From 461a27989c107974960bad7470d6527f068ca826 Mon Sep 17 00:00:00 2001
From: Blake Harnden <32446120+bharnden@users.noreply.github.com>
Date: Tue, 4 Feb 2020 17:28:58 -0800
Subject: [PATCH] initial config changes for config services for openvpn

---
 .../sercurityservices/services.py             | 59 ++++++++++++++++++-
 .../sercurityservices/templates/vpnclient.sh  |  8 +--
 .../sercurityservices/templates/vpnserver.sh  | 12 ++--
 3 files changed, 66 insertions(+), 13 deletions(-)

diff --git a/daemon/core/configservices/sercurityservices/services.py b/daemon/core/configservices/sercurityservices/services.py
index fca86373..17f081cd 100644
--- a/daemon/core/configservices/sercurityservices/services.py
+++ b/daemon/core/configservices/sercurityservices/services.py
@@ -1,6 +1,10 @@
 from typing import Any, Dict
 
+import netaddr
+
+from core.config import Configuration
 from core.configservice.base import ConfigService, ConfigServiceMode
+from core.emulator.enumerations import ConfigDataTypes
 
 GROUP_NAME = "Security"
 
@@ -16,11 +20,30 @@ class VpnClient(ConfigService):
     validate = ["pidof openvpn"]
     shutdown = ["killall openvpn"]
     validation_mode = ConfigServiceMode.BLOCKING
-    default_configs = []
+    default_configs = [
+        Configuration(
+            _id="keydir",
+            _type=ConfigDataTypes.STRING,
+            label="Key Dir",
+            default="/etc/core/keys",
+        ),
+        Configuration(
+            _id="keyname",
+            _type=ConfigDataTypes.STRING,
+            label="Key Name",
+            default="client1",
+        ),
+        Configuration(
+            _id="server",
+            _type=ConfigDataTypes.STRING,
+            label="Server",
+            default="10.0.2.10",
+        ),
+    ]
     modes = {}
 
 
-class VPNServer(ConfigService):
+class VpnServer(ConfigService):
     name = "VPNServer"
     group = GROUP_NAME
     directories = []
@@ -31,9 +54,39 @@ class VPNServer(ConfigService):
     validate = ["pidof openvpn"]
     shutdown = ["killall openvpn"]
     validation_mode = ConfigServiceMode.BLOCKING
-    default_configs = []
+    default_configs = [
+        Configuration(
+            _id="keydir",
+            _type=ConfigDataTypes.STRING,
+            label="Key Dir",
+            default="/etc/core/keys",
+        ),
+        Configuration(
+            _id="keyname",
+            _type=ConfigDataTypes.STRING,
+            label="Key Name",
+            default="server",
+        ),
+        Configuration(
+            _id="subnet",
+            _type=ConfigDataTypes.STRING,
+            label="Subnet",
+            default="10.0.200.0",
+        ),
+    ]
     modes = {}
 
+    def data(self) -> Dict[str, Any]:
+        address = None
+        for ifc in self.node.netifs():
+            if getattr(ifc, "control", False):
+                continue
+            for x in ifc.addrlist:
+                addr = x.split("/")[0]
+                if netaddr.valid_ipv4(addr):
+                    address = addr
+        return dict(address=address)
+
 
 class IPsec(ConfigService):
     name = "IPsec"
diff --git a/daemon/core/configservices/sercurityservices/templates/vpnclient.sh b/daemon/core/configservices/sercurityservices/templates/vpnclient.sh
index 9e2a5d10..5cbf7ad1 100644
--- a/daemon/core/configservices/sercurityservices/templates/vpnclient.sh
+++ b/daemon/core/configservices/sercurityservices/templates/vpnclient.sh
@@ -4,16 +4,16 @@
 # OpenVPN software and a virtual TUN/TAP device.
 
 # directory containing the certificate and key described below
-keydir=/etc/core/keys
+keydir=${config["keydir"]}
 
 # the name used for a "$keyname.crt" certificate and "$keyname.key" private key.
-keyname=client1
+keyname=${config["keyname"]}
 
 # the public IP address of the VPN server this client should connect with
-vpnserver="10.0.2.10"
+vpnserver=${config["server"]}
 
 # optional next hop for adding a static route to reach the VPN server
-nexthop="10.0.1.1"
+#nexthop="10.0.1.1"
 
 # --------- END CUSTOMIZATION --------
 
diff --git a/daemon/core/configservices/sercurityservices/templates/vpnserver.sh b/daemon/core/configservices/sercurityservices/templates/vpnserver.sh
index 61e5b1c1..7a580ac7 100644
--- a/daemon/core/configservices/sercurityservices/templates/vpnserver.sh
+++ b/daemon/core/configservices/sercurityservices/templates/vpnserver.sh
@@ -7,29 +7,29 @@
 
 # directory containing the certificate and key described below, in addition to
 # a CA certificate and DH key
-keydir=/etc/core/keys
+keydir=${config["keydir"]}
 
 # the name used for a "$keyname.crt" certificate and "$keyname.key" private key.
-keyname=server2
+keyname=${config["keyname"]}
 
 # the VPN subnet address from which the client VPN IP (for the TUN/TAP)
 # will be allocated
-vpnsubnet=10.0.200.0
+vpnsubnet=${config["subnet"]}
 
 # public IP address of this vpn server (same as VPNClient vpnserver= setting)
-vpnserver=10.0.2.10
+vpnserver=${address}
 
 # optional list of private subnets reachable behind this VPN server
 # each subnet and next hop is separated by a space
 # "<subnet1>,<nexthop1> <subnet2>,<nexthop2> ..."
-privatenets="10.0.11.0,10.0.10.1 10.0.12.0,10.0.10.1"
+#privatenets="10.0.11.0,10.0.10.1 10.0.12.0,10.0.10.1"
 
 # optional list of VPN clients, for statically assigning IP addresses to
 # clients; also, an optional client subnet can be specified for adding static
 # routes via the client
 # Note: VPN addresses x.x.x.0-3 are reserved
 # "<keyname>,<vpnIP>,<subnetIP> <keyname>,<vpnIP>,<subnetIP> ..."
-vpnclients="client1KeyFilename,10.0.200.5,10.0.0.0 client2KeyFilename,,"
+#vpnclients="client1KeyFilename,10.0.200.5,10.0.0.0 client2KeyFilename,,"
 
 # NOTE: you may need to enable the StaticRoutes service on nodes within the
 # private subnet, in order to have routes back to the client.