public function get($dateTimeUnix, $ipAddress)
{
$returnData = [];
$logFile = sprintf('%s/log.json', $this->dataDir);
$logData = FileIO::readJsonFile($logFile);
foreach ($logData['entries'] as $k => $v) {
$connectTime = $v['connect_time'];
$disconnectTime = array_key_exists('disconnect_time', $v) ? $v['disconnect_time'] : null;
if ($connectTime <= $dateTimeUnix && (is_null($disconnectTime) || $disconnectTime >= $dateTimeUnix)) {
// XXX edge cases? still connected? just disconnected?
$v4 = $v['v4'];
$v6 = $v['v6'];
if ($v4 === $ipAddress || $v6 === $ipAddress) {
$returnData[] = ['user_id' => $v['user_id'], 'v4' => $v4, 'v6' => $v6, 'config_name' => $v['config_name'], 'connect_time' => $connectTime, 'disconnect_time' => $disconnectTime];
}
}
}
// XXX could there actually be multiple results?
return $returnData;
}
public function setVootToken($userId, $vootToken)
{
$vootFile = sprintf('%s/%s', $this->vootDir, $userId);
FileIO::writeFile($vootFile, $vootToken, 0644);
}
reset($timeConnection);
$maxConcurrentConnections = 0;
$maxConcurrentConnectionsTime = 0;
$concurrentConnections = 0;
foreach ($timeConnection as $unixTime => $eventArray) {
foreach ($eventArray as $event) {
if ('C' === $event) {
++$concurrentConnections;
if ($concurrentConnections > $maxConcurrentConnections) {
$maxConcurrentConnections = $concurrentConnections;
$maxConcurrentConnectionsTime = $unixTime;
}
} else {
--$concurrentConnections;
}
}
}
$totalTraffic = 0;
// convert the user list in unique user count for that day, rework array
// key and determine total amount of traffic
foreach ($statsData as $date => $entry) {
$statsData[$date]['date'] = $date;
$statsData[$date]['unique_user_count'] = count($entry['user_list']);
unset($statsData[$date]['user_list']);
$totalTraffic += $entry['traffic'];
}
FileIO::writeJsonFile($outFile, ['days' => array_values($statsData), 'total_traffic' => $totalTraffic, 'generated_at' => time(), 'max_concurrent_connections' => $maxConcurrentConnections, 'max_concurrent_connections_time' => $maxConcurrentConnectionsTime, 'first_entry' => $firstEntryTime, 'last_entry' => $lastEntryTime, 'unique_users' => count($uniqueUsers)], 0644);
} catch (Exception $e) {
echo sprintf('ERROR: %s', $e->getMessage()) . PHP_EOL;
exit(1);
}
private function writeProcess($instanceId, $poolId, PoolConfig $poolConfig, array $processConfig)
{
$tlsDir = sprintf('/etc/openvpn/tls/%s', $instanceId);
$rangeIp = new IP($processConfig['range']);
$range6Ip = new IP($processConfig['range6']);
// static options
$serverConfig = ['# OpenVPN Server Configuration', 'verb 3', 'dev-type tun', 'user openvpn', 'group openvpn', 'topology subnet', 'persist-key', 'persist-tun', 'keepalive 10 60', 'comp-lzo no', 'remote-cert-tls client', 'tls-version-min 1.2', 'tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA', 'auth SHA256', 'cipher AES-256-CBC', 'client-connect /usr/sbin/vpn-server-api-client-connect', 'client-disconnect /usr/sbin/vpn-server-api-client-disconnect', 'push "comp-lzo no"', 'push "explicit-exit-notify 3"', sprintf('ca %s/ca.crt', $tlsDir), sprintf('cert %s/server.crt', $tlsDir), sprintf('key %s/server.key', $tlsDir), sprintf('dh %s/dh.pem', $tlsDir), sprintf('tls-auth %s/ta.key 0', $tlsDir), sprintf('server %s %s', $rangeIp->getNetwork(), $rangeIp->getNetmask()), sprintf('server-ipv6 %s', $range6Ip->getAddressPrefix()), sprintf('max-clients %d', $rangeIp->getNumberOfHosts() - 1), sprintf('script-security %d', $poolConfig->v('twoFactor') ? 3 : 2), sprintf('dev %s', $processConfig['dev']), sprintf('port %d', $processConfig['port']), sprintf('management %s %d', $processConfig['managementIp'], $processConfig['managementPort']), sprintf('setenv INSTANCE_ID %s', $instanceId), sprintf('setenv POOL_ID %s', $poolId), sprintf('proto %s', 'tcp' === $processConfig['proto'] ? 'tcp-server' : 'udp'), sprintf('local %s', 'tcp' === $processConfig['proto'] ? $processConfig['managementIp'] : $poolConfig->v('listen')), sprintf('reneg-sec %d', $poolConfig->v('twoFactor') ? 28800 : 3600)];
if (!$poolConfig->v('enableLog')) {
$serverConfig[] = 'log /dev/null';
}
if ('tcp' === $processConfig['proto']) {
$serverConfig[] = 'tcp-nodelay';
}
if ($poolConfig->v('twoFactor')) {
$serverConfig[] = 'auth-user-pass-verify /usr/sbin/vpn-server-api-verify-otp via-env';
}
// Routes
$serverConfig = array_merge($serverConfig, self::getRoutes($poolConfig));
// DNS
$serverConfig = array_merge($serverConfig, self::getDns($poolConfig));
// Client-to-client
$serverConfig = array_merge($serverConfig, self::getClientToClient($poolConfig));
sort($serverConfig, SORT_STRING);
$configFile = sprintf('%s/%s', $this->vpnConfigDir, $processConfig['configName']);
FileIO::writeFile($configFile, implode(PHP_EOL, $serverConfig), 0600);
}
$opt = $p->parse($argv);
if ($opt->e('help')) {
echo $p->help();
exit(0);
}
// detect all instances
$configList = [];
$configDir = sprintf('%s/config', dirname(__DIR__));
foreach (glob(sprintf('%s/*', $configDir), GLOB_ONLYDIR | GLOB_ERR) as $instanceDir) {
$instanceId = basename($instanceDir);
$configList[$instanceId] = InstanceConfig::fromFile(sprintf('%s/%s/config.yaml', $configDir, $instanceId));
}
$firewall = Firewall::getFirewall4($configList);
$firewall6 = Firewall::getFirewall6($configList);
if ($opt->e('install')) {
FileIO::writeFile('/etc/sysconfig/iptables', $firewall, 0600);
FileIO::writeFile('/etc/sysconfig/ip6tables', $firewall6, 0600);
} else {
echo '##########################################' . PHP_EOL;
echo '# IPv4' . PHP_EOL;
echo '##########################################' . PHP_EOL;
echo $firewall;
echo '##########################################' . PHP_EOL;
echo '# IPv6' . PHP_EOL;
echo '##########################################' . PHP_EOL;
echo $firewall6;
}
} catch (Exception $e) {
echo sprintf('ERROR: %s', $e->getMessage()) . PHP_EOL;
exit(1);
}
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
require_once sprintf('%s/vendor/autoload.php', dirname(__DIR__));
use SURFnet\VPN\Server\OtpLog;
use SURFnet\VPN\Common\CliParser;
use SURFnet\VPN\Common\FileIO;
try {
$p = new CliParser('Initialize the OTP key storage', ['instance' => ['the instance', true, true]]);
$opt = $p->parse($argv);
if ($opt->e('help')) {
echo $p->help();
exit(0);
}
$vpnDataDir = sprintf('%s/openvpn-data/%s', dirname(__DIR__), $opt->v('instance'));
// create VPN directory if it does not yet exist
FileIO::createDir($vpnDataDir, 0711);
$db = new PDO(sprintf('sqlite://%s/otp.sqlite', $vpnDataDir));
$otpLog = new OtpLog($db);
$otpLog->init();
} catch (Exception $e) {
echo sprintf('ERROR: %s', $e->getMessage()) . PHP_EOL;
exit(1);
}
public function setEnabled($commonName)
{
$disableFile = sprintf('%s/%s', $this->disableDir, $commonName);
FileIO::deleteFile($disableFile);
}
// XXX if an error occurred decoding the message, it was
// probably a log error message, ignore them for now, but later we
// will need them as well!
continue;
}
if (!verifyMessage($messageData, 'disconnect')) {
continue;
}
$instanceId = $messageData['INSTANCE_ID'];
$poolId = $messageData['POOL_ID'];
$logKey = sprintf('%s:%s:%s', $poolId, $messageData['common_name'], $messageData['time_unix']);
// XXX what if instanceId key does not exist?
if (!array_key_exists($logKey, $logData[$instanceId])) {
// XXX we did not find a matching connect entry...
// just ignore it
continue;
}
$dataTransferred = $messageData['bytes_sent'] + $messageData['bytes_received'];
$logData[$instanceId][$logKey] = array_merge($logData[$instanceId][$logKey], ['disconnect_time' => $messageData['time_unix'] + intval($messageData['time_duration']), 'traffic' => $dataTransferred]);
}
}
foreach ($logData as $instanceId => $logEntries) {
$logFile = sprintf('%s/data/%s/log.json', dirname(__DIR__), $instanceId);
$logDir = dirname($logFile);
FileIO::createDir($logDir, 0711);
FileIO::writeJsonFile($logFile, ['entries' => array_values($logEntries)], 0644);
}
} catch (Exception $e) {
echo sprintf('ERROR: %s', $e->getMessage()) . PHP_EOL;
exit(1);
}
