// * now sends Framed-IP-Address (client IP)
// * now sends Called-Station-ID (NAS IP)
// * now sends Calling-Station-ID (client IP)
+
+ // This version of radius_accounting.inc has been modified by
+ // Jonathan De Graeve <jonathan@imelda.be>. Changes made include:
+ // - RFC2869 (Radius Extensions)
+ // * now sends Acct-Input-Gigawords
+ // * now sends Acct-Output-Gigawords
+
*/
function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$radiuskey,$clientip) {
if ($debug)
echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
+ /* Initialise rand function, make it more random */
+ srand((double)microtime() * 1000000);
+
$thisidentifier=rand()%256;
$length=4+ // header
// See RFC2866 for this.
}
-function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$interimupdate=false) {
+function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$interimupdate=false, $radius_term_cause = 1) {
$sharedsecret=$radiuskey ;
# $debug = 1 ;
if(!$nasHostname[0])
$nasHostname[0] = "quewall" ;
- $input_pkts = $input_bytes = $output_pkts = $output_bytes = 0 ;
+ $input_pkts = $input_bytes = $input_gigawords = $output_pkts = $output_bytes = $output_gigawords = 0 ;
exec("/sbin/ipfw show {$ruleno}", $ipfw) ;
preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[0], $matches) ;
$input_pkts = $matches[2] ;
- $input_bytes = $matches[3] ;
+ $input_bytes = remainder($matches[3]) ;
+ $input_gigawords = gigawords($matches[3]) ;
unset($matches) ;
preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[1], $matches) ;
$output_pkts = $matches[2] ;
- $output_bytes = $matches[3] ;
+ $output_bytes = remainder($matches[3]) ;
+ $output_gigawords = gigawords($matches[3]) ;
$fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ;
if(!$fd)
if ($debug)
echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
+ /* Initialise rand function, make it more random */
+ srand((double)microtime() * 1000000);
+
$thisidentifier=rand()%256;
$length=4+ // header
6+ // Session time
6+ // input bytes
6+ // input packets
+ 6+ // input gigawords
6+ // output bytes
6+ // output packets
+ 6+ // output gigawords
2+strlen($nas_ip_address)+ //Called-Station-ID
2+strlen($clientip)+ //Calling-Station-ID
else
$acctstatustype = 2;
- // v v v v v v v v v 1 1 1 1 1 1 1 v
- // Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 E
- $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC",
+ // v v v v v v v v v 1 1 1 1 1 1 1 1 1 v
+ // Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 E
+ $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC",
4,$thisidentifier,$length/256,$length%256, // header
0,0,0,0, // authcode
6,6,0,0,0,1, // service type
40,6,0,0,0,$acctstatustype, // Acct Status Type
45,6,0,0,0,1, // Acct RADIUS Authenticated
44,2+strlen($sessionid),$sessionid, // Acct Session ID
- 49,6,1, // Acct Terminate = User Request
+ 49,6,$radius_term_cause, // Acct Terminate = User Request
46,6,time() - $start_time, // Session Time
42,6,$input_bytes, // Input Octets
47,6,$input_pkts, // Input Packets
+ 52,6,$input_gigawords, // Input Gigawords
43,6,$output_bytes, // Output Octets
48,6,$output_pkts, // Output Packets
+ 53,6,$output_gigawords, // Output Gigawords
30,2+strlen($nas_ip_address),$nas_ip_address, //Called-Station-ID
31,2+strlen($clientip),$clientip, //Calling-Station-ID
/* Generate Accounting Request Authenticator */
$RA = md5($data.$radiuskey) ;
- // v v v v v v v v v 1 1 1 1 1 1 1 v
- // Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 E
- $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC",
+ // v v v v v v v v v 1 1 1 1 1 1 1 1 1 v
+ // Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 E
+ $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC",
4,$thisidentifier,$length/256,$length%256, // header
$RA, // authcode
6,6,0,0,0,1, // service type
40,6,0,0,0,$acctstatustype, // Acct Status Type
45,6,0,0,0,1, // Acct RADIUS Authenticated
44,2+strlen($sessionid),$sessionid, // Acct Session ID
- 49,6,1, // Acct Terminate = User Request
+ 49,6,$radius_term_cause, // Acct Terminate = User Request
46,6,time() - $start_time, // Session Time
42,6,$input_bytes, // Input Octets
47,6,$input_pkts, // Input Packets
+ 52,6,$input_gigawords, // Input Gigawords
43,6,$output_bytes, // Output Octets
48,6,$output_pkts, // Output Packets
+ 53,6,$output_gigawords, // Output Gigawords
30,2+strlen($nas_ip_address),$nas_ip_address, //Called-Station-ID
31,2+strlen($clientip),$clientip, //Calling-Station-ID
return $config['interfaces']['wan']['ipaddr'];
}
+function gigawords($bytes) {
+
+ /* We use BCMath functions since normal integers don't work with so large numbers */
+ $gigawords = bcdiv( bcsub( $bytes, remainder($bytes) ) , 2147483647) ;
+
+ return $gigawords;
+}
+
+function remainder($bytes) {
+
+ /* Calculate the bytes we are going to send to the radius. */
+ $bytes = bcmod($bytes, 2147483647);
+
+ return $bytes;
+}
+
+
?>
<?xml version="1.0"?>
<!-- m0n0wall default system configuration -->
<m0n0wall>
- <version>1.5</version>
+ <version>1.6</version>
<lastchange></lastchange>
<system>
<hostname>m0n0wall</hostname>
<!--
<ondemand/>
<timeout></timeout>
+ <dnsnosec/>
-->
</pppoe>
<pptp>
<remote></remote>
<!--
<ondemand/>
+ <local-ip></local-ip>
+ <remote-ip></remote-ip>
<timeout></timeout>
-->
</pptp>
</user>
-->
</pptpd>
- <ovpn>
- <!--
- <server>
- <enable/>
- <ca_cert></ca_cert>
- <srv_cert></srv_cert>
- <srv_key></srv_key>
- <dh_param></dh_param>
- <verb></verb>
- <tun_iface></tun_iface>
- <port></port>
- <bind_iface></bind_iface>
- <cli2cli/>
- <maxcli></maxcli>
- <prefix></prefix>
- <ipblock></ipblock>
- <crypto></crypto>
- <dupcn/>
- <psh_options>
- <redir></redir>
- <redir_loc></redir_loc>
- <rte_delay></rte_delay>
- <ping></ping>
- <pingrst></pingrst>
- <pingexit></pingexit>
- <inact></inact>
- </psh_options>
- </server>
- <client>
- <tunnel></tunnel>
- <ca_cert></ca_cert>
- <cli_cert></cli_cert>
- <cli_key></cli_key>
- <type></type>
- <tunnel>
- <if></if>
- <proto></proto>
- <cport></cport>
- <saddr></saddr>
- <sport></sport>
- <crypto></crypto>
- </tunnel>
- </client>
- -->
- </ovpn>
<dnsmasq>
<enable/>
<!--
$config['version'] = "1.5";
}
+ /* convert 1.5 -> 1.6 */
+ if ($config['version'] == "1.5") {
+
+ /* Remove OpenVPN configuration */
+ unset($config['ovpn']);
+
+ /* Remove OpenVPN interfaces */
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ if (isset($config['interfaces']['opt' . $i]['ovpn'])) {
+
+ unset($config['interfaces']['opt' . $i]);
+
+ /* shift down other OPTn interfaces to get rid of holes */
+ $j = $i + 1;
+
+ /* look at the following OPTn ports */
+ while (is_array($config['interfaces']['opt' . $j])) {
+ $config['interfaces']['opt' . ($j - 1)] =
+ $config['interfaces']['opt' . $j];
+
+ if ($config['interfaces']['opt' . ($j - 1)]['descr'] == "OPT" . $j)
+ $config['interfaces']['opt' . ($j - 1)]['descr'] = "OPT" . ($j - 1);
+
+ unset($config['interfaces']['opt' . $j]);
+ $j++;
+ }
+ }
+ }
+
+ $config['version'] = "1.6";
+ }
+
write_config();
if ($g['booting'])
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
$optcfg = $config['interfaces']['opt' . $i];
- if (isset($optcfg['enable']) && !$optcfg['bridge'] && !isset($optcfg['ovpn'])) {
+ if (isset($optcfg['enable']) && !$optcfg['bridge']) {
$optsa = gen_subnet($optcfg['ipaddr'], $optcfg['subnet']);
$natrules .= filter_nat_rules_generate_if($wanif,
$optsa . "/" . $optcfg['subnet'], "", null);
if (isset($oc['enable']) && $oc['if']) {
$oic = array();
$oic['if'] = $oc['if'];
- $oic['ovpn'] = $oc['ovpn'];
if ($oc['bridge']) {
if (!strstr($oc['bridge'], "opt") ||
EOD;
foreach ($optcfg as $oc) {
- if (isset($oc['ovpn'])) {
- /* exclude OpenVPN tunneling interfaces */
- /* $ovpnclient = true; */
- continue;
- }
if (!$oc['bridge'])
$ipfrules .= "block in $log quick on $wanif from {$oc['sa']}/{$oc['sn']} to any\n";
}
/* OPT spoof check */
foreach ($optcfg as $on => $oc) {
/* omit for bridged interfaces when the filtering bridge is on */
- if ($oc['ip'] && (!$oc['bridge'] || !isset($config['bridge']['filteringbridge'])) && $oc['sa'] != "0.0.0.0")
+ if ($oc['ip'] && (!$oc['bridge'] || !isset($config['bridge']['filteringbridge'])))
$ipfrules .= filter_rules_spoofcheck_generate($on, $oc['if'], $oc['sa'], $oc['sn'], $log);
}
require_once("shaper.inc");
require_once("vpn.inc");
require_once("captiveportal.inc");
-require_once("openvpn.inc");
?>
"n_pptp_units" => 16,
"pptp_subnet" => 28,
"debug" => false,
- "latest_config" => "1.5",
+ "latest_config" => "1.6",
"nopccard_platforms" => array("wrap", "net48xx"),
"wireless_regex" => "/^(wi|ath|an)/"
);
$cmd .= " mediaopt " . escapeshellarg($optcfg['mediaopt']);
mwexec($cmd);
}
-
- /* OpenVPN configuration? */
- if (isset($optcfg['ovpn'])) {
- if (strstr($if, "tap"))
- ovpn_link_tap();
- }
$addflags = "";
if (strpos($optcfg['if'], "fxp") !== false)
EOD;
if (isset($pppoecfg['ondemand'])) {
- $mpdconf .= <<<EOD
- set iface addrs 10.0.0.1 10.0.0.2
+ if (isset($pppoecfg['local-ip']) && isset($pppoecfg['remote-ip'])) {
+ $mpdconf .= <<<EOD
+ set iface addrs {$pppoecfg['local-ip']} {$pppoecfg['remote-ip']}
+
+EOD;
+ } else {
+ $mpdconf .= <<<EOD
+ set iface addrs 192.0.2.112 192.0.2.113
EOD;
+ }
}
$mpdconf .= <<<EOD
if (isset($config['system']['dnsallowoverride'])) {
$mpdconf .= <<<EOD
set ipcp enable req-pri-dns
+
+EOD;
+ if (!isset($config['pppoe']['dnsnosec'])) {
+ $mpdconf .= <<<EOD
set ipcp enable req-sec-dns
EOD;
+ }
}
$mpdconf .= <<<EOD
+++ /dev/null
-<?php
-/*
- openvpn.inc
-
- Copyright (C) 2004 Peter Curran (peter@closeconsultants.com).
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/* include all configuration functions */
-require_once("globals.inc");
-require_once("config.inc");
-require_once("functions.inc");
-
-function ovpn_configure($reconfigure) {
- global $config;
- if (is_array($config['ovpn']['server']))
- ovpn_config_server($reconfigure);
- if (is_array($config['ovpn']['client']))
- ovpn_config_client();
- return;
-}
-
-function ovpn_link_tap() {
- /* Add a reference to the tap KLM. If ref count = 1, load it */
- global $g;
-
- if (!is_file($g['vardb_path'] ."/ovpn_tap_link")){
- $link_count = 1;
- mwexec("/sbin/kldload if_tap");
- $fd = fopen($g['vardb_path'] ."/ovpn_tap_link", 'w');
- }
- else {
- $fd = fopen($g['vardb_path'] ."/ovpn_tap_link", 'r+');
- $link_count = fread($fd);
- $link_count ++;
- }
- fwrite($fd, $link_count);
- fclose($fd);
- return true;
-}
-
-function ovpn_unlink_tap() {
- /* Remove a reference to the tap KLM. If ref count = 0, unload it */
- global $g;
-
- if (!is_file($g['vardb_path'] ."/ovpn_tap_link"))
- return false; //no file, no links so why are we called?
-
- $fd = fopen($g['vardb_path'] ."/ovpn_tap_link", 'r+');
- $link_count = fread($fd);
- $link_count --;
- fwrite($fd, $link_count);
- fclose($fd);
-
- if ($link_count == 0)
- mwexec("/sbin/kldunload if_tap");
- return true;
-}
-
-/*****************************/
-/* Server related functions */
-/*****************************/
-
-function getnxt_server_if($type) {
- /* find the first available device of type $type */
- global $config;
- $a_server = $config['ovpn']['server']['tunnel'];
- $max = ($type == 'tun') ? 17 : 4;
- for ($i = 0; $i < $max ; $i++) {
- $hit = false;
- foreach ($a_server as $server) {
- if ($server['tun_iface'] == $type . $i) {
- $hit = true;
- break;
- }
- }
- if (!$hit)
- return $type . $i;
- }
- return false;
-}
-
-function getnxt_server_port() {
- /* Get first unused port */
- global $config;
- $a_server = $config['ovpn']['server']['tunnel'];
- $port = 1194;
- while (true) {
- $hit = false;
- foreach ($a_server as $server) {
- if ($server['port'] == $port) {
- $hit = true;
- break;
- }
- }
- if (!$hit)
- if (!ovpn_port_inuse_client($port))
- return $port;
- $port++;
- }
- return false; /* should never get here */
-}
-
-/* Configure the server */
-function ovpn_config_server($reconfigure) {
- global $config, $g;
-
- foreach ($config['ovpn']['server']['tunnel'] as $id => $server) {
- /* get tunnel interface */
- $tun = $server['tun_iface'];
-
- /* kill any running openvpn daemon */
- killbypid($g['varrun_path']."/ovpn_srv_{$tun}.pid");
-
- if (isset($server['enable'])) {
-
- if ($g['booting'])
- echo "Starting OpenVPN server $id... ";
-
- /* send SIGUSR1 to running openvpn daemon */
- if ( $reconfigure == "true" && isset($server['dynip'])) {
- sigkillbypid($g['varrun_path']."/ovpn_srv_{$tun}.pid", "SIGUSR1");
- continue;
- }
-
- /* Remove old certs & keys */
- unlink_if_exists("{$g['vardb_path']}/ovpn_ca_cert_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_srv_cert_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_srv_key_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_dh_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_srv_psk_{$tun}.pem");
- unlink_if_exists("{$g['varetc_path']}/ovpn_srv_up_{$tun}.pem");
- unlink_if_exists("{$g['varetc_path']}/ovpn_cli_up_{$tun}.pem");
-
- /* Copy the TLS-Server certs & keys to disk */
- $fd = fopen("{$g['vardb_path']}/ovpn_ca_cert_{$tun}.pem", "w");
- if ($fd) {
- fwrite($fd, base64_decode($server['ca_cert'])."\n");
- fclose($fd);
- }
- $fd = fopen("{$g['vardb_path']}/ovpn_srv_cert_{$tun}.pem", "w");
- if ($fd) {
- fwrite($fd, base64_decode($server['srv_cert'])."\n");
- fclose($fd);
- }
- touch ("{$g['vardb_path']}/ovpn_srv_key_{$tun}.pem");
- chmod ("{$g['vardb_path']}/ovpn_srv_key_{$tun}.pem", 0600);
- $fd = fopen("{$g['vardb_path']}/ovpn_srv_key_{$tun}.pem", "w");
- if ($fd) {
- fwrite($fd, base64_decode($server['srv_key'])."\n");
- fclose($fd);
- }
- $fd = fopen("{$g['vardb_path']}/ovpn_dh_{$tun}.pem", "w");
- if ($fd) {
- fwrite($fd, base64_decode($server['dh_param'])."\n");
- fclose($fd);
- }
-
- touch ("{$g['vardb_path']}/ovpn_srv_psk_{$tun}.pem");
- chmod ("{$g['vardb_path']}/ovpn_srv_psk_{$tun}.pem", 0600);
- $fd = fopen("{$g['vardb_path']}/ovpn_srv_psk_{$tun}.pem", "w");
- if ($fd) {
- fwrite($fd, base64_decode($server['pre-shared-key'])."\n");
- fclose($fd);
- }
-
- /* Start the openvpn daemon */
- mwexec("/usr/local/sbin/openvpn " . ovpn_srv_config_generate($id));
-
- if ($g['booting'])
- /* Send the boot message */
- echo "done\n";
- }
- else {
- if (!$g['booting']){
- /* stop any processes, unload the tap module */
- /* Remove old certs & keys */
- ovpn_server_kill($tun);
-
- if ($server['type'] == "tap")
- ovpn_unlink_tap();
- }
- }
- }
- return 0;
-}
-
-/* Kill off a running server process */
-function ovpn_server_kill($tun) {
- global $g;
-
- killbypid("{$g['varrun_path']}/ovpn_srv_{$tun}.pid");
-
- /* Remove old certs & keys */
- unlink_if_exists("{$g['vardb_path']}/ovpn_ca_cert_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_srv_cert_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_srv_key_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_dh_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_srv_psk_{$tun}.pem");
-
- return 0;
-}
-
-/* Generate the config for a OpenVPN server */
-function ovpn_srv_config_generate($id) {
- global $config, $g;
- $server = $config['ovpn']['server']['tunnel'][$id];
-
- /* get tunnel interface */
- $tun = $server['tun_iface'];
-
- /* get optional interface name */
- $iface = ovpn_get_opt_interface($tun);
-
- /* First the generic stuff:
- - We are a server
- - We are a TLS Server (for authentication)
- - We will run without privilege
- */
- $ovpn_config = "--daemon --user nobody --group nobody --verb {$server['verb']} --persist-tun --persist-key --status /var/log/openvpn_{$tun}.log 60 ";
-
- /* pid file */
- $ovpn_config .= "--writepid {$g['varrun_path']}/ovpn_srv_{$tun}.pid ";
-
- /* interface */
- $ovpn_config .= "--dev {$server['tun_iface']} ";
-
- /* port */
- $ovpn_config .= "--port {$server['port']} ";
-
- /* Set protocol being used (p = udp (default), tcp-server)
- if ($server['proto'] == 'tcp') {
- $ovpn_config .= "--proto tcp-server ";
- }
-
- /* Interface binding - 1 or all */
- if ($server['bind_iface'] != 'all') {
- if ($ipaddr = ovpn_get_ip($server['bind_iface']))
- $ovpn_config .= "--local $ipaddr ";
- else
- return "Interface bridged";
- }
-
- /* are we using dynamic ip addresses? */
- if (isset($server['dynip']))
- $ovpn_config .= "--persist-remote-ip ";
-
- /* Client to client routing (off by default) */
- if (isset($server['cli2cli']))
- $ovpn_config .= "--client-to-client ";
-
- /* Set maximum simultaneous clients */
- $ovpn_config .= "--max-clients {$server['maxcli']} ";
-
- /* bridging enabled? */
- if (($ifname = $config['interfaces'][$iface]['bridge']) && $server['type'] == "tap") {
- $gateway = $config['interfaces'][$ifname]['ipaddr'];
- $netmask = gen_subnet_mask($config['interfaces'][$ifname]['subnet']);
- $poolstart = $server['ipblock'];
- $poolend = gen_subnet_max($server['ipblock'], $server['prefix']);
-
- $ovpn_config .= "--server-bridge $gateway $netmask $poolstart $poolend ";
-
- $lastdigits = substr($tun, 3) + 2;
- $ovpn_srv_up = "/sbin/ifconfig " . $tun . " 127.0.0." . $lastdigits . "/32\n";
-
- $fd = fopen("{$g['varetc_path']}/ovpn_srv_up_{$tun}.sh", "w");
- if ($fd) {
- fwrite($fd, $ovpn_srv_up);
- fclose($fd);
- chmod ("{$g['varetc_path']}/ovpn_srv_up_{$tun}.sh", 0755);
- $ovpn_config .= "--up /var/etc/ovpn_srv_up_{$tun}.sh ";
- }
- } else {
- /* New --server macro simplifies config */
- $netmask = gen_subnet_mask($server['prefix']);
-
- $ovpn_config .= "--server {$server['ipblock']} {$netmask} ";
- }
-
- /* TLS-Server params */
- $ovpn_config .= "--ca {$g['vardb_path']}/ovpn_ca_cert_{$tun}.pem ";
- $ovpn_config .= "--cert {$g['vardb_path']}/ovpn_srv_cert_{$tun}.pem ";
- $ovpn_config .= "--key {$g['vardb_path']}/ovpn_srv_key_{$tun}.pem ";
- $ovpn_config .= "--dh {$g['vardb_path']}/ovpn_dh_{$tun}.pem ";
-
- /* TLS auth */
- if (isset($server['tlsauth']))
- $ovpn_config .= "--tls-auth {$g['vardb_path']}/ovpn_srv_psk_{$tun}.pem 0 ";
-
- /* Data channel encryption cipher*/
- $ovpn_config .= "--cipher {$server['crypto']} ";
-
- /* Duplicate CNs */
- if (isset($server['dupcn']))
- $ovpn_config .= "--duplicate-cn ";
-
- /* Client push - redirect gateway */
- if (isset($server['psh_options']['redir'])){
- if (isset($server['psh_options']['redir_loc']))
- $ovpn_config .= "--push \"redirect-gateway local\" ";
- else
- $ovpn_config .= "--push \"redirect-gateway\" ";
- }
-
- /* Client push - route delay */
- if (isset($server['psh_options']['rte_delay']))
- $ovpn_config .= "--push \"route-delay {$server['psh_options']['rte_delay_int']}\" ";
-
- /* Client push - ping (note we set both server and client) */
- if (isset ($server['psh_options']['ping'])){
- $conflict = true;
- $interval = $server['psh_options']['ping_int'];
- $ovpn_config .= "--ping {$server['psh_options']['ping_int']} ";
- $ovpn_config .= "--push \"ping {$server['psh_options']['ping_int']}\" ";
- }
-
- /* Client push - ping-restart (note server uses 2 x client interval) */
- if (isset ($server['psh_options']['pingrst'])){
- $conflict = true;
- $interval = $server['psh_options']['pingrst_int'];
- $ovpn_config .= "--ping-restart " . ($interval * 2) . " ";
- $ovpn_config .= "--push \"ping-restart $interval\" ";
- }
-
- /* Client push - ping-exit (set on client) */
- if (isset ($server['psh_options']['pingexit'])){
- $conflict = true;
- $ovpn_config .= "--ping-exit {$server['psh_options']['pingexit_int']} ";
- $ovpn_config .= "--push \"ping-exit {$server['psh_options']['pingexit_int']}\" ";
- }
-
- /* Client push - inactive (set on client) */
- if (isset ($server['psh_options']['inact'])){
- $ovpn_config .= "--inactive {$server['psh_options']['inact_int']} ";
- $ovpn_config .= "--push \"inactive {$server['psh_options']['inact_int']}\" ";
- }
-
- if (!isset($conflict))
- $ovpn_config .= "--keepalive 10 60 ";
-
- //trigger_error("OVPN: $ovpn_config", E_USER_NOTICE);
- return $ovpn_config;
-}
-
-/* Define an OVPN Server tunnel interface in the interfaces array and assign a name */
-function ovpn_server_iface(){
- global $config, $g;
-
- foreach ($config['ovpn']['server']['tunnel'] as $id => $server) {
- if (isset($server['enable'])) {
-
- /* get tunnel interface */
- $tun = $server['tun_iface'];
-
- $i = 1;
- while (true) {
- $ifname = 'opt' . $i;
- if (is_array($config['interfaces'][$ifname])) {
- if ((isset($config['interfaces'][$ifname]['ovpn']))
- && ($config['interfaces'][$ifname]['ovpn'] == "server_{$tun}"))
- /* Already an interface defined - overwrite */
- break;
- }
- else {
- /* No existing entry, this is first unused */
- $config['interfaces'][$ifname] = array();
- break;
- }
- $i++;
- }
- $config['interfaces'][$ifname]['descr'] = strtoupper($ifname);
- $config['interfaces'][$ifname]['if'] = $server['tun_iface'];
- $config['interfaces'][$ifname]['ipaddr'] = long2ip( ip2long($server['ipblock']) + 1);
- $config['interfaces'][$ifname]['subnet'] = $server['prefix'];
- $config['interfaces'][$ifname]['enable'] = isset($server['enable']) ? true : false;
- $config['interfaces'][$ifname]['ovpn'] = "server_{$tun}";
-
- write_config();
- }
- }
- return "OpenVPN server interface defined";
-}
-
-/* Delete a server interface definition */
-function ovpn_server_iface_del($tun) {
- global $config;
-
- for ($i = 1; is_array($config['interfaces']['opt' . $i]); $i++) {
- $ifname = 'opt' . $i;
- if ((isset($config['interfaces'][$ifname]['ovpn']))
- && ($config['interfaces'][$ifname]['if'] == "$tun")) {
- unset($config['interfaces'][$ifname]);
- break;
- }
- }
-
-
- /* shift down other OPTn interfaces to get rid of holes */
- $i++;
-
- /* look at the following OPTn ports */
- while (is_array($config['interfaces']['opt' . $i])) {
- $config['interfaces']['opt' . ($i - 1)] =
- $config['interfaces']['opt' . $i];
-
- unset($config['interfaces']['opt' . $i]);
- $i++;
- }
-}
-
-
-/****************************/
-/* Client related functions */
-/****************************/
-
-function getnxt_client_if($type) {
- /* find the first available device of type $type */
- global $config;
- $max = ($type == 'tun') ? 17 : 4;
- for ($i = 0; $i < $max; $i++) {
- $hit = false;
- foreach ($a_client as $client) {
- if ($client['if'] == $type . $i) {
- $hit = true;
- break;
- }
- }
- if (!$hit)
- return $type . $i;
- }
- return false;
-}
-
-function getnxt_client_port() {
- /* Get first unused port */
- global $config;
- $a_client = $config['ovpn']['client']['tunnel'];
- $port = 1194;
- while (true) {
- $hit = false;
- foreach ($a_client as $client) {
- if ($client['port'] == $port) {
- $hit = true;
- break;
- }
- }
- if (!$hit)
- if (!ovpn_port_inuse_server($port))
- return $port;
- $port++;
- }
- return false; /* should never get here */
-}
-
-/* Port in use */
-function ovpn_port_inuse_client($port){
- global $config;
- $a_client = $config['ovpn']['client']['tunnel'];
- foreach ($a_client as $client) {
- if ($client['port'] == $port) {
- return true;
- }
- }
- return false;
-}
-
-function ovpn_config_client() {
- /* Boot time configuration */
- global $config, $g;
-
- foreach ($config['ovpn']['client']['tunnel'] as $id => $client) {
-
- /* get tunnel interface */
- $tun = $client['if'];
-
- /* kill any running openvpn daemon */
- killbypid($g['varrun_path']."/ovpn_cli_{$tun}.pid");
-
- if (isset($client['enable'])) {
-
- if ($g['booting'])
- echo "Starting OpenVPN client $id... ";
-
- /* Remove old certs & keys */
- unlink_if_exists("{$g['vardb_path']}/ovpn_cli_ca_cert_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_cli_cert_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_cli_key_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_cli_psk_{$tun}.pem");
- unlink_if_exists("{$g['varetc_path']}/ovpn_cli_up_{$tun}.pem");
-
- /* Copy the TLS-Client certs & keys to disk */
- $fd = fopen("{$g['vardb_path']}/ovpn_cli_ca_cert_{$tun}.pem", "w");
- if ($fd) {
- fwrite($fd, base64_decode($client['ca_cert'])."\n");
- fclose($fd);
- }
- else
- trigger_error("OVPN: No open for CA", E_USER_NOTICE);
- $fd = fopen("{$g['vardb_path']}/ovpn_cli_cert_{$tun}.pem", "w");
- if ($fd) {
- fwrite($fd, base64_decode($client['cli_cert'])."\n");
- fclose($fd);
- }
- touch ("{$g['vardb_path']}/ovpn_cli_key_{$tun}.pem");
- chmod ("{$g['vardb_path']}/ovpn_cli_key_{$tun}.pem", 0600);
- $fd = fopen("{$g['vardb_path']}/ovpn_cli_key_{$tun}.pem", "w");
- if ($fd) {
- fwrite($fd, base64_decode($client['cli_key'])."\n");
- fclose($fd);
- }
- touch ("{$g['vardb_path']}/ovpn_cli_psk_{$tun}.pem");
- chmod ("{$g['vardb_path']}/ovpn_cli_psk_{$tun}.pem", 0600);
- $fd = fopen("{$g['vardb_path']}/ovpn_cli_psk_{$tun}.pem", "w");
- if ($fd) {
- fwrite($fd, base64_decode($client['pre-shared-key'])."\n");
- fclose($fd);
- }
-
- /* Start openvpn for this client */
- mwexec("/usr/local/sbin/openvpn " . ovpn_cli_config_generate($id));
-
- if ($g['booting'])
- /* Send the boot message */
- echo "done\n";
- }
- else {
- if (!$g['booting']){
- /* stop any processes, unload the tap module */
- /* Remove old certs & keys */
- ovpn_client_kill($tun);
-
- if ($client['type'] == "tap")
- ovpn_unlink_tap();
- }
- }
- }
- return 0;
-
-}
-
-/* Kill off a running client process */
-function ovpn_client_kill($tun) {
- global $g;
-
- killbypid("{$g['varrun_path']}/ovpn_cli_{$tun}.pid");
-
- /* Remove old certs & keys */
- unlink_if_exists("{$g['vardb_path']}/ovpn_cli_ca_cert_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_cli_cert_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_cli_key_{$tun}.pem");
- unlink_if_exists("{$g['vardb_path']}/ovpn_cli_psk_{$tun}.pem");
-
- return 0;
-}
-
-/* Generate the config for a OpenVPN client */
-function ovpn_cli_config_generate($id) {
- /* configure the named client */
- global $config, $g;
- $client = $config['ovpn']['client']['tunnel'][$id];
-
- /* get tunnel interface */
- $tun = $client['if'];
-
- /* get optional interface name */
- $iface = ovpn_get_opt_interface($tun);
-
- /* Client support in 2.0 is very simple */
- $ovpn_config = "--client --daemon --verb 1 --status /var/log/openvpn_{$tun}.log 60 ";
-
- /* pid file */
- $ovpn_config .= "--writepid {$g['varrun_path']}/ovpn_cli_{$tun}.pid ";
-
- /* interface */
- $ovpn_config .= "--dev {$client['if']} ";
-
- /* protocol */
- /* Set protocol being used (p = udp (default), tcp-client)
- if ($client['proto'] == 'tcp') {
- $ovpn_config .= "--proto tcp-client ";
- }
-
- /* port */
- $ovpn_config .= "--lport {$client['port']} ";
-
- /* server location */
- $ovpn_config .= "--remote {$client['saddr']} {$client['sport']} ";
-
- /* bridging enabled? */
- if (($ifname = $config['interfaces'][$iface]['bridge']) && $client['type'] == "tap") {
- $lastdigits = substr($tun, 3) + 2;
- $ovpn_srv_up = "/sbin/ifconfig " . $tun . " 127.0.0." . $lastdigits . "/32\n";
-
- $fd = fopen("{$g['varetc_path']}/ovpn_cli_up_{$tun}.sh", "w");
- if ($fd) {
- fwrite($fd, $ovpn_cli_up);
- fclose($fd);
- chmod ("{$g['varetc_path']}/ovpn_cli_up_{$tun}.sh", 0755);
- $ovpn_config .= "--up /var/etc/ovpn_cli_up_{$tun}.sh ";
- }
- }
-
- /* TLS-Client params */
- $ovpn_config .= "--ca {$g['vardb_path']}/ovpn_cli_ca_cert_{$tun}.pem ";
- $ovpn_config .= "--cert {$g['vardb_path']}/ovpn_cli_cert_{$tun}.pem ";
- $ovpn_config .= "--key {$g['vardb_path']}/ovpn_cli_key_{$tun}.pem ";
-
- /* TLS auth */
- if (isset($client['tlsauth']))
- $ovpn_config .= "--tls-auth {$g['vardb_path']}/ovpn_cli_psk_{$tun}.pem 1 ";
-
- /* Data channel encryption cipher*/
- $ovpn_config .= "--cipher {$client['crypto']} ";
-
- //trigger_error("OVPN: $ovpn_config", E_USER_NOTICE);
- return $ovpn_config;
-}
-
-/* Define an OVPN tunnel interface in the interfaces array for each client */
-function ovpn_client_iface(){
- global $config;
-
- foreach ($config['ovpn']['client']['tunnel'] as $id => $client) {
- if (isset($client['enable'])) {
-
- /* get tunnel interface */
- $tun = $client['if'];
-
- $i = 1;
- while (true) {
- $ifname = 'opt' . $i;
- if (is_array($config['interfaces'][$ifname])) {
- if ((isset($config['interfaces'][$ifname]['ovpn']))
- && ($config['interfaces'][$ifname]['ovpn'] == "client_{$tun}"))
- /* Already an interface defined - overwrite */
- break;
- }
- else {
- /* No existing entry, this is first unused */
- $config['interfaces'][$ifname] = array();
- break;
- }
- $i++;
- }
- $config['interfaces'][$ifname]['descr'] = strtoupper($ifname);
- $config['interfaces'][$ifname]['if'] = $client['if'];
- $config['interfaces'][$ifname]['ipaddr'] = "0.0.0.0";
- $config['interfaces'][$ifname]['subnet'] = "0";
- $config['interfaces'][$ifname]['enable'] = isset($client['enable']) ? true : false;
- $config['interfaces'][$ifname]['ovpn'] = "client_{$tun}";
- write_config();
- }
- }
- return "OpenVPN client interfaces defined";
-}
-
-/* Delete a client interface definition */
-function ovpn_client_iface_del($tun) {
- global $config;
-
- for ($i = 1; is_array($config['interfaces']['opt' . $i]); $i++) {
- $ifname = 'opt' . $i;
- if ((isset($config['interfaces'][$ifname]['ovpn']))
- && ($config['interfaces'][$ifname]['if'] == "$tun")) {
- unset($config['interfaces'][$ifname]);
- break;
- }
- }
-
-
- /* shift down other OPTn interfaces to get rid of holes */
- $i++;
-
- /* look at the following OPTn ports */
- while (is_array($config['interfaces']['opt' . $i])) {
- $config['interfaces']['opt' . ($i - 1)] =
- $config['interfaces']['opt' . $i];
-
- unset($config['interfaces']['opt' . $i]);
- $i++;
- }
-}
-
-
-/******************/
-/* Misc functions */
-
-/* Calculate the last address in a range given the start and /prefix */
-function ovpn_calc_end($start, $prefix){
-
- $first = ip2long($start);
- $last = pow(2,(32 - $prefix)) - 1 + $first;
- return long2ip($last);
-}
-
-/* Calculate a mask given a /prefix */
-function ovpn_calc_mask($prefix){
-
- return long2ip(ip2long("255.255.255.255") - (pow( 2, (32 - $prefix)) - 1));
-}
-
-/* Port in use */
-function ovpn_port_inuse_server($port){
- global $config;
- $a_server = $config['ovpn']['server']['tunnel'];
- foreach ($a_server as $server) {
- if ($server['port'] == $port) {
- return true;
- }
- }
- return false;
-}
-
-/* Read in a file from the $_FILES array */
-function ovpn_get_file($file){
- global $g;
-
- if (!is_uploaded_file($_FILES[$file]['tmp_name'])){
- trigger_error("Bad file upload".$_FILES[$file]['error'], E_USER_NOTICE);
- return NULL;
- }
- $contents = file_get_contents($_FILES[$file]['tmp_name']);
- return $contents;
-}
-
-
-/* Get the IP address of a specified interface */
-function ovpn_get_ip($iface){
- global $config;
-
- if ($iface == 'wan')
- return get_current_wan_address();
-
- if ($config['interfaces'][$iface]['bridge'])
- /* No bridging (yet) */
- return false;
- return $config['interfaces'][$iface]['ipaddr'];
-}
-
-
-/* Get a list of the cipher options supported by OpenVPN */
-function ovpn_get_cipher_list(){
-
-/* exec("/usr/local/sbin/openvpn --show-ciphers", $raw);
- print_r ($raw);
-
- $ciphers = preg_grep('/ bit default key /', $raw);
-
- for($i = 0; $i <count($ciphers); $i++){
- $tmp = explode(' ',$ciphers[$i]);
- $cipher_list["$tmp[0]"] = "{$tmp[0]} ({$tmp[1]} {$tmp[2]})";
- }
-*/
- $cipher_list = array('DES-CBC' => 'DES-CBC (64 bit)',
- 'RC2-CBC' => 'RC2-CBC (128 bit)',
- 'DES-EDE-CBC' => 'DES-EDE-CBC (128 bit)',
- 'DES-EDE3-CBC' => 'DES-EDE3-CBC (192 bit)',
- 'DESX-CBC' => 'DESX-CBC (192 bit)',
- 'BF-CBC' => 'BF-CBC (128 bit)',
- 'RC2-40-CBC' => 'RC2-40-CBC (40 bit)',
- 'CAST5-CBC' => 'CAST5-CBC (128 bit)',
- 'RC5-CBC' => 'RC5-CBC (128 bit)',
- 'RC2-64-CBC' => 'RC2-64-CBC (64 bit)',
- 'AES-128-CBC' => 'AES-128-CBC (128 bit)',
- 'AES-192-CBC' => 'AES-192-CBC (192 bit)',
- 'AES-256-CBC' => 'AES-256-CBC (256 bit)');
- return $cipher_list;
-}
-
-
-/* Get optional interface */
-/* needs tunneling interface (tun0, tun1, tap0, ...) */
-/* returns optional interface name (opt2, opt3, ...) */
-function ovpn_get_opt_interface($tun){
- global $config;
-
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
- $ifname = 'opt' . $i;
-
- if (isset($config['interfaces']['opt' . $i]['ovpn']))
- if ($config['interfaces'][$ifname]['if'] == "$tun")
- return $ifname;
- }
- /* not found? */
- return false;
-}
-
-/* Build a list of the current real interfaces */
-function ovpn_real_interface_list(){
- global $config;
-
- $interfaces = array('all' => 'ALL',
- 'lan' => 'LAN',
- 'wan' => 'WAN');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
- if (isset($config['interfaces']['opt' . $i]['ovpn']))
- /* Hide our own interface */
- break;
- if (isset($config['interfaces']['opt' . $i]['enable']))
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
- }
- return $interfaces;
-}
-
-
-/* lock openvpn information, decide that the lock file is stale after
- 10 seconds */
-function ovpn_lock() {
-
- global $g;
-
- $lockfile = "{$g['varrun_path']}/ovpn.lock";
-
- $n = 0;
- while ($n < 10) {
- /* open the lock file in append mode to avoid race condition */
- if ($fd = fopen($lockfile, "x")) {
- /* succeeded */
- fclose($fd);
- return;
- } else {
- /* file locked, wait and try again */
- sleep(1);
- $n++;
- }
- }
-}
-
-/* unlock configuration file */
-function ovpn_unlock() {
-
- global $g;
-
- $lockfile = "{$g['varrun_path']}/ovpn.lock";
-
- if (file_exists($lockfile))
- unlink($lockfile);
-}
-
-?>
if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
foreach($config['dnsmasq']['domainoverrides'] as $override) {
- $args .= escapeshellarg(' --server=/' . $override['domain'] . '/' . $override['ip']);
+ $args .= " " . escapeshellarg('--server=/' . $override['domain'] . '/' . $override['ip']);
}
}
if (is_numeric($standby)) {
// Sync the disk(s)
mwexec('/bin/sync');
- if (!mwexec('/sbin/sysctl hw.ata.suspend=' . ((int)$standby))) {
+ if (!mwexec('/sbin/sysctl hw.ata.suspend=' . ((int)$standby*60))) {
// Reinitialize ATA-drives
mwexec('/usr/local/sbin/atareinit');
if ($g['booting']) {
/* set up Optional interfaces */
interfaces_optional_configure();
-
- /* start OpenVPN server & clients */
- ovpn_configure(false);
/* resync ipfilter */
filter_resync();
/* reconfigure IPsec tunnels */
vpn_ipsec_configure(true);
-
- /* reconfigure OpenVPN tunnels */
- ovpn_configure(true);
/* regenerate resolv.conf if DNS overrides are allowed or the BigPond
client is enabled */
$pgtitle = array("Diagnostics", "ARP table");
require("guiconfig.inc");
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if ($_GET['act'] == "del") {
+ if (isset($id)) {
+ /* remove arp entry from arp table */
+ mwexec("/usr/sbin/arp -d " . escapeshellarg($id));
+
+ /* redirect to avoid reposting form data on refresh */
+ header("Location: diag_arp.php");
+ exit;
+ } else {
+ /* remove all entries from arp table */
+ mwexec("/usr/sbin/arp -d -a");
+
+ /* redirect to avoid reposting form data on refresh */
+ header("Location: diag_arp.php");
+ exit;
+ }
+}
+
+$resolve = isset($config['syslog']['resolve']);
?>
+
<?php include("fbegin.inc"); ?>
<?php
function getHostName($mac,$ip)
{
- global $dhcpmac, $dhcpip;
+ global $dhcpmac, $dhcpip, $resolve;
if ($dhcpmac[$mac])
return $dhcpmac[$mac];
else if ($dhcpip[$ip])
return $dhcpip[$ip];
- else
- return " ";
+ else if ($resolve)
+ return gethostbyaddr($ip);
+ else
+ return " ";
}
?>
<td class="listhdr">Interface</td>
<td class="list"></td>
</tr>
-<?php foreach ($data as $entry): ?>
+<?php $i = 0; foreach ($data as $entry): ?>
<tr>
<td class="listlr"><?=$entry['ip'];?></td>
<td class="listr"><?=$entry['mac'];?></td>
<td class="listr"><?=getHostName($entry['mac'], $entry['ip']);?></td>
<td class="listr"><?=$hwif[$entry['interface']];?></td>
+ <td valign="middle" nowrap class="list"><a href="diag_arp.php?act=del&id=<?=$entry['ip'];?>"><img src="x.gif" title="delete arp entry" width="17" height="17" border="0"></a></td>
+ </tr>
+<?php $i++; endforeach; ?>
+ <tr>
+ <td></td>
+ </tr>
+ <tr>
+ <td class="list" colspan="4"></td>
+ <td class="list"><a href="diag_arp.php?act=del"><img src="x.gif" title="remove all entries from arp table" width="17" height="17" border="0"></a></td>
+ </tr>
+ <tr>
+ <td colspan="4">
+ <span class="vexpl"><span class="red"><strong>Hint:<br>
+ </strong></span>IP addresses are resolved to hostnames if
+ "Resolve IP addresses to hostnames"
+ is checked on the <a href="diag_logs_settings.php">
+ Diagnostics: Logs</a> page.</span>
+ </td>
</tr>
-<?php endforeach; ?>
</table>
<?php include("fend.inc"); ?>
POSSIBILITY OF SUCH DAMAGE.
*/
-$pgtitle = array("Diagnostics", "Ping");
+$pgtitle = array("Diagnostics", "Ping/Traceroute");
require("guiconfig.inc");
define('MAX_COUNT', 10);
}
?>
<?php include("fbegin.inc"); ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
+ <ul id="tabnav">
+ <li class="tabact">Ping</li>
+ <li class="tabinact"><a href="diag_traceroute.php">Traceroute</a></li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
<?php if ($input_errors) print_input_errors($input_errors); ?>
<form action="diag_ping.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
</tr>
</table>
</form>
+</td></tr></table>
<?php include("fend.inc"); ?>
POSSIBILITY OF SUCH DAMAGE.
*/
-$pgtitle = array("Diagnostics", "Traceroute");
+$pgtitle = array("Diagnostics", "Ping/Traceroute");
require("guiconfig.inc");
$do_traceroute = true;
$host = $_POST['host'];
$ttl = $_POST['ttl'];
-
+ $resolve = $_POST['resolve'];
}
}
if (!isset($do_traceroute)) {
$do_traceroute = false;
$host = '';
$ttl = DEFAULT_TTL;
+ $resolve = false;
}
?>
<?php include("fbegin.inc"); ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
+ <ul id="tabnav">
+ <li class="tabinact"><a href="diag_ping.php">Ping</a></li>
+ <li class="tabact">Traceroute</li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
<?php if ($input_errors) print_input_errors($input_errors); ?>
<form action="diag_traceroute.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<?php endfor; ?>
</select></td>
</tr>
+ <tr>
+ <td valign="top" class="vtable"> </td>
+ <td class="vtable"> <input name="resolve" type="checkbox" id="resolve" value="yes" <?php if ($resolve) echo "checked"; ?>>
+ <strong>Resolve IP addresses to hostnames</strong><br>
+ </td>
+ </tr>
<tr>
<td width="22%" valign="top"> </td>
<td width="78%">
echo("<br><strong>Traceroute output:</strong><br>");
echo('<pre>');
ob_end_flush();
- system("/usr/sbin/traceroute -w 2 -m " . escapeshellarg($ttl) . " " . escapeshellarg($host));
+ system("/usr/sbin/traceroute " . ($resolve ? "" : "-n ") . "-w 2 -m " . escapeshellarg($ttl) . " " . escapeshellarg($host));
echo('</pre>');
}
?>
</tr>
</table>
</form>
+</td></tr></table>
<?php include("fend.inc"); ?>
<strong>VPN</strong><br>
<a href="/vpn_ipsec.php" class="navlnk">IPsec</a><br>
<a href="/vpn_pptp.php" class="navlnk">PPTP</a><br>
- <a href="/vpn_openvpn_srv.php" class="navlnk">OpenVPN</a><br>
<strong>Status</strong><br>
<a href="/index.php" class="navlnk">System</a><br>
<a href="/status_interfaces.php" class="navlnk">Interfaces</a><br>
- <?php if (is_array($config['ovpn']['server']['tunnel'])): ?>
- <a href="/status_ovpn.php" class="navlnk">OpenVPN</a><br>
- <?php endif; ?>
<a href="/status_graph.php" class="navlnk">Traffic graph</a><br>
<a href="/status_wireless.php" class="navlnk">Wireless</a><br>
<?php if (isset($config['captiveportal']['enable'])): ?>
<a href="/diag_logs.php" class="navlnk">Logs</a><br>
<a href="/diag_dhcp_leases.php" class="navlnk">DHCP leases</a><br>
<a href="/diag_ipsec_sad.php" class="navlnk">IPsec</a><br>
- <a href="/diag_ping.php" class="navlnk">Ping</a><br>
- <a href="/diag_traceroute.php" class="navlnk">Traceroute</a><br>
+ <a href="/diag_ping.php" class="navlnk">Ping/Traceroute</a><br>
<a href="/diag_arp.php" class="navlnk">ARP table</a><br>
<a href="/diag_ipfstat.php" class="navlnk">Firewall states</a><br>
<a href="/diag_resetstate.php" class="navlnk">Reset state</a><br>
rules will be automatically generated anymore. Instead, only the mappings
you specify below will be used. With advanced outbound NAT disabled,
a mapping is automatically created for each interface's subnet
- (except WAN).</span> If you use target addresses other than the WAN interface's IP address, then depending on<span class="vexpl"> the way your WAN connection is setup, you may also need <a href="services_proxyarp.php">proxy ARP</a>.</span><br>
+ (except WAN) and any mappings specified below will be ignored.</span>
+ If you use target addresses other than the WAN interface's IP address,
+ then depending on<span class="vexpl"> the way your WAN connection is setup,
+ you may also need <a href="services_proxyarp.php">proxy ARP</a>.</span><br>
<br>
You may enter your own mappings below.</p>
</td>
}
function fr_insline(id, on) {
var row = document.getElementById('fr' + id);
+ var prevrow;
if (id != 0) {
- var prevrow = document.getElementById('fr' + (id-1));
+ prevrow = document.getElementById('fr' + (id-1));
} else {
- var prevrow = document.getElementById('frheader');
+ if (<?php if (($if == "wan") && isset($config['interfaces']['wan']['blockpriv'])) echo "true"; else echo "false"; ?>) {
+ prevrow = document.getElementById('frrfc1918');
+ } else {
+ prevrow = document.getElementById('frheader');
+ }
}
var cells = row.getElementsByTagName("td");
<td width="22%" class="listhdr">Description</td>
<td width="10%" class="list"></td>
</tr>
+<?php if (($if == "wan") && isset($config['interfaces']['wan']['blockpriv'])): ?>
+ <tr valign="top" id="frrfc1918">
+ <td class="listt"></td>
+ <td class="listt" align="center"><img src="block.gif" width="11" height="11" border="0"></td>
+ <td class="listlr" style="background-color: #e0e0e0">*</td>
+ <td class="listr" style="background-color: #e0e0e0">RFC 1918 networks</td>
+ <td class="listr" style="background-color: #e0e0e0">*</td>
+ <td class="listr" style="background-color: #e0e0e0">*</td>
+ <td class="listr" style="background-color: #e0e0e0">*</td>
+ <td class="listbg" style="background-color: #e0e0e0">Block private networks</td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><img src="left_d.gif" width="17" height="17" title="move selected rules before this rule"></td>
+ <td><a href="interfaces_wan.php#rfc1918"><img src="e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
+ </tr>
+ <tr>
+ <td align="center" valign="middle"></td>
+ <td><img src="plus_d.gif" title="add a new rule based on this one" width="17" height="17" border="0"></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+<?php endif; ?>
<?php $nrules = 0; for ($i = 0; isset($a_filter[$i]); $i++):
$filterent = $a_filter[$i];
if ($filterent['interface'] != $if)
$d_sysrebootreqd_path = $g['varrun_path'] . "/sysreboot.reqd";
$d_passthrumacsdirty_path = $g['varrun_path'] . "/passthrumacs.dirty";
$d_allowedipsdirty_path = $g['varrun_path'] . "/allowedips.dirty";
-$d_ovpnclidirty_path = $g['varrun_path'] . "/ovpnclient.dirty";
-$d_ovpnsrvdirty_path = $g['varrun_path'] . "/ovpnserver.dirty";
if (file_exists($d_firmwarelock_path)) {
if (!$d_isfwfile) {
<td class="list"> </td>
</tr>
<?php foreach ($config['interfaces'] as $ifname => $iface):
- /* we don't want to see the OpenVPN tun interfaces */
- if (isset($iface['ovpn']))
- continue;
-
if ($iface['descr'])
$ifdescr = $iface['descr'];
else
$pconfig['subnet'] = $optcfg['subnet'];
$pconfig['enable'] = isset($optcfg['enable']);
-$pgtitle = array("Interfaces", "Optional $index (" . htmlspecialchars($optcfg['descr']) . ")");
-
/* Wireless interface? */
if (isset($optcfg['wireless'])) {
require("interfaces_wlan.inc");
$optcfg['subnet'] = $_POST['subnet'];
$optcfg['bridge'] = $_POST['bridge'];
$optcfg['enable'] = $_POST['enable'] ? true : false;
-
+
write_config();
$retval = 0;
$savemsg = get_std_save_message($retval);
}
}
+
+$pgtitle = array("Interfaces", "Optional $index (" . htmlspecialchars($optcfg['descr']) . ")");
?>
+
<?php include("fbegin.inc"); ?>
<script language="JavaScript">
<!--
function enable_change(enable_over) {
var endis;
- endis = !((document.iform.bridge.selectedIndex == 0) || enable_over);
+ endis = !(document.iform.enable.checked || enable_over);
+ document.iform.descr.disabled = endis;
+ document.iform.ipaddr.disabled = endis;
+ document.iform.subnet.disabled = endis;
+ document.iform.bridge.disabled = endis;
+
+ if (document.iform.mode) {
+ document.iform.mode.disabled = endis;
+ document.iform.ssid.disabled = endis;
+ document.iform.channel.disabled = endis;
+ document.iform.stationname.disabled = endis;
+ document.iform.wep_enable.disabled = endis;
+ document.iform.key1.disabled = endis;
+ document.iform.key2.disabled = endis;
+ document.iform.key3.disabled = endis;
+ document.iform.key4.disabled = endis;
+ }
+}
+function bridge_change(enable_over) {
+ var endis;
+
+ if (document.iform.enable.checked || enable_over) {
+ endis = !((document.iform.bridge.selectedIndex == 0) || enable_over);
+ } else {
+ endis = true;
+ }
+
document.iform.ipaddr.disabled = endis;
document.iform.subnet.disabled = endis;
}
<tr>
<td width="22%" valign="top" class="vtable"> </td>
<td width="78%" class="vtable">
-<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
+<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false);bridge_change(false)">
<strong>Enable Optional <?=$index;?> interface</strong></td>
</tr>
<tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Bridge with</td>
<td width="78%" class="vtable">
- <select name="bridge" class="formfld" id="bridge" onChange="enable_change(false)">
+ <select name="bridge" class="formfld" id="bridge" onChange="bridge_change(false)">
<option <?php if (!$pconfig['bridge']) echo "selected";?> value="">none</option>
<?php $opts = array('lan' => "LAN", 'wan' => "WAN");
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
<td width="22%" valign="top"> </td>
<td width="78%">
<input name="index" type="hidden" value="<?=$index;?>">
- <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)">
+ <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true);bridge_change(true)">
</td>
</tr>
<tr>
<script language="JavaScript">
<!--
enable_change(false);
+bridge_change(false);
//-->
</script>
<?php else: ?>
</tr>
<tr>
<td valign="middle"> </td>
- <td class="vtable"> <input name="blockpriv" type="checkbox" id="blockpriv" value="yes" <?php if ($pconfig['blockpriv']) echo "checked"; ?>>
+ <td class="vtable">
+ <a name="rfc1918"></a><input name="blockpriv" type="checkbox" id="blockpriv" value="yes" <?php if ($pconfig['blockpriv']) echo "checked"; ?>>
<strong>Block private networks</strong><br>
- When set, this option blocks traffic from IP addresses that
- are reserved for private<br>
- networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as
- well as loopback addresses<br>
- (127/8). You should generally leave this option turned on,
- unless your WAN network<br>
- lies in such a private address space, too.</td>
+ When set, this option blocks traffic from IP addresses
+ that are reserved for private networks as per RFC 1918
+ (10/8, 172.16/12, 192.168/16) as well as loopback addresses
+ (127/8). You should generally leave this option turned on,
+ unless your WAN network lies in such a private address space,
+ too.</td>
</tr>
<tr>
<td width="100" valign="top"> </td>
<br>
Peter Allgeyer (<a href="mailto:allgeyer@web.de">allgeyer@web.de</a>)<br>
<em><font color="#666666">"reject" type filter rules; dial-on-demand; WAN connect/disconnect; auto-add proxy ARP </font></em><br>
- <em><font color="#666666">firewall log filtering; DynDNS server/port; OpenVPN improvements</font></em><br>
+ <em><font color="#666666">firewall log filtering; DynDNS server/port; Diag: ARP improvements</font></em><br>
<br>
Thierry Lechat (<a href="mailto:dev@lechat.org">dev@lechat.org</a>)<br>
<em><font color="#666666">SVG-based traffic grapher</font></em><br>
Audun Larsen (<a href="mailto:larsen@xqus.com">larsen@xqus.com</a>)<br>
<em><font color="#666666">CPU/memory usage display</font></em><br>
<br>
- Peter Curran (<a href="mailto:peter@closeconsultants.com">peter@closeconsultants.com</a>)<br>
- <em><font color="#666666">OpenVPN support</font></em><br>
- <br>
Pavel A. Grodek (<a href="mailto:pg@abletools.com">pg@abletools.com</a>)<br>
<em><font color="#666666">Traffic shaper packet loss rate/queue size</font></em><br>
<br>
Joe Suhre (<a href="mailto:jsuhre@nullconcepts.com">jsuhre@nullconcepts.com</a>)<br>
<em><font color="#666666">DNS forwarder domain overriding</font></em><br>
<br>
- Paul Taylor (<a href="mailto:paultaylor@winndixie.com">paultaylor@winndixie.com</a>)<br>
- <em><font color="#666666">ARP table, Traceroute and Filter state pages</font></em></p>
+ Paul Taylor (<a href="mailto:paultaylor@winn-dixie.com">paultaylor@winn-dixie.com</a>)<br>
+ <em><font color="#666666">ARP table, Traceroute and Filter state pages</font></em><br>
+ <br>
+ Jonathan De Graeve (<a href="mailto:Jonathan.De.Graeve@imelda.be">Jonathan.De.Graeve@imelda.be</a>)<br>
+ <em><font color="#666666">captive portal RADIUS accounting gigawords</font></em></p>
<hr size="1">
<p>m0n0wall is based upon/includes various free software packages,
listed below.<br>
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
$oc = $config['interfaces']['opt' . $i];
- if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge']) && (!$oc['ovpn'])) {
+ if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge'])) {
$iflist['opt' . $i] = $oc['descr'];
}
}
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
$oc = $config['interfaces']['opt' . $i];
- if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge']) && (!$oc['ovpn'])) {
+ if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge'])) {
$iflist['opt' . $i] = $oc['descr'];
}
}
<select name="interface" class="formfld">
<?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
- if (!isset($config['interfaces']['opt' . $i]['ovpn']))
$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
}
foreach ($interfaces as $iface => $ifacename): ?>
<?php $interfaces = array('lan' => 'LAN');
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
if (isset($config['interfaces']['opt' . $i]['enable']) &&
- !$config['interfaces']['opt' . $i]['bridge'] &&
- !$config['interfaces']['opt' . $i]['ovpn'])
+ !$config['interfaces']['opt' . $i]['bridge'])
$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
}
foreach ($interfaces as $iface => $ifacename): ?>
<?php $interfaces = array('lan' => 'LAN');
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
if (isset($config['interfaces']['opt' . $i]['enable']) &&
- !$config['interfaces']['opt' . $i]['bridge'] &&
- !$config['interfaces']['opt' . $i]['ovpn'])
+ !$config['interfaces']['opt' . $i]['bridge'])
$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
}
foreach ($interfaces as $iface => $ifacename): ?>
/* remove password tag contents */
$line = preg_replace("/<password>.*?<\\/password>/", "<password>xxxxx</password>", $line);
$line = preg_replace("/<pre-shared-key>.*?<\\/pre-shared-key>/", "<pre-shared-key>xxxxx</pre-shared-key>", $line);
- $line = preg_replace("/<srv_key>.*?<\\/srv_key>/", "<srv_key>xxxxx</srv_key>", $line);
- $line = preg_replace("/<cli_key>.*?<\\/cli_key>/", "<cli_key>xxxxx</cli_key>", $line);
$line = str_replace("\t", " ", $line);
echo htmlspecialchars($line,ENT_NOQUOTES);
}
+++ /dev/null
-#!/usr/local/bin/php
-<?php
-/*
- status_ovpn.php
- part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2005 Peter Allgeyer <allgeyer@web.de>.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-$pgtitle = array("Status", "OpenVPN");
-require("guiconfig.inc");
-
-$client_list = array();
-$virtip_list = array();
-
-function dump_log($type) {
- global $g, $config;
-
- unset($client_list);
- $client_list = array();
-
- unset($virtip_list);
- $virtip_list = array();
-
- $max = ($type == 'tun') ? 17 : 4;
- for ($i = 0; $i < $max; $i++) {
- if (file_exists("/var/log/openvpn_{$type}{$i}.log")) {
-
- unset($string);
- unset($logarr);
-
- exec("/bin/cat /var/log/openvpn_{$type}{$i}.log", $logarr);
-
- foreach ($logarr as $logent) {
- $logent = preg_split("/,/", $logent, 5);
- $string = preg_split("/:/", $logent[1]);
-
- /* search for ip address in second column */
- if (isset($string[0]) && is_ipaddr($string[0]))
- array_push($client_list, $logent);
-
- /* search for ip address in first column */
- else if (is_ipaddr($logent[0]))
- array_push($virtip_list, $logent);
- }
- }
- }
-
- if (count($client_list > 1)) {
- foreach ($client_list as $cent) {
- echo "<tr>\n";
- echo "<td class=\"listlr\" nowrap>" . htmlspecialchars($cent[0]) . "</td>\n";
- echo "<td class=\"listr\">" . htmlspecialchars($cent[1]) . "</td>\n";
-
- unset($found);
- if (isset($virtip_list)) {
- foreach ($virtip_list as $vent) {
- if ($cent[1] == $vent[2]) {
- $found = 1;
- echo "<td class=\"listr\">" . htmlspecialchars($vent[0]) . " </td>\n";
- }
- }
- }
- if (!isset($found))
- echo "<td class=\"listr\" align=\"center\">--</td>\n";
-
- $date = preg_split("/\s+/", $cent[4]);
- echo "<td class=\"listr\">" . htmlspecialchars($date[1]) . " " . htmlspecialchars($date[2]) . " " . htmlspecialchars($date[3]) . "</td>\n";
- echo "<td class=\"listr\">" . htmlspecialchars($cent[2]) . "</td>\n";
- echo "<td class=\"listr\">" . htmlspecialchars($cent[3]) . "</td>\n";
- echo "</tr>\n";
- }
- }
-}
-
-?>
-<?php include("fbegin.inc"); ?>
-<table width="100%" border="0" cellpadding="0" cellspacing="0"><tr>
- <td colspan="6" class="listtopic">
- OpenVPN status entries</td>
- </tr>
- <tr>
- <td class="listhdrr">Common Name</td>
- <td class="listhdrr">Real Address</td>
- <td class="listhdrr">Virtual Address</td>
- <td class="listhdrr">Connected Since</td>
- <td class="listhdrr">Bytes Received</td>
- <td class="listhdr">Bytes Sent</td>
- </tr>
- <?php dump_log(tun); ?>
- <?php dump_log(tap); ?>
-</table>
-<br>
-<strong class="red">Note:<br>
-</strong>Please note that status entries are updated once every minute only.
-So don't bother about entries on this page being possibly too old!
-<?php include("fend.inc"); ?>
<td width="78%" class="vtable"><select name="interface" class="formfld">
<?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
- if (!$config['interfaces']['opt' . $i]['ovpn'])
$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
}
foreach ($interfaces as $iface => $ifacename): ?>
+++ /dev/null
-#!/usr/local/bin/php
-<?php
-/*
- vpn_openvpn_cli.php
-
- Copyright (C) 2004 Peter Curran (peter@closeconsultants.com).
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-$pgtitle = array("VPN", "OpenVPN");
-require("guiconfig.inc");
-require_once("openvpn.inc");
-
-if (!is_array($config['ovpn']))
- $config['ovpn'] = array();
-if (!is_array($config['ovpn']['client'])){
- $config['ovpn']['client'] = array();
- $config['ovpn']['client']['tunnel'] = array();
-}
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
-$ovpncli =& $config['ovpn']['client']['tunnel'];
-
-if ($_POST['apply']) {
- $retval = 0;
- if (file_exists($d_sysrebootreqd_path)) {
- /* Rewrite interface definitions */
- $retval = ovpn_client_iface();
- }
- else{
- ovpn_lock();
- $retval = ovpn_config_client();
- ovpn_unlock();
- }
- if (file_exists($d_ovpnclidirty_path))
- unlink($d_ovpnclidirty_path);
- $savemsg = get_std_save_message($retval);
-}
-
-if ($_GET['act'] == "del") {
- if ($ovpncli[$id]) {
- $ovpnent = $ovpncli[$id];
- unset($ovpncli[$id]);
-
- /* Kill running processes */
- /* Remove old certs & keys */
- ovpn_client_kill($ovpnent['if']);
-
- /* Remove interface from list of optional interfaces */
- ovpn_client_iface_del($ovpnent['if']);
-
- write_config();
- touch($d_sysrebootreqd_path);
- header("Location: vpn_openvpn_cli.php");
- exit;
- }
-}
-?>
-<?php include("fbegin.inc"); ?>
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if (file_exists($d_sysrebootreqd_path) && !file_exists($d_ovpnclidirty_path)) print_info_box(get_std_save_message(0)); ?>
-<form action="vpn_openvpn_cli.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<?php if (file_exists($d_ovpnclidirty_path)): ?><p>
-<?php print_info_box_np("The OpenVPN client configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
-<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
-<?php endif; ?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
- <ul id="tabnav">
- <li class="tabinact1"><a href="vpn_openvpn_srv.php">Server</a></li>
- <li class="tabact">Client</li>
- </ul>
- </td></tr>
- <tr>
- <td class="tabcont">
- <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration.
- Backup your configuration before using OpenVPN, and restore it before upgrading.<br>
- <br>
- </span></strong>
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="10%" class="listhdrr">Interface</td>
- <td width="5%" class="listhdrr">Protocol</td>
- <td width="15%" class="listhdrr">Socket</td>
- <td width="15%" class="listhdrr">Server address</td>
- <td width="5%" class="listhdrr" align="center">Version</td>
- <td width="40%" class="listhdr">Description</td>
- <td width="10%" class="list"></td>
- </tr>
-
- <?php $i = 0; foreach ($ovpncli as $client):
- if (!isset($client['enable'])) {
- $spans = "<span class=\"gray\">";
- $spane = "</span>";
- } else {
- $spans = $spane = "";
- }
- ?>
-
- <tr>
- <td class="listlr"><?=$spans;?>
- <?= $config['interfaces'][ovpn_get_opt_interface($client['if'])]['descr'] . " (" . $client['if'] . ")";?>
- <?=$spane;?></td>
- <td class="listr"><?=$spans;?>
- <?= strtoupper($client['proto']);?>
- <?=$spane;?></td>
- <td class="listr"><?=$spans;?>
- <?= "0.0.0.0:" . $client['port'];?>
- <?=$spane;?></td>
- <td class="listr"><?=$spans;?>
- <?= $client['saddr'].":".$client['sport'];?>
- <?=$spane;?></td>
- <td align="middle" class="listr"><?=$spans;?>
- <?= $client['ver'];?>
- <?=$spane;?></td>
- <td class="listbg"><?=$spans;?>
- <?= htmlspecialchars($client['descr']);?>
- <?=$spane;?></td>
- <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_cli_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit client configuration" width="17" height="17" border="0"></a>
- <a href="vpn_openvpn_cli.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client configuration?')"><img src="x.gif" title="delete client configuration" width="17" height="17" border="0"></a></td>
- </tr>
- <?php $i++; endforeach; ?>
- <tr>
- <td class="list" colspan="6"> </td>
- <td class="list"> <a href="vpn_openvpn_cli_edit.php"><img src="plus.gif" title="add client configuration" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</form>
-<?php include("fend.inc"); ?>
+++ /dev/null
-#!/usr/local/bin/php
-<?php
-/*
- vpn_openvpn_cli_edit.php
-
- Copyright (C) 2004 Peter Curran (peter@closeconsultants.com).
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-$pgtitle = array("VPN", "OpenVPN", "Edit client");
-require("guiconfig.inc");
-require_once("openvpn.inc");
-
-if (!is_array($config['ovpn']))
- $config['ovpn'] = array();
-if (!is_array($config['ovpn']['client'])){
- $config['ovpn']['client'] = array();
- $config['ovpn']['client']['tunnel'] = array();
-}
-
-
-$ovpncli =& $config['ovpn']['client']['tunnel'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
-if (isset($id) && $ovpncli[$id]) {
- $pconfig = $config['ovpn']['client']['tunnel'][$id];
- if (isset($ovpncli[$id]['pull']))
- $pconfig['pull'] = true;
-}
-else {
- /* creating - set defaults */
- $pconfig = array();
- $pconfig['type'] = 'tun';
- $pconfig['proto'] = 'udp';
- $pconfig['sport'] = '1194';
- $pconfig['ver'] = '2';
- $pconfig['crypto'] = 'BF-CBC';
- $pconfig['pull'] = true;
- $pconfig['enable'] = true;
-}
-
-if (isset($_POST['pull'])) {
-
- /* Called from form */
- unset($input_errors);
-
- /* input validation */
- $reqdfields = explode(" ", "type saddr sport");
- $reqdfieldsn = explode(",", "Tunnel type,Address,Port");
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- /* valid Port */
- if (($_POST['sport'] && !is_port($_POST['sport'])))
- $input_errors[] = "The server's port must be an integer between 1 and 65535 (default 1194).";
-
- /* valid FQDN or IP address */
- if (($_POST['saddr'] && !is_ipaddr($_POST['saddr']) && !is_domain($_POST['saddr'])))
- $input_errors[] = "The server name contains invalid characters.";
-
- if (is_null($_POST['ca_cert']))
- $input_errors[] = "You must provide a CA certificate file";
- elseif (!strstr($_POST['ca_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['ca_cert'], "END CERTIFICATE"))
- $input_errors[] = "The CA certificate does not appear to be valid.";
-
- if (is_null($_POST['cli_cert']))
- $input_errors[] = "You must provide a client certificate file";
- elseif (!strstr($_POST['cli_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cli_cert'], "END CERTIFICATE"))
- $input_errors[] = "The client certificate does not appear to be valid.";
-
- if (is_null($_POST['cli_key']))
- $input_errors[] = "You must provide a client key file";
- elseif (!strstr($_POST['cli_key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['cli_key'], "END RSA PRIVATE KEY"))
- $input_errors[] = "The client key does not appear to be valid.";
-
- if (isset($_POST['tlsauth']) && empty($_POST['pre-shared-key']))
- $input_errors[] = "You must provide a pre-shared secret file";
- if (!empty($_POST['pre-shared-key']))
- if (!strstr($_POST['pre-shared-key'], "BEGIN OpenVPN Static key") || !strstr($_POST['pre-shared-key'], "END OpenVPN Static key"))
- $input_errors[] = "Pre-shared secret does not appear to be valid.";
-
- if (isset($id)) {
- /* Editing an existing entry */
- $ovpnent = $ovpncli[$id];
-
- if ( $ovpncli[$id]['sport'] != $_POST['sport'] ||
- $ovpncli[$id]['proto'] != $_POST['proto'] ) {
-
- /* some entries changed */
- for ($i = 0; isset($config['ovpn']['client']['tunnel'][$i]); $i++) {
- $current = &$config['ovpn']['client']['tunnel'][$i];
-
- if ($current['sport'] == $_POST['sport'])
- if ($current['proto'] == $_POST['proto'])
- $input_errors[] = "You already have this combination for port and protocol settings. You can't use it twice";
- }
- }
-
- /* Test Server type hasn't changed */
- if ($ovpnent['type'] != $_POST['type']) {
- $input_errors[] = "Delete this interface first before changing the type of the tunnel to " . strtoupper($_POST['type']) .".";
- /* Temporarily disabled */
- /*
- * $nxt_if = getnxt_client_if($_POST['type']);
- * if (!$nxt_if)
- * $input_errors[] = "Run out of devices for a tunnel of type {$_POST['type']}";
- * else
- * $ovpnent['if'] = $nxt_if;
- */
-
- /* Need to reboot in order to create interfaces cleanly */
- /* touch($d_sysrebootreqd_path); */
- }
- /* Has the enable/disable state changed? */
- if (isset($ovpnent['enable']) && isset($_POST['disabled'])) {
- touch($d_ovpnclidirty_path);
- }
- if (!isset($ovpnent['enable']) && !isset($_POST['disabled'])) {
- touch($d_ovpnclidirty_path);
- }
- } else {
- /* Creating a new entry */
- $ovpnent = array();
- $nxt_if = getnxt_client_if($_POST['type']);
- if (!$nxt_if)
- $input_errors[] = "Run out of devices for a tunnel of type {$_POST['type']}";
- else
- $ovpnent['if'] = $nxt_if;
-
- $ovpnent['port'] = getnxt_client_port();
-
- /* I think we have to reboot to have the interface created cleanly */
- touch($d_sysrebootreqd_path);
- }
-
- if (!$input_errors) {
-
- $ovpnent['enable'] = isset($_POST['disabled']) ? false : true;
- $ovpnent['type'] = $_POST['type'];
- $ovpnent['proto'] = $_POST['proto'];
- $ovpnent['sport'] = $_POST['sport'];
- $ovpnent['ver'] = $_POST['ver'];
- $ovpnent['saddr'] = $_POST['saddr'];
- $ovpnent['descr'] = $_POST['descr'];
- $ovpnent['ca_cert'] = $pconfig['ca_cert'];
- $ovpnent['cli_cert'] = $pconfig['cli_cert'];
- $ovpnent['cli_key'] = $pconfig['cli_key'];
- $ovpnent['crypto'] = $_POST['crypto'];
- $ovpnent['pull'] = true; //This is a fixed config for this version
- $ovpnent['tlsauth'] = false;
-
- unset($ovpnent['pre-shared-key']);
- if ($_POST['tlsauth']) {
- $ovpnent['tlsauth'] = true;
- $ovpnent['pre-shared-key'] = base64_encode($_POST['pre-shared-key']);
- }
-
- $ovpnent['ca_cert'] = base64_encode($_POST['ca_cert']);
- $ovpnent['cli_cert'] = base64_encode($_POST['cli_cert']);
- $ovpnent['cli_key'] = base64_encode($_POST['cli_key']);
-
- if (isset($id) && $ovpncli[$id]){
- $ovpncli[$id] = $ovpnent;
- }
- else{
- $ovpncli[] = $ovpnent;
- }
-
- write_config();
- touch($d_ovpnclidirty_path);
-
- header("Location: vpn_openvpn_cli.php");
- exit;
- } else {
- $pconfig = $_POST;
-
- $pconfig['enable'] = "true";
- if (isset($_POST['disabled']))
- unset($pconfig['enable']);
-
- if ($_POST['tlsauth'])
- $pconfig['pre-shared-key'] = base64_encode($_POST['pre-shared-key']);
-
- $pconfig['ca_cert'] = base64_encode($_POST['ca_cert']);
- $pconfig['cli_cert'] = base64_encode($_POST['cli_cert']);
- $pconfig['cli_key'] = base64_encode($_POST['cli_key']);
- }
-}
-
-?>
-<?php include("fbegin.inc"); ?>
-<script language="JavaScript">
-function enable_change(enable_over) {
- var endis;
- endis = !(document.iform.tlsauth.checked || enable_over);
-
- document.iform.psk.disabled = endis;
-}
-
-//-->
-</script>
-
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-
-<form action="vpn_openvpn_cli_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td width="22%" valign="top" class="vncellreq">Disabled</td>
- <td width="78%" class="vtable">
- <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if (!isset($pconfig['enable'])) echo "checked"; ?>>
- <strong>Disable this client</strong><br>
- <span class="vexpl">Set this option to disable this client without removing it from the list.</span>
- </td>
- </tr>
-
- <tr>
- <td colspan="2" class="list" height="12"></td>
- </tr>
-
- <tr>
- <td colspan="2" valign="top" class="listtopic">Server information</td>
- </tr>
- <tr>
- <td valign="top" class="vncellreq">Tunnel type</td>
- <td class="vtable">
- <input name="type" type="radio" class="formfld" value="tun" <?php if ($pconfig['type'] == 'tun') echo "checked"; ?>> TUN
-<input name="type" type="radio" class="formfld" value="tap" <?php if ($pconfig['type'] == 'tap') echo "checked"; ?>> TAP</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">Tunnel protocol</td>
- <td width="78%" class="vtable">
-<input name="proto" type="radio" class="formfld" value="udp" <?php if ($pconfig['proto'] == 'udp') echo "checked"; ?>> UDP
-<input name="proto" type="radio" class="formfld" value="tcp" <?php if ($pconfig['proto'] == 'tcp') echo "checked"; ?>> TCP<br>
- <span class="vexpl">Important: These settings must match the server's configuration.</span></td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">Port</td>
- <td width="78%" class="vtable">
- <input name="sport" type="text" class="formfld" size="5" maxlength="5" value="<?=htmlspecialchars($pconfig['sport']);?>"><br>
- Enter the server's port number (default is 1194).</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">Address</td>
- <td width="78%" class="vtable">
- <input name="saddr" type="text" class="formfld" size="20" maxlength="255" value="<?=htmlspecialchars($pconfig['saddr']);?>">
- <br>
- Enter the server's IP address or FQDN.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">Version</td>
- <td width="78%" class="vtable">
- <input name="ver" type="radio" class="formfld" value="2" <?php if ($pconfig['ver'] == '2') echo "checked"; ?>> 2.0
- <input name="ver" type="radio" class="formfld" value="1" <?php if ($pconfig['ver'] == '1') echo "checked"; ?>> 1.x
- <br>
- Specify which version of the OpenVPN protocol the server runs.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">Description</td>
- <td width="78%" class="vtable">
- <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
- <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td>
- </tr>
-
- <tr>
- <td colspan="2" class="list" height="12"></td>
- </tr>
-
- <tr>
- <td colspan="2" valign="top" class="listtopic">Client configuration</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">Interface</td>
- <td width="78%" class="vtable">
- <strong>Auto</strong>
- </td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">Port</td>
- <td width="78%" class="vtable">
- <strong>Auto</strong>
- </td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">CA certificate</td>
- <td width="78%" class="vtable">
- <textarea name="ca_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['ca_cert']));?></textarea>
- <br>
- Paste a CA certificate in X.509 PEM format here.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">Client certificate</td>
- <td width="78%" class="vtable">
- <textarea name="cli_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['cli_cert']));?></textarea>
- <br>
- Paste a client certificate in X.509 PEM format here.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">Client key</td>
- <td width="78%" class="vtable">
- <textarea name="cli_key" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['cli_key']));?></textarea>
- <br>Paste the client RSA private key here.</td>
- </tr>
-
-
- <tr>
- <td width="22%" valign="top" class="vncell">Crypto</td>
- <td width="78%" class="vtable">
- <select name="crypto" class="formfld">
- <?php $cipher_list = ovpn_get_cipher_list();
- foreach($cipher_list as $key => $value){
- ?>
- <option value="<?= $key ?>" <?php if ($pconfig['crypto'] == $key) echo "selected"; ?>>
- <?= $value ?>
- </option>
- <?php
- }
- ?>
- </select>
- <br>
- Select the data channel encryption cipher. This must match the setting on the server.
- </td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">TLS auth</td>
- <td width="78%" class="vtable">
- <input name="tlsauth" type="checkbox" value="yes" <?php if (isset($pconfig['tlsauth'])) echo "checked";?> onClick="enable_change(false)">
- <strong>TLS auth</strong><br>
- The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">Pre-shared secret</td>
- <td width="78%" class="vtable">
- <textarea name="pre-shared-key" id="psk" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['pre-shared-key']));?></textarea>
- <br>
- Paste your own pre-shared secret here.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">Options</td>
- <td width="78%" class="vtable">
- <input type="checkbox" name="pull" value="yes" <?php if ($pconfig['pull']) echo "checked"; ?>>
- Client-pull</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
- <?php if (isset($id)): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
- <?php endif; ?>
- </td>
- </tr>
- </table>
-</form>
-<script language="JavaScript">
-<!--
-enable_change(false);
-//-->
-</script>
-<?php include("fend.inc"); ?>
+++ /dev/null
-#!/usr/local/bin/php
-<?php
-/*
- vpn_openvpn_srv.php
-
- Copyright (C) 2004 Peter Curran (peter@closeconsultants.com).
- Copyright (C) 2005 Peter Allgeyer (allgeyer@web.de).
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-$pgtitle = array("VPN", "OpenVPN");
-require("guiconfig.inc");
-require_once("openvpn.inc");
-
-if (!is_array($config['ovpn']))
- $config['ovpn'] = array();
-if (!is_array($config['ovpn']['server'])){
- $config['ovpn']['server'] = array();
- $config['ovpn']['server']['tunnel'] = array();
-}
-
-$ovpnsrv = &$config['ovpn']['server']['tunnel'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
-
-if ($_POST['apply']) {
- $retval = 0;
- if (file_exists($d_sysrebootreqd_path)) {
- /* Rewrite interface definitions */
- $retval = ovpn_server_iface();
- }
- else{
- ovpn_lock();
- $retval = ovpn_server_iface();
- $retval = ovpn_config_server(false);
- ovpn_unlock();
- }
- if (file_exists($d_ovpnsrvdirty_path))
- unlink($d_ovpnsrvdirty_path);
- $savemsg = get_std_save_message($retval);
-}
-
-if ($_GET['act'] == "del") {
- if ($ovpnsrv[$id]) {
- $ovpnent = $ovpnsrv[$id];
- unset($ovpnsrv[$id]);
-
- /* Kill running processes */
- /* Remove old certs & keys */
- ovpn_server_kill($ovpnent['tun_iface']);
-
- /* Remove interface from list of optional interfaces */
- ovpn_server_iface_del($ovpnent['tun_iface']);
-
- write_config();
- touch($d_sysrebootreqd_path);
- header("Location: vpn_openvpn_srv.php");
- exit;
- }
-}
-?>
-<?php include("fbegin.inc"); ?>
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if (file_exists($d_sysrebootreqd_path) && !file_exists($d_ovpnsrvdirty_path)) print_info_box(get_std_save_message(0)); ?>
-<form action="vpn_openvpn_srv.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<?php if (file_exists($d_ovpnsrvdirty_path)): ?><p>
-<?php print_info_box_np("The OpenVPN server configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
-<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
-<?php endif; ?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
- <ul id="tabnav">
- <li class="tabact">Server</li>
- <li class="tabinact"><a href="vpn_openvpn_cli.php">Client</a></li>
- </ul>
- </td></tr>
- <tr>
- <td class="tabcont">
- <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration.
- Backup your configuration before using OpenVPN, and restore it before upgrading.<br>
- <br>
- </span></strong>
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="5%" class="listhdrr">Interface</td>
- <td width="5%" class="listhdrr">Protocol</td>
- <td width="5%" class="listhdrr">Socket</td>
- <td width="25%" class="listhdrr">IP Block</td>
- <td width="15%" class="listhdrr">Crypto</td>
- <td width="35%" class="listhdr">Description</td>
- <td width="10%" class="list"></td>
- </tr>
-
- <?php $i = 0; foreach ($ovpnsrv as $server):
- if (!isset($server['enable'])) {
- $spans = "<span class=\"gray\">";
- $spane = "</span>";
- } else {
- $spans = $spane = "";
- }
-
- if ($server['bind_iface'] == 'all')
- $ipaddr = "0.0.0.0";
- else
- $ipaddr = ovpn_get_ip($server['bind_iface']);
- ?>
-
- <tr>
- <td class="listlr"><?=$spans;?>
- <?= $config['interfaces'][ovpn_get_opt_interface($server['tun_iface'])]['descr'] . " (" . $server['tun_iface'] . ")";?>
- <?=$spane;?></td>
- <td class="listr"><?=$spans;?>
- <?= strtoupper($server['proto']);?>
- <?=$spane;?></td>
- <td class="listr"><?=$spans;?>
- <?= $ipaddr.":".$server['port'];?>
- <?=$spane;?></td>
- <td class="listr"><?=$spans;?>
- <?= $server['ipblock']."/".$server['prefix'];?>
- <?=$spane;?></td>
- <td class="listr"><?=$spans;?>
- <?= $server['crypto'];?>
- <?=$spane;?></td>
- <td class="listbg"><?=$spans;?>
- <?= htmlspecialchars($server['descr']);?>
- <?=$spane;?></td>
- <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_srv_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit server configuration" width="17" height="17" border="0"></a>
- <a href="vpn_openvpn_srv.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this server configuration?')"><img src="x.gif" title="delete server configuration" width="17" height="17" border="0"></a></td>
- </tr>
- <?php $i++; endforeach; ?>
- <tr>
- <td class="list" colspan="6"> </td>
- <td class="list"> <a href="vpn_openvpn_srv_edit.php"><img src="plus.gif" title="add server configuration" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</form>
-<?php include("fend.inc"); ?>
+++ /dev/null
-#!/usr/local/bin/php
-<?php
-/*
- vpn_openvpn_srv_edit.php
-
- Copyright (C) 2004 Peter Curran (peter@closeconsultants.com).
- Copyright (C) 2005 Peter Allgeyer (allgeyer@web.de).
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-$pgtitle = array("VPN", "OpenVPN", "Edit server");
-require("guiconfig.inc");
-require_once("openvpn.inc");
-
-if (!is_array($config['ovpn']))
- $config['ovpn'] = array();
-if (!is_array($config['ovpn']['server'])){
- $config['ovpn']['server'] = array();
- $config['ovpn']['server']['tunnel'] = array();
-}
-
-$ovpnsrv =& $config['ovpn']['server']['tunnel'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
-if (isset($id) && $ovpnsrv[$id]) {
- $pconfig = $config['ovpn']['server']['tunnel'][$id];
- if (isset($ovpnsrv[$id]['enable']))
- $pconfig['enable'] = true;
-} else {
- /* creating - set defaults */
- $pconfig = array();
- $pconfig['type'] = "tun";
- $pconfig['psh_options'] = array();
- /* Initialise with some sensible defaults */
- if ($config['ovpn']['server']['tunnel'])
- $pconfig['port'] = getnxt_server_port();
- else
- $port = 1194;
- $pconfig['proto'] = 'udp';
- $pconfig['maxcli'] = 25;
- $pconfig['crypto'] = 'BF-CBC';
- $pconfig['dupcn'] = true;
- $pconfig['verb'] = 1;
- $pconfig['enable'] = true;
-}
-
-
-if ($_POST) {
-
- unset($input_errors);
-
- /* input validation */
- $reqdfields = explode(" ", "type bind_iface ipblock");
- $reqdfieldsn = explode(",", "Tunnel type,Interface binding,IP address block start");
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- /* valid IP */
- if (($_POST['ipblock'] && !is_ipaddr($_POST['ipblock'])))
- $input_errors[] = "A valid IP address must be specified.";
-
- /* valid Port */
- if (($_POST['port'] && !is_port($_POST['port'])))
- $input_errors[] = "The server port must be an integer between 1 and 65535.";
-
- /* check if dynip is set correctly */
- if ($_POST['dynip'] && $_POST['bind_iface'] != 'all')
- $input_errors[] = "Dynamic IP address can only be set with interface binding set to ALL.";
-
- /* Sort out the cert+key files */
- if (empty($_POST['ca_cert']))
- $input_errors[] = "You must provide a CA certificate file";
- elseif (!strstr($_POST['ca_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['ca_cert'], "END CERTIFICATE"))
- $input_errors[] = "The CA certificate does not appear to be valid.";
-
- if (empty($_POST['srv_cert']))
- $input_errors[] = "You must provide a server certificate file";
- elseif (!strstr($_POST['srv_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['srv_cert'], "END CERTIFICATE"))
- $input_errors[] = "The server certificate does not appear to be valid.";
-
- if (empty($_POST['srv_key']))
- $input_errors[] = "You must provide a server key file";
- elseif (!strstr($_POST['srv_key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['srv_key'], "END RSA PRIVATE KEY"))
- $input_errors[] = "The server key does not appear to be valid.";
-
- if (empty($_POST['dh_param']))
- $input_errors[] = "You must provide a DH parameters file";
- elseif (!strstr($_POST['dh_param'], "BEGIN DH PARAMETERS") || !strstr($_POST['dh_param'], "END DH PARAMETERS"))
- $input_errors[] = "The DH parameters do not appear to be valid.";
-
- if (isset($_POST['tlsauth']) && empty($_POST['pre-shared-key']))
- $input_errors[] = "You must provide a pre-shared secret file";
- if (!empty($_POST['pre-shared-key']))
- if (!strstr($_POST['pre-shared-key'], "BEGIN OpenVPN Static key") || !strstr($_POST['pre-shared-key'], "END OpenVPN Static key"))
- $input_errors[] = "Pre-shared secret does not appear to be valid.";
-
- if ($_POST['psh_pingrst'] && $_POST['psh_pingexit'])
- $input_errors[] = "Ping-restart and Ping-exit are mutually exclusive and cannot be used together";
-
- if ($_POST['psh_rtedelay'] && !is_numeric($_POST['psh_rtedelay_int']))
- $input_errors[] = "Route-delay needs a numerical interval setting.";
-
- if ($_POST['psh_inact'] && !is_numeric($_POST['psh_inact_int']))
- $input_errors[] = "Inactive needs a numerical interval setting.";
-
- if ($_POST['psh_ping'] && !is_numeric($_POST['psh_ping_int']))
- $input_errors[] = "Ping needs a numerical interval setting.";
-
- if ($_POST['psh_pingexit'] && !is_numeric($_POST['psh_pingexit_int']))
- $input_errors[] = "Ping-exit needs a numerical interval setting.";
-
- if ($_POST['psh_pingrst'] && !is_numeric($_POST['psh_pingrst_int']))
- $input_errors[] = "Ping-restart needs a numerical interval setting.";
-
-
- /* need a test here to make sure prefix and max_clients are coherent */
-
- /* need a test here to make sure protocol:ip:port isn't used twice */
-
- /* Editing an existing entry? */
- if (isset($id) && $ovpnsrv[$id]) {
- $ovpnent = $ovpnsrv[$id];
-
- if ( $ovpnent['bind_iface'] != $_POST['bind_iface'] ||
- $ovpnent['port'] != $_POST['port'] ||
- $ovpnent['proto'] != $_POST['proto'] ) {
-
- /* some entries changed */
- for ($i = 0; isset($config['ovpn']['server']['tunnel'][$i]); $i++) {
- $current = &$config['ovpn']['server']['tunnel'][$i];
-
- if ($current['bind_iface'] == $_POST['bind_iface'] || $current['bind_iface'] == 'all')
- if ($current['port'] == $_POST['port'])
- if ($current['proto'] == $_POST['proto'])
- $input_errors[] = "You already have this combination for Interface binding, port and protocol settings. You can't use it twice";
- }
- }
-
- /* Test Server type hasn't changed */
- if ($ovpnent['type'] != $_POST['type']) {
- $input_errors[] = "Delete this interface first before changing the type of the tunnel to " . strtoupper($_POST['type']) .".";
-
- /* Temporarily disabled */
- /*
- * $nxt_if = getnxt_server_if($_POST['type']);
- * if (!$nxt_if)
- * $input_errors[] = "Run out of devices for a tunnel of type {$_POST['type']}";
- * else
- * $ovpnent['tun_iface'] = $nxt_if;
- */
- /* Need to reboot in order to create interfaces cleanly */
- /* touch($d_sysrebootreqd_path); */
- }
- /* Has the enable/disable state changed? */
- if (isset($ovpnent['enable']) && isset($_POST['disabled'])) {
- /* status changed to disabled */
- touch($d_ovpnsrvdirty_path);
- }
- if (!isset($ovpnent['enable']) && !isset($_POST['disabled'])) {
- /* status changed to enable */
- /* touch($d_sysrebootreqd_path); */
- touch($d_ovpnsrvdirty_path);
- }
- } else {
- /* Creating a new entry */
- $ovpnent = array();
- $nxt_if = getnxt_server_if($_POST['type']);
- if (!$nxt_if)
- $input_errors[] = "Run out of devices for a tunnel of type {$_POST['type']}";
- else
- $ovpnent['tun_iface'] = $nxt_if;
- $ovpnent['port'] = getnxt_server_port();
- /* I think we have to reboot to have the interface created cleanly */
- touch($d_sysrebootreqd_path);
- }
-
- if (!$input_errors) {
-
- $ovpnent['enable'] = isset($_POST['disabled']) ? false : true;
- $ovpnent['bind_iface'] = $_POST['bind_iface'];
- $ovpnent['port'] = $_POST['port'];
- $ovpnent['proto'] = $_POST['proto'];
- $ovpnent['type'] = $_POST['type'];
-
- /* convert IP address block to a correct network IP address */
- $ipblock = gen_subnet($_POST['ipblock'], $_POST['prefix']);
- $ovpnent['ipblock'] = $ipblock;
-
- $ovpnent['prefix'] = $_POST['prefix'];
- $ovpnent['descr'] = $_POST['descr'];
- $ovpnent['verb'] = $_POST['verb'];
- $ovpnent['maxcli'] = $_POST['maxcli'];
- $ovpnent['crypto'] = $_POST['crypto'];
- $ovpnent['cli2cli'] = $_POST['cli2cli'] ? true : false;
- $ovpnent['dupcn'] = $_POST['dupcn'] ? true : false;
- $ovpnent['dynip'] = $_POST['dynip'] ? true : false;
- $ovpnent['tlsauth'] = false;
-
- unset($ovpnent['pre-shared-key']);
- if ($_POST['tlsauth']) {
- $ovpnent['tlsauth'] = true;
- $ovpnent['pre-shared-key'] = base64_encode($_POST['pre-shared-key']);
- }
-
- $ovpnent['psh_options']['redir'] = $_POST['psh_redir'] ? true : false;
- $ovpnent['psh_options']['redir_loc'] = $_POST['psh_redir_loc'] ? true : false;
- $ovpnent['psh_options']['rtedelay'] = $_POST['psh_rtedelay'] ? true : false;
- $ovpnent['psh_options']['inact'] = $_POST['psh_inact'] ? true : false;
- $ovpnent['psh_options']['ping'] = $_POST['psh_ping'] ? true : false;
- $ovpnent['psh_options']['pingrst'] = $_POST['psh_pingrst'] ? true : false;
- $ovpnent['psh_options']['pingexit'] = $_POST['psh_pingexit'] ? true : false;
-
- unset($ovpnent['psh_options']['rtedelay_int']);
- unset($ovpnent['psh_options']['inact_int']);
- unset($ovpnent['psh_options']['ping_int']);
- unset($ovpnent['psh_options']['pingrst_int']);
- unset($ovpnent['psh_options']['pingexit_int']);
-
- if ($_POST['psh_rtedelay_int'])
- $ovpnent['psh_options']['rtedelay_int'] = $_POST['psh_rtedelay_int'];
- if ($_POST['psh_inact_int'])
- $ovpnent['psh_options']['inact_int'] = $_POST['psh_inact_int'];
- if ($_POST['psh_ping_int'])
- $ovpnent['psh_options']['ping_int'] = $_POST['psh_ping_int'];
- if ($_POST['psh_pingrst_int'])
- $ovpnent['psh_options']['pingrst_int'] = $_POST['psh_pingrst_int'];
- if ($_POST['psh_pingexit_int'])
- $ovpnent['psh_options']['pingexit_int'] = $_POST['psh_pingexit_int'];
-
- $ovpnent['ca_cert'] = base64_encode($_POST['ca_cert']);
- $ovpnent['srv_cert'] = base64_encode($_POST['srv_cert']);
- $ovpnent['srv_key'] = base64_encode($_POST['srv_key']);
- $ovpnent['dh_param'] = base64_encode($_POST['dh_param']);
-
- if (isset($id) && $ovpnsrv[$id])
- $ovpnsrv[$id] = $ovpnent;
- else
- $ovpnsrv[] = $ovpnent;
-
- write_config();
- touch($d_ovpnsrvdirty_path);
-
- header("Location: vpn_openvpn_srv.php");
- exit;
- } else {
-
- $pconfig = $_POST;
-
- $pconfig['enable'] = "true";
- if (isset($_POST['disabled']))
- unset($pconfig['enable']);
-
- if ($_POST['tlsauth'])
- $pconfig['pre-shared-key'] = base64_encode($_POST['pre-shared-key']);
-
- $pconfig['ca_cert'] = base64_encode($_POST['ca_cert']);
- $pconfig['srv_cert'] = base64_encode($_POST['srv_cert']);
- $pconfig['srv_key'] = base64_encode($_POST['srv_key']);
- $pconfig['dh_param'] = base64_encode($_POST['dh_param']);
-
- $pconfig['psh_options']['redir'] = $_POST['psh_redir'];
- $pconfig['psh_options']['redir_loc'] = $_POST['psh_redir_loc'];
- $pconfig['psh_options']['rtedelay'] = $_POST['psh_rtedelay'];
- $pconfig['psh_options']['inact'] = $_POST['psh_inact'];
- $pconfig['psh_options']['ping'] = $_POST['psh_ping'];
- $pconfig['psh_options']['pingrst'] = $_POST['psh_pingrst'];
- $pconfig['psh_options']['pingexit'] = $_POST['psh_pingexit'];
-
- $pconfig['psh_options']['rtedelay_int'] = $_POST['psh_rtedelay_int'];
- $pconfig['psh_options']['inact_int'] = $_POST['psh_inact_int'];
- $pconfig['psh_options']['ping_int'] = $_POST['psh_ping_int'];
- $pconfig['psh_options']['pingrst_int'] = $_POST['psh_pingrst_int'];
- $pconfig['psh_options']['pingexit_int'] = $_POST['psh_pingexit_int'];
- }
-}
-
-
-?>
-<?php include("fbegin.inc"); ?>
-<script language="JavaScript">
-function type_change() {
- switch (document.iform.bind_iface.selectedIndex) {
- /* ALL */
- case 0:
- document.iform.dynip.disabled = 0;
- break;
- default:
- document.iform.dynip.disabled = 1;
- }
-}
-function enable_change(enable_over) {
- var endis;
- endis = !(document.iform.tlsauth.checked || enable_over);
-
- document.iform.psk.disabled = endis;
-}
-
-//-->
-</script>
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if (file_exists($d_sysrebootreqd_path)) print_info_box(get_std_save_message(0)); ?>
-
-<form action="vpn_openvpn_srv_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration.
- Backup your configuration before using OpenVPN, and restore it before upgrading.<br> <br>
-</span></strong>
-<table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td width="22%" valign="top" class="vncellreq">Disabled</td>
- <td width="78%" class="vtable">
- <input name="disabled" type="checkbox" value="yes" <?php if (!isset($pconfig['enable'])) echo "checked"; ?>>
- <strong>Disable this server</strong><br>
- <span class="vexpl">Set this option to disable this server without removing it from the list.</span>
- </td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">Tunnel type</td>
- <td width="78%" class="vtable">
- <input type="radio" name="type" class="formfld" value="tun" <?php if ($pconfig['type'] == 'tun') echo "checked"; ?>>
- TUN
- <input type="radio" name="type" class="formfld" value="tap" <?php if ($pconfig['type'] == 'tap') echo "checked"; ?>>
- TAP
- </td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">OpenVPN protocol/port</td>
- <td width="78%" class="vtable">
- <input type="radio" name="proto" class="formfld" value="udp" <?php if ($pconfig['proto'] == 'udp') echo "checked"; ?>>
- UDP
- <input type="radio" name="proto" class="formfld" value="tcp" <?php if ($pconfig['proto'] == 'tcp') echo "checked"; ?>>
- TCP<br><br>
- Port:
- <input name="port" type="text" class="formfld" size="5" maxlength="5" value="<?= $pconfig['port']; ?>"><br>
- Enter the port number to use for the server (default is 1194).</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">Interface binding</td>
- <td width="78%" class="vtable">
- <select name="bind_iface" class="formfld" onchange="type_change()">
- <?php
- $interfaces = ovpn_real_interface_list();
- foreach ($interfaces as $key => $iface):
- ?>
- <option value="<?=$key;?>" <?php if ($key == $pconfig['bind_iface']) echo "selected"; ?>> <?= $iface;?>
- </option>
- <?php endforeach;?>
- </select>
- <span class="vexpl"><br>
- Choose an interface for the OpenVPN server to listen on.</span></td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">Dynamic IP address</td>
- <td width="78%" class="vtable">
- <input name="dynip" type="checkbox" value="yes" <?php if (isset($pconfig['dynip'])) echo "checked"; ?>>
- <strong>Dynamic IP address</strong><br>
- Set this option to on, if your IP addresses are being assigned dynamically. Can only be used with interface binding set to ALL.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">VPN client address pool</td>
- <td width="78%" class="vtable">
- <input name="ipblock" type="text" class="formfld" size="20" value="<?=htmlspecialchars($pconfig['ipblock']);?>">
- /
- <select name="prefix" class="formfld">
- <?php for ($i = 29; $i > 19; $i--): ?>
- <option value="<?=$i;?>" <?php if ($i == $pconfig['prefix']) echo "selected"; ?>>
- <?=$i;?>
- </option>
- <?php endfor; ?>
- </select>
- <br>
- Enter the IP address block for the OpenVPN server and clients to use.<br>
- <br>
- Maximum number of simultaneous clients:
- <input name="maxcli" type="text" class="formfld" size="3" maxlength="3" value="<?=htmlspecialchars($pconfig['maxcli']);?>">
- </td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">Description</td>
- <td width="78%" class="vtable">
- <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
- <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">CA certificate</td>
- <td width="78%" class="vtable">
- <textarea name="ca_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['ca_cert']));?></textarea>
- <br>
- Paste a CA certificate in X.509 PEM format here.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">Server certificate</td>
- <td width="78%" class="vtable">
- <textarea name="srv_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['srv_cert']));?></textarea>
- <br>
- Paste a server certificate in X.509 PEM format here.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">Server key</td>
- <td width="78%" class="vtable">
- <textarea name="srv_key" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['srv_key']));?></textarea>
- <br>Paste the server RSA private key here.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncellreq">DH parameters</td>
- <td width="78%" class="vtable">
- <textarea name="dh_param" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['dh_param']));?></textarea>
- <br>
- Paste the Diffie-Hellman parameters in PEM format here.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">Crypto</td>
- <td width="78%" class="vtable">
- <select name="crypto" class="formfld">
- <?php $cipher_list = ovpn_get_cipher_list();
- foreach($cipher_list as $key => $value){
- ?>
- <option value="<?= $key ?>" <?php if ($pconfig['crypto'] == $key) echo "selected"; ?>>
- <?= $value ?>
- </option>
- <?php
- }
- ?>
- </select>
- <br>
- Select a data channel encryption cipher.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">TLS auth</td>
- <td width="78%" class="vtable">
- <input name="tlsauth" type="checkbox" value="yes" <?php if (isset($pconfig['tlsauth'])) echo "checked";?> onClick="enable_change(false)">
- <strong>TLS auth</strong><br>
- The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">Pre-shared secret</td>
- <td width="78%" class="vtable">
- <textarea name="pre-shared-key" id="psk" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['pre-shared-key']));?></textarea>
- <br>
- Paste your own pre-shared secret here.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">Internal routing mode</td>
- <td width="78%" class="vtable">
- <input name="cli2cli" type="checkbox" value="yes" <?php if (isset($pconfig['cli2cli'])) echo "checked"; ?>>
- <strong>Enable client-to-client routing</strong><br>
- If this option is on, clients are allowed to talk to each other.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">Client authentication</td>
- <td width="78%" class="vtable">
- <input name="dupcn" type="checkbox" value="yes" <?php if (isset($pconfig['dupcn'])) echo "checked"; ?>>
- <strong>Permit duplicate client certificates</strong><br>
- If this option is on, clients with duplicate certificates will not be disconnected.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell">Client-push options</td>
- <td width="78%" class="vtable">
- <table border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td><input type="checkbox" name="psh_redir" value="yes" <?php if (isset($pconfig['psh_options']['redir'])) echo "checked"; ?>>
- Redirect-gateway</td>
- <td> </td>
- <td><input type="checkbox" name="psh_redir_loc" value="yes" <?php if (isset($pconfig['psh_options']['redir_loc'])) echo "checked"; ?>>
- Local</td>
- </tr>
- <tr>
- <td><input type="checkbox" name="psh_rtedelay" value="yes" <?php if (isset($pconfig['psh_options']['rtedelay'])) echo "checked"; ?>> Route-delay</td>
- <td width="16"> </td>
- <td><input type="text" name="psh_rtedelay_int" class="formfld" size="4" value="<?= $pconfig['psh_options']['rtedelay_int']?>"> seconds</td>
- </tr>
- <tr>
- <td><input type="checkbox" name="psh_inact" value="yes" <?php if (isset($pconfig['psh_options']['inact'])) echo "checked"; ?>>
- Inactive</td>
- <td> </td>
- <td><input type="text" name="psh_inact_int" class="formfld" size="4" value="<?= $pconfig['psh_options']['inact_int']?>">
- seconds</td>
- </tr>
- <tr>
- <td><input type="checkbox" name="psh_ping" value="yes" <?php if (isset($pconfig['psh_options']['ping'])) echo "checked"; ?>> Ping</td>
- <td> </td>
- <td>Interval: <input type="text" name="psh_ping_int" class="formfld" size="4" value="<?= $pconfig['psh_options']['ping_int']?>"> seconds</td>
- </tr>
- <tr>
- <td><input type="checkbox" name="psh_pingexit" value="yes" <?php if (isset($pconfig['psh_options']['pingexit'])) echo "checked"; ?>> Ping-exit</td>
- <td> </td>
- <td>Interval: <input type="text" name="psh_pingexit_int" class="formfld" size="4" value="<?= $pconfig['psh_options']['pingexit_int']?>"> seconds</td>
- </tr>
- <tr>
- <td><input type="checkbox" name="psh_pingrst" value="yes" <?php if (isset($pconfig['psh_options']['pingrst'])) echo "checked"; ?>> Ping-restart</td>
- <td> </td>
- <td>Interval: <input type="text" name="psh_pingrst_int" class="formfld" size="4" value="<?= $pconfig['psh_options']['pingrst_int']?>"> seconds</td>
- </tr>
- </table></td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
- <input name="verb" type="hidden" value="<?=$pconfig['verb'];?>">
- <?php if (isset($id)): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
- <?php endif; ?>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
- </strong></span>Changing any settings on this page will disconnect all clients!</span>
- </td>
- </tr>
-</table>
-</form>
-<script language="JavaScript">
-<!--
-type_change();
-enable_change(false);
-
-//-->
-</script>
-<?php include("fend.inc"); ?>
projects / m0n0chwall.git / commitdiff
