diff options
author | Chris Buechler <cmb@pfsense.org> | 2011-07-29 03:14:58 -0400 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2011-07-29 03:14:58 -0400 |
commit | 32363c2efd4c44fe634e1a8fc62325877483fc57 (patch) | |
tree | 5f4558f260e70106dd3dba4784c0889e4d7c4b4d /usr | |
parent | 581e4f7afd2f6297f81fa08ca1698210597d1e64 (diff) | |
parent | f720398561237cf0032d41f83c35e443d2acaf66 (diff) | |
download | pfsense-32363c2efd4c44fe634e1a8fc62325877483fc57.zip pfsense-32363c2efd4c44fe634e1a8fc62325877483fc57.tar.gz |
Merge branch 'master' of github.com:bsdperimeter/pfsense
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/sbin/ppp-linkup | 6 | ||||
-rwxr-xr-x | usr/local/sbin/vpn-linkdown | 6 | ||||
-rw-r--r-- | usr/local/www/diag_packet_capture.php | 328 | ||||
-rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 6 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules.php | 6 | ||||
-rwxr-xr-x | usr/local/www/interfaces_groups.php | 4 | ||||
-rwxr-xr-x | usr/local/www/status_gateways.php | 3 | ||||
-rw-r--r-- | usr/local/www/status_openvpn.php | 59 | ||||
-rw-r--r-- | usr/local/www/system_crlmanager.php | 3 | ||||
-rwxr-xr-x | usr/local/www/system_gateways_edit.php | 32 | ||||
-rwxr-xr-x | usr/local/www/vpn_ipsec_mobile.php | 14 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_csc.php | 2 | ||||
-rwxr-xr-x | usr/local/www/vpn_pptp.php | 10 | ||||
-rwxr-xr-x | usr/local/www/vpn_pptp_users_edit.php | 6 | ||||
-rw-r--r-- | usr/local/www/widgets/widgets/openvpn.widget.php | 58 | ||||
-rw-r--r-- | usr/local/www/wizards/traffic_shaper_wizard.inc | 4 | ||||
-rwxr-xr-x | usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc | 4 | ||||
-rwxr-xr-x | usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc | 4 | ||||
-rw-r--r-- | usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc | 4 |
19 files changed, 350 insertions, 209 deletions
diff --git a/usr/local/sbin/ppp-linkup b/usr/local/sbin/ppp-linkup index 12dda9b..1e6cc01 100755 --- a/usr/local/sbin/ppp-linkup +++ b/usr/local/sbin/ppp-linkup @@ -10,14 +10,12 @@ if [ $ALLOWOVERRIDE -gt 0 ]; then # write nameservers to file if [ $6 = "dns1" ]; then echo $7 > /var/etc/nameserver_$1 - /sbin/route delete $7 - /sbin/route add $7 $4 + /sbin/route change $7 $4 fi if [ $8 = "dns2" ]; then echo $9 >> /var/etc/nameserver_$1 - /sbin/route delete $9 - /sbin/route add $9 $4 + /sbin/route change $9 $4 fi /usr/local/sbin/pfSctl -c 'service reload dns' /bin/sleep 1 diff --git a/usr/local/sbin/vpn-linkdown b/usr/local/sbin/vpn-linkdown index ac9ea2a..4b6cff7 100755 --- a/usr/local/sbin/vpn-linkdown +++ b/usr/local/sbin/vpn-linkdown @@ -2,4 +2,8 @@ # record logout /usr/bin/logger -p local3.info "logout,$1,$4,$5" -/sbin/pfctl -b $3/32 -b $4/32 +/sbin/pfctl -b 0.0.0.0/32 -b $4/32 +/sbin/pfctl -k $4/32 +/sbin/pfctl -k 0.0.0.0/32 $4/32 +/sbin/pfctl -K $4/32 +/sbin/pfctl -K 0.0.0.0/32 -K $4/32 diff --git a/usr/local/www/diag_packet_capture.php b/usr/local/www/diag_packet_capture.php index df482e2..b10e79c 100644 --- a/usr/local/www/diag_packet_capture.php +++ b/usr/local/www/diag_packet_capture.php @@ -109,185 +109,183 @@ include("fbegin.inc"); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <form action="diag_packet_capture.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td> - <form action="diag_packet_capture.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Packet capture");?></td> - </tr> - <tr> - <td width="17%" valign="top" class="vncellreq"><?=gettext("Interface");?></td> - <td width="83%" class="vtable"> - <select name="interface"> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Packet capture");?></td> + </tr> + <tr> + <td width="17%" valign="top" class="vncellreq"><?=gettext("Interface");?></td> + <td width="83%" class="vtable"> + <select name="interface"> <?php - $interfaces = get_configured_interface_with_descr(); - if (isset($config['ipsec']['enable'])) - $interfaces['ipsec'] = "IPsec"; - foreach (array('server', 'client') as $mode) { - if (is_array($config['openvpn']["openvpn-{$mode}"])) { - foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { - if (!isset($setting['disable'])) { - $interfaces['ovpn' . substr($mode, 0, 1) . $setting['vpnid']] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); - } - } + $interfaces = get_configured_interface_with_descr(); + if (isset($config['ipsec']['enable'])) + $interfaces['ipsec'] = "IPsec"; + foreach (array('server', 'client') as $mode) { + if (is_array($config['openvpn']["openvpn-{$mode}"])) { + foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { + if (!isset($setting['disable'])) { + $interfaces['ovpn' . substr($mode, 0, 1) . $setting['vpnid']] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); } } - foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if ($selectedif == $iface) echo "selected"; ?>> - <?php echo $ifacename;?> - </option> - <?php endforeach;?> - </select> - <br/><?=gettext("Select the interface on which to capture traffic.");?> - </td> - </tr> - <tr> - <td width="17%" valign="top" class="vncellreq"><?=gettext("Address Family");?></td> - <td width="83%" class="vtable"> - <select name="fam"> - <option value="">Any</option> - <option value="ip" <?php if ($fam == "ip") echo "selected"; ?>>IPv4 Only</option> - <option value="ip6" <?php if ($fam == "ip6") echo "selected"; ?>>IPv6 Only</option> - </select> - <br/><?=gettext("Select the type of traffic to be captured, either Any, IPv4 only or IPv6 only.");?> - </td> - </tr> - <tr> - <td width="17%" valign="top" class="vncellreq"><?=gettext("Host Address");?></td> - <td width="83%" class="vtable"> - <input name="host" type="text" class="formfld host" id="host" size="20" value="<?=htmlspecialchars($host);?>"> - <br/><?=gettext("This value is either the Source or Destination IP address or subnet in CIDR notation. The packet capture will look for this address in either field.");?> - <br/><?=gettext("This value can be a domain name or IP address, or subnet in CIDR notation.");?> - <br/><?=gettext("If you leave this field blank, all packets on the specified interface will be captured.");?> - </td> - </tr> - <tr> - <td width="17%" valign="top" class="vncellreq"><?=gettext("Port");?></td> - <td width="83%" class="vtable"> - <input name="port" type="text" class="formfld unknown" id="port" size="5" value="<?=$port;?>"> - <br/><?=gettext("The port can be either the source or destination port. The packet capture will look for this port in either field.");?> - <br/><?=gettext("Leave blank if you do not want to filter by port.");?> - </td> - </tr> - <tr> - <td width="17%" valign="top" class="vncellreq"><?=gettext("Packet Length");?></td> - <td width="83%" class="vtable"> - <input name="snaplen" type="text" class="formfld unknown" id="snaplen" size="5" value="<?=$snaplen;?>"> - <br/><?=gettext("The Packet length is the number of bytes of each packet that will be captured. Default value is 0, which will capture the entire frame regardless of its size.");?> - </td> - </tr> - <tr> - <td width="17%" valign="top" class="vncellreq"><?=gettext("Count");?></td> - <td width="83%" class="vtable"> - <input name="count" type="text" class="formfld unknown" id="count" size="5" value="<?=$count;?>"> - <br/><?=gettext("This is the number of packets the packet capture will grab. Default value is 100.") . "<br/>" . gettext("Enter 0 (zero) for no count limit.");?> - </tr> - <tr> - <td width="17%" valign="top" class="vncellreq"><?=gettext("Level of Detail");?></td> - <td width="83%" class="vtable"> - <select name="detail" type="text" class="formselect" id="detail" size="1"> - <option value="-q" <?php if ($detail == "-q") echo "selected"; ?>><?=gettext("Normal");?></option> - <option value="-v" <?php if ($detail == "-v") echo "selected"; ?>><?=gettext("Medium");?></option> - <option value="-vv" <?php if ($detail == "-vv") echo "selected"; ?>><?=gettext("High");?></option> - <option value="-vv -e" <?php if ($detail == "-vv -e") echo "selected"; ?>><?=gettext("Full");?></option> - </select> - <br/><?=gettext("This is the level of detail that will be displayed after hitting 'Stop' when the packets have been captured.") . "<br/><b>" . - gettext("Note:") . "</b> " . - gettext("This option does not affect the level of detail when downloading the packet capture.");?> - </tr> - <tr> - <td width="17%" valign="top" class="vncellreq"><?=gettext("Reverse DNS Lookup");?></td> - <td width="83%" class="vtable"> - <input name="dnsquery" type="checkbox"<?php if($_POST['dnsquery']) echo " CHECKED"; ?>> - <br/><?=gettext("This check box will cause the packet capture to perform a reverse DNS lookup associated with all IP addresses.");?> - <br/><b><?=gettext("Note");?>: </b><?=gettext("This option can cause delays for large packet captures.");?> - </td> - </tr> - <tr> - <td width="17%" valign="top"> </td> - <td width="83%"> + } + } + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" <?php if ($selectedif == $iface) echo "selected"; ?>> + <?php echo $ifacename;?> + </option> + <?php endforeach;?> + </select> + <br/><?=gettext("Select the interface on which to capture traffic.");?> + </td> + </tr> + <tr> + <td width="17%" valign="top" class="vncellreq"><?=gettext("Address Family");?></td> + <td width="83%" class="vtable"> + <select name="fam"> + <option value="">Any</option> + <option value="ip" <?php if ($fam == "ip") echo "selected"; ?>>IPv4 Only</option> + <option value="ip6" <?php if ($fam == "ip6") echo "selected"; ?>>IPv6 Only</option> + </select> + <br/><?=gettext("Select the type of traffic to be captured, either Any, IPv4 only or IPv6 only.");?> + </td> + </tr> + <tr> + <td width="17%" valign="top" class="vncellreq"><?=gettext("Host Address");?></td> + <td width="83%" class="vtable"> + <input name="host" type="text" class="formfld host" id="host" size="20" value="<?=htmlspecialchars($host);?>"> + <br/><?=gettext("This value is either the Source or Destination IP address or subnet in CIDR notation. The packet capture will look for this address in either field.");?> + <br/><?=gettext("This value can be a domain name or IP address, or subnet in CIDR notation.");?> + <br/><?=gettext("If you leave this field blank, all packets on the specified interface will be captured.");?> + </td> + </tr> + <tr> + <td width="17%" valign="top" class="vncellreq"><?=gettext("Port");?></td> + <td width="83%" class="vtable"> + <input name="port" type="text" class="formfld unknown" id="port" size="5" value="<?=$port;?>"> + <br/><?=gettext("The port can be either the source or destination port. The packet capture will look for this port in either field.");?> + <br/><?=gettext("Leave blank if you do not want to filter by port.");?> + </td> + </tr> + <tr> + <td width="17%" valign="top" class="vncellreq"><?=gettext("Packet Length");?></td> + <td width="83%" class="vtable"> + <input name="snaplen" type="text" class="formfld unknown" id="snaplen" size="5" value="<?=$snaplen;?>"> + <br/><?=gettext("The Packet length is the number of bytes of each packet that will be captured. Default value is 0, which will capture the entire frame regardless of its size.");?> + </td> + </tr> + <tr> + <td width="17%" valign="top" class="vncellreq"><?=gettext("Count");?></td> + <td width="83%" class="vtable"> + <input name="count" type="text" class="formfld unknown" id="count" size="5" value="<?=$count;?>"> + <br/><?=gettext("This is the number of packets the packet capture will grab. Default value is 100.") . "<br/>" . gettext("Enter 0 (zero) for no count limit.");?> + </tr> + <tr> + <td width="17%" valign="top" class="vncellreq"><?=gettext("Level of Detail");?></td> + <td width="83%" class="vtable"> + <select name="detail" type="text" class="formselect" id="detail" size="1"> + <option value="-q" <?php if ($detail == "-q") echo "selected"; ?>><?=gettext("Normal");?></option> + <option value="-v" <?php if ($detail == "-v") echo "selected"; ?>><?=gettext("Medium");?></option> + <option value="-vv" <?php if ($detail == "-vv") echo "selected"; ?>><?=gettext("High");?></option> + <option value="-vv -e" <?php if ($detail == "-vv -e") echo "selected"; ?>><?=gettext("Full");?></option> + </select> + <br/><?=gettext("This is the level of detail that will be displayed after hitting 'Stop' when the packets have been captured.") . "<br/><b>" . + gettext("Note:") . "</b> " . + gettext("This option does not affect the level of detail when downloading the packet capture.");?> + </tr> + <tr> + <td width="17%" valign="top" class="vncellreq"><?=gettext("Reverse DNS Lookup");?></td> + <td width="83%" class="vtable"> + <input name="dnsquery" type="checkbox"<?php if($_POST['dnsquery']) echo " CHECKED"; ?>> + <br/><?=gettext("This check box will cause the packet capture to perform a reverse DNS lookup associated with all IP addresses.");?> + <br/><b><?=gettext("Note");?>: </b><?=gettext("This option can cause delays for large packet captures.");?> + </td> + </tr> + <tr> + <td width="17%" valign="top"> </td> + <td width="83%"> <?php - /* check to see if packet capture tcpdump is already running */ - $processcheck = (trim(shell_exec("/bin/ps axw -O pid= | /usr/bin/grep tcpdump | /usr/bin/grep {$fn} | /usr/bin/egrep -v '(pflog|grep)'"))); - - if ($processcheck != "") - $processisrunning = true; - else - $processisrunning = false; - - if (($action == gettext("Stop") or $action == "") and $processisrunning != true) - echo "<input type=\"submit\" name=\"startbtn\" value=\"" . gettext("Start") . "\"> "; - else { - echo "<input type=\"submit\" name=\"stopbtn\" value=\"" . gettext("Stop") . "\"> "; - } - if (file_exists($fp.$fn) and $processisrunning != true) { - echo "<input type=\"submit\" name=\"downloadbtn\" value=\"" . gettext("Download Capture") . "\">"; - echo " (" . gettext("The packet capture file was last updated:") . " " . date("F jS, Y g:i:s a.", filemtime($fp.$fn)) . ")"; - } + /* check to see if packet capture tcpdump is already running */ + $processcheck = (trim(shell_exec("/bin/ps axw -O pid= | /usr/bin/grep tcpdump | /usr/bin/grep {$fn} | /usr/bin/egrep -v '(pflog|grep)'"))); + + if ($processcheck != "") + $processisrunning = true; + else + $processisrunning = false; + + if (($action == gettext("Stop") or $action == "") and $processisrunning != true) + echo "<input type=\"submit\" name=\"startbtn\" value=\"" . gettext("Start") . "\"> "; + else { + echo "<input type=\"submit\" name=\"stopbtn\" value=\"" . gettext("Stop") . "\"> "; + } + if (file_exists($fp.$fn) and $processisrunning != true) { + echo "<input type=\"submit\" name=\"downloadbtn\" value=\"" . gettext("Download Capture") . "\">"; + echo " (" . gettext("The packet capture file was last updated:") . " " . date("F jS, Y g:i:s a.", filemtime($fp.$fn)) . ")"; + } ?> - </td> - </tr> - <tr> - <td valign="top" colspan="2"> + </td> + </tr> + </table> + </form> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td valign="top" colspan="2"> <?php - echo "<font face='terminal' size='2'>"; - if ($processisrunning == true) - echo("<strong>" . gettext("Packet Capture is running.") . "</strong><br/>"); - - if ($do_tcpdump) { - $matches = array(); - - if (($fam == "ip6") || ($fam == "ip")) - $matches[] = $fam; - - if ($port != "") - $matches[] = "port ".$port; - - if ($host != "") { - if (is_ipaddr($host)) - $matches[] = "host " . $host; - elseif (is_subnet($host)) - $matches[] = "net " . $host; - } - - if ($count != "0" ) { - $searchcount = "-c " . $count; - } else { - $searchcount = ""; - } - - $selectedif = convert_friendly_interface_to_real_interface_name($selectedif); - - if ($action == gettext("Start")) { - $matchstr = implode($matches, " and "); - echo("<strong>" . gettext("Packet Capture is running.") . "</strong><br/>"); - mwexec_bg ("/usr/sbin/tcpdump -i $selectedif $searchcount -s $packetlength -w $fp$fn $matchstr"); - // echo "/usr/sbin/tcpdump -i $selectedif $searchcount -s $packetlength -w $fp$fn $matchstr"; - } else { - //action = stop - echo("<strong>" . gettext("Packet Capture stopped.") . "<br/><br/>" . gettext("Packets Captured:") . "</strong><br/>"); + echo "<font face='terminal' size='2'>"; + if ($processisrunning == true) + echo("<strong>" . gettext("Packet Capture is running.") . "</strong><br/>"); + + if ($do_tcpdump) { + $matches = array(); + + if (($fam == "ip6") || ($fam == "ip")) + $matches[] = $fam; + + if ($port != "") + $matches[] = "port ".$port; + + if ($host != "") { + if (is_ipaddr($host)) + $matches[] = "host " . $host; + elseif (is_subnet($host)) + $matches[] = "net " . $host; + } + + if ($count != "0" ) { + $searchcount = "-c " . $count; + } else { + $searchcount = ""; + } + + $selectedif = convert_friendly_interface_to_real_interface_name($selectedif); + + if ($action == gettext("Start")) { + $matchstr = implode($matches, " and "); + echo("<strong>" . gettext("Packet Capture is running.") . "</strong><br/>"); + mwexec_bg ("/usr/sbin/tcpdump -i $selectedif $searchcount -s $packetlength -w $fp$fn $matchstr"); + // echo "/usr/sbin/tcpdump -i $selectedif $searchcount -s $packetlength -w $fp$fn $matchstr"; + } else { + //action = stop + echo("<strong>" . gettext("Packet Capture stopped.") . "<br/><br/>" . gettext("Packets Captured:") . "</strong><br/>"); ?> - <textarea style="width:98%" name="code" rows="15" cols="66" wrap="off" readonly="readonly"> + <textarea style="width:98%" name="code" rows="15" cols="66" wrap="off" readonly="readonly"> <?php - system ("/usr/sbin/tcpdump $disabledns $detail -r $fp$fn"); + system ("/usr/sbin/tcpdump $disabledns $detail -r $fp$fn"); - conf_mount_ro(); + conf_mount_ro(); ?> - </textarea> + </textarea> <?php - } - } + } + } ?> - </td> - </tr> - <tr> - - </table> -</form> -</td> -</tr> + </td> + </tr> + </table> + </td></tr> </table> <?php diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index adaa2c7..6413c8f 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -285,6 +285,9 @@ if ($_POST) { $input_errors[] = sprintf(gettext('The alias(es): %s cannot be nested because they are not of the same type.'), $wrongaliases); } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_aliases_edit/input_validation"); + if (!$input_errors) { $alias['address'] = is_array($address) ? implode(" ", $address) : $address; $alias['descr'] = $_POST['descr']; @@ -321,6 +324,8 @@ if ($_POST) { update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $_POST['name'], $origname); } + pfSense_handle_custom_code("/usr/local/pkg/firewall_aliases_edit/pre_write_config"); + if (isset($id) && $a_aliases[$id]) { if ($a_aliases[$id]['name'] <> $alias['name']) { foreach ($a_aliases as $aliasid => $aliasd) { @@ -581,6 +586,7 @@ EOD; </span> </td> </tr> + <?php pfSense_handle_custom_code("/usr/local/pkg/firewall_aliases_edit/after_first_tr"); ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index da9abd1..8e61360 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -409,11 +409,9 @@ if($_REQUEST['undodrag']) { $sshport = ""; if (isset($config['system']['enablesshd'])) { - $sshport = 22; - if($config['system']['ssh']['port'] <> "") - $sshport = $config['system']['ssh']['port']; + $sshport = ($config['system']['ssh']['port']) ? $config['system']['ssh']['port'] : 22; } - $sshport = "22<br/>"; + $sshport = "{$sshport}<br/>"; ?> <tr valign="top" id="antilockout"> <td class="list"> </td> diff --git a/usr/local/www/interfaces_groups.php b/usr/local/www/interfaces_groups.php index 00bc613..e46652a 100755 --- a/usr/local/www/interfaces_groups.php +++ b/usr/local/www/interfaces_groups.php @@ -47,11 +47,11 @@ $a_ifgroups = &$config['ifgroups']['ifgroupentry']; if ($_GET['act'] == "del") { if ($a_ifgroups[$_GET['id']]) { - $members = explode(" ", $a_ifgroups[$_GET[$id]]['members']); + $members = explode(" ", $a_ifgroups[$_GET['id']]['members']); foreach ($members as $ifs) { $realif = get_real_interface($ifs); if ($realif) - mwexec("/sbin/ifconfig {$realif} -group " . $a_ifgroups[$_GET[$id]]['ifname']); + mwexec("/sbin/ifconfig {$realif} -group " . $a_ifgroups[$_GET['id']]['ifname']); } unset($a_ifgroups[$_GET['id']]); write_config(); diff --git a/usr/local/www/status_gateways.php b/usr/local/www/status_gateways.php index 7e0ffc2..0aa6e56 100755 --- a/usr/local/www/status_gateways.php +++ b/usr/local/www/status_gateways.php @@ -109,6 +109,9 @@ include("head.inc"); $online = gettext("Online"); $bgcolor = "lightgreen"; } + } else if (isset($gateway['monitor_disable'])) { + $online = gettext("Online"); + $bgcolor = "lightgreen"; } else { $online = gettext("Gathering data"); $bgcolor = "lightgray"; diff --git a/usr/local/www/status_openvpn.php b/usr/local/www/status_openvpn.php index 30c3a84..4ad65d5 100644 --- a/usr/local/www/status_openvpn.php +++ b/usr/local/www/status_openvpn.php @@ -98,6 +98,7 @@ function kill_client($port, $remipp) { } $servers = openvpn_get_active_servers(); +$sk_servers = openvpn_get_active_servers("sharedkey"); $clients = openvpn_get_active_clients(); include("head.inc"); ?> @@ -141,13 +142,10 @@ include("head.inc"); ?> <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="6" class="listtopic"> - <?=gettext("Client connections for"); ?> <?=$server['name'];?> + <?=$server['name'];?> <?=gettext("Client connections"); ?> </td> </tr> <tr> -<?php if ($server['mode'] == "p2p_shared_key"): ?> - <td>Status data is not available for shared key servers.</td> -<?php else: ?> <td> <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -194,19 +192,68 @@ include("head.inc"); ?> </table> </td> -<? endif; ?> </tr> </table> <?php endforeach; ?> <br> +<?php if (!empty($sk_servers)) { ?> +<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td colspan="6" class="listtopic"> + <?=gettext("Shared Key Server Instance Statistics"); ?> + </td> + </tr> + <tr> + <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr"><?=gettext("Name"); ?></td> + <td class="listhdrr"><?=gettext("Status"); ?></td> + <td class="listhdrr"><?=gettext("Connected Since"); ?></td> + <td class="listhdrr"><?=gettext("Virtual Addr"); ?></td> + <td class="listhdrr"><?=gettext("Remote Host"); ?></td> + <td class="listhdrr"><?=gettext("Bytes Sent"); ?></td> + <td class="listhdrr"><?=gettext("Bytes Received"); ?></td> + </tr> +<?php foreach ($sk_servers as $sk_server): ?> + <tr name='<?php echo "r:{$client['port']}:{$conn['remote_host']}"; ?>'> + <td class="listlr"> + <?=$sk_server['name'];?> + </td> + <td class="listlr"> + <?=$sk_server['status'];?> + </td> + <td class="listr"> + <?=$sk_server['connect_time'];?> + </td> + <td class="listr"> + <?=$sk_server['virtual_addr'];?> + </td> + <td class="listr"> + <?=$sk_server['remote_host'];?> + </td> + <td class="listr"> + <?=$sk_server['bytes_sent'];?> + </td> + <td class="listr"> + <?=$sk_server['bytes_recv'];?> + </td> + </tr> +<?php endforeach; ?> + </table> + </tr> +</table> + +<?php +} ?> +<br> <?php if (!empty($clients)) { ?> <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="6" class="listtopic"> - <?=gettext("OpenVPN client instances statistics"); ?> + <?=gettext("Client Instance Statistics"); ?> </td> </tr> <tr> diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php index 201d8ab..8d975db 100644 --- a/usr/local/www/system_crlmanager.php +++ b/usr/local/www/system_crlmanager.php @@ -39,6 +39,7 @@ require("guiconfig.inc"); require_once("certs.inc"); +require_once('openvpn.inc'); global $openssl_crl_status; @@ -145,7 +146,6 @@ if ($act == "addcert") { if (!$input_errors) { $reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason']; cert_revoke($cert, $crl, $reason); - require_once('openvpn.inc'); openvpn_refresh_crls(); write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}."); pfSenseHeader("system_crlmanager.php"); @@ -173,7 +173,6 @@ if ($act == "delcert") { $name = $thiscert['descr']; if (cert_unrevoke($thiscert, $thiscrl)) { $savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br/>"; - require_once('openvpn.inc'); openvpn_refresh_crls(); write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr'])); } else { diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index f34df9f..5ff9578 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -66,6 +66,7 @@ if (isset($id) && $a_gateways[$id]) { $pconfig = array(); $pconfig['name'] = $a_gateways[$id]['name']; $pconfig['weight'] = $a_gateways[$id]['weight']; + $pconfig['interval'] = $a_gateways[$id]['interval']; $pconfig['interface'] = $a_gateways[$id]['interface']; $pconfig['friendlyiface'] = $a_gateways[$id]['friendlyiface']; if (isset($a_gateways[$id]['dynamic'])) @@ -78,6 +79,7 @@ if (isset($id) && $a_gateways[$id]) { $pconfig['losshigh'] = $a_gateway_item[$id]['losshigh']; $pconfig['down'] = $a_gateway_item[$id]['down']; $pconfig['monitor'] = $a_gateways[$id]['monitor']; + $pconfig['monitor_disable'] = isset($a_gateways[$id]['monitor_disable']); $pconfig['descr'] = $a_gateways[$id]['descr']; $pconfig['attribute'] = $a_gateways[$id]['attribute']; } @@ -232,8 +234,11 @@ if ($_POST) { $gateway['gateway'] = "dynamic"; $gateway['name'] = $_POST['name']; $gateway['weight'] = $_POST['weight']; + $gateway['interval'] = $_POST['interval']; $gateway['descr'] = $_POST['descr']; - if (is_ipaddr($_POST['monitor'])) + if ($_POST['monitor_disable'] == "yes") + $gateway['monitor_disable'] = true; + else if (is_ipaddr($_POST['monitor'])) $gateway['monitor'] = $_POST['monitor']; if ($_POST['defaultgw'] == "yes" || $_POST['defaultgw'] == "on") { @@ -307,6 +312,9 @@ function show_advanced_gateway() { aodiv = document.getElementById('showgatewayadv'); aodiv.style.display = "block"; } +function monitor_change() { + document.iform.monitor.disabled = document.iform.monitor_disable.checked; +} </script> <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="system_gateways_edit.php" method="post" name="iform" id="iform"> @@ -366,6 +374,14 @@ function show_advanced_gateway() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Disable Gateway Monitoring"); ?></td> + <td width="78%" class="vtable"> + <input name="monitor_disable" type="checkbox" id="monitor_disable" value="yes" <?php if ($pconfig['monitor_disable'] == true) echo "checked"; ?> onClick="monitor_change()" /> + <strong><?=gettext("Disable Gateway Monitoring"); ?></strong><br /> + <?=gettext("This will consider this gateway as always being up"); ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Monitor IP"); ?></td> <td width="78%" class="vtable"> <?php @@ -385,10 +401,10 @@ function show_advanced_gateway() { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Advanced");?></td> <td width="78%" class="vtable"> - <div id="showadvgatewaybox" <? if (!empty($pconfig['latencylow']) || !empty($pconfig['latencyhigh']) || !empty($pconfig['losslow']) || !empty($pconfig['losshigh']) || (isset($pconfig['weight']) && $pconfig['weight'] > 1)) echo "style='display:none'"; ?>> + <div id="showadvgatewaybox" <? if (!empty($pconfig['latencylow']) || !empty($pconfig['latencyhigh']) || !empty($pconfig['losslow']) || !empty($pconfig['losshigh']) || (isset($pconfig['weight']) && $pconfig['weight'] > 1) || (isset($pconfig['interval']) && $pconfig['interval'])) echo "style='display:none'"; ?>> <input type="button" onClick="show_advanced_gateway()" value="Advanced"></input> - Show advanced option</a> </div> - <div id="showgatewayadv" <? if (empty($pconfig['latencylow']) && empty($pconfig['latencyhigh']) && empty($pconfig['losslow']) && empty($pconfig['losshigh']) && (empty($pconfig['weight']) || $pconfig['weight'] == 1)) echo "style='display:none'"; ?>> + <div id="showgatewayadv" <? if (empty($pconfig['latencylow']) && empty($pconfig['latencyhigh']) && empty($pconfig['losslow']) && empty($pconfig['losshigh']) && (empty($pconfig['weight']) || $pconfig['weight'] == 1) && (empty($pconfig['interval']) || $pconfig['interval'] == 1)) echo "style='display:none'"; ?>> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Weight");?></td> @@ -438,6 +454,14 @@ function show_advanced_gateway() { <br> <span class="vexpl"><?=gettext("This defines the down time for the alarm to fire, in seconds.");?></span></td> </td> </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Frequency Probe");?></td> + <td width="78%" class="vtable"> + <input name="interval" type="text" class="formfld unknown" id="interval" size="2" + value="<?=htmlspecialchars($pconfig['interval']);?>"> + <br> <span class="vexpl"><?=gettext("This defines the frequency in seconds that an icmp probe will be sent. Default is 1 second.");?></span></td> + </td> + </tr> </table> </div> </td> @@ -461,7 +485,7 @@ function show_advanced_gateway() { </form> <?php include("fend.inc"); ?> <script language="JavaScript"> -enable_change(document.iform.defaultgw); +monitor_change(); </script> </body> </html> diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php index b4b1b05..fe28963 100755 --- a/usr/local/www/vpn_ipsec_mobile.php +++ b/usr/local/www/vpn_ipsec_mobile.php @@ -355,7 +355,19 @@ function login_banner_change() { <td width="78%" class="vtable"> <?=gettext("Source"); ?>: <select name="user_source" class="formselect" id="user_source"> - <option value="system"><?=gettext("system"); ?></option> + <option value="system" <?php if ($pconfig['user_source'] == 'system') echo "selected"; ?>><?=gettext("system"); ?></option> + <?php + if (is_array($config['system']['authserver'])) { + foreach ($config['system']['authserver'] as $authcfg) { + if ($authcfg['type'] == 'ldap') { + $selected = ""; + if ($pconfig['user_source'] == $authcfg['name']) + $selected = "selected"; + echo "<option value='{$authcfg['name']}' {$selected} >{$authcfg['name']}</option>\n"; + } + } + } + ?> </select> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_csc.php b/usr/local/www/vpn_openvpn_csc.php index e980332..91d4ea0 100644 --- a/usr/local/www/vpn_openvpn_csc.php +++ b/usr/local/www/vpn_openvpn_csc.php @@ -61,7 +61,7 @@ if ($_GET['act'] == "del") { exit; } - openvpn_delete_csc($$a_csc[$id]); + openvpn_delete_csc($a_csc[$id]); unset($a_csc[$id]); write_config(); $savemsg = gettext("Client Specific Override successfully deleted")."<br/>"; diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php index aee2416..52190ec 100755 --- a/usr/local/www/vpn_pptp.php +++ b/usr/local/www/vpn_pptp.php @@ -353,9 +353,13 @@ function enable_change(enable_over) { <td width="22%" valign="top" class="vncellreq"><?=gettext("Server address"); ?></td> <td width="78%" class="vtable"> <?=$mandfldhtml;?><input name="localip" type="text" class="formfld unknown" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>"> - <br> - <?=gettext("Enter the IP address the PPTP server should use on its side " . - "for all clients"); ?>.</td> + <br/> + <?=gettext("Enter the IP address the PPTP server should give to clients for use as their \"gateway\""); ?>. + <br/> + <?=gettext("Typically this is set to an unused IP just outside of the client range"); ?>. + <br/> + <br/> + <?=gettext("NOTE: This should NOT be set to any IP address currently in use on this firewall"); ?>. </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Remote address " . diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php index b1b4811..7ddf348 100755 --- a/usr/local/www/vpn_pptp_users_edit.php +++ b/usr/local/www/vpn_pptp_users_edit.php @@ -84,12 +84,12 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username'])) $input_errors[] = gettext("The username contains invalid characters."); - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['password'])) - $input_errors[] = gettext("The password contains invalid characters."); - if (preg_match("/^!/", $_POST['password'])) $input_errors[] = gettext("The password cannot start with '!'."); + if (!preg_match("/^[\x20-\x7E]*$/", $_POST['password'])) + $input_errors[] = gettext("The password contains invalid characters."); + if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) { $input_errors[] = gettext("The passwords do not match."); } diff --git a/usr/local/www/widgets/widgets/openvpn.widget.php b/usr/local/www/widgets/widgets/openvpn.widget.php index c93c708..4d186f0 100644 --- a/usr/local/www/widgets/widgets/openvpn.widget.php +++ b/usr/local/www/widgets/widgets/openvpn.widget.php @@ -55,6 +55,7 @@ function kill_client($port, $remipp) { } $servers = openvpn_get_active_servers(); +$sk_servers = openvpn_get_active_servers("sharedkey"); $clients = openvpn_get_active_clients(); ?> @@ -95,7 +96,7 @@ $clients = openvpn_get_active_clients(); <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="6" class="listtopic"> - Client connections for <?=$server['name'];?> + <?=$server['name'];?> Client connections </td> </tr> <tr> @@ -140,14 +141,61 @@ $clients = openvpn_get_active_clients(); </table> <?php endforeach; ?> -<br/> +<?php if (!empty($sk_servers)) { ?> +<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td colspan="6" class="listtopic"> + Shared Key Server Instance Statistics + </td> + </tr> + <tr> + <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Name/Time</td> + <td class="listhdrr">Remote/Virtual IP</td> + </tr> +<?php foreach ($sk_servers as $sk_server): ?> + <tr name='<?php echo "r:{$sk_server['port']}:{$sk_server['remote_host']}"; ?>'> + <td class="listlr"> + <?=$sk_server['name'];?> + </td> + <td class="listr"> + <?=$sk_server['remote_host'];?> + </td> + <td rowspan="2" align="center"> + <?php + if ($sk_server['status'] == "up") { + /* tunnel is up */ + $iconfn = "interface_up"; + } else { + /* tunnel is down */ + $iconfn = "interface_down"; + } + echo "<img src ='/themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'>"; + ?> + </td> + </tr> + <tr name='<?php echo "r:{$sk_server['port']}:{$sk_server['remote_host']}"; ?>'> + <td class="listlr"> + <?=$sk_server['connect_time'];?> + </td> + <td class="listr"> + <?=$sk_server['virtual_addr'];?> + </td> + </tr> +<?php endforeach; ?> + </table> + </tr> +</table> +<?php +} ?> <?php if (!empty($clients)) { ?> <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="6" class="listtopic"> - OpenVPN client instances statistics + Client Instance Statistics </td> </tr> <tr> @@ -158,7 +206,7 @@ $clients = openvpn_get_active_clients(); </tr> <?php foreach ($clients as $client): ?> - <tr name='<?php echo "r:{$client['port']}:{$conn['remote_host']}"; ?>'> + <tr name='<?php echo "r:{$client['port']}:{$client['remote_host']}"; ?>'> <td class="listlr"> <?=$client['name'];?> </td> @@ -178,7 +226,7 @@ $clients = openvpn_get_active_clients(); ?> </td> </tr> - <tr name='<?php echo "r:{$client['port']}:{$conn['remote_host']}"; ?>'> + <tr name='<?php echo "r:{$client['port']}:{$client['remote_host']}"; ?>'> <td class="listlr"> <?=$client['connect_time'];?> </td> diff --git a/usr/local/www/wizards/traffic_shaper_wizard.inc b/usr/local/www/wizards/traffic_shaper_wizard.inc index ee800ce..9676a31 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard.inc @@ -1056,7 +1056,7 @@ function apply_all_choosen_items() { $q =& new hfsc_queue(); $tmpcf = array(); $tmpcf['name'] = "qLink"; - $tmpcf['priority'] = 1; + $tmpcf['priority'] = 2; $tmpcf['enabled'] = "on"; $tmpcf['default'] = "on"; $tmpcf['qlimit'] = 500; @@ -1295,7 +1295,7 @@ function apply_all_choosen_items() { $q =& new hfsc_queue(); $tmpcf = array(); $tmpcf['name'] = "qOthersLow"; - $tmpcf['priority'] = 2; + $tmpcf['priority'] = 3; $tmpcf['ecn'] = "on"; $tmpcf['enabled'] = "on"; if ($sched == "CBQ") { diff --git a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc index bb25f79..9cfb8f2 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc @@ -1119,7 +1119,7 @@ function apply_all_choosen_items() { $q =& new hfsc_queue(); $tmpcf = array(); $tmpcf['name'] = "qLink"; - $tmpcf['priority'] = 3; + $tmpcf['priority'] = 2; $tmpcf['enabled'] = "on"; $tmpcf['default'] = "on"; $tmpcf['qlimit'] = 500; @@ -1359,7 +1359,7 @@ function apply_all_choosen_items() { $q =& new hfsc_queue(); $tmpcf = array(); $tmpcf['name'] = "qOthersLow"; - $tmpcf['priority'] = 2; + $tmpcf['priority'] = 3; $tmpcf['ecn'] = "on"; $tmpcf['enabled'] = "on"; if ($sched == "CBQ") { diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc index 519364f..3e776d3 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc @@ -1167,7 +1167,7 @@ function apply_all_choosen_items() { $q =& new hfsc_queue(); $tmpcf = array(); $tmpcf['name'] = "qLink"; - $tmpcf['priority'] = 1; + $tmpcf['priority'] = 2; $tmpcf['enabled'] = "on"; $tmpcf['default'] = "on"; $tmpcf['qlimit'] = 500; @@ -1409,7 +1409,7 @@ function apply_all_choosen_items() { $q =& new hfsc_queue(); $tmpcf = array(); $tmpcf['name'] = "qOthersLow"; - $tmpcf['priority'] = 2; + $tmpcf['priority'] = 3; $tmpcf['ecn'] = "on"; $tmpcf['enabled'] = "on"; if ($sched == "CBQ") { diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc index 9fdc3a3..301aa55 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc @@ -557,7 +557,7 @@ function apply_all_choosen_items() { $q =& new hfsc_queue(); $tmpcf = array(); $tmpcf['name'] = "qLink"; - $tmpcf['priority'] = 1; + $tmpcf['priority'] = 2; $tmpcf['enabled'] = "on"; $tmpcf['default'] = "on"; $tmpcf['qlimit'] = 500; @@ -802,7 +802,7 @@ function apply_all_choosen_items() { $q =& new hfsc_queue(); $tmpcf = array(); $tmpcf['name'] = "qOthersLow"; - $tmpcf['priority'] = 2; + $tmpcf['priority'] = 3; $tmpcf['ecn'] = "on"; $tmpcf['enabled'] = "on"; if ($sched == "CBQ") { |