From b9e9903ddb21665023c9fcc241099476a42a9dbd Mon Sep 17 00:00:00 2001
From: "Dmitriy K." <levantin@mail.nnov.ru>
Date: Tue, 17 Jun 2014 11:01:48 +0400
Subject: patchpack1

-Fix #3401 (Added tun option "Disable IPv6"
-Added new options: route-nopull, route-noexec, verb;
---
 etc/inc/openvpn.inc                  |  38 +++++++++++-
 usr/local/www/vpn_openvpn_client.php | 109 ++++++++++++++++++++++++++++++++++-
 usr/local/www/vpn_openvpn_server.php |  56 +++++++++++++++++-
 3 files changed, 199 insertions(+), 4 deletions(-)

diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 0591e56..4c23ed0 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -55,6 +55,22 @@ $openvpn_prots = array("UDP", "UDP6", "TCP", "TCP6");
 global $openvpn_dev_mode;
 $openvpn_dev_mode = array("tun", "tap");
 
+global $openvpn_verbosity_level;
+$openvpn_verbosity_level = array(
+	0 =>	"none", 
+	1 =>	"default", 
+	2 =>	"2", 
+	3 =>	"3 (recommended)", 
+	4 =>	"4",
+	5 => 	"5",
+	6 => 	"6",
+	7 => 	"7",
+	8 => 	"8",
+	9 => 	"9",
+	10 => 	"10",
+	11 => 	"11"
+); 
+
 /* 
  * The User Auth mode below is disabled because
  * OpenVPN erroneously requires that we provide
@@ -460,11 +476,16 @@ function openvpn_reconfigure($mode, $settings) {
 		}
 	}
 
-	$conf  = "dev {$devname}\n";
+	$conf = "verb {$settings['verbosity_level']}\n";
+	$conf .= "dev {$devname}\n";
 	$conf .= "dev-type {$settings['dev_mode']}\n";
 	switch($settings['dev_mode']) {
 		case "tun":
-			$conf .= "tun-ipv6\n";
+			if (!$settings['no_tun_ipv6']) {
+				$conf .= "tun-ipv6\n";
+			} else {
+			
+			}
 			break;
 	}
 	$conf .= "dev-node /dev/{$tunname}\n";
@@ -768,6 +789,19 @@ function openvpn_reconfigure($mode, $settings) {
 		$conf .= "topology subnet\n";
 	}
 
+	// New client features
+	if ($mode == "client") {
+		// Dont pull routes checkbox
+		if ($settings['route_no_pull']) {
+			$conf .= "route-nopull\n";
+		}
+
+		// Dont add/remove routes checkbox
+		if ($settings['route_no_exec']) {
+			$conf .= "route-noexec\n";
+		}
+	}
+
 	openvpn_add_custom($settings, $conf);
 
 	openvpn_create_dirs();
diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php
index d5b479e..f80694b 100644
--- a/usr/local/www/vpn_openvpn_client.php
+++ b/usr/local/www/vpn_openvpn_client.php
@@ -93,6 +93,7 @@ if($_GET['act']=="new"){
 	$pconfig['autotls_enable'] = "yes";
 	$pconfig['interface'] = "wan";
 	$pconfig['server_port'] = 1194;
+	$pconfig['verbosity_level'] = 1; // Default verbosity is 1
 	// OpenVPN Defaults to SHA1
 	$pconfig['digest'] = "SHA1";
 }
@@ -152,6 +153,12 @@ if($_GET['act']=="edit"){
 		// just in case the modes switch
 		$pconfig['autokey_enable'] = "yes";
 		$pconfig['autotls_enable'] = "yes";
+		
+		// New features
+		$pconfig['no_tun_ipv6'] = $a_client[$id]['no_tun_ipv6'];
+		$pconfig['route_no_pull'] = $a_client[$id]['route_no_pull'];
+		$pconfig['route_no_exec'] = $a_client[$id]['route_no_exec'];
+		$pconfig['verbosity_level'] = $a_client[$id]['verbosity_level'];
 	}
 }
 
@@ -311,6 +318,12 @@ if ($_POST) {
 		$client['compression'] = $pconfig['compression'];
 		$client['passtos'] = $pconfig['passtos'];
 
+		// New features
+		$client['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
+		$client['route_no_pull'] = $pconfig['route_no_pull'];
+		$client['route_no_exec'] = $pconfig['route_no_exec'];
+		$client['verbosity_level'] = $pconfig['verbosity_level'];
+
 		if (isset($id) && $a_client[$id])
 			$a_client[$id] = $client;
 		else
@@ -352,6 +365,19 @@ function mode_change() {
 	}
 }
 
+function dev_mode_change() {
+	index = document.iform.dev_mode.selectedIndex;
+	value = document.iform.dev_mode.options[index].value;
+	switch(value) {
+		case "tun":
+			document.getElementById("chkboxNoTunIPv6").style.display="";
+			break;
+		case "tap":
+			document.getElementById("chkboxNoTunIPv6").style.display="none";
+			break;
+	}
+}
+
 function autokey_change() {
 	if (document.iform.autokey_enable.checked)
 		document.getElementById("autokey_opts").style.display="none";
@@ -482,7 +508,7 @@ if ($savemsg)
 					<tr>
 						<td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td>
 							<td width="78%" class="vtable">
-							<select name='dev_mode' class="formselect">
+							<select name='dev_mode' class="formselect" onchange="dev_mode_change()">
 							<?php
 								foreach ($openvpn_dev_mode as $mode):
 									$selected = "";
@@ -954,6 +980,64 @@ if ($savemsg)
 							</table>
 						</td>
 					</tr>
+
+
+					<tr id="chkboxNoTunIPv6">
+						<td width="22%" valign="top" class="vncell"><?=gettext("Disable IPv6"); ?></td>
+						<td width="78%" class="vtable">
+							<table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6">
+								<tr>
+									<td>
+										<?php set_checked($pconfig['no_tun_ipv6'],$chk); ?>
+										<input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> />
+									</td>
+									<td>
+										<span class="vexpl">
+											<?=gettext("Do not forward IPv6 traffic"); ?>.
+										</span>
+									</td>
+								</tr>
+							</table>
+						</td>
+					</tr>
+
+					<tr id="chkboxRouteNoPull">
+						<td width="22%" valign="top" class="vncell"><?=gettext("Dont pull routes"); ?></td>
+						<td width="78%" class="vtable">
+							<table border="0" cellpadding="2" cellspacing="0" summary="dont-pull-routes">
+								<tr>
+									<td>
+										<?php set_checked($pconfig['route_no_pull'],$chk); ?>
+										<input name="route_no_pull" type="checkbox" value="yes" <?=$chk;?> />
+									</td>
+									<td>
+										<span class="vexpl">
+											<?=gettext("Don't add or remove routes automatically. Instead pass routes to "); ?> <strong>--route-up</strong> <?=gettext("script using environmental variables"); ?>.
+										</span>
+									</td>
+								</tr>
+							</table>
+						</td>
+					</tr>
+
+					<tr id="chkboxRouteNoExec">
+						<td width="22%" valign="top" class="vncell"><?=gettext("Dont add/remove routes"); ?></td>
+						<td width="78%" class="vtable">
+							<table border="0" cellpadding="2" cellspacing="0" summary="dont-exec-routes">
+								<tr>
+									<td>
+										<?php set_checked($pconfig['route_no_exec'],$chk); ?>
+										<input name="route_no_exec" type="checkbox" value="yes" <?=$chk;?> />
+									</td>
+									<td>
+										<span class="vexpl">
+											<?=gettext("This option effectively bars the server from adding routes to the client's routing table, however note that this option still allows the server to set the TCP/IP properties of the client's TUN/TAP interface"); ?>.
+										</span>
+									</td>
+								</tr>
+							</table>
+						</td>
+					</tr>
 				</table>
 
 				<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="advance configuration">
@@ -977,6 +1061,29 @@ if ($savemsg)
 							</table>
 						</td>
 					</tr>
+
+					<tr id="comboboxVerbosityLevel">
+							<td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td>
+							<td width="78%" class="vtable">
+							<select name="verbosity_level" class="formselect">
+							<?php
+								foreach ($openvpn_verbosity_level as $verb_value => $verb_desc):
+									$selected = "";
+									if ($pconfig['verbosity_level'] == $verb_value)
+										$selected = "selected=\"selected\"";
+							?>
+								<option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option>
+							<?php endforeach; ?>
+							</select>
+							<br />
+							<?=gettext("Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output"); ?>.<br /> <br />
+							<strong>none</strong> -- <?=gettext("No output except fatal errors"); ?>. <br />
+							<strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br />
+							<strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br />
+							<strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>.
+							</td>
+					</tr>
+
 				</table>
 
 				<br />
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index e840911..972ceeb 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -98,6 +98,7 @@ if($_GET['act']=="new"){
 	$pconfig['local_port'] = openvpn_port_next('UDP');
 	$pconfig['pool_enable'] = "yes";
 	$pconfig['cert_depth'] = 1;
+	$pconfig['verbosity_level'] = 1; // Default verbosity is 1
 	// OpenVPN Defaults to SHA1
 	$pconfig['digest'] = "SHA1";
 }
@@ -205,6 +206,10 @@ if($_GET['act']=="edit"){
 		$pconfig['autotls_enable'] = "yes";
 
 		$pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']);
+		
+		// New features
+		$pconfig['no_tun_ipv6'] = $a_server[$id]['no_tun_ipv6'];
+		$pconfig['verbosity_level'] = $a_server[$id]['verbosity_level'];		
 	}
 }
 if ($_POST) {
@@ -428,6 +433,10 @@ if ($_POST) {
 		$server['netbios_enable'] = $pconfig['netbios_enable'];
 		$server['netbios_ntype'] = $pconfig['netbios_ntype'];
 		$server['netbios_scope'] = $pconfig['netbios_scope'];
+		 
+		// New features
+		$server['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
+		$server['verbosity_level'] = $pconfig['verbosity_level'];
 
 		if ($pconfig['netbios_enable']) {
 
@@ -671,6 +680,7 @@ function tuntap_change() {
 	value = document.iform.dev_mode.options[index].value;
 	switch(value) {
 		case "tun":
+			document.getElementById("cbNoTunIPv6").style.display="";
 			document.getElementById("ipv4_tunnel_network").className="vncellreq";
 			document.getElementById("serverbridge_dhcp").style.display="none";
 			document.getElementById("serverbridge_interface").style.display="none";
@@ -679,6 +689,7 @@ function tuntap_change() {
 			document.getElementById("topology_subnet_opt").style.display="";
 			break;
 		case "tap":
+			document.getElementById("cbNoTunIPv6").style.display="none";
 			document.getElementById("ipv4_tunnel_network").className="vncell";
 			if (!p2p) {
 				document.getElementById("serverbridge_dhcp").style.display="";
@@ -1340,7 +1351,7 @@ if ($savemsg)
 								<?php endforeach; ?>
 							</select>
 							<br />
-							<?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently."); ?>
+							<?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently."); ?>.
 						</td>
 					</tr>
 					<tr>
@@ -1397,6 +1408,26 @@ if ($savemsg)
 							</table>
 						</td>
 					</tr>
+
+					<tr id="cbNoTunIPv6">
+						<td width="22%" valign="top" class="vncell"><?=gettext("Disable IPv6"); ?></td>
+						<td width="78%" class="vtable">
+							<table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6-srv">
+								<tr>
+									<td>
+										<?php set_checked($pconfig['no_tun_ipv6'],$chk); ?>
+										<input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> />
+									</td>
+									<td>
+										<span class="vexpl">
+											<?=gettext("Do not forward IPv6 traffic"); ?>.
+										</span>
+									</td>
+								</tr>
+							</table>
+						</td>
+					</tr>
+
 				</table>
 
 				<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="client settings">
@@ -1724,6 +1755,29 @@ if ($savemsg)
 							</table>
 						</td>
 					</tr>
+
+					<tr id="comboboxVerbosityLevel">
+							<td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td>
+							<td width="78%" class="vtable">
+							<select name="verbosity_level" class="formselect">
+							<?php
+								foreach ($openvpn_verbosity_level as $verb_value => $verb_desc):
+									$selected = "";
+									if ($pconfig['verbosity_level'] == $verb_value)
+										$selected = "selected=\"selected\"";
+							?>
+								<option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option>
+							<?php endforeach; ?>
+							</select>
+							<br />
+							<?=gettext("Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output"); ?>.<br /> <br />
+							<strong>none</strong> -- <?=gettext("No output except fatal errors"); ?>. <br />
+							<strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br />
+							<strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br />
+							<strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>.
+							</td>
+					</tr>
+
 				</table>
 
 				<br />
-- 
cgit v1.1