From 4d1afb6ab23c1ae8e90209b6988cba17e4b38721 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 1 Mar 2011 12:10:00 -0500
Subject: Finish up shared key client export (for non-pfsense clients)

---
 .../openvpn-client-export.inc                      |  12 +
 .../openvpn-client-export.xml                      |  12 +-
 .../openvpn-client-export/vpn_openvpn_export.php   |   1 +
 .../vpn_openvpn_export_shared.php                  | 445 +++++++++++++++++++++
 4 files changed, 469 insertions(+), 1 deletion(-)
 create mode 100644 config/openvpn-client-export/vpn_openvpn_export_shared.php

(limited to 'config')

diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 3e8038e4..49ed4ca6 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -51,10 +51,12 @@ function openvpn_client_export_install() {
 function openvpn_client_export_deinstall() {
 	conf_mount_rw();
 	$phpfile = "vpn_openvpn_export.php";
+	$phpfile2 = "vpn_openvpn_export_shared.php";
 	$ovpndir = "/usr/local/share/openvpn";
 	$workdir = "{$ovpndir}/client-export";
 
 	unlink_if_exists("/usr/local/www/{$phpfile}");
+	unlink_if_exists("/usr/local/www/{$phpfile2}");
 	exec("/bin/rm -r {$workdir}");
 	conf_mount_ro();
 }
@@ -548,6 +550,16 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
 		$mask = gen_subnet_mask($mask);
 		$conf .= "route $ip $mask\n";
 	}
+	if (!empty($settings['tunnel_network'])) {
+		list($ip, $mask) = explode('/', $settings['tunnel_network']);
+		$mask = gen_subnet_mask($mask);
+		$baselong = ip2long32($ip) & ip2long($mask);
+		$ip1 = long2ip32($baselong + 1);
+		$ip2 = long2ip32($baselong + 2);
+		$conf .= "ifconfig $ip2 $ip1\n";
+	}
+	$conf .= "keepalive 10 60\n";
+	$conf .= "ping-timer-rem\n";
 
 	if (!empty($proxy)) {
 		if ($proto == "udp") {
diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml
index cf163a20..9e0973f0 100755
--- a/config/openvpn-client-export/openvpn-client-export.xml
+++ b/config/openvpn-client-export/openvpn-client-export.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <packagegui>
 	<name>OpenVPN Client Export</name>
-	<version>0.3</version>
+	<version>0.6</version>
 	<title>OpenVPN Client Export</title>
 	<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
 	<backup_file></backup_file>
@@ -13,6 +13,11 @@
 			<tabgroup>OpenVPN</tabgroup>
 			<url>/vpn_openvpn_export.php</url>
 		</tab>
+		<tab>
+			<name>Shared Key Export</name>
+			<tabgroup>OpenVPN</tabgroup>
+			<url>/vpn_openvpn_export_shared.php</url>
+		</tab>
 	</tabs>
 	<additional_files_needed>
 		<prefix>/usr/local/pkg/</prefix>
@@ -29,6 +34,11 @@
 		<chmod>077</chmod>
 		<item>http://www.pfsense.com/packages/config/openvpn-client-export/vpn_openvpn_export.php</item>
 	</additional_files_needed>
+	<additional_files_needed>
+		<prefix>/usr/local/www/</prefix>
+		<chmod>077</chmod>
+		<item>http://www.pfsense.com/packages/config/openvpn-client-export/vpn_openvpn_export_shared.php</item>
+	</additional_files_needed>
 	<custom_php_install_command>
 		openvpn_client_export_install();
 	</custom_php_install_command>
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index 73833fbe..01a0507a 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -537,6 +537,7 @@ function useproxy_changed(obj) {
 				$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
 				$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
 				$tab_array[] = array(gettext("Client Export"), true, "vpn_openvpn_export.php");
+				$tab_array[] = array(gettext("Shared Key Export"), false, "vpn_openvpn_export_shared.php");
 				display_top_tabs($tab_array);
 			?>
 		</td>
diff --git a/config/openvpn-client-export/vpn_openvpn_export_shared.php b/config/openvpn-client-export/vpn_openvpn_export_shared.php
new file mode 100644
index 00000000..95cc37bd
--- /dev/null
+++ b/config/openvpn-client-export/vpn_openvpn_export_shared.php
@@ -0,0 +1,445 @@
+<?php 
+/*
+	vpn_openvpn_export.php
+
+	Copyright (C) 2008 Shrew Soft Inc.
+	Copyright (C) 2010 Ermal Luçi
+	All rights reserved. 
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+	
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+	
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+	
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+
+	DISABLE_PHP_LINT_CHECKING
+*/
+
+require("globals.inc");
+require("guiconfig.inc");
+require("openvpn-client-export.inc");
+
+$pgtitle = array("OpenVPN", "Client Export Utility");
+
+if (!is_array($config['openvpn']['openvpn-server']))
+	$config['openvpn']['openvpn-server'] = array();
+
+$a_server = $config['openvpn']['openvpn-server'];
+
+$ras_server = array();
+foreach($a_server as $sindex => $server) {
+	if (isset($server['disable']))
+		continue;
+	$ras_user = array();
+	if ($server['mode'] != "p2p_shared_key")
+		continue;
+
+	$ras_serverent = array();
+	$prot = $server['protocol'];
+	$port = $server['local_port'];
+	if ($server['description'])
+		$name = "{$server['description']} {$prot}:{$port}";
+	else
+		$name = "Shared Key Server {$prot}:{$port}";
+	$ras_serverent['index'] = $sindex;
+	$ras_serverent['name'] = $name;
+	$ras_server[] = $ras_serverent;
+}
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+	$id = $_POST['id'];
+
+$act = $_GET['act'];
+if (isset($_POST['act']))
+	$act = $_POST['act'];
+
+$error = false;
+
+if(($act == "skconf") || ($act == "skzipconf")) {
+	$srvid = $_GET['srvid'];
+	if (($srvid === false) || ($config['openvpn']['openvpn-server'][$srvid]['mode'] != "p2p_shared_key")) {
+		pfSenseHeader("vpn_openvpn_export.php");
+		exit;
+	}
+
+	if (empty($_GET['useaddr'])) {
+		$error = true;
+		$input_errors[] = "You need to specify an IP or hostname.";
+	} else
+		$useaddr = $_GET['useaddr'];
+
+	$proxy = "";
+	if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) {
+		$proxy = array();
+		if (empty($_GET['proxy_addr'])) {
+			$error = true;
+			$input_errors[] = "You need to specify an address for the proxy port.";
+		} else
+			$proxy['ip'] = $_GET['proxy_addr'];
+		if (empty($_GET['proxy_port'])) {
+			$error = true;
+			$input_errors[] = "You need to specify a port for the proxy ip.";
+		} else
+			$proxy['port'] = $_GET['proxy_port'];
+		$proxy['proxy_authtype'] = $_GET['proxy_authtype'];
+		if ($_GET['proxy_authtype'] != "none") {
+			if (empty($_GET['proxy_user'])) {
+				$error = true;
+				$input_errors[] = "You need to specify a username with the proxy config.";
+			} else
+				$proxy['user'] = $_GET['proxy_user'];
+			if (!empty($_GET['proxy_user']) && empty($_GET['proxy_password'])) {
+				$error = true;
+				$input_errors[] = "You need to specify a password with the proxy user.";
+			} else
+				$proxy['password'] = $_GET['proxy_password'];
+		}
+	}
+
+	$exp_name = openvpn_client_export_prefix($srvid);
+	if ($act == "skzipconf")
+		$zipconf = true;
+	$exp_data = openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipconf);
+	if (!$exp_data) {
+		$input_errors[] = "Failed to export config files!";
+		$error = true;
+	}
+	if (!$error) {
+		if ($zipconf) {
+			$exp_name = urlencode($exp_data);
+			$exp_size = filesize("{$g['tmp_path']}/{$exp_data}");
+		} else {
+			$exp_name = urlencode($exp_name."-config.ovpn");
+			$exp_size = strlen($exp_data);
+		}
+
+		header('Pragma: ');
+		header('Cache-Control: ');
+		header("Content-Type: application/octet-stream");
+		header("Content-Disposition: attachment; filename={$exp_name}");
+		header("Content-Length: $exp_size");
+		if ($zipconf)
+			readfile("{$g['tmp_path']}/{$exp_data}");
+		else
+			echo $exp_data;
+
+		@unlink("{$g['tmp_path']}/{$exp_data}");
+		exit;
+	}
+}
+
+include("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<script language="JavaScript">
+	var viscosityAvailable = false;
+<!--
+
+var servers = new Array();
+<?php	foreach ($ras_server as $sindex => $server): ?>
+servers[<?=$sindex;?>] = new Array();
+servers[<?=$sindex;?>][0] = '<?=$server['index'];?>';
+servers[<?=$sindex;?>][1] = new Array();
+servers[<?=$sindex;?>][2] = '<?=$server['mode'];?>';;
+<?	endforeach; ?>
+
+function download_begin(act) {
+
+	var index = document.getElementById("server").selectedIndex;
+	var useaddr;
+
+	if (document.getElementById("useaddr").value == "other") {
+		if (document.getElementById("useaddr_hostname").value == "") {
+			alert("Please specify an IP address or hostname.");
+			return;
+		}
+		useaddr = document.getElementById("useaddr_hostname").value;
+	} else
+		useaddr = document.getElementById("useaddr").value;
+
+	var useproxy = 0;
+	var useproxypass = 0;
+	if (document.getElementById("useproxy").checked)
+		useproxy = 1;
+
+	var proxyaddr = document.getElementById("proxyaddr").value;
+	var proxyport = document.getElementById("proxyport").value;
+	if (useproxy) {
+		if (!proxyaddr || !proxyport) {
+			alert("The proxy ip and port cannot be empty");
+			return;
+		}
+
+		if (document.getElementById("useproxypass").value != 'none')
+			useproxypass = 1;
+
+		var proxyauth = document.getElementById("useproxypass").value;
+		var proxyuser = document.getElementById("proxyuser").value;
+		var proxypass = document.getElementById("proxypass").value;
+		var proxyconf = document.getElementById("proxyconf").value;
+		if (useproxypass) {
+			if (!proxyuser) {
+				alert("Please fill the proxy username and passowrd.");
+				return;
+			}
+			if (!proxypass || !proxyconf) {
+				alert("The proxy password or confirm field is empty");
+				return;
+			}
+			if (proxypass != proxyconf) {
+				alert("The proxy password and confirm fields must match");
+				return;
+			}
+		}
+	}
+
+	var dlurl;
+	dlurl  = "/vpn_openvpn_export.php?act=" + act;
+	dlurl += "&srvid=" + servers[index][0];
+	dlurl += "&useaddr=" + useaddr;
+	if (useproxy) {
+		dlurl += "&proxy_addr=" + proxyaddr;
+		dlurl += "&proxy_port=" + proxyport;
+		dlurl += "&proxy_authtype=" + proxyauth;
+		if (useproxypass) {
+			dlurl += "&proxy_user=" + proxyuser;
+			dlurl += "&proxy_password=" + proxypass;
+		}
+	}
+
+	window.open(dlurl,"_self");
+}
+
+function server_changed() {
+
+	var table = document.getElementById("clients");
+	while (table.rows.length > 1 )
+		table.deleteRow(1);
+
+	var index = document.getElementById("server").selectedIndex;
+
+	var row = table.insertRow(table.rows.length);
+	var cell0 = row.insertCell(0);
+	var cell1 = row.insertCell(1);
+	cell0.className = "listlr";
+	cell0.innerHTML = "Other Shared Key OS Client";
+	cell1.className = "listr";
+	cell1.innerHTML = "<a href='javascript:download_begin(\"skconf\")'>Configuration</a>";
+	cell1.innerHTML += "&nbsp;/&nbsp;";
+	cell1.innerHTML += "<a href='javascript:download_begin(\"skzipconf\")'>Configuration archive</a>";
+}
+
+function useaddr_changed(obj) {
+
+	if (obj.value == "other")
+		$('HostName').show();
+	else
+		$('HostName').hide();
+	
+}
+
+function useproxy_changed(obj) {
+
+	if ((obj.id == "useproxy" && obj.checked) ||
+		$(obj.id + 'pass').value != 'none') {
+		$(obj.id + '_opts').show();
+	} else {
+		$(obj.id + '_opts').hide();
+	}
+}
+//-->
+</script>
+<?php
+	if ($input_errors)
+		print_input_errors($input_errors);
+	if ($savemsg)
+		print_info_box($savemsg);
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ 	<tr>
+		<td>
+			<?php 
+				$tab_array = array();
+				$tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php");
+				$tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php");
+				$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
+				$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
+				$tab_array[] = array(gettext("Client Export"), false, "vpn_openvpn_export.php");
+				$tab_array[] = array(gettext("Shared Key Export"), true, "vpn_openvpn_export_shared.php");
+				display_top_tabs($tab_array);
+			?>
+		</td>
+	</tr>
+	<tr>
+		<td id="mainarea">
+			<div class="tabcont">
+				<table width="100%" border="0" cellpadding="6" cellspacing="0">
+					<tr>
+						<td width="22%" valign="top" class="vncellreq">Shared Key Server</td>
+						<td width="78%" class="vtable">
+							<select name="server" id="server" class="formselect" onChange="server_changed()">
+								<?php foreach($ras_server as & $server): ?>
+								<option value="<?=$server['sindex'];?>"><?=$server['name'];?></option>
+								<?php endforeach; ?>
+							</select>
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell">Host Name Resolution</td>
+						<td width="78%" class="vtable">
+							<table border="0" cellpadding="2" cellspacing="0">
+								<tr>
+									<td>
+										<select name="useaddr" id="useaddr" class="formselect" onChange="useaddr_changed(this)">
+											<option value="serveraddr" >Interface IP Address</option>
+											<option value="serverhostname" >Installation hostname</option>
+											<option value="other">Other</option>
+										</select>
+										<br />
+										<div style="display:none;" name="HostName" id="HostName">
+											<input name="useaddr_hostname" id="useaddr_hostname" />
+											<span class="vexpl">
+												Enter the hostname or IP address the client will use to connect to this server.
+											</span>
+										</div>
+									</td>
+								</tr>
+							</table>
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell">Use HTTP Proxy</td>
+						<td width="78%" class="vtable">
+							 <table border="0" cellpadding="2" cellspacing="0">
+								<tr>
+									<td>
+										<input name="useproxy" id="useproxy" type="checkbox" value="yes" onClick="useproxy_changed(this)">
+
+									</td>
+									<td>
+										<span class="vexpl">
+											Use HTTP proxy to communicate with the server.
+										</span>
+									</td>
+								</tr>
+							</table>
+							<table border="0" cellpadding="2" cellspacing="0" id="useproxy_opts" style="display:none">
+								<tr>
+									<td align="right" width='25%'>
+										<span class="vexpl">
+											 &nbsp;     IP Address :&nbsp;
+										</span>
+									</td>
+									<td>
+										<input name="proxyaddr" id="proxyaddr" class="formfld unknown" size="20" value="" />
+									</td>
+								</tr>
+								<tr>
+									<td align="right" width='25%'>
+										<span class="vexpl">
+											 &nbsp;      Port :&nbsp;
+										</span>
+														<td>
+										<input name="proxyport" id="proxyport" class="formfld unknown" size="5" value="" />
+									</td>
+								</tr>
+							<br />
+								<tr>
+									<td width="25%">
+
+									</td>
+									<td>
+										<select name="useproxypass" id="useproxypass" class="formselect" onChange="useproxy_changed(this)">
+											<option value="none">none</option>
+											<option value="basic">basic</option>
+											<option value="ntlm">ntlm</option>
+										</select>
+										<span class="vexpl">
+											Choose HTTP proxy authentication if any.
+										</span>
+							<br />
+							<table border="0" cellpadding="2" cellspacing="0" id="useproxypass_opts" style="display:none">
+								<tr>
+									<td align="right" width="25%">
+										<span class="vexpl">
+											 &nbsp;Username :&nbsp;
+										</span>
+									</td>
+									<td>
+										<input name="proxyuser" id="proxyuser" class="formfld unknown" size="20" value="" />
+									</td>
+								</tr>
+								<tr>
+									<td align="right" width="25%">
+										<span class="vexpl">
+											 &nbsp;Password :&nbsp;
+										</span>
+									</td>
+									<td>
+										<input name="proxypass" id="proxypass" type="password" class="formfld pwd" size="20" value="" />
+									</td>
+								</tr>
+								<tr>
+									<td align="right" width="25%">
+										<span class="vexpl">
+											 &nbsp;Confirm :&nbsp;
+										</span>
+														<td>
+										<input name="proxyconf" id="proxyconf" type="password" class="formfld pwd" size="20" value="" />
+									</td>
+								</tr>
+							</table>
+									</td>
+								</tr>
+							</table>
+						</td>
+					</tr>
+					<tr>
+						<td colspan="2" class="list" height="12">&nbsp;</td>
+					</tr>
+					<tr>
+						<td colspan="2" valign="top" class="listtopic">Client Configuration Packages</td>
+					</tr>
+				</table>
+				<table width="100%" id="clients" width="100%" border="0" cellpadding="0" cellspacing="0">
+					<tr>
+						<td width="25%" class="listhdrr"><?=gettext("Client Type");?></td>
+						<td width="50%" class="listhdrr"><?=gettext("Export");?></td>
+					</tr>
+				</table>
+				<table width="100%" width="100%" border="0" cellpadding="5" cellspacing="10">
+					<tr>
+						<td align="right" valign="top" width="5%"><?= gettext("NOTE:") ?></td>
+						<td><?= gettext("NOTE: These are shared key configurations for use in site-to-site tunnels with other routers. Shared key tunnels are not normally used for remote access connections to end users.") ?></td>
+					</tr>
+				</table>
+			</div>
+		</td>
+	</tr>
+</table>
+<script language="JavaScript">
+<!--
+server_changed();
+//-->
+</script>
+</body>
+<?php include("fend.inc"); ?>
-- 
cgit v1.2.3