From e001f16c2df041ab12ea653f5df17461fddf4433 Mon Sep 17 00:00:00 2001 From: Julien Vaubourg Date: Mon, 28 Sep 2015 16:53:22 +0200 Subject: [PATCH 1/8] Fix #22 --- conf/openvpn_client.conf.tpl | 10 +- conf/ynh-vpnclient | 40 ++++- scripts/install | 2 + sources/controller.php | 8 + .../i18n/fr_FR/LC_MESSAGES/localization.mo | Bin 5755 -> 6011 bytes .../i18n/fr_FR/LC_MESSAGES/localization.po | 140 ++++++++++-------- sources/i18n/localization.pot | 122 ++++++++------- sources/views/settings.html.php | 54 ++++--- 8 files changed, 233 insertions(+), 143 deletions(-) diff --git a/conf/openvpn_client.conf.tpl b/conf/openvpn_client.conf.tpl index 696cabe..5488820 100644 --- a/conf/openvpn_client.conf.tpl +++ b/conf/openvpn_client.conf.tpl @@ -1,8 +1,8 @@ -# [WARN] Edit this raw configuration ONLY IF YOU KNOW what -# you do! -# [WARN] Continue to use the placeholders and keep -# update their value on the web admin (they are not -# only used for this file). +# [WARN] Edit this raw configuration ONLY IF YOU KNOW +# what you do! +# [WARN] Continue to use the placeholders and +# keep update their value on the web admin (they +# are not only used for this file). remote proto diff --git a/conf/ynh-vpnclient b/conf/ynh-vpnclient index f7debf7..86b0dc2 100644 --- a/conf/ynh-vpnclient +++ b/conf/ynh-vpnclient @@ -52,6 +52,11 @@ is_serverip6route_set() { fi } +is_dns_set() { + [ -e /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient ]\ + && grep -q ${ynh_dns0} /etc/resolv.conf +} + is_openvpn_running() { systemctl is-active openvpn@client.service &> /dev/null } @@ -59,7 +64,7 @@ is_openvpn_running() { is_running() { ((has_nativeip6 && is_serverip6route_set "${new_server_ip6}") || ! has_nativeip6)\ && ((! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set) || has_hotspot_app || ! has_ip6delegatedprefix)\ - && is_openvpn_running + && is_dns_set && is_openvpn_running } ## Setters @@ -76,6 +81,15 @@ set_serverip6route() { ip route add "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}" } +set_dns() { + cat << EOF > /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient +echo nameserver ${ynh_dns0} > /etc/resolv.conf +echo nameserver ${ynh_dns1} >> /etc/resolv.conf +EOF + + bash /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient +} + start_openvpn() { ip6_gw=${1} server_ip6=${2} @@ -129,6 +143,10 @@ unset_serverip6route() { ip route delete "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}" } +unset_dns() { + rm -f /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient +} + stop_openvpn() { systemctl stop openvpn.service } @@ -187,6 +205,8 @@ if [ "$1" != restart ]; then ynh_server_proto=$(ynh_setting_get vpnclient server_proto) ynh_ip6_addr=$(ynh_setting_get vpnclient ip6_addr) ynh_login_user=$(ynh_setting_get vpnclient login_user) + ynh_dns0=$(ynh_setting_get vpnclient dns0) + ynh_dns1=$(ynh_setting_get vpnclient dns1) old_ip6_gw=$(ynh_setting_get vpnclient ip6_gw) old_wired_device=$(ynh_setting_get vpnclient wired_device) @@ -255,6 +275,12 @@ case "${1}" in set_ip6addr fi + # Set host DNS resolvers + if ! is_dns_set; then + echo "Set host DNS resolvers" + set_dns + fi + # Update dynamic settings ynh_setting_set vpnclient server_ip6 "${new_server_ip6}" ynh_setting_set vpnclient ip6_gw "${new_ip6_gw}" @@ -280,6 +306,11 @@ case "${1}" in unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}" fi + if is_dns_set; then + echo "Unset forced host DNS resolvers" + unset_dns + fi + if is_openvpn_running; then echo "Stop openvpn" stop_openvpn @@ -347,6 +378,13 @@ case "${1}" in echo "[INFO] No IPv6 server route to set" fi + if is_dns_set; then + echo "[OK] Host DNS correctly set" + else + echo "[ERR] No host DNS set" + exitcode=1 + fi + if is_openvpn_running; then echo "[OK] Openvpn is running" else diff --git a/scripts/install b/scripts/install index 971a852..1f9d9a3 100644 --- a/scripts/install +++ b/scripts/install @@ -63,6 +63,8 @@ if ! $upgrade; then sudo yunohost app setting vpnclient ip6_net -v none sudo yunohost app setting vpnclient login_user -v "${login_user}" sudo yunohost app setting vpnclient login_passphrase -v "${login_passphrase}" + sudo yunohost app setting vpnclient dns0 -v 89.234.141.66 + sudo yunohost app setting vpnclient dns1 -v 2001:913::8 fi diff --git a/sources/controller.php b/sources/controller.php index 01a2084..f77f914 100644 --- a/sources/controller.php +++ b/sources/controller.php @@ -81,6 +81,8 @@ dispatch('/', function() { set('crt_server_ca_exists', file_exists('/etc/openvpn/keys/ca-server.crt')); set('faststatus', service_faststatus() == 0); set('raw_openvpn', $raw_openvpn); + set('dns0', ynh_setting_get('dns0')); + set('dns1', ynh_setting_get('dns1')); return render('settings.html.php'); }); @@ -107,6 +109,10 @@ dispatch_put('/settings', function() { if($_POST['server_proto'] != 'udp' && $_POST['server_proto'] != 'tcp') { throw new Exception(_('The Protocol must be "udp" or "tcp"')); } + + if(empty($_POST['dns0']) || empty($_POST['dns1'])) { + throw new Exception(_('You need to define two DNS resolver addresses')); + } if(($_FILES['crt_client']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1)) || ($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client']['error'] != UPLOAD_ERR_OK && (!$crt_client_exists || $_POST['crt_client_delete'] == 1))) { @@ -154,6 +160,8 @@ dispatch_put('/settings', function() { ynh_setting_set('server_name', $_POST['server_name']); ynh_setting_set('server_port', $_POST['server_port']); ynh_setting_set('server_proto', $_POST['server_proto']); + ynh_setting_set('dns0', $_POST['dns0']); + ynh_setting_set('dns1', $_POST['dns1']); ynh_setting_set('login_user', $_POST['login_user']); ynh_setting_set('login_passphrase', $_POST['login_passphrase']); ynh_setting_set('ip6_net', $ip6_net); diff --git a/sources/i18n/fr_FR/LC_MESSAGES/localization.mo b/sources/i18n/fr_FR/LC_MESSAGES/localization.mo index f07eeb2fcd726345d8682d4c8dc7be834c0fbe71..7b71f80dd6d2167e162e072ddeee140184ff77b7 100644 GIT binary patch delta 1753 zcmYk+Uuaup7{~E9Hf>$Ic1dfSt<&x7kJ@fco5Z$DTXjy->CkntwW7krtT}BnYa=H~ zH%4hxR4jP4<3I)Plv2hnBzQ4U2WB8_SAvLmF$!MlkRfie&gu7;f9xgi`J9vU<~`5z zyzj|I??zw#TATNrp*=x=knX+Dm`VJjjsq=PZ%hn_@gOea{rDYj#UHR0*RcWr!~=K} z`>~HNHPvevz!MeEVAPnrIm-!S%~jMyKjLOwM+I~pC$Oo}m{B~A3g}bRxNF#qzavA< zEmVMaD>iZwc(`QVn3p)wgJ)0^k64a15i=RRJ$!7ru*H^Uv`a{2H}H|6&_@eXPIMFu<%kaW9_07;3^*OyG6o zV~$Zj1@t;)2M)!P#gIJR3$E>D)uY#F@JH;gX=jEgW1|f{WW1XUsxDIW$*$H z;Z((sP;W&MM=-#G&f^4X{3Sf9`=~_x50pzBMpf=P+=a81>lM_JeVOM(k$sPv=qF?u z%`d1Q{)Q}<`45M&nY2PUR&fzu-iDXAA5J-$tmW95^!%dj7~Qbaj)ep6 zhYc6p(Z)+H)9Hm|ZAjr(qrYxfl6e+vD|;$!#l|OVH?2f6$y^yb<0hIr3;yP)XK*+e ziCW>Ik-_l(P$U#;iXRJ3*o&zQaRy^VHDX0V;lW_2HZHw7y0z{H*68kyNvvbZ*1T${}m*Q#0GXr0>`ckDM)wqr4>lxVJ+ zX|9~<@hw+8hup5tgnQ2Sg>TX>XIvdzIN~ZM|n!+C@sV6fG!he| zf_x|=p`g|tqJrq5hwP=Nh(PKsNC*nbw4(2CcLf`q^O-q2XU@$3KgXHEnf!r?Bjw&O3X#?3BcVz3_<;{|l%FnaJVR^S+}!%0lU33!?*y)P!V_) zx&JP5|BLSPe)ES0a~W@Jc%oF~&!lrvh;vXot;UU5kBZbqOu;)?gHO@I->7kic_3Q}d=#RqT(po8)I<+ZxqggV&`aEeZ%{jrCBBMK zCMIDeGPh|!&2tblu^pAtb6Ad-BEDEa{9Cy3lNY1er&!Zmrj=S_bYA3a9TOqYj zks81(ybBQQ)UgnsTv_stp!XmrzwSkIrAHXf;}yJ{c9QUZGt@&7rDr zOhUWW4)b(_vVxjV<;?w8O6h4s`d^^b>6=$k^wv`6siXHRAIcRe4Hf0JEYdDP7j+GF zHI;J~%4aqfQFTUUi$2}iLbgJmsQNmf`np!CGpFc)dW>D}8cp6B=sD4AnQc~}&ws?< z*4k(F+6C@Z+v9FYu)3@cZnS3}4OmC~C+$=2ea^b3>6qjWd`8Jdm+h0A);%B>MzO}w0drAD1v%Ij#XQz0_Q<_=>Z9T^V{=l3! u_uA9mA^U7XvVAk5GyJ0L#Mg0k?N+ze*4o_{oJ@>%1YJq\n" "Language-Team: none\n" "Language: fr\n" @@ -17,60 +17,64 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" -"X-Generator: Poedit 1.6.10\n" +"X-Generator: Poedit 1.8.4\n" -#: sources/controller.php:100 +#: sources/controller.php:102 msgid "The Server Address, the Server Port and the Protocol cannot be empty" msgstr "" "L'adresse du serveur, le port du serveur et le protocole ne peuvent pas être " "vides" -#: sources/controller.php:104 +#: sources/controller.php:106 msgid "The Server Port must be only composed of digits" msgstr "Le port du serveur ne peut correspondre qu'à des chiffres" -#: sources/controller.php:108 +#: sources/controller.php:110 msgid "The Protocol must be \"udp\" or \"tcp\"" msgstr "Le protocole ne peut correspondre qu'à \"udp\" ou \"tcp\"" #: sources/controller.php:114 +msgid "You need to define two DNS resolver addresses" +msgstr "Vous devez définir deux adresses de résolveur DNS" + +#: sources/controller.php:120 msgid "A Client Certificate is needed when you suggest a Key, or vice versa" msgstr "" "Un certificat client est nécessaire si vous proposez une clé, et inversement" -#: sources/controller.php:118 +#: sources/controller.php:124 msgid "A Password is needed when you suggest a Username, or vice versa" msgstr "" "Un mot de passe est nécessaire si vous proposez un nom d'utilisateur, et " "inversement" -#: sources/controller.php:122 +#: sources/controller.php:128 msgid "You need a Server CA." msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur" -#: sources/controller.php:126 +#: sources/controller.php:132 msgid "You need either a Client Certificate, either a Username, or both" msgstr "" "Vous devez avoir soit un certificat client, soit un nom d'utilisateur, soit " "les deux" -#: sources/controller.php:133 +#: sources/controller.php:139 msgid "The IPv6 Delegated Prefix format looks bad" msgstr "Le format du préfixe IPv6 délégué semble incorrect" -#: sources/controller.php:144 +#: sources/controller.php:150 msgid "configuration not updated" msgstr "configuration non-mise à jour" -#: sources/controller.php:189 +#: sources/controller.php:197 msgid "Configuration updated and service successfully reloaded" msgstr "Configuration mise à jour et service correctement rechargé" -#: sources/controller.php:191 +#: sources/controller.php:199 msgid "Configuration updated but service reload failed" msgstr "Configuration mise à jour mais le rechargement du service a échoué" -#: sources/controller.php:195 +#: sources/controller.php:203 msgid "Service successfully disabled" msgstr "Service désactivé avec succès" @@ -82,8 +86,8 @@ msgstr "Client VPN" msgid "Error" msgstr "Erreur" -#: sources/views/layout.html.php:54 sources/views/settings.html.php:125 -#: sources/views/settings.html.php:165 +#: sources/views/layout.html.php:54 sources/views/settings.html.php:117 +#: sources/views/settings.html.php:157 msgid "Notice" msgstr "Notice" @@ -161,23 +165,11 @@ msgstr "" msgid "TCP" msgstr "TCP" +#: sources/views/settings.html.php:92 +msgid "Delegated prefix (IPv6)" +msgstr "Préfixe délégué (IPv6)" + #: sources/views/settings.html.php:94 -msgid "Edit the raw configuration only if you know what you do!" -msgstr "N'éditez la configuration brute que si vous savez ce que vous faites !" - -#: sources/views/settings.html.php:94 sources/views/settings.html.php:99 -msgid "Advanced" -msgstr "Avancé" - -#: sources/views/settings.html.php:109 -msgid "IPv6" -msgstr "IPv6" - -#: sources/views/settings.html.php:114 -msgid "Delegated prefix" -msgstr "Préfixe délégué" - -#: sources/views/settings.html.php:116 msgid "" "Leave empty if your Internet Service Provider does not give you a delegated " "prefix" @@ -185,7 +177,15 @@ msgstr "" "Laissez vide si votre Fournisseur d'Accès à Internet ne vous fournit pas de " "préfixe délégué." -#: sources/views/settings.html.php:125 +#: sources/views/settings.html.php:101 +msgid "Edit the raw configuration only if you know what you do!" +msgstr "N'éditez la configuration brute que si vous savez ce que vous faites !" + +#: sources/views/settings.html.php:101 sources/views/settings.html.php:106 +msgid "Advanced" +msgstr "Avancé" + +#: sources/views/settings.html.php:117 msgid "" "You need to upload a Client Certificate, or define a Username (or both) for " "starting your VPN Client." @@ -193,83 +193,107 @@ msgstr "" "Vous devez téléverser le certificat du client, ou définir un nom " "d'utilisateur (ou les deux) pour démarrer votre client VPN." -#: sources/views/settings.html.php:131 -msgid "Certificates" -msgstr "Certificats" +#: sources/views/settings.html.php:123 +msgid "Authentication" +msgstr "Authentification" -#: sources/views/settings.html.php:136 +#: sources/views/settings.html.php:128 msgid "Update Client Cert." msgstr "Actualiser le certificat client" -#: sources/views/settings.html.php:136 +#: sources/views/settings.html.php:128 msgid "Upload Client Cert." msgstr "Téléverser le certificat client" -#: sources/views/settings.html.php:139 sources/views/settings.html.php:152 +#: sources/views/settings.html.php:131 sources/views/settings.html.php:144 msgid "Delete this certificate" msgstr "Supprimer ce certificat" -#: sources/views/settings.html.php:144 sources/views/settings.html.php:157 -#: sources/views/settings.html.php:177 +#: sources/views/settings.html.php:136 sources/views/settings.html.php:149 +#: sources/views/settings.html.php:169 msgid "Browse" msgstr "Parcourir" -#: sources/views/settings.html.php:149 +#: sources/views/settings.html.php:141 msgid "Update Client Key" msgstr "Actualiser la clé client" -#: sources/views/settings.html.php:149 +#: sources/views/settings.html.php:141 msgid "Upload Client Key" msgstr "Téléverser la clé client" -#: sources/views/settings.html.php:155 +#: sources/views/settings.html.php:147 msgid "Make sure your browser is able to read the key file before uploading" msgstr "" "Assurez-vous que votre navigateur peut lire le fichier contenant la clé " "avant de le téléverser" -#: sources/views/settings.html.php:157 +#: sources/views/settings.html.php:149 msgid "make sure your browser is able to read the key file before uploading" msgstr "" "assurez-vous que votre navigateur peut lire le fichier contenant la clé " "avant de le téléverser" -#: sources/views/settings.html.php:165 +#: sources/views/settings.html.php:157 msgid "You need to upload a Server CA for starting your VPN Client." msgstr "Vous devez transférer un CA de serveur pour démarrer votre client VPN." -#: sources/views/settings.html.php:169 +#: sources/views/settings.html.php:161 msgid "Update Server CA" msgstr "Actualiser le CA du serveur" -#: sources/views/settings.html.php:169 +#: sources/views/settings.html.php:161 msgid "Upload Server CA" msgstr "Transférer le CA du serveur" -#: sources/views/settings.html.php:172 +#: sources/views/settings.html.php:164 msgid "You cannot have no server CA" msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur" -#: sources/views/settings.html.php:185 -msgid "Login" -msgstr "Identifiant" - -#: sources/views/settings.html.php:190 +#: sources/views/settings.html.php:174 msgid "Username" msgstr "Nom d'utilisateur" -#: sources/views/settings.html.php:192 sources/views/settings.html.php:199 +#: sources/views/settings.html.php:176 sources/views/settings.html.php:183 msgid "Leave empty if not necessary" msgstr "Laisser vide si non nécessaire" -#: sources/views/settings.html.php:197 +#: sources/views/settings.html.php:181 msgid "Password" msgstr "Mot de passe" -#: sources/views/settings.html.php:207 +#: sources/views/settings.html.php:191 +msgid "DNS" +msgstr "DNS" + +#: sources/views/settings.html.php:196 +msgid "First resolver" +msgstr "Premier résolveur" + +#: sources/views/settings.html.php:198 sources/views/settings.html.php:205 +msgid "IPv6 or IPv4" +msgstr "IPv6 ou IPv4" + +#: sources/views/settings.html.php:203 +msgid "Second resolver" +msgstr "Second résolveur" + +#: sources/views/settings.html.php:213 msgid "Reloading may take a few minutes. Be patient." msgstr "Le rechargement peut prendre quelques minutes. Soyez patient." -#: sources/views/settings.html.php:207 +#: sources/views/settings.html.php:213 msgid "Save and reload" msgstr "Sauvegarder et recharger" + +#~ msgid "IPv6" +#~ msgstr "IPv6" + +#~ msgid "Delegated prefix" +#~ msgstr "Préfixe délégué" + +#~ msgid "Certificates" +#~ msgstr "Certificats" + +#~ msgid "Login" +#~ msgstr "Identifiant" diff --git a/sources/i18n/localization.pot b/sources/i18n/localization.pot index f439a78..d58ae7e 100644 --- a/sources/i18n/localization.pot +++ b/sources/i18n/localization.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2015-07-25 10:42+0200\n" +"POT-Creation-Date: 2015-09-28 16:51+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -17,51 +17,55 @@ msgstr "" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: sources/controller.php:100 +#: sources/controller.php:102 msgid "The Server Address, the Server Port and the Protocol cannot be empty" msgstr "" -#: sources/controller.php:104 +#: sources/controller.php:106 msgid "The Server Port must be only composed of digits" msgstr "" -#: sources/controller.php:108 +#: sources/controller.php:110 msgid "The Protocol must be \"udp\" or \"tcp\"" msgstr "" #: sources/controller.php:114 +msgid "You need to define two DNS resolver addresses" +msgstr "" + +#: sources/controller.php:120 msgid "A Client Certificate is needed when you suggest a Key, or vice versa" msgstr "" -#: sources/controller.php:118 +#: sources/controller.php:124 msgid "A Password is needed when you suggest a Username, or vice versa" msgstr "" -#: sources/controller.php:122 +#: sources/controller.php:128 msgid "You need a Server CA." msgstr "" -#: sources/controller.php:126 +#: sources/controller.php:132 msgid "You need either a Client Certificate, either a Username, or both" msgstr "" -#: sources/controller.php:133 +#: sources/controller.php:139 msgid "The IPv6 Delegated Prefix format looks bad" msgstr "" -#: sources/controller.php:144 +#: sources/controller.php:150 msgid "configuration not updated" msgstr "" -#: sources/controller.php:189 +#: sources/controller.php:197 msgid "Configuration updated and service successfully reloaded" msgstr "" -#: sources/controller.php:191 +#: sources/controller.php:199 msgid "Configuration updated but service reload failed" msgstr "" -#: sources/controller.php:195 +#: sources/controller.php:203 msgid "Service successfully disabled" msgstr "" @@ -73,8 +77,8 @@ msgstr "" msgid "Error" msgstr "" -#: sources/views/layout.html.php:54 sources/views/settings.html.php:125 -#: sources/views/settings.html.php:165 +#: sources/views/layout.html.php:54 sources/views/settings.html.php:117 +#: sources/views/settings.html.php:157 msgid "Notice" msgstr "" @@ -149,107 +153,115 @@ msgstr "" msgid "TCP" msgstr "" +#: sources/views/settings.html.php:92 +msgid "Delegated prefix (IPv6)" +msgstr "" + #: sources/views/settings.html.php:94 -msgid "Edit the raw configuration only if you know what you do!" -msgstr "" - -#: sources/views/settings.html.php:94 sources/views/settings.html.php:99 -msgid "Advanced" -msgstr "" - -#: sources/views/settings.html.php:109 -msgid "IPv6" -msgstr "" - -#: sources/views/settings.html.php:114 -msgid "Delegated prefix" -msgstr "" - -#: sources/views/settings.html.php:116 msgid "" "Leave empty if your Internet Service Provider does not give you a delegated " "prefix" msgstr "" -#: sources/views/settings.html.php:125 +#: sources/views/settings.html.php:101 +msgid "Edit the raw configuration only if you know what you do!" +msgstr "" + +#: sources/views/settings.html.php:101 sources/views/settings.html.php:106 +msgid "Advanced" +msgstr "" + +#: sources/views/settings.html.php:117 msgid "" "You need to upload a Client Certificate, or define a Username (or both) for " "starting your VPN Client." msgstr "" -#: sources/views/settings.html.php:131 -msgid "Certificates" +#: sources/views/settings.html.php:123 +msgid "Authentication" msgstr "" -#: sources/views/settings.html.php:136 +#: sources/views/settings.html.php:128 msgid "Update Client Cert." msgstr "" -#: sources/views/settings.html.php:136 +#: sources/views/settings.html.php:128 msgid "Upload Client Cert." msgstr "" -#: sources/views/settings.html.php:139 sources/views/settings.html.php:152 +#: sources/views/settings.html.php:131 sources/views/settings.html.php:144 msgid "Delete this certificate" msgstr "" -#: sources/views/settings.html.php:144 sources/views/settings.html.php:157 -#: sources/views/settings.html.php:177 +#: sources/views/settings.html.php:136 sources/views/settings.html.php:149 +#: sources/views/settings.html.php:169 msgid "Browse" msgstr "" -#: sources/views/settings.html.php:149 +#: sources/views/settings.html.php:141 msgid "Update Client Key" msgstr "" -#: sources/views/settings.html.php:149 +#: sources/views/settings.html.php:141 msgid "Upload Client Key" msgstr "" -#: sources/views/settings.html.php:155 +#: sources/views/settings.html.php:147 msgid "Make sure your browser is able to read the key file before uploading" msgstr "" -#: sources/views/settings.html.php:157 +#: sources/views/settings.html.php:149 msgid "make sure your browser is able to read the key file before uploading" msgstr "" -#: sources/views/settings.html.php:165 +#: sources/views/settings.html.php:157 msgid "You need to upload a Server CA for starting your VPN Client." msgstr "" -#: sources/views/settings.html.php:169 +#: sources/views/settings.html.php:161 msgid "Update Server CA" msgstr "" -#: sources/views/settings.html.php:169 +#: sources/views/settings.html.php:161 msgid "Upload Server CA" msgstr "" -#: sources/views/settings.html.php:172 +#: sources/views/settings.html.php:164 msgid "You cannot have no server CA" msgstr "" -#: sources/views/settings.html.php:185 -msgid "Login" -msgstr "" - -#: sources/views/settings.html.php:190 +#: sources/views/settings.html.php:174 msgid "Username" msgstr "" -#: sources/views/settings.html.php:192 sources/views/settings.html.php:199 +#: sources/views/settings.html.php:176 sources/views/settings.html.php:183 msgid "Leave empty if not necessary" msgstr "" -#: sources/views/settings.html.php:197 +#: sources/views/settings.html.php:181 msgid "Password" msgstr "" -#: sources/views/settings.html.php:207 +#: sources/views/settings.html.php:191 +msgid "DNS" +msgstr "" + +#: sources/views/settings.html.php:196 +msgid "First resolver" +msgstr "" + +#: sources/views/settings.html.php:198 sources/views/settings.html.php:205 +msgid "IPv6 or IPv4" +msgstr "" + +#: sources/views/settings.html.php:203 +msgid "Second resolver" +msgstr "" + +#: sources/views/settings.html.php:213 msgid "Reloading may take a few minutes. Be patient." msgstr "" -#: sources/views/settings.html.php:207 +#: sources/views/settings.html.php:213 msgid "Save and reload" msgstr "" diff --git a/sources/views/settings.html.php b/sources/views/settings.html.php index 315d8e7..120ee78 100644 --- a/sources/views/settings.html.php +++ b/sources/views/settings.html.php @@ -88,6 +88,13 @@ +
+ +
+ +
+
+
@@ -104,21 +111,6 @@
-
> -
-

-
- -
-
- -
- -
-
-
-
-
style="margin: 2px 0px 17px" role="alert"> @@ -128,7 +120,7 @@
>
-

+

@@ -177,15 +169,7 @@
-
- -
> -
-

-
- -
@@ -202,6 +186,28 @@
+
> +
+

+
+ +
+
+ +
+ +
+
+ +
+ +
+ +
+
+
+
+
Loading... From d1d4ac7358054b7052de2c235ba1db0398374df2 Mon Sep 17 00:00:00 2001 From: Julien Vaubourg Date: Mon, 28 Sep 2015 17:25:43 +0200 Subject: [PATCH 2/8] Fixes 21 --- conf/openvpn_client.conf.tpl | 1 + conf/ynh-vpnclient | 6 + sources/controller.php | 7 + .../i18n/fr_FR/LC_MESSAGES/localization.mo | Bin 6011 -> 6201 bytes .../i18n/fr_FR/LC_MESSAGES/localization.po | 123 ++++++++-------- sources/i18n/localization.pot | 133 ++++++++++-------- sources/views/settings.html.php | 41 ++++-- 7 files changed, 182 insertions(+), 129 deletions(-) diff --git a/conf/openvpn_client.conf.tpl b/conf/openvpn_client.conf.tpl index 5488820..a308c66 100644 --- a/conf/openvpn_client.conf.tpl +++ b/conf/openvpn_client.conf.tpl @@ -23,6 +23,7 @@ comp-lzo adaptive # TLS tls-client +tls-auth /etc/openvpn/keys/user_ta.key 1 remote-cert-tls server ca /etc/openvpn/keys/ca-server.crt cert /etc/openvpn/keys/user.crt diff --git a/conf/ynh-vpnclient b/conf/ynh-vpnclient index 86b0dc2..41a88d5 100644 --- a/conf/ynh-vpnclient +++ b/conf/ynh-vpnclient @@ -114,6 +114,12 @@ start_openvpn() { sed 's|^|;|' -i /etc/openvpn/client.conf fi + if [ -e /etc/openvpn/keys/user_ta.key ]; then + sed 's|^||' -i /etc/openvpn/client.conf + else + sed 's|^|;|' -i /etc/openvpn/client.conf + fi + if [[ "${proto}" =~ udp ]]; then sed 's|^||' -i /etc/openvpn/client.conf else diff --git a/sources/controller.php b/sources/controller.php index f77f914..8921c8a 100644 --- a/sources/controller.php +++ b/sources/controller.php @@ -78,6 +78,7 @@ dispatch('/', function() { set('ip6_net', $ip6_net); set('crt_client_exists', file_exists('/etc/openvpn/keys/user.crt')); set('crt_client_key_exists', file_exists('/etc/openvpn/keys/user.key')); + set('crt_client_ta_exists', file_exists('/etc/openvpn/keys/user_ta.key')); set('crt_server_ca_exists', file_exists('/etc/openvpn/keys/ca-server.crt')); set('faststatus', service_faststatus() == 0); set('raw_openvpn', $raw_openvpn); @@ -180,6 +181,12 @@ dispatch_put('/settings', function() { } elseif($_POST['crt_client_key_delete'] == 1) { unlink('/etc/openvpn/keys/user.key'); } + + if($_FILES['crt_client_ta']['error'] == UPLOAD_ERR_OK) { + move_uploaded_file($_FILES['crt_client_ta']['tmp_name'], '/etc/openvpn/keys/user_ta.key'); + } elseif($_POST['crt_client_ta_delete'] == 1) { + unlink('/etc/openvpn/keys/user_ta.key'); + } if($_FILES['crt_server_ca']['error'] == UPLOAD_ERR_OK) { move_uploaded_file($_FILES['crt_server_ca']['tmp_name'], '/etc/openvpn/keys/ca-server.crt'); diff --git a/sources/i18n/fr_FR/LC_MESSAGES/localization.mo b/sources/i18n/fr_FR/LC_MESSAGES/localization.mo index 7b71f80dd6d2167e162e072ddeee140184ff77b7..7961d013f3e8432ff66d3ef50a953580c5637a80 100644 GIT binary patch delta 1597 zcmZA1OKeP09LMp0tJ6}g)^xmSFZHO_6s=LJ)e_HzM_NQTlF?p@3C)-`X*`An5`xM^ z;t>)Ol1fNq5<=32Ry-47Nd#T7Vj*Ht!S^>aq@2vTpL6e=dmjJ)nHea*Hz)een{n1C z_0)-~>1ItbgA3)5$7~rM#yWh2LoqYcY%J#C2rNN9R>h?X7vpT~z#(`Y$KZ{Wy|}zWvIxt;wU_V z^>`5#iMQxtHsOovg*F=F@Fps>k5Qq_$z_#ktRB~L-$j@<;(Jtt0>p6w)}nUQglyh+ zqQ;Hja=eX+h2wbc2T*5WbUyiCNu!*%HDL#O@c^<0>%tWoQywHUpOpNIjljw*o0bWCu-mm zs55XHHP8hlt#$_&VlU3YA1VE#%{Fkq1uHR*hcNn)#wr@EB%}~;qeA-<70L?Yl!nu( ze~S94%u8Y!sL52ylUN1n3^0G9DBt?|4layO{3!~x@}%NWwL=}0sZopQ@r?$}Fm)$~jG(14UBN(*F#9I*C*Rkz@W68VZRHh;lf%%;shqRjE-Lim7!} z()+h8rlr)Vlu-jz9ZCY5$aNLYrSivWGpQ;%V`SRuwc07vvGIV%>+!Y(Bd*if8VtKF z{zkVs>_%eCvKJP#h4utn{(Tuf+VSV4eJJ#WI(&3!1G`8KB>uult P{~PfKzWeD}$tmqOh@`1+ delta 1410 zcmYk+OGs2v9LMp$Hj_0rKIYMAWtm#3)i|2k_$XUw528}bz(r9)CKb3UD9ov#V4y{G z6Dnv|xQG@pxESaGCA4T2L_`Y_T9!xz23pqlH(sT~{O{-7d(WJE&i|Zy)3Lc|Vj|!f zG0HAt9pT9~JBr_zaiGM#X6@L7Z8(f8@D&!}JIupLT#nPY6KAjnqg+&1CozJ3u2(Q_ zmaw~2Xlw6L9eu!6IEfn26n3L8$E*cUpa%2+)oucF@f*_AexU|9@0!EOcFqfsOST*H zac{Ng*a6hV}i>QXzu>_N-8H{2zKE-nUgc`^!YNl-~%?{uos(l(e@g)W^&u3PM zWmtgq807iZ;oj(VZ=6T^v>{YSH<6zuIVk1#Py>C2t(Zn-Y6im?{#c|ZgCy`0n4^)S9*nx5KssRt<8oYs8 z^GCQ3$52c32LtFSVEwg*5qjN#71)REs18T*G)^HuJ3{_6pi`)h22lSWL=9*NwUKY3 zGBJ+I*caqyKRM{ZUJi`GiUQqT_BP{3z>_)YJjfZp} zHIc&5LW*lqnLCIZ@vM8EL@n8q1Qm_!4XUG$$THez)E~bh%VmGD33HiN3_Dye;W5rf zaR>g!YZzN?wjZD4dYnaNvY7SALQPK3)BekhOn+9{Oz3soN^Bw)i_)!9OX#imzi7rv z=VBpAdbcyF*WmR%VEjwPvsB~x+CW>}3zew#(^^*(+C+ShtbwQ^$_b?{N-P%ba1|z= zSsHyKlqt=+g3z0!jA_SjBUqtKhLznqebTgXRJ06!qDChaGG_Ie+QLEmM4OGxZe>I% z5lLP32E5K=Ut?<8SCZ`n{av2M=7w5lz+a(CUFwd%Gso!-`<;\n" "Language-Team: none\n" "Language: fr\n" @@ -19,62 +19,62 @@ msgstr "" "Plural-Forms: nplurals=2; plural=(n > 1);\n" "X-Generator: Poedit 1.8.4\n" -#: sources/controller.php:102 +#: sources/controller.php:103 msgid "The Server Address, the Server Port and the Protocol cannot be empty" msgstr "" "L'adresse du serveur, le port du serveur et le protocole ne peuvent pas être " "vides" -#: sources/controller.php:106 +#: sources/controller.php:107 msgid "The Server Port must be only composed of digits" msgstr "Le port du serveur ne peut correspondre qu'à des chiffres" -#: sources/controller.php:110 +#: sources/controller.php:111 msgid "The Protocol must be \"udp\" or \"tcp\"" msgstr "Le protocole ne peut correspondre qu'à \"udp\" ou \"tcp\"" -#: sources/controller.php:114 +#: sources/controller.php:115 msgid "You need to define two DNS resolver addresses" msgstr "Vous devez définir deux adresses de résolveur DNS" -#: sources/controller.php:120 +#: sources/controller.php:121 msgid "A Client Certificate is needed when you suggest a Key, or vice versa" msgstr "" "Un certificat client est nécessaire si vous proposez une clé, et inversement" -#: sources/controller.php:124 +#: sources/controller.php:125 msgid "A Password is needed when you suggest a Username, or vice versa" msgstr "" "Un mot de passe est nécessaire si vous proposez un nom d'utilisateur, et " "inversement" -#: sources/controller.php:128 +#: sources/controller.php:129 msgid "You need a Server CA." msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur" -#: sources/controller.php:132 +#: sources/controller.php:133 msgid "You need either a Client Certificate, either a Username, or both" msgstr "" "Vous devez avoir soit un certificat client, soit un nom d'utilisateur, soit " "les deux" -#: sources/controller.php:139 +#: sources/controller.php:140 msgid "The IPv6 Delegated Prefix format looks bad" msgstr "Le format du préfixe IPv6 délégué semble incorrect" -#: sources/controller.php:150 +#: sources/controller.php:151 msgid "configuration not updated" msgstr "configuration non-mise à jour" -#: sources/controller.php:197 +#: sources/controller.php:204 msgid "Configuration updated and service successfully reloaded" msgstr "Configuration mise à jour et service correctement rechargé" -#: sources/controller.php:199 +#: sources/controller.php:206 msgid "Configuration updated but service reload failed" msgstr "Configuration mise à jour mais le rechargement du service a échoué" -#: sources/controller.php:203 +#: sources/controller.php:210 msgid "Service successfully disabled" msgstr "Service désactivé avec succès" @@ -87,7 +87,7 @@ msgid "Error" msgstr "Erreur" #: sources/views/layout.html.php:54 sources/views/settings.html.php:117 -#: sources/views/settings.html.php:157 +#: sources/views/settings.html.php:131 msgid "Notice" msgstr "Notice" @@ -197,92 +197,105 @@ msgstr "" msgid "Authentication" msgstr "Authentification" -#: sources/views/settings.html.php:128 -msgid "Update Client Cert." -msgstr "Actualiser le certificat client" +#: sources/views/settings.html.php:131 +msgid "You need to upload a Server CA for starting your VPN Client." +msgstr "Vous devez transférer un CA de serveur pour démarrer votre client VPN." -#: sources/views/settings.html.php:128 -msgid "Upload Client Cert." -msgstr "Téléverser le certificat client" +#: sources/views/settings.html.php:135 +msgid "Update Server CA" +msgstr "Actualiser le CA du serveur" -#: sources/views/settings.html.php:131 sources/views/settings.html.php:144 -msgid "Delete this certificate" -msgstr "Supprimer ce certificat" +#: sources/views/settings.html.php:135 +msgid "Upload Server CA" +msgstr "Transférer le CA du serveur" -#: sources/views/settings.html.php:136 sources/views/settings.html.php:149 -#: sources/views/settings.html.php:169 +#: sources/views/settings.html.php:138 +msgid "You cannot have no server CA" +msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur" + +#: sources/views/settings.html.php:143 sources/views/settings.html.php:156 +#: sources/views/settings.html.php:169 sources/views/settings.html.php:182 msgid "Browse" msgstr "Parcourir" -#: sources/views/settings.html.php:141 +#: sources/views/settings.html.php:148 +msgid "Update Client Cert." +msgstr "Actualiser le certificat client" + +#: sources/views/settings.html.php:148 +msgid "Upload Client Cert." +msgstr "Téléverser un certificat client" + +#: sources/views/settings.html.php:151 sources/views/settings.html.php:164 +#: sources/views/settings.html.php:177 +msgid "Delete this certificate" +msgstr "Supprimer ce certificat" + +#: sources/views/settings.html.php:161 msgid "Update Client Key" msgstr "Actualiser la clé client" -#: sources/views/settings.html.php:141 +#: sources/views/settings.html.php:161 msgid "Upload Client Key" -msgstr "Téléverser la clé client" +msgstr "Téléverser un clé client" -#: sources/views/settings.html.php:147 +#: sources/views/settings.html.php:167 sources/views/settings.html.php:180 msgid "Make sure your browser is able to read the key file before uploading" msgstr "" "Assurez-vous que votre navigateur peut lire le fichier contenant la clé " "avant de le téléverser" -#: sources/views/settings.html.php:149 +#: sources/views/settings.html.php:169 sources/views/settings.html.php:182 msgid "make sure your browser is able to read the key file before uploading" msgstr "" "assurez-vous que votre navigateur peut lire le fichier contenant la clé " "avant de le téléverser" -#: sources/views/settings.html.php:157 -msgid "You need to upload a Server CA for starting your VPN Client." -msgstr "Vous devez transférer un CA de serveur pour démarrer votre client VPN." - -#: sources/views/settings.html.php:161 -msgid "Update Server CA" -msgstr "Actualiser le CA du serveur" - -#: sources/views/settings.html.php:161 -msgid "Upload Server CA" -msgstr "Transférer le CA du serveur" - -#: sources/views/settings.html.php:164 -msgid "You cannot have no server CA" -msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur" +#: sources/views/settings.html.php:174 +msgid "ta.key" +msgstr "ta.key" #: sources/views/settings.html.php:174 +msgid "Update Shared-Secret" +msgstr "Actualiser le secret partagé" + +#: sources/views/settings.html.php:174 +msgid "Upload Shared-Secret" +msgstr "Téléverser un secret partagé" + +#: sources/views/settings.html.php:187 msgid "Username" msgstr "Nom d'utilisateur" -#: sources/views/settings.html.php:176 sources/views/settings.html.php:183 +#: sources/views/settings.html.php:189 sources/views/settings.html.php:196 msgid "Leave empty if not necessary" msgstr "Laisser vide si non nécessaire" -#: sources/views/settings.html.php:181 +#: sources/views/settings.html.php:194 msgid "Password" msgstr "Mot de passe" -#: sources/views/settings.html.php:191 +#: sources/views/settings.html.php:204 msgid "DNS" msgstr "DNS" -#: sources/views/settings.html.php:196 +#: sources/views/settings.html.php:209 msgid "First resolver" msgstr "Premier résolveur" -#: sources/views/settings.html.php:198 sources/views/settings.html.php:205 +#: sources/views/settings.html.php:211 sources/views/settings.html.php:218 msgid "IPv6 or IPv4" msgstr "IPv6 ou IPv4" -#: sources/views/settings.html.php:203 +#: sources/views/settings.html.php:216 msgid "Second resolver" msgstr "Second résolveur" -#: sources/views/settings.html.php:213 +#: sources/views/settings.html.php:226 msgid "Reloading may take a few minutes. Be patient." msgstr "Le rechargement peut prendre quelques minutes. Soyez patient." -#: sources/views/settings.html.php:213 +#: sources/views/settings.html.php:226 msgid "Save and reload" msgstr "Sauvegarder et recharger" diff --git a/sources/i18n/localization.pot b/sources/i18n/localization.pot index d58ae7e..d17670a 100644 --- a/sources/i18n/localization.pot +++ b/sources/i18n/localization.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2015-09-28 16:51+0200\n" +"POT-Creation-Date: 2015-09-28 17:23+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -17,55 +17,55 @@ msgstr "" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: sources/controller.php:102 +#: sources/controller.php:103 msgid "The Server Address, the Server Port and the Protocol cannot be empty" msgstr "" -#: sources/controller.php:106 +#: sources/controller.php:107 msgid "The Server Port must be only composed of digits" msgstr "" -#: sources/controller.php:110 +#: sources/controller.php:111 msgid "The Protocol must be \"udp\" or \"tcp\"" msgstr "" -#: sources/controller.php:114 +#: sources/controller.php:115 msgid "You need to define two DNS resolver addresses" msgstr "" -#: sources/controller.php:120 +#: sources/controller.php:121 msgid "A Client Certificate is needed when you suggest a Key, or vice versa" msgstr "" -#: sources/controller.php:124 +#: sources/controller.php:125 msgid "A Password is needed when you suggest a Username, or vice versa" msgstr "" -#: sources/controller.php:128 +#: sources/controller.php:129 msgid "You need a Server CA." msgstr "" -#: sources/controller.php:132 +#: sources/controller.php:133 msgid "You need either a Client Certificate, either a Username, or both" msgstr "" -#: sources/controller.php:139 +#: sources/controller.php:140 msgid "The IPv6 Delegated Prefix format looks bad" msgstr "" -#: sources/controller.php:150 +#: sources/controller.php:151 msgid "configuration not updated" msgstr "" -#: sources/controller.php:197 +#: sources/controller.php:204 msgid "Configuration updated and service successfully reloaded" msgstr "" -#: sources/controller.php:199 +#: sources/controller.php:206 msgid "Configuration updated but service reload failed" msgstr "" -#: sources/controller.php:203 +#: sources/controller.php:210 msgid "Service successfully disabled" msgstr "" @@ -78,7 +78,7 @@ msgid "Error" msgstr "" #: sources/views/layout.html.php:54 sources/views/settings.html.php:117 -#: sources/views/settings.html.php:157 +#: sources/views/settings.html.php:131 msgid "Notice" msgstr "" @@ -181,87 +181,100 @@ msgstr "" msgid "Authentication" msgstr "" -#: sources/views/settings.html.php:128 -msgid "Update Client Cert." -msgstr "" - -#: sources/views/settings.html.php:128 -msgid "Upload Client Cert." -msgstr "" - -#: sources/views/settings.html.php:131 sources/views/settings.html.php:144 -msgid "Delete this certificate" -msgstr "" - -#: sources/views/settings.html.php:136 sources/views/settings.html.php:149 -#: sources/views/settings.html.php:169 -msgid "Browse" -msgstr "" - -#: sources/views/settings.html.php:141 -msgid "Update Client Key" -msgstr "" - -#: sources/views/settings.html.php:141 -msgid "Upload Client Key" -msgstr "" - -#: sources/views/settings.html.php:147 -msgid "Make sure your browser is able to read the key file before uploading" -msgstr "" - -#: sources/views/settings.html.php:149 -msgid "make sure your browser is able to read the key file before uploading" -msgstr "" - -#: sources/views/settings.html.php:157 +#: sources/views/settings.html.php:131 msgid "You need to upload a Server CA for starting your VPN Client." msgstr "" -#: sources/views/settings.html.php:161 +#: sources/views/settings.html.php:135 msgid "Update Server CA" msgstr "" -#: sources/views/settings.html.php:161 +#: sources/views/settings.html.php:135 msgid "Upload Server CA" msgstr "" -#: sources/views/settings.html.php:164 +#: sources/views/settings.html.php:138 msgid "You cannot have no server CA" msgstr "" +#: sources/views/settings.html.php:143 sources/views/settings.html.php:156 +#: sources/views/settings.html.php:169 sources/views/settings.html.php:182 +msgid "Browse" +msgstr "" + +#: sources/views/settings.html.php:148 +msgid "Update Client Cert." +msgstr "" + +#: sources/views/settings.html.php:148 +msgid "Upload Client Cert." +msgstr "" + +#: sources/views/settings.html.php:151 sources/views/settings.html.php:164 +#: sources/views/settings.html.php:177 +msgid "Delete this certificate" +msgstr "" + +#: sources/views/settings.html.php:161 +msgid "Update Client Key" +msgstr "" + +#: sources/views/settings.html.php:161 +msgid "Upload Client Key" +msgstr "" + +#: sources/views/settings.html.php:167 sources/views/settings.html.php:180 +msgid "Make sure your browser is able to read the key file before uploading" +msgstr "" + +#: sources/views/settings.html.php:169 sources/views/settings.html.php:182 +msgid "make sure your browser is able to read the key file before uploading" +msgstr "" + #: sources/views/settings.html.php:174 +msgid "ta.key" +msgstr "" + +#: sources/views/settings.html.php:174 +msgid "Update Shared-Secret" +msgstr "" + +#: sources/views/settings.html.php:174 +msgid "Upload Shared-Secret" +msgstr "" + +#: sources/views/settings.html.php:187 msgid "Username" msgstr "" -#: sources/views/settings.html.php:176 sources/views/settings.html.php:183 +#: sources/views/settings.html.php:189 sources/views/settings.html.php:196 msgid "Leave empty if not necessary" msgstr "" -#: sources/views/settings.html.php:181 +#: sources/views/settings.html.php:194 msgid "Password" msgstr "" -#: sources/views/settings.html.php:191 +#: sources/views/settings.html.php:204 msgid "DNS" msgstr "" -#: sources/views/settings.html.php:196 +#: sources/views/settings.html.php:209 msgid "First resolver" msgstr "" -#: sources/views/settings.html.php:198 sources/views/settings.html.php:205 +#: sources/views/settings.html.php:211 sources/views/settings.html.php:218 msgid "IPv6 or IPv4" msgstr "" -#: sources/views/settings.html.php:203 +#: sources/views/settings.html.php:216 msgid "Second resolver" msgstr "" -#: sources/views/settings.html.php:213 +#: sources/views/settings.html.php:226 msgid "Reloading may take a few minutes. Be patient." msgstr "" -#: sources/views/settings.html.php:213 +#: sources/views/settings.html.php:226 msgid "Save and reload" msgstr "" diff --git a/sources/views/settings.html.php b/sources/views/settings.html.php index 120ee78..97a5113 100644 --- a/sources/views/settings.html.php +++ b/sources/views/settings.html.php @@ -124,6 +124,26 @@
+
+ + + + + +
+ + + + + + + +
+
+
@@ -151,22 +171,15 @@
- - - - - +
- - - + + + - - - + + +
From 5b0cc0cc2f54fcba64fa11ee42a1536949988322 Mon Sep 17 00:00:00 2001 From: Julien Vaubourg Date: Mon, 28 Sep 2015 18:21:22 +0200 Subject: [PATCH 3/8] Fix UI error --- sources/public/js/custom.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/public/js/custom.js b/sources/public/js/custom.js index 7c9fced..3e33836 100644 --- a/sources/public/js/custom.js +++ b/sources/public/js/custom.js @@ -47,7 +47,7 @@ $(document).ready(function() { if($(choosertxtid).hasClass('btn-danger') != $('#crt_client_choosertxt').hasClass('btn-danger')) { $('#crt_client_deletebtn').click(); } - } else { + } else if($(this).attr('id').search('_ta') < 0) { if($(choosertxtid).hasClass('btn-danger') != $('#crt_client_key_choosertxt').hasClass('btn-danger')) { $('#crt_client_key_deletebtn').click(); } From 8bcce7defe2a289fe215148dc02794a02a1499ba Mon Sep 17 00:00:00 2001 From: Julien Vaubourg Date: Tue, 29 Sep 2015 00:17:23 +0200 Subject: [PATCH 4/8] Fix #24 --- sources/controller.php | 185 +++++++++++++------ sources/public/css/style.css | 9 + sources/public/js/custom.js | 13 ++ sources/views/settings.html.php | 308 +++++++++++++++++--------------- 4 files changed, 322 insertions(+), 193 deletions(-) diff --git a/sources/controller.php b/sources/controller.php index 8921c8a..17d92d2 100644 --- a/sources/controller.php +++ b/sources/controller.php @@ -64,6 +64,33 @@ function ipv6_compressed($ip) { return $output[0]; } +function readAutoConf($file) { + $json = file_get_contents($file); + $config = json_decode($json, true); + + if(!empty($config['crt_server_ca'])) { + $config['crt_server_ca'] = str_replace('|', "\n", $config['crt_server_ca']); + } + + if(!empty($config['crt_client'])) { + $config['crt_client'] = str_replace('|', "\n", $config['crt_client']); + } + + if(!empty($config['crt_client_key'])) { + $config['crt_client_key'] = str_replace('|', "\n", $config['crt_client_key']); + } + + if(!empty($config['crt_client_ta'])) { + $config['crt_client_ta'] = str_replace('|', "\n", $config['crt_client_ta']); + } + + if(!empty($config['openvpn_add'])) { + $config['openvpn_add'] = str_replace('|', "\n", $config['openvpn_add']); + } + + return $config; +} + dispatch('/', function() { $ip6_net = ynh_setting_get('ip6_net'); $ip6_net = ($ip6_net == 'none') ? '' : $ip6_net; @@ -89,47 +116,56 @@ dispatch('/', function() { }); dispatch_put('/settings', function() { - $crt_client_exists = file_exists('/etc/openvpn/keys/user.crt'); - $crt_client_key_exists = file_exists('/etc/openvpn/keys/user.key'); - $crt_server_ca_exists = file_exists('/etc/openvpn/keys/ca-server.crt'); - $service_enabled = isset($_POST['service_enabled']) ? 1 : 0; - $ip6_net = empty($_POST['ip6_net']) ? 'none' : $_POST['ip6_net']; - $ip6_addr = 'none'; if($service_enabled == 1) { + $crt_client_exists = file_exists('/etc/openvpn/keys/user.crt'); + $crt_client_key_exists = file_exists('/etc/openvpn/keys/user.key'); + $crt_server_ca_exists = file_exists('/etc/openvpn/keys/ca-server.crt'); + + $config = $_POST; + $autoconf = false; + + if($_FILES['cubefile']['error'] == UPLOAD_ERR_OK) { + $config = readAutoConf($_FILES['cubefile']['tmp_name']); + $autoconf = true; + } + $ip6_net = empty($config['ip6_net']) ? 'none' : $config['ip6_net']; + $ip6_addr = 'none'; + try { - if(empty($_POST['server_name']) || empty($_POST['server_port']) || empty($_POST['server_proto'])) { + if(empty($config['server_name']) || empty($config['server_port']) || empty($config['server_proto'])) { throw new Exception(_('The Server Address, the Server Port and the Protocol cannot be empty')); } - if(!preg_match('/^\d+$/', $_POST['server_port'])) { + if(!preg_match('/^\d+$/', $config['server_port'])) { throw new Exception(_('The Server Port must be only composed of digits')); } - if($_POST['server_proto'] != 'udp' && $_POST['server_proto'] != 'tcp') { + if($config['server_proto'] != 'udp' && $config['server_proto'] != 'tcp') { throw new Exception(_('The Protocol must be "udp" or "tcp"')); } - if(empty($_POST['dns0']) || empty($_POST['dns1'])) { + if(empty($config['dns0']) || empty($config['dns1'])) { throw new Exception(_('You need to define two DNS resolver addresses')); } - - if(($_FILES['crt_client']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1)) - || ($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client']['error'] != UPLOAD_ERR_OK && (!$crt_client_exists || $_POST['crt_client_delete'] == 1))) { - - throw new Exception(_('A Client Certificate is needed when you suggest a Key, or vice versa')); - } - - if(empty($_POST['login_user']) xor empty($_POST['login_passphrase'])) { + + if(empty($config['login_user']) xor empty($config['login_passphrase'])) { throw new Exception(_('A Password is needed when you suggest a Username, or vice versa')); } - - if($_FILES['crt_server_ca']['error'] != UPLOAD_ERR_OK && !$crt_server_ca_exists) { + + if((!$autoconf && (($_FILES['crt_client']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1)) + || ($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client']['error'] != UPLOAD_ERR_OK && (!$crt_client_exists || $_POST['crt_client_delete'] == 1)))) + || ($autoconf && (empty($config['crt_client']) xor empty($config['crt_client_key'])))) { + + throw new Exception(_('A Client Certificate is needed when you suggest a Key, or vice versa')); + } + + if((!$autoconf && $_FILES['crt_server_ca']['error'] != UPLOAD_ERR_OK && !$crt_server_ca_exists) || ($autoconf && empty($config['crt_server_ca']))) { throw new Exception(_('You need a Server CA.')); } - - if(($_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1)) && empty($_POST['login_user'])) { + + if(((!$autoconf && $_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1)) || ($autoconf && empty($config['crt_client_key']))) && empty($config['login_user'])) { throw new Exception(_('You need either a Client Certificate, either a Username, or both')); } @@ -158,42 +194,87 @@ dispatch_put('/settings', function() { ynh_setting_set('service_enabled', $service_enabled); if($service_enabled == 1) { - ynh_setting_set('server_name', $_POST['server_name']); - ynh_setting_set('server_port', $_POST['server_port']); - ynh_setting_set('server_proto', $_POST['server_proto']); - ynh_setting_set('dns0', $_POST['dns0']); - ynh_setting_set('dns1', $_POST['dns1']); - ynh_setting_set('login_user', $_POST['login_user']); - ynh_setting_set('login_passphrase', $_POST['login_passphrase']); + ynh_setting_set('server_name', $config['server_name']); + ynh_setting_set('server_port', $config['server_port']); + ynh_setting_set('server_proto', $config['server_proto']); + ynh_setting_set('dns0', $config['dns0']); + ynh_setting_set('dns1', $config['dns1']); + ynh_setting_set('login_user', $config['login_user']); + ynh_setting_set('login_passphrase', $config['login_passphrase']); ynh_setting_set('ip6_net', $ip6_net); ynh_setting_set('ip6_addr', $ip6_addr); - - file_put_contents('/etc/openvpn/client.conf.tpl', $_POST['raw_openvpn']); - if($_FILES['crt_client']['error'] == UPLOAD_ERR_OK) { - move_uploaded_file($_FILES['crt_client']['tmp_name'], '/etc/openvpn/keys/user.crt'); - } elseif($_POST['crt_client_delete'] == 1) { - unlink('/etc/openvpn/keys/user.crt'); - } - - if($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK) { - move_uploaded_file($_FILES['crt_client_key']['tmp_name'], '/etc/openvpn/keys/user.key'); - } elseif($_POST['crt_client_key_delete'] == 1) { - unlink('/etc/openvpn/keys/user.key'); - } + if($autoconf) { + if(!empty($config['openvpn_add'])) { + copy('/etc/openvpn/client.conf.tpl.restore', '/etc/openvpn/client.conf.tpl'); - if($_FILES['crt_client_ta']['error'] == UPLOAD_ERR_OK) { - move_uploaded_file($_FILES['crt_client_ta']['tmp_name'], '/etc/openvpn/keys/user_ta.key'); - } elseif($_POST['crt_client_ta_delete'] == 1) { - unlink('/etc/openvpn/keys/user_ta.key'); + $raw_openvpn = file_get_contents('/etc/openvpn/client.conf.tpl'); + $raw_openvpn .= "\n# Custom\n".$config['openvpn_add']; + + file_put_contents('/etc/openvpn/client.conf.tpl', $raw_openvpn); + } + + if(empty($config['crt_client'])) { + if(file_exists('/etc/openvpn/keys/user.crt')) { + unlink('/etc/openvpn/keys/user.crt'); + } + } else { + file_put_contents('/etc/openvpn/keys/user.crt', $config['crt_client']); + } + + if(empty($config['crt_client_key'])) { + if(file_exists('/etc/openvpn/keys/user.key')) { + unlink('/etc/openvpn/keys/user.key'); + } + } else { + file_put_contents('/etc/openvpn/keys/user.key', $config['crt_client_key']); + } + + if(empty($config['crt_client_ta'])) { + if(file_exists('/etc/openvpn/keys/user_ta.key')) { + unlink('/etc/openvpn/keys/user_ta.key'); + } + } else { + file_put_contents('/etc/openvpn/keys/user_ta.key', $config['crt_client_ta']); + } + + if(empty($config['crt_server_ca'])) { + if(file_exists('/etc/openvpn/keys/ca-server.crt')) { + unlink('/etc/openvpn/keys/ca-server.crt'); + } + } else { + file_put_contents('/etc/openvpn/keys/ca-server.crt', $config['crt_server_ca']); + } + + } else { + + file_put_contents('/etc/openvpn/client.conf.tpl', $_POST['raw_openvpn']); + + if($_FILES['crt_client']['error'] == UPLOAD_ERR_OK) { + move_uploaded_file($_FILES['crt_client']['tmp_name'], '/etc/openvpn/keys/user.crt'); + } elseif($_POST['crt_client_delete'] == 1) { + unlink('/etc/openvpn/keys/user.crt'); + } + + if($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK) { + move_uploaded_file($_FILES['crt_client_key']['tmp_name'], '/etc/openvpn/keys/user.key'); + } elseif($_POST['crt_client_key_delete'] == 1) { + unlink('/etc/openvpn/keys/user.key'); + } + + if($_FILES['crt_client_ta']['error'] == UPLOAD_ERR_OK) { + move_uploaded_file($_FILES['crt_client_ta']['tmp_name'], '/etc/openvpn/keys/user_ta.key'); + } elseif($_POST['crt_client_ta_delete'] == 1) { + unlink('/etc/openvpn/keys/user_ta.key'); + } + + if($_FILES['crt_server_ca']['error'] == UPLOAD_ERR_OK) { + move_uploaded_file($_FILES['crt_server_ca']['tmp_name'], '/etc/openvpn/keys/ca-server.crt'); + } } - if($_FILES['crt_server_ca']['error'] == UPLOAD_ERR_OK) { - move_uploaded_file($_FILES['crt_server_ca']['tmp_name'], '/etc/openvpn/keys/ca-server.crt'); - } - - if(!empty($_POST['login_user'])) { - file_put_contents('/etc/openvpn/keys/credentials', "${_POST['login_user']}\n${_POST['login_passphrase']}"); + if(!empty($config['login_user'])) { + file_put_contents('/etc/openvpn/keys/credentials', "${config['login_user']}\n${config['login_passphrase']}"); } else { file_put_contents('/etc/openvpn/keys/credentials', ''); } diff --git a/sources/public/css/style.css b/sources/public/css/style.css index 059d2ab..7cd8a02 100644 --- a/sources/public/css/style.css +++ b/sources/public/css/style.css @@ -96,3 +96,12 @@ textarea#raw_openvpn { height: 300px; border: 1px solid #D9534F; } + +ul.nav { + margin-top: 30px; + margin-bottom: 20px; +} + +ul.nav a { + outline: none; +} diff --git a/sources/public/js/custom.js b/sources/public/js/custom.js index 3e33836..c918ab6 100644 --- a/sources/public/js/custom.js +++ b/sources/public/js/custom.js @@ -16,11 +16,24 @@ * along with this program. If not, see . */ +function tabsClick() { + var tab = $(this).parent().attr('data-tab'); + + $('.nav').find('li.active').removeClass('active'); + $(this).parent().addClass('active'); + + $('.tabs').hide(); + $('.tab' + tab).show(); + + return false; +} + $(document).ready(function() { $('.btn-group').button(); $('[data-toggle="tooltip"]').tooltip(); $('.switch').bootstrapToggle(); + $('.nav-tabs a').click(tabsClick); $('.fileinput').click(function() { if(!$(this).hasClass('btn-danger')) { diff --git a/sources/views/settings.html.php b/sources/views/settings.html.php index 97a5113..e5936a8 100644 --- a/sources/views/settings.html.php +++ b/sources/views/settings.html.php @@ -55,167 +55,193 @@
-
> -
-

-
+
    > + +
    • +
-
-
- -
- -
-
- -
- -
- -
-
- -
- -
- - - -
+
> +
+
+

-
- -
- -
-
- -
- -
- -
-
- -
- -
-
-
-
-
-
- - -
style="margin: 2px 0px 17px" role="alert"> - - : -
- - -
> -
-

-
- -
-
- -