mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-20 03:16:12 +00:00
openvpn: naming and call conventions, pull more internal code into plugin
Looking at openvpn_configure_server() and openvpn_configure_client() it becomes a bit clearer why they take a config.xml subset: it's beause the write_config() ordering was flipped. We could probably now pass an ID and let the code figure out if it is a client or server...
This commit is contained in:
Franco Fichtner
parent
8ba7da8fc2
commit
aff94b55a3
@ -2486,26 +2486,9 @@ function interface_virtual_create($interface)
|
||||
interfaces_gre_configure(0, $interface);
|
||||
} elseif (substr($interface, 0, 3) == "gif") {
|
||||
interfaces_gif_configure(0, $interface);
|
||||
} elseif (substr($interface, 0, 5) == "ovpns") {
|
||||
if (isset($config['openvpn']['openvpn-server'])) {
|
||||
foreach ($config['openvpn']['openvpn-server'] as $server) {
|
||||
if ($interface == "ovpns{$server['vpnid']}") {
|
||||
log_error("OpenVPN: Resync server {$server['description']}");
|
||||
openvpn_resync('server', $server);
|
||||
}
|
||||
}
|
||||
unset($server);
|
||||
}
|
||||
} elseif (substr($interface, 0, 5) == "ovpnc") {
|
||||
if (isset($config['openvpn']['openvpn-client'])) {
|
||||
foreach ($config['openvpn']['openvpn-client'] as $client) {
|
||||
if ($interface == "ovpnc{$client['vpnid']}") {
|
||||
log_error("OpenVPN: Resync server {$client['description']}");
|
||||
openvpn_resync('client', $client);
|
||||
}
|
||||
}
|
||||
unset($client);
|
||||
}
|
||||
} elseif (substr($interface, 0, 4) == "ovpn") {
|
||||
/* XXX this looks like a plugin spot... */
|
||||
openvpn_configure_interface($interface);
|
||||
} elseif (substr($interface, 0, 4) == "lagg") {
|
||||
interfaces_lagg_configure($interface);
|
||||
} elseif (substr($interface, 0, 6) == "bridge") {
|
||||
|
||||
@ -30,6 +30,14 @@
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
function openvpn_configure()
|
||||
{
|
||||
return array(
|
||||
'interface' => array('openvpn_configure_do:2'),
|
||||
'remote' => array('openvpn_configure_do'),
|
||||
);
|
||||
}
|
||||
|
||||
function openvpn_syslog()
|
||||
{
|
||||
$logfacilities = array();
|
||||
@ -995,14 +1003,13 @@ function openvpn_delete($mode, & $settings)
|
||||
@array_map('unlink', glob("/var/etc/openvpn/{$mode_id}.*"));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* generate config (text) data for a single client specific override
|
||||
* @param array $settings csc item
|
||||
* @param array $server openvpn server item
|
||||
* @return string
|
||||
*/
|
||||
function openvpn_resync_csc_conf($settings, $server)
|
||||
function openvpn_csc_conf($settings, $server)
|
||||
{
|
||||
$conf = '';
|
||||
if (!empty($settings['block'])) {
|
||||
@ -1065,7 +1072,7 @@ function openvpn_resync_csc_conf($settings, $server)
|
||||
/**
|
||||
* resync all client specific overrides
|
||||
*/
|
||||
function openvpn_resync_csc()
|
||||
function openvpn_configure_csc()
|
||||
{
|
||||
global $config;
|
||||
$generated_cscs = array();
|
||||
@ -1087,7 +1094,7 @@ function openvpn_resync_csc()
|
||||
if (!isset($generated_cscs[$server['vpnid']])) {
|
||||
$generated_cscs[$vpnid] = array();
|
||||
}
|
||||
$conf = openvpn_resync_csc_conf($settings, $server);
|
||||
$conf = openvpn_csc_conf($settings, $server);
|
||||
$target_filename = "/var/etc/openvpn-csc/".$vpnid."/".$settings['common_name'];
|
||||
file_put_contents($target_filename, $conf);
|
||||
chown($target_filename, 'nobody');
|
||||
@ -1136,13 +1143,46 @@ function openvpn_prepare_all($verbose = false)
|
||||
}
|
||||
}
|
||||
|
||||
function openvpn_resync($mode, $settings)
|
||||
function openvpn_configure_interface($interface)
|
||||
{
|
||||
openvpn_reconfigure($mode, $settings);
|
||||
openvpn_restart($mode, $settings);
|
||||
global $config;
|
||||
|
||||
if (substr($interface, 0, 5) == 'ovpns') {
|
||||
if (isset($config['openvpn']['openvpn-server'])) {
|
||||
foreach ($config['openvpn']['openvpn-server'] as $server) {
|
||||
if ($interface == "ovpns{$server['vpnid']}") {
|
||||
log_error("OpenVPN: Resync server {$server['description']}");
|
||||
openvpn_configure_server($server);
|
||||
}
|
||||
}
|
||||
unset($server);
|
||||
}
|
||||
} elseif (substr($interface, 0, 5) == 'ovpnc') {
|
||||
if (isset($config['openvpn']['openvpn-client'])) {
|
||||
foreach ($config['openvpn']['openvpn-client'] as $client) {
|
||||
if ($interface == "ovpnc{$client['vpnid']}") {
|
||||
log_error("OpenVPN: Resync server {$client['description']}");
|
||||
openvpn_configure_client($client);
|
||||
}
|
||||
}
|
||||
unset($client);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function openvpn_resync_all($interface = null, $verbose = false)
|
||||
function openvpn_configure_client($settings)
|
||||
{
|
||||
openvpn_reconfigure('client', $settings);
|
||||
openvpn_restart('client', $settings);
|
||||
}
|
||||
|
||||
function openvpn_configure_server($settings)
|
||||
{
|
||||
openvpn_reconfigure('server', $settings);
|
||||
openvpn_restart('server', $settings);
|
||||
}
|
||||
|
||||
function openvpn_configure_do($verbose = false, $interface = '')
|
||||
{
|
||||
global $config;
|
||||
|
||||
@ -1152,12 +1192,11 @@ function openvpn_resync_all($interface = null, $verbose = false)
|
||||
return;
|
||||
}
|
||||
|
||||
if ($verbose) {
|
||||
echo 'Syncing OpenVPN settings...';
|
||||
flush();
|
||||
}
|
||||
|
||||
if (!empty($interface)) {
|
||||
$interface_real = get_real_interface($interface);
|
||||
if (substr($interface_real, 0, 4) == 'ovpn') {
|
||||
return;
|
||||
}
|
||||
log_error(sprintf(
|
||||
'Resyncing OpenVPN instances for interface %s.',
|
||||
convert_friendly_interface_to_friendly_descr($interface)
|
||||
@ -1166,17 +1205,23 @@ function openvpn_resync_all($interface = null, $verbose = false)
|
||||
log_error('Resyncing OpenVPN instances.');
|
||||
}
|
||||
|
||||
if ($verbose) {
|
||||
echo 'Syncing OpenVPN settings...';
|
||||
flush();
|
||||
}
|
||||
|
||||
foreach (array('server', 'client') as $mode) {
|
||||
if (isset($config['openvpn']["openvpn-{$mode}"])) {
|
||||
foreach ($config['openvpn']["openvpn-{$mode}"] as &$settings) {
|
||||
if (empty($interface) || $interface == $settings['interface']) {
|
||||
openvpn_resync($mode, $settings);
|
||||
openvpn_reconfigure($mode, $settings);
|
||||
openvpn_restart($mode, $settings);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
openvpn_resync_csc();
|
||||
openvpn_configure_csc();
|
||||
|
||||
if ($verbose) {
|
||||
echo "done.\n";
|
||||
@ -1532,31 +1577,36 @@ function openvpn_get_remote_access_servers()
|
||||
}
|
||||
|
||||
// Resync and restart all VPNs using a gateway group.
|
||||
function openvpn_resync_gwgroup($gwgroupname = "") {
|
||||
function openvpn_configure_gwgroup($gwgroupname = '')
|
||||
{
|
||||
global $config;
|
||||
|
||||
if (!empty($gwgroupname)) {
|
||||
if (isset($config['openvpn']['openvpn-server'])) {
|
||||
foreach ($config['openvpn']['openvpn-server'] as & $settings) {
|
||||
if ($gwgroupname == $settings['interface']) {
|
||||
log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . ".");
|
||||
openvpn_resync('server', $settings);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($config['openvpn']['openvpn-client'])) {
|
||||
foreach ($config['openvpn']['openvpn-client'] as & $settings) {
|
||||
if ($gwgroupname == $settings['interface']) {
|
||||
log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . ".");
|
||||
openvpn_resync('client', $settings);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these.
|
||||
} else {
|
||||
log_error("openvpn_resync_gwgroup called with null gwgroup parameter.");
|
||||
if (empty($gwgroupname)) {
|
||||
log_error("openvpn_configure_gwgroup() called without gwgroup parameter.");
|
||||
return;
|
||||
}
|
||||
|
||||
if (isset($config['openvpn']['openvpn-server'])) {
|
||||
foreach ($config['openvpn']['openvpn-server'] as & $settings) {
|
||||
if ($gwgroupname == $settings['interface']) {
|
||||
log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . ".");
|
||||
openvpn_reconfigure('server', $settings);
|
||||
openvpn_restart('server', $settings);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($config['openvpn']['openvpn-client'])) {
|
||||
foreach ($config['openvpn']['openvpn-client'] as & $settings) {
|
||||
if ($gwgroupname == $settings['interface']) {
|
||||
log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . ".");
|
||||
openvpn_reconfigure('client', $settings);
|
||||
openvpn_restart('client', $settings);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these.
|
||||
}
|
||||
|
||||
function openvpn_refresh_crls()
|
||||
@ -1614,7 +1664,8 @@ function openvpn_resync_if_needed($mode, $ovpn_settings, $interface)
|
||||
}
|
||||
if ($resync_needed == true) {
|
||||
log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']);
|
||||
openvpn_resync($mode, $ovpn_settings);
|
||||
openvpn_reconfigure($mode, $ovpn_settings);
|
||||
openvpn_restart($mode, $ovpn_settings);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -731,9 +731,11 @@ function step12_submitphpaction()
|
||||
|
||||
$config['openvpn']['openvpn-server'][] = $server;
|
||||
|
||||
openvpn_resync('server', $server);
|
||||
write_config();
|
||||
|
||||
openvpn_configure_server($server);
|
||||
openvpn_configure_csc();
|
||||
|
||||
header(url_safe('Location: /vpn_openvpn_server.php'));
|
||||
exit;
|
||||
}
|
||||
|
||||
@ -137,7 +137,6 @@ function filter_configure_xmlrpc()
|
||||
local_sync_accounts();
|
||||
plugins_configure('dns');
|
||||
services_dhcpd_configure();
|
||||
openvpn_resync_all();
|
||||
plugins_configure('remote');
|
||||
|
||||
return true;
|
||||
|
||||
@ -93,7 +93,7 @@ system_syslogd_start(true);
|
||||
|
||||
openvpn_prepare_all(true);
|
||||
interfaces_configure(true);
|
||||
openvpn_resync_all(null, true);
|
||||
openvpn_configure_do(true);
|
||||
|
||||
system_resolvconf_generate(true);
|
||||
filter_configure_sync(true);
|
||||
|
||||
@ -181,16 +181,11 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface
|
||||
@file_put_contents("/var/db/{$interface}_cacheip", $curwanip);
|
||||
}
|
||||
|
||||
/* start OpenVPN server & clients */
|
||||
if (substr($interface_real, 0, 4) != "ovpn") {
|
||||
openvpn_resync_all($interface);
|
||||
}
|
||||
/* reload plugins */
|
||||
plugins_configure('interface', false, array($interface));
|
||||
|
||||
/* reload graphing functions */
|
||||
enable_rrd_graphing();
|
||||
|
||||
/* reload plugins */
|
||||
plugins_configure('interface', false, array($interface));
|
||||
}
|
||||
|
||||
/* reload filter, don't try to sync to carp slave */
|
||||
|
||||
@ -121,13 +121,9 @@ if (is_ipaddrv6($oldipv6)) {
|
||||
if ($curwanipv6 == $oldipv6) {
|
||||
// Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing.
|
||||
if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) {
|
||||
/* XXX WHY IN GODS NAME IS THIS CALLED TWICE AND CUT SHORT?? */
|
||||
/* XXX migrate this: we should unify the reload */
|
||||
ipsec_configure_do(false, $inteface);
|
||||
|
||||
/* start OpenVPN server & clients */
|
||||
if (substr($interface_real, 0, 4) != "ovpn") {
|
||||
openvpn_resync_all($interface);
|
||||
}
|
||||
openvpn_configure_do(false, $interface);
|
||||
}
|
||||
return;
|
||||
} elseif (does_interface_exist($interface_real)) {
|
||||
@ -137,13 +133,8 @@ if (is_ipaddrv6($oldipv6)) {
|
||||
file_put_contents("/var/db/{$interface}_cacheipv6", $curwanipv6);
|
||||
}
|
||||
|
||||
/* start OpenVPN server & clients */
|
||||
if (substr($interface_real, 0, 4) != 'ovpn') {
|
||||
openvpn_resync_all($interface);
|
||||
}
|
||||
/* reload plugins */
|
||||
plugins_configure('interface', false, array($interface));
|
||||
|
||||
/* reload graphing functions */
|
||||
enable_rrd_graphing();
|
||||
|
||||
/* reload plugins */
|
||||
plugins_configure('interface', false, array($interface));
|
||||
|
||||
@ -72,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
foreach ($a_gateway_groups as $gateway_group) {
|
||||
$gw_subsystem = 'gwgroup.' . $gateway_group['name'];
|
||||
if (is_subsystem_dirty($gw_subsystem)) {
|
||||
openvpn_resync_gwgroup($gateway_group['name']);
|
||||
openvpn_configure_gwgroup($gateway_group['name']);
|
||||
clear_subsystem_dirty($gw_subsystem);
|
||||
}
|
||||
}
|
||||
|
||||
@ -167,8 +167,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
} else {
|
||||
$a_client[$id]['disable'] = true;
|
||||
}
|
||||
openvpn_resync('client', $a_client[$id]);
|
||||
write_config();
|
||||
openvpn_configure_client($a_client[$id]);
|
||||
}
|
||||
header(url_safe('Location: /vpn_openvpn_client.php'));
|
||||
exit;
|
||||
@ -335,9 +335,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$a_client[] = $client;
|
||||
}
|
||||
|
||||
openvpn_resync('client', $client);
|
||||
write_config();
|
||||
|
||||
openvpn_configure_client($client);
|
||||
|
||||
header(url_safe('Location: /vpn_openvpn_client.php'));
|
||||
exit;
|
||||
}
|
||||
|
||||
@ -121,7 +121,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$a_csc[$id]['disable'] = true;
|
||||
}
|
||||
write_config();
|
||||
openvpn_resync_csc();
|
||||
openvpn_configure_csc();
|
||||
}
|
||||
header(url_safe('Location: /vpn_openvpn_csc.php'));
|
||||
exit;
|
||||
@ -222,7 +222,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
@unlink('/var/etc/openvpn-csc/' . basename($old_csc_cn));
|
||||
}
|
||||
write_config();
|
||||
openvpn_resync_csc();
|
||||
openvpn_configure_csc();
|
||||
|
||||
header(url_safe('Location: /vpn_openvpn_csc.php'));
|
||||
exit;
|
||||
|
||||
@ -149,8 +149,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
} else {
|
||||
$a_server[$id]['disable'] = true;
|
||||
}
|
||||
openvpn_resync('server', $a_server[$id]);
|
||||
write_config();
|
||||
openvpn_configure_server($a_server[$id]);
|
||||
}
|
||||
header(url_safe('Location: /vpn_openvpn_server.php'));
|
||||
exit;
|
||||
@ -401,9 +401,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$a_server[] = $server;
|
||||
}
|
||||
|
||||
openvpn_resync('server', $server);
|
||||
write_config();
|
||||
openvpn_resync_csc(); // dump client specific overrides, the required set may have changed
|
||||
|
||||
openvpn_configure_server($server);
|
||||
openvpn_configure_csc();
|
||||
|
||||
header(url_safe('Location: /vpn_openvpn_server.php'));
|
||||
exit;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user