Just about four weeks ago I posted about the resurrection of the .ovpn to .apc converter script. In the meantime Alois told me in the comments that while this was nice it didn’t work for current versions of the OpenVPN Access Server and the .ovpn files it creates.
Well, since there’s been nothing much else to do I did some more work on the script and I can now happily say that it now also converts the new .ovpn format to an .apc the Astaro can understand. Unfortunately, there’s a little catch: the OpenVPN Access Server relies on ‘tls-auth’ for client connections and the Astaro neither knows of that concept not provides a method to import the needed key file. So I had to do some creative manipulation to make the Astaro do my bidding to include the necessary config statements. In addition, you will need to manually copy the key file to the Astaro to make everything work as expected. To make things as easy as possible, the script will tell you what to do.
If you’re interested, check out the latest version of ovpn-to-apc.sh on Gitorious. If it works for you, let me know. If it doesn’t, let me know, too.
Hi,
I used your script and ran into a few errors, so I modified the code a little bit.
1. I needed the tlsremote field and some quotations marks. The reason for the quotations where that UTM 9 is converting the file to:
tls-auth ta.key
key-direction 1
"
This results in an Quotations Error and a connection ist not possible, so I changed it to:
tls-auth ta.key
key-direction "1"
2. The ovpn file has to be in unix format so I convert it at the beginning.
3. The user field is requiered so I copied your password dummy code.
And here is the diff:
< echo "/CN=OpenVPN_Server" > ${takey}
< echo "tls-auth /etc/${tafile:2}" >> ${takey}
< echo "key-direction 1" >> ${takey}
---
> tlsremote=`grep "^tls-remote " ${OvpnFile} | cut -d ' ' -f2 |tr -d '\r\n'`
> if [ -z "${tlsremote}" ]; then
> echo "/CN=OpenVPN_Server\"" > ${takey}
> else
> echo ${tlsremote}\" > ${takey}
> fi
> echo "tls-auth /etc/${tafile:2}" >> ${takey}
> echo -n "key-direction \"1" >> ${takey}
186a192,198
> ##
> # Convert Dos to Unix
> ##
> `tr -d '\r' < ${OvpnFile} > tmp.ovpn`
> `rm ${OvpnFile}`
> `mv tmp.ovpn ${OvpnFile}`
>
213,214c225,226
< # Passwort field is required by Astaro but
< # wrong content doesn't hurt operations
---
> # Passwort and User field is required by Astaro
> # but wrong content doesn't hurt operations
219a232,235
> if [ -z "${user}" ]; then
> user="dummy"
> fi
>
If you need the whole file, just write me.
Best regards
inx
How about sending me a merge request on Gitorious? ;)
Hi Stefan,
I hope you’re in a caring mood today!
I merged the diffs into the script myself and tried it. For some reason, utm is rejecting the opc file, says “config package is corrupt”. The control codes in the header were different from an opc file generated by utm so I modified the script to generate the same header. It still rejects the script. Not sure what’s wrong, but if you have any suggestions, I’d really appreciate them. I’m going to have to abandon utm if I can’t get it to talk with an openvpn server. I can’t figure out why they won’t fix this. It’s gotta be a trivial thing for them to address. I’ll send you the script with the changes I made.
Thanks for your help.