From 3f0bb7ed568a2ce8d516eedd82ee24bb7c97d876 Mon Sep 17 00:00:00 2001
From: Julien Vaubourg <julien@vaubourg.com>
Date: Tue, 29 Sep 2015 14:11:00 +0200
Subject: [PATCH] Update OpenVPN config and add openvpn_rm option

---
 conf/openvpn_client.conf.tpl                  |   2 +
 sources/controller.php                        |  49 +++++++++++++-----
 .../i18n/fr_FR/LC_MESSAGES/localization.mo    | Bin 6466 -> 6595 bytes
 .../i18n/fr_FR/LC_MESSAGES/localization.po    |  34 ++++++------
 sources/i18n/localization.pot                 |  32 +++++++-----
 5 files changed, 76 insertions(+), 41 deletions(-)

diff --git a/conf/openvpn_client.conf.tpl b/conf/openvpn_client.conf.tpl
index a308c66..d6b0a85 100644
--- a/conf/openvpn_client.conf.tpl
+++ b/conf/openvpn_client.conf.tpl
@@ -14,6 +14,7 @@ dev tun
 tun-ipv6
 keepalive 10 30
 comp-lzo adaptive
+resolv-retry infinite
 
 # Authentication by login
 <TPL:LOGIN_COMMENT>auth-user-pass /etc/openvpn/keys/credentials
@@ -25,6 +26,7 @@ comp-lzo adaptive
 tls-client
 <TPL:TA_COMMENT>tls-auth /etc/openvpn/keys/user_ta.key 1
 remote-cert-tls server
+ns-cert-type server
 ca /etc/openvpn/keys/ca-server.crt
 <TPL:CERT_COMMENT>cert /etc/openvpn/keys/user.crt
 <TPL:CERT_COMMENT>key /etc/openvpn/keys/user.key
diff --git a/sources/controller.php b/sources/controller.php
index b1d4c92..f462f7c 100644
--- a/sources/controller.php
+++ b/sources/controller.php
@@ -84,10 +84,6 @@ function readAutoConf($file) {
     $config['crt_client_ta'] = str_replace('|', "\n", $config['crt_client_ta']);
   }
 
-  if(!empty($config['openvpn_add'])) {
-    $config['openvpn_add'] = str_replace('|', "\n", $config['openvpn_add']);
-  }
-
   return $config;
 }
 
@@ -126,14 +122,20 @@ dispatch_put('/settings', function() {
     $config = $_POST;
     $autoconf = false;
 
-    if($_FILES['cubefile']['error'] == UPLOAD_ERR_OK) {
-      $config = readAutoConf($_FILES['cubefile']['tmp_name']);
-      $autoconf = true;
-    }
-    $ip6_net = empty($config['ip6_net']) ? 'none' : $config['ip6_net'];
-    $ip6_addr = 'none';
-
     try {
+      if($_FILES['cubefile']['error'] == UPLOAD_ERR_OK) {
+        $config = readAutoConf($_FILES['cubefile']['tmp_name']);
+
+        if(is_null($config)) {
+          throw new Exception(_('Json Syntax Error, please check your dot cube file'));
+        }
+
+        $autoconf = true;
+      }
+  
+      $ip6_net = empty($config['ip6_net']) ? 'none' : $config['ip6_net'];
+      $ip6_addr = 'none';
+
       if(empty($config['server_name']) || empty($config['server_port']) || empty($config['server_proto'])) {
         throw new Exception(_('The Server Address, the Server Port and the Protocol cannot be empty'));
       }
@@ -207,9 +209,32 @@ dispatch_put('/settings', function() {
     if($autoconf) {
       copy('/etc/openvpn/client.conf.tpl.restore', '/etc/openvpn/client.conf.tpl');
 
+      if(!empty($config['openvpn_rm'])) {
+        $raw_openvpn = explode("\n", file_get_contents('/etc/openvpn/client.conf.tpl'));
+        $fopenvpn = fopen('/etc/openvpn/client.conf.tpl', 'w');
+
+        foreach($raw_openvpn AS $opt) {
+          $filtered = false;
+
+          if(!preg_match('/^#/', $opt) && !preg_match('/<TPL:/', $opt)) {
+            foreach($config['openvpn_rm'] AS $filter) {
+              if(preg_match("/$filter/i", $opt)) {
+                $filtered = true;
+              }
+            }
+          }
+
+          if(!$filtered) {
+            fwrite($fopenvpn, "$opt\n");
+          }
+        }
+
+        fclose($fopenvpn);
+      }
+
       if(!empty($config['openvpn_add'])) {
         $raw_openvpn = file_get_contents('/etc/openvpn/client.conf.tpl');
-        $raw_openvpn .= "\n# Custom\n".$config['openvpn_add'];
+        $raw_openvpn .= "\n# Custom\n".implode("\n", $config['openvpn_add']);
 
         file_put_contents('/etc/openvpn/client.conf.tpl', $raw_openvpn);
       }
diff --git a/sources/i18n/fr_FR/LC_MESSAGES/localization.mo b/sources/i18n/fr_FR/LC_MESSAGES/localization.mo
index d7120add5b3d15a02abd7187e4f63948181bee33..c3f856380f5cc390fefc6f0e8073782568135282 100644
GIT binary patch
delta 1689
zcmY+^Sx8h-9LMovt}R+wS((-`En8e?%u-v-1uMujt=<9~uQ_N<T$c)}De9%51tJI{
zsE3Mz0+D*?!3T{9i|{?^p^XTlqJp-EzP~$HsDuCc+<WHUbN=Uljx!t>2}WP0CtNbL
zdLoOcn`BHIb|>&b`<zH0e!&e`o@7i4_TxN^Vj5n?bi9R=@geeO9`UgnpJFk_CleUN
zxx8*x$1cn^T*DW8k-5w@)WA1!8s5hM4x<wNj@vPvY^u;fC3+n-@jKLeA8{)F^81s>
zj!Tp388s$@i$XdUA!C}YI30KRI;ceYPy?MpJ$C`K@iJ;f4{!xO#9VxfN@((w*vcDm
zGxx_(&p*K?<~Pr{n1$JlJ`+oE2G-(iY(;$^_P;-hsobAOJ$DuL+&$FFMo<$xLxwhE
zsI7W|{F!h5y~-0^OUHaJRMMR|2Yav@PopX`iVprjJ-?gT=i?RB3h(2QI7*C-+#jTT
zJMb~8QdwlV0P|1@SM#Cwn`f~9%BYJDs$~wMCOCohID}eB0%gg>6y(sDTx`H9)Lx%N
z9lkS2j^-+^!#lVL-{T%k;USINg*xN|>C|5X%%Z-`WinA2uSE3+Q3F<@5^O*X+>EN!
zc~og{Aaj@@R3c-jGxQoY-dD8v8?~S;_NyFi)W6t;Ep(j2N_>Ugn9VGD;S6ro_ox+(
zqe}P(RoaY<*kKG{4);x{eis+wIn);4MZG_YN;vv~3r+9`by!qiy*L%MHTkF)f>?nq
zSb}GLhp?6VPZ-2H%5fYI;U@fvN}z^pRq{5BLsf~2Qh%COTu3Y@SdiEBucf9kt|9cB
zpth1wLfRfBuJY;-))HEgs-jjyXvJz2Gxp<!N?vD7i<#ul?`61=4mBM#HB}*((Ee8u
z|F&vwylVNKI#g;!#8U4n_MtOH0lZ(p02UK@#41Ans^0u7u#~U_RW$5`cgU6@|52uZ
zP+LN1OD0+w7b>}aoYWS_FbTe#wf|ZUclpHniQbL2cJNK&^SHp4p2&XNa(I7l+aX);
zx)Ha)9_V)3dK??-bV6PBaHP+*?U7y^>f7Vkj&Qd#IFP(EDY3MyvZUhTw6t7Zm6i;a
zr3K^Hc>~yX$M$#wI##0>*nN&03ah(+<hC2`2s^IrkMz14F4U>JA`L#+F>^fmFF8P`
A4gdfE

delta 1549
zcmZY9OGs346vy#nzVbEcSoW}oIi_Zs)6AHrj*h)d$c#z~i$Li?6a}_0G8iGk41y@^
zK|x^D!ktbL5iLw|(Z(nctO(sziy$Iu6ZHMvxkAuk&i&jw_ul{G{QooK!Iy#PCvVcA
z5nIXSWc@s|PCS&vftX2--<!oou8UL5=HoG3f@jc!m(h#2Fb#*1k3Hs4jnA<Xe_$f|
zQq2~dMXe-$VvShCjr~Ypb`90=P0YlHr~!`R9-PEFEMznq{9#mw4^Yn!V+KBTzaK|F
z_S*FwR?xqF<b<{?onbFPuWKP{00C4(O{nKuaRs)cW^xwGum^oOgc{HUYQ`DqW-VBU
zdj1mb#sSQwe|yhK4t~RIRBsC*2XnC)b-xy~a3|`y4%BleQ8Vj9bufT5Wmi#4bQ}5D
zh<p74>$#r7s7jhky%wP#Be)$aupf`&6Vwa&^u81ipk~;O7ZNBj?&3N``P%U!s#4RK
zkF%%&|3SU);X(r{&8GfT$wGXg4jOP9_M&DohRg63vRP~foAEblts|60o30rdqjlga
zJdR!1k81BLYE%1pSnpj&ny@=w>aURwyEjHr4Lw5*Yy!jh22~*s>!FesA#GY1xn*t0
z<g5$TUN;utdDKMi;zqphI)!_=&Wf^twVZU~DZGbzA&uTz^#E!{2T`T#MU`|AwFyUX
zHBP$Uf5(+vXXV9zE#;{9TTlZ&foi`OwMU{+PSoHP)S5g(y)cTK@Gbf=llsdr?!(g<
z#BuDyU$_I$Q63Fo3{~<OOh8ph6;-I+a<Wvve<tjNHljjhtS0pzpeQ5Npw>+zS9!OP
zn@P<`%b{o@H4z2XwFa_^tR(Bm8j}AuCsetJbH@6stO{+kLQ?CmCHXfRxlp<0Lc3p4
zL9TJm;s<Ri3gN8v23$}2$PlTYsA4UtN~+3vM>w!#&h9Tkeo3~DR1}d~lDSa11El_x
y6k2yhQk?&e1$<LXhGSonrxRj7Q`=LL{ejw0@J5@*=bTl=dOX3z*yo%Nseb`uQG25R

diff --git a/sources/i18n/fr_FR/LC_MESSAGES/localization.po b/sources/i18n/fr_FR/LC_MESSAGES/localization.po
index 0bc1a66..12d2a57 100644
--- a/sources/i18n/fr_FR/LC_MESSAGES/localization.po
+++ b/sources/i18n/fr_FR/LC_MESSAGES/localization.po
@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: data 2\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-09-29 02:43+0200\n"
-"PO-Revision-Date: 2015-09-29 02:45+0200\n"
+"POT-Creation-Date: 2015-09-29 14:09+0200\n"
+"PO-Revision-Date: 2015-09-29 14:10+0200\n"
 "Last-Translator: samy boutayeb <samy@langues-etcetera.fr>\n"
 "Language-Team: none\n"
 "Language: fr\n"
@@ -19,62 +19,66 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 "X-Generator: Poedit 1.8.4\n"
 
-#: sources/controller.php:138
+#: sources/controller.php:130
+msgid "Json Syntax Error, please check your dot cube file"
+msgstr "Error de syntaxe Json, merci de vérifier votre fichier .cube"
+
+#: sources/controller.php:140
 msgid "The Server Address, the Server Port and the Protocol cannot be empty"
 msgstr ""
 "L'adresse du serveur, le port du serveur et le protocole ne peuvent pas être "
 "vides"
 
-#: sources/controller.php:142
+#: sources/controller.php:144
 msgid "The Server Port must be only composed of digits"
 msgstr "Le port du serveur ne peut correspondre qu'à des chiffres"
 
-#: sources/controller.php:146
+#: sources/controller.php:148
 msgid "The Protocol must be \"udp\" or \"tcp\""
 msgstr "Le protocole ne peut correspondre qu'à \"udp\" ou \"tcp\""
 
-#: sources/controller.php:150
+#: sources/controller.php:152
 msgid "You need to define two DNS resolver addresses"
 msgstr "Vous devez définir deux adresses de résolveur DNS"
 
-#: sources/controller.php:154
+#: sources/controller.php:156
 msgid "A Password is needed when you suggest a Username, or vice versa"
 msgstr ""
 "Un mot de passe est nécessaire si vous proposez un nom d'utilisateur, et "
 "inversement"
 
-#: sources/controller.php:161
+#: sources/controller.php:163
 msgid "A Client Certificate is needed when you suggest a Key, or vice versa"
 msgstr ""
 "Un certificat client est nécessaire si vous proposez une clé, et inversement"
 
-#: sources/controller.php:165
+#: sources/controller.php:167
 msgid "You need a Server CA."
 msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur"
 
-#: sources/controller.php:169
+#: sources/controller.php:171
 msgid "You need either a Client Certificate, either a Username, or both"
 msgstr ""
 "Vous devez avoir soit un certificat client, soit un nom d'utilisateur, soit "
 "les deux"
 
-#: sources/controller.php:176
+#: sources/controller.php:178
 msgid "The IPv6 Delegated Prefix format looks bad"
 msgstr "Le format du préfixe IPv6 délégué semble incorrect"
 
-#: sources/controller.php:187
+#: sources/controller.php:189
 msgid "configuration not updated"
 msgstr "configuration non-mise à jour"
 
-#: sources/controller.php:285
+#: sources/controller.php:310
 msgid "Configuration updated and service successfully reloaded"
 msgstr "Configuration mise à jour et service correctement rechargé"
 
-#: sources/controller.php:287
+#: sources/controller.php:312
 msgid "Configuration updated but service reload failed"
 msgstr "Configuration mise à jour mais le rechargement du service a échoué"
 
-#: sources/controller.php:291
+#: sources/controller.php:316
 msgid "Service successfully disabled"
 msgstr "Service désactivé avec succès"
 
diff --git a/sources/i18n/localization.pot b/sources/i18n/localization.pot
index 549bea8..f154d35 100644
--- a/sources/i18n/localization.pot
+++ b/sources/i18n/localization.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-09-29 02:43+0200\n"
+"POT-Creation-Date: 2015-09-29 14:09+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,55 +17,59 @@ msgstr ""
 "Content-Type: text/plain; charset=CHARSET\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: sources/controller.php:138
+#: sources/controller.php:130
+msgid "Json Syntax Error, please check your dot cube file"
+msgstr ""
+
+#: sources/controller.php:140
 msgid "The Server Address, the Server Port and the Protocol cannot be empty"
 msgstr ""
 
-#: sources/controller.php:142
+#: sources/controller.php:144
 msgid "The Server Port must be only composed of digits"
 msgstr ""
 
-#: sources/controller.php:146
+#: sources/controller.php:148
 msgid "The Protocol must be \"udp\" or \"tcp\""
 msgstr ""
 
-#: sources/controller.php:150
+#: sources/controller.php:152
 msgid "You need to define two DNS resolver addresses"
 msgstr ""
 
-#: sources/controller.php:154
+#: sources/controller.php:156
 msgid "A Password is needed when you suggest a Username, or vice versa"
 msgstr ""
 
-#: sources/controller.php:161
+#: sources/controller.php:163
 msgid "A Client Certificate is needed when you suggest a Key, or vice versa"
 msgstr ""
 
-#: sources/controller.php:165
+#: sources/controller.php:167
 msgid "You need a Server CA."
 msgstr ""
 
-#: sources/controller.php:169
+#: sources/controller.php:171
 msgid "You need either a Client Certificate, either a Username, or both"
 msgstr ""
 
-#: sources/controller.php:176
+#: sources/controller.php:178
 msgid "The IPv6 Delegated Prefix format looks bad"
 msgstr ""
 
-#: sources/controller.php:187
+#: sources/controller.php:189
 msgid "configuration not updated"
 msgstr ""
 
-#: sources/controller.php:285
+#: sources/controller.php:310
 msgid "Configuration updated and service successfully reloaded"
 msgstr ""
 
-#: sources/controller.php:287
+#: sources/controller.php:312
 msgid "Configuration updated but service reload failed"
 msgstr ""
 
-#: sources/controller.php:291
+#: sources/controller.php:316
 msgid "Service successfully disabled"
 msgstr ""