From 3c2e5528d2fb27b6a10bd02065bda1e2d9140280 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Fri, 2 Sep 2005 22:27:44 +0000 Subject: Import OpenVPN 1.2 settings(m0n0wall) from Peter Allgeyer --- usr/local/www/vpn_openvpn_cli.php | 68 +++++++++++++-------- usr/local/www/vpn_openvpn_cli_edit.php | 106 +++++++++++++++------------------ 2 files changed, 92 insertions(+), 82 deletions(-) (limited to 'usr') diff --git a/usr/local/www/vpn_openvpn_cli.php b/usr/local/www/vpn_openvpn_cli.php index c574483..b9d88f1 100755 --- a/usr/local/www/vpn_openvpn_cli.php +++ b/usr/local/www/vpn_openvpn_cli.php @@ -28,6 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -38,37 +39,48 @@ if (!is_array($config['ovpn']['client'])){ $config['ovpn']['client']['tunnel'] = array(); } +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + $ovpncli =& $config['ovpn']['client']['tunnel']; if ($_POST['apply']) { $retval = 0; - ovpn_lock(); - $retval = ovpn_config_client(); - ovpn_unlock(); + if (file_exists($d_sysrebootreqd_path)) { + /* Rewrite interface definitions */ + $retval = ovpn_client_iface(); + } + else{ + ovpn_lock(); + $retval = ovpn_config_client(); + ovpn_unlock(); + } if (file_exists($d_ovpnclidirty_path)) unlink($d_ovpnclidirty_path); $savemsg = get_std_save_message($retval); } if ($_GET['act'] == "del") { - if ($ovpncli[$_GET['id']]) { - unset($ovpncli[$_GET['id']]); + if ($ovpncli[$id]) { + $ovpnent = $ovpncli[$id]; + unset($ovpncli[$id]); + + /* Kill running processes */ + /* Remove old certs & keys */ + ovpn_client_kill($ovpnent['if']); + + /* Remove interface from list of optional interfaces */ + ovpn_client_iface_del($ovpnent['if']); + write_config(); - ovpn_client_kill($_GET['id']); - touch($d_ovpnclidirty_path); + touch($d_sysrebootreqd_path); header("Location: vpn_openvpn_cli.php"); exit; } } - -$pgtitle = "VPN: OpenVPN: Client"; -include("head.inc"); - ?> - - -

@@ -80,7 +92,7 @@ include("head.inc"); @@ -93,9 +105,11 @@ include("head.inc");

- - - + + + + + @@ -110,7 +124,13 @@ include("head.inc"); + + - + - - + +

Interface	Server address	Version	Description	Protocol	Socket	Server address	Version	Description
- + +	+ +	+	@@ -119,15 +139,15 @@ include("head.inc");	- +	-	+

diff --git a/usr/local/www/vpn_openvpn_cli_edit.php b/usr/local/www/vpn_openvpn_cli_edit.php index 8221e2a..c4136e4 100755 --- a/usr/local/www/vpn_openvpn_cli_edit.php +++ b/usr/local/www/vpn_openvpn_cli_edit.php @@ -28,6 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN", "Edit client"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -38,47 +39,7 @@ if (!is_array($config['ovpn']['client'])){ $config['ovpn']['client']['tunnel'] = array(); } -function getnxt_if($type) { - /* find the first available device of type $type */ - global $config; - $a_client = $config['ovpn']['client']['tunnel']; - $max = ($type == 'tun') ? 17 : 4; - for ($i = 1; $i < $max ; $i++) { - $hit = false; - foreach ($a_client as $client) { - if ($client['iface'] == $type . $i) { - $hit = true; - break; - } - } - if (!$hit) - return $type . $i; - } - return false; -} - -function getnxt_port() { - /* Get first unused port */ - global $config; - $a_client = $config['ovpn']['client']['tunnel']; - $port = 5001; - while (true) { - $hit = false; - foreach ($a_client as $client) { - if ($client['cport'] == $port) { - $hit = true; - break; - } - } - if (!$hit) - return $port; - $port++; - } - return false; /* should never get here */ -} - - $ovpncli =& $config['ovpn']['client']['tunnel']; $id = $_GET['id']; @@ -95,7 +56,7 @@ else { $pconfig = array(); $pconfig['type'] = 'tun'; $pconfig['proto'] = 'udp'; - $pconfig['sport'] = '5000'; + $pconfig['sport'] = '1194'; $pconfig['ver'] = '2'; $pconfig['crypto'] = 'BF-CBC'; $pconfig['pull'] = true; @@ -103,8 +64,26 @@ else { } if (isset($_POST['pull'])) { + + $pconfig = $_POST; + + $pconfig['ca_cert'] = base64_encode($pconfig['ca_cert']); + $pconfig['cli_cert'] = base64_encode($pconfig['cli_cert']); + $pconfig['cli_key'] = base64_encode($pconfig['cli_key']); + /* Called from form */ unset($input_errors); + + /* input validation */ + $reqdfields = explode(" ", "type saddr sport"); + $reqdfieldsn = explode(",", "Tunnel type,Address,Port"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + /* valid Port */ + if (($_POST['sport'] && !is_port($_POST['sport']))) + $input_errors[] = "The server's port must be an integer between 1 and 65535 (default 1194)."; + if (is_null($_POST['ca_cert'])) $input_errors[] = "You must provide a CA certificate file"; elseif (!strstr($_POST['ca_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['ca_cert'], "END CERTIFICATE")) @@ -124,20 +103,33 @@ if (isset($_POST['pull'])) { if (isset($id)) { /* Editing an existing entry */ $ovpnent = $ovpncli[$id]; + + if ( $ovpncli[$id]['sport'] != $_POST['sport'] || + $ovpncli[$id]['proto'] != $_POST['proto'] ) { + + /* some entries changed */ + for ($i = 0; isset($config['ovpn']['client']['tunnel'][$i]); $i++) { + $current = &$config['ovpn']['client']['tunnel'][$i]; + + if ($current['sport'] == $_POST['sport']) + if ($current['proto'] == $_POST['proto']) + $input_errors[] = "You already have this combination for port and protocol settings. You can't use it twice"; + } + } + /* Test Server type hasn't changed */ if ($ovpnent['type'] != $_POST['type']) { - $nxt_if = getnxt_if($_POST['type']); + $nxt_if = getnxt_client_if($_POST['type']); if (!$nxt_if) $input_errors[] = "Run out of devices for a tunnel of type {$_POST['type']}"; else $ovpnent['if'] = $nxt_if; - + /* Need to reboot in order to create interfaces cleanly */ + touch($d_sysrebootreqd_path); } /* Has the enable/disable state changed? */ if (isset($ovpnent['enable']) && isset($_POST['disabled'])) { touch($d_ovpnclidirty_path); - ovpn_client_kill($id); - ovpn_client_iface_del($id); } if (!isset($ovpnent['enable']) && !isset($_POST['disabled'])) { touch($d_ovpnclidirty_path); @@ -146,22 +138,25 @@ if (isset($_POST['pull'])) { else { /* Creating a new entry */ $ovpnent = array(); - $nxt_if = getnxt_if($_POST['type']); + $nxt_if = getnxt_client_if($_POST['type']); if (!$nxt_if) $input_errors[] = "Run out of devices for a tunnel of type {$_POST['type']}"; else $ovpnent['if'] = $nxt_if; - $ovpnent['cport'] = getnxt_port(); + $ovpnent['port'] = getnxt_client_port(); + /* I think we have to reboot to have the interface created cleanly */ + touch($d_sysrebootreqd_path); } + $ovpnent['type'] = $_POST['type']; $ovpnent['proto'] = $_POST['proto']; $ovpnent['sport'] = $_POST['sport']; $ovpnent['ver'] = $_POST['ver']; $ovpnent['saddr'] = $_POST['saddr']; $ovpnent['descr'] = $_POST['descr']; - $ovpnent['ca_cert'] = base64_encode($_POST['ca_cert']); - $ovpnent['cli_cert'] = base64_encode($_POST['cli_cert']); - $ovpnent['cli_key'] = base64_encode($_POST['cli_key']); + $ovpnent['ca_cert'] = $pconfig['ca_cert']; + $ovpnent['cli_cert'] = $pconfig['cli_cert']; + $ovpnent['cli_key'] = $pconfig['cli_key']; $ovpnent['crypto'] = $_POST['crypto']; $ovpnent['pull'] = true; //This is a fixed config for this version $ovpnent['enable'] = isset($_POST['disabled']) ? false : true; @@ -176,22 +171,17 @@ if (isset($_POST['pull'])) { write_config(); touch($d_ovpnclidirty_path); + header("Location: vpn_openvpn_cli.php"); exit; } } -$pgtitle = "VPN: OpenVPN: Edit client"; -include("head.inc"); - ?> - - -

+ - @@ -228,7 +218,7 @@ include("head.inc"); + Enter the server's port number (default is 1194). -- cgit v1.1

Disabled

Port

- Enter the server's port number (default is 5000).