[ previous ] [ next ] [ threads ]
 From:  "Youri Kersloot" <YKersloot at CrossingChannels dot com>
 To:  "Peter Allgeyer" <allgeyer at web dot de>
 Cc:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] OpenVPN on beta10:missingroutingoptionandsomebugs?
 Date:  Wed, 21 Sep 2005 13:57:52 +0200

The setup looks pretty the same as I already had in mind and I (and the
collegue) would really like to give it a try. Personally I would like to
split the expert OpenVPN-project up into three pilots.

1) enable expert mode for server OpenVPN using one textarea (and
checkbox to enable it) on the vpn_openvpn_srv_edit.php page for global
expert settings
2) enable expert mode for client OpenVPN on the same way as in pilot 1
3) enable user expert mode. This is the tricky on for the GUI. It should
be an interface like the "add rules" screen with a name of the client
and another textarea for the expert options

On the short term option 1 would be realisable. Followed by option 2 and
perhaps option 3. It all can be stored into the same Config.xml as it's
used already.

How can we look a little bit further for the solution??


-----Original Message-----
From: Peter Allgeyer [mailto:allgeyer at web dot de] 
Sent: woensdag 21 september 2005 12:52
To: Youri Kersloot
Cc: m0n0wall dash dev at lists dot m0n0 dot ch
Subject: RE: [m0n0wall-dev] OpenVPN on

Hi Youri!

Since it's interesting for other peoples, too, I post this to the
developers list, too.

Am Mittwoch, den 21.09.2005, 12:19 +0200 schrieb Youri Kersloot:
> Peter,
> Now we're talking. I have medium PHP skills but a collega of mine is 
> much better in PHP. He agreed to assist if it won't cost him to much 
> of his time (like a week fulltime to implement the expert mode).
> I think with some guidelines from your side what's possible and your 
> point of view how to do (and more important what dont't) the expert 
> mode.
As I said earlier, I'm planning to move the openvpn parameters to an own
file under /var/etc or even /var/etc/openvpn. At the moment the openvpn
daemon is called by /etc/inc/openvpn.inc with a long list of parameters.
It's relativly easy to export these parameters to an own file just like
the mpd daemon does.

Little example, idea from interfaces.inc:

  /* generate ovpn.conf */
  $fd = fopen("{$g['varetc_path']}/ovpn_srv_tun{$i}.conf", "w");

  $ovpnconf = <<<EOD
user nobody
group nobody
keepalive 10 60
status /var/log/openvpn_{$if}{$i}.log 60 writepid
/var/run/ovpn_srv_{$if}{$i}.pid ca /var/db/ovpn_ca_cert_{$if}{$i}.pem
cert /var/db/ovpn_srv_cert_{$if}{$i}.pem
key /var/db/ovpn_srv_key_{$if}{$i}.pem
dh /var/db/ovpn_dh_{$if}{$i}.pem
verb {$bverb}
dev {$if}
port {$port}
max-clients {$maxcli}
server {$server}{$prefix}
cipher {$cipher}


  fwrite($fd, $ovpnconf);

This is the prework. Afterwards, just write a php page called
vpn_openvpn_expert.php which can be called from vpn_openvpn_srv_edit.php
or vpn_openvpn_cli_edit.php. Another possibility would be to have a
button to enable expert mode and a <textarea> in
vpn_openvpn_{srv,cli}_edit.php where you can add your own openvpn
parameters. Push the parameters into an array and add them to config.xml



		<expert>nice 10/expert>

Keep in mind that there shoul probably an option to have extra
directories for each client configuration for multi-client server

Expert parameters aren't parsed nor supported by m0n0wall.

Ciao ...
	... PIT ...

 copyleft(c) by |   _-_     Computers are not intelligent. They only
 Peter Allgeyer | 0(o_o)0   think they are.