Opened 6 years ago

Closed 3 years ago

#770 closed Feature Wish (notabug)

OpenVPN AS ca / cert / key configuration to support RTF encoding

Reported by: cjac Owned by: jamesyonan
Priority: minor Milestone:
Component: Access Server Version: OpenVPN 2.2.2 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc: Samuli Seppänen


I assisted a client today with configuration of an OpenVPN Access Server. The customer had saved the private key using an RTF editor before uploading it to the web form.

The customer could have saved a great deal of time and expense if the web form knew how to strip RTF encoding from input data. The standard posix FILE(1) program was able to recognize the file type.

I haven't looked at the HTTP POST processing code yet, but I assume that it detects PEM and DER encoding, so adding another layer of encoding (RTF) to the list should not be too much of a problem.

I am willing to review the code and contribute a patch if this is a deciding factor in whether this feature request is accepted.

Change History (5)

comment:1 Changed 6 years ago by cjac

I've traced the HTTP POST action, and it looks like the ca/cert/key are being posted to the server listening SSL port 943 with path /admin/web_server. On the SA host, I see the following:

cjac@jessie0:/usr/local/openvpn_as$ sudo netstat -ap --inet | grep 943
tcp        0      0 jessie0.colliertech:943 *:*                     LISTEN      15242/python    
tcp        0      0 jessie0.colliertech:943 probook0.colliert:44618 ESTABLISHED 15242/python    
tcp        0      0 jessie0.colliertech:943 probook0.colliert:44620 ESTABLISHED 15242/python    
tcp        0      0 jessie0.colliertech:943 probook0.colliert:44622 ESTABLISHED 15242/python    
cjac@jessie0:/usr/local/openvpn_as$ ps auwx | grep 15242
openvpn+ 15242  0.0  0.9 172380 40520 ?        S    Nov15   0:41 python -c from pyovpn.cserv.wserv_entry import start ; start() -no -u openvpn_as -g openvpn_as --pidfile /usr/local/openvpn_as/etc/tmp/ -r epoll
cjac     26155  0.0  0.0  12728  2092 pts/0    R+   14:36   0:00 grep 15242
cjac@jessie0:/usr/local/openvpn_as$ grep -rs 'wserv_entry' /usr/local/openvpn_as
Binary file /usr/local/openvpn_as/lib/python2.7/site-packages/pyovpn-2.0-py2.7.egg matches

After unzipping pyovpn-2.0-py2.7.egg, it seems that pyovpn.cserv.wserv_entry is only distributed as bytecode.

Can someone point me to the source for pyovpn.cserv.wserv_entry so that I can proceed?

comment:2 Changed 5 years ago by Gert Döring

Component: ManagementAccess Server
Owner: set to jamesyonan
Status: newassigned

comment:3 Changed 5 years ago by Gert Döring

Cc: Samuli Seppänen added

comment:4 in reply to:  1 Changed 5 years ago by Samuli Seppänen

Replying to cjac:

Can someone point me to the source for pyovpn.cserv.wserv_entry so that I can proceed?

Access Server's source code is not open source. I'll shoot an email at jamesyonan to remind him of this problem.

comment:5 Changed 3 years ago by novaflash

Resolution: notabug
Status: assignedclosed

Just reviewing and closing old tickets that were left open in the community site, although these were already copied into our internal tracking system and handled there.

Note: See TracTickets for help on using tickets.