summaryrefslogtreecommitdiffhomepage
path: root/applications
diff options
context:
space:
mode:
Diffstat (limited to 'applications')
-rw-r--r--applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua70
-rw-r--r--applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua4
-rw-r--r--applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua43
-rw-r--r--applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua37
-rw-r--r--applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm16
-rw-r--r--applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm6
-rw-r--r--applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm8
7 files changed, 142 insertions, 42 deletions
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
index 9a37ba802..25d1481f8 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua
@@ -158,10 +158,10 @@ local knownParams = {
"script_security",
{ 0, 1, 2, 3 },
translate("Policy level over usage of external programs and scripts") },
- { Value,
- "config",
- "/etc/openvpn/ovpn-file.ovpn",
- translate("Local OVPN configuration file") },
+ { ListValue,
+ "compress",
+ { "lzo", "lz4" },
+ translate("Enable a compression algorithm") },
} },
{ "Networking", {
@@ -238,6 +238,10 @@ local knownParams = {
"route_nopull",
0,
translate("Don't pull routes automatically") },
+ { Flag,
+ "allow_recursive_routing",
+ 0,
+ translate("Don't drop incoming tun packets with same destination as host") },
{ ListValue,
"mtu_disc",
{ "yes", "maybe", "no" },
@@ -542,6 +546,10 @@ local knownParams = {
{ "", "local", "def1", "local def1" },
translate("Automatically redirect default route"),
{ client="1" } },
+ { Value,
+ "verify_client_cert",
+ { "none", "optional", "require" },
+ translate("Specify whether the client is required to supply a valid certificate") },
} },
{ "Cryptography", {
@@ -557,7 +565,51 @@ local knownParams = {
-- parse
{ Value,
"cipher",
- "BF-CBC",
+ {
+ "AES-128-CBC",
+ "AES-128-CFB",
+ "AES-128-CFB1",
+ "AES-128-CFB8",
+ "AES-128-GCM",
+ "AES-128-OFB",
+ "AES-192-CBC",
+ "AES-192-CFB",
+ "AES-192-CFB1",
+ "AES-192-CFB8",
+ "AES-192-GCM",
+ "AES-192-OFB",
+ "AES-256-CBC",
+ "AES-256-CFB",
+ "AES-256-CFB1",
+ "AES-256-CFB8",
+ "AES-256-GCM",
+ "AES-256-OFB",
+ "BF-CBC",
+ "BF-CFB",
+ "BF-OFB",
+ "CAST5-CBC",
+ "CAST5-CFB",
+ "CAST5-OFB",
+ "DES-CBC",
+ "DES-CFB",
+ "DES-CFB1",
+ "DES-CFB8",
+ "DES-EDE-CBC",
+ "DES-EDE-CFB",
+ "DES-EDE-OFB",
+ "DES-EDE3-CBC",
+ "DES-EDE3-CFB",
+ "DES-EDE3-CFB1",
+ "DES-EDE3-CFB8",
+ "DES-EDE3-OFB",
+ "DES-OFB",
+ "DESX-CBC",
+ "RC2-40-CBC",
+ "RC2-64-CBC",
+ "RC2-CBC",
+ "RC2-CFB",
+ "RC2-OFB"
+ },
translate("Encryption cipher for packets") },
-- parse
{ Value,
@@ -695,6 +747,14 @@ local knownParams = {
"key_direction",
{ 0, 1 },
translate("The key direction for 'tls-auth' and 'secret' options") },
+ { Flag,
+ "ncp_disable",
+ 0,
+ translate("This completely disables cipher negotiation") },
+ { Value,
+ "ncp_ciphers",
+ "AES-256-GCM:AES-128-GCM",
+ translate("Restrict the allowed ciphers to be negotiated") },
} }
}
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
index 3be274dc8..3e9137bae 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-basic.lua
@@ -87,10 +87,6 @@ local basicParams = {
"key",
"/etc/easy-rsa/keys/some-client.key",
translate("Local private key") },
- { Value,
- "config",
- "/etc/openvpn/ovpn-file.ovpn",
- translate("Local OVPN configuration file") },
}
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua
index 6878275d7..9d50601b1 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-file.lua
@@ -1,10 +1,11 @@
-- Licensed to the public under the Apache License 2.0.
-local ip = require("luci.ip")
-local fs = require("nixio.fs")
-local util = require("luci.util")
-local uci = require("luci.model.uci").cursor()
-local cfg_file = uci:get("openvpn", arg[1], "config")
+local ip = require("luci.ip")
+local fs = require("nixio.fs")
+local util = require("luci.util")
+local uci = require("luci.model.uci").cursor()
+local cfg_file = uci:get("openvpn", arg[1], "config")
+local auth_file = cfg_file:match("(.+)%..+").. ".auth"
local m = Map("openvpn")
@@ -36,25 +37,45 @@ f:append(Template("openvpn/ovpn_css"))
f.submit = translate("Save")
f.reset = false
-s = f:section(SimpleSection, nil, translatef("This form allows you to modify the content of the OVPN config file (%s). ", cfg_file))
-file = s:option(TextValue, "data")
+s = f:section(SimpleSection, nil, translatef("Section to modify the OVPN config file (%s)", cfg_file))
+file = s:option(TextValue, "data1")
file.datatype = "string"
file.rows = 20
-file.rmempty = true
function file.cfgvalue()
return fs.readfile(cfg_file) or ""
end
-function file.write(self, section, data)
- return fs.writefile(cfg_file, "\n" .. util.trim(data:gsub("\r\n", "\n")) .. "\n")
+function file.write(self, section, data1)
+ return fs.writefile(cfg_file, "\n" .. util.trim(data1:gsub("\r\n", "\n")) .. "\n")
end
function file.remove(self, section, value)
return fs.writefile(cfg_file, "")
end
-function s.handle(self, state, data)
+function s.handle(self, state, data1)
+ return true
+end
+
+s = f:section(SimpleSection, nil, translatef("Section to add an optional 'auth-user-pass' file with your credentials (%s)", auth_file))
+file = s:option(TextValue, "data2")
+file.datatype = "string"
+file.rows = 5
+
+function file.cfgvalue()
+ return fs.readfile(auth_file) or ""
+end
+
+function file.write(self, section, data2)
+ return fs.writefile(auth_file, util.trim(data2:gsub("\r\n", "\n")) .. "\n")
+end
+
+function file.remove(self, section, value)
+ return fs.writefile(auth_file, "")
+end
+
+function s.handle(self, state, data2)
return true
end
diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua
index ad607ae6c..41266d860 100644
--- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua
+++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn.lua
@@ -69,10 +69,14 @@ function s.create(self, name)
local options = uci:get_all("openvpn_recipes", recipe)
for k, v in pairs(options) do
if k ~= "_role" and k ~= "_description" then
+ if type(v) == "boolean" then
+ v = v and "1" or "0"
+ end
uci:set("openvpn", name, k, v)
end
end
uci:save("openvpn")
+ uci:commit("openvpn")
if extedit then
luci.http.redirect( self.extedit:format(name) )
end
@@ -80,10 +84,23 @@ function s.create(self, name)
elseif #name > 0 then
self.invalid_cts = true
end
-
return 0
end
+function s.remove(self, name)
+ local cfg_file = "/etc/openvpn/" ..name.. ".ovpn"
+ local auth_file = "/etc/openvpn/" ..name.. ".auth"
+ if fs.access(cfg_file) then
+ fs.unlink(cfg_file)
+ end
+ if fs.access(auth_file) then
+ fs.unlink(auth_file)
+ end
+ uci:delete("openvpn", name)
+ uci:save("openvpn")
+ uci:commit("openvpn")
+end
+
s:option( Flag, "enabled", translate("Enabled") )
local active = s:option( DummyValue, "_active", translate("Started") )
@@ -124,12 +141,30 @@ end
local port = s:option( DummyValue, "port", translate("Port") )
function port.cfgvalue(self, section)
local val = AbstractValue.cfgvalue(self, section)
+ if not val then
+ local file_cfg = self.map:get(section, "config")
+ if file_cfg and fs.access(file_cfg) then
+ val = sys.exec("awk '{if(match(tolower($1),/^port$/)&&match($2,/[0-9]+/)){cnt++;printf $2;exit}}END{if(cnt==0)printf \"-\"}' " ..file_cfg)
+ if val == "-" then
+ val = sys.exec("awk '{if(match(tolower($1),/^remote$/)&&match($3,/[0-9]+/)){cnt++;printf $3;exit}}END{if(cnt==0)printf \"-\"}' " ..file_cfg)
+ end
+ end
+ end
return val or "-"
end
local proto = s:option( DummyValue, "proto", translate("Protocol") )
function proto.cfgvalue(self, section)
local val = AbstractValue.cfgvalue(self, section)
+ if not val then
+ local file_cfg = self.map:get(section, "config")
+ if file_cfg and fs.access(file_cfg) then
+ val = sys.exec("awk '{if(match(tolower($1),/^proto$/)&&match(tolower($2),/^udp[46]*$|^tcp[46]*-server$|^tcp[46]*-client$/)){cnt++;printf tolower($2);exit}}END{if(cnt==0)printf \"-\"}' " ..file_cfg)
+ if val == "-" then
+ val = sys.exec("awk '{if(match(tolower($1),/^remote$/)&&match(tolower($4),/^udp[46]*$|^tcp[46]*-server$|^tcp[46]*-client$/)){cnt++;printf $4;exit}}END{if(cnt==0)printf \"-\"}' " ..file_cfg)
+ end
+ end
+ end
return val or "-"
end
diff --git a/applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm b/applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm
index 09da2eb22..e75bfda90 100644
--- a/applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm
+++ b/applications/luci-app-openvpn/luasrc/view/openvpn/cbi-select-input-add.htm
@@ -3,7 +3,7 @@
//<![CDATA[
function vpn_add()
{
- var vpn_name = div_add.querySelector("#instance_name1").value.replace(/[^\x00-\x7F]|[\s!@#$%^&*()+=\[\]{};':"\\|,<>\/?]/g,'');
+ var vpn_name = div_add.querySelector("#instance_name1").value.replace(/[^\x00-\x7F]|[\s!@#$%^&*()\-+=\[\]{};':"\\|,<>\/?]/g,'');
var vpn_template = div_add.querySelector("#instance_template").value;
var form = document.getElementsByName('cbi')[0];
@@ -31,7 +31,7 @@
function vpn_upload()
{
- var vpn_name = div_upload.querySelector("#instance_name2").value.replace(/[^\x00-\x7F]|[\s!@#$%^&*()+=\[\]{};':"\\|,<>\/?]/g,'');
+ var vpn_name = div_upload.querySelector("#instance_name2").value.replace(/[^\x00-\x7F]|[\s!@#$%^&*()\-+=\[\]{};':"\\|,<>\/?]/g,'');
var vpn_file = document.getElementById("ovpn_file").value;
var form = document.getElementsByName('cbi')[0];
@@ -77,10 +77,10 @@
<div class="table cbi-section-table">
<h4><%:Template based configuration%></h4>
<div class="tr cbi-section-table-row" id="div_add">
- <div class="td">
+ <div class="td left">
<input type="text" maxlength="20" placeholder="Instance name" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>.text" id="instance_name1" />
</div>
- <div class="td">
+ <div class="td left">
<select id="instance_template" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>.select">
<option value="" selected="selected" disabled="disabled"><%:Select template ...%></option>
<%- for k, v in luci.util.kspairs(self.add_select_options) do %>
@@ -88,19 +88,19 @@
<% end -%>
</select>
</div>
- <div class="td">
+ <div class="td left">
<input class="cbi-button cbi-button-add" type="submit" onclick="vpn_add(); return false;" value="<%:Add%>" title="<%:Add template based configuration%>" /><br />
</div>
</div>
<h4><%:OVPN configuration file upload%></h4>
<div class="tr cbi-section-table-row" id="div_upload">
- <div class="td">
+ <div class="td left">
<input type="text" maxlength="20" placeholder="Instance name" name="instance_name2" id="instance_name2" />
</div>
- <div class="td">
+ <div class="td left">
<input type="file" name="ovpn_file" id="ovpn_file" accept="application/x-openvpn-profile,.ovpn" />
</div>
- <div class="td">
+ <div class="td left">
<input class="cbi-button cbi-button-add" type="submit" onclick="vpn_upload(); return false;" value="<%:Upload%>" title="<%:Upload ovpn file%>" />
</div>
</div>
diff --git a/applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm b/applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm
index c7062b8d7..55c0a543f 100644
--- a/applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm
+++ b/applications/luci-app-openvpn/luasrc/view/openvpn/ovpn_css.htm
@@ -10,12 +10,6 @@
border: 0px;
text-align: left;
}
- .td
- {
- text-align: left;
- border-top: 0px;
- margin: 5px;
- }
.vpn-output
{
box-shadow: none;
diff --git a/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm b/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm
index 17beef0d3..c1fe05215 100644
--- a/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm
+++ b/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm
@@ -11,17 +11,11 @@
<a href="<%=url('admin/services/openvpn')%>"><%:Overview%></a> &#187;
<%=luci.i18n.translatef("Instance \"%s\"", self.instance)%>
</h3>
- <% if self.mode == "file" then %>
- <a href="<%=url('admin/services/openvpn/basic', self.instance)%>"><%:Switch to basic configuration%> &#187;</a><p/>
- <a href="<%=url('admin/services/openvpn/advanced', self.instance, "Service")%>"><%:Switch to advanced configuration%> &#187;</a>
- <hr />
- <% elseif self.mode == "basic" then %>
+ <% if self.mode == "basic" then %>
<a href="<%=url('admin/services/openvpn/advanced', self.instance, "Service")%>"><%:Switch to advanced configuration%> &#187;</a><p/>
- <a href="<%=url('admin/services/openvpn/file', self.instance)%>"><%:Switch to file based configuration%> &#187;</a>
<hr />
<% elseif self.mode == "advanced" then %>
<a href="<%=url('admin/services/openvpn/basic', self.instance)%>"><%:Switch to basic configuration%> &#187;</a><p/>
- <a href="<%=url('admin/services/openvpn/file', self.instance)%>"><%:Switch to file based configuration%> &#187;</a>
<hr />
<%:Configuration category%>:
<% for i, c in ipairs(self.categories) do %>