diff options
| -rw-r--r-- | etc/inc/openvpn.inc | 20 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_client.php | 20 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 20 | ||||
| -rw-r--r-- | usr/local/www/wizards/openvpn_wizard.inc | 10 | ||||
| -rw-r--r-- | usr/local/www/wizards/openvpn_wizard.xml | 13 |
5 files changed, 83 insertions, 0 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index fe8a4f5..ce1e9fd 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -172,6 +172,23 @@ function openvpn_get_cipherlist() { return $ciphers; } +function openvpn_get_engines() { + $openssl_engines = array('none' => 'No Hardware Crypto Acceleration'); + exec("/usr/bin/openssl engine", $openssl_engine_output); + foreach ($openssl_engine_output as $oeo) { + $linematch = array(); + preg_match("/\((.*)\)\s(.*)/", $oeo, $linematch); + if ($linematch[1] != "dynamic") + $openssl_engines[$linematch[1]] = $linematch[2]; + } + return $openssl_engines; +} + +function openvpn_validate_engine($engine) { + $engines = openvpn_get_engines(); + return array_key_exists($engine, $engines); +} + function openvpn_validate_host($value, $name) { $value = trim($value); if (empty($value) || (!is_domain($value) && !is_ipaddr($value))) @@ -343,6 +360,9 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "local {$iface_ip}\n"; } + if (openvpn_validate_engine($settings['engine']) && ($settings['engine'] != "none")) + $conf .= "engine {$settings['engine']}\n"; + // server specific settings if ($mode == 'server') { diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 96f67bf..d2374b2 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -125,6 +125,7 @@ if($_GET['act']=="edit"){ } else $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']); $pconfig['crypto'] = $a_client[$id]['crypto']; + $pconfig['engine'] = $a_server[$id]['engine']; $pconfig['tunnel_network'] = $a_client[$id]['tunnel_network']; $pconfig['remote_network'] = $a_client[$id]['remote_network']; @@ -254,6 +255,7 @@ if ($_POST) { $client['shared_key'] = base64_encode($pconfig['shared_key']); } $client['crypto'] = $pconfig['crypto']; + $client['engine'] = $pconfig['engine']; $client['tunnel_network'] = $pconfig['tunnel_network']; $client['remote_network'] = $pconfig['remote_network']; @@ -716,6 +718,24 @@ if ($savemsg) </select> </td> </tr> + <tr id="engine"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td> + <td width="78%" class="vtable"> + <select name="engine" class="formselect"> + <?php + $engines = openvpn_get_engines(); + foreach ($engines as $name => $desc): + $selected = ''; + if ($name == $pconfig['engine']) + $selected = ' selected'; + ?> + <option value="<?=$name;?>"<?=$selected?>> + <?=htmlspecialchars($desc);?> + </option> + <?php endforeach; ?> + </select> + </td> + </tr> <tr> <td colspan="2" class="list" height="12"></td> </tr> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 002702c..0f751e7 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -126,6 +126,7 @@ if($_GET['act']=="edit"){ } else $pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']); $pconfig['crypto'] = $a_server[$id]['crypto']; + $pconfig['engine'] = $a_server[$id]['engine']; $pconfig['tunnel_network'] = $a_server[$id]['tunnel_network']; $pconfig['remote_network'] = $a_server[$id]['remote_network']; @@ -324,6 +325,7 @@ if ($_POST) { $server['shared_key'] = base64_encode($pconfig['shared_key']); } $server['crypto'] = $pconfig['crypto']; + $server['engine'] = $pconfig['engine']; $server['tunnel_network'] = $pconfig['tunnel_network']; $server['remote_network'] = $pconfig['remote_network']; @@ -872,6 +874,24 @@ if ($savemsg) </select> </td> </tr> + <tr id="engine"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td> + <td width="78%" class="vtable"> + <select name="engine" class="formselect"> + <?php + $engines = openvpn_get_engines(); + foreach ($engines as $name => $desc): + $selected = ''; + if ($name == $pconfig['engine']) + $selected = ' selected'; + ?> + <option value="<?=$name;?>"<?=$selected?>> + <?=htmlspecialchars($desc);?> + </option> + <?php endforeach; ?> + </select> + </td> + </tr> <tr id="strictusercn"> <td width="22%" valign="top" class="vncell"><?=gettext("Strict User/CN Matching"); ?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc index 3d09066..5af4510 100644 --- a/usr/local/www/wizards/openvpn_wizard.inc +++ b/usr/local/www/wizards/openvpn_wizard.inc @@ -321,6 +321,15 @@ function step10_stepbeforeformdisplay() { $opt['value'] = $name; $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt; } + } else if ($field['name'] == "engine") { + $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array(); + $engines = openvpn_get_engines(); + foreach ($engines as $name => $desc) { + $opt = array(); + $opt['name'] = $desc; + $opt['value'] = $name; + $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt; + } } else if ($field['name'] == "nbttype") { $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array(); foreach ($netbios_nodetypes as $type => $name) { @@ -581,6 +590,7 @@ function step12_submitphpaction() { $server['netbios_enable'] = $pconfig['step10']['nbtenable']; } $server['crypto'] = $pconfig['step10']['crypto']; + $server['engine'] = $pconfig['step10']['engine']; if (isset($pconfig['step11']['ovpnrule'])) { $rule = array(); diff --git a/usr/local/www/wizards/openvpn_wizard.xml b/usr/local/www/wizards/openvpn_wizard.xml index e28507b..1108a05 100644 --- a/usr/local/www/wizards/openvpn_wizard.xml +++ b/usr/local/www/wizards/openvpn_wizard.xml @@ -692,6 +692,19 @@ <description><br/>The method used to encrypt traffic between endpoints. This setting must match on the client and server side, but is otherwise set however you like. Certain algorithms will perform better on different hardware, depending on the availability of supported VPN accelerator chips.</description> </field> <field> + <name>engine</name> + <type>select</type> + <displayname>Hardware Crypto</displayname> + <bindstofield>ovpnserver->step10->engine</bindstofield> + <options> + <option> + <name>dummy</name> + <value>dummy</value> + </option> + </options> + <description><br/>The hardware cryptographic accelerator to use for this VPN connection, if any.</description> + </field> + <field> <type>listtopic</type> <name>Tunnel Settings</name> </field> |
