Attachment #21259 for bug #55846

View | Details | Raw Unified | Return to bug 55846
Collapse All | Expand All

Lines 24-29 CACHEDIR="/var/cache/alterator/openvpn-server" Link Here

(-)a/backend3/openvpn-server (-8 / +24 lines)
24	CCDDIR="$CHROOTDIR/$CONFDIR/ccd"	24	CCDDIR="$CHROOTDIR/$CONFDIR/ccd"
25	IFACESDIR="$ETCNET_IFACESDIR"	25	IFACESDIR="$ETCNET_IFACESDIR"
26	SERVER_NETWORKS_TMP="$CACHEDIR/server_networks.tmp"	26	SERVER_NETWORKS_TMP="$CACHEDIR/server_networks.tmp"
		27	CIPHERS_TMP="$CACHEDIR/ciphers.tmp"
27	OPENSSL="${OPENSSL:-openssl}"	28	OPENSSL="${OPENSSL:-openssl}"
28		29
29	# Alternative openvpn patched for GOST support.	30	# Alternative openvpn patched for GOST support.
Lines 356-361 list_bridges() Link Here
356	done	357	done
357	}	358	}
358		359
		360	list_selected_ciphers()
		361	{
		362	for cipher in $(cat "$CIPHERS_TMP"); do
		363	write_enum_item "$cipher"
		364	done
		365	}
		366
359	### read client config	367	### read client config
360	read_client_ns_info()	368	read_client_ns_info()
361	{	369	{
Lines 450-456 read_server_config() Link Here
450	write_string_param bridge "$(get_bridge "$dev")"	458	write_string_param bridge "$(get_bridge "$dev")"
451	fi	459	fi
452		460
453	write_string_param ciphers "$(get_config_val "$dev" 'cipher')"	461	[ -d "$CACHEDIR" ] \|\| mkdir "$CACHEDIR"
		462	[ ! -f "$CIPHERS_TMP" ] && get_config_val "$dev" 'data-ciphers' \| tr ':' '\n' > "$CIPHERS_TMP"
454	write_string_param tls_ciphers "$(get_config_val "$dev" 'tls-cipher')"	463	write_string_param tls_ciphers "$(get_config_val "$dev" 'tls-cipher')"
455	write_string_param digests "$(get_config_val "$dev" 'auth')"	464	write_string_param digests "$(get_config_val "$dev" 'auth')"
456	else	465	else
Lines 782-788 status openvpn-status.log Link Here
782	verb 3	791	verb 3
783	SERVER_CONF_TEMPLATE	792	SERVER_CONF_TEMPLATE
784		793
785	[ -n "$in_ciphers" ] && echo "cipher $in_ciphers" >> $CACHEDIR/$dev/$OVPNCONFIG	794	[ -f "$CIPHERS_TMP" ] && echo "data-ciphers $(paste -sd: $CIPHERS_TMP)" >> $CACHEDIR/$dev/$OVPNCONFIG
786	[ -n "$in_tls_ciphers" ] && echo "tls-cipher $in_tls_ciphers" >> $CACHEDIR/$dev/$OVPNCONFIG	795	[ -n "$in_tls_ciphers" ] && echo "tls-cipher $in_tls_ciphers" >> $CACHEDIR/$dev/$OVPNCONFIG
787	[ -n "$in_digests" ] && echo "auth $in_digests" >> $CACHEDIR/$dev/$OVPNCONFIG	796	[ -n "$in_digests" ] && echo "auth $in_digests" >> $CACHEDIR/$dev/$OVPNCONFIG
788		797
Lines 793-804 SERVER_CONF_TEMPLATE Link Here
793	if [ -f "$CRYPTOCOMDIR/lib/engines/libcryptocom.so" ]; then	802	if [ -f "$CRYPTOCOMDIR/lib/engines/libcryptocom.so" ]; then
794	engine=cryptocom	803	engine=cryptocom
795	fi	804	fi
796	cat >> "$CACHEDIR/$dev/$OVPNCONFIG" <<EOF	805	echo "engine $engine" >> "$CACHEDIR/$dev/$OVPNCONFIG"
797	engine $engine
798	cipher gost89
799	auth gost-mac
800	tls-cipher GOST2001-GOST89-GOST89
801	EOF
802	if [ -x "$GOST_OVPN" ]; then	806	if [ -x "$GOST_OVPN" ]; then
803	shell_config_set "$CACHEDIR/$dev/options" OVPN "$GOST_OVPN"	807	shell_config_set "$CACHEDIR/$dev/options" OVPN "$GOST_OVPN"
804	fi	808	fi
Lines 943-948 on_message() Link Here
943	[ -n "$in_server_net" -a -n "$in_server_netmask" ] &&	947	[ -n "$in_server_net" -a -n "$in_server_netmask" ] &&
944	sed -i "/$in_server_net[[:blank:]]\+$in_server_netmask/d" "$SERVER_NETWORKS_TMP"	948	sed -i "/$in_server_net[[:blank:]]\+$in_server_netmask/d" "$SERVER_NETWORKS_TMP"
945	;;	949	;;
		950	add-cipher)
		951	if [ -n "$in_ciphers" ] && ! grep -Fxq "$in_ciphers" "$CIPHERS_TMP";then
		952	echo "$in_ciphers" >> "$CIPHERS_TMP"
		953	fi
		954	;;
		955	remove-cipher)
		956	if [ -n "$in_selected_ciphers" ]; then
		957	sed -i "/^$in_selected_ciphers\$/d" "$CIPHERS_TMP"
		958	fi
		959	;;
946	client-ns-domain)	960	client-ns-domain)
947	vdev="$(get_cached_vdev)"	961	vdev="$(get_cached_vdev)"
948	if ! check_client_ns "$vdev" "$in_client_name" "$in_client_ns";then	962	if ! check_client_ns "$vdev" "$in_client_name" "$in_client_ns";then
Lines 1003-1008 on_message() Link Here
1003	;;	1017	;;
1004	avail_ciphers) list_ciphers \| write_enum	1018	avail_ciphers) list_ciphers \| write_enum
1005	;;	1019	;;
		1020	selected_ciphers) list_selected_ciphers \| write_enum
		1021	;;
1006	avail_tls_ciphers) list_tls_ciphers \| write_enum	1022	avail_tls_ciphers) list_tls_ciphers \| write_enum
1007	;;	1023	;;
1008	avail_dhparams) list_dhparams \| write_enum	1024	avail_dhparams) list_dhparams \| write_enum

Lines 13-18 Link Here

(-)a/ui/openvpn-server/ajax.scm (-2 / +14 lines)
13	(form-update-visibility "server_netmask" routed)	13	(form-update-visibility "server_netmask" routed)
14	(form-update-visibility "add_network" routed)	14	(form-update-visibility "add_network" routed)
15	(form-update-visibility "remove_network" routed)	15	(form-update-visibility "remove_network" routed)
		16	(form-update-visibility "selected_ciphers" routed)
		17	(form-update-visibility "add_cipher" routed)
16	(form-update-visibility "gateway_vpnaddr" (not routed))	18	(form-update-visibility "gateway_vpnaddr" (not routed))
17	(form-update-visibility "vpnpool_start" (not routed))	19	(form-update-visibility "vpnpool_start" (not routed))
18	(form-update-visibility "vpnpool_end" (not routed))	20	(form-update-visibility "vpnpool_end" (not routed))
Lines 37-42 Link Here
37	(let ((cmd (woo-read-first "/openvpn-server" 'type (form-value "type") 'language (form-value "language"))))	39	(let ((cmd (woo-read-first "/openvpn-server" 'type (form-value "type") 'language (form-value "language"))))
38	(form-update-enum "server_networks" (woo-list "/openvpn-server/avail_server_networks"))	40	(form-update-enum "server_networks" (woo-list "/openvpn-server/avail_server_networks"))
39	(form-update-enum "bridge" (woo-list "/openvpn-server/avail_bridges"))	41	(form-update-enum "bridge" (woo-list "/openvpn-server/avail_bridges"))
		42	(form-update-enum "selected_ciphers" (woo-list "/openvpn-server/selected_ciphers"))
40	(form-update-value-list	43	(form-update-value-list
41	'("enabled" "type" "bridge" "port" "server_net" "server_netmask" "vpnnet" "vpnnetmask"	44	'("enabled" "type" "bridge" "port" "server_net" "server_netmask" "vpnnet" "vpnnetmask"
42	"gateway_vpnaddr" "vpnpool_start" "vpnpool_end" "lzo" "use_tcp" "ciphers" "tls_ciphers" "digests" "dhparams")	45	"gateway_vpnaddr" "vpnpool_start" "vpnpool_end" "lzo" "use_tcp" "ciphers" "tls_ciphers" "digests" "dhparams")
Lines 65-71 Link Here
65	'operation reason	68	'operation reason
66	(form-value-list	69	(form-value-list
67	'("enabled" "type" "bridge" "port" "server_net" "server_netmask" "vpnnet" "vpnnetmask"	70	'("enabled" "type" "bridge" "port" "server_net" "server_netmask" "vpnnet" "vpnnetmask"
68	"gateway_vpnaddr" "vpnpool_start" "vpnpool_end" "lzo" "use_tcp" "language" "ciphers" "tls_ciphers" "digests" "dhparams"))))))	71	"gateway_vpnaddr" "vpnpool_start" "vpnpool_end" "lzo" "use_tcp" "language" "ciphers" "selected_ciphers" "tls_ciphers" "digests" "dhparams"))))))
69		72
70	(define (add-network)	73	(define (add-network)
71	(write-config "add-server-network")	74	(write-config "add-server-network")
Lines 86-91 Link Here
86	'language (form-value "language"))	89	'language (form-value "language"))
87	(read-config)))))	90	(read-config)))))
88		91
		92	(define (add-cipher)
		93	(write-config "add-cipher")
		94	(read-config))
		95
		96	(define (remove-cipher)
		97	(write-config "remove-cipher")
		98	(read-config))
		99
89	(define (apply-config)	100	(define (apply-config)
90	(write-config "apply"))	101	(write-config "apply"))
91		102
Lines 116-125 Link Here
116	(form-bind "type" "change" read-config)	127	(form-bind "type" "change" read-config)
117	(form-bind-upload "upload_button" "click" "ca_cert" on-upload)	128	(form-bind-upload "upload_button" "click" "ca_cert" on-upload)
118	(form-bind "server_networks" "change" (lambda() (update-server-net-values (form-value "server_networks"))))	129	(form-bind "server_networks" "change" (lambda() (update-server-net-values (form-value "server_networks"))))
		130	(form-bind "ciphers" "change" add-cipher)
		131	(form-bind "remove_cipher" "click" remove-cipher)
119	(form-bind "add_network" "click" add-network)	132	(form-bind "add_network" "click" add-network)
120	(form-bind "remove_network" "click" remove-network)	133	(form-bind "remove_network" "click" remove-network)
121	(form-bind "clients_managment" "click" clients-networks-interface)	134	(form-bind "clients_managment" "click" clients-networks-interface)
122	(form-bind "reset" "click" reset-config)	135	(form-bind "reset" "click" reset-config)
123	(form-bind "apply" "click" apply-config)	136	(form-bind "apply" "click" apply-config)
124	(form-bind "certificate" "click" certificate-interface))	137	(form-bind "certificate" "click" certificate-interface))
125

Lines 66-74 Link Here

(-)a/ui/openvpn-server/index.html (-1 / +6 lines)
66	<td><select name="vpnnetmask"></select></td>	66	<td><select name="vpnnetmask"></select></td>
67	</tr>	67	</tr>
68	<tr>	68	<tr>
69	<td><span translate="_" name="ciphers">Cipher:</span></td>	69	<td><span translate="_" name="ciphers">Select ciphers:</span></td>
70	<td><select name="ciphers"></select></td>	70	<td><select name="ciphers"></select></td>
71	</tr>	71	</tr>
		72	<tr>
		73	<td style="vertical-align:top"><span translate="_">Ciphers</span></td>
		74	<td colspan="2"><select name="selected_ciphers" size="4" style="width:240px"></select></td>
		75	<td><input type="button" class="btn" name="remove_cipher" value="Remove"/></td>
		76	</tr>
72	<tr>	77	<tr>
73	<td><span translate="_" name="tls_ciphers">TLS Cipher:</span></td>	78	<td><span translate="_" name="tls_ciphers">TLS Cipher:</span></td>
74	<td><select name="tls_ciphers"></select></td>	79	<td><select name="tls_ciphers"></select></td>

Return to bug 55846