Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

applications/openvpn: Fix column ordering, depends need to be in the last column (but still don't work)

Browse source
This commit is contained in:
Manuel Munz 2011-10-24 18:18:09 +00:00
parent 6245ad6a73
commit cb82c32769
1 changed files with 158 additions and 157 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

101
applications/luci-openvpn/luasrc/model/cbi/openvpn-advanced.lua
View file

@ -18,7 +18,7 @@ require("luci.model.uci")
local knownParams = {
--
-- Widget Name Default(s) Option(s) Description
-- Widget Name Default(s) Description Option(s)
--
{ "Service", {
@ -52,14 +52,14 @@ local knownParams = {
{ Flag, "down_pre", 0, translate("Call down cmd/script before TUN/TAP close") },
{ Flag, "up_restart", 0, translate("Run up/down scripts for all restarts") },
{ Value, "route_up", "/usr/bin/ovpn-routeup", translate("Execute shell cmd after routes are added") },
{ Value, "ipchange", "/usr/bin/ovpn-ipchange", { mode="p2p" }, translate("Execute shell command on remote ip change") },
{ Value, "ipchange", "/usr/bin/ovpn-ipchange", translate("Execute shell command on remote ip change"), { mode="p2p" } },
{ DynamicList, "setenv", { "VAR1 value1", "VAR2 value2" }, translate("Pass environment variables to script") },
{ Value, "tls_verify", "/usr/bin/ovpn-tlsverify", translate("Shell command to verify X509 name") },
{ Value, "client_connect", "/usr/bin/ovpn-clientconnect", translate("Run script cmd on client connection") },
{ Flag, "client_disconnect", 0, translate("Run script cmd on client disconnection") },
{ Value, "learn_address", "/usr/bin/ovpn-learnaddress", translate("Executed in server mode whenever an IPv4 address/route or MAC address is added to OpenVPN's internal routing table") },
{ Value, "auth_user_pass_verify", "/usr/bin/ovpn-userpass via-env", translate("Executed in server mode on new client connections, when the client is still untrusted") },
{ ListValue, "script_security", { 0, 1, 2, 3 }, {mode="server" }, translate("Policy level over usage of external programs and scripts") },
{ ListValue, "script_security", { 0, 1, 2, 3 }, translate("Policy level over usage of external programs and scripts"), {mode="server" } },
} },
{ "Networking", {
@ -89,12 +89,12 @@ local knownParams = {
{ ListValue, "mtu_disc", { "yes", "maybe", "no" }, translate("Enable Path MTU discovery") },
{ Flag, "mtu_test", 0, translate("Empirically measure MTU") },
{ Flag, "comp_lzo", 0, translate("Use fast LZO compression") },
{ Flag, "comp_noadapt", 0, { comp_lzo=1 }, translate("Don't use adaptive lzo compression") },
{ Flag, "comp_noadapt", 0, translate("Don't use adaptive lzo compression"), { comp_lzo=1 } },
{ Value, "link_mtu", 1500, translate("Set TCP/UDP MTU") },
{ Value, "tun_mtu", 1500, translate("Set tun/tap device MTU") },
{ Value, "tun_mtu_extra", 1500, translate("Set tun/tap device overhead") },
{ Value, "fragment", 1500, { proto="udp" }, translate("Enable internal datagram fragmentation") },
{ Value, "mssfix", 1500, { proto="udp" }, translate("Set upper bound on TCP MSS") },
{ Value, "fragment", 1500, translate("Enable internal datagram fragmentation"), { proto="udp" } },
{ Value, "mssfix", 1500, translate("Set upper bound on TCP MSS"), { proto="udp" } },
{ Value, "sndbuf", 65536, translate("Set the TCP/UDP send buffer size") },
{ Value, "rcvbuf", 65536, translate("Set the TCP/UDP receive buffer size") },
{ Value, "txqueuelen", 100, translate("Set tun/tap TX queue length") },
@ -117,50 +117,50 @@ local knownParams = {
{ Flag, "management_query_passwords", 0, translate("Query management channel for private key") }, -- management
{ Flag, "management_hold", 0, translate("Start OpenVPN in a hibernating state") }, -- management
{ Value, "management_log_cache", 100, translate("Number of lines for log file history") }, -- management
{ ListValue, "topology", { "net30", "p2p", "subnet" }, {dev_type="tun" }, translate("'net30', 'p2p', or 'subnet'") },
{ ListValue, "topology", { "net30", "p2p", "subnet" }, translate("'net30', 'p2p', or 'subnet'"), {dev_type="tun" } },
} },
{ "VPN", {
{ Value, "server", "10.200.200.0 255.255.255.0", { server_mode="1" }, translate("Configure server mode") },
{ Value, "server_bridge", "10.200.200.1 255.255.255.0 10.200.200.200 10.200.200.250", { server_mode="1" }, translate("Configure server bridge") },
{ DynamicList, "push", { "redirect-gateway", "comp-lzo" }, { server_mode="1" }, translate("Push options to peer") },
{ Flag, "push_reset", 0, { server_mode="1" }, translate("Don't inherit global push options") },
{ Flag, "disable", 0, { server_mode="1" }, translate("Client is disabled") },
{ Value, "ifconfig_pool", "10.200.200.100 10.200.200.150 255.255.255.0", { server_mode="1" }, translate("Set aside a pool of subnets") },
{ Value, "ifconfig_pool_persist", "/etc/openvpn/ipp.txt 600", { server_mode="1" }, translate("Persist/unpersist ifconfig-pool") },
-- { Flag, "ifconfig_pool_linear", 0, { server_mode="1" }, translate("Use individual addresses rather than /30 subnets") }, -- deprecated and replaced by --topology p2p
{ Value, "ifconfig_push", "10.200.200.1 255.255.255.255", { server_mode="1" }, translate("Push an ifconfig option to remote") },
{ Value, "iroute", "10.200.200.0 255.255.255.0", { server_mode="1" }, translate("Route subnet to client") },
{ Flag, "client_to_client", 0, { server_mode="1" }, translate("Allow client-to-client traffic") },
{ Flag, "duplicate_cn", 0, { server_mode="1" }, translate("Allow multiple clients with same certificate") },
{ Value, "client_config_dir", "/etc/openvpn/ccd", { server_mode="1" }, translate("Directory for custom client config files") },
{ Flag, "ccd_exclusive", 0, { server_mode="1" }, translate("Refuse connection if no custom client config") },
{ Value, "tmp_dir", "/var/run/openvpn", { server_mode="1" }, translate("Temporary directory for client-connect return file") },
{ Value, "hash_size", "256 256", { server_mode="1" }, translate("Set size of real and virtual address hash tables") },
{ Value, "bcast_buffers", 256, { server_mode="1" }, translate("Number of allocated broadcast buffers") },
{ Value, "tcp_queue_limit", 64, { server_mode="1" }, translate("Maximum number of queued TCP output packets") },
{ Value, "max_clients", 10, { server_mode="1" }, translate("Allowed maximum of connected clients") },
{ Value, "max_routes_per_client", 256, { server_mode="1" }, translate("Allowed maximum of internal") },
{ Value, "connect_freq", "3 10", { server_mode="1" }, translate("Allowed maximum of new connections") },
{ Flag, "client_cert_not_required", 0, { server_mode="1" }, translate("Don't require client certificate") },
{ Flag, "username_as_common_name", 0, { server_mode="1" }, translate("Use username as common name") },
{ Flag, "client", 0, { server_mode="0" }, { server_mode="" }, translate("Configure client mode") },
{ Flag, "pull", 0, { client="1" }, translate("Accept options pushed from server") },
{ Value, "auth_user_pass", "/etc/openvpn/userpass.txt", { client="1" }, translate("Authenticate using username/password") },
{ ListValue, "auth_retry", { "none", "nointeract", "interact" }, { client="1" }, translate("Handling of authentication failures") },
{ Value, "explicit_exit_notify", 1, { client="1" }, translate("Send notification to peer on disconnect") },
{ DynamicList, "remote", "1.2.3.4", { client="1" }, translate("Remote host name or ip address") }, -- client
{ Flag, "remote_random", 1, { client="1" }, translate("Randomly choose remote server") }, -- client
{ ListValue, "proto", { "udp", "tcp-client", "tcp-server" }, { client="1" }, translate("Use protocol") },
{ Value, "connect_retry", 5, { proto="tcp-client" }, { client="1" }, translate("Connection retry interval") }, -- client && proto=tcp-client
{ Value, "http_proxy", "192.168.1.100 8080", { client="1" }, translate("Connect to remote host through an HTTP proxy") }, -- client
{ Flag, "http_proxy_retry", 0, { client="1" }, translate("Retry indefinitely on HTTP proxy errors") }, -- client && http_proxy
{ Value, "http_proxy_timeout", 5, { client="1" }, translate("Proxy timeout in seconds") }, -- client && http_proxy
{ DynamicList, "http_proxy_option", { "VERSION 1.0", "AGENT OpenVPN/2.0.9" }, { client="1" }, translate("Set extended HTTP proxy options") }, -- client && http_proxy
{ Value, "socks_proxy", "192.168.1.200 1080", { client="1" }, translate("Connect through Socks5 proxy") }, -- client
{ Value, "socks_proxy_retry", 5, { client="1" }, translate("Retry indefinitely on Socks proxy errors") }, -- client && socks_proxy
{ Value, "resolv_retry", "infinite", { client="1" }, translate("If hostname resolve fails, retry") }, -- client
{ ListValue, "redirect_gateway", { "", "local", "def1", "local def1" }, { client="1" }, translate("Automatically redirect default route") }, -- client
{ Value, "server", "10.200.200.0 255.255.255.0", translate("Configure server mode"), { server_mode="1" } },
{ Value, "server_bridge", "10.200.200.1 255.255.255.0 10.200.200.200 10.200.200.250", translate("Configure server bridge"), { server_mode="1" } },
{ DynamicList, "push", { "redirect-gateway", "comp-lzo" }, translate("Push options to peer"), { server_mode="1" } },
{ Flag, "push_reset", 0, translate("Don't inherit global push options"), { server_mode="1" } },
{ Flag, "disable", 0, translate("Client is disabled"), { server_mode="1" } },
{ Value, "ifconfig_pool", "10.200.200.100 10.200.200.150 255.255.255.0", translate("Set aside a pool of subnets"), { server_mode="1" } },
{ Value, "ifconfig_pool_persist", "/etc/openvpn/ipp.txt 600", translate("Persist/unpersist ifconfig-pool"), { server_mode="1" } },
-- { Flag, "ifconfig_pool_linear", 0, translate("Use individual addresses rather than /30 subnets"), { server_mode="1" } }, -- deprecated and replaced by --topology p2p
{ Value, "ifconfig_push", "10.200.200.1 255.255.255.255", translate("Push an ifconfig option to remote"), { server_mode="1" } },
{ Value, "iroute", "10.200.200.0 255.255.255.0", translate("Route subnet to client"), { server_mode="1" } },
{ Flag, "client_to_client", 0, translate("Allow client-to-client traffic"), { server_mode="1" } },
{ Flag, "duplicate_cn", 0, translate("Allow multiple clients with same certificate"), { server_mode="1" } },
{ Value, "client_config_dir", "/etc/openvpn/ccd", translate("Directory for custom client config files"), { server_mode="1" } },
{ Flag, "ccd_exclusive", 0, translate("Refuse connection if no custom client config"), { server_mode="1" } },
{ Value, "tmp_dir", "/var/run/openvpn", translate("Temporary directory for client-connect return file"), { server_mode="1" } },
{ Value, "hash_size", "256 256", translate("Set size of real and virtual address hash tables"), { server_mode="1" } },
{ Value, "bcast_buffers", 256, translate("Number of allocated broadcast buffers"), { server_mode="1" } },
{ Value, "tcp_queue_limit", 64, translate("Maximum number of queued TCP output packets"), { server_mode="1" } },
{ Value, "max_clients", 10, translate("Allowed maximum of connected clients"), { server_mode="1" } },
{ Value, "max_routes_per_client", 256, translate("Allowed maximum of internal"), { server_mode="1" } },
{ Value, "connect_freq", "3 10", translate("Allowed maximum of new connections"), { server_mode="1" } },
{ Flag, "client_cert_not_required", 0, translate("Don't require client certificate"), { server_mode="1" } },
{ Flag, "username_as_common_name", 0, translate("Use username as common name"), { server_mode="1" } },
{ Flag, "client", 0, translate("Configure client mode"), { server_mode="0" }, { server_mode="" } },
{ Flag, "pull", 0, translate("Accept options pushed from server"), { client="1" } },
{ Value, "auth_user_pass", "/etc/openvpn/userpass.txt", translate("Authenticate using username/password"), { client="1" } },
{ ListValue, "auth_retry", { "none", "nointeract", "interact" }, translate("Handling of authentication failures"), { client="1" } },
{ Value, "explicit_exit_notify", 1, translate("Send notification to peer on disconnect"), { client="1" } },
{ DynamicList, "remote", "1.2.3.4", translate("Remote host name or ip address"), { client="1" } },
{ Flag, "remote_random", 1, translate("Randomly choose remote server"), { client="1" } },
{ ListValue, "proto", { "udp", "tcp-client", "tcp-server" }, translate("Use protocol"), { client="1" } },
{ Value, "connect_retry", 5, translate("Connection retry interval"), { proto="tcp-client" }, { client="1" } },
{ Value, "http_proxy", "192.168.1.100 8080", translate("Connect to remote host through an HTTP proxy"), { client="1" } },
{ Flag, "http_proxy_retry", 0, translate("Retry indefinitely on HTTP proxy errors"), { client="1" } },
{ Value, "http_proxy_timeout", 5, translate("Proxy timeout in seconds"), { client="1" } },
{ DynamicList, "http_proxy_option", { "VERSION 1.0", "AGENT OpenVPN/2.0.9" }, translate("Set extended HTTP proxy options"), { client="1" } },
{ Value, "socks_proxy", "192.168.1.200 1080", translate("Connect through Socks5 proxy"), { client="1" } },
{ Value, "socks_proxy_retry", 5, translate("Retry indefinitely on Socks proxy errors"), { client="1" } }, -- client && socks_proxy
{ Value, "resolv_retry", "infinite", translate("If hostname resolve fails, retry"), { client="1" } },
{ ListValue, "redirect_gateway", { "", "local", "def1", "local def1" }, translate("Automatically redirect default route"), { client="1" } },
} },
{ "Cryptography", {
@ -174,15 +174,16 @@ local knownParams = {
{ Flag, "mute_replay_warnings", 0, translate("Silence the output of replay warnings") },
{ Value, "replay_persist", "/var/run/openvpn-replay-state", translate("Persist replay-protection state") },
{ Flag, "no_iv", 0, translate("Disable cipher initialisation vector") },
{ Flag, "tls_server", 0, { tls_client="" }, { tls_client="0" }, translate("Enable TLS and assume server role") },
{ Flag, "tls_client", 0, { tls_server="" }, { tls_server="0" }, translate("Enable TLS and assume client role") },
{ Flag, "tls_server", 0, translate("Enable TLS and assume server role"), { tls_client="" }, { tls_client="0" } },
{ Flag, "tls_client", 0, translate("Enable TLS and assume client role"), { tls_server="" }, { tls_server="0" } },
{ FileUpload, "ca", "/etc/easy-rsa/keys/ca.crt", translate("Certificate authority") },
{ FileUpload, "dh", "/etc/easy-rsa/keys/dh1024.pem", translate("Diffie Hellman parameters") },
{ FileUpload, "cert", "/etc/easy-rsa/keys/some-client.crt", translate("Local certificate") },
{ FileUpload, "key", "/etc/easy-rsa/keys/some-client.key", translate("Local private key") },
{ FileUpload, "pkcs12", "/etc/easy-rsa/keys/some-client.pk12", translate("PKCS#12 file containing keys") },
{ ListValue, "key_method", { 1, 2 }, translate("Enable TLS and assume client role") },
{ Value, "tls_cipher", "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5", translate("TLS cipher") },
{ Value, "tls_cipher", "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5",
translate("TLS cipher") },
{ Value, "tls_timeout", 2, translate("Retransmit timeout on TLS control channel") },
{ Value, "reneg_bytes", 1024, translate("Renegotiate data chan. key after bytes") },
{ Value, "reneg_pkts", 100, translate("Renegotiate data chan. key after packets") },