summaryrefslogtreecommitdiffstats
path: root/usr/local/www/vpn_openvpn.php
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local/www/vpn_openvpn.php')
-rwxr-xr-xusr/local/www/vpn_openvpn.php106
1 files changed, 47 insertions, 59 deletions
diff --git a/usr/local/www/vpn_openvpn.php b/usr/local/www/vpn_openvpn.php
index f3b27e5..46f8953 100755
--- a/usr/local/www/vpn_openvpn.php
+++ b/usr/local/www/vpn_openvpn.php
@@ -1,22 +1,21 @@
#!/usr/local/bin/php
-<?php
-/* $Id$ */
+<?php
/*
vpn_openvpn.php
Copyright (C) 2004 Peter Curran (peter@closeconsultants.com).
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -29,6 +28,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "OpenVPN");
require("guiconfig.inc");
require_once("openvpn.inc");
@@ -59,44 +59,44 @@ if ($_POST) {
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
}
-
+
/* need a test here to make sure prefix and max_clients are coherent */
-
+
/* Sort out the cert+key files */
if (is_null($_POST['ca_cert']))
$input_errors[] = "You must provide a CA certificate file";
elseif (!strstr($_POST['ca_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['ca_cert'], "END CERTIFICATE"))
$input_errors[] = "The CA certificate does not appear to be valid.";
-
+
if (is_null($_POST['srv_cert']))
$input_errors[] = "You must provide a server certificate file";
elseif (!strstr($_POST['srv_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['srv_cert'], "END CERTIFICATE"))
$input_errors[] = "The server certificate does not appear to be valid.";
-
+
if (is_null($_POST['srv_key']))
$input_errors[] = "You must provide a server key file";
elseif (!strstr($_POST['srv_key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['srv_key'], "END RSA PRIVATE KEY"))
$input_errors[] = "The server key does not appear to be valid.";
-
+
if (is_null($_POST['dh_param']))
$input_errors[] = "You must provide a DH parameters file";
elseif (!strstr($_POST['dh_param'], "BEGIN DH PARAMETERS") || !strstr($_POST['dh_param'], "END DH PARAMETERS"))
$input_errors[] = "The DH parameters do not appear to be valid.";
-
+
if (!$input_errors) {
$server =& $config['ovpn']['server'];
$server['enable'] = $_POST['enable'] ? true : false;
-
+
/* Make sure that the tunnel interface type has not changed */
- if ($server['tun_iface'] != $_POST['tun_iface']){
+ if ($server['tun_iface'] != $_POST['tun_iface']){
$server['tun_iface'] = $_POST['tun_iface'];
touch($d_sysrebootreqd_path);
}
-
+
$server['bind_iface'] = $_POST['bind_iface'];
$server['port'] = $_POST['port'];
$server['proto'] = $_POST['proto'];
-
+
/* Make sure the IP address and/or prefix have not changed */
if ($server['ipblock'] != $_POST['ipblock']){
$server['ipblock'] = $_POST['ipblock'];
@@ -106,7 +106,7 @@ if ($_POST) {
$server['prefix'] = $_POST['prefix'];
touch($d_sysrebootreqd_path);
}
-
+
$server['maxcli'] = $_POST['maxcli'];
$server['crypto'] = $_POST['crypto'];
$server['cli2cli'] = $_POST['cli2cli'] ? true : false;
@@ -126,8 +126,8 @@ if ($_POST) {
$server['ca_cert'] = base64_encode($_POST['ca_cert']);
$server['srv_cert'] = base64_encode($_POST['srv_cert']);
$server['srv_key'] = base64_encode($_POST['srv_key']);
- $server['dh_param'] = base64_encode($_POST['dh_param']);
-
+ $server['dh_param'] = base64_encode($_POST['dh_param']);
+
write_config();
$retval = 0;
@@ -148,24 +148,14 @@ if ($_POST) {
$pconfig = $config['ovpn']['server'];
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title><?=gentitle("VPN: OpenVPN");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: OpenVPN</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if (file_exists($d_sysrebootreqd_path)) print_info_box(get_std_save_message(0)); ?>
<form action="vpn_openvpn.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
- <ul id="tabnav">
+ <ul id="tabnav">
<li class="tabact">Server</li>
<li class="tabinact"><a href="vpn_openvpn_cli.php">Client</a></li>
</ul>
@@ -182,7 +172,7 @@ $pconfig = $config['ovpn']['server'];
<input name="enable" type="checkbox" value="yes" <?php if (isset($pconfig['enable'])) echo "checked"; ?>>
<strong>Enable OpenVPN server </strong></td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncellreq">Tunnel type</td>
<td width="78%" class="vtable">
@@ -192,7 +182,7 @@ $pconfig = $config['ovpn']['server'];
TAP
</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">OpenVPN protocol/port</td>
<td width="78%" class="vtable">
@@ -200,16 +190,16 @@ $pconfig = $config['ovpn']['server'];
UDP&nbsp;
<input type="radio" name="proto" class="formfld" value="TCP" <?php if ($pconfig['proto'] == 'TCP') echo "checked"; ?>>
TCP<br><br>
- Port:
+ Port:
<input name="port" type="text" class="formfld" size="5" maxlength="5" value="<?= $pconfig['port']; ?>"><br>
Enter the port number to use for the server (default is 5000).</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncellreq">Interface binding</td>
<td width="78%" class="vtable">
<select name="bind_iface" class="formfld">
- <?php
+ <?php
$interfaces = ovpn_real_interface_list();
foreach ($interfaces as $key => $iface):
?>
@@ -220,12 +210,12 @@ $pconfig = $config['ovpn']['server'];
<span class="vexpl"><br>
Choose an interface for the OpenVPN server to listen on.</span></td>
</tr>
-
- <tr>
+
+ <tr>
<td width="22%" valign="top" class="vncellreq">IP address block</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="ipblock" type="text" class="formfld" size="20" value="<?=htmlspecialchars($pconfig['ipblock']);?>">
- /
+ /
<select name="prefix" class="formfld">
<?php for ($i = 29; $i > 19; $i--): ?>
<option value="<?=$i;?>" <?php if ($i == $pconfig['prefix']) echo "selected"; ?>>
@@ -236,42 +226,42 @@ $pconfig = $config['ovpn']['server'];
<br>
Enter the IP address block for the OpenVPN server and clients to use.<br>
<br>
- Maximum number of simultaneous clients:
+ Maximum number of simultaneous clients:
<input name="maxcli" type="text" class="formfld" size="3" maxlength="3" value="<?=htmlspecialchars($pconfig['maxcli']);?>">
</td>
</tr>
-
- <tr>
+
+ <tr>
<td width="22%" valign="top" class="vncellreq">CA certificate</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<textarea name="ca_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['ca_cert']));?></textarea>
<br>
- Paste a CA certificate in X.509 PEM format here. <a target="_new" href='vpn_openvpn_create_certs.php'>Create</a> all certificates.</td>
+ Paste a CA certificate in X.509 PEM format here.</td>
</tr>
-
- <tr>
+
+ <tr>
<td width="22%" valign="top" class="vncellreq">Server certificate</td>
<td width="78%" class="vtable">
<textarea name="srv_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['srv_cert']));?></textarea>
<br>
Paste a server certificate in X.509 PEM format here.</td>
</tr>
-
- <tr>
+
+ <tr>
<td width="22%" valign="top" class="vncellreq">Server key</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<textarea name="srv_key" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['srv_key']));?></textarea>
<br>Paste the server RSA private key here.</td>
</tr>
-
- <tr>
+
+ <tr>
<td width="22%" valign="top" class="vncellreq">DH parameters</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<textarea name="dh_param" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['dh_param']));?></textarea>
- <br>
+ <br>
Paste the Diffie-Hellman parameters in PEM format here.</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">Crypto</td>
<td width="78%" class="vtable">
@@ -289,7 +279,7 @@ $pconfig = $config['ovpn']['server'];
<br>
Select a data channel encryption cipher.</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">Internal routing mode</td>
<td width="78%" class="vtable">
@@ -297,7 +287,7 @@ $pconfig = $config['ovpn']['server'];
<strong>Enable client-to-client routing</strong><br>
If this option is on, clients are allowed to talk to each other.</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">Client authentication</td>
<td width="78%" class="vtable">
@@ -305,7 +295,7 @@ $pconfig = $config['ovpn']['server'];
<strong>Permit duplicate client certificates</strong><br>
If this option is on, clients with duplicate certificates will not be disconnected.</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">Client-push options</td>
<td width="78%" class="vtable">
@@ -363,5 +353,3 @@ $pconfig = $config['ovpn']['server'];
</table>
</form>
<?php include("fend.inc"); ?>
-</body>
-</html>
OpenPOWER on IntegriCloud