diff options
| author | Renato Botelho <renato@netgate.com> | 2015-08-11 08:13:52 -0300 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2015-08-11 08:13:52 -0300 |
| commit | 44e14f0ad32450757e69918f7d596c671f74fad3 (patch) | |
| tree | 4801499c9037487edf382679445dcd11d33983bb | |
| parent | 825c50cd46de155ea98755f998a9691107f59f41 (diff) | |
| parent | fcdf9e6bbdbf7d84e5cda209d34a637760b5be95 (diff) | |
| download | pfsense-packages-44e14f0ad32450757e69918f7d596c671f74fad3.tar.gz pfsense-packages-44e14f0ad32450757e69918f7d596c671f74fad3.tar.bz2 pfsense-packages-44e14f0ad32450757e69918f7d596c671f74fad3.zip | |
Merge pull request #977 from doktornotor/patch-20
| -rw-r--r-- | config/openvpn_tapfix_20x/openvpn_tapfix_203.patch | 290 | ||||
| -rw-r--r-- | config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc | 25 | ||||
| -rw-r--r-- | config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch | 301 | ||||
| -rw-r--r-- | config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml | 70 | ||||
| -rw-r--r-- | pkg_config.8.xml | 10 | ||||
| -rw-r--r-- | pkg_config.8.xml.amd64 | 10 |
6 files changed, 0 insertions, 706 deletions
diff --git a/config/openvpn_tapfix_20x/openvpn_tapfix_203.patch b/config/openvpn_tapfix_20x/openvpn_tapfix_203.patch deleted file mode 100644 index 897a1199..00000000 --- a/config/openvpn_tapfix_20x/openvpn_tapfix_203.patch +++ /dev/null @@ -1,290 +0,0 @@ -diff --git /etc/inc/openvpn.inc.orig /etc/inc/openvpn.inc -index 777b395..701a032 100644 ---- a/etc/inc/openvpn.inc -+++ b/etc/inc/openvpn.inc -@@ -394,19 +394,37 @@ function openvpn_reconfigure($mode, $settings) { - // If the CIDR is less than a /30, OpenVPN will complain if you try to - // use the server directive. It works for a single client without it. - // See ticket #1417 -- if ($cidr < 30) { -+ if (!empty($ip) && !empty($mask) && ($cidr < 30)) { - $conf .= "server {$ip} {$mask}\n"; - $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; - } - case 'p2p_shared_key': -- list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask); -- $conf .= "ifconfig $ip1 $ip2\n"; -+ if (!empty($ip) && !empty($mask)) { -+ list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask); -+ $conf .= "ifconfig $ip1 $ip2\n"; -+ } - break; - case 'server_tls': - case 'server_user': - case 'server_tls_user': -- $conf .= "server {$ip} {$mask}\n"; -- $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; -+ if (!empty($ip) && !empty($mask)) { -+ $conf .= "server {$ip} {$mask}\n"; -+ $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; -+ } else { -+ if ($settings['serverbridge_dhcp']) { -+ if ((!empty($settings['serverbridge_interface'])) && (strcmp($settings['serverbridge_interface'], "none"))) { -+ $biface_ip=get_interface_ip($settings['serverbridge_interface']); -+ $biface_sm=gen_subnet_mask(get_interface_subnet($settings['serverbridge_interface'])); -+ if (is_ipaddr($biface_ip) && is_ipaddr($settings['serverbridge_dhcp_start']) && is_ipaddr($settings['serverbridge_dhcp_end'])) { -+ $conf .= "server-bridge {$biface_ip} {$biface_sm} {$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n"; -+ } else { -+ $conf .= "mode server\n"; -+ } -+ } else { -+ $conf .= "mode server\n"; -+ } -+ } -+ } - break; - } - -@@ -452,7 +452,9 @@ function openvpn_reconfigure($mode, $settings) { - case 'server_user': - $conf .= "client-cert-not-required\n"; - case 'server_tls_user': -- $conf .= "username-as-common-name\n"; -+ /* username-as-common-name is not compatible with server-bridge */ -+ if (stristr($conf, "server-bridge") === false) -+ $conf .= "username-as-common-name\n"; - if (!empty($settings['authmode'])) { - $authcfgs = explode(",", $settings['authmode']); - $sed = "\$authmodes=array("; - -diff --git /usr/local/www/vpn_openvpn_server.php.orig /usr/local/www/vpn_openvpn_server.php -index 0ef67a7..bd9f527 100644 ---- a/usr/local/www/vpn_openvpn_server.php -+++ b/usr/local/www/vpn_openvpn_server.php -@@ -147,6 +147,11 @@ if($_GET['act']=="edit"){ - $pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip']; - $pconfig['pool_enable'] = $a_server[$id]['pool_enable']; - -+ $pconfig['serverbridge_dhcp'] = $a_server[$id]['serverbridge_dhcp']; -+ $pconfig['serverbridge_interface'] = $a_server[$id]['serverbridge_interface']; -+ $pconfig['serverbridge_dhcp_start'] = $a_server[$id]['serverbridge_dhcp_start']; -+ $pconfig['serverbridge_dhcp_end'] = $a_server[$id]['serverbridge_dhcp_end']; -+ - $pconfig['dns_domain'] = $a_server[$id]['dns_domain']; - if ($pconfig['dns_domain']) - $pconfig['dns_domain_enable'] = true; -@@ -188,7 +193,6 @@ if($_GET['act']=="edit"){ - $pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']); - } - } -- - if ($_POST) { - - unset($input_errors); -@@ -284,9 +288,22 @@ if ($_POST) { - $reqdfieldsn = array(gettext('Shared key')); - } - -- $reqdfields[] = 'tunnel_network'; -- $reqdfieldsn[] = gettext('Tunnel network'); -- -+ if ($pconfig['dev_mode'] != "tap") { -+ $reqdfields[] = 'tunnel_network'; -+ $reqdfieldsn[] = gettext('Tunnel network'); -+ } else { -+ if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network']) -+ $input_errors[] = gettext("Using a tunnel network and server bridge settings together is not allowed."); -+ if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end']) -+ || (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end'])) -+ $input_errors[] = gettext("Server Bridge DHCP Start and End must both be empty, or defined."); -+ if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddr($pconfig['serverbridge_dhcp_start']))) -+ $input_errors[] = gettext("Server Bridge DHCP Start must be an IPv4 address."); -+ if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddr($pconfig['serverbridge_dhcp_end']))) -+ $input_errors[] = gettext("Server Bridge DHCP End must be an IPv4 address."); -+ if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end'])) -+ $input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end)."); -+ } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (!$input_errors) { -@@ -341,6 +358,11 @@ if ($_POST) { - $server['dynamic_ip'] = $pconfig['dynamic_ip']; - $server['pool_enable'] = $pconfig['pool_enable']; - -+ $server['serverbridge_dhcp'] = $pconfig['serverbridge_dhcp']; -+ $server['serverbridge_interface'] = $pconfig['serverbridge_interface']; -+ $server['serverbridge_dhcp_start'] = $pconfig['serverbridge_dhcp_start']; -+ $server['serverbridge_dhcp_end'] = $pconfig['serverbridge_dhcp_end']; -+ - if ($pconfig['dns_domain_enable']) - $server['dns_domain'] = $pconfig['dns_domain']; - -@@ -559,6 +581,56 @@ function netbios_change() { - } - } - -+function tuntap_change() { -+ -+ mindex = document.iform.mode.selectedIndex; -+ mvalue = document.iform.mode.options[mindex].value; -+ -+ switch(mvalue) { -+ case "p2p_tls": -+ case "p2p_shared_key": -+ p2p = true; -+ break; -+ default: -+ p2p = false; -+ break; -+ } -+ -+ index = document.iform.dev_mode.selectedIndex; -+ value = document.iform.dev_mode.options[index].value; -+ switch(value) { -+ case "tun": -+ document.getElementById("ipv4_tunnel_network").className="vncellreq"; -+ document.getElementById("serverbridge_dhcp").style.display="none"; -+ document.getElementById("serverbridge_interface").style.display="none"; -+ document.getElementById("serverbridge_dhcp_start").style.display="none"; -+ document.getElementById("serverbridge_dhcp_end").style.display="none"; -+ break; -+ case "tap": -+ document.getElementById("ipv4_tunnel_network").className="vncell"; -+ if (!p2p) { -+ document.getElementById("serverbridge_dhcp").style.display=""; -+ document.getElementById("serverbridge_interface").style.display=""; -+ document.getElementById("serverbridge_dhcp_start").style.display=""; -+ document.getElementById("serverbridge_dhcp_end").style.display=""; -+ if (document.iform.serverbridge_dhcp.checked) { -+ document.iform.serverbridge_interface.disabled = false; -+ document.iform.serverbridge_dhcp_start.disabled = false; -+ document.iform.serverbridge_dhcp_end.disabled = false; -+ } else { -+ document.iform.serverbridge_interface.disabled = true; -+ document.iform.serverbridge_dhcp_start.disabled = true; -+ document.iform.serverbridge_dhcp_end.disabled = true; -+ } -+ } else { -+ document.iform.serverbridge_dhcp.disabled = true; -+ document.iform.serverbridge_interface.disabled = true; -+ document.iform.serverbridge_dhcp_start.disabled = true; -+ document.iform.serverbridge_dhcp_end.disabled = true; -+ } -+ break; -+ } -+} - //--> - </script> - <?php -@@ -619,7 +691,7 @@ if ($savemsg) - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td> - <td width="78%" class="vtable"> -- <select name='mode' id='mode' class="formselect" onchange='mode_change()'> -+ <select name='mode' id='mode' class="formselect" onchange='mode_change(); tuntap_change()'> - <?php - foreach ($openvpn_server_modes as $name => $desc): - $selected = ""; -@@ -666,7 +738,7 @@ if ($savemsg) - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td> - <td width="78%" class="vtable"> -- <select name="dev_mode" class="formselect"> -+ <select name="dev_mode" class="formselect" onchange='tuntap_change()'> - <?php - foreach ($openvpn_dev_mode as $device): - $selected = ""; -@@ -976,7 +1048,7 @@ if ($savemsg) - <td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td> - </tr> - <tr> -- <td width="22%" valign="top" class="vncellreq"><?=gettext("Tunnel Network"); ?></td> -+ <td width="22%" valign="top" class="vncellreq" id="ipv4_tunnel_network"><?=gettext("Tunnel Network"); ?></td> - <td width="78%" class="vtable"> - <input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>"> - <br> -@@ -989,6 +1061,76 @@ if ($savemsg) - "to connecting clients. (see Address Pool)"); ?> - </td> - </tr> -+ <tr id="serverbridge_dhcp"> -+ <td width="22%" valign="top" class="vncell"><?=gettext("Bridge DHCP"); ?></td> -+ <td width="78%" class="vtable"> -+ <table border="0" cellpadding="2" cellspacing="0"> -+ <tr> -+ <td> -+ <?php set_checked($pconfig['serverbridge_dhcp'],$chk); ?> -+ <input name="serverbridge_dhcp" type="checkbox" value="yes" <?=$chk;?> onchange='tuntap_change()' /> -+ </td> -+ <td> -+ <span class="vexpl"> -+ <?=gettext("Allow clients on the bridge to obtain DHCP."); ?><br> -+ </span> -+ </td> -+ </tr> -+ </table> -+ </td> -+ </tr> -+ <tr id="serverbridge_interface"> -+ <td width="22%" valign="top" class="vncell"><?=gettext("Bridge Interface"); ?></td> -+ <td width="78%" class="vtable"> -+ <select name="serverbridge_interface" class="formselect"> -+ <?php -+ $serverbridge_interface['none'] = "none"; -+ $serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr()); -+ $carplist = get_configured_carp_interface_list(); -+ foreach ($carplist as $cif => $carpip) -+ $serverbridge_interface[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; -+ $aliaslist = get_configured_ip_aliases_list(); -+ foreach ($aliaslist as $aliasip => $aliasif) -+ $serverbridge_interface[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; -+ foreach ($serverbridge_interface as $iface => $ifacename): -+ $selected = ""; -+ if ($iface == $pconfig['serverbridge_interface']) -+ $selected = "selected"; -+ ?> -+ <option value="<?=$iface;?>" <?=$selected;?>> -+ <?=htmlspecialchars($ifacename);?> -+ </option> -+ <?php endforeach; ?> -+ </select> <br> -+ <?=gettext("The interface to which this tap instance will be, " . -+ "bridged. This is not done automatically. You must assign this " . -+ "interface and create the bridge separately. " . -+ "This setting controls which existing IP address and subnet " . -+ "mask are used by OpenVPN for the bridge. Setting this to " . -+ "'none' will cause the Server Bridge DHCP settings below to be ignored."); ?> -+ </td> -+ </tr> -+ <tr id="serverbridge_dhcp_start"> -+ <td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP Start"); ?></td> -+ <td width="78%" class="vtable"> -+ <input name="serverbridge_dhcp_start" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_start']);?>"> -+ <br> -+ <?=gettext("When using tap mode as multi-point server, " . -+ "you may optionally supply a DHCP range to use on the " . -+ "interface to which this tap instance is bridged. " . -+ "If these settings are left blank, DHCP will be passed " . -+ "through to the LAN, and the interface setting above " . -+ "will be ignored."); ?> -+ </td> -+ </tr> -+ <tr id="serverbridge_dhcp_end"> -+ <td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP End"); ?></td> -+ <td width="78%" class="vtable"> -+ <input name="serverbridge_dhcp_end" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_end']);?>"> -+ <br> -+ <?=gettext(""); ?> -+ </td> -+ </tr> - <tr id="gwredir_opts"> - <td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td> - <td width="78%" class="vtable"> -@@ -1486,6 +1628,7 @@ dns_server_change(); - wins_server_change(); - ntp_server_change(); - netbios_change(); -+tuntap_change(); - //--> - </script> - </body> diff --git a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc deleted file mode 100644 index 8f574212..00000000 --- a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc +++ /dev/null @@ -1,25 +0,0 @@ -<?php - -function openvpn_tapfix_20x_install() { - global $g, $config; - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,5); - switch ($pfs_version) { - case "2.0.3": - $patch_file = "openvpn_tapfix_203.patch"; - break; - default: - $patch_file = "openvpn_tapfix_20x.patch"; - } - // Test to make sure the patch is not already applied. - $out = `patch -fslC --reverse -p1 -b .before_openvpn_tapfix_20x -d / -i /usr/local/pkg/{$patch_file} |& grep -ci reject`; - if ($out == 0) { - // If the patch has not already been applied, test to see if it will apply cleanly. - $out = `patch -fsNlC -p1 -b .before_openvpn_tapfix_20x -d / -i /usr/local/pkg/{$patch_file} |& grep -ci reject`; - if ($out == 0) { - // The patch should apply cleanly, let 'er rip. - mwexec("patch -fsNl -p1 -b .before_openvpn_tapfix_20x -d / -i /usr/local/pkg/{$patch_file} "); - } - } -} - -?>
\ No newline at end of file diff --git a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch deleted file mode 100644 index ed4232bb..00000000 --- a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch +++ /dev/null @@ -1,301 +0,0 @@ -diff --git /etc/inc/openvpn.inc.orig /etc/inc/openvpn.inc -index 777b395..701a032 100644 ---- a/etc/inc/openvpn.inc -+++ b/etc/inc/openvpn.inc -@@ -394,21 +394,39 @@ function openvpn_reconfigure($mode, $settings) { - // If the CIDR is less than a /30, OpenVPN will complain if you try to - // use the server directive. It works for a single client without it. - // See ticket #1417 -- if ($cidr < 30) { -+ if (!empty($ip) && !empty($mask) && ($cidr < 30)) { - $conf .= "server {$ip} {$mask}\n"; - $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; - } - case 'p2p_shared_key': -- $baselong = ip2long32($ip) & ip2long($mask); -- $ip1 = long2ip32($baselong + 1); -- $ip2 = long2ip32($baselong + 2); -- $conf .= "ifconfig $ip1 $ip2\n"; -+ if (!empty($ip) && !empty($mask)) { -+ $baselong = ip2long32($ip) & ip2long($mask); -+ $ip1 = long2ip32($baselong + 1); -+ $ip2 = long2ip32($baselong + 2); -+ $conf .= "ifconfig $ip1 $ip2\n"; -+ } - break; - case 'server_tls': - case 'server_user': - case 'server_tls_user': -- $conf .= "server {$ip} {$mask}\n"; -- $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; -+ if (!empty($ip) && !empty($mask)) { -+ $conf .= "server {$ip} {$mask}\n"; -+ $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; -+ } else { -+ if ($settings['serverbridge_dhcp']) { -+ if ((!empty($settings['serverbridge_interface'])) && (strcmp($settings['serverbridge_interface'], "none"))) { -+ $biface_ip=get_interface_ip($settings['serverbridge_interface']); -+ $biface_sm=gen_subnet_mask(get_interface_subnet($settings['serverbridge_interface'])); -+ if (is_ipaddr($biface_ip) && is_ipaddr($settings['serverbridge_dhcp_start']) && is_ipaddr($settings['serverbridge_dhcp_end'])) { -+ $conf .= "server-bridge {$biface_ip} {$biface_sm} {$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n"; -+ } else { -+ $conf .= "mode server\n"; -+ } -+ } else { -+ $conf .= "mode server\n"; -+ } -+ } -+ } - break; - } - -@@ -452,7 +452,9 @@ function openvpn_reconfigure($mode, $settings) { - case 'server_user': - $conf .= "client-cert-not-required\n"; - case 'server_tls_user': -- $conf .= "username-as-common-name\n"; -+ /* username-as-common-name is not compatible with server-bridge */ -+ if (stristr($conf, "server-bridge") === false) -+ $conf .= "username-as-common-name\n"; - if (!empty($settings['authmode'])) { - $authcfgs = explode(",", $settings['authmode']); - $sed = "\$authmodes=array("; - -@@ -1021,4 +1039,4 @@ function openvpn_refresh_crls() { - } - } - --?> -\ No newline at end of file -+?> -diff --git /usr/local/www/vpn_openvpn_server.php.orig /usr/local/www/vpn_openvpn_server.php -index 0ef67a7..bd9f527 100644 ---- a/usr/local/www/vpn_openvpn_server.php -+++ b/usr/local/www/vpn_openvpn_server.php -@@ -147,6 +147,11 @@ if($_GET['act']=="edit"){ - $pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip']; - $pconfig['pool_enable'] = $a_server[$id]['pool_enable']; - -+ $pconfig['serverbridge_dhcp'] = $a_server[$id]['serverbridge_dhcp']; -+ $pconfig['serverbridge_interface'] = $a_server[$id]['serverbridge_interface']; -+ $pconfig['serverbridge_dhcp_start'] = $a_server[$id]['serverbridge_dhcp_start']; -+ $pconfig['serverbridge_dhcp_end'] = $a_server[$id]['serverbridge_dhcp_end']; -+ - $pconfig['dns_domain'] = $a_server[$id]['dns_domain']; - if ($pconfig['dns_domain']) - $pconfig['dns_domain_enable'] = true; -@@ -188,7 +193,6 @@ if($_GET['act']=="edit"){ - $pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']); - } - } -- - if ($_POST) { - - unset($input_errors); -@@ -284,9 +288,22 @@ if ($_POST) { - $reqdfieldsn = array(gettext('Shared key')); - } - -- $reqdfields[] = 'tunnel_network'; -- $reqdfieldsn[] = gettext('Tunnel network'); -- -+ if ($pconfig['dev_mode'] != "tap") { -+ $reqdfields[] = 'tunnel_network'; -+ $reqdfieldsn[] = gettext('Tunnel network'); -+ } else { -+ if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network']) -+ $input_errors[] = gettext("Using a tunnel network and server bridge settings together is not allowed."); -+ if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end']) -+ || (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end'])) -+ $input_errors[] = gettext("Server Bridge DHCP Start and End must both be empty, or defined."); -+ if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddr($pconfig['serverbridge_dhcp_start']))) -+ $input_errors[] = gettext("Server Bridge DHCP Start must be an IPv4 address."); -+ if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddr($pconfig['serverbridge_dhcp_end']))) -+ $input_errors[] = gettext("Server Bridge DHCP End must be an IPv4 address."); -+ if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end'])) -+ $input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end)."); -+ } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (!$input_errors) { -@@ -341,6 +358,11 @@ if ($_POST) { - $server['dynamic_ip'] = $pconfig['dynamic_ip']; - $server['pool_enable'] = $pconfig['pool_enable']; - -+ $server['serverbridge_dhcp'] = $pconfig['serverbridge_dhcp']; -+ $server['serverbridge_interface'] = $pconfig['serverbridge_interface']; -+ $server['serverbridge_dhcp_start'] = $pconfig['serverbridge_dhcp_start']; -+ $server['serverbridge_dhcp_end'] = $pconfig['serverbridge_dhcp_end']; -+ - if ($pconfig['dns_domain_enable']) - $server['dns_domain'] = $pconfig['dns_domain']; - -@@ -559,6 +581,56 @@ function netbios_change() { - } - } - -+function tuntap_change() { -+ -+ mindex = document.iform.mode.selectedIndex; -+ mvalue = document.iform.mode.options[mindex].value; -+ -+ switch(mvalue) { -+ case "p2p_tls": -+ case "p2p_shared_key": -+ p2p = true; -+ break; -+ default: -+ p2p = false; -+ break; -+ } -+ -+ index = document.iform.dev_mode.selectedIndex; -+ value = document.iform.dev_mode.options[index].value; -+ switch(value) { -+ case "tun": -+ document.getElementById("ipv4_tunnel_network").className="vncellreq"; -+ document.getElementById("serverbridge_dhcp").style.display="none"; -+ document.getElementById("serverbridge_interface").style.display="none"; -+ document.getElementById("serverbridge_dhcp_start").style.display="none"; -+ document.getElementById("serverbridge_dhcp_end").style.display="none"; -+ break; -+ case "tap": -+ document.getElementById("ipv4_tunnel_network").className="vncell"; -+ if (!p2p) { -+ document.getElementById("serverbridge_dhcp").style.display=""; -+ document.getElementById("serverbridge_interface").style.display=""; -+ document.getElementById("serverbridge_dhcp_start").style.display=""; -+ document.getElementById("serverbridge_dhcp_end").style.display=""; -+ if (document.iform.serverbridge_dhcp.checked) { -+ document.iform.serverbridge_interface.disabled = false; -+ document.iform.serverbridge_dhcp_start.disabled = false; -+ document.iform.serverbridge_dhcp_end.disabled = false; -+ } else { -+ document.iform.serverbridge_interface.disabled = true; -+ document.iform.serverbridge_dhcp_start.disabled = true; -+ document.iform.serverbridge_dhcp_end.disabled = true; -+ } -+ } else { -+ document.iform.serverbridge_dhcp.disabled = true; -+ document.iform.serverbridge_interface.disabled = true; -+ document.iform.serverbridge_dhcp_start.disabled = true; -+ document.iform.serverbridge_dhcp_end.disabled = true; -+ } -+ break; -+ } -+} - //--> - </script> - <?php -@@ -619,7 +691,7 @@ if ($savemsg) - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td> - <td width="78%" class="vtable"> -- <select name='mode' id='mode' class="formselect" onchange='mode_change()'> -+ <select name='mode' id='mode' class="formselect" onchange='mode_change(); tuntap_change()'> - <?php - foreach ($openvpn_server_modes as $name => $desc): - $selected = ""; -@@ -666,7 +738,7 @@ if ($savemsg) - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td> - <td width="78%" class="vtable"> -- <select name="dev_mode" class="formselect"> -+ <select name="dev_mode" class="formselect" onchange='tuntap_change()'> - <?php - foreach ($openvpn_dev_mode as $device): - $selected = ""; -@@ -976,7 +1048,7 @@ if ($savemsg) - <td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td> - </tr> - <tr> -- <td width="22%" valign="top" class="vncellreq"><?=gettext("Tunnel Network"); ?></td> -+ <td width="22%" valign="top" class="vncellreq" id="ipv4_tunnel_network"><?=gettext("Tunnel Network"); ?></td> - <td width="78%" class="vtable"> - <input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>"> - <br> -@@ -989,6 +1061,76 @@ if ($savemsg) - "to connecting clients. (see Address Pool)"); ?> - </td> - </tr> -+ <tr id="serverbridge_dhcp"> -+ <td width="22%" valign="top" class="vncell"><?=gettext("Bridge DHCP"); ?></td> -+ <td width="78%" class="vtable"> -+ <table border="0" cellpadding="2" cellspacing="0"> -+ <tr> -+ <td> -+ <?php set_checked($pconfig['serverbridge_dhcp'],$chk); ?> -+ <input name="serverbridge_dhcp" type="checkbox" value="yes" <?=$chk;?> onchange='tuntap_change()' /> -+ </td> -+ <td> -+ <span class="vexpl"> -+ <?=gettext("Allow clients on the bridge to obtain DHCP."); ?><br> -+ </span> -+ </td> -+ </tr> -+ </table> -+ </td> -+ </tr> -+ <tr id="serverbridge_interface"> -+ <td width="22%" valign="top" class="vncell"><?=gettext("Bridge Interface"); ?></td> -+ <td width="78%" class="vtable"> -+ <select name="serverbridge_interface" class="formselect"> -+ <?php -+ $serverbridge_interface['none'] = "none"; -+ $serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr()); -+ $carplist = get_configured_carp_interface_list(); -+ foreach ($carplist as $cif => $carpip) -+ $serverbridge_interface[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; -+ $aliaslist = get_configured_ip_aliases_list(); -+ foreach ($aliaslist as $aliasip => $aliasif) -+ $serverbridge_interface[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; -+ foreach ($serverbridge_interface as $iface => $ifacename): -+ $selected = ""; -+ if ($iface == $pconfig['serverbridge_interface']) -+ $selected = "selected"; -+ ?> -+ <option value="<?=$iface;?>" <?=$selected;?>> -+ <?=htmlspecialchars($ifacename);?> -+ </option> -+ <?php endforeach; ?> -+ </select> <br> -+ <?=gettext("The interface to which this tap instance will be, " . -+ "bridged. This is not done automatically. You must assign this " . -+ "interface and create the bridge separately. " . -+ "This setting controls which existing IP address and subnet " . -+ "mask are used by OpenVPN for the bridge. Setting this to " . -+ "'none' will cause the Server Bridge DHCP settings below to be ignored."); ?> -+ </td> -+ </tr> -+ <tr id="serverbridge_dhcp_start"> -+ <td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP Start"); ?></td> -+ <td width="78%" class="vtable"> -+ <input name="serverbridge_dhcp_start" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_start']);?>"> -+ <br> -+ <?=gettext("When using tap mode as multi-point server, " . -+ "you may optionally supply a DHCP range to use on the " . -+ "interface to which this tap instance is bridged. " . -+ "If these settings are left blank, DHCP will be passed " . -+ "through to the LAN, and the interface setting above " . -+ "will be ignored."); ?> -+ </td> -+ </tr> -+ <tr id="serverbridge_dhcp_end"> -+ <td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP End"); ?></td> -+ <td width="78%" class="vtable"> -+ <input name="serverbridge_dhcp_end" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_end']);?>"> -+ <br> -+ <?=gettext(""); ?> -+ </td> -+ </tr> - <tr id="gwredir_opts"> - <td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td> - <td width="78%" class="vtable"> -@@ -1486,6 +1628,7 @@ dns_server_change(); - wins_server_change(); - ntp_server_change(); - netbios_change(); -+tuntap_change(); - //--> - </script> - </body> diff --git a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml deleted file mode 100644 index ef498545..00000000 --- a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml +++ /dev/null @@ -1,70 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - openvpn_tapfix_20x.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2011 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>OpenVPN tap Bridging Fix</description> - <requirements>pfSense 2.0.x</requirements> - <faq>None</faq> - <name>OpenVPN tap Bridging Fix</name> - <version>0.4</version> - <title>OpenVPN tap Bridging Fix</title> - <include_file>/usr/local/pkg/openvpn_tapfix_20x.inc</include_file> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_203.patch</item> - </additional_files_needed> - <custom_php_install_command> - openvpn_tapfix_20x_install(); - </custom_php_install_command> -</packagegui> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index ac9cd9e9..2e14d8df 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1602,16 +1602,6 @@ <configurationfile>mailreport.xml</configurationfile> </package> <package> - <name>OpenVPN tap Bridging Fix</name> - <descr>Patch to fix OpenVPN tap bridging on 2.0.x. WARNING! Cannot be uninstalled.</descr> - <category>System</category> - <config_file>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml</config_file> - <version>0.4</version> - <status>BETA</status> - <required_version>2.0</required_version> - <maximum_version>2.0.4</maximum_version> - </package> - <package> <name>Quagga OSPF</name> <descr>OSPF routing protocol using Quagga -- WARNING! Installs files to the same place as OpenBGPD. Installing both will break things.</descr> <maintainer>jimp@pfsense.org</maintainer> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 395f4077..ec773fb9 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1589,16 +1589,6 @@ <configurationfile>mailreport.xml</configurationfile> </package> <package> - <name>OpenVPN tap Bridging Fix</name> - <descr>Patch to fix OpenVPN tap bridging on 2.0.x. WARNING! Cannot be uninstalled.</descr> - <category>System</category> - <config_file>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml</config_file> - <version>0.4</version> - <status>BETA</status> - <required_version>2.0</required_version> - <maximum_version>2.0.4</maximum_version> - </package> - <package> <name>Quagga OSPF</name> <descr>OSPF routing protocol using Quagga -- WARNING! Installs files to the same place as OpenBGPD. Installing both will break things.</descr> <maintainer>jimp@pfsense.org</maintainer> |