Add drop-down to select OpenVPN hardware crypto (finds usable devices from "openssl engine" list) for clients and servers.

4 files changed, 63 insertions, 0 deletions

diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php
index 96f67bf..d2374b2 100644
--- a/usr/local/www/vpn_openvpn_client.php
+++ b/usr/local/www/vpn_openvpn_client.php
@@ -125,6 +125,7 @@ if($_GET['act']=="edit"){
 		} else
 			$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
 		$pconfig['crypto'] = $a_client[$id]['crypto'];
+		$pconfig['engine'] = $a_server[$id]['engine'];
 
 		$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
 		$pconfig['remote_network'] = $a_client[$id]['remote_network'];
@@ -254,6 +255,7 @@ if ($_POST) {
             $client['shared_key'] = base64_encode($pconfig['shared_key']);
         }
 		$client['crypto'] = $pconfig['crypto'];
+		$client['engine'] = $pconfig['engine'];
 
 		$client['tunnel_network'] = $pconfig['tunnel_network'];
 		$client['remote_network'] = $pconfig['remote_network'];
@@ -716,6 +718,24 @@ if ($savemsg)
 							</select>
 						</td>
 					</tr>
+					<tr id="engine">
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
+						<td width="78%" class="vtable">
+							<select name="engine" class="formselect">
+								<?php
+									$engines = openvpn_get_engines();
+									foreach ($engines as $name => $desc):
+									$selected = '';
+									if ($name == $pconfig['engine'])
+										$selected = ' selected';
+								?>
+								<option value="<?=$name;?>"<?=$selected?>>
+									<?=htmlspecialchars($desc);?>
+								</option>
+								<?php endforeach; ?>
+							</select>
+						</td>
+					</tr>
 					<tr>
 						<td colspan="2" class="list" height="12"></td>
 					</tr>
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index 002702c..0f751e7 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -126,6 +126,7 @@ if($_GET['act']=="edit"){
 		} else
 			$pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
 		$pconfig['crypto'] = $a_server[$id]['crypto'];
+		$pconfig['engine'] = $a_server[$id]['engine'];
 
 		$pconfig['tunnel_network'] = $a_server[$id]['tunnel_network'];
 		$pconfig['remote_network'] = $a_server[$id]['remote_network'];
@@ -324,6 +325,7 @@ if ($_POST) {
 			$server['shared_key'] = base64_encode($pconfig['shared_key']);
 		}
 		$server['crypto'] = $pconfig['crypto'];
+		$server['engine'] = $pconfig['engine'];
 
 		$server['tunnel_network'] = $pconfig['tunnel_network'];
 		$server['remote_network'] = $pconfig['remote_network'];
@@ -872,6 +874,24 @@ if ($savemsg)
 							</select>
 						</td>
 					</tr>
+					<tr id="engine">
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
+						<td width="78%" class="vtable">
+							<select name="engine" class="formselect">
+								<?php
+									$engines = openvpn_get_engines();
+									foreach ($engines as $name => $desc):
+									$selected = '';
+									if ($name == $pconfig['engine'])
+										$selected = ' selected';
+								?>
+								<option value="<?=$name;?>"<?=$selected?>>
+									<?=htmlspecialchars($desc);?>
+								</option>
+								<?php endforeach; ?>
+							</select>
+						</td>
+					</tr>
 					<tr id="strictusercn">
 						<td width="22%" valign="top" class="vncell"><?=gettext("Strict User/CN Matching"); ?></td>
 						<td width="78%" class="vtable">
diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc
index 3d09066..5af4510 100644
--- a/usr/local/www/wizards/openvpn_wizard.inc
+++ b/usr/local/www/wizards/openvpn_wizard.inc
@@ -321,6 +321,15 @@ function step10_stepbeforeformdisplay() {
 				$opt['value'] = $name;
 			$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
 			}
+		} else if ($field['name'] == "engine") {
+			$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
+			$engines = openvpn_get_engines();
+			foreach ($engines as $name => $desc) {
+				$opt = array();
+				$opt['name'] = $desc;
+				$opt['value'] = $name;
+			$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
+			}
 		} else if ($field['name'] == "nbttype") {
 			$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
 			foreach ($netbios_nodetypes as $type => $name) {
@@ -581,6 +590,7 @@ function step12_submitphpaction() {
 		$server['netbios_enable'] = $pconfig['step10']['nbtenable'];
 	}
 	$server['crypto'] = $pconfig['step10']['crypto'];
+	$server['engine'] = $pconfig['step10']['engine'];
 
 	if (isset($pconfig['step11']['ovpnrule'])) {
 		$rule = array();
diff --git a/usr/local/www/wizards/openvpn_wizard.xml b/usr/local/www/wizards/openvpn_wizard.xml
index e28507b..1108a05 100644
--- a/usr/local/www/wizards/openvpn_wizard.xml
+++ b/usr/local/www/wizards/openvpn_wizard.xml
@@ -692,6 +692,19 @@
 			<description>&lt;br/&gt;The method used to encrypt traffic between endpoints. This setting must match on the client and server side, but is otherwise set however you like. Certain algorithms will perform better on different hardware, depending on the availability of supported VPN accelerator chips.</description>
 		</field>
 		<field>
+			<name>engine</name>
+			<type>select</type>
+			<displayname>Hardware Crypto</displayname>
+			<bindstofield>ovpnserver->step10->engine</bindstofield>
+			<options>
+				<option>
+					<name>dummy</name>
+					<value>dummy</value>
+				</option>
+			</options>
+			<description>&lt;br/&gt;The hardware cryptographic accelerator to use for this VPN connection, if any.</description>
+		</field>
+		<field>
 			<type>listtopic</type>
 			<name>Tunnel Settings</name>
 		</field>