diff options
-rwxr-xr-x | etc/rc.bootup | 2 | ||||
-rw-r--r-- | usr/local/pkg/openvpn.xml | 221 | ||||
-rw-r--r-- | usr/local/pkg/openvpn_cli.xml | 216 | ||||
-rwxr-xr-x | usr/local/www/pkg.php | 6 | ||||
-rwxr-xr-x | usr/local/www/pkg_edit.php | 87 |
5 files changed, 504 insertions, 28 deletions
diff --git a/etc/rc.bootup b/etc/rc.bootup index 686d15c..81bc771 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -194,7 +194,7 @@ } /* start OpenVPN server & clients */ - ovpn_configure(false); + openvpn_resync_all(); /* set up static routes */ system_routing_configure(); diff --git a/usr/local/pkg/openvpn.xml b/usr/local/pkg/openvpn.xml new file mode 100644 index 0000000..471d729 --- /dev/null +++ b/usr/local/pkg/openvpn.xml @@ -0,0 +1,221 @@ +<packagegui> + <name>openvpnserver</name> + <title>OpenVPN: Server</title> + <include_file>openvpn.inc</include_file> + <delete_string>An OpenVPN server has been deleted.</delete_string> + <addedit_string>An OpenVPN server has been created/modified.</addedit_string> + <tabs> + <tab> + <text>Server</text> + <url>/pkg.php?xml=openvpn.xml</url> + <active/> + </tab> + <tab> + <text>Client</text> + <url>/pkg.php?xml=openvpn_cli.xml</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fieldname>disable</fieldname> + <fielddescr>Disabled</fielddescr> + <type>checkbox</type> + </columnitem> + <columnitem> + <fieldname>protocol</fieldname> + <fielddescr>Protocol</fielddescr> + </columnitem> + <columnitem> + <fieldname>ipblock</fieldname> + <fielddescr>IP block</fielddescr> + </columnitem> + <columnitem> + <fieldname>description</fieldname> + <fielddescr>Description</fielddescr> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <fieldname>disable</fieldname> + <fielddescr>Disable this tunnel</fielddescr> + <description>This allows you to disable this tunnel without removing it from the list.</description> + <required>yes</required> + <type>checkbox</type> + </field> + <!--<field> + <fieldname>interface</fieldname> + <fielddescr>Interface</fielddescr> + <description>The interface to be used for the VPN. Choose TUN here unless you want bridging.</description> + <required>yes</required> + <type>select</type> + <options> + <option> + <value>tun</value> + <name>TUN</name> + </option> + <option> + <value>tap</value> + <name>TAP</name> + </option> + </options> + </field>--> + <field> + <fieldname>protocol</fieldname> + <fielddescr>Protocol</fielddescr> + <description>The protocol to be used for the VPN.</description> + <required>yes</required> + <type>select</type> + <options> + <option> + <value>UDP</value> + <name>UDP</name> + </option> + <option> + <value>TCP</value> + <name>TCP</name> + </option> + </options> + </field> + <field> + <fieldname>dynamic_ip</fieldname> + <fielddescr>Dynamic IP</fielddescr> + <description>Assume dynamic IPs, so that DHCP clients can connect.</description> + <type>checkbox</type> + </field> + <field> + <fieldname>port</fieldname> + <fielddescr>Local port</fielddescr> + <description>The port OpenVPN will use to connect to the remote endpoint. Should be set to 1194, unless this port is already in use.</description> + <required>yes</required> + <type>input</type> + <size>5</size> + </field> + <field> + <fieldname>local_ip</fieldname> + <fielddescr>Local IP</fielddescr> + <description>This is the local IP of the VPN.</description> + <required>yes</required> + <type>input</type> + </field> + <field> + <fieldname>remote_ip</fieldname> + <fielddescr>Remote IP</fielddescr> + <description>This is the remote IP of the VPN.</description> + <required>yes</required> + <type>input</type> + </field> + <field> + <fieldname>ipblock</fieldname> + <fielddescr>IP block</fielddescr> + <description>This is the remote IP block in (expressed as a CIDR range) that will be accessable from your endpoint, e.g.: '10.2.0.0/16'.</description> + <required>yes</required> + <type>input</type> + </field> + <field> + <fieldname>crypto</fieldname> + <fielddescr>Cryptography</fielddescr> + <description>Here you can choose the cryptography algorithm to be used.</description> + <required>yes</required> + <type>select</type> + </field> + <field> + <fieldname>auth_method</fieldname> + <fielddescr>Authentication method</fielddescr> + <description>The authentication method to be used.</description> + <required>yes</required> + <type>select</type> + <options> + <option> + <value>shared_key</value> + <name>Shared key</name> + </option> + <option> + <value>pki</value> + <name>PKI (Public Key Infrastructure)</name> + </option> + </options> + <onchange>onAuthMethodChanged()</onchange> + </field> + <field> + <fieldname>shared_key</fieldname> + <fielddescr>Shared key</fielddescr> + <description>Paste your shared key here.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>40</cols> + </field> + <field> + <fieldname>ca_cert</fieldname> + <fielddescr>CA certificate</fielddescr> + <description>Paste your CA certificate in X.509 format here.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>40</cols> + </field> + <field> + <fieldname>server_cert</fieldname> + <fielddescr>Server certificate</fielddescr> + <description>Paste your server certificate in X.509 format here.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>40</cols> + </field> + <field> + <fieldname>server_key</fieldname> + <fielddescr>Server key</fielddescr> + <description>Paste your server key in RSA format here.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>40</cols> + </field> + <field> + <fieldname>dh_params</fieldname> + <fielddescr>DH parameters</fielddescr> + <description>Paste your Diffie Hellman parameters in PEM format here.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>40</cols> + </field> + <field> + <fieldname>crl</fieldname> + <fielddescr>CRL</fielddescr> + <description>Paste your certificate revocation list (CRL) in PEM format here (optional).</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>40</cols> + </field> + <field> + <fieldname>use_lzo</fieldname> + <fielddescr>LZO compression</fielddescr> + <description>Checking this will compress the packets using the LZO algorithm before sending them.</description> + <type>checkbox</type> + </field> + <field> + <fieldname>description</fieldname> + <fielddescr>Description</fielddescr> + <description>You may enter a description here. This is optional and is not parsed.</description> + <type>input</type> + </field> + </fields> + <custom_php_command_before_form> + openvpn_get_ciphers(&$pkg); + </custom_php_command_before_form> + <custom_php_after_head_command> + openvpn_print_javascript('server'); + </custom_php_after_head_command> + <custom_php_after_form_command> + openvpn_print_javascript2(); + </custom_php_after_form_command> + <custom_php_validation_command> + openvpn_validate_input('server', $_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + openvpn_resync('server', $_POST['id']); + </custom_php_resync_config_command> +</packagegui> diff --git a/usr/local/pkg/openvpn_cli.xml b/usr/local/pkg/openvpn_cli.xml new file mode 100644 index 0000000..ce9eabe --- /dev/null +++ b/usr/local/pkg/openvpn_cli.xml @@ -0,0 +1,216 @@ +<packagegui> + <name>openvpnclient</name> + <title>OpenVPN: Client</title> + <include_file>openvpn.inc</include_file> + <delete_string>An OpenVPN client has been deleted.</delete_string> + <addedit_string>An OpenVPN client has been created/modified.</addedit_string> + <tabs> + <tab> + <text>Server</text> + <url>/pkg.php?xml=openvpn.xml</url> + </tab> + <tab> + <text>Client</text> + <url>/pkg.php?xml=openvpn_cli.xml</url> + <active/> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fieldname>disable</fieldname> + <fielddescr>Disabled</fielddescr> + <type>checkbox</type> + </columnitem> + <columnitem> + <fieldname>serveraddr</fieldname> + <fielddescr>Server</fielddescr> + </columnitem> + <columnitem> + <fieldname>protocol</fieldname> + <fielddescr>Protocol</fielddescr> + </columnitem> + <columnitem> + <fieldname>ipblock</fieldname> + <fielddescr>IP block</fielddescr> + </columnitem> + <columnitem> + <fieldname>description</fieldname> + <fielddescr>Description</fielddescr> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <fieldname>disable</fieldname> + <fielddescr>Disable this tunnel</fielddescr> + <description>This allows you to disable this tunnel without removing it from the list.</description> + <required>yes</required> + <type>checkbox</type> + </field> + <!--<field> + <fieldname>interface</fieldname> + <fielddescr>Interface</fielddescr> + <description>The interface to be used for the VPN. Choose TUN here unless you want bridging.</description> + <required>yes</required> + <type>select</type> + <options> + <option> + <value>tun</value> + <name>TUN</name> + </option> + <option> + <value>tap</value> + <name>TAP</name> + </option> + </options> + </field>--> + <field> + <fieldname>protocol</fieldname> + <fielddescr>Protocol</fielddescr> + <description>The protocol to be used for the VPN.</description> + <required>yes</required> + <type>select</type> + <options> + <option> + <value>UDP</value> + <name>UDP</name> + </option> + <option> + <value>TCP</value> + <name>TCP</name> + </option> + </options> + </field> + <field> + <fieldname>port</fieldname> + <fielddescr>Local port</fielddescr> + <description>The port OpenVPN will use to connect to the remote endpoint. Should be set to 1194, unless this port is already in use.</description> + <required>yes</required> + <type>input</type> + <size>5</size> + </field> + <field> + <fieldname>serveraddr</fieldname> + <fielddescr>Server address</fielddescr> + <description>This is the address OpenVPN will try to connect to in order to establish the tunnel. Set it to the remote endpoint's address.</description> + <required>yes</required> + <type>input</type> + </field> + <field> + <fieldname>serverport</fieldname> + <fielddescr>Server port</fielddescr> + <description>The port OpenVPN will use to connect to the server. Most people would want to use 1194 here.</description> + <required>yes</required> + <type>input</type> + <size>5</size> + </field> + <field> + <fieldname>local_ip</fieldname> + <fielddescr>Local IP</fielddescr> + <description>This is the local IP of the VPN.</description> + <required>yes</required> + <type>input</type> + </field> + <field> + <fieldname>remote_ip</fieldname> + <fielddescr>Remote IP</fielddescr> + <description>This is the remote IP of the VPN.</description> + <required>yes</required> + <type>input</type> + </field> + <field> + <fieldname>ipblock</fieldname> + <fielddescr>IP block</fielddescr> + <description>This is the remote IP block in (expressed as a CIDR range) that will be accessable from your endpoint, e.g.: '10.2.0.0/16'.</description> + <required>yes</required> + <type>input</type> + </field> + <field> + <fieldname>crypto</fieldname> + <fielddescr>Cryptography</fielddescr> + <description>Here you can choose the cryptography algorithm to be used.</description> + <required>yes</required> + <type>select</type> + </field> + <field> + <fieldname>auth_method</fieldname> + <fielddescr>Authentication method</fielddescr> + <description>The authentication method to be used.</description> + <required>yes</required> + <type>select</type> + <options> + <option> + <value>shared_key</value> + <name>Shared key</name> + </option> + <option> + <value>pki</value> + <name>PKI (Public Key Infrastructure)</name> + </option> + </options> + <onchange>onAuthMethodChanged()</onchange> + </field> + <field> + <fieldname>shared_key</fieldname> + <fielddescr>Shared key</fielddescr> + <description>Paste your shared key here.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>40</cols> + </field> + <field> + <fieldname>ca_cert</fieldname> + <fielddescr>CA certificate</fielddescr> + <description>Paste the server's CA certificate in X.509 format here.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>40</cols> + </field> + <field> + <fieldname>client_cert</fieldname> + <fielddescr>Client certificate</fielddescr> + <description>Paste your client certificate in X.509 format here.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>40</cols> + </field> + <field> + <fieldname>client_key</fieldname> + <fielddescr>Client key</fielddescr> + <description>Paste your client key in RSA format here.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>40</cols> + </field> + <field> + <fieldname>use_lzo</fieldname> + <fielddescr>LZO compression</fielddescr> + <description>Checking this will compress the packets using the LZO algorithm before sending them.</description> + <type>checkbox</type> + </field> + <field> + <fieldname>description</fieldname> + <fielddescr>Description</fielddescr> + <description>You may enter a description here. This is optional and is not parsed.</description> + <type>input</type> + </field> + </fields> + <custom_php_command_before_form> + openvpn_get_ciphers(&$pkg); + </custom_php_command_before_form> + <custom_php_after_head_command> + openvpn_print_javascript('client'); + </custom_php_after_head_command> + <custom_php_after_form_command> + openvpn_print_javascript2(); + </custom_php_after_form_command> + <custom_php_validation_command> + openvpn_validate_input('client', $_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + openvpn_resync('client', $_POST['id']); + </custom_php_resync_config_command> +</packagegui> diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index 4a7a7ee..26da6b0 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -48,10 +48,14 @@ if($pkg['donotsave'] <> "") { header("Location: pkg_edit.php?xml=" . $xml); } +if ($pkg['include_file'] != "") { + require_once($pkg['include_file']); +} + $package_name = $pkg['menu'][0]['name']; $section = $pkg['menu'][0]['section']; $config_path = $pkg['configpath']; -$title = $section . ": " . $package_name; +$title = $pkg['title']; $evaledvar = $config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config']; diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index cb3cc96..4c91a57 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -45,11 +45,17 @@ if($xml == "") { } else { $pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui"); } + +if($pkg['include_file'] <> "") { + require_once($pkg['include_file']); +} + $package_name = $pkg['menu'][0]['name']; $section = $pkg['menu'][0]['section']; $config_path = $pkg['configpath']; $name = $pkg['name']; -$title = $section . ": " . $package_name; +//$title = $section . ": " . $package_name; +$title = $pkg['title']; $pgtitle = $title; $id = $_GET['id']; @@ -80,7 +86,7 @@ if ($_POST) { eval($pkg['custom_php_command_before_form']); eval($pkg['custom_delete_php_command']); } - write_config(); + write_config($pkg['delete_string']); // resync the configuration file code if defined. if($pkg['custom_php_resync_config_command'] <> "") { if($pkg['custom_php_command_before_form'] <> "") @@ -110,6 +116,20 @@ if ($_POST) { $firstfield = ""; $rows = 0; + $input_errors = array(); + $reqfields = array(); + $reqfieldsn = array(); + foreach ($pkg['fields']['field'] as $field) { + if (($field['type'] == 'input') && ($field['required'] == 'yes')) { + $reqfields[] = $field['fieldname']; + $reqfieldsn[] = $field['fielddescr']; + } + } + do_input_validation($_POST, $reqfields, $reqfieldsn, &$input_errors); + + if ($pkg['custom_php_validation_command']) + eval($pkg['custom_php_validation_command']); + // store values in xml configration file. if (!$input_errors) { $pkgarr = array(); @@ -140,13 +160,16 @@ if ($_POST) { if(is_array( $_POST[$fields['fieldname']] )) { $pkgarr[$fields['fieldname']]=array(); foreach($_POST[$fields['fieldname']] as $v) { - $pkgarr[$fields['fieldname']][] = $v; + $pkgarr[$fields['fieldname']][] = trim($v); eval($comd); } continue; } $fieldname = $fields['fieldname']; - $fieldvalue = $_POST[$fieldname]; + if ($fields['encoding'] == 'base64') + $fieldvalue = base64_encode(trim($_POST[$fieldname])); + else + $fieldvalue = trim($_POST[$fieldname]); $pkgarr[$fieldname] = $fieldvalue; } } @@ -156,11 +179,7 @@ if ($_POST) { else $a_pkg[] = $pkgarr; - write_config(); - - if($pkg['include_file'] <> "") { - require_once($pkg['include_file']); - } + write_config($pkg['addedit_string']); // late running code if($pkg['custom_add_php_command_late'] <> "") { @@ -191,16 +210,21 @@ if ($_POST) { } exit; } + else + $get_from_post = true; } if($pkg['title'] <> "") - $title = $pkg['title']; + $title = $pkg['title'] . ': Edit'; else $title = "Package Editor"; $pgtitle = $title; include("head.inc"); +if ($pkg['custom_php_after_head_command']) + eval($pkg['custom_php_after_head_command']); + ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onLoad="enablechange();"> @@ -208,7 +232,7 @@ include("head.inc"); <script language="JavaScript"> <!-- function enablechange() { -<?php +<?php foreach($pkg['fields']['field'] as $field) { if(isset($field['enablefields']) or isset($field['checkenablefields'])) { print "\t" . 'if (document.iform.' . strtolower($field['name']) . '.checked == false) {' . "\n"; @@ -252,7 +276,8 @@ function enablechange() { <?php include("fbegin.inc"); ?> <p class="pgtitle"><?=$pgtitle?></p> -<form action="pkg_edit.php" method="post"> +<?php if (!empty($input_errors)) print_input_errors($input_errors); ?> +<form name="iform" action="pkg_edit.php" method="post"> <input type="hidden" name="xml" value="<?= $xml ?>"> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -297,18 +322,23 @@ if ($pkg['tabs'] <> "") { $size = ""; if(!$pkga['dontdisplayname']) { - echo "<td width=\"22%\" class=\"vncellreq\">"; + unset($req); + if ($pkga['required'] == 'yes') + $req = 'req'; + echo "<td width=\"22%\" class=\"vncell{$req}\">"; echo fixup_string($pkga['fielddescr']); echo "</td>"; } if(!$pkga['dontcombinecells']) echo "<td class=\"vtable\">"; - // if user is editing a record, load in the data. - if (isset($id) && $a_pkg[$id]) { - $fieldname = $pkga['fieldname']; - $value = $a_pkg[$id][$fieldname]; + $fieldname = $pkga['fieldname']; + if ($get_from_post) + $value = $_POST[$fieldname]; + else { + if (isset($id) && $a_pkg[$id]) + $value = $a_pkg[$id][$fieldname]; } if($pkga['type'] == "input") { @@ -321,7 +351,8 @@ if ($pkg['tabs'] <> "") { } else if($pkga['type'] == "select") { if($pkga['size']) $size = " size='" . $pkga['size'] . "' "; if($pkga['multiple'] == "yes") $multiple = "MULTIPLE "; - echo "<select " . $multiple . $size . "id='" . $pkga['fieldname'] . "' name='" . $pkga['fieldname'] . "'>\n"; + if ($pkga['onchange']) $onchange = 'onchange="' . $pkga['onchange'] . '" '; + echo "<select " . $onchange . $multiple . $size . "id='" . $pkga['fieldname'] . "' name='" . $pkga['fieldname'] . "'>\n"; foreach ($pkga['options']['option'] as $opt) { $selected = ""; if($opt['value'] == $value) $selected = " SELECTED"; @@ -344,6 +375,7 @@ if ($pkg['tabs'] <> "") { } else if($pkga['type'] == "textarea") { if($pkga['rows']) $rows = " rows='" . $pkga['rows'] . "' "; if($pkga['cols']) $cols = " cols='" . $pkga['cols'] . "' "; + if (($pkga['encoding'] == 'base64') && !$get_from_post && !empty($value)) $value = base64_decode($value); echo "<textarea " . $rows . $cols . " name='" . $pkga['fieldname'] . "'>" . $value . "</textarea>\n"; echo "<br>" . fixup_string($pkga['description']) . "\n"; } else if($pkga['type'] == "interfaces_selection") { @@ -531,24 +563,27 @@ if ($pkg['tabs'] <> "") { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?= $savevalue ?>"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_pkg[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> +<?php +if($pkg['note'] != "") + print("<p><span class=\"red\"><strong>Note:</strong></span> {$pkg['note']}</p>"); +if (isset($id) && $a_pkg[$id]) + print("<input name=\"id\" type=\"hidden\" value=\"$id\">"); +?> + <input name="Submit" type="submit" class="formbtn" value="<?= $savevalue ?>"> + <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> </td> </tr> </table> </div></tr></td></table> +</form> -<?php if($pkga['note'] <> "") echo "<br><center>" . $pkga['note'] . "</center>"; ?> +<?php if ($pkg['custom_php_after_form_command']) eval($pkg['custom_php_after_form_command']); ?> -</form> <?php include("fend.inc"); ?> </body> </html> <?php - /* * ROW Helpers function */ @@ -687,4 +722,4 @@ function parse_package_templates() { } } -?> +?>
\ No newline at end of file |