From a6b4b0b8a4ceb1d00e74a5cdbba7f0903082c1bb Mon Sep 17 00:00:00 2001 From: Ycarus Date: Thu, 2 Jul 2020 18:12:31 +0200 Subject: [PATCH] OpenVPN cipher can be changed --- omr-admin.py | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/omr-admin.py b/omr-admin.py index 3121667..fb74eec 100755 --- a/omr-admin.py +++ b/omr-admin.py @@ -1020,11 +1020,14 @@ async def config(userid: Optional[int] = Query(None),current_user: User = Depend else: openvpn_client_ca = '' openvpn_port = '65301' + openvpn_cipher = 'AES-256-CBC' if os.path.isfile('/etc/openvpn/openvpn-tun0.conf'): with open('/etc/openvpn/openvpn-tun0.conf', "r") as openvpn_file: for line in openvpn_file: if 'port ' in line: openvpn_port = line.replace(line[:5], '').rstrip() + if 'cipher ' in line: + openvpn_cipher = line.replace(line[:7], '').rstrip() openvpn_host_ip = '10.255.252.1' #openvpn_client_ip = '10.255.252.2' openvpn_client_ip = 'dhcp' @@ -1183,7 +1186,7 @@ async def config(userid: Optional[int] = Query(None),current_user: User = Depend if '#DNAT net vpn:$OMR_ADDR tcp 1-64999' in line: shorewall_redirect = "disable" LOG.debug('Get config: done') - return {'vps': {'kernel': vps_kernel, 'machine': vps_machine, 'omr_version': vps_omr_version, 'loadavg': vps_loadavg, 'uptime': vps_uptime, 'aes': vps_aes}, 'shadowsocks': {'traffic': ss_traffic, 'key': shadowsocks_key, 'port': shadowsocks_port, 'method': shadowsocks_method, 'fast_open': shadowsocks_fast_open, 'reuse_port': shadowsocks_reuse_port, 'no_delay': shadowsocks_no_delay, 'mptcp': shadowsocks_mptcp, 'ebpf': shadowsocks_ebpf, 'obfs': shadowsocks_obfs, 'obfs_plugin': shadowsocks_obfs_plugin, 'obfs_type': shadowsocks_obfs_type}, 'glorytun': {'key': glorytun_key, 'udp': {'host_ip': glorytun_udp_host_ip, 'client_ip': glorytun_udp_client_ip}, 'tcp': {'host_ip': glorytun_tcp_host_ip, 'client_ip': glorytun_tcp_client_ip}, 'port': glorytun_port, 'chacha': glorytun_chacha}, 'dsvpn': {'key': dsvpn_key, 'host_ip': dsvpn_host_ip, 'client_ip': dsvpn_client_ip, 'port': dsvpn_port}, 'openvpn': {'key': openvpn_key, 'client_key': openvpn_client_key, 'client_crt': openvpn_client_crt, 'client_ca': openvpn_client_ca, 'host_ip': openvpn_host_ip, 'client_ip': openvpn_client_ip, 'port': openvpn_port}, 'mlvpn': {'key': mlvpn_key, 'host_ip': mlvpn_host_ip, 'client_ip': mlvpn_client_ip}, 'shorewall': {'redirect_ports': shorewall_redirect}, 'mptcp': {'enabled': mptcp_enabled, 'checksum': mptcp_checksum, 'path_manager': mptcp_path_manager, 'scheduler': mptcp_scheduler, 'syn_retries': mptcp_syn_retries}, 'network': {'congestion_control': congestion_control, 'ipv6_network': ipv6_network, 'ipv6': ipv6_addr, 'ipv4': ipv4_addr, 'domain': vps_domain, 'internet': internet}, 'vpn': {'available': available_vpn, 'current': vpn, 'remoteip': vpn_remote_ip, 'localip': vpn_local_ip, 'rx': vpn_traffic_rx, 'tx': vpn_traffic_tx}, 'iperf': {'user': 'openmptcprouter', 'password': 'openmptcprouter', 'key': iperf3_key}, 'pihole': {'state': pihole}, 'user': {'name': username, 'permission': user_permissions}, 'ip6in4': {'localip': localip6, 'remoteip': remoteip6, 'ula': ula}, 'client2client': {'enabled': client2client, 'lanips': alllanips}, 'gre_tunnel': {'enabled': gre_tunnel, 'config': gre_tunnel_conf}} + return {'vps': {'kernel': vps_kernel, 'machine': vps_machine, 'omr_version': vps_omr_version, 'loadavg': vps_loadavg, 'uptime': vps_uptime, 'aes': vps_aes}, 'shadowsocks': {'traffic': ss_traffic, 'key': shadowsocks_key, 'port': shadowsocks_port, 'method': shadowsocks_method, 'fast_open': shadowsocks_fast_open, 'reuse_port': shadowsocks_reuse_port, 'no_delay': shadowsocks_no_delay, 'mptcp': shadowsocks_mptcp, 'ebpf': shadowsocks_ebpf, 'obfs': shadowsocks_obfs, 'obfs_plugin': shadowsocks_obfs_plugin, 'obfs_type': shadowsocks_obfs_type}, 'glorytun': {'key': glorytun_key, 'udp': {'host_ip': glorytun_udp_host_ip, 'client_ip': glorytun_udp_client_ip}, 'tcp': {'host_ip': glorytun_tcp_host_ip, 'client_ip': glorytun_tcp_client_ip}, 'port': glorytun_port, 'chacha': glorytun_chacha}, 'dsvpn': {'key': dsvpn_key, 'host_ip': dsvpn_host_ip, 'client_ip': dsvpn_client_ip, 'port': dsvpn_port}, 'openvpn': {'key': openvpn_key, 'client_key': openvpn_client_key, 'client_crt': openvpn_client_crt, 'client_ca': openvpn_client_ca, 'host_ip': openvpn_host_ip, 'client_ip': openvpn_client_ip, 'port': openvpn_port, 'cipher': openvpn_cipher}, 'mlvpn': {'key': mlvpn_key, 'host_ip': mlvpn_host_ip, 'client_ip': mlvpn_client_ip}, 'shorewall': {'redirect_ports': shorewall_redirect}, 'mptcp': {'enabled': mptcp_enabled, 'checksum': mptcp_checksum, 'path_manager': mptcp_path_manager, 'scheduler': mptcp_scheduler, 'syn_retries': mptcp_syn_retries}, 'network': {'congestion_control': congestion_control, 'ipv6_network': ipv6_network, 'ipv6': ipv6_addr, 'ipv4': ipv4_addr, 'domain': vps_domain, 'internet': internet}, 'vpn': {'available': available_vpn, 'current': vpn, 'remoteip': vpn_remote_ip, 'localip': vpn_local_ip, 'rx': vpn_traffic_rx, 'tx': vpn_traffic_tx}, 'iperf': {'user': 'openmptcprouter', 'password': 'openmptcprouter', 'key': iperf3_key}, 'pihole': {'state': pihole}, 'user': {'name': username, 'permission': user_permissions}, 'ip6in4': {'localip': localip6, 'remoteip': remoteip6, 'ula': ula}, 'client2client': {'enabled': client2client, 'lanips': alllanips}, 'gre_tunnel': {'enabled': gre_tunnel, 'config': gre_tunnel_conf}} # Set shadowsocks config class ShadowsocksConfigparams(BaseModel): @@ -1620,23 +1623,32 @@ def dsvpn(*, params: DSVPN, current_user: User = Depends(get_current_user)): # Set OpenVPN config class OpenVPN(BaseModel): - key: str + port: int = 65301 + cipher: str = "AES-256-CBC" @app.post('/openvpn', summary="Modify OpenVPN TCP configuration") -def openvpn(*, ovpn: OpenVPN, current_user: User = Depends(get_current_user)): +def openvpn(*, params: OpenVPN, current_user: User = Depends(get_current_user)): if current_user.permissions == "ro": set_lastchange(10) return {'result': 'permission', 'reason': 'Read only user', 'route': 'openvpn'} - key = ovpn.key - if not key: - return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'openvpn'} - initial_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/server/static.key', 'rb'))).hexdigest() - with open('/etc/openvpn/server/static.key', 'w') as outfile: - outfile.write(base64.b64decode(key)) - final_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/server/static.key', 'rb'))).hexdigest() + initial_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0', 'rb'))).hexdigest() + fd, tmpfile = mkstemp() + with open('/etc/openvpn/tun0', 'r') as f, open(tmpfile, 'a+') as n: + for line in f: + if 'cipher ' in line: + n.write('cipher ' + params.cipher + '\n') + elif 'port ' in line: + n.write('port ' + str(params.port) + '\n') + else: + n.write(line) + os.close(fd) + move(tmpfile, '/etc/openvpn/tun0') + final_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0', 'rb'))).hexdigest() + if not initial_md5 == final_md5: os.system("systemctl -q restart openvpn@tun0") - set_lastchange() + shorewall_add_port(current_user, str(port), 'tcp', 'openvpn') + set_lastchange() return {'result': 'done'} class Wanips(BaseModel):