diff options
Diffstat (limited to 'config')
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 59 | ||||
-rwxr-xr-x | config/openvpn-client-export/vpn_openvpn_export.php | 265 |
2 files changed, 289 insertions, 35 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index b96732ce..e500d9dc 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -66,7 +66,7 @@ function openvpn_client_export_prefix($srvid) { return false; $host = $config['system']['hostname']; - $prot = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-{$mode}"); + $prot = ($settings['protocol'] == 'UDP' ? 'udp' : $settings['protocol']); $port = $settings['local_port']; return "{$host}-{$prot}-{$port}"; @@ -85,26 +85,34 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap unlink($capath); } -function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false) { - global $config; +function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy) { + global $config, $input_errors; // lookup server settings $settings = $config['openvpn']['openvpn-server'][$srvid]; - if (empty($settings)) + if (empty($settings)) { + $input_errors[] = "Could not locate server configuration."; return false; - if ($settings['disable']) + } + if ($settings['disable']) { + $input_errors[] = "You cannot export for disabled servers."; return false; + } // lookup server certificate info $server_cert =& lookup_cert($settings['certref']); $server_ca =& lookup_ca($server_cert['caref']); - if (!$server_cert || !$server_ca) + if (!$server_cert || !$server_ca) { + $input_errors[] = "Could not locate certificate."; return false; + } // lookup user info $user =& $config['system']['user'][$usrid]; - if (!$user) + if (!$user) { + $input_errors[] = "Could not find user settings."; return false; + } // determine basic variables if ($useaddr == "serveraddr") { @@ -123,6 +131,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $server_port = $settings['local_port']; $proto = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-client"); + $cipher = $settings['crypto']; // add basic settings @@ -136,6 +145,20 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke $conf .= "resolv-retry infinite\n"; $conf .= "remote {$server_host} {$server_port}\n"; + if (!empty($proxy)) { + if ($proto == "udp") { + $input_errors[] = "This server uses UDP protocol and cannot communicate with HTTP proxy."; + return; + } + $conf .= "http-proxy {$proxy['ip']} {$proxy['port']} "; + if ($proxy['proxy_authtype'] != "none") { + if (!isset($proxy['passwdfile'])) + $proxy['passwdfile'] = openvpn_client_export_prefix($srvid) . "-proxy"; + $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}"; + } + $conf .= "\n"; + } + // add user auth settings switch($settings['mode']) { case 'server_user': @@ -169,7 +192,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke return $conf; } -function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass) { +function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy) { global $config, $g; $ovpndir = "/usr/local/share/openvpn"; @@ -213,9 +236,16 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset // write cofiguration file $prefix = openvpn_client_export_prefix($srvid); $cfgfile = "{$confdir}/{$prefix}-config.ovpn"; - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, false); + if (!empty($proxy) && $proxy['proxy_authtype'] != "none") { + $proxy['passwdfile'] = "{$prefix}-password"; + $pwdfle = "{$proxy['user']}\n"; + $pwdfle .= "{$proxy['password']}\n"; + file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle); + } + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, false, $proxy); if (!$conf) return false; + file_put_contents($cfgfile, $conf); // write key files @@ -263,7 +293,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset return $outfile; } -function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass) { +function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy) { global $config, $g; $ovpndir = "/usr/local/share/openvpn/"; @@ -303,7 +333,14 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead // write cofiguration file $prefix = openvpn_client_export_prefix($srvid); - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true); + if (!empty($proxy) && $proxy['proxy_authtype'] != "none") { + $proxy['passwdfile'] = "config-password"; + $pwdfle = "{$proxy['user']}\n"; + $pwdfle .= "{$proxy['password']}\n"; + file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle); + } + + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true, $proxy); if (!$conf) return false; diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 402811a3..64293828 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -98,31 +98,57 @@ if($act == "conf") { pfSenseHeader("vpn_openvpn_export.php"); exit; } - if ($_GET['useaddr'] == "other") { - if (empty($_GET['useaddr_hostname'])) { - $error = true; - $input_errors[] = "You need to specify an IP or hostname."; - } else - $useaddr = $_GET['useaddr_hostname']; + if (empty($_GET['useaddr'])) { + $error = true; + $input_errors[] = "You need to specify an IP or hostname."; } else $useaddr = $_GET['useaddr']; $usetoken = $_GET['usetoken']; + $proxy = ""; + if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) { + $proxy = array(); + if (empty($_GET['proxy_addr'])) { + $error = true; + $input_errors[] = "You need to specify an address for the proxy port."; + } else + $proxy['ip'] = $_GET['proxy_addr']; + if (empty($_GET['proxy_port'])) { + $error = true; + $input_errors[] = "You need to specify a port for the proxy ip."; + } else + $proxy['port'] = $_GET['proxy_port']; + $proxy['proxy_authtype'] = $_GET['proxy_authtype']; + if ($_GET['proxy_authtype'] != "none") { + if (empty($_GET['proxy_user'])) { + $error = true; + $input_errors[] = "You need to specify a username with the proxy config."; + } else + $proxy['user'] = $_GET['proxy_user']; + if (!empty($_GET['proxy_user']) && empty($_GET['proxy_password'])) { + $error = true; + $input_errors[] = "You need to specify a password with the proxy user."; + } else + $proxy['password'] = $_GET['proxy_password']; + } + } + $exp_name = openvpn_client_export_prefix($srvid); - $exp_name = urlencode($exp_name."-config.ovpn"); - $exp_data = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken); + $exp_data = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, false, $proxy); if (!$exp_data) { $input_errors[] = "Failed to export config files!"; $error = true; } if (!$error) { + $exp_name = urlencode($exp_name."-config.ovpn"); $exp_size = strlen($exp_data); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); echo $exp_data; + exit; } } @@ -135,12 +161,9 @@ if($act == "visc") { pfSenseHeader("vpn_openvpn_export.php"); exit; } - if ($_GET['useaddr'] == "other") { - if (empty($_GET['useaddr_hostname'])) { - $error = true; - $input_errors[] = "You need to specify an IP or hostname."; - } else - $useaddr = $_GET['useaddr_hostname']; + if (empty($_GET['useaddr'])) { + $error = true; + $input_errors[] = "You need to specify an IP or hostname."; } else $useaddr = $_GET['useaddr']; @@ -149,9 +172,37 @@ if($act == "visc") { if ($_GET['password']) $password = $_GET['password']; ; + $proxy = ""; + if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) { + $proxy = array(); + if (empty($_GET['proxy_addr'])) { + $error = true; + $input_errors[] = "You need to specify an address for the proxy port."; + } else + $proxy['ip'] = $_GET['proxy_addr']; + if (empty($_GET['proxy_port'])) { + $error = true; + $input_errors[] = "You need to specify a port for the proxy ip."; + } else + $proxy['port'] = $_GET['proxy_port']; + $proxy['proxy_authtype'] = $_GET['proxy_authtype']; + if ($_GET['proxy_authtype'] != "none") { + if (empty($_GET['proxy_user'])) { + $error = true; + $input_errors[] = "You need to specify a username with the proxy config."; + } else + $proxy['user'] = $_GET['proxy_user']; + if (!empty($_GET['proxy_user']) && empty($_GET['proxy_password'])) { + $error = true; + $input_errors[] = "You need to specify a password with the proxy user."; + } else + $proxy['password'] = $_GET['proxy_password']; + } + } + $exp_name = openvpn_client_export_prefix($srvid); $exp_name = urlencode($exp_name."-Viscosity.visc.zip"); - $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $password); + $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $password, $proxy); if (!$exp_path) { $input_errors[] = "Failed to export config files!"; $error = true; @@ -176,23 +227,48 @@ if($act == "inst") { pfSenseHeader("vpn_openvpn_export.php"); exit; } - if ($_GET['useaddr'] == "other") { - if (empty($_GET['useaddr_hostname'])) { - $error = true; - $input_errors[] = "You need to specify an IP or hostname."; - } else - $useaddr = $_GET['useaddr_hostname']; + if (empty($_GET['useaddr'])) { + $error = true; + $input_errors[] = "You need to specify an IP or hostname."; } else $useaddr = $_GET['useaddr']; $usetoken = $_GET['usetoken']; $password = ""; if ($_GET['password']) - $password = $_GET['password']; ; + $password = $_GET['password']; + + $proxy = ""; + if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) { + $proxy = array(); + if (empty($_GET['proxy_addr'])) { + $error = true; + $input_errors[] = "You need to specify an address for the proxy port."; + } else + $proxy['ip'] = $_GET['proxy_addr']; + if (empty($_GET['proxy_port'])) { + $error = true; + $input_errors[] = "You need to specify a port for the proxy ip."; + } else + $proxy['port'] = $_GET['proxy_port']; + $proxy['proxy_authtype'] = $_GET['proxy_authtype']; + if ($_GET['proxy_authtype'] != "none") { + if (empty($_GET['proxy_user'])) { + $error = true; + $input_errors[] = "You need to specify a username with the proxy config."; + } else + $proxy['user'] = $_GET['proxy_user']; + if (!empty($_GET['proxy_user']) && empty($_GET['proxy_password'])) { + $error = true; + $input_errors[] = "You need to specify a password with the proxy user."; + } else + $proxy['password'] = $_GET['proxy_password']; + } + } $exp_name = openvpn_client_export_prefix($srvid); $exp_name = urlencode($exp_name."-install.exe"); - $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $password); + $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $password, $proxy); if (!$exp_path) { $input_errors[] = "Failed to export config files!"; $error = true; @@ -268,6 +344,42 @@ function download_begin(act, i) { } } + var useproxy = 0; + var useproxypass = 0; + if (document.getElementById("useproxy").checked) + useproxy = 1; + + var proxyaddr = document.getElementById("proxyaddr").value; + var proxyport = document.getElementById("proxyport").value; + if (useproxy) { + if (!proxyaddr || !proxyport) { + alert("The proxy ip and port cannot be empty"); + return; + } + + if (document.getElementById("useproxypass").value != 'none') + useproxypass = 1; + + var proxyauth = document.getElementById("useproxypass").value; + var proxyuser = document.getElementById("proxyuser").value; + var proxypass = document.getElementById("proxypass").value; + var proxyconf = document.getElementById("proxyconf").value; + if (useproxypass) { + if (!proxyuser) { + alert("Please fill the proxy username and passowrd."); + return; + } + if (!proxypass || !proxyconf) { + alert("The proxy password or confirm field is empty"); + return; + } + if (proxypass != proxyconf) { + alert("The proxy password and confirm fields must match"); + return; + } + } + } + var dlurl; dlurl = "/vpn_openvpn_export.php?act=" + act; dlurl += "&srvid=" + servers[index][0]; @@ -277,6 +389,15 @@ function download_begin(act, i) { dlurl += "&usetoken=" + usetoken; if (usepass) dlurl += "&password=" + pass; + if (useproxy) { + dlurl += "&proxy_addr=" + proxyaddr; + dlurl += "&proxy_port=" + proxyport; + dlurl += "&proxy_authtype=" + proxyauth; + if (useproxypass) { + dlurl += "&proxy_user=" + proxyuser; + dlurl += "&proxy_password=" + proxypass; + } + } window.open(dlurl,"_self"); } @@ -324,6 +445,15 @@ function usepass_changed() { document.getElementById("usepass_opts").style.display = "none"; } +function useproxy_changed(obj) { + + if ((obj.id == "useproxy" && obj.checked) || + $(obj.id).value != 'none') { + $(obj.id + '_opts').show(); + } else { + $(obj.id + '_opts').hide(); + } +} //--> </script> <?php @@ -409,7 +539,7 @@ function usepass_changed() { </td> </tr> </table> - <table border="0" cellpadding="2" cellspacing="0" id="usepass_opts"> + <table border="0" cellpadding="2" cellspacing="0" id="usepass_opts" style="display:none"> <tr> <td align="right"> <span class="vexpl"> @@ -434,6 +564,93 @@ function usepass_changed() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Use HTTP Proxy</td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0"> + <tr> + <td> + <input name="useproxy" id="useproxy" type="checkbox" value="yes" onClick="useproxy_changed(this)"> + + </td> + <td> + <span class="vexpl"> + Use HTTP proxy to communicate with the server. + </span> + </td> + </tr> + </table> + <table border="0" cellpadding="2" cellspacing="0" id="useproxy_opts" style="display:none"> + <tr> + <td align="right" width='25%'> + <span class="vexpl"> + Ip Addr : + </span> + </td> + <td> + <input name="proxyaddr" id="proxyaddr" class="formfld unknown" size="20" value="" /> + </td> + </tr> + <tr> + <td align="right" width='25%'> + <span class="vexpl"> + Port : + </span> + <td> + <input name="proxyport" id="proxyport" class="formfld unknown" size="5" value="" /> + </td> + </tr> + <br /> + <tr> + <td width="25%"> + + </td> + <td> + <select name="useproxypass" id="useproxypass" class="formselect" onChange="useproxy_changed(this)"> + <option value="none">none</option> + <option value="basic">basic</option> + <option value="ntlm">ntlm</option> + </select> + <span class="vexpl"> + Choose HTTP proxy authentication if any. + </span> + <br /> + <table border="0" cellpadding="2" cellspacing="0" id="useproxypass_opts" style="display:none"> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + Username : + </span> + </td> + <td> + <input name="proxyuser" id="proxyuser" class="formfld unknown" size="20" value="" /> + </td> + </tr> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + Password : + </span> + </td> + <td> + <input name="proxypass" id="proxypass" type="password" class="formfld pwd" size="20" value="" /> + </td> + </tr> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + Confirm : + </span> + <td> + <input name="proxyconf" id="proxyconf" type="password" class="formfld pwd" size="20" value="" /> + </td> + </tr> + </table> + </td> + </tr> + </table> + </td> + </tr> + <tr> <td colspan="2" class="list" height="12"> </td> </tr> <tr> |