Project

General

Profile

Feature #12522 » vpn_openvpn_csc-v1.3.2-pfsense2.6.patch

Phil Wardt, 04/09/2022 11:25 AM

View differences:

src/usr/local/www/vpn_openvpn_csc.php
34 34
require_once("pfsense-utils.inc");
35 35
require_once("pkg-utils.inc");
36 36

  
37
global $openvpn_tls_server_modes;
37
global $openvpn_topologies, $openvpn_tls_server_modes;
38 38

  
39
// check if submitted form field is not empty
40
function empty_field($str) {
41
	$has_text = !is_bool($str) && strlen($str) > 0;
42
	return !$has_text;
43
}
44

  
39 45
init_config_arr(array('openvpn', 'openvpn-csc'));
40 46
$a_csc = &$config['openvpn']['openvpn-csc'];
41 47
init_config_arr(array('openvpn', 'openvpn-server'));
......
64 70
		exit;
65 71
	}
66 72

  
67
	if (!$user_can_edit_advanced && !empty($a_csc[$id]['custom_options'])) {
73
	if (!$user_can_edit_advanced && !empty_field($a_csc[$id]['custom_options'])) {
68 74
		$input_errors[] = gettext("This user does not have sufficient privileges to delete an instance with Advanced options set.");
69 75
	} else {
70 76
		$wc_msg = sprintf(gettext('Deleted OpenVPN client specific override %1$s %2$s'), $a_csc[$id]['common_name'], $a_csc[$id]['description']);
......
86 92

  
87 93
		$pconfig['tunnel_network'] = $a_csc[$id]['tunnel_network'];
88 94
		$pconfig['tunnel_networkv6'] = $a_csc[$id]['tunnel_networkv6'];
95

  
96
		$pconfig['push_reset'] = $a_csc[$id]['push_reset'];
97
		$pconfig['topology_override'] = $a_csc[$id]['topology_override'];
98
		$pconfig['topology'] = $a_csc[$id]['topology'];
99
		$pconfig['remove_route'] = $a_csc[$id]['remove_route'];
100
		$pconfig['remove_iroute'] = $a_csc[$id]['remove_iroute'];
101
		$pconfig['remove_dnsdomain'] = $a_csc[$id]['remove_dnsdomain'];
102
		$pconfig['remove_dnsservers'] = $a_csc[$id]['remove_dnsservers'];
103
		$pconfig['remove_ntpservers'] = $a_csc[$id]['remove_ntpservers'];
104
		$pconfig['remove_netbios_ntype'] = $a_csc[$id]['remove_netbios_ntype'];
105
		$pconfig['remove_netbios_scope'] = $a_csc[$id]['remove_netbios_scope'];
106
		$pconfig['remove_wins'] = $a_csc[$id]['remove_wins'];
107

  
108
		if ($pconfig['push_reset'] ||
109
				$pconfig['topology_override'] ||
110
				$pconfig['remove_route'] ||
111
				$pconfig['remove_iroute'] ||
112
				$pconfig['remove_dnsdomain'] ||
113
				$pconfig['remove_dnsservers'] ||
114
				$pconfig['remove_ntpservers'] ||
115
				$pconfig['remove_netbios_ntype'] ||
116
				$pconfig['remove_netbios_scope'] ||
117
				$pconfig['remove_wins']) {
118
			$pconfig['server_overrides_enabled'] = true;
119
		}
120

  
121
		$pconfig['gwredir'] = $a_csc[$id]['gwredir'];
122
		$pconfig['gwredir6'] = $a_csc[$id]['gwredir6'];
89 123
		$pconfig['local_network'] = $a_csc[$id]['local_network'];
90 124
		$pconfig['local_networkv6'] = $a_csc[$id]['local_networkv6'];
125
		$pconfig['gateway'] = $a_csc[$id]['gateway'];
126
		$pconfig['gateway6'] = $a_csc[$id]['gateway6'];
127

  
91 128
		$pconfig['remote_network'] = $a_csc[$id]['remote_network'];
92 129
		$pconfig['remote_networkv6'] = $a_csc[$id]['remote_networkv6'];
93
		$pconfig['gwredir'] = $a_csc[$id]['gwredir'];
94 130

  
95
		$pconfig['push_reset'] = $a_csc[$id]['push_reset'];
96
		$pconfig['remove_route'] = $a_csc[$id]['remove_route'];
97

  
98 131
		$pconfig['dns_domain'] = $a_csc[$id]['dns_domain'];
99
		if ($pconfig['dns_domain']) {
132
		if (!empty_field($pconfig['dns_domain'])) {
100 133
			$pconfig['dns_domain_enable'] = true;
101 134
		}
102 135

  
......
105 138
		$pconfig['dns_server3'] = $a_csc[$id]['dns_server3'];
106 139
		$pconfig['dns_server4'] = $a_csc[$id]['dns_server4'];
107 140

  
108
		if ($pconfig['dns_server1'] ||
109
		    $pconfig['dns_server2'] ||
110
		    $pconfig['dns_server3'] ||
111
		    $pconfig['dns_server4']) {
141
		if (!empty_field($pconfig['dns_server1']) ||
142
				!empty_field($pconfig['dns_server2']) ||
143
				!empty_field($pconfig['dns_server3']) ||
144
				!empty_field($pconfig['dns_server4'])) {
112 145
			$pconfig['dns_server_enable'] = true;
113 146
		}
114 147

  
115 148
		$pconfig['ntp_server1'] = $a_csc[$id]['ntp_server1'];
116 149
		$pconfig['ntp_server2'] = $a_csc[$id]['ntp_server2'];
117 150

  
118
		if ($pconfig['ntp_server1'] ||
119
		    $pconfig['ntp_server2']) {
151
		if (!empty_field($pconfig['ntp_server1']) ||
152
				!empty_field($pconfig['ntp_server2'])) {
120 153
			$pconfig['ntp_server_enable'] = true;
121 154
		}
122 155

  
......
127 160
		$pconfig['wins_server1'] = $a_csc[$id]['wins_server1'];
128 161
		$pconfig['wins_server2'] = $a_csc[$id]['wins_server2'];
129 162

  
130
		if ($pconfig['wins_server1'] ||
131
		    $pconfig['wins_server2']) {
163
		if (!empty_field($pconfig['wins_server1']) ||
164
				!empty_field($pconfig['wins_server2'])) {
132 165
			$pconfig['wins_server_enable'] = true;
133 166
		}
134 167

  
135 168
		$pconfig['nbdd_server1'] = $a_csc[$id]['nbdd_server1'];
136
		if ($pconfig['nbdd_server1']) {
169
		if (!empty_field($pconfig['nbdd_server1'])) {
137 170
			$pconfig['nbdd_server_enable'] = true;
138 171
		}
139 172
	}
......
155 188
	    !$user_can_edit_advanced) {
156 189
		$input_errors[] = gettext("This user does not have sufficient privileges to edit Advanced options on this instance.");
157 190
	}
158
	if (!$user_can_edit_advanced && !empty($a_csc[$id]['custom_options'])) {
191
	if (!$user_can_edit_advanced && !empty_field($a_csc[$id]['custom_options'])) {
192
		// restore custom options field to its original value
159 193
		$pconfig['custom_options'] = $a_csc[$id]['custom_options'];
160 194
	}
161 195

  
......
171 205
		}
172 206
	}
173 207

  
174
	if (!empty($pconfig['tunnel_network']) && !openvpn_validate_tunnel_network($pconfig['tunnel_network'], 'ipv4')) {
208
	if (!empty_field($pconfig['tunnel_network']) && !openvpn_validate_tunnel_network($pconfig['tunnel_network'], 'ipv4')) {
175 209
		$input_errors[] = gettext("The field 'IPv4 Tunnel Network' must contain a valid IPv4 subnet with CIDR mask or an alias with a single IPv4 subnet with CIDR mask.");
176 210
	}
177 211

  
178
	if (!empty($pconfig['tunnel_networkv6']) && !openvpn_validate_tunnel_network($pconfig['tunnel_networkv6'], 'ipv6')) {
212
	if (!empty_field($pconfig['tunnel_networkv6']) && !openvpn_validate_tunnel_network($pconfig['tunnel_networkv6'], 'ipv6')) {
179 213
		$input_errors[] = gettext("The field 'IPv6 Tunnel Network' must contain a valid IPv6 prefix or an alias with a single IPv6 prefix.");
180 214
	}
181 215

  
182
	if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4", true)) {
216
	if ($pconfig['server_overrides_enabled'] && $pconfig['topology_override'] && !array_key_exists($pconfig['topology'], $openvpn_topologies)) {
217
		$input_errors[] = gettext("The field 'Topology' contains an invalid selection");
218
	}
219

  
220
	if (!$pconfig['gwredir'] && ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4", true))) {
183 221
		$input_errors[] = $result;
184 222
	}
185 223

  
186
	if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6", true)) {
224
	if (!$pconfig['gwredir6'] && ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6", true))) {
187 225
		$input_errors[] = $result;
188 226
	}
189 227

  
228
	if (!empty_field($pconfig['gateway']) && !is_ipaddrv4($pconfig['gateway'])) {
229
		$input_errors[] = gettext("A valid IPv4 address must be specified for the gateway.");
230
	}
231

  
232
	if (!empty_field($pconfig['gateway6']) && !is_ipaddrv6($pconfig['gateway6'])) {
233
		$input_errors[] = gettext("A valid IPv6 address must be specified for the gateway.");
234
	}
235

  
190 236
	if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4", true)) {
191 237
		$input_errors[] = $result;
192 238
	}
......
196 242
	}
197 243

  
198 244
	if ($pconfig['dns_server_enable']) {
199
		if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) {
245
		if (!empty_field($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) {
200 246
			$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
201 247
		}
202
		if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) {
248
		if (!empty_field($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) {
203 249
			$input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
204 250
		}
205
		if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) {
251
		if (!empty_field($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) {
206 252
			$input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
207 253
		}
208
		if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) {
254
		if (!empty_field($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) {
209 255
			$input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
210 256
		}
211 257
	}
212 258

  
213 259
	if ($pconfig['ntp_server_enable']) {
214
		if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) {
260
		if (!empty_field($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) {
215 261
			$input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
216 262
		}
217
		if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) {
263
		if (!empty_field($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) {
218 264
			$input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
219 265
		}
220
		if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) {
266
		if (!empty_field($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) {
221 267
			$input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address");
222 268
		}
223
		if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) {
269
		if (!empty_field($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) {
224 270
			$input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address");
225 271
		}
226 272
	}
227 273

  
228 274
	if ($pconfig['netbios_enable']) {
229 275
		if ($pconfig['wins_server_enable']) {
230
			if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) {
276
			if (!empty_field($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) {
231 277
				$input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
232 278
			}
233
			if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) {
279
			if (!empty_field($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) {
234 280
				$input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
235 281
			}
236 282
		}
237 283
		if ($pconfig['nbdd_server_enable']) {
238
			if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) {
284
			if (!empty_field($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) {
239 285
				$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
240 286
			}
241 287
		}
......
266 312
		$csc['common_name'] = $pconfig['common_name'];
267 313
		$csc['block'] = $pconfig['block'];
268 314
		$csc['description'] = $pconfig['description'];
269
		$csc['tunnel_network'] = $pconfig['tunnel_network'];
270
		$csc['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
315

  
316
		if ($pconfig['server_overrides_enabled']) {
317
			$csc['push_reset'] = $pconfig['push_reset'];
318
			if (!$pconfig['push_reset']) {
319
				$csc['remove_route'] = $pconfig['remove_route'];
320
				$csc['remove_iroute'] = $pconfig['remove_iroute'];
321
				$csc['remove_dnsdomain'] = $pconfig['remove_dnsdomain'];
322
				$csc['remove_dnsservers'] = $pconfig['remove_dnsservers'];
323
				$csc['remove_ntpservers'] = $pconfig['remove_ntpservers'];
324
				$csc['remove_netbios_ntype'] = $pconfig['remove_netbios_ntype'];
325
				$csc['remove_netbios_scope'] = $pconfig['remove_netbios_scope'];
326
				$csc['remove_wins'] = $pconfig['remove_wins'];
327
			}
328

  
329
			$csc['topology_override'] = $pconfig['topology_override'];
330
			if ($pconfig['topology_override']) {
331
				$csc['topology'] = $pconfig['topology'];
332
			}
333
		}
334

  
335
		$csc['gwredir'] = $pconfig['gwredir'];
336
		if (!$pconfig['gwredir']) {
271 337
			$csc['local_network'] = $pconfig['local_network'];
338
		}
339

  
340
		$csc['gwredir6'] = $pconfig['gwredir6'];
341
		if (!$pconfig['gwredir6']) {
272 342
			$csc['local_networkv6'] = $pconfig['local_networkv6'];
343
		}
344

  
345
		$csc['gateway'] = $pconfig['gateway'];
346
		$csc['gateway6'] = $pconfig['gateway6'];
347

  
273 348
		$csc['remote_network'] = $pconfig['remote_network'];
274 349
		$csc['remote_networkv6'] = $pconfig['remote_networkv6'];
275
		$csc['gwredir'] = $pconfig['gwredir'];
276
		$csc['push_reset'] = $pconfig['push_reset'];
277
		$csc['remove_route'] = $pconfig['remove_route'];
278 350

  
279 351
		if ($pconfig['dns_domain_enable']) {
280 352
			$csc['dns_domain'] = $pconfig['dns_domain'];
......
316 388
			$wc_msg = sprintf(gettext('Added OpenVPN client specific override %1$s %2$s'), $csc['common_name'], $csc['description']);
317 389
		}
318 390

  
319
		if (!empty($old_csc['common_name'])) {
391
		if (!empty_field($old_csc['common_name'])) {
320 392
			openvpn_delete_csc($old_csc);
321 393
		}
322 394
		openvpn_resync_csc($csc);
......
399 471
		true
400 472
		))->setHelp('Select the servers that will utilize this override. When no servers are selected, the override will apply to all servers.');
401 473

  
474
	// Override server client options
475
	$section->addInput(new Form_Checkbox(
476
		'server_overrides_enabled',
477
		'Select Server Overrides',
478
		'Select server options to remove.',
479
		$pconfig['server_overrides_enabled']
480
	))->setHelp('If unchecked, any client options specified in below form or Advanced section will be added to server options.%1$s' .
481
			'If checked, you can select the server options you want to remove. Any specified client option in below form or Advanced section will thus override the corresponding server-defined options.',
482
			'<br />');
483

  
484
	$section->addInput(new Form_Checkbox(
485
		'push_reset',
486
		null,
487
		'Remove All Server Options',
488
		$pconfig['push_reset']
489
	))->setHelp('Prevent this client from receiving any server-defined client settings.%1$s' .
490
			'This option will send a push-reset to the client. It will thus remove any server-defined routes, the gateway and topology.%1$s' .
491
			'For the client to properly connect, you will need to enter at least the gateway and topology in the below form or in Advanced section.',
492
			'<br />');
493

  
494
	$section->addInput(new Form_Checkbox(
495
		'topology_override',
496
		null,
497
		'Override Server Topology',
498
		$pconfig['topology_override']
499
	));
500

  
501
	$section->addInput(new Form_Select(
502
		'topology',
503
		null,
504
		$pconfig['topology'],
505
		$openvpn_topologies
506
	))->setHelp('This will push the selected topology to the client. It should only be set when option "Remove All Server Options" is checked. It must match the actual topology specified in server.%1$s' .
507
			'NOTE: This will perform a "push topology [selection]" without a previous "push-remove topology". Alternetively you can push the topology in Advanced section.',
508
			'<br />');
509

  
510
	/* as "push-reset" can break subnet topology, 
511
	 * "push-remove route" removes only IPv4/IPv6 routes, see #9702 */
512
	$section->addInput(new Form_Checkbox(
513
		'remove_route',
514
		null,
515
		'Remove Server Local Routes',
516
		$pconfig['remove_route']
517
	))->setHelp('Prevent this client from receiving any server-defined local routes.%1$s' .
518
			'This option will send a "push-remove route" to the client, removing any server-defined ipv4 or ipv6 local routes, including the gateway.%1$s' .
519
			'NOTE: Remember to either enter the proper gateway and any additional local routes in the below form or in Advanced section.',
520
			'<br />');
521

  
522
	$section->addInput(new Form_Checkbox(
523
		'remove_iroute',
524
		null,
525
		'Remove Server Remote Routes',
526
		$pconfig['remove_iroute']
527
	))->setHelp('Prevent this client from receiving any server-defined remote routes.%1$s' .
528
			'This option will send a "push-remove iroute" to the client, removing any server-defined ipv4 or ipv6 remote routes%1$s' .
529
			'NOTE: You can set new client specific remote routes in below form or in Advanced section.',
530
			'<br />');
531

  
532
	$section->addInput(new Form_Checkbox(
533
		'remove_dnsdomain',
534
		null,
535
		'Remove Server DNS Domains',
536
		$pconfig['remove_dnsdomain']
537
	))->setHelp('Prevent this client from receiving any server-defined remote DNS domains.%1$s' .
538
			'This option will send a "push-remove dhcp-option DOMAIN" to the client, removing any server-defined DNS domains.%1$s' .
539
			'NOTE: You can set new client specific DNS domain in below form or in Advanced section.',
540
			'<br />');
541

  
542
	$section->addInput(new Form_Checkbox(
543
		'remove_dnsservers',
544
		null,
545
		'Remove Server DNS Servers',
546
		$pconfig['remove_dnsservers']
547
	))->setHelp('Prevent this client from receiving any server-defined DNS Servers.%1$s' .
548
			'This option will send a "push-remove dhcp-option DNS" to the client, removing any server-defined ipv4 or ipv6 DNS servers.%1$s' .
549
			'NOTE: You can set new client specific DNS servers in below form or in Advanced section.',
550
			'<br />');
551

  
552
	$section->addInput(new Form_Checkbox(
553
		'remove_ntpservers',
554
		null,
555
		'Remove Server NTP Options.',
556
		$pconfig['remove_ntpservers']
557
	))->setHelp('Prevent this client from receiving any server-defined NTP Servers.%1$s' .
558
			'This option will send a "push-remove dhcp-option NTP" to the client, removing any server-defined NTP servers.%1$s' .
559
			'NOTE: You can set new client specific NTP servers in below form or in Advanced section.',
560
			'<br />');
561

  
562
	$section->addInput(new Form_Checkbox(
563
		'remove_netbios_ntype',
564
		null,
565
		'Remove Server Netbios Type',
566
		$pconfig['remove_netbios_ntype']
567
	))->setHelp('Prevent this client from receiving any server-defined Netbios Node Type.%1$s' .
568
			'This option will send a "push-remove dhcp-option NBT" to the client, removing any server-defined Netbios Node Type.%1$s' .
569
			'NOTE: You can set new client specific Netbios options in below form or in Advanced section.',
570
			'<br />');
571

  
572
	$section->addInput(new Form_Checkbox(
573
		'remove_netbios_scope',
574
		null,
575
		'Remove Server Netbios Scope',
576
		$pconfig['remove_netbios_scope']
577
	))->setHelp('Prevent this client from receiving any server-defined Netbios Scope.%1$s' .
578
			'This option will send a "push-remove dhcp-option NBS" to the client, removing any server-defined Netbios Scope.%1$s' .
579
			'NOTE: You can set new client specific Netbios Scope in below form or in Advanced section.',
580
			'<br />');
581

  
582
	$section->addInput(new Form_Checkbox(
583
		'remove_wins',
584
		null,
585
		'Remove Server WINS Options',
586
		$pconfig['remove_wins']
587
	))->setHelp('Prevent this client from receiving any server-defined WINS servers.%1$s' .
588
			'This option will send a "push-remove dhcp-option WINS" to the client, removing any server-defined WINS servers.%1$s' .
589
			'NOTE: You can set new client specific WINS servers in below form or in Advanced section.',
590
			'<br />');
591

  
402 592
	$form->add($section);
403 593

  
404 594
	$section = new Form_Section('Tunnel Settings');
......
422 612
			'Enter the client IPv6 address and prefix. The prefix must match the IPv6 Tunnel Network prefix on the server. ',
423 613
			'<br />');
424 614

  
615
	$form->add($section);
616

  
617
	$section = new Form_Section('Local Routes Settings');
618

  
619
	$section->addInput(new Form_Checkbox(
620
		'gwredir',
621
		'Redirect IPv4 Gateway',
622
		'Force all client generated traffic through the tunnel.',
623
		$pconfig['gwredir']
624
	));
625

  
626
	$section->addInput(new Form_Checkbox(
627
		'gwredir6',
628
		'Redirect IPv6 Gateway',
629
		'Force all client-generated IPv6 traffic through the tunnel.',
630
		$pconfig['gwredir6']
631
	));
632

  
425 633
	$section->addInput(new Form_Input(
426 634
		'local_network',
427 635
		'IPv4 Local Network/s',
......
441 649
			'<br />');
442 650

  
443 651
	$section->addInput(new Form_Input(
652
		'gateway',
653
		'IPv4 Gateway',
654
		'text',
655
		$pconfig['gateway']
656
	))->setHelp('This is the IPv4 Gateway to push to the client. Normally it is left blank and configured on the server. ' .
657
			'The gateway IP should be entered if any of the options "Remove Server Local Routes" or "Remove All Server Options" is checked, ' .
658
			'as these 2 options will remove the gateway defined on the server and connection from the client will likely fail.%1$s' .
659
			'NOTE: Remember that, unless configured specifically, the gateway should match the IPv4 Tunnel gateway configured on the selected OpenVPN servers settings.',
660
			'<br />');
661

  
662
	$section->addInput(new Form_Input(
663
		'gateway6',
664
		'IPv6 Gateway',
665
		'text',
666
		$pconfig['gateway6']
667
	))->setHelp('This is the IPv6 Gateway to push to the client. Normally it is left blank and configured on the server. ' .
668
			'The gateway IP should be entered if any of the options "Remove Server Local Routes" or "Remove All Server Options" is checked, ' .
669
			'as these 2 options will remove the gateway defined on the server and connection from the client will likely fail.%1$s' .
670
			'NOTE: Remember that, unless configured specifically, the gateway should match the IPv4 Tunnel gateway configured on the selected OpenVPN servers settings.',
671
			'<br />');
672

  
673
	$form->add($section);
674

  
675
	$section = new Form_Section('Remote Routes Settings');
676

  
677
	$section->addInput(new Form_Input(
444 678
		'remote_network',
445 679
		'IPv4 Remote Network/s',
446 680
		'text',
......
460 694
		    'NOTE: Remember to add these subnets to the IPv6 Remote Networks list on the corresponding OpenVPN server settings.',
461 695
			'<br />');
462 696

  
463
	$section->addInput(new Form_Checkbox(
464
		'gwredir',
465
		'Redirect Gateway',
466
		'Force all client generated traffic through the tunnel.',
467
		$pconfig['gwredir']
468
	));
469

  
470 697
	$form->add($section);
471 698

  
472
	$section = new Form_Section('Client Settings');
699
	$section = new Form_Section('Other Client Settings');
473 700

  
474 701
	$section->addInput(new Form_Checkbox(
475
		'push_reset',
476
		'Server Definitions',
477
		'Prevent this client from receiving any server-defined client settings. ',
478
		$pconfig['push_reset']
479
	));
480

  
481
	/* as "push-reset" can break subnet topology, 
482
	 * "push-remove route" removes only IPv4/IPv6 routes, see #9702 */
483
	$section->addInput(new Form_Checkbox(
484
		'remove_route',
485
		'Remove Server Routes',
486
		'Prevent this client from receiving any server-defined routes without removing any other options. ',
487
		$pconfig['remove_route']
488
	));
489

  
490
	$section->addInput(new Form_Checkbox(
491 702
		'dns_domain_enable',
492 703
		'DNS Default Domain',
493 704
		'Provide a default domain name to clients',
494 705
		$pconfig['dns_domain_enable']
495
	))->toggles('.dnsdomain');
706
	));
496 707

  
497 708
	$group = new Form_Group('DNS Domain');
498 709
	$group->addClass('dnsdomain');
......
512 723
		'DNS Servers',
513 724
		'Provide a DNS server list to clients',
514 725
		$pconfig['dns_server_enable']
515
	))->toggles('.dnsservers');
726
	));
516 727

  
517 728
	$group = new Form_Group(null);
518 729
	$group->addClass('dnsservers');
......
553 764
		'NTP Servers',
554 765
		'Provide an NTP server list to clients',
555 766
		$pconfig['ntp_server_enable']
556
	))->toggles('.ntpservers');
767
	));
557 768

  
558 769
	$group = new Form_Group(null);
559 770
	$group->addClass('ntpservers');
......
574 785

  
575 786
	$section->add($group);
576 787

  
577
	// NTP servers - For this section we need to use Javascript hiding since there
788
	// Netbios - For this section we need to use Javascript hiding since there
578 789
	// are nested toggles
579 790
	$section->addInput(new Form_Checkbox(
580 791
		'netbios_enable',
......
663 874
<script type="text/javascript">
664 875
//<![CDATA[
665 876
events.push(function() {
877
	// when option server_overrides_enabled is checked, show override server options
878
	function serveroverrides_change() {
879
		if ($('#server_overrides_enabled').prop('checked')) {
880
			hideCheckbox('push_reset', false);
881
			hideCheckbox('topology_override', false);
882
			topology_change();
883
			push_reset_change();
884
		} else {
885
			hideCheckbox('push_reset', true);
886
			hideCheckbox('topology_override', true);
887
			hideSelect('topology', true);
888
			hideCheckbox('remove_route', true);
889
			hideCheckbox('remove_iroute', true);
890
			hideCheckbox('remove_dnsdomain', true);
891
			hideCheckbox('remove_dnsservers', true);
892
			hideCheckbox('remove_ntpservers', true);
893
			hideCheckbox('remove_netbios_ntype', true);
894
			hideCheckbox('remove_netbios_scope', true);
895
			hideCheckbox('remove_wins', true);
896
		}
897
	}
666 898

  
899
	// when push_reset option is selected, hide push_remove options, but not topology
900
	function push_reset_change() {
901
		var hide = $('#push_reset').prop('checked');
902

  
903
		hideCheckbox('remove_route', hide);
904
		hideCheckbox('remove_iroute', hide);
905
		hideCheckbox('remove_dnsdomain', hide);
906
		hideCheckbox('remove_dnsservers', hide);
907
		hideCheckbox('remove_ntpservers', hide);
908
		hideCheckbox('remove_netbios_ntype', hide);
909
		hideCheckbox('remove_netbios_scope', hide);
910
		hideCheckbox('remove_wins', hide);
911
	}
912

  
913
	function topology_change() {
914
		if ($('#topology_override').prop('checked')) {
915
			hideSelect('topology', false);
916
		} else {
917
			hideSelect('topology', true);
918
		}
919
	}
920

  
921
	function gwredir_change() {
922
		var hide = $('#gwredir').prop('checked');
923

  
924
		hideInput('local_network', hide);
925
//		hideInput('remote_network', hide);
926
	}
927

  
928
	function gwredir6_change() {
929
		var hide = $('#gwredir6').prop('checked');
930

  
931
		hideInput('local_networkv6', hide);
932
//		hideInput('remote_networkv6', hide);
933
	}
934

  
935
	function dnsdomain_change() {
936
		if ($('#dns_domain_enable').prop('checked')) {
937
			hideClass('dnsdomain', false);
938
		} else {
939
			hideClass('dnsdomain', true);
940
		}
941
	}
942

  
943
	function dnsservers_change() {
944
		if ($('#dns_server_enable').prop('checked')) {
945
			hideClass('dnsservers', false);
946
		} else {
947
			hideClass('dnsservers', true);
948
		}
949
	}
950

  
951
	function ntpservers_change() {
952
		if ($('#ntp_server_enable').prop('checked')) {
953
			hideClass('ntpservers', false);
954
		} else {
955
			hideClass('ntpservers', true);
956
		}
957
	}
958

  
667 959
	// Hide/show that section, but have to also respect the wins_server_enable checkbox
668 960
	function setNetbios() {
669 961
		if ($('#netbios_enable').prop('checked')) {
......
685 977

  
686 978
	// ---------- Click checkbox handlers ---------------------------------------------------------
687 979

  
980
	 // On clicking Select Server Overrides Options
981
	$('#server_overrides_enabled').click(function () {
982
		serveroverrides_change();
983
	});
984

  
985
	 // On clicking Remove All Server Options
986
	$('#push_reset').click(function () {
987
		push_reset_change();
988
	});
989

  
990
	 // On clicking Override Server Topology
991
	$('#topology_override').click(function () {
992
		topology_change();
993
	});
994

  
995
	 // On clicking Gateway redirect
996
	$('#gwredir').click(function () {
997
		gwredir_change();
998
	});
999

  
1000
	 // On clicking Gateway redirect IPv6
1001
	$('#gwredir6').click(function () {
1002
		gwredir6_change();
1003
	});
1004

  
1005
	 // On clicking DNS Default Domain
1006
	$('#dns_domain_enable').click(function () {
1007
		dnsdomain_change();
1008
	});
1009

  
1010
	 // On clicking DNS Servers
1011
	$('#dns_server_enable').click(function () {
1012
		dnsservers_change();
1013
	});
1014

  
1015
	 // On clicking NTP Servers
1016
	$('#ntp_server_enable').click(function () {
1017
		ntpservers_change();
1018
	});
1019

  
688 1020
	// On clicking the netbios_enable checkbox
689 1021
	$('#netbios_enable').click(function () {
690 1022
		setNetbios();
......
697 1029

  
698 1030
	// ---------- On initial page load ------------------------------------------------------------
699 1031

  
1032
	// first the options depending on push_reset, and on server_overrides_enabled
1033
	// and finally the global server_overrides_enabled toggle
1034
	push_reset_change();
1035
	topology_change();
1036
	serveroverrides_change();
1037

  
1038
	gwredir_change();
1039
	gwredir6_change();
1040

  
700 1041
	setNetbios();
1042
	dnsdomain_change();
1043
	dnsservers_change();
1044
	ntpservers_change();
1045

  
701 1046
});
702 1047
//]]>
703 1048
</script>
(4-4/14)