windows sux :)

2019-07-11 19:41:33 +02:00 · 2019-07-11 19:41:33 +02:00 · dbdbe8aef0
parent eba6749ada
commit dbdbe8aef0
3 changed files with 45 additions and 31 deletions
--- a/go.mod
+++ b/go.mod
@ -5,4 +5,5 @@ require (
 	github.com/onsi/gomega v1.5.0 // indirect
 	github.com/pyke369/golang-support v0.0.0-20190703174728-34ca97aa79e9
 	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
+	gopkg.in/ldap.v2 v2.5.1
 )
--- a/roadwarrior.conf
+++ b/roadwarrior.conf
@ -1,33 +1,43 @@
-#script-security 3
-auth-user-pass-optional
+# external files
+tls-auth          /etc/openvpn/tlsauth.key
+dh                /etc/openvpn/dh2048.pem
 ca                /usr/local/share/ca-certificates/Dailymotion.crt
 cert              /etc/ssl/certs/vpn.dailymotion.com-cert.pem
-user openvpn
-cipher aes-128-cbc
-dev vpnroadwarrior
-dev-type tun
-dh dh2048.pem
-ifconfig 192.168.200.0 192.168.207.255
-ifconfig-nowarn
-keepalive 10 120
 key               /etc/ssl/private/vpn.dailymotion.com-key.pem
+
+# local parameters
+port              41690
+tls-server
+mode              server
+ifconfig          192.168.200.1 255.255.248.0
+topology          subnet
+dev               vpnadmin
+dev-type          tun
+#local             188.65.121.190
+
+# security
+user              openvpn
+group             openvpn
+reneg-sec         43200
 management        127.0.0.1 4000
 management-client
 management-client-auth
-mode server
-group openvpn
-persist-key
-persist-remote-ip
-persist-tun
-port 41690
-proto tcp-server
+auth-user-pass-optional
+client-cert-not-required
+username-as-common-name
+
+# push
 push              "dhcp-option DNS 10.190.32.2"
 push              "dhcp-option DNS 10.190.32.20"
-push "topology p2p"
-reneg-sec 43200
-tls-auth tlsauth.key
-tls-server
-topology p2p
-username-as-common-name
-verb 4
-client-cert-not-required
+push              "route-gateway 192.168.200.1"
+push              "topology subnet"
+
+# crypto
+cipher            aes-128-cbc
+keepalive         10 120
+persist-key
+
+ifconfig-nowarn
+persist-remote-ip
+persist-tun
+verb              0
--- a/vpnsession.go
+++ b/vpnsession.go
@ -35,6 +35,7 @@ type vpnSession struct {
 	kID           int       `json:"-"`
 	port          int       `json:"-"`
 	dev           string    `json:"-"`
+	netmask       string    `json:"-"`
 	password      string    `json:"-"`
 	otpCode       string    `json:"-"`
 	localIP       string    `json:"-"`
@ -74,9 +75,9 @@ func (c *vpnSession) baseHash(salt string, i int64) string {
 func (c *vpnSession) AddRoute(ip string) error {
 	var cmd *exec.Cmd
 	if os.Geteuid() == 0 {
-		cmd = exec.Command("/bin/ip", "route", "replace", ip, "dev", c.dev)
+		cmd = exec.Command("/bin/ip", "route", "replace", ip+"/32", "dev", c.dev)
 	} else {
-		cmd = exec.Command("/usr/bin/sudo", "/bin/ip", "route", "replace", ip, "dev", c.dev)
+		cmd = exec.Command("/usr/bin/sudo", "/bin/ip", "route", "replace", ip+"/32", "dev", c.dev)
 	}
 	return cmd.Run()
 }
@ -180,6 +181,8 @@ func (c *vpnSession) ParseEnv(s *OpenVpnMgt, infos *[]string) error {
 			c.Login = r.ReplaceAllString(p[1], "")
 		case "dev":
 			c.dev = r.ReplaceAllString(p[1], "")
+		case "ifconfig_netmask":
+			c.netmask = r.ReplaceAllString(p[1], "")
 		}
 	}
 	return nil
@ -208,7 +211,7 @@ func (c *vpnSession) Auth(s *OpenVpnMgt) {
 	case ok == 0:
 		cmd = []string{
 			fmt.Sprintf("client-auth %d %d", c.cID, c.kID),
-			fmt.Sprintf("ifconfig-push %s %s", ip, c.localIP),
+			fmt.Sprintf("ifconfig-push %s %s", ip, c.netmask),
 		}
 		for _, r := range s.ldap[c.Profile].routes {
 			cmd = append(cmd, fmt.Sprintf("push \"route %s vpn_gateway\"", r))