diff options
Diffstat (limited to 'scripts/vyos-openvpn-remoteconfig.pl')
| -rw-r--r-- | scripts/vyos-openvpn-remoteconfig.pl | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/scripts/vyos-openvpn-remoteconfig.pl b/scripts/vyos-openvpn-remoteconfig.pl new file mode 100644 index 0000000..1777d08 --- /dev/null +++ b/scripts/vyos-openvpn-remoteconfig.pl @@ -0,0 +1,122 @@ +#!/usr/bin/perl +# +# Copyright (C) 2017 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +use lib "/opt/vyatta/share/perl5/"; +use Vyatta::Config; + +use warnings; +use strict; + +sub auth_warning +{ + print("NOTE: authentication options are deliberately left out,\n"); + print("since we cannot know file paths on a remote system\n\n"); +} + +my $config = new Vyatta::Config; + +my $intf = $ARGV[0]; +if(!defined($intf)) +{ + print("OpenVPN interface is not specified!\n"); + exit(1); +} + +my $remote = $ARGV[1]; +if(!defined($remote)) +{ + print("Remote side platform is not specified!\n"); + exit(1); +} + +if(!$config->exists("interfaces openvpn $intf")) +{ + print("OpenVPN interface $intf does not exist!\n"); + exit(1); +} + +$config->setLevel("interfaces openvpn $intf"); + +my $mode = $config->returnValue('mode'); + +my $localhost = $config->returnValue("local-host"); +my $localport = $config->returnValue("local-port"); +my $remotehost = $config->returnValue("remote-host"); +my $remoteaddr = $config->returnValue("remote-address"); +my $remoteport = $config->returnValue("remote-port"); +my $cipher = $config->returnValue("encryption"); +my $hash = $config->returnValue("hash"); +my $protocol = $config->returnValue("protocol"); +my $persist = $config->exists("persistent-tunnel"); +my $tlsrole = $config->returnValue("tls role"); +my $devtype = $config->returnValue("device-type"); +my @options = $config->returnValues("openvpn-option"); + +# local-addr is a tag node... +# Let's limit it to only the first address for now, +# since remote-address is limited to only one address anyway! +my @localaddrs = $config->listNodes('local-address'); +my $localaddr = undef; +if(@localaddrs) { + $localaddr = $localaddrs[0]; +} + +if($mode eq 'client') +{ + print("It is impossible to produce a complete server config from a client config!\n"); + exit(1); +} +elsif($mode eq 'site-to-site') +{ + if($remote eq 'vyos') + { + auth_warning; + + print("edit interfaces openvpn $intf\n"); + print("set mode site-to-site\n"); + print("set device-type $devtype\n") if defined($devtype); + print("set remote-host $localhost\n") if defined($localhost); + print("set remote-address $localaddr\n") if defined($localaddr); + print("set remote-port $localport\n") if defined($localport); + print("set local-host $remotehost\n") if defined($remotehost); + print("set local-address $remoteaddr\n") if defined($remoteaddr); + print("set local-port $remoteport\n") if defined($remoteport); + print("set protocol $protocol\n") if defined($protocol); + print("set encryption $cipher\n") if defined($cipher); + print("set hash $hash\n") if defined($hash); + + for my $o (@options) { print("set openvpn-option \"$o\"\n"); } + + print "tls role passive\n" if (defined($tlsrole) && ($tlsrole eq 'active')); + print "tls role active\n" if (defined($tlsrole) && ($tlsrole eq 'passive')); + print("top\n"); + } +} +elsif($mode eq 'server') +{ + if($remote eq 'vyos') + { + auth_warning; + + print("edit interfaces openvpn $intf\n"); + print("set mode client"); + print("set device-type $devtype\n") if defined($devtype); + print("set remote-host $localhost\n") if defined($localhost); + print("set remote-port $localport\n") if defined($localport); + print("set protocol $protocol\n") if defined($protocol); + print("top\n"); + } +} |