ovpnmcgen.rb 0.6.0.pre2 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ChangeLog +1 -1
- data/README.md +33 -9
- data/Rakefile +4 -0
- data/bin/ovpnmcgen.rb +5 -5
- data/config/pre_commit.yml +13 -0
- data/features/gen_basic.feature +1 -1
- data/lib/ovpnmcgen/version.rb +1 -1
- data/ovpnmcgen.rb.gemspec +1 -0
- metadata +19 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bd0b2f4339b1794b85242203dd089e8c9d06e6a4
|
4
|
+
data.tar.gz: '09a598c3fc4b1393135af9868bada7ea087ae4c8'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6805822be455ed2a9466f33b9fe2a37bb7f33a218d83969e9ad267d8e5c18ffa65389e3e8ab1759733c4ed0be6a9295f3afb039010af0b6ea064d3a0c9fa0455
|
7
|
+
data.tar.gz: ebdbfb12e33264706b61a797c04633066869d020714bfa3a9f0c8826da1bf23d686f8d93d2f6ed610819c519d922bb6149dde5ff65dc164d043b9622b50a1cc8
|
data/ChangeLog
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
= 0.6.0 /
|
1
|
+
= 0.6.0 / 2018-01-27
|
2
2
|
* Added support for `EvaluateConnection`, `Domains`, via `--domains`. It will include an `ActionParameters` dict containing `Domains`, and if `--domain-probe-url` is set, also contains `RequiredURLStringProbe`.
|
3
3
|
* Added support for updated bundle identifier (VPNSubType) `net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x), via `--v12compat`.
|
4
4
|
* Added support for `--cert` and `--key` for inline attachment of certificate and key, to workaround bug in OpenVPN Connect 1.2.5.
|
data/README.md
CHANGED
@@ -9,6 +9,16 @@ OpenVPN iOS Configuration Profile Utility
|
|
9
9
|
|
10
10
|
Generates iOS configuration profiles (.mobileconfig) that configures OpenVPN for use with VPN-on-Demand that are not accessible through the Apple Configurator or the iPhone Configuration Utility.
|
11
11
|
|
12
|
+
---
|
13
|
+
|
14
|
+
**OpenVPN Connect (iOS) v1.2.x**:
|
15
|
+
- Breaking changes: enable the `--v12compat` switch.
|
16
|
+
- Bug/workaround: enable the `--cert` & `--key` switches as necessary.
|
17
|
+
|
18
|
+
Refer to [known issues](#known-issues) below for more details.
|
19
|
+
|
20
|
+
---
|
21
|
+
|
12
22
|
Although there are many possible VPN-on-Demand (VoD) triggers, this utility currently only implements `SSIDMatch`, `InterfaceTypeMatch`, and optionally `URLStringProbe`. For 'high' (default) security level, the following algorithm is executed upon network changes, in order:
|
13
23
|
|
14
24
|
- If wireless SSID matches any specified with `--trusted-ssids`, tear down the VPN connection and do not reconnect on demand.
|
@@ -54,8 +64,11 @@ Usage: ovpnmcgen.rb generate [options] <user> <device>
|
|
54
64
|
-p, --port PORT OpenVPN server port. [Default: 1194]
|
55
65
|
--p12file FILE Path to user PKCS#12 file.
|
56
66
|
--p12pass PASSWORD Password to unlock PKCS#12 file.
|
57
|
-
--[no-]vod Enable or Disable VPN-On-Demand.
|
58
|
-
|
67
|
+
--[no-]vod Enable or Disable VPN-On-Demand.
|
68
|
+
When Disabled, sets `vpn-on-demand: 0`, so that OpenVPN Connect can control this profile. [Default: Enabled]
|
69
|
+
--v12compat Enable OpenVPN Connect 1.2.x compatibility.
|
70
|
+
When Enabled, use updated `VPNSubType: net.openvpn.connect.app`
|
71
|
+
(changed since OpenVPN Connect 1.2.x). [Default: Disabled]
|
59
72
|
--security-level LEVEL Security level of VPN-On-Demand Behaviour: paranoid, high, medium. [Default: high]
|
60
73
|
--vpn-uuid UUID Override a VPN configuration payload UUID.
|
61
74
|
--profile-uuid UUID Override a Profile UUID.
|
@@ -125,10 +138,15 @@ However, if there are certain sensitive public sites (or blocked sites) that you
|
|
125
138
|
## Examples
|
126
139
|
|
127
140
|
### Typical Usage
|
128
|
-
$ ovpnmcgen.rb gen --
|
129
|
-
--
|
141
|
+
$ ovpnmcgen.rb gen --v12compat \
|
142
|
+
--trusted-ssids home \
|
143
|
+
--host vpn.example.com \
|
144
|
+
--cafile path/to/ca.pem \
|
145
|
+
--tafile path/to/ta.key \
|
130
146
|
--url-probe http://vpn.example.com/status \
|
131
|
-
--p12file path/to/john-ipad.p12
|
147
|
+
--p12file path/to/john-ipad.p12 \
|
148
|
+
--p12pass p12passphrase \
|
149
|
+
john ipad
|
132
150
|
|
133
151
|
Output:
|
134
152
|
|
@@ -203,7 +221,7 @@ Output:
|
|
203
221
|
<string>DEFAULT</string>
|
204
222
|
</dict>
|
205
223
|
<key>VPNSubType</key>
|
206
|
-
<string>net.openvpn.
|
224
|
+
<string>net.openvpn.connect.app</string>
|
207
225
|
<key>VPNType</key>
|
208
226
|
<string>VPN</string>
|
209
227
|
<key>VendorConfig</key>
|
@@ -282,10 +300,16 @@ Output:
|
|
282
300
|
```
|
283
301
|
|
284
302
|
### Extended Usage
|
285
|
-
$ ovpnmcgen.rb gen --
|
286
|
-
--
|
303
|
+
$ ovpnmcgen.rb gen --v12compat \
|
304
|
+
--trusted-ssids home,school \
|
305
|
+
--untrusted-ssids virusnet \
|
306
|
+
--host vpn.example.com \
|
307
|
+
--cafile path/to/ca.pem \
|
308
|
+
--tafile path/to/ta.key \
|
287
309
|
--url-probe http://vpn.example.com/status \
|
288
|
-
--p12file path/to/john-ipad.p12
|
310
|
+
--p12file path/to/john-ipad.p12 \
|
311
|
+
--p12pass p12passphrase \
|
312
|
+
john ipad
|
289
313
|
|
290
314
|
Output similar to above:
|
291
315
|
|
data/Rakefile
CHANGED
data/bin/ovpnmcgen.rb
CHANGED
@@ -7,7 +7,7 @@ require 'ovpnmcgen/config'
|
|
7
7
|
program :version, Ovpnmcgen::VERSION
|
8
8
|
program :description, Ovpnmcgen::SUMMARY
|
9
9
|
program :help, 'Usage', 'ovpnmcgen.rb <command> [options] <args...>'
|
10
|
-
program :help_formatter,
|
10
|
+
program :help_formatter, Commander::HelpFormatter::Terminal
|
11
11
|
default_command :help
|
12
12
|
never_trace!
|
13
13
|
global_option '-c', '--config FILE', 'Specify path to config file. [Default: .ovpnmcgen.rb.yml]'
|
@@ -16,8 +16,8 @@ command :generate do |c|
|
|
16
16
|
c.syntax = 'ovpnmcgen.rb generate [options] <user> <device>'
|
17
17
|
c.summary = 'Generates iOS Configuration Profiles (.mobileconfig)'
|
18
18
|
c.description = 'Generates iOS configuration profiles (.mobileconfig) that configures OpenVPN for use with VPN-on-Demand that are not accessible through the Apple Configurator or the iPhone Configuration Utility.'
|
19
|
-
c.example 'Typical Usage', 'ovpnmcgen.rb gen --trusted-ssids home --host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key --p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad'
|
20
|
-
c.example 'Extended Usage', 'ovpnmcgen.rb gen --trusted-ssids home,school --untrusted-ssids virusnet --host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key --p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad'
|
19
|
+
c.example 'Typical Usage', 'ovpnmcgen.rb gen --v12compat --trusted-ssids home --host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key --p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad'
|
20
|
+
c.example 'Extended Usage', 'ovpnmcgen.rb gen --v12compat --trusted-ssids home,school --untrusted-ssids virusnet --host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key --p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad'
|
21
21
|
c.example 'Using OpenSSL to convert files into PKCS#12 (.p12)', 'openssl pkcs12 -export -out path/to/john-ipad.p12 -inkey path/to/john-ipad.key -in path/to/john-ipad.crt -passout pass:p12passphrase -name john-ipad@vpn.example.com'
|
22
22
|
c.example 'Using OpenSSL to convert from PKCS#12 (.p12) to Cert PEM file', 'openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-cert.crt -nodes -nokeys'
|
23
23
|
c.example 'Using OpenSSL to convert from PKCS#12 (.p12) to Key PEM file', 'openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-key.pem -nodes -nocerts'
|
@@ -30,8 +30,8 @@ command :generate do |c|
|
|
30
30
|
c.option '-p', '--port PORT', 'OpenVPN server port. [Default: 1194]'
|
31
31
|
c.option '--p12file FILE', 'Path to user PKCS#12 file. (Required)'
|
32
32
|
c.option '--p12pass PASSWORD', 'Password to unlock PKCS#12 file.'
|
33
|
-
c.option '--[no-]vod', 'Enable or Disable VPN-On-Demand. [Default: Enabled]'
|
34
|
-
c.option '--v12compat', 'Enable OpenVPN Connect 1.2.x compatibility. [Default: Disabled]'
|
33
|
+
c.option '--[no-]vod', 'Enable or Disable VPN-On-Demand. When Disabled, sets `vpn-on-demand: 0`, so that OpenVPN Connect can control this profile. [Default: Enabled]'
|
34
|
+
c.option '--v12compat', 'Enable OpenVPN Connect 1.2.x compatibility. When Enabled, use updated `VPNSubType: net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x). [Default: Disabled]'
|
35
35
|
c.option '--security-level LEVEL', 'Security level of VPN-On-Demand Behaviour: paranoid, high, medium. [Default: high]'
|
36
36
|
c.option '--vpn-uuid UUID', 'Override a VPN configuration payload UUID.'
|
37
37
|
c.option '--profile-uuid UUID', 'Override a Profile UUID.'
|
data/features/gen_basic.feature
CHANGED
data/lib/ovpnmcgen/version.rb
CHANGED
data/ovpnmcgen.rb.gemspec
CHANGED
@@ -24,6 +24,7 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.add_development_dependency "bundler", "~> 1.5"
|
25
25
|
spec.add_development_dependency "rake"
|
26
26
|
spec.add_development_dependency "aruba", "~> 0.5", ">= 0.5.4"
|
27
|
+
spec.add_development_dependency "pre-commit"
|
27
28
|
spec.add_runtime_dependency "plist", "~> 3.1", ">= 3.1.0"
|
28
29
|
spec.add_runtime_dependency "commander", "~> 4.1", ">= 4.1.6"
|
29
30
|
spec.add_runtime_dependency "app_configuration", "~> 0.0", ">= 0.0.2"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ovpnmcgen.rb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.0
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ronald Ip
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-01-
|
11
|
+
date: 2018-01-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -58,6 +58,20 @@ dependencies:
|
|
58
58
|
- - ">="
|
59
59
|
- !ruby/object:Gem::Version
|
60
60
|
version: 0.5.4
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: pre-commit
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - ">="
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: '0'
|
68
|
+
type: :development
|
69
|
+
prerelease: false
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - ">="
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '0'
|
61
75
|
- !ruby/object:Gem::Dependency
|
62
76
|
name: plist
|
63
77
|
requirement: !ruby/object:Gem::Requirement
|
@@ -136,6 +150,7 @@ files:
|
|
136
150
|
- README.md
|
137
151
|
- Rakefile
|
138
152
|
- bin/ovpnmcgen.rb
|
153
|
+
- config/pre_commit.yml
|
139
154
|
- features/gen_basic.feature
|
140
155
|
- features/gen_configfile.feature
|
141
156
|
- features/gen_ovpnconfigfile_input.feature
|
@@ -161,9 +176,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
161
176
|
version: 1.9.3
|
162
177
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
163
178
|
requirements:
|
164
|
-
- - "
|
179
|
+
- - ">="
|
165
180
|
- !ruby/object:Gem::Version
|
166
|
-
version:
|
181
|
+
version: '0'
|
167
182
|
requirements: []
|
168
183
|
rubyforge_project:
|
169
184
|
rubygems_version: 2.6.14
|