aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2011-02-28 17:11:38 -0500
committerjim-p <jimp@pfsense.org>2011-03-01 12:12:08 -0500
commit4b0dc757fd9b3f0d89f95dfd5f4517d61575aebf (patch)
treec3dc56142a5f07a65058c4f04f2518fe9106c340
parentaa7d47b8f3f272e14716285cd96a7197bca57aae (diff)
downloadpfsense-packages-4b0dc757fd9b3f0d89f95dfd5f4517d61575aebf.tar.gz
pfsense-packages-4b0dc757fd9b3f0d89f95dfd5f4517d61575aebf.tar.bz2
pfsense-packages-4b0dc757fd9b3f0d89f95dfd5f4517d61575aebf.zip
Initial work toward exporting shared key clients.
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc93
-rwxr-xr-xconfig/openvpn-client-export/vpn_openvpn_export.php73
2 files changed, 166 insertions, 0 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index a9a882b4..3e8038e4 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -500,4 +500,97 @@ EOF;
}
+function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipconf = false) {
+ global $config, $input_errors, $g;
+
+ // lookup server settings
+ $settings = $config['openvpn']['openvpn-server'][$srvid];
+ if (empty($settings)) {
+ $input_errors[] = "Could not locate server configuration.";
+ return false;
+ }
+ if ($settings['disable']) {
+ $input_errors[] = "You cannot export for disabled servers.";
+ return false;
+ }
+
+ // determine basic variables
+ if ($useaddr == "serveraddr") {
+ $interface = $settings['interface'];
+ if (!empty($settings['ipaddr']) && is_ipaddr($settings['ipaddr'])) {
+ $server_host = $settings['ipaddr'];
+ } else {
+ if (!$interface)
+ $interface = "wan";
+ $server_host = get_interface_ip($interface);
+ }
+ } else if ($useaddr == "serverhostname" || empty($useaddr)) {
+ $server_host = "{$config['system']['hostname']}.{$config['system']['domain']}";
+ } else
+ $server_host = $useaddr;
+
+ $server_port = $settings['local_port'];
+ $proto = (strtoupper($settings['protocol']) == 'UDP' ? 'udp' : "tcp-client");
+
+ $cipher = $settings['crypto'];
+
+ // add basic settings
+ $conf = "dev tun\n";
+ $conf .= "persist-tun\n";
+ $conf .= "persist-key\n";
+ $conf .= "proto {$proto}\n";
+ $conf .= "cipher {$cipher}\n";
+ $conf .= "client\n";
+ $conf .= "resolv-retry infinite\n";
+ $conf .= "remote {$server_host} {$server_port}\n";
+ if ($settings['local_network']) {
+ list($ip, $mask) = explode('/', $settings['local_network']);
+ $mask = gen_subnet_mask($mask);
+ $conf .= "route $ip $mask\n";
+ }
+
+ if (!empty($proxy)) {
+ if ($proto == "udp") {
+ $input_errors[] = "This server uses UDP protocol and cannot communicate with HTTP proxy.";
+ return;
+ }
+ $conf .= "http-proxy {$proxy['ip']} {$proxy['port']} ";
+ if ($proxy['proxy_authtype'] != "none") {
+ if (!isset($proxy['passwdfile']))
+ $proxy['passwdfile'] = openvpn_client_export_prefix($srvid) . "-proxy";
+ $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}";
+ }
+ $conf .= "\n";
+ }
+
+ // add key settings
+ $prefix = openvpn_client_export_prefix($srvid);
+ $shkeyfile = "{$prefix}.secret";
+ $conf .= "secret {$shkeyfile}\n";
+
+ // add optional settings
+ if ($settings['compression'])
+ $conf .= "comp-lzo\n";
+ if ($settings['passtos'])
+ $conf .= "passtos\n";
+
+ if ($zipconf == true) {
+ // create template directory
+ $tempdir = "{$g['tmp_path']}/{$prefix}";
+ mkdir($tempdir, 0700, true);
+
+ file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf);
+
+ $shkeyfile = "{$tempdir}/{$shkeyfile}";
+ file_put_contents("{$shkeyfile}", base64_decode($settings['shared_key']));
+
+ exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
+
+ // Remove temporary directory
+ exec("rm -rf {$tempdir}");
+ return "{$prefix}-config.zip";
+ } else
+ return $conf;
+}
+
?>
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index 73833fbe..c0c2838c 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -327,6 +327,79 @@ if($act == "inst") {
}
}
+if(($act == "skconf") || ($act == "skzipconf")) {
+ $srvid = $_GET['srvid'];
+ if (($srvid === false) || ($config['openvpn']['openvpn-server'][$srvid]['mode'] != "p2p_shared_key")) {
+ pfSenseHeader("vpn_openvpn_export.php");
+ exit;
+ }
+
+ if (empty($_GET['useaddr'])) {
+ $error = true;
+ $input_errors[] = "You need to specify an IP or hostname.";
+ } else
+ $useaddr = $_GET['useaddr'];
+
+ $proxy = "";
+ if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) {
+ $proxy = array();
+ if (empty($_GET['proxy_addr'])) {
+ $error = true;
+ $input_errors[] = "You need to specify an address for the proxy port.";
+ } else
+ $proxy['ip'] = $_GET['proxy_addr'];
+ if (empty($_GET['proxy_port'])) {
+ $error = true;
+ $input_errors[] = "You need to specify a port for the proxy ip.";
+ } else
+ $proxy['port'] = $_GET['proxy_port'];
+ $proxy['proxy_authtype'] = $_GET['proxy_authtype'];
+ if ($_GET['proxy_authtype'] != "none") {
+ if (empty($_GET['proxy_user'])) {
+ $error = true;
+ $input_errors[] = "You need to specify a username with the proxy config.";
+ } else
+ $proxy['user'] = $_GET['proxy_user'];
+ if (!empty($_GET['proxy_user']) && empty($_GET['proxy_password'])) {
+ $error = true;
+ $input_errors[] = "You need to specify a password with the proxy user.";
+ } else
+ $proxy['password'] = $_GET['proxy_password'];
+ }
+ }
+
+ $exp_name = openvpn_client_export_prefix($srvid);
+ if ($act == "skzipconf")
+ $zipconf = true;
+ $exp_data = openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipconf);
+ if (!$exp_data) {
+ $input_errors[] = "Failed to export config files!";
+ $error = true;
+ }
+ if (!$error) {
+ if ($zipconf) {
+ $exp_name = urlencode($exp_data);
+ $exp_size = filesize("{$g['tmp_path']}/{$exp_data}");
+ } else {
+ $exp_name = urlencode($exp_name."-config.ovpn");
+ $exp_size = strlen($exp_data);
+ }
+
+ header('Pragma: ');
+ header('Cache-Control: ');
+ header("Content-Type: application/octet-stream");
+ header("Content-Disposition: attachment; filename={$exp_name}");
+ header("Content-Length: $exp_size");
+ if ($zipconf)
+ readfile("{$g['tmp_path']}/{$exp_data}");
+ else
+ echo $exp_data;
+
+ @unlink("{$g['tmp_path']}/{$exp_data}");
+ exit;
+ }
+}
+
include("head.inc");
?>