From 65ff8497347f2f513a72d222bb869014e369518b Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 28 Apr 2010 17:16:52 -0400 Subject: Add back Dynamic IP checkbox for OpenVPN Servers. --- usr/local/www/vpn_openvpn_server.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index fdf4af4..47fcf87 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -112,6 +112,7 @@ if($_GET['act']=="edit"){ $pconfig['passtos'] = $a_server[$id]['passtos']; $pconfig['client2client'] = $a_server[$id]['client2client']; + $pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip']; $pconfig['pool_enable'] = $a_server[$id]['pool_enable']; $pconfig['dns_domain'] = $a_server[$id]['dns_domain']; @@ -299,6 +300,7 @@ if ($_POST) { $server['passtos'] = $pconfig['passtos']; $server['client2client'] = $pconfig['client2client']; + $server['dynamic_ip'] = $pconfig['dynamic_ip']; $server['pool_enable'] = $pconfig['pool_enable']; if ($pconfig['dns_domain_enable']) @@ -906,6 +908,24 @@ function netbios_change() { Client Settings + Dynamic IP + + + + + + +
+ + "> + + + Provide a virtual adapter IP address to clients (see Tunnel Network)
+
+
+ + + Address Pool -- cgit v1.1 From 599d5c6298184905465aefbadb68a237f14b06da Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 28 Apr 2010 17:19:33 -0400 Subject: Fix description --- usr/local/www/vpn_openvpn_server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 47fcf87..4f0d59d 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -918,7 +918,7 @@ function netbios_change() { -- cgit v1.1 From df6df70fd0aa2c39018b28e2f29a5dc01113237c Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 28 Apr 2010 18:28:26 -0400 Subject: Add dynamic IP option to OpenVPN wizard. --- usr/local/www/wizards/openvpn_wizard.inc | 2 ++ usr/local/www/wizards/openvpn_wizard.xml | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc index eea1a85..9be787c 100644 --- a/usr/local/www/wizards/openvpn_wizard.inc +++ b/usr/local/www/wizards/openvpn_wizard.inc @@ -538,6 +538,8 @@ function step12_submitphpaction() { $server['passtos'] = $pconfig['step10']['tos']; if (isset($pconfig['step10']['interclient'])) $server['client2client'] = $pconfig['step10']['interclient']; + if (isset($pconfig['step10']['dynip'])) + $server['dynamic_ip'] = $pconfig['step10']['dynip']; if (isset($pconfig['step10']['addrpool'])) $server['pool_enable'] = $pconfig['step10']['addrpool']; if (isset($pconfig['step10']['defaultdomain'])) diff --git a/usr/local/www/wizards/openvpn_wizard.xml b/usr/local/www/wizards/openvpn_wizard.xml index 2bc6db1..bba38c8 100644 --- a/usr/local/www/wizards/openvpn_wizard.xml +++ b/usr/local/www/wizards/openvpn_wizard.xml @@ -757,6 +757,14 @@ Client Settings + Dynamic IP + dynip + checkbox + on + Allow connected clients to retain their connections if their IP address changes. + ovpnserver->step10->dynip + + Address Pool addrpool checkbox -- cgit v1.1 From a529acedfb8cb1407b5aee5c3d771c596a6662d5 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 28 Apr 2010 23:16:42 +0000 Subject: Ticket #507. Do not remove all static routes to readd them back. The change will never delete a rule but define the action to be taken on it, either add or change a present route. Be consinstent on gateways allowed to be selected as destinations for static routes, including dynamic gateways. --- etc/inc/gwlb.inc | 2 +- etc/inc/system.inc | 139 +++++++++++------------------------ usr/local/www/system_routes.php | 15 +--- usr/local/www/system_routes_edit.php | 30 ++++---- 4 files changed, 63 insertions(+), 123 deletions(-) diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 24193d6..30640b3 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -299,7 +299,7 @@ function return_gateways_array($disabled = false) { $gateway['gateway'] = get_interface_gateway($ifname, $gateway['dynamic']); $gateway['interface'] = get_real_interface($ifname); $gateway['friendlyiface'] = $ifname; - $gateway['name'] = "{$ifname}"; + $gateway['name'] = "{$friendly}_GW"; $gateway['attribute'] = "system"; /* Loopback dummy for dynamic interfaces without a IP */ diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 7a01513..fed4598 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -245,51 +245,24 @@ function system_routing_configure() { } /* Enable fast routing, if enabled */ + /* XXX: More checks need to be done for subsystems that are not compatibel with fast routing. */ if(isset($config['staticroutes']['enablefastrouting']) && !isset($config['ipsec']['enable'])) mwexec("/sbin/sysctl net.inet.ip.fastforwarding=1"); - $route_str = exec_command("/usr/bin/netstat -rnf inet"); - - /* clear out old routes, if necessary */ - if (file_exists("{$g['vardb_path']}/routes.db")) { - $fd = fopen("{$g['vardb_path']}/routes.db", "r"); - if (!$fd) { - printf("Error: cannot open routes DB file in system_routing_configure().\n"); - return 1; - } - while (!feof($fd)) { - $oldrt = trim(fgets($fd)); - if (($oldrt) && (stristr($route_str, $oldrt))) - mwexec("/sbin/route delete " . escapeshellarg($oldrt)); - } - fclose($fd); - unlink("{$g['vardb_path']}/routes.db"); - } - - if (false) { - /* if list */ - $iflist = get_configured_interface_list(); - - $dont_remove_route = false; - foreach ($iflist as $ifent => $ifname) { - /* - * XXX: The value of this is really when this function can take - * an interface as parameter. - */ - /* do not process interfaces that will end up with gateways */ - if (interface_has_gateway($ifent) || - $config['interfaces'][$ifent]['ipaddr'] == "carpdev-dhcp") { - $dont_remove_route = true; - break; + $gatewayip = ""; + $interfacegw = ""; + /* tack on all the hard defined gateways as well */ + if (is_array($config['gateways']['gateway_item'])) { + foreach ($config['gateways']['gateway_item'] as $gateway) { + if (isset($gateway['defaultgw'])) { + if ($gateway['gateway'] == "dynamic") + $gateway['gateway'] = get_interface_gateway($gateway['interface']); + $gatewayip = $gateway['gateway']; + $interfacegw = $gateway['interface']; + break; + } } } - - if ($dont_remove_route == false) { - /* remove default route */ - mwexec("/sbin/route delete default", true); - } - } - $dont_add_route = false; /* if OLSRD is enabled, allow WAN to house DHCP. */ if($config['installedpackages']['olsrd']) { @@ -300,33 +273,15 @@ function system_routing_configure() { } } } - if($dont_add_route == false) { - if(is_array($config['gateways']['gateway_item'])) { - foreach($config['gateways']['gateway_item'] as $gateway) { - if(isset($gateway['defaultgw'])) { - $gatewayip = $gateway['gateway']; - $interfacegw = $gateway['interface']; - /* This handles the case where a dynamic gateway is choosen as default. */ - if (!is_ipaddr($gatewayip)) - $gatewayip = get_interface_gateway($interfacegw); - break; - } - } - if(($interfacegw <> "bgpd") && (is_ipaddr($gatewayip))) { - preg_match("/default[ ]+([0-9].*?)[ ]+/i", $route_str, $elements); - if(trim($elements[1]) != "$gatewayip") { - mwexec("/sbin/route delete default " . escapeshellarg($gatewayip), true); - } - mwexec("/sbin/route add default " . escapeshellarg($gatewayip), true); - } - } else { - log_error("SYSTEM: We do not have a gateways array in our XML. Is this configuration damaged?"); - /* adding gateway for 1.2-style configs without the new - gateway setup configured. - Force WAN to be default gateway because that is the - 1.2 behavior. - */ + if (($interfacegw <> "bgpd") && (is_ipaddr($gatewayip))) + mwexec("/sbin/route delete default; /sbin/route add default " . escapeshellarg($gatewayip), true); + else { + /* Adding gateway for 1.2-style configs without the new + * gateway setup configured. + * Force WAN to be default gateway because that is the 1.2 behavior. + */ + log_error("SYSTEM: We do not have a default gateway in our config. Is this configuration damaged?"); if (is_ipaddr($config['interfaces']['wan']['gateway'])) { $gatewayip = $config['interfaces']['wan']['gateway']; mwexec("/sbin/route add default " . escapeshellarg($gatewayip), true); @@ -335,43 +290,35 @@ function system_routing_configure() { } if (is_array($config['staticroutes']['route'])) { - - $fd = fopen("{$g['vardb_path']}/routes.db", "w"); - if (!$fd) { - printf("Error: cannot open routes DB file in system_routing_configure().\n"); - return 1; - } + $route_str = array(); + exec("/usr/bin/netstat -rnf inet | /usr/bin/cut -d \" \" -f 1", $route_str); + $route_str = array_flip($route_str); + $gateways_arr = return_gateways_array(); foreach ($config['staticroutes']['route'] as $rtent) { - unset($gatewayip); - unset($interfacegw); - if(is_array($config['gateways']['gateway_item'])) { - foreach($config['gateways']['gateway_item'] as $gateway) { - if($rtent['gateway'] == $gateway['name']) { - $gatewayip = $gateway['gateway']; - $interfacegw = $gateway['interface']; - /* This handles the case where a dynamic gateway is choosen. */ - if (!is_ipaddr($gatewayip)) - $gatewayip = get_interface_gateway($interfacegw); - break; - } - } - } - if((is_ipaddr($rtent['gateway'])) && empty($gatewayip)) { + $gatewayip = ""; + if (isset($gateways_arr[$rtent['gateway']])) { + $gatewayip = $gateways_arr[$rtent['gateway']]['gateway']; + $interfacegw = get_real_interface($rtent['interface']); + } else if (is_ipaddr($rtent['gateway'])) { $gatewayip = $rtent['gateway']; - $interfacegw = $rtent['interface']; - } - if((isset($rtent['interfacegateway'])) && (! is_ipaddr($gatewayip))) { - mwexec("/sbin/route add " . escapeshellarg($rtent['network']) . - " -iface " . escapeshellarg(convert_friendly_interface_to_real_interface_name($interfacegw))); } else { - mwexec("/sbin/route add " . escapeshellarg($rtent['network']) . + log_error("Static Routes: Gateway ip could not be found for {$rtent['network']}"); + continue; + } + + $action = "add"; + if (isset($route_str[$rtent['network']])) + $action = "change"; + + if (is_ipaddr($gatewayip)) { + mwexec("/sbin/route {$action} " . escapeshellarg($rtent['network']) . " " . escapeshellarg($gatewayip)); + } else if (!empty($interfacegw)) { + mwexec("/sbin/route {$action} " . escapeshellarg($rtent['network']) . + " -iface " . escapeshellarg($interfacegw)); } - /* record route so it can be easily removed later (if necessary) */ - fwrite($fd, $rtent['network'] . "\n"); } - fclose($fd); } return 0; diff --git a/usr/local/www/system_routes.php b/usr/local/www/system_routes.php index a9160c5..fc24962 100755 --- a/usr/local/www/system_routes.php +++ b/usr/local/www/system_routes.php @@ -47,11 +47,8 @@ require_once("shaper.inc"); if (!is_array($config['staticroutes']['route'])) $config['staticroutes']['route'] = array(); -if (!is_array($config['gateways']['gateway_item'])) - $config['gateways']['gateway_item'] = array(); - $a_routes = &$config['staticroutes']['route']; -$a_gateways = &$config['gateways']['gateway_item']; +$a_gateways = return_gateways_array(true); $changedesc = "Static Routes: "; if ($_POST) { @@ -92,6 +89,7 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_routes[$_GET['id']]) { $changedesc .= "removed route to " . $a_routes[$_GET['id']['route']]; + mwexec("/sbin/route delete " . escapeshellarg($a_routes[$_GET['id']]['network'])); unset($a_routes[$_GET['id']]); write_config($changedesc); mark_subsystem_dirty('staticroutes'); @@ -160,17 +158,12 @@ include("head.inc"); -- cgit v1.1 From dfa11031fc7323b5e567052e38cbd53e5981614a Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 28 Apr 2010 21:37:27 -0400 Subject: Fix apparent typo in IPsec upgrade code which broke the user_fqdn identity type. --- etc/inc/upgrade_config.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index da8594a..540cf3b 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -921,9 +921,9 @@ function upgrade_046_to_047() { $ph1ent['myid_type'] = "fqdn"; $ph1ent['myid_data'] = $tunnel['p1']['myident']['fqdn']; } - if (isset($tunnel['p1']['myident']['user_fqdn'])) { + if (isset($tunnel['p1']['myident']['ufqdn'])) { $ph1ent['myid_type'] = "user_fqdn"; - $ph1ent['myid_data'] = $tunnel['p1']['myident']['user_fqdn']; + $ph1ent['myid_data'] = $tunnel['p1']['myident']['ufqdn']; } if (isset($tunnel['p1']['myident']['asn1dn'])) { $ph1ent['myid_type'] = "asn1dn"; -- cgit v1.1 From 8b666514fc616b34b8128dc69eac0998f577301d Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 28 Apr 2010 21:54:00 -0400 Subject: Fix OpenVPN upgrade code for lzo compression. Resolves #280, mentioned also in Ticket #482. --- etc/inc/upgrade_config.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 540cf3b..6282fa5 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1343,7 +1343,7 @@ function upgrade_051_to_052() { $server['tunnel_network'] = $server['addresspool']; unset($server['addresspool']); if (isset($server['use_lzo'])) { - $server['compress'] = true; + $server['compression'] = "on"; unset($server['use_lzo']); } if ($server['nopool']) @@ -1439,7 +1439,7 @@ function upgrade_051_to_052() { $client['proxy_addr'] = $client['poxy_hostname']; unset($client['proxy_addr']); if (isset($client['use_lzo'])) { - $client['compress'] = true; + $client['compression'] = "on"; unset($client['use_lzo']); } $client['resolve_retry'] = $client['infiniteresolvretry']; -- cgit v1.1 From 01dcf2b396fdf374e7cc466f4619b1ff14a1bec6 Mon Sep 17 00:00:00 2001 From: Chris Buechler Date: Wed, 28 Apr 2010 22:35:22 -0400 Subject: properly show TFTP enabled interfaces --- usr/local/www/system_advanced_firewall.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index c6fcd1d..e3d2e1e 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -59,6 +59,7 @@ $pconfig['disablenatreflection'] = $config['system']['disablenatreflection']; $pconfig['reflectiontimeout'] = $config['system']['reflectiontimeout']; $pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']); $pconfig['disablescrub'] = isset($config['system']['disablescrub']); +$pconfig['tftpinterface'] = $config['system']['tftpinterface']; if ($_POST) { @@ -321,7 +322,7 @@ function update_description(itemnum) { - Choose the interfaces where you want TFTP proxy help to be enabled. + Choose the interfaces where you want TFTP proxy helper to be enabled. -- cgit v1.1
- Provide a virtual adapter IP address to clients (see Tunnel Network)
+ Allow connected clients to retain their connections if their IP address changes.
diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php index 434bbbc..7a46e5a 100755 --- a/usr/local/www/system_routes_edit.php +++ b/usr/local/www/system_routes_edit.php @@ -57,11 +57,9 @@ require("guiconfig.inc"); if (!is_array($config['staticroutes']['route'])) $config['staticroutes']['route'] = array(); -if (!is_array($config['gateways']['gateway_item'])) - $config['gateways']['gateway_item'] = array(); $a_routes = &$config['staticroutes']['route']; -$a_gateways = &$config['gateways']['gateway_item']; +$a_gateways = return_gateways_array(true); $id = $_GET['id']; if (isset($_POST['id'])) @@ -99,13 +97,7 @@ if ($_POST) { $input_errors[] = "A valid destination network bit count must be specified."; } if ($_POST['gateway']) { - $match = false; - foreach($a_gateways as $gateway) { - if(in_array($_POST['gateway'], $gateway)) { - $match = true; - } - } - if(!$match) + if (!isset($a_gateways[$_POST['gateway']])) $input_errors[] = "A valid gateway must be specified."; } @@ -174,11 +166,19 @@ include("head.inc");
Choose which gateway this route applies to or add a new one. -- cgit v1.1 From 9605d06f63c8bd830cfc0f60bd0e075fe67143aa Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Wed, 28 Apr 2010 20:48:38 -0400 Subject: Restore select_source value correctly --- usr/local/www/pkg_edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 0ad4d4f..65e1e41 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -728,7 +728,7 @@ function display_row($trc, $value, $fieldname, $type, $rowhelper, $size) { } else { $source_value = $opt[$rowhelper['value']]; } - if($opt['value'] == $value) + if($source_value == $value) $selected = " SELECTED"; $text .= ""; echo "\n"; -- cgit v1.1 From 93c745f6692065767b76a3d34d79d6f995d58cd4 Mon Sep 17 00:00:00 2001 From: Chris Buechler Date: Wed, 28 Apr 2010 21:17:11 -0400 Subject: touch up text --- usr/local/www/system_usermanager_settings.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index 8fa652c..c961dd4 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -125,7 +125,7 @@ if(!$pconfig['backend'])

- 0 means to never expire sessions. NOTE: This is a security risk!");?>
+ Enter 0 to never expire sessions. NOTE: This is a security risk!");?>