From e91951537a8a24931a1dc7bcdb224b0d7a3f29c1 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Sat, 11 Mar 2017 19:24:34 +0100 Subject: [PATCH] openvpn: merge into plugin --- plist | 9 +- src/etc/inc/openvpn_wizard.inc | 739 ------------------ src/etc/inc/plugins.inc.d/if_openvpn.inc | 106 --- src/etc/inc/{ => plugins.inc.d}/openvpn.inc | 171 +++- .../openvpn/auth-user.php} | 0 .../openvpn/tls-verify.php} | 0 src/etc/inc/services.inc | 4 +- src/etc/rc.carpbackup | 12 +- src/etc/rc.carpmaster | 20 +- src/etc/rc.openvpn | 192 ++--- src/sbin/ovpn_auth_verify | 4 +- src/wizard/openvpn.xml | 2 +- src/www/status_openvpn.php | 2 +- src/www/vpn_openvpn_client.php | 2 +- src/www/vpn_openvpn_csc.php | 2 +- src/www/vpn_openvpn_export.php | 2 +- src/www/vpn_openvpn_server.php | 2 +- src/www/widgets/widgets/openvpn.widget.php | 5 +- 18 files changed, 261 insertions(+), 1013 deletions(-) delete mode 100644 src/etc/inc/openvpn_wizard.inc delete mode 100644 src/etc/inc/plugins.inc.d/if_openvpn.inc rename src/etc/inc/{ => plugins.inc.d}/openvpn.inc (91%) rename src/etc/inc/{openvpn.auth-user.php => plugins.inc.d/openvpn/auth-user.php} (100%) rename src/etc/inc/{openvpn.tls-verify.php => plugins.inc.d/openvpn/tls-verify.php} (100%) diff --git a/plist b/plist index f66db3c3c..c2a84b6a3 100644 --- a/plist +++ b/plist @@ -34,20 +34,19 @@ /usr/local/etc/inc/notices.plain_sasl_client.inc /usr/local/etc/inc/notices.sasl.inc /usr/local/etc/inc/notices.smtp.inc -/usr/local/etc/inc/openvpn.auth-user.php -/usr/local/etc/inc/openvpn.inc -/usr/local/etc/inc/openvpn.tls-verify.php -/usr/local/etc/inc/openvpn_wizard.inc /usr/local/etc/inc/plugins.inc /usr/local/etc/inc/plugins.inc.d/dnsmasq.inc /usr/local/etc/inc/plugins.inc.d/if_group.inc /usr/local/etc/inc/plugins.inc.d/if_legacy_opt.inc -/usr/local/etc/inc/plugins.inc.d/if_openvpn.inc /usr/local/etc/inc/plugins.inc.d/ipfw.inc /usr/local/etc/inc/plugins.inc.d/ipsec.inc /usr/local/etc/inc/plugins.inc.d/ipsec/auth-user.php /usr/local/etc/inc/plugins.inc.d/netflow.inc /usr/local/etc/inc/plugins.inc.d/ntpd.inc +/usr/local/etc/inc/plugins.inc.d/openvpn.inc +/usr/local/etc/inc/plugins.inc.d/openvpn/auth-user.php +/usr/local/etc/inc/plugins.inc.d/openvpn/tls-verify.php +/usr/local/etc/inc/plugins.inc.d/openvpn/wizard.inc /usr/local/etc/inc/plugins.inc.d/pf.inc /usr/local/etc/inc/plugins.inc.d/squid.inc /usr/local/etc/inc/plugins.inc.d/squid/auth-user.php diff --git a/src/etc/inc/openvpn_wizard.inc b/src/etc/inc/openvpn_wizard.inc deleted file mode 100644 index 81b5bed8b..000000000 --- a/src/etc/inc/openvpn_wizard.inc +++ /dev/null @@ -1,739 +0,0 @@ - $auth) { - if ($auth['type'] != 'ldap') { - continue; - } - $found = true; - $opts = array(); - $opts['name'] = $auth['name']; - $opts['value'] = $key; - $fields[1]['options']['option'][] = $opts; - } - if ($found == false) { - $stepid = 2; - } -} - -function step2_submitphpaction() -{ - global $stepid; - - if (isset($_POST['next'])) { - $_POST['uselist'] = ""; - $stepid +=3; - } -} - -function step3_submitphpaction() { - global $stepid, $savemsg, $config; - - /* Default LDAP port is 389 for TCP and 636 for SSL */ - if (empty($_POST['port'])) { - if ($_POST['transport'] == "tcp") { - $config['ovpnserver']['step2']['port'] = 389; - } elseif ($_POST['transport'] == "ssl") { - $config['ovpnserver']['step2']['port'] = 636; - } - } elseif (!is_port($_POST['port'])) { - $stepid--; - $savemsg = "Please enter a valid port number."; - } - - if (empty($_POST['name']) || empty($_POST['ip']) ||empty($_POST['transport']) || - empty($_POST['scope']) || empty($_POST['basedn']) || empty($_POST['authscope']) || empty($_POST['nameattr'])) { - $stepid--; - $savemsg = "Please enter all information for authentication server."; - } elseif (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) { - $stepid--; - $savemsg = "Please choose a different name because an authentication server with this name already exists."; - } elseif (!is_fqdn($_POST['ip']) && !is_ipaddr($_POST['ip'])) { - $stepid--; - $savemsg = "Please enter a valid IP address or hostname for the authentication server."; - } else { - $config['ovpnserver']['step2']['uselist'] = "on"; - $_POST['uselist'] = "on"; - $stepid += 2; - } -} - -function step4_stepbeforeformdisplay() { - global $pkg, $stepid; - - $fields =& $pkg['step'][3]['fields']['field']; - - $found = false; - $authlist = auth_get_authserver_list(); - $fields[1]['options']['option'] = array(); - foreach ($authlist as $key => $auth) { - if ($auth['type'] != 'radius') { - continue; - } - $found = true; - $opts = array(); - $opts['name'] = $auth['name']; - $opts['value'] = $key; - $fields[1]['options']['option'][] = $opts; - } - if ($found == false) { - $stepid = 4; - } -} - -function step4_submitphpaction() -{ - global $stepid; - - if (isset($_POST['next'])) { - $_POST['uselist'] = ""; - $stepid++; - } -} - -function step5_submitphpaction() -{ - global $stepid, $savemsg, $config; - - /* Default RADIUS Auth port = 1812 */ - if (empty($_POST['port'])) { - $config['ovpnserver']['step2']['port'] = 1812; - } elseif (!is_port($_POST['port'])) { - $stepid--; - $savemsg = "Please enter a valid port number."; - } - - if (empty($_POST['name']) || empty($_POST['ip']) || empty($_POST['secret'])) { - $stepid--; - $savemsg = "Please enter all information for authentication server."; - } elseif (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) { - $stepid--; - $savemsg = "Please choose a different name because an authentication server with this name already exists."; - } elseif (!is_fqdn($_POST['ip']) && !is_ipaddr($_POST['ip'])) { - $stepid--; - $savemsg = "Please enter a valid IP address or hostname for the authentication server."; - } else { - $config['ovpnserver']['step2']['uselist'] = "on"; - $_POST['uselist'] = "on"; - } -} - -function step6_stepbeforeformdisplay() -{ - global $stepid, $config; - - if (count($config['ca']) < 1) { - $stepid++; - } -} - -function step6_submitphpaction() -{ - global $stepid, $config; - - if (isset($_POST['next'])) { - $_POST['uselist'] = ""; - unset($config['ovpnserver']['step6']['uselist']); - $stepid++; - } else { - $config['ovpnserver']['step6']['uselist'] = "on"; - $_POST['uselist'] = "on"; - } -} - -function step7_submitphpaction() { - global $input_errors, $stepid, $savemsg, $_POST, $config; - - $canames = array(); - $cacns = array(); - if (is_array($config['ca'])) { - foreach($config['ca'] as $ca) { - $canames[] = $ca['descr']; - $cainfo = cert_get_subject_hash($ca['crt']); - $cacns[] = $cainfo["CN"]; - } - } - - if (empty($_POST['descr']) || empty($_POST['keylength']) || empty($_POST['lifetime']) || - empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) || - empty($_POST['organization']) || empty($_POST['email'])) { - $stepid--; - $savemsg = "Please enter all information for the new Certificate Authority."; - } elseif (has_special_chars($_POST['country']) || has_special_chars($_POST['state']) || - has_special_chars($_POST['city']) || has_special_chars($_POST['organization'])) { - $stepid--; - $input_errors[] = gettext("Please do not use special characters in Certificate field names."); - } elseif (in_array($_POST['descr'], $canames) || in_array($_POST['descr'], $cacns)) { - $stepid--; - $savemsg = "Please enter a different name for the Certicicate Authority. A Certificate Authority with that name already exists."; - } elseif (strlen($_POST['country']) != 2) { - $stepid--; - $savemsg = "Please enter only a two-letter ISO country code"; - } else { - $config['ovpnserver']['step6']['uselist'] = "on"; - $_POST['uselist'] = "on"; - } -} - -function step8_stepbeforeformdisplay() -{ - global $stepid, $config; - - if (count($config['cert']) < 1 || (count($config['cert']) == 1 && stristr($config['cert'][0]['descr'], "webconf"))) { - $stepid++; - } -} - -function step8_submitphpaction() { - global $stepid, $config, $_POST; - - if (isset($_POST['next'])) { - $_POST['uselist'] = ""; - unset($config['ovpnserver']['step9']['uselist']); - $stepid++; - } else { - $config['ovpnserver']['step6']['uselist'] = "on"; - $_POST['uselist'] = "on"; - } -} - -function step9_stepbeforeformdisplay() { - global $config, $pkg, $stepid; - - $pconfig = $config['ovpnserver']; - - if (isset($pconfig['step6']['uselist'])) { - $country = $pconfig['step6']['country']; - $state = $pconfig['step6']['state']; - $city = $pconfig['step6']['city']; - $org = $pconfig['step6']['organization']; - $email = $pconfig['step6']['email']; - } else { - $ca = lookup_ca($pconfig['step6']['authcertca']); - $cavl = cert_get_subject_array($ca['crt']); - $country = $cavl[0]['v']; - $state = $cavl[1]['v']; - $city = $cavl[2]['v']; - $org = $cavl[3]['v']; - $email = $cavl[4]['v']; - } - $fields =& $pkg['step'][$stepid]['fields']['field']; - - foreach ($fields as $idx => $field) { - switch ($field['name']) { - case 'country': - $fields[$idx]['value'] = $country; - break; - case 'state': - $fields[$idx]['value'] = $state; - break; - case 'city': - $fields[$idx]['value'] = $city; - break; - case 'organization': - $fields[$idx]['value'] = $org; - break; - case 'email': - $fields[$idx]['value'] = $email; - break; - } - } -} - -function step9_submitphpaction() -{ - global $input_errors, $stepid, $savemsg, $_POST, $config; - - $certnames = array(); - $certcns = array(); - if (is_array($config['cert'])) { - foreach($config['cert'] as $cert) { - $certnames[] = $cert['descr']; - $certinfo = cert_get_subject_hash($cert['crt']); - $certcns[] = $certinfo["CN"]; - } - } - - if (empty($_POST['descr']) || empty($_POST['keylength']) || empty($_POST['lifetime']) || - empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) || - empty($_POST['organization']) || empty($_POST['email'])) { - $stepid--; - $savemsg = "Please enter all information for the new certificate."; - } elseif (has_special_chars($_POST['country']) || has_special_chars($_POST['state']) || - has_special_chars($_POST['city']) || has_special_chars($_POST['organization'])) { - $stepid--; - $input_errors[] = gettext("Please do not use special characters in Certificate field names."); - } elseif (in_array($_POST['descr'], $certnames) || in_array($_POST['descr'], $certcns)) { - $stepid--; - $savemsg = "Please enter a different name for the Certicicate. A Certificate with that name/common name already exists."; - } elseif (strlen($_POST['country']) != 2) { - $stepid--; - $savemsg = "Please enter only a two-letter ISO country code"; - } else { - $config['ovpnserver']['step9']['uselist'] = "on"; - $_POST['uselist'] = "on"; - } -} - -function step10_stepbeforeformdisplay() -{ - global $pkg, $stepid, $netbios_nodetypes; - - foreach ($pkg['step'][$stepid]['fields']['field'] as $idx => $field) { - if ($field['name'] == "crypto") { - $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array(); - $cipherlist = openvpn_get_cipherlist(); - foreach ($cipherlist as $name => $desc) { - $opt = array(); - $opt['name'] = $desc; - $opt['value'] = $name; - $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt; - } - } elseif ($field['name'] == "digest") { - $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array(); - $digestlist = openvpn_get_digestlist(); - foreach ($digestlist as $name => $desc) { - $opt = array(); - $opt['name'] = $desc; - $opt['value'] = $name; - $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt; - } - } elseif ($field['name'] == "compression") { - global $openvpn_compression_modes; - $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array(); - foreach ($openvpn_compression_modes as $name => $desc) { - $opt = array(); - $opt['name'] = $desc; - $opt['value'] = $name; - $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt; - } - } elseif ($field['name'] == "engine") { - $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array(); - $engines = openvpn_get_engines(); - foreach ($engines as $name => $desc) { - $opt = array(); - $opt['name'] = $desc; - $opt['value'] = $name; - $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt; - } - } elseif ($field['name'] == "nbttype") { - $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array(); - foreach ($netbios_nodetypes as $type => $name) { - $opt = array(); - $opt['name'] = $name; - $opt['value'] = $type; - $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt; - } - } elseif ($field['name'] == "localport") { - $pkg['step'][$stepid]['fields']['field'][$idx]['value'] = openvpn_port_next('UDP'); - } - } -} - -function step10_submitphpaction() -{ - global $savemsg, $stepid; - - /* Default OpenVPN port to next available port if left empty. */ - if (empty($_POST['localport'])) { - $pconfig["step10"]["localport"] = openvpn_port_next('UDP'); - } - - /* input validation */ - if ($result = openvpn_validate_port($_POST['localport'], 'Local port')) { - $input_errors[] = $result; - } - - if ($result = openvpn_validate_cidr($_POST['tunnelnet'], 'Tunnel Network', false, "ipv4")) { - $input_errors[] = $result; - } - - if ($result = openvpn_validate_cidr($_POST['localnet'], 'Local Network', true, "ipv4")) { - $input_errors[] = $result; - } - - $portused = openvpn_port_used($_POST['protocol'], $_POST['interface'], $_POST['localport']); - if ($portused != 0) { - $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value."); - } - - if (!isset($_POST['generatetlskey']) && isset($_POST['tlsauthentication'])) { - if (!strstr($_POST['tlssharedkey'], "-----BEGIN OpenVPN Static key V1-----") || - !strstr($_POST['tlssharedkey'], "-----END OpenVPN Static key V1-----")) { - $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid."); - } - } - - if (!empty($_POST['dnsserver1']) && !is_ipaddr(trim($_POST['dnsserver1']))) { - $input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address"); - } - if (!empty($_POST['dnsserver2']) && !is_ipaddr(trim($_POST['dnsserver2']))) { - $input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address"); - } - if (!empty($_POST['dnsserver3']) && !is_ipaddr(trim($_POST['dnsserver3']))) { - $input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address"); - } - if (!empty($_POST['dnsserver4']) && !is_ipaddr(trim($_POST['dnsserver4']))) { - $input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address"); - } - - if (!empty($_POST['ntpserver1']) && !is_ipaddr(trim($_POST['ntpserver1']))) { - $input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address"); - } - if (!empty($_POST['ntpserver2']) && !is_ipaddr(trim($_POST['ntpserver2']))) { - $input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address"); - } - - if (!empty($_POST['winsserver1']) && !is_ipaddr(trim($_POST['winsserver1']))) { - $input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address"); - } - if (!empty($_POST['winsserver2']) && !is_ipaddr(trim($_POST['winsserver2']))) { - $input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address"); - } - - if ($_POST['concurrentcon'] && !is_numeric($_POST['concurrentcon'])) { - $input_errors[] = gettext("The field 'Concurrent connections' must be numeric."); - } - - if (empty($_POST['tunnelnet'])) { - $input_errors[] = gettext("You must specify a 'Tunnel network'."); - } - - if (count($input_errors) > 0) { - $savemsg = $input_errors[0]; - $stepid = $stepid - 1; - } -} - -function step12_submitphpaction() -{ - global $config; - - $pconfig = $config['ovpnserver']; - - if (!is_array($config['ovpnserver'])) { - $message = "No configuration found please retry again."; - header(url_safe('Location: /wizard.php?xml=openvpn&stepid=1&message=%s'. array($message))); - exit; - } - - if ($pconfig['step1']['type'] == "local") { - $auth = array(); - $auth['name'] = "Local Database"; - $auth['type'] = "local"; - } elseif (isset($pconfig['step2']['uselist'])) { - $auth = array(); - $auth['type'] = $pconfig['step1']['type']; - $auth['refid'] = uniqid(); - $auth['name'] = $pconfig['step2']['authtype']; - - if ($auth['type'] == "ldap") { - $auth['host'] = $pconfig['step2']['ip']; - $auth['ldap_port'] = $pconfig['step2']['port']; - if ($pconfig['step1']['transport'] == "tcp") { - $auth['ldap_urltype'] = 'TCP - Standard'; - } else { - $auth['ldap_urltype'] = 'SSL - Encrypted'; - } - $auth['ldap_protver'] = 3; - $auth['ldap_scope'] = $pconfig['step2']['scope']; - $auth['ldap_basedn'] = $pconfig['step2']['basedn']; - $auth['ldap_authcn'] = $pconfig['step2']['authscope']; - $auth['ldap_binddn'] = $pconfig['step2']['userdn']; - $auth['ldap_bindpw'] = $pconfig['step2']['passdn']; - $auth['ldap_attr_user'] = $pconfig['step1']['nameattr']; - $auth['ldap_attr_member'] = $pconfig['step1']['memberattr']; - $auth['ldap_attr_group'] = $pconfig['step1']['groupattr']; - } elseif ($auth['type'] == "radius") { - $auth['host'] = $pconfig['step2']['ip']; - $auth['radius_auth_port'] = $pconfig['step2']['port']; - $auth['radius_secret'] = $pconfig['step2']['password']; - $auth['radius_srvcs'] = "auth"; - } - if (!is_array($config['system']['authserver'])) { - $config['system']['authserver'] = array(); - } - - $config['system']['authserver'][] = $auth; - } elseif (!isset($pconfig['step2']['uselist']) && empty($pconfig['step2']['authserv'])) { - $message = "Please choose an authentication server."; - header(url_safe('Location: /wizard.php?xml=openvpn&stepid=1&message=%s', array($message))); - exit; - } elseif (!($auth = auth_get_authserver($pconfig['step2']['authserv']))) { - $message = "No valid authentication server has been specified."; - header(url_safe('Location: /wizard.php?xml=openvpn&stepid=1&message=%s', array($message))); - exit; - } - - if (isset($pconfig['step6']['uselist']) && !empty($pconfig['step6']['certca'])) { - $ca = array(); - $ca['refid'] = uniqid(); - $ca['descr'] = $pconfig['step6']['certca']; - $dn = array( - 'countryName' => $pconfig['step6']['country'], - 'stateOrProvinceName' => $pconfig['step6']['state'], - 'localityName' => $pconfig['step6']['city'], - 'organizationName' => $pconfig['step6']['organization'], - 'emailAddress' => $pconfig['step6']['email'], - 'commonName' => $pconfig['step6']['certca']); - - ca_create($ca, $pconfig['step6']['keylength'], $pconfig['step6']['lifetime'], $dn, "sha256"); - if (!is_array($config['ca'])) { - $config['ca'] = array(); - } - - $config['ca'][] = $ca; - } elseif (!isset($pconfig['step6']['uselist']) && empty($pconfig['step6']['authcertca'])) { - $message = "Please choose a Certificate Authority."; - header(url_safe('Location: /wizard.php?xml=openvpn&stepid=5&message=%s', array($message))); - exit; - } elseif (!($ca = lookup_ca($pconfig['step6']['authcertca']))) { - $message = "Not a valid Certificate Authority specified."; - header(url_safe('Location: /wizard.php?xml=openvpn&stepid=5&message=%s', array($message))); - exit; - } - - if (isset($pconfig['step9']['uselist'])) { - $cert = array(); - $cert['refid'] = uniqid(); - $cert['descr'] = $pconfig['step9']['certname']; - $dn = array( - 'countryName' => $pconfig['step9']['country'], - 'stateOrProvinceName' => $pconfig['step9']['state'], - 'localityName' => $pconfig['step9']['city'], - 'organizationName' => $pconfig['step9']['organization'], - 'emailAddress' => $pconfig['step9']['email'], - 'commonName' => $pconfig['step9']['certname'] - ); - - cert_create($cert, $ca['refid'], $pconfig['step9']['keylength'], $pconfig['step9']['lifetime'], $dn, 'sha256', 'server_cert'); - - if (!is_array($config['cert'])) { - $config['cert'] = array(); - } - - $config['cert'][] = $cert; - } elseif (!isset($pconfig['step9']['uselist']) && empty($pconfig['step9']['authcertname'])) { - $message = "Please choose a Certificate."; - header(url_safe('Location: /wizard.php?xml=openvpn&stepid=7&message=%s', array($message))); - exit; - } elseif (!($cert = lookup_cert($pconfig['step9']['authcertname']))) { - $message = "Not a valid Certificate specified."; - header(url_safe('Location: /wizard.php?xml=openvpn&stepid=7&message=%s', array($message))); - exit; - } - $server = array(); - $server['vpnid'] = openvpn_vpnid_next(); - switch ($auth['type']) { - case "ldap": - $server['authmode'] = $auth['name']; - $server['mode'] = "server_user"; - break; - case "radius": - $server['authmode'] = $auth['name']; - $server['mode'] = "server_user"; - break; - default: - $server['authmode'] = "Local Database"; - $server['mode'] = "server_tls_user"; - break; - } - $server['caref'] = $ca['refid']; - $server['certref'] = $cert['refid']; - $server['protocol'] = $pconfig['step10']['protocol']; - $server['interface'] = $pconfig['step10']['interface']; - if (isset($pconfig['step10']['localport'])) { - $server['local_port'] = $pconfig['step10']['localport']; - } - - if (strlen($pconfig['step10']['descr']) > 30) { - $pconfig['step10']['descr'] = substr($pconfig['step10']['descr'], 0, 30); - } - $server['description'] = $pconfig['step10']['descr']; - $server['custom_options'] = $pconfig['step10']['advanced']; - if (isset($pconfig['step10']['tlsauth'])) { - if (isset($pconfig['step10']['gentlskey'])) { - $tlskey = openvpn_create_key(); - } else { - $tlskey = $pconfig['step10']['tlskey']; - } - $server['tls'] = base64_encode($tlskey); - } - $server['dh_length'] = $pconfig['step10']['dhkey']; - $server['tunnel_network'] = $pconfig['step10']['tunnelnet']; - if (isset($pconfig['step10']['rdrgw'])) { - $server['gwredir'] = $pconfig['step10']['rdrgw']; - } - if (isset($pconfig['step10']['localnet'])) { - $server['local_network'] = $pconfig['step10']['localnet']; - } - if (isset($pconfig['step10']['concurrentcon'])) { - $server['maxclients'] = $pconfig['step10']['concurrentcon']; - } - if (isset($pconfig['step10']['compression'])) { - $server['compression'] = $pconfig['step10']['compression']; - } - if (isset($pconfig['step10']['tos'])) { - $server['passtos'] = $pconfig['step10']['tos']; - } - if (isset($pconfig['step10']['interclient'])) { - $server['client2client'] = $pconfig['step10']['interclient']; - } - if (isset($pconfig['step10']['duplicate_cn'])) { - $server['duplicate_cn'] = $pconfig['step10']['duplicate_cn']; - } - if (isset($pconfig['step10']['dynip'])) { - $server['dynamic_ip'] = $pconfig['step10']['dynip']; - } - if (isset($pconfig['step10']['addrpool'])) { - $server['pool_enable'] = $pconfig['step10']['addrpool']; - } - if (isset($pconfig['step10']['defaultdomain'])) { - $server['dns_domain'] = $pconfig['step10']['defaultdomain']; - } - if (isset($pconfig['step10']['dns1'])) { - $server['dns_server1'] = $pconfig['step10']['dns1']; - } - if (isset($pconfig['step10']['dns2'])) { - $server['dns_server2'] = $pconfig['step10']['dns2']; - } - if (isset($pconfig['step10']['dns3'])) { - $server['dns_server3'] = $pconfig['step10']['dns3']; - } - if (isset($pconfig['step10']['dns4'])) { - $server['dns_server4'] = $pconfig['step10']['dns4']; - } - if (isset($pconfig['step10']['ntp1'])) { - $server['ntp_server1'] = $pconfig['step10']['ntp1']; - } - if (isset($pconfig['step10']['ntp2'])) { - $server['ntp_server2'] = $pconfig['step10']['ntp2']; - } - if (isset($pconfig['step10']['wins1'])) { - $server['wins_server1'] = $pconfig['step10']['wins1']; - } - if (isset($pconfig['step10']['wins2'])) { - $server['wins_server2'] = $pconfig['step10']['wins2']; - } - if (isset($pconfig['step10']['nbtenable'])) { - $server['netbios_ntype'] = $pconfig['step10']['nbttype']; - if (isset($pconfig['step10']['nbtscope'])) { - $server['netbios_scope'] = $pconfig['step10']['nbtscope']; - } - $server['netbios_enable'] = $pconfig['step10']['nbtenable']; - } - $server['crypto'] = $pconfig['step10']['crypto']; - $server['digest'] = $pconfig['step10']['digest']; - $server['engine'] = $pconfig['step10']['engine']; - - if (isset($pconfig['step11']['ovpnrule'])) { - $rule = array(); - $rule['descr'] = sprintf(gettext("OpenVPN %s wizard"),$server['description']); - /* Ensure the rule descr is not too long for pf to handle */ - if (strlen($rule['descr']) > 52) { - $rule['descr'] = substr($rule['descr'], 0, 52); - } - $rule['direction'] = "in"; - $rule['source']['any'] = TRUE; - $rule['destination']['network'] = $server['interface'] . "ip"; - $rule['destination']['port'] = $server['local_port']; - $rule['interface'] = $server['interface']; - $rule['protocol'] = strtolower($server['protocol']); - $rule['type'] = "pass"; - $rule['enabled'] = "on"; - $rule['created'] = make_config_revision_entry(); - $config['filter']['rule'][] = $rule; - } - if (isset($pconfig['step11']['ovpnallow'])) { - $rule = array(); - $rule['descr'] = sprintf(gettext("OpenVPN %s wizard"),$server['description']); - /* Ensure the rule descr is not too long for pf to handle */ - if (strlen($rule['descr']) > 52) { - $rule['descr'] = substr($rule['descr'], 0, 52); - } - $rule['source']['any'] = TRUE; - $rule['destination']['any'] = TRUE; - $rule['interface'] = "openvpn"; - //$rule['protocol'] = $server['protocol']; - $rule['type'] = "pass"; - $rule['enabled'] = "on"; - $rule['created'] = make_config_revision_entry(); - $config['filter']['rule'][] = $rule; - } - - if (!isset($config['openvpn']['openvpn-server'])) { - $config['openvpn']['openvpn-server'] = array(); - } - - $config['openvpn']['openvpn-server'][] = $server; - - openvpn_resync('server', $server); - write_config(); - - header(url_safe('Location: /vpn_openvpn_server.php')); - exit; -} diff --git a/src/etc/inc/plugins.inc.d/if_openvpn.inc b/src/etc/inc/plugins.inc.d/if_openvpn.inc deleted file mode 100644 index 3119b1b00..000000000 --- a/src/etc/inc/plugins.inc.d/if_openvpn.inc +++ /dev/null @@ -1,106 +0,0 @@ - array('openvpn'), - 'remote' => 'vpn', - ); - - return $logfacilities; -} - -function if_openvpn_services() -{ - global $config; - - $services = array(); - - foreach (array('server', 'client') as $mode) { - if (isset($config['openvpn']["openvpn-{$mode}"])) { - foreach ($config['openvpn']["openvpn-{$mode}"] as $setting) { - if (empty($setting['disable'])) { - $pconfig = array(); - $pconfig['description'] = "OpenVPN {$mode}: " . htmlspecialchars($setting['description']); - $pconfig['pidfile'] = "/var/run/openvpn_{$mode}{$setting['vpnid']}.pid"; - $pconfig['php']['restart'] = array('openvpn_restart_by_id'); - $pconfig['php']['start'] = array('openvpn_restart_by_id'); - $pconfig['php']['args'] = array('mode', 'id'); - $pconfig['id'] = $setting['vpnid']; - $pconfig['name'] = 'openvpn'; - $pconfig['mode'] = $mode; - $services[] = $pconfig; - } - } - } - } - - return $services; -} - -function if_openvpn_interfaces() -{ - global $config; - - $interfaces = array(); - - foreach (array('server', 'client') as $mode) { - if (isset($config['openvpn']["openvpn-{$mode}"])) { - foreach ($config['openvpn']["openvpn-{$mode}"] as &$settings) { - if (empty($settings['disable'])) { - $oic = array('enable' => true); - $oic['if'] = 'openvpn'; - $oic['descr'] = 'OpenVPN'; - $oic['type'] = 'group'; - $oic['virtual'] = true; - $oic['networks'] = array(); - $interfaces['openvpn'] = $oic; - break 2; - } - } - } - } - - return $interfaces; -} - -function if_openvpn_xmlrpc_sync() -{ - $result = array(); - - $result[] = array( - 'description' => gettext('OpenVPN'), - 'section' => 'openvpn', - 'id' => 'openvpn', - ); - - return $result; -} diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/plugins.inc.d/openvpn.inc similarity index 91% rename from src/etc/inc/openvpn.inc rename to src/etc/inc/plugins.inc.d/openvpn.inc index d05810c64..5e46f87f6 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/plugins.inc.d/openvpn.inc @@ -11,11 +11,11 @@ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notices, + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright - notices, this list of conditions and the following disclaimer in the + notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, @@ -30,6 +30,85 @@ POSSIBILITY OF SUCH DAMAGE. */ +function openvpn_syslog() +{ + $logfacilities = array(); + + $logfacilities['openvpn'] = array( + 'facility' => array('openvpn'), + 'remote' => 'vpn', + ); + + return $logfacilities; +} + +function openvpn_services() +{ + global $config; + + $services = array(); + + foreach (array('server', 'client') as $mode) { + if (isset($config['openvpn']["openvpn-{$mode}"])) { + foreach ($config['openvpn']["openvpn-{$mode}"] as $setting) { + if (empty($setting['disable'])) { + $pconfig = array(); + $pconfig['description'] = "OpenVPN {$mode}: " . htmlspecialchars($setting['description']); + $pconfig['pidfile'] = "/var/run/openvpn_{$mode}{$setting['vpnid']}.pid"; + $pconfig['php']['restart'] = array('openvpn_restart_by_id'); + $pconfig['php']['start'] = array('openvpn_restart_by_id'); + $pconfig['php']['args'] = array('mode', 'id'); + $pconfig['id'] = $setting['vpnid']; + $pconfig['name'] = 'openvpn'; + $pconfig['mode'] = $mode; + $services[] = $pconfig; + } + } + } + } + + return $services; +} + +function openvpn_interfaces() +{ + global $config; + + $interfaces = array(); + + foreach (array('server', 'client') as $mode) { + if (isset($config['openvpn']["openvpn-{$mode}"])) { + foreach ($config['openvpn']["openvpn-{$mode}"] as &$settings) { + if (empty($settings['disable'])) { + $oic = array('enable' => true); + $oic['if'] = 'openvpn'; + $oic['descr'] = 'OpenVPN'; + $oic['type'] = 'group'; + $oic['virtual'] = true; + $oic['networks'] = array(); + $interfaces['openvpn'] = $oic; + break 2; + } + } + } + } + + return $interfaces; +} + +function openvpn_xmlrpc_sync() +{ + $result = array(); + + $result[] = array( + 'description' => gettext('OpenVPN'), + 'section' => 'openvpn', + 'id' => 'openvpn', + ); + + return $result; +} + global $openvpn_verbosity_level; $openvpn_verbosity_level = array( 0 => gettext('0 (none)'), @@ -1513,29 +1592,69 @@ function openvpn_refresh_crls() function openvpn_resync_if_needed($mode, $ovpn_settings, $interface) { - global $config; + global $config; - $resync_needed = true; - if (isset($ovpn_settings['disable'])) { - $resync_needed = false; - } else { - if (!empty($interface)) { - $mode_id = $mode . $ovpn_settings['vpnid']; - $fpath = "/var/etc/openvpn/{$mode_id}.interface"; - if (file_exists($fpath)) { - $current_device = file_get_contents($fpath); - $current_device = trim($current_device, " \t\n"); - $new_device = get_failover_interface($ovpn_settings['interface']); - if (isset($config['interfaces'][$interface])) { - $this_device = $config['interfaces'][$interface]['if']; - if (($current_device == $new_device) && ($current_device != $this_device)) - $resync_needed = false; - } - } - } - } - if ($resync_needed == true) { - log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']); - openvpn_resync($mode, $ovpn_settings); - } + $resync_needed = true; + if (isset($ovpn_settings['disable'])) { + $resync_needed = false; + } else { + if (!empty($interface)) { + $mode_id = $mode . $ovpn_settings['vpnid']; + $fpath = "/var/etc/openvpn/{$mode_id}.interface"; + if (file_exists($fpath)) { + $current_device = file_get_contents($fpath); + $current_device = trim($current_device, " \t\n"); + $new_device = get_failover_interface($ovpn_settings['interface']); + if (isset($config['interfaces'][$interface])) { + $this_device = $config['interfaces'][$interface]['if']; + if (($current_device == $new_device) && ($current_device != $this_device)) + $resync_needed = false; + } + } + } + } + if ($resync_needed == true) { + log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']); + openvpn_resync($mode, $ovpn_settings); + } +} + +function openvpn_carp_stop($carp_iface) +{ + global $config; + + $friendly_descr = convert_friendly_interface_to_friendly_descr($carp_iface); + + if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) { + foreach ($config['openvpn']['openvpn-client'] as $settings) { + if ($settings['interface'] == $carp_iface) { + log_error("Stopping OpenVPN client instance on {$friendly_descr} because of transition to CARP backup."); + openvpn_restart('client', $settings); + } + } + } +} + +function openvpn_carp_start($carp_iface) +{ + global $config; + + $friendly_descr = convert_friendly_interface_to_friendly_descr($carp_iface); + + if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) { + foreach ($config['openvpn']['openvpn-client'] as $settings) { + if ($settings['interface'] == $carp_iface) { + log_error("Starting OpenVPN client instance on {$friendly_descr} because of transition to CARP master."); + openvpn_restart('client', $settings); + } + } + } + if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as $settings) { + if ($settings['interface'] == $carp_iface) { + log_error("Starting OpenVPN instance on {$friendly_descr} because of transition to CARP master."); + openvpn_restart('server', $settings); + } + } + } } diff --git a/src/etc/inc/openvpn.auth-user.php b/src/etc/inc/plugins.inc.d/openvpn/auth-user.php similarity index 100% rename from src/etc/inc/openvpn.auth-user.php rename to src/etc/inc/plugins.inc.d/openvpn/auth-user.php diff --git a/src/etc/inc/openvpn.tls-verify.php b/src/etc/inc/plugins.inc.d/openvpn/tls-verify.php similarity index 100% rename from src/etc/inc/openvpn.tls-verify.php rename to src/etc/inc/plugins.inc.d/openvpn/tls-verify.php diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index ccf31a086..f335603aa 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -43,10 +43,10 @@ * of includes and switch them for a cleaner "services.inc" * include. */ -require_once('dyndns.class'); require_once('plugins.inc.d/dnsmasq.inc'); +require_once('dyndns.class'); /* XXX move to plugin */ require_once('plugins.inc.d/ipsec.inc'); -require_once('openvpn.inc'); /* XXX move to plugin */ +require_once('plugins.inc.d/openvpn.inc'); require_once('plugins.inc.d/unbound.inc'); function generate_ipv6_from_mac($mac) diff --git a/src/etc/rc.carpbackup b/src/etc/rc.carpbackup index f44c03f06..a57d507b1 100755 --- a/src/etc/rc.carpbackup +++ b/src/etc/rc.carpbackup @@ -28,7 +28,7 @@ */ require_once("config.inc"); -require_once("openvpn.inc"); +require_once("services.inc"); require_once("interfaces.inc"); require_once("util.inc"); @@ -48,12 +48,4 @@ notify_via_growl($notificationmsg); log_error($notificationmsg); /* Stop OpenVPN clients running on this VIP, since multiple active OpenVPN clients on a CARP cluster can be problematic. */ -global $config; -if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) { - foreach ($config['openvpn']['openvpn-client'] as $settings) { - if ($settings['interface'] == $carp_iface) { - log_error("Stopping OpenVPN client instance on {$friendly_descr} because of transition to CARP backup."); - openvpn_restart('client', $settings); - } - } -} +openvpn_carp_stop($carp_iface); diff --git a/src/etc/rc.carpmaster b/src/etc/rc.carpmaster index 50d7ee6f0..13dcf35ea 100755 --- a/src/etc/rc.carpmaster +++ b/src/etc/rc.carpmaster @@ -28,7 +28,7 @@ */ require_once("config.inc"); -require_once("openvpn.inc"); +require_once("services.inc"); require_once("interfaces.inc"); require_once("util.inc"); @@ -48,20 +48,4 @@ notify_via_growl($notificationmsg); log_error($notificationmsg); /* Start OpenVPN clients running on this VIP, since they should be in the stopped state while the VIP is CARP Backup. */ -global $config; -if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) { - foreach ($config['openvpn']['openvpn-client'] as $settings) { - if ($settings['interface'] == $carp_iface) { - log_error("Starting OpenVPN client instance on {$friendly_descr} because of transition to CARP master."); - openvpn_restart('client', $settings); - } - } -} -if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) { - foreach ($config['openvpn']['openvpn-server'] as $settings) { - if ($settings['interface'] == $carp_iface) { - log_error("Starting OpenVPN instance on {$friendly_descr} because of transition to CARP master."); - openvpn_restart('server', $settings); - } - } -} +openvpn_carp_start($carp_iface); diff --git a/src/etc/rc.openvpn b/src/etc/rc.openvpn index c930ba0f7..d1c5d5482 100755 --- a/src/etc/rc.openvpn +++ b/src/etc/rc.openvpn @@ -2,91 +2,90 @@ . - Copyright (C) 2009 Seth Mos . - All rights reserved. + Copyright (C) 2007 Manuel Kasper . + Copyright (C) 2009 Seth Mos . + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -/* parse the configuration and include all functions used below */ require_once("util.inc"); require_once("config.inc"); require_once("interfaces.inc"); require_once("filter.inc"); -require_once("openvpn.inc"); +require_once("plugins.inc.d/openvpn.inc"); function gateway_is_gwgroup_member($name) { - global $config; + global $config; - if (!isset($config['gateways']['gateway_group'])) { - return false; - } + if (!isset($config['gateways']['gateway_group'])) { + return false; + } - $groups = $config['gateways']['gateway_group']; - $members = array(); + $groups = $config['gateways']['gateway_group']; + $members = array(); - foreach($groups as $group) { - if (isset($group['item'])) { - foreach($group['item'] as $item) { - $elements = explode("|", $item); - $gwname = $elements[0]; - if ($name == $elements[0]) { - $members[] = $group['name']; - } - } - } - } + foreach($groups as $group) { + if (isset($group['item'])) { + foreach($group['item'] as $item) { + $elements = explode("|", $item); + $gwname = $elements[0]; + if ($name == $elements[0]) { + $members[] = $group['name']; + } + } + } + } - return $members; + return $members; } function try_lock($lock, $timeout = 5) { - if (!$lock) { - die(gettext("WARNING: You must give a name as parameter to try_lock() function.")); - } + if (!$lock) { + die(gettext("WARNING: You must give a name as parameter to try_lock() function.")); + } - if (!file_exists("/tmp/{$lock}.lock")) { - @touch("/tmp/{$lock}.lock"); - @chmod("/tmp/{$lock}.lock", 0666); - } + if (!file_exists("/tmp/{$lock}.lock")) { + @touch("/tmp/{$lock}.lock"); + @chmod("/tmp/{$lock}.lock", 0666); + } - if ($fp = fopen("/tmp/{$lock}.lock", "w")) { - $trycounter = 0; - while(!flock($fp, LOCK_EX | LOCK_NB)) { - if ($trycounter >= $timeout) { - fclose($fp); - return NULL; - } - sleep(1); - $trycounter++; - } + if ($fp = fopen("/tmp/{$lock}.lock", "w")) { + $trycounter = 0; + while(!flock($fp, LOCK_EX | LOCK_NB)) { + if ($trycounter >= $timeout) { + fclose($fp); + return NULL; + } + sleep(1); + $trycounter++; + } - return $fp; - } + return $fp; + } - return NULL; + return NULL; } @@ -99,51 +98,52 @@ if (file_exists('/var/run/booting')) { $argument = trim($argv[1], " \n"); if (isset($config['openvpn']['openvpn-server']) || isset($config['openvpn']['openvpn-client'])) { - if (empty($argument) || $argument == "all") { - $argument = "all"; - $log_text = "all"; - } else { - $log_text = "endpoints that may use " . $argument; - } - log_error("OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading " . $log_text . "."); -} else - return; + if (empty($argument) || $argument == "all") { + $argument = "all"; + $log_text = "all"; + } else { + $log_text = "endpoints that may use " . $argument; + } + log_error("OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading " . $log_text . "."); +} else { + return; +} $openvpnlck = try_lock('openvpn', 10); if (!$openvpnlck) { - log_error('Could not obtain openvpn lock for executing rc.openvpn for more than 10 seconds continuing...'); - @unlink("/tmp/openvpn.lock"); - $openvpnlck = lock('openvpn', LOCK_EX); + log_error('Could not obtain openvpn lock for executing rc.openvpn for more than 10 seconds continuing...'); + @unlink("/tmp/openvpn.lock"); + $openvpnlck = lock('openvpn', LOCK_EX); } $arg_array = explode(",",$argument); foreach ($arg_array as $arg_element) { - $gwgroups = array(); - if ($arg_element == "all") - $interface = ""; - else { - // e.g. $arg_element = "WANGW", $interface = "wan" - $interface = lookup_gateway_interface_by_name($arg_element); - if (empty($interface)) - $interface = $arg_element; - else - // e.g. $arg_element = "WANGW", $gwgroups = array of gateway groups that use "wan" - $gwgroups = gateway_is_gwgroup_member($arg_element); - } + $gwgroups = array(); + if ($arg_element == "all") { + $interface = ""; + } else { + // e.g. $arg_element = "WANGW", $interface = "wan" + $interface = lookup_gateway_interface_by_name($arg_element); + if (empty($interface)) + $interface = $arg_element; + else + // e.g. $arg_element = "WANGW", $gwgroups = array of gateway groups that use "wan" + $gwgroups = gateway_is_gwgroup_member($arg_element); + } - if(is_array($config['openvpn']['openvpn-server'])) { - foreach($config['openvpn']['openvpn-server'] as &$server) { - if ($server['interface'] == $interface || empty($interface) || (!empty($gwgroups) && in_array($server['interface'], $gwgroups))) - openvpn_resync_if_needed('server', $server, $interface); - } - } + if(is_array($config['openvpn']['openvpn-server'])) { + foreach($config['openvpn']['openvpn-server'] as &$server) { + if ($server['interface'] == $interface || empty($interface) || (!empty($gwgroups) && in_array($server['interface'], $gwgroups))) + openvpn_resync_if_needed('server', $server, $interface); + } + } - if (is_array($config['openvpn']['openvpn-client'])) { - foreach($config['openvpn']['openvpn-client'] as &$client) { - if ($client['interface'] == $interface || empty($interface) || (!empty($gwgroups) && in_array($client['interface'], $gwgroups))) - openvpn_resync_if_needed('client', $client, $interface); - } - } + if (is_array($config['openvpn']['openvpn-client'])) { + foreach($config['openvpn']['openvpn-client'] as &$client) { + if ($client['interface'] == $interface || empty($interface) || (!empty($gwgroups) && in_array($client['interface'], $gwgroups))) + openvpn_resync_if_needed('client', $client, $interface); + } + } } unlock($openvpnlck); diff --git a/src/sbin/ovpn_auth_verify b/src/sbin/ovpn_auth_verify index a15786025..a45cab0ec 100755 --- a/src/sbin/ovpn_auth_verify +++ b/src/sbin/ovpn_auth_verify @@ -1,14 +1,14 @@ #!/bin/sh if [ "$1" = "tls" ]; then - /usr/local/bin/php /usr/local/etc/inc/openvpn.tls-verify.php -d "$2" "$3" + /usr/local/bin/php /usr/local/etc/inc/plugins.inc.d/openvpn/tls-verify.php -d "$2" "$3" else # Single quoting $password breaks getting the value from the variable. # XXX I really don't like going through openssl for this... password=$(echo -n "${password}" | /usr/local/bin/openssl enc -base64 | sed -e 's/=/%3D/g') username=$(echo -n "${username}" | /usr/local/bin/openssl enc -base64 | sed -e 's/=/%3D/g') - /usr/local/bin/php /usr/local/etc/inc/openvpn.auth-user.php "$username" "$password" "$common_name" "$3" "$2" "$4" + /usr/local/bin/php /usr/local/etc/inc/plugins.inc.d/openvpn/auth-user.php "$username" "$password" "$common_name" "$3" "$2" "$4" fi exit $? diff --git a/src/wizard/openvpn.xml b/src/wizard/openvpn.xml index 226bf8766..4000c9c39 100644 --- a/src/wizard/openvpn.xml +++ b/src/wizard/openvpn.xml @@ -28,7 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ -openvpn_wizard.inc +plugins.inc.d/openvpn/wizard.inc 12 1 diff --git a/src/www/status_openvpn.php b/src/www/status_openvpn.php index 37b4fc307..adf560b0b 100644 --- a/src/www/status_openvpn.php +++ b/src/www/status_openvpn.php @@ -30,7 +30,7 @@ */ require_once("guiconfig.inc"); -require_once("openvpn.inc"); +require_once("plugins.inc.d/openvpn.inc"); require_once("services.inc"); require_once("interfaces.inc"); diff --git a/src/www/vpn_openvpn_client.php b/src/www/vpn_openvpn_client.php index 6f4f6068f..9adb17183 100644 --- a/src/www/vpn_openvpn_client.php +++ b/src/www/vpn_openvpn_client.php @@ -28,7 +28,7 @@ */ require_once("guiconfig.inc"); -require_once("openvpn.inc"); +require_once("plugins.inc.d/openvpn.inc"); require_once("services.inc"); require_once("interfaces.inc"); diff --git a/src/www/vpn_openvpn_csc.php b/src/www/vpn_openvpn_csc.php index 8c11310f4..46b29753e 100644 --- a/src/www/vpn_openvpn_csc.php +++ b/src/www/vpn_openvpn_csc.php @@ -28,7 +28,7 @@ */ require_once("guiconfig.inc"); -require_once("openvpn.inc"); +require_once("plugins.inc.d/openvpn.inc"); require_once("services.inc"); require_once("interfaces.inc"); diff --git a/src/www/vpn_openvpn_export.php b/src/www/vpn_openvpn_export.php index d060e84a2..e44a299a5 100644 --- a/src/www/vpn_openvpn_export.php +++ b/src/www/vpn_openvpn_export.php @@ -30,7 +30,7 @@ */ require_once("guiconfig.inc"); -require_once("openvpn.inc"); +require_once("plugins.inc.d/openvpn.inc"); require_once("services.inc"); require_once("filter.inc"); require_once("interfaces.inc"); diff --git a/src/www/vpn_openvpn_server.php b/src/www/vpn_openvpn_server.php index 6d242c034..8ef156ffd 100644 --- a/src/www/vpn_openvpn_server.php +++ b/src/www/vpn_openvpn_server.php @@ -28,7 +28,7 @@ */ require_once("guiconfig.inc"); -require_once("openvpn.inc"); +require_once("plugins.inc.d/openvpn.inc"); require_once("services.inc"); require_once("interfaces.inc"); diff --git a/src/www/widgets/widgets/openvpn.widget.php b/src/www/widgets/widgets/openvpn.widget.php index a20986208..dd06945df 100644 --- a/src/www/widgets/widgets/openvpn.widget.php +++ b/src/www/widgets/widgets/openvpn.widget.php @@ -27,14 +27,13 @@ */ require_once("guiconfig.inc"); -require_once("openvpn.inc"); - +require_once("plugins.inc.d/openvpn.inc"); $servers = openvpn_get_active_servers(); $sk_servers = openvpn_get_active_servers("p2p"); $clients = openvpn_get_active_clients(); -?> +?>