Revision 5ce63c3e
Added by Jim Pingle about 15 years ago
| usr/local/www/wizards/openvpn_wizard.inc | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
/* |
| 3 |
Copyright (C) 2010 Ermal Lu?i
|
|
| 4 |
All rights reserved.
|
|
| 5 |
|
|
| 6 |
Redistribution and use in source and binary forms, with or without
|
|
| 7 |
modification, are permitted provided that the following conditions are met:
|
|
| 8 |
|
|
| 9 |
1. Redistributions of source code must retain the above copyright notice,
|
|
| 10 |
this list of conditions and the following disclaimer.
|
|
| 11 |
|
|
| 12 |
2. Redistributions in binary form must reproduce the above copyright
|
|
| 13 |
notice, this list of conditions and the following disclaimer in the
|
|
| 14 |
documentation and/or other materials provided with the distribution.
|
|
| 15 |
|
|
| 16 |
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
| 17 |
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
| 18 |
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
| 19 |
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
| 20 |
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
| 21 |
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
| 22 |
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
| 23 |
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
| 24 |
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
| 25 |
POSSIBILITY OF SUCH DAMAGE.
|
|
| 26 |
|
|
| 27 |
pfSense_MODULE: openvpn
|
|
| 3 |
Copyright (C) 2010 Ermal Lu?i
|
|
| 4 |
All rights reserved.
|
|
| 5 |
|
|
| 6 |
Redistribution and use in source and binary forms, with or without
|
|
| 7 |
modification, are permitted provided that the following conditions are met:
|
|
| 8 |
|
|
| 9 |
1. Redistributions of source code must retain the above copyright notice,
|
|
| 10 |
this list of conditions and the following disclaimer.
|
|
| 11 |
|
|
| 12 |
2. Redistributions in binary form must reproduce the above copyright
|
|
| 13 |
notice, this list of conditions and the following disclaimer in the
|
|
| 14 |
documentation and/or other materials provided with the distribution.
|
|
| 15 |
|
|
| 16 |
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
| 17 |
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
| 18 |
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
| 19 |
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
| 20 |
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
| 21 |
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
| 22 |
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
| 23 |
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
| 24 |
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
| 25 |
POSSIBILITY OF SUCH DAMAGE.
|
|
| 26 |
|
|
| 27 |
pfSense_MODULE: openvpn
|
|
| 28 | 28 |
*/ |
| 29 | 29 |
require_once("openvpn.inc");
|
| 30 | 30 |
|
| ... | ... | |
| 46 | 46 |
global $pkg, $stepid; |
| 47 | 47 |
|
| 48 | 48 |
$fields =& $pkg['step'][1]['fields']['field']; |
| 49 |
|
|
| 49 |
|
|
| 50 | 50 |
$found = false; |
| 51 | 51 |
$authlist = auth_get_authserver_list(); |
| 52 | 52 |
$fields[1]['options']['option'] = array(); |
| ... | ... | |
| 54 | 54 |
if ($auth['type'] != "ldap") |
| 55 | 55 |
continue; |
| 56 | 56 |
$found = true; |
| 57 |
$opts = array();
|
|
| 58 |
$opts['name'] = $auth['name'];
|
|
| 59 |
$opts['value'] = $auth['name'];
|
|
| 60 |
$fields[1]['options']['option'][] = $opts;
|
|
| 57 |
$opts = array();
|
|
| 58 |
$opts['name'] = $auth['name'];
|
|
| 59 |
$opts['value'] = $auth['name'];
|
|
| 60 |
$fields[1]['options']['option'][] = $opts;
|
|
| 61 | 61 |
} |
| 62 | 62 |
if ($found == false) {
|
| 63 |
$stepid = 2;
|
|
| 63 |
$stepid = 2;
|
|
| 64 | 64 |
} |
| 65 | 65 |
} |
| 66 | 66 |
|
| ... | ... | |
| 91 | 91 |
} |
| 92 | 92 |
|
| 93 | 93 |
function step4_stepbeforeformdisplay() {
|
| 94 |
global $pkg, $stepid;
|
|
| 94 |
global $pkg, $stepid;
|
|
| 95 | 95 |
|
| 96 |
$fields =& $pkg['step'][3]['fields']['field'];
|
|
| 96 |
$fields =& $pkg['step'][3]['fields']['field'];
|
|
| 97 | 97 |
|
| 98 | 98 |
$found = false; |
| 99 |
$authlist = auth_get_authserver_list();
|
|
| 100 |
$fields[1]['options']['option'] = array();
|
|
| 101 |
foreach ($authlist as $i => $auth) {
|
|
| 102 |
if ($auth['type'] != "radius")
|
|
| 103 |
continue;
|
|
| 99 |
$authlist = auth_get_authserver_list();
|
|
| 100 |
$fields[1]['options']['option'] = array(); |
|
| 101 |
foreach ($authlist as $i => $auth) {
|
|
| 102 |
if ($auth['type'] != "radius")
|
|
| 103 |
continue;
|
|
| 104 | 104 |
$found = true; |
| 105 |
$opts = array();
|
|
| 106 |
$opts['name'] = $auth['name'];
|
|
| 107 |
$opts['value'] = $auth['name'];
|
|
| 108 |
$fields[1]['options']['option'][] = $opts;
|
|
| 109 |
}
|
|
| 105 |
$opts = array();
|
|
| 106 |
$opts['name'] = $auth['name'];
|
|
| 107 |
$opts['value'] = $auth['name'];
|
|
| 108 |
$fields[1]['options']['option'][] = $opts;
|
|
| 109 |
}
|
|
| 110 | 110 |
if ($found == false) |
| 111 |
$stepid = 4;
|
|
| 111 |
$stepid = 4;
|
|
| 112 | 112 |
} |
| 113 | 113 |
|
| 114 | 114 |
function step4_submitphpaction() {
|
| 115 |
global $stepid;
|
|
| 115 |
global $stepid;
|
|
| 116 | 116 |
|
| 117 | 117 |
if (isset($_POST['next'])) {
|
| 118 |
$_POST['uselist'] = "";
|
|
| 119 |
$stepid++;
|
|
| 120 |
}
|
|
| 118 |
$_POST['uselist'] = "";
|
|
| 119 |
$stepid++;
|
|
| 120 |
}
|
|
| 121 | 121 |
} |
| 122 | 122 |
|
| 123 | 123 |
function step5_submitphpaction() {
|
| 124 | 124 |
global $stepid, $savemsg, $config; |
| 125 | 125 |
|
| 126 |
if (empty($_POST['name']) || empty($_POST['ip']) || empty($_POST['port']) ||
|
|
| 127 |
empty($_POST['secret'])) {
|
|
| 126 |
if (empty($_POST['name']) || empty($_POST['ip']) || empty($_POST['port']) ||
|
|
| 127 |
empty($_POST['secret'])) {
|
|
| 128 | 128 |
$stepid--; |
| 129 |
$savemsg = "Please enter all information for authentication server.";
|
|
| 129 |
$savemsg = "Please enter all information for authentication server.";
|
|
| 130 | 130 |
} else if (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
|
| 131 | 131 |
$stepid--; |
| 132 | 132 |
$savemsg = "Please choose a different name because an authentication server with this name already exists."; |
| 133 |
} else {
|
|
| 133 |
} else {
|
|
| 134 | 134 |
$config['ovpnserver']['step2']['uselist'] = "on"; |
| 135 | 135 |
$_POST['uselist'] = "on"; |
| 136 | 136 |
} |
| ... | ... | |
| 148 | 148 |
global $stepid, $config; |
| 149 | 149 |
|
| 150 | 150 |
if (isset($_POST['next'])) {
|
| 151 |
$_POST['uselist'] = "";
|
|
| 152 |
$stepid++;
|
|
| 153 |
} else {
|
|
| 151 |
$_POST['uselist'] = "";
|
|
| 152 |
$stepid++;
|
|
| 153 |
} else {
|
|
| 154 | 154 |
$config['ovpnserver']['step6']['uselist'] = "on"; |
| 155 |
$_POST['uselist'] = "on";
|
|
| 155 |
$_POST['uselist'] = "on";
|
|
| 156 | 156 |
} |
| 157 | 157 |
} |
| 158 | 158 |
|
| ... | ... | |
| 160 | 160 |
global $stepid, $savemsg, $_POST, $config; |
| 161 | 161 |
|
| 162 | 162 |
if (empty($_POST['name']) || empty($_POST['keylength']) || empty($_POST['lifetime']) || |
| 163 |
empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) ||
|
|
| 164 |
empty($_POST['organization']) || empty($_POST['email'])) {
|
|
| 163 |
empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) ||
|
|
| 164 |
empty($_POST['organization']) || empty($_POST['email'])) {
|
|
| 165 | 165 |
$stepid--; |
| 166 |
$savemsg = "Please enter all information for the new Certificate Authority.";
|
|
| 167 |
} else {
|
|
| 166 |
$savemsg = "Please enter all information for the new Certificate Authority.";
|
|
| 167 |
} else {
|
|
| 168 | 168 |
$config['ovpnserver']['step6']['uselist'] = "on"; |
| 169 | 169 |
$_POST['uselist'] = "on"; |
| 170 | 170 |
} |
| 171 | 171 |
} |
| 172 | 172 |
|
| 173 | 173 |
function step8_stepbeforeformdisplay() {
|
| 174 |
global $stepid, $config;
|
|
| 174 |
global $stepid, $config;
|
|
| 175 | 175 |
|
| 176 |
if (count($config['system']['cert']) < 1 ||
|
|
| 176 |
if (count($config['system']['cert']) < 1 ||
|
|
| 177 | 177 |
(count($config['system']['cert']) == 1 && stristr($config['system']['cert'][0]['name'], "webconf"))) {
|
| 178 | 178 |
$stepid++; |
| 179 |
}
|
|
| 179 |
}
|
|
| 180 | 180 |
} |
| 181 | 181 |
|
| 182 | 182 |
function step8_submitphpaction() {
|
| 183 | 183 |
global $stepid, $_POST; |
| 184 | 184 |
|
| 185 | 185 |
if (isset($_POST['next'])) {
|
| 186 |
$_POST['uselist'] = "";
|
|
| 187 |
$stepid++;
|
|
| 188 |
}
|
|
| 186 |
$_POST['uselist'] = "";
|
|
| 187 |
$stepid++;
|
|
| 188 |
}
|
|
| 189 | 189 |
} |
| 190 | 190 |
|
| 191 | 191 |
function step9_stepbeforeformdisplay() {
|
| ... | ... | |
| 194 | 194 |
$pconfig = $config['ovpnserver']; |
| 195 | 195 |
|
| 196 | 196 |
if (isset($pconfig['step6']['uselist'])) {
|
| 197 |
$country = $pconfig['step6']['country'];
|
|
| 198 |
$state = $pconfig['step6']['state'];
|
|
| 199 |
$city = $pconfig['step6']['city'];
|
|
| 200 |
$org = $pconfig['step6']['organization'];
|
|
| 201 |
} else {
|
|
| 197 |
$country = $pconfig['step6']['country'];
|
|
| 198 |
$state = $pconfig['step6']['state'];
|
|
| 199 |
$city = $pconfig['step6']['city'];
|
|
| 200 |
$org = $pconfig['step6']['organization'];
|
|
| 201 |
} else {
|
|
| 202 | 202 |
$ca = lookup_ca($pconfig['step6']['authcertca']); |
| 203 | 203 |
$cavl = cert_get_subject_array($ca['crt']); |
| 204 | 204 |
$country = $cavl[0]['v']; |
| 205 | 205 |
$state = $cavl[1]['v']; |
| 206 | 206 |
$city = $cavl[2]['v']; |
| 207 | 207 |
$org = $cavl[3]['v']; |
| 208 |
}
|
|
| 208 |
}
|
|
| 209 | 209 |
$fields =& $pkg['step'][$stepid]['fields']['field']; |
| 210 | 210 |
|
| 211 | 211 |
foreach ($fields as $idx => $field) {
|
| ... | ... | |
| 229 | 229 |
function step9_submitphpaction() {
|
| 230 | 230 |
global $stepid, $savemsg, $_POST, $config; |
| 231 | 231 |
|
| 232 |
if (empty($_POST['name']) || empty($_POST['keylength']) || empty($_POST['lifetime']) ||
|
|
| 232 |
if (empty($_POST['name']) || empty($_POST['keylength']) || empty($_POST['lifetime']) ||
|
|
| 233 | 233 |
empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) || |
| 234 | 234 |
empty($_POST['organization']) || empty($_POST['email'])) {
|
| 235 | 235 |
$stepid--; |
| 236 |
$savemsg = "Please enter all information for the new certificate.";
|
|
| 237 |
} else {
|
|
| 236 |
$savemsg = "Please enter all information for the new certificate.";
|
|
| 237 |
} else {
|
|
| 238 | 238 |
$config['ovpnserver']['step9']['uselist'] = "on"; |
| 239 | 239 |
$_POST['uselist'] = "on"; |
| 240 | 240 |
} |
| ... | ... | |
| 245 | 245 |
|
| 246 | 246 |
foreach ($pkg['step'][$stepid]['fields']['field'] as $idx => $field) {
|
| 247 | 247 |
if ($field['name'] == "crypto") {
|
| 248 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
|
|
| 248 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
|
|
| 249 | 249 |
$cipherlist = openvpn_get_cipherlist(); |
| 250 | 250 |
foreach ($cipherlist as $name => $desc) {
|
| 251 | 251 |
$opt = array(); |
| 252 |
$opt['name'] = $desc;
|
|
| 253 |
$opt['value'] = $name;
|
|
| 254 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
|
|
| 252 |
$opt['name'] = $desc;
|
|
| 253 |
$opt['value'] = $name;
|
|
| 254 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
|
|
| 255 | 255 |
} |
| 256 | 256 |
} else if ($field['name'] == "nbttype") {
|
| 257 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
|
|
| 257 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
|
|
| 258 | 258 |
foreach ($netbios_nodetypes as $type => $name) {
|
| 259 | 259 |
$opt = array(); |
| 260 | 260 |
$opt['name'] = $name; |
| 261 | 261 |
$opt['value'] = $type; |
| 262 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
|
|
| 262 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
|
|
| 263 | 263 |
} |
| 264 | 264 |
} else if ($field['name'] == "localport") {
|
| 265 | 265 |
if (count($config['openvpn']['openvpn-server']) < 1) |
| ... | ... | |
| 271 | 271 |
function step10_submitphpaction() {
|
| 272 | 272 |
global $savemsg, $stepid; |
| 273 | 273 |
|
| 274 |
/* Default OpenVPN port to 1194 if left empty. */ |
|
| 275 |
if (empty($_POST['localport'])) |
|
| 276 |
$_POST['localport'] = 1194; |
|
| 277 |
|
|
| 274 | 278 |
/* input validation */ |
| 275 |
if ($result = openvpn_validate_port($_POST['localport'], 'Local port'))
|
|
| 276 |
$input_errors[] = $result;
|
|
| 279 |
if ($result = openvpn_validate_port($_POST['localport'], 'Local port'))
|
|
| 280 |
$input_errors[] = $result;
|
|
| 277 | 281 |
|
| 278 |
if ($result = openvpn_validate_cidr($_POST['tunnelnet'], 'Tunnel network'))
|
|
| 279 |
$input_errors[] = $result;
|
|
| 282 |
if ($result = openvpn_validate_cidr($_POST['tunnelnet'], 'Tunnel network'))
|
|
| 283 |
$input_errors[] = $result;
|
|
| 280 | 284 |
|
| 281 |
if ($result = openvpn_validate_cidr($_POST['remotenet'], 'Remote network'))
|
|
| 282 |
$input_errors[] = $result;
|
|
| 285 |
if ($result = openvpn_validate_cidr($_POST['remotenet'], 'Remote network'))
|
|
| 286 |
$input_errors[] = $result;
|
|
| 283 | 287 |
|
| 284 |
if ($result = openvpn_validate_cidr($_POST['localnet'], 'Local network'))
|
|
| 285 |
$input_errors[] = $result;
|
|
| 288 |
if ($result = openvpn_validate_cidr($_POST['localnet'], 'Local network'))
|
|
| 289 |
$input_errors[] = $result;
|
|
| 286 | 290 |
|
| 287 | 291 |
$portused = openvpn_port_used($_POST['protocol'], $_POST['localport']); |
| 288 | 292 |
if ($portused != 0) |
| 289 |
$input_errors[] = "The specified 'Local port' is in use. Please select another value";
|
|
| 290 |
|
|
| 293 |
$input_errors[] = "The specified 'Local port' is in use. Please select another value";
|
|
| 294 |
|
|
| 291 | 295 |
if (!isset($_POST['generatetlskey']) && isset($_POST['tlsauthentication'])) |
| 292 | 296 |
if (!strstr($_POST['tlssharedkey'], "-----BEGIN OpenVPN Static key V1-----") || |
| 293 | 297 |
!strstr($_POST['tlssharedkey'], "-----END OpenVPN Static key V1-----")) |
| 294 |
$input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid";
|
|
| 298 |
$input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid";
|
|
| 295 | 299 |
|
| 296 | 300 |
if (!empty($_POST['dnsserver1']) && !is_ipaddr(trim($_POST['dnsserver1']))) |
| 297 | 301 |
$input_errors[] = "The field 'DNS Server #1' must contain a valid IP address"; |
| ... | ... | |
| 313 | 317 |
$input_errors[] = "The field 'WINS Server #2' must contain a valid IP address"; |
| 314 | 318 |
|
| 315 | 319 |
if ($_POST['concurrentcon'] && !is_numeric($_POST['concurrentcon'])) |
| 316 |
$input_errors[] = "The field 'Concurrent connections' must be numeric.";
|
|
| 320 |
$input_errors[] = "The field 'Concurrent connections' must be numeric.";
|
|
| 317 | 321 |
|
| 318 | 322 |
if (empty($_POST['tunnelnet'])) |
| 319 | 323 |
$input_errors[] = "You must specify a 'Tunnel network'."; |
| ... | ... | |
| 331 | 335 |
|
| 332 | 336 |
if (!is_array($config['ovpnserver'])) {
|
| 333 | 337 |
$message = "No configuration found please retry again."; |
| 334 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
|
|
| 335 |
exit;
|
|
| 338 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
|
|
| 339 |
exit;
|
|
| 336 | 340 |
} |
| 337 | 341 |
|
| 338 | 342 |
if ($pconfig['step1']['type'] == "local") {
|
| ... | ... | |
| 344 | 348 |
$auth['type'] = $pconfig['step1']['type']; |
| 345 | 349 |
$auth['refid'] = uniqid(); |
| 346 | 350 |
$auth['name'] = $pconfig['step2']['authtype']; |
| 347 |
|
|
| 351 |
|
|
| 348 | 352 |
if ($auth['type'] == "ldap") {
|
| 349 | 353 |
$auth['host'] = $pconfig['step2']['ip']; |
| 350 | 354 |
$auth['ldap_port'] = $pconfig['step2']['port']; |
| ... | ... | |
| 372 | 376 |
$config['system']['authserver'][] = $auth; |
| 373 | 377 |
} else if (!isset($pconfig['step2']['uselist']) && empty($pconfig['step2']['authserv'])) {
|
| 374 | 378 |
$message = "Please choose an authentication server ."; |
| 375 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
|
|
| 376 |
exit;
|
|
| 379 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
|
|
| 380 |
exit;
|
|
| 377 | 381 |
} else if (!($auth = auth_get_authserver($pconfig['step2']['authserv']))) {
|
| 378 | 382 |
$message = "Not a valid authentication server has been specified."; |
| 379 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
|
|
| 380 |
exit;
|
|
| 383 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
|
|
| 384 |
exit;
|
|
| 381 | 385 |
} |
| 382 | 386 |
|
| 383 | 387 |
if (isset($pconfig['step6']['uselist'])) {
|
| ... | ... | |
| 399 | 403 |
$config['system']['ca'][] = $ca; |
| 400 | 404 |
} else if (!isset($pconfig['step6']['uselist']) && empty($pconfig['step6']['authcertca'])) {
|
| 401 | 405 |
$message = "Please choose a Certificate Authority."; |
| 402 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
|
|
| 403 |
exit;
|
|
| 406 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
|
|
| 407 |
exit;
|
|
| 404 | 408 |
} else if (!($ca = lookup_ca($pconfig['step6']['authcertca']))) {
|
| 405 | 409 |
$message = "Not a valid Certificate Authority specified."; |
| 406 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
|
|
| 407 |
exit;
|
|
| 410 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
|
|
| 411 |
exit;
|
|
| 408 | 412 |
} |
| 409 | 413 |
|
| 410 | 414 |
if (isset($pconfig['step9']['uselist'])) {
|
| 411 |
$cert = array();
|
|
| 412 |
$cert['refid'] = uniqid();
|
|
| 413 |
$cert['name'] = $pconfig['step9']['certname'];
|
|
| 414 |
$dn = array(
|
|
| 415 |
'countryName' => $pconfig['step9']['country'],
|
|
| 416 |
'stateOrProvinceName' => $pconfig['step9']['state'],
|
|
| 417 |
'localityName' => $pconfig['step9']['city'],
|
|
| 418 |
'organizationName' => $pconfig['step9']['organization'],
|
|
| 419 |
'emailAddress' => $pconfig['step9']['email'],
|
|
| 420 |
'commonName' => $pconfig['step9']['certname']);
|
|
| 421 |
|
|
| 422 |
cert_create($cert, $ca['refid'], $pconfig['step9']['keylength'], $pconfig['step9']['lifetime'], $dn);
|
|
| 423 |
if (!is_array($config['system']['cert']))
|
|
| 424 |
$config['system']['cert'] = array();
|
|
| 425 |
|
|
| 426 |
$config['system']['cert'][] = $cert;
|
|
| 415 |
$cert = array();
|
|
| 416 |
$cert['refid'] = uniqid();
|
|
| 417 |
$cert['name'] = $pconfig['step9']['certname'];
|
|
| 418 |
$dn = array(
|
|
| 419 |
'countryName' => $pconfig['step9']['country'],
|
|
| 420 |
'stateOrProvinceName' => $pconfig['step9']['state'],
|
|
| 421 |
'localityName' => $pconfig['step9']['city'],
|
|
| 422 |
'organizationName' => $pconfig['step9']['organization'],
|
|
| 423 |
'emailAddress' => $pconfig['step9']['email'],
|
|
| 424 |
'commonName' => $pconfig['step9']['certname']);
|
|
| 425 |
|
|
| 426 |
cert_create($cert, $ca['refid'], $pconfig['step9']['keylength'], $pconfig['step9']['lifetime'], $dn);
|
|
| 427 |
if (!is_array($config['system']['cert']))
|
|
| 428 |
$config['system']['cert'] = array();
|
|
| 429 |
|
|
| 430 |
$config['system']['cert'][] = $cert;
|
|
| 427 | 431 |
} else if (!isset($pconfig['step6']['uselist']) && empty($pconfig['step9']['authcertname'])) {
|
| 428 | 432 |
$message = "Please choose a Certificate."; |
| 429 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
|
|
| 430 |
exit;
|
|
| 433 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
|
|
| 434 |
exit;
|
|
| 431 | 435 |
} else if (!($cert = lookup_cert($pconfig['step9']['authcertname']))) {
|
| 432 |
$message = "Not a valid Certificate specified.";
|
|
| 433 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
|
|
| 434 |
exit;
|
|
| 435 |
}
|
|
| 436 |
$message = "Not a valid Certificate specified.";
|
|
| 437 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
|
|
| 438 |
exit;
|
|
| 439 |
}
|
|
| 436 | 440 |
$server = array(); |
| 437 | 441 |
$server['vpnid'] = openvpn_vpnid_next(); |
| 438 | 442 |
switch ($auth['type']) {
|
| 439 | 443 |
case "ldap": |
| 440 |
$server['authmode'] = $auth['name'];
|
|
| 441 |
$server['mode'] = "server_user";
|
|
| 442 |
break;
|
|
| 443 |
case "radius":
|
|
| 444 |
$server['authmode'] = $auth['name'];
|
|
| 445 |
$server['mode'] = "server_user";
|
|
| 446 |
break;
|
|
| 447 |
default:
|
|
| 448 |
$server['authmode'] = "Local Database";
|
|
| 449 |
$server['mode'] = "server_tls_user";
|
|
| 450 |
break;
|
|
| 444 |
$server['authmode'] = $auth['name'];
|
|
| 445 |
$server['mode'] = "server_user";
|
|
| 446 |
break;
|
|
| 447 |
case "radius":
|
|
| 448 |
$server['authmode'] = $auth['name'];
|
|
| 449 |
$server['mode'] = "server_user";
|
|
| 450 |
break;
|
|
| 451 |
default:
|
|
| 452 |
$server['authmode'] = "Local Database";
|
|
| 453 |
$server['mode'] = "server_tls_user";
|
|
| 454 |
break;
|
|
| 451 | 455 |
} |
| 452 | 456 |
$server['caref'] = $ca['refid']; |
| 453 | 457 |
$server['certref'] = $cert['refid']; |
| ... | ... | |
| 522 | 526 |
$config['filter']['rule'][] = $rule; |
| 523 | 527 |
} |
| 524 | 528 |
if (isset($pconfig['step11']['ovpnallow'])) {
|
| 525 |
$rule = array();
|
|
| 526 |
$rule['descr'] = gettext("OpenVPN {$server['description']} wizard rules.");
|
|
| 527 |
$rule['source']['any'] = TRUE;
|
|
| 528 |
$rule['destination']['any'] = TRUE;
|
|
| 529 |
$rule['interface'] = "openvpn";
|
|
| 530 |
//$rule['protocol'] = $server['protocol'];
|
|
| 531 |
$rule['type'] = "pass";
|
|
| 532 |
$rule['enabled'] = "on";
|
|
| 533 |
$config['filter']['rule'][] = $rule;
|
|
| 534 |
}
|
|
| 535 |
|
|
| 529 |
$rule = array();
|
|
| 530 |
$rule['descr'] = gettext("OpenVPN {$server['description']} wizard rules.");
|
|
| 531 |
$rule['source']['any'] = TRUE;
|
|
| 532 |
$rule['destination']['any'] = TRUE;
|
|
| 533 |
$rule['interface'] = "openvpn";
|
|
| 534 |
//$rule['protocol'] = $server['protocol'];
|
|
| 535 |
$rule['type'] = "pass";
|
|
| 536 |
$rule['enabled'] = "on";
|
|
| 537 |
$config['filter']['rule'][] = $rule;
|
|
| 538 |
}
|
|
| 539 |
|
|
| 536 | 540 |
if (!is_array($config['openvpn']['openvpn-server'])) |
| 537 | 541 |
$config['openvpn']['openvpn-server'] = array(); |
| 538 | 542 |
|
Also available in: Unified diff
Add/fix wording of descriptions in OpenVPN wizard.
While I'm here, convert leading spaces to tabs.