Re: Support for markup configuration with NetworkManager-openvpn

From: Jonathan Petersson <jpetersson garnser se>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: Support for markup configuration with NetworkManager-openvpn
Date: Sun, 29 Mar 2009 10:30:40 -0700

Here's the supported syntax:

# Sample unified OpenVPN config file where all certificates
# and keys are specified inline.  Inline files are supported
# in OpenVPN 2.1.

# Inline files may be used with the following directives:
# 1. secret
# 2. ca
# 3. dh
# 4. cert
# 5. key
# 6. tls-auth

# To use an inline file, use an xml-like syntax as follows:
# <directive>
# [file content]
# ...
# </directive>

remote 1.2.3.4
client
proto tcp
port 1194
dev tun
ns-cert-type server
auth-user-pass
auth-retry interact
comp-lzo
verb 3

<ca>
-----BEGIN CERTIFICATE-----
MIIBszCCARygAwIBAgIESbWTdDANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpP
cGVuVlBOIENBMB4XDTA5MDMwOTIyMDg1MloXDTE5MDMwNzIyMDg1MlowFTETMBEG
A1UEAxMKT3BlblZQTiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyaBW
oE6HBiNa6ZVNqyTjTM4lHDyRRw8oKnGWi795aJJLNz35ahAbK7MhSMt6CCzt3PnD
yHueDu9G2PswfXHB8dqyxvbOV+xvf61BcLVkuindGYXLBE0CIeLCc9IMbhlkw5oT
eVUoPOcy4YIByXyNmx6tQg5l0wrN89xrVCcG3iUCAwEAAaMQMA4wDAYDVR0TBAUw
AwEB/zANBgkqhkiG9w0BAQUFAAOBgQBeQnkA3EVpfQmbprMhWMswBvimnQpXXshu
XvNp+Q8BPs+DLxEs6L0DPB9n4qSGjcGVATRsy3iKmGoraRtwz5yxGRcsTru2j9jF
KbLuVCzzlYzeX7Ysle+eKif82qDX5bRxjjOo0bYONcPZHCYf2Of3uSj4fie02GzR
/chO7oasBA==
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
MIIBzDCCATWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpPcGVu
VlBOIENBMB4XDTA5MDMxODE4MjEzM1oXDTE5MDMxNjE4MjEzM1owITEfMB0GA1UE
AxQWdGVzdEB3aW4yMDAzLnlvbmFuLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAr5X7alPPKB28GgxDAwr56BkEknfTnXEYgxqK9utltPkFlzyhs9NKQdmt
fk8Tcr0uKqe46KTrkFziv6dDuu1xJif7Pza2uCLpN6D35HZKZJEZMMiX/BQtqrvr
fHxCHEtpChy9eWSKpxgK+seFQP0VL7aUKQeowxg043wCR9g+ZRUCAwEAAaMgMB4w
CQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQEFBQADgYEA
BjwC31oDnZaf75NBn6ELmvrnZNsApdFwRSQtBcQ9R6TKOFRr4IUNevBk1jsyVm1T
fLNQXUubSsrNU1K73y4wFs/8kHVDIUl2owkREM5XY5PvUWqj/Yb+W+2+hLjtqrIM
bYDmFWuoZdH10+CKccvQqI53t0yUBpEfWnHQoioSdRA=
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDSElzGTRM0rs/6q/7L3ozxS0qVKGCHgiy4weWOxl0RWGGkpfFC
14Z0bJ2cevA6XCnmUztebdjwRQYsI+4JvAKPDrjVMx/DShECSAvMS61udOCiU7HW
zIm54m/bFbMZHlcEeUg62nYx/L/TNCHnMtieBk6+8+N5sFT90UIyqj56wQIDAQAB
AoGBAK8RoIGekCfym99DYYfTg9A/t/tQeAnWYaDj7oSrKbqf1lgZ91OGPEZgkoVr
KzLnxf9uU+bhUs8CJx+4HdO8/L9rAJA+oD9QNuMp0elN4AKuEGE1Eq3a0e3cmgPI
+VIoXM6WVAGgK9I03Zu/UerYQ/DdXWGOIsKhFe8qyQoG9pKxAkEA9ld6O9MHQt3d
JAjJkgCNn4psozxjrfLWy2huXd3H3CRqGMjLITDGzdkVSgXjHokBYroi0+TZTu4M
ulJSJaWwBQJBANpO2DAexH2zRHw5Z6QyeEVxz7B3/FzU4GgJx9BH+FSBh+F0G5Ln
ir5Vst8vZ/LGcgpYjHQLNAvZVgUjiQ4Y6I0CQGvwMJL+CHR4GmmroAblTyjU0n1D
/Lk/anZ+L73Za7U+D28ErFzCrpmLwRRKOBYtGfpUbOZDpCQ9kj4hy/TLALECQCcL
9ysUNbzt9Y/qjJkX1d9F7gn4TBEmmkTBixW76bTjvjQbGlt6Qpyso2O8DPGlgPxM
vkJ7RoHgC7y7kGYPGnkCQBVxSNGIjLx4NQBgN4HD0y4+fars1PTUGnckBcS4npb9
onLNyerBlWdBwbARyBS7WPIbyyf5VCrn3yIqWxaARO0=
-----END RSA PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----
15ffe194eaa9ce6ba5ea80fed65491dd
0aaa6706288256467122006538284177
3b112097307af7c57cd93409fc92c693
be90a056ae92c440b795e33b40e616d4
868a75264ab91bdf6362a8265001eb7e
cb0b79b96b81adf65c8cff52ab962ed6
adc9309d5f46aade2644f264fdb864f0
05be0f536d118cdd30564ba9727d006c
4451ee8e0c8b33ee3a9e2595e68dc414
63b742a444d9e4fa8ecf34eb9f887ee5
308fecbfbf764b94ebd96f1c0b36fcfb
816173ad30bb19253e18cc5af4c73060
65c8414d2e28bc4bf779159ad616f50c
79766ab9b17a9a2d1762f4b04049d87f
d74c6aa6a7386c7a6d9fc46c543cd2dc
6d2c0724b639556a6f3894b76101881e
-----END OpenVPN Static key V1-----
</tls-auth>


On Fri, Mar 27, 2009 at 3:18 PM, Jonathan Petersson
<jpetersson garnser se> wrote:
> It doesn't seam like OpenVPN Technologies has released any
> documentation on it yet even though it's been supported since
> 2.1-beta7. I've sent them an email checking if they have anything they
> can share. I'll give it a try to add it to the parser.
>
> /Jonathan
>
> On Fri, Mar 27, 2009 at 3:08 PM, Dan Williams <dcbw redhat com> wrote:
>> On Tue, 2009-03-24 at 11:31 -0700, Jonathan Petersson wrote:
>>> Hi all,
>>>
>>> As of OpenVPN 2.1 beta 7 support has been added enclose various
>>> elements directly to the configuration rather than separate files
>>> using markup.
>>>
>>> Is there today support to enable features like this with the GConf
>>> backend in place?
>>>
>>> Quote from changlog for OpenVPN 2.1 beta7:
>>> "* Allow ca, cert, key, and dh files to be specified
>>>   inline via XML-like syntax without needing to
>>>   reference an explicit file.
>>>   For example:
>>>   <ca>
>>>       data here...
>>>   </ca>
>>> "
>>
>> That's nifty.  There's no code in place to support this at this time,
>> but it doesn't look too hard to do.
>>
>> Dan
>>
>>
>>
>

References:
- Support for markup configuration with NetworkManager-openvpn
  - From: Jonathan Petersson
- Re: Support for markup configuration with NetworkManager-openvpn
  - From: Dan Williams
- Re: Support for markup configuration with NetworkManager-openvpn
  - From: Jonathan Petersson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]