Project

General

Profile

Feature #12522 » vpn_openvpn_csc-v1.3.2-master.patch

Phil Wardt, 04/09/2022 11:25 AM

View differences:

src/usr/local/www/vpn_openvpn_csc.php
34 34
require_once("pfsense-utils.inc");
35 35
require_once("pkg-utils.inc");
36 36

  
37
global $openvpn_tls_server_modes;
37
global $openvpn_topologies, $openvpn_tls_server_modes;
38 38

  
39
// check if submitted form field is not empty
40
function empty_field($str) {
41
	$has_text = !is_bool($str) && strlen($str) > 0;
42
	return !$has_text;
43
}
44

  
39 45
init_config_arr(array('openvpn', 'openvpn-csc'));
40 46
$a_csc = &$config['openvpn']['openvpn-csc'];
41 47
init_config_arr(array('openvpn', 'openvpn-server'));
......
64 70
		exit;
65 71
	}
66 72

  
67
	if (!$user_can_edit_advanced && !empty($a_csc[$id]['custom_options'])) {
73
	if (!$user_can_edit_advanced && !empty_field($a_csc[$id]['custom_options'])) {
68 74
		$input_errors[] = gettext("This user does not have sufficient privileges to delete an instance with Advanced options set.");
69 75
	} else {
70 76
		$wc_msg = sprintf(gettext('Deleted OpenVPN client specific override %1$s %2$s'), $a_csc[$id]['common_name'], $a_csc[$id]['description']);
......
86 92

  
87 93
		$pconfig['tunnel_network'] = $a_csc[$id]['tunnel_network'];
88 94
		$pconfig['tunnel_networkv6'] = $a_csc[$id]['tunnel_networkv6'];
95

  
96
		$pconfig['push_reset'] = $a_csc[$id]['push_reset'];
97
		$pconfig['topology_override'] = $a_csc[$id]['topology_override'];
98
		$pconfig['topology'] = $a_csc[$id]['topology'];
99
		$pconfig['remove_route'] = $a_csc[$id]['remove_route'];
100
		$pconfig['remove_iroute'] = $a_csc[$id]['remove_iroute'];
101
		$pconfig['remove_dnsdomain'] = $a_csc[$id]['remove_dnsdomain'];
102
		$pconfig['remove_dnsservers'] = $a_csc[$id]['remove_dnsservers'];
103
		$pconfig['remove_ntpservers'] = $a_csc[$id]['remove_ntpservers'];
104
		$pconfig['remove_netbios_ntype'] = $a_csc[$id]['remove_netbios_ntype'];
105
		$pconfig['remove_netbios_scope'] = $a_csc[$id]['remove_netbios_scope'];
106
		$pconfig['remove_wins'] = $a_csc[$id]['remove_wins'];
107

  
108
		if ($pconfig['push_reset'] ||
109
				$pconfig['topology_override'] ||
110
				$pconfig['remove_route'] ||
111
				$pconfig['remove_iroute'] ||
112
				$pconfig['remove_dnsdomain'] ||
113
				$pconfig['remove_dnsservers'] ||
114
				$pconfig['remove_ntpservers'] ||
115
				$pconfig['remove_netbios_ntype'] ||
116
				$pconfig['remove_netbios_scope'] ||
117
				$pconfig['remove_wins']) {
118
			$pconfig['server_overrides_enabled'] = true;
119
		}
120

  
121
		$pconfig['gwredir'] = $a_csc[$id]['gwredir'];
122
		$pconfig['gwredir6'] = $a_csc[$id]['gwredir6'];
89 123
		$pconfig['local_network'] = $a_csc[$id]['local_network'];
90 124
		$pconfig['local_networkv6'] = $a_csc[$id]['local_networkv6'];
125
		$pconfig['gateway'] = $a_csc[$id]['gateway'];
126
		$pconfig['gateway6'] = $a_csc[$id]['gateway6'];
127

  
91 128
		$pconfig['remote_network'] = $a_csc[$id]['remote_network'];
92 129
		$pconfig['remote_networkv6'] = $a_csc[$id]['remote_networkv6'];
93
		$pconfig['gwredir'] = $a_csc[$id]['gwredir'];
94 130

  
95
		$pconfig['push_reset'] = $a_csc[$id]['push_reset'];
96
		$pconfig['remove_route'] = $a_csc[$id]['remove_route'];
97

  
98 131
		$pconfig['dns_domain'] = $a_csc[$id]['dns_domain'];
99
		if ($pconfig['dns_domain']) {
132
		if (!empty_field($pconfig['dns_domain'])) {
100 133
			$pconfig['dns_domain_enable'] = true;
101 134
		}
102 135

  
......
105 138
		$pconfig['dns_server3'] = $a_csc[$id]['dns_server3'];
106 139
		$pconfig['dns_server4'] = $a_csc[$id]['dns_server4'];
107 140

  
108
		if ($pconfig['dns_server1'] ||
109
		    $pconfig['dns_server2'] ||
110
		    $pconfig['dns_server3'] ||
111
		    $pconfig['dns_server4']) {
141
		if (!empty_field($pconfig['dns_server1']) ||
142
				!empty_field($pconfig['dns_server2']) ||
143
				!empty_field($pconfig['dns_server3']) ||
144
				!empty_field($pconfig['dns_server4'])) {
112 145
			$pconfig['dns_server_enable'] = true;
113 146
		}
114 147

  
115 148
		$pconfig['ntp_server1'] = $a_csc[$id]['ntp_server1'];
116 149
		$pconfig['ntp_server2'] = $a_csc[$id]['ntp_server2'];
117 150

  
118
		if ($pconfig['ntp_server1'] ||
119
		    $pconfig['ntp_server2']) {
151
		if (!empty_field($pconfig['ntp_server1']) ||
152
				!empty_field($pconfig['ntp_server2'])) {
120 153
			$pconfig['ntp_server_enable'] = true;
121 154
		}
122 155

  
......
127 160
		$pconfig['wins_server1'] = $a_csc[$id]['wins_server1'];
128 161
		$pconfig['wins_server2'] = $a_csc[$id]['wins_server2'];
129 162

  
130
		if ($pconfig['wins_server1'] ||
131
		    $pconfig['wins_server2']) {
163
		if (!empty_field($pconfig['wins_server1']) ||
164
				!empty_field($pconfig['wins_server2'])) {
132 165
			$pconfig['wins_server_enable'] = true;
133 166
		}
134 167

  
135 168
		$pconfig['nbdd_server1'] = $a_csc[$id]['nbdd_server1'];
136
		if ($pconfig['nbdd_server1']) {
169
		if (!empty_field($pconfig['nbdd_server1'])) {
137 170
			$pconfig['nbdd_server_enable'] = true;
138 171
		}
139 172
	}
......
155 188
	    !$user_can_edit_advanced) {
156 189
		$input_errors[] = gettext("This user does not have sufficient privileges to edit Advanced options on this instance.");
157 190
	}
158
	if (!$user_can_edit_advanced && !empty($a_csc[$id]['custom_options'])) {
191
	if (!$user_can_edit_advanced && !empty_field($a_csc[$id]['custom_options'])) {
192
		// restore custom options field to its original value
159 193
		$pconfig['custom_options'] = $a_csc[$id]['custom_options'];
160 194
	}
161 195

  
......
171 205
		}
172 206
	}
173 207

  
174
	if (!empty($pconfig['tunnel_network']) && !openvpn_validate_tunnel_network($pconfig['tunnel_network'], 'ipv4')) {
208
	if (!empty_field($pconfig['tunnel_network']) && !openvpn_validate_tunnel_network($pconfig['tunnel_network'], 'ipv4')) {
175 209
		$input_errors[] = gettext("The field 'IPv4 Tunnel Network' must contain a valid IPv4 subnet with CIDR mask or an alias with a single IPv4 subnet with CIDR mask.");
176 210
	}
177 211

  
178
	if (!empty($pconfig['tunnel_networkv6']) && !openvpn_validate_tunnel_network($pconfig['tunnel_networkv6'], 'ipv6')) {
212
	if (!empty_field($pconfig['tunnel_networkv6']) && !openvpn_validate_tunnel_network($pconfig['tunnel_networkv6'], 'ipv6')) {
179 213
		$input_errors[] = gettext("The field 'IPv6 Tunnel Network' must contain a valid IPv6 prefix or an alias with a single IPv6 prefix.");
180 214
	}
181 215

  
182
	if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4", true)) {
216
	if ($pconfig['server_overrides_enabled'] && $pconfig['topology_override'] && !array_key_exists($pconfig['topology'], $openvpn_topologies)) {
217
		$input_errors[] = gettext("The field 'Topology' contains an invalid selection");
218
	}
219

  
220
	if (!$pconfig['gwredir'] && ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4", true))) {
183 221
		$input_errors[] = $result;
184 222
	}
185 223

  
186
	if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6", true)) {
224
	if (!$pconfig['gwredir6'] && ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6", true))) {
187 225
		$input_errors[] = $result;
188 226
	}
189 227

  
228
	if (!empty_field($pconfig['gateway']) && !is_ipaddrv4($pconfig['gateway'])) {
229
		$input_errors[] = gettext("A valid IPv4 address must be specified for the gateway.");
230
	}
231

  
232
	if (!empty_field($pconfig['gateway6']) && !is_ipaddrv6($pconfig['gateway6'])) {
233
		$input_errors[] = gettext("A valid IPv6 address must be specified for the gateway.");
234
	}
235

  
190 236
	if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4", true)) {
191 237
		$input_errors[] = $result;
192 238
	}
......
196 242
	}
197 243

  
198 244
	if ($pconfig['dns_server_enable']) {
199
		if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) {
245
		if (!empty_field($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) {
200 246
			$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
201 247
		}
202
		if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) {
248
		if (!empty_field($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) {
203 249
			$input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
204 250
		}
205
		if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) {
251
		if (!empty_field($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) {
206 252
			$input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
207 253
		}
208
		if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) {
254
		if (!empty_field($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) {
209 255
			$input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
210 256
		}
211 257
	}
212 258

  
213 259
	if ($pconfig['ntp_server_enable']) {
214
		if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) {
260
		if (!empty_field($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) {
215 261
			$input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
216 262
		}
217
		if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) {
263
		if (!empty_field($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) {
218 264
			$input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
219 265
		}
220
		if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) {
266
		if (!empty_field($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) {
221 267
			$input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address");
222 268
		}
223
		if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) {
269
		if (!empty_field($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) {
224 270
			$input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address");
225 271
		}
226 272
	}
227 273

  
228 274
	if ($pconfig['netbios_enable']) {
229 275
		if ($pconfig['wins_server_enable']) {
230
			if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) {
276
			if (!empty_field($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) {
231 277
				$input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
232 278
			}
233
			if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) {
279
			if (!empty_field($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) {
234 280
				$input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
235 281
			}
236 282
		}
237 283
		if ($pconfig['nbdd_server_enable']) {
238
			if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) {
284
			if (!empty_field($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) {
239 285
				$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
240 286
			}
241 287
		}
......
269 315
		foreach (array('', 'v6') as $ntype) {
270 316
			$csc["tunnel_network{$ntype}"] = openvpn_tunnel_network_fix($pconfig["tunnel_network{$ntype}"]);
271 317
		}
318

  
319
		if ($pconfig['server_overrides_enabled']) {
320
			$csc['push_reset'] = $pconfig['push_reset'];
321
			if (!$pconfig['push_reset']) {
322
				$csc['remove_route'] = $pconfig['remove_route'];
323
				$csc['remove_iroute'] = $pconfig['remove_iroute'];
324
				$csc['remove_dnsdomain'] = $pconfig['remove_dnsdomain'];
325
				$csc['remove_dnsservers'] = $pconfig['remove_dnsservers'];
326
				$csc['remove_ntpservers'] = $pconfig['remove_ntpservers'];
327
				$csc['remove_netbios_ntype'] = $pconfig['remove_netbios_ntype'];
328
				$csc['remove_netbios_scope'] = $pconfig['remove_netbios_scope'];
329
				$csc['remove_wins'] = $pconfig['remove_wins'];
330
			}
331

  
332
			$csc['topology_override'] = $pconfig['topology_override'];
333
			if ($pconfig['topology_override']) {
334
				$csc['topology'] = $pconfig['topology'];
335
			}
336
		}
337

  
338
		$csc['gwredir'] = $pconfig['gwredir'];
339
		if (!$pconfig['gwredir']) {
272 340
			$csc['local_network'] = $pconfig['local_network'];
341
		}
342

  
343
		$csc['gwredir6'] = $pconfig['gwredir6'];
344
		if (!$pconfig['gwredir6']) {
273 345
			$csc['local_networkv6'] = $pconfig['local_networkv6'];
346
		}
347

  
348
		$csc['gateway'] = $pconfig['gateway'];
349
		$csc['gateway6'] = $pconfig['gateway6'];
350

  
274 351
		$csc['remote_network'] = $pconfig['remote_network'];
275 352
		$csc['remote_networkv6'] = $pconfig['remote_networkv6'];
276
		$csc['gwredir'] = $pconfig['gwredir'];
277
		$csc['push_reset'] = $pconfig['push_reset'];
278
		$csc['remove_route'] = $pconfig['remove_route'];
279 353

  
280 354
		if ($pconfig['dns_domain_enable']) {
281 355
			$csc['dns_domain'] = $pconfig['dns_domain'];
......
323 397
			$wc_msg = sprintf(gettext('Added OpenVPN client specific override %1$s %2$s'), $csc['common_name'], $csc['description']);
324 398
		}
325 399

  
326
		if (!empty($old_csc['common_name'])) {
400
		if (!empty_field($old_csc['common_name'])) {
327 401
			openvpn_delete_csc($old_csc);
328 402
		}
329 403
		openvpn_resync_csc($csc);
......
406 480
		true
407 481
		))->setHelp('Select the servers that will utilize this override. When no servers are selected, the override will apply to all servers.');
408 482

  
483
	// Override server client options
484
	$section->addInput(new Form_Checkbox(
485
		'server_overrides_enabled',
486
		'Select Server Overrides',
487
		'Select server options to remove.',
488
		$pconfig['server_overrides_enabled']
489
	))->setHelp('If unchecked, any client options specified in below form or Advanced section will be added to server options.%1$s' .
490
			'If checked, you can select the server options you want to remove. Any specified client option in below form or Advanced section will thus override the corresponding server-defined options.',
491
			'<br />');
492

  
493
	$section->addInput(new Form_Checkbox(
494
		'push_reset',
495
		null,
496
		'Remove All Server Options',
497
		$pconfig['push_reset']
498
	))->setHelp('Prevent this client from receiving any server-defined client settings.%1$s' .
499
			'This option will send a push-reset to the client. It will thus remove any server-defined routes, the gateway and topology.%1$s' .
500
			'For the client to properly connect, you will need to enter at least the gateway and topology in the below form or in Advanced section.',
501
			'<br />');
502

  
503
	$section->addInput(new Form_Checkbox(
504
		'topology_override',
505
		null,
506
		'Override Server Topology',
507
		$pconfig['topology_override']
508
	));
509

  
510
	$section->addInput(new Form_Select(
511
		'topology',
512
		null,
513
		$pconfig['topology'],
514
		$openvpn_topologies
515
	))->setHelp('This will push the selected topology to the client. It should only be set when option "Remove All Server Options" is checked. It must match the actual topology specified in server.%1$s' .
516
			'NOTE: This will perform a "push topology [selection]" without a previous "push-remove topology". Alternetively you can push the topology in Advanced section.',
517
			'<br />');
518

  
519
	/* as "push-reset" can break subnet topology, 
520
	 * "push-remove route" removes only IPv4/IPv6 routes, see #9702 */
521
	$section->addInput(new Form_Checkbox(
522
		'remove_route',
523
		null,
524
		'Remove Server Local Routes',
525
		$pconfig['remove_route']
526
	))->setHelp('Prevent this client from receiving any server-defined local routes.%1$s' .
527
			'This option will send a "push-remove route" to the client, removing any server-defined ipv4 or ipv6 local routes, including the gateway.%1$s' .
528
			'NOTE: Remember to either enter the proper gateway and any additional local routes in the below form or in Advanced section.',
529
			'<br />');
530

  
531
	$section->addInput(new Form_Checkbox(
532
		'remove_iroute',
533
		null,
534
		'Remove Server Remote Routes',
535
		$pconfig['remove_iroute']
536
	))->setHelp('Prevent this client from receiving any server-defined remote routes.%1$s' .
537
			'This option will send a "push-remove iroute" to the client, removing any server-defined ipv4 or ipv6 remote routes%1$s' .
538
			'NOTE: You can set new client specific remote routes in below form or in Advanced section.',
539
			'<br />');
540

  
541
	$section->addInput(new Form_Checkbox(
542
		'remove_dnsdomain',
543
		null,
544
		'Remove Server DNS Domains',
545
		$pconfig['remove_dnsdomain']
546
	))->setHelp('Prevent this client from receiving any server-defined remote DNS domains.%1$s' .
547
			'This option will send a "push-remove dhcp-option DOMAIN" to the client, removing any server-defined DNS domains.%1$s' .
548
			'NOTE: You can set new client specific DNS domain in below form or in Advanced section.',
549
			'<br />');
550

  
551
	$section->addInput(new Form_Checkbox(
552
		'remove_dnsservers',
553
		null,
554
		'Remove Server DNS Servers',
555
		$pconfig['remove_dnsservers']
556
	))->setHelp('Prevent this client from receiving any server-defined DNS Servers.%1$s' .
557
			'This option will send a "push-remove dhcp-option DNS" to the client, removing any server-defined ipv4 or ipv6 DNS servers.%1$s' .
558
			'NOTE: You can set new client specific DNS servers in below form or in Advanced section.',
559
			'<br />');
560

  
561
	$section->addInput(new Form_Checkbox(
562
		'remove_ntpservers',
563
		null,
564
		'Remove Server NTP Options.',
565
		$pconfig['remove_ntpservers']
566
	))->setHelp('Prevent this client from receiving any server-defined NTP Servers.%1$s' .
567
			'This option will send a "push-remove dhcp-option NTP" to the client, removing any server-defined NTP servers.%1$s' .
568
			'NOTE: You can set new client specific NTP servers in below form or in Advanced section.',
569
			'<br />');
570

  
571
	$section->addInput(new Form_Checkbox(
572
		'remove_netbios_ntype',
573
		null,
574
		'Remove Server Netbios Type',
575
		$pconfig['remove_netbios_ntype']
576
	))->setHelp('Prevent this client from receiving any server-defined Netbios Node Type.%1$s' .
577
			'This option will send a "push-remove dhcp-option NBT" to the client, removing any server-defined Netbios Node Type.%1$s' .
578
			'NOTE: You can set new client specific Netbios options in below form or in Advanced section.',
579
			'<br />');
580

  
581
	$section->addInput(new Form_Checkbox(
582
		'remove_netbios_scope',
583
		null,
584
		'Remove Server Netbios Scope',
585
		$pconfig['remove_netbios_scope']
586
	))->setHelp('Prevent this client from receiving any server-defined Netbios Scope.%1$s' .
587
			'This option will send a "push-remove dhcp-option NBS" to the client, removing any server-defined Netbios Scope.%1$s' .
588
			'NOTE: You can set new client specific Netbios Scope in below form or in Advanced section.',
589
			'<br />');
590

  
591
	$section->addInput(new Form_Checkbox(
592
		'remove_wins',
593
		null,
594
		'Remove Server WINS Options',
595
		$pconfig['remove_wins']
596
	))->setHelp('Prevent this client from receiving any server-defined WINS servers.%1$s' .
597
			'This option will send a "push-remove dhcp-option WINS" to the client, removing any server-defined WINS servers.%1$s' .
598
			'NOTE: You can set new client specific WINS servers in below form or in Advanced section.',
599
			'<br />');
600

  
409 601
	$form->add($section);
410 602

  
411 603
	$section = new Form_Section('Tunnel Settings');
......
429 621
			'Enter the client IPv6 address and prefix. The prefix must match the IPv6 Tunnel Network prefix on the server. ',
430 622
			'<br />');
431 623

  
624
	$form->add($section);
625

  
626
	$section = new Form_Section('Local Routes Settings');
627

  
628
	$section->addInput(new Form_Checkbox(
629
		'gwredir',
630
		'Redirect IPv4 Gateway',
631
		'Force all client generated traffic through the tunnel.',
632
		$pconfig['gwredir']
633
	));
634

  
635
	$section->addInput(new Form_Checkbox(
636
		'gwredir6',
637
		'Redirect IPv6 Gateway',
638
		'Force all client-generated IPv6 traffic through the tunnel.',
639
		$pconfig['gwredir6']
640
	));
641

  
432 642
	$section->addInput(new Form_Input(
433 643
		'local_network',
434 644
		'IPv4 Local Network/s',
......
448 658
			'<br />');
449 659

  
450 660
	$section->addInput(new Form_Input(
661
		'gateway',
662
		'IPv4 Gateway',
663
		'text',
664
		$pconfig['gateway']
665
	))->setHelp('This is the IPv4 Gateway to push to the client. Normally it is left blank and configured on the server. ' .
666
			'The gateway IP should be entered if any of the options "Remove Server Local Routes" or "Remove All Server Options" is checked, ' .
667
			'as these 2 options will remove the gateway defined on the server and connection from the client will likely fail.%1$s' .
668
			'NOTE: Remember that, unless configured specifically, the gateway should match the IPv4 Tunnel gateway configured on the selected OpenVPN servers settings.',
669
			'<br />');
670

  
671
	$section->addInput(new Form_Input(
672
		'gateway6',
673
		'IPv6 Gateway',
674
		'text',
675
		$pconfig['gateway6']
676
	))->setHelp('This is the IPv6 Gateway to push to the client. Normally it is left blank and configured on the server. ' .
677
			'The gateway IP should be entered if any of the options "Remove Server Local Routes" or "Remove All Server Options" is checked, ' .
678
			'as these 2 options will remove the gateway defined on the server and connection from the client will likely fail.%1$s' .
679
			'NOTE: Remember that, unless configured specifically, the gateway should match the IPv4 Tunnel gateway configured on the selected OpenVPN servers settings.',
680
			'<br />');
681

  
682
	$form->add($section);
683

  
684
	$section = new Form_Section('Remote Routes Settings');
685

  
686
	$section->addInput(new Form_Input(
451 687
		'remote_network',
452 688
		'IPv4 Remote Network/s',
453 689
		'text',
......
467 703
		    'NOTE: Remember to add these subnets to the IPv6 Remote Networks list on the corresponding OpenVPN server settings.',
468 704
			'<br />');
469 705

  
470
	$section->addInput(new Form_Checkbox(
471
		'gwredir',
472
		'Redirect Gateway',
473
		'Force all client generated traffic through the tunnel.',
474
		$pconfig['gwredir']
475
	));
476

  
477 706
	$form->add($section);
478 707

  
479
	$section = new Form_Section('Client Settings');
708
	$section = new Form_Section('Other Client Settings');
480 709

  
481 710
	$section->addInput(new Form_Checkbox(
482
		'push_reset',
483
		'Server Definitions',
484
		'Prevent this client from receiving any server-defined client settings. ',
485
		$pconfig['push_reset']
486
	));
487

  
488
	/* as "push-reset" can break subnet topology, 
489
	 * "push-remove route" removes only IPv4/IPv6 routes, see #9702 */
490
	$section->addInput(new Form_Checkbox(
491
		'remove_route',
492
		'Remove Server Routes',
493
		'Prevent this client from receiving any server-defined routes without removing any other options. ',
494
		$pconfig['remove_route']
495
	));
496

  
497
	$section->addInput(new Form_Checkbox(
498 711
		'dns_domain_enable',
499 712
		'DNS Default Domain',
500 713
		'Provide a default domain name to clients',
501 714
		$pconfig['dns_domain_enable']
502
	))->toggles('.dnsdomain');
715
	));
503 716

  
504 717
	$group = new Form_Group('DNS Domain');
505 718
	$group->addClass('dnsdomain');
......
519 732
		'DNS Servers',
520 733
		'Provide a DNS server list to clients',
521 734
		$pconfig['dns_server_enable']
522
	))->toggles('.dnsservers');
735
	));
523 736

  
524 737
	$group = new Form_Group(null);
525 738
	$group->addClass('dnsservers');
......
560 773
		'NTP Servers',
561 774
		'Provide an NTP server list to clients',
562 775
		$pconfig['ntp_server_enable']
563
	))->toggles('.ntpservers');
776
	));
564 777

  
565 778
	$group = new Form_Group(null);
566 779
	$group->addClass('ntpservers');
......
581 794

  
582 795
	$section->add($group);
583 796

  
584
	// NTP servers - For this section we need to use Javascript hiding since there
797
	// Netbios - For this section we need to use Javascript hiding since there
585 798
	// are nested toggles
586 799
	$section->addInput(new Form_Checkbox(
587 800
		'netbios_enable',
......
670 883
<script type="text/javascript">
671 884
//<![CDATA[
672 885
events.push(function() {
886
	// when option server_overrides_enabled is checked, show override server options
887
	function serveroverrides_change() {
888
		if ($('#server_overrides_enabled').prop('checked')) {
889
			hideCheckbox('push_reset', false);
890
			hideCheckbox('topology_override', false);
891
			topology_change();
892
			push_reset_change();
893
		} else {
894
			hideCheckbox('push_reset', true);
895
			hideCheckbox('topology_override', true);
896
			hideSelect('topology', true);
897
			hideCheckbox('remove_route', true);
898
			hideCheckbox('remove_iroute', true);
899
			hideCheckbox('remove_dnsdomain', true);
900
			hideCheckbox('remove_dnsservers', true);
901
			hideCheckbox('remove_ntpservers', true);
902
			hideCheckbox('remove_netbios_ntype', true);
903
			hideCheckbox('remove_netbios_scope', true);
904
			hideCheckbox('remove_wins', true);
905
		}
906
	}
673 907

  
908
	// when push_reset option is selected, hide push_remove options, but not topology
909
	function push_reset_change() {
910
		var hide = $('#push_reset').prop('checked');
911

  
912
		hideCheckbox('remove_route', hide);
913
		hideCheckbox('remove_iroute', hide);
914
		hideCheckbox('remove_dnsdomain', hide);
915
		hideCheckbox('remove_dnsservers', hide);
916
		hideCheckbox('remove_ntpservers', hide);
917
		hideCheckbox('remove_netbios_ntype', hide);
918
		hideCheckbox('remove_netbios_scope', hide);
919
		hideCheckbox('remove_wins', hide);
920
	}
921

  
922
	function topology_change() {
923
		if ($('#topology_override').prop('checked')) {
924
			hideSelect('topology', false);
925
		} else {
926
			hideSelect('topology', true);
927
		}
928
	}
929

  
930
	function gwredir_change() {
931
		var hide = $('#gwredir').prop('checked');
932

  
933
		hideInput('local_network', hide);
934
//		hideInput('remote_network', hide);
935
	}
936

  
937
	function gwredir6_change() {
938
		var hide = $('#gwredir6').prop('checked');
939

  
940
		hideInput('local_networkv6', hide);
941
//		hideInput('remote_networkv6', hide);
942
	}
943

  
944
	function dnsdomain_change() {
945
		if ($('#dns_domain_enable').prop('checked')) {
946
			hideClass('dnsdomain', false);
947
		} else {
948
			hideClass('dnsdomain', true);
949
		}
950
	}
951

  
952
	function dnsservers_change() {
953
		if ($('#dns_server_enable').prop('checked')) {
954
			hideClass('dnsservers', false);
955
		} else {
956
			hideClass('dnsservers', true);
957
		}
958
	}
959

  
960
	function ntpservers_change() {
961
		if ($('#ntp_server_enable').prop('checked')) {
962
			hideClass('ntpservers', false);
963
		} else {
964
			hideClass('ntpservers', true);
965
		}
966
	}
967

  
674 968
	// Hide/show that section, but have to also respect the wins_server_enable checkbox
675 969
	function setNetbios() {
676 970
		if ($('#netbios_enable').prop('checked')) {
......
692 986

  
693 987
	// ---------- Click checkbox handlers ---------------------------------------------------------
694 988

  
989
	 // On clicking Select Server Overrides Options
990
	$('#server_overrides_enabled').click(function () {
991
		serveroverrides_change();
992
	});
993

  
994
	 // On clicking Remove All Server Options
995
	$('#push_reset').click(function () {
996
		push_reset_change();
997
	});
998

  
999
	 // On clicking Override Server Topology
1000
	$('#topology_override').click(function () {
1001
		topology_change();
1002
	});
1003

  
1004
	 // On clicking Gateway redirect
1005
	$('#gwredir').click(function () {
1006
		gwredir_change();
1007
	});
1008

  
1009
	 // On clicking Gateway redirect IPv6
1010
	$('#gwredir6').click(function () {
1011
		gwredir6_change();
1012
	});
1013

  
1014
	 // On clicking DNS Default Domain
1015
	$('#dns_domain_enable').click(function () {
1016
		dnsdomain_change();
1017
	});
1018

  
1019
	 // On clicking DNS Servers
1020
	$('#dns_server_enable').click(function () {
1021
		dnsservers_change();
1022
	});
1023

  
1024
	 // On clicking NTP Servers
1025
	$('#ntp_server_enable').click(function () {
1026
		ntpservers_change();
1027
	});
1028

  
695 1029
	// On clicking the netbios_enable checkbox
696 1030
	$('#netbios_enable').click(function () {
697 1031
		setNetbios();
......
704 1038

  
705 1039
	// ---------- On initial page load ------------------------------------------------------------
706 1040

  
1041
	// first the options depending on push_reset, and on server_overrides_enabled
1042
	// and finally the global server_overrides_enabled toggle
1043
	push_reset_change();
1044
	topology_change();
1045
	serveroverrides_change();
1046

  
1047
	gwredir_change();
1048
	gwredir6_change();
1049

  
707 1050
	setNetbios();
1051
	dnsdomain_change();
1052
	dnsservers_change();
1053
	ntpservers_change();
1054

  
708 1055
});
709 1056
//]]>
710 1057
</script>
(3-3/9)