aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2010-03-30 21:34:49 +0000
committerErmal <eri@pfsense.org>2010-03-30 21:34:49 +0000
commit8e97b1d4fff0b09864e53f18ed6da606f0aca148 (patch)
treee5e2dff1173d99507aa3c20f5c6b8d0d0652c55a /config
parente54cf5a0b18acb44fd85e5905147de3d50c6e36b (diff)
downloadpfsense-packages-8e97b1d4fff0b09864e53f18ed6da606f0aca148.tar.gz
pfsense-packages-8e97b1d4fff0b09864e53f18ed6da606f0aca148.tar.bz2
pfsense-packages-8e97b1d4fff0b09864e53f18ed6da606f0aca148.zip
Add option to export the openvpn configuration and its certs with a .zip file.
Diffstat (limited to 'config')
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc53
-rwxr-xr-xconfig/openvpn-client-export/vpn_openvpn_export.php36
2 files changed, 70 insertions, 19 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index aabb32eb..ddc97025 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -90,8 +90,8 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap
unlink($capath);
}
-function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy) {
- global $config, $input_errors;
+function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy, $zipconf = false, $outpass = "") {
+ global $config, $input_errors, $g;
// lookup server settings
$settings = $config['openvpn']['openvpn-server'][$srvid];
@@ -195,7 +195,41 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
if ($settings['passtos'])
$conf .= "passtos\n";
- return $conf;
+ if ($zipconf == true) {
+ // create template directory
+ $tempdir = "{$g['tmp_path']}/{$prefix}";
+ mkdir($tempdir, 0700, true);
+
+ file_put_contents("{$tempdir}/{$prefix}-ovpn.conf", $conf);
+
+ file_put_contents("{$tempdir}/{$prefix}-ca.crt", base64_decode($server_ca['crt']));
+ if ($settings['tls']) {
+ $tlsfile = "{$tempdir}/{$prefix}-tls.key";
+ file_put_contents($tlsfile, base64_decode($settings['tls']));
+ }
+
+ // write key files
+ if ($settings['mode'] != "server_user") {
+ $crtfile = "{$tempdir}/{$prefix}-cert.crt";
+ file_put_contents($crtfile, base64_decode($cert['crt']));
+ $keyfile = "{$tempdir}/{$prefix}.key";
+ file_put_contents($keyfile, base64_decode($cert['prv']));
+
+ // convert to pkcs12 format
+ $p12file = "{$tempdir}/{$prefix}.p12";
+ if ($usetoken)
+ openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile);
+ else
+ openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile);
+
+ exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
+
+ // Remove temporary directory
+ exec("rm -rf {$tempdir}");
+ return "{$prefix}-config.zip";
+ }
+ } else
+ return $conf;
}
function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy) {
@@ -284,13 +318,12 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
file_put_contents($crtfile, base64_decode($cert['crt']));
$keyfile = "{$tempdir}/config/{$prefix}-{$user['name']}.key";
file_put_contents($keyfile, base64_decode($cert['prv']));
-
- // convert to pkcs12 format
- $p12file = "{$tempdir}/config/{$prefix}.p12";
- if ($usetoken)
- openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile);
- else
- openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile);
+ // convert to pkcs12 format
+ $p12file = "{$tempdir}/{$prefix}.p12";
+ if ($usetoken)
+ openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile);
+ else
+ openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile);
}
// 7zip the configuration data
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index 05d108a6..861dda89 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -90,7 +90,7 @@ if (isset($_POST['act']))
$act = $_POST['act'];
$error = false;
-if($act == "conf") {
+if($act == "conf" || $act == "confall") {
$srvid = $_GET['srvid'];
$usrid = $_GET['usrid'];
$crtid = $_GET['crtid'];
@@ -115,6 +115,9 @@ if($act == "conf") {
$useaddr = $_GET['useaddr'];
$usetoken = $_GET['usetoken'];
+ $password = "";
+ if ($_GET['password'])
+ $password = $_GET['password'];
$proxy = "";
if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) {
@@ -145,20 +148,31 @@ if($act == "conf") {
}
$exp_name = openvpn_client_export_prefix($srvid);
- $exp_data = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy);
+ if ($act == "confall")
+ $zipconf = true;
+ $exp_data = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, $zipconf, $password);
if (!$exp_data) {
$input_errors[] = "Failed to export config files!";
$error = true;
}
if (!$error) {
- $exp_name = urlencode($exp_name."-config.ovpn");
- $exp_size = strlen($exp_data);
+ if ($act == "confall") {
+ $exp_name = urlencode($exp_data);
+ $exp_size = filesize("{$g['tmp_path']}/{$exp_data}");
+ } else {
+ $exp_name = urlencode($exp_name."-config.ovpn");
+ $exp_size = strlen($exp_data);
+ }
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename={$exp_name}");
header("Content-Length: $exp_size");
- echo $exp_data;
+ if ($act == "confall")
+ readfile("{$g['tmp_path']}/{$exp_data}");
+ else
+ echo $exp_data;
+ @unlink($exp_data);
exit;
}
}
@@ -184,7 +198,7 @@ if($act == "visc") {
$usetoken = $_GET['usetoken'];
$password = "";
if ($_GET['password'])
- $password = $_GET['password']; ;
+ $password = $_GET['password'];
$proxy = "";
if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) {
@@ -441,7 +455,9 @@ function server_changed() {
cell1.className = "listr";
cell1.innerHTML = users[i][3];
cell2.className = "listr";
- cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ")'>Configuration</a>";
+ cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ")'>Configuration</a>";
+ cell2.innerHTML += "&nbsp;/&nbsp;";
+ cell2.innerHTML += "<a href='javascript:download_begin(\"confall\"," + i + ")'>Configuration archive</a>";
cell2.innerHTML += "&nbsp;/&nbsp;";
cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>Windows Installer</a>";
cell2.innerHTML += "&nbsp;/&nbsp;";
@@ -457,8 +473,10 @@ function server_changed() {
cell1.className = "listr";
cell1.innerHTML = "none";
cell2.className = "listr";
- cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ")'>Configuration</a>";
+ cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ")'>Configuration</a>";
cell2.innerHTML += "&nbsp;/&nbsp;";
+ cell2.innerHTML += "<a href='javascript:download_begin(\"confall\"," + i + ")'>Configuration archive</a>";
+ cell2.innerHTML += "&nbsp;/&nbsp;";
cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>Windows Installer</a>";
cell2.innerHTML += "&nbsp;/&nbsp;";
cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ")'>Viscosity Bundle</a>";
@@ -485,7 +503,7 @@ function usepass_changed() {
function useproxy_changed(obj) {
if ((obj.id == "useproxy" && obj.checked) ||
- $(obj.id).value != 'none') {
+ $(obj.id + 'pass').value != 'none') {
$(obj.id + '_opts').show();
} else {
$(obj.id + '_opts').hide();