mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-14 08:34:39 +00:00
start to hide IPsec and OpenVPN for pluginification
This commit is contained in:
Franco Fichtner
parent
2058b1cf56
commit
9b694b705d
@ -1452,3 +1452,90 @@ function openvpn_get_remote_access_servers()
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
// Resync and restart all VPNs using a gateway group.
|
||||
function openvpn_resync_gwgroup($gwgroupname = "") {
|
||||
global $config;
|
||||
|
||||
if (!empty($gwgroupname)) {
|
||||
if (isset($config['openvpn']['openvpn-server'])) {
|
||||
foreach ($config['openvpn']['openvpn-server'] as & $settings) {
|
||||
if ($gwgroupname == $settings['interface']) {
|
||||
log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . ".");
|
||||
openvpn_resync('server', $settings);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($config['openvpn']['openvpn-client'])) {
|
||||
foreach ($config['openvpn']['openvpn-client'] as & $settings) {
|
||||
if ($gwgroupname == $settings['interface']) {
|
||||
log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . ".");
|
||||
openvpn_resync('client', $settings);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these.
|
||||
} else {
|
||||
log_error("openvpn_resync_gwgroup called with null gwgroup parameter.");
|
||||
}
|
||||
}
|
||||
|
||||
function openvpn_refresh_crls()
|
||||
{
|
||||
global $config;
|
||||
|
||||
openvpn_create_dirs();
|
||||
|
||||
if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) {
|
||||
foreach ($config['openvpn']['openvpn-server'] as $settings) {
|
||||
if (empty($settings) || isset($settings['disable'])) {
|
||||
continue;
|
||||
}
|
||||
// Write the settings for the keys
|
||||
switch($settings['mode']) {
|
||||
case 'p2p_tls':
|
||||
case 'server_tls':
|
||||
case 'server_tls_user':
|
||||
case 'server_user':
|
||||
if (!empty($settings['crlref'])) {
|
||||
$crl = lookup_crl($settings['crlref']);
|
||||
crl_update($crl);
|
||||
$fpath = "/var/etc/openvpn/server{$settings['vpnid']}.crl-verify";
|
||||
file_put_contents($fpath, base64_decode($crl['text']));
|
||||
@chmod($fpath, 0644);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function openvpn_resync_if_needed($mode, $ovpn_settings, $interface)
|
||||
{
|
||||
global $config;
|
||||
|
||||
$resync_needed = true;
|
||||
if (isset($ovpn_settings['disable'])) {
|
||||
$resync_needed = false;
|
||||
} else {
|
||||
if (!empty($interface)) {
|
||||
$mode_id = $mode . $ovpn_settings['vpnid'];
|
||||
$fpath = "/var/etc/openvpn/{$mode_id}.interface";
|
||||
if (file_exists($fpath)) {
|
||||
$current_device = file_get_contents($fpath);
|
||||
$current_device = trim($current_device, " \t\n");
|
||||
$new_device = get_failover_interface($ovpn_settings['interface']);
|
||||
if (isset($config['interfaces'][$interface])) {
|
||||
$this_device = $config['interfaces'][$interface]['if'];
|
||||
if (($current_device == $new_device) && ($current_device != $this_device))
|
||||
$resync_needed = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($resync_needed == true) {
|
||||
log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']);
|
||||
openvpn_resync($mode, $ovpn_settings);
|
||||
}
|
||||
}
|
||||
|
||||
@ -37,9 +37,16 @@
|
||||
* from system.inc, but its movable parts belong to
|
||||
* system.inc, while all services belong to their own
|
||||
* files. Maybe eventually this will change...
|
||||
*
|
||||
* ... it does, but now we also chain IPsec and OpenVPN
|
||||
* through this in order to remove the widespread usage
|
||||
* of includes and switch them for a cleaner "services.inc"
|
||||
* include.
|
||||
*/
|
||||
require_once('dyndns.class');
|
||||
require_once('plugins.inc.d/dnsmasq.inc');
|
||||
require_once('ipsec.inc');
|
||||
require_once('openvpn.inc');
|
||||
require_once('plugins.inc.d/unbound.inc');
|
||||
|
||||
function generate_ipv6_from_mac($mac)
|
||||
|
||||
@ -127,7 +127,6 @@ function filter_configure_xmlrpc()
|
||||
require_once("system.inc");
|
||||
require_once("util.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("services.inc");
|
||||
require_once("rrd.inc");
|
||||
|
||||
@ -156,8 +155,8 @@ function restore_config_section_xmlrpc($new_config)
|
||||
global $config;
|
||||
|
||||
require_once("interfaces.inc");
|
||||
require_once("services.inc");
|
||||
require_once("filter.inc");
|
||||
require_once("ipsec.inc");
|
||||
|
||||
// save old config
|
||||
$old_config = $config;
|
||||
|
||||
@ -31,9 +31,7 @@
|
||||
require_once("services.inc");
|
||||
require_once("system.inc");
|
||||
require_once('util.inc');
|
||||
require_once("openvpn.inc");
|
||||
require_once("filter.inc");
|
||||
require_once("ipsec.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("rrd.inc");
|
||||
|
||||
|
||||
@ -45,8 +45,6 @@ $inc_files = array(
|
||||
'services.inc',
|
||||
'system.inc',
|
||||
'filter.inc',
|
||||
'ipsec.inc',
|
||||
'openvpn.inc',
|
||||
'rrd.inc',
|
||||
);
|
||||
|
||||
|
||||
@ -30,7 +30,6 @@
|
||||
require_once("config.inc");
|
||||
require_once("util.inc");
|
||||
require_once("filter.inc");
|
||||
require_once("ipsec.inc");
|
||||
require_once("system.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("services.inc");
|
||||
|
||||
@ -30,9 +30,7 @@
|
||||
/* parse the configuration and include all functions used below */
|
||||
require_once("config.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("util.inc");
|
||||
require_once("ipsec.inc");
|
||||
require_once("filter.inc");
|
||||
require_once("rrd.inc");
|
||||
require_once("util.inc");
|
||||
|
||||
@ -31,12 +31,10 @@ require_once("config.inc");
|
||||
require_once("config.console.inc");
|
||||
require_once("filter.inc");
|
||||
require_once("util.inc");
|
||||
require_once("ipsec.inc");
|
||||
require_once("rrd.inc");
|
||||
require_once("system.inc");
|
||||
require_once("services.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("openvpn.inc");
|
||||
|
||||
system_console_mute();
|
||||
|
||||
|
||||
@ -32,8 +32,6 @@ require_once('auth.inc');
|
||||
require_once("util.inc");
|
||||
require_once("filter.inc");
|
||||
require_once("system.inc");
|
||||
require_once('ipsec.inc');
|
||||
require_once('openvpn.inc');
|
||||
require_once("interfaces.inc");
|
||||
require_once("services.inc");
|
||||
|
||||
|
||||
@ -31,8 +31,6 @@ require_once("config.inc");
|
||||
require_once('auth.inc');
|
||||
require_once("filter.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once('ipsec.inc');
|
||||
require_once('openvpn.inc');
|
||||
require_once("util.inc");
|
||||
require_once("system.inc");
|
||||
require_once("services.inc");
|
||||
|
||||
@ -31,8 +31,6 @@
|
||||
require_once("config.inc");
|
||||
require_once('auth.inc');
|
||||
require_once("filter.inc");
|
||||
require_once('ipsec.inc');
|
||||
require_once("openvpn.inc");
|
||||
require_once("rrd.inc");
|
||||
require_once("util.inc");
|
||||
require_once("system.inc");
|
||||
|
||||
@ -32,8 +32,6 @@
|
||||
require_once("config.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("filter.inc");
|
||||
require_once('ipsec.inc');
|
||||
require_once("openvpn.inc");
|
||||
require_once("services.inc");
|
||||
require_once("rrd.inc");
|
||||
require_once("util.inc");
|
||||
|
||||
@ -61,35 +61,6 @@ function gateway_is_gwgroup_member($name)
|
||||
return $members;
|
||||
}
|
||||
|
||||
function openvpn_resync_if_needed($mode, $ovpn_settings, $interface)
|
||||
{
|
||||
global $config;
|
||||
|
||||
$resync_needed = true;
|
||||
if (isset($ovpn_settings['disable'])) {
|
||||
$resync_needed = false;
|
||||
} else {
|
||||
if (!empty($interface)) {
|
||||
$mode_id = $mode . $ovpn_settings['vpnid'];
|
||||
$fpath = "/var/etc/openvpn/{$mode_id}.interface";
|
||||
if (file_exists($fpath)) {
|
||||
$current_device = file_get_contents($fpath);
|
||||
$current_device = trim($current_device, " \t\n");
|
||||
$new_device = get_failover_interface($ovpn_settings['interface']);
|
||||
if (isset($config['interfaces'][$interface])) {
|
||||
$this_device = $config['interfaces'][$interface]['if'];
|
||||
if (($current_device == $new_device) && ($current_device != $this_device))
|
||||
$resync_needed = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($resync_needed == true) {
|
||||
log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']);
|
||||
openvpn_resync($mode, $ovpn_settings);
|
||||
}
|
||||
}
|
||||
|
||||
function try_lock($lock, $timeout = 5)
|
||||
{
|
||||
if (!$lock) {
|
||||
|
||||
@ -29,10 +29,8 @@
|
||||
|
||||
require_once("config.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("filter.inc");
|
||||
require_once("auth.inc");
|
||||
require_once('ipsec.inc');
|
||||
require_once('rrd.inc');
|
||||
require_once("util.inc");
|
||||
require_once("system.inc");
|
||||
|
||||
@ -30,8 +30,6 @@
|
||||
require_once("config.inc");
|
||||
require_once("filter.inc");
|
||||
require_once("util.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once('ipsec.inc');
|
||||
require_once("system.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("services.inc");
|
||||
|
||||
@ -36,8 +36,6 @@ require_once("filter.inc");
|
||||
require_once("rrd.inc");
|
||||
require_once("system.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("ipsec.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("services.inc");
|
||||
|
||||
/***************************************************************************************************************
|
||||
|
||||
@ -33,8 +33,6 @@ require_once("filter.inc");
|
||||
require_once("rrd.inc");
|
||||
require_once("system.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("ipsec.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("services.inc");
|
||||
|
||||
function list_interfaces() {
|
||||
|
||||
@ -30,7 +30,6 @@
|
||||
require_once("guiconfig.inc");
|
||||
require_once("system.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("services.inc");
|
||||
|
||||
if (!isset($config['bridges']) || !is_array($config['bridges'])) {
|
||||
|
||||
@ -30,7 +30,6 @@
|
||||
require_once("guiconfig.inc");
|
||||
require_once("system.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("services.inc");
|
||||
|
||||
if (!isset($config['gifs']) || !is_array($config['gifs'])) {
|
||||
|
||||
@ -30,7 +30,6 @@
|
||||
require_once("guiconfig.inc");
|
||||
require_once("system.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("services.inc");
|
||||
|
||||
if (!isset($config['gres']) || !is_array($config['gres'])) {
|
||||
|
||||
@ -30,7 +30,6 @@
|
||||
require_once("guiconfig.inc");
|
||||
require_once("system.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("services.inc");
|
||||
|
||||
/**
|
||||
|
||||
@ -30,7 +30,6 @@
|
||||
require_once("guiconfig.inc");
|
||||
require_once("system.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("services.inc");
|
||||
|
||||
if (!isset($config['vlans']) || !is_array($config['vlans'])) {
|
||||
|
||||
@ -32,8 +32,6 @@ require_once("guiconfig.inc");
|
||||
require_once("system.inc");
|
||||
require_once("services.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("services.inc");
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if (!empty($_POST['if']) && !empty($_POST['submit'])) {
|
||||
|
||||
@ -31,9 +31,7 @@
|
||||
require_once("guiconfig.inc");
|
||||
require_once("services.inc");
|
||||
require_once("system.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("filter.inc");
|
||||
require_once("ipsec.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("rrd.inc");
|
||||
|
||||
|
||||
@ -31,7 +31,7 @@
|
||||
|
||||
require_once("guiconfig.inc");
|
||||
require_once("filter.inc");
|
||||
require_once("ipsec.inc");
|
||||
require_once("services.inc");
|
||||
require_once("system.inc");
|
||||
require_once("interfaces.inc");
|
||||
|
||||
|
||||
@ -28,39 +28,7 @@
|
||||
*/
|
||||
|
||||
require_once('guiconfig.inc');
|
||||
require_once('openvpn.inc');
|
||||
|
||||
function openvpn_refresh_crls()
|
||||
{
|
||||
global $config;
|
||||
|
||||
openvpn_create_dirs();
|
||||
|
||||
if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) {
|
||||
foreach ($config['openvpn']['openvpn-server'] as $settings) {
|
||||
if (empty($settings) || isset($settings['disable'])) {
|
||||
continue;
|
||||
}
|
||||
// Write the settings for the keys
|
||||
switch($settings['mode']) {
|
||||
case 'p2p_tls':
|
||||
case 'server_tls':
|
||||
case 'server_tls_user':
|
||||
case 'server_user':
|
||||
if (!empty($settings['crlref'])) {
|
||||
$crl = lookup_crl($settings['crlref']);
|
||||
crl_update($crl);
|
||||
$fpath = "/var/etc/openvpn/server{$settings['vpnid']}.crl-verify";
|
||||
file_put_contents($fpath, base64_decode($crl['text']));
|
||||
@chmod($fpath, 0644);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
require_once('services.inc');
|
||||
|
||||
function cert_unrevoke($cert, & $crl) {
|
||||
global $config;
|
||||
@ -85,6 +53,7 @@ function cert_unrevoke($cert, & $crl) {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// openssl_crl_status messages from certs.inc
|
||||
global $openssl_crl_status;
|
||||
|
||||
|
||||
@ -29,40 +29,10 @@
|
||||
|
||||
require_once("guiconfig.inc");
|
||||
require_once("interfaces.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("system.inc");
|
||||
require_once("services.inc");
|
||||
require_once("rrd.inc");
|
||||
|
||||
// Resync and restart all VPNs using a gateway group.
|
||||
function openvpn_resync_gwgroup($gwgroupname = "") {
|
||||
global $config;
|
||||
|
||||
if (!empty($gwgroupname)) {
|
||||
if (isset($config['openvpn']['openvpn-server'])) {
|
||||
foreach ($config['openvpn']['openvpn-server'] as & $settings) {
|
||||
if ($gwgroupname == $settings['interface']) {
|
||||
log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . ".");
|
||||
openvpn_resync('server', $settings);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($config['openvpn']['openvpn-client'])) {
|
||||
foreach ($config['openvpn']['openvpn-client'] as & $settings) {
|
||||
if ($gwgroupname == $settings['interface']) {
|
||||
log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . ".");
|
||||
openvpn_resync('client', $settings);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these.
|
||||
} else {
|
||||
log_error("openvpn_resync_gwgroup called with null gwgroup parameter.");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (!isset($config['gateways']['gateway_group']) || !is_array($config['gateways']['gateway_group'])) {
|
||||
$a_gateway_groups = array();
|
||||
} else {
|
||||
|
||||
@ -28,7 +28,6 @@
|
||||
*/
|
||||
|
||||
require_once("guiconfig.inc");
|
||||
require_once("ipsec.inc");
|
||||
require_once("services.inc");
|
||||
require_once("interfaces.inc");
|
||||
|
||||
|
||||
@ -32,7 +32,6 @@
|
||||
require_once("guiconfig.inc");
|
||||
require_once("services.inc");
|
||||
require_once("system.inc");
|
||||
require_once("ipsec.inc");
|
||||
require_once("interfaces.inc");
|
||||
|
||||
$services = services_get();
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user