openvpn: merge plugin rework from master

plist

@@ -31,22 +31,21 @@
 /usr/local/etc/inc/notices.plain_sasl_client.inc
 /usr/local/etc/inc/notices.sasl.inc
 /usr/local/etc/inc/notices.smtp.inc
-/usr/local/etc/inc/openvpn.auth-user.php
-/usr/local/etc/inc/openvpn.inc
-/usr/local/etc/inc/openvpn.tls-verify.php
-/usr/local/etc/inc/openvpn_wizard.inc
 /usr/local/etc/inc/plugins.inc
 /usr/local/etc/inc/plugins.inc.d/dnsmasq.inc
 /usr/local/etc/inc/plugins.inc.d/dyndns.inc
 /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc
 /usr/local/etc/inc/plugins.inc.d/dyndns/r53.inc
-/usr/local/etc/inc/plugins.inc.d/if_openvpn.inc
 /usr/local/etc/inc/plugins.inc.d/ipfw.inc
 /usr/local/etc/inc/plugins.inc.d/ipsec.inc
 /usr/local/etc/inc/plugins.inc.d/ipsec/auth-user.php
 /usr/local/etc/inc/plugins.inc.d/netflow.inc
 /usr/local/etc/inc/plugins.inc.d/ntpd.inc
 /usr/local/etc/inc/plugins.inc.d/openssh.inc
+/usr/local/etc/inc/plugins.inc.d/openvpn.inc
+/usr/local/etc/inc/plugins.inc.d/openvpn/auth-user.php
+/usr/local/etc/inc/plugins.inc.d/openvpn/tls-verify.php
+/usr/local/etc/inc/plugins.inc.d/openvpn/wizard.inc
 /usr/local/etc/inc/plugins.inc.d/pf.inc
 /usr/local/etc/inc/plugins.inc.d/rfc2136.inc
 /usr/local/etc/inc/plugins.inc.d/squid.inc

src/etc/inc/interfaces.inc

 <?php
 
 /*
-    Copyright (C) 2004-2008 Scott Ullrich
-    Copyright (C) 2008-2009 Ermal Luçi
-    Copyright (C) 2005 Espen Johansen
-    Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
-    All rights reserved.
-
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions are met:
-
-    1. Redistributions of source code must retain the above copyright notices,
-       this list of conditions and the following disclaimer.
-
-    2. Redistributions in binary form must reproduce the above copyright
-       notices, this list of conditions and the following disclaimer in the
-       documentation and/or other materials provided with the distribution.
-
-    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-    POSSIBILITY OF SUCH DAMAGE.
-*/
+ * Copyright (C) 2004-2008 Scott Ullrich
+ * Copyright (C) 2008-2009 Ermal Luçi
+ * Copyright (C) 2005 Espen Johansen
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
 
 require_once("interfaces.lib.inc");
 require_once("gwlb.inc");
@@ -2516,26 +2516,9 @@ function interface_virtual_create($interface)
         interfaces_gre_configure(0, false, $interface);
     } elseif (substr($interface, 0, 3) == 'gif') {
         interfaces_gif_configure(0, false, $interface);
-    } elseif (substr($interface, 0, 5) == "ovpns") {
-        if (isset($config['openvpn']['openvpn-server'])) {
-            foreach ($config['openvpn']['openvpn-server'] as $server) {
-                if ($interface == "ovpns{$server['vpnid']}") {
-                    log_error("OpenVPN: Resync server {$server['description']}");
-                    openvpn_resync('server', $server);
-                }
-            }
-            unset($server);
-        }
-    } elseif (substr($interface, 0, 5) == "ovpnc") {
-        if (isset($config['openvpn']['openvpn-client'])) {
-            foreach ($config['openvpn']['openvpn-client'] as $client) {
-                if ($interface == "ovpnc{$client['vpnid']}") {
-                    log_error("OpenVPN: Resync server {$client['description']}");
-                    openvpn_resync('client', $client);
-                }
-            }
-            unset($client);
-        }
+    } elseif (substr($interface, 0, 4) == 'ovpn') {
+        /* XXX this looks like a plugin spot... */
+        openvpn_configure_interface($interface);
     } elseif (substr($interface, 0, 4) == 'lagg') {
         interfaces_lagg_configure($interface);
     } elseif (substr($interface, 0, 6) == 'bridge') {

src/etc/inc/plugins.inc.d/if_openvpn.inc

-<?php
-
-/*
-    Copyright (C) 2016 Deciso B.V.
-    All rights reserved.
-
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions are met:
-
-    1. Redistributions of source code must retain the above copyright notice,
-       this list of conditions and the following disclaimer.
-
-    2. Redistributions in binary form must reproduce the above copyright
-       notice, this list of conditions and the following disclaimer in the
-       documentation and/or other materials provided with the distribution.
-
-    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-    POSSIBILITY OF SUCH DAMAGE.
-*/
-
-function if_openvpn_syslog()
-{
-    $logfacilities = array();
-
-    $logfacilities['openvpn'] = array(
-        'facility' => array('openvpn'),
-        'remote' => 'vpn',
-    );
-
-    return $logfacilities;
-}
-
-function if_openvpn_services()
-{
-    global $config;
-
-    $services = array();
-
-    foreach (array('server', 'client') as $mode) {
-        if (isset($config['openvpn']["openvpn-{$mode}"])) {
-            foreach ($config['openvpn']["openvpn-{$mode}"] as $setting) {
-                if (empty($setting['disable'])) {
-                    $pconfig = array();
-                    $pconfig['description'] = "OpenVPN {$mode}: " . htmlspecialchars($setting['description']);
-                    $pconfig['pidfile'] = "/var/run/openvpn_{$mode}{$setting['vpnid']}.pid";
-                    $pconfig['php']['restart'] = array('openvpn_restart_by_id');
-                    $pconfig['php']['start'] = array('openvpn_restart_by_id');
-                    $pconfig['php']['args'] = array('mode', 'id');
-                    $pconfig['id'] = $setting['vpnid'];
-                    $pconfig['name'] = 'openvpn';
-                    $pconfig['mode'] = $mode;
-                    $services[] = $pconfig;
-                }
-            }
-        }
-    }
-
-    return $services;
-}
-
-function if_openvpn_interfaces()
-{
-    global $config;
-
-    $interfaces = array();
-
-    foreach (array('server', 'client') as $mode) {
-        if (isset($config['openvpn']["openvpn-{$mode}"])) {
-            foreach ($config['openvpn']["openvpn-{$mode}"] as &$settings) {
-                if (empty($settings['disable'])) {
-                    $oic = array('enable' => true);
-                    $oic['if'] = 'openvpn';
-                    $oic['descr'] = 'OpenVPN';
-                    $oic['type'] = 'group';
-                    $oic['virtual'] = true;
-                    $oic['networks'] = array();
-                    $interfaces['openvpn'] = $oic;
-                    break 2;
-                }
-            }
-        }
-    }
-
-    return $interfaces;
-}
-
-function if_openvpn_xmlrpc_sync()
-{
-    $result = array();
-
-    $result[] = array(
-        'description' => gettext('OpenVPN'),
-        'section' => 'openvpn',
-        'id' => 'openvpn',
-    );
-
-    return $result;
-}

src/etc/inc/openvpn_wizard.inc → src/etc/inc/plugins.inc.d/openvpn/wizard.inc

@@ -26,7 +26,7 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
-require_once("openvpn.inc");
+require_once("plugins.inc.d/openvpn.inc");
 require_once("util.inc");
 
 function cert_get_subject_hash($crt)
@@ -731,9 +731,11 @@ function step12_submitphpaction()
 
     $config['openvpn']['openvpn-server'][] = $server;
 
-    openvpn_resync('server', $server);
     write_config();
 
+    openvpn_configure_single($server['vpnid']);
+    openvpn_configure_csc();
+
     header(url_safe('Location: /vpn_openvpn_server.php'));
     exit;
 }

src/etc/inc/services.inc

@@ -43,10 +43,10 @@
  * as plugins, but the things listed below are viable
  * targets in the future:
  */
-require_once('openvpn.inc');
 require_once('plugins.inc.d/dnsmasq.inc');
 require_once('plugins.inc.d/dyndns.inc');
 require_once('plugins.inc.d/ipsec.inc');
+require_once('plugins.inc.d/openvpn.inc');
 require_once('plugins.inc.d/rfc2136.inc');
 require_once('plugins.inc.d/openssh.inc');
 require_once('plugins.inc.d/unbound.inc');

src/etc/inc/xmlrpc/legacy.inc

@@ -137,8 +137,6 @@ function filter_configure_xmlrpc()
     local_sync_accounts();
     plugins_configure('dns');
     services_dhcpd_configure();
-    openvpn_resync_all();
-
     plugins_configure('remote');
 
     return true;

src/etc/rc.bootup

@@ -97,7 +97,7 @@ system_syslogd_start(true);
 
 openvpn_prepare_all(true);
 interfaces_configure(true);
-openvpn_resync_all(null, true);
+openvpn_configure_do(true);
 
 system_resolvconf_generate(true);
 filter_configure_sync(true);

src/etc/rc.carpbackup

@@ -48,12 +48,4 @@ notify_via_growl($notificationmsg);
 log_error($notificationmsg);
 
 /* Stop OpenVPN clients running on this VIP, since multiple active OpenVPN clients on a CARP cluster can be problematic. */
-global $config;
-if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) {
-	foreach ($config['openvpn']['openvpn-client'] as $settings) {
-		if ($settings['interface'] == $carp_iface) {
-			log_error("Stopping OpenVPN client instance on {$friendly_descr} because of transition to CARP backup.");
-			openvpn_restart('client', $settings);
-		}
-	}
-}
+openvpn_carp_stop($carp_iface);

src/etc/rc.carpmaster

@@ -48,20 +48,4 @@ notify_via_growl($notificationmsg);
 log_error($notificationmsg);
 
 /* Start OpenVPN clients running on this VIP, since they should be in the stopped state while the VIP is CARP Backup. */
-global $config;
-if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) {
-	foreach ($config['openvpn']['openvpn-client'] as $settings) {
-		if ($settings['interface'] == $carp_iface) {
-			log_error("Starting OpenVPN client instance on {$friendly_descr} because of transition to CARP master.");
-			openvpn_restart('client', $settings);
-		}
-	}
-}
-if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) {
-	foreach ($config['openvpn']['openvpn-server'] as $settings) {
-		if ($settings['interface'] == $carp_iface) {
-			log_error("Starting OpenVPN instance on {$friendly_descr} because of transition to CARP master.");
-			openvpn_restart('server', $settings);
-		}
-	}
-}
+openvpn_carp_start($carp_iface);

src/etc/rc.newwanip

@@ -180,11 +180,6 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface
         @file_put_contents("/var/db/{$interface}_cacheip", $curwanip);
     }
 
-    /* start OpenVPN server & clients */
-    if (substr($interface_real, 0, 4) != "ovpn") {
-        openvpn_resync_all($interface);
-    }
-
     plugins_configure('vpn', false, array($interface));
     plugins_configure('newwanip', false, array($interface));
     rrd_configure();

src/etc/rc.newwanipv6

@@ -117,13 +117,8 @@ if (is_ipaddrv6($oldipv6)) {
     if ($curwanipv6 == $oldipv6) {
         // Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing.
         if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) {
-            /* reconfigure IPsec tunnels */
             ipsec_configure_do(false, $interface);
-
-            /* start OpenVPN server & clients */
-            if (substr($interface_real, 0, 4) != "ovpn") {
-                openvpn_resync_all($interface);
-            }
+            openvpn_configure_do(false, $interface);
         }
         return;
     } elseif (does_interface_exist($interface_real)) {
@@ -133,11 +128,6 @@ if (is_ipaddrv6($oldipv6)) {
     file_put_contents("/var/db/{$interface}_cacheipv6", $curwanipv6);
 }
 
-/* start OpenVPN server & clients */
-if (substr($interface_real, 0, 4) != 'ovpn') {
-    openvpn_resync_all($interface);
-}
-
 plugins_configure('vpn', false, array($interface));
 plugins_configure('newwanip', false, array($interface));
 rrd_configure();

src/etc/rc.openvpn

@@ -32,7 +32,7 @@ require_once("util.inc");
 require_once("config.inc");
 require_once("interfaces.inc");
 require_once("filter.inc");
-require_once("openvpn.inc");
+require_once("plugins.inc.d/openvpn.inc");
 
 function gateway_is_gwgroup_member($name)
 {
@@ -60,35 +60,6 @@ function gateway_is_gwgroup_member($name)
     return $members;
 }
 
-function openvpn_resync_if_needed($mode, $ovpn_settings, $interface)
-{
-    global $config;
-
-    $resync_needed = true;
-    if (isset($ovpn_settings['disable'])) {
-        $resync_needed = false;
-    } else {
-        if (!empty($interface)) {
-            $mode_id = $mode . $ovpn_settings['vpnid'];
-            $fpath = "/var/etc/openvpn/{$mode_id}.interface";
-            if (file_exists($fpath)) {
-                $current_device = file_get_contents($fpath);
-                $current_device = trim($current_device, " \t\n");
-                $new_device = get_failover_interface($ovpn_settings['interface']);
-                if (isset($config['interfaces'][$interface])) {
-                    $this_device = $config['interfaces'][$interface]['if'];
-                    if (($current_device == $new_device) && ($current_device != $this_device))
-                        $resync_needed = false;
-                }
-            }
-        }
-    }
-    if ($resync_needed == true) {
-        log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']);
-        openvpn_resync($mode, $ovpn_settings);
-    }
-}
-
 function try_lock($lock, $timeout = 5)
 {
     if (!$lock) {

src/sbin/ovpn_auth_verify

 #!/bin/sh
 
 if [ "$1" = "tls" ]; then
-	/usr/local/bin/php /usr/local/etc/inc/openvpn.tls-verify.php -d "$2" "$3"
+	/usr/local/bin/php /usr/local/etc/inc/plugins.inc.d/openvpn/tls-verify.php -d "$2" "$3"
 else
 	# Single quoting $password breaks getting the value from the variable.
 	# XXX I really don't like going through openssl for this...
 	password=$(echo -n "${password}" | /usr/local/bin/openssl enc -base64 | sed -e 's/=/%3D/g')
 	username=$(echo -n "${username}" | /usr/local/bin/openssl enc -base64 | sed -e 's/=/%3D/g')
 
-	/usr/local/bin/php /usr/local/etc/inc/openvpn.auth-user.php "$username" "$password" "$common_name" "$3" "$2" "$4"
+	/usr/local/bin/php /usr/local/etc/inc/plugins.inc.d/openvpn/auth-user.php "$username" "$password" "$common_name" "$3" "$2" "$4"
 fi
 
 exit $?

src/wizard/openvpn.xml

@@ -28,7 +28,7 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 </copyright>
-<includefile>openvpn_wizard.inc</includefile>
+<includefile>plugins.inc.d/openvpn/wizard.inc</includefile>
 <totalsteps>12</totalsteps>
 <step>
 	<id>1</id>

src/www/status_openvpn.php

@@ -30,7 +30,7 @@
 */
 
 require_once("guiconfig.inc");
-require_once("openvpn.inc");
+require_once("plugins.inc.d/openvpn.inc");
 require_once("services.inc");
 require_once("interfaces.inc");
 

src/www/system_crlmanager.php

@@ -30,38 +30,6 @@
 require_once('guiconfig.inc');
 require_once('services.inc');
 
-function openvpn_refresh_crls()
-{
-    global $config;
-
-    openvpn_create_dirs();
-
-    if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) {
-        foreach ($config['openvpn']['openvpn-server'] as $settings) {
-            if (empty($settings) || isset($settings['disable'])) {
-                continue;
-            }
-            // Write the settings for the keys
-            switch($settings['mode']) {
-                case 'p2p_tls':
-                case 'server_tls':
-                case 'server_tls_user':
-                case 'server_user':
-                    if (!empty($settings['crlref'])) {
-                        $crl = lookup_crl($settings['crlref']);
-                        crl_update($crl);
-                        $fpath = "/var/etc/openvpn/server{$settings['vpnid']}.crl-verify";
-                        file_put_contents($fpath, base64_decode($crl['text']));
-                        @chmod($fpath, 0644);
-                    }
-                    break;
-            }
-        }
-    }
-}
-
-
-
 function cert_unrevoke($cert, & $crl) {
     global $config;
     if (!is_crl_internal($crl)) {
@@ -85,6 +53,7 @@ function cert_unrevoke($cert, & $crl) {
     }
     return false;
 }
+
 // openssl_crl_status messages from certs.inc
 global $openssl_crl_status;
 

src/www/system_gateway_groups.php

@@ -33,35 +33,6 @@ require_once("system.inc");
 require_once("services.inc");
 require_once("rrd.inc");
 
-// Resync and restart all VPNs using a gateway group.
-function openvpn_resync_gwgroup($gwgroupname = "") {
-    global $config;
-
-    if (!empty($gwgroupname)) {
-        if (isset($config['openvpn']['openvpn-server'])) {
-            foreach ($config['openvpn']['openvpn-server'] as & $settings) {
-                if ($gwgroupname == $settings['interface']) {
-                    log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . ".");
-                    openvpn_resync('server', $settings);
-                }
-            }
-        }
-
-        if (isset($config['openvpn']['openvpn-client'])) {
-            foreach ($config['openvpn']['openvpn-client'] as & $settings) {
-                if ($gwgroupname == $settings['interface']) {
-                    log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . ".");
-                    openvpn_resync('client', $settings);
-                }
-            }
-        }
-        // Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these.
-    } else {
-        log_error("openvpn_resync_gwgroup called with null gwgroup parameter.");
-    }
-}
-
-
 if (!isset($config['gateways']['gateway_group']) || !is_array($config['gateways']['gateway_group'])) {
     $a_gateway_groups = array();
 } else {
@@ -101,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         foreach ($a_gateway_groups as $gateway_group) {
             $gw_subsystem = 'gwgroup.' . $gateway_group['name'];
             if (is_subsystem_dirty($gw_subsystem)) {
-                openvpn_resync_gwgroup($gateway_group['name']);
+                openvpn_configure_gwgroup($gateway_group['name']);
                 clear_subsystem_dirty($gw_subsystem);
             }
         }

src/www/vpn_openvpn_client.php

@@ -28,7 +28,7 @@
 */
 
 require_once("guiconfig.inc");
-require_once("openvpn.inc");
+require_once("plugins.inc.d/openvpn.inc");
 require_once("services.inc");
 require_once("interfaces.inc");
 
@@ -167,8 +167,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             } else {
                 $a_client[$id]['disable'] = true;
             }
-            openvpn_resync('client', $a_client[$id]);
             write_config();
+            openvpn_configure_single($a_client[$id]['vpnid']);
         }
         header(url_safe('Location: /vpn_openvpn_client.php'));
         exit;
@@ -335,9 +335,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 $a_client[] = $client;
             }
 
-            openvpn_resync('client', $client);
             write_config();
 
+            openvpn_configure_single($client['vpnid']);
+
             header(url_safe('Location: /vpn_openvpn_client.php'));
             exit;
         }

src/www/vpn_openvpn_csc.php

@@ -28,7 +28,7 @@
 */
 
 require_once("guiconfig.inc");
-require_once("openvpn.inc");
+require_once("plugins.inc.d/openvpn.inc");
 require_once("services.inc");
 require_once("interfaces.inc");
 
@@ -121,7 +121,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 $a_csc[$id]['disable'] = true;
             }
             write_config();
-            openvpn_resync_csc();
+            openvpn_configure_csc();
         }
         header(url_safe('Location: /vpn_openvpn_csc.php'));
         exit;
@@ -222,7 +222,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 @unlink('/var/etc/openvpn-csc/' . basename($old_csc_cn));
             }
             write_config();
-            openvpn_resync_csc();
+            openvpn_configure_csc();
 
             header(url_safe('Location: /vpn_openvpn_csc.php'));
             exit;

src/www/vpn_openvpn_export.php

@@ -30,7 +30,7 @@
 */
 
 require_once("guiconfig.inc");
-require_once("openvpn.inc");
+require_once("plugins.inc.d/openvpn.inc");
 require_once("services.inc");
 require_once("filter.inc");
 require_once("interfaces.inc");

src/www/vpn_openvpn_server.php

@@ -28,7 +28,7 @@
 */
 
 require_once("guiconfig.inc");
-require_once("openvpn.inc");
+require_once("plugins.inc.d/openvpn.inc");
 require_once("services.inc");
 require_once("interfaces.inc");
 
@@ -149,8 +149,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             } else {
                 $a_server[$id]['disable'] = true;
             }
-            openvpn_resync('server', $a_server[$id]);
             write_config();
+            openvpn_configure_single($a_server[$id]['vpnid']);
         }
         header(url_safe('Location: /vpn_openvpn_server.php'));
         exit;
@@ -401,9 +401,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 $a_server[] = $server;
             }
 
-            openvpn_resync('server', $server);
             write_config();
-            openvpn_resync_csc(); // dump client specific overrides, the required set may have changed
+
+            openvpn_configure_single($server['vpnid']);
+            openvpn_configure_csc();
 
             header(url_safe('Location: /vpn_openvpn_server.php'));
             exit;

src/www/widgets/widgets/openvpn.widget.php

@@ -27,14 +27,13 @@
 */
 
 require_once("guiconfig.inc");
-require_once("openvpn.inc");
-
+require_once("plugins.inc.d/openvpn.inc");
 
 $servers = openvpn_get_active_servers();
 $sk_servers = openvpn_get_active_servers("p2p");
 $clients = openvpn_get_active_clients();
-?>
 
+?>
 <script type="text/javascript">
     $( document ).ready(function() {
         // link kill buttons