search

TinCanTech / easy-tls

Manage and Inline OpenVPN TLS keys and Easy-RSA PKI credentials. Supports OpenVPN TLS-Crypt-V2 key system and OpenVPN Peer-Fingerprint mode.
GNU General Public License v2.0
87 stars 19 forks source link

Interactive 'build': TCV2 client metadata for IP address is not recognised #299

Closed TinCanTech closed 2 years ago

TinCanTech commented 2 years ago

Using build:

Easy-TLS Inter-active TLS-key builder Menu.

====================

To cancel this inter-active menu at any time, press Control-C

* Available TLS-key types:

  [1] TLS-Auth key                   - Legacy HMAC pre-shared key
  [2] TLS-Crypt-V1 key               - Basic TLS-crypt-v1 pre-shared key
  [3] TLS-Crypt-V2 key for Server    - Advanced TLS-Crypt-v2 Server key
  [4] TLS-Crypt-V2 key for Client    - Advanced TLS-Crypt-v2 Client key
  [5] TLS-Crypt-V2 GROUP Client key  - Advanced TLS-Crypt-v2 GROUP Client key

  Select the type of TLS-key to build: 4

* Build TLS-Crypt-V2 key for Client

====================

To cancel this inter-active menu at any time, press Control-C

* First, you MUST enter your *Server* commonName.

* This field only requires the certificate commonName,
  it does not require the complete file name.

  Enter the commonName of your * Server * certificate: tuns_01194u

====================

To cancel this inter-active menu at any time, press Control-C

* Now, enter your *Client* commonName.

* This field only requires the certificate commonName,
  it does not require the complete file name.

  Enter the commonName of your * Client * certificate: arch

====================

To cancel this inter-active menu at any time, press Control-C

* Configure a custom group.

  You can configure a single Custom-Group like so:

    $ ./easytls config custom.group NAME

  If you want to configure a Custom-Group now then quit this menu.

  If you have configured your Custom-Group or do not require a Custom-Group
  then leave this field blank.

  * Your current Custom-Group is: wiscii

  Enter your Custom-Group or leave this blank to continue: 

====================

To cancel this inter-active menu at any time, press Control-C

* Each X509 Client certificate can have multiple TLS-Crypt-V2 keys,
  these keys are referred to as Sub-keys.  Each Sub-key is used in
  a separate inline file with the same X509 Client certificate.

  Enter the Sub-key Name for your key or leave blank to continue: 

====================

To cancel this inter-active menu at any time, press Control-C

* You can lock this key to specific filter-addresses.

  Hardware-addresses can be in the form of:
  * 0123456789ab or 01-23-45-67-89-AB or 01:23:45:67:89:AB

  IP-addresses can be in the form of:
  * IPv4 CIDR - eg: 1.2.0.0/16, 1.2.3.0/24 or 1.2.3.4/32
  * IPv6 CIDR - eg: 2000:1:2:3::/64 or 2000:1:2:3:4:5:6:7/128
  Ranges are in the first forms above. If you want to lock to a specific
  IP address (Not recommended) then you must use a host mask:
  * 1.2.3.4/32(v4) or 2000:1:2:3:4:5:6:7/128(v6)

  This field can contain any mixture of valid filter-addresses,
  however, each filter-address MUST be entered individually.

  Enter a single filter-address or leave blank to continue: 10.1.101.0/24

====================

To cancel this inter-active menu at any time, press Control-C

Current list:  10.1.101.0/24

  Enter a single filter-address or leave blank to continue: 

====================

* Easy-TLS command:

  * ./easytls --custom-group=wiscii build-tls-crypt-v2-client tuns_01194u arch  10.1.101.0/24

====================

Error log: 

Error: Invalid Address:  10.1.101.0/24

Easy-TLS 2.8.0 (0)

The problem above is the space before [ ]10.1.101.0/24 fails with error 11: https://github.com/TinCanTech/easy-tls/blob/e488621774e3cdbcc73021e310466f1f10bfef4b/easytls#L5790-L5795