windows sux :)

go.mod

@@ -5,4 +5,5 @@ require (
 	github.com/onsi/gomega v1.5.0 // indirect
 	github.com/pyke369/golang-support v0.0.0-20190703174728-34ca97aa79e9
 	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
+	gopkg.in/ldap.v2 v2.5.1
 )

roadwarrior.conf

@@ -1,33 +1,43 @@
-#script-security 3
+# external files
-auth-user-pass-optional
+tls-auth          /etc/openvpn/tlsauth.key
+dh                /etc/openvpn/dh2048.pem
 ca                /usr/local/share/ca-certificates/Dailymotion.crt
 cert              /etc/ssl/certs/vpn.dailymotion.com-cert.pem
-user openvpn
-cipher aes-128-cbc
-dev vpnroadwarrior
-dev-type tun
-dh dh2048.pem
-ifconfig 192.168.200.0 192.168.207.255
-ifconfig-nowarn
-keepalive 10 120
 key               /etc/ssl/private/vpn.dailymotion.com-key.pem
+
+# local parameters
+port              41690
+tls-server
+mode              server
+ifconfig          192.168.200.1 255.255.248.0
+topology          subnet
+dev               vpnadmin
+dev-type          tun
+#local             188.65.121.190
+
+# security
+user              openvpn
+group             openvpn
+reneg-sec         43200
 management        127.0.0.1 4000
 management-client
 management-client-auth
-mode server
+auth-user-pass-optional
-group openvpn
+client-cert-not-required
-persist-key
+username-as-common-name
-persist-remote-ip
+
-persist-tun
+# push
-port 41690
-proto tcp-server
 push              "dhcp-option DNS 10.190.32.2"
 push              "dhcp-option DNS 10.190.32.20"
-push "topology p2p"
+push              "route-gateway 192.168.200.1"
-reneg-sec 43200
+push              "topology subnet"
-tls-auth tlsauth.key
+
-tls-server
+# crypto
-topology p2p
+cipher            aes-128-cbc
-username-as-common-name
+keepalive         10 120
-verb 4
+persist-key
-client-cert-not-required
+
+ifconfig-nowarn
+persist-remote-ip
+persist-tun
+verb              0

vpnsession.go

@@ -35,6 +35,7 @@ type vpnSession struct {
 	kID           int       `json:"-"`
 	port          int       `json:"-"`
 	dev           string    `json:"-"`
+	netmask       string    `json:"-"`
 	password      string    `json:"-"`
 	otpCode       string    `json:"-"`
 	localIP       string    `json:"-"`
@@ -74,9 +75,9 @@ func (c *vpnSession) baseHash(salt string, i int64) string {
 func (c *vpnSession) AddRoute(ip string) error {
 	var cmd *exec.Cmd
 	if os.Geteuid() == 0 {
-		cmd = exec.Command("/bin/ip", "route", "replace", ip, "dev", c.dev)
+		cmd = exec.Command("/bin/ip", "route", "replace", ip+"/32", "dev", c.dev)
 	} else {
-		cmd = exec.Command("/usr/bin/sudo", "/bin/ip", "route", "replace", ip, "dev", c.dev)
+		cmd = exec.Command("/usr/bin/sudo", "/bin/ip", "route", "replace", ip+"/32", "dev", c.dev)
 	}
 	return cmd.Run()
 }
@@ -180,6 +181,8 @@ func (c *vpnSession) ParseEnv(s *OpenVpnMgt, infos *[]string) error {
 			c.Login = r.ReplaceAllString(p[1], "")
 		case "dev":
 			c.dev = r.ReplaceAllString(p[1], "")
+		case "ifconfig_netmask":
+			c.netmask = r.ReplaceAllString(p[1], "")
 		}
 	}
 	return nil
@@ -208,7 +211,7 @@ func (c *vpnSession) Auth(s *OpenVpnMgt) {
 	case ok == 0:
 		cmd = []string{
 			fmt.Sprintf("client-auth %d %d", c.cID, c.kID),
-			fmt.Sprintf("ifconfig-push %s %s", ip, c.localIP),
+			fmt.Sprintf("ifconfig-push %s %s", ip, c.netmask),
 		}
 		for _, r := range s.ldap[c.Profile].routes {
 			cmd = append(cmd, fmt.Sprintf("push \"route %s vpn_gateway\"", r))