| 757 |
757 |
|
| 758 |
758 |
if ($settings['netbios_enable']) {
|
| 759 |
759 |
|
| 760 |
|
if (!empty($settings['dhcp_nbttype']) && ($settings['dhcp_nbttype'] != 0)) {
|
| 761 |
|
$conf .= "push \"dhcp-option NBT {$settings['dhcp_nbttype']}\"\n";
|
|
760 |
if (!empty($settings['netbios_ntype']) && ($settings['netbios_ntype'] != 0)) {
|
|
761 |
$conf .= "push \"dhcp-option NBT {$settings['netbios_ntype']}\"\n";
|
| 762 |
762 |
}
|
| 763 |
|
if (!empty($settings['dhcp_nbtscope'])) {
|
| 764 |
|
$conf .= "push \"dhcp-option NBS {$settings['dhcp_nbtscope']}\"\n";
|
|
763 |
if (!empty($settings['netbios_scope'])) {
|
|
764 |
$conf .= "push \"dhcp-option NBS {$settings['netbios_scope']}\"\n";
|
| 765 |
765 |
}
|
| 766 |
766 |
|
| 767 |
767 |
if (!empty($settings['wins_server1'])) {
|
| ... | ... | |
| 774 |
774 |
if (!empty($settings['nbdd_server1'])) {
|
| 775 |
775 |
$conf .= "push \"dhcp-option NBDD {$settings['nbdd_server1']}\"\n";
|
| 776 |
776 |
}
|
|
777 |
if (!empty($settings['nbdd_server2'])) {
|
|
778 |
$conf .= "push \"dhcp-option NBDD {$settings['nbdd_server2']}\"\n";
|
| 777 |
779 |
}
|
|
780 |
}
|
| 778 |
781 |
|
| 779 |
782 |
if ($settings['gwredir']) {
|
| 780 |
783 |
$conf .= "push \"redirect-gateway def1\"\n";
|
| ... | ... | |
| 1695 |
1698 |
}
|
| 1696 |
1699 |
openvpn_create_dirs();
|
| 1697 |
1700 |
|
|
1701 |
/* Some options remove the gateway or topology which are required;
|
|
1702 |
* in such cases, these can be automatically determined. */
|
|
1703 |
$auto_config_gateway4 = false;
|
|
1704 |
$auto_config_gateway6 = false;
|
|
1705 |
$auto_config_topology = false;
|
|
1706 |
|
| 1698 |
1707 |
if (empty($settings['server_list'])) {
|
| 1699 |
1708 |
$csc_server_list = array();
|
| 1700 |
1709 |
} else {
|
| ... | ... | |
| 1706 |
1715 |
$conf .= "disable\n";
|
| 1707 |
1716 |
}
|
| 1708 |
1717 |
|
| 1709 |
|
if ($settings['push_reset']) {
|
|
1718 |
// Reset options
|
|
1719 |
if (isset($settings['push_reset'])) {
|
|
1720 |
if (isset($settings['keep_minimal'])) {
|
|
1721 |
$auto_config_gateway4 = true;
|
|
1722 |
$auto_config_gateway6 = true;
|
|
1723 |
$auto_config_topology = true;
|
|
1724 |
}
|
| 1710 |
1725 |
$conf .= "push-reset\n";
|
|
1726 |
} elseif (!empty($settings['remove_options'])) {
|
|
1727 |
foreach (explode(',', $settings['remove_options']) as $option) {
|
|
1728 |
if (isset($settings['keep_minimal']) && ($option == 'remove_route')) {
|
|
1729 |
$auto_config_gateway4 = true;
|
|
1730 |
$auto_config_gateway6 = true;
|
| 1711 |
1731 |
}
|
| 1712 |
|
|
| 1713 |
|
if ($settings['remove_route']) {
|
| 1714 |
|
$conf .= "push-remove route\n";
|
|
1732 |
$options = match ($option) {
|
|
1733 |
'remove_route' => 'route',
|
|
1734 |
'remove_iroute' => 'iroute',
|
|
1735 |
'remove_redirect_gateway' => 'redirect-gateway',
|
|
1736 |
'remove_inactive' => 'inactive',
|
|
1737 |
'remove_ping' => 'ping',
|
|
1738 |
'remove_ping_action' => ['ping-restart', 'ping-exit'],
|
|
1739 |
'remove_blockoutsidedns' => 'block-outside-dns',
|
|
1740 |
'remove_dnsdomain' => '"dhcp-option DOMAIN"',
|
|
1741 |
'remove_dnsservers' => '"dhcp-option DNS"',
|
|
1742 |
'remove_ntpservers' => '"dhcp-option NTP"',
|
|
1743 |
'remove_netbios_ntype' => '"dhcp-option NBT"',
|
|
1744 |
'remove_netbios_scope' => '"dhcp-option NBS"',
|
|
1745 |
'remove_wins' => '"dhcp-option WINS"'
|
|
1746 |
};
|
|
1747 |
if (is_array($options)) {
|
|
1748 |
foreach ($options as $option_name) {
|
|
1749 |
$conf .= "push-remove {$option_name}\n";
|
| 1715 |
1750 |
}
|
|
1751 |
} else {
|
|
1752 |
$conf .= "push-remove {$options}\n";
|
|
1753 |
}
|
|
1754 |
}
|
|
1755 |
}
|
| 1716 |
1756 |
|
|
1757 |
// Local network route options
|
| 1717 |
1758 |
if ($settings['local_network']) {
|
| 1718 |
1759 |
$conf .= openvpn_gen_routes($settings['local_network'], "ipv4", true);
|
| 1719 |
1760 |
}
|
| ... | ... | |
| 1721 |
1762 |
$conf .= openvpn_gen_routes($settings['local_networkv6'], "ipv6", true);
|
| 1722 |
1763 |
}
|
| 1723 |
1764 |
|
| 1724 |
|
// Add a remote network iroute if set
|
|
1765 |
// Remote network iroute options
|
| 1725 |
1766 |
if (openvpn_validate_cidr($settings['remote_network'], "", true, "ipv4", true) === FALSE) {
|
| 1726 |
1767 |
$conf .= openvpn_gen_routes($settings['remote_network'], "ipv4", false, true);
|
| 1727 |
1768 |
}
|
| 1728 |
|
// Add a remote network iroute if set
|
| 1729 |
1769 |
if (openvpn_validate_cidr($settings['remote_networkv6'], "", true, "ipv6", true) === FALSE) {
|
| 1730 |
1770 |
$conf .= openvpn_gen_routes($settings['remote_networkv6'], "ipv6", false, true);
|
| 1731 |
1771 |
}
|
| 1732 |
1772 |
|
|
1773 |
// Gatewy override options
|
|
1774 |
if (!empty($settings['gateway'])) {
|
|
1775 |
$auto_config_gateway4 = false;
|
|
1776 |
$conf .= "push \"route-gateway {$settings['gateway']}\"\n";
|
|
1777 |
}
|
|
1778 |
if (!empty($settings['gateway6'])) {
|
|
1779 |
$auto_config_gateway6 = false;
|
|
1780 |
$conf .= "push \"route-ipv6-gateway {$settings['gateway6']}\"\n";
|
|
1781 |
}
|
|
1782 |
|
|
1783 |
// Inactivity override options
|
|
1784 |
if (isset($settings['inactive_seconds'])) {
|
|
1785 |
$conf .= "push \"inactive {$settings['inactive_seconds']}\"\n";
|
|
1786 |
}
|
|
1787 |
|
|
1788 |
// Ping override options
|
|
1789 |
if (isset($settings['ping_seconds'])) {
|
|
1790 |
$conf .= "push \"ping {$settings['ping_seconds']}\"\n";
|
|
1791 |
}
|
|
1792 |
if (isset($settings['ping_action'])) {
|
|
1793 |
$action = str_replace("_", "-", $settings['ping_action']);
|
|
1794 |
$conf .= "push \"{$action} {$settings['ping_action_seconds']}\"\n";
|
|
1795 |
}
|
|
1796 |
|
|
1797 |
// DHCP and gateway redirect options
|
| 1733 |
1798 |
openvpn_add_dhcpopts($settings, $conf);
|
| 1734 |
1799 |
|
|
1800 |
// Custom options
|
| 1735 |
1801 |
openvpn_add_custom($settings, $conf);
|
|
1802 |
|
| 1736 |
1803 |
/* Loop through servers, find which ones can use this CSC */
|
| 1737 |
1804 |
foreach (config_get_path('openvpn/openvpn-server', []) as $serversettings) {
|
| 1738 |
1805 |
if (isset($serversettings['disable'])) {
|
| ... | ... | |
| 1742 |
1809 |
if ($serversettings['vpnid'] && (empty($csc_server_list) || in_array($serversettings['vpnid'], $csc_server_list))) {
|
| 1743 |
1810 |
$csc_path = "{$g['openvpn_base']}/server{$serversettings['vpnid']}/csc/" . basename($settings['common_name']);
|
| 1744 |
1811 |
$csc_conf = $conf;
|
|
1812 |
|
|
1813 |
/* Topology is depends on the server configuration.
|
|
1814 |
* TAP mode always uses a subnet topology */
|
|
1815 |
$topology = ($serversettings['dev_mode'] == 'tap') ? 'subnet' : $serversettings['topology'];
|
|
1816 |
if ($auto_config_topology) {
|
|
1817 |
$csc_conf .= "push \"topology {$topology}\"\n";
|
|
1818 |
}
|
|
1819 |
|
|
1820 |
/* The gateway is the first usable address in the tunnel network.
|
|
1821 |
* If the tunnel network is not set, the gateway must be manually
|
|
1822 |
* defined. This can happen when using a net30 topology and
|
|
1823 |
* resetting options. */
|
|
1824 |
if ($auto_config_gateway6) {
|
|
1825 |
// IPv6 always uses a subnet topology
|
|
1826 |
$tunnel_network = null;
|
|
1827 |
if (!empty($settings['tunnel_networkv6'])) {
|
|
1828 |
$tunnel_network = $settings['tunnel_networkv6'];
|
|
1829 |
} elseif (!empty($serversettings['tunnel_networkv6'])) {
|
|
1830 |
$tunnel_network = $serversettings['tunnel_networkv6'];
|
|
1831 |
}
|
|
1832 |
if (!empty($tunnel_network)) {
|
|
1833 |
$tunnel_network_parts = openvpn_gen_tunnel_network($tunnel_network);
|
|
1834 |
$gateway = ip6_after(gen_subnetv6($tunnel_network_parts[0], $tunnel_network_parts[1]));
|
|
1835 |
$csc_conf .= "push \"route-ipv6-gateway {$gateway}\"\n";
|
|
1836 |
}
|
|
1837 |
}
|
|
1838 |
if ($auto_config_gateway4) {
|
|
1839 |
$tunnel_network = null;
|
|
1840 |
if ($topology == "subnet") {
|
|
1841 |
// The client tunnel network is assumed to be the same as the server's
|
|
1842 |
$tunnel_network = $serversettings['tunnel_network'];
|
|
1843 |
} elseif (!empty($settings['tunnel_network'])) {
|
|
1844 |
$tunnel_network = $settings['tunnel_network'];
|
|
1845 |
}
|
|
1846 |
if (!empty($tunnel_network)) {
|
|
1847 |
$tunnel_network_parts = openvpn_gen_tunnel_network($tunnel_network);
|
|
1848 |
$gateway = ip_after(gen_subnetv4($tunnel_network_parts[0], $tunnel_network_parts[1]), 1);
|
|
1849 |
$csc_conf .= "push \"route-gateway {$gateway}\"\n";
|
|
1850 |
}
|
|
1851 |
}
|
| 1745 |
1852 |
|
| 1746 |
1853 |
if (!empty($serversettings['tunnel_network']) && !empty($settings['tunnel_network'])) {
|
| 1747 |
1854 |
list($ip, $mask) = openvpn_gen_tunnel_network($settings['tunnel_network']);
|
| 1748 |
|
-- a/src/usr/local/www/vpn_openvpn_csc.php
|
|
1855 |
++ b/src/usr/local/www/vpn_openvpn_csc.php
|
| ... | ... | |
| 34 |
34 |
require_once("pfsense-utils.inc");
|
| 35 |
35 |
require_once("pkg-utils.inc");
|
| 36 |
36 |
|
| 37 |
|
global $openvpn_tls_server_modes;
|
|
37 |
global $openvpn_tls_server_modes, $openvpn_ping_action;
|
| 38 |
38 |
|
| 39 |
39 |
init_config_arr(array('openvpn', 'openvpn-csc'));
|
| 40 |
40 |
$a_csc = &$config['openvpn']['openvpn-csc'];
|
| ... | ... | |
| 78 |
78 |
|
| 79 |
79 |
if (($act == "edit") || ($act == "dup")) {
|
| 80 |
80 |
if (isset($id) && $a_csc[$id]) {
|
|
81 |
$pconfig['keep_minimal'] = isset($a_csc[$id]['keep_minimal']);
|
|
82 |
// Handle the "Reset Options" list
|
|
83 |
if (!empty($a_csc[$id]['remove_options'])) {
|
|
84 |
$pconfig['override_options'] = 'remove_specified';
|
|
85 |
$pconfig['remove_options'] = explode(',', $a_csc[$id]['remove_options']);
|
|
86 |
} elseif (isset($a_csc[$id]['push_reset'])) {
|
|
87 |
$pconfig['override_options'] = 'push_reset';
|
|
88 |
}
|
|
89 |
|
| 81 |
90 |
$pconfig['server_list'] = explode(",", $a_csc[$id]['server_list']);
|
| 82 |
91 |
$pconfig['custom_options'] = $a_csc[$id]['custom_options'];
|
| 83 |
92 |
$pconfig['disable'] = isset($a_csc[$id]['disable']);
|
| ... | ... | |
| 89 |
98 |
$pconfig['tunnel_networkv6'] = $a_csc[$id]['tunnel_networkv6'];
|
| 90 |
99 |
$pconfig['local_network'] = $a_csc[$id]['local_network'];
|
| 91 |
100 |
$pconfig['local_networkv6'] = $a_csc[$id]['local_networkv6'];
|
|
101 |
$pconfig['gateway'] = $a_csc[$id]['gateway'];
|
|
102 |
$pconfig['gateway6'] = $a_csc[$id]['gateway6'];
|
| 92 |
103 |
$pconfig['remote_network'] = $a_csc[$id]['remote_network'];
|
| 93 |
104 |
$pconfig['remote_networkv6'] = $a_csc[$id]['remote_networkv6'];
|
| 94 |
105 |
$pconfig['gwredir'] = $a_csc[$id]['gwredir'];
|
|
106 |
$pconfig['gwredir6'] = $a_csc[$id]['gwredir6'];
|
| 95 |
107 |
|
| 96 |
|
$pconfig['push_reset'] = $a_csc[$id]['push_reset'];
|
| 97 |
|
$pconfig['remove_route'] = $a_csc[$id]['remove_route'];
|
|
108 |
$pconfig['inactive_seconds'] = $a_csc[$id]['inactive_seconds'];
|
|
109 |
$pconfig['ping_seconds'] = $a_csc[$id]['ping_seconds'];
|
|
110 |
$pconfig['ping_action'] = $a_csc[$id]['ping_action'];
|
|
111 |
$pconfig['ping_action_seconds'] = $a_csc[$id]['ping_action_seconds'];
|
| 98 |
112 |
|
| 99 |
113 |
$pconfig['dns_domain'] = $a_csc[$id]['dns_domain'];
|
| 100 |
114 |
if ($pconfig['dns_domain']) {
|
| ... | ... | |
| 113 |
127 |
$pconfig['dns_server_enable'] = true;
|
| 114 |
128 |
}
|
| 115 |
129 |
|
|
130 |
$pconfig['push_blockoutsidedns'] = $a_csc[$id]['push_blockoutsidedns'];
|
|
131 |
$pconfig['push_register_dns'] = $a_csc[$id]['push_register_dns'];
|
|
132 |
|
| 116 |
133 |
$pconfig['ntp_server1'] = $a_csc[$id]['ntp_server1'];
|
| 117 |
134 |
$pconfig['ntp_server2'] = $a_csc[$id]['ntp_server2'];
|
| 118 |
135 |
|
| ... | ... | |
| 134 |
151 |
}
|
| 135 |
152 |
|
| 136 |
153 |
$pconfig['nbdd_server1'] = $a_csc[$id]['nbdd_server1'];
|
| 137 |
|
if ($pconfig['nbdd_server1']) {
|
|
154 |
$pconfig['nbdd_server2'] = $a_csc[$id]['nbdd_server2'];
|
|
155 |
|
|
156 |
if ($pconfig['nbdd_server1'] || $pconfig['nbdd_server2']) {
|
| 138 |
157 |
$pconfig['nbdd_server_enable'] = true;
|
| 139 |
158 |
}
|
| 140 |
159 |
}
|
| ... | ... | |
| 157 |
176 |
$input_errors[] = gettext("This user does not have sufficient privileges to edit Advanced options on this instance.");
|
| 158 |
177 |
}
|
| 159 |
178 |
if (!$user_can_edit_advanced && !empty($a_csc[$id]['custom_options'])) {
|
|
179 |
// Restore the "custom options" field
|
| 160 |
180 |
$pconfig['custom_options'] = $a_csc[$id]['custom_options'];
|
| 161 |
181 |
}
|
| 162 |
182 |
|
| ... | ... | |
| 180 |
200 |
$input_errors[] = gettext("The field 'IPv6 Tunnel Network' must contain a valid IPv6 prefix or an alias with a single IPv6 prefix.");
|
| 181 |
201 |
}
|
| 182 |
202 |
|
| 183 |
|
if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4", true)) {
|
|
203 |
if (empty($pconfig['gwredir']) && ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4", true))) {
|
| 184 |
204 |
$input_errors[] = $result;
|
| 185 |
205 |
}
|
| 186 |
206 |
|
| 187 |
|
if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6", true)) {
|
|
207 |
if (empty($pconfig['gwredir6']) && ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6", true))) {
|
| 188 |
208 |
$input_errors[] = $result;
|
| 189 |
209 |
}
|
| 190 |
210 |
|
|
211 |
if (!empty($pconfig['gateway']) && !is_ipaddrv4($pconfig['gateway'])) {
|
|
212 |
$input_errors[] = gettext("The specified IPv4 gateway address is invalid.");
|
|
213 |
}
|
|
214 |
|
|
215 |
if (!empty($pconfig['gateway6']) && !is_ipaddrv6($pconfig['gateway6'])) {
|
|
216 |
$input_errors[] = gettext("The specified IPv6 gateway address is invalid.");
|
|
217 |
}
|
|
218 |
|
| 191 |
219 |
if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4", true)) {
|
| 192 |
220 |
$input_errors[] = $result;
|
| 193 |
221 |
}
|
| ... | ... | |
| 196 |
224 |
$input_errors[] = $result;
|
| 197 |
225 |
}
|
| 198 |
226 |
|
|
227 |
if (!empty($pconfig['inactive_seconds']) && !is_numericint($pconfig['inactive_seconds'])) {
|
|
228 |
$input_errors[] = gettext('The supplied "Inactivity Timeout" value is invalid.');
|
|
229 |
}
|
|
230 |
|
|
231 |
if (!empty($pconfig['ping_seconds']) && !is_numericint($pconfig['ping_seconds'])) {
|
|
232 |
$input_errors[] = gettext('The supplied "Ping Interval" value is invalid.');
|
|
233 |
}
|
|
234 |
if (!empty($pconfig['ping_action']) && ($pconfig['ping_action'] != 'default')) {
|
|
235 |
if (!isset($openvpn_ping_action[$pconfig['ping_action']])) {
|
|
236 |
$input_errors[] = gettext('The field "Ping Action" contains an invalid selection.');
|
|
237 |
}
|
|
238 |
if (!is_numericint($pconfig['ping_action_seconds'])) {
|
|
239 |
$input_errors[] = gettext('The supplied "Ping Action" timeout value is invalid.');
|
|
240 |
}
|
|
241 |
}
|
|
242 |
|
| 199 |
243 |
if ($pconfig['dns_server_enable']) {
|
| 200 |
244 |
if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) {
|
| 201 |
245 |
$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
|
| ... | ... | |
| 239 |
283 |
if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) {
|
| 240 |
284 |
$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
|
| 241 |
285 |
}
|
|
286 |
if (!empty($pconfig['nbdd_server2']) && !is_ipaddr(trim($pconfig['nbdd_server2']))) {
|
|
287 |
$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #2' must contain a valid IP address");
|
| 242 |
288 |
}
|
|
289 |
}
|
| 243 |
290 |
|
| 244 |
291 |
if (!empty($pconfig['netbios_ntype']) &&
|
| 245 |
292 |
!array_key_exists($pconfig['netbios_ntype'], $netbios_nodetypes)) {
|
| ... | ... | |
| 255 |
302 |
if (!$input_errors) {
|
| 256 |
303 |
$csc = array();
|
| 257 |
304 |
|
|
305 |
// Handle "Reset Server Options" and "Reset Options"
|
|
306 |
if ($pconfig['override_options'] == 'push_reset') {
|
|
307 |
$csc['push_reset'] = true;
|
|
308 |
} elseif (($pconfig['override_options'] == 'remove_specified') && !empty($pconfig['remove_options'])) {
|
|
309 |
$csc['remove_options'] = implode(',', $pconfig['remove_options']);
|
|
310 |
}
|
|
311 |
if (isset($pconfig['keep_minimal']) && (isset($csc['push_reset']) || isset($csc['remove_options']))) {
|
|
312 |
$csc['keep_minimal'] = true;
|
|
313 |
}
|
|
314 |
|
| 258 |
315 |
if (is_array($pconfig['server_list'])) {
|
| 259 |
316 |
$csc['server_list'] = implode(",", $pconfig['server_list']);
|
| 260 |
317 |
} else {
|
| ... | ... | |
| 269 |
326 |
$csc['description'] = $pconfig['description'];
|
| 270 |
327 |
$csc['tunnel_network'] = $pconfig['tunnel_network'];
|
| 271 |
328 |
$csc['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
|
|
329 |
|
|
330 |
$csc['gateway'] = $pconfig['gateway'];
|
|
331 |
$csc['gateway6'] = $pconfig['gateway6'];
|
|
332 |
// Don't push routes if redirecting all traffic.
|
|
333 |
if (!empty($pconfig['gwredir'])) {
|
|
334 |
$csc['gwredir'] = $pconfig['gwredir'];
|
|
335 |
} else {
|
| 272 |
336 |
$csc['local_network'] = $pconfig['local_network'];
|
|
337 |
}
|
|
338 |
if (!empty($pconfig['gwredir6'])) {
|
|
339 |
$csc['gwredir6'] = $pconfig['gwredir6'];
|
|
340 |
} else {
|
| 273 |
341 |
$csc['local_networkv6'] = $pconfig['local_networkv6'];
|
|
342 |
}
|
|
343 |
|
| 274 |
344 |
$csc['remote_network'] = $pconfig['remote_network'];
|
| 275 |
345 |
$csc['remote_networkv6'] = $pconfig['remote_networkv6'];
|
| 276 |
|
$csc['gwredir'] = $pconfig['gwredir'];
|
| 277 |
|
$csc['push_reset'] = $pconfig['push_reset'];
|
| 278 |
|
$csc['remove_route'] = $pconfig['remove_route'];
|
| 279 |
346 |
|
|
347 |
if (is_numericint($pconfig['inactive_seconds'])) {
|
|
348 |
$csc['inactive_seconds'] = $pconfig['inactive_seconds'];
|
|
349 |
}
|
|
350 |
if (is_numericint($pconfig['ping_seconds'])) {
|
|
351 |
$csc['ping_seconds'] = $pconfig['ping_seconds'];
|
|
352 |
}
|
|
353 |
if (!empty($pconfig['ping_action']) && ($pconfig['ping_action'] != 'default')) {
|
|
354 |
$csc['ping_action'] = $pconfig['ping_action'];
|
|
355 |
$csc['ping_action_seconds'] = $pconfig['ping_action_seconds'];
|
|
356 |
}
|
|
357 |
|
| 280 |
358 |
if ($pconfig['dns_domain_enable']) {
|
| 281 |
359 |
$csc['dns_domain'] = $pconfig['dns_domain'];
|
| 282 |
360 |
}
|
| ... | ... | |
| 288 |
366 |
$csc['dns_server4'] = $pconfig['dns_server4'];
|
| 289 |
367 |
}
|
| 290 |
368 |
|
|
369 |
$csc['push_blockoutsidedns'] = $pconfig['push_blockoutsidedns'];
|
|
370 |
$csc['push_register_dns'] = $pconfig['push_register_dns'];
|
|
371 |
|
| 291 |
372 |
if ($pconfig['ntp_server_enable']) {
|
| 292 |
373 |
$csc['ntp_server1'] = $pconfig['ntp_server1'];
|
| 293 |
374 |
$csc['ntp_server2'] = $pconfig['ntp_server2'];
|
| 294 |
375 |
}
|
| 295 |
376 |
|
| 296 |
377 |
$csc['netbios_enable'] = $pconfig['netbios_enable'];
|
|
378 |
|
|
379 |
if ($pconfig['netbios_enable']) {
|
| 297 |
380 |
$csc['netbios_ntype'] = $pconfig['netbios_ntype'];
|
| 298 |
381 |
$csc['netbios_scope'] = $pconfig['netbios_scope'];
|
| 299 |
382 |
|
| 300 |
|
if ($pconfig['netbios_enable']) {
|
| 301 |
383 |
if ($pconfig['wins_server_enable']) {
|
| 302 |
384 |
$csc['wins_server1'] = $pconfig['wins_server1'];
|
| 303 |
385 |
$csc['wins_server2'] = $pconfig['wins_server2'];
|
| 304 |
386 |
}
|
| 305 |
387 |
|
| 306 |
|
if ($pconfig['dns_server_enable']) {
|
|
388 |
if ($pconfig['nbdd_server_enable']) {
|
| 307 |
389 |
$csc['nbdd_server1'] = $pconfig['nbdd_server1'];
|
|
390 |
$csc['nbdd_server2'] = $pconfig['nbdd_server2'];
|
| 308 |
391 |
}
|
| 309 |
392 |
}
|
| 310 |
393 |
|
| ... | ... | |
| 407 |
490 |
true
|
| 408 |
491 |
))->setHelp('Select the servers that will utilize this override. When no servers are selected, the override will apply to all servers.');
|
| 409 |
492 |
|
|
493 |
|
|
494 |
$section->addInput(new Form_Select(
|
|
495 |
'override_options',
|
|
496 |
'Reset Server Options',
|
|
497 |
($pconfig['override_options'] ?? 'default'),
|
|
498 |
[
|
|
499 |
'default' => 'Keep all server options (default)',
|
|
500 |
'push_reset' => 'Reset all options',
|
|
501 |
'remove_specified' => 'Remove specified options'
|
|
502 |
]
|
|
503 |
))->setHelp('Prevent this client from receiving server-defined client settings. Other client-specific options on this page will supersede these options.');
|
|
504 |
|
|
505 |
$section->addInput(new Form_Select(
|
|
506 |
'remove_options',
|
|
507 |
'Remove Options',
|
|
508 |
$pconfig['remove_options'],
|
|
509 |
[
|
|
510 |
'remove_route' => 'Local Routes & Gateways',
|
|
511 |
'remove_iroute' => 'Remote Routes',
|
|
512 |
'remove_redirect_gateway' => 'Redirect Gateways',
|
|
513 |
'remove_inactive' => 'Inactivity Timeout',
|
|
514 |
'remove_ping' => 'Client Ping',
|
|
515 |
'remove_ping_action' => 'Ping Action',
|
|
516 |
'remove_dnsdomain' => 'DNS Domains',
|
|
517 |
'remove_dnsservers' => 'DNS Servers',
|
|
518 |
'remove_blockoutsidedns' => 'Block Outside DNS',
|
|
519 |
'remove_ntpservers' => 'NTP Options',
|
|
520 |
'remove_netbios_ntype' => 'NetBIOS Type',
|
|
521 |
'remove_netbios_scope' => 'NetBIOS Scope',
|
|
522 |
'remove_wins' => 'WINS Options'
|
|
523 |
],
|
|
524 |
true
|
|
525 |
))->addClass('remove_options')->setHelp('A "push-remove" option will be sent to the client for the selected options, removing the respective server-defined option.');
|
|
526 |
|
|
527 |
$section->addInput(new Form_Checkbox(
|
|
528 |
'keep_minimal',
|
|
529 |
'Keep minimal options',
|
|
530 |
'Automatically determine the client topology and gateway',
|
|
531 |
$pconfig['keep_minimal']
|
|
532 |
))->setHelp('If checked, generate the required client configuration when server options are reset or removed.');
|
|
533 |
|
| 410 |
534 |
$form->add($section);
|
| 411 |
535 |
|
| 412 |
536 |
$section = new Form_Section('Tunnel Settings');
|
| ... | ... | |
| 431 |
555 |
'<br />');
|
| 432 |
556 |
|
| 433 |
557 |
$section->addInput(new Form_Input(
|
|
558 |
'gateway',
|
|
559 |
'IPv4 Gateway',
|
|
560 |
'text',
|
|
561 |
$pconfig['gateway']
|
|
562 |
))->setHelp('This is the IPv4 Gateway to push to the client. Normally it is left blank and determined automatically.');
|
|
563 |
|
|
564 |
$section->addInput(new Form_Input(
|
|
565 |
'gateway6',
|
|
566 |
'IPv6 Gateway',
|
|
567 |
'text',
|
|
568 |
$pconfig['gateway6']
|
|
569 |
))->setHelp('This is the IPv6 Gateway to push to the client. Normally it is left blank and determined automatically.');
|
|
570 |
|
|
571 |
$section->addInput(new Form_Checkbox(
|
|
572 |
'gwredir',
|
|
573 |
'Redirect IPv4 Gateway',
|
|
574 |
'Force all client generated IPv4 traffic through the tunnel.',
|
|
575 |
$pconfig['gwredir']
|
|
576 |
));
|
|
577 |
|
|
578 |
$section->addInput(new Form_Checkbox(
|
|
579 |
'gwredir6',
|
|
580 |
'Redirect IPv6 Gateway',
|
|
581 |
'Force all client-generated IPv6 traffic through the tunnel.',
|
|
582 |
$pconfig['gwredir6']
|
|
583 |
));
|
|
584 |
|
|
585 |
$section->addInput(new Form_Input(
|
| 434 |
586 |
'local_network',
|
| 435 |
587 |
'IPv4 Local Network/s',
|
| 436 |
588 |
'text',
|
| ... | ... | |
| 468 |
620 |
'NOTE: Remember to add these subnets to the IPv6 Remote Networks list on the corresponding OpenVPN server settings.',
|
| 469 |
621 |
'<br />');
|
| 470 |
622 |
|
| 471 |
|
$section->addInput(new Form_Checkbox(
|
| 472 |
|
'gwredir',
|
| 473 |
|
'Redirect Gateway',
|
| 474 |
|
'Force all client generated traffic through the tunnel.',
|
| 475 |
|
$pconfig['gwredir']
|
| 476 |
|
));
|
| 477 |
|
|
| 478 |
623 |
$form->add($section);
|
| 479 |
624 |
|
| 480 |
|
$section = new Form_Section('Client Settings');
|
|
625 |
$section = new Form_Section('Other Client Settings');
|
| 481 |
626 |
|
| 482 |
|
$section->addInput(new Form_Checkbox(
|
| 483 |
|
'push_reset',
|
| 484 |
|
'Server Definitions',
|
| 485 |
|
'Prevent this client from receiving any server-defined client settings. ',
|
| 486 |
|
$pconfig['push_reset']
|
| 487 |
|
));
|
|
627 |
$section->addInput(new Form_Input(
|
|
628 |
'inactive_seconds',
|
|
629 |
'Inactivity Timeout',
|
|
630 |
'number',
|
|
631 |
$pconfig['inactive_seconds'],
|
|
632 |
['min' => '0']
|
|
633 |
))->setHelp('Set connection inactivity timeout')->setWidth(3);
|
| 488 |
634 |
|
| 489 |
|
/* as "push-reset" can break subnet topology,
|
| 490 |
|
* "push-remove route" removes only IPv4/IPv6 routes, see #9702 */
|
| 491 |
|
$section->addInput(new Form_Checkbox(
|
| 492 |
|
'remove_route',
|
| 493 |
|
'Remove Server Routes',
|
| 494 |
|
'Prevent this client from receiving any server-defined routes without removing any other options. ',
|
| 495 |
|
$pconfig['remove_route']
|
| 496 |
|
));
|
|
635 |
$section->addInput(new Form_Input(
|
|
636 |
'ping_seconds',
|
|
637 |
'Ping Interval',
|
|
638 |
'number',
|
|
639 |
$pconfig['ping_seconds'],
|
|
640 |
['min' => '0']
|
|
641 |
))->setHelp('Set peer ping interval')->setWidth(3);
|
| 497 |
642 |
|
|
643 |
$group = new Form_Group('Ping Action');
|
|
644 |
$group->add(new Form_Select(
|
|
645 |
'ping_action',
|
|
646 |
null,
|
|
647 |
$pconfig['ping_action'] ?? 'default',
|
|
648 |
array_merge([
|
|
649 |
'default' => 'Don\'t override option (default)'
|
|
650 |
], $openvpn_ping_action)
|
|
651 |
))->setHelp('Exit or restart OpenVPN client after server timeout')->setWidth(4);
|
|
652 |
$group->add(new Form_Input(
|
|
653 |
'ping_action_seconds',
|
|
654 |
'timeout seconds',
|
|
655 |
'number',
|
|
656 |
$pconfig['ping_action_seconds'],
|
|
657 |
['min' => '0']
|
|
658 |
))->setWidth(2)->addClass('ping_action_seconds');
|
|
659 |
$section->add($group);
|
|
660 |
|
| 498 |
661 |
$section->addInput(new Form_Checkbox(
|
| 499 |
662 |
'dns_domain_enable',
|
| 500 |
663 |
'DNS Default Domain',
|
| ... | ... | |
| 555 |
718 |
|
| 556 |
719 |
$section->add($group);
|
| 557 |
720 |
|
|
721 |
$section->addInput(new Form_Checkbox(
|
|
722 |
'push_blockoutsidedns',
|
|
723 |
'Block Outside DNS',
|
|
724 |
'Make Windows 10 Clients Block access to DNS servers except across OpenVPN while connected, forcing clients to use only VPN DNS servers.',
|
|
725 |
$pconfig['push_blockoutsidedns']
|
|
726 |
))->setHelp('Requires Windows 10 and OpenVPN 2.3.9 or later. Only Windows 10 is prone to DNS leakage in this way, other clients will ignore the option as they are not affected.');
|
|
727 |
|
|
728 |
$section->addInput(new Form_Checkbox(
|
|
729 |
'push_register_dns',
|
|
730 |
'Force DNS cache update',
|
|
731 |
'Run "net stop dnscache", "net start dnscache", "ipconfig /flushdns" and "ipconfig /registerdns" on connection initiation.',
|
|
732 |
$pconfig['push_register_dns']
|
|
733 |
))->setHelp('This is known to kick Windows into recognizing pushed DNS servers.');
|
|
734 |
|
| 558 |
735 |
// NTP servers
|
| 559 |
736 |
$section->addInput(new Form_Checkbox(
|
| 560 |
737 |
'ntp_server_enable',
|
| ... | ... | |
| 634 |
811 |
|
| 635 |
812 |
$section->add($group);
|
| 636 |
813 |
|
|
814 |
$section->addInput(new Form_Checkbox(
|
|
815 |
'nbdd_server_enable',
|
|
816 |
'NBDD servers',
|
|
817 |
'Provide a NetBIOS over TCP/IP Datagram Distribution Servers list to clients',
|
|
818 |
$pconfig['nbdd_server_enable']
|
|
819 |
));
|
|
820 |
|
|
821 |
$group = new Form_Group(null);
|
|
822 |
|
|
823 |
$group->add(new Form_Input(
|
|
824 |
'nbdd_server1',
|
|
825 |
null,
|
|
826 |
'text',
|
|
827 |
$pconfig['nbdd_server1']
|
|
828 |
))->setHelp('Server 1');
|
|
829 |
|
|
830 |
$group->add(new Form_Input(
|
|
831 |
'nbdd_server2',
|
|
832 |
null,
|
|
833 |
'text',
|
|
834 |
$pconfig['nbdd_server2']
|
|
835 |
))->setHelp('Server 2');
|
|
836 |
|
|
837 |
$group->addClass('nbddservers');
|
|
838 |
|
|
839 |
$section->add($group);
|
|
840 |
|
| 637 |
841 |
$custops = new Form_Textarea(
|
| 638 |
842 |
'custom_options',
|
| 639 |
843 |
'Advanced',
|
| ... | ... | |
| 671 |
875 |
<script type="text/javascript">
|
| 672 |
876 |
//<![CDATA[
|
| 673 |
877 |
events.push(function() {
|
|
878 |
function gwredir_change() {
|
|
879 |
hideInput('local_network', ($('#gwredir').prop('checked')));
|
|
880 |
}
|
|
881 |
|
|
882 |
function gwredir6_change() {
|
|
883 |
hideInput('local_networkv6', ($('#gwredir6').prop('checked')));
|
|
884 |
}
|
|
885 |
|
|
886 |
function ping_action_change() {
|
|
887 |
hideClass('ping_action_seconds', ($('#ping_action').find('option:selected').val() == 'default'));
|
|
888 |
}
|
|
889 |
|
| 674 |
890 |
function dnsdomain_change() {
|
| 675 |
891 |
if ($('#dns_domain_enable').prop('checked')) {
|
| 676 |
892 |
hideClass('dnsdomain', false);
|
| ... | ... | |
| 702 |
918 |
hideInput('netbios_scope', false);
|
| 703 |
919 |
hideCheckbox('wins_server_enable', false);
|
| 704 |
920 |
setWins();
|
|
921 |
hideCheckbox('nbdd_server_enable', false);
|
|
922 |
setNbdds();
|
| 705 |
923 |
} else {
|
| 706 |
924 |
hideInput('netbios_ntype', true);
|
| 707 |
925 |
hideInput('netbios_scope', true);
|
| 708 |
926 |
hideCheckbox('wins_server_enable', true);
|
| 709 |
927 |
hideClass('winsservers', true);
|
|
928 |
hideCheckbox('nbdd_server_enable', true);
|
|
929 |
hideClass('nbddservers', true);
|
| 710 |
930 |
}
|
| 711 |
931 |
}
|
| 712 |
932 |
|
| ... | ... | |
| 714 |
934 |
hideClass('winsservers', ! $('#wins_server_enable').prop('checked'));
|
| 715 |
935 |
}
|
| 716 |
936 |
|
|
937 |
function setNbdds() {
|
|
938 |
hideClass('nbddservers', ! $('#nbdd_server_enable').prop('checked'));
|
|
939 |
}
|
|
940 |
|
|
941 |
function remove_options_change() {
|
|
942 |
hideCheckbox('keep_minimal', ($('#override_options').find('option:selected').val() == 'default'));
|
|
943 |
hideMultiClass('remove_options', ($('#override_options').find('option:selected').val() != 'remove_specified'));
|
|
944 |
}
|
|
945 |
|
| 717 |
946 |
// ---------- Click checkbox handlers ---------------------------------------------------------
|
| 718 |
947 |
|
|
948 |
// On clicking Gateway redirect
|
|
949 |
$('#gwredir').click(function () {
|
|
950 |
gwredir_change();
|
|
951 |
});
|
|
952 |
|
|
953 |
// On clicking Gateway redirect IPv6
|
|
954 |
$('#gwredir6').click(function () {
|
|
955 |
gwredir6_change();
|
|
956 |
});
|
|
957 |
|
|
958 |
// On clicking Ping Action
|
|
959 |
$('#ping_action').click(function () {
|
|
960 |
ping_action_change();
|
|
961 |
});
|
|
962 |
|
| 719 |
963 |
// On clicking DNS Default Domain
|
| 720 |
964 |
$('#dns_domain_enable').click(function () {
|
| 721 |
965 |
dnsdomain_change();
|
| ... | ... | |
| 741 |
985 |
setWins();
|
| 742 |
986 |
});
|
| 743 |
987 |
|
|
988 |
// On clicking the nbdd_server_enable checkbox
|
|
989 |
$('#nbdd_server_enable').click(function () {
|
|
990 |
setNbdds();
|
|
991 |
});
|
|
992 |
|
|
993 |
$('#override_options').on('change', function() {
|
|
994 |
remove_options_change();
|
|
995 |
});
|
| 744 |
996 |
// ---------- On initial page load ------------------------------------------------------------
|
| 745 |
997 |
|
|
998 |
remove_options_change();
|
|
999 |
gwredir_change();
|
|
1000 |
gwredir6_change();
|
|
1001 |
ping_action_change();
|
| 746 |
1002 |
setNetbios();
|
| 747 |
1003 |
dnsdomain_change();
|
| 748 |
1004 |
dnsservers_change();
|
| 749 |
|
-- a/src/etc/inc/util.inc
|
|
1005 |
++ b/src/etc/inc/util.inc
|
| ... | ... | |
| 533 |
533 |
return long2ip32(ip2long($ip) + $offset);
|
| 534 |
534 |
}
|
| 535 |
535 |
|
|
536 |
/**
|
|
537 |
* Return the next IPv6 address after the given address
|
|
538 |
*
|
|
539 |
* @param string $ip IPv6 address
|
|
540 |
*
|
|
541 |
* @return string|false IPv6 address; false if it cannot be incremented
|
|
542 |
*/
|
|
543 |
function ip6_after(string $ip): string|false {
|
|
544 |
/* Convert the IPv6 string to its in_addr representation,
|
|
545 |
* increment it by one, then convert it back to a string. */
|
|
546 |
return inet_ntop(str_pad(gmp_export(
|
|
547 |
str_increment((string) gmp_import(inet_pton($ip)))
|
|
548 |
), 16, "\0", STR_PAD_LEFT));
|
|
549 |
}
|
|
550 |
|
| 536 |
551 |
/* Return true if the first IP is 'before' the second */
|
| 537 |
552 |
function ip_less_than($ip1, $ip2) {
|
| 538 |
553 |
// Compare as unsigned long because otherwise it wouldn't work when
|