projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
convert luci.fs users to nixio.fs api
[project/luci.git] / applications / luci-openvpn / luasrc / model / cbi / openvpn-advanced.lua
1 --[[
2 LuCI - Lua Configuration Interface
3
4 Copyright 2008 Steven Barth <steven@midlink.org>
5
6 Licensed under the Apache License, Version 2.0 (the "License");
7 you may not use this file except in compliance with the License.
8 You may obtain a copy of the License at
9
10 http://www.apache.org/licenses/LICENSE-2.0
11
12 $Id$
13 ]]--
14
15 require("luci.ip")
16
17
18 local knownParams = {
19 --
20 -- Widget Name Optn. Default(s)
21 --
22
23 { "service", {
24 -- initialisation and daemon options
25 { ListValue, "verb", { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 } },
26 { Flag, "mlock", 0 },
27 { Flag, "disable_occ", 0 },
28 -- { Value, "user", "root" },
29 -- { Value, "group", "root" },
30 { Value, "cd", "/etc/openvpn" },
31 { Value, "chroot", "/var/run" },
32 -- { Value, "daemon", "Instance-Name" },
33 -- { Value, "syslog", "Instance-Name" },
34 { Flag, "passtos", 0 },
35 -- { Value, "inetd", "nowait Instance-Name" },
36 { Value, "log", "/var/log/openvpn.log" },
37 { Value, "log_append", "/var/log/openvpn.log" },
38 { Flag, "suppress_timestamps", 0 },
39 -- { Value, "writepid", "/var/run/openvpn.pid" },
40 { Value, "nice", 0 },
41 { Flag, "fast_io", 0 },
42 { Value, "echo", "some params echoed to log" },
43 { ListValue, "remap_usr1", { "SIGHUP", "SIGTERM" } },
44 { Value, "status", "/var/run/openvpn.status 5" },
45 { Value, "status_version", { 1, 2 } }, -- status
46 { Value, "mute", 5 },
47
48 { Value, "up", "/usr/bin/ovpn-up" },
49 { Value, "up_delay", 5 },
50 { Value, "down", "/usr/bin/ovpn-down" },
51 { Flag, "down_pre", 0 },
52 { Flag, "up_restart", 0 },
53 { Value, "route_up", "/usr/bin/ovpn-routeup" },
54 { Value, "ipchange", "/usr/bin/ovpn-ipchange", { mode="p2p" } },
55 { DynamicList, "setenv", { "VAR1 value1", "VAR2 value2" } },
56 { Value, "tls_verify", "/usr/bin/ovpn-tlsverify" },
57 { Value, "client_connect", "/usr/bin/ovpn-clientconnect" },
58 { Flag, "client_disconnect", 0 },
59 { Value, "learn_address", "/usr/bin/ovpn-learnaddress" },
60 { Value, "auth_user_pass_verify", "/usr/bin/ovpn-userpass via-env" },
61 } },
62
63 { "networking", {
64 -- socket config
65 { ListValue, "mode", { "p2p", "server" } },
66 { Value, "local", "0.0.0.0" },
67 { Value, "port", 1194 },
68 { Value, "lport", 1194 },
69 { Value, "rport", 1194 },
70 { Flag, "float", 0 },
71 { Flag, "nobind", 0 },
72
73 { Value, "dev", "tun0" },
74 { ListValue, "dev_type", { "tun", "tap" } },
75 { Value, "dev_node", "/dev/net/tun" },
76 { Flag, "tun_ipv6", 0 },
77
78 { Value, "ifconfig", "10.200.200.3 10.200.200.1" },
79 { Flag, "ifconfig_noexec", 0 },
80 { Flag, "ifconfig_nowarn", 0 },
81
82 { DynamicList, "route", "10.123.0.0 255.255.0.0" },
83 { Value, "route_gateway", "10.234.1.1" },
84 { Value, "route_delay", 0 },
85 { Flag, "route_noexec", 0 },
86
87 { ListValue, "mtu_disc", { "yes", "maybe", "no" } },
88 { Flag, "mtu_test", 0 },
89 { Flag, "comp_lzo", 0 },
90 { Flag, "comp_noadept", 0, { comp_lzo=1 } },
91 { Value, "link_mtu", 1500 },
92 { Value, "tun_mtu", 1500 },
93 { Value, "tun_mtu_extra", 1500 },
94 { Value, "fragment", 1500, { proto="udp" } },
95 { Value, "mssfix", 1500, { proto="udp" } },
96 { Value, "sndbuf", 65536 },
97 { Value, "rcvbuf", 65536 },
98 { Value, "txqueuelen", 100 },
99 { Value, "shaper", 10240 },
100
101 { Value, "inactive", 240 },
102 { Value, "keepalive", "10 60" },
103 { Value, "ping", 30 },
104 { Value, "ping_exit", 120 },
105 { Value, "ping_restart", 60 },
106 { Flag, "ping_timer_rem", 0 },
107
108 { Flag, "persist_tun", 0 },
109 { Flag, "persist_key", 0 },
110 { Flag, "persist_local_ip", 0 },
111 { Flag, "persist_remote_ip", 0 },
112
113 -- management channel
114 { Value, "management", "127.0.0.1 31194 /etc/openvpn/mngmt-pwds" },
115 { Flag, "management_query_passwords", 0 }, -- management
116 { Flag, "management_hold", 0 }, -- management
117 { Flag, "management_log_cache", 100 }, -- management
118 } },
119
120 { "vpn", {
121 { Value, "server", "10.200.200.0 255.255.255.0", { server_mode="1" } },
122 { Value, "server_bridge", "10.200.200.1 255.255.255.0 10.200.200.200 10.200.200.250", { server_mode="1" } },
123 { DynamicList, "push", { "redirect-gateway", "comp-lzo" }, { server_mode="1" } },
124 { Flag, "push_reset", 0, { server_mode="1" } },
125 { Flag, "disable", 0, { server_mode="1" } },
126 { Value, "ifconfig_pool", "10.200.200.100 10.200.200.150 255.255.255.0", { server_mode="1" } },
127 { Value, "ifconfig_pool_persist", "/etc/openvpn/ipp.txt 600", { server_mode="1" } },
128 { Flag, "ifconfig_pool_linear", 0, { server_mode="1" } },
129 { Value, "ifconfig_push", "10.200.200.1 255.255.255.255", { server_mode="1" } },
130 { Value, "iroute", "10.200.200.0 255.255.255.0", { server_mode="1" } },
131 { Flag, "client_to_client", 0, { server_mode="1" } },
132 { Flag, "duplicate_cn", 0, { server_mode="1" } },
133 { Value, "client_config_dir", "/etc/openvpn/ccd", { server_mode="1" } },
134 { Flag, "ccd_exclusive", 0, { server_mode="1" } },
135 { Value, "tmp_dir", "/var/run/openvpn", { server_mode="1" } },
136 { Value, "hash_size", "256 256", { server_mode="1" } },
137 { Value, "bcast_buffers", 256, { server_mode="1" } },
138 { Value, "tcp_queue_limit", 64, { server_mode="1" } },
139 { Value, "max_clients", 10, { server_mode="1" } },
140 { Value, "max_routes_per_client", 256, { server_mode="1" } },
141 { Value, "connect_freq", "3 10", { server_mode="1" } },
142 { Flag, "client_cert_not_required", 0, { server_mode="1" } },
143 { Flag, "username_as_common_name", 0, { server_mode="1" } },
144 { Flag, "client", 0, { server_mode="0" }, { server_mode="" } },
145 { Flag, "pull", 0, { client="1" } },
146 { Value, "auth_user_pass", "/etc/openvpn/userpass.txt", { client="1" } },
147 { ListValue, "auth_retry", { "none", "nointeract", "interact" }, { client="1" } },
148 { Value, "explicit_exit_notify", 1, { client="1" } },
149 { DynamicList, "remote", "1.2.3.4", { client="1" } }, -- client
150 { Flag, "remote_random", 1, { client="1" } }, -- client
151 { ListValue, "proto", { "udp", "tcp-client", "tcp-server" }, { client="1" } },
152 { Value, "connect_retry", 5, { proto="tcp-client" }, { client="1" } }, -- client && proto=tcp-client
153 { Value, "http_proxy_server", "192.168.1.100 8080", { client="1" } }, -- client
154 { Flag, "http_proxy_retry", 0, { client="1" } }, -- client && http_proxy_server
155 { Value, "http_proxy_timeout", 5, { client="1" } }, -- client && http_proxy_server
156 { DynamicList, "http_proxy_option", { "VERSION 1.0", "AGENT OpenVPN/2.0.9" }, { client="1" } }, -- client && http_proxy_server
157 { Value, "socks_proxy_server", "192.168.1.200 1080", { client="1" } }, -- client
158 { Value, "socks_proxy_retry", 5, { client="1" } }, -- client && socks_proxy_server
159 { Value, "resolv_retry", "infinite", { client="1" } }, -- client
160 { ListValue, "redirect_gateway", { "", "local", "def1", "local def1" }, { client="1" } }, -- client
161 } },
162
163 { "cryptography", {
164 { Value, "secret", "/etc/openvpn/secret.key 1" },
165 { Value, "auth", "SHA1" }, -- parse
166 { Value, "cipher", "BF-CBC" }, -- parse
167 { Value, "keysize", 1024 }, -- parse
168 { Value, "engine", "dynamic" }, -- parse
169 { Flag, "no_replay", 0 },
170 { Value, "replay_window", "64 15" },
171 { Flag, "mute_replay_warnings", 0 },
172 { Value, "replay_persist", "/var/run/openvpn-replay-state" },
173 { Flag, "no_iv", 0 },
174 { Flag, "tls_server", 0, { tls_client="" }, { tls_client="0" } },
175 { Flag, "tls_client", 0, { tls_server="" }, { tls_server="0" } },
176 { FileUpload, "ca", "/etc/easy-rsa/keys/ca.crt" },
177 { FileUpload, "dh", "/etc/easy-rsa/keys/dh1024.pem" },
178 { FileUpload, "cert", "/etc/easy-rsa/keys/some-client.crt" },
179 { FileUpload, "key", "/etc/easy-rsa/keys/some-client.key" },
180 { FileUpload, "pkcs12", "/etc/easy-rsa/keys/some-client.pk12" },
181 { ListValue, "key_method", { 1, 2 } },
182 { Value, "tls_cipher", "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5" },
183 { Value, "tls_timeout", 2 },
184 { Value, "reneg_bytes", 1024 },
185 { Value, "reneg_pkts", 100 },
186 { Value, "reneg_sec", 3600 },
187 { Value, "hand_window", 60 },
188 { Value, "tran_window", 3600 },
189 { Flag, "single_session", 0 },
190 { Flag, "tls_exit", 0 },
191 { Value, "tls_auth", "/etc/openvpn/tlsauth.key 1" },
192 --{ Value, "askpass", "[file]" },
193 { Flag, "auth_nocache", 0 },
194 { Value, "tls_remote", "remote_x509_name" },
195 { ListValue, "ns_cert_type", { "client", "server" } },
196 { ListValue, "remote_cert_tls", { "client", "server" } },
197 { Value, "crl_verify", "/etc/easy-rsa/keys/crl.pem" },
198 } }
199 }
200
201
202 local cts = { }
203 local params = { }
204
205 local m = Map("openvpn")
206 local p = m:section( SimpleSection )
207
208 p.template = "openvpn/pageswitch"
209 p.mode = "advanced"
210 p.instance = arg[1]
211 p.category = arg[2] or "service"
212
213 for _, c in ipairs(knownParams) do
214 cts[#cts+1] = c[1]
215 if c[1] == p.category then params = c[2] end
216 end
217
218 p.categories = cts
219
220
221 local s = m:section(
222 NamedSection, arg[1], "openvpn",
223 translate("openvpn_%s" % arg[2]),
224 translate("openvpn_%s_desc" % arg[2])
225 )
226
227 s.title = translate("openvpn_%s" % arg[2])
228 s.addremove = false
229 s.anonymous = true
230
231
232 for _, option in ipairs(params) do
233 local o = s:option(
234 option[1], option[2],
235 translate("openvpn_param_%s" % option[2]),
236 translate("openvpn_param_%s_desc" % option[2])
237 )
238
239 if option[1] == DummyValue then
240 o.value = option[3]
241 else
242 if option[1] == DynamicList then
243 o.cast = nil
244 function o.cfgvalue(...)
245 local val = AbstractValue.cfgvalue(...)
246 return ( val and type(val) ~= "table" ) and { val } or val
247 end
248 end
249
250 o.optional = true
251
252 if type(option[3]) == "table" then
253 if o.optional then o:value("", "-- remove --") end
254 for _, v in ipairs(option[3]) do
255 v = tostring(v)
256 o:value(v)
257 end
258 o.default = tostring(option[3][1])
259 else
260 o.default = tostring(option[3])
261 end
262 end
263
264 for i=5,#option do
265 if type(option[i]) == "table" then
266 o:depends(option[i])
267 end
268 end
269 end
270
271 return m
Lua Configuration Interface (mirror)