From b79a08b84e52871b1e1254f65ff774a6f0857608 Mon Sep 17 00:00:00 2001
From: kali <kali@leap.se>
Date: Thu, 30 Aug 2012 05:37:44 +0900
Subject: move extra options from config template to cl opts

---
 src/leap/eip/config.py            | 44 +++++++++++++++++++++------------
 src/leap/eip/tests/test_config.py | 51 +++++++++++++++++++++++++++++++++++----
 2 files changed, 75 insertions(+), 20 deletions(-)

diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index b6c38a77..a9de60b2 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -63,6 +63,7 @@ class EIPServiceConfig(baseconfig.JSONLeapConfig):
     slug = property(_get_slug, _set_slug)
 
 
+# XXX deprecate by #447
 def check_or_create_default_vpnconf(config):
     """
     checks that a vpn config file
@@ -162,6 +163,26 @@ def build_ovpn_options(daemon=False):
 
     opts = []
 
+    opts.append('--mode')
+    opts.append('client')
+
+    opts.append('--dev')
+    # XXX same in win?
+    opts.append('tun')
+    opts.append('--persist-tun')
+    opts.append('--persist-key')
+
+    # remote
+    # XXX get remote from eip.json
+    opts.append('--remote')
+    opts.append('testprovider.example.org')
+    opts.append('1194')
+    opts.append('udp')
+
+    opts.append('--tls-client')
+    opts.append('--remote-cert-tls')
+    opts.append('server')
+
     # set user and group
     opts.append('--user')
     opts.append('%s' % user)
@@ -179,6 +200,7 @@ def build_ovpn_options(daemon=False):
     ourplatform = platform.system()
     if ourplatform in ("Linux", "Mac"):
         opts.append('--management')
+        # XXX get a different sock each time ...
         opts.append('/tmp/.eip.sock')
         opts.append('unix')
     if ourplatform == "Windows":
@@ -187,21 +209,13 @@ def build_ovpn_options(daemon=False):
         # XXX which is a good choice?
         opts.append('7777')
 
-    # remaining config options will go in a file
-
-    # NOTE: we will build this file from
-    # the service definition file.
-    # XXX override from --with-openvpn-config
-
-    opts.append('--config')
-
-    default_provider_path = baseconfig.get_default_provider_path()
-
-    # XXX get rid of config_file at all
-    ovpncnf = baseconfig.get_config_file(
-        'openvpn.conf',
-        folder=default_provider_path)
-    opts.append(ovpncnf)
+    # certs
+    opts.append('--cert')
+    opts.append(eipspecs.client_cert_path())
+    opts.append('--key')
+    opts.append(eipspecs.client_cert_path())
+    opts.append('--ca')
+    opts.append(eipspecs.provider_ca_path())
 
     # we cannot run in daemon mode
     # with the current subp setting.
diff --git a/src/leap/eip/tests/test_config.py b/src/leap/eip/tests/test_config.py
index 16219648..c3a8075e 100644
--- a/src/leap/eip/tests/test_config.py
+++ b/src/leap/eip/tests/test_config.py
@@ -48,6 +48,23 @@ class EIPConfigTest(BaseLeapTest):
         username = self.get_username()
         groupname = self.get_groupname()
 
+        args.append('--mode')
+        args.append('client')
+        args.append('--dev')
+        #does this have to be tap for win??
+        args.append('tun')
+        args.append('--persist-tun')
+        args.append('--persist-key')
+        args.append('--remote')
+        args.append('testprovider.example.org')
+        # XXX get port!?
+        args.append('1194')
+        # XXX get proto
+        args.append('udp')
+        args.append('--tls-client')
+        args.append('--remote-cert-tls')
+        args.append('server')
+
         args.append('--user')
         args.append(username)
         args.append('--group')
@@ -55,16 +72,40 @@ class EIPConfigTest(BaseLeapTest):
         args.append('--management-client-user')
         args.append(username)
         args.append('--management-signal')
-        args.append('--management')
 
+        args.append('--management')
         #XXX hey!
         #get platform switches here!
         args.append('/tmp/.eip.sock')
         args.append('unix')
-        args.append('--config')
-        args.append(os.path.expanduser(
-            '~/.config/leap/providers/%s/openvpn.conf'
-            % constants.DEFAULT_TEST_PROVIDER))
+
+        # certs
+        # XXX get values from specs?
+        args.append('--cert')
+        args.append(os.path.join(
+            self.home,
+            '.config', 'leap', 'providers',
+            'testprovider.example.org',
+            'keys', 'client',
+            'openvpn.pem'))
+        args.append('--key')
+        args.append(os.path.join(
+            self.home,
+            '.config', 'leap', 'providers',
+            'testprovider.example.org',
+            'keys', 'client',
+            'openvpn.pem'))
+        args.append('--ca')
+        args.append(os.path.join(
+            self.home,
+            '.config', 'leap', 'providers',
+            'testprovider.example.org',
+            'keys', 'ca',
+            'testprovider-ca-cert.pem'))
+        #args.append('--config')
+        #args.append(os.path.expanduser(
+            #'~/.config/leap/providers/%s/openvpn.conf'
+            #% constants.DEFAULT_TEST_PROVIDER))
         return args
 
     # build command string
-- 
cgit v1.2.3