summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkali <kali@leap.se>2012-08-30 05:37:44 +0900
committerkali <kali@leap.se>2012-08-30 05:37:44 +0900
commitb79a08b84e52871b1e1254f65ff774a6f0857608 (patch)
treea1f8df63200b57093d532abca70abe3482044121
parent5e77b77765154850fb708e6ea188fcf7ba99fdce (diff)
move extra options from config template to cl opts
-rw-r--r--src/leap/eip/config.py44
-rw-r--r--src/leap/eip/tests/test_config.py51
2 files changed, 75 insertions, 20 deletions
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index b6c38a77..a9de60b2 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -63,6 +63,7 @@ class EIPServiceConfig(baseconfig.JSONLeapConfig):
slug = property(_get_slug, _set_slug)
+# XXX deprecate by #447
def check_or_create_default_vpnconf(config):
"""
checks that a vpn config file
@@ -162,6 +163,26 @@ def build_ovpn_options(daemon=False):
opts = []
+ opts.append('--mode')
+ opts.append('client')
+
+ opts.append('--dev')
+ # XXX same in win?
+ opts.append('tun')
+ opts.append('--persist-tun')
+ opts.append('--persist-key')
+
+ # remote
+ # XXX get remote from eip.json
+ opts.append('--remote')
+ opts.append('testprovider.example.org')
+ opts.append('1194')
+ opts.append('udp')
+
+ opts.append('--tls-client')
+ opts.append('--remote-cert-tls')
+ opts.append('server')
+
# set user and group
opts.append('--user')
opts.append('%s' % user)
@@ -179,6 +200,7 @@ def build_ovpn_options(daemon=False):
ourplatform = platform.system()
if ourplatform in ("Linux", "Mac"):
opts.append('--management')
+ # XXX get a different sock each time ...
opts.append('/tmp/.eip.sock')
opts.append('unix')
if ourplatform == "Windows":
@@ -187,21 +209,13 @@ def build_ovpn_options(daemon=False):
# XXX which is a good choice?
opts.append('7777')
- # remaining config options will go in a file
-
- # NOTE: we will build this file from
- # the service definition file.
- # XXX override from --with-openvpn-config
-
- opts.append('--config')
-
- default_provider_path = baseconfig.get_default_provider_path()
-
- # XXX get rid of config_file at all
- ovpncnf = baseconfig.get_config_file(
- 'openvpn.conf',
- folder=default_provider_path)
- opts.append(ovpncnf)
+ # certs
+ opts.append('--cert')
+ opts.append(eipspecs.client_cert_path())
+ opts.append('--key')
+ opts.append(eipspecs.client_cert_path())
+ opts.append('--ca')
+ opts.append(eipspecs.provider_ca_path())
# we cannot run in daemon mode
# with the current subp setting.
diff --git a/src/leap/eip/tests/test_config.py b/src/leap/eip/tests/test_config.py
index 16219648..c3a8075e 100644
--- a/src/leap/eip/tests/test_config.py
+++ b/src/leap/eip/tests/test_config.py
@@ -48,6 +48,23 @@ class EIPConfigTest(BaseLeapTest):
username = self.get_username()
groupname = self.get_groupname()
+ args.append('--mode')
+ args.append('client')
+ args.append('--dev')
+ #does this have to be tap for win??
+ args.append('tun')
+ args.append('--persist-tun')
+ args.append('--persist-key')
+ args.append('--remote')
+ args.append('testprovider.example.org')
+ # XXX get port!?
+ args.append('1194')
+ # XXX get proto
+ args.append('udp')
+ args.append('--tls-client')
+ args.append('--remote-cert-tls')
+ args.append('server')
+
args.append('--user')
args.append(username)
args.append('--group')
@@ -55,16 +72,40 @@ class EIPConfigTest(BaseLeapTest):
args.append('--management-client-user')
args.append(username)
args.append('--management-signal')
- args.append('--management')
+ args.append('--management')
#XXX hey!
#get platform switches here!
args.append('/tmp/.eip.sock')
args.append('unix')
- args.append('--config')
- args.append(os.path.expanduser(
- '~/.config/leap/providers/%s/openvpn.conf'
- % constants.DEFAULT_TEST_PROVIDER))
+
+ # certs
+ # XXX get values from specs?
+ args.append('--cert')
+ args.append(os.path.join(
+ self.home,
+ '.config', 'leap', 'providers',
+ 'testprovider.example.org',
+ 'keys', 'client',
+ 'openvpn.pem'))
+ args.append('--key')
+ args.append(os.path.join(
+ self.home,
+ '.config', 'leap', 'providers',
+ 'testprovider.example.org',
+ 'keys', 'client',
+ 'openvpn.pem'))
+ args.append('--ca')
+ args.append(os.path.join(
+ self.home,
+ '.config', 'leap', 'providers',
+ 'testprovider.example.org',
+ 'keys', 'ca',
+ 'testprovider-ca-cert.pem'))
+ #args.append('--config')
+ #args.append(os.path.expanduser(
+ #'~/.config/leap/providers/%s/openvpn.conf'
+ #% constants.DEFAULT_TEST_PROVIDER))
return args
# build command string