ZeroTier

19 |

ZeroTier Status

20 |

21 |

22 | 23 | 24 | 25 | 26 | 27 | 29 | 30 | 31 | 32 | 33 | 34 | 39 | 40 | 44 | 45 | 46 | 47 | 48 |

Network ID	Name	MAC 28 \|	Status	Type	Device	Assigned IP

49 |

50 |

51 | -------------------------------------------------------------------------------- /pfSense-pkg-zerotier/files/usr/local/pkg/zerotier.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 42 | 43 | zerotierclient 44 | ZeroTier 45 | /usr/local/pkg/zerotier.inc 46 | 47 | ZeroTier 48 |

VPN

49 | zerotier.xml 50 | 51 | 52 | zerotier 53 | zerotier-one.sh 54 | zerotier-one 55 | ZeroTier Client and Controller 56 | 57 | 58 | 59 | Client 60 | /pkg.php?xml=zerotier.xml 61 | 62 | 63 | 64 | Client Status 65 | /zerotier_status.php 66 | 67 | 68 | Controller 69 | /pkg.php?xml=zerotiercontroller.xml 70 | 71 | 72 | Network Members 73 | /zerotier_controller_auth_member.php 74 | 75 | 76 | 77 | 78 | Network ID 79 | joinnetwork 80 | 81 | 82 | 83 | 84 | Network ID 85 | joinnetwork 86 | input 87 | 16 88 | 89 | 90 | 91 | zerotier_install(); 92 | 93 | 94 | zerotier_leave_network(); 95 | 96 | 97 | zerotier_leave_network(); 98 | zerotier_join_network(); 99 | 100 | 101 | validate_form_zerotier($_POST, $input_errors); 102 | 103 | 104 | -------------------------------------------------------------------------------- /pfSense-pkg-zerotier/files/usr/local/www/zerotier_controller_auth_member.php: -------------------------------------------------------------------------------- 1 | authorized) 15 | $res = json_decode(sendPost("POST", "/controller/network/${_POST['net']}/member/${_POST['memid']}", json_encode(['authorized'=>false]))); 16 | if (!$member->authorized) 17 | $res = json_decode(sendPost("POST", "/controller/network/${_POST['net']}/member/${_POST['memid']}", json_encode(['authorized'=>true]))); 18 | echo $res->authorized == true ? 'yes' : 'no'; 19 | 20 | } else if ($_POST['mode'] == 'bridge'){ 21 | if ($member->activeBridge) 22 | $res = json_decode(sendPost("POST", "/controller/network/${_POST['net']}/member/${_POST['memid']}", json_encode(['activeBridge'=>false]))); 23 | if (!$member->activeBridge) 24 | $res = json_decode(sendPost("POST", "/controller/network/${_POST['net']}/member/${_POST['memid']}", json_encode(['activeBridge'=>true]))); 25 | echo $res->activeBridge == true ? 'yes' : 'no'; 26 | } 27 | exit; 28 | } 29 | 30 | $pgtitle = array(gettext("Package"), gettext("ZeroTier"), gettext("Network Members")); 31 | require("head.inc"); 32 | 33 | $tab_array = array(); 34 | $tab_array[] = array(gettext("Client"), false, "pkg.php?xml=zerotier.xml"); 35 | $tab_array[] = array(gettext("Client Status"), false, "zerotier_status.php"); 36 | $tab_array[] = array(gettext("Controller"), false, "pkg.php?xml=zerotiercontroller.xml"); 37 | $tab_array[] = array(gettext("Network Members"), true, "zerotier_controller_auth_member.php"); 38 | display_top_tabs($tab_array); 39 | ?> 40 | 55 |

56 |

ZeroTier Network Members

57 |

58 |

59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 82 | 83 | 84 | 86 | 94 | 95 | 97 | 98 | 99 | 100 | 101 | 102 | 103 |

Network ID	Authorized?	Address	Assigned IP	Bridge?
Net ID:				85 \|
96 \|	authorized ? 'yes' : 'no' ?>	address?>	ipAssignments)?>	activeBridge ? 'yes' : 'no' ?>

104 |

105 |

106 | -------------------------------------------------------------------------------- /pfSense-pkg-zerotier/files/usr/local/pkg/zerotiercontroller.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | zerotiercontroller 6 | ZeroTier 7 | /usr/local/pkg/zerotier.inc 8 | 9 | 10 | Client 11 | /pkg.php?xml=zerotier.xml 12 | 13 | 14 | Client Status 15 | /zerotier_status.php 16 | 17 | 18 | Controller 19 | /pkg.php?xml=zerotiercontroller.xml 20 | 21 | 22 | 23 | Network Members 24 | /zerotier_controller_auth_member.php 25 | 26 | 27 | 28 | 29 | Network ID 30 | network 31 | 32 | 33 | Network Name 34 | name 35 | 36 | 37 | Private 38 | private 39 | 40 | 41 | 42 | 43 | Network ID 44 | network 45 | A 6 digit ID that is appended to the sever address. Leave blank to use a random ID. NOTE: Changing the Network ID after a network has been created will cause the original network to be deleted from the controller. 46 | input 47 | 6 48 | 49 | 50 | 51 | Network Name 52 | name 53 | A short name for this network 54 | input 55 | 16 56 | 57 | 58 | 59 | Private 60 | private 61 | Is access control enabled? 62 | checkbox 63 | 64 | 65 | 66 | Broadcast 67 | enablebroadcast 68 | Ethernet ff:ff:ff:ff:ff:ff allowed? 69 | checkbox 70 | 71 | 72 | 73 | Passive Bridging 74 | allowpassivebridging 75 | Allow any member to bridge (very experimental) 76 | checkbox 77 | 78 | 79 | 80 | Auto Assign IPv4 81 | v4assignmode 82 | Auto-assign IPv4 from pool(s) 83 | checkbox 84 | 85 | 86 | 87 | Auto Assign IPv6 88 | v6assignmode 89 | Select method(s) to use when assigning IPv6 addresses. 90 | select 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | Multicast Limit 101 | multicastlimit 102 | Maximum recipients for a multicast packet 103 | input 104 | 9 105 | 106 | 107 | 108 | Routes 109 | routes 110 | Comma separated prefix list 111 | input 112 | 15 113 | 114 | 115 | 116 | IPv4 Assignment Pool Range Start IP 117 | ipv4rangestart 118 | Note: IP assignments are only used if they fall within a managed route. 119 | input 120 | 15 121 | 122 | 123 | IPv4 Assignment Pool Range End IP 124 | ipv4rangeend 125 | input 126 | 15 127 | 128 | 129 | 130 | IPv6 Assignment Pool Range Start IP 131 | ipv6rangestart 132 | Note: IP assignments are only used if they fall within a managed route. 133 | input 134 | 15 135 | 136 | 137 | IPv6 Assignment Pool Range End IP 138 | ipv6rangeend 139 | input 140 | 15 141 | 142 | 143 | 144 | Allow Any Protocol 145 | allowallprotocols 146 | This option overrides the other protocol selections 147 | checkbox 148 | 149 | 150 | Allow IPv4 151 | allowipv4 152 | Allow IPv4 and ARP frame types 153 | checkbox 154 | 155 | 156 | Allow IPv6 157 | allowipv6 158 | Allow IPv6 frame types 159 | checkbox 160 | 161 | 162 | 163 | zerotier_controller_sync(); 164 | 165 | 166 | zerotier_controller_sync_delete(); 167 | 168 | 169 | validate_form_zerotier_controller($_POST, $input_errors); 170 | 171 | 172 | -------------------------------------------------------------------------------- /pfSense-pkg-zerotier/files/usr/local/pkg/zerotier.inc: -------------------------------------------------------------------------------- 1 | nwid, array_column($config['installedpackages']['zerotierclient']['config'], 'joinnetwork'))){ 36 | # If it's not in config then leave 37 | exec("/usr/local/bin/zerotier-cli leave {$net->nwid}"); 38 | } 39 | } 40 | } 41 | 42 | function validate_form_zerotier($post, &$input_errors) { 43 | if ($post['joinnetwork'] == '' || ($post['joinnetwork'] && (!ctype_xdigit($post['joinnetwork']) || (strlen($post['joinnetwork']) <> 16)))) { 44 | $input_errors[] = '"Network ID" must be 16 characters long and contain only A-F, 0-9'; 45 | } 46 | } 47 | 48 | function validate_form_zerotier_controller($post, &$input_errors) { 49 | if ($post['network'] && (!ctype_xdigit($post['network']) || (strlen($post['network']) <> 16)) ) { 50 | $input_errors[] = '"Network ID" can be blank or 16 characters long and contain only A-F, 0-9'; 51 | } 52 | if (!$post['allowallprotocols'] && !$post['allowipv4'] && !$post['allowipv6'] ) { 53 | $input_errors[] = 'You have not Allowed any protocols.'; 54 | } 55 | } 56 | 57 | function zerotier_controller_sync(){ 58 | zerotier_controller_sync_delete(); 59 | zerotier_controller_sync_create(); 60 | } 61 | 62 | function zerotier_controller_sync_create(){ 63 | // global $config; 64 | 65 | // foreach ($config['installedpackages']['zerotiercontroller']['config'] as $net){ 66 | // // echo var_dump($net); 67 | // } 68 | zerotier_create_network($_POST); 69 | } 70 | 71 | function zerotier_controller_sync_delete(){ 72 | global $config; 73 | 74 | // Get list of networks from controller 75 | $networks = sendPost("GET", "/controller/network", null); 76 | 77 | $nets = json_decode($networks); 78 | foreach ($nets as $net){ 79 | # Check if a created network is in config 80 | if (!in_array($net, array_column($config['installedpackages']['zerotiercontroller']['config'], 'network'))){ 81 | # If it's not in config then delete it 82 | $res = sendPost("DELETE", "/controller/network/${net}", null); 83 | } 84 | } 85 | } 86 | 87 | function zerotier_create_network($post){ 88 | global $config; 89 | global $id; 90 | 91 | // Use a random network id if one is not provided 92 | if ($post['network'] !== '' ){ 93 | $network = $post['network']; 94 | } else { 95 | // Get controller address 96 | $address = json_decode(sendPost("GET", "/status", null)); 97 | $address = $address->address; 98 | $network = "${address}______"; 99 | } 100 | 101 | // Use it to append to networkid to create network 102 | $created = json_decode(sendPost("POST", "/controller/network/${network}", json_encode(zerotier_convert_post_to_object($post)))); 103 | 104 | // if network was blank, record new network ID 105 | if (isset($id) && $config['installedpackages']['zerotiercontroller']['config'][$id]['network'] == '') { 106 | $config['installedpackages']['zerotiercontroller']['config'][$id]['network'] = $created->nwid; 107 | write_config(); 108 | } 109 | } 110 | 111 | function zerotier_convert_post_to_object($p){ 112 | // String 113 | $o['name'] = $p['name']; 114 | $o['v4AssignMode'] = $p['v4assignmode'] == 'on' ? 'zt' : ''; 115 | $o['v6AssignMode'] = $p['v6assignmode']; // group_concat 116 | 117 | // Boolean 118 | $o['private'] = $p['private'] == 'on' ? true : false; 119 | $o['enableBroadcast'] = $p['enablebroadcast'] == 'on' ? true : false; 120 | $o['allowPassiveBridging'] = $p['allowpassivebridging'] == 'on' ? true : false; 121 | 122 | // Integer 123 | $o['multicastLimit'] = (integer) $p['multicastlimit']; 124 | 125 | $parsedRelays = []; 126 | $parsedRoutes = []; 127 | $parsedRules = []; 128 | $parsedPools = []; 129 | 130 | // Routes 131 | if (isset($p['routes'])){ 132 | $parsedRoutes = explode(',',$p['routes']); 133 | } 134 | 135 | // Rules 136 | if (isset($p['allowallprotocols'])){ 137 | $parsedRules[] = ['ruleNo' => 1, 'action' => 'accept']; 138 | } else { 139 | if (isset($p['allowipv4'])){ 140 | $parsedRules[] = ['ruleNo' => 1, 'etherType' => 2048, 'action' => 'accept']; 141 | $parsedRules[] = ['ruleNo' => 2, 'etherType' => 2054, 'action' => 'accept']; 142 | } 143 | if (isset($p['allowipv6'])){ 144 | $parsedRules[] = ['ruleNo' => 3, 'etherType' => 34525, 'action' => 'accept']; 145 | } 146 | } 147 | 148 | // IP Assignment Poools v4 and v6 149 | if ($p['v4assignmode'] == 'on' && isset($p['ipv4rangestart']) && isset($p['ipv4rangeend'])){ 150 | $parsedPools[] = ['ipRangeStart' => $p['ipv4rangestart'], 151 | 'ipRangeEnd' => $p['ipv4rangeend']]; 152 | } 153 | if (in_array('zt', $p['v6assignmode']) && isset($p['ipv6rangestart']) && isset($p['ipv6rangeend'])){ 154 | $parsedPools[] = ['ipRangeStart' => $p['ipv6rangestart'], 155 | 'ipRangeEnd' => $p['ipv6rangeend']]; 156 | } 157 | 158 | // Arrays 159 | $o['relays'] = $parsedRelays; 160 | // $o['routes'] = $parsedRoutes; # This line can be used when zerotier is upgraded 161 | $o['ipLocalRoutes'] = $parsedRoutes; 162 | $o['rules'] = $parsedRules; 163 | $o['ipAssignmentPools'] = $parsedPools; 164 | 165 | return $o; 166 | } 167 | 168 | function sendPost($req, $url, $post){ 169 | $API_KEY = file_get_contents('/var/db/zerotier-one/authtoken.secret'); 170 | $url = 'http://localhost:9993' . $url; 171 | 172 | $c = curl_init($url); 173 | curl_setopt($c, CURLOPT_CUSTOMREQUEST, $req); 174 | curl_setopt($c, CURLOPT_RETURNTRANSFER, true); 175 | curl_setopt($c, CURLOPT_POSTFIELDS, $post); 176 | curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); 177 | curl_setopt($c, CURLOPT_HTTPHEADER, array( 178 | "X-ZT1-Auth: $API_KEY" 179 | )); 180 | 181 | $result = curl_exec($c); 182 | curl_close($c); 183 | return $result; 184 | } 185 | --------------------------------------------------------------------------------