WEBLIB.RE/vpnclient_ynh
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

First beta, without arguments checking (install and web admin)

Browse Source
This commit is contained in:
Julien VAUBOURG
2014-11-09 18:33:57 +01:00
parent fa356ca245
commit b9db02821b
9 changed files with 182 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
conf/init_ynh-vpnclient
View File

@@ -31,8 +31,7 @@ is_serverip6route_set() {
} }
is_openvpn_running() { is_openvpn_running() {
# service openvpn status seems to be a joke service openvpn status client &> /dev/null
ip link show dev tun0 &> /dev/null
} }
is_running() { is_running() {
@@ -65,7 +64,7 @@ start_openvpn() {
else else
proto=udp proto=udp
[ "${ynh_server_proto}" == tcp ] && proto=tcp-client [ "${ynh_server_proto}" == tcp ] && proto=tcp-client
else fi
cp /etc/openvpn/client.conf{.tpl,} cp /etc/openvpn/client.conf{.tpl,}
@@ -73,7 +72,7 @@ start_openvpn() {
sed "s|<TPL:SERVER_PORT>|${ynh_server_port}|g" -i /etc/openvpn/client.conf sed "s|<TPL:SERVER_PORT>|${ynh_server_port}|g" -i /etc/openvpn/client.conf
sed "s|<TPL:PROTO>|${proto}|g" -i /etc/openvpn/client.conf sed "s|<TPL:PROTO>|${proto}|g" -i /etc/openvpn/client.conf
if [ "${proto}" =~ udp ] if [[ "${proto}" =~ udp ]]; then
sed 's|^<TPL:UDP_COMMENT>||' -i /etc/openvpn/client.conf sed 's|^<TPL:UDP_COMMENT>||' -i /etc/openvpn/client.conf
else else
sed 's|^<TPL:UDP_COMMENT>|;|' -i /etc/openvpn/client.conf sed 's|^<TPL:UDP_COMMENT>|;|' -i /etc/openvpn/client.conf
@@ -165,6 +164,10 @@ case "$1" in
start_openvpn "${new_ip6_gw}" "${new_server_ip6}" start_openvpn "${new_ip6_gw}" "${new_server_ip6}"
if [ ! $? -eq 0 ]; then
exit 1
fi
i=0 i=0
false || while [ $? -ne 0 ]; do false || while [ $? -ne 0 ]; do
(( i++ )) (( i++ ))
@@ -220,10 +223,6 @@ case "$1" in
stop_openvpn stop_openvpn
fi fi
;; ;;
restart)
$0 stop
$0 start
;;
status) status)
exitcode=0 exitcode=0
@@ -259,7 +258,7 @@ case "$1" in
exit ${exitcode} exit ${exitcode}
;; ;;
*) *)
echo "Usage: $0 {start|stop|restart|status}" echo "Usage: $0 {start|stop|status}"
exit 1 exit 1
;; ;;
esac esac

1
conf/nginx_vpnadmin.conf
View File

@@ -11,6 +11,7 @@ location <TPL:NGINX_LOCATION> {
fastcgi_pass unix:/var/run/php5-fpm-<TPL:PHP_NAME>.sock; fastcgi_pass unix:/var/run/php5-fpm-<TPL:PHP_NAME>.sock;
fastcgi_index index.php; fastcgi_index index.php;
include fastcgi_params; include fastcgi_params;
fastcgi_read_timeout 600;
fastcgi_param REMOTE_USER $remote_user; fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
} }

2
conf/phpfpm_vpnadmin.conf
View File

@@ -159,7 +159,7 @@ ping.path = /ping
; does not stop script execution for some reason. A value of '0' means 'off'. ; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0 ; Default Value: 0
request_terminate_timeout = 120s request_terminate_timeout = 600s
; The timeout for serving a single request after which a PHP backtrace will be ; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; dumped to the 'slowlog' file. A value of '0s' means 'off'.

20
scripts/install
View File

@@ -52,12 +52,12 @@ sudo chmod -R 0644 /var/www/vpnadmin/*
sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \; sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \;
# Copy certificates # Copy certificates
sudo mkdir -pm 0700 /etc/openvpn/keys/ sudo mkdir -pm 0770 /etc/openvpn/keys/
sudo chown root: /etc/openvpn/keys/ sudo chown root:admins /etc/openvpn/keys/
sudo install -b -o root -g root -m 0600 "${crt_client_path}" /etc/openvpn/keys/user.crt sudo install -b -o root -g admins -m 0660 "${crt_client_path}" /etc/openvpn/keys/user.crt
sudo install -b -o root -g root -m 0600 "${crt_client_key_path}" /etc/openvpn/keys/user.key sudo install -b -o root -g admins -m 0660 "${crt_client_key_path}" /etc/openvpn/keys/user.key
sudo install -b -o root -g root -m 0600 "${crt_server_ca_path}" /etc/openvpn/keys/ca-server.crt sudo install -b -o root -g admins -m 0660 "${crt_server_ca_path}" /etc/openvpn/keys/ca-server.crt
sudo rm -f "${crt_client_path}" "${crt_client_key_path}" "${crt_server_ca_path}" sudo rm -f "${crt_client_path}" "${crt_client_key_path}" "${crt_server_ca_path}"
@@ -72,9 +72,10 @@ sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmi
## php-fpm ## php-fpm
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:PHP_USER>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf sudo sed 's|<TPL:PHP_USER>|admin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:PHP_GROUP>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf sudo sed 's|<TPL:PHP_GROUP>|admins|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|^;\?\s*max_execution_time.\+|max_execution_time = 600|' -i /etc/php5/fpm/php.ini
# Fix sources # Fix sources
sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php
@@ -82,10 +83,6 @@ sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php
# Copy init script # Copy init script
sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient
# Allow vpnadmin web interface to manage rights
sudo chmod 0470 /etc/yunohost/apps/vpnclient/settings.yml
sudo chown root:vpnadmin /etc/yunohost/apps/vpnclient/settings.yml
# Set default inits # Set default inits
# The openvpn configuration is modified before the start, so the service is disabled by default # The openvpn configuration is modified before the start, so the service is disabled by default
# and the ynh-vpnclient service handles it. # and the ynh-vpnclient service handles it.
@@ -101,7 +98,6 @@ sudo yunohost service start php5-fpm
sudo yunohost service add ynh-vpnclient sudo yunohost service add ynh-vpnclient
sudo yunohost service enable ynh-vpnclient sudo yunohost service enable ynh-vpnclient
#sudo yunohost service start ynh-vpnclient
sudo service ynh-vpnclient start sudo service ynh-vpnclient start
sudo service nginx reload sudo service nginx reload

BIN
sources/.controller.php.swp
View File

Binary file not shown.

81
sources/controller.php
View File

@@ -1,32 +1,71 @@
<?php <?php
function moulinette_get($var) {
return htmlspecialchars(exec("sudo yunohost app setting vpnclient ".escapeshellarg($var)));
}
function moulinette_set($var, $value) {
return exec("sudo yunohost app setting vpnclient ".escapeshellarg($var)." -v ".escapeshellarg($value));
}
function restart_service() {
exec('sudo service ynh-vpnclient stop');
exec('sudo service ynh-vpnclient start', $output, $retcode);
return $retcode;
}
dispatch('/', function() { dispatch('/', function() {
set('title', T_('Configure your VPN client')); set('title', T_('VPN client'));
return render('settings.html.php');
set('server_name', moulinette_get('server_name'));
set('server_port', moulinette_get('server_port'));
set('server_proto', moulinette_get('server_proto'));
return render('settings.html.php');
}); });
dispatch_put('/settings', function() { dispatch_put('/settings', function() {
$success_message = ""; moulinette_set('server_name', $_POST['server_name']);
foreach ($_POST as $key => $value) { moulinette_set('server_port', $_POST['server_port']);
$success_message = $success_message.T_("Parameter ").$key.": ".$value."<br>"; moulinette_set('server_proto', $_POST['server_proto']);
}
flash('success', $success_message); if($_FILES['crt_client']['error'] == UPLOAD_ERR_OK) {
redirect_to('/'); move_uploaded_file($_FILES['crt_client']['tmp_name'], '/etc/openvpn/keys/user.crt');
}
if($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK) {
move_uploaded_file($_FILES['crt_client_key']['tmp_name'], '/etc/openvpn/keys/user.key');
}
if($_FILES['crt_server_ca']['error'] == UPLOAD_ERR_OK) {
move_uploaded_file($_FILES['crt_server_ca']['tmp_name'], '/etc/openvpn/keys/ca-server.crt');
}
$retcode = restart_service();
if($retcode == 0) {
flash('success', T_('Configuration updated and service successfully reloaded'));
} else {
flash('error', T_('Configuration updated but service reload failed'));
}
redirect_to('/');
}); });
dispatch('/lang/:locale', function($locale = 'en') { dispatch('/lang/:locale', function($locale = 'en') {
switch ($locale) { switch ($locale) {
case 'fr': case 'fr':
$_SESSION['locale'] = 'fr'; $_SESSION['locale'] = 'fr';
break; break;
default:
$_SESSION['locale'] = 'en';
break;
}
if(!empty($_GET['redirect_to']))
redirect_to($_GET['redirect_to']);
else
redirect_to('/');
});
default:
$_SESSION['locale'] = 'en';
}
if(!empty($_GET['redirect_to'])) {
redirect_to($_GET['redirect_to']);
} else {
redirect_to('/');
}
});

11
sources/public/js/custom.js
View File

@@ -1,5 +1,14 @@
$(document).ready(function() { $(document).ready(function() {
$('.btn-group').button(); $('.btn-group').button();
$('[data-toggle="tooltip"]').tooltip(); $('[data-toggle="tooltip"]').tooltip();
});
$('.fileinput').click(function() {
var realinputid = '#' + $(this).attr('id').replace(/_chooser.*/, '');
$(realinputid).click();
});
$('input[type="file"]').change(function() {
var choosertxtid = '#' + $(this).attr('id') + '_choosertxt';
$(choosertxtid).val($(this).val());
});
});

57
sources/views/layout.html.php
View File

@@ -4,37 +4,36 @@
<!--[if IE 8]> <html class="no-js lt-ie9" lang="en"> <![endif]--> <!--[if IE 8]> <html class="no-js lt-ie9" lang="en"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="<?= $locale ?>"> <!--<![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="<?= $locale ?>"> <!--<![endif]-->
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>VPN Client <? echo (isset($title)) ? "| ".$title : "" ?></title> <title>VPN Client <? echo (isset($title)) ? "| ".$title : "" ?></title>
<meta name="viewport" content="width=device-width"> <meta name="viewport" content="width=device-width">
<link media="all" type="text/css" href="<?= PUBLIC_DIR ?>/bootstrap/css/bootstrap.min.css" rel="stylesheet"> <link media="all" type="text/css" href="<?= PUBLIC_DIR ?>/bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link media="all" type="text/css" href="<?= PUBLIC_DIR ?>/bootstrap/css/bootstrap-theme.min.css" rel="stylesheet"> <link media="all" type="text/css" href="<?= PUBLIC_DIR ?>/bootstrap/css/bootstrap-theme.min.css" rel="stylesheet">
<link media="all" type="text/css" href="<?= PUBLIC_DIR ?>/css/style.css" rel="stylesheet"> <link media="all" type="text/css" href="<?= PUBLIC_DIR ?>/css/style.css" rel="stylesheet">
<script src="<?= PUBLIC_DIR ?>/jquery/jquery-2.1.1.min.js"></script> <script src="<?= PUBLIC_DIR ?>/jquery/jquery-2.1.1.min.js"></script>
<script src="<?= PUBLIC_DIR ?>/bootstrap/js/bootstrap.min.js"></script> <script src="<?= PUBLIC_DIR ?>/bootstrap/js/bootstrap.min.js"></script>
<script src="<?= PUBLIC_DIR ?>/js/custom.js"></script> <script src="<?= PUBLIC_DIR ?>/js/custom.js"></script>
</head> </head>
<body> <body>
<div class="container"> <div class="container">
<? if (isset($flash['error'])) { ?> <? if (isset($flash['error'])) { ?>
<div class="alert alert-dismissible alert-error fade in" role="alert"> <div class="alert alert-dismissible alert-danger fade in" style="margin-top: 20px" role="alert">
<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button> <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
<strong><?= T_('Error') ?>:</strong> <?= $flash['error'] ?> <strong><?= T_('Error') ?>:</strong> <?= $flash['error'] ?>
</div> </div>
<? } elseif (isset($flash['notice'])) { ?> <? } elseif (isset($flash['notice'])) { ?>
<div class="alert alert-dismissible alert-info fade in" role="alert"> <div class="alert alert-dismissible alert-info fade in" style="margin-top: 20px" role="alert">
<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button> <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
<strong><?= T_('Notice') ?>:</strong> <?= $flash['notice'] ?> <strong><?= T_('Notice') ?>:</strong> <?= $flash['notice'] ?>
</div> </div>
<? } elseif (isset($flash['success'])) { ?> <? } elseif (isset($flash['success'])) { ?>
<div class="alert alert-dismissible alert-success fade in" role="alert"> <div class="alert alert-dismissible alert-success fade in" style="margin-top: 20px" role="alert">
<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button> <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
<?= $flash['success'] ?> <?= $flash['success'] ?>
</div> </div>
<? } ?> <? } ?>
<?= $content?>
<?= $content?>
</body> </body>
</html> </html>

118
sources/views/settings.html.php
View File

@@ -1,57 +1,71 @@
<h2><?= T_("VPN Client Configuration") ?></h2> <h2><?= T_("VPN Client Configuration") ?></h2>
<hr>
<hr />
<div class="row"> <div class="row">
<div class="col-sm-offset-2 col-sm-8"> <div class="col-sm-offset-2 col-sm-8">
<form method="post" action="settings" class="form-horizontal" role="form"> <form method="post" enctype="multipart/form-data" action="?/settings" class="form-horizontal" role="form">
<input type="hidden" name="_method" value="put" /> <input type="hidden" name="_method" value="put" />
<div class="form-group">
<label for="server_name" class="col-sm-3 control-label"><?= T_('Server Address') ?></label>
<div class="col-sm-9">
<input type="text" class="form-control" name="server_name" id="server_name" placeholder="access.ldn-fai.net">
</div>
</div>
<div class="form-group">
<label for="server_port" class="col-sm-3 control-label"><?= T_('Server Port') ?></label>
<div class="col-sm-9">
<input type="text" data-toggle="tooltip" data-title="<?= T_('With restricted access, you should use 443 (TCP) or 53 (UDP)') ?>" class="form-control" name="server_port" id="server_port" placeholder="1194">
</div>
</div>
<div class="form-group">
<label for="server_port" class="col-sm-3 control-label"><?= T_('Protocol') ?></label>
<div class="btn-group col-sm-9" data-toggle="buttons">
<label class="btn btn-default active">
<input type="radio" name="server_proto" value="udp"> <?= T_('UDP') ?>
</label>
<label class="btn btn-default" data-toggle="tooltip" data-title="<?= T_('UDP is more efficient than TCP (but more filtered in case of restrictive access)') ?>"> <div class="form-group">
<input type="radio" name="server_proto" value="tcp"> <?= T_('TCP') ?> <label for="server_name" class="col-sm-3 control-label"><?= T_('Server Address') ?></label>
</label> <div class="col-sm-9">
</div> <input type="text" class="form-control" name="server_name" id="server_name" placeholder="access.ldn-fai.net" value="<?= $server_name ?>" />
</div> </div>
<div class="form-group"> </div>
<label for="crt_client" class="col-sm-3 control-label"><?= T_('Client Certificate') ?></label>
<div class="btn-group col-sm-9">
<textarea class="form-control" name="crt_client" id="crt_client" placeholder="-----BEGIN CERTIFICATE-----"></textarea>
</div>
</div>
<div class="form-group">
<label for="crt_client_key" class="col-sm-3 control-label"><?= T_('Client Certificate Key') ?></label>
<div class="btn-group col-sm-9">
<textarea class="form-control" name="crt_client_key" id="crt_client_key" placeholder="-----BEGIN PRIVATE KEY-----"></textarea>
</div>
</div>
<div class="form-group">
<label for="crt_server_ca" class="col-sm-3 control-label"><?= T_('Server Certificate Authority') ?></label>
<div class="btn-group col-sm-9">
<textarea class="form-control" name="crt_server_ca" id="crt_server_ca" placeholder="-----BEGIN CERTIFICATE-----"></textarea>
</div>
</div>
<div class="form-group"> <div class="form-group">
<div class="col-xs-offset-3 col-sm-9"> <label for="server_port" class="col-sm-3 control-label"><?= T_('Server Port') ?></label>
<button type="submit" class="btn btn-default"><?= T_('Save and reload') ?></button> <div class="col-sm-9">
</div> <input type="text" data-toggle="tooltip" data-title="<?= T_('With restricted access, you should use 443 (TCP) or 53 (UDP)') ?>" class="form-control" name="server_port" id="server_port" placeholder="1194" value="<?= $server_port ?>" />
</div> </div>
</form> </div>
</div>
<div class="form-group">
<label for="server_port" class="col-sm-3 control-label"><?= T_('Protocol') ?></label>
<div class="btn-group col-sm-9" data-toggle="buttons">
<label class="btn btn-default <?= $server_proto == 'udp' ? 'active' : '' ?>">
<input type="radio" name="server_proto" value="udp" <?= $server_proto == 'udp' ? 'checked="cheked"' : '' ?> /> <?= T_('UDP') ?>
</label>
<label class="btn btn-default <?= $server_proto == 'tcp' ? 'active' : '' ?>" data-toggle="tooltip" data-title="<?= T_('UDP is more efficient than TCP (but more filtered in case of restrictive access)') ?>">
<input type="radio" name="server_proto" value="tcp" <?= $server_proto == 'tcp' ? 'checked="cheked"' : '' ?> /> <?= T_('TCP') ?>
</label>
</div>
</div>
<div class="form-group">
<label for="crt_client" class="col-sm-3 control-label"><?= T_('Update Client Cert.') ?></label>
<div class="input-group col-sm-9" style="padding: 0 15px">
<input id="crt_client" name="crt_client" type="file" style="display: none" />
<input type="text" class="form-control fileinput" id="crt_client_choosertxt" placeholder="-----BEGIN CERTIFICATE-----" readonly="readonly" />
<a class="btn input-group-addon fileinput" id="crt_client_chooserbtn"><?= T_('Browse') ?></a>
</div>
</div>
<div class="form-group">
<label for="crt_client_key" class="col-sm-3 control-label"><?= T_('Update Client Cert. Key') ?></label>
<div class="input-group col-sm-9" style="padding: 0 15px">
<input id="crt_client_key" name="crt_client_key" type="file" style="display: none" />
<input type="text" class="form-control fileinput" id="crt_client_key_choosertxt" placeholder="-----BEGIN PRIVATE KEY-----" readonly="readonly" />
<a class="btn input-group-addon fileinput" id="crt_client_key_chooserbtn"><?= T_('Browse') ?></a>
</div>
</div>
<div class="form-group">
<label for="crt_server_ca" class="col-sm-3 control-label"><?= T_('Update Server CA') ?></label>
<div class="input-group col-sm-9" style="padding: 0 15px">
<input id="crt_server_ca" name="crt_server_ca" type="file" style="display: none" />
<input type="text" class="form-control fileinput" id="crt_server_ca_choosertxt" placeholder="-----BEGIN CERTIFICATE-----" readonly="readonly" />
<a class="btn input-group-addon fileinput" id="crt_server_ca_chooserbtn"><?= T_('Browse') ?></a>
</div>
</div>
<div class="form-group">
<div class="col-xs-offset-3 col-sm-9">
<button type="submit" class="btn btn-default" data-toggle="tooltip" data-title="<?= T_('Reloading may take a few minutes. Be patient.') ?>"><?= T_('Save and reload') ?></button>
</div>
</div>
</form>
</div>
</div> </div>