net/luci-app-ocserv/files/usr/lib/lua/luci/model/cbi/ocserv/main.lua

   1 --[[
   2 LuCI - Lua Configuration Interface
   3
   4 Copyright 2014 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
   5
   6 Licensed under the Apache License, Version 2.0 (the "License");
   7 you may not use this file except in compliance with the License.
   8 You may obtain a copy of the License at
   9
  10         http://www.apache.org/licenses/LICENSE-2.0
  11
  12 $Id$
  13 local niulib = require "luci.niulib"
  14 ]]--
  15
  16 local fs = require "nixio.fs"
  17 local has_ipv6 = fs.access("/proc/net/ipv6_route")
  18
  19 m = Map("ocserv", translate("OpenConnect VPN"))
  20
  21 s = m:section(TypedSection, "ocserv", "OpenConnect")
  22 s.anonymous = true
  23
  24 s:tab("general",  translate("General Settings"))
  25 s:tab("ca", translate("CA certificate"))
  26 s:tab("template", translate("Edit Template"))
  27
  28 local e = s:taboption("general", Flag, "enable", translate("Enable server"))
  29 e.rmempty = false
  30 e.default = "1"
  31
  32 function m.on_commit(map)
  33         luci.sys.call("/usr/bin/occtl reload  >/dev/null 2>&1")
  34 end
  35
  36 function e.write(self, section, value)
  37         if value == "0" then
  38                 luci.sys.call("/etc/init.d/ocserv stop >/dev/null 2>&1")
  39                 luci.sys.call("/etc/init.d/ocserv disable  >/dev/null 2>&1")
  40         else
  41                 luci.sys.call("/etc/init.d/ocserv enable  >/dev/null 2>&1")
  42                 luci.sys.call("/etc/init.d/ocserv restart  >/dev/null 2>&1")
  43         end
  44         Flag.write(self, section, value)
  45 end
  46
  47 local o
  48
  49 o = s:taboption("general", ListValue, "auth", translate("User Authentication"),
  50         translate("The authentication method for the users. The simplest is plain with a single username-password pair. Use PAM modules to authenticate using another server (e.g., LDAP, Radius)."))
  51 o.rmempty = false
  52 o.default = "plain"
  53 o:value("plain")
  54 o:value("PAM")
  55
  56 o = s:taboption("general", Value, "zone", translate("Firewall Zone"),
  57         translate("The firewall zone that the VPN clients will be set to"))
  58 o.nocreate = true
  59 o.default = "lan"
  60 o.template = "cbi/firewall_zonelist"
  61
  62 s:taboption("general", Value, "port", translate("Port"),
  63         translate("The same UDP and TCP ports will be used"))
  64 s:taboption("general", Value, "max_clients", translate("Max clients"))
  65 s:taboption("general", Value, "max_same", translate("Max same clients"))
  66 s:taboption("general", Value, "dpd", translate("Dead peer detection time (secs)"))
  67
  68 local pip = s:taboption("general", Flag, "predictable_ips", translate("Predictable IPs"),
  69         translate("The assigned IPs will be selected deterministically"))
  70 pip.default = "1"
  71
  72 local udp = s:taboption("general", Flag, "udp", translate("Enable UDP"),
  73         translate("Enable UDP channel support; this must be enabled unless you know what you are doing"))
  74 udp.default = "1"
  75
  76 local cisco = s:taboption("general", Flag, "cisco_compat", translate("AnyConnect client compatibility"),
  77         translate("Enable support for CISCO AnyConnect clients"))
  78 cisco.default = "1"
  79
  80 ipaddr = s:taboption("general", Value, "ipaddr", translate("VPN <abbr title=\"Internet Protocol Version 4\">IPv4</abbr>-Network-Address"))
  81 ipaddr.default = "192.168.100.1"
  82
  83 nm = s:taboption("general", Value, "netmask", translate("VPN <abbr title=\"Internet Protocol Version 4\">IPv4</abbr>-Netmask"))
  84 nm.default = "255.255.255.0"
  85 nm:value("255.255.255.0")
  86 nm:value("255.255.0.0")
  87 nm:value("255.0.0.0")
  88
  89 if has_ipv6 then
  90         ip6addr = s:taboption("general", Value, "ip6addr", translate("VPN <abbr title=\"Internet Protocol Version 6\">IPv6</abbr>-Network-Address"), translate("<abbr title=\"Classless Inter-Domain Routing\">CIDR</abbr>-Notation: address/prefix"))
  91 end
  92
  93
  94 tmpl = s:taboption("template", Value, "_tmpl",
  95         translate("Edit the template that is used for generating the ocserv configuration."))
  96
  97 tmpl.template = "cbi/tvalue"
  98 tmpl.rows = 20
  99
 100 function tmpl.cfgvalue(self, section)
 101         return nixio.fs.readfile("/etc/ocserv/ocserv.conf.template")
 102 end
 103
 104 function tmpl.write(self, section, value)
 105         value = value:gsub("\r\n?", "\n")
 106         nixio.fs.writefile("/etc/ocserv/ocserv.conf.template", value)
 107 end
 108
 109 ca = s:taboption("ca", Value, "_ca",
 110         translate("View the CA certificate used by this server. You will need to save it as 'ca.pem' and import it into the clients."))
 111
 112 ca.template = "cbi/tvalue"
 113 ca.rows = 20
 114
 115 function ca.cfgvalue(self, section)
 116         return nixio.fs.readfile("/etc/ocserv/ca.pem")
 117 end
 118
 119 --[[DNS]]--
 120
 121 s = m:section(TypedSection, "dns", translate("DNS servers"),
 122         translate("The DNS servers to be provided to clients; can be either IPv6 or IPv4"))
 123 s.anonymous = true
 124 s.addremove = true
 125 s.template = "cbi/tblsection"
 126
 127 s:option(Value, "ip", translate("IP Address")).rmempty = true
 128
 129 --[[Routes]]--
 130
 131 s = m:section(TypedSection, "routes", translate("Routing table"),
 132         translate("The routing table to be provided to clients; you can mix IPv4 and IPv6 routes, the server will send only the appropriate. Leave empty to set a default route"))
 133 s.anonymous = true
 134 s.addremove = true
 135 s.template = "cbi/tblsection"
 136
 137 s:option(Value, "ip", translate("IP Address")).rmempty = true
 138
 139 o = s:option(Value, "netmask", translate("Netmask (or IPv6-prefix)"))
 140 o.default = "255.255.255.0"
 141 o:value("255.255.255.0")
 142 o:value("255.255.0.0")
 143 o:value("255.0.0.0")
 144
 145
 146 return m