windows sux :)

2019-07-11 19:41:33 +02:00 · 2019-07-11 19:41:33 +02:00 · dbdbe8aef0
parent eba6749ada
commit dbdbe8aef0
3 changed files with 45 additions and 31 deletions
--- a/go.mod
+++ b/go.mod
@ -5,4 +5,5 @@ require (
 	github.com/onsi/gomega v1.5.0 // indirect
 	github.com/pyke369/golang-support v0.0.0-20190703174728-34ca97aa79e9
 	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
 	gopkg.in/ldap.v2 v2.5.1
 )
--- a/roadwarrior.conf
+++ b/roadwarrior.conf
@ -1,33 +1,43 @@
-#script-security 3
+# external files
-auth-user-pass-optional
+tls-auth          /etc/openvpn/tlsauth.key
-ca /usr/local/share/ca-certificates/Dailymotion.crt
+dh                /etc/openvpn/dh2048.pem
-cert /etc/ssl/certs/vpn.dailymotion.com-cert.pem
+ca                /usr/local/share/ca-certificates/Dailymotion.crt
-user openvpn
+cert              /etc/ssl/certs/vpn.dailymotion.com-cert.pem
-cipher aes-128-cbc
+key               /etc/ssl/private/vpn.dailymotion.com-key.pem
-dev vpnroadwarrior
+
-dev-type tun
+# local parameters
-dh dh2048.pem
+port              41690
-ifconfig 192.168.200.0 192.168.207.255
+tls-server
-ifconfig-nowarn
+mode              server
-keepalive 10 120
+ifconfig          192.168.200.1 255.255.248.0
-key /etc/ssl/private/vpn.dailymotion.com-key.pem
+topology          subnet
-management 127.0.0.1 4000
+dev               vpnadmin
 dev-type          tun
 #local             188.65.121.190
 # security
 user              openvpn
 group             openvpn
 reneg-sec         43200
 management        127.0.0.1 4000
 management-client
 management-client-auth
-mode server
+auth-user-pass-optional
-group openvpn
+client-cert-not-required
 username-as-common-name
 # push
 push              "dhcp-option DNS 10.190.32.2"
 push              "dhcp-option DNS 10.190.32.20"
 push              "route-gateway 192.168.200.1"
 push              "topology subnet"
 # crypto
 cipher            aes-128-cbc
 keepalive         10 120
 persist-key
 ifconfig-nowarn
 persist-remote-ip
 persist-tun
-port 41690
+verb              0
 proto tcp-server
 push "dhcp-option DNS 10.190.32.2"
 push "dhcp-option DNS 10.190.32.20"
 push "topology p2p"
 reneg-sec 43200
 tls-auth tlsauth.key
 tls-server
 topology p2p
 username-as-common-name
 verb 4
 client-cert-not-required
--- a/vpnsession.go
+++ b/vpnsession.go
@ -35,6 +35,7 @@ type vpnSession struct {
 	kID           int       `json:"-"`
 	port          int       `json:"-"`
 	dev           string    `json:"-"`
 	netmask       string    `json:"-"`
 	password      string    `json:"-"`
 	otpCode       string    `json:"-"`
 	localIP       string    `json:"-"`
@ -74,9 +75,9 @@ func (c *vpnSession) baseHash(salt string, i int64) string {
 func (c *vpnSession) AddRoute(ip string) error {
 	var cmd *exec.Cmd
 	if os.Geteuid() == 0 {
-		cmd = exec.Command("/bin/ip", "route", "replace", ip, "dev", c.dev)
+		cmd = exec.Command("/bin/ip", "route", "replace", ip+"/32", "dev", c.dev)
 	} else {
-		cmd = exec.Command("/usr/bin/sudo", "/bin/ip", "route", "replace", ip, "dev", c.dev)
+		cmd = exec.Command("/usr/bin/sudo", "/bin/ip", "route", "replace", ip+"/32", "dev", c.dev)
 	}
 	return cmd.Run()
 }
@ -180,6 +181,8 @@ func (c *vpnSession) ParseEnv(s *OpenVpnMgt, infos *[]string) error {
 			c.Login = r.ReplaceAllString(p[1], "")
 		case "dev":
 			c.dev = r.ReplaceAllString(p[1], "")
 		case "ifconfig_netmask":
 			c.netmask = r.ReplaceAllString(p[1], "")
 		}
 	}
 	return nil
@ -208,7 +211,7 @@ func (c *vpnSession) Auth(s *OpenVpnMgt) {
 	case ok == 0:
 		cmd = []string{
 			fmt.Sprintf("client-auth %d %d", c.cID, c.kID),
-			fmt.Sprintf("ifconfig-push %s %s", ip, c.localIP),
+			fmt.Sprintf("ifconfig-push %s %s", ip, c.netmask),
 		}
 		for _, r := range s.ldap[c.Profile].routes {
 			cmd = append(cmd, fmt.Sprintf("push \"route %s vpn_gateway\"", r))