renaming; fixes
This commit is contained in:
Ilya Sosnovsky
parent
f5eb9eaff6
commit
edaf13f557
4 changed files with 51 additions and 48 deletions
|
|
@ -20,3 +20,4 @@ ovpn-admin
|
||||||
|
|
||||||
docker-compose.yaml
|
docker-compose.yaml
|
||||||
docker-compose-slave.yaml
|
docker-compose-slave.yaml
|
||||||
|
img
|
||||||
|
|
@ -8,7 +8,7 @@ services:
|
||||||
image: openvpn:local
|
image: openvpn:local
|
||||||
command: /etc/openvpn/setup/configure.sh
|
command: /etc/openvpn/setup/configure.sh
|
||||||
environment:
|
environment:
|
||||||
- OPVN_ROLE=slave
|
- OVPN_ROLE=slave
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
ports:
|
ports:
|
||||||
|
|
@ -23,7 +23,7 @@ services:
|
||||||
image: ovpn-admin:local
|
image: ovpn-admin:local
|
||||||
command: /app/ovpn-admin --debug --ovpn.network="172.16.100.0/22" --master.sync-token="TOKEN" --master.host="http://172.20.0.1:8080" --role="slave" --ovpn.server="127.0.0.1:7777:tcp" --ovpn.server="127.0.0.1:7778:tcp" --easyrsa.path="/mnt/easyrsa" --easyrsa.index-path="/mnt/easyrsa/pki/index.txt"
|
command: /app/ovpn-admin --debug --ovpn.network="172.16.100.0/22" --master.sync-token="TOKEN" --master.host="http://172.20.0.1:8080" --role="slave" --ovpn.server="127.0.0.1:7777:tcp" --ovpn.server="127.0.0.1:7778:tcp" --easyrsa.path="/mnt/easyrsa" --easyrsa.index-path="/mnt/easyrsa/pki/index.txt"
|
||||||
environment:
|
environment:
|
||||||
- OPVN_SLAVE=1
|
- OVPN_SLAVE=1
|
||||||
network_mode: service:openvpn
|
network_mode: service:openvpn
|
||||||
volumes:
|
volumes:
|
||||||
- ./easyrsa_slave:/mnt/easyrsa
|
- ./easyrsa_slave:/mnt/easyrsa
|
||||||
|
|
|
||||||
80
main.go
80
main.go
|
|
@ -32,7 +32,7 @@ const (
|
||||||
indexTxtDateLayout = "060102150405Z"
|
indexTxtDateLayout = "060102150405Z"
|
||||||
stringDateFormat = "2006-01-02 15:04:05"
|
stringDateFormat = "2006-01-02 15:04:05"
|
||||||
ovpnStatusDateLayout = "2006-01-02 15:04:05"
|
ovpnStatusDateLayout = "2006-01-02 15:04:05"
|
||||||
version = "1.6.1"
|
version = "1.6.2"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
@ -137,7 +137,7 @@ var (
|
||||||
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type OpenvpnAdmin struct {
|
type OvpnAdmin struct {
|
||||||
role string
|
role string
|
||||||
lastSyncTime string
|
lastSyncTime string
|
||||||
lastSuccessfulSyncTime string
|
lastSuccessfulSyncTime string
|
||||||
|
|
@ -210,18 +210,18 @@ type clientStatus struct {
|
||||||
ConnectedTo string
|
ConnectedTo string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userListHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) userListHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
usersList, _ := json.Marshal(oAdmin.clients)
|
usersList, _ := json.Marshal(oAdmin.clients)
|
||||||
fmt.Fprintf(w, "%s", usersList)
|
fmt.Fprintf(w, "%s", usersList)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userStatisticHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) userStatisticHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
r.ParseForm()
|
r.ParseForm()
|
||||||
userStatistic, _ := json.Marshal(oAdmin.getUserStatistic(r.FormValue("username")))
|
userStatistic, _ := json.Marshal(oAdmin.getUserStatistic(r.FormValue("username")))
|
||||||
fmt.Fprintf(w, "%s", userStatistic)
|
fmt.Fprintf(w, "%s", userStatistic)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userCreateHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) userCreateHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
if oAdmin.role == "slave" {
|
if oAdmin.role == "slave" {
|
||||||
http.Error(w, `{"status":"error"}`, http.StatusLocked)
|
http.Error(w, `{"status":"error"}`, http.StatusLocked)
|
||||||
return
|
return
|
||||||
|
|
@ -238,7 +238,7 @@ func (oAdmin *OpenvpnAdmin) userCreateHandler(w http.ResponseWriter, r *http.Req
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userRevokeHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) userRevokeHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
if oAdmin.role == "slave" {
|
if oAdmin.role == "slave" {
|
||||||
http.Error(w, `{"status":"error"}`, http.StatusLocked)
|
http.Error(w, `{"status":"error"}`, http.StatusLocked)
|
||||||
return
|
return
|
||||||
|
|
@ -247,7 +247,7 @@ func (oAdmin *OpenvpnAdmin) userRevokeHandler(w http.ResponseWriter, r *http.Req
|
||||||
fmt.Fprintf(w, "%s", oAdmin.userRevoke(r.FormValue("username")))
|
fmt.Fprintf(w, "%s", oAdmin.userRevoke(r.FormValue("username")))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userUnrevokeHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) userUnrevokeHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
if oAdmin.role == "slave" {
|
if oAdmin.role == "slave" {
|
||||||
http.Error(w, `{"status":"error"}`, http.StatusLocked)
|
http.Error(w, `{"status":"error"}`, http.StatusLocked)
|
||||||
return
|
return
|
||||||
|
|
@ -257,7 +257,7 @@ func (oAdmin *OpenvpnAdmin) userUnrevokeHandler(w http.ResponseWriter, r *http.R
|
||||||
fmt.Fprintf(w, "%s", oAdmin.userUnrevoke(r.FormValue("username")))
|
fmt.Fprintf(w, "%s", oAdmin.userUnrevoke(r.FormValue("username")))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userChangePasswordHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) userChangePasswordHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
r.ParseForm()
|
r.ParseForm()
|
||||||
if *authByPassword {
|
if *authByPassword {
|
||||||
passwordChanged, passwordChangeMessage := oAdmin.userChangePassword(r.FormValue("username"), r.FormValue("password"))
|
passwordChanged, passwordChangeMessage := oAdmin.userChangePassword(r.FormValue("username"), r.FormValue("password"))
|
||||||
|
|
@ -276,24 +276,24 @@ func (oAdmin *OpenvpnAdmin) userChangePasswordHandler(w http.ResponseWriter, r *
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userShowConfigHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) userShowConfigHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
r.ParseForm()
|
r.ParseForm()
|
||||||
fmt.Fprintf(w, "%s", oAdmin.renderClientConfig(r.FormValue("username")))
|
fmt.Fprintf(w, "%s", oAdmin.renderClientConfig(r.FormValue("username")))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userDisconnectHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) userDisconnectHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
r.ParseForm()
|
r.ParseForm()
|
||||||
// fmt.Fprintf(w, "%s", userDisconnect(r.FormValue("username")))
|
// fmt.Fprintf(w, "%s", userDisconnect(r.FormValue("username")))
|
||||||
fmt.Fprintf(w, "%s", r.FormValue("username"))
|
fmt.Fprintf(w, "%s", r.FormValue("username"))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userShowCcdHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) userShowCcdHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
r.ParseForm()
|
r.ParseForm()
|
||||||
ccd, _ := json.Marshal(oAdmin.getCcd(r.FormValue("username")))
|
ccd, _ := json.Marshal(oAdmin.getCcd(r.FormValue("username")))
|
||||||
fmt.Fprintf(w, "%s", ccd)
|
fmt.Fprintf(w, "%s", ccd)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userApplyCcdHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) userApplyCcdHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
if oAdmin.role == "slave" {
|
if oAdmin.role == "slave" {
|
||||||
http.Error(w, `{"status":"error"}`, http.StatusLocked)
|
http.Error(w, `{"status":"error"}`, http.StatusLocked)
|
||||||
return
|
return
|
||||||
|
|
@ -320,7 +320,7 @@ func (oAdmin *OpenvpnAdmin) userApplyCcdHandler(w http.ResponseWriter, r *http.R
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) serverSettingsHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) serverSettingsHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
enabledModules, enabledModulesErr := json.Marshal(oAdmin.modules)
|
enabledModules, enabledModulesErr := json.Marshal(oAdmin.modules)
|
||||||
if enabledModulesErr != nil {
|
if enabledModulesErr != nil {
|
||||||
log.Printf("ERROR: %s\n",enabledModulesErr)
|
log.Printf("ERROR: %s\n",enabledModulesErr)
|
||||||
|
|
@ -328,15 +328,15 @@ func (oAdmin *OpenvpnAdmin) serverSettingsHandler(w http.ResponseWriter, r *http
|
||||||
fmt.Fprintf(w, `{"status":"ok", "serverRole": "%s", "modules": %s }`, oAdmin.role, string(enabledModules))
|
fmt.Fprintf(w, `{"status":"ok", "serverRole": "%s", "modules": %s }`, oAdmin.role, string(enabledModules))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) lastSyncTimeHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) lastSyncTimeHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
fmt.Fprint(w, oAdmin.lastSyncTime)
|
fmt.Fprint(w, oAdmin.lastSyncTime)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) lastSuccessfulSyncTimeHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) lastSuccessfulSyncTimeHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
fmt.Fprint(w, oAdmin.lastSuccessfulSyncTime)
|
fmt.Fprint(w, oAdmin.lastSuccessfulSyncTime)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) downloadCertsHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) downloadCertsHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
if oAdmin.role == "slave" {
|
if oAdmin.role == "slave" {
|
||||||
http.Error(w, `{"status":"error"}`, http.StatusLocked)
|
http.Error(w, `{"status":"error"}`, http.StatusLocked)
|
||||||
return
|
return
|
||||||
|
|
@ -354,7 +354,7 @@ func (oAdmin *OpenvpnAdmin) downloadCertsHandler(w http.ResponseWriter, r *http.
|
||||||
http.ServeFile(w,r, certsArchivePath)
|
http.ServeFile(w,r, certsArchivePath)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) downloadCcdHandler(w http.ResponseWriter, r *http.Request) {
|
func (oAdmin *OvpnAdmin) downloadCcdHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
if oAdmin.role == "slave" {
|
if oAdmin.role == "slave" {
|
||||||
http.Error(w, `{"status":"error"}`, http.StatusLocked)
|
http.Error(w, `{"status":"error"}`, http.StatusLocked)
|
||||||
return
|
return
|
||||||
|
|
@ -377,7 +377,7 @@ func main() {
|
||||||
kingpin.Parse()
|
kingpin.Parse()
|
||||||
|
|
||||||
|
|
||||||
ovpnAdmin := new(OpenvpnAdmin)
|
ovpnAdmin := new(OvpnAdmin)
|
||||||
ovpnAdmin.lastSyncTime = "unknown"
|
ovpnAdmin.lastSyncTime = "unknown"
|
||||||
ovpnAdmin.role = *serverRole
|
ovpnAdmin.role = *serverRole
|
||||||
ovpnAdmin.lastSuccessfulSyncTime = "unknown"
|
ovpnAdmin.lastSuccessfulSyncTime = "unknown"
|
||||||
|
|
@ -457,7 +457,7 @@ func CacheControlWrapper(h http.Handler) http.Handler {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) registerMetrics() {
|
func (oAdmin *OvpnAdmin) registerMetrics() {
|
||||||
oAdmin.promRegistry.MustRegister(ovpnServerCertExpire)
|
oAdmin.promRegistry.MustRegister(ovpnServerCertExpire)
|
||||||
oAdmin.promRegistry.MustRegister(ovpnServerCaCertExpire)
|
oAdmin.promRegistry.MustRegister(ovpnServerCaCertExpire)
|
||||||
oAdmin.promRegistry.MustRegister(ovpnClientsTotal)
|
oAdmin.promRegistry.MustRegister(ovpnClientsTotal)
|
||||||
|
|
@ -471,14 +471,14 @@ func (oAdmin *OpenvpnAdmin) registerMetrics() {
|
||||||
oAdmin.promRegistry.MustRegister(ovpnClientBytesSent)
|
oAdmin.promRegistry.MustRegister(ovpnClientBytesSent)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) setState() {
|
func (oAdmin *OvpnAdmin) setState() {
|
||||||
oAdmin.activeClients = oAdmin.mgmtGetActiveClients()
|
oAdmin.activeClients = oAdmin.mgmtGetActiveClients()
|
||||||
oAdmin.clients = oAdmin.usersList()
|
oAdmin.clients = oAdmin.usersList()
|
||||||
|
|
||||||
ovpnServerCaCertExpire.Set(float64((getOvpnCaCertExpireDate().Unix() - time.Now().Unix()) / 3600 / 24))
|
ovpnServerCaCertExpire.Set(float64((getOvpnCaCertExpireDate().Unix() - time.Now().Unix()) / 3600 / 24))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) updateState() {
|
func (oAdmin *OvpnAdmin) updateState() {
|
||||||
for {
|
for {
|
||||||
time.Sleep(time.Duration(28) * time.Second)
|
time.Sleep(time.Duration(28) * time.Second)
|
||||||
ovpnClientBytesSent.Reset()
|
ovpnClientBytesSent.Reset()
|
||||||
|
|
@ -524,7 +524,7 @@ func renderIndexTxt(data []indexTxtLine) string {
|
||||||
return indexTxt
|
return indexTxt
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) renderClientConfig(username string) string {
|
func (oAdmin *OvpnAdmin) renderClientConfig(username string) string {
|
||||||
if checkUserExist(username) {
|
if checkUserExist(username) {
|
||||||
var hosts []OpenvpnServer
|
var hosts []OpenvpnServer
|
||||||
|
|
||||||
|
|
@ -568,7 +568,7 @@ func (oAdmin *OpenvpnAdmin) renderClientConfig(username string) string {
|
||||||
return fmt.Sprintf("User \"%s\" not found", username)
|
return fmt.Sprintf("User \"%s\" not found", username)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) parseCcd(username string) Ccd {
|
func (oAdmin *OvpnAdmin) parseCcd(username string) Ccd {
|
||||||
ccd := Ccd{}
|
ccd := Ccd{}
|
||||||
ccd.User = username
|
ccd.User = username
|
||||||
ccd.ClientAddress = "dynamic"
|
ccd.ClientAddress = "dynamic"
|
||||||
|
|
@ -591,7 +591,7 @@ func (oAdmin *OpenvpnAdmin) parseCcd(username string) Ccd {
|
||||||
return ccd
|
return ccd
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) modifyCcd(ccd Ccd) (bool, string) {
|
func (oAdmin *OvpnAdmin) modifyCcd(ccd Ccd) (bool, string) {
|
||||||
ccdErr := "something goes wrong"
|
ccdErr := "something goes wrong"
|
||||||
|
|
||||||
if fCreate(*ccdDir + "/" + ccd.User) {
|
if fCreate(*ccdDir + "/" + ccd.User) {
|
||||||
|
|
@ -677,7 +677,7 @@ func validateCcd(ccd Ccd) (bool, string) {
|
||||||
return true, ccdErr
|
return true, ccdErr
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) getCcd(username string) Ccd {
|
func (oAdmin *OvpnAdmin) getCcd(username string) Ccd {
|
||||||
ccd := Ccd{}
|
ccd := Ccd{}
|
||||||
ccd.User = username
|
ccd.User = username
|
||||||
ccd.ClientAddress = "dynamic"
|
ccd.ClientAddress = "dynamic"
|
||||||
|
|
@ -720,7 +720,7 @@ func checkUserExist(username string) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) usersList() []OpenvpnClient {
|
func (oAdmin *OvpnAdmin) usersList() []OpenvpnClient {
|
||||||
var users []OpenvpnClient
|
var users []OpenvpnClient
|
||||||
|
|
||||||
totalCerts := 0
|
totalCerts := 0
|
||||||
|
|
@ -780,7 +780,7 @@ func (oAdmin *OpenvpnAdmin) usersList() []OpenvpnClient {
|
||||||
return users
|
return users
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userCreate(username, password string) (bool, string) {
|
func (oAdmin *OvpnAdmin) userCreate(username, password string) (bool, string) {
|
||||||
ucErr := fmt.Sprintf("User \"%s\" created", username)
|
ucErr := fmt.Sprintf("User \"%s\" created", username)
|
||||||
|
|
||||||
if checkUserExist(username) {
|
if checkUserExist(username) {
|
||||||
|
|
@ -799,6 +799,7 @@ func (oAdmin *OpenvpnAdmin) userCreate(username, password string) (bool, string)
|
||||||
return false, ucErr
|
return false, ucErr
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if *authByPassword {
|
||||||
if !validatePassword(password) {
|
if !validatePassword(password) {
|
||||||
ucErr = fmt.Sprintf("Password too short, password length must be greater or equal %d", passwordMinLength)
|
ucErr = fmt.Sprintf("Password too short, password length must be greater or equal %d", passwordMinLength)
|
||||||
if *debug {
|
if *debug {
|
||||||
|
|
@ -806,6 +807,7 @@ func (oAdmin *OpenvpnAdmin) userCreate(username, password string) (bool, string)
|
||||||
}
|
}
|
||||||
return false, ucErr
|
return false, ucErr
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
o := runBash(fmt.Sprintf("date +%%Y-%%m-%%d\\ %%H:%%M:%%S && cd %s && easyrsa build-client-full %s nopass", *easyrsaDirPath, username))
|
o := runBash(fmt.Sprintf("date +%%Y-%%m-%%d\\ %%H:%%M:%%S && cd %s && easyrsa build-client-full %s nopass", *easyrsaDirPath, username))
|
||||||
fmt.Println(o)
|
fmt.Println(o)
|
||||||
|
|
@ -824,7 +826,7 @@ func (oAdmin *OpenvpnAdmin) userCreate(username, password string) (bool, string)
|
||||||
return true, ucErr
|
return true, ucErr
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userChangePassword(username, password string) (bool, string) {
|
func (oAdmin *OvpnAdmin) userChangePassword(username, password string) (bool, string) {
|
||||||
|
|
||||||
if checkUserExist(username) {
|
if checkUserExist(username) {
|
||||||
o := runBash(fmt.Sprintf("openvpn-user check --db.path %s --user %s | grep %s | wc -l", *authDatabase, username, username))
|
o := runBash(fmt.Sprintf("openvpn-user check --db.path %s --user %s | grep %s | wc -l", *authDatabase, username, username))
|
||||||
|
|
@ -856,7 +858,7 @@ func (oAdmin *OpenvpnAdmin) userChangePassword(username, password string) (bool,
|
||||||
return false, "User does not exist"
|
return false, "User does not exist"
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) getUserStatistic(username string) clientStatus {
|
func (oAdmin *OvpnAdmin) getUserStatistic(username string) clientStatus {
|
||||||
for _, u := range oAdmin.activeClients {
|
for _, u := range oAdmin.activeClients {
|
||||||
if u.CommonName == username {
|
if u.CommonName == username {
|
||||||
return u
|
return u
|
||||||
|
|
@ -865,7 +867,7 @@ func (oAdmin *OpenvpnAdmin) getUserStatistic(username string) clientStatus {
|
||||||
return clientStatus{}
|
return clientStatus{}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userRevoke(username string) string {
|
func (oAdmin *OvpnAdmin) userRevoke(username string) string {
|
||||||
if checkUserExist(username) {
|
if checkUserExist(username) {
|
||||||
// check certificate valid flag 'V'
|
// check certificate valid flag 'V'
|
||||||
o := runBash(fmt.Sprintf("date +%%Y-%%m-%%d\\ %%H:%%M:%%S && cd %s && echo yes | easyrsa revoke %s && easyrsa gen-crl", *easyrsaDirPath, username))
|
o := runBash(fmt.Sprintf("date +%%Y-%%m-%%d\\ %%H:%%M:%%S && cd %s && echo yes | easyrsa revoke %s && easyrsa gen-crl", *easyrsaDirPath, username))
|
||||||
|
|
@ -881,7 +883,7 @@ func (oAdmin *OpenvpnAdmin) userRevoke(username string) string {
|
||||||
return fmt.Sprintf("User \"%s\" not found", username)
|
return fmt.Sprintf("User \"%s\" not found", username)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) userUnrevoke(username string) string {
|
func (oAdmin *OvpnAdmin) userUnrevoke(username string) string {
|
||||||
if checkUserExist(username) {
|
if checkUserExist(username) {
|
||||||
// check certificate revoked flag 'R'
|
// check certificate revoked flag 'R'
|
||||||
usersFromIndexTxt := indexTxtParser(fRead(*indexTxtPath))
|
usersFromIndexTxt := indexTxtParser(fRead(*indexTxtPath))
|
||||||
|
|
@ -923,14 +925,14 @@ func (oAdmin *OpenvpnAdmin) userUnrevoke(username string) string {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) mgmtRead(conn net.Conn) string {
|
func (oAdmin *OvpnAdmin) mgmtRead(conn net.Conn) string {
|
||||||
buf := make([]byte, 32768)
|
buf := make([]byte, 32768)
|
||||||
bufLen, _ := conn.Read(buf)
|
bufLen, _ := conn.Read(buf)
|
||||||
s := string(buf[:bufLen])
|
s := string(buf[:bufLen])
|
||||||
return s
|
return s
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) mgmtConnectedUsersParser(text, serverName string) []clientStatus {
|
func (oAdmin *OvpnAdmin) mgmtConnectedUsersParser(text, serverName string) []clientStatus {
|
||||||
var u []clientStatus
|
var u []clientStatus
|
||||||
isClientList := false
|
isClientList := false
|
||||||
isRouteTable := false
|
isRouteTable := false
|
||||||
|
|
@ -985,7 +987,7 @@ func (oAdmin *OpenvpnAdmin) mgmtConnectedUsersParser(text, serverName string) []
|
||||||
return u
|
return u
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) mgmtKillUserConnection(username, serverName string) {
|
func (oAdmin *OvpnAdmin) mgmtKillUserConnection(username, serverName string) {
|
||||||
conn, err := net.Dial("tcp", oAdmin.mgmtInterfaces[serverName])
|
conn, err := net.Dial("tcp", oAdmin.mgmtInterfaces[serverName])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("WARNING: openvpn mgmt interface for %s is not reachable by addr %s\n", serverName, oAdmin.mgmtInterfaces[serverName])
|
log.Printf("WARNING: openvpn mgmt interface for %s is not reachable by addr %s\n", serverName, oAdmin.mgmtInterfaces[serverName])
|
||||||
|
|
@ -997,7 +999,7 @@ func (oAdmin *OpenvpnAdmin) mgmtKillUserConnection(username, serverName string)
|
||||||
conn.Close()
|
conn.Close()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) mgmtGetActiveClients() []clientStatus {
|
func (oAdmin *OvpnAdmin) mgmtGetActiveClients() []clientStatus {
|
||||||
var activeClients []clientStatus
|
var activeClients []clientStatus
|
||||||
|
|
||||||
for srv, addr := range oAdmin.mgmtInterfaces {
|
for srv, addr := range oAdmin.mgmtInterfaces {
|
||||||
|
|
@ -1023,7 +1025,7 @@ func isUserConnected(username string, connectedUsers []clientStatus) (bool, stri
|
||||||
return false, ""
|
return false, ""
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) downloadCerts() bool {
|
func (oAdmin *OvpnAdmin) downloadCerts() bool {
|
||||||
if fExist(certsArchivePath) {
|
if fExist(certsArchivePath) {
|
||||||
fDelete(certsArchivePath)
|
fDelete(certsArchivePath)
|
||||||
}
|
}
|
||||||
|
|
@ -1036,7 +1038,7 @@ func (oAdmin *OpenvpnAdmin) downloadCerts() bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) downloadCcd() bool {
|
func (oAdmin *OvpnAdmin) downloadCcd() bool {
|
||||||
if fExist(ccdArchivePath) {
|
if fExist(ccdArchivePath) {
|
||||||
fDelete(ccdArchivePath)
|
fDelete(ccdArchivePath)
|
||||||
}
|
}
|
||||||
|
|
@ -1072,7 +1074,7 @@ func unArchiveCcd() {
|
||||||
fmt.Println(o)
|
fmt.Println(o)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) syncDataFromMaster() {
|
func (oAdmin *OvpnAdmin) syncDataFromMaster() {
|
||||||
retryCountMax := 3
|
retryCountMax := 3
|
||||||
certsDownloadFailed := true
|
certsDownloadFailed := true
|
||||||
ccdDownloadFailed := true
|
ccdDownloadFailed := true
|
||||||
|
|
@ -1109,7 +1111,7 @@ func (oAdmin *OpenvpnAdmin) syncDataFromMaster() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (oAdmin *OpenvpnAdmin) syncWithMaster() {
|
func (oAdmin *OvpnAdmin) syncWithMaster() {
|
||||||
for {
|
for {
|
||||||
time.Sleep(time.Duration(*masterSyncFrequency) * time.Second)
|
time.Sleep(time.Duration(*masterSyncFrequency) * time.Second)
|
||||||
oAdmin.syncDataFromMaster()
|
oAdmin.syncDataFromMaster()
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@ cd $EASY_RSA_LOC
|
||||||
if [ -e "$SERVER_CERT" ]; then
|
if [ -e "$SERVER_CERT" ]; then
|
||||||
echo "Found existing certs - reusing"
|
echo "Found existing certs - reusing"
|
||||||
else
|
else
|
||||||
if [ ${OPVN_ROLE:-"master"} = "slave" ]; then
|
if [ ${OVPN_ROLE:-"master"} = "slave" ]; then
|
||||||
echo "Waiting for initial sync data from master"
|
echo "Waiting for initial sync data from master"
|
||||||
while [ $(wget -q localhost/api/sync/last/try -O - | wc -m) -lt 1 ]
|
while [ $(wget -q localhost/api/sync/last/try -O - | wc -m) -lt 1 ]
|
||||||
do
|
do
|
||||||
|
|
@ -34,7 +34,7 @@ fi
|
||||||
|
|
||||||
cp -f /etc/openvpn/setup/openvpn.conf /etc/openvpn/openvpn.conf
|
cp -f /etc/openvpn/setup/openvpn.conf /etc/openvpn/openvpn.conf
|
||||||
|
|
||||||
if [ ${OPVN_PASSWD_AUTH} = "true" ]; then
|
if [ ${OVPN_PASSWD_AUTH} = "true" ]; then
|
||||||
mkdir -p /etc/openvpn/scripts/
|
mkdir -p /etc/openvpn/scripts/
|
||||||
cp -f /etc/openvpn/setup/auth.sh /etc/openvpn/scripts/auth.sh
|
cp -f /etc/openvpn/setup/auth.sh /etc/openvpn/scripts/auth.sh
|
||||||
chmod +x /etc/openvpn/scripts/auth.sh
|
chmod +x /etc/openvpn/scripts/auth.sh
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue