/usr/local/www/wizards/openvpn_wizard.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/wizards/openvpn_wizard.inc @ d48dbceb

1	4cd437f2	Ermal Lu?i	<?php
2	1e99f2ea	Ermal	/*
3	5ce63c3e	jim-p	Copyright (C) 2010 Ermal Lu?i
4			All rights reserved.
5
6			Redistribution and use in source and binary forms, with or without
7			modification, are permitted provided that the following conditions are met:
8
9			1. Redistributions of source code must retain the above copyright notice,
10			this list of conditions and the following disclaimer.
11
12			2. Redistributions in binary form must reproduce the above copyright
13			notice, this list of conditions and the following disclaimer in the
14			documentation and/or other materials provided with the distribution.
15
16			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
17			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
18			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
20			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25			POSSIBILITY OF SUCH DAMAGE.
26
27			pfSense_MODULE: openvpn
28	1e99f2ea	Ermal	*/
29	eb20f3c5	Ermal Lu?i	require_once("openvpn.inc");
30	4cd437f2	Ermal Lu?i
31	8f87a4a2	jim-p	function has_special_chars($text) {
32			return ereg('[^A-Za-z0-9 _-]', $text);
33			}
34
35	2ca50c87	Ermal Lu?i	function step1_submitphpaction() {
36			global $stepid, $config;
37	4cd437f2	Ermal Lu?i	if ($_POST['authtype'] == "local") {
38	916fae48	jim-p	$stepid = 4;
39	2ca50c87	Ermal Lu?i	$config['ovpnserver']['step1']['type'] = "local";
40	4cd437f2	Ermal Lu?i	} else if ($_POST['authtype'] == "ldap") {
41	eb20f3c5	Ermal Lu?i	$stepid = 0;
42	4cd437f2	Ermal Lu?i	} else if ($_POST['authtype'] == "radius") {
43	dba6bcbf	Ermal Lu?i	$stepid = 2;
44	2ca50c87	Ermal Lu?i	$config['ovpnserver']['step1']['type'] = "radius";
45			unset($config['ovpnserver']['step1']['uselist']);
46	4cd437f2	Ermal Lu?i	}
47			}
48
49	2ca50c87	Ermal Lu?i	function step2_stepbeforeformdisplay() {
50	19142256	Ermal Lu?i	global $pkg, $stepid;
51	4cd437f2	Ermal Lu?i
52			$fields =& $pkg['step'][1]['fields']['field'];
53	5ce63c3e	jim-p
54	30e86d57	Ermal Lu?i	$found = false;
55	4cd437f2	Ermal Lu?i	$authlist = auth_get_authserver_list();
56	dba6bcbf	Ermal Lu?i	$fields[1]['options']['option'] = array();
57	4cd437f2	Ermal Lu?i	foreach ($authlist as $i => $auth) {
58	30e86d57	Ermal Lu?i	if ($auth['type'] != "ldap")
59	4cd437f2	Ermal Lu?i	continue;
60	30e86d57	Ermal Lu?i	$found = true;
61	5ce63c3e	jim-p	$opts = array();
62			$opts['name'] = $auth['name'];
63			$opts['value'] = $auth['name'];
64			$fields[1]['options']['option'][] = $opts;
65	4cd437f2	Ermal Lu?i	}
66	65d6d7fc	Ermal Lu?i	if ($found == false) {
67	5ce63c3e	jim-p	$stepid = 2;
68	30e86d57	Ermal Lu?i	}
69	2ca50c87	Ermal Lu?i	}
70
71			function step2_submitphpaction() {
72	dba6bcbf	Ermal Lu?i	global $stepid;
73	2ca50c87	Ermal Lu?i
74	59ca0954	Ermal Lu?i	if (isset($_POST['next'])) {
75			$_POST['uselist'] = "";
76	7a2ec71b	Ermal Lu?i	$stepid +=3;
77	59ca0954	Ermal Lu?i	}
78	4cd437f2	Ermal Lu?i	}
79
80			function step3_submitphpaction() {
81	59ca0954	Ermal Lu?i	global $stepid, $savemsg, $config;
82	9b4e659a	Ermal Lu?i
83	99a00640	jim-p	/* Default LDAP port is 389 for TCP and 636 for SSL */
84			if (empty($_POST['port'])) {
85			if ($_POST['transport'] == "tcp")
86	494b4e60	jim-p	$config['ovpnserver']['step2']['port'] = 389;
87	99a00640	jim-p	elseif ($_POST['transport'] == "ssl")
88	494b4e60	jim-p	$config['ovpnserver']['step2']['port'] = 636;
89	c88c2df9	jim-p	} elseif (!is_port($_POST['port'])) {
90			$stepid--;
91			$savemsg = "Please enter a valid port number.";
92	99a00640	jim-p	}
93
94			if (empty($_POST['name']) \|\| empty($_POST['ip']) \|\|empty($_POST['transport']) \|\|
95			empty($_POST['scope']) \|\| empty($_POST['basedn']) \|\| empty($_POST['authscope']) \|\| empty($_POST['nameattr'])) {
96	dba6bcbf	Ermal Lu?i	$stepid--;
97			$savemsg = "Please enter all information for authentication server.";
98			} else if (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
99			$stepid--;
100			$savemsg = "Please choose a different name because an authentication server with this name already exists.";
101	c88c2df9	jim-p	} elseif (!is_fqdn($_POST['ip']) && !is_ipaddr($_POST['ip'])) {
102			$stepid--;
103			$savemsg = "Please enter a valid IP address or hostname for the authentication server.";
104	dba6bcbf	Ermal Lu?i	} else {
105	59ca0954	Ermal Lu?i	$config['ovpnserver']['step2']['uselist'] = "on";
106	dba6bcbf	Ermal Lu?i	$_POST['uselist'] = "on";
107			$stepid += 2;
108	4cd437f2	Ermal Lu?i	}
109			}
110
111			function step4_stepbeforeformdisplay() {
112	5ce63c3e	jim-p	global $pkg, $stepid;
113	4cd437f2	Ermal Lu?i
114	5ce63c3e	jim-p	$fields =& $pkg['step'][3]['fields']['field'];
115	4cd437f2	Ermal Lu?i
116	30e86d57	Ermal Lu?i	$found = false;
117	5ce63c3e	jim-p	$authlist = auth_get_authserver_list();
118			$fields[1]['options']['option'] = array();
119			foreach ($authlist as $i => $auth) {
120			if ($auth['type'] != "radius")
121			continue;
122	30e86d57	Ermal Lu?i	$found = true;
123	5ce63c3e	jim-p	$opts = array();
124			$opts['name'] = $auth['name'];
125			$opts['value'] = $auth['name'];
126			$fields[1]['options']['option'][] = $opts;
127			}
128	65d6d7fc	Ermal Lu?i	if ($found == false)
129	5ce63c3e	jim-p	$stepid = 4;
130	4cd437f2	Ermal Lu?i	}
131
132			function step4_submitphpaction() {
133	5ce63c3e	jim-p	global $stepid;
134	2ca50c87	Ermal Lu?i
135	59ca0954	Ermal Lu?i	if (isset($_POST['next'])) {
136	5ce63c3e	jim-p	$_POST['uselist'] = "";
137			$stepid++;
138			}
139	2ca50c87	Ermal Lu?i	}
140
141			function step5_submitphpaction() {
142	59ca0954	Ermal Lu?i	global $stepid, $savemsg, $config;
143	9b4e659a	Ermal Lu?i
144	916fae48	jim-p	/* Default RADIUS Auth port = 1812 */
145	c88c2df9	jim-p	if (empty($_POST['port'])) {
146	494b4e60	jim-p	$config['ovpnserver']['step2']['port'] = 1812;
147	c88c2df9	jim-p	} elseif (!is_port($_POST['port'])) {
148			$stepid--;
149			$savemsg = "Please enter a valid port number.";
150			}
151	916fae48	jim-p
152			if (empty($_POST['name']) \|\| empty($_POST['ip']) \|\| empty($_POST['secret'])) {
153	dba6bcbf	Ermal Lu?i	$stepid--;
154	5ce63c3e	jim-p	$savemsg = "Please enter all information for authentication server.";
155	dba6bcbf	Ermal Lu?i	} else if (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
156			$stepid--;
157			$savemsg = "Please choose a different name because an authentication server with this name already exists.";
158	c88c2df9	jim-p	} elseif (!is_fqdn($_POST['ip']) && !is_ipaddr($_POST['ip'])) {
159			$stepid--;
160			$savemsg = "Please enter a valid IP address or hostname for the authentication server.";
161	5ce63c3e	jim-p	} else {
162	59ca0954	Ermal Lu?i	$config['ovpnserver']['step2']['uselist'] = "on";
163	dba6bcbf	Ermal Lu?i	$_POST['uselist'] = "on";
164	59ca0954	Ermal Lu?i	}
165	4cd437f2	Ermal Lu?i	}
166
167	2ca50c87	Ermal Lu?i	function step6_stepbeforeformdisplay() {
168			global $stepid, $config;
169	9b4e659a	Ermal Lu?i
170	4e990e1e	jim-p	if (count($config['ca']) < 1) {
171	dba6bcbf	Ermal Lu?i	$stepid++;
172	2ca50c87	Ermal Lu?i	}
173			}
174
175			function step6_submitphpaction() {
176	59ca0954	Ermal Lu?i	global $stepid, $config;
177	2ca50c87	Ermal Lu?i
178	59ca0954	Ermal Lu?i	if (isset($_POST['next'])) {
179	5ce63c3e	jim-p	$_POST['uselist'] = "";
180			$stepid++;
181			} else {
182	59ca0954	Ermal Lu?i	$config['ovpnserver']['step6']['uselist'] = "on";
183	5ce63c3e	jim-p	$_POST['uselist'] = "on";
184	59ca0954	Ermal Lu?i	}
185	2ca50c87	Ermal Lu?i	}
186
187			function step7_submitphpaction() {
188	9f200d71	jim-p	global $input_errors, $stepid, $savemsg, $_POST, $config;
189	a84eb838	jim-p
190	6f8b8ed0	jim-p	$canames = array();
191	a84eb838	jim-p	$cacns = array();
192	4e990e1e	jim-p	if (is_array($config['ca'])) {
193			foreach($config['ca'] as $ca) {
194	f2a86ca9	jim-p	$canames[] = $ca['descr'];
195	27e21d1c	jim-p	$cainfo = cert_get_subject_hash($ca['crt']);
196			$cacns[] = $cainfo["CN"];
197			}
198	6f8b8ed0	jim-p	}
199	dba6bcbf	Ermal Lu?i
200	8f87a4a2	jim-p	if (empty($_POST['descr']) \|\| empty($_POST['keylength']) \|\| empty($_POST['lifetime']) \|\|
201	5ce63c3e	jim-p	empty($_POST['country']) \|\| empty($_POST['state']) \|\| empty($_POST['city']) \|\|
202			empty($_POST['organization']) \|\| empty($_POST['email'])) {
203	dba6bcbf	Ermal Lu?i	$stepid--;
204	5ce63c3e	jim-p	$savemsg = "Please enter all information for the new Certificate Authority.";
205	8f87a4a2	jim-p	} elseif (has_special_chars($_POST['country']) \|\| has_special_chars($_POST['state']) \|\|
206			has_special_chars($_POST['city']) \|\| has_special_chars($_POST['organization'])) {
207			$stepid--;
208	9f200d71	jim-p	$input_errors[] = "Please do not use special characters in Certificate field names.";
209	8f87a4a2	jim-p	} elseif (in_array($_POST['descr'], $canames) \|\| in_array($_POST['descr'], $cacns)) {
210	6f8b8ed0	jim-p	$stepid--;
211			$savemsg = "Please enter a different name for the Certicicate Authority. A Certificate Authority with that name already exists.";
212	6e6a5ce3	jim-p	} elseif (strlen($_POST['country']) != 2) {
213			$stepid--;
214			$savemsg = "Please enter only a two-letter ISO country code";
215	5ce63c3e	jim-p	} else {
216	e6fba3b4	Ermal Lu?i	$config['ovpnserver']['step6']['uselist'] = "on";
217	dba6bcbf	Ermal Lu?i	$_POST['uselist'] = "on";
218	59ca0954	Ermal Lu?i	}
219	4cd437f2	Ermal Lu?i	}
220
221	2ca50c87	Ermal Lu?i	function step8_stepbeforeformdisplay() {
222	5ce63c3e	jim-p	global $stepid, $config;
223	9b4e659a	Ermal Lu?i
224	4e990e1e	jim-p	if (count($config['cert']) < 1 \|\|
225	f2a86ca9	jim-p	(count($config['cert']) == 1 && stristr($config['cert'][0]['descr'], "webconf"))) {
226	dba6bcbf	Ermal Lu?i	$stepid++;
227	5ce63c3e	jim-p	}
228	2ca50c87	Ermal Lu?i	}
229
230			function step8_submitphpaction() {
231	dba6bcbf	Ermal Lu?i	global $stepid, $_POST;
232	2ca50c87	Ermal Lu?i
233	59ca0954	Ermal Lu?i	if (isset($_POST['next'])) {
234	5ce63c3e	jim-p	$_POST['uselist'] = "";
235			$stepid++;
236			}
237	2ca50c87	Ermal Lu?i	}
238
239	bd4d0f89	Ermal	function step9_stepbeforeformdisplay() {
240	a314bebc	Ermal	global $config, $pkg, $stepid;
241	bd4d0f89	Ermal
242			$pconfig = $config['ovpnserver'];
243
244			if (isset($pconfig['step6']['uselist'])) {
245	5ce63c3e	jim-p	$country = $pconfig['step6']['country'];
246			$state = $pconfig['step6']['state'];
247			$city = $pconfig['step6']['city'];
248			$org = $pconfig['step6']['organization'];
249			} else {
250	bd4d0f89	Ermal	$ca = lookup_ca($pconfig['step6']['authcertca']);
251			$cavl = cert_get_subject_array($ca['crt']);
252			$country = $cavl[0]['v'];
253			$state = $cavl[1]['v'];
254			$city = $cavl[2]['v'];
255			$org = $cavl[3]['v'];
256	5ce63c3e	jim-p	}
257	bd4d0f89	Ermal	$fields =& $pkg['step'][$stepid]['fields']['field'];
258
259			foreach ($fields as $idx => $field) {
260			switch ($field['name']) {
261			case 'country':
262			$fields[$idx]['value'] = $country;
263			break;
264			case 'state':
265			$fields[$idx]['value'] = $state;
266			break;
267			case 'city':
268			$fields[$idx]['value'] = $city;
269			break;
270			case 'organization':
271			$fields[$idx]['value'] = $org;
272			break;
273			}
274			}
275			}
276
277	2ca50c87	Ermal Lu?i	function step9_submitphpaction() {
278	9f200d71	jim-p	global $input_errors, $stepid, $savemsg, $_POST, $config;
279	2ca50c87	Ermal Lu?i
280	6f8b8ed0	jim-p	$certnames = array();
281	a84eb838	jim-p	$certcns = array();
282	4e990e1e	jim-p	if (is_array($config['cert'])) {
283			foreach($config['cert'] as $cert) {
284	f2a86ca9	jim-p	$certnames[] = $cert['descr'];
285	4f529aa8	Chris Buechler	$certinfo = cert_get_subject_hash($cert['crt']);
286			$certcns[] = $certinfo["CN"];
287			}
288	6f8b8ed0	jim-p	}
289
290	8f87a4a2	jim-p	if (empty($_POST['descr']) \|\| empty($_POST['keylength']) \|\| empty($_POST['lifetime']) \|\|
291	2ca50c87	Ermal Lu?i	empty($_POST['country']) \|\| empty($_POST['state']) \|\| empty($_POST['city']) \|\|
292	47aa4fc4	Ermal	empty($_POST['organization']) \|\| empty($_POST['email'])) {
293	dba6bcbf	Ermal Lu?i	$stepid--;
294	5ce63c3e	jim-p	$savemsg = "Please enter all information for the new certificate.";
295	8f87a4a2	jim-p	} elseif (has_special_chars($_POST['country']) \|\| has_special_chars($_POST['state']) \|\|
296			has_special_chars($_POST['city']) \|\| has_special_chars($_POST['organization'])) {
297			$stepid--;
298	9f200d71	jim-p	$input_errors[] = "Please do not use special characters in Certificate field names.";
299	8f87a4a2	jim-p	} elseif (in_array($_POST['descr'], $certnames) \|\| in_array($_POST['descr'], $certcns)) {
300	6f8b8ed0	jim-p	$stepid--;
301	a84eb838	jim-p	$savemsg = "Please enter a different name for the Certicicate. A Certificate with that name/common name already exists.";
302	6e6a5ce3	jim-p	} elseif (strlen($_POST['country']) != 2) {
303			$stepid--;
304			$savemsg = "Please enter only a two-letter ISO country code";
305	5ce63c3e	jim-p	} else {
306	59ca0954	Ermal Lu?i	$config['ovpnserver']['step9']['uselist'] = "on";
307	dba6bcbf	Ermal Lu?i	$_POST['uselist'] = "on";
308			}
309	eb20f3c5	Ermal Lu?i	}
310
311	2ca50c87	Ermal Lu?i	function step10_stepbeforeformdisplay() {
312	eb20f3c5	Ermal Lu?i	global $pkg, $stepid, $netbios_nodetypes;
313
314			foreach ($pkg['step'][$stepid]['fields']['field'] as $idx => $field) {
315			if ($field['name'] == "crypto") {
316	5ce63c3e	jim-p	$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
317	eb20f3c5	Ermal Lu?i	$cipherlist = openvpn_get_cipherlist();
318	979fb419	Ermal	foreach ($cipherlist as $name => $desc) {
319	eb20f3c5	Ermal Lu?i	$opt = array();
320	5ce63c3e	jim-p	$opt['name'] = $desc;
321			$opt['value'] = $name;
322			$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
323	979fb419	Ermal	}
324	eb20f3c5	Ermal Lu?i	} else if ($field['name'] == "nbttype") {
325	5ce63c3e	jim-p	$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
326	eb20f3c5	Ermal Lu?i	foreach ($netbios_nodetypes as $type => $name) {
327			$opt = array();
328			$opt['name'] = $name;
329			$opt['value'] = $type;
330	5ce63c3e	jim-p	$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
331	eb20f3c5	Ermal Lu?i	}
332	f9fa5d10	Ermal	} else if ($field['name'] == "localport") {
333	c0f650c4	jim-p	$pkg['step'][$stepid]['fields']['field'][$idx]['value'] = openvpn_port_next('UDP');
334	eb20f3c5	Ermal Lu?i	}
335			}
336	4cd437f2	Ermal Lu?i	}
337
338	2ca50c87	Ermal Lu?i	function step10_submitphpaction() {
339	eb20f3c5	Ermal Lu?i	global $savemsg, $stepid;
340
341	c0f650c4	jim-p	/* Default OpenVPN port to next available port if left empty. */
342	5ce63c3e	jim-p	if (empty($_POST['localport']))
343	c0f650c4	jim-p	$pconfig["step10"]["localport"] = openvpn_port_next('UDP');
344	5ce63c3e	jim-p
345	eb20f3c5	Ermal Lu?i	/* input validation */
346	5ce63c3e	jim-p	if ($result = openvpn_validate_port($_POST['localport'], 'Local port'))
347			$input_errors[] = $result;
348	eb20f3c5	Ermal Lu?i
349	5ce63c3e	jim-p	if ($result = openvpn_validate_cidr($_POST['tunnelnet'], 'Tunnel network'))
350			$input_errors[] = $result;
351	eb20f3c5	Ermal Lu?i
352	5ce63c3e	jim-p	if ($result = openvpn_validate_cidr($_POST['localnet'], 'Local network'))
353			$input_errors[] = $result;
354	eb20f3c5	Ermal Lu?i
355			$portused = openvpn_port_used($_POST['protocol'], $_POST['localport']);
356			if ($portused != 0)
357	5ce63c3e	jim-p	$input_errors[] = "The specified 'Local port' is in use. Please select another value";
358
359	eb20f3c5	Ermal Lu?i	if (!isset($_POST['generatetlskey']) && isset($_POST['tlsauthentication']))
360			if (!strstr($_POST['tlssharedkey'], "-----BEGIN OpenVPN Static key V1-----") \|\|
361			!strstr($_POST['tlssharedkey'], "-----END OpenVPN Static key V1-----"))
362	5ce63c3e	jim-p	$input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid";
363	eb20f3c5	Ermal Lu?i
364			if (!empty($_POST['dnsserver1']) && !is_ipaddr(trim($_POST['dnsserver1'])))
365			$input_errors[] = "The field 'DNS Server #1' must contain a valid IP address";
366			if (!empty($_POST['dnsserver2']) && !is_ipaddr(trim($_POST['dnsserver2'])))
367			$input_errors[] = "The field 'DNS Server #2' must contain a valid IP address";
368			if (!empty($_POST['dnsserver3']) && !is_ipaddr(trim($_POST['dnsserver3'])))
369			$input_errors[] = "The field 'DNS Server #3' must contain a valid IP address";
370			if (!empty($_POST['dnsserver4']) && !is_ipaddr(trim($_POST['dnsserver4'])))
371			$input_errors[] = "The field 'DNS Server #4' must contain a valid IP address";
372
373			if (!empty($_POST['ntpserver1']) && !is_ipaddr(trim($_POST['ntpserver1'])))
374			$input_errors[] = "The field 'NTP Server #1' must contain a valid IP address";
375			if (!empty($_POST['ntpserver2']) && !is_ipaddr(trim($_POST['ntpserver2'])))
376			$input_errors[] = "The field 'NTP Server #2' must contain a valid IP address";
377
378			if (!empty($_POST['winsserver1']) && !is_ipaddr(trim($_POST['winsserver1'])))
379			$input_errors[] = "The field 'WINS Server #1' must contain a valid IP address";
380			if (!empty($_POST['winsserver2']) && !is_ipaddr(trim($_POST['winsserver2'])))
381			$input_errors[] = "The field 'WINS Server #2' must contain a valid IP address";
382
383			if ($_POST['concurrentcon'] && !is_numeric($_POST['concurrentcon']))
384	5ce63c3e	jim-p	$input_errors[] = "The field 'Concurrent connections' must be numeric.";
385	4cd437f2	Ermal Lu?i
386	eb20f3c5	Ermal Lu?i	if (empty($_POST['tunnelnet']))
387			$input_errors[] = "You must specify a 'Tunnel network'.";
388
389			if (count($input_errors) > 0) {
390			$savemsg = $input_errors[0];
391			$stepid = $stepid - 1;
392			}
393	81d3be1f	Ermal Lu?i	}
394
395	2ca50c87	Ermal Lu?i	function step12_submitphpaction() {
396	81d3be1f	Ermal Lu?i	global $config;
397
398			$pconfig = $config['ovpnserver'];
399
400			if (!is_array($config['ovpnserver'])) {
401			$message = "No configuration found please retry again.";
402	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
403			exit;
404	81d3be1f	Ermal Lu?i	}
405
406	59ca0954	Ermal Lu?i	if ($pconfig['step1']['type'] == "local") {
407			$auth = array();
408			$auth['name'] = "Local Database";
409			$auth['type'] = "local";
410			} else if (isset($pconfig['step2']['uselist'])) {
411	eb20f3c5	Ermal Lu?i	$auth = array();
412			$auth['type'] = $pconfig['step1']['type'];
413			$auth['refid'] = uniqid();
414			$auth['name'] = $pconfig['step2']['authtype'];
415	5ce63c3e	jim-p
416	eb20f3c5	Ermal Lu?i	if ($auth['type'] == "ldap") {
417			$auth['host'] = $pconfig['step2']['ip'];
418			$auth['ldap_port'] = $pconfig['step2']['port'];
419			if ($pconfig['step1']['transport'] == "tcp")
420			$auth['ldap_urltype'] = 'TCP - Standard';
421			else
422			$auth['ldap_urltype'] = 'SSL - Encrypted';
423			$auth['ldap_protver'] = 3;
424			$auth['ldap_scope'] = $pconfig['step2']['scope'];
425	99a00640	jim-p	$auth['ldap_basedn'] = $pconfig['step2']['basedn'];
426	eb20f3c5	Ermal Lu?i	$auth['ldap_authcn'] = $pconfig['step2']['authscope'];
427			$auth['ldap_binddn'] = $pconfig['step2']['userdn'];
428			$auth['ldap_bindpw'] = $pconfig['step2']['passdn'];
429			$auth['ldap_attr_user'] = $pconfig['step1']['nameattr'];
430			$auth['ldap_attr_member'] = $pconfig['step1']['memberattr'];
431			$auth['ldap_attr_group'] = $pconfig['step1']['groupattr'];
432			} else if ($auth['type'] == "radius") {
433			$auth['host'] = $pconfig['step2']['ip'];
434			$auth['radius_auth_port'] = $pconfig['step2']['port'];
435			$auth['radius_secret'] = $pconfig['step2']['password'];
436			$auth['radius_srvcs'] = "auth";
437			}
438			if (!is_array($config['system']['authserver']))
439			$config['system']['authserver'] = array();
440
441			$config['system']['authserver'][] = $auth;
442			} else if (!isset($pconfig['step2']['uselist']) && empty($pconfig['step2']['authserv'])) {
443			$message = "Please choose an authentication server .";
444	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
445			exit;
446	eb20f3c5	Ermal Lu?i	} else if (!($auth = auth_get_authserver($pconfig['step2']['authserv']))) {
447			$message = "Not a valid authentication server has been specified.";
448	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
449			exit;
450	eb20f3c5	Ermal Lu?i	}
451
452	eff77cb7	jim-p	if (isset($pconfig['step6']['uselist']) && !empty($pconfig['step6']['certca'])) {
453	eb20f3c5	Ermal Lu?i	$ca = array();
454			$ca['refid'] = uniqid();
455	f2a86ca9	jim-p	$ca['descr'] = $pconfig['step6']['certca'];
456	eb20f3c5	Ermal Lu?i	$dn = array(
457	2ca50c87	Ermal Lu?i	'countryName' => $pconfig['step6']['country'],
458			'stateOrProvinceName' => $pconfig['step6']['state'],
459			'localityName' => $pconfig['step6']['city'],
460			'organizationName' => $pconfig['step6']['organization'],
461			'emailAddress' => $pconfig['step6']['email'],
462	47aa4fc4	Ermal	'commonName' => $pconfig['step6']['certca']);
463	eb20f3c5	Ermal Lu?i
464	2ca50c87	Ermal Lu?i	ca_create($ca, $pconfig['step6']['keylength'], $pconfig['step6']['lifetime'], $dn);
465	4e990e1e	jim-p	if (!is_array($config['ca']))
466			$config['ca'] = array();
467	eb20f3c5	Ermal Lu?i
468	4e990e1e	jim-p	$config['ca'][] = $ca;
469	2ca50c87	Ermal Lu?i	} else if (!isset($pconfig['step6']['uselist']) && empty($pconfig['step6']['authcertca'])) {
470	ee3fe1e2	Chris Buechler	$message = "Please choose a Certificate Authority.";
471	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
472			exit;
473	2ca50c87	Ermal Lu?i	} else if (!($ca = lookup_ca($pconfig['step6']['authcertca']))) {
474	ee3fe1e2	Chris Buechler	$message = "Not a valid Certificate Authority specified.";
475	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
476			exit;
477	81d3be1f	Ermal Lu?i	}
478	eb20f3c5	Ermal Lu?i
479	2ca50c87	Ermal Lu?i	if (isset($pconfig['step9']['uselist'])) {
480	5ce63c3e	jim-p	$cert = array();
481			$cert['refid'] = uniqid();
482	f2a86ca9	jim-p	$cert['descr'] = $pconfig['step9']['certname'];
483	5ce63c3e	jim-p	$dn = array(
484			'countryName' => $pconfig['step9']['country'],
485			'stateOrProvinceName' => $pconfig['step9']['state'],
486			'localityName' => $pconfig['step9']['city'],
487			'organizationName' => $pconfig['step9']['organization'],
488			'emailAddress' => $pconfig['step9']['email'],
489			'commonName' => $pconfig['step9']['certname']);
490
491			cert_create($cert, $ca['refid'], $pconfig['step9']['keylength'], $pconfig['step9']['lifetime'], $dn);
492	4e990e1e	jim-p	if (!is_array($config['cert']))
493			$config['cert'] = array();
494	5ce63c3e	jim-p
495	4e990e1e	jim-p	$config['cert'][] = $cert;
496	2ca50c87	Ermal Lu?i	} else if (!isset($pconfig['step6']['uselist']) && empty($pconfig['step9']['authcertname'])) {
497	81d3be1f	Ermal Lu?i	$message = "Please choose a Certificate.";
498	5ce63c3e	jim-p	header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
499			exit;
500	2ca50c87	Ermal Lu?i	} else if (!($cert = lookup_cert($pconfig['step9']['authcertname']))) {
501	5ce63c3e	jim-p	$message = "Not a valid Certificate specified.";
502			header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
503			exit;
504			}
505	81d3be1f	Ermal Lu?i	$server = array();
506			$server['vpnid'] = openvpn_vpnid_next();
507	eb20f3c5	Ermal Lu?i	switch ($auth['type']) {
508			case "ldap":
509	5ce63c3e	jim-p	$server['authmode'] = $auth['name'];
510			$server['mode'] = "server_user";
511			break;
512			case "radius":
513			$server['authmode'] = $auth['name'];
514			$server['mode'] = "server_user";
515			break;
516			default:
517			$server['authmode'] = "Local Database";
518			$server['mode'] = "server_tls_user";
519			break;
520	eb20f3c5	Ermal Lu?i	}
521			$server['caref'] = $ca['refid'];
522			$server['certref'] = $cert['refid'];
523	2ca50c87	Ermal Lu?i	$server['protocol'] = $pconfig['step10']['protocol'];
524			$server['interface'] = $pconfig['step10']['interface'];
525			if (isset($pconfig['step10']['localport']))
526	dba6bcbf	Ermal Lu?i	$server['local_port'] = $pconfig['step10']['localport'];
527	1bd4b4dc	jim-p
528			if (strlen($pconfig['step10']['descr']) > 30)
529			$pconfig['step10']['descr'] = substr($pconfig['step10']['descr'], 0, 30);
530	2ca50c87	Ermal Lu?i	$server['description'] = $pconfig['step10']['descr'];
531			$server['custom_options'] = $pconfig['step10']['advanced'];
532			if (isset($pconfig['step10']['tlsauth'])) {
533			if (isset($pconfig['step10']['gentlskey']))
534	eb20f3c5	Ermal Lu?i	$tlskey = openvpn_create_key();
535			else
536	2ca50c87	Ermal Lu?i	$tlskey = $pconfig['step10']['tlskey'];
537	eb20f3c5	Ermal Lu?i	$server['tls'] = base64_encode($tlskey);
538			}
539	2ca50c87	Ermal Lu?i	$server['dh_length'] = $pconfig['step10']['dhkey'];
540			$server['tunnel_network'] = $pconfig['step10']['tunnelnet'];
541			if (isset($pconfig['step10']['rdrgw']))
542			$server['gwredir'] = $pconfig['step10']['rdrgw'];
543			if (isset($pconfig['step10']['localnet']))
544			$server['local_network'] = $pconfig['step10']['localnet'];
545			if (isset($pconfig['step10']['concurrentcon']))
546			$server['maxclients'] = $pconfig['step10']['concurrentcon'];
547			if (isset($pconfig['step10']['compression']))
548			$server['compression'] = $pconfig['step10']['compression'];
549			if (isset($pconfig['step10']['tos']))
550			$server['passtos'] = $pconfig['step10']['tos'];
551			if (isset($pconfig['step10']['interclient']))
552			$server['client2client'] = $pconfig['step10']['interclient'];
553	df6df70f	jim-p	if (isset($pconfig['step10']['dynip']))
554			$server['dynamic_ip'] = $pconfig['step10']['dynip'];
555	2ca50c87	Ermal Lu?i	if (isset($pconfig['step10']['addrpool']))
556			$server['pool_enable'] = $pconfig['step10']['addrpool'];
557			if (isset($pconfig['step10']['defaultdomain']))
558			$server['dns_domain'] = $pconfig['step10']['defaultdomain'];
559			if (isset($pconfig['step10']['dns1']))
560			$server['dns_server1'] = $pconfig['step10']['dns1'];
561			if (isset($pconfig['step10']['dns2']))
562			$server['dns_server2'] = $pconfig['step10']['dns2'];
563			if (isset($pconfig['step10']['dns3']))
564			$server['dns_server3'] = $pconfig['step10']['dns3'];
565			if (isset($pconfig['step10']['dns4']))
566			$server['dns_server4'] = $pconfig['step10']['dns4'];
567			if (isset($pconfig['step10']['ntp1']))
568			$server['ntp_server1'] = $pconfig['step10']['ntp1'];
569			if (isset($pconfig['step10']['ntp2']))
570			$server['ntp_server2'] = $pconfig['step10']['ntp2'];
571			if (isset($pconfig['step10']['wins1']))
572			$server['wins_server1'] = $pconfig['step10']['wins1'];
573			if (isset($pconfig['step10']['wins2']))
574			$server['wins_server2'] = $pconfig['step10']['wins2'];
575			if (isset($pconfig['step10']['nbtenable'])) {
576			$server['netbios_ntype'] = $pconfig['step10']['nbttype'];
577			if (isset($pconfig['step10']['nbtscope']))
578			$server['netbios_scope'] = $pconfig['step10']['nbtscope'];
579			$server['netbios_enable'] = $pconfig['step10']['nbtenable'];
580	eb20f3c5	Ermal Lu?i	}
581	2ca50c87	Ermal Lu?i	$server['crypto'] = $pconfig['step10']['crypto'];
582	dba6bcbf	Ermal Lu?i
583			if (isset($pconfig['step11']['ovpnrule'])) {
584			$rule = array();
585	1bd4b4dc	jim-p	$rule['descr'] = gettext("OpenVPN {$server['description']} wizard");
586			/* Ensure the rule descr is not too long for pf to handle */
587			if (strlen($rule['descr']) > 52)
588			$rule['descr'] = substr($rule['descr'], 0, 52);
589	dba6bcbf	Ermal Lu?i	$rule['direction'] = "in";
590			$rule['source']['any'] = TRUE;
591			$rule['destination']['network'] = $server['interface'] . "ip";
592			$rule['destination']['port'] = $server['local_port'];
593			$rule['interface'] = $server['interface'];
594			$rule['protocol'] = $server['protocol'];
595			$rule['type'] = "pass";
596			$rule['enabled'] = "on";
597			$config['filter']['rule'][] = $rule;
598			}
599			if (isset($pconfig['step11']['ovpnallow'])) {
600	5ce63c3e	jim-p	$rule = array();
601	1bd4b4dc	jim-p	$rule['descr'] = gettext("OpenVPN {$server['description']} wizard");
602			/* Ensure the rule descr is not too long for pf to handle */
603			if (strlen($rule['descr']) > 52)
604			$rule['descr'] = substr($rule['descr'], 0, 52);
605	5ce63c3e	jim-p	$rule['source']['any'] = TRUE;
606			$rule['destination']['any'] = TRUE;
607			$rule['interface'] = "openvpn";
608			//$rule['protocol'] = $server['protocol'];
609			$rule['type'] = "pass";
610			$rule['enabled'] = "on";
611			$config['filter']['rule'][] = $rule;
612			}
613
614	eb20f3c5	Ermal Lu?i	if (!is_array($config['openvpn']['openvpn-server']))
615			$config['openvpn']['openvpn-server'] = array();
616
617			$config['openvpn']['openvpn-server'][] = $server;
618	81d3be1f	Ermal Lu?i
619	eb20f3c5	Ermal Lu?i	openvpn_resync('server', $server);
620			write_config();
621			header("Location: vpn_openvpn_server.php");
622			exit;
623	4cd437f2	Ermal Lu?i	}
624	2ca50c87	Ermal Lu?i
625	4cd437f2	Ermal Lu?i	?>

Project

General

Profile

pfSense