diff options
| -rw-r--r-- | config/arpwatch.xml | 20 | ||||
| -rwxr-xr-x | config/arpwatch_reports.php | 4 | ||||
| -rw-r--r-- | config/avahi/avahi.inc | 4 | ||||
| -rw-r--r-- | config/avahi/avahi.xml | 2 | ||||
| -rw-r--r-- | config/ipguard/ipguard.inc | 37 | ||||
| -rw-r--r-- | config/ipguard/ipguard.xml | 16 | ||||
| -rwxr-xr-x | config/ipguard/ipguard_sync.xml | 2 | ||||
| -rw-r--r-- | config/openbgpd/openbgpd.inc | 116 | ||||
| -rw-r--r-- | config/openospfd/openospfd.inc | 2 | ||||
| -rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 6 | ||||
| -rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.xml | 2 | ||||
| -rw-r--r-- | config/quagga_ospfd/quagga_ospfd.inc | 6 | ||||
| -rw-r--r-- | config/tinc/status_tinc.php | 24 | ||||
| -rw-r--r-- | config/tinc/tinc.inc | 173 | ||||
| -rw-r--r-- | config/tinc/tinc.xml | 97 | ||||
| -rw-r--r-- | config/tinc/tinc_config.xml | 209 | ||||
| -rw-r--r-- | config/tinc/tinc_hosts.xml | 167 | ||||
| -rw-r--r-- | pkg_config.8.xml | 46 | ||||
| -rw-r--r-- | pkg_config.8.xml.amd64 | 46 |
19 files changed, 855 insertions, 124 deletions
diff --git a/config/arpwatch.xml b/config/arpwatch.xml index 0553eb58..c9434075 100644 --- a/config/arpwatch.xml +++ b/config/arpwatch.xml @@ -89,11 +89,17 @@ <custom_php_global_functions> function sync_package_arpwatch() { global $config; - conf_mount_rw(); - config_lock(); - $int = $config['installedpackages']['arpwatch']['config'][0]['interface']; + conf_mount_rw(); + config_lock(); + $log_file = "/var/log/arp.dat"; + if($_POST['interface'] != "") { + $int = $_POST['interface']; + } else { + $int = $config['installedpackages']['arpwatch']['config'][0]['interface']; + } $int = convert_friendly_interface_to_real_interface_name($int); - $start = "/usr/local/sbin/arpwatch -d -i {$int} > /var/log/arpwatch.reports 2>&1 &"; + $start = "touch {$log_file}\n"; + $start .= "/usr/local/sbin/arpwatch -d -f {$log_file} -i {$int} > /var/log/arpwatch.reports 2>&1 &"; $stop = "/usr/bin/killall arpwatch"; write_rcfile(array( "file" => "arpwatch.sh", @@ -102,9 +108,9 @@ ) ); restart_service("arpwatch"); - conf_mount_ro(); - config_unlock(); - } + conf_mount_ro(); + config_unlock(); + } </custom_php_global_functions> <custom_add_php_command> sync_package_arpwatch(); diff --git a/config/arpwatch_reports.php b/config/arpwatch_reports.php index 1bdb5233..d66b1a46 100755 --- a/config/arpwatch_reports.php +++ b/config/arpwatch_reports.php @@ -3,7 +3,7 @@ /* $Id$ - diag_logs.php + arpwatch_reports.php Copyright (C) 2005 Colin Smith All rights reserved. @@ -31,7 +31,7 @@ require("guiconfig.inc"); -$logfile = "/usr/local/arpwatch/arp.dat"; +$logfile = "/var/log/arp.dat"; if ($_POST['clear']) { stop_service("arpwatch"); diff --git a/config/avahi/avahi.inc b/config/avahi/avahi.inc index f91fcd12..f848763d 100644 --- a/config/avahi/avahi.inc +++ b/config/avahi/avahi.inc @@ -117,12 +117,12 @@ domain-name={$domain} browse-domains="{$browsedomains}" deny-interfaces={$denyinterfaces} use-ipv4=yes -use-ipv6=no +use-ipv6=yes enable-dbus=no #check-response-ttl=no #use-iff-running=no #disallow-other-stacks=no -#allow-point-to-point=no +allow-point-to-point=yes [wide-area] enable-wide-area=yes diff --git a/config/avahi/avahi.xml b/config/avahi/avahi.xml index 8a503e1c..339e9dec 100644 --- a/config/avahi/avahi.xml +++ b/config/avahi/avahi.xml @@ -34,7 +34,7 @@ </copyright> <title>Services: Avahi</title> <name>avahi</name> - <version>0.6.29</version> + <version>0.6.29 pkg v1.01</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/avahi.inc</include_file> <menu> diff --git a/config/ipguard/ipguard.inc b/config/ipguard/ipguard.inc index 052f6f31..1891b24b 100644 --- a/config/ipguard/ipguard.inc +++ b/config/ipguard/ipguard.inc @@ -44,7 +44,9 @@ function ipguard_custom_php_deinstall_command(){ conf_mount_rw(); stop_service('ipguard'); - chmod("/usr/local/etc/rc.d/ipguard.sh",0444); + $ipguard_sh_file = "/usr/local/etc/rc.d/ipguard.sh"; + if (is_file($ipguard_sh_file)) + chmod($ipguard_sh_file,0444); conf_mount_ro(); } @@ -60,9 +62,6 @@ function ipguard_custom_php_write_config(){ if (is_array($config['installedpackages']['ipguard']['config'])){ - // Mount Read-write - conf_mount_rw(); - // Read config $new_config=array(); foreach ($config['installedpackages']['ipguard']['config'] as $ipguard){ @@ -96,7 +95,9 @@ function ipguard_custom_php_write_config(){ else{ #remove config files stop_service('ipguard'); - chmod("/usr/local/etc/rc.d/ipguard.sh",0444); + $ipguard_sh_file = "/usr/local/etc/rc.d/ipguard.sh"; + if (is_file($ipguard_sh_file)) + chmod($ipguard_sh_file,0444); } // Mount Read-only conf_mount_ro(); @@ -109,20 +110,20 @@ function ipguard_custom_php_write_config(){ function ipguard_sync_on_changes() { global $config, $g; - if (is_array($config['installedpackages']['ipguardsync'])) - if (!$config['installedpackages']['ipguardsync']['config'][0]['synconchanges']) - return; - - log_error("[ipguard] xmlrpc sync is starting."); - foreach ($config['installedpackages']['ipguardsync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ - $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - if($password && $sync_to_ip) - ipguard_do_xmlrpc_sync($sync_to_ip, $password); + if (is_array($config['installedpackages']['ipguardsync'])) { + if ($config['installedpackages']['ipguardsync']['config'][0]['synconchanges']) { + log_error("[ipguard] xmlrpc sync is starting."); + foreach ($config['installedpackages']['ipguardsync']['config'] as $rs ){ + foreach($rs['row'] as $sh){ + $sync_to_ip = $sh['ipaddress']; + $password = $sh['password']; + if($password && $sync_to_ip) + ipguard_do_xmlrpc_sync($sync_to_ip, $password); + } } + log_error("[ipguard] xmlrpc sync is ending."); + } } - log_error("[ipguard] xmlrpc sync is ending."); } /* Do the actual XMLRPC sync */ @@ -185,7 +186,7 @@ function ipguard_do_xmlrpc_sync($sync_to_ip, $password) { log_error("ipguard XMLRPC sync successfully completed with {$url}:{$port}."); } - /* tell ipguard to reload our settings on the destionation sync host. */ + /* tell ipguard to reload our settings on the destination sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/ipguard.inc');\n"; $execcmd .= "ipguard_custom_php_write_config();"; diff --git a/config/ipguard/ipguard.xml b/config/ipguard/ipguard.xml index ac096522..cafc6e4e 100644 --- a/config/ipguard/ipguard.xml +++ b/config/ipguard/ipguard.xml @@ -49,7 +49,7 @@ <include_file>/usr/local/pkg/ipguard.inc</include_file> <menu> <name>Ipguard</name> - <tooltiptext>Tool designed to protect LAN IP adress space by ARP spoofing</tooltiptext> + <tooltiptext>Tool designed to protect LAN IP address space by ARP spoofing</tooltiptext> <section>Firewall</section> <url>/pkg.php?xml=ipguard.xml</url> </menu> @@ -57,7 +57,7 @@ <name>ipguard</name> <rcfile>ipguard.sh</rcfile> <executable>ipguard</executable> - <description>Tool designed to protect LAN IP adress space by ARP spoofing.</description> + <description>Tool designed to protect LAN IP address space by ARP spoofing.</description> </service> <configpath>installedpackages->package->ipguard</configpath> <additional_files_needed> @@ -100,11 +100,11 @@ <fieldname>ip</fieldname> </columnitem> <columnitem> - <fielddescr>description</fielddescr> + <fielddescr>Description</fielddescr> <fieldname>description</fieldname> </columnitem> <movable>on</movable> - <description><![CDATA[If firewall receives traffic with MAC/IP pair not listed here, it will send ARP reply with configured fake address.<br>This will prevent not permitted host to work properly in the specified ethernet segment.]]></description> + <description><![CDATA[If firewall receives traffic with MAC/IP pair not listed here, it will send ARP reply with configured fake address.<br>This will prevent not permitted host from working properly in the specified ethernet segment.]]></description> </adddeleteeditpagefields> <fields> <field> @@ -125,7 +125,7 @@ <regex>/%FILTERTEXT%/i</regex> </item> <item> - <name>Ip Adress</name> + <name>Ip Address</name> <fieldname>ip</fieldname> <regex>/%FILTERTEXT%/i</regex> </item> @@ -135,12 +135,12 @@ <fielddescr>Enable</fielddescr> <fieldname>enable</fieldname> <type>checkbox</type> - <description><![CDATA[Enable this mac rule.<br><strong>Important Note:</strong> Always create rules to pfsense mac and ip address to avoid denying access to pfsense gui.]]></description> + <description><![CDATA[Enable this mac rule.<br><strong>Important Note:</strong> Always create rules for pfsense mac and ip address to avoid denying access to pfsense gui.]]></description> </field> <field> <fielddescr>Interface</fielddescr> <fieldname>interface</fieldname> - <description>The interface ipguard server will check this mac</description> + <description>The interface on which ipguard server will check this mac</description> <type>interfaces_selection</type> <required/> <default_value>lan</default_value> @@ -156,7 +156,7 @@ <field> <fielddescr>Mac address</fielddescr> <fieldname>mac</fieldname> - <description><![CDATA[Insert mac address you what to filter.<br> + <description><![CDATA[Insert mac address you want to filter.<br> <strong>To include a permit rule, use mac=00:00:00:00:00:00</strong>]]></description> <type>input</type> <size>25</size> diff --git a/config/ipguard/ipguard_sync.xml b/config/ipguard/ipguard_sync.xml index 645ba413..0b5ffecb 100755 --- a/config/ipguard/ipguard_sync.xml +++ b/config/ipguard/ipguard_sync.xml @@ -43,7 +43,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>ipguardsync</name> <version>1.0</version> - <title>SSH Conditional - Sync</title> + <title>Ipguard - Sync</title> <include_file>/usr/local/pkg/ipguard.inc</include_file> <tabs> <tab> diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index 4a99dbc1..573745be 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -34,20 +34,26 @@ require_once("service-utils.inc"); define('PKG_BGPD_CONFIG_BASE', '/var/etc/openbgpd'); -$pkg_login = "_bgpd"; -$pkg_uid = "130"; -$pkg_group = "_bgpd"; -$pkg_gid = "130"; -$pkg_gecos = "BGP Daemon"; -$pkg_homedir = "/var/empty"; -$pkg_shell = "/usr/sbin/nologin"; - +define('PKG_BGPD_LOGIN', "_bgpd"); +define('PKG_BGPD_UID', "130"); +define('PKG_BGPD_GROUP', "_bgpd"); +define('PKG_BGPD_GID', "130"); +define('PKG_BGPD_GECOS', "BGP Daemon"); +define('PKG_BGPD_HOMEDIR', "/var/empty"); +define('PKG_BGPD_SHELL', "/usr/sbin/nologin"); function openbgpd_install_conf() { - global $config, $g, $pkg_login, $pkg_uid, $pkg_group, $pkg_gid, $pkg_gecos, $pkg_homedir, $pkg_shell; - + global $config, $g; + $pkg_login = PKG_BGPD_LOGIN; + $pkg_uid = PKG_BGPD_UID; + $pkg_group = PKG_BGPD_GROUP; + $pkg_gid = PKG_BGPD_GID; + $pkg_gecos = PKG_BGPD_GECOS; + $pkg_homedir = PKG_BGPD_HOMEDIR; + $pkg_shell = PKG_BGPD_SHELL; + conf_mount_rw(); - + // Since we need to embed this in a string, copy to a var. Can't embed constnats. $bgpd_config_base = PKG_BGPD_CONFIG_BASE; if ($config['installedpackages']['openbgpd']['rawconfig'] && $config['installedpackages']['openbgpd']['rawconfig']['item']) { @@ -56,45 +62,45 @@ function openbgpd_install_conf() { //$conffile = $config['installedpackages']['openbgpd']['rawconfig']; } else { // generate bgpd.conf based on the assistant - if($config['installedpackages']['openbgpd']['config']) + if($config['installedpackages']['openbgpd']['config']) $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; if($config['installedpackages']['openbgpd']['config'][0]['row']) - $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; + $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; if($config['installedpackages']['openbgpdgroups']['config']) $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; if($config['installedpackages']['openbgpdneighbors']['config']) $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; - + $conffile = "# This file was created by the package manager. Do not edit!\n\n"; $setkeycf = ""; - + // Setup AS # - if($openbgpd_conf['asnum']) + if($openbgpd_conf['asnum']) $conffile .= "AS {$openbgpd_conf['asnum']}\n"; - + if($openbgpd_conf['fibupdate']) $conffile .= "fib-update {$openbgpd_conf['fibupdate']}\n"; - + // Setup holdtime if defined. Default is 90. - if($openbgpd_conf['holdtime']) + if($openbgpd_conf['holdtime']) $conffile .= "holdtime {$openbgpd_conf['holdtime']}\n"; // Specify listen ip - if($openbgpd_conf['listenip']) + if($openbgpd_conf['listenip']) $conffile .= "listen on {$openbgpd_conf['listenip']}\n"; // Specify router id - if($openbgpd_conf['routerid']) + if($openbgpd_conf['routerid']) $conffile .= "router-id {$openbgpd_conf['routerid']}\n"; // Handle advertised networks if($config['installedpackages']['openbgpd']['config'][0]['row']) if(is_array($openbgpd_rows)) - foreach($openbgpd_rows as $row) + foreach($openbgpd_rows as $row) $conffile .= "network {$row['networks']}\n"; - + // Attach neighbors to their respective group owner - if(is_array($openbgpd_groups)) { + if(is_array($openbgpd_groups)) { foreach($openbgpd_groups as $group) { $conffile .= "group \"{$group['name']}\" {\n"; $conffile .= " remote-as {$group['remoteas']}\n"; @@ -114,16 +120,16 @@ function openbgpd_install_conf() { } foreach($neighbor['row'] as $row) { $conffile .= " {$row['parameters']} {$row['parmvalue']} \n"; - } + } $conffile .= "}\n"; } } } $conffile .= "}\n"; } - } + } - // Handle neighbors that do not have a group assigned to them + // Handle neighbors that do not have a group assigned to them if(is_array($openbgpd_neighbors)) { foreach($openbgpd_neighbors as $neighbor) { $used_this_item = false; @@ -147,27 +153,27 @@ function openbgpd_install_conf() { if($used_this_item) $conffile .= "}\n"; } - } - + } + // OpenBGPD filters $conffile .= "deny from any\n"; $conffile .= "deny to any\n"; if(is_array($openbgpd_neighbors)) { foreach($openbgpd_neighbors as $neighbor) { $conffile .= "allow from {$neighbor['neighbor']}\n"; - $conffile .= "allow to {$neighbor['neighbor']}\n"; + $conffile .= "allow to {$neighbor['neighbor']}\n"; } } } safe_mkdir($bgpd_config_base); $fd = fopen("{$bgpd_config_base}/bgpd.conf", "w"); - + // Write out the configuration file fwrite($fd, $conffile); - + // Close file handle fclose($fd); - + // Create rc.d file $rc_file_stop = <<<EOF killall -9 bgpd @@ -183,7 +189,7 @@ fi /bin/mkdir -p {$bgpd_config_base} chmod u+rw,go-rw {$bgpd_config_base}/bgpd.conf -/usr/sbin/chown -R {$pkg_login}:{$pkg_login} {$bgpd_config_base} +/usr/sbin/chown -R root:wheel {$bgpd_config_base} NUMBGPD=`ps auxw | grep -c '[b]gpd.*parent'` if [ \${NUMBGPD} -lt 1 ] ; then @@ -196,7 +202,7 @@ EOF; "stop" => $rc_file_stop ) ); - + // TCP-MD5 support on freebsd. See tcp(5) for more $fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w"); fwrite($fd, $setkeycf ); @@ -209,7 +215,7 @@ EOF; } else { exec("bgpd"); } - + conf_mount_ro(); } @@ -260,19 +266,19 @@ function deinstall_openbgpd() { function check_group_usage($groupname) { global $config, $g; - if($config['installedpackages']['openbgpd']['config']) + if($config['installedpackages']['openbgpd']['config']) $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; if($config['installedpackages']['openbgpd']['config'][0]['row']) - $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; + $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; if($config['installedpackages']['openbgpdgroups']['config']) $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; if($config['installedpackages']['openbgpdneighbors']['config']) $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; - if(is_array($openbgpd_groups)) { + if(is_array($openbgpd_groups)) { foreach($openbgpd_groups as $group) { foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == $group['name']) + if($neighbor['groupname'] == $group['name']) return $neighbor['groupname']; } } @@ -286,16 +292,16 @@ function bgpd_validate_input() { if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum'])) $input_errors[] = "AS must be entered as a number only."; - + if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) $input_errors[] = "Router ID must be an IP address."; - + if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime'])) $input_errors[] = "Holdtime must be entered as a number."; - + if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip'])) $input_errors[] = "Listen IP must be an IP address or blank to bind to all IPs."; - + } function bgpd_validate_group() { @@ -303,12 +309,12 @@ function bgpd_validate_group() { if (!is_numeric($_POST['remoteas'])) $input_errors[] = "Remote AS must be entered as a number only."; - + if ($_POST['name'] == "") $input_errors[] = "You must enter a name."; - + $_POST['name'] = remove_bad_chars($_POST['name']); - + } function remove_bad_chars($string) { @@ -328,7 +334,7 @@ function grey_out_value_boxes() { var last_two = fieldvalue.substring(length); var without_last_two = fieldvalue.substring(0,length); if( \$('parmvalue' + x) ) { - if(last_two != ' X') { + if(last_two != ' X') { \$('parmvalue' + x).value = ''; \$('parmvalue' + x).disabled = true; } else { @@ -338,21 +344,21 @@ function grey_out_value_boxes() { } } var timerID = setTimeout("grey_out_value_boxes()", 1200); - - } + + } grey_out_value_boxes(); - </script> + </script> + - EOF; - + } function is_openbgpd_running() { $status = `ps auxw | grep -c '[b]gpd.*parent'`; - if(intval($status) > 0) + if(intval($status) > 0) return true; - else + else return false; } diff --git a/config/openospfd/openospfd.inc b/config/openospfd/openospfd.inc index bc8826e1..86e043d5 100644 --- a/config/openospfd/openospfd.inc +++ b/config/openospfd/openospfd.inc @@ -77,6 +77,8 @@ function ospfd_install_conf() { if (is_array($ospfd_conf['row'])) { foreach ($ospfd_conf['row'] as $redistr) { + if (empty($redistr['routevalue'])) + continue; if (isset($redistr['redistribute'])) $conffile .= "no "; $conffile .= "redistribute {$redistr['routevalue']}\n"; diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 97e3f4cb..9f06ed0c 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -175,7 +175,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke } } else if ($useaddr == "serverhostname" || empty($useaddr)) { $server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}."; - $server_host .= "{{$config['system']['domain']}"; + $server_host .= "{$config['system']['domain']}"; } else $server_host = $useaddr; @@ -199,7 +199,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "resolv-retry infinite{$nl}"; $conf .= "remote {$server_host} {$server_port}{$nl}"; if (!empty($servercn)) - $conf .= "tls-remote {$servercn}{$nl}"; + $conf .= "tls-remote \"{$servercn}\"{$nl}"; if (!empty($proxy)) { if ($proto == "udp") { @@ -340,6 +340,8 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke if ($settings['tls']) { $conf .= "<tls-auth>{$nl}" . base64_decode($settings['tls']) . "</tls-auth>{$nl} key-direction 1{$nl}"; } + return $conf; + break; case "yealink_t28": case "yealink_t38g": // create template directory diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index 605bc190..254a95c7 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>0.20</version> + <version>0.22</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> diff --git a/config/quagga_ospfd/quagga_ospfd.inc b/config/quagga_ospfd/quagga_ospfd.inc index d81ee3dc..598d3c00 100644 --- a/config/quagga_ospfd/quagga_ospfd.inc +++ b/config/quagga_ospfd/quagga_ospfd.inc @@ -1,7 +1,7 @@ <?php /* quagga_ospfd.inc - Copyright (C) 2010 Ermal Luçi + Copyright (C) 2010 Ermal Lu�i Copyright (C) 2012 Jim Pingle part of pfSense All rights reserved. @@ -110,9 +110,9 @@ function quagga_ospfd_install_conf() { } if ($conf['md5password'] && !empty($conf['password'])) { $conffile .= " ip ospf authentication message-digest\n"; - $conffile .= " ip ospf message-digest-key 1 md5 \"" . substr($conf['password'], 0, 15) . "\"\n"; + $conffile .= " ip ospf message-digest-key 1 md5 " . substr($conf['password'], 0, 15) . "\n"; } else if (!empty($conf['password'])) { - $conffile .= " ip ospf authentication-key \"" . substr($conf['password'], 0, 8) . "\"\n"; + $conffile .= " ip ospf authentication-key " . substr($conf['password'], 0, 8) . "\n"; } if (!empty($conf['routerpriorityelections'])) { $conffile .= " ip ospf priority {$conf['routerpriorityelections']}\n"; diff --git a/config/tinc/status_tinc.php b/config/tinc/status_tinc.php new file mode 100644 index 00000000..17b8e48c --- /dev/null +++ b/config/tinc/status_tinc.php @@ -0,0 +1,24 @@ +<?php + +$pgtitle = array(gettext("Status"), "tinc"); +require("guiconfig.inc"); +require_once("tinc.inc"); + +include("head.inc"); ?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?=$jsevents["body"]["onload"];?>"> +<?php include("fbegin.inc"); ?> + + +1:<BR> +<pre> +<?php print tinc_status_1(); ?> +</pre> +<BR> +2:<BR> +<pre> +<?php print tinc_status_2(); ?> +</pre> + + +<?php include("fend.inc"); ?> diff --git a/config/tinc/tinc.inc b/config/tinc/tinc.inc new file mode 100644 index 00000000..c191de5a --- /dev/null +++ b/config/tinc/tinc.inc @@ -0,0 +1,173 @@ +<?php + +if(!isset($_GET['id']) and !isset($_POST['id'])) { + if($GLOBALS['config']['installedpackages']['tinchosts']['savemsg']) { + $savemsg=$GLOBALS['config']['installedpackages']['tinchosts']['savemsg']; + unset($GLOBALS['config']['installedpackages']['tinchosts']['savemsg']); + write_config(); + } + +} + +$hosts=$config['installedpackages']['tinchosts']['config']; +is_array($hosts) ? $num_hosts=count($hosts) : $num_hosts=0; +if(!isset($_GET['id']) and !isset($_POST['id']) and $num_hosts) { + for ($i=0;$i<$num_hosts;$i++) { + $host=$hosts[$i]; + } +} + + +function tinc_save() { + $GLOBALS['config']['installedpackages']['tinchosts']['savemsg']=''; + conf_mount_rw(); + config_lock(); + exec("/bin/mv -f /usr/local/etc/tinc /usr/local/etc/tinc.old"); + safe_mkdir("/usr/local/etc/tinc"); + safe_mkdir("/usr/local/etc/tinc/hosts"); + exec("touch /usr/local/etc/tinc/WARNING-ENTIRE_DIRECTORY_ERASED_ON_SAVE_FROM_GUI"); + $tincconf = $GLOBALS['config']['installedpackages']['tinc']['config'][0]; + $fout = fopen("/usr/local/etc/tinc/tinc.conf","w"); + fwrite($fout, "name=".$tincconf['name']."\n"); + fwrite($fout, "AddressFamily=".$tincconf['addressfamily']."\n"); + if(!is_array($GLOBALS['config']['installedpackages']['tinchosts']['config'])) { $GLOBALS['config']['installedpackages']['tinchosts']['config']=Array(); } + foreach($GLOBALS['config']['installedpackages']['tinchosts']['config'] as $host) { + if($host['connect']) + { + fwrite($fout, "ConnectTo=" . $host['name'] . "\n"); + } + + $_output = "Address=".$host['address']."\n"; + $_output .= "Subnet=".$host['subnet']."\n"; + $_output .= base64_decode($host['extra'])."\n"; + $_output .= base64_decode($host['cert_pub'])."\n"; + file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'],$_output); + if($host['host_up']) + { + file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'].'-up',base64_decode($host['host_up'])."\n"); + chmod('/usr/local/etc/tinc/hosts/'.$host['name'].'-up', 0744); + } + if($host['host_down']) + { + file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'].'-down',base64_decode($host['host_down'])."\n"); + chmod('/usr/local/etc/tinc/hosts/'.$host['name'].'-down', 0744); + } + } + fwrite($fout, base64_decode($tincconf['extra'])."\n"); + fclose($fout); + $_output = "Subnet=" . $tincconf['localsubnet'] . "\n"; + $_output .= base64_decode($tincconf['host_extra']) . "\n"; + $_output .= base64_decode($tincconf['cert_pub']) . "\n"; + file_put_contents('/usr/local/etc/tinc/hosts/' . $tincconf['name'],$_output); + file_put_contents('/usr/local/etc/tinc/rsa_key.priv',base64_decode($tincconf['cert_key'])."\n"); + chmod("/usr/local/etc/tinc/rsa_key.priv", 0600); + if($tincconf['tinc_up']) + { + $_output = base64_decode($tincconf['tinc_up']) . "\n"; + } + else + { + $_output = "ifconfig \$INTERFACE " . $tincconf['localip'] . " netmask " . $tincconf['vpnnetmask'] . "\n"; + } + file_put_contents('/usr/local/etc/tinc/tinc-up',$_output); + chmod("/usr/local/etc/tinc/tinc-up", 0744); + if($tincconf['tinc_down']) + { + file_put_contents('/usr/local/etc/tinc/tinc-down',base64_decode($tincconf['tinc_down']) . "\n"); + chmod("/usr/local/etc/tinc/tinc-down", 0744); + } + if($tincconf['host_up']) + { + file_put_contents('/usr/local/etc/tinc/host-up',base64_decode($tincconf['host_up']) . "\n"); + chmod("/usr/local/etc/tinc/host-up", 0744); + } + if($tincconf['host_down']) + { + file_put_contents('/usr/local/etc/tinc/host-down',base64_decode($tincconf['host_down']) . "\n"); + chmod("/usr/local/etc/tinc/host-down", 0744); + } + if($tincconf['subnet_up']) + { + file_put_contents('/usr/local/etc/tinc/subnet-up',base64_decode($tincconf['subnet_up']) . "\n"); + chmod("/usr/local/etc/tinc/subnet-up", 0744); + } + if($tincconf['subnet_down']) + { + file_put_contents('/usr/local/etc/tinc/subnet-down',base64_decode($tincconf['subnet_down']) . "\n"); + chmod("/usr/local/etc/tinc/subnet-down", 0744); + } + system("/usr/local/etc/rc.d/tinc.sh restart 2>/dev/null"); + rmdir_recursive("/usr/local/etc/tinc.old"); + conf_mount_ro(); + config_unlock(); +} + +function tinc_status_1() { + list($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$sizeb,$atime,$mtimeb,$ctime,$blksize,$blocks)=stat("/var/log/tinc.log"); + exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR1"); + exec("tail -c +" . $sizeb . " /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result); + $output=""; + foreach($result as $line) + { + $output .= $line . "\n"; + } + return $output; +} + +function tinc_status_2() { + list($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$sizeb,$atime,$mtimeb,$ctime,$blksize,$blocks)=stat("/var/log/tinc.log"); + exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR2"); + exec("tail -c +" . $sizeb . " /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result); + $output=""; + foreach($result as $line) + { + $output .= $line . "\n"; + } + return $output; +} + +function tinc_install() { + safe_mkdir("/usr/local/etc/tinc"); + safe_mkdir("/usr/local/etc/tinc/hosts"); +# make_dirs("/var/tmp/tinc/var/tmp/run/tinc"); +# system("/usr/sbin/chown -R tinc:tinc /var/tmp/tinc"); + $_rcfile['file']='tinc.sh'; + $_rcfile['start'].="/usr/local/sbin/tincd --config=/usr/local/etc/tinc\n\t"; + $_rcfile['stop'].="/usr/local/sbin/tincd --kill \n\t"; + write_rcfile($_rcfile); + unlink_if_exists("/usr/local/etc/rc.d/tincd"); + + conf_mount_rw(); + config_lock(); +/* + # find next free optional interface number + for ($i = 1; $i <= count($GLOBALS['config']['interfaces']); $i++) { + if (!$GLOBALS['config']['interfaces']["opt{$i}"]) + break; + } + $newifname = 'opt' . $i; + $descr = "TINC"; + $GLOBALS['config']['interfaces'][$newifname] = array(); + $GLOBALS['config']['interfaces'][$newifname]['descr'] = $descr; + + uksort($GLOBALS['config']['interfaces'], "compare_interface_friendly_names"); + + $GLOBALS['config']['interfaces'][$newifname]['if'] = "tun0"; +*/ + + /* XXX: Do not remove this. */ + mwexec("/bin/rm -f /tmp/config.cache"); + + write_config(); + + conf_mount_ro(); + config_unlock(); +} + +function tinc_deinstall() { + rmdir_recursive("/var/tmp/tinc"); + rmdir_recursive("/usr/local/etc/tinc*"); + unlink_if_exists("/usr/local/etc/rc.d/tinc.sh"); +} + +?> diff --git a/config/tinc/tinc.xml b/config/tinc/tinc.xml new file mode 100644 index 00000000..7fb756f1 --- /dev/null +++ b/config/tinc/tinc.xml @@ -0,0 +1,97 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + tinc.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007-2008 Scott Ullrich + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>A self-contained VPN solution designed to connect multiple sites together in a secure way.</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>tinc</name> + <version>1.0.19</version> + <title>VPN: tinc</title> + <!-- Menu is where this packages menu will appear --> + <menu> + <name>tinc</name> + <tooltiptext>tinc is a mesh VPN daemon.</tooltiptext> + <section>VPN</section> + <configfile>tinc_config.xml</configfile> + <url>/pkg_edit.php?xml=tinc_config.xml</url> + </menu> + <menu> + <name>tinc</name> + <tooltiptext>Status of tinc VPN Daemon</tooltiptext> + <section>Status</section> + <url>/status_tinc.php</url> + </menu> + + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/tinc/tinc.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/tinc/tinc_config.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/tinc/tinc_hosts.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/tinc/status_tinc.php</item> + </additional_files_needed> + + <service> + <name>tinc</name> + <rcfile>tinc.sh</rcfile> + <executable>tincd</executable> + </service> + <include_file>/usr/local/pkg/tinc.inc</include_file> + + <custom_php_install_command> + tinc_install(); + </custom_php_install_command> + <custom_php_deinstall_command> + tinc_deinstall(); + </custom_php_deinstall_command> + +</packagegui> diff --git a/config/tinc/tinc_config.xml b/config/tinc/tinc_config.xml new file mode 100644 index 00000000..6c3cce71 --- /dev/null +++ b/config/tinc/tinc_config.xml @@ -0,0 +1,209 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + tinc_config.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007-2008 Scott Ullrich + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <name>tinc</name> + <version>1.0.19</version> + <title>VPN: tinc</title> + + <!-- configpath gets expanded out automatically and config items will be + stored in that location --> + <configpath>['installedpackages']['package']['$packagename']['config']</configpath> + + <tabs> + <tab> + <text>Config</text> + <url>/pkg_edit.php?xml=tinc_config.xml</url> + <active/> + </tab> + <tab> + <text>Hosts</text> + <url>/pkg.php?xml=tinc_hosts.xml</url> + </tab> + </tabs> + <advanced_options>enabled</advanced_options> + <fields> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description>This is the name which identifies this tinc daemon. It must be unique for the virtual private network this daemon will connect to.</description> + <type>input</type> + </field> + <field> + <fielddescr>Local IP</fielddescr> + <fieldname>localip</fieldname> + <description>IP Address of local tunnel interface. This is often the same IP as your routers LAN address, for example 192.168.2.1</description> + <type>input</type> + </field> + <field> + <fielddescr>Local Subnet</fielddescr> + <fieldname>localsubnet</fieldname> + <description>Subnet behind this router that should be advertised to the mesh. This is usually your LAN subnet, for example 192.168.2.0/24</description> + <type>input</type> + </field> + <field> + <fielddescr>VPN Netmask</fielddescr> + <fieldname>vpnnetmask</fieldname> + <description>This is the Netmask that defines what traffic is routed to the VPNs tunnel interface. It is usually broader then your local netmask, for example 255.255.0.0</description> + <type>input</type> + </field> + <field> + <fielddescr>AddressFamily</fielddescr> + <fieldname>addressfamily</fieldname> + <description>This option affects the address family of listening and outgoing sockets. If "any" is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created.</description> + <type>select</type> + <options> + <option> + <name>ipv4</name> + <value>ipv4</value> + </option> + <option> + <name>ipv6</name> + <value>ipv6</value> + </option> + <option> + <name>any</name> + <value>any</value> + </option> + </options> + </field> + <field> + <fielddescr>RSA private key</fielddescr> + <fieldname>cert_key</fieldname> + <description>RSA private key used for this host. Include the BEGIN and END lines. <br></description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>7</rows> + <cols>65</cols> + </field> + <field> + <fielddescr>RSA public key</fielddescr> + <fieldname>cert_pub</fieldname> + <description>RSA public key used for this host. Include the BEGIN and END lines. <br></description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>7</rows> + <cols>65</cols> + </field> + <field> + <fielddescr>Extra Tinc Parameters</fielddescr> + <fieldname>extra</fieldname> + <description>Anything entered here will be added at the end of the tinc.conf configuration file. <br></description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>65</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Extra Host Parameters</fielddescr> + <fieldname>host_extra</fieldname> + <description>Anything entered here will be added just prior to the public certiciate in the host configuration file for this machine. <br></description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>65</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Interface Up Script</fielddescr> + <fieldname>tinc_up</fieldname> + <description>This script is executed right after the tinc daemon has connected to the virtual network device. By default a tinc-up file is created that brings up the tinc interface with the IP Address and Netmask specified above. Entering a value here complely replaces the default script so be sure to bring up the interface in this script.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>65</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Interface Down Script</fielddescr> + <fieldname>tinc_down</fieldname> + <description>This script is executed right before the tinc daemon is going to close.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>65</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Host Up Script</fielddescr> + <fieldname>host_up</fieldname> + <description>This script is executed when any host becomes reachable.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>65</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Host Down Script</fielddescr> + <fieldname>host_down</fieldname> + <description>This script is executed when any host becomes unreachable.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>65</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Subnet Up Script</fielddescr> + <fieldname>subnet_up</fieldname> + <description>This script is executed when any subnet becomes reachable.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>65</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Subnet Down Script</fielddescr> + <fieldname>subnet_down</fieldname> + <description>This script is executed when any subnet becomes unreachable.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>65</cols> + <advancedfield/> + </field> + </fields> + <include_file>/usr/local/pkg/tinc.inc</include_file> + <custom_php_resync_config_command> + tinc_save(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/tinc/tinc_hosts.xml b/config/tinc/tinc_hosts.xml new file mode 100644 index 00000000..7741b7be --- /dev/null +++ b/config/tinc/tinc_hosts.xml @@ -0,0 +1,167 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + tinc_hosts.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007-2009 Scott Ullrich + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>tinc Hosts</description> + <requirements></requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>tinchosts</name> + <version>1.0.19</version> + <title>VPN: tinc - Hosts</title> + <!-- configpath gets expanded out automatically and config items will be + stored in that location --> + <configpath>['installedpackages']['package']['$packagename']['config']</configpath> + + <tabs> + <tab> + <text>Config</text> + <url>/pkg_edit.php?xml=tinc_config.xml</url> + </tab> + <tab> + <text>Hosts</text> + <url>/pkg.php?xml=tinc_hosts.xml</url> + <active/> + </tab> + </tabs> + <advanced_options>enabled</advanced_options> + + <!-- adddeleteeditpagefields items will appear on the first page where you can add / delete or edit + items. An example of this would be the nat page where you add new nat redirects --> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Address</fielddescr> + <fieldname>address</fieldname> + </columnitem> + <columnitem> + <fielddescr>Subnet</fielddescr> + <fieldname>subnet</fieldname> + </columnitem> + <columnitem> + <fielddescr>Connect at Startup</fielddescr> + <fieldname>connect</fieldname> + <type>checkbox</type> + </columnitem> + + </adddeleteeditpagefields> + <!-- fields gets invoked when the user adds or edits a item. the following items + will be parsed and rendered for the user as a gui with input, and selectboxes. --> + <fields> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description>Name of this host.</description> + <type>input</type> + </field> + <field> + <fielddescr>Address</fielddescr> + <fieldname>address</fieldname> + <description>IP address or hostname of server.</description> + <type>input</type> + </field> + <field> + <fielddescr>Subnet</fielddescr> + <fieldname>subnet</fieldname> + <description>Subnet behind host (like 192.168.254.0/24)</description> + <type>input</type> + <size>50</size> + </field> + <field> + <fielddescr>Connect at Startup</fielddescr> + <fieldname>connect</fieldname> + <description>Try to connect to this host when tinc starts.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>RSA public key</fielddescr> + <fieldname>cert_pub</fieldname> + <description>RSA public key used for this host. Include the BEGIN and END lines.<br></description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>7</rows> + <cols>65</cols> + </field> + <field> + <fielddescr>Extra Parameters</fielddescr> + <fieldname>extra</fieldname> + <description>Anything entered here will be added just prior to the public certiciate in the host configuration file. <br></description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>65</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Host Up Script</fielddescr> + <fieldname>host_up</fieldname> + <description>This script will be run when this host becomes reachable. <br></description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>65</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Host Down Script</fielddescr> + <fieldname>host_down</fieldname> + <description>This script will be run when this host becomes unreachable. <br></description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>65</cols> + <advancedfield/> + </field> + </fields> + <include_file>/usr/local/pkg/tinc.inc</include_file> + <custom_add_php_command> + </custom_add_php_command> + <custom_php_resync_config_command> + tinc_save(); + </custom_php_resync_config_command> + <custom_php_command_before_form> + </custom_php_command_before_form> + <custom_php_after_form_command> + </custom_php_after_form_command> + <custom_delete_php_command> + tinc_save(); + </custom_delete_php_command> +</packagegui> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index da8430ce..3418051e 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -192,7 +192,7 @@ <depends_on_package>ap22-mod_memcache-0.1.0_4.tbz</depends_on_package> <depends_on_package>apache-2.2.22_5.tbz</depends_on_package> <depends_on_package>ap22-mod_security-2.6.5_1.tbz</depends_on_package> - <depends_on_package_pbi>proxy_mod_security-2.2.22_5-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>proxy_mod_security-2.2.22_6-i386.pbi</depends_on_package_pbi> <configurationfile>apache_mod_security.xml</configurationfile> <build_port_path>/usr/ports/devel/gettext</build_port_path> <build_port_path>/usr/ports/misc/help2man</build_port_path> @@ -256,7 +256,7 @@ </build_pbi> <depends_on_package>avahi-app-0.6.29_1.tbz</depends_on_package> <depends_on_package_pbi>avahi-0.6.29-i386.pbi</depends_on_package_pbi> - <version>0.6.29</version> + <version>0.6.29 pkg v1.01</version> <status>ALPHA</status> <required_version>1.2.3</required_version> <config_file>http://www.pfsense.com/packages/config/avahi/avahi.xml</config_file> @@ -528,7 +528,7 @@ <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>postfix-2.8.7,1.tbz</depends_on_package> <depends_on_package>perl-5.12.4_3.tbz</depends_on_package> - <depends_on_package_pbi>postfix-2.9.3-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>postfix-2.9.4-i386.pbi</depends_on_package_pbi> <version>2.8.7,1 pkg v.2.3.4_1</version> <status>RC1</status> <required_version>2.0</required_version> @@ -615,11 +615,11 @@ </package> <package> <name>OpenOSPFD</name> - <descr>OSPF routing protocol</descr> + <descr>This package is now considered deprecated. Please use the Quagga OSPF instead. -- WARNING! Installs files to the same place as Quagga OSPF. Installing both will result in a broken state, remove this package before installing Quagga OSPF.</descr> <maintainer>cmb@pfsense.org</maintainer> <version>0.5.2</version> <category>Routing</category> - <status>BETA</status> + <status>DEPRECATED</status> <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>openospfd-4.6.tbz</depends_on_package> <depends_on_package_pbi>openospfd-4.6-i386.pbi</depends_on_package_pbi> @@ -835,7 +835,7 @@ <build_pbi> <port>emulators/open-vm-tools-nox11</port> </build_pbi> - <depends_on_package_pbi>open-vm-tools-nox11-425873_1-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>open-vm-tools-nox11-425873_2-i386.pbi</depends_on_package_pbi> </package> <package> <name>Open-VM-Tools-8.8.1</name> @@ -934,8 +934,7 @@ <depends_on_package_base_url>http://e-sac.siteseguro.ws/packages/8/All/</depends_on_package_base_url> <depends_on_package>mysql-client-5.5.19.tbz</depends_on_package> <depends_on_package>imspector-20111108.tbz</depends_on_package> - <!-- Fix me once a PBI is available! --> - <maximum_version>2.1</maximum_version> + <depends_on_package_pbi>imspector-20111108-i386.pbi</depends_on_package_pbi> </package> <package> <name>nut</name> @@ -1200,7 +1199,7 @@ <port>www/squid31</port> <ports_after>www/squid_radius_auth</ports_after> </build_pbi> - <build_options>WITH_SQUID_KERB_AUTH=true WITH_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITH_SQUID_SASL_AUTH=true WITH_SQUID_IPV6=true WITH_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_SSL=true WITH_SQUID_SSL_CRTD=true WITH_SQUID_PINGER=true WITHOUT_SQUID_DNS_HELPER=true WITH_SQUID_HTCP=true WITH_SQUID_VIA_DB=true WITH_SQUID_CACHE_DIGESTS=true WITHOUT_SQUID_WCCP=true WITH_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true WITH_SQUID_IDENT=true WITH_SQUID_REFERER_LOG=true WITH_SQUID_USERAGENT_LOG=true WITH_SQUID_ARP_ACL=true WITH_SQUID_IPFW=true WITH_SQUID_PF=true WITHOUT_SQUID_IPFILTER=true WITH_SQUID_FOLLOW_XFF=true WITHOUT_SQUID_ECAP=true WITHOUT_SQUID_ICAP=true WITHOUT_SQUID_ESI=true WITH_SQUID_AUFS=true WITHOUT_SQUID_COSS=true WITHOUT_SQUID_KQUEUE=true WITH_SQUID_LARGEFILE=true WITHOUT_SQUID_STACKTRACES=true WITHOUT_SQUID_DEBUG=true</build_options> + <build_options>WITH_SQUID_KERB_AUTH=true WITH_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITH_SQUID_SASL_AUTH=true WITH_SQUID_IPV6=true WITH_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_SSL=true WITH_SQUID_SSL_CRTD=true WITH_SQUID_PINGER=true WITH_SQUID_DNS_HELPER=true WITH_SQUID_HTCP=true WITH_SQUID_VIA_DB=true WITH_SQUID_CACHE_DIGESTS=true WITHOUT_SQUID_WCCP=true WITH_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true WITH_SQUID_IDENT=true WITH_SQUID_REFERER_LOG=true WITH_SQUID_USERAGENT_LOG=true WITH_SQUID_ARP_ACL=true WITH_SQUID_IPFW=true WITH_SQUID_PF=true WITHOUT_SQUID_IPFILTER=true WITH_SQUID_FOLLOW_XFF=true WITHOUT_SQUID_ECAP=true WITHOUT_SQUID_ICAP=true WITHOUT_SQUID_ESI=true WITH_SQUID_AUFS=true WITHOUT_SQUID_COSS=true WITHOUT_SQUID_KQUEUE=true WITH_SQUID_LARGEFILE=true WITHOUT_SQUID_STACKTRACES=true WITHOUT_SQUID_DEBUG=true</build_options> <config_file>http://www.pfsense.org/packages/config/squid-reverse/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> <depends_on_package_pbi>squid-3.1.20-i386.pbi</depends_on_package_pbi> @@ -1336,7 +1335,7 @@ <depends_on_package_pbi>zip-3.0-i386.pbi p7zip-9.20.1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>0.20</version> + <version>0.22</version> <status>BETA</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> @@ -1645,7 +1644,7 @@ <config_file>http://www.pfsense.com/packages/config/bacula-client/bacula-client.xml</config_file> <depends_on_package_base_url>http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/</depends_on_package_base_url> <depends_on_package>bacula-client-5.2.6.tbz</depends_on_package> - <depends_on_package_pbi>bacula-5.2.6-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>bacula-5.2.10-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/sysutils/bacula-client</build_port_path> <build_pbi> <port>sysutils/bacula-client</port> @@ -1670,7 +1669,7 @@ <port>security/dsniff</port> </build_pbi> <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>dsniff-2.3,4-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>dsniff-2.3_4-i386.pbi</depends_on_package_pbi> </package> <package> <!-- This does not exist yet, this is here to trigger a PBI build --> @@ -1690,5 +1689,28 @@ <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>iftop-0.17-i386.pbi</depends_on_package_pbi> </package> + <package> + <name>tinc</name> + <website>http://www.tinc-vpn.org/</website> + <descr>tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private mesh network between hosts on the Internet.</descr> + <category>Network Management</category> + <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>tinc-1.0.19-i386.pbi</depends_on_package_pbi> + <build_pbi> + <port>security/tinc</port> + </build_pbi> + <build_options></build_options> + <version>1.0.19</version> + <status>ALPHA</status> + <pkginfolink>http://doc.pfsense.org/index.php/tinc_package</pkginfolink> + <required_version>2.1</required_version> + <config_file>http://www.pfsense.com/packages/config/tinc/tinc.xml</config_file> + <configurationfile>tinc.xml</configurationfile> + <logging> + <facilityname>tinc</facilityname> + <logfilename>tinc.log</logfilename> + <logtab>tinc</logtab> + </logging> + </package> </packages> </pfsensepkgs> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 344f6c7d..b378433b 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -179,7 +179,7 @@ <depends_on_package>ap22-mod_memcache-0.1.0_4.tbz</depends_on_package> <depends_on_package>apache-2.2.22_5.tbz</depends_on_package> <depends_on_package>ap22-mod_security-2.6.5_1.tbz</depends_on_package> - <depends_on_package_pbi>proxy_mod_security-2.2.22_5-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>proxy_mod_security-2.2.22_6-amd64.pbi</depends_on_package_pbi> <configurationfile>apache_mod_security.xml</configurationfile> <build_port_path>/usr/ports/devel/gettext</build_port_path> <build_port_path>/usr/ports/misc/help2man</build_port_path> @@ -243,7 +243,7 @@ </build_pbi> <depends_on_package>avahi-0.6.29.tbz</depends_on_package> <depends_on_package_pbi>avahi-0.6.29-amd64.pbi</depends_on_package_pbi> - <version>0.6.29</version> + <version>0.6.29 pkg v1.01</version> <status>ALPHA</status> <required_version>1.2.3</required_version> <config_file>http://www.pfsense.com/packages/config/avahi/avahi.xml</config_file> @@ -515,7 +515,7 @@ <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>postfix-2.8.7,1.tbz</depends_on_package> <depends_on_package>perl-5.12.4_3.tbz</depends_on_package> - <depends_on_package_pbi>postfix-2.9.3-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>postfix-2.9.4-amd64.pbi</depends_on_package_pbi> <version>2.8.7,1 pkg v.2.3.4_1</version> <status>RC1</status> <required_version>2.0</required_version> @@ -602,11 +602,11 @@ </package> <package> <name>OpenOSPFD</name> - <descr>OSPF routing protocol</descr> + <descr>This package is now considered deprecated. Please use the Quagga OSPF instead. -- WARNING! Installs files to the same place as Quagga OSPF. Installing both will result in a broken state, remove this package before installing Quagga OSPF.</descr> <maintainer>cmb@pfsense.org</maintainer> <version>0.5.2</version> <category>Routing</category> - <status>BETA</status> + <status>DEPRECATED</status> <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>openospfd-4.6.tbz</depends_on_package> <depends_on_package_pbi>openospfd-4.6-amd64.pbi</depends_on_package_pbi> @@ -822,7 +822,7 @@ <build_pbi> <port>emulators/open-vm-tools-nox11</port> </build_pbi> - <depends_on_package_pbi>open-vm-tools-nox11-425873_1-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>open-vm-tools-nox11-425873_2-amd64.pbi</depends_on_package_pbi> </package> <package> <name>Open-VM-Tools-8.8.1</name> @@ -921,8 +921,7 @@ <depends_on_package_base_url>http://e-sac.siteseguro.ws/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>mysql-client-5.5.19.tbz</depends_on_package> <depends_on_package>imspector-20111108.tbz</depends_on_package> - <!-- Fix me once a PBI is available! --> - <maximum_version>2.1</maximum_version> + <depends_on_package_pbi>imspector-20111108-amd64.pbi</depends_on_package_pbi> </package> <package> <name>nut</name> @@ -1187,7 +1186,7 @@ <port>www/squid31</port> <ports_after>www/squid_radius_auth</ports_after> </build_pbi> - <build_options>WITH_SQUID_KERB_AUTH=true WITH_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITH_SQUID_SASL_AUTH=true WITH_SQUID_IPV6=true WITH_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_SSL=true WITH_SQUID_SSL_CRTD=true WITH_SQUID_PINGER=true WITHOUT_SQUID_DNS_HELPER=true WITH_SQUID_HTCP=true WITH_SQUID_VIA_DB=true WITH_SQUID_CACHE_DIGESTS=true WITHOUT_SQUID_WCCP=true WITH_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true WITH_SQUID_IDENT=true WITH_SQUID_REFERER_LOG=true WITH_SQUID_USERAGENT_LOG=true WITH_SQUID_ARP_ACL=true WITH_SQUID_IPFW=true WITH_SQUID_PF=true WITHOUT_SQUID_IPFILTER=true WITH_SQUID_FOLLOW_XFF=true WITHOUT_SQUID_ECAP=true WITHOUT_SQUID_ICAP=true WITHOUT_SQUID_ESI=true WITH_SQUID_AUFS=true WITHOUT_SQUID_COSS=true WITHOUT_SQUID_KQUEUE=true WITH_SQUID_LARGEFILE=true WITHOUT_SQUID_STACKTRACES=true WITHOUT_SQUID_DEBUG=true</build_options> + <build_options>WITH_SQUID_KERB_AUTH=true WITH_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITH_SQUID_SASL_AUTH=true WITH_SQUID_IPV6=true WITH_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_SSL=true WITH_SQUID_SSL_CRTD=true WITH_SQUID_PINGER=true WITH_SQUID_DNS_HELPER=true WITH_SQUID_HTCP=true WITH_SQUID_VIA_DB=true WITH_SQUID_CACHE_DIGESTS=true WITHOUT_SQUID_WCCP=true WITH_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true WITH_SQUID_IDENT=true WITH_SQUID_REFERER_LOG=true WITH_SQUID_USERAGENT_LOG=true WITH_SQUID_ARP_ACL=true WITH_SQUID_IPFW=true WITH_SQUID_PF=true WITHOUT_SQUID_IPFILTER=true WITH_SQUID_FOLLOW_XFF=true WITHOUT_SQUID_ECAP=true WITHOUT_SQUID_ICAP=true WITHOUT_SQUID_ESI=true WITH_SQUID_AUFS=true WITHOUT_SQUID_COSS=true WITHOUT_SQUID_KQUEUE=true WITH_SQUID_LARGEFILE=true WITHOUT_SQUID_STACKTRACES=true WITHOUT_SQUID_DEBUG=true</build_options> <config_file>http://www.pfsense.org/packages/config/squid-reverse/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> <depends_on_package_pbi>squid-3.1.20-amd64.pbi</depends_on_package_pbi> @@ -1323,7 +1322,7 @@ <depends_on_package_pbi>p7zip-9.20.1-amd64.pbi zip-3.0-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>0.20</version> + <version>0.22</version> <status>BETA</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> @@ -1632,7 +1631,7 @@ <config_file>http://www.pfsense.com/packages/config/bacula-client/bacula-client.xml</config_file> <depends_on_package_base_url>http://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/All/</depends_on_package_base_url> <depends_on_package>bacula-client-5.2.6.tbz</depends_on_package> - <depends_on_package_pbi>bacula-5.2.6-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>bacula-5.2.10-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/sysutils/bacula-client</build_port_path> <build_pbi> <port>sysutils/bacula-client</port> @@ -1657,7 +1656,7 @@ <port>security/dsniff</port> </build_pbi> <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>dsniff-2.3,4-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>dsniff-2.3_4-amd64.pbi</depends_on_package_pbi> </package> <package> <!-- This does not exist yet, this is here to trigger a PBI build --> @@ -1677,5 +1676,28 @@ <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package_pbi>iftop-0.17-amd64.pbi</depends_on_package_pbi> </package> + <package> + <name>tinc</name> + <website>http://www.tinc-vpn.org/</website> + <descr>tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private mesh network between hosts on the Internet.</descr> + <category>Network Management</category> + <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>tinc-1.0.19-amd64.pbi</depends_on_package_pbi> + <build_pbi> + <port>security/tinc</port> + </build_pbi> + <build_options></build_options> + <version>1.0.19</version> + <status>ALPHA</status> + <pkginfolink>http://doc.pfsense.org/index.php/tinc_package</pkginfolink> + <required_version>2.1</required_version> + <config_file>http://www.pfsense.com/packages/config/tinc/tinc.xml</config_file> + <configurationfile>tinc.xml</configurationfile> + <logging> + <facilityname>tinc</facilityname> + <logfilename>tinc.log</logfilename> + <logtab>tinc</logtab> + </logging> + </package> </packages> </pfsensepkgs> |