forked from zer.ooo/web
added a twig template for a server config with an embedded certificate and associated code to make it work
This commit is contained in:
parent
0d69847a99
commit
cb7297eb88
2 changed files with 63 additions and 0 deletions
|
|
@ -26,6 +26,7 @@ class Action extends Session
|
|||
if ($cert !== null) {
|
||||
$certModel = CertificateQuery::create()->findOneByUserAndName($this->getUser(), $cert);
|
||||
$this->addClientCertificateData($zip, $certModel);
|
||||
$this->fillZipWithEmbeddedConfig($zip, $server, $certModel);
|
||||
|
||||
$name .= '-' . $certModel->getName() . '.' . $certModel->getSerial();
|
||||
}
|
||||
|
|
@ -52,6 +53,34 @@ class Action extends Session
|
|||
$zip->addFromString('ca.crt', file_get_contents($this->getCore()->getBaseDir() . '/storage/ca/ca.crt'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param \ZipArchive $zip
|
||||
* @param Server $server
|
||||
* @param Certificate $cert
|
||||
* @throws \Twig_Error_Loader
|
||||
* @throws \Twig_Error_Runtime
|
||||
* @throws \Twig_Error_Syntax
|
||||
*/
|
||||
public function fillZipWithEmbeddedConfig($zip, $server, $cert)
|
||||
{
|
||||
/** @var \Twig_Environment $twig */
|
||||
$twig = $this->get('twig');
|
||||
|
||||
$parameters = [
|
||||
'server' => $server,
|
||||
'crt' => $cert->getCertificate(),
|
||||
'key' => '',
|
||||
];
|
||||
|
||||
if ($cert->hasPrivateKey()) {
|
||||
$parameters['key'] = $cert->getPrivateKey();
|
||||
}
|
||||
|
||||
$config = $twig->render('etc/openvpn-client-embedded.conf.twig', $parameters);
|
||||
|
||||
$zip->addFromString('server-embedded.conf', $config);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param Server $server
|
||||
* @return string
|
||||
|
|
|
|||
34
views/etc/openvpn-client-embedded.conf.twig
Normal file
34
views/etc/openvpn-client-embedded.conf.twig
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
client
|
||||
|
||||
dev zerooo
|
||||
dev-type tun
|
||||
|
||||
proto {{ server.getProtocol() }}
|
||||
|
||||
remote {{ server.getExternalIp() }} {{ server.getPort() }}
|
||||
resolv-retry infinite
|
||||
nobind
|
||||
|
||||
user nobody
|
||||
group nogroup
|
||||
|
||||
persist-key
|
||||
persist-tun
|
||||
|
||||
remote-cert-tls server
|
||||
|
||||
cipher AES-256-CBC
|
||||
|
||||
comp-lzo
|
||||
|
||||
<ca>
|
||||
{{ ca }}
|
||||
</ca>
|
||||
|
||||
<cert>
|
||||
{{ cert }}
|
||||
</cert>
|
||||
|
||||
<key>
|
||||
{{ key }}
|
||||
</key>
|
||||
Loading…
Reference in a new issue