OpenVPN Backend
The OpenVpn
backend allows to generate OpenVPN 2.x.x compatible
configurations.
Its schema is limited to a subset of the features available in OpenVPN and it doesn’t recognize interfaces, radios, wireless settings and so on.
The main methods work just like the OpenWrt backend:
__init__
render
generate
write
json
The main differences are in the resulting configuration and in its schema.
See an example of initialization and rendering below:
from netjsonconfig import OpenVpn
config = OpenVpn(
{
"openvpn": [
{
"ca": "ca.pem",
"cert": "cert.pem",
"dev": "tap0",
"dev_type": "tap",
"dh": "dh.pem",
"key": "key.pem",
"mode": "server",
"name": "example-vpn",
"proto": "udp",
"tls_server": True,
}
]
}
)
print(config.render())
Will return the following output:
# openvpn config: test-no-status
ca ca.pem
cert cert.pem
dev tap0
dev-type tap
dh dh.pem
key key.pem
mode server
proto udp
tls-server
OpenVPN backend schema
The OpenVpn
backend schema is limited, it only recognizes an
openvpn
key with a list of dictionaries representing vpn instances.
The structure of these dictionaries is described below.
Alternatively you may also want to take a look at the OpenVPN JSON-Schema source code.
According to the NetJSON spec, any unrecognized property will be ignored.
General settings (valid both for client and server)
Required properties:
name
mode
proto
dev
key name |
type |
default |
allowed values |
---|---|---|---|
|
string |
2 to 24 alphanumeric characters, dashes and underscores |
|
|
string |
|
|
|
string |
|
|
|
integer |
|
integers |
|
list |
list of dicts, each dict
need to have |
|
|
string |
||
|
string |
|
|
|
string |
any non-whitespace character (max length: 15) |
|
|
string |
any string |
|
|
string |
|
|
|
string |
|
|
|
string |
|
|
|
string |
|
|
|
string |
any non whitespace character |
|
|
string |
any non whitespace character |
|
|
string |
any non whitespace character |
|
|
string |
any non whitespace character |
|
|
string |
string containing TLS Auth key |
|
|
string |
|
|
|
string |
|
|
|
boolean |
|
|
|
integer |
|
any positive integer |
|
integer |
|
any positive integer |
|
string |
two numbers separated by one space |
|
|
boolean |
|
|
|
boolean |
|
|
|
string |
any non whitespace character |
|
|
integer |
|
any positive integer |
|
string |
any non whitespace character |
|
|
integer |
|
|
|
string |
any string |
|
|
string |
any string |
|
|
integer |
|
any positive integer |
|
string |
string and number separated
by space, eg:
|
|
|
integer |
|
|
|
boolean |
|
|
|
string |
any non whitespace character |
|
|
integer |
|
any positive integer |
|
integer |
|
any positive integer |
|
string |
any string |
|
|
string |
|
|
|
boolean |
|
|
|
boolean |
|
|
|
boolean |
|
|
|
string |
filesystem path |
|
|
integer |
|
from |
Client specific settings
Required properties:
remote
key name |
type |
default |
allowed values |
---|---|---|---|
|
list |
|
list of dictionaries containing
|
|
boolean |
|
|
|
boolean |
|
|
|
boolean |
|
|
|
boolean |
|
|
|
boolean |
|
|
|
string |
any non whitespace character |
|
|
string |
|
|
Server specific settings
key name |
type |
default |
allowed values |
---|---|---|---|
|
boolean |
|
|
|
string |
any non whitespace character |
|
|
string |
any non whitespace character |
|
|
boolean |
|
|
|
boolean |
|
|
|
boolean |
|
|
|
boolean |
|
|
|
string |
any non whitespace character |
Working around schema limitations
The schema does not include all the possible OpenVPN settings, but it can render appropiately any property not included in the schema as long as its type is one the following:
boolean
integer
strings
lists
For a list of all the OpenVPN configuration settings, refer to the OpenVPN 2.3 manual.
Automatic generation of clients
- classmethod OpenVpn.auto_client(host, server, ca_path=None, ca_contents=None, cert_path=None, cert_contents=None, key_path=None, key_contents=None)[source]
Returns a configuration dictionary representing an OpenVPN client configuration that is compatible with the passed server configuration.
- Parameters:
host – remote VPN server
server – dictionary representing a single OpenVPN server configuration
ca_path – optional string representing path to CA, will consequently add a file in the resulting configuration dictionary
ca_contents – optional string representing contents of CA file
cert_path – optional string representing path to certificate, will consequently add a file in the resulting configuration dictionary
cert_contents – optional string representing contents of cert file
key_path – optional string representing path to key, will consequently add a file in the resulting configuration dictionary
key_contents – optional string representing contents of key file
- Returns:
dictionary representing a single OpenVPN client configuration
Example:
from netjsonconfig import OpenVpn
server_config = {
"ca": "ca.pem",
"cert": "cert.pem",
"dev": "tap0",
"dev_type": "tap",
"dh": "dh.pem",
"key": "key.pem",
"mode": "server",
"name": "example-vpn",
"proto": "udp",
"tls_server": True,
}
dummy_contents = "------ EXAMPLE ------"
client_config = OpenVpn.auto_client(
"vpn1.test.com",
server=server_config,
ca_path="ca.pem",
ca_contents=dummy_contents,
cert_path="cert.pem",
cert_contents=dummy_contents,
key_path="key.pem",
key_contents=dummy_contents,
)
client = OpenVpn(client_config)
print(client.render())
Will be rendered as:
# openvpn config: example-vpn
ca ca.pem
cert cert.pem
dev tap0
dev-type tap
key key.pem
mode p2p
nobind
proto udp
remote vpn1.test.com 1195
resolv-retry
tls-client
# ---------- files ---------- #
# path: ca.pem
# mode: 0644
------ EXAMPLE ------
# path: cert.pem
# mode: 0644
------ EXAMPLE ------
# path: key.pem
# mode: 0644
------ EXAMPLE ------