|
1
|
<?php
|
|
2
|
/* $Id$ */
|
|
3
|
/*
|
|
4
|
system_hasync.php
|
|
5
|
part of pfSense (https://www.pfsense.org/)
|
|
6
|
|
|
7
|
Copyright (C) 2012 Darren Embry <dse@webonastick.com>.
|
|
8
|
Copyright (C) 2013-2015 Electric Sheep Fencing, LP
|
|
9
|
All rights reserved.
|
|
10
|
|
|
11
|
Redistribution and use in source and binary forms, with or without
|
|
12
|
modification, are permitted provided that the following conditions are met:
|
|
13
|
|
|
14
|
1. Redistributions of source code must retain the above copyright notice,
|
|
15
|
this list of conditions and the following disclaimer.
|
|
16
|
|
|
17
|
2. Redistributions in binary form must reproduce the above copyright
|
|
18
|
notice, this list of conditions and the following disclaimer in the
|
|
19
|
documentation and/or other materials provided with the distribution.
|
|
20
|
|
|
21
|
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
22
|
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
23
|
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
24
|
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
25
|
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
26
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
27
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
28
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
29
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
30
|
POSSIBILITY OF SUCH DAMAGE.
|
|
31
|
*/
|
|
32
|
/*
|
|
33
|
pfSense_MODULE: system
|
|
34
|
*/
|
|
35
|
|
|
36
|
##|+PRIV
|
|
37
|
##|*IDENT=page-system-hasync
|
|
38
|
##|*NAME=System: High Availability Sync
|
|
39
|
##|*DESCR=Allow access to the 'System: High Availability Sync' page.
|
|
40
|
##|*MATCH=system_hasync.php*
|
|
41
|
##|-PRIV
|
|
42
|
|
|
43
|
require("guiconfig.inc");
|
|
44
|
|
|
45
|
$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/system_hasync.php');
|
|
46
|
|
|
47
|
if (!is_array($config['hasync']))
|
|
48
|
$config['hasync'] = array();
|
|
49
|
|
|
50
|
$a_hasync = &$config['hasync'];
|
|
51
|
|
|
52
|
$checkbox_names = array('pfsyncenabled',
|
|
53
|
'synchronizeusers',
|
|
54
|
'synchronizeauthservers',
|
|
55
|
'synchronizecerts',
|
|
56
|
'synchronizerules',
|
|
57
|
'synchronizeschedules',
|
|
58
|
'synchronizealiases',
|
|
59
|
'synchronizenat',
|
|
60
|
'synchronizeipsec',
|
|
61
|
'synchronizeopenvpn',
|
|
62
|
'synchronizedhcpd',
|
|
63
|
'synchronizewol',
|
|
64
|
'synchronizestaticroutes',
|
|
65
|
'synchronizelb',
|
|
66
|
'synchronizevirtualip',
|
|
67
|
'synchronizetrafficshaper',
|
|
68
|
'synchronizetrafficshaperlimiter',
|
|
69
|
'synchronizetrafficshaperlayer7',
|
|
70
|
'synchronizednsforwarder',
|
|
71
|
'synchronizecaptiveportal');
|
|
72
|
|
|
73
|
if ($_POST) {
|
|
74
|
$pconfig = $_POST;
|
|
75
|
foreach ($checkbox_names as $name) {
|
|
76
|
$a_hasync[$name] = $pconfig[$name] ? $pconfig[$name] : false;
|
|
77
|
}
|
|
78
|
$a_hasync['pfsyncpeerip'] = $pconfig['pfsyncpeerip'];
|
|
79
|
$a_hasync['pfsyncinterface'] = $pconfig['pfsyncinterface'];
|
|
80
|
$a_hasync['synchronizetoip'] = $pconfig['synchronizetoip'];
|
|
81
|
$a_hasync['username'] = $pconfig['username'];
|
|
82
|
$a_hasync['password'] = $pconfig['passwordfld'];
|
|
83
|
write_config("Updated High Availability Sync configuration");
|
|
84
|
interfaces_sync_setup();
|
|
85
|
header("Location: system_hasync.php");
|
|
86
|
exit();
|
|
87
|
}
|
|
88
|
|
|
89
|
foreach ($checkbox_names as $name) {
|
|
90
|
$pconfig[$name] = $a_hasync[$name];
|
|
91
|
}
|
|
92
|
$pconfig['pfsyncpeerip'] = $a_hasync['pfsyncpeerip'];
|
|
93
|
$pconfig['pfsyncinterface'] = $a_hasync['pfsyncinterface'];
|
|
94
|
$pconfig['synchronizetoip'] = $a_hasync['synchronizetoip'];
|
|
95
|
$pconfig['username'] = $a_hasync['username'];
|
|
96
|
$pconfig['passwordfld'] = $a_hasync['password'];
|
|
97
|
|
|
98
|
$ifaces = get_configured_interface_with_descr();
|
|
99
|
$ifaces["lo0"] = "loopback";
|
|
100
|
|
|
101
|
$pgtitle = array(gettext("System"),gettext("High Availability Sync"));
|
|
102
|
$shortcut_section = "carp";
|
|
103
|
|
|
104
|
// Build a list of available interfaces
|
|
105
|
$iflist = array();
|
|
106
|
foreach ($ifaces as $ifname => $iface) {
|
|
107
|
$iflist[$ifname] = $iface;
|
|
108
|
}
|
|
109
|
|
|
110
|
include("head.inc");
|
|
111
|
|
|
112
|
require('classes/Form.class.php');
|
|
113
|
|
|
114
|
$form = new Form();
|
|
115
|
|
|
116
|
$section = new Form_Section('State Synchronization Settings (pfsync)');
|
|
117
|
|
|
118
|
$section->addInput(new Form_Checkbox(
|
|
119
|
'pfsyncenabled',
|
|
120
|
'Synchronize states',
|
|
121
|
'pfsync transfers state insertion, update, and deletion messages between firewalls.',
|
|
122
|
($pconfig['pfsyncenabled'] === 'on'),
|
|
123
|
'on'
|
|
124
|
))->setHelp('Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240).' .
|
|
125
|
' It also listens on that interface for similar messages from other firewalls, and imports them into the local state table.<br />' .
|
|
126
|
'This setting should be enabled on all members of a failover group.<br />' .
|
|
127
|
'Clicking "Save" will force a configuration sync if it is enabled! (see Configuration Synchronization Settings below)');
|
|
128
|
|
|
129
|
$section->addInput(new Form_Select(
|
|
130
|
'pfsyncinterface',
|
|
131
|
'Synchorize Interface',
|
|
132
|
$pconfig['pfsyncinterface'],
|
|
133
|
$iflist
|
|
134
|
))->setHelp('If Synchronize States is enabled this interface will be used for communication.<br />' .
|
|
135
|
'We recommend setting this to an interface other than LAN! A dedicated interface works the best.<br />' .
|
|
136
|
'You must define a IP on each machine participating in this failover group.<br />' .
|
|
137
|
'You must have an IP assigned to the interface on any participating sync nodes.');
|
|
138
|
|
|
139
|
$section->addInput(new Form_Input(
|
|
140
|
'pfsyncpeerip',
|
|
141
|
'pfsync Synchronize Peer IP',
|
|
142
|
'text',
|
|
143
|
$pconfig['pfsyncpeerip'],
|
|
144
|
['placeholder' => 'IP Address']
|
|
145
|
))->setHelp('Setting this option will force pfsync to synchronize its state table to this IP address. The default is directed multicast.');
|
|
146
|
|
|
147
|
$form->add($section);
|
|
148
|
|
|
149
|
$section = new Form_Section('Configuration Synchronization Settings (XMLRPC Sync)');
|
|
150
|
|
|
151
|
$section->addInput(new Form_Input(
|
|
152
|
'synchronizetoip',
|
|
153
|
'Synchronize Config to IP',
|
|
154
|
'text',
|
|
155
|
$pconfig['synchronizetoip'],
|
|
156
|
['placeholder' => 'IP Address']
|
|
157
|
))->setHelp('Enter the IP address of the firewall to which the selected configuration sections should be synchronized.<br /><br />' .
|
|
158
|
'XMLRPC sync is currently only supported over connections using the same protocol and port as this system - make sure the remote system\'s port and protocol are set accordingly!<br />' .
|
|
159
|
'Do not use the Synchronize Config to IP and password option on backup cluster members!');
|
|
160
|
|
|
161
|
$section->addInput(new Form_Input(
|
|
162
|
'username',
|
|
163
|
'Remote System Username',
|
|
164
|
'text',
|
|
165
|
$pconfig['username']
|
|
166
|
))->setHelp('Enter the webConfigurator username of the system entered above for synchronizing your configuration.<br />' .
|
|
167
|
'Do not use the Synchronize Config to IP and username option on backup cluster members!');
|
|
168
|
|
|
169
|
$section->addInput(new Form_Input(
|
|
170
|
'passwordfld',
|
|
171
|
'Remote System Password',
|
|
172
|
'password',
|
|
173
|
$pconfig['passwordfld']
|
|
174
|
))->setHelp('Enter the webConfigurator password of the system entered above for synchronizing your configuration.<br />' .
|
|
175
|
'Do not use the Synchronize Config to IP and password option on backup cluster members!');
|
|
176
|
|
|
177
|
$section->addInput(new Form_Checkbox(
|
|
178
|
'synchronizeusers',
|
|
179
|
'Synchronize Users and Groups',
|
|
180
|
'Sync the users and groups over to the other HA host',
|
|
181
|
($pconfig['synchronizeusers'] === 'on'),
|
|
182
|
'on'
|
|
183
|
));
|
|
184
|
|
|
185
|
$section->addInput(new Form_Checkbox(
|
|
186
|
'synchronizeauthservers',
|
|
187
|
'Synchronize Auth Servers',
|
|
188
|
'Sync the authentication servers (e.g. LDAP, RADIUS) over to the other HA host',
|
|
189
|
($pconfig['synchronizeauthservers'] === 'on'),
|
|
190
|
'on'
|
|
191
|
));
|
|
192
|
|
|
193
|
$section->addInput(new Form_Checkbox(
|
|
194
|
'synchronizecerts',
|
|
195
|
'Synchronize Certificates',
|
|
196
|
'Sync the Certificate Authorities, Certificates, and Certificate Revocation Lists over to the other HA host ',
|
|
197
|
($pconfig['synchronizecerts'] === 'on'),
|
|
198
|
'on'
|
|
199
|
));
|
|
200
|
|
|
201
|
$section->addInput(new Form_Checkbox(
|
|
202
|
'synchronizerules',
|
|
203
|
'Synchronize Rules',
|
|
204
|
'Sync the firewall rules to the other HA host',
|
|
205
|
($pconfig['synchronizerules'] === 'on'),
|
|
206
|
'on'
|
|
207
|
));
|
|
208
|
|
|
209
|
$section->addInput(new Form_Checkbox(
|
|
210
|
'synchronizeschedules',
|
|
211
|
'Synchronize Firewall schedules',
|
|
212
|
'Sync the firewall schedules to the other HA host',
|
|
213
|
($pconfig['synchronizeschedules'] === 'on'),
|
|
214
|
'on'
|
|
215
|
));
|
|
216
|
|
|
217
|
$section->addInput(new Form_Checkbox(
|
|
218
|
'synchronizealiases',
|
|
219
|
'Synchronize Firewall aliasas',
|
|
220
|
'Sync the firewall aliasas to the other HA host',
|
|
221
|
($pconfig['synchronizealiasas'] === 'on'),
|
|
222
|
'on'
|
|
223
|
));
|
|
224
|
|
|
225
|
$section->addInput(new Form_Checkbox(
|
|
226
|
'synchronizenat',
|
|
227
|
'Synchronize NAT',
|
|
228
|
'Sync NAT rules to the other HA host',
|
|
229
|
($pconfig['synchronizenat'] === 'on'),
|
|
230
|
'on'
|
|
231
|
));
|
|
232
|
|
|
233
|
$section->addInput(new Form_Checkbox(
|
|
234
|
'synchronizeipsec',
|
|
235
|
'Synchronize IPsec',
|
|
236
|
'Automatically IPsec configuration to the other HA host',
|
|
237
|
($pconfig['synchronizeipsec'] === 'on'),
|
|
238
|
'on'
|
|
239
|
));
|
|
240
|
|
|
241
|
$section->addInput(new Form_Checkbox(
|
|
242
|
'synchronizeopenvpn',
|
|
243
|
'Synchronize OpenVPN',
|
|
244
|
'Automatically OpenVPN configuration to the other HA host',
|
|
245
|
($pconfig['synchronizeopenvpn'] === 'on'),
|
|
246
|
'on'
|
|
247
|
));
|
|
248
|
|
|
249
|
$section->addInput(new Form_Checkbox(
|
|
250
|
'synchronizedhcpd',
|
|
251
|
'Synchronize DHCPD',
|
|
252
|
'Sync DHCP Server settings to the other HA host',
|
|
253
|
($pconfig['synchronizedhcpd'] === 'on'),
|
|
254
|
'on'
|
|
255
|
));
|
|
256
|
|
|
257
|
$section->addInput(new Form_Checkbox(
|
|
258
|
'synchronizewol',
|
|
259
|
'Synchronize Wake on LAN',
|
|
260
|
'Sync WoL Server settings to the other HA host',
|
|
261
|
($pconfig['synchronizewol'] === 'on'),
|
|
262
|
'on'
|
|
263
|
));
|
|
264
|
|
|
265
|
$section->addInput(new Form_Checkbox(
|
|
266
|
'synchronizestaticroutes',
|
|
267
|
'Synchronize Static Routes',
|
|
268
|
'Sync Static Route configuration to the other HA host',
|
|
269
|
($pconfig['synchronizestaticroutes'] === 'on'),
|
|
270
|
'on'
|
|
271
|
));
|
|
272
|
|
|
273
|
$section->addInput(new Form_Checkbox(
|
|
274
|
'synchronizelb',
|
|
275
|
'Synchronize Load Balancer',
|
|
276
|
'Sync Load Balancer configuration to the other HA host',
|
|
277
|
($pconfig['synchronizelb'] === 'on'),
|
|
278
|
'on'
|
|
279
|
));
|
|
280
|
|
|
281
|
$section->addInput(new Form_Checkbox(
|
|
282
|
'synchronizevirtualip',
|
|
283
|
'Synchronize Virtual IPs',
|
|
284
|
'Sync Virtual IPs to the other HA host',
|
|
285
|
($pconfig['synchronizevirtualip'] === 'on'),
|
|
286
|
'on'
|
|
287
|
));
|
|
288
|
|
|
289
|
$section->addInput(new Form_Checkbox(
|
|
290
|
'synchronizetrafficshaper',
|
|
291
|
'Synchronize traffic shaper (queues)',
|
|
292
|
'Sync the Traffic Shaper configuration to the other HA host',
|
|
293
|
($pconfig['synchronizetrafficshaper'] === 'on'),
|
|
294
|
'on'
|
|
295
|
));
|
|
296
|
|
|
297
|
$section->addInput(new Form_Checkbox(
|
|
298
|
'synchronizetrafficshaperlimiter',
|
|
299
|
'Synchronize traffic shaper (limiter)',
|
|
300
|
'Sync the Traffic Shaper configuration for limiters to the other HA host',
|
|
301
|
($pconfig['synchronizetrafficshaperlimiter'] === 'on'),
|
|
302
|
'on'
|
|
303
|
));
|
|
304
|
|
|
305
|
$section->addInput(new Form_Checkbox(
|
|
306
|
'synchronizetrafficshaperlayer7',
|
|
307
|
'Synchronize traffic shaper (layer 7)',
|
|
308
|
'Sync the Traffic Shaper configuration for layer 7 to the other HA host',
|
|
309
|
($pconfig['synchronizetrafficshaperlayer7'] === 'on'),
|
|
310
|
'on'
|
|
311
|
));
|
|
312
|
|
|
313
|
$section->addInput(new Form_Checkbox(
|
|
314
|
'synchronizednsforwarder',
|
|
315
|
'Synchronize traffic shaper (Forwarder/Resolver)',
|
|
316
|
'Sync the DNS Forwarder and DNS Resolver configurations to the other HA host',
|
|
317
|
($pconfig['synchronizednsforwarder'] === 'on'),
|
|
318
|
'on'
|
|
319
|
));
|
|
320
|
|
|
321
|
$section->addInput(new Form_Checkbox(
|
|
322
|
'synchronizecaptiveportal',
|
|
323
|
'Synchronize Captive Portal)',
|
|
324
|
'Sync the Captive Portal configurations to the other HA host',
|
|
325
|
($pconfig['synchronizecaptiveportal'] === 'on'),
|
|
326
|
'on'
|
|
327
|
));
|
|
328
|
|
|
329
|
$form->add($section);
|
|
330
|
|
|
331
|
$form->addGlobal(new Form_Button(
|
|
332
|
'cancel',
|
|
333
|
'Cancel',
|
|
334
|
$referer
|
|
335
|
));
|
|
336
|
|
|
337
|
print($form);
|
|
338
|
|
|
339
|
include("foot.inc");
|
