From 0f3e1a81e9de9fffc1fd739cb1099e510bfc2b0d Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Mon, 26 Nov 2018 13:41:40 +0100 Subject: luci-app-openvpn: add missing allow_recursive_routing option Signed-off-by: Florian Eckert --- applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua index 2124c3d28..9e3475a30 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua @@ -234,6 +234,10 @@ local knownParams = { "route_nopull", 0, translate("Don't pull routes automatically") }, + { Flag, + "allow_recursive_routing", + 0, + translate("Don't drop incoming tun packets with same destination as host") }, { ListValue, "mtu_disc", { "yes", "maybe", "no" }, -- cgit v1.2.3 From 8911f4f87bdd0cd0dc4f5f0eb02f3d30c2901543 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Mon, 26 Nov 2018 14:04:42 +0100 Subject: luci-app-openvpn: add missing ncp_disable option Signed-off-by: Florian Eckert --- applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua index 9e3475a30..f63d56a3c 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua @@ -695,6 +695,10 @@ local knownParams = { "key_direction", { 0, 1 }, translate("The key direction for 'tls-auth' and 'secret' options") }, + { Flag, + "ncp_disable", + 0, + translate("This completely disables cipher negotiation") }, } } } -- cgit v1.2.3 From 6f90546bd8296a2e4a6df089b1771ef7a2470f48 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Mon, 26 Nov 2018 14:31:52 +0100 Subject: luci-app-openvpn: predefining the dropdown for the cipher option Signed-off-by: Florian Eckert --- .../luasrc/model/cbi/openvpn-advanced.lua | 46 +++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua index f63d56a3c..86f743999 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua @@ -557,7 +557,51 @@ local knownParams = { -- parse { Value, "cipher", - "BF-CBC", + { + "AES-128-CBC", + "AES-128-CFB", + "AES-128-CFB1", + "AES-128-CFB8", + "AES-128-GCM", + "AES-128-OFB", + "AES-192-CBC", + "AES-192-CFB", + "AES-192-CFB1", + "AES-192-CFB8", + "AES-192-GCM", + "AES-192-OFB", + "AES-256-CBC", + "AES-256-CFB", + "AES-256-CFB1", + "AES-256-CFB8", + "AES-256-GCM", + "AES-256-OFB", + "BF-CBC", + "BF-CFB", + "BF-OFB", + "CAST5-CBC", + "CAST5-CFB", + "CAST5-OFB", + "DES-CBC", + "DES-CFB", + "DES-CFB1", + "DES-CFB8", + "DES-EDE-CBC", + "DES-EDE-CFB", + "DES-EDE-OFB", + "DES-EDE3-CBC", + "DES-EDE3-CFB", + "DES-EDE3-CFB1", + "DES-EDE3-CFB8", + "DES-EDE3-OFB", + "DES-OFB", + "DESX-CBC", + "RC2-40-CBC", + "RC2-64-CBC", + "RC2-CBC", + "RC2-CFB", + "RC2-OFB" + }, translate("Encryption cipher for packets") }, -- parse { Value, -- cgit v1.2.3 From 4fd92b1f5261343039feb2e7475bc67dceb0ca06 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Mon, 26 Nov 2018 13:08:02 +0100 Subject: luci-app-openvpn: add missing compress option Signed-off-by: Florian Eckert --- applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua index 86f743999..e9b4aceff 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua @@ -158,6 +158,10 @@ local knownParams = { "script_security", { 0, 1, 2, 3 }, translate("Policy level over usage of external programs and scripts") }, + { ListValue, + "compress", + { "lzo", "lz4" }, + translate("Enable a compression algorithm") }, } }, { "Networking", { -- cgit v1.2.3 From 78cc310cf4e5946e58f846376449847f207f789d Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Mon, 26 Nov 2018 15:13:24 +0100 Subject: luci-app-openvpn: add missing verify_client_cert option Signed-off-by: Florian Eckert --- applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua index e9b4aceff..9c032d5ab 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua @@ -546,6 +546,10 @@ local knownParams = { { "", "local", "def1", "local def1" }, translate("Automatically redirect default route"), { client="1" } }, + { Value, + "verify_client_cert", + { "none", "optional", "require" }, + translate("Specify whether the client is required to supply a valid certificate") }, } }, { "Cryptography", { -- cgit v1.2.3 From 34482625ec0d319bc91234d1288155328bd26648 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Mon, 26 Nov 2018 15:43:08 +0100 Subject: luci-app-openvpn: add missing ncp_ciphers option Signed-off-by: Florian Eckert --- applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua index 9c032d5ab..25d1481f8 100644 --- a/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua +++ b/applications/luci-app-openvpn/luasrc/model/cbi/openvpn-advanced.lua @@ -751,6 +751,10 @@ local knownParams = { "ncp_disable", 0, translate("This completely disables cipher negotiation") }, + { Value, + "ncp_ciphers", + "AES-256-GCM:AES-128-GCM", + translate("Restrict the allowed ciphers to be negotiated") }, } } } -- cgit v1.2.3