diff options
| -rw-r--r-- | etc/inc/openvpn.inc | 18 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_client.php | 20 |
2 files changed, 32 insertions, 6 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index a9282c9..b41b551 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -52,6 +52,8 @@ require_once('pfsense-utils.inc'); $openvpn_prots = array("UDP", "TCP"); +$openvpn_dev_mode = array("tun", "tap"); + /* * The User Auth mode below is disabled because * OpenVPN erroneously requires that we provide @@ -246,7 +248,7 @@ function openvpn_add_custom(& $settings, & $conf) { } } -function openvpn_add_keyfile(& $data, & $conf, $mode_id, $directive) { +function openvpn_add_keyfile(& $data, & $conf, $mode_id, $directive, $opt = "") { global $g; $fpath = $g['varetc_path']."/openvpn/{$mode_id}.{$directive}"; @@ -254,7 +256,7 @@ function openvpn_add_keyfile(& $data, & $conf, $mode_id, $directive) { chown($fpath, 'nobody'); chgrp($fpath, 'nobody'); - $conf .= "{$directive} {$fpath}\n"; + $conf .= "{$directive} {$fpath} {$opt}\n"; } function openvpn_reconfigure($mode,& $settings) { @@ -274,7 +276,13 @@ function openvpn_reconfigure($mode,& $settings) { $vpnid = $settings['vpnid']; $mode_id = $mode.$vpnid; - $tunname = "tun{$vpnid}"; + if (isset($settings['dev_mode'])) + $tunname = "{$settings['dev_mode']}{$vpnid}"; + else { /* defaults to tun */ + $tunname = "tun{$vpnid}"; + $settings['dev_mode'] = "tun"; + } + if ($mode == "server") $devname = "ovpns{$vpnid}"; else @@ -313,7 +321,7 @@ function openvpn_reconfigure($mode,& $settings) { } $conf = "dev {$devname}\n"; - $conf .= "dev-type tun\n"; + $conf .= "dev-type {$settings['dev_mode']}\n"; $conf .= "dev-node /dev/{$tunname}\n"; $conf .= "writepid {$pfile}\n"; $conf .= "#user nobody\n"; @@ -465,7 +473,7 @@ function openvpn_reconfigure($mode,& $settings) { if ($settings['crl']) openvpn_add_keyfile($settings['crl'], $conf, $mode_id, "crl-verify"); if ($settings['tls']) - openvpn_add_keyfile($settings['tls'], $conf, $mode_id, "tls-auth"); + openvpn_add_keyfile($settings['tls'], $conf, $mode_id, "tls-auth", $settings['mode'] == "server_tls" ? "0" : "1"); break; } diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index c7c6516..f1f48fd 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -92,7 +92,9 @@ if($_GET['act']=="edit"){ $pconfig['proxy_port'] = $a_client[$id]['proxy_port']; $pconfig['description'] = $a_client[$id]['description']; $pconfig['custom_options'] = $a_client[$id]['custom_options']; - + $pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type']; + $pconfig['dev_mode'] = $a_client[$id]['dev_mode']; + if ($pconfig['mode'] != "p2p_shared_key") { $pconfig['caref'] = $a_client[$id]['caref']; $pconfig['certref'] = $a_client[$id]['certref']; @@ -197,6 +199,7 @@ if ($_POST) { $client['disable'] = $pconfig['disable']; $client['protocol'] = $pconfig['protocol']; + $client['dev_mode'] = $pconfig['dev_mode']; list($client['interface'], $client['ipaddr']) = explode ("|",$pconfig['interface']); $client['local_port'] = $pconfig['local_port']; $client['server_addr'] = $pconfig['server_addr']; @@ -383,6 +386,21 @@ function autotls_change() { </select> </td> </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td> + <td width="78%" class="vtable"> + <select name='dev_mode' class="formselect"> + <?php + foreach ($openvpn_dev_mode as $mode): + $selected = ""; + if ($pconfig['dev_mode'] == $mode) + $selected = "selected"; + ?> + <option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option> + <?php endforeach; ?> + </select> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq">Interface</td> <td width="78%" class="vtable"> |
