[ previous ] [ next ] [ threads ]
 
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  Youri Kersloot <YKersloot at CrossingChannels dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall-dev] OpenVPN on beta10: missingroutingoptionandsomebugs?
 Date:  Wed, 21 Sep 2005 12:51:44 +0200
Hi Youri!

Since it's interesting for other peoples, too, I post this to the
developers list, too.

Am Mittwoch, den 21.09.2005, 12:19 +0200 schrieb Youri Kersloot:
> Peter,
> 
> Now we're talking. I have medium PHP skills but a collega of mine is
> much better in PHP. He agreed to assist if it won't cost him to much of
> his time (like a week fulltime to implement the expert mode).
> 
> I think with some guidelines from your side what's possible and your
> point of view how to do (and more important what dont't) the expert
> mode.
As I said earlier, I'm planning to move the openvpn parameters to an own
file under /var/etc or even /var/etc/openvpn. At the moment the openvpn
daemon is called by /etc/inc/openvpn.inc with a long list of parameters.
It's relativly easy to export these parameters to an own file just like
the mpd daemon does.

Little example, idea from interfaces.inc:

  /* generate ovpn.conf */
  $fd = fopen("{$g['varetc_path']}/ovpn_srv_tun{$i}.conf", "w");

  $ovpnconf = <<<EOD
daemon
user nobody
group nobody
persist-tun
persist-key
keepalive 10 60
status /var/log/openvpn_{$if}{$i}.log 60
writepid /var/run/ovpn_srv_{$if}{$i}.pid
ca /var/db/ovpn_ca_cert_{$if}{$i}.pem
cert /var/db/ovpn_srv_cert_{$if}{$i}.pem
key /var/db/ovpn_srv_key_{$if}{$i}.pem
dh /var/db/ovpn_dh_{$if}{$i}.pem
verb {$bverb}
dev {$if}
port {$port}
max-clients {$maxcli}
server {$server}{$prefix}
cipher {$cipher}
{$duplicate-cn}
{$push_options}
{$expert_options}

EOD;

  fwrite($fd, $ovpnconf);
  fclose($fd);

This is the prework. Afterwards, just write a php page called
vpn_openvpn_expert.php which can be called from vpn_openvpn_srv_edit.php
or vpn_openvpn_cli_edit.php. Another possibility would be to have a
button to enable expert mode and a <textarea> in
vpn_openvpn_{srv,cli}_edit.php where you can add your own openvpn
parameters. Push the parameters into an array and add them to config.xml
like:

<ovpn>
        <server>
            <tunnel>
                <tun_iface>tun0</tun_iface>
                <bind_iface>all</bind_iface>
                <port>1194</port>
                <proto>udp</proto>

                [...]

                <expert>push 10.0.8.0 255.255.255.248</expert>
		<expert>push 10.0.12.0 255.255.255.255</expert>
		<expert>nice 10/expert>
		<expert>fast-io</expert>
            </tunnel>
        </server>
</ovpn>

Keep in mind that there shoul probably an option to have extra
directories for each client configuration for multi-client server
capability. 

Expert parameters aren't parsed nor supported by m0n0wall.

Ciao ...
	... PIT ...


---------------------------------------------------------------------------
 copyleft(c) by |   _-_     Computers are not intelligent. They only
 Peter Allgeyer | 0(o_o)0   think they are.
---------------oOO--(_)--OOo-----------------------------------------------