/src/usr/local/www/system_hasync.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_hasync.php @ de8054bc

1	f97a5b04	Darren Embry	<?php
2			/*
3	c5d81585	Renato Botelho	* system_hasync.php
4	b9043cdc	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	0284d79e	jim-p	* Copyright (c) 2014-2020 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* All rights reserved.
10	b9043cdc	Stephen Beaver	*
11	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
12			* you may not use this file except in compliance with the License.
13			* You may obtain a copy of the License at
14	b9043cdc	Stephen Beaver	*
15	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
16	b9043cdc	Stephen Beaver	*
17	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
18			* distributed under the License is distributed on an "AS IS" BASIS,
19			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20			* See the License for the specific language governing permissions and
21			* limitations under the License.
22	b9043cdc	Stephen Beaver	*/
23	f97a5b04	Darren Embry
24			##\|+PRIV
25			##\|*IDENT=page-system-hasync
26			##\|*NAME=System: High Availability Sync
27			##\|*DESCR=Allow access to the 'System: High Availability Sync' page.
28			##\|MATCH=system_hasync.php
29			##\|-PRIV
30
31	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
32	f97a5b04	Darren Embry
33	c6c398c6	jim-p	init_config_arr(array('hasync'));
34	f97a5b04	Darren Embry	$a_hasync = &$config['hasync'];
35
36	d38bd840	Phil Davis	$checkbox_names = array(
37			'pfsyncenabled',
38	f9ed5d57	James Webb	'adminsync',
39	d38bd840	Phil Davis	'synchronizeusers',
40			'synchronizeauthservers',
41			'synchronizecerts',
42			'synchronizerules',
43			'synchronizeschedules',
44			'synchronizealiases',
45			'synchronizenat',
46			'synchronizeipsec',
47			'synchronizeopenvpn',
48			'synchronizedhcpd',
49			'synchronizewol',
50			'synchronizestaticroutes',
51			'synchronizevirtualip',
52			'synchronizetrafficshaper',
53			'synchronizetrafficshaperlimiter',
54			'synchronizednsforwarder',
55			'synchronizecaptiveportal');
56	f97a5b04	Darren Embry
57			if ($_POST) {
58			$pconfig = $_POST;
59			foreach ($checkbox_names as $name) {
60			$a_hasync[$name] = $pconfig[$name] ? $pconfig[$name] : false;
61			}
62	76d6d925	Stephen Beaver	$a_hasync['pfsyncpeerip'] = $pconfig['pfsyncpeerip'];
63	f97a5b04	Darren Embry	$a_hasync['pfsyncinterface'] = $pconfig['pfsyncinterface'];
64			$a_hasync['synchronizetoip'] = $pconfig['synchronizetoip'];
65	76d6d925	Stephen Beaver	$a_hasync['username'] = $pconfig['username'];
66	c8b10b4c	Stephen Beaver
67			if ($pconfig['passwordfld'] == $pconfig['passwordfld_confirm']) {
68	76d6d925	Stephen Beaver	if ($pconfig['passwordfld'] != DMYPWD) {
69			$a_hasync['password'] = $pconfig['passwordfld'];
70			}
71	c8b10b4c	Stephen Beaver	} else {
72			$input_errors[] = gettext("Password and confirmation must match.");
73			}
74
75	0eb688c5	Chris Buechler	if ($pconfig['pfsyncpeerip'] != "") {
76			if (!is_ipaddrv4($pconfig['pfsyncpeerip'])) {
77			$input_errors[] = gettext("pfsync Synchronize Peer IP must be an IPv4 IP.");
78			}
79			}
80
81	c8b10b4c	Stephen Beaver	if (!$input_errors) {
82			write_config("Updated High Availability Sync configuration");
83			interfaces_sync_setup();
84			header("Location: system_hasync.php");
85			exit();
86			}
87	f97a5b04	Darren Embry	}
88
89			foreach ($checkbox_names as $name) {
90			$pconfig[$name] = $a_hasync[$name];
91			}
92	cb7b3761	sbeaver	$pconfig['pfsyncpeerip'] = $a_hasync['pfsyncpeerip'];
93	f97a5b04	Darren Embry	$pconfig['pfsyncinterface'] = $a_hasync['pfsyncinterface'];
94			$pconfig['synchronizetoip'] = $a_hasync['synchronizetoip'];
95	cb7b3761	sbeaver	$pconfig['username'] = $a_hasync['username'];
96			$pconfig['passwordfld'] = $a_hasync['password'];
97	f97a5b04	Darren Embry
98			$ifaces = get_configured_interface_with_descr();
99			$ifaces["lo0"] = "loopback";
100
101	d38bd840	Phil Davis	$pgtitle = array(gettext("System"), gettext("High Availability Sync"));
102	345ce722	jim-p	$shortcut_section = "carp";
103	cb7b3761	sbeaver
104			// Build a list of available interfaces
105			$iflist = array();
106			foreach ($ifaces as $ifname => $iface) {
107			$iflist[$ifname] = $iface;
108			}
109
110	f97a5b04	Darren Embry	include("head.inc");
111	cb7b3761	sbeaver
112	c8b10b4c	Stephen Beaver	if ($input_errors) {
113			print_input_errors($input_errors);
114			}
115
116	38e06c66	Sjon Hortensius	$form = new Form;
117	cb7b3761	sbeaver
118			$section = new Form_Section('State Synchronization Settings (pfsync)');
119
120			$section->addInput(new Form_Checkbox(
121			'pfsyncenabled',
122			'Synchronize states',
123			'pfsync transfers state insertion, update, and deletion messages between firewalls.',
124			($pconfig['pfsyncenabled'] === 'on'),
125			'on'
126			))->setHelp('Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240).' .
127	781d9ce4	Phil Davis	' It also listens on that interface for similar messages from other firewalls, and imports them into the local state table.%1$s' .
128			'This setting should be enabled on all members of a failover group.%1$s' .
129			'Clicking "Save" will force a configuration sync if it is enabled! (see Configuration Synchronization Settings below)', '<br />');
130	cb7b3761	sbeaver
131			$section->addInput(new Form_Select(
132			'pfsyncinterface',
133	11482216	Luiz Otavio O Souza	'Synchronize Interface',
134	cb7b3761	sbeaver	$pconfig['pfsyncinterface'],
135			$iflist
136	781d9ce4	Phil Davis	))->setHelp('If Synchronize States is enabled this interface will be used for communication.%1$s' .
137			'It is recommended to set this to an interface other than LAN! A dedicated interface works the best.%1$s' .
138			'An IP must be defined on each machine participating in this failover group.%1$s' .
139			'An IP must be assigned to the interface on any participating sync nodes.', '<br />');
140	cb7b3761	sbeaver
141			$section->addInput(new Form_Input(
142			'pfsyncpeerip',
143			'pfsync Synchronize Peer IP',
144			'text',
145			$pconfig['pfsyncpeerip'],
146			['placeholder' => 'IP Address']
147	e14a94af	doktornotor	))->setHelp('Setting this option will force pfsync to synchronize its state table to this IP address. The default is directed multicast.');
148	cb7b3761	sbeaver
149			$form->add($section);
150
151			$section = new Form_Section('Configuration Synchronization Settings (XMLRPC Sync)');
152
153			$section->addInput(new Form_Input(
154			'synchronizetoip',
155			'Synchronize Config to IP',
156			'text',
157			$pconfig['synchronizetoip'],
158			['placeholder' => 'IP Address']
159	781d9ce4	Phil Davis	))->setHelp('Enter the IP address of the firewall to which the selected configuration sections should be synchronized.%1$s%1$s' .
160			'XMLRPC sync is currently only supported over connections using the same protocol and port as this system - make sure the remote system\'s port and protocol are set accordingly!%1$s' .
161			'Do not use the Synchronize Config to IP and password option on backup cluster members!', '<br />');
162	cb7b3761	sbeaver
163			$section->addInput(new Form_Input(
164			'username',
165			'Remote System Username',
166			'text',
167	659a8a26	jim-p	$pconfig['username'],
168			['autocomplete' => 'new-password']
169	781d9ce4	Phil Davis	))->setHelp('Enter the webConfigurator username of the system entered above for synchronizing the configuration.%1$s' .
170			'Do not use the Synchronize Config to IP and username option on backup cluster members!', '<br />');
171	cb7b3761	sbeaver
172	c8b10b4c	Stephen Beaver	$section->addPassword(new Form_Input(
173	cb7b3761	sbeaver	'passwordfld',
174			'Remote System Password',
175			'password',
176			$pconfig['passwordfld']
177	781d9ce4	Phil Davis	))->setHelp('Enter the webConfigurator password of the system entered above for synchronizing the configuration.%1$s' .
178			'Do not use the Synchronize Config to IP and password option on backup cluster members!', '<br />');
179	cb7b3761	sbeaver
180	f9ed5d57	James Webb	$section->addInput(new Form_Checkbox(
181			'adminsync',
182			'Synchronize admin',
183			'synchronize admin accounts and autoupdate sync password.',
184			($pconfig['adminsync'] === 'on'),
185			'on'
186			))->setHelp('By default, the admin account does not synchronize, and each node may have a different admin password.%1$s' .
187			'This option automatically updates XMLRPC Remote System Password when the password is changed on
188			the Remote System Username account.', '<br />');
189
190	52d7947c	Sjon Hortensius	$group = new Form_MultiCheckboxGroup('Select options to sync');
191
192			$group->add(new Form_MultiCheckbox(
193	cb7b3761	sbeaver	'synchronizeusers',
194			'Synchronize Users and Groups',
195	3599c525	Chris Buechler	'User manager users and groups',
196	cb7b3761	sbeaver	($pconfig['synchronizeusers'] === 'on'),
197			'on'
198			));
199
200	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
201	cb7b3761	sbeaver	'synchronizeauthservers',
202			'Synchronize Auth Servers',
203	3599c525	Chris Buechler	'Authentication servers (e.g. LDAP, RADIUS)',
204	cb7b3761	sbeaver	($pconfig['synchronizeauthservers'] === 'on'),
205			'on'
206			));
207
208	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
209	cb7b3761	sbeaver	'synchronizecerts',
210			'Synchronize Certificates',
211	3599c525	Chris Buechler	'Certificate Authorities, Certificates, and Certificate Revocation Lists',
212	cb7b3761	sbeaver	($pconfig['synchronizecerts'] === 'on'),
213			'on'
214			));
215
216	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
217	cb7b3761	sbeaver	'synchronizerules',
218			'Synchronize Rules',
219	3599c525	Chris Buechler	'Firewall rules ',
220	cb7b3761	sbeaver	($pconfig['synchronizerules'] === 'on'),
221			'on'
222			));
223
224	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
225	cb7b3761	sbeaver	'synchronizeschedules',
226			'Synchronize Firewall schedules',
227	3599c525	Chris Buechler	'Firewall schedules ',
228	cb7b3761	sbeaver	($pconfig['synchronizeschedules'] === 'on'),
229			'on'
230			));
231
232	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
233	cb7b3761	sbeaver	'synchronizealiases',
234	3599c525	Chris Buechler	'Synchronize Firewall aliases',
235			'Firewall aliases ',
236			($pconfig['synchronizealiases'] === 'on'),
237	cb7b3761	sbeaver	'on'
238			));
239
240	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
241	cb7b3761	sbeaver	'synchronizenat',
242			'Synchronize NAT',
243	3599c525	Chris Buechler	'NAT configuration ',
244	cb7b3761	sbeaver	($pconfig['synchronizenat'] === 'on'),
245			'on'
246			));
247
248	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
249	cb7b3761	sbeaver	'synchronizeipsec',
250			'Synchronize IPsec',
251	3599c525	Chris Buechler	'IPsec configuration ',
252	cb7b3761	sbeaver	($pconfig['synchronizeipsec'] === 'on'),
253			'on'
254			));
255
256	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
257	cb7b3761	sbeaver	'synchronizeopenvpn',
258			'Synchronize OpenVPN',
259	9f3b87d8	jim-p	'OpenVPN configuration (Implies CA/Cert/CRL Sync) ',
260	cb7b3761	sbeaver	($pconfig['synchronizeopenvpn'] === 'on'),
261			'on'
262			));
263
264	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
265	cb7b3761	sbeaver	'synchronizedhcpd',
266			'Synchronize DHCPD',
267	3599c525	Chris Buechler	'DHCP Server settings ',
268	cb7b3761	sbeaver	($pconfig['synchronizedhcpd'] === 'on'),
269			'on'
270			));
271
272	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
273	cb7b3761	sbeaver	'synchronizewol',
274	7ca42d47	k-paulius	'Synchronize Wake-on-LAN',
275	3599c525	Chris Buechler	'WoL Server settings ',
276	cb7b3761	sbeaver	($pconfig['synchronizewol'] === 'on'),
277			'on'
278			));
279
280	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
281	cb7b3761	sbeaver	'synchronizestaticroutes',
282			'Synchronize Static Routes',
283	3599c525	Chris Buechler	'Static Route configuration ',
284	cb7b3761	sbeaver	($pconfig['synchronizestaticroutes'] === 'on'),
285			'on'
286			));
287
288	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
289	cb7b3761	sbeaver	'synchronizevirtualip',
290			'Synchronize Virtual IPs',
291	3599c525	Chris Buechler	'Virtual IPs ',
292	cb7b3761	sbeaver	($pconfig['synchronizevirtualip'] === 'on'),
293			'on'
294			));
295
296	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
297	cb7b3761	sbeaver	'synchronizetrafficshaper',
298			'Synchronize traffic shaper (queues)',
299	3599c525	Chris Buechler	'Traffic Shaper configuration ',
300	cb7b3761	sbeaver	($pconfig['synchronizetrafficshaper'] === 'on'),
301			'on'
302			));
303
304	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
305	cb7b3761	sbeaver	'synchronizetrafficshaperlimiter',
306			'Synchronize traffic shaper (limiter)',
307	3599c525	Chris Buechler	'Traffic Shaper Limiters configuration ',
308	cb7b3761	sbeaver	($pconfig['synchronizetrafficshaperlimiter'] === 'on'),
309			'on'
310			));
311
312	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
313	cb7b3761	sbeaver	'synchronizednsforwarder',
314	8e41aa41	Phil Davis	'Synchronize DNS (Forwarder/Resolver)',
315	3599c525	Chris Buechler	'DNS Forwarder and DNS Resolver configurations ',
316	cb7b3761	sbeaver	($pconfig['synchronizednsforwarder'] === 'on'),
317			'on'
318			));
319
320	52d7947c	Sjon Hortensius	$group->add(new Form_MultiCheckbox(
321	cb7b3761	sbeaver	'synchronizecaptiveportal',
322			'Synchronize Captive Portal)',
323	3599c525	Chris Buechler	'Captive Portal ',
324	cb7b3761	sbeaver	($pconfig['synchronizecaptiveportal'] === 'on'),
325			'on'
326			));
327
328	52d7947c	Sjon Hortensius	$section->add($group);
329
330	cb7b3761	sbeaver	$form->add($section);
331
332			print($form);
333
334	e14a94af	doktornotor	include("foot.inc");

Project

General

Profile

pfSense