Revision 42bb1bee
Added by Renato Botelho almost 11 years ago
| etc/inc/openvpn.inc | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
/* |
| 3 | 3 |
openvpn.inc part of pfSense |
| 4 |
|
|
| 4 |
|
|
| 5 | 5 |
Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com> |
| 6 | 6 |
All rights reserved. |
| 7 |
|
|
| 7 |
|
|
| 8 | 8 |
Copyright (C) 2006 Fernando Lemos |
| 9 | 9 |
All rights reserved. |
| 10 | 10 |
|
| ... | ... | |
| 37 | 37 |
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 38 | 38 |
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| 39 | 39 |
POSSIBILITY OF SUCH DAMAGE. |
| 40 |
|
|
| 40 |
|
|
| 41 | 41 |
DISABLE_PHP_LINT_CHECKING |
| 42 |
|
|
| 42 |
|
|
| 43 | 43 |
pfSense_BUILDER_BINARIES: /usr/local/sbin/openvpn /usr/bin/openssl /sbin/ifconfig |
| 44 | 44 |
pfSense_MODULE: openvpn |
| 45 | 45 |
|
| ... | ... | |
| 57 | 57 |
|
| 58 | 58 |
global $openvpn_verbosity_level; |
| 59 | 59 |
$openvpn_verbosity_level = array( |
| 60 |
0 => "none",
|
|
| 61 |
1 => "default",
|
|
| 62 |
2 => "2",
|
|
| 63 |
3 => "3 (recommended)",
|
|
| 60 |
0 => "none", |
|
| 61 |
1 => "default", |
|
| 62 |
2 => "2", |
|
| 63 |
3 => "3 (recommended)", |
|
| 64 | 64 |
4 => "4", |
| 65 | 65 |
5 => "5", |
| 66 | 66 |
6 => "6", |
| ... | ... | |
| 69 | 69 |
9 => "9", |
| 70 | 70 |
10 => "10", |
| 71 | 71 |
11 => "11" |
| 72 |
);
|
|
| 72 |
); |
|
| 73 | 73 |
|
| 74 |
/*
|
|
| 74 |
/* |
|
| 75 | 75 |
* The User Auth mode below is disabled because |
| 76 | 76 |
* OpenVPN erroneously requires that we provide |
| 77 | 77 |
* a CA configuration parameter. In this mode, |
| ... | ... | |
| 338 | 338 |
|
| 339 | 339 |
function openvpn_add_dhcpopts(& $settings, & $conf) {
|
| 340 | 340 |
|
| 341 |
if (!empty($settings['dns_domain']))
|
|
| 341 |
if (!empty($settings['dns_domain'])) |
|
| 342 | 342 |
$conf .= "push \"dhcp-option DOMAIN {$settings['dns_domain']}\"\n";
|
| 343 | 343 |
|
| 344 | 344 |
if (!empty($settings['dns_server1'])) |
| ... | ... | |
| 359 | 359 |
|
| 360 | 360 |
if (!empty($settings['dhcp_nbttype']) && ($settings['dhcp_nbttype'] != 0)) |
| 361 | 361 |
$conf .= "push \"dhcp-option NBT {$settings['dhcp_nbttype']}\"\n";
|
| 362 |
if (!empty($settings['dhcp_nbtscope']))
|
|
| 362 |
if (!empty($settings['dhcp_nbtscope'])) |
|
| 363 | 363 |
$conf .= "push \"dhcp-option NBS {$settings['dhcp_nbtscope']}\"\n";
|
| 364 | 364 |
|
| 365 | 365 |
if (!empty($settings['wins_server1'])) |
| ... | ... | |
| 371 | 371 |
$conf .= "push \"dhcp-option NBDD {$settings['nbdd_server1']}\"\n";
|
| 372 | 372 |
} |
| 373 | 373 |
|
| 374 |
if ($settings['gwredir'])
|
|
| 374 |
if ($settings['gwredir']) |
|
| 375 | 375 |
$conf .= "push \"redirect-gateway def1\"\n"; |
| 376 | 376 |
} |
| 377 | 377 |
|
| ... | ... | |
| 407 | 407 |
|
| 408 | 408 |
if (empty($settings)) |
| 409 | 409 |
return; |
| 410 |
if (isset($settings['disable']))
|
|
| 410 |
if (isset($settings['disable'])) |
|
| 411 | 411 |
return; |
| 412 | 412 |
openvpn_create_dirs(); |
| 413 | 413 |
/* |
| ... | ... | |
| 481 | 481 |
if (isset($settings['verbosity_level'])) {
|
| 482 | 482 |
$conf .= "verb {$settings['verbosity_level']}\n";
|
| 483 | 483 |
} |
| 484 |
|
|
| 484 |
|
|
| 485 | 485 |
$conf .= "dev-type {$settings['dev_mode']}\n";
|
| 486 | 486 |
switch($settings['dev_mode']) {
|
| 487 | 487 |
case "tun": |
| ... | ... | |
| 673 | 673 |
} |
| 674 | 674 |
|
| 675 | 675 |
// If there is no bind option at all (ip and/or port), add "nobind" directive |
| 676 |
// Otherwise, use the local port if defined, failing that, use lport 0 to
|
|
| 676 |
// Otherwise, use the local port if defined, failing that, use lport 0 to |
|
| 677 | 677 |
// ensure a random source port. |
| 678 | 678 |
if ((empty($iface_ip)) && (!$settings['local_port'])) |
| 679 | 679 |
$conf .= "nobind\n"; |
| ... | ... | |
| 717 | 717 |
$userpass .= "{$settings['auth_pass']}\n";
|
| 718 | 718 |
file_put_contents($up_file, $userpass); |
| 719 | 719 |
} |
| 720 |
|
|
| 720 |
|
|
| 721 | 721 |
if ($settings['proxy_addr']) {
|
| 722 | 722 |
$conf .= "http-proxy {$settings['proxy_addr']} {$settings['proxy_port']}";
|
| 723 | 723 |
if ($settings['proxy_authtype'] != "none") {
|
| ... | ... | |
| 764 | 764 |
openvpn_add_keyfile($crl['text'], $conf, $mode_id, "crl-verify"); |
| 765 | 765 |
} |
| 766 | 766 |
if ($settings['tls']) {
|
| 767 |
if ($mode == "server")
|
|
| 767 |
if ($mode == "server") |
|
| 768 | 768 |
$tlsopt = 0; |
| 769 | 769 |
else |
| 770 | 770 |
$tlsopt = 1; |
| ... | ... | |
| 849 | 849 |
/* Do not start a client if we are a CARP backup on this vip! */ |
| 850 | 850 |
if (($mode == "client") && (strstr($settings['interface'], "_vip") && get_carp_interface_status($settings['interface']) == "BACKUP")) |
| 851 | 851 |
return; |
| 852 |
|
|
| 853 |
/* Check if client is bound to a gateway group */
|
|
| 852 |
|
|
| 853 |
/* Check if client is bound to a gateway group */ |
|
| 854 | 854 |
$a_groups = return_gateway_groups_array(); |
| 855 | 855 |
if (is_array($a_groups[$settings['interface']])) {
|
| 856 | 856 |
/* the interface is a gateway group. If a vip is defined and its a CARP backup then do not start */ |
| ... | ... | |
| 1017 | 1017 |
if ($interface <> "") |
| 1018 | 1018 |
log_error("Resyncing OpenVPN instances for interface " . convert_friendly_interface_to_friendly_descr($interface) . ".");
|
| 1019 | 1019 |
else |
| 1020 |
log_error("Resyncing OpenVPN instances.");
|
|
| 1020 |
log_error("Resyncing OpenVPN instances.");
|
|
| 1021 | 1021 |
|
| 1022 | 1022 |
if (is_array($config['openvpn']['openvpn-server'])) {
|
| 1023 | 1023 |
foreach ($config['openvpn']['openvpn-server'] as & $settings) {
|
| ... | ... | |
| 1067 | 1067 |
// Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these. |
| 1068 | 1068 |
|
| 1069 | 1069 |
} else |
| 1070 |
log_error("openvpn_resync_gwgroup called with null gwgroup parameter.");
|
|
| 1070 |
log_error("openvpn_resync_gwgroup called with null gwgroup parameter.");
|
|
| 1071 | 1071 |
} |
| 1072 | 1072 |
|
| 1073 | 1073 |
function openvpn_get_active_servers($type="multipoint") {
|
| ... | ... | |
| 1081 | 1081 |
|
| 1082 | 1082 |
$prot = $settings['protocol']; |
| 1083 | 1083 |
$port = $settings['local_port']; |
| 1084 |
|
|
| 1084 |
|
|
| 1085 | 1085 |
$server = array(); |
| 1086 | 1086 |
$server['port'] = ($settings['local_port']) ? $settings['local_port'] : 1194; |
| 1087 | 1087 |
$server['mode'] = $settings['mode']; |
| ... | ... | |
| 1178 | 1178 |
$clients = array(); |
| 1179 | 1179 |
if (is_array($config['openvpn']['openvpn-client'])) {
|
| 1180 | 1180 |
foreach ($config['openvpn']['openvpn-client'] as & $settings) {
|
| 1181 |
|
|
| 1181 |
|
|
| 1182 | 1182 |
if (empty($settings) || isset($settings['disable'])) |
| 1183 | 1183 |
continue; |
| 1184 | 1184 |
|
| 1185 | 1185 |
$prot = $settings['protocol']; |
| 1186 | 1186 |
$port = ($settings['local_port']) ? ":{$settings['local_port']}" : "";
|
| 1187 |
|
|
| 1187 |
|
|
| 1188 | 1188 |
$client = array(); |
| 1189 | 1189 |
$client['port'] = $settings['local_port']; |
| 1190 | 1190 |
if ($settings['description']) |
| 1191 | 1191 |
$client['name'] = "{$settings['description']} {$prot}{$port}";
|
| 1192 | 1192 |
else |
| 1193 | 1193 |
$client['name'] = "Client {$prot}{$port}";
|
| 1194 |
|
|
| 1194 |
|
|
| 1195 | 1195 |
$client['vpnid'] = $settings['vpnid']; |
| 1196 | 1196 |
$client['mgmt'] = "client{$client['vpnid']}";
|
| 1197 | 1197 |
$socket = "unix://{$g['varetc_path']}/openvpn/{$client['mgmt']}.sock";
|
Also available in: Unified diff
Remove extra spaces and tabs