added a twig template for a server config with an embedded certificate and associated code to make it work

5 years ago · cb7297eb88
parent 0d69847a99
commit cb7297eb88
2 changed files with 63 additions and 0 deletions
--- a/src/Handler/Panel/ConfigBuilder/Action.php
+++ b/src/Handler/Panel/ConfigBuilder/Action.php
@ -26,6 +26,7 @@ class Action extends Session
        if ($cert !== null) {
            $certModel = CertificateQuery::create()->findOneByUserAndName($this->getUser(), $cert);
            $this->addClientCertificateData($zip, $certModel);
+            $this->fillZipWithEmbeddedConfig($zip, $server, $certModel);

            $name .= '-' . $certModel->getName() . '.' . $certModel->getSerial();
        }
@ -52,6 +53,34 @@ class Action extends Session
        $zip->addFromString('ca.crt', file_get_contents($this->getCore()->getBaseDir() . '/storage/ca/ca.crt'));
    }

+    /**
+     * @param \ZipArchive $zip
+     * @param Server $server
+     * @param Certificate $cert
+     * @throws \Twig_Error_Loader
+     * @throws \Twig_Error_Runtime
+     * @throws \Twig_Error_Syntax
+     */
+    public function fillZipWithEmbeddedConfig($zip, $server, $cert)
+    {
+        /** @var \Twig_Environment $twig */
+        $twig = $this->get('twig');
+
+        $parameters = [
+            'server' => $server,
+            'crt' => $cert->getCertificate(),
+            'key' => '',
+        ];
+
+        if ($cert->hasPrivateKey()) {
+            $parameters['key'] = $cert->getPrivateKey();
+        }
+
+        $config = $twig->render('etc/openvpn-client-embedded.conf.twig', $parameters);
+
+        $zip->addFromString('server-embedded.conf', $config);
+    }
+
    /**
     * @param Server $server
     * @return string
--- a/views/etc/openvpn-client-embedded.conf.twig
+++ b/views/etc/openvpn-client-embedded.conf.twig
@ -0,0 +1,34 @@
+client
+
+dev zerooo
+dev-type tun
+
+proto {{ server.getProtocol() }}
+
+remote {{ server.getExternalIp() }} {{ server.getPort() }}
+resolv-retry infinite
+nobind
+
+user nobody
+group nogroup
+
+persist-key
+persist-tun
+
+remote-cert-tls server
+
+cipher AES-256-CBC
+
+comp-lzo
+
+<ca>
+{{ ca }}
+</ca>
+
+<cert>
+{{ cert }}
+</cert>
+
+<key>
+{{ key }}
+</key>