From 02b33b31704d93f47c2787ba1a159ea7f5126735 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9on=20Keijser?= Date: Thu, 13 Mar 2014 16:44:01 +0100 Subject: [PATCH] Added support for Android. Patch by Nerijus Baliunas --- StoneVPN/app.py | 34 +++++- conf/stonevpn.conf | 253 ++++++++++++++++++++++++--------------------- 2 files changed, 168 insertions(+), 119 deletions(-) diff --git a/StoneVPN/app.py b/StoneVPN/app.py index 3d9c029..143ad6b 100644 --- a/StoneVPN/app.py +++ b/StoneVPN/app.py @@ -144,7 +144,7 @@ def check_value(option,opt_str,value,parser): action="store", dest="confs", default="unix", - help="create config files for [windows|unix|mac|all]") + help="create config files for [windows|unix|mac|android|all]") group_extra.add_option("-e", "--prefix", action="store", dest="fprefix", @@ -1109,10 +1109,14 @@ def makeConfs(self, sname, fname): sectionname = 'mac conf' print "Generating Mac configuration file" f=open(self.working + '/' + self.fprefix + fname + '.conf', 'w') + elif sname == 'android': + sectionname = 'android conf' + print "Generating Android configuration file" + f=open(self.working + '/' + self.fprefix + fname + '.ovpn', 'w') elif sname == 'all': print "Generating all configuration files" else: - print "Incorrect OS type specified. Valid options are 'unix', 'windows', 'mac' or 'all'." + print "Incorrect OS type specified. Valid options are 'unix', 'windows', 'mac', 'android' or 'all'." sys.exit() if sname != 'all': section=config[sectionname] @@ -1133,9 +1137,19 @@ def makeConfs(self, sname, fname): f.write(section[var] + '\n') else: f.write(section[var] + '\n') + if sname == 'android': + fp = open ( self.cacertfile, 'r' ) + f.write('\n' + "" + '\n' + fp.read() + "" + '\n') + fp.close () + fp = open ( self.working + '/' + self.fprefix + fname + '.crt', 'r' ) + f.write('\n' + "" + '\n' + fp.read() + "" + '\n') + fp.close () + fp = open ( self.working + '/' + self.fprefix + fname + '.key', 'r' ) + f.write('\n' + "" + '\n' + fp.read() + "" + '\n') + fp.close () f.close() else: - os_versions = ["windows", "linux", "mac"] + os_versions = ["windows", "linux", "mac", "android"] for os_type in os_versions: # soort extensie ipv deze regel << if os_type == 'linux': @@ -1150,6 +1164,10 @@ def makeConfs(self, sname, fname): sectionname = 'mac conf' print "Generating Mac configuration file" f=open(self.working + '/' + self.fprefix + fname + '.mac.conf', 'w') + elif os_type == 'android': + sectionname = 'android conf' + print "Generating Android configuration file" + f=open(self.working + '/' + self.fprefix + fname + '.android.ovpn', 'w') section=config[sectionname] for var in section: if var == 'ca': @@ -1161,6 +1179,16 @@ def makeConfs(self, sname, fname): f.write(section[var].replace('clientkeyfile', self.fprefix + fname + '.key') + '\n') else: f.write(section[var] + '\n') + if os_type == 'android': + fp = open ( self.cacertfile, 'r' ) + f.write('\n' + "" + '\n' + fp.read() + "" + '\n') + fp.close () + fp = open ( self.working + '/' + self.fprefix + fname + '.crt', 'r' ) + f.write('\n' + "" + '\n' + fp.read() + "" + '\n') + fp.close () + fp = open ( self.working + '/' + self.fprefix + fname + '.key', 'r' ) + f.write('\n' + "" + '\n' + fp.read() + "" + '\n') + fp.close () f.close() diff --git a/conf/stonevpn.conf b/conf/stonevpn.conf index 05c86dd..52fe925 100644 --- a/conf/stonevpn.conf +++ b/conf/stonevpn.conf @@ -1,116 +1,137 @@ -[stonevpn conf] -# CA certificate file -cacertfile = '/etc/openvpn/server.crt' -# CA private key file (make sure running user has read rights!) -cakeyfile = '/etc/openvpn/server.key' -# This is needed to search for free IP-addresses -openvpnconf = '/etc/openvpn/vpnserver.conf' -# Search for free IP-adresses by parsing the files in this dir -ccddir = '/etc/openvpn/ccd' -# Temporary working dir (will be created if it doesn't exist) -working = '/var/stonevpn' -# OpenSSL configuration file -opensslconf = '/etc/pki/tls/openssl.cnf' -# push router ip (Only used with '--free-ip' parameter) -pushrouter = '10.11.12.13' -# Certificate Revocation List (CRL) file -crlfile = '/etc/openvpn/stonevpn.crl' -# if using password, which cipher method to use (openssl --help) -cipher = 'des3' -# prefix all files with: -prefix = 'mycorp-' -# For emailing generated files, specify SMTP server -mail_server = '127.0.0.1' -# Send CC to (leave blank (mail_cc = '') for none) -mail_cc = 'me@example.com,helpdesk@example.com' -# Email 'From' address -mail_from = 'stonevpn@example.com' -# Mail body (HTML formatted), don't change keyword EMAILRECIPIENT -mail_msg = "Hi EMAILRECIPIENT,

Attached with this e-mail are the generated configuration file and certificates for use with your VPN connection. PASSPHRASETXT If you have any questions, please contact support

Kind regards,

The Support department." -# Text to include when specifying a passhprase. This will be inserted -# in 'mail_msg' on placeholder PASSPRASETXT. If you don't use it, PASSPHRASETXT -# will be blanked out. Also, don't change keyword OPENSSLPASS as this will be -# replaced by the actual passphrase. -mail_passtxt = '
For security purposes, your key is encrypted with this password:

OPENSSLPASS

You will be prompted for this password when establishing a connection.' - -[windows conf] -# add options to be added to the configuration file here -# it doesn't really matter what the variable's name is :) -dev = 'dev tap' -ip = 'remote 12.34.56.78' -# uncomment the next 3 lines to add redundant routers: -# remote-random -# resolv-retry 60 -# ip2 = 'remote 23.45.67.89' -port = 'port 1194' -mssfix = 'mssfix 1300' -client = 'client' -tls = 'tls-client' -# actually for the next 3 vars, the name _does_ matter since -# we'll do some string replace stuff (to get the right filename) -ca = 'ca "c:\\Program Files\\OpenVPN\\config\\cacertfile"' -cert = 'cert "c:\\Program Files\\OpenVPN\\config\\clientcertfile"' -key = 'key "c:\\Program Files\\OpenVPN\\config\\clientkeyfile"' -lzo = 'comp-lzo' -ping = 'ping 15' -pingrestart = 'ping-restart 45' -pingtimer = 'ping-timer-rem' -persisttun = 'persist-tun' -persistkey = 'persist-key' -verb = 'verb 3' -prot = 'proto tcp' -float = 'float' - -[unix conf] -# add options to be added to the configuration file here -daemon = 'daemon' -dev = 'dev stonevpn' -devtype = 'dev-type tap' -ip = 'remote 12.34.56.78' -# uncomment the next 3 lines to add redundant routers: -# remote-random -# resolv-retry 60 -# ip2 = 'remote 23.45.67.89' -port = 'port 1194' -mssfix = 'mssfix 1300' -client = 'client' -tlc = 'tls-client' -# don't touch the next 3 var names: -ca = 'ca /etc/openvpn/cacertfile' -cert = 'cert /etc/openvpn/clientcertfile' -key = 'key /etc/openvpn/clientkeyfile' -lzo = 'comp-lzo' -ping = 'ping 15' -pingrestart = 'ping-restart 45' -pingtimer = 'ping-timer-rem' -persisttun = 'persist-tun' -persistkey = 'persist-key' -verb = 'verb 3' -prot = 'proto tcp' - -[mac conf] -# add options to be added to the configuration file here -daemon = 'daemon' -dev = 'dev tap' -ip = 'remote 12.34.56.78' -# uncomment the next 3 lines to add redundant routers: -# remote-random -# resolv-retry 60 -# ip2 = 'remote 23.45.67.89' -port = 'port 1194' -mssfix = 'mssfix 1300' -client = 'client' -tlc = 'tls-client' -# don't touch the next 3 var names: -ca = 'ca /Library/openvpn/cacertfile' -cert = 'cert /Library/openvpn/clientcertfile' -key = 'key /Library/openvpn/clientkeyfile' -lzo = 'comp-lzo' -ping = 'ping 15' -pingrestart = 'ping-restart 45' -pingtimer = 'ping-timer-rem' -persisttun = 'persist-tun' -persistkey = 'persist-key' -verb = 'verb 3' -prot = 'proto tcp' - +[stonevpn conf] +# CA certificate file +cacertfile = '/etc/openvpn/server.crt' +# CA private key file (make sure running user has read rights!) +cakeyfile = '/etc/openvpn/server.key' +# This is needed to search for free IP-addresses +openvpnconf = '/etc/openvpn/vpnserver.conf' +# Search for free IP-adresses by parsing the files in this dir +ccddir = '/etc/openvpn/ccd' +# Temporary working dir (will be created if it doesn't exist) +working = '/var/stonevpn' +# OpenSSL configuration file +opensslconf = '/etc/pki/tls/openssl.cnf' +# push router ip (Only used with '--free-ip' parameter) +pushrouter = '10.11.12.13' +# Certificate Revocation List (CRL) file +crlfile = '/etc/openvpn/stonevpn.crl' +# if using password, which cipher method to use (openssl --help) +cipher = 'des3' +# prefix all files with: +prefix = 'mycorp-' +# For emailing generated files, specify SMTP server +mail_server = '127.0.0.1' +# Send CC to (leave blank (mail_cc = '') for none) +mail_cc = 'me@example.com,helpdesk@example.com' +# Email 'From' address +mail_from = 'stonevpn@example.com' +# Mail body (HTML formatted), don't change keyword EMAILRECIPIENT +mail_msg = "Hi EMAILRECIPIENT,

Attached with this e-mail are the generated configuration file and certificates for use with your VPN connection. PASSPHRASETXT If you have any questions, please contact support

Kind regards,

The Support department." +# Text to include when specifying a passhprase. This will be inserted +# in 'mail_msg' on placeholder PASSPRASETXT. If you don't use it, PASSPHRASETXT +# will be blanked out. Also, don't change keyword OPENSSLPASS as this will be +# replaced by the actual passphrase. +mail_passtxt = '
For security purposes, your key is encrypted with this password:

OPENSSLPASS

You will be prompted for this password when establishing a connection.' + +[windows conf] +# add options to be added to the configuration file here +# it doesn't really matter what the variable's name is :) +dev = 'dev tap' +ip = 'remote 12.34.56.78' +# uncomment the next 3 lines to add redundant routers: +# remote-random +# resolv-retry 60 +# ip2 = 'remote 23.45.67.89' +port = 'port 1194' +mssfix = 'mssfix 1300' +client = 'client' +tls = 'tls-client' +# actually for the next 3 vars, the name _does_ matter since +# we'll do some string replace stuff (to get the right filename) +ca = 'ca "c:\\Program Files\\OpenVPN\\config\\cacertfile"' +cert = 'cert "c:\\Program Files\\OpenVPN\\config\\clientcertfile"' +key = 'key "c:\\Program Files\\OpenVPN\\config\\clientkeyfile"' +lzo = 'comp-lzo' +ping = 'ping 15' +pingrestart = 'ping-restart 45' +pingtimer = 'ping-timer-rem' +persisttun = 'persist-tun' +persistkey = 'persist-key' +verb = 'verb 3' +prot = 'proto tcp' +float = 'float' + +[unix conf] +# add options to be added to the configuration file here +daemon = 'daemon' +dev = 'dev stonevpn' +devtype = 'dev-type tap' +ip = 'remote 12.34.56.78' +# uncomment the next 3 lines to add redundant routers: +# remote-random +# resolv-retry 60 +# ip2 = 'remote 23.45.67.89' +port = 'port 1194' +mssfix = 'mssfix 1300' +client = 'client' +tlc = 'tls-client' +# don't touch the next 3 var names: +ca = 'ca /etc/openvpn/cacertfile' +cert = 'cert /etc/openvpn/clientcertfile' +key = 'key /etc/openvpn/clientkeyfile' +lzo = 'comp-lzo' +ping = 'ping 15' +pingrestart = 'ping-restart 45' +pingtimer = 'ping-timer-rem' +persisttun = 'persist-tun' +persistkey = 'persist-key' +verb = 'verb 3' +prot = 'proto tcp' + +[mac conf] +# add options to be added to the configuration file here +daemon = 'daemon' +dev = 'dev tap' +ip = 'remote 12.34.56.78' +# uncomment the next 3 lines to add redundant routers: +# remote-random +# resolv-retry 60 +# ip2 = 'remote 23.45.67.89' +port = 'port 1194' +mssfix = 'mssfix 1300' +client = 'client' +tlc = 'tls-client' +# don't touch the next 3 var names: +ca = 'ca /Library/openvpn/cacertfile' +cert = 'cert /Library/openvpn/clientcertfile' +key = 'key /Library/openvpn/clientkeyfile' +lzo = 'comp-lzo' +ping = 'ping 15' +pingrestart = 'ping-restart 45' +pingtimer = 'ping-timer-rem' +persisttun = 'persist-tun' +persistkey = 'persist-key' +verb = 'verb 3' +prot = 'proto tcp' + +[android conf] +# add options to be added to the configuration file here +daemon = 'daemon' +dev = 'dev tun' +ip = 'remote 12.34.56.78' +# uncomment the next 3 lines to add redundant routers: +# remote-random +# resolv-retry 60 +# ip2 = 'remote 23.45.67.89' +port = 'port 1194' +#mssfix = 'mssfix 1300' +client = 'client' +tlc = 'tls-client' +lzo = 'comp-lzo' +ping = 'ping 15' +pingrestart = 'ping-restart 45' +pingtimer = 'ping-timer-rem' +persisttun = 'persist-tun' +persistkey = 'persist-key' +verb = 'verb 3' +prot = 'proto tcp'