OpenVPN HOWTO?

    • Re: OpenVPN HOWTO?

      ptruman,

      Thanks a lot. I was able to get up and running with that. I just have one final issue to resolve and was wondering if you would know how to fix it:

      I am successfully opening my OpenVPN connection from work, and I can see my home shares, browse the web fine, etc. However, once the VPN connection is established, I can no longer connect to machines in my work network. My OpenVPN client is Tunnelblick running on Mac OS X (10.8).

      My work network uses the 10.* address space, my home network uses the 192.168.* address space, and the VPN server is configured with the 172.* space (as shown in the screenshot attached). So there shouldn't be a conflict. I am actually not sure if this is a Mac issue, a Tunnelblick issue, or a VPN server issue. Any light you can shed would be appreciated.
      Files
    • Re: OpenVPN HOWTO?

      Heh, I am mr_pete on the old forum. Should probably request Volker rename my account :)

      As you can see in your pic, you've selected "All Network Traffic" - so when OpenVPN starts, it sets up a route with high priority for all traffic, and shunts it over the OpenVPN interface.

      Technically this is good, as otherwise you can get "leaky" traffic (i.e. you try to visit gaming.com and your DNS request might go to your corporate LAN, or your web traffic via your work proxy - getting you (or your traffic) in trouble).

      If you look in /etc/openvpn/omv.conf file, you will probably see

      push "redirect-gateway def1 bypass-dhcp"

      or something similar - that is forcing all your traffic over the VPN, as intended.
      Change the "All Network Traffic" to "Local Network" or "Server Only" and ONLY your VPN LAN (i.e. home network) traffic will go over the VPN. Everything else will go "as it was".

      Obviously you need to ensure your VPN Client (Tunnelblick) doesn't clash with the server config :)
    • Re: OpenVPN HOWTO?

      Thanks mr_pete. Unfortunately, the only option available in the plugin's dropdown is "All network traffic", there are no other options :? . I am running the latest version of OMV and the latest version of the plugin as far as I know. I can manually change the config file if I knew what the other two options translate to when it comes to the config file (could you post your config file for those?) thanks a bunch.
    • Re: OpenVPN HOWTO?

      Hi,

      Same Problem here. In former openvpn worked on my omv-nas. I had to do a fresh install of omv, because my hdd died and now I have only the entwork-to-network option.

      Please do a bugfix, since I really need openvpn to work in roadwarrior mode (multiple clients to my nas).

      This really is a bug and needs to be fixed. As I stated I used openvpn on the same machine in that mode before, so it hase to work again now.

      Is it somehow possible to downgrade to an older version?

      Please need fast help, because i need vpn on monday!
    • Re: OpenVPN HOWTO?

      The plugin creates what is called a routed VPN. It will not broadcast any network info. thru the connection. So if you are on a Windows machine and browse thru the network you will not be able to veiw the machines via this type of connection. To do this you need bridged VPN. In routed vpn the vpn server sets up another subnet connected to the local network your omv is on and routes data thru that subnet from the local network to the connected vpn client. The connected vpn client is assigned an address on the subnet created by the openvpn server. In this example below the client would have an address of like 10.8.0.6 with traffic routed to it from the local network(192.168.1.x) via the openvpn server.

      1) Install OpenVPN plugin
      2) Goto Open VPN plugin in web-gui click on Create Ceftificate Authority, click on next, fill in various fields and click on next.
      3) Choose which volume you want the VPN cofiguration to be saved on and click on next.
      4) Click on Generate Server Certificate and then click on finish.
      5) Do not alter any default currently setup.
      5a) Then put check in enable.
      5b) Put check in require authentication.
      5c) Under VPN access/ Public Address put the wan ip the local network your omv is on. You can put "what is my ip" into google to figure out your current address. If your internet service provider has given you a fixed ip you are ok. If not you should sign up for a service like dyndns to deal with dynamic ips (this is whole diff topic).
      5d) Under VPN Network /Route you need to choose what you want to connect to (i.e. just the server (OMV only), the local network (i.e. if you want to connect to other machines on the local network besides just your OMV), or all network traffic (this is good if you are in a public wifi hotspot. a secure vpn connection to your home network will be created and all your traffic will go thru this tunnel. Even your internet browsing so you can securely view the internet from a wifi hotspot).
      5e) Under VPN Network /Address put 10.8.0.0 if your OMV's network is 192.168.1.1
      5f)Then put in DNS server, which is usually the ip address or your router. Click on OK.
      6) Now that you saved all settings on that page click on tab at the top that says Client Certificates. Then click on new and then click on next. Select a OMV user you want to be able to connect via OpenVPN to your OMV's network. Then click on next. Fill in various fields and click on next. Click on finish.
      7) Now highlight the user certificate you just created and then click on Generate Config. Click on next. Choose Operating system of client machine (the one that will be remotely connecting). I'm assuming windows cuz this example will be for windows. Click on finish. This will download a zipped file to your machine. You may have a default download place or choose where to download it.
      8) Go to openvpn.net and click on community. Put cursor over downloads and select community downloads. Here is link:
      openvpn.net/index.php/download/community-downloads.html
      Most recent client is OpenVPN 2.3 scroll down and choose the 32bit or 64 bit installer depending on if your client machine (the one remotely connecting) is 32 bit or 64 bit. Install that on your client machine.
      9) Now go back and get the zip folder client certificate that you downloaded and move the file to your client machine. On your client machine click on the zipped file to open it up and view the contents. Highlight all the contents and then right click and then click on copy. Then go to:
      c:/Program Files/OpenVPN/config
      and paste the contents of the zipped file into that location.
      10) On router of local network where your OMV is forward port 1194 UDP to your OMV machine. If you enabled firewall on OMV ALLOW port 1194 UDP.
      11) In OMV Web-GUI go to /Access Rights Management /User then on the right window highlight the user you plan to use with OpenVPN and click on edit.
      Then make sure you add the user to the openvpn group. Do this with all users you plan to use.
      12) Now on client machine you should be able to click on the icon created when you installed the OpenVPN client software downloaded from the OpenVPN.net site and it should bring up a authentication screen to your OMV's network. Enter user name and password for the user you created the Client Certificates. The icon in the system tray should turn green when a connection is established. Once connected on the client machine pull up a command prompt and ping the router of your omv's network by using "ping 192.168.1.1". You should get a response if you used local netork, or all traffic, in the setup(won't work if you used server only)

      This was done pretty fast. There may be some errors, and I'm world's worst typist, but it gives you the basics. If you make a mistake and want to start over just go to the volume where you installed the certs, etc... There wil be an openvpn-keystore folder. You can simply delete this folder to start over. If you encounter any errors you can uninstall the plugin and reinstall. Good Luck....
    • Re: OpenVPN HOWTO?

      scopeye, I cannot reproduce the issues you are having. I was able to reproduce the issues ice.man had with creating Client Certificates but not the issue with the dropdown box missing 2 parameters. Did you try clearing out your browser cache? Did you try from another browser or another computer to access omv and create the openvpn server?
    • Re: OpenVPN HOWTO?

      Yes I tried :(
      Could it be possible, that there is a problem with user rights? I don't know which user openvpn uses in the system or which files are affected. mrml. I will give it another try by tomorrow or the day after, since (guess) I am on the road :(

      Thanks for trying to help me.

      +++

      Well what should I say? I tried it on different browsers and different devices. I emptied the cache, tried it again. I uninstalled the plugin, emptied the cache, removed the certificate directory on the filesystem, reinstalled the plugin configured it (AGAIN), emptied the cache (AGAIN), recreated the certificates (that as never been a problem for me) and guess what! The options are still missing. This now really keeps pissing me off. Please get that prolem sorted, since the openvpn plugin used to work as expected in one of the last versions.

      So to explain it again:
      The only option that is available for Route is "All network traffic". With this option I am not able to access my VPN from anywhere in the world! Why? Even if I don't like this option, why isn't the VPN accessible from the outside?
      This whole thing used to work and I want it to work again. This has to be possible.

      There has to be some config file where the options are stored and that whole markup that belongs to the plugin. Please point me to that, so I can look if the options are even missing there.

      The post was edited 1 time, last by scopeeye ().

    • Re: OpenVPN HOWTO?

      So after whining I digged into the filesystem and found the file /var/www/openmediavault/js/omv/module/admin/openvpn.js
      The .inc files do not seem to be affected by the problem, so I localised it in this js.

      In this file there seems to be the declaration of the Field presets (I am a coder but don't know the OMV-plugin-system).
      Well so and in this file there is only one entry ^^ as you can see below.
      Please post your openvpn.js so I can paste it and hopefully fix the problem for me.

      Source Code

      1. valueField :"netid",
      2. store :new OMV.data.Store({
      3. remoteSort:false,
      4. autoLoad :true,
      5. proxy :new OMV.data.DataProxy({"service":"openvpn", "method":"getNetworks"}),
      6. reader :new Ext.data.JsonReader({
      7. idProperty:"netid",
      8. fields :[
      9. {name:"netid"},
      10. {name:"text"}
      11. ]
      12. }),
      13. listeners :{
      14. load :function (s) {
      15. s.add([
      16. new Ext.data.Record({netid:'all', text:'All network traffic'})
      17. ]);
      18. var p = this.findFormField('vpn-route');
      19. p.fireEvent('select', p);
      20. },
      21. scope:this
      22. }
      23. }),
      Display All


      Please help :)

      The post was edited 1 time, last by scopeeye ().

    • Re: OpenVPN HOWTO?

      here is mine
      my openVPN just works for already existing certificates, I got error trying to generate a new user certificate

      Source Code

      1. /**
      2. * vim: tabstop=4
      3. *
      4. * @license http://www.gnu.org/licenses/gpl.html GPL Version 3
      5. * @author Ian Moore <imooreyahoo@gmail.com>
      6. * @author Marcel Beck <marcel.beck@mbeck.org>
      7. * @copyright Copyright (c) 2011 Ian Moore
      8. * @copyright Copyright (c) 2012 Marcel Beck
      9. *
      10. * This file is free software: you can redistribute it and/or modify
      11. * it under the terms of the GNU General Public License as published by
      12. * the Free Software Foundation, either version 3 of the License, or
      13. * any later version.
      14. *
      15. * This file is distributed in the hope that it will be useful,
      16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
      17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
      18. * GNU General Public License for more details.
      19. *
      20. * You should have received a copy of the GNU General Public License
      21. * along with this file. If not, see <http://www.gnu.org/licenses/>.
      22. *
      23. */
      24. // require("js/omv/Window.js")
      25. // require("js/omv/NavigationPanel.js")
      26. // require("js/omv/data/DataProxy.js")
      27. // require("js/omv/FormPanelExt.js")
      28. // require("js/omv/grid/GridPanel.js")
      29. // require("js/omv/grid/TBarGridPanel.js")
      30. // require("js/omv/CfgObjectDialog.js")
      31. // require("js/omv/form/SharedFolderComboBox.js")
      32. // require("js/omv/form/PasswordField.js")
      33. // require("js/omv/form/plugins/FieldInfo.js")
      34. // require("js/openvpn/wizard.js")
      35. // require("js/omv/module/admin/Logs.js")
      36. // require("js/omv/util/Format.js")
      37. Ext.ns("OMV.Module.Services");
      38. //Register the menu.
      39. OMV.NavigationPanelMgr.registerMenu("services", "openvpn", {
      40. text :_("OpenVPN"),
      41. icon :"images/openvpn.png",
      42. position:1000
      43. });
      44. /**
      45. * @class OMV.Module.Services.OpenVPN
      46. * @derived OMV.FormPanelExt
      47. *
      48. * Main configuration panel. First tab
      49. *
      50. */
      51. OMV.Module.Services.OpenVPN = function (config) {
      52. var initialConfig = {
      53. rpcService:"OpenVPN"
      54. };
      55. Ext.apply(initialConfig, config);
      56. OMV.Module.Services.OpenVPN.superclass.constructor.call(this, initialConfig);
      57. };
      58. Ext.extend(OMV.Module.Services.OpenVPN, OMV.FormPanelExt, {
      59. id :'OMV.Module.Services.OpenVPN',
      60. // Hold loaded data for wizard population
      61. _data:{},
      62. initComponent :function () {
      63. OMV.Module.Services.OpenVPN.superclass.initComponent.apply(this, arguments);
      64. // Update form fields
      65. this.on("load", function (t, r) {
      66. // Hold data for later reference
      67. this._data = r;
      68. var p = this.findFormField('vpn-route');
      69. p.fireEvent('select', p);
      70. // Check for CA items
      71. var fsets = ['general', 'vpnnetwork', 'vpnaccess', 'dhcp'];
      72. var tabs = ['OMV.Module.Services.OpenVPN.Status', 'OMV.Module.Services.OpenVPN.ClientCertsGridPanel' ];
      73. var pid = this.getId();
      74. // Trigger show on this to update various sub-fields
      75. var pkiFrame = Ext.getCmp(pid + '-pki');
      76. pkiFrame.fireEvent('show', pkiFrame);
      77. // No CA or server
      78. if (!r['ca-exists'] || !r['server-cert-exists']) {
      79. for (var i = 0; i < fsets.length; i++) {
      80. Ext.getCmp(pid + '-' + fsets[i]).hide();
      81. }
      82. for (var i = 0; i < tabs.length; i++) {
      83. Ext.getCmp(tabs[i]).disable();
      84. }
      85. // disable OK and Reset buttons
      86. this.setButtonDisabled("ok", true);
      87. this.setButtonDisabled("reset", true);
      88. // Both exist. Ready for configuration
      89. }
      90. else {
      91. for (var i = 0; i < fsets.length; i++) {
      92. Ext.getCmp(pid + '-' + fsets[i]).show();
      93. }
      94. for (var i = 0; i < tabs.length; i++) {
      95. Ext.getCmp(tabs[i]).enable();
      96. }
      97. // enable OK and Reset buttons
      98. this.setButtonDisabled("ok", false);
      99. this.setButtonDisabled("reset", false);
      100. }
      101. }, this);
      102. },
      103. /* Override reset button. Who cares what the original
      104. * form values were.
      105. */
      106. reset :function () {
      107. this.doLoad();
      108. },
      109. /* Overridden to set labels */
      110. setValues :function (values) {
      111. var basicForm = this.getForm();
      112. basicForm.setValues(values);
      113. for (v in values) {
      114. var f = this.find('name', v)[0];
      115. if (f && f.getXType() == 'label') {
      116. f.setText(values[v]);
      117. }
      118. }
      119. return basicForm;
      120. },
      121. /*
      122. * Server certificate wizard
      123. */
      124. cbServerCertWizard:function () {
      125. var pData = this._data;
      126. var caWiz = new OMV.Module.Services.OpenVPNWizard({
      127. title :_('Create Server Certificate Wizard'),
      128. method :'createServerCertificate',
      129. afterSubmit:function () {
      130. Ext.getCmp('OMV.Module.Services.OpenVPN').doLoad();
      131. },
      132. steps :[
      133. {
      134. id :'card-0',
      135. html:'<h1>' + _('Welcome to the Create Server Certificate Wizard!') + '</h1>' +
      136. '<p style="margin-top: 10px">' + _('OpenVPN supports bidirectional authentication based on certificates, meaning that the client must authenticate the server certificate and the server must authenticate the client certificate before mutual trust is established.</p><br /><p>This wizard will guide you through creating the OpenVPN server certificate that will be presented to VPN clients for verification.') + '</p>'
      137. },
      138. {
      139. id :'card-1',
      140. defaults :{ border:false },
      141. listeners:{
      142. show:function (f) {
      143. // Check for existing values in server-cert-commonname
      144. // if not set, use CA values
      145. if (!pData['server-cert-commonname']) {
      146. sData = {};
      147. for (var i in pData) {
      148. // Skip common name and use form default
      149. if (i == 'ca-commonname') {
      150. continue;
      151. }
      152. if (i.indexOf('ca-') === 0) {
      153. sData[i.replace('ca-', 'server-cert-')] = pData[i];
      154. }
      155. }
      156. }
      157. else {
      158. sData = pData;
      159. }
      160. f.findParentByType('form').getForm().setValues(sData);
      161. }
      162. },
      163. items :[
      164. {
      165. html:'<h1>Server Certificate Configuration</h1>' +
      166. '<p style="margin-top: 10px; margin-bottom: 10px">Please enter ' +
      167. 'values below that best describe the OpenVPN server.</p>'
      168. },
      169. {
      170. xtype :'fieldset',
      171. border :true,
      172. title :_('Server Certificate Details'),
      173. defaults:{ allowBlank:false, maxLength:64, xtype:'textfield', anchor:'100%' },
      174. items :[
      175. {
      176. name :'server-cert-commonname',
      177. fieldLabel:_('Common name'),
      178. value :location.host,
      179. allowBlank:false
      180. },
      181. {
      182. xtype :'combo',
      183. name :'server-cert-country',
      184. hiddenName :'server-cert-country',
      185. fieldLabel :'Country',
      186. valueField :'id',
      187. displayField :'text',
      188. emptyText :_("Select a country ..."),
      189. allowBlank :false,
      190. allowNone :false,
      191. width :300,
      192. editable :false,
      193. triggerAction:"all",
      194. store :new OMV.data.Store({
      195. remoteSort:false,
      196. proxy :new OMV.data.DataProxy({"service":"openvpn", "method":"getCountries"}),
      197. reader :new Ext.data.JsonReader({
      198. idProperty:"id",
      199. fields :[
      200. { name:"id" },
      201. { name:"text" }
      202. ]
      203. })
      204. })
      205. },
      206. {
      207. name :'server-cert-province',
      208. fieldLabel:_('Province / State')
      209. },
      210. {
      211. name :'server-cert-city',
      212. fieldLabel:_('City')
      213. },
      214. {
      215. name :'server-cert-org',
      216. fieldLabel:_('Organization')
      217. },
      218. {
      219. name :'server-cert-email',
      220. fieldLabel:_('E-Mail address'),
      221. vtype :"email"
      222. }
      223. ]
      224. }
      225. ]
      226. },
      227. {
      228. id :'card-3',
      229. xtype :'panel',
      230. layout :'form',
      231. defaults :{ border:false},
      232. listeners:{
      233. show:function (f) {
      234. // Set labels
      235. var vals = f.findParentByType('form').getForm().getValues();
      236. for (var v in vals) {
      237. var dFields = f.find('name', v + '-label');
      238. if (dFields[0] && dFields[0].setText) {
      239. dFields[0].setText(vals[v]);
      240. }
      241. }
      242. // Special cases for combo boxes
      243. f.find('name', 'server-cert-country-label')[0].setText(
      244. f.findParentByType('form').find('name', 'server-cert-country')[0]
      245. .getStore().getById(vals['server-cert-country']).get('text')
      246. );
      247. }
      248. },
      249. items :[
      250. {
      251. html:'<h1>Summary</h1>' +
      252. '<p style="margin-top: 10px; margin-bottom: 10px">Clicking Finish below ' +
      253. 'will create a server certificate with the following values:</p>'
      254. },
      255. {
      256. xtype :'fieldset',
      257. border :true,
      258. title :_('Server Certificate Details'),
      259. defaults:{ allowBlank:false, width:220, xtype:'label'},
      260. items :[
      261. {
      262. name :'server-cert-commonname-label',
      263. fieldLabel:_('Common name')
      264. },
      265. {
      266. name :'server-cert-country-label',
      267. fieldLabel:_('Country')
      268. },
      269. {
      270. name :'server-cert-province-label',
      271. fieldLabel:_('Province / State')
      272. },
      273. {
      274. name :'server-cert-city-label',
      275. fieldLabel:_('City')
      276. },
      277. {
      278. name :'server-cert-org-label',
      279. fieldLabel:_('Organization')
      280. },
      281. {
      282. name :'server-cert-email-label',
      283. fieldLabel:_('E-Mail address')
      284. }
      285. ]
      286. }
      287. ]
      288. }
      289. ]
      290. });
      291. caWiz.show();
      292. },
      293. /*
      294. * Cert auth wiz
      295. */
      296. cbCAWizard :function () {
      297. var pData = this._data;
      298. var caWiz = new OMV.Module.Services.OpenVPNWizard({
      299. title :_('Create Certificate Authority Wizard'),
      300. method :'createCa',
      301. afterSubmit:function () {
      302. Ext.getCmp('OMV.Module.Services.OpenVPN').doLoad();
      303. },
      304. steps :[
      305. {
      306. html:'<h1>' + _('Welcome to the Create Certificate Authority Wizard!') + '</h1>' +
      307. '<p style="margin-top: 10px">' + _('This wizard will help you to create a new certificate authority for your OpenVPN service. A certificate authority (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This verifies the identity of the entity presenting its public key. Server and client certificates generated here will be signed by this certificate authority.') + '</p>'
      308. },
      309. {
      310. xtype :'panel',
      311. defaults :{ border:false, autoWidth:false },
      312. listeners:{
      313. show:function (f) {
      314. f.findParentByType('form').getForm().setValues(pData);
      315. }
      316. },
      317. items :[
      318. {
      319. html:'<h1>Certificate Authority Configuration</h1>' +
      320. '<p style="margin-top: 10px; margin-bottom: 10px">Please enter ' +
      321. 'values below that best describe the new certificate authority.</p>'
      322. },
      323. {
      324. xtype :'fieldset',
      325. border :true,
      326. layout :'form',
      327. title :_('Certificate Authority'),
      328. defaults:{ allowBlank:false, maxLength:64, xtype:'textfield', anchor:'100%' },
      329. items :[
      330. {
      331. name :'ca-commonname',
      332. fieldLabel:'Common name',
      333. value :_("OpenVPN certificate authority at") + ' ' + location.host,
      334. allowBlank:false
      335. },
      336. {
      337. xtype :'combo',
      338. name :'ca-country',
      339. hiddenName :'ca-country',
      340. fieldLabel :_('Country'),
      341. valueField :'id',
      342. displayField :'text',
      343. emptyText :_("Select a country ..."),
      344. allowBlank :false,
      345. allowNone :false,
      346. editable :false,
      347. triggerAction:"all",
      348. store :new OMV.data.Store({
      349. remoteSort:false,
      350. proxy :new OMV.data.DataProxy({"service":"openvpn", "method":"getCountries"}),
      351. reader :new Ext.data.JsonReader({
      352. idProperty:"id",
      353. fields :[
      354. { name:"id" },
      355. { name:"text" }
      356. ]
      357. })
      358. })
      359. },
      360. {
      361. name :'ca-province',
      362. fieldLabel:_('Province / State')
      363. },
      364. {
      365. name :'ca-city',
      366. fieldLabel:_('City')
      367. },
      368. {
      369. name :'ca-org',
      370. fieldLabel:_('Organization')
      371. },
      372. {
      373. name :'ca-email',
      374. fieldLabel:_('E-Mail address'),
      375. vtype :"email"
      376. }
      377. ]
      378. }
      379. ]
      380. },
      381. {
      382. xtype :'panel',
      383. layout :'form',
      384. defaults:{ border:false},
      385. items :[
      386. {
      387. html:'<h1>' + _('Key Store Data') + '</h1><p style="margin-top: 10px; margin-bottom: 10px">' +
      388. _('Choose the data volume on which the OpenVPN key store should be located.') + '</p>'
      389. },
      390. {
      391. xtype :"combo",
      392. anchor :'100%',
      393. name :"mntentref",
      394. hiddenName :"mntentref",
      395. hideLabel :true,
      396. emptyText :_("Select a volume ..."),
      397. allowBlank :false,
      398. allowNone :false,
      399. editable :false,
      400. triggerAction:"all",
      401. displayField :"description",
      402. valueField :"uuid",
      403. store :new OMV.data.Store({
      404. remoteSort:false,
      405. proxy :new OMV.data.DataProxy({"service":"ShareMgmt", "method":"getCandidates"}),
      406. reader :new Ext.data.JsonReader({
      407. idProperty:"uuid",
      408. fields :[
      409. { name:"uuid" },
      410. { name:"description" }
      411. ]
      412. })
      413. })
      414. },
      415. {
      416. html:_('Using a data volume with redundancy will ensure that the OpenVPN key store will not be lost in the event of a root drive failure.')
      417. }
      418. ]
      419. },
      420. {
      421. xtype :'panel',
      422. layout :'form',
      423. defaults :{ border:false},
      424. listeners:{
      425. show:function (f) {
      426. // Set labels
      427. var vals = f.findParentByType('form').getForm().getValues();
      428. for (var v in vals) {
      429. var dFields = f.find('name', v + '-label');
      430. if (dFields[0] && dFields[0].setText) {
      431. dFields[0].setText(vals[v]);
      432. }
      433. }
      434. // Special cases for combo boxes
      435. f.find('name', 'ca-country-label')[0].setText(
      436. f.findParentByType('form').find('name', 'ca-country')[0]
      437. .getStore().getById(vals['ca-country']).get('text')
      438. );
      439. f.find('name', 'keystore-datavol')[0].setText(
      440. f.findParentByType('form').find('name', 'mntentref')[0]
      441. .getStore().getById(vals['mntentref']).get('description')
      442. );
      443. }
      444. },
      445. items :[
      446. {
      447. html:'<h1>Summary</h1>' +
      448. '<p style="margin-top: 10px; margin-bottom: 10px">Clicking Finish below ' +
      449. 'will create a new certificate authority with the following values:</p>'
      450. },
      451. {
      452. xtype :'label',
      453. name :'ca-commonname-label',
      454. fieldLabel:_('Common name')
      455. },
      456. {
      457. xtype :'label',
      458. name :'ca-country-label',
      459. fieldLabel:_('Country')
      460. },
      461. {
      462. xtype :'label',
      463. name :'ca-province-label',
      464. fieldLabel:_('Province / State')
      465. },
      466. {
      467. xtype :'label',
      468. name :'ca-city-label',
      469. fieldLabel:_('City')
      470. },
      471. {
      472. xtype :'label',
      473. name :'ca-org-label',
      474. fieldLabel:_('Organization')
      475. },
      476. {
      477. xtype :'label',
      478. name :'ca-email-label',
      479. fieldLabel:_('E-Mail address')
      480. },
      481. {
      482. xtype :'label',
      483. name :'keystore-datavol',
      484. fieldLabel:_('Key store data volume')
      485. }
      486. ]
      487. }
      488. ]
      489. });
      490. caWiz.show();
      491. },
      492. getFormItems:function () {
      493. return [
      494. {
      495. xtype :"fieldset",
      496. title :_("General settings"),
      497. id :this.getId() + '-general',
      498. defaults:{ labelSeparator:"" },
      499. items :[
      500. {
      501. xtype :"checkbox",
      502. name :"enable",
      503. fieldLabel:_("Enable"),
      504. checked :false,
      505. inputValue:1,
      506. listeners :{
      507. scope:this
      508. }
      509. },
      510. {
      511. xtype :"combo",
      512. name :"protocol",
      513. fieldLabel :_("Protocol"),
      514. editable :false,
      515. width :60,
      516. triggerAction:"all",
      517. mode :"local",
      518. store :new Ext.data.SimpleStore({
      519. fields:[ "value", "text" ],
      520. data :[
      521. [ "udp", _("UDP") ],
      522. [ "tcp", _("TCP") ]
      523. ]
      524. }),
      525. displayField :"text",
      526. valueField :"value",
      527. allowBlank :false,
      528. value :"udp",
      529. plugins :[ OMV.form.plugins.FieldInfo ],
      530. infoText :_("OpenVPN is designed to operate optimally over UDP, but TCP capability is provided for situations where UDP cannot be used.")
      531. },
      532. {
      533. xtype :"numberfield",
      534. name :"port",
      535. fieldLabel :_("Port"),
      536. width :60,
      537. vtype :"port",
      538. minValue :0,
      539. maxValue :65535,
      540. allowDecimals:false,
      541. allowNegative:false,
      542. allowBlank :false,
      543. value :1194,
      544. plugins :[ OMV.form.plugins.FieldInfo ],
      545. infoText :_("Port to listen on.")
      546. },
      547. {
      548. xtype :"checkbox",
      549. name :"compression",
      550. fieldLabel:_("Data compression"),
      551. checked :false,
      552. inputValue:1,
      553. plugins :[ OMV.form.plugins.FieldInfo ],
      554. infoText :_("OpenVPN clients must also have this configured in order to connect.")
      555. },
      556. {
      557. xtype :"checkbox",
      558. name :"auth",
      559. fieldLabel:_("Require authentication"),
      560. checked :false,
      561. inputValue:1,
      562. boxLabel :_("In addition to having a valid client certificate, users must authenticate and be a member of the openvpn group."),
      563. plugins :[ OMV.form.plugins.FieldInfo ],
      564. infoText :_("OpenVPN clients must also have this configured in order to connect.")
      565. },
      566. {
      567. xtype :"textfield",
      568. name :"extraoptions",
      569. fieldLabel:_("Extra options"),
      570. allowBlank:true,
      571. autoCreate:{
      572. tag :"textarea",
      573. autocomplete:"off",
      574. rows :"5",
      575. cols :"75"
      576. },
      577. plugins :[ OMV.form.plugins.FieldInfo ],
      578. infoText :_("Extra options for openvpn configuration file.")
      579. },
      580. {
      581. xtype :"combo",
      582. name :"loglevel",
      583. fieldLabel :_("Logging level"),
      584. width :300,
      585. editable :false,
      586. triggerAction:"all",
      587. mode :"local",
      588. value :"2",
      589. store :new Ext.data.SimpleStore({
      590. autoLoad:true,
      591. fields :[ "value", "text" ],
      592. data :[
      593. [ "0", _('No output except fatal errors')],
      594. [ "2", _('Normal usage output') ],
      595. [ "5", _('Log each packet') ],
      596. [ "7", _('Debug') ]
      597. ]
      598. }),
      599. displayField :"text",
      600. valueField :"value",
      601. allowBlank :false
      602. }
      603. ]
      604. },
      605. {
      606. xtype:"fieldset",
      607. title:_("VPN Access"),
      608. id :this.getId() + '-vpnaccess',
      609. items:[
      610. {
      611. html:'<p>' + _('These fields define how OpenVPN will be accessed from the public internet. Enter a public DNS resolvable name or IP address at which this server can be reached in Public Address. The Public Port field is only required if it differs from the Port setting in General Settings.') + '</p><br />'
      612. },
      613. {
      614. xtype :"textfield",
      615. fieldLabel:_("Public Address"),
      616. name :"publicip",
      617. width :220,
      618. allowBlank:false
      619. },
      620. {
      621. xtype :"textfield",
      622. fieldLabel:_("Public Port"),
      623. width :60,
      624. name :"publicport"
      625. }
      626. ]
      627. },
      628. {
      629. xtype:"fieldset",
      630. title:"VPN Network",
      631. id :this.getId() + '-vpnnetwork',
      632. items:[
      633. {
      634. html:_("Your VPN Network Address and Network Mask should define a network in <a href='http://en.wikipedia.org/wiki/Private_network' target=_blank>private address space</a> that is NOT within the same network that you are routing.") + "<br /><br />"
      635. },
      636. {
      637. xtype :"combo",
      638. name :"vpn-route",
      639. fieldLabel :_("Route"),
      640. emptyText :_("Select ..."),
      641. allowBlank :false,
      642. allowNone :false,
      643. width :300,
      644. editable :false,
      645. triggerAction:"all",
      646. displayField :"text",
      647. valueField :"netid",
      648. store :new OMV.data.Store({
      649. remoteSort:false,
      650. autoLoad :true,
      651. proxy :new OMV.data.DataProxy({"service":"openvpn", "method":"getNetworks"}),
      652. reader :new Ext.data.JsonReader({
      653. idProperty:"netid",
      654. fields :[
      655. {name:"netid"},
      656. {name:"text"}
      657. ]
      658. }),
      659. listeners :{
      660. load :function (s) {
      661. s.add([
      662. new Ext.data.Record({netid:'all', text:'All network traffic'})
      663. ]);
      664. var p = this.findFormField('vpn-route');
      665. p.fireEvent('select', p);
      666. },
      667. scope:this
      668. }
      669. }),
      670. listeners :{
      671. select:function (s) {
      672. var t = '';
      673. var val = s.getValue();
      674. switch (val) {
      675. case 'all':
      676. t = _("This will route and NAT all VPN client network traffic through the VPN, including general internet web browsing. In order for DNS to work for VPN clients, you should specify DNS server(s) in the DHCP options section.");
      677. break;
      678. default:
      679. if (val == 'none') {
      680. t = 'No routes will be pushed to VPN clients.';
      681. } else if (val.indexOf('255.255.255.255') > 0) {
      682. var ip = val.substring(0, val.indexOf(' /'));
      683. t = "VPN client traffic destined for " + ip + " will be routed to the OpenMediaVault server";
      684. }
      685. else {
      686. t = _("This will route and NAT VPN client traffic destined for the local network") + ' ' + val;
      687. }
      688. }
      689. Ext.getCmp(this.getId() + "-route-desc").setText(t);
      690. },
      691. scope :this
      692. }
      693. },
      694. {
      695. xtype :"label",
      696. id :this.getId() + '-route-desc',
      697. text :" - ",
      698. fieldLabel:" "
      699. },
      700. {
      701. xtype :"textfield",
      702. fieldLabel:_("Network Address"),
      703. name :"vpn-network",
      704. value :"10.8.0.0",
      705. vtype :"IPv4Net",
      706. allowBlank:false
      707. },
      708. {
      709. xtype :"textfield",
      710. name :"vpn-mask",
      711. fieldLabel:_("Network Mask"),
      712. value :"255.255.255.0",
      713. vtype :"IPv4Net",
      714. allowBlank:false
      715. },
      716. {
      717. xtype :"checkbox",
      718. name :"client-to-client",
      719. checked :false,
      720. inputValue:1,
      721. fieldLabel:" ",
      722. boxLabel :_("Allow client-to-client communication over the VPN")
      723. }
      724. ]
      725. },
      726. {
      727. xtype:"fieldset",
      728. title:"DHCP Options",
      729. id :this.getId() + '-dhcp',
      730. items:[
      731. {
      732. html:"<p>" + _('These fields define DHCP options that will be sent to connecting OpenVPN clients. If you specify DNS or WINS serviers, be sure that they are reachable from the VPN client. Unless you have chosen to route all traffic from your VPN clients, any servers specified here should be in the local network you have chosen to route.') + "</p><br /><p> </p>"
      733. },
      734. {
      735. xtype :"textfield",
      736. fieldLabel:_("DNS server(s)"),
      737. name :"dns",
      738. width :220,
      739. plugins :[ OMV.form.plugins.FieldInfo ],
      740. infoText :_("Separate multiple entries with commas")
      741. },
      742. {
      743. xtype :"textfield",
      744. fieldLabel:_("DNS search domain(s)"),
      745. name :"dns-domains",
      746. width :220,
      747. plugins :[ OMV.form.plugins.FieldInfo ],
      748. infoText :_("Separate multiple entries with commas")
      749. },
      750. {
      751. xtype :"textfield",
      752. fieldLabel:_("WINS server(s)"),
      753. width :220,
      754. name :"wins",
      755. plugins :[ OMV.form.plugins.FieldInfo ],
      756. infoText :_("Separate multiple entries with commas")
      757. }
      758. ]
      759. },
      760. {
      761. xtype :'fieldset',
      762. title :_('OpenVPN Public Key Infrastructure'),
      763. id :this.getId() + '-pki',
      764. listeners:{
      765. // Logic to show / hide fields based on pki and certificate status
      766. show:function (fs) {
      767. if (Ext.getCmp('OMV.Module.Services.OpenVPN')._data['ca-exists']) {
      768. fs.getComponent('ca-no').hide();
      769. fs.getComponent('ca').show();
      770. // check for server cert
      771. if (Ext.getCmp('OMV.Module.Services.OpenVPN')._data['server-cert-exists']) {
      772. fs.getComponent('server-cert-no').hide();
      773. fs.getComponent('server-cert').show();
      774. }
      775. else {
      776. fs.getComponent('server-cert').hide();
      777. fs.getComponent('server-cert-no').show();
      778. }
      779. // No CA, hide server certificate fields
      780. }
      781. else {
      782. fs.getComponent('ca').hide();
      783. fs.getComponent('ca-no').show();
      784. fs.getComponent('server-cert-no').hide();
      785. fs.getComponent('server-cert').hide();
      786. }
      787. }
      788. },
      789. items :[
      790. {
      791. html:'<p>The first step in building an OpenVPN configuration is to establish ' +
      792. 'a PKI (public key infrastructure). The PKI consists of:</p><br />' +
      793. '<p>(*) a separate certificate (also known as a public key) and ' +
      794. 'private key for the server and each client, and<br /><br />(*) a master ' +
      795. 'Certificate Authority (CA) certificate and key which is used to ' +
      796. 'sign each of the server and client certificates.</p><br /><p>' +
      797. 'OpenVPN supports bidirectional authentication based on certificates, ' +
      798. 'meaning that the client must authenticate the server certificate and ' +
      799. 'the server must authenticate the client certificate before mutual ' +
      800. 'trust is established.</p><br /><p>Both server and client ' +
      801. 'will authenticate the ' +
      802. 'other by first verifying that the presented certificate was signed by ' +
      803. 'the master certificate authority (CA), and then by testing information ' +
      804. 'in the now-authenticated certificate header, such as the certificate ' +
      805. 'common name or certificate type (client or server).</p><br />'
      806. },
      807. {
      808. xtype :'fieldset',
      809. title :_('Certificate Authority'),
      810. itemId:'ca-no',
      811. items :[
      812. {
      813. html:'<p>' + _('No certificate authority has been created for OpenVPN. A certificate authority is required to generate server and client certificates. Click the Create Certificate Authority button below to get started.') + '</p>'
      814. },
      815. {
      816. xtype :'button',
      817. style :{ margin:'10px' },
      818. text :_('Create Certificate Authority'),
      819. handler:this.cbCAWizard,
      820. scope :this
      821. }
      822. ]
      823. },
      824. {
      825. xtype :'fieldset',
      826. title :_('Certificate Authority'),
      827. layout :'table',
      828. defaults :{ style:{ marginRight:'20px'}},
      829. layoutConfig:{
      830. // The total column count must be specified here
      831. columns:3
      832. },
      833. itemId :'ca',
      834. items :[
      835. {
      836. html:'<p>A certificate authority has been created for OpenVPN.</p>'
      837. },
      838. {
      839. xtype :'button',
      840. text :_('Download CA Certificate'),
      841. handler:function () {
      842. OMV.Download.request("OpenVPN", "downloadCert", "ca");
      843. }
      844. },
      845. {
      846. xtype :'button',
      847. text :_('Recreate CA'),
      848. handler:function () {
      849. Ext.MessageBox.show({
      850. title :_("Confirmation"),
      851. msg :_("Do you really want to recreate the Certificate Authority for OpenVPN? This will invalidate all existing OpenVPN certificates."),
      852. buttons:Ext.MessageBox.YESNO,
      853. fn :function (answer) {
      854. if (answer == "no") {
      855. return;
      856. }
      857. this.cbCAWizard();
      858. },
      859. scope :this,
      860. icon :Ext.MessageBox.QUESTION
      861. });
      862. },
      863. scope :this
      864. }
      865. ]
      866. },
      867. {
      868. xtype :'fieldset',
      869. title :_('Server Certificate'),
      870. itemId:'server-cert-no',
      871. items :[
      872. {
      873. html:'<p>' + _('No server certificate has been generate for OpenVPN. Click the Generate Server Certificate button below to get started.') + '</p>'
      874. },
      875. {
      876. xtype :'button',
      877. itemId :'createCert',
      878. style :{ margin:'10px' },
      879. text :_('Generate Server Certificate'),
      880. handler:this.cbServerCertWizard,
      881. scope :this
      882. }
      883. ]
      884. },
      885. {
      886. xtype :'fieldset',
      887. title :_('Server Certificate'),
      888. layout :'table',
      889. layoutConfig:{
      890. // The total column count must be specified here
      891. columns:3
      892. },
      893. itemId :'server-cert',
      894. defaults :{ style:{ marginRight:'20px'}},
      895. items :[
      896. {
      897. html:'<p>A server certificate has been generated for OpenVPN.</p>'
      898. },
      899. {
      900. xtype :'button',
      901. text :_('Regenerate Server Certificate'),
      902. handler:function () {
      903. Ext.MessageBox.show({
      904. title :_("Confirmation"),
      905. msg :_("Do you really want to regenerate the Server Certificate for OpenVPN?"),
      906. buttons:Ext.MessageBox.YESNO,
      907. fn :function (answer) {
      908. if (answer == "no") {
      909. return;
      910. }
      911. this.cbServerCertWizard();
      912. },
      913. scope :this,
      914. icon :Ext.MessageBox.QUESTION
      915. });
      916. },
      917. scope :this
      918. }
      919. ]
      920. }
      921. ]
      922. }
      923. ]
      924. }
      925. });
      926. /**
      927. *
      928. * client certificate list panel - second tab
      929. *
      930. */
      931. OMV.Module.Services.OpenVPN.ClientCertsGridPanel = function (config) {
      932. var initialConfig = {
      933. disabled :true,
      934. hideRefresh :false,
      935. hideEdit :false,
      936. hideAdd :true,
      937. hideDelete :true,
      938. hidePagingToolbar:true,
      939. colModel :new Ext.grid.ColumnModel({
      940. columns:[
      941. {
      942. header :_("Common Name"),
      943. sortable :true,
      944. dataIndex:"commonname"
      945. },
      946. {
      947. header :_("Full Name"),
      948. sortable :true,
      949. dataIndex:"name"
      950. },
      951. {
      952. header :_("User"),
      953. sortable :true,
      954. dataIndex:"assocuser"
      955. },
      956. {
      957. header :_("Status"),
      958. sortable :true,
      959. dataIndex:"status",
      960. renderer :function (val, metaData, record) {
      961. // No val?
      962. if (!val) {
      963. return '<span style="color: #f00">Unknown! Could not locate certificate in index.</span>';
      964. }
      965. // Revoked
      966. if (val == 'R') {
      967. return '<span style="color: #f00">Revoked</span>';
      968. }
      969. if (val == 'E' || val == 'V') {
      970. var myDateStr = Date.parseDate('20' + record.get('expires').substring(0, 10), "YmdHi").format('Y-m-d H:i') + ' UTC';
      971. switch (val) {
      972. case 'E':
      973. return '<span style="color: #f00">Expired ' + myDateStr + '</span>';
      974. case 'V':
      975. return 'Valid until ' + myDateStr;
      976. }
      977. }
      978. return '<span style="color: #f00">Unknown status "' + val + '"</span>';
      979. }
      980. }
      981. ]
      982. })
      983. };
      984. Ext.apply(initialConfig, config);
      985. OMV.Module.Services.OpenVPN.ClientCertsGridPanel.superclass.constructor.call(
      986. this, initialConfig);
      987. };
      988. Ext.extend(OMV.Module.Services.OpenVPN.ClientCertsGridPanel, OMV.grid.TBarGridPanel, {
      989. id:'OMV.Module.Services.OpenVPN.ClientCertsGridPanel',
      990. initComponent:function () {
      991. this.store = new OMV.data.Store({
      992. autoLoad :false,
      993. remoteSort:false,
      994. proxy :new OMV.data.DataProxy({"service":"openvpn", "method":"getCerts"}),
      995. reader :new Ext.data.JsonReader({
      996. idProperty :"name",
      997. totalProperty:"total",
      998. root :"data",
      999. fields :[
      1000. { name:"commonname" },
      1001. { name:"name" },
      1002. { name:"status" },
      1003. { name:"expires" },
      1004. { name:'assocuser' },
      1005. { name:'uuid' }
      1006. ]
      1007. }),
      1008. listeners :{
      1009. load :function (s) {
      1010. s.filter('status', new RegExp('^' + Ext.getCmp(this.getId() + '-filter').getValue()), false);
      1011. },
      1012. scope:this
      1013. }
      1014. });
      1015. OMV.Module.Services.OpenVPN.ClientCertsGridPanel.superclass.initComponent.apply(this, arguments);
      1016. },
      1017. // (Re)Load when this tab is shown
      1018. listeners :{
      1019. show:function () {
      1020. this.doLoad();
      1021. }
      1022. },
      1023. initToolbar :function () {
      1024. var tbar = OMV.Module.Services.OpenVPN.ClientCertsGridPanel.superclass.initToolbar.apply(this);
      1025. tbar.insert(0, {
      1026. id :this.getId() + "-new",
      1027. xtype :"button",
      1028. text :_("New"),
      1029. icon :"images/add.png",
      1030. handler:this.cbAddBtnHndl.createDelegate(this)
      1031. });
      1032. tbar.insert(4, {
      1033. id :this.getId() + "-config",
      1034. xtype :"button",
      1035. text :_("Generate Config"),
      1036. icon :"images/config.png",
      1037. disabled:true,
      1038. handler :this.cbGenBtnHndl.createDelegate(this)
      1039. });
      1040. tbar.insert(5, {
      1041. id :this.getId() + "-revoke",
      1042. xtype :"button",
      1043. text :_("Revoke"),
      1044. icon :"images/delete.png",
      1045. disabled:true,
      1046. handler :this.cbRevokeBtnHndl.createDelegate(this)
      1047. });
      1048. tbar.insert(10, {xtype:'tbseparator'});
      1049. tbar.insert(21, {xtype:'tbspacer', width:20 });
      1050. tbar.insert(15, {
      1051. xtype:"label",
      1052. text :"Show: "
      1053. })
      1054. tbar.insert(16, {xtype:'tbspacer', width:5 });
      1055. tbar.insert(18, {
      1056. xtype :"combo",
      1057. id :this.getId() + '-filter',
      1058. name :"statusfilter",
      1059. editable :false,
      1060. width :200,
      1061. autoWidth :false,
      1062. triggerAction:"all",
      1063. mode :"local",
      1064. store :new Ext.data.SimpleStore({
      1065. fields:[ "value", "text" ],
      1066. data :[
      1067. [ ".", _("All") ],
      1068. [ "V", _("Valid") ],
      1069. [ "E", _("Expired") ],
      1070. [ "R", _("Revoked") ]
      1071. ]
      1072. }),
      1073. displayField :"text",
      1074. valueField :"value",
      1075. value :"V",
      1076. listeners :{
      1077. select:function (s) {
      1078. this.getStore().filter('status', new RegExp('^' + s.getValue()), false);
      1079. },
      1080. scope :this
      1081. }
      1082. });
      1083. return tbar;
      1084. },
      1085. // Add certificate
      1086. cbAddBtnHndl :function () {
      1087. // Get min, max, and default date strings
      1088. var minDate = new Date();
      1089. minDate.setDate(minDate.getDate() + 1);
      1090. var maxDate = new Date();
      1091. maxDate.setDate(maxDate.getDate() + 3650); // 10 years-ish
      1092. var defDate = new Date();
      1093. defDate.setDate(defDate.getDate() + 1825); // 5 years-ish
      1094. var caWiz = new OMV.Module.Services.OpenVPNWizard({
      1095. title :_('Client Certificate Wizard'),
      1096. height :360,
      1097. width :550,
      1098. method :'createClientCertificate',
      1099. afterSubmit:function () {
      1100. Ext.getCmp('OMV.Module.Services.OpenVPN.ClientCertsGridPanel').doLoad();
      1101. },
      1102. listeners :{
      1103. show:function () {
      1104. var pData = Ext.getCmp('OMV.Module.Services.OpenVPN')._data;
      1105. var sData = {};
      1106. for (var i in pData) {
      1107. // Skip common name and use form default
      1108. if (i == 'server-cert-commonname' || i == 'server-cert-email') {
      1109. continue;
      1110. }
      1111. if (i.indexOf('server-cert-') === 0) {
      1112. sData[i.replace('server-cert-', 'client-cert-')] = pData[i];
      1113. }
      1114. }
      1115. this.findByType('form')[0].getForm().setValues(sData);
      1116. }
      1117. },
      1118. steps :[
      1119. {
      1120. html:'<h1>' + _('Welcome to the Client Certificate Wizard!') + '</h1>' +
      1121. '<p style="margin-top: 10px">' + _('OpenVPN supports bidirectional authentication based on certificates, meaning that the client must authenticate the server certificate and the server must authenticate the client certificate before mutual trust is established.</p><br /><p>This wizard will guide you through creating the OpenVPN client certificate that will be presented to the OpenVPN server for verification.') + '</p>'
      1122. },
      1123. {
      1124. xtype :'panel',
      1125. layout :'form',
      1126. defaults:{ border:false },
      1127. items :[
      1128. {
      1129. html:'<h1>' + _('User Association') + '</h1>' +
      1130. '<p style="margin-top: 10px">' + _('Though not required, client certificates may be associated with an OpenMediaVault user so that they can download their OpenVPN certificate and generated OpenVPN configuration directly from OpenMediaVault.</p><br /><p>If you would like to assiciate this certificate with a particular user, specify the the account below.') + '</p><br /><p> </p>'
      1131. },
      1132. {
      1133. xtype :'panel',
      1134. layout:'fit',
      1135. items :[
      1136. {
      1137. xtype :'combo',
      1138. name :'client-cert-assocuser',
      1139. id :'client-cert-assocuser',
      1140. hiddenName :'client-cert-assocuser',
      1141. hideLabel :true,
      1142. valueField :'name',
      1143. displayField :'name',
      1144. emptyText :_("Select a user ..."),
      1145. allowBlank :true,
      1146. allowNone :true,
      1147. editable :false,
      1148. autoWidth :false,
      1149. value :'',
      1150. triggerAction:"all",
      1151. listeners :{
      1152. select:function () {
      1153. var pForm = this.findParentByType('form');
      1154. // Set values based on user selection?
      1155. var user = pForm.findById('client-cert-assocuser');
      1156. user = user.getStore().getById(user.getValue());
      1157. if (user && user.get('uuid') != '') {
      1158. pForm.find('name', 'client-cert-commonname')[0].setValue(user.get('name'));
      1159. pForm.find('name', 'client-cert-email')[0].setValue(user.get('email'));
      1160. }
      1161. }
      1162. },
      1163. store :new OMV.data.Store({
      1164. autoLoad :true,
      1165. remoteSort:false,
      1166. proxy :new OMV.data.DataProxy({"service":"UserMgmt", "method":"getUserList"}),
      1167. reader :new Ext.data.JsonReader({
      1168. idProperty :"name",
      1169. totalProperty:"total",
      1170. root :"data",
      1171. fields :[
      1172. { name:"name" },
      1173. { name:"email" }
      1174. ]
      1175. }),
      1176. listeners :{
      1177. load:function () {
      1178. this.insert(0, [
      1179. new Ext.data.Record({uuid:'', name:'(none)', email:''})
      1180. ]);
      1181. }
      1182. }
      1183. })
      1184. }
      1185. ]
      1186. }
      1187. ]
      1188. },
      1189. {
      1190. xtype :'panel',
      1191. defaults:{ border:false },
      1192. items :[
      1193. {
      1194. html:'<h1>' + _('Client Certificate Configuration') + '</h1>' +
      1195. '<p style="margin-top: 10px; margin-bottom: 10px">' + _('Please enter values below that best describe the new OpenVPN client. These values must be unique within the OpenVPN key store. You may want to include the current date in the certificate\'s Common Name to avoid conflicts.') + '</p>'
      1196. },
      1197. {
      1198. xtype :'fieldset',
      1199. border :true,
      1200. title :_('Client Certificate Details'),
      1201. bodyStyle:'padding:5px',
      1202. style :'padding-top:0px; padding-bottom: 0px;',
      1203. layout :'form',
      1204. defaults :{ allowBlank:false, maxLength:64, xtype:'textfield', anchor:'100%' },
      1205. items :[
      1206. {
      1207. name :'client-cert-commonname',
      1208. fieldLabel:'Common name',
      1209. value :'',
      1210. allowBlank:false
      1211. },
      1212. {
      1213. xtype :'combo',
      1214. name :'client-cert-country',
      1215. hiddenName :'client-cert-country',
      1216. fieldLabel :_('Country'),
      1217. valueField :'id',
      1218. displayField :'text',
      1219. emptyText :_("Select a country ..."),
      1220. allowBlank :false,
      1221. allowNone :false,
      1222. editable :false,
      1223. triggerAction:"all",
      1224. store :new OMV.data.Store({
      1225. remoteSort:false,
      1226. proxy :new OMV.data.DataProxy({"service":"openvpn", "method":"getCountries"}),
      1227. reader :new Ext.data.JsonReader({
      1228. idProperty:"id",
      1229. fields :[
      1230. { name:"id" },
      1231. { name:"text" }
      1232. ]
      1233. })
      1234. })
      1235. },
      1236. {
      1237. name :'client-cert-province',
      1238. fieldLabel:_('Province / State')
      1239. },
      1240. {
      1241. name :'client-cert-city',
      1242. fieldLabel:_('City')
      1243. },
      1244. {
      1245. name :'client-cert-org',
      1246. fieldLabel:_('Organization')
      1247. },
      1248. {
      1249. name :'client-cert-email',
      1250. fieldLabel:_('E-Mail address'),
      1251. vtype :"email"
      1252. },
      1253. {
      1254. xtype :'datefield',
      1255. fieldLabel:_('Expires'),
      1256. allowBlank:false,
      1257. width :'auto',
      1258. autoWidth :true,
      1259. editable :false,
      1260. name :'client-cert-date',
      1261. value :defDate,
      1262. minValue :minDate,
      1263. maxValue :maxDate
      1264. }
      1265. ]
      1266. }
      1267. ]
      1268. },
      1269. {
      1270. xtype :'panel',
      1271. layout :'form',
      1272. defaults :{ border:false},
      1273. listeners:{
      1274. show:function (f) {
      1275. // Set labels
      1276. var vals = f.findParentByType('form').getForm().getValues();
      1277. for (var v in vals) {
      1278. var dFields = f.find('name', v + '-label');
      1279. if (dFields[0] && dFields[0].setText) {
      1280. dFields[0].setText(vals[v]);
      1281. }
      1282. }
      1283. // Special cases for combo boxes
      1284. f.find('name', 'client-cert-country-label')[0].setText(
      1285. f.findParentByType('form').find('name', 'client-cert-country')[0]
      1286. .getStore().getById(vals['client-cert-country']).get('text')
      1287. );
      1288. var text = '(none)';
      1289. var user = f.findParentByType('form').find('name', 'client-cert-assocuser')[0].getStore().getById(vals['client-cert-assocuser']);
      1290. if (user) {
      1291. text = user.get('name');
      1292. }
      1293. f.find('name', 'client-cert-assocuser-label')[0].setText(text);
      1294. // Set expire days
      1295. var today = new Date();
      1296. var certDate = new Date(vals['client-cert-date']);
      1297. // Convert to seconds
      1298. today = Math.floor(today.getTime() / 1000);
      1299. certDate = Math.floor(certDate.getTime() / 1000);
      1300. // Strip down to days
      1301. today -= (today % 86400);
      1302. certDate -= (certDate % 86400);
      1303. f.find('name', 'client-cert-expire')[0].setValue(
      1304. String(Math.floor((certDate - today) / 86400))
      1305. );
      1306. }
      1307. },
      1308. items :[
      1309. {
      1310. html:'<h1>Summary</h1>' +
      1311. '<p style="margin-top: 10px; margin-bottom: 10px">Clicking Finish below ' +
      1312. 'will create a client certificate with the following values:</p>'
      1313. },
      1314. {
      1315. xtype :'fieldset',
      1316. border :true,
      1317. title :_('Client Certificate Details'),
      1318. bodyStyle:'padding:5px',
      1319. style :'padding-top:0px; padding-bottom: 0px;',
      1320. defaults :{ allowBlank:false, xtype:'label'},
      1321. items :[
      1322. {
      1323. name :'client-cert-assocuser-label',
      1324. fieldLabel:_('Associated User')
      1325. },
      1326. {
      1327. name :'client-cert-commonname-label',
      1328. fieldLabel:_('Common name')
      1329. },
      1330. {
      1331. name :'client-cert-country-label',
      1332. fieldLabel:_('Country')
      1333. },
      1334. {
      1335. name :'client-cert-province-label',
      1336. fieldLabel:_('Province / State')
      1337. },
      1338. {
      1339. name :'client-cert-city-label',
      1340. fieldLabel:_('City')
      1341. },
      1342. {
      1343. name :'client-cert-org-label',
      1344. fieldLabel:_('Organization')
      1345. },
      1346. {
      1347. name :'client-cert-email-label',
      1348. fieldLabel:_('E-Mail address')
      1349. },
      1350. {
      1351. name :'client-cert-date-label',
      1352. fieldLabel:_('Expires')
      1353. },
      1354. {
      1355. name :'client-cert-expire',
      1356. xtype:'hidden'
      1357. }
      1358. ]
      1359. }
      1360. ]
      1361. }
      1362. ]
      1363. });
      1364. caWiz.show();
      1365. },
      1366. // Update buttons on selection change
      1367. cbSelectionChangeHdl:function (model) {
      1368. var pWin = this;
      1369. var records = model.getSelections();
      1370. var buttons = ["config", "edit", "revoke"];
      1371. var enableButtons = true;
      1372. // Only one record selected and
      1373. // must be a valid cert
      1374. if (records.length != 1 || records[0].get('status') != 'V') {
      1375. enableButtons = false;
      1376. }
      1377. Ext.each(buttons, function (button) {
      1378. var b = pWin.getTopToolbar().findById(pWin.getId() + "-" + button);
      1379. if (enableButtons) {
      1380. b.enable();
      1381. }
      1382. else {
      1383. b.disable();
      1384. }
      1385. });
      1386. },
      1387. // Edit Certificate entry
      1388. cbEditBtnHdl :function () {
      1389. var record = this.getSelectionModel().getSelected();
      1390. if (!record || record.get('status') != 'V') {
      1391. return;
      1392. }
      1393. var win = new OMV.CfgObjectDialog({
      1394. title :_("Edit Client Certificate"),
      1395. uuid :record.get('uuid'),
      1396. rpcService :"OpenVPN",
      1397. rpcSetMethod:"setClientCertificate",
      1398. rpcGetMethod:"getClientCertificate",
      1399. width :500,
      1400. height :300,
      1401. listeners :{
      1402. submit:function () {
      1403. this.doReload();
      1404. },
      1405. scope :this
      1406. },
      1407. getFormItems:function () {
      1408. return [
      1409. {
      1410. html:_('<p style="font-style: italic">NOTE: Once a certificate has been generated, it cannot be altered. You may still, however, make changes to the OpenMediaVault user association below.</p><br /><p>Though not required, client certificates may be associated with an OpenMediaVault user so that they can download their OpenVPN certificate and generated OpenVPN configuration directly from OpenMediaVault.</p><br /><p>If you would like to assiciate this certificate with a particular user, specify the the account below.</p><br /><p> </p>')
      1411. },
      1412. {
      1413. xtype :'combo',
      1414. name :'client-cert-assocuser',
      1415. id :'client-cert-assocuser',
      1416. hiddenName :'client-cert-assocuser',
      1417. hideLabel :true,
      1418. valueField :'name',
      1419. displayField :'name',
      1420. emptyText :_("Select a user ..."),
      1421. allowBlank :true,
      1422. allowNone :true,
      1423. width :400,
      1424. editable :false,
      1425. value :'',
      1426. triggerAction:"all",
      1427. store :new OMV.data.Store({
      1428. autoLoad :true,
      1429. remoteSort:false,
      1430. proxy :new OMV.data.DataProxy({"service":"UserMgmt", "method":"getUserList"}),
      1431. reader :new Ext.data.JsonReader({
      1432. idProperty :"name",
      1433. totalProperty:"total",
      1434. root :"data",
      1435. fields :[
      1436. { name:"name" }
      1437. ]
      1438. }),
      1439. listeners :{
      1440. load:function () {
      1441. this.insert(0, [
      1442. new Ext.data.Record({name:'(none)'})
      1443. ]);
      1444. }
      1445. }
      1446. })
      1447. }
      1448. ]
      1449. }
      1450. });
      1451. win.show();
      1452. },
      1453. // Generate configuration
      1454. cbGenBtnHndl :function () {
      1455. var record = this.getSelectionModel().getSelected();
      1456. if (!record || record.get('status') != 'V') {
      1457. return;
      1458. }
      1459. var uuid = record.get('uuid');
      1460. OMV.Module.Services.OpenVPNConfigWizard(uuid);
      1461. },
      1462. // Delete client certificate
      1463. cbRevokeBtnHndl :function () {
      1464. var records = this.getSelectionModel().getSelections();
      1465. if (records.length != 1) {
      1466. return;
      1467. }
      1468. if (records[0].get('status') != 'V') {
      1469. return;
      1470. }
      1471. Ext.MessageBox.show({
      1472. title :"Confirmation",
      1473. msg :_("Are you sure you want to revoke the selected certificate? This action cannot be undone."),
      1474. buttons:Ext.MessageBox.YESNO,
      1475. fn :function (answer) {
      1476. if (answer == "no") {
      1477. return;
      1478. }
      1479. OMV.MessageBox.wait(null, _("Revoking certificate..."));
      1480. OMV.Ajax.request(function (id, response, error) {
      1481. OMV.MessageBox.updateProgress(1);
      1482. OMV.MessageBox.hide();
      1483. if (error === null) {
      1484. Ext.getCmp('OMV.Module.Services.OpenVPN.ClientCertsGridPanel').doLoad();
      1485. OMV.MessageBox.info(null, _('The certificate has been revoked. If the client to whom this certificate belonged is currently connected, you can wait for the client to renegotiate the SSL/TLS connection (by default once per hour), or restart the OpenVPN server from the Status tab to immediately disconnect the client.'));
      1486. }
      1487. else {
      1488. OMV.MessageBox.error(null, error);
      1489. }
      1490. }, this, "openvpn", "revokeCertificate", {uuid:records[0].get("uuid") });
      1491. },
      1492. scope :this,
      1493. icon :Ext.MessageBox.QUESTION
      1494. });
      1495. }
      1496. });
      1497. OMV.Module.Services.OpenVPN.Status = function (config) {
      1498. var initialConfig = {
      1499. disabled:true,
      1500. layout :{
      1501. type :'vbox',
      1502. align:'stretch',
      1503. pack :'start'
      1504. },
      1505. defaults:{
      1506. flex :1,
      1507. viewConfig:{ forceFit:true }
      1508. },
      1509. items :[
      1510. {
      1511. xtype :'grid',
      1512. title :_('Client List'),
      1513. id :'OMV.Module.Services.OpenVPN.Status-gridclients',
      1514. loadMask:true,
      1515. flex :1,
      1516. store :new OMV.data.Store({
      1517. autoLoad :false,
      1518. remoteSort:false,
      1519. proxy :new OMV.data.DataProxy({"service":"openvpn", "method":"getStats"}),
      1520. reader :new Ext.data.JsonReader({
      1521. totalProperty:"total",
      1522. root :"clients",
      1523. fields :[
      1524. { name:"common-name" },
      1525. { name:"full-name" },
      1526. { name:"index" },
      1527. { name:"status" }
      1528. ]
      1529. })
      1530. }),
      1531. columns:[
      1532. {
      1533. header :_("Common Name"),
      1534. sortable :true,
      1535. dataIndex:"common-name"
      1536. },
      1537. {
      1538. header :_("Real Address"),
      1539. sortable :true,
      1540. dataIndex:"real-address"
      1541. },
      1542. {
      1543. header :_("Bytes Received"),
      1544. sortable :true,
      1545. dataIndex:"bytes-received",
      1546. renderer :function (val) {
      1547. val = String(Number(val).binaryConvert('B', 'MiB'));
      1548. if (val.indexOf('.') > 0) {
      1549. val = val.substr(0, val.indexOf('.') + 3);
      1550. }
      1551. return val + ' MiB';
      1552. }
      1553. },
      1554. {
      1555. header :"Bytes Sent",
      1556. sortable :true,
      1557. dataIndex:"bytes-sent",
      1558. renderer :function (val) {
      1559. val = String(Number(val).binaryConvert('B', 'MiB'));
      1560. if (val.indexOf('.') > 0) {
      1561. val = val.substr(0, val.indexOf('.') + 3);
      1562. }
      1563. return val + ' MiB';
      1564. }
      1565. }
      1566. ]
      1567. },
      1568. {
      1569. xtype :'grid',
      1570. title :_('Routing Table'),
      1571. id :'OMV.Module.Services.OpenVPN.Status-gridrouting',
      1572. flex :1,
      1573. loadMask:true,
      1574. store :new OMV.data.Store({
      1575. autoLoad :false,
      1576. remoteSort:false,
      1577. proxy :null,
      1578. reader :new Ext.data.JsonReader({
      1579. totalProperty:"total",
      1580. root :"routing",
      1581. fields :[
      1582. { name:"common-name" },
      1583. { name:"full-name" },
      1584. { name:"index" },
      1585. { name:"status" }
      1586. ]
      1587. })
      1588. }),
      1589. columns:[
      1590. {
      1591. header :_("Virtual Address"),
      1592. sortable :true,
      1593. dataIndex:"virtual-address"
      1594. },
      1595. {
      1596. header :_("Common Name"),
      1597. sortable :true,
      1598. dataIndex:"common-name"
      1599. },
      1600. {
      1601. header :_("Real Address"),
      1602. sortable :true,
      1603. dataIndex:"real-address"
      1604. }
      1605. ]
      1606. }
      1607. ]
      1608. };
      1609. Ext.apply(initialConfig, config);
      1610. OMV.Module.Services.OpenVPN.Status.superclass.constructor.call(
      1611. this, initialConfig);
      1612. };
      1613. Ext.extend(OMV.Module.Services.OpenVPN.Status, Ext.Panel, {
      1614. id:'OMV.Module.Services.OpenVPN.Status',
      1615. initComponent:function () {
      1616. OMV.Module.Services.OpenVPN.Status.superclass.initComponent.apply(this, arguments);
      1617. },
      1618. tbar :[
      1619. {
      1620. xtype :"button",
      1621. text :_("Refresh"),
      1622. icon :"images/reload.png",
      1623. handler:function (b) {
      1624. b.ownerCt.ownerCt.masterStore.reload();
      1625. }
      1626. },
      1627. {
      1628. xtype:'tbseparator'
      1629. },
      1630. {
      1631. xtype :"button",
      1632. text :_("Restart"),
      1633. icon :"images/run.png",
      1634. handler:function (btn) {
      1635. Ext.MessageBox.show({
      1636. title :_("Confirmation"),
      1637. msg :_("Are you sure you want to restart OpenVPN? This will flush all client connections."),
      1638. buttons:Ext.MessageBox.YESNO,
      1639. fn :function (answer) {
      1640. if (answer == "no") {
      1641. return;
      1642. }
      1643. OMV.MessageBox.wait(null, _("Restarting OpenVPN ..."));
      1644. OMV.Ajax.request(function (id, response, error) {
      1645. OMV.MessageBox.hide();
      1646. if (error) {
      1647. OMV.MessageBox.error(null, error);
      1648. }
      1649. btn.ownerCt.ownerCt.masterStore.reload();
      1650. }, this, "openvpn", "restartOpenVPN");
      1651. },
      1652. scope :this,
      1653. icon :Ext.MessageBox.QUESTION
      1654. });
      1655. }
      1656. }
      1657. ],
      1658. // There is probably a MUCH better way to do this.
      1659. masterStore:new OMV.data.Store({
      1660. autoLoad :false,
      1661. remoteSort:false,
      1662. proxy :new OMV.data.DataProxy({"service":"openvpn", "method":"getStats"}),
      1663. reader :new Ext.data.JsonReader({
      1664. totalProperty:"total",
      1665. root :"stats",
      1666. fields :[
      1667. { name:"total" },
      1668. { name:"rows" }
      1669. ]
      1670. }),
      1671. listeners :{
      1672. beforeload:function () {
      1673. Ext.each([Ext.getCmp('OMV.Module.Services.OpenVPN.Status-gridclients').loadMask,
      1674. Ext.getCmp('OMV.Module.Services.OpenVPN.Status-gridrouting').loadMask], function (lm) {
      1675. if (Ext.isObject(lm)) {
      1676. lm.show();
      1677. }
      1678. });
      1679. },
      1680. load:function (s, records) {
      1681. Ext.each([Ext.getCmp('OMV.Module.Services.OpenVPN.Status-gridclients'),
      1682. Ext.getCmp('OMV.Module.Services.OpenVPN.Status-gridrouting')], function (pgrid, a) {
      1683. var cstore = pgrid.getStore();
      1684. cstore.removeAll();
      1685. for (var b = 0; b < records[a]['data']['rows'].length; b++) {
      1686. cstore.add([
      1687. new Ext.data.Record(records[a]['data']['rows'][b])
      1688. ]);
      1689. }
      1690. if (Ext.isObject(pgrid.loadMask)) {
      1691. pgrid.loadMask.hide();
      1692. }
      1693. });
      1694. }
      1695. }
      1696. }),
      1697. listeners:{
      1698. show:function (p) {
      1699. p.masterStore.reload();
      1700. }
      1701. }
      1702. });
      1703. // Register our panels with OMV.NavigationPanelMgr
      1704. OMV.NavigationPanelMgr.registerPanel("services", "openvpn", {
      1705. cls :OMV.Module.Services.OpenVPN,
      1706. position:100,
      1707. title :_("Settings")
      1708. });
      1709. OMV.NavigationPanelMgr.registerPanel("services", "openvpn", {
      1710. cls :OMV.Module.Services.OpenVPN.ClientCertsGridPanel,
      1711. position:200,
      1712. title :_("Client Certificates")
      1713. });
      1714. OMV.NavigationPanelMgr.registerPanel("services", "openvpn", {
      1715. cls :OMV.Module.Services.OpenVPN.Status,
      1716. position:300,
      1717. title :_("Status")
      1718. });
      1719. /**
      1720. * @class OMV.Module.Diagnostics.LogPlugin.OpenVPN
      1721. * @derived OMV.Module.Diagnostics.LogPlugin
      1722. * Class that implements the 'OpenVPN' log file diagnostics plugin
      1723. */
      1724. OMV.Module.Diagnostics.LogPlugin.OpenVPN = function (config) {
      1725. var initialConfig = {
      1726. title :_("OpenVPN"),
      1727. stateId :"c9d06952-00da-11e1-aa29-openvpn",
      1728. columns :[
      1729. {
      1730. header :_("Date & Time"),
      1731. sortable :true,
      1732. dataIndex:"date",
      1733. id :"date",
      1734. width :20,
      1735. renderer :OMV.util.Format.localeTimeRenderer()
      1736. },
      1737. {
      1738. header :_("Event"),
      1739. sortable :true,
      1740. dataIndex:"event",
      1741. id :"event"
      1742. }
      1743. ],
      1744. rpcArgs :{ "id":"openvpn" },
      1745. rpcFields:[
      1746. { name:"date" },
      1747. { name:"event" }
      1748. ]
      1749. };
      1750. Ext.apply(initialConfig, config);
      1751. OMV.Module.Diagnostics.LogPlugin.OpenVPN.superclass.constructor.call(this, initialConfig);
      1752. };
      1753. Ext.extend(OMV.Module.Diagnostics.LogPlugin.OpenVPN, OMV.Module.Diagnostics.LogPlugin, {});
      1754. OMV.preg("log", "openvpn", OMV.Module.Diagnostics.LogPlugin.OpenVPN);
      Display All
    • Re: OpenVPN HOWTO?

      OK :(
      There is no difference :(

      I am using OMV x64.
      This is really wierd :( Why is that "All network traffic" option in that file and none of the other ones. I really do not get how this plugin is working. Where did the Plugin get the options in former, when it worked?

      Hopefully this gets sorted soon. It is really kind of depressing.
    • Users Online 1

      1 Guest