Commit f862e857 authored by Ad Schellevis's avatar Ad Schellevis

(legacy) spaces and curly braces in openvpn.inc

parent 4f0a083e
<?php <?php
/* /*
Copyright (C) 2016 Deciso B.V.
Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com>
Copyright (C) 2006 Fernando Lemos Copyright (C) 2006 Fernando Lemos
Copyright (C) 2005 Peter Allgeyer <allgeyer_AT_web.de> Copyright (C) 2005 Peter Allgeyer <allgeyer_AT_web.de>
...@@ -63,7 +64,8 @@ $openvpn_compression_modes = array( ...@@ -63,7 +64,8 @@ $openvpn_compression_modes = array(
'' => gettext("No Preference"), '' => gettext("No Preference"),
'no' => gettext("Disabled - No Compression"), 'no' => gettext("Disabled - No Compression"),
'adaptive' => gettext("Enabled with Adaptive Compression"), 'adaptive' => gettext("Enabled with Adaptive Compression"),
'yes' => gettext("Enabled without Adaptive Compression")); 'yes' => gettext("Enabled without Adaptive Compression")
);
function openvpn_create_key() function openvpn_create_key()
{ {
...@@ -71,7 +73,6 @@ function openvpn_create_key() ...@@ -71,7 +73,6 @@ function openvpn_create_key()
if (!$fp) { if (!$fp) {
return false; return false;
} }
$rslt = stream_get_contents($fp); $rslt = stream_get_contents($fp);
pclose($fp); pclose($fp);
...@@ -81,7 +82,6 @@ function openvpn_create_key() ...@@ -81,7 +82,6 @@ function openvpn_create_key()
function openvpn_vpnid_used($vpnid) function openvpn_vpnid_used($vpnid)
{ {
global $config; global $config;
if (isset($config['openvpn']['openvpn-server'])) { if (isset($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as &$settings) { foreach ($config['openvpn']['openvpn-server'] as &$settings) {
if ($vpnid == $settings['vpnid']) { if ($vpnid == $settings['vpnid']) {
...@@ -99,14 +99,14 @@ function openvpn_vpnid_used($vpnid) ...@@ -99,14 +99,14 @@ function openvpn_vpnid_used($vpnid)
} }
return false; return false;
} }
function openvpn_vpnid_next() {
function openvpn_vpnid_next()
{
$vpnid = 1; $vpnid = 1;
while(openvpn_vpnid_used($vpnid)) while(openvpn_vpnid_used($vpnid)) {
$vpnid++; $vpnid++;
}
return $vpnid; return $vpnid;
} }
...@@ -115,48 +115,55 @@ function openvpn_port_used($prot, $interface, $port, $curvpnid = 0) { ...@@ -115,48 +115,55 @@ function openvpn_port_used($prot, $interface, $port, $curvpnid = 0) {
if (isset($config['openvpn']['openvpn-server'])) { if (isset($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as & $settings) { foreach ($config['openvpn']['openvpn-server'] as & $settings) {
if (isset($settings['disable'])) if (isset($settings['disable'])) {
continue; continue;
}
if ($curvpnid != 0 && $curvpnid == $settings['vpnid']) if ($curvpnid != 0 && $curvpnid == $settings['vpnid']) {
continue; continue;
}
if ($port == $settings['local_port'] && $prot == $settings['protocol'] && if ($port == $settings['local_port'] && $prot == $settings['protocol'] &&
($interface == $settings['interface'] || $interface == "any" || $settings['interface'] == "any")) ($interface == $settings['interface'] || $interface == "any" || $settings['interface'] == "any")) {
return $settings['vpnid']; return $settings['vpnid'];
} }
} }
}
if (isset($config['openvpn']['openvpn-client'])) { if (isset($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as & $settings) { foreach ($config['openvpn']['openvpn-client'] as & $settings) {
if (isset($settings['disable'])) if (isset($settings['disable'])) {
continue; continue;
}
if ($curvpnid != 0 && $curvpnid == $settings['vpnid']) if ($curvpnid != 0 && $curvpnid == $settings['vpnid']) {
continue; continue;
}
if ($port == $settings['local_port'] && $prot == $settings['protocol'] && if ($port == $settings['local_port'] && $prot == $settings['protocol'] &&
($interface == $settings['interface'] || $interface == "any" || $settings['interface'] == "any")) ($interface == $settings['interface'] || $interface == "any" || $settings['interface'] == "any")) {
return $settings['vpnid']; return $settings['vpnid'];
} }
} }
}
return 0; return 0;
} }
function openvpn_port_next($prot, $interface = "wan") { function openvpn_port_next($prot, $interface = "wan")
{
$port = 1194; $port = 1194;
while(openvpn_port_used($prot, $interface, $port)) while(openvpn_port_used($prot, $interface, $port)) {
$port++; $port++;
while(openvpn_port_used($prot, "any", $port)) }
while(openvpn_port_used($prot, "any", $port)) {
$port++; $port++;
}
return $port; return $port;
} }
function openvpn_get_cipherlist() { function openvpn_get_cipherlist()
{
$ciphers = array(); $ciphers = array();
$cipher_out = shell_exec('/usr/local/sbin/openvpn --show-ciphers | /usr/bin/grep "default key" | /usr/bin/awk \'{print $1, "(" $2 "-" $3 ")";}\''); $cipher_out = shell_exec('/usr/local/sbin/openvpn --show-ciphers | /usr/bin/grep "default key" | /usr/bin/awk \'{print $1, "(" $2 "-" $3 ")";}\'');
$cipher_lines = explode("\n", trim($cipher_out)); $cipher_lines = explode("\n", trim($cipher_out));
...@@ -169,8 +176,8 @@ function openvpn_get_cipherlist() { ...@@ -169,8 +176,8 @@ function openvpn_get_cipherlist() {
return $ciphers; return $ciphers;
} }
function openvpn_get_digestlist() { function openvpn_get_digestlist()
{
$digests = array(); $digests = array();
$digest_out = shell_exec('/usr/local/sbin/openvpn --show-digests | /usr/bin/grep "digest size" | /usr/bin/awk \'{print $1, "(" $2 "-" $3 ")";}\''); $digest_out = shell_exec('/usr/local/sbin/openvpn --show-digests | /usr/bin/grep "digest size" | /usr/bin/awk \'{print $1, "(" $2 "-" $3 ")";}\'');
$digest_lines = explode("\n", trim($digest_out)); $digest_lines = explode("\n", trim($digest_out));
...@@ -204,132 +211,163 @@ function openvpn_get_engines() ...@@ -204,132 +211,163 @@ function openvpn_get_engines()
$linematch = array(); $linematch = array();
preg_match("/\((.*)\)\s(.*)/", $engine, $linematch); preg_match("/\((.*)\)\s(.*)/", $engine, $linematch);
foreach ($details as $dt) { foreach ($details as $dt) {
if (strpos($dt, "unavailable") !== FALSE) if (strpos($dt, "unavailable") !== FALSE) {
$keep = false; $keep = false;
if (strpos($dt, "available") !== FALSE) }
if (strpos($dt, "available") !== FALSE) {
continue; continue;
if (strpos($dt, "[") !== FALSE) }
if (strpos($dt, "[") !== FALSE) {
$ciphers = trim($dt, "[]"); $ciphers = trim($dt, "[]");
} }
if (!empty($ciphers)) }
if (!empty($ciphers)) {
$ciphers = " - " . $ciphers; $ciphers = " - " . $ciphers;
if (strlen($ciphers) > 60) }
if (strlen($ciphers) > 60) {
$ciphers = substr($ciphers, 0, 60) . " ... "; $ciphers = substr($ciphers, 0, 60) . " ... ";
if ($keep) }
if ($keep) {
$openssl_engines[$linematch[1]] = $linematch[2] . $ciphers; $openssl_engines[$linematch[1]] = $linematch[2] . $ciphers;
} }
}
return $openssl_engines; return $openssl_engines;
} }
function openvpn_validate_engine($engine) { function openvpn_validate_engine($engine)
{
$engines = openvpn_get_engines(); $engines = openvpn_get_engines();
return array_key_exists($engine, $engines); return array_key_exists($engine, $engines);
} }
function openvpn_validate_port($value, $name) { function openvpn_validate_port($value, $name)
{
$value = trim($value); $value = trim($value);
if (empty($value) || !is_numeric($value) || $value < 0 || ($value > 65535)) if (empty($value) || !is_numeric($value) || $value < 0 || ($value > 65535)) {
return sprintf(gettext("The field '%s' must contain a valid port, ranging from 0 to 65535."), $name); return sprintf(gettext("The field '%s' must contain a valid port, ranging from 0 to 65535."), $name);
}
return false; return false;
} }
function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv4") { function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv4")
{
$value = trim($value); $value = trim($value);
$error = false; $error = false;
if (empty($value)) if (empty($value)) {
return false; return false;
}
$networks = explode(',', $value); $networks = explode(',', $value);
if (!$multiple && (count($networks) > 1)) if (!$multiple && (count($networks) > 1)) {
return sprintf(gettext("The field '%s' must contain a single valid %s CIDR range."), $name, $ipproto); return sprintf(gettext("The field '%s' must contain a single valid %s CIDR range."), $name, $ipproto);
}
foreach ($networks as $network) { foreach ($networks as $network) {
if ($ipproto == "ipv4") if ($ipproto == "ipv4") {
$error = !openvpn_validate_cidr_ipv4($network); $error = !openvpn_validate_cidr_ipv4($network);
else } else {
$error = !openvpn_validate_cidr_ipv6($network); $error = !openvpn_validate_cidr_ipv6($network);
if ($error) }
if ($error) {
break; break;
} }
}
if ($error) if ($error) {
return sprintf(gettext("The field '%s' must contain only valid %s CIDR range(s) separated by commas."), $name, $ipproto); return sprintf(gettext("The field '%s' must contain only valid %s CIDR range(s) separated by commas."), $name, $ipproto);
else } else {
return false; return false;
}
} }
function openvpn_validate_cidr_ipv4($value) { function openvpn_validate_cidr_ipv4($value) {
$value = trim($value); $value = trim($value);
if (!empty($value)) { if (!empty($value)) {
list($ip, $mask) = explode('/', $value); list($ip, $mask) = explode('/', $value);
if (!is_ipaddrv4($ip) or !is_numeric($mask) or ($mask > 32) or ($mask < 0)) if (!is_ipaddrv4($ip) or !is_numeric($mask) or ($mask > 32) or ($mask < 0)) {
return false; return false;
} }
}
return true; return true;
} }
function openvpn_validate_cidr_ipv6($value) { function openvpn_validate_cidr_ipv6($value)
{
$value = trim($value); $value = trim($value);
if (!empty($value)) { if (!empty($value)) {
list($ipv6, $prefix) = explode('/', $value); list($ipv6, $prefix) = explode('/', $value);
if (empty($prefix)) if (empty($prefix)) {
$prefix = "128"; $prefix = "128";
if (!is_ipaddrv6($ipv6) or !is_numeric($prefix) or ($prefix > 128) or ($prefix < 0)) }
if (!is_ipaddrv6($ipv6) or !is_numeric($prefix) or ($prefix > 128) or ($prefix < 0)) {
return false; return false;
} }
}
return true; return true;
} }
function openvpn_add_dhcpopts(& $settings, & $conf) { function openvpn_add_dhcpopts(& $settings, & $conf)
{
if (!empty($settings['dns_domain'])) if (!empty($settings['dns_domain'])) {
$conf .= "push \"dhcp-option DOMAIN {$settings['dns_domain']}\"\n"; $conf .= "push \"dhcp-option DOMAIN {$settings['dns_domain']}\"\n";
}
if (!empty($settings['dns_server1'])) if (!empty($settings['dns_server1'])) {
$conf .= "push \"dhcp-option DNS {$settings['dns_server1']}\"\n"; $conf .= "push \"dhcp-option DNS {$settings['dns_server1']}\"\n";
if (!empty($settings['dns_server2'])) }
if (!empty($settings['dns_server2'])) {
$conf .= "push \"dhcp-option DNS {$settings['dns_server2']}\"\n"; $conf .= "push \"dhcp-option DNS {$settings['dns_server2']}\"\n";
if (!empty($settings['dns_server3'])) }
if (!empty($settings['dns_server3'])) {
$conf .= "push \"dhcp-option DNS {$settings['dns_server3']}\"\n"; $conf .= "push \"dhcp-option DNS {$settings['dns_server3']}\"\n";
if (!empty($settings['dns_server4'])) }
if (!empty($settings['dns_server4'])) {
$conf .= "push \"dhcp-option DNS {$settings['dns_server4']}\"\n"; $conf .= "push \"dhcp-option DNS {$settings['dns_server4']}\"\n";
}
if (!empty($settings['push_register_dns'])) if (!empty($settings['push_register_dns'])) {
$conf .= "push \"register-dns\"\n"; $conf .= "push \"register-dns\"\n";
}
if (!empty($settings['ntp_server1'])) if (!empty($settings['ntp_server1'])) {
$conf .= "push \"dhcp-option NTP {$settings['ntp_server1']}\"\n"; $conf .= "push \"dhcp-option NTP {$settings['ntp_server1']}\"\n";
if (!empty($settings['ntp_server2'])) }
if (!empty($settings['ntp_server2'])) {
$conf .= "push \"dhcp-option NTP {$settings['ntp_server2']}\"\n"; $conf .= "push \"dhcp-option NTP {$settings['ntp_server2']}\"\n";
}
if (!empty($settings['netbios_enable'])) { if (!empty($settings['netbios_enable'])) {
if (!empty($settings['dhcp_nbttype']) && ($settings['dhcp_nbttype'] != 0)) if (!empty($settings['dhcp_nbttype']) && ($settings['dhcp_nbttype'] != 0)) {
$conf .= "push \"dhcp-option NBT {$settings['dhcp_nbttype']}\"\n"; $conf .= "push \"dhcp-option NBT {$settings['dhcp_nbttype']}\"\n";
if (!empty($settings['dhcp_nbtscope'])) }
if (!empty($settings['dhcp_nbtscope'])) {
$conf .= "push \"dhcp-option NBS {$settings['dhcp_nbtscope']}\"\n"; $conf .= "push \"dhcp-option NBS {$settings['dhcp_nbtscope']}\"\n";
}
if (!empty($settings['wins_server1'])) if (!empty($settings['wins_server1'])) {
$conf .= "push \"dhcp-option WINS {$settings['wins_server1']}\"\n"; $conf .= "push \"dhcp-option WINS {$settings['wins_server1']}\"\n";
if (!empty($settings['wins_server2'])) }
if (!empty($settings['wins_server2'])) {
$conf .= "push \"dhcp-option WINS {$settings['wins_server2']}\"\n"; $conf .= "push \"dhcp-option WINS {$settings['wins_server2']}\"\n";
} }
}
if (!empty($settings['gwredir'])) if (!empty($settings['gwredir'])) {
$conf .= "push \"redirect-gateway def1\"\n"; $conf .= "push \"redirect-gateway def1\"\n";
}
} }
function openvpn_add_custom(& $settings, & $conf) { function openvpn_add_custom(& $settings, & $conf)
{
if ($settings['custom_options']) { if ($settings['custom_options']) {
$options = explode(';', $settings['custom_options']); $options = explode(';', $settings['custom_options']);
if (is_array($options)) { if (is_array($options)) {
foreach ($options as $option) foreach ($options as $option) {
$conf .= "$option\n"; $conf .= "$option\n";
} else }
} else {
$conf .= "{$settings['custom_options']}\n"; $conf .= "{$settings['custom_options']}\n";
} }
}
} }
function openvpn_add_keyfile(&$data, &$conf, $mode_id, $directive, $opt = '') function openvpn_add_keyfile(&$data, &$conf, $mode_id, $directive, $opt = '')
...@@ -359,7 +397,6 @@ function openvpn_reconfigure($mode, $settings) ...@@ -359,7 +397,6 @@ function openvpn_reconfigure($mode, $settings)
* we use a vpnid number which is allocated for a particular client * we use a vpnid number which is allocated for a particular client
* or server configuration. ( see openvpn_vpnid_next() ) * or server configuration. ( see openvpn_vpnid_next() )
*/ */
$vpnid = $settings['vpnid']; $vpnid = $settings['vpnid'];
$mode_id = $mode.$vpnid; $mode_id = $mode.$vpnid;
...@@ -378,21 +415,20 @@ function openvpn_reconfigure($mode, $settings) ...@@ -378,21 +415,20 @@ function openvpn_reconfigure($mode, $settings)
/* is our device already configured */ /* is our device already configured */
if (!does_interface_exist($devname)) { if (!does_interface_exist($devname)) {
/* create the tap device if required */ /* create the tap device if required */
if (!file_exists("/dev/{$tunname}")) if (!file_exists("/dev/{$tunname}")) {
exec("/sbin/ifconfig " . escapeshellarg($tunname) . " create"); exec("/sbin/ifconfig " . escapeshellarg($tunname) . " create");
}
/* rename the device */ /* rename the device */
mwexec("/sbin/ifconfig " . escapeshellarg($tunname) . " name " . escapeshellarg($devname)); mwexec("/sbin/ifconfig " . escapeshellarg($tunname) . " name " . escapeshellarg($devname));
/* add the device to the openvpn group */ /* add the device to the openvpn group */
mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " group openvpn"); mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " group openvpn");
} }
$proto = strtolower($settings['protocol']); $proto = strtolower($settings['protocol']);
if (substr($settings['protocol'], 0, 3) == "TCP") if (substr($settings['protocol'], 0, 3) == "TCP") {
$proto = "{$proto}-{$mode}"; $proto = "{$proto}-{$mode}";
}
$dev_mode = $settings['dev_mode']; $dev_mode = $settings['dev_mode'];
$cipher = $settings['crypto']; $cipher = $settings['crypto'];
// OpenVPN defaults to SHA1, so use it when unset to maintain compatibility. // OpenVPN defaults to SHA1, so use it when unset to maintain compatibility.
...@@ -455,12 +491,12 @@ function openvpn_reconfigure($mode, $settings) ...@@ -455,12 +491,12 @@ function openvpn_reconfigure($mode, $settings)
$conf .= "local {$iface_ip}\n"; $conf .= "local {$iface_ip}\n";
} }
if (openvpn_validate_engine($settings['engine']) && ($settings['engine'] != "none")) if (openvpn_validate_engine($settings['engine']) && ($settings['engine'] != "none")) {
$conf .= "engine {$settings['engine']}\n"; $conf .= "engine {$settings['engine']}\n";
}
// server specific settings // server specific settings
if ($mode == 'server') { if ($mode == 'server') {
list($ip, $cidr) = explode('/', $settings['tunnel_network']); list($ip, $cidr) = explode('/', $settings['tunnel_network']);
list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']); list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']);
$mask = gen_subnet_mask($cidr); $mask = gen_subnet_mask($cidr);
...@@ -484,32 +520,36 @@ function openvpn_reconfigure($mode, $settings) ...@@ -484,32 +520,36 @@ function openvpn_reconfigure($mode, $settings)
if (!empty($ip) && !empty($mask) && ($cidr < 30)) { if (!empty($ip) && !empty($mask) && ($cidr < 30)) {
$conf .= "server {$ip} {$mask}\n"; $conf .= "server {$ip} {$mask}\n";
$conf .= "client-config-dir /var/etc/openvpn-csc\n"; $conf .= "client-config-dir /var/etc/openvpn-csc\n";
if(is_ipaddr($ipv6)) if(is_ipaddr($ipv6)) {
$conf .= "server-ipv6 {$ipv6}/{$prefix}\n"; $conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
} }
}
case 'p2p_shared_key': case 'p2p_shared_key':
if (!empty($ip) && !empty($mask)) { if (!empty($ip) && !empty($mask)) {
list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask); list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask);
if ($settings['dev_mode'] == 'tun') if ($settings['dev_mode'] == 'tun') {
$conf .= "ifconfig {$ip1} {$ip2}\n"; $conf .= "ifconfig {$ip1} {$ip2}\n";
else } else {
$conf .= "ifconfig {$ip1} {$mask}\n"; $conf .= "ifconfig {$ip1} {$mask}\n";
} }
}
if (!empty($ipv6) && !empty($prefix)) { if (!empty($ipv6) && !empty($prefix)) {
list($ipv6_1, $ipv6_2) = openvpn_get_interface_ipv6($ipv6, $prefix); list($ipv6_1, $ipv6_2) = openvpn_get_interface_ipv6($ipv6, $prefix);
if ($settings['dev_mode'] == 'tun') if ($settings['dev_mode'] == 'tun') {
$conf .= "ifconfig-ipv6 {$ipv6_1} {$ipv6_2}\n"; $conf .= "ifconfig-ipv6 {$ipv6_1} {$ipv6_2}\n";
else } else {
$conf .= "ifconfig-ipv6 {$ipv6_1} {$prefix}\n"; $conf .= "ifconfig-ipv6 {$ipv6_1} {$prefix}\n";
} }
}
break; break;
case 'server_tls': case 'server_tls':
case 'server_user': case 'server_user':
case 'server_tls_user': case 'server_tls_user':
if (!empty($ip) && !empty($mask)) { if (!empty($ip) && !empty($mask)) {
$conf .= "server {$ip} {$mask}\n"; $conf .= "server {$ip} {$mask}\n";
if(is_ipaddr($ipv6)) if(is_ipaddr($ipv6)) {
$conf .= "server-ipv6 {$ipv6}/{$prefix}\n"; $conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
}
$conf .= "client-config-dir /var/etc/openvpn-csc\n"; $conf .= "client-config-dir /var/etc/openvpn-csc\n";
} else { } else {
if ($settings['serverbridge_dhcp']) { if ($settings['serverbridge_dhcp']) {
...@@ -536,22 +576,25 @@ function openvpn_reconfigure($mode, $settings) ...@@ -536,22 +576,25 @@ function openvpn_reconfigure($mode, $settings)
$conf .= "client-cert-not-required\n"; $conf .= "client-cert-not-required\n";
case 'server_tls_user': case 'server_tls_user':
/* username-as-common-name is not compatible with server-bridge */ /* username-as-common-name is not compatible with server-bridge */
if (stristr($conf, "server-bridge") === false) if (stristr($conf, "server-bridge") === false) {
$conf .= "username-as-common-name\n"; $conf .= "username-as-common-name\n";
}
if (!empty($settings['authmode'])) { if (!empty($settings['authmode'])) {
$strictusercn = "false"; $strictusercn = "false";
if ($settings['strictusercn']) if ($settings['strictusercn']) {
$strictusercn = "true"; $strictusercn = "true";
}
$conf .= "auth-user-pass-verify \"/usr/local/sbin/ovpn_auth_verify user '{$settings['authmode']}' {$strictusercn} {$mode_id}\" via-env\n"; $conf .= "auth-user-pass-verify \"/usr/local/sbin/ovpn_auth_verify user '{$settings['authmode']}' {$strictusercn} {$mode_id}\" via-env\n";
} }
break; break;
} }
if (!isset($settings['cert_depth']) && (strstr($settings['mode'], 'tls'))) if (!isset($settings['cert_depth']) && (strstr($settings['mode'], 'tls'))) {
$settings['cert_depth'] = 1; $settings['cert_depth'] = 1;
}
if (is_numeric($settings['cert_depth'])) { if (is_numeric($settings['cert_depth'])) {
if (($mode == 'client') && empty($settings['certref'])) if (($mode == 'client') && empty($settings['certref'])) {
$cert = ""; $cert = "";
else { } else {
$cert = lookup_cert($settings['certref']); $cert = lookup_cert($settings['certref']);
/* XXX: Seems not used at all! */ /* XXX: Seems not used at all! */
$servercn = urlencode(cert_get_cn($cert['crt'])); $servercn = urlencode(cert_get_cn($cert['crt']));
...@@ -567,8 +610,9 @@ function openvpn_reconfigure($mode, $settings) ...@@ -567,8 +610,9 @@ function openvpn_reconfigure($mode, $settings)
$conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n"; $conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n";
//$conf .= "management 127.0.0.1 {$settings['local_port']}\n"; //$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
if ($settings['maxclients']) if ($settings['maxclients']) {
$conf .= "max-clients {$settings['maxclients']}\n"; $conf .= "max-clients {$settings['maxclients']}\n";
}
// Can we push routes // Can we push routes
if ($settings['local_network']) { if ($settings['local_network']) {
...@@ -584,18 +628,18 @@ function openvpn_reconfigure($mode, $settings) ...@@ -584,18 +628,18 @@ function openvpn_reconfigure($mode, $settings)
case 'server_tls_user': case 'server_tls_user':
// Configure client dhcp options // Configure client dhcp options
openvpn_add_dhcpopts($settings, $conf); openvpn_add_dhcpopts($settings, $conf);
if ($settings['client2client']) if ($settings['client2client']) {
$conf .= "client-to-client\n"; $conf .= "client-to-client\n";
}
break; break;
} }
if (isset($settings['duplicate_cn'])) if (isset($settings['duplicate_cn'])) {
$conf .= "duplicate-cn\n"; $conf .= "duplicate-cn\n";
} }
}
// client specific settings // client specific settings
if ($mode == 'client') { if ($mode == 'client') {
// configure p2p mode // configure p2p mode
switch($settings['mode']) { switch($settings['mode']) {
case 'p2p_tls': case 'p2p_tls':
...@@ -608,12 +652,13 @@ function openvpn_reconfigure($mode, $settings) ...@@ -608,12 +652,13 @@ function openvpn_reconfigure($mode, $settings)
// If there is no bind option at all (ip and/or port), add "nobind" directive // If there is no bind option at all (ip and/or port), add "nobind" directive
// Otherwise, use the local port if defined, failing that, use lport 0 to // Otherwise, use the local port if defined, failing that, use lport 0 to
// ensure a random source port. // ensure a random source port.
if ((empty($iface_ip)) && (!$settings['local_port'])) if ((empty($iface_ip)) && (!$settings['local_port'])) {
$conf .= "nobind\n"; $conf .= "nobind\n";
elseif ($settings['local_port']) } elseif ($settings['local_port']) {
$conf .= "lport {$settings['local_port']}\n"; $conf .= "lport {$settings['local_port']}\n";
else } else {
$conf .= "lport 0\n"; $conf .= "lport 0\n";
}
// Use unix socket to overcome the problem on any type of server // Use unix socket to overcome the problem on any type of server
$conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n"; $conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n";
...@@ -621,27 +666,30 @@ function openvpn_reconfigure($mode, $settings) ...@@ -621,27 +666,30 @@ function openvpn_reconfigure($mode, $settings)
// The remote server // The remote server
$conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n"; $conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n";
if (!empty($settings['use_shaper'])) if (!empty($settings['use_shaper'])) {
$conf .= "shaper {$settings['use_shaper']}\n"; $conf .= "shaper {$settings['use_shaper']}\n";
}
if (!empty($settings['tunnel_network'])) { if (!empty($settings['tunnel_network'])) {
list($ip, $mask) = explode('/', $settings['tunnel_network']); list($ip, $mask) = explode('/', $settings['tunnel_network']);
$mask = gen_subnet_mask($mask); $mask = gen_subnet_mask($mask);
list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask); list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask);
if ($settings['dev_mode'] == 'tun') if ($settings['dev_mode'] == 'tun') {
$conf .= "ifconfig {$ip2} {$ip1}\n"; $conf .= "ifconfig {$ip2} {$ip1}\n";
else } else {
$conf .= "ifconfig {$ip2} {$mask}\n"; $conf .= "ifconfig {$ip2} {$mask}\n";
} }
}
if (!empty($settings['tunnel_networkv6'])) { if (!empty($settings['tunnel_networkv6'])) {
list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']); list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']);
list($ipv6_1, $ipv6_2) = openvpn_get_interface_ipv6($ipv6, $prefix); list($ipv6_1, $ipv6_2) = openvpn_get_interface_ipv6($ipv6, $prefix);
if ($settings['dev_mode'] == 'tun') if ($settings['dev_mode'] == 'tun') {
$conf .= "ifconfig-ipv6 {$ipv6_2} {$ipv6_1}\n"; $conf .= "ifconfig-ipv6 {$ipv6_2} {$ipv6_1}\n";
else } else {
$conf .= "ifconfig-ipv6 {$ipv6_2} {$prefix}\n"; $conf .= "ifconfig-ipv6 {$ipv6_2} {$prefix}\n";
} }
}
if ($settings['auth_user'] && $settings['auth_pass']) { if ($settings['auth_user'] && $settings['auth_pass']) {
$up_file = "/var/etc/openvpn/{$mode_id}.up"; $up_file = "/var/etc/openvpn/{$mode_id}.up";
...@@ -689,31 +737,36 @@ function openvpn_reconfigure($mode, $settings) ...@@ -689,31 +737,36 @@ function openvpn_reconfigure($mode, $settings)
openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert"); openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert");
openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key"); openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key");
} }
if ($mode == 'server') if ($mode == 'server') {
$conf .= "dh /usr/local/etc/dh-parameters.{$settings['dh_length']}\n"; $conf .= "dh /usr/local/etc/dh-parameters.{$settings['dh_length']}\n";
}
if (!empty($settings['crlref'])) { if (!empty($settings['crlref'])) {
$crl = lookup_crl($settings['crlref']); $crl = lookup_crl($settings['crlref']);
crl_update($crl); crl_update($crl);
openvpn_add_keyfile($crl['text'], $conf, $mode_id, "crl-verify"); openvpn_add_keyfile($crl['text'], $conf, $mode_id, "crl-verify");
} }
if ($settings['tls']) { if ($settings['tls']) {
if ($mode == "server") if ($mode == "server") {
$tlsopt = 0; $tlsopt = 0;
else } else {
$tlsopt = 1; $tlsopt = 1;
}
openvpn_add_keyfile($settings['tls'], $conf, $mode_id, "tls-auth", $tlsopt); openvpn_add_keyfile($settings['tls'], $conf, $mode_id, "tls-auth", $tlsopt);
} }
break; break;
} }
if (!empty($settings['compression'])) if (!empty($settings['compression'])) {
$conf .= "comp-lzo {$settings['compression']}\n"; $conf .= "comp-lzo {$settings['compression']}\n";
}
if ($settings['passtos']) if ($settings['passtos']) {
$conf .= "passtos\n"; $conf .= "passtos\n";
}
if ($settings['resolve_retry']) if ($settings['resolve_retry']) {
$conf .= "resolv-retry infinite\n"; $conf .= "resolv-retry infinite\n";
}
if ($settings['dynamic_ip']) { if ($settings['dynamic_ip']) {
$conf .= "persist-remote-ip\n"; $conf .= "persist-remote-ip\n";
...@@ -781,17 +834,19 @@ function openvpn_restart($mode, $settings) ...@@ -781,17 +834,19 @@ function openvpn_restart($mode, $settings)
$a_groups = return_gateway_groups_array(); $a_groups = return_gateway_groups_array();
if (is_array($a_groups[$settings['interface']])) { if (is_array($a_groups[$settings['interface']])) {
/* the interface is a gateway group. If a vip is defined and its a CARP backup then do not start */ /* the interface is a gateway group. If a vip is defined and its a CARP backup then do not start */
if (($a_groups[$settings['interface']][0]['vip'] <> "") && (get_carp_interface_status($a_groups[$settings['interface']][0]['vip']) == "BACKUP")) if (($a_groups[$settings['interface']][0]['vip'] <> "") && (get_carp_interface_status($a_groups[$settings['interface']][0]['vip']) == "BACKUP")) {
return; return;
} }
}
/* start the new process */ /* start the new process */
$fpath = "/var/etc/openvpn/{$mode_id}.conf"; $fpath = "/var/etc/openvpn/{$mode_id}.conf";
openvpn_clear_route($mode, $settings); openvpn_clear_route($mode, $settings);
mwexec_bg("/usr/local/sbin/openvpn --config " . escapeshellarg($fpath)); mwexec_bg("/usr/local/sbin/openvpn --config " . escapeshellarg($fpath));
if (!file_exists("/var/run/booting")) if (!file_exists("/var/run/booting")) {
configd_run("filter reload"); configd_run("filter reload");
}
} }
function openvpn_delete($mode, & $settings) function openvpn_delete($mode, & $settings)
...@@ -840,11 +895,13 @@ function openvpn_resync_csc(&$settings) ...@@ -840,11 +895,13 @@ function openvpn_resync_csc(&$settings)
openvpn_create_dirs(); openvpn_create_dirs();
$conf = ''; $conf = '';
if (!empty($settings['block'])) if (!empty($settings['block'])) {
$conf .= "disable\n"; $conf .= "disable\n";
}
if (!empty($settings['push_reset'])) if (!empty($settings['push_reset'])) {
$conf .= "push-reset\n"; $conf .= "push-reset\n";
}
if (!empty($settings['tunnel_network'])) { if (!empty($settings['tunnel_network'])) {
list($ip, $mask) = explode('/', $settings['tunnel_network']); list($ip, $mask) = explode('/', $settings['tunnel_network']);
...@@ -852,11 +909,12 @@ function openvpn_resync_csc(&$settings) ...@@ -852,11 +909,12 @@ function openvpn_resync_csc(&$settings)
$serverip = long2ip32($baselong + 1); $serverip = long2ip32($baselong + 1);
$clientip = long2ip32($baselong + 2); $clientip = long2ip32($baselong + 2);
/* Because this is being pushed, the order from the client's point of view. */ /* Because this is being pushed, the order from the client's point of view. */
if ($settings['dev_mode'] != 'tap') if ($settings['dev_mode'] != 'tap') {
$conf .= "ifconfig-push {$clientip} {$serverip}\n"; $conf .= "ifconfig-push {$clientip} {$serverip}\n";
else } else {
$conf .= "ifconfig-push {$clientip} {$mask}\n"; $conf .= "ifconfig-push {$clientip} {$mask}\n";
} }
}
if ($settings['local_network']) { if ($settings['local_network']) {
$conf .= openvpn_gen_routes($settings['local_network'], "ipv4", true); $conf .= openvpn_gen_routes($settings['local_network'], "ipv4", true);
...@@ -876,8 +934,9 @@ function openvpn_resync_csc(&$settings) ...@@ -876,8 +934,9 @@ function openvpn_resync_csc(&$settings)
openvpn_add_dhcpopts($settings, $conf); openvpn_add_dhcpopts($settings, $conf);
if (!empty($settings['gwredir'])) if (!empty($settings['gwredir'])) {
$conf .= "push \"redirect-gateway def1\"\n"; $conf .= "push \"redirect-gateway def1\"\n";
}
openvpn_add_custom($settings, $conf); openvpn_add_custom($settings, $conf);
...@@ -903,31 +962,35 @@ function openvpn_resync_all($interface = '') ...@@ -903,31 +962,35 @@ function openvpn_resync_all($interface = '')
return; return;
} }
if ($interface <> "") if ($interface <> "") {
log_error("Resyncing OpenVPN instances for interface " . convert_friendly_interface_to_friendly_descr($interface) . "."); log_error("Resyncing OpenVPN instances for interface " . convert_friendly_interface_to_friendly_descr($interface) . ".");
else } else {
log_error("Resyncing OpenVPN instances."); log_error("Resyncing OpenVPN instances.");
}
if (is_array($config['openvpn']['openvpn-server'])) { if (is_array($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as & $settings) { foreach ($config['openvpn']['openvpn-server'] as & $settings) {
if ($interface <> "" && $interface != $settings['interface']) if ($interface <> "" && $interface != $settings['interface']) {
continue; continue;
}
openvpn_resync('server', $settings); openvpn_resync('server', $settings);
} }
} }
if (is_array($config['openvpn']['openvpn-client'])) { if (is_array($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as & $settings) { foreach ($config['openvpn']['openvpn-client'] as & $settings) {
if ($interface <> "" && $interface != $settings['interface']) if ($interface <> "" && $interface != $settings['interface']) {
continue; continue;
}
openvpn_resync('client', $settings); openvpn_resync('client', $settings);
} }
} }
if (is_array($config['openvpn']['openvpn-csc'])) if (is_array($config['openvpn']['openvpn-csc'])) {
foreach ($config['openvpn']['openvpn-csc'] as & $settings) foreach ($config['openvpn']['openvpn-csc'] as & $settings) {
openvpn_resync_csc($settings); openvpn_resync_csc($settings);
}
}
} }
...@@ -938,8 +1001,9 @@ function openvpn_get_active_servers($type = 'multipoint') ...@@ -938,8 +1001,9 @@ function openvpn_get_active_servers($type = 'multipoint')
$servers = array(); $servers = array();
if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) { if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as & $settings) { foreach ($config['openvpn']['openvpn-server'] as & $settings) {
if (empty($settings) || isset($settings['disable'])) if (empty($settings) || isset($settings['disable'])) {
continue; continue;
}
$prot = $settings['protocol']; $prot = $settings['protocol'];
$port = $settings['local_port']; $port = $settings['local_port'];
...@@ -947,27 +1011,29 @@ function openvpn_get_active_servers($type = 'multipoint') ...@@ -947,27 +1011,29 @@ function openvpn_get_active_servers($type = 'multipoint')
$server = array(); $server = array();
$server['port'] = ($settings['local_port']) ? $settings['local_port'] : 1194; $server['port'] = ($settings['local_port']) ? $settings['local_port'] : 1194;
$server['mode'] = $settings['mode']; $server['mode'] = $settings['mode'];
if ($settings['description']) if ($settings['description']) {
$server['name'] = "{$settings['description']} {$prot}:{$port}"; $server['name'] = "{$settings['description']} {$prot}:{$port}";
else } else {
$server['name'] = "Server {$prot}:{$port}"; $server['name'] = "Server {$prot}:{$port}";
}
$server['conns'] = array(); $server['conns'] = array();
$server['vpnid'] = $settings['vpnid']; $server['vpnid'] = $settings['vpnid'];
$server['mgmt'] = "server{$server['vpnid']}"; $server['mgmt'] = "server{$server['vpnid']}";
$socket = "unix:///var/etc/openvpn/{$server['mgmt']}.sock"; $socket = "unix:///var/etc/openvpn/{$server['mgmt']}.sock";
list($tn, $sm) = explode('/', $settings['tunnel_network']); list($tn, $sm) = explode('/', $settings['tunnel_network']);
if ((($server['mode'] == "p2p_shared_key") || ($sm >= 30) ) && ($type == "p2p")) if ((($server['mode'] == "p2p_shared_key") || ($sm >= 30) ) && ($type == "p2p")) {
$servers[] = openvpn_get_client_status($server, $socket); $servers[] = openvpn_get_client_status($server, $socket);
elseif (($server['mode'] != "p2p_shared_key") && ($type == "multipoint") && ($sm < 30)) } elseif (($server['mode'] != "p2p_shared_key") && ($type == "multipoint") && ($sm < 30)) {
$servers[] = openvpn_get_server_status($server, $socket); $servers[] = openvpn_get_server_status($server, $socket);
}
} }
} }
return $servers; return $servers;
} }
function openvpn_get_server_status($server, $socket) { function openvpn_get_server_status($server, $socket)
{
$errval; $errval;
$errstr; $errstr;
$fp = @stream_socket_client($socket, $errval, $errstr, 1); $fp = @stream_socket_client($socket, $errval, $errstr, 1);
...@@ -979,22 +1045,20 @@ function openvpn_get_server_status($server, $socket) { ...@@ -979,22 +1045,20 @@ function openvpn_get_server_status($server, $socket) {
/* recv all response lines */ /* recv all response lines */
while (!feof($fp)) { while (!feof($fp)) {
/* read the next line */ /* read the next line */
$line = fgets($fp, 1024); $line = fgets($fp, 1024);
$info = stream_get_meta_data($fp); $info = stream_get_meta_data($fp);
if ($info['timed_out']) if ($info['timed_out']) {
break; break;
}
/* parse header list line */ /* parse header list line */
if (strstr($line, "HEADER")) if (strstr($line, "HEADER")) {
continue; continue;
}
/* parse end of output line */ /* parse end of output line */
if (strstr($line, "END") || strstr($line, "ERROR")) if (strstr($line, "END") || strstr($line, "ERROR")) {
break; break;
}
/* parse client list line */ /* parse client list line */
if (strstr($line, "CLIENT_LIST")) { if (strstr($line, "CLIENT_LIST")) {
$list = explode(",", $line); $list = explode(",", $line);
...@@ -1018,7 +1082,6 @@ function openvpn_get_server_status($server, $socket) { ...@@ -1018,7 +1082,6 @@ function openvpn_get_server_status($server, $socket) {
$server['routes'][] = $conn; $server['routes'][] = $conn;
} }
} }
/* cleanup */ /* cleanup */
fclose($fp); fclose($fp);
} else { } else {
...@@ -1041,32 +1104,33 @@ function openvpn_get_active_clients() ...@@ -1041,32 +1104,33 @@ function openvpn_get_active_clients()
$clients = array(); $clients = array();
if (isset($config['openvpn']['openvpn-client']) && is_array($config['openvpn']['openvpn-client'])) { if (isset($config['openvpn']['openvpn-client']) && is_array($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as & $settings) { foreach ($config['openvpn']['openvpn-client'] as & $settings) {
if (empty($settings) || isset($settings['disable'])) {
if (empty($settings) || isset($settings['disable']))
continue; continue;
}
$prot = $settings['protocol']; $prot = $settings['protocol'];
$port = ($settings['local_port']) ? ":{$settings['local_port']}" : ""; $port = ($settings['local_port']) ? ":{$settings['local_port']}" : "";
$client = array(); $client = array();
$client['port'] = $settings['local_port']; $client['port'] = $settings['local_port'];
if ($settings['description']) if ($settings['description']) {
$client['name'] = "{$settings['description']} {$prot}{$port}"; $client['name'] = "{$settings['description']} {$prot}{$port}";
else } else {
$client['name'] = "Client {$prot}{$port}"; $client['name'] = "Client {$prot}{$port}";
}
$client['vpnid'] = $settings['vpnid']; $client['vpnid'] = $settings['vpnid'];
$client['mgmt'] = "client{$client['vpnid']}"; $client['mgmt'] = "client{$client['vpnid']}";
$socket = "unix:///var/etc/openvpn/{$client['mgmt']}.sock"; $socket = "unix:///var/etc/openvpn/{$client['mgmt']}.sock";
$client['status']="down"; $client['status']="down";
$clients[] = openvpn_get_client_status($client, $socket); $clients[] = openvpn_get_client_status($client, $socket);
} }
} }
return $clients; return $clients;
} }
function openvpn_get_client_status($client, $socket) { function openvpn_get_client_status($client, $socket)
{
$errval; $errval;
$errstr; $errstr;
$fp = @stream_socket_client($socket, $errval, $errstr, 1); $fp = @stream_socket_client($socket, $errval, $errstr, 1);
...@@ -1081,8 +1145,9 @@ function openvpn_get_client_status($client, $socket) { ...@@ -1081,8 +1145,9 @@ function openvpn_get_client_status($client, $socket) {
$line = fgets($fp, 1024); $line = fgets($fp, 1024);
$info = stream_get_meta_data($fp); $info = stream_get_meta_data($fp);
if ($info['timed_out']) if ($info['timed_out']) {
break; break;
}
/* Get the client state */ /* Get the client state */
if (strstr($line,"CONNECTED")) { if (strstr($line,"CONNECTED")) {
...@@ -1099,21 +1164,20 @@ function openvpn_get_client_status($client, $socket) { ...@@ -1099,21 +1164,20 @@ function openvpn_get_client_status($client, $socket) {
if (strstr($line,"ASSIGN_IP")) { if (strstr($line,"ASSIGN_IP")) {
$client['status']="waiting"; $client['status']="waiting";
$list = explode(",", $line); $list = explode(",", $line);
$client['connect_time'] = date("D M j G:i:s Y", $list[0]); $client['connect_time'] = date("D M j G:i:s Y", $list[0]);
$client['virtual_addr'] = $list[3]; $client['virtual_addr'] = $list[3];
} }
if (strstr($line,"RECONNECTING")) { if (strstr($line,"RECONNECTING")) {
$client['status']="reconnecting"; $client['status']="reconnecting";
$list = explode(",", $line); $list = explode(",", $line);
$client['connect_time'] = date("D M j G:i:s Y", $list[0]); $client['connect_time'] = date("D M j G:i:s Y", $list[0]);
$client['status'] .= "; " . $list[2]; $client['status'] .= "; " . $list[2];
} }
/* parse end of output line */ /* parse end of output line */
if (strstr($line, "END") || strstr($line, "ERROR")) if (strstr($line, "END") || strstr($line, "ERROR")) {
break; break;
} }
}
/* If up, get read/write stats */ /* If up, get read/write stats */
if (strcmp($client['status'], "up") == 0) { if (strcmp($client['status'], "up") == 0) {
...@@ -1124,8 +1188,9 @@ function openvpn_get_client_status($client, $socket) { ...@@ -1124,8 +1188,9 @@ function openvpn_get_client_status($client, $socket) {
$line = fgets($fp, 1024); $line = fgets($fp, 1024);
$info = stream_get_meta_data($fp); $info = stream_get_meta_data($fp);
if ($info['timed_out']) if ($info['timed_out']) {
break; break;
}
if (strstr($line,"TCP/UDP read bytes")) { if (strstr($line,"TCP/UDP read bytes")) {
$list = explode(",", $line); $list = explode(",", $line);
...@@ -1138,13 +1203,12 @@ function openvpn_get_client_status($client, $socket) { ...@@ -1138,13 +1203,12 @@ function openvpn_get_client_status($client, $socket) {
} }
/* parse end of output line */ /* parse end of output line */
if (strstr($line, "END")) if (strstr($line, "END")) {
break; break;
} }
} }
}
fclose($fp); fclose($fp);
} else { } else {
$DisplayNote=true; $DisplayNote=true;
$client['remote_host'] = "Unable to contact daemon"; $client['remote_host'] = "Unable to contact daemon";
...@@ -1162,14 +1226,16 @@ function openvpn_create_dirs() ...@@ -1162,14 +1226,16 @@ function openvpn_create_dirs()
@mkdir('/var/etc/openvpn', 0750); @mkdir('/var/etc/openvpn', 0750);
} }
function openvpn_get_interface_ip($ip, $mask) { function openvpn_get_interface_ip($ip, $mask)
{
$baselong = ip2long32($ip) & ip2long($mask); $baselong = ip2long32($ip) & ip2long($mask);
$ip1 = long2ip32($baselong + 1); $ip1 = long2ip32($baselong + 1);
$ip2 = long2ip32($baselong + 2); $ip2 = long2ip32($baselong + 2);
return array($ip1, $ip2); return array($ip1, $ip2);
} }
function openvpn_get_interface_ipv6($ipv6, $prefix) { function openvpn_get_interface_ipv6($ipv6, $prefix)
{
$basev6 = gen_subnetv6($ipv6, $prefix); $basev6 = gen_subnetv6($ipv6, $prefix);
// Is there a better way to do this math? // Is there a better way to do this math?
$ipv6_arr = explode(':', $basev6); $ipv6_arr = explode(':', $basev6);
...@@ -1179,9 +1245,11 @@ function openvpn_get_interface_ipv6($ipv6, $prefix) { ...@@ -1179,9 +1245,11 @@ function openvpn_get_interface_ipv6($ipv6, $prefix) {
return array($ipv6_1, $ipv6_2); return array($ipv6_1, $ipv6_2);
} }
function openvpn_clear_route($mode, $settings) { function openvpn_clear_route($mode, $settings)
if (empty($settings['tunnel_network'])) {
if (empty($settings['tunnel_network'])) {
return; return;
}
list($ip, $cidr) = explode('/', $settings['tunnel_network']); list($ip, $cidr) = explode('/', $settings['tunnel_network']);
$mask = gen_subnet_mask($cidr); $mask = gen_subnet_mask($cidr);
$clear_route = false; $clear_route = false;
...@@ -1192,8 +1260,9 @@ function openvpn_clear_route($mode, $settings) { ...@@ -1192,8 +1260,9 @@ function openvpn_clear_route($mode, $settings) {
break; break;
case 'p2p_tls': case 'p2p_tls':
case 'p2p_shared_key': case 'p2p_shared_key':
if ($cidr == 30) if ($cidr == 30) {
$clear_route = true; $clear_route = true;
}
break; break;
} }
...@@ -1205,63 +1274,73 @@ function openvpn_clear_route($mode, $settings) { ...@@ -1205,63 +1274,73 @@ function openvpn_clear_route($mode, $settings) {
} }
} }
function openvpn_gen_routes($value, $ipproto = "ipv4", $push = false, $iroute = false) { function openvpn_gen_routes($value, $ipproto = "ipv4", $push = false, $iroute = false)
{
$routes = ""; $routes = "";
if (empty($value)) if (empty($value)) {
return ""; return "";
}
$networks = explode(',', $value); $networks = explode(',', $value);
foreach ($networks as $network) { foreach ($networks as $network) {
if ($ipproto == "ipv4") if ($ipproto == "ipv4") {
$route = openvpn_gen_route_ipv4($network, $iroute); $route = openvpn_gen_route_ipv4($network, $iroute);
else } else {
$route = openvpn_gen_route_ipv6($network, $iroute); $route = openvpn_gen_route_ipv6($network, $iroute);
}
if ($push) if ($push) {
$routes .= "push \"{$route}\"\n"; $routes .= "push \"{$route}\"\n";
else } else {
$routes .= "{$route}\n"; $routes .= "{$route}\n";
} }
}
return $routes; return $routes;
} }
function openvpn_gen_route_ipv4($network, $iroute = false) { function openvpn_gen_route_ipv4($network, $iroute = false)
{
$i = ($iroute) ? "i" : ""; $i = ($iroute) ? "i" : "";
list($ip, $mask) = explode('/', trim($network)); list($ip, $mask) = explode('/', trim($network));
$mask = gen_subnet_mask($mask); $mask = gen_subnet_mask($mask);
return "{$i}route $ip $mask"; return "{$i}route $ip $mask";
} }
function openvpn_gen_route_ipv6($network, $iroute = false) { function openvpn_gen_route_ipv6($network, $iroute = false)
{
$i = ($iroute) ? "i" : ""; $i = ($iroute) ? "i" : "";
list($ipv6, $prefix) = explode('/', trim($network)); list($ipv6, $prefix) = explode('/', trim($network));
if (empty($prefix)) if (empty($prefix)) {
$prefix = "128"; $prefix = "128";
}
return "{$i}route-ipv6 ${ipv6}/${prefix}"; return "{$i}route-ipv6 ${ipv6}/${prefix}";
} }
function openvpn_get_settings($mode, $vpnid) { function openvpn_get_settings($mode, $vpnid)
{
global $config; global $config;
if (is_array($config['openvpn']['openvpn-server'])) { if (is_array($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as $settings) { foreach ($config['openvpn']['openvpn-server'] as $settings) {
if (isset($settings['disable'])) if (isset($settings['disable'])) {
continue; continue;
}
if ($vpnid != 0 && $vpnid == $settings['vpnid']) if ($vpnid != 0 && $vpnid == $settings['vpnid']) {
return $settings; return $settings;
} }
} }
}
if (is_array($config['openvpn']['openvpn-client'])) { if (is_array($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as $settings) { foreach ($config['openvpn']['openvpn-client'] as $settings) {
if (isset($settings['disable'])) if (isset($settings['disable'])) {
continue; continue;
}
if ($vpnid != 0 && $vpnid == $settings['vpnid']) if ($vpnid != 0 && $vpnid == $settings['vpnid']) {
return $settings; return $settings;
} }
} }
}
return array(); return array();
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment