diff options
Diffstat (limited to 'src/leap/eip/config.py')
-rw-r--r-- | src/leap/eip/config.py | 136 |
1 files changed, 27 insertions, 109 deletions
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py index b6c38a77..c0819628 100644 --- a/src/leap/eip/config.py +++ b/src/leap/eip/config.py @@ -19,23 +19,6 @@ logging.basicConfig() logger = logging.getLogger(name=__name__) logger.setLevel('DEBUG') -# XXX deprecate per #447 -OPENVPN_CONFIG_TEMPLATE = """#Autogenerated by eip-client wizard -remote {VPN_REMOTE_HOST} {VPN_REMOTE_PORT} - -client -dev tun -persist-tun -persist-key -proto udp -tls-client -remote-cert-tls server - -cert {LEAP_EIP_KEYS} -key {LEAP_EIP_KEYS} -ca {LEAP_EIP_KEYS} -""" - class EIPConfig(baseconfig.JSONLeapConfig): spec = eipspecs.eipconfig_spec @@ -63,83 +46,6 @@ class EIPServiceConfig(baseconfig.JSONLeapConfig): slug = property(_get_slug, _set_slug) -def check_or_create_default_vpnconf(config): - """ - checks that a vpn config file - exists for a default provider, - or creates one if it does not. - ATM REQURES A [provider] section in - eip.cfg with _at least_ a remote_ip value - """ - default_provider_path = baseconfig.get_default_provider_path() - - if not os.path.isdir(default_provider_path): - mkdir_p(default_provider_path) - - conf_file = baseconfig.get_config_file( - 'openvpn.conf', - folder=default_provider_path) - - if os.path.isfile(conf_file): - return - else: - logger.debug( - 'missing default openvpn config\n' - 'creating one...') - - # We're getting provider from eip.cfg - # by now. Get it from a list of gateways - # instead. - - try: - # XXX by now, we're expecting - # only IP format for remote. - # We should allow also domain names, - # and make a reverse resolv. - remote_ip = config.get('provider', - 'remote_ip') - baseconfig.validate_ip(remote_ip) - - except ConfigParser.NoSectionError: - raise eip_exceptions.EIPInitNoProviderError - - except socket.error: - # this does not look like an ip, dave - raise eip_exceptions.EIPInitBadProviderError - - if config.has_option('provider', 'remote_port'): - remote_port = config.get('provider', - 'remote_port') - else: - remote_port = 1194 - - default_subpath = os.path.join("providers", - "default") - default_provider_path = baseconfig.get_config_file( - '', - folder=default_subpath) - - if not os.path.isdir(default_provider_path): - mkdir_p(default_provider_path) - - conf_file = baseconfig.get_config_file( - 'openvpn.conf', - folder=default_provider_path) - - # XXX keys have to be manually placed by now - keys_file = baseconfig.get_config_file( - 'openvpn.keys', - folder=default_provider_path) - - ovpn_config = OPENVPN_CONFIG_TEMPLATE.format( - VPN_REMOTE_HOST=remote_ip, - VPN_REMOTE_PORT=remote_port, - LEAP_EIP_KEYS=keys_file) - - with open(conf_file, 'wb') as f: - f.write(ovpn_config) - - def build_ovpn_options(daemon=False): """ build a list of options @@ -162,6 +68,25 @@ def build_ovpn_options(daemon=False): opts = [] + opts.append('--client') + + opts.append('--dev') + # XXX same in win? + opts.append('tun') + opts.append('--persist-tun') + opts.append('--persist-key') + + # remote + # XXX get remote from eip.json + opts.append('--remote') + opts.append('testprovider.example.org') + opts.append('1194') + opts.append('udp') + + opts.append('--tls-client') + opts.append('--remote-cert-tls') + opts.append('server') + # set user and group opts.append('--user') opts.append('%s' % user) @@ -179,6 +104,7 @@ def build_ovpn_options(daemon=False): ourplatform = platform.system() if ourplatform in ("Linux", "Mac"): opts.append('--management') + # XXX get a different sock each time ... opts.append('/tmp/.eip.sock') opts.append('unix') if ourplatform == "Windows": @@ -187,21 +113,13 @@ def build_ovpn_options(daemon=False): # XXX which is a good choice? opts.append('7777') - # remaining config options will go in a file - - # NOTE: we will build this file from - # the service definition file. - # XXX override from --with-openvpn-config - - opts.append('--config') - - default_provider_path = baseconfig.get_default_provider_path() - - # XXX get rid of config_file at all - ovpncnf = baseconfig.get_config_file( - 'openvpn.conf', - folder=default_provider_path) - opts.append(ovpncnf) + # certs + opts.append('--cert') + opts.append(eipspecs.client_cert_path()) + opts.append('--key') + opts.append(eipspecs.client_cert_path()) + opts.append('--ca') + opts.append(eipspecs.provider_ca_path()) # we cannot run in daemon mode # with the current subp setting. |