ovpnmcgen.rb 0.6.0 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.chglog/CHANGELOG.tpl.md +57 -0
- data/.chglog/config.yml +36 -0
- data/.travis.yml +2 -3
- data/ChangeLog.md +115 -0
- data/bin/ovpnmcgen.rb +32 -8
- data/features/gen_basic.feature +81 -0
- data/lib/ovpnmcgen.rb +24 -6
- data/lib/ovpnmcgen/ovpnconfig.rb +1 -1
- data/lib/ovpnmcgen/version.rb +1 -1
- data/ovpnmcgen.rb.gemspec +3 -3
- metadata +20 -19
- data/ChangeLog +0 -46
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 9071e5c961bdcc1c388a8046e19ef9a6a38acfee9fec0fddef820de5abc53db1
|
4
|
+
data.tar.gz: 1643a139e9f1ca64d8e0e8f925d1066b556e102a6bd6392570159a55a152005d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 92ae4717bbdc333dc7e3d1a7661b22d26f3116a527e776ccf44ce6982952698adb939345634ebad2171ed3cfcfc64168686ab2a18b41a3cf1bd729f4b474183c
|
7
|
+
data.tar.gz: 1d15ba82e5b2e02057a566502c428054c77d243d5ffd0b37c94bc673bc7cbbcb0a69842a3cc8993855058a64cd5aa31a5a64055a8b27227faab1471e4b65a434
|
@@ -0,0 +1,57 @@
|
|
1
|
+
{{ if .Versions -}}
|
2
|
+
<a name="unreleased"></a>
|
3
|
+
## [Unreleased]
|
4
|
+
|
5
|
+
{{ if .Unreleased.CommitGroups -}}
|
6
|
+
{{ range .Unreleased.CommitGroups -}}
|
7
|
+
{{ range .Commits -}}
|
8
|
+
- {{ .Header }}
|
9
|
+
{{ end }}
|
10
|
+
{{ end -}}
|
11
|
+
{{ else }}
|
12
|
+
{{ range .Unreleased.Commits -}}
|
13
|
+
- {{ .Header }}
|
14
|
+
{{ end }}
|
15
|
+
{{ end -}}
|
16
|
+
{{ end -}}
|
17
|
+
|
18
|
+
{{ range .Versions }}
|
19
|
+
<a name="{{ .Tag.Name }}"></a>
|
20
|
+
## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }}
|
21
|
+
{{ if .CommitGroups -}}
|
22
|
+
{{ range .CommitGroups -}}
|
23
|
+
{{ range .Commits -}}
|
24
|
+
- {{ .Header }}
|
25
|
+
{{ end }}
|
26
|
+
{{ end -}}
|
27
|
+
{{ else }}
|
28
|
+
{{ range .Commits -}}
|
29
|
+
- {{ .Header }}
|
30
|
+
{{ end }}
|
31
|
+
{{ end -}}
|
32
|
+
|
33
|
+
{{- if .RevertCommits -}}
|
34
|
+
### Reverts
|
35
|
+
{{ range .RevertCommits -}}
|
36
|
+
- {{ .Revert.Header }}
|
37
|
+
{{ end }}
|
38
|
+
{{ end -}}
|
39
|
+
|
40
|
+
{{- if .NoteGroups -}}
|
41
|
+
{{ range .NoteGroups -}}
|
42
|
+
### {{ .Title }}
|
43
|
+
{{ range .Notes }}
|
44
|
+
{{ .Body }}
|
45
|
+
{{ end }}
|
46
|
+
{{ end -}}
|
47
|
+
{{ end -}}
|
48
|
+
{{ end -}}
|
49
|
+
|
50
|
+
{{- if .Versions }}
|
51
|
+
[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD
|
52
|
+
{{ range .Versions -}}
|
53
|
+
{{ if .Tag.Previous -}}
|
54
|
+
[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
|
55
|
+
{{ end -}}
|
56
|
+
{{ end -}}
|
57
|
+
{{ end -}}
|
data/.chglog/config.yml
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
style: github
|
2
|
+
template: CHANGELOG.tpl.md
|
3
|
+
info:
|
4
|
+
title: CHANGELOG
|
5
|
+
repository_url: https://github.com/iphoting/ovpnmcgen.rb
|
6
|
+
options:
|
7
|
+
commits:
|
8
|
+
# filters:
|
9
|
+
# Type:
|
10
|
+
# - feat
|
11
|
+
# - fix
|
12
|
+
# - perf
|
13
|
+
# - refactor
|
14
|
+
commit_groups:
|
15
|
+
# title_maps:
|
16
|
+
# feat: Features
|
17
|
+
# fix: Bug Fixes
|
18
|
+
# perf: Performance Improvements
|
19
|
+
# refactor: Code Refactoring
|
20
|
+
header:
|
21
|
+
pattern: "^(.*)$"
|
22
|
+
pattern_maps:
|
23
|
+
- Subject
|
24
|
+
|
25
|
+
merges:
|
26
|
+
pattern: "^Merge branch '(\\w+)'$"
|
27
|
+
pattern_maps:
|
28
|
+
- Source
|
29
|
+
|
30
|
+
reverts:
|
31
|
+
pattern: "^Revert \"([\\s\\S]*)\"$"
|
32
|
+
pattern_maps:
|
33
|
+
- Header
|
34
|
+
notes:
|
35
|
+
keywords:
|
36
|
+
- BREAKING CHANGE
|
data/.travis.yml
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
language: ruby
|
2
|
-
#cache: bundler
|
3
2
|
|
4
3
|
before_install:
|
5
4
|
# https://github.com/travis-ci/travis-ci/issues/8978
|
@@ -8,10 +7,10 @@ before_install:
|
|
8
7
|
- bundle version
|
9
8
|
|
10
9
|
rvm:
|
11
|
-
- 2.2
|
12
10
|
- 2.3
|
13
11
|
- 2.4
|
14
12
|
- 2.5
|
13
|
+
- 2.6
|
15
14
|
- ruby-head
|
16
15
|
- jruby-19mode
|
17
16
|
|
@@ -29,5 +28,5 @@ deploy:
|
|
29
28
|
on:
|
30
29
|
tags: true
|
31
30
|
repo: "iphoting/ovpnmcgen.rb"
|
32
|
-
ruby: 2.4
|
31
|
+
ruby: 2.4
|
33
32
|
branch: master
|
data/ChangeLog.md
ADDED
@@ -0,0 +1,115 @@
|
|
1
|
+
# ChangeLog
|
2
|
+
|
3
|
+
<a name="unreleased"></a>
|
4
|
+
## [Unreleased]
|
5
|
+
|
6
|
+
|
7
|
+
|
8
|
+
|
9
|
+
<a name="v0.7.0"></a>
|
10
|
+
## [v0.7.0] - 2019-08-31
|
11
|
+
|
12
|
+
- Improve url probe handling
|
13
|
+
- Extract user and device information from p12
|
14
|
+
- Add support for disconnect on idle timer
|
15
|
+
- Add support for customizing the VPN profile name
|
16
|
+
- Make profile uuid stable
|
17
|
+
- Improve profile description with VPN config map
|
18
|
+
- Make vpn uuid stable
|
19
|
+
- Make cert uuid stable
|
20
|
+
- Add support for TLS-Crypt
|
21
|
+
- Add workaround for global config flag not being parsed
|
22
|
+
|
23
|
+
|
24
|
+
<a name="v0.6.0"></a>
|
25
|
+
## [v0.6.0] - 2018-01-27
|
26
|
+
|
27
|
+
- Fixed: Without `--p12file`, `AuthenticationMethod` must be set to `Password`.
|
28
|
+
- Added support for `--cert` and `--key` for inline attachment of certificate and key, to workaround bug in OpenVPN Connect 1.2.5.
|
29
|
+
- Added `--v12compat` switch for OpenVPN Connect 1.2.x compatibility for updated bundle identifier (VPNSubType) `net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x).
|
30
|
+
- Added support for `vpn-on-demand: 0` key/value pair with `--no-vod` is set, so that OpenVPN Connect can control this profile..
|
31
|
+
- Fixed: Domain VoD Actions should not be included without `--domains` flag.
|
32
|
+
- Added support for `EvaluateConnection`, `Domains`, via `--domains`. It will include an `ActionParameters` dict containing `Domains`, and if `--domain-probe-url` is set, also contains `RequiredURLStringProbe`.
|
33
|
+
|
34
|
+
|
35
|
+
<a name="v0.5.0"></a>
|
36
|
+
## [v0.5.0] - 2015-02-22
|
37
|
+
|
38
|
+
- New feature: Specify multiple remotes with `--remotes "host2 1194 tcp","host3 1195 udp"` flag.
|
39
|
+
|
40
|
+
|
41
|
+
<a name="v0.4.2"></a>
|
42
|
+
## [v0.4.2] - 2014-07-05
|
43
|
+
|
44
|
+
- Bugfix: Default catch-all rule should be 'Ignore'.
|
45
|
+
|
46
|
+
|
47
|
+
<a name="v0.4.1"></a>
|
48
|
+
## [v0.4.1] - 2014-05-07
|
49
|
+
|
50
|
+
- Fixed: SSIDs specified as string in config now produces correct output.
|
51
|
+
|
52
|
+
|
53
|
+
<a name="v0.4.0"></a>
|
54
|
+
## [v0.4.0] - 2014-05-07
|
55
|
+
|
56
|
+
- Added support for configuration persistance, via ENV or `~/.ovpnmcgen.rb.yml` or `--config` flag.
|
57
|
+
- Updated VoD rules in `--[un]trusted-ssids` to also use `InterfaceTypeMatch`.
|
58
|
+
|
59
|
+
|
60
|
+
<a name="v0.3.0"></a>
|
61
|
+
## [v0.3.0] - 2014-05-04
|
62
|
+
|
63
|
+
- Updated documentation for `URLStringProbe` and `--url-probe`.
|
64
|
+
- Added URLStringProbe support via `--url-probe` flag.
|
65
|
+
|
66
|
+
|
67
|
+
<a name="v0.2.1"></a>
|
68
|
+
## [v0.2.1] - 2014-04-19
|
69
|
+
|
70
|
+
- Use a portable and native uuidgen implementation.
|
71
|
+
- Minor fixes for bugs caught by tests.
|
72
|
+
|
73
|
+
|
74
|
+
<a name="v0.2.0"></a>
|
75
|
+
## [v0.2.0] - 2014-04-18
|
76
|
+
|
77
|
+
- TLS-Auth keyfile now optional.
|
78
|
+
- Added support for security-levels.
|
79
|
+
- Support custom UUID values.
|
80
|
+
|
81
|
+
|
82
|
+
<a name="v0.1.0"></a>
|
83
|
+
## [v0.1.0] - 2014-03-27
|
84
|
+
|
85
|
+
- Added support for --ovpnconfigfile.
|
86
|
+
- Improved invalid arguments error message.
|
87
|
+
- Shorter switches for --[un]trusted-ssids.
|
88
|
+
- Support custom --port and --proto switches.
|
89
|
+
|
90
|
+
|
91
|
+
<a name="v0.0.2"></a>
|
92
|
+
## [v0.0.2] - 2014-03-26
|
93
|
+
|
94
|
+
- Require at least ruby v1.9.3.
|
95
|
+
|
96
|
+
|
97
|
+
<a name="v0.0.1"></a>
|
98
|
+
## v0.0.1 - 2014-03-26
|
99
|
+
|
100
|
+
- Initial release
|
101
|
+
|
102
|
+
|
103
|
+
[Unreleased]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.7.0...HEAD
|
104
|
+
[v0.7.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.6.0...v0.7.0
|
105
|
+
[v0.6.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.5.0...v0.6.0
|
106
|
+
[v0.5.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.5.0.pre...v0.5.0
|
107
|
+
[v0.5.0.pre]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.4.2...v0.5.0.pre
|
108
|
+
[v0.4.2]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.4.1...v0.4.2
|
109
|
+
[v0.4.1]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.4.0...v0.4.1
|
110
|
+
[v0.4.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.3.0...v0.4.0
|
111
|
+
[v0.3.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.2.1...v0.3.0
|
112
|
+
[v0.2.1]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.2.0...v0.2.1
|
113
|
+
[v0.2.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.1.0...v0.2.0
|
114
|
+
[v0.1.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.0.2...v0.1.0
|
115
|
+
[v0.0.2]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.0.1...v0.0.2
|
data/bin/ovpnmcgen.rb
CHANGED
@@ -10,8 +10,10 @@ program :help, 'Usage', 'ovpnmcgen.rb <command> [options] <args...>'
|
|
10
10
|
program :help_formatter, Commander::HelpFormatter::Terminal
|
11
11
|
default_command :help
|
12
12
|
never_trace!
|
13
|
-
global_option
|
14
|
-
|
13
|
+
global_option('-c', '--config FILE', 'Specify path to config file. [Default: .ovpnmcgen.rb.yml]') do |config|
|
14
|
+
$config = config
|
15
|
+
end
|
16
|
+
|
15
17
|
command :generate do |c|
|
16
18
|
c.syntax = 'ovpnmcgen.rb generate [options] <user> <device>'
|
17
19
|
c.summary = 'Generates iOS Configuration Profiles (.mobileconfig)'
|
@@ -23,6 +25,7 @@ command :generate do |c|
|
|
23
25
|
c.example 'Using OpenSSL to convert from PKCS#12 (.p12) to Key PEM file', 'openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-key.pem -nodes -nocerts'
|
24
26
|
c.option '--cafile FILE', 'Path to OpenVPN CA file. (Required)'
|
25
27
|
c.option '--tafile FILE', 'Path to TLS-Auth Key file.'
|
28
|
+
c.option '--tlscryptfile FILE', 'Path to TLS-Crypt Key file.'
|
26
29
|
c.option '--cert FILE', 'Path to Cert file.'
|
27
30
|
c.option '--key FILE', 'Path to Private Key file.'
|
28
31
|
c.option '--host HOSTNAME', 'Hostname of OpenVPN server. (Required)'
|
@@ -34,27 +37,38 @@ command :generate do |c|
|
|
34
37
|
c.option '--v12compat', 'Enable OpenVPN Connect 1.2.x compatibility. When Enabled, use updated `VPNSubType: net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x). [Default: Disabled]'
|
35
38
|
c.option '--security-level LEVEL', 'Security level of VPN-On-Demand Behaviour: paranoid, high, medium. [Default: high]'
|
36
39
|
c.option '--vpn-uuid UUID', 'Override a VPN configuration payload UUID.'
|
40
|
+
c.option '--vpn-name NAME', 'Override a VPN configuration payload name displayed under Settings.app > General > VPN.'
|
37
41
|
c.option '--profile-uuid UUID', 'Override a Profile UUID.'
|
38
42
|
c.option '--cert-uuid UUID', 'Override a Certificate payload UUID.'
|
39
43
|
c.option '-t', '--trusted-ssids SSIDS', Array, 'List of comma-separated trusted SSIDs.'
|
40
44
|
c.option '-u', '--untrusted-ssids SSIDS', Array, 'List of comma-separated untrusted SSIDs.'
|
41
45
|
c.option '-d', '--domains DOMAINS', Array, 'List of comma-separated domain names requiring VPN service.'
|
42
46
|
c.option '--domain-probe-url PROBE', String, 'An HTTP(S) URL to probe, using a GET request. If no HTTP response code is received from the server, a VPN connection is established in response.'
|
47
|
+
c.option '--trusted-ssids-probe-url PROBE', String, 'An HTTP(S) URL to probe, using a GET request. If no HTTP response code is received from the server, a VPN connection may be established in response.'
|
43
48
|
c.option '--url-probe URL', 'This URL must return HTTP status 200, without redirection, before the VPN service will try establishing.'
|
44
49
|
c.option '--remotes REMOTES', Array, 'List of comma-separated alternate remotes: "<host> <port> <proto>".'
|
50
|
+
c.option '--idle-timer TIME', Integer, 'Disconnect from VPN when idle for a certain period of time (in seconds) which is useful for VPN-On-Demand scenarios. Requires disabling "Reconnect On Wakeup" on OpenVPN.app.'
|
45
51
|
c.option '--ovpnconfigfile FILE', 'Path to OpenVPN client config file.'
|
46
52
|
c.option '-o', '--output FILE', 'Output to file. [Default: stdout]'
|
47
53
|
c.action do |args, options|
|
48
|
-
raise ArgumentError.new "Invalid arguments. Run '#{File.basename(__FILE__)} help generate' for guidance" if args.nil? or args.length < 2
|
49
|
-
|
50
54
|
# Set up configuration environment.
|
51
|
-
if
|
52
|
-
Ovpnmcgen.configure(
|
55
|
+
if $config
|
56
|
+
Ovpnmcgen.configure($config)
|
53
57
|
else
|
54
58
|
Ovpnmcgen.configure
|
55
59
|
end
|
56
60
|
config = Ovpnmcgen.config
|
57
61
|
|
62
|
+
user, device = args
|
63
|
+
if args.empty? and (options.p12file or config.p12file)
|
64
|
+
filename = File.basename((options.p12file or config.p12file), '.p12')
|
65
|
+
user, device = filename.split('-') if filename
|
66
|
+
end
|
67
|
+
|
68
|
+
unless user and device
|
69
|
+
raise ArgumentError.new "Invalid arguments. Run '#{File.basename(__FILE__)} help generate' for guidance"
|
70
|
+
end
|
71
|
+
|
58
72
|
raise ArgumentError.new "Host is required" unless options.host or config.host
|
59
73
|
raise ArgumentError.new "cafile is required" unless options.cafile or config.cafile
|
60
74
|
|
@@ -63,6 +77,14 @@ command :generate do |c|
|
|
63
77
|
raise ArgumentError.new "PKCS#12 or cert & key file required"
|
64
78
|
end
|
65
79
|
|
80
|
+
if (options.trusted_ssids_probe_url or config.trusted_ssids_probe_url) and not (options.trusted_ssids or config.trusted_ssids)
|
81
|
+
raise ArgumentError.new "cannot set --trusted-ssids-probe-url without --trusted-ssids"
|
82
|
+
end
|
83
|
+
|
84
|
+
if (config.tafile or options.tafile) and (config.tlscryptfile or options.tlscryptfile)
|
85
|
+
raise ArgumentError.new "tafile and tlscryptfile cannot be both set"
|
86
|
+
end
|
87
|
+
|
66
88
|
options.default :vod => case
|
67
89
|
when config.vod == true || config.no_vod == false
|
68
90
|
true
|
@@ -75,8 +97,6 @@ command :generate do |c|
|
|
75
97
|
:port => (config.port)? config.port : 1194,
|
76
98
|
:security_level => (config.security_level)? config.security_level : 'high'
|
77
99
|
|
78
|
-
user, device = args
|
79
|
-
|
80
100
|
inputs = {
|
81
101
|
:user => user,
|
82
102
|
:device => device,
|
@@ -87,15 +107,18 @@ command :generate do |c|
|
|
87
107
|
:port => options.port,
|
88
108
|
:enableVOD => options.vod,
|
89
109
|
:trusted_ssids => options.trusted_ssids || config.trusted_ssids,
|
110
|
+
:trusted_ssids_probe_url => options.trusted_ssids_probe_url || config.trusted_ssids_probe_url,
|
90
111
|
:untrusted_ssids => options.untrusted_ssids || config.untrusted_ssids,
|
91
112
|
:profile_uuid => options.profile_uuid || config.profile_uuid,
|
92
113
|
:vpn_uuid => options.vpn_uuid || config.vpn_uuid,
|
114
|
+
:vpn_name => options.vpn_name || config.vpn_name,
|
93
115
|
:cert_uuid => options.cert_uuid || config.cert_uuid,
|
94
116
|
:security_level => options.security_level
|
95
117
|
}
|
96
118
|
inputs[:ovpnconfigfile] = options.ovpnconfigfile || config.ovpnconfigfile if options.ovpnconfigfile or config.ovpnconfigfile
|
97
119
|
inputs[:p12file] = options.p12file || config.p12file if options.p12file or config.p12file
|
98
120
|
inputs[:tafile] = options.tafile || config.tafile if options.tafile or config.tafile
|
121
|
+
inputs[:tlscryptfile] = options.tlscryptfile || config.tlscryptfile if options.tlscryptfile or config.tlscryptfile
|
99
122
|
inputs[:cert] = options.cert || config.cert if options.cert or config.cert
|
100
123
|
inputs[:key] = options.key || config.key if options.key or config.key
|
101
124
|
inputs[:url_probe] = options.url_probe || config.url_probe if options.url_probe or config.url_probe
|
@@ -103,6 +126,7 @@ command :generate do |c|
|
|
103
126
|
inputs[:domains] = options.domains || config.domains if options.domains or config.domains
|
104
127
|
inputs[:domain_probe_url] = options.domain_probe_url || config.domain_probe_url if options.domain_probe_url or config.domain_probe_url
|
105
128
|
inputs[:v12compat] = options.v12compat || config.v12compat if options.v12compat or config.v12compat
|
129
|
+
inputs[:idle_timer] = options.idle_timer || config.idle_timer if options.idle_timer or config.idle_timer
|
106
130
|
|
107
131
|
unless options.output
|
108
132
|
puts Ovpnmcgen.generate(inputs)
|
data/features/gen_basic.feature
CHANGED
@@ -16,6 +16,11 @@ Feature: Basic Generate Functionality
|
|
16
16
|
p12file that should appear
|
17
17
|
In base64 encoding as <data/>
|
18
18
|
"""
|
19
|
+
And a file named "cucumber-aruba.p12" with:
|
20
|
+
"""
|
21
|
+
p12file with filename that matches
|
22
|
+
#{user}-#{device} pattern
|
23
|
+
"""
|
19
24
|
And a file named "cert.crt" with:
|
20
25
|
"""
|
21
26
|
Contents of cert file
|
@@ -109,6 +114,18 @@ Feature: Basic Generate Functionality
|
|
109
114
|
\s*<integer>1</integer>
|
110
115
|
"""
|
111
116
|
|
117
|
+
Scenario: Correct arguments with all required flags, host, cafile, and p12file (no cert and key) in #{user}-#{device} pattern.
|
118
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file cucumber-aruba.p12`
|
119
|
+
Then the output should match:
|
120
|
+
"""
|
121
|
+
<key>PayloadDescription</key>
|
122
|
+
\s*<string>OpenVPN Configuration Payload for cucumber-aruba@aruba.cucumber.org</string>
|
123
|
+
\s*<key>PayloadDisplayName</key>
|
124
|
+
\s*<string>aruba.cucumber.org OpenVPN cucumber@aruba</string>
|
125
|
+
\s*<key>PayloadIdentifier</key>
|
126
|
+
\s*<string>org.cucumber.aruba.cucumber-aruba</string>
|
127
|
+
"""
|
128
|
+
|
112
129
|
@OCv1.2 @v0.6.0
|
113
130
|
Scenario: Correct arguments with all required flags, host, cafile, cert, and key (no p12file).
|
114
131
|
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --cert cert.crt --key key.pem cucumber aruba`
|
@@ -184,6 +201,25 @@ Feature: Basic Generate Functionality
|
|
184
201
|
\s*<string>Contents of TLS-Auth Key file\\nWith newlines\\nAnd more newlines\\nThat should appear as one line</string>
|
185
202
|
"""
|
186
203
|
|
204
|
+
Scenario: The tlscrypt flag is set.
|
205
|
+
Given a file named "tlscrypt.key" with:
|
206
|
+
"""
|
207
|
+
Contents of TLS-Crypt Key file
|
208
|
+
With newlines
|
209
|
+
And more newlines
|
210
|
+
That should appear as one line
|
211
|
+
"""
|
212
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --tlscryptfile tlscrypt.key cucumber aruba`
|
213
|
+
Then the output should match:
|
214
|
+
"""
|
215
|
+
<key>tls-crypt</key>
|
216
|
+
\s*<string>Contents of TLS-Crypt Key file\\nWith newlines\\nAnd more newlines\\nThat should appear as one line</string>
|
217
|
+
"""
|
218
|
+
|
219
|
+
Scenario: Both tafile and tlscryptfile flags are set.
|
220
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --tafile ta.key --tlscryptfile tlscrypt.key cucumber aruba`
|
221
|
+
Then the output should contain "error: tafile and tlscryptfile cannot be both set"
|
222
|
+
|
187
223
|
Scenario: The proto and port flags are set.
|
188
224
|
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --proto tcp --port 1234 cucumber aruba`
|
189
225
|
Then the output should match:
|
@@ -284,6 +320,25 @@ Feature: Basic Generate Functionality
|
|
284
320
|
\s*</array>
|
285
321
|
"""
|
286
322
|
|
323
|
+
Scenario: The trusted ssids flag is set and trusted ssids probe URL is set.
|
324
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --trusted-ssids trusted1 --trusted-ssids-probe-url "https://example.com/200.html" cucumber aruba`
|
325
|
+
Then the output should match:
|
326
|
+
"""
|
327
|
+
<string>Disconnect</string>
|
328
|
+
\s*<key>InterfaceTypeMatch</key>
|
329
|
+
\s*<string>WiFi</string>
|
330
|
+
\s*<key>SSIDMatch</key>
|
331
|
+
\s*<array>
|
332
|
+
\s*<string>trusted1</string>
|
333
|
+
\s*</array>
|
334
|
+
\s*<key>URLStringProbe</key>
|
335
|
+
\s*<string>https:\/\/example\.com\/200\.html</string>
|
336
|
+
"""
|
337
|
+
|
338
|
+
Scenario: The trusted ssids probe URL is set without trusted ssids flag being set.
|
339
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --trusted-ssids-probe-url "https://example.com/200.html" cucumber aruba`
|
340
|
+
Then the output should contain "error: cannot set --trusted-ssids-probe-url without --trusted-ssids"
|
341
|
+
|
287
342
|
Scenario: The security-level flag is set to paranoid.
|
288
343
|
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --security-level paranoid cucumber aruba`
|
289
344
|
Then the output should match:
|
@@ -444,3 +499,29 @@ Feature: Basic Generate Functionality
|
|
444
499
|
\s*</dict>
|
445
500
|
\s*</array>
|
446
501
|
"""
|
502
|
+
|
503
|
+
Scenario: The profile UUID flag is set.
|
504
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --profile-uuid A43E7B13-4F02-4121-9B70-81C734E495C1 cucumber aruba`
|
505
|
+
Then the output should match:
|
506
|
+
"""
|
507
|
+
<key>PayloadIdentifier</key>
|
508
|
+
\s*<string>com.apple.vpn.managed.A43E7B13-4F02-4121-9B70-81C734E495C1</string>
|
509
|
+
"""
|
510
|
+
|
511
|
+
Scenario: The VPN profile name flag is set.
|
512
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --vpn-name foobar cucumber aruba`
|
513
|
+
Then the output should match:
|
514
|
+
"""
|
515
|
+
<key>UserDefinedName</key>
|
516
|
+
\s*<string>foobar</string>
|
517
|
+
"""
|
518
|
+
|
519
|
+
Scenario: The idle timer flag is set.
|
520
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 --idle-timer 10 cucumber aruba`
|
521
|
+
Then the output should match:
|
522
|
+
"""
|
523
|
+
<key>DisconnectOnIdle</key>
|
524
|
+
\s*<integer>1</integer>
|
525
|
+
\s*<key>DisconnectOnIdleTimer</key>
|
526
|
+
\s*<integer>10</integer>
|
527
|
+
"""
|
data/lib/ovpnmcgen.rb
CHANGED
@@ -19,6 +19,8 @@ module Ovpnmcgen
|
|
19
19
|
untrusted_ssids = inputs[:untrusted_ssids] || false
|
20
20
|
remotes = inputs[:remotes] || false
|
21
21
|
vodDomains = inputs[:domains] || false
|
22
|
+
vpnName = inputs[:vpn_name] || "#{host}/VoD"
|
23
|
+
plistDescription = "OpenVPN Configuration Payload for #{user}-#{device}@#{host}"
|
22
24
|
|
23
25
|
# Ensure [un]trusted_ssids are Arrays.
|
24
26
|
trusted_ssids = Array(trusted_ssids) if trusted_ssids
|
@@ -33,6 +35,13 @@ module Ovpnmcgen
|
|
33
35
|
exit
|
34
36
|
end
|
35
37
|
|
38
|
+
begin
|
39
|
+
tls_crypt = File.readlines(inputs[:tlscryptfile]).map { |x| x.chomp }.join('\n')
|
40
|
+
rescue Errno::ENOENT
|
41
|
+
puts "TLS crypt file not found: #{inputs[:tlscryptfile]}!"
|
42
|
+
exit
|
43
|
+
end if inputs[:tlscryptfile]
|
44
|
+
|
36
45
|
begin
|
37
46
|
tls_auth = File.readlines(inputs[:tafile]).map { |x| x.chomp }.join('\n')
|
38
47
|
rescue Errno::ENOENT
|
@@ -63,6 +72,7 @@ module Ovpnmcgen
|
|
63
72
|
|
64
73
|
unless inputs[:ovpnconfigfile].nil?
|
65
74
|
ovpnconfighash = Ovpnmcgen.getOVPNVendorConfigHash(inputs[:ovpnconfigfile])
|
75
|
+
plistDescription = "#{plistDescription}. Includes custom OpenVPN directives #{ovpnconfighash.to_s.gsub('"', '').gsub('=>', '=')}."
|
66
76
|
else # Bare minimum configuration
|
67
77
|
ovpnconfighash = {
|
68
78
|
'client' => 'NOARGS',
|
@@ -82,6 +92,7 @@ module Ovpnmcgen
|
|
82
92
|
ovpnconfighash['ca'] = ca_cert
|
83
93
|
ovpnconfighash['tls-auth'] = tls_auth if inputs[:tafile]
|
84
94
|
ovpnconfighash['key-direction'] = '1' if inputs[:tafile]
|
95
|
+
ovpnconfighash['tls-crypt'] = tls_crypt if inputs[:tlscryptfile]
|
85
96
|
ovpnconfighash['cert'] = cert_file if inputs[:cert]
|
86
97
|
ovpnconfighash['key'] = key_file if inputs[:key]
|
87
98
|
ovpnconfighash['vpn-on-demand'] = '0' unless enableVOD
|
@@ -134,7 +145,7 @@ module Ovpnmcgen
|
|
134
145
|
'Action' => 'Ignore'
|
135
146
|
}
|
136
147
|
|
137
|
-
# Insert URLStringProbe conditions when enabled with --url-probe
|
148
|
+
# Insert URLStringProbe conditions when enabled with --url-probe.
|
138
149
|
vodTrusted['URLStringProbe'] =
|
139
150
|
vodUntrusted['URLStringProbe'] =
|
140
151
|
vodWifiOnly['URLStringProbe'] =
|
@@ -143,6 +154,9 @@ module Ovpnmcgen
|
|
143
154
|
vodDefault['URLStringProbe'] =
|
144
155
|
inputs[:url_probe] if inputs[:url_probe]
|
145
156
|
|
157
|
+
# Insert trusted SSIDs-specific URLStringProbe condition when enabled with --trusted-ssids-url-probe.
|
158
|
+
vodTrusted['URLStringProbe'] = inputs[:trusted_ssids_probe_url] if inputs[:trusted_ssids_probe_url]
|
159
|
+
|
146
160
|
vpnOnDemandRules << vodTrusted if trusted_ssids
|
147
161
|
vpnOnDemandRules << vodUntrusted if untrusted_ssids
|
148
162
|
vpnOnDemandRules << vodWifiOnly
|
@@ -158,7 +172,7 @@ module Ovpnmcgen
|
|
158
172
|
'PayloadContent' => StringData.new(p12file),
|
159
173
|
'PayloadDescription' => 'Provides device authentication (certificate or identity).',
|
160
174
|
'PayloadDisplayName' => "#{user}-#{device}.p12",
|
161
|
-
'PayloadIdentifier' => "#{identifier}.#{user}-#{device}.credential",
|
175
|
+
'PayloadIdentifier' => (inputs[:cert_uuid]) ? "com.apple.vpn.managed.#{certUUID}" : "#{identifier}.#{user}-#{device}.credential",
|
162
176
|
'PayloadOrganization' => domain,
|
163
177
|
'PayloadType' => 'com.apple.security.pkcs12',
|
164
178
|
'PayloadUUID' => certUUID,
|
@@ -168,12 +182,12 @@ module Ovpnmcgen
|
|
168
182
|
vpn = {
|
169
183
|
'PayloadDescription' => "Configures VPN settings, including authentication.",
|
170
184
|
'PayloadDisplayName' => "VPN (#{host}/VoD)",
|
171
|
-
'PayloadIdentifier' => "#{identifier}.#{user}-#{device}.vpnconfig",
|
185
|
+
'PayloadIdentifier' => (inputs[:vpn_uuid]) ? "com.apple.vpn.managed.#{certUUID}" : "#{identifier}.#{user}-#{device}.vpnconfig",
|
172
186
|
'PayloadOrganization' => domain,
|
173
187
|
'PayloadType' => 'com.apple.vpn.managed',
|
174
188
|
'PayloadUUID' => vpnUUID,
|
175
189
|
'PayloadVersion' => 1,
|
176
|
-
'UserDefinedName' =>
|
190
|
+
'UserDefinedName' => vpnName,
|
177
191
|
'VPN' => {
|
178
192
|
'AuthenticationMethod' => 'Certificate',
|
179
193
|
'OnDemandEnabled' => (enableVOD)? 1 : 0,
|
@@ -190,15 +204,19 @@ module Ovpnmcgen
|
|
190
204
|
vpn['VPN']['AuthenticationMethod'] = 'Password'
|
191
205
|
vpn['VPN'].delete('PayloadCertificateUUID')
|
192
206
|
end
|
207
|
+
if inputs[:idle_timer]
|
208
|
+
vpn['VPN']['DisconnectOnIdle'] = 1
|
209
|
+
vpn['VPN']['DisconnectOnIdleTimer'] = inputs[:idle_timer]
|
210
|
+
end
|
193
211
|
|
194
212
|
plistPayloadContent = [vpn]
|
195
213
|
plistPayloadContent << cert if p12file
|
196
214
|
#encPlistPayloadContent = cmsEncrypt([vpn, cert].to_plist).der_format
|
197
215
|
|
198
216
|
plist = {
|
199
|
-
'PayloadDescription' =>
|
217
|
+
'PayloadDescription' => plistDescription,
|
200
218
|
'PayloadDisplayName' => "#{host} OpenVPN #{user}@#{device}",
|
201
|
-
'PayloadIdentifier' => "#{identifier}.#{user}-#{device}",
|
219
|
+
'PayloadIdentifier' => (inputs[:profile_uuid]) ? "com.apple.vpn.managed.#{plistUUID}" : "#{identifier}.#{user}-#{device}",
|
202
220
|
'PayloadOrganization' => domain,
|
203
221
|
'PayloadRemovalDisallowed' => false,
|
204
222
|
'PayloadType' => 'Configuration',
|
data/lib/ovpnmcgen/ovpnconfig.rb
CHANGED
@@ -34,7 +34,7 @@ module Ovpnmcgen
|
|
34
34
|
case key
|
35
35
|
when 'fragment', 'mssfix', 'secret', 'socks-proxy', 'persist-key', 'persist-tun', 'resolv-retry', 'nobind', 'verb', 'user', 'group', 'pull', 'mute'
|
36
36
|
true
|
37
|
-
when 'remote', 'ca', 'pkcs12', 'tls-auth', 'cert', 'key', 'proto' # specified with switches.
|
37
|
+
when 'remote', 'ca', 'pkcs12', 'tls-auth', 'tls-crypt', 'cert', 'key', 'proto' # specified with switches.
|
38
38
|
true
|
39
39
|
else
|
40
40
|
false
|
data/lib/ovpnmcgen/version.rb
CHANGED
data/ovpnmcgen.rb.gemspec
CHANGED
@@ -21,11 +21,11 @@ Gem::Specification.new do |spec|
|
|
21
21
|
spec.bindir = 'bin'
|
22
22
|
spec.required_ruby_version = '>= 1.9.3'
|
23
23
|
|
24
|
-
spec.add_development_dependency "bundler", "~>
|
24
|
+
spec.add_development_dependency "bundler", "~> 2.0"
|
25
25
|
spec.add_development_dependency "rake"
|
26
26
|
spec.add_development_dependency "aruba", "~> 0.5", ">= 0.5.4"
|
27
27
|
spec.add_development_dependency "pre-commit"
|
28
|
-
spec.add_runtime_dependency "plist", "~> 3.
|
29
|
-
spec.add_runtime_dependency "commander", "~> 4.
|
28
|
+
spec.add_runtime_dependency "plist", "~> 3.5", ">= 3.5.0"
|
29
|
+
spec.add_runtime_dependency "commander", "~> 4.4", ">= 4.4.7"
|
30
30
|
spec.add_runtime_dependency "app_configuration", "~> 0.0", ">= 0.0.2"
|
31
31
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ovpnmcgen.rb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ronald Ip
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2019-08-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '
|
19
|
+
version: '2.0'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '
|
26
|
+
version: '2.0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rake
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -76,42 +76,42 @@ dependencies:
|
|
76
76
|
name: plist
|
77
77
|
requirement: !ruby/object:Gem::Requirement
|
78
78
|
requirements:
|
79
|
-
- - "~>"
|
80
|
-
- !ruby/object:Gem::Version
|
81
|
-
version: '3.1'
|
82
79
|
- - ">="
|
83
80
|
- !ruby/object:Gem::Version
|
84
|
-
version: 3.
|
81
|
+
version: 3.5.0
|
82
|
+
- - "~>"
|
83
|
+
- !ruby/object:Gem::Version
|
84
|
+
version: '3.5'
|
85
85
|
type: :runtime
|
86
86
|
prerelease: false
|
87
87
|
version_requirements: !ruby/object:Gem::Requirement
|
88
88
|
requirements:
|
89
|
-
- - "~>"
|
90
|
-
- !ruby/object:Gem::Version
|
91
|
-
version: '3.1'
|
92
89
|
- - ">="
|
93
90
|
- !ruby/object:Gem::Version
|
94
|
-
version: 3.
|
91
|
+
version: 3.5.0
|
92
|
+
- - "~>"
|
93
|
+
- !ruby/object:Gem::Version
|
94
|
+
version: '3.5'
|
95
95
|
- !ruby/object:Gem::Dependency
|
96
96
|
name: commander
|
97
97
|
requirement: !ruby/object:Gem::Requirement
|
98
98
|
requirements:
|
99
99
|
- - "~>"
|
100
100
|
- !ruby/object:Gem::Version
|
101
|
-
version: '4.
|
101
|
+
version: '4.4'
|
102
102
|
- - ">="
|
103
103
|
- !ruby/object:Gem::Version
|
104
|
-
version: 4.
|
104
|
+
version: 4.4.7
|
105
105
|
type: :runtime
|
106
106
|
prerelease: false
|
107
107
|
version_requirements: !ruby/object:Gem::Requirement
|
108
108
|
requirements:
|
109
109
|
- - "~>"
|
110
110
|
- !ruby/object:Gem::Version
|
111
|
-
version: '4.
|
111
|
+
version: '4.4'
|
112
112
|
- - ">="
|
113
113
|
- !ruby/object:Gem::Version
|
114
|
-
version: 4.
|
114
|
+
version: 4.4.7
|
115
115
|
- !ruby/object:Gem::Dependency
|
116
116
|
name: app_configuration
|
117
117
|
requirement: !ruby/object:Gem::Requirement
|
@@ -142,9 +142,11 @@ executables:
|
|
142
142
|
extensions: []
|
143
143
|
extra_rdoc_files: []
|
144
144
|
files:
|
145
|
+
- ".chglog/CHANGELOG.tpl.md"
|
146
|
+
- ".chglog/config.yml"
|
145
147
|
- ".gitignore"
|
146
148
|
- ".travis.yml"
|
147
|
-
- ChangeLog
|
149
|
+
- ChangeLog.md
|
148
150
|
- Gemfile
|
149
151
|
- LICENSE.txt
|
150
152
|
- README.md
|
@@ -180,8 +182,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
180
182
|
- !ruby/object:Gem::Version
|
181
183
|
version: '0'
|
182
184
|
requirements: []
|
183
|
-
|
184
|
-
rubygems_version: 2.6.14
|
185
|
+
rubygems_version: 3.0.6
|
185
186
|
signing_key:
|
186
187
|
specification_version: 4
|
187
188
|
summary: An OpenVPN iOS Configuration Profile (.mobileconfig) Utility
|
data/ChangeLog
DELETED
@@ -1,46 +0,0 @@
|
|
1
|
-
= 0.6.0 / 2018-01-27
|
2
|
-
* Added support for `EvaluateConnection`, `Domains`, via `--domains`. It will include an `ActionParameters` dict containing `Domains`, and if `--domain-probe-url` is set, also contains `RequiredURLStringProbe`.
|
3
|
-
* Added support for updated bundle identifier (VPNSubType) `net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x), via `--v12compat`.
|
4
|
-
* Added support for `--cert` and `--key` for inline attachment of certificate and key, to workaround bug in OpenVPN Connect 1.2.5.
|
5
|
-
* Added support for `vpn-on-demand: 0` key/value pair when `--no-vod` is set, so that OpenVPN Connect can control this profile.
|
6
|
-
|
7
|
-
= 0.5.0 / 2015-02-22
|
8
|
-
* Specify multiple remotes with `--remotes "host2 1194 tcp","host3 1195 udp"` flag.
|
9
|
-
|
10
|
-
= 0.4.2 / 2014-07-05
|
11
|
-
* Bugfix: Default catch-all rule should be 'Ignore', any other option does not make sense.
|
12
|
-
|
13
|
-
= 0.4.1 / 2014-05-07
|
14
|
-
* Bugfix: SSIDs specified as a string in configfile now correctly output
|
15
|
-
as arrays. (#a9e638)
|
16
|
-
|
17
|
-
= 0.4.0 / 2014-05-07
|
18
|
-
* VoD rules in `--[un]trusted-ssids` to also use `InterfaceTypeMatch`.
|
19
|
-
* Added support for configuration persistance, via ENV or
|
20
|
-
~/.ovpnmcgen.rb.yml or `--config` flag.
|
21
|
-
|
22
|
-
= 0.3.0 / 2014-05-04
|
23
|
-
* Documentation updates.
|
24
|
-
* Added support for `URLStringProbe`, via `--url-probe`.
|
25
|
-
|
26
|
-
= 0.2.1 / 2014-04-19
|
27
|
-
* Implement unit testing.
|
28
|
-
* Switch to a portable and native uuidgen implementation.
|
29
|
-
* Minor documentation improvements.
|
30
|
-
|
31
|
-
= 0.2.0 / 2014-04-18
|
32
|
-
* Support custom UUID value overrides.
|
33
|
-
* Support for security level, i.e. paranoid, high (default), medium.
|
34
|
-
* TLS-Auth keyfile now optional.
|
35
|
-
|
36
|
-
= 0.1.0 / 2014-03-27
|
37
|
-
* Added support for `--ovpnconfigfile`, `--port`, `--proto`.
|
38
|
-
* Shorter switches for `--[un]trusted-ssids`.
|
39
|
-
* Improved Documentation.
|
40
|
-
|
41
|
-
= 0.0.2 / 2014-03-26
|
42
|
-
* Require ruby >= 1.9.3.
|
43
|
-
* Improved Documentation.
|
44
|
-
|
45
|
-
= 0.0.1 / 2014-03-26
|
46
|
-
* Initial Release.
|