/src/usr/local/www/system_hasync.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_hasync.php @ 3ebe5bc7

1	f97a5b04	Darren Embry	<?php
2			/*
3	c5d81585	Renato Botelho	* system_hasync.php
4	b9043cdc	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	a68f7a3d	Luiz Otavio O Souza	* Copyright (c) 2014-2024 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* All rights reserved.
10	b9043cdc	Stephen Beaver	*
11	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
12			* you may not use this file except in compliance with the License.
13			* You may obtain a copy of the License at
14	b9043cdc	Stephen Beaver	*
15	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
16	b9043cdc	Stephen Beaver	*
17	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
18			* distributed under the License is distributed on an "AS IS" BASIS,
19			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20			* See the License for the specific language governing permissions and
21			* limitations under the License.
22	b9043cdc	Stephen Beaver	*/
23	f97a5b04	Darren Embry
24			##\|+PRIV
25			##\|*IDENT=page-system-hasync
26			##\|*NAME=System: High Availability Sync
27			##\|*DESCR=Allow access to the 'System: High Availability Sync' page.
28			##\|MATCH=system_hasync.php
29			##\|-PRIV
30
31	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
32	f97a5b04	Darren Embry
33	63d6bb4f	Marcos Mendoza	config_init_path('hasync');
34			$a_hasync = config_get_path('hasync');
35	f97a5b04	Darren Embry
36	d38bd840	Phil Davis	$checkbox_names = array(
37			'pfsyncenabled',
38	f9ed5d57	James Webb	'adminsync',
39	d38bd840	Phil Davis	'synchronizeusers',
40			'synchronizeauthservers',
41			'synchronizecerts',
42			'synchronizerules',
43			'synchronizeschedules',
44			'synchronizealiases',
45			'synchronizenat',
46			'synchronizeipsec',
47			'synchronizeopenvpn',
48			'synchronizedhcpd',
49	30169caa	Viktor G	'synchronizedhcrelay',
50	a4cd7de1	Christian McDonald	'synchronizekea6',
51	30169caa	Viktor G	'synchronizedhcrelay6',
52	d38bd840	Phil Davis	'synchronizewol',
53			'synchronizestaticroutes',
54			'synchronizevirtualip',
55			'synchronizetrafficshaper',
56			'synchronizetrafficshaperlimiter',
57			'synchronizednsforwarder',
58			'synchronizecaptiveportal');
59	f97a5b04	Darren Embry
60			if ($_POST) {
61			$pconfig = $_POST;
62			foreach ($checkbox_names as $name) {
63			$a_hasync[$name] = $pconfig[$name] ? $pconfig[$name] : false;
64			}
65	062972b3	Jim Pingle	$old_pfhostid = isset($a_hasync['pfhostid']) ? $a_hasync['pfhostid'] : '';
66			$a_hasync['pfhostid'] = strtolower(trim($pconfig['pfhostid']));
67	76d6d925	Stephen Beaver	$a_hasync['pfsyncpeerip'] = $pconfig['pfsyncpeerip'];
68	f97a5b04	Darren Embry	$a_hasync['pfsyncinterface'] = $pconfig['pfsyncinterface'];
69			$a_hasync['synchronizetoip'] = $pconfig['synchronizetoip'];
70	76d6d925	Stephen Beaver	$a_hasync['username'] = $pconfig['username'];
71	c8b10b4c	Stephen Beaver
72			if ($pconfig['passwordfld'] == $pconfig['passwordfld_confirm']) {
73	76d6d925	Stephen Beaver	if ($pconfig['passwordfld'] != DMYPWD) {
74			$a_hasync['password'] = $pconfig['passwordfld'];
75			}
76	c8b10b4c	Stephen Beaver	} else {
77			$input_errors[] = gettext("Password and confirmation must match.");
78			}
79
80	062972b3	Jim Pingle	if ((!empty($pconfig['pfhostid']) &&
81			!(ctype_xdigit($pconfig['pfhostid']) &&
82			(strlen($pconfig['pfhostid']) <= 8))) \|\|
83			($pconfig['pfhostid'] === "0")) {
84			$input_errors[] = gettext("Invalid Host ID. Must be a non-zero hexadecimal string 8 characters or less.");
85			}
86
87	1c3a5b0b	Viktor G	if (!empty($pconfig['pfsyncpeerip']) && !is_ipaddrv4($pconfig['pfsyncpeerip'])) {
88			$input_errors[] = gettext("pfsync Synchronize Peer IP must be an IPv4 IP.");
89			}
90
91			if (!empty($pconfig['synchronizetoip']) && !is_ipaddr($pconfig['synchronizetoip'])) {
92	bf9d8809	Viktor G	$input_errors[] = gettext("Synchronize Config to IP must be a valid IP address.");
93	0eb688c5	Chris Buechler	}
94
95	c8b10b4c	Stephen Beaver	if (!$input_errors) {
96	63d6bb4f	Marcos Mendoza	config_set_path('hasync', $a_hasync);
97	c8b10b4c	Stephen Beaver	write_config("Updated High Availability Sync configuration");
98			interfaces_sync_setup();
99	062972b3	Jim Pingle	if ($old_pfhostid != $a_hasync['pfhostid']) {
100			filter_configure();
101			}
102	c8b10b4c	Stephen Beaver	header("Location: system_hasync.php");
103			exit();
104			}
105	f97a5b04	Darren Embry	}
106
107			foreach ($checkbox_names as $name) {
108			$pconfig[$name] = $a_hasync[$name];
109			}
110	062972b3	Jim Pingle	$pconfig['pfhostid'] = $a_hasync['pfhostid'];
111	cb7b3761	sbeaver	$pconfig['pfsyncpeerip'] = $a_hasync['pfsyncpeerip'];
112	f97a5b04	Darren Embry	$pconfig['pfsyncinterface'] = $a_hasync['pfsyncinterface'];
113			$pconfig['synchronizetoip'] = $a_hasync['synchronizetoip'];
114	cb7b3761	sbeaver	$pconfig['username'] = $a_hasync['username'];
115			$pconfig['passwordfld'] = $a_hasync['password'];
116	f97a5b04	Darren Embry
117			$ifaces = get_configured_interface_with_descr();
118			$ifaces["lo0"] = "loopback";
119
120	c8014348	Christian McDonald	$pgtitle = array(gettext('System'), gettext('High Availability'));
121			$shortcut_section = 'carp';
122	cb7b3761	sbeaver
123			// Build a list of available interfaces
124			$iflist = array();
125			foreach ($ifaces as $ifname => $iface) {
126			$iflist[$ifname] = $iface;
127			}
128
129	f97a5b04	Darren Embry	include("head.inc");
130	cb7b3761	sbeaver
131	c8b10b4c	Stephen Beaver	if ($input_errors) {
132			print_input_errors($input_errors);
133			}
134
135	38e06c66	Sjon Hortensius	$form = new Form;
136	cb7b3761	sbeaver
137	a4cd7de1	Christian McDonald	$section = new Form_Section(gettext('State Synchronization Settings (pfsync)'));
138	cb7b3761	sbeaver
139			$section->addInput(new Form_Checkbox(
140			'pfsyncenabled',
141	a4cd7de1	Christian McDonald	gettext('Synchronize states'),
142			gettext('pfsync transfers state insertion, update, and deletion messages between firewalls.'),
143	cb7b3761	sbeaver	($pconfig['pfsyncenabled'] === 'on'),
144			'on'
145	a4cd7de1	Christian McDonald	))->setHelp(gettext('Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240).' .
146	781d9ce4	Phil Davis	' It also listens on that interface for similar messages from other firewalls, and imports them into the local state table.%1$s' .
147			'This setting should be enabled on all members of a failover group.%1$s' .
148	a4cd7de1	Christian McDonald	'Clicking "Save" will force a configuration sync if it is enabled! (see Configuration Synchronization Settings below)'), '<br />');
149	cb7b3761	sbeaver
150			$section->addInput(new Form_Select(
151			'pfsyncinterface',
152	a4cd7de1	Christian McDonald	gettext('Synchronize Interface'),
153	cb7b3761	sbeaver	$pconfig['pfsyncinterface'],
154			$iflist
155	a4cd7de1	Christian McDonald	))->setHelp(gettext('If Synchronize States is enabled this interface will be used for communication.%1$s' .
156	781d9ce4	Phil Davis	'It is recommended to set this to an interface other than LAN! A dedicated interface works the best.%1$s' .
157			'An IP must be defined on each machine participating in this failover group.%1$s' .
158	a4cd7de1	Christian McDonald	'An IP must be assigned to the interface on any participating sync nodes.'), '<br />');
159	cb7b3761	sbeaver
160	062972b3	Jim Pingle	$section->addInput(new Form_Input(
161			'pfhostid',
162	a4cd7de1	Christian McDonald	gettext('Filter Host ID'),
163	062972b3	Jim Pingle	'text',
164			$pconfig['pfhostid'],
165			['placeholder' => substr(system_get_uniqueid(), -8)]
166	a4cd7de1	Christian McDonald	))->setHelp(gettext('Custom pf host identifier carried in state data to uniquely identify which host created a firewall state.%1$s' .
167	062972b3	Jim Pingle	'Must be a non-zero hexadecimal string 8 characters or less (e.g. 1, 2, ff01, abcdef01).%1$s' .
168	a4cd7de1	Christian McDonald	'Each node participating in state synchronization must have a different ID.'), '<br />');
169	062972b3	Jim Pingle
170	cb7b3761	sbeaver	$section->addInput(new Form_Input(
171			'pfsyncpeerip',
172	a4cd7de1	Christian McDonald	gettext('pfsync Synchronize Peer IP'),
173	cb7b3761	sbeaver	'text',
174			$pconfig['pfsyncpeerip'],
175			['placeholder' => 'IP Address']
176	a4cd7de1	Christian McDonald	))->setHelp(gettext('Setting this option will force pfsync to synchronize its state table to this IP address. The default is directed multicast.'));
177	cb7b3761	sbeaver
178			$form->add($section);
179
180	a4cd7de1	Christian McDonald	$section = new Form_Section(gettext('Configuration Synchronization Settings (XMLRPC Sync)'));
181	cb7b3761	sbeaver
182			$section->addInput(new Form_Input(
183			'synchronizetoip',
184	a4cd7de1	Christian McDonald	gettext('Synchronize Config to IP'),
185	cb7b3761	sbeaver	'text',
186			$pconfig['synchronizetoip'],
187			['placeholder' => 'IP Address']
188	a4cd7de1	Christian McDonald	))->setHelp(gettext('Enter the IP address of the firewall to which the selected configuration sections should be synchronized.%1$s%1$s' .
189	781d9ce4	Phil Davis	'XMLRPC sync is currently only supported over connections using the same protocol and port as this system - make sure the remote system\'s port and protocol are set accordingly!%1$s' .
190	a4cd7de1	Christian McDonald	'Do not use the Synchronize Config to IP and password option on backup cluster members!'), '<br />');
191	cb7b3761	sbeaver
192			$section->addInput(new Form_Input(
193			'username',
194	a4cd7de1	Christian McDonald	gettext('Remote System Username'),
195	cb7b3761	sbeaver	'text',
196	659a8a26	jim-p	$pconfig['username'],
197			['autocomplete' => 'new-password']
198	a4cd7de1	Christian McDonald	))->setHelp(gettext('Enter the webConfigurator username of the system entered above for synchronizing the configuration.%1$s' .
199			'Do not use the Synchronize Config to IP and username option on backup cluster members!'), '<br />');
200	cb7b3761	sbeaver
201	c8b10b4c	Stephen Beaver	$section->addPassword(new Form_Input(
202	cb7b3761	sbeaver	'passwordfld',
203	a4cd7de1	Christian McDonald	gettext('Remote System Password'),
204	cb7b3761	sbeaver	'password',
205			$pconfig['passwordfld']
206	a4cd7de1	Christian McDonald	))->setHelp(gettext('Enter the webConfigurator password of the system entered above for synchronizing the configuration.%1$s' .
207			'Do not use the Synchronize Config to IP and password option on backup cluster members!'), '<br />');
208	cb7b3761	sbeaver
209	f9ed5d57	James Webb	$section->addInput(new Form_Checkbox(
210			'adminsync',
211	a4cd7de1	Christian McDonald	gettext('Synchronize admin'),
212			gettext('synchronize admin accounts and autoupdate sync password.'),
213	f9ed5d57	James Webb	($pconfig['adminsync'] === 'on'),
214			'on'
215	a4cd7de1	Christian McDonald	))->setHelp(gettext('By default, the admin account does not synchronize, and each node may have a different admin password.%1$s' .
216	c8014348	Christian McDonald	'This option automatically updates XMLRPC Remote System Password when the password is changed on
217	a4cd7de1	Christian McDonald	the Remote System Username account.'), '<br />');
218	f9ed5d57	James Webb
219	a4cd7de1	Christian McDonald	$group = new Form_MultiCheckboxGroup(gettext('Select options to sync'));
220	52d7947c	Sjon Hortensius
221			$group->add(new Form_MultiCheckbox(
222	cb7b3761	sbeaver	'synchronizeusers',
223	a4cd7de1	Christian McDonald	gettext('Synchronize Users and Groups'),
224			gettext('User manager users and groups'),
225	cb7b3761	sbeaver	($pconfig['synchronizeusers'] === 'on'),
226			'on'
227			));
228
229	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
230	cb7b3761	sbeaver	'synchronizeauthservers',
231	a4cd7de1	Christian McDonald	gettext('Synchronize Auth Servers'),
232			gettext('Authentication servers (e.g. LDAP, RADIUS)'),
233	cb7b3761	sbeaver	($pconfig['synchronizeauthservers'] === 'on'),
234			'on'
235			));
236
237	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
238	cb7b3761	sbeaver	'synchronizecerts',
239	a4cd7de1	Christian McDonald	gettext('Synchronize Certificates'),
240			gettext('Certificate Authorities, Certificates, and Certificate Revocation Lists'),
241	cb7b3761	sbeaver	($pconfig['synchronizecerts'] === 'on'),
242			'on'
243			));
244
245	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
246	cb7b3761	sbeaver	'synchronizerules',
247	a4cd7de1	Christian McDonald	gettext('Synchronize Rules'),
248			gettext('Firewall rules'),
249	cb7b3761	sbeaver	($pconfig['synchronizerules'] === 'on'),
250			'on'
251			));
252
253	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
254	cb7b3761	sbeaver	'synchronizeschedules',
255	a4cd7de1	Christian McDonald	gettext('Synchronize Firewall schedules'),
256			gettext('Firewall schedules'),
257	cb7b3761	sbeaver	($pconfig['synchronizeschedules'] === 'on'),
258			'on'
259			));
260
261	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
262	cb7b3761	sbeaver	'synchronizealiases',
263	a4cd7de1	Christian McDonald	gettext('Synchronize Firewall aliases'),
264			gettext('Firewall aliases'),
265	3599c525	Chris Buechler	($pconfig['synchronizealiases'] === 'on'),
266	cb7b3761	sbeaver	'on'
267			));
268
269	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
270	cb7b3761	sbeaver	'synchronizenat',
271	a4cd7de1	Christian McDonald	gettext('Synchronize NAT'),
272			gettext('NAT configuration'),
273	cb7b3761	sbeaver	($pconfig['synchronizenat'] === 'on'),
274			'on'
275			));
276
277	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
278	cb7b3761	sbeaver	'synchronizeipsec',
279	a4cd7de1	Christian McDonald	gettext('Synchronize IPsec'),
280			gettext('IPsec configuration'),
281	cb7b3761	sbeaver	($pconfig['synchronizeipsec'] === 'on'),
282			'on'
283			));
284
285	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
286	cb7b3761	sbeaver	'synchronizeopenvpn',
287	a4cd7de1	Christian McDonald	gettext('Synchronize OpenVPN'),
288			gettext('OpenVPN configuration (Implies CA/Cert/CRL Sync)'),
289	cb7b3761	sbeaver	($pconfig['synchronizeopenvpn'] === 'on'),
290			'on'
291			));
292
293	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
294	cb7b3761	sbeaver	'synchronizedhcpd',
295	a4cd7de1	Christian McDonald	gettext('Synchronize DHCPD'),
296			gettext('DHCP Server settings'),
297	cb7b3761	sbeaver	($pconfig['synchronizedhcpd'] === 'on'),
298			'on'
299			));
300
301	30169caa	Viktor G	$group->add(new Form_MultiCheckbox(
302			'synchronizedhcrelay',
303	a4cd7de1	Christian McDonald	gettext('Synchronize DHCP Relay'),
304			gettext('DHCP Relay settings'),
305	30169caa	Viktor G	($pconfig['synchronizedhcrelay'] === 'on'),
306			'on'
307			));
308
309	a4cd7de1	Christian McDonald	if (dhcp_is_backend('kea')) {
310			$group->add(new Form_MultiCheckbox(
311			'synchronizekea6',
312			gettext('Synchronize Kea DHCPv6'),
313			gettext('DHCPv6 Server settings'),
314			($pconfig['synchronizekea6'] === 'on'),
315			'on'
316			));
317			}
318
319	30169caa	Viktor G	$group->add(new Form_MultiCheckbox(
320			'synchronizedhcrelay6',
321	a4cd7de1	Christian McDonald	gettext('Synchronize DHCPv6 Relay'),
322			gettext('DHCPv6 Relay settings'),
323	30169caa	Viktor G	($pconfig['synchronizedhcrelay6'] === 'on'),
324			'on'
325			));
326
327	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
328	cb7b3761	sbeaver	'synchronizewol',
329	a4cd7de1	Christian McDonald	gettext('Synchronize Wake-on-LAN'),
330			gettext('WoL Server settings'),
331	cb7b3761	sbeaver	($pconfig['synchronizewol'] === 'on'),
332			'on'
333			));
334
335	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
336	cb7b3761	sbeaver	'synchronizestaticroutes',
337	a4cd7de1	Christian McDonald	gettext('Synchronize Static Routes'),
338			gettext('Static Route configuration'),
339	cb7b3761	sbeaver	($pconfig['synchronizestaticroutes'] === 'on'),
340			'on'
341			));
342
343	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
344	cb7b3761	sbeaver	'synchronizevirtualip',
345	a4cd7de1	Christian McDonald	gettext('Synchronize Virtual IPs'),
346			gettext('Virtual IPs'),
347	cb7b3761	sbeaver	($pconfig['synchronizevirtualip'] === 'on'),
348			'on'
349			));
350
351	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
352	cb7b3761	sbeaver	'synchronizetrafficshaper',
353	a4cd7de1	Christian McDonald	gettext('Synchronize traffic shaper (queues)'),
354			gettext('Traffic Shaper configuration'),
355	cb7b3761	sbeaver	($pconfig['synchronizetrafficshaper'] === 'on'),
356			'on'
357			));
358
359	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
360	cb7b3761	sbeaver	'synchronizetrafficshaperlimiter',
361	a4cd7de1	Christian McDonald	gettext('Synchronize traffic shaper (limiter)'),
362			gettext('Traffic Shaper Limiters configuration'),
363	cb7b3761	sbeaver	($pconfig['synchronizetrafficshaperlimiter'] === 'on'),
364			'on'
365			));
366
367	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
368	cb7b3761	sbeaver	'synchronizednsforwarder',
369	a4cd7de1	Christian McDonald	gettext('Synchronize DNS (Forwarder/Resolver)'),
370			gettext('DNS Forwarder and DNS Resolver configurations'),
371	cb7b3761	sbeaver	($pconfig['synchronizednsforwarder'] === 'on'),
372			'on'
373			));
374
375	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
376	cb7b3761	sbeaver	'synchronizecaptiveportal',
377	a4cd7de1	Christian McDonald	gettext('Synchronize Captive Portal'),
378			gettext('Captive Portal'),
379	cb7b3761	sbeaver	($pconfig['synchronizecaptiveportal'] === 'on'),
380			'on'
381			));
382
383	52d7947c	Sjon Hortensius	$section->add($group);
384
385	cb7b3761	sbeaver	$form->add($section);
386
387			print($form);
388
389	e14a94af	doktornotor	include("foot.inc");

Project

General

Profile

pfSense