iron.git

diff --git a/iron/Makefile.in b/iron/Makefile.in
index 6b6d78aadfa564af14961b57b81dc057b0ddd345..0719f823486f7b6fe4aac5aeb35a53301ebd3134 100644
--- a/iron/Makefile.in
+++ b/iron/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -131,7 +131,7 @@   $(RECURSIVE_TARGETS) \
   $(RECURSIVE_CLEAN_TARGETS) \
   $(am__extra_recursive_targets)
 AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
-	cscope distdir dist dist-all distcheck
+	cscope distdir distdir-am dist dist-all distcheck
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -192,6 +192,8 @@   reldir="$$dir2"
 DIST_ARCHIVES = $(distdir).tar.gz
 GZIP_ENV = --best
 DIST_TARGETS = dist-gzip
+# Exists only to be overridden by the user if desired.
+AM_DISTCHECK_DVI_TARGET = dvi
 distuninstallcheck_listfiles = find . -type f -print
 am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
   | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
@@ -295,8 +297,8 @@ 	  *config.status*) \
 	    echo ' $(SHELL) ./config.status'; \
 	    $(SHELL) ./config.status;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -414,7 +416,10 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 	-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	$(am__remove_distdir)
 	test -d "$(distdir)" || mkdir "$(distdir)"
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -479,7 +484,7 @@ 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
 	|| chmod -R a+r "$(distdir)"
 dist-gzip: distdir
-	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
 	$(am__post_remove_distdir)
 
 dist-bzip2: distdir
@@ -494,6 +499,10 @@ dist-xz: distdir
 	tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
 	$(am__post_remove_distdir)
 
+dist-zstd: distdir
+	tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
+	$(am__post_remove_distdir)
+
 dist-tarZ: distdir
 	@echo WARNING: "Support for distribution archives compressed with" \
 		       "legacy program 'compress' is deprecated." >&2
@@ -505,7 +514,7 @@ dist-shar: distdir
 	@echo WARNING: "Support for shar distribution archives is" \
 	               "deprecated." >&2
 	@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
-	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
 	$(am__post_remove_distdir)
 
 dist-zip: distdir
@@ -523,7 +532,7 @@ # tarfile.
 distcheck: dist
 	case '$(DIST_ARCHIVES)' in \
 	*.tar.gz*) \
-	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
+	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
 	*.tar.bz2*) \
 	  bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
 	*.tar.lz*) \
@@ -533,9 +542,11 @@ 	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
 	*.tar.Z*) \
 	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
 	*.shar.gz*) \
-	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
+	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
 	*.zip*) \
 	  unzip $(distdir).zip ;;\
+	*.tar.zst*) \
+	  zstd -dc $(distdir).tar.zst | $(am__untar) ;;\
 	esac
 	chmod -R a-w $(distdir)
 	chmod u+w $(distdir)
@@ -551,7 +562,7 @@ 	    $(AM_DISTCHECK_CONFIGURE_FLAGS) \
 	    $(DISTCHECK_CONFIGURE_FLAGS) \
 	    --srcdir=../.. --prefix="$$dc_install_base" \
 	  && $(MAKE) $(AM_MAKEFLAGS) \
-	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \
 	  && $(MAKE) $(AM_MAKEFLAGS) check \
 	  && $(MAKE) $(AM_MAKEFLAGS) install \
 	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
@@ -712,7 +723,7 @@ .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
 	am--refresh check check-am clean clean-cscope clean-generic \
 	cscope cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \
 	dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \
-	distcheck distclean distclean-generic distclean-tags \
+	dist-zstd distcheck distclean distclean-generic distclean-tags \
 	distcleancheck distdir distuninstallcheck dvi dvi-am html \
 	html-am info info-am install install-am install-data \
 	install-data-am install-dvi install-dvi-am install-exec \




diff --git a/iron/bin/Makefile.in b/iron/bin/Makefile.in
index 8aeadbb4ccd2d8eab41e55cadfcdf6b36b523dbb..376ccc6beec20c588185f693a22e07342b406f5a 100644
--- a/iron/bin/Makefile.in
+++ b/iron/bin/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -242,8 +242,8 @@ 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -298,7 +298,10 @@
 cscope cscopelist:
 
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \




diff --git a/iron/configure b/iron/configure
index e2719fc519b23175791387fddaad3f7d9f12c1cd..6902108a4b75760a0c725762665727eed496b54e 100755
--- a/iron/configure
+++ b/iron/configure
@@ -1718,7 +1718,7 @@
 
 ac_config_files="$ac_config_files Makefile bin/Makefile etc/Makefile libexec/Makefile bin/iron"
 
-am__api_version='1.15'
+am__api_version='1.16'
 
 ac_aux_dir=
 for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
@@ -1923,12 +1923,7 @@ # Expand $ac_aux_dir to an absolute path.
 am_aux_dir=`cd "$ac_aux_dir" && pwd`
 
 if test x"${MISSING+set}" != xset; then
-  case $am_aux_dir in
-  *\ * | *\	*)
-    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
-  *)
-    MISSING="\${SHELL} $am_aux_dir/missing" ;;
-  esac
+  MISSING="\${SHELL} '$am_aux_dir/missing'"
 fi
 # Use eval to expand $SHELL
 if eval "$MISSING --is-lightweight"; then
@@ -2263,8 +2258,8 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
 
 # For better backward compatibility.  To be removed once Automake 1.9.x
 # dies out for good.  For more background, see:
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
 mkdir_p='$(MKDIR_P)'
 
 # We need awk for the "check" target (and possibly the TAP driver).  The
@@ -2315,7 +2310,7 @@     cat >&2 <<'END'
 Aborting the configuration process, to ensure you take notice of the issue.
 
 You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <http://www.gnu.org/software/coreutils/>.
+that behaves properly: <https://www.gnu.org/software/coreutils/>.
 
 If you want to complete the configuration process using your problematic
 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM




diff --git a/iron/debian/control b/iron/debian/control
index 01255c843c9a5bd3ce7eee1a241bca17a04aa6c9..00e9c682d8c649ceb2f3c5ecf2908e1215113402 100644
--- a/iron/debian/control
+++ b/iron/debian/control
@@ -1,5 +1,5 @@
 Package: iron
-Version: 1.0-4
+Version: 1.0-5
 Section: base
 Priority: optional
 Architecture: all




diff --git a/iron/etc/Makefile.in b/iron/etc/Makefile.in
index 87fac21179cb18f03680e48abdc9b9572f93ec38..440b829b86a15ce48939972205c78211e80dccb4 100644
--- a/iron/etc/Makefile.in
+++ b/iron/etc/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -244,8 +244,8 @@ 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -287,7 +287,10 @@
 cscope cscopelist:
 
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \




diff --git a/iron/libexec/Makefile.in b/iron/libexec/Makefile.in
index 586965c3d621ed3194e4090b0686a8635971af1a..8bebc400e688daabbeca58e29acc1762249c55d4 100644
--- a/iron/libexec/Makefile.in
+++ b/iron/libexec/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -239,7 +239,9 @@ 	iron/iron-pkcs12\
 	iron/iron-debug\
 	iron/iron-ssh-host\
 	iron/iron-ssh-user\
-	iron/iron-ssh-ca
+	iron/iron-ssh-ca\
+	iron/iron-vpn-server\
+	iron/iron-vpn-client
 
 all: all-am
 
@@ -261,8 +263,8 @@ 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -322,7 +324,10 @@
 cscope cscopelist:
 
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \




diff --git a/iron/libexec/iron/iron-certificate b/iron/libexec/iron/iron-certificate
index 9a4f87344ec151a11661d56709011a658f735387..42b85627f1cb7c403c9deab3dd6e929705407702 100755
--- a/iron/libexec/iron/iron-certificate
+++ b/iron/libexec/iron/iron-certificate
@@ -18,11 +18,14 @@   intermediate=$3
   client=$(basename $csrfile | sed -e 's/.csr$//')
   CLIENT_CERTPATH=$RCDIR/$service/certs
   CP=$CLIENT_CERTPATH/$client
+  extfile="${RCDIR}/${service}/conf/v3.ext"
   test -d ${CP} || mkdir -p ${CP}
   if [ "$intermediate" = "" ]; then
-    openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $csrfile -out $CP/$client.crt
+    openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial\
+	    -in $csrfile -out $CP/$client.crt -extensions usr_cert -extfile ${extfile}
   else
-    openssl x509 -req -days 365 -CA $CAPATH/$intermediate-ca.crt -CAkey $CAPATH/$intermediate-ca.key -CAcreateserial -in $csrfile -out $CP/$client.crt
+    openssl x509 -req -days 365 -CA $CAPATH/$intermediate-ca.crt -CAkey $CAPATH/$intermediate-ca.key\
+	    -CAcreateserial -in $csrfile -out $CP/$client.crt -extensions usr_cert -extfile ${extfile}
   fi
 }
 
@@ -48,6 +51,7 @@   remote_csr_host=$3
   remote_csrfile=$4
   remote_ssh_identity_file=$5
   intermediate=$6
+  extfile="${RCDIR}/${service}/conf/v3.ext"
   csrfile=$(basename $remote_csrfile)
   remote_certdir=$(dirname $remote_csrfile)
   client=$(basename $csrfile | sed -e 's/.csr$//')
@@ -61,9 +65,12 @@     scp $remote_csr_user@$remote_csr_host:$remote_csrfile $CP/$client.csr
   fi
   
   if [ "$intermediate" = "" ]; then
-    openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
+    openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt\
+	    -extensions usr_cert -extfile ${extfile}
   else
-    openssl x509 -req -days 365 -CA $CAPATH/$intermediate.crt -CAkey $CAPATH/$intermediate-ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
+    openssl x509 -req -days 365 -CA $CAPATH/$intermediate.crt -CAkey $CAPATH/$intermediate-ca.key \
+	    -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt\
+	    -extensions usr_cert -extfile ${extfile}
   fi
   
   if [ -f $remote_ssh_identity_file ]; then
@@ -80,11 +87,15 @@   client=$2
   intermediate=$3
   CLIENT_CERTPATH=$RCDIR/$service/certs
   CP=$CLIENT_CERTPATH/$client
+  extfile="${RCDIR}/${service}/conf/v3.ext"
   test -d ${CP} || mkdir -p ${CP}
   if [ "$intermediate" = "" ]; then
-    openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
+    openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt\
+	    -extensions usr_cert -extfile ${extfile}
   else
-    openssl x509 -req -days 365 -CA $CAPATH/$intermediate-ca.crt -CAkey $CAPATH/$intermediate-ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
+    openssl x509 -req -days 365 -CA $CAPATH/$intermediate-ca.crt -CAkey $CAPATH/$intermediate-ca.key\
+	    -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt\
+	    -extensions usr_cert -extfile ${extfile}
   fi
   test -f $CP/$client.crt && echo "Created certificate in [$CP/$client.crt]"
 }




diff --git a/iron/libexec/iron/iron-client b/iron/libexec/iron/iron-client
index c845afef2dd183cb4dac3f9374d79c464032f1d0..b15b03e1c529eac52b34bdee2c28bd1115782a05 100755
--- a/iron/libexec/iron/iron-client
+++ b/iron/libexec/iron/iron-client
@@ -71,6 +71,19 @@   echo "CAPATH=${RCDIR}/$DOMAIN/CA"  >> ${RCFILE}
   test -d $CAPATH   	|| mkdir -p $CAPATH
   test -d $CLIENT_CERTPATH || mkdir -p $CLIENT_CERTPATH
   
+	cat<<__EOF__ >$RCDIR/${DOMAIN}/conf/client-${client}-ext.conf
+[ usr_cert ]
+# Extensions for client certificates
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+__EOF__
+
 	cat<<__EOF__ >$RCDIR/${DOMAIN}/conf/client-${client}.conf
 #RANDFILE               = $ENV::HOME/.rnd
 




diff --git a/iron/libexec/iron/iron-service b/iron/libexec/iron/iron-service
index 5cf6fb481934ca77999e79a3bad5a19d886df295..8ff0210bdaa0d596b0403f3eefac4a6f97cd2254 100755
--- a/iron/libexec/iron/iron-service
+++ b/iron/libexec/iron/iron-service
@@ -125,6 +125,17 @@
 [alt_names]
 DNS.1 = ${DOMAIN}
 DNS.2 = www.${DOMAIN}
+
+[ usr_cert ]
+# Extensions for client certificates
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
 __EOF__
 }
 




diff --git a/iron/libexec/iron/iron-vpn-client b/iron/libexec/iron/iron-vpn-client
index 3996ba17baf05223887fd1d49b926095327bbcc0..f248dcfb5cdf0473b8e2b5e28b7184ef541bb3fe 100755
--- a/iron/libexec/iron/iron-vpn-client
+++ b/iron/libexec/iron/iron-vpn-client
@@ -34,10 +34,10 @@
 function ovpn_generate_client_assembly()
 {
   cd $CFGDIR
-  mkdir -p "$CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}"
-  cp $CFGDIR/pki/ca.crt $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}
-  cp $CFGDIR/pki/issued/${vpn_client}.crt $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}
-  cp $CFGDIR/pki/private/${vpn_client}.key $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}
+  mkdir -p "$CFGDIR/server/${code_organization}-client/${vpn_client}"
+  cp $CFGDIR/pki/ca.crt $CFGDIR/server/${code_organization}-client/${vpn_client}
+  cp $CFGDIR/pki/issued/${vpn_client}.crt $CFGDIR/server/${code_organization}-client/${vpn_client}
+  cp $CFGDIR/pki/private/${vpn_client}.key $CFGDIR/server/${code_organization}-client/${vpn_client}
   
 cat<<__EOT__>$CFGDIR/server/${code_organization}-client/${vpn_client}/${code_organization}.conf
 client
@@ -65,10 +65,10 @@ function ovpn_generate_client_android()
 {
   ovpnfile=$CFGDIR/server/${code_organization}-client/${vpn_client}/${code_organization}-${vpn_client}.ovpn
   cd $CFGDIR
-  mkdir -p "$CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}"
-  cp $CFGDIR/pki/ca.crt $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}
-  cp $CFGDIR/pki/issued/${vpn_client}.crt $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}
-  cp $CFGDIR/pki/private/${vpn_client}.key $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}
+  mkdir -p "$CFGDIR/server/${code_organization}-client/${vpn_client}"
+  cp $CFGDIR/pki/ca.crt $CFGDIR/server/${code_organization}-client/${vpn_client}
+  cp $CFGDIR/pki/issued/${vpn_client}.crt $CFGDIR/server/${code_organization}-client/${vpn_client}
+  cp $CFGDIR/pki/private/${vpn_client}.key $CFGDIR/server/${code_organization}-client/${vpn_client}
   
 cat<<__EOT__>$ovpnfile
 client
@@ -89,17 +89,17 @@ #key  /etc/openvpn/${vpn_client}/${vpn_client}.key
 __EOT__
   
   echo "<ca>" >> $ovpnfile
-  cat $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}/ca.crt >> $ovpnfile
+  cat $CFGDIR/server/${code_organization}-client/${vpn_client}/ca.crt >> $ovpnfile
   echo "</ca>" >> $ovpnfile
   
   echo "<cert>" >> $ovpnfile
-  cat $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}/${vpn_client}.crt  \
+  cat $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}.crt  \
   | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' \
   >> $ovpnfile
   echo "</cert>" >> $ovpnfile
   
   echo "<key>" >> $ovpnfile
-  cat $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}/${vpn_client}.key \
+  cat $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}.key \
   >> $ovpnfile
   echo "</key>" >> $ovpnfile
 }




diff --git a/iron/makedeb.sh b/iron/makedeb.sh
index 9b11d9d78c182951206c00d7c46bc47b06e9529c..d36e1a53483122a609dbfb23b4e3c66dd9c507c2 100755
--- a/iron/makedeb.sh
+++ b/iron/makedeb.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-VERS=1.0.3
+VERS=1.0.6
 TARGET_DIR=../target
 cd $(dirname $0);
 CURRDIR=$(pwd)