chenxixian
/
ovpm
mirror da https://github.com/cad/ovpm.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269
							package main

import (
	"fmt"

	"github.com/asaskevich/govalidator"
	"github.com/cad/ovpm"
	"github.com/cad/ovpm/api/pb"
	"github.com/cad/ovpm/errors"
	"github.com/sirupsen/logrus"
	"github.com/urfave/cli"
)

var vpnStatusCommand = cli.Command{
	Name:    "status",
	Usage:   "Show VPN status.",
	Aliases: []string{"s"},
	Action: func(c *cli.Context) error {
		// Use default port if no port is specified.
		daemonPort := ovpm.DefaultDaemonPort
		if port := c.GlobalInt("daemon-port"); port != 0 {
			daemonPort = port
		}

		// If dry run, then don't call the action, just preprocess.
		if c.GlobalBool("dry-run") {
			return nil
		}

		return vpnStatusAction(fmt.Sprintf("grpc://localhost:%d", daemonPort))
	},
}

var vpnInitCommand = cli.Command{
	Name:    "init",
	Usage:   "Initialize VPN server.",
	Aliases: []string{"i"},
	Flags: []cli.Flag{
		cli.StringFlag{
			Name:  "hostname, s",
			Usage: "ip address or FQDN of the vpn server",
		},
		cli.StringFlag{
			Name:  "port, p",
			Usage: "port number of the vpn server",
			Value: ovpm.DefaultVPNPort,
		},
		cli.BoolFlag{
			Name:  "tcp, t",
			Usage: "use TCP for vpn protocol, instead of UDP",
		},
		cli.StringFlag{
			Name:  "net, n",
			Usage: fmt.Sprintf("VPN network to give clients IP addresses from, in the CIDR form (default: %s)", ovpm.DefaultVPNNetwork),
			Value: ovpm.DefaultVPNNetwork,
		},
		cli.StringFlag{
			Name:  "dns, d",
			Usage: fmt.Sprintf("DNS server to push to clients (default: %s)", ovpm.DefaultVPNDNS),
		},
		cli.StringFlag{
			Name:  "keepalive-period",
			Usage: "Ping period to check if the remote peer is alive.",
			Value: ovpm.DefaultKeepalivePeriod,
		},
		cli.StringFlag{
			Name:  "keepalive-timeout",
			Usage: "Ping timeout to assume that remote peer is down.",
			Value: ovpm.DefaultKeepaliveTimeout,
		},
		cli.BoolFlag{
			Name:  "use-lzo, l",
			Usage: "Used to determine whether to use the deprecated lzo compression algorithm to support older clients. (default: false)",
		},
	},
	Action: func(c *cli.Context) error {
		action = "vpn:init"
		// Use default port if no port is specified.
		daemonPort := ovpm.DefaultDaemonPort
		if port := c.GlobalInt("daemon-port"); port != 0 {
			daemonPort = port
		}

		// Validate hostname.
		hostname := c.String("hostname")
		if govalidator.IsNull(hostname) || !govalidator.IsHost(hostname) {
			return errors.NotHostname(hostname)
		}

		// Set port number, if provided.
		port := c.String("port")
		if !govalidator.IsNumeric(port) {
			return errors.InvalidPort(port)
		}

		// Set proto if provided.
		proto := pb.VPNProto_UDP
		if c.Bool("tcp") {
			proto = pb.VPNProto_TCP
		}

		// Set ipblock if provided.
		netCIDR := c.String("net")
		if !govalidator.IsCIDR(netCIDR) {
			return errors.NotCIDR(netCIDR)
		}

		// Set DNS if provided.
		dnsAddr := ovpm.DefaultVPNDNS
		if !govalidator.IsIPv4(dnsAddr) {
			return errors.NotIPv4(dnsAddr)
		}

		// Set KeepalivePeriod if provided.
		keepalivePeriod := c.String("keepalive-period")
		if !govalidator.IsNumeric(keepalivePeriod) {
			return errors.NotValidKeepalivePeriod(keepalivePeriod)
		}

		// Set KeepaliveTimeout if provided.
		keepaliveTimeout := c.String("keepalive-timeout")
		if !govalidator.IsNumeric(keepaliveTimeout) {
			return errors.NotValidKeepaliveTimeout(keepaliveTimeout)
		}

		useLZO := c.Bool("use-lzo")

		// Ask for confirmation from the user about the destructive
		// changes that are about to happen.
		var uiConfirmed bool
		{
			var response string
			for {
				fmt.Println("This operation will cause invalidation of existing user certificates.")
				fmt.Println("After this opeartion, new client config files (.ovpn) should be generated for each existing user.")
				fmt.Println()
				fmt.Println("Are you sure ? (y/N)")
				_, err := fmt.Scanln(&response)
				if err != nil {
					logrus.Fatal(err)
					exit(1)
					return err
				}
				okayResponses := []string{"y", "Y", "yes", "Yes", "YES"}
				nokayResponses := []string{"n", "N", "no", "No", "NO"}
				if stringInSlice(response, okayResponses) {
					uiConfirmed = true
					break
				}
				if stringInSlice(response, nokayResponses) {
					uiConfirmed = false
					break
				}
			}
		}

		// Did user confirm the destructive changes?
		if !uiConfirmed {
			return errors.Unconfirmed("user decided to cancel")
		}

		// If dry run, then don't call the action, just preprocess.
		if c.GlobalBool("dry-run") {
			return nil
		}

		err := vpnInitAction(vpnInitParams{
			rpcServURLStr:    fmt.Sprintf("grpc://localhost:%d", daemonPort),
			hostname:         hostname,
			port:             port,
			proto:            proto,
			netCIDR:          netCIDR,
			dnsAddr:          c.String("dns"),
			keepalivePeriod:  keepalivePeriod,
			keepaliveTimeout: keepaliveTimeout,
			useLZO:           useLZO,
		})
		if err != nil {
			e, ok := err.(errors.Error)
			if ok {
				switch e.Code {
				case errors.ErrNotHostname:
					fmt.Printf("--hostname option requires a valid hostname: '%s' is not a hostname", c.String("hostname"))
					exit(1)
					return e
				}
			}
			return err
		}
		return nil
	},
}

var vpnUpdateCommand = cli.Command{
	Name:    "update",
	Usage:   "Update VPN server.",
	Aliases: []string{"u"},
	Flags: []cli.Flag{
		cli.StringFlag{
			Name:  "net, n",
			Usage: fmt.Sprintf("VPN network to give clients IP addresses from, in the CIDR form (default: %s)", ovpm.DefaultVPNNetwork),
		},
		cli.StringFlag{
			Name:  "dns, d",
			Usage: fmt.Sprintf("DNS server to push to clients (default: %s)", ovpm.DefaultVPNDNS),
		},
	},
	Action: func(c *cli.Context) error {
		action = "vpn:update"
		// Use default port if no port is specified.
		daemonPort := ovpm.DefaultDaemonPort
		if port := c.GlobalInt("daemon-port"); port != 0 {
			daemonPort = port
		}

		var netCIDR *string
		if net := c.String("net"); !govalidator.IsNull(net) {
			netCIDR = &net
		}

		var dnsAddr *string
		if dns := c.String("dns"); !govalidator.IsNull(dns) {
			dnsAddr = &dns
		}

		// If dry run, then don't call the action, just preprocess.
		if c.GlobalBool("dry-run") {
			return nil
		}

		return vpnUpdateAction(fmt.Sprintf("grpc://localhost:%d", daemonPort), netCIDR, dnsAddr)
	},
}

var vpnRestartCommand = cli.Command{
	Name:    "restart",
	Usage:   "Restart VPN server.",
	Aliases: []string{"r"},
	Action: func(c *cli.Context) error {
		// Use default port if no port is specified.
		daemonPort := ovpm.DefaultDaemonPort
		if port := c.GlobalInt("daemon-port"); port != 0 {
			daemonPort = port
		}

		// If dry run, then don't call the action, just preprocess.
		if c.GlobalBool("dry-run") {
			return nil
		}

		return vpnRestartAction(fmt.Sprintf("grpc://localhost:%d", daemonPort))
	},
}

func init() {
	app.Commands = append(app.Commands,
		cli.Command{
			Name:    "vpn",
			Usage:   "VPN Operations",
			Aliases: []string{"v"},
			Subcommands: []cli.Command{
				vpnStatusCommand,
				vpnInitCommand,
				vpnUpdateCommand,
				vpnRestartCommand,
			},
		},
	)
}