Different script for mobile vpn (.ovpn creation).

Help on building IPFire & Feature Requests
Post Reply
mutley
Posts: 30
Joined: September 12th, 2016, 3:03 pm

Different script for mobile vpn (.ovpn creation).

Post by mutley » September 19th, 2016, 6:20 pm

I looked at the script posted in the wiki (http://wiki.ipfire.org/en/configuration ... penvpn/ios), and I wasn't happy with it so I created a new script.
It doesn't require any cut n paste.
It will package everything into 1 ovpn file (rather than 2).
It will make less assumptions about your ovn config by reading the IPfire configuration file.
For me, it works with Android & Ios (OpenVPN Connect).

Code: Select all

#!/bin/bash
#
# Change "!! Your IP or Domain !!" below to the preferred way to access your IPfire machine 
# from the internet.
# i.e. your ddns or static IP.  Please leave the quotes. example  EXTERNAL="ipfire.org"
#
EXTERNAL="!! Your IP or Domain !!"

ROOT="/var/ipfire"
FILE="$ROOT/ovpn/certs/$1.p12"
CFG="$ROOT/ovpn/settings"

if [ -f "$FILE" ];
then

echo "client" >> $1.ovpn
echo "dev tun" >> $1.ovpn
echo "proto udp" >> $1.ovpn
echo "remote $EXTERNAL `cat $CFG | grep DDEST_PORT= | cut -d= -f2`" >> $1.ovpn
echo "resolv-retry infinite" >> $1.ovpn
echo "nobind" >> $1.ovpn
echo "persist-key" >> $1.ovpn
echo "tun-mtu `cat $CFG | grep DMTU= | cut -d= -f2`" >> $1.ovpn
echo "cipher `cat $CFG | grep DCIPHER= | cut -d= -f2`" >> $1.ovpn
if [ "`cat $CFG | grep DCOMPLZO=on`" != "" ]; then
  echo "comp-lzo" >> $1.ovpn
fi
echo "verb 3" >> $1.ovpn
echo "ns-cert-type server" >> $1.ovpn
echo "key-direction 1" >> $1.ovpn

echo "<ca>" >> $1.ovpn
openssl pkcs12 -in $FILE -cacerts -nokeys -passin pass: >> $1.ovpn
echo "</ca>" >> $1.ovpn
echo "<cert>" >> $1.ovpn
openssl pkcs12 -in $FILE -clcerts -nokeys -passin pass: >> $1.ovpn
echo "</cert>" >> $1.ovpn
echo "<key>" >> $1.ovpn
openssl pkcs12 -in $FILE -nocerts -nodes -passin pass: >> $1.ovpn
echo "</key>" >> $1.ovpn

else
   echo "File $FILE does not exist" >&2
   echo "Syntax: $0 CertName"
   echo "CertName = certificate p12 file name, one of the following :-"
   echo `ls $ROOT/ovpn/certs/*.p12 | sed "s/.*\//--> /" | sed "s/\..*/ <--/"`
fi

Image

xeonium
Posts: 14
Joined: July 8th, 2014, 9:42 am

Re: Different script for mobile vpn (.ovpn creation).

Post by xeonium » April 17th, 2019, 12:15 pm

mutley wrote:
September 19th, 2016, 6:20 pm

Code: Select all

echo "proto udp" >> $1.ovpn
i'v change it to

Code: Select all

echo "proto `grep -i proto /var/ipfire/ovpn/server.conf | cut -d" " -f 2`" >> $1.ovpn

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5772
Joined: August 11th, 2005, 9:02 am

Re: Different script for mobile vpn (.ovpn creation).

Post by MichaelTremer » April 18th, 2019, 9:24 am

Hey,

I guess this script is no longer relevant, because you export this type of configuration from the Web UI for some time now.
Support the project with our Donation Challenge!

Get Commercial Support for IPFire and more from Lightning Wire Labs!

Image

xeonium
Posts: 14
Joined: July 8th, 2014, 9:42 am

Re: Different script for mobile vpn (.ovpn creation).

Post by xeonium » May 2nd, 2019, 12:43 pm

MichaelTremer wrote:
April 18th, 2019, 9:24 am
Hey,

I guess this script is no longer relevant, because you export this type of configuration from the Web UI for some time now.
Thats right but exporting/saving of 'insecure client package' only works without password, isn't it?
viewtopic.php?f=50&t=17011&hilit=insecu ... e&start=15

My(customers) installation ist a fresh clean installation build 127 patched up to 130. The problem above is still actual?!

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5772
Joined: August 11th, 2005, 9:02 am

Re: Different script for mobile vpn (.ovpn creation).

Post by MichaelTremer » May 3rd, 2019, 8:18 am

xeonium wrote:
May 2nd, 2019, 12:43 pm
Thats right but exporting/saving of 'insecure client package' only works without password, isn't it?
viewtopic.php?f=50&t=17011&hilit=insecu ... e&start=15
Yes, the PEM format does not support any password-protected containers.
Support the project with our Donation Challenge!

Get Commercial Support for IPFire and more from Lightning Wire Labs!

Image

Post Reply