Java OpenVPN Api生成ovpn文件
我需要在Java应用程序中使用OpenVPN API生成一个ovpn文件,但是我似乎找不到关于这个API的任何信息。有人有任何经验或信息可以让我开始吗Java OpenVPN Api生成ovpn文件,java,api,openvpn,Java,Api,Openvpn,我需要在Java应用程序中使用OpenVPN API生成一个ovpn文件,但是我似乎找不到关于这个API的任何信息。有人有任何经验或信息可以让我开始吗 谢谢好的,我为其他与此相关的人找到了以下信息: OpenVPN-AS REST API ------------------- The OpenVPN Access Server supports a Web Services API that can be used to fetch a client configuration file f
谢谢好的,我为其他与此相关的人找到了以下信息:
OpenVPN-AS REST API
-------------------
The OpenVPN Access Server supports a Web Services API that can be
used to fetch a client configuration file from the Access Server.
The curl command can be used to easily access this API as follows:
curl -u USERNAME:PASSWORD https://ACCESS_SERVER:CWS_PORT/rest/METHOD
Any generic HTTPS client tool (including even a web browser) can be used
to access the API -- curl is just used here as an example. Whatever
method is used, the USERNAME:PASSWORD pair should be passed to the API
using HTTP Basic Authentication.
Replace the above variables in the curl command as follows:
USERNAME -- the username of the Access Server user for whom a configuration
file is sought.
PASSWORD -- the password of the Access Server user for whom a configuration
file is sought.
ACCESS_SERVER -- the domain name or public IP address of the Access Server.
CWS_PORT -- the port that the client web server is listening on. Usually
443 but may be different based on the specific Access Server
configuration. This is normally the same port that you would
use to connect to the Client Web Server UI.
METHOD:
* GetUserlogin -- get an OpenVPN client configuration file
that will require a username and password to connect to the Access
Server.
* GetAutologin -- get an OpenVPN configuration file that will
authenticate with the Access Server using only a client
certificate, with no username and password required. This is ideal
for unattended clients such as routers, servers, or appliances.
Note that for Autologin configurations, the user (specified by
USERNAME) must have the Autologin permission enabled in the User
Permissions page of the Access Server Admin UI.
* GetGeneric -- get a generic OpenVPN configuration file that is not
customized to a particular user. This type of configuration is
used in External PKI mode, when client certificates/keys are
distributed out-of-band relative to the OpenVPN configuration
file. Also note that when External PKI mode is enabled, both
GetUserlogin and GetAutologin methods return the generic
version configuration file.
On success, the web services API will return the OpenVPN client configuration
file as content-type text/plain.
On error, an error message will be returned as content-type text/xml. These
are some of the common error returns:
Authentication failed (bad USERNAME or PASSWORD):
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Type>Authorization Required</Type>
<Synopsis>REST method failed</Synopsis>
<Message>AUTH_FAILED: Server Agent XML method requires authentication (9007)</Message>
</Error>
User does not have permission to use an Autologin profile:
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Type>Internal Server Error</Type>
<Synopsis>REST method failed</Synopsis>
<Message>NEED_AUTOLOGIN: User 'USERNAME' lacks autologin privilege (9000)</Message>
</Error>
Handling challenge/response authentication:
It is possible that the server may issue a challenge to the authentication
request, for example suppose we have a user called 'test' and a password
of 'mypass". Get the OpenVPN config file:
curl -u test:mypass https://ACCESS_SERVER/rest/GetUserlogin
But instead of immediately receiving the config file,
we might get a challenge instead:
<Error>
<Type>Authorization Required</Type>
<Synopsis>REST method failed</Synopsis>
<Message>CRV1:R,E:miwN39AlF4k40Fd8X8r9j74FuOoaJKJM:dGVzdA==:Turing test: what is 1 x 3? (9007)</Message>
</Error>
a challenge is indicated by the "CRV1:" prefix in the <Message> (meaning
Challenge Response protocol Version 1). The CRV1 message is formatted
as follows:
CRV1:<flags>:<state_id>:<username_base64>:<challenge_text>
flags : a series of optional, comma-separated flags:
E : echo the response when the user types it
R : a response is required
state_id: an opaque string that should be returned to the server
along with the response.
username_base64 : the username formatted as base64
challenge_text : the challenge text to be shown to the user
After showing the challenge_text and getting a response from the user
(if R flag is specified), the client should resubmit the REST
request with the USERNAME:PASSWORD field in the HTTP header set
as follows:
<username decoded from username_base64>:CRV1::<state_id>::<response_text>
Where state_id is taken from the challenge request and response_text
is what the user entered in response to the challenge_text.
If the R flag is not present, response_text may be the empty
string.
Using curl to respond to the turing test given in the example above:
curl -u "test:CRV1::miwN39AlF4k40Fd8X8r9j74FuOoaJKJM::3" https://ACCESS_SERVER/rest/GetUserlogin
If the challenge response (In this case '3' in response to the turing
test) is verified by the server, it will then return the configuration
file per the GetUserlogin method.
OpenVPN作为restapi
-------------------
OpenVPN访问服务器支持可以
用于从Access服务器获取客户端配置文件。
curl命令可用于轻松访问此API,如下所示:
curl-u用户名:密码https://ACCESS_SERVER:CWS_PORT/rest/METHOD
可以使用任何通用的HTTPS客户端工具(甚至包括web浏览器)
要访问API,这里只使用curl作为示例。无论什么
方法时,用户名:密码对应传递给API
使用HTTP基本身份验证。
在curl命令中替换上述变量,如下所示:
USERNAME--为其配置的Access Server用户的用户名
正在查找文件。
PASSWORD--为其配置的Access Server用户的密码
正在查找文件。
ACCESS_SERVER--访问服务器的域名或公共IP地址。
CWS_端口--客户端web服务器正在侦听的端口。通常
443但根据特定的访问服务器可能有所不同
配置这通常是您要使用的同一端口
用于连接到客户端Web服务器UI。
方法:
*GetUserlogin——获取OpenVPN客户端配置文件
这将需要用户名和密码才能连接到访问
服务器。
*获取一个OpenVPN配置文件,该文件将
仅使用客户端向访问服务器进行身份验证
证书,不需要用户名和密码。这是理想的
用于无人值守的客户端,如路由器、服务器或设备。
请注意,对于Autologin配置,用户(由
用户名)必须在用户中启用自动登录权限
访问服务器管理UI的权限页。
*GetGeneric--获取一个不可用的通用OpenVPN配置文件
为特定用户定制。这种类型的配置是
在外部PKI模式下使用,当客户端证书/密钥
相对于OpenVPN配置分布在带外
文件还请注意,如果启用了外部PKI模式,则
GetUserlogin和GetAutologin方法返回泛型
版本配置文件。
成功后,web服务API将返回OpenVPN客户端配置
文件作为内容类型text/plain。
出现错误时,将以内容类型text/xml返回错误消息。这些
以下是一些常见的错误返回:
身份验证失败(用户名或密码错误):
需要授权
REST方法失败
身份验证失败:服务器代理XML方法需要身份验证(9007)
用户没有使用自动登录配置文件的权限:
内部服务器错误
REST方法失败
需要自动登录:用户“用户名”缺少自动登录权限(9000)
处理质询/响应身份验证:
服务器可能会对身份验证发出质询
例如,假设我们有一个名为“test”的用户和一个密码
获取OpenVPN配置文件:
curl-u检验:mypasshttps://ACCESS_SERVER/rest/GetUserlogin
但不是立即接收配置文件,
我们可能会遇到挑战:
需要授权
REST方法失败
CRV1:R,E:miwN39AlF4k40Fd8X8r9j74FuOoaJKJM:dGVzdA==:图灵测试:什么是1 x 3?(9007)
质询由(含义)中的“CRV1:”前缀表示
质询响应协议版本1)。CRV1消息已格式化
详情如下:
CRV1:::
标志:一系列可选的逗号分隔标志:
E:当用户键入响应时,回显响应
R:需要回复
state_id:应返回到服务器的不透明字符串
以及回应。
username\u base64:格式为base64的用户名
质询文本:向用户显示的质询文本
显示质询_文本并获得用户响应后
(如果指定了R标志),则客户端应重新提交其余内容
使用HTTP头集中的USERNAME:PASSWORD字段请求
详情如下:
:CRV1:::
其中state_id取自质询请求和响应_文本
是用户为响应质询_文本而输入的内容。
如果R标志不存在,则响应_文本可能为空
一串
使用curl响应上例中给出的图灵测试:
旋度-u“测试:CRV1::miwN39AlF4k40Fd8X8r9j74FuOoaJKJM::3”https://ACCESS_SERVER/rest/GetUserlogin
如果质询响应(在本例中为“3”响应图灵
测试),然后它将返回配置
根据GetUserlogin方法创建文件。
写在上。它只是openvpn命令的包装器,因此在任何其他技术上都很容易重写。文章中可以找到一些基本命令。问题,这是否只为现有用户获取证书?因为您创建的用户如何拥有使用Autologin配置文件的权限(例如,如果尚未创建用户配置文件)?