Replace the old openvpn status page with a new implementation. We now add

a tcp management port option to each OpenVPN server. Instead of rooting
through the OpenVPN logs once a minute for status updates, we now submit a
request to the management port to obtain informaiton. We probably need to
add a pf rule to prevent management ports from being accessed by unwanted
processes.

3 files changed, 159 insertions, 131 deletions

diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc
index 9400d0f..1678412 100755
--- a/usr/local/www/fbegin.inc
+++ b/usr/local/www/fbegin.inc
@@ -236,7 +236,7 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') {
 							<?=output_menu_item("/status_interfaces.php", "Interfaces");?>
 							<?=output_menu_item("/diag_ipsec.php", "IPsec");?>
 							<?=output_menu_item("/status_slbd_pool.php", "Load Balancer");?>
-							<?=output_menu_item("/status_ovpn.php", "OpenVPN");?>
+							<?=output_menu_item("/status_openvpn.php", "OpenVPN");?>
 							<?php if($g['platform'] == "pfSense"): ?>
 							<?=output_menu_item("/diag_pkglogs.php", "Package Logs");?>
 							<?php endif; ?>
diff --git a/usr/local/www/status_openvpn.php b/usr/local/www/status_openvpn.php
new file mode 100644
index 0000000..c8e3da4
--- /dev/null
+++ b/usr/local/www/status_openvpn.php
@@ -0,0 +1,158 @@
+<?php 
+/*
+	status_ovpenvpn.php
+
+    Copyright (C) 2008 Shrew Soft Inc.
+    All rights reserved.
+	
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+	
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+	
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+	
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+##|+PRIV
+##|*IDENT=page-status-openvpn
+##|*NAME=Status: OpenVPN page
+##|*DESCR=Allow access to the 'Status: OpenVPN' page.
+##|*MATCH=status_openvpn.php*
+##|-PRIV
+
+
+$pgtitle = array("Status", "OpenVPN");
+require("guiconfig.inc");
+
+$servers = array();
+
+if (is_array($config['openvpn']['openvpn-server'])) {
+	foreach ($config['openvpn']['openvpn-server'] as & $settings) {
+
+		$prot = $settings['protocol'];
+		$port = $settings['local_port'];
+
+		$server = array();
+		if ($settings['description'])
+			$server['name'] = "{$settings['description']} {$prot}:{$port}";
+		else
+			$server['name'] = "Server {$prot}:{$port}";
+		$server['conns'] = array();
+
+		$tcpsrv = "tcp://127.0.0.1:{$port}";
+		$errval;
+		$errstr;
+
+		/* open a tcp connection to the management port of each server */
+		$fp = stream_socket_client($tcpsrv, $errval, $errstr, 1);
+		if ($fp) {
+
+			/* send our status request */
+			fputs($fp, "status 2\n");
+
+			/* recv all response lines */
+			$buff = "";
+			while (!feof($fp)) {
+
+				/* read the next line */
+				$line = fgets($fp, 1024);
+
+				/* parse header list line */
+				if (strstr($line, "HEADER"))
+					continue;
+
+				/* parse end of output line */
+				if (strstr($line, "END"))
+					break;
+
+				/* parse client list line */
+				if (strstr($line, "CLIENT_LIST")) {
+					$list = explode(",", $line);
+					$conn = array();
+					$conn['common_name'] = $list[1];
+					$conn['remote_host'] = $list[2];
+					$conn['virtual_addr'] = $list[3];
+					$conn['bytes_recv'] = $list[4];
+					$conn['bytes_sent'] = $list[5];
+					$conn['connect_time'] = $list[6];
+					$server['conns'][] = $conn;
+				}
+			}
+
+			/* cleanup */
+			fclose($fp);
+		}
+
+		$servers[] = $server;
+	}
+}
+
+include("head.inc");
+include("fbegin.inc");
+
+echo $buff;
+
+?>
+	<?php foreach ($servers as $server): ?>
+
+	<table width="100%" border="0" cellpadding="0" cellspacing="0">
+		<tr>
+			<td colspan="6" class="listtopic"> 
+				Client connections for <?=$server['name'];?>
+			</td>
+		</tr>
+		<tr>
+			<td class="listhdrr">Common Name</td>
+			<td class="listhdrr">Real Address</td>
+			<td class="listhdrr">Virtual Address</td>
+			<td class="listhdrr">Connected Since</td>
+			<td class="listhdrr">Bytes Sent</td>
+			<td class="listhdrr">Bytes Received</td>
+		</tr>
+
+		<?php foreach ($server['conns'] as $conn): ?>
+		<tr>
+			<td class="listlr">
+				<?=$conn['common_name'];?>
+			</td>
+			<td class="listr">
+				<?=$conn['remote_host'];?>
+			</td>
+			<td class="listr">
+				<?=$conn['virtual_addr'];?>
+			</td>
+			<td class="listr">
+				<?=$conn['connect_time'];?>
+			</td>
+			<td class="listr">
+				<?=$conn['bytes_sent'];?>
+			</td>
+			<td class="listr">
+				<?=$conn['bytes_recv'];?>
+			</td>
+		</tr>
+		<tr>
+			<td colspan="6" class="list" height="12"></td>
+		</tr>
+
+		<?php endforeach; ?>
+
+	</table>
+
+	<?php endforeach; ?>
+
+<?php include("fend.inc"); ?>
diff --git a/usr/local/www/status_ovpn.php b/usr/local/www/status_ovpn.php
deleted file mode 100644
index fed06ed..0000000
--- a/usr/local/www/status_ovpn.php
+++ /dev/null
@@ -1,130 +0,0 @@
-#!/usr/local/bin/php
-<?php 
-/*
-	HEAD
-	status_ovpn.php
-	part of m0n0wall (http://m0n0.ch/wall)
-	
-	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
-	Copyright (C) 2005-2006 Peter Allgeyer <allgeyer@web.de>.
-	All rights reserved.
-	
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted provided that the following conditions are met:
-	
-	1. Redistributions of source code must retain the above copyright notice,
-	   this list of conditions and the following disclaimer.
-	
-	2. Redistributions in binary form must reproduce the above copyright
-	   notice, this list of conditions and the following disclaimer in the
-	   documentation and/or other materials provided with the distribution.
-	
-	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-	POSSIBILITY OF SUCH DAMAGE.
-*/
-
-##|+PRIV
-##|*IDENT=page-status-openvpn
-##|*NAME=Status: OpenVPN page
-##|*DESCR=Allow access to the 'Status: OpenVPN' page.
-##|*MATCH=status_ovpn.php*
-##|-PRIV
-
-
-$pgtitle = array("Status", "OpenVPN");
-require("guiconfig.inc");
-
-$client_list = array();
-$virtip_list = array();
-
-function dump_log($type) {
-	global $g, $config;
-
-	unset($client_list);
-	$client_list = array();
-
-	unset($virtip_list);
-	$virtip_list = array();
-			
-	$max = ($type == 'tun') ? 17 : 4;
-	for ($i = 0; $i < $max; $i++) {
-		if (file_exists("/var/log/openvpn.log")) {
-
-			unset($string);
-			unset($logarr);
-			
-			exec("/bin/cat /var/log/openvpn.log", $logarr);
-	
-			foreach ($logarr as $logent) {
-				$logent = preg_split("/,/", $logent, 5);
-				$string = preg_split("/:/", $logent[1]);
-
-				/* search for ip address in second column */
-				if (isset($string[0]) && is_ipaddr($string[0]))
-					array_push($client_list, $logent);
-				
-				/* search for ip address in first column */
-				else if (is_ipaddr($logent[0]))
-					array_push($virtip_list, $logent);
-			}
-		}
-	}
-
-	if (count($client_list > 1)) {
-		foreach ($client_list as $cent) {
-			echo "<tr>\n";
-			echo "<td class=\"listlr\" nowrap>" . htmlspecialchars($cent[0]) . "</td>\n";
-			echo "<td class=\"listr\">" . htmlspecialchars($cent[1]) . "</td>\n";
-
-			unset($found);
-			if (isset($virtip_list)) {
-				foreach ($virtip_list as $vent) {
-					if ($cent[1] == $vent[2]) {
-						$found = 1;
-						echo "<td class=\"listr\">" . htmlspecialchars($vent[0]) . "&nbsp;</td>\n";
-					}
-				}
-			}
-			if (!isset($found))
-				echo "<td class=\"listr\" align=\"center\">--</td>\n";
-				
-			$date = preg_split("/\s+/", $cent[4]);
-			echo "<td nowrap class=\"listr\">" . htmlspecialchars($date[1]) . " " . htmlspecialchars($date[2]) . " " . htmlspecialchars($date[3]) . "</td>\n";
-			echo "<td class=\"listr\">" . htmlspecialchars($cent[2]) . "</td>\n";
-			echo "<td class=\"listr\">" . htmlspecialchars($cent[3]) . "</td>\n";
-			echo "</tr>\n";
-		}
-	}
-}
-
-?>
-<?php include("head.inc"); ?>
-<?php include("fbegin.inc"); ?>
-<table width="100%" border="0" cellpadding="0" cellspacing="0"><tr>
-  <td colspan="6" class="listtopic"> 
-	    OpenVPN server status entries</td>
-	</tr>
-	 <tr>
-	  <td class="listhdrr">Common Name</td>
-	  <td class="listhdrr">Real Address</td>
-	  <td class="listhdrr">Virtual Address</td>
-	  <td class="listhdrr">Connected Since</td>
-	  <td class="listhdrr">Bytes Received</td>
-	  <td class="listhdr">Bytes Sent</td>
-	</tr>
-	<?php dump_log(tun); ?>
-	<?php dump_log(tap); ?>
-</table>
-<br>
-<strong class="red">Note:<br>
-</strong>Please note that status entries are updated once every minute only.
-<?php include("fend.inc"); ?>
-