public function setVootToken($userId, $vootToken)
{
$vootFile = sprintf('%s/%s', $this->vootDir, $userId);
FileIO::writeFile($vootFile, $vootToken, 0644);
}
$opt = $p->parse($argv);
if ($opt->e('help')) {
echo $p->help();
exit(0);
}
// detect all instances
$configList = [];
$configDir = sprintf('%s/config', dirname(__DIR__));
foreach (glob(sprintf('%s/*', $configDir), GLOB_ONLYDIR | GLOB_ERR) as $instanceDir) {
$instanceId = basename($instanceDir);
$configList[$instanceId] = InstanceConfig::fromFile(sprintf('%s/%s/config.yaml', $configDir, $instanceId));
}
$firewall = Firewall::getFirewall4($configList);
$firewall6 = Firewall::getFirewall6($configList);
if ($opt->e('install')) {
FileIO::writeFile('/etc/sysconfig/iptables', $firewall, 0600);
FileIO::writeFile('/etc/sysconfig/ip6tables', $firewall6, 0600);
} else {
echo '##########################################' . PHP_EOL;
echo '# IPv4' . PHP_EOL;
echo '##########################################' . PHP_EOL;
echo $firewall;
echo '##########################################' . PHP_EOL;
echo '# IPv6' . PHP_EOL;
echo '##########################################' . PHP_EOL;
echo $firewall6;
}
} catch (Exception $e) {
echo sprintf('ERROR: %s', $e->getMessage()) . PHP_EOL;
exit(1);
}
private function writeProcess($instanceId, $poolId, PoolConfig $poolConfig, array $processConfig)
{
$tlsDir = sprintf('/etc/openvpn/tls/%s', $instanceId);
$rangeIp = new IP($processConfig['range']);
$range6Ip = new IP($processConfig['range6']);
// static options
$serverConfig = ['# OpenVPN Server Configuration', 'verb 3', 'dev-type tun', 'user openvpn', 'group openvpn', 'topology subnet', 'persist-key', 'persist-tun', 'keepalive 10 60', 'comp-lzo no', 'remote-cert-tls client', 'tls-version-min 1.2', 'tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA', 'auth SHA256', 'cipher AES-256-CBC', 'client-connect /usr/sbin/vpn-server-api-client-connect', 'client-disconnect /usr/sbin/vpn-server-api-client-disconnect', 'push "comp-lzo no"', 'push "explicit-exit-notify 3"', sprintf('ca %s/ca.crt', $tlsDir), sprintf('cert %s/server.crt', $tlsDir), sprintf('key %s/server.key', $tlsDir), sprintf('dh %s/dh.pem', $tlsDir), sprintf('tls-auth %s/ta.key 0', $tlsDir), sprintf('server %s %s', $rangeIp->getNetwork(), $rangeIp->getNetmask()), sprintf('server-ipv6 %s', $range6Ip->getAddressPrefix()), sprintf('max-clients %d', $rangeIp->getNumberOfHosts() - 1), sprintf('script-security %d', $poolConfig->v('twoFactor') ? 3 : 2), sprintf('dev %s', $processConfig['dev']), sprintf('port %d', $processConfig['port']), sprintf('management %s %d', $processConfig['managementIp'], $processConfig['managementPort']), sprintf('setenv INSTANCE_ID %s', $instanceId), sprintf('setenv POOL_ID %s', $poolId), sprintf('proto %s', 'tcp' === $processConfig['proto'] ? 'tcp-server' : 'udp'), sprintf('local %s', 'tcp' === $processConfig['proto'] ? $processConfig['managementIp'] : $poolConfig->v('listen')), sprintf('reneg-sec %d', $poolConfig->v('twoFactor') ? 28800 : 3600)];
if (!$poolConfig->v('enableLog')) {
$serverConfig[] = 'log /dev/null';
}
if ('tcp' === $processConfig['proto']) {
$serverConfig[] = 'tcp-nodelay';
}
if ($poolConfig->v('twoFactor')) {
$serverConfig[] = 'auth-user-pass-verify /usr/sbin/vpn-server-api-verify-otp via-env';
}
// Routes
$serverConfig = array_merge($serverConfig, self::getRoutes($poolConfig));
// DNS
$serverConfig = array_merge($serverConfig, self::getDns($poolConfig));
// Client-to-client
$serverConfig = array_merge($serverConfig, self::getClientToClient($poolConfig));
sort($serverConfig, SORT_STRING);
$configFile = sprintf('%s/%s', $this->vpnConfigDir, $processConfig['configName']);
FileIO::writeFile($configFile, implode(PHP_EOL, $serverConfig), 0600);
}
public function setDisabled($commonName)
{
$disableFile = sprintf('%s/%s', $this->disableDir, $commonName);
FileIO::writeFile($disableFile, time(), 0644);
}
