Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

* luci/app/openvpn: controller, model and template updates

Browse source
This commit is contained in:
Jo-Philipp Wich 2008-10-09 22:24:21 +00:00
parent 8815b6a7dd
commit 7fe7d6d5e6
7 changed files with 472 additions and 286 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
applications/luci-openvpn/luasrc/controller/openvpn.lua
View file

@ -10,7 +10,7 @@ You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 http://www.apache.org/licenses/LICENSE-2.0
$Id: init.lua 3516 2008-10-04 18:42:06Z jow $ $Id$
]]-- ]]--
module("luci.controller.openvpn", package.seeall) module("luci.controller.openvpn", package.seeall)
@ -18,11 +18,7 @@ function index()
require("luci.i18n") require("luci.i18n")
luci.i18n.loadc("openvpn") luci.i18n.loadc("openvpn")
local p = entry( entry( {"admin", "services", "openvpn"}, cbi("openvpn"), luci.i18n.translate("openvpn", "OpenVPN") ).i18n = "openvpn"
{"admin", "services", "openvpn"}, cbi("openvpn"), entry( {"admin", "services", "openvpn", "basic"}, cbi("openvpn-basic"), nil ).leaf = true
luci.i18n.translate("openvpn", "OpenVPN") entry( {"admin", "services", "openvpn", "advanced"}, cbi("openvpn-advanced"), nil ).leaf = true
)
p.i18n = "openvpn"
p.leaf = true
end end

267
applications/luci-openvpn/luasrc/model/cbi/openvpn-advanced.lua Normal file
View file

@ -0,0 +1,267 @@
--[[
LuCI - Lua Configuration Interface
Copyright 2008 Steven Barth <steven@midlink.org>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
$Id$
]]--
require("luci.fs")
require("luci.ip")
local knownParams = {
--
-- Widget Name Optn. Default(s)
--
{ "service", {
-- initialisation and daemon options
{ ListValue, "verb", { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 } },
{ Flag, "mlock", 0 },
{ Flag, "disable_occ", 0 },
-- { Value, "user", "root" },
-- { Value, "group", "root" },
{ Value, "cd", "/etc/openvpn" },
{ Value, "chroot", "/var/run" },
-- { Value, "daemon", "Instance-Name" },
-- { Value, "syslog", "Instance-Name" },
{ Flag, "passtos", 0 },
-- { Value, "inetd", "nowait Instance-Name" },
{ Value, "log", "/var/log/openvpn.log" },
{ Value, "log_append", "/var/log/openvpn.log" },
{ Flag, "suppress_timestamps", 0 },
-- { Value, "writepid", "/var/run/openvpn.pid" },
{ Value, "nice", 0 },
{ Flag, "fast_io", 0 },
{ Value, "echo", "some params echoed to log" },
{ ListValue, "remap_usr1", { "SIGHUP", "SIGTERM" } },
{ Value, "status", "/var/run/openvpn.status 5" },
{ Value, "status_version", { 1, 2 } }, -- status
{ Value, "mute", 5 },
{ Value, "up", "/usr/bin/ovpn-up" },
{ Value, "up_delay", 5 },
{ Value, "down", "/usr/bin/ovpn-down" },
{ Flag, "down_pre", 0 },
{ Flag, "up_restart", 0 },
{ Value, "route_up", "/usr/bin/ovpn-routeup" },
{ Value, "ipchange", "/usr/bin/ovpn-ipchange", { mode="p2p" } },
{ DynamicList, "setenv", { "VAR1 value1", "VAR2 value2" } },
{ Value, "tls_verify", "/usr/bin/ovpn-tlsverify" },
{ Value, "client_connect", "/usr/bin/ovpn-clientconnect" },
{ Flag, "client_disconnect", 0 },
{ Value, "learn_address", "/usr/bin/ovpn-learnaddress" },
{ Value, "auth_user_pass_verify", "/usr/bin/ovpn-userpass via-env" },
} },
{ "networking", {
-- socket config
{ ListValue, "mode", { "p2p", "server" } },
{ Value, "local", "0.0.0.0" },
{ Value, "port", 1194 },
{ Value, "lport", 1194 },
{ Value, "rport", 1194 },
{ Flag, "float", 0 },
{ Flag, "nobind", 0 },
{ Value, "dev", "tun0" },
{ ListValue, "dev_type", { "tun", "tap" } },
{ Value, "dev_node", "/dev/net/tun" },
{ Flag, "tun_ipv6", 0 },
{ Value, "ifconfig", "10.200.200.3 10.200.200.1" },
{ Flag, "ifconfig_noexec", 0 },
{ Flag, "ifconfig_nowarn", 0 },
{ DynamicList, "route", "10.123.0.0 255.255.0.0" },
{ Value, "route_gateway", "10.234.1.1" },
{ Value, "route_delay", 0 },
{ Flag, "route_noexec", 0 },
{ ListValue, "mtu_disc", { "yes", "maybe", "no" } },
{ Flag, "mtu_test", 0 },
{ Flag, "comp_lzo", 0 },
{ Flag, "comp_noadept", 0, { comp_lzo=1 } },
{ Value, "link_mtu", 1500 },
{ Value, "tun_mtu", 1500 },
{ Value, "tun_mtu_extra", 1500 },
{ Value, "fragment", 1500, { proto="udp" } },
{ Value, "mssfix", 1500, { proto="udp" } },
{ Value, "sndbuf", 65536 },
{ Value, "rcvbuf", 65536 },
{ Value, "txqueuelen", 100 },
{ Value, "shaper", 10240 },
{ Value, "inactive", 240 },
{ Value, "keepalive", "10 60" },
{ Value, "ping", 30 },
{ Value, "ping_exit", 120 },
{ Value, "ping_restart", 60 },
{ Flag, "ping_timer_rem", 0 },
{ Flag, "persist_tun", 0 },
{ Flag, "persist_key", 0 },
{ Flag, "persist_local_ip", 0 },
{ Flag, "persist_remote_ip", 0 },
-- management channel
{ Value, "management", "127.0.0.1 31194 /etc/openvpn/mngmt-pwds" },
{ Flag, "management_query_passwords", 0 }, -- management
{ Flag, "management_hold", 0 }, -- management
{ Flag, "management_log_cache", 100 }, -- management
} },
{ "vpn", {
{ Value, "server", "10.200.200.0 255.255.255.0", { server_mode="1" } },
{ Value, "server_bridge", "10.200.200.1 255.255.255.0 10.200.200.200 10.200.200.250", { server_mode="1" } },
{ DynamicList, "push", { "redirect-gateway", "comp-lzo" }, { server_mode="1" } },
{ Flag, "push_reset", 0, { server_mode="1" } },
{ Flag, "disable", 0, { server_mode="1" } },
{ Value, "ifconfig_pool", "10.200.200.100 10.200.200.150 255.255.255.0", { server_mode="1" } },
{ Value, "ifconfig_pool_persist", "/etc/openvpn/ipp.txt 600", { server_mode="1" } },
{ Flag, "ifconfig_pool_linear", 0, { server_mode="1" } },
{ Value, "ifconfig_push", "10.200.200.1 255.255.255.255", { server_mode="1" } },
{ Value, "iroute", "10.200.200.0 255.255.255.0", { server_mode="1" } },
{ Flag, "client_to_client", 0, { server_mode="1" } },
{ Flag, "duplicate_cn", 0, { server_mode="1" } },
{ Value, "client_config_dir", "/etc/openvpn/ccd", { server_mode="1" } },
{ Flag, "ccd_exclusive", 0, { server_mode="1" } },
{ Value, "tmp_dir", "/var/run/openvpn", { server_mode="1" } },
{ Value, "hash_size", "256 256", { server_mode="1" } },
{ Value, "bcast_buffers", 256, { server_mode="1" } },
{ Value, "tcp_queue_limit", 64, { server_mode="1" } },
{ Value, "max_clients", 10, { server_mode="1" } },
{ Value, "max_routes_per_client", 256, { server_mode="1" } },
{ Value, "connect_freq", "3 10", { server_mode="1" } },
{ Flag, "client_cert_not_required", 0, { server_mode="1" } },
{ Flag, "username_as_common_name", 0, { server_mode="1" } },
{ Flag, "client", 0, { server_mode="0" }, { server_mode="" } },
{ Flag, "pull", 0, { client="1" } },
{ Value, "auth_user_pass", "/etc/openvpn/userpass.txt", { client="1" } },
{ ListValue, "auth_retry", { "none", "nointeract", "interact" }, { client="1" } },
{ Value, "explicit_exit_notify", 1, { client="1" } },
{ DynamicList, "remote", "1.2.3.4", { client="1" } }, -- client
{ Flag, "remote_random", 1, { client="1" } }, -- client
{ ListValue, "proto", { "udp", "tcp-client", "tcp-server" }, { client="1" } },
{ Value, "connect_retry", 5, { proto="tcp-client" }, { client="1" } }, -- client && proto=tcp-client
{ Value, "http_proxy_server", "192.168.1.100 8080", { client="1" } }, -- client
{ Flag, "http_proxy_retry", 0, { client="1" } }, -- client && http_proxy_server
{ Value, "http_proxy_timeout", 5, { client="1" } }, -- client && http_proxy_server
{ DynamicList, "http_proxy_option", { "VERSION 1.0", "AGENT OpenVPN/2.0.9" }, { client="1" } }, -- client && http_proxy_server
{ Value, "socks_proxy_server", "192.168.1.200 1080", { client="1" } }, -- client
{ Value, "socks_proxy_retry", 5, { client="1" } }, -- client && socks_proxy_server
{ Value, "resolv_retry", "infinite", { client="1" } }, -- client
{ ListValue, "redirect_gateway", { "", "local", "def1", "local def1" }, { client="1" } }, -- client
} },
{ "cryptography", {
{ Value, "secret", "/etc/openvpn/secret.key 1" },
{ Value, "auth", "SHA1" }, -- parse
{ Value, "cipher", "BF-CBC" }, -- parse
{ Value, "keysize", 1024 }, -- parse
{ Value, "engine", "dynamic" }, -- parse
{ Flag, "no_replay", 0 },
{ Value, "replay_window", "64 15" },
{ Flag, "mute_replay_warnings", 0 },
{ Value, "replay_persist", "/var/run/openvpn-replay-state" },
{ Flag, "no_iv", 0 },
{ Flag, "tls_server", 0, { tls_client="" }, { tls_client="0" } },
{ Flag, "tls_client", 0, { tls_server="" }, { tls_server="0" } },
{ Value, "ca", "/etc/easy-rsa/keys/ca.crt" },
{ Value, "dh", "/etc/easy-rsa/keys/dh1024.pem" },
{ Value, "cert", "/etc/easy-rsa/keys/some-client.crt" },
{ Value, "key", "/etc/easy-rsa/keys/some-client.key" },
{ Value, "pkcs12", "/etc/easy-rsa/keys/some-client.pk12" },
{ ListValue, "key_method", { 1, 2 } },
{ Value, "tls_cipher", "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5" },
{ Value, "tls_timeout", 2 },
{ Value, "reneg_bytes", 1024 },
{ Value, "reneg_pkts", 100 },
{ Value, "reneg_sec", 3600 },
{ Value, "hand_window", 60 },
{ Value, "tran_window", 3600 },
{ Flag, "single_session", 0 },
{ Flag, "tls_exit", 0 },
{ Value, "tls_auth", "/etc/openvpn/tlsauth.key 1" },
--{ Value, "askpass", "[file]" },
{ Flag, "auth_nocache", 0 },
{ Value, "tls_remote", "remote_x509_name" },
{ ListValue, "ns_cert_type", { "client", "server" } },
{ Value, "crl_verify", "/etc/easy-rsa/keys/crl.pem" },
} }
}
local cts = { }
local params = { }
local m = Map("openvpn")
local p = m:section( SimpleSection )
p.template = "openvpn/pageswitch"
p.mode = "advanced"
p.instance = arg[1]
p.category = arg[2] or "service"
for _, c in ipairs(knownParams) do
cts[#cts+1] = c[1]
if c[1] == p.category then params = c[2] end
end
p.categories = cts
local s = m:section(
NamedSection, arg[1], "openvpn",
translate("openvpn_%s" % arg[2]),
translate("openvpn_%s_desc" % arg[2])
)
s.title = translate("openvpn_%s" % arg[2])
s.addremove = false
s.anonymous = true
for _, option in ipairs(params) do
local o = s:option(option[1], option[2])
if option[1] == DummyValue then
o.value = option[3]
else
if option[1] == DynamicList then
o.cast = nil
function o.cfgvalue(...)
local val = AbstractValue.cfgvalue(...)
return ( val and type(val) ~= "table" ) and { val } or val
end
end
o.optional = true
if type(option[3]) == "table" then
if o.optional then o:value("", "-- remove --") end
for _, v in ipairs(option[3]) do
v = tostring(v)
o:value(v)
end
o.default = tostring(option[3][1])
else
o.default = tostring(option[3])
end
end
for i=5,#option do
if type(option[i]) == "table" then
o:depends(option[i])
end
end
end
return m

97
applications/luci-openvpn/luasrc/model/cbi/openvpn-basic.lua Normal file
View file

@ -0,0 +1,97 @@
--[[
LuCI - Lua Configuration Interface
Copyright 2008 Steven Barth <steven@midlink.org>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
$Id$
]]--
require("luci.fs")
require("luci.ip")
require("luci.model.uci")
local basicParams = {
--
-- Widget Name Optn. Default(s)
--
{ ListValue, "verb", { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 } },
{ Value, "nice", 0 },
{ Value, "port", 1194 },
{ ListValue, "dev_type", { "tun", "tap" } },
{ Flag, "tun_ipv6", 0 },
{ Value, "ifconfig", "10.200.200.3 10.200.200.1" },
{ Value, "server", "10.200.200.0 255.255.255.0" },
{ Value, "server_bridge", "192.168.1.1 255.255.255.0 192.168.1.128 192.168.1.254" },
{ Flag, "nobind", 0 },
{ Flag, "comp_lzo", 0 },
{ Value, "keepalive", "10 60" },
{ ListValue, "proto", { "udp", "tcp" } },
{ Flag, "client", 0 },
{ Flag, "client_to_client", 0 },
{ DynamicList, "remote", "vpnserver.example.org" },
{ Value, "secret", "/etc/openvpn/secret.key 1" },
{ Value, "ca", "/etc/easy-rsa/keys/ca.crt" },
{ Value, "dh", "/etc/easy-rsa/keys/dh1024.pem" },
{ Value, "cert", "/etc/easy-rsa/keys/some-client.crt" },
{ Value, "key", "/etc/easy-rsa/keys/some-client.key" },
}
local m = Map("openvpn")
local p = m:section( SimpleSection )
p.template = "openvpn/pageswitch"
p.mode = "basic"
p.instance = arg[1]
local s = m:section( NamedSection, arg[1], "openvpn" )
for _, option in ipairs(basicParams) do
local o = s:option(option[1], option[2])
o.optional = true
if option[1] == DummyValue then
o.value = option[3]
else
if option[1] == DynamicList then
o.cast = nil
function o.cfgvalue(...)
local val = AbstractValue.cfgvalue(...)
return ( val and type(val) ~= "table" ) and { val } or val
end
end
if type(option[3]) == "table" then
if o.optional then o:value("", "-- remove --") end
for _, v in ipairs(option[3]) do
v = tostring(v)
o:value(v)
end
o.default = tostring(option[3][1])
else
o.default = tostring(option[3])
end
end
for i=5,#option do
if type(option[i]) == "table" then
o:depends(option[i])
end
end
end
return m

332
applications/luci-openvpn/luasrc/model/cbi/openvpn.lua
View file

@ -9,279 +9,91 @@ You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 http://www.apache.org/licenses/LICENSE-2.0
$Id: olsrdplugins.lua 3288 2008-09-14 20:57:00Z jow $ $Id$
]]-- ]]--
require("luci.fs") require("luci.fs")
require("luci.ip") require("luci.ip")
require("luci.sys")
require("luci.model.uci")
local knownParams = { local uci = luci.model.uci.cursor()
--
-- Widget Name Optn. Default(s)
--
{ "service", {
-- initialisation and daemon options
{ "daemon", {
{ ListValue, "verb", false, { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 } },
{ Flag, "mlock", false, 0 },
{ Flag, "disable_occ", false, 0 },
-- { Value, "user", true, "root" },
-- { Value, "group", true, "root" },
{ Value, "cd", true, "/etc/openvpn" },
{ Value, "chroot", true, "/var/run" },
-- { Value, "daemon", true, "Instance-Name" },
-- { Value, "syslog", true, "Instance-Name" },
{ Flag, "passtos", false, 0 },
-- { Value, "inetd", true, "nowait Instance-Name" },
{ Value, "log", true, "/var/log/openvpn.log" },
{ Value, "log_append", true, "/var/log/openvpn.log" },
{ Flag, "suppress_timestamps", false, 0 },
-- { Value, "writepid", true, "/var/run/openvpn.pid" },
{ Value, "nice", true, 0 },
{ Flag, "fast_io", false, 0 },
{ Value, "echo", true, "some params echoed to log" },
{ ListValue, "remap_usr1", true, { "SIGHUP", "SIGTERM" } },
{ Value, "status", true, "/var/run/openvpn.status 5" },
{ Value, "status_version", true, { 1, 2 } }, -- status
{ Value, "mute", true, 5 },
} },
-- hook scripts
{ "hookscripts", {
{ Value, "up", true, "/usr/bin/ovpn-up" },
{ Value, "up_delay", true, 5 },
{ Value, "down", true, "/usr/bin/ovpn-down" },
{ Flag, "down_pre", false, 0 },
{ Flag, "up_restart", false, 0 },
{ Value, "route_up", true, "/usr/bin/ovpn-routeup" },
{ Value, "ipchange", true, "/usr/bin/ovpn-ipchange", { mode="p2p" } },
{ DynamicList, "setenv", true, { "VAR1 value1", "VAR2 value2" } },
{ Value, "tls_verify", true, "/usr/bin/ovpn-tlsverify" },
{ Value, "client_connect", true, "/usr/bin/ovpn-clientconnect" },
{ Flag, "client_disconnect", false, 0 },
{ Value, "learn_address", true, "/usr/bin/ovpn-learnaddress" },
{ Value, "auth_user_pass_verify", true, "/usr/bin/ovpn-userpass via-env" },
} },
} },
{ "networking", {
-- socket config
{ "networking", {
{ ListValue, "mode", false, { "p2p", "server" } },
{ Value, "local", false, "0.0.0.0" },
{ Value, "port", false, 1194 },
{ Value, "lport", true, 1194 },
{ Value, "rport", true, 1194 },
{ Flag, "float", true, 0 },
{ Flag, "nobind", true, 0 },
{ Value, "dev", true, "tun0" },
{ ListValue, "dev_type", false, { "tun", "tap" } },
{ Value, "dev_node", true, "/dev/net/tun" },
{ Flag, "tun_ipv6", false, 0 },
{ Value, "ifconfig", true, "10.200.200.3 10.200.200.1" },
{ Flag, "ifconfig_noexec", false, 0 },
{ Flag, "ifconfig_nowarn", false, 0 },
{ DynamicList, "route", true, "10.123.0.0 255.255.0.0" },
{ Value, "route_gateway", true, "10.234.1.1" },
{ Value, "route_delay", true, 0 },
{ Flag, "route_noexec", false, 0 },
{ ListValue, "redirect_gateway", false, { "", "local", "def1", "local def1" } }, -- client
} },
-- connection tuning
{ "conntune", {
{ ListValue, "mtu_disc", false, { "yes", "maybe", "no" } },
{ Flag, "mtu_test", false, 0 },
{ Flag, "comp_lzo", false, 0 },
{ Flag, "comp_noadept", false, 0, { comp_lzo=1 } },
{ Value, "link_mtu", true, 1500 },
{ Value, "tun_mtu", true, 1500 },
{ Value, "tun_mtu_extra", true, 1500 },
{ Value, "fragment", true, 1500, { proto="udp" } },
{ Value, "mssfix", true, 1500, { proto="udp" } },
{ Value, "sndbuf", true, 65536 },
{ Value, "rcvbuf", true, 65536 },
{ Value, "txqueuelen", true, 100 },
{ Value, "shaper", true, 10240 },
} },
-- idle timeouts & persistence
{ "timeouts", {
{ Value, "inactive", true, 240 },
{ Value, "keepalive", true, "10 60" },
{ Value, "ping", true, 30 },
{ Value, "ping_exit", true, 120 },
{ Value, "ping_restart", true, 60 },
{ Flag, "ping_timer_rem", false, 0 },
{ Flag, "persist_tun", false, 0 },
{ Flag, "persist_key", false, 0 },
{ Flag, "persist_local_ip", false, 0 },
{ Flag, "persist_remote_ip", false, 0 },
} },
-- management channel
{ "management", {
{ Value, "management", false, "127.0.0.1 31194 /etc/openvpn/mngmt-pwds" },
{ Flag, "management_query_passwords",
true, 0 }, -- management
{ Flag, "management_hold", true, 0 }, -- management
{ Flag, "management_log_cache", true, 100 }, -- management
} }
} },
{ "role", {
{ "server", {
{ Value, "server", true, "10.200.200.0 255.255.255.0" },
{ Value, "server_bridge", true, "10.200.200.1 255.255.255.0 10.200.200.200 10.200.200.250" },
{ DynamicList, "push", true, { "redirect-gateway", "comp-lzo" } },
{ Flag, "push_reset", false, 0 },
{ Flag, "disable", false, 0 },
{ Value, "ifconfig_pool", true, "10.200.200.100 10.200.200.150 255.255.255.0" },
{ Value, "ifconfig_pool_persist", true, "/etc/openvpn/ipp.txt 600" },
{ Flag, "ifconfig_pool_linear", false, 0 },
{ Value, "ifconfig_push", true, "10.200.200.1 255.255.255.255" },
{ Value, "iroute", true, "10.200.200.0 255.255.255.0" },
{ Flag, "client_to_client", false, 0 },
{ Flag, "duplicate_cn", false, 0 },
{ Value, "client_config_dir", true, "/etc/openvpn/ccd" },
{ Flag, "ccd_exclusive", false, 0 },
{ Value, "tmp_dir", true, "/var/run/openvpn" },
{ Value, "hash_size", true, "256 256" },
{ Value, "bcast_buffers", true, 256 },
{ Value, "tcp_queue_limit", true, 64 },
{ Value, "max_clients", true, 10 },
{ Value, "max_routes_per_client", true, 256 },
{ Value, "connect_freq", true, "3 10" },
{ Flag, "client_cert_not_required", false, 0 },
{ Flag, "username_as_common_name", false, 0 },
} },
{ "client", {
{ Flag, "client", false, 0 },
{ Flag, "pull", false, 0 },
{ Value, "auth_user_pass", true, "/etc/openvpn/userpass.txt" },
{ ListValue, "auth_retry", true, { "none", "nointeract", "interact" } },
{ Value, "explicit_exit_notify", true, 1 },
{ DynamicList, "remote", false, "1.2.3.4" }, -- client
{ Flag, "remote_random", false, 1 }, -- client
{ ListValue, "proto", false, { "udp", "tcp-client", "tcp-server" } },
{ Value, "connect_retry", true, 5, { proto="tcp-client" } }, -- client && proto=tcp-client
{ Value, "http_proxy_server", true, "192.168.1.100 8080" }, -- client
{ Flag, "http_proxy_retry", false, 0 }, -- client && http_proxy_server
{ Value, "http_proxy_timeout", true, 5 }, -- client && http_proxy_server
{ DynamicList, "http_proxy_option", true, { "VERSION 1.0", "AGENT OpenVPN/2.0.9" } }, -- client && http_proxy_server
{ Value, "socks_proxy_server", true, "192.168.1.200 1080" }, -- client
{ Value, "socks_proxy_retry", true, 5 }, -- client && socks_proxy_server
{ Value, "resolv_retry", true, "infinite" }, -- client
} }
} },
{ "cryptography", {
{ "datachannel", {
{ Value, "secret", true, "/etc/openvpn/secret.key 1" },
{ Value, "auth", true, "SHA1" }, -- parse
{ Value, "cipher", true, "BF-CBC" }, -- parse
{ Value, "keysize", true, 1024 }, -- parse
{ Value, "engine", true, "dynamic" }, -- parse
{ Flag, "no_replay", false, 0 },
{ Value, "replay_window", true, "64 15" },
{ Flag, "mute_replay_warnings", false, 0 },
{ Value, "replay_persist", true, "/var/run/openvpn-replay-state" },
{ Flag, "no_iv", false, 0 },
} },
{ "tlsmode", {
{ Flag, "tls_server", false, 0 },
{ Flag, "tls_client", false, 0 },
{ Value, "ca", true, "/etc/easy-rsa/keys/ca.crt" },
{ Value, "dh", true, "/etc/easy-rsa/keys/dh1024.pem" },
{ Value, "cert", true, "/etc/easy-rsa/keys/some-client.crt" },
{ Value, "key", true, "/etc/easy-rsa/keys/some-client.key" },
{ Value, "pkcs12", true, "/etc/easy-rsa/keys/some-client.pk12" },
{ ListValue, "key_method", true, { 1, 2 } },
{ Value, "tls_cipher", true, "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5" },
{ Value, "tls_timeout", true, 2 },
{ Value, "reneg_bytes", true, 1024 },
{ Value, "reneg_pkts", true, 100 },
{ Value, "reneg_sec", true, 3600 },
{ Value, "hand_window", true, 60 },
{ Value, "tran_window", true, 3600 },
{ Flag, "single_session", false, 0 },
{ Flag, "tls_exit", false, 0 },
{ Value, "tls_auth", true, "/etc/openvpn/tlsauth.key 1" },
--{ Value, "askpass", true, "[file]" },
{ Flag, "auth_nocache", false, 0 },
{ Value, "tls_remote", true, "remote_x509_name" },
{ ListValue, "ns_cert_type", true, { "client", "server" } },
{ Value, "crl_verify", true, "/etc/easy-rsa/keys/crl.pem" },
} }
} }
}
local cts = { }
local params = { }
local m = Map("openvpn") local m = Map("openvpn")
local p = m:section( SimpleSection ) local s = m:section( TypedSection, "openvpn" )
s.template = "cbi/tblsection"
p.template = "openvpn/pageswitch" s.template_addremove = "openvpn/cbi-select-input-add"
p.category = arg[1] s.addremove = true
p.csection = arg[2] s.add_select_options = { }
p.instance = arg[3] s.extedit = luci.dispatcher.build_url(
"admin", "services", "openvpn", "basic", "%s"
for _, c in ipairs(knownParams) do
cts[#cts+1] = { c[1], { } }
for _, o in ipairs(c[2]) do
cts[#cts][2][#cts[#cts][2]+1] = o[1]
if c[1] == p.category and o[1] == p.csection then
params = o[2]
end
end
end
p.categories = cts
local s = m:section(
NamedSection, arg[3], "openvpn",
translate("openvpn_%s" % arg[2]),
translate("openvpn_%s_desc" % arg[2])
) )
s.title = translate("openvpn_%s" % arg[2]) uci:load("openvpn_recipes")
s.addremove = false uci:foreach( "openvpn_recipes", "openvpn_recipe",
s.anonymous = true function(section)
s.add_select_options[section['.name']] =
section['_description'] or section['.name']
for _, option in ipairs(params) do
local o = s:option(option[1], option[2])
o.optional = option[3]
if type(option[4]) == "table" then
if o.optional then o:value("", "-- remove --") end
for _, v in ipairs(option[4]) do
v = tostring(v)
o:value(v)
end
o.default = tostring(option[4][1])
else
o.default = tostring(option[4])
end end
)
for i=5,#option do function s.parse(self, section)
if type(option[i]) == "table" then local recipe = luci.http.formvalue(
o:depends(option[i]) luci.cbi.CREATE_PREFIX .. self.config .. "." ..
end self.sectiontype .. ".select"
)
if recipe and not s.add_select_options[recipe] then
self.invalid_cts = true
else
TypedSection.parse( self, section )
end end
end end
function s.create(self, name)
local recipe = luci.http.formvalue(
luci.cbi.CREATE_PREFIX .. self.config .. "." ..
self.sectiontype .. ".select"
)
uci:section(
"openvpn", "openvpn", name,
uci:get_all( "openvpn_recipes", recipe )
)
uci:delete("openvpn", name, "_role")
uci:delete("openvpn", name, "_description")
uci:save("openvpn")
luci.http.redirect( self.extedit:format(name) )
end
s:option( Flag, "enable" )
local active = s:option( DummyValue, "_active" )
function active.cfgvalue(self, section)
if luci.fs.isfile("/var/run/openvpn_%s.pid" % section) then
local pid = io.lines("/var/run/openvpn_%s.pid" % section)()
if pid and #pid > 0 and tonumber(pid) ~= nil then
return (luci.sys.process.signal(pid, 0)) and "yes (" .. pid .. ")" or "no"
end
end
return "no"
end
local port = s:option( DummyValue, "port" )
function port.cfgvalue(self, section)
local val = AbstractValue.cfgvalue(self, section)
return val or "1194"
end
local proto = s:option( DummyValue, "proto" )
function proto.cfgvalue(self, section)
local val = AbstractValue.cfgvalue(self, section)
return val or "udp"
end
return m return m

11
applications/luci-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm Normal file
View file

@ -0,0 +1,11 @@
<div class="cbi-section-create">
<% if self.invalid_cts then -%><div class="cbi-section-error"><% end %>
<input type="text" class="cbi-section-create-name" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>" />
<select class="cbi-section-create-name" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>.select">
<%- for k, v in luci.util.kspairs(self.add_select_options) do %>
<option value="<%=k%>"><%=luci.util.pcdata(v)%></option>
<% end -%>
</select>
<input class="cbi-button cbi-button-add" type="submit" value="<%:cbi_add%>" title="<%:cbi_add%>" />
<% if self.invalid_cts then %><br /><%:cbi_invalid%></div><% end %>
</div>

33
applications/luci-openvpn/luasrc/view/openvpn/pageswitch.htm
View file

@ -9,28 +9,31 @@ You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 http://www.apache.org/licenses/LICENSE-2.0
$Id: value.htm 3333 2008-09-16 10:08:20Z Cyrus $ $Id$
-%> -%>
<fieldset class="cbi-section"> <fieldset class="cbi-section">
<legend> <legend>
<a href="<%=luci.dispatcher.build_url("admin", "services", "openvpn")%>"><%:openvpn_overview Overview%></a> &raquo; <a href="<%=luci.dispatcher.build_url("admin", "services", "openvpn")%>"><%:openvpn_overview Overview%></a> &raquo;
<a href="<%=luci.dispatcher.build_url("admin", "services", "openvpn", self.instance)%>"><%=self.instance%></a> <a href="<%=luci.dispatcher.build_url("admin", "services", "openvpn", self.mode, self.instance)%>"><%=self.instance%></a>
</legend> </legend>
<ul><% for _, c in ipairs(self.categories) do %> <% if self.mode == "basic" then %>
<li><%=c[1]%><ul><li> <a href="<%=luci.dispatcher.build_url("admin", "services", "openvpn", "advanced", self.instance)%>"><%:openvpn_switch_advanced Switch to advanced configuration &raquo;%></a>
<% for i, s in ipairs(c[2]) do %> <% else %>
<% if s == self.csection then %> <a href="<%=luci.dispatcher.build_url("admin", "services", "openvpn", "basic", self.instance)%>"><%:openvpn_switch_basic &laquo; Switch to basic configuration%></a>
<strong><%=translate("openvpn_%s" % s, s)%></strong> <hr style="margin:0.5em 0" />
<% else %> <%:openvpn_confcategory Configuration category%>:
<a href="<%=luci.dispatcher.build_url( <% for i, c in ipairs(self.categories) do %>
"admin", "services", "openvpn", c[1], s, self.instance <% if c == self.category then %>
)%>"><%=translate("openvpn_%s" % s, s)%></a> <strong><%=translate("openvpn_%s" % c, c)%></strong>
<% end %> <% else %>
<% if next(c[2], i) then %>|<% end %> <a href="<%=luci.dispatcher.build_url(
"admin", "services", "openvpn", "advanced", self.instance, c
)%>"><%=translate("openvpn_%s" % c, c)%></a>
<% end %> <% end %>
</li></ul></li> <% if next(self.categories, i) then %>|<% end %>
<% end %></ul> <% end %>
<% end %>
</fieldset> </fieldset>

6
applications/luci-openvpn/root/etc/config/openvpn_recipes
View file

@ -16,7 +16,7 @@ config openvpn_recipe client_tun_ptp
option _description "Simple client configuration for a routed point-to-point VPN" option _description "Simple client configuration for a routed point-to-point VPN"
option _role "client" option _role "client"
option dev "tun" option dev "tun"
option remote "mypeer.dyndns.org" list remote "mypeer.dyndns.org"
option port "1194" option port "1194"
option ifconfig "10.0.0.2 10.0.0.1" option ifconfig "10.0.0.2 10.0.0.1"
option secret "shared-secret.key" option secret "shared-secret.key"
@ -48,7 +48,7 @@ config openvpn_recipe client_tun
option _role "client" option _role "client"
option client "1" option client "1"
option dev "tun" option dev "tun"
option remote "vpnserver.example.org 1194" list remote "vpnserver.example.org 1194"
option ca "ca.crt" option ca "ca.crt"
option cert "my_client.crt" option cert "my_client.crt"
option key "my_client.key" option key "my_client.key"
@ -84,7 +84,7 @@ config openvpn_recipe client_tap_bridge
option _role "client" option _role "client"
option client "1" option client "1"
option dev "tap" option dev "tap"
option remote "vpnserver.example.org 1194" list remote "vpnserver.example.org 1194"
option ca "ca.crt" option ca "ca.crt"
option cert "my_client.crt" option cert "my_client.crt"
option key "my_client.key" option key "my_client.key"