Project

General

Profile

Feature #12522 » openvpn_cso.patch

Phil Wardt, 11/24/2023 08:43 PM

View differences:

src/usr/local/www/vpn_openvpn_csc.php
35 35
require_once("pkg-utils.inc");
36 36

  
37 37
global $openvpn_tls_server_modes;
38
global $openvpn_topologies;
39
global $openvpn_ping_action, $openvpn_default_keepalive_interval, $openvpn_default_keepalive_timeout;
38 40

  
39 41
init_config_arr(array('openvpn', 'openvpn-csc'));
40 42
$a_csc = &$config['openvpn']['openvpn-csc'];
......
87 89

  
88 90
		$pconfig['tunnel_network'] = $a_csc[$id]['tunnel_network'];
89 91
		$pconfig['tunnel_networkv6'] = $a_csc[$id]['tunnel_networkv6'];
92

  
93
		//$pconfig['push_reset'] = $a_csc[$id]['push_reset'];
94
		$pconfig['topology_override'] = $a_csc[$id]['topology_override'];
95
		$pconfig['topology'] = $a_csc[$id]['topology'];
96
		//$pconfig['remove_route'] = $a_csc[$id]['remove_route'];
97
		$pconfig['remove_iroute'] = $a_csc[$id]['remove_iroute'];
98
		$pconfig['remove_dnsdomain'] = $a_csc[$id]['remove_dnsdomain'];
99
		$pconfig['remove_dnsservers'] = $a_csc[$id]['remove_dnsservers'];
100
		$pconfig['remove_ntpservers'] = $a_csc[$id]['remove_ntpservers'];
101
		$pconfig['remove_netbios_ntype'] = $a_csc[$id]['remove_netbios_ntype'];
102
		$pconfig['remove_netbios_scope'] = $a_csc[$id]['remove_netbios_scope'];
103
		$pconfig['remove_wins'] = $a_csc[$id]['remove_wins'];
104

  
105
		//$pconfig['gwredir'] = $a_csc[$id]['gwredir'];
106
		//$pconfig['gwredir6'] = $a_csc[$id]['gwredir6'];
90 107
		$pconfig['local_network'] = $a_csc[$id]['local_network'];
91 108
		$pconfig['local_networkv6'] = $a_csc[$id]['local_networkv6'];
109
		$pconfig['gateway'] = $a_csc[$id]['gateway'];
110
		//$pconfig['gateway6'] = $a_csc[$id]['gateway6'];
111

  
92 112
		$pconfig['remote_network'] = $a_csc[$id]['remote_network'];
93 113
		$pconfig['remote_networkv6'] = $a_csc[$id]['remote_networkv6'];
114

  
115
		$pconfig['ping_push'] = $a_csc[$id]['ping_push'];
116
		$pconfig['ping_seconds'] = $a_csc[$id]['ping_seconds'];
117

  
118
		$pconfig['ping_action_push'] = $a_csc[$id]['ping_action_push'];
119
		$pconfig['ping_action'] = $a_csc[$id]['ping_action'];
120
		$pconfig['ping_action_seconds'] = $a_csc[$id]['ping_action_seconds'];
121

  
94 122
		$pconfig['gwredir'] = $a_csc[$id]['gwredir'];
123
		$pconfig['gwredir6'] = $a_csc[$id]['gwredir6'];
95 124

  
96 125
		$pconfig['push_reset'] = $a_csc[$id]['push_reset'];
97 126
		$pconfig['remove_route'] = $a_csc[$id]['remove_route'];
98 127

  
128
		if ($pconfig['push_reset'] ||
129
				$pconfig['topology_override'] ||
130
				$pconfig['remove_route'] ||
131
				$pconfig['remove_iroute'] ||
132
				$pconfig['remove_dnsdomain'] ||
133
				$pconfig['remove_dnsservers'] ||
134
				$pconfig['remove_ntpservers'] ||
135
				$pconfig['remove_netbios_ntype'] ||
136
				$pconfig['remove_netbios_scope'] ||
137
				$pconfig['remove_wins']) {
138
			$pconfig['server_overrides_enabled'] = true;
139
		}
140

  
99 141
		$pconfig['dns_domain'] = $a_csc[$id]['dns_domain'];
100 142
		if ($pconfig['dns_domain']) {
101 143
			$pconfig['dns_domain_enable'] = true;
......
113 155
			$pconfig['dns_server_enable'] = true;
114 156
		}
115 157

  
158
		$pconfig['push_blockoutsidedns'] = $a_csc[$id]['push_blockoutsidedns'];
159
		$pconfig['push_register_dns'] = $a_csc[$id]['push_register_dns'];
160

  
116 161
		$pconfig['ntp_server1'] = $a_csc[$id]['ntp_server1'];
117 162
		$pconfig['ntp_server2'] = $a_csc[$id]['ntp_server2'];
118 163

  
......
159 204
		$input_errors[] = gettext("This user does not have sufficient privileges to edit Advanced options on this instance.");
160 205
	}
161 206
	if (!$user_can_edit_advanced && !empty($a_csc[$id]['custom_options'])) {
207
		// restore custom options field to its original value
162 208
		$pconfig['custom_options'] = $a_csc[$id]['custom_options'];
163 209
	}
164 210

  
......
182 228
		$input_errors[] = gettext("The field 'IPv6 Tunnel Network' must contain a valid IPv6 prefix or an alias with a single IPv6 prefix.");
183 229
	}
184 230

  
185
	if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4", true)) {
231
	if ($pconfig['server_overrides_enabled'] && $pconfig['topology_override'] && !array_key_exists($pconfig['topology'], $openvpn_topologies)) {
232
		$input_errors[] = gettext("The field 'Topology' contains an invalid selection");
233
	}
234

  
235
	if (!$pconfig['gwredir'] && ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4", true))) {
186 236
		$input_errors[] = $result;
187 237
	}
188 238

  
189
	if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6", true)) {
239
	if (!$pconfig['gwredir6'] && ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6", true))) {
190 240
		$input_errors[] = $result;
191 241
	}
192 242

  
243
	if (!empty($pconfig['gateway']) && !is_ipaddrv4($pconfig['gateway'])) {
244
		$input_errors[] = gettext("A valid IPv4 address must be specified for the gateway.");
245
	}
246

  
247
	/*
248
	if (!empty($pconfig['gateway6']) && !is_ipaddrv6($pconfig['gateway6'])) {
249
		$input_errors[] = gettext("A valid IPv6 address must be specified for the gateway.");
250
	}
251
	*/
252

  
193 253
	if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4", true)) {
194 254
		$input_errors[] = $result;
195 255
	}
......
198 258
		$input_errors[] = $result;
199 259
	}
200 260

  
261
	if ($pconfig['ping_push'] && !is_numericint($pconfig['ping_seconds'])) {
262
		$input_errors[] = gettext("The supplied Ping Seconds value is invalid.");
263
	}
264
	if ($pconfig['ping_action_push'] && !array_key_exists($pconfig['ping_action'], $openvpn_ping_action)) {
265
		$input_errors[] = gettext("The field 'Ping Action' contains an invalid selection");
266
	}
267
	if ($pconfig['ping_action_push'] && !is_numericint($pconfig['ping_action_seconds'])) {
268
		$input_errors[] = gettext("The supplied Ping Restart or Exit Seconds value is invalid.");
269
	}
270

  
201 271
	if ($pconfig['dns_server_enable']) {
202 272
		if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) {
203 273
			$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
......
274 344
		$csc['description'] = $pconfig['description'];
275 345
		$csc['tunnel_network'] = $pconfig['tunnel_network'];
276 346
		$csc['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
347

  
348
		if (!$pconfig['gwredir']) {
277 349
			$csc['local_network'] = $pconfig['local_network'];
350
		}
351

  
352
		if (!$pconfig['gwredir6']) {
278 353
			$csc['local_networkv6'] = $pconfig['local_networkv6'];
354
		}
355

  
356
		if ($pconfig['server_overrides_enabled']) {
357
			$csc['push_reset'] = $pconfig['push_reset'];
358
			if (!$pconfig['push_reset']) {
359
				$csc['remove_route'] = $pconfig['remove_route'];
360
				$csc['remove_iroute'] = $pconfig['remove_iroute'];
361
				$csc['remove_dnsdomain'] = $pconfig['remove_dnsdomain'];
362
				$csc['remove_dnsservers'] = $pconfig['remove_dnsservers'];
363
				$csc['remove_ntpservers'] = $pconfig['remove_ntpservers'];
364
				$csc['remove_netbios_ntype'] = $pconfig['remove_netbios_ntype'];
365
				$csc['remove_netbios_scope'] = $pconfig['remove_netbios_scope'];
366
				$csc['remove_wins'] = $pconfig['remove_wins'];
367
			}
368

  
369
			$csc['topology_override'] = $pconfig['topology_override'];
370
			if ($pconfig['topology_override']) {
371
				$csc['topology'] = $pconfig['topology'];
372
			}
373
		}
374

  
279 375
		$csc['remote_network'] = $pconfig['remote_network'];
280 376
		$csc['remote_networkv6'] = $pconfig['remote_networkv6'];
281 377
		$csc['gwredir'] = $pconfig['gwredir'];
282
		$csc['push_reset'] = $pconfig['push_reset'];
283
		$csc['remove_route'] = $pconfig['remove_route'];
378
		$csc['gwredir6'] = $pconfig['gwredir6'];
284 379

  
380
		$csc['gateway'] = $pconfig['gateway'];
381
		//$csc['gateway6'] = $pconfig['gateway6'];
382

  
383
		//$csc['push_reset'] = $pconfig['push_reset'];
384
		//$csc['remove_route'] = $pconfig['remove_route'];
385

  
386
		$csc['ping_push'] = $pconfig['ping_push'];
387
		if ($pconfig['ping_push']) {
388
			$csc['ping_seconds'] = $pconfig['ping_seconds'];
389
		}
390
		$csc['ping_action_push'] = $pconfig['ping_action_push'];
391
		if ($pconfig['ping_action_push']) {
392
			$csc['ping_action'] = $pconfig['ping_action'];
393
			$csc['ping_action_seconds'] = $pconfig['ping_action_seconds'];
394
		}
395

  
285 396
		if ($pconfig['dns_domain_enable']) {
286 397
			$csc['dns_domain'] = $pconfig['dns_domain'];
287 398
		}
......
293 404
			$csc['dns_server4'] = $pconfig['dns_server4'];
294 405
		}
295 406

  
407
		$csc['push_blockoutsidedns'] = $pconfig['push_blockoutsidedns'];
408
		$csc['push_register_dns'] = $pconfig['push_register_dns'];
409

  
296 410
		if ($pconfig['ntp_server_enable']) {
297 411
			$csc['ntp_server1'] = $pconfig['ntp_server1'];
298 412
			$csc['ntp_server2'] = $pconfig['ntp_server2'];
......
414 528
		true
415 529
		))->setHelp('Select the servers that will utilize this override. When no servers are selected, the override will apply to all servers.');
416 530

  
531
	// Override server client options
532
	$section->addInput(new Form_Checkbox(
533
		'server_overrides_enabled',
534
		'Select Server Overrides',
535
		'Select server options to remove.',
536
		$pconfig['server_overrides_enabled']
537
	))->setHelp('If unchecked, any client options specified in below form or Advanced section will be pushed to the client after the server options.%1$s' .
538
			'If checked, you can select the server options you want to remove. Client-specific options on this page are not affected and they will thus override the corresponding server-defined options.',
539
			'<br />');
540

  
541
	$section->addInput(new Form_Checkbox(
542
		'push_reset',
543
		null,
544
		'Remove All Server Options',
545
		$pconfig['push_reset']
546
	))->setHelp('Prevent this client from receiving any server-defined client settings.%1$s' .
547
			'This option will send a push-reset to the client. It will thus remove any server-defined routes, the gateway and topology.%1$s' .
548
			'For the client to properly connect, you will need to enter at least the gateway and topology in the below form or in Advanced section.',
549
			'<br />');
550

  
551
	$section->addInput(new Form_Checkbox(
552
		'topology_override',
553
		null,
554
		'Override Server Topology',
555
		$pconfig['topology_override']
556
	));
557

  
558
	$section->addInput(new Form_Select(
559
		'topology',
560
		null,
561
		$pconfig['topology'],
562
		$openvpn_topologies
563
	))->setHelp('This will push the selected topology to the client. It should only be set when option "Remove All Server Options" is checked. It must match the actual topology specified in server.%1$s' .
564
			'NOTE: This will perform a "push topology [selection]" without a previous "push-remove topology". Alternetively you can push the topology in Advanced section.',
565
			'<br />');
566

  
567
	/* as "push-reset" can break subnet topology, 
568
	 * "push-remove route" removes only IPv4/IPv6 routes, see #9702 */
569
	$section->addInput(new Form_Checkbox(
570
		'remove_route',
571
		null,
572
		'Remove Server Local Routes',
573
		$pconfig['remove_route']
574
	))->setHelp('Send "push-remove route" to the client');
575

  
576
	$section->addInput(new Form_Checkbox(
577
		'remove_iroute',
578
		null,
579
		'Remove Server Remote Routes',
580
		$pconfig['remove_iroute']
581
	))->setHelp('Send "push-remove iroute" to the client');
582

  
583
	$section->addInput(new Form_Checkbox(
584
		'remove_dnsdomain',
585
		null,
586
		'Remove Server DNS Domains',
587
		$pconfig['remove_dnsdomain']
588
	))->setHelp('Send "push-remove dhcp-option DOMAIN" to the client');
589

  
590
	$section->addInput(new Form_Checkbox(
591
		'remove_dnsservers',
592
		null,
593
		'Remove Server DNS Servers',
594
		$pconfig['remove_dnsservers']
595
	))->setHelp('Send "push-remove dhcp-option DNS" to the client');
596

  
597
	$section->addInput(new Form_Checkbox(
598
		'remove_ntpservers',
599
		null,
600
		'Remove Server NTP Options.',
601
		$pconfig['remove_ntpservers']
602
	))->setHelp('Send "push-remove dhcp-option NTP" to the client');
603

  
604
	$section->addInput(new Form_Checkbox(
605
		'remove_netbios_ntype',
606
		null,
607
		'Remove Server NetBIOS Type',
608
		$pconfig['remove_netbios_ntype']
609
	))->setHelp('Send "push-remove dhcp-option NBT" to the client');
610

  
611
	$section->addInput(new Form_Checkbox(
612
		'remove_netbios_scope',
613
		null,
614
		'Remove Server NetBIOS Scope',
615
		$pconfig['remove_netbios_scope']
616
	))->setHelp('Send "push-remove dhcp-option NBS" to the client');
617

  
618
	$section->addInput(new Form_Checkbox(
619
		'remove_wins',
620
		null,
621
		'Remove Server WINS Options',
622
		$pconfig['remove_wins']
623
	))->setHelp('Send "push-remove dhcp-option WINS" to the client');
624

  
417 625
	$form->add($section);
418 626

  
419 627
	$section = new Form_Section('Tunnel Settings');
......
437 645
		    'Enter the client IPv6 address and prefix. The prefix must match the IPv6 Tunnel Network prefix on the server. ',
438 646
			'<br />');
439 647

  
648
	$section->addInput(new Form_Checkbox(
649
		'gwredir',
650
		'Redirect IPv4 Gateway',
651
		'Force all client generated traffic through the tunnel.',
652
		$pconfig['gwredir']
653
	));
654

  
655
	$section->addInput(new Form_Checkbox(
656
		'gwredir6',
657
		'Redirect IPv6 Gateway',
658
		'Force all client-generated IPv6 traffic through the tunnel.',
659
		$pconfig['gwredir6']
660
	));
661

  
440 662
	$section->addInput(new Form_Input(
441 663
		'local_network',
442 664
		'IPv4 Local Network/s',
......
456 678
			'<br />');
457 679

  
458 680
	$section->addInput(new Form_Input(
681
		'gateway',
682
		'IPv4 Gateway',
683
		'text',
684
		$pconfig['gateway']
685
	))->setHelp('This is the IPv4 Gateway to push to the client. Normally it is left blank and configured on the server. ' .
686
			'The gateway IP should be entered if any of the options "Remove Server Local Routes" or "Remove All Server Options" is checked, ' .
687
			'as these 2 options will remove the gateway defined on the server and connection from the client will likely fail.%1$s' .
688
			'NOTE: Remember that, unless configured specifically, the gateway should match the IPv4 Tunnel gateway configured on the selected OpenVPN servers settings.',
689
			'<br />');
690

  
691
	/*
692
	$section->addInput(new Form_Input(
693
		'gateway6',
694
		'IPv6 Gateway',
695
		'text',
696
		$pconfig['gateway6']
697
	))->setHelp('This is the IPv6 Gateway to push to the client. Normally it is left blank and configured on the server. ' .
698
			'The gateway IP should be entered if any of the options "Remove Server Local Routes" or "Remove All Server Options" is checked, ' .
699
			'as these 2 options will remove the gateway defined on the server and connection from the client will likely fail.%1$s' .
700
			'NOTE: Remember that, unless configured specifically, the gateway should match the IPv4 Tunnel gateway configured on the selected OpenVPN servers settings.',
701
			'<br />');
702
	*/
703

  
704
	$section->addInput(new Form_Input(
459 705
		'remote_network',
460 706
		'IPv4 Remote Network/s',
461 707
		'text',
......
475 721
		    'NOTE: Remember to add these subnets to the IPv6 Remote Networks list on the corresponding OpenVPN server settings.',
476 722
			'<br />');
477 723

  
478
	$section->addInput(new Form_Checkbox(
479
		'gwredir',
480
		'Redirect Gateway',
481
		'Force all client generated traffic through the tunnel.',
482
		$pconfig['gwredir']
483
	));
484

  
485 724
	$form->add($section);
486 725

  
487
	$section = new Form_Section('Client Settings');
726
	$section = new Form_Section('Other Client Settings');
488 727

  
489 728
	$section->addInput(new Form_Checkbox(
490
		'push_reset',
491
		'Server Definitions',
492
		'Prevent this client from receiving any server-defined client settings. ',
493
		$pconfig['push_reset']
494
	));
729
		'ping_push',
730
		'Ping Interval',
731
		'Push ping to VPN client',
732
		$pconfig['ping_push']
733
	))->setHelp('Override server ping interval.%1$s',
734
				'<br />');
495 735

  
496
	/* as "push-reset" can break subnet topology, 
497
	 * "push-remove route" removes only IPv4/IPv6 routes, see #9702 */
736
	$section->addInput(new Form_Input(
737
		'ping_seconds',
738
		'Ping Seconds',
739
		'number',
740
		$pconfig['ping_seconds'] ?: $openvpn_default_keepalive_interval,
741
		['min' => '0']
742
	))->setHelp('Ping remote over the TCP/UDP control channel if no ' .
743
	    'packets have been sent for at least n seconds.%1$s',
744
	    '<br />');
745

  
498 746
	$section->addInput(new Form_Checkbox(
499
		'remove_route',
500
		'Remove Server Routes',
501
		'Prevent this client from receiving any server-defined routes without removing any other options. ',
502
		$pconfig['remove_route']
747
		'ping_action_push',
748
		'Ping Action',
749
		'Push ping-restart/ping-exit to VPN client',
750
		$pconfig['ping_action_push']
751
	))->setHelp('Override server ping restart/exit.%1$s',
752
				'<br />');
753

  
754
	$section->addInput(new Form_Select(
755
		'ping_action',
756
		'Ping restart or exit',
757
		$pconfig['ping_action'],
758
		$openvpn_ping_action
759
	))->setHelp('Exit or restart OpenVPN after timeout from remote.%1$s',
760
				'<br />');
761

  
762
	$section->addInput(new Form_Input(
763
		'ping_action_seconds',
764
		'Ping restart or exit seconds',
765
		'number',
766
		$pconfig['ping_action_seconds']
767
		    ?: $openvpn_default_keepalive_timeout,
768
		['min' => '0']
503 769
	));
504 770

  
505 771
	$section->addInput(new Form_Checkbox(
......
562 828

  
563 829
	$section->add($group);
564 830

  
831
	$section->addInput(new Form_Checkbox(
832
		'push_blockoutsidedns',
833
		'Block Outside DNS',
834
		'Make Windows 10 Clients Block access to DNS servers except across OpenVPN while connected, forcing clients to use only VPN DNS servers.',
835
		$pconfig['push_blockoutsidedns']
836
	))->setHelp('Requires Windows 10 and OpenVPN 2.3.9 or later. Only Windows 10 is prone to DNS leakage in this way, other clients will ignore the option as they are not affected.');
837

  
838
	$section->addInput(new Form_Checkbox(
839
		'push_register_dns',
840
		'Force DNS cache update',
841
		'Run "net stop dnscache", "net start dnscache", "ipconfig /flushdns" and "ipconfig /registerdns" on connection initiation.',
842
		$pconfig['push_register_dns']
843
	))->setHelp('This is known to kick Windows into recognizing pushed DNS servers.');
844

  
565 845
	// NTP servers
566 846
	$section->addInput(new Form_Checkbox(
567 847
		'ntp_server_enable',
......
676 956
	if (!$user_can_edit_advanced) {
677 957
		$custops->setDisabled();
678 958
	}
679
	$section->addInput($custops)->setHelp('Enter any additional options to add for this client specific override, separated by a semicolon. %1$s' .
959
	$section->addInput($custops)->setHelp('Enter any additional options to add for this client specific override, separated by a semicolon.%1$s' .
960
				'The options will be pushed to the client after all above custom options.%1$s' .
680 961
				'EXAMPLE: push "route 10.0.0.0 255.255.255.0"; ',
681 962
				'<br />');
682 963

  
......
705 986
<script type="text/javascript">
706 987
//<![CDATA[
707 988
events.push(function() {
989
	// when option server_overrides_enabled is checked, show override server options
990
	function serveroverrides_change() {
991
		if ($('#server_overrides_enabled').prop('checked')) {
992
			hideCheckbox('push_reset', false);
993
			hideCheckbox('topology_override', false);
994
			topology_change();
995
			push_reset_change();
996
		} else {
997
			hideCheckbox('push_reset', true);
998
			hideCheckbox('topology_override', true);
999
			hideSelect('topology', true);
1000
			hideCheckbox('remove_route', true);
1001
			hideCheckbox('remove_iroute', true);
1002
			hideCheckbox('remove_dnsdomain', true);
1003
			hideCheckbox('remove_dnsservers', true);
1004
			hideCheckbox('remove_ntpservers', true);
1005
			hideCheckbox('remove_netbios_ntype', true);
1006
			hideCheckbox('remove_netbios_scope', true);
1007
			hideCheckbox('remove_wins', true);
1008
		}
1009
	}
1010

  
1011
	// when push_reset option is selected, hide push_remove options, but not topology
1012
	function push_reset_change() {
1013
		var hide = $('#push_reset').prop('checked');
1014

  
1015
		hideCheckbox('remove_route', hide);
1016
		hideCheckbox('remove_iroute', hide);
1017
		hideCheckbox('remove_dnsdomain', hide);
1018
		hideCheckbox('remove_dnsservers', hide);
1019
		hideCheckbox('remove_ntpservers', hide);
1020
		hideCheckbox('remove_netbios_ntype', hide);
1021
		hideCheckbox('remove_netbios_scope', hide);
1022
		hideCheckbox('remove_wins', hide);
1023
	}
1024

  
1025
	function topology_change() {
1026
		if ($('#topology_override').prop('checked')) {
1027
			hideSelect('topology', false);
1028
		} else {
1029
			hideSelect('topology', true);
1030
		}
1031
	}
1032

  
1033
	function gwredir_change() {
1034
		var hide = $('#gwredir').prop('checked');
1035

  
1036
		hideInput('local_network', hide);
1037
//		hideInput('remote_network', hide);
1038
	}
1039

  
1040
	function gwredir6_change() {
1041
		var hide = $('#gwredir6').prop('checked');
1042

  
1043
		hideInput('local_networkv6', hide);
1044
//		hideInput('remote_networkv6', hide);
1045
	}
1046

  
1047
	function ping_seconds_change() {
1048
		if ($('#ping_push').prop('checked')) {
1049
			hideInput('ping_seconds', false);
1050
		} else {
1051
			hideInput('ping_seconds', true);
1052
		}
1053
	}
1054

  
1055
	function ping_action_change() {
1056
		if ($('#ping_action_push').prop('checked')) {
1057
			hideSelect('ping_action', false);
1058
			hideInput('ping_action_seconds', false);
1059
		} else {
1060
			hideSelect('ping_action', true);
1061
			hideInput('ping_action_seconds', true);
1062
		}
1063
	}
1064

  
708 1065
	function dnsdomain_change() {
709 1066
		if ($('#dns_domain_enable').prop('checked')) {
710 1067
			hideClass('dnsdomain', false);
......
758 1115

  
759 1116
	// ---------- Click checkbox handlers ---------------------------------------------------------
760 1117

  
1118
	 // On clicking Select Server Overrides Options
1119
	$('#server_overrides_enabled').click(function () {
1120
		serveroverrides_change();
1121
	});
1122

  
1123
	 // On clicking Remove All Server Options
1124
	$('#push_reset').click(function () {
1125
		push_reset_change();
1126
	});
1127

  
1128
	 // On clicking Override Server Topology
1129
	$('#topology_override').click(function () {
1130
		topology_change();
1131
	});
1132

  
1133
	 // On clicking Gateway redirect
1134
	$('#gwredir').click(function () {
1135
		gwredir_change();
1136
	});
1137

  
1138
	 // On clicking Gateway redirect IPv6
1139
	$('#gwredir6').click(function () {
1140
		gwredir6_change();
1141
	});
1142

  
1143
	 // On clicking Ping Interval
1144
	$('#ping_push').click(function () {
1145
		ping_seconds_change();
1146
	});
1147

  
1148
	 // On clicking Ping Action
1149
	$('#ping_action_push').click(function () {
1150
		ping_action_change();
1151
	});
1152

  
761 1153
	 // On clicking DNS Default Domain
762 1154
	$('#dns_domain_enable').click(function () {
763 1155
		dnsdomain_change();
......
790 1182

  
791 1183
	// ---------- On initial page load ------------------------------------------------------------
792 1184

  
1185
	// first the options depending on push_reset, and on server_overrides_enabled
1186
	// and finally the global server_overrides_enabled toggle
1187
	push_reset_change();
1188
	topology_change();
1189
	serveroverrides_change();
1190

  
1191
	gwredir_change();
1192
	gwredir6_change();
1193

  
1194
	ping_seconds_change();
1195
	ping_action_change();
1196

  
793 1197
	setNetbios();
794 1198
	dnsdomain_change();
795 1199
	dnsservers_change();
......
832 1236
						<?=htmlspecialchars($csc['description'])?>
833 1237
					</td>
834 1238
					<td>
835
						<a class="fa-solid fa-pencil"	title="<?=gettext('Edit CSC Override')?>"	href="vpn_openvpn_csc.php?act=edit&amp;id=<?=$i?>"></a>
836
						<a class="fa-regular fa-clone"	title="<?=gettext("Copy CSC Override")?>"	href="vpn_openvpn_csc.php?act=dup&amp;id=<?=$i?>" usepost></a>
837
						<a class="fa-solid fa-trash-can"	title="<?=gettext('Delete CSC Override')?>"	href="vpn_openvpn_csc.php?act=del&amp;id=<?=$i?>" usepost></a>
1239
						<a class="fa fa-pencil"	title="<?=gettext('Edit CSC Override')?>"	href="vpn_openvpn_csc.php?act=edit&amp;id=<?=$i?>"></a>
1240
						<a class="fa fa-clone"	title="<?=gettext("Copy CSC Override")?>"	href="vpn_openvpn_csc.php?act=dup&amp;id=<?=$i?>" usepost></a>
1241
						<a class="fa fa-trash"	title="<?=gettext('Delete CSC Override')?>"	href="vpn_openvpn_csc.php?act=del&amp;id=<?=$i?>" usepost></a>
838 1242
					</td>
839 1243
				</tr>
840 1244
<?php
......
848 1252

  
849 1253
<nav class="action-buttons">
850 1254
	<a href="vpn_openvpn_csc.php?act=new" class="btn btn-success btn-sm">
851
		<i class="fa-solid fa-plus icon-embed-btn"></i>
1255
		<i class="fa fa-plus icon-embed-btn"></i>
852 1256
		<?=gettext('Add')?>
853 1257
	</a>
854 1258
</nav>
855
-- a/src/etc/inc/openvpn.inc
1259
++ b/src/etc/inc/openvpn.inc
......
1696 1696
	filter_configure();
1697 1697
}
1698 1698

  
1699
// set client specific overrides
1699 1700
function openvpn_resync_csc($settings) {
1700 1701
	global $g, $openvpn_tls_server_modes;
1701 1702
	if (isset($settings['disable'])) {
......
1719 1720
		$conf .= "push-reset\n";
1720 1721
	}
1721 1722

  
1723
	if ($settings['topology_override']) {
1724
		$conf .= "push \"topology {$settings['topology']}\"\n";
1725
	}
1726

  
1722 1727
	if ($settings['remove_route']) {
1723 1728
		$conf .= "push-remove route\n";
1724 1729
	}
1725 1730

  
1731
	if ($settings['remove_iroute']) {
1732
		$conf .= "push-remove iroute\n";
1733
	}
1734

  
1735
	if ($settings['remove_dnsdomain']) {
1736
		$conf .= "push-remove \"dhcp-option DOMAIN\"\n";
1737
	}
1738

  
1739
	if ($settings['remove_dnsservers']) {
1740
		$conf .= "push-remove \"dhcp-option DNS\"\n";
1741
	}
1742

  
1743
	if ($settings['remove_ntpservers']) {
1744
		$conf .= "push-remove \"dhcp-option NTP\"\n";
1745
	}
1746

  
1747
	if ($settings['remove_netbios_ntype']) {
1748
		$conf .= "push-remove \"dhcp-option NBT\"\n";
1749
	}
1750

  
1751
	if ($settings['remove_netbios_scope']) {
1752
		$conf .= "push-remove \"dhcp-option NBS\"\n";
1753
	}
1754

  
1755
	if ($settings['remove_wins']) {
1756
		$conf .= "push-remove \"dhcp-option WINS\"\n";
1757
	}
1758

  
1726 1759
	if ($settings['local_network']) {
1727 1760
		$conf .= openvpn_gen_routes($settings['local_network'], "ipv4", true);
1728 1761
	}
......
1739 1772
		$conf .= openvpn_gen_routes($settings['remote_networkv6'], "ipv6", false, true);
1740 1773
	}
1741 1774

  
1775
	// push the ipv4 gateway if specified
1776
	if (!empty($settings['gateway']) && is_ipaddrv4($settings['gateway'])) {
1777
		$conf .= "push \"route-gateway {$settings['gateway']}\"\n";
1778
	}
1779

  
1780
	/* Currently route-ipv6-gateway is not supported by openvpn
1781
	if (!empty($settings['gateway']) && is_ipaddrv4($settings['gateway'])) {
1782
		$conf .= "push \"route-ipv6-gateway {$settings['gateway']}\"\n";
1783
	}
1784
	*/
1785

  
1786
	// Ping override options
1787
	if ($settings['ping_push']) {
1788
		$conf .= "push \"ping {$settings['ping_seconds']}\"\n";
1789
	}
1790

  
1791
	if ($settings['ping_action_push']) {
1792
		$action = str_replace("_", "-", $settings['ping_action']);
1793
		$conf .= "push \"{$action} " .
1794
			"{$settings['ping_action_seconds']}\"\n";
1795
	}
1796

  
1797
	// create client specific dhcp options and gateway redirection
1742 1798
	openvpn_add_dhcpopts($settings, $conf);
1743 1799

  
1800
	// custom options are added after all client overrides, and before the tunnel options
1744 1801
	openvpn_add_custom($settings, $conf);
1802

  
1745 1803
	/* Loop through servers, find which ones can use this CSC */
1746 1804
	foreach (config_get_path('openvpn/openvpn-server', []) as $serversettings) {
1747 1805
		if (isset($serversettings['disable'])) {
(9-9/14)