diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-05 14:10:29 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-05 14:10:29 -0300 |
commit | 1e929ec11498805a3723312c7e2887e38d5528ca (patch) | |
tree | 425127d69372911c168b9cc3becc656e06be623e /config | |
parent | fb9fa554b76ad373dfa3b42d7c9606df2cb557f4 (diff) | |
parent | 37ec6bd0c653a08bc0a01163ea659badf88045d5 (diff) | |
download | pfsense-packages-1e929ec11498805a3723312c7e2887e38d5528ca.tar.gz pfsense-packages-1e929ec11498805a3723312c7e2887e38d5528ca.tar.bz2 pfsense-packages-1e929ec11498805a3723312c7e2887e38d5528ca.zip |
Merge pull request #935 from phil-davis/openvpn-export
Diffstat (limited to 'config')
3 files changed, 146 insertions, 115 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index a85b4ed3..963a2604 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -90,10 +90,10 @@ function openvpn_client_export_prefix($srvid, $usrid = null, $crtid = null) { $host = empty($config['system']['hostname']) ? "openvpn" : $config['system']['hostname']; $prot = ($settings['protocol'] == 'UDP' ? 'udp' : $settings['protocol']); $port = $settings['local_port']; - + $filename_addition = ""; if ($usrid && is_numeric($usrid)) { - $filename_addition = "-".$config['system']['user'][$usrid]['name']; + $filename_addition = "-" . $config['system']['user'][$usrid]['name']; } elseif ($crtid && is_numeric($crtid) && function_exists("cert_get_cn")) { $filename_addition = "-" . str_replace(' ', '_', cert_get_cn($config['cert'][$crtid]['crt'])); } @@ -185,9 +185,9 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys); } -function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $openvpnmanager, $advancedoptions = "") { +function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls = false, $doslines = false, $openvpnmanager, $advancedoptions = "") { global $config, $input_errors, $g; - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); $nl = ($doslines) ? "\r\n" : "\n"; $conf = ""; @@ -374,7 +374,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys $conf .= "management-forget-disconnect{$nl}"; $conf .= $nl; }; - + // add advanced options $advancedoptions = str_replace("\r\n", "\n", $advancedoptions); $advancedoptions = str_replace("\n", $nl, $advancedoptions); @@ -668,12 +668,13 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead } $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", $outpass, true, true, $openvpnmanager, $advancedoptions); - if (!$conf) + if (!$conf) { return false; + } // We need to nuke the ca line from the above config if it exists. $conf = explode("\n", $conf); - for ($i=0; $i < count($conf); $i++) { + for ($i = 0; $i < count($conf); $i++) { if ((substr($conf[$i], 0, 3) == "ca ") || (substr($conf[$i], 0, 7) == "pkcs12 ")) { unset($conf[$i]); } @@ -866,10 +867,11 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco $shkeyfile = "{$tempdir}/{$shkeyfile}"; file_put_contents("{$shkeyfile}", base64_decode($settings['shared_key'])); - if(file_exists("/usr/pbi/zip-{$uname_p}/bin/zip")) + if (file_exists("/usr/pbi/zip-{$uname_p}/bin/zip")) { exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}"); - else + } else { exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}"); + } // Remove temporary directory exec("rm -rf {$tempdir}"); @@ -952,7 +954,7 @@ function openvpn_client_export_find_port_forwards($targetip, $targetport, $targe } $dstaddr = trim(filter_generate_address($natent, 'destination', true)); - if(!$dstaddr) { + if (!$dstaddr) { $dstaddr = $FilterIflist[$natif]['ip']; } diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 148ca5ec..246e7421 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -40,40 +40,48 @@ global $current_openvpn_version, $current_openvpn_version_rev; $pgtitle = array("OpenVPN", "Client Export Utility"); -if (!is_array($config['openvpn']['openvpn-server'])) +if (!is_array($config['openvpn']['openvpn-server'])) { $config['openvpn']['openvpn-server'] = array(); +} $a_server = $config['openvpn']['openvpn-server']; -if (!is_array($config['system']['user'])) +if (!is_array($config['system']['user'])) { $config['system']['user'] = array(); +} $a_user = $config['system']['user']; -if (!is_array($config['cert'])) +if (!is_array($config['cert'])) { $config['cert'] = array(); +} $a_cert = $config['cert']; $ras_server = array(); -foreach($a_server as $sindex => $server) { - if (isset($server['disable'])) +foreach ($a_server as $sindex => $server) { + if (isset($server['disable'])) { continue; + } $ras_user = array(); $ras_certs = array(); - if (stripos($server['mode'], "server") === false) + if (stripos($server['mode'], "server") === false) { continue; + } if (($server['mode'] == "server_tls_user") && ($server['authmode'] == "Local Database")) { - foreach($a_user as $uindex => $user) { - if (!is_array($user['cert'])) + foreach ($a_user as $uindex => $user) { + if (!is_array($user['cert'])) { continue; - foreach($user['cert'] as $cindex => $cert) { + } + foreach ($user['cert'] as $cindex => $cert) { // If $cert is not an array, it's a certref not a cert. - if (!is_array($cert)) + if (!is_array($cert)) { $cert = lookup_cert($cert); + } - if ($cert['caref'] != $server['caref']) + if ($cert['caref'] != $server['caref']) { continue; + } $ras_userent = array(); $ras_userent['uindex'] = $uindex; $ras_userent['cindex'] = $cindex; @@ -83,9 +91,10 @@ foreach($a_server as $sindex => $server) { } } } elseif (($server['mode'] == "server_tls") || (($server['mode'] == "server_tls_user") && ($server['authmode'] != "Local Database"))) { - foreach($a_cert as $cindex => $cert) { - if (($cert['caref'] != $server['caref']) || ($cert['refid'] == $server['certref'])) + foreach ($a_cert as $cindex => $cert) { + if (($cert['caref'] != $server['caref']) || ($cert['refid'] == $server['certref'])) { continue; + } $ras_cert_entry['cindex'] = $cindex; $ras_cert_entry['certname'] = $cert['descr']; $ras_cert_entry['certref'] = $cert['refid']; @@ -96,10 +105,11 @@ foreach($a_server as $sindex => $server) { $ras_serverent = array(); $prot = $server['protocol']; $port = $server['local_port']; - if ($server['description']) + if ($server['description']) { $name = "{$server['description']} {$prot}:{$port}"; - else + } else { $name = "Server {$prot}:{$port}"; + } $ras_serverent['index'] = $sindex; $ras_serverent['name'] = $name; $ras_serverent['users'] = $ras_user; @@ -109,12 +119,14 @@ foreach($a_server as $sindex => $server) { } $id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id'])) { $id = $_POST['id']; +} $act = $_GET['act']; -if (isset($_POST['act'])) +if (isset($_POST['act'])) { $act = $_POST['act']; +} if (!empty($act)) { @@ -125,19 +137,21 @@ if (!empty($act)) { pfSenseHeader("vpn_openvpn_export.php"); exit; } else if (($config['openvpn']['openvpn-server'][$srvid]['mode'] != "server_user") && - (($usrid === false) || ($crtid === false))) { + (($usrid === false) || ($crtid === false))) { pfSenseHeader("vpn_openvpn_export.php"); exit; } - if ($config['openvpn']['openvpn-server'][$srvid]['mode'] == "server_user") + if ($config['openvpn']['openvpn-server'][$srvid]['mode'] == "server_user") { $nokeys = true; - else + } else { $nokeys = false; + } $useaddr = ''; - if (isset($_GET['useaddr']) && !empty($_GET['useaddr'])) + if (isset($_GET['useaddr']) && !empty($_GET['useaddr'])) { $useaddr = trim($_GET['useaddr']); + } if (!(is_ipaddr($useaddr) || is_hostname($useaddr) || in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname")))) { @@ -192,10 +206,10 @@ if (!empty($act)) { $exp_name = openvpn_client_export_prefix($srvid, $usrid, $crtid); - if(substr($act, 0, 4) == "conf") { + if (substr($act, 0, 4) == "conf") { switch ($act) { case "confzip": - $exp_name = urlencode($exp_name."-config.zip"); + $exp_name = urlencode($exp_name . "-config.zip"); $expformat = "zip"; break; case "conf_yealink_t28": @@ -215,30 +229,30 @@ if (!empty($act)) { $expformat = "snom"; break; case "confinline": - $exp_name = urlencode($exp_name."-config.ovpn"); + $exp_name = urlencode($exp_name . "-config.ovpn"); $expformat = "inline"; break; case "confinlinedroid": - $exp_name = urlencode($exp_name."-android-config.ovpn"); + $exp_name = urlencode($exp_name . "-android-config.ovpn"); $expformat = "inlinedroid"; break; case "confinlineios": - $exp_name = urlencode($exp_name."-ios-config.ovpn"); + $exp_name = urlencode($exp_name . "-ios-config.ovpn"); $expformat = "inlineios"; break; default: - $exp_name = urlencode($exp_name."-config.ovpn"); + $exp_name = urlencode($exp_name . "-config.ovpn"); $expformat = "baseconf"; } $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions); } - if($act == "visc") { - $exp_name = urlencode($exp_name."-Viscosity.visc.zip"); + if ($act == "visc") { + $exp_name = urlencode($exp_name . "-Viscosity.visc.zip"); $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions); } - if(substr($act, 0, 4) == "inst") { + if (substr($act, 0, 4) == "inst") { $exp_name = urlencode($exp_name."-install.exe"); $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5)); } @@ -316,8 +330,9 @@ function download_begin(act, i, j) { return; } useaddr = document.getElementById("useaddr_hostname").value; - } else + } else { useaddr = document.getElementById("useaddr").value; + } advancedoptions = document.getElementById("advancedoptions").value; @@ -325,21 +340,25 @@ function download_begin(act, i, j) { verifyservercn = document.getElementById("verifyservercn").value; var randomlocalport = 0; - if (document.getElementById("randomlocalport").checked) + if (document.getElementById("randomlocalport").checked) { randomlocalport = 1; + } var usetoken = 0; - if (document.getElementById("usetoken").checked) + if (document.getElementById("usetoken").checked) { usetoken = 1; + } var usepass = 0; - if (document.getElementById("usepass").checked) + if (document.getElementById("usepass").checked) { usepass = 1; + } var openvpnmanager = 0; - if (document.getElementById("openvpnmanager").checked) + if (document.getElementById("openvpnmanager").checked) { openvpnmanager = 1; + } var pass = document.getElementById("pass").value; var conf = document.getElementById("conf").value; - if (usepass && (act.substring(0,4) == "inst")) { + if (usepass && (act.substring(0, 4) == "inst")) { if (!pass || !conf) { alert("The password or confirm field is empty"); return; @@ -352,8 +371,9 @@ function download_begin(act, i, j) { var useproxy = 0; var useproxypass = 0; - if (document.getElementById("useproxy").checked) + if (document.getElementById("useproxy").checked) { useproxy = 1; + } var proxyaddr = document.getElementById("proxyaddr").value; var proxyport = document.getElementById("proxyport").value; @@ -363,8 +383,9 @@ function download_begin(act, i, j) { return; } - if (document.getElementById("useproxypass").value != 'none') + if (document.getElementById("useproxypass").value != 'none') { useproxypass = 1; + } var proxytype = document.getElementById("useproxytype").value; @@ -404,8 +425,9 @@ function download_begin(act, i, j) { dlurl += "&randomlocalport=" + escape(randomlocalport); dlurl += "&openvpnmanager=" + escape(openvpnmanager); dlurl += "&usetoken=" + escape(usetoken); - if (usepass) + if (usepass) { dlurl += "&password=" + escape(pass); + } if (useproxy) { dlurl += "&proxy_type=" + escape(proxytype); dlurl += "&proxy_addr=" + escape(proxyaddr); @@ -419,19 +441,20 @@ function download_begin(act, i, j) { dlurl += "&advancedoptions=" + escape(advancedoptions); - window.open(dlurl,"_self"); + window.open(dlurl, "_self"); } function server_changed() { var table = document.getElementById("users"); - while (table.rows.length > 1 ) + while (table.rows.length > 1 ) { table.deleteRow(1); + } var index = document.getElementById("server").selectedIndex; var users = servers[index][1]; var certs = servers[index][3]; - for (i=0; i < users.length; i++) { + for (i = 0; i < users.length; i++) { var row = table.insertRow(table.rows.length); var cell0 = row.insertCell(0); var cell1 = row.insertCell(1); @@ -466,7 +489,7 @@ function server_changed() { cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ", -1)'>Viscosity Bundle<\/a>"; } - for (j=0; j < certs.length; j++) { + for (j = 0; j < certs.length; j++) { var row = table.insertRow(table.rows.length); var cell0 = row.insertCell(0); var cell1 = row.insertCell(1); @@ -555,25 +578,27 @@ function server_changed() { function useaddr_changed(obj) { - if (obj.value == "other") + if (obj.value == "other") { $('HostName').show(); - else + } else { $('HostName').hide(); + } } function usepass_changed() { - if (document.getElementById("usepass").checked) + if (document.getElementById("usepass").checked) { document.getElementById("usepass_opts").style.display = ""; - else + } else { document.getElementById("usepass_opts").style.display = "none"; + } } function useproxy_changed(obj) { if ((obj.id == "useproxy" && obj.checked) || - (obj.id == "useproxypass" && (obj.value != 'none'))) { + (obj.id == "useproxypass" && (obj.value != 'none'))) { $(obj.id + '_opts').show(); } else { $(obj.id + '_opts').hide(); @@ -590,7 +615,7 @@ function useproxy_changed(obj) { } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="openvpn export"> - <tr> + <tr> <td> <?php $tab_array = array(); @@ -612,7 +637,7 @@ function useproxy_changed(obj) { <td width="22%" valign="top" class="vncellreq">Remote Access Server</td> <td width="78%" class="vtable"> <select name="server" id="server" class="formselect" onchange="server_changed()"> - <?php foreach($ras_server as & $server): ?> + <?php foreach ($ras_server as & $server): ?> <option value="<?=$server['index'];?>"><?=$server['name'];?></option> <?php endforeach; ?> </select> diff --git a/config/openvpn-client-export/vpn_openvpn_export_shared.php b/config/openvpn-client-export/vpn_openvpn_export_shared.php index 630bb253..5810e97b 100644 --- a/config/openvpn-client-export/vpn_openvpn_export_shared.php +++ b/config/openvpn-client-export/vpn_openvpn_export_shared.php @@ -1,22 +1,22 @@ -<?php +<?php /* vpn_openvpn_export_shared.php part of pfSense (http://www.pfSense.org) Copyright (C) 2008 Shrew Soft Inc. Copyright (C) 2010 Ermal Luçi Copyright (C) 2011-2015 ESF, LLC - All rights reserved. + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -44,7 +44,7 @@ if (!is_array($config['openvpn']['openvpn-server'])) { $a_server = $config['openvpn']['openvpn-server']; $ras_server = array(); -foreach($a_server as $sindex => $server) { +foreach ($a_server as $sindex => $server) { if (isset($server['disable'])) { continue; } @@ -57,8 +57,7 @@ foreach($a_server as $sindex => $server) { $port = $server['local_port']; if ($server['description']) { $name = "{$server['description']} {$prot}:{$port}"; - } - else { + } else { $name = "Shared Key Server {$prot}:{$port}"; } $ras_serverent['index'] = $sindex; @@ -79,7 +78,7 @@ if (isset($_POST['act'])) { $error = false; -if(($act == "skconf") || ($act == "skzipconf")) { +if (($act == "skconf") || ($act == "skzipconf")) { $srvid = $_GET['srvid']; if (($srvid === false) || ($config['openvpn']['openvpn-server'][$srvid]['mode'] != "p2p_shared_key")) { pfSenseHeader("vpn_openvpn_export.php"); @@ -189,13 +188,15 @@ function download_begin(act) { return; } useaddr = document.getElementById("useaddr_hostname").value; - } else + } else { useaddr = document.getElementById("useaddr").value; + } var useproxy = 0; var useproxypass = 0; - if (document.getElementById("useproxy").checked) + if (document.getElementById("useproxy").checked) { useproxy = 1; + } var proxyaddr = document.getElementById("proxyaddr").value; var proxyport = document.getElementById("proxyport").value; @@ -205,8 +206,9 @@ function download_begin(act) { return; } - if (document.getElementById("useproxypass").value != 'none') + if (document.getElementById("useproxypass").value != 'none') { useproxypass = 1; + } var proxytype = document.getElementById("useproxytype").value; @@ -245,14 +247,15 @@ function download_begin(act) { } } - window.open(dlurl,"_self"); + window.open(dlurl, "_self"); } function server_changed() { var table = document.getElementById("clients"); - while (table.rows.length > 1 ) + while (table.rows.length > 1 ) { table.deleteRow(1); + } var index = document.getElementById("server").selectedIndex; @@ -271,17 +274,18 @@ function server_changed() { function useaddr_changed(obj) { - if (obj.value == "other") + if (obj.value == "other") { $('HostName').show(); - else + } else { $('HostName').hide(); - + } + } function useproxy_changed(obj) { if ((obj.id == "useproxy" && obj.checked) || - (obj.id == "useproxypass" && (obj.value != 'none'))) { + (obj.id == "useproxypass" && (obj.value != 'none'))) { $(obj.id + '_opts').show(); } else { $(obj.id + '_opts').hide(); @@ -298,9 +302,9 @@ function useproxy_changed(obj) { } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="openvpn export shared"> - <tr> + <tr> <td> - <?php + <?php $tab_array = array(); $tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php"); $tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php"); @@ -320,7 +324,7 @@ function useproxy_changed(obj) { <td width="22%" valign="top" class="vncellreq">Shared Key Server</td> <td width="78%" class="vtable"> <select name="server" id="server" class="formselect" onchange="server_changed()"> - <?php foreach($ras_server as & $server): ?> + <?php foreach ($ras_server as & $server): ?> <option value="<?=$server['sindex'];?>"><?=$server['name'];?></option> <?php endforeach; ?> </select> @@ -406,7 +410,7 @@ function useproxy_changed(obj) { </tr> <tr> <td width="25%"> - <br /> + <br /> </td> <td> <select name="useproxypass" id="useproxypass" class="formselect" onchange="useproxy_changed(this)"> @@ -417,39 +421,39 @@ function useproxy_changed(obj) { <span class="vexpl"> Choose proxy authentication if any. </span> - <br /> - <table border="0" cellpadding="2" cellspacing="0" id="useproxypass_opts" style="display:none" summary="name and password"> - <tr> - <td align="right" width="25%"> - <span class="vexpl"> - Username : - </span> - </td> - <td> - <input name="proxyuser" id="proxyuser" class="formfld unknown" size="20" value="" /> - </td> - </tr> - <tr> - <td align="right" width="25%"> - <span class="vexpl"> - Password : - </span> - </td> - <td> - <input name="proxypass" id="proxypass" type="password" class="formfld pwd" size="20" value="" /> - </td> - </tr> - <tr> - <td align="right" width="25%"> - <span class="vexpl"> - Confirm : - </span> - </td> - <td> - <input name="proxyconf" id="proxyconf" type="password" class="formfld pwd" size="20" value="" /> - </td> - </tr> - </table> + <br /> + <table border="0" cellpadding="2" cellspacing="0" id="useproxypass_opts" style="display:none" summary="name and password"> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + Username : + </span> + </td> + <td> + <input name="proxyuser" id="proxyuser" class="formfld unknown" size="20" value="" /> + </td> + </tr> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + Password : + </span> + </td> + <td> + <input name="proxypass" id="proxypass" type="password" class="formfld pwd" size="20" value="" /> + </td> + </tr> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + Confirm : + </span> + </td> + <td> + <input name="proxyconf" id="proxyconf" type="password" class="formfld pwd" size="20" value="" /> + </td> + </tr> + </table> </td> </tr> </table> |