From 509ca889c999f36127d64e2bfb763a453c267e15 Mon Sep 17 00:00:00 2001 From: Evgeny Yurchenko Date: Sat, 21 May 2011 15:35:35 +0000 Subject: Adding gui to choose media options for interfaces. --- usr/local/www/interfaces.php | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'usr/local/www') diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index ead78cc..f7c80f8 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -711,6 +711,15 @@ if ($_POST['apply']) { } else { $wancfg['mss'] = $_POST['mss']; } + if (empty($_POST['mediaopt'])) { + unset($wancfg['media']); + unset($wancfg['mediaopt']); + } else { + $mediaopts = explode(' ', $_POST['mediaopt']); + if ($mediaopts[0] != ''){ $wancfg['media'] = $mediaopts[0]; } + if ($mediaopts[1] != ''){ $wancfg['mediaopt'] = $mediaopts[1]; } + else { unset($wancfg['mediaopt']); } + } if (isset($wancfg['wireless'])) { handle_wireless_post(); } @@ -897,6 +906,21 @@ function check_wireless_mode() { } } +// Find all possible media options for the interface +$mediaopts_list = array(); +$intrealname = $config['interfaces'][$if]['if']; +exec("/sbin/ifconfig -m $intrealname | grep \"media \"", $mediaopts); +foreach ($mediaopts as $mediaopt){ + preg_match("/media (.*)/", $mediaopt, $matches); + if (preg_match("/(.*) mediaopt (.*)/", $matches[1], $matches1)){ + // there is media + mediaopt like "media 1000baseT mediaopt full-duplex" + array_push($mediaopts_list, $matches1[1] . " " . $matches1[2]); + }else{ + // there is only media like "media 1000baseT" + array_push($mediaopts_list, $matches[1]); + } +} + $pgtitle = array(gettext("Interfaces"), $pconfig['descr']); $statusurl = "status_interfaces.php"; @@ -1153,6 +1177,26 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" "header size) will be in effect."); ?> + 0){ + $mediaopt_from_config = $config['interfaces'][$if]['media'] . ' ' . $config['interfaces'][$if]['mediaopt']; + echo ""; + echo '' . gettext("Speed and duplex") . ''; + echo ''; + echo '
'; + echo gettext("Here you can explicitely set up speed and duplex mode for the interface."); + echo ''; + echo ''; + } + ?> -- cgit v1.1 From 6e2a15e677fa0558ba0c9b1700be38f4065a76f6 Mon Sep 17 00:00:00 2001 From: Evgeny Yurchenko Date: Fri, 27 May 2011 15:21:25 +0000 Subject: Hiding mediaopt under Advanced button --- usr/local/www/interfaces.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'usr/local/www') diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index f7c80f8..9992830 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -1183,6 +1183,14 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" echo ""; echo '' . gettext("Speed and duplex") . ''; echo ''; + echo '"; + echo '
"; + else echo '>'; echo '
'; echo gettext("Here you can explicitely set up speed and duplex mode for the interface."); + echo '
'; echo ''; echo ''; } @@ -2201,6 +2210,11 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" report_failure(); } } + function show_advanced_media() { + document.getElementById("showadvmediabox").innerHTML=''; + aodiv = document.getElementById('showmediaadv'); + aodiv.style.display = "block"; + } Date: Fri, 27 May 2011 13:06:29 -0400 Subject: Clarify auth option to include Vouchers --- usr/local/www/services_captiveportal.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 23e6cd9..586e569 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -474,7 +474,7 @@ value=""> > - + / > -- cgit v1.1 From 552605326ced208167bbf3d647fa612e4010a2b7 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Fri, 27 May 2011 13:27:34 -0400 Subject: Add note about voucher sync (only enable on slave nodes). --- usr/local/www/services_captiveportal_vouchers.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index bdef534..f5af953 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -568,7 +568,8 @@ function enable_change(enable_change) { -
+
+
-- cgit v1.1 From b45babaeb55ac039f498d13ce556f2d04d4db1f4 Mon Sep 17 00:00:00 2001 From: Evgeny Yurchenko Date: Fri, 27 May 2011 21:55:22 +0000 Subject: Bug #1403. Filter Rules description do not get saved when "(quote) present as character --- usr/local/www/firewall_nat_1to1_edit.php | 9 +++++++++ usr/local/www/firewall_nat_edit.php | 17 +---------------- usr/local/www/firewall_nat_out_edit.php | 9 +++++++++ 3 files changed, 19 insertions(+), 16 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index e9f4577..135d0e9 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -99,6 +99,15 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; + /* run through $_POST items encoding HTML entties so that the user + * cannot think he is slick and perform a XSS attack on the unwilling + */ + foreach ($_POST as $key => $value) { + $temp = str_replace(">", "", $value); + $newpost = htmlentities($temp); + if($newpost <> $temp) + $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); + } /* input validation */ $reqdfields = explode(" ", "interface external"); diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 9895312..970720e 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -101,6 +101,7 @@ if (isset($_GET['dup'])) /* run through $_POST items encoding HTML entties so that the user * cannot think he is slick and perform a XSS attack on the unwilling */ +unset($input_errors); foreach ($_POST as $key => $value) { $temp = $value; $newpost = htmlentities($temp); @@ -173,7 +174,6 @@ if ($_POST) { $_POST['dsttype'] = "single"; } - unset($input_errors); $pconfig = $_POST; /* input validation */ @@ -290,9 +290,6 @@ if ($_POST) { } } - // Allow extending of the nat edit page and include custom input validation - pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation"); - if (!$input_errors) { $natent = array(); @@ -425,9 +422,6 @@ if ($_POST) { mark_subsystem_dirty('natconf'); - // Allow extending of the nat edit page and include custom input validation - pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config"); - write_config(); header("Location: firewall_nat.php"); @@ -446,11 +440,6 @@ include("fbegin.inc"); ?>
- - @@ -828,10 +817,6 @@ include("fbegin.inc"); ?> - diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 4d960f2..5057ea8 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -115,6 +115,15 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; + /* run through $_POST items encoding HTML entties so that the user + * cannot think he is slick and perform a XSS attack on the unwilling + */ + foreach ($_POST as $key => $value) { + $temp = str_replace(">", "", $value); + $newpost = htmlentities($temp); + if($newpost <> $temp) + $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); + } /* input validation */ $reqdfields = explode(" ", "interface protocol source source_subnet destination destination_subnet"); -- cgit v1.1 From 2ea00c3e74a0f574778ba3cf1ca8053fb7c000c3 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Mon, 30 May 2011 12:28:21 -0400 Subject: Add missing plugin code. Move the pre_write section up a bit. --- usr/local/www/firewall_nat_edit.php | 14 ++++++++++++++ usr/local/www/firewall_rules_edit.php | 6 +++--- 2 files changed, 17 insertions(+), 3 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 970720e..5aa069c 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -290,6 +290,9 @@ if ($_POST) { } } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation"); + if (!$input_errors) { $natent = array(); @@ -410,6 +413,9 @@ if ($_POST) { mark_subsystem_dirty('filter'); } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config"); + // Update the NAT entry now if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; @@ -443,6 +449,10 @@ include("fbegin.inc"); ?> + + diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index d673df8..79f65f0 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -547,6 +547,9 @@ if ($_POST) { $filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config"); + if (isset($id) && $a_filter[$id]) $a_filter[$id] = $filterent; else { @@ -558,9 +561,6 @@ if ($_POST) { filter_rules_sort(); - // Allow extending of the firewall edit page and include custom input validation - pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config"); - write_config(); mark_subsystem_dirty('filter'); -- cgit v1.1 From 2ba7d6f8effafed4a4eb40bbf68a363ce0f4817a Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Mon, 30 May 2011 15:25:25 -0400 Subject: Add plugin features to aon edit --- usr/local/www/firewall_nat_out_edit.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 5057ea8..9456206 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -46,7 +46,7 @@ require("filter.inc"); require("shaper.inc"); if (!is_array($config['nat']['advancedoutbound'])) - $config['nat']['advancedoutbound'] = array(); + $config['nat']['advancedoutbound'] = array(); if (!is_array($config['nat']['advancedoutbound']['rule'])) { $config['nat']['advancedoutbound']['rule'] = array(); @@ -218,6 +218,9 @@ if ($_POST) { } } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/input_validation"); + if (!$input_errors) { $natent = array(); $natent['source']['network'] = $osn; @@ -274,6 +277,9 @@ if ($_POST) { $natent['destination']['not'] = true; } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/pre_write_config"); + if (isset($id) && $a_out[$id]) { $a_out[$id] = $natent; } else { @@ -396,6 +402,10 @@ function poolopts_change() { +
+ -- cgit v1.1 From edb2a3dab4833fa024828f3150cdcc1521ea1b48 Mon Sep 17 00:00:00 2001 From: Evgeny Yurchenko Date: Mon, 30 May 2011 22:10:36 -0400 Subject: Bug#1528. Automatically create outbound NAT rules on WAN for localhost when switching to manual. --- usr/local/www/firewall_nat_out.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'usr/local/www') diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index e6b5900..b8506d8 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -125,6 +125,17 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { $natent['natport'] = ""; $a_out[] = $natent; + $natent = array(); + $natent['source']['network'] = "127.0.0.0/8"; + $natent['dstport'] = ""; + $natent['descr'] = sprintf(gettext('Auto created rule for localhost to %1$s'),$ifdesc2); + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['staticnatport'] = false; + $natent['natport'] = "1024:65535"; + $a_out[] = $natent; + /* PPTP subnet */ if (($config['pptpd']['mode'] == "server") && is_private_ip($config['pptpd']['remoteip'])) { $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$config['pptpd']['n_pptp_units'])); -- cgit v1.1 From 061f28bfd582d1f08d8dfe60f87fc4fd99ec0a93 Mon Sep 17 00:00:00 2001 From: Evgeny Yurchenko Date: Tue, 31 May 2011 05:03:39 -0400 Subject: Bug #1560. IPsec GUI needs to reject duplicate subnets in phase 2s for a given phase 1(mobile clients). --- usr/local/www/vpn_ipsec_phase2.php | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index d45b0d6..bd71191 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -142,7 +142,34 @@ if ($_POST) { } /* TODO : Validate enabled phase2's are not duplicates */ - + if (isset($pconfig['mobile'])){ + foreach($a_phase2 as $name){ + if (isset($name['mobile'])){ + /* check duplicate localids only for mobile clents */ + if ($name['localid']['type'] == $pconfig['localid_type']){ + /* Types match, check further */ + switch($pconfig['localid_type']){ + case "none": + case "lan": + case "wan": + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + case "address": + if ($name['localid']['address'] == $pconfig['localid_address']) + $input_errors[] = gettext("Phase2 with this Local Address is already defined for mobile clients."); + break; + case "network": + if ($name['localid']['address'] == $pconfig['localid_address'] && + $name['localid']['netbits'] == $pconfig['localid_netbits']) + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + } + if (count($input_errors) > 0) + break; /* there is an error, stop checking other phase2 definitions */ + } + } + } + } $ealgos = pconfig_to_ealgos($pconfig); if (!count($ealgos)) { -- cgit v1.1 From 10d74dff5a96deeacc57b81bab723740267fc5b8 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 31 May 2011 12:35:17 -0400 Subject: Remove bogus protection. We have better handling of this now. --- usr/local/www/firewall_rules_edit.php | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 79f65f0..bd8f48d 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -253,19 +253,6 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - /* run through $_POST items encoding HTML entties so that the user - * cannot think he is slick and perform a XSS attack on the unwilling - */ - foreach ($_POST as $key => $value) { - $temp = str_replace(">", "", $value); - - if (isset($_POST['floating']) && $key == "interface") - continue; - $newpost = htmlentities($temp); - if($newpost <> $temp) - $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); - } - /* input validation */ $reqdfields = explode(" ", "type proto"); if ( isset($a_filter[$id]['associated-rule-id'])===false ) { -- cgit v1.1 From db748384c13c38f2b4f3358d1980f74e79aacf77 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 31 May 2011 13:45:16 -0400 Subject: Add merge handler code --- usr/local/www/xmlrpc.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 97fbc45..7c2e1d0 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -271,8 +271,17 @@ $merge_config_section_sig = array( function merge_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; - - return restore_config_section_xmlrpc($raw_params); + $params = xmlrpc_params_to_php($raw_params); + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; + $config_new = array_merge($config, $params[0]); + $config = $config_new; + $mergedkeys = implode(",", array_keys($params[0])); + $fd = fopen("/tmp/array.txt", "w"); + fwrite($fd, print_r($params[0], true)); + fclose($fd); + write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys)); + return $xmlrpc_g['return']['true']; } /*****************************/ -- cgit v1.1 From 485b1ca5ce2429d334b2d8de19a772752ab63b12 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 31 May 2011 13:47:53 -0400 Subject: Remove debugging code --- usr/local/www/xmlrpc.php | 3 --- 1 file changed, 3 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 7c2e1d0..c534b43 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -277,9 +277,6 @@ function merge_config_section_xmlrpc($raw_params) { $config_new = array_merge($config, $params[0]); $config = $config_new; $mergedkeys = implode(",", array_keys($params[0])); - $fd = fopen("/tmp/array.txt", "w"); - fwrite($fd, print_r($params[0], true)); - fclose($fd); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys)); return $xmlrpc_g['return']['true']; } -- cgit v1.1 From 0b581a8acf9fa470e66afebc1834660d0ee81942 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 31 May 2011 14:28:13 -0400 Subject: Use array_extend --- usr/local/www/xmlrpc.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index c534b43..c869137 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -274,7 +274,7 @@ function merge_config_section_xmlrpc($raw_params) { $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; - $config_new = array_merge($config, $params[0]); + $config_new = array_extend($config, $params[0]); $config = $config_new; $mergedkeys = implode(",", array_keys($params[0])); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys)); @@ -454,4 +454,19 @@ $server = new XML_RPC_Server( unlock($xmlrpclockkey); +function array_extend($a, $b) { + foreach($b as $k=>$v) { + if( is_array($v) ) { + if( !isset($a[$k]) ) { + $a[$k] = $v; + } else { + $a[$k] = array_extend($a[$k], $v); + } + } else { + $a[$k] = $v; + } + } + return $a; +} + ?> -- cgit v1.1 From f9d7c5b3c44437b6f39fe757ede40decbfd395b9 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 31 May 2011 14:42:22 -0400 Subject: Use array_overlay() --- usr/local/www/xmlrpc.php | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index c869137..500700a 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -274,7 +274,7 @@ function merge_config_section_xmlrpc($raw_params) { $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; - $config_new = array_extend($config, $params[0]); + $config_new = array_overlay($config, $params[0]); $config = $config_new; $mergedkeys = implode(",", array_keys($params[0])); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys)); @@ -454,19 +454,17 @@ $server = new XML_RPC_Server( unlock($xmlrpclockkey); -function array_extend($a, $b) { - foreach($b as $k=>$v) { - if( is_array($v) ) { - if( !isset($a[$k]) ) { - $a[$k] = $v; - } else { - $a[$k] = array_extend($a[$k], $v); + function array_overlay($a1,$a2) + { + foreach($a1 as $k => $v) { + if(!array_key_exists($k,$a2)) continue; + if(is_array($v) && is_array($a2[$k])){ + $a1[$k] = array_overlay($v,$a2[$k]); + }else{ + $a1[$k] = $a2[$k]; } - } else { - $a[$k] = $v; } + return $a1; } - return $a; -} ?> -- cgit v1.1 From 538b6eb353ce568627513e681483329ecb0d1ec8 Mon Sep 17 00:00:00 2001 From: Evgeny Yurchenko Date: Tue, 31 May 2011 23:41:32 -0400 Subject: Bug #1560. IPsec GUI needs to reject duplicate subnets in phase 2s for a given phase 1(site-to-site). --- usr/local/www/vpn_ipsec_phase2.php | 43 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index bd71191..c0ddf0e 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -141,8 +141,9 @@ if ($_POST) { } } - /* TODO : Validate enabled phase2's are not duplicates */ + /* Validate enabled phase2's are not duplicates */ if (isset($pconfig['mobile'])){ + /* User is adding phase 2 for mobile phase1 */ foreach($a_phase2 as $name){ if (isset($name['mobile'])){ /* check duplicate localids only for mobile clents */ @@ -169,7 +170,45 @@ if ($_POST) { } } } - } + }else{ + /* User is adding phase 2 for site-to-site phase1 */ + $input_error = 0; + foreach($a_phase2 as $name){ + if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){ + /* check duplicate subnets only for given phase1 */ + if ($name['localid']['type'] == $pconfig['localid_type'] && + $name['remoteid']['type'] == $pconfig['remoteid_type']){ + /* Types match, check further */ + $configured_remote_string = $name['remoteid']['address'] . $name['remoteid']['netbits']; + $eneterd_remote_string = $pconfig['remoteid_address'] . $pconfig['remoteid_netbits']; + switch($pconfig['localid_type']){ + case "none": + case "lan": + case "wan": + if ($configured_remote_string == $eneterd_remote_string) + $input_error = 1; + break; + case "address": + if ($name['localid']['address'] == $pconfig['localid_address'] && + $configured_remote_string == $eneterd_remote_string) + $input_error = 1; + break; + case "network": + if ($name['localid']['address'] == $pconfig['localid_address'] && + $name['localid']['netbits'] == $pconfig['localid_netbits'] && + $configured_remote_string == $eneterd_remote_string) + $input_error = 1; + break; + } + if ($input_error){ + $input_errors[] = gettext("Phase2 with this Local/Remote Networks combination is already defined for this Phase1."); + break; /* there is an error, stop checking other phase2 definitions */ + } + } + } + } + } + $ealgos = pconfig_to_ealgos($pconfig); if (!count($ealgos)) { -- cgit v1.1 From 6b421a0fb42a50d1e87ac63c64a5b8b8d2157577 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 1 Jun 2011 10:46:55 +0000 Subject: Fixes #944. Use the correct interface name to destroy the previous vlan if the parent is changed. --- usr/local/www/interfaces_vlan_edit.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index 145fe0a..078fc3b 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -97,9 +97,13 @@ if ($_POST) { if (!$input_errors) { if (isset($id) && $a_vlans[$id]) { - if ($a_vlans[$id]['if'] != $_POST['if']) - // Destroy previous vlan - pfSense_interface_destroy($a_vlans[$id]['if']); + if ($a_vlans[$id]['if'] != $_POST['if']) { + if (!empty($a_vlans[$id]['vlanif'])) + // Destroy previous vlan + pfSense_interface_destroy($a_vlans[$id]['vlanif']); + else + pfSense_interface_destroy("{$a_vlans[$id]['if']}_vlan{$a_vlans[$id]['tag']}"); + } } $vlan = array(); $vlan['if'] = $_POST['if']; -- cgit v1.1 From 695a35aecdf3eefc4d529b57dabb1b5c0018e9c9 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 1 Jun 2011 10:49:02 +0000 Subject: Ticket #944. Also destory the previous interface if the user changing the vlan tag of an existing vlan entry. --- usr/local/www/interfaces_vlan_edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index 078fc3b..08f1a53 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -97,7 +97,7 @@ if ($_POST) { if (!$input_errors) { if (isset($id) && $a_vlans[$id]) { - if ($a_vlans[$id]['if'] != $_POST['if']) { + if (($a_vlans[$id]['if'] != $_POST['if']) || ($a_vlans[$id]['tag'] != $_POST['tag'])) { if (!empty($a_vlans[$id]['vlanif'])) // Destroy previous vlan pfSense_interface_destroy($a_vlans[$id]['vlanif']); -- cgit v1.1 From 97c1f2684c5dd225075fec08148f084ff190af0a Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 1 Jun 2011 11:14:51 +0000 Subject: Fixes #1412. Properly pass the page to match so users are not always presented with the change password screen. --- usr/local/www/system_usermanager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index d810cb9..597aefd 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -49,7 +49,7 @@ require("certs.inc"); require("guiconfig.inc"); -if (isAllowedPage("system_usermanager")) { +if (isAllowedPage("system_usermanager*")) { // start admin user code $pgtitle = array(gettext("System"),gettext("User Manager")); -- cgit v1.1 From 9584d162d29c6c692eac0dc58292c1071e24992e Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 1 Jun 2011 12:23:52 +0000 Subject: Fixes #1412. Properly pass the page to match so users are not always presented with the change password screen. Proper fix. --- usr/local/www/system_usermanager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 597aefd..cc6c4f1 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -49,7 +49,7 @@ require("certs.inc"); require("guiconfig.inc"); -if (isAllowedPage("system_usermanager*")) { +if (isAllowedPage("system_usermanager.php*")) { // start admin user code $pgtitle = array(gettext("System"),gettext("User Manager")); -- cgit v1.1 From f4645d7f48536903d9426137c99438fd0c25a080 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 1 Jun 2011 14:03:57 +0000 Subject: Add tunable, by default disabled, to enable the default gateway switching feature when the default one 'disappears'. --- usr/local/www/system_advanced_misc.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'usr/local/www') diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index 51857ab..21bff54 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -56,6 +56,7 @@ $pconfig['proxyuser'] = $config['system']['proxyuser']; $pconfig['proxypass'] = $config['system']['proxypass']; $pconfig['harddiskstandby'] = $config['system']['harddiskstandby']; $pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']); +$pconfig['gw_switch_default'] = isset($config['system']['gw_switch_default']); $pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']); $pconfig['racoondebug_enable'] = isset($config['ipsec']['racoondebug']); $pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); @@ -106,6 +107,11 @@ if ($_POST) { else unset($config['system']['lb_use_sticky']); + if($_POST['gw_switch_default'] == "yes") + $config['system']['gw_switch_default'] = true; + else + unset($config['system']['gw_switch_default']); + if($_POST['preferoldsa_enable'] == "yes") $config['ipsec']['preferoldsa'] = true; else @@ -272,6 +278,15 @@ function maxmss_checked(obj) { + + + + -- cgit v1.1 From a01ce4c764cbdbfe4a83f9b79bf0a4394e6be016 Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 1 Jun 2011 16:53:18 -0400 Subject: Make the ICMP echo request type less ambiguous, and since it's likely the main one to get used, move it to the top. --- usr/local/www/firewall_rules.php | 2 +- usr/local/www/firewall_rules_edit.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index daf577a..82d0323 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -126,12 +126,12 @@ if($_REQUEST['dragdroporder']) { $icmptypes = array( "" => gettext("any"), + "echoreq" => gettext("Echo request"), "echorep" => gettext("Echo reply"), "unreach" => gettext("Destination unreachable"), "squench" => gettext("Source quench"), "redir" => gettext("Redirect"), "althost" => gettext("Alternate Host"), - "echoreq" => gettext("Echo"), "routeradv" => gettext("Router advertisement"), "routersol" => gettext("Router solicitation"), "timex" => gettext("Time exceeded"), diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index bd8f48d..acebe3c 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -746,12 +746,12 @@ include("head.inc"); gettext("any"), + "echoreq" => gettext("Echo request"), "echorep" => gettext("Echo reply"), "unreach" => gettext("Destination unreachable"), "squench" => gettext("Source quench"), "redir" => gettext("Redirect"), "althost" => gettext("Alternate Host"), - "echoreq" => gettext("Echo"), "routeradv" => gettext("Router advertisement"), "routersol" => gettext("Router solicitation"), "timex" => gettext("Time exceeded"), -- cgit v1.1 From 3da5c50d5c2285b439a56ab4fcd6f9dbe94f5c4e Mon Sep 17 00:00:00 2001 From: Evgeny Yurchenko Date: Wed, 1 Jun 2011 18:28:15 -0400 Subject: Bug #1560.IPsec GUI needs to reject duplicate subnets in phase 2s for a given phase 1 (improvement of previous patch) --- usr/local/www/vpn_ipsec_phase2.php | 73 +++++++++++++------------------------- 1 file changed, 24 insertions(+), 49 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index c0ddf0e..6985b2b 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -140,33 +140,21 @@ if ($_POST) { break; } } - /* Validate enabled phase2's are not duplicates */ if (isset($pconfig['mobile'])){ /* User is adding phase 2 for mobile phase1 */ foreach($a_phase2 as $name){ if (isset($name['mobile'])){ /* check duplicate localids only for mobile clents */ - if ($name['localid']['type'] == $pconfig['localid_type']){ - /* Types match, check further */ - switch($pconfig['localid_type']){ - case "none": - case "lan": - case "wan": - $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); - break; - case "address": - if ($name['localid']['address'] == $pconfig['localid_address']) - $input_errors[] = gettext("Phase2 with this Local Address is already defined for mobile clients."); - break; - case "network": - if ($name['localid']['address'] == $pconfig['localid_address'] && - $name['localid']['netbits'] == $pconfig['localid_netbits']) - $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); - break; - } - if (count($input_errors) > 0) - break; /* there is an error, stop checking other phase2 definitions */ + $localid_data = ipsec_idinfo_to_cidr($name['localid']); + $entered = array(); + $entered['type'] = $pconfig['localid_type']; + if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address']; + if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits']; + $entered_localid_data = ipsec_idinfo_to_cidr($entered); + if ($localid_data == $entered_localid_data){ + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; } } } @@ -176,34 +164,21 @@ if ($_POST) { foreach($a_phase2 as $name){ if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){ /* check duplicate subnets only for given phase1 */ - if ($name['localid']['type'] == $pconfig['localid_type'] && - $name['remoteid']['type'] == $pconfig['remoteid_type']){ - /* Types match, check further */ - $configured_remote_string = $name['remoteid']['address'] . $name['remoteid']['netbits']; - $eneterd_remote_string = $pconfig['remoteid_address'] . $pconfig['remoteid_netbits']; - switch($pconfig['localid_type']){ - case "none": - case "lan": - case "wan": - if ($configured_remote_string == $eneterd_remote_string) - $input_error = 1; - break; - case "address": - if ($name['localid']['address'] == $pconfig['localid_address'] && - $configured_remote_string == $eneterd_remote_string) - $input_error = 1; - break; - case "network": - if ($name['localid']['address'] == $pconfig['localid_address'] && - $name['localid']['netbits'] == $pconfig['localid_netbits'] && - $configured_remote_string == $eneterd_remote_string) - $input_error = 1; - break; - } - if ($input_error){ - $input_errors[] = gettext("Phase2 with this Local/Remote Networks combination is already defined for this Phase1."); - break; /* there is an error, stop checking other phase2 definitions */ - } + $localid_data = ipsec_idinfo_to_cidr($name['localid']); + $remoteid_data = ipsec_idinfo_to_cidr($name['remoteid']); + $entered_local = array(); + $entered_local['type'] = $pconfig['localid_type']; + if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address']; + if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits']; + $entered_localid_data = ipsec_idinfo_to_cidr($entered_local); + $entered_remote = array(); + $entered_remote['type'] = $pconfig['remoteid_type']; + if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address']; + if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits']; + $entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote); + if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) { + $input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1."); + break; } } } -- cgit v1.1 From 3781d8099c40be8cf61e210c7fcc77fcb16e0115 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 2 Jun 2011 08:14:10 +0000 Subject: Correct input object name from wrong copy/pasto. Reported-by: http://forum.pfsense.org/index.php/topic,37369.0.html --- usr/local/www/system_advanced_misc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index 21bff54..2264365 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -280,7 +280,7 @@ function maxmss_checked(obj) { + @@ -100,6 +101,7 @@ if ($_GET['act'] == "del") { + diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index fbecf61..b08c481 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -764,6 +764,7 @@ if ($savemsg) -- cgit v1.1 From 039cb9203f672bb2529e8302fb93b60b94d35fd4 Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 3 Jun 2011 09:29:46 -0400 Subject: Add a button here to clear the package lock. --- usr/local/www/diag_backup.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 598f4d6..9d28375 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -158,6 +158,8 @@ if ($_POST) { $mode = "restore"; else if (stristr($_POST['Submit'], gettext("Reinstall"))) $mode = "reinstallpackages"; + else if (stristr($_POST['Submit'], gettext("Clear Package Lock"))) + $mode = "clearpackagelock"; else if (stristr($_POST['Submit'], gettext("Download"))) $mode = "download"; else if (stristr($_POST['Submit'], gettext("Restore version"))) @@ -470,6 +472,9 @@ if ($_POST) { header("Location: pkg_mgr_install.php?mode=reinstallall"); exit; + } else if ($mode == "clearpackagelock") { + clear_subsystem_dirty('packagelock'); + $savemsg = "Package Lock Cleared"; } else if ($mode == "restore_ver") { $input_errors[] = gettext("XXX - this feature may hose your config (do NOT backrev configs!) - billm"); if ($ver2restore <> "") { @@ -655,13 +660,17 @@ function backuparea_change(obj) { - + -- cgit v1.1 From 5cd9e96a426fa1d62928d93a2539376912033349 Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 3 Jun 2011 09:50:53 -0400 Subject: Add a GUI selection for racoon's generate_policy directive since it may be useful in certain configurations, especially for mobile clients. --- usr/local/www/vpn_ipsec_phase1.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'usr/local/www') diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 12bb235..69cb438 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -89,6 +89,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup']; $pconfig['lifetime'] = $a_phase1[$p1index]['lifetime']; $pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method']; + $pconfig['generate_policy'] = $a_phase1[$p1index]['generate_policy']; $pconfig['proposal_check'] = $a_phase1[$p1index]['proposal_check']; if (($pconfig['authentication_method'] == "pre_shared_key") || @@ -307,6 +308,7 @@ if ($_POST) { $ph1ent['certref'] = $pconfig['certref']; $ph1ent['caref'] = $pconfig['caref']; $ph1ent['authentication_method'] = $pconfig['authentication_method']; + $ph1ent['generate_policy'] = $pconfig['generate_policy']; $ph1ent['proposal_check'] = $pconfig['proposal_check']; $ph1ent['descr'] = $pconfig['descr']; $ph1ent['nat_traversal'] = $pconfig['nat_traversal']; @@ -644,6 +646,22 @@ function dpdchkbox_change() { + + + + -- cgit v1.1
   
@@ -817,6 +827,10 @@ include("fbegin.inc"); ?>
   
@@ -629,6 +639,10 @@ any)");?>
  -- cgit v1.1 From a3d58a12bf8a153c490f6946e796fb79a2e6957e Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Mon, 30 May 2011 15:27:50 -0400 Subject: Use aon plugin --- usr/local/www/firewall_nat_out_edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 9456206..72bc556 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -641,7 +641,7 @@ any)");?>
 
+ /> +
+ +
 
- /> + />
-- cgit v1.1 From 0640a65b13e6bb4d262730b9a3cc8d225e16094a Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 2 Jun 2011 09:07:26 -0400 Subject: Add "Default" choice that will unset the media/mediaopt, otherwise whatever is first in the list is saved in the config. --- usr/local/www/interfaces.php | 1 + 1 file changed, 1 insertion(+) (limited to 'usr/local/www') diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index b3e7b0a..fc905b4 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -1192,6 +1192,7 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" if ($mediaopt_from_config == 'autoselect ' || $mediaopt_from_config == ' ') echo "style='display:none'>"; else echo '>'; echo '
Date: Fri, 3 Jun 2011 08:40:45 -0400 Subject: Redirect back to the CA/Cert management page after delete so a person can't refresh and accidentally delete other CA/Certs. (CRLs are deleted differently and don't need this fix) --- usr/local/www/system_camanager.php | 2 ++ usr/local/www/system_certmanager.php | 2 ++ 2 files changed, 4 insertions(+) (limited to 'usr/local/www') diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index e1b83f2..5541f83 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -92,6 +92,8 @@ if ($act == "del") { unset($a_ca[$id]); write_config(); $savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), $name) . "
"; + pfSenseHeader("system_camanager.php"); + exit; } if ($act == "edit") { diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index cc1c65a..470f0cd 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -94,6 +94,8 @@ if ($act == "del") { unset($a_cert[$id]); write_config(); $savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "
"; + pfSenseHeader("system_certmanager.php"); + exit; } if ($act == "new") { -- cgit v1.1 From 1591ea6fc80937e41e7345bfa139d2ae56d96cb4 Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 3 Jun 2011 08:43:01 -0400 Subject: Remove the warning message that a user doesn't have any CA/Certs when viewing OpenVPN connections. This is just confusing people, and isn't relevant to people using only shared key tunnels. --- usr/local/www/vpn_openvpn_client.php | 4 ---- usr/local/www/vpn_openvpn_server.php | 4 ---- 2 files changed, 8 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 4b9fc74..709b668 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -350,10 +350,6 @@ function autotls_change() { Certificate Manager to make one."; -if (count($a_cert) == 0) - $savemsg .= "
You have no Certificates defined. You must visit the Certificate Manager to make one."; if ($input_errors) print_input_errors($input_errors); diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 4a24e2e..fbecf61 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -555,10 +555,6 @@ function netbios_change() { Certificate Manager or use the Wizard. to create one. "; -if (count($a_cert) == 0) - $savemsg .= "
You have no Certificates defined. You can visit the Certificate Manager or use the Wizard. to create one. "; if ($input_errors) print_input_errors($input_errors); -- cgit v1.1 From 19cdeb3eda777f37ce89acc81f84346b8b6309d1 Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 3 Jun 2011 08:54:14 -0400 Subject: Instead of showing an emtpy drop-down for CA/Cert/CRL, show an error that there are none defined, and link to the page to create one. --- usr/local/www/vpn_openvpn_client.php | 8 ++++++++ usr/local/www/vpn_openvpn_server.php | 12 ++++++++++++ 2 files changed, 20 insertions(+) (limited to 'usr/local/www') diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 709b668..97b7769 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -628,6 +628,7 @@ if ($savemsg)
+ + + No Certificate Authorities defined.
Create one under System > Cert Manager. +
+ + + No Certificates defined.
Create one under System > Cert Manager. +
+ + + No Certificate Authorities defined.
Create one under System > Cert Manager. +
+ + + No Certificate Revocation Lists (CRLs) defined.
Create one under System > Cert Manager. +
+ + + No Certificates defined.
Create one under System > Cert Manager. +
 
 



"> +
+
+



+ ">

+ +
+ + + +
-- cgit v1.1 From c8ff68a457782dd159e8c5c1ab73e30cfe243381 Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 3 Jun 2011 10:29:44 -0400 Subject: Allow duplicating an IPsec phase 2. The code was already on vpn_ipsec_phase2.php but unlinked. --- usr/local/www/vpn_ipsec.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'usr/local/www') diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 465c607..54ed505 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -375,6 +375,9 @@ include("head.inc"); ')"> " width="17" height="17" border="0"> + + " width="17" height="17" border="0"> +