diff options
Diffstat (limited to 'applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua')
| -rw-r--r-- | applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua | 129 |
1 files changed, 118 insertions, 11 deletions
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua index 6dc43bec24..40201baceb 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua @@ -1,9 +1,7 @@ -- Copyright 2008 Steven Barth <steven@midlink.org> -- Licensed to the public under the Apache License 2.0. -require("luci.ip") -require("luci.model.uci") - +local fs = require("nixio.fs") local knownParams = { -- @@ -160,6 +158,10 @@ local knownParams = { "script_security", { 0, 1, 2, 3 }, translate("Policy level over usage of external programs and scripts") }, + { ListValue, + "compress", + { "lzo", "lz4" }, + translate("Enable a compression algorithm") }, } }, { "Networking", { @@ -236,6 +238,10 @@ local knownParams = { "route_nopull", 0, translate("Don't pull routes automatically") }, + { Flag, + "allow_recursive_routing", + 0, + translate("Don't drop incoming tun packets with same destination as host") }, { ListValue, "mtu_disc", { "yes", "maybe", "no" }, @@ -244,6 +250,15 @@ local knownParams = { "mtu_test", 0, translate("Empirically measure MTU") }, + { ListValue, + "comp_lzo", + { "yes", "no", "adaptive" }, + translate("Use fast LZO compression") }, + { Flag, + "comp_noadapt", + 0, + translate("Don't use adaptive lzo compression"), + { comp_lzo=1 } }, { Value, "link_mtu", 1500, @@ -362,7 +377,7 @@ local knownParams = { { client="0" }, { client="" } }, { DynamicList, "push", - { "redirect-gateway" }, + { "redirect-gateway", "comp-lzo" }, translate("Push options to peer"), { client="0" }, { client="" } }, { Flag, @@ -464,7 +479,7 @@ local knownParams = { 0, translate("Accept options pushed from server"), { client="1" } }, - { Value, + { FileUpload, "auth_user_pass", "/etc/openvpn/userpass.txt", translate("Authenticate using username/password"), @@ -540,6 +555,10 @@ local knownParams = { { "", "local", "def1", "local def1" }, translate("Automatically redirect default route"), { client="1" } }, + { Value, + "verify_client_cert", + { "none", "optional", "require" }, + translate("Specify whether the client is required to supply a valid certificate") }, } }, { "Cryptography", { @@ -555,7 +574,51 @@ local knownParams = { -- parse { Value, "cipher", - "BF-CBC", + { + "AES-128-CBC", + "AES-128-CFB", + "AES-128-CFB1", + "AES-128-CFB8", + "AES-128-GCM", + "AES-128-OFB", + "AES-192-CBC", + "AES-192-CFB", + "AES-192-CFB1", + "AES-192-CFB8", + "AES-192-GCM", + "AES-192-OFB", + "AES-256-CBC", + "AES-256-CFB", + "AES-256-CFB1", + "AES-256-CFB8", + "AES-256-GCM", + "AES-256-OFB", + "BF-CBC", + "BF-CFB", + "BF-OFB", + "CAST5-CBC", + "CAST5-CFB", + "CAST5-OFB", + "DES-CBC", + "DES-CFB", + "DES-CFB1", + "DES-CFB8", + "DES-EDE-CBC", + "DES-EDE-CFB", + "DES-EDE-OFB", + "DES-EDE3-CBC", + "DES-EDE3-CFB", + "DES-EDE3-CFB1", + "DES-EDE3-CFB8", + "DES-EDE3-OFB", + "DES-OFB", + "DESX-CBC", + "RC2-40-CBC", + "RC2-64-CBC", + "RC2-CBC", + "RC2-CFB", + "RC2-OFB" + }, translate("Encryption cipher for packets") }, -- parse { Value, @@ -689,10 +752,18 @@ local knownParams = { "tls_version_max", "1.2", translate("The highest supported TLS version") }, - { Value, + { ListValue, "key_direction", - "1", + { 0, 1 }, translate("The key direction for 'tls-auth' and 'secret' options") }, + { Flag, + "ncp_disable", + 0, + translate("This completely disables cipher negotiation") }, + { Value, + "ncp_ciphers", + "AES-256-GCM:AES-128-GCM", + translate("Restrict the allowed ciphers to be negotiated") }, } } } @@ -701,8 +772,10 @@ local cts = { } local params = { } local m = Map("openvpn") -local p = m:section( SimpleSection ) +m.redirect = luci.dispatcher.build_url("admin", "services", "openvpn") +m.apply_on_parse = true +local p = m:section( SimpleSection ) p.template = "openvpn/pageswitch" p.mode = "advanced" p.instance = arg[1] @@ -732,8 +805,44 @@ for _, option in ipairs(params) do option[2], option[4] ) + o.optional = true + if option[1] == DummyValue then o.value = option[3] + elseif option[1] == FileUpload then + + function o.cfgvalue(self, section) + local cfg_val = AbstractValue.cfgvalue(self, section) + + if cfg_val then + return cfg_val + end + end + + function o.formvalue(self, section) + local sel_val = AbstractValue.formvalue(self, section) + local txt_val = luci.http.formvalue("cbid."..self.map.config.."."..section.."."..self.option..".textbox") + + if sel_val and sel_val ~= "" then + return sel_val + end + + if txt_val and txt_val ~= "" then + return txt_val + end + end + + function o.remove(self, section) + local cfg_val = AbstractValue.cfgvalue(self, section) + local txt_val = luci.http.formvalue("cbid."..self.map.config.."."..section.."."..self.option..".textbox") + + if cfg_val and fs.access(cfg_val) and txt_val == "" then + fs.unlink(cfg_val) + end + return AbstractValue.remove(self, section) + end + elseif option[1] == Flag then + o.default = nil else if option[1] == DynamicList then function o.cfgvalue(...) @@ -742,8 +851,6 @@ for _, option in ipairs(params) do end end - o.optional = true - if type(option[3]) == "table" then if o.optional then o:value("", "-- remove --") end for _, v in ipairs(option[3]) do |