ovpnmcgen.rb 0.6.0.pre2 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ChangeLog +1 -1
- data/README.md +33 -9
- data/Rakefile +4 -0
- data/bin/ovpnmcgen.rb +5 -5
- data/config/pre_commit.yml +13 -0
- data/features/gen_basic.feature +1 -1
- data/lib/ovpnmcgen/version.rb +1 -1
- data/ovpnmcgen.rb.gemspec +1 -0
- metadata +19 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bd0b2f4339b1794b85242203dd089e8c9d06e6a4
|
4
|
+
data.tar.gz: '09a598c3fc4b1393135af9868bada7ea087ae4c8'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6805822be455ed2a9466f33b9fe2a37bb7f33a218d83969e9ad267d8e5c18ffa65389e3e8ab1759733c4ed0be6a9295f3afb039010af0b6ea064d3a0c9fa0455
|
7
|
+
data.tar.gz: ebdbfb12e33264706b61a797c04633066869d020714bfa3a9f0c8826da1bf23d686f8d93d2f6ed610819c519d922bb6149dde5ff65dc164d043b9622b50a1cc8
|
data/ChangeLog
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
= 0.6.0 /
|
1
|
+
= 0.6.0 / 2018-01-27
|
2
2
|
* Added support for `EvaluateConnection`, `Domains`, via `--domains`. It will include an `ActionParameters` dict containing `Domains`, and if `--domain-probe-url` is set, also contains `RequiredURLStringProbe`.
|
3
3
|
* Added support for updated bundle identifier (VPNSubType) `net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x), via `--v12compat`.
|
4
4
|
* Added support for `--cert` and `--key` for inline attachment of certificate and key, to workaround bug in OpenVPN Connect 1.2.5.
|
data/README.md
CHANGED
@@ -9,6 +9,16 @@ OpenVPN iOS Configuration Profile Utility
|
|
9
9
|
|
10
10
|
Generates iOS configuration profiles (.mobileconfig) that configures OpenVPN for use with VPN-on-Demand that are not accessible through the Apple Configurator or the iPhone Configuration Utility.
|
11
11
|
|
12
|
+
---
|
13
|
+
|
14
|
+
**OpenVPN Connect (iOS) v1.2.x**:
|
15
|
+
- Breaking changes: enable the `--v12compat` switch.
|
16
|
+
- Bug/workaround: enable the `--cert` & `--key` switches as necessary.
|
17
|
+
|
18
|
+
Refer to [known issues](#known-issues) below for more details.
|
19
|
+
|
20
|
+
---
|
21
|
+
|
12
22
|
Although there are many possible VPN-on-Demand (VoD) triggers, this utility currently only implements `SSIDMatch`, `InterfaceTypeMatch`, and optionally `URLStringProbe`. For 'high' (default) security level, the following algorithm is executed upon network changes, in order:
|
13
23
|
|
14
24
|
- If wireless SSID matches any specified with `--trusted-ssids`, tear down the VPN connection and do not reconnect on demand.
|
@@ -54,8 +64,11 @@ Usage: ovpnmcgen.rb generate [options] <user> <device>
|
|
54
64
|
-p, --port PORT OpenVPN server port. [Default: 1194]
|
55
65
|
--p12file FILE Path to user PKCS#12 file.
|
56
66
|
--p12pass PASSWORD Password to unlock PKCS#12 file.
|
57
|
-
--[no-]vod Enable or Disable VPN-On-Demand.
|
58
|
-
|
67
|
+
--[no-]vod Enable or Disable VPN-On-Demand.
|
68
|
+
When Disabled, sets `vpn-on-demand: 0`, so that OpenVPN Connect can control this profile. [Default: Enabled]
|
69
|
+
--v12compat Enable OpenVPN Connect 1.2.x compatibility.
|
70
|
+
When Enabled, use updated `VPNSubType: net.openvpn.connect.app`
|
71
|
+
(changed since OpenVPN Connect 1.2.x). [Default: Disabled]
|
59
72
|
--security-level LEVEL Security level of VPN-On-Demand Behaviour: paranoid, high, medium. [Default: high]
|
60
73
|
--vpn-uuid UUID Override a VPN configuration payload UUID.
|
61
74
|
--profile-uuid UUID Override a Profile UUID.
|
@@ -125,10 +138,15 @@ However, if there are certain sensitive public sites (or blocked sites) that you
|
|
125
138
|
## Examples
|
126
139
|
|
127
140
|
### Typical Usage
|
128
|
-
$ ovpnmcgen.rb gen --
|
129
|
-
--
|
141
|
+
$ ovpnmcgen.rb gen --v12compat \
|
142
|
+
--trusted-ssids home \
|
143
|
+
--host vpn.example.com \
|
144
|
+
--cafile path/to/ca.pem \
|
145
|
+
--tafile path/to/ta.key \
|
130
146
|
--url-probe http://vpn.example.com/status \
|
131
|
-
--p12file path/to/john-ipad.p12
|
147
|
+
--p12file path/to/john-ipad.p12 \
|
148
|
+
--p12pass p12passphrase \
|
149
|
+
john ipad
|
132
150
|
|
133
151
|
Output:
|
134
152
|
|
@@ -203,7 +221,7 @@ Output:
|
|
203
221
|
<string>DEFAULT</string>
|
204
222
|
</dict>
|
205
223
|
<key>VPNSubType</key>
|
206
|
-
<string>net.openvpn.
|
224
|
+
<string>net.openvpn.connect.app</string>
|
207
225
|
<key>VPNType</key>
|
208
226
|
<string>VPN</string>
|
209
227
|
<key>VendorConfig</key>
|
@@ -282,10 +300,16 @@ Output:
|
|
282
300
|
```
|
283
301
|
|
284
302
|
### Extended Usage
|
285
|
-
$ ovpnmcgen.rb gen --
|
286
|
-
--
|
303
|
+
$ ovpnmcgen.rb gen --v12compat \
|
304
|
+
--trusted-ssids home,school \
|
305
|
+
--untrusted-ssids virusnet \
|
306
|
+
--host vpn.example.com \
|
307
|
+
--cafile path/to/ca.pem \
|
308
|
+
--tafile path/to/ta.key \
|
287
309
|
--url-probe http://vpn.example.com/status \
|
288
|
-
--p12file path/to/john-ipad.p12
|
310
|
+
--p12file path/to/john-ipad.p12 \
|
311
|
+
--p12pass p12passphrase \
|
312
|
+
john ipad
|
289
313
|
|
290
314
|
Output similar to above:
|
291
315
|
|
data/Rakefile
CHANGED
data/bin/ovpnmcgen.rb
CHANGED
@@ -7,7 +7,7 @@ require 'ovpnmcgen/config'
|
|
7
7
|
program :version, Ovpnmcgen::VERSION
|
8
8
|
program :description, Ovpnmcgen::SUMMARY
|
9
9
|
program :help, 'Usage', 'ovpnmcgen.rb <command> [options] <args...>'
|
10
|
-
program :help_formatter,
|
10
|
+
program :help_formatter, Commander::HelpFormatter::Terminal
|
11
11
|
default_command :help
|
12
12
|
never_trace!
|
13
13
|
global_option '-c', '--config FILE', 'Specify path to config file. [Default: .ovpnmcgen.rb.yml]'
|
@@ -16,8 +16,8 @@ command :generate do |c|
|
|
16
16
|
c.syntax = 'ovpnmcgen.rb generate [options] <user> <device>'
|
17
17
|
c.summary = 'Generates iOS Configuration Profiles (.mobileconfig)'
|
18
18
|
c.description = 'Generates iOS configuration profiles (.mobileconfig) that configures OpenVPN for use with VPN-on-Demand that are not accessible through the Apple Configurator or the iPhone Configuration Utility.'
|
19
|
-
c.example 'Typical Usage', 'ovpnmcgen.rb gen --trusted-ssids home --host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key --p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad'
|
20
|
-
c.example 'Extended Usage', 'ovpnmcgen.rb gen --trusted-ssids home,school --untrusted-ssids virusnet --host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key --p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad'
|
19
|
+
c.example 'Typical Usage', 'ovpnmcgen.rb gen --v12compat --trusted-ssids home --host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key --p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad'
|
20
|
+
c.example 'Extended Usage', 'ovpnmcgen.rb gen --v12compat --trusted-ssids home,school --untrusted-ssids virusnet --host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key --p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad'
|
21
21
|
c.example 'Using OpenSSL to convert files into PKCS#12 (.p12)', 'openssl pkcs12 -export -out path/to/john-ipad.p12 -inkey path/to/john-ipad.key -in path/to/john-ipad.crt -passout pass:p12passphrase -name john-ipad@vpn.example.com'
|
22
22
|
c.example 'Using OpenSSL to convert from PKCS#12 (.p12) to Cert PEM file', 'openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-cert.crt -nodes -nokeys'
|
23
23
|
c.example 'Using OpenSSL to convert from PKCS#12 (.p12) to Key PEM file', 'openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-key.pem -nodes -nocerts'
|
@@ -30,8 +30,8 @@ command :generate do |c|
|
|
30
30
|
c.option '-p', '--port PORT', 'OpenVPN server port. [Default: 1194]'
|
31
31
|
c.option '--p12file FILE', 'Path to user PKCS#12 file. (Required)'
|
32
32
|
c.option '--p12pass PASSWORD', 'Password to unlock PKCS#12 file.'
|
33
|
-
c.option '--[no-]vod', 'Enable or Disable VPN-On-Demand. [Default: Enabled]'
|
34
|
-
c.option '--v12compat', 'Enable OpenVPN Connect 1.2.x compatibility. [Default: Disabled]'
|
33
|
+
c.option '--[no-]vod', 'Enable or Disable VPN-On-Demand. When Disabled, sets `vpn-on-demand: 0`, so that OpenVPN Connect can control this profile. [Default: Enabled]'
|
34
|
+
c.option '--v12compat', 'Enable OpenVPN Connect 1.2.x compatibility. When Enabled, use updated `VPNSubType: net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x). [Default: Disabled]'
|
35
35
|
c.option '--security-level LEVEL', 'Security level of VPN-On-Demand Behaviour: paranoid, high, medium. [Default: high]'
|
36
36
|
c.option '--vpn-uuid UUID', 'Override a VPN configuration payload UUID.'
|
37
37
|
c.option '--profile-uuid UUID', 'Override a Profile UUID.'
|
data/features/gen_basic.feature
CHANGED
data/lib/ovpnmcgen/version.rb
CHANGED
data/ovpnmcgen.rb.gemspec
CHANGED
@@ -24,6 +24,7 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.add_development_dependency "bundler", "~> 1.5"
|
25
25
|
spec.add_development_dependency "rake"
|
26
26
|
spec.add_development_dependency "aruba", "~> 0.5", ">= 0.5.4"
|
27
|
+
spec.add_development_dependency "pre-commit"
|
27
28
|
spec.add_runtime_dependency "plist", "~> 3.1", ">= 3.1.0"
|
28
29
|
spec.add_runtime_dependency "commander", "~> 4.1", ">= 4.1.6"
|
29
30
|
spec.add_runtime_dependency "app_configuration", "~> 0.0", ">= 0.0.2"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ovpnmcgen.rb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.0
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ronald Ip
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-01-
|
11
|
+
date: 2018-01-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -58,6 +58,20 @@ dependencies:
|
|
58
58
|
- - ">="
|
59
59
|
- !ruby/object:Gem::Version
|
60
60
|
version: 0.5.4
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: pre-commit
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - ">="
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: '0'
|
68
|
+
type: :development
|
69
|
+
prerelease: false
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - ">="
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '0'
|
61
75
|
- !ruby/object:Gem::Dependency
|
62
76
|
name: plist
|
63
77
|
requirement: !ruby/object:Gem::Requirement
|
@@ -136,6 +150,7 @@ files:
|
|
136
150
|
- README.md
|
137
151
|
- Rakefile
|
138
152
|
- bin/ovpnmcgen.rb
|
153
|
+
- config/pre_commit.yml
|
139
154
|
- features/gen_basic.feature
|
140
155
|
- features/gen_configfile.feature
|
141
156
|
- features/gen_ovpnconfigfile_input.feature
|
@@ -161,9 +176,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
161
176
|
version: 1.9.3
|
162
177
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
163
178
|
requirements:
|
164
|
-
- - "
|
179
|
+
- - ">="
|
165
180
|
- !ruby/object:Gem::Version
|
166
|
-
version:
|
181
|
+
version: '0'
|
167
182
|
requirements: []
|
168
183
|
rubyforge_project:
|
169
184
|
rubygems_version: 2.6.14
|