diff options
Diffstat (limited to 'src/usr/local/www')
-rw-r--r-- | src/usr/local/www/diag_dns.php | 41 | ||||
-rw-r--r-- | src/usr/local/www/diag_pftop.php | 2 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_edit.php | 29 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_out_edit.php | 29 | ||||
-rw-r--r-- | src/usr/local/www/firewall_rules_edit.php | 30 | ||||
-rw-r--r-- | src/usr/local/www/pkg_edit.php | 2 | ||||
-rw-r--r-- | src/usr/local/www/services_captiveportal.php | 10 | ||||
-rw-r--r-- | src/usr/local/www/services_dyndns_edit.php | 10 | ||||
-rw-r--r-- | src/usr/local/www/shortcuts.inc | 2 | ||||
-rw-r--r-- | src/usr/local/www/status.php | 44 | ||||
-rw-r--r-- | src/usr/local/www/system_groupmanager_addprivs.php | 13 | ||||
-rw-r--r-- | src/usr/local/www/system_usermanager.php | 41 | ||||
-rw-r--r-- | src/usr/local/www/system_usermanager_addprivs.php | 16 | ||||
-rw-r--r-- | src/usr/local/www/vpn_l2tp.php | 11 | ||||
-rw-r--r-- | src/usr/local/www/vpn_openvpn_client.php | 21 | ||||
-rw-r--r-- | src/usr/local/www/vpn_openvpn_server.php | 67 | ||||
-rw-r--r-- | src/usr/local/www/wizards/openvpn_wizard.inc | 9 | ||||
-rw-r--r-- | src/usr/local/www/wizards/openvpn_wizard.xml | 11 |
18 files changed, 168 insertions, 220 deletions
diff --git a/src/usr/local/www/diag_dns.php b/src/usr/local/www/diag_dns.php index 74238f1..965fe97 100644 --- a/src/usr/local/www/diag_dns.php +++ b/src/usr/local/www/diag_dns.php @@ -84,12 +84,13 @@ function resolve_host_addresses($host) { return $resolved; } -if (isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) { +if (isAllowedPage('firewall_aliases_edit.php') && isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) { $resolved = gethostbyname($host); $type = "hostname"; if ($resolved) { $resolved = resolve_host_addresses($host); $isfirst = true; + $addresses = ""; foreach ($resolved as $re) { if ($re['data'] != "") { if (!$isfirst) { @@ -107,18 +108,24 @@ if (isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) { $isfirst = false; } } - $newalias = array(); - $newalias['name'] = $aliasname; - $newalias['type'] = "network"; - $newalias['address'] = $addresses; - $newalias['descr'] = gettext("Created from Diagnostics-> DNS Lookup"); - if ($alias_exists) { - $a_aliases[$id] = $newalias; + if ($addresses == "") { + $couldnotcreatealias = true; } else { - $a_aliases[] = $newalias; + $newalias = array(); + $newalias['name'] = $aliasname; + $newalias['type'] = "network"; + $newalias['address'] = $addresses; + $newalias['descr'] = gettext("Created from Diagnostics-> DNS Lookup"); + if ($alias_exists) { + $a_aliases[$id] = $newalias; + } else { + $a_aliases[] = $newalias; + } + write_config(gettext("Created an alias from Diagnostics - DNS Lookup page.")); + $createdalias = true; } - write_config(gettext("Created an alias from Diagnostics - DNS Lookup page.")); - $createdalias = true; + } else { + $couldnotcreatealias = true; } } @@ -212,6 +219,16 @@ if ($createdalias) { } else { print_info_box(gettext("Alias was created successfully."), 'success'); } + + $alias_exists = true; +} + +if ($couldnotcreatealias) { + if ($alias_exists) { + print_info_box(sprintf(gettext("Could not update alias for %s"), $host), 'warning', false); + } else { + print_info_box(sprintf(gettext("Could not create alias for %s"), $host), 'warning', false); + } } $form = new Form(false); @@ -234,7 +251,7 @@ $form->addGlobal(new Form_Button( 'fa-search' ))->addClass('btn-primary'); -if (!empty($resolved)) { +if (!empty($resolved) && isAllowedPage('firewall_aliases_edit.php')) { if ($alias_exists) { $button_text = gettext("Update alias"); } else { diff --git a/src/usr/local/www/diag_pftop.php b/src/usr/local/www/diag_pftop.php index 95d5d1d..7de4513 100644 --- a/src/usr/local/www/diag_pftop.php +++ b/src/usr/local/www/diag_pftop.php @@ -30,7 +30,7 @@ require_once("guiconfig.inc"); $pgtitle = array(gettext("Diagnostics"), gettext("pfTop")); -$sorttypes = array('age', 'bytes', 'dest', 'dport', 'exp', 'none', 'peak', 'pkt', 'rate', 'size', 'sport', 'src'); +$sorttypes = array('age', 'bytes', 'dest', 'dport', 'exp', 'none', 'pkt', 'sport', 'src'); $viewtypes = array('default', 'label', 'long', 'queue', 'rules', 'size', 'speed', 'state', 'time'); $viewall = array('queue', 'label', 'rules'); $numstates = array('50', '100', '200', '500', '1000', 'all'); diff --git a/src/usr/local/www/firewall_nat_edit.php b/src/usr/local/www/firewall_nat_edit.php index 55fc463..f833b44 100644 --- a/src/usr/local/www/firewall_nat_edit.php +++ b/src/usr/local/www/firewall_nat_edit.php @@ -958,34 +958,7 @@ if (isset($id) && $a_nat[$id] && (!isset($_POST['dup']) || !is_numericint($_POST $form->add($section); -$has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])); -$has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated'])); - -if ($has_created_time || $has_updated_time) { - $section = new Form_Section('Rule Information'); - - if ($has_created_time) { - $section->addInput(new Form_StaticText( - 'Created', - sprintf( - gettext('%1$s by %2$s'), - date(gettext("n/j/y H:i:s"), $a_nat[$id]['created']['time']), - $a_nat[$id]['created']['username']) - )); - } - - if ($has_updated_time) { - $section->addInput(new Form_StaticText( - 'Updated', - sprintf( - gettext('%1$s by %2$s'), - date(gettext("n/j/y H:i:s"), $a_nat[$id]['updated']['time']), - $a_nat[$id]['updated']['username']) - )); - } - - $form->add($section); -} +gen_created_updated_fields($form, $a_nat[$id]['created'], $a_nat[$id]['updated']); if (isset($id) && $a_nat[$id]) { $form->addGlobal(new Form_Input( diff --git a/src/usr/local/www/firewall_nat_out_edit.php b/src/usr/local/www/firewall_nat_out_edit.php index cc12353..e6720c0 100644 --- a/src/usr/local/www/firewall_nat_out_edit.php +++ b/src/usr/local/www/firewall_nat_out_edit.php @@ -684,34 +684,7 @@ $section->addInput(new Form_Input( $form->add($section); -$has_created_time = (isset($a_out[$id]['created']) && is_array($a_out[$id]['created'])); -$has_updated_time = (isset($a_out[$id]['updated']) && is_array($a_out[$id]['updated'])); - -if ($has_created_time || $has_updated_time) { - $section = new Form_Section('Rule Information'); - - if ($has_created_time) { - $section->addInput(new Form_StaticText( - 'Created', - sprintf( - gettext('%1$s by %2$s'), - date(gettext("n/j/y H:i:s"), $a_out[$id]['created']['time']), - $a_out[$id]['created']['username']) - )); - } - - if ($has_updated_time) { - $section->addInput(new Form_StaticText( - 'Updated', - sprintf( - gettext('%1$s by %2$s'), - date(gettext("n/j/y H:i:s"), $a_out[$id]['updated']['time']), - $a_out[$id]['updated']['username']) - )); - } - - $form->add($section); -} +gen_created_updated_fields($form, $a_out[$id]['created'], $a_out[$id]['updated']); print($form); diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index 1012906..e880537 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -1746,36 +1746,10 @@ $section->add($group)->setHelp('Choose the Acknowledge Queue only if there is a 'selected Queue.' ); -$has_created_time = (isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created'])); -$has_updated_time = (isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated'])); - - -if ($has_created_time || $has_updated_time) { - $form->add($section); - $section = new Form_Section('Rule Information'); - - if ($has_created_time) { - $section->addInput(new Form_StaticText( - 'Created', - sprintf( - gettext('%1$s by %2$s'), - date(gettext("n/j/y H:i:s"), $a_filter[$id]['created']['time']), - '<b>' . $a_filter[$id]['created']['username'] . '</b>') - )); - } +$form->add($section); - if ($has_updated_time) { - $section->addInput(new Form_StaticText( - 'Updated', - sprintf( - gettext('%1$s by %2$s'), - date(gettext("n/j/y H:i:s"), $a_filter[$id]['updated']['time']), - '<b>' . $a_filter[$id]['updated']['username'] . '</b>') - )); - } -} +gen_created_updated_fields($form, $a_filter[$id]['created'], $a_filter[$id]['updated']); -$form->add($section); echo $form; ?> diff --git a/src/usr/local/www/pkg_edit.php b/src/usr/local/www/pkg_edit.php index 301d311..19cdb1f 100644 --- a/src/usr/local/www/pkg_edit.php +++ b/src/usr/local/www/pkg_edit.php @@ -89,7 +89,7 @@ if ($config['installedpackages'] && !is_array($config['installedpackages'][xml_s // If the first entry in the array is an empty <config/> tag, kill it. if ($config['installedpackages'] && (count($config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config']) > 0) && - ($config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config'][0] == "")) { + (count($config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config'][0]) == 0)) { array_shift($config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config']); } diff --git a/src/usr/local/www/services_captiveportal.php b/src/usr/local/www/services_captiveportal.php index d486b70..52b228f 100644 --- a/src/usr/local/www/services_captiveportal.php +++ b/src/usr/local/www/services_captiveportal.php @@ -647,7 +647,7 @@ $section->addInput(new Form_Checkbox( ))->setHelp('When enabled, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will ' . 'never have to authenticate again. To remove the passthrough MAC entry either log in and remove it manually from the ' . '%1$sMAC tab%2$s or send a POST from another system. ' . - 'If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown.', '<a href="services_captiveportal_mac.php">', '</a>'); + 'If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown.', "<a href=\"services_captiveportal_mac.php?zone={$cpzone}\">", '</a>'); $section->addInput(new Form_Checkbox( 'passthrumacaddusername', @@ -656,7 +656,7 @@ $section->addInput(new Form_Checkbox( $pconfig['passthrumacaddusername'] ))->setHelp('If enabled with the automatically MAC passthrough entry created, the username used during authentication will be saved. ' . 'To remove the passthrough MAC entry either log in and remove it manually from the %1$sMAC tab%2$s or send a POST from another system.', - '<a href="services_captiveportal_mac.php">', '</a>'); + "<a href=\"services_captiveportal_mac.php?zone={$cpzone}\">", '</a>'); $section->addInput(new Form_Checkbox( 'peruserbw', @@ -685,13 +685,13 @@ $form->add($section); $section = new Form_Section('Authentication'); $section->addClass('Authentication'); -$group = new Form_Group('*Authentication method'); +$group = new Form_Group('*Authentication Method'); $group->add(new Form_Checkbox( 'auth_method', null, 'No Authentication', - $pconfig['auth_method'] == 'none', + $pconfig['auth_method'] == 'none' || empty($pconfig['auth_method']), 'none' ))->displayasRadio(); @@ -711,6 +711,8 @@ $group->add(new Form_Checkbox( 'radius' ))->displayasRadio(); +$group->setHelp('Select an Authentication Method to use for this zone. One method must be selected.'); + $section->add($group); $section->addInput(new Form_Checkbox( diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php index 99ec141..3f14d51 100644 --- a/src/usr/local/www/services_dyndns_edit.php +++ b/src/usr/local/www/services_dyndns_edit.php @@ -336,17 +336,17 @@ $section->addInput(new Form_Checkbox( $section->addInput(new Form_Checkbox( 'curl_ipresolve_v4', - 'CURL options', - 'Force IPv4 resolving', + 'HTTP API DNS Options', + 'Force IPv4 DNS Resolution', $pconfig['curl_ipresolve_v4'] )); $section->addInput(new Form_Checkbox( 'curl_ssl_verifypeer', - null, - 'Verify SSL peer', + 'HTTP API SSL Options', + 'Verify SSL Certificate Trust', $pconfig['curl_ssl_verifypeer'] -)); +))->setHelp('When set, the server must provide a valid certificate trust chain which can be verified by this firewall.'); $section->addInput(new Form_Input( 'username', diff --git a/src/usr/local/www/shortcuts.inc b/src/usr/local/www/shortcuts.inc index c6b28a0..33de253 100644 --- a/src/usr/local/www/shortcuts.inc +++ b/src/usr/local/www/shortcuts.inc @@ -253,7 +253,7 @@ $shortcuts['pppoes']['log'] = "status_logs_vpn.php?vpntype=poes"; $shortcuts['l2tps'] = array(); $shortcuts['l2tps']['main'] = "vpn_l2tp.php"; -$shortcuts['l2tps']['log'] = "status_logs_vpn.php?vpntype=l2tp"; +$shortcuts['l2tps']['log'] = "status_logs_vpn.php?logfile=l2tps&vpntype=l2tp"; $shortcuts['carp'] = array(); $shortcuts['carp']['main'] = "system_hasync.php"; diff --git a/src/usr/local/www/status.php b/src/usr/local/www/status.php index 5878b4f..37b4334 100644 --- a/src/usr/local/www/status.php +++ b/src/usr/local/www/status.php @@ -42,6 +42,25 @@ require_once("gwlb.inc"); $output_path = "/tmp/status_output/"; $output_file = "/tmp/status_output.tgz"; +if ($_POST['submit'] == "DOWNLOAD" && file_exists($output_file)) { + session_cache_limiter('public'); + $fd = fopen($output_file, "rb"); + header("Content-Type: application/octet-stream"); + header("Content-Length: " . filesize($output_file)); + header("Content-Disposition: attachment; filename=\"" . + trim(htmlentities(basename($output_file))) . "\""); + if (isset($_SERVER['HTTPS'])) { + header('Pragma: '); + header('Cache-Control: '); + } else { + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); + } + + fpassthru($fd); + exit; +} + if (is_dir($output_path)) { unlink_if_exists("{$output_path}/*"); @rmdir($output_path); @@ -169,6 +188,14 @@ function get_firewall_info() { if (!empty($platform['descr'])) { $firewall_info .= "<br/>Platform: " . htmlspecialchars($platform['descr']); } + + if (file_exists('/var/db/uniqueid')) { + $ngid = file_get_contents('/var/db/uniqueid'); + if (!empty($ngid)) { + $firewall_info .= "<br/>Netgate Device ID: " . htmlspecialchars($ngid); + } + } + $serial = system_get_serial(); if (!empty($serial)) { $firewall_info .= "<br/>SN/UUID: " . htmlspecialchars($serial); @@ -324,17 +351,24 @@ exec("/bin/date", $dateOutput, $dateStatus); $currentDate = $dateOutput[0]; $pgtitle = array($g['product_name'], "Status"); -include("head.inc"); +include("head.inc"); ?> -print_info_box( +<form action="status.php" method="post"> + +<?php print_info_box( gettext("Make sure all sensitive information is removed! (Passwords, etc.) before posting information from this page in public places (like mailing lists).") . '<br />' . gettext("Common password fields in config.xml have been automatically redacted.") . '<br />' . - sprintf(gettext('When the page has finished loading, the output will be stored in %1$s. It may be downloaded via scp or %2$sDiagnostics > Command Prompt%3$s.'), - $output_file, '<a href="/diag_command.php?dlPath=' . $output_file . '">', '</a>')); + sprintf(gettext('When the page has finished loading, the output is stored in %1$s. It may be downloaded via scp or using this button: '), $output_file) . + ' <button name="submit" type="submit" class="btn btn-primary btn-sm" id="download" value="DOWNLOAD">' . + '<i class="fa fa-download icon-embed-btn"></i>' . + gettext("Download") . + '</button>'); ?> + +</form> -print_info_box(get_firewall_info(), 'info', false); +<?php print_info_box(get_firewall_info(), 'info', false); listCmds(); execCmds(); diff --git a/src/usr/local/www/system_groupmanager_addprivs.php b/src/usr/local/www/system_groupmanager_addprivs.php index b2f706a..198e20b 100644 --- a/src/usr/local/www/system_groupmanager_addprivs.php +++ b/src/usr/local/www/system_groupmanager_addprivs.php @@ -53,6 +53,7 @@ if (!is_array($a_group['priv'])) { // Make a local copy and sort it $spriv_list = $priv_list; +uasort($spriv_list, "compare_by_name"); if ($_POST['save']) { @@ -146,7 +147,17 @@ if (isset($groupid)) { )); } -$section = new Form_Section('Add Privileges for '. $a_group['name']); +$section = new Form_Section('Group Privileges'); + +$name_string = $a_group['name']; +if (!empty($a_group['descr'])) { + $name_string .= " ({$a_group['descr']})"; +} + +$section->addInput(new Form_StaticText( + 'Group', + $name_string +)); $section->addInput(new Form_Select( 'sysprivs', diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php index 6966190..1482663 100644 --- a/src/usr/local/www/system_usermanager.php +++ b/src/usr/local/www/system_usermanager.php @@ -106,6 +106,18 @@ if ($_POST['act'] == "deluser") { */ $pconfig['utype'] = "user"; $pconfig['lifetime'] = 3650; + + $nonPrvCas = array(); + if (is_array($config['ca']) && count($config['ca']) > 0) { + foreach ($config['ca'] as $ca) { + if (!$ca['prv']) { + continue; + } + + $nonPrvCas[ $ca['refid'] ] = $ca['descr']; + } + } + } if (isset($_POST['dellall'])) { @@ -848,12 +860,20 @@ if ($act == "new" || $act == "edit" || $input_errors): // ==== Button for adding user certificate ================================ if ($act == 'new') { - $section->addInput(new Form_Checkbox( - 'showcert', - 'Certificate', - 'Click to create a user certificate', - false - )); + if (count($nonPrvCas) > 0) { + $section->addInput(new Form_Checkbox( + 'showcert', + 'Certificate', + 'Click to create a user certificate', + false + )); + } else { + $section->addInput(new Form_StaticText( + 'Certificate', + gettext('No private CAs found. A private CA is required to create a new user certificate. ' . + 'Save the user first to import an external certificate.') + )); + } } $form->add($section); @@ -888,15 +908,6 @@ if ($act == "new" || $act == "edit" || $input_errors): $section = new Form_Section('Create Certificate for User'); $section->addClass('cert-options'); - $nonPrvCas = array(); - foreach ($config['ca'] as $ca) { - if (!$ca['prv']) { - continue; - } - - $nonPrvCas[ $ca['refid'] ] = $ca['descr']; - } - if (!empty($nonPrvCas)) { $section->addInput(new Form_Input( 'name', diff --git a/src/usr/local/www/system_usermanager_addprivs.php b/src/usr/local/www/system_usermanager_addprivs.php index 6b90bff..880e049 100644 --- a/src/usr/local/www/system_usermanager_addprivs.php +++ b/src/usr/local/www/system_usermanager_addprivs.php @@ -28,10 +28,6 @@ ##|*MATCH=system_usermanager_addprivs.php* ##|-PRIV -function admusercmp($a, $b) { - return strcasecmp($a['name'], $b['name']); -} - require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); @@ -55,7 +51,7 @@ if (!is_array($a_user['priv'])) { // Make a local copy and sort it $spriv_list = $priv_list; -uasort($spriv_list, "admusercmp"); +uasort($spriv_list, "compare_by_name"); if ($_POST['save']) { unset($input_errors); @@ -137,6 +133,16 @@ $form = new Form(); $section = new Form_Section('User Privileges'); +$name_string = $a_user['name']; +if (!empty($a_user['descr'])) { + $name_string .= " ({$a_user['descr']})"; +} + +$section->addInput(new Form_StaticText( + 'User', + $name_string +)); + $section->addInput(new Form_Select( 'sysprivs', '*Assigned privileges', diff --git a/src/usr/local/www/vpn_l2tp.php b/src/usr/local/www/vpn_l2tp.php index 71ba88b..e49db3e 100644 --- a/src/usr/local/www/vpn_l2tp.php +++ b/src/usr/local/www/vpn_l2tp.php @@ -102,6 +102,17 @@ if ($_POST['save']) { $input_errors[] = gettext("The specified server address is equal to the LAN interface address."); } } + + if (!empty($_POST['l2tp_dns1']) && !is_ipaddrv4(trim($_POST['l2tp_dns1']))) { + $input_errors[] = gettext("The field 'Primary L2TP DNS Server' must contain a valid IPv4 address."); + } + if (!empty($_POST['l2tp_dns2']) && !is_ipaddrv4(trim($_POST['l2tp_dns2']))) { + $input_errors[] = gettext("The field 'Secondary L2TP DNS Server' must contain a valid IPv4 address."); + } + if (!empty($_POST['l2tp_dns2']) && empty($_POST['l2tp_dns1'])) { + $input_errors[] = gettext("The Secondary L2TP DNS Server cannot be set when the Primary L2TP DNS Server is empty."); + } + } if (!$input_errors) { diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index f0c612c..a02517f 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -119,7 +119,6 @@ if ($act == "edit") { $pconfig['local_port'] = $a_client[$id]['local_port']; $pconfig['server_addr'] = $a_client[$id]['server_addr']; $pconfig['server_port'] = $a_client[$id]['server_port']; - $pconfig['resolve_retry'] = $a_client[$id]['resolve_retry']; $pconfig['proxy_addr'] = $a_client[$id]['proxy_addr']; $pconfig['proxy_port'] = $a_client[$id]['proxy_port']; $pconfig['proxy_user'] = $a_client[$id]['proxy_user']; @@ -401,7 +400,6 @@ if ($_POST['save']) { $client['local_port'] = $pconfig['local_port']; $client['server_addr'] = $pconfig['server_addr']; $client['server_port'] = $pconfig['server_port']; - $client['resolve_retry'] = $pconfig['resolve_retry']; $client['proxy_addr'] = $pconfig['proxy_addr']; $client['proxy_port'] = $pconfig['proxy_port']; $client['proxy_authtype'] = $pconfig['proxy_authtype']; @@ -558,14 +556,6 @@ if ($act=="new" || $act=="edit"): $pconfig['server_addr'] ))->setHelp("The IP address or hostname of the OpenVPN server."); - $section->addInput(new Form_Checkbox( - 'resolve_retry', - 'Server hostname resolution', - 'Infinitely resolve server ', - $pconfig['resolve_retry'] - ))->setHelp('Continuously attempt to resolve the server host name. ' . - 'Useful when communicating with a server that is not permanently connected to the Internet.'); - $section->addInput(new Form_Input( 'server_port', '*Server port', @@ -805,8 +795,8 @@ if ($act=="new" || $act=="edit"): 'text', $pconfig['tunnel_network'] ))->setHelp('This is the IPv4 virtual network used for private communications between this client and the server ' . - 'expressed using CIDR (e.g. 10.0.8.0/24). The second network address will be assigned to ' . - 'the client virtual interface.'); + 'expressed using CIDR notation (e.g. 10.0.8.0/24). The second usable address in the network will be assigned to ' . + 'the client virtual interface. Leave blank if the server is capable of providing addresses to clients.'); $section->addInput(new Form_Input( 'tunnel_networkv6', @@ -814,8 +804,9 @@ if ($act=="new" || $act=="edit"): 'text', $pconfig['tunnel_networkv6'] ))->setHelp('This is the IPv6 virtual network used for private ' . - 'communications between this client and the server expressed using CIDR (e.g. fe80::/64). ' . - 'The second network address will be assigned to the client virtual interface.'); + 'communications between this client and the server expressed using CIDR notation (e.g. fe80::/64). ' . + 'When set static using this field, the ::2 address in the network will be assigned to the client virtual interface. ' . + 'Leave blank if the server is capable of providing addresses to clients.'); $section->addInput(new Form_Input( 'remote_network', @@ -877,7 +868,7 @@ if ($act=="new" || $act=="edit"): 'Don\'t add/remove routes', 'Don\'t add or remove routes automatically', $pconfig['route_no_exec'] - ))->setHelp('Pass routes to --route-upscript using environmental variables.'); + ))->setHelp('Do not execute operating system commands to install routes. Instead, pass routes to --route-up script using environmental variables.'); $form->add($section); diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 75bd2dc..d2a4a57 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -105,7 +105,6 @@ if ($act == "new") { $pconfig['dev_mode'] = "tun"; $pconfig['interface'] = "wan"; $pconfig['local_port'] = openvpn_port_next('UDP'); - $pconfig['pool_enable'] = "yes"; $pconfig['cert_depth'] = 1; $pconfig['verbosity_level'] = 1; // Default verbosity is 1 // OpenVPN Defaults to SHA1 @@ -183,7 +182,6 @@ if ($act == "edit") { $pconfig['client2client'] = $a_server[$id]['client2client']; $pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip']; - $pconfig['pool_enable'] = $a_server[$id]['pool_enable']; $pconfig['topology'] = $a_server[$id]['topology']; $pconfig['serverbridge_dhcp'] = $a_server[$id]['serverbridge_dhcp']; @@ -228,11 +226,6 @@ if ($act == "edit") { $pconfig['wins_server_enable'] = true; } - $pconfig['client_mgmt_port'] = $a_server[$id]['client_mgmt_port']; - if ($pconfig['client_mgmt_port']) { - $pconfig['client_mgmt_port_enable'] = true; - } - $pconfig['nbdd_server1'] = $a_server[$id]['nbdd_server1']; if ($pconfig['nbdd_server1']) { $pconfig['nbdd_server_enable'] = true; @@ -302,7 +295,7 @@ if ($_POST['save']) { } /* input validation */ - if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) { + if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port', 1)) { $input_errors[] = $result; } @@ -402,12 +395,6 @@ if ($_POST['save']) { } } - if ($pconfig['client_mgmt_port_enable']) { - if ($result = openvpn_validate_port($pconfig['client_mgmt_port'], 'Client management port')) { - $input_errors[] = $result; - } - } - if ($pconfig['maxclients'] && !is_numericint($pconfig['maxclients'])) { $input_errors[] = gettext("The field 'Concurrent connections' must be numeric."); } @@ -558,7 +545,6 @@ if ($_POST['save']) { $server['client2client'] = $pconfig['client2client']; $server['dynamic_ip'] = $pconfig['dynamic_ip']; - $server['pool_enable'] = $pconfig['pool_enable']; $server['topology'] = $pconfig['topology']; $server['serverbridge_dhcp'] = $pconfig['serverbridge_dhcp']; @@ -611,10 +597,6 @@ if ($_POST['save']) { } } - if ($pconfig['client_mgmt_port_enable']) { - $server['client_mgmt_port'] = $pconfig['client_mgmt_port']; - } - if ($_POST['duplicate_cn'] == "yes") { $server['duplicate_cn'] = true; } @@ -996,9 +978,9 @@ if ($act=="new" || $act=="edit"): 'text', $pconfig['tunnel_network'] ))->setHelp('This is the IPv4 virtual network used for private communications between this server and client ' . - 'hosts expressed using CIDR (e.g. 10.0.8.0/24). The first network address will be assigned to ' . - 'the server virtual interface. The remaining network addresses can optionally be assigned ' . - 'to connecting clients (see Address Pool).'); + 'hosts expressed using CIDR notation (e.g. 10.0.8.0/24). The first usable address in the network will be assigned to ' . + 'the server virtual interface. The remaining usable addresses will be assigned ' . + 'to connecting clients.'); $section->addInput(new Form_Input( 'tunnel_networkv6', @@ -1006,9 +988,9 @@ if ($act=="new" || $act=="edit"): 'text', $pconfig['tunnel_networkv6'] ))->setHelp('This is the IPv6 virtual network used for private ' . - 'communications between this server and client hosts expressed using CIDR (e.g. fe80::/64). ' . - 'The first network address will be assigned to the server virtual interface. The remaining ' . - 'network addresses can optionally be assigned to connecting clients (see Address Pool).'); + 'communications between this server and client hosts expressed using CIDR notation (e.g. fe80::/64). ' . + 'The ::1 address in the network will be assigned to the server virtual interface. The remaining ' . + 'addresses will be assigned to connecting clients.'); $section->addInput(new Form_Checkbox( 'serverbridge_dhcp', @@ -1142,13 +1124,6 @@ if ($act=="new" || $act=="edit"): $pconfig['dynamic_ip'] )); - $section->addInput(new Form_Checkbox( - 'pool_enable', - 'Address Pool', - 'Provide a virtual adapter IP address to clients (see Tunnel Network).', - $pconfig['pool_enable'] - )); - $section->addInput(new Form_Select( 'topology', 'Topology', @@ -1292,21 +1267,6 @@ if ($act=="new" || $act=="edit"): $pconfig['wins_server2'] )); - $section->addInput(new Form_Checkbox( - 'client_mgmt_port_enable', - 'Enable custom port ', - 'Use a different management port for clients.', - $pconfig['client_mgmt_port_enable'] - )); - - $section->addInput(new Form_Input( - 'client_mgmt_port', - 'Management port', - 'number', - $pconfig['client_mgmt_port'] - ))->setHelp('The default port is 166. Specify a different port if the client machines need to select from multiple OpenVPN links.'); - - $form->add($section); $section = new Form_Section('Advanced Configuration'); @@ -1641,11 +1601,6 @@ events.push(function() { hideInput('wins_server2', hide); } - function client_mgmt_port_change() { - var hide = ! $('#client_mgmt_port_enable').prop('checked') - - hideInput('client_mgmt_port', hide); - } function ntp_server_change() { var hide = ! $('#ntp_server_enable').prop('checked') @@ -1661,8 +1616,6 @@ events.push(function() { hideInput('netbios_scope', hide); hideCheckbox('wins_server_enable', hide); wins_server_change(); -// hideCheckbox('client_mgmt_port_enable', hide); -// client_mgmt_port_change(); } function tuntap_change() { @@ -1752,11 +1705,6 @@ events.push(function() { netbios_change(); }); - // Client management port - $('#client_mgmt_port_enable').click(function () { - client_mgmt_port_change(); - }); - // Wins server port $('#wins_server_enable').click(function () { wins_server_change(); @@ -1867,7 +1815,6 @@ events.push(function() { dns_domain_change(); dns_server_change(); wins_server_change(); - client_mgmt_port_change(); ntp_server_change(); netbios_change(); tuntap_change(); diff --git a/src/usr/local/www/wizards/openvpn_wizard.inc b/src/usr/local/www/wizards/openvpn_wizard.inc index a46f27d..0b4cf16 100644 --- a/src/usr/local/www/wizards/openvpn_wizard.inc +++ b/src/usr/local/www/wizards/openvpn_wizard.inc @@ -29,6 +29,13 @@ function has_special_chars($text) { return preg_match('/[^A-Za-z0-9 _-]/', $text); } +function step1_stepsubmitbeforesave() { + global $stepid, $config; + if (($_POST['authtype'] != NULL) && ($_POST['authtype'] != $config['ovpnserver']['step1']['type'])) { + unset($config['ovpnserver']['step2']); + } +} + function step1_submitphpaction() { global $stepid, $config; if ($_POST['authtype'] == "local") { @@ -597,8 +604,6 @@ function step12_submitphpaction() { $server['duplicate_cn'] = $pconfig['step10']['duplicate_cn']; if (isset($pconfig['step10']['dynip'])) $server['dynamic_ip'] = $pconfig['step10']['dynip']; - if (isset($pconfig['step10']['addrpool'])) - $server['pool_enable'] = $pconfig['step10']['addrpool']; if (isset($pconfig['step10']['defaultdomain'])) $server['dns_domain'] = $pconfig['step10']['defaultdomain']; if (isset($pconfig['step10']['dns1'])) diff --git a/src/usr/local/www/wizards/openvpn_wizard.xml b/src/usr/local/www/wizards/openvpn_wizard.xml index 3d898d7..09093ae 100644 --- a/src/usr/local/www/wizards/openvpn_wizard.xml +++ b/src/usr/local/www/wizards/openvpn_wizard.xml @@ -58,6 +58,7 @@ <type>submit</type> </field> </fields> + <stepsubmitbeforesave>step1_stepsubmitbeforesave();</stepsubmitbeforesave> <stepsubmitphpaction>step1_submitphpaction();</stepsubmitphpaction> <includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile> </step> @@ -782,7 +783,7 @@ <type>input</type> <size>20</size> <bindstofield>ovpnserver->step10->tunnelnet</bindstofield> - <description>This is the virtual network used for private communications between this server and client hosts expressed using CIDR notation (eg. 10.0.8.0/24). The first network address will be assigned to the server virtual interface. The remaining network addresses can optionally be assigned to connecting clients. (see Address Pool)</description> + <description>This is the virtual network used for private communications between this server and client hosts expressed using CIDR notation (eg. 10.0.8.0/24). The first network address will be assigned to the server virtual interface. The remaining network addresses will be assigned to connecting clients.</description> </field> <field> <displayname>Redirect Gateway</displayname> @@ -854,14 +855,6 @@ <bindstofield>ovpnserver->step10->dynip</bindstofield> </field> <field> - <displayname>Address Pool</displayname> - <name>addrpool</name> - <type>checkbox</type> - <value>on</value> - <description>Provide a virtual adapter IP address to clients (see Tunnel Network).</description> - <bindstofield>ovpnserver->step10->addrpool</bindstofield> - </field> - <field> <displayname>Topology</displayname> <name>topology</name> <type>select</type> |