Project

General

Profile

Feature #12522 » vpn_openvpn_csc.php-v1.0.patch

Phil Wardt, 09/05/2023 08:31 PM

View differences:

src/usr/local/www/vpn_openvpn_csc.php
35 35
require_once("pkg-utils.inc");
36 36

  
37 37
global $openvpn_tls_server_modes;
38
global $openvpn_topologies;
39
global $openvpn_ping_action, $openvpn_default_keepalive_interval, $openvpn_default_keepalive_timeout;
38 40

  
39 41
init_config_arr(array('openvpn', 'openvpn-csc'));
40 42
$a_csc = &$config['openvpn']['openvpn-csc'];
......
87 89

  
88 90
		$pconfig['tunnel_network'] = $a_csc[$id]['tunnel_network'];
89 91
		$pconfig['tunnel_networkv6'] = $a_csc[$id]['tunnel_networkv6'];
92

  
93
		//$pconfig['push_reset'] = $a_csc[$id]['push_reset'];
94
		$pconfig['topology_override'] = $a_csc[$id]['topology_override'];
95
		$pconfig['topology'] = $a_csc[$id]['topology'];
96
		//$pconfig['remove_route'] = $a_csc[$id]['remove_route'];
97
		$pconfig['remove_iroute'] = $a_csc[$id]['remove_iroute'];
98
		$pconfig['remove_dnsdomain'] = $a_csc[$id]['remove_dnsdomain'];
99
		$pconfig['remove_dnsservers'] = $a_csc[$id]['remove_dnsservers'];
100
		$pconfig['remove_ntpservers'] = $a_csc[$id]['remove_ntpservers'];
101
		$pconfig['remove_netbios_ntype'] = $a_csc[$id]['remove_netbios_ntype'];
102
		$pconfig['remove_netbios_scope'] = $a_csc[$id]['remove_netbios_scope'];
103
		$pconfig['remove_wins'] = $a_csc[$id]['remove_wins'];
104

  
105
		//$pconfig['gwredir'] = $a_csc[$id]['gwredir'];
106
		//$pconfig['gwredir6'] = $a_csc[$id]['gwredir6'];
90 107
		$pconfig['local_network'] = $a_csc[$id]['local_network'];
91 108
		$pconfig['local_networkv6'] = $a_csc[$id]['local_networkv6'];
109
		$pconfig['gateway'] = $a_csc[$id]['gateway'];
110
		//$pconfig['gateway6'] = $a_csc[$id]['gateway6'];
111

  
92 112
		$pconfig['remote_network'] = $a_csc[$id]['remote_network'];
93 113
		$pconfig['remote_networkv6'] = $a_csc[$id]['remote_networkv6'];
114

  
115
		$pconfig['ping_push'] = $a_csc[$id]['ping_push'];
116
		$pconfig['ping_seconds'] = $a_csc[$id]['ping_seconds'];
117

  
118
		$pconfig['ping_action_push'] = $a_csc[$id]['ping_action_push'];
119
		$pconfig['ping_action'] = $a_csc[$id]['ping_action'];
120
		$pconfig['ping_action_seconds'] = $a_csc[$id]['ping_action_seconds'];
121

  
94 122
		$pconfig['gwredir'] = $a_csc[$id]['gwredir'];
123
		$pconfig['gwredir6'] = $a_csc[$id]['gwredir6'];
95 124

  
96 125
		$pconfig['push_reset'] = $a_csc[$id]['push_reset'];
97 126
		$pconfig['remove_route'] = $a_csc[$id]['remove_route'];
98 127

  
128
		if ($pconfig['push_reset'] ||
129
				$pconfig['topology_override'] ||
130
				$pconfig['remove_route'] ||
131
				$pconfig['remove_iroute'] ||
132
				$pconfig['remove_dnsdomain'] ||
133
				$pconfig['remove_dnsservers'] ||
134
				$pconfig['remove_ntpservers'] ||
135
				$pconfig['remove_netbios_ntype'] ||
136
				$pconfig['remove_netbios_scope'] ||
137
				$pconfig['remove_wins']) {
138
			$pconfig['server_overrides_enabled'] = true;
139
		}
140

  
99 141
		$pconfig['dns_domain'] = $a_csc[$id]['dns_domain'];
100 142
		if ($pconfig['dns_domain']) {
101 143
			$pconfig['dns_domain_enable'] = true;
......
113 155
			$pconfig['dns_server_enable'] = true;
114 156
		}
115 157

  
158
		$pconfig['push_blockoutsidedns'] = $a_csc[$id]['push_blockoutsidedns'];
159
		$pconfig['push_register_dns'] = $a_csc[$id]['push_register_dns'];
160

  
116 161
		$pconfig['ntp_server1'] = $a_csc[$id]['ntp_server1'];
117 162
		$pconfig['ntp_server2'] = $a_csc[$id]['ntp_server2'];
118 163

  
......
134 179
		}
135 180

  
136 181
		$pconfig['nbdd_server1'] = $a_csc[$id]['nbdd_server1'];
137
		if ($pconfig['nbdd_server1']) {
182
		$pconfig['nbdd_server2'] = $a_csc[$id]['nbdd_server2'];
183

  
184
		if ($pconfig['nbdd_server1'] ||
185
				$pconfig['nbdd_server2']) {
138 186
			$pconfig['nbdd_server_enable'] = true;
139 187
		}
140 188
	}
......
157 205
		$input_errors[] = gettext("This user does not have sufficient privileges to edit Advanced options on this instance.");
158 206
	}
159 207
	if (!$user_can_edit_advanced && !empty($a_csc[$id]['custom_options'])) {
208
		// restore custom options field to its original value
160 209
		$pconfig['custom_options'] = $a_csc[$id]['custom_options'];
161 210
	}
162 211

  
......
180 229
		$input_errors[] = gettext("The field 'IPv6 Tunnel Network' must contain a valid IPv6 prefix or an alias with a single IPv6 prefix.");
181 230
	}
182 231

  
183
	if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4", true)) {
232
	if ($pconfig['server_overrides_enabled'] && $pconfig['topology_override'] && !array_key_exists($pconfig['topology'], $openvpn_topologies)) {
233
		$input_errors[] = gettext("The field 'Topology' contains an invalid selection");
234
	}
235

  
236
	if (!$pconfig['gwredir'] && ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4", true))) {
184 237
		$input_errors[] = $result;
185 238
	}
186 239

  
187
	if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6", true)) {
240
	if (!$pconfig['gwredir6'] && ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6", true))) {
188 241
		$input_errors[] = $result;
189 242
	}
190 243

  
244
	if (!empty($pconfig['gateway']) && !is_ipaddrv4($pconfig['gateway'])) {
245
		$input_errors[] = gettext("A valid IPv4 address must be specified for the gateway.");
246
	}
247

  
248
	/*
249
	if (!empty($pconfig['gateway6']) && !is_ipaddrv6($pconfig['gateway6'])) {
250
		$input_errors[] = gettext("A valid IPv6 address must be specified for the gateway.");
251
	}
252
	*/
253

  
191 254
	if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4", true)) {
192 255
		$input_errors[] = $result;
193 256
	}
......
196 259
		$input_errors[] = $result;
197 260
	}
198 261

  
262
	if ($pconfig['ping_push'] && !is_numericint($pconfig['ping_seconds'])) {
263
		$input_errors[] = gettext("The supplied Ping Seconds value is invalid.");
264
	}
265
	if ($pconfig['ping_action_push'] && !array_key_exists($pconfig['ping_action'], $openvpn_ping_action)) {
266
		$input_errors[] = gettext("The field 'Ping Action' contains an invalid selection");
267
	}
268
	if ($pconfig['ping_action_push'] && !is_numericint($pconfig['ping_action_seconds'])) {
269
		$input_errors[] = gettext("The supplied Ping Restart or Exit Seconds value is invalid.");
270
	}
271

  
199 272
	if ($pconfig['dns_server_enable']) {
200 273
		if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) {
201 274
			$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
......
239 312
			if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) {
240 313
				$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
241 314
			}
315
			if (!empty($pconfig['nbdd_server2']) && !is_ipaddr(trim($pconfig['nbdd_server2']))) {
316
				$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #2' must contain a valid IP address");
242 317
			}
318
		}
243 319

  
244 320
		if (!empty($pconfig['netbios_ntype']) &&
245 321
		    !array_key_exists($pconfig['netbios_ntype'], $netbios_nodetypes)) {
......
269 345
		$csc['description'] = $pconfig['description'];
270 346
		$csc['tunnel_network'] = $pconfig['tunnel_network'];
271 347
		$csc['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
348

  
349
		if (!$pconfig['gwredir']) {
272 350
			$csc['local_network'] = $pconfig['local_network'];
351
		}
352

  
353
		if (!$pconfig['gwredir6']) {
273 354
			$csc['local_networkv6'] = $pconfig['local_networkv6'];
355
		}
356

  
357
		if ($pconfig['server_overrides_enabled']) {
358
			$csc['push_reset'] = $pconfig['push_reset'];
359
			if (!$pconfig['push_reset']) {
360
				$csc['remove_route'] = $pconfig['remove_route'];
361
				$csc['remove_iroute'] = $pconfig['remove_iroute'];
362
				$csc['remove_dnsdomain'] = $pconfig['remove_dnsdomain'];
363
				$csc['remove_dnsservers'] = $pconfig['remove_dnsservers'];
364
				$csc['remove_ntpservers'] = $pconfig['remove_ntpservers'];
365
				$csc['remove_netbios_ntype'] = $pconfig['remove_netbios_ntype'];
366
				$csc['remove_netbios_scope'] = $pconfig['remove_netbios_scope'];
367
				$csc['remove_wins'] = $pconfig['remove_wins'];
368
			}
369

  
370
			$csc['topology_override'] = $pconfig['topology_override'];
371
			if ($pconfig['topology_override']) {
372
				$csc['topology'] = $pconfig['topology'];
373
			}
374
		}
375

  
274 376
		$csc['remote_network'] = $pconfig['remote_network'];
275 377
		$csc['remote_networkv6'] = $pconfig['remote_networkv6'];
276 378
		$csc['gwredir'] = $pconfig['gwredir'];
277
		$csc['push_reset'] = $pconfig['push_reset'];
278
		$csc['remove_route'] = $pconfig['remove_route'];
379
		$csc['gwredir6'] = $pconfig['gwredir6'];
279 380

  
381
		$csc['gateway'] = $pconfig['gateway'];
382
		//$csc['gateway6'] = $pconfig['gateway6'];
383

  
384
		//$csc['push_reset'] = $pconfig['push_reset'];
385
		//$csc['remove_route'] = $pconfig['remove_route'];
386

  
387
		$csc['ping_push'] = $pconfig['ping_push'];
388
		if ($pconfig['ping_push']) {
389
			$csc['ping_seconds'] = $pconfig['ping_seconds'];
390
		}
391
		$csc['ping_action_push'] = $pconfig['ping_action_push'];
392
		if ($pconfig['ping_action_push']) {
393
			$csc['ping_action'] = $pconfig['ping_action'];
394
			$csc['ping_action_seconds'] = $pconfig['ping_action_seconds'];
395
		}
396

  
280 397
		if ($pconfig['dns_domain_enable']) {
281 398
			$csc['dns_domain'] = $pconfig['dns_domain'];
282 399
		}
......
288 405
			$csc['dns_server4'] = $pconfig['dns_server4'];
289 406
		}
290 407

  
408
		$csc['push_blockoutsidedns'] = $pconfig['push_blockoutsidedns'];
409
		$csc['push_register_dns'] = $pconfig['push_register_dns'];
410

  
291 411
		if ($pconfig['ntp_server_enable']) {
292 412
			$csc['ntp_server1'] = $pconfig['ntp_server1'];
293 413
			$csc['ntp_server2'] = $pconfig['ntp_server2'];
294 414
		}
295 415

  
296 416
		$csc['netbios_enable'] = $pconfig['netbios_enable'];
417

  
418
		if ($pconfig['netbios_enable']) {
297 419
		$csc['netbios_ntype'] = $pconfig['netbios_ntype'];
298 420
		$csc['netbios_scope'] = $pconfig['netbios_scope'];
299 421

  
300
		if ($pconfig['netbios_enable']) {
301 422
			if ($pconfig['wins_server_enable']) {
302 423
				$csc['wins_server1'] = $pconfig['wins_server1'];
303 424
				$csc['wins_server2'] = $pconfig['wins_server2'];
304 425
			}
305 426

  
306
			if ($pconfig['dns_server_enable']) {
427
			if ($pconfig['nbdd_server_enable']) {
307 428
				$csc['nbdd_server1'] = $pconfig['nbdd_server1'];
429
				$csc['nbdd_server2'] = $pconfig['nbdd_server2'];
308 430
			}
309 431
		}
310 432

  
......
407 529
		true
408 530
		))->setHelp('Select the servers that will utilize this override. When no servers are selected, the override will apply to all servers.');
409 531

  
532
	// Override server client options
533
	$section->addInput(new Form_Checkbox(
534
		'server_overrides_enabled',
535
		'Select Server Overrides',
536
		'Select server options to remove.',
537
		$pconfig['server_overrides_enabled']
538
	))->setHelp('If unchecked, any client options specified in below form or Advanced section will be pushed to the client after the server options.%1$s' .
539
			'If checked, you can select the server options you want to remove. Any specified client option in below form or Advanced section will thus override the corresponding server-defined options.',
540
			'<br />');
541

  
542
	$section->addInput(new Form_Checkbox(
543
		'push_reset',
544
		null,
545
		'Remove All Server Options',
546
		$pconfig['push_reset']
547
	))->setHelp('Prevent this client from receiving any server-defined client settings.%1$s' .
548
			'This option will send a push-reset to the client. It will thus remove any server-defined routes, the gateway and topology.%1$s' .
549
			'For the client to properly connect, you will need to enter at least the gateway and topology in the below form or in Advanced section.',
550
			'<br />');
551

  
552
	$section->addInput(new Form_Checkbox(
553
		'topology_override',
554
		null,
555
		'Override Server Topology',
556
		$pconfig['topology_override']
557
	));
558

  
559
	$section->addInput(new Form_Select(
560
		'topology',
561
		null,
562
		$pconfig['topology'],
563
		$openvpn_topologies
564
	))->setHelp('This will push the selected topology to the client. It should only be set when option "Remove All Server Options" is checked. It must match the actual topology specified in server.%1$s' .
565
			'NOTE: This will perform a "push topology [selection]" without a previous "push-remove topology". Alternetively you can push the topology in Advanced section.',
566
			'<br />');
567

  
568
	/* as "push-reset" can break subnet topology, 
569
	 * "push-remove route" removes only IPv4/IPv6 routes, see #9702 */
570
	$section->addInput(new Form_Checkbox(
571
		'remove_route',
572
		null,
573
		'Remove Server Local Routes',
574
		$pconfig['remove_route']
575
	))->setHelp('Prevent this client from receiving any server-defined local routes.%1$s' .
576
			'This option will send a "push-remove route" to the client, removing any server-defined ipv4 or ipv6 local routes, including the gateway.%1$s' .
577
			'NOTE: Remember to either enter the proper gateway and any additional local routes in the below form or in Advanced section.',
578
			'<br />');
579

  
580
	$section->addInput(new Form_Checkbox(
581
		'remove_iroute',
582
		null,
583
		'Remove Server Remote Routes',
584
		$pconfig['remove_iroute']
585
	))->setHelp('Prevent this client from receiving any server-defined remote routes.%1$s' .
586
			'This option will send a "push-remove iroute" to the client, removing any server-defined ipv4 or ipv6 remote routes%1$s' .
587
			'NOTE: You can set new client specific remote routes in below form or in Advanced section.',
588
			'<br />');
589

  
590
	$section->addInput(new Form_Checkbox(
591
		'remove_dnsdomain',
592
		null,
593
		'Remove Server DNS Domains',
594
		$pconfig['remove_dnsdomain']
595
	))->setHelp('Prevent this client from receiving any server-defined remote DNS domains.%1$s' .
596
			'This option will send a "push-remove dhcp-option DOMAIN" to the client, removing any server-defined DNS domains.%1$s' .
597
			'NOTE: You can set new client specific DNS domain in below form or in Advanced section.',
598
			'<br />');
599

  
600
	$section->addInput(new Form_Checkbox(
601
		'remove_dnsservers',
602
		null,
603
		'Remove Server DNS Servers',
604
		$pconfig['remove_dnsservers']
605
	))->setHelp('Prevent this client from receiving any server-defined DNS Servers.%1$s' .
606
			'This option will send a "push-remove dhcp-option DNS" to the client, removing any server-defined ipv4 or ipv6 DNS servers.%1$s' .
607
			'NOTE: You can set new client specific DNS servers in below form or in Advanced section.',
608
			'<br />');
609

  
610
	$section->addInput(new Form_Checkbox(
611
		'remove_ntpservers',
612
		null,
613
		'Remove Server NTP Options.',
614
		$pconfig['remove_ntpservers']
615
	))->setHelp('Prevent this client from receiving any server-defined NTP Servers.%1$s' .
616
			'This option will send a "push-remove dhcp-option NTP" to the client, removing any server-defined NTP servers.%1$s' .
617
			'NOTE: You can set new client specific NTP servers in below form or in Advanced section.',
618
			'<br />');
619

  
620
	$section->addInput(new Form_Checkbox(
621
		'remove_netbios_ntype',
622
		null,
623
		'Remove Server Netbios Type',
624
		$pconfig['remove_netbios_ntype']
625
	))->setHelp('Prevent this client from receiving any server-defined Netbios Node Type.%1$s' .
626
			'This option will send a "push-remove dhcp-option NBT" to the client, removing any server-defined Netbios Node Type.%1$s' .
627
			'NOTE: You can set new client specific Netbios options in below form or in Advanced section.',
628
			'<br />');
629

  
630
	$section->addInput(new Form_Checkbox(
631
		'remove_netbios_scope',
632
		null,
633
		'Remove Server Netbios Scope',
634
		$pconfig['remove_netbios_scope']
635
	))->setHelp('Prevent this client from receiving any server-defined Netbios Scope.%1$s' .
636
			'This option will send a "push-remove dhcp-option NBS" to the client, removing any server-defined Netbios Scope.%1$s' .
637
			'NOTE: You can set new client specific Netbios Scope in below form or in Advanced section.',
638
			'<br />');
639

  
640
	$section->addInput(new Form_Checkbox(
641
		'remove_wins',
642
		null,
643
		'Remove Server WINS Options',
644
		$pconfig['remove_wins']
645
	))->setHelp('Prevent this client from receiving any server-defined WINS servers.%1$s' .
646
			'This option will send a "push-remove dhcp-option WINS" to the client, removing any server-defined WINS servers.%1$s' .
647
			'NOTE: You can set new client specific WINS servers in below form or in Advanced section.',
648
			'<br />');
649

  
410 650
	$form->add($section);
411 651

  
412 652
	$section = new Form_Section('Tunnel Settings');
......
430 670
		    'Enter the client IPv6 address and prefix. The prefix must match the IPv6 Tunnel Network prefix on the server. ',
431 671
			'<br />');
432 672

  
673
	$form->add($section);
674

  
675
	$section = new Form_Section('Local Routes Settings');
676

  
677
	$section->addInput(new Form_Checkbox(
678
		'gwredir',
679
		'Redirect IPv4 Gateway',
680
		'Force all client generated traffic through the tunnel.',
681
		$pconfig['gwredir']
682
	));
683

  
684
	$section->addInput(new Form_Checkbox(
685
		'gwredir6',
686
		'Redirect IPv6 Gateway',
687
		'Force all client-generated IPv6 traffic through the tunnel.',
688
		$pconfig['gwredir6']
689
	));
690

  
433 691
	$section->addInput(new Form_Input(
434 692
		'local_network',
435 693
		'IPv4 Local Network/s',
......
449 707
			'<br />');
450 708

  
451 709
	$section->addInput(new Form_Input(
710
		'gateway',
711
		'IPv4 Gateway',
712
		'text',
713
		$pconfig['gateway']
714
	))->setHelp('This is the IPv4 Gateway to push to the client. Normally it is left blank and configured on the server. ' .
715
			'The gateway IP should be entered if any of the options "Remove Server Local Routes" or "Remove All Server Options" is checked, ' .
716
			'as these 2 options will remove the gateway defined on the server and connection from the client will likely fail.%1$s' .
717
			'NOTE: Remember that, unless configured specifically, the gateway should match the IPv4 Tunnel gateway configured on the selected OpenVPN servers settings.',
718
			'<br />');
719

  
720
	/*
721
	$section->addInput(new Form_Input(
722
		'gateway6',
723
		'IPv6 Gateway',
724
		'text',
725
		$pconfig['gateway6']
726
	))->setHelp('This is the IPv6 Gateway to push to the client. Normally it is left blank and configured on the server. ' .
727
			'The gateway IP should be entered if any of the options "Remove Server Local Routes" or "Remove All Server Options" is checked, ' .
728
			'as these 2 options will remove the gateway defined on the server and connection from the client will likely fail.%1$s' .
729
			'NOTE: Remember that, unless configured specifically, the gateway should match the IPv4 Tunnel gateway configured on the selected OpenVPN servers settings.',
730
			'<br />');
731
	*/
732

  
733
	$form->add($section);
734

  
735
	$section = new Form_Section('Remote Routes Settings');
736

  
737
	$section->addInput(new Form_Input(
452 738
		'remote_network',
453 739
		'IPv4 Remote Network/s',
454 740
		'text',
......
468 754
		    'NOTE: Remember to add these subnets to the IPv6 Remote Networks list on the corresponding OpenVPN server settings.',
469 755
			'<br />');
470 756

  
471
	$section->addInput(new Form_Checkbox(
472
		'gwredir',
473
		'Redirect Gateway',
474
		'Force all client generated traffic through the tunnel.',
475
		$pconfig['gwredir']
476
	));
477

  
478 757
	$form->add($section);
479 758

  
480
	$section = new Form_Section('Client Settings');
759
	$section = new Form_Section('Other Client Settings');
481 760

  
482 761
	$section->addInput(new Form_Checkbox(
483
		'push_reset',
484
		'Server Definitions',
485
		'Prevent this client from receiving any server-defined client settings. ',
486
		$pconfig['push_reset']
487
	));
762
		'ping_push',
763
		'Ping Interval',
764
		'Push ping to VPN client',
765
		$pconfig['ping_push']
766
	))->setHelp('Override server ping interval.%1$s',
767
				'<br />');
488 768

  
489
	/* as "push-reset" can break subnet topology, 
490
	 * "push-remove route" removes only IPv4/IPv6 routes, see #9702 */
769
	$section->addInput(new Form_Input(
770
		'ping_seconds',
771
		'Ping Seconds',
772
		'number',
773
		$pconfig['ping_seconds'] ?: $openvpn_default_keepalive_interval,
774
		['min' => '0']
775
	))->setHelp('Ping remote over the TCP/UDP control channel if no ' .
776
	    'packets have been sent for at least n seconds.%1$s',
777
	    '<br />');
778

  
491 779
	$section->addInput(new Form_Checkbox(
492
		'remove_route',
493
		'Remove Server Routes',
494
		'Prevent this client from receiving any server-defined routes without removing any other options. ',
495
		$pconfig['remove_route']
780
		'ping_action_push',
781
		'Ping Action',
782
		'Push ping-restart/ping-exit to VPN client',
783
		$pconfig['ping_action_push']
784
	))->setHelp('Override server ping restart/exit.%1$s',
785
				'<br />');
786

  
787
	$section->addInput(new Form_Select(
788
		'ping_action',
789
		'Ping restart or exit',
790
		$pconfig['ping_action'],
791
		$openvpn_ping_action
792
	))->setHelp('Exit or restart OpenVPN after timeout from remote.%1$s',
793
				'<br />');
794

  
795
	$section->addInput(new Form_Input(
796
		'ping_action_seconds',
797
		'Ping restart or exit seconds',
798
		'number',
799
		$pconfig['ping_action_seconds']
800
		    ?: $openvpn_default_keepalive_timeout,
801
		['min' => '0']
496 802
	));
497 803

  
498 804
	$section->addInput(new Form_Checkbox(
......
555 861

  
556 862
	$section->add($group);
557 863

  
864
	$section->addInput(new Form_Checkbox(
865
		'push_blockoutsidedns',
866
		'Block Outside DNS',
867
		'Make Windows 10 Clients Block access to DNS servers except across OpenVPN while connected, forcing clients to use only VPN DNS servers.',
868
		$pconfig['push_blockoutsidedns']
869
	))->setHelp('Requires Windows 10 and OpenVPN 2.3.9 or later. Only Windows 10 is prone to DNS leakage in this way, other clients will ignore the option as they are not affected.');
870

  
871
	$section->addInput(new Form_Checkbox(
872
		'push_register_dns',
873
		'Force DNS cache update',
874
		'Run "net stop dnscache", "net start dnscache", "ipconfig /flushdns" and "ipconfig /registerdns" on connection initiation.',
875
		$pconfig['push_register_dns']
876
	))->setHelp('This is known to kick Windows into recognizing pushed DNS servers.');
877

  
558 878
	// NTP servers
559 879
	$section->addInput(new Form_Checkbox(
560 880
		'ntp_server_enable',
......
634 954

  
635 955
	$section->add($group);
636 956

  
957
	$section->addInput(new Form_Checkbox(
958
		'nbdd_server_enable',
959
		'NBDD servers',
960
		'Provide a NetBIOS over TCP/IP Datagram Distribution Servers list to clients',
961
		$pconfig['nbdd_server_enable']
962
	));
963

  
964
	$group = new Form_Group(null);
965

  
966
	$group->add(new Form_Input(
967
		'nbdd_server1',
968
		null,
969
		'text',
970
		$pconfig['nbdd_server1']
971
	))->setHelp('Server 1');
972

  
973
	$group->add(new Form_Input(
974
		'nbdd_server2',
975
		null,
976
		'text',
977
		$pconfig['nbdd_server2']
978
	))->setHelp('Server 2');
979

  
980
	$group->addClass('nbddservers');
981

  
982
	$section->add($group);
983

  
637 984
	$custops = new Form_Textarea(
638 985
		'custom_options',
639 986
		'Advanced',
......
642 989
	if (!$user_can_edit_advanced) {
643 990
		$custops->setDisabled();
644 991
	}
645
	$section->addInput($custops)->setHelp('Enter any additional options to add for this client specific override, separated by a semicolon. %1$s' .
992
	$section->addInput($custops)->setHelp('Enter any additional options to add for this client specific override, separated by a semicolon.%1$s' .
993
				'The options will be pushed to the client after all above custom options.%1$s' .
646 994
				'EXAMPLE: push "route 10.0.0.0 255.255.255.0"; ',
647 995
				'<br />');
648 996

  
......
671 1019
<script type="text/javascript">
672 1020
//<![CDATA[
673 1021
events.push(function() {
1022
	// when option server_overrides_enabled is checked, show override server options
1023
	function serveroverrides_change() {
1024
		if ($('#server_overrides_enabled').prop('checked')) {
1025
			hideCheckbox('push_reset', false);
1026
			hideCheckbox('topology_override', false);
1027
			topology_change();
1028
			push_reset_change();
1029
		} else {
1030
			hideCheckbox('push_reset', true);
1031
			hideCheckbox('topology_override', true);
1032
			hideSelect('topology', true);
1033
			hideCheckbox('remove_route', true);
1034
			hideCheckbox('remove_iroute', true);
1035
			hideCheckbox('remove_dnsdomain', true);
1036
			hideCheckbox('remove_dnsservers', true);
1037
			hideCheckbox('remove_ntpservers', true);
1038
			hideCheckbox('remove_netbios_ntype', true);
1039
			hideCheckbox('remove_netbios_scope', true);
1040
			hideCheckbox('remove_wins', true);
1041
		}
1042
	}
1043

  
1044
	// when push_reset option is selected, hide push_remove options, but not topology
1045
	function push_reset_change() {
1046
		var hide = $('#push_reset').prop('checked');
1047

  
1048
		hideCheckbox('remove_route', hide);
1049
		hideCheckbox('remove_iroute', hide);
1050
		hideCheckbox('remove_dnsdomain', hide);
1051
		hideCheckbox('remove_dnsservers', hide);
1052
		hideCheckbox('remove_ntpservers', hide);
1053
		hideCheckbox('remove_netbios_ntype', hide);
1054
		hideCheckbox('remove_netbios_scope', hide);
1055
		hideCheckbox('remove_wins', hide);
1056
	}
1057

  
1058
	function topology_change() {
1059
		if ($('#topology_override').prop('checked')) {
1060
			hideSelect('topology', false);
1061
		} else {
1062
			hideSelect('topology', true);
1063
		}
1064
	}
1065

  
1066
	function gwredir_change() {
1067
		var hide = $('#gwredir').prop('checked');
1068

  
1069
		hideInput('local_network', hide);
1070
//		hideInput('remote_network', hide);
1071
	}
1072

  
1073
	function gwredir6_change() {
1074
		var hide = $('#gwredir6').prop('checked');
1075

  
1076
		hideInput('local_networkv6', hide);
1077
//		hideInput('remote_networkv6', hide);
1078
	}
1079

  
1080
	function ping_seconds_change() {
1081
		if ($('#ping_push').prop('checked')) {
1082
			hideInput('ping_seconds', false);
1083
		} else {
1084
			hideInput('ping_seconds', true);
1085
		}
1086
	}
1087

  
1088
	function ping_action_change() {
1089
		if ($('#ping_action_push').prop('checked')) {
1090
			hideSelect('ping_action', false);
1091
			hideInput('ping_action_seconds', false);
1092
		} else {
1093
			hideSelect('ping_action', true);
1094
			hideInput('ping_action_seconds', true);
1095
		}
1096
	}
1097

  
674 1098
	function dnsdomain_change() {
675 1099
		if ($('#dns_domain_enable').prop('checked')) {
676 1100
			hideClass('dnsdomain', false);
......
702 1126
			hideInput('netbios_scope', false);
703 1127
			hideCheckbox('wins_server_enable', false);
704 1128
			setWins();
1129
			hideCheckbox('nbdd_server_enable', false);
1130
			setNbdds();
705 1131
		} else {
706 1132
			hideInput('netbios_ntype', true);
707 1133
			hideInput('netbios_scope', true);
708 1134
			hideCheckbox('wins_server_enable', true);
709 1135
			hideClass('winsservers', true);
1136
			hideCheckbox('nbdd_server_enable', true);
1137
			hideClass('nbddservers', true);
710 1138
		}
711 1139
	}
712 1140

  
......
714 1142
		hideClass('winsservers', ! $('#wins_server_enable').prop('checked'));
715 1143
	}
716 1144

  
1145
	function setNbdds() {
1146
		hideClass('nbddservers', ! $('#nbdd_server_enable').prop('checked'));
1147
	}
1148

  
717 1149
	// ---------- Click checkbox handlers ---------------------------------------------------------
718 1150

  
1151
	 // On clicking Select Server Overrides Options
1152
	$('#server_overrides_enabled').click(function () {
1153
		serveroverrides_change();
1154
	});
1155

  
1156
	 // On clicking Remove All Server Options
1157
	$('#push_reset').click(function () {
1158
		push_reset_change();
1159
	});
1160

  
1161
	 // On clicking Override Server Topology
1162
	$('#topology_override').click(function () {
1163
		topology_change();
1164
	});
1165

  
1166
	 // On clicking Gateway redirect
1167
	$('#gwredir').click(function () {
1168
		gwredir_change();
1169
	});
1170

  
1171
	 // On clicking Gateway redirect IPv6
1172
	$('#gwredir6').click(function () {
1173
		gwredir6_change();
1174
	});
1175

  
1176
	 // On clicking Ping Interval
1177
	$('#ping_push').click(function () {
1178
		ping_seconds_change();
1179
	});
1180

  
1181
	 // On clicking Ping Action
1182
	$('#ping_action_push').click(function () {
1183
		ping_action_change();
1184
	});
1185

  
719 1186
	 // On clicking DNS Default Domain
720 1187
	$('#dns_domain_enable').click(function () {
721 1188
		dnsdomain_change();
......
741 1208
		setWins();
742 1209
	});
743 1210

  
1211
	// On clicking the nbdd_server_enable checkbox
1212
	$('#nbdd_server_enable').click(function () {
1213
		setNbdds();
1214
	});
1215

  
744 1216
	// ---------- On initial page load ------------------------------------------------------------
1217

  
1218
	// first the options depending on push_reset, and on server_overrides_enabled
1219
	// and finally the global server_overrides_enabled toggle
1220
	push_reset_change();
1221
	topology_change();
1222
	serveroverrides_change();
1223

  
1224
	gwredir_change();
1225
	gwredir6_change();
1226

  
1227
	ping_seconds_change();
1228
	ping_action_change();
745 1229

  
746 1230
	setNetbios();
747 1231
	dnsdomain_change();
(8-8/14)