From d6d73d41278c7c438c27f286bc5f6106d37f51d2 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 10 Nov 2014 20:41:56 -0800
Subject: vpn: support for the server setting custom fragment openvpn option

---
 changes/bug_5933_support_fragment_openvpn_option | 1 +
 pkg/linux/bitmask-root                           | 3 ++-
 src/leap/bitmask/services/eip/eipconfig.py       | 9 +++++++--
 3 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100644 changes/bug_5933_support_fragment_openvpn_option

diff --git a/changes/bug_5933_support_fragment_openvpn_option b/changes/bug_5933_support_fragment_openvpn_option
new file mode 100644
index 00000000..c7958054
--- /dev/null
+++ b/changes/bug_5933_support_fragment_openvpn_option
@@ -0,0 +1 @@
+- Allow the server to set a custom --fragment openvpn option (#5933)
\ No newline at end of file
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index ee195e3b..92bbf046 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -96,7 +96,8 @@ ALLOWED_FLAGS = {
     "--management-client-user": ["USER"],
     "--cert": ["FILE"],
     "--key": ["FILE"],
-    "--ca": ["FILE"]
+    "--ca": ["FILE"],
+    "--fragment": ["NUMBER"]
 }
 
 PARAM_FORMATS = {
diff --git a/src/leap/bitmask/services/eip/eipconfig.py b/src/leap/bitmask/services/eip/eipconfig.py
index 5b51d12e..659ca1b1 100644
--- a/src/leap/bitmask/services/eip/eipconfig.py
+++ b/src/leap/bitmask/services/eip/eipconfig.py
@@ -216,7 +216,7 @@ class EIPConfig(ServiceConfig):
     """
     _service_name = "eip"
 
-    OPENVPN_ALLOWED_KEYS = ("auth", "cipher", "tls-cipher")
+    OPENVPN_ALLOWED_KEYS = ("auth", "cipher", "tls-cipher", "fragment")
     OPENVPN_CIPHERS_REGEX = re.compile("[A-Z0-9\-]+")
 
     def __init__(self):
@@ -255,6 +255,11 @@ class EIPConfig(ServiceConfig):
 
         These are sanitized with alphanumeric whitelist.
 
+        NOTE: some openvpn config option don't take a value, but
+        this method currently requires that every option has a value.
+        Also, this does not yet work with values with spaces, like
+        `keepalive 10 30`
+
         :returns: openvpn configuration dict
         :rtype: C{dict}
         """
@@ -262,7 +267,7 @@ class EIPConfig(ServiceConfig):
         config = {}
         for key, value in ovpncfg.items():
             if key in self.OPENVPN_ALLOWED_KEYS and value is not None:
-                sanitized_val = self.OPENVPN_CIPHERS_REGEX.findall(value)
+                sanitized_val = self.OPENVPN_CIPHERS_REGEX.findall(str(value))
                 if len(sanitized_val) != 0:
                     _val = sanitized_val[0]
                     config[str(key)] = str(_val)
-- 
cgit v1.2.3