diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2006-01-30 02:25:00 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2006-01-30 02:25:00 +0000 |
| commit | 4f8e387ddd4cb91d86fdf6f32558d66527338f2a (patch) | |
| tree | 64ab88429aa0bc8c05885a11de2452d7f16ec2d9 | |
| parent | 989c7b5715e51ea5398181bff765c7e21bad6e03 (diff) | |
| download | pfsense-4f8e387ddd4cb91d86fdf6f32558d66527338f2a.zip pfsense-4f8e387ddd4cb91d86fdf6f32558d66527338f2a.tar.gz | |
OpenVPN cleanups by mposch@gmail.com
| -rw-r--r-- | etc/inc/filter.inc | 5 | ||||
| -rw-r--r-- | etc/inc/globals.inc | 7 | ||||
| -rw-r--r-- | etc/inc/openvpn.inc | 16 | ||||
| -rw-r--r-- | etc/inc/util.inc | 3 | ||||
| -rwxr-xr-x | etc/rc.reload_interfaces | 4 | ||||
| -rwxr-xr-x | usr/local/www/fbegin.inc | 2 | ||||
| -rwxr-xr-x | usr/local/www/vpn_openvpn.php | 7 | ||||
| -rwxr-xr-x | usr/local/www/vpn_openvpn_ccd.php | 94 | ||||
| -rwxr-xr-x | usr/local/www/vpn_openvpn_ccd_edit.php | 8 | ||||
| -rwxr-xr-x | usr/local/www/vpn_openvpn_cli.php | 54 | ||||
| -rwxr-xr-x | usr/local/www/vpn_openvpn_cli_edit.php | 13 | ||||
| -rwxr-xr-x | usr/local/www/vpn_openvpn_crl.php | 85 | ||||
| -rwxr-xr-x | usr/local/www/vpn_openvpn_crl_edit.php | 8 | ||||
| -rwxr-xr-x | usr/local/www/vpn_openvpn_srv.php | 54 | ||||
| -rwxr-xr-x | usr/local/www/vpn_openvpn_srv_edit.php | 7 |
15 files changed, 230 insertions, 137 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 8dee84a..7c358b6 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -249,7 +249,8 @@ function filter_generate_aliases() { $bridgetracker = 0; foreach ($ifdescrs as $ifdescr => $ifname) { /* do not process tun interfaces */ - if(stristr(filter_opt_interface_to_real($ifname), "tun") == true) continue; + /* do process tun interfaces for openvpn compatibility */ + /* if(stristr(filter_opt_interface_to_real($ifname), "tun") == true) continue; */ $aliases .= filter_get_opt_interface_descr($ifname) . " = \"{ " . filter_opt_interface_to_real($ifname); if($config['interfaces'][$ifname]['bridge'] <> "") { $aliases .= " bridge{$bridgetracker} "; @@ -2194,4 +2195,4 @@ function return_vpn_subnet($adr) { return " # error - {$adr['network']} "; } -?>
\ No newline at end of file +?> diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 3caea66..59096cf 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -72,5 +72,10 @@ $iptos = array("lowdelay", "throughput", "reliability", "congestion"); /* TCP flags */ $tcpflags = array("syn", "ack", "fin", "rst", "psh", "urg"); +/* OpenVPN Directories */ +$d_ovpnsrvdirty_path = "/tmp/ovpn-srv.dirty"; +$d_ovpncrldirty_path = "/tmp/ovpn-crl.dirty"; +$d_ovpnclidirty_path = "/tmp/ovpn-cli.dirty"; -?>
\ No newline at end of file + +?> diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 52a5851..4bdac0c 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -104,6 +104,12 @@ function ovpn_config_server($reconfigure) { /* next server */ continue; } + /* restart openvpn daemon if pf is restarted, but not on boot, hence the else if */ + else if ( $reconfigure == "pfreload") { + ovpn_server_kill($tun); + mwexec("/usr/local/sbin/openvpn {$g['varetc_path']}/ovpn_srv_{$tun}.conf"); + continue; + } /* send SIGUSR1 to running openvpn daemon */ if ( $reconfigure == "true" && isset($server['dynip'])) { @@ -181,6 +187,9 @@ function ovpn_srv_config_generate($id) { global $config, $g; $server = $config['ovpn']['server']['tunnel'][$id]; + /* mount filesystem for read/write */ + conf_mount_rw(); + /* get tunnel interface */ $tun = $server['tun_iface']; @@ -434,6 +443,9 @@ EOD; fwrite($fd, $ovpn_config); fclose($fd); + /* return from filesystem read/write mode and mount read-only */ + conf_mount_ro(); + //trigger_error("OVPN: $ovpn_config", E_USER_NOTICE); } @@ -768,7 +780,7 @@ function ovpn_crl_dirty($name) { function ovpn_config_client() { /* Boot time configuration */ - global $config, $g, $d_ovpnclidirty_path;; + global $config, $g, $d_ovpnclidirty_path; foreach ($config['ovpn']['client']['tunnel'] as $id => $client) { @@ -1484,4 +1496,4 @@ function ovpn_unlock() { unlink($lockfile); } -?>
\ No newline at end of file +?> diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 254211d..3774090 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -262,7 +262,6 @@ function get_interface_list($mode = "active", $keyby = "physical", $vfaces = "") 'lo', 'ng', 'vlan', - 'tun', 'pflog', 'pfsync', 'carp' @@ -519,4 +518,4 @@ function xml_safe_fieldname($fieldname) { return strtolower(str_replace($replace, "", $fieldname)); } -?>
\ No newline at end of file +?> diff --git a/etc/rc.reload_interfaces b/etc/rc.reload_interfaces index 783af5c..108efd1 100755 --- a/etc/rc.reload_interfaces +++ b/etc/rc.reload_interfaces @@ -31,8 +31,10 @@ require_once("config.inc"); require_once("filter.inc"); +require_once("openvpn.inc"); reload_interfaces_sync(); filter_configure_sync(); +ovpn_config_server("pfreload"); -?>
\ No newline at end of file +?> diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index b5f0ffd..2ecef82 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -149,7 +149,7 @@ require_once("notices.inc"); <li><a href="/vpn_ipsec.php" class="navlnk">IPsec</a></li> <?php if(isset($config['system']['developer'])) { - echo "<li><a href=\"/vpn_openvpn.php\" class=\"navlnk\">OpenVPN</a></li>"; + echo "<li><a href=\"/vpn_openvpn_srv.php\" class=\"navlnk\">OpenVPN</a></li>"; } ?> <li><a href="/vpn_pptp.php" class="navlnk">PPTP</a></li> diff --git a/usr/local/www/vpn_openvpn.php b/usr/local/www/vpn_openvpn.php index 95d3dc9..d6d3684 100755 --- a/usr/local/www/vpn_openvpn.php +++ b/usr/local/www/vpn_openvpn.php @@ -50,7 +50,7 @@ if ($_POST) { unset($input_errors); /* input validation */ - if ($_POST['enable']) { + if (isset($_POST['enable'])) { $reqdfields = explode(" ", "tun_iface bind_iface ipblock"); $reqdfieldsn = explode(",", "Tunnel type,Interface binding,IP address block start"); @@ -59,7 +59,7 @@ if ($_POST) { } /* need a test here to make sure prefix and max_clients are coherent */ - + /* Sort out the cert+key files */ if (is_null($_POST['ca_cert'])) $input_errors[] = "You must provide a CA certificate file"; @@ -84,7 +84,6 @@ if ($_POST) { if (!$input_errors) { $server =& $config['ovpn']['server']; $server['enable'] = $_POST['enable'] ? true : false; - /* Make sure that the tunnel interface type has not changed */ if ($server['tun_iface'] != $_POST['tun_iface']){ $server['tun_iface'] = $_POST['tun_iface']; @@ -133,7 +132,7 @@ if ($_POST) { } else{ ovpn_lock(); - $retval = ovpn_config_server(); + $retval = ovpn_config_server($server['enable']); ovpn_unlock(); } $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/vpn_openvpn_ccd.php b/usr/local/www/vpn_openvpn_ccd.php index c09d1f4..c20c580 100755 --- a/usr/local/www/vpn_openvpn_ccd.php +++ b/usr/local/www/vpn_openvpn_ccd.php @@ -97,32 +97,43 @@ $pgtitle = "VPN: OpenVPN"; include("head.inc"); ?> - <?php include("fbegin.inc"); ?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<p class="pgtitle"><?=$pgtitle?></p> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if (file_exists($d_sysrebootreqd_path) && !file_exists($d_ovpnccddirty_path)) print_info_box(get_std_save_message(0)); ?> + <form action="vpn_openvpn_ccd.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <?php if (file_exists($d_ovpnccddirty_path)): ?><p> -<?php print_info_box_np("OpenVPN client-specific configuration options have been changed.<br>You must apply the changes in order for them to take effect.");?><br> -<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p> +<?php print_info_box_np("OpenVPN client-specific configuration options have been changed.<br>You must apply the changes in order for them to take effect.");?> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> - <ul id="tabnav"> - <li class="tabinact"><a href="vpn_openvpn_srv.php">Server</a></li> - <li class="tabinact"><a href="vpn_openvpn_cli.php">Client</a></li> - <li class="tabact">Client-specific Configuration</li> - <li class="tabinact"><a href="vpn_openvpn_crl.php">CRL</a></li> - </ul> +<?php + $tab_array = array(); + $tab_array[] = array("Server", false, "vpn_openvpn_srv.php"); + $tab_array[] = array("Client", false, "vpn_openvpn_cli.php"); + $tab_array[] = array("Client-specific Configuration", true, "vpn_openvpn_ccd.php"); + $tab_array[] = array("CRL", false, "vpn_openvpn_crl.php"); + display_top_tabs($tab_array); +?> </td></tr> - <tr> - <td class="tabcont"> - <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. - Backup your configuration before using OpenVPN, and restore it before upgrading.<br> - <br> - </span></strong> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> + + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td class="vtable"> + <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading. + </span></strong> + </td> + </tr> + </table> + + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="5%" class="list"> </td> <td width="38%" class="listhdrr">Common Name</td> @@ -156,33 +167,42 @@ include("head.inc"); <td class="listbg"><?=$spans;?> <?= htmlspecialchars($ccd['descr']);?> <?=$spane;?></td> - <td valign="middle" nowrap class="list"><a href="vpn_openvpn_ccd_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit client-specific configuration" width="17" height="17" border="0"></a> - <a href="vpn_openvpn_ccd.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client-specific configuration?')"><img src="x.gif" title="delete client-specific configuration" width="17" height="17" border="0"></a></td> + <td valign="middle" nowrap class="list"><a href="vpn_openvpn_ccd_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit client-specific configuration" width="17" height="17" border="0"></a> + <a href="vpn_openvpn_ccd.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client-specific configuration?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete client-specific configuration" width="17" height="17" border="0"></a></td> </tr> <?php $i++; endforeach; ?> <tr> <td class="list" colspan="3"> </td> - <td class="list"><a href="vpn_openvpn_ccd_edit.php"><img src="plus.gif" title="add client-specific configuration" width="17" height="17" border="0"></a></td> + <td class="list"><a href="vpn_openvpn_ccd_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add client-specific configuration" width="17" height="17" border="0"></a></td> </tr> </table> - <table border="0" cellspacing="0" cellpadding="0"> - <tr> - <td width="16"><img src="pass.gif" width="11" height="11"></td> - <td>pass</td> - <td width="14"></td> - <td width="16"><img src="block.gif" width="11" height="11"></td> - <td>block</td> - </tr> - <tr> - <td colspan="5" height="4"></td> - </tr> - <tr> - <td><img src="pass_d.gif" width="11" height="11"></td> - <td>pass (disabled)</td> - <td></td> - <td><img src="block_d.gif" width="11" height="11"></td> - <td>block (disabled)</td> - </tr> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11"></td> + <td>pass</td> + <td width="14"></td> + <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td> + <td>block</td> + <td width="14"></td> + <td width="16"> </td> + <td> </td> + <td width="14"></td> + <td width="16"> </td> + <td> </td> + </tr> + <tr> + <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass_d.gif" width="11" height="11"></td> + <td nowrap>pass (disabled)</td> + <td> </td> + <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td> + <td nowrap>block (disabled)</td> + <td> </td> + <td> </td> + <td nowrap> </td> + <td> </td> + <td width="16"> </td> + <td nowrap> </td> + </tr> </table> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_ccd_edit.php b/usr/local/www/vpn_openvpn_ccd_edit.php index 75ff256..8ec53e5 100755 --- a/usr/local/www/vpn_openvpn_ccd_edit.php +++ b/usr/local/www/vpn_openvpn_ccd_edit.php @@ -209,8 +209,12 @@ if ($_POST) { $pgtitle = "VPN: OpenVPN: Edit client-specific configuration"; include("head.inc"); -include("fbegin.inc"); + ?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php if ($input_errors) print_input_errors($input_errors);?> <script language="JavaScript"> function enable_change(enable_over) { var endis; @@ -286,8 +290,6 @@ function push_change(enable_over) { //--> </script> - -<?php if ($input_errors) print_input_errors($input_errors);?> <form action="vpn_openvpn_ccd_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. Backup your configuration before using OpenVPN, and restore it before upgrading.<br> <br> diff --git a/usr/local/www/vpn_openvpn_cli.php b/usr/local/www/vpn_openvpn_cli.php index 17b24de..2b28ec2 100755 --- a/usr/local/www/vpn_openvpn_cli.php +++ b/usr/local/www/vpn_openvpn_cli.php @@ -27,7 +27,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -$pgtitle = array("VPN", "OpenVPN"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -81,32 +80,49 @@ if ($_GET['act'] == "del") { exit; } } + +$pgtitle = "VPN: OpenVPN"; +include("head.inc"); + ?> <?php include("fbegin.inc"); ?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<p class="pgtitle"><?=$pgtitle?></p> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if (file_exists($d_sysrebootreqd_path) && !file_exists($d_ovpnclidirty_path)) print_info_box(get_std_save_message(0)); ?> <form action="vpn_openvpn_cli.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <?php if (file_exists($d_ovpnclidirty_path)): ?><p> -<?php print_info_box_np("The OpenVPN client configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br> -<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p> +<?php print_info_box_np("The OpenVPN client configuration has been changed.<br>You must apply the changes in order for them to take effect.");?> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> - <ul id="tabnav"> - <li class="tabinact1"><a href="vpn_openvpn_srv.php">Server</a></li> - <li class="tabact">Client</li> - <li class="tabinact"><a href="vpn_openvpn_ccd.php">Client-specific Configuration</a></li> - <li class="tabinact"><a href="vpn_openvpn_crl.php">CRL</a></li> - </ul> +<?php + $tab_array = array(); + $tab_array[] = array("Server", false, "vpn_openvpn_srv.php"); + $tab_array[] = array("Client", true, "vpn_openvpn_cli.php"); + $tab_array[] = array("Client-specific Configuration", false, "vpn_openvpn_ccd.php"); + $tab_array[] = array("CRL", false, "vpn_openvpn_crl.php"); + display_top_tabs($tab_array); +?> </td></tr> - <tr> - <td class="tabcont"> - <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. - Backup your configuration before using OpenVPN, and restore it before upgrading.<br> - <br> - </span></strong> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> + + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td class="vtable"> + <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading. + </span></strong> + </td> + </tr> + </table> + + + + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="10%" class="listhdrr">Interface</td> <td width="5%" class="listhdrr">Protocol</td> @@ -148,13 +164,13 @@ if ($_GET['act'] == "del") { <td class="listbg"><?=$spans;?> <?= htmlspecialchars($client['descr']);?> <?=$spane;?></td> - <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_cli_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit client configuration" width="17" height="17" border="0"></a> - <a href="vpn_openvpn_cli.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client configuration?')"><img src="x.gif" title="delete client configuration" width="17" height="17" border="0"></a></td> + <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_cli_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit client configuration" width="17" height="17" border="0"></a> + <a href="vpn_openvpn_cli.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client configuration?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete client configuration" width="17" height="17" border="0"></a></td> </tr> <?php $i++; endforeach; ?> <tr> <td class="list" colspan="6"> </td> - <td class="list"> <a href="vpn_openvpn_cli_edit.php"><img src="plus.gif" title="add client configuration" width="17" height="17" border="0"></a></td> + <td class="list"> <a href="vpn_openvpn_cli_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add client configuration" width="17" height="17" border="0"></a></td> </tr> </table> </td> diff --git a/usr/local/www/vpn_openvpn_cli_edit.php b/usr/local/www/vpn_openvpn_cli_edit.php index eb5c003..3e19a32 100755 --- a/usr/local/www/vpn_openvpn_cli_edit.php +++ b/usr/local/www/vpn_openvpn_cli_edit.php @@ -27,7 +27,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -$pgtitle = array("VPN", "OpenVPN", "Edit client"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -284,8 +283,14 @@ if ($_POST) { } } +$pgtitle = "VPN: OpenVPN: Edit client"; +include("head.inc"); + ?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php if ($input_errors) print_input_errors($input_errors);?> <script language="JavaScript"> function enable_change(enable_over) { var endis; @@ -411,10 +416,10 @@ function get_radio_value(obj) { //--> </script> - -<?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="vpn_openvpn_cli_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading.<br> <br> +</span></strong> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td width="22%" valign="top" class="vncellreq">Disabled</td> diff --git a/usr/local/www/vpn_openvpn_crl.php b/usr/local/www/vpn_openvpn_crl.php index 84a8c1d..e8f6187 100755 --- a/usr/local/www/vpn_openvpn_crl.php +++ b/usr/local/www/vpn_openvpn_crl.php @@ -78,32 +78,43 @@ $pgtitle = "VPN: OpenVPN"; include("head.inc"); ?> - <?php include("fbegin.inc"); ?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<p class="pgtitle"><?=$pgtitle?></p> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if (file_exists($d_sysrebootreqd_path) && !file_exists($d_ovpncrldirty_path)) print_info_box(get_std_save_message(0)); ?> + <form action="vpn_openvpn_crl.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <?php if (file_exists($d_ovpncrldirty_path)): ?><p> -<?php print_info_box_np("OpenVPN CRL files have been changed.<br>You must apply the changes in order for them to take effect.");?><br> -<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p> +<?php print_info_box_np("OpenVPN CRL files have been changed.<br>You must apply the changes in order for them to take effect.");?> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> - <ul id="tabnav"> - <li class="tabinact"><a href="vpn_openvpn_srv.php">Server</a></li> - <li class="tabinact"><a href="vpn_openvpn_cli.php">Client</a></li> - <li class="tabinact"><a href="vpn_openvpn_ccd.php">Client-specific Configuration</a></li> - <li class="tabact">CRL</li> - </ul> + <?php + $tab_array = array(); + $tab_array[] = array("Server", false, "vpn_openvpn_srv.php"); + $tab_array[] = array("Client", false, "vpn_openvpn_cli.php"); + $tab_array[] = array("Client-specific Configuration", false, "vpn_openvpn_ccd.php"); + $tab_array[] = array("CRL", true, "vpn_openvpn_crl.php"); + display_top_tabs($tab_array); +?> </td></tr> - <tr> - <td class="tabcont"> - <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. - Backup your configuration before using OpenVPN, and restore it before upgrading.<br> - <br> - </span></strong> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> + + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td class="vtable"> + <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading. + </span></strong> + </td> + </tr> + </table> + + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="40%" class="listhdrr">CRL name</td> <td width="50%" class="listhdr">Description</td> @@ -126,31 +137,33 @@ include("head.inc"); <td class="listbg"><?=$spans;?> <?= htmlspecialchars($crl['descr']);?> <?=$spane;?></td> - <td valign="middle" nowrap class="list"><a href="vpn_openvpn_crl_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit CRL file" width="17" height="17" border="0"></a> - <a href="vpn_openvpn_crl.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this CRL file?')"><img src="x.gif" title="delete CRL file" width="17" height="17" border="0"></a></td> + <td valign="middle" nowrap class="list"><a href="vpn_openvpn_crl_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit CRL file" width="17" height="17" border="0"></a> + <a href="vpn_openvpn_crl.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this CRL file?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete CRL file" width="17" height="17" border="0"></a></td> </tr> <?php $i++; endforeach; ?> <tr> <td class="list" colspan="2"> </td> - <td class="list"><a href="vpn_openvpn_crl_edit.php"><img src="plus.gif" title="add CRL file" width="17" height="17" border="0"></a></td> + <td class="list"><a href="vpn_openvpn_crl_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add CRL file" width="17" height="17" border="0"></a></td> </tr> - </table><br> - <span class="vexpl"> - <span class="red"><strong>Note:</strong></span><br> - A CRL (certificate revocation list) is used when a particular - key is compromised but when the overall PKI is still intact.<br> - <br> - Suppose you had a PKI consisting of a CA, root certificate, and - a number of client certificates. Suppose a laptop computer - containing a client key and certificate was stolen. By adding the - stolen certificate to the CRL file, you could reject any connection - which attempts to use it, while preserving the overall - integrity of the PKI.<br> - <br> - The only time when it would be necessary to rebuild the entire - PKI from scratch would be if the root certificate key itself was - compromised. - </span> + <td colspan="4"> + <p><span class="vexpl"><span class="red"><strong>Note:</strong></span><br> + A CRL (certificate revocation list) is used when a particular + key is compromised but when the overall PKI is still intact.<br> + <br> + Suppose you had a PKI consisting of a CA, root certificate, and + a number of client certificates. Suppose a laptop computer + containing a client key and certificate was stolen. By adding the + stolen certificate to the CRL file, you could reject any connection + which attempts to use it, while preserving the overall + integrity of the PKI.<br> + <br> + The only time when it would be necessary to rebuild the entire + PKI from scratch would be if the root certificate key itself was + compromised. + </span> + </p> + </td> + </table> </td> </tr> </table> diff --git a/usr/local/www/vpn_openvpn_crl_edit.php b/usr/local/www/vpn_openvpn_crl_edit.php index 0283bfd..9c5c484 100755 --- a/usr/local/www/vpn_openvpn_crl_edit.php +++ b/usr/local/www/vpn_openvpn_crl_edit.php @@ -150,12 +150,14 @@ if ($_POST) { } } -$pgtitle = "VPN: OpenVPN: Edit client-specific configuration"; +$pgtitle = "VPN: OpenVPN: Edit CRL"; include("head.inc"); ?> - +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php if ($input_errors) print_input_errors($input_errors);?> <script language="JavaScript"> function enable_change(enable_over) { var endis; @@ -170,8 +172,6 @@ function enable_change(enable_over) { //--> </script> - -<?php if ($input_errors) print_input_errors($input_errors);?> <form action="vpn_openvpn_crl_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. Backup your configuration before using OpenVPN, and restore it before upgrading.<br> <br> diff --git a/usr/local/www/vpn_openvpn_srv.php b/usr/local/www/vpn_openvpn_srv.php index 5d877db..2dc2457 100755 --- a/usr/local/www/vpn_openvpn_srv.php +++ b/usr/local/www/vpn_openvpn_srv.php @@ -28,7 +28,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -$pgtitle = array("VPN", "OpenVPN"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -82,32 +81,49 @@ if ($_GET['act'] == "del") { exit; } } + +$pgtitle = "VPN: OpenVPN"; +include("head.inc"); + ?> <?php include("fbegin.inc"); ?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<p class="pgtitle"><?=$pgtitle?></p> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if (file_exists($d_sysrebootreqd_path) && !file_exists($d_ovpnsrvdirty_path)) print_info_box(get_std_save_message(0)); ?> + <form action="vpn_openvpn_srv.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <?php if (file_exists($d_ovpnsrvdirty_path)): ?><p> -<?php print_info_box_np("The OpenVPN server configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br> -<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p> +<?php print_info_box_np("The OpenVPN server configuration has been changed.<br>You must apply the changes in order for them to take effect.");?> +</p> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> - <ul id="tabnav"> - <li class="tabact">Server</li> - <li class="tabinact"><a href="vpn_openvpn_cli.php">Client</a></li> - <li class="tabinact"><a href="vpn_openvpn_ccd.php">Client-specific Configuration</a></li> - <li class="tabinact"><a href="vpn_openvpn_crl.php">CRL</a></li> - </ul> +<?php + $tab_array = array(); + $tab_array[] = array("Server", true, "vpn_openvpn_srv.php"); + $tab_array[] = array("Client", false, "vpn_openvpn_cli.php"); + $tab_array[] = array("Client-specific Configuration", false, "vpn_openvpn_ccd.php"); + $tab_array[] = array("CRL", false, "vpn_openvpn_crl.php"); + display_top_tabs($tab_array); +?> </td></tr> - <tr> - <td class="tabcont"> - <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. - Backup your configuration before using OpenVPN, and restore it before upgrading.<br> - <br> - </span></strong> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> + + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td class="vtable"> + <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading. + </span></strong> + </td> + </tr> + </table> + + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="5%" class="listhdrr">Interface</td> <td width="5%" class="listhdrr">Protocol</td> @@ -166,13 +182,13 @@ if ($_GET['act'] == "del") { <td class="listbg"><?=$spans;?> <?= htmlspecialchars($server['descr']);?> <?=$spane;?></td> - <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_srv_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit server configuration" width="17" height="17" border="0"></a> - <a href="vpn_openvpn_srv.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this server configuration?')"><img src="x.gif" title="delete server configuration" width="17" height="17" border="0"></a></td> + <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_srv_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit server configuration" width="17" height="17" border="0"></a> + <a href="vpn_openvpn_srv.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this server configuration?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete server configuration" width="17" height="17" border="0"></a></td> </tr> <?php $i++; endforeach; ?> <tr> <td class="list" colspan="6"> </td> - <td class="list"> <a href="vpn_openvpn_srv_edit.php"><img src="plus.gif" title="add server configuration" width="17" height="17" border="0"></a></td> + <td class="list"> <a href="vpn_openvpn_srv_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add server configuration" width="17" height="17" border="0"></a></td> </tr> </table> </td> diff --git a/usr/local/www/vpn_openvpn_srv_edit.php b/usr/local/www/vpn_openvpn_srv_edit.php index 97ea6cd..cdbceef 100755 --- a/usr/local/www/vpn_openvpn_srv_edit.php +++ b/usr/local/www/vpn_openvpn_srv_edit.php @@ -28,7 +28,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -$pgtitle = array("VPN", "OpenVPN", "Edit server"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -512,9 +511,14 @@ if ($_POST) { } } +$pgtitle = "VPN: OpenVPN: Edit server"; +include("head.inc"); ?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php if ($input_errors) print_input_errors($input_errors);?> <script language="JavaScript"> function enable_change(enable_over) { var endis; @@ -761,7 +765,6 @@ function get_radio_value(obj) { //--> </script> -<?php if ($input_errors) print_input_errors($input_errors);?> <form action="vpn_openvpn_srv_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. Backup your configuration before using OpenVPN, and restore it before upgrading.<br> <br> |
