Client profiles

[superstes]

Greetings.

Looks like a nice project!

Maybe I've overlooked it - but does it allow the download of generated client profiles?

Maybe with an option to include the client cert/key in it?
Also Target-OS specific.. Windows, Linux, MacOS, ChromeOS (onc-format)

[d3vilh]

Hi @superstes,
Sure, you can download client profiles by clicking to profile name.
this profile has cert/key inside, so you could just click on new cert name:

this cert includes everything you need for connection, including your custom options and TLS keys if you would use it:

client
dev tun
proto udp
remote 1.1.1.1 6666 udp
resolv-retry infinite
user nobody
group nogroup
persist-tun
persist-key
remote-cert-tls server
cipher AES-256-GCM
auth SHA512
auth-nocache
tls-client
redirect-gateway def1
verb 3
 
#Custom Option One
#Custom Option Two
#Custom Option Three
<ca>
-----BEGIN CERTIFICATE-----
MBAGA1UECgwJU3dlZXRIb21lMR0wGwYDVQQLDBRNeU9yZ2FuaXphdGlvbmFsVW5p
dDEPMA0GA1UEAwwGc2VydmVyMR0wGwYJKoZIhvcNAQkBFg5zd2VldEBob21lLm5l
m9n1Vzsga5t1hHZBdZlAlPGaFEU0lTqT/2aqu9Z3vBa0XmxaB+uyVMIFTcfPTMEE
pwFt5rf7bCxyKN8xwg==
-----END CERTIFICATE-----

</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c7:12:9d
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=UA, ST=KY, L=Kyiv, O=SweetHome, OU=MyOrganizationalUnit, CN=server/emailAddress=sweet@home.net
        Validity
            Not Before: Oct 14 09:26:06 2023 GMT
            Not After : Oct 11 09:26:06 2033 GMT
        Subject: C=UA, ST=KY, L=Kyiv, O=SweetHome, OU=MyOrganizationalUnit, CN=superstes/emailAddress=superstes@home.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a3:2d:bd:55:5e:5a:89:95:d6:59:ef:6b:73:a0:
                    b8:53:45:06:24:1c:59:ca:81:45:8d:0e:54:82:63:
                    03:8c:ef:e3:4d:4f:73:20:e1:9f:ac:12:e5:85:26:
                    17:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                01:84:6C:DB:3B:77:4A
            X509v3 Authority Key Identifier: 
                keyid:36:8E:37:70:AE:AA:6D
                DirName:/C=UA/ST=KY/L=Kyiv/O=SweetHome/OU=MyOrganizationalUnit/CN=server/emailAddress=sweet@home.net
                serial:30:AF:BC:6C:7A
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        7c:ab:de:be:97:81:d7:4e:48:33:ec:2c:eb:d1:7c:55:1f:05:
        35:e4:de:3f:3c:8b:65:f1:9d:f4:17:7b:47:e6:27:6c:e7:d5:
        cf:12:bb:29
-----BEGIN CERTIFICATE-----
MIIEyTCCA7GgAwIBAgIRAMcSEsjrBOoROufI+ZdxE50wDQYJKoZIhvcNAQELBQAw
gYwxCzAJBgNVBAYTAlVBMQswCQYDVQQIDAJLWTENMAsGA1UEBwwES3lpdjESMBAG
A1UECgwJU3dlZXRIb21lMR0wGwYDVQQLDBRNeU9yZ2FuaXphdGlvbmFsVW5pdDEP
Q3xEpLjGfFdN20K+oF/fSrKKLjkz182Fngk4dqH4FMdevFZQzKjhJ+iDZryK5vN2
dhXuiK/P0jXk3j88i2XxnfQXe0fmJ2zn1c8Suyk=
-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCjLb1VXlqJldZZ
72tzoLhTRQJmJdeHw6LnCKP
Wh0zuc2yfJlzTHWeLNttZ/5qSy9rYEzHZpdUxybj6P6J6SlxbDXGmYX4ncTJvcNq
8jRDhFTeYPEtmFpr9aNUsSnYY6vLghK/mjs4mU8Iz1Hrx/NqVgOM7+NNT3Mg4Z+s
EuWFJhddAgMBAAECggEAK8NiImmePYUeiltARbAGj2qVJY0m9b0q0pRTzO5aA0EV

-----END PRIVATE KEY-----

</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
46567dd7109894953a
8a007343baf184d352
c78d27c30b509a15c2
bf682ebe0f9277371a
11b59538b349f50faf
3bf2e963b392f8a6e8
-----END OpenVPN Static key V1-----

</tls-crypt>
# Auto generated by OpenVPN-UI v.0.9.4.1

As for supported OS, with Docker/Docker-desktop you could run it everywhere, on Windows/MacOS/Linux - does not matter.

If you would run it manually, without docker environment, then you need to build it and be sure easy-rsa and openvpn server configured correctly itself, runs well and path to its configuration persists in app.conf.