mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-13 08:09:41 +00:00
openvpn: add tun-mtu/fragment/mssfix combo for CSOs #6703
This commit is contained in:
Franco Fichtner
parent
d5c6cc24d3
commit
0a4eacfb6a
@ -965,11 +965,12 @@ function openvpn_csc_conf_write($settings, $server, $target_filename = null)
|
||||
if (empty($settings['common_name']) || empty($server['vpnid'])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$conf = '';
|
||||
|
||||
if (!empty($settings['block'])) {
|
||||
$conf .= "disable\n";
|
||||
}
|
||||
|
||||
if (!empty($settings['push_reset'])) {
|
||||
$conf .= "push-reset\n";
|
||||
}
|
||||
@ -1017,6 +1018,16 @@ function openvpn_csc_conf_write($settings, $server, $target_filename = null)
|
||||
|
||||
openvpn_add_dhcpopts($settings, $conf);
|
||||
|
||||
if (!empty($settings['tun_mtu'])) {
|
||||
$conf .= 'tun-mtu ' . $settings['tun_mtu'] . PHP_EOL;
|
||||
}
|
||||
if (isset($settings['fragment']) && $settings['fragment'] != '') {
|
||||
$conf .= 'fragment ' . $settings['fragment'] . PHP_EOL;
|
||||
}
|
||||
if (!empty($settings['mssfix'])) {
|
||||
$conf .= 'mssfix' . PHP_EOL;
|
||||
}
|
||||
|
||||
$vpnid = filter_var($server['vpnid'], FILTER_SANITIZE_NUMBER_INT);
|
||||
if (empty($target_filename)) {
|
||||
$target_filename = "/var/etc/openvpn-csc/" . $vpnid . "/" . $settings['common_name'];
|
||||
@ -1027,10 +1038,15 @@ function openvpn_csc_conf_write($settings, $server, $target_filename = null)
|
||||
chown($target_filename, 'nobody');
|
||||
chgrp($target_filename, 'nobody');
|
||||
return $target_filename;
|
||||
} elseif (is_file($target_filename)) {
|
||||
unlink($target_filename);
|
||||
return null;
|
||||
}
|
||||
|
||||
/* nothing was configured */
|
||||
|
||||
if (is_file($target_filename)) {
|
||||
unlink($target_filename);
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
function openvpn_prepare($device)
|
||||
|
||||
@ -77,9 +77,7 @@
|
||||
<type>select_multiple</type>
|
||||
<style>tokenize</style>
|
||||
<allownew>true</allownew>
|
||||
<help>
|
||||
Remote networks for the server, these are configured via iroute{-ipv6} clauses in OpenVPN and inform the server to send these networks to this specific client.
|
||||
</help>
|
||||
<help>Remote networks for the server, these are configured via iroute{-ipv6} clauses in OpenVPN and inform the server to send these networks to this specific client.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>cso.redirect_gateway</id>
|
||||
@ -110,9 +108,7 @@
|
||||
<type>select_multiple</type>
|
||||
<style>tokenize</style>
|
||||
<allownew>true</allownew>
|
||||
<help>
|
||||
Add name to the domain search list. Repeat this option to add more entries. Up to 10 domains are supported
|
||||
</help>
|
||||
<help>Add name to the domain search list. Repeat this option to add more entries. Up to 10 domains are supported.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>cso.dns_servers</id>
|
||||
@ -120,9 +116,7 @@
|
||||
<type>select_multiple</type>
|
||||
<style>tokenize</style>
|
||||
<allownew>true</allownew>
|
||||
<help>
|
||||
Set primary domain name server IPv4 or IPv6 address. Repeat this option to set secondary DNS server addresses.
|
||||
</help>
|
||||
<help>Set primary domain name server IPv4 or IPv6 address. Repeat this option to set secondary DNS server addresses.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>cso.ntp_servers</id>
|
||||
@ -130,9 +124,7 @@
|
||||
<type>select_multiple</type>
|
||||
<style>tokenize</style>
|
||||
<allownew>true</allownew>
|
||||
<help>
|
||||
Set primary NTP server address (Network Time Protocol). Repeat this option to set secondary NTP server addresses.
|
||||
</help>
|
||||
<help>Set primary NTP server address (Network Time Protocol). Repeat this option to set secondary NTP server addresses.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>cso.wins_servers</id>
|
||||
@ -141,8 +133,29 @@
|
||||
<style>tokenize</style>
|
||||
<allownew>true</allownew>
|
||||
<advanced>true</advanced>
|
||||
<help>
|
||||
Set primary WINS server address (NetBIOS over TCP/IP Name Server). Repeat this option to set secondary WINS server addresses.
|
||||
</help>
|
||||
<help>Set primary WINS server address (NetBIOS over TCP/IP Name Server). Repeat this option to set secondary WINS server addresses.</help>
|
||||
</field>
|
||||
<field>
|
||||
<type>header</type>
|
||||
<label>Advanced Settings</label>
|
||||
<collapse>true</collapse>
|
||||
</field>
|
||||
<field>
|
||||
<id>cso.tun_mtu</id>
|
||||
<label>TUN device MTU</label>
|
||||
<type>text</type>
|
||||
<help>Take the TUN device MTU to be tun-mtu and derive the link MTU from it.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>cso.fragment</id>
|
||||
<label>Fragment size</label>
|
||||
<type>text</type>
|
||||
<help>Enable internal datagram fragmentation so that no UDP datagrams are sent which are larger than the specified byte size.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>cso.mssfix</id>
|
||||
<label>MSS fix</label>
|
||||
<type>checkbox</type>
|
||||
<help>Announce to TCP sessions running over the tunnel that they should limit their send packet sizes such that after OpenVPN has encapsulated them, the resulting UDP packet size that OpenVPN sends to its peer will not exceed the recommended size.</help>
|
||||
</field>
|
||||
</fields>
|
||||
|
||||
@ -134,14 +134,25 @@ class OpenVPN extends BaseModel
|
||||
if ((string)$cso->common_name != $common_name) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// translate content to legacy format so this may easily inject into the existing codebase
|
||||
$result['ovpn_servers'] = (string)$cso->servers;
|
||||
$result['common_name'] = (string)$cso->common_name;
|
||||
$result['description'] = (string)$cso->description;
|
||||
$result['redirect_gateway'] = str_replace(',', ' ', (string)$cso->redirect_gateway);
|
||||
|
||||
$result['tunnel_network'] = (string)$cso->tunnel_network;
|
||||
$result['tunnel_networkv6'] = (string)$cso->tunnel_networkv6;
|
||||
$opts = [
|
||||
'common_name',
|
||||
'description',
|
||||
'dns_domain',
|
||||
'dns_domain_search',
|
||||
'fragment',
|
||||
'mssfix',
|
||||
'tun_mtu',
|
||||
'tunnel_network',
|
||||
'tunnel_networkv6',
|
||||
];
|
||||
foreach ($opts as $fieldname) {
|
||||
$result[$fieldname] = (string)$cso->$fieldname;
|
||||
}
|
||||
|
||||
foreach (['local', 'remote'] as $type) {
|
||||
$f1 = $type . '_network';
|
||||
$f2 = $type . '_networkv6';
|
||||
@ -164,8 +175,6 @@ class OpenVPN extends BaseModel
|
||||
if (!empty((string)$cso->block)) {
|
||||
$result['block'] = '1';
|
||||
}
|
||||
$result['dns_domain'] = (string)$cso->dns_domain;
|
||||
$result['dns_domain_search'] = (string)$cso->dns_domain_search;
|
||||
foreach (['dns_server', 'ntp_server', 'wins_server'] as $fieldname) {
|
||||
if (!empty((string)$cso->$fieldname . 's')) {
|
||||
foreach (explode(',', (string)$cso->{$fieldname . 's'}) as $idx => $item) {
|
||||
@ -174,6 +183,7 @@ class OpenVPN extends BaseModel
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
||||
@ -91,6 +91,19 @@
|
||||
<description type="TextField">
|
||||
<Required>N</Required>
|
||||
</description>
|
||||
<tun_mtu type="IntegerField">
|
||||
<Required>N</Required>
|
||||
<MinimumValue>60</MinimumValue>
|
||||
<MaximumValue>65535</MaximumValue>
|
||||
</tun_mtu>
|
||||
<fragment type="IntegerField">
|
||||
<Required>N</Required>
|
||||
<MinimumValue>0</MinimumValue>
|
||||
<MaximumValue>65528</MaximumValue>
|
||||
</fragment>
|
||||
<mssfix type="BooleanField">
|
||||
<Required>N</Required>
|
||||
</mssfix>
|
||||
</Overwrite>
|
||||
</Overwrites>
|
||||
<Instances>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user