Merge pull request #34 from RaspAP/bugfix/multiple-ovpn

Bugfix: multiple OpenVPN config handling
2023-10-10 13:37:24 +02:00 · 2021-06-08 20:31:26 +02:00 · 2021-06-08 20:31:26 +02:00 · 2fc30acbc5
commit 2fc30acbc5
parent eed50706d9 83c6e17970
8 changed files with 24 additions and 57 deletions
--- a/ajax/openvpn/activate_ovpncfg.php
+++ b/ajax/openvpn/activate_ovpncfg.php
@ -5,21 +5,14 @@ require_once '../../includes/functions.php';

 if (isset($_POST['cfg_id'])) {
    $ovpncfg_id = $_POST['cfg_id'];
-    $ovpncfg_path = pathinfo(RASPI_OPENVPN_CLIENT_CONFIG, PATHINFO_DIRNAME).'/';
-    $ovpncfg_files = $ovpncfg_path .$ovpncfg_id.'_*.conf';
+    $ovpncfg_client = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_client.conf';
+    $ovpncfg_login = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_login.conf';

-    // move currently active profile
-    $meta = file_get_meta(RASPI_OPENVPN_CLIENT_CONFIG,'#\sfilename\s(.*)');
-    $ovpncfg_client = $ovpncfg_path .$meta.'_client.conf';
-    $ovpncfg_login = $ovpncfg_path .$meta.'_login.conf';
-    exec("sudo mv ".RASPI_OPENVPN_CLIENT_CONFIG." $ovpncfg_client", $return);
-    exec("sudo mv ".RASPI_OPENVPN_CLIENT_LOGIN." $ovpncfg_login", $return);
-
-    // replace with selected profile
-    $ovpncfg_client = $ovpncfg_path .$ovpncfg_id.'_client.conf';
-    $ovpncfg_login = $ovpncfg_path .$ovpncfg_id.'_login.conf';
-    exec("sudo mv $ovpncfg_client ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
-    exec("sudo mv $ovpncfg_login ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
+    // remove existing client config +login and symbolically link the selected one
+    system("sudo rm ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+    system("sudo ln -s $ovpncfg_client ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+    system("sudo rm ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
+    system("sudo ln -s $ovpncfg_login ".RASPI_OPENVPN_CLIENT_LOGIN, $return);

    // restart service
    exec("sudo /bin/systemctl stop openvpn-client@client", $return);
--- a/config/config.php
+++ b/config/config.php
@ -18,9 +18,9 @@ define('RASPI_DHCPCD_CONFIG', '/etc/dhcpcd.conf');
 define('RASPI_WPA_SUPPLICANT_CONFIG', '/etc/wpa_supplicant/wpa_supplicant.conf');
 define('RASPI_HOSTAPD_CTRL_INTERFACE', '/var/run/hostapd');
 define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
+define('RASPI_OPENVPN_CLIENT_PATH', '/etc/openvpn/client/');
 define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
-define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
 define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
 define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
--- a/includes/defaults.php
+++ b/includes/defaults.php
@ -23,9 +23,9 @@ $defaults = [
  'RASPI_WPA_SUPPLICANT_CONFIG' => '/etc/wpa_supplicant/wpa_supplicant.conf',
  'RASPI_HOSTAPD_CTRL_INTERFACE' => '/var/run/hostapd',
  'RASPI_WPA_CTRL_INTERFACE' => '/var/run/wpa_supplicant',
+  'RASPI_OPENVPN_CLIENT_PATH' => '/etc/openvpn/client/',
  'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
  'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
-  'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
  'RASPI_WIREGUARD_PATH' => '/etc/wireguard/',
  'RASPI_WIREGUARD_CONFIG' => RASPI_WIREGUARD_PATH.'wg0.conf',
  'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
--- a/includes/functions.php
+++ b/includes/functions.php
@ -270,28 +270,6 @@ function file_get_meta($filename, $pattern)
    }
 }

-/**
- * Renames an openvpn client config with the 'filename' header comment
- *
- * @param string file
- * @return boolean
- */
-function file_move_config($file)
-{
-    if(file_exists($file)) {
-        $file_data = file_get_contents($file);
-        preg_match('/^#\sfilename\s(.*)/i', $file_data, $matched);
-        $renamed = pathinfo($file, PATHINFO_DIRNAME).'/'.
-            $matched[1] .'_'.pathinfo($file, PATHINFO_FILENAME).'.'.
-            pathinfo($file, PATHINFO_EXTENSION);
-        if (!file_exists($renamed)) {
-            $return = system("sudo mv $file $renamed", $return);
-        } else {
-            return false;
-        }
-    }
-}
-
 /**
 * Callback function for array_filter
 *
--- a/includes/openvpn.php
+++ b/includes/openvpn.php
@ -53,7 +53,7 @@ function DisplayOpenVPNConfig()
        $authUser = current($auth);
        $authPassword = next($auth);
    }
-    $clients = preg_grep('/client.(conf)$/', scandir(pathinfo(RASPI_OPENVPN_CLIENT_CONFIG, PATHINFO_DIRNAME)));
+    $clients = preg_grep('/_client.(conf)$/', scandir(pathinfo(RASPI_OPENVPN_CLIENT_CONFIG, PATHINFO_DIRNAME)));

    $logEnable = 0;
    if (!empty($_POST) && !isset($_POST['log-openvpn'])) {
@ -158,36 +158,34 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
            throw new RuntimeException('Unable to move uploaded file');
        }

-
        // Good file upload, update auth credentials if present
-        $prepend = '# filename '.pathinfo($file['name'], PATHINFO_FILENAME) .PHP_EOL;
        if (!empty($authUser) && !empty($authPassword)) {
            $auth_flag = 1;
            // Move tmp authdata to /etc/openvpn/login.conf
            $auth.= $authUser .PHP_EOL . $authPassword .PHP_EOL;
            file_put_contents($tmp_authdata, $auth);
-            file_prepend_data($tmp_authdata, $prepend);
-            file_move_config(RASPI_OPENVPN_CLIENT_LOGIN);
            chmod($tmp_authdata, 0644);
-            system("sudo cp $tmp_authdata " . RASPI_OPENVPN_CLIENT_LOGIN, $return);
+            $client_auth = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_login.conf';
+            system("sudo cp $tmp_authdata $client_auth", $return);
+            system("sudo rm ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
+            system("sudo ln -s $client_auth ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
            if ($return !=0) {
                $status->addMessage('Unable to save client auth credentials', 'danger');
            }
        }

-        // Prepend filname tag to .ovpn client config
-        file_prepend_data($tmp_ovpnclient, $prepend);
-
        // Set iptables rules and, optionally, auth-user-pass
        exec("sudo /etc/raspap/openvpn/configauth.sh $tmp_ovpnclient $auth_flag " .$_SESSION['ap_interface'], $return);
        foreach ($return as $line) {
            $status->addMessage($line, 'info');
        }

-        // Copy tmp client config to /etc/openvpn/client
-        file_move_config(RASPI_OPENVPN_CLIENT_CONFIG);
+        $client_ovpn = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_client.conf';
        chmod($tmp_ovpnclient, 0644);
-        system("sudo cp $tmp_ovpnclient " . RASPI_OPENVPN_CLIENT_CONFIG, $return);
+        system("sudo cp $tmp_ovpnclient $client_ovpn", $return);
+        system("sudo rm ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+        system("sudo ln -s $client_ovpn ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+
        if ($return ==0) {
            $status->addMessage('OpenVPN client.conf uploaded successfully', 'info');
        } else {
--- a/installers/openvpnlog.sh
+++ b/installers/openvpnlog.sh
@ -1,3 +1,3 @@
 #!/bin/bash
 touch /tmp/openvpn.log
-grep -m 100 openvpn /var/log/syslog | sudo tee /tmp/openvpn.log
+journalctl |grep -m 200 openvpn | sudo tee /tmp/openvpn.log
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@ -20,9 +20,9 @@ www-data ALL=(ALL) NOPASSWD:/bin/systemctl start openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl enable openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl disable openvpn-client@client
-www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf
-www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf
-www-data ALL=(ALL) NOPASSWD:/bin/mv /etc/openvpn/client/*.conf /etc/openvpn/client/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/*.conf
+www-data ALL=(ALL) NOPASSWD:/usr/bin/ln -s /etc/openvpn/client/*.conf /etc/openvpn/client/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/openvpn/client/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/dnsmasq.d/090_*.conf
--- a/templates/openvpn/general.php
+++ b/templates/openvpn/general.php
@ -64,9 +64,7 @@
         </div>
      </div> <!-- col -->
    </div><!-- col-8 -->
-    <div class="col-sm-auto">
-      <a href="https://go.nordvpn.net/aff_c?offer_id=15&aff_id=36402&url_id=902"><img src="app/img/no-trace-200x200.png" class="float-left mb-3 mt-3"></a>
-    </div>
+    <div class="col-sm-auto"></div>
  </div><!-- /.row -->
 </div><!-- /.tab-pane | general tab -->