Merge branch 'release/v0.7.0'

.chglog/CHANGELOG.tpl.md

@@ -0,0 +1,57 @@
+{{ if .Versions -}}
+<a name="unreleased"></a>
+## [Unreleased]
+
+{{ if .Unreleased.CommitGroups -}}
+{{ range .Unreleased.CommitGroups -}}
+{{ range .Commits -}}
+- {{ .Header }}
+{{ end }}
+{{ end -}}
+{{ else }}
+{{ range .Unreleased.Commits -}}
+- {{ .Header }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+
+{{ range .Versions }}
+<a name="{{ .Tag.Name }}"></a>
+## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }}
+{{ if .CommitGroups -}}
+{{ range .CommitGroups -}}
+{{ range .Commits -}}
+- {{ .Header }}
+{{ end }}
+{{ end -}}
+{{ else }}
+{{ range .Commits -}}
+- {{ .Header }}
+{{ end }}
+{{ end -}}
+
+{{- if .RevertCommits -}}
+### Reverts
+{{ range .RevertCommits -}}
+- {{ .Revert.Header }}
+{{ end }}
+{{ end -}}
+
+{{- if .NoteGroups -}}
+{{ range .NoteGroups -}}
+### {{ .Title }}
+{{ range .Notes }}
+{{ .Body }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
+{{- if .Versions }}
+[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD
+{{ range .Versions -}}
+{{ if .Tag.Previous -}}
+[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
+{{ end -}}
+{{ end -}}
+{{ end -}}

.chglog/config.yml

@@ -0,0 +1,36 @@
+style: github
+template: CHANGELOG.tpl.md
+info:
+  title: CHANGELOG
+  repository_url: https://github.com/iphoting/ovpnmcgen.rb
+options:
+  commits:
+    # filters:
+    #   Type:
+    #     - feat
+    #     - fix
+    #     - perf
+    #     - refactor
+  commit_groups:
+    # title_maps:
+    #   feat: Features
+    #   fix: Bug Fixes
+    #   perf: Performance Improvements
+    #   refactor: Code Refactoring
+  header:
+    pattern: "^(.*)$"
+    pattern_maps:
+      - Subject
+
+  merges:
+    pattern: "^Merge branch '(\\w+)'$"
+    pattern_maps:
+      - Source
+
+  reverts:
+    pattern: "^Revert \"([\\s\\S]*)\"$"
+    pattern_maps:
+      - Header
+  notes:
+    keywords:
+      - BREAKING CHANGE

.travis.yml

@@ -1,5 +1,4 @@
 language: ruby
-#cache: bundler
 
 before_install:
   # https://github.com/travis-ci/travis-ci/issues/8978
@@ -8,10 +7,10 @@ before_install:
   - bundle version
 
 rvm:
-  - 2.2
   - 2.3
   - 2.4
   - 2.5
+  - 2.6
   - ruby-head
   - jruby-19mode
 
@@ -29,5 +28,5 @@ deploy:
   on:
     tags: true
     repo: "iphoting/ovpnmcgen.rb"
-    ruby: 2.4.0
+    ruby: 2.4
     branch: master

ChangeLog.md

@@ -0,0 +1,115 @@
+# ChangeLog
+
+<a name="unreleased"></a>
+## [Unreleased]
+
+
+
+
+<a name="v0.7.0"></a>
+## [v0.7.0] - 2019-08-31
+
+- Improve url probe handling
+- Extract user and device information from p12
+- Add support for disconnect on idle timer
+- Add support for customizing the VPN profile name
+- Make profile uuid stable
+- Improve profile description with VPN config map
+- Make vpn uuid stable
+- Make cert uuid stable
+- Add support for TLS-Crypt
+- Add workaround for global config flag not being parsed
+
+
+<a name="v0.6.0"></a>
+## [v0.6.0] - 2018-01-27
+
+- Fixed: Without `--p12file`, `AuthenticationMethod` must be set to `Password`.
+- Added support for `--cert` and `--key` for inline attachment of certificate and key, to workaround bug in OpenVPN Connect 1.2.5.
+- Added `--v12compat` switch for OpenVPN Connect 1.2.x compatibility for updated bundle identifier (VPNSubType) `net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x).
+- Added support for `vpn-on-demand: 0` key/value pair with `--no-vod` is set, so that OpenVPN Connect can control this profile..
+- Fixed: Domain VoD Actions should not be included without `--domains` flag.
+- Added support for `EvaluateConnection`, `Domains`, via `--domains`. It will include an `ActionParameters` dict containing `Domains`, and if `--domain-probe-url` is set, also contains `RequiredURLStringProbe`.
+
+
+<a name="v0.5.0"></a>
+## [v0.5.0] - 2015-02-22
+
+- New feature: Specify multiple remotes with `--remotes "host2 1194 tcp","host3 1195 udp"` flag.
+
+
+<a name="v0.4.2"></a>
+## [v0.4.2] - 2014-07-05
+
+- Bugfix: Default catch-all rule should be 'Ignore'.
+
+
+<a name="v0.4.1"></a>
+## [v0.4.1] - 2014-05-07
+
+- Fixed: SSIDs specified as string in config now produces correct output.
+
+
+<a name="v0.4.0"></a>
+## [v0.4.0] - 2014-05-07
+
+- Added support for configuration persistance, via ENV or `~/.ovpnmcgen.rb.yml` or `--config` flag.
+- Updated VoD rules in `--[un]trusted-ssids` to also use `InterfaceTypeMatch`.
+
+
+<a name="v0.3.0"></a>
+## [v0.3.0] - 2014-05-04
+
+- Updated documentation for `URLStringProbe` and `--url-probe`.
+- Added URLStringProbe support via `--url-probe` flag.
+
+
+<a name="v0.2.1"></a>
+## [v0.2.1] - 2014-04-19
+
+- Use a portable and native uuidgen implementation.
+- Minor fixes for bugs caught by tests.
+
+
+<a name="v0.2.0"></a>
+## [v0.2.0] - 2014-04-18
+
+- TLS-Auth keyfile now optional.
+- Added support for security-levels.
+- Support custom UUID values.
+
+
+<a name="v0.1.0"></a>
+## [v0.1.0] - 2014-03-27
+
+- Added support for --ovpnconfigfile.
+- Improved invalid arguments error message.
+- Shorter switches for --[un]trusted-ssids.
+- Support custom --port and --proto switches.
+
+
+<a name="v0.0.2"></a>
+## [v0.0.2] - 2014-03-26
+
+- Require at least ruby v1.9.3.
+
+
+<a name="v0.0.1"></a>
+## v0.0.1 - 2014-03-26
+
+- Initial release
+
+
+[Unreleased]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.7.0...HEAD
+[v0.7.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.6.0...v0.7.0
+[v0.6.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.5.0...v0.6.0
+[v0.5.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.5.0.pre...v0.5.0
+[v0.5.0.pre]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.4.2...v0.5.0.pre
+[v0.4.2]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.4.1...v0.4.2
+[v0.4.1]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.4.0...v0.4.1
+[v0.4.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.3.0...v0.4.0
+[v0.3.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.2.1...v0.3.0
+[v0.2.1]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.2.0...v0.2.1
+[v0.2.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.1.0...v0.2.0
+[v0.1.0]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.0.2...v0.1.0
+[v0.0.2]: https://github.com/iphoting/ovpnmcgen.rb/compare/v0.0.1...v0.0.2

bin/ovpnmcgen.rb

@@ -10,8 +10,10 @@
 program :help_formatter, Commander::HelpFormatter::Terminal
 default_command :help
 never_trace!
-global_option '-c', '--config FILE', 'Specify path to config file. [Default: .ovpnmcgen.rb.yml]'
-
+global_option('-c', '--config FILE', 'Specify path to config file. [Default: .ovpnmcgen.rb.yml]') do |config|
+  $config = config
+end
+
 command :generate do |c|
   c.syntax = 'ovpnmcgen.rb generate [options] <user> <device>'
   c.summary = 'Generates iOS Configuration Profiles (.mobileconfig)'
@@ -23,6 +25,7 @@
   c.example 'Using OpenSSL to convert from PKCS#12 (.p12) to Key PEM file', 'openssl pkcs12 -in path/to/john-ipad.p12 -out path/to/john-ipad-key.pem -nodes -nocerts'
   c.option '--cafile FILE', 'Path to OpenVPN CA file. (Required)'
   c.option '--tafile FILE', 'Path to TLS-Auth Key file.'
+  c.option '--tlscryptfile FILE', 'Path to TLS-Crypt Key file.'
   c.option '--cert FILE', 'Path to Cert file.'
   c.option '--key FILE', 'Path to Private Key file.'
   c.option '--host HOSTNAME', 'Hostname of OpenVPN server. (Required)'
@@ -34,27 +37,38 @@
   c.option '--v12compat', 'Enable OpenVPN Connect 1.2.x compatibility. When Enabled, use updated `VPNSubType: net.openvpn.connect.app` (changed since OpenVPN Connect 1.2.x). [Default: Disabled]'
   c.option '--security-level LEVEL', 'Security level of VPN-On-Demand Behaviour: paranoid, high, medium. [Default: high]'
   c.option '--vpn-uuid UUID', 'Override a VPN configuration payload UUID.'
+  c.option '--vpn-name NAME', 'Override a VPN configuration payload name displayed under Settings.app > General > VPN.'
   c.option '--profile-uuid UUID', 'Override a Profile UUID.'
   c.option '--cert-uuid UUID', 'Override a Certificate payload UUID.'
   c.option '-t', '--trusted-ssids SSIDS', Array, 'List of comma-separated trusted SSIDs.'
   c.option '-u', '--untrusted-ssids SSIDS', Array, 'List of comma-separated untrusted SSIDs.'
   c.option '-d', '--domains DOMAINS', Array, 'List of comma-separated domain names requiring VPN service.'
   c.option '--domain-probe-url PROBE', String, 'An HTTP(S) URL to probe, using a GET request. If no HTTP response code is received from the server, a VPN connection is established in response.'
+  c.option '--trusted-ssids-probe-url PROBE', String, 'An HTTP(S) URL to probe, using a GET request. If no HTTP response code is received from the server, a VPN connection may be established in response.'
   c.option '--url-probe URL', 'This URL must return HTTP status 200, without redirection, before the VPN service will try establishing.'
   c.option '--remotes REMOTES', Array, 'List of comma-separated alternate remotes: "<host> <port> <proto>".'
+  c.option '--idle-timer TIME', Integer, 'Disconnect from VPN when idle for a certain period of time (in seconds) which is useful for VPN-On-Demand scenarios. Requires disabling "Reconnect On Wakeup" on OpenVPN.app.'
   c.option '--ovpnconfigfile FILE', 'Path to OpenVPN client config file.'
   c.option '-o', '--output FILE', 'Output to file. [Default: stdout]'
   c.action do |args, options|
-    raise ArgumentError.new "Invalid arguments. Run '#{File.basename(__FILE__)} help generate' for guidance" if args.nil? or args.length < 2
-
     # Set up configuration environment.
-    if options.config
-      Ovpnmcgen.configure(options.config)
+    if $config
+      Ovpnmcgen.configure($config)
     else
       Ovpnmcgen.configure
     end
     config = Ovpnmcgen.config
 
+    user, device = args
+    if args.empty? and (options.p12file or config.p12file)
+      filename = File.basename((options.p12file or config.p12file), '.p12')
+      user, device = filename.split('-') if filename
+    end
+
+    unless user and device
+      raise ArgumentError.new "Invalid arguments. Run '#{File.basename(__FILE__)} help generate' for guidance"
+    end
+
     raise ArgumentError.new "Host is required" unless options.host or config.host
     raise ArgumentError.new "cafile is required" unless options.cafile or config.cafile
 
@@ -63,6 +77,14 @@
       raise ArgumentError.new "PKCS#12 or cert & key file required"
     end
 
+    if (options.trusted_ssids_probe_url or config.trusted_ssids_probe_url) and not (options.trusted_ssids or config.trusted_ssids)
+      raise ArgumentError.new "cannot set --trusted-ssids-probe-url without --trusted-ssids"
+    end
+
+    if (config.tafile or options.tafile) and (config.tlscryptfile or options.tlscryptfile)
+      raise ArgumentError.new "tafile and tlscryptfile cannot be both set"
+    end
+
     options.default :vod => case
       when config.vod == true || config.no_vod == false
         true
@@ -75,8 +97,6 @@
       :port => (config.port)? config.port : 1194,
       :security_level => (config.security_level)? config.security_level : 'high'
 
-    user, device = args
-
     inputs = {
       :user => user,
       :device => device,
@@ -87,22 +107,26 @@
       :port => options.port,
       :enableVOD => options.vod,
       :trusted_ssids => options.trusted_ssids || config.trusted_ssids,
+      :trusted_ssids_probe_url => options.trusted_ssids_probe_url || config.trusted_ssids_probe_url,
       :untrusted_ssids => options.untrusted_ssids || config.untrusted_ssids,
       :profile_uuid => options.profile_uuid || config.profile_uuid,
       :vpn_uuid => options.vpn_uuid || config.vpn_uuid,
+      :vpn_name => options.vpn_name || config.vpn_name,
       :cert_uuid => options.cert_uuid || config.cert_uuid,
       :security_level => options.security_level
     }
     inputs[:ovpnconfigfile] = options.ovpnconfigfile || config.ovpnconfigfile if options.ovpnconfigfile or config.ovpnconfigfile
     inputs[:p12file] = options.p12file || config.p12file if options.p12file or config.p12file
     inputs[:tafile] = options.tafile || config.tafile if options.tafile or config.tafile
+    inputs[:tlscryptfile] = options.tlscryptfile || config.tlscryptfile if options.tlscryptfile or config.tlscryptfile
     inputs[:cert] = options.cert || config.cert if options.cert or config.cert
     inputs[:key] = options.key || config.key if options.key or config.key
     inputs[:url_probe] = options.url_probe || config.url_probe if options.url_probe or config.url_probe
     inputs[:remotes] = options.remotes || config.remotes if options.remotes or config.remotes
     inputs[:domains] = options.domains || config.domains if options.domains or config.domains
     inputs[:domain_probe_url] = options.domain_probe_url || config.domain_probe_url if options.domain_probe_url or config.domain_probe_url
     inputs[:v12compat] = options.v12compat || config.v12compat if options.v12compat or config.v12compat
+    inputs[:idle_timer] = options.idle_timer || config.idle_timer if options.idle_timer or config.idle_timer
 
     unless options.output
       puts Ovpnmcgen.generate(inputs)