summaryrefslogtreecommitdiffstats
path: root/usr/local/www/vpn_openvpn_server.php
Commit message (Collapse)AuthorAgeFilesLines
* Use get_configured_interface_with_descr() for OpenVPN gui pages. SuggestedMatthew Grooms2008-09-161-8/+6
| | | | by Ermal.
* Make it possible for pakages to insert additional tabbed pages into anMatthew Grooms2008-09-161-1/+2
| | | | | | | | existing tab group. This requires that each page in the tab group call add_package_tabs() with the tab group name before display_top_tabs() so pages can be inserted. While far from optimal, this system is really a stop-gap measure until a more intelligent menu/tab system can be implemented. Discussed with Scott on IRC.
* Modify the OpenVPN server configuration to allow the DH parameter lengthMatthew Grooms2008-09-091-4/+27
| | | | to be specified. Upgraded 1.2.x configurations will default to 1024 bits.
* Minor re-work of OpenVPN configuration. Use operational modes to determineMatthew Grooms2008-09-061-58/+206
| | | | | | | | | | | | | | | | | | | | what configuration options are appropriate. The operational mode dictates the authentication method. They are defines as follows ... Peer to Peer ( SSL/TLS ) Peer to Peer ( Shared Key ) Remote Access ( SSL/TLS ) Remote Access ( User Auth ) Remote Access ( SSL/TLS + User Auth ) Some of these modes allow for user authentication using passwords. We now use the etc/inc/openvpn.auth-user.php file to facilitate this by checking the username and password supplied by OpenVPN against our centralized user database. The Server and Client user interfaces have also been updated to support TLS packet authentication. This is an additional security option that is optional.
* Correct problems with OpenVPN that prevented the lzo compression and passMatthew Grooms2008-09-031-3/+4
| | | | tos options from being set correctly in configuration files.
* move CSS header to correct locationScott Ullrich2008-08-301-3/+3
|
* Add CSS headerScott Ullrich2008-08-301-0/+3
|
* Correctly validate required input fields for OpenVPN screens.Matthew Grooms2008-08-271-4/+7
|
* Correct some problems with the filter code where we were calling foreachMatthew Grooms2008-08-271-2/+2
| | | | | | | | | | | on data that wasn't necessarily a valid array. Modify the OpenVPN code to stop passing the array index around and then immediately obtaining a reference to the array entry. We already have a reference to the data, just pass it instead. Also add some check to make certain tap configuration steps more conditional. Make sure we remove configuration and pid files when they are no longer required. Fix a few other OpenVPN related bugs.
* Set some important default values for the new OpenVPN interface screens.Matthew Grooms2008-08-261-2/+16
| | | | | Add functions and interface code to handle local port conflict detection and resolution.
* Dump the per-configuration dh parameters data. It make no sense to keepMatthew Grooms2008-08-261-3/+2
| | | | | | | | | | this information in the configuration as its not specific to the server. It only contains the parameters ( a safe large prime number ) that is used during a DH key exchange. Instead, we now use a system wide dh file that is generated when the /var/etc/openvpn directory is setup. This shaves 10 to 30 seconds off of the server config creation process. Also correct a bug in the hack I added to work around carp related issues that prevented filter re-configuration from working properly.
* Rework most of the OpenVPN support. The interfaces have been updated toMatthew Grooms2008-08-261-0/+998
not use the pkg system and the configuration has been migrated to an openvpn prefix. The centralized user and certificate manager is now used to support the openvpn configurations. Most of the files removed in this commit were not being referenced. This commit also splits out the certificate management components into a new system menu item.
OpenPOWER on IntegriCloud