/src/usr/local/www/system_hasync.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_hasync.php @ 3032e3b7

1	f97a5b04	Darren Embry	<?php
2			/*
3	c5d81585	Renato Botelho	* system_hasync.php
4	b9043cdc	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	8f585441	Luiz Souza	* Copyright (c) 2014-2021 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* All rights reserved.
10	b9043cdc	Stephen Beaver	*
11	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
12			* you may not use this file except in compliance with the License.
13			* You may obtain a copy of the License at
14	b9043cdc	Stephen Beaver	*
15	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
16	b9043cdc	Stephen Beaver	*
17	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
18			* distributed under the License is distributed on an "AS IS" BASIS,
19			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20			* See the License for the specific language governing permissions and
21			* limitations under the License.
22	b9043cdc	Stephen Beaver	*/
23	f97a5b04	Darren Embry
24			##\|+PRIV
25			##\|*IDENT=page-system-hasync
26			##\|*NAME=System: High Availability Sync
27			##\|*DESCR=Allow access to the 'System: High Availability Sync' page.
28			##\|MATCH=system_hasync.php
29			##\|-PRIV
30
31	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
32	f97a5b04	Darren Embry
33	c6c398c6	jim-p	init_config_arr(array('hasync'));
34	f97a5b04	Darren Embry	$a_hasync = &$config['hasync'];
35
36	d38bd840	Phil Davis	$checkbox_names = array(
37			'pfsyncenabled',
38	f9ed5d57	James Webb	'adminsync',
39	d38bd840	Phil Davis	'synchronizeusers',
40			'synchronizeauthservers',
41			'synchronizecerts',
42			'synchronizerules',
43			'synchronizeschedules',
44			'synchronizealiases',
45			'synchronizenat',
46			'synchronizeipsec',
47			'synchronizeopenvpn',
48			'synchronizedhcpd',
49			'synchronizewol',
50			'synchronizestaticroutes',
51			'synchronizevirtualip',
52			'synchronizetrafficshaper',
53			'synchronizetrafficshaperlimiter',
54			'synchronizednsforwarder',
55			'synchronizecaptiveportal');
56	f97a5b04	Darren Embry
57			if ($_POST) {
58			$pconfig = $_POST;
59			foreach ($checkbox_names as $name) {
60			$a_hasync[$name] = $pconfig[$name] ? $pconfig[$name] : false;
61			}
62	76d6d925	Stephen Beaver	$a_hasync['pfsyncpeerip'] = $pconfig['pfsyncpeerip'];
63	f97a5b04	Darren Embry	$a_hasync['pfsyncinterface'] = $pconfig['pfsyncinterface'];
64			$a_hasync['synchronizetoip'] = $pconfig['synchronizetoip'];
65	76d6d925	Stephen Beaver	$a_hasync['username'] = $pconfig['username'];
66	c8b10b4c	Stephen Beaver
67			if ($pconfig['passwordfld'] == $pconfig['passwordfld_confirm']) {
68	76d6d925	Stephen Beaver	if ($pconfig['passwordfld'] != DMYPWD) {
69			$a_hasync['password'] = $pconfig['passwordfld'];
70			}
71	c8b10b4c	Stephen Beaver	} else {
72			$input_errors[] = gettext("Password and confirmation must match.");
73			}
74
75	1c3a5b0b	Viktor G	if (!empty($pconfig['pfsyncpeerip']) && !is_ipaddrv4($pconfig['pfsyncpeerip'])) {
76			$input_errors[] = gettext("pfsync Synchronize Peer IP must be an IPv4 IP.");
77			}
78
79			if (!empty($pconfig['synchronizetoip']) && !is_ipaddr($pconfig['synchronizetoip'])) {
80	bf9d8809	Viktor G	$input_errors[] = gettext("Synchronize Config to IP must be a valid IP address.");
81	0eb688c5	Chris Buechler	}
82
83	c8b10b4c	Stephen Beaver	if (!$input_errors) {
84			write_config("Updated High Availability Sync configuration");
85			interfaces_sync_setup();
86			header("Location: system_hasync.php");
87			exit();
88			}
89	f97a5b04	Darren Embry	}
90
91			foreach ($checkbox_names as $name) {
92			$pconfig[$name] = $a_hasync[$name];
93			}
94	cb7b3761	sbeaver	$pconfig['pfsyncpeerip'] = $a_hasync['pfsyncpeerip'];
95	f97a5b04	Darren Embry	$pconfig['pfsyncinterface'] = $a_hasync['pfsyncinterface'];
96			$pconfig['synchronizetoip'] = $a_hasync['synchronizetoip'];
97	cb7b3761	sbeaver	$pconfig['username'] = $a_hasync['username'];
98			$pconfig['passwordfld'] = $a_hasync['password'];
99	f97a5b04	Darren Embry
100			$ifaces = get_configured_interface_with_descr();
101			$ifaces["lo0"] = "loopback";
102
103	d38bd840	Phil Davis	$pgtitle = array(gettext("System"), gettext("High Availability Sync"));
104	345ce722	jim-p	$shortcut_section = "carp";
105	cb7b3761	sbeaver
106			// Build a list of available interfaces
107			$iflist = array();
108			foreach ($ifaces as $ifname => $iface) {
109			$iflist[$ifname] = $iface;
110			}
111
112	f97a5b04	Darren Embry	include("head.inc");
113	cb7b3761	sbeaver
114	c8b10b4c	Stephen Beaver	if ($input_errors) {
115			print_input_errors($input_errors);
116			}
117
118	38e06c66	Sjon Hortensius	$form = new Form;
119	cb7b3761	sbeaver
120			$section = new Form_Section('State Synchronization Settings (pfsync)');
121
122			$section->addInput(new Form_Checkbox(
123			'pfsyncenabled',
124			'Synchronize states',
125			'pfsync transfers state insertion, update, and deletion messages between firewalls.',
126			($pconfig['pfsyncenabled'] === 'on'),
127			'on'
128			))->setHelp('Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240).' .
129	781d9ce4	Phil Davis	' It also listens on that interface for similar messages from other firewalls, and imports them into the local state table.%1$s' .
130			'This setting should be enabled on all members of a failover group.%1$s' .
131			'Clicking "Save" will force a configuration sync if it is enabled! (see Configuration Synchronization Settings below)', '<br />');
132	cb7b3761	sbeaver
133			$section->addInput(new Form_Select(
134			'pfsyncinterface',
135	11482216	Luiz Otavio O Souza	'Synchronize Interface',
136	cb7b3761	sbeaver	$pconfig['pfsyncinterface'],
137			$iflist
138	781d9ce4	Phil Davis	))->setHelp('If Synchronize States is enabled this interface will be used for communication.%1$s' .
139			'It is recommended to set this to an interface other than LAN! A dedicated interface works the best.%1$s' .
140			'An IP must be defined on each machine participating in this failover group.%1$s' .
141			'An IP must be assigned to the interface on any participating sync nodes.', '<br />');
142	cb7b3761	sbeaver
143			$section->addInput(new Form_Input(
144			'pfsyncpeerip',
145			'pfsync Synchronize Peer IP',
146			'text',
147			$pconfig['pfsyncpeerip'],
148			['placeholder' => 'IP Address']
149	e14a94af	doktornotor	))->setHelp('Setting this option will force pfsync to synchronize its state table to this IP address. The default is directed multicast.');
150	cb7b3761	sbeaver
151			$form->add($section);
152
153			$section = new Form_Section('Configuration Synchronization Settings (XMLRPC Sync)');
154
155			$section->addInput(new Form_Input(
156			'synchronizetoip',
157			'Synchronize Config to IP',
158			'text',
159			$pconfig['synchronizetoip'],
160			['placeholder' => 'IP Address']
161	781d9ce4	Phil Davis	))->setHelp('Enter the IP address of the firewall to which the selected configuration sections should be synchronized.%1$s%1$s' .
162			'XMLRPC sync is currently only supported over connections using the same protocol and port as this system - make sure the remote system\'s port and protocol are set accordingly!%1$s' .
163			'Do not use the Synchronize Config to IP and password option on backup cluster members!', '<br />');
164	cb7b3761	sbeaver
165			$section->addInput(new Form_Input(
166			'username',
167			'Remote System Username',
168			'text',
169	659a8a26	jim-p	$pconfig['username'],
170			['autocomplete' => 'new-password']
171	781d9ce4	Phil Davis	))->setHelp('Enter the webConfigurator username of the system entered above for synchronizing the configuration.%1$s' .
172			'Do not use the Synchronize Config to IP and username option on backup cluster members!', '<br />');
173	cb7b3761	sbeaver
174	c8b10b4c	Stephen Beaver	$section->addPassword(new Form_Input(
175	cb7b3761	sbeaver	'passwordfld',
176			'Remote System Password',
177			'password',
178			$pconfig['passwordfld']
179	781d9ce4	Phil Davis	))->setHelp('Enter the webConfigurator password of the system entered above for synchronizing the configuration.%1$s' .
180			'Do not use the Synchronize Config to IP and password option on backup cluster members!', '<br />');
181	cb7b3761	sbeaver
182	f9ed5d57	James Webb	$section->addInput(new Form_Checkbox(
183			'adminsync',
184			'Synchronize admin',
185			'synchronize admin accounts and autoupdate sync password.',
186			($pconfig['adminsync'] === 'on'),
187			'on'
188			))->setHelp('By default, the admin account does not synchronize, and each node may have a different admin password.%1$s' .
189			'This option automatically updates XMLRPC Remote System Password when the password is changed on
190			the Remote System Username account.', '<br />');
191
192	52d7947c	Sjon Hortensius	$group = new Form_MultiCheckboxGroup('Select options to sync');
193
194			$group->add(new Form_MultiCheckbox(
195	cb7b3761	sbeaver	'synchronizeusers',
196			'Synchronize Users and Groups',
197	3599c525	Chris Buechler	'User manager users and groups',
198	cb7b3761	sbeaver	($pconfig['synchronizeusers'] === 'on'),
199			'on'
200			));
201
202	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
203	cb7b3761	sbeaver	'synchronizeauthservers',
204			'Synchronize Auth Servers',
205	3599c525	Chris Buechler	'Authentication servers (e.g. LDAP, RADIUS)',
206	cb7b3761	sbeaver	($pconfig['synchronizeauthservers'] === 'on'),
207			'on'
208			));
209
210	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
211	cb7b3761	sbeaver	'synchronizecerts',
212			'Synchronize Certificates',
213	3599c525	Chris Buechler	'Certificate Authorities, Certificates, and Certificate Revocation Lists',
214	cb7b3761	sbeaver	($pconfig['synchronizecerts'] === 'on'),
215			'on'
216			));
217
218	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
219	cb7b3761	sbeaver	'synchronizerules',
220			'Synchronize Rules',
221	3599c525	Chris Buechler	'Firewall rules ',
222	cb7b3761	sbeaver	($pconfig['synchronizerules'] === 'on'),
223			'on'
224			));
225
226	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
227	cb7b3761	sbeaver	'synchronizeschedules',
228			'Synchronize Firewall schedules',
229	3599c525	Chris Buechler	'Firewall schedules ',
230	cb7b3761	sbeaver	($pconfig['synchronizeschedules'] === 'on'),
231			'on'
232			));
233
234	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
235	cb7b3761	sbeaver	'synchronizealiases',
236	3599c525	Chris Buechler	'Synchronize Firewall aliases',
237			'Firewall aliases ',
238			($pconfig['synchronizealiases'] === 'on'),
239	cb7b3761	sbeaver	'on'
240			));
241
242	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
243	cb7b3761	sbeaver	'synchronizenat',
244			'Synchronize NAT',
245	3599c525	Chris Buechler	'NAT configuration ',
246	cb7b3761	sbeaver	($pconfig['synchronizenat'] === 'on'),
247			'on'
248			));
249
250	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
251	cb7b3761	sbeaver	'synchronizeipsec',
252			'Synchronize IPsec',
253	3599c525	Chris Buechler	'IPsec configuration ',
254	cb7b3761	sbeaver	($pconfig['synchronizeipsec'] === 'on'),
255			'on'
256			));
257
258	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
259	cb7b3761	sbeaver	'synchronizeopenvpn',
260			'Synchronize OpenVPN',
261	9f3b87d8	jim-p	'OpenVPN configuration (Implies CA/Cert/CRL Sync) ',
262	cb7b3761	sbeaver	($pconfig['synchronizeopenvpn'] === 'on'),
263			'on'
264			));
265
266	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
267	cb7b3761	sbeaver	'synchronizedhcpd',
268			'Synchronize DHCPD',
269	3599c525	Chris Buechler	'DHCP Server settings ',
270	cb7b3761	sbeaver	($pconfig['synchronizedhcpd'] === 'on'),
271			'on'
272			));
273
274	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
275	cb7b3761	sbeaver	'synchronizewol',
276	7ca42d47	k-paulius	'Synchronize Wake-on-LAN',
277	3599c525	Chris Buechler	'WoL Server settings ',
278	cb7b3761	sbeaver	($pconfig['synchronizewol'] === 'on'),
279			'on'
280			));
281
282	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
283	cb7b3761	sbeaver	'synchronizestaticroutes',
284			'Synchronize Static Routes',
285	3599c525	Chris Buechler	'Static Route configuration ',
286	cb7b3761	sbeaver	($pconfig['synchronizestaticroutes'] === 'on'),
287			'on'
288			));
289
290	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
291	cb7b3761	sbeaver	'synchronizevirtualip',
292			'Synchronize Virtual IPs',
293	3599c525	Chris Buechler	'Virtual IPs ',
294	cb7b3761	sbeaver	($pconfig['synchronizevirtualip'] === 'on'),
295			'on'
296			));
297
298	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
299	cb7b3761	sbeaver	'synchronizetrafficshaper',
300			'Synchronize traffic shaper (queues)',
301	3599c525	Chris Buechler	'Traffic Shaper configuration ',
302	cb7b3761	sbeaver	($pconfig['synchronizetrafficshaper'] === 'on'),
303			'on'
304			));
305
306	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
307	cb7b3761	sbeaver	'synchronizetrafficshaperlimiter',
308			'Synchronize traffic shaper (limiter)',
309	3599c525	Chris Buechler	'Traffic Shaper Limiters configuration ',
310	cb7b3761	sbeaver	($pconfig['synchronizetrafficshaperlimiter'] === 'on'),
311			'on'
312			));
313
314	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
315	cb7b3761	sbeaver	'synchronizednsforwarder',
316	8e41aa41	Phil Davis	'Synchronize DNS (Forwarder/Resolver)',
317	3599c525	Chris Buechler	'DNS Forwarder and DNS Resolver configurations ',
318	cb7b3761	sbeaver	($pconfig['synchronizednsforwarder'] === 'on'),
319			'on'
320			));
321
322	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
323	cb7b3761	sbeaver	'synchronizecaptiveportal',
324			'Synchronize Captive Portal)',
325	3599c525	Chris Buechler	'Captive Portal ',
326	cb7b3761	sbeaver	($pconfig['synchronizecaptiveportal'] === 'on'),
327			'on'
328			));
329
330	52d7947c	Sjon Hortensius	$section->add($group);
331
332	cb7b3761	sbeaver	$form->add($section);
333
334			print($form);
335
336	e14a94af	doktornotor	include("foot.inc");

Project

General

Profile

pfSense