Revision 3ec78353
Added by Marcos M about 1 year ago
| src/etc/inc/openvpn.inc | ||
|---|---|---|
| 1665 | 1665 |
$auto_config_gateway4 = false; |
| 1666 | 1666 |
$auto_config_gateway6 = false; |
| 1667 | 1667 |
$auto_config_topology = false; |
| 1668 |
$keep_minimal = false; |
|
| 1669 |
if (isset($settings['override_options']) && ($settings['override_options'] == 'keep_minimal')) {
|
|
| 1670 |
$keep_minimal = true; |
|
| 1671 |
} |
|
| 1672 | 1668 |
|
| 1673 | 1669 |
if (empty($settings['server_list'])) {
|
| 1674 | 1670 |
$csc_server_list = array(); |
| ... | ... | |
| 1682 | 1678 |
} |
| 1683 | 1679 |
|
| 1684 | 1680 |
// Reset options |
| 1685 |
if (isset($settings['override_options']) && (($settings['override_options'] == 'push_reset') || $keep_minimal)) {
|
|
| 1686 |
if ($keep_minimal) {
|
|
| 1681 |
if (isset($settings['override_options']) && ($settings['override_options'] == 'push_reset')) {
|
|
| 1682 |
if (isset($settings['keep_minimal'])) {
|
|
| 1687 | 1683 |
$auto_config_gateway4 = true; |
| 1688 | 1684 |
$auto_config_gateway6 = true; |
| 1689 | 1685 |
$auto_config_topology = true; |
| ... | ... | |
| 1692 | 1688 |
} |
| 1693 | 1689 |
if (!empty($settings['remove_options'])) {
|
| 1694 | 1690 |
foreach (explode(',', $settings['remove_options']) as $option) {
|
| 1695 |
if ($keep_minimal && ($option == 'remove_route')) {
|
|
| 1691 |
if (isset($settings['keep_minimal']) && ($option == 'remove_route')) {
|
|
| 1696 | 1692 |
$auto_config_gateway4 = true; |
| 1697 | 1693 |
$auto_config_gateway6 = true; |
| 1698 | 1694 |
} |
| 1699 |
$conf .= "push-remove {$option}\n";
|
|
| 1695 |
$options = match ($option) {
|
|
| 1696 |
'remove_route' => 'route', |
|
| 1697 |
'remove_iroute' => 'iroute', |
|
| 1698 |
'remove_inactive' => 'inactive', |
|
| 1699 |
'remove_ping' => 'ping', |
|
| 1700 |
'remove_ping_action' => ['ping-restart', 'ping-exit'], |
|
| 1701 |
'remove_dnsdomain' => '"dhcp-option DOMAIN"', |
|
| 1702 |
'remove_dnsservers' => '"dhcp-option DNS"', |
|
| 1703 |
'remove_ntpservers' => '"dhcp-option NTP"', |
|
| 1704 |
'remove_netbios_ntype' => '"dhcp-option NBT"', |
|
| 1705 |
'remove_netbios_scope' => '"dhcp-option NBS"', |
|
| 1706 |
'remove_wins' => '"dhcp-option WINS"' |
|
| 1707 |
}; |
|
| 1708 |
if (is_array($options)) {
|
|
| 1709 |
foreach ($options as $option_name) {
|
|
| 1710 |
$conf .= "push-remove {$option_name}\n";
|
|
| 1711 |
} |
|
| 1712 |
} else {
|
|
| 1713 |
$conf .= "push-remove {$options}\n";
|
|
| 1714 |
} |
|
| 1700 | 1715 |
} |
| 1701 | 1716 |
} |
| 1702 | 1717 |
|
| ... | ... | |
| 1726 | 1741 |
$conf .= "push \"route-ipv6-gateway {$settings['gateway6']}\"\n";
|
| 1727 | 1742 |
} |
| 1728 | 1743 |
|
| 1744 |
// Inactivity override options |
|
| 1745 |
if (isset($settings['inactive_seconds'])) {
|
|
| 1746 |
$conf .= "push \"inactive {$settings['inactive_seconds']}\"\n";
|
|
| 1747 |
} |
|
| 1748 |
|
|
| 1729 | 1749 |
// Ping override options |
| 1730 | 1750 |
if (isset($settings['ping_seconds'])) {
|
| 1731 | 1751 |
$conf .= "push \"ping {$settings['ping_seconds']}\"\n";
|
| ... | ... | |
| 1754 | 1774 |
/* Topology is depends on the server configuration. |
| 1755 | 1775 |
* TAP mode always uses a subnet topology */ |
| 1756 | 1776 |
$topology = ($serversettings['dev_mode'] == 'tap') ? 'subnet' : $serversettings['topology']; |
| 1757 |
if ($keep_minimal && $auto_config_topology) {
|
|
| 1777 |
if ($auto_config_topology) {
|
|
| 1758 | 1778 |
$csc_conf .= "push \"topology {$topology}\"\n";
|
| 1759 | 1779 |
} |
| 1760 | 1780 |
|
| ... | ... | |
| 1762 | 1782 |
* If the tunnel network is not set, the gateway must be manually |
| 1763 | 1783 |
* defined. This can happen when using a net30 topology and |
| 1764 | 1784 |
* resetting options. */ |
| 1765 |
if ($keep_minimal && $auto_config_gateway6) {
|
|
| 1785 |
if ($auto_config_gateway6) {
|
|
| 1766 | 1786 |
// IPv6 always uses a subnet topology |
| 1767 | 1787 |
$tunnel_network = null; |
| 1768 | 1788 |
if (!empty($settings['tunnel_networkv6'])) {
|
| ... | ... | |
| 1776 | 1796 |
$csc_conf .= "push \"route-ipv6-gateway {$gateway}\"\n";
|
| 1777 | 1797 |
} |
| 1778 | 1798 |
} |
| 1779 |
if ($keep_minimal && $auto_config_gateway4) {
|
|
| 1799 |
if ($auto_config_gateway4) {
|
|
| 1780 | 1800 |
$tunnel_network = null; |
| 1781 | 1801 |
if ($topology == "subnet") {
|
| 1782 | 1802 |
// The client tunnel network is assumed to be the same as the server's |
| src/etc/inc/upgrade_config.inc | ||
|---|---|---|
| 6949 | 6949 |
continue; |
| 6950 | 6950 |
} |
| 6951 | 6951 |
|
| 6952 |
// Migrate "push_reset" |
|
| 6953 |
if (isset($settings['push_reset'])) {
|
|
| 6954 |
$settings['override_options'] = 'push_reset'; |
|
| 6955 |
unset($settings['push_reset']); |
|
| 6956 |
} |
|
| 6957 | 6952 |
// Migrate "remove_route" |
| 6958 | 6953 |
if (isset($settings['remove_route'])) {
|
| 6959 | 6954 |
$settings['remove_options'] = 'remove_route'; |
| src/usr/local/www/vpn_openvpn_csc.php | ||
|---|---|---|
| 80 | 80 |
|
| 81 | 81 |
if (($act == "edit") || ($act == "dup")) {
|
| 82 | 82 |
if ($this_csc_config) {
|
| 83 |
$pconfig['keep_minimal'] = $this_csc_config['keep_minimal']; |
|
| 83 | 84 |
// Handle the "Reset Options" list |
| 84 | 85 |
if (!empty($this_csc_config['remove_options'])) {
|
| 85 | 86 |
$pconfig['override_options'] = 'remove_specified'; |
| 86 | 87 |
$pconfig['remove_options'] = explode(',', $this_csc_config['remove_options']);
|
| 87 |
} else {
|
|
| 88 |
$pconfig['override_options'] = $this_csc_config['override_options'];
|
|
| 88 |
} elseif (isset($this_csc_config['push_reset'])) {
|
|
| 89 |
$pconfig['override_options'] = 'push_reset';
|
|
| 89 | 90 |
} |
| 90 | 91 |
|
| 91 | 92 |
$pconfig['server_list'] = explode(",", $this_csc_config['server_list']);
|
| ... | ... | |
| 106 | 107 |
$pconfig['gwredir'] = $this_csc_config['gwredir']; |
| 107 | 108 |
$pconfig['gwredir6'] = $this_csc_config['gwredir6']; |
| 108 | 109 |
|
| 110 |
$pconfig['inactive_seconds'] = $this_csc_config['inactive_seconds']; |
|
| 109 | 111 |
$pconfig['ping_seconds'] = $this_csc_config['ping_seconds']; |
| 110 | 112 |
$pconfig['ping_action'] = $this_csc_config['ping_action']; |
| 111 | 113 |
$pconfig['ping_action_seconds'] = $this_csc_config['ping_action_seconds']; |
| ... | ... | |
| 224 | 226 |
$input_errors[] = $result; |
| 225 | 227 |
} |
| 226 | 228 |
|
| 229 |
if (!empty($pconfig['inactive_seconds']) && !is_numericint($pconfig['inactive_seconds'])) {
|
|
| 230 |
$input_errors[] = gettext('The supplied "Inactivity Timeout" value is invalid.');
|
|
| 231 |
} |
|
| 232 |
|
|
| 227 | 233 |
if (!empty($pconfig['ping_seconds']) && !is_numericint($pconfig['ping_seconds'])) {
|
| 228 | 234 |
$input_errors[] = gettext('The supplied "Ping Interval" value is invalid.');
|
| 229 | 235 |
} |
| ... | ... | |
| 298 | 304 |
if (!$input_errors) {
|
| 299 | 305 |
$csc = array(); |
| 300 | 306 |
|
| 307 |
if (isset($pconfig['keep_minimal'])) {
|
|
| 308 |
$csc['keep_minimal'] = true; |
|
| 309 |
} |
|
| 301 | 310 |
// Handle "Reset Server Options" and "Reset Options" |
| 302 | 311 |
if (($pconfig['override_options'] == 'remove_specified')) {
|
| 303 | 312 |
// If no options are specified, keep the default behavior. |
| 304 | 313 |
if (!empty($pconfig['remove_options'])) {
|
| 305 | 314 |
$csc['remove_options'] = implode(',', $pconfig['remove_options']);
|
| 306 | 315 |
} |
| 307 |
} elseif (!empty($pconfig['override_options']) && ($pconfig['override_options'] != 'default')) {
|
|
| 308 |
$csc['override_options'] = $pconfig['override_options'];
|
|
| 316 |
} elseif ($pconfig['override_options'] == 'push_reset') {
|
|
| 317 |
$csc['push_reset'] = true;
|
|
| 309 | 318 |
} |
| 310 | 319 |
|
| 311 | 320 |
if (is_array($pconfig['server_list'])) {
|
| ... | ... | |
| 340 | 349 |
$csc['remote_network'] = $pconfig['remote_network']; |
| 341 | 350 |
$csc['remote_networkv6'] = $pconfig['remote_networkv6']; |
| 342 | 351 |
|
| 352 |
if (is_numericint($pconfig['inactive_seconds'])) {
|
|
| 353 |
$csc['inactive_seconds'] = $pconfig['inactive_seconds']; |
|
| 354 |
} |
|
| 343 | 355 |
if (is_numericint($pconfig['ping_seconds'])) {
|
| 344 | 356 |
$csc['ping_seconds'] = $pconfig['ping_seconds']; |
| 345 | 357 |
} |
| ... | ... | |
| 490 | 502 |
($pconfig['override_options'] ?? 'default'), |
| 491 | 503 |
[ |
| 492 | 504 |
'default' => 'Keep all server options (default)', |
| 493 |
'keep_minimal' => 'Keep minimal server options', |
|
| 494 | 505 |
'push_reset' => 'Reset all options', |
| 495 | 506 |
'remove_specified' => 'Remove specified options' |
| 496 | 507 |
] |
| 497 |
))->setHelp('Prevent this client from receiving server-defined client settings. Other client-specific options on this page will supersede these reset options.');
|
|
| 508 |
))->setHelp('Prevent this client from receiving server-defined client settings. Other client-specific options on this page will supersede these options.');
|
|
| 509 |
|
|
| 510 |
$section->addInput(new Form_Checkbox( |
|
| 511 |
'keep_minimal', |
|
| 512 |
'Keep minimal options', |
|
| 513 |
'Automatically determine the client topology and gateway', |
|
| 514 |
$pconfig['keep_minimal'] |
|
| 515 |
))->setHelp('If checked, generate the required client configuration when server options are reset or removed.');
|
|
| 498 | 516 |
|
| 499 | 517 |
$group = new Form_Group('Remove Options');
|
| 500 | 518 |
$group->addClass('remove_options');
|
| ... | ... | |
| 505 | 523 |
[ |
| 506 | 524 |
'remove_route' => 'Local Routes', |
| 507 | 525 |
'remove_iroute' => 'Remote Routes', |
| 526 |
'remove_inactive' => 'Inactivity Timeout', |
|
| 527 |
'remove_ping' => 'Client Ping', |
|
| 528 |
'remove_ping_action' => 'Ping Action', |
|
| 508 | 529 |
'remove_dnsdomain' => 'DNS Domains', |
| 509 | 530 |
'remove_dnsservers' => 'DNS Servers', |
| 510 | 531 |
'remove_ntpservers' => 'NTP Options', |
| ... | ... | |
| 609 | 630 |
|
| 610 | 631 |
$section = new Form_Section('Other Client Settings');
|
| 611 | 632 |
|
| 633 |
$section->addInput(new Form_Input( |
|
| 634 |
'inactive_seconds', |
|
| 635 |
'Inactivity Timeout', |
|
| 636 |
'number', |
|
| 637 |
$pconfig['inactive_seconds'], |
|
| 638 |
['min' => '0'] |
|
| 639 |
))->setHelp('Set connection inactivity timeout')->setWidth(3);
|
|
| 640 |
|
|
| 612 | 641 |
$section->addInput(new Form_Input( |
| 613 | 642 |
'ping_seconds', |
| 614 | 643 |
'Ping Interval', |
| 615 | 644 |
'number', |
| 616 | 645 |
$pconfig['ping_seconds'], |
| 617 | 646 |
['min' => '0'] |
| 618 |
))->setHelp('Set a client ping interval')->setWidth(2);
|
|
| 647 |
))->setHelp('Set peer ping interval')->setWidth(3);
|
|
| 619 | 648 |
|
| 620 | 649 |
$group = new Form_Group('Ping Action');
|
| 621 | 650 |
$group->add(new Form_Select( |
| ... | ... | |
| 916 | 945 |
} |
| 917 | 946 |
|
| 918 | 947 |
function remove_options_change() {
|
| 948 |
hideCheckbox('keep_minimal', ($('#override_options').find('option:selected').val() == 'default'));
|
|
| 919 | 949 |
hideClass('remove_options', ($('#override_options').find('option:selected').val() != 'remove_specified'));
|
| 920 | 950 |
} |
| 921 | 951 |
|
| src/usr/local/www/vpn_openvpn_server.php | ||
|---|---|---|
| 1461 | 1461 |
|
| 1462 | 1462 |
$section->addInput(new Form_Input( |
| 1463 | 1463 |
'inactive_seconds', |
| 1464 |
'Inactive',
|
|
| 1464 |
'Inactivity Timeout',
|
|
| 1465 | 1465 |
'number', |
| 1466 | 1466 |
$pconfig['inactive_seconds'] ?: 0, |
| 1467 | 1467 |
['min' => '0'] |
Also available in: Unified diff
Push correct OpenVPN CSC options. Fix #12522
While there, include override/remove options for inactivity.