From: Florian Fainelli <florian@openwrt.org>
Date: Mon, 22 May 2006 21:59:39 +0000 (+0000)
Subject: Add openvpn-webif, closes #525, tested and working
X-Git-Tag: whiterussian_rc6~231
X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=bb2efc2a7630a65629db51899b586abf994104c2;p=openwrt%2Fsvn-archive%2Fopenwrt.git

Add openvpn-webif, closes #525, tested and working

SVN-Revision: 3818
---

diff --git a/openwrt/package/openvpn/Config.in b/openwrt/package/openvpn/Config.in
index 39a775bb4e..ac36847c85 100644
--- a/openwrt/package/openvpn/Config.in
+++ b/openwrt/package/openvpn/Config.in
@@ -18,7 +18,7 @@ config BR2_PACKAGE_OPENVPN_EASY_RSA
 
 config BR2_PACKAGE_OPENVPN_WEBIF
 	tristate "openvpn-webif - web interface module to configure OpenVPN (client mode)"
-	default n
+	default m
 	depends BR2_PACKAGE_OPENVPN
 	select BR2_PACKAGE_WEBIF
 	help
diff --git a/openwrt/package/openvpn/Makefile b/openwrt/package/openvpn/Makefile
index 89fc7b79f8..1f3dc8e41b 100644
--- a/openwrt/package/openvpn/Makefile
+++ b/openwrt/package/openvpn/Makefile
@@ -115,5 +115,6 @@ $(IPKG_OPENVPN_EASY_RSA):
 $(IPKG_OPENVPN_WEBIF):
 	install -d -m0755 $(IDIR_OPENVPN_WEBIF)/etc/init.d $(IDIR_OPENVPN_WEBIF)/www/cgi-bin/webif
 	install -m0755 ./files/S50openvpn $(IDIR_OPENVPN_WEBIF)/etc/init.d/S50openvpn
-	cp -fpR .files/openvpn{,-status}.sh $(IDIR_OPENVPN_WEBIF)/www/cgi-bin/webif/
+	install -m0644 ./files/openvpn.sh $(IDIR_OPENVPN_WEBIF)/www/cgi-bin/webif/
+	install -m0644 ./files/openvpn-status.sh $(IDIR_OPENVPN_WEBIF)/www/cgi-bin/webif/
 	$(IPKG_BUILD) $(IDIR_OPENVPN_WEBIF) $(PACKAGE_DIR)
diff --git a/openwrt/package/openvpn/files/S50openvpn b/openwrt/package/openvpn/files/S50openvpn
new file mode 100755
index 0000000000..06e29ce5a1
--- /dev/null
+++ b/openwrt/package/openvpn/files/S50openvpn
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+case "$(nvram get openvpn_cli)" in
+	on|enabled|1)
+		continue
+	;;
+	off|disabled|0)
+		exit 0
+	;;
+esac
+
+case "$1" in
+	start)
+		SERVER=$(nvram get openvpn_cli_server)
+		PROTO=$(nvram get openvpn_cli_proto)
+		PORT=$(nvram get openvpn_cli_port)
+
+		[ "$SERVER" ] || {
+			logger "$0: remote server not configured!"
+			exit
+		}
+		case "$(nvram get openvpn_cli_auth)" in
+			cert)
+				AUTH_OPTION="--pkcs12"
+				AUTH_FILE="/etc/openvpn/certificate.p12"
+			;;
+			psk)
+				AUTH_OPTION="--secret"
+				AUTH_FILE="/etc/openvpn/shared.key"
+			;;
+			*)
+				logger "$0: unknown authentication type, aborting!"
+				exit
+			;;
+		esac
+		[ -f "$AUTH_FILE" ] || {
+			logger "$0: no certificat/keyfile found!"
+			exit
+		}
+		openvpn --client				\
+			--proto  "${PROTO:-udp}"		\
+			--port   "${PORT:-1194}"		\
+			--remote "$SERVER"			\
+			--dev tun				\
+			--nobind				\
+			$AUTH_OPTION "$AUTH_FILE"		\
+			--comp-lzo				\
+			--daemon				\
+			--status /tmp/openvpn-status.log	\
+			--verb 3
+	;;
+	restart)
+		$0 stop
+		sleep 3
+		$0 start
+	;;
+	reload)
+		killall -SIGHUP openvpn
+	;;
+	stop)
+		killall openvpn
+	;;
+esac
diff --git a/openwrt/package/openvpn/files/openvpn-status.sh b/openwrt/package/openvpn/files/openvpn-status.sh
new file mode 100644
index 0000000000..d9edac6cc0
--- /dev/null
+++ b/openwrt/package/openvpn/files/openvpn-status.sh
@@ -0,0 +1,69 @@
+#!/usr/bin/webif-page
+<?
+. /usr/lib/webif/webif.sh
+
+header "Status" "OpenVPN" "@TR<<OpenVPN Status>>"
+
+equal "$(nvram get openvpn_cli)" "1" && {
+
+	case "$FORM_action" in
+		start)
+			ps | grep -q '[o]penvpn --client' || {
+				echo -n "Starting OpenVPN ..."
+				/etc/init.d/S50openvpn start
+				echo " done."
+			}
+		;;
+		stop)
+			ps | grep -q '[o]penvpn --client' && {
+				echo -n "Stopping OpenVPN ..."
+				/etc/init.d/S50openvpn stop
+				echo " done."
+			}
+		;;
+	esac
+
+	case "$(nvram get openvpn_cli_auth)" in
+		cert)
+			[ -f "/etc/openvpn/certificate.p12" ] ||
+				ERROR="Error, certificate is missing!"
+		;;
+		psk)
+			[ -f "/etc/openvpn/shared.key" ] ||
+				ERROR="Error, keyfile is missing!"
+		;;
+		*)
+			ERROR="error in OpenVPN configuration, unknown authtype"
+		;;
+	esac
+
+	empty "$ERROR" && {
+		DEVICES=$(egrep "(tun|tap)" /proc/net/dev | cut -d: -f1 | tr -d ' ')
+		empty "$DEVICES" && {
+			echo "no active tunnel found"
+		} || {
+			echo "found the following active tunnel:"
+			echo "<pre>"
+			for DEV in $DEVICES;do
+				ifconfig $DEV
+			done
+			echo "</pre>"
+		}
+		echo "<br/>"
+
+		ps | grep -q '[o]penvpn --client' && {
+			echo 'OpenVPN process is running <a href="?action=stop">[stop now]</a>'
+		} || {
+			echo 'OpenVPN is not running <a href="?action=start">[start now]</a>'
+		}
+	} || {
+		echo "$ERROR"
+	}
+} || {
+	echo "OpenVPN is disabled"
+}
+
+footer ?>
+<!--
+##WEBIF:name:Status:2:OpenVPN
+-->
diff --git a/openwrt/package/openvpn/files/openvpn.sh b/openwrt/package/openvpn/files/openvpn.sh
new file mode 100644
index 0000000000..d3bcb71a54
--- /dev/null
+++ b/openwrt/package/openvpn/files/openvpn.sh
@@ -0,0 +1,117 @@
+#!/usr/bin/webif-page "-U /tmp -u 4096"
+<?
+# add haserl args in double quotes it has very ugly
+# command line parsing code!
+
+. /usr/lib/webif/webif.sh
+load_settings "openvpn"
+
+if empty "$FORM_submit"; then
+	[ -f /etc/openvpn/certificate.p12 ] ||
+		NOCERT=1
+	[ -f /etc/openvpn/shared.key ] ||
+		NOPSK=1
+	FORM_openvpn_cli=${openvpn_cli:-$(nvram get openvpn_cli)}
+	FORM_openvpn_cli_server=${openvpn_cli_server:-$(nvram get openvpn_cli_server)}
+	FORM_openvpn_cli_proto=${openvpn_cli_proto:-$(nvram get openvpn_cli_proto)}
+	FORM_openvpn_cli_port=${openvpn_cli_port:-$(nvram get openvpn_cli_port)}
+	FORM_openvpn_cli_port=${FORM_openvpn_cli_port:-1194}
+	FORM_openvpn_cli_auth=${openvpn_cli_auth:-$(nvram get openvpn_cli_auth)}
+	FORM_openvpn_cli_auth=${FORM_openvpn_cli_auth:-cert)}
+	FORM_openvpn_cli_psk=${openvpn_cli_psk:-$(nvram get openvpn_cli_psk)}
+else
+	[ -d /etc/openvpn ] || mkdir /etc/openvpn
+	[ -f "$FORM_openvpn_pkcs12file" ] && {
+		cp "$FORM_openvpn_pkcs12file" /etc/openvpn/certificate.p12 &&
+			UPLOAD_CERT=1
+	}
+	[ -f "$FORM_openvpn_pskfile" ] && {
+		cp "$FORM_openvpn_pskfile" /etc/openvpn/shared.key &&
+			UPLOAD_PSK=1
+	}
+	save_setting openvpn openvpn_cli $FORM_openvpn_cli
+	save_setting openvpn openvpn_cli_server $FORM_openvpn_cli_server
+	save_setting openvpn openvpn_cli_proto $FORM_openvpn_cli_proto
+	save_setting openvpn openvpn_cli_port $FORM_openvpn_cli_port
+	save_setting openvpn openvpn_cli_auth $FORM_openvpn_cli_auth
+	save_setting openvpn openvpn_cli_psk $FORM_openvpn_cli_psk
+fi
+
+header "VPN" "OpenVPN" "@TR<<OpenVPN>>" ' onLoad="modechange()" ' "$SCRIPT_NAME"
+
+cat <<EOF
+<script type="text/javascript" src="/webif.js "></script>
+<script type="text/javascript">
+<!--
+function modechange()
+{
+	var v;
+	v = isset('openvpn_cli', '1');
+	set_visible('connection_settings', v);
+	set_visible('authentication', v);
+
+	v = isset('openvpn_cli_auth', 'psk');
+	set_visible('psk_status', v);
+	set_visible('psk', v);
+
+	v = isset('openvpn_cli_auth', 'cert');
+	set_visible('certificate_status', v);
+	set_visible('certificate', v);
+
+	hide('save');
+	show('save');
+}
+-->
+</script>
+EOF
+
+display_form <<EOF
+onchange|modechange
+start_form|@TR<<OpenVPN>>
+field|@TR<<Start VPN Connection>>
+select|openvpn_cli|$FORM_openvpn_cli
+option|0|@TR<<Disabled>>
+option|1|@TR<<Enabled>>
+onchange|
+end_form
+
+start_form|@TR<<Connection Settings>>|connection_settings|hidden
+field|@TR<<Server Address>>
+text|openvpn_cli_server|$FORM_openvpn_cli_server
+field|@TR<<Protocol>>
+select|openvpn_cli_proto|$FORM_openvpn_cli_proto
+option|udp|UDP
+option|tcp|TCP
+field|@TR<<Server Port (default: 1194)>>
+text|openvpn_cli_port|$FORM_openvpn_cli_port
+field|@TR<<Authentication Method>>
+onchange|modechange
+select|openvpn_cli_auth|$FORM_openvpn_cli_auth
+option|psk|@TR<<Preshared Key>>
+option|cert|@TR<<Certificate (PKCS12)>>
+onchange|
+end_form
+
+start_form|@TR<<Authentication>>|authentication|hidden
+field|@TR<<Preshared Key Status>>|psk_status|hidden
+$(empty "$NOPSK" || echo 'string|<span style="color:red">@TR<<No Keyfile uploaded yet!>></span>')
+$(empty "$UPLOAD_PSK" || echo 'string|<span style="color:green">@TR<<Upload Successful>><br/></span>')
+$(empty "$NOPSK" && echo 'string|@TR<<Found Installed Keyfile>>')
+field|@TR<<Upload Preshared Key>>|psk|hidden
+upload|openvpn_pskfile
+
+field|@TR<<Certificate Status>>|certificate_status|hidden
+$(empty "$NOCERT" || echo 'string|<span style="color:red">@TR<<No Certificate uploaded yet!>></span>')
+$(empty "$UPLOAD_CERT" || echo 'string|<span style="color:green">@TR<<Upload Successful>><br/></span>')
+$(empty "$NOCERT" && echo 'string|@TR<<Found Installed Certificate.>>')
+field|@TR<<Upload PKCS12 Certificate>>|certificate|hidden
+upload|openvpn_pkcs12file
+end_form
+
+EOF
+
+footer
+?>
+<!--
+##WEBIF:name:Network:10:OpenVPN
+-->