Revision d237ba46
Added by Jim Pingle over 5 years ago
| src/etc/inc/openvpn.inc | ||
|---|---|---|
| 167 | 167 |
'ping_exit' => gettext("ping-exit -- Exit OpenVPN after timeout")
|
| 168 | 168 |
); |
| 169 | 169 |
|
| 170 |
global $openvpn_exit_notify_server; |
|
| 171 |
$openvpn_exit_notify_server = array( |
|
| 172 |
'none' => gettext("Disabled"),
|
|
| 173 |
'1' => gettext("Reconnect to this server / Retry once"),
|
|
| 174 |
'2' => gettext("Reconnect to next server / Retry twice"),
|
|
| 175 |
); |
|
| 176 |
|
|
| 177 |
global $openvpn_exit_notify_client; |
|
| 178 |
$openvpn_exit_notify_client = array( |
|
| 179 |
'none' => gettext("Disabled"),
|
|
| 180 |
); |
|
| 181 |
for ($i=1; $i<=5; $i++) {
|
|
| 182 |
$openvpn_exit_notify_client[$i] = sprintf(gettext("Retry %dx"), $i);
|
|
| 183 |
} |
|
| 184 |
|
|
| 170 | 185 |
function openvpn_build_mode_list() {
|
| 171 | 186 |
global $openvpn_server_modes; |
| 172 | 187 |
|
| ... | ... | |
| 1357 | 1372 |
$conf .= "fast-io\n"; |
| 1358 | 1373 |
} |
| 1359 | 1374 |
|
| 1375 |
/* Exit Notify. Only compatible with UDP. */ |
|
| 1376 |
if (!empty($settings['exit_notify']) && |
|
| 1377 |
is_numericint($settings['exit_notify']) && |
|
| 1378 |
(strtolower(substr($settings['protocol'], 0, 3)) == "udp")) {
|
|
| 1379 |
$conf .= "explicit-exit-notify {$settings['exit_notify']}\n";
|
|
| 1380 |
} |
|
| 1381 |
|
|
| 1360 | 1382 |
/* Send and Receive Buffer Settings */ |
| 1361 | 1383 |
if (is_numericint($settings['sndrcvbuf']) |
| 1362 | 1384 |
&& ($settings['sndrcvbuf'] > 0) |
| src/usr/local/www/vpn_openvpn_client.php | ||
|---|---|---|
| 162 | 162 |
$pconfig['auth-retry-none'] = $a_client[$id]['auth-retry-none']; |
| 163 | 163 |
$pconfig['passtos'] = $a_client[$id]['passtos']; |
| 164 | 164 |
$pconfig['udp_fast_io'] = $a_client[$id]['udp_fast_io']; |
| 165 |
$pconfig['exit_notify'] = $a_client[$id]['exit_notify']; |
|
| 165 | 166 |
$pconfig['sndrcvbuf'] = $a_client[$id]['sndrcvbuf']; |
| 166 | 167 |
$pconfig['topology'] = $a_client[$id]['topology']; |
| 167 | 168 |
|
| ... | ... | |
| 372 | 373 |
} |
| 373 | 374 |
} |
| 374 | 375 |
|
| 375 |
/* UDP Fast I/O is not compatible with TCP, so toss the option out when |
|
| 376 |
submitted since it can't be set this way legitimately. This also avoids |
|
| 377 |
having to perform any more trickery on the stored option to not preserve |
|
| 378 |
the value when changing modes. */ |
|
| 379 |
if ($pconfig['udp_fast_io'] && (strtolower(substr($pconfig['protocol'], 0, 3)) != "udp")) {
|
|
| 380 |
unset($pconfig['udp_fast_io']); |
|
| 376 |
/* UDP Fast I/O and Exit Notify are not compatible with TCP, so toss the |
|
| 377 |
* option out when submitted since it can't be set this way |
|
| 378 |
* legitimately. This also avoids having to perform any more trickery on |
|
| 379 |
* the stored option to not preserve the value when changing modes. */ |
|
| 380 |
if (strtolower(substr($pconfig['protocol'], 0, 3)) != "udp") {
|
|
| 381 |
if ($pconfig['udp_fast_io']) {
|
|
| 382 |
unset($pconfig['udp_fast_io']); |
|
| 383 |
} |
|
| 384 |
if ($pconfig['exit_notify']) {
|
|
| 385 |
unset($pconfig['exit_notify']); |
|
| 386 |
} |
|
| 387 |
} else {
|
|
| 388 |
if (!array_key_exists($pconfig['exit_notify'], $openvpn_exit_notify_client)) {
|
|
| 389 |
$input_errors[] = gettext("The Exit Notify value is invalid.");
|
|
| 390 |
} |
|
| 381 | 391 |
} |
| 382 | 392 |
|
| 383 | 393 |
if ($pconfig['udp_fast_io'] && (!empty($pconfig['use_shaper']))) {
|
| ... | ... | |
| 491 | 501 |
$client['auth-retry-none'] = $pconfig['auth-retry-none']; |
| 492 | 502 |
$client['passtos'] = $pconfig['passtos']; |
| 493 | 503 |
$client['udp_fast_io'] = $pconfig['udp_fast_io']; |
| 504 |
$client['exit_notify'] = $pconfig['exit_notify']; |
|
| 494 | 505 |
$client['sndrcvbuf'] = $pconfig['sndrcvbuf']; |
| 495 | 506 |
|
| 496 | 507 |
$client['route_no_pull'] = $pconfig['route_no_pull']; |
| ... | ... | |
| 1053 | 1064 |
))->setHelp('Optimizes the packet write event loop, improving CPU efficiency by 5% to 10%. ' .
|
| 1054 | 1065 |
'Not compatible with all platforms, and not compatible with OpenVPN bandwidth limiting.'); |
| 1055 | 1066 |
|
| 1067 |
$section->addInput(new Form_Select( |
|
| 1068 |
'exit_notify', |
|
| 1069 |
'Exit Notify', |
|
| 1070 |
$pconfig['exit_notify'], |
|
| 1071 |
$openvpn_exit_notify_client |
|
| 1072 |
))->setHelp('Send an explicit exit notification to connected servers/peers when restarting ' .
|
|
| 1073 |
'or shutting down, so they may immediately disconnect rather than waiting for a timeout. ' . |
|
| 1074 |
'This value controls how many times this instance will attempt to send the exit notification.'); |
|
| 1075 |
|
|
| 1056 | 1076 |
$section->addInput(new Form_Select( |
| 1057 | 1077 |
'sndrcvbuf', |
| 1058 | 1078 |
'Send/Receive Buffer', |
| ... | ... | |
| 1232 | 1252 |
|
| 1233 | 1253 |
function protocol_change() {
|
| 1234 | 1254 |
hideInput('interface', (($('#protocol').val().toLowerCase() == 'udp') || ($('#protocol').val().toLowerCase() == 'tcp')));
|
| 1235 |
hideCheckbox('udp_fast_io', !($('#protocol').val().substring(0, 3).toLowerCase() == 'udp'));
|
|
| 1255 |
var notudp = !($('#protocol').val().substring(0, 3).toLowerCase() == 'udp');
|
|
| 1256 |
hideCheckbox('udp_fast_io', notudp);
|
|
| 1257 |
hideInput('exit_notify', notudp);
|
|
| 1236 | 1258 |
} |
| 1237 | 1259 |
|
| 1238 | 1260 |
// Process "Automatically generate a shared key" checkbox |
| src/usr/local/www/vpn_openvpn_server.php | ||
|---|---|---|
| 32 | 32 |
require_once("pfsense-utils.inc");
|
| 33 | 33 |
require_once("pkg-utils.inc");
|
| 34 | 34 |
|
| 35 |
global $openvpn_topologies, $openvpn_tls_modes; |
|
| 35 |
global $openvpn_topologies, $openvpn_tls_modes, $openvpn_exit_notify_server;
|
|
| 36 | 36 |
|
| 37 | 37 |
init_config_arr(array('openvpn', 'openvpn-server'));
|
| 38 | 38 |
$a_server = &$config['openvpn']['openvpn-server']; |
| ... | ... | |
| 251 | 251 |
|
| 252 | 252 |
$pconfig['push_blockoutsidedns'] = $a_server[$id]['push_blockoutsidedns']; |
| 253 | 253 |
$pconfig['udp_fast_io'] = $a_server[$id]['udp_fast_io']; |
| 254 |
$pconfig['exit_notify'] = $a_server[$id]['exit_notify']; |
|
| 254 | 255 |
$pconfig['sndrcvbuf'] = $a_server[$id]['sndrcvbuf']; |
| 255 | 256 |
$pconfig['push_register_dns'] = $a_server[$id]['push_register_dns']; |
| 256 | 257 |
|
| ... | ... | |
| 495 | 496 |
} |
| 496 | 497 |
} |
| 497 | 498 |
|
| 498 |
/* UDP Fast I/O is not compatible with TCP, so toss the option out when |
|
| 499 |
submitted since it can't be set this way legitimately. This also avoids |
|
| 500 |
having to perform any more trickery on the stored option to not preserve |
|
| 501 |
the value when changing modes. */ |
|
| 502 |
if ($pconfig['udp_fast_io'] && (strtolower(substr($pconfig['protocol'], 0, 3)) != "udp")) {
|
|
| 503 |
unset($pconfig['udp_fast_io']); |
|
| 499 |
/* UDP Fast I/O and Exit Notify are not compatible with TCP, so toss the |
|
| 500 |
* option out when submitted since it can't be set this way |
|
| 501 |
* legitimately. This also avoids having to perform any more trickery on |
|
| 502 |
* the stored option to not preserve the value when changing modes. */ |
|
| 503 |
if (strtolower(substr($pconfig['protocol'], 0, 3)) != "udp") {
|
|
| 504 |
if ($pconfig['udp_fast_io']) {
|
|
| 505 |
unset($pconfig['udp_fast_io']); |
|
| 506 |
} |
|
| 507 |
if ($pconfig['exit_notify']) {
|
|
| 508 |
unset($pconfig['exit_notify']); |
|
| 509 |
} |
|
| 510 |
} else {
|
|
| 511 |
if (!array_key_exists($pconfig['exit_notify'], $openvpn_exit_notify_server)) {
|
|
| 512 |
$input_errors[] = gettext("The Exit Notify value is invalid.");
|
|
| 513 |
} |
|
| 504 | 514 |
} |
| 505 | 515 |
|
| 506 | 516 |
if (!empty($pconfig['sndrcvbuf']) && !array_key_exists($pconfig['sndrcvbuf'], openvpn_get_buffer_values())) {
|
| ... | ... | |
| 630 | 640 |
if ($pconfig['udp_fast_io']) {
|
| 631 | 641 |
$server['udp_fast_io'] = $pconfig['udp_fast_io']; |
| 632 | 642 |
} |
| 643 |
if ($pconfig['exit_notify']) {
|
|
| 644 |
$server['exit_notify'] = $pconfig['exit_notify']; |
|
| 645 |
} |
|
| 633 | 646 |
$server['sndrcvbuf'] = $pconfig['sndrcvbuf']; |
| 634 | 647 |
if ($pconfig['push_register_dns']) {
|
| 635 | 648 |
$server['push_register_dns'] = $pconfig['push_register_dns']; |
| ... | ... | |
| 1479 | 1492 |
))->setHelp('Optimizes the packet write event loop, improving CPU efficiency by 5% to 10%. ' .
|
| 1480 | 1493 |
'Not compatible with all platforms, and not compatible with OpenVPN bandwidth limiting.'); |
| 1481 | 1494 |
|
| 1495 |
$section->addInput(new Form_Select( |
|
| 1496 |
'exit_notify', |
|
| 1497 |
'Exit Notify', |
|
| 1498 |
$pconfig['exit_notify'], |
|
| 1499 |
$openvpn_exit_notify_server |
|
| 1500 |
))->setHelp('Send an explicit exit notification to connected clients/peers when restarting ' .
|
|
| 1501 |
'or shutting down, so they may immediately disconnect rather than waiting for a timeout. ' . |
|
| 1502 |
'In SSL/TLS Server modes, clients may be directed to reconnect or use the next server. ' . |
|
| 1503 |
'In Peer-to-Peer Shared Key or with a /30 Tunnel Network, this value controls how ' . |
|
| 1504 |
'many times this instance will attempt to send the exit notification.'); |
|
| 1505 |
|
|
| 1482 | 1506 |
$section->addInput(new Form_Select( |
| 1483 | 1507 |
'sndrcvbuf', |
| 1484 | 1508 |
'Send/Receive Buffer', |
| ... | ... | |
| 1764 | 1788 |
|
| 1765 | 1789 |
function protocol_change() {
|
| 1766 | 1790 |
hideInput('interface', (($('#protocol').val().toLowerCase() == 'udp') || ($('#protocol').val().toLowerCase() == 'tcp')));
|
| 1767 |
hideCheckbox('udp_fast_io', !($('#protocol').val().substring(0, 3).toLowerCase() == 'udp'));
|
|
| 1791 |
var notudp = !($('#protocol').val().substring(0, 3).toLowerCase() == 'udp');
|
|
| 1792 |
hideCheckbox('udp_fast_io', notudp);
|
|
| 1793 |
hideInput('exit_notify', notudp);
|
|
| 1768 | 1794 |
} |
| 1769 | 1795 |
|
| 1770 | 1796 |
// Process "Enable authentication of TLS packets" checkbox |
Also available in: Unified diff
Add exit notify to OpenVPN servers/clients. Implements #9078
(cherry picked from commit 7591a72a5108a2ac28d28745cec43ea282869aae)