---[[
-LuCI - Lua Configuration Interface
-
-Copyright 2008 Steven Barth <steven@midlink.org>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
+-- Copyright 2008 Steven Barth <steven@midlink.org>
+-- Licensed to the public under the Apache License 2.0.
require("luci.ip")
require("luci.model.uci")
{ Flag, "client_disconnect", 0, translate("Run script cmd on client disconnection") },
{ Value, "learn_address", "/usr/bin/ovpn-learnaddress", translate("Executed in server mode whenever an IPv4 address/route or MAC address is added to OpenVPN's internal routing table") },
{ Value, "auth_user_pass_verify", "/usr/bin/ovpn-userpass via-env", translate("Executed in server mode on new client connections, when the client is still untrusted") },
- { ListValue, "script_security", { 0, 1, 2, 3 }, translate("Policy level over usage of external programs and scripts"), {mode="server" } },
+ { ListValue, "script_security", { 0, 1, 2, 3 }, translate("Policy level over usage of external programs and scripts") },
} },
{ "Networking", {
{ Value, "route_gateway", "10.234.1.1", translate("Specify a default gateway for routes") },
{ Value, "route_delay", 0, translate("Delay n seconds after connection") },
{ Flag, "route_noexec", 0, translate("Don't add routes automatically") },
+ { Flag, "route_nopull", 0, translate("Don't pull routes automatically") },
{ ListValue, "mtu_disc", { "yes", "maybe", "no" }, translate("Enable Path MTU discovery") },
{ Flag, "mtu_test", 0, translate("Empirically measure MTU") },
} },
{ "Cryptography", {
- { Value, "secret", "/etc/openvpn/secret.key 1", translate("Enable Static Key encryption mode (non-TLS)") },
+ { FileUpload, "secret", "/etc/openvpn/secret.key", translate("Enable Static Key encryption mode (non-TLS)") },
{ Value, "auth", "SHA1", translate("HMAC authentication for packets") }, -- parse
{ Value, "cipher", "BF-CBC", translate("Encryption cipher for packets") }, -- parse
{ Value, "keysize", 1024, translate("Size of cipher key") }, -- parse
{ Value, "tran_window", 3600, translate("Key transition window") },
{ Flag, "single_session", 0, translate("Allow only one session") },
{ Flag, "tls_exit", 0, translate("Exit on TLS negotiation failure") },
- { Value, "tls_auth", "/etc/openvpn/tlsauth.key 1", translate("Additional authentication over TLS") },
+ { Value, "tls_auth", "/etc/openvpn/tlsauth.key", translate("Additional authentication over TLS") },
--{ Value, "askpass", "[file]", translate("Get PEM password from controlling tty before we daemonize") },
{ Flag, "auth_nocache", 0, translate("Don't cache --askpass or --auth-user-pass passwords") },
{ Value, "tls_remote", "remote_x509_name", translate("Only accept connections from given X509 name") },
{ ListValue, "ns_cert_type", { "client", "server" }, translate("Require explicit designation on certificate") },
{ ListValue, "remote_cert_tls", { "client", "server" }, translate("Require explicit key usage on certificate") },
{ Value, "crl_verify", "/etc/easy-rsa/keys/crl.pem", translate("Check peer certificate against a CRL") },
+ { Value, "tls_version_min", "1.0", translate("The lowest supported TLS version") },
+ { Value, "tls_version_max", "1.2", translate("The highest supported TLS version") },
+ { Value, "key_direction", "1", translate("The key direction for 'tls-auth' and 'secret' options") },
} }
}
o.value = option[3]
else
if option[1] == DynamicList then
- o.cast = nil
function o.cfgvalue(...)
local val = AbstractValue.cfgvalue(...)
return ( val and type(val) ~= "table" ) and { val } or val