6 var callGetCertificateFiles = rpc.declare({
7 object: 'luci.openconnect',
8 method: 'getCertificates',
9 params: [ 'interface' ],
13 var callSetCertificateFiles = rpc.declare({
14 object: 'luci.openconnect',
15 method: 'setCertificates',
16 params: [ 'interface', 'user_certificate', 'user_privatekey', 'ca_certificate' ],
20 network.registerPatternVirtual(/^vpn-.+$/);
22 function sanitizeCert(s) {
23 if (typeof(s) != 'string')
31 s = s.replace(/\r\n?/g, '\n');
39 function validateCert(priv, section_id, value) {
40 var beg = priv ? /^-----BEGIN RSA PRIVATE KEY-----$/ : /^-----BEGIN CERTIFICATE-----$/,
41 end = priv ? /^-----END RSA PRIVATE KEY-----$/ : /^-----END CERTIFICATE-----$/,
42 lines = value.trim().split(/[\r\n]/),
46 if (value === null || value === '')
49 for (i = 0; i < lines.length; i++) {
50 if (lines[i].match(beg))
52 else if (start && !lines[i].match(/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/))
56 if (!start || i < lines.length - 1 || !lines[i].match(end))
57 return _('This does not look like a valid PEM file');
62 return network.registerProtocol('openconnect', {
64 return _('OpenConnect (CISCO AnyConnect)');
67 getIfname: function() {
68 return this._ubus('l3_device') || 'vpn-%s'.format(this.sid);
71 getOpkgPackage: function() {
75 isFloating: function() {
79 isVirtual: function() {
83 getDevices: function() {
87 containsDevice: function(ifname) {
88 return (network.getIfnameOf(ifname) == this.getIfname());
91 renderFormOptions: function(s) {
92 var dev = this.getDevice().getName(),
93 certLoadPromise = null,
96 o = s.taboption('general', form.Value, 'server', _('VPN Server'));
97 o.datatype = 'host(0)';
99 o = s.taboption('general', form.Value, 'port', _('VPN Server port'));
100 o.placeholder = '443';
103 s.taboption('general', form.Value, 'serverhash', _("VPN Server's certificate SHA1 hash"));
104 s.taboption('general', form.Value, 'authgroup', _('Auth Group'));
105 s.taboption('general', form.Value, 'usergroup', _('User Group'));
106 s.taboption("general", form.Value, "username", _("Username"));
108 o = s.taboption('general', form.Value, 'password', _('Password'));
111 o = s.taboption('general', form.Value, 'password2', _('Password2'));
114 o = s.taboption('general', form.TextValue, 'usercert', _('User certificate (PEM encoded)'));
117 o.validate = L.bind(validateCert, o, false);
118 o.load = function(section_id) {
119 certLoadPromise = certLoadPromise || callGetCertificateFiles(section_id);
120 return certLoadPromise.then(function(certs) { return certs.user_certificate });
122 o.write = function(section_id, value) {
123 return callSetCertificateFiles(section_id, sanitizeCert(value), null, null);
126 o = s.taboption('general', form.TextValue, 'userkey', _('User key (PEM encoded)'));
129 o.validate = L.bind(validateCert, o, true);
130 o.load = function(section_id) {
131 certLoadPromise = certLoadPromise || callGetCertificateFiles(section_id);
132 return certLoadPromise.then(function(certs) { return certs.user_privatekey });
134 o.write = function(section_id, value) {
135 return callSetCertificateFiles(section_id, null, sanitizeCert(value), null);
138 o = s.taboption('general', form.TextValue, 'ca', _('CA certificate; if empty it will be saved after the first connection.'));
141 o.validate = L.bind(validateCert, o, false);
142 o.load = function(section_id) {
143 certLoadPromise = certLoadPromise || callGetCertificateFiles(section_id);
144 return certLoadPromise.then(function(certs) { return certs.ca_certificate });
146 o.write = function(section_id, value) {
147 return callSetCertificateFiles(section_id, null, null, sanitizeCert(value));
150 o = s.taboption('advanced', form.Flag, 'defaultroute', _('Default gateway'), _('If unchecked, no default route is configured'));
151 o.default = o.enabled;
153 o = s.taboption('advanced', form.Value, 'metric', _('Use gateway metric'));
155 o.datatype = 'uinteger';
156 o.depends('defaultroute', '1');
158 o = s.taboption('advanced', form.Value, 'mtu', _('Override MTU'));
160 o.placeholder = 1406;
161 o.datatype = 'range(68, 9200)';