summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDmitriy K. <levantin@mail.nnov.ru>2014-06-17 11:01:48 +0400
committerDmitriy K. <levantin@mail.nnov.ru>2014-06-17 11:01:48 +0400
commitb9e9903ddb21665023c9fcc241099476a42a9dbd (patch)
tree215266c4cd3f2e518dd8c7973d7941f1f4f2ad40
parent7860191a10545a809673d4c8203c925156609da3 (diff)
downloadpfsense-b9e9903ddb21665023c9fcc241099476a42a9dbd.zip
pfsense-b9e9903ddb21665023c9fcc241099476a42a9dbd.tar.gz
patchpack1
-Fix #3401 (Added tun option "Disable IPv6" -Added new options: route-nopull, route-noexec, verb;
-rw-r--r--etc/inc/openvpn.inc38
-rw-r--r--usr/local/www/vpn_openvpn_client.php109
-rw-r--r--usr/local/www/vpn_openvpn_server.php56
3 files changed, 199 insertions, 4 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 0591e56..4c23ed0 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -55,6 +55,22 @@ $openvpn_prots = array("UDP", "UDP6", "TCP", "TCP6");
global $openvpn_dev_mode;
$openvpn_dev_mode = array("tun", "tap");
+global $openvpn_verbosity_level;
+$openvpn_verbosity_level = array(
+ 0 => "none",
+ 1 => "default",
+ 2 => "2",
+ 3 => "3 (recommended)",
+ 4 => "4",
+ 5 => "5",
+ 6 => "6",
+ 7 => "7",
+ 8 => "8",
+ 9 => "9",
+ 10 => "10",
+ 11 => "11"
+);
+
/*
* The User Auth mode below is disabled because
* OpenVPN erroneously requires that we provide
@@ -460,11 +476,16 @@ function openvpn_reconfigure($mode, $settings) {
}
}
- $conf = "dev {$devname}\n";
+ $conf = "verb {$settings['verbosity_level']}\n";
+ $conf .= "dev {$devname}\n";
$conf .= "dev-type {$settings['dev_mode']}\n";
switch($settings['dev_mode']) {
case "tun":
- $conf .= "tun-ipv6\n";
+ if (!$settings['no_tun_ipv6']) {
+ $conf .= "tun-ipv6\n";
+ } else {
+
+ }
break;
}
$conf .= "dev-node /dev/{$tunname}\n";
@@ -768,6 +789,19 @@ function openvpn_reconfigure($mode, $settings) {
$conf .= "topology subnet\n";
}
+ // New client features
+ if ($mode == "client") {
+ // Dont pull routes checkbox
+ if ($settings['route_no_pull']) {
+ $conf .= "route-nopull\n";
+ }
+
+ // Dont add/remove routes checkbox
+ if ($settings['route_no_exec']) {
+ $conf .= "route-noexec\n";
+ }
+ }
+
openvpn_add_custom($settings, $conf);
openvpn_create_dirs();
diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php
index d5b479e..f80694b 100644
--- a/usr/local/www/vpn_openvpn_client.php
+++ b/usr/local/www/vpn_openvpn_client.php
@@ -93,6 +93,7 @@ if($_GET['act']=="new"){
$pconfig['autotls_enable'] = "yes";
$pconfig['interface'] = "wan";
$pconfig['server_port'] = 1194;
+ $pconfig['verbosity_level'] = 1; // Default verbosity is 1
// OpenVPN Defaults to SHA1
$pconfig['digest'] = "SHA1";
}
@@ -152,6 +153,12 @@ if($_GET['act']=="edit"){
// just in case the modes switch
$pconfig['autokey_enable'] = "yes";
$pconfig['autotls_enable'] = "yes";
+
+ // New features
+ $pconfig['no_tun_ipv6'] = $a_client[$id]['no_tun_ipv6'];
+ $pconfig['route_no_pull'] = $a_client[$id]['route_no_pull'];
+ $pconfig['route_no_exec'] = $a_client[$id]['route_no_exec'];
+ $pconfig['verbosity_level'] = $a_client[$id]['verbosity_level'];
}
}
@@ -311,6 +318,12 @@ if ($_POST) {
$client['compression'] = $pconfig['compression'];
$client['passtos'] = $pconfig['passtos'];
+ // New features
+ $client['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
+ $client['route_no_pull'] = $pconfig['route_no_pull'];
+ $client['route_no_exec'] = $pconfig['route_no_exec'];
+ $client['verbosity_level'] = $pconfig['verbosity_level'];
+
if (isset($id) && $a_client[$id])
$a_client[$id] = $client;
else
@@ -352,6 +365,19 @@ function mode_change() {
}
}
+function dev_mode_change() {
+ index = document.iform.dev_mode.selectedIndex;
+ value = document.iform.dev_mode.options[index].value;
+ switch(value) {
+ case "tun":
+ document.getElementById("chkboxNoTunIPv6").style.display="";
+ break;
+ case "tap":
+ document.getElementById("chkboxNoTunIPv6").style.display="none";
+ break;
+ }
+}
+
function autokey_change() {
if (document.iform.autokey_enable.checked)
document.getElementById("autokey_opts").style.display="none";
@@ -482,7 +508,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td>
<td width="78%" class="vtable">
- <select name='dev_mode' class="formselect">
+ <select name='dev_mode' class="formselect" onchange="dev_mode_change()">
<?php
foreach ($openvpn_dev_mode as $mode):
$selected = "";
@@ -954,6 +980,64 @@ if ($savemsg)
</table>
</td>
</tr>
+
+
+ <tr id="chkboxNoTunIPv6">
+ <td width="22%" valign="top" class="vncell"><?=gettext("Disable IPv6"); ?></td>
+ <td width="78%" class="vtable">
+ <table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6">
+ <tr>
+ <td>
+ <?php set_checked($pconfig['no_tun_ipv6'],$chk); ?>
+ <input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> />
+ </td>
+ <td>
+ <span class="vexpl">
+ <?=gettext("Do not forward IPv6 traffic"); ?>.
+ </span>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
+ <tr id="chkboxRouteNoPull">
+ <td width="22%" valign="top" class="vncell"><?=gettext("Dont pull routes"); ?></td>
+ <td width="78%" class="vtable">
+ <table border="0" cellpadding="2" cellspacing="0" summary="dont-pull-routes">
+ <tr>
+ <td>
+ <?php set_checked($pconfig['route_no_pull'],$chk); ?>
+ <input name="route_no_pull" type="checkbox" value="yes" <?=$chk;?> />
+ </td>
+ <td>
+ <span class="vexpl">
+ <?=gettext("Don't add or remove routes automatically. Instead pass routes to "); ?> <strong>--route-up</strong> <?=gettext("script using environmental variables"); ?>.
+ </span>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
+ <tr id="chkboxRouteNoExec">
+ <td width="22%" valign="top" class="vncell"><?=gettext("Dont add/remove routes"); ?></td>
+ <td width="78%" class="vtable">
+ <table border="0" cellpadding="2" cellspacing="0" summary="dont-exec-routes">
+ <tr>
+ <td>
+ <?php set_checked($pconfig['route_no_exec'],$chk); ?>
+ <input name="route_no_exec" type="checkbox" value="yes" <?=$chk;?> />
+ </td>
+ <td>
+ <span class="vexpl">
+ <?=gettext("This option effectively bars the server from adding routes to the client's routing table, however note that this option still allows the server to set the TCP/IP properties of the client's TUN/TAP interface"); ?>.
+ </span>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
</table>
<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="advance configuration">
@@ -977,6 +1061,29 @@ if ($savemsg)
</table>
</td>
</tr>
+
+ <tr id="comboboxVerbosityLevel">
+ <td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td>
+ <td width="78%" class="vtable">
+ <select name="verbosity_level" class="formselect">
+ <?php
+ foreach ($openvpn_verbosity_level as $verb_value => $verb_desc):
+ $selected = "";
+ if ($pconfig['verbosity_level'] == $verb_value)
+ $selected = "selected=\"selected\"";
+ ?>
+ <option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option>
+ <?php endforeach; ?>
+ </select>
+ <br />
+ <?=gettext("Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output"); ?>.<br /> <br />
+ <strong>none</strong> -- <?=gettext("No output except fatal errors"); ?>. <br />
+ <strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br />
+ <strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br />
+ <strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>.
+ </td>
+ </tr>
+
</table>
<br />
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index e840911..972ceeb 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -98,6 +98,7 @@ if($_GET['act']=="new"){
$pconfig['local_port'] = openvpn_port_next('UDP');
$pconfig['pool_enable'] = "yes";
$pconfig['cert_depth'] = 1;
+ $pconfig['verbosity_level'] = 1; // Default verbosity is 1
// OpenVPN Defaults to SHA1
$pconfig['digest'] = "SHA1";
}
@@ -205,6 +206,10 @@ if($_GET['act']=="edit"){
$pconfig['autotls_enable'] = "yes";
$pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']);
+
+ // New features
+ $pconfig['no_tun_ipv6'] = $a_server[$id]['no_tun_ipv6'];
+ $pconfig['verbosity_level'] = $a_server[$id]['verbosity_level'];
}
}
if ($_POST) {
@@ -428,6 +433,10 @@ if ($_POST) {
$server['netbios_enable'] = $pconfig['netbios_enable'];
$server['netbios_ntype'] = $pconfig['netbios_ntype'];
$server['netbios_scope'] = $pconfig['netbios_scope'];
+
+ // New features
+ $server['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
+ $server['verbosity_level'] = $pconfig['verbosity_level'];
if ($pconfig['netbios_enable']) {
@@ -671,6 +680,7 @@ function tuntap_change() {
value = document.iform.dev_mode.options[index].value;
switch(value) {
case "tun":
+ document.getElementById("cbNoTunIPv6").style.display="";
document.getElementById("ipv4_tunnel_network").className="vncellreq";
document.getElementById("serverbridge_dhcp").style.display="none";
document.getElementById("serverbridge_interface").style.display="none";
@@ -679,6 +689,7 @@ function tuntap_change() {
document.getElementById("topology_subnet_opt").style.display="";
break;
case "tap":
+ document.getElementById("cbNoTunIPv6").style.display="none";
document.getElementById("ipv4_tunnel_network").className="vncell";
if (!p2p) {
document.getElementById("serverbridge_dhcp").style.display="";
@@ -1340,7 +1351,7 @@ if ($savemsg)
<?php endforeach; ?>
</select>
<br />
- <?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently."); ?>
+ <?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently."); ?>.
</td>
</tr>
<tr>
@@ -1397,6 +1408,26 @@ if ($savemsg)
</table>
</td>
</tr>
+
+ <tr id="cbNoTunIPv6">
+ <td width="22%" valign="top" class="vncell"><?=gettext("Disable IPv6"); ?></td>
+ <td width="78%" class="vtable">
+ <table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6-srv">
+ <tr>
+ <td>
+ <?php set_checked($pconfig['no_tun_ipv6'],$chk); ?>
+ <input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> />
+ </td>
+ <td>
+ <span class="vexpl">
+ <?=gettext("Do not forward IPv6 traffic"); ?>.
+ </span>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
</table>
<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="client settings">
@@ -1724,6 +1755,29 @@ if ($savemsg)
</table>
</td>
</tr>
+
+ <tr id="comboboxVerbosityLevel">
+ <td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td>
+ <td width="78%" class="vtable">
+ <select name="verbosity_level" class="formselect">
+ <?php
+ foreach ($openvpn_verbosity_level as $verb_value => $verb_desc):
+ $selected = "";
+ if ($pconfig['verbosity_level'] == $verb_value)
+ $selected = "selected=\"selected\"";
+ ?>
+ <option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option>
+ <?php endforeach; ?>
+ </select>
+ <br />
+ <?=gettext("Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output"); ?>.<br /> <br />
+ <strong>none</strong> -- <?=gettext("No output except fatal errors"); ?>. <br />
+ <strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br />
+ <strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br />
+ <strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>.
+ </td>
+ </tr>
+
</table>
<br />
OpenPOWER on IntegriCloud