Update OpenVPN webif module and fix management feature in Makefile. Closes #625

SVN-Revision: 4126

diff --git a/openwrt/package/openvpn/Config.in b/openwrt/package/openvpn/Config.in
index ac36847c8593c9f5ce091549a6ad28aff61bd5a7..4641101a62ee4f28ae755c72e339ae261910a46e 100644 (file)
--- a/openwrt/package/openvpn/Config.in
+++ b/openwrt/package/openvpn/Config.in
@@ -50,7 +50,7 @@ config BR2_PACKAGE_OPENVPN_LZO
 config BR2_PACKAGE_OPENVPN_PASSWORD_SAVE
        bool "Enable password saving"
        default y
-       depends BR2_PACKAGE_OPENPVN
+       depends BR2_PACKAGE_OPENVPN
 
 config BR2_PACKAGE_OPENVPN_MANAGEMENT
        bool "Enable PKCS12 management features"

diff --git a/openwrt/package/openvpn/Makefile b/openwrt/package/openvpn/Makefile
index cbd29228fce3db249204708ba0bcc394c0393ad0..4c7495d63287fce9dfd0a810a47a564d3b374af8 100644 (file)
--- a/openwrt/package/openvpn/Makefile
+++ b/openwrt/package/openvpn/Makefile
@@ -78,7 +78,6 @@ $(PKG_BUILD_DIR)/.configured: $(PKG_BUILD_DIR)/.prepared
                  --disable-pthread \
                  --disable-debug \
                  --disable-plugins \
-                 --disable-management \
                  --disable-socks \
                  $(DISABLE_LZO) \
                  $(DISABLE_OPENSSL) \

diff --git a/openwrt/package/openvpn/files/S50openvpn b/openwrt/package/openvpn/files/S50openvpn
index 06e29ce5a1f2580ed00e5e0b626cdb90097ec955..41547a1303ed871cd1ebf9235ce413c13b04486e 100755 (executable)
--- a/openwrt/package/openvpn/files/S50openvpn
+++ b/openwrt/package/openvpn/files/S50openvpn
@@ -21,8 +21,14 @@ case "$1" in
                }
                case "$(nvram get openvpn_cli_auth)" in
                        cert)
-                               AUTH_OPTION="--pkcs12"
+                               AUTH_OPTION="--ns-cert-type server --pkcs12"
                                AUTH_FILE="/etc/openvpn/certificate.p12"
+                               PKCS12PASS="$(nvram get openvpn_cli_pkcs12pass)"
+                               [ "$PKCS12PASS" ] && {
+                                       echo -n "$PKCS12PASS" > /etc/openvpn/pkcs12pass.tmp
+                                       chmod 600 /etc/openvpn/pkcs12pass.tmp
+                                       AUTH_OPTION="--askpass /etc/openvpn/pkcs12pass.tmp $AUTH_OPTION"
+                               }
                        ;;
                        psk)
                                AUTH_OPTION="--secret"

diff --git a/openwrt/package/openvpn/files/openvpn.sh b/openwrt/package/openvpn/files/openvpn.sh
index d3bcb71a54455a2d1557177c10d35b1a58082c26..f528af6b5cc7786acaa07a0ef3a41f74240b6182 100644 (file)
--- a/openwrt/package/openvpn/files/openvpn.sh
+++ b/openwrt/package/openvpn/files/openvpn.sh
@@ -6,6 +6,9 @@
 . /usr/lib/webif/webif.sh
 load_settings "openvpn"
 
+openvpn_cli_pkcs12pass=${openvpn_cli_pkcs12pass:-$(nvram get openvpn_cli_pkcs12pass)}
+openvpn_cli_pkcs12pass=${openvpn_cli_pkcs12pass:+"-@@-"}
+
 if empty "$FORM_submit"; then
        [ -f /etc/openvpn/certificate.p12 ] ||
                NOCERT=1
@@ -21,14 +24,21 @@ if empty "$FORM_submit"; then
        FORM_openvpn_cli_psk=${openvpn_cli_psk:-$(nvram get openvpn_cli_psk)}
 else
        [ -d /etc/openvpn ] || mkdir /etc/openvpn
-       [ -f "$FORM_openvpn_pkcs12file" ] && {
-               cp "$FORM_openvpn_pkcs12file" /etc/openvpn/certificate.p12 &&
+       [ -f "$FORM_openvpn_cli_pkcs12file" ] && {
+               cp "$FORM_openvpn_cli_pkcs12file" /etc/openvpn/certificate.p12 &&
                        UPLOAD_CERT=1
        }
-       [ -f "$FORM_openvpn_pskfile" ] && {
-               cp "$FORM_openvpn_pskfile" /etc/openvpn/shared.key &&
+       [ -f "$FORM_openvpn_cli_pskfile" ] && {
+               cp "$FORM_openvpn_cli_pskfile" /etc/openvpn/shared.key &&
                        UPLOAD_PSK=1
        }
+       [ "$FORM_openvpn_cli_pkcs12pass" != "-@@-" ] && {
+               [ "$FORM_openvpn_cli_pkcs12pass" != "$openvpn_cli_pkcs12pass" ] && {
+                       save_setting openvpn openvpn_cli_pkcs12pass $FORM_openvpn_cli_pkcs12pass
+                       openvpn_cli_pkcs12pass=${FORM_openvpn_cli_pkcs12pass:+"-@@-"}
+               }
+       }
+
        save_setting openvpn openvpn_cli $FORM_openvpn_cli
        save_setting openvpn openvpn_cli_server $FORM_openvpn_cli_server
        save_setting openvpn openvpn_cli_proto $FORM_openvpn_cli_proto
@@ -57,6 +67,7 @@ function modechange()
        v = isset('openvpn_cli_auth', 'cert');
        set_visible('certificate_status', v);
        set_visible('certificate', v);
+       set_visible('pkcs12pass', v);
 
        hide('save');
        show('save');
@@ -98,14 +109,16 @@ $(empty "$NOPSK" || echo 'string|<span style="color:red">@TR<<No Keyfile uploade
 $(empty "$UPLOAD_PSK" || echo 'string|<span style="color:green">@TR<<Upload Successful>><br/></span>')
 $(empty "$NOPSK" && echo 'string|@TR<<Found Installed Keyfile>>')
 field|@TR<<Upload Preshared Key>>|psk|hidden
-upload|openvpn_pskfile
+upload|openvpn_cli_pskfile
 
 field|@TR<<Certificate Status>>|certificate_status|hidden
 $(empty "$NOCERT" || echo 'string|<span style="color:red">@TR<<No Certificate uploaded yet!>></span>')
 $(empty "$UPLOAD_CERT" || echo 'string|<span style="color:green">@TR<<Upload Successful>><br/></span>')
 $(empty "$NOCERT" && echo 'string|@TR<<Found Installed Certificate.>>')
 field|@TR<<Upload PKCS12 Certificate>>|certificate|hidden
-upload|openvpn_pkcs12file
+upload|openvpn_cli_pkcs12file
+field|@TR<<PKCS12 Container Password>>|pkcs12pass|hidden
+password|openvpn_cli_pkcs12pass|$openvpn_cli_pkcs12pass
 end_form
 
 EOF
@@ -113,5 +126,5 @@ EOF
 footer
 ?>
 <!--
-##WEBIF:name:Network:10:OpenVPN
+##WEBIF:name:VPN:1:OpenVPN
 -->