diff options
author | Ermal Luçi <eri@pfsense.org> | 2010-02-23 00:00:11 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2010-02-23 00:00:11 +0000 |
commit | 214b5a6d453ca8b5d3adb1b69847500be8a70d77 (patch) | |
tree | 43aee8cc4c95fd9be4e57f75c8535c59db749e75 /config/openvpn-client-export/openvpn-client-export.inc | |
parent | 859e862ec3575d6dc0a002e9f8c3d03d2555ccd0 (diff) | |
download | pfsense-packages-214b5a6d453ca8b5d3adb1b69847500be8a70d77.tar.gz pfsense-packages-214b5a6d453ca8b5d3adb1b69847500be8a70d77.tar.bz2 pfsense-packages-214b5a6d453ca8b5d3adb1b69847500be8a70d77.zip |
* Teach exporeter about http-proxy directive
* Support http-proxy authentication
* Fix some javascript/style handling
* Implement propper error messages for configuration exported. It needs to be added for installer and viscosity.
Diffstat (limited to 'config/openvpn-client-export/openvpn-client-export.inc')
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 59 |
1 files changed, 48 insertions, 11 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index b96732ce..e500d9dc 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -66,7 +66,7 @@ function openvpn_client_export_prefix($srvid) { return false; $host = $config['system']['hostname']; - $prot = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-{$mode}"); + $prot = ($settings['protocol'] == 'UDP' ? 'udp' : $settings['protocol']); $port = $settings['local_port']; return "{$host}-{$prot}-{$port}"; @@ -85,26 +85,34 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap unlink($capath); } -function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false) { - global $config; +function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy) { + global $config, $input_errors; // lookup server settings $settings = $config['openvpn']['openvpn-server'][$srvid]; - if (empty($settings)) + if (empty($settings)) { + $input_errors[] = "Could not locate server configuration."; return false; - if ($settings['disable']) + } + if ($settings['disable']) { + $input_errors[] = "You cannot export for disabled servers."; return false; + } // lookup server certificate info $server_cert =& lookup_cert($settings['certref']); $server_ca =& lookup_ca($server_cert['caref']); - if (!$server_cert || !$server_ca) + if (!$server_cert || !$server_ca) { + $input_errors[] = "Could not locate certificate."; return false; + } // lookup user info $user =& $config['system']['user'][$usrid]; - if (!$user) + if (!$user) { + $input_errors[] = "Could not find user settings."; return false; + } // determine basic variables if ($useaddr == "serveraddr") { @@ -123,6 +131,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $server_port = $settings['local_port']; $proto = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-client"); + $cipher = $settings['crypto']; // add basic settings @@ -136,6 +145,20 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "resolv-retry infinite\n"; $conf .= "remote {$server_host} {$server_port}\n"; + if (!empty($proxy)) { + if ($proto == "udp") { + $input_errors[] = "This server uses UDP protocol and cannot communicate with HTTP proxy."; + return; + } + $conf .= "http-proxy {$proxy['ip']} {$proxy['port']} "; + if ($proxy['proxy_authtype'] != "none") { + if (!isset($proxy['passwdfile'])) + $proxy['passwdfile'] = openvpn_client_export_prefix($srvid) . "-proxy"; + $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}"; + } + $conf .= "\n"; + } + // add user auth settings switch($settings['mode']) { case 'server_user': @@ -169,7 +192,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke return $conf; } -function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass) { +function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy) { global $config, $g; $ovpndir = "/usr/local/share/openvpn"; @@ -213,9 +236,16 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset // write cofiguration file $prefix = openvpn_client_export_prefix($srvid); $cfgfile = "{$confdir}/{$prefix}-config.ovpn"; - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, false); + if (!empty($proxy) && $proxy['proxy_authtype'] != "none") { + $proxy['passwdfile'] = "{$prefix}-password"; + $pwdfle = "{$proxy['user']}\n"; + $pwdfle .= "{$proxy['password']}\n"; + file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle); + } + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, false, $proxy); if (!$conf) return false; + file_put_contents($cfgfile, $conf); // write key files @@ -263,7 +293,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset return $outfile; } -function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass) { +function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy) { global $config, $g; $ovpndir = "/usr/local/share/openvpn/"; @@ -303,7 +333,14 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead // write cofiguration file $prefix = openvpn_client_export_prefix($srvid); - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true); + if (!empty($proxy) && $proxy['proxy_authtype'] != "none") { + $proxy['passwdfile'] = "config-password"; + $pwdfle = "{$proxy['user']}\n"; + $pwdfle .= "{$proxy['password']}\n"; + file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle); + } + + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true, $proxy); if (!$conf) return false; |