From 4dd1f291e78746bd0cccb6ce27359f90f02693e1 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Wed, 26 Aug 2015 17:20:02 +0200 Subject: tinc - pfSense 2.2.x fixes, code style and improvements - Fix copyright header - All content from tinc_config.xml moved here - Add basic input validation - Added an enable checkbox to make it possible to disable tinc without uninstalling the package - Fix textarea so that the generated RSA keys actually fit in without linewraps - Cosmetics --- config/tinc/tinc.xml | 340 +++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 277 insertions(+), 63 deletions(-) (limited to 'config') diff --git a/config/tinc/tinc.xml b/config/tinc/tinc.xml index 183ae161..89d1e8ce 100644 --- a/config/tinc/tinc.xml +++ b/config/tinc/tinc.xml @@ -1,103 +1,317 @@ - - + + - - + - - A self-contained VPN solution designed to connect multiple sites together in a secure way. - Describe your package requirements here - Currently there are no FAQ items provided. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + + A self-contained VPN solution designed to connect multiple sites together in a secure way. tinc - 1.0.23 v1.2.1 - VPN: tinc - + 1.2.2 + VPN: tinc - Config + /usr/local/pkg/tinc.inc + ['installedpackages']['package']['$packagename']['config'] tinc - tinc is a mesh VPN daemon.
VPN
- tinc_config.xml - /pkg_edit.php?xml=tinc_config.xml + tinc.xml + /pkg_edit.php?xml=tinc.xml
- tincd - Status of tinc VPN Daemon + tinc VPN
Status
/status_tinc.php
- + + tinc + tinc.sh + tincd + Tinc Mesh VPN + + + + Config + /pkg_edit.php?xml=tinc.xml + + + + Hosts + /pkg.php?xml=tinc_hosts.xml + + /usr/local/pkg/ - 0644 https://packages.pfsense.org/packages/config/tinc/tinc.inc /usr/local/pkg/ - 0644 - https://packages.pfsense.org/packages/config/tinc/tinc_config.xml - - - /usr/local/pkg/ - 0644 https://packages.pfsense.org/packages/config/tinc/tinc_hosts.xml /usr/local/www/ - 0755 https://packages.pfsense.org/packages/config/tinc/status_tinc.php /usr/local/www/shortcuts/ - 0644 https://packages.pfsense.org/packages/config/tinc/pkg_tinc.inc - - - tinc - tinc.sh - tincd - tinc mesh VPN - - /usr/local/pkg/tinc.inc - + enabled + + + Basic Settings + listtopic + + + Enable Tinc VPN + enable + Check this to enable tinc mesh VPN. + checkbox + + + Name + name + + + It must be unique for the virtual private network this daemon will connect to. + ]]> + + input + + + + Local IP + localip + + + This is often the same IP as your routers LAN address. (Example: 192.168.2.1) + ]]> + + input + + + + Local Subnet + localsubnet + + + This is usually your LAN subnet. (Example: 192.168.2.0/24) + ]]> + + input + + + + VPN Netmask + vpnnetmask + + + It is usually broader then your local netmask. (Example: 255.255.0.0) + ]]> + + input + + + + Address Family + addressfamily + + + If "Any" is selected, then - depending on the operating system - either both IPv4 and IPv6 or just IPv6 listening sockets will be created. + ]]> + + select + + + + + + + + RSA Private Key + cert_key + + Include the BEGIN and END lines.
+ ]]> +
+ textarea + base64 + 7 + 70 +
+ + RSA Public Key + cert_pub + + Include the BEGIN and END lines.
+ ]]> +
+ textarea + base64 + 7 + 70 +
+ + Generate RSA Key Pair + gen_rsa + This will generate a new RSA key pair in the fields above. + checkbox + + + Extra Tinc Parameters + extra + + + ]]> + + textarea + base64 + 8 + 70 + + + + Extra Host Parameters + host_extra + + + ]]> + + textarea + base64 + 8 + 70 + + + + Interface Up Script + tinc_up + + + By default, a tinc-up file is created that brings up the tinc interface with the IP Address and Netmask specified above and adds it to the tinc interface group.
+ Note: Entering a value here complely replaces the default script; be sure to bring up the interface in this script! + ]]> +
+ textarea + base64 + 8 + 70 + +
+ + Interface Down Script + tinc_down + This script is executed right before the tinc daemon is going to close. + textarea + base64 + 8 + 70 + + + + Host Up Script + host_up + This script is executed when any host becomes reachable. + textarea + base64 + 8 + 70 + + + + Host Down Script + host_down + This script is executed when any host becomes unreachable. + textarea + base64 + 8 + 70 + + + + Subnet Up Script + subnet_up + This script is executed when any subnet becomes reachable. + textarea + base64 + 8 + 70 + + + + Subnet Down Script + subnet_down + This script is executed when any subnet becomes unreachable. + textarea + base64 + 8 + 70 + + +
tinc_install(); tinc_deinstall(); - + + tinc_save(); + + + tinc_validate_input($_POST, $input_errors); +
-- cgit v1.2.3