Merge branch 'release-v0.1.11'

CHANGELOG.md

@@ -1,10 +1,29 @@
 # Change Log
 
-## [v0.1.10](https://github.com/cad/ovpm/tree/v0.1.10) (2017-08-27)
+## [v0.1.11](https://github.com/cad/ovpm/tree/v0.1.11) (2017-08-31)
+[Full Changelog](https://github.com/cad/ovpm/compare/v0.1.10...v0.1.11)
+
+**Implemented enhancements:**
+
+- be able to change initial ip block [\#29](https://github.com/cad/ovpm/issues/29)
+
+**Fixed bugs:**
+
+- can add duplicate static ip [\#37](https://github.com/cad/ovpm/issues/37)
+- net def --via flag doesn't work as documented [\#36](https://github.com/cad/ovpm/issues/36)
+- Error when group 'nobody' doesn't exist [\#32](https://github.com/cad/ovpm/issues/32)
+- --static option doesn't work when user update [\#28](https://github.com/cad/ovpm/issues/28)
+
+**Merged pull requests:**
+
+- openvpn user created by openvpn package, so use openvpn user instead. [\#35](https://github.com/cad/ovpm/pull/35) ([ilkerdagli](https://github.com/ilkerdagli))
+
+## [v0.1.10](https://github.com/cad/ovpm/tree/v0.1.10) (2017-08-29)
 [Full Changelog](https://github.com/cad/ovpm/compare/v0.1.9...v0.1.10)
 
 **Implemented enhancements:**
 
+- command line flags for tcp or udp at initialize [\#30](https://github.com/cad/ovpm/issues/30)
 - show network types in cli [\#27](https://github.com/cad/ovpm/issues/27)
 
 ## [v0.1.9](https://github.com/cad/ovpm/tree/v0.1.9) (2017-08-27)
@@ -76,4 +95,3 @@
 - implement remote control proto [\#8](https://github.com/cad/ovpm/issues/8)
 - write docs [\#4](https://github.com/cad/ovpm/issues/4)
 - write unit tests [\#3](https://github.com/cad/ovpm/issues/3)
-

README.md

@@ -22,6 +22,18 @@ $ sudo yum-config-manager --add-repo https://cad.github.io/ovpm/rpm/ovpm.repo
 $ sudo yum install ovpm
 ```
 
+**from DEB (Ubuntu/DEBIAN):**
+
+This is tested only on Ubuntu >=16.04.3 LTS
+
+```bash
+# Add APT Repo
+$ sudo sh -c 'echo "deb [trusted=yes] https://cad.github.io/ovpm/deb/ ovpm main" >> /etc/apt/sources.list'
+
+# Install OVPM
+$ sudo yum install ovpm
+```
+
 **from Source (go get):**
 
 Only dependency for ovpm is **OpenVPN>=2.3**.

api/rpc.go

@@ -76,7 +76,10 @@ func (s *UserService) Update(ctx context.Context, req *pb.UserUpdateRequest) (*p
 
 	}
 
-	user.Update(req.Password, noGW, req.HostID)
+	err = user.Update(req.Password, noGW, req.HostID)
+	if err != nil {
+		return nil, err
+	}
 	pbUser := pb.UserResponse_User{
 		Username:           user.GetUsername(),
 		ServerSerialNumber: user.GetServerSerialNumber(),
@@ -184,7 +187,8 @@ func (s *VPNService) Init(ctx context.Context, req *pb.VPNInitRequest) (*pb.VPNI
 	case pb.VPNProto_NOPREF:
 		proto = ovpm.UDPProto
 	}
-	if err := ovpm.Init(req.Hostname, req.Port, proto); err != nil {
+
+	if err := ovpm.Init(req.Hostname, req.Port, proto, req.IPBlock); err != nil {
 		logrus.Errorf("server can not be created: %v", err)
 	}
 	return &pb.VPNInitResponse{}, nil

cmd/ovpm/net.go

@@ -49,14 +49,13 @@ var netDefineCommand = cli.Command{
 
 		switch ovpm.NetworkTypeFromString(typ) {
 		case ovpm.ROUTE:
-			if via != "" && !govalidator.IsCIDR(via) {
-				fmt.Printf("validation error: `%s` must be a network in the CIDR form", via)
+			if via != "" && !govalidator.IsIPv4(via) {
+				fmt.Printf("validation error: `%s` must be a network in the IPv4 form", via)
 				fmt.Println()
 				fmt.Println(cli.ShowSubcommandHelp(c))
 				os.Exit(1)
-			} else {
-				via = ""
 			}
+
 		case ovpm.SERVERNET:
 			if via != "" {
 				fmt.Println("--via flag can only be used with --type ROUTE")

cmd/ovpm/user.go

@@ -7,6 +7,7 @@ import (
 	"os"
 
 	"github.com/Sirupsen/logrus"
+	"github.com/asaskevich/govalidator"
 	"github.com/cad/ovpm"
 	"github.com/cad/ovpm/pb"
 	"github.com/olekukonko/tablewriter"
@@ -87,12 +88,17 @@ var userCreateCommand = cli.Command{
 			fmt.Println(cli.ShowSubcommandHelp(c))
 			os.Exit(1)
 		}
-
+		if static != "" && !govalidator.IsIPv4(static) {
+			fmt.Println("--static flag takes a valid ipv4 address")
+			fmt.Println()
+			fmt.Println(cli.ShowSubcommandHelp(c))
+			os.Exit(1)
+		}
 		var hostid uint32
 		if static != "" {
 			h := ovpm.IP2HostID(net.ParseIP(static).To4())
 			if h == 0 {
-				fmt.Println("--static flag takes a valid ipv4 address")
+				fmt.Printf("can not parse %s as IPv4", static)
 				fmt.Println()
 				fmt.Println(cli.ShowSubcommandHelp(c))
 				os.Exit(1)
@@ -142,6 +148,10 @@ var userUpdateCommand = cli.Command{
 			Name:  "static",
 			Usage: "ip address for the vpn user",
 		},
+		cli.BoolFlag{
+			Name:  "no-static",
+			Usage: "do not set static ip address for the vpn user",
+		},
 	},
 	Action: func(c *cli.Context) error {
 		action = "user:update"
@@ -150,32 +160,64 @@ var userUpdateCommand = cli.Command{
 		nogw := c.Bool("no-gw")
 		gw := c.Bool("gw")
 		static := c.String("static")
+		noStatic := c.Bool("no-static")
 
 		if username == "" {
 			fmt.Println(cli.ShowSubcommandHelp(c))
 			os.Exit(1)
 		}
 
-		if !(password != "" || gw || nogw) {
+		// Check wether if all flags are are empty.
+		if !(password != "" || gw || nogw || static != "" || noStatic) {
 			fmt.Println("nothing is updated!")
 			fmt.Println()
 			fmt.Println(cli.ShowSubcommandHelp(c))
 			os.Exit(1)
 		}
 
+		// Given that static is set, check wether it's IPv4.
+		if static != "" && !govalidator.IsIPv4(static) {
+			fmt.Println("--static flag takes a valid ipv4 address")
+			fmt.Println()
+			fmt.Println(cli.ShowSubcommandHelp(c))
+			os.Exit(1)
+		}
+		var staticPref pb.UserUpdateRequest_StaticPref
+		staticPref = pb.UserUpdateRequest_NOPREFSTATIC
 		var hostid uint32
-		if static != "" {
-			h := ovpm.IP2HostID(net.ParseIP(static).To4())
-			if h == 0 {
-				fmt.Println("--static flag takes a valid ipv4 address")
-				fmt.Println()
-				fmt.Println(cli.ShowSubcommandHelp(c))
-				os.Exit(1)
-			}
 
-			hostid = h
+		switch {
+		case static != "" && !noStatic:
+			// means static is set.
+			if static != "" {
+				h := ovpm.IP2HostID(net.ParseIP(static).To4())
+				if h == 0 {
+					fmt.Printf("can't parse %s as IPv4", static)
+					fmt.Println()
+					fmt.Println(cli.ShowSubcommandHelp(c))
+					os.Exit(1)
+				}
+
+				hostid = h
+			}
+			staticPref = pb.UserUpdateRequest_STATIC
+
+		case static == "" && noStatic:
+			// means no-static
+			hostid = 0
+			staticPref = pb.UserUpdateRequest_NOSTATIC
+		case static != "" && noStatic:
+			// means invalid
+			fmt.Println("--static flag and --no-static flag cannot be used together")
+			fmt.Println()
+			fmt.Println(cli.ShowSubcommandHelp(c))
+			os.Exit(1)
+		case static == "" && !noStatic:
+		default:
+			// means no pref
+			staticPref = pb.UserUpdateRequest_NOPREFSTATIC
+			hostid = 0
 		}
-
 		var gwPref pb.UserUpdateRequest_GWPref
 
 		switch {
@@ -200,10 +242,11 @@ var userUpdateCommand = cli.Command{
 		userSvc := pb.NewUserServiceClient(conn)
 
 		response, err := userSvc.Update(context.Background(), &pb.UserUpdateRequest{
-			Username: username,
-			Password: password,
-			Gwpref:   gwPref,
-			HostID:   hostid,
+			Username:   username,
+			Password:   password,
+			Gwpref:     gwPref,
+			HostID:     hostid,
+			Staticpref: staticPref,
 		})
 
 		if err != nil {

cmd/ovpm/vpn.go

@@ -6,6 +6,7 @@ import (
 	"os"
 
 	"github.com/Sirupsen/logrus"
+	"github.com/asaskevich/govalidator"
 	"github.com/cad/ovpm"
 	"github.com/cad/ovpm/pb"
 	"github.com/olekukonko/tablewriter"
@@ -60,12 +61,16 @@ var vpnInitCommand = cli.Command{
 			Name:  "tcp, t",
 			Usage: "use TCP for vpn protocol, instead of UDP",
 		},
+		cli.StringFlag{
+			Name:  "net, n",
+			Usage: fmt.Sprintf("VPN network to give clients IP addresses from, in the CIDR form (default: %s)", ovpm.DefaultVPNNetwork),
+		},
 	},
 	Action: func(c *cli.Context) error {
 		action = "vpn:init"
 		hostname := c.String("hostname")
 		if hostname == "" {
-			logrus.Errorf("'hostname' is needed")
+			logrus.Errorf("'hostname' is required")
 			fmt.Println(cli.ShowSubcommandHelp(c))
 			os.Exit(1)
 
@@ -78,13 +83,17 @@ var vpnInitCommand = cli.Command{
 
 		tcp := c.Bool("tcp")
 
-		var proto pb.VPNProto
-
-		switch tcp {
-		case true:
+		proto := pb.VPNProto_UDP
+		if tcp {
 			proto = pb.VPNProto_TCP
-		default:
-			proto = pb.VPNProto_UDP
+		}
+
+		ipblock := c.String("net")
+		if ipblock != "" && !govalidator.IsCIDR(ipblock) {
+			fmt.Println("--net takes an ip network in the CIDR form. e.g. 10.9.0.0/24")
+			fmt.Println()
+			fmt.Println(cli.ShowSubcommandHelp(c))
+			os.Exit(1)
 		}
 
 		conn := getConn(c.GlobalString("daemon-port"))
@@ -106,7 +115,7 @@ var vpnInitCommand = cli.Command{
 			okayResponses := []string{"y", "Y", "yes", "Yes", "YES"}
 			nokayResponses := []string{"n", "N", "no", "No", "NO"}
 			if stringInSlice(response, okayResponses) {
-				if _, err := vpnSvc.Init(context.Background(), &pb.VPNInitRequest{Hostname: hostname, Port: port, Protopref: proto}); err != nil {
+				if _, err := vpnSvc.Init(context.Background(), &pb.VPNInitRequest{Hostname: hostname, Port: port, Protopref: proto, IPBlock: ipblock}); err != nil {
 					logrus.Errorf("server can not be initialized: %v", err)
 					os.Exit(1)
 					return err

const.go

@@ -2,11 +2,17 @@ package ovpm
 
 const (
 	// Version defines the version of ovpm.
-	Version = "0.1.10"
+	Version = "0.1.11"
 
 	// DefaultVPNPort is the default OpenVPN port to listen.
 	DefaultVPNPort = "1197"
 
+	// DefaultVPNProto is the default OpenVPN protocol to use.
+	DefaultVPNProto = UDPProto
+
+	// DefaultVPNNetwork is the default OpenVPN network to use.
+	DefaultVPNNetwork = "10.9.0.0/24"
+
 	etcBasePath = "/etc/ovpm/"
 	varBasePath = "/var/db/ovpm/"
 
@@ -20,9 +26,6 @@ const (
 	_DefaultCAKeyPath    = varBasePath + "ca.key"
 	_DefaultDHParamsPath = varBasePath + "dh4096.pem"
 	_DefaultCRLPath      = varBasePath + "crl.pem"
-
-	_DefaultServerNetwork = "10.9.0.0"
-	_DefaultServerNetMask = "255.255.255.0"
 )
 
 // Testing is used to determine wether we are testing or running normally.

net.go

@@ -133,8 +133,8 @@ func CreateNewNetwork(name, cidr string, nettype NetworkType, via string) (*DBNe
 		return nil, fmt.Errorf("validation error: `%s` must be a network in the CIDR form", cidr)
 	}
 
-	if !govalidator.IsCIDR(via) && via != "" {
-		return nil, fmt.Errorf("validation error: `%s` must be a network in the CIDR form", via)
+	if via != "" && !govalidator.IsIPv4(via) {
+		return nil, fmt.Errorf("validation error: `%s` must be a network in the IPv4 form", via)
 	}
 
 	if nettype == UNDEFINEDNET {
@@ -146,13 +146,13 @@ func CreateNewNetwork(name, cidr string, nettype NetworkType, via string) (*DBNe
 		return nil, fmt.Errorf("can not parse CIDR %s: %v", cidr, err)
 	}
 
-	// Overwrite via with the parsed CIDR string.
+	// Overwrite via with the parsed IPv4 string.
 	if nettype == ROUTE && via != "" {
-		_, viaNet, err := net.ParseCIDR(via)
+		viaIP := net.ParseIP(via).To4()
 		if err != nil {
-			return nil, fmt.Errorf("can not parse CIDR %s: %v", via, err)
+			return nil, fmt.Errorf("can not parse IPv4 %s: %v", via, err)
 		}
-		via = viaNet.String()
+		via = viaIP.String()
 
 	} else {
 		via = ""
@@ -507,14 +507,21 @@ func HostID2IP(hostid uint32) net.IP {
 	return net.IP(ip)
 }
 
-//IP2HostID converts an IP address to a host id (32-bit unsigned integer).
+// IP2HostID converts an IP address to a host id (32-bit unsigned integer).
 func IP2HostID(ip net.IP) uint32 {
 	hostid := binary.BigEndian.Uint32(ip)
 	return hostid
 }
 
 // IncrementIP will return next ip address within the network.
 func IncrementIP(ip, mask string) (string, error) {
+	if !govalidator.IsIPv4(ip) {
+		return "", fmt.Errorf("'ip' is expected to be a valid IPv4 %s", ip)
+	}
+	if !govalidator.IsIPv4(ip) {
+		return "", fmt.Errorf("'mask' is expected to be a valid IPv4 %s", mask)
+	}
+
 	ipAddr := net.ParseIP(ip).To4()
 	netMask := net.IPMask(net.ParseIP(mask).To4())
 	ipNet := net.IPNet{IP: ipAddr, Mask: netMask}