1#!/usr/bin/python 2# 3# Copyright (C) 2011 The Android Open Source Project 4# 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8# 9# http://www.apache.org/licenses/LICENSE-2.0 10# 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16# 17 18import optparse 19import pprint, sys 20import dbus, flimflam 21 22def show_usage(parser, vpn_type): 23 parser.error("Incorrect number of parameters provided for %s" % vpn_type) 24 25def main(argv): 26 parser = optparse.OptionParser( 27 "%prog [options]... (OpenVPN | L2TPIPSEC)\n" 28 "\n" 29 " OpenVPN := openvpn NetworkID Certificates\n" 30 "\n" 31 " L2TPIPSEC := (L2PSK | L2Cert)\n" 32 " L2Cert := l2tpipsec-cert NetworkID " 33 "CertificatesPkcs11 L2TPInfo\n" 34 " L2PSK := l2tpipsec-psk NetworkID PSKInfo L2TPInfo\n" 35 "\n" 36 " NetworkID := <vpn-name> <remote-host-ip> <vpn-domain>\n" 37 " Certificates := <ca-cert> <client-cert> <client-key>\n" 38 " CertificatesPkcs11 := <ca-nickname> <client-cert-slot> " 39 "<client-cert-id> <user-PIN>\n" 40 " PSKInfo := <psk>\n" 41 " L2TPInfo := <chap-username> <chap-password>\n" 42 ) 43 parser.add_option("--verbose", 44 dest = "verbose", 45 action = "store_true", 46 default = False, 47 help = "Output diagnostic information during run.") 48 parser.add_option("--complzo", 49 dest = "complzo", 50 action = "store_true", 51 default = True, 52 help = ("Enables the OpenVPN option 'complzo' " 53 "(default). " 54 "Ignored when not 'OpenVPN'.")) 55 parser.add_option("--no-complzo", 56 dest = "complzo", 57 action = "store_false", 58 help = ("Disables the OpenVPN option 'complzo'. " 59 "Ignored when not 'OpenVPN'.")) 60 parser.add_option("--mgmtena", 61 dest = "mgmtena", 62 action = "store_true", 63 default = False, 64 help = ("Enable the OpenVPN management ctl channel " 65 "(default false). " 66 "Ignored when not 'OpenVPN'.")) 67 parser.add_option("--remote-cert-tls", 68 dest = "remote_cert_tls", 69 action = "store", 70 default = "server", 71 type = "string", 72 metavar = "(server | client | none)", 73 help = ("This is passed through to OpenVPN when " 74 "not 'none'. " 75 "Ignored when not 'OpenVPN'.")) 76 parser.add_option("--tunnel-group", 77 dest = "tunnel_group", 78 action = "store", 79 default = "", 80 help = ("Provide a tunnel group parameter to " 81 "l2tpipsec links. " 82 "Ignored when not 'L2TPIPSec'.")) 83 84 (options, args) = parser.parse_args(argv[1:]) 85 86 if (len(args) > 1): 87 vpn_type = args[0] 88 params = { "Type" : "vpn" } 89 90 if vpn_type == "openvpn": 91 if (len(args) == 7): 92 params["Provider.Type"] = "openvpn" 93 params["Name"] = args[1] 94 params["Provider.Host"] = args[2] 95 params["VPN.Domain"] = args[3] 96 params["OpenVPN.CACert"] = args[4] 97 params["OpenVPN.Cert"] = args[5] 98 params["OpenVPN.Key"] = args[6] 99 100 if options.complzo: # "complzo" can only be enabled. 101 params["OpenVPN.CompLZO"] = "true" 102 103 if options.mgmtena: # enable management control channel 104 params["OpenVPN.Mgmt.Enable"] = "true" 105 106 if (options.remote_cert_tls != "server" and 107 options.remote_cert_tls != "client" and 108 options.remote_cert_tls != "none"): 109 print("\n--remote-cert-tls argument ('%s') " 110 "is invalid.\n" % options.remote_cert_tls) 111 sys.exit(1) 112 113 params["OpenVPN.RemoteCertTLS"] = options.remote_cert_tls 114 else: 115 show_usage(parser, vpn_type) 116 elif (vpn_type == "l2tpipsec-cert" or 117 vpn_type == "l2tpipsec-psk"): 118 if len(args) > 4: 119 params["Provider.Type"] = "l2tpipsec" 120 params["Name"] = args[1] 121 params["Provider.Host"] = args[2] 122 params["VPN.Domain"] = args[3] 123 if vpn_type == "l2tpipsec-cert" and len(args) == 10: 124 params["L2TPIPsec.CACertPEM"] = [ args[4] ] 125 params["L2TPIPsec.ClientCertSlot"] = args[5] 126 params["L2TPIPsec.ClientCertID"] = args[6] 127 params["L2TPIPsec.PIN"] = args[7] 128 params["L2TPIPsec.PSK"] = "" 129 params["L2TPIPsec.User"] = args[8] 130 params["L2TPIPsec.Password"] = args[9] 131 elif vpn_type == "l2tpipsec-psk" and len(args) == 7: 132 params["L2TPIPsec.CACertPEM"] = [] 133 params["L2TPIPsec.ClientCertSlot"] = "" 134 params["L2TPIPsec.ClientCertID"] = "" 135 params["L2TPIPsec.PIN"] = "" 136 params["L2TPIPsec.PSK"] = args[4] 137 params["L2TPIPsec.User"] = args[5] 138 params["L2TPIPsec.Password"] = args[6] 139 else: 140 show_usage(parser, vpn_type) 141 params["L2TPIPsec.TunnelGroup"] = options.tunnel_group 142 else: 143 show_usage(parser, vpn_type) 144 else: 145 print "Unknown VPN type: '%s'" % vpn_type 146 sys.exit(1) 147 148 if options.verbose: 149 print "\nVPN Startup Parameters:\n" 150 for k, v in params.iteritems(): 151 print " %25s: '%s'" % (k, v) 152 print "" 153 154 flim = flimflam.FlimFlam(dbus.SystemBus()) 155 service = flim.GetService(params) 156 157 if options.verbose == "true": 158 print "VPN is %s, connecting..." % service.object_path 159 160 (success, diagnostics) = flim.ConnectService(service_type = "vpn", 161 service = service, 162 assoc_timeout = 60) 163 if not success or options.verbose: 164 print "Success:", success 165 pprint.pprint(diagnostics) 166 167 if not success: 168 sys.exit(1) 169 else: 170 parser.print_help() 171 sys.exit(1) 172 173if __name__ == '__main__': 174 main(sys.argv) 175