RubyGems - ovpnmcgen.rb - Versions diffs - 0.5.0 → 0.6.0.pre1 - Mend

ovpnmcgen.rb 0.5.0 → 0.6.0.pre1

Files changed (13) hide show

checksums.yaml +4 -4
data/.travis.yml +8 -3
data/ChangeLog +6 -0
data/README.md +31 -1
data/bin/ovpnmcgen.rb +18 -2
data/features/gen_basic.feature +200 -5
data/features/gen_ovpnconfigfile_input.feature +3 -3
data/features/support/setup.rb +1 -1
data/lib/ovpnmcgen.rb +46 -6
data/lib/ovpnmcgen/version.rb +1 -1
data/ovpnmcgen.rb.gemspec +2 -2
metadata +9 -11
data/features/step_definitions/env.rb +0 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 675dc82e76fd77d0495ad9f2d64cd34608a4d1c6
-  data.tar.gz: 236c302ebc4ac83a6a848c6b636b973c973d5e53
+  metadata.gz: 8c53f1956b9b8994f831ebe16c57c03d68063f00
+  data.tar.gz: 79c052e1292418d755de8ce385f64bd06febe124
 SHA512:
-  metadata.gz: c3766c57fc08f06d8a3a2c055ea519a6e37d0992a0068696e0bf504d8e0b0e9ab8ca9dc4222cf374bfd67dda33eb2859ee7d5345a2e67ae3adce0081b839b73e
-  data.tar.gz: c5c6b4f3209827e8ef063639c7c83ac5d337b58af45b187b9ff2d246f000b02a62ff96fdafb52dbdae07bbe959e9465922e528c22188979dc10afa161060f052
+  metadata.gz: e0a716ca145189a96c24c67485321d24d4c85a995c5582e98ea46ccf25c3c7ff215013371620c0d952919e55105f09a171b32c09ee7cceee73aae4d34d30dda8
+  data.tar.gz: aad1f689dc09017f99b0c43ae4148c4b3c4085db2ec0f1f16b7e0fc5156205ba034741082a7ee840a233839c41c08f4910099599e826a1d96996cb2c749ac7ed

data/.travis.yml CHANGED Viewed

@@ -1,13 +1,17 @@
 language: ruby
+#cache: bundler
 before_install:
+  # https://github.com/travis-ci/travis-ci/issues/8978
+  - gem update --system
   - gem update bundler
   - bundle version
 rvm:
-  - "1.9.3"
-  - "2.0.0"
-  - "2.1"
+  - 2.2
+  - 2.3
+  - 2.4
+  - 2.5
   - ruby-head
   - jruby-19mode
@@ -25,4 +29,5 @@ deploy:
   on:
     tags: true
     repo: "iphoting/ovpnmcgen.rb"
+    ruby: 2.4.0
     branch: master

data/ChangeLog CHANGED Viewed

@@ -1,3 +1,9 @@
+= 0.6.0 / Unreleased
+	* Added support for `EvaluateConnection`, `Domains`, via `--domains`. It will include an `ActionParameters` dict containing `Domains`, and if `--domain-probe-url` is set, also contains `RequiredURLStringProbe`.
+	* Added support for updated bundle identifier (VPNSubType) `net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x), via `--v12compat`.
+	* Added support for `--cert` and `--key` for inline attachment of certificate and key, to workaround bug in OpenVPN Connect 1.2.5.
+	* Added support for `vpn-on-demand: 0` key/value pair when `--no-vod` is set, so that OpenVPN Connect can control this profile.
 = 0.5.0 / 2015-02-22
 	* Specify multiple remotes with `--remotes "host2 1194 tcp","host3 1195 udp"` flag.

data/README.md CHANGED Viewed

@@ -47,18 +47,23 @@ Usage: ovpnmcgen.rb generate [options] <user> <device>
     -c, --config FILE    Specify path to config file. [Default: .ovpnmcgen.rb.yml]
     --cafile FILE        Path to OpenVPN CA file. (Required)
     --tafile FILE        Path to TLS-Auth Key file.
+    --cert FILE          Path to Cert file.
+    --key FILE           Path to Private Key file.
     --host HOSTNAME      Hostname of OpenVPN server. (Required)
     --proto PROTO        OpenVPN server protocol. [Default: udp]
     -p, --port PORT      OpenVPN server port. [Default: 1194]
-    --p12file FILE       Path to user PKCS#12 file. (Required)
+    --p12file FILE       Path to user PKCS#12 file.
     --p12pass PASSWORD   Password to unlock PKCS#12 file.
     --[no-]vod           Enable or Disable VPN-On-Demand. [Default: Enabled]
+    --v12compat          Enable OpenVPN Connect 1.2.x compatibility. [Default: Disabled]
     --security-level LEVEL Security level of VPN-On-Demand Behaviour: paranoid, high, medium. [Default: high]
     --vpn-uuid UUID      Override a VPN configuration payload UUID.
     --profile-uuid UUID  Override a Profile UUID.
     --cert-uuid UUID     Override a Certificate payload UUID.
     -t, --trusted-ssids SSIDS List of comma-separated trusted SSIDs.
     -u, --untrusted-ssids SSIDS List of comma-separated untrusted SSIDs.
+    -d, --domains DOMAINS List of comma-separated domain names requiring VPN service.
+    --domain-probe-url PROBE An HTTP(S) URL to probe, using a GET request. If no HTTP response code is received from the server, a VPN connection is established in response.
     --url-probe URL      This URL must return HTTP status 200, without redirection, before the VPN service will try establishing.
     --remotes REMOTES	List of comma-separated alternate remotes: "<host> <port> <proto>".
     --ovpnconfigfile FILE Path to OpenVPN client config file.
@@ -110,6 +115,13 @@ This feature can be enabled for statistical and maintenance-protection reasons.
 By enabling this option, you will need to reliably and quickly respond with HTTP status code 200 at the URL string supplied.
+### Domain Matching
+To require an iOS device to bring up the VPN when `example.com` is requested is not so easy, especially if it is has a publicly accessible DNS resolution.
+Apple provides an `EvaluateConnection` and `ActionParameters` configuration options with the view that certain domains will have DNS resolution failures, and hence, require the VPN to be up. In most corporate cases with internal-facing hostnames, it works well. See the `--domains` option.
+However, if there are certain sensitive public sites (or blocked sites) that you decide that a VPN should be brought up instead, you will need to additionally specify a `RequiredURLStringProbe` that returns a non-200 response. See the `--domain-probe-url` option.
 ## Examples
 ### Typical Usage
@@ -349,8 +361,26 @@ Output similar to above:
 	-inkey path/to/john-ipad.key -in path/to/john-ipad.crt \
 	-passout pass:p12passphrase -name john-ipad@vpn.example.com
+### Using OpenSSL to convert from PKCS#12 (.p12) to Cert PEM file
+	openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-cert.crt \
+	-nodes -nokeys
+### Using OpenSSL to convert from PKCS#12 (.p12) to Key PEM file
+	openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-key.pem \
+	-nodes -nocerts
 ## Known Issues
+- OpenVPN Connect v1.2.5 breaking changes
+	*Diagnosis*: Certificates no longer found or VoD mobileconfig broken after OpenVPN Connect upgrade to v1.2.5.
+	The VPN switch in the Settings.app jumps rapidly from On to Off, status switches from Connecting... to Disconnected immediately. No logs produced within the OpernVPN Connect app log viewer.
+	This is caused by 1) a breaking change, where the `VPNSubType` has changed, and 2) a bug where the OpenVPN Connect is missing a keychain access entitlement from Apple.
+	*Solution + Workaround*: Enable the `--v12compat` switch to resolve (1), and use `--cert` and `--key` switches to workaround (2).
 - "Not connected to Internet" error/behaviour when VPN should be established.
 	*Diagnosis*: Load any site in Safari. An error message "Safari cannot open the page because your iPhone is not connected to the Internet" will be presented.

data/bin/ovpnmcgen.rb CHANGED Viewed

@@ -19,20 +19,27 @@ command :generate do |c|
   c.example 'Typical Usage', 'ovpnmcgen.rb gen --trusted-ssids home --host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key --p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad'
   c.example 'Extended Usage', 'ovpnmcgen.rb gen --trusted-ssids home,school --untrusted-ssids virusnet --host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key --p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad'
   c.example 'Using OpenSSL to convert files into PKCS#12 (.p12)', 'openssl pkcs12 -export -out path/to/john-ipad.p12 -inkey path/to/john-ipad.key -in path/to/john-ipad.crt -passout pass:p12passphrase -name john-ipad@vpn.example.com'
+  c.example 'Using OpenSSL to convert from PKCS#12 (.p12) to Cert PEM file', 'openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-cert.crt -nodes -nokeys'
+  c.example 'Using OpenSSL to convert from PKCS#12 (.p12) to Key PEM file', 'openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-key.pem -nodes -nocerts'
   c.option '--cafile FILE', 'Path to OpenVPN CA file. (Required)'
   c.option '--tafile FILE', 'Path to TLS-Auth Key file.'
+  c.option '--cert FILE', 'Path to Cert file.'
+  c.option '--key FILE', 'Path to Private Key file.'
   c.option '--host HOSTNAME', 'Hostname of OpenVPN server. (Required)'
   c.option '--proto PROTO', 'OpenVPN server protocol. [Default: udp]'
   c.option '-p', '--port PORT', 'OpenVPN server port. [Default: 1194]'
   c.option '--p12file FILE', 'Path to user PKCS#12 file. (Required)'
   c.option '--p12pass PASSWORD', 'Password to unlock PKCS#12 file.'
   c.option '--[no-]vod', 'Enable or Disable VPN-On-Demand. [Default: Enabled]'
+  c.option '--v12compat', 'Enable OpenVPN Connect 1.2.x compatibility. [Default: Disabled]'
   c.option '--security-level LEVEL', 'Security level of VPN-On-Demand Behaviour: paranoid, high, medium. [Default: high]'
   c.option '--vpn-uuid UUID', 'Override a VPN configuration payload UUID.'
   c.option '--profile-uuid UUID', 'Override a Profile UUID.'
   c.option '--cert-uuid UUID', 'Override a Certificate payload UUID.'
   c.option '-t', '--trusted-ssids SSIDS', Array, 'List of comma-separated trusted SSIDs.'
   c.option '-u', '--untrusted-ssids SSIDS', Array, 'List of comma-separated untrusted SSIDs.'
+  c.option '-d', '--domains DOMAINS', Array, 'List of comma-separated domain names requiring VPN service.'
+  c.option '--domain-probe-url PROBE', String, 'An HTTP(S) URL to probe, using a GET request. If no HTTP response code is received from the server, a VPN connection is established in response.'
   c.option '--url-probe URL', 'This URL must return HTTP status 200, without redirection, before the VPN service will try establishing.'
   c.option '--remotes REMOTES', Array, 'List of comma-separated alternate remotes: "<host> <port> <proto>".'
   c.option '--ovpnconfigfile FILE', 'Path to OpenVPN client config file.'
@@ -50,7 +57,11 @@ command :generate do |c|
     raise ArgumentError.new "Host is required" unless options.host or config.host
     raise ArgumentError.new "cafile is required" unless options.cafile or config.cafile
-    raise ArgumentError.new "PKCS#12 file is required" unless options.p12file or config.p12file
+    # A --p12file or (--cert and --key) needs to be provided. Shall not prevent user from specifying both.
+    unless (options.p12file or config.p12file) or ((options.cert or config.cert) and (options.key or config.key))
+      raise ArgumentError.new "PKCS#12 or cert & key file required"
+    end
     options.default :vod => case
       when config.vod == true || config.no_vod == false
@@ -69,7 +80,6 @@ command :generate do |c|
     inputs = {
       :user => user,
       :device => device,
-      :p12file => options.p12file || config.p12file,
       :p12pass => options.p12pass || config.p12pass,
       :cafile => options.cafile || config.cafile,
       :host => options.host || config.host,
@@ -84,9 +94,15 @@ command :generate do |c|
       :security_level => options.security_level
     }
     inputs[:ovpnconfigfile] = options.ovpnconfigfile || config.ovpnconfigfile if options.ovpnconfigfile or config.ovpnconfigfile
+    inputs[:p12file] = options.p12file || config.p12file if options.p12file or config.p12file
     inputs[:tafile] = options.tafile || config.tafile if options.tafile or config.tafile
+    inputs[:cert] = options.cert || config.cert if options.cert or config.cert
+    inputs[:key] = options.key || config.key if options.key or config.key
     inputs[:url_probe] = options.url_probe || config.url_probe if options.url_probe or config.url_probe
     inputs[:remotes] = options.remotes || config.remotes if options.remotes or config.remotes
+    inputs[:domains] = options.domains || config.domains if options.domains or config.domains
+    inputs[:domain_probe_url] = options.domain_probe_url || config.domain_probe_url if options.domain_probe_url or config.domain_probe_url
+    inputs[:v12compat] = options.v12compat || config.v12compat if options.v12compat or config.v12compat
     unless options.output
       puts Ovpnmcgen.generate(inputs)

data/features/gen_basic.feature CHANGED Viewed

@@ -16,6 +16,20 @@ Feature: Basic Generate Functionality
 			p12file that should appear
 			In base64 encoding as <data/>
 			"""
+		And a file named "cert.crt" with:
+			"""
+			Contents of cert file
+			With newlines
+			And more newlines
+			That should appear as one line
+			"""
+		And a file named "key.pem" with:
+			"""
+			Contents of key file
+			With newlines
+			And more newlines
+			That should appear as one line
+			"""
 	Scenario: I need help
 		When I run `ovpnmcgen.rb help g`
@@ -46,15 +60,22 @@ Feature: Basic Generate Functionality
 		And the output should not contain "error: cafile"
 		Then the output should contain "error: "
-	Scenario: Correct arguments will all required flags, host, cafile, p12file.
+	@v0.6.0
+	Scenario: Correct arguments with all required flags, host, cafile, except (either p12file or (cert and key)).
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt cucumber aruba`
+		And the output should not contain "error: Host"
+		And the output should not contain "error: cafile"
+		Then the output should contain "error: PKCS#12 or cert & key"
+	Scenario: Correct arguments with all required flags, host, cafile, and p12file (no cert and key).
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 cucumber aruba`
 		And the output should not contain "error: Host"
 		And the output should not contain "error: cafile"
 		And the output should not contain "error: PKCS#12"
-		Then the output should contain:
+		Then the output should match:
 			"""
-			<?xml version="1.0" encoding="UTF-8"?>
-			<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+			<\?xml version="1.0" encoding="UTF-8"\?>
+			<!DOCTYPE plist PUBLIC "-\/\/Apple*\/\/DTD PLIST 1.0\/\/EN" "http:\/\/www.apple.com\/DTDs\/PropertyList-1.0.dtd">
 			<plist version="1.0">
 			"""
 		And the output should match:
@@ -83,6 +104,52 @@ Feature: Basic Generate Functionality
 			\s*<integer>1</integer>
 			"""
+	@OCv1.2 @v0.6.0
+	Scenario: Correct arguments with all required flags, host, cafile, cert, and key (no p12file).
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --cert cert.crt --key key.pem cucumber aruba`
+		And the output should not contain "error: Host"
+		And the output should not contain "error: cafile"
+		And the output should not contain "error: PKCS#12 or cert & key"
+		Then the output should match:
+			"""
+			<\?xml version="1.0" encoding="UTF-8"\?>
+			<!DOCTYPE plist PUBLIC "-\/\/Apple*\/\/DTD PLIST 1.0\/\/EN" "http:\/\/www.apple.com\/DTDs\/PropertyList-1.0.dtd">
+			<plist version="1.0">
+			"""
+		And the output should match:
+			"""
+			<key>remote</key>
+			\s*<string>aruba.cucumber.org 1194 udp</string>
+			"""
+		And the output should match:
+			"""
+			<key>ca</key>
+			\s*<string>Contents of CA file\\nWith newlines\\nAnd more newlines\\nThat should appear as one line</string>
+			"""
+		And the output should match:
+			"""
+			<key>cert</key>
+			\s*<string>Contents of cert file\\nWith newlines\\nAnd more newlines\\nThat should appear as one line</string>
+			"""
+		And the output should match:
+			"""
+			<key>key</key>
+			\s*<string>Contents of key file\\nWith newlines\\nAnd more newlines\\nThat should appear as one line</string>
+			"""
+		And the output should match:
+			"""
+			<key>OnDemandEnabled</key>
+			\s*<integer>1</integer>
+			"""
+		And the output should not match:
+			"""
+			<key>AuthenticationMethod</key>
+			"""
+		And the output should not match:
+			"""
+			<key>PayloadCertificateUUID</key>
+			"""
 	Scenario: The p12pass flag is set.
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --p12pass p12passphrase cucumber aruba`
 		Then the output should match:
@@ -114,6 +181,7 @@ Feature: Basic Generate Functionality
 			\s*<string>aruba.cucumber.org 1234 tcp</string>
 			"""
+	@OCv1.2 @v0.6.0
 	Scenario: The no-vod flag is set.
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --no-vod cucumber aruba`
 		Then the output should match:
@@ -121,6 +189,42 @@ Feature: Basic Generate Functionality
 			<key>OnDemandEnabled</key>
 			\s*<integer>0</integer>
 			"""
+		And the output should match:
+			"""
+			<key>vpn-on-demand</key>
+			\s*<string>0</string>
+			"""
+	Scenario: The no-vod flag is not set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 cucumber aruba`
+		Then the output should match:
+			"""
+			<key>OnDemandEnabled</key>
+			\s*<integer>1</integer>
+			"""
+		And the output should not match:
+			"""
+			<key>vpn-on-demand</key>
+			\s*<string>0</string>
+			"""
+	@OCv1.2 @v0.6.0
+	Scenario: The 1.2 flag is set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --v12compat cucumber aruba`
+		Then the output should match:
+			"""
+			<key>VPNSubType</key>
+			\s*<string>net.openvpn.connect.app</string>
+			"""
+	@OCv1.2 @v0.6.0
+	Scenario: The 1.2 flag is not set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 cucumber aruba`
+		Then the output should match:
+			"""
+			<key>VPNSubType</key>
+			\s*<string>net.openvpn.OpenVPN-Connect.vpnplugin</string>
+			"""
 	Scenario: The url-probe flag is set.
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --url-probe 'https://url.to.probe/' cucumber aruba`
@@ -219,7 +323,9 @@ Feature: Basic Generate Functionality
 		And the file "fileout.mobileconfig" should contain:
 			"""
 			<?xml version="1.0" encoding="UTF-8"?>
-			<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+			"""
+		And the file "fileout.mobileconfig" should contain:
+			"""
 			<plist version="1.0">
 			"""
@@ -238,3 +344,92 @@ Feature: Basic Generate Functionality
 			\s*<string>2.example.org 1196 tcp</string>
 			"""
 		And the output should not contain "<key>remote</key>"
+	Scenario: The domains flag is not set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 cucumber aruba`
+		Then the output should not match:
+			"""
+			<key>Action</key>
+			\s*<string>EvaluateConnection</string>
+			"""
+		And the output should not match:
+			"""
+			<key>ActionParameters</key>
+			\s*<array>
+			\s*<dict>
+			\s*<key>DomainAction</key>
+			\s*<string>ConnectIfNeeded</string>
+			\s*<key>Domains</key>
+			\s*</dict>
+			\s*</array>
+			"""
+	Scenario: The domains flag is set with one domain.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --domains "example.com" cucumber aruba`
+		Then the output should match:
+			"""
+			<key>Action</key>
+			\s*<string>EvaluateConnection</string>
+			"""
+		And the output should match:
+			"""
+			<key>ActionParameters</key>
+			\s*<array>
+			\s*<dict>
+			\s*<key>DomainAction</key>
+			\s*<string>ConnectIfNeeded</string>
+			\s*<key>Domains</key>
+			\s*<array>
+			\s*<string>example\.com</string>
+			\s*</array>
+			\s*</dict>
+			\s*</array>
+			"""
+	Scenario: The domains flag is set with multiple domains.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --domains "*.example.com,example.com" cucumber aruba`
+		Then the output should match:
+			"""
+			<key>Action</key>
+			\s*<string>EvaluateConnection</string>
+			"""
+		And the output should match:
+			"""
+			<key>ActionParameters</key>
+			\s*<array>
+			\s*<dict>
+			\s*<key>DomainAction</key>
+			\s*<string>ConnectIfNeeded</string>
+			\s*<key>Domains</key>
+			\s*<array>
+			\s*<string>\*\.example\.com</string>
+			\s*<string>example\.com</string>
+			\s*</array>
+			\s*</dict>
+			\s*</array>
+			"""
+	Scenario: The domains flag is set with multiple domains and domain probe URL is set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --domains "*.example.com,example.com" --domain-probe-URL "https://example.com/404.html" cucumber aruba`
+		Then the output should match:
+			"""
+			<key>Action</key>
+			\s*<string>EvaluateConnection</string>
+			"""
+		And the output should match:
+			"""
+			<key>ActionParameters</key>
+			\s*<array>
+			\s*<dict>
+			\s*<key>DomainAction</key>
+			\s*<string>ConnectIfNeeded</string>
+			\s*<key>Domains</key>
+			\s*<array>
+			\s*<string>\*\.example\.com</string>
+			\s*<string>example\.com</string>
+			\s*</array>
+			\s*<key>RequiredURLStringProbe</key>
+			\s*<string>https:\/\/example\.com\/404\.html</string>
+			\s*</dict>
+			\s*</array>
+			"""

data/features/gen_ovpnconfigfile_input.feature CHANGED Viewed

@@ -148,10 +148,10 @@ Feature: Generate Functionality From Supplied OpenVPN Config File
 	Scenario: A decent openvpn config file is specified.
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --ovpnconfigfile clean.ovpn cucumber aruba`
-		Then the output should contain:
+		Then the output should match:
 			"""
-			<?xml version="1.0" encoding="UTF-8"?>
-			<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+			<\?xml version="1.0" encoding="UTF-8"\?>
+			<!DOCTYPE plist PUBLIC "-\/\/Apple*\/\/DTD PLIST 1.0\/\/EN" "http:\/\/www.apple.com\/DTDs\/PropertyList-1.0.dtd">
 			<plist version="1.0">
 			"""
 		And the output should contain "aruba.cucumber.org 1194 udp"

data/features/support/setup.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'aruba/cucumber'
-require 'aruba/jruby'
 Before do
+	require 'aruba/config/jruby'
 	@aruba_timeout_seconds = 60
 end if RUBY_PLATFORM == 'java'

data/lib/ovpnmcgen.rb CHANGED Viewed

@@ -18,11 +18,13 @@ module Ovpnmcgen
     trusted_ssids = inputs[:trusted_ssids] || false
     untrusted_ssids = inputs[:untrusted_ssids] || false
     remotes = inputs[:remotes] || false
+    vodDomains = inputs[:domains] || false
     # Ensure [un]trusted_ssids are Arrays.
     trusted_ssids = Array(trusted_ssids) if trusted_ssids
     untrusted_ssids = Array(untrusted_ssids) if untrusted_ssids
     remotes = Array(remotes) if remotes
+    vodDomains = Array(vodDomains) if vodDomains
     begin
       ca_cert = File.readlines(inputs[:cafile]).map { |x| x.chomp }.join('\n')
@@ -38,12 +40,26 @@ module Ovpnmcgen
       exit
     end if inputs[:tafile]
+    begin
+      cert_file = File.readlines(inputs[:cert]).map { |x| x.chomp }.join('\n')
+    rescue Errno::ENOENT
+      puts "Cert file not found: #{inputs[:cert]}!"
+      exit
+    end if inputs[:cert]
+    begin
+      key_file = File.readlines(inputs[:key]).map { |x| x.chomp }.join('\n')
+    rescue Errno::ENOENT
+      puts "Key file not found: #{inputs[:key]}!"
+      exit
+    end if inputs[:key]
     begin
       p12file = Base64.encode64(File.read(inputs[:p12file]))
     rescue Errno::ENOENT
-      puts "PCKS#12 file not found: #{inputs[:p12file]}!"
+      puts "PKCS#12 file not found: #{inputs[:p12file]}!"
       exit
-    end
+    end if inputs[:p12file]
     unless inputs[:ovpnconfigfile].nil?
       ovpnconfighash = Ovpnmcgen.getOVPNVendorConfigHash(inputs[:ovpnconfigfile])
@@ -66,6 +82,9 @@ module Ovpnmcgen
     ovpnconfighash['ca'] = ca_cert
     ovpnconfighash['tls-auth'] = tls_auth if inputs[:tafile]
     ovpnconfighash['key-direction'] = '1' if inputs[:tafile]
+    ovpnconfighash['cert'] = cert_file if inputs[:cert]
+    ovpnconfighash['key'] = key_file if inputs[:key]
+    ovpnconfighash['vpn-on-demand'] = '0' unless enableVOD
     vpnOnDemandRules = Array.new
     vodTrusted = { # Trust only Wifi SSID
@@ -87,6 +106,19 @@ module Ovpnmcgen
           'Ignore'
         end
     }
+    vodDomainOnlyActionParam = {
+      'Domains' => vodDomains,
+      'DomainAction' => 'ConnectIfNeeded'
+    }
+    vodDomainOnlyActionParam['RequiredURLStringProbe'] = inputs[:domain_probe_url] if inputs[:domain_probe_url]
+    vodDomainOnly = { # When a domain is searched, bring up VPN
+      'Action' => 'EvaluateConnection',
+      #'DNSDomainMatch' => vodDomains # this key only works for configured DNS domains search list.
+      'ActionParameters' => [vodDomainOnlyActionParam]
+    }
     vodCellularOnly = { # Trust Cellular
       'InterfaceTypeMatch' => 'Cellular',
       'Action' => case inputs[:security_level]
@@ -106,13 +138,16 @@ module Ovpnmcgen
     vodTrusted['URLStringProbe'] =
       vodUntrusted['URLStringProbe'] =
       vodWifiOnly['URLStringProbe'] =
+      vodDomainOnly['URLStringProbe'] =
       vodCellularOnly['URLStringProbe'] =
       vodDefault['URLStringProbe'] =
       inputs[:url_probe] if inputs[:url_probe]
     vpnOnDemandRules << vodTrusted if trusted_ssids
     vpnOnDemandRules << vodUntrusted if untrusted_ssids
-    vpnOnDemandRules << vodWifiOnly << vodCellularOnly << vodDefault
+    vpnOnDemandRules << vodWifiOnly
+    vpnOnDemandRules << vodDomainOnly if vodDomains
+    vpnOnDemandRules << vodCellularOnly << vodDefault
     vpnOnDemandRules << { # Default catch-all when URLStringProbe is enabled and returns false to prevent circular race.
       'Action' => 'Ignore'
       } if inputs[:url_probe]
@@ -128,7 +163,7 @@ module Ovpnmcgen
       'PayloadType' => 'com.apple.security.pkcs12',
       'PayloadUUID' => certUUID,
       'PayloadVersion' => 1
-    }
+    } if p12file
     vpn = {
       'PayloadDescription' => "Configures VPN settings, including authentication.",
@@ -146,12 +181,17 @@ module Ovpnmcgen
         'PayloadCertificateUUID' => certUUID,
         'RemoteAddress' => 'DEFAULT'
       },
-      'VPNSubType' => 'net.openvpn.OpenVPN-Connect.vpnplugin',
+      'VPNSubType' => (inputs[:v12compat])? 'net.openvpn.connect.app' : 'net.openvpn.OpenVPN-Connect.vpnplugin',
       'VPNType' => 'VPN',
       'VendorConfig' => ovpnconfighash
     }
+    unless p12file
+      vpn['VPN'].delete('AuthenticationMethod')
+      vpn['VPN'].delete('PayloadCertificateUUID')
+    end
-    plistPayloadContent = [vpn, cert] # to encrypt this array
+    plistPayloadContent = [vpn]
+    plistPayloadContent << cert if p12file
     #encPlistPayloadContent = cmsEncrypt([vpn, cert].to_plist).der_format
     plist = {

data/lib/ovpnmcgen/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module Ovpnmcgen
-  VERSION = "0.5.0"
+  VERSION = "0.6.0.pre1"
   SUMMARY = "An OpenVPN iOS Configuration Profile (.mobileconfig) Utility"
 end

data/ovpnmcgen.rb.gemspec CHANGED Viewed

@@ -6,7 +6,7 @@ require 'ovpnmcgen/version'
 Gem::Specification.new do |spec|
   spec.name          = "ovpnmcgen.rb"
   spec.version       = Ovpnmcgen::VERSION
-  spec.version       = "#{spec.version}-pre-#{ENV['TRAVIS_BUILD_NUMBER']}" if ENV['TRAVIS']
+  #spec.version       = "#{spec.version}-pre-#{ENV['TRAVIS_BUILD_NUMBER']}" if ENV['TRAVIS']
   spec.authors       = ["Ronald Ip"]
   spec.email         = ["myself@iphoting.com"]
   spec.summary       = Ovpnmcgen::SUMMARY
@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 1.9.3'
   spec.add_development_dependency "bundler", "~> 1.5"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake"
   spec.add_development_dependency "aruba", "~> 0.5", ">= 0.5.4"
   spec.add_runtime_dependency     "plist", "~> 3.1", ">= 3.1.0"
   spec.add_runtime_dependency     "commander", "~> 4.1", ">= 4.1.6"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ovpnmcgen.rb
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0.pre1
 platform: ruby
 authors:
 - Ronald Ip
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-02-22 00:00:00.000000000 Z
+date: 2018-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -28,16 +28,16 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: aruba
   requirement: !ruby/object:Gem::Requirement
@@ -139,7 +139,6 @@ files:
 - features/gen_basic.feature
 - features/gen_configfile.feature
 - features/gen_ovpnconfigfile_input.feature
-- features/step_definitions/env.rb
 - features/support/setup.rb
 - lib/ovpnmcgen.rb
 - lib/ovpnmcgen/config.rb
@@ -162,12 +161,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.2
+rubygems_version: 2.6.14
 signing_key:
 specification_version: 4
 summary: An OpenVPN iOS Configuration Profile (.mobileconfig) Utility
@@ -175,5 +174,4 @@ test_files:
 - features/gen_basic.feature
 - features/gen_configfile.feature
 - features/gen_ovpnconfigfile_input.feature
-- features/step_definitions/env.rb
 - features/support/setup.rb

data/features/step_definitions/env.rb DELETED Viewed

@@ -1,3 +0,0 @@
-Given /^I set the environment variable "(\w+)" to "([^"]*)"$/ do |var, value|
-  ENV[var] = value
-end