Merge branch 'release-v0.1.12'

CHANGELOG.md

@@ -1,12 +1,15 @@
 # Change Log
 
-## [v0.1.11](https://github.com/cad/ovpm/tree/v0.1.11) (2017-08-31)
-[Full Changelog](https://github.com/cad/ovpm/compare/v0.1.10...v0.1.11)
+## [v0.1.12](https://github.com/cad/ovpm/tree/v0.1.12) (2017-09-02)
+[Full Changelog](https://github.com/cad/ovpm/compare/v0.1.11...v0.1.12)
 
 **Implemented enhancements:**
 
 - be able to change initial ip block [\#29](https://github.com/cad/ovpm/issues/29)
 
+## [v0.1.11](https://github.com/cad/ovpm/tree/v0.1.11) (2017-08-31)
+[Full Changelog](https://github.com/cad/ovpm/compare/v0.1.10...v0.1.11)
+
 **Fixed bugs:**
 
 - can add duplicate static ip [\#37](https://github.com/cad/ovpm/issues/37)

README.md

@@ -1,4 +1,4 @@
-# OVPM - OpenVPn Manager
+# OVPM - OpenVPN Management Server
 
 [![Build Status](https://travis-ci.org/cad/ovpm.svg?branch=master)](https://travis-ci.org/cad/ovpm)
 [![GitHub version](https://badge.fury.io/gh/cad%2Fovpm.svg)](https://badge.fury.io/gh/cad%2Fovpm)

api/rpc.go

@@ -32,6 +32,7 @@ func (s *UserService) List(ctx context.Context, req *pb.UserListRequest) (*pb.Us
 			IPNet:              user.GetIPNet(),
 			NoGW:               user.IsNoGW(),
 			HostID:             user.GetHostID(),
+			IsAdmin:            user.IsAdmin(),
 		})
 	}
 
@@ -41,7 +42,7 @@ func (s *UserService) List(ctx context.Context, req *pb.UserListRequest) (*pb.Us
 func (s *UserService) Create(ctx context.Context, req *pb.UserCreateRequest) (*pb.UserResponse, error) {
 	logrus.Debugf("rpc call: user create: %s", req.Username)
 	var ut []*pb.UserResponse_User
-	user, err := ovpm.CreateNewUser(req.Username, req.Password, req.NoGW, req.HostID)
+	user, err := ovpm.CreateNewUser(req.Username, req.Password, req.NoGW, req.HostID, req.IsAdmin)
 	if err != nil {
 		return nil, err
 	}
@@ -51,6 +52,7 @@ func (s *UserService) Create(ctx context.Context, req *pb.UserCreateRequest) (*p
 		ServerSerialNumber: user.GetServerSerialNumber(),
 		NoGW:               user.IsNoGW(),
 		HostID:             user.GetHostID(),
+		IsAdmin:            user.IsAdmin(),
 	}
 	ut = append(ut, &pbUser)
 
@@ -76,7 +78,18 @@ func (s *UserService) Update(ctx context.Context, req *pb.UserUpdateRequest) (*p
 
 	}
 
-	err = user.Update(req.Password, noGW, req.HostID)
+	var admin bool
+
+	switch req.Adminpref {
+	case pb.UserUpdateRequest_ADMIN:
+		admin = true
+	case pb.UserUpdateRequest_NOADMIN:
+		admin = false
+	case pb.UserUpdateRequest_NOPREFADMIN:
+		admin = user.IsAdmin()
+	}
+
+	err = user.Update(req.Password, noGW, req.HostID, admin)
 	if err != nil {
 		return nil, err
 	}
@@ -85,6 +98,7 @@ func (s *UserService) Update(ctx context.Context, req *pb.UserUpdateRequest) (*p
 		ServerSerialNumber: user.GetServerSerialNumber(),
 		NoGW:               user.IsNoGW(),
 		HostID:             user.GetHostID(),
+		IsAdmin:            user.IsAdmin(),
 	}
 
 	ut = append(ut, &pbUser)
@@ -104,6 +118,7 @@ func (s *UserService) Delete(ctx context.Context, req *pb.UserDeleteRequest) (*p
 		Username:           user.GetUsername(),
 		ServerSerialNumber: user.GetServerSerialNumber(),
 		HostID:             user.GetHostID(),
+		IsAdmin:            user.IsAdmin(),
 	}
 	ut = append(ut, &pbUser)
 
@@ -127,6 +142,7 @@ func (s *UserService) Renew(ctx context.Context, req *pb.UserRenewRequest) (*pb.
 		Username:           user.GetUsername(),
 		ServerSerialNumber: user.GetServerSerialNumber(),
 		HostID:             user.GetHostID(),
+		IsAdmin:            user.IsAdmin(),
 	}
 	ut = append(ut, &pbUser)
 
@@ -166,7 +182,7 @@ func (s *VPNService) Status(ctx context.Context, req *pb.VPNStatusRequest) (*pb.
 		SerialNumber: server.SerialNumber,
 		Hostname:     server.Hostname,
 		Port:         server.Port,
-		Proto:        server.Proto,
+		Proto:        server.GetProto(),
 		Cert:         server.Cert,
 		CACert:       server.CACert,
 		Net:          server.Net,

bindata/bindata.go

@@ -92,7 +92,7 @@ func templateCcdFileTmpl() (*asset, error) {
 	return a, nil
 }
 
-var _templateClientOvpnTmpl = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x3c\xce\x31\x4b\x04\x31\x10\x05\xe0\x7e\x7e\xc5\x80\x8d\x16\xb9\x2d\xec\x64\x11\xc4\x42\x41\xd4\xab\xb4\x10\x8b\x6c\x76\xee\x36\x5c\x76\x26\x24\x93\x85\x78\xec\x7f\x97\xec\x89\xdd\xcc\xf7\x8a\xf7\xae\x50\x27\x9f\x51\x96\xc8\x78\xf0\x81\xd0\x67\xb4\x45\x65\xb6\xea\x9d\x0d\xa1\xe2\x91\x98\x92\x55\x1a\x71\xa8\xf8\xf5\xfe\xb1\x7f\xfd\xbe\x9e\x54\x63\xbe\xeb\xba\xa3\xd7\xa9\x0c\x3b\x27\x73\xe7\xec\xd8\xc9\x12\xe7\x1b\x00\x17\x3c\xb1\xc2\x48\x0b\x6a\x61\x88\x49\x54\xb0\x8c\x11\x12\xcd\xa2\x84\xe7\x33\xee\x9e\x25\x2b\xdb\x99\x70\x5d\xb7\x7f\x2f\x49\x71\x5d\x21\x51\x96\xb0\x98\x44\x9a\x2a\x7a\x3e\x78\xf6\x4a\xc0\xd9\x38\x4a\x6a\xb4\x46\xc2\x4c\x69\xa1\x04\x2c\x83\xe7\x11\x22\xa5\xec\xb3\x9a\x13\xd5\xff\xbb\xb5\x3a\x99\xa3\x09\x3f\x02\x0b\xa5\x01\x6f\xc1\x16\x9d\x0c\x8b\xb3\x6e\x22\x80\xde\xd9\x7b\x68\xbd\x8f\x0f\xb8\xae\x7d\xd7\xde\xbe\x55\xfc\x29\x6d\x6b\xfa\xee\x42\xfd\x89\xea\x25\x78\xa1\xba\xf9\x06\x4d\xfc\x01\x77\x6f\xf2\xf4\xb9\x6d\x97\xa2\x64\x58\x62\x09\xa1\x65\xc4\x63\xe3\xdf\x00\x00\x00\xff\xff\x1b\xa9\x43\x1f\x63\x01\x00\x00")
+var _templateClientOvpnTmpl = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x3c\xce\x31\x4b\xc5\x30\x10\x07\xf0\xfd\x3e\xc5\x81\x8b\x0e\x79\x1d\xdc\xa4\x08\xe2\xa0\x20\xea\x9b\x74\x10\x87\x34\xbd\xbe\x86\x97\xde\x85\xe4\x5a\x88\x8f\x7e\x77\x49\x2b\x6e\x77\xbf\x3b\xf8\xff\xaf\x50\x47\x9f\x51\x96\xc8\x38\xf8\x40\xe8\x33\xda\x59\x65\xb2\xea\x9d\x0d\xa1\xe0\x89\x98\x92\x55\xea\xb1\x2b\xf8\xf5\xfe\x71\x7c\xfd\xbe\x1e\x55\x63\xbe\x6b\x9a\x93\xd7\x71\xee\x0e\x4e\xa6\xc6\xd9\xbe\x91\x25\x4e\x37\x00\x2e\x78\x62\x85\x9e\x16\xd4\x99\x21\x26\x51\xc1\xcb\x05\x0f\xc7\x6d\x5a\x57\x48\x34\x89\xd2\x66\xcf\x92\x95\xed\x44\xb8\xae\xfb\x8f\x24\xdd\x5f\xb2\x84\xc5\x24\xd2\x54\xd0\xf3\xe0\xd9\x2b\x01\x67\xe3\x28\xa9\xd1\x12\x09\x33\xa5\x85\x12\xb0\x74\x9e\x7b\x88\x94\xb2\xcf\x6a\xce\x54\xfe\xe7\x1a\xef\x64\x8a\x26\xfc\x08\x2c\x94\x3a\xbc\x05\x3b\xeb\x68\x58\x9c\x75\x23\x01\xb4\xce\xde\x43\xcd\x7d\x7c\xc0\x75\x6d\x9b\xba\xb6\x35\xe2\x4f\x69\x6b\xd3\x36\x3b\xb5\x67\x2a\xfb\xe1\x85\xca\xe6\x1b\x54\xf1\x03\x1e\xde\xe4\xe9\x73\xeb\x2e\xb3\x92\x61\x89\x73\x08\xf5\x46\xdc\x57\xfe\x0d\x00\x00\xff\xff\x94\xe5\xf3\xfc\x6c\x01\x00\x00")
 
 func templateClientOvpnTmplBytes() ([]byte, error) {
 	return bindataRead(
@@ -107,7 +107,7 @@ func templateClientOvpnTmpl() (*asset, error) {
 		return nil, err
 	}
 
-	info := bindataFileInfo{name: "template/client.ovpn.tmpl", size: 355, mode: os.FileMode(420), modTime: time.Unix(1503944154, 0)}
+	info := bindataFileInfo{name: "template/client.ovpn.tmpl", size: 364, mode: os.FileMode(420), modTime: time.Unix(1504303338, 0)}
 	a := &asset{bytes: bytes, info: info}
 	return a, nil
 }
@@ -167,7 +167,7 @@ func templateServerConfTmpl() (*asset, error) {
 		return nil, err
 	}
 
-	info := bindataFileInfo{name: "template/server.conf.tmpl", size: 9597, mode: os.FileMode(420), modTime: time.Unix(1504030791, 0)}
+	info := bindataFileInfo{name: "template/server.conf.tmpl", size: 9597, mode: os.FileMode(420), modTime: time.Unix(1504196445, 0)}
 	a := &asset{bytes: bytes, info: info}
 	return a, nil
 }

cmd/ovpm/user.go

@@ -46,7 +46,11 @@ var userListCommand = cli.Command{
 			if user.HostID != 0 {
 				static = "s"
 			}
-			data := []string{fmt.Sprintf("%v", i+1), user.Username, fmt.Sprintf("%s %s", user.IPNet, static), user.CreatedAt, fmt.Sprintf("%t", user.ServerSerialNumber == server.SerialNumber), fmt.Sprintf("%t", !user.NoGW)}
+			username := user.Username
+			if user.IsAdmin {
+				username = fmt.Sprintf("%s *", username)
+			}
+			data := []string{fmt.Sprintf("%v", i+1), username, fmt.Sprintf("%s %s", user.IPNet, static), user.CreatedAt, fmt.Sprintf("%t", user.ServerSerialNumber == server.SerialNumber), fmt.Sprintf("%t", !user.NoGW)}
 			table.Append(data)
 		}
 		table.Render()
@@ -76,6 +80,10 @@ var userCreateCommand = cli.Command{
 			Name:  "static",
 			Usage: "ip address for the vpn user",
 		},
+		cli.BoolFlag{
+			Name:  "admin, a",
+			Usage: "this user has admin rights",
+		},
 	},
 	Action: func(c *cli.Context) error {
 		action = "user:create"
@@ -83,6 +91,7 @@ var userCreateCommand = cli.Command{
 		password := c.String("password")
 		noGW := c.Bool("no-gw")
 		static := c.String("static")
+		admin := c.Bool("admin")
 
 		if username == "" || password == "" {
 			fmt.Println(cli.ShowSubcommandHelp(c))
@@ -112,7 +121,9 @@ var userCreateCommand = cli.Command{
 		defer conn.Close()
 		userSvc := pb.NewUserServiceClient(conn)
 
-		response, err := userSvc.Create(context.Background(), &pb.UserCreateRequest{Username: username, Password: password, NoGW: noGW, HostID: hostid})
+		response, err := userSvc.Create(context.Background(),
+			&pb.UserCreateRequest{Username: username, Password: password, NoGW: noGW, HostID: hostid, IsAdmin: admin},
+		)
 		if err != nil {
 			logrus.Errorf("user can not be created '%s': %v", username, err)
 			os.Exit(1)
@@ -152,6 +163,14 @@ var userUpdateCommand = cli.Command{
 			Name:  "no-static",
 			Usage: "do not set static ip address for the vpn user",
 		},
+		cli.BoolFlag{
+			Name:  "admin",
+			Usage: "this user has admin rights",
+		},
+		cli.BoolFlag{
+			Name:  "no-admin",
+			Usage: "this user has no admin rights",
+		},
 	},
 	Action: func(c *cli.Context) error {
 		action = "user:update"
@@ -161,21 +180,23 @@ var userUpdateCommand = cli.Command{
 		gw := c.Bool("gw")
 		static := c.String("static")
 		noStatic := c.Bool("no-static")
+		admin := c.Bool("admin")
+		noAdmin := c.Bool("no-admin")
 
 		if username == "" {
 			fmt.Println(cli.ShowSubcommandHelp(c))
 			os.Exit(1)
 		}
 
-		// Check wether if all flags are are empty.
-		if !(password != "" || gw || nogw || static != "" || noStatic) {
+		// Check whether if all flags are are empty.
+		if !(password != "" || gw || nogw || static != "" || noStatic || admin || noAdmin) {
 			fmt.Println("nothing is updated!")
 			fmt.Println()
 			fmt.Println(cli.ShowSubcommandHelp(c))
 			os.Exit(1)
 		}
 
-		// Given that static is set, check wether it's IPv4.
+		// Given that static is set, check whether it's IPv4.
 		if static != "" && !govalidator.IsIPv4(static) {
 			fmt.Println("--static flag takes a valid ipv4 address")
 			fmt.Println()
@@ -218,6 +239,7 @@ var userUpdateCommand = cli.Command{
 			staticPref = pb.UserUpdateRequest_NOPREFSTATIC
 			hostid = 0
 		}
+
 		var gwPref pb.UserUpdateRequest_GWPref
 
 		switch {
@@ -236,6 +258,23 @@ var userUpdateCommand = cli.Command{
 
 		}
 
+		var adminPref pb.UserUpdateRequest_AdminPref
+
+		switch {
+		case admin && !noAdmin:
+			adminPref = pb.UserUpdateRequest_ADMIN
+		case !admin && noAdmin:
+			adminPref = pb.UserUpdateRequest_NOADMIN
+		case !admin && !noAdmin:
+			adminPref = pb.UserUpdateRequest_NOPREFADMIN
+		case admin && noAdmin:
+			// Ambigius.
+			fmt.Println("you can't use --admin together with --no-admin")
+			fmt.Println()
+			fmt.Println(cli.ShowSubcommandHelp(c))
+			os.Exit(1)
+		}
+
 		//conn := getConn(c.String("port"))
 		conn := getConn(c.GlobalString("daemon-port"))
 		defer conn.Close()
@@ -247,6 +286,7 @@ var userUpdateCommand = cli.Command{
 			Gwpref:     gwPref,
 			HostID:     hostid,
 			Staticpref: staticPref,
+			Adminpref:  adminPref,
 		})
 
 		if err != nil {

const.go

@@ -2,7 +2,7 @@ package ovpm
 
 const (
 	// Version defines the version of ovpm.
-	Version = "0.1.11"
+	Version = "0.1.12"
 
 	// DefaultVPNPort is the default OpenVPN port to listen.
 	DefaultVPNPort = "1197"
@@ -28,6 +28,6 @@ const (
 	_DefaultCRLPath      = varBasePath + "crl.pem"
 )
 
-// Testing is used to determine wether we are testing or running normally.
+// Testing is used to determine whether we are testing or running normally.
 // Set it to true when testing.
 var Testing = false

net_test.go

@@ -183,7 +183,7 @@ func TestNetAssociate(t *testing.T) {
 	cidrStr := "192.168.1.0/24"
 	netType := SERVERNET
 	userName := "testUser2"
-	user, err := CreateNewUser(userName, "123", false, 0)
+	user, err := CreateNewUser(userName, "123", false, 0, true)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -224,7 +224,7 @@ func TestNetDissociate(t *testing.T) {
 	cidrStr := "192.168.1.0/24"
 	netType := SERVERNET
 	userName := "testUser2"
-	user, err := CreateNewUser(userName, "123", false, 0)
+	user, err := CreateNewUser(userName, "123", false, 0, true)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -274,7 +274,7 @@ func TestNetGetAssociatedUsers(t *testing.T) {
 	cidrStr := "192.168.1.0/24"
 	netType := SERVERNET
 	userName := "testUser2"
-	user, _ := CreateNewUser(userName, "123", false, 0)
+	user, _ := CreateNewUser(userName, "123", false, 0, true)
 
 	n, _ := CreateNewNetwork(netName, cidrStr, netType, "")
 	n.Associate(user.Username)

pb/user.pb.go

@@ -112,6 +112,32 @@ func (UserUpdateRequest_StaticPref) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptor0, []int{2, 1}
 }
 
+type UserUpdateRequest_AdminPref int32
+
+const (
+	UserUpdateRequest_NOPREFADMIN UserUpdateRequest_AdminPref = 0
+	UserUpdateRequest_NOADMIN     UserUpdateRequest_AdminPref = 1
+	UserUpdateRequest_ADMIN       UserUpdateRequest_AdminPref = 2
+)
+
+var UserUpdateRequest_AdminPref_name = map[int32]string{
+	0: "NOPREFADMIN",
+	1: "NOADMIN",
+	2: "ADMIN",
+}
+var UserUpdateRequest_AdminPref_value = map[string]int32{
+	"NOPREFADMIN": 0,
+	"NOADMIN":     1,
+	"ADMIN":       2,
+}
+
+func (x UserUpdateRequest_AdminPref) String() string {
+	return proto.EnumName(UserUpdateRequest_AdminPref_name, int32(x))
+}
+func (UserUpdateRequest_AdminPref) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor0, []int{2, 2}
+}
+
 type UserListRequest struct {
 }
 
@@ -125,6 +151,7 @@ type UserCreateRequest struct {
 	Password string `protobuf:"bytes,2,opt,name=Password" json:"Password,omitempty"`
 	NoGW     bool   `protobuf:"varint,3,opt,name=NoGW" json:"NoGW,omitempty"`
 	HostID   uint32 `protobuf:"varint,4,opt,name=HostID" json:"HostID,omitempty"`
+	IsAdmin  bool   `protobuf:"varint,5,opt,name=IsAdmin" json:"IsAdmin,omitempty"`
 }
 
 func (m *UserCreateRequest) Reset()                    { *m = UserCreateRequest{} }
@@ -160,12 +187,20 @@ func (m *UserCreateRequest) GetHostID() uint32 {
 	return 0
 }
 
+func (m *UserCreateRequest) GetIsAdmin() bool {
+	if m != nil {
+		return m.IsAdmin
+	}
+	return false
+}
+
 type UserUpdateRequest struct {
 	Username   string                       `protobuf:"bytes,1,opt,name=Username" json:"Username,omitempty"`
 	Password   string                       `protobuf:"bytes,2,opt,name=Password" json:"Password,omitempty"`
 	Gwpref     UserUpdateRequest_GWPref     `protobuf:"varint,3,opt,name=gwpref,enum=pb.UserUpdateRequest_GWPref" json:"gwpref,omitempty"`
 	HostID     uint32                       `protobuf:"varint,4,opt,name=HostID" json:"HostID,omitempty"`
 	Staticpref UserUpdateRequest_StaticPref `protobuf:"varint,5,opt,name=staticpref,enum=pb.UserUpdateRequest_StaticPref" json:"staticpref,omitempty"`
+	Adminpref  UserUpdateRequest_AdminPref  `protobuf:"varint,6,opt,name=adminpref,enum=pb.UserUpdateRequest_AdminPref" json:"adminpref,omitempty"`
 }
 
 func (m *UserUpdateRequest) Reset()                    { *m = UserUpdateRequest{} }
@@ -208,6 +243,13 @@ func (m *UserUpdateRequest) GetStaticpref() UserUpdateRequest_StaticPref {
 	return UserUpdateRequest_NOPREFSTATIC
 }
 
+func (m *UserUpdateRequest) GetAdminpref() UserUpdateRequest_AdminPref {
+	if m != nil {
+		return m.Adminpref
+	}
+	return UserUpdateRequest_NOPREFADMIN
+}
+
 type UserDeleteRequest struct {
 	Username string `protobuf:"bytes,1,opt,name=Username" json:"Username,omitempty"`
 }
@@ -280,6 +322,7 @@ type UserResponse_User struct {
 	IPNet              string `protobuf:"bytes,5,opt,name=IPNet" json:"IPNet,omitempty"`
 	NoGW               bool   `protobuf:"varint,6,opt,name=NoGW" json:"NoGW,omitempty"`
 	HostID             uint32 `protobuf:"varint,7,opt,name=HostID" json:"HostID,omitempty"`
+	IsAdmin            bool   `protobuf:"varint,8,opt,name=IsAdmin" json:"IsAdmin,omitempty"`
 }
 
 func (m *UserResponse_User) Reset()                    { *m = UserResponse_User{} }
@@ -336,6 +379,13 @@ func (m *UserResponse_User) GetHostID() uint32 {
 	return 0
 }
 
+func (m *UserResponse_User) GetIsAdmin() bool {
+	if m != nil {
+		return m.IsAdmin
+	}
+	return false
+}
+
 type UserGenConfigResponse struct {
 	ClientConfig string `protobuf:"bytes,1,opt,name=ClientConfig" json:"ClientConfig,omitempty"`
 }
@@ -364,6 +414,7 @@ func init() {
 	proto.RegisterType((*UserGenConfigResponse)(nil), "pb.UserGenConfigResponse")
 	proto.RegisterEnum("pb.UserUpdateRequest_GWPref", UserUpdateRequest_GWPref_name, UserUpdateRequest_GWPref_value)
 	proto.RegisterEnum("pb.UserUpdateRequest_StaticPref", UserUpdateRequest_StaticPref_name, UserUpdateRequest_StaticPref_value)
+	proto.RegisterEnum("pb.UserUpdateRequest_AdminPref", UserUpdateRequest_AdminPref_name, UserUpdateRequest_AdminPref_value)
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -606,45 +657,49 @@ var _UserService_serviceDesc = grpc.ServiceDesc{
 func init() { proto.RegisterFile("user.proto", fileDescriptor0) }
 
 var fileDescriptor0 = []byte{
-	// 628 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x94, 0xc1, 0x6e, 0xd3, 0x4c,
-	0x10, 0xc7, 0x6b, 0x37, 0xf1, 0x97, 0x4c, 0xd3, 0xd6, 0xdd, 0xa6, 0x1f, 0x6e, 0x54, 0xa4, 0x68,
-	0x0f, 0x28, 0x2a, 0x52, 0x22, 0x02, 0x07, 0x54, 0x2e, 0x54, 0x29, 0x98, 0x22, 0x70, 0x23, 0xa7,
-	0x55, 0x8e, 0xc8, 0x49, 0xa6, 0x91, 0xa5, 0xd4, 0x36, 0xbb, 0x9b, 0xe6, 0x8e, 0x78, 0x03, 0x9e,
-	0x87, 0x2b, 0x2f, 0xc0, 0x2b, 0xf0, 0x00, 0x3c, 0x02, 0xda, 0x5d, 0xc7, 0x6e, 0x8a, 0x41, 0x39,
-	0x70, 0x9b, 0x99, 0x9d, 0xf9, 0x8d, 0x77, 0xf6, 0x3f, 0x06, 0x98, 0x73, 0x64, 0xed, 0x84, 0xc5,
-	0x22, 0x26, 0x66, 0x32, 0x6a, 0x1c, 0x4d, 0xe3, 0x78, 0x3a, 0xc3, 0x4e, 0x90, 0x84, 0x9d, 0x20,
-	0x8a, 0x62, 0x11, 0x88, 0x30, 0x8e, 0xb8, 0xce, 0xa0, 0x7b, 0xb0, 0x7b, 0xc5, 0x91, 0xbd, 0x0b,
-	0xb9, 0xf0, 0xf1, 0xe3, 0x1c, 0xb9, 0xa0, 0x0b, 0xd8, 0x93, 0xa1, 0x1e, 0xc3, 0x40, 0x60, 0x1a,
-	0x24, 0x0d, 0xa8, 0xc8, 0x60, 0x14, 0xdc, 0xa0, 0x63, 0x34, 0x8d, 0x56, 0xd5, 0xcf, 0x7c, 0x79,
-	0xd6, 0x0f, 0x38, 0x5f, 0xc4, 0x6c, 0xe2, 0x98, 0xfa, 0x6c, 0xe9, 0x13, 0x02, 0x25, 0x2f, 0x76,
-	0x87, 0xce, 0x66, 0xd3, 0x68, 0x55, 0x7c, 0x65, 0x93, 0xff, 0xc1, 0x7a, 0x13, 0x73, 0x71, 0x7e,
-	0xe6, 0x94, 0x9a, 0x46, 0x6b, 0xdb, 0x4f, 0x3d, 0xfa, 0xd5, 0xd4, 0x9d, 0xaf, 0x92, 0xc9, 0x3f,
-	0xe8, 0xfc, 0x0c, 0xac, 0xe9, 0x22, 0x61, 0x78, 0xad, 0x7a, 0xef, 0x74, 0x8f, 0xda, 0xc9, 0xa8,
-	0xfd, 0x1b, 0xbe, 0xed, 0x0e, 0xfb, 0x0c, 0xaf, 0xfd, 0x34, 0xf7, 0x4f, 0xdf, 0x46, 0x5e, 0x02,
-	0x70, 0x39, 0xb9, 0xb1, 0x22, 0x96, 0x15, 0xb1, 0x59, 0x4c, 0x1c, 0xa8, 0x3c, 0x45, 0xbd, 0x53,
-	0x43, 0x1f, 0x81, 0xa5, 0x7b, 0x11, 0x00, 0xcb, 0xbb, 0xe8, 0xfb, 0xaf, 0x5e, 0xdb, 0x1b, 0xa4,
-	0x02, 0x25, 0xef, 0xc2, 0x1d, 0xda, 0x06, 0xb1, 0xc0, 0x74, 0x87, 0xb6, 0x49, 0x9f, 0x03, 0xe4,
-	0x04, 0x62, 0x43, 0x4d, 0xe7, 0x0e, 0x2e, 0x4f, 0x2f, 0xcf, 0x7b, 0xf6, 0x06, 0xa9, 0x41, 0xc5,
-	0xbb, 0x48, 0x3d, 0x43, 0xb2, 0x52, 0xdb, 0xa4, 0x1d, 0x3d, 0xbe, 0x33, 0x9c, 0xe1, 0x5a, 0xe3,
-	0xa3, 0x6d, 0xb0, 0xa5, 0xed, 0x63, 0x84, 0x8b, 0x75, 0xf2, 0xbb, 0x50, 0x97, 0xb6, 0x8b, 0x51,
-	0x2f, 0x8e, 0xae, 0xc3, 0xe9, 0x3a, 0x35, 0x9f, 0x4d, 0xa8, 0xe9, 0x26, 0x3c, 0x89, 0x23, 0x8e,
-	0xe4, 0x31, 0x94, 0xa5, 0x42, 0xb9, 0x63, 0x34, 0x37, 0x5b, 0x5b, 0xdd, 0x83, 0xe5, 0x10, 0x97,
-	0x09, 0xda, 0xd1, 0x39, 0x8d, 0x6f, 0x06, 0x94, 0xa4, 0xff, 0x57, 0x15, 0xb4, 0x81, 0x0c, 0x90,
-	0xdd, 0x22, 0x1b, 0x20, 0x0b, 0x83, 0x99, 0x37, 0xbf, 0x19, 0x21, 0x4b, 0xf5, 0x50, 0x70, 0x22,
-	0x35, 0xd9, 0x43, 0x26, 0x94, 0x2e, 0xaa, 0xbe, 0xb2, 0xc9, 0x11, 0x54, 0xb5, 0xe0, 0x27, 0xa7,
-	0x42, 0x3d, 0x7d, 0xd5, 0xcf, 0x03, 0xa4, 0x0e, 0xe5, 0xf3, 0xbe, 0x87, 0x42, 0x3d, 0x7c, 0xd5,
-	0xd7, 0x4e, 0xa6, 0x6d, 0xab, 0x50, 0xdb, 0xff, 0xad, 0x68, 0xfb, 0x05, 0x1c, 0xdc, 0x1b, 0x5d,
-	0x3a, 0x0e, 0x0a, 0xb5, 0xde, 0x2c, 0xc4, 0x48, 0xe8, 0x78, 0x7a, 0xb9, 0x95, 0x58, 0xf7, 0xe7,
-	0x26, 0x6c, 0xc9, 0x6a, 0x79, 0x97, 0x70, 0x8c, 0xc4, 0x85, 0x92, 0x5c, 0x58, 0xb2, 0xbf, 0x9c,
-	0xdd, 0x9d, 0xf5, 0x6d, 0xd8, 0xf7, 0x07, 0x4a, 0x9d, 0x4f, 0xdf, 0x7f, 0x7c, 0x31, 0x09, 0xdd,
-	0xee, 0xdc, 0x3e, 0xe9, 0xc8, 0xb9, 0x76, 0x66, 0x21, 0x17, 0x27, 0xc6, 0x31, 0x79, 0x0f, 0x96,
-	0xbe, 0x24, 0xc9, 0x9e, 0x61, 0x65, 0xed, 0x0b, 0x60, 0x0d, 0x05, 0xab, 0xd3, 0xdd, 0x0c, 0x36,
-	0x56, 0x15, 0x29, 0x4e, 0xaf, 0x42, 0x8e, 0x5b, 0x59, 0x8d, 0xb5, 0x70, 0x73, 0x55, 0x91, 0xe2,
-	0xb4, 0x96, 0x73, 0xdc, 0x8a, 0xb6, 0xd7, 0xc2, 0x4d, 0x54, 0x85, 0xc4, 0xbd, 0x85, 0xb2, 0x52,
-	0x3a, 0xa9, 0xe7, 0x65, 0xb9, 0xf0, 0x0b, 0x60, 0x87, 0x0a, 0xb6, 0x4f, 0x77, 0x32, 0x18, 0x93,
-	0x05, 0x92, 0xf5, 0x01, 0xaa, 0xd9, 0x53, 0x12, 0x67, 0x59, 0x79, 0x7f, 0x31, 0x1a, 0x87, 0x05,
-	0x27, 0x29, 0xfc, 0xa1, 0x82, 0x3f, 0xa0, 0x24, 0x83, 0x4f, 0x31, 0x1a, 0xab, 0x9c, 0x13, 0xe3,
-	0x78, 0x64, 0xa9, 0xdf, 0xf3, 0xd3, 0x5f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x92, 0x5d, 0x0b, 0xf4,
-	0xce, 0x05, 0x00, 0x00,
+	// 696 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x95, 0xc1, 0x6e, 0xd3, 0x40,
+	0x10, 0x86, 0x6b, 0x27, 0x71, 0xe3, 0x49, 0xda, 0xba, 0xd3, 0x14, 0xdc, 0xa8, 0x88, 0x68, 0x0f,
+	0x28, 0x2a, 0x52, 0x22, 0x42, 0x0f, 0xa8, 0x08, 0x89, 0x28, 0x85, 0x10, 0x44, 0x9d, 0xc8, 0x69,
+	0x95, 0x23, 0x72, 0x92, 0x6d, 0x64, 0x29, 0xb5, 0x8d, 0xd7, 0x69, 0xef, 0xbc, 0x01, 0xe2, 0xce,
+	0x43, 0xf0, 0x2a, 0xbc, 0x00, 0x07, 0x1e, 0x80, 0x47, 0x40, 0xbb, 0xeb, 0xd8, 0x4d, 0x71, 0x51,
+	0x0e, 0xdc, 0x76, 0x76, 0xe7, 0xff, 0x32, 0x3b, 0x3b, 0xbf, 0x03, 0xb0, 0x60, 0x34, 0x6c, 0x04,
+	0xa1, 0x1f, 0xf9, 0xa8, 0x06, 0xe3, 0xea, 0xe1, 0xcc, 0xf7, 0x67, 0x73, 0xda, 0x74, 0x02, 0xb7,
+	0xe9, 0x78, 0x9e, 0x1f, 0x39, 0x91, 0xeb, 0x7b, 0x4c, 0x66, 0x90, 0x5d, 0xd8, 0xb9, 0x60, 0x34,
+	0xfc, 0xe0, 0xb2, 0xc8, 0xa6, 0x9f, 0x16, 0x94, 0x45, 0xe4, 0x8b, 0x02, 0xbb, 0x7c, 0xaf, 0x13,
+	0x52, 0x27, 0xa2, 0xf1, 0x2e, 0x56, 0xa1, 0xc8, 0x37, 0x3d, 0xe7, 0x8a, 0x9a, 0x4a, 0x4d, 0xa9,
+	0xeb, 0x76, 0x12, 0xf3, 0xb3, 0x81, 0xc3, 0xd8, 0x8d, 0x1f, 0x4e, 0x4d, 0x55, 0x9e, 0x2d, 0x63,
+	0x44, 0xc8, 0x5b, 0x7e, 0x77, 0x64, 0xe6, 0x6a, 0x4a, 0xbd, 0x68, 0x8b, 0x35, 0x3e, 0x00, 0xed,
+	0x9d, 0xcf, 0xa2, 0xde, 0xa9, 0x99, 0xaf, 0x29, 0xf5, 0x2d, 0x3b, 0x8e, 0xd0, 0x84, 0xcd, 0x1e,
+	0x6b, 0x4f, 0xaf, 0x5c, 0xcf, 0x2c, 0x88, 0xf4, 0x65, 0x48, 0xbe, 0xe7, 0x64, 0x4d, 0x17, 0xc1,
+	0xf4, 0x3f, 0xd4, 0x74, 0x0c, 0xda, 0xec, 0x26, 0x08, 0xe9, 0xa5, 0xa8, 0x6a, 0xbb, 0x75, 0xd8,
+	0x08, 0xc6, 0x8d, 0xbf, 0xf0, 0x8d, 0xee, 0x68, 0x10, 0xd2, 0x4b, 0x3b, 0xce, 0xbd, 0xb7, 0xea,
+	0xd7, 0x00, 0x8c, 0x37, 0x75, 0x22, 0x88, 0x05, 0x41, 0xac, 0x65, 0x13, 0x87, 0x22, 0x4f, 0x50,
+	0x6f, 0x69, 0xf0, 0x15, 0xe8, 0x0e, 0xbf, 0xa6, 0x00, 0x68, 0x02, 0xf0, 0x38, 0x1b, 0x20, 0xba,
+	0x21, 0xf4, 0xa9, 0x82, 0x3c, 0x01, 0x4d, 0x96, 0x8a, 0x00, 0x9a, 0xd5, 0x1f, 0xd8, 0x6f, 0xde,
+	0x1a, 0x1b, 0x58, 0x84, 0xbc, 0xd5, 0xef, 0x8e, 0x0c, 0x05, 0x35, 0x50, 0xbb, 0x23, 0x43, 0x25,
+	0x2f, 0x00, 0xd2, 0x02, 0xd0, 0x80, 0xb2, 0xcc, 0x1d, 0x9e, 0xb7, 0xcf, 0x7b, 0x1d, 0x63, 0x03,
+	0xcb, 0x50, 0xb4, 0xfa, 0x71, 0xa4, 0x70, 0x56, 0xbc, 0x56, 0xc9, 0x31, 0xe8, 0xc9, 0x2f, 0xe3,
+	0x0e, 0x94, 0xa4, 0xb0, 0x7d, 0x7a, 0xd6, 0xb3, 0x8c, 0x0d, 0x2c, 0xc1, 0xa6, 0xd5, 0x97, 0x81,
+	0x82, 0x3a, 0x14, 0xe4, 0x52, 0x25, 0x4d, 0xf9, 0x66, 0xa7, 0x74, 0x4e, 0xd7, 0x7a, 0x33, 0xd2,
+	0x00, 0x83, 0xaf, 0x6d, 0xea, 0xd1, 0x9b, 0x75, 0xf2, 0x5b, 0x50, 0xe1, 0xeb, 0x2e, 0xf5, 0x3a,
+	0xbe, 0x77, 0xe9, 0xce, 0xd6, 0xd1, 0x7c, 0x53, 0xa1, 0x2c, 0x7f, 0x84, 0x05, 0xbe, 0xc7, 0x28,
+	0x3e, 0x85, 0x02, 0x77, 0x0c, 0x33, 0x95, 0x5a, 0xae, 0x5e, 0x6a, 0xed, 0x2f, 0x1b, 0xbf, 0x4c,
+	0x90, 0x81, 0xcc, 0xa9, 0xfe, 0x54, 0x20, 0xcf, 0xe3, 0x7f, 0x8e, 0x5e, 0x03, 0x70, 0x48, 0xc3,
+	0x6b, 0x1a, 0x0e, 0x69, 0xe8, 0x3a, 0x73, 0x6b, 0x71, 0x35, 0xa6, 0x61, 0x3c, 0x84, 0x19, 0x27,
+	0xdc, 0x22, 0x1d, 0x1a, 0x46, 0x62, 0x18, 0x75, 0x5b, 0xac, 0xf1, 0x10, 0x74, 0xe9, 0xbf, 0x69,
+	0x3b, 0x12, 0xf3, 0xa6, 0xdb, 0xe9, 0x06, 0x56, 0xa0, 0xd0, 0x1b, 0x58, 0x34, 0x12, 0xd3, 0xa6,
+	0xdb, 0x32, 0x48, 0xac, 0xa6, 0x65, 0x5a, 0x6d, 0xf3, 0x3e, 0xab, 0x15, 0x57, 0xad, 0xf6, 0x12,
+	0xf6, 0xef, 0x34, 0x35, 0x6e, 0x14, 0x81, 0x72, 0x67, 0xee, 0x52, 0x2f, 0x92, 0xfb, 0xf1, 0xb5,
+	0x57, 0xf6, 0x5a, 0xbf, 0x73, 0x50, 0xe2, 0x6a, 0x7e, 0x4b, 0x77, 0x42, 0xb1, 0x0b, 0x79, 0xfe,
+	0x69, 0xc1, 0xbd, 0x65, 0x57, 0x6f, 0x7d, 0x68, 0xaa, 0xc6, 0xdd, 0x56, 0x13, 0xf3, 0xf3, 0x8f,
+	0x5f, 0x5f, 0x55, 0x24, 0x5b, 0xcd, 0xeb, 0x67, 0x4d, 0xde, 0xf1, 0xe6, 0xdc, 0x65, 0xd1, 0x89,
+	0x72, 0x84, 0x67, 0xa0, 0xc9, 0xeb, 0x63, 0xf2, 0x40, 0x2b, 0xdf, 0xa7, 0x0c, 0x58, 0x55, 0xc0,
+	0x2a, 0x64, 0x27, 0x81, 0x4d, 0x84, 0x22, 0xc6, 0x49, 0x63, 0xa5, 0xb8, 0x15, 0xa3, 0xad, 0x85,
+	0x5b, 0x08, 0x45, 0x8c, 0x93, 0x53, 0x9e, 0xe2, 0x56, 0xa6, 0x7e, 0x2d, 0xdc, 0x54, 0x28, 0x38,
+	0xee, 0x3d, 0x14, 0x84, 0x07, 0xb0, 0x92, 0xca, 0x52, 0x4b, 0x64, 0xc0, 0x0e, 0x04, 0x6c, 0x8f,
+	0x6c, 0x27, 0xb0, 0x90, 0x0b, 0x38, 0xeb, 0x23, 0xe8, 0xc9, 0x53, 0xa2, 0xb9, 0x54, 0xde, 0xb5,
+	0x4c, 0xf5, 0x20, 0xe3, 0x24, 0x86, 0x3f, 0x12, 0xf0, 0x87, 0x04, 0x13, 0xf8, 0x8c, 0x7a, 0x13,
+	0x91, 0x73, 0xa2, 0x1c, 0x8d, 0x35, 0xf1, 0x47, 0xf2, 0xfc, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff,
+	0x77, 0x7f, 0x37, 0xa5, 0x78, 0x06, 0x00, 0x00,
 }

pb/user.proto

@@ -13,6 +13,7 @@ message UserCreateRequest {
   string Password = 2;
   bool NoGW = 3;
   uint32 HostID = 4;
+  bool IsAdmin = 5;
 }
 
 message UserUpdateRequest {
@@ -31,6 +32,12 @@ message UserUpdateRequest {
     STATIC = 2;
   }
   StaticPref staticpref = 5;
+  enum AdminPref {
+    NOPREFADMIN = 0;
+    NOADMIN = 1;
+    ADMIN = 2;
+  }
+  AdminPref adminpref = 6;
 }
 
 
@@ -98,6 +105,7 @@ message UserResponse {
     string IPNet = 5;
     bool NoGW = 6;
     uint32 HostID = 7;
+    bool IsAdmin = 8;
   }
 
   repeated User users = 1;

pb/user.swagger.json

@@ -198,9 +198,22 @@
         "HostID": {
           "type": "integer",
           "format": "int64"
+        },
+        "IsAdmin": {
+          "type": "boolean",
+          "format": "boolean"
         }
       }
     },
+    "UserUpdateRequestAdminPref": {
+      "type": "string",
+      "enum": [
+        "NOPREFADMIN",
+        "NOADMIN",
+        "ADMIN"
+      ],
+      "default": "NOPREFADMIN"
+    },
     "UserUpdateRequestGWPref": {
       "type": "string",
       "enum": [
@@ -235,6 +248,10 @@
         "HostID": {
           "type": "integer",
           "format": "int64"
+        },
+        "IsAdmin": {
+          "type": "boolean",
+          "format": "boolean"
         }
       }
     },
@@ -302,6 +319,9 @@
         },
         "staticpref": {
           "$ref": "#/definitions/UserUpdateRequestStaticPref"
+        },
+        "adminpref": {
+          "$ref": "#/definitions/UserUpdateRequestAdminPref"
         }
       }
     }

pki/pki_test.go

@@ -185,7 +185,7 @@ func TestReadCertFromPEM(t *testing.T) {
 	}
 }
 
-// isPEMEncodedProperly takes an PEM encoded string s and the expected block type typ (e.g. "RSA PRIVATE KEY") and returns wether it can be decodable.
+// isPEMEncodedProperly takes an PEM encoded string s and the expected block type typ (e.g. "RSA PRIVATE KEY") and returns whether it can be decodable.
 func isPEMEncodedProperly(t *testing.T, s string, typ string) bool {
 	block, _ := pem.Decode([]byte(s))
 

supervisor/supervisor.go

@@ -114,7 +114,7 @@ func NewProcess(executable string, dir string, args []string) (*Process, error)
 	return &p, nil
 }
 
-// isExist returns wether the given executable binary is found on the filesystem or not.
+// isExist returns whether the given executable binary is found on the filesystem or not.
 func isExist(executable string) bool {
 	if _, err := os.Stat(executable); !os.IsNotExist(err) {
 		return true

template/client.ovpn.tmpl

@@ -2,7 +2,7 @@
 
 client
 dev tun
-proto udp
+proto {{ .Proto }}
 remote {{ .Hostname }} {{ .Port }}
 resolv-retry infinite
 ns-cert-type server

user.go

@@ -21,6 +21,7 @@ type User interface {
 	GetIPNet() string
 	IsNoGW() bool
 	GetHostID() uint32
+	IsAdmin() bool
 }
 
 // DBUser is database model for VPN users.
@@ -36,6 +37,7 @@ type DBUser struct {
 	Key                string // not user writable
 	NoGW               bool
 	HostID             uint32 // not user writable
+	Admin              bool
 }
 
 // DBRevoked is a database model for revoked VPN users.
@@ -54,7 +56,7 @@ func (u *DBUser) setPassword(password string) error {
 	return nil
 }
 
-// CheckPassword returns wether the given password is correct for the user.
+// CheckPassword returns whether the given password is correct for the user.
 func (u *DBUser) CheckPassword(password string) bool {
 	_, err := passlib.Verify(password, u.Hash)
 	if err != nil {
@@ -89,7 +91,7 @@ func GetAllUsers() ([]*DBUser, error) {
 //
 // It also generates the necessary client keys and signs certificates with the current
 // server's CA.
-func CreateNewUser(username, password string, nogw bool, hostid uint32) (*DBUser, error) {
+func CreateNewUser(username, password string, nogw bool, hostid uint32, admin bool) (*DBUser, error) {
 	if !IsInitialized() {
 		return nil, fmt.Errorf("you first need to create server")
 	}
@@ -137,6 +139,7 @@ func CreateNewUser(username, password string, nogw bool, hostid uint32) (*DBUser
 		ServerSerialNumber: server.SerialNumber,
 		NoGW:               nogw,
 		HostID:             hostid,
+		Admin:              admin,
 	}
 	user.setPassword(password)
 
@@ -158,7 +161,7 @@ func CreateNewUser(username, password string, nogw bool, hostid uint32) (*DBUser
 // Update updates the user's attributes and writes them to the database.
 //
 // How this method works is similiar to PUT semantics of REST. It sets the user record fields to the provided function arguments.
-func (u *DBUser) Update(password string, nogw bool, hostid uint32) error {
+func (u *DBUser) Update(password string, nogw bool, hostid uint32, admin bool) error {
 	if !IsInitialized() {
 		return fmt.Errorf("you first need to create server")
 	}
@@ -170,6 +173,7 @@ func (u *DBUser) Update(password string, nogw bool, hostid uint32) error {
 
 	u.NoGW = nogw
 	u.HostID = hostid
+	u.Admin = admin
 
 	if hostid != 0 {
 		server, err := GetServerInstance()
@@ -352,7 +356,7 @@ func (u *DBUser) GetIPNet() string {
 	return ipn.String()
 }
 
-// IsNoGW returns wether user is set to get the vpn server as their default gateway.
+// IsNoGW returns whether user is set to get the vpn server as their default gateway.
 func (u *DBUser) IsNoGW() bool {
 	return u.NoGW
 }
@@ -362,6 +366,11 @@ func (u *DBUser) GetHostID() uint32 {
 	return u.HostID
 }
 
+// IsAdmin returns whether user is admin or not.
+func (u *DBUser) IsAdmin() bool {
+	return u.Admin
+}
+
 func getStaticHostUsers() []*DBUser {
 	var users []*DBUser
 	db.Unscoped().Not(DBUser{HostID: 0}).Find(&users)

user_test.go

@@ -22,7 +22,7 @@ func TestCreateNewUser(t *testing.T) {
 	noGW := false
 
 	// Test:
-	user, err := ovpm.CreateNewUser(username, password, noGW, 0)
+	user, err := ovpm.CreateNewUser(username, password, noGW, 0, true)
 	if err != nil {
 		t.Fatalf("user can not be created: %v", err)
 	}
@@ -68,7 +68,7 @@ func TestCreateNewUser(t *testing.T) {
 
 	// Is NoGW attr working properly?
 	noGW = true
-	user, err = ovpm.CreateNewUser(username, password, noGW, 0)
+	user, err = ovpm.CreateNewUser(username, password, noGW, 0, true)
 	if err != nil {
 		t.Fatalf("user can not be created: %v", err)
 	}
@@ -78,7 +78,7 @@ func TestCreateNewUser(t *testing.T) {
 
 	// Try to create a user with an invalid static ip.
 	user = nil
-	_, err = ovpm.CreateNewUser("staticuser", password, noGW, ovpm.IP2HostID(net.ParseIP("8.8.8.8").To4()))
+	_, err = ovpm.CreateNewUser("staticuser", password, noGW, ovpm.IP2HostID(net.ParseIP("8.8.8.8").To4()), true)
 	if err == nil {
 		t.Fatalf("user creation expected to err but it didn't")
 	}
@@ -97,7 +97,7 @@ func TestUserUpdate(t *testing.T) {
 	noGW := false
 
 	// Test:
-	user, err := ovpm.CreateNewUser(username, password, noGW, 0)
+	user, err := ovpm.CreateNewUser(username, password, noGW, 0, true)
 	if err != nil {
 		t.Fatalf("user can not be created: %v", err)
 	}
@@ -116,7 +116,7 @@ func TestUserUpdate(t *testing.T) {
 	}
 
 	for _, tt := range updatetests {
-		err := user.Update(tt.password, tt.noGW, tt.hostid)
+		err := user.Update(tt.password, tt.noGW, tt.hostid, true)
 		if (err == nil) != tt.ok {
 			t.Errorf("user is expected to be able to update but it gave us this error instead: %v", err)
 		}
@@ -131,7 +131,7 @@ func TestUserPasswordCorrect(t *testing.T) {
 
 	// Prepare:
 	initialPassword := "g00dp@ssW0rd9"
-	user, _ := ovpm.CreateNewUser("testUser", initialPassword, false, 0)
+	user, _ := ovpm.CreateNewUser("testUser", initialPassword, false, 0, true)
 
 	// Test:
 	// Is user created with the correct password?
@@ -148,7 +148,7 @@ func TestUserPasswordReset(t *testing.T) {
 
 	// Prepare:
 	initialPassword := "g00dp@ssW0rd9"
-	user, _ := ovpm.CreateNewUser("testUser", initialPassword, false, 0)
+	user, _ := ovpm.CreateNewUser("testUser", initialPassword, false, 0, true)
 
 	// Test:
 
@@ -175,7 +175,7 @@ func TestUserDelete(t *testing.T) {
 
 	// Prepare:
 	username := "testUser"
-	user, _ := ovpm.CreateNewUser(username, "1234", false, 0)
+	user, _ := ovpm.CreateNewUser(username, "1234", false, 0, true)
 
 	// Test:
 
@@ -213,7 +213,7 @@ func TestUserGet(t *testing.T) {
 
 	// Prepare:
 	username := "testUser"
-	user, _ := ovpm.CreateNewUser(username, "1234", false, 0)
+	user, _ := ovpm.CreateNewUser(username, "1234", false, 0, true)
 
 	// Test:
 	// Is user fetchable?
@@ -241,7 +241,7 @@ func TestUserGetAll(t *testing.T) {
 	for i := 0; i < count; i++ {
 		username := fmt.Sprintf("user%d", i)
 		password := fmt.Sprintf("password%d", i)
-		user, _ := ovpm.CreateNewUser(username, password, false, 0)
+		user, _ := ovpm.CreateNewUser(username, password, false, 0, true)
 		users = append(users, user)
 	}
 
@@ -274,7 +274,7 @@ func TestUserRenew(t *testing.T) {
 	ovpm.Init("localhost", "", ovpm.UDPProto, "")
 
 	// Prepare:
-	user, _ := ovpm.CreateNewUser("user", "1234", false, 0)
+	user, _ := ovpm.CreateNewUser("user", "1234", false, 0, true)
 
 	// Test:
 	// Re initialize the server.
@@ -313,7 +313,7 @@ func TestUserIPAllocator(t *testing.T) {
 		{"user7", true, 0, "10.9.0.6/24", true},
 	}
 	for _, tt := range iptests {
-		user, err := ovpm.CreateNewUser(tt.username, "pass", tt.gw, tt.hostid)
+		user, err := ovpm.CreateNewUser(tt.username, "pass", tt.gw, tt.hostid, true)
 		if (err == nil) == !tt.pass {
 			t.Fatalf("expected pass %t %s", tt.pass, err)
 		}

vpn.go

@@ -27,6 +27,7 @@ import (
 	"github.com/jinzhu/gorm"
 )
 
+// Possible VPN protocols.
 const (
 	TCPProto string = "tcp"
 	UDPProto string = "udp"
@@ -220,6 +221,7 @@ func DumpsClientConfig(username string) (string, error) {
 		Key      string
 		Cert     string
 		NoGW     bool
+		Proto    string
 	}{
 		Hostname: server.Hostname,
 		Port:     server.Port,
@@ -227,6 +229,7 @@ func DumpsClientConfig(username string) (string, error) {
 		Key:      user.Key,
 		Cert:     user.Cert,
 		NoGW:     user.NoGW,
+		Proto:    server.GetProto(),
 	}
 	data, err := bindata.Asset("template/client.ovpn.tmpl")
 	if err != nil {
@@ -473,6 +476,14 @@ func GetServerInstance() (*DBServer, error) {
 	return &server, nil
 }
 
+// GetProto returns the current VPN proto.
+func (s *DBServer) GetProto() string {
+	if s.Proto != "" {
+		return s.Proto
+	}
+	return UDPProto
+}
+
 // IsInitialized checks if there is a default server in the database or not.
 func IsInitialized() bool {
 	var server DBServer

vpn_test.go

@@ -62,7 +62,7 @@ func TestVPNDeinit(t *testing.T) {
 	// Prepare:
 	// Initialize the server.
 	Init("localhost", "", UDPProto, "")
-	u, err := CreateNewUser("user", "p", false, 0)
+	u, err := CreateNewUser("user", "p", false, 0, true)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -175,7 +175,7 @@ func TestVPNDumpsClientConfig(t *testing.T) {
 	Init("localhost", "", UDPProto, "")
 
 	// Prepare:
-	user, _ := CreateNewUser("user", "password", false, 0)
+	user, _ := CreateNewUser("user", "password", false, 0, true)
 
 	// Test:
 	clientConfigBlob, err := DumpsClientConfig(user.GetUsername())
@@ -198,7 +198,7 @@ func TestVPNDumpClientConfig(t *testing.T) {
 
 	// Prepare:
 	noGW := false
-	user, err := CreateNewUser("user", "password", noGW, 0)
+	user, err := CreateNewUser("user", "password", noGW, 0, true)
 	if err != nil {
 		t.Fatalf("can not create user: %v", err)
 	}
@@ -226,7 +226,7 @@ func TestVPNDumpClientConfig(t *testing.T) {
 	user.Delete()
 
 	noGW = true
-	user, err = CreateNewUser("user", "password", noGW, 0)
+	user, err = CreateNewUser("user", "password", noGW, 0, true)
 	if err != nil {
 		t.Fatalf("can not create user: %v", err)
 	}