--- /dev/null
+#!/bin/sh
+
+case "$(nvram get openvpn_cli)" in
+ on|enabled|1)
+ continue
+ ;;
+ off|disabled|0)
+ exit 0
+ ;;
+esac
+
+case "$1" in
+ start)
+ SERVER=$(nvram get openvpn_cli_server)
+ PROTO=$(nvram get openvpn_cli_proto)
+ PORT=$(nvram get openvpn_cli_port)
+
+ [ "$SERVER" ] || {
+ logger "$0: remote server not configured!"
+ exit
+ }
+ case "$(nvram get openvpn_cli_auth)" in
+ cert)
+ AUTH_OPTION="--pkcs12"
+ AUTH_FILE="/etc/openvpn/certificate.p12"
+ ;;
+ psk)
+ AUTH_OPTION="--secret"
+ AUTH_FILE="/etc/openvpn/shared.key"
+ ;;
+ *)
+ logger "$0: unknown authentication type, aborting!"
+ exit
+ ;;
+ esac
+ [ -f "$AUTH_FILE" ] || {
+ logger "$0: no certificat/keyfile found!"
+ exit
+ }
+ openvpn --client \
+ --proto "${PROTO:-udp}" \
+ --port "${PORT:-1194}" \
+ --remote "$SERVER" \
+ --dev tun \
+ --nobind \
+ $AUTH_OPTION "$AUTH_FILE" \
+ --comp-lzo \
+ --daemon \
+ --status /tmp/openvpn-status.log \
+ --verb 3
+ ;;
+ restart)
+ $0 stop
+ sleep 3
+ $0 start
+ ;;
+ reload)
+ killall -SIGHUP openvpn
+ ;;
+ stop)
+ killall openvpn
+ ;;
+esac
--- /dev/null
+#!/usr/bin/webif-page
+<?
+. /usr/lib/webif/webif.sh
+
+header "Status" "OpenVPN" "@TR<<OpenVPN Status>>"
+
+equal "$(nvram get openvpn_cli)" "1" && {
+
+ case "$FORM_action" in
+ start)
+ ps | grep -q '[o]penvpn --client' || {
+ echo -n "Starting OpenVPN ..."
+ /etc/init.d/S50openvpn start
+ echo " done."
+ }
+ ;;
+ stop)
+ ps | grep -q '[o]penvpn --client' && {
+ echo -n "Stopping OpenVPN ..."
+ /etc/init.d/S50openvpn stop
+ echo " done."
+ }
+ ;;
+ esac
+
+ case "$(nvram get openvpn_cli_auth)" in
+ cert)
+ [ -f "/etc/openvpn/certificate.p12" ] ||
+ ERROR="Error, certificate is missing!"
+ ;;
+ psk)
+ [ -f "/etc/openvpn/shared.key" ] ||
+ ERROR="Error, keyfile is missing!"
+ ;;
+ *)
+ ERROR="error in OpenVPN configuration, unknown authtype"
+ ;;
+ esac
+
+ empty "$ERROR" && {
+ DEVICES=$(egrep "(tun|tap)" /proc/net/dev | cut -d: -f1 | tr -d ' ')
+ empty "$DEVICES" && {
+ echo "no active tunnel found"
+ } || {
+ echo "found the following active tunnel:"
+ echo "<pre>"
+ for DEV in $DEVICES;do
+ ifconfig $DEV
+ done
+ echo "</pre>"
+ }
+ echo "<br/>"
+
+ ps | grep -q '[o]penvpn --client' && {
+ echo 'OpenVPN process is running <a href="?action=stop">[stop now]</a>'
+ } || {
+ echo 'OpenVPN is not running <a href="?action=start">[start now]</a>'
+ }
+ } || {
+ echo "$ERROR"
+ }
+} || {
+ echo "OpenVPN is disabled"
+}
+
+footer ?>
+<!--
+##WEBIF:name:Status:2:OpenVPN
+-->
--- /dev/null
+#!/usr/bin/webif-page "-U /tmp -u 4096"
+<?
+# add haserl args in double quotes it has very ugly
+# command line parsing code!
+
+. /usr/lib/webif/webif.sh
+load_settings "openvpn"
+
+if empty "$FORM_submit"; then
+ [ -f /etc/openvpn/certificate.p12 ] ||
+ NOCERT=1
+ [ -f /etc/openvpn/shared.key ] ||
+ NOPSK=1
+ FORM_openvpn_cli=${openvpn_cli:-$(nvram get openvpn_cli)}
+ FORM_openvpn_cli_server=${openvpn_cli_server:-$(nvram get openvpn_cli_server)}
+ FORM_openvpn_cli_proto=${openvpn_cli_proto:-$(nvram get openvpn_cli_proto)}
+ FORM_openvpn_cli_port=${openvpn_cli_port:-$(nvram get openvpn_cli_port)}
+ FORM_openvpn_cli_port=${FORM_openvpn_cli_port:-1194}
+ FORM_openvpn_cli_auth=${openvpn_cli_auth:-$(nvram get openvpn_cli_auth)}
+ FORM_openvpn_cli_auth=${FORM_openvpn_cli_auth:-cert)}
+ FORM_openvpn_cli_psk=${openvpn_cli_psk:-$(nvram get openvpn_cli_psk)}
+else
+ [ -d /etc/openvpn ] || mkdir /etc/openvpn
+ [ -f "$FORM_openvpn_pkcs12file" ] && {
+ cp "$FORM_openvpn_pkcs12file" /etc/openvpn/certificate.p12 &&
+ UPLOAD_CERT=1
+ }
+ [ -f "$FORM_openvpn_pskfile" ] && {
+ cp "$FORM_openvpn_pskfile" /etc/openvpn/shared.key &&
+ UPLOAD_PSK=1
+ }
+ save_setting openvpn openvpn_cli $FORM_openvpn_cli
+ save_setting openvpn openvpn_cli_server $FORM_openvpn_cli_server
+ save_setting openvpn openvpn_cli_proto $FORM_openvpn_cli_proto
+ save_setting openvpn openvpn_cli_port $FORM_openvpn_cli_port
+ save_setting openvpn openvpn_cli_auth $FORM_openvpn_cli_auth
+ save_setting openvpn openvpn_cli_psk $FORM_openvpn_cli_psk
+fi
+
+header "VPN" "OpenVPN" "@TR<<OpenVPN>>" ' onLoad="modechange()" ' "$SCRIPT_NAME"
+
+cat <<EOF
+<script type="text/javascript" src="/webif.js "></script>
+<script type="text/javascript">
+<!--
+function modechange()
+{
+ var v;
+ v = isset('openvpn_cli', '1');
+ set_visible('connection_settings', v);
+ set_visible('authentication', v);
+
+ v = isset('openvpn_cli_auth', 'psk');
+ set_visible('psk_status', v);
+ set_visible('psk', v);
+
+ v = isset('openvpn_cli_auth', 'cert');
+ set_visible('certificate_status', v);
+ set_visible('certificate', v);
+
+ hide('save');
+ show('save');
+}
+-->
+</script>
+EOF
+
+display_form <<EOF
+onchange|modechange
+start_form|@TR<<OpenVPN>>
+field|@TR<<Start VPN Connection>>
+select|openvpn_cli|$FORM_openvpn_cli
+option|0|@TR<<Disabled>>
+option|1|@TR<<Enabled>>
+onchange|
+end_form
+
+start_form|@TR<<Connection Settings>>|connection_settings|hidden
+field|@TR<<Server Address>>
+text|openvpn_cli_server|$FORM_openvpn_cli_server
+field|@TR<<Protocol>>
+select|openvpn_cli_proto|$FORM_openvpn_cli_proto
+option|udp|UDP
+option|tcp|TCP
+field|@TR<<Server Port (default: 1194)>>
+text|openvpn_cli_port|$FORM_openvpn_cli_port
+field|@TR<<Authentication Method>>
+onchange|modechange
+select|openvpn_cli_auth|$FORM_openvpn_cli_auth
+option|psk|@TR<<Preshared Key>>
+option|cert|@TR<<Certificate (PKCS12)>>
+onchange|
+end_form
+
+start_form|@TR<<Authentication>>|authentication|hidden
+field|@TR<<Preshared Key Status>>|psk_status|hidden
+$(empty "$NOPSK" || echo 'string|<span style="color:red">@TR<<No Keyfile uploaded yet!>></span>')
+$(empty "$UPLOAD_PSK" || echo 'string|<span style="color:green">@TR<<Upload Successful>><br/></span>')
+$(empty "$NOPSK" && echo 'string|@TR<<Found Installed Keyfile>>')
+field|@TR<<Upload Preshared Key>>|psk|hidden
+upload|openvpn_pskfile
+
+field|@TR<<Certificate Status>>|certificate_status|hidden
+$(empty "$NOCERT" || echo 'string|<span style="color:red">@TR<<No Certificate uploaded yet!>></span>')
+$(empty "$UPLOAD_CERT" || echo 'string|<span style="color:green">@TR<<Upload Successful>><br/></span>')
+$(empty "$NOCERT" && echo 'string|@TR<<Found Installed Certificate.>>')
+field|@TR<<Upload PKCS12 Certificate>>|certificate|hidden
+upload|openvpn_pkcs12file
+end_form
+
+EOF
+
+footer
+?>
+<!--
+##WEBIF:name:Network:10:OpenVPN
+-->
projects / openwrt / svn-archive / openwrt.git / commitdiff