Browse Source

Add credentials option and switch delegated prefix to optional

Julien VAUBOURG 10 years ago
parent
commit
743553bdc7
7 changed files with 124 additions and 39 deletions
  1. 36 22
      conf/init_ynh-vpnclient
  2. 3 0
      conf/openvpn_client.conf.tpl
  3. 12 4
      manifest.json
  4. BIN
      screenshot.png
  5. 16 12
      scripts/install
  6. 19 0
      sources/controller.php
  7. 38 1
      sources/views/settings.html.php

+ 36 - 22
conf/init_ynh-vpnclient

@@ -20,6 +20,10 @@ has_hotspot_app() {
   yunohost app list -f hotspot --json | grep -q '"installed": true'
 }
 
+has_ip6delegatedprefix() {
+  [ "${ynh_ip6_addr}" != none ]
+}
+
 is_ip6addr_set() {
   ip address show dev tun0 2> /dev/null | grep -q "${ynh_ip6_addr}/128"
 }
@@ -27,7 +31,11 @@ is_ip6addr_set() {
 is_serverip6route_set() {
   server_ip6=${1}
 
-  ip -6 route | grep -q "${server_ip6}/"
+  if [ -z "${server_ip6}" ]; then
+    false
+  else
+    ip -6 route | grep -q "${server_ip6}/"
+  fi
 }
 
 is_openvpn_running() {
@@ -36,7 +44,7 @@ is_openvpn_running() {
 
 is_running() {
   ((has_nativeip6 && is_serverip6route_set "${new_server_ip6}") || ! has_nativeip6)\
-  && ((! has_hotspot_app && is_ip6addr_set) || has_hotspot_app)\
+  && ((! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set) || has_hotspot_app)\
   && is_openvpn_running
 }
 
@@ -78,6 +86,12 @@ start_openvpn() {
     sed 's|^<TPL:UDP_COMMENT>|;|' -i /etc/openvpn/client.conf
   fi
 
+  if [ -z "${ynh_login_user}" ]; then
+    sed 's|^<TPL:LOGIN_COMMENT>|;|' -i /etc/openvpn/client.conf
+  else
+    sed 's|^<TPL:LOGIN_COMMENT>||' -i /etc/openvpn/client.conf
+  fi
+
   service openvpn start client
 }
 
@@ -134,6 +148,7 @@ ynh_server_name=$(moulinette_get server_name)
 ynh_server_port=$(moulinette_get server_port)
 ynh_server_proto=$(moulinette_get server_proto)
 ynh_ip6_addr=$(moulinette_get ip6_addr)
+ynh_login_user=$(moulinette_get login_user)
 
 old_ip6_gw=$(moulinette_get ip6_gw)
 old_wired_device=$(moulinette_get wired_device)
@@ -167,21 +182,13 @@ case "${1}" in
         if [ ! $? -eq 0 ]; then
           exit 1
         fi
-
-        i=0
-        false || while [ $? -ne 0 ]; do
-          (( i++ ))
-          [ $i -gt 15 ] && exit 1
-          sleep 1
-          ip link show dev tun0 &> /dev/null
-        done && sleep 2
       fi
 
       # Check old state of the server ipv6 route
-      if [ ! -z "${old_server_ip6}" -a ! -z "${new_ip6_gw}" -a ! -z "${old_wired_device}"\
+      if [ ! -z "${old_server_ip6}" -a ! -z "${old_ip6_gw}" -a ! -z "${old_wired_device}"\
            -a \( "${new_server_ip6}" != "${old_server_ip6}" -o "${new_ip6_gw}" != "${old_ip6_gw}"\
            -o "${new_wired_device}" != "${old_wired_device}" \) ]\
-         && is_serverip6route_set "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"; then
+         && is_serverip6route_set "${old_server_ip6}"; then
 
         unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"
       fi
@@ -189,13 +196,18 @@ case "${1}" in
       # Set the new server ipv6 route
       if has_nativeip6 && ! is_serverip6route_set "${new_server_ip6}"; then
         echo "Set IPv6 server route"
-
         set_serverip6route "${new_server_ip6}" "${new_ip6_gw}" "${new_wired_device}"
       fi
 
       # Set the ipv6 address
-      if ! has_hotspot_app && ! is_ip6addr_set; then
+      if ! has_hotspot_app && has_ip6delegatedprefix && ! is_ip6addr_set; then
         echo "Set IPv6 address"
+
+        false || while [ $? -ne 0 ]; do
+          sleep 1
+          ip link show dev tun0 &> /dev/null
+        done
+
         set_ip6addr
       fi
     fi
@@ -208,7 +220,7 @@ case "${1}" in
   stop)
     echo "Stopping..."
 
-    if ! has_hotspot_app && is_ip6addr_set; then
+    if ! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set; then
       echo "Unset IPv6 address"
       unset_ip6addr
     fi
@@ -226,15 +238,17 @@ case "${1}" in
   status)
     exitcode=0
 
-    if ! has_hotspot_app; then
-      if is_ip6addr_set; then
-        echo "IPv6 address is correctly set"
+    if has_ip6delegatedprefix; then
+      if ! has_hotspot_app; then
+        if is_ip6addr_set; then
+          echo "IPv6 address is correctly set"
+        else
+          echo "IPv6 address is NOT set"
+          exitcode=1
+        fi
       else
-        echo "IPv6 address is NOT set"
-        exitcode=1
+        echo "Hotspot app detected"
       fi
-    else
-      echo "Hotspot app detected"
     fi
 
     if has_nativeip6; then

+ 3 - 0
conf/openvpn_client.conf.tpl

@@ -11,6 +11,9 @@ keepalive 10 30
 comp-lzo adaptive
 port <TPL:SERVER_PORT>
 
+# Auth by credentials
+<TPL:LOGIN_COMMENT>auth-user-pass /etc/openvpn/keys/credentials
+
 # UDP only
 <TPL:UDP_COMMENT>explicit-exit-notify
 

+ 12 - 4
manifest.json

@@ -68,12 +68,20 @@
         "default": "/tmp/ca-server.crt"
       },
       {
-        "name": "ip6_net",
+        "name": "credentials_user",
         "ask": {
-            "en": "Select your IPv6 delegated prefix (netmask number provided must be lesser or equal to 64)",
-            "fr": "Sélectionnez votre préfixe IPv6 délégué (le masque de sous-réseau fourni doit être plus petit ou égal à 64)"
+            "en": "Select your VPN username (leave empty if not necessary)",
+            "fr": "Sélectionnez votre nom d'utilisateur VPN (laisser vide si non-nécessaire)"
         },
-        "example": "2001:db8:42::/48"
+        "example": "michu"
+      },
+      {
+        "name": "credentials_passphrase",
+        "ask": {
+            "en": "Select your VPN password (leave empty if not necessary)",
+            "fr": "Sélectionnez votre mot de passe VPN (laisser vide si non-nécessaire)"
+        },
+        "example": "XVCwSbDkxnqQ"
       }
     ]
   }

BIN
screenshot.png


+ 16 - 12
scripts/install

@@ -7,7 +7,8 @@ server_name=${3}
 crt_client_path=${4}
 crt_client_key_path=${5}
 crt_server_ca_path=${6}
-ip6_net=${7}
+login_user=${7}
+login_passphrase=${8}
 
 # Check arguments
 # TODO
@@ -24,18 +25,14 @@ sudo apt-get --assume-yes --force-yes install openvpn php5-fpm
 # Install extra packages
 sudo apt-get --assume-yes --force-yes install sipcalc
 
-# Compute extra arguments
-ip6_expanded_net=$(sipcalc "${ip6_net}" | grep Expanded | awk '{ print $NF; }')
-ip6_net=$(sipcalc "${ip6_net}" | grep Compressed | awk '{ print $NF; }')
-ip6_addr=$(echo "$(echo "${ip6_expanded_net}" | cut -d: -f1-7):1")
-ip6_addr=$(sipcalc "${ip6_addr}" | grep Compressed | awk '{ print $NF; }')
-
 # Save arguments
 sudo yunohost app setting vpnclient server_name -v "${server_name}"
 sudo yunohost app setting vpnclient server_port -v 1194
 sudo yunohost app setting vpnclient server_proto -v udp
-sudo yunohost app setting vpnclient ip6_addr -v "${ip6_addr}"
-sudo yunohost app setting vpnclient ip6_net -v "${ip6_net}"
+sudo yunohost app setting vpnclient ip6_addr -v none
+sudo yunohost app setting vpnclient ip6_net -v none
+sudo yunohost app setting vpnclient login_user -v "${login_user}"
+sudo yunohost app setting vpnclient login_passphrase -v "${login_passphrase}"
 
 # Copy confs
 sudo install -b -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
@@ -60,6 +57,15 @@ sudo install -b -o root -g admins -m 0660 "${crt_server_ca_path}" /etc/openvpn/k
 
 sudo rm -f "${crt_client_path}" "${crt_client_key_path}" "${crt_server_ca_path}"
 
+# Credentials file for (optional) login
+sudo cat << EOF > /etc/openvpn/keys/credentials
+${login_user}
+${login_passphrase}
+EOF
+
+sudo chown -R root:admins /etc/openvpn/keys/credentials
+sudo chmod 0460 /etc/openvpn/keys/credentials
+
 # Create user for the web admin
 sudo useradd -MUr vpnadmin
 
@@ -85,9 +91,7 @@ sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/y
 # Set default inits
 # The openvpn configuration is modified before the start, so the service is disabled by default
 # and the ynh-vpnclient service handles it.
-# All services are registred by yunohost in order to prevent conflicts after the uninstall.
-sudo yunohost service add openvpn
-sudo yunohost service stop openvpn
+sudo service openvpn stop &> /dev/null
 sudo yunohost service disable openvpn
 
 sudo yunohost service add php5-fpm

+ 19 - 0
sources/controller.php

@@ -16,17 +16,36 @@ function restart_service() {
 }
 
 dispatch('/', function() {
+  $ip6_net = moulinette_get('ip6_net');
+  $ip6_net = ($ip6_net == 'none') ? '' : $ip6_net;
+
   set('server_name', moulinette_get('server_name'));
   set('server_port', moulinette_get('server_port'));
   set('server_proto', moulinette_get('server_proto'));
+  set('login_user', moulinette_get('login_user'));
+  set('login_passphrase', moulinette_get('login_passphrase'));
+  set('ip6_net', $ip6_net);
 
   return render('settings.html.php');
 });
 
 dispatch_put('/settings', function() {
+  $ip6_net = empty($_POST['ip6_net']) ? 'none' : $_POST['ip6_net'];
+
   moulinette_set('server_name', $_POST['server_name']);
   moulinette_set('server_port', $_POST['server_port']);
   moulinette_set('server_proto', $_POST['server_proto']);
+  moulinette_set('login_user', $_POST['login_user']);
+  moulinette_set('login_passphrase', $_POST['login_passphrase']);
+  moulinette_set('ip6_net', $ip6_net);
+
+  # TODO: format ip6_net
+  if($ip6_net == 'none') {
+    moulinette_set('ip6_addr', 'none');
+  } else {
+    $ip6_addr = "${ip6_net}1";
+    moulinette_set('ip6_addr', $ip6_addr);
+  }
 
   if($_FILES['crt_client']['error'] == UPLOAD_ERR_OK) {
     move_uploaded_file($_FILES['crt_client']['tmp_name'], '/etc/openvpn/keys/user.crt');

+ 38 - 1
sources/views/settings.html.php

@@ -28,7 +28,7 @@
           </div>
     
           <div class="form-group">
-            <label for="server_port" class="col-sm-3 control-label"><?= T_('Protocol') ?></label>
+            <label for="server_proto" class="col-sm-3 control-label"><?= T_('Protocol') ?></label>
             <div class="btn-group col-sm-9" data-toggle="buttons">
               <label class="btn btn-default <?= $server_proto == 'udp' ? 'active' : '' ?>">
                 <input type="radio" name="server_proto" value="udp" <?= $server_proto == 'udp' ? 'checked="cheked"' : '' ?> /> <?= T_('UDP') ?>
@@ -42,6 +42,21 @@
         </div>
       </div>
 
+      <div class="panel panel-success">
+        <div class="panel-heading">
+          <h3 class="panel-title" data-toggle="tooltip" data-title="<?= T_('Real Internet') ?>"><?= T_("IPv6") ?></h3>
+        </div>
+
+        <div style="padding: 14px 14px 0 10px">
+          <div class="form-group">
+            <label for="ip6_net" class="col-sm-3 control-label"><?= T_('Delegated prefix') ?></label>
+            <div class="col-sm-9">
+              <input type="text" data-toggle="tooltip" data-title="<?= T_('Leave empty if your internet provider is a dirty provider that does not give you a delegated prefix') ?>" class="form-control" name="ip6_net" id="ip6_net" placeholder="2001:db8:42::" value="<?= $ip6_net ?>" />
+            </div>
+          </div>
+        </div>
+      </div>
+
       <div class="panel panel-default">
         <div class="panel-heading">
           <h3 class="panel-title"><?= T_("Certificates") ?></h3>
@@ -77,6 +92,28 @@
         </div>
       </div>
 
+      <div class="panel panel-default">
+        <div class="panel-heading">
+          <h3 class="panel-title"><?= T_("Login") ?></h3>
+        </div>
+
+        <div style="padding: 14px 14px 0 10px">
+          <div class="form-group">
+            <label for="login_user" class="col-sm-3 control-label"><?= T_('Username') ?></label>
+            <div class="col-sm-9">
+              <input type="text" data-toggle="tooltip" data-title="<?= T_('Leave empty if not necessary') ?>" class="form-control" name="login_user" id="login_user" placeholder="michu" value="<?= $login_user ?>" />
+            </div>
+          </div>
+
+          <div class="form-group">
+            <label for="login_passphrase" class="col-sm-3 control-label"><?= T_('Password') ?></label>
+            <div class="col-sm-9">
+              <input type="text" data-toggle="tooltip" data-title="<?= T_('Leave empty if not necessary') ?>" class="form-control" name="login_passphrase" id="login_passphrase" placeholder="XVCwSbDkxnqQ" value="<?= $login_passphrase ?>" />
+            </div>
+          </div>
+        </div>
+      </div>
+
       <div class="form-group">
         <div style="text-align: center">
           <button type="submit" class="btn btn-default" data-toggle="tooltip" data-title="<?= T_('Reloading may take a few minutes. Be patient.') ?>"><?= T_('Save and reload') ?></button>