diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-09-02 22:27:44 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-09-02 22:27:44 +0000 |
commit | 3c2e5528d2fb27b6a10bd02065bda1e2d9140280 (patch) | |
tree | 5c3e769419ec0b3891190b2e030d757a9e08a912 /usr | |
parent | 249558a24db1ac9b180a5be572cf6cc2cbebdee4 (diff) | |
download | pfsense-3c2e5528d2fb27b6a10bd02065bda1e2d9140280.zip pfsense-3c2e5528d2fb27b6a10bd02065bda1e2d9140280.tar.gz |
Import OpenVPN 1.2 settings(m0n0wall) from Peter Allgeyer
<allgeyer_AT_web.de>
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/vpn_openvpn_cli.php | 68 | ||||
-rwxr-xr-x | usr/local/www/vpn_openvpn_cli_edit.php | 106 |
2 files changed, 92 insertions, 82 deletions
diff --git a/usr/local/www/vpn_openvpn_cli.php b/usr/local/www/vpn_openvpn_cli.php index c574483..b9d88f1 100755 --- a/usr/local/www/vpn_openvpn_cli.php +++ b/usr/local/www/vpn_openvpn_cli.php @@ -28,6 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -38,37 +39,48 @@ if (!is_array($config['ovpn']['client'])){ $config['ovpn']['client']['tunnel'] = array(); } +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + $ovpncli =& $config['ovpn']['client']['tunnel']; if ($_POST['apply']) { $retval = 0; - ovpn_lock(); - $retval = ovpn_config_client(); - ovpn_unlock(); + if (file_exists($d_sysrebootreqd_path)) { + /* Rewrite interface definitions */ + $retval = ovpn_client_iface(); + } + else{ + ovpn_lock(); + $retval = ovpn_config_client(); + ovpn_unlock(); + } if (file_exists($d_ovpnclidirty_path)) unlink($d_ovpnclidirty_path); $savemsg = get_std_save_message($retval); } if ($_GET['act'] == "del") { - if ($ovpncli[$_GET['id']]) { - unset($ovpncli[$_GET['id']]); + if ($ovpncli[$id]) { + $ovpnent = $ovpncli[$id]; + unset($ovpncli[$id]); + + /* Kill running processes */ + /* Remove old certs & keys */ + ovpn_client_kill($ovpnent['if']); + + /* Remove interface from list of optional interfaces */ + ovpn_client_iface_del($ovpnent['if']); + write_config(); - ovpn_client_kill($_GET['id']); - touch($d_ovpnclidirty_path); + touch($d_sysrebootreqd_path); header("Location: vpn_openvpn_cli.php"); exit; } } - -$pgtitle = "VPN: OpenVPN: Client"; -include("head.inc"); - ?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle"><?=$pgtitle?></p> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if (file_exists($d_sysrebootreqd_path) && !file_exists($d_ovpnclidirty_path)) print_info_box(get_std_save_message(0)); ?> <form action="vpn_openvpn_cli.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> @@ -80,7 +92,7 @@ include("head.inc"); <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <ul id="tabnav"> - <li class="tabinact1"><a href="vpn_openvpn.php">Server</a></li> + <li class="tabinact1"><a href="vpn_openvpn_srv.php">Server</a></li> <li class="tabact">Client</li> </ul> </td></tr> @@ -93,9 +105,11 @@ include("head.inc"); <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="10%" class="listhdrr">Interface</td> - <td width="30%" class="listhdrr">Server address</td> - <td width="10%" class="listhdrr" align="middle">Version</td> - <td width="40%" class="listhdr">Description</td> + <td width="10%" class="listhdrr">Protocol</td> + <td width="15%" class="listhdrr">Socket</td> + <td width="15%" class="listhdrr">Server address</td> + <td width="5%" class="listhdrr" align="middle">Version</td> + <td width="35%" class="listhdr">Description</td> <td width="10%" class="list"></td> </tr> @@ -110,7 +124,13 @@ include("head.inc"); <tr> <td class="listlr"><?=$spans;?> - <?= $client['if'].":".$client['cport'];?> + <?= $client['if'];?> + <?=$spane;?></td> + <td class="listr"><?=$spans;?> + <?= strtoupper($client['proto']);?> + <?=$spane;?></td> + <td class="listr"><?=$spans;?> + <?= "0.0.0.0:" . $client['port'];?> <?=$spane;?></td> <td class="listr"><?=$spans;?> <?= $client['saddr'].":".$client['sport'];?> @@ -119,15 +139,15 @@ include("head.inc"); <?= $client['ver'];?> <?=$spane;?></td> <td class="listbg"><?=$spans;?> - <?= $client['descr'];?> + <?= htmlspecialchars($client['descr']);?> <?=$spane;?></td> - <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_cli_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit client configuration" width="17" height="17" border="0"></a> - <a href="vpn_openvpn_cli.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client configuration?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete client configuration" width="17" height="17" border="0"></a></td> + <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_cli_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit client configuration" width="17" height="17" border="0"></a> + <a href="vpn_openvpn_cli.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client configuration?')"><img src="x.gif" title="delete client configuration" width="17" height="17" border="0"></a></td> </tr> <?php $i++; endforeach; ?> <tr> - <td class="list" colspan="4"> </td> - <td class="list"> <a href="vpn_openvpn_cli_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add client configuration" width="17" height="17" border="0"></a></td> + <td class="list" colspan="6"> </td> + <td class="list"> <a href="vpn_openvpn_cli_edit.php"><img src="plus.gif" title="add client configuration" width="17" height="17" border="0"></a></td> </tr> </table> </td> diff --git a/usr/local/www/vpn_openvpn_cli_edit.php b/usr/local/www/vpn_openvpn_cli_edit.php index 8221e2a..c4136e4 100755 --- a/usr/local/www/vpn_openvpn_cli_edit.php +++ b/usr/local/www/vpn_openvpn_cli_edit.php @@ -28,6 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN", "Edit client"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -38,47 +39,7 @@ if (!is_array($config['ovpn']['client'])){ $config['ovpn']['client']['tunnel'] = array(); } -function getnxt_if($type) { - /* find the first available device of type $type */ - global $config; - $a_client = $config['ovpn']['client']['tunnel']; - $max = ($type == 'tun') ? 17 : 4; - for ($i = 1; $i < $max ; $i++) { - $hit = false; - foreach ($a_client as $client) { - if ($client['iface'] == $type . $i) { - $hit = true; - break; - } - } - if (!$hit) - return $type . $i; - } - return false; -} - -function getnxt_port() { - /* Get first unused port */ - global $config; - $a_client = $config['ovpn']['client']['tunnel']; - $port = 5001; - while (true) { - $hit = false; - foreach ($a_client as $client) { - if ($client['cport'] == $port) { - $hit = true; - break; - } - } - if (!$hit) - return $port; - $port++; - } - return false; /* should never get here */ -} - - $ovpncli =& $config['ovpn']['client']['tunnel']; $id = $_GET['id']; @@ -95,7 +56,7 @@ else { $pconfig = array(); $pconfig['type'] = 'tun'; $pconfig['proto'] = 'udp'; - $pconfig['sport'] = '5000'; + $pconfig['sport'] = '1194'; $pconfig['ver'] = '2'; $pconfig['crypto'] = 'BF-CBC'; $pconfig['pull'] = true; @@ -103,8 +64,26 @@ else { } if (isset($_POST['pull'])) { + + $pconfig = $_POST; + + $pconfig['ca_cert'] = base64_encode($pconfig['ca_cert']); + $pconfig['cli_cert'] = base64_encode($pconfig['cli_cert']); + $pconfig['cli_key'] = base64_encode($pconfig['cli_key']); + /* Called from form */ unset($input_errors); + + /* input validation */ + $reqdfields = explode(" ", "type saddr sport"); + $reqdfieldsn = explode(",", "Tunnel type,Address,Port"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + /* valid Port */ + if (($_POST['sport'] && !is_port($_POST['sport']))) + $input_errors[] = "The server's port must be an integer between 1 and 65535 (default 1194)."; + if (is_null($_POST['ca_cert'])) $input_errors[] = "You must provide a CA certificate file"; elseif (!strstr($_POST['ca_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['ca_cert'], "END CERTIFICATE")) @@ -124,20 +103,33 @@ if (isset($_POST['pull'])) { if (isset($id)) { /* Editing an existing entry */ $ovpnent = $ovpncli[$id]; + + if ( $ovpncli[$id]['sport'] != $_POST['sport'] || + $ovpncli[$id]['proto'] != $_POST['proto'] ) { + + /* some entries changed */ + for ($i = 0; isset($config['ovpn']['client']['tunnel'][$i]); $i++) { + $current = &$config['ovpn']['client']['tunnel'][$i]; + + if ($current['sport'] == $_POST['sport']) + if ($current['proto'] == $_POST['proto']) + $input_errors[] = "You already have this combination for port and protocol settings. You can't use it twice"; + } + } + /* Test Server type hasn't changed */ if ($ovpnent['type'] != $_POST['type']) { - $nxt_if = getnxt_if($_POST['type']); + $nxt_if = getnxt_client_if($_POST['type']); if (!$nxt_if) $input_errors[] = "Run out of devices for a tunnel of type {$_POST['type']}"; else $ovpnent['if'] = $nxt_if; - + /* Need to reboot in order to create interfaces cleanly */ + touch($d_sysrebootreqd_path); } /* Has the enable/disable state changed? */ if (isset($ovpnent['enable']) && isset($_POST['disabled'])) { touch($d_ovpnclidirty_path); - ovpn_client_kill($id); - ovpn_client_iface_del($id); } if (!isset($ovpnent['enable']) && !isset($_POST['disabled'])) { touch($d_ovpnclidirty_path); @@ -146,22 +138,25 @@ if (isset($_POST['pull'])) { else { /* Creating a new entry */ $ovpnent = array(); - $nxt_if = getnxt_if($_POST['type']); + $nxt_if = getnxt_client_if($_POST['type']); if (!$nxt_if) $input_errors[] = "Run out of devices for a tunnel of type {$_POST['type']}"; else $ovpnent['if'] = $nxt_if; - $ovpnent['cport'] = getnxt_port(); + $ovpnent['port'] = getnxt_client_port(); + /* I think we have to reboot to have the interface created cleanly */ + touch($d_sysrebootreqd_path); } + $ovpnent['type'] = $_POST['type']; $ovpnent['proto'] = $_POST['proto']; $ovpnent['sport'] = $_POST['sport']; $ovpnent['ver'] = $_POST['ver']; $ovpnent['saddr'] = $_POST['saddr']; $ovpnent['descr'] = $_POST['descr']; - $ovpnent['ca_cert'] = base64_encode($_POST['ca_cert']); - $ovpnent['cli_cert'] = base64_encode($_POST['cli_cert']); - $ovpnent['cli_key'] = base64_encode($_POST['cli_key']); + $ovpnent['ca_cert'] = $pconfig['ca_cert']; + $ovpnent['cli_cert'] = $pconfig['cli_cert']; + $ovpnent['cli_key'] = $pconfig['cli_key']; $ovpnent['crypto'] = $_POST['crypto']; $ovpnent['pull'] = true; //This is a fixed config for this version $ovpnent['enable'] = isset($_POST['disabled']) ? false : true; @@ -176,22 +171,17 @@ if (isset($_POST['pull'])) { write_config(); touch($d_ovpnclidirty_path); + header("Location: vpn_openvpn_cli.php"); exit; } } -$pgtitle = "VPN: OpenVPN: Edit client"; -include("head.inc"); - ?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle"><?=$pgtitle?></p> <?php if ($input_errors) print_input_errors($input_errors); ?> + <form action="vpn_openvpn_cli_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> - <?display_topbar()?> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td width="22%" valign="top" class="vncellreq">Disabled</td> @@ -228,7 +218,7 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq">Port</td> <td width="78%" class="vtable"> <input name="sport" type="text" class="formfld" size="5" maxlength="5" value="<?=htmlspecialchars($pconfig['sport']);?>"><br> - Enter the server's port number (default is 5000).</td> + Enter the server's port number (default is 1194).</td> </tr> <tr> |