- RSA to ECC migration was introduced in October 2020 is available to
Buster (via backports) and to Bullseye users. Dropping the code will make it
easy to test regular maintenance code updates.
- A two step setup process of first installing and then setting up the
certificates is no longer necessary. (New installs already don't use this). The
certificate generation process does not take hours but minutes. We also have a
good progress indication during install+setup process.
Tests:
- Functional tests pass.
- Initial setup completes successfully and does not take very long time.
- Profiles can be downloaded successfully and imported.
- A client an use them to connect.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- In Django 2.2 django.conf.urls.url() is an alias to django.urls.re_path().
- In Django 4.0, url() function will be removed. On Django 3.2, it throws a
warning that this function will be removed in future.
Tests:
- Run unit tests with Django 3.2 and Django 2.2.
- With Django 3.2 there are no warnings when running unit tests and when running
FreedomBox Service.
- Visit a few affected apps with both Django versions.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
A new function called `user_group_view` has been added to
restrict access to only users in the groups "vpn" and "admin".
Some changes are made in AdminRequiredMiddleware to handle this.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests performed:
- When app is not setup, app toggle button is not shown. Running status of the
app is also not present in the page. Profile download is not shown. Setup button
is shown.
- When app is being setup, app toggle button is not shown. Running status of the
app is also not present in the page. Page keeps refreshing every 3 seconds
during setup. Profile download is not shown. A progress spinner is shown that
setup is currently running.
- When app setup has completed, app toggle button is shown. Running status is
shown. When daemon is stopped, a message that daemon is not running is show.
Profile download is shown.
- Transition from being setup into setup completed is done with a single page
refresh. Message that setup is completed is shown.
- Port forwarding information is always shown (before, during and after setup).
- Run functional tests for OpenVPN.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Rename AdminMiddleware to AdminRequiredMiddleware to be consistent
with stronghold/Django terminology
- Simplify .gitignore pattern
- Format single line docstrings as per PEP8.
- Add missing docstrings.
- Restrict lines to 79 characters.
- This adds OpenVPN icon
- This enables the OpenVPN app on the index page.
- This allows only admins to create the certs for OpenVPN and admins and
non admins can not download their own profiles via the app icon.
- Authentication using client certificates. Extra password based
authentication for later.
- Auto setup of CA, server and client certificates.
- Provides a .ovpn profile for each user for easy setup.
- Use 4096 bit Diffie-Hellman parameters for better security. If this
takes to much time, reduce it to 2048 or 1024, at least during
debugging.
