diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index a3c75a9db..d05810c64 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -1452,3 +1452,90 @@ function openvpn_get_remote_access_servers() } return $result; } + +// Resync and restart all VPNs using a gateway group. +function openvpn_resync_gwgroup($gwgroupname = "") { + global $config; + + if (!empty($gwgroupname)) { + if (isset($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as & $settings) { + if ($gwgroupname == $settings['interface']) { + log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . "."); + openvpn_resync('server', $settings); + } + } + } + + if (isset($config['openvpn']['openvpn-client'])) { + foreach ($config['openvpn']['openvpn-client'] as & $settings) { + if ($gwgroupname == $settings['interface']) { + log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . "."); + openvpn_resync('client', $settings); + } + } + } + // Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these. + } else { + log_error("openvpn_resync_gwgroup called with null gwgroup parameter."); + } +} + +function openvpn_refresh_crls() +{ + global $config; + + openvpn_create_dirs(); + + if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as $settings) { + if (empty($settings) || isset($settings['disable'])) { + continue; + } + // Write the settings for the keys + switch($settings['mode']) { + case 'p2p_tls': + case 'server_tls': + case 'server_tls_user': + case 'server_user': + if (!empty($settings['crlref'])) { + $crl = lookup_crl($settings['crlref']); + crl_update($crl); + $fpath = "/var/etc/openvpn/server{$settings['vpnid']}.crl-verify"; + file_put_contents($fpath, base64_decode($crl['text'])); + @chmod($fpath, 0644); + } + break; + } + } + } +} + +function openvpn_resync_if_needed($mode, $ovpn_settings, $interface) +{ + global $config; + + $resync_needed = true; + if (isset($ovpn_settings['disable'])) { + $resync_needed = false; + } else { + if (!empty($interface)) { + $mode_id = $mode . $ovpn_settings['vpnid']; + $fpath = "/var/etc/openvpn/{$mode_id}.interface"; + if (file_exists($fpath)) { + $current_device = file_get_contents($fpath); + $current_device = trim($current_device, " \t\n"); + $new_device = get_failover_interface($ovpn_settings['interface']); + if (isset($config['interfaces'][$interface])) { + $this_device = $config['interfaces'][$interface]['if']; + if (($current_device == $new_device) && ($current_device != $this_device)) + $resync_needed = false; + } + } + } + } + if ($resync_needed == true) { + log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']); + openvpn_resync($mode, $ovpn_settings); + } +} diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index 64f6411bd..8fe2a9012 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -37,9 +37,16 @@ * from system.inc, but its movable parts belong to * system.inc, while all services belong to their own * files. Maybe eventually this will change... + * + * ... it does, but now we also chain IPsec and OpenVPN + * through this in order to remove the widespread usage + * of includes and switch them for a cleaner "services.inc" + * include. */ require_once('dyndns.class'); require_once('plugins.inc.d/dnsmasq.inc'); +require_once('ipsec.inc'); +require_once('openvpn.inc'); require_once('plugins.inc.d/unbound.inc'); function generate_ipv6_from_mac($mac) diff --git a/src/etc/inc/xmlrpc/legacy.inc b/src/etc/inc/xmlrpc/legacy.inc index e3c066eb5..f7423a8f6 100644 --- a/src/etc/inc/xmlrpc/legacy.inc +++ b/src/etc/inc/xmlrpc/legacy.inc @@ -127,7 +127,6 @@ function filter_configure_xmlrpc() require_once("system.inc"); require_once("util.inc"); require_once("interfaces.inc"); - require_once("openvpn.inc"); require_once("services.inc"); require_once("rrd.inc"); @@ -156,8 +155,8 @@ function restore_config_section_xmlrpc($new_config) global $config; require_once("interfaces.inc"); + require_once("services.inc"); require_once("filter.inc"); - require_once("ipsec.inc"); // save old config $old_config = $config; diff --git a/src/etc/inc/xmlrpc/service.inc b/src/etc/inc/xmlrpc/service.inc index d6188cd57..2517c0e1a 100644 --- a/src/etc/inc/xmlrpc/service.inc +++ b/src/etc/inc/xmlrpc/service.inc @@ -31,9 +31,7 @@ require_once("services.inc"); require_once("system.inc"); require_once('util.inc'); -require_once("openvpn.inc"); require_once("filter.inc"); -require_once("ipsec.inc"); require_once("interfaces.inc"); require_once("rrd.inc"); diff --git a/src/etc/rc.bootup b/src/etc/rc.bootup index 401128d52..0a91e4a0c 100755 --- a/src/etc/rc.bootup +++ b/src/etc/rc.bootup @@ -45,8 +45,6 @@ $inc_files = array( 'services.inc', 'system.inc', 'filter.inc', - 'ipsec.inc', - 'openvpn.inc', 'rrd.inc', ); diff --git a/src/etc/rc.filter_configure_sync b/src/etc/rc.filter_configure_sync index f0c2b0924..a75478e6f 100755 --- a/src/etc/rc.filter_configure_sync +++ b/src/etc/rc.filter_configure_sync @@ -30,7 +30,6 @@ require_once("config.inc"); require_once("util.inc"); require_once("filter.inc"); -require_once("ipsec.inc"); require_once("system.inc"); require_once("interfaces.inc"); require_once("services.inc"); diff --git a/src/etc/rc.initial.setlanip b/src/etc/rc.initial.setlanip index 37f903bee..e1e122d38 100755 --- a/src/etc/rc.initial.setlanip +++ b/src/etc/rc.initial.setlanip @@ -30,9 +30,7 @@ /* parse the configuration and include all functions used below */ require_once("config.inc"); require_once("interfaces.inc"); -require_once("openvpn.inc"); require_once("util.inc"); -require_once("ipsec.inc"); require_once("filter.inc"); require_once("rrd.inc"); require_once("util.inc"); diff --git a/src/etc/rc.initial.setports b/src/etc/rc.initial.setports index e1b8b4f6b..d063cf023 100755 --- a/src/etc/rc.initial.setports +++ b/src/etc/rc.initial.setports @@ -31,12 +31,10 @@ require_once("config.inc"); require_once("config.console.inc"); require_once("filter.inc"); require_once("util.inc"); -require_once("ipsec.inc"); require_once("rrd.inc"); require_once("system.inc"); require_once("services.inc"); require_once("interfaces.inc"); -require_once("openvpn.inc"); system_console_mute(); diff --git a/src/etc/rc.interfaces_wan_configure b/src/etc/rc.interfaces_wan_configure index 12a17e72d..a74e47330 100755 --- a/src/etc/rc.interfaces_wan_configure +++ b/src/etc/rc.interfaces_wan_configure @@ -32,8 +32,6 @@ require_once('auth.inc'); require_once("util.inc"); require_once("filter.inc"); require_once("system.inc"); -require_once('ipsec.inc'); -require_once('openvpn.inc'); require_once("interfaces.inc"); require_once("services.inc"); diff --git a/src/etc/rc.linkup b/src/etc/rc.linkup index 8ccd813b3..fdea37e9c 100755 --- a/src/etc/rc.linkup +++ b/src/etc/rc.linkup @@ -31,8 +31,6 @@ require_once("config.inc"); require_once('auth.inc'); require_once("filter.inc"); require_once("interfaces.inc"); -require_once('ipsec.inc'); -require_once('openvpn.inc'); require_once("util.inc"); require_once("system.inc"); require_once("services.inc"); diff --git a/src/etc/rc.newwanip b/src/etc/rc.newwanip index 78b965ee0..1f92034f4 100755 --- a/src/etc/rc.newwanip +++ b/src/etc/rc.newwanip @@ -31,8 +31,6 @@ require_once("config.inc"); require_once('auth.inc'); require_once("filter.inc"); -require_once('ipsec.inc'); -require_once("openvpn.inc"); require_once("rrd.inc"); require_once("util.inc"); require_once("system.inc"); diff --git a/src/etc/rc.newwanipv6 b/src/etc/rc.newwanipv6 index cd78dc8f9..e2a644df4 100755 --- a/src/etc/rc.newwanipv6 +++ b/src/etc/rc.newwanipv6 @@ -32,8 +32,6 @@ require_once("config.inc"); require_once("interfaces.inc"); require_once("filter.inc"); -require_once('ipsec.inc'); -require_once("openvpn.inc"); require_once("services.inc"); require_once("rrd.inc"); require_once("util.inc"); diff --git a/src/etc/rc.openvpn b/src/etc/rc.openvpn index 060367c32..c930ba0f7 100755 --- a/src/etc/rc.openvpn +++ b/src/etc/rc.openvpn @@ -61,35 +61,6 @@ function gateway_is_gwgroup_member($name) return $members; } -function openvpn_resync_if_needed($mode, $ovpn_settings, $interface) -{ - global $config; - - $resync_needed = true; - if (isset($ovpn_settings['disable'])) { - $resync_needed = false; - } else { - if (!empty($interface)) { - $mode_id = $mode . $ovpn_settings['vpnid']; - $fpath = "/var/etc/openvpn/{$mode_id}.interface"; - if (file_exists($fpath)) { - $current_device = file_get_contents($fpath); - $current_device = trim($current_device, " \t\n"); - $new_device = get_failover_interface($ovpn_settings['interface']); - if (isset($config['interfaces'][$interface])) { - $this_device = $config['interfaces'][$interface]['if']; - if (($current_device == $new_device) && ($current_device != $this_device)) - $resync_needed = false; - } - } - } - } - if ($resync_needed == true) { - log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']); - openvpn_resync($mode, $ovpn_settings); - } -} - function try_lock($lock, $timeout = 5) { if (!$lock) { diff --git a/src/etc/rc.reload_all b/src/etc/rc.reload_all index bb721c71e..641f4a181 100755 --- a/src/etc/rc.reload_all +++ b/src/etc/rc.reload_all @@ -29,10 +29,8 @@ require_once("config.inc"); require_once("interfaces.inc"); -require_once("openvpn.inc"); require_once("filter.inc"); require_once("auth.inc"); -require_once('ipsec.inc'); require_once('rrd.inc'); require_once("util.inc"); require_once("system.inc"); diff --git a/src/etc/rc.reload_interfaces b/src/etc/rc.reload_interfaces index 49c3ca160..c3d7f43ef 100755 --- a/src/etc/rc.reload_interfaces +++ b/src/etc/rc.reload_interfaces @@ -30,8 +30,6 @@ require_once("config.inc"); require_once("filter.inc"); require_once("util.inc"); -require_once("openvpn.inc"); -require_once('ipsec.inc'); require_once("system.inc"); require_once("interfaces.inc"); require_once("services.inc"); diff --git a/src/www/interfaces.php b/src/www/interfaces.php index c99446af6..8bbe1f0c4 100644 --- a/src/www/interfaces.php +++ b/src/www/interfaces.php @@ -36,8 +36,6 @@ require_once("filter.inc"); require_once("rrd.inc"); require_once("system.inc"); require_once("interfaces.inc"); -require_once("ipsec.inc"); -require_once("openvpn.inc"); require_once("services.inc"); /*************************************************************************************************************** diff --git a/src/www/interfaces_assign.php b/src/www/interfaces_assign.php index 510afa5f4..6aa316860 100644 --- a/src/www/interfaces_assign.php +++ b/src/www/interfaces_assign.php @@ -33,8 +33,6 @@ require_once("filter.inc"); require_once("rrd.inc"); require_once("system.inc"); require_once("interfaces.inc"); -require_once("ipsec.inc"); -require_once("openvpn.inc"); require_once("services.inc"); function list_interfaces() { diff --git a/src/www/interfaces_bridge_edit.php b/src/www/interfaces_bridge_edit.php index e08ddf42a..07d075236 100644 --- a/src/www/interfaces_bridge_edit.php +++ b/src/www/interfaces_bridge_edit.php @@ -30,7 +30,6 @@ require_once("guiconfig.inc"); require_once("system.inc"); require_once("interfaces.inc"); -require_once("openvpn.inc"); require_once("services.inc"); if (!isset($config['bridges']) || !is_array($config['bridges'])) { diff --git a/src/www/interfaces_gif_edit.php b/src/www/interfaces_gif_edit.php index d9e85d3a8..59d68b341 100644 --- a/src/www/interfaces_gif_edit.php +++ b/src/www/interfaces_gif_edit.php @@ -30,7 +30,6 @@ require_once("guiconfig.inc"); require_once("system.inc"); require_once("interfaces.inc"); -require_once("openvpn.inc"); require_once("services.inc"); if (!isset($config['gifs']) || !is_array($config['gifs'])) { diff --git a/src/www/interfaces_gre_edit.php b/src/www/interfaces_gre_edit.php index bab452cd2..92a27a950 100644 --- a/src/www/interfaces_gre_edit.php +++ b/src/www/interfaces_gre_edit.php @@ -30,7 +30,6 @@ require_once("guiconfig.inc"); require_once("system.inc"); require_once("interfaces.inc"); -require_once("openvpn.inc"); require_once("services.inc"); if (!isset($config['gres']) || !is_array($config['gres'])) { diff --git a/src/www/interfaces_lagg_edit.php b/src/www/interfaces_lagg_edit.php index d48aaab6f..184328511 100644 --- a/src/www/interfaces_lagg_edit.php +++ b/src/www/interfaces_lagg_edit.php @@ -30,7 +30,6 @@ require_once("guiconfig.inc"); require_once("system.inc"); require_once("interfaces.inc"); -require_once("openvpn.inc"); require_once("services.inc"); /** diff --git a/src/www/interfaces_vlan_edit.php b/src/www/interfaces_vlan_edit.php index 7905b45a9..a73052df9 100644 --- a/src/www/interfaces_vlan_edit.php +++ b/src/www/interfaces_vlan_edit.php @@ -30,7 +30,6 @@ require_once("guiconfig.inc"); require_once("system.inc"); require_once("interfaces.inc"); -require_once("openvpn.inc"); require_once("services.inc"); if (!isset($config['vlans']) || !is_array($config['vlans'])) { diff --git a/src/www/status_interfaces.php b/src/www/status_interfaces.php index 490e65a25..efc6dda0a 100644 --- a/src/www/status_interfaces.php +++ b/src/www/status_interfaces.php @@ -32,8 +32,6 @@ require_once("guiconfig.inc"); require_once("system.inc"); require_once("services.inc"); require_once("interfaces.inc"); -require_once("openvpn.inc"); -require_once("services.inc"); if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (!empty($_POST['if']) && !empty($_POST['submit'])) { diff --git a/src/www/status_services.php b/src/www/status_services.php index 2201ba3df..7cc1a41ba 100644 --- a/src/www/status_services.php +++ b/src/www/status_services.php @@ -31,9 +31,7 @@ require_once("guiconfig.inc"); require_once("services.inc"); require_once("system.inc"); -require_once("openvpn.inc"); require_once("filter.inc"); -require_once("ipsec.inc"); require_once("interfaces.inc"); require_once("rrd.inc"); diff --git a/src/www/system_advanced_misc.php b/src/www/system_advanced_misc.php index cbc14cd1f..cef70a7a5 100644 --- a/src/www/system_advanced_misc.php +++ b/src/www/system_advanced_misc.php @@ -31,7 +31,7 @@ require_once("guiconfig.inc"); require_once("filter.inc"); -require_once("ipsec.inc"); +require_once("services.inc"); require_once("system.inc"); require_once("interfaces.inc"); diff --git a/src/www/system_crlmanager.php b/src/www/system_crlmanager.php index b1c5f1552..33869ca17 100644 --- a/src/www/system_crlmanager.php +++ b/src/www/system_crlmanager.php @@ -28,39 +28,7 @@ */ require_once('guiconfig.inc'); -require_once('openvpn.inc'); - -function openvpn_refresh_crls() -{ - global $config; - - openvpn_create_dirs(); - - if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) { - foreach ($config['openvpn']['openvpn-server'] as $settings) { - if (empty($settings) || isset($settings['disable'])) { - continue; - } - // Write the settings for the keys - switch($settings['mode']) { - case 'p2p_tls': - case 'server_tls': - case 'server_tls_user': - case 'server_user': - if (!empty($settings['crlref'])) { - $crl = lookup_crl($settings['crlref']); - crl_update($crl); - $fpath = "/var/etc/openvpn/server{$settings['vpnid']}.crl-verify"; - file_put_contents($fpath, base64_decode($crl['text'])); - @chmod($fpath, 0644); - } - break; - } - } - } -} - - +require_once('services.inc'); function cert_unrevoke($cert, & $crl) { global $config; @@ -85,6 +53,7 @@ function cert_unrevoke($cert, & $crl) { } return false; } + // openssl_crl_status messages from certs.inc global $openssl_crl_status; diff --git a/src/www/system_gateway_groups.php b/src/www/system_gateway_groups.php index 3f61c3d63..b15ff4f53 100644 --- a/src/www/system_gateway_groups.php +++ b/src/www/system_gateway_groups.php @@ -29,40 +29,10 @@ require_once("guiconfig.inc"); require_once("interfaces.inc"); -require_once("openvpn.inc"); require_once("system.inc"); require_once("services.inc"); require_once("rrd.inc"); -// Resync and restart all VPNs using a gateway group. -function openvpn_resync_gwgroup($gwgroupname = "") { - global $config; - - if (!empty($gwgroupname)) { - if (isset($config['openvpn']['openvpn-server'])) { - foreach ($config['openvpn']['openvpn-server'] as & $settings) { - if ($gwgroupname == $settings['interface']) { - log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . "."); - openvpn_resync('server', $settings); - } - } - } - - if (isset($config['openvpn']['openvpn-client'])) { - foreach ($config['openvpn']['openvpn-client'] as & $settings) { - if ($gwgroupname == $settings['interface']) { - log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . "."); - openvpn_resync('client', $settings); - } - } - } - // Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these. - } else { - log_error("openvpn_resync_gwgroup called with null gwgroup parameter."); - } -} - - if (!isset($config['gateways']['gateway_group']) || !is_array($config['gateways']['gateway_group'])) { $a_gateway_groups = array(); } else { diff --git a/src/www/system_gateway_groups_edit.php b/src/www/system_gateway_groups_edit.php index 55bc02285..0cec53bfb 100644 --- a/src/www/system_gateway_groups_edit.php +++ b/src/www/system_gateway_groups_edit.php @@ -28,7 +28,6 @@ */ require_once("guiconfig.inc"); -require_once("ipsec.inc"); require_once("services.inc"); require_once("interfaces.inc"); diff --git a/src/www/widgets/widgets/services_status.widget.php b/src/www/widgets/widgets/services_status.widget.php index f7226438f..72d4cbade 100644 --- a/src/www/widgets/widgets/services_status.widget.php +++ b/src/www/widgets/widgets/services_status.widget.php @@ -32,7 +32,6 @@ require_once("guiconfig.inc"); require_once("services.inc"); require_once("system.inc"); -require_once("ipsec.inc"); require_once("interfaces.inc"); $services = services_get();