diff options
| author | Dmitriy K. <levantin@mail.nnov.ru> | 2014-06-17 11:01:48 +0400 |
|---|---|---|
| committer | Dmitriy K. <levantin@mail.nnov.ru> | 2014-06-17 11:01:48 +0400 |
| commit | b9e9903ddb21665023c9fcc241099476a42a9dbd (patch) | |
| tree | 215266c4cd3f2e518dd8c7973d7941f1f4f2ad40 | |
| parent | 7860191a10545a809673d4c8203c925156609da3 (diff) | |
| download | pfsense-b9e9903ddb21665023c9fcc241099476a42a9dbd.zip pfsense-b9e9903ddb21665023c9fcc241099476a42a9dbd.tar.gz | |
patchpack1
-Fix #3401 (Added tun option "Disable IPv6"
-Added new options: route-nopull, route-noexec, verb;
| -rw-r--r-- | etc/inc/openvpn.inc | 38 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_client.php | 109 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 56 |
3 files changed, 199 insertions, 4 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 0591e56..4c23ed0 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -55,6 +55,22 @@ $openvpn_prots = array("UDP", "UDP6", "TCP", "TCP6"); global $openvpn_dev_mode; $openvpn_dev_mode = array("tun", "tap"); +global $openvpn_verbosity_level; +$openvpn_verbosity_level = array( + 0 => "none", + 1 => "default", + 2 => "2", + 3 => "3 (recommended)", + 4 => "4", + 5 => "5", + 6 => "6", + 7 => "7", + 8 => "8", + 9 => "9", + 10 => "10", + 11 => "11" +); + /* * The User Auth mode below is disabled because * OpenVPN erroneously requires that we provide @@ -460,11 +476,16 @@ function openvpn_reconfigure($mode, $settings) { } } - $conf = "dev {$devname}\n"; + $conf = "verb {$settings['verbosity_level']}\n"; + $conf .= "dev {$devname}\n"; $conf .= "dev-type {$settings['dev_mode']}\n"; switch($settings['dev_mode']) { case "tun": - $conf .= "tun-ipv6\n"; + if (!$settings['no_tun_ipv6']) { + $conf .= "tun-ipv6\n"; + } else { + + } break; } $conf .= "dev-node /dev/{$tunname}\n"; @@ -768,6 +789,19 @@ function openvpn_reconfigure($mode, $settings) { $conf .= "topology subnet\n"; } + // New client features + if ($mode == "client") { + // Dont pull routes checkbox + if ($settings['route_no_pull']) { + $conf .= "route-nopull\n"; + } + + // Dont add/remove routes checkbox + if ($settings['route_no_exec']) { + $conf .= "route-noexec\n"; + } + } + openvpn_add_custom($settings, $conf); openvpn_create_dirs(); diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index d5b479e..f80694b 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -93,6 +93,7 @@ if($_GET['act']=="new"){ $pconfig['autotls_enable'] = "yes"; $pconfig['interface'] = "wan"; $pconfig['server_port'] = 1194; + $pconfig['verbosity_level'] = 1; // Default verbosity is 1 // OpenVPN Defaults to SHA1 $pconfig['digest'] = "SHA1"; } @@ -152,6 +153,12 @@ if($_GET['act']=="edit"){ // just in case the modes switch $pconfig['autokey_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; + + // New features + $pconfig['no_tun_ipv6'] = $a_client[$id]['no_tun_ipv6']; + $pconfig['route_no_pull'] = $a_client[$id]['route_no_pull']; + $pconfig['route_no_exec'] = $a_client[$id]['route_no_exec']; + $pconfig['verbosity_level'] = $a_client[$id]['verbosity_level']; } } @@ -311,6 +318,12 @@ if ($_POST) { $client['compression'] = $pconfig['compression']; $client['passtos'] = $pconfig['passtos']; + // New features + $client['no_tun_ipv6'] = $pconfig['no_tun_ipv6']; + $client['route_no_pull'] = $pconfig['route_no_pull']; + $client['route_no_exec'] = $pconfig['route_no_exec']; + $client['verbosity_level'] = $pconfig['verbosity_level']; + if (isset($id) && $a_client[$id]) $a_client[$id] = $client; else @@ -352,6 +365,19 @@ function mode_change() { } } +function dev_mode_change() { + index = document.iform.dev_mode.selectedIndex; + value = document.iform.dev_mode.options[index].value; + switch(value) { + case "tun": + document.getElementById("chkboxNoTunIPv6").style.display=""; + break; + case "tap": + document.getElementById("chkboxNoTunIPv6").style.display="none"; + break; + } +} + function autokey_change() { if (document.iform.autokey_enable.checked) document.getElementById("autokey_opts").style.display="none"; @@ -482,7 +508,7 @@ if ($savemsg) <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td> <td width="78%" class="vtable"> - <select name='dev_mode' class="formselect"> + <select name='dev_mode' class="formselect" onchange="dev_mode_change()"> <?php foreach ($openvpn_dev_mode as $mode): $selected = ""; @@ -954,6 +980,64 @@ if ($savemsg) </table> </td> </tr> + + + <tr id="chkboxNoTunIPv6"> + <td width="22%" valign="top" class="vncell"><?=gettext("Disable IPv6"); ?></td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6"> + <tr> + <td> + <?php set_checked($pconfig['no_tun_ipv6'],$chk); ?> + <input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> /> + </td> + <td> + <span class="vexpl"> + <?=gettext("Do not forward IPv6 traffic"); ?>. + </span> + </td> + </tr> + </table> + </td> + </tr> + + <tr id="chkboxRouteNoPull"> + <td width="22%" valign="top" class="vncell"><?=gettext("Dont pull routes"); ?></td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0" summary="dont-pull-routes"> + <tr> + <td> + <?php set_checked($pconfig['route_no_pull'],$chk); ?> + <input name="route_no_pull" type="checkbox" value="yes" <?=$chk;?> /> + </td> + <td> + <span class="vexpl"> + <?=gettext("Don't add or remove routes automatically. Instead pass routes to "); ?> <strong>--route-up</strong> <?=gettext("script using environmental variables"); ?>. + </span> + </td> + </tr> + </table> + </td> + </tr> + + <tr id="chkboxRouteNoExec"> + <td width="22%" valign="top" class="vncell"><?=gettext("Dont add/remove routes"); ?></td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0" summary="dont-exec-routes"> + <tr> + <td> + <?php set_checked($pconfig['route_no_exec'],$chk); ?> + <input name="route_no_exec" type="checkbox" value="yes" <?=$chk;?> /> + </td> + <td> + <span class="vexpl"> + <?=gettext("This option effectively bars the server from adding routes to the client's routing table, however note that this option still allows the server to set the TCP/IP properties of the client's TUN/TAP interface"); ?>. + </span> + </td> + </tr> + </table> + </td> + </tr> </table> <table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="advance configuration"> @@ -977,6 +1061,29 @@ if ($savemsg) </table> </td> </tr> + + <tr id="comboboxVerbosityLevel"> + <td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td> + <td width="78%" class="vtable"> + <select name="verbosity_level" class="formselect"> + <?php + foreach ($openvpn_verbosity_level as $verb_value => $verb_desc): + $selected = ""; + if ($pconfig['verbosity_level'] == $verb_value) + $selected = "selected=\"selected\""; + ?> + <option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option> + <?php endforeach; ?> + </select> + <br /> + <?=gettext("Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output"); ?>.<br /> <br /> + <strong>none</strong> -- <?=gettext("No output except fatal errors"); ?>. <br /> + <strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br /> + <strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br /> + <strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>. + </td> + </tr> + </table> <br /> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index e840911..972ceeb 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -98,6 +98,7 @@ if($_GET['act']=="new"){ $pconfig['local_port'] = openvpn_port_next('UDP'); $pconfig['pool_enable'] = "yes"; $pconfig['cert_depth'] = 1; + $pconfig['verbosity_level'] = 1; // Default verbosity is 1 // OpenVPN Defaults to SHA1 $pconfig['digest'] = "SHA1"; } @@ -205,6 +206,10 @@ if($_GET['act']=="edit"){ $pconfig['autotls_enable'] = "yes"; $pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']); + + // New features + $pconfig['no_tun_ipv6'] = $a_server[$id]['no_tun_ipv6']; + $pconfig['verbosity_level'] = $a_server[$id]['verbosity_level']; } } if ($_POST) { @@ -428,6 +433,10 @@ if ($_POST) { $server['netbios_enable'] = $pconfig['netbios_enable']; $server['netbios_ntype'] = $pconfig['netbios_ntype']; $server['netbios_scope'] = $pconfig['netbios_scope']; + + // New features + $server['no_tun_ipv6'] = $pconfig['no_tun_ipv6']; + $server['verbosity_level'] = $pconfig['verbosity_level']; if ($pconfig['netbios_enable']) { @@ -671,6 +680,7 @@ function tuntap_change() { value = document.iform.dev_mode.options[index].value; switch(value) { case "tun": + document.getElementById("cbNoTunIPv6").style.display=""; document.getElementById("ipv4_tunnel_network").className="vncellreq"; document.getElementById("serverbridge_dhcp").style.display="none"; document.getElementById("serverbridge_interface").style.display="none"; @@ -679,6 +689,7 @@ function tuntap_change() { document.getElementById("topology_subnet_opt").style.display=""; break; case "tap": + document.getElementById("cbNoTunIPv6").style.display="none"; document.getElementById("ipv4_tunnel_network").className="vncell"; if (!p2p) { document.getElementById("serverbridge_dhcp").style.display=""; @@ -1340,7 +1351,7 @@ if ($savemsg) <?php endforeach; ?> </select> <br /> - <?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently."); ?> + <?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently."); ?>. </td> </tr> <tr> @@ -1397,6 +1408,26 @@ if ($savemsg) </table> </td> </tr> + + <tr id="cbNoTunIPv6"> + <td width="22%" valign="top" class="vncell"><?=gettext("Disable IPv6"); ?></td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6-srv"> + <tr> + <td> + <?php set_checked($pconfig['no_tun_ipv6'],$chk); ?> + <input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> /> + </td> + <td> + <span class="vexpl"> + <?=gettext("Do not forward IPv6 traffic"); ?>. + </span> + </td> + </tr> + </table> + </td> + </tr> + </table> <table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="client settings"> @@ -1724,6 +1755,29 @@ if ($savemsg) </table> </td> </tr> + + <tr id="comboboxVerbosityLevel"> + <td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td> + <td width="78%" class="vtable"> + <select name="verbosity_level" class="formselect"> + <?php + foreach ($openvpn_verbosity_level as $verb_value => $verb_desc): + $selected = ""; + if ($pconfig['verbosity_level'] == $verb_value) + $selected = "selected=\"selected\""; + ?> + <option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option> + <?php endforeach; ?> + </select> + <br /> + <?=gettext("Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output"); ?>.<br /> <br /> + <strong>none</strong> -- <?=gettext("No output except fatal errors"); ?>. <br /> + <strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br /> + <strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br /> + <strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>. + </td> + </tr> + </table> <br /> |
