From 4f8e387ddd4cb91d86fdf6f32558d66527338f2a Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Mon, 30 Jan 2006 02:25:00 +0000 Subject: OpenVPN cleanups by mposch@gmail.com --- usr/local/www/fbegin.inc | 2 +- usr/local/www/vpn_openvpn.php | 7 ++- usr/local/www/vpn_openvpn_ccd.php | 94 +++++++++++++++++++++------------- usr/local/www/vpn_openvpn_ccd_edit.php | 8 +-- usr/local/www/vpn_openvpn_cli.php | 54 ++++++++++++------- usr/local/www/vpn_openvpn_cli_edit.php | 13 +++-- usr/local/www/vpn_openvpn_crl.php | 85 +++++++++++++++++------------- usr/local/www/vpn_openvpn_crl_edit.php | 8 +-- usr/local/www/vpn_openvpn_srv.php | 54 ++++++++++++------- usr/local/www/vpn_openvpn_srv_edit.php | 7 ++- 10 files changed, 203 insertions(+), 129 deletions(-) (limited to 'usr') diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index b5f0ffd..2ecef82 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -149,7 +149,7 @@ require_once("notices.inc");

OpenVPN"; + echo "

"; } ?>

PPTP

diff --git a/usr/local/www/vpn_openvpn.php b/usr/local/www/vpn_openvpn.php index 95d3dc9..d6d3684 100755 --- a/usr/local/www/vpn_openvpn.php +++ b/usr/local/www/vpn_openvpn.php @@ -50,7 +50,7 @@ if ($_POST) { unset($input_errors); /* input validation */ - if ($_POST['enable']) { + if (isset($_POST['enable'])) { $reqdfields = explode(" ", "tun_iface bind_iface ipblock"); $reqdfieldsn = explode(",", "Tunnel type,Interface binding,IP address block start"); @@ -59,7 +59,7 @@ if ($_POST) { } /* need a test here to make sure prefix and max_clients are coherent */ - + /* Sort out the cert+key files */ if (is_null($_POST['ca_cert'])) $input_errors[] = "You must provide a CA certificate file"; @@ -84,7 +84,6 @@ if ($_POST) { if (!$input_errors) { $server =& $config['ovpn']['server']; $server['enable'] = $_POST['enable'] ? true : false; - /* Make sure that the tunnel interface type has not changed */ if ($server['tun_iface'] != $_POST['tun_iface']){ $server['tun_iface'] = $_POST['tun_iface']; @@ -133,7 +132,7 @@ if ($_POST) { } else{ ovpn_lock(); - $retval = ovpn_config_server(); + $retval = ovpn_config_server($server['enable']); ovpn_unlock(); } $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/vpn_openvpn_ccd.php b/usr/local/www/vpn_openvpn_ccd.php index c09d1f4..c20c580 100755 --- a/usr/local/www/vpn_openvpn_ccd.php +++ b/usr/local/www/vpn_openvpn_ccd.php @@ -97,32 +97,43 @@ $pgtitle = "VPN: OpenVPN"; include("head.inc"); ?> - + +

-You must apply the changes in order for them to take effect.");?>
-

+You must apply the changes in order for them to take effect.");?> - -

Server
Client
Client-specific Configuration
CRL

- WARNING: This feature is experimental and modifies your optional interface configuration. - Backup your configuration before using OpenVPN, and restore it before upgrading.
-
- - + + + diff --git a/usr/local/www/vpn_openvpn_ccd_edit.php b/usr/local/www/vpn_openvpn_ccd_edit.php index 75ff256..8ec53e5 100755 --- a/usr/local/www/vpn_openvpn_ccd_edit.php +++ b/usr/local/www/vpn_openvpn_ccd_edit.php @@ -209,8 +209,12 @@ if ($_POST) { $pgtitle = "VPN: OpenVPN: Edit client-specific configuration"; include("head.inc"); -include("fbegin.inc"); + ?> + + +

+ + + + +

+ WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading. + +

+ + @@ -156,33 +167,42 @@ include("head.inc"); - + - +

	Common Name		-	+

- - - - - - - - - - - - - - - - - - +

	pass			block

	pass (disabled)			block (disabled)

+ + + + + + + + + + + + + + + + + + + + + + + + + +

	pass			block
	pass (disabled)			block (disabled)

- -

- WARNING: This feature is experimental and modifies your optional interface configuration. - Backup your configuration before using OpenVPN, and restore it before upgrading.
-
- - + + + diff --git a/usr/local/www/vpn_openvpn_cli_edit.php b/usr/local/www/vpn_openvpn_cli_edit.php index eb5c003..3e19a32 100755 --- a/usr/local/www/vpn_openvpn_cli_edit.php +++ b/usr/local/www/vpn_openvpn_cli_edit.php @@ -27,7 +27,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -$pgtitle = array("VPN", "OpenVPN", "Edit client"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -284,8 +283,14 @@ if ($_POST) { } } +$pgtitle = "VPN: OpenVPN: Edit client"; +include("head.inc"); + ?> + +

+ - - - +WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading.

+

+ + + + +

+ WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading. + +

+ + + + @@ -148,13 +164,13 @@ if ($_GET['act'] == "del") { - + - +

Interface	Protocol		-	+

diff --git a/usr/local/www/vpn_openvpn_crl.php b/usr/local/www/vpn_openvpn_crl.php index 84a8c1d..e8f6187 100755 --- a/usr/local/www/vpn_openvpn_crl.php +++ b/usr/local/www/vpn_openvpn_crl.php @@ -78,32 +78,43 @@ $pgtitle = "VPN: OpenVPN"; include("head.inc"); ?> - + +

-You must apply the changes in order for them to take effect.");?>
-

+You must apply the changes in order for them to take effect.");?>

Disabled

- -

- WARNING: This feature is experimental and modifies your optional interface configuration. - Backup your configuration before using OpenVPN, and restore it before upgrading.
-
- - + + + +

+ + + + +

+ WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading. + +

+ + @@ -126,31 +137,33 @@ include("head.inc"); - + - + -

CRL name	Description		-	+

- - Note:
- A CRL (certificate revocation list) is used when a particular - key is compromised but when the overall PKI is still intact.
-
- Suppose you had a PKI consisting of a CA, root certificate, and - a number of client certificates. Suppose a laptop computer - containing a client key and certificate was stolen. By adding the - stolen certificate to the CRL file, you could reject any connection - which attempts to use it, while preserving the overall - integrity of the PKI.
-
- The only time when it would be necessary to rebuild the entire - PKI from scratch would be if the root certificate key itself was - compromised. - +

Note:
+ A CRL (certificate revocation list) is used when a particular + key is compromised but when the overall PKI is still intact.
+
+ Suppose you had a PKI consisting of a CA, root certificate, and + a number of client certificates. Suppose a laptop computer + containing a client key and certificate was stolen. By adding the + stolen certificate to the CRL file, you could reject any connection + which attempts to use it, while preserving the overall + integrity of the PKI.
+
+ The only time when it would be necessary to rebuild the entire + PKI from scratch would be if the root certificate key itself was + compromised. + +

diff --git a/usr/local/www/vpn_openvpn_crl_edit.php b/usr/local/www/vpn_openvpn_crl_edit.php index 0283bfd..9c5c484 100755 --- a/usr/local/www/vpn_openvpn_crl_edit.php +++ b/usr/local/www/vpn_openvpn_crl_edit.php @@ -150,12 +150,14 @@ if ($_POST) { } } -$pgtitle = "VPN: OpenVPN: Edit client-specific configuration"; +$pgtitle = "VPN: OpenVPN: Edit CRL"; include("head.inc"); ?> - + +

+ - - WARNING: This feature is experimental and modifies your optional interface configuration. Backup your configuration before using OpenVPN, and restore it before upgrading.

diff --git a/usr/local/www/vpn_openvpn_srv.php b/usr/local/www/vpn_openvpn_srv.php index 5d877db..2dc2457 100755 --- a/usr/local/www/vpn_openvpn_srv.php +++ b/usr/local/www/vpn_openvpn_srv.php @@ -28,7 +28,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -$pgtitle = array("VPN", "OpenVPN"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -82,32 +81,49 @@ if ($_GET['act'] == "del") { exit; } } + +$pgtitle = "VPN: OpenVPN"; +include("head.inc"); + ?> + +
+
-You must apply the changes in order for them to take effect.");?>
-
+You must apply the changes in order for them to take effect.");?> +
- -

-
-
Server
-
Client
-
Client-specific Configuration
-
CRL
-
+
- WARNING: This feature is experimental and modifies your optional interface configuration. - Backup your configuration before using OpenVPN, and restore it before upgrading.
-
- - + + + diff --git a/usr/local/www/vpn_openvpn_srv_edit.php b/usr/local/www/vpn_openvpn_srv_edit.php index 97ea6cd..cdbceef 100755 --- a/usr/local/www/vpn_openvpn_srv_edit.php +++ b/usr/local/www/vpn_openvpn_srv_edit.php @@ -28,7 +28,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -$pgtitle = array("VPN", "OpenVPN", "Edit server"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -512,9 +511,14 @@ if ($_POST) { } } +$pgtitle = "VPN: OpenVPN: Edit server"; +include("head.inc"); ?> + +
+ -WARNING: This feature is experimental and modifies your optional interface configuration. Backup your configuration before using OpenVPN, and restore it before upgrading.

-- cgit v1.1
+
+ + + + +
+ WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading. + +
+ + @@ -166,13 +182,13 @@ if ($_GET['act'] == "del") { - + - +

Interface Protocol - +