diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-26 15:12:02 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-26 15:12:02 -0300 |
commit | 03b19a93f4d8d870507ee96121cee4acd748dd2a (patch) | |
tree | 71a34e9e7e73d13de21cb4ad831799fb10c30df4 /src/usr/local/www/system_hasync.php | |
parent | 7f410a121522c5d0e2660256ae50c1fde1df3645 (diff) | |
parent | 30ce58ac1ea27b758d5112cb5a3b190c9760f010 (diff) | |
download | pfsense-03b19a93f4d8d870507ee96121cee4acd748dd2a.zip pfsense-03b19a93f4d8d870507ee96121cee4acd748dd2a.tar.gz |
Merge branch 'master' into bootstrap
Diffstat (limited to 'src/usr/local/www/system_hasync.php')
-rwxr-xr-x | src/usr/local/www/system_hasync.php | 336 |
1 files changed, 336 insertions, 0 deletions
diff --git a/src/usr/local/www/system_hasync.php b/src/usr/local/www/system_hasync.php new file mode 100755 index 0000000..47f6ea6 --- /dev/null +++ b/src/usr/local/www/system_hasync.php @@ -0,0 +1,336 @@ +<?php +/* $Id$ */ +/* + system_hasync.php + part of pfSense (https://www.pfsense.org/) + + Copyright (C) 2012 Darren Embry <dse@webonastick.com>. + Copyright (C) 2013-2015 Electric Sheep Fencing, LP + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: system +*/ + +##|+PRIV +##|*IDENT=page-system-hasync +##|*NAME=System: High Availability Sync +##|*DESCR=Allow access to the 'System: High Availability Sync' page. +##|*MATCH=system_hasync.php* +##|-PRIV + +require("guiconfig.inc"); + +if (!is_array($config['hasync'])) + $config['hasync'] = array(); + +$a_hasync = &$config['hasync']; + +$checkbox_names = array( + 'pfsyncenabled', + 'synchronizeusers', + 'synchronizeauthservers', + 'synchronizecerts', + 'synchronizerules', + 'synchronizeschedules', + 'synchronizealiases', + 'synchronizenat', + 'synchronizeipsec', + 'synchronizeopenvpn', + 'synchronizedhcpd', + 'synchronizewol', + 'synchronizestaticroutes', + 'synchronizelb', + 'synchronizevirtualip', + 'synchronizetrafficshaper', + 'synchronizetrafficshaperlimiter', + 'synchronizetrafficshaperlayer7', + 'synchronizednsforwarder', + 'synchronizecaptiveportal'); + +if ($_POST) { + $pconfig = $_POST; + foreach ($checkbox_names as $name) { + $a_hasync[$name] = $pconfig[$name] ? $pconfig[$name] : false; + } + $a_hasync['pfsyncpeerip'] = $pconfig['pfsyncpeerip']; + $a_hasync['pfsyncinterface'] = $pconfig['pfsyncinterface']; + $a_hasync['synchronizetoip'] = $pconfig['synchronizetoip']; + $a_hasync['username'] = $pconfig['username']; + $a_hasync['password'] = $pconfig['passwordfld']; + write_config("Updated High Availability Sync configuration"); + interfaces_sync_setup(); + header("Location: system_hasync.php"); + exit(); +} + +foreach ($checkbox_names as $name) { + $pconfig[$name] = $a_hasync[$name]; +} +$pconfig['pfsyncpeerip'] = $a_hasync['pfsyncpeerip']; +$pconfig['pfsyncinterface'] = $a_hasync['pfsyncinterface']; +$pconfig['synchronizetoip'] = $a_hasync['synchronizetoip']; +$pconfig['username'] = $a_hasync['username']; +$pconfig['passwordfld'] = $a_hasync['password']; + +$ifaces = get_configured_interface_with_descr(); +$ifaces["lo0"] = "loopback"; + +$pgtitle = array(gettext("System"), gettext("High Availability Sync")); +$shortcut_section = "carp"; + +// Build a list of available interfaces +$iflist = array(); +foreach ($ifaces as $ifname => $iface) { + $iflist[$ifname] = $iface; +} + +include("head.inc"); + +require('classes/Form.class.php'); + +$form = new Form; + +$section = new Form_Section('State Synchronization Settings (pfsync)'); + +$section->addInput(new Form_Checkbox( + 'pfsyncenabled', + 'Synchronize states', + 'pfsync transfers state insertion, update, and deletion messages between firewalls.', + ($pconfig['pfsyncenabled'] === 'on'), + 'on' +))->setHelp('Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240).' . + ' It also listens on that interface for similar messages from other firewalls, and imports them into the local state table.<br />' . + 'This setting should be enabled on all members of a failover group.<br />' . + 'Clicking "Save" will force a configuration sync if it is enabled! (see Configuration Synchronization Settings below)'); + +$section->addInput(new Form_Select( + 'pfsyncinterface', + 'Synchorize Interface', + $pconfig['pfsyncinterface'], + $iflist +))->setHelp('If Synchronize States is enabled this interface will be used for communication.<br />' . + 'We recommend setting this to an interface other than LAN! A dedicated interface works the best.<br />' . + 'You must define a IP on each machine participating in this failover group.<br />' . + 'You must have an IP assigned to the interface on any participating sync nodes.'); + +$section->addInput(new Form_Input( + 'pfsyncpeerip', + 'pfsync Synchronize Peer IP', + 'text', + $pconfig['pfsyncpeerip'], + ['placeholder' => 'IP Address'] +))->setHelp('Setting this option will force pfsync to synchronize its state table to this IP address. The default is directed multicast.'); + +$form->add($section); + +$section = new Form_Section('Configuration Synchronization Settings (XMLRPC Sync)'); + +$section->addInput(new Form_Input( + 'synchronizetoip', + 'Synchronize Config to IP', + 'text', + $pconfig['synchronizetoip'], + ['placeholder' => 'IP Address'] +))->setHelp('Enter the IP address of the firewall to which the selected configuration sections should be synchronized.<br /><br />' . + 'XMLRPC sync is currently only supported over connections using the same protocol and port as this system - make sure the remote system\'s port and protocol are set accordingly!<br />' . + 'Do not use the Synchronize Config to IP and password option on backup cluster members!'); + +$section->addInput(new Form_Input( + 'username', + 'Remote System Username', + 'text', + $pconfig['username'] +))->setHelp('Enter the webConfigurator username of the system entered above for synchronizing your configuration.<br />' . + 'Do not use the Synchronize Config to IP and username option on backup cluster members!'); + +$section->addInput(new Form_Input( + 'passwordfld', + 'Remote System Password', + 'password', + $pconfig['passwordfld'] +))->setHelp('Enter the webConfigurator password of the system entered above for synchronizing your configuration.<br />' . + 'Do not use the Synchronize Config to IP and password option on backup cluster members!'); + +$group = new Form_MultiCheckboxGroup('Select options to sync'); + +$group->add(new Form_MultiCheckbox( + 'synchronizeusers', + 'Synchronize Users and Groups', + 'Sync the users and groups over ', + ($pconfig['synchronizeusers'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizeauthservers', + 'Synchronize Auth Servers', + 'Sync the authentication servers (e.g. LDAP, RADIUS) over ', + ($pconfig['synchronizeauthservers'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizecerts', + 'Synchronize Certificates', + 'Sync the Certificate Authorities, Certificates, and Certificate Revocation Lists over ', + ($pconfig['synchronizecerts'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizerules', + 'Synchronize Rules', + 'Sync the firewall rules ', + ($pconfig['synchronizerules'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizeschedules', + 'Synchronize Firewall schedules', + 'Sync the firewall schedules ', + ($pconfig['synchronizeschedules'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizealiases', + 'Synchronize Firewall aliasas', + 'Sync the firewall aliasas ', + ($pconfig['synchronizealiasas'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizenat', + 'Synchronize NAT', + 'Sync NAT rules ', + ($pconfig['synchronizenat'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizeipsec', + 'Synchronize IPsec', + 'Automatically IPsec configuration ', + ($pconfig['synchronizeipsec'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizeopenvpn', + 'Synchronize OpenVPN', + 'Automatically OpenVPN configuration ', + ($pconfig['synchronizeopenvpn'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizedhcpd', + 'Synchronize DHCPD', + 'Sync DHCP Server settings ', + ($pconfig['synchronizedhcpd'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizewol', + 'Synchronize Wake on LAN', + 'Sync WoL Server settings ', + ($pconfig['synchronizewol'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizestaticroutes', + 'Synchronize Static Routes', + 'Sync Static Route configuration ', + ($pconfig['synchronizestaticroutes'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizelb', + 'Synchronize Load Balancer', + 'Sync Load Balancer configuration ', + ($pconfig['synchronizelb'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizevirtualip', + 'Synchronize Virtual IPs', + 'Sync Virtual IPs ', + ($pconfig['synchronizevirtualip'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizetrafficshaper', + 'Synchronize traffic shaper (queues)', + 'Sync the Traffic Shaper configuration ', + ($pconfig['synchronizetrafficshaper'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizetrafficshaperlimiter', + 'Synchronize traffic shaper (limiter)', + 'Sync the Traffic Shaper configuration for limiters ', + ($pconfig['synchronizetrafficshaperlimiter'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizetrafficshaperlayer7', + 'Synchronize traffic shaper (layer 7)', + 'Sync the Traffic Shaper configuration for layer 7 ', + ($pconfig['synchronizetrafficshaperlayer7'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizednsforwarder', + 'Synchronize traffic shaper (Forwarder/Resolver)', + 'Sync the DNS Forwarder and DNS Resolver configurations ', + ($pconfig['synchronizednsforwarder'] === 'on'), + 'on' +)); + +$group->add(new Form_MultiCheckbox( + 'synchronizecaptiveportal', + 'Synchronize Captive Portal)', + 'Sync the Captive Portal configurations ', + ($pconfig['synchronizecaptiveportal'] === 'on'), + 'on' +)); + +$section->add($group); + +$form->add($section); + +print($form); + +include("foot.inc");
\ No newline at end of file |