Attempt to provide client configuration for VPN Service
diff --git a/xos/observers/vpn/steps/sync_vpntenant.yaml b/xos/observers/vpn/steps/sync_vpntenant.yaml
index 4297fce..a8c3e71 100644
--- a/xos/observers/vpn/steps/sync_vpntenant.yaml
+++ b/xos/observers/vpn/steps/sync_vpntenant.yaml
@@ -8,13 +8,16 @@
- name: install openvpn
apt: name=openvpn state=present update_cache=yes
- - name: clear key
- shell: echo "" > "static.key"
+ - name: erase key
+ shell: rm static.key
- name: write key
shell: echo {{ '{{' }} item {{ '}}' }} >> static.key
with_items: "{{ server_key }}"
+ - name: erase config
+ shell: rm server.conf
+
- name: write config
shell:
|
diff --git a/xos/services/vpn/admin.py b/xos/services/vpn/admin.py
index f8a1e94..2a53bc5 100644
--- a/xos/services/vpn/admin.py
+++ b/xos/services/vpn/admin.py
@@ -41,11 +41,15 @@
class VPNTenantForm(forms.ModelForm):
creator = forms.ModelChoiceField(queryset=User.objects.all())
server_key = forms.CharField(required=False, widget=forms.Textarea)
+ client_conf = forms.CharField(required=False, widget=forms.Textarea)
+ server_address = forms.GenericIPAddressField(protocol='IPv4', required=True)
+ client_address = forms.GenericIPAddressField(protocol='IPv4', required=True)
def __init__(self, *args, **kwargs):
super(VPNTenantForm, self).__init__(*args, **kwargs)
self.fields['kind'].widget.attrs['readonly'] = True
self.fields['server_key'].widget.attrs['readonly'] = True
+ self.fields['client_conf'].widget.attrs['readonly'] = True
self.fields[
'provider_service'].queryset = VPNService.get_service_objects().all()
@@ -54,16 +58,24 @@
if self.instance:
self.fields['creator'].initial = self.instance.creator
self.fields['server_key'].initial = self.instance.server_key
+ self.fields['client_conf'].initial = self.instance.client_conf
+ self.fields['server_address'].initial = self.instance.server_address
+ self.fields['client_address'].initial = self.instance.client_address
if (not self.instance) or (not self.instance.pk):
self.fields['creator'].initial = get_request().user
self.fields['server_key'].initial = self.generate_VPN_key()
+ self.fields['server_address'].initial = "10.8.0.1"
+ self.fields['client_address'].initial = "10.8.0.2"
if VPNService.get_service_objects().exists():
self.fields["provider_service"].initial = VPNService.get_service_objects().all()[0]
def save(self, commit=True):
self.instance.creator = self.cleaned_data.get("creator")
self.instance.server_key = self.cleaned_data.get("server_key")
+ self.instance.server_address = self.cleaned_data.get("server_address")
+ self.instance.client_address = self.cleaned_data.get("client_address")
+ self.instance.client_conf = self.generate_client_conf()
return super(VPNTenantForm, self).save(commit=commit)
def generate_VPN_key(self):
@@ -71,6 +83,17 @@
(stdout, stderr) = proc.communicate()
return stdout
+ def generate_client_conf(self):
+ conf = "remote " + self.instance.nat_ip + "\n"
+ conf += "dev tun\n"
+ conf += "ifconfig " + self.instance.client_address + " " + self.instance.server_address + "\n"
+ conf += "secret static.key\n"
+ conf += "keepalive 10 60\n"
+ conf += "ping-timer-rem\n"
+ conf += "persist-tun\n"
+ conf += "persist-key"
+ return conf
+
class Meta:
model = VPNTenant
@@ -80,7 +103,8 @@
list_display_links = ('id', 'backend_status_icon', 'instance')
fieldsets = [(None, {'fields': ['backend_status_text', 'kind',
'provider_service', 'instance', 'creator',
- 'server_key'],
+ 'server_key', 'client_conf',
+ 'server_address', 'client_address'],
'classes': ['suit-tab suit-tab-general']})]
readonly_fields = ('backend_status_text', 'instance')
form = VPNTenantForm
diff --git a/xos/services/vpn/models.py b/xos/services/vpn/models.py
index c6d0d11..befc586 100644
--- a/xos/services/vpn/models.py
+++ b/xos/services/vpn/models.py
@@ -22,7 +22,10 @@
sync_attributes = ("nat_ip", "nat_mac",)
- default_attributes = {'server_key': 'Error key not found'}
+ default_attributes = {'server_key': 'Error key not found',
+ 'client_conf': 'Configuration not found',
+ 'server_address': '10.8.0.1',
+ 'client_address': '10.8.0.2'}
def __init__(self, *args, **kwargs):
vpn_services = VPNService.get_service_objects().all()
@@ -73,6 +76,36 @@
def nat_mac(self):
return self.addresses.get("nat", (None, None))[1]
+ @property
+ def server_address(self):
+ return self.get_attribute(
+ 'server_address',
+ self.default_attributes['server_address'])
+
+ @server_address.setter
+ def server_address(self, value):
+ self.set_attribute("server_address", value)
+
+ @property
+ def client_address(self):
+ return self.get_attribute(
+ 'client_address',
+ self.default_attributes['client_address'])
+
+ @client_address.setter
+ def client_address(self, value):
+ self.set_attribute("client_address", value)
+
+ @property
+ def client_conf(self):
+ return self.get_attribute(
+ "client_conf",
+ self.default_attributes['client_conf'])
+
+ @client_conf.setter
+ def client_conf(self, value):
+ self.set_attribute("client_conf", value)
+
def model_policy_vpn_tenant(pk):
# This section of code is atomic to prevent race conditions