-
Notifications
You must be signed in to change notification settings - Fork 49
/
openvpn.xml
120 lines (107 loc) · 3.68 KB
/
openvpn.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<!--
-- *** Note: UNDER REWORK -- DO NOT INCLUDE/USE ***
--
-- OpenVPN Tunnel Service definition
--
-- We create a subclass of the tun/tap device class, which supports the OpenVPN
-- DBus interface.
-->
<object-class name="netif-openvpn" base-class="netif-tun"/>
<service name="openvpn" interface="org.opensuse.Network.OpenVPN" object-class="netif-openvpn">
<!-- This is the linkinfo returned in interface reports -->
<define name="linkinfo" class="dict">
<remote-address type="string" constraint="required"/>
<remote-port type="uint32"/>
<protocol type="uint32" constraint="enum">
<tcp value="6"/>
<udp value="17"/>
</protocol>
<!-- Tunnel MTU -->
<mtu type="uint32"/>
<!-- user name and password. If the <auth> element is present, it must
-- have <user> and <password> children.
-- If these elements are absent, the wicked client will prompt for
-- them.
-->
<auth class="dict">
<user type="string" constraint="required">
<meta:user-input type="user" prompt="Please enter openvpn user name"/>
</user>
<password type="string" constraint="required">
<meta:user-input type="password" prompt="Please enter openvpn password"/>
</password>
</auth>
<tls class="dict">
<ca-cert type="external-file"/>
<client-cert type="external-file"/>
<client-key type="external-file"/>
<!-- alternative: pkcs12 file -->
<pkcs12 type="external-file"/>
</tls>
</define>
<!-- the properties of a OpenVPN device: -->
<define name="properties" type="linkinfo"/>
<method name="changeDevice">
<arguments>
<config type="linkinfo">
<!-- The mapping info tells the client to take the device
-- configuration from the <openvpn> element. -->
<meta:mapping document-node="/openvpn" />
</config>
</arguments>
<!-- returns callback list -->
</method>
<!-- Override the linkUp method of the netif base interface.
-- This will start an openvpn daemon process for this tunnel.
--
-- For now, we ignore any and all of the usual link parameters,
-- and let the openvpn daemon handle all that stuff.
--
-- Note that the MTU can be specified via the <openvpn> element.
-->
<method name="linkUp">
<!-- When bringing up the interface, do not try to bring up the link until
-- the host referenced by this element is reachable. -->
<meta:require check="reachable" argument="${/request/remote-address}" />
<arguments>
<request type="interface:link-request">
<!-- Unlike most interfaces, we do not honor the <link> element,
-- but pass it the <openvpn> element once more. -->
<meta:mapping document-node="/openvpn" />
</request>
</arguments>
<return>
<interface:callback-info/>
</return>
</method>
<!-- Override the linkDown method of the netif base interface.
-- This will shut down the openvpn daemon process and wait for
-- it to exit.
-->
<method name="linkDown">
<return>
<interface:callback-info/>
</return>
</method>
<!-- Delete the tuntap interface created for this tunnel -->
<method name="deleteDevice">
<!-- no arguments, no return code -->
</method>
</service>
<service name="openvpn-factory" interface="org.opensuse.Network.OpenVPN.Factory" object-class="netif-list">
<!-- "Create" openvpn device.
-- This will create a tunX device and an openvpn config file.
-- The config file isn't used until the client invokes the linkUp method.
-->
<method name="newDevice">
<arguments>
<name type="string"/>
<config type="openvpn:linkinfo">
<meta:mapping document-node="/openvpn"/>
</config>
</arguments>
<return>
<string/> <!-- this is really an object handle -->
</return>
</method>
</service>