ovpn-key 0.7.2 → 0.7.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +8 -4
- data/bin/ovpn-key +11 -2
- data/defaults/ovpn-key.yml +1 -0
- data/lib/functions.rb +2 -2
- data/lib/version.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f3c5c58642f5c151172f602aa1b0182ecf8f45239b5de9c03aca65e9923e2b15
|
|
4
|
+
data.tar.gz: b19dbc262c6a83c41f01152b90583afb09a9823a3b4689938ba455429ecba4b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a4f9f7bad183e3b5360dfc4e1d70320a7fcaa2ed2590060cf6f86049a1a3789308a4036d6dae2d10feaf304df657677cb42019cbd8efcfc376575680066c1a12
|
|
7
|
+
data.tar.gz: 3b03ffa591731f274e90ed97be56fcce4c1a196c2384f8347f52d2c13e554754d2533b653d485656aa79b00cad1c2fa950c9b96f79a9c7fdbc2429b17d375006
|
data/README.md
CHANGED
|
@@ -12,9 +12,12 @@ It supports encrypting `.key` files with a passphrase (there is an option to dis
|
|
|
12
12
|
|
|
13
13
|
It can be used with a non-self signed CA, just place your `ca.key` and `ca.crt` in the keys directory and skip the `--ca` step.
|
|
14
14
|
|
|
15
|
-
It can be used to manage a non-OpenVPN CA, in that case `--zip`
|
|
15
|
+
It can be used to manage a non-OpenVPN CA, in that case `--zip` and `--static` steps will be useless, but all others will work.
|
|
16
16
|
|
|
17
|
-
|
|
17
|
+
OpenVPN static keys are supported partially, as they should be used for `tls-auth`/`tls-crypt` only.
|
|
18
|
+
Please note that they are not encrypted regardless of `--nopass` option.
|
|
19
|
+
|
|
20
|
+
For now this utility should be considered experimental and rather undocumented.
|
|
18
21
|
If you're brave, [let me know](https://github.com/chillum/ovpn-key/issues), where the problems are.
|
|
19
22
|
|
|
20
23
|
### Installation
|
|
@@ -27,11 +30,12 @@ If you're brave, [let me know](https://github.com/chillum/ovpn-key/issues), wher
|
|
|
27
30
|
1. `ovpn-key --init`
|
|
28
31
|
2. edit `ovpn-key.yml` and `openssl.ini`
|
|
29
32
|
3. `ovpn-key --ca --dh --server --nopass`
|
|
30
|
-
4. `ovpn-key --client somebody`
|
|
33
|
+
4. `ovpn-key --client somebody [--nopass]`
|
|
31
34
|
5. `ovpn-key --revoke somebody`
|
|
32
35
|
6. add a file with `.ovpn` extension to the directory
|
|
33
36
|
it should contain every setting except for `cert` and `key`
|
|
34
|
-
7. `ovpn-key --zip somebody-else`
|
|
37
|
+
7. `ovpn-key --zip somebody-else [--nopass]`
|
|
38
|
+
8. `ovpn-key --static` (generates `ta.key`)
|
|
35
39
|
|
|
36
40
|
### Configuration
|
|
37
41
|
|
data/bin/ovpn-key
CHANGED
|
@@ -23,6 +23,10 @@ OptionParser.new do |opts|
|
|
|
23
23
|
# it's safe to overwrite this file
|
|
24
24
|
options[:generate_dh] = v
|
|
25
25
|
end
|
|
26
|
+
opts.on("--static [name]", "Generate OpenVPN static key (defaults to 'ta')") do |v|
|
|
27
|
+
options[:generate_static] = v ? v : "ta"
|
|
28
|
+
check_crt(options[:generate_static])
|
|
29
|
+
end
|
|
26
30
|
opts.on("--server [name]", "Generate a server key (defaults to 'server')") do |v|
|
|
27
31
|
options[:generate_server] = v ? v : "server"
|
|
28
32
|
check_crt(options[:generate_server])
|
|
@@ -46,8 +50,8 @@ end.parse!
|
|
|
46
50
|
if ARGV.length > 0
|
|
47
51
|
abort "Error: invalid args: #{ARGV.join ' '}\nSee `#{File.basename $0} -h` for help"
|
|
48
52
|
end
|
|
49
|
-
unless options[:init] || options[:generate_ca] || options[:generate_dh] || options[:
|
|
50
|
-
|| options[:generate_client] || options[:generate_zip] || options[:revoke]
|
|
53
|
+
unless options[:init] || options[:generate_ca] || options[:generate_dh] || options[:generate_static] \
|
|
54
|
+
|| options[:generate_server] || options[:generate_client] || options[:generate_zip] || options[:revoke]
|
|
51
55
|
abort "See `#{File.basename $0} -h` for usage"
|
|
52
56
|
end
|
|
53
57
|
if options[:generate_client] and options[:generate_zip]
|
|
@@ -83,6 +87,7 @@ rescue Errno::ENOENT
|
|
|
83
87
|
abort "Run `#{File.basename $0} --init` before generating certificates"
|
|
84
88
|
end
|
|
85
89
|
ZIP_DIR = settings['zip_dir'] || '~'
|
|
90
|
+
OPENVPN = settings['openvpn'] || 'openvpn'
|
|
86
91
|
OPENSSL = settings['openssl'] || 'openssl'
|
|
87
92
|
KEY_SIZE = settings['key_size'] || 2048
|
|
88
93
|
ENCRYPT = settings['encrypt'] || 'aes128'
|
|
@@ -97,6 +102,9 @@ end
|
|
|
97
102
|
if options[:generate_dh]
|
|
98
103
|
exe "#{OPENSSL} dhparam -out dh.pem #{KEY_SIZE}"
|
|
99
104
|
end
|
|
105
|
+
if options[:generate_static]
|
|
106
|
+
exe "#{OPENVPN} --genkey --secret '#{options[:generate_static]}.key'"
|
|
107
|
+
end
|
|
100
108
|
if options[:generate_server]
|
|
101
109
|
gen_and_sign('server', options[:generate_server], options[:no_password])
|
|
102
110
|
end
|
|
@@ -127,6 +135,7 @@ if options[:generate_zip]
|
|
|
127
135
|
[ 'ca.crt', "#{options[:generate_zip]}.crt", "#{options[:generate_zip]}.key"].each {|i|
|
|
128
136
|
zip.add(i, i)
|
|
129
137
|
}
|
|
138
|
+
# TODO: include TLS key if specified in config with tls-auth/tls-crypt
|
|
130
139
|
end
|
|
131
140
|
end
|
|
132
141
|
if options[:revoke]
|
data/defaults/ovpn-key.yml
CHANGED
data/lib/functions.rb
CHANGED
|
@@ -20,9 +20,9 @@ end
|
|
|
20
20
|
|
|
21
21
|
def gen_key type, certname, no_password
|
|
22
22
|
if no_password
|
|
23
|
-
exe "#{OPENSSL} genrsa -out '#{certname}.key' #{KEY_SIZE}
|
|
23
|
+
exe "#{OPENSSL} genrsa -out '#{certname}.key' #{KEY_SIZE}"
|
|
24
24
|
else
|
|
25
|
-
exe "#{OPENSSL} genrsa -#{ENCRYPT} -out '#{certname}.key' #{KEY_SIZE}
|
|
25
|
+
exe "#{OPENSSL} genrsa -#{ENCRYPT} -out '#{certname}.key' #{KEY_SIZE}"
|
|
26
26
|
end
|
|
27
27
|
end
|
|
28
28
|
|
data/lib/version.rb
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
::Version = '0.7.
|
|
1
|
+
::Version = '0.7.3'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ovpn-key
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Vasily Korytov
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-12-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rubyzip
|
|
@@ -24,7 +24,8 @@ dependencies:
|
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '1.2'
|
|
27
|
-
description:
|
|
27
|
+
description: Generates and revokes certificates, also packs them to ZIP files with
|
|
28
|
+
OpenVPN configuration
|
|
28
29
|
email: vasily.korytov@icloud.com
|
|
29
30
|
executables:
|
|
30
31
|
- ovpn-key
|
|
@@ -61,7 +62,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
61
62
|
version: '0'
|
|
62
63
|
requirements: []
|
|
63
64
|
rubyforge_project:
|
|
64
|
-
rubygems_version: 2.7.
|
|
65
|
+
rubygems_version: 2.7.7
|
|
65
66
|
signing_key:
|
|
66
67
|
specification_version: 4
|
|
67
68
|
summary: Key management utility for OpenVPN
|