/src/web/html/function_vpn_ssl.php
PHP | 342 lines | 181 code | 40 blank | 121 comment | 18 complexity | 9aa276cb6f0f811d37f6a2e14af257e4 MD5 | raw file
- <?php
- include_once "function_base_xml_class.php";
- class CVPN_SSL_Server extends base_xml_class
- {
- function __construct()
- {
- $this->root_path = "/MINI/NETWORK/VPN";
- $this->node_name = "SSL";
- $this->key_array = array("Enabled", "Srv_Type", "Dev_Type", "Protocol", "Port", "Lan_Ip", "Lan_Mask","Route_Ip", "Route_Mask",
- "Wan_Ip", "Dns1", "Dns2", "Wins");
- }
- private function CreateServerConf($ret)
- {
- $crt = new CCertificate();
- $r = $crt -> get_item_by_num(0);
- $server_name = $r['User'];
- $server_conf = "/usr/local/etc/openvpn/easy-rsa/server.conf";
-
- $str = "port ". $ret['Port']. " \n";
- $str .= "proto ". $ret['Protocol']. " \n";
- $str .= "dev ". $ret['Dev_Type']. " \n";
- $str .= "ca /usr/local/etc/openvpn/easy-rsa/keys/ca.crt \n";
- $str .= "cert /usr/local/etc/openvpn/easy-rsa/keys/". $server_name. ".crt \n";
- $str .= "key /usr/local/etc/openvpn/easy-rsa/keys/". $servre_name. ".key \n";
- $str .= "dh /usr/local/etc/openvpn/easy-rsa/keys/dh1024.pem \n";
- $str .= "server ". $ret['Lan_Ip']. " ". $ret['Lan_Mask']. " \n";
- $str .= "ifconfig-pool-persist /usr/local/etc/openvpn/easy-rsa/ipp.txt \n";
- $str .= "push \"". $ret['Route_Ip']. ' '. $ret['Route_Mask']. "\" \n";
- $str .= "push \"dhcp-option DNS ". $ret['Dns1']. "\" \n";
-
- if ($ret['Dns2'] != "")
- $str .= "push \"dhcp-option DNS ". $ret['Dns2']. "\" \n";
-
- if ($ret['Wins'] != "")
- $str .= "push \"dhcp-option WINS ". $ret['Wins']. "\" \n";
-
- $str .= "keepalive 10 120 \n";
- $str .= "crl-verify /usr/local/etc/openvpn/easy-rsa/keys/crl.pem \n";
- $str .= "comp-lzo \n";
- $str .= "persist-key \n";
- $str .= "persist-tun \n";
- $str .= "verb 3 \n";
-
- $handle = fopen($server_conf, "w+");
- if ($handle == FALSE)
- return FALSE;
- $ret = fwrite($handle, $str);
- if ($ret === FALSE)
- return FALSE;
- fclose($handle);
- return $str;
- }
- function GetSysRunStatus()
- {
- $command = "/bin/pidof openvpn ;";
- $ret = shell_exec($command);
-
- if (trim($ret) != "")
- return "??";
- else
- return "??";
- }
- function Apply_Iptables()
- {
- $chain = "APPLY";
- $ret_list = $this -> get_list();
- $ret = $ret_list[0];
-
- $command_iptables_D = "/usr/local/bin/iptables -F ". $chain. " ;";
- $command_iptables_A = "/usr/local/bin/iptables -A ". $chain. " -p tcp --dport ". $ret['Port']. " -j ACCEPT;";
- $command_iptables_A .= "/usr/local/bin/iptables -A ". $chain. " -p udp --dport ". $ret['Port']. " -j ACCEPT;";
-
- shell_exec($command_iptables_D);
- if ($ret['Enabled'] == '1'){
- shell_exec($command_iptables_A);
- }
- }
- function Apply()
- {
- $ret_list = $this -> get_list();
- $ret = $ret_list[0];
-
- $command = "cd /usr/local/etc/openvpn/easy-rsa; ";
- $command .= "source /usr/local/etc/openvpn/easy-rsa/vars; ";
- //$command .= "/usr/local/etc/openvpn/easy-rsa/clean-all; ";
- //$command .= "/usr/local/etc/openvpn/easy-rsa//build-dh; ";
- //$command .= "/usr/local/etc/openvpn/easy-rsa/pkitool --initca; ";
- //$command .= "/usr/local/etc/openvpn/easy-rsa/pkitool --server vpn_server; ";
- $command_kill = "/bin/kill -9 `pidof openvpn` 1>/dev/null 2>&1";
- $command_start = "/usr/local/sbin/openvpn --daemon --config /usr/local/etc/openvpn/easy-rsa/server.conf 1>/dev/null 2>&1; ";
-
- shell_exec($command_kill);
- if ($ret['Enabled'] == '1'){
- $this -> CreateServerConf($ret);
- shell_exec($command);
- shell_exec($command_start);
- }
- $this -> Apply_Iptables();
- }
- }
- class CVPN_SSL_Client extends base_xml_class
- {
- function __construct()
- {
- $this->root_path = "/MINI/NETWORK/VPN";
- $this->node_name = "SSL";
- $this->key_array = array( "Dev_Type", "Protocol", "Port", "Wan_Ip");
- }
-
- function GetClientList()
- {
- $ret_list = array();
- $command = "/bin/ls /ldisk/vpn/ssl/user/ | /bin/grep tar.gz | /bin/awk -F. '{print $1}'";
- $ret_command = shell_exec($command);
- $list = explode("\n", $ret_command);
- $i = 0;
- foreach ($list as $l){
- if ($l == "")
- continue;
- $ret_list[$i]['Name'] = $l;
- $tem_list = $this -> GetClientCrtTime($l);
- $ret_list[$i]['Before'] = $tem_list['Before'];
- $ret_list[$i++]['After'] = $tem_list['After'];
- }
- return $ret_list;
- }
-
- function GetClientCrtTime($name)
- {
- $ret_list = array();
- $command_b = "/bin/cat /ldisk/vpn/ssl/keys/". $name.
- ".crt | /bin/grep \"Not Before\" | /bin/awk -FBefore: '{printf $2}' ";
- //print $command_b;
- $before = shell_exec($command_b);
-
- $command_a = "/bin/cat /ldisk/vpn/ssl/keys/". $name.
- ".crt | /bin/grep \"Not After\" | /bin/awk -F\"After :\" '{printf $2}' ";
- //print $command_a;
- $after= shell_exec($command_a);
- $ret_list ['Before'] = $before;
- $ret_list ['After'] = $after;
- return $ret_list;
- }
- private function CreateClientConf($client_name)
- {
- $client_conf = "/usr/local/etc/openvpn/easy-rsa/client.ovpn";
- $ret_list = $this -> get_list();
- $ret = $ret_list[0];
-
- $str = "client \n";
- $str .= "dev ". $ret['Dev_Type']. " \n";
- $str .= "proto ". $ret['Protocol']. " \n";
- $str .= "remote ". $ret['Wan_Ip']. " ". $ret['Port']. " \n";
- $str .= "resolv-retry infinite \n";
- $str .= "nobind \n";
- $str .= "persist-key \n";
- $str .= "persist-tun \n";
- $str .= "ca keys/ca.crt \n";
- $str .= "cert keys/". $client_name. ".crt \n";
- $str .= "key keys/". $client_name. ".key \n";
- $str .= "comp-lzo \n";
- $str .= "verb 3 \n";
-
- $handle = fopen($client_conf, "w+");
- if ($handle == FALSE)
- return FALSE;
- $ret = fwrite($handle, $str);
- if ($ret === FALSE)
- return FALSE;
- fclose($handle);
- return $str;
- }
-
- function CreateCrtUser($client_name)
- {
- $user_path = "/ldisk/vpn/ssl/user/";
- $str_client = $this -> CreateClientConf($client_name);
-
- $command = "cd /usr/local/etc/openvpn/easy-rsa; ";
- $command .= "source /usr/local/etc/openvpn/easy-rsa/vars; ";
- $command .= "/usr/local/etc/openvpn/easy-rsa/pkitool ". $client_name. " ; ";
- //print $command;
- $ret = shell_exec ($command);
-
- $command_tar = "cd /usr/local/etc/openvpn/easy-rsa ;";
- $command_tar .= "/bin/tar -czvf ". $user_path. $client_name. ".tar.gz ";
- $command_tar .= "keys/ca.crt ";
- $command_tar .= "keys/". $client_name. ".crt ";
- $command_tar .= "keys/". $client_name. ".key ";
- $command_tar .= "client.ovpn ";
- //print $command_tar;
- $ret = shell_exec ($command_tar);
- return $ret;
- }
-
- function DelCrtUser($name)
- {
- $command = "cd /usr/local/etc/openvpn/easy-rsa; ";
- $command .= "source /usr/local/etc/openvpn/easy-rsa/vars; ";
- $command .= "/usr/local/etc/openvpn/easy-rsa/revoke-full ". $name. " ;";
- $ret = shell_exec($command);
- $command_del = "/bin/rm -rf /ldisk/vpn/ssl/user/". $name. ".tar.gz ;";
- $ret = shell_exec($command_del);
- return $ret;
- }
- function Apply()
- {
- $command_del = "/bin/rm -rf /ldisk/vpn/ssl/keys/*; ";
- $command_cp = "cp -rf /usr/local/etc/openvpn/easy-rsa/keys/* /ldisk/vpn/ssl/keys/ ;";
- $command_cp .= "/bin/sync ; ";
- //print $command_del;
- //print $command_cp;
- $ret = shell_exec ($command_del);
- $ret = shell_exec ($command_cp);
- }
- }
- class CCertificate extends base_xml_class
- {
- function __construct()
- {
- $this->root_path = "/MINI/NETWORK/VPN";
- $this->node_name = "CERTIFICATE";
- $this->key_array = array( "Time", "City", "State", "Org", "User", "Email");
- }
-
- function CreateDH()
- {
- $command = "cd /usr/local/etc/openvpn/easy-rsa; ";
- $command .= "source /usr/local/etc/openvpn/easy-rsa/vars; ";
- //$command .= "/usr/local/etc/openvpn/easy-rsa/clean-all; ";
- $command .= "/usr/local/etc/openvpn/easy-rsa/build-dh; ";
- //print $command;
- shell_exec($command);
- }
- function CreateCA()
- {
- $command = "cd /usr/local/etc/openvpn/easy-rsa; ";
- $command .= "source /usr/local/etc/openvpn/easy-rsa/vars; ";
- $command .= "/usr/local/etc/openvpn/easy-rsa/pkitool --initca; ";
- //print $command;
- shell_exec($command);
- }
- function CreateSERVER()
- {
- $r = $this -> get_item_by_num(0);
- $command = "cd /usr/local/etc/openvpn/easy-rsa; ";
- $command .= "source /usr/local/etc/openvpn/easy-rsa/vars; ";
- $command .= "/usr/local/etc/openvpn/easy-rsa/pkitool --server ". $r['User']. " ; ";
- //print $command;
- shell_exec($command);
- }
-
- private function CreateCommandStr($title, $v)
- {
- $command = "";
- $command .= "cat /usr/local/etc/openvpn/easy-rsa/vars | sed '/export ". $title. "/d' > /usr/local/etc/openvpn/easy-rsa/vars ;";
- $command .= "echo \"export ". $title. "=" .$v. "\" >> /usr/local/etc/openvpn/easy-rsa/vars ;";
- return $command;
- }
- function CreateVars() //BOOT
- {
- $r = $this -> get_item_by_num(0);
- $command = "cd /usr/local/etc/openvpn/easy-rsa; ";
- if (trim($r['Time']) != ""){
- $command .= $this -> CreateCommandStr("CA_EXPIRE", $r['Time']);
- $command .= $this -> CreateCommandStr("KEY_EXPIRE", $r['Time']);
- }
- if (trim($r['State']) != "")
- $command .= $this -> CreateCommandStr("KEY_PROVINCE", $r['State']);
- if (trim($r['City']) != "")
- $command .= $this -> CreateCommandStr("KEY_CITY", $r['City']);
- if (trim($r['Org']) != "")
- $command .= $this -> CreateCommandStr("KEY_ORG", $r['Org']);
- if (trim($r['Email']) != "")
- $command .= $this -> CreateCommandStr("KEY_EMAIL", $r['Email']);
- $command .= "/bin/chmod +x /usr/local/etc/openvpn/easy-rsa/vars; /bin/sync;";
- //print $command;
- shell_exec($command);
- }
- function Apply()
- {
- $this -> CreateVars();
- $command_del = "/bin/rm -rf /ldisk/vpn/ssl/keys/*; ";
- $command_cp = "cp -rf /usr/local/etc/openvpn/easy-rsa/keys/* /ldisk/vpn/ssl/keys/ ;";
- $command_cp .= "/bin/sync ; ";
- //print $command_del;
- //print $command_cp;
- $ret = shell_exec ($command_del);
- $ret = shell_exec ($command_cp);
- }
- }
- class CVPN_SSL
- {
- function Apply()
- {
- $crt = new CCertificate();
- $crt -> CreateVars();
- $command_del = "/bin/rm -rf /usr/local/etc/openvpn/easy-rsa/keys/*; ";
- $ret = shell_exec ($command_del);
- $command_cp = "cp -rf /ldisk/vpn/ssl/keys/ /usr/local/etc/openvpn/easy-rsa/keys/ ;";
- $command_cp .= "/bin/sync ; ";
- $ret = shell_exec ($command_cp);
- $server = new CVPN_SSL_Server();
- $server -> Apply();
- }
- }
- ?>