openvpn-client-export, added a 'save defaults' button and search opti…

…on in user/certificate list, moved the export buttons out of the list.
pfsense · Oct 19, 2016 · ad647ea · ad647ea
1 parent 6533295
commit ad647ea
Show file tree

Hide file tree

Showing 3 changed files with 335 additions and 209 deletions.
diff --git a/security/pfSense-pkg-openvpn-client-export/Makefile b/security/pfSense-pkg-openvpn-client-export/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	pfSense-pkg-openvpn-client-export
-PORTVERSION=	1.3.11
+PORTVERSION=	1.3.12
 CATEGORIES=	security
 MASTER_SITES=	# empty
 DISTFILES=	# empty

diff --git a/security/pfSense-pkg-openvpn-client-export/files/usr/local/pkg/openvpn-client-export.inc b/security/pfSense-pkg-openvpn-client-export/files/usr/local/pkg/openvpn-client-export.inc
@@ -35,11 +35,21 @@ function openvpn_client_export_deinstall() {
 	exec("/bin/rm -r /usr/local/share/openvpn/client-export");
 }
 
+function get_openvpnserver_by_id($srvid) {
+	global $config;
+	foreach($config['openvpn']['openvpn-server'] as $server) {
+		if ($server['vpnid'] == $srvid) {
+			return $server;
+		}
+	}
+	return null;
+}
+
 function openvpn_client_export_prefix($srvid, $usrid = null, $crtid = null) {
 	global $config;
 
 	// lookup server settings
-	$settings = $config['openvpn']['openvpn-server'][$srvid];
+	$settings = get_openvpnserver_by_id($srvid);
 	if (empty($settings)) {
 		return false;
 	}
@@ -79,10 +89,10 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap
 }
 
 function openvpn_client_export_validate_config($srvid, $usrid, $crtid) {
-	global $config, $g, $input_errors;
+	global $config, $input_errors;
 
 	// lookup server settings
-	$settings = $config['openvpn']['openvpn-server'][$srvid];
+	$settings = get_openvpnserver_by_id($srvid);
 	if (empty($settings)) {
 		$input_errors[] = "Could not locate server configuration.";
 		return false;
@@ -145,12 +155,22 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) {
 }
 
 function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $blockoutsidedns, $randomlocalport, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls = false, $doslines = false, $openvpnmanager, $advancedoptions = "") {
-	global $config, $input_errors, $g;
+	global $input_errors, $g;
+
+	$validconfig = openvpn_client_export_validate_config($srvid, $usrid, $crtid);
+	if ($validconfig) {
+		list($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys) = $validconfig;
+	} else {
+		return false;
+	}
+
+	$prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid);
 
 	$nl = ($doslines) ? "\r\n" : "\n";
+
 	$conf = "";
-
 	if ($expformat == "inlinevisc") {
+		$friendly_name = $settings['description'];
 		$conf .= <<<EOF
 #-- Config Auto Generated By pfSense for Viscosity --#
 
@@ -161,17 +181,9 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
 
 EOF;
 	}
-
-	$validconfig = openvpn_client_export_validate_config($srvid, $usrid, $crtid);
-	if ($validconfig) {
-		list($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys) = $validconfig;
-	} else {
-		return false;
-	}
-
+
 	// determine basic variables
 	$remotes = openvpn_client_export_build_remote_lines($settings, $useaddr, $interface, $expformat, $nl);
-	$server_port = $settings['local_port'];
 	$cipher = $settings['crypto'];
 	$digest = !empty($settings['digest']) ? $settings['digest'] : "SHA1";
 
@@ -244,7 +256,7 @@ EOF;
 		}
 		if ($proxy['proxy_authtype'] != "none") {
 			if (!isset($proxy['passwdfile'])) {
-				$proxy['passwdfile'] = openvpn_client_export_prefix($srvid, $usrid, $crtid) . "-proxy";
+				$proxy['passwdfile'] = $prefix . "-proxy";
 				$conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}";
 			}
 		}
@@ -260,7 +272,6 @@ EOF;
 	}
 
 	// add key settings
-	$prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid);
 	$cafile = "{$prefix}-ca.crt";
 	if ($nokeys == false) {
 		if ($expformat == "yealink_t28") {
@@ -348,7 +359,7 @@ EOF;
 		$conf .= "# forget password when management disconnects{$nl}";
 		$conf .= "management-forget-disconnect{$nl}";
 		$conf .= $nl;
-	};
+	}
 
 	// add advanced options
 	$advancedoptions = str_replace("\r\n", "\n", $advancedoptions);
@@ -358,11 +369,19 @@ EOF;
 	$conf .= $nl;
 
 	switch ($expformat) {
+		// "zip" creates: "/{$prefix}-config.zip"
 		case "zip":
 			// create template directory
 			$tempdir = "{$g['tmp_path']}/{$prefix}";
 			@mkdir($tempdir, 0700, true);
 
+			// write cofiguration file
+			if (!empty($proxy) && $proxy['proxy_authtype'] != "none") {
+				$pwdfle = "{$proxy['user']}\n";
+				$pwdfle .= "{$proxy['password']}\n";
+				file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle);
+			}
+
 			file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf);
 
 			$cafile = "{$tempdir}/{$cafile}";
@@ -395,7 +414,7 @@ EOF;
 			// Remove temporary directory
 			exec("rm -rf " . escapeshellarg($tempdir));
 			return "{$g['tmp_path']}/{$prefix}-config.zip";
-			break;
+		// creates: conf file content.
 		case "inline":
 		case "inlinedroid":
 		case "inlineios":
@@ -416,7 +435,7 @@ EOF;
 				$conf .= "<tls-auth>{$nl}" . trim(base64_decode($settings['tls'])) . "{$nl}</tls-auth>{$nl} key-direction 1{$nl}";
 			}
 			return $conf;
-			break;
+		// "yealink" creates: "/client.tar"
 		case "yealink_t28":
 		case "yealink_t38g":
 		case "yealink_t38g2":
@@ -446,7 +465,7 @@ EOF;
 			// Remove temporary directory
 			exec("rm -rf {$tempdir}");
 			return $g['tmp_path'] . "/client.tar";
-			break;
+		// "snom" creates: /vpnclient.tar
 		case "snom":
 			// create template directory
 			$tempdir = "{$g['tmp_path']}/{$prefix}";
@@ -472,14 +491,13 @@ EOF;
 			// Remove temporary directory
 			exec("rm -rf {$tempdir}");
 			return $g['tmp_path'] . "/vpnclient.tar";
-			break;
 		default:
 			return $conf;
 	}
 }
 
 function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $blockoutsidedns, $randomlocalport, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions, $openvpn_version = "x86-xp") {
-	global $config, $g, $input_errors, $current_openvpn_version, $current_openvpn_version_rev;
+	global $g, $input_errors, $current_openvpn_version, $current_openvpn_version_rev;
 	$uname_p = trim(exec("uname -p"));
 
 	switch ($openvpn_version) {
@@ -515,7 +533,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri
 
 	// create config directory
 	$confdir = "{$tempdir}/config";
-	if (!is_dir($conf_dir)) {
+	if (!is_dir($confdir)) {
 		mkdir($confdir, 0700, true);
 	}
 
@@ -605,10 +623,9 @@ RunProgram="openvpn-postinstall.exe"
 }
 
 function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $blockoutsidedns, $randomlocalport, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions) {
-	global $config, $g;
+	global $g;
 	$uname_p = trim(exec("uname -p"));
 
-	$ovpndir = "/usr/local/share/openvpn/";
 	$uniq = uniqid();
 	$tempdir = $g['tmp_path'] . "/openvpn-export-" . $uniq;
 	$zipfile = $g['tmp_path'] . "/{$uniq}-Viscosity.visc.zip";
@@ -628,7 +645,6 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
 	$tempdir = $tempdir . "/Viscosity.visc/";
 
 	// write cofiguration file
-	$prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid);
 	if (!empty($proxy) && $proxy['proxy_authtype'] != "none") {
 		$proxy['passwdfile'] = "config-password";
 		$pwdfle = "{$proxy['user']}\n";
@@ -724,7 +740,7 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $nokey
 	global $config, $input_errors, $g;
 
 	// lookup server settings
-	$settings = $config['openvpn']['openvpn-server'][$srvid];
+	$settings = get_openvpnserver_by_id($srvid);
 	if (empty($settings)) {
 		$input_errors[] = "Could not locate server configuration.";
 		return false;
@@ -826,10 +842,12 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $nokey
 	}
 
 	// add optional settings
-	if ($settings['compression'])
+	if ($settings['compression']) {
 		$conf .= "comp-lzo\n";
-	if ($settings['passtos'])
+	}
+	if ($settings['passtos']) {
 		$conf .= "passtos\n";
+	}
 
 	if ($zipconf == true) {
 		// create template directory
@@ -841,6 +859,7 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $nokey
 		$shkeyfile = "{$tempdir}/{$shkeyfile}";
 		file_put_contents("{$shkeyfile}", base64_decode($settings['shared_key']));
 
+		$uname_p = trim(exec("uname -p"));
 		if (file_exists("/usr/pbi/zip-{$uname_p}/bin/zip")) {
 			exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
 		} else {
@@ -964,7 +983,6 @@ function openvpn_client_export_find_port_forwards($targetip, $targetport, $targe
 
 function openvpn_client_export_find_hostname($interface) {
 	global $config;
-	$hostname = "";
 	if (is_array($config['dyndnses']['dyndns'])) {
 		foreach ($config['dyndnses']['dyndns'] as $ddns) {
 			if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host'])) {
@@ -981,4 +999,3 @@ function openvpn_client_export_find_hostname($interface) {
 	}
 
 }
-?>