RubyGems - ovpnmcgen.rb - Versions diffs - 0.5.0 → 0.6.0.pre1 - Mend

ovpnmcgen.rb 0.5.0 → 0.6.0.pre1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/.travis.yml +8 -3
data/ChangeLog +6 -0
data/README.md +31 -1
data/bin/ovpnmcgen.rb +18 -2
data/features/gen_basic.feature +200 -5
data/features/gen_ovpnconfigfile_input.feature +3 -3
data/features/support/setup.rb +1 -1
data/lib/ovpnmcgen.rb +46 -6
data/lib/ovpnmcgen/version.rb +1 -1
data/ovpnmcgen.rb.gemspec +2 -2
metadata +9 -11
data/features/step_definitions/env.rb +0 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 675dc82e76fd77d0495ad9f2d64cd34608a4d1c6
-  data.tar.gz: 236c302ebc4ac83a6a848c6b636b973c973d5e53
+  metadata.gz: 8c53f1956b9b8994f831ebe16c57c03d68063f00
+  data.tar.gz: 79c052e1292418d755de8ce385f64bd06febe124
 SHA512:
-  metadata.gz: c3766c57fc08f06d8a3a2c055ea519a6e37d0992a0068696e0bf504d8e0b0e9ab8ca9dc4222cf374bfd67dda33eb2859ee7d5345a2e67ae3adce0081b839b73e
-  data.tar.gz: c5c6b4f3209827e8ef063639c7c83ac5d337b58af45b187b9ff2d246f000b02a62ff96fdafb52dbdae07bbe959e9465922e528c22188979dc10afa161060f052
+  metadata.gz: e0a716ca145189a96c24c67485321d24d4c85a995c5582e98ea46ccf25c3c7ff215013371620c0d952919e55105f09a171b32c09ee7cceee73aae4d34d30dda8
+  data.tar.gz: aad1f689dc09017f99b0c43ae4148c4b3c4085db2ec0f1f16b7e0fc5156205ba034741082a7ee840a233839c41c08f4910099599e826a1d96996cb2c749ac7ed

data/.travis.yml CHANGED Viewed

@@ -1,13 +1,17 @@
 language: ruby
+#cache: bundler
 before_install:
+  # https://github.com/travis-ci/travis-ci/issues/8978
+  - gem update --system
   - gem update bundler
   - bundle version
 rvm:
-  - "1.9.3"
-  - "2.0.0"
-  - "2.1"
+  - 2.2
+  - 2.3
+  - 2.4
+  - 2.5
   - ruby-head
   - jruby-19mode
@@ -25,4 +29,5 @@ deploy:
   on:
     tags: true
     repo: "iphoting/ovpnmcgen.rb"
+    ruby: 2.4.0
     branch: master

data/ChangeLog CHANGED Viewed

@@ -1,3 +1,9 @@
+= 0.6.0 / Unreleased
+	* Added support for `EvaluateConnection`, `Domains`, via `--domains`. It will include an `ActionParameters` dict containing `Domains`, and if `--domain-probe-url` is set, also contains `RequiredURLStringProbe`.
+	* Added support for updated bundle identifier (VPNSubType) `net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x), via `--v12compat`.
+	* Added support for `--cert` and `--key` for inline attachment of certificate and key, to workaround bug in OpenVPN Connect 1.2.5.
+	* Added support for `vpn-on-demand: 0` key/value pair when `--no-vod` is set, so that OpenVPN Connect can control this profile.
 = 0.5.0 / 2015-02-22
 	* Specify multiple remotes with `--remotes "host2 1194 tcp","host3 1195 udp"` flag.

data/README.md CHANGED Viewed

@@ -47,18 +47,23 @@ Usage: ovpnmcgen.rb generate [options] <user> <device>
     -c, --config FILE    Specify path to config file. [Default: .ovpnmcgen.rb.yml]
     --cafile FILE        Path to OpenVPN CA file. (Required)
     --tafile FILE        Path to TLS-Auth Key file.
+    --cert FILE          Path to Cert file.
+    --key FILE           Path to Private Key file.
     --host HOSTNAME      Hostname of OpenVPN server. (Required)
     --proto PROTO        OpenVPN server protocol. [Default: udp]
     -p, --port PORT      OpenVPN server port. [Default: 1194]
-    --p12file FILE       Path to user PKCS#12 file. (Required)
+    --p12file FILE       Path to user PKCS#12 file.
     --p12pass PASSWORD   Password to unlock PKCS#12 file.
     --[no-]vod           Enable or Disable VPN-On-Demand. [Default: Enabled]
+    --v12compat          Enable OpenVPN Connect 1.2.x compatibility. [Default: Disabled]
     --security-level LEVEL Security level of VPN-On-Demand Behaviour: paranoid, high, medium. [Default: high]
     --vpn-uuid UUID      Override a VPN configuration payload UUID.
     --profile-uuid UUID  Override a Profile UUID.
     --cert-uuid UUID     Override a Certificate payload UUID.
     -t, --trusted-ssids SSIDS List of comma-separated trusted SSIDs.
     -u, --untrusted-ssids SSIDS List of comma-separated untrusted SSIDs.
+    -d, --domains DOMAINS List of comma-separated domain names requiring VPN service.
+    --domain-probe-url PROBE An HTTP(S) URL to probe, using a GET request. If no HTTP response code is received from the server, a VPN connection is established in response.
     --url-probe URL      This URL must return HTTP status 200, without redirection, before the VPN service will try establishing.
     --remotes REMOTES	List of comma-separated alternate remotes: "<host> <port> <proto>".
     --ovpnconfigfile FILE Path to OpenVPN client config file.
@@ -110,6 +115,13 @@ This feature can be enabled for statistical and maintenance-protection reasons.
 By enabling this option, you will need to reliably and quickly respond with HTTP status code 200 at the URL string supplied.
+### Domain Matching
+To require an iOS device to bring up the VPN when `example.com` is requested is not so easy, especially if it is has a publicly accessible DNS resolution.
+Apple provides an `EvaluateConnection` and `ActionParameters` configuration options with the view that certain domains will have DNS resolution failures, and hence, require the VPN to be up. In most corporate cases with internal-facing hostnames, it works well. See the `--domains` option.
+However, if there are certain sensitive public sites (or blocked sites) that you decide that a VPN should be brought up instead, you will need to additionally specify a `RequiredURLStringProbe` that returns a non-200 response. See the `--domain-probe-url` option.
 ## Examples
 ### Typical Usage
@@ -349,8 +361,26 @@ Output similar to above:
 	-inkey path/to/john-ipad.key -in path/to/john-ipad.crt \
 	-passout pass:p12passphrase -name john-ipad@vpn.example.com
+### Using OpenSSL to convert from PKCS#12 (.p12) to Cert PEM file
+	openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-cert.crt \
+	-nodes -nokeys
+### Using OpenSSL to convert from PKCS#12 (.p12) to Key PEM file
+	openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-key.pem \
+	-nodes -nocerts
 ## Known Issues
+- OpenVPN Connect v1.2.5 breaking changes
+	*Diagnosis*: Certificates no longer found or VoD mobileconfig broken after OpenVPN Connect upgrade to v1.2.5.
+	The VPN switch in the Settings.app jumps rapidly from On to Off, status switches from Connecting... to Disconnected immediately. No logs produced within the OpernVPN Connect app log viewer.
+	This is caused by 1) a breaking change, where the `VPNSubType` has changed, and 2) a bug where the OpenVPN Connect is missing a keychain access entitlement from Apple.
+	*Solution + Workaround*: Enable the `--v12compat` switch to resolve (1), and use `--cert` and `--key` switches to workaround (2).
 - "Not connected to Internet" error/behaviour when VPN should be established.
 	*Diagnosis*: Load any site in Safari. An error message "Safari cannot open the page because your iPhone is not connected to the Internet" will be presented.

data/bin/ovpnmcgen.rb CHANGED Viewed

@@ -19,20 +19,27 @@ command :generate do |c|
   c.example 'Typical Usage', 'ovpnmcgen.rb gen --trusted-ssids home --host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key --p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad'
   c.example 'Extended Usage', 'ovpnmcgen.rb gen --trusted-ssids home,school --untrusted-ssids virusnet --host vpn.example.com --cafile path/to/ca.pem --tafile path/to/ta.key --p12file path/to/john-ipad.p12 --p12pass p12passphrase john ipad'
   c.example 'Using OpenSSL to convert files into PKCS#12 (.p12)', 'openssl pkcs12 -export -out path/to/john-ipad.p12 -inkey path/to/john-ipad.key -in path/to/john-ipad.crt -passout pass:p12passphrase -name john-ipad@vpn.example.com'
+  c.example 'Using OpenSSL to convert from PKCS#12 (.p12) to Cert PEM file', 'openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-cert.crt -nodes -nokeys'
+  c.example 'Using OpenSSL to convert from PKCS#12 (.p12) to Key PEM file', 'openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-key.pem -nodes -nocerts'
   c.option '--cafile FILE', 'Path to OpenVPN CA file. (Required)'
   c.option '--tafile FILE', 'Path to TLS-Auth Key file.'
+  c.option '--cert FILE', 'Path to Cert file.'
+  c.option '--key FILE', 'Path to Private Key file.'
   c.option '--host HOSTNAME', 'Hostname of OpenVPN server. (Required)'
   c.option '--proto PROTO', 'OpenVPN server protocol. [Default: udp]'
   c.option '-p', '--port PORT', 'OpenVPN server port. [Default: 1194]'
   c.option '--p12file FILE', 'Path to user PKCS#12 file. (Required)'
   c.option '--p12pass PASSWORD', 'Password to unlock PKCS#12 file.'
   c.option '--[no-]vod', 'Enable or Disable VPN-On-Demand. [Default: Enabled]'
+  c.option '--v12compat', 'Enable OpenVPN Connect 1.2.x compatibility. [Default: Disabled]'
   c.option '--security-level LEVEL', 'Security level of VPN-On-Demand Behaviour: paranoid, high, medium. [Default: high]'
   c.option '--vpn-uuid UUID', 'Override a VPN configuration payload UUID.'
   c.option '--profile-uuid UUID', 'Override a Profile UUID.'
   c.option '--cert-uuid UUID', 'Override a Certificate payload UUID.'
   c.option '-t', '--trusted-ssids SSIDS', Array, 'List of comma-separated trusted SSIDs.'
   c.option '-u', '--untrusted-ssids SSIDS', Array, 'List of comma-separated untrusted SSIDs.'
+  c.option '-d', '--domains DOMAINS', Array, 'List of comma-separated domain names requiring VPN service.'
+  c.option '--domain-probe-url PROBE', String, 'An HTTP(S) URL to probe, using a GET request. If no HTTP response code is received from the server, a VPN connection is established in response.'
   c.option '--url-probe URL', 'This URL must return HTTP status 200, without redirection, before the VPN service will try establishing.'
   c.option '--remotes REMOTES', Array, 'List of comma-separated alternate remotes: "<host> <port> <proto>".'
   c.option '--ovpnconfigfile FILE', 'Path to OpenVPN client config file.'
@@ -50,7 +57,11 @@ command :generate do |c|
     raise ArgumentError.new "Host is required" unless options.host or config.host
     raise ArgumentError.new "cafile is required" unless options.cafile or config.cafile
-    raise ArgumentError.new "PKCS#12 file is required" unless options.p12file or config.p12file
+    # A --p12file or (--cert and --key) needs to be provided. Shall not prevent user from specifying both.
+    unless (options.p12file or config.p12file) or ((options.cert or config.cert) and (options.key or config.key))
+      raise ArgumentError.new "PKCS#12 or cert & key file required"
+    end
     options.default :vod => case
       when config.vod == true || config.no_vod == false
@@ -69,7 +80,6 @@ command :generate do |c|
     inputs = {
       :user => user,
       :device => device,
-      :p12file => options.p12file || config.p12file,
       :p12pass => options.p12pass || config.p12pass,
       :cafile => options.cafile || config.cafile,
       :host => options.host || config.host,
@@ -84,9 +94,15 @@ command :generate do |c|
       :security_level => options.security_level
     }
     inputs[:ovpnconfigfile] = options.ovpnconfigfile || config.ovpnconfigfile if options.ovpnconfigfile or config.ovpnconfigfile
+    inputs[:p12file] = options.p12file || config.p12file if options.p12file or config.p12file
     inputs[:tafile] = options.tafile || config.tafile if options.tafile or config.tafile
+    inputs[:cert] = options.cert || config.cert if options.cert or config.cert
+    inputs[:key] = options.key || config.key if options.key or config.key
     inputs[:url_probe] = options.url_probe || config.url_probe if options.url_probe or config.url_probe
     inputs[:remotes] = options.remotes || config.remotes if options.remotes or config.remotes
+    inputs[:domains] = options.domains || config.domains if options.domains or config.domains
+    inputs[:domain_probe_url] = options.domain_probe_url || config.domain_probe_url if options.domain_probe_url or config.domain_probe_url
+    inputs[:v12compat] = options.v12compat || config.v12compat if options.v12compat or config.v12compat
     unless options.output
       puts Ovpnmcgen.generate(inputs)

data/features/gen_basic.feature CHANGED Viewed

@@ -16,6 +16,20 @@ Feature: Basic Generate Functionality
 			p12file that should appear
 			In base64 encoding as <data/>
 			"""
+		And a file named "cert.crt" with:
+			"""
+			Contents of cert file
+			With newlines
+			And more newlines
+			That should appear as one line
+			"""
+		And a file named "key.pem" with:
+			"""
+			Contents of key file
+			With newlines
+			And more newlines
+			That should appear as one line
+			"""
 	Scenario: I need help
 		When I run `ovpnmcgen.rb help g`
@@ -46,15 +60,22 @@ Feature: Basic Generate Functionality
 		And the output should not contain "error: cafile"
 		Then the output should contain "error: "
-	Scenario: Correct arguments will all required flags, host, cafile, p12file.
+	@v0.6.0
+	Scenario: Correct arguments with all required flags, host, cafile, except (either p12file or (cert and key)).
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt cucumber aruba`
+		And the output should not contain "error: Host"
+		And the output should not contain "error: cafile"
+		Then the output should contain "error: PKCS#12 or cert & key"
+	Scenario: Correct arguments with all required flags, host, cafile, and p12file (no cert and key).
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 cucumber aruba`
 		And the output should not contain "error: Host"
 		And the output should not contain "error: cafile"
 		And the output should not contain "error: PKCS#12"
-		Then the output should contain:
+		Then the output should match:
 			"""
-			<?xml version="1.0" encoding="UTF-8"?>
-			<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+			<\?xml version="1.0" encoding="UTF-8"\?>
+			<!DOCTYPE plist PUBLIC "-\/\/Apple*\/\/DTD PLIST 1.0\/\/EN" "http:\/\/www.apple.com\/DTDs\/PropertyList-1.0.dtd">
 			<plist version="1.0">
 			"""
 		And the output should match:
@@ -83,6 +104,52 @@ Feature: Basic Generate Functionality
 			\s*<integer>1</integer>
 			"""
+	@OCv1.2 @v0.6.0
+	Scenario: Correct arguments with all required flags, host, cafile, cert, and key (no p12file).
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --cert cert.crt --key key.pem cucumber aruba`
+		And the output should not contain "error: Host"
+		And the output should not contain "error: cafile"
+		And the output should not contain "error: PKCS#12 or cert & key"
+		Then the output should match:
+			"""
+			<\?xml version="1.0" encoding="UTF-8"\?>
+			<!DOCTYPE plist PUBLIC "-\/\/Apple*\/\/DTD PLIST 1.0\/\/EN" "http:\/\/www.apple.com\/DTDs\/PropertyList-1.0.dtd">
+			<plist version="1.0">
+			"""
+		And the output should match:
+			"""
+			<key>remote</key>
+			\s*<string>aruba.cucumber.org 1194 udp</string>
+			"""
+		And the output should match:
+			"""
+			<key>ca</key>
+			\s*<string>Contents of CA file\\nWith newlines\\nAnd more newlines\\nThat should appear as one line</string>
+			"""
+		And the output should match:
+			"""
+			<key>cert</key>
+			\s*<string>Contents of cert file\\nWith newlines\\nAnd more newlines\\nThat should appear as one line</string>
+			"""
+		And the output should match:
+			"""
+			<key>key</key>
+			\s*<string>Contents of key file\\nWith newlines\\nAnd more newlines\\nThat should appear as one line</string>
+			"""
+		And the output should match:
+			"""
+			<key>OnDemandEnabled</key>
+			\s*<integer>1</integer>
+			"""
+		And the output should not match:
+			"""
+			<key>AuthenticationMethod</key>
+			"""
+		And the output should not match:
+			"""
+			<key>PayloadCertificateUUID</key>
+			"""
 	Scenario: The p12pass flag is set.
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --p12pass p12passphrase cucumber aruba`
 		Then the output should match:
@@ -114,6 +181,7 @@ Feature: Basic Generate Functionality
 			\s*<string>aruba.cucumber.org 1234 tcp</string>
 			"""
+	@OCv1.2 @v0.6.0
 	Scenario: The no-vod flag is set.
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --no-vod cucumber aruba`
 		Then the output should match:
@@ -121,6 +189,42 @@ Feature: Basic Generate Functionality
 			<key>OnDemandEnabled</key>
 			\s*<integer>0</integer>
 			"""
+		And the output should match:
+			"""
+			<key>vpn-on-demand</key>
+			\s*<string>0</string>
+			"""
+	Scenario: The no-vod flag is not set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 cucumber aruba`
+		Then the output should match:
+			"""
+			<key>OnDemandEnabled</key>
+			\s*<integer>1</integer>
+			"""
+		And the output should not match:
+			"""
+			<key>vpn-on-demand</key>
+			\s*<string>0</string>
+			"""
+	@OCv1.2 @v0.6.0
+	Scenario: The 1.2 flag is set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --v12compat cucumber aruba`
+		Then the output should match:
+			"""
+			<key>VPNSubType</key>
+			\s*<string>net.openvpn.connect.app</string>
+			"""
+	@OCv1.2 @v0.6.0
+	Scenario: The 1.2 flag is not set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 cucumber aruba`
+		Then the output should match:
+			"""
+			<key>VPNSubType</key>
+			\s*<string>net.openvpn.OpenVPN-Connect.vpnplugin</string>
+			"""
 	Scenario: The url-probe flag is set.
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --url-probe 'https://url.to.probe/' cucumber aruba`
@@ -219,7 +323,9 @@ Feature: Basic Generate Functionality
 		And the file "fileout.mobileconfig" should contain:
 			"""
 			<?xml version="1.0" encoding="UTF-8"?>
-			<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+			"""
+		And the file "fileout.mobileconfig" should contain:
+			"""
 			<plist version="1.0">
 			"""
@@ -238,3 +344,92 @@ Feature: Basic Generate Functionality
 			\s*<string>2.example.org 1196 tcp</string>
 			"""
 		And the output should not contain "<key>remote</key>"
+	Scenario: The domains flag is not set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 cucumber aruba`
+		Then the output should not match:
+			"""
+			<key>Action</key>
+			\s*<string>EvaluateConnection</string>
+			"""
+		And the output should not match:
+			"""
+			<key>ActionParameters</key>
+			\s*<array>
+			\s*<dict>
+			\s*<key>DomainAction</key>
+			\s*<string>ConnectIfNeeded</string>
+			\s*<key>Domains</key>
+			\s*</dict>
+			\s*</array>
+			"""
+	Scenario: The domains flag is set with one domain.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --domains "example.com" cucumber aruba`
+		Then the output should match:
+			"""
+			<key>Action</key>
+			\s*<string>EvaluateConnection</string>
+			"""
+		And the output should match:
+			"""
+			<key>ActionParameters</key>
+			\s*<array>
+			\s*<dict>
+			\s*<key>DomainAction</key>
+			\s*<string>ConnectIfNeeded</string>
+			\s*<key>Domains</key>
+			\s*<array>
+			\s*<string>example\.com</string>
+			\s*</array>
+			\s*</dict>
+			\s*</array>
+			"""
+	Scenario: The domains flag is set with multiple domains.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --domains "*.example.com,example.com" cucumber aruba`
+		Then the output should match:
+			"""
+			<key>Action</key>
+			\s*<string>EvaluateConnection</string>
+			"""
+		And the output should match:
+			"""
+			<key>ActionParameters</key>
+			\s*<array>
+			\s*<dict>
+			\s*<key>DomainAction</key>
+			\s*<string>ConnectIfNeeded</string>
+			\s*<key>Domains</key>
+			\s*<array>
+			\s*<string>\*\.example\.com</string>
+			\s*<string>example\.com</string>
+			\s*</array>
+			\s*</dict>
+			\s*</array>
+			"""
+	Scenario: The domains flag is set with multiple domains and domain probe URL is set.
+		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --domains "*.example.com,example.com" --domain-probe-URL "https://example.com/404.html" cucumber aruba`
+		Then the output should match:
+			"""
+			<key>Action</key>
+			\s*<string>EvaluateConnection</string>
+			"""
+		And the output should match:
+			"""
+			<key>ActionParameters</key>
+			\s*<array>
+			\s*<dict>
+			\s*<key>DomainAction</key>
+			\s*<string>ConnectIfNeeded</string>
+			\s*<key>Domains</key>
+			\s*<array>
+			\s*<string>\*\.example\.com</string>
+			\s*<string>example\.com</string>
+			\s*</array>
+			\s*<key>RequiredURLStringProbe</key>
+			\s*<string>https:\/\/example\.com\/404\.html</string>
+			\s*</dict>
+			\s*</array>
+			"""

data/features/gen_ovpnconfigfile_input.feature CHANGED Viewed

@@ -148,10 +148,10 @@ Feature: Generate Functionality From Supplied OpenVPN Config File
 	Scenario: A decent openvpn config file is specified.
 		When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --ovpnconfigfile clean.ovpn cucumber aruba`
-		Then the output should contain:
+		Then the output should match:
 			"""
-			<?xml version="1.0" encoding="UTF-8"?>
-			<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+			<\?xml version="1.0" encoding="UTF-8"\?>
+			<!DOCTYPE plist PUBLIC "-\/\/Apple*\/\/DTD PLIST 1.0\/\/EN" "http:\/\/www.apple.com\/DTDs\/PropertyList-1.0.dtd">
 			<plist version="1.0">
 			"""
 		And the output should contain "aruba.cucumber.org 1194 udp"

data/features/support/setup.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'aruba/cucumber'
-require 'aruba/jruby'
 Before do
+	require 'aruba/config/jruby'
 	@aruba_timeout_seconds = 60
 end if RUBY_PLATFORM == 'java'

data/lib/ovpnmcgen.rb CHANGED Viewed

@@ -18,11 +18,13 @@ module Ovpnmcgen
     trusted_ssids = inputs[:trusted_ssids] || false
     untrusted_ssids = inputs[:untrusted_ssids] || false
     remotes = inputs[:remotes] || false
+    vodDomains = inputs[:domains] || false
     # Ensure [un]trusted_ssids are Arrays.
     trusted_ssids = Array(trusted_ssids) if trusted_ssids
     untrusted_ssids = Array(untrusted_ssids) if untrusted_ssids
     remotes = Array(remotes) if remotes
+    vodDomains = Array(vodDomains) if vodDomains
     begin
       ca_cert = File.readlines(inputs[:cafile]).map { |x| x.chomp }.join('\n')
@@ -38,12 +40,26 @@ module Ovpnmcgen
       exit
     end if inputs[:tafile]
+    begin
+      cert_file = File.readlines(inputs[:cert]).map { |x| x.chomp }.join('\n')
+    rescue Errno::ENOENT
+      puts "Cert file not found: #{inputs[:cert]}!"
+      exit
+    end if inputs[:cert]
+    begin
+      key_file = File.readlines(inputs[:key]).map { |x| x.chomp }.join('\n')
+    rescue Errno::ENOENT
+      puts "Key file not found: #{inputs[:key]}!"
+      exit
+    end if inputs[:key]
     begin
       p12file = Base64.encode64(File.read(inputs[:p12file]))
     rescue Errno::ENOENT
-      puts "PCKS#12 file not found: #{inputs[:p12file]}!"
+      puts "PKCS#12 file not found: #{inputs[:p12file]}!"
       exit
-    end
+    end if inputs[:p12file]
     unless inputs[:ovpnconfigfile].nil?
       ovpnconfighash = Ovpnmcgen.getOVPNVendorConfigHash(inputs[:ovpnconfigfile])
@@ -66,6 +82,9 @@ module Ovpnmcgen
     ovpnconfighash['ca'] = ca_cert
     ovpnconfighash['tls-auth'] = tls_auth if inputs[:tafile]
     ovpnconfighash['key-direction'] = '1' if inputs[:tafile]
+    ovpnconfighash['cert'] = cert_file if inputs[:cert]
+    ovpnconfighash['key'] = key_file if inputs[:key]
+    ovpnconfighash['vpn-on-demand'] = '0' unless enableVOD
     vpnOnDemandRules = Array.new
     vodTrusted = { # Trust only Wifi SSID
@@ -87,6 +106,19 @@ module Ovpnmcgen
           'Ignore'
         end
     }
+    vodDomainOnlyActionParam = {
+      'Domains' => vodDomains,
+      'DomainAction' => 'ConnectIfNeeded'
+    }
+    vodDomainOnlyActionParam['RequiredURLStringProbe'] = inputs[:domain_probe_url] if inputs[:domain_probe_url]
+    vodDomainOnly = { # When a domain is searched, bring up VPN
+      'Action' => 'EvaluateConnection',
+      #'DNSDomainMatch' => vodDomains # this key only works for configured DNS domains search list.
+      'ActionParameters' => [vodDomainOnlyActionParam]
+    }
     vodCellularOnly = { # Trust Cellular
       'InterfaceTypeMatch' => 'Cellular',
       'Action' => case inputs[:security_level]
@@ -106,13 +138,16 @@ module Ovpnmcgen
     vodTrusted['URLStringProbe'] =
       vodUntrusted['URLStringProbe'] =
       vodWifiOnly['URLStringProbe'] =
+      vodDomainOnly['URLStringProbe'] =
       vodCellularOnly['URLStringProbe'] =
       vodDefault['URLStringProbe'] =
       inputs[:url_probe] if inputs[:url_probe]
     vpnOnDemandRules << vodTrusted if trusted_ssids
     vpnOnDemandRules << vodUntrusted if untrusted_ssids
-    vpnOnDemandRules << vodWifiOnly << vodCellularOnly << vodDefault
+    vpnOnDemandRules << vodWifiOnly
+    vpnOnDemandRules << vodDomainOnly if vodDomains
+    vpnOnDemandRules << vodCellularOnly << vodDefault
     vpnOnDemandRules << { # Default catch-all when URLStringProbe is enabled and returns false to prevent circular race.
       'Action' => 'Ignore'
       } if inputs[:url_probe]
@@ -128,7 +163,7 @@ module Ovpnmcgen
       'PayloadType' => 'com.apple.security.pkcs12',
       'PayloadUUID' => certUUID,
       'PayloadVersion' => 1
-    }
+    } if p12file
     vpn = {
       'PayloadDescription' => "Configures VPN settings, including authentication.",
@@ -146,12 +181,17 @@ module Ovpnmcgen
         'PayloadCertificateUUID' => certUUID,
         'RemoteAddress' => 'DEFAULT'
       },
-      'VPNSubType' => 'net.openvpn.OpenVPN-Connect.vpnplugin',
+      'VPNSubType' => (inputs[:v12compat])? 'net.openvpn.connect.app' : 'net.openvpn.OpenVPN-Connect.vpnplugin',
       'VPNType' => 'VPN',
       'VendorConfig' => ovpnconfighash
     }
+    unless p12file
+      vpn['VPN'].delete('AuthenticationMethod')
+      vpn['VPN'].delete('PayloadCertificateUUID')
+    end
-    plistPayloadContent = [vpn, cert] # to encrypt this array
+    plistPayloadContent = [vpn]
+    plistPayloadContent << cert if p12file
     #encPlistPayloadContent = cmsEncrypt([vpn, cert].to_plist).der_format
     plist = {

data/lib/ovpnmcgen/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module Ovpnmcgen
-  VERSION = "0.5.0"
+  VERSION = "0.6.0.pre1"
   SUMMARY = "An OpenVPN iOS Configuration Profile (.mobileconfig) Utility"
 end

data/ovpnmcgen.rb.gemspec CHANGED Viewed

@@ -6,7 +6,7 @@ require 'ovpnmcgen/version'
 Gem::Specification.new do |spec|
   spec.name          = "ovpnmcgen.rb"
   spec.version       = Ovpnmcgen::VERSION
-  spec.version       = "#{spec.version}-pre-#{ENV['TRAVIS_BUILD_NUMBER']}" if ENV['TRAVIS']
+  #spec.version       = "#{spec.version}-pre-#{ENV['TRAVIS_BUILD_NUMBER']}" if ENV['TRAVIS']
   spec.authors       = ["Ronald Ip"]
   spec.email         = ["myself@iphoting.com"]
   spec.summary       = Ovpnmcgen::SUMMARY
@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 1.9.3'
   spec.add_development_dependency "bundler", "~> 1.5"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake"
   spec.add_development_dependency "aruba", "~> 0.5", ">= 0.5.4"
   spec.add_runtime_dependency     "plist", "~> 3.1", ">= 3.1.0"
   spec.add_runtime_dependency     "commander", "~> 4.1", ">= 4.1.6"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ovpnmcgen.rb
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0.pre1
 platform: ruby
 authors:
 - Ronald Ip
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-02-22 00:00:00.000000000 Z
+date: 2018-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -28,16 +28,16 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: aruba
   requirement: !ruby/object:Gem::Requirement
@@ -139,7 +139,6 @@ files:
 - features/gen_basic.feature
 - features/gen_configfile.feature
 - features/gen_ovpnconfigfile_input.feature
-- features/step_definitions/env.rb
 - features/support/setup.rb
 - lib/ovpnmcgen.rb
 - lib/ovpnmcgen/config.rb
@@ -162,12 +161,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.2
+rubygems_version: 2.6.14
 signing_key:
 specification_version: 4
 summary: An OpenVPN iOS Configuration Profile (.mobileconfig) Utility
@@ -175,5 +174,4 @@ test_files:
 - features/gen_basic.feature
 - features/gen_configfile.feature
 - features/gen_ovpnconfigfile_input.feature
-- features/step_definitions/env.rb
 - features/support/setup.rb

data/features/step_definitions/env.rb DELETED Viewed

@@ -1,3 +0,0 @@
-Given /^I set the environment variable "(\w+)" to "([^"]*)"$/ do |var, value|
-  ENV[var] = value
-end