summaryrefslogtreecommitdiffstats
path: root/usr/local/www/vpn_openvpn_client.php
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local/www/vpn_openvpn_client.php')
-rw-r--r--usr/local/www/vpn_openvpn_client.php220
1 files changed, 173 insertions, 47 deletions
diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php
index c3fbcb5..724668d 100644
--- a/usr/local/www/vpn_openvpn_client.php
+++ b/usr/local/www/vpn_openvpn_client.php
@@ -66,6 +66,9 @@ if ($_GET['act'] == "del") {
}
if($_GET['act']=="new"){
+ $pconfig['autokey_enable'] = "yes";
+ $pconfig['tlsauth_enable'] = "yes";
+ $pconfig['autotls_enable'] = "yes";
$pconfig['interface'] = "wan";
$pconfig['server_port'] = 1194;
}
@@ -75,6 +78,7 @@ if($_GET['act']=="edit"){
if (isset($id) && $a_client[$id]) {
$pconfig['disable'] = $a_client[$id]['disable'];
+ $pconfig['mode'] = $a_client[$id]['mode'];
$pconfig['protocol'] = $a_client[$id]['protocol'];
$pconfig['interface'] = $a_client[$id]['interface'];
$pconfig['local_port'] = $a_client[$id]['local_port'];
@@ -85,19 +89,25 @@ if($_GET['act']=="edit"){
$pconfig['proxy_port'] = $a_client[$id]['proxy_port'];
$pconfig['description'] = $a_client[$id]['description'];
- $pconfig['auth_method'] = $a_client[$id]['auth_method'];
- if ($pconfig['auth_method'] == "shared_key")
- $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
- else {
+ if ($pconfig['mode'] != "p2p_shared_key") {
$pconfig['caref'] = $a_client[$id]['caref'];
$pconfig['certref'] = $a_client[$id]['certref'];
- }
+ if ($a_client[$id]['tls']) {
+ $pconfig['tlsauth_enable'] = "yes";
+ $pconfig['tls'] = base64_decode($a_client[$id]['tls']);
+ }
+ } else
+ $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
$pconfig['crypto'] = $a_client[$id]['crypto'];
$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
$pconfig['remote_network'] = $a_client[$id]['remote_network'];
$pconfig['compression'] = $a_client[$id]['compression'];
$pconfig['passtos'] = $a_client[$id]['passtos'];
+
+ // just in case the modes switch
+ $pconfig['autokey_enable'] = "yes";
+ $pconfig['autotls_enable'] = "yes";
}
}
@@ -111,6 +121,11 @@ if ($_POST) {
else
$vpnid = 0;
+ if ($client['mode'] != "p2p_shared_key")
+ $tls_mode = true;
+ else
+ $tls_mode = false;
+
/* input validation */
if ($pconfig['local_port']) {
@@ -142,12 +157,17 @@ if ($_POST) {
if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network'))
$input_errors[] = $result;
- if ($pconfig['auth_method'] == 'shared_key')
+ if (!$tls_mode && !$pconfig['autokey_enable'])
if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
- $input_errors[] = "The field 'Shared Key' does not appear to be valid";
+ $input_errors[] = "The field 'Shared Key' does not appear to be valid";
+
+ if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
+ if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
+ !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
+ $input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid";
- if ($pconfig['auth_method'] == 'shared_key') {
+ if (!$tls_mode) {
$reqdfields = array('shared_key');
$reqdfieldsn = array('Shared key');
} else {
@@ -180,13 +200,19 @@ if ($_POST) {
$client['proxy_port'] = $pconfig['proxy_port'];
$client['description'] = $pconfig['description'];
- $client['auth_method'] = $pconfig['auth_method'];
- if ($client['auth_method'] == "shared_key")
- $client['shared_key'] = base64_encode($pconfig['shared_key']);
- else {
- $client['caref'] = $pconfig['caref'];
- $client['certref'] = $pconfig['certref'];
- }
+ if ($tls_mode) {
+ $client['caref'] = $pconfig['caref'];
+ $client['certref'] = $pconfig['certref'];
+ if ($pconfig['tlsauth_enable']) {
+ if ($pconfig['autotls_enable'])
+ $pconfig['tls'] = openvpn_create_key();
+ $client['tls'] = base64_encode($pconfig['tls']);
+ }
+ } else {
+ if ($pconfig['autokey_enable'])
+ $pconfig['shared_key'] = openvpn_create_key();
+ $client['shared_key'] = base64_encode($pconfig['shared_key']);
+ }
$client['crypto'] = $pconfig['crypto'];
$client['tunnel_network'] = $pconfig['tunnel_network'];
@@ -215,23 +241,58 @@ include("head.inc");
<script language="JavaScript">
<!--
-function method_change() {
- index = document.iform.auth_method.selectedIndex;
- value = document.iform.auth_method.options[index].value;
+function mode_change() {
+ index = document.iform.mode.selectedIndex;
+ value = document.iform.mode.options[index].value;
switch(value) {
- case "pki":
- document.getElementById("pki_ca").style.display="";
- document.getElementById("pki_cert").style.display="";
+ case "p2p_tls":
+ document.getElementById("tls").style.display="";
+ document.getElementById("tls_ca").style.display="";
+ document.getElementById("tls_cert").style.display="";
document.getElementById("psk").style.display="none";
break;
- case "shared_key":
- document.getElementById("pki_ca").style.display="none";
- document.getElementById("pki_cert").style.display="none";
+ case "p2p_shared_key":
+ document.getElementById("tls").style.display="none";
+ document.getElementById("tls_ca").style.display="none";
+ document.getElementById("tls_cert").style.display="none";
document.getElementById("psk").style.display="";
break;
}
}
+function autokey_change() {
+ if (document.iform.autokey_enable.checked)
+ document.getElementById("autokey_opts").style.display="none";
+ else
+ document.getElementById("autokey_opts").style.display="";
+}
+
+function tlsauth_change() {
+
+<?php if (!$pconfig['tls']): ?>
+ if (document.iform.tlsauth_enable.checked)
+ document.getElementById("tlsauth_opts").style.display="";
+ else
+ document.getElementById("tlsauth_opts").style.display="none";
+<?php endif; ?>
+
+ autotls_change();
+}
+
+function autotls_change() {
+
+<?php if (!$pconfig['tls']): ?>
+ autocheck = document.iform.autotls_enable.checked;
+<?php else: ?>
+ autocheck = false;
+<?php endif; ?>
+
+ if (document.iform.tlsauth_enable.checked && !autocheck)
+ document.getElementById("autotls_opts").style.display="";
+ else
+ document.getElementById("autotls_opts").style.display="none";
+}
+
//-->
</script>
<?php
@@ -285,6 +346,21 @@ function method_change() {
</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
+ <td width="78%" class="vtable">
+ <select name='mode' id='mode' class="formselect" onchange='mode_change()'>
+ <?php
+ foreach ($openvpn_client_modes as $name => $desc):
+ $selected = "";
+ if ($pconfig['mode'] == $name)
+ $selected = "selected";
+ ?>
+ <option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
<td width="78%" class="vtable">
<select name='protocol' class="formselect">
@@ -386,23 +462,50 @@ function method_change() {
<tr>
<td colspan="2" valign="top" class="listtopic">Cryptographic Settings</td>
</tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Authentication Method</td>
- <td width="78%" class="vtable">
- <select name='auth_method' id='auth_method' class="formselect" onchange='method_change()'>
- <?php
- foreach ($openvpn_auth_methods as $method => $name):
- $selected = "";
- if ($pconfig['auth_method'] == $method)
- $selected = "selected";
- ?>
- <option value="<?=$method;?>" <?=$selected;?>><?=$name;?></option>
- <?php endforeach; ?>
- </select>
- </td>
+ <tr id="tls">
+ <td width="22%" valign="top" class="vncellreq">TLS Authentication</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellpadding="2" cellspacing="0">
+ <tr>
+ <td>
+ <?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
+ <input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onClick="tlsauth_change()">
+ </td>
+ <td>
+ <span class="vexpl">
+ Enable authentication of TLS packets.
+ </span>
+ </td>
+ </tr>
+ </table>
+ <?php if (!$pconfig['tls']): ?>
+ <table border="0" cellpadding="2" cellspacing="0" id='tlsauth_opts'>
+ <tr>
+ <td>
+ <?php set_checked($pconfig['autotls_enable'],$chk); ?>
+ <input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autotls_change()">
+ </td>
+ <td>
+ <span class="vexpl">
+ Automatically generate a shared TLS authentication key.
+ </span>
+ </td>
+ </tr>
+ </table>
+ <?php endif; ?>
+ <table border="0" cellpadding="2" cellspacing="0" id='autotls_opts'>
+ <tr>
+ <td>
+ <textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
+ <br/>
+ Paste your shared key here.
+ </td>
+ </tr>
+ </table>
+ </td>
</tr>
- <tr id="pki_ca">
- <td width="22%" valign="top" class="vncellreq">Certificate Authority</td>
+ <tr id="tls_ca">
+ <td width="22%" valign="top" class="vncellreq">Peer Certificate Authority</td>
<td width="78%" class="vtable">
<select name='caref' class="formselect">
<?php
@@ -416,8 +519,8 @@ function method_change() {
</select>
</td>
</tr>
- <tr id="pki_cert">
- <td width="22%" valign="top" class="vncellreq">Certificate</td>
+ <tr id="tls_cert">
+ <td width="22%" valign="top" class="vncellreq">Client Certificate</td>
<td width="78%" class="vtable">
<select name='certref' class="formselect">
<?php
@@ -433,10 +536,31 @@ function method_change() {
</tr>
<tr id="psk">
<td width="22%" valign="top" class="vncellreq">Shared Key</td>
- <td width="78%" class="vtable">
- <textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
- <br/>
- Paste your shared key here.
+ <td width="78%" class="vtable">
+ <?php if (!$pconfig['shared_key']): ?>
+ <table border="0" cellpadding="2" cellspacing="0">
+ <tr>
+ <td>
+ <?php set_checked($pconfig['autokey_enable'],$chk); ?>
+ <input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autokey_change()">
+ </td>
+ <td>
+ <span class="vexpl">
+ Automatically generate a shared key.
+ </span>
+ </td>
+ </tr>
+ </table>
+ <?php endif; ?>
+ <table border="0" cellpadding="2" cellspacing="0" id='autokey_opts'>
+ <tr>
+ <td>
+ <textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
+ <br/>
+ Paste your shared key here.
+ </td>
+ </tr>
+ </table>
</td>
</tr>
<tr>
@@ -619,7 +743,9 @@ function method_change() {
</table>
<script language="JavaScript">
<!--
-method_change();
+mode_change();
+autokey_change();
+tlsauth_change();
//-->
</script>
</body>
OpenPOWER on IntegriCloud