X-Git-Url: http://git.archive.openwrt.org/?a=blobdiff_plain;f=applications%2Fluci-openvpn%2Fluasrc%2Fmodel%2Fcbi%2Fopenvpn.lua;h=c220b10a56ee60e03368527dbe294da6dca8d28b;hb=59d70787b46bcff4e2032f5b82bd68c0b62f3e7c;hp=eeaaf7dd47edb15a4feddce77060fadb537f7c78;hpb=9e56b07108facd5f388d766a7a24c90fd2a1f590;p=project%2Fluci.git diff --git a/applications/luci-openvpn/luasrc/model/cbi/openvpn.lua b/applications/luci-openvpn/luasrc/model/cbi/openvpn.lua index eeaaf7dd4..c220b10a5 100644 --- a/applications/luci-openvpn/luasrc/model/cbi/openvpn.lua +++ b/applications/luci-openvpn/luasrc/model/cbi/openvpn.lua @@ -9,279 +9,87 @@ You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -$Id: olsrdplugins.lua 3288 2008-09-14 20:57:00Z jow $ +$Id$ ]]-- -require("luci.fs") -require("luci.ip") - - -local knownParams = { - -- - -- Widget Name Optn. Default(s) - -- - - { "service", { - -- initialisation and daemon options - { "daemon", { - { ListValue, "verb", false, { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 } }, - { Flag, "mlock", false, 0 }, - { Flag, "disable_occ", false, 0 }, - -- { Value, "user", true, "root" }, - -- { Value, "group", true, "root" }, - { Value, "cd", true, "/etc/openvpn" }, - { Value, "chroot", true, "/var/run" }, - -- { Value, "daemon", true, "Instance-Name" }, - -- { Value, "syslog", true, "Instance-Name" }, - { Flag, "passtos", false, 0 }, - -- { Value, "inetd", true, "nowait Instance-Name" }, - { Value, "log", true, "/var/log/openvpn.log" }, - { Value, "log_append", true, "/var/log/openvpn.log" }, - { Flag, "suppress_timestamps", false, 0 }, - -- { Value, "writepid", true, "/var/run/openvpn.pid" }, - { Value, "nice", true, 0 }, - { Flag, "fast_io", false, 0 }, - { Value, "echo", true, "some params echoed to log" }, - { ListValue, "remap_usr1", true, { "SIGHUP", "SIGTERM" } }, - { Value, "status", true, "/var/run/openvpn.status 5" }, - { Value, "status_version", true, { 1, 2 } }, -- status - { Value, "mute", true, 5 }, - } }, - - -- hook scripts - { "hookscripts", { - { Value, "up", true, "/usr/bin/ovpn-up" }, - { Value, "up_delay", true, 5 }, - { Value, "down", true, "/usr/bin/ovpn-down" }, - { Flag, "down_pre", false, 0 }, - { Flag, "up_restart", false, 0 }, - { Value, "route_up", true, "/usr/bin/ovpn-routeup" }, - { Value, "ipchange", true, "/usr/bin/ovpn-ipchange", { mode="p2p" } }, - { DynamicList, "setenv", true, { "VAR1 value1", "VAR2 value2" } }, - { Value, "tls_verify", true, "/usr/bin/ovpn-tlsverify" }, - { Value, "client_connect", true, "/usr/bin/ovpn-clientconnect" }, - { Flag, "client_disconnect", false, 0 }, - { Value, "learn_address", true, "/usr/bin/ovpn-learnaddress" }, - { Value, "auth_user_pass_verify", true, "/usr/bin/ovpn-userpass via-env" }, - } }, - } }, - - { "networking", { - -- socket config - { "networking", { - { ListValue, "mode", false, { "p2p", "server" } }, - { Value, "local", false, "0.0.0.0" }, - { Value, "port", false, 1194 }, - { Value, "lport", true, 1194 }, - { Value, "rport", true, 1194 }, - { Flag, "float", true, 0 }, - { Flag, "nobind", true, 0 }, - - { Value, "dev", true, "tun0" }, - { ListValue, "dev_type", false, { "tun", "tap" } }, - { Value, "dev_node", true, "/dev/net/tun" }, - { Flag, "tun_ipv6", false, 0 }, - - { Value, "ifconfig", true, "10.200.200.3 10.200.200.1" }, - { Flag, "ifconfig_noexec", false, 0 }, - { Flag, "ifconfig_nowarn", false, 0 }, - - { DynamicList, "route", true, "10.123.0.0 255.255.0.0" }, - { Value, "route_gateway", true, "10.234.1.1" }, - { Value, "route_delay", true, 0 }, - { Flag, "route_noexec", false, 0 }, - - { ListValue, "redirect_gateway", false, { "", "local", "def1", "local def1" } }, -- client - } }, - - -- connection tuning - { "conntune", { - { ListValue, "mtu_disc", false, { "yes", "maybe", "no" } }, - { Flag, "mtu_test", false, 0 }, - { Flag, "comp_lzo", false, 0 }, - { Flag, "comp_noadept", false, 0, { comp_lzo=1 } }, - { Value, "link_mtu", true, 1500 }, - { Value, "tun_mtu", true, 1500 }, - { Value, "tun_mtu_extra", true, 1500 }, - { Value, "fragment", true, 1500, { proto="udp" } }, - { Value, "mssfix", true, 1500, { proto="udp" } }, - { Value, "sndbuf", true, 65536 }, - { Value, "rcvbuf", true, 65536 }, - { Value, "txqueuelen", true, 100 }, - { Value, "shaper", true, 10240 }, - } }, - - -- idle timeouts & persistence - { "timeouts", { - { Value, "inactive", true, 240 }, - { Value, "keepalive", true, "10 60" }, - { Value, "ping", true, 30 }, - { Value, "ping_exit", true, 120 }, - { Value, "ping_restart", true, 60 }, - { Flag, "ping_timer_rem", false, 0 }, - - { Flag, "persist_tun", false, 0 }, - { Flag, "persist_key", false, 0 }, - { Flag, "persist_local_ip", false, 0 }, - { Flag, "persist_remote_ip", false, 0 }, - } }, - - -- management channel - { "management", { - { Value, "management", false, "127.0.0.1 31194 /etc/openvpn/mngmt-pwds" }, - { Flag, "management_query_passwords", - true, 0 }, -- management - { Flag, "management_hold", true, 0 }, -- management - { Flag, "management_log_cache", true, 100 }, -- management - } } - } }, - - { "role", { - { "server", { - { Value, "server", true, "10.200.200.0 255.255.255.0" }, - { Value, "server_bridge", true, "10.200.200.1 255.255.255.0 10.200.200.200 10.200.200.250" }, - { DynamicList, "push", true, { "redirect-gateway", "comp-lzo" } }, - { Flag, "push_reset", false, 0 }, - { Flag, "disable", false, 0 }, - { Value, "ifconfig_pool", true, "10.200.200.100 10.200.200.150 255.255.255.0" }, - { Value, "ifconfig_pool_persist", true, "/etc/openvpn/ipp.txt 600" }, - { Flag, "ifconfig_pool_linear", false, 0 }, - { Value, "ifconfig_push", true, "10.200.200.1 255.255.255.255" }, - { Value, "iroute", true, "10.200.200.0 255.255.255.0" }, - { Flag, "client_to_client", false, 0 }, - { Flag, "duplicate_cn", false, 0 }, - { Value, "client_config_dir", true, "/etc/openvpn/ccd" }, - { Flag, "ccd_exclusive", false, 0 }, - { Value, "tmp_dir", true, "/var/run/openvpn" }, - { Value, "hash_size", true, "256 256" }, - { Value, "bcast_buffers", true, 256 }, - { Value, "tcp_queue_limit", true, 64 }, - { Value, "max_clients", true, 10 }, - { Value, "max_routes_per_client", true, 256 }, - { Value, "connect_freq", true, "3 10" }, - { Flag, "client_cert_not_required", false, 0 }, - { Flag, "username_as_common_name", false, 0 }, - } }, - - { "client", { - { Flag, "client", false, 0 }, - { Flag, "pull", false, 0 }, - { Value, "auth_user_pass", true, "/etc/openvpn/userpass.txt" }, - { ListValue, "auth_retry", true, { "none", "nointeract", "interact" } }, - { Value, "explicit_exit_notify", true, 1 }, - { DynamicList, "remote", false, "1.2.3.4" }, -- client - { Flag, "remote_random", false, 1 }, -- client - { ListValue, "proto", false, { "udp", "tcp-client", "tcp-server" } }, - { Value, "connect_retry", true, 5, { proto="tcp-client" } }, -- client && proto=tcp-client - { Value, "http_proxy_server", true, "192.168.1.100 8080" }, -- client - { Flag, "http_proxy_retry", false, 0 }, -- client && http_proxy_server - { Value, "http_proxy_timeout", true, 5 }, -- client && http_proxy_server - { DynamicList, "http_proxy_option", true, { "VERSION 1.0", "AGENT OpenVPN/2.0.9" } }, -- client && http_proxy_server - { Value, "socks_proxy_server", true, "192.168.1.200 1080" }, -- client - { Value, "socks_proxy_retry", true, 5 }, -- client && socks_proxy_server - { Value, "resolv_retry", true, "infinite" }, -- client - } } - } }, - - { "cryptography", { - { "datachannel", { - { Value, "secret", true, "/etc/openvpn/secret.key 1" }, - { Value, "auth", true, "SHA1" }, -- parse - { Value, "cipher", true, "BF-CBC" }, -- parse - { Value, "keysize", true, 1024 }, -- parse - { Value, "engine", true, "dynamic" }, -- parse - { Flag, "no_replay", false, 0 }, - { Value, "replay_window", true, "64 15" }, - { Flag, "mute_replay_warnings", false, 0 }, - { Value, "replay_persist", true, "/var/run/openvpn-replay-state" }, - { Flag, "no_iv", false, 0 }, - } }, - - { "tlsmode", { - { Flag, "tls_server", false, 0 }, - { Flag, "tls_client", false, 0 }, - { Value, "ca", true, "/etc/easy-rsa/keys/ca.crt" }, - { Value, "dh", true, "/etc/easy-rsa/keys/dh1024.pem" }, - { Value, "cert", true, "/etc/easy-rsa/keys/some-client.crt" }, - { Value, "key", true, "/etc/easy-rsa/keys/some-client.key" }, - { Value, "pkcs12", true, "/etc/easy-rsa/keys/some-client.pk12" }, - { ListValue, "key_method", true, { 1, 2 } }, - { Value, "tls_cipher", true, "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5" }, - { Value, "tls_timeout", true, 2 }, - { Value, "reneg_bytes", true, 1024 }, - { Value, "reneg_pkts", true, 100 }, - { Value, "reneg_sec", true, 3600 }, - { Value, "hand_window", true, 60 }, - { Value, "tran_window", true, 3600 }, - { Flag, "single_session", false, 0 }, - { Flag, "tls_exit", false, 0 }, - { Value, "tls_auth", true, "/etc/openvpn/tlsauth.key 1" }, - --{ Value, "askpass", true, "[file]" }, - { Flag, "auth_nocache", false, 0 }, - { Value, "tls_remote", true, "remote_x509_name" }, - { ListValue, "ns_cert_type", true, { "client", "server" } }, - { Value, "crl_verify", true, "/etc/easy-rsa/keys/crl.pem" }, - } } - } } -} - - -local cts = { } -local params = { } +local fs = require "nixio.fs" +local sys = require "luci.sys" +local uci = require "luci.model.uci".cursor() + +local m = Map("openvpn", translate("openvpn")) +local s = m:section( TypedSection, "openvpn", translate("openvpn_overview"), translate("openvpn_overview_desc") ) +s.template = "cbi/tblsection" +s.template_addremove = "openvpn/cbi-select-input-add" +s.addremove = true +s.add_select_options = { } +s.extedit = luci.dispatcher.build_url( + "admin", "services", "openvpn", "basic", "%s" +) -local m = Map("openvpn") -local p = m:section( SimpleSection ) +uci:load("openvpn_recipes") +uci:foreach( "openvpn_recipes", "openvpn_recipe", + function(section) + s.add_select_options[section['.name']] = + section['_description'] or section['.name'] + end +) -p.template = "openvpn/pageswitch" -p.category = arg[1] -p.csection = arg[2] -p.instance = arg[3] +function s.parse(self, section) + local recipe = luci.http.formvalue( + luci.cbi.CREATE_PREFIX .. self.config .. "." .. + self.sectiontype .. ".select" + ) -for _, c in ipairs(knownParams) do - cts[#cts+1] = { c[1], { } } - for _, o in ipairs(c[2]) do - cts[#cts][2][#cts[#cts][2]+1] = o[1] - if c[1] == p.category and o[1] == p.csection then - params = o[2] - end + if recipe and not s.add_select_options[recipe] then + self.invalid_cts = true + else + TypedSection.parse( self, section ) end end -p.categories = cts - +function s.create(self, name) + local recipe = luci.http.formvalue( + luci.cbi.CREATE_PREFIX .. self.config .. "." .. + self.sectiontype .. ".select" + ) -local s = m:section( - NamedSection, arg[3], "openvpn", - translate("openvpn_%s" % arg[2]), - translate("openvpn_%s_desc" % arg[2]) -) + uci:section( + "openvpn", "openvpn", name, + uci:get_all( "openvpn_recipes", recipe ) + ) -s.title = translate("openvpn_%s" % arg[2]) -s.addremove = false -s.anonymous = true + uci:delete("openvpn", name, "_role") + uci:delete("openvpn", name, "_description") + uci:save("openvpn") + luci.http.redirect( self.extedit:format(name) ) +end -for _, option in ipairs(params) do - local o = s:option(option[1], option[2]) - o.optional = option[3] +s:option( Flag, "enable", translate("openvpn_enable") ) - if type(option[4]) == "table" then - if o.optional then o:value("", "-- remove --") end - for _, v in ipairs(option[4]) do - v = tostring(v) - o:value(v) - end - o.default = tostring(option[4][1]) - else - o.default = tostring(option[4]) +local active = s:option( DummyValue, "_active", translate("openvpn_active") ) +function active.cfgvalue(self, section) + local pid = fs.readfile("/var/run/openvpn-%s.pid" % section) + if pid and #pid > 0 and tonumber(pid) ~= nil then + return (sys.process.signal(pid, 0)) + and translatef("openvpn_active_yes", "yes (%i)", pid) + or translate("openvpn_active_no") end + return translate("openvpn_active_no") +end - for i=5,#option do - if type(option[i]) == "table" then - o:depends(option[i]) - end - end +local port = s:option( DummyValue, "port", translate("openvpn_port") ) +function port.cfgvalue(self, section) + local val = AbstractValue.cfgvalue(self, section) + return val or "1194" +end + +local proto = s:option( DummyValue, "proto", translate("openvpn_proto") ) +function proto.cfgvalue(self, section) + local val = AbstractValue.cfgvalue(self, section) + return val or "udp" end + return m