addfix

2025-03-09 15:40:03 +00:00 · 2023-01-18 20:37:29 +08:00 · 2023-01-18 20:37:29 +08:00 · 8e11c19dc0
commit 8e11c19dc0
parent 2bb0dca0e2
43 changed files with 2004 additions and 0 deletions
--- a/luci-app-ipsec-server/luasrc/controller/ipsec-server.lua
+++ b/luci-app-ipsec-server/luasrc/controller/ipsec-server.lua
@ -0,0 +1,24 @@
+-- Copyright 2018-2020 Lienol <lawlienol@gmail.com>
+module("luci.controller.ipsec-server", package.seeall)
+
+function index()
+	if not nixio.fs.access("/etc/config/luci-app-ipsec-server") then
+		return
+	end
+
+	entry({"admin", "vpn"}, firstchild(), "VPN", 45).dependent = false
+	entry({"admin", "vpn", "ipsec-server"}, alias("admin", "vpn", "ipsec-server", "settings"), _("IPSec VPN Server"), 49).dependent = false
+	entry({"admin", "vpn", "ipsec-server", "settings"}, cbi("ipsec-server/settings"), _("General Settings"), 10).leaf = true
+	entry({"admin", "vpn", "ipsec-server", "users"}, cbi("ipsec-server/users"), _("Users Manager"), 20).leaf = true
+	entry({"admin", "vpn", "ipsec-server", "l2tp_user"}, cbi("ipsec-server/l2tp_user")).leaf = true
+	entry({"admin", "vpn", "ipsec-server", "online"}, cbi("ipsec-server/online"), _("L2TP Online Users"), 30).leaf = true
+	entry({"admin", "vpn", "ipsec-server", "status"}, call("act_status")).leaf = true
+end
+
+function act_status()
+	local e = {}
+	e["ipsec_status"] = luci.sys.call("/usr/bin/pgrep ipsec >/dev/null") == 0
+	e["l2tp_status"] = luci.sys.call("top -bn1 | grep -v grep | grep '/var/etc/xl2tpd' >/dev/null") == 0
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
--- a/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/l2tp_user.lua
+++ b/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/l2tp_user.lua
@ -0,0 +1,35 @@
+local d = require "luci.dispatcher"
+local sys = require "luci.sys"
+
+m = Map("luci-app-ipsec-server", "L2TP/IPSec PSK " .. translate("Users Manager"))
+m.redirect = d.build_url("admin", "vpn", "ipsec-server", "users")
+
+if sys.call("command -v xl2tpd > /dev/null") == 0 then
+	s = m:section(NamedSection, arg[1], "l2tp_users", "")
+	s.addremove = false
+	s.anonymous = true
+
+	o = s:option(Flag, "enabled", translate("Enabled"))
+	o.default = 1
+	o.rmempty = false
+
+	o = s:option(Value, "username", translate("Username"))
+	o.placeholder = translate("Username")
+	o.rmempty = false
+
+	o = s:option(Value, "password", translate("Password"))
+	o.placeholder = translate("Password")
+	o.rmempty = false
+
+	o = s:option(Value, "ipaddress", translate("IP address"))
+	o.placeholder = translate("Automatically")
+	o.datatype = "ip4addr"
+	o.rmempty = true
+
+	o = s:option(DynamicList, "routes", translate("Static Routes"))
+	o.placeholder = "192.168.10.0/24"
+	o.datatype = "ipmask4"
+	o.rmempty = true
+end
+
+return m
--- a/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/online.lua
+++ b/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/online.lua
@ -0,0 +1,83 @@
+local o = require "luci.dispatcher"
+local fs = require "nixio.fs"
+local jsonc = require "luci.jsonc"
+
+local sessions = {}
+local session_path = "/var/etc/xl2tpd/session"
+if fs.access(session_path) then
+	for filename in fs.dir(session_path) do
+		local session_file = session_path .. "/" .. filename
+		local file = io.open(session_file, "r")
+		local t = jsonc.parse(file:read("*a"))
+		if t then
+			t.session_file = session_file
+			sessions[#sessions + 1] = t
+		end
+		file:close()
+	end
+end
+
+local blacklist = {}
+local firewall_user_path = "/etc/firewall.user"
+if fs.access(firewall_user_path) then
+	for line in io.lines(firewall_user_path) do
+		local m = line:match('xl2tpd%-blacklist%-([^\n]+)')
+		if m then
+			local t = {}
+			t.ip = m
+			blacklist[#blacklist + 1] = t
+		end
+	end
+end
+
+f = SimpleForm("processes")
+f.reset = false
+f.submit = false
+
+t = f:section(Table, sessions, translate("L2TP Online Users"))
+t:option(DummyValue, "username", translate("Username"))
+t:option(DummyValue, "interface", translate("Interface"))
+t:option(DummyValue, "ip", translate("Client IP"))
+t:option(DummyValue, "remote_ip", translate("IP address"))
+t:option(DummyValue, "login_time", translate("Login Time"))
+
+_blacklist = t:option(Button, "_blacklist", translate("Blacklist"))
+function _blacklist.render(e, t, a)
+	e.title = translate("Add to Blacklist")
+	e.inputstyle = "remove"
+	Button.render(e, t, a)
+end
+function _blacklist.write(t, s)
+	local e = t.map:get(s, "remote_ip")
+	luci.util.execi("echo 'iptables -I INPUT -s %s -p udp -m multiport --dports 500,4500,1701 -j DROP ## xl2tpd-blacklist-%s' >> /etc/firewall.user" % {e, e})
+	luci.util.execi("iptables -I INPUT -s %s -p udp -m multiport --dports 500,4500,1701 -j DROP" % {e})
+	luci.util.execi("rm -f " .. t.map:get(s, "session_file"))
+	null, t.tag_error[s] = luci.sys.process.signal(t.map:get(s, "pid"), 9)
+	luci.http.redirect(o.build_url("admin/vpn/ipsec-server/online"))
+end
+
+_kill = t:option(Button, "_kill", translate("Forced offline"))
+_kill.inputstyle = "remove"
+function _kill.write(t, s)
+	luci.util.execi("rm -f " .. t.map:get(s, "session_file"))
+	null, t.tag_error[t] = luci.sys.process.signal(t.map:get(s, "pid"), 9)
+	luci.http.redirect(o.build_url("admin/vpn/ipsec-server/online"))
+end
+
+t = f:section(Table, blacklist, translate("Blacklist"))
+t:option(DummyValue, "ip", translate("IP address"))
+
+_blacklist2 = t:option(Button, "_blacklist2", translate("Blacklist"))
+function _blacklist2.render(e, t, a)
+	e.title = translate("Remove from Blacklist")
+	e.inputstyle = "apply"
+	Button.render(e, t, a)
+end
+function _blacklist2.write(t, s)
+	local e = t.map:get(s, "ip")
+	luci.util.execi("sed -i -e '/## xl2tpd-blacklist-%s/d' /etc/firewall.user" % {e})
+	luci.util.execi("iptables -D INPUT -s %s -p udp -m multiport --dports 500,4500,1701 -j DROP" % {e})
+	luci.http.redirect(o.build_url("admin/vpn/ipsec-server/online"))
+end
+
+return f
--- a/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/settings.lua
+++ b/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/settings.lua
@ -0,0 +1,64 @@
+local sys = require "luci.sys"
+
+m = Map("luci-app-ipsec-server", translate("IPSec VPN Server"))
+m.template = "ipsec-server/ipsec-server_status"
+
+s = m:section(TypedSection, "service")
+s.anonymous = true
+
+o = s:option(DummyValue, "ipsec-server_status", translate("Current Condition"))
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+	return '<font class="ipsec-server_status"></font>'
+end
+
+enabled = s:option(Flag, "enabled", translate("Enable"))
+enabled.description = translate("Use a client that supports IPSec Xauth PSK (iOS or Android) to connect to this server.")
+enabled.default = 0
+enabled.rmempty = false
+
+clientip = s:option(Value, "clientip", translate("VPN Client IP"))
+clientip.description = translate("VPN Client reserved started IP addresses with the same subnet mask, such as: 192.168.100.10/24")
+clientip.datatype = "ip4addr"
+clientip.optional = false
+clientip.rmempty = false
+
+secret = s:option(Value, "secret", translate("Secret Pre-Shared Key"))
+secret.password = true
+
+if sys.call("command -v xl2tpd > /dev/null") == 0 then
+	o = s:option(DummyValue, "l2tp_status", "L2TP " .. translate("Current Condition"))
+	o.rawhtml = true
+	o.cfgvalue = function(t, n)
+		return '<font class="l2tp_status"></font>'
+	end
+
+	o = s:option(Flag, "l2tp_enable", "L2TP " .. translate("Enable"))
+	o.description = translate("Use a client that supports L2TP over IPSec PSK to connect to this server.")
+	o.default = 0
+	o.rmempty = false
+
+	o = s:option(Value, "l2tp_localip", "L2TP " .. translate("Server IP"))
+	o.description = translate("VPN Server IP address, such as: 192.168.101.1")
+	o.datatype = "ip4addr"
+	o.rmempty = true
+	o.default = "192.168.101.1"
+	o.placeholder = o.default
+
+	o = s:option(Value, "l2tp_remoteip", "L2TP " .. translate("Client IP"))
+	o.description = translate("VPN Client IP address range, such as: 192.168.101.10-20")
+	o.rmempty = true
+	o.default = "192.168.101.10-20"
+	o.placeholder = o.default
+
+	if sys.call("ls -L /usr/lib/ipsec/libipsec* 2>/dev/null >/dev/null") == 0 then 
+		o = s:option(DummyValue, "_o", " ")
+		o.rawhtml = true
+		o.cfgvalue = function(t, n)
+			return string.format('<a style="color: red">%s</a>', translate("L2TP/IPSec is not compatible with kernel-libipsec, which will disable this module."))
+		end
+		o:depends("l2tp_enable", true)
+	end
+end
+
+return m
--- a/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/users.lua
+++ b/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/users.lua
@ -0,0 +1,54 @@
+local d = require "luci.dispatcher"
+local sys = require "luci.sys"
+
+m = Map("luci-app-ipsec-server")
+
+s = m:section(TypedSection, "ipsec_users", "IPSec Xauth PSK " .. translate("Users Manager"))
+s.description = translate("Use a client that supports IPSec Xauth PSK (iOS or Android) to connect to this server.")
+s.addremove = true
+s.anonymous = true
+s.template = "cbi/tblsection"
+
+o = s:option(Flag, "enabled", translate("Enabled"))
+o.default = 1
+o.rmempty = false
+
+o = s:option(Value, "username", translate("Username"))
+o.placeholder = translate("Username")
+o.rmempty = false
+
+o = s:option(Value, "password", translate("Password"))
+o.placeholder = translate("Password")
+o.rmempty = false
+
+if sys.call("command -v xl2tpd > /dev/null") == 0 then
+	s = m:section(TypedSection, "l2tp_users", "L2TP/IPSec PSK " .. translate("Users Manager"))
+	s.description = translate("Use a client that supports L2TP over IPSec PSK to connect to this server.")
+	s.addremove = true
+	s.anonymous = true
+	s.template = "cbi/tblsection"
+	s.extedit = d.build_url("admin", "vpn", "ipsec-server", "l2tp_user", "%s")
+	function s.create(e, t)
+		t = TypedSection.create(e, t)
+		luci.http.redirect(e.extedit:format(t))
+    end
+
+	o = s:option(Flag, "enabled", translate("Enabled"))
+	o.default = 1
+	o.rmempty = false
+
+	o = s:option(Value, "username", translate("Username"))
+	o.placeholder = translate("Username")
+	o.rmempty = false
+
+	o = s:option(Value, "password", translate("Password"))
+	o.placeholder = translate("Password")
+	o.rmempty = false
+
+	o = s:option(Value, "ipaddress", translate("IP address"))
+	o.placeholder = translate("Automatically")
+	o.datatype = "ip4addr"
+	o.rmempty = true
+end
+
+return m
--- a/luci-app-ipsec-server/luasrc/view/ipsec-server/ipsec-server_status.htm
+++ b/luci-app-ipsec-server/luasrc/view/ipsec-server/ipsec-server_status.htm
@ -0,0 +1,21 @@
+<% include("cbi/map") %>
+<script type="text/javascript">//<![CDATA[
+	XHR.poll(2, '<%=luci.dispatcher.build_url("admin", "vpn", "ipsec-server", "status")%>', null,
+		function(x, result)
+		{
+			var ipsec_status = document.getElementsByClassName('ipsec-server_status')[0];
+			if (ipsec_status) {
+				ipsec_status.setAttribute("style","font-weight:bold;");
+				ipsec_status.setAttribute("color",result.ipsec_status ? "green":"red");
+				ipsec_status.innerHTML = result.ipsec_status?'<%=translate("RUNNING")%>':'<%=translate("NOT RUNNING")%>';
+			}
+			var l2tp_status = document.getElementsByClassName('l2tp_status')[0];
+			if (l2tp_status) {
+				l2tp_status.setAttribute("style","font-weight:bold;");
+				l2tp_status.setAttribute("color",result.l2tp_status ? "green":"red");
+				l2tp_status.innerHTML = result.l2tp_status?'<%=translate("RUNNING")%>':'<%=translate("NOT RUNNING")%>';
+			}
+		}
+	)
+//]]>
+</script>