Changeset 2184


Ignore:
Timestamp:
Sep 19, 2012, 3:28:44 PM (7 years ago)
Author:
matthijs
Message:

openvpn: Allow setting static IPs for OpenVPN clients

This commit limits the automatically assigned addresses to 10.8.0.2 ->
10.8.0.127 and reserves 10.8.0.128 -> 10.8.0.253 for static assignment.
These addresses can be selected from a dropdown in the webinterface
(default is "automatic") and are then stored in uci.

When a client connects, the client-connect script is run, which checks
for a static IP and tells OpenVPN about this. If no static IP was
configured, OpenVPN falls back to automatically assigning an address
from the pool.

Thanks to Jon Spriggs for parts of this patch and a lot of research for
this feature.

Closes: #1180

Location:
trunk
Files:
4 added
1 deleted
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/fon/openvpn/files/etc/config/openvpn

    r2183 r2184  
    1313        option crl_verify crl.pem
    1414        option topology subnet
    15         option server "10.8.0.0 255.255.255.0"
     15        option server "10.8.0.0 255.255.255.0 nopool"
     16        # Use .2 - .127 for dynamic clients and .128 - .253 for static
     17        # clients.
     18        option ifconfig_pool "10.8.0.2 10.8.0.127"
    1619        option ifconfig_pool_persist /tmp/ipp.txt
     20        # Script to look up static addresses on connect
     21        option 'client_connect' '/etc/openvpn/client-connect-script'
     22        option 'script_security' '2'
    1723#       list push "route 192.168.10.0 255.255.255.0"
    1824#       list push "route 192.168.20.0 255.255.255.0"
  • trunk/luci/applications/luci-openvpn/luasrc/controller/openvpn.lua

    r2180 r2184  
    1717        page.icon       = "openvpn.png"
    1818        page.i18n = "openvpn"
    19         page.target = cbi("openvpn", {on_success_to={"fon_admin"}})
     19        page.target = cbi("openvpn")
    2020
    2121        local page  = node("fon_admin", "openvpn", "ovpn_config.zip")
    2222        page.target = call("openvpn_config")
    23 
    24         local page  = node("fon_admin", "openvpn", "del")
    25         page.target = call("openvpn_del")
    2623
    2724        local page  = node("fon_admin", "openvpn", "new")
     
    6865        http.write(f)
    6966end
    70 
    71 function openvpn_del()
    72         local http = require "luci.http"
    73         local client = http.formvalue("client")
    74         if require("luci.model.uci").cursor():get("openvpn", client, "name") ~= client then
    75                 os.execute("logger potential injection attempt?!")
    76                 return
    77         end
    78         http.redirect(luci.dispatcher.build_url("fon_admin", "openvpn"))
    79         -- Revoke the certificate, so the client really can't login
    80         -- anymore (and we can regenerate a client with the same name
    81         -- later on).
    82         os.execute("/usr/sbin/revoke-full "..section)
    83         os.execute("rm -rf /etc/openvpn/keys/"..client..".*")
    84         local uci = require("luci.model.uci").cursor()
    85         uci:load("openvpn")
    86         uci:delete("openvpn", client)
    87         uci:commit("openvpn")
    88 end
    89 
  • trunk/luci/applications/luci-openvpn/luasrc/model/cbi/openvpn.lua

    r2141 r2184  
    3737end
    3838
    39 local n = SimpleForm("client",
     39local n = Map("openvpn",
    4040        translate("openvpn_client_title", "Clients"),
    41         translate("openvpn_client_desc", "Here you can manage your clients"))
     41        translate("openvpn_client_desc", "Here you can manage your clients"))
     42s = n:section(TypedSection, "client", "", "")
     43s.anonymous = true
     44s.template = "cbi/tblsection"
    4245
    43 n:append(Template("openvpn_table"))
     46-- Make a list of connected clients and their IP addresses
     47local clients = {}
     48for line in io.lines("/tmp/openvpn.clients") do
     49        local first, last, name, ip = line:find("^CLIENT_LIST,([^,]*),[^,]*,([^,]*),.*")
     50        if first then
     51                clients[name] = ip
     52        end
     53end
     54
     55name = s:option(DummyValue, "name", translate("name", "Name"))
     56-- Show the online/offline status and currently assigned IP
     57status = s:option(DummyValue, "status", translate("fon_status", "Status"))
     58function status.value(self, section)
     59        local ip = clients[section]
     60        if ip then
     61                return "Online - " .. ip
     62        else
     63                return "Offline"
     64        end
     65end
     66-- Allow selecting a static IP. We offer the second half of the /24 for
     67-- static assignment, keeping the first half for dynamic assignment.
     68ip = s:option(ListValue, "ip", "IP")
     69ip:value("", "Automatic")
     70for i = 128, 253  do
     71        ip:value("10.8.0." .. tostring(i))
     72end
     73
     74download = s:option(Button, "configuration", translate("config", "Configuration"))
     75-- Use a custom template so we can use different texts on the button and
     76-- the column header and hide the button when the keys have not been
     77-- generated yet.
     78download.button_title = translate("download", "Download")
     79download.template = "openvpn_download"
     80-- Handle the button by redirecting to the config download url.
     81function download.write(self, section)
     82        local url = require("luci.dispatcher").build_url("fon_admin", "openvpn", "ovpn_config.zip") .. "?client=" .. section
     83        require("luci.http").redirect(url)
     84end
     85
     86remove = s:option(Button, "remove", translate("client", "Client"))
     87-- Use a custom template so we can use different texts on the button and
     88-- the column header and add an are you sure? prompt.
     89remove.button_title = translate("remove", "Remove")
     90remove.template = "openvpn_remove"
     91function remove.write(self, section)
     92        -- Check that the section exists
     93        if uci:get("openvpn", section, "name") ~= section then
     94                os.execute("logger potential injection attempt")
     95                return
     96        end
     97        -- Revoke the certificate, so the client really can't login
     98        -- anymore (and we can regenerate a client with the same name
     99        -- later on).
     100        os.execute("/usr/sbin/revoke-full "..section)
     101        uci:delete("openvpn", section)
     102        uci:commit("openvpn")
     103        os.execute("rm -rf /etc/openvpn/keys/"..section..".*")
     104end
     105
     106-- Show some extra buttons
     107n:append(Template("openvpn_buttons"))
     108
    44109
    45110return m, n
  • trunk/luci/modules/admin-fon/root/sbin/save-config.sh

    r2181 r2184  
    127127    echo "config 'client' '$1'"
    128128    echo "      option 'name' '$(config_get "$1" name)'"
     129    echo "      option 'ip' '$(config_get "$1" ip)'"
    129130}
    130131config_foreach save_client 'client'
Note: See TracChangeset for help on using the changeset viewer.