Unified configuration splitter

OpenVPN tutorials ranging from configuration to hacks to compilation will be posted here.
Post Reply
zeroepoch
OpenVpn Newbie
Posts: 1
Joined: Wed Nov 17, 2010 3:45 am

Unified configuration splitter

Post by zeroepoch » Thu Nov 18, 2010 5:54 am

Anyone looking to split a unified configuration file into individual certs/keys for use with Network Manager can use the following perl script.

Code: Select all

#!/usr/bin/perl

use strict;
use warnings;

# output filepaths
my $CA_FILE   = "ca.crt";
my $CERT_FILE = "client.crt";
my $KEY_FILE  = "client.key";
my $TA_FILE   = "ta.key";

# out file open flag
my $writing = 0;

while (<>) {

	# look for <ca>...</ca> (ca public cert)
	if (/^<ca>$/) {
		open(FH, ">$CA_FILE") or die("Failed to create $CA_FILE");
		$writing = 1;
		$_ = ""; # no <ca> in out file
	} elsif (/^<\/ca>$/) {
		close(FH);
		$writing = 0;
		$_ = ""; # no </ca> in stdout
	}

	# look for <cert>...</cert> (client public cert)
	if (/^<cert>$/) {
		open(FH, ">$CERT_FILE") or die("Failed to create $CERT_FILE");
		$writing = 1;
		$_ = ""; # no <cert> in out file
	} elsif (/^<\/cert>$/) {
		close(FH);
		$writing = 0;
		$_ = ""; # no </cert> in stdout
	}

	# look for <key>...</key> (client private key)
	if (/^<key>$/) {
		open(FH, ">$KEY_FILE") or die("Failed to create $KEY_FILE");
		$writing = 1;
		$_ = ""; # no <key> in out file
	} elsif (/^<\/key>$/) {
		close(FH);
		$writing = 0;
		$_ = ""; # no </key> in stdout
	}

	# look for <tls-auth>...</tls-auth> (tls authorization)
	if (/^<tls-auth>$/) {
		open(FH, ">$TA_FILE") or die("Failed to create $TA_FILE");
		$writing = 1;
		$_ = ""; # no <tls-auth> in out file
	} elsif (/^<\/tls-auth>$/) {
		close(FH);
		$writing = 0;
		$_ = ""; # no </tls-auth> in stdout
	}

	# write to file if open
	if ($writing) {
		print FH;
	# otherwise write to stdout
	} else { print; }
}

Post Reply