
|
|
90
|
+
OPENVPN = settings['openvpn'] || 'openvpn'
|
|
86
91
|
OPENSSL = settings['openssl'] || 'openssl'
|
|
87
92
|
KEY_SIZE = settings['key_size'] || 2048
|
|
88
93
|
ENCRYPT = settings['encrypt'] || 'aes128'
|
|
@@ -97,6 +102,9 @@ end
|
|
|
97
102
|
if options[:generate_dh]
|
|
98
103
|
exe "#{OPENSSL} dhparam -out dh.pem #{KEY_SIZE}"
|
|
99
104
|
end
|
|
105
|
+
if options[:generate_static]
|
|
106
|
+
exe "#{OPENVPN} --genkey --secret '#{options[:generate_static]}.key'"
|
|
107
|
+
end
|
|
100
108
|
if options[:generate_server]
|
|
101
109
|
gen_and_sign('server', options[:generate_server], options[:no_password])
|
|
102
110
|
end
|
|
@@ -127,6 +135,7 @@ if options[:generate_zip]
|
|
|
127
135
|
[ 'ca.crt', "#{options[:generate_zip]}.crt", "#{options[:generate_zip]}.key"].each {|i|
|
|
128
136
|
zip.add(i, i)
|
|
129
137
|
}
|
|
138
|
+
# TODO: include TLS key if specified in config with tls-auth/tls-crypt
|
|
130
139
|
end
|
|
131
140
|
end
|
|
132
141
|
if options[:revoke]
|
data/defaults/ovpn-key.yml
CHANGED
data/lib/functions.rb
CHANGED
|
@@ -20,9 +20,9 @@ end
|
|
|
20
20
|
|
|
21
21
|
def gen_key type, certname, no_password
|
|
22
22
|
if no_password
|
|
23
|
-
exe "#{OPENSSL} genrsa -out '#{certname}.key' #{KEY_SIZE}
|
|
23
|
+
exe "#{OPENSSL} genrsa -out '#{certname}.key' #{KEY_SIZE}"
|
|
24
24
|
else
|
|
25
|
-
exe "#{OPENSSL} genrsa -#{ENCRYPT} -out '#{certname}.key' #{KEY_SIZE}
|
|
25
|
+
exe "#{OPENSSL} genrsa -#{ENCRYPT} -out '#{certname}.key' #{KEY_SIZE}"
|
|
26
26
|
end
|
|
27
27
|
end
|
|
28
28
|
|
data/lib/version.rb
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
::Version = '0.7.
|
|
1
|
+
::Version = '0.7.3'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ovpn-key
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Vasily Korytov
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-12-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rubyzip
|
|
@@ -24,7 +24,8 @@ dependencies:
|
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '1.2'
|
|
27
|
-
description:
|
|
27
|
+
description: Generates and revokes certificates, also packs them to ZIP files with
|
|
28
|
+
OpenVPN configuration
|
|
28
29
|
email: vasily.korytov@icloud.com
|
|
29
30
|
executables:
|
|
30
31
|
- ovpn-key
|
|
@@ -61,7 +62,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
61
62
|
version: '0'
|
|
62
63
|
requirements: []
|
|
63
64
|
rubyforge_project:
|
|
64
|
-
rubygems_version: 2.7.
|
|
65
|
+
rubygems_version: 2.7.7
|
|
65
66
|
signing_key:
|
|
66
67
|
specification_version: 4
|
|
67
68
|
summary: Key management utility for OpenVPN
|