summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--etc/inc/openvpn.inc32
-rw-r--r--usr/local/www/vpn_openvpn_csc.php68
2 files changed, 93 insertions, 7 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 30b84c3..38b055a 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -894,6 +894,22 @@ function openvpn_resync_csc(& $settings) {
$conf .= "ifconfig-push {$clientip} {$mask}\n";
}
+ if ($settings['local_network']) {
+ $conf .= openvpn_gen_routes($settings['local_network'], "ipv4", true);
+ }
+ if ($settings['local_networkv6']) {
+ $conf .= openvpn_gen_routes($settings['local_networkv6'], "ipv6", true);
+ }
+
+ // Add a remote network iroute if set
+ if (openvpn_validate_cidr($settings['remote_network'], "", true, "ipv4") === FALSE) {
+ $conf .= openvpn_gen_routes($settings['remote_network'], "ipv4", false, true);
+ }
+ // Add a remote network iroute if set
+ if (openvpn_validate_cidr($settings['remote_networkv6'], "", true, "ipv6") === FALSE) {
+ $conf .= openvpn_gen_routes($settings['remote_networkv6'], "ipv6", false, true);
+ }
+
openvpn_add_dhcpopts($settings, $conf);
if ($settings['gwredir'])
@@ -1306,7 +1322,7 @@ function openvpn_clear_route($mode, $settings) {
}
}
-function openvpn_gen_routes($value, $ipproto = "ipv4", $push = false) {
+function openvpn_gen_routes($value, $ipproto = "ipv4", $push = false, $iroute = false) {
$routes = "";
if (empty($value))
return "";
@@ -1314,9 +1330,9 @@ function openvpn_gen_routes($value, $ipproto = "ipv4", $push = false) {
foreach ($networks as $network) {
if ($ipproto == "ipv4")
- $route = openvpn_gen_route_ipv4($network);
+ $route = openvpn_gen_route_ipv4($network, $iroute);
else
- $route = openvpn_gen_route_ipv6($network);
+ $route = openvpn_gen_route_ipv6($network, $iroute);
if ($push)
$routes .= "push \"{$route}\"\n";
@@ -1326,17 +1342,19 @@ function openvpn_gen_routes($value, $ipproto = "ipv4", $push = false) {
return $routes;
}
-function openvpn_gen_route_ipv4($network) {
+function openvpn_gen_route_ipv4($network, $iroute = false) {
+ $i = ($iroute) ? "i" : "";
list($ip, $mask) = explode('/', trim($network));
$mask = gen_subnet_mask($mask);
- return "route $ip $mask";
+ return "{$i}route $ip $mask";
}
-function openvpn_gen_route_ipv6($network) {
+function openvpn_gen_route_ipv6($network, $iroute = false) {
+ $i = ($iroute) ? "i" : "";
list($ipv6, $prefix) = explode('/', trim($network));
if (empty($prefix))
$prefix = "128";
- return "route-ipv6 ${ipv6}/${prefix}";
+ return "{$i}route-ipv6 ${ipv6}/${prefix}";
}
function openvpn_get_settings($mode, $vpnid) {
diff --git a/usr/local/www/vpn_openvpn_csc.php b/usr/local/www/vpn_openvpn_csc.php
index f01b5db..28810a2 100644
--- a/usr/local/www/vpn_openvpn_csc.php
+++ b/usr/local/www/vpn_openvpn_csc.php
@@ -76,6 +76,10 @@ if($_GET['act']=="edit"){
$pconfig['description'] = $a_csc[$id]['description'];
$pconfig['tunnel_network'] = $a_csc[$id]['tunnel_network'];
+ $pconfig['local_network'] = $a_csc[$id]['local_network'];
+ $pconfig['local_networkv6'] = $a_csc[$id]['local_networkv6'];
+ $pconfig['remote_network'] = $a_csc[$id]['remote_network'];
+ $pconfig['remote_networkv6'] = $a_csc[$id]['remote_networkv6'];
$pconfig['gwredir'] = $a_csc[$id]['gwredir'];
$pconfig['push_reset'] = $a_csc[$id]['push_reset'];
@@ -125,6 +129,18 @@ if ($_POST) {
if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network'))
$input_errors[] = $result;
+ if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4"))
+ $input_errors[] = $result;
+
+ if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6"))
+ $input_errors[] = $result;
+
+ if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4"))
+ $input_errors[] = $result;
+
+ if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6"))
+ $input_errors[] = $result;
+
if ($pconfig['dns_server_enable']) {
if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1'])))
$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
@@ -176,6 +192,10 @@ if ($_POST) {
$csc['description'] = $pconfig['description'];
$csc['tunnel_network'] = $pconfig['tunnel_network'];
+ $csc['local_network'] = $pconfig['local_network'];
+ $csc['local_networkv6'] = $pconfig['local_networkv6'];
+ $csc['remote_network'] = $pconfig['remote_network'];
+ $csc['remote_networkv6'] = $pconfig['remote_networkv6'];
$csc['gwredir'] = $pconfig['gwredir'];
$csc['push_reset'] = $pconfig['push_reset'];
@@ -389,6 +409,54 @@ function netbios_change() {
"interface"); ?>.
</td>
</tr>
+ <tr id="local_optsv4">
+ <td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Local Network/s"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="local_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['local_network']);?>">
+ <br>
+ <?=gettext("These are the IPv4 networks that will be accessible " .
+ "from this particular client. Expressed as a comma-separated list of one or more CIDR ranges."); ?>
+ </td>
+ </tr>
+ <tr id="local_optsv6">
+ <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Local Network/s"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="local_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['local_networkv6']);?>">
+ <br>
+ <?=gettext("These are the IPv6 networks that will be accessible " .
+ "from this particular client. Expressed as a comma-separated list of one or more IP/PREFIX networks."); ?>
+ </td>
+ </tr>
+ <tr id="remote_optsv4">
+ <td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Remote Network/s"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="remote_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_network']);?>">
+ <br>
+ <?=gettext("These are the IPv4 networks that will be routed " .
+ "to this client specifically using iroute, so that a site-to-site " .
+ "VPN can be established. " .
+ "Expressed as a comma-separated list of one or more CIDR ranges. " .
+ "You may leave this blank if there are no client-side networks to" .
+ "be routed"); ?>.
+ <br/><?=gettext("NOTE: Remember to add these subnets to the " .
+ "IPv4 Remote Networks list on the correspding OpenVPN server settings.");?>
+ </td>
+ </tr>
+ <tr id="remote_optsv6">
+ <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Remote Network/s"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="remote_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_networkv6']);?>">
+ <br>
+ <?=gettext("These are the IPv6 networks that will be routed " .
+ "to this client specifically using iroute, so that a site-to-site " .
+ "VPN can be established. " .
+ "Expressed as a comma-separated list of one or more IP/PREFIX networks. " .
+ "You may leave this blank if there are no client-side networks to" .
+ "be routed"); ?>.
+ <br/><?=gettext("NOTE: Remember to add these subnets to the " .
+ "IPv6 Remote Networks list on the correspding OpenVPN server settings.");?>
+ </td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td>
<td width="78%" class="vtable">
OpenPOWER on IntegriCloud