diff options
-rw-r--r-- | etc/inc/certs.inc | 6 | ||||
-rw-r--r-- | etc/inc/config.lib.inc | 3 | ||||
-rw-r--r-- | etc/inc/easyrule.inc | 2 | ||||
-rw-r--r-- | etc/inc/filter.inc | 26 | ||||
-rw-r--r-- | etc/inc/openvpn.inc | 10 | ||||
-rw-r--r-- | etc/inc/rrd.inc | 6 | ||||
-rw-r--r-- | etc/inc/shaper.inc | 52 | ||||
-rw-r--r-- | etc/inc/upgrade_config.inc | 138 | ||||
-rw-r--r-- | etc/inc/xmlrpc.inc | 36 | ||||
-rwxr-xr-x | etc/rc.filter_synchronize | 11 | ||||
-rwxr-xr-x | usr/local/sbin/ovpn-linkup | 6 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_1to1_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/status_graph.php | 2 | ||||
-rw-r--r-- | usr/local/www/status_rrd_graph_img.php | 75 | ||||
-rw-r--r-- | usr/local/www/system_advanced_admin.php | 2 | ||||
-rw-r--r-- | usr/local/www/system_camanager.php | 79 | ||||
-rw-r--r-- | usr/local/www/system_crlmanager.php | 18 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 12 |
22 files changed, 357 insertions, 137 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 8d5604f..2b192c1 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -121,13 +121,14 @@ function ca_chain(& $cert) { return ""; } -function ca_import(& $ca, $str, $key="") { +function ca_import(& $ca, $str, $key="", $serial=0) { global $config; $ca['crt'] = base64_encode($str); if (!empty($key)) $ca['prv'] = base64_encode($key); - + if (!empty($serial)) + $ca['serial'] = $serial; $subject = cert_get_subject($str, false); $issuer = cert_get_issuer($str, false); @@ -355,6 +356,7 @@ function cert_get_issuer($str_crt, $decode = true) { $inf_crt = openssl_x509_parse($str_crt); $components = $inf_crt['issuer']; + ksort($components); if (!is_array($components)) return "unknown"; foreach ($components as $a => $v) { diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 11e1ec3..1b7766a 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -404,7 +404,8 @@ function convert_config() { $cur = $config['version'] * 10; $next = $cur + 1; $migration_function = sprintf('upgrade_%03d_to_%03d', $cur, $next); - $migration_function(); + if (function_exists($migration_function)) + $migration_function(); $migration_function = "{$migration_function}_custom"; if (function_exists($migration_function)) $migration_function(); diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 63be652..094bc83 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -53,7 +53,7 @@ function easyrule_find_rule_interface($int) { $iflist['l2tp'] = "L2TP VPN"; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])){ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])){ $iflist["enc0"] = "IPSEC"; } diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index fae42a6..0424748 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -796,7 +796,7 @@ function filter_generate_optcfg_array() { $FilterIflist['pppoe'] = $oic; } /* add ipsec interfaces */ - if(isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) { + if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { $oic = array(); $oic['if'] = 'enc0'; $oic['descr'] = 'IPsec'; @@ -1074,7 +1074,7 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ $socktype = "stream"; $dash_u = ""; } - $target = explode(" ", $target); + $target = explode(" ", trim($target)); foreach ($target as $targip) { if (empty($targip)) continue; @@ -1673,8 +1673,17 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { $lansn = $FilterIflist['lan']['snv6']; $src = "{$lansa}/{$lansn}"; break; - } - if(isset($rule[$target]['not'])) $src = "!{$src}"; + case 'pptp': + $pptpsa = gen_subnetv6($FilterIflist['pptp']['sav6'], $FilterIflist['pptp']['snv6']); + $pptpsn = $FilterIflist['pptp']['snv6']; + $src = "{$pptpsav6}/{$pptpsnv6}"; + break; + case 'pppoe': + $pppoesa = gen_subnetv6($FilterIflist['pppoe']['ipv6'], $FilterIflist['pppoe']['snv6']); + $pppoesn = $FilterIflist['pppoe']['snv6']; + $src = "{$pppoesav6}/{$pppoesnv6}"; + break; + } } else { switch ($rule[$target]['network']) { case 'wan': @@ -1704,7 +1713,6 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { $src = "{$pppoesa}/{$pppoesn}"; break; } - if(isset($rule[$target]['not'])) $src = "!{$src}"; } } } else if($rule[$target]['address']) { @@ -2280,6 +2288,7 @@ EOD; $ipfrules .= <<<EOD # allow PPTP client pass in on \${$oc['descr']} proto tcp from any to any port = 1723 flags S/SA modulate state label "allow PPTP client on {$oc['descr']}" +pass in on \${$oc['descr']} proto gre from any to any keep state label "allow PPTP client on {$oc['descr']}" EOD; break; @@ -2312,8 +2321,8 @@ EOD; if($config['dhcpd'][$on]['failover_peerip'] <> "") { $ipfrules .= <<<EOD # allow access to DHCP failover on {$oc['descr']} from {$config['dhcpd'][$on]['failover_peerip']} -pass in on \${$oc['descr']} proto udp from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 519 label "allow access to DHCP failover" -pass in on \${$oc['descr']} proto udp from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 520 label "allow access to DHCP failover" +pass in on \${$oc['descr']} proto { tcp udp } from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 519 label "allow access to DHCP failover" +pass in on \${$oc['descr']} proto { tcp udp } from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 520 label "allow access to DHCP failover" EOD; } @@ -2371,7 +2380,7 @@ EOD; /* add ipsec interfaces */ - if(isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) $ipfrules .= <<<EOD pass out on \$IPsec all keep state label "IPsec internal host to host" @@ -2419,6 +2428,7 @@ EOD; $ipfrules .= <<<EOD # PPTPd rules pass in on \${$FilterIflist['wan']['descr']} proto tcp from any to $pptpdtarget port = 1723 modulate state label "allow pptpd {$pptpdtarget}" +pass in on \${$FilterIflist['wan']['descr']} proto gre from any to any keep state label "allow gre pptpd" EOD; diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 8d71fd2..df531c7 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -295,11 +295,11 @@ function openvpn_reconfigure($mode, $settings) { $vpnid = $settings['vpnid']; $mode_id = $mode.$vpnid; - if (isset($settings['device_mode'])) - $tunname = "{$settings['device_mode']}{$vpnid}"; + if (isset($settings['dev_mode'])) + $tunname = "{$settings['dev_mode']}{$vpnid}"; else { /* defaults to tun */ $tunname = "tun{$vpnid}"; - $settings['device_mode'] = "tun"; + $settings['dev_mode'] = "tun"; } if ($mode == "server") @@ -323,7 +323,7 @@ function openvpn_reconfigure($mode, $settings) { $pfile = $g['varrun_path'] . "/openvpn_{$mode_id}.pid"; $proto = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-{$mode}"); - $device_mode = $settings['device_mode']; + $dev_mode = $settings['dev_mode']; $cipher = $settings['crypto']; $interface = $settings['interface']; @@ -341,7 +341,7 @@ function openvpn_reconfigure($mode, $settings) { } $conf = "dev {$devname}\n"; - $conf .= "dev-type {$settings['device_mode']}\n"; + $conf .= "dev-type {$settings['dev_mode']}\n"; $conf .= "dev-node /dev/{$tunname}\n"; $conf .= "writepid {$pfile}\n"; $conf .= "#user nobody\n"; diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index 433f659..2951450 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -459,14 +459,14 @@ function enable_rrd_graphing() { if($g['booting']) { $rrdqcommand = "-t "; $rrducommand = "N"; - $q = 0; + $qi = 0; foreach ($qlist as $qname => $q) { - if($q == 0) { + if($qi == 0) { $rrdqcommand .= "{$qname}"; } else { $rrdqcommand .= ":{$qname}"; } - $q++; + $qi++; $rrducommand .= ":U"; } mwexec("$rrdtool update $rrddbpath$ifname$queues $rrdqcommand $rrducommand"); diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 9c8618a..a0fb0e4 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -742,7 +742,7 @@ class priq_queue { var $available_bw; /* in b/s */ /* This is here to help with form building and building rules/lists */ - var $subqueues = array(); + var $subqueues = array(); /* Accesor functions */ function GetAvailableBandwidth() { @@ -953,9 +953,17 @@ class priq_queue { $reqdfieldsn[] = "Name"; shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors); + if ($data['bandwidth'] && (!is_numeric($data['bandwidth']))) + $input_errors[] = "Bandwidth must be an integer."; + if ($data['bandwidth'] < 0) + $input_errors[] = "Bandwidth cannot be negative."; + if ($data['qlimit'] && (!is_numeric($data['qlimit']))) + $input_errors[] = "Qlimit must be an integer."; + if ($data['qlimit'] < 0) + $input_errors[] = "Qlimit must be an positive."; if ($data['priority'] && (!is_numeric($data['priority']) - || ($data['priority'] < 1) || ($data['priority'] > 15))) { - $input_errors[] = "The priority must be an integer between 1 and 15."; + || ($data['priority'] < 1) || ($data['priority'] > 15))) { + $input_errors[] = "The priority must be an integer between 1 and 15."; } if ($data['qlimit'] && (!is_numeric($data['qlimit']))) $input_errors[] = "Queue limit must be an integer"; @@ -1131,13 +1139,15 @@ class priq_queue { $form .= "<tr>"; $form .= "<td width=\"22%\" valign=\"center\" class=\"vncell\">Scheduler options</td>"; $form .= "<td width=\"78%\" class=\"vtable\">"; - $tmpvalue = $this->GetDefault(); - if (!empty($tmpvalue)) { - $form .= "<input type=\"checkbox\" id=\"default\" CHECKED name=\"default\" value=\"default\""; - $form .= "> Default queue<br>"; - } else { - $form .= "<input type=\"checkbox\" id=\"default\" name=\"default\" value=\"default\""; - $form .= "> Default queue<br>"; + if (empty($this->subqueues)) { + $tmpvalue = $this->GetDefault(); + if (!empty($tmpvalue)) { + $form .= "<input type=\"checkbox\" id=\"default\" CHECKED name=\"default\" value=\"default\""; + $form .= "> Default queue<br>"; + } else { + $form .= "<input type=\"checkbox\" id=\"default\" name=\"default\" value=\"default\""; + $form .= "> Default queue<br>"; + } } $form .= "<input type=\"checkbox\" id=\"red\" name=\"red\" value=\"red\" "; $tmpvalue = $this->GetRed(); @@ -4038,20 +4048,20 @@ function build_iface_without_this_queue($iface, $qname) { global $g, $altq_list_queues; $altq =& $altq_list_queues[$iface]; - if ($altq) - $scheduler = ": " . $altq->GetScheduler(); + if ($altq) + $scheduler = ": " . $altq->GetScheduler(); $form = "<tr><td width=\"20%\" >"; $form .= "<a href=\"firewall_shaper.php?interface=" . $iface . "&queue=" . $iface."&action=show\">".$iface.": ".$scheduler."</a>"; - $form .= "</td></tr>"; - $form .= "<tr><td width=\"100%\" class=\"vncellreq\">"; - $form .= "<a href=\"firewall_shaper_queues.php?interface="; - $form .= $iface . "&queue=". $qname . "&action=add\">"; - $form .= "<img src=\""; - $form .= "./themes/".$g['theme']."/images/icons/icon_plus.gif\""; - $form .= " width=\"17\" height=\"17\" border=\"0\" title=\"Clone shaper/queue on this interface\">"; - $form .= " Clone shaper/queue on this interface</a></td></tr>"; + $form .= "</td></tr>"; + $form .= "<tr><td width=\"100%\" class=\"vncellreq\">"; + $form .= "<a href=\"firewall_shaper_queues.php?interface="; + $form .= $iface . "&queue=". $qname . "&action=add\">"; + $form .= "<img src=\""; + $form .= "./themes/".$g['theme']."/images/icons/icon_plus.gif\""; + $form .= " width=\"17\" height=\"17\" border=\"0\" title=\"Clone shaper/queue on this interface\">"; + $form .= " Clone shaper/queue on this interface</a></td></tr>"; - return $form; + return $form; } diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 1e1fe13..2ffa7ed 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -982,6 +982,7 @@ function upgrade_046_to_047() { $ph1alg = array( 'name' => 'aes', 'keylen' => '128' ); break; case "rijndael 256": + case "aes 256": $ph1alg = array( 'name' => 'aes', 'keylen' => '256' ); break; } @@ -1066,6 +1067,7 @@ function upgrade_046_to_047() { break; case "rijndael": case "rijndael 256": + case "aes 256": $ph2alg = array( 'name' => 'aes', 'keylen' => 'auto' ); $aes_found = true; $aes_count++; @@ -1090,6 +1092,142 @@ function upgrade_046_to_047() { $config['ipsec']['phase1'] = $a_phase1; $config['ipsec']['phase2'] = $a_phase2; } + + /* Upgrade Mobile IPsec */ + if (isset($config['ipsec']['mobileclients']) + && is_array($config['ipsec']['mobileclients']) + && is_array($config['ipsec']['mobileclients']['p1']) + && is_array($config['ipsec']['mobileclients']['p2'])) { + + if (isset($config['ipsec']['mobileclients']['enable'])) { + $config['ipsec']['client']['enable'] = true; + $config['ipsec']['client']['user_source'] = 'system'; + $config['ipsec']['client']['group_source'] = 'system'; + } + + $mobilecfg = $config['ipsec']['mobileclients']; + + $ph1ent = array(); + $ph1ent['ikeid'] = ++$ikeid; + + if (!isset($mobilecfg['enable'])) + $ph1ent['disabled'] = true; + + /* Assume WAN since mobile tunnels couldn't be on a separate interface on 1.2.x */ + $ph1ent['interface'] = 'wan'; + $ph1ent['descr'] = "Mobile Clients (upgraded)"; + $ph1ent['mode'] = $mobilecfg['p1']['mode']; + + if (isset($mobilecfg['p1']['myident']['myaddress'])) + $ph1ent['myid_type'] = "myaddress"; + if (isset($mobilecfg['p1']['myident']['address'])) { + $ph1ent['myid_type'] = "address"; + $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['address']; + } + if (isset($mobilecfg['p1']['myident']['fqdn'])) { + $ph1ent['myid_type'] = "fqdn"; + $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['fqdn']; + } + if (isset($mobilecfg['p1']['myident']['ufqdn'])) { + $ph1ent['myid_type'] = "user_fqdn"; + $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['ufqdn']; + } + if (isset($mobilecfg['p1']['myident']['asn1dn'])) { + $ph1ent['myid_type'] = "asn1dn"; + $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['asn1dn']; + } + if (isset($mobilecfg['p1']['myident']['dyn_dns'])) { + $ph1ent['myid_type'] = "dyn_dns"; + $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['dyn_dns']; + } + $ph1ent['peerid_type'] = "fqdn"; + $ph1ent['peerid_data'] = ""; + + switch ($mobilecfg['p1']['encryption-algorithm']) { + case "des": + $ph1alg = array( 'name' => 'des' ); + break; + case "3des": + $ph1alg = array( 'name' => '3des' ); + break; + case "blowfish": + $ph1alg = array( 'name' => 'blowfish', 'keylen' => '128' ); + break; + case "cast128": + $ph1alg = array( 'name' => 'cast128' ); + break; + case "rijndael": + $ph1alg = array( 'name' => 'aes', 'keylen' => '128' ); + break; + case "rijndael 256": + case "aes 256": + $ph1alg = array( 'name' => 'aes', 'keylen' => '256' ); + break; + } + + $ph1ent['encryption-algorithm'] = $ph1alg; + $ph1ent['hash-algorithm'] = $mobilecfg['p1']['hash-algorithm']; + $ph1ent['dhgroup'] = $mobilecfg['p1']['dhgroup']; + $ph1ent['lifetime'] = $mobilecfg['p1']['lifetime']; + $ph1ent['authentication_method'] = $mobilecfg['p1']['authentication_method']; + + if (isset($mobilecfg['p1']['cert'])) + $ph1ent['cert'] = $mobilecfg['p1']['cert']; + if (isset($mobilecfg['p1']['peercert'])) + $ph1ent['peercert'] = $mobilecfg['p1']['peercert']; + if (isset($mobilecfg['p1']['private-key'])) + $ph1ent['private-key'] = $mobilecfg['p1']['private-key']; + + $ph1ent['nat_traversal'] = "on"; + $ph1ent['dpd_enable'] = 1; + $ph1ent['dpd_delay'] = 10; + $ph1ent['dpd_maxfail'] = 5; + $ph1ent['mobile'] = true; + + $ph2ent = array(); + $ph2ent['ikeid'] = $ph1ent['ikeid']; + $ph2ent['descr'] = "phase2 for ".$mobilecfg['descr']; + $ph2ent['localid'] = array('type' => 'none'); + $ph2ent['remoteid'] = array('type' => 'mobile'); + $ph2ent['protocol'] = $mobilecfg['p2']['protocol']; + + $aes_count = 0; + foreach( $mobilecfg['p2']['encryption-algorithm-option'] as $tunalg ) { + $aes_found = false; + switch ($tunalg) { + case "des": + $ph2alg = array( 'name' => 'des' ); + break; + case "3des": + $ph2alg = array( 'name' => '3des' ); + break; + case "blowfish": + $ph2alg = array( 'name' => 'blowfish', 'keylen' => 'auto' ); + break; + case "cast128": + $ph2alg = array( 'name' => 'cast128' ); + break; + case "rijndael": + case "rijndael 256": + case "aes 256": + $ph2alg = array( 'name' => 'aes', 'keylen' => 'auto' ); + $aes_found = true; + $aes_count++; + break; + } + + if( !$aes_found || ($aes_count < 2)) + $ph2ent['encryption-algorithm-option'][] = $ph2alg; + } + $ph2ent['hash-algorithm-option'] = $mobilecfg['p2']['hash-algorithm-option']; + $ph2ent['pfsgroup'] = $mobilecfg['p2']['pfsgroup']; + $ph2ent['lifetime'] = $mobilecfg['p2']['lifetime']; + $ph2ent['mobile'] = true; + + $config['ipsec']['phase1'][] = $ph1ent; + $config['ipsec']['phase2'][] = $ph2ent; + unset($config['ipsec']['mobileclients']); + } } diff --git a/etc/inc/xmlrpc.inc b/etc/inc/xmlrpc.inc index ae725e5..ca07cee 100644 --- a/etc/inc/xmlrpc.inc +++ b/etc/inc/xmlrpc.inc @@ -33,6 +33,7 @@ pfSense_MODULE: utils */ +require_once("auth.inc"); require_once("xmlrpc_client.inc"); /* @@ -109,25 +110,26 @@ function php_value_to_xmlrpc($value, $force_array = false) { function xmlrpc_auth(&$params) { global $config, $_SERVER; - if (!is_array($config['system']['user'])) { - array_shift($params); - unset($params['xmlrpcauth']); - log_error("webConfigurator authentication error for 'admin' from {$_SERVER['REMOTE_ADDR']} during sync settings."); - return false; - } - if (!isset($config['system']['user'][0]['password'])) { - array_shift($params); - unset($params['xmlrpcauth']); - log_error("webConfigurator authentication error for 'admin' from {$_SERVER['REMOTE_ADDR']} during sync settings."); - return false; - } - - $localpass = $config['system']['user'][0]['password']; - if(crypt($params[0], $localpass) == $localpass) { + /* XXX: Should teach caller to pass username and use it here. */ + /* XXX: Should clarify from old behaviour what is in params[0] that differs from params['xmlrpcauth'] */ + if (isset($config['system']['webgui']['authmode'])) { + $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); + if (authenticate_user("admin", $params[0], $authcfg) || + authenticate_user("admin", $params[0])) { + array_shift($params); + unset($params['xmlrpcauth']); + return true; + } else if (!empty($params['xmlrpcauth']) && (authenticate_user("admin", $params['xmlrpcauth'], $authcfg) || + authenticate_user("admin", $params['xmlrpcauth']))) { + array_shift($params); + unset($params['xmlrpcauth']); + return true; + } + } else if (authenticate_user("admin", $params[0])) { array_shift($params); unset($params['xmlrpcauth']); return true; - } else if(crypt($params['xmlrpcauth'], $localpass) == $localpass) { + } else if (!empty($params['xmlrpcauth']) && authenticate_user("admin", $params['xmlrpcauth'])) { array_shift($params); unset($params['xmlrpcauth']); return true; @@ -139,4 +141,4 @@ function xmlrpc_auth(&$params) { return false; } -?>
\ No newline at end of file +?> diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index c3c2899..d588e8a 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -101,7 +101,8 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host while ($numberofruns < 2) { $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $username = $config['system']['user'][0]['name']; + /* XXX: Configurable from the GUI?! */ + $username = "admin"; $cli->setCredentials($username, $password); if($numberofruns > 1) $cli->setDebug(1); @@ -235,7 +236,8 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens log_error("Beginning XMLRPC sync to {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $username = $config['system']['user'][0]['name']; + /* XXX: Configurable from the GUI?! */ + $username = "admin"; $cli->setCredentials($username, $password); if($numberofruns > 1) $cli->setDebug(1); @@ -272,7 +274,7 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { update_filter_reload_status("Building CARP sync information"); foreach($config['installedpackages']['carpsettings']['config'] as $carp) { if (empty($carp['synchronizetoip'])) { - log_error("CARP sync not being done because of missing sync ip!"); + log_error("Config sync not being done because of missing sync IP (normal on secondary systems)."); break; } /* @@ -396,7 +398,8 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { ); $msg = new XML_RPC_Message('pfsense.filter_configure', $params); - $username = $config['system']['user'][0]['name']; + /* XXX: Configurable from the GUI */ + $username = "admin"; $cli->setCredentials($username, $carp['password']); $resp = $cli->send($msg, "900"); diff --git a/usr/local/sbin/ovpn-linkup b/usr/local/sbin/ovpn-linkup index 60489c2..613822c 100755 --- a/usr/local/sbin/ovpn-linkup +++ b/usr/local/sbin/ovpn-linkup @@ -2,7 +2,11 @@ # let the configuration system know that the ip has changed. #/usr/local/sbin/pfSctl -c "interface newip $interface" -/bin/echo $4 > /tmp/$1_router +if [ -n $route_vpn_gateway ]; then + /bin/echo $route_vpn_gateway > /tmp/$1_router +else + /bin/echo $4 > /tmp/$1_router +fi /usr/bin/touch /tmp/$1up # reload filter /usr/local/sbin/pfSctl -c "interface newip $1" diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 135dd99..e9f4577 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -288,7 +288,7 @@ function typesel_change() { $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) if(have_ruleint_access("enc0")) $interfaces["enc0"] = "IPsec"; diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 361d324..3dc1d83 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -482,7 +482,7 @@ include("fbegin.inc"); ?> $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) if(have_ruleint_access("enc0")) $interfaces["enc0"] = "IPsec"; diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index db6d03d..4d960f2 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -416,7 +416,7 @@ function poolopts_change() { $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) if(have_ruleint_access("enc0")) $interfaces["enc0"] = "IPsec"; diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 1f511c6..81be4d4 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -169,7 +169,7 @@ if (is_array($config['pppoes']['pppoe'])) { } /* add ipsec interfaces */ -if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) +if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) if(have_ruleint_access("enc0")) $iflist["enc0"] = "IPsec"; diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index a8a6fe3..542f832 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -699,7 +699,7 @@ include("head.inc"); if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) if(have_ruleint_access("enc0")) $interfaces["enc0"] = "IPsec"; /* add openvpn/tun interfaces */ diff --git a/usr/local/www/status_graph.php b/usr/local/www/status_graph.php index 4527a71..6c00da4 100755 --- a/usr/local/www/status_graph.php +++ b/usr/local/www/status_graph.php @@ -163,7 +163,7 @@ function updateBandwidthHosts(data){ <?php /* link the ipsec interface magically */ -if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) +if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) $ifdescrs['enc0'] = "IPsec"; ?> diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index 00df6c1..553a629 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -350,7 +350,8 @@ if((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdatabas $graphcmd .= "CDEF:\"$curif-bytes_t_block6=$curif-bytes_in6_t_block,$curif-bytes_out6_t_block,+\" "; $graphcmd .= "CDEF:\"$curif-bytes_t6=$curif-bytes_in6_t_pass,$curif-bytes_out6_t_block,+\" "; $graphcmd .= "VDEF:\"$curif-in_bits_95=$curif-in_bits,95,PERCENT\" "; - $graphcmd .= "VDEF:\"$curif-out_bits_95=$curif-out_bits,95,PERCENT\" "; + $graphcmd .= "CDEF:\"$curif-out_bits_mul=$curif-out_bits,$multiplier,*\" "; + $graphcmd .= "VDEF:\"$curif-out_bits_95=$curif-out_bits_mul,95,PERCENT\" "; $graphcmd .= "AREA:\"$curif-in_bits_block#{$colortrafficdown[1]}:$curif-in-block\" "; $graphcmd .= "AREA:\"$curif-in_bits_pass#{$colortrafficdown[0]}:$curif-in-pass:STACK\" "; @@ -981,42 +982,42 @@ elseif((strstr($curdatabase, "-quality.rrd")) && (file_exists("$rrddbpath$curdat } elseif((strstr($curdatabase, "spamd.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* graph a spamd statistics graph */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; - $graphcmd .= "--start $start --end $end "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; - $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--vertical-label=\"Conn / Time, sec.\" "; - $graphcmd .= "--height 200 --width 620 --no-gridfit "; - $graphcmd .= "--lower-limit 0 "; - $graphcmd .= "DEF:\"consmin=$rrddbpath$curdatabase:conn:MIN\" "; - $graphcmd .= "DEF:\"consavg=$rrddbpath$curdatabase:conn:AVERAGE\" "; - $graphcmd .= "DEF:\"consmax=$rrddbpath$curdatabase:conn:MAX\" "; - $graphcmd .= "DEF:\"timemin=$rrddbpath$curdatabase:time:MIN\" "; - $graphcmd .= "DEF:\"timeavg=$rrddbpath$curdatabase:time:AVERAGE\" "; - $graphcmd .= "DEF:\"timemax=$rrddbpath$curdatabase:time:MAX\" "; - $graphcmd .= "CDEF:\"timeminadj=timemin,0,86400,LIMIT,UN,0,timemin,IF\" "; - $graphcmd .= "CDEF:\"timeavgadj=timeavg,0,86400,LIMIT,UN,0,timeavg,IF\" "; - $graphcmd .= "CDEF:\"timemaxadj=timemax,0,86400,LIMIT,UN,0,timemax,IF\" "; - $graphcmd .= "CDEF:\"t1=timeminadj,timeavgadj,+,2,/,timeminadj,-\" "; - $graphcmd .= "CDEF:\"t2=timeavgadj,timemaxadj,+,2,/,timeminadj,-,t1,-\" "; - $graphcmd .= "CDEF:\"t3=timemaxadj,timeminadj,-,t1,-,t2,-\" "; - $graphcmd .= "AREA:\"timeminadj\" "; - $graphcmd .= "AREA:\"t1#$colorspamdtime[0]::STACK\" "; - $graphcmd .= "AREA:\"t2#$colorspamdtime[1]::STACK\" "; - $graphcmd .= "AREA:\"t3#$colorspamdtime[2]::STACK\" "; - $graphcmd .= "LINE2:\"timeavgadj#$colorspamdtime[3]:\"Time \" "; - $graphcmd .= "GPRINT:\"timeminadj:MIN:\"Min\\:%6.2lf\\t\" "; - $graphcmd .= "GPRINT:\"timeavgadj:AVERAGE:\"Avg\\:%6.2lf\\t\" "; - $graphcmd .= "GPRINT:\"timemaxadj:MAX:\"Max\\:%6.2lf\\n\" "; - $graphcmd .= "AREA:\"consmax#$colorspamdconn[0]\" "; - $graphcmd .= "AREA:\"consmin#$colorspamdconn[1]\" "; - $graphcmd .= "LINE1:\"consmin#$colorspamdconn[2]\" "; - $graphcmd .= "LINE1:\"consmax#$colorspamdconn[3]\" "; - $graphcmd .= "LINE1:\"consavg#$colorspamdconn[4]:\"Cons \" "; - $graphcmd .= "GPRINT:\"consmin:MIN:\"Min\\:%6.2lf\\t\" "; - $graphcmd .= "GPRINT:\"consavg:AVERAGE:\"Avg\\:%6.2lf\\t\" "; - $graphcmd .= "GPRINT:\"consmax:MAX:\"Max\\:%6.2lf\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png \\ + --start $start --end $end \\ + --title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" \\ + --color SHADEA#eeeeee --color SHADEB#eeeeee \\ + --vertical-label=\"Conn / Time, sec.\" \\ + --height 200 --width 620 --no-gridfit \\ + --lower-limit 0 \\ + DEF:consmin=$rrddbpath$curdatabase:conn:MIN \\ + DEF:consavg=$rrddbpath$curdatabase:conn:AVERAGE \\ + DEF:consmax=$rrddbpath$curdatabase:conn:MAX \\ + DEF:timemin=$rrddbpath$curdatabase:time:MIN \\ + DEF:timeavg=$rrddbpath$curdatabase:time:AVERAGE \\ + DEF:timemax=$rrddbpath$curdatabase:time:MAX \\ + \"CDEF:timeminadj=timemin,0,86400,LIMIT,UN,0,timemin,IF\" \\ + \"CDEF:timeavgadj=timeavg,0,86400,LIMIT,UN,0,timeavg,IF\" \\ + \"CDEF:timemaxadj=timemax,0,86400,LIMIT,UN,0,timemax,IF\" \\ + \"CDEF:t1=timeminadj,timeavgadj,+,2,/,timeminadj,-\" \\ + \"CDEF:t2=timeavgadj,timemaxadj,+,2,/,timeminadj,-,t1,-\" \\ + \"CDEF:t3=timemaxadj,timeminadj,-,t1,-,t2,-\" \\ + AREA:timeminadj \\ + AREA:t1#$colorspamdtime[0]::STACK \\ + AREA:t2#$colorspamdtime[1]::STACK \\ + AREA:t3#$colorspamdtime[2]::STACK \\ + LINE2:timeavgadj#$colorspamdtime[3]:\"Time \" \\ + GPRINT:timeminadj:MIN:\"Min\\:%6.2lf\\t\" \\ + GPRINT:timeavgadj:AVERAGE:\"Avg\\:%6.2lf\\t\" \\ + GPRINT:timemaxadj:MAX:\"Max\\:%6.2lf\\n\" \\ + AREA:consmax#$colorspamdconn[0] \\ + AREA:consmin#$colorspamdconn[1] \\ + LINE1:consmin#$colorspamdconn[2] \\ + LINE1:consmax#$colorspamdconn[3] \\ + LINE1:consavg#$colorspamdconn[4]:\"Cons \" \\ + GPRINT:consmin:MIN:\"Min\\:%6.2lf\\t\" \\ + GPRINT:consavg:AVERAGE:\"Avg\\:%6.2lf\\t\" \\ + GPRINT:consmax:MAX:\"Max\\:%6.2lf\\n\" \\ + COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; } elseif((strstr($curdatabase, "-cellular.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index e23ceb0..9f8b2d7 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -331,7 +331,7 @@ function prot_change() { <td width="22%" valign="top" class="vncell"><?=gettext("WebGUI login messages"); ?></td> <td width="78%" class="vtable"> <input name="quietlogin" type="checkbox" id="quietlogin" value="yes" <?php if ($pconfig['quietlogin']) echo "checked"; ?> /> - <strong><?=gettext("Disable webConfigurator successful logins"); ?></strong> + <strong><?=gettext("Disable logging of webConfigurator successful logins"); ?></strong> <br/> <?php echo gettext("When this is checked, successful logins to the webConfigurator " . "will not be logged."); diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index 6eddd39..3bf1165 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -84,6 +84,19 @@ if ($act == "del") { $savemsg = sprintf(gettext("Certificate Authority %s successfully deleted"), $name) . "<br/>"; } +if ($act == "edit") { + if (!$a_ca[$id]) { + pfSenseHeader("system_camanager.php"); + exit; + } + $pconfig['descr'] = $a_ca[$id]['descr']; + $pconfig['refid'] = $a_ca[$id]['refid']; + $pconfig['cert'] = base64_decode($a_ca[$id]['crt']); + $pconfig['serial'] = $a_ca[$id]['serial']; + if (!empty($a_ca[$id]['prv'])) + $pconfig['key'] = base64_decode($a_ca[$id]['prv']); +} + if ($act == "new") { $pconfig['method'] = $_GET['method']; $pconfig['keylen'] = "2048"; @@ -169,26 +182,37 @@ if ($_POST) { if (!$input_errors) { $ca = array(); - $ca['refid'] = uniqid(); + if (!isset($pconfig['refid']) || empty($pconfig['refid'])) + $ca['refid'] = uniqid(); + else + $ca['refid'] = $pconfig['refid']; + if (isset($id) && $a_ca[$id]) $ca = $a_ca[$id]; - $ca['descr'] = $pconfig['descr']; - - if ($pconfig['method'] == "existing") - ca_import($ca, $pconfig['cert'], $pconfig['key']); - - if ($pconfig['method'] == "internal") - { - $dn = array( - 'countryName' => $pconfig['dn_country'], - 'stateOrProvinceName' => $pconfig['dn_state'], - 'localityName' => $pconfig['dn_city'], - 'organizationName' => $pconfig['dn_organization'], - 'emailAddress' => $pconfig['dn_email'], - 'commonName' => $pconfig['dn_commonname']); - - ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn); + $ca['descr'] = $pconfig['descr']; + + if ($_POST['edit'] == "edit") { + $ca['descr'] = $pconfig['descr']; + $ca['refid'] = $pconfig['refid']; + $ca['serial'] = $pconfig['serial']; + $ca['crt'] = base64_encode($pconfig['cert']); + if (!empty($pconfig['key'])) + $ca['prv'] = base64_encode($pconfig['key']); + } else { + if ($pconfig['method'] == "existing") + ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']); + + if ($pconfig['method'] == "internal") { + $dn = array( + 'countryName' => $pconfig['dn_country'], + 'stateOrProvinceName' => $pconfig['dn_state'], + 'localityName' => $pconfig['dn_city'], + 'organizationName' => $pconfig['dn_organization'], + 'emailAddress' => $pconfig['dn_email'], + 'commonName' => $pconfig['dn_commonname']); + ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn); + } } if (isset($id) && $a_ca[$id]) @@ -250,9 +274,14 @@ function method_change() { <td id="mainarea"> <div class="tabcont"> - <?php if ($act == "new" || $act == gettext("Save") || $input_errors): ?> + <?php if ($act == "new" || $act == "edit" || $act == gettext("Save") || $input_errors): ?> <form action="system_camanager.php" method="post" name="iform" id="iform"> + <?php if ($act == "edit"): ?> + <input type="hidden" name="edit" value="edit" id="edit"> + <input type="hidden" name="id" value="<?php echo $id; ?>" id="id"> + <input type="hidden" name="refid" value="<?php echo $pconfig['refid']; ?>" id="refid"> + <?php endif; ?> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td> @@ -260,7 +289,7 @@ function method_change() { <input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/> </td> </tr> - <?php if (!isset($id)): ?> + <?php if (!isset($id) || $act == "edit"): ?> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td> <td width="78%" class="vtable"> @@ -303,6 +332,15 @@ function method_change() { <?=gettext("Paste the private key for the above certificate here. This is optional in most cases, but required if you need to generate a Certificate Revocation List (CRL).");?></td> </td> </tr> + + <?php if (!isset($id) || $act == "edit"): ?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Serial");?></td> + <td width="78%" class="vtable"> + <input name="serial" type="text" class="formfld unknown" id="serial" size="20" value="<?=htmlspecialchars($pconfig['serial']);?>"/> + </td> + </tr> + <?php endif; ?> </table> <table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal"> @@ -482,6 +520,9 @@ function method_change() { <td class="listr"><?=$certcount;?> </td> <td class="listr"><?=$subj;?> </td> <td valign="middle" nowrap class="list"> + <a href="system_camanager.php?act=edit&id=<?=$i;?>")"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("export ca");?>" alt="<?=gettext("edit ca");?>" width="17" height="17" border="0" /> + </a> <a href="system_camanager.php?act=exp&id=<?=$i;?>")"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export ca");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" /> </a> diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php index 90b61d6..67e4b2f 100644 --- a/usr/local/www/system_crlmanager.php +++ b/usr/local/www/system_crlmanager.php @@ -253,14 +253,14 @@ include("head.inc"); function method_change() { - method = document.iform.method.selectedIndex; + method = document.iform.method.value; switch (method) { - case 0: + case "internal": document.getElementById("existing").style.display="none"; document.getElementById("internal").style.display=""; break; - case 1: + case "existing": document.getElementById("existing").style.display=""; document.getElementById("internal").style.display="none"; break; @@ -302,6 +302,8 @@ function method_change() { <select name='method' id='method' class="formselect" onchange='method_change()'> <?php foreach($crl_methods as $method => $desc): + if (($_GET['importonly'] == "yes") && ($method != "existing")) + continue; $selected = ""; if ($pconfig['method'] == $method) $selected = "selected"; @@ -502,9 +504,9 @@ function method_change() { if($ca['prv']) { $caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; - $internal = "YES"; + $cainternal = "YES"; } else - continue; + $cainternal = "NO"; ?> <tr> <td class="listlr" colspan="4"> @@ -520,9 +522,15 @@ function method_change() { </table> </td> <td class="list"> + <?php if ($cainternal == "YES"): ?> <a href="system_crlmanager.php?act=new&caref=<?php echo $ca['refid']; ?>"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("Add or Import CRL for ") . $ca['descr'];?>" alt="<?=gettext("add crl");?>" width="17" height="17" border="0" /> </a> + <?php else: ?> + <a href="system_crlmanager.php?act=new&caref=<?php echo $ca['refid']; ?>&importonly=yes"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("Import CRL for ") . $ca['descr'];?>" alt="<?=gettext("add crl");?>" width="17" height="17" border="0" /> + </a> + <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index ef82716..cc38e65 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -91,7 +91,7 @@ if($_GET['act']=="new"){ $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; $pconfig['dh_length'] = 1024; - $pconfig['device_mode'] = "tun"; + $pconfig['dev_mode'] = "tun"; $pconfig['interface'] = "wan"; $pconfig['local_port'] = openvpn_port_next('UDP'); $pconfig['pool_enable'] = "yes"; @@ -105,7 +105,7 @@ if($_GET['act']=="edit"){ $pconfig['mode'] = $a_server[$id]['mode']; $pconfig['protocol'] = $a_server[$id]['protocol']; $pconfig['authmode'] = $a_server[$id]['authmode']; - $pconfig['device_mode'] = $a_server[$id]['device_mode']; + $pconfig['dev_mode'] = $a_server[$id]['dev_mode']; $pconfig['interface'] = $a_server[$id]['interface']; if (!empty($a_server[$id]['ipaddr'])) { $pconfig['interface'] = $pconfig['interface'] . '|' . $a_server[$id]['ipaddr']; @@ -306,7 +306,7 @@ if ($_POST) { if (!empty($pconfig['authmode'])) $server['authmode'] = implode(",", $pconfig['authmode']); $server['protocol'] = $pconfig['protocol']; - $server['device_mode'] = $pconfig['device_mode']; + $server['dev_mode'] = $pconfig['dev_mode']; list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']); $server['local_port'] = $pconfig['local_port']; $server['description'] = $pconfig['description']; @@ -668,12 +668,12 @@ if ($savemsg) <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td> <td width="78%" class="vtable"> - <select name="device_mode" class="formselect"> + <select name="dev_mode" class="formselect"> <?php foreach ($openvpn_dev_mode as $device): $selected = ""; - if (! empty($pconfig['device_mode'])) { - if ($pconfig['device_mode'] == $device) + if (! empty($pconfig['dev_mode'])) { + if ($pconfig['dev_mode'] == $device) $selected = "selected"; } else { if ($device == "tun") |