aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.xml7
-rwxr-xr-xconfig/openvpn-client-export/vpn_openvpn_export.php362
2 files changed, 368 insertions, 1 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml
index 611d6a83..f0975ced 100755
--- a/config/openvpn-client-export/openvpn-client-export.xml
+++ b/config/openvpn-client-export/openvpn-client-export.xml
@@ -18,12 +18,17 @@
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.inc</item>
- </additional_files_needed>
+ </additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.tgz</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/openvpn-client-export/vpn_openvpn_export.php</item>
+ </additional_files_needed>
<adddeleteeditpagefields>
<columnitem>
<fielddescr></fielddescr>
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
new file mode 100755
index 00000000..e5d474cb
--- /dev/null
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -0,0 +1,362 @@
+<?php
+/*
+ vpn_openvpn_export.php
+
+ Copyright (C) 2008 Shrew Soft Inc.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+ DISABLE_PHP_LINT_CHECKING
+*/
+
+require("guiconfig.inc");
+require("openvpn-client-export.inc");
+
+$pgtitle = array("OpenVPN", "Client Export Utility");
+
+if (!is_array($config['openvpn']['openvpn-server']))
+ $config['openvpn']['openvpn-server'] = array();
+
+$a_server = $config['openvpn']['openvpn-server'];
+
+if (!is_array($config['system']['user']))
+ $config['system']['user'] = array();
+
+$a_user = $config['system']['user'];
+
+$ras_server = array();
+foreach($a_server as $sindex => & $server) {
+ $ras_user = array();
+ if (stripos($server['mode'], "server") === false)
+ continue;
+ foreach($a_user as $uindex => & $user) {
+ if (!is_array($user['cert']))
+ continue;
+ foreach($user['cert'] as $cindex => & $cert) {
+ if ($cert['caref'] != $server['caref'])
+ continue;
+ $ras_userent = array();
+ $ras_userent['uindex'] = $uindex;
+ $ras_userent['cindex'] = $cindex;
+ $ras_userent['name'] = $user['name'];
+ $ras_userent['certname'] = $cert['name'];
+ $ras_user[] = $ras_userent;
+ }
+ }
+ if (!count($ras_user))
+ continue;
+ $ras_serverent = array();
+ $prot = $server['protocol'];
+ $port = $server['local_port'];
+ if ($server['description'])
+ $name = "{$server['description']} {$prot}:{$port}";
+ else
+ $name = "Server {$prot}:{$port}";
+ $ras_serverent['index'] = $sindex;
+ $ras_serverent['name'] = $name;
+ $ras_serverent['users'] = $ras_user;
+ $ras_server[] = $ras_serverent;
+}
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+$act = $_GET['act'];
+if (isset($_POST['act']))
+ $act = $_POST['act'];
+
+if($act == "conf") {
+ $srvid = $_GET['srvid'];
+ $usrid = $_GET['usrid'];
+ $crtid = $_GET['crtid'];
+ if (($srvid === false) || ($usrid === false) || ($crtid === false)) {
+ pfSenseHeader("vpn_openvpn_export.php");
+ exit;
+ }
+ $useaddr = $_GET['useaddr'];
+ $usetoken = $_GET['usetoken'];
+
+ $exp_name = openvpn_client_export_prefix($srvid);
+ $exp_name = urlencode($exp_name."-config.ovpn");
+ $exp_data = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken);
+ $exp_size = strlen($exp_data);
+
+ header("Content-Type: application/octet-stream");
+ header("Content-Disposition: attachment; filename={$exp_name}");
+ header("Content-Length: $exp_size");
+ echo $exp_data;
+ exit;
+}
+
+if($act == "inst") {
+ $srvid = $_GET['srvid'];
+ $usrid = $_GET['usrid'];
+ $crtid = $_GET['crtid'];
+ if (($srvid === false) || ($usrid === false) || ($crtid === false)) {
+ pfSenseHeader("vpn_openvpn_export.php");
+ exit;
+ }
+ $useaddr = $_GET['useaddr'];
+ $usetoken = $_GET['usetoken'];
+ $password = "";
+ if ($_GET['password'])
+ $password = $_GET['password']; ;
+
+ $exp_name = openvpn_client_export_prefix($srvid);
+ $exp_name = urlencode($exp_name."-install.exe");
+ $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $password);
+ $exp_size = filesize($exp_path);
+
+ header("Content-Type: application/octet-stream");
+ header("Content-Disposition: attachment; filename={$exp_name}");
+ header("Content-Length: $exp_size");
+ readfile($exp_path);
+ unlink($exp_path);
+ exit;
+}
+
+include("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<script language="JavaScript">
+<!--
+
+var servers = new Array();
+<?php foreach ($ras_server as $sindex => & $server): ?>
+servers[<?=$sindex;?>] = new Array();
+servers[<?=$sindex;?>][0] = '<?=$server['index'];?>';
+servers[<?=$sindex;?>][1] = new Array();
+<?php foreach ($server['users'] as $uindex => & $user): ?>
+servers[<?=$sindex;?>][1][<?=$uindex;?>] = new Array();
+servers[<?=$sindex;?>][1][<?=$uindex;?>][0] = '<?=$user['uindex'];?>';
+servers[<?=$sindex;?>][1][<?=$uindex;?>][1] = '<?=$user['cindex'];?>';
+servers[<?=$sindex;?>][1][<?=$uindex;?>][2] = '<?=$user['name'];?>';
+servers[<?=$sindex;?>][1][<?=$uindex;?>][3] = '<?=$user['certname'];?>';
+<? endforeach; ?>
+<? endforeach; ?>
+
+function download_begin(act, i) {
+
+ var index = document.getElementById("server").selectedIndex;
+ var users = servers[index][1];
+
+ var useaddr = 0;
+ if (document.getElementById("useaddr").checked)
+ useaddr = 1;
+ var usetoken = 0;
+ if (document.getElementById("usetoken").checked)
+ usetoken = 1;
+ var usepass = 0;
+ if (document.getElementById("usepass").checked)
+ usepass = 1;
+
+ var pass = document.getElementById("pass").value;
+ var conf = document.getElementById("conf").value;
+ if (usepass && (act == "inst")) {
+ if (!pass || !conf) {
+ alert("The password or confirm field is empty");
+ return;
+ }
+ if (pass != conf) {
+ alert("The password and confirm fields must match");
+ return;
+ }
+ }
+
+ var dlurl;
+ dlurl = "/vpn_openvpn_export.php?act=" + act;
+ dlurl += "&srvid=" + servers[index][0];
+ dlurl += "&usrid=" + users[i][0];
+ dlurl += "&crtid=" + users[i][1];
+ dlurl += "&useaddr=" + useaddr;
+ dlurl += "&usetoken=" + usetoken;
+ if (usepass)
+ dlurl += "&password=" + pass;
+
+ window.open(dlurl,"_self");
+}
+
+function server_changed() {
+
+ var table = document.getElementById("users");
+ while (table.rows.length > 1 )
+ table.deleteRow(1);
+
+ var index = document.getElementById("server").selectedIndex;
+ var users = servers[index][1];
+ for (i=0; i < users.length; i++) {
+ var row = table.insertRow(table.rows.length);
+ var cell0 = row.insertCell(0);
+ var cell1 = row.insertCell(1);
+ var cell2 = row.insertCell(2);
+ cell0.className = "listlr";
+ cell0.innerHTML = users[i][2];
+ cell1.className = "listr";
+ cell1.innerHTML = users[i][3];
+ cell2.className = "listr";
+ cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ")'>Configuration</a>";
+ cell2.innerHTML += "&nbsp;/&nbsp;";
+ cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>Windows Installer</a>";
+ }
+}
+
+function usepass_changed() {
+
+ if (document.getElementById("usepass").checked)
+ document.getElementById("usepass_opts").style.display = "";
+ else
+ document.getElementById("usepass_opts").style.display = "none";
+}
+
+//-->
+</script>
+<?php
+ if ($input_errors)
+ print_input_errors($input_errors);
+ if ($savemsg)
+ print_info_box($savemsg);
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php");
+ $tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php");
+ $tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
+ $tab_array[] = array(gettext("Client Export"), true, "vpn_openvpn_export.php");
+ display_top_tabs($tab_array);
+ ?>
+ </td>
+ </tr>
+ <tr>
+ <td id="mainarea">
+ <div class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Remote Access Server</td>
+ <td width="78%" class="vtable">
+ <select name="server" id="server" class="formselect" onChange="server_changed()">
+ <?php foreach($ras_server as & $server): ?>
+ <option value="<?=$server['sindex'];?>"><?=$server['name'];?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Host Name Resolution</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellpadding="2" cellspacing="0">
+ <tr>
+ <td>
+ <input name="useaddr" id="useaddr" type="checkbox" value="yes">
+ </td>
+ <td>
+ <span class="vexpl">
+ Use the server IP address instead of the hostname.
+ </span>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Certificate Export Options</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellpadding="2" cellspacing="0">
+ <tr>
+ <td>
+ <input name="usetoken" id="usetoken" type="checkbox" value="yes">
+ </td>
+ <td>
+ <span class="vexpl">
+ Use Microsoft Certificate Storage instead of local files.
+ </span>
+ </td>
+ </tr>
+ </table>
+ <table border="0" cellpadding="2" cellspacing="0">
+ <tr>
+ <td>
+ <input name="usepass" id="usepass" type="checkbox" value="yes" onClick="usepass_changed()" checked>
+ </td>
+ <td>
+ <span class="vexpl">
+ Use a password to protect the pkcs12 file contents.
+ </span>
+ </td>
+ </tr>
+ </table>
+ <table border="0" cellpadding="2" cellspacing="0" id="usepass_opts">
+ <tr>
+ <td align="right">
+ <span class="vexpl">
+ &nbsp;Password :&nbsp;
+ </span>
+ </td>
+ <td>
+ <input name="pass" id="pass" type="password" class="formfld pwd" size="20" value="" />
+ </td>
+ </tr>
+ <tr>
+ <td align="right">
+ <span class="vexpl">
+ &nbsp;Confirm :&nbsp;
+ </span>
+ </td>
+ <td>
+ <input name="conf" id="conf" type="password" class="formfld pwd" size="20" value="" />
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list" height="12">&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Client Install Packages</td>
+ </tr>
+ </table>
+ <table width="100%" id="users" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="25%" class="listhdrr"><?=gettext("User");?></td>
+ <td width="50%" class="listhdrr"><?=gettext("Certificate Name");?></td>
+ <td width="25%" class="listhdrr"><?=gettext("Export");?></td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+<script language="JavaScript">
+<!--
+server_changed();
+//-->
+</script>
+</body>
+<?php include("fend.inc"); ?>