[requested-changes] Fixed issue with multiple VPNs

openwisp · Mar 9, 2022 · 0bb800e · 0bb800e
1 parent 2cd0e92
commit 0bb800e
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 6 deletions.
diff --git a/netjsonconfig/backends/openvpn/converters.py b/netjsonconfig/backends/openvpn/converters.py
@@ -57,8 +57,10 @@ def __add_tls_auth_key(self, config):
         tls_auth = tls_auth.strip()
         if len(tls_auth.split(' ')) == 1:
             # The TLS Auth key is present in the field.
+            # Determine TLS Auth key file path from CA's file path.
             ca_path = config.get('ca', '')
-            tls_auth_path = '/'.join(ca_path.split('/')[:-1] + ['tls_auth.key'])
+            name = config.get('name', '')
+            tls_auth_path = '/'.join(ca_path.split('/')[:-1] + [f'{name}_tls_auth.key'])
             if config.get('mode') == 'server':
                 tls_auth_direction = 0
             else:

diff --git a/netjsonconfig/backends/openvpn/schema.py b/netjsonconfig/backends/openvpn/schema.py
@@ -464,6 +464,7 @@
                         "attacks on the TLS stack"
                     ),
                     "type": "string",
+                    "format": "textarea",
                     "propertyOrder": 53,
                 },
             },

diff --git a/tests/openvpn/test_backend.py b/tests/openvpn/test_backend.py
@@ -763,7 +763,22 @@ def test_override(self):
                 "status_version": 1,
                 "tls_server": True,
                 "tls_auth": "tls-auth-key",
-            }
+            },
+            {
+                "name": "test2",
+                "ca": "/etc/openvpn/ca2.pem",
+                "cert": "/etc/openvpn/cert2.pem",
+                "dev": "tap0",
+                "dev_type": "tap",
+                "dh": "/etc/openvpn/dh2.pem",
+                "key": "/etc/openvpn/key2.pem",
+                "mode": "server",
+                "proto": "udp",
+                "status": "",
+                "status_version": 1,
+                "tls_server": True,
+                "tls_auth": "tls-auth-key2",
+            },
         ],
     }
 
@@ -777,16 +792,34 @@ def test_override(self):
 key /etc/openvpn/key.pem
 mode server
 proto udp
-tls-auth /etc/openvpn/tls_auth.key 0
+tls-auth /etc/openvpn/test_tls_auth.key 0
+tls-server
+
+# openvpn config: test2
+
+ca /etc/openvpn/ca2.pem
+cert /etc/openvpn/cert2.pem
+dev tap0
+dev-type tap
+dh /etc/openvpn/dh2.pem
+key /etc/openvpn/key2.pem
+mode server
+proto udp
+tls-auth /etc/openvpn/test2_tls_auth.key 0
 tls-server
 
 # ---------- files ---------- #
 
-# path: /etc/openvpn/tls_auth.key
+# path: /etc/openvpn/test_tls_auth.key
 # mode: 0600
 
 tls-auth-key
 
+# path: /etc/openvpn/test2_tls_auth.key
+# mode: 0600
+
+tls-auth-key2
+
 """
 
     _openvpn_client_tls_auth_render = """# openvpn config: test
@@ -801,12 +834,12 @@ def test_override(self):
 proto udp
 remote vpn1.test.com 1195
 resolv-retry infinite
-tls-auth /etc/openvpn/tls_auth.key 1
+tls-auth /etc/openvpn/test_tls_auth.key 1
 tls-client
 
 # ---------- files ---------- #
 
-# path: /etc/openvpn/tls_auth.key
+# path: /etc/openvpn/test_tls_auth.key
 # mode: 0600
 
 tls-auth-key