You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
151 lines
3.5 KiB
Python
151 lines
3.5 KiB
Python
import json
|
|
import uuid
|
|
from django.utils.translation import gettext as _
|
|
from django.conf import settings
|
|
|
|
|
|
CA_CERT = settings.OPENVPN_CA
|
|
|
|
CONFIG_OS = (
|
|
("windows", _("Windows")),
|
|
("android", _("Android")),
|
|
("ubuntu", _("Ubuntu")),
|
|
("osx", _("OS X")),
|
|
("ios", _("iOS")),
|
|
("chromeos", _("Chrome OS")),
|
|
("freebox", _("Freebox")),
|
|
("other", _("Other / GNU/Linux")),
|
|
)
|
|
|
|
PROTOCOLS = (
|
|
("udp", _("UDP (default)")),
|
|
("tcp", _("TCP")),
|
|
("udpl", _("UDP (low MTU)")),
|
|
)
|
|
|
|
|
|
def _make_onc(username, name, hostname, port, protocol, http_proxy=None, ipv6=True):
|
|
cert_id = "{%s}" % uuid.uuid4()
|
|
vpn_id = "{%s}" % uuid.uuid4()
|
|
|
|
openvpn_config = {
|
|
"ServerCARef": cert_id,
|
|
"ClientCertType": "None",
|
|
"CompLZO": "true",
|
|
"Port": port,
|
|
"Proto": protocol,
|
|
"ServerPollTimeout": 10,
|
|
"NsCertType": "server",
|
|
"Username": username,
|
|
}
|
|
cert = {
|
|
"GUID": cert_id,
|
|
"Type": "Authority",
|
|
"X509": CA_CERT.strip(),
|
|
}
|
|
vpn = {
|
|
"GUID": vpn_id,
|
|
"Name": name,
|
|
"Type": "VPN",
|
|
"VPN": {
|
|
"Type": "OpenVPN",
|
|
"Host": hostname,
|
|
"OpenVPN": openvpn_config,
|
|
},
|
|
}
|
|
|
|
return json.dumps(
|
|
{
|
|
"type": "UnencryptedConfiguration",
|
|
"Certificates": [cert],
|
|
"NetworkConfigurations": [vpn],
|
|
},
|
|
indent=2,
|
|
)
|
|
|
|
|
|
def make_config(username, gw_name, os, protocol, http_proxy=None, ipv6=True):
|
|
|
|
use_frag = protocol == "udpl" and os != "ios"
|
|
ipv6 = ipv6 and (os != "freebox")
|
|
http_proxy = http_proxy if protocol == "tcp" else None
|
|
resolvconf = os in ("ubuntu", "other")
|
|
|
|
openvpn_proto = {"udp": "udp", "udpl": "udp", "tcp": "tcp"}
|
|
openvpn_ports = {"udp": 1196, "udpl": 1194, "tcp": 443}
|
|
|
|
hostname = "gw.%s.204vpn.net" % gw_name
|
|
port = openvpn_ports[protocol]
|
|
proto = openvpn_proto[protocol]
|
|
|
|
if os == "chromeos":
|
|
name = "CCrypto VPN"
|
|
if gw_name != "random":
|
|
name += " " + gw_name.upper()
|
|
return _make_onc(username, name, hostname, port, proto, http_proxy, ipv6)
|
|
|
|
remote = str(hostname)
|
|
remote += " " + str(port)
|
|
remote += " " + proto
|
|
|
|
config = """\
|
|
# +----------------------------+
|
|
# | Cognitive Cryptography VPN |
|
|
# | https://vpn.ccrypto.org/ |
|
|
# +----------------------------+
|
|
|
|
verb 4
|
|
client
|
|
tls-client
|
|
script-security 2
|
|
remote-cert-tls server
|
|
dev tun
|
|
nobind
|
|
persist-key
|
|
persist-tun
|
|
comp-lzo yes
|
|
|
|
remote {remote}
|
|
|
|
auth-user-pass
|
|
|
|
""".format(
|
|
remote=remote
|
|
)
|
|
|
|
if os == "ios":
|
|
# i'd like to note here how much i hate OpenVPN
|
|
config += "redirect-gateway ipv6\n"
|
|
config += 'push "route 0.0.0.0 128.0.0.0"\n'
|
|
config += 'push "route 128.0.0.0 128.0.0.0"\n'
|
|
else:
|
|
config += "redirect-gateway def1\n"
|
|
if ipv6:
|
|
config += "tun-ipv6\n"
|
|
config += "route-ipv6 2000::/3\n"
|
|
config += "\n"
|
|
|
|
if use_frag:
|
|
config += "fragment 1300\n"
|
|
config += "mssfix 1300\n"
|
|
config += "\n"
|
|
|
|
if http_proxy:
|
|
config += "http-proxy %s\n\n" % http_proxy
|
|
|
|
if resolvconf:
|
|
config += "up /etc/openvpn/update-resolv-conf\n"
|
|
config += "down /etc/openvpn/update-resolv-conf\n"
|
|
config += "\n"
|
|
|
|
if os == "windows":
|
|
config += "register-dns\n"
|
|
config += "\n"
|
|
|
|
config += "<ca>\n%s\n</ca>" % CA_CERT
|
|
|
|
if os == "windows":
|
|
config = config.replace("\n", "\r\n")
|
|
|
|
return config
|