Commit efb06220 authored by Franco Fichtner's avatar Franco Fichtner

vpn: merge three OpenVPN changes from master

Since the changes are splattered over several commits already
taken apart by other cherry-picks, just sync the files that
have not had their changes moved to stable/16.7 yet.

o Adapt to cipher output changes in OpenVPN 2.1.12
o Improve plugin probing for virtual interface
o Added missing IPv6 Tunnel Network for CSC
parent 82bc5b81
......@@ -82,6 +82,7 @@ function openvpn_create_key()
function openvpn_vpnid_used($vpnid)
{
global $config;
if (isset($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as &$settings) {
if ($vpnid == $settings['vpnid']) {
......@@ -99,7 +100,7 @@ function openvpn_vpnid_used($vpnid)
}
return false;
}
}
function openvpn_vpnid_next()
{
......@@ -165,13 +166,14 @@ function openvpn_port_next($prot, $interface = "wan")
function openvpn_get_cipherlist()
{
$ciphers = array();
$cipher_out = shell_exec('/usr/local/sbin/openvpn --show-ciphers | /usr/bin/grep "default key" | /usr/bin/awk \'{print $1, "(" $2 "-" $3 ")";}\'');
$cipher_lines = explode("\n", trim($cipher_out));
sort($cipher_lines);
foreach ($cipher_lines as $line) {
$words = explode(' ', $line);
$ciphers[$words[0]] = "{$words[0]} {$words[1]}";
exec('/usr/local/sbin/openvpn --show-ciphers', $lines);
foreach ($lines as $line) {
if (strstr($line, '(') !== false) {
$cipher = explode(' ', $line)[0];
$ciphers[$cipher] = $line;
}
}
ksort($ciphers);
$ciphers["none"] = gettext("None (No Encryption)");
return $ciphers;
}
......@@ -179,13 +181,15 @@ function openvpn_get_cipherlist()
function openvpn_get_digestlist()
{
$digests = array();
$digest_out = shell_exec('/usr/local/sbin/openvpn --show-digests | /usr/bin/grep "digest size" | /usr/bin/awk \'{print $1, "(" $2 "-" $3 ")";}\'');
$digest_lines = explode("\n", trim($digest_out));
sort($digest_lines);
foreach ($digest_lines as $line) {
$words = explode(' ', $line);
$digests[$words[0]] = "{$words[0]} {$words[1]}";
exec('/usr/local/sbin/openvpn --show-digests', $lines);
foreach ($lines as $line) {
if (strstr($line, 'digest size') !== false) {
$digest = explode(' ', $line)[0];
$bits = explode(' ', explode('bit', $line)[0])[1];
$digests[$digest] = $digest . " (".$bits."-bit)";
}
}
ksort($digests);
$digests["none"] = gettext("None (No Authentication)");
return $digests;
}
......@@ -936,6 +940,15 @@ function openvpn_resync_csc_conf($settings, $server)
$conf .= "ifconfig-push {$clientip} " . gen_subnet_mask($mask) . "\n";
}
}
if (!empty($settings['tunnel_networkv6'])) {
list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']);
list($ipv6_1, $ipv6_2) = openvpn_get_interface_ipv6($ipv6, $prefix);
if ($server['dev_mode'] == 'tun' && empty($server['topology_subnet'])) {
$conf .= "ifconfig-ipv6-push {$ipv6_2} {$ipv6_1}\n";
} else {
$conf .= "ifconfig-ipv6-push {$ipv6_2} {$prefix}\n";
}
}
if (!empty($settings['local_network'])) {
$conf .= openvpn_gen_routes($settings['local_network'], "ipv4", true);
......
......@@ -73,15 +73,21 @@ function if_openvpn_interfaces()
$interfaces = array();
/* add openvpn interfaces */
if (isset($config['openvpn']['openvpn-server']) || isset($config['openvpn']['openvpn-client'])) {
$oic = array("enable" => true);
$oic['if'] = "openvpn";
foreach (array('server', 'client') as $mode) {
if (isset($config['openvpn']["openvpn-{$mode}"])) {
foreach ($config['openvpn']["openvpn-{$mode}"] as &$settings) {
if (!isset($settings['disable'])) {
$oic = array('enable' => true);
$oic['if'] = 'openvpn';
$oic['descr'] = 'OpenVPN';
$oic['type'] = "none";
$oic['type'] = 'none';
$oic['virtual'] = true;
$oic['networks'] = array();
$interfaces['openvpn'] = $oic;
break 2;
}
}
}
}
return $interfaces;
......
......@@ -35,7 +35,7 @@ require_once("plugins.inc");
// define all fields used in this form
$all_form_fields = "custom_options,disable,common_name,block,description
,tunnel_network,local_network,local_networkv6,remote_network
,tunnel_network,tunnel_networkv6,local_network,local_networkv6,remote_network
,remote_networkv6,gwredir,push_reset,dns_domain,dns_server1
,dns_server2,dns_server3,dns_server4,ntp_server1,ntp_server2
,netbios_enable,netbios_ntype,netbios_scope,wins_server1
......@@ -131,6 +131,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network')) {
$input_errors[] = $result;
}
if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) {
$input_errors[] = $result;
}
if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4")) {
$input_errors[] = $result;
}
......@@ -466,6 +469,21 @@ if ($act!="new" && $act!="edit") {
</div>
</td>
</tr>
<tr>
<td><a id="help_for_tunnel_networkv6" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("IPv6 Tunnel Network"); ?></td>
<td>
<input name="tunnel_networkv6" type="text" value="<?=$pconfig['tunnel_networkv6'];?>" />
<div class="hidden" for="help_for_tunnel_networkv6">
<?=gettext("This is the IPv6 virtual network used for private " .
"communications between this server and client " .
"hosts expressed using CIDR (eg. fe80::/64). " .
"The first network address will be assigned to " .
"the server virtual interface. The remaining " .
"network addresses can optionally be assigned " .
"to connecting clients. (see Address Pool)"); ?>
</div>
</td>
</tr>
<tr id="local_optsv4">
<td><a id="help_for_local_network" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("IPv4 Local Network"); ?></td>
<td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment