ovpnmcgen.rb 0.6.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: bd0b2f4339b1794b85242203dd089e8c9d06e6a4
-  data.tar.gz: '09a598c3fc4b1393135af9868bada7ea087ae4c8'
+SHA256:
+  metadata.gz: 9071e5c961bdcc1c388a8046e19ef9a6a38acfee9fec0fddef820de5abc53db1
+  data.tar.gz: 1643a139e9f1ca64d8e0e8f925d1066b556e102a6bd6392570159a55a152005d
 SHA512:
-  metadata.gz: 6805822be455ed2a9466f33b9fe2a37bb7f33a218d83969e9ad267d8e5c18ffa65389e3e8ab1759733c4ed0be6a9295f3afb039010af0b6ea064d3a0c9fa0455
-  data.tar.gz: ebdbfb12e33264706b61a797c04633066869d020714bfa3a9f0c8826da1bf23d686f8d93d2f6ed610819c519d922bb6149dde5ff65dc164d043b9622b50a1cc8
+  metadata.gz: 92ae4717bbdc333dc7e3d1a7661b22d26f3116a527e776ccf44ce6982952698adb939345634ebad2171ed3cfcfc64168686ab2a18b41a3cf1bd729f4b474183c
+  data.tar.gz: 1d15ba82e5b2e02057a566502c428054c77d243d5ffd0b37c94bc673bc7cbbcb0a69842a3cc8993855058a64cd5aa31a5a64055a8b27227faab1471e4b65a434

data/.chglog/CHANGELOG.tpl.md

@@ -0,0 +1,57 @@
+{{ if .Versions -}}
+<a name="unreleased"></a>
+## [Unreleased]
+
+{{ if .Unreleased.CommitGroups -}}
+{{ range .Unreleased.CommitGroups -}}
+{{ range .Commits -}}
+- {{ .Header }}
+{{ end }}
+{{ end -}}
+{{ else }}
+{{ range .Unreleased.Commits -}}
+- {{ .Header }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+
+{{ range .Versions }}
+<a name="{{ .Tag.Name }}"></a>
+## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }}
+{{ if .CommitGroups -}}
+{{ range .CommitGroups -}}
+{{ range .Commits -}}
+- {{ .Header }}
+{{ end }}
+{{ end -}}
+{{ else }}
+{{ range .Commits -}}
+- {{ .Header }}
+{{ end }}
+{{ end -}}
+
+{{- if .RevertCommits -}}
+### Reverts
+{{ range .RevertCommits -}}
+- {{ .Revert.Header }}
+{{ end }}
+{{ end -}}
+
+{{- if .NoteGroups -}}
+{{ range .NoteGroups -}}
+### {{ .Title }}
+{{ range .Notes }}
+{{ .Body }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
+{{- if .Versions }}
+[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD
+{{ range .Versions -}}
+{{ if .Tag.Previous -}}
+[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
+{{ end -}}
+{{ end -}}
+{{ end -}}

data/.chglog/config.yml

@@ -0,0 +1,36 @@
+style: github
+template: CHANGELOG.tpl.md
+info:
+  title: CHANGELOG
+  repository_url: https://github.com/iphoting/ovpnmcgen.rb
+options:
+  commits:
+    # filters:
+    #   Type:
+    #     - feat
+    #     - fix
+    #     - perf
+    #     - refactor
+  commit_groups:
+    # title_maps:
+    #   feat: Features
+    #   fix: Bug Fixes
+    #   perf: Performance Improvements
+    #   refactor: Code Refactoring
+  header:
+    pattern: "^(.*)$"
+    pattern_maps:
+      - Subject
+
+  merges:
+    pattern: "^Merge branch '(\\w+)'$"
+    pattern_maps:
+      - Source
+
+  reverts:
+    pattern: "^Revert \"([\\s\\S]*)\"$"
+    pattern_maps:
+      - Header
+  notes:
+    keywords:
+      - BREAKING CHANGE

data/.travis.yml

@@ -1,5 +1,4 @@
 language: ruby
-#cache: bundler
 
 before_install:
   # https://github.com/travis-ci/travis-ci/issues/8978
@@ -8,10 +7,10 @@ before_install:
   - bundle version
 
 rvm:
-  - 2.2
   - 2.3
   - 2.4
   - 2.5
+  - 2.6
   - ruby-head
   - jruby-19mode
 
@@ -29,5 +28,5 @@ deploy:
   on:
     tags: true
     repo: "iphoting/ovpnmcgen.rb"
-    ruby: 2.4.0
+    ruby: 2.4
     branch: master

data/ChangeLog.md

@@ -0,0 +1,115 @@
+# ChangeLog
+
+<a name="unreleased"></a>
+## [Unreleased]
+
+
+
+
+<a name="v0.7.0"></a>
+## [v0.7.0] - 2019-08-31
+
+- Improve url probe handling
+- Extract user and device information from p12
+- Add support for disconnect on idle timer
+- Add support for customizing the VPN profile name
+- Make profile uuid stable
+- Improve profile description with VPN config map
+- Make vpn uuid stable
+- Make cert uuid stable
+- Add support for TLS-Crypt
+- Add workaround for global config flag not being parsed
+
+
+<a name="v0.6.0"></a>
+## [v0.6.0] - 2018-01-27
+
+- Fixed: Without `--p12file`, `AuthenticationMethod` must be set to `Password`.
+- Added support for `--cert` and `--key` for inline attachment of certificate and key, to workaround bug in OpenVPN Connect 1.2.5.
+- Added `--v12compat` switch for OpenVPN Connect 1.2.x compatibility for updated bundle identifier (VPNSubType) `net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x).
+- Added support for `vpn-on-demand: 0` key/value pair with `--no-vod` is set, so that OpenVPN Connect can control this profile..
+- Fixed: Domain VoD Actions should not be included without `--domains` flag.
+- Added support for `EvaluateConnection`, `Domains`, via `--domains`. It will include an `ActionParameters` dict containing `Domains`, and if `--domain-probe-url` is set, also contains `RequiredURLStringProbe`.
+
+
+<a name="v0.5.0"></a>
+## [v0.5.0] - 2015-02-22
+
+- New feature: Specify multiple remotes with `--remotes "host2 1194 tcp","host3 1195 udp"` flag.
+
+
+<a name="v0.4.2"></a>
+## [v0.4.2] - 2014-07-05
+
+- Bugfix: Default catch-all rule should be 'Ignore'.
+
+
+<a name="v0.4.1"></a>
+## [v0.4.1] - 2014-05-07
+
+- Fixed: SSIDs specified as string in config now produces correct output.
+
+
+<a name="v0.4.0"></a>
+## [v0.4.0] - 2014-05-07
+
+- Added support for configuration persistance, via ENV or `~/.ovpnmcgen.rb.yml` or `--config` flag.
+- Updated VoD rules in `--[un]trusted-ssids` to also use `InterfaceTypeMatch`.
+
+
+<a name="v0.3.0"></a>
+## [v0.3.0] - 2014-05-04
+
+- Updated documentation for `URLStringProbe` and `--url-probe`.
+- Added URLStringProbe support via `--url-probe` flag.
+
+
+<a name="v0.2.1"></a>
+## [v0.2.1] - 2014-04-19
+
+- Use a portable and native uuidgen implementation.
+- Minor fixes for bugs caught by tests.
+
+
+<a name="v0.2.0"></a>
+## [v0.2.0] - 2014-04-18
+
+- TLS-Auth keyfile now optional.
+- Added support for security-levels.
+- Support custom UUID values.
+
+
+<a name="v0.1.0"></a>
+## [v0.1.0] - 2014-03-27
+
+- Added support for --ovpnconfigfile.
+- Improved invalid arguments error message.
+- Shorter switches for --[un]trusted-ssids.
+- Support custom --port and --proto switches.
+
+
+<a name="v0.0.2"></a>
+## [v0.0.2] - 2014-03-26
+
+- Require at least ruby v1.9.3.
+
+
+<a name="v0.0.1"></a>
+## v0.0.1 - 2014-03-26
+
+- Initial release
+
+
+[Unreleased]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.7.0...HEAD
+[v0.7.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.6.0...v0.7.0
+[v0.6.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.5.0...v0.6.0
+[v0.5.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.5.0.pre...v0.5.0
+[v0.5.0.pre]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.4.2...v0.5.0.pre
+[v0.4.2]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.4.1...v0.4.2
+[v0.4.1]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.4.0...v0.4.1
+[v0.4.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.3.0...v0.4.0
+[v0.3.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.2.1...v0.3.0
+[v0.2.1]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.2.0...v0.2.1
+[v0.2.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.1.0...v0.2.0
+[v0.1.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.0.2...v0.1.0
+[v0.0.2]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.0.1...v0.0.2

data/bin/ovpnmcgen.rb

@@ -10,8 +10,10 @@ program :help, 'Usage', 'ovpnmcgen.rb <command> [options] <args...>'
 program :help_formatter, Commander::HelpFormatter::Terminal
 default_command :help
 never_trace!
-global_option '-c', '--config FILE', 'Specify path to config file. [Default: .ovpnmcgen.rb.yml]'
- 
+global_option('-c', '--config FILE', 'Specify path to config file. [Default: .ovpnmcgen.rb.yml]') do |config|
+  $config = config
+end
+
 command :generate do |c|
   c.syntax = 'ovpnmcgen.rb generate [options] <user> <device>'
   c.summary = 'Generates iOS Configuration Profiles (.mobileconfig)'
@@ -23,6 +25,7 @@ command :generate do |c|
   c.example 'Using OpenSSL to convert from PKCS#12 (.p12) to Key PEM file', 'openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-key.pem -nodes -nocerts'
   c.option '--cafile FILE', 'Path to OpenVPN CA file. (Required)'
   c.option '--tafile FILE', 'Path to TLS-Auth Key file.'
+  c.option '--tlscryptfile FILE', 'Path to TLS-Crypt Key file.'
   c.option '--cert FILE', 'Path to Cert file.'
   c.option '--key FILE', 'Path to Private Key file.'
   c.option '--host HOSTNAME', 'Hostname of OpenVPN server. (Required)'
@@ -34,27 +37,38 @@ command :generate do |c|
   c.option '--v12compat', 'Enable OpenVPN Connect 1.2.x compatibility. When Enabled, use updated `VPNSubType: net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x). [Default: Disabled]'
   c.option '--security-level LEVEL', 'Security level of VPN-On-Demand Behaviour: paranoid, high, medium. [Default: high]'
   c.option '--vpn-uuid UUID', 'Override a VPN configuration payload UUID.'
+  c.option '--vpn-name NAME', 'Override a VPN configuration payload name displayed under Settings.app > General > VPN.'
   c.option '--profile-uuid UUID', 'Override a Profile UUID.'
   c.option '--cert-uuid UUID', 'Override a Certificate payload UUID.'
   c.option '-t', '--trusted-ssids SSIDS', Array, 'List of comma-separated trusted SSIDs.'
   c.option '-u', '--untrusted-ssids SSIDS', Array, 'List of comma-separated untrusted SSIDs.'
   c.option '-d', '--domains DOMAINS', Array, 'List of comma-separated domain names requiring VPN service.'
   c.option '--domain-probe-url PROBE', String, 'An HTTP(S) URL to probe, using a GET request. If no HTTP response code is received from the server, a VPN connection is established in response.'
+  c.option '--trusted-ssids-probe-url PROBE', String, 'An HTTP(S) URL to probe, using a GET request. If no HTTP response code is received from the server, a VPN connection may be established in response.'
   c.option '--url-probe URL', 'This URL must return HTTP status 200, without redirection, before the VPN service will try establishing.'
   c.option '--remotes REMOTES', Array, 'List of comma-separated alternate remotes: "<host> <port> <proto>".'
+  c.option '--idle-timer TIME', Integer, 'Disconnect from VPN when idle for a certain period of time (in seconds) which is useful for VPN-On-Demand scenarios. Requires disabling "Reconnect On Wakeup" on OpenVPN.app.'
   c.option '--ovpnconfigfile FILE', 'Path to OpenVPN client config file.'
   c.option '-o', '--output FILE', 'Output to file. [Default: stdout]'
   c.action do |args, options|
-    raise ArgumentError.new "Invalid arguments. Run '#{File.basename(__FILE__)} help generate' for guidance" if args.nil? or args.length < 2
-
     # Set up configuration environment.
-    if options.config
-      Ovpnmcgen.configure(options.config)
+    if $config
+      Ovpnmcgen.configure($config)
     else
       Ovpnmcgen.configure
     end
     config = Ovpnmcgen.config
 
+    user, device = args
+    if args.empty? and (options.p12file or config.p12file)
+      filename = File.basename((options.p12file or config.p12file), '.p12')
+      user, device = filename.split('-') if filename
+    end
+
+    unless user and device
+      raise ArgumentError.new "Invalid arguments. Run '#{File.basename(__FILE__)} help generate' for guidance"
+    end
+
     raise ArgumentError.new "Host is required" unless options.host or config.host
     raise ArgumentError.new "cafile is required" unless options.cafile or config.cafile
 
@@ -63,6 +77,14 @@ command :generate do |c|
       raise ArgumentError.new "PKCS#12 or cert & key file required"
     end
 
+    if (options.trusted_ssids_probe_url or config.trusted_ssids_probe_url) and not (options.trusted_ssids or config.trusted_ssids)
+      raise ArgumentError.new "cannot set --trusted-ssids-probe-url without --trusted-ssids"
+    end
+
+    if (config.tafile or options.tafile) and (config.tlscryptfile or options.tlscryptfile)
+      raise ArgumentError.new "tafile and tlscryptfile cannot be both set"
+    end
+
     options.default :vod => case
       when config.vod == true || config.no_vod == false
         true
@@ -75,8 +97,6 @@ command :generate do |c|
       :port => (config.port)? config.port : 1194,
       :security_level => (config.security_level)? config.security_level : 'high'
 
-    user, device = args
-
     inputs = {
       :user => user,
       :device => device,
@@ -87,15 +107,18 @@ command :generate do |c|
       :port => options.port,
       :enableVOD => options.vod,
       :trusted_ssids => options.trusted_ssids || config.trusted_ssids,
+      :trusted_ssids_probe_url => options.trusted_ssids_probe_url || config.trusted_ssids_probe_url,
       :untrusted_ssids => options.untrusted_ssids || config.untrusted_ssids,
       :profile_uuid => options.profile_uuid || config.profile_uuid,
       :vpn_uuid => options.vpn_uuid || config.vpn_uuid,
+      :vpn_name => options.vpn_name || config.vpn_name,
       :cert_uuid => options.cert_uuid || config.cert_uuid,
       :security_level => options.security_level
     }
     inputs[:ovpnconfigfile] = options.ovpnconfigfile || config.ovpnconfigfile if options.ovpnconfigfile or config.ovpnconfigfile
     inputs[:p12file] = options.p12file || config.p12file if options.p12file or config.p12file
     inputs[:tafile] = options.tafile || config.tafile if options.tafile or config.tafile
+    inputs[:tlscryptfile] = options.tlscryptfile || config.tlscryptfile if options.tlscryptfile or config.tlscryptfile
     inputs[:cert] = options.cert || config.cert if options.cert or config.cert
     inputs[:key] = options.key || config.key if options.key or config.key
     inputs[:url_probe] = options.url_probe || config.url_probe if options.url_probe or config.url_probe
@@ -103,6 +126,7 @@ command :generate do |c|
     inputs[:domains] = options.domains || config.domains if options.domains or config.domains
     inputs[:domain_probe_url] = options.domain_probe_url || config.domain_probe_url if options.domain_probe_url or config.domain_probe_url
     inputs[:v12compat] = options.v12compat || config.v12compat if options.v12compat or config.v12compat
+    inputs[:idle_timer] = options.idle_timer || config.idle_timer if options.idle_timer or config.idle_timer
 
     unless options.output
       puts Ovpnmcgen.generate(inputs)

data/features/gen_basic.feature

@@ -16,6 +16,11 @@ Feature: Basic Generate Functionality
 			p12file that should appear
 			In base64 encoding as <data/>
 			"""
+		And a file named "cucumber-aruba.p12" with:
+			"""
+			p12file with filename that matches
+			#{user}-#{device} pattern
+			"""
 		And a file named "cert.crt" with:
 			"""
 			Contents of cert file
@@ -109,6 +114,18 @@ Feature: Basic Generate Functionality
 			\s*<integer>1</integer>
 			"""
 
+	Scenario: Correct arguments with all required flags, host, cafile, and p12file (no cert and key) in #{user}-#{device} pattern.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file cucumber-aruba.p12`
+		Then the output should match:
+		"""
+		<key>PayloadDescription</key>
+		\s*<string>OpenVPN Configuration Payload for cucumber-aruba@aruba.cucumber.org</string>
+		\s*<key>PayloadDisplayName</key>
+		\s*<string>aruba.cucumber.org OpenVPN cucumber@aruba</string>
+		\s*<key>PayloadIdentifier</key>
+		\s*<string>org.cucumber.aruba.cucumber-aruba</string>
+		"""
+
 	@OCv1.2 @v0.6.0
 	Scenario: Correct arguments with all required flags, host, cafile, cert, and key (no p12file).
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --cert cert.crt --key key.pem cucumber aruba`
@@ -184,6 +201,25 @@ Feature: Basic Generate Functionality
 			\s*<string>Contents of TLS-Auth Key file\\nWith newlines\\nAnd more newlines\\nThat should appear as one line</string>
 			"""
 
+	Scenario: The tlscrypt flag is set.
+		Given a file named "tlscrypt.key" with:
+			"""
+			Contents of TLS-Crypt Key file
+			With newlines
+			And more newlines
+			That should appear as one line
+			"""
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --tlscryptfile tlscrypt.key cucumber aruba`
+		Then the output should match:
+			"""
+			<key>tls-crypt</key>
+			\s*<string>Contents of TLS-Crypt Key file\\nWith newlines\\nAnd more newlines\\nThat should appear as one line</string>
+			"""
+
+	Scenario: Both tafile and tlscryptfile flags are set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --tafile ta.key --tlscryptfile tlscrypt.key cucumber aruba`
+		Then the output should contain "error: tafile and tlscryptfile cannot be both set"
+
 	Scenario: The proto and port flags are set.
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --proto tcp --port 1234 cucumber aruba`
 		Then the output should match:
@@ -284,6 +320,25 @@ Feature: Basic Generate Functionality
 			\s*</array>
 			"""
 
+	Scenario: The trusted ssids flag is set and trusted ssids probe URL is set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --trusted-ssids trusted1 --trusted-ssids-probe-url "https://example.com/200.html" cucumber aruba`
+		Then the output should match:
+			"""
+			<string>Disconnect</string>
+			\s*<key>InterfaceTypeMatch</key>
+			\s*<string>WiFi</string>
+			\s*<key>SSIDMatch</key>
+			\s*<array>
+			\s*<string>trusted1</string>
+			\s*</array>
+			\s*<key>URLStringProbe</key>
+			\s*<string>https:\/\/example\.com\/200\.html</string>
+			"""
+
+	Scenario: The trusted ssids probe URL is set without trusted ssids flag being set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --trusted-ssids-probe-url "https://example.com/200.html" cucumber aruba`
+		Then the output should contain "error: cannot set --trusted-ssids-probe-url without --trusted-ssids"
+
 	Scenario: The security-level flag is set to paranoid.
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --security-level paranoid cucumber aruba`
 		Then the output should match:
@@ -444,3 +499,29 @@ Feature: Basic Generate Functionality
 			\s*</dict>
 			\s*</array>
 			"""
+
+	Scenario: The profile UUID flag is set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --profile-uuid A43E7B13-4F02-4121-9B70-81C734E495C1 cucumber aruba`
+		Then the output should match:
+			"""
+			<key>PayloadIdentifier</key>
+			\s*<string>com.apple.vpn.managed.A43E7B13-4F02-4121-9B70-81C734E495C1</string>
+			"""
+
+	Scenario: The VPN profile name flag is set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --vpn-name foobar cucumber aruba`
+		Then the output should match:
+			"""
+			<key>UserDefinedName</key>
+			\s*<string>foobar</string>
+			"""
+
+	Scenario: The idle timer flag is set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --idle-timer 10 cucumber aruba`
+		Then the output should match:
+			"""
+			<key>DisconnectOnIdle</key>
+			\s*<integer>1</integer>
+			\s*<key>DisconnectOnIdleTimer</key>
+			\s*<integer>10</integer>
+			"""

data/lib/ovpnmcgen.rb

@@ -19,6 +19,8 @@ module Ovpnmcgen
     untrusted_ssids = inputs[:untrusted_ssids] || false
     remotes = inputs[:remotes] || false
     vodDomains = inputs[:domains] || false
+    vpnName = inputs[:vpn_name] || "#{host}/VoD"
+    plistDescription = "OpenVPN Configuration Payload for #{user}-#{device}@#{host}"
 
     # Ensure [un]trusted_ssids are Arrays.
     trusted_ssids = Array(trusted_ssids) if trusted_ssids
@@ -33,6 +35,13 @@ module Ovpnmcgen
       exit
     end
 
+    begin
+      tls_crypt = File.readlines(inputs[:tlscryptfile]).map { |x| x.chomp }.join('\n')
+    rescue Errno::ENOENT
+      puts "TLS crypt file not found: #{inputs[:tlscryptfile]}!"
+      exit
+    end if inputs[:tlscryptfile]
+
     begin
       tls_auth = File.readlines(inputs[:tafile]).map { |x| x.chomp }.join('\n')
     rescue Errno::ENOENT
@@ -63,6 +72,7 @@ module Ovpnmcgen
 
     unless inputs[:ovpnconfigfile].nil?
       ovpnconfighash = Ovpnmcgen.getOVPNVendorConfigHash(inputs[:ovpnconfigfile])
+      plistDescription = "#{plistDescription}. Includes custom OpenVPN directives #{ovpnconfighash.to_s.gsub('"', '').gsub('=>', '=')}."
     else # Bare minimum configuration
       ovpnconfighash = {
         'client' => 'NOARGS',
@@ -82,6 +92,7 @@ module Ovpnmcgen
     ovpnconfighash['ca'] = ca_cert
     ovpnconfighash['tls-auth'] = tls_auth if inputs[:tafile]
     ovpnconfighash['key-direction'] = '1' if inputs[:tafile]
+    ovpnconfighash['tls-crypt'] = tls_crypt if inputs[:tlscryptfile]
     ovpnconfighash['cert'] = cert_file if inputs[:cert]
     ovpnconfighash['key'] = key_file if inputs[:key]
     ovpnconfighash['vpn-on-demand'] = '0' unless enableVOD
@@ -134,7 +145,7 @@ module Ovpnmcgen
       'Action' => 'Ignore'
     }
 
-    # Insert URLStringProbe conditions when enabled with --url-probe
+    # Insert URLStringProbe conditions when enabled with --url-probe.
     vodTrusted['URLStringProbe'] =
       vodUntrusted['URLStringProbe'] =
       vodWifiOnly['URLStringProbe'] =
@@ -143,6 +154,9 @@ module Ovpnmcgen
       vodDefault['URLStringProbe'] =
       inputs[:url_probe] if inputs[:url_probe]
 
+    # Insert trusted SSIDs-specific URLStringProbe condition when enabled with --trusted-ssids-url-probe.
+    vodTrusted['URLStringProbe'] = inputs[:trusted_ssids_probe_url] if inputs[:trusted_ssids_probe_url]
+
     vpnOnDemandRules << vodTrusted if trusted_ssids
     vpnOnDemandRules << vodUntrusted if untrusted_ssids
     vpnOnDemandRules << vodWifiOnly
@@ -158,7 +172,7 @@ module Ovpnmcgen
       'PayloadContent' => StringData.new(p12file),
       'PayloadDescription' => 'Provides device authentication (certificate or identity).',
       'PayloadDisplayName' => "#{user}-#{device}.p12",
-      'PayloadIdentifier' => "#{identifier}.#{user}-#{device}.credential",
+      'PayloadIdentifier' => (inputs[:cert_uuid]) ? "com.apple.vpn.managed.#{certUUID}" : "#{identifier}.#{user}-#{device}.credential",
       'PayloadOrganization' => domain,
       'PayloadType' => 'com.apple.security.pkcs12',
       'PayloadUUID' => certUUID,
@@ -168,12 +182,12 @@ module Ovpnmcgen
     vpn = {
       'PayloadDescription' => "Configures VPN settings, including authentication.",
       'PayloadDisplayName' => "VPN (#{host}/VoD)",
-      'PayloadIdentifier' => "#{identifier}.#{user}-#{device}.vpnconfig",
+      'PayloadIdentifier' => (inputs[:vpn_uuid]) ? "com.apple.vpn.managed.#{certUUID}" : "#{identifier}.#{user}-#{device}.vpnconfig",
       'PayloadOrganization' => domain,
       'PayloadType' => 'com.apple.vpn.managed',
       'PayloadUUID' => vpnUUID,
       'PayloadVersion' => 1,
-      'UserDefinedName' => "#{host}/VoD",
+      'UserDefinedName' => vpnName,
       'VPN' => {
         'AuthenticationMethod' => 'Certificate',
         'OnDemandEnabled' => (enableVOD)? 1 : 0,
@@ -190,15 +204,19 @@ module Ovpnmcgen
       vpn['VPN']['AuthenticationMethod'] = 'Password'
       vpn['VPN'].delete('PayloadCertificateUUID')
     end
+    if inputs[:idle_timer]
+      vpn['VPN']['DisconnectOnIdle'] = 1
+      vpn['VPN']['DisconnectOnIdleTimer'] = inputs[:idle_timer]
+    end
 
     plistPayloadContent = [vpn]
     plistPayloadContent << cert if p12file
     #encPlistPayloadContent = cmsEncrypt([vpn, cert].to_plist).der_format
 
     plist = {
-      'PayloadDescription' => "OpenVPN Configuration Payload for #{user}-#{device}@#{host}",
+      'PayloadDescription' => plistDescription,
       'PayloadDisplayName' => "#{host} OpenVPN #{user}@#{device}",
-      'PayloadIdentifier' => "#{identifier}.#{user}-#{device}",
+      'PayloadIdentifier' => (inputs[:profile_uuid]) ? "com.apple.vpn.managed.#{plistUUID}" : "#{identifier}.#{user}-#{device}",
       'PayloadOrganization' => domain,
       'PayloadRemovalDisallowed' => false,
       'PayloadType' => 'Configuration',

data/lib/ovpnmcgen/ovpnconfig.rb

@@ -34,7 +34,7 @@ module Ovpnmcgen
         case key
         when 'fragment', 'mssfix', 'secret', 'socks-proxy', 'persist-key', 'persist-tun', 'resolv-retry', 'nobind', 'verb', 'user', 'group', 'pull', 'mute'
           true
-        when 'remote', 'ca', 'pkcs12', 'tls-auth', 'cert', 'key', 'proto' # specified with switches.
+        when 'remote', 'ca', 'pkcs12', 'tls-auth', 'tls-crypt', 'cert', 'key', 'proto' # specified with switches.
           true
         else
           false

data/lib/ovpnmcgen/version.rb

@@ -1,4 +1,4 @@
 module Ovpnmcgen
-  VERSION = "0.6.0"
+  VERSION = "0.7.0"
   SUMMARY = "An OpenVPN iOS Configuration Profile (.mobileconfig) Utility"
 end

data/ovpnmcgen.rb.gemspec

@@ -21,11 +21,11 @@ Gem::Specification.new do |spec|
   spec.bindir = 'bin'
   spec.required_ruby_version = '>= 1.9.3'
 
-  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "aruba", "~> 0.5", ">= 0.5.4"
   spec.add_development_dependency "pre-commit"
-  spec.add_runtime_dependency     "plist", "~> 3.1", ">= 3.1.0"
-  spec.add_runtime_dependency     "commander", "~> 4.1", ">= 4.1.6"
+  spec.add_runtime_dependency     "plist", "~> 3.5", ">= 3.5.0"
+  spec.add_runtime_dependency     "commander", "~> 4.4", ">= 4.4.7"
   spec.add_runtime_dependency     "app_configuration", "~> 0.0", ">= 0.0.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ovpnmcgen.rb
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Ronald Ip
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-26 00:00:00.000000000 Z
+date: 2019-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -76,42 +76,42 @@ dependencies:
   name: plist
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.5.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.5.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
 - !ruby/object:Gem::Dependency
   name: commander
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.1'
+        version: '4.4'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.1.6
+        version: 4.4.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.1'
+        version: '4.4'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.1.6
+        version: 4.4.7
 - !ruby/object:Gem::Dependency
   name: app_configuration
   requirement: !ruby/object:Gem::Requirement
@@ -142,9 +142,11 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".chglog/CHANGELOG.tpl.md"
+- ".chglog/config.yml"
 - ".gitignore"
 - ".travis.yml"
-- ChangeLog
+- ChangeLog.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -180,8 +182,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.14
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: An OpenVPN iOS Configuration Profile (.mobileconfig) Utility

data/ChangeLog

@@ -1,46 +0,0 @@
-= 0.6.0 / 2018-01-27
-	* Added support for `EvaluateConnection`, `Domains`, via `--domains`. It will include an `ActionParameters` dict containing `Domains`, and if `--domain-probe-url` is set, also contains `RequiredURLStringProbe`.
-	* Added support for updated bundle identifier (VPNSubType) `net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x), via `--v12compat`.
-	* Added support for `--cert` and `--key` for inline attachment of certificate and key, to workaround bug in OpenVPN Connect 1.2.5.
-	* Added support for `vpn-on-demand: 0` key/value pair when `--no-vod` is set, so that OpenVPN Connect can control this profile.
-
-= 0.5.0 / 2015-02-22
-	* Specify multiple remotes with `--remotes "host2 1194 tcp","host3 1195 udp"` flag.
-
-= 0.4.2 / 2014-07-05
-	* Bugfix: Default catch-all rule should be 'Ignore', any other option does not make sense.
-
-= 0.4.1 / 2014-05-07
-	* Bugfix: SSIDs specified as a string in configfile now correctly output
-	as arrays. (#a9e638)
-
-= 0.4.0 / 2014-05-07
-	* VoD rules in `--[un]trusted-ssids` to also use `InterfaceTypeMatch`.
-	* Added support for configuration persistance, via ENV or
-	~/.ovpnmcgen.rb.yml or `--config` flag.
-
-= 0.3.0 / 2014-05-04
-	* Documentation updates.
-	* Added support for `URLStringProbe`, via `--url-probe`.
-
-= 0.2.1 / 2014-04-19
-	* Implement unit testing.
-	* Switch to a portable and native uuidgen implementation.
-	* Minor documentation improvements.
-
-= 0.2.0 / 2014-04-18
-	* Support custom UUID value overrides.
-	* Support for security level, i.e. paranoid, high (default), medium.
-	* TLS-Auth keyfile now optional.
-
-= 0.1.0 / 2014-03-27
-	* Added support for `--ovpnconfigfile`, `--port`, `--proto`.
-	* Shorter switches for `--[un]trusted-ssids`.
-	* Improved Documentation.
-
-= 0.0.2 / 2014-03-26
-	* Require ruby >= 1.9.3.
-	* Improved Documentation.
-
-= 0.0.1 / 2014-03-26
-	* Initial Release.