/usr/local/www/wizards/openvpn_wizard.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/wizards/openvpn_wizard.inc @ 906e513a

1	4cd437f2	Ermal Lu?i	<?php
2	1e99f2ea	Ermal	/*
3	a3897695	ccesario	Copyright (C) 2010 Ermal Luçi
4	5ce63c3e	jim-p	All rights reserved.
5
6			Redistribution and use in source and binary forms, with or without
7			modification, are permitted provided that the following conditions are met:
8
9			1. Redistributions of source code must retain the above copyright notice,
10			this list of conditions and the following disclaimer.
11
12			2. Redistributions in binary form must reproduce the above copyright
13			notice, this list of conditions and the following disclaimer in the
14			documentation and/or other materials provided with the distribution.
15
16			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
17			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
18			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
20			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25			POSSIBILITY OF SUCH DAMAGE.
26
27			pfSense_MODULE: openvpn
28	1e99f2ea	Ermal	*/
29	eb20f3c5	Ermal Lu?i	require_once("openvpn.inc");
30	4cd437f2	Ermal Lu?i
31	8f87a4a2	jim-p	function has_special_chars($text) {
32	a3897695	ccesario	return preg_match('/[^A-Za-z0-9 _-]/', $text);
33	8f87a4a2	jim-p	}
34
35	2ca50c87	Ermal Lu?i	function step1_submitphpaction() {
36			global $stepid, $config;
37	4cd437f2	Ermal Lu?i	if ($_POST['authtype'] == "local") {
38	916fae48	jim-p	$stepid = 4;
39	2ca50c87	Ermal Lu?i	$config['ovpnserver']['step1']['type'] = "local";
40	4cd437f2	Ermal Lu?i	} else if ($_POST['authtype'] == "ldap") {
41	eb20f3c5	Ermal Lu?i	$stepid = 0;
42	4cd437f2	Ermal Lu?i	} else if ($_POST['authtype'] == "radius") {
43	dba6bcbf	Ermal Lu?i	$stepid = 2;
44	2ca50c87	Ermal Lu?i	$config['ovpnserver']['step1']['type'] = "radius";
45			unset($config['ovpnserver']['step1']['uselist']);
46	4cd437f2	Ermal Lu?i	}
47			}
48
49	2ca50c87	Ermal Lu?i	function step2_stepbeforeformdisplay() {
50	19142256	Ermal Lu?i	global $pkg, $stepid;
51	4cd437f2	Ermal Lu?i
52			$fields =& $pkg['step'][1]['fields']['field'];
53	5ce63c3e	jim-p
54	30e86d57	Ermal Lu?i	$found = false;
55	4cd437f2	Ermal Lu?i	$authlist = auth_get_authserver_list();
56	dba6bcbf	Ermal Lu?i	$fields[1]['options']['option'] = array();
57	4cd437f2	Ermal Lu?i	foreach ($authlist as $i => $auth) {
58	30e86d57	Ermal Lu?i	if ($auth['type'] != "ldap")
59	4cd437f2	Ermal Lu?i	continue;
60	30e86d57	Ermal Lu?i	$found = true;
61	5ce63c3e	jim-p	$opts = array();
62			$opts['name'] = $auth['name'];
63			$opts['value'] = $auth['name'];
64			$fields[1]['options']['option'][] = $opts;
65	4cd437f2	Ermal Lu?i	}
66	65d6d7fc	Ermal Lu?i	if ($found == false) {
67	5ce63c3e	jim-p	$stepid = 2;
68	30e86d57	Ermal Lu?i	}
69	2ca50c87	Ermal Lu?i	}
70
71			function step2_submitphpaction() {
72	dba6bcbf	Ermal Lu?i	global $stepid;
73	2ca50c87	Ermal Lu?i
74	59ca0954	Ermal Lu?i	if (isset($_POST['next'])) {
75			$_POST['uselist'] = "";
76	7a2ec71b	Ermal Lu?i	$stepid +=3;
77	59ca0954	Ermal Lu?i	}
78	4cd437f2	Ermal Lu?i	}
79
80			function step3_submitphpaction() {
81	59ca0954	Ermal Lu?i	global $stepid, $savemsg, $config;
82	9b4e659a	Ermal Lu?i
83	99a00640	jim-p	/* Default LDAP port is 389 for TCP and 636 for SSL */
84			if (empty($_POST['port'])) {
85			if ($_POST['transport'] == "tcp")
86	494b4e60	jim-p	$config['ovpnserver']['step2']['port'] = 389;
87	99a00640	jim-p	elseif ($_POST['transport'] == "ssl")
88	494b4e60	jim-p	$config['ovpnserver']['step2']['port'] = 636;
89	c88c2df9	jim-p	} elseif (!is_port($_POST['port'])) {
90			$stepid--;
91			$savemsg = "Please enter a valid port number.";
92	99a00640	jim-p	}
93
94			if (empty($_POST['name']) \|\| empty($_POST['ip']) \|\|empty($_POST['transport']) \|\|
95			empty($_POST['scope']) \|\| empty($_POST['basedn']) \|\| empty($_POST['authscope']) \|\| empty($_POST['nameattr'])) {
96	dba6bcbf	Ermal Lu?i	$stepid--;
97			$savemsg = "Please enter all information for authentication server.";
98			} else if (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
99			$stepid--;
100			$savemsg = "Please choose a different name because an authentication server with this name already exists.";
101	c88c2df9	jim-p	} elseif (!is_fqdn($_POST['ip']) && !is_ipaddr($_POST['ip'])) {
102			$stepid--;
103			$savemsg = "Please enter a valid IP address or hostname for the authentication server.";
104	dba6bcbf	Ermal Lu?i	} else {
105	59ca0954	Ermal Lu?i	$config['ovpnserver']['step2']['uselist'] = "on";
106	dba6bcbf	Ermal Lu?i	$_POST['uselist'] = "on";
107			$stepid += 2;
108	4cd437f2	Ermal Lu?i	}
109			}
110
111			function step4_stepbeforeformdisplay() {
112	5ce63c3e	jim-p	global $pkg, $stepid;
113	4cd437f2	Ermal Lu?i
114	5ce63c3e	jim-p	$fields =& $pkg['step'][3]['fields']['field'];
115	4cd437f2	Ermal Lu?i
116	30e86d57	Ermal Lu?i	$found = false;
117	5ce63c3e	jim-p	$authlist = auth_get_authserver_list();
118			$fields[1]['options']['option'] = array();
119			foreach ($authlist as $i => $auth) {
120			if ($auth['type'] != "radius")
121			continue;
122	30e86d57	Ermal Lu?i	$found = true;
123	5ce63c3e	jim-p	$opts = array();
124			$opts['name'] = $auth['name'];
125			$opts['value'] = $auth['name'];
126			$fields[1]['options']['option'][] = $opts;
127			}
128	65d6d7fc	Ermal Lu?i	if ($found == false)
129	5ce63c3e	jim-p	$stepid = 4;
130	4cd437f2	Ermal Lu?i	}
131
132			function step4_submitphpaction() {
133	5ce63c3e	jim-p	global $stepid;
134	2ca50c87	Ermal Lu?i
135	59ca0954	Ermal Lu?i	if (isset($_POST['next'])) {
136	5ce63c3e	jim-p	$_POST['uselist'] = "";
137			$stepid++;
138			}
139	2ca50c87	Ermal Lu?i	}
140
141			function step5_submitphpaction() {
142	59ca0954	Ermal Lu?i	global $stepid, $savemsg, $config;
143	9b4e659a	Ermal Lu?i
144	916fae48	jim-p	/* Default RADIUS Auth port = 1812 */
145	c88c2df9	jim-p	if (empty($_POST['port'])) {
146	494b4e60	jim-p	$config['ovpnserver']['step2']['port'] = 1812;
147	c88c2df9	jim-p	} elseif (!is_port($_POST['port'])) {
148			$stepid--;
149			$savemsg = "Please enter a valid port number.";
150			}
151	916fae48	jim-p
152			if (empty($_POST['name']) \|\| empty($_POST['ip']) \|\| empty($_POST['secret'])) {
153	dba6bcbf	Ermal Lu?i	$stepid--;
154	5ce63c3e	jim-p	$savemsg = "Please enter all information for authentication server.";
155	dba6bcbf	Ermal Lu?i	} else if (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
156			$stepid--;
157			$savemsg = "Please choose a different name because an authentication server with this name already exists.";
158	c88c2df9	jim-p	} elseif (!is_fqdn($_POST['ip']) && !is_ipaddr($_POST['ip'])) {
159			$stepid--;
160			$savemsg = "Please enter a valid IP address or hostname for the authentication server.";
161	5ce63c3e	jim-p	} else {
162	59ca0954	Ermal Lu?i	$config['ovpnserver']['step2']['uselist'] = "on";
163	dba6bcbf	Ermal Lu?i	$_POST['uselist'] = "on";
164	59ca0954	Ermal Lu?i	}
165	4cd437f2	Ermal Lu?i	}
166
167	2ca50c87	Ermal Lu?i	function step6_stepbeforeformdisplay() {
168			global $stepid, $config;
169	9b4e659a	Ermal Lu?i
170	4e990e1e	jim-p	if (count($config['ca']) < 1) {
171	dba6bcbf	Ermal Lu?i	$stepid++;
172	2ca50c87	Ermal Lu?i	}
173			}
174
175			function step6_submitphpaction() {
176	59ca0954	Ermal Lu?i	global $stepid, $config;
177	2ca50c87	Ermal Lu?i
178	59ca0954	Ermal Lu?i	if (isset($_POST['next'])) {
179	5ce63c3e	jim-p	$_POST['uselist'] = "";
180	c7ac47fd	jim-p	unset($config['ovpnserver']['step6']['uselist']);
181	5ce63c3e	jim-p	$stepid++;
182			} else {
183	59ca0954	Ermal Lu?i	$config['ovpnserver']['step6']['uselist'] = "on";
184	5ce63c3e	jim-p	$_POST['uselist'] = "on";
185	59ca0954	Ermal Lu?i	}
186	2ca50c87	Ermal Lu?i	}
187
188			function step7_submitphpaction() {
189	9f200d71	jim-p	global $input_errors, $stepid, $savemsg, $_POST, $config;
190	a84eb838	jim-p
191	6f8b8ed0	jim-p	$canames = array();
192	a84eb838	jim-p	$cacns = array();
193	4e990e1e	jim-p	if (is_array($config['ca'])) {
194			foreach($config['ca'] as $ca) {
195	f2a86ca9	jim-p	$canames[] = $ca['descr'];
196	27e21d1c	jim-p	$cainfo = cert_get_subject_hash($ca['crt']);
197			$cacns[] = $cainfo["CN"];
198			}
199	6f8b8ed0	jim-p	}
200	dba6bcbf	Ermal Lu?i
201	8f87a4a2	jim-p	if (empty($_POST['descr']) \|\| empty($_POST['keylength']) \|\| empty($_POST['lifetime']) \|\|
202	5ce63c3e	jim-p	empty($_POST['country']) \|\| empty($_POST['state']) \|\| empty($_POST['city']) \|\|
203			empty($_POST['organization']) \|\| empty($_POST['email'])) {
204	dba6bcbf	Ermal Lu?i	$stepid--;
205	5ce63c3e	jim-p	$savemsg = "Please enter all information for the new Certificate Authority.";
206	8f87a4a2	jim-p	} elseif (has_special_chars($_POST['country']) \|\| has_special_chars($_POST['state']) \|\|
207			has_special_chars($_POST['city']) \|\| has_special_chars($_POST['organization'])) {
208			$stepid--;
209	9f200d71	jim-p	$input_errors[] = "Please do not use special characters in Certificate field names.";
210	8f87a4a2	jim-p	} elseif (in_array($_POST['descr'], $canames) \|\| in_array($_POST['descr'], $cacns)) {
211	6f8b8ed0	jim-p	$stepid--;
212			$savemsg = "Please enter a different name for the Certicicate Authority. A Certificate Authority with that name already exists.";
213	6e6a5ce3	jim-p	} elseif (strlen($_POST['country']) != 2) {
214			$stepid--;
215			$savemsg = "Please enter only a two-letter ISO country code";
216	5ce63c3e	jim-p	} else {
217	e6fba3b4	Ermal Lu?i	$config['ovpnserver']['step6']['uselist'] = "on";
218	dba6bcbf	Ermal Lu?i	$_POST['uselist'] = "on";
219	59ca0954	Ermal Lu?i	}
220	4cd437f2	Ermal Lu?i	}
221
222	2ca50c87	Ermal Lu?i	function step8_stepbeforeformdisplay() {
223	5ce63c3e	jim-p	global $stepid, $config;
224	9b4e659a	Ermal Lu?i
225	4e990e1e	jim-p	if (count($config['cert']) < 1 \|\|
226	f2a86ca9	jim-p	(count($config['cert']) == 1 && stristr($config['cert'][0]['descr'], "webconf"))) {
227	dba6bcbf	Ermal Lu?i	$stepid++;
228	5ce63c3e	jim-p	}
229	2ca50c87	Ermal Lu?i	}
230
231			function step8_submitphpaction() {
232	c7ac47fd	jim-p	global $stepid, $config, $_POST;
233	2ca50c87	Ermal Lu?i
234	59ca0954	Ermal Lu?i	if (isset($_POST['next'])) {
235	5ce63c3e	jim-p	$_POST['uselist'] = "";
236	c7ac47fd	jim-p	unset($config['ovpnserver']['step9']['uselist']);
237	5ce63c3e	jim-p	$stepid++;
238	c7ac47fd	jim-p	} else {
239			$config['ovpnserver']['step6']['uselist'] = "on";
240			$_POST['uselist'] = "on";
241	5ce63c3e	jim-p	}
242	2ca50c87	Ermal Lu?i	}
243
244	bd4d0f89	Ermal	function step9_stepbeforeformdisplay() {
245	a314bebc	Ermal	global $config, $pkg, $stepid;
246	bd4d0f89	Ermal
247			$pconfig = $config['ovpnserver'];
248
249			if (isset($pconfig['step6']['uselist'])) {
250	5ce63c3e	jim-p	$country = $pconfig['step6']['country'];
251			$state = $pconfig['step6']['state'];
252			$city = $pconfig['step6']['city'];
253			$org = $pconfig['step6']['organization'];
254			} else {
255	bd4d0f89	Ermal	$ca = lookup_ca($pconfig['step6']['authcertca']);
256			$cavl = cert_get_subject_array($ca['crt']);
257			$country = $cavl[0]['v'];
258			$state = $cavl[1]['v'];
259			$city = $cavl[2]['v'];
260			$org = $cavl[3]['v'];
261	5ce63c3e	jim-p	}
262	bd4d0f89	Ermal	$fields =& $pkg['step'][$stepid]['fields']['field'];
263
264			foreach ($fields as $idx => $field) {
265			switch ($field['name']) {
266			case 'country':
267			$fields[$idx]['value'] = $country;
268			break;
269			case 'state':
270			$fields[$idx]['value'] = $state;
271			break;
272			case 'city':
273			$fields[$idx]['value'] = $city;
274			break;
275			case 'organization':
276			$fields[$idx]['value'] = $org;
277			break;
278			}
279			}
280			}
281
282	2ca50c87	Ermal Lu?i	function step9_submitphpaction() {
283	9f200d71	jim-p	global $input_errors, $stepid, $savemsg, $_POST, $config;
284	2ca50c87	Ermal Lu?i
285	6f8b8ed0	jim-p	$certnames = array();
286	a84eb838	jim-p	$certcns = array();
287	4e990e1e	jim-p	if (is_array($config['cert'])) {
288			foreach($config['cert'] as $cert) {
289	f2a86ca9	jim-p	$certnames[] = $cert['descr'];
290	4f529aa8	Chris Buechler	$certinfo = cert_get_subject_hash($cert['crt']);
291			$certcns[] = $certinfo["CN"];
292			}
293	6f8b8ed0	jim-p	}
294
295	8f87a4a2	jim-p	if (empty($_POST['descr']) \|\| empty($_POST['keylength']) \|\| empty($_POST['lifetime']) \|\|
296	2ca50c87	Ermal Lu?i	empty($_POST['country']) \|\| empty($_POST['state']) \|\| empty($_POST['city']) \|\|
297	47aa4fc4	Ermal	empty($_POST['organization']) \|\| empty($_POST['email'])) {
298	dba6bcbf	Ermal Lu?i	$stepid--;
299	5ce63c3e	jim-p	$savemsg = "Please enter all information for the new certificate.";
300	8f87a4a2	jim-p	} elseif (has_special_chars($_POST['country']) \|\| has_special_chars($_POST['state']) \|\|
301			has_special_chars($_POST['city']) \|\| has_special_chars($_POST['organization'])) {
302			$stepid--;
303	9f200d71	jim-p	$input_errors[] = "Please do not use special characters in Certificate field names.";
304	8f87a4a2	jim-p	} elseif (in_array($_POST['descr'], $certnames) \|\| in_array($_POST['descr'], $certcns)) {
305	6f8b8ed0	jim-p	$stepid--;
306	a84eb838	jim-p	$savemsg = "Please enter a different name for the Certicicate. A Certificate with that name/common name already exists.";
307	6e6a5ce3	jim-p	} elseif (strlen($_POST['country']) != 2) {
308			$stepid--;
309			$savemsg = "Please enter only a two-letter ISO country code";
310	5ce63c3e	jim-p	} else {
311	59ca0954	Ermal Lu?i	$config['ovpnserver']['step9']['uselist'] = "on";
312	dba6bcbf	Ermal Lu?i	$_POST['uselist'] = "on";
313			}
314	eb20f3c5	Ermal Lu?i	}
315
316	2ca50c87	Ermal Lu?i	function step10_stepbeforeformdisplay() {
317	eb20f3c5	Ermal Lu?i	global $pkg, $stepid, $netbios_nodetypes;
318
319			foreach ($pkg['step'][$stepid]['fields']['field'] as $idx => $field) {
320			if ($field['name'] == "crypto") {
321	5ce63c3e	jim-p	$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
322	eb20f3c5	Ermal Lu?i	$cipherlist = openvpn_get_cipherlist();
323	979fb419	Ermal	foreach ($cipherlist as $name => $desc) {
324	eb20f3c5	Ermal Lu?i	$opt = array();
325	5ce63c3e	jim-p	$opt['name'] = $desc;
326			$opt['value'] = $name;
327			$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
328	979fb419	Ermal	}
329	582c58ae	jim-p	} else if ($field['name'] == "engine") {
330			$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
331			$engines = openvpn_get_engines();
332			foreach ($engines as $name => $desc) {
333			$opt = array();
334			$opt['name'] = $desc;
335			$opt['value'] = $name;
336			$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
337			}
338	eb20f3c5	Ermal Lu?i	} else if ($field['name'] == "nbttype") {
339	5ce63c3e	jim-p	$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
340	eb20f3c5	Ermal Lu?i	foreach ($netbios_nodetypes as $type => $name) {
341			$opt = array();
342			$opt['name'] = $name;
343			$opt['value'] = $type;
344	5ce63c3e	jim-p	$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
345	eb20f3c5	Ermal Lu?i	}
346	f9fa5d10	Ermal	} else if ($field['name'] == "localport") {
347	c0f650c4	jim-p	$pkg['step'][$stepid]['fields']['field'][$idx]['value'] = openvpn_port_next('UDP');
348	eb20f3c5	Ermal Lu?i	}
349			}
350	4cd437f2	Ermal Lu?i	}
351
352	2ca50c87	Ermal Lu?i	function step10_submitphpaction() {
353	eb20f3c5	Ermal Lu?i	global $savemsg, $stepid;
354
355	c0f650c4	jim-p	/* Default OpenVPN port to next available port if left empty. */
356	5ce63c3e	jim-p	if (empty($_POST['localport']))
357	c0f650c4	jim-p	$pconfig["step10"]["localport"] = openvpn_port_next('UDP');
358	5ce63c3e	jim-p
359	eb20f3c5	Ermal Lu?i	/* input validation */
360	5ce63c3e	jim-p	if ($result = openvpn_validate_port($_POST['localport'], 'Local port'))
361			$input_errors[] = $result;
362	eb20f3c5	Ermal Lu?i
363	5ce63c3e	jim-p	if ($result = openvpn_validate_cidr($_POST['tunnelnet'], 'Tunnel network'))
364			$input_errors[] = $result;
365	eb20f3c5	Ermal Lu?i
366	5ce63c3e	jim-p	if ($result = openvpn_validate_cidr($_POST['localnet'], 'Local network'))
367			$input_errors[] = $result;
368	eb20f3c5	Ermal Lu?i
369			$portused = openvpn_port_used($_POST['protocol'], $_POST['localport']);
370			if ($portused != 0)
371	5ce63c3e	jim-p	$input_errors[] = "The specified 'Local port' is in use. Please select another value";
372
373	eb20f3c5	Ermal Lu?i	if (!isset($_POST['generatetlskey']) && isset($_POST['tlsauthentication']))
374			if (!strstr($_POST['tlssharedkey'], "-----BEGIN OpenVPN Static key V1-----") \|\|
375			!strstr($_POST['tlssharedkey'], "-----END OpenVPN Static key V1-----"))
376	5ce63c3e	jim-p	$input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid";
377	eb20f3c5	Ermal Lu?i
378			if (!empty($_POST['dnsserver1']) && !is_ipaddr(trim($_POST['dnsserver1'])))
379			$input_errors[] = "The field 'DNS Server #1' must contain a valid IP address";
380			if (!empty($_POST['dnsserver2']) && !is_ipaddr(trim($_POST['dnsserver2'])))
381			$input_errors[] = "The field 'DNS Server #2' must contain a valid IP address";
382			if (!empty($_POST['dnsserver3']) && !is_ipaddr(trim($_POST['dnsserver3'])))
383			$input_errors[] = "The field 'DNS Server #3' must contain a valid IP address";
384			if (!empty($_POST['dnsserver4']) && !is_ipaddr(trim($_POST['dnsserver4'])))
385			$input_errors[] = "The field 'DNS Server #4' must contain a valid IP address";
386
387			if (!empty($_POST['ntpserver1']) && !is_ipaddr(trim($_POST['ntpserver1'])))
388			$input_errors[] = "The field 'NTP Server #1' must contain a valid IP address";
389			if (!empty($_POST['ntpserver2']) && !is_ipaddr(trim($_POST['ntpserver2'])))
390			$input_errors[] = "The field 'NTP Server #2' must contain a valid IP address";
391
392			if (!empty($_POST['winsserver1']) && !is_ipaddr(trim($_POST['winsserver1'])))
393			$input_errors[] = "The field 'WINS Server #1' must contain a valid IP address";
394			if (!empty($_POST['winsserver2']) && !is_ipaddr(trim($_POST['winsserver2'])))
395			$input_errors[] = "The field 'WINS Server #2' must contain a valid IP address";
396
397			if ($_POST['concurrentcon'] && !is_numeric($_POST['concurrentcon']))
398	5ce63c3e	jim-p	$input_errors[] = "The field 'Concurrent connections' must be numeric.";
399	4cd437f2	Ermal Lu?i
400	eb20f3c5	Ermal Lu?i	if (empty($_POST['tunnelnet']))
401			$input_errors[] = "You must specify a 'Tunnel network'.";
402
403			if (count($input_errors) > 0) {
404			$savemsg = $input_errors[0];
405			$stepid = $stepid - 1;
406			}
407	81d3be1f	Ermal Lu?i	}
408
409	2ca50c87	Ermal Lu?i	function step12_submitphpaction() {
410	81d3be1f	Ermal Lu?i	global $config;
411
412			$pconfig = $config['ovpnserver'];
413
414			if (!is_array($config['ovpnserver'])) {
415			$message = "No configuration found please retry again.";
416	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
417			exit;
418	81d3be1f	Ermal Lu?i	}
419
420	59ca0954	Ermal Lu?i	if ($pconfig['step1']['type'] == "local") {
421			$auth = array();
422			$auth['name'] = "Local Database";
423			$auth['type'] = "local";
424			} else if (isset($pconfig['step2']['uselist'])) {
425	eb20f3c5	Ermal Lu?i	$auth = array();
426			$auth['type'] = $pconfig['step1']['type'];
427			$auth['refid'] = uniqid();
428			$auth['name'] = $pconfig['step2']['authtype'];
429	5ce63c3e	jim-p
430	eb20f3c5	Ermal Lu?i	if ($auth['type'] == "ldap") {
431			$auth['host'] = $pconfig['step2']['ip'];
432			$auth['ldap_port'] = $pconfig['step2']['port'];
433			if ($pconfig['step1']['transport'] == "tcp")
434			$auth['ldap_urltype'] = 'TCP - Standard';
435			else
436			$auth['ldap_urltype'] = 'SSL - Encrypted';
437			$auth['ldap_protver'] = 3;
438			$auth['ldap_scope'] = $pconfig['step2']['scope'];
439	99a00640	jim-p	$auth['ldap_basedn'] = $pconfig['step2']['basedn'];
440	eb20f3c5	Ermal Lu?i	$auth['ldap_authcn'] = $pconfig['step2']['authscope'];
441			$auth['ldap_binddn'] = $pconfig['step2']['userdn'];
442			$auth['ldap_bindpw'] = $pconfig['step2']['passdn'];
443			$auth['ldap_attr_user'] = $pconfig['step1']['nameattr'];
444			$auth['ldap_attr_member'] = $pconfig['step1']['memberattr'];
445			$auth['ldap_attr_group'] = $pconfig['step1']['groupattr'];
446			} else if ($auth['type'] == "radius") {
447			$auth['host'] = $pconfig['step2']['ip'];
448			$auth['radius_auth_port'] = $pconfig['step2']['port'];
449			$auth['radius_secret'] = $pconfig['step2']['password'];
450			$auth['radius_srvcs'] = "auth";
451			}
452			if (!is_array($config['system']['authserver']))
453			$config['system']['authserver'] = array();
454
455			$config['system']['authserver'][] = $auth;
456			} else if (!isset($pconfig['step2']['uselist']) && empty($pconfig['step2']['authserv'])) {
457			$message = "Please choose an authentication server .";
458	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
459			exit;
460	eb20f3c5	Ermal Lu?i	} else if (!($auth = auth_get_authserver($pconfig['step2']['authserv']))) {
461			$message = "Not a valid authentication server has been specified.";
462	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
463			exit;
464	eb20f3c5	Ermal Lu?i	}
465
466	eff77cb7	jim-p	if (isset($pconfig['step6']['uselist']) && !empty($pconfig['step6']['certca'])) {
467	eb20f3c5	Ermal Lu?i	$ca = array();
468			$ca['refid'] = uniqid();
469	f2a86ca9	jim-p	$ca['descr'] = $pconfig['step6']['certca'];
470	eb20f3c5	Ermal Lu?i	$dn = array(
471	2ca50c87	Ermal Lu?i	'countryName' => $pconfig['step6']['country'],
472			'stateOrProvinceName' => $pconfig['step6']['state'],
473			'localityName' => $pconfig['step6']['city'],
474			'organizationName' => $pconfig['step6']['organization'],
475			'emailAddress' => $pconfig['step6']['email'],
476	47aa4fc4	Ermal	'commonName' => $pconfig['step6']['certca']);
477	eb20f3c5	Ermal Lu?i
478	2ca50c87	Ermal Lu?i	ca_create($ca, $pconfig['step6']['keylength'], $pconfig['step6']['lifetime'], $dn);
479	4e990e1e	jim-p	if (!is_array($config['ca']))
480			$config['ca'] = array();
481	eb20f3c5	Ermal Lu?i
482	4e990e1e	jim-p	$config['ca'][] = $ca;
483	2ca50c87	Ermal Lu?i	} else if (!isset($pconfig['step6']['uselist']) && empty($pconfig['step6']['authcertca'])) {
484	ee3fe1e2	Chris Buechler	$message = "Please choose a Certificate Authority.";
485	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
486			exit;
487	2ca50c87	Ermal Lu?i	} else if (!($ca = lookup_ca($pconfig['step6']['authcertca']))) {
488	ee3fe1e2	Chris Buechler	$message = "Not a valid Certificate Authority specified.";
489	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
490			exit;
491	81d3be1f	Ermal Lu?i	}
492	eb20f3c5	Ermal Lu?i
493	2ca50c87	Ermal Lu?i	if (isset($pconfig['step9']['uselist'])) {
494	5ce63c3e	jim-p	$cert = array();
495			$cert['refid'] = uniqid();
496	f2a86ca9	jim-p	$cert['descr'] = $pconfig['step9']['certname'];
497	5ce63c3e	jim-p	$dn = array(
498			'countryName' => $pconfig['step9']['country'],
499			'stateOrProvinceName' => $pconfig['step9']['state'],
500			'localityName' => $pconfig['step9']['city'],
501			'organizationName' => $pconfig['step9']['organization'],
502			'emailAddress' => $pconfig['step9']['email'],
503			'commonName' => $pconfig['step9']['certname']);
504
505	fe4780a2	jim-p	cert_create($cert, $ca['refid'], $pconfig['step9']['keylength'], $pconfig['step9']['lifetime'], $dn, 'server');
506	4e990e1e	jim-p	if (!is_array($config['cert']))
507			$config['cert'] = array();
508	5ce63c3e	jim-p
509	4e990e1e	jim-p	$config['cert'][] = $cert;
510	c7ac47fd	jim-p	} else if (!isset($pconfig['step9']['uselist']) && empty($pconfig['step9']['authcertname'])) {
511	81d3be1f	Ermal Lu?i	$message = "Please choose a Certificate.";
512	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
513			exit;
514	2ca50c87	Ermal Lu?i	} else if (!($cert = lookup_cert($pconfig['step9']['authcertname']))) {
515	5ce63c3e	jim-p	$message = "Not a valid Certificate specified.";
516			header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
517			exit;
518			}
519	81d3be1f	Ermal Lu?i	$server = array();
520			$server['vpnid'] = openvpn_vpnid_next();
521	eb20f3c5	Ermal Lu?i	switch ($auth['type']) {
522			case "ldap":
523	5ce63c3e	jim-p	$server['authmode'] = $auth['name'];
524			$server['mode'] = "server_user";
525			break;
526			case "radius":
527			$server['authmode'] = $auth['name'];
528			$server['mode'] = "server_user";
529			break;
530			default:
531			$server['authmode'] = "Local Database";
532			$server['mode'] = "server_tls_user";
533			break;
534	eb20f3c5	Ermal Lu?i	}
535			$server['caref'] = $ca['refid'];
536			$server['certref'] = $cert['refid'];
537	2ca50c87	Ermal Lu?i	$server['protocol'] = $pconfig['step10']['protocol'];
538			$server['interface'] = $pconfig['step10']['interface'];
539			if (isset($pconfig['step10']['localport']))
540	dba6bcbf	Ermal Lu?i	$server['local_port'] = $pconfig['step10']['localport'];
541	1bd4b4dc	jim-p
542			if (strlen($pconfig['step10']['descr']) > 30)
543			$pconfig['step10']['descr'] = substr($pconfig['step10']['descr'], 0, 30);
544	2ca50c87	Ermal Lu?i	$server['description'] = $pconfig['step10']['descr'];
545			$server['custom_options'] = $pconfig['step10']['advanced'];
546			if (isset($pconfig['step10']['tlsauth'])) {
547			if (isset($pconfig['step10']['gentlskey']))
548	eb20f3c5	Ermal Lu?i	$tlskey = openvpn_create_key();
549			else
550	2ca50c87	Ermal Lu?i	$tlskey = $pconfig['step10']['tlskey'];
551	eb20f3c5	Ermal Lu?i	$server['tls'] = base64_encode($tlskey);
552			}
553	2ca50c87	Ermal Lu?i	$server['dh_length'] = $pconfig['step10']['dhkey'];
554			$server['tunnel_network'] = $pconfig['step10']['tunnelnet'];
555			if (isset($pconfig['step10']['rdrgw']))
556			$server['gwredir'] = $pconfig['step10']['rdrgw'];
557			if (isset($pconfig['step10']['localnet']))
558			$server['local_network'] = $pconfig['step10']['localnet'];
559			if (isset($pconfig['step10']['concurrentcon']))
560			$server['maxclients'] = $pconfig['step10']['concurrentcon'];
561			if (isset($pconfig['step10']['compression']))
562			$server['compression'] = $pconfig['step10']['compression'];
563			if (isset($pconfig['step10']['tos']))
564			$server['passtos'] = $pconfig['step10']['tos'];
565			if (isset($pconfig['step10']['interclient']))
566			$server['client2client'] = $pconfig['step10']['interclient'];
567	bca35cff	jim-p	if (isset($pconfig['step10']['duplicate_cn']))
568			$server['duplicate_cn'] = $pconfig['step10']['duplicate_cn'];
569	df6df70f	jim-p	if (isset($pconfig['step10']['dynip']))
570			$server['dynamic_ip'] = $pconfig['step10']['dynip'];
571	2ca50c87	Ermal Lu?i	if (isset($pconfig['step10']['addrpool']))
572			$server['pool_enable'] = $pconfig['step10']['addrpool'];
573			if (isset($pconfig['step10']['defaultdomain']))
574			$server['dns_domain'] = $pconfig['step10']['defaultdomain'];
575			if (isset($pconfig['step10']['dns1']))
576			$server['dns_server1'] = $pconfig['step10']['dns1'];
577			if (isset($pconfig['step10']['dns2']))
578			$server['dns_server2'] = $pconfig['step10']['dns2'];
579			if (isset($pconfig['step10']['dns3']))
580			$server['dns_server3'] = $pconfig['step10']['dns3'];
581			if (isset($pconfig['step10']['dns4']))
582			$server['dns_server4'] = $pconfig['step10']['dns4'];
583			if (isset($pconfig['step10']['ntp1']))
584			$server['ntp_server1'] = $pconfig['step10']['ntp1'];
585			if (isset($pconfig['step10']['ntp2']))
586			$server['ntp_server2'] = $pconfig['step10']['ntp2'];
587			if (isset($pconfig['step10']['wins1']))
588			$server['wins_server1'] = $pconfig['step10']['wins1'];
589			if (isset($pconfig['step10']['wins2']))
590			$server['wins_server2'] = $pconfig['step10']['wins2'];
591			if (isset($pconfig['step10']['nbtenable'])) {
592			$server['netbios_ntype'] = $pconfig['step10']['nbttype'];
593			if (isset($pconfig['step10']['nbtscope']))
594			$server['netbios_scope'] = $pconfig['step10']['nbtscope'];
595			$server['netbios_enable'] = $pconfig['step10']['nbtenable'];
596	eb20f3c5	Ermal Lu?i	}
597	2ca50c87	Ermal Lu?i	$server['crypto'] = $pconfig['step10']['crypto'];
598	582c58ae	jim-p	$server['engine'] = $pconfig['step10']['engine'];
599	dba6bcbf	Ermal Lu?i
600			if (isset($pconfig['step11']['ovpnrule'])) {
601			$rule = array();
602	d1d0a1ad	Vinicius Coque	$rule['descr'] = sprintf(gettext("OpenVPN %s wizard"),$server['description']);
603	1bd4b4dc	jim-p	/* Ensure the rule descr is not too long for pf to handle */
604			if (strlen($rule['descr']) > 52)
605			$rule['descr'] = substr($rule['descr'], 0, 52);
606	dba6bcbf	Ermal Lu?i	$rule['direction'] = "in";
607			$rule['source']['any'] = TRUE;
608			$rule['destination']['network'] = $server['interface'] . "ip";
609			$rule['destination']['port'] = $server['local_port'];
610			$rule['interface'] = $server['interface'];
611	6be90004	jim-p	$rule['protocol'] = strtolower($server['protocol']);
612	dba6bcbf	Ermal Lu?i	$rule['type'] = "pass";
613			$rule['enabled'] = "on";
614			$config['filter']['rule'][] = $rule;
615			}
616			if (isset($pconfig['step11']['ovpnallow'])) {
617	5ce63c3e	jim-p	$rule = array();
618	d1d0a1ad	Vinicius Coque	$rule['descr'] = sprintf(gettext("OpenVPN %s wizard"),$server['description']);
619	1bd4b4dc	jim-p	/* Ensure the rule descr is not too long for pf to handle */
620			if (strlen($rule['descr']) > 52)
621			$rule['descr'] = substr($rule['descr'], 0, 52);
622	5ce63c3e	jim-p	$rule['source']['any'] = TRUE;
623			$rule['destination']['any'] = TRUE;
624			$rule['interface'] = "openvpn";
625			//$rule['protocol'] = $server['protocol'];
626			$rule['type'] = "pass";
627			$rule['enabled'] = "on";
628			$config['filter']['rule'][] = $rule;
629			}
630
631	eb20f3c5	Ermal Lu?i	if (!is_array($config['openvpn']['openvpn-server']))
632			$config['openvpn']['openvpn-server'] = array();
633
634			$config['openvpn']['openvpn-server'][] = $server;
635	81d3be1f	Ermal Lu?i
636	eb20f3c5	Ermal Lu?i	openvpn_resync('server', $server);
637			write_config();
638			header("Location: vpn_openvpn_server.php");
639			exit;
640	4cd437f2	Ermal Lu?i	}
641	2ca50c87	Ermal Lu?i
642	4cd437f2	Ermal Lu?i	?>

Project

General

Profile

pfSense