diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-11-06 20:30:09 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-11-06 20:30:09 +0000 |
commit | bc5dc42181e4b6d468bfcd1283f923e744524371 (patch) | |
tree | 7073d69a4cbdfcf834b5ba12508a882553ba19c5 /usr | |
parent | c6ee5ce431ee155a9cc668249a47d4ff7155626c (diff) | |
download | pfsense-bc5dc42181e4b6d468bfcd1283f923e744524371.zip pfsense-bc5dc42181e4b6d468bfcd1283f923e744524371.tar.gz |
MFC 7406
Sync OpenVPN with Peter A's latest version:
rootfs-1.2-ovpn2.tar.gz
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/vpn_openvpn_cli.php | 6 | ||||
-rwxr-xr-x | usr/local/www/vpn_openvpn_cli_edit.php | 61 | ||||
-rwxr-xr-x | usr/local/www/vpn_openvpn_srv.php | 6 | ||||
-rwxr-xr-x | usr/local/www/vpn_openvpn_srv_edit.php | 77 |
4 files changed, 99 insertions, 51 deletions
diff --git a/usr/local/www/vpn_openvpn_cli.php b/usr/local/www/vpn_openvpn_cli.php index fe01ee0..a5d2e1e 100755 --- a/usr/local/www/vpn_openvpn_cli.php +++ b/usr/local/www/vpn_openvpn_cli.php @@ -28,6 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -81,12 +82,7 @@ if ($_GET['act'] == "del") { exit; } } - -$pgtitle = "VPN: OpenVPN"; -include("head.inc"); - ?> - <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if (file_exists($d_sysrebootreqd_path) && !file_exists($d_ovpnclidirty_path)) print_info_box(get_std_save_message(0)); ?> diff --git a/usr/local/www/vpn_openvpn_cli_edit.php b/usr/local/www/vpn_openvpn_cli_edit.php index 1f4fca3..c22faf2 100755 --- a/usr/local/www/vpn_openvpn_cli_edit.php +++ b/usr/local/www/vpn_openvpn_cli_edit.php @@ -28,6 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN", "Edit client"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -170,8 +171,6 @@ if ($_POST) { if (!empty($retval)) $input_errors[] = $retval; - else - ovpn_cli_dirty($ovpnent['if']); } if ( $ovpncli[$id]['sport'] != $_POST['sport'] || @@ -192,17 +191,11 @@ if ($_POST) { $input_errors[] = "Delete this interface first before changing the type of the tunnel to " . strtoupper($_POST['type']) ."."; - /* Has the enable/disable state changed? */ - if (isset($ovpnent['enable']) && isset($_POST['disabled'])) { - ovpn_cli_dirty($ovpnent['if']); - } if (!isset($ovpnent['enable']) && !isset($_POST['disabled'])) { /* check if port number is free, else choose another one */ if (in_array($ovpnent['cport'], used_port_list())) $ovpnent['cport'] = getnxt_port(); - - ovpn_cli_dirty($ovpnent['if']); } } else { /* Creating a new entry */ @@ -220,8 +213,6 @@ if ($_POST) { if (!empty($retval)) $input_errors[] = $retval; - else - ovpn_cli_dirty($ovpnent['if']); } } @@ -239,8 +230,10 @@ if ($_POST) { $ovpnent['cli_cert'] = $pconfig['cli_cert']; $ovpnent['cli_key'] = $pconfig['cli_key']; $ovpnent['crypto'] = $_POST['crypto']; + $ovpnent['comp_method'] = $_POST['comp_method']; $ovpnent['ns_cert_type'] = $_POST['ns_cert_type'] ? true : false; $ovpnent['pull'] = $_POST['pull'] ? true : false; + $ovpnent['dupcn'] = $_POST['dupcn'] ? true : false; $ovpnent['tlsauth'] = $_POST['tlsauth'] ? true : false; $ovpnent['bridge'] = $_POST['bridge']; $ovpnent['lipaddr'] = $_POST['lipaddr']; @@ -292,12 +285,7 @@ if ($_POST) { } } - -$pgtitle = "VPN: OpenVPN: Edit client"; -include("head.inc"); - ?> - <?php include("fbegin.inc"); ?> <script language="JavaScript"> function enable_change(enable_over) { @@ -318,6 +306,7 @@ function enable_change(enable_over) { document.iform.cli_cert.disabled = endis; document.iform.cli_key.disabled = endis; document.iform.crypto.disabled = endis; + document.iform.comp_method.disabled = endis; document.iform.ns_cert_type.disabled = endis; document.iform.pull.disabled = endis; document.iform.tlsauth.disabled = endis; @@ -342,7 +331,6 @@ function expertmode_change(enable_over) { document.iform.expertmode_options.disabled = endis; } - function tls_change(enable_over) { var endis; endis = !(document.iform.tlsauth.checked || enable_over); @@ -659,13 +647,44 @@ function get_radio_value(obj) { <tr> <td colspan="2" valign="top" class="listtopic">Client Options</td> </tr> + <tr> + <td width="22%" valign="top" class="vncell">Pull Options</td> + <td width="78%" class="vtable"> + <input type="checkbox" name="pull" value="yes" <?php if ($pconfig['pull']) echo "checked"; ?>> + <strong>Client-pull</strong><br> + This option must be used on a client which is connecting to a + multi-client server. It indicates to OpenVPN that it should + accept options pushed by the server, provided they are part of the + legal set of pushable options. + </td> + </tr> - <tr> - <td width="22%" valign="top" class="vncell">Options</td> - <td width="78%" class="vtable"> - <input type="checkbox" name="pull" value="yes" <?php if ($pconfig['pull']) echo "checked"; ?>> - <strong>Client-pull</strong></td> + <tr> + <td width="22%" valign="top" class="vncell">Compression method</td> + <td width="78%" class="vtable"> + <select name="comp_method" class="formfld" id="comp_method"> + <option <?php if (!$pconfig['comp_method']) echo "selected";?> value="">none</option> + <?php $compression_method = array('lzo' => 'LZO', 'noadapt' => 'LZO (no adaptive)'); + foreach($compression_method as $comp_method => $comp_methodname): ?> + <option value="<?=$comp_method;?>" + <?php if ($comp_method == $pconfig['comp_method']) echo "selected";?>> + <?=htmlspecialchars($comp_methodname);?> + </option> + <?php endforeach; ?> + </select> + <br> + Choose which compression method to use.<br> + <br> + LZO compression generally improves performance on slow links, + but may add up to 1 byte per packet for incompressible data.<br> + <br> + With adaptive compression, OpenVPN will periodically sample the + compression process to measure its efficiency. If the data being + sent over the tunnel is already compressed, the compression + efficiency will be very low. Choose 'LZO (no adaptive)' + to disable OpenVPN's adaptive compression algorithm. + </td> </tr> <tr> diff --git a/usr/local/www/vpn_openvpn_srv.php b/usr/local/www/vpn_openvpn_srv.php index 5cd6ff1..9ad6b6b 100755 --- a/usr/local/www/vpn_openvpn_srv.php +++ b/usr/local/www/vpn_openvpn_srv.php @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -82,12 +83,7 @@ if ($_GET['act'] == "del") { exit; } } - -$pgtitle = "VPN: OpenVPN"; -include("head.inc"); - ?> - <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if (file_exists($d_sysrebootreqd_path) && !file_exists($d_ovpnsrvdirty_path)) print_info_box(get_std_save_message(0)); ?> diff --git a/usr/local/www/vpn_openvpn_srv_edit.php b/usr/local/www/vpn_openvpn_srv_edit.php index e2ac9f1..4ba535f 100755 --- a/usr/local/www/vpn_openvpn_srv_edit.php +++ b/usr/local/www/vpn_openvpn_srv_edit.php @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN", "Edit server"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -80,7 +81,6 @@ if ($_POST) { unset($input_errors); unset($check_ipblock); - unset($bridge_reset); /* input validation */ $reqdfields = explode(" ", "type bind_iface"); @@ -170,6 +170,8 @@ if ($_POST) { if ($_POST['ipblock'] && $check_ipblock) { if (!is_ipaddr($_POST['ipblock'])) { $input_errors[] = "A valid IP netblock must be specified."; + } else if ($_POST['type'] == "tun" && intval($_POST['prefix']) > 29) { + $input_errors[] = "Network mask too high for tun-style tunnels."; } else { $network = ip2long(gen_subnet($_POST['ipblock'], $_POST['prefix'])); $broadcast = ip2long(gen_subnet_max($_POST['ipblock'], $_POST['prefix'])); @@ -242,9 +244,6 @@ if ($_POST) { if (ip2long($_POST['range_from']) > ip2long($_POST['range_to'])) $input_errors[] = "The range is invalid (first element higher than second element)."; - - if (!($_POST['type'] == "tap" && $_POST['authentication_method'] == "rsasig")) - $bridge_reset = 1; } } @@ -295,8 +294,6 @@ if ($_POST) { if (!empty($retval)) $input_errors[] = $retval; - else - ovpn_srv_dirty($ovpnent['tun_iface']); } /* port number syntactically valid, so lets check, if it is free */ @@ -344,12 +341,6 @@ if ($_POST) { } - /* Has the enable/disable state changed? */ - if (isset($ovpnent['enable']) && isset($_POST['disabled'])) { - /* status changed to disabled */ - ovpn_srv_dirty($ovpnent['tun_iface']); - } - /* status changed to enable */ if (!isset($ovpnent['enable']) && !isset($_POST['disabled'])) { @@ -367,8 +358,6 @@ if ($_POST) { $input_errors[] = "OpenVPN binding already in use by another OpenVPN daemon."; } } - - ovpn_srv_dirty($ovpnent['tun_iface']); } } else { @@ -404,8 +393,6 @@ if ($_POST) { if (!empty($retval)) $input_errors[] = $retval; - else - ovpn_srv_dirty($ovpnent['tun_iface']); } } @@ -434,6 +421,7 @@ if ($_POST) { $ovpnent['verb'] = $_POST['verb']; $ovpnent['maxcli'] = $_POST['maxcli']; $ovpnent['crypto'] = $_POST['crypto']; + $ovpnent['comp_method'] = $_POST['comp_method']; $ovpnent['cli2cli'] = $_POST['cli2cli'] ? true : false; $ovpnent['dupcn'] = $_POST['dupcn'] ? true : false; $ovpnent['dynip'] = $_POST['dynip'] ? true : false; @@ -525,11 +513,8 @@ if ($_POST) { } } -$pgtitle = "VPN: OpenVPN: Edit Server"; -include("head.inc"); ?> - <?php include("fbegin.inc"); ?> <script language="JavaScript"> function enable_change(enable_over) { @@ -568,6 +553,7 @@ function enable_change(enable_over) { document.iform.netmask.disabled = endis; document.iform.cli2cli.disabled = endis; document.iform.dupcn.disabled = endis; + document.iform.comp_method.disabled = endis; document.iform.psh_redir.disabled = endis; document.iform.psh_redir_loc.disabled = endis; document.iform.psh_rtedelay.disabled = endis; @@ -609,7 +595,6 @@ function tls_change(enable_over) { document.iform.psk.disabled = endis; } - function expertmode_change(enable_over) { var endis; endis = !(document.iform.expertmode_enabled.checked || enable_over); @@ -676,6 +661,19 @@ function methodsel_change(enable_over) { document.iform.lipaddr.disabled = 1; document.iform.ripaddr.disabled = 1; document.iform.netmask.disabled = 1; + document.iform.cli2cli.disabled = 0; + document.iform.psh_redir.disabled = 0; + document.iform.psh_redir_loc.disabled = 0; + document.iform.psh_rtedelay.disabled = 0; + document.iform.psh_rtedelay_int.disabled = 0; + document.iform.psh_inact.disabled = 0; + document.iform.psh_inact_int.disabled = 0; + document.iform.psh_ping.disabled = 0; + document.iform.psh_ping_int.disabled = 0; + document.iform.psh_pingexit.disabled = 0; + document.iform.psh_pingexit_int.disabled = 0; + document.iform.psh_pingrst.disabled = 0; + document.iform.psh_pingrst_int.disabled = 0; tls_change(); break; default: /* pre-shared */ @@ -715,6 +713,18 @@ function methodsel_change(enable_over) { document.iform.dupcn.checked = 0; document.iform.cli2cli.disabled = 1; document.iform.cli2cli.checked = 0; + document.iform.psh_redir.disabled = 1; + document.iform.psh_redir_loc.disabled = 1; + document.iform.psh_rtedelay.disabled = 1; + document.iform.psh_rtedelay_int.disabled = 1; + document.iform.psh_inact.disabled = 1; + document.iform.psh_inact_int.disabled = 1; + document.iform.psh_ping.disabled = 1; + document.iform.psh_ping_int.disabled = 1; + document.iform.psh_pingexit.disabled = 1; + document.iform.psh_pingexit_int.disabled = 1; + document.iform.psh_pingrst.disabled = 1; + document.iform.psh_pingrst_int.disabled = 1; break; } @@ -1090,6 +1100,33 @@ function get_radio_value(obj) { </tr> <tr> + <td width="22%" valign="top" class="vncell">Compression method</td> + <td width="78%" class="vtable"> + <select name="comp_method" class="formfld" id="comp_method"> + <option <?php if (!$pconfig['comp_method']) echo "selected";?> value="">none</option> + <?php $compression_method = array('lzo' => 'LZO', 'noadapt' => 'LZO (no adaptive)'); + foreach($compression_method as $comp_method => $comp_methodname): ?> + <option value="<?=$comp_method;?>" + <?php if ($comp_method == $pconfig['comp_method']) echo "selected";?>> + <?=htmlspecialchars($comp_methodname);?> + </option> + <?php endforeach; ?> + </select> + <br> + Choose which compression method to use.<br> + <br> + LZO compression generally improves performance on slow links, + but may add up to 1 byte per packet for incompressible data.<br> + <br> + With adaptive compression, OpenVPN will periodically sample the + compression process to measure its efficiency. If the data being + sent over the tunnel is already compressed, the compression + efficiency will be very low. Choose 'LZO (no adaptive)' + to disable OpenVPN's adaptive compression algorithm. + </td> + </tr> + + <tr> <td width="22%" valign="top" class="vncell">Client-push options</td> <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0"> |