/usr/local/www/wizards/openvpn_wizard.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/wizards/openvpn_wizard.inc @ 1cd94dc8

1	4cd437f2	Ermal Lu?i	<?php
2	1e99f2ea	Ermal	/*
3	5ce63c3e	jim-p	Copyright (C) 2010 Ermal Lu?i
4			All rights reserved.
5
6			Redistribution and use in source and binary forms, with or without
7			modification, are permitted provided that the following conditions are met:
8
9			1. Redistributions of source code must retain the above copyright notice,
10			this list of conditions and the following disclaimer.
11
12			2. Redistributions in binary form must reproduce the above copyright
13			notice, this list of conditions and the following disclaimer in the
14			documentation and/or other materials provided with the distribution.
15
16			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
17			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
18			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
20			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25			POSSIBILITY OF SUCH DAMAGE.
26
27			pfSense_MODULE: openvpn
28	1e99f2ea	Ermal	*/
29	eb20f3c5	Ermal Lu?i	require_once("openvpn.inc");
30	4cd437f2	Ermal Lu?i
31	2ca50c87	Ermal Lu?i	function step1_submitphpaction() {
32			global $stepid, $config;
33	4cd437f2	Ermal Lu?i	if ($_POST['authtype'] == "local") {
34	916fae48	jim-p	$stepid = 4;
35	2ca50c87	Ermal Lu?i	$config['ovpnserver']['step1']['type'] = "local";
36	4cd437f2	Ermal Lu?i	} else if ($_POST['authtype'] == "ldap") {
37	eb20f3c5	Ermal Lu?i	$stepid = 0;
38	4cd437f2	Ermal Lu?i	} else if ($_POST['authtype'] == "radius") {
39	dba6bcbf	Ermal Lu?i	$stepid = 2;
40	2ca50c87	Ermal Lu?i	$config['ovpnserver']['step1']['type'] = "radius";
41			unset($config['ovpnserver']['step1']['uselist']);
42	4cd437f2	Ermal Lu?i	}
43			}
44
45	2ca50c87	Ermal Lu?i	function step2_stepbeforeformdisplay() {
46	19142256	Ermal Lu?i	global $pkg, $stepid;
47	4cd437f2	Ermal Lu?i
48			$fields =& $pkg['step'][1]['fields']['field'];
49	5ce63c3e	jim-p
50	30e86d57	Ermal Lu?i	$found = false;
51	4cd437f2	Ermal Lu?i	$authlist = auth_get_authserver_list();
52	dba6bcbf	Ermal Lu?i	$fields[1]['options']['option'] = array();
53	4cd437f2	Ermal Lu?i	foreach ($authlist as $i => $auth) {
54	30e86d57	Ermal Lu?i	if ($auth['type'] != "ldap")
55	4cd437f2	Ermal Lu?i	continue;
56	30e86d57	Ermal Lu?i	$found = true;
57	5ce63c3e	jim-p	$opts = array();
58			$opts['name'] = $auth['name'];
59			$opts['value'] = $auth['name'];
60			$fields[1]['options']['option'][] = $opts;
61	4cd437f2	Ermal Lu?i	}
62	65d6d7fc	Ermal Lu?i	if ($found == false) {
63	5ce63c3e	jim-p	$stepid = 2;
64	30e86d57	Ermal Lu?i	}
65	2ca50c87	Ermal Lu?i	}
66
67			function step2_submitphpaction() {
68	dba6bcbf	Ermal Lu?i	global $stepid;
69	2ca50c87	Ermal Lu?i
70	59ca0954	Ermal Lu?i	if (isset($_POST['next'])) {
71			$_POST['uselist'] = "";
72	7a2ec71b	Ermal Lu?i	$stepid +=3;
73	59ca0954	Ermal Lu?i	}
74	4cd437f2	Ermal Lu?i	}
75
76			function step3_submitphpaction() {
77	59ca0954	Ermal Lu?i	global $stepid, $savemsg, $config;
78	9b4e659a	Ermal Lu?i
79	99a00640	jim-p	/* Default LDAP port is 389 for TCP and 636 for SSL */
80			if (empty($_POST['port'])) {
81			if ($_POST['transport'] == "tcp")
82	494b4e60	jim-p	$config['ovpnserver']['step2']['port'] = 389;
83	99a00640	jim-p	elseif ($_POST['transport'] == "ssl")
84	494b4e60	jim-p	$config['ovpnserver']['step2']['port'] = 636;
85	c88c2df9	jim-p	} elseif (!is_port($_POST['port'])) {
86			$stepid--;
87			$savemsg = "Please enter a valid port number.";
88	99a00640	jim-p	}
89
90			if (empty($_POST['name']) \|\| empty($_POST['ip']) \|\|empty($_POST['transport']) \|\|
91			empty($_POST['scope']) \|\| empty($_POST['basedn']) \|\| empty($_POST['authscope']) \|\| empty($_POST['nameattr'])) {
92	dba6bcbf	Ermal Lu?i	$stepid--;
93			$savemsg = "Please enter all information for authentication server.";
94			} else if (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
95			$stepid--;
96			$savemsg = "Please choose a different name because an authentication server with this name already exists.";
97	c88c2df9	jim-p	} elseif (!is_fqdn($_POST['ip']) && !is_ipaddr($_POST['ip'])) {
98			$stepid--;
99			$savemsg = "Please enter a valid IP address or hostname for the authentication server.";
100	dba6bcbf	Ermal Lu?i	} else {
101	59ca0954	Ermal Lu?i	$config['ovpnserver']['step2']['uselist'] = "on";
102	dba6bcbf	Ermal Lu?i	$_POST['uselist'] = "on";
103			$stepid += 2;
104	4cd437f2	Ermal Lu?i	}
105			}
106
107			function step4_stepbeforeformdisplay() {
108	5ce63c3e	jim-p	global $pkg, $stepid;
109	4cd437f2	Ermal Lu?i
110	5ce63c3e	jim-p	$fields =& $pkg['step'][3]['fields']['field'];
111	4cd437f2	Ermal Lu?i
112	30e86d57	Ermal Lu?i	$found = false;
113	5ce63c3e	jim-p	$authlist = auth_get_authserver_list();
114			$fields[1]['options']['option'] = array();
115			foreach ($authlist as $i => $auth) {
116			if ($auth['type'] != "radius")
117			continue;
118	30e86d57	Ermal Lu?i	$found = true;
119	5ce63c3e	jim-p	$opts = array();
120			$opts['name'] = $auth['name'];
121			$opts['value'] = $auth['name'];
122			$fields[1]['options']['option'][] = $opts;
123			}
124	65d6d7fc	Ermal Lu?i	if ($found == false)
125	5ce63c3e	jim-p	$stepid = 4;
126	4cd437f2	Ermal Lu?i	}
127
128			function step4_submitphpaction() {
129	5ce63c3e	jim-p	global $stepid;
130	2ca50c87	Ermal Lu?i
131	59ca0954	Ermal Lu?i	if (isset($_POST['next'])) {
132	5ce63c3e	jim-p	$_POST['uselist'] = "";
133			$stepid++;
134			}
135	2ca50c87	Ermal Lu?i	}
136
137			function step5_submitphpaction() {
138	59ca0954	Ermal Lu?i	global $stepid, $savemsg, $config;
139	9b4e659a	Ermal Lu?i
140	916fae48	jim-p	/* Default RADIUS Auth port = 1812 */
141	c88c2df9	jim-p	if (empty($_POST['port'])) {
142	494b4e60	jim-p	$config['ovpnserver']['step2']['port'] = 1812;
143	c88c2df9	jim-p	} elseif (!is_port($_POST['port'])) {
144			$stepid--;
145			$savemsg = "Please enter a valid port number.";
146			}
147	916fae48	jim-p
148			if (empty($_POST['name']) \|\| empty($_POST['ip']) \|\| empty($_POST['secret'])) {
149	dba6bcbf	Ermal Lu?i	$stepid--;
150	5ce63c3e	jim-p	$savemsg = "Please enter all information for authentication server.";
151	dba6bcbf	Ermal Lu?i	} else if (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
152			$stepid--;
153			$savemsg = "Please choose a different name because an authentication server with this name already exists.";
154	c88c2df9	jim-p	} elseif (!is_fqdn($_POST['ip']) && !is_ipaddr($_POST['ip'])) {
155			$stepid--;
156			$savemsg = "Please enter a valid IP address or hostname for the authentication server.";
157	5ce63c3e	jim-p	} else {
158	59ca0954	Ermal Lu?i	$config['ovpnserver']['step2']['uselist'] = "on";
159	dba6bcbf	Ermal Lu?i	$_POST['uselist'] = "on";
160	59ca0954	Ermal Lu?i	}
161	4cd437f2	Ermal Lu?i	}
162
163	2ca50c87	Ermal Lu?i	function step6_stepbeforeformdisplay() {
164			global $stepid, $config;
165	9b4e659a	Ermal Lu?i
166	2ca50c87	Ermal Lu?i	if (count($config['system']['ca']) < 1) {
167	dba6bcbf	Ermal Lu?i	$stepid++;
168	2ca50c87	Ermal Lu?i	}
169			}
170
171			function step6_submitphpaction() {
172	59ca0954	Ermal Lu?i	global $stepid, $config;
173	2ca50c87	Ermal Lu?i
174	59ca0954	Ermal Lu?i	if (isset($_POST['next'])) {
175	5ce63c3e	jim-p	$_POST['uselist'] = "";
176			$stepid++;
177			} else {
178	59ca0954	Ermal Lu?i	$config['ovpnserver']['step6']['uselist'] = "on";
179	5ce63c3e	jim-p	$_POST['uselist'] = "on";
180	59ca0954	Ermal Lu?i	}
181	2ca50c87	Ermal Lu?i	}
182
183			function step7_submitphpaction() {
184	59ca0954	Ermal Lu?i	global $stepid, $savemsg, $_POST, $config;
185	a84eb838	jim-p
186	6f8b8ed0	jim-p	$canames = array();
187	a84eb838	jim-p	$cacns = array();
188	27e21d1c	jim-p	if (is_array($config['system']['ca'])) {
189			foreach($config['system']['ca'] as $ca) {
190			$canames[] = $ca['name'];
191			$cainfo = cert_get_subject_hash($ca['crt']);
192			$cacns[] = $cainfo["CN"];
193			}
194	6f8b8ed0	jim-p	}
195	dba6bcbf	Ermal Lu?i
196	2ca50c87	Ermal Lu?i	if (empty($_POST['name']) \|\| empty($_POST['keylength']) \|\| empty($_POST['lifetime']) \|\|
197	5ce63c3e	jim-p	empty($_POST['country']) \|\| empty($_POST['state']) \|\| empty($_POST['city']) \|\|
198			empty($_POST['organization']) \|\| empty($_POST['email'])) {
199	dba6bcbf	Ermal Lu?i	$stepid--;
200	5ce63c3e	jim-p	$savemsg = "Please enter all information for the new Certificate Authority.";
201	a84eb838	jim-p	} elseif (in_array($_POST['name'], $canames) \|\| in_array($_POST['name'], $cacns)) {
202	6f8b8ed0	jim-p	$stepid--;
203			$savemsg = "Please enter a different name for the Certicicate Authority. A Certificate Authority with that name already exists.";
204	6e6a5ce3	jim-p	} elseif (strlen($_POST['country']) != 2) {
205			$stepid--;
206			$savemsg = "Please enter only a two-letter ISO country code";
207	5ce63c3e	jim-p	} else {
208	e6fba3b4	Ermal Lu?i	$config['ovpnserver']['step6']['uselist'] = "on";
209	dba6bcbf	Ermal Lu?i	$_POST['uselist'] = "on";
210	59ca0954	Ermal Lu?i	}
211	4cd437f2	Ermal Lu?i	}
212
213	2ca50c87	Ermal Lu?i	function step8_stepbeforeformdisplay() {
214	5ce63c3e	jim-p	global $stepid, $config;
215	9b4e659a	Ermal Lu?i
216	5ce63c3e	jim-p	if (count($config['system']['cert']) < 1 \|\|
217	2ca50c87	Ermal Lu?i	(count($config['system']['cert']) == 1 && stristr($config['system']['cert'][0]['name'], "webconf"))) {
218	dba6bcbf	Ermal Lu?i	$stepid++;
219	5ce63c3e	jim-p	}
220	2ca50c87	Ermal Lu?i	}
221
222			function step8_submitphpaction() {
223	dba6bcbf	Ermal Lu?i	global $stepid, $_POST;
224	2ca50c87	Ermal Lu?i
225	59ca0954	Ermal Lu?i	if (isset($_POST['next'])) {
226	5ce63c3e	jim-p	$_POST['uselist'] = "";
227			$stepid++;
228			}
229	2ca50c87	Ermal Lu?i	}
230
231	bd4d0f89	Ermal	function step9_stepbeforeformdisplay() {
232	a314bebc	Ermal	global $config, $pkg, $stepid;
233	bd4d0f89	Ermal
234			$pconfig = $config['ovpnserver'];
235
236			if (isset($pconfig['step6']['uselist'])) {
237	5ce63c3e	jim-p	$country = $pconfig['step6']['country'];
238			$state = $pconfig['step6']['state'];
239			$city = $pconfig['step6']['city'];
240			$org = $pconfig['step6']['organization'];
241			} else {
242	bd4d0f89	Ermal	$ca = lookup_ca($pconfig['step6']['authcertca']);
243			$cavl = cert_get_subject_array($ca['crt']);
244			$country = $cavl[0]['v'];
245			$state = $cavl[1]['v'];
246			$city = $cavl[2]['v'];
247			$org = $cavl[3]['v'];
248	5ce63c3e	jim-p	}
249	bd4d0f89	Ermal	$fields =& $pkg['step'][$stepid]['fields']['field'];
250
251			foreach ($fields as $idx => $field) {
252			switch ($field['name']) {
253			case 'country':
254			$fields[$idx]['value'] = $country;
255			break;
256			case 'state':
257			$fields[$idx]['value'] = $state;
258			break;
259			case 'city':
260			$fields[$idx]['value'] = $city;
261			break;
262			case 'organization':
263			$fields[$idx]['value'] = $org;
264			break;
265			}
266			}
267			}
268
269	2ca50c87	Ermal Lu?i	function step9_submitphpaction() {
270	59ca0954	Ermal Lu?i	global $stepid, $savemsg, $_POST, $config;
271	2ca50c87	Ermal Lu?i
272	6f8b8ed0	jim-p	$certnames = array();
273	a84eb838	jim-p	$certcns = array();
274	4f529aa8	Chris Buechler	if (is_array($config['system']['cert'])) {
275			foreach($config['system']['cert'] as $cert) {
276			$certnames[] = $cert['name'];
277			$certinfo = cert_get_subject_hash($cert['crt']);
278			$certcns[] = $certinfo["CN"];
279			}
280	6f8b8ed0	jim-p	}
281
282	5ce63c3e	jim-p	if (empty($_POST['name']) \|\| empty($_POST['keylength']) \|\| empty($_POST['lifetime']) \|\|
283	2ca50c87	Ermal Lu?i	empty($_POST['country']) \|\| empty($_POST['state']) \|\| empty($_POST['city']) \|\|
284	47aa4fc4	Ermal	empty($_POST['organization']) \|\| empty($_POST['email'])) {
285	dba6bcbf	Ermal Lu?i	$stepid--;
286	5ce63c3e	jim-p	$savemsg = "Please enter all information for the new certificate.";
287	a84eb838	jim-p	} elseif (in_array($_POST['name'], $certnames) \|\| in_array($_POST['name'], $certcns)) {
288	6f8b8ed0	jim-p	$stepid--;
289	a84eb838	jim-p	$savemsg = "Please enter a different name for the Certicicate. A Certificate with that name/common name already exists.";
290	6e6a5ce3	jim-p	} elseif (strlen($_POST['country']) != 2) {
291			$stepid--;
292			$savemsg = "Please enter only a two-letter ISO country code";
293	5ce63c3e	jim-p	} else {
294	59ca0954	Ermal Lu?i	$config['ovpnserver']['step9']['uselist'] = "on";
295	dba6bcbf	Ermal Lu?i	$_POST['uselist'] = "on";
296			}
297	eb20f3c5	Ermal Lu?i	}
298
299	2ca50c87	Ermal Lu?i	function step10_stepbeforeformdisplay() {
300	eb20f3c5	Ermal Lu?i	global $pkg, $stepid, $netbios_nodetypes;
301
302			foreach ($pkg['step'][$stepid]['fields']['field'] as $idx => $field) {
303			if ($field['name'] == "crypto") {
304	5ce63c3e	jim-p	$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
305	eb20f3c5	Ermal Lu?i	$cipherlist = openvpn_get_cipherlist();
306	979fb419	Ermal	foreach ($cipherlist as $name => $desc) {
307	eb20f3c5	Ermal Lu?i	$opt = array();
308	5ce63c3e	jim-p	$opt['name'] = $desc;
309			$opt['value'] = $name;
310			$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
311	979fb419	Ermal	}
312	eb20f3c5	Ermal Lu?i	} else if ($field['name'] == "nbttype") {
313	5ce63c3e	jim-p	$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
314	eb20f3c5	Ermal Lu?i	foreach ($netbios_nodetypes as $type => $name) {
315			$opt = array();
316			$opt['name'] = $name;
317			$opt['value'] = $type;
318	5ce63c3e	jim-p	$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
319	eb20f3c5	Ermal Lu?i	}
320	f9fa5d10	Ermal	} else if ($field['name'] == "localport") {
321	c0f650c4	jim-p	$pkg['step'][$stepid]['fields']['field'][$idx]['value'] = openvpn_port_next('UDP');
322	eb20f3c5	Ermal Lu?i	}
323			}
324	4cd437f2	Ermal Lu?i	}
325
326	2ca50c87	Ermal Lu?i	function step10_submitphpaction() {
327	eb20f3c5	Ermal Lu?i	global $savemsg, $stepid;
328
329	c0f650c4	jim-p	/* Default OpenVPN port to next available port if left empty. */
330	5ce63c3e	jim-p	if (empty($_POST['localport']))
331	c0f650c4	jim-p	$pconfig["step10"]["localport"] = openvpn_port_next('UDP');
332	5ce63c3e	jim-p
333	eb20f3c5	Ermal Lu?i	/* input validation */
334	5ce63c3e	jim-p	if ($result = openvpn_validate_port($_POST['localport'], 'Local port'))
335			$input_errors[] = $result;
336	eb20f3c5	Ermal Lu?i
337	5ce63c3e	jim-p	if ($result = openvpn_validate_cidr($_POST['tunnelnet'], 'Tunnel network'))
338			$input_errors[] = $result;
339	eb20f3c5	Ermal Lu?i
340	5ce63c3e	jim-p	if ($result = openvpn_validate_cidr($_POST['localnet'], 'Local network'))
341			$input_errors[] = $result;
342	eb20f3c5	Ermal Lu?i
343			$portused = openvpn_port_used($_POST['protocol'], $_POST['localport']);
344			if ($portused != 0)
345	5ce63c3e	jim-p	$input_errors[] = "The specified 'Local port' is in use. Please select another value";
346
347	eb20f3c5	Ermal Lu?i	if (!isset($_POST['generatetlskey']) && isset($_POST['tlsauthentication']))
348			if (!strstr($_POST['tlssharedkey'], "-----BEGIN OpenVPN Static key V1-----") \|\|
349			!strstr($_POST['tlssharedkey'], "-----END OpenVPN Static key V1-----"))
350	5ce63c3e	jim-p	$input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid";
351	eb20f3c5	Ermal Lu?i
352			if (!empty($_POST['dnsserver1']) && !is_ipaddr(trim($_POST['dnsserver1'])))
353			$input_errors[] = "The field 'DNS Server #1' must contain a valid IP address";
354			if (!empty($_POST['dnsserver2']) && !is_ipaddr(trim($_POST['dnsserver2'])))
355			$input_errors[] = "The field 'DNS Server #2' must contain a valid IP address";
356			if (!empty($_POST['dnsserver3']) && !is_ipaddr(trim($_POST['dnsserver3'])))
357			$input_errors[] = "The field 'DNS Server #3' must contain a valid IP address";
358			if (!empty($_POST['dnsserver4']) && !is_ipaddr(trim($_POST['dnsserver4'])))
359			$input_errors[] = "The field 'DNS Server #4' must contain a valid IP address";
360
361			if (!empty($_POST['ntpserver1']) && !is_ipaddr(trim($_POST['ntpserver1'])))
362			$input_errors[] = "The field 'NTP Server #1' must contain a valid IP address";
363			if (!empty($_POST['ntpserver2']) && !is_ipaddr(trim($_POST['ntpserver2'])))
364			$input_errors[] = "The field 'NTP Server #2' must contain a valid IP address";
365
366			if (!empty($_POST['winsserver1']) && !is_ipaddr(trim($_POST['winsserver1'])))
367			$input_errors[] = "The field 'WINS Server #1' must contain a valid IP address";
368			if (!empty($_POST['winsserver2']) && !is_ipaddr(trim($_POST['winsserver2'])))
369			$input_errors[] = "The field 'WINS Server #2' must contain a valid IP address";
370
371			if ($_POST['concurrentcon'] && !is_numeric($_POST['concurrentcon']))
372	5ce63c3e	jim-p	$input_errors[] = "The field 'Concurrent connections' must be numeric.";
373	4cd437f2	Ermal Lu?i
374	eb20f3c5	Ermal Lu?i	if (empty($_POST['tunnelnet']))
375			$input_errors[] = "You must specify a 'Tunnel network'.";
376
377			if (count($input_errors) > 0) {
378			$savemsg = $input_errors[0];
379			$stepid = $stepid - 1;
380			}
381	81d3be1f	Ermal Lu?i	}
382
383	2ca50c87	Ermal Lu?i	function step12_submitphpaction() {
384	81d3be1f	Ermal Lu?i	global $config;
385
386			$pconfig = $config['ovpnserver'];
387
388			if (!is_array($config['ovpnserver'])) {
389			$message = "No configuration found please retry again.";
390	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
391			exit;
392	81d3be1f	Ermal Lu?i	}
393
394	59ca0954	Ermal Lu?i	if ($pconfig['step1']['type'] == "local") {
395			$auth = array();
396			$auth['name'] = "Local Database";
397			$auth['type'] = "local";
398			} else if (isset($pconfig['step2']['uselist'])) {
399	eb20f3c5	Ermal Lu?i	$auth = array();
400			$auth['type'] = $pconfig['step1']['type'];
401			$auth['refid'] = uniqid();
402			$auth['name'] = $pconfig['step2']['authtype'];
403	5ce63c3e	jim-p
404	eb20f3c5	Ermal Lu?i	if ($auth['type'] == "ldap") {
405			$auth['host'] = $pconfig['step2']['ip'];
406			$auth['ldap_port'] = $pconfig['step2']['port'];
407			if ($pconfig['step1']['transport'] == "tcp")
408			$auth['ldap_urltype'] = 'TCP - Standard';
409			else
410			$auth['ldap_urltype'] = 'SSL - Encrypted';
411			$auth['ldap_protver'] = 3;
412			$auth['ldap_scope'] = $pconfig['step2']['scope'];
413	99a00640	jim-p	$auth['ldap_basedn'] = $pconfig['step2']['basedn'];
414	eb20f3c5	Ermal Lu?i	$auth['ldap_authcn'] = $pconfig['step2']['authscope'];
415			$auth['ldap_binddn'] = $pconfig['step2']['userdn'];
416			$auth['ldap_bindpw'] = $pconfig['step2']['passdn'];
417			$auth['ldap_attr_user'] = $pconfig['step1']['nameattr'];
418			$auth['ldap_attr_member'] = $pconfig['step1']['memberattr'];
419			$auth['ldap_attr_group'] = $pconfig['step1']['groupattr'];
420			} else if ($auth['type'] == "radius") {
421			$auth['host'] = $pconfig['step2']['ip'];
422			$auth['radius_auth_port'] = $pconfig['step2']['port'];
423			$auth['radius_secret'] = $pconfig['step2']['password'];
424			$auth['radius_srvcs'] = "auth";
425			}
426			if (!is_array($config['system']['authserver']))
427			$config['system']['authserver'] = array();
428
429			$config['system']['authserver'][] = $auth;
430			} else if (!isset($pconfig['step2']['uselist']) && empty($pconfig['step2']['authserv'])) {
431			$message = "Please choose an authentication server .";
432	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
433			exit;
434	eb20f3c5	Ermal Lu?i	} else if (!($auth = auth_get_authserver($pconfig['step2']['authserv']))) {
435			$message = "Not a valid authentication server has been specified.";
436	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
437			exit;
438	eb20f3c5	Ermal Lu?i	}
439
440	eff77cb7	jim-p	if (isset($pconfig['step6']['uselist']) && !empty($pconfig['step6']['certca'])) {
441	eb20f3c5	Ermal Lu?i	$ca = array();
442			$ca['refid'] = uniqid();
443	cd6a4b1d	Ermal Lu?i	$ca['name'] = $pconfig['step6']['certca'];
444	eb20f3c5	Ermal Lu?i	$dn = array(
445	2ca50c87	Ermal Lu?i	'countryName' => $pconfig['step6']['country'],
446			'stateOrProvinceName' => $pconfig['step6']['state'],
447			'localityName' => $pconfig['step6']['city'],
448			'organizationName' => $pconfig['step6']['organization'],
449			'emailAddress' => $pconfig['step6']['email'],
450	47aa4fc4	Ermal	'commonName' => $pconfig['step6']['certca']);
451	eb20f3c5	Ermal Lu?i
452	2ca50c87	Ermal Lu?i	ca_create($ca, $pconfig['step6']['keylength'], $pconfig['step6']['lifetime'], $dn);
453	eb20f3c5	Ermal Lu?i	if (!is_array($config['system']['ca']))
454			$config['system']['ca'] = array();
455
456			$config['system']['ca'][] = $ca;
457	2ca50c87	Ermal Lu?i	} else if (!isset($pconfig['step6']['uselist']) && empty($pconfig['step6']['authcertca'])) {
458	ee3fe1e2	Chris Buechler	$message = "Please choose a Certificate Authority.";
459	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
460			exit;
461	2ca50c87	Ermal Lu?i	} else if (!($ca = lookup_ca($pconfig['step6']['authcertca']))) {
462	ee3fe1e2	Chris Buechler	$message = "Not a valid Certificate Authority specified.";
463	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
464			exit;
465	81d3be1f	Ermal Lu?i	}
466	eb20f3c5	Ermal Lu?i
467	2ca50c87	Ermal Lu?i	if (isset($pconfig['step9']['uselist'])) {
468	5ce63c3e	jim-p	$cert = array();
469			$cert['refid'] = uniqid();
470			$cert['name'] = $pconfig['step9']['certname'];
471			$dn = array(
472			'countryName' => $pconfig['step9']['country'],
473			'stateOrProvinceName' => $pconfig['step9']['state'],
474			'localityName' => $pconfig['step9']['city'],
475			'organizationName' => $pconfig['step9']['organization'],
476			'emailAddress' => $pconfig['step9']['email'],
477			'commonName' => $pconfig['step9']['certname']);
478
479			cert_create($cert, $ca['refid'], $pconfig['step9']['keylength'], $pconfig['step9']['lifetime'], $dn);
480			if (!is_array($config['system']['cert']))
481			$config['system']['cert'] = array();
482
483			$config['system']['cert'][] = $cert;
484	2ca50c87	Ermal Lu?i	} else if (!isset($pconfig['step6']['uselist']) && empty($pconfig['step9']['authcertname'])) {
485	81d3be1f	Ermal Lu?i	$message = "Please choose a Certificate.";
486	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
487			exit;
488	2ca50c87	Ermal Lu?i	} else if (!($cert = lookup_cert($pconfig['step9']['authcertname']))) {
489	5ce63c3e	jim-p	$message = "Not a valid Certificate specified.";
490			header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
491			exit;
492			}
493	81d3be1f	Ermal Lu?i	$server = array();
494			$server['vpnid'] = openvpn_vpnid_next();
495	eb20f3c5	Ermal Lu?i	switch ($auth['type']) {
496			case "ldap":
497	5ce63c3e	jim-p	$server['authmode'] = $auth['name'];
498			$server['mode'] = "server_user";
499			break;
500			case "radius":
501			$server['authmode'] = $auth['name'];
502			$server['mode'] = "server_user";
503			break;
504			default:
505			$server['authmode'] = "Local Database";
506			$server['mode'] = "server_tls_user";
507			break;
508	eb20f3c5	Ermal Lu?i	}
509			$server['caref'] = $ca['refid'];
510			$server['certref'] = $cert['refid'];
511	2ca50c87	Ermal Lu?i	$server['protocol'] = $pconfig['step10']['protocol'];
512			$server['interface'] = $pconfig['step10']['interface'];
513			if (isset($pconfig['step10']['localport']))
514	dba6bcbf	Ermal Lu?i	$server['local_port'] = $pconfig['step10']['localport'];
515	1bd4b4dc	jim-p
516			if (strlen($pconfig['step10']['descr']) > 30)
517			$pconfig['step10']['descr'] = substr($pconfig['step10']['descr'], 0, 30);
518	2ca50c87	Ermal Lu?i	$server['description'] = $pconfig['step10']['descr'];
519			$server['custom_options'] = $pconfig['step10']['advanced'];
520			if (isset($pconfig['step10']['tlsauth'])) {
521			if (isset($pconfig['step10']['gentlskey']))
522	eb20f3c5	Ermal Lu?i	$tlskey = openvpn_create_key();
523			else
524	2ca50c87	Ermal Lu?i	$tlskey = $pconfig['step10']['tlskey'];
525	eb20f3c5	Ermal Lu?i	$server['tls'] = base64_encode($tlskey);
526			}
527	2ca50c87	Ermal Lu?i	$server['dh_length'] = $pconfig['step10']['dhkey'];
528			$server['tunnel_network'] = $pconfig['step10']['tunnelnet'];
529			if (isset($pconfig['step10']['rdrgw']))
530			$server['gwredir'] = $pconfig['step10']['rdrgw'];
531			if (isset($pconfig['step10']['localnet']))
532			$server['local_network'] = $pconfig['step10']['localnet'];
533			if (isset($pconfig['step10']['concurrentcon']))
534			$server['maxclients'] = $pconfig['step10']['concurrentcon'];
535			if (isset($pconfig['step10']['compression']))
536			$server['compression'] = $pconfig['step10']['compression'];
537			if (isset($pconfig['step10']['tos']))
538			$server['passtos'] = $pconfig['step10']['tos'];
539			if (isset($pconfig['step10']['interclient']))
540			$server['client2client'] = $pconfig['step10']['interclient'];
541	df6df70f	jim-p	if (isset($pconfig['step10']['dynip']))
542			$server['dynamic_ip'] = $pconfig['step10']['dynip'];
543	2ca50c87	Ermal Lu?i	if (isset($pconfig['step10']['addrpool']))
544			$server['pool_enable'] = $pconfig['step10']['addrpool'];
545			if (isset($pconfig['step10']['defaultdomain']))
546			$server['dns_domain'] = $pconfig['step10']['defaultdomain'];
547			if (isset($pconfig['step10']['dns1']))
548			$server['dns_server1'] = $pconfig['step10']['dns1'];
549			if (isset($pconfig['step10']['dns2']))
550			$server['dns_server2'] = $pconfig['step10']['dns2'];
551			if (isset($pconfig['step10']['dns3']))
552			$server['dns_server3'] = $pconfig['step10']['dns3'];
553			if (isset($pconfig['step10']['dns4']))
554			$server['dns_server4'] = $pconfig['step10']['dns4'];
555			if (isset($pconfig['step10']['ntp1']))
556			$server['ntp_server1'] = $pconfig['step10']['ntp1'];
557			if (isset($pconfig['step10']['ntp2']))
558			$server['ntp_server2'] = $pconfig['step10']['ntp2'];
559			if (isset($pconfig['step10']['wins1']))
560			$server['wins_server1'] = $pconfig['step10']['wins1'];
561			if (isset($pconfig['step10']['wins2']))
562			$server['wins_server2'] = $pconfig['step10']['wins2'];
563			if (isset($pconfig['step10']['nbtenable'])) {
564			$server['netbios_ntype'] = $pconfig['step10']['nbttype'];
565			if (isset($pconfig['step10']['nbtscope']))
566			$server['netbios_scope'] = $pconfig['step10']['nbtscope'];
567			$server['netbios_enable'] = $pconfig['step10']['nbtenable'];
568	eb20f3c5	Ermal Lu?i	}
569	2ca50c87	Ermal Lu?i	$server['crypto'] = $pconfig['step10']['crypto'];
570	dba6bcbf	Ermal Lu?i
571			if (isset($pconfig['step11']['ovpnrule'])) {
572			$rule = array();
573	1bd4b4dc	jim-p	$rule['descr'] = gettext("OpenVPN {$server['description']} wizard");
574			/* Ensure the rule descr is not too long for pf to handle */
575			if (strlen($rule['descr']) > 52)
576			$rule['descr'] = substr($rule['descr'], 0, 52);
577	dba6bcbf	Ermal Lu?i	$rule['direction'] = "in";
578			$rule['source']['any'] = TRUE;
579			$rule['destination']['network'] = $server['interface'] . "ip";
580			$rule['destination']['port'] = $server['local_port'];
581			$rule['interface'] = $server['interface'];
582			$rule['protocol'] = $server['protocol'];
583			$rule['type'] = "pass";
584			$rule['enabled'] = "on";
585			$config['filter']['rule'][] = $rule;
586			}
587			if (isset($pconfig['step11']['ovpnallow'])) {
588	5ce63c3e	jim-p	$rule = array();
589	1bd4b4dc	jim-p	$rule['descr'] = gettext("OpenVPN {$server['description']} wizard");
590			/* Ensure the rule descr is not too long for pf to handle */
591			if (strlen($rule['descr']) > 52)
592			$rule['descr'] = substr($rule['descr'], 0, 52);
593	5ce63c3e	jim-p	$rule['source']['any'] = TRUE;
594			$rule['destination']['any'] = TRUE;
595			$rule['interface'] = "openvpn";
596			//$rule['protocol'] = $server['protocol'];
597			$rule['type'] = "pass";
598			$rule['enabled'] = "on";
599			$config['filter']['rule'][] = $rule;
600			}
601
602	eb20f3c5	Ermal Lu?i	if (!is_array($config['openvpn']['openvpn-server']))
603			$config['openvpn']['openvpn-server'] = array();
604
605			$config['openvpn']['openvpn-server'][] = $server;
606	81d3be1f	Ermal Lu?i
607	eb20f3c5	Ermal Lu?i	openvpn_resync('server', $server);
608			write_config();
609			header("Location: vpn_openvpn_server.php");
610			exit;
611	4cd437f2	Ermal Lu?i	}
612	2ca50c87	Ermal Lu?i
613	4cd437f2	Ermal Lu?i	?>

Project

General

Profile

pfSense