Sisyphus repository
Last update: 1 october 2023 | SRPMs: 18631 | Visits: 37819228
en ru br
ALT Linux repos
S:0.8.15-alt1
5.0: 0.2.1-alt2

Group :: System/Configuration/Other
RPM: alterator-net-openvpn

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs and FR  Repocop 

alterator-net-openvpn-0.8.9/000075500000000000000000000000001206511407400157725ustar00rootroot00000000000000alterator-net-openvpn-0.8.9/Makefile000064400000000000000000000001771206511407400174370ustar00rootroot00000000000000NAME=net-openvpn
INSTALL=/usr/bin/install

all:
clean:
install: install-module

include /usr/share/alterator/build/module.mak

alterator-net-openvpn-0.8.9/applications/000075500000000000000000000000001206511407400204605ustar00rootroot00000000000000alterator-net-openvpn-0.8.9/applications/net-openvpn.desktop000064400000000000000000000004231206511407400243230ustar00rootroot00000000000000[Desktop Entry]
Type=Application
Categories=X-Alterator-Network
Icon=openvpn
Terminal=false
Name=OpenVPN-connections
X-Alterator-URI=/net-openvpn
X-Alterator-Weight=30
X-Alterator-Help=net-openvpn
Name[ru]=OpenVPN-соединения
Name[uk]=OpenVPN-підключення
alterator-net-openvpn-0.8.9/backend3/000075500000000000000000000000001206511407400174445ustar00rootroot00000000000000alterator-net-openvpn-0.8.9/backend3/net-openvpn000075500000000000000000000230651206511407400216510ustar00rootroot00000000000000#!/bin/sh

po_domain="alterator-net-openvpn"
alterator_api_version=1

. alterator-sh-functions
. shell-config
. shell-ip-address
. cert-sh-functions
. alterator-net-functions

CHROOTDIR="/var/lib/openvpn"
CONFDIR="/etc/openvpn"
KEYSDIR="${SSL_KEYDIR:-$CONFDIR/keys}"
CERTSDIR="${SSL_CERTDIR:-$CONFDIR/keys}"
CSRDIR="${SSL_CSRDIR:-$CONFDIR/keys}"
IFACEDIR="/etc/net/ifaces"
OVPNCONFIG="ovpnoptions"
DEFAULT_CA="$SSL_CERTDIR/ca-root.pem"
OPENSSL="${OPENSSL:-openssl}"

# Alternative openvpn patched for GOST support.
# Dunno if current openvpn can work with GOST
# without modification, need test.
GOST_OVPN=/usr/sbin/openvpn-cryptocom
CRYPTOCOMDIR=/opt/cryptopack2

### common helpers
get_dev_type()
{
	case "$1" in
		tun*) echo 'tun'
		;;
		tap*) echo 'tap'
		;;
	esac
}

is_cert()
{
    $OPENSSL x509 -noout -in "$1" 2>/dev/null
}

is_gost()
{
    [ -n "$1" -a -n "$2" ] || return
    $OPENSSL "$1" -noout -text -in "$2" | egrep -qs 'Public Key Algorithm:[[:blank:]]+GOST'
}

### lists
_list_keys()
{
	local keysdir="$1"
	local certsdir="$2"
	[ -n "$keysdir" -a -n "$certsdir" ] || return
	for i in `ls $keysdir | grep \.key$`; do
		local name="$(echo "$i" | sed 's/\.key$//')"
		[ "$name" != 'ca' ] &&
		[ -r "$certsdir/$name.cert" ] &&
		echo "$name" 2>/dev/null
	done
}

list_keys()
{
	_list_keys "$KEYSDIR" "$CERTSDIR"
	_list_keys "$CONFDIR/keys" "$CONFDIR/keys"
}

list_reqs()
{
	find "$CSRDIR" -type f \( -name '*.csr' -and -not -name 'openvpn-client.csr' \) | sort | sed 's;^.*/\(.\+\)\..*$;\1;'
}

list_states()
{
	write_enum_item "ignore" "`_ "don't change"`"
	write_enum_item "start" "`_ "start"`"
	write_enum_item "stop" "`_ "stop"`"
}

list_vdev()
{
	for i in `find $IFACEDIR -type d \( -name 'tap*' -or -name 'tun*' \) | sort`
	do
		[ -f $i/options ] &&
		grep -qs '^TYPE=ovpn' $i/options &&
		grep -qs '^client$' $i/$OVPNCONFIG &&
		echo "${i##*/}" 2>/dev/null
	done
}

### network configuration helpers
get_ip()
{
	if valid_ipv4 "$1";then
		echo "$1"
	else
		local ip=
		if type resolve >/dev/null 2>&1; then
			ip="$(resolve -s -t 15 "$1" 2>/dev/null)"
		elif type dig >/dev/null 2>&1; then
			ip="$(dig +short "$1" 2>/dev/null | head -1)"
		fi
		valid_ipv4 "$ip" && echo "$ip"
	fi
}

### read config
get_config_val()
{
	local dev="$1";shift
	local name="$1";shift
	shell_config_get "$IFACEDIR/$dev/$OVPNCONFIG" "$name" ' ' | sed 's/^[[:space:]]*//;s/[[:space:]]*#.*$//'
}

read_client_config()
{
	local dev="$1";shift
	local remote=
	local tmp=
	local ovpn_pidfile="/var/run/openvpn-iface-$dev.pid"

	if [ -n "$NEW_DEV" ];then
		dev="$NEW_DEV"
		unset NEW_DEV
	fi
	[ -n "$dev" -a -d "$IFACEDIR/$dev" ] || dev="$(list_vdev | head -n1)"

	if [ -n "$dev" -a -f "$IFACEDIR/$dev/$OVPNCONFIG" ];then
		write_string_param connections "$dev"
		if [ -s "$ovpn_pidfile" ] && kill -0 "$(cat "$ovpn_pidfile")" 2>/dev/null;then
			write_string_param info "`_ "enabled"`"
		else
			write_string_param info "`_ "disabled"`"
		fi
		remote="$(get_config_val "$dev" remote)"
		write_string_param server "$(echo "$remote" | cut -s -f1 -d' ')"
		tmp="$(echo "$remote" | cut -f2 -d' ')"
		write_string_param port "${tmp:-1194}"
		write_string_param keys "$(get_config_val "$dev" key | sed -r -n 's/^.*\/(.*)\.key$/\1/p')"
		write_bool_param onboot "$(shell_config_get "$IFACEDIR/$dev/options" 'ONBOOT')"
		if grep -qs '^comp-lzo' "$IFACEDIR/$dev/$OVPNCONFIG";then
			write_bool_param lzo true
		else
			write_bool_param lzo false
		fi
		if get_config_val "$dev" proto | grep -qs '^tcp';then
			write_bool_param use_tcp true
		else
			write_bool_param use_tcp false
		fi
		if grep -qs '^redirect-gateway' "$IFACEDIR/$dev/$OVPNCONFIG";then
			write_bool_param def_via_vpn true
		else
			write_bool_param def_via_vpn false
		fi
	fi
}

### write config
make_up_down_scripts()
{
	local dev="$1";shift
	local ifup_post="$IFACEDIR/$dev/ifup-post"
	local ifdown_post="$IFACEDIR/$dev/ifdown-post"
	local server_ip=
	[ -n "$dev" ] || return

	if [ ! -f "$ifup_post" ];then
		cat > "$ifup_post" <<IFUP_POST
#!/bin/sh
dev="\$1"

[ -n "\$dev" ] &&
set | sed -n "s/^foreign_option_[[:digit:]]\+='.*DNS[[:space:]]\+\([[:alnum:].]\+\)'/nameserver \1/; T next; p;
:next; s/^foreign_option_[[:digit:]]\+='.*DOMAIN[[:space:]]\+\([[:alnum:].[:space:]]\+\)'/search \1/; T; p;" |
/sbin/resolvconf -a "\$dev"
IFUP_POST
		chmod +x "$ifup_post"
	fi

	[ -n "$in_def_via_vpn" ] && test_bool "$in_def_via_vpn" && server_ip="$(get_ip "$in_server")"

	if [ ! -f "$ifdown_post" ];then
		cat > "$ifdown_post" <<IFDOWN_POST
#!/bin/sh
dev="\$1"

/sbin/resolvconf -fd "\$dev"
IFDOWN_POST

		chmod +x "$ifdown_post"
	fi

	if [ -n "$server_ip" ];then
		sed -i '/ip route del/d' "$ifdown_post"
		echo "ip route del $server_ip/32" >>"$ifdown_post"
	fi
}

make_iface_options()
{
	local options="$1/options";shift

	cat > "$options" <<OPTIONS_TEMPLATE
ONBOOT=no
TYPE=ovpn
BOOTPROTO=static
OPTIONS_TEMPLATE
}

make_client_conf()
{
	local dev="$1";shift
	local ca="$DEFAULT_CA"
	local cert=
	local key=
	local proto='udp'
	if [ -z "$dev" ];then
		dev="$(next_iface "$in_dev_type")"
		NEW_DEV="$dev"
	fi
	[ -d "$IFACEDIR/$dev" ] || { mkdir "$IFACEDIR/$dev" || return 1; }
	[ ! -f "$IFACEDIR/$dev/options" ] && { make_iface_options "$IFACEDIR/$dev" || return 1; }

	[ -s "$IFACEDIR/$dev/ovpnca" ] && ca="$IFACEDIR/$dev/ovpnca"

	if [ -n "$in_keys" ];then
		cert="$CERTSDIR/$in_keys.cert"
		key="$KEYSDIR/$in_keys.key"

		if [ ! -f "$key" -o ! -f "$cert" ];then
			key="$CONFDIR/keys/$in_keys.key"
			cert="$CONFDIR/keys/$in_keys.cert"
		fi
	fi

	test_bool "$in_use_tcp" && proto='tcp-client'

        cat > "$IFACEDIR/$dev/$OVPNCONFIG" <<CLIENT_CONF_TEMPLATE
client
dev-type $(get_dev_type $dev)
proto $proto
remote $in_server $in_port
resolv-retry infinite
nobind
user openvpn
group openvpn
persist-key
persist-tun
ca   $ca
cert $cert
key  $key
script-security 2
verb 3
CLIENT_CONF_TEMPLATE

	if test_bool "$in_lzo";then
		echo 'comp-lzo' >>"$IFACEDIR/$dev/$OVPNCONFIG"
	fi

    if is_gost x509 "$cert"; then
        local engine=gost
        if [ -f "$CRYPTOCOMDIR/lib/engines/libcryptocom.so" ]; then
            engine=cryptocom
        fi

        cat >> "$IFACEDIR/$dev/$OVPNCONFIG" <<EOF
engine $engine
cipher gost89
auth gost-mac
tls-cipher GOST2001-GOST89-GOST89
EOF
		if [ -x "$GOST_OVPN" ]; then
	        shell_config_set "$IFACEDIR/$dev/options" OVPN "$GOST_OVPN"
		fi
    else
        shell_config_del "$IFACEDIR/$dev/options" OVPN
    fi

	if [ -n "$in_def_via_vpn" ] && test_bool "$in_def_via_vpn";then
		echo 'redirect-gateway def1' >>"$IFACEDIR/$dev/$OVPNCONFIG"
	fi
    
	make_up_down_scripts "$dev"
}

check_cert()
{
    local dev="$1";shift
    local ca="$(get_config_val "$dev" ca)"
    local cert="$(get_config_val "$dev" cert)"
    local ossl="$OPENSSL"

    if [ ! -r "$ca" ]; then
        write_error "`_ "Unable to read"` $ca"
        return 1
    fi
    if [ ! -r "$cert" ]; then
        write_error "`_ "Unable to read"` $cert"
        return 1
    fi

    if  [ -x $CRYPTOCOMDIR/bin/openssl ] && is_gost x509 "$cert"; then
        ossl=$CRYPTOCOMDIR/bin/openssl
    fi
    local issuer="$($ossl x509 -issuer -noout -in "$cert" | sed 's;^issuer= ;;')"
    local subject="$($ossl x509 -subject -noout -in "$cert" | sed 's;^subject= ;;')"
    if [ "$issuer" = "$subject" ]; then
        write_error "`_ "Self signed certificate"`"
        return 1
    fi

    if ! $ossl verify -CAfile "$ca" "$cert" 2>/dev/null | grep -qs "^$cert: OK"; then
        write_error "`_ "Wrong client certificate or CA certificate"`"
        return 1
    fi

    return 0
}

stop_openvpn()
{
	local dev="$1";shift
	local ovpn_pidfile="/var/run/openvpn-iface-$dev.pid"

	[ -n "$dev" ] || return
	if ip link show "$dev" >/dev/null 2>&1;then
		ifdown "$dev"
	else
		[ -s "$ovpn_pidfile" ] && kill "$(cat "$ovpn_pidfile")"
	fi
}

start_openvpn()
{
	local dev="$1"; shift

	stop_openvpn "$dev"

	make_client_conf "$dev"
    check_cert "$dev" || return

	ifup "$dev" || write_error "`_ "openvpn start failed"`"
}

delete_connection()
{
	local dev="$1"; shift

	if [ -n "$dev" ];then
		stop_openvpn "$dev"
		rm -rf "$IFACEDIR/$dev"
	fi
}

on_message()
{
	case "$in_action" in
		type)
		write_type_item server hostname
		;;
		read)
		case "$in__objects" in
			/)
			read_client_config "$in_dev"
			;;
			*)
			;;
		esac
		;;
		write)
		case "$in__objects" in
			/)
			if [ -n "$in_new" -a -n "$in_dev_type" ];then
				make_client_conf
			elif [ -n "$in_delete" -a -n "$in_dev" ];then
				delete_connection "$in_dev"
			elif [ -n "$in_commit" -a -n "$in_dev" ];then
				if test_bool "$in_onboot";then
					shell_config_set "$IFACEDIR/$in_dev/options" 'ONBOOT' 'yes'
				else
					shell_config_set "$IFACEDIR/$in_dev/options" 'ONBOOT' 'no'
				fi
				case "$in_status" in
					start) start_openvpn "$in_dev"
					;;
					stop) stop_openvpn "$in_dev"
					;;
					ignore) make_client_conf "$in_dev"
					;;
				esac
			fi
			;;
			import-ca)
			if [ -z "$in_dev" -o ! -d "$IFACEDIR/$in_dev" ]; then
				write_error "`_ "Interface does not exist"`"
				return
			fi

			if [ -n "$in_path" ];then
				if [ ! -f "$in_path" ];then
					write_error "`_ "File does not exist"`"
				elif ! is_cert "$in_path"; then
					write_error "`_ "Invalid certificate"`"
				else
					local ovpnca="$IFACEDIR/$in_dev/ovpnca"
					if cp -T "$in_path" "$ovpnca"; then
						[ -s "$IFACEDIR/$in_dev/$OVPNCONFIG" ] &&
							sed -r -i "s;^ca[[:blank:]]+.*;ca   $ovpnca;" \
									"$IFACEDIR/$in_dev/$OVPNCONFIG" ||:
					else
						write_error "`_ "Import CA failed"`"
					fi
				fi
			fi
			;;
		esac
		;;
		list)
		case "${in__objects##*/}" in
			avail_connections) list_vdev | write_enum
			;;
			avail_keys) list_keys | write_enum
			;;
			avail_reqs) list_reqs | write_enum
			;;
			avail_state) list_states
			;;
		esac
		;;
	esac
}

message_loop

alterator-net-openvpn-0.8.9/ui/000075500000000000000000000000001206511407400164075ustar00rootroot00000000000000alterator-net-openvpn-0.8.9/ui/net-openvpn/000075500000000000000000000000001206511407400206605ustar00rootroot00000000000000alterator-net-openvpn-0.8.9/ui/net-openvpn/ajax.scm000064400000000000000000000061151206511407400223120ustar00rootroot00000000000000(define-module (ui net-openvpn ajax)
			   :use-module (alterator ajax)
			   :use-module (alterator woo)
			   :export (init))

(define (ui-update-activity active)
  (form-update-activity "info" active)
  (form-update-activity "status" active)
  (form-update-activity "server" active)
  (form-update-activity "port" active)
  (form-update-activity "keys" active)
  (form-update-activity "onboot" active)
  (form-update-activity "def_via_vpn" active)
  (form-update-activity "lzo" active)
  (form-update-activity "use_tcp" active)
  (form-update-activity "apply" active)
  (form-update-activity "reset" active)
  (form-update-activity "delete" active))

(define (read-connections)
  (let ((connections (woo-list "/net-openvpn/avail_connections")))
    (form-update-enum "connections" connections)
    (ui-update-activity (not (null? connections)))))

(define (update-keys-list)
  (form-update-enum "keys" (woo-list "/net-openvpn/avail_keys")))

(define (read-config)
  (let ((cmd (woo-read-first "/net-openvpn"
                             'dev (form-value "connections") 'language (form-value "language"))))
    (and cmd
         (form-update-value-list
           '("connections" "info" "server" "port" "keys" "onboot" "def_via_vpn" "lzo" "use_tcp")
           cmd))))

(define (init-interface)
  (form-update-visibility "ca_upload_message" #f)
  (form-update-enum "status" (woo-list "/net-openvpn/avail_state" 'language (form-value "language")))
  (update-keys-list)
  (read-connections)
  (read-config)
  (form-update-value "dev_type" "tun"))

(define (write-config)
  (let ((dev (form-value "connections")))
	(and
	  dev
	  (catch/message
		(lambda()
		  (apply woo-write
				 "/net-openvpn"
				 'commit #t
				 'dev dev
				 (form-value-list
				   '("status" "server" "port" "keys" "onboot" "def_via_vpn" "lzo" "use_tcp")))))
	  (read-config))))

(define (new-connection)
  (and
	(catch/message
	  (lambda()
		(woo-write
		  "/net-openvpn"
		  'new #t
		  'dev_type (form-value "dev_type"))))
	(begin
	  (read-connections)
	  (read-config))))

(define (delete-connection)
  (let ((dev (form-value "connections")))
	(and
	  dev
	  (catch/message
		(lambda()
		  (woo-write
			"/net-openvpn"
			'delete #t
			'dev dev)))
	  (begin
		(read-connections)
		(read-config)))))

(define (upload-ca-interface)
  (form-replace "/net-openvpn/ca"))

(define (keys-interface)
  (form-replace "/sslkey"))

(define (on-upload)
  (form-update-visibility "ca_upload_message" #f)
  (call-with-form-file
    "ca_cert"
    (lambda(path)
      (and
        (catch/message
          (lambda() (woo-write "/net-openvpn/import-ca" 'path path 'dev (form-value "connections") 'language (form-value "language"))))
        (form-update-visibility "ca_upload_message" #t)))))

(define (init)
  (init-interface)
  (form-bind-upload "upload_button" "click" "ca_cert" on-upload)
  (form-bind "new_connection" "click" new-connection)
  (form-bind "connections" "change" read-config)
  (form-bind "keys_managament" "click" keys-interface)
  (form-bind "apply" "click" write-config)
  (form-bind "reset" "click" read-config)
  (form-bind "delete" "click" delete-connection))

alterator-net-openvpn-0.8.9/ui/net-openvpn/index.html000064400000000000000000000123561206511407400226640ustar00rootroot00000000000000<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
<!-- OpenVPN client configuration module -->
<html wf="none">
	<body>
		<form method="POST" id="ajax-select">
            <table>
                <tr>
                    <td colspan="2"><strong><span translate="_">New connection:</span></strong></td>
                </tr>
                <tr>
                    <td colspan="2">
                        <table class="form-table">
                            <tr>
                                <td style="text-align:left">
                                    <input type="radio" name="dev_type" value="tun"/>
                                    <span translate="_">Network tunnel (TUN)</span>
                                </td>
                            </tr>
                            <tr>
                                <td style="text-align:left">
                                    <input type="radio" name="dev_type" value="tap"/>
                                    <span translate="_">Virtual Ethernet device (TAP)</span>
                                </td>
                            </tr>
                            <tr>
                                <td colspan="2">&nbsp;</td>
                            </tr>
                            <tr>
                                <td style="text-align:left">
                                    <input type="button" name="new_connection" value="Create connection" class="btn"/>
                                </td>
                            </tr>
                        </table>
                    </td>
                </tr>
                <tr>
                    <td colspan="2"><hr/></td>
                </tr>

				<tr>
					<td>
						<select name="connections"  size="15" style="width:100px"></select>
					</td>
					<td style="width:100%">
						<table class="form-table">
							<tr>
								<td><span translate="_">Status:</span></td>
								<td>
									<span class="alterator-label" name="info"/>
									<select name="status"/>
								</td>
							</tr>
							<tr>
								<td><span translate="_">Server:</span></td>
								<td><input type="text" class="text" name="server"/></td>
							</tr>
							<tr>
								<td><span translate="_">Port:</span></td>
								<td><input type="text" class="text" name="port"/></td>
                            </tr>
							<tr>
								<td><span translate="_">Key:</span></td>
                                <td><select name="keys"></select></td>
                            </tr>
                            <tr>
                                <td>&nbsp;</td>
                                <td>
                                    <input type="button" name="keys_managament" value="Keys managament..." class="btn"/>
                                </td>
                            </tr>
                            <tr>
                                <td>&nbsp;</td>
                            </tr>
							<tr>
								<td>&nbsp;</td>
								<td>
									<input type="checkbox" name="onboot" value="#t"/>
									<span translate="_">Start at boot</span>
								</td>
							</tr>
							<tr>
								<td>&nbsp;</td>
								<td>
									<input type="checkbox" name="def_via_vpn" value="#t"/>
									<span translate="_">Default route via VPN</span>
								</td>
							</tr>
							<tr>
								<td>&nbsp;</td>
								<td>
									<input type="checkbox" name="lzo" value="#t"/>
									<span translate="_">LZO compression</span>
								</td>
							</tr>
							<tr>
								<td>&nbsp;</td>
								<td>
									<input type="checkbox" name="use_tcp" value="#t"/>
									<span translate="_">Use a TCP connection</span>
								</td>
							</tr>
							<tr>
								<td colspan="2">&nbsp;</td>
							</tr>
							<tr>
								<td>&nbsp;</td>
								<td>
                                    <input type="button" name="apply" value="Apply" class="btn"/>
                                    <input type="button" name="reset" value="Reset" class="btn"/>
                                    &nbsp;&nbsp;
                                    <input type="button" name="delete" value="Delete connection" class="btn"/>
								</td>
							</tr>
						</table>
					</td>
					<tr>
						<td colspan="2">&nbsp;</td>
					</tr>
					<tr>
						<td colspan="2"><hr/></td>
					</tr>
                    <tr>
                        <td colspan="2">
                            <span translate="_">Upload CA certificate:</span>
                            <input type="file" name="ca_cert" class="text"/>&nbsp;
                            <input type="button" name="upload_button" value="Upload" class="btn"/>
                        </td>
                    </tr>
                    <tr>
                        <td colspan="2">
                            <div name="ca_upload_message" style="display:none">
                                <span  class="alterator-information-message">
                                    <img src="/design/images/information.gif"/>
                                    <span translate="_">CA certificate successfully uploaded</span>
                                </span>
                            </div>
                        </td>
                    </tr>
                </tr>
			</table>
		</form>
	</body>
</html>
alterator-net-openvpn-0.8.9/ui/net-openvpn/index.scm000064400000000000000000000121141206511407400224720ustar00rootroot00000000000000(document:surround "/std/frame")

;;; Functions
(define (ui-update-activity active)
  (form-update-activity "info" active)
  (form-update-activity "status" active)
  (form-update-activity "server" active)
  (form-update-activity "port" active)
  (form-update-activity "keys" active)
  (form-update-activity "onboot" active)
  (form-update-activity "def_via_vpn" active)
  (form-update-activity "lzo" active)
  (form-update-activity "use_tcp" active)
  (form-update-activity "apply" active)
  (form-update-activity "reset" active)
  (form-update-activity "delete" active))

(define (read-connections)
  (let ((connections (woo-list "/net-openvpn/avail_connections")))
    (form-update-enum "connections" connections)
    (ui-update-activity (not (null? connections)))))

(define (update-keys-list)
  (form-update-enum "keys" (woo-list "/net-openvpn/avail_keys")))

(define (read-config)
  (let ((cmd (woo-read-first "/net-openvpn"
                             'dev (form-value "connections") 'language (form-value "language"))))
    (and cmd
         (form-update-value-list
           '("connections" "info" "server" "port" "keys" "onboot" "def_via_vpn" "lzo" "use_tcp")
           cmd))))

(define (init-interface)
  (form-update-enum "status" (woo-list "/net-openvpn/avail_state" 'language (form-value "language")))
  (update-keys-list)
  (read-connections)
  (read-config)
  (form-update-value "dev_type" "tun"))

(define (write-config)
  (let ((dev (form-value "connections")))
	(and
	  dev
	  (catch/message
		(lambda()
		  (apply woo-write
				 "/net-openvpn"
				 'commit #t
				 'dev dev
				 (form-value-list
				   '("status" "server" "port" "keys" "onboot" "def_via_vpn" "lzo" "use_tcp")))))
	  (read-config))))

(define (new-connection)
  (and
	(catch/message
	  (lambda()
		(woo-write
		  "/net-openvpn"
		  'new #t
		  'dev_type (form-value "dev_type"))))
	(begin
	  (read-connections)
	  (read-config))))

(define (delete-connection)
  (let ((dev (form-value "connections")))
	(and
	  dev
	  (catch/message
		(lambda()
		  (woo-write
			"/net-openvpn"
			'delete #t
			'dev dev)))
	  (begin
		(read-connections)
		(read-config)))))

(define (on-import)
  (let ((path (import-ca value)))
    (or (string=? path "")
        (and
          (catch/message
            (lambda()
              (woo-write
                "/net-openvpn/import-ca"
                'path path)))
          (import-ca value "")))))

(define (keys-interface)
  (form-replace "/sslkey"))

;;; UI
(define fileselect (make-widget 'fileselect))
(define url (make-attribute 'url))
(define value (make-attribute 'value))
(define filter (make-attribute 'filter))
(define hints (make-attribute 'hints))

(gridbox
  columns "0;100"
  margin 20

  (label colspan 2 text (bold (_ "New connection:")))
  (gridbox
	colspan 2
	columns "0;40;150"
	(radio name "dev_type" align "left" value "tun" colspan 2 text (_ "Network tunnel (TUN)"))
	(spacer)
	(radio name "dev_type" align "left" value "tap" colspan 2 text (_ "Virtual Ethernet device (TAP)"))
	(spacer)
    (button (_ "Create connection") name "new_connection")
	(spacer))
  (separator colspan 2)
  (spacer colspan 2)

  (splitbox
	colspan 2
	columns "30;70"

  (listbox name "connections")

  (gridbox
	colspan 2
	columns "0;40;60"

	(label text (_ "Status:") align "right")
	(hbox align "left"
		  (label name "info")
		  (combobox name "status"))
	(spacer)
	;;
	(label text (_ "Server:") name "server" align "right")
	(edit name "server")
	(spacer)
	;;
	(label text (_ "Port:") name "port" align "right")
	(edit name "port")
	(spacer)
	;;
	(label text (_ "Key:") name "keys" align "right")
	(combobox name "keys")
	(spacer)
    ;;
    (spacer)
    (hbox align "left"
          colspan 2
          (button (_ "Keys managament...") name "keys_managament"))
    (spacer)
	;;
	(checkbox text (_ "Start at boot") name "onboot")
	(spacer)
	;;
	(spacer)
	(checkbox text (_ "Default route via VPN") name "def_via_vpn")
	(spacer)
	;;
	(spacer)
	(checkbox text (_ "LZO compression") name "lzo")
	(spacer)
	;;
	(spacer)
	(checkbox text (_ "Use a TCP connection") name "use_tcp")
	(spacer)
	;;
  (spacer)
  (hbox align "left"
        colspan 2
        (button (_ "Apply") name "apply")
        (button (_ "Reset") name "reset")
        (spacer)(spacer)(spacer)(spacer)
        (button (_ "Delete connection") name "delete"))))

  (separator colspan 2)
  ;;
  (hbox align "left"
        colspan 2
        (label text (_ "Import CA certificate:"))
        (document:id import-ca (fileselect title (_"Import CA certificate")
                                           url "/"
                                           filter "*.cert *.crt *.pem"
                                           hints "existing_file"))
        (button (_ "Import") name "import_button")))

;;;;;;;;;;;;;;;;;;

(document:root 
  (when loaded (init-interface))
  (form-bind "new_connection" "click" new-connection)
  (form-bind "connections" "change" read-config)
  (form-bind "keys_managament" "click" keys-interface)
  (form-bind "apply" "click" write-config)
  (form-bind "reset" "click" read-config)
  (form-bind "delete" "click" delete-connection)
  (form-bind "import_button" "click" on-import))

 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin