Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

* luci/app/openvpn: controller, model and template updates

Browse source
This commit is contained in:
Jo-Philipp Wich 2008-10-09 22:24:21 +00:00
parent 8815b6a7dd
commit 7fe7d6d5e6
7 changed files with 472 additions and 286 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
applications/luci-openvpn/luasrc/controller/openvpn.lua
View file

@ -10,7 +10,7 @@ You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
$Id: init.lua 3516 2008-10-04 18:42:06Z jow $
$Id$
]]--
module("luci.controller.openvpn", package.seeall)
@ -18,11 +18,7 @@ function index()
require("luci.i18n")
luci.i18n.loadc("openvpn")
local p = entry(
{"admin", "services", "openvpn"}, cbi("openvpn"),
luci.i18n.translate("openvpn", "OpenVPN")
)
p.i18n = "openvpn"
p.leaf = true
entry( {"admin", "services", "openvpn"}, cbi("openvpn"), luci.i18n.translate("openvpn", "OpenVPN") ).i18n = "openvpn"
entry( {"admin", "services", "openvpn", "basic"}, cbi("openvpn-basic"), nil ).leaf = true
entry( {"admin", "services", "openvpn", "advanced"}, cbi("openvpn-advanced"), nil ).leaf = true
end

267
applications/luci-openvpn/luasrc/model/cbi/openvpn-advanced.lua Normal file
View file

@ -0,0 +1,267 @@
--[[
LuCI - Lua Configuration Interface
Copyright 2008 Steven Barth <steven@midlink.org>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
$Id$
]]--
require("luci.fs")
require("luci.ip")
local knownParams = {
--
-- Widget Name Optn. Default(s)
--
{ "service", {
-- initialisation and daemon options
{ ListValue, "verb", { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 } },
{ Flag, "mlock", 0 },
{ Flag, "disable_occ", 0 },
-- { Value, "user", "root" },
-- { Value, "group", "root" },
{ Value, "cd", "/etc/openvpn" },
{ Value, "chroot", "/var/run" },
-- { Value, "daemon", "Instance-Name" },
-- { Value, "syslog", "Instance-Name" },
{ Flag, "passtos", 0 },
-- { Value, "inetd", "nowait Instance-Name" },
{ Value, "log", "/var/log/openvpn.log" },
{ Value, "log_append", "/var/log/openvpn.log" },
{ Flag, "suppress_timestamps", 0 },
-- { Value, "writepid", "/var/run/openvpn.pid" },
{ Value, "nice", 0 },
{ Flag, "fast_io", 0 },
{ Value, "echo", "some params echoed to log" },
{ ListValue, "remap_usr1", { "SIGHUP", "SIGTERM" } },
{ Value, "status", "/var/run/openvpn.status 5" },
{ Value, "status_version", { 1, 2 } }, -- status
{ Value, "mute", 5 },
{ Value, "up", "/usr/bin/ovpn-up" },
{ Value, "up_delay", 5 },
{ Value, "down", "/usr/bin/ovpn-down" },
{ Flag, "down_pre", 0 },
{ Flag, "up_restart", 0 },
{ Value, "route_up", "/usr/bin/ovpn-routeup" },
{ Value, "ipchange", "/usr/bin/ovpn-ipchange", { mode="p2p" } },
{ DynamicList, "setenv", { "VAR1 value1", "VAR2 value2" } },
{ Value, "tls_verify", "/usr/bin/ovpn-tlsverify" },
{ Value, "client_connect", "/usr/bin/ovpn-clientconnect" },
{ Flag, "client_disconnect", 0 },
{ Value, "learn_address", "/usr/bin/ovpn-learnaddress" },
{ Value, "auth_user_pass_verify", "/usr/bin/ovpn-userpass via-env" },
} },
{ "networking", {
-- socket config
{ ListValue, "mode", { "p2p", "server" } },
{ Value, "local", "0.0.0.0" },
{ Value, "port", 1194 },
{ Value, "lport", 1194 },
{ Value, "rport", 1194 },
{ Flag, "float", 0 },
{ Flag, "nobind", 0 },
{ Value, "dev", "tun0" },
{ ListValue, "dev_type", { "tun", "tap" } },
{ Value, "dev_node", "/dev/net/tun" },
{ Flag, "tun_ipv6", 0 },
{ Value, "ifconfig", "10.200.200.3 10.200.200.1" },
{ Flag, "ifconfig_noexec", 0 },
{ Flag, "ifconfig_nowarn", 0 },
{ DynamicList, "route", "10.123.0.0 255.255.0.0" },
{ Value, "route_gateway", "10.234.1.1" },
{ Value, "route_delay", 0 },
{ Flag, "route_noexec", 0 },
{ ListValue, "mtu_disc", { "yes", "maybe", "no" } },
{ Flag, "mtu_test", 0 },
{ Flag, "comp_lzo", 0 },
{ Flag, "comp_noadept", 0, { comp_lzo=1 } },
{ Value, "link_mtu", 1500 },
{ Value, "tun_mtu", 1500 },
{ Value, "tun_mtu_extra", 1500 },
{ Value, "fragment", 1500, { proto="udp" } },
{ Value, "mssfix", 1500, { proto="udp" } },
{ Value, "sndbuf", 65536 },
{ Value, "rcvbuf", 65536 },
{ Value, "txqueuelen", 100 },
{ Value, "shaper", 10240 },
{ Value, "inactive", 240 },
{ Value, "keepalive", "10 60" },
{ Value, "ping", 30 },
{ Value, "ping_exit", 120 },
{ Value, "ping_restart", 60 },
{ Flag, "ping_timer_rem", 0 },
{ Flag, "persist_tun", 0 },
{ Flag, "persist_key", 0 },
{ Flag, "persist_local_ip", 0 },
{ Flag, "persist_remote_ip", 0 },
-- management channel
{ Value, "management", "127.0.0.1 31194 /etc/openvpn/mngmt-pwds" },
{ Flag, "management_query_passwords", 0 }, -- management
{ Flag, "management_hold", 0 }, -- management
{ Flag, "management_log_cache", 100 }, -- management
} },
{ "vpn", {
{ Value, "server", "10.200.200.0 255.255.255.0", { server_mode="1" } },
{ Value, "server_bridge", "10.200.200.1 255.255.255.0 10.200.200.200 10.200.200.250", { server_mode="1" } },
{ DynamicList, "push", { "redirect-gateway", "comp-lzo" }, { server_mode="1" } },
{ Flag, "push_reset", 0, { server_mode="1" } },
{ Flag, "disable", 0, { server_mode="1" } },
{ Value, "ifconfig_pool", "10.200.200.100 10.200.200.150 255.255.255.0", { server_mode="1" } },
{ Value, "ifconfig_pool_persist", "/etc/openvpn/ipp.txt 600", { server_mode="1" } },
{ Flag, "ifconfig_pool_linear", 0, { server_mode="1" } },
{ Value, "ifconfig_push", "10.200.200.1 255.255.255.255", { server_mode="1" } },
{ Value, "iroute", "10.200.200.0 255.255.255.0", { server_mode="1" } },
{ Flag, "client_to_client", 0, { server_mode="1" } },
{ Flag, "duplicate_cn", 0, { server_mode="1" } },
{ Value, "client_config_dir", "/etc/openvpn/ccd", { server_mode="1" } },
{ Flag, "ccd_exclusive", 0, { server_mode="1" } },
{ Value, "tmp_dir", "/var/run/openvpn", { server_mode="1" } },
{ Value, "hash_size", "256 256", { server_mode="1" } },
{ Value, "bcast_buffers", 256, { server_mode="1" } },
{ Value, "tcp_queue_limit", 64, { server_mode="1" } },
{ Value, "max_clients", 10, { server_mode="1" } },
{ Value, "max_routes_per_client", 256, { server_mode="1" } },
{ Value, "connect_freq", "3 10", { server_mode="1" } },
{ Flag, "client_cert_not_required", 0, { server_mode="1" } },
{ Flag, "username_as_common_name", 0, { server_mode="1" } },
{ Flag, "client", 0, { server_mode="0" }, { server_mode="" } },
{ Flag, "pull", 0, { client="1" } },
{ Value, "auth_user_pass", "/etc/openvpn/userpass.txt", { client="1" } },
{ ListValue, "auth_retry", { "none", "nointeract", "interact" }, { client="1" } },
{ Value, "explicit_exit_notify", 1, { client="1" } },
{ DynamicList, "remote", "1.2.3.4", { client="1" } }, -- client
{ Flag, "remote_random", 1, { client="1" } }, -- client
{ ListValue, "proto", { "udp", "tcp-client", "tcp-server" }, { client="1" } },
{ Value, "connect_retry", 5, { proto="tcp-client" }, { client="1" } }, -- client && proto=tcp-client
{ Value, "http_proxy_server", "192.168.1.100 8080", { client="1" } }, -- client
{ Flag, "http_proxy_retry", 0, { client="1" } }, -- client && http_proxy_server
{ Value, "http_proxy_timeout", 5, { client="1" } }, -- client && http_proxy_server
{ DynamicList, "http_proxy_option", { "VERSION 1.0", "AGENT OpenVPN/2.0.9" }, { client="1" } }, -- client && http_proxy_server
{ Value, "socks_proxy_server", "192.168.1.200 1080", { client="1" } }, -- client
{ Value, "socks_proxy_retry", 5, { client="1" } }, -- client && socks_proxy_server
{ Value, "resolv_retry", "infinite", { client="1" } }, -- client
{ ListValue, "redirect_gateway", { "", "local", "def1", "local def1" }, { client="1" } }, -- client
} },
{ "cryptography", {
{ Value, "secret", "/etc/openvpn/secret.key 1" },
{ Value, "auth", "SHA1" }, -- parse
{ Value, "cipher", "BF-CBC" }, -- parse
{ Value, "keysize", 1024 }, -- parse
{ Value, "engine", "dynamic" }, -- parse
{ Flag, "no_replay", 0 },
{ Value, "replay_window", "64 15" },
{ Flag, "mute_replay_warnings", 0 },
{ Value, "replay_persist", "/var/run/openvpn-replay-state" },
{ Flag, "no_iv", 0 },
{ Flag, "tls_server", 0, { tls_client="" }, { tls_client="0" } },
{ Flag, "tls_client", 0, { tls_server="" }, { tls_server="0" } },
{ Value, "ca", "/etc/easy-rsa/keys/ca.crt" },
{ Value, "dh", "/etc/easy-rsa/keys/dh1024.pem" },
{ Value, "cert", "/etc/easy-rsa/keys/some-client.crt" },
{ Value, "key", "/etc/easy-rsa/keys/some-client.key" },
{ Value, "pkcs12", "/etc/easy-rsa/keys/some-client.pk12" },
{ ListValue, "key_method", { 1, 2 } },
{ Value, "tls_cipher", "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5" },
{ Value, "tls_timeout", 2 },
{ Value, "reneg_bytes", 1024 },
{ Value, "reneg_pkts", 100 },
{ Value, "reneg_sec", 3600 },
{ Value, "hand_window", 60 },
{ Value, "tran_window", 3600 },
{ Flag, "single_session", 0 },
{ Flag, "tls_exit", 0 },
{ Value, "tls_auth", "/etc/openvpn/tlsauth.key 1" },
--{ Value, "askpass", "[file]" },
{ Flag, "auth_nocache", 0 },
{ Value, "tls_remote", "remote_x509_name" },
{ ListValue, "ns_cert_type", { "client", "server" } },
{ Value, "crl_verify", "/etc/easy-rsa/keys/crl.pem" },
} }
}
local cts = { }
local params = { }
local m = Map("openvpn")
local p = m:section( SimpleSection )
p.template = "openvpn/pageswitch"
p.mode = "advanced"
p.instance = arg[1]
p.category = arg[2] or "service"
for _, c in ipairs(knownParams) do
cts[#cts+1] = c[1]
if c[1] == p.category then params = c[2] end
end
p.categories = cts
local s = m:section(
NamedSection, arg[1], "openvpn",
translate("openvpn_%s" % arg[2]),
translate("openvpn_%s_desc" % arg[2])
)
s.title = translate("openvpn_%s" % arg[2])
s.addremove = false
s.anonymous = true
for _, option in ipairs(params) do
local o = s:option(option[1], option[2])
if option[1] == DummyValue then
o.value = option[3]
else
if option[1] == DynamicList then
o.cast = nil
function o.cfgvalue(...)
local val = AbstractValue.cfgvalue(...)
return ( val and type(val) ~= "table" ) and { val } or val
end
end
o.optional = true
if type(option[3]) == "table" then
if o.optional then o:value("", "-- remove --") end
for _, v in ipairs(option[3]) do
v = tostring(v)
o:value(v)
end
o.default = tostring(option[3][1])
else
o.default = tostring(option[3])
end
end
for i=5,#option do
if type(option[i]) == "table" then
o:depends(option[i])
end
end
end
return m

97
applications/luci-openvpn/luasrc/model/cbi/openvpn-basic.lua Normal file
View file

@ -0,0 +1,97 @@
--[[
LuCI - Lua Configuration Interface
Copyright 2008 Steven Barth <steven@midlink.org>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
$Id$
]]--
require("luci.fs")
require("luci.ip")
require("luci.model.uci")
local basicParams = {
--
-- Widget Name Optn. Default(s)
--
{ ListValue, "verb", { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 } },
{ Value, "nice", 0 },
{ Value, "port", 1194 },
{ ListValue, "dev_type", { "tun", "tap" } },
{ Flag, "tun_ipv6", 0 },
{ Value, "ifconfig", "10.200.200.3 10.200.200.1" },
{ Value, "server", "10.200.200.0 255.255.255.0" },
{ Value, "server_bridge", "192.168.1.1 255.255.255.0 192.168.1.128 192.168.1.254" },
{ Flag, "nobind", 0 },
{ Flag, "comp_lzo", 0 },
{ Value, "keepalive", "10 60" },
{ ListValue, "proto", { "udp", "tcp" } },
{ Flag, "client", 0 },
{ Flag, "client_to_client", 0 },
{ DynamicList, "remote", "vpnserver.example.org" },
{ Value, "secret", "/etc/openvpn/secret.key 1" },
{ Value, "ca", "/etc/easy-rsa/keys/ca.crt" },
{ Value, "dh", "/etc/easy-rsa/keys/dh1024.pem" },
{ Value, "cert", "/etc/easy-rsa/keys/some-client.crt" },
{ Value, "key", "/etc/easy-rsa/keys/some-client.key" },
}
local m = Map("openvpn")
local p = m:section( SimpleSection )
p.template = "openvpn/pageswitch"
p.mode = "basic"
p.instance = arg[1]
local s = m:section( NamedSection, arg[1], "openvpn" )
for _, option in ipairs(basicParams) do
local o = s:option(option[1], option[2])
o.optional = true
if option[1] == DummyValue then
o.value = option[3]
else
if option[1] == DynamicList then
o.cast = nil
function o.cfgvalue(...)
local val = AbstractValue.cfgvalue(...)
return ( val and type(val) ~= "table" ) and { val } or val
end
end
if type(option[3]) == "table" then
if o.optional then o:value("", "-- remove --") end
for _, v in ipairs(option[3]) do
v = tostring(v)
o:value(v)
end
o.default = tostring(option[3][1])
else
o.default = tostring(option[3])
end
end
for i=5,#option do
if type(option[i]) == "table" then
o:depends(option[i])
end
end
end
return m

332
applications/luci-openvpn/luasrc/model/cbi/openvpn.lua
View file

@ -9,279 +9,91 @@ You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
$Id: olsrdplugins.lua 3288 2008-09-14 20:57:00Z jow $
$Id$
]]--
require("luci.fs")
require("luci.ip")
require("luci.sys")
require("luci.model.uci")
local knownParams = {
--
-- Widget Name Optn. Default(s)
--
{ "service", {
-- initialisation and daemon options
{ "daemon", {
{ ListValue, "verb", false, { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 } },
{ Flag, "mlock", false, 0 },
{ Flag, "disable_occ", false, 0 },
-- { Value, "user", true, "root" },
-- { Value, "group", true, "root" },
{ Value, "cd", true, "/etc/openvpn" },
{ Value, "chroot", true, "/var/run" },
-- { Value, "daemon", true, "Instance-Name" },
-- { Value, "syslog", true, "Instance-Name" },
{ Flag, "passtos", false, 0 },
-- { Value, "inetd", true, "nowait Instance-Name" },
{ Value, "log", true, "/var/log/openvpn.log" },
{ Value, "log_append", true, "/var/log/openvpn.log" },
{ Flag, "suppress_timestamps", false, 0 },
-- { Value, "writepid", true, "/var/run/openvpn.pid" },
{ Value, "nice", true, 0 },
{ Flag, "fast_io", false, 0 },
{ Value, "echo", true, "some params echoed to log" },
{ ListValue, "remap_usr1", true, { "SIGHUP", "SIGTERM" } },
{ Value, "status", true, "/var/run/openvpn.status 5" },
{ Value, "status_version", true, { 1, 2 } }, -- status
{ Value, "mute", true, 5 },
} },
-- hook scripts
{ "hookscripts", {
{ Value, "up", true, "/usr/bin/ovpn-up" },
{ Value, "up_delay", true, 5 },
{ Value, "down", true, "/usr/bin/ovpn-down" },
{ Flag, "down_pre", false, 0 },
{ Flag, "up_restart", false, 0 },
{ Value, "route_up", true, "/usr/bin/ovpn-routeup" },
{ Value, "ipchange", true, "/usr/bin/ovpn-ipchange", { mode="p2p" } },
{ DynamicList, "setenv", true, { "VAR1 value1", "VAR2 value2" } },
{ Value, "tls_verify", true, "/usr/bin/ovpn-tlsverify" },
{ Value, "client_connect", true, "/usr/bin/ovpn-clientconnect" },
{ Flag, "client_disconnect", false, 0 },
{ Value, "learn_address", true, "/usr/bin/ovpn-learnaddress" },
{ Value, "auth_user_pass_verify", true, "/usr/bin/ovpn-userpass via-env" },
} },
} },
{ "networking", {
-- socket config
{ "networking", {
{ ListValue, "mode", false, { "p2p", "server" } },
{ Value, "local", false, "0.0.0.0" },
{ Value, "port", false, 1194 },
{ Value, "lport", true, 1194 },
{ Value, "rport", true, 1194 },
{ Flag, "float", true, 0 },
{ Flag, "nobind", true, 0 },
{ Value, "dev", true, "tun0" },
{ ListValue, "dev_type", false, { "tun", "tap" } },
{ Value, "dev_node", true, "/dev/net/tun" },
{ Flag, "tun_ipv6", false, 0 },
{ Value, "ifconfig", true, "10.200.200.3 10.200.200.1" },
{ Flag, "ifconfig_noexec", false, 0 },
{ Flag, "ifconfig_nowarn", false, 0 },
{ DynamicList, "route", true, "10.123.0.0 255.255.0.0" },
{ Value, "route_gateway", true, "10.234.1.1" },
{ Value, "route_delay", true, 0 },
{ Flag, "route_noexec", false, 0 },
{ ListValue, "redirect_gateway", false, { "", "local", "def1", "local def1" } }, -- client
} },
-- connection tuning
{ "conntune", {
{ ListValue, "mtu_disc", false, { "yes", "maybe", "no" } },
{ Flag, "mtu_test", false, 0 },
{ Flag, "comp_lzo", false, 0 },
{ Flag, "comp_noadept", false, 0, { comp_lzo=1 } },
{ Value, "link_mtu", true, 1500 },
{ Value, "tun_mtu", true, 1500 },
{ Value, "tun_mtu_extra", true, 1500 },
{ Value, "fragment", true, 1500, { proto="udp" } },
{ Value, "mssfix", true, 1500, { proto="udp" } },
{ Value, "sndbuf", true, 65536 },
{ Value, "rcvbuf", true, 65536 },
{ Value, "txqueuelen", true, 100 },
{ Value, "shaper", true, 10240 },
} },
-- idle timeouts & persistence
{ "timeouts", {
{ Value, "inactive", true, 240 },
{ Value, "keepalive", true, "10 60" },
{ Value, "ping", true, 30 },
{ Value, "ping_exit", true, 120 },
{ Value, "ping_restart", true, 60 },
{ Flag, "ping_timer_rem", false, 0 },
{ Flag, "persist_tun", false, 0 },
{ Flag, "persist_key", false, 0 },
{ Flag, "persist_local_ip", false, 0 },
{ Flag, "persist_remote_ip", false, 0 },
} },
-- management channel
{ "management", {
{ Value, "management", false, "127.0.0.1 31194 /etc/openvpn/mngmt-pwds" },
{ Flag, "management_query_passwords",
true, 0 }, -- management
{ Flag, "management_hold", true, 0 }, -- management
{ Flag, "management_log_cache", true, 100 }, -- management
} }
} },
{ "role", {
{ "server", {
{ Value, "server", true, "10.200.200.0 255.255.255.0" },
{ Value, "server_bridge", true, "10.200.200.1 255.255.255.0 10.200.200.200 10.200.200.250" },
{ DynamicList, "push", true, { "redirect-gateway", "comp-lzo" } },
{ Flag, "push_reset", false, 0 },
{ Flag, "disable", false, 0 },
{ Value, "ifconfig_pool", true, "10.200.200.100 10.200.200.150 255.255.255.0" },
{ Value, "ifconfig_pool_persist", true, "/etc/openvpn/ipp.txt 600" },
{ Flag, "ifconfig_pool_linear", false, 0 },
{ Value, "ifconfig_push", true, "10.200.200.1 255.255.255.255" },
{ Value, "iroute", true, "10.200.200.0 255.255.255.0" },
{ Flag, "client_to_client", false, 0 },
{ Flag, "duplicate_cn", false, 0 },
{ Value, "client_config_dir", true, "/etc/openvpn/ccd" },
{ Flag, "ccd_exclusive", false, 0 },
{ Value, "tmp_dir", true, "/var/run/openvpn" },
{ Value, "hash_size", true, "256 256" },
{ Value, "bcast_buffers", true, 256 },
{ Value, "tcp_queue_limit", true, 64 },
{ Value, "max_clients", true, 10 },
{ Value, "max_routes_per_client", true, 256 },
{ Value, "connect_freq", true, "3 10" },
{ Flag, "client_cert_not_required", false, 0 },
{ Flag, "username_as_common_name", false, 0 },
} },
{ "client", {
{ Flag, "client", false, 0 },
{ Flag, "pull", false, 0 },
{ Value, "auth_user_pass", true, "/etc/openvpn/userpass.txt" },
{ ListValue, "auth_retry", true, { "none", "nointeract", "interact" } },
{ Value, "explicit_exit_notify", true, 1 },
{ DynamicList, "remote", false, "1.2.3.4" }, -- client
{ Flag, "remote_random", false, 1 }, -- client
{ ListValue, "proto", false, { "udp", "tcp-client", "tcp-server" } },
{ Value, "connect_retry", true, 5, { proto="tcp-client" } }, -- client && proto=tcp-client
{ Value, "http_proxy_server", true, "192.168.1.100 8080" }, -- client
{ Flag, "http_proxy_retry", false, 0 }, -- client && http_proxy_server
{ Value, "http_proxy_timeout", true, 5 }, -- client && http_proxy_server
{ DynamicList, "http_proxy_option", true, { "VERSION 1.0", "AGENT OpenVPN/2.0.9" } }, -- client && http_proxy_server
{ Value, "socks_proxy_server", true, "192.168.1.200 1080" }, -- client
{ Value, "socks_proxy_retry", true, 5 }, -- client && socks_proxy_server
{ Value, "resolv_retry", true, "infinite" }, -- client
} }
} },
{ "cryptography", {
{ "datachannel", {
{ Value, "secret", true, "/etc/openvpn/secret.key 1" },
{ Value, "auth", true, "SHA1" }, -- parse
{ Value, "cipher", true, "BF-CBC" }, -- parse
{ Value, "keysize", true, 1024 }, -- parse
{ Value, "engine", true, "dynamic" }, -- parse
{ Flag, "no_replay", false, 0 },
{ Value, "replay_window", true, "64 15" },
{ Flag, "mute_replay_warnings", false, 0 },
{ Value, "replay_persist", true, "/var/run/openvpn-replay-state" },
{ Flag, "no_iv", false, 0 },
} },
{ "tlsmode", {
{ Flag, "tls_server", false, 0 },
{ Flag, "tls_client", false, 0 },
{ Value, "ca", true, "/etc/easy-rsa/keys/ca.crt" },
{ Value, "dh", true, "/etc/easy-rsa/keys/dh1024.pem" },
{ Value, "cert", true, "/etc/easy-rsa/keys/some-client.crt" },
{ Value, "key", true, "/etc/easy-rsa/keys/some-client.key" },
{ Value, "pkcs12", true, "/etc/easy-rsa/keys/some-client.pk12" },
{ ListValue, "key_method", true, { 1, 2 } },
{ Value, "tls_cipher", true, "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5" },
{ Value, "tls_timeout", true, 2 },
{ Value, "reneg_bytes", true, 1024 },
{ Value, "reneg_pkts", true, 100 },
{ Value, "reneg_sec", true, 3600 },
{ Value, "hand_window", true, 60 },
{ Value, "tran_window", true, 3600 },
{ Flag, "single_session", false, 0 },
{ Flag, "tls_exit", false, 0 },
{ Value, "tls_auth", true, "/etc/openvpn/tlsauth.key 1" },
--{ Value, "askpass", true, "[file]" },
{ Flag, "auth_nocache", false, 0 },
{ Value, "tls_remote", true, "remote_x509_name" },
{ ListValue, "ns_cert_type", true, { "client", "server" } },
{ Value, "crl_verify", true, "/etc/easy-rsa/keys/crl.pem" },
} }
} }
}
local cts = { }
local params = { }
local uci = luci.model.uci.cursor()
local m = Map("openvpn")
local p = m:section( SimpleSection )
p.template = "openvpn/pageswitch"
p.category = arg[1]
p.csection = arg[2]
p.instance = arg[3]
for _, c in ipairs(knownParams) do
cts[#cts+1] = { c[1], { } }
for _, o in ipairs(c[2]) do
cts[#cts][2][#cts[#cts][2]+1] = o[1]
if c[1] == p.category and o[1] == p.csection then
params = o[2]
end
end
end
p.categories = cts
local s = m:section(
NamedSection, arg[3], "openvpn",
translate("openvpn_%s" % arg[2]),
translate("openvpn_%s_desc" % arg[2])
local s = m:section( TypedSection, "openvpn" )
s.template = "cbi/tblsection"
s.template_addremove = "openvpn/cbi-select-input-add"
s.addremove = true
s.add_select_options = { }
s.extedit = luci.dispatcher.build_url(
"admin", "services", "openvpn", "basic", "%s"
)
s.title = translate("openvpn_%s" % arg[2])
s.addremove = false
s.anonymous = true
for _, option in ipairs(params) do
local o = s:option(option[1], option[2])
o.optional = option[3]
if type(option[4]) == "table" then
if o.optional then o:value("", "-- remove --") end
for _, v in ipairs(option[4]) do
v = tostring(v)
o:value(v)
end
o.default = tostring(option[4][1])
else
o.default = tostring(option[4])
uci:load("openvpn_recipes")
uci:foreach( "openvpn_recipes", "openvpn_recipe",
function(section)
s.add_select_options[section['.name']] =
section['_description'] or section['.name']
end
)
for i=5,#option do
if type(option[i]) == "table" then
o:depends(option[i])
end
function s.parse(self, section)
local recipe = luci.http.formvalue(
luci.cbi.CREATE_PREFIX .. self.config .. "." ..
self.sectiontype .. ".select"
)
if recipe and not s.add_select_options[recipe] then
self.invalid_cts = true
else
TypedSection.parse( self, section )
end
end
function s.create(self, name)
local recipe = luci.http.formvalue(
luci.cbi.CREATE_PREFIX .. self.config .. "." ..
self.sectiontype .. ".select"
)
uci:section(
"openvpn", "openvpn", name,
uci:get_all( "openvpn_recipes", recipe )
)
uci:delete("openvpn", name, "_role")
uci:delete("openvpn", name, "_description")
uci:save("openvpn")
luci.http.redirect( self.extedit:format(name) )
end
s:option( Flag, "enable" )
local active = s:option( DummyValue, "_active" )
function active.cfgvalue(self, section)
if luci.fs.isfile("/var/run/openvpn_%s.pid" % section) then
local pid = io.lines("/var/run/openvpn_%s.pid" % section)()
if pid and #pid > 0 and tonumber(pid) ~= nil then
return (luci.sys.process.signal(pid, 0)) and "yes (" .. pid .. ")" or "no"
end
end
return "no"
end
local port = s:option( DummyValue, "port" )
function port.cfgvalue(self, section)
local val = AbstractValue.cfgvalue(self, section)
return val or "1194"
end
local proto = s:option( DummyValue, "proto" )
function proto.cfgvalue(self, section)
local val = AbstractValue.cfgvalue(self, section)
return val or "udp"
end
return m

11
applications/luci-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm Normal file
View file

@ -0,0 +1,11 @@
<div class="cbi-section-create">
<% if self.invalid_cts then -%><div class="cbi-section-error"><% end %>
<input type="text" class="cbi-section-create-name" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>" />
<select class="cbi-section-create-name" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>.select">
<%- for k, v in luci.util.kspairs(self.add_select_options) do %>
<option value="<%=k%>"><%=luci.util.pcdata(v)%></option>
<% end -%>
</select>
<input class="cbi-button cbi-button-add" type="submit" value="<%:cbi_add%>" title="<%:cbi_add%>" />
<% if self.invalid_cts then %><br /><%:cbi_invalid%></div><% end %>
</div>

33
applications/luci-openvpn/luasrc/view/openvpn/pageswitch.htm
View file

@ -9,28 +9,31 @@ You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
$Id: value.htm 3333 2008-09-16 10:08:20Z Cyrus $
$Id$
-%>
<fieldset class="cbi-section">
<legend>
<a href="<%=luci.dispatcher.build_url("admin", "services", "openvpn")%>"><%:openvpn_overview Overview%></a> &raquo;
<a href="<%=luci.dispatcher.build_url("admin", "services", "openvpn", self.instance)%>"><%=self.instance%></a>
<a href="<%=luci.dispatcher.build_url("admin", "services", "openvpn", self.mode, self.instance)%>"><%=self.instance%></a>
</legend>
<ul><% for _, c in ipairs(self.categories) do %>
<li><%=c[1]%><ul><li>
<% for i, s in ipairs(c[2]) do %>
<% if s == self.csection then %>
<strong><%=translate("openvpn_%s" % s, s)%></strong>
<% else %>
<a href="<%=luci.dispatcher.build_url(
"admin", "services", "openvpn", c[1], s, self.instance
)%>"><%=translate("openvpn_%s" % s, s)%></a>
<% end %>
<% if next(c[2], i) then %>|<% end %>
<% if self.mode == "basic" then %>
<a href="<%=luci.dispatcher.build_url("admin", "services", "openvpn", "advanced", self.instance)%>"><%:openvpn_switch_advanced Switch to advanced configuration &raquo;%></a>
<% else %>
<a href="<%=luci.dispatcher.build_url("admin", "services", "openvpn", "basic", self.instance)%>"><%:openvpn_switch_basic &laquo; Switch to basic configuration%></a>
<hr style="margin:0.5em 0" />
<%:openvpn_confcategory Configuration category%>:
<% for i, c in ipairs(self.categories) do %>
<% if c == self.category then %>
<strong><%=translate("openvpn_%s" % c, c)%></strong>
<% else %>
<a href="<%=luci.dispatcher.build_url(
"admin", "services", "openvpn", "advanced", self.instance, c
)%>"><%=translate("openvpn_%s" % c, c)%></a>
<% end %>
</li></ul></li>
<% end %></ul>
<% if next(self.categories, i) then %>|<% end %>
<% end %>
<% end %>
</fieldset>

6
applications/luci-openvpn/root/etc/config/openvpn_recipes
View file

@ -16,7 +16,7 @@ config openvpn_recipe client_tun_ptp
option _description "Simple client configuration for a routed point-to-point VPN"
option _role "client"
option dev "tun"
option remote "mypeer.dyndns.org"
list remote "mypeer.dyndns.org"
option port "1194"
option ifconfig "10.0.0.2 10.0.0.1"
option secret "shared-secret.key"
@ -48,7 +48,7 @@ config openvpn_recipe client_tun
option _role "client"
option client "1"
option dev "tun"
option remote "vpnserver.example.org 1194"
list remote "vpnserver.example.org 1194"
option ca "ca.crt"
option cert "my_client.crt"
option key "my_client.key"
@ -84,7 +84,7 @@ config openvpn_recipe client_tap_bridge
option _role "client"
option client "1"
option dev "tap"
option remote "vpnserver.example.org 1194"
list remote "vpnserver.example.org 1194"
option ca "ca.crt"
option cert "my_client.crt"
option key "my_client.key"