Commit aff94b55 authored by Franco Fichtner's avatar Franco Fichtner

openvpn: naming and call conventions, pull more internal code into plugin

Looking at openvpn_configure_server() and openvpn_configure_client()
it becomes a bit clearer why they take a config.xml subset: it's beause
the write_config() ordering was flipped.  We could probably now pass
an ID and let the code figure out if it is a client or server...
parent 8ba7da8f
...@@ -2486,26 +2486,9 @@ function interface_virtual_create($interface) ...@@ -2486,26 +2486,9 @@ function interface_virtual_create($interface)
interfaces_gre_configure(0, $interface); interfaces_gre_configure(0, $interface);
} elseif (substr($interface, 0, 3) == "gif") { } elseif (substr($interface, 0, 3) == "gif") {
interfaces_gif_configure(0, $interface); interfaces_gif_configure(0, $interface);
} elseif (substr($interface, 0, 5) == "ovpns") { } elseif (substr($interface, 0, 4) == "ovpn") {
if (isset($config['openvpn']['openvpn-server'])) { /* XXX this looks like a plugin spot... */
foreach ($config['openvpn']['openvpn-server'] as $server) { openvpn_configure_interface($interface);
if ($interface == "ovpns{$server['vpnid']}") {
log_error("OpenVPN: Resync server {$server['description']}");
openvpn_resync('server', $server);
}
}
unset($server);
}
} elseif (substr($interface, 0, 5) == "ovpnc") {
if (isset($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as $client) {
if ($interface == "ovpnc{$client['vpnid']}") {
log_error("OpenVPN: Resync server {$client['description']}");
openvpn_resync('client', $client);
}
}
unset($client);
}
} elseif (substr($interface, 0, 4) == "lagg") { } elseif (substr($interface, 0, 4) == "lagg") {
interfaces_lagg_configure($interface); interfaces_lagg_configure($interface);
} elseif (substr($interface, 0, 6) == "bridge") { } elseif (substr($interface, 0, 6) == "bridge") {
......
...@@ -30,6 +30,14 @@ ...@@ -30,6 +30,14 @@
POSSIBILITY OF SUCH DAMAGE. POSSIBILITY OF SUCH DAMAGE.
*/ */
function openvpn_configure()
{
return array(
'interface' => array('openvpn_configure_do:2'),
'remote' => array('openvpn_configure_do'),
);
}
function openvpn_syslog() function openvpn_syslog()
{ {
$logfacilities = array(); $logfacilities = array();
...@@ -995,14 +1003,13 @@ function openvpn_delete($mode, & $settings) ...@@ -995,14 +1003,13 @@ function openvpn_delete($mode, & $settings)
@array_map('unlink', glob("/var/etc/openvpn/{$mode_id}.*")); @array_map('unlink', glob("/var/etc/openvpn/{$mode_id}.*"));
} }
/** /**
* generate config (text) data for a single client specific override * generate config (text) data for a single client specific override
* @param array $settings csc item * @param array $settings csc item
* @param array $server openvpn server item * @param array $server openvpn server item
* @return string * @return string
*/ */
function openvpn_resync_csc_conf($settings, $server) function openvpn_csc_conf($settings, $server)
{ {
$conf = ''; $conf = '';
if (!empty($settings['block'])) { if (!empty($settings['block'])) {
...@@ -1065,7 +1072,7 @@ function openvpn_resync_csc_conf($settings, $server) ...@@ -1065,7 +1072,7 @@ function openvpn_resync_csc_conf($settings, $server)
/** /**
* resync all client specific overrides * resync all client specific overrides
*/ */
function openvpn_resync_csc() function openvpn_configure_csc()
{ {
global $config; global $config;
$generated_cscs = array(); $generated_cscs = array();
...@@ -1087,7 +1094,7 @@ function openvpn_resync_csc() ...@@ -1087,7 +1094,7 @@ function openvpn_resync_csc()
if (!isset($generated_cscs[$server['vpnid']])) { if (!isset($generated_cscs[$server['vpnid']])) {
$generated_cscs[$vpnid] = array(); $generated_cscs[$vpnid] = array();
} }
$conf = openvpn_resync_csc_conf($settings, $server); $conf = openvpn_csc_conf($settings, $server);
$target_filename = "/var/etc/openvpn-csc/".$vpnid."/".$settings['common_name']; $target_filename = "/var/etc/openvpn-csc/".$vpnid."/".$settings['common_name'];
file_put_contents($target_filename, $conf); file_put_contents($target_filename, $conf);
chown($target_filename, 'nobody'); chown($target_filename, 'nobody');
...@@ -1136,13 +1143,46 @@ function openvpn_prepare_all($verbose = false) ...@@ -1136,13 +1143,46 @@ function openvpn_prepare_all($verbose = false)
} }
} }
function openvpn_resync($mode, $settings) function openvpn_configure_interface($interface)
{ {
openvpn_reconfigure($mode, $settings); global $config;
openvpn_restart($mode, $settings);
if (substr($interface, 0, 5) == 'ovpns') {
if (isset($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as $server) {
if ($interface == "ovpns{$server['vpnid']}") {
log_error("OpenVPN: Resync server {$server['description']}");
openvpn_configure_server($server);
}
}
unset($server);
}
} elseif (substr($interface, 0, 5) == 'ovpnc') {
if (isset($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as $client) {
if ($interface == "ovpnc{$client['vpnid']}") {
log_error("OpenVPN: Resync server {$client['description']}");
openvpn_configure_client($client);
}
}
unset($client);
}
}
}
function openvpn_configure_client($settings)
{
openvpn_reconfigure('client', $settings);
openvpn_restart('client', $settings);
}
function openvpn_configure_server($settings)
{
openvpn_reconfigure('server', $settings);
openvpn_restart('server', $settings);
} }
function openvpn_resync_all($interface = null, $verbose = false) function openvpn_configure_do($verbose = false, $interface = '')
{ {
global $config; global $config;
...@@ -1152,12 +1192,11 @@ function openvpn_resync_all($interface = null, $verbose = false) ...@@ -1152,12 +1192,11 @@ function openvpn_resync_all($interface = null, $verbose = false)
return; return;
} }
if ($verbose) {
echo 'Syncing OpenVPN settings...';
flush();
}
if (!empty($interface)) { if (!empty($interface)) {
$interface_real = get_real_interface($interface);
if (substr($interface_real, 0, 4) == 'ovpn') {
return;
}
log_error(sprintf( log_error(sprintf(
'Resyncing OpenVPN instances for interface %s.', 'Resyncing OpenVPN instances for interface %s.',
convert_friendly_interface_to_friendly_descr($interface) convert_friendly_interface_to_friendly_descr($interface)
...@@ -1166,17 +1205,23 @@ function openvpn_resync_all($interface = null, $verbose = false) ...@@ -1166,17 +1205,23 @@ function openvpn_resync_all($interface = null, $verbose = false)
log_error('Resyncing OpenVPN instances.'); log_error('Resyncing OpenVPN instances.');
} }
if ($verbose) {
echo 'Syncing OpenVPN settings...';
flush();
}
foreach (array('server', 'client') as $mode) { foreach (array('server', 'client') as $mode) {
if (isset($config['openvpn']["openvpn-{$mode}"])) { if (isset($config['openvpn']["openvpn-{$mode}"])) {
foreach ($config['openvpn']["openvpn-{$mode}"] as &$settings) { foreach ($config['openvpn']["openvpn-{$mode}"] as &$settings) {
if (empty($interface) || $interface == $settings['interface']) { if (empty($interface) || $interface == $settings['interface']) {
openvpn_resync($mode, $settings); openvpn_reconfigure($mode, $settings);
openvpn_restart($mode, $settings);
} }
} }
} }
} }
openvpn_resync_csc(); openvpn_configure_csc();
if ($verbose) { if ($verbose) {
echo "done.\n"; echo "done.\n";
...@@ -1532,31 +1577,36 @@ function openvpn_get_remote_access_servers() ...@@ -1532,31 +1577,36 @@ function openvpn_get_remote_access_servers()
} }
// Resync and restart all VPNs using a gateway group. // Resync and restart all VPNs using a gateway group.
function openvpn_resync_gwgroup($gwgroupname = "") { function openvpn_configure_gwgroup($gwgroupname = '')
{
global $config; global $config;
if (!empty($gwgroupname)) { if (empty($gwgroupname)) {
if (isset($config['openvpn']['openvpn-server'])) { log_error("openvpn_configure_gwgroup() called without gwgroup parameter.");
foreach ($config['openvpn']['openvpn-server'] as & $settings) { return;
if ($gwgroupname == $settings['interface']) { }
log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . ".");
openvpn_resync('server', $settings); if (isset($config['openvpn']['openvpn-server'])) {
} foreach ($config['openvpn']['openvpn-server'] as & $settings) {
if ($gwgroupname == $settings['interface']) {
log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . ".");
openvpn_reconfigure('server', $settings);
openvpn_restart('server', $settings);
} }
} }
}
if (isset($config['openvpn']['openvpn-client'])) { if (isset($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as & $settings) { foreach ($config['openvpn']['openvpn-client'] as & $settings) {
if ($gwgroupname == $settings['interface']) { if ($gwgroupname == $settings['interface']) {
log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . "."); log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . ".");
openvpn_resync('client', $settings); openvpn_reconfigure('client', $settings);
} openvpn_restart('client', $settings);
} }
} }
// Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these.
} else {
log_error("openvpn_resync_gwgroup called with null gwgroup parameter.");
} }
// Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these.
} }
function openvpn_refresh_crls() function openvpn_refresh_crls()
...@@ -1614,7 +1664,8 @@ function openvpn_resync_if_needed($mode, $ovpn_settings, $interface) ...@@ -1614,7 +1664,8 @@ function openvpn_resync_if_needed($mode, $ovpn_settings, $interface)
} }
if ($resync_needed == true) { if ($resync_needed == true) {
log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']); log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']);
openvpn_resync($mode, $ovpn_settings); openvpn_reconfigure($mode, $ovpn_settings);
openvpn_restart($mode, $ovpn_settings);
} }
} }
......
...@@ -731,9 +731,11 @@ function step12_submitphpaction() ...@@ -731,9 +731,11 @@ function step12_submitphpaction()
$config['openvpn']['openvpn-server'][] = $server; $config['openvpn']['openvpn-server'][] = $server;
openvpn_resync('server', $server);
write_config(); write_config();
openvpn_configure_server($server);
openvpn_configure_csc();
header(url_safe('Location: /vpn_openvpn_server.php')); header(url_safe('Location: /vpn_openvpn_server.php'));
exit; exit;
} }
...@@ -137,7 +137,6 @@ function filter_configure_xmlrpc() ...@@ -137,7 +137,6 @@ function filter_configure_xmlrpc()
local_sync_accounts(); local_sync_accounts();
plugins_configure('dns'); plugins_configure('dns');
services_dhcpd_configure(); services_dhcpd_configure();
openvpn_resync_all();
plugins_configure('remote'); plugins_configure('remote');
return true; return true;
......
...@@ -93,7 +93,7 @@ system_syslogd_start(true); ...@@ -93,7 +93,7 @@ system_syslogd_start(true);
openvpn_prepare_all(true); openvpn_prepare_all(true);
interfaces_configure(true); interfaces_configure(true);
openvpn_resync_all(null, true); openvpn_configure_do(true);
system_resolvconf_generate(true); system_resolvconf_generate(true);
filter_configure_sync(true); filter_configure_sync(true);
......
...@@ -181,16 +181,11 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface ...@@ -181,16 +181,11 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface
@file_put_contents("/var/db/{$interface}_cacheip", $curwanip); @file_put_contents("/var/db/{$interface}_cacheip", $curwanip);
} }
/* start OpenVPN server & clients */ /* reload plugins */
if (substr($interface_real, 0, 4) != "ovpn") { plugins_configure('interface', false, array($interface));
openvpn_resync_all($interface);
}
/* reload graphing functions */ /* reload graphing functions */
enable_rrd_graphing(); enable_rrd_graphing();
/* reload plugins */
plugins_configure('interface', false, array($interface));
} }
/* reload filter, don't try to sync to carp slave */ /* reload filter, don't try to sync to carp slave */
......
...@@ -121,13 +121,9 @@ if (is_ipaddrv6($oldipv6)) { ...@@ -121,13 +121,9 @@ if (is_ipaddrv6($oldipv6)) {
if ($curwanipv6 == $oldipv6) { if ($curwanipv6 == $oldipv6) {
// Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing. // Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing.
if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) { if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) {
/* XXX WHY IN GODS NAME IS THIS CALLED TWICE AND CUT SHORT?? */ /* XXX migrate this: we should unify the reload */
ipsec_configure_do(false, $inteface); ipsec_configure_do(false, $inteface);
openvpn_configure_do(false, $interface);
/* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn") {
openvpn_resync_all($interface);
}
} }
return; return;
} elseif (does_interface_exist($interface_real)) { } elseif (does_interface_exist($interface_real)) {
...@@ -137,13 +133,8 @@ if (is_ipaddrv6($oldipv6)) { ...@@ -137,13 +133,8 @@ if (is_ipaddrv6($oldipv6)) {
file_put_contents("/var/db/{$interface}_cacheipv6", $curwanipv6); file_put_contents("/var/db/{$interface}_cacheipv6", $curwanipv6);
} }
/* start OpenVPN server & clients */ /* reload plugins */
if (substr($interface_real, 0, 4) != 'ovpn') { plugins_configure('interface', false, array($interface));
openvpn_resync_all($interface);
}
/* reload graphing functions */ /* reload graphing functions */
enable_rrd_graphing(); enable_rrd_graphing();
/* reload plugins */
plugins_configure('interface', false, array($interface));
...@@ -72,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -72,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
foreach ($a_gateway_groups as $gateway_group) { foreach ($a_gateway_groups as $gateway_group) {
$gw_subsystem = 'gwgroup.' . $gateway_group['name']; $gw_subsystem = 'gwgroup.' . $gateway_group['name'];
if (is_subsystem_dirty($gw_subsystem)) { if (is_subsystem_dirty($gw_subsystem)) {
openvpn_resync_gwgroup($gateway_group['name']); openvpn_configure_gwgroup($gateway_group['name']);
clear_subsystem_dirty($gw_subsystem); clear_subsystem_dirty($gw_subsystem);
} }
} }
......
...@@ -167,8 +167,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -167,8 +167,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} else { } else {
$a_client[$id]['disable'] = true; $a_client[$id]['disable'] = true;
} }
openvpn_resync('client', $a_client[$id]);
write_config(); write_config();
openvpn_configure_client($a_client[$id]);
} }
header(url_safe('Location: /vpn_openvpn_client.php')); header(url_safe('Location: /vpn_openvpn_client.php'));
exit; exit;
...@@ -335,9 +335,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -335,9 +335,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$a_client[] = $client; $a_client[] = $client;
} }
openvpn_resync('client', $client);
write_config(); write_config();
openvpn_configure_client($client);
header(url_safe('Location: /vpn_openvpn_client.php')); header(url_safe('Location: /vpn_openvpn_client.php'));
exit; exit;
} }
......
...@@ -121,7 +121,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -121,7 +121,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$a_csc[$id]['disable'] = true; $a_csc[$id]['disable'] = true;
} }
write_config(); write_config();
openvpn_resync_csc(); openvpn_configure_csc();
} }
header(url_safe('Location: /vpn_openvpn_csc.php')); header(url_safe('Location: /vpn_openvpn_csc.php'));
exit; exit;
...@@ -222,7 +222,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -222,7 +222,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
@unlink('/var/etc/openvpn-csc/' . basename($old_csc_cn)); @unlink('/var/etc/openvpn-csc/' . basename($old_csc_cn));
} }
write_config(); write_config();
openvpn_resync_csc(); openvpn_configure_csc();
header(url_safe('Location: /vpn_openvpn_csc.php')); header(url_safe('Location: /vpn_openvpn_csc.php'));
exit; exit;
......
...@@ -149,8 +149,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -149,8 +149,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} else { } else {
$a_server[$id]['disable'] = true; $a_server[$id]['disable'] = true;
} }
openvpn_resync('server', $a_server[$id]);
write_config(); write_config();
openvpn_configure_server($a_server[$id]);
} }
header(url_safe('Location: /vpn_openvpn_server.php')); header(url_safe('Location: /vpn_openvpn_server.php'));
exit; exit;
...@@ -401,9 +401,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -401,9 +401,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$a_server[] = $server; $a_server[] = $server;
} }
openvpn_resync('server', $server);
write_config(); write_config();
openvpn_resync_csc(); // dump client specific overrides, the required set may have changed
openvpn_configure_server($server);
openvpn_configure_csc();
header(url_safe('Location: /vpn_openvpn_server.php')); header(url_safe('Location: /vpn_openvpn_server.php'));
exit; exit;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment