summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2011-01-20 17:18:07 -0500
committerjim-p <jimp@pfsense.org>2011-01-20 17:19:34 -0500
commit582c58ae1ea2fd56a18a31ba011f28921b38d8b6 (patch)
tree32c85712d0e5f9039af420579073c1a481964441
parent1801c22373d998409261841cbff03a0a1f7e7077 (diff)
downloadpfsense-582c58ae1ea2fd56a18a31ba011f28921b38d8b6.zip
pfsense-582c58ae1ea2fd56a18a31ba011f28921b38d8b6.tar.gz
Add drop-down to select OpenVPN hardware crypto (finds usable devices from "openssl engine" list) for clients and servers.
-rw-r--r--etc/inc/openvpn.inc20
-rw-r--r--usr/local/www/vpn_openvpn_client.php20
-rw-r--r--usr/local/www/vpn_openvpn_server.php20
-rw-r--r--usr/local/www/wizards/openvpn_wizard.inc10
-rw-r--r--usr/local/www/wizards/openvpn_wizard.xml13
5 files changed, 83 insertions, 0 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index fe8a4f5..ce1e9fd 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -172,6 +172,23 @@ function openvpn_get_cipherlist() {
return $ciphers;
}
+function openvpn_get_engines() {
+ $openssl_engines = array('none' => 'No Hardware Crypto Acceleration');
+ exec("/usr/bin/openssl engine", $openssl_engine_output);
+ foreach ($openssl_engine_output as $oeo) {
+ $linematch = array();
+ preg_match("/\((.*)\)\s(.*)/", $oeo, $linematch);
+ if ($linematch[1] != "dynamic")
+ $openssl_engines[$linematch[1]] = $linematch[2];
+ }
+ return $openssl_engines;
+}
+
+function openvpn_validate_engine($engine) {
+ $engines = openvpn_get_engines();
+ return array_key_exists($engine, $engines);
+}
+
function openvpn_validate_host($value, $name) {
$value = trim($value);
if (empty($value) || (!is_domain($value) && !is_ipaddr($value)))
@@ -343,6 +360,9 @@ function openvpn_reconfigure($mode,& $settings) {
$conf .= "local {$iface_ip}\n";
}
+ if (openvpn_validate_engine($settings['engine']) && ($settings['engine'] != "none"))
+ $conf .= "engine {$settings['engine']}\n";
+
// server specific settings
if ($mode == 'server') {
diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php
index 96f67bf..d2374b2 100644
--- a/usr/local/www/vpn_openvpn_client.php
+++ b/usr/local/www/vpn_openvpn_client.php
@@ -125,6 +125,7 @@ if($_GET['act']=="edit"){
} else
$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
$pconfig['crypto'] = $a_client[$id]['crypto'];
+ $pconfig['engine'] = $a_server[$id]['engine'];
$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
$pconfig['remote_network'] = $a_client[$id]['remote_network'];
@@ -254,6 +255,7 @@ if ($_POST) {
$client['shared_key'] = base64_encode($pconfig['shared_key']);
}
$client['crypto'] = $pconfig['crypto'];
+ $client['engine'] = $pconfig['engine'];
$client['tunnel_network'] = $pconfig['tunnel_network'];
$client['remote_network'] = $pconfig['remote_network'];
@@ -716,6 +718,24 @@ if ($savemsg)
</select>
</td>
</tr>
+ <tr id="engine">
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="engine" class="formselect">
+ <?php
+ $engines = openvpn_get_engines();
+ foreach ($engines as $name => $desc):
+ $selected = '';
+ if ($name == $pconfig['engine'])
+ $selected = ' selected';
+ ?>
+ <option value="<?=$name;?>"<?=$selected?>>
+ <?=htmlspecialchars($desc);?>
+ </option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ </tr>
<tr>
<td colspan="2" class="list" height="12"></td>
</tr>
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index 002702c..0f751e7 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -126,6 +126,7 @@ if($_GET['act']=="edit"){
} else
$pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
$pconfig['crypto'] = $a_server[$id]['crypto'];
+ $pconfig['engine'] = $a_server[$id]['engine'];
$pconfig['tunnel_network'] = $a_server[$id]['tunnel_network'];
$pconfig['remote_network'] = $a_server[$id]['remote_network'];
@@ -324,6 +325,7 @@ if ($_POST) {
$server['shared_key'] = base64_encode($pconfig['shared_key']);
}
$server['crypto'] = $pconfig['crypto'];
+ $server['engine'] = $pconfig['engine'];
$server['tunnel_network'] = $pconfig['tunnel_network'];
$server['remote_network'] = $pconfig['remote_network'];
@@ -872,6 +874,24 @@ if ($savemsg)
</select>
</td>
</tr>
+ <tr id="engine">
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="engine" class="formselect">
+ <?php
+ $engines = openvpn_get_engines();
+ foreach ($engines as $name => $desc):
+ $selected = '';
+ if ($name == $pconfig['engine'])
+ $selected = ' selected';
+ ?>
+ <option value="<?=$name;?>"<?=$selected?>>
+ <?=htmlspecialchars($desc);?>
+ </option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ </tr>
<tr id="strictusercn">
<td width="22%" valign="top" class="vncell"><?=gettext("Strict User/CN Matching"); ?></td>
<td width="78%" class="vtable">
diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc
index 3d09066..5af4510 100644
--- a/usr/local/www/wizards/openvpn_wizard.inc
+++ b/usr/local/www/wizards/openvpn_wizard.inc
@@ -321,6 +321,15 @@ function step10_stepbeforeformdisplay() {
$opt['value'] = $name;
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
}
+ } else if ($field['name'] == "engine") {
+ $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
+ $engines = openvpn_get_engines();
+ foreach ($engines as $name => $desc) {
+ $opt = array();
+ $opt['name'] = $desc;
+ $opt['value'] = $name;
+ $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
+ }
} else if ($field['name'] == "nbttype") {
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
foreach ($netbios_nodetypes as $type => $name) {
@@ -581,6 +590,7 @@ function step12_submitphpaction() {
$server['netbios_enable'] = $pconfig['step10']['nbtenable'];
}
$server['crypto'] = $pconfig['step10']['crypto'];
+ $server['engine'] = $pconfig['step10']['engine'];
if (isset($pconfig['step11']['ovpnrule'])) {
$rule = array();
diff --git a/usr/local/www/wizards/openvpn_wizard.xml b/usr/local/www/wizards/openvpn_wizard.xml
index e28507b..1108a05 100644
--- a/usr/local/www/wizards/openvpn_wizard.xml
+++ b/usr/local/www/wizards/openvpn_wizard.xml
@@ -692,6 +692,19 @@
<description>&lt;br/&gt;The method used to encrypt traffic between endpoints. This setting must match on the client and server side, but is otherwise set however you like. Certain algorithms will perform better on different hardware, depending on the availability of supported VPN accelerator chips.</description>
</field>
<field>
+ <name>engine</name>
+ <type>select</type>
+ <displayname>Hardware Crypto</displayname>
+ <bindstofield>ovpnserver->step10->engine</bindstofield>
+ <options>
+ <option>
+ <name>dummy</name>
+ <value>dummy</value>
+ </option>
+ </options>
+ <description>&lt;br/&gt;The hardware cryptographic accelerator to use for this VPN connection, if any.</description>
+ </field>
+ <field>
<type>listtopic</type>
<name>Tunnel Settings</name>
</field>
OpenPOWER on IntegriCloud