StoneVPN
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Oct 21, 2010 10:56 am
StoneVPN
Just wanted to say that i've coded a tool for easy OpenVPN certificate and configuration management. It's called StoneVPN, written in python and it's available from the EPEL repository if you're using RHEL/CentOS and Fedora (12 and later) repositories. Also it's available in tarball on github.com/lkeijser/stonevpn.
Any feedback would be most welcome.
Any feedback would be most welcome.
- krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: StoneVPN
i have made this post sticky
thank you for sharing your tool
thank you for sharing your tool
-
- OpenVPN Power User
- Posts: 53
- Joined: Tue Apr 19, 2011 11:18 am
Re: StoneVPN
how to use it ??
-
- OpenVPN Power User
- Posts: 53
- Joined: Tue Apr 19, 2011 11:18 am
Re: StoneVPN
sorry repost.
Last edited by dhruvpandit on Wed Nov 09, 2011 9:52 am, edited 1 time in total.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Oct 21, 2010 10:56 am
Re: StoneVPN
$ man stonevpndhruvpandit wrote:how to use it?
$ stonevpn --help
An easy example is in the man page.
-
- OpenVPN Power User
- Posts: 53
- Joined: Tue Apr 19, 2011 11:18 am
Re: StoneVPN
thanks for fast reply leon,leon wrote:$ man stonevpndhruvpandit wrote:how to use it?
$ stonevpn --help
An easy example is in the man page.
but i am very new in OpenVPN, so need some more examples
i have setup my server just 2 days back.
also want to ask if you know any GUI based Certificate management script or tool , then pls let me know.
and if possible, pls give some more examples of how to create, revoke new certificates with stonevpn.
-
- OpenVPN Power User
- Posts: 53
- Joined: Tue Apr 19, 2011 11:18 am
Re: StoneVPN
getting this error
[root@VPN2 stonevpn]# stonevpn -f dhruvpandit -n "dhruvpandit" -z -p -m MY MAIL ID@gmail.com
Traceback (most recent call last):
File "/usr/bin/stonevpn", line 17, in ?
import StoneVPN.app as app
File "/usr/lib/python2.4/site-packages/StoneVPN/app.py", line 38, in ?
from OpenSSL import SSL, crypto
ImportError: No module named OpenSSL
[root@VPN2 stonevpn]# stonevpn -f dhruvpandit -n "dhruvpandit" -z -p -m MY MAIL ID@gmail.com
Traceback (most recent call last):
File "/usr/bin/stonevpn", line 17, in ?
import StoneVPN.app as app
File "/usr/lib/python2.4/site-packages/StoneVPN/app.py", line 38, in ?
from OpenSSL import SSL, crypto
ImportError: No module named OpenSSL
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Oct 21, 2010 10:56 am
Re: StoneVPN
Hi,
This means you didn't install the pyOpenSSL library. On RedHat/CentOS it's
on debian it's (AFAIK)
PS: that was in the README file though
This means you didn't install the pyOpenSSL library. On RedHat/CentOS it's
Code: Select all
yum install pyOpenSSL
Code: Select all
apt-get install python-openssl
-
- OpenVPN Power User
- Posts: 53
- Joined: Tue Apr 19, 2011 11:18 am
Re: StoneVPN
now its giving this error,
Traceback (most recent call last):
File "/usr/bin/stonevpn", line 17, in ?
import StoneVPN.app as app
File "/usr/lib/python2.4/site-packages/StoneVPN/app.py", line 43, in ?
from IPy import IP
ImportError: No module named IPy
i have installed other packages, but this package is not installed from yum also.
pls tell me how to install it.
also give me the list of all required packages so i can install it at once.
if stonevpn should be installed by yum install stonevpn, then it will be great. but its showing this
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: fr2.rpmfind.net
* base: mirrors.cat.pdx.edu
* updates: mirrors.cat.pdx.edu
* extras: ftp.osuosl.org
Warning: No matches found for: stonevpn
No Matches found
Traceback (most recent call last):
File "/usr/bin/stonevpn", line 17, in ?
import StoneVPN.app as app
File "/usr/lib/python2.4/site-packages/StoneVPN/app.py", line 43, in ?
from IPy import IP
ImportError: No module named IPy
i have installed other packages, but this package is not installed from yum also.
pls tell me how to install it.
also give me the list of all required packages so i can install it at once.
if stonevpn should be installed by yum install stonevpn, then it will be great. but its showing this
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: fr2.rpmfind.net
* base: mirrors.cat.pdx.edu
* updates: mirrors.cat.pdx.edu
* extras: ftp.osuosl.org
Warning: No matches found for: stonevpn
No Matches found
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Oct 21, 2010 10:56 am
Re: StoneVPN
You will need to install the EPEL repo first. This is also mentioned in the README file
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: StoneVPN
Will it be ported to windows?
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Oct 21, 2010 10:56 am
Re: StoneVPN
I have no immediate plans for that, but it shouldn't be too hard considering it's all python. Perhaps a few linux-only hacks but nothing that can't be ported. I'll make it a TODO itemMimiko wrote:Will it be ported to windows?
-
- OpenVPN Power User
- Posts: 53
- Joined: Tue Apr 19, 2011 11:18 am
Re: StoneVPN
thanks, now i have installed it via YUM.
now its giving this error :
Error: missing section 'organizationalUnitName_default' in /etc/pki/tls/openssl.cnf
i already have active OpenVPN with about 25 clients on this server.
i think this is some certificate issue.
how can i use stonevpn by using old certificates??
now its giving this error :
Error: missing section 'organizationalUnitName_default' in /etc/pki/tls/openssl.cnf
i already have active OpenVPN with about 25 clients on this server.
i think this is some certificate issue.
how can i use stonevpn by using old certificates??
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Oct 21, 2010 10:56 am
Re: StoneVPN
...dhruvpandit wrote:thanks, now i have installed it via YUM.
now its giving this error :
Error: missing section 'organizationalUnitName_default' in /etc/pki/tls/openssl.cnf
Really, it's not that hard. Add 'organizationalUnitName_default' to your openssl.cnf file. Search for it, it's probably commented out, and add a default OU name (something like 'VPN' would be ok).
-
- OpenVPN Power User
- Posts: 53
- Joined: Tue Apr 19, 2011 11:18 am
Re: StoneVPN
pls tell me how to use my old certificates with stoneVPN? or will it use the same old certs and key file ?
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Oct 21, 2010 10:56 am
Re: StoneVPN
You should edit /etc/stonevpn.conf and make sure it points to the correct locations for your CA certificate and key file and openssl.cnf. Then stonevpn just parses openssl.cnf [1], looks up the index file (usually index.txt) and reads information about your already existing certificates. You can check it by running:dhruvpandit wrote:pls tell me how to use my old certificates with stoneVPN? or will it use the same old certs and key file ?
Code: Select all
$ stonevpn -a
Let me know if you run into any problems there. Sometimes the way a certificate is generated has an impact on how stonevpn parses the index file. If everything works okay (in particular the serial numbers for your certs are correct) you can then revoke certificates using:
Code: Select all
$ stonevpn -r SERIAL
[1] i realize now that specifying CA crt and key files in stonevpn.conf is kind of redundant if later it parses openssl.cnf and can read those values there as well. Will probably fix it in the next version.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Fri Jan 18, 2013 3:30 pm
Re: StoneVPN
Hello,
I added the possibility to create ovpn file for Android, which has all the certificates inline.
Here's the patch:
And here's the diff for stonevpn.conf:
I added the possibility to create ovpn file for Android, which has all the certificates inline.
Here's the patch:
Code: Select all
--- app.py.orig 2011-08-08 09:19:31.000000000 +0300
+++ app.py 2013-01-17 02:02:57.263543278 +0200
@@ -142,7 +142,7 @@
action="store",
dest="confs",
default="unix",
- help="create config files for [windows|unix|mac|all]")
+ help="create config files for [windows|unix|mac|android|all]")
group_extra.add_option("-e", "--prefix",
action="store",
dest="fprefix",
@@ -1045,10 +1045,14 @@
sectionname = 'mac conf'
print "Generating Mac configuration file"
f=open(self.working + '/' + self.fprefix + fname + '.conf', 'w')
+ elif sname == 'android':
+ sectionname = 'android conf'
+ print "Generating Android configuration file"
+ f=open(self.working + '/' + self.fprefix + fname + '.ovpn', 'w')
elif sname == 'all':
print "Generating all configuration files"
else:
- print "Incorrect OS type specified. Valid options are 'unix', 'windows', 'mac' or 'all'."
+ print "Incorrect OS type specified. Valid options are 'unix', 'windows', 'mac', 'android' or 'all'."
sys.exit()
if sname != 'all':
section=config[sectionname]
@@ -1069,9 +1073,19 @@
f.write(section[var] + '\n')
else:
f.write(section[var] + '\n')
+ if sname == 'android':
+ fp = open ( self.cacertfile, 'r' )
+ f.write('\n' + "<ca>" + '\n' + fp.read() + "</ca>" + '\n')
+ fp.close ()
+ fp = open ( self.working + '/' + self.fprefix + fname + '.crt', 'r' )
+ f.write('\n' + "<cert>" + '\n' + fp.read() + "</cert>" + '\n')
+ fp.close ()
+ fp = open ( self.working + '/' + self.fprefix + fname + '.key', 'r' )
+ f.write('\n' + "<key>" + '\n' + fp.read() + "</key>" + '\n')
+ fp.close ()
f.close()
else:
- os_versions = ["windows", "linux", "mac"]
+ os_versions = ["windows", "linux", "mac", "android"]
for os_type in os_versions:
# soort extensie ipv deze regel <<
if os_type == 'linux':
@@ -1086,6 +1100,10 @@
sectionname = 'mac conf'
print "Generating Mac configuration file"
f=open(self.working + '/' + self.fprefix + fname + '.mac.conf', 'w')
+ elif os_type == 'android':
+ sectionname = 'android conf'
+ print "Generating Android configuration file"
+ f=open(self.working + '/' + self.fprefix + fname + '.android.ovpn', 'w')
section=config[sectionname]
for var in section:
if var == 'ca':
@@ -1097,6 +1115,16 @@
f.write(section[var].replace('clientkeyfile', self.fprefix + fname + '.key') + '\n')
else:
f.write(section[var] + '\n')
+ if os_type == 'android':
+ fp = open ( self.cacertfile, 'r' )
+ f.write('\n' + "<ca>" + '\n' + fp.read() + "</ca>" + '\n')
+ fp.close ()
+ fp = open ( self.working + '/' + self.fprefix + fname + '.crt', 'r' )
+ f.write('\n' + "<cert>" + '\n' + fp.read() + "</cert>" + '\n')
+ fp.close ()
+ fp = open ( self.working + '/' + self.fprefix + fname + '.key', 'r' )
+ f.write('\n' + "<key>" + '\n' + fp.read() + "</key>" + '\n')
+ fp.close ()
f.close()
Code: Select all
--- stonevpn.conf.orig 2010-08-04 17:35:39.000000000 +0300
+++ stonevpn.conf 2013-01-17 02:46:36.718509951 +0200
@@ -114,3 +114,29 @@
verb = 'verb 3'
prot = 'proto tcp'
+[android conf]
+# add options to be added to the configuration file here
+daemon = 'daemon'
+dev = 'dev tun'
+ip = 'remote 12.34.56.78'
+# uncomment the next 3 lines to add redundant routers:
+# remote-random
+# resolv-retry 60
+# ip2 = 'remote 23.45.67.89'
+port = 'port 1194'
+#mssfix = 'mssfix 1300'
+client = 'client'
+tlc = 'tls-client'
+# don't touch the next 3 var names:
+#ca = 'ca /Library/openvpn/cacertfile'
+#cert = 'cert /Library/openvpn/clientcertfile'
+#key = 'key /Library/openvpn/clientkeyfile'
+lzo = 'comp-lzo'
+ping = 'ping 15'
+pingrestart = 'ping-restart 45'
+pingtimer = 'ping-timer-rem'
+persisttun = 'persist-tun'
+persistkey = 'persist-key'
+verb = 'verb 3'
+prot = 'proto tcp'
+
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Oct 21, 2010 10:56 am
Re: StoneVPN
Awesome! I'll review it and will probably include it in the next version.
Thanks!
Léon
Thanks!
Léon