addMessage('Attempting to start OpenVPN', 'info'); exec('sudo /bin/systemctl start openvpn-client@client', $return); exec('sudo /bin/systemctl enable openvpn-client@client', $return); foreach ($return as $line) { $status->addMessage($line, 'info'); } } elseif (isset($_POST['StopOpenVPN'])) { $status->addMessage('Attempting to stop OpenVPN', 'info'); exec('sudo /bin/systemctl stop openvpn-client@client', $return); exec('sudo /bin/systemctl disable openvpn-client@client', $return); foreach ($return as $line) { $status->addMessage($line, 'info'); } } } exec('pidof openvpn | wc -l', $openvpnstatus); exec('wget https://ipinfo.io/ip -qO -', $return); $serviceStatus = $openvpnstatus[0] == 0 ? "down" : "up"; $auth = file(RASPI_OPENVPN_CLIENT_LOGIN, FILE_IGNORE_NEW_LINES); $public_ip = $return[0]; // parse client auth credentials if (!empty($auth)) { $auth = array_filter($auth, 'filter_comments'); $authUser = current($auth); $authPassword = next($auth); } $clients = preg_grep('/_client.(conf)$/', scandir(pathinfo(RASPI_OPENVPN_CLIENT_CONFIG, PATHINFO_DIRNAME))); exec("readlink ".RASPI_OPENVPN_CLIENT_CONFIG." | xargs basename", $ret); $conf_default = empty($ret) ? "none" : $ret[0]; $logEnable = 0; if (!empty($_POST) && !isset($_POST['log-openvpn'])) { $logOutput = ""; $f = @fopen("/tmp/openvpn.log", "r+"); if ($f !== false) { ftruncate($f, 0); fclose($f); } } elseif (isset($_POST['log-openvpn']) || filesize('/tmp/openvpn.log') >0) { $logEnable = 1; exec("sudo /etc/raspap/openvpn/openvpnlog.sh", $logOutput); $logOutput = file_get_contents('/tmp/openvpn.log'); } echo renderTemplate( "openvpn", compact( "status", "serviceStatus", "openvpnstatus", "logEnable", "logOutput", "public_ip", "authUser", "authPassword", "clients", "conf_default" ) ); } /** * Validates uploaded .ovpn file, adds auth-user-pass and * stores auth credentials in login.conf. Copies files from * tmp to OpenVPN * * @param object $status * @param object $file * @param string $authUser * @param string $authPassword * @return object $status */ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword) { $tmp_ovpnclient = '/tmp/ovpnclient.ovpn'; $tmp_authdata = '/tmp/authdata'; $auth_flag = 0; try { // If undefined or multiple files, treat as invalid if (!isset($file['error']) || is_array($file['error'])) { throw new RuntimeException('Invalid parameters'); } // Parse returned errors switch ($file['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_NO_FILE: throw new RuntimeException('OpenVPN configuration file not sent'); case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: throw new RuntimeException('Exceeded filesize limit'); default: throw new RuntimeException('Unknown errors'); } // Validate extension $ext = pathinfo($file['name'], PATHINFO_EXTENSION); if ($ext != 'ovpn') { throw new RuntimeException('Invalid file extension'); } // Validate MIME type $finfo = new finfo(FILEINFO_MIME_TYPE); if (false === $ext = array_search( $finfo->file($file['tmp_name']), array( 'ovpn' => 'text/plain' ), true ) ) { throw new RuntimeException('Invalid file format'); } // Validate filesize define('KB', 1024); if ($file['size'] > 64*KB) { throw new RuntimeException('File size limit exceeded'); } // Use safe filename, save to /tmp if (!move_uploaded_file( $file['tmp_name'], sprintf( '/tmp/%s.%s', 'ovpnclient', $ext ) ) ) { throw new RuntimeException('Unable to move uploaded file'); } // Good file upload, update auth credentials if present if (!empty($authUser) && !empty($authPassword)) { $auth_flag = 1; // Move tmp authdata to /etc/openvpn/login.conf $auth.= $authUser .PHP_EOL . $authPassword .PHP_EOL; file_put_contents($tmp_authdata, $auth); chmod($tmp_authdata, 0644); $client_auth = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_login.conf'; system("sudo cp $tmp_authdata $client_auth", $return); system("sudo rm ".RASPI_OPENVPN_CLIENT_LOGIN, $return); system("sudo ln -s $client_auth ".RASPI_OPENVPN_CLIENT_LOGIN, $return); if ($return !=0) { $status->addMessage('Unable to save client auth credentials', 'danger'); } } // Set iptables rules and, optionally, auth-user-pass exec("sudo /etc/raspap/openvpn/configauth.sh $tmp_ovpnclient $auth_flag " .$_SESSION['ap_interface'], $return); foreach ($return as $line) { $status->addMessage($line, 'info'); } $client_ovpn = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_client.conf'; chmod($tmp_ovpnclient, 0644); system("sudo cp $tmp_ovpnclient $client_ovpn", $return); system("sudo rm ".RASPI_OPENVPN_CLIENT_CONFIG, $return); system("sudo ln -s $client_ovpn ".RASPI_OPENVPN_CLIENT_CONFIG, $return); if ($return ==0) { $status->addMessage('OpenVPN client.conf uploaded successfully', 'info'); } else { $status->addMessage('Unable to save OpenVPN client config', 'danger'); } return $status; } catch (RuntimeException $e) { $status->addMessage($e->getMessage(), 'danger'); return $status; } }