ovpnmcgen.rb 0.4.2 → 0.5.0.pre
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ChangeLog +3 -0
- data/README.md +29 -6
- data/bin/ovpnmcgen.rb +2 -0
- data/features/gen_basic.feature +17 -1
- data/lib/ovpnmcgen.rb +10 -1
- data/lib/ovpnmcgen/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e912d2080a544f817e2d2cb33bb27e05e29dfc7e
|
4
|
+
data.tar.gz: 58a420384ff00d67674250b21b692ed5875f15fc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fe4f9f4812a070d0fbf95256457592bf21850812d9bc61ee4fdf68b9c6ebdd109e9ba1a0bdd54c4ca3380454f2667adab6229ecb80326c03d23dc5f30b989f52
|
7
|
+
data.tar.gz: 7e42fb2134215286d41e7e2fcc488f0347b48f9f97ef8c46d89f097783606627aa44f5700006de3ae246e9bb85f8b146ac7275db6b4a73f602edca19225a9365
|
data/ChangeLog
CHANGED
data/README.md
CHANGED
@@ -60,6 +60,7 @@ Usage: ovpnmcgen.rb generate [options] <user> <device>
|
|
60
60
|
-t, --trusted-ssids SSIDS List of comma-separated trusted SSIDs.
|
61
61
|
-u, --untrusted-ssids SSIDS List of comma-separated untrusted SSIDs.
|
62
62
|
--url-probe URL This URL must return HTTP status 200, without redirection, before the VPN service will try establishing.
|
63
|
+
--remotes REMOTES List of comma-separated alternate remotes: "<host> <port> <proto>".
|
63
64
|
--ovpnconfigfile FILE Path to OpenVPN client config file.
|
64
65
|
-o, --output FILE Output to file. [Default: stdout]
|
65
66
|
```
|
@@ -114,6 +115,7 @@ By enabling this option, you will need to reliably and quickly respond with HTTP
|
|
114
115
|
### Typical Usage
|
115
116
|
$ ovpnmcgen.rb gen --trusted-ssids home --host vpn.example.com \
|
116
117
|
--cafile path/to/ca.pem --tafile path/to/ta.key \
|
118
|
+
--url-probe http://vpn.example.com/status \
|
117
119
|
--p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad
|
118
120
|
|
119
121
|
Output:
|
@@ -157,22 +159,30 @@ Output:
|
|
157
159
|
<array>
|
158
160
|
<string>home</string>
|
159
161
|
</array>
|
162
|
+
<key>URLStringProbe</key>
|
163
|
+
<string>http://vpn.example.com/status</string>
|
160
164
|
</dict>
|
161
165
|
<dict>
|
162
166
|
<key>Action</key>
|
163
167
|
<string>Connect</string>
|
164
168
|
<key>InterfaceTypeMatch</key>
|
165
169
|
<string>WiFi</string>
|
170
|
+
<key>URLStringProbe</key>
|
171
|
+
<string>http://vpn.example.com/status</string>
|
166
172
|
</dict>
|
167
173
|
<dict>
|
168
174
|
<key>Action</key>
|
169
175
|
<string>Ignore</string>
|
170
176
|
<key>InterfaceTypeMatch</key>
|
171
177
|
<string>Cellular</string>
|
178
|
+
<key>URLStringProbe</key>
|
179
|
+
<string>http://vpn.example.com/status</string>
|
172
180
|
</dict>
|
173
181
|
<dict>
|
174
182
|
<key>Action</key>
|
175
183
|
<string>Connect</string>
|
184
|
+
<key>URLStringProbe</key>
|
185
|
+
<string>http://vpn.example.com/status</string>
|
176
186
|
</dict>
|
177
187
|
</array>
|
178
188
|
<key>PayloadCertificateUUID</key>
|
@@ -262,6 +272,7 @@ Output:
|
|
262
272
|
### Extended Usage
|
263
273
|
$ ovpnmcgen.rb gen --trusted-ssids home,school --untrusted-ssids virusnet \
|
264
274
|
--host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key \
|
275
|
+
--url-probe http://vpn.example.com/status \
|
265
276
|
--p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad
|
266
277
|
|
267
278
|
Output similar to above:
|
@@ -296,22 +307,30 @@ Output similar to above:
|
|
296
307
|
<array>
|
297
308
|
<string>virusnet</string>
|
298
309
|
</array>
|
310
|
+
<key>URLStringProbe</key>
|
311
|
+
<string>http://vpn.example.com/status</string>
|
299
312
|
</dict>
|
300
313
|
<dict>
|
301
314
|
<key>Action</key>
|
302
315
|
<string>Connect</string>
|
303
316
|
<key>InterfaceTypeMatch</key>
|
304
317
|
<string>WiFi</string>
|
318
|
+
<key>URLStringProbe</key>
|
319
|
+
<string>http://vpn.example.com/status</string>
|
305
320
|
</dict>
|
306
321
|
<dict>
|
307
322
|
<key>Action</key>
|
308
323
|
<string>Ignore</string>
|
309
324
|
<key>InterfaceTypeMatch</key>
|
310
325
|
<string>Cellular</string>
|
326
|
+
<key>URLStringProbe</key>
|
327
|
+
<string>http://vpn.example.com/status</string>
|
311
328
|
</dict>
|
312
329
|
<dict>
|
313
330
|
<key>Action</key>
|
314
331
|
<string>Connect</string>
|
332
|
+
<key>URLStringProbe</key>
|
333
|
+
<string>http://vpn.example.com/status</string>
|
315
334
|
</dict>
|
316
335
|
</array>
|
317
336
|
...
|
@@ -334,27 +353,31 @@ Output similar to above:
|
|
334
353
|
|
335
354
|
- "Not connected to Internet" error/behaviour when VPN should be established.
|
336
355
|
|
337
|
-
Diagnosis
|
356
|
+
*Diagnosis*: Load any site in Safari. An error message "Safari cannot open the page because your iPhone is not connected to the Internet" will be presented.
|
338
357
|
|
339
358
|
There is a bug in the iOS/OS X network routing code that hangs the routing system, preventing the gateway or IP address from being set. This happens more frequently when the tunnel is brought up/down more frequently.
|
340
359
|
|
341
|
-
|
360
|
+
*Solution*: Upgrade to iOS 8.1. The new iOS update seems to have mostly solved issues surrounding the networking stack.
|
361
|
+
|
362
|
+
*Workaround*: Hard-restart iOS. Press and hold down both the home and sleep/wake buttons until iOS turns off and back on with the Apple boot up screen. Release when the Apple boot up screen appears.
|
342
363
|
|
343
364
|
- Weird Rapid Connecting…/Disconnected behaviour.
|
344
365
|
|
345
|
-
Diagnosis
|
366
|
+
*Diagnosis*: VPN status in Settings.app rapid alternates between Connecting… and Disconnected.
|
346
367
|
|
347
368
|
Usually happens when the VoD component is stuck in an infinite loop. Not sure what triggers it.
|
348
369
|
|
349
|
-
|
370
|
+
*Solution*: Upgrade to iOS 8.1. The new iOS update seems to have mostly solved issues surrounding the networking stack.
|
371
|
+
|
372
|
+
*Workaround*: Hard-restart iOS. Press and hold down both the home and sleep/wake buttons until iOS turns off and back on with the Apple boot up screen. Release when the Apple boot up screen appears.
|
350
373
|
|
351
374
|
- Cannot load Captive Portals (Hotspots on unsecured Wireless networks).
|
352
375
|
|
353
376
|
Some unsecured hotspots require navigating certain webpages before full access to the internet is available. This requirement blocks VPN connections and iOS will also block captive portal access, waiting on the VPN connection. This circular dependency results in no internet access.
|
354
377
|
|
355
|
-
|
378
|
+
*Solution*: Implement `URLStringProbe` where, if and only if this URL is successfully fetched (returning a 200 HTTP status code) without redirection, will the VPN service be required, relied on, and brought up. Enable with the `--url-probe` flag.
|
356
379
|
|
357
|
-
|
380
|
+
*Workaround*: Manually disable VPN-on-Demand in Settings.app > VPN > Server (i) option screen. Reenable only after Internet access is available.
|
358
381
|
|
359
382
|
## TODO
|
360
383
|
|
data/bin/ovpnmcgen.rb
CHANGED
@@ -34,6 +34,7 @@ command :generate do |c|
|
|
34
34
|
c.option '-t', '--trusted-ssids SSIDS', Array, 'List of comma-separated trusted SSIDs.'
|
35
35
|
c.option '-u', '--untrusted-ssids SSIDS', Array, 'List of comma-separated untrusted SSIDs.'
|
36
36
|
c.option '--url-probe URL', 'This URL must return HTTP status 200, without redirection, before the VPN service will try establishing.'
|
37
|
+
c.option '--remotes REMOTES', Array, 'List of comma-separated alternate remotes: "<host> <port> <proto>".'
|
37
38
|
c.option '--ovpnconfigfile FILE', 'Path to OpenVPN client config file.'
|
38
39
|
c.option '-o', '--output FILE', 'Output to file. [Default: stdout]'
|
39
40
|
c.action do |args, options|
|
@@ -85,6 +86,7 @@ command :generate do |c|
|
|
85
86
|
inputs[:ovpnconfigfile] = options.ovpnconfigfile || config.ovpnconfigfile if options.ovpnconfigfile or config.ovpnconfigfile
|
86
87
|
inputs[:tafile] = options.tafile || config.tafile if options.tafile or config.tafile
|
87
88
|
inputs[:url_probe] = options.url_probe || config.url_probe if options.url_probe or config.url_probe
|
89
|
+
inputs[:remotes] = options.remotes || config.remotes if options.remotes or config.remotes
|
88
90
|
|
89
91
|
unless options.output
|
90
92
|
puts Ovpnmcgen.generate(inputs)
|
data/features/gen_basic.feature
CHANGED
@@ -221,4 +221,20 @@ Feature: Basic Generate Functionality
|
|
221
221
|
<?xml version="1.0" encoding="UTF-8"?>
|
222
222
|
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
223
223
|
<plist version="1.0">
|
224
|
-
"""
|
224
|
+
"""
|
225
|
+
|
226
|
+
Scenario: The remotes flag is set with multiple hosts.
|
227
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --remotes "1.example.org 1195 tcp","2.example.org 1196 tcp" cucumber aruba`
|
228
|
+
Then the output should match:
|
229
|
+
"""
|
230
|
+
<key>remote.1</key>
|
231
|
+
\s*<string>aruba.cucumber.org 1194 udp</string>
|
232
|
+
"""
|
233
|
+
And the output should match:
|
234
|
+
"""
|
235
|
+
<key>remote.2</key>
|
236
|
+
\s*<string>1.example.org 1195 tcp</string>
|
237
|
+
\s*<key>remote.3</key>
|
238
|
+
\s*<string>2.example.org 1196 tcp</string>
|
239
|
+
"""
|
240
|
+
And the output should not contain "<key>remote</key>"
|
data/lib/ovpnmcgen.rb
CHANGED
@@ -17,10 +17,12 @@ module Ovpnmcgen
|
|
17
17
|
p12pass = inputs[:p12pass] || ''
|
18
18
|
trusted_ssids = inputs[:trusted_ssids] || false
|
19
19
|
untrusted_ssids = inputs[:untrusted_ssids] || false
|
20
|
+
remotes = inputs[:remotes] || false
|
20
21
|
|
21
22
|
# Ensure [un]trusted_ssids are Arrays.
|
22
23
|
trusted_ssids = Array(trusted_ssids) if trusted_ssids
|
23
24
|
untrusted_ssids = Array(untrusted_ssids) if untrusted_ssids
|
25
|
+
remotes = Array(remotes) if remotes
|
24
26
|
|
25
27
|
begin
|
26
28
|
ca_cert = File.readlines(inputs[:cafile]).map { |x| x.chomp }.join('\n')
|
@@ -53,7 +55,14 @@ module Ovpnmcgen
|
|
53
55
|
'remote-cert-tls' => 'server'
|
54
56
|
}
|
55
57
|
end
|
56
|
-
|
58
|
+
if remotes
|
59
|
+
ovpnconfighash['remote.1'] = "#{host} #{port} #{proto}"
|
60
|
+
remotes.each_with_index do |r, i|
|
61
|
+
ovpnconfighash["remote.#{i+2}"] = r
|
62
|
+
end
|
63
|
+
else
|
64
|
+
ovpnconfighash['remote'] = "#{host} #{port} #{proto}"
|
65
|
+
end
|
57
66
|
ovpnconfighash['ca'] = ca_cert
|
58
67
|
ovpnconfighash['tls-auth'] = tls_auth if inputs[:tafile]
|
59
68
|
ovpnconfighash['key-direction'] = '1' if inputs[:tafile]
|
data/lib/ovpnmcgen/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ovpnmcgen.rb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0.pre
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ronald Ip
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2015-01-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -162,9 +162,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
162
162
|
version: 1.9.3
|
163
163
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
164
164
|
requirements:
|
165
|
-
- - "
|
165
|
+
- - ">"
|
166
166
|
- !ruby/object:Gem::Version
|
167
|
-
version:
|
167
|
+
version: 1.3.1
|
168
168
|
requirements: []
|
169
169
|
rubyforge_project:
|
170
170
|
rubygems_version: 2.2.2
|