diff --git a/conf/init_ynh-vpnclient b/conf/init_ynh-vpnclient index a1e6fd7..c61f962 100644 --- a/conf/init_ynh-vpnclient +++ b/conf/init_ynh-vpnclient @@ -20,6 +20,10 @@ has_hotspot_app() { yunohost app list -f hotspot --json | grep -q '"installed": true' } +has_ip6delegatedprefix() { + [ "${ynh_ip6_addr}" != none ] +} + is_ip6addr_set() { ip address show dev tun0 2> /dev/null | grep -q "${ynh_ip6_addr}/128" } @@ -27,7 +31,11 @@ is_ip6addr_set() { is_serverip6route_set() { server_ip6=${1} - ip -6 route | grep -q "${server_ip6}/" + if [ -z "${server_ip6}" ]; then + false + else + ip -6 route | grep -q "${server_ip6}/" + fi } is_openvpn_running() { @@ -36,7 +44,7 @@ is_openvpn_running() { is_running() { ((has_nativeip6 && is_serverip6route_set "${new_server_ip6}") || ! has_nativeip6)\ - && ((! has_hotspot_app && is_ip6addr_set) || has_hotspot_app)\ + && ((! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set) || has_hotspot_app)\ && is_openvpn_running } @@ -78,6 +86,12 @@ start_openvpn() { sed 's|^|;|' -i /etc/openvpn/client.conf fi + if [ -z "${ynh_login_user}" ]; then + sed 's|^|;|' -i /etc/openvpn/client.conf + else + sed 's|^||' -i /etc/openvpn/client.conf + fi + service openvpn start client } @@ -134,6 +148,7 @@ ynh_server_name=$(moulinette_get server_name) ynh_server_port=$(moulinette_get server_port) ynh_server_proto=$(moulinette_get server_proto) ynh_ip6_addr=$(moulinette_get ip6_addr) +ynh_login_user=$(moulinette_get login_user) old_ip6_gw=$(moulinette_get ip6_gw) old_wired_device=$(moulinette_get wired_device) @@ -167,21 +182,13 @@ case "${1}" in if [ ! $? -eq 0 ]; then exit 1 fi - - i=0 - false || while [ $? -ne 0 ]; do - (( i++ )) - [ $i -gt 15 ] && exit 1 - sleep 1 - ip link show dev tun0 &> /dev/null - done && sleep 2 fi # Check old state of the server ipv6 route - if [ ! -z "${old_server_ip6}" -a ! -z "${new_ip6_gw}" -a ! -z "${old_wired_device}"\ + if [ ! -z "${old_server_ip6}" -a ! -z "${old_ip6_gw}" -a ! -z "${old_wired_device}"\ -a \( "${new_server_ip6}" != "${old_server_ip6}" -o "${new_ip6_gw}" != "${old_ip6_gw}"\ -o "${new_wired_device}" != "${old_wired_device}" \) ]\ - && is_serverip6route_set "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"; then + && is_serverip6route_set "${old_server_ip6}"; then unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}" fi @@ -189,13 +196,18 @@ case "${1}" in # Set the new server ipv6 route if has_nativeip6 && ! is_serverip6route_set "${new_server_ip6}"; then echo "Set IPv6 server route" - set_serverip6route "${new_server_ip6}" "${new_ip6_gw}" "${new_wired_device}" fi # Set the ipv6 address - if ! has_hotspot_app && ! is_ip6addr_set; then + if ! has_hotspot_app && has_ip6delegatedprefix && ! is_ip6addr_set; then echo "Set IPv6 address" + + false || while [ $? -ne 0 ]; do + sleep 1 + ip link show dev tun0 &> /dev/null + done + set_ip6addr fi fi @@ -208,7 +220,7 @@ case "${1}" in stop) echo "Stopping..." - if ! has_hotspot_app && is_ip6addr_set; then + if ! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set; then echo "Unset IPv6 address" unset_ip6addr fi @@ -226,15 +238,17 @@ case "${1}" in status) exitcode=0 - if ! has_hotspot_app; then - if is_ip6addr_set; then - echo "IPv6 address is correctly set" + if has_ip6delegatedprefix; then + if ! has_hotspot_app; then + if is_ip6addr_set; then + echo "IPv6 address is correctly set" + else + echo "IPv6 address is NOT set" + exitcode=1 + fi else - echo "IPv6 address is NOT set" - exitcode=1 + echo "Hotspot app detected" fi - else - echo "Hotspot app detected" fi if has_nativeip6; then diff --git a/conf/openvpn_client.conf.tpl b/conf/openvpn_client.conf.tpl index 4c0a610..35d3fdd 100644 --- a/conf/openvpn_client.conf.tpl +++ b/conf/openvpn_client.conf.tpl @@ -11,6 +11,9 @@ keepalive 10 30 comp-lzo adaptive port +# Auth by credentials +auth-user-pass /etc/openvpn/keys/credentials + # UDP only explicit-exit-notify diff --git a/manifest.json b/manifest.json index e8e1522..590a536 100644 --- a/manifest.json +++ b/manifest.json @@ -68,12 +68,20 @@ "default": "/tmp/ca-server.crt" }, { - "name": "ip6_net", + "name": "credentials_user", "ask": { - "en": "Select your IPv6 delegated prefix (netmask number provided must be lesser or equal to 64)", - "fr": "Sélectionnez votre préfixe IPv6 délégué (le masque de sous-réseau fourni doit être plus petit ou égal à 64)" + "en": "Select your VPN username (leave empty if not necessary)", + "fr": "Sélectionnez votre nom d'utilisateur VPN (laisser vide si non-nécessaire)" }, - "example": "2001:db8:42::/48" + "example": "michu" + }, + { + "name": "credentials_passphrase", + "ask": { + "en": "Select your VPN password (leave empty if not necessary)", + "fr": "Sélectionnez votre mot de passe VPN (laisser vide si non-nécessaire)" + }, + "example": "XVCwSbDkxnqQ" } ] } diff --git a/screenshot.png b/screenshot.png index ab953bd..235292c 100644 Binary files a/screenshot.png and b/screenshot.png differ diff --git a/scripts/install b/scripts/install index 8240778..f45104e 100644 --- a/scripts/install +++ b/scripts/install @@ -7,7 +7,8 @@ server_name=${3} crt_client_path=${4} crt_client_key_path=${5} crt_server_ca_path=${6} -ip6_net=${7} +login_user=${7} +login_passphrase=${8} # Check arguments # TODO @@ -24,18 +25,14 @@ sudo apt-get --assume-yes --force-yes install openvpn php5-fpm # Install extra packages sudo apt-get --assume-yes --force-yes install sipcalc -# Compute extra arguments -ip6_expanded_net=$(sipcalc "${ip6_net}" | grep Expanded | awk '{ print $NF; }') -ip6_net=$(sipcalc "${ip6_net}" | grep Compressed | awk '{ print $NF; }') -ip6_addr=$(echo "$(echo "${ip6_expanded_net}" | cut -d: -f1-7):1") -ip6_addr=$(sipcalc "${ip6_addr}" | grep Compressed | awk '{ print $NF; }') - # Save arguments sudo yunohost app setting vpnclient server_name -v "${server_name}" sudo yunohost app setting vpnclient server_port -v 1194 sudo yunohost app setting vpnclient server_proto -v udp -sudo yunohost app setting vpnclient ip6_addr -v "${ip6_addr}" -sudo yunohost app setting vpnclient ip6_net -v "${ip6_net}" +sudo yunohost app setting vpnclient ip6_addr -v none +sudo yunohost app setting vpnclient ip6_net -v none +sudo yunohost app setting vpnclient login_user -v "${login_user}" +sudo yunohost app setting vpnclient login_passphrase -v "${login_passphrase}" # Copy confs sudo install -b -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl @@ -60,6 +57,15 @@ sudo install -b -o root -g admins -m 0660 "${crt_server_ca_path}" /etc/openvpn/k sudo rm -f "${crt_client_path}" "${crt_client_key_path}" "${crt_server_ca_path}" +# Credentials file for (optional) login +sudo cat << EOF > /etc/openvpn/keys/credentials +${login_user} +${login_passphrase} +EOF + +sudo chown -R root:admins /etc/openvpn/keys/credentials +sudo chmod 0460 /etc/openvpn/keys/credentials + # Create user for the web admin sudo useradd -MUr vpnadmin @@ -85,9 +91,7 @@ sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/y # Set default inits # The openvpn configuration is modified before the start, so the service is disabled by default # and the ynh-vpnclient service handles it. -# All services are registred by yunohost in order to prevent conflicts after the uninstall. -sudo yunohost service add openvpn -sudo yunohost service stop openvpn +sudo service openvpn stop &> /dev/null sudo yunohost service disable openvpn sudo yunohost service add php5-fpm diff --git a/sources/controller.php b/sources/controller.php index 15006d6..7037ade 100644 --- a/sources/controller.php +++ b/sources/controller.php @@ -16,17 +16,36 @@ function restart_service() { } dispatch('/', function() { + $ip6_net = moulinette_get('ip6_net'); + $ip6_net = ($ip6_net == 'none') ? '' : $ip6_net; + set('server_name', moulinette_get('server_name')); set('server_port', moulinette_get('server_port')); set('server_proto', moulinette_get('server_proto')); + set('login_user', moulinette_get('login_user')); + set('login_passphrase', moulinette_get('login_passphrase')); + set('ip6_net', $ip6_net); return render('settings.html.php'); }); dispatch_put('/settings', function() { + $ip6_net = empty($_POST['ip6_net']) ? 'none' : $_POST['ip6_net']; + moulinette_set('server_name', $_POST['server_name']); moulinette_set('server_port', $_POST['server_port']); moulinette_set('server_proto', $_POST['server_proto']); + moulinette_set('login_user', $_POST['login_user']); + moulinette_set('login_passphrase', $_POST['login_passphrase']); + moulinette_set('ip6_net', $ip6_net); + + # TODO: format ip6_net + if($ip6_net == 'none') { + moulinette_set('ip6_addr', 'none'); + } else { + $ip6_addr = "${ip6_net}1"; + moulinette_set('ip6_addr', $ip6_addr); + } if($_FILES['crt_client']['error'] == UPLOAD_ERR_OK) { move_uploaded_file($_FILES['crt_client']['tmp_name'], '/etc/openvpn/keys/user.crt'); diff --git a/sources/views/settings.html.php b/sources/views/settings.html.php index b8e7f91..efcf508 100644 --- a/sources/views/settings.html.php +++ b/sources/views/settings.html.php @@ -28,7 +28,7 @@
- +
+
+
+

+
+ +
+
+ +
+ +
+
+
+
+

@@ -77,6 +92,28 @@
+
+
+

+
+ +
+
+ +
+ +
+
+ +
+ +
+ +
+
+
+
+