aboutsummaryrefslogtreecommitdiffstats
path: root/config/openvpn-client-export/openvpn-client-export.inc
diff options
context:
space:
mode:
authorErmal Luçi <eri@pfsense.org>2010-02-23 00:00:11 +0000
committerErmal Luçi <eri@pfsense.org>2010-02-23 00:00:11 +0000
commit214b5a6d453ca8b5d3adb1b69847500be8a70d77 (patch)
tree43aee8cc4c95fd9be4e57f75c8535c59db749e75 /config/openvpn-client-export/openvpn-client-export.inc
parent859e862ec3575d6dc0a002e9f8c3d03d2555ccd0 (diff)
downloadpfsense-packages-214b5a6d453ca8b5d3adb1b69847500be8a70d77.tar.gz
pfsense-packages-214b5a6d453ca8b5d3adb1b69847500be8a70d77.tar.bz2
pfsense-packages-214b5a6d453ca8b5d3adb1b69847500be8a70d77.zip
* Teach exporeter about http-proxy directive
* Support http-proxy authentication * Fix some javascript/style handling * Implement propper error messages for configuration exported. It needs to be added for installer and viscosity.
Diffstat (limited to 'config/openvpn-client-export/openvpn-client-export.inc')
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc59
1 files changed, 48 insertions, 11 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index b96732ce..e500d9dc 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -66,7 +66,7 @@ function openvpn_client_export_prefix($srvid) {
return false;
$host = $config['system']['hostname'];
- $prot = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-{$mode}");
+ $prot = ($settings['protocol'] == 'UDP' ? 'udp' : $settings['protocol']);
$port = $settings['local_port'];
return "{$host}-{$prot}-{$port}";
@@ -85,26 +85,34 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap
unlink($capath);
}
-function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false) {
- global $config;
+function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy) {
+ global $config, $input_errors;
// lookup server settings
$settings = $config['openvpn']['openvpn-server'][$srvid];
- if (empty($settings))
+ if (empty($settings)) {
+ $input_errors[] = "Could not locate server configuration.";
return false;
- if ($settings['disable'])
+ }
+ if ($settings['disable']) {
+ $input_errors[] = "You cannot export for disabled servers.";
return false;
+ }
// lookup server certificate info
$server_cert =& lookup_cert($settings['certref']);
$server_ca =& lookup_ca($server_cert['caref']);
- if (!$server_cert || !$server_ca)
+ if (!$server_cert || !$server_ca) {
+ $input_errors[] = "Could not locate certificate.";
return false;
+ }
// lookup user info
$user =& $config['system']['user'][$usrid];
- if (!$user)
+ if (!$user) {
+ $input_errors[] = "Could not find user settings.";
return false;
+ }
// determine basic variables
if ($useaddr == "serveraddr") {
@@ -123,6 +131,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
$server_port = $settings['local_port'];
$proto = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-client");
+
$cipher = $settings['crypto'];
// add basic settings
@@ -136,6 +145,20 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
$conf .= "resolv-retry infinite\n";
$conf .= "remote {$server_host} {$server_port}\n";
+ if (!empty($proxy)) {
+ if ($proto == "udp") {
+ $input_errors[] = "This server uses UDP protocol and cannot communicate with HTTP proxy.";
+ return;
+ }
+ $conf .= "http-proxy {$proxy['ip']} {$proxy['port']} ";
+ if ($proxy['proxy_authtype'] != "none") {
+ if (!isset($proxy['passwdfile']))
+ $proxy['passwdfile'] = openvpn_client_export_prefix($srvid) . "-proxy";
+ $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}";
+ }
+ $conf .= "\n";
+ }
+
// add user auth settings
switch($settings['mode']) {
case 'server_user':
@@ -169,7 +192,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
return $conf;
}
-function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass) {
+function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy) {
global $config, $g;
$ovpndir = "/usr/local/share/openvpn";
@@ -213,9 +236,16 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
// write cofiguration file
$prefix = openvpn_client_export_prefix($srvid);
$cfgfile = "{$confdir}/{$prefix}-config.ovpn";
- $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, false);
+ if (!empty($proxy) && $proxy['proxy_authtype'] != "none") {
+ $proxy['passwdfile'] = "{$prefix}-password";
+ $pwdfle = "{$proxy['user']}\n";
+ $pwdfle .= "{$proxy['password']}\n";
+ file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle);
+ }
+ $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, false, $proxy);
if (!$conf)
return false;
+
file_put_contents($cfgfile, $conf);
// write key files
@@ -263,7 +293,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
return $outfile;
}
-function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass) {
+function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy) {
global $config, $g;
$ovpndir = "/usr/local/share/openvpn/";
@@ -303,7 +333,14 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
// write cofiguration file
$prefix = openvpn_client_export_prefix($srvid);
- $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true);
+ if (!empty($proxy) && $proxy['proxy_authtype'] != "none") {
+ $proxy['passwdfile'] = "config-password";
+ $pwdfle = "{$proxy['user']}\n";
+ $pwdfle .= "{$proxy['password']}\n";
+ file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle);
+ }
+
+ $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true, $proxy);
if (!$conf)
return false;