Skip to content

O
OpnSense
Commit 330e1577 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(legacy) spaces and curly braces in openvpn-client-export.inc

parent d7dfa801
Show whitespace changes
Inline Side-by-side
Showing with 899 additions and 863 deletions
src/etc/inc/openvpn-client-export.inc
View file @ 330e1577
...@@ -33,13 +33,15 @@ global $current_openvpn_version, $current_openvpn_version_rev; ...@@ -33,13 +33,15 @@ global $current_openvpn_version, $current_openvpn_version_rev;
$current_openvpn_version = "2.3.6"; $current_openvpn_version = "2.3.6";
$current_openvpn_version_rev = "01"; $current_openvpn_version_rev = "01";
function openvpn_client_export_prefix($srvid, $usrid = null, $crtid = null) { function openvpn_client_export_prefix($srvid, $usrid = null, $crtid = null)
{
global $config; global $config;
// lookup server settings // lookup server settings
$settings = $config['openvpn']['openvpn-server'][$srvid]; $settings = $config['openvpn']['openvpn-server'][$srvid];
if (empty($settings)) if (empty($settings)) {
return false; return false;
}
if (!empty($settings['disable'])) { if (!empty($settings['disable'])) {
return false; return false;
} }
...@@ -58,7 +60,8 @@ function openvpn_client_export_prefix($srvid, $usrid = null, $crtid = null) { ...@@ -58,7 +60,8 @@ function openvpn_client_export_prefix($srvid, $usrid = null, $crtid = null) {
return "{$host}-{$prot}-{$port}{$filename_addition}"; return "{$host}-{$prot}-{$port}{$filename_addition}";
} }
function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $capath = false) { function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $capath = false)
{
$eoutpath = escapeshellarg($outpath); $eoutpath = escapeshellarg($outpath);
$eoutpass = escapeshellarg($outpass); $eoutpass = escapeshellarg($outpass);
$ecrtpath = escapeshellarg($crtpath); $ecrtpath = escapeshellarg($crtpath);
...@@ -66,13 +69,15 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap ...@@ -66,13 +69,15 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap
if ($capath) { if ($capath) {
$ecapath = escapeshellarg($capath); $ecapath = escapeshellarg($capath);
exec("/usr/local/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -certfile {$ecapath} -out {$eoutpath} -passout pass:{$eoutpass}"); exec("/usr/local/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -certfile {$ecapath} -out {$eoutpath} -passout pass:{$eoutpass}");
} else } else {
exec("/usr/local/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -out {$eoutpath} -passout pass:{$eoutpass}"); exec("/usr/local/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -out {$eoutpath} -passout pass:{$eoutpass}");
}
unlink($crtpath); unlink($crtpath);
unlink($keypath); unlink($keypath);
if ($capath) if ($capath) {
unlink($capath); unlink($capath);
}
} }
function openvpn_client_export_validate_config($srvid, $usrid, $crtid) function openvpn_client_export_validate_config($srvid, $usrid, $crtid)
...@@ -93,8 +98,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) ...@@ -93,8 +98,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid)
// lookup server certificate info // lookup server certificate info
$server_cert = lookup_cert($settings['certref']); $server_cert = lookup_cert($settings['certref']);
if (!$server_cert) if (!$server_cert) {
{
$input_errors[] = gettext("Could not locate server certificate."); $input_errors[] = gettext("Could not locate server certificate.");
} else { } else {
$server_ca = ca_chain($server_cert); $server_ca = ca_chain($server_cert);
...@@ -123,18 +127,22 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) ...@@ -123,18 +127,22 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid)
$input_errors[] = gettext("Could not find client certificate."); $input_errors[] = gettext("Could not find client certificate.");
} else { } else {
// If $cert is not an array, it's a certref not a cert. // If $cert is not an array, it's a certref not a cert.
if (!is_array($cert)) if (!is_array($cert)) {
$cert = lookup_cert($cert); $cert = lookup_cert($cert);
} }
}
} elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) { } elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) {
$cert = $config['cert'][$crtid]; $cert = $config['cert'][$crtid];
if (!$cert) if (!$cert) {
$input_errors[] = gettext("Could not find client certificate."); $input_errors[] = gettext("Could not find client certificate.");
} else }
} else {
$nokeys = true; $nokeys = true;
}
if ($input_errors) if ($input_errors) {
return false; return false;
}
return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys); return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys);
} }
...@@ -161,28 +169,31 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys ...@@ -161,28 +169,31 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
// add basic settings // add basic settings
$devmode = empty($settings['dev_mode']) ? "tun" : $settings['dev_mode']; $devmode = empty($settings['dev_mode']) ? "tun" : $settings['dev_mode'];
if (($expformat != "inlinedroid") && ($expformat != "inlineios")) if (($expformat != "inlinedroid") && ($expformat != "inlineios")) {
$conf .= "dev {$devmode}{$nl}"; $conf .= "dev {$devmode}{$nl}";
if(!empty($settings['tunnel_networkv6']) && ($expformat != "inlinedroid") && ($expformat != "inlineios")) { }
if (!empty($settings['tunnel_networkv6']) && ($expformat != "inlinedroid") && ($expformat != "inlineios")) {
$conf .= "tun-ipv6{$nl}"; $conf .= "tun-ipv6{$nl}";
} }
$conf .= "persist-tun{$nl}"; $conf .= "persist-tun{$nl}";
$conf .= "persist-key{$nl}"; $conf .= "persist-key{$nl}";
// if ((($expformat != "inlinedroid") && ($expformat != "inlineios")) && ($proto == "tcp")) // if ((($expformat != "inlinedroid") && ($expformat != "inlineios")) && ($proto == "tcp"))
// $conf .= "proto tcp-client{$nl}"; // $conf .= "proto tcp-client{$nl}";
$conf .= "cipher {$cipher}{$nl}"; $conf .= "cipher {$cipher}{$nl}";
$conf .= "auth {$digest}{$nl}"; $conf .= "auth {$digest}{$nl}";
$conf .= "tls-client{$nl}"; $conf .= "tls-client{$nl}";
$conf .= "client{$nl}"; $conf .= "client{$nl}";
if (($expformat != "inlinedroid") && ($expformat != "inlineios")) if (($expformat != "inlinedroid") && ($expformat != "inlineios")) {
$conf .= "resolv-retry infinite{$nl}"; $conf .= "resolv-retry infinite{$nl}";
}
$conf .= "$remotes{$nl}"; $conf .= "$remotes{$nl}";
/* Use a random local port, otherwise two clients will conflict if they run at the same time. /* Use a random local port, otherwise two clients will conflict if they run at the same time.
May not be supported on older clients (Released before May 2010) */ May not be supported on older clients (Released before May 2010) */
if (($randomlocalport != 0) && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom")) if (($randomlocalport != 0) && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom")) {
$conf .= "lport 0{$nl}"; $conf .= "lport 0{$nl}";
}
/* This line can cause problems with auth-only setups and also with Yealink/Snom phones /* This line can cause problems with auth-only setups and also with Yealink/Snom phones
since they are stuck on an older OpenVPN version that does not support this feature. */ since they are stuck on an older OpenVPN version that does not support this feature. */
...@@ -205,18 +216,19 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys ...@@ -205,18 +216,19 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
if (!empty($proxy)) { if (!empty($proxy)) {
if ($proxy['proxy_type'] == "http") { if ($proxy['proxy_type'] == "http") {
if (strtoupper(substr($settings['protocol'], 0, 3)) == "UDP") { if (strtoupper(substr($settings['protocol'], 0, 3)) == "UDP") {
$input_errors[] = gettext("This server uses UDP protocol and cannot communicate with HTTP proxy."); $input_errors[] = gettext("This server uses UDP protocol and cannot communicate with HTTP proxy.");
return; return;
} }
$conf .= "http-proxy {$proxy['ip']} {$proxy['port']} "; $conf .= "http-proxy {$proxy['ip']} {$proxy['port']} ";
} }
if ($proxy['proxy_type'] == "socks") if ($proxy['proxy_type'] == "socks") {
$conf .= "socks-proxy {$proxy['ip']} {$proxy['port']} "; $conf .= "socks-proxy {$proxy['ip']} {$proxy['port']} ";
}
if ($proxy['proxy_authtype'] != "none") { if ($proxy['proxy_authtype'] != "none") {
if (!isset($proxy['passwdfile'])) if (!isset($proxy['passwdfile'])) {
$proxy['passwdfile'] = openvpn_client_export_prefix($srvid, $usrid, $crtid) . "-proxy"; $proxy['passwdfile'] = openvpn_client_export_prefix($srvid, $usrid, $crtid) . "-proxy";
}
$conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}"; $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}";
} }
$conf .= "{$nl}"; $conf .= "{$nl}";
...@@ -233,7 +245,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys ...@@ -233,7 +245,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
// add key settings // add key settings
$prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid); $prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid);
$cafile = "{$prefix}-ca.crt"; $cafile = "{$prefix}-ca.crt";
if($nokeys == false) { if ($nokeys == false) {
if ($expformat == "yealink_t28") { if ($expformat == "yealink_t28") {
$conf .= "ca /yealink/config/openvpn/keys/ca.crt{$nl}"; $conf .= "ca /yealink/config/openvpn/keys/ca.crt{$nl}";
$conf .= "cert /yealink/config/openvpn/keys/client1.crt{$nl}"; $conf .= "cert /yealink/config/openvpn/keys/client1.crt{$nl}";
...@@ -257,22 +269,24 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys ...@@ -257,22 +269,24 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
$conf .= "pkcs12 {$prefix}.p12{$nl}"; $conf .= "pkcs12 {$prefix}.p12{$nl}";
} }
} else if ($settings['mode'] == "server_user") { } else if ($settings['mode'] == "server_user") {
if (substr($expformat, 0, 6) != "inline") if (substr($expformat, 0, 6) != "inline") {
$conf .= "ca {$cafile}{$nl}"; $conf .= "ca {$cafile}{$nl}";
} }
}
if ($settings['tls'] && !$skiptls) { if ($settings['tls'] && !$skiptls) {
if ($expformat == "yealink_t28") if ($expformat == "yealink_t28") {
$conf .= "tls-auth /yealink/config/openvpn/keys/ta.key 1{$nl}"; $conf .= "tls-auth /yealink/config/openvpn/keys/ta.key 1{$nl}";
elseif ($expformat == "yealink_t38g") } elseif ($expformat == "yealink_t38g") {
$conf .= "tls-auth /phone/config/openvpn/keys/ta.key 1{$nl}"; $conf .= "tls-auth /phone/config/openvpn/keys/ta.key 1{$nl}";
elseif ($expformat == "yealink_t38g2") } elseif ($expformat == "yealink_t38g2") {
$conf .= "tls-auth /config/openvpn/keys/ta.key 1{$nl}"; $conf .= "tls-auth /config/openvpn/keys/ta.key 1{$nl}";
elseif ($expformat == "snom") } elseif ($expformat == "snom") {
$conf .= "tls-auth /openvpn/ta.key 1{$nl}"; $conf .= "tls-auth /openvpn/ta.key 1{$nl}";
elseif (substr($expformat, 0, 6) != "inline") } elseif (substr($expformat, 0, 6) != "inline") {
$conf .= "tls-auth {$prefix}-tls.key 1{$nl}"; $conf .= "tls-auth {$prefix}-tls.key 1{$nl}";
} }
}
// Prevent MITM attacks by verifying the server certificate. // Prevent MITM attacks by verifying the server certificate.
// - Disable for now, it requires the server cert to include special options // - Disable for now, it requires the server cert to include special options
...@@ -347,11 +361,12 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys ...@@ -347,11 +361,12 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
// convert to pkcs12 format // convert to pkcs12 format
$p12file = "{$tempdir}/{$prefix}.p12"; $p12file = "{$tempdir}/{$prefix}.p12";
if ($usetoken) if ($usetoken) {
openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile);
else } else {
openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile);
} }
}
$command = "cd " . escapeshellarg("{$tempdir}/..") $command = "cd " . escapeshellarg("{$tempdir}/..")
. " && /usr/local/bin/zip -r " . " && /usr/local/bin/zip -r "
. escapeshellarg("/tmp/{$prefix}-config.zip") . escapeshellarg("/tmp/{$prefix}-config.zip")
...@@ -478,15 +493,17 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri ...@@ -478,15 +493,17 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri
// create config directory // create config directory
$confdir = "{$tempdir}/config"; $confdir = "{$tempdir}/config";
if (!is_dir($conf_dir)) if (!is_dir($conf_dir)) {
mkdir($confdir, 0700, true); mkdir($confdir, 0700, true);
}
// copy the template directory // copy the template directory
exec("cp -r {$workdir}/template/* {$tempdir}"); exec("cp -r {$workdir}/template/* {$tempdir}");
// and put the required installer exe in place // and put the required installer exe in place
exec("/bin/cp {$tempdir}/{$client_install_exe} {$tempdir}/openvpn-install.exe"); exec("/bin/cp {$tempdir}/{$client_install_exe} {$tempdir}/openvpn-install.exe");
if (stristr($openvpn_version, "x64")) if (stristr($openvpn_version, "x64")) {
rename("{$tempdir}/openvpn-postinstall64.exe", "{$tempdir}/openvpn-postinstall.exe"); rename("{$tempdir}/openvpn-postinstall64.exe", "{$tempdir}/openvpn-postinstall.exe");
}
// write configuration file // write configuration file
$prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid); $prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid);
...@@ -520,36 +537,39 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri ...@@ -520,36 +537,39 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri
file_put_contents($keyfile, base64_decode($cert['prv'])); file_put_contents($keyfile, base64_decode($cert['prv']));
// convert to pkcs12 format // convert to pkcs12 format
$p12file = "{$tempdir}/config/{$prefix}.p12"; $p12file = "{$tempdir}/config/{$prefix}.p12";
if ($usetoken) if ($usetoken) {
openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile);
else } else {
openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile);
} }
}
// 7zip the configuration data // 7zip the configuration data
chdir($tempdir); chdir($tempdir);
$files = "config "; $files = "config ";
if ($openvpnmanager) if ($openvpnmanager) {
$files .= "openvpnmanager "; $files .= "openvpnmanager ";
}
$files .= "openvpn-install.exe "; $files .= "openvpn-install.exe ";
$files .= "openvpn-postinstall.exe "; $files .= "openvpn-postinstall.exe ";
if ($usetoken) if ($usetoken) {
$procchain = ';!@Install@!UTF-8! $procchain = ';!@Install@!UTF-8!
RunProgram="openvpn-postinstall.exe /Import" RunProgram="openvpn-postinstall.exe /Import"
;!@InstallEnd@!' ;!@InstallEnd@!'
; ;
else } else {
$procchain = ';!@Install@!UTF-8! $procchain = ';!@Install@!UTF-8!
RunProgram="openvpn-postinstall.exe" RunProgram="openvpn-postinstall.exe"
;!@InstallEnd@!' ;!@InstallEnd@!';
; }
file_put_contents("{$tempdir}/7zipConfig",$procchain); file_put_contents("{$tempdir}/7zipConfig",$procchain);
if(file_exists("/usr/pbi/p7zip-{$uname_p}/bin/7z")) if (file_exists("/usr/pbi/p7zip-{$uname_p}/bin/7z")) {
exec("/usr/pbi/p7zip-{$uname_p}/bin/7z -y a archive.7z {$files}"); exec("/usr/pbi/p7zip-{$uname_p}/bin/7z -y a archive.7z {$files}");
else } else {
exec("/usr/local/libexec/p7zip/7z -y a archive.7z {$files}"); exec("/usr/local/libexec/p7zip/7z -y a archive.7z {$files}");
}
// create the final installer // create the final installer
$outfile = "{$tempdir}-install.exe"; $outfile = "{$tempdir}-install.exe";
...@@ -597,15 +617,17 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead ...@@ -597,15 +617,17 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
} }
$conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", $outpass, true, true, $openvpnmanager, $advancedoptions); $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", $outpass, true, true, $openvpnmanager, $advancedoptions);
if (!$conf) if (!$conf) {
return false; return false;
}
// We need to nuke the ca line from the above config if it exists. // We need to nuke the ca line from the above config if it exists.
$conf = explode("\n", $conf); $conf = explode("\n", $conf);
for ($i=0; $i < count($conf); $i++) { for ($i=0; $i < count($conf); $i++) {
if ((substr($conf[$i], 0, 3) == "ca ") || (substr($conf[$i], 0, 7) == "pkcs12 ")) if ((substr($conf[$i], 0, 3) == "ca ") || (substr($conf[$i], 0, 7) == "pkcs12 ")) {
unset($conf[$i]); unset($conf[$i]);
} }
}
$conf = implode("\n", $conf); $conf = implode("\n", $conf);
$friendly_name = $settings['description']; $friendly_name = $settings['description'];
...@@ -638,7 +660,6 @@ EOF; ...@@ -638,7 +660,6 @@ EOF;
file_put_contents($cafile, $server_ca); file_put_contents($cafile, $server_ca);
if ($settings['mode'] != "server_user") { if ($settings['mode'] != "server_user") {
// write user .crt // write user .crt
$crtfile = "{$tempdir}/cert.crt"; $crtfile = "{$tempdir}/cert.crt";
file_put_contents($crtfile, base64_decode($cert['crt'])); file_put_contents($crtfile, base64_decode($cert['crt']));
...@@ -666,16 +687,16 @@ EOF; ...@@ -666,16 +687,16 @@ EOF;
} }
// Zip Viscosity file // Zip Viscosity file
if(file_exists("/usr/pbi/zip-{$uname_p}/bin/zip")) if (file_exists("/usr/pbi/zip-{$uname_p}/bin/zip")) {
exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r {$zipfile} Viscosity.visc"); exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r {$zipfile} Viscosity.visc");
else } else {
exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$zipfile} Viscosity.visc"); exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$zipfile} Viscosity.visc");
}
// Remove temporary directory // Remove temporary directory
exec("rm -rf {$tempdir}"); exec("rm -rf {$tempdir}");
return $zipfile; return $zipfile;
} }
function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipconf = false) function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipconf = false)
...@@ -699,31 +720,35 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco ...@@ -699,31 +720,35 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
if (!empty($settings['ipaddr']) && is_ipaddr($settings['ipaddr'])) { if (!empty($settings['ipaddr']) && is_ipaddr($settings['ipaddr'])) {
$server_host = $settings['ipaddr']; $server_host = $settings['ipaddr'];
} else { } else {
if (!$interface) if (!$interface) {
$interface = "wan"; $interface = "wan";
if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) }
if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) {
$server_host = get_interface_ipv6($interface); $server_host = get_interface_ipv6($interface);
else } else {
$server_host = get_interface_ip($interface); $server_host = get_interface_ip($interface);
} }
} else if ($useaddr == "serverhostname" || empty($useaddr)) { }
} elseif ($useaddr == "serverhostname" || empty($useaddr)) {
$server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}."; $server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}.";
$server_host .= "{$config['system']['domain']}"; $server_host .= "{$config['system']['domain']}";
} else } else {
$server_host = $useaddr; $server_host = $useaddr;
}
$server_port = $settings['local_port']; $server_port = $settings['local_port'];
$proto = strtolower($settings['protocol']); $proto = strtolower($settings['protocol']);
if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") {
$proto .= "-client"; $proto .= "-client";
}
$cipher = $settings['crypto']; $cipher = $settings['crypto'];
$digest = !empty($settings['digest']) ? $settings['digest'] : "SHA1"; $digest = !empty($settings['digest']) ? $settings['digest'] : "SHA1";
// add basic settings // add basic settings
$conf = "dev tun\n"; $conf = "dev tun\n";
if(! empty($settings['tunnel_networkv6'])) { if (! empty($settings['tunnel_networkv6'])) {
$conf .= "tun-ipv6\n"; $conf .= "tun-ipv6\n";
} }
$conf .= "persist-tun\n"; $conf .= "persist-tun\n";
...@@ -758,11 +783,13 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco ...@@ -758,11 +783,13 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
} }
$conf .= "http-proxy {$proxy['ip']} {$proxy['port']} "; $conf .= "http-proxy {$proxy['ip']} {$proxy['port']} ";
} }
if ($proxy['proxy_type'] == "socks") if ($proxy['proxy_type'] == "socks") {
$conf .= "socks-proxy {$proxy['ip']} {$proxy['port']} "; $conf .= "socks-proxy {$proxy['ip']} {$proxy['port']} ";
}
if ($proxy['proxy_authtype'] != "none") { if ($proxy['proxy_authtype'] != "none") {
if (!isset($proxy['passwdfile'])) if (!isset($proxy['passwdfile'])) {
$proxy['passwdfile'] = openvpn_client_export_prefix($srvid) . "-proxy"; $proxy['passwdfile'] = openvpn_client_export_prefix($srvid) . "-proxy";
}
$conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}"; $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}";
} }
$conf .= "\n"; $conf .= "\n";
...@@ -774,10 +801,12 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco ...@@ -774,10 +801,12 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
$conf .= "secret {$shkeyfile}\n"; $conf .= "secret {$shkeyfile}\n";
// add optional settings // add optional settings
if ($settings['compression']) if ($settings['compression']) {
$conf .= "comp-lzo\n"; $conf .= "comp-lzo\n";
if ($settings['passtos']) }
if ($settings['passtos']) {
$conf .= "passtos\n"; $conf .= "passtos\n";
}
if ($zipconf == true) { if ($zipconf == true) {
// create template directory // create template directory
...@@ -789,16 +818,18 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco ...@@ -789,16 +818,18 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
$shkeyfile = "{$tempdir}/{$shkeyfile}"; $shkeyfile = "{$tempdir}/{$shkeyfile}";
file_put_contents("{$shkeyfile}", base64_decode($settings['shared_key'])); file_put_contents("{$shkeyfile}", base64_decode($settings['shared_key']));
if(file_exists("/usr/pbi/zip-{$uname_p}/bin/zip")) if (file_exists("/usr/pbi/zip-{$uname_p}/bin/zip")) {
exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r /tmp/{$prefix}-config.zip {$prefix}"); exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r /tmp/{$prefix}-config.zip {$prefix}");
else } else {
exec("cd {$tempdir}/.. && /usr/local/bin/zip -r /tmp/{$prefix}-config.zip {$prefix}"); exec("cd {$tempdir}/.. && /usr/local/bin/zip -r /tmp/{$prefix}-config.zip {$prefix}");
}
// Remove temporary directory // Remove temporary directory
exec("rm -rf {$tempdir}"); exec("rm -rf {$tempdir}");
return "{$prefix}-config.zip"; return "{$prefix}-config.zip";
} else } else {
return $conf; return $conf;
}
} }
function openvpn_client_export_build_remote_lines($settings, $useaddr, $interface, $expformat, $nl) { function openvpn_client_export_build_remote_lines($settings, $useaddr, $interface, $expformat, $nl) {
...@@ -809,25 +840,30 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac ...@@ -809,25 +840,30 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac
if (!empty($settings['ipaddr']) && is_ipaddr($settings['ipaddr'])) { if (!empty($settings['ipaddr']) && is_ipaddr($settings['ipaddr'])) {
$server_host = $settings['ipaddr']; $server_host = $settings['ipaddr'];
} else { } else {
if (!$interface || ($interface == "any")) if (!$interface || ($interface == "any")) {
$interface = "wan"; $interface = "wan";
if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) }
if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) {
$server_host = get_interface_ipv6($interface); $server_host = get_interface_ipv6($interface);
else } else {
$server_host = get_interface_ip($interface); $server_host = get_interface_ip($interface);
} }
}
} else if ($useaddr == "serverhostname" || empty($useaddr)) { } else if ($useaddr == "serverhostname" || empty($useaddr)) {
$server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}."; $server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}.";
$server_host .= "{$config['system']['domain']}"; $server_host .= "{$config['system']['domain']}";
} else } else {
$server_host = $useaddr; $server_host = $useaddr;
}
$proto = strtolower($settings['protocol']); $proto = strtolower($settings['protocol']);
if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") {
$proto .= "-client"; $proto .= "-client";
}
if (($expformat == "inlineios") && ($proto == "tcp-client")) if (($expformat == "inlineios") && ($proto == "tcp-client")) {
$proto = "tcp"; $proto = "tcp";
}
if (($useaddr == "servermagic") || ($useaddr == "servermagichost")) { if (($useaddr == "servermagic") || ($useaddr == "servermagichost")) {
$destinations = openvpn_client_export_find_port_forwards($server_host, $settings['local_port'], $proto, true, ($useaddr == "servermagichost")); $destinations = openvpn_client_export_find_port_forwards($server_host, $settings['local_port'], $proto, true, ($useaddr == "servermagichost"));
...@@ -878,25 +914,24 @@ function openvpn_client_export_find_port_forwards($targetip, $targetport, $targe ...@@ -878,25 +914,24 @@ function openvpn_client_export_find_port_forwards($targetip, $targetport, $targe
$dstaddr_port = explode(" ", $dstaddr); $dstaddr_port = explode(" ", $dstaddr);
if(empty($dstaddr_port[0]) || strtolower(trim($dstaddr_port[0])) == "port") if (empty($dstaddr_port[0]) || strtolower(trim($dstaddr_port[0])) == "port") {
continue; // Skip port forward if no destination address found continue; // Skip port forward if no destination address found
}
if (!is_ipaddr($dstaddr_port[0])) {
if (!is_ipaddr($dstaddr_port[0]))
continue; // We can only work with single IPs, not subnets! continue; // We can only work with single IPs, not subnets!
}
if ($skipprivate && is_private_ip($dstaddr_port[0])) {
if ($skipprivate && is_private_ip($dstaddr_port[0]))
continue; // Skipping a private IP destination! continue; // Skipping a private IP destination!
}
$dest['host'] = $dstaddr_port[0]; $dest['host'] = $dstaddr_port[0];
if ($findhostname) { if ($findhostname) {
$hostname = openvpn_client_export_find_hostname($natif); $hostname = openvpn_client_export_find_hostname($natif);
if (!empty($hostname)) if (!empty($hostname)) {
$dest['host'] = $hostname; $dest['host'] = $hostname;
} }
}
$destinations[] = $dest; $destinations[] = $dest;
} }
} }
...@@ -912,15 +947,16 @@ function openvpn_client_export_find_hostname($interface) ...@@ -912,15 +947,16 @@ function openvpn_client_export_find_hostname($interface)
if (isset($config['dyndnses']['dyndns'])) { if (isset($config['dyndnses']['dyndns'])) {
foreach ($config['dyndnses']['dyndns'] as $ddns) { foreach ($config['dyndnses']['dyndns'] as $ddns) {
if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host'])) if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host'])) {
return $ddns['host']; return $ddns['host'];
} }
} }
}
if (isset($config['dnsupdates']['dnsupdate'])) { if (isset($config['dnsupdates']['dnsupdate'])) {
foreach ($config['dnsupdates']['dnsupdate'] as $ddns) { foreach ($config['dnsupdates']['dnsupdate'] as $ddns) {
if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host'])) if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host'])) {
return $ddns['host']; return $ddns['host'];
} }
} }
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023