diff options
| author | Ermal Luçi <eri@pfsense.org> | 2008-03-06 17:33:32 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2008-03-06 17:33:32 +0000 |
| commit | 267ab13f685d0435d7867705e60409a7081e06df (patch) | |
| tree | 65eb5361c9a52686ce35f5081811f07d5041925e | |
| parent | bc1fd2b7de2d3e17c0ce0cdf11b090d1c937343a (diff) | |
| download | pfsense-267ab13f685d0435d7867705e60409a7081e06df.zip pfsense-267ab13f685d0435d7867705e60409a7081e06df.tar.gz | |
Switch to using generated certificates for server mode.
| -rw-r--r-- | etc/inc/openvpn.inc | 141 | ||||
| -rw-r--r-- | usr/local/pkg/openvpn.xml | 73 | ||||
| -rw-r--r-- | usr/local/pkg/openvpn_cli.xml | 6 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_certs.php | 29 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_certs_create.php | 105 |
5 files changed, 198 insertions, 156 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index a83269d..9d83679 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -148,6 +148,8 @@ function openvpn_validate_input($mode, $post, $input_errors) { if ($result = openvpn_validate_cidr($post['remote_network'], 'Remote network')) $input_errors[] = $result; +/* This are no more needed comment them from now and remove later */ +/* if ($_POST['auth_method'] == 'shared_key') { $reqfields[] = 'shared_key'; $reqfieldsn[] = 'Shared key'; @@ -165,33 +167,34 @@ function openvpn_validate_input($mode, $post, $input_errors) { } } do_input_validation($post, $reqfields, $reqfieldsn, &$input_errors); - +*/ +if ($mode != "server") { $value = trim($post['shared_key']); $items = array(); if ($_POST['auth_method'] == 'shared_key') { - $items[] = array( 'field' => 'shared_key', + $items[] = array( 'field' => 'shared.key', 'string' => 'OpenVPN Static key V1', 'name' => 'Shared key'); } else { - $items[] = array( 'field' => 'ca_cert', + $items[] = array( 'field' => 'ca.crt', 'string' => 'CERTIFICATE', 'name' => 'CA certificate'); - $items[] = array( 'field' => "{$mode}_cert", + $items[] = array( 'field' => "{$mode}.crt", 'string' => 'CERTIFICATE', 'name' => "$Mode certificate"); - $items[] = array( 'field' => "{$mode}_key", + $items[] = array( 'field' => "{$mode}.key", 'string' => 'RSA PRIVATE KEY', 'name' => "$Mode key"); $items[] = array( 'field' => 'tls', 'string' => 'OpenVPN Static key V1', 'name' => 'TLS'); if ($mode == 'server') { - $items[] = array( 'field' => 'dh_params', + $items[] = array( 'field' => 'dh_param.dhs', 'string' => 'DH PARAMETERS', 'name' => 'DH parameters'); - $items[] = array( 'field' => 'crl', + $items[] = array( 'field' => 'crlcrl', 'string' => 'X509 CRL', 'name' => 'CRL'); } @@ -203,6 +206,7 @@ function openvpn_validate_input($mode, $post, $input_errors) { $input_errors[] = "The field '{$item['name']}' does not appear to be valid"; } } +} function openvpn_validate_input_csc($post, $input_errors) { @@ -262,35 +266,10 @@ function openvpn_reconfigure($mode, $id) { $lport = 1194 + $id; - // Set the keys up - // Note that the keys' extension is also the directive that goes to the config file - $base_file = $g['varetc_path'] . "/openvpn_{$mode}{$id}."; - $keys = array(); - if ($settings['auth_method'] == 'shared_key') - $keys[] = array('field' => 'shared_key', 'ext' => 'secret', 'directive' => 'secret'); - else { - $keys[] = array('field' => 'ca_cert', 'ext' => 'ca', 'directive' => 'ca'); - $keys[] = array('field' => "{$mode}_cert", 'ext' => 'cert', 'directive' => 'cert'); - $keys[] = array('field' => "{$mode}_key", 'ext' => 'key', 'directive' => 'key'); - if ($mode == 'server') - $keys[] = array('field' => 'dh_params', 'ext' => 'dh', 'directive' => 'dh'); - if ($settings['crl']) - $keys[] = array('field' => 'crl', 'ext' => 'crl', 'directive' => 'crl-verify'); - if ($settings['tls']) - $keys[] = array('field' => 'tls', 'ext' => 'tls', 'directive' => 'tls-auth'); - - } - foreach($keys as $key) { - $filename = $base_file . $key['ext']; - file_put_contents($filename, base64_decode($settings[$key['field']])); - chown($filename, 'nobody'); - chgrp($filename, 'nobody'); - } - - $pidfile = $g['varrun_path'] . "/openvpn_{$mode}{$id}.pid"; - $proto = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-{$mode}"); - $cipher = $settings['crypto']; - $openvpn_conf = <<<EOD + $pidfile = $g['varrun_path'] . "/openvpn_{$mode}{$id}.pid"; + $proto = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-{$mode}"); + $cipher = $settings['crypto']; + $openvpn_conf = <<<EOD writepid $pidfile #user nobody #group nobody @@ -299,6 +278,7 @@ keepalive 10 60 ping-timer-rem persist-tun persist-key +/* NOTE: Make this tun$i so we can filter on the specific tun. */ dev tun proto $proto cipher $cipher @@ -436,11 +416,33 @@ EOD; $openvpn_conf .= "route $ip $mask\n"; } - // Write the settings for the keys - foreach ($keys as $key) - if ($key['directive'] != 'tls-auth') { - $openvpn_conf .= $key['directive'] . ' ' . $base_file . $key['ext'] . "\n"; - } + // Write the settings for the keys + // Set the keys up + $base_file = $g['varetc_path'] . "/openvpn/certificates/"; + $keys = array(); + if ($settings['auth_method'] == 'shared_key') + $keys[] = array('field' => 'shared_key', 'ext' => 'secret', 'directive' => 'secret'); + else { + $keys[] = array('field' => 'ca.crt', 'directive' => 'ca'); + $keys[] = array('field' => "{$mode}.crt", 'directive' => 'cert'); + $keys[] = array('field' => "{$mode}.key", 'directive' => 'key'); + if ($mode == 'server') + $keys[] = array('field' => 'dh_params.dh', 'directive' => 'dh'); + if ($settings['crl']) + $keys[] = array('field' => 'crl.crl', 'directive' => 'crl-verify'); + } + + foreach ($keys as $key) { + if ($mode == "server") { + $openvpn_conf .= $key['directive'] . " " . $base_file . $settings['cipher'] . "/".$key['field'] . "\n"; + } else { + $filename = "$base_file/openvpn_{$mode}{$id}." . $key['field']; + file_put_contents($filename, base64_decode($settings[$key['field']])); + chown($filename, 'nobody'); + chgrp($filename, 'nobody'); + $openvpn_conf .= $key['directive'] . " $filename \n"; + } + } if ($settings['use_lzo']) $openvpn_conf .= "comp-lzo\n"; @@ -568,9 +570,51 @@ function openvpn_restart($mode, $id) { touch("{$g['tmp_path']}/filter_dirty"); } +//Make ciphers ready for openvpn +function openvpn_restore_all_ciphers() { + global $config, $g; + + $ovpncapath = $g['varetc_path']."/openvpn/certificates"; + + if (is_array($config['openvpn']['keys'])) { + if (!is_dir($g['varetc_path']."/openvpn")) + safe_mkdir($g['varetc_path']."/openvpn"); + if (!is_dir($ovpncapath)) + safe_mkdir($ovpncapath); + + /* XXX: hardcoded path; worth making it a global?! */ + mwexec("cp -r /usr/local/share/openvpn/certificates ".$g['varetc_path']."/openvpn/"); + if (!is_dir($ovpncapath)) { + log_error("Failed to create environment for creating certificates. "); + } else { + + foreach ($config['openvpn']['keys'] as $caname => $ciphers) { + if (!is_dir("$ovpncapath/$caname")) + safe_mkdir("$ovpncapath/$caname"); + + $cfg = ""; + /* NOTE: vars; Do we need them restored?! */ + $cfg .= "setenv KEY_SIZE " .$ciphers['keysize'] ."\n"; + $cfg .= "setenv KEY_EXPIRE ".$ciphers['keyexpire'] ."\n"; + $cfg .= "setenv CA_EXPIRE " .$ciphers['caexpire'] . "\n"; + $cfg .= "setenv KEY_COUNTRY " .$ciphers['keycountry'] ."\n"; + $cfg .= "setenv KEY_RPOVINCE " .$ciphers['keyprovince'] . "\n"; + $cfg .= "setenv KEY_CITY " .$ciphers['keycity'] . "\n"; + $cfg .= "setenv KEY_ORG " .$ciphers['keyorg'] . "\n"; + $cfg .= "setenv KEY_EMAIL " .$ciphers['keyemail'] . "\n"; + file_put_contents("$ovpncapath/$caname/vars", $cfg); + /* put ciphers back in their files */ + foreach ($ciphers as $filename => $value) { + file_put_contents("$ovpncapath/$caname/$filename", $value); + } + } + } + } +} // Resync the configuration and restart the VPN function openvpn_resync($mode, $id) { + openvpn_restore_all_ciphers(); openvpn_reconfigure($mode, $id); openvpn_restart($mode, $id); } @@ -589,6 +633,9 @@ function openvpn_create_cscdir() { // Resync and restart all VPNs function openvpn_resync_all() { global $config; + $ovpncapath = $g['varetc_path']."/openvpn/certificates"; + + openvpn_restore_all_ciphers(); foreach (array('server', 'client') as $mode) { if ($config['installedpackages']["openvpn$mode"]) { @@ -623,17 +670,17 @@ function onAuthMethodChanged() { var method = document.iform.auth_method; var endis = (method.options[method.selectedIndex].value == 'shared_key'); - document.iform.shared_key.disabled = !endis; - document.iform.ca_cert.disabled = endis; - document.iform.{$mode}_cert.disabled = endis; - document.iform.{$mode}_key.disabled = endis; + document.iform.shared.key.disabled = !endis; + document.iform.ca.crt.disabled = endis; + document.iform.{$mode}.crt.disabled = endis; + document.iform.{$mode}.key.disabled = endis; document.iform.tls.disabled = endis; EOD; if ($mode == 'server') { $javascript .= <<<EOD - document.iform.dh_params.disabled = endis; - document.iform.crl.disabled = endis; + document.iform.dh_params.dh.disabled = endis; + document.iform.crl.crl.disabled = endis; document.iform.tls.disabled = endis; document.iform.nopool.disabled = endis; document.iform.local_network.disabled = endis; diff --git a/usr/local/pkg/openvpn.xml b/usr/local/pkg/openvpn.xml index 665bcf1..8b0cbd3 100644 --- a/usr/local/pkg/openvpn.xml +++ b/usr/local/pkg/openvpn.xml @@ -157,68 +157,17 @@ <onchange>onAuthMethodChanged()</onchange> </field> <field> - <fieldname>shared_key</fieldname> - <fielddescr>Shared key</fielddescr> - <description>Paste your shared key here.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>40</cols> - </field> - <field> - <fieldname>ca_cert</fieldname> - <fielddescr>CA certificate</fielddescr> - <description>Paste your CA certificate in X.509 format here.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>40</cols> - </field> - <field> - <fieldname>server_cert</fieldname> - <fielddescr>Server certificate</fielddescr> - <description>Paste your server certificate in X.509 format here.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>40</cols> - </field> - <field> - <fieldname>server_key</fieldname> - <fielddescr>Server key</fielddescr> - <description>Paste your server key in RSA format here.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>40</cols> - </field> - <field> - <fieldname>dh_params</fieldname> - <fielddescr>DH parameters</fielddescr> - <description>Paste your Diffie Hellman parameters in PEM format here.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>40</cols> - </field> - <field> - <fieldname>crl</fieldname> - <fielddescr>CRL</fielddescr> - <description>Paste your certificate revocation list (CRL) in PEM format here (optional).</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>40</cols> - </field> - <field> - <fieldname>tls</fieldname> - <fielddescr>TLS</fielddescr> - <description>Paste your HMAC signature (TLS) here (optional).</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>40</cols> - </field> + <fieldname>cipher</fieldname> + <fielddescr>Certificates to apply<fielddescr> + <description>Certificates generated from the certificate generation tab.</description> + <type>select</type> + <options> + <option> + <value>none</value> + <name>none</name> + </option> + </options> + </field> <field> <fieldname>dhcp_domainname</fieldname> <fielddescr>DHCP-Opt.: DNS-Domainname</fielddescr> diff --git a/usr/local/pkg/openvpn_cli.xml b/usr/local/pkg/openvpn_cli.xml index d942403..129b86f 100644 --- a/usr/local/pkg/openvpn_cli.xml +++ b/usr/local/pkg/openvpn_cli.xml @@ -146,7 +146,7 @@ <cols>40</cols> </field> <field> - <fieldname>ca_cert</fieldname> + <fieldname>ca.crt</fieldname> <fielddescr>CA certificate</fielddescr> <description>Paste the server's CA certificate in X.509 format here.</description> <type>textarea</type> @@ -155,7 +155,7 @@ <cols>40</cols> </field> <field> - <fieldname>client_cert</fieldname> + <fieldname>client.crt</fieldname> <fielddescr>Client certificate</fielddescr> <description>Paste your client certificate in X.509 format here.</description> <type>textarea</type> @@ -164,7 +164,7 @@ <cols>40</cols> </field> <field> - <fieldname>client_key</fieldname> + <fieldname>client.key</fieldname> <fielddescr>Client key</fielddescr> <description>Paste your client key in RSA format here.</description> <type>textarea</type> diff --git a/usr/local/www/vpn_openvpn_certs.php b/usr/local/www/vpn_openvpn_certs.php index dd4b943..bcf170b 100644 --- a/usr/local/www/vpn_openvpn_certs.php +++ b/usr/local/www/vpn_openvpn_certs.php @@ -30,7 +30,7 @@ require("guiconfig.inc"); -//$pgtitle = array("OpenVPN", "Certificate management"); +$pgtitle = array("OpenVPN", "Certificate management"); $ovpncapath = $g['varetc_path']."/openvpn/certificates"; if ($_GET['reset']) { @@ -51,6 +51,29 @@ if ($_GET['delete']) { write_config(); } } + /* XXX: Lets do some hacking now! This implies we are not on embedded platform!!! */ + $pkg_config = parse_xml_config_pkg("/usr/local/pkg/openvpn.xml", "packagegui"); + $options =& $pkg_config['fields']['field'][11]['options']['option']; + if (is_array($options)) { + for ($i = 0; $i < count($options); $i++) { + if ($options[$i]['name'] == $caname) { + unset($options[$i]); + break; + } + } + + conf_mount_rw(); + + $xmlcf = dump_xml_config_pkg($pkg_config, "packagegui"); + /* write new configuration */ + $fd = fopen("/usr/local/pkg/openvpn.xml", "w"); + if (!$fd) + die("Unable to open openvpn.xml for writing in write_config()\n"); + fwrite($fd, $xmlcf); + fclose($fd); + + conf_mount_ro(); + } } exec("cd ".$g['varetc_path']."/openvpn/certificates && /usr/bin/find . -type d -name \"[a-zA-Z0-9_]*\"", $certificates); @@ -91,8 +114,10 @@ include("head.inc"); <td><a href="vpn_openvpn_certs.php?delete=<?=$cert;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete certificate");?>" width="17" height="17" border="0" alt="" /></a></td> </tr> <?php } ?> - <tr><td><a href="vpn_openvpn_certs_create.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new certificate");?> width="17" height="17" border="0" alt="" /></a></td></tr> + <tr><td><a href="vpn_openvpn_create_certs.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new certificate");?> width="17" height="17" border="0" alt="" /></a></td></tr> </table> <?php include("fend.inc"); ?> </body> </html> + + diff --git a/usr/local/www/vpn_openvpn_certs_create.php b/usr/local/www/vpn_openvpn_certs_create.php index e1cb298..676810f 100644 --- a/usr/local/www/vpn_openvpn_certs_create.php +++ b/usr/local/www/vpn_openvpn_certs_create.php @@ -1,6 +1,7 @@ <?php +/* $Id$ */ /* - vpn_openvpn_certs_create.php + vpn_openvpn_create_certs.php part of pfSense Copyright (C) 2004 Scott Ullrich @@ -30,39 +31,24 @@ require("guiconfig.inc"); -//$pgtitle = array("VPN", "OpenVPN Create Certs"); +$pgtitle = array("VPN", "OpenVPN Create Certs"); $ovpncapath = $g['varetc_path']."/openvpn/certificates"; -/* XXX: hardcoded path */ +/* XXX: hardcoded path; worth making it a global?! */ $easyrsapath = "/usr/local/share/openvpn/certificates"; if ($_GET['ca']) { - //$openssl = file_get_contents("$ovpncapath/".trim($_GET['ca'])."/vars"); - $openssl = ""; - if(file_exists("$ovpncapath/".trim($_GET['ca'])."/vars")) { - $fd = fopen("$ovpncapath/".trim($_GET['ca'])."/vars", "r"); - $tmp = fread($fd,8096); - $openssl .= $tmp; - fclose($fd); - - preg_match('/\nsetenv KEY_EXPIRE(.*)\n/', $openssl, $cakeyexpireA); - preg_match('/\nsetenv CA_EXPIRE(.*)\n/', $openssl, $caexpireA); - preg_match('/\nsetenv KEY_SIZE(.*)\n/', $openssl, $cakeysize); - preg_match('/\nsetenv KEY_COUNTRY(.*)\n/', $openssl, $countrycodeA); - preg_match('/\nsetenv KEY_SIZE(.*)\n/', $openssl, $cakeysize); - preg_match('/\nsetenv KEY_PROVINCE(.*)\n/', $openssl, $stateorprovinceA); - preg_match('/\nsetenv KEY_CITY(.*)\n/', $openssl, $citynameA); - preg_match('/\nsetenv KEY_ORG(.*)\n/', $openssl, $orginizationnameA); - preg_match('/\nsetenv KEY_EMAIL(.*)\n/', $openssl, $emailA); - - $caname = trim($_GET['ca']); - $cakeysize = trim($cakeysizeA[1]); - $caexpire = trim($caexpireA[1]); - $cakeyexpire = trim($cakeyexpire[1]); - $countrycode=trim($countrycodeA[1]); - $stateorprovince=trim($stateorprovinceA[1]); - $cityname=trim($citynameA[1]); - $orginizationname=trim($orginizationnameA[1]); - $email = trim($emailA[1]); + if ($config['openvpn']['keys'][$_GET['ca']]) { + $data = $config['openvpn']['keys'][$_GET['ca']]; + $caname = trim($_GET['ca']); + $cakeysize = $data['keysize']; + $caexpire = $data['caexpire']; + $cakeyexpire = $data['keyexpire']; + $countrycode= $data['keycountry']; + $stateorprovince= $data['keyprovince']; + $cityname= $data['keyclient']; + $orginizationname= $data['keyorg']; + $email = $data['keyemail']; + $caclients = $data['caclients']; } else $input_errors[] = "Certificate does not exist."; } @@ -129,19 +115,21 @@ if ($_POST) { fwrite($fd, "$easyrsapath/pkitool --batch --server server \n"); fwrite($fd, "echo \"Creating DH Parms...\" \n"); fwrite($fd, "openssl dhparam -out $ovpncapath/$caname/dh_params.dh $cakeysize \n"); - fwrite($fd, "echo \"Creating Client Certificates...\" \n"); - /* NOTE: i know that shel can do this too but i just do not care! */ - $cmdclients = ""; - for ($i = 0; $i < intval($caclients); $i++) { - $cmdclients .= "echo \"Creating client$i certificate...\" \n"; - $cmdclients .= "$ovpncapath/pkitool --batch client$i \n"; + if ($caclients && intval($caclients) > 0) { + fwrite($fd, "echo \"Creating Client Certificates...\" \n"); + /* NOTE: i know that shel can do this too but i just do not care! */ + $cmdclients = ""; + for ($i = 0; $i < intval($caclients); $i++) { + $cmdclients .= "echo \"Creating client$i certificate...\" \n"; + $cmdclients .= "$ovpncapath/pkitool --batch client$i \n"; + } + fwrite($fd, "$cmdclients \n"); + fwrite($fd, "cd $ovpncapath/$caname \n"); + fwrite($fd, "tar czvf client_certificates.tar.gz $ovpncapath/$caname/ca.crt $ovpncapath/$caname/shared.key $ovpncapath/$caname/client* \n"); + fwrite($fd, "echo \"Removing client certificates...\" \n"); + fwrite($fd, "rm $ovpncapath/$caname/client* \n"); + fwrite($fd, "cp $ovpncapath/client_certificates.tar.gz $ovpncapath/$caname/ \n"); } - fwrite($fd, "$cmdclients \n"); - fwrite($fd, "cd $ovpncapath/$caname \n"); - fwrite($fd, "tar czvf $ovpncapath/$caname/client_certificates.tar.gz $ovpncapath/$caname/ca.crt $ovpncapath/$caname/shared.key $ovpncapath/$caname/client* \n"); - fwrite($fd, "echo \"Removing client certificates...\" \n"); - fwrite($fd, "rm $ovpncapath/$caname/client* \n"); - fwrite($fd, "cp $ovpncapath/client_certificates.tar.gz $ovpncapath/$caname/ \n"); fwrite($fd, "echo \"Done!\" \n"); fclose($fd); } @@ -183,13 +171,46 @@ if ($_POST) { $ovpnkeys =& $config['openvpn']['keys']; if (!is_array($ovpnkeys[$caname])) $ovpnkeys[$caname] = array(); + /* vars */ + $ovpnkeys[$caname]['KEYSIZE'] = $cakeysize; + $ovpnkeys[$caname]['KEYEXPIRE'] = $cakeyexpire; + $ovpnkeys[$caname]['CAEXPIRE'] = $caexpire; + $ovpnkeys[$caname]['KEYCOUNTRY'] = $countrycode; + $ovpnkeys[$caname]['KEYPROVINCE'] = $stateorprovince; + $ovpnkeys[$caname]['KEYCITY'] = $cityname; + $ovpnkeys[$caname]['KEYORG'] = $orginizationname; + $ovpnkeys[$caname]['KEYEMAIL'] = $email; + $ovpnkeys[$caname]['caclients'] = intval($caclients); + /* ciphers */ $ovpnkeys[$caname]['ca.key'] = file_get_contents("$ovpncapath/$caname/ca.key"); $ovpnkeys[$caname]['ca.crt'] = file_get_contents("$ovpncapath/$caname/ca.crt"); $ovpnkeys[$caname]['shared.key'] = file_get_contents("$ovpncapath/$caname/shared.key"); $ovpnkeys[$caname]['server.key'] = file_get_contents("$ovpncapath/$caname/server.key"); $ovpnkeys[$caname]['server.crt'] = file_get_contents("$ovpncapath/$caname/server.crt"); $ovpnkeys[$caname]['dh_params.dh'] = file_get_contents("$ovpncapath/$caname/dh_params.dh"); + /* save it */ write_config(); + /* XXX: Lets do some hacking now! This implies we are not on embedded platform!!! */ + $pkg_config = parse_xml_config_pkg("/usr/local/pkg/openvpn.xml", "packagegui"); + $options =& $pkg_config['fields']['field'][11]['options']['option']; + if (!is_array($options)) + $options = array(); + $opt = array(); + $opt['name'] = $caname; + $opt['value'] = $caname; + $options[] = $opt; + + conf_mount_rw(); + + $xmlcf = dump_xml_config_pkg($pkg_config, "packagegui"); + /* write new configuration */ + $fd = fopen("/usr/local/pkg/openvpn.xml", "w"); + if (!$fd) + die("Unable to open openvpn.xml for writing in write_config()\n"); + fwrite($fd, $xmlcf); + fclose($fd); + + conf_mount_ro(); } else { ?> <tr> <td width="35%" valign="top" class="vncell"><B>Certificate Name</td> |
