2019-11-12 17:03:26 +01:00
|
|
|
<?php
|
|
|
|
|
2020-02-15 18:57:46 +01:00
|
|
|
require_once 'includes/status_messages.php';
|
2020-06-07 18:17:16 +02:00
|
|
|
require_once 'includes/config.php';
|
|
|
|
require_once 'includes/wifi_functions.php';
|
|
|
|
|
|
|
|
getWifiInterface();
|
2019-11-12 17:03:26 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Manage OpenVPN configuration
|
|
|
|
*/
|
|
|
|
function DisplayOpenVPNConfig()
|
|
|
|
{
|
2019-11-16 11:10:25 +01:00
|
|
|
$status = new StatusMessages();
|
2020-02-14 03:38:46 +01:00
|
|
|
if (!RASPI_MONITOR_ENABLED) {
|
|
|
|
if (isset($_POST['SaveOpenVPNSettings'])) {
|
|
|
|
if (isset($_POST['authUser'])) {
|
|
|
|
$authUser = strip_tags(trim($_POST['authUser']));
|
|
|
|
}
|
|
|
|
if (isset($_POST['authPassword'])) {
|
|
|
|
$authPassword = strip_tags(trim($_POST['authPassword']));
|
|
|
|
}
|
|
|
|
$return = SaveOpenVPNConfig($status, $_FILES['customFile'], $authUser, $authPassword);
|
|
|
|
} elseif (isset($_POST['StartOpenVPN'])) {
|
|
|
|
$status->addMessage('Attempting to start OpenVPN', 'info');
|
|
|
|
exec('sudo /bin/systemctl start openvpn-client@client', $return);
|
2020-03-15 12:02:20 +01:00
|
|
|
exec('sudo /bin/systemctl enable openvpn-client@client', $return);
|
2020-02-14 03:38:46 +01:00
|
|
|
foreach ($return as $line) {
|
|
|
|
$status->addMessage($line, 'info');
|
|
|
|
}
|
|
|
|
} elseif (isset($_POST['StopOpenVPN'])) {
|
|
|
|
$status->addMessage('Attempting to stop OpenVPN', 'info');
|
|
|
|
exec('sudo /bin/systemctl stop openvpn-client@client', $return);
|
2020-03-15 12:02:20 +01:00
|
|
|
exec('sudo /bin/systemctl disable openvpn-client@client', $return);
|
2020-02-14 03:38:46 +01:00
|
|
|
foreach ($return as $line) {
|
|
|
|
$status->addMessage($line, 'info');
|
|
|
|
}
|
2019-11-16 11:10:25 +01:00
|
|
|
}
|
|
|
|
}
|
2019-11-12 17:03:26 +01:00
|
|
|
|
|
|
|
exec('pidof openvpn | wc -l', $openvpnstatus);
|
2019-11-17 13:00:30 +01:00
|
|
|
exec('wget https://ipinfo.io/ip -qO -', $return);
|
2019-11-12 17:03:26 +01:00
|
|
|
|
2019-11-16 11:10:25 +01:00
|
|
|
$serviceStatus = $openvpnstatus[0] == 0 ? "down" : "up";
|
2019-11-17 13:00:30 +01:00
|
|
|
$auth = file(RASPI_OPENVPN_CLIENT_LOGIN, FILE_IGNORE_NEW_LINES);
|
|
|
|
$public_ip = $return[0];
|
2019-11-12 17:03:26 +01:00
|
|
|
|
2019-11-16 11:10:25 +01:00
|
|
|
// parse client auth credentials
|
|
|
|
if (!empty($auth)) {
|
|
|
|
$authUser = $auth[0];
|
|
|
|
$authPassword = $auth[1];
|
2019-11-12 17:03:26 +01:00
|
|
|
}
|
2019-11-16 11:10:25 +01:00
|
|
|
|
2020-02-15 18:57:46 +01:00
|
|
|
echo renderTemplate(
|
|
|
|
"openvpn", compact(
|
|
|
|
"status",
|
|
|
|
"serviceStatus",
|
|
|
|
"openvpnstatus",
|
|
|
|
"public_ip",
|
|
|
|
"authUser",
|
|
|
|
"authPassword"
|
|
|
|
)
|
|
|
|
);
|
2019-11-12 17:03:26 +01:00
|
|
|
}
|
|
|
|
|
2019-11-12 22:05:21 +01:00
|
|
|
/**
|
2019-11-16 11:10:25 +01:00
|
|
|
* Validates uploaded .ovpn file, adds auth-user-pass and
|
|
|
|
* stores auth credentials in login.conf. Copies files from
|
|
|
|
* tmp to OpenVPN
|
|
|
|
*
|
2020-02-15 18:57:46 +01:00
|
|
|
* @param object $status
|
|
|
|
* @param object $file
|
|
|
|
* @param string $authUser
|
|
|
|
* @param string $authPassword
|
2019-11-16 11:10:25 +01:00
|
|
|
* @return object $status
|
|
|
|
*/
|
|
|
|
function SaveOpenVPNConfig($status, $file, $authUser, $authPassword)
|
2019-11-12 22:05:21 +01:00
|
|
|
{
|
2019-11-17 11:16:10 +01:00
|
|
|
$tmp_ovpnclient = '/tmp/ovpnclient.ovpn';
|
|
|
|
$tmp_authdata = '/tmp/authdata';
|
2019-11-17 19:16:14 +01:00
|
|
|
$auth_flag = 0;
|
2019-11-16 11:10:25 +01:00
|
|
|
|
|
|
|
try {
|
|
|
|
// If undefined or multiple files, treat as invalid
|
|
|
|
if (!isset($file['error']) || is_array($file['error'])) {
|
|
|
|
throw new RuntimeException('Invalid parameters');
|
2019-11-12 22:05:21 +01:00
|
|
|
}
|
2019-11-16 11:10:25 +01:00
|
|
|
|
|
|
|
// Parse returned errors
|
|
|
|
switch ($file['error']) {
|
2020-02-15 18:57:46 +01:00
|
|
|
case UPLOAD_ERR_OK:
|
|
|
|
break;
|
|
|
|
case UPLOAD_ERR_NO_FILE:
|
|
|
|
throw new RuntimeException('OpenVPN configuration file not sent');
|
|
|
|
case UPLOAD_ERR_INI_SIZE:
|
|
|
|
case UPLOAD_ERR_FORM_SIZE:
|
|
|
|
throw new RuntimeException('Exceeded filesize limit');
|
|
|
|
default:
|
|
|
|
throw new RuntimeException('Unknown errors');
|
2019-11-12 22:05:21 +01:00
|
|
|
}
|
|
|
|
|
2019-11-16 11:10:25 +01:00
|
|
|
// Validate extension
|
|
|
|
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
|
|
|
|
if ($ext != 'ovpn') {
|
|
|
|
throw new RuntimeException('Invalid file extension');
|
|
|
|
}
|
2019-11-12 22:05:21 +01:00
|
|
|
|
2019-11-16 11:10:25 +01:00
|
|
|
// Validate MIME type
|
|
|
|
$finfo = new finfo(FILEINFO_MIME_TYPE);
|
|
|
|
if (false === $ext = array_search(
|
|
|
|
$finfo->file($file['tmp_name']),
|
|
|
|
array(
|
|
|
|
'ovpn' => 'text/plain'
|
|
|
|
),
|
|
|
|
true
|
2020-02-15 18:57:46 +01:00
|
|
|
)
|
|
|
|
) {
|
2019-11-16 11:10:25 +01:00
|
|
|
throw new RuntimeException('Invalid file format');
|
|
|
|
}
|
2019-11-12 22:05:21 +01:00
|
|
|
|
2019-11-16 11:10:25 +01:00
|
|
|
// Validate filesize
|
|
|
|
define('KB', 1024);
|
2019-11-17 19:16:14 +01:00
|
|
|
if ($file['size'] > 64*KB) {
|
2019-11-16 11:10:25 +01:00
|
|
|
throw new RuntimeException('File size limit exceeded');
|
|
|
|
}
|
|
|
|
|
|
|
|
// Use safe filename, save to /tmp
|
|
|
|
if (!move_uploaded_file(
|
|
|
|
$file['tmp_name'],
|
|
|
|
sprintf(
|
|
|
|
'/tmp/%s.%s',
|
|
|
|
'ovpnclient',
|
|
|
|
$ext
|
|
|
|
)
|
2020-02-15 18:57:46 +01:00
|
|
|
)
|
|
|
|
) {
|
2019-11-16 11:10:25 +01:00
|
|
|
throw new RuntimeException('Unable to move uploaded file');
|
|
|
|
}
|
2019-11-17 19:16:14 +01:00
|
|
|
// Good file upload, update auth credentials if present
|
|
|
|
if (!empty($authUser) && !empty($authPassword)) {
|
|
|
|
$auth_flag = 1;
|
|
|
|
// Move tmp authdata to /etc/openvpn/login.conf
|
|
|
|
$auth = $authUser .PHP_EOL . $authPassword .PHP_EOL;
|
|
|
|
file_put_contents($tmp_authdata, $auth);
|
|
|
|
system("sudo cp $tmp_authdata " . RASPI_OPENVPN_CLIENT_LOGIN, $return);
|
|
|
|
if ($return !=0) {
|
|
|
|
$status->addMessage('Unable to save client auth credentials', 'danger');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Set iptables rules and, optionally, auth-user-pass
|
2020-06-09 16:32:49 +02:00
|
|
|
exec("sudo /etc/raspap/openvpn/configauth.sh $tmp_ovpnclient $auth_flag " .$_SESSION['ap_interface'], $return);
|
2019-11-16 11:10:25 +01:00
|
|
|
foreach ($return as $line) {
|
|
|
|
$status->addMessage($line, 'info');
|
|
|
|
}
|
|
|
|
|
2019-11-17 19:16:14 +01:00
|
|
|
// Copy tmp client config to /etc/openvpn/client
|
|
|
|
system("sudo cp $tmp_ovpnclient " . RASPI_OPENVPN_CLIENT_CONFIG, $return);
|
2019-11-16 11:10:25 +01:00
|
|
|
if ($return ==0) {
|
2019-11-17 19:16:14 +01:00
|
|
|
$status->addMessage('OpenVPN client.conf uploaded successfully', 'info');
|
2019-11-16 11:10:25 +01:00
|
|
|
} else {
|
2019-11-17 19:16:14 +01:00
|
|
|
$status->addMessage('Unable to save OpenVPN client config', 'danger');
|
2019-11-16 11:10:25 +01:00
|
|
|
}
|
2019-11-17 19:16:14 +01:00
|
|
|
|
2019-11-16 11:10:25 +01:00
|
|
|
return $status;
|
|
|
|
} catch (RuntimeException $e) {
|
|
|
|
$status->addMessage($e->getMessage(), 'danger');
|
|
|
|
return $status;
|
|
|
|
}
|
|
|
|
}
|