StoneVPN

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
leon
OpenVpn Newbie
Posts: 8
Joined: Thu Oct 21, 2010 10:56 am

Re: StoneVPN

Post by leon » Wed Nov 30, 2011 11:05 am

dhruvpandit wrote:pls tell me how to use my old certificates with stoneVPN? or will it use the same old certs and key file ?
You should edit /etc/stonevpn.conf and make sure it points to the correct locations for your CA certificate and key file and openssl.cnf. Then stonevpn just parses openssl.cnf [1], looks up the index file (usually index.txt) and reads information about your already existing certificates. You can check it by running:

Code: Select all

$ stonevpn -a
Which should list your certificates.

Let me know if you run into any problems there. Sometimes the way a certificate is generated has an impact on how stonevpn parses the index file. If everything works okay (in particular the serial numbers for your certs are correct) you can then revoke certificates using:

Code: Select all

$ stonevpn -r SERIAL


[1] i realize now that specifying CA crt and key files in stonevpn.conf is kind of redundant if later it parses openssl.cnf and can read those values there as well. Will probably fix it in the next version.

digital0
OpenVpn Newbie
Posts: 5
Joined: Fri Jan 18, 2013 3:30 pm

Re: StoneVPN

Post by digital0 » Tue Jan 29, 2013 12:15 am

Hello,

I added the possibility to create ovpn file for Android, which has all the certificates inline.
Here's the patch:

Code: Select all

--- app.py.orig 2011-08-08 09:19:31.000000000 +0300
+++ app.py      2013-01-17 02:02:57.263543278 +0200
@@ -142,7 +142,7 @@
         action="store",
         dest="confs",
         default="unix",
-        help="create config files for [windows|unix|mac|all]")
+        help="create config files for [windows|unix|mac|android|all]")
     group_extra.add_option("-e", "--prefix",
         action="store",
         dest="fprefix",
@@ -1045,10 +1045,14 @@
             sectionname = 'mac conf'
             print "Generating Mac configuration file"
             f=open(self.working + '/' + self.fprefix + fname + '.conf', 'w')
+        elif sname == 'android':
+            sectionname = 'android conf'
+            print "Generating Android configuration file"
+            f=open(self.working + '/' + self.fprefix + fname + '.ovpn', 'w')
         elif sname == 'all':
             print "Generating all configuration files"
         else:
-            print "Incorrect OS type specified. Valid options are 'unix', 'windows', 'mac' or 'all'."
+            print "Incorrect OS type specified. Valid options are 'unix', 'windows', 'mac', 'android' or 'all'."
             sys.exit()
         if sname != 'all':
             section=config[sectionname]
@@ -1069,9 +1073,19 @@
                         f.write(section[var] + '\n')
                 else:
                     f.write(section[var] + '\n')
+           if sname == 'android':
+               fp = open ( self.cacertfile, 'r' )
+               f.write('\n' + "<ca>" + '\n' + fp.read() + "</ca>" + '\n')
+               fp.close ()
+               fp = open ( self.working + '/' + self.fprefix + fname + '.crt', 'r' )
+               f.write('\n' + "<cert>" + '\n' + fp.read() + "</cert>" + '\n')
+               fp.close ()
+               fp = open ( self.working + '/' + self.fprefix + fname + '.key', 'r' )
+               f.write('\n' + "<key>" + '\n' + fp.read() + "</key>" + '\n')
+               fp.close ()
             f.close()
         else:
-            os_versions = ["windows", "linux", "mac"]
+            os_versions = ["windows", "linux", "mac", "android"]
             for os_type in os_versions:
                 # soort extensie ipv deze regel <<
                 if os_type == 'linux':
@@ -1086,6 +1100,10 @@
                     sectionname = 'mac conf'
                     print "Generating Mac configuration file"
                     f=open(self.working + '/' + self.fprefix + fname + '.mac.conf', 'w')
+                elif os_type == 'android':
+                    sectionname = 'android conf'
+                    print "Generating Android configuration file"
+                    f=open(self.working + '/' + self.fprefix + fname + '.android.ovpn', 'w')
                 section=config[sectionname]
                 for var in section:
                     if var == 'ca':
@@ -1097,6 +1115,16 @@
                         f.write(section[var].replace('clientkeyfile', self.fprefix + fname + '.key') + '\n')
                     else:
                         f.write(section[var] + '\n')
+               if os_type == 'android':
+                   fp = open ( self.cacertfile, 'r' )
+                   f.write('\n' + "<ca>" + '\n' + fp.read() + "</ca>" + '\n')
+                   fp.close ()
+                   fp = open ( self.working + '/' + self.fprefix + fname + '.crt', 'r' )
+                   f.write('\n' + "<cert>" + '\n' + fp.read() + "</cert>" + '\n')
+                   fp.close ()
+                   fp = open ( self.working + '/' + self.fprefix + fname + '.key', 'r' )
+                   f.write('\n' + "<key>" + '\n' + fp.read() + "</key>" + '\n')
+                   fp.close ()
                 f.close()
And here's the diff for stonevpn.conf:

Code: Select all

--- stonevpn.conf.orig  2010-08-04 17:35:39.000000000 +0300
+++ stonevpn.conf       2013-01-17 02:46:36.718509951 +0200
@@ -114,3 +114,29 @@
 verb = 'verb 3'
 prot = 'proto tcp'

+[android conf]
+# add options to be added to the configuration file here
+daemon = 'daemon'
+dev = 'dev tun'
+ip = 'remote 12.34.56.78'
+# uncomment the next 3 lines to add redundant routers:
+# remote-random
+# resolv-retry 60
+# ip2 = 'remote 23.45.67.89'
+port = 'port 1194'
+#mssfix = 'mssfix 1300'
+client = 'client'
+tlc = 'tls-client'
+# don't touch the next 3 var names:
+#ca = 'ca /Library/openvpn/cacertfile'
+#cert = 'cert /Library/openvpn/clientcertfile'
+#key = 'key /Library/openvpn/clientkeyfile'
+lzo = 'comp-lzo'
+ping = 'ping 15'
+pingrestart = 'ping-restart 45'
+pingtimer = 'ping-timer-rem'
+persisttun = 'persist-tun'
+persistkey = 'persist-key'
+verb = 'verb 3'
+prot = 'proto tcp'
+

leon
OpenVpn Newbie
Posts: 8
Joined: Thu Oct 21, 2010 10:56 am

Re: StoneVPN

Post by leon » Tue Jan 29, 2013 9:58 am

Awesome! I'll review it and will probably include it in the next version.


Thanks!


Léon

Post Reply