diff options
Diffstat (limited to 'applications/luci-app-openvpn/luasrc')
8 files changed, 311 insertions, 78 deletions
diff --git a/applications/luci-app-openvpn/luasrc/controller/openvpn.lua b/applications/luci-app-openvpn/luasrc/controller/openvpn.lua index 61592d0fac..c9a932d870 100644 --- a/applications/luci-app-openvpn/luasrc/controller/openvpn.lua +++ b/applications/luci-app-openvpn/luasrc/controller/openvpn.lua @@ -18,7 +18,7 @@ function ovpn_upload() local util = require("luci.util") local uci = require("luci.model.uci").cursor() local upload = http.formvalue("ovpn_file") - local name = string.gsub(util.shellquote(http.formvalue("instance_name2")), "'", "") + local name = http.formvalue("instance_name2") local file = "/etc/openvpn/" ..name.. ".ovpn" if name and upload then diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua index 6dc43bec24..25d1481f8a 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua @@ -1,9 +1,7 @@ -- Copyright 2008 Steven Barth <steven@midlink.org> -- Licensed to the public under the Apache License 2.0. -require("luci.ip") -require("luci.model.uci") - +local fs = require("nixio.fs") local knownParams = { -- @@ -160,6 +158,10 @@ local knownParams = { "script_security", { 0, 1, 2, 3 }, translate("Policy level over usage of external programs and scripts") }, + { ListValue, + "compress", + { "lzo", "lz4" }, + translate("Enable a compression algorithm") }, } }, { "Networking", { @@ -236,6 +238,10 @@ local knownParams = { "route_nopull", 0, translate("Don't pull routes automatically") }, + { Flag, + "allow_recursive_routing", + 0, + translate("Don't drop incoming tun packets with same destination as host") }, { ListValue, "mtu_disc", { "yes", "maybe", "no" }, @@ -464,7 +470,7 @@ local knownParams = { 0, translate("Accept options pushed from server"), { client="1" } }, - { Value, + { FileUpload, "auth_user_pass", "/etc/openvpn/userpass.txt", translate("Authenticate using username/password"), @@ -540,6 +546,10 @@ local knownParams = { { "", "local", "def1", "local def1" }, translate("Automatically redirect default route"), { client="1" } }, + { Value, + "verify_client_cert", + { "none", "optional", "require" }, + translate("Specify whether the client is required to supply a valid certificate") }, } }, { "Cryptography", { @@ -555,7 +565,51 @@ local knownParams = { -- parse { Value, "cipher", - "BF-CBC", + { + "AES-128-CBC", + "AES-128-CFB", + "AES-128-CFB1", + "AES-128-CFB8", + "AES-128-GCM", + "AES-128-OFB", + "AES-192-CBC", + "AES-192-CFB", + "AES-192-CFB1", + "AES-192-CFB8", + "AES-192-GCM", + "AES-192-OFB", + "AES-256-CBC", + "AES-256-CFB", + "AES-256-CFB1", + "AES-256-CFB8", + "AES-256-GCM", + "AES-256-OFB", + "BF-CBC", + "BF-CFB", + "BF-OFB", + "CAST5-CBC", + "CAST5-CFB", + "CAST5-OFB", + "DES-CBC", + "DES-CFB", + "DES-CFB1", + "DES-CFB8", + "DES-EDE-CBC", + "DES-EDE-CFB", + "DES-EDE-OFB", + "DES-EDE3-CBC", + "DES-EDE3-CFB", + "DES-EDE3-CFB1", + "DES-EDE3-CFB8", + "DES-EDE3-OFB", + "DES-OFB", + "DESX-CBC", + "RC2-40-CBC", + "RC2-64-CBC", + "RC2-CBC", + "RC2-CFB", + "RC2-OFB" + }, translate("Encryption cipher for packets") }, -- parse { Value, @@ -689,10 +743,18 @@ local knownParams = { "tls_version_max", "1.2", translate("The highest supported TLS version") }, - { Value, + { ListValue, "key_direction", - "1", + { 0, 1 }, translate("The key direction for 'tls-auth' and 'secret' options") }, + { Flag, + "ncp_disable", + 0, + translate("This completely disables cipher negotiation") }, + { Value, + "ncp_ciphers", + "AES-256-GCM:AES-128-GCM", + translate("Restrict the allowed ciphers to be negotiated") }, } } } @@ -701,8 +763,10 @@ local cts = { } local params = { } local m = Map("openvpn") -local p = m:section( SimpleSection ) +m.redirect = luci.dispatcher.build_url("admin", "services", "openvpn") +m.apply_on_parse = true +local p = m:section( SimpleSection ) p.template = "openvpn/pageswitch" p.mode = "advanced" p.instance = arg[1] @@ -732,8 +796,44 @@ for _, option in ipairs(params) do option[2], option[4] ) + o.optional = true + if option[1] == DummyValue then o.value = option[3] + elseif option[1] == FileUpload then + + function o.cfgvalue(self, section) + local cfg_val = AbstractValue.cfgvalue(self, section) + + if cfg_val then + return cfg_val + end + end + + function o.formvalue(self, section) + local sel_val = AbstractValue.formvalue(self, section) + local txt_val = luci.http.formvalue("cbid."..self.map.config.."."..section.."."..self.option..".textbox") + + if sel_val and sel_val ~= "" then + return sel_val + end + + if txt_val and txt_val ~= "" then + return txt_val + end + end + + function o.remove(self, section) + local cfg_val = AbstractValue.cfgvalue(self, section) + local txt_val = luci.http.formvalue("cbid."..self.map.config.."."..section.."."..self.option..".textbox") + + if cfg_val and fs.access(cfg_val) and txt_val == "" then + fs.unlink(cfg_val) + end + return AbstractValue.remove(self, section) + end + elseif option[1] == Flag then + o.default = nil else if option[1] == DynamicList then function o.cfgvalue(...) @@ -742,8 +842,6 @@ for _, option in ipairs(params) do end end - o.optional = true - if type(option[3]) == "table" then if o.optional then o:value("", "-- remove --") end for _, v in ipairs(option[3]) do diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua index 6b6323e078..3e9137baeb 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua @@ -1,45 +1,100 @@ -- Copyright 2008 Steven Barth <steven@midlink.org> -- Licensed to the public under the Apache License 2.0. -require("luci.ip") -require("luci.model.uci") +local fs = require("nixio.fs") local basicParams = { - -- + -- -- Widget, Name, Default(s), Description -- - - { ListValue, "verb", { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 }, translate("Set output verbosity") }, - { Value, "nice",0, translate("Change process priority") }, - { Value,"port",1194, translate("TCP/UDP port # for both local and remote") }, - { ListValue,"dev_type",{ "tun", "tap" }, translate("Type of used device") }, - - { Value,"ifconfig","10.200.200.3 10.200.200.1", translate("Set tun/tap adapter parameters") }, - { Value,"server","10.200.200.0 255.255.255.0", translate("Configure server mode") }, - { Value,"server_bridge","192.168.1.1 255.255.255.0 192.168.1.128 192.168.1.254", translate("Configure server bridge") }, - { Flag,"nobind",0, translate("Do not bind to local address and port") }, - - { Value,"keepalive","10 60", translate("Helper directive to simplify the expression of --ping and --ping-restart in server mode configurations") }, - - { ListValue,"proto",{ "udp", "tcp-client", "tcp-server" }, translate("Use protocol") }, - - { Flag,"client",0, translate("Configure client mode") }, - { Flag,"client_to_client",0, translate("Allow client-to-client traffic") }, - { DynamicList,"remote","vpnserver.example.org", translate("Remote host name or ip address") }, - - { FileUpload,"secret","/etc/openvpn/secret.key", translate("Enable Static Key encryption mode (non-TLS)") }, - { Value,"key_direction","1", translate("The key direction for 'tls-auth' and 'secret' options") }, - { FileUpload,"pkcs12","/etc/easy-rsa/keys/some-client.pk12", translate("PKCS#12 file containing keys") }, - { FileUpload,"ca","/etc/easy-rsa/keys/ca.crt", translate("Certificate authority") }, - { FileUpload,"dh","/etc/easy-rsa/keys/dh1024.pem", translate("Diffie Hellman parameters") }, - { FileUpload,"cert","/etc/easy-rsa/keys/some-client.crt", translate("Local certificate") }, - { FileUpload,"key","/etc/easy-rsa/keys/some-client.key", translate("Local private key") }, + { ListValue, + "verb", + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 }, + translate("Set output verbosity") }, + { Value, + "nice", + 0, + translate("Change process priority") }, + { Value, + "port", + 1194, + translate("TCP/UDP port # for both local and remote") }, + { ListValue, + "dev_type", + { "tun", "tap" }, + translate("Type of used device") }, + { Value, + "ifconfig", + "10.200.200.3 10.200.200.1", + translate("Set tun/tap adapter parameters") }, + { Value, + "server", + "10.200.200.0 255.255.255.0", + translate("Configure server mode") }, + { Value, + "server_bridge", + "192.168.1.1 255.255.255.0 192.168.1.128 192.168.1.254", + translate("Configure server bridge") }, + { Flag, + "nobind", + 0, + translate("Do not bind to local address and port") }, + { Value, + "keepalive", + "10 60", + translate("Helper directive to simplify the expression of --ping and --ping-restart in server mode configurations") }, + { ListValue, + "proto", + { "udp", "tcp-client", "tcp-server" }, + translate("Use protocol") }, + { Flag, + "client", + 0, + translate("Configure client mode") }, + { Flag, + "client_to_client", + 0, + translate("Allow client-to-client traffic") }, + { DynamicList, + "remote", + "vpnserver.example.org", + translate("Remote host name or ip address") }, + { FileUpload, + "secret", + "/etc/openvpn/secret.key", + translate("Enable Static Key encryption mode (non-TLS)") }, + { ListValue, + "key_direction", + { 0, 1 }, + translate("The key direction for 'tls-auth' and 'secret' options") }, + { FileUpload, + "pkcs12", + "/etc/easy-rsa/keys/some-client.pk12", + translate("PKCS#12 file containing keys") }, + { FileUpload, + "ca", + "/etc/easy-rsa/keys/ca.crt", + translate("Certificate authority") }, + { FileUpload, + "dh", + "/etc/easy-rsa/keys/dh1024.pem", + translate("Diffie Hellman parameters") }, + { FileUpload, + "cert", + "/etc/easy-rsa/keys/some-client.crt", + translate("Local certificate") }, + { FileUpload, + "key", + "/etc/easy-rsa/keys/some-client.key", + translate("Local private key") }, } local m = Map("openvpn") -local p = m:section( SimpleSection ) +m.redirect = luci.dispatcher.build_url("admin", "services", "openvpn") +m.apply_on_parse = true +local p = m:section( SimpleSection ) p.template = "openvpn/pageswitch" p.mode = "basic" p.instance = arg[1] @@ -52,11 +107,45 @@ for _, option in ipairs(basicParams) do option[1], option[2], option[2], option[4] ) - + o.optional = true if option[1] == DummyValue then o.value = option[3] + elseif option[1] == FileUpload then + + function o.cfgvalue(self, section) + local cfg_val = AbstractValue.cfgvalue(self, section) + + if cfg_val then + return cfg_val + end + end + + function o.formvalue(self, section) + local sel_val = AbstractValue.formvalue(self, section) + local txt_val = luci.http.formvalue("cbid."..self.map.config.."."..section.."."..self.option..".textbox") + + if sel_val and sel_val ~= "" then + return sel_val + end + + if txt_val and txt_val ~= "" then + return txt_val + end + end + + function o.remove(self, section) + local cfg_val = AbstractValue.cfgvalue(self, section) + local txt_val = luci.http.formvalue("cbid."..self.map.config.."."..section.."."..self.option..".textbox") + + if cfg_val and fs.access(cfg_val) and txt_val == "" then + fs.unlink(cfg_val) + end + return AbstractValue.remove(self, section) + end + elseif option[1] == Flag then + o.default = nil else if option[1] == DynamicList then function o.cfgvalue(...) diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua index 6878275d78..9d50601b1f 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua @@ -1,10 +1,11 @@ -- Licensed to the public under the Apache License 2.0. -local ip = require("luci.ip") -local fs = require("nixio.fs") -local util = require("luci.util") -local uci = require("luci.model.uci").cursor() -local cfg_file = uci:get("openvpn", arg[1], "config") +local ip = require("luci.ip") +local fs = require("nixio.fs") +local util = require("luci.util") +local uci = require("luci.model.uci").cursor() +local cfg_file = uci:get("openvpn", arg[1], "config") +local auth_file = cfg_file:match("(.+)%..+").. ".auth" local m = Map("openvpn") @@ -36,25 +37,45 @@ f:append(Template("openvpn/ovpn_css")) f.submit = translate("Save") f.reset = false -s = f:section(SimpleSection, nil, translatef("This form allows you to modify the content of the OVPN config file (%s). ", cfg_file)) -file = s:option(TextValue, "data") +s = f:section(SimpleSection, nil, translatef("Section to modify the OVPN config file (%s)", cfg_file)) +file = s:option(TextValue, "data1") file.datatype = "string" file.rows = 20 -file.rmempty = true function file.cfgvalue() return fs.readfile(cfg_file) or "" end -function file.write(self, section, data) - return fs.writefile(cfg_file, "\n" .. util.trim(data:gsub("\r\n", "\n")) .. "\n") +function file.write(self, section, data1) + return fs.writefile(cfg_file, "\n" .. util.trim(data1:gsub("\r\n", "\n")) .. "\n") end function file.remove(self, section, value) return fs.writefile(cfg_file, "") end -function s.handle(self, state, data) +function s.handle(self, state, data1) + return true +end + +s = f:section(SimpleSection, nil, translatef("Section to add an optional 'auth-user-pass' file with your credentials (%s)", auth_file)) +file = s:option(TextValue, "data2") +file.datatype = "string" +file.rows = 5 + +function file.cfgvalue() + return fs.readfile(auth_file) or "" +end + +function file.write(self, section, data2) + return fs.writefile(auth_file, util.trim(data2:gsub("\r\n", "\n")) .. "\n") +end + +function file.remove(self, section, value) + return fs.writefile(auth_file, "") +end + +function s.handle(self, state, data2) return true end diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua index 8f4859c0e5..41266d860e 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua @@ -14,8 +14,8 @@ s.template_addremove = "openvpn/cbi-select-input-add" s.addremove = true s.add_select_options = { } -file_cfg = s:option(DummyValue, "config") -function file_cfg.cfgvalue(self, section) +local cfg = s:option(DummyValue, "config") +function cfg.cfgvalue(self, section) local file_cfg = self.map:get(section, "config") if file_cfg then s.extedit = luci.dispatcher.build_url("admin", "services", "openvpn", "file", "%s") @@ -69,19 +69,38 @@ function s.create(self, name) local options = uci:get_all("openvpn_recipes", recipe) for k, v in pairs(options) do if k ~= "_role" and k ~= "_description" then + if type(v) == "boolean" then + v = v and "1" or "0" + end uci:set("openvpn", name, k, v) end end uci:save("openvpn") - luci.http.redirect( self.extedit:format(name) ) + uci:commit("openvpn") + if extedit then + luci.http.redirect( self.extedit:format(name) ) + end end elseif #name > 0 then self.invalid_cts = true end - return 0 end +function s.remove(self, name) + local cfg_file = "/etc/openvpn/" ..name.. ".ovpn" + local auth_file = "/etc/openvpn/" ..name.. ".auth" + if fs.access(cfg_file) then + fs.unlink(cfg_file) + end + if fs.access(auth_file) then + fs.unlink(auth_file) + end + uci:delete("openvpn", name) + uci:save("openvpn") + uci:commit("openvpn") +end + s:option( Flag, "enabled", translate("Enabled") ) local active = s:option( DummyValue, "_active", translate("Started") ) @@ -122,12 +141,30 @@ end local port = s:option( DummyValue, "port", translate("Port") ) function port.cfgvalue(self, section) local val = AbstractValue.cfgvalue(self, section) + if not val then + local file_cfg = self.map:get(section, "config") + if file_cfg and fs.access(file_cfg) then + val = sys.exec("awk '{if(match(tolower($1),/^port$/)&&match($2,/[0-9]+/)){cnt++;printf $2;exit}}END{if(cnt==0)printf \"-\"}' " ..file_cfg) + if val == "-" then + val = sys.exec("awk '{if(match(tolower($1),/^remote$/)&&match($3,/[0-9]+/)){cnt++;printf $3;exit}}END{if(cnt==0)printf \"-\"}' " ..file_cfg) + end + end + end return val or "-" end local proto = s:option( DummyValue, "proto", translate("Protocol") ) function proto.cfgvalue(self, section) local val = AbstractValue.cfgvalue(self, section) + if not val then + local file_cfg = self.map:get(section, "config") + if file_cfg and fs.access(file_cfg) then + val = sys.exec("awk '{if(match(tolower($1),/^proto$/)&&match(tolower($2),/^udp[46]*$|^tcp[46]*-server$|^tcp[46]*-client$/)){cnt++;printf tolower($2);exit}}END{if(cnt==0)printf \"-\"}' " ..file_cfg) + if val == "-" then + val = sys.exec("awk '{if(match(tolower($1),/^remote$/)&&match(tolower($4),/^udp[46]*$|^tcp[46]*-server$|^tcp[46]*-client$/)){cnt++;printf $4;exit}}END{if(cnt==0)printf \"-\"}' " ..file_cfg) + end + end + end return val or "-" end diff --git a/applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm b/applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm index 09da2eb22d..e75bfda900 100644 --- a/applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm +++ b/applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm @@ -3,7 +3,7 @@ //<![CDATA[ function vpn_add() { - var vpn_name = div_add.querySelector("#instance_name1").value.replace(/[^\x00-\x7F]|[\s!@#$%^&*()+=\[\]{};':"\\|,<>\/?]/g,''); + var vpn_name = div_add.querySelector("#instance_name1").value.replace(/[^\x00-\x7F]|[\s!@#$%^&*()\-+=\[\]{};':"\\|,<>\/?]/g,''); var vpn_template = div_add.querySelector("#instance_template").value; var form = document.getElementsByName('cbi')[0]; @@ -31,7 +31,7 @@ function vpn_upload() { - var vpn_name = div_upload.querySelector("#instance_name2").value.replace(/[^\x00-\x7F]|[\s!@#$%^&*()+=\[\]{};':"\\|,<>\/?]/g,''); + var vpn_name = div_upload.querySelector("#instance_name2").value.replace(/[^\x00-\x7F]|[\s!@#$%^&*()\-+=\[\]{};':"\\|,<>\/?]/g,''); var vpn_file = document.getElementById("ovpn_file").value; var form = document.getElementsByName('cbi')[0]; @@ -77,10 +77,10 @@ <div class="table cbi-section-table"> <h4><%:Template based configuration%></h4> <div class="tr cbi-section-table-row" id="div_add"> - <div class="td"> + <div class="td left"> <input type="text" maxlength="20" placeholder="Instance name" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>.text" id="instance_name1" /> </div> - <div class="td"> + <div class="td left"> <select id="instance_template" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>.select"> <option value="" selected="selected" disabled="disabled"><%:Select template ...%></option> <%- for k, v in luci.util.kspairs(self.add_select_options) do %> @@ -88,19 +88,19 @@ <% end -%> </select> </div> - <div class="td"> + <div class="td left"> <input class="cbi-button cbi-button-add" type="submit" onclick="vpn_add(); return false;" value="<%:Add%>" title="<%:Add template based configuration%>" /><br /> </div> </div> <h4><%:OVPN configuration file upload%></h4> <div class="tr cbi-section-table-row" id="div_upload"> - <div class="td"> + <div class="td left"> <input type="text" maxlength="20" placeholder="Instance name" name="instance_name2" id="instance_name2" /> </div> - <div class="td"> + <div class="td left"> <input type="file" name="ovpn_file" id="ovpn_file" accept="application/x-openvpn-profile,.ovpn" /> </div> - <div class="td"> + <div class="td left"> <input class="cbi-button cbi-button-add" type="submit" onclick="vpn_upload(); return false;" value="<%:Upload%>" title="<%:Upload ovpn file%>" /> </div> </div> diff --git a/applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm b/applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm index c7062b8d7a..55c0a543fc 100644 --- a/applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm +++ b/applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm @@ -10,12 +10,6 @@ border: 0px; text-align: left; } - .td - { - text-align: left; - border-top: 0px; - margin: 5px; - } .vpn-output { box-shadow: none; diff --git a/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm b/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm index 17beef0d39..c1fe05215a 100644 --- a/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm +++ b/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm @@ -11,17 +11,11 @@ <a href="<%=url('admin/services/openvpn')%>"><%:Overview%></a> » <%=luci.i18n.translatef("Instance \"%s\"", self.instance)%> </h3> - <% if self.mode == "file" then %> - <a href="<%=url('admin/services/openvpn/basic', self.instance)%>"><%:Switch to basic configuration%> »</a><p/> - <a href="<%=url('admin/services/openvpn/advanced', self.instance, "Service")%>"><%:Switch to advanced configuration%> »</a> - <hr /> - <% elseif self.mode == "basic" then %> + <% if self.mode == "basic" then %> <a href="<%=url('admin/services/openvpn/advanced', self.instance, "Service")%>"><%:Switch to advanced configuration%> »</a><p/> - <a href="<%=url('admin/services/openvpn/file', self.instance)%>"><%:Switch to file based configuration%> »</a> <hr /> <% elseif self.mode == "advanced" then %> <a href="<%=url('admin/services/openvpn/basic', self.instance)%>"><%:Switch to basic configuration%> »</a><p/> - <a href="<%=url('admin/services/openvpn/file', self.instance)%>"><%:Switch to file based configuration%> »</a> <hr /> <%:Configuration category%>: <% for i, c in ipairs(self.categories) do %> |