Add advanced configuration (raw openvpn conf edition)

TODO

@@ -1,7 +1,2 @@
 * Translate PHP interface in French
 * Support VPN without certificates (only login) -- need tests
-* Add advanced configuration (raw openvpn conf edition)
-* Add "More details" security (just one click)
-* Add more [INFO] in status with autodetected variables
-* Check YunoHost IPv6 firewalling
-* Fix YunoHost IPv6 in bind

conf/init_ynh-vpnclient

@@ -292,8 +292,12 @@ case "${1}" in
   status)
     exitcode=0
 
+    echo "[INFO] Autodetected internet interface: ${new_wired_device} (last start: ${old_wired_device})"
+    echo "[INFO] Autodetected IPv6 address for the VPN server: ${new_server_ip6} (last start: ${old_server_ip6})"
+
     if has_ip6delegatedprefix; then
       echo "[INFO] IPv6 delegated prefix found"
+      echo "[INFO] IPv6 address computed from the delegated prefix: ${ynh_ip6_addr}"
 
       if ! has_hotspot_app; then
         echo "[INFO] No Hotspot app detected"
@@ -314,6 +318,7 @@ case "${1}" in
 
     if has_nativeip6; then
       echo "[INFO] Native IPv6 detected"
+      echo "[INFO] Autodetected native IPv6 gateway: ${new_ip6_gw} (last start: ${old_ip6_gw})"
 
       if is_serverip6route_set "${new_server_ip6}"; then
         echo "[OK] IPv6 server route correctly set"

conf/openvpn_client.conf.tpl

@@ -1,7 +1,12 @@
-remote <TPL:SERVER_NAME>
+# [WARN] Edit this raw configuration ONLY IF YOU KNOW what
+#        you do!
+# [WARN] Continue to use the placeholders <TPL:*> and keep
+#        update their value on the web admin (they are not
+#        only used for this file).
 
-# proto [ udp6 | udp | tcp6-client | tcp-client ]
+remote <TPL:SERVER_NAME>
 proto <TPL:PROTO>
+port <TPL:SERVER_PORT>
 
 pull
 nobind
@@ -9,9 +14,8 @@ dev tun
 tun-ipv6
 keepalive 10 30
 comp-lzo adaptive
-port <TPL:SERVER_PORT>
 
-# Auth by credentials
+# Authentication by login
 <TPL:LOGIN_COMMENT>auth-user-pass /etc/openvpn/keys/credentials
 
 # UDP only
@@ -20,9 +24,9 @@ port <TPL:SERVER_PORT>
 # TLS
 tls-client
 remote-cert-tls server
+ca /etc/openvpn/keys/ca-server.crt
 <TPL:CERT_COMMENT>cert /etc/openvpn/keys/user.crt
 <TPL:CERT_COMMENT>key /etc/openvpn/keys/user.key
-ca /etc/openvpn/keys/ca-server.crt
 
 # Logs
 verb 3

scripts/install

@@ -77,7 +77,11 @@ sudo install -o root -g root -m 0755 ../conf/ipv6_expanded /usr/local/bin/
 sudo install -o root -g root -m 0755 ../conf/ipv6_compressed /usr/local/bin/
 
 # Copy confs
-sudo install -b -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
+sudo chown root:admins /etc/openvpn/
+sudo chmod 775 /etc/openvpn/
+
+sudo install -b -o root -g admins -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
+sudo install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore
 sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
 sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf
 
@@ -133,7 +137,7 @@ sudo sed 's|^;\?\s*max_execution_time.\+|max_execution_time = 600|' -i /etc/php5
 sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php
 
 # Copy init script
-sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient
+sudo install -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient
 
 # Set default inits
 # The openvpn configuration is modified before the start, so the service is disabled by default

scripts/remove

@@ -10,7 +10,7 @@ sudo rm -f /etc/init.d/ynh-vpnclient
 sudo rm -f /tmp/.ynh-vpnclient-*
 
 # Remove confs
-sudo rm -f /etc/openvpn/client.conf{.tpl,}
+sudo rm -f /etc/openvpn/client.conf{.tpl,.tpl.restore,}
 sudo rm -f /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
 sudo rm -f /etc/php5/fpm/pool.d/vpnadmin.conf
 

sources/controller.php

@@ -45,6 +45,7 @@ function ipv6_compressed($ip) {
 dispatch('/', function() {
   $ip6_net = moulinette_get('ip6_net');
   $ip6_net = ($ip6_net == 'none') ? '' : $ip6_net;
+  $raw_openvpn = file_get_contents('/etc/openvpn/client.conf.tpl');
 
   set('server_name', moulinette_get('server_name'));
   set('server_port', moulinette_get('server_port'));
@@ -56,6 +57,7 @@ dispatch('/', function() {
   set('crt_client_key_exists', file_exists('/etc/openvpn/keys/user.key'));
   set('crt_server_ca_exists', file_exists('/etc/openvpn/keys/ca-server.crt'));
   set('faststatus', service_faststatus() == 0);
+  set('raw_openvpn', $raw_openvpn);
 
   return render('settings.html.php');
 });
@@ -114,7 +116,7 @@ dispatch_put('/settings', function() {
     }
 
   } catch(Exception $e) {
-    flash('error', $e->getMessage().T_(' (configuration not updated).'));
+    flash('error', $e->getMessage().' ('.T_('configuration not updated').').');
     goto redirect;
   }
   
@@ -128,6 +130,8 @@ dispatch_put('/settings', function() {
   moulinette_set('ip6_net', $ip6_net);
   moulinette_set('ip6_addr', $ip6_addr);
   
+  file_put_contents('/etc/openvpn/client.conf.tpl', $_POST['raw_openvpn']);
+
   if($_FILES['crt_client']['error'] == UPLOAD_ERR_OK) {
     move_uploaded_file($_FILES['crt_client']['tmp_name'], '/etc/openvpn/keys/user.crt');
   } elseif($_POST['crt_client_delete'] == 1) {
@@ -168,16 +172,16 @@ dispatch('/status', function() {
 
   foreach($status_lines AS $status_line) {
     if(preg_match('/^\[INFO\]/', $status_line)) {
-      $status_list .= "<li class='status-info'>${status_line}</li>";
+      $status_list .= '<li class="status-info">'.htmlspecialchars($status_line).'</li>';
     }
     elseif(preg_match('/^\[OK\]/', $status_line)) {
-      $status_list .= "<li class='status-success'>${status_line}</li>";
+      $status_list .= '<li class="status-success">'.htmlspecialchars($status_line).'</li>';
     }
     elseif(preg_match('/^\[WARN\]/', $status_line)) {
-      $status_list .= "<li class='status-warning'>${status_line}</li>";
+      $status_list .= '<li class="status-warning">'.htmlspecialchars($status_line).'</li>';
     }
     elseif(preg_match('/^\[ERR\]/', $status_line)) {
-      $status_list .= "<li class='status-danger'>${status_line}</li>";
+      $status_list .= '<li class="status-danger">'.htmlspecialchars($status_line).'</li>';
     }
   }
 

sources/public/css/style.css

@@ -6,7 +6,7 @@ li.status-warning {
   color: #D9534F;
 }
 
-li.status-danger {
+li.status-danger, div#raw_openvpn_panel {
   color: #D9534F;
 }
 
@@ -69,3 +69,12 @@ div#github {
 div#github a {
   margin-left: 17px;
 }
+
+div#raw_openvpn_panel {
+  display: none;
+}
+
+textarea#raw_openvpn {
+  height: 300px;
+  border: 1px solid #D9534F;
+}

sources/public/js/custom.js

@@ -50,6 +50,8 @@ $(document).ready(function() {
   });
 
   $('#statusbtn').click(function() {
+    if($('#status-loading').is(':hidden')) {
+      $('#status').hide();
       $('#status-loading').show();
 
       $.ajax({
@@ -59,5 +61,11 @@ $(document).ready(function() {
         $('#status-text').html('<ul>' + data + '</ul>');
         $('#status').show('slow');
       });
+    }
+  });
+
+  $('#raw_openvpn_btn').click(function() {
+    $('#raw_openvpn_btnpanel').hide();
+    $('#raw_openvpn_panel').show('low');
   });
 });

sources/views/settings.html.php

@@ -51,6 +51,20 @@
               </label>
             </div>
           </div>
+
+          <div class="form-group" id="raw_openvpn_btnpanel">
+            <label class="col-sm-3 control-label"></label>
+            <div class="col-sm-9">
+              <span class="glyphicon glyphicon-cog"></span> <a href="#" id="raw_openvpn_btn" data-toggle="tooltip" data-title="<?= T_('Edit the raw configuration only if you know what you do!') ?>"><?= T_('Advanced') ?></a>
+            </div>
+          </div>
+
+          <div class="form-group" id="raw_openvpn_panel">
+            <label for="raw_openvpn" class="col-sm-3 control-label"><?= T_('Advanced') ?></label>
+            <div class="col-sm-9">
+              <pre><textarea class="form-control" name="raw_openvpn" id="raw_openvpn"><?= $raw_openvpn ?></textarea></pre>
+            </div>
+          </div>
         </div>
       </div>