Changeset 2182


Ignore:
Timestamp:
Sep 19, 2012, 3:28:11 PM (7 years ago)
Author:
matthijs
Message:

luci-openvpn: Allow setting a passphrase for new clients.

Closes: #912

Location:
trunk/luci
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/luci/applications/luci-openvpn/luasrc/model/cbi/openvpn/new.lua

    r1596 r2182  
    77        translate("openvpn_new_desc", "Please specify the name of this connection."))
    88local x = n:field(Value, "client", translate("name", "Name"))
     9local y = n:field(Value, "passphrase", translate("openvpn_passphrase", "Passhrase"),
     10                  translate("openvpn_passphrase_desc", "This passphrase will be used to encrypt the key file for the client. It will need to be entered on every connection. Leave empty for no passphrase."))
    911function n.handle(self, state, data)
    1012        if state == FORM_VALID  and data.client and #data.client > 0 then
     
    1416                uci:section("openvpn", "client", data.client, {name=data.client})
    1517                uci:commit("openvpn")
    16                 os.execute("/usr/sbin/pkitool \""..data.client.."\"&")
     18                cmd = "/usr/sbin/pkitool \""..data.client.."\""
     19
     20                if data.passphrase and #data.passphrase > 0 then
     21                        local keyfile = "/etc/openvpn/keys/" .. data.client .. ".key"
     22                        -- Escape "$`\ with a backslash, to prevent
     23                        -- them being interpreted by the shell below.
     24                        local pass = data.passphrase:gsub("([\"$`\\\\])", "\\%1")
     25                        -- Encrypt the keyfile with AES and a
     26                        -- passphrase. We call openssl directly, since
     27                        -- pkitool doesn't support non-interactive
     28                        -- passphrase passing.
     29                        cmd = cmd .. ";openssl rsa -aes256 -in \""..keyfile.."\" -out \""..keyfile.."\" -passout \"pass:"..pass.."\""
     30                end
     31                -- Run the command(s) in the background
     32                os.execute("(" .. cmd .. ")&")
    1733        end
    1834        return true
  • trunk/luci/i18n/english/luasrc/i18n/default.en.lua

    r2181 r2182  
    132132openvpn_new_desc = "Please specify the name of this connection."
    133133openvpn_new_title = "Add a new VPN Clients"
     134openvpn_passphrase = "Passhrase"
     135openvpn_passphrase_desc = "This passphrase will be used to encrypt the key file for the client. It will need to be entered on every connection. Leave empty for no passphrase."
    134136openvpn_port = "TCP or UDP port"
    135137openvpn_proto = "Protocol"
Note: See TracChangeset for help on using the changeset viewer.