diff options
Diffstat (limited to 'applications')
7 files changed, 142 insertions, 42 deletions
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua index 9a37ba802..25d1481f8 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua @@ -158,10 +158,10 @@ local knownParams = { "script_security", { 0, 1, 2, 3 }, translate("Policy level over usage of external programs and scripts") }, - { Value, - "config", - "/etc/openvpn/ovpn-file.ovpn", - translate("Local OVPN configuration file") }, + { ListValue, + "compress", + { "lzo", "lz4" }, + translate("Enable a compression algorithm") }, } }, { "Networking", { @@ -238,6 +238,10 @@ local knownParams = { "route_nopull", 0, translate("Don't pull routes automatically") }, + { Flag, + "allow_recursive_routing", + 0, + translate("Don't drop incoming tun packets with same destination as host") }, { ListValue, "mtu_disc", { "yes", "maybe", "no" }, @@ -542,6 +546,10 @@ local knownParams = { { "", "local", "def1", "local def1" }, translate("Automatically redirect default route"), { client="1" } }, + { Value, + "verify_client_cert", + { "none", "optional", "require" }, + translate("Specify whether the client is required to supply a valid certificate") }, } }, { "Cryptography", { @@ -557,7 +565,51 @@ local knownParams = { -- parse { Value, "cipher", - "BF-CBC", + { + "AES-128-CBC", + "AES-128-CFB", + "AES-128-CFB1", + "AES-128-CFB8", + "AES-128-GCM", + "AES-128-OFB", + "AES-192-CBC", + "AES-192-CFB", + "AES-192-CFB1", + "AES-192-CFB8", + "AES-192-GCM", + "AES-192-OFB", + "AES-256-CBC", + "AES-256-CFB", + "AES-256-CFB1", + "AES-256-CFB8", + "AES-256-GCM", + "AES-256-OFB", + "BF-CBC", + "BF-CFB", + "BF-OFB", + "CAST5-CBC", + "CAST5-CFB", + "CAST5-OFB", + "DES-CBC", + "DES-CFB", + "DES-CFB1", + "DES-CFB8", + "DES-EDE-CBC", + "DES-EDE-CFB", + "DES-EDE-OFB", + "DES-EDE3-CBC", + "DES-EDE3-CFB", + "DES-EDE3-CFB1", + "DES-EDE3-CFB8", + "DES-EDE3-OFB", + "DES-OFB", + "DESX-CBC", + "RC2-40-CBC", + "RC2-64-CBC", + "RC2-CBC", + "RC2-CFB", + "RC2-OFB" + }, translate("Encryption cipher for packets") }, -- parse { Value, @@ -695,6 +747,14 @@ local knownParams = { "key_direction", { 0, 1 }, translate("The key direction for 'tls-auth' and 'secret' options") }, + { Flag, + "ncp_disable", + 0, + translate("This completely disables cipher negotiation") }, + { Value, + "ncp_ciphers", + "AES-256-GCM:AES-128-GCM", + translate("Restrict the allowed ciphers to be negotiated") }, } } } diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua index 3be274dc8..3e9137bae 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua @@ -87,10 +87,6 @@ local basicParams = { "key", "/etc/easy-rsa/keys/some-client.key", translate("Local private key") }, - { Value, - "config", - "/etc/openvpn/ovpn-file.ovpn", - translate("Local OVPN configuration file") }, } diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua index 6878275d7..9d50601b1 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua @@ -1,10 +1,11 @@ -- Licensed to the public under the Apache License 2.0. -local ip = require("luci.ip") -local fs = require("nixio.fs") -local util = require("luci.util") -local uci = require("luci.model.uci").cursor() -local cfg_file = uci:get("openvpn", arg[1], "config") +local ip = require("luci.ip") +local fs = require("nixio.fs") +local util = require("luci.util") +local uci = require("luci.model.uci").cursor() +local cfg_file = uci:get("openvpn", arg[1], "config") +local auth_file = cfg_file:match("(.+)%..+").. ".auth" local m = Map("openvpn") @@ -36,25 +37,45 @@ f:append(Template("openvpn/ovpn_css")) f.submit = translate("Save") f.reset = false -s = f:section(SimpleSection, nil, translatef("This form allows you to modify the content of the OVPN config file (%s). ", cfg_file)) -file = s:option(TextValue, "data") +s = f:section(SimpleSection, nil, translatef("Section to modify the OVPN config file (%s)", cfg_file)) +file = s:option(TextValue, "data1") file.datatype = "string" file.rows = 20 -file.rmempty = true function file.cfgvalue() return fs.readfile(cfg_file) or "" end -function file.write(self, section, data) - return fs.writefile(cfg_file, "\n" .. util.trim(data:gsub("\r\n", "\n")) .. "\n") +function file.write(self, section, data1) + return fs.writefile(cfg_file, "\n" .. util.trim(data1:gsub("\r\n", "\n")) .. "\n") end function file.remove(self, section, value) return fs.writefile(cfg_file, "") end -function s.handle(self, state, data) +function s.handle(self, state, data1) + return true +end + +s = f:section(SimpleSection, nil, translatef("Section to add an optional 'auth-user-pass' file with your credentials (%s)", auth_file)) +file = s:option(TextValue, "data2") +file.datatype = "string" +file.rows = 5 + +function file.cfgvalue() + return fs.readfile(auth_file) or "" +end + +function file.write(self, section, data2) + return fs.writefile(auth_file, util.trim(data2:gsub("\r\n", "\n")) .. "\n") +end + +function file.remove(self, section, value) + return fs.writefile(auth_file, "") +end + +function s.handle(self, state, data2) return true end diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua index ad607ae6c..41266d860 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua @@ -69,10 +69,14 @@ function s.create(self, name) local options = uci:get_all("openvpn_recipes", recipe) for k, v in pairs(options) do if k ~= "_role" and k ~= "_description" then + if type(v) == "boolean" then + v = v and "1" or "0" + end uci:set("openvpn", name, k, v) end end uci:save("openvpn") + uci:commit("openvpn") if extedit then luci.http.redirect( self.extedit:format(name) ) end @@ -80,10 +84,23 @@ function s.create(self, name) elseif #name > 0 then self.invalid_cts = true end - return 0 end +function s.remove(self, name) + local cfg_file = "/etc/openvpn/" ..name.. ".ovpn" + local auth_file = "/etc/openvpn/" ..name.. ".auth" + if fs.access(cfg_file) then + fs.unlink(cfg_file) + end + if fs.access(auth_file) then + fs.unlink(auth_file) + end + uci:delete("openvpn", name) + uci:save("openvpn") + uci:commit("openvpn") +end + s:option( Flag, "enabled", translate("Enabled") ) local active = s:option( DummyValue, "_active", translate("Started") ) @@ -124,12 +141,30 @@ end local port = s:option( DummyValue, "port", translate("Port") ) function port.cfgvalue(self, section) local val = AbstractValue.cfgvalue(self, section) + if not val then + local file_cfg = self.map:get(section, "config") + if file_cfg and fs.access(file_cfg) then + val = sys.exec("awk '{if(match(tolower($1),/^port$/)&&match($2,/[0-9]+/)){cnt++;printf $2;exit}}END{if(cnt==0)printf \"-\"}' " ..file_cfg) + if val == "-" then + val = sys.exec("awk '{if(match(tolower($1),/^remote$/)&&match($3,/[0-9]+/)){cnt++;printf $3;exit}}END{if(cnt==0)printf \"-\"}' " ..file_cfg) + end + end + end return val or "-" end local proto = s:option( DummyValue, "proto", translate("Protocol") ) function proto.cfgvalue(self, section) local val = AbstractValue.cfgvalue(self, section) + if not val then + local file_cfg = self.map:get(section, "config") + if file_cfg and fs.access(file_cfg) then + val = sys.exec("awk '{if(match(tolower($1),/^proto$/)&&match(tolower($2),/^udp[46]*$|^tcp[46]*-server$|^tcp[46]*-client$/)){cnt++;printf tolower($2);exit}}END{if(cnt==0)printf \"-\"}' " ..file_cfg) + if val == "-" then + val = sys.exec("awk '{if(match(tolower($1),/^remote$/)&&match(tolower($4),/^udp[46]*$|^tcp[46]*-server$|^tcp[46]*-client$/)){cnt++;printf $4;exit}}END{if(cnt==0)printf \"-\"}' " ..file_cfg) + end + end + end return val or "-" end diff --git a/applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm b/applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm index 09da2eb22..e75bfda90 100644 --- a/applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm +++ b/applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm @@ -3,7 +3,7 @@ //<![CDATA[ function vpn_add() { - var vpn_name = div_add.querySelector("#instance_name1").value.replace(/[^\x00-\x7F]|[\s!@#$%^&*()+=\[\]{};':"\\|,<>\/?]/g,''); + var vpn_name = div_add.querySelector("#instance_name1").value.replace(/[^\x00-\x7F]|[\s!@#$%^&*()\-+=\[\]{};':"\\|,<>\/?]/g,''); var vpn_template = div_add.querySelector("#instance_template").value; var form = document.getElementsByName('cbi')[0]; @@ -31,7 +31,7 @@ function vpn_upload() { - var vpn_name = div_upload.querySelector("#instance_name2").value.replace(/[^\x00-\x7F]|[\s!@#$%^&*()+=\[\]{};':"\\|,<>\/?]/g,''); + var vpn_name = div_upload.querySelector("#instance_name2").value.replace(/[^\x00-\x7F]|[\s!@#$%^&*()\-+=\[\]{};':"\\|,<>\/?]/g,''); var vpn_file = document.getElementById("ovpn_file").value; var form = document.getElementsByName('cbi')[0]; @@ -77,10 +77,10 @@ <div class="table cbi-section-table"> <h4><%:Template based configuration%></h4> <div class="tr cbi-section-table-row" id="div_add"> - <div class="td"> + <div class="td left"> <input type="text" maxlength="20" placeholder="Instance name" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>.text" id="instance_name1" /> </div> - <div class="td"> + <div class="td left"> <select id="instance_template" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>.select"> <option value="" selected="selected" disabled="disabled"><%:Select template ...%></option> <%- for k, v in luci.util.kspairs(self.add_select_options) do %> @@ -88,19 +88,19 @@ <% end -%> </select> </div> - <div class="td"> + <div class="td left"> <input class="cbi-button cbi-button-add" type="submit" onclick="vpn_add(); return false;" value="<%:Add%>" title="<%:Add template based configuration%>" /><br /> </div> </div> <h4><%:OVPN configuration file upload%></h4> <div class="tr cbi-section-table-row" id="div_upload"> - <div class="td"> + <div class="td left"> <input type="text" maxlength="20" placeholder="Instance name" name="instance_name2" id="instance_name2" /> </div> - <div class="td"> + <div class="td left"> <input type="file" name="ovpn_file" id="ovpn_file" accept="application/x-openvpn-profile,.ovpn" /> </div> - <div class="td"> + <div class="td left"> <input class="cbi-button cbi-button-add" type="submit" onclick="vpn_upload(); return false;" value="<%:Upload%>" title="<%:Upload ovpn file%>" /> </div> </div> diff --git a/applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm b/applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm index c7062b8d7..55c0a543f 100644 --- a/applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm +++ b/applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm @@ -10,12 +10,6 @@ border: 0px; text-align: left; } - .td - { - text-align: left; - border-top: 0px; - margin: 5px; - } .vpn-output { box-shadow: none; diff --git a/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm b/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm index 17beef0d3..c1fe05215 100644 --- a/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm +++ b/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm @@ -11,17 +11,11 @@ <a href="<%=url('admin/services/openvpn')%>"><%:Overview%></a> » <%=luci.i18n.translatef("Instance \"%s\"", self.instance)%> </h3> - <% if self.mode == "file" then %> - <a href="<%=url('admin/services/openvpn/basic', self.instance)%>"><%:Switch to basic configuration%> »</a><p/> - <a href="<%=url('admin/services/openvpn/advanced', self.instance, "Service")%>"><%:Switch to advanced configuration%> »</a> - <hr /> - <% elseif self.mode == "basic" then %> + <% if self.mode == "basic" then %> <a href="<%=url('admin/services/openvpn/advanced', self.instance, "Service")%>"><%:Switch to advanced configuration%> »</a><p/> - <a href="<%=url('admin/services/openvpn/file', self.instance)%>"><%:Switch to file based configuration%> »</a> <hr /> <% elseif self.mode == "advanced" then %> <a href="<%=url('admin/services/openvpn/basic', self.instance)%>"><%:Switch to basic configuration%> »</a><p/> - <a href="<%=url('admin/services/openvpn/file', self.instance)%>"><%:Switch to file based configuration%> »</a> <hr /> <%:Configuration category%>: <% for i, c in ipairs(self.categories) do %> |