6 var callGetCertificateFiles = rpc.declare({
7 object: 'luci.openconnect',
8 method: 'getCertificates',
9 params: [ 'interface' ],
13 var callSetCertificateFiles = rpc.declare({
14 object: 'luci.openconnect',
15 method: 'setCertificates',
16 params: [ 'interface', 'user_certificate', 'user_privatekey', 'ca_certificate' ],
20 network.registerPatternVirtual(/^vpn-.+$/);
22 function sanitizeCert(s) {
23 if (typeof(s) != 'string')
31 s = s.replace(/\r\n?/g, '\n');
39 function validateCert(priv, section_id, value) {
40 var beg = priv ? /^-----BEGIN RSA PRIVATE KEY-----$/ : /^-----BEGIN CERTIFICATE-----$/,
41 end = priv ? /^-----END RSA PRIVATE KEY-----$/ : /^-----END CERTIFICATE-----$/,
42 lines = value.trim().split(/[\r\n]/),
46 for (i = 0; i < lines.length; i++) {
47 if (lines[i].match(beg))
49 else if (start && !lines[i].match(/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/))
53 if (!start || i < lines.length - 1 || !lines[i].match(end))
54 return _('This does not look like a valid PEM file');
59 return network.registerProtocol('openconnect', {
61 return _('OpenConnect (CISCO AnyConnect)');
64 getIfname: function() {
65 return this._ubus('l3_device') || 'vpn-%s'.format(this.sid);
68 getOpkgPackage: function() {
72 isFloating: function() {
76 isVirtual: function() {
80 getDevices: function() {
84 containsDevice: function(ifname) {
85 return (network.getIfnameOf(ifname) == this.getIfname());
88 renderFormOptions: function(s) {
89 var dev = this.getDevice().getName(),
90 certLoadPromise = null,
93 o = s.taboption('general', form.Value, 'server', _('VPN Server'));
94 o.datatype = 'host(0)';
96 o = s.taboption('general', form.Value, 'port', _('VPN Server port'));
97 o.placeholder = '443';
100 s.taboption('general', form.Value, 'serverhash', _("VPN Server's certificate SHA1 hash"));
101 s.taboption('general', form.Value, 'authgroup', _('Auth Group'));
102 s.taboption("general", form.Value, "username", _("Username"));
104 o = s.taboption('general', form.Value, 'password', _('Password'));
107 o = s.taboption('general', form.Value, 'password2', _('Password2'));
110 o = s.taboption('general', form.TextValue, 'usercert', _('User certificate (PEM encoded)'));
113 o.validate = L.bind(validateCert, o, false);
114 o.load = function(section_id) {
115 certLoadPromise = certLoadPromise || callGetCertificateFiles(section_id);
116 return certLoadPromise.then(function(certs) { return certs.user_certificate });
118 o.write = function(section_id, value) {
119 return callSetCertificateFiles(section_id, sanitizeCert(value), null, null);
122 o = s.taboption('general', form.TextValue, 'userkey', _('User key (PEM encoded)'));
125 o.validate = L.bind(validateCert, o, true);
126 o.load = function(section_id) {
127 certLoadPromise = certLoadPromise || callGetCertificateFiles(section_id);
128 return certLoadPromise.then(function(certs) { return certs.user_privatekey });
130 o.write = function(section_id, value) {
131 return callSetCertificateFiles(section_id, null, sanitizeCert(value), null);
134 o = s.taboption('general', form.TextValue, 'ca', _('CA certificate; if empty it will be saved after the first connection.'));
137 o.validate = L.bind(validateCert, o, false);
138 o.load = function(section_id) {
139 certLoadPromise = certLoadPromise || callGetCertificateFiles(section_id);
140 return certLoadPromise.then(function(certs) { return certs.ca_certificate });
142 o.write = function(section_id, value) {
143 return callSetCertificateFiles(section_id, null, null, sanitizeCert(value));
146 o = s.taboption('advanced', form.Flag, 'defaultroute', _('Default gateway'), _('If unchecked, no default route is configured'));
147 o.default = o.enabled;
149 o = s.taboption('advanced', form.Value, 'metric', _('Use gateway metric'));
151 o.datatype = 'uinteger';
152 o.depends('defaultroute', '1');
154 o = s.taboption('advanced', form.Value, 'mtu', _('Override MTU'));
156 o.placeholder = 1406;
157 o.datatype = 'range(68, 9200)';