summaryrefslogtreecommitdiff
path: root/src/leap/eip/config.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/eip/config.py')
-rw-r--r--src/leap/eip/config.py136
1 files changed, 27 insertions, 109 deletions
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index b6c38a77..c0819628 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -19,23 +19,6 @@ logging.basicConfig()
logger = logging.getLogger(name=__name__)
logger.setLevel('DEBUG')
-# XXX deprecate per #447
-OPENVPN_CONFIG_TEMPLATE = """#Autogenerated by eip-client wizard
-remote {VPN_REMOTE_HOST} {VPN_REMOTE_PORT}
-
-client
-dev tun
-persist-tun
-persist-key
-proto udp
-tls-client
-remote-cert-tls server
-
-cert {LEAP_EIP_KEYS}
-key {LEAP_EIP_KEYS}
-ca {LEAP_EIP_KEYS}
-"""
-
class EIPConfig(baseconfig.JSONLeapConfig):
spec = eipspecs.eipconfig_spec
@@ -63,83 +46,6 @@ class EIPServiceConfig(baseconfig.JSONLeapConfig):
slug = property(_get_slug, _set_slug)
-def check_or_create_default_vpnconf(config):
- """
- checks that a vpn config file
- exists for a default provider,
- or creates one if it does not.
- ATM REQURES A [provider] section in
- eip.cfg with _at least_ a remote_ip value
- """
- default_provider_path = baseconfig.get_default_provider_path()
-
- if not os.path.isdir(default_provider_path):
- mkdir_p(default_provider_path)
-
- conf_file = baseconfig.get_config_file(
- 'openvpn.conf',
- folder=default_provider_path)
-
- if os.path.isfile(conf_file):
- return
- else:
- logger.debug(
- 'missing default openvpn config\n'
- 'creating one...')
-
- # We're getting provider from eip.cfg
- # by now. Get it from a list of gateways
- # instead.
-
- try:
- # XXX by now, we're expecting
- # only IP format for remote.
- # We should allow also domain names,
- # and make a reverse resolv.
- remote_ip = config.get('provider',
- 'remote_ip')
- baseconfig.validate_ip(remote_ip)
-
- except ConfigParser.NoSectionError:
- raise eip_exceptions.EIPInitNoProviderError
-
- except socket.error:
- # this does not look like an ip, dave
- raise eip_exceptions.EIPInitBadProviderError
-
- if config.has_option('provider', 'remote_port'):
- remote_port = config.get('provider',
- 'remote_port')
- else:
- remote_port = 1194
-
- default_subpath = os.path.join("providers",
- "default")
- default_provider_path = baseconfig.get_config_file(
- '',
- folder=default_subpath)
-
- if not os.path.isdir(default_provider_path):
- mkdir_p(default_provider_path)
-
- conf_file = baseconfig.get_config_file(
- 'openvpn.conf',
- folder=default_provider_path)
-
- # XXX keys have to be manually placed by now
- keys_file = baseconfig.get_config_file(
- 'openvpn.keys',
- folder=default_provider_path)
-
- ovpn_config = OPENVPN_CONFIG_TEMPLATE.format(
- VPN_REMOTE_HOST=remote_ip,
- VPN_REMOTE_PORT=remote_port,
- LEAP_EIP_KEYS=keys_file)
-
- with open(conf_file, 'wb') as f:
- f.write(ovpn_config)
-
-
def build_ovpn_options(daemon=False):
"""
build a list of options
@@ -162,6 +68,25 @@ def build_ovpn_options(daemon=False):
opts = []
+ opts.append('--client')
+
+ opts.append('--dev')
+ # XXX same in win?
+ opts.append('tun')
+ opts.append('--persist-tun')
+ opts.append('--persist-key')
+
+ # remote
+ # XXX get remote from eip.json
+ opts.append('--remote')
+ opts.append('testprovider.example.org')
+ opts.append('1194')
+ opts.append('udp')
+
+ opts.append('--tls-client')
+ opts.append('--remote-cert-tls')
+ opts.append('server')
+
# set user and group
opts.append('--user')
opts.append('%s' % user)
@@ -179,6 +104,7 @@ def build_ovpn_options(daemon=False):
ourplatform = platform.system()
if ourplatform in ("Linux", "Mac"):
opts.append('--management')
+ # XXX get a different sock each time ...
opts.append('/tmp/.eip.sock')
opts.append('unix')
if ourplatform == "Windows":
@@ -187,21 +113,13 @@ def build_ovpn_options(daemon=False):
# XXX which is a good choice?
opts.append('7777')
- # remaining config options will go in a file
-
- # NOTE: we will build this file from
- # the service definition file.
- # XXX override from --with-openvpn-config
-
- opts.append('--config')
-
- default_provider_path = baseconfig.get_default_provider_path()
-
- # XXX get rid of config_file at all
- ovpncnf = baseconfig.get_config_file(
- 'openvpn.conf',
- folder=default_provider_path)
- opts.append(ovpncnf)
+ # certs
+ opts.append('--cert')
+ opts.append(eipspecs.client_cert_path())
+ opts.append('--key')
+ opts.append(eipspecs.client_cert_path())
+ opts.append('--ca')
+ opts.append(eipspecs.provider_ca_path())
# we cannot run in daemon mode
# with the current subp setting.