aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorRenato Botelho <renato@netgate.com>2015-08-04 16:52:29 -0300
committerRenato Botelho <renato@netgate.com>2015-08-04 16:52:29 -0300
commit37e90498c6c3fb56bfd28d50b8b85b12fc6fb4fb (patch)
treedfaf10b634a30f0de59a33a2b0387b97ff09752e /config
parentfa0fd469f9f48c62a5dbe1ed87beeedf1d587bae (diff)
parentc2af5ffd78a38f7a391c0c9a535d4ea2c97501eb (diff)
downloadpfsense-packages-37e90498c6c3fb56bfd28d50b8b85b12fc6fb4fb.tar.gz
pfsense-packages-37e90498c6c3fb56bfd28d50b8b85b12fc6fb4fb.tar.bz2
pfsense-packages-37e90498c6c3fb56bfd28d50b8b85b12fc6fb4fb.zip
Merge pull request #919 from doktornotor/patch-7
Diffstat (limited to 'config')
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc233
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.xml53
-rw-r--r--config/openvpn-client-export/openvpnexport.inc27
-rwxr-xr-xconfig/openvpn-client-export/vpn_openvpn_export.php34
-rw-r--r--config/openvpn-client-export/vpn_openvpn_export_shared.php54
5 files changed, 265 insertions, 136 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 9488119e..979c5f1b 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -1,6 +1,7 @@
<?php
/*
openvpn-client-export.inc
+ part of pfSense (http://www.pfSense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com>
Copyright (C) 2008 Shrew Soft Inc
Copyright (C) 2010 Ermal Luci
@@ -39,7 +40,7 @@ require_once("util.inc");
require_once("pfsense-utils.inc");
global $current_openvpn_version, $current_openvpn_version_rev;
-$current_openvpn_version = "2.3.6";
+$current_openvpn_version = "2.3.6";
$current_openvpn_version_rev = "03";
function openvpn_client_export_install() {
@@ -52,9 +53,9 @@ function openvpn_client_export_install() {
$ovpndir = "/usr/local/share/openvpn";
$workdir = "{$ovpndir}/client-export";
- if (!is_dir($workdir))
+ if (!is_dir($workdir)) {
mkdir($workdir, 0777, true);
-
+ }
exec("/usr/bin/tar zxf {$tarpath} -C {$ovpndir}");
conf_mount_ro();
}
@@ -80,21 +81,22 @@ function openvpn_client_export_prefix($srvid, $usrid = null, $crtid = null) {
// lookup server settings
$settings = $config['openvpn']['openvpn-server'][$srvid];
- if (empty($settings))
+ if (empty($settings)) {
return false;
- if ($settings['disable'])
+ }
+ if ($settings['disable']) {
return false;
-
+ }
$host = empty($config['system']['hostname']) ? "openvpn" : $config['system']['hostname'];
$prot = ($settings['protocol'] == 'UDP' ? 'udp' : $settings['protocol']);
$port = $settings['local_port'];
$filename_addition = "";
- if ($usrid && is_numeric($usrid))
+ if ($usrid && is_numeric($usrid)) {
$filename_addition = "-".$config['system']['user'][$usrid]['name'];
- elseif ($crtid && is_numeric($crtid) && function_exists("cert_get_cn"))
+ } elseif ($crtid && is_numeric($crtid) && function_exists("cert_get_cn")) {
$filename_addition = "-" . str_replace(' ', '_', cert_get_cn($config['cert'][$crtid]['crt']));
-
+ }
return "{$host}-{$prot}-{$port}{$filename_addition}";
}
@@ -106,13 +108,15 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap
if ($capath) {
$ecapath = escapeshellarg($capath);
exec("/usr/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -certfile {$ecapath} -out {$eoutpath} -passout pass:{$eoutpass}");
- } else
+ } else {
exec("/usr/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -out {$eoutpath} -passout pass:{$eoutpass}");
+ }
unlink($crtpath);
unlink($keypath);
- if ($capath)
+ if ($capath) {
unlink($capath);
+ }
}
function openvpn_client_export_validate_config($srvid, $usrid, $crtid) {
@@ -131,8 +135,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) {
// lookup server certificate info
$server_cert = lookup_cert($settings['certref']);
- if (!$server_cert)
- {
+ if (!$server_cert) {
$input_errors[] = "Could not locate server certificate.";
} else {
$server_ca = lookup_ca($server_cert['caref']);
@@ -159,24 +162,26 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) {
} else {
$cert = $config['cert'][$crtid];
}
- if (!$cert)
- {
+ if (!$cert) {
$input_errors[] = "Could not find client certificate.";
} else {
// If $cert is not an array, it's a certref not a cert.
- if (!is_array($cert))
+ if (!is_array($cert)) {
$cert = lookup_cert($cert);
+ }
}
} elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) {
$cert = $config['cert'][$crtid];
- if (!$cert)
+ if (!$cert) {
$input_errors[] = "Could not find client certificate.";
- } else
+ }
+ } else {
$nokeys = true;
+ }
- if ($input_errors)
+ if ($input_errors) {
return false;
-
+ }
return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys);
}
@@ -202,9 +207,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
// add basic settings
$devmode = empty($settings['dev_mode']) ? "tun" : $settings['dev_mode'];
- if (($expformat != "inlinedroid") && ($expformat != "inlineios"))
+ if (($expformat != "inlinedroid") && ($expformat != "inlineios")) {
$conf .= "dev {$devmode}{$nl}";
- if(!empty($settings['tunnel_networkv6']) && ($expformat != "inlinedroid") && ($expformat != "inlineios")) {
+ }
+ if (!empty($settings['tunnel_networkv6']) && ($expformat != "inlinedroid") && ($expformat != "inlineios")) {
$conf .= "tun-ipv6{$nl}";
}
$conf .= "persist-tun{$nl}";
@@ -216,14 +222,16 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
$conf .= "auth {$digest}{$nl}";
$conf .= "tls-client{$nl}";
$conf .= "client{$nl}";
- if (($expformat != "inlinedroid") && ($expformat != "inlineios"))
+ if (($expformat != "inlinedroid") && ($expformat != "inlineios")) {
$conf .= "resolv-retry infinite{$nl}";
+ }
$conf .= "$remotes{$nl}";
/* Use a random local port, otherwise two clients will conflict if they run at the same time.
May not be supported on older clients (Released before May 2010) */
- if (($randomlocalport != 0) && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom"))
+ if (($randomlocalport != 0) && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom")) {
$conf .= "lport 0{$nl}";
+ }
/* This line can cause problems with auth-only setups and also with Yealink/Snom phones
since they are stuck on an older OpenVPN version that does not support this feature. */
@@ -246,19 +254,20 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
if (!empty($proxy)) {
if ($proxy['proxy_type'] == "http") {
-
if (strtoupper(substr($settings['protocol'], 0, 3)) == "UDP") {
$input_errors[] = "This server uses UDP protocol and cannot communicate with HTTP proxy.";
return;
}
$conf .= "http-proxy {$proxy['ip']} {$proxy['port']} ";
}
- if ($proxy['proxy_type'] == "socks")
+ if ($proxy['proxy_type'] == "socks") {
$conf .= "socks-proxy {$proxy['ip']} {$proxy['port']} ";
+ }
if ($proxy['proxy_authtype'] != "none") {
- if (!isset($proxy['passwdfile']))
+ if (!isset($proxy['passwdfile'])) {
$proxy['passwdfile'] = openvpn_client_export_prefix($srvid, $usrid, $crtid) . "-proxy";
- $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}";
+ $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}";
+ }
}
$conf .= "{$nl}";
}
@@ -274,7 +283,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
// add key settings
$prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid);
$cafile = "{$prefix}-ca.crt";
- if($nokeys == false) {
+ if ($nokeys == false) {
if ($expformat == "yealink_t28") {
$conf .= "ca /yealink/config/openvpn/keys/ca.crt{$nl}";
$conf .= "cert /yealink/config/openvpn/keys/client1.crt{$nl}";
@@ -297,22 +306,24 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
} elseif (substr($expformat, 0, 6) != "inline") {
$conf .= "pkcs12 {$prefix}.p12{$nl}";
}
- } else if ($settings['mode'] == "server_user") {
- if (substr($expformat, 0, 6) != "inline")
+ } elseif ($settings['mode'] == "server_user") {
+ if (substr($expformat, 0, 6) != "inline") {
$conf .= "ca {$cafile}{$nl}";
+ }
}
if ($settings['tls'] && !$skiptls) {
- if ($expformat == "yealink_t28")
+ if ($expformat == "yealink_t28") {
$conf .= "tls-auth /yealink/config/openvpn/keys/ta.key 1{$nl}";
- elseif ($expformat == "yealink_t38g")
+ } elseif ($expformat == "yealink_t38g") {
$conf .= "tls-auth /phone/config/openvpn/keys/ta.key 1{$nl}";
- elseif ($expformat == "yealink_t38g2")
+ } elseif ($expformat == "yealink_t38g2") {
$conf .= "tls-auth /config/openvpn/keys/ta.key 1{$nl}";
- elseif ($expformat == "snom")
+ } elseif ($expformat == "snom") {
$conf .= "tls-auth /openvpn/ta.key 1{$nl}";
- elseif (substr($expformat, 0, 6) != "inline")
+ } elseif (substr($expformat, 0, 6) != "inline") {
$conf .= "tls-auth {$prefix}-tls.key 1{$nl}";
+ }
}
// Prevent MITM attacks by verifying the server certificate.
@@ -323,24 +334,26 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
if (function_exists("cert_get_purpose")) {
if (is_array($server_cert) && ($server_cert['crt'])) {
$purpose = cert_get_purpose($server_cert['crt'], true);
- if ($purpose['server'] == 'Yes')
+ if ($purpose['server'] == 'Yes') {
$conf .= "ns-cert-type server{$nl}";
+ }
}
}
// add optional settings
if (!empty($settings['compression'])) {
- if ($pfs_version > 2.1)
+ if ($pfs_version > 2.1) {
$conf .= "comp-lzo {$settings['compression']}{$nl}";
- else
+ } else {
$conf .= "comp-lzo{$nl}";
+ }
}
- if ($settings['passtos'])
+ if ($settings['passtos']) {
$conf .= "passtos{$nl}";
+ }
- if ($openvpnmanager)
- {
+ if ($openvpnmanager) {
if (!empty($settings['client_mgmt_port'])) {
$client_mgmt_port = $settings['client_mgmt_port'];
} else {
@@ -393,10 +406,11 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
// convert to pkcs12 format
$p12file = "{$tempdir}/{$prefix}.p12";
- if ($usetoken)
+ if ($usetoken) {
openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile);
- else
+ } else {
openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile);
+ }
}
$command = "cd " . escapeshellarg("{$tempdir}/..")
. " && /usr/local/bin/zip -r "
@@ -432,7 +446,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
case "yealink_t38g2":
// create template directory
$tempdir = "{$g['tmp_path']}/{$prefix}";
- $keydir = "{$tempdir}/keys";
+ $keydir = "{$tempdir}/keys";
mkdir($tempdir, 0700, true);
mkdir($keydir, 0700, true);
@@ -511,8 +525,9 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri
$ovpndir = "/usr/local/share/openvpn";
$workdir = "{$ovpndir}/client-export";
- if (!file_exists($workdir . "/template/{$client_install_exe}"))
+ if (!file_exists($workdir . "/template/{$client_install_exe}")) {
openvpn_client_export_install();
+ }
$validconfig = openvpn_client_export_validate_config($srvid, $usrid, $crtid);
if ($validconfig) {
@@ -527,15 +542,17 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri
// create config directory
$confdir = "{$tempdir}/config";
- if (!is_dir($conf_dir))
+ if (!is_dir($conf_dir)) {
mkdir($confdir, 0700, true);
+ }
// copy the template directory
exec("cp -r {$workdir}/template/* {$tempdir}");
// and put the required installer exe in place
exec("/bin/cp {$tempdir}/{$client_install_exe} {$tempdir}/openvpn-install.exe");
- if (stristr($openvpn_version, "x64"))
+ if (stristr($openvpn_version, "x64")) {
rename("{$tempdir}/openvpn-postinstall64.exe", "{$tempdir}/openvpn-postinstall.exe");
+ }
// write configuration file
$prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid);
@@ -546,7 +563,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri
$pwdfle .= "{$proxy['password']}\r\n";
file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle);
}
- $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $openvpnmanager, $advancedoptions);
+ $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $openvpnmanager, $advancedoptions);
if (!$conf) {
$input_errors[] = "Could not create a config to export.";
return false;
@@ -569,37 +586,40 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri
file_put_contents($keyfile, base64_decode($cert['prv']));
// convert to pkcs12 format
$p12file = "{$tempdir}/config/{$prefix}.p12";
- if ($usetoken)
+ if ($usetoken) {
openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile);
- else
+ } else {
openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile);
+ }
}
// 7zip the configuration data
chdir($tempdir);
- $files = "config ";
- if ($openvpnmanager)
+ $files = "config ";
+ if ($openvpnmanager) {
$files .= "openvpnmanager ";
+ }
$files .= "openvpn-install.exe ";
$files .= "openvpn-postinstall.exe ";
- if ($usetoken)
+ if ($usetoken) {
$procchain = ';!@Install@!UTF-8!
RunProgram="openvpn-postinstall.exe /Import"
;!@InstallEnd@!'
;
- else
+ } else {
$procchain = ';!@Install@!UTF-8!
RunProgram="openvpn-postinstall.exe"
;!@InstallEnd@!'
;
+ }
file_put_contents("{$tempdir}/7zipConfig",$procchain);
- if(file_exists("/usr/pbi/p7zip-{$uname_p}/bin/7z"))
+ if (file_exists("/usr/pbi/p7zip-{$uname_p}/bin/7z")) {
exec("/usr/pbi/p7zip-{$uname_p}/bin/7z -y a archive.7z {$files}");
- else
+ } else {
exec("/usr/local/libexec/p7zip/7z -y a archive.7z {$files}");
-
+ }
// create the final installer
$outfile = "{$tempdir}-install.exe";
chdir($g['tmp_path']);
@@ -616,8 +636,9 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
$uname_p = trim(exec("uname -p"));
$ovpndir = "/usr/local/share/openvpn/";
- if (!file_exists($workdir . "/template/openvpn-install.exe"))
+ if (!file_exists($workdir . "/template/openvpn-install.exe")) {
openvpn_client_export_install();
+ }
$uniq = uniqid();
$tempdir = $g['tmp_path'] . "/openvpn-export-" . $uniq;
@@ -653,8 +674,9 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
// We need to nuke the ca line from the above config if it exists.
$conf = explode("\n", $conf);
for ($i=0; $i < count($conf); $i++) {
- if ((substr($conf[$i], 0, 3) == "ca ") || (substr($conf[$i], 0, 7) == "pkcs12 "))
+ if ((substr($conf[$i], 0, 3) == "ca ") || (substr($conf[$i], 0, 7) == "pkcs12 ")) {
unset($conf[$i]);
+ }
}
$conf = implode("\n", $conf);
@@ -716,11 +738,11 @@ EOF;
}
// Zip Viscosity file
- if(file_exists("/usr/pbi/zip-{$uname_p}/bin/zip"))
+ if (file_exists("/usr/pbi/zip-{$uname_p}/bin/zip")) {
exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r {$zipfile} Viscosity.visc");
- else
+ } else {
exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$zipfile} Viscosity.visc");
-
+ }
// Remove temporary directory
exec("rm -rf {$tempdir}");
@@ -748,30 +770,34 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
if (!empty($settings['ipaddr']) && is_ipaddr($settings['ipaddr'])) {
$server_host = $settings['ipaddr'];
} else {
- if (!$interface)
+ if (!$interface) {
$interface = "wan";
- if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6")))
+ }
+ if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) {
$server_host = get_interface_ipv6($interface);
- else
+ } else {
$server_host = get_interface_ip($interface);
+ }
}
- } else if ($useaddr == "serverhostname" || empty($useaddr)) {
+ } elseif ($useaddr == "serverhostname" || empty($useaddr)) {
$server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}.";
$server_host .= "{$config['system']['domain']}";
- } else
+ } else {
$server_host = $useaddr;
+ }
$server_port = $settings['local_port'];
$proto = strtolower($settings['protocol']);
- if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp")
+ if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") {
$proto .= "-client";
+ }
$cipher = $settings['crypto'];
$digest = !empty($settings['digest']) ? $settings['digest'] : "SHA1";
// add basic settings
- $conf = "dev tun\n";
+ $conf = "dev tun\n";
if(! empty($settings['tunnel_networkv6'])) {
$conf .= "tun-ipv6\n";
}
@@ -807,14 +833,16 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
}
$conf .= "http-proxy {$proxy['ip']} {$proxy['port']} ";
}
- if ($proxy['proxy_type'] == "socks")
+ if ($proxy['proxy_type'] == "socks") {
$conf .= "socks-proxy {$proxy['ip']} {$proxy['port']} ";
+ }
if ($proxy['proxy_authtype'] != "none") {
- if (!isset($proxy['passwdfile']))
+ if (!isset($proxy['passwdfile'])) {
$proxy['passwdfile'] = openvpn_client_export_prefix($srvid) . "-proxy";
- $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}";
+ $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}";
+ }
+ $conf .= "\n";
}
- $conf .= "\n";
}
// add key settings
@@ -846,8 +874,9 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
// Remove temporary directory
exec("rm -rf {$tempdir}");
return "{$prefix}-config.zip";
- } else
+ } else {
return $conf;
+ }
}
function openvpn_client_export_build_remote_lines($settings, $useaddr, $interface, $expformat, $nl) {
@@ -858,25 +887,30 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac
if (!empty($settings['ipaddr']) && is_ipaddr($settings['ipaddr'])) {
$server_host = $settings['ipaddr'];
} else {
- if (!$interface || ($interface == "any"))
+ if (!$interface || ($interface == "any")) {
$interface = "wan";
- if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6")))
+ }
+ if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) {
$server_host = get_interface_ipv6($interface);
- else
+ } else {
$server_host = get_interface_ip($interface);
+ }
}
} else if ($useaddr == "serverhostname" || empty($useaddr)) {
$server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}.";
$server_host .= "{$config['system']['domain']}";
- } else
+ } else {
$server_host = $useaddr;
+ }
$proto = strtolower($settings['protocol']);
- if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp")
+ if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") {
$proto .= "-client";
+ }
- if (($expformat == "inlineios") && ($proto == "tcp-client"))
+ if (($expformat == "inlineios") && ($proto == "tcp-client")) {
$proto = "tcp";
+ }
if (($useaddr == "servermagic") || ($useaddr == "servermagichost")) {
$destinations = openvpn_client_export_find_port_forwards($server_host, $settings['local_port'], $proto, true, ($useaddr == "servermagichost"));
@@ -892,19 +926,18 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac
function openvpn_client_export_find_port_forwards($targetip, $targetport, $targetproto, $skipprivate, $findhostname=false) {
global $config, $FilterIflist;
- if (empty($FilterIflist))
+ if (empty($FilterIflist)) {
filter_generate_optcfg_array();
+ }
$destinations = array();
- if (!is_array($config['nat']) || !is_array($config['nat']['rule']))
+ if (!is_array($config['nat']) || !is_array($config['nat']['rule'])) {
return $destinations;
+ }
foreach ($config['nat']['rule'] as $natent) {
$dest = array();
- if (!isset($natent['disabled'])
- && ($natent['target'] == $targetip)
- && ($natent['local-port'] == $targetport)
- && ($natent['protocol'] == $targetproto)) {
+ if (!isset($natent['disabled']) && ($natent['target'] == $targetip) && ($natent['local-port'] == $targetport) && ($natent['protocol'] == $targetproto)) {
$dest['proto'] = $natent['protocol'];
// Could be multiple ports... But we can only use one.
@@ -914,32 +947,36 @@ function openvpn_client_export_find_port_forwards($targetip, $targetport, $targe
// Could be network or address ...
$natif = (!$natent['interface']) ? "wan" : $natent['interface'];
- if (!isset($FilterIflist[$natif]))
+ if (!isset($FilterIflist[$natif])) {
continue; // Skip if there is no interface
+ }
$dstaddr = trim(filter_generate_address($natent, 'destination', true));
- if(!$dstaddr)
+ if(!$dstaddr) {
$dstaddr = $FilterIflist[$natif]['ip'];
+ }
$dstaddr_port = explode(" ", $dstaddr);
- if(empty($dstaddr_port[0]) || strtolower(trim($dstaddr_port[0])) == "port")
+ if (empty($dstaddr_port[0]) || strtolower(trim($dstaddr_port[0])) == "port") {
continue; // Skip port forward if no destination address found
+ }
-
- if (!is_ipaddr($dstaddr_port[0]))
+ if (!is_ipaddr($dstaddr_port[0])) {
continue; // We can only work with single IPs, not subnets!
+ }
-
- if ($skipprivate && is_private_ip($dstaddr_port[0]))
+ if ($skipprivate && is_private_ip($dstaddr_port[0])) {
continue; // Skipping a private IP destination!
+ }
$dest['host'] = $dstaddr_port[0];
if ($findhostname) {
$hostname = openvpn_client_export_find_hostname($natif);
- if (!empty($hostname))
+ if (!empty($hostname)) {
$dest['host'] = $hostname;
+ }
}
$destinations[] = $dest;
@@ -954,14 +991,16 @@ function openvpn_client_export_find_hostname($interface) {
$hostname = "";
if (is_array($config['dyndnses']['dyndns'])) {
foreach ($config['dyndnses']['dyndns'] as $ddns) {
- if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host']))
+ if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host'])) {
return $ddns['host'];
+ }
}
}
if (is_array($config['dnsupdates']['dnsupdate'])) {
foreach ($config['dnsupdates']['dnsupdate'] as $ddns) {
- if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host']))
+ if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host'])) {
return $ddns['host'];
+ }
}
}
diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml
index 47ad4744..a9630730 100755
--- a/config/openvpn-client-export/openvpn-client-export.xml
+++ b/config/openvpn-client-export/openvpn-client-export.xml
@@ -1,12 +1,52 @@
<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ====================================================================================== */
+/*
+ openvpn-client-export.xml
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2011-2015 Jim Pingle
+ Copyright (C) 2009-2010 Ermal Luçi
+ Copyright (C) 2009 Scott Ullrich
+ Copyright (C) 2008 Bill Marquette
+ All rights reserved.
+*/
+/* ====================================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ====================================================================================== */
+ ]]>
+ </copyright>
<name>OpenVPN Client Export</name>
- <version>1.2.16</version>
+ <version>1.2.17</version>
<title>OpenVPN Client Export</title>
<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
- <backup_file></backup_file>
- <aftersaveredirect></aftersaveredirect>
- <configpath></configpath>
<tabs>
<tab>
<name>Client Export</name>
@@ -21,28 +61,23 @@
</tabs>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
- <chmod>077</chmod>
<item>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
- <chmod>077</chmod>
<item>https://files.pfsense.org/packages/openvpn-client-export/openvpn-client-export-2.3.6.tgz</item>
<do_not_add_to_port/>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
- <chmod>077</chmod>
<item>https://packages.pfsense.org/packages/config/openvpn-client-export/vpn_openvpn_export.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
- <chmod>077</chmod>
<item>https://packages.pfsense.org/packages/config/openvpn-client-export/vpn_openvpn_export_shared.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/etc/inc/priv/</prefix>
- <chmod>077</chmod>
<item>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpnexport.inc</item>
</additional_files_needed>
<custom_php_install_command>
diff --git a/config/openvpn-client-export/openvpnexport.inc b/config/openvpn-client-export/openvpnexport.inc
index 93046364..95c391a0 100644
--- a/config/openvpn-client-export/openvpnexport.inc
+++ b/config/openvpn-client-export/openvpnexport.inc
@@ -1,4 +1,31 @@
<?php
+/*
+ openvpnexport.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2011 Marcello Coutinho
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
global $priv_list;
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index 8703d2da..a445e986 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -1,9 +1,11 @@
<?php
/*
vpn_openvpn_export.php
-
+ part of pfSense (http://www.pfSense.org/)
Copyright (C) 2008 Shrew Soft Inc.
Copyright (C) 2010 Ermal Luçi
+ Copyright (C) 2011-2015 Jim Pingle
+ Copyright (C) 2011-2015 ESF, LLC
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -138,8 +140,9 @@ if (!empty($act)) {
$useaddr = trim($_GET['useaddr']);
if (!(is_ipaddr($useaddr) || is_hostname($useaddr) ||
- in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname"))))
+ in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname")))) {
$input_errors[] = "You need to specify an IP or hostname.";
+ }
$advancedoptions = $_GET['advancedoptions'];
$openvpnmanager = $_GET['openvpnmanager'];
@@ -147,36 +150,43 @@ if (!empty($act)) {
$verifyservercn = $_GET['verifyservercn'];
$randomlocalport = $_GET['randomlocalport'];
$usetoken = $_GET['usetoken'];
- if ($usetoken && (substr($act, 0, 10) == "confinline"))
+ if ($usetoken && (substr($act, 0, 10) == "confinline")) {
$input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration.";
- if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_yealink_t38g2") || ($act == "conf_snom")))
+ }
+ if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_yealink_t38g2") || ($act == "conf_snom"))) {
$input_errors[] = "You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration.";
+ }
$password = "";
- if ($_GET['password'])
+ if ($_GET['password']) {
$password = $_GET['password'];
+ }
$proxy = "";
if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) {
$proxy = array();
if (empty($_GET['proxy_addr'])) {
$input_errors[] = "You need to specify an address for the proxy port.";
- } else
+ } else {
$proxy['ip'] = $_GET['proxy_addr'];
+ }
if (empty($_GET['proxy_port'])) {
$input_errors[] = "You need to specify a port for the proxy ip.";
- } else
+ } else {
$proxy['port'] = $_GET['proxy_port'];
+ }
$proxy['proxy_type'] = $_GET['proxy_type'];
$proxy['proxy_authtype'] = $_GET['proxy_authtype'];
if ($_GET['proxy_authtype'] != "none") {
if (empty($_GET['proxy_user'])) {
$input_errors[] = "You need to specify a username with the proxy config.";
- } else
+ } else {
$proxy['user'] = $_GET['proxy_user'];
+ }
if (!empty($_GET['proxy_user']) && empty($_GET['proxy_password'])) {
$input_errors[] = "You need to specify a password with the proxy user.";
- } else
+ } else {
$proxy['password'] = $_GET['proxy_password'];
+ }
}
}
@@ -572,10 +582,12 @@ function useproxy_changed(obj) {
//]]>
</script>
<?php
- if ($input_errors)
+ if ($input_errors) {
print_input_errors($input_errors);
- if ($savemsg)
+ }
+ if ($savemsg) {
print_info_box($savemsg);
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="openvpn export">
<tr>
diff --git a/config/openvpn-client-export/vpn_openvpn_export_shared.php b/config/openvpn-client-export/vpn_openvpn_export_shared.php
index 26efc1ed..630bb253 100644
--- a/config/openvpn-client-export/vpn_openvpn_export_shared.php
+++ b/config/openvpn-client-export/vpn_openvpn_export_shared.php
@@ -1,9 +1,10 @@
<?php
/*
vpn_openvpn_export_shared.php
-
+ part of pfSense (http://www.pfSense.org)
Copyright (C) 2008 Shrew Soft Inc.
Copyright (C) 2010 Ermal Luçi
+ Copyright (C) 2011-2015 ESF, LLC
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -36,26 +37,30 @@ require("openvpn-client-export.inc");
$pgtitle = array("OpenVPN", "Client Export Utility");
-if (!is_array($config['openvpn']['openvpn-server']))
+if (!is_array($config['openvpn']['openvpn-server'])) {
$config['openvpn']['openvpn-server'] = array();
+}
$a_server = $config['openvpn']['openvpn-server'];
$ras_server = array();
foreach($a_server as $sindex => $server) {
- if (isset($server['disable']))
+ if (isset($server['disable'])) {
continue;
+ }
$ras_user = array();
- if ($server['mode'] != "p2p_shared_key")
+ if ($server['mode'] != "p2p_shared_key") {
continue;
-
+ }
$ras_serverent = array();
$prot = $server['protocol'];
$port = $server['local_port'];
- if ($server['description'])
+ if ($server['description']) {
$name = "{$server['description']} {$prot}:{$port}";
- else
+ }
+ else {
$name = "Shared Key Server {$prot}:{$port}";
+ }
$ras_serverent['index'] = $sindex;
$ras_serverent['name'] = $name;
$ras_serverent['mode'] = $server['mode'];
@@ -63,12 +68,14 @@ foreach($a_server as $sindex => $server) {
}
$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id'])) {
$id = $_POST['id'];
+}
$act = $_GET['act'];
-if (isset($_POST['act']))
+if (isset($_POST['act'])) {
$act = $_POST['act'];
+}
$error = false;
@@ -82,8 +89,9 @@ if(($act == "skconf") || ($act == "skzipconf")) {
if (empty($_GET['useaddr'])) {
$error = true;
$input_errors[] = "You need to specify an IP or hostname.";
- } else
+ } else {
$useaddr = $_GET['useaddr'];
+ }
$proxy = "";
if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) {
@@ -91,32 +99,37 @@ if(($act == "skconf") || ($act == "skzipconf")) {
if (empty($_GET['proxy_addr'])) {
$error = true;
$input_errors[] = "You need to specify an address for the proxy port.";
- } else
+ } else {
$proxy['ip'] = $_GET['proxy_addr'];
+ }
if (empty($_GET['proxy_port'])) {
$error = true;
$input_errors[] = "You need to specify a port for the proxy ip.";
- } else
+ } else {
$proxy['port'] = $_GET['proxy_port'];
+ }
$proxy['proxy_type'] = $_GET['proxy_type'];
$proxy['proxy_authtype'] = $_GET['proxy_authtype'];
if ($_GET['proxy_authtype'] != "none") {
if (empty($_GET['proxy_user'])) {
$error = true;
$input_errors[] = "You need to specify a username with the proxy config.";
- } else
+ } else {
$proxy['user'] = $_GET['proxy_user'];
+ }
if (!empty($_GET['proxy_user']) && empty($_GET['proxy_password'])) {
$error = true;
$input_errors[] = "You need to specify a password with the proxy user.";
- } else
+ } else {
$proxy['password'] = $_GET['proxy_password'];
+ }
}
}
$exp_name = openvpn_client_export_prefix($srvid);
- if ($act == "skzipconf")
+ if ($act == "skzipconf") {
$zipconf = true;
+ }
$exp_data = openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipconf);
if (!$exp_data) {
$input_errors[] = "Failed to export config files!";
@@ -136,10 +149,11 @@ if(($act == "skconf") || ($act == "skzipconf")) {
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename={$exp_name}");
header("Content-Length: $exp_size");
- if ($zipconf)
+ if ($zipconf) {
readfile("{$g['tmp_path']}/{$exp_data}");
- else
+ } else {
echo $exp_data;
+ }
@unlink("{$g['tmp_path']}/{$exp_data}");
exit;
@@ -276,10 +290,12 @@ function useproxy_changed(obj) {
//]]>
</script>
<?php
- if ($input_errors)
+ if ($input_errors) {
print_input_errors($input_errors);
- if ($savemsg)
+ }
+ if ($savemsg) {
print_info_box($savemsg);
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="openvpn export shared">
<tr>