Commit f862e857 authored by Ad Schellevis's avatar Ad Schellevis

(legacy) spaces and curly braces in openvpn.inc

parent 4f0a083e
<?php
/*
Copyright (C) 2016 Deciso B.V.
Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com>
Copyright (C) 2006 Fernando Lemos
Copyright (C) 2005 Peter Allgeyer <allgeyer_AT_web.de>
......@@ -63,7 +64,8 @@ $openvpn_compression_modes = array(
'' => gettext("No Preference"),
'no' => gettext("Disabled - No Compression"),
'adaptive' => gettext("Enabled with Adaptive Compression"),
'yes' => gettext("Enabled without Adaptive Compression"));
'yes' => gettext("Enabled without Adaptive Compression")
);
function openvpn_create_key()
{
......@@ -71,7 +73,6 @@ function openvpn_create_key()
if (!$fp) {
return false;
}
$rslt = stream_get_contents($fp);
pclose($fp);
......@@ -81,7 +82,6 @@ function openvpn_create_key()
function openvpn_vpnid_used($vpnid)
{
global $config;
if (isset($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as &$settings) {
if ($vpnid == $settings['vpnid']) {
......@@ -99,14 +99,14 @@ function openvpn_vpnid_used($vpnid)
}
return false;
}
function openvpn_vpnid_next() {
}
function openvpn_vpnid_next()
{
$vpnid = 1;
while(openvpn_vpnid_used($vpnid))
while(openvpn_vpnid_used($vpnid)) {
$vpnid++;
}
return $vpnid;
}
......@@ -115,48 +115,55 @@ function openvpn_port_used($prot, $interface, $port, $curvpnid = 0) {
if (isset($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as & $settings) {
if (isset($settings['disable']))
if (isset($settings['disable'])) {
continue;
}
if ($curvpnid != 0 && $curvpnid == $settings['vpnid'])
if ($curvpnid != 0 && $curvpnid == $settings['vpnid']) {
continue;
}
if ($port == $settings['local_port'] && $prot == $settings['protocol'] &&
($interface == $settings['interface'] || $interface == "any" || $settings['interface'] == "any"))
($interface == $settings['interface'] || $interface == "any" || $settings['interface'] == "any")) {
return $settings['vpnid'];
}
}
}
if (isset($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as & $settings) {
if (isset($settings['disable']))
if (isset($settings['disable'])) {
continue;
}
if ($curvpnid != 0 && $curvpnid == $settings['vpnid'])
if ($curvpnid != 0 && $curvpnid == $settings['vpnid']) {
continue;
}
if ($port == $settings['local_port'] && $prot == $settings['protocol'] &&
($interface == $settings['interface'] || $interface == "any" || $settings['interface'] == "any"))
($interface == $settings['interface'] || $interface == "any" || $settings['interface'] == "any")) {
return $settings['vpnid'];
}
}
}
return 0;
}
function openvpn_port_next($prot, $interface = "wan") {
function openvpn_port_next($prot, $interface = "wan")
{
$port = 1194;
while(openvpn_port_used($prot, $interface, $port))
while(openvpn_port_used($prot, $interface, $port)) {
$port++;
while(openvpn_port_used($prot, "any", $port))
}
while(openvpn_port_used($prot, "any", $port)) {
$port++;
}
return $port;
}
function openvpn_get_cipherlist() {
function openvpn_get_cipherlist()
{
$ciphers = array();
$cipher_out = shell_exec('/usr/local/sbin/openvpn --show-ciphers | /usr/bin/grep "default key" | /usr/bin/awk \'{print $1, "(" $2 "-" $3 ")";}\'');
$cipher_lines = explode("\n", trim($cipher_out));
......@@ -169,8 +176,8 @@ function openvpn_get_cipherlist() {
return $ciphers;
}
function openvpn_get_digestlist() {
function openvpn_get_digestlist()
{
$digests = array();
$digest_out = shell_exec('/usr/local/sbin/openvpn --show-digests | /usr/bin/grep "digest size" | /usr/bin/awk \'{print $1, "(" $2 "-" $3 ")";}\'');
$digest_lines = explode("\n", trim($digest_out));
......@@ -204,132 +211,163 @@ function openvpn_get_engines()
$linematch = array();
preg_match("/\((.*)\)\s(.*)/", $engine, $linematch);
foreach ($details as $dt) {
if (strpos($dt, "unavailable") !== FALSE)
if (strpos($dt, "unavailable") !== FALSE) {
$keep = false;
if (strpos($dt, "available") !== FALSE)
}
if (strpos($dt, "available") !== FALSE) {
continue;
if (strpos($dt, "[") !== FALSE)
}
if (strpos($dt, "[") !== FALSE) {
$ciphers = trim($dt, "[]");
}
if (!empty($ciphers))
}
if (!empty($ciphers)) {
$ciphers = " - " . $ciphers;
if (strlen($ciphers) > 60)
}
if (strlen($ciphers) > 60) {
$ciphers = substr($ciphers, 0, 60) . " ... ";
if ($keep)
}
if ($keep) {
$openssl_engines[$linematch[1]] = $linematch[2] . $ciphers;
}
}
return $openssl_engines;
}
function openvpn_validate_engine($engine) {
function openvpn_validate_engine($engine)
{
$engines = openvpn_get_engines();
return array_key_exists($engine, $engines);
}
function openvpn_validate_port($value, $name) {
function openvpn_validate_port($value, $name)
{
$value = trim($value);
if (empty($value) || !is_numeric($value) || $value < 0 || ($value > 65535))
if (empty($value) || !is_numeric($value) || $value < 0 || ($value > 65535)) {
return sprintf(gettext("The field '%s' must contain a valid port, ranging from 0 to 65535."), $name);
}
return false;
}
function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv4") {
function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv4")
{
$value = trim($value);
$error = false;
if (empty($value))
if (empty($value)) {
return false;
}
$networks = explode(',', $value);
if (!$multiple && (count($networks) > 1))
if (!$multiple && (count($networks) > 1)) {
return sprintf(gettext("The field '%s' must contain a single valid %s CIDR range."), $name, $ipproto);
}
foreach ($networks as $network) {
if ($ipproto == "ipv4")
if ($ipproto == "ipv4") {
$error = !openvpn_validate_cidr_ipv4($network);
else
} else {
$error = !openvpn_validate_cidr_ipv6($network);
if ($error)
}
if ($error) {
break;
}
}
if ($error)
if ($error) {
return sprintf(gettext("The field '%s' must contain only valid %s CIDR range(s) separated by commas."), $name, $ipproto);
else
} else {
return false;
}
}
function openvpn_validate_cidr_ipv4($value) {
$value = trim($value);
if (!empty($value)) {
list($ip, $mask) = explode('/', $value);
if (!is_ipaddrv4($ip) or !is_numeric($mask) or ($mask > 32) or ($mask < 0))
if (!is_ipaddrv4($ip) or !is_numeric($mask) or ($mask > 32) or ($mask < 0)) {
return false;
}
}
return true;
}
function openvpn_validate_cidr_ipv6($value) {
function openvpn_validate_cidr_ipv6($value)
{
$value = trim($value);
if (!empty($value)) {
list($ipv6, $prefix) = explode('/', $value);
if (empty($prefix))
if (empty($prefix)) {
$prefix = "128";
if (!is_ipaddrv6($ipv6) or !is_numeric($prefix) or ($prefix > 128) or ($prefix < 0))
}
if (!is_ipaddrv6($ipv6) or !is_numeric($prefix) or ($prefix > 128) or ($prefix < 0)) {
return false;
}
}
return true;
}
function openvpn_add_dhcpopts(& $settings, & $conf) {
if (!empty($settings['dns_domain']))
function openvpn_add_dhcpopts(& $settings, & $conf)
{
if (!empty($settings['dns_domain'])) {
$conf .= "push \"dhcp-option DOMAIN {$settings['dns_domain']}\"\n";
if (!empty($settings['dns_server1']))
}
if (!empty($settings['dns_server1'])) {
$conf .= "push \"dhcp-option DNS {$settings['dns_server1']}\"\n";
if (!empty($settings['dns_server2']))
}
if (!empty($settings['dns_server2'])) {
$conf .= "push \"dhcp-option DNS {$settings['dns_server2']}\"\n";
if (!empty($settings['dns_server3']))
}
if (!empty($settings['dns_server3'])) {
$conf .= "push \"dhcp-option DNS {$settings['dns_server3']}\"\n";
if (!empty($settings['dns_server4']))
}
if (!empty($settings['dns_server4'])) {
$conf .= "push \"dhcp-option DNS {$settings['dns_server4']}\"\n";
}
if (!empty($settings['push_register_dns']))
if (!empty($settings['push_register_dns'])) {
$conf .= "push \"register-dns\"\n";
}
if (!empty($settings['ntp_server1']))
if (!empty($settings['ntp_server1'])) {
$conf .= "push \"dhcp-option NTP {$settings['ntp_server1']}\"\n";
if (!empty($settings['ntp_server2']))
}
if (!empty($settings['ntp_server2'])) {
$conf .= "push \"dhcp-option NTP {$settings['ntp_server2']}\"\n";
}
if (!empty($settings['netbios_enable'])) {
if (!empty($settings['dhcp_nbttype']) && ($settings['dhcp_nbttype'] != 0))
if (!empty($settings['dhcp_nbttype']) && ($settings['dhcp_nbttype'] != 0)) {
$conf .= "push \"dhcp-option NBT {$settings['dhcp_nbttype']}\"\n";
if (!empty($settings['dhcp_nbtscope']))
}
if (!empty($settings['dhcp_nbtscope'])) {
$conf .= "push \"dhcp-option NBS {$settings['dhcp_nbtscope']}\"\n";
}
if (!empty($settings['wins_server1']))
if (!empty($settings['wins_server1'])) {
$conf .= "push \"dhcp-option WINS {$settings['wins_server1']}\"\n";
if (!empty($settings['wins_server2']))
}
if (!empty($settings['wins_server2'])) {
$conf .= "push \"dhcp-option WINS {$settings['wins_server2']}\"\n";
}
}
if (!empty($settings['gwredir']))
if (!empty($settings['gwredir'])) {
$conf .= "push \"redirect-gateway def1\"\n";
}
}
function openvpn_add_custom(& $settings, & $conf) {
function openvpn_add_custom(& $settings, & $conf)
{
if ($settings['custom_options']) {
$options = explode(';', $settings['custom_options']);
if (is_array($options)) {
foreach ($options as $option)
foreach ($options as $option) {
$conf .= "$option\n";
} else
}
} else {
$conf .= "{$settings['custom_options']}\n";
}
}
}
function openvpn_add_keyfile(&$data, &$conf, $mode_id, $directive, $opt = '')
......@@ -359,7 +397,6 @@ function openvpn_reconfigure($mode, $settings)
* we use a vpnid number which is allocated for a particular client
* or server configuration. ( see openvpn_vpnid_next() )
*/
$vpnid = $settings['vpnid'];
$mode_id = $mode.$vpnid;
......@@ -378,21 +415,20 @@ function openvpn_reconfigure($mode, $settings)
/* is our device already configured */
if (!does_interface_exist($devname)) {
/* create the tap device if required */
if (!file_exists("/dev/{$tunname}"))
if (!file_exists("/dev/{$tunname}")) {
exec("/sbin/ifconfig " . escapeshellarg($tunname) . " create");
}
/* rename the device */
mwexec("/sbin/ifconfig " . escapeshellarg($tunname) . " name " . escapeshellarg($devname));
/* add the device to the openvpn group */
mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " group openvpn");
}
$proto = strtolower($settings['protocol']);
if (substr($settings['protocol'], 0, 3) == "TCP")
if (substr($settings['protocol'], 0, 3) == "TCP") {
$proto = "{$proto}-{$mode}";
}
$dev_mode = $settings['dev_mode'];
$cipher = $settings['crypto'];
// OpenVPN defaults to SHA1, so use it when unset to maintain compatibility.
......@@ -455,12 +491,12 @@ function openvpn_reconfigure($mode, $settings)
$conf .= "local {$iface_ip}\n";
}
if (openvpn_validate_engine($settings['engine']) && ($settings['engine'] != "none"))
if (openvpn_validate_engine($settings['engine']) && ($settings['engine'] != "none")) {
$conf .= "engine {$settings['engine']}\n";
}
// server specific settings
if ($mode == 'server') {
list($ip, $cidr) = explode('/', $settings['tunnel_network']);
list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']);
$mask = gen_subnet_mask($cidr);
......@@ -484,32 +520,36 @@ function openvpn_reconfigure($mode, $settings)
if (!empty($ip) && !empty($mask) && ($cidr < 30)) {
$conf .= "server {$ip} {$mask}\n";
$conf .= "client-config-dir /var/etc/openvpn-csc\n";
if(is_ipaddr($ipv6))
if(is_ipaddr($ipv6)) {
$conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
}
}
case 'p2p_shared_key':
if (!empty($ip) && !empty($mask)) {
list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask);
if ($settings['dev_mode'] == 'tun')
if ($settings['dev_mode'] == 'tun') {
$conf .= "ifconfig {$ip1} {$ip2}\n";
else
} else {
$conf .= "ifconfig {$ip1} {$mask}\n";
}
}
if (!empty($ipv6) && !empty($prefix)) {
list($ipv6_1, $ipv6_2) = openvpn_get_interface_ipv6($ipv6, $prefix);
if ($settings['dev_mode'] == 'tun')
if ($settings['dev_mode'] == 'tun') {
$conf .= "ifconfig-ipv6 {$ipv6_1} {$ipv6_2}\n";
else
} else {
$conf .= "ifconfig-ipv6 {$ipv6_1} {$prefix}\n";
}
}
break;
case 'server_tls':
case 'server_user':
case 'server_tls_user':
if (!empty($ip) && !empty($mask)) {
$conf .= "server {$ip} {$mask}\n";
if(is_ipaddr($ipv6))
if(is_ipaddr($ipv6)) {
$conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
}
$conf .= "client-config-dir /var/etc/openvpn-csc\n";
} else {
if ($settings['serverbridge_dhcp']) {
......@@ -536,22 +576,25 @@ function openvpn_reconfigure($mode, $settings)
$conf .= "client-cert-not-required\n";
case 'server_tls_user':
/* username-as-common-name is not compatible with server-bridge */
if (stristr($conf, "server-bridge") === false)
if (stristr($conf, "server-bridge") === false) {
$conf .= "username-as-common-name\n";
}
if (!empty($settings['authmode'])) {
$strictusercn = "false";
if ($settings['strictusercn'])
if ($settings['strictusercn']) {
$strictusercn = "true";
}
$conf .= "auth-user-pass-verify \"/usr/local/sbin/ovpn_auth_verify user '{$settings['authmode']}' {$strictusercn} {$mode_id}\" via-env\n";
}
break;
}
if (!isset($settings['cert_depth']) && (strstr($settings['mode'], 'tls')))
if (!isset($settings['cert_depth']) && (strstr($settings['mode'], 'tls'))) {
$settings['cert_depth'] = 1;
}
if (is_numeric($settings['cert_depth'])) {
if (($mode == 'client') && empty($settings['certref']))
if (($mode == 'client') && empty($settings['certref'])) {
$cert = "";
else {
} else {
$cert = lookup_cert($settings['certref']);
/* XXX: Seems not used at all! */
$servercn = urlencode(cert_get_cn($cert['crt']));
......@@ -567,8 +610,9 @@ function openvpn_reconfigure($mode, $settings)
$conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n";
//$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
if ($settings['maxclients'])
if ($settings['maxclients']) {
$conf .= "max-clients {$settings['maxclients']}\n";
}
// Can we push routes
if ($settings['local_network']) {
......@@ -584,18 +628,18 @@ function openvpn_reconfigure($mode, $settings)
case 'server_tls_user':
// Configure client dhcp options
openvpn_add_dhcpopts($settings, $conf);
if ($settings['client2client'])
if ($settings['client2client']) {
$conf .= "client-to-client\n";
}
break;
}
if (isset($settings['duplicate_cn']))
if (isset($settings['duplicate_cn'])) {
$conf .= "duplicate-cn\n";
}
}
// client specific settings
if ($mode == 'client') {
// configure p2p mode
switch($settings['mode']) {
case 'p2p_tls':
......@@ -608,12 +652,13 @@ function openvpn_reconfigure($mode, $settings)
// If there is no bind option at all (ip and/or port), add "nobind" directive
// Otherwise, use the local port if defined, failing that, use lport 0 to
// ensure a random source port.
if ((empty($iface_ip)) && (!$settings['local_port']))
if ((empty($iface_ip)) && (!$settings['local_port'])) {
$conf .= "nobind\n";
elseif ($settings['local_port'])
} elseif ($settings['local_port']) {
$conf .= "lport {$settings['local_port']}\n";
else
} else {
$conf .= "lport 0\n";
}
// Use unix socket to overcome the problem on any type of server
$conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n";
......@@ -621,27 +666,30 @@ function openvpn_reconfigure($mode, $settings)
// The remote server
$conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n";
if (!empty($settings['use_shaper']))
if (!empty($settings['use_shaper'])) {
$conf .= "shaper {$settings['use_shaper']}\n";
}
if (!empty($settings['tunnel_network'])) {
list($ip, $mask) = explode('/', $settings['tunnel_network']);
$mask = gen_subnet_mask($mask);
list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask);
if ($settings['dev_mode'] == 'tun')
if ($settings['dev_mode'] == 'tun') {
$conf .= "ifconfig {$ip2} {$ip1}\n";
else
} else {
$conf .= "ifconfig {$ip2} {$mask}\n";
}
}
if (!empty($settings['tunnel_networkv6'])) {
list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']);
list($ipv6_1, $ipv6_2) = openvpn_get_interface_ipv6($ipv6, $prefix);
if ($settings['dev_mode'] == 'tun')
if ($settings['dev_mode'] == 'tun') {
$conf .= "ifconfig-ipv6 {$ipv6_2} {$ipv6_1}\n";
else
} else {
$conf .= "ifconfig-ipv6 {$ipv6_2} {$prefix}\n";
}
}
if ($settings['auth_user'] && $settings['auth_pass']) {
$up_file = "/var/etc/openvpn/{$mode_id}.up";
......@@ -689,31 +737,36 @@ function openvpn_reconfigure($mode, $settings)
openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert");
openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key");
}
if ($mode == 'server')
if ($mode == 'server') {
$conf .= "dh /usr/local/etc/dh-parameters.{$settings['dh_length']}\n";
}
if (!empty($settings['crlref'])) {
$crl = lookup_crl($settings['crlref']);
crl_update($crl);
openvpn_add_keyfile($crl['text'], $conf, $mode_id, "crl-verify");
}
if ($settings['tls']) {
if ($mode == "server")
if ($mode == "server") {
$tlsopt = 0;
else
} else {
$tlsopt = 1;
}
openvpn_add_keyfile($settings['tls'], $conf, $mode_id, "tls-auth", $tlsopt);
}
break;
}
if (!empty($settings['compression']))
if (!empty($settings['compression'])) {
$conf .= "comp-lzo {$settings['compression']}\n";
}
if ($settings['passtos'])
if ($settings['passtos']) {
$conf .= "passtos\n";
}
if ($settings['resolve_retry'])
if ($settings['resolve_retry']) {
$conf .= "resolv-retry infinite\n";
}
if ($settings['dynamic_ip']) {
$conf .= "persist-remote-ip\n";
......@@ -781,17 +834,19 @@ function openvpn_restart($mode, $settings)
$a_groups = return_gateway_groups_array();
if (is_array($a_groups[$settings['interface']])) {
/* the interface is a gateway group. If a vip is defined and its a CARP backup then do not start */
if (($a_groups[$settings['interface']][0]['vip'] <> "") && (get_carp_interface_status($a_groups[$settings['interface']][0]['vip']) == "BACKUP"))
if (($a_groups[$settings['interface']][0]['vip'] <> "") && (get_carp_interface_status($a_groups[$settings['interface']][0]['vip']) == "BACKUP")) {
return;
}
}
/* start the new process */
$fpath = "/var/etc/openvpn/{$mode_id}.conf";
openvpn_clear_route($mode, $settings);
mwexec_bg("/usr/local/sbin/openvpn --config " . escapeshellarg($fpath));
if (!file_exists("/var/run/booting"))
if (!file_exists("/var/run/booting")) {
configd_run("filter reload");
}
}
function openvpn_delete($mode, & $settings)
......@@ -840,11 +895,13 @@ function openvpn_resync_csc(&$settings)
openvpn_create_dirs();
$conf = '';
if (!empty($settings['block']))
if (!empty($settings['block'])) {
$conf .= "disable\n";
}
if (!empty($settings['push_reset']))
if (!empty($settings['push_reset'])) {
$conf .= "push-reset\n";
}
if (!empty($settings['tunnel_network'])) {
list($ip, $mask) = explode('/', $settings['tunnel_network']);
......@@ -852,11 +909,12 @@ function openvpn_resync_csc(&$settings)
$serverip = long2ip32($baselong + 1);
$clientip = long2ip32($baselong + 2);
/* Because this is being pushed, the order from the client's point of view. */
if ($settings['dev_mode'] != 'tap')
if ($settings['dev_mode'] != 'tap') {
$conf .= "ifconfig-push {$clientip} {$serverip}\n";
else
} else {
$conf .= "ifconfig-push {$clientip} {$mask}\n";
}
}
if ($settings['local_network']) {
$conf .= openvpn_gen_routes($settings['local_network'], "ipv4", true);
......@@ -876,8 +934,9 @@ function openvpn_resync_csc(&$settings)
openvpn_add_dhcpopts($settings, $conf);
if (!empty($settings['gwredir']))
if (!empty($settings['gwredir'])) {
$conf .= "push \"redirect-gateway def1\"\n";
}
openvpn_add_custom($settings, $conf);
......@@ -903,31 +962,35 @@ function openvpn_resync_all($interface = '')
return;
}
if ($interface <> "")
if ($interface <> "") {
log_error("Resyncing OpenVPN instances for interface " . convert_friendly_interface_to_friendly_descr($interface) . ".");
else
} else {
log_error("Resyncing OpenVPN instances.");
}
if (is_array($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as & $settings) {
if ($interface <> "" && $interface != $settings['interface'])
if ($interface <> "" && $interface != $settings['interface']) {
continue;
}
openvpn_resync('server', $settings);
}
}
if (is_array($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as & $settings) {
if ($interface <> "" && $interface != $settings['interface'])
if ($interface <> "" && $interface != $settings['interface']) {
continue;
}
openvpn_resync('client', $settings);
}
}
if (is_array($config['openvpn']['openvpn-csc']))
foreach ($config['openvpn']['openvpn-csc'] as & $settings)
if (is_array($config['openvpn']['openvpn-csc'])) {
foreach ($config['openvpn']['openvpn-csc'] as & $settings) {
openvpn_resync_csc($settings);
}
}
}
......@@ -938,8 +1001,9 @@ function openvpn_get_active_servers($type = 'multipoint')
$servers = array();
if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as & $settings) {
if (empty($settings) || isset($settings['disable']))
if (empty($settings) || isset($settings['disable'])) {
continue;
}
$prot = $settings['protocol'];
$port = $settings['local_port'];
......@@ -947,27 +1011,29 @@ function openvpn_get_active_servers($type = 'multipoint')
$server = array();
$server['port'] = ($settings['local_port']) ? $settings['local_port'] : 1194;
$server['mode'] = $settings['mode'];
if ($settings['description'])
if ($settings['description']) {
$server['name'] = "{$settings['description']} {$prot}:{$port}";
else
} else {
$server['name'] = "Server {$prot}:{$port}";
}
$server['conns'] = array();
$server['vpnid'] = $settings['vpnid'];
$server['mgmt'] = "server{$server['vpnid']}";
$socket = "unix:///var/etc/openvpn/{$server['mgmt']}.sock";
list($tn, $sm) = explode('/', $settings['tunnel_network']);
if ((($server['mode'] == "p2p_shared_key") || ($sm >= 30) ) && ($type == "p2p"))
if ((($server['mode'] == "p2p_shared_key") || ($sm >= 30) ) && ($type == "p2p")) {
$servers[] = openvpn_get_client_status($server, $socket);
elseif (($server['mode'] != "p2p_shared_key") && ($type == "multipoint") && ($sm < 30))
} elseif (($server['mode'] != "p2p_shared_key") && ($type == "multipoint") && ($sm < 30)) {
$servers[] = openvpn_get_server_status($server, $socket);
}
}
}
return $servers;
}
function openvpn_get_server_status($server, $socket) {
function openvpn_get_server_status($server, $socket)
{
$errval;
$errstr;
$fp = @stream_socket_client($socket, $errval, $errstr, 1);
......@@ -979,22 +1045,20 @@ function openvpn_get_server_status($server, $socket) {
/* recv all response lines */
while (!feof($fp)) {
/* read the next line */
$line = fgets($fp, 1024);
$info = stream_get_meta_data($fp);
if ($info['timed_out'])
if ($info['timed_out']) {
break;
}
/* parse header list line */
if (strstr($line, "HEADER"))
if (strstr($line, "HEADER")) {
continue;
}
/* parse end of output line */
if (strstr($line, "END") || strstr($line, "ERROR"))
if (strstr($line, "END") || strstr($line, "ERROR")) {
break;
}
/* parse client list line */
if (strstr($line, "CLIENT_LIST")) {
$list = explode(",", $line);
......@@ -1018,7 +1082,6 @@ function openvpn_get_server_status($server, $socket) {
$server['routes'][] = $conn;
}
}
/* cleanup */
fclose($fp);
} else {
......@@ -1041,32 +1104,33 @@ function openvpn_get_active_clients()
$clients = array();
if (isset($config['openvpn']['openvpn-client']) && is_array($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as & $settings) {
if (empty($settings) || isset($settings['disable']))
if (empty($settings) || isset($settings['disable'])) {
continue;
}
$prot = $settings['protocol'];
$port = ($settings['local_port']) ? ":{$settings['local_port']}" : "";
$client = array();
$client['port'] = $settings['local_port'];
if ($settings['description'])
if ($settings['description']) {
$client['name'] = "{$settings['description']} {$prot}{$port}";
else
} else {
$client['name'] = "Client {$prot}{$port}";
}
$client['vpnid'] = $settings['vpnid'];
$client['mgmt'] = "client{$client['vpnid']}";
$socket = "unix:///var/etc/openvpn/{$client['mgmt']}.sock";
$client['status']="down";
$clients[] = openvpn_get_client_status($client, $socket);
}
}
return $clients;
}
function openvpn_get_client_status($client, $socket) {
function openvpn_get_client_status($client, $socket)
{
$errval;
$errstr;
$fp = @stream_socket_client($socket, $errval, $errstr, 1);
......@@ -1081,8 +1145,9 @@ function openvpn_get_client_status($client, $socket) {
$line = fgets($fp, 1024);
$info = stream_get_meta_data($fp);
if ($info['timed_out'])
if ($info['timed_out']) {
break;
}
/* Get the client state */
if (strstr($line,"CONNECTED")) {
......@@ -1099,21 +1164,20 @@ function openvpn_get_client_status($client, $socket) {
if (strstr($line,"ASSIGN_IP")) {
$client['status']="waiting";
$list = explode(",", $line);
$client['connect_time'] = date("D M j G:i:s Y", $list[0]);
$client['virtual_addr'] = $list[3];
}
if (strstr($line,"RECONNECTING")) {
$client['status']="reconnecting";
$list = explode(",", $line);
$client['connect_time'] = date("D M j G:i:s Y", $list[0]);
$client['status'] .= "; " . $list[2];
}
/* parse end of output line */
if (strstr($line, "END") || strstr($line, "ERROR"))
if (strstr($line, "END") || strstr($line, "ERROR")) {
break;
}
}
/* If up, get read/write stats */
if (strcmp($client['status'], "up") == 0) {
......@@ -1124,8 +1188,9 @@ function openvpn_get_client_status($client, $socket) {
$line = fgets($fp, 1024);
$info = stream_get_meta_data($fp);
if ($info['timed_out'])
if ($info['timed_out']) {
break;
}
if (strstr($line,"TCP/UDP read bytes")) {
$list = explode(",", $line);
......@@ -1138,13 +1203,12 @@ function openvpn_get_client_status($client, $socket) {
}
/* parse end of output line */
if (strstr($line, "END"))
if (strstr($line, "END")) {
break;
}
}
}
fclose($fp);
} else {
$DisplayNote=true;
$client['remote_host'] = "Unable to contact daemon";
......@@ -1162,14 +1226,16 @@ function openvpn_create_dirs()
@mkdir('/var/etc/openvpn', 0750);
}
function openvpn_get_interface_ip($ip, $mask) {
function openvpn_get_interface_ip($ip, $mask)
{
$baselong = ip2long32($ip) & ip2long($mask);
$ip1 = long2ip32($baselong + 1);
$ip2 = long2ip32($baselong + 2);
return array($ip1, $ip2);
}
function openvpn_get_interface_ipv6($ipv6, $prefix) {
function openvpn_get_interface_ipv6($ipv6, $prefix)
{
$basev6 = gen_subnetv6($ipv6, $prefix);
// Is there a better way to do this math?
$ipv6_arr = explode(':', $basev6);
......@@ -1179,9 +1245,11 @@ function openvpn_get_interface_ipv6($ipv6, $prefix) {
return array($ipv6_1, $ipv6_2);
}
function openvpn_clear_route($mode, $settings) {
if (empty($settings['tunnel_network']))
function openvpn_clear_route($mode, $settings)
{
if (empty($settings['tunnel_network'])) {
return;
}
list($ip, $cidr) = explode('/', $settings['tunnel_network']);
$mask = gen_subnet_mask($cidr);
$clear_route = false;
......@@ -1192,8 +1260,9 @@ function openvpn_clear_route($mode, $settings) {
break;
case 'p2p_tls':
case 'p2p_shared_key':
if ($cidr == 30)
if ($cidr == 30) {
$clear_route = true;
}
break;
}
......@@ -1205,63 +1274,73 @@ function openvpn_clear_route($mode, $settings) {
}
}
function openvpn_gen_routes($value, $ipproto = "ipv4", $push = false, $iroute = false) {
function openvpn_gen_routes($value, $ipproto = "ipv4", $push = false, $iroute = false)
{
$routes = "";
if (empty($value))
if (empty($value)) {
return "";
}
$networks = explode(',', $value);
foreach ($networks as $network) {
if ($ipproto == "ipv4")
if ($ipproto == "ipv4") {
$route = openvpn_gen_route_ipv4($network, $iroute);
else
} else {
$route = openvpn_gen_route_ipv6($network, $iroute);
if ($push)
}
if ($push) {
$routes .= "push \"{$route}\"\n";
else
} else {
$routes .= "{$route}\n";
}
}
return $routes;
}
function openvpn_gen_route_ipv4($network, $iroute = false) {
function openvpn_gen_route_ipv4($network, $iroute = false)
{
$i = ($iroute) ? "i" : "";
list($ip, $mask) = explode('/', trim($network));
$mask = gen_subnet_mask($mask);
return "{$i}route $ip $mask";
}
function openvpn_gen_route_ipv6($network, $iroute = false) {
function openvpn_gen_route_ipv6($network, $iroute = false)
{
$i = ($iroute) ? "i" : "";
list($ipv6, $prefix) = explode('/', trim($network));
if (empty($prefix))
if (empty($prefix)) {
$prefix = "128";
}
return "{$i}route-ipv6 ${ipv6}/${prefix}";
}
function openvpn_get_settings($mode, $vpnid) {
function openvpn_get_settings($mode, $vpnid)
{
global $config;
if (is_array($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as $settings) {
if (isset($settings['disable']))
if (isset($settings['disable'])) {
continue;
if ($vpnid != 0 && $vpnid == $settings['vpnid'])
}
if ($vpnid != 0 && $vpnid == $settings['vpnid']) {
return $settings;
}
}
}
if (is_array($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as $settings) {
if (isset($settings['disable']))
if (isset($settings['disable'])) {
continue;
}
if ($vpnid != 0 && $vpnid == $settings['vpnid'])
if ($vpnid != 0 && $vpnid == $settings['vpnid']) {
return $settings;
}
}
}
return array();
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment