diff options
| author | jim-p <jimp@pfsense.org> | 2011-07-27 11:36:08 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2011-07-27 11:36:08 -0400 |
| commit | f27d726cdaf7d1525e37317ec1fc5258aa2d0e64 (patch) | |
| tree | e9682fd1e9f95aebbff48b88c9b5fa23e45c62ef | |
| parent | 6d0137065075d48498f28b6ef476858320a79c2f (diff) | |
| download | pfsense-f27d726cdaf7d1525e37317ec1fc5258aa2d0e64.zip pfsense-f27d726cdaf7d1525e37317ec1fc5258aa2d0e64.tar.gz | |
Rework OpenVPN status, show status for shared key servers.
| -rw-r--r-- | etc/inc/openvpn.inc | 276 | ||||
| -rw-r--r-- | usr/local/www/status_openvpn.php | 59 | ||||
| -rw-r--r-- | usr/local/www/widgets/widgets/openvpn.widget.php | 58 |
3 files changed, 246 insertions, 147 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index f723138..285a65f 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -753,13 +753,12 @@ function openvpn_resync_all($interface = "") { } -function openvpn_get_active_servers() { +function openvpn_get_active_servers($type="ssl") { global $config, $g; $servers = array(); if (is_array($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as & $settings) { - if (empty($settings) || isset($settings['disable'])) continue; @@ -767,7 +766,7 @@ function openvpn_get_active_servers() { $port = $settings['local_port']; $server = array(); - $server['port'] = $settings['local_port']; + $server['port'] = ($settings['local_port']) ? $settings['local_port'] : 1194; $server['mode'] = $settings['mode']; if ($settings['description']) $server['name'] = "{$settings['description']} {$prot}:{$port}"; @@ -776,69 +775,73 @@ function openvpn_get_active_servers() { $server['conns'] = array(); $vpnid = $settings['vpnid']; - $mode_id = "server{$vpnid}"; + $mode_id = "server{$vpnid}"; $server['mgmt'] = $mode_id; - $tcpsrv = "unix://{$g['varetc_path']}/openvpn/{$mode_id}.sock"; - $errval; - $errstr; - - /* open a tcp connection to the management port of each server */ - $fp = @stream_socket_client($tcpsrv, $errval, $errstr, 1); - if ($fp) { - stream_set_timeout($fp, 1); - - /* send our status request */ - fputs($fp, "status 2\n"); - - /* recv all response lines */ - while (!feof($fp)) { - - /* read the next line */ - $line = fgets($fp, 1024); - - $info = stream_get_meta_data($fp); - if ($info['timed_out']) - break; + $socket = "unix://{$g['varetc_path']}/openvpn/{$mode_id}.sock"; + if (($server['mode'] == "p2p_shared_key") && ($type == "sharedkey")) + $servers[] = openvpn_get_client_status($server, $socket); + elseif (($server['mode'] != "p2p_shared_key") && ($type == "ssl")) + $servers[] = openvpn_get_server_status($server, $socket); + } + } + return $servers; +} - /* parse header list line */ - if (strstr($line, "HEADER")) - continue; - - /* parse end of output line */ - if (strstr($line, "END") || strstr($line, "ERROR")) - break; - - /* parse client list line */ - if (strstr($line, "CLIENT_LIST")) { - $list = explode(",", $line); - $conn = array(); - $conn['common_name'] = $list[1]; - $conn['remote_host'] = $list[2]; - $conn['virtual_addr'] = $list[3]; - $conn['bytes_recv'] = $list[4]; - $conn['bytes_sent'] = $list[5]; - $conn['connect_time'] = $list[6]; - $server['conns'][] = $conn; - } - } - - /* cleanup */ - fclose($fp); - } else { +function openvpn_get_server_status($server, $socket) { + $errval; + $errstr; + $fp = @stream_socket_client($socket, $errval, $errstr, 1); + if ($fp) { + stream_set_timeout($fp, 1); + + /* send our status request */ + fputs($fp, "status 2\n"); + + /* recv all response lines */ + while (!feof($fp)) { + + /* read the next line */ + $line = fgets($fp, 1024); + + $info = stream_get_meta_data($fp); + if ($info['timed_out']) + break; + + /* parse header list line */ + if (strstr($line, "HEADER")) + continue; + + /* parse end of output line */ + if (strstr($line, "END") || strstr($line, "ERROR")) + break; + + /* parse client list line */ + if (strstr($line, "CLIENT_LIST")) { + $list = explode(",", $line); $conn = array(); - $conn['common_name'] = "[error]"; - $conn['remote_host'] = "Management Daemon Unreachable"; - $conn['virtual_addr'] = ""; - $conn['bytes_recv'] = 0; - $conn['bytes_sent'] = 0; - $conn['connect_time'] = 0; + $conn['common_name'] = $list[1]; + $conn['remote_host'] = $list[2]; + $conn['virtual_addr'] = $list[3]; + $conn['bytes_recv'] = $list[4]; + $conn['bytes_sent'] = $list[5]; + $conn['connect_time'] = $list[6]; $server['conns'][] = $conn; } - - $servers[] = $server; } + + /* cleanup */ + fclose($fp); + } else { + $conn = array(); + $conn['common_name'] = "[error]"; + $conn['remote_host'] = "Management Daemon Unreachable"; + $conn['virtual_addr'] = ""; + $conn['bytes_recv'] = 0; + $conn['bytes_sent'] = 0; + $conn['connect_time'] = 0; + $server['conns'][] = $conn; } - return $servers; + return $server; } function openvpn_get_active_clients() { @@ -852,97 +855,98 @@ function openvpn_get_active_clients() { continue; $prot = $settings['protocol']; - $port = $settings['local_port']; + $port = ($settings['local_port']) ? ":{$settings['local_port']}" : ""; $client = array(); $client['port'] = $settings['local_port']; if ($settings['description']) - $client['name'] = "{$settings['description']} {$prot}:{$port}"; + $client['name'] = "{$settings['description']} {$prot}{$port}"; else - $client['name'] = "Client {$prot}:{$port}"; + $client['name'] = "Client {$prot}{$port}"; $vpnid = $settings['vpnid']; - $mode_id = "client{$vpnid}"; + $mode_id = "client{$vpnid}"; $client['mgmt'] = $mode_id; - $tcpcli = "unix://{$g['varetc_path']}/openvpn/{$mode_id}.sock"; - $errval; - $errstr; - + $socket = "unix://{$g['varetc_path']}/openvpn/{$mode_id}.sock"; $client['status']="down"; - - /* open a tcp connection to the management port of each cli */ - $fp = @stream_socket_client($tcpcli, $errval, $errstr, 1); - if ($fp) { - stream_set_timeout($fp, 1); - /* send our status request */ - fputs($fp, "state 1\n"); - - /* recv all response lines */ - while (!feof($fp)) { - /* read the next line */ - $line = fgets($fp, 1024); - - $info = stream_get_meta_data($fp); - if ($info['timed_out']) - break; - - /* Get the client state */ - if (strstr($line,"CONNECTED")) { - $client['status']="up"; - $list = explode(",", $line); - - $client['connect_time'] = date("D M j G:i:s Y", $list[0]); - $client['virtual_addr'] = $list[3]; - $client['remote_host'] = $list[4]; - } - /* parse end of output line */ - if (strstr($line, "END") || strstr($line, "ERROR")) - break; + + $clients[] = openvpn_get_client_status($client, $socket); + } + } + return $clients; +} + +function openvpn_get_client_status($client, $socket) { + $errval; + $errstr; + $fp = @stream_socket_client($socket, $errval, $errstr, 1); + if ($fp) { + stream_set_timeout($fp, 1); + /* send our status request */ + fputs($fp, "state 1\n"); + + /* recv all response lines */ + while (!feof($fp)) { + /* read the next line */ + $line = fgets($fp, 1024); + + $info = stream_get_meta_data($fp); + if ($info['timed_out']) + break; + + /* Get the client state */ + if (strstr($line,"CONNECTED")) { + $client['status']="up"; + $list = explode(",", $line); + + $client['connect_time'] = date("D M j G:i:s Y", $list[0]); + $client['virtual_addr'] = $list[3]; + $client['remote_host'] = $list[4]; + } + /* parse end of output line */ + if (strstr($line, "END") || strstr($line, "ERROR")) + break; + } + + /* If up, get read/write stats */ + if (strcmp($client['status'], "up") == 0) { + fputs($fp, "status 2\n"); + /* recv all response lines */ + while (!feof($fp)) { + /* read the next line */ + $line = fgets($fp, 1024); + + $info = stream_get_meta_data($fp); + if ($info['timed_out']) + break; + + if (strstr($line,"TCP/UDP read bytes")) { + $list = explode(",", $line); + $client['bytes_recv'] = $list[1]; } - - /* If up, get read/write stats */ - if (strcmp($client['status'], "up") == 0) { - fputs($fp, "status 2\n"); - /* recv all response lines */ - while (!feof($fp)) { - /* read the next line */ - $line = fgets($fp, 1024); - - $info = stream_get_meta_data($fp); - if ($info['timed_out']) - break; - - if (strstr($line,"TCP/UDP read bytes")) { - $list = explode(",", $line); - $client['bytes_recv'] = $list[1]; - } - - if (strstr($line,"TCP/UDP write bytes")) { - $list = explode(",", $line); - $client['bytes_sent'] = $list[1]; - } - - /* parse end of output line */ - if (strstr($line, "END")) - break; - } + + if (strstr($line,"TCP/UDP write bytes")) { + $list = explode(",", $line); + $client['bytes_sent'] = $list[1]; } - - fclose($fp); - - } else { - $DisplayNote=true; - $client['remote_host'] = "No Management Daemon"; - $client['virtual_addr'] = "See Note Below"; - $client['bytes_recv'] = 0; - $client['bytes_sent'] = 0; - $client['connect_time'] = 0; + + /* parse end of output line */ + if (strstr($line, "END")) + break; } - - $clients[] = $client; } + + fclose($fp); + + } else { + $DisplayNote=true; + $client['remote_host'] = "No Management Daemon"; + $client['virtual_addr'] = "See Note Below"; + $client['bytes_recv'] = 0; + $client['bytes_sent'] = 0; + $client['connect_time'] = 0; } - return $clients; + return $client; } function openvpn_refresh_crls() { diff --git a/usr/local/www/status_openvpn.php b/usr/local/www/status_openvpn.php index 30c3a84..4ad65d5 100644 --- a/usr/local/www/status_openvpn.php +++ b/usr/local/www/status_openvpn.php @@ -98,6 +98,7 @@ function kill_client($port, $remipp) { } $servers = openvpn_get_active_servers(); +$sk_servers = openvpn_get_active_servers("sharedkey"); $clients = openvpn_get_active_clients(); include("head.inc"); ?> @@ -141,13 +142,10 @@ include("head.inc"); ?> <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="6" class="listtopic"> - <?=gettext("Client connections for"); ?> <?=$server['name'];?> + <?=$server['name'];?> <?=gettext("Client connections"); ?> </td> </tr> <tr> -<?php if ($server['mode'] == "p2p_shared_key"): ?> - <td>Status data is not available for shared key servers.</td> -<?php else: ?> <td> <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -194,19 +192,68 @@ include("head.inc"); ?> </table> </td> -<? endif; ?> </tr> </table> <?php endforeach; ?> <br> +<?php if (!empty($sk_servers)) { ?> +<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td colspan="6" class="listtopic"> + <?=gettext("Shared Key Server Instance Statistics"); ?> + </td> + </tr> + <tr> + <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr"><?=gettext("Name"); ?></td> + <td class="listhdrr"><?=gettext("Status"); ?></td> + <td class="listhdrr"><?=gettext("Connected Since"); ?></td> + <td class="listhdrr"><?=gettext("Virtual Addr"); ?></td> + <td class="listhdrr"><?=gettext("Remote Host"); ?></td> + <td class="listhdrr"><?=gettext("Bytes Sent"); ?></td> + <td class="listhdrr"><?=gettext("Bytes Received"); ?></td> + </tr> +<?php foreach ($sk_servers as $sk_server): ?> + <tr name='<?php echo "r:{$client['port']}:{$conn['remote_host']}"; ?>'> + <td class="listlr"> + <?=$sk_server['name'];?> + </td> + <td class="listlr"> + <?=$sk_server['status'];?> + </td> + <td class="listr"> + <?=$sk_server['connect_time'];?> + </td> + <td class="listr"> + <?=$sk_server['virtual_addr'];?> + </td> + <td class="listr"> + <?=$sk_server['remote_host'];?> + </td> + <td class="listr"> + <?=$sk_server['bytes_sent'];?> + </td> + <td class="listr"> + <?=$sk_server['bytes_recv'];?> + </td> + </tr> +<?php endforeach; ?> + </table> + </tr> +</table> + +<?php +} ?> +<br> <?php if (!empty($clients)) { ?> <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="6" class="listtopic"> - <?=gettext("OpenVPN client instances statistics"); ?> + <?=gettext("Client Instance Statistics"); ?> </td> </tr> <tr> diff --git a/usr/local/www/widgets/widgets/openvpn.widget.php b/usr/local/www/widgets/widgets/openvpn.widget.php index c93c708..4d186f0 100644 --- a/usr/local/www/widgets/widgets/openvpn.widget.php +++ b/usr/local/www/widgets/widgets/openvpn.widget.php @@ -55,6 +55,7 @@ function kill_client($port, $remipp) { } $servers = openvpn_get_active_servers(); +$sk_servers = openvpn_get_active_servers("sharedkey"); $clients = openvpn_get_active_clients(); ?> @@ -95,7 +96,7 @@ $clients = openvpn_get_active_clients(); <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="6" class="listtopic"> - Client connections for <?=$server['name'];?> + <?=$server['name'];?> Client connections </td> </tr> <tr> @@ -140,14 +141,61 @@ $clients = openvpn_get_active_clients(); </table> <?php endforeach; ?> -<br/> +<?php if (!empty($sk_servers)) { ?> +<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td colspan="6" class="listtopic"> + Shared Key Server Instance Statistics + </td> + </tr> + <tr> + <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Name/Time</td> + <td class="listhdrr">Remote/Virtual IP</td> + </tr> +<?php foreach ($sk_servers as $sk_server): ?> + <tr name='<?php echo "r:{$sk_server['port']}:{$sk_server['remote_host']}"; ?>'> + <td class="listlr"> + <?=$sk_server['name'];?> + </td> + <td class="listr"> + <?=$sk_server['remote_host'];?> + </td> + <td rowspan="2" align="center"> + <?php + if ($sk_server['status'] == "up") { + /* tunnel is up */ + $iconfn = "interface_up"; + } else { + /* tunnel is down */ + $iconfn = "interface_down"; + } + echo "<img src ='/themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'>"; + ?> + </td> + </tr> + <tr name='<?php echo "r:{$sk_server['port']}:{$sk_server['remote_host']}"; ?>'> + <td class="listlr"> + <?=$sk_server['connect_time'];?> + </td> + <td class="listr"> + <?=$sk_server['virtual_addr'];?> + </td> + </tr> +<?php endforeach; ?> + </table> + </tr> +</table> +<?php +} ?> <?php if (!empty($clients)) { ?> <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="6" class="listtopic"> - OpenVPN client instances statistics + Client Instance Statistics </td> </tr> <tr> @@ -158,7 +206,7 @@ $clients = openvpn_get_active_clients(); </tr> <?php foreach ($clients as $client): ?> - <tr name='<?php echo "r:{$client['port']}:{$conn['remote_host']}"; ?>'> + <tr name='<?php echo "r:{$client['port']}:{$client['remote_host']}"; ?>'> <td class="listlr"> <?=$client['name'];?> </td> @@ -178,7 +226,7 @@ $clients = openvpn_get_active_clients(); ?> </td> </tr> - <tr name='<?php echo "r:{$client['port']}:{$conn['remote_host']}"; ?>'> + <tr name='<?php echo "r:{$client['port']}:{$client['remote_host']}"; ?>'> <td class="listlr"> <?=$client['connect_time'];?> </td> |
