"client_connect",
"/usr/bin/ovpn-clientconnect",
translate("Run script cmd on client connection") },
- { Flag,
+ { Value,
"client_disconnect",
- 0,
+ "/usr/bin/ovpn-clientdisconnect",
translate("Run script cmd on client disconnection") },
{ Value,
"learn_address",
"script_security",
{ 0, 1, 2, 3 },
translate("Policy level over usage of external programs and scripts") },
- { Value,
- "config",
- "/etc/openvpn/ovpn-file.ovpn",
- translate("Local OVPN configuration file") },
+ { ListValue,
+ "compress",
+ { "lzo", "lz4" },
+ translate("Enable a compression algorithm") },
} },
{ "Networking", {
"route_nopull",
0,
translate("Don't pull routes automatically") },
+ { Flag,
+ "allow_recursive_routing",
+ 0,
+ translate("Don't drop incoming tun packets with same destination as host") },
{ ListValue,
"mtu_disc",
{ "yes", "maybe", "no" },
"mtu_test",
0,
translate("Empirically measure MTU") },
+ { ListValue,
+ "comp_lzo",
+ { "yes", "no", "adaptive" },
+ translate("Use fast LZO compression") },
+ { Flag,
+ "comp_noadapt",
+ 0,
+ translate("Don't use adaptive lzo compression"),
+ { comp_lzo=1 } },
{ Value,
"link_mtu",
1500,
{ client="0" }, { client="" } },
{ DynamicList,
"push",
- { "redirect-gateway" },
+ { "redirect-gateway", "comp-lzo" },
translate("Push options to peer"),
{ client="0" }, { client="" } },
{ Flag,
{ "", "local", "def1", "local def1" },
translate("Automatically redirect default route"),
{ client="1" } },
+ { Value,
+ "verify_client_cert",
+ { "none", "optional", "require" },
+ translate("Specify whether the client is required to supply a valid certificate") },
} },
{ "Cryptography", {
-- parse
{ Value,
"cipher",
- "BF-CBC",
+ {
+ "AES-128-CBC",
+ "AES-128-CFB",
+ "AES-128-CFB1",
+ "AES-128-CFB8",
+ "AES-128-GCM",
+ "AES-128-OFB",
+ "AES-192-CBC",
+ "AES-192-CFB",
+ "AES-192-CFB1",
+ "AES-192-CFB8",
+ "AES-192-GCM",
+ "AES-192-OFB",
+ "AES-256-CBC",
+ "AES-256-CFB",
+ "AES-256-CFB1",
+ "AES-256-CFB8",
+ "AES-256-GCM",
+ "AES-256-OFB",
+ "BF-CBC",
+ "BF-CFB",
+ "BF-OFB",
+ "CAST5-CBC",
+ "CAST5-CFB",
+ "CAST5-OFB",
+ "DES-CBC",
+ "DES-CFB",
+ "DES-CFB1",
+ "DES-CFB8",
+ "DES-EDE-CBC",
+ "DES-EDE-CFB",
+ "DES-EDE-OFB",
+ "DES-EDE3-CBC",
+ "DES-EDE3-CFB",
+ "DES-EDE3-CFB1",
+ "DES-EDE3-CFB8",
+ "DES-EDE3-OFB",
+ "DES-OFB",
+ "DESX-CBC",
+ "RC2-40-CBC",
+ "RC2-64-CBC",
+ "RC2-CBC",
+ "RC2-CFB",
+ "RC2-OFB"
+ },
translate("Encryption cipher for packets") },
-- parse
{ Value,
"key_method",
{ 1, 2 },
translate("Enable TLS and assume client role") },
- { Value,
+ { DynamicList,
"tls_cipher",
- "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5",
+ {
+ "DHE-RSA-AES256-SHA",
+ "DHE-DSS-AES256-SHA",
+ "AES256-SHA",
+ "EDH-RSA-DES-CBC3-SHA",
+ "EDH-DSS-DES-CBC3-SHA",
+ "DES-CBC3-SHA",
+ "DHE-RSA-AES128-SHA",
+ "DHE-DSS-AES128-SHA",
+ "AES128-SHA",
+ "RC4-SHA",
+ "RC4-MD5",
+ "EDH-RSA-DES-CBC-SHA",
+ "EDH-DSS-DES-CBC-SHA",
+ "DES-CBC-SHA",
+ "EXP-EDH-RSA-DES-CBC-SHA",
+ "EXP-EDH-DSS-DES-CBC-SHA",
+ "EXP-DES-CBC-SHA",
+ "EXP-RC2-CBC-MD5",
+ "EXP-RC4-MD5"
+ },
translate("TLS cipher") },
+ { DynamicList,
+ "tls_ciphersuites",
+ {
+ "TLS_AES_256_GCM_SHA384",
+ "TLS_AES_128_GCM_SHA256",
+ "TLS_CHACHA20_POLY1305_SHA256"
+ },
+ translate("TLS 1.3 or newer cipher") },
{ Value,
"tls_timeout",
2,
"key_direction",
{ 0, 1 },
translate("The key direction for 'tls-auth' and 'secret' options") },
+ { Flag,
+ "ncp_disable",
+ 0,
+ translate("This completely disables cipher negotiation") },
+ { Value,
+ "ncp_ciphers",
+ "AES-256-GCM:AES-128-GCM",
+ translate("Restrict the allowed ciphers to be negotiated") },
} }
}
local params = { }
local m = Map("openvpn")
-local p = m:section( SimpleSection )
-
+m.redirect = luci.dispatcher.build_url("admin", "vpn", "openvpn")
m.apply_on_parse = true
+local p = m:section( SimpleSection )
p.template = "openvpn/pageswitch"
p.mode = "advanced"
p.instance = arg[1]
end
return AbstractValue.remove(self, section)
end
+ elseif option[1] == Flag then
+ o.default = nil
else
if option[1] == DynamicList then
function o.cfgvalue(...)