|
|
@@ -36,14 +36,18 @@ set_right() {
|
|
|
|
|
|
get__status() {
|
|
|
local service_enabled=$(ynh_app_setting_get $app service_enabled)
|
|
|
- if [ -f "/sys/class/net/tun0/operstate" ] && [ "$(cat /sys/class/net/tun0/operstate)" == "up" ]
|
|
|
+ if ip route get 1.2.3.4 | grep -q tun0
|
|
|
then
|
|
|
if [ $service_enabled -eq 1 ]
|
|
|
then
|
|
|
cat << EOF
|
|
|
style: success
|
|
|
ask:
|
|
|
- en: Your VPN is running :)
|
|
|
+ en: |-
|
|
|
+ Your VPN is running :)
|
|
|
+
|
|
|
+ **IPv4:** \`$(curl https://ip.yunohost.org --silent)\`
|
|
|
+ **IPv6:** \`$(curl https://ip6.yunohost.org --silent)\`
|
|
|
EOF
|
|
|
else
|
|
|
cat << EOF
|
|
|
@@ -57,7 +61,11 @@ EOF
|
|
|
cat << EOF
|
|
|
style: danger
|
|
|
ask:
|
|
|
- en: Your VPN is down !
|
|
|
+ en: |-
|
|
|
+ Your VPN is down ! Here are errors logged in the last 5 minutes
|
|
|
+ \`\`\`
|
|
|
+$(journalctl -u openvpn@client -p0..3 --since "- 20 minutes" -o cat | sed 's/^/ /g' | tail -n 15)
|
|
|
+ \`\`\`
|
|
|
EOF
|
|
|
else
|
|
|
cat << EOF
|
|
|
@@ -72,7 +80,7 @@ EOF
|
|
|
get__login_user() {
|
|
|
if [ -s /etc/openvpn/keys/credentials ]
|
|
|
then
|
|
|
- echo "value: $(sed -n 1p /etc/openvpn/keys/credentials)"
|
|
|
+ echo "$(sed -n 1p /etc/openvpn/keys/credentials)"
|
|
|
else
|
|
|
echo ""
|
|
|
fi
|
|
|
@@ -81,7 +89,7 @@ get__login_user() {
|
|
|
get__login_passphrase() {
|
|
|
if [ -s /etc/openvpn/keys/credentials ]
|
|
|
then
|
|
|
- echo "value: $(sed -n 2p /etc/openvpn/keys/credentials)"
|
|
|
+ echo "$(sed -n 2p /etc/openvpn/keys/credentials)"
|
|
|
else
|
|
|
echo ""
|
|
|
fi
|
|
|
@@ -178,47 +186,51 @@ set__login_passphrase() {
|
|
|
#=================================================
|
|
|
# OVERWRITING VALIDATE STEP
|
|
|
#=================================================
|
|
|
+read_cube() {
|
|
|
+ tmp_dir=$(dirname "$1")
|
|
|
+ setting_value="$(jq --raw-output ".$2" "$1")"
|
|
|
+ if [[ "$setting_value" == "null" ]]
|
|
|
+ then
|
|
|
+ setting_value=''
|
|
|
+ # Save file in tmp dir
|
|
|
+ elif [[ "$2" == "crt_"* ]]
|
|
|
+ then
|
|
|
+ if [ -n "${setting_value}" ]
|
|
|
+ then
|
|
|
+ echo "${setting_value}" | sed 's/|/\n/g' > $tmp_dir/$2
|
|
|
+ setting_value="$tmp_dir/$2"
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+ echo $setting_value
|
|
|
+}
|
|
|
ynh_app_config_validate() {
|
|
|
- tmp_dir=$(dirname "${config_file}")
|
|
|
+ # At this moment this var is not already set with the old value
|
|
|
+ if [ -z ${config_file+x} ]
|
|
|
+ then
|
|
|
+ config_file="${old[config_file]}"
|
|
|
+
|
|
|
# Overwrite form response with cube files data before validation process
|
|
|
- if [ -f "${config_file}" ] && [[ $config_file == *.cube ]]
|
|
|
+ elif [ -f "${config_file}" ] && [[ $config_file == *.cube ]]
|
|
|
then
|
|
|
ynh_print_info --message="Transforming .cube into OVPN file"
|
|
|
- declare -A settings
|
|
|
- settings[server_name]=""
|
|
|
- settings[server_port]=""
|
|
|
- settings[server_proto]=""
|
|
|
- settings[ip6_net]=""
|
|
|
- settings[login_user]=""
|
|
|
- settings[login_passphrase]=""
|
|
|
- settings[dns0]=""
|
|
|
- settings[dns1]=""
|
|
|
- settings[crt_server_ca]="file"
|
|
|
- settings[crt_client]="file"
|
|
|
- settings[crt_client_key]="file"
|
|
|
- settings[crt_client_ta]="file"
|
|
|
-
|
|
|
- for setting_name in "${!settings[@]}"
|
|
|
- do
|
|
|
- setting_value="$(jq --raw-output ".$setting_name" "${config_file}")"
|
|
|
- if [[ "$setting_value" == "null" ]]
|
|
|
- then
|
|
|
- setting_value=''
|
|
|
- # Save file in tmp dir
|
|
|
- elif [[ "${settings[$setting_name]}" == "file" ]]
|
|
|
- then
|
|
|
- if [ -n "${settings_value}" ]
|
|
|
- then
|
|
|
- echo "${setting_value}" | sed 's/|/\n/g' > $tmp_dir/$setting_name
|
|
|
- setting_value="$tmp_dir/$setting_name"
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- $setting_name="$setting_value"
|
|
|
- done
|
|
|
+ server_name="$(read_cube $config_file server_name)"
|
|
|
+ server_port="$(read_cube $config_file server_port)"
|
|
|
+ server_proto="$(read_cube $config_file server_proto)"
|
|
|
+ ip6_net="$(read_cube $config_file ip6_net)"
|
|
|
+ ip6_addr="$(read_cube $config_file ip6_addr)"
|
|
|
+ login_user="$(read_cube $config_file login_user)"
|
|
|
+ login_passphrase="$(read_cube $config_file login_passphrase)"
|
|
|
+ dns0="$(read_cube $config_file dns0)"
|
|
|
+ dns1="$(read_cube $config_file dns1)"
|
|
|
+ crt_server_ca="$(read_cube $config_file crt_server_ca)"
|
|
|
+ crt_client="$(read_cube $config_file crt_client)"
|
|
|
+ crt_client_key="$(read_cube $config_file crt_client_key)"
|
|
|
+ crt_client_ta="$(read_cube $config_file crt_client_ta)"
|
|
|
dns_method="custom"
|
|
|
- nameservers="$dns0,$dns1"
|
|
|
+ nameservers="$dns0,$dns1"
|
|
|
+
|
|
|
# Build specific OVPN template
|
|
|
+ tmp_dir=$(dirname "${config_file}")
|
|
|
cp -f /etc/openvpn/client.conf.tpl.restore $tmp_dir/client.conf.tpl
|
|
|
# Remove some lines
|
|
|
for rm_regex in "$(jq --raw-output '.openvpn_rm[]' "${config_file}")"
|
|
|
@@ -234,73 +246,76 @@ ynh_app_config_validate() {
|
|
|
|
|
|
# Build directly the OVPN file
|
|
|
cp /etc/openvpn/client.conf.tpl "${config_file}"
|
|
|
- [ "${settings[server_proto]}" == tcp ] && settings[server_proto]=tcp-client
|
|
|
- sed "s|<TPL:SERVER_NAME>|${settings[server_name]}|g" -i "${config_file}"
|
|
|
- sed "s|<TPL:SERVER_PORT>|${settings[server_port]}|g" -i "${config_file}"
|
|
|
- sed "s|<TPL:PROTO>|${settings[server_proto]}|g" -i "${config_file}"
|
|
|
- if [ -e "${settings[crt_client_key]}" ]; then
|
|
|
+ [ "$server_proto" == tcp ] && server_proto=tcp-client
|
|
|
+ sed "s|<TPL:SERVER_NAME>|$server_name|g" -i "${config_file}"
|
|
|
+ sed "s|<TPL:SERVER_PORT>|$server_port|g" -i "${config_file}"
|
|
|
+ sed "s|<TPL:PROTO>|$server_proto|g" -i "${config_file}"
|
|
|
+ if [ -e "$crt_client_key" ]; then
|
|
|
sed 's|^<TPL:CERT_COMMENT>||g' -i "${config_file}"
|
|
|
else
|
|
|
sed 's|^<TPL:CERT_COMMENT>|;|g' -i "${config_file}"
|
|
|
fi
|
|
|
- if [ -e "${settings[crt_client_ta]}" ]; then
|
|
|
+ if [ -e "$crt_client_ta" ]; then
|
|
|
sed 's|^<TPL:TA_COMMENT>||' -i "${config_file}"
|
|
|
else
|
|
|
sed 's|^<TPL:TA_COMMENT>|;|' -i "${config_file}"
|
|
|
fi
|
|
|
- if [[ "${settings[server_proto]}" =~ udp ]]; then
|
|
|
+ if [[ "$server_proto" =~ udp ]]; then
|
|
|
sed 's|^<TPL:UDP_COMMENT>||' -i "${config_file}"
|
|
|
else
|
|
|
sed 's|^<TPL:UDP_COMMENT>|;|' -i "${config_file}"
|
|
|
fi
|
|
|
- if [ -n "${settings[login_user]}" ]; then
|
|
|
+ if [ -n "$login_user" ]; then
|
|
|
sed 's|^<TPL:LOGIN_COMMENT>||' -i "${config_file}"
|
|
|
else
|
|
|
sed 's|^<TPL:LOGIN_COMMENT>|;|' -i "${config_file}"
|
|
|
fi
|
|
|
+ [ "$server_proto" == tcp-client ] && server_proto=tcp
|
|
|
|
|
|
|
|
|
elif [ -f "${config_file}" ] && [[ "${config_file}" =~ ^.*\.(ovpn|conf)$ ]]
|
|
|
then
|
|
|
+ tmp_dir=$(dirname "${config_file}")
|
|
|
ynh_print_info --message="Extracting TLS keys from .ovpn file"
|
|
|
if grep -q '^\s*<ca>' ${config_file}
|
|
|
then
|
|
|
- grep -Poz '(?<=<ca>)(.*\n)*.*(?=</ca>)' ${config_file} > $tmp_dir/crt_server_ca
|
|
|
+ grep -Poz '(?<=<ca>)(.*\n)*.*(?=</ca>)' ${config_file} | sed '/^$/d' > $tmp_dir/crt_server_ca
|
|
|
crt_server_ca=$tmp_dir/crt_server_ca
|
|
|
sed -i '/^\s*<ca>/,/\s*<\/ca>/d' ${config_file}
|
|
|
sed -i '/^\s*ca\s/d' ${config_file}
|
|
|
echo "ca /etc/openvpn/keys/ca-server.crt" >> ${config_file}
|
|
|
- else
|
|
|
- crt_server_ca=""
|
|
|
fi
|
|
|
if grep -q '^\s*<cert>' ${config_file}
|
|
|
then
|
|
|
- grep -Poz '(?<=<cert>)(.*\n)*.*(?=</cert>)' ${config_file} > $tmp_dir/crt_client
|
|
|
+ grep -Poz '(?<=<cert>)(.*\n)*.*(?=</cert>)' ${config_file} | sed '/^$/d' > $tmp_dir/crt_client
|
|
|
crt_client=$tmp_dir/crt_client
|
|
|
sed -i '/^\s*<cert>/,/\s*<\/cert>/d' ${config_file}
|
|
|
sed -i '/^\s*cert\s/d' ${config_file}
|
|
|
echo "cert /etc/openvpn/keys/user.crt" >> ${config_file}
|
|
|
- else
|
|
|
+ elif ! grep -q '^\s*cert\s' ${config_file}
|
|
|
+ then
|
|
|
crt_client=""
|
|
|
fi
|
|
|
if grep -q '^\s*<key>' ${config_file}
|
|
|
then
|
|
|
- grep -Poz '(?<=<key>)(.*\n)*.*(?=</key>)' ${config_file} > $tmp_dir/crt_client_key
|
|
|
+ grep -Poz '(?<=<key>)(.*\n)*.*(?=</key>)' ${config_file} | sed '/^$/d' > $tmp_dir/crt_client_key
|
|
|
crt_client_key=$tmp_dir/crt_client_key
|
|
|
sed -i '/^\s*<key>/,/\s*<\/key>/d' ${config_file}
|
|
|
sed -i '/^\s*key\s/d' ${config_file}
|
|
|
echo "key /etc/openvpn/keys/user.key" >> ${config_file}
|
|
|
- else
|
|
|
+ elif ! grep -q '^\s*key\s' ${config_file}
|
|
|
+ then
|
|
|
crt_client_key=""
|
|
|
fi
|
|
|
if grep -q '^\s*<tls-auth>' ${config_file}
|
|
|
then
|
|
|
- grep -Poz '(?<=<tls-auth>)(.*\n)*.*(?=</tls-auth>)' ${config_file} > $tmp_dir/crt_client_ta
|
|
|
+ grep -Poz '(?<=<tls-auth>)(.*\n)*.*(?=</tls-auth>)' ${config_file} | sed '/^$/d' > $tmp_dir/crt_client_ta
|
|
|
crt_client_ta=$tmp_dir/crt_client_ta
|
|
|
sed -i '/^\s*<tls-auth>/,/\s*<\/tls-auth>/d' ${config_file}
|
|
|
sed -i '/^\s*tls-auth\s/d' ${config_file}
|
|
|
echo "tls-auth /etc/openvpn/keys/user_ta.key 1" >> ${config_file}
|
|
|
- else
|
|
|
+ elif ! grep -q '^\s*tls-auth\s' ${config_file}
|
|
|
+ then
|
|
|
crt_client_ta=""
|
|
|
fi
|
|
|
sed -i 's@^\s*ca\s.*$@ca /etc/openvpn/keys/ca-server.crt@g' ${config_file}
|
|
|
@@ -309,13 +324,11 @@ ynh_app_config_validate() {
|
|
|
sed -i 's@^\s*tls-auth\s.*$@tls-auth /etc/openvpn/keys/user-ta.key@g' ${config_file}
|
|
|
fi
|
|
|
|
|
|
- # Restrict permission
|
|
|
+ # Currently we need root priviledge to create tun0
|
|
|
if [ -f "${config_file}" ]
|
|
|
then
|
|
|
sed -i '/^\s*user\s/d' ${config_file}
|
|
|
sed -i '/^\s*group\s/d' ${config_file}
|
|
|
- echo "user vpnclient" >> ${config_file}
|
|
|
- echo "group vpnclient" >> ${config_file}
|
|
|
fi
|
|
|
|
|
|
_ynh_app_config_validate
|
ljf