diff --git a/conf/openvpn_client.conf.tpl b/conf/openvpn_client.conf.tpl index 696cabe..5488820 100644 --- a/conf/openvpn_client.conf.tpl +++ b/conf/openvpn_client.conf.tpl @@ -1,8 +1,8 @@ -# [WARN] Edit this raw configuration ONLY IF YOU KNOW what -# you do! -# [WARN] Continue to use the placeholders and keep -# update their value on the web admin (they are not -# only used for this file). +# [WARN] Edit this raw configuration ONLY IF YOU KNOW +# what you do! +# [WARN] Continue to use the placeholders and +# keep update their value on the web admin (they +# are not only used for this file). remote proto diff --git a/conf/ynh-vpnclient b/conf/ynh-vpnclient index f7debf7..86b0dc2 100644 --- a/conf/ynh-vpnclient +++ b/conf/ynh-vpnclient @@ -52,6 +52,11 @@ is_serverip6route_set() { fi } +is_dns_set() { + [ -e /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient ]\ + && grep -q ${ynh_dns0} /etc/resolv.conf +} + is_openvpn_running() { systemctl is-active openvpn@client.service &> /dev/null } @@ -59,7 +64,7 @@ is_openvpn_running() { is_running() { ((has_nativeip6 && is_serverip6route_set "${new_server_ip6}") || ! has_nativeip6)\ && ((! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set) || has_hotspot_app || ! has_ip6delegatedprefix)\ - && is_openvpn_running + && is_dns_set && is_openvpn_running } ## Setters @@ -76,6 +81,15 @@ set_serverip6route() { ip route add "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}" } +set_dns() { + cat << EOF > /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient +echo nameserver ${ynh_dns0} > /etc/resolv.conf +echo nameserver ${ynh_dns1} >> /etc/resolv.conf +EOF + + bash /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient +} + start_openvpn() { ip6_gw=${1} server_ip6=${2} @@ -129,6 +143,10 @@ unset_serverip6route() { ip route delete "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}" } +unset_dns() { + rm -f /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient +} + stop_openvpn() { systemctl stop openvpn.service } @@ -187,6 +205,8 @@ if [ "$1" != restart ]; then ynh_server_proto=$(ynh_setting_get vpnclient server_proto) ynh_ip6_addr=$(ynh_setting_get vpnclient ip6_addr) ynh_login_user=$(ynh_setting_get vpnclient login_user) + ynh_dns0=$(ynh_setting_get vpnclient dns0) + ynh_dns1=$(ynh_setting_get vpnclient dns1) old_ip6_gw=$(ynh_setting_get vpnclient ip6_gw) old_wired_device=$(ynh_setting_get vpnclient wired_device) @@ -255,6 +275,12 @@ case "${1}" in set_ip6addr fi + # Set host DNS resolvers + if ! is_dns_set; then + echo "Set host DNS resolvers" + set_dns + fi + # Update dynamic settings ynh_setting_set vpnclient server_ip6 "${new_server_ip6}" ynh_setting_set vpnclient ip6_gw "${new_ip6_gw}" @@ -280,6 +306,11 @@ case "${1}" in unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}" fi + if is_dns_set; then + echo "Unset forced host DNS resolvers" + unset_dns + fi + if is_openvpn_running; then echo "Stop openvpn" stop_openvpn @@ -347,6 +378,13 @@ case "${1}" in echo "[INFO] No IPv6 server route to set" fi + if is_dns_set; then + echo "[OK] Host DNS correctly set" + else + echo "[ERR] No host DNS set" + exitcode=1 + fi + if is_openvpn_running; then echo "[OK] Openvpn is running" else diff --git a/scripts/install b/scripts/install index 971a852..1f9d9a3 100644 --- a/scripts/install +++ b/scripts/install @@ -63,6 +63,8 @@ if ! $upgrade; then sudo yunohost app setting vpnclient ip6_net -v none sudo yunohost app setting vpnclient login_user -v "${login_user}" sudo yunohost app setting vpnclient login_passphrase -v "${login_passphrase}" + sudo yunohost app setting vpnclient dns0 -v 89.234.141.66 + sudo yunohost app setting vpnclient dns1 -v 2001:913::8 fi diff --git a/sources/controller.php b/sources/controller.php index 01a2084..f77f914 100644 --- a/sources/controller.php +++ b/sources/controller.php @@ -81,6 +81,8 @@ dispatch('/', function() { set('crt_server_ca_exists', file_exists('/etc/openvpn/keys/ca-server.crt')); set('faststatus', service_faststatus() == 0); set('raw_openvpn', $raw_openvpn); + set('dns0', ynh_setting_get('dns0')); + set('dns1', ynh_setting_get('dns1')); return render('settings.html.php'); }); @@ -107,6 +109,10 @@ dispatch_put('/settings', function() { if($_POST['server_proto'] != 'udp' && $_POST['server_proto'] != 'tcp') { throw new Exception(_('The Protocol must be "udp" or "tcp"')); } + + if(empty($_POST['dns0']) || empty($_POST['dns1'])) { + throw new Exception(_('You need to define two DNS resolver addresses')); + } if(($_FILES['crt_client']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1)) || ($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client']['error'] != UPLOAD_ERR_OK && (!$crt_client_exists || $_POST['crt_client_delete'] == 1))) { @@ -154,6 +160,8 @@ dispatch_put('/settings', function() { ynh_setting_set('server_name', $_POST['server_name']); ynh_setting_set('server_port', $_POST['server_port']); ynh_setting_set('server_proto', $_POST['server_proto']); + ynh_setting_set('dns0', $_POST['dns0']); + ynh_setting_set('dns1', $_POST['dns1']); ynh_setting_set('login_user', $_POST['login_user']); ynh_setting_set('login_passphrase', $_POST['login_passphrase']); ynh_setting_set('ip6_net', $ip6_net); diff --git a/sources/i18n/fr_FR/LC_MESSAGES/localization.mo b/sources/i18n/fr_FR/LC_MESSAGES/localization.mo index f07eeb2..7b71f80 100644 Binary files a/sources/i18n/fr_FR/LC_MESSAGES/localization.mo and b/sources/i18n/fr_FR/LC_MESSAGES/localization.mo differ diff --git a/sources/i18n/fr_FR/LC_MESSAGES/localization.po b/sources/i18n/fr_FR/LC_MESSAGES/localization.po index fc66de4..833bc8a 100644 --- a/sources/i18n/fr_FR/LC_MESSAGES/localization.po +++ b/sources/i18n/fr_FR/LC_MESSAGES/localization.po @@ -8,8 +8,8 @@ msgid "" msgstr "" "Project-Id-Version: data 2\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2015-07-25 10:42+0200\n" -"PO-Revision-Date: 2015-07-25 10:50+0100\n" +"POT-Creation-Date: 2015-09-28 16:51+0200\n" +"PO-Revision-Date: 2015-09-28 16:52+0200\n" "Last-Translator: samy boutayeb \n" "Language-Team: none\n" "Language: fr\n" @@ -17,60 +17,64 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" -"X-Generator: Poedit 1.6.10\n" +"X-Generator: Poedit 1.8.4\n" -#: sources/controller.php:100 +#: sources/controller.php:102 msgid "The Server Address, the Server Port and the Protocol cannot be empty" msgstr "" "L'adresse du serveur, le port du serveur et le protocole ne peuvent pas être " "vides" -#: sources/controller.php:104 +#: sources/controller.php:106 msgid "The Server Port must be only composed of digits" msgstr "Le port du serveur ne peut correspondre qu'à des chiffres" -#: sources/controller.php:108 +#: sources/controller.php:110 msgid "The Protocol must be \"udp\" or \"tcp\"" msgstr "Le protocole ne peut correspondre qu'à \"udp\" ou \"tcp\"" #: sources/controller.php:114 +msgid "You need to define two DNS resolver addresses" +msgstr "Vous devez définir deux adresses de résolveur DNS" + +#: sources/controller.php:120 msgid "A Client Certificate is needed when you suggest a Key, or vice versa" msgstr "" "Un certificat client est nécessaire si vous proposez une clé, et inversement" -#: sources/controller.php:118 +#: sources/controller.php:124 msgid "A Password is needed when you suggest a Username, or vice versa" msgstr "" "Un mot de passe est nécessaire si vous proposez un nom d'utilisateur, et " "inversement" -#: sources/controller.php:122 +#: sources/controller.php:128 msgid "You need a Server CA." msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur" -#: sources/controller.php:126 +#: sources/controller.php:132 msgid "You need either a Client Certificate, either a Username, or both" msgstr "" "Vous devez avoir soit un certificat client, soit un nom d'utilisateur, soit " "les deux" -#: sources/controller.php:133 +#: sources/controller.php:139 msgid "The IPv6 Delegated Prefix format looks bad" msgstr "Le format du préfixe IPv6 délégué semble incorrect" -#: sources/controller.php:144 +#: sources/controller.php:150 msgid "configuration not updated" msgstr "configuration non-mise à jour" -#: sources/controller.php:189 +#: sources/controller.php:197 msgid "Configuration updated and service successfully reloaded" msgstr "Configuration mise à jour et service correctement rechargé" -#: sources/controller.php:191 +#: sources/controller.php:199 msgid "Configuration updated but service reload failed" msgstr "Configuration mise à jour mais le rechargement du service a échoué" -#: sources/controller.php:195 +#: sources/controller.php:203 msgid "Service successfully disabled" msgstr "Service désactivé avec succès" @@ -82,8 +86,8 @@ msgstr "Client VPN" msgid "Error" msgstr "Erreur" -#: sources/views/layout.html.php:54 sources/views/settings.html.php:125 -#: sources/views/settings.html.php:165 +#: sources/views/layout.html.php:54 sources/views/settings.html.php:117 +#: sources/views/settings.html.php:157 msgid "Notice" msgstr "Notice" @@ -161,23 +165,11 @@ msgstr "" msgid "TCP" msgstr "TCP" +#: sources/views/settings.html.php:92 +msgid "Delegated prefix (IPv6)" +msgstr "Préfixe délégué (IPv6)" + #: sources/views/settings.html.php:94 -msgid "Edit the raw configuration only if you know what you do!" -msgstr "N'éditez la configuration brute que si vous savez ce que vous faites !" - -#: sources/views/settings.html.php:94 sources/views/settings.html.php:99 -msgid "Advanced" -msgstr "Avancé" - -#: sources/views/settings.html.php:109 -msgid "IPv6" -msgstr "IPv6" - -#: sources/views/settings.html.php:114 -msgid "Delegated prefix" -msgstr "Préfixe délégué" - -#: sources/views/settings.html.php:116 msgid "" "Leave empty if your Internet Service Provider does not give you a delegated " "prefix" @@ -185,7 +177,15 @@ msgstr "" "Laissez vide si votre Fournisseur d'Accès à Internet ne vous fournit pas de " "préfixe délégué." -#: sources/views/settings.html.php:125 +#: sources/views/settings.html.php:101 +msgid "Edit the raw configuration only if you know what you do!" +msgstr "N'éditez la configuration brute que si vous savez ce que vous faites !" + +#: sources/views/settings.html.php:101 sources/views/settings.html.php:106 +msgid "Advanced" +msgstr "Avancé" + +#: sources/views/settings.html.php:117 msgid "" "You need to upload a Client Certificate, or define a Username (or both) for " "starting your VPN Client." @@ -193,83 +193,107 @@ msgstr "" "Vous devez téléverser le certificat du client, ou définir un nom " "d'utilisateur (ou les deux) pour démarrer votre client VPN." -#: sources/views/settings.html.php:131 -msgid "Certificates" -msgstr "Certificats" +#: sources/views/settings.html.php:123 +msgid "Authentication" +msgstr "Authentification" -#: sources/views/settings.html.php:136 +#: sources/views/settings.html.php:128 msgid "Update Client Cert." msgstr "Actualiser le certificat client" -#: sources/views/settings.html.php:136 +#: sources/views/settings.html.php:128 msgid "Upload Client Cert." msgstr "Téléverser le certificat client" -#: sources/views/settings.html.php:139 sources/views/settings.html.php:152 +#: sources/views/settings.html.php:131 sources/views/settings.html.php:144 msgid "Delete this certificate" msgstr "Supprimer ce certificat" -#: sources/views/settings.html.php:144 sources/views/settings.html.php:157 -#: sources/views/settings.html.php:177 +#: sources/views/settings.html.php:136 sources/views/settings.html.php:149 +#: sources/views/settings.html.php:169 msgid "Browse" msgstr "Parcourir" -#: sources/views/settings.html.php:149 +#: sources/views/settings.html.php:141 msgid "Update Client Key" msgstr "Actualiser la clé client" -#: sources/views/settings.html.php:149 +#: sources/views/settings.html.php:141 msgid "Upload Client Key" msgstr "Téléverser la clé client" -#: sources/views/settings.html.php:155 +#: sources/views/settings.html.php:147 msgid "Make sure your browser is able to read the key file before uploading" msgstr "" "Assurez-vous que votre navigateur peut lire le fichier contenant la clé " "avant de le téléverser" -#: sources/views/settings.html.php:157 +#: sources/views/settings.html.php:149 msgid "make sure your browser is able to read the key file before uploading" msgstr "" "assurez-vous que votre navigateur peut lire le fichier contenant la clé " "avant de le téléverser" -#: sources/views/settings.html.php:165 +#: sources/views/settings.html.php:157 msgid "You need to upload a Server CA for starting your VPN Client." msgstr "Vous devez transférer un CA de serveur pour démarrer votre client VPN." -#: sources/views/settings.html.php:169 +#: sources/views/settings.html.php:161 msgid "Update Server CA" msgstr "Actualiser le CA du serveur" -#: sources/views/settings.html.php:169 +#: sources/views/settings.html.php:161 msgid "Upload Server CA" msgstr "Transférer le CA du serveur" -#: sources/views/settings.html.php:172 +#: sources/views/settings.html.php:164 msgid "You cannot have no server CA" msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur" -#: sources/views/settings.html.php:185 -msgid "Login" -msgstr "Identifiant" - -#: sources/views/settings.html.php:190 +#: sources/views/settings.html.php:174 msgid "Username" msgstr "Nom d'utilisateur" -#: sources/views/settings.html.php:192 sources/views/settings.html.php:199 +#: sources/views/settings.html.php:176 sources/views/settings.html.php:183 msgid "Leave empty if not necessary" msgstr "Laisser vide si non nécessaire" -#: sources/views/settings.html.php:197 +#: sources/views/settings.html.php:181 msgid "Password" msgstr "Mot de passe" -#: sources/views/settings.html.php:207 +#: sources/views/settings.html.php:191 +msgid "DNS" +msgstr "DNS" + +#: sources/views/settings.html.php:196 +msgid "First resolver" +msgstr "Premier résolveur" + +#: sources/views/settings.html.php:198 sources/views/settings.html.php:205 +msgid "IPv6 or IPv4" +msgstr "IPv6 ou IPv4" + +#: sources/views/settings.html.php:203 +msgid "Second resolver" +msgstr "Second résolveur" + +#: sources/views/settings.html.php:213 msgid "Reloading may take a few minutes. Be patient." msgstr "Le rechargement peut prendre quelques minutes. Soyez patient." -#: sources/views/settings.html.php:207 +#: sources/views/settings.html.php:213 msgid "Save and reload" msgstr "Sauvegarder et recharger" + +#~ msgid "IPv6" +#~ msgstr "IPv6" + +#~ msgid "Delegated prefix" +#~ msgstr "Préfixe délégué" + +#~ msgid "Certificates" +#~ msgstr "Certificats" + +#~ msgid "Login" +#~ msgstr "Identifiant" diff --git a/sources/i18n/localization.pot b/sources/i18n/localization.pot index f439a78..d58ae7e 100644 --- a/sources/i18n/localization.pot +++ b/sources/i18n/localization.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2015-07-25 10:42+0200\n" +"POT-Creation-Date: 2015-09-28 16:51+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -17,51 +17,55 @@ msgstr "" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: sources/controller.php:100 +#: sources/controller.php:102 msgid "The Server Address, the Server Port and the Protocol cannot be empty" msgstr "" -#: sources/controller.php:104 +#: sources/controller.php:106 msgid "The Server Port must be only composed of digits" msgstr "" -#: sources/controller.php:108 +#: sources/controller.php:110 msgid "The Protocol must be \"udp\" or \"tcp\"" msgstr "" #: sources/controller.php:114 +msgid "You need to define two DNS resolver addresses" +msgstr "" + +#: sources/controller.php:120 msgid "A Client Certificate is needed when you suggest a Key, or vice versa" msgstr "" -#: sources/controller.php:118 +#: sources/controller.php:124 msgid "A Password is needed when you suggest a Username, or vice versa" msgstr "" -#: sources/controller.php:122 +#: sources/controller.php:128 msgid "You need a Server CA." msgstr "" -#: sources/controller.php:126 +#: sources/controller.php:132 msgid "You need either a Client Certificate, either a Username, or both" msgstr "" -#: sources/controller.php:133 +#: sources/controller.php:139 msgid "The IPv6 Delegated Prefix format looks bad" msgstr "" -#: sources/controller.php:144 +#: sources/controller.php:150 msgid "configuration not updated" msgstr "" -#: sources/controller.php:189 +#: sources/controller.php:197 msgid "Configuration updated and service successfully reloaded" msgstr "" -#: sources/controller.php:191 +#: sources/controller.php:199 msgid "Configuration updated but service reload failed" msgstr "" -#: sources/controller.php:195 +#: sources/controller.php:203 msgid "Service successfully disabled" msgstr "" @@ -73,8 +77,8 @@ msgstr "" msgid "Error" msgstr "" -#: sources/views/layout.html.php:54 sources/views/settings.html.php:125 -#: sources/views/settings.html.php:165 +#: sources/views/layout.html.php:54 sources/views/settings.html.php:117 +#: sources/views/settings.html.php:157 msgid "Notice" msgstr "" @@ -149,107 +153,115 @@ msgstr "" msgid "TCP" msgstr "" +#: sources/views/settings.html.php:92 +msgid "Delegated prefix (IPv6)" +msgstr "" + #: sources/views/settings.html.php:94 -msgid "Edit the raw configuration only if you know what you do!" -msgstr "" - -#: sources/views/settings.html.php:94 sources/views/settings.html.php:99 -msgid "Advanced" -msgstr "" - -#: sources/views/settings.html.php:109 -msgid "IPv6" -msgstr "" - -#: sources/views/settings.html.php:114 -msgid "Delegated prefix" -msgstr "" - -#: sources/views/settings.html.php:116 msgid "" "Leave empty if your Internet Service Provider does not give you a delegated " "prefix" msgstr "" -#: sources/views/settings.html.php:125 +#: sources/views/settings.html.php:101 +msgid "Edit the raw configuration only if you know what you do!" +msgstr "" + +#: sources/views/settings.html.php:101 sources/views/settings.html.php:106 +msgid "Advanced" +msgstr "" + +#: sources/views/settings.html.php:117 msgid "" "You need to upload a Client Certificate, or define a Username (or both) for " "starting your VPN Client." msgstr "" -#: sources/views/settings.html.php:131 -msgid "Certificates" +#: sources/views/settings.html.php:123 +msgid "Authentication" msgstr "" -#: sources/views/settings.html.php:136 +#: sources/views/settings.html.php:128 msgid "Update Client Cert." msgstr "" -#: sources/views/settings.html.php:136 +#: sources/views/settings.html.php:128 msgid "Upload Client Cert." msgstr "" -#: sources/views/settings.html.php:139 sources/views/settings.html.php:152 +#: sources/views/settings.html.php:131 sources/views/settings.html.php:144 msgid "Delete this certificate" msgstr "" -#: sources/views/settings.html.php:144 sources/views/settings.html.php:157 -#: sources/views/settings.html.php:177 +#: sources/views/settings.html.php:136 sources/views/settings.html.php:149 +#: sources/views/settings.html.php:169 msgid "Browse" msgstr "" -#: sources/views/settings.html.php:149 +#: sources/views/settings.html.php:141 msgid "Update Client Key" msgstr "" -#: sources/views/settings.html.php:149 +#: sources/views/settings.html.php:141 msgid "Upload Client Key" msgstr "" -#: sources/views/settings.html.php:155 +#: sources/views/settings.html.php:147 msgid "Make sure your browser is able to read the key file before uploading" msgstr "" -#: sources/views/settings.html.php:157 +#: sources/views/settings.html.php:149 msgid "make sure your browser is able to read the key file before uploading" msgstr "" -#: sources/views/settings.html.php:165 +#: sources/views/settings.html.php:157 msgid "You need to upload a Server CA for starting your VPN Client." msgstr "" -#: sources/views/settings.html.php:169 +#: sources/views/settings.html.php:161 msgid "Update Server CA" msgstr "" -#: sources/views/settings.html.php:169 +#: sources/views/settings.html.php:161 msgid "Upload Server CA" msgstr "" -#: sources/views/settings.html.php:172 +#: sources/views/settings.html.php:164 msgid "You cannot have no server CA" msgstr "" -#: sources/views/settings.html.php:185 -msgid "Login" -msgstr "" - -#: sources/views/settings.html.php:190 +#: sources/views/settings.html.php:174 msgid "Username" msgstr "" -#: sources/views/settings.html.php:192 sources/views/settings.html.php:199 +#: sources/views/settings.html.php:176 sources/views/settings.html.php:183 msgid "Leave empty if not necessary" msgstr "" -#: sources/views/settings.html.php:197 +#: sources/views/settings.html.php:181 msgid "Password" msgstr "" -#: sources/views/settings.html.php:207 +#: sources/views/settings.html.php:191 +msgid "DNS" +msgstr "" + +#: sources/views/settings.html.php:196 +msgid "First resolver" +msgstr "" + +#: sources/views/settings.html.php:198 sources/views/settings.html.php:205 +msgid "IPv6 or IPv4" +msgstr "" + +#: sources/views/settings.html.php:203 +msgid "Second resolver" +msgstr "" + +#: sources/views/settings.html.php:213 msgid "Reloading may take a few minutes. Be patient." msgstr "" -#: sources/views/settings.html.php:207 +#: sources/views/settings.html.php:213 msgid "Save and reload" msgstr "" diff --git a/sources/views/settings.html.php b/sources/views/settings.html.php index 315d8e7..120ee78 100644 --- a/sources/views/settings.html.php +++ b/sources/views/settings.html.php @@ -88,6 +88,13 @@ +
+ +
+ +
+
+
@@ -104,21 +111,6 @@
-
> -
-

-
- -
-
- -
- -
-
-
-
-
style="margin: 2px 0px 17px" role="alert"> @@ -128,7 +120,7 @@
>
-

+

@@ -177,15 +169,7 @@
-
- -
> -
-

-
- -
@@ -202,6 +186,28 @@
+
> +
+

+
+ +
+
+ +
+ +
+
+ +
+ +
+ +
+
+
+
+
Loading...