#!/usr/bin/perl # Stefan Tomanek # updated by Wolfram Sang on 21.10.06 and on 26.06.07 ## # pcf2vpnc [vpnc file] ## # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # $Id: pcf2vpnc 360 2008-11-19 11:14:48Z Joerg Mayer $ use IO::File; use strict; use warnings; my %authmode = ( 1 => 'psk', 3 => 'cert', 5 => 'hybrid' ); my $needs_cert = 0; my $no_decrypt = 0; if (system("cisco-decrypt", "q") == -1) { $no_decrypt = 1; print STDERR "cisco-decrypt not in search path,\n"; print STDERR " adding passwords in obfuscated form\n"; } sub readPCF($) { my ($file) = @_; my %config; while (<$file>) { # Filter unnecessary chars at beginning & end of line s/^!*//; s/[\r ]*$//; if (/^(.*?)=(.*?)$/) { # We don't need emtpy config strings next if ($2 eq ""); if ($1 eq "Host") { $config{IPSec}{gateway} = $2; } elsif ($1 eq "GroupName") { $config{IPSec}{ID} = $2; } elsif ($1 eq "GroupPwd") { $config{IPSec}{secret} = $2; } elsif ($1 eq "enc_GroupPwd") { if ($no_decrypt) { $config{IPSec}{obfuscated} = "secret $2"; } else { $config{IPSec}{secret} = `cisco-decrypt $2`; } } elsif ($1 eq "AuthType") { $config{IKE}{Authmode} = $authmode{$2}; if ($2 == 3 || $2 == 5) { $needs_cert = 1; } } elsif ($1 eq "DHGroup") { $config{IKE}{DH} = "Group dh$2"; } elsif ($1 eq "Username") { $config{Xauth}{username} = $2; } elsif ($1 eq "UserPassword") { $config{Xauth}{password} = $2; } elsif ($1 eq "enc_UserPassword") { if ($no_decrypt) { $config{Xauth}{obfuscated} = "password $2"; } else { $config{Xauth}{password} = `cisco-decrypt $2`; } } elsif ($1 eq "NTDomain") { $config{Domain}{""} = $2; } } } return \%config; } sub writeVPNC($) { my ($config) = @_; my $text = "## generated by pcf2vpnc\n"; foreach my $section (keys %$config) { foreach my $item (keys %{ $config->{$section} }) { $text .= "$section ".($item ? "$item " : '').$config->{$section}{$item}."\n"; } } unless (defined $config->{Xauth}) { $text .= "\n## To add your username and password,\n"; $text .= "## use the following lines:\n"; $text .= "# Xauth username \n"; $text .= "# Xauth password \n"; } return $text; } if (defined $ARGV[0]) { my $src = new IO::File($ARGV[0]) || die "Unable to open file ".$ARGV[0]."\n"; if (defined $ARGV[1]) { my $dst = new IO::File($ARGV[1], "w") || die "Unable to open file ".$ARGV[1]."\n"; $dst->write( writeVPNC(readPCF($src)) ) || die "Unable to write to file ".$ARGV[1]."\n"; $dst->close() || die "Unable to close file ".$ARGV[1]."\n"; printf STDERR "vpnc config written to '%s' with permissions '%04o'.\n", $ARGV[1], (stat($ARGV[1]))[2]; print STDERR "Please take care of permissions.\n"; } else { print writeVPNC(readPCF($src)); } $src->close() || die "Unable to close file ".$ARGV[0]."\n"; if ($needs_cert) { print STDERR "\nDon't forget to copy the needed certificate(s).\n\n"; } } else { print STDERR "$0 converts VPN-config files from pcf to vpnc-format.\n"; print STDERR "Usage: $0 [vpnc file]\n"; }