174 lines
7.2 KiB
Python
Executable file
174 lines
7.2 KiB
Python
Executable file
#!/usr/bin/python
|
|
#
|
|
# Copyright (C) 2011 The Android Open Source Project
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
import optparse
|
|
import pprint, sys
|
|
import dbus, flimflam
|
|
|
|
def show_usage(parser, vpn_type):
|
|
parser.error("Incorrect number of parameters provided for %s" % vpn_type)
|
|
|
|
def main(argv):
|
|
parser = optparse.OptionParser(
|
|
"%prog [options]... (OpenVPN | L2TPIPSEC)\n"
|
|
"\n"
|
|
" OpenVPN := openvpn NetworkID Certificates\n"
|
|
"\n"
|
|
" L2TPIPSEC := (L2PSK | L2Cert)\n"
|
|
" L2Cert := l2tpipsec-cert NetworkID "
|
|
"CertificatesPkcs11 L2TPInfo\n"
|
|
" L2PSK := l2tpipsec-psk NetworkID PSKInfo L2TPInfo\n"
|
|
"\n"
|
|
" NetworkID := <vpn-name> <remote-host-ip> <vpn-domain>\n"
|
|
" Certificates := <ca-cert> <client-cert> <client-key>\n"
|
|
" CertificatesPkcs11 := <ca-nickname> <client-cert-slot> "
|
|
"<client-cert-id> <user-PIN>\n"
|
|
" PSKInfo := <psk>\n"
|
|
" L2TPInfo := <chap-username> <chap-password>\n"
|
|
)
|
|
parser.add_option("--verbose",
|
|
dest = "verbose",
|
|
action = "store_true",
|
|
default = False,
|
|
help = "Output diagnostic information during run.")
|
|
parser.add_option("--complzo",
|
|
dest = "complzo",
|
|
action = "store_true",
|
|
default = True,
|
|
help = ("Enables the OpenVPN option 'complzo' "
|
|
"(default). "
|
|
"Ignored when not 'OpenVPN'."))
|
|
parser.add_option("--no-complzo",
|
|
dest = "complzo",
|
|
action = "store_false",
|
|
help = ("Disables the OpenVPN option 'complzo'. "
|
|
"Ignored when not 'OpenVPN'."))
|
|
parser.add_option("--mgmtena",
|
|
dest = "mgmtena",
|
|
action = "store_true",
|
|
default = False,
|
|
help = ("Enable the OpenVPN management ctl channel "
|
|
"(default false). "
|
|
"Ignored when not 'OpenVPN'."))
|
|
parser.add_option("--remote-cert-tls",
|
|
dest = "remote_cert_tls",
|
|
action = "store",
|
|
default = "server",
|
|
type = "string",
|
|
metavar = "(server | client | none)",
|
|
help = ("This is passed through to OpenVPN when "
|
|
"not 'none'. "
|
|
"Ignored when not 'OpenVPN'."))
|
|
parser.add_option("--tunnel-group",
|
|
dest = "tunnel_group",
|
|
action = "store",
|
|
default = "",
|
|
help = ("Provide a tunnel group parameter to "
|
|
"l2tpipsec links. "
|
|
"Ignored when not 'L2TPIPSec'."))
|
|
|
|
(options, args) = parser.parse_args(argv[1:])
|
|
|
|
if (len(args) > 1):
|
|
vpn_type = args[0]
|
|
params = { "Type" : "vpn" }
|
|
|
|
if vpn_type == "openvpn":
|
|
if (len(args) == 7):
|
|
params["Provider.Type"] = "openvpn"
|
|
params["Name"] = args[1]
|
|
params["Provider.Host"] = args[2]
|
|
params["VPN.Domain"] = args[3]
|
|
params["OpenVPN.CACert"] = args[4]
|
|
params["OpenVPN.Cert"] = args[5]
|
|
params["OpenVPN.Key"] = args[6]
|
|
|
|
if options.complzo: # "complzo" can only be enabled.
|
|
params["OpenVPN.CompLZO"] = "true"
|
|
|
|
if options.mgmtena: # enable management control channel
|
|
params["OpenVPN.Mgmt.Enable"] = "true"
|
|
|
|
if (options.remote_cert_tls != "server" and
|
|
options.remote_cert_tls != "client" and
|
|
options.remote_cert_tls != "none"):
|
|
print("\n--remote-cert-tls argument ('%s') "
|
|
"is invalid.\n" % options.remote_cert_tls)
|
|
sys.exit(1)
|
|
|
|
params["OpenVPN.RemoteCertTLS"] = options.remote_cert_tls
|
|
else:
|
|
show_usage(parser, vpn_type)
|
|
elif (vpn_type == "l2tpipsec-cert" or
|
|
vpn_type == "l2tpipsec-psk"):
|
|
if len(args) > 4:
|
|
params["Provider.Type"] = "l2tpipsec"
|
|
params["Name"] = args[1]
|
|
params["Provider.Host"] = args[2]
|
|
params["VPN.Domain"] = args[3]
|
|
if vpn_type == "l2tpipsec-cert" and len(args) == 10:
|
|
params["L2TPIPsec.CACertPEM"] = [ args[4] ]
|
|
params["L2TPIPsec.ClientCertSlot"] = args[5]
|
|
params["L2TPIPsec.ClientCertID"] = args[6]
|
|
params["L2TPIPsec.PIN"] = args[7]
|
|
params["L2TPIPsec.PSK"] = ""
|
|
params["L2TPIPsec.User"] = args[8]
|
|
params["L2TPIPsec.Password"] = args[9]
|
|
elif vpn_type == "l2tpipsec-psk" and len(args) == 7:
|
|
params["L2TPIPsec.CACertPEM"] = []
|
|
params["L2TPIPsec.ClientCertSlot"] = ""
|
|
params["L2TPIPsec.ClientCertID"] = ""
|
|
params["L2TPIPsec.PIN"] = ""
|
|
params["L2TPIPsec.PSK"] = args[4]
|
|
params["L2TPIPsec.User"] = args[5]
|
|
params["L2TPIPsec.Password"] = args[6]
|
|
else:
|
|
show_usage(parser, vpn_type)
|
|
params["L2TPIPsec.TunnelGroup"] = options.tunnel_group
|
|
else:
|
|
show_usage(parser, vpn_type)
|
|
else:
|
|
print "Unknown VPN type: '%s'" % vpn_type
|
|
sys.exit(1)
|
|
|
|
if options.verbose:
|
|
print "\nVPN Startup Parameters:\n"
|
|
for k, v in params.iteritems():
|
|
print " %25s: '%s'" % (k, v)
|
|
print ""
|
|
|
|
flim = flimflam.FlimFlam(dbus.SystemBus())
|
|
service = flim.GetService(params)
|
|
|
|
if options.verbose == "true":
|
|
print "VPN is %s, connecting..." % service.object_path
|
|
|
|
(success, diagnostics) = flim.ConnectService(service_type = "vpn",
|
|
service = service,
|
|
assoc_timeout = 60)
|
|
if not success or options.verbose:
|
|
print "Success:", success
|
|
pprint.pprint(diagnostics)
|
|
|
|
if not success:
|
|
sys.exit(1)
|
|
else:
|
|
parser.print_help()
|
|
sys.exit(1)
|
|
|
|
if __name__ == '__main__':
|
|
main(sys.argv)
|