From a350a7b022b520f6c14963169d95718b8cc1e4b0 Mon Sep 17 00:00:00 2001 From: mkasper Date: Sun, 8 Jan 2006 10:36:20 +0000 Subject: [PATCH] Import m0n0wall 1.2b10 files. git-svn-id: https://svn.m0n0.ch/wall/trunk@23 e36fee2c-cc09-0410-a7cc-ebac5c6737de --- captiveportal/index.php | 27 +- phpconf/config.xml | 130 +++- phpconf/inc/config.inc | 97 +++ phpconf/inc/filter.inc | 14 +- phpconf/inc/globals.inc | 2 +- phpconf/inc/openvpn.inc | 599 +++++++++++++----- phpconf/inc/services.inc | 14 + phpconf/inc/system.inc | 75 ++- phpconf/inc/util.inc | 5 +- phpconf/inc/xmlparse.inc | 2 +- phpconf/rc.bootup | 5 +- phpconf/rc.newwanip | 3 + webgui/diag_arp.php | 199 ++++++ webgui/diag_ipfstat.php | 385 +++++++++++ webgui/diag_logs.php | 5 +- webgui/diag_logs_dhcp.php | 5 +- webgui/diag_logs_filter.php | 47 +- webgui/diag_logs_portal.php | 5 +- webgui/diag_logs_vpn.php | 5 +- webgui/diag_ping.php | 49 +- webgui/diag_traceroute.php | 104 +++ webgui/fbegin.inc | 12 +- webgui/firewall_nat_1to1_edit.php | 22 +- webgui/firewall_shaper_magic.php | 20 +- webgui/firewall_shaper_queues_edit.php | 3 +- webgui/guiconfig.inc | 28 +- webgui/interfaces_assign.php | 6 +- webgui/interfaces_lan.php | 2 +- webgui/license.php | 13 +- webgui/services_captiveportal_users.php | 206 ++---- webgui/services_captiveportal_users_edit.php | 181 ++++++ webgui/services_dhcp.php | 2 +- webgui/services_dhcp_relay.php | 2 +- webgui/services_dnsmasq.php | 69 +- .../services_dnsmasq_domainoverride_edit.php | 136 ++++ webgui/services_dnsmasq_edit.php | 2 +- webgui/services_dyndns.php | 25 + webgui/services_proxyarp_edit.php | 3 +- webgui/services_wol.php | 3 +- webgui/services_wol_edit.php | 3 +- webgui/status.php | 2 + webgui/status_interfaces.php | 2 +- webgui/status_ovpn.php | 120 ++++ webgui/system_advanced.php | 22 +- webgui/vpn_ipsec_edit.php | 3 +- webgui/vpn_openvpn.php | 355 ----------- webgui/vpn_openvpn_cli.php | 40 +- webgui/vpn_openvpn_cli_edit.php | 225 ++++--- webgui/vpn_openvpn_srv.php | 165 +++++ webgui/vpn_openvpn_srv_edit.php | 560 ++++++++++++++++ 50 files changed, 3148 insertions(+), 861 deletions(-) create mode 100644 webgui/diag_arp.php create mode 100644 webgui/diag_ipfstat.php create mode 100644 webgui/diag_traceroute.php create mode 100644 webgui/services_captiveportal_users_edit.php create mode 100644 webgui/services_dnsmasq_domainoverride_edit.php create mode 100644 webgui/status_ovpn.php delete mode 100644 webgui/vpn_openvpn.php create mode 100644 webgui/vpn_openvpn_srv.php create mode 100644 webgui/vpn_openvpn_srv_edit.php diff --git a/captiveportal/index.php b/captiveportal/index.php index 7b08eb8..a6a3581 100644 --- a/captiveportal/index.php +++ b/captiveportal/index.php @@ -94,14 +94,33 @@ if ($clientmac && portal_mac_fixed($clientmac)) { } else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") { //check against local usermanager + $userdb = &$config['captiveportal']['user']; + + $loginok = false; //erase expired accounts - if(trim($config['users'][$_POST['auth_user']]['expirationdate'])!="" && strtotime("-1 day")>strtotime($config['users'][$_POST['auth_user']]['expirationdate'])){ - unset($config['users'][$_POST['auth_user']]); - write_config(); + if (is_array($userdb)) { + $moddb = false; + for ($i = 0; $i < count($userdb); $i++) { + if ($userdb[$i]['expirationdate'] && (strtotime("-1 day") > strtotime($userdb[$i]['expirationdate']))) { + unset($userdb[$i]); + $moddb = true; + } + } + if ($moddb) + write_config(); + + $userdb = &$config['captiveportal']['user']; + + for ($i = 0; $i < count($userdb); $i++) { + if (($userdb[$i]['name'] == $_POST['auth_user']) && ($userdb[$i]['password'] == md5($_POST['auth_pass']))) { + $loginok = true; + break; + } + } } - if($config['users'][$_POST['auth_user']]['password']==md5($_POST['auth_pass'])){ + if ($loginok){ captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN"); portal_allow($clientip, $clientmac,$_POST['auth_user'],0,0); } else { diff --git a/phpconf/config.xml b/phpconf/config.xml index 4726d6b..309e8a2 100644 --- a/phpconf/config.xml +++ b/phpconf/config.xml @@ -1,7 +1,8 @@ - 1.4 + 1.5 + m0n0wall local @@ -19,17 +20,24 @@ + + --> + + + sis0 192.168.1.1 24 + + @@ -104,6 +122,10 @@ + @@ -120,7 +142,19 @@ + + + + + @@ -132,6 +166,16 @@ xxx.xxx.xxx.xxx + xxx.xxx.xxx.xxx + + + + + + xx:xx:xx:xx:xx:xx + xxx.xxx.xxx.xxx + + --> - + + + + + @@ -181,6 +270,7 @@ + @@ -193,7 +283,10 @@ + + + --> @@ -259,6 +368,8 @@ --> + + pass Default LAN -> any @@ -277,6 +388,7 @@ ... lan|opt[n]|wan|pptp tcp|udp|tcp/udp|... + @@ -345,9 +457,11 @@ + print out error message and show formular again (and fill in all recently entered values - //except passwords - $_GET['act']="new"; - $_POST['old_username']=($_POST['old_username'] ? $_POST['old_username'] : $_POST['username']); - $_GET['username']=$_POST['old_username']; - foreach(Array("username","fullname","expirationdate") as $field){ - $config['users'][$_POST['old_username']][$field]=$_POST[$field]; - } - } else { - //all values are okay --> saving changes - $_POST['username']=trim($_POST['username']); - if($_POST['old_username']!="" && $_POST['old_username']!=$_POST['username']){ - //change the username (which is used as array-index) - $config['users'][$_POST['username']]=$config['users'][$_POST['old_username']]; - unset($config['users'][$_POST['old_username']]); - } - foreach(Array('fullname','expirationdate') as $field){ - $config['users'][$_POST['username']][$field]=trim($_POST[$field]); - } - if(trim($_POST['password1'])!="********" && trim($_POST['password1'])!=""){ - $config['users'][$_POST['username']]['password']=md5(trim($_POST['password1'])); - } + +if (!is_array($config['captiveportal']['user'])) { + $config['captiveportal']['user'] = array(); +} +captiveportal_users_sort(); +$a_user = &$config['captiveportal']['user']; + +if ($_GET['act'] == "del") { + if ($a_user[$_GET['id']]) { + unset($a_user[$_GET['id']]); write_config(); - $savemsg=$_POST['username']." successfully saved
"; + header("Location: services_captiveportal_users.php"); + exit; } -} else if ($_GET['act']=="delete" && isset($_GET['username'])){ - unset($config['users'][$_GET['username']]); - write_config(); - $savemsg=$_GET['username']." successfully deleted
"; } + //erase expired accounts -$changed=false; -if(is_array($config['users'])){ - foreach($config['users'] as $username => $user){ - if(trim($user['expirationdate'])!="" && strtotime("-1 day")>strtotime($user['expirationdate']) && empty($input_errors)){ - unset($config['users'][$username]); - $changed=true; - $savemsg.="$username has expired --> $username was deleted
"; - } - } - if($changed){ - write_config(); +$changed = false; +for ($i = 0; $i < count($a_user); $i++) { + if ($a_user[$i]['expirationdate'] && (strtotime("-1 day") > strtotime($a_user[$i]['expirationdate']))) { + unset($a_user[$i]); + $changed = true; } } +if ($changed) { + write_config(); + header("Location: services_captiveportal_users.php"); + exit; +} ?> - - - - -
    @@ -155,54 +76,6 @@ if(is_array($config['users'])){
- -
- - - - - - - - - - - - - - - - - - - - - -
Username - -
Password - ">
- "> - (confirmation)
Full name - -
- User's full name, for your own information only
Expiration date - - Pick a date -
- Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy
  - - -
-
- @@ -210,34 +83,27 @@ if($_GET['act']=="new" || $_GET['act']=="edit"){ - $user){ -?> + - + - - + + - + -
UsernameExpires
-   +   -   +   -   +   -   +  
- - -
+ + + + diff --git a/webgui/services_captiveportal_users_edit.php b/webgui/services_captiveportal_users_edit.php new file mode 100644 index 0000000..9607f26 --- /dev/null +++ b/webgui/services_captiveportal_users_edit.php @@ -0,0 +1,181 @@ +#!/usr/local/bin/php +. + All rights reserved. + Copyright (C) 2005 Pascal Suter . + All rights reserved. + (files was created by Pascal based on the source code of services_captiveportal.php from Manuel) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +$pgtitle = array("Services", "Captive portal", "Edit user"); +require("guiconfig.inc"); + +if (!is_array($config['captiveportal']['user'])) { + $config['captiveportal']['user'] = array(); +} +captiveportal_users_sort(); +$a_user = &$config['captiveportal']['user']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_user[$id]) { + $pconfig['username'] = $a_user[$id]['name']; + $pconfig['fullname'] = $a_user[$id]['fullname']; + $pconfig['expirationdate'] = $a_user[$id]['expirationdate']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if (isset($id) && ($a_user[$id])) { + $reqdfields = explode(" ", "username"); + $reqdfieldsn = explode(",", "Username"); + } else { + $reqdfields = explode(" ", "username password"); + $reqdfieldsn = explode(",", "Username,Password"); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username'])) + $input_errors[] = "The username contains invalid characters."; + + if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) + $input_errors[] = "The passwords do not match."; + + //check for a valid expirationdate if one is set at all (valid means, strtotime() puts out a time stamp + //so any strtotime compatible time format may be used. to keep it simple for the enduser, we only claim + //to accept MM/DD/YYYY as inputs. advanced users may use inputs like "+1 day", which will be converted to + //MM/DD/YYYY based on "now" since otherwhise such an entry would lead to a never expiring expirationdate + if ($_POST['expirationdate']){ + if(strtotime($_POST['expirationdate']) > 0){ + if (strtotime("-1 day") > strtotime(date("m/d/Y",strtotime($_POST['expirationdate'])))){ + $input_errors[] = "The expiration date lies in the past."; + } else { + //convert from any strtotime compatible date to MM/DD/YYYY + $expdate = strtotime($_POST['expirationdate']); + $_POST['expirationdate'] = date("m/d/Y",$expdate); + } + } else { + $input_errors[] = "Invalid expiration date format; use MM/DD/YYYY instead."; + } + } + + if (!$input_errors && !(isset($id) && $a_user[$id])) { + /* make sure there are no dupes */ + foreach ($a_user as $userent) { + if ($userent['name'] == $_POST['username']) { + $input_errors[] = "Another entry with the same username already exists."; + break; + } + } + } + + if (!$input_errors) { + + if (isset($id) && $a_user[$id]) + $userent = $a_user[$id]; + + $userent['name'] = $_POST['username']; + $userent['fullname'] = $_POST['fullname']; + $userent['expirationdate'] = $_POST['expirationdate']; + + if ($_POST['password']) + $userent['password'] = md5($_POST['password']); + + if (isset($id) && $a_user[$id]) + $a_user[$id] = $userent; + else + $a_user[] = $userent; + + write_config(); + + header("Location: services_captiveportal_users.php"); + exit; + } +} + +?> + + + +
+ + + + + + + + + + + + + + + + + + + + + +
Username + +
Password +
+ +  (confirmation)
+ If you want to change the users' password, + enter it here twice. +
Full name + +
+ User's full name, for your own information only
Expiration date + + Pick a date +
+ Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy
  + + + + +
+
+ diff --git a/webgui/services_dhcp.php b/webgui/services_dhcp.php index 4f1b60d..d2b182e 100644 --- a/webgui/services_dhcp.php +++ b/webgui/services_dhcp.php @@ -41,7 +41,7 @@ $iflist = array("lan" => "LAN"); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { $oc = $config['interfaces']['opt' . $i]; - if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge'])) { + if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge']) && (!$oc['ovpn'])) { $iflist['opt' . $i] = $oc['descr']; } } diff --git a/webgui/services_dhcp_relay.php b/webgui/services_dhcp_relay.php index 337c0ed..22807d2 100644 --- a/webgui/services_dhcp_relay.php +++ b/webgui/services_dhcp_relay.php @@ -62,7 +62,7 @@ $iflist = array("lan" => "LAN"); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { $oc = $config['interfaces']['opt' . $i]; - if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge'])) { + if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge']) && (!$oc['ovpn'])) { $iflist['opt' . $i] = $oc['descr']; } } diff --git a/webgui/services_dnsmasq.php b/webgui/services_dnsmasq.php index 611342d..b2d4c3e 100644 --- a/webgui/services_dnsmasq.php +++ b/webgui/services_dnsmasq.php @@ -38,8 +38,13 @@ $pconfig['regdhcp'] = isset($config['dnsmasq']['regdhcp']); if (!is_array($config['dnsmasq']['hosts'])) { $config['dnsmasq']['hosts'] = array(); } +if (!is_array($config['dnsmasq']['domainoverrides'])) { + $config['dnsmasq']['domainoverrides'] = array(); +} hosts_sort(); +domainoverrides_sort(); $a_hosts = &$config['dnsmasq']['hosts']; +$a_domainOverrides = &$config['dnsmasq']['domainoverrides']; if ($_POST) { @@ -59,25 +64,36 @@ if ($_POST) { $savemsg = get_std_save_message($retval); if ($retval == 0) { - if (file_exists($d_hostsdirty_path)) - unlink($d_hostsdirty_path); + if (file_exists($d_dnsmasqdirty_path)) + unlink($d_dnsmasqdirty_path); } } if ($_GET['act'] == "del") { - if ($a_hosts[$_GET['id']]) { - unset($a_hosts[$_GET['id']]); - write_config(); - touch($d_hostsdirty_path); - header("Location: services_dnsmasq.php"); - exit; + if ($_GET['type'] == 'host') { + if ($a_hosts[$_GET['id']]) { + unset($a_hosts[$_GET['id']]); + write_config(); + touch($d_dnsmasqdirty_path); + header("Location: services_dnsmasq.php"); + exit; + } } + elseif ($_GET['type'] == 'doverride') { + if ($a_domainOverrides[$_GET['id']]) { + unset($a_domainOverrides[$_GET['id']]); + write_config(); + touch($d_dnsmasqdirty_path); + header("Location: services_dnsmasq.php"); + exit; + } + } } ?>
-

+

You must apply the changes in order for them to take effect.");?>

@@ -143,7 +159,7 @@ if ($_GET['act'] == "del") {   -   +   @@ -151,5 +167,38 @@ if ($_GET['act'] == "del") { + + + + +

Below you can override an entire domain by specifying an + authoritative DNS server to be queried for that domain.

+ + + + + + + + + + + + + + + + + + + +
DomainIPDescription
+   + +   + +   + +  
diff --git a/webgui/services_dnsmasq_domainoverride_edit.php b/webgui/services_dnsmasq_domainoverride_edit.php new file mode 100644 index 0000000..2fff172 --- /dev/null +++ b/webgui/services_dnsmasq_domainoverride_edit.php @@ -0,0 +1,136 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Services", "DNS forwarder", "Edit Domain Override"); +require("guiconfig.inc"); + +if (!is_array($config['dnsmasq']['domainoverrides'])) { + $config['dnsmasq']['domainoverrides'] = array(); +} +domainoverrides_sort(); +$a_domainOverrides = &$config['dnsmasq']['domainoverrides']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_domainOverrides[$id]) { + $pconfig['domain'] = $a_domainOverrides[$id]['domain']; + $pconfig['ip'] = $a_domainOverrides[$id]['ip']; + $pconfig['descr'] = $a_domainOverrides[$id]['descr']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "domain ip"); + $reqdfieldsn = explode(",", "Domain,IP address"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['domain'] && !is_domain($_POST['domain']))) { + $input_errors[] = "A valid domain must be specified."; + } + if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) { + $input_errors[] = "A valid IP address must be specified."; + } + + /* check for overlaps */ + foreach ($a_domainOverrides as $doment) { + if (isset($id) && ($a_domainOverrides[$id]) && ($a_domainOverrides[$id] === $doment)) + continue; + + if (($doment['host'] == $_POST['host']) && ($doment['domain'] == $_POST['domain'])) { + $input_errors[] = "An override already exists for this domain."; + break; + } + } + + if (!$input_errors) { + $doment = array(); + $doment['domain'] = $_POST['domain']; + $doment['ip'] = $_POST['ip']; + $doment['descr'] = $_POST['descr']; + + if (isset($id) && $a_domainOverrides[$id]) + $a_domainOverrides[$id] = $doment; + else + $a_domainOverrides[] = $doment; + + touch($d_dnsmasqdirty_path); + + write_config(); + + header("Location: services_dnsmasq.php"); + exit; + } +} +?> + + +
+ + + + + + + + + + + + + + + + + +
Domain + +
Domain to override (note: this does not have to be a valid TLD)
+ e.g. test
IP address + +
IP address of the authoritative DNS server for this domain +
Description + +
You may enter a description here + for your reference (not parsed).
  + + + + +
+
+ diff --git a/webgui/services_dnsmasq_edit.php b/webgui/services_dnsmasq_edit.php index 6701555..878ba8b 100644 --- a/webgui/services_dnsmasq_edit.php +++ b/webgui/services_dnsmasq_edit.php @@ -93,7 +93,7 @@ if ($_POST) { else $a_hosts[] = $hostent; - touch($d_hostsdirty_path); + touch($d_dnsmasqdirty_path); write_config(); diff --git a/webgui/services_dyndns.php b/webgui/services_dyndns.php index 0ee1af7..e7cf037 100644 --- a/webgui/services_dyndns.php +++ b/webgui/services_dyndns.php @@ -39,6 +39,8 @@ if (!is_array($config['dnsupdate'])) { $pconfig['username'] = $config['dyndns']['username']; $pconfig['password'] = $config['dyndns']['password']; $pconfig['host'] = $config['dyndns']['host']; +$pconfig['server'] = $config['dyndns']['server']; +$pconfig['port'] = $config['dyndns']['port']; $pconfig['mx'] = $config['dyndns']['mx']; $pconfig['type'] = $config['dyndns']['type']; $pconfig['enable'] = isset($config['dyndns']['enable']); @@ -74,6 +76,12 @@ if ($_POST) { if (($_POST['host'] && !is_domain($_POST['host']))) { $input_errors[] = "The host name contains invalid characters."; } + if (($_POST['server'] && !is_domain($_POST['server']) && !is_ipaddr($_POST['server']))) { + $input_errors[] = "The server name contains invalid characters."; + } + if (($_POST['port'] && !is_port($_POST['port']))) { + $input_errors[] = "The server port must be an integer between 1 and 65535."; + } if (($_POST['mx'] && !is_domain($_POST['mx']))) { $input_errors[] = "The MX contains invalid characters."; } @@ -96,6 +104,8 @@ if ($_POST) { $config['dyndns']['username'] = $_POST['username']; $config['dyndns']['password'] = $_POST['password']; $config['dyndns']['host'] = $_POST['host']; + $config['dyndns']['server'] = $_POST['server']; + $config['dyndns']['port'] = $_POST['port']; $config['dyndns']['mx'] = $_POST['mx']; $config['dyndns']['wildcard'] = $_POST['wildcard'] ? true : false; $config['dyndns']['enable'] = $_POST['enable'] ? true : false; @@ -130,6 +140,8 @@ function enable_change(enable_change) { endis = !(document.iform.enable.checked || enable_change); document.iform.host.disabled = endis; + document.iform.server.disabled = endis; + document.iform.port.disabled = endis; document.iform.mx.disabled = endis; document.iform.type.disabled = endis; document.iform.wildcard.disabled = endis; @@ -175,6 +187,19 @@ function enable_change(enable_change) { + + Server + + +
Special server to connect to. This can usually be left blank. + + + + Port + + +
Special server port to connect to. This can usually be left blank. + MX diff --git a/webgui/services_proxyarp_edit.php b/webgui/services_proxyarp_edit.php index 09ceaee..033e2e1 100644 --- a/webgui/services_proxyarp_edit.php +++ b/webgui/services_proxyarp_edit.php @@ -168,7 +168,8 @@ function typesel_change() { + entries
+ Maxmimum number of firewall state entries to be displayed on the Diagnostics: Firewall state page. + Default is 300. Setting this to a very high value will cause a slowdown when viewing the + firewall states page, depending on your system's processing power. +   @@ -300,7 +318,7 @@ function enable_change(enable_over) { - +
@@ -228,7 +263,7 @@ if (isset($_POST['pull'])) { Port
- Enter the server's port number (default is 5000). + Enter the server's port number (default is 1194). @@ -319,7 +354,23 @@ if (isset($_POST['pull'])) { Select the data channel encryption cipher. This must match the setting on the server. - + + + TLS auth + + onClick="enable_change(false)"> + TLS auth
+ The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. + + + + Pre-shared secret + + +
+ Paste your own pre-shared secret here. + + Options @@ -338,5 +389,9 @@ if (isset($_POST['pull'])) {
- + diff --git a/webgui/vpn_openvpn_srv.php b/webgui/vpn_openvpn_srv.php new file mode 100644 index 0000000..2f4f9b7 --- /dev/null +++ b/webgui/vpn_openvpn_srv.php @@ -0,0 +1,165 @@ +#!/usr/local/bin/php + + + + +
+

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + + +
+ +
+ WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading.

+ + + + + + + + + + + + + "; + $spane = ""; + } else { + $spans = $spane = ""; + } + + if ($server['bind_iface'] == 'all') + $ipaddr = "0.0.0.0"; + else + $ipaddr = ovpn_get_ip($server['bind_iface']); + ?> + + + + + + + + + + + + + + + +
InterfaceProtocolSocketIP BlockCryptoDescription
+ + + + + + + + + + +   + +  
 
+
+
+ diff --git a/webgui/vpn_openvpn_srv_edit.php b/webgui/vpn_openvpn_srv_edit.php new file mode 100644 index 0000000..d284390 --- /dev/null +++ b/webgui/vpn_openvpn_srv_edit.php @@ -0,0 +1,560 @@ +#!/usr/local/bin/php + + + + + + +
+WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading.
 
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Disabled + > + Disable this server
+ Set this option to disable this server without removing it from the list. +
Tunnel type + > + TUN  + > + TAP +
OpenVPN protocol/port + > + UDP  + > + TCP

+ Port: +
+ Enter the port number to use for the server (default is 1194).
Interface binding + +
+ Choose an interface for the OpenVPN server to listen on.
Dynamic IP address + > + Dynamic IP address
+ Set this option to on, if your IP addresses are being assigned dynamically. Can only be used with interface binding set to ALL.
VPN client address pool + + / + +
+ Enter the IP address block for the OpenVPN server and clients to use.
+
+ Maximum number of simultaneous clients: + +
Description + +
You may enter a description here for your reference (not parsed).
CA certificate + +
+ Paste a CA certificate in X.509 PEM format here.
Server certificate + +
+ Paste a server certificate in X.509 PEM format here.
Server key + +
Paste the server RSA private key here.
DH parameters + +
+ Paste the Diffie-Hellman parameters in PEM format here.
Crypto + +
+ Select a data channel encryption cipher.
TLS auth + onClick="enable_change(false)"> + TLS auth
+ The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification.
Pre-shared secret + +
+ Paste your own pre-shared secret here.
Internal routing mode + > + Enable client-to-client routing
+ If this option is on, clients are allowed to talk to each other.
Client authentication + > + Permit duplicate client certificates
+ If this option is on, clients with duplicate certificates will not be disconnected.
Client-push options + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
> + Redirect-gateway > + Local
> Route-delay  seconds
> + Inactive  + seconds
> Ping Interval: seconds
> Ping-exit Interval: seconds
> Ping-restart Interval: seconds
  + + + + + +
 Note:
+ Changing any settings on this page will disconnect all clients! +
+
+ + -- 2.25.1