diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/openvpn_tapfix_20x/openvpn_tapfix_203.patch | 290 | ||||
-rw-r--r-- | config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc | 15 | ||||
-rw-r--r-- | config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch | 2 | ||||
-rw-r--r-- | config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml | 7 |
4 files changed, 308 insertions, 6 deletions
diff --git a/config/openvpn_tapfix_20x/openvpn_tapfix_203.patch b/config/openvpn_tapfix_20x/openvpn_tapfix_203.patch new file mode 100644 index 00000000..897a1199 --- /dev/null +++ b/config/openvpn_tapfix_20x/openvpn_tapfix_203.patch @@ -0,0 +1,290 @@ +diff --git /etc/inc/openvpn.inc.orig /etc/inc/openvpn.inc +index 777b395..701a032 100644 +--- a/etc/inc/openvpn.inc ++++ b/etc/inc/openvpn.inc +@@ -394,19 +394,37 @@ function openvpn_reconfigure($mode, $settings) { + // If the CIDR is less than a /30, OpenVPN will complain if you try to + // use the server directive. It works for a single client without it. + // See ticket #1417 +- if ($cidr < 30) { ++ if (!empty($ip) && !empty($mask) && ($cidr < 30)) { + $conf .= "server {$ip} {$mask}\n"; + $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + } + case 'p2p_shared_key': +- list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask); +- $conf .= "ifconfig $ip1 $ip2\n"; ++ if (!empty($ip) && !empty($mask)) { ++ list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask); ++ $conf .= "ifconfig $ip1 $ip2\n"; ++ } + break; + case 'server_tls': + case 'server_user': + case 'server_tls_user': +- $conf .= "server {$ip} {$mask}\n"; +- $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; ++ if (!empty($ip) && !empty($mask)) { ++ $conf .= "server {$ip} {$mask}\n"; ++ $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; ++ } else { ++ if ($settings['serverbridge_dhcp']) { ++ if ((!empty($settings['serverbridge_interface'])) && (strcmp($settings['serverbridge_interface'], "none"))) { ++ $biface_ip=get_interface_ip($settings['serverbridge_interface']); ++ $biface_sm=gen_subnet_mask(get_interface_subnet($settings['serverbridge_interface'])); ++ if (is_ipaddr($biface_ip) && is_ipaddr($settings['serverbridge_dhcp_start']) && is_ipaddr($settings['serverbridge_dhcp_end'])) { ++ $conf .= "server-bridge {$biface_ip} {$biface_sm} {$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n"; ++ } else { ++ $conf .= "mode server\n"; ++ } ++ } else { ++ $conf .= "mode server\n"; ++ } ++ } ++ } + break; + } + +@@ -452,7 +452,9 @@ function openvpn_reconfigure($mode, $settings) { + case 'server_user': + $conf .= "client-cert-not-required\n"; + case 'server_tls_user': +- $conf .= "username-as-common-name\n"; ++ /* username-as-common-name is not compatible with server-bridge */ ++ if (stristr($conf, "server-bridge") === false) ++ $conf .= "username-as-common-name\n"; + if (!empty($settings['authmode'])) { + $authcfgs = explode(",", $settings['authmode']); + $sed = "\$authmodes=array("; + +diff --git /usr/local/www/vpn_openvpn_server.php.orig /usr/local/www/vpn_openvpn_server.php +index 0ef67a7..bd9f527 100644 +--- a/usr/local/www/vpn_openvpn_server.php ++++ b/usr/local/www/vpn_openvpn_server.php +@@ -147,6 +147,11 @@ if($_GET['act']=="edit"){ + $pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip']; + $pconfig['pool_enable'] = $a_server[$id]['pool_enable']; + ++ $pconfig['serverbridge_dhcp'] = $a_server[$id]['serverbridge_dhcp']; ++ $pconfig['serverbridge_interface'] = $a_server[$id]['serverbridge_interface']; ++ $pconfig['serverbridge_dhcp_start'] = $a_server[$id]['serverbridge_dhcp_start']; ++ $pconfig['serverbridge_dhcp_end'] = $a_server[$id]['serverbridge_dhcp_end']; ++ + $pconfig['dns_domain'] = $a_server[$id]['dns_domain']; + if ($pconfig['dns_domain']) + $pconfig['dns_domain_enable'] = true; +@@ -188,7 +193,6 @@ if($_GET['act']=="edit"){ + $pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']); + } + } +- + if ($_POST) { + + unset($input_errors); +@@ -284,9 +288,22 @@ if ($_POST) { + $reqdfieldsn = array(gettext('Shared key')); + } + +- $reqdfields[] = 'tunnel_network'; +- $reqdfieldsn[] = gettext('Tunnel network'); +- ++ if ($pconfig['dev_mode'] != "tap") { ++ $reqdfields[] = 'tunnel_network'; ++ $reqdfieldsn[] = gettext('Tunnel network'); ++ } else { ++ if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network']) ++ $input_errors[] = gettext("Using a tunnel network and server bridge settings together is not allowed."); ++ if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end']) ++ || (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end'])) ++ $input_errors[] = gettext("Server Bridge DHCP Start and End must both be empty, or defined."); ++ if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddr($pconfig['serverbridge_dhcp_start']))) ++ $input_errors[] = gettext("Server Bridge DHCP Start must be an IPv4 address."); ++ if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddr($pconfig['serverbridge_dhcp_end']))) ++ $input_errors[] = gettext("Server Bridge DHCP End must be an IPv4 address."); ++ if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end'])) ++ $input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end)."); ++ } + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (!$input_errors) { +@@ -341,6 +358,11 @@ if ($_POST) { + $server['dynamic_ip'] = $pconfig['dynamic_ip']; + $server['pool_enable'] = $pconfig['pool_enable']; + ++ $server['serverbridge_dhcp'] = $pconfig['serverbridge_dhcp']; ++ $server['serverbridge_interface'] = $pconfig['serverbridge_interface']; ++ $server['serverbridge_dhcp_start'] = $pconfig['serverbridge_dhcp_start']; ++ $server['serverbridge_dhcp_end'] = $pconfig['serverbridge_dhcp_end']; ++ + if ($pconfig['dns_domain_enable']) + $server['dns_domain'] = $pconfig['dns_domain']; + +@@ -559,6 +581,56 @@ function netbios_change() { + } + } + ++function tuntap_change() { ++ ++ mindex = document.iform.mode.selectedIndex; ++ mvalue = document.iform.mode.options[mindex].value; ++ ++ switch(mvalue) { ++ case "p2p_tls": ++ case "p2p_shared_key": ++ p2p = true; ++ break; ++ default: ++ p2p = false; ++ break; ++ } ++ ++ index = document.iform.dev_mode.selectedIndex; ++ value = document.iform.dev_mode.options[index].value; ++ switch(value) { ++ case "tun": ++ document.getElementById("ipv4_tunnel_network").className="vncellreq"; ++ document.getElementById("serverbridge_dhcp").style.display="none"; ++ document.getElementById("serverbridge_interface").style.display="none"; ++ document.getElementById("serverbridge_dhcp_start").style.display="none"; ++ document.getElementById("serverbridge_dhcp_end").style.display="none"; ++ break; ++ case "tap": ++ document.getElementById("ipv4_tunnel_network").className="vncell"; ++ if (!p2p) { ++ document.getElementById("serverbridge_dhcp").style.display=""; ++ document.getElementById("serverbridge_interface").style.display=""; ++ document.getElementById("serverbridge_dhcp_start").style.display=""; ++ document.getElementById("serverbridge_dhcp_end").style.display=""; ++ if (document.iform.serverbridge_dhcp.checked) { ++ document.iform.serverbridge_interface.disabled = false; ++ document.iform.serverbridge_dhcp_start.disabled = false; ++ document.iform.serverbridge_dhcp_end.disabled = false; ++ } else { ++ document.iform.serverbridge_interface.disabled = true; ++ document.iform.serverbridge_dhcp_start.disabled = true; ++ document.iform.serverbridge_dhcp_end.disabled = true; ++ } ++ } else { ++ document.iform.serverbridge_dhcp.disabled = true; ++ document.iform.serverbridge_interface.disabled = true; ++ document.iform.serverbridge_dhcp_start.disabled = true; ++ document.iform.serverbridge_dhcp_end.disabled = true; ++ } ++ break; ++ } ++} + //--> + </script> + <?php +@@ -619,7 +691,7 @@ if ($savemsg) + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td> + <td width="78%" class="vtable"> +- <select name='mode' id='mode' class="formselect" onchange='mode_change()'> ++ <select name='mode' id='mode' class="formselect" onchange='mode_change(); tuntap_change()'> + <?php + foreach ($openvpn_server_modes as $name => $desc): + $selected = ""; +@@ -666,7 +738,7 @@ if ($savemsg) + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td> + <td width="78%" class="vtable"> +- <select name="dev_mode" class="formselect"> ++ <select name="dev_mode" class="formselect" onchange='tuntap_change()'> + <?php + foreach ($openvpn_dev_mode as $device): + $selected = ""; +@@ -976,7 +1048,7 @@ if ($savemsg) + <td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td> + </tr> + <tr> +- <td width="22%" valign="top" class="vncellreq"><?=gettext("Tunnel Network"); ?></td> ++ <td width="22%" valign="top" class="vncellreq" id="ipv4_tunnel_network"><?=gettext("Tunnel Network"); ?></td> + <td width="78%" class="vtable"> + <input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>"> + <br> +@@ -989,6 +1061,76 @@ if ($savemsg) + "to connecting clients. (see Address Pool)"); ?> + </td> + </tr> ++ <tr id="serverbridge_dhcp"> ++ <td width="22%" valign="top" class="vncell"><?=gettext("Bridge DHCP"); ?></td> ++ <td width="78%" class="vtable"> ++ <table border="0" cellpadding="2" cellspacing="0"> ++ <tr> ++ <td> ++ <?php set_checked($pconfig['serverbridge_dhcp'],$chk); ?> ++ <input name="serverbridge_dhcp" type="checkbox" value="yes" <?=$chk;?> onchange='tuntap_change()' /> ++ </td> ++ <td> ++ <span class="vexpl"> ++ <?=gettext("Allow clients on the bridge to obtain DHCP."); ?><br> ++ </span> ++ </td> ++ </tr> ++ </table> ++ </td> ++ </tr> ++ <tr id="serverbridge_interface"> ++ <td width="22%" valign="top" class="vncell"><?=gettext("Bridge Interface"); ?></td> ++ <td width="78%" class="vtable"> ++ <select name="serverbridge_interface" class="formselect"> ++ <?php ++ $serverbridge_interface['none'] = "none"; ++ $serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr()); ++ $carplist = get_configured_carp_interface_list(); ++ foreach ($carplist as $cif => $carpip) ++ $serverbridge_interface[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; ++ $aliaslist = get_configured_ip_aliases_list(); ++ foreach ($aliaslist as $aliasip => $aliasif) ++ $serverbridge_interface[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; ++ foreach ($serverbridge_interface as $iface => $ifacename): ++ $selected = ""; ++ if ($iface == $pconfig['serverbridge_interface']) ++ $selected = "selected"; ++ ?> ++ <option value="<?=$iface;?>" <?=$selected;?>> ++ <?=htmlspecialchars($ifacename);?> ++ </option> ++ <?php endforeach; ?> ++ </select> <br> ++ <?=gettext("The interface to which this tap instance will be, " . ++ "bridged. This is not done automatically. You must assign this " . ++ "interface and create the bridge separately. " . ++ "This setting controls which existing IP address and subnet " . ++ "mask are used by OpenVPN for the bridge. Setting this to " . ++ "'none' will cause the Server Bridge DHCP settings below to be ignored."); ?> ++ </td> ++ </tr> ++ <tr id="serverbridge_dhcp_start"> ++ <td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP Start"); ?></td> ++ <td width="78%" class="vtable"> ++ <input name="serverbridge_dhcp_start" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_start']);?>"> ++ <br> ++ <?=gettext("When using tap mode as multi-point server, " . ++ "you may optionally supply a DHCP range to use on the " . ++ "interface to which this tap instance is bridged. " . ++ "If these settings are left blank, DHCP will be passed " . ++ "through to the LAN, and the interface setting above " . ++ "will be ignored."); ?> ++ </td> ++ </tr> ++ <tr id="serverbridge_dhcp_end"> ++ <td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP End"); ?></td> ++ <td width="78%" class="vtable"> ++ <input name="serverbridge_dhcp_end" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_end']);?>"> ++ <br> ++ <?=gettext(""); ?> ++ </td> ++ </tr> + <tr id="gwredir_opts"> + <td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td> + <td width="78%" class="vtable"> +@@ -1486,6 +1628,7 @@ dns_server_change(); + wins_server_change(); + ntp_server_change(); + netbios_change(); ++tuntap_change(); + //--> + </script> + </body> diff --git a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc index 197a5e25..8f574212 100644 --- a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc +++ b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc @@ -2,15 +2,22 @@ function openvpn_tapfix_20x_install() { global $g, $config; - + $pfs_version = substr(trim(file_get_contents("/etc/version")),0,5); + switch ($pfs_version) { + case "2.0.3": + $patch_file = "openvpn_tapfix_203.patch"; + break; + default: + $patch_file = "openvpn_tapfix_20x.patch"; + } // Test to make sure the patch is not already applied. - $out = `patch -fslC --reverse -p1 -b .before_openvpn_tapfix_20x -d / -i /usr/local/pkg/openvpn_tapfix_20x.patch |& grep -ci reject`; + $out = `patch -fslC --reverse -p1 -b .before_openvpn_tapfix_20x -d / -i /usr/local/pkg/{$patch_file} |& grep -ci reject`; if ($out == 0) { // If the patch has not already been applied, test to see if it will apply cleanly. - $out = `patch -fsNlC -p1 -b .before_openvpn_tapfix_20x -d / -i /usr/local/pkg/openvpn_tapfix_20x.patch |& grep -ci reject`; + $out = `patch -fsNlC -p1 -b .before_openvpn_tapfix_20x -d / -i /usr/local/pkg/{$patch_file} |& grep -ci reject`; if ($out == 0) { // The patch should apply cleanly, let 'er rip. - mwexec("patch -fsNl -p1 -b .before_openvpn_tapfix_20x -d / -i /usr/local/pkg/openvpn_tapfix_20x.patch "); + mwexec("patch -fsNl -p1 -b .before_openvpn_tapfix_20x -d / -i /usr/local/pkg/{$patch_file} "); } } } diff --git a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch index 35925ea8..ed4232bb 100644 --- a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch +++ b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch @@ -281,7 +281,7 @@ index 0ef67a7..bd9f527 100644 + </td> + </tr> + <tr id="serverbridge_dhcp_end"> -+ <td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP Start"); ?></td> ++ <td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP End"); ?></td> + <td width="78%" class="vtable"> + <input name="serverbridge_dhcp_end" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_end']);?>"> + <br> diff --git a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml index 17a59947..a9754610 100644 --- a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml +++ b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml @@ -46,7 +46,7 @@ <requirements>pfSense 2.0.x</requirements> <faq>None</faq> <name>OpenVPN tap Bridging Fix</name> - <version>0.1</version> + <version>0.4</version> <title>OpenVPN tap Bridging Fix</title> <include_file>/usr/local/pkg/openvpn_tapfix_20x.inc</include_file> <additional_files_needed> @@ -59,6 +59,11 @@ <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/openvpn_tapfix_20x/openvpn_tapfix_203.patch</item> + </additional_files_needed> <custom_php_install_command> openvpn_tapfix_20x_install(); </custom_php_install_command> |