| 448 |
448 |
<field>
|
| 449 |
449 |
<name>descr</name>
|
| 450 |
450 |
<displayname>Descriptive name</displayname>
|
| 451 |
|
<description>A name for administrative reference, to identify this certificate. This is the same as common-name field for other Certificates.</description>
|
|
451 |
<description>A name for administrative reference, to identify this certificate.</description>
|
| 452 |
452 |
<type>input</type>
|
| 453 |
453 |
<size>20</size>
|
| 454 |
454 |
<bindstofield>ovpnserver->step6->certca</bindstofield>
|
| 455 |
455 |
</field>
|
|
456 |
<field>
|
|
457 |
<name>randomserial</name>
|
|
458 |
<displayname>Randomize Serial</displayname>
|
|
459 |
<type>checkbox</type>
|
|
460 |
<typehint>Use random serial numbers when signing certificates.</typehint>
|
|
461 |
<value>on</value>
|
|
462 |
<description>When enabled, serial numbers for certificates signed by this CA will be automatically randomized and checked for uniqueness instead of using sequential values.</description>
|
|
463 |
<bindstofield>ovpnserver->step6->randomserial</bindstofield>
|
|
464 |
</field>
|
| 456 |
465 |
<field>
|
| 457 |
466 |
<name>keylength</name>
|
| 458 |
467 |
<displayname>Key length</displayname>
|
| ... | ... | |
| 508 |
517 |
<description>Lifetime in days. This is commonly set to 3650 (Approximately 10 years.)</description>
|
| 509 |
518 |
<bindstofield>ovpnserver->step6->lifetime</bindstofield>
|
| 510 |
519 |
</field>
|
|
520 |
<field>
|
|
521 |
<name>commonname</name>
|
|
522 |
<displayname>Common Name</displayname>
|
|
523 |
<description>The internal name of the CA, used as a part of the CA subject. If left blank, the descriptive name will be used instead.</description>
|
|
524 |
<type>input</type>
|
|
525 |
<size>20</size>
|
|
526 |
<bindstofield>ovpnserver->step6->commonname</bindstofield>
|
|
527 |
</field>
|
| 511 |
528 |
<field>
|
| 512 |
529 |
<name>country</name>
|
| 513 |
530 |
<displayname>Country Code</displayname>
|
| ... | ... | |
| 519 |
536 |
<field>
|
| 520 |
537 |
<name>state</name>
|
| 521 |
538 |
<displayname>State or Province</displayname>
|
| 522 |
|
<description>Full State or Province name, not abbreviated (e.g. Kentucky, Indiana, Ontario).</description>
|
|
539 |
<description>Full State or Province name, not abbreviated (e.g. Texas, Indiana, Ontario).</description>
|
| 523 |
540 |
<type>input</type>
|
| 524 |
541 |
<size>30</size>
|
| 525 |
542 |
<bindstofield>ovpnserver->step6->state</bindstofield>
|
| ... | ... | |
| 527 |
544 |
<field>
|
| 528 |
545 |
<name>city</name>
|
| 529 |
546 |
<displayname>City</displayname>
|
| 530 |
|
<description>City or other Locality name (e.g. Louisville, Indianapolis, Toronto).</description>
|
|
547 |
<description>City or other Locality name (e.g. Austin, Indianapolis, Toronto).</description>
|
| 531 |
548 |
<type>input</type>
|
| 532 |
549 |
<size>30</size>
|
| 533 |
550 |
<bindstofield>ovpnserver->step6->city</bindstofield>
|
| ... | ... | |
| 535 |
552 |
<field>
|
| 536 |
553 |
<name>organization</name>
|
| 537 |
554 |
<displayname>Organization</displayname>
|
| 538 |
|
<description>Organization name, often the Company or Group name.</description>
|
|
555 |
<description>Organization name, often the company or group name.</description>
|
| 539 |
556 |
<type>input</type>
|
| 540 |
557 |
<size>30</size>
|
| 541 |
558 |
<bindstofield>ovpnserver->step6->organization</bindstofield>
|
| 542 |
559 |
</field>
|
|
560 |
<field>
|
|
561 |
<name>organizationalunit</name>
|
|
562 |
<displayname>Organizational Unit</displayname>
|
|
563 |
<description>Organizational Unit name, often a department or team name.</description>
|
|
564 |
<type>input</type>
|
|
565 |
<size>30</size>
|
|
566 |
<bindstofield>ovpnserver->step6->organizationalunit</bindstofield>
|
|
567 |
</field>
|
| 543 |
568 |
<field>
|
| 544 |
569 |
<name>Add new CA</name>
|
| 545 |
570 |
<type>submit</type>
|
| ... | ... | |
| 591 |
616 |
<field>
|
| 592 |
617 |
<name>descr</name>
|
| 593 |
618 |
<displayname>Descriptive name</displayname>
|
| 594 |
|
<description>A name for administrative reference, to identify this certificate. This is also known as the certificate's "Common Name."</description>
|
|
619 |
<description>A name for administrative reference, to identify this certificate.</description>
|
| 595 |
620 |
<type>input</type>
|
| 596 |
621 |
<size>20</size>
|
| 597 |
622 |
<bindstofield>ovpnserver->step9->certname</bindstofield>
|
| ... | ... | |
| 651 |
676 |
<value>398</value>
|
| 652 |
677 |
<bindstofield>ovpnserver->step9->lifetime</bindstofield>
|
| 653 |
678 |
</field>
|
|
679 |
<field>
|
|
680 |
<name>commonname</name>
|
|
681 |
<displayname>Common Name</displayname>
|
|
682 |
<description>The internal name of the server certificate, used as a part of the certificate subject. Typically set to the hostname of this system. This value is also used as a Subject Alternative Name (SAN). If left blank, the Descriptive Name value will be used for the Common Name and SAN instead.</description>
|
|
683 |
<type>input</type>
|
|
684 |
<size>20</size>
|
|
685 |
<bindstofield>ovpnserver->step9->commonname</bindstofield>
|
|
686 |
</field>
|
| 654 |
687 |
<field>
|
| 655 |
688 |
<name>country</name>
|
| 656 |
689 |
<displayname>Country Code</displayname>
|
| ... | ... | |
| 662 |
695 |
<field>
|
| 663 |
696 |
<name>state</name>
|
| 664 |
697 |
<displayname>State or Province</displayname>
|
| 665 |
|
<description>Full State of Province name, not abbreviated (e.g. Kentucky, Indiana, Ontario).</description>
|
|
698 |
<description>Full State of Province name, not abbreviated (e.g. Texas, Indiana, Ontario).</description>
|
| 666 |
699 |
<type>input</type>
|
| 667 |
700 |
<size>30</size>
|
| 668 |
701 |
<bindstofield>ovpnserver->step9->state</bindstofield>
|
| ... | ... | |
| 670 |
703 |
<field>
|
| 671 |
704 |
<name>city</name>
|
| 672 |
705 |
<displayname>City</displayname>
|
| 673 |
|
<description>City or other Locality name (e.g. Louisville, Indianapolis, Toronto).</description>
|
|
706 |
<description>City or other Locality name (e.g. Austin, Indianapolis, Toronto).</description>
|
| 674 |
707 |
<type>input</type>
|
| 675 |
708 |
<size>30</size>
|
| 676 |
709 |
<bindstofield>ovpnserver->step9->city</bindstofield>
|
| ... | ... | |
| 678 |
711 |
<field>
|
| 679 |
712 |
<name>organization</name>
|
| 680 |
713 |
<displayname>Organization</displayname>
|
| 681 |
|
<description>Organization name, often the Company or Group name.</description>
|
|
714 |
<description>Organization name, often the company or group name.</description>
|
| 682 |
715 |
<type>input</type>
|
| 683 |
716 |
<size>30</size>
|
| 684 |
717 |
<bindstofield>ovpnserver->step9->organization</bindstofield>
|
| 685 |
718 |
</field>
|
|
719 |
<field>
|
|
720 |
<name>organizationalunit</name>
|
|
721 |
<displayname>Organizational Unit</displayname>
|
|
722 |
<description>Organizational Unit name, often a department or team name.</description>
|
|
723 |
<type>input</type>
|
|
724 |
<size>30</size>
|
|
725 |
<bindstofield>ovpnserver->step9->organizationalunit</bindstofield>
|
|
726 |
</field>
|
| 686 |
727 |
<field>
|
| 687 |
728 |
<name>Create new Certificate</name>
|
| 688 |
729 |
<type>submit</type>
|
| ... | ... | |
| 703 |
744 |
<name>General OpenVPN Server Information</name>
|
| 704 |
745 |
</field>
|
| 705 |
746 |
<field>
|
| 706 |
|
<name>interface</name>
|
| 707 |
|
<type>select_source</type>
|
| 708 |
|
<source><![CDATA[openvpn_wizard_build_if_list()]]></source>
|
| 709 |
|
<source_name>name</source_name>
|
| 710 |
|
<source_value>value</source_value>
|
| 711 |
|
<description>The interface where OpenVPN will listen for incoming connections (typically WAN.)</description>
|
| 712 |
|
<displayname>Interface</displayname>
|
| 713 |
|
<bindstofield>ovpnserver->step10->interface</bindstofield>
|
|
747 |
<name>description</name>
|
|
748 |
<displayname>Description</displayname>
|
|
749 |
<description>A name for this OpenVPN instance, for administrative reference. It can be set however desired, but is often used to distinguish the purpose of the service (e.g. "Remote Technical Staff"). It is also used by OpenVPN Client Export to identify this VPN on clients.</description>
|
|
750 |
<type>input</type>
|
|
751 |
<size>30</size>
|
|
752 |
<bindstofield>ovpnserver->step10->descr</bindstofield>
|
|
753 |
</field>
|
|
754 |
<field>
|
|
755 |
<type>listtopic</type>
|
|
756 |
<name>Endpoint Configuration</name>
|
| 714 |
757 |
</field>
|
| 715 |
758 |
<field>
|
| 716 |
759 |
<name>Protocol</name>
|
| ... | ... | |
| 744 |
787 |
</options>
|
| 745 |
788 |
<description><br/>Protocol to use for OpenVPN connections. If unsure, leave this set to UDP.</description>
|
| 746 |
789 |
</field>
|
|
790 |
<field>
|
|
791 |
<name>interface</name>
|
|
792 |
<type>select_source</type>
|
|
793 |
<source><![CDATA[openvpn_wizard_build_if_list()]]></source>
|
|
794 |
<source_name>name</source_name>
|
|
795 |
<source_value>value</source_value>
|
|
796 |
<description>The interface where OpenVPN will listen for incoming connections (typically WAN.)</description>
|
|
797 |
<displayname>Interface</displayname>
|
|
798 |
<bindstofield>ovpnserver->step10->interface</bindstofield>
|
|
799 |
</field>
|
| 747 |
800 |
<field>
|
| 748 |
801 |
<name>localport</name>
|
| 749 |
802 |
<displayname>Local Port</displayname>
|
| ... | ... | |
| 752 |
805 |
<size>10</size>
|
| 753 |
806 |
<bindstofield>ovpnserver->step10->localport</bindstofield>
|
| 754 |
807 |
</field>
|
| 755 |
|
<field>
|
| 756 |
|
<name>description</name>
|
| 757 |
|
<displayname>Description</displayname>
|
| 758 |
|
<description>A name for this OpenVPN instance, for administrative reference. It can be set however desired, but is often used to distinguish the purpose of the service (e.g. "Remote Technical Staff"). It is also used by OpenVPN Client Export to identify this VPN on clients.</description>
|
| 759 |
|
<type>input</type>
|
| 760 |
|
<size>30</size>
|
| 761 |
|
<bindstofield>ovpnserver->step10->descr</bindstofield>
|
| 762 |
|
</field>
|
| 763 |
808 |
<field>
|
| 764 |
809 |
<type>listtopic</type>
|
| 765 |
810 |
<name>Cryptographic Settings</name>
|
| ... | ... | |
| 767 |
812 |
<field>
|
| 768 |
813 |
<name>TLS Authentication</name>
|
| 769 |
814 |
<type>checkbox</type>
|
|
815 |
<typehint>Enable authentication of TLS packets.</typehint>
|
| 770 |
816 |
<value>on</value>
|
| 771 |
|
<description>Enable authentication of TLS packets.</description>
|
| 772 |
817 |
<bindstofield>ovpnserver->step10->tlsauth</bindstofield>
|
| 773 |
818 |
</field>
|
| 774 |
819 |
<field>
|
| ... | ... | |
| 777 |
822 |
<disablefields>tlssharedkey</disablefields>
|
| 778 |
823 |
<value>on</value>
|
| 779 |
824 |
<type>checkbox</type>
|
| 780 |
|
<description>Automatically generate a shared TLS authentication key.</description>
|
|
825 |
<typehint>Automatically generate a shared TLS authentication key.</typehint>
|
| 781 |
826 |
<bindstofield>ovpnserver->step10->gentlskey</bindstofield>
|
| 782 |
827 |
</field>
|
| 783 |
828 |
<field>
|
| ... | ... | |
| 800 |
845 |
<bindstofield>ovpnserver->step10->dhkey</bindstofield>
|
| 801 |
846 |
<description><br/>Length of Diffie-Hellman (DH) key exchange parameters, used for establishing a secure communications channel. The DH parameters are different from key sizes, but as with other such settings, the larger the key, the more security it offers, but larger keys take considerably more time to generate. As of 2016, 2048 bit is a common and typical selection.</description>
|
| 802 |
847 |
</field>
|
| 803 |
|
<field>
|
| 804 |
|
<name>ncpenable</name>
|
| 805 |
|
<displayname>Data Encryption Negotiation</displayname>
|
| 806 |
|
<type>checkbox</type>
|
| 807 |
|
<value>on</value>
|
| 808 |
|
<description>
|
| 809 |
|
Enable negotiation of Data Encryption Algorithms between client and server.
|
| 810 |
|
The best practice is keep this setting enabled.
|
| 811 |
|
</description>
|
| 812 |
|
<bindstofield>ovpnserver->step10->ncpenable</bindstofield>
|
| 813 |
|
</field>
|
| 814 |
848 |
<field>
|
| 815 |
849 |
<name>dataciphers</name>
|
| 816 |
850 |
<type>select</type>
|
| ... | ... | |
| 888 |
922 |
<name>Tunnel Settings</name>
|
| 889 |
923 |
</field>
|
| 890 |
924 |
<field>
|
| 891 |
|
<displayname>Tunnel Network</displayname>
|
|
925 |
<displayname>IPv4 Tunnel Network</displayname>
|
| 892 |
926 |
<name>tunnelnet</name>
|
| 893 |
927 |
<type>input</type>
|
| 894 |
928 |
<size>20</size>
|
| ... | ... | |
| 896 |
930 |
<description>This is the virtual network used for private communications between this server and client hosts expressed using CIDR notation (eg. 10.0.8.0/24). The first network address will be assigned to the server virtual interface. The remaining network addresses will be assigned to connecting clients.</description>
|
| 897 |
931 |
</field>
|
| 898 |
932 |
<field>
|
| 899 |
|
<displayname>Redirect Gateway</displayname>
|
|
933 |
<displayname>Redirect IPv4 Gateway</displayname>
|
| 900 |
934 |
<name>redirectgw</name>
|
| 901 |
935 |
<type>checkbox</type>
|
| 902 |
|
<description>Force all client generated traffic through the tunnel.</description>
|
|
936 |
<typehint>Force all client generated traffic through the tunnel.</typehint>
|
| 903 |
937 |
<bindstofield>ovpnserver->step10->rdrgw</bindstofield>
|
| 904 |
938 |
</field>
|
| 905 |
939 |
<field>
|
| 906 |
|
<displayname>Local Network</displayname>
|
|
940 |
<displayname>IPv4 Local Network</displayname>
|
| 907 |
941 |
<name>localnet</name>
|
| 908 |
942 |
<type>input</type>
|
| 909 |
943 |
<size>20</size>
|
| ... | ... | |
| 954 |
988 |
<displayname>Type-of-Service</displayname>
|
| 955 |
989 |
<name>tos</name>
|
| 956 |
990 |
<type>checkbox</type>
|
| 957 |
|
<description>Set the TOS IP header value of tunnel packets to match the encapsulated packet's TOS value.</description>
|
|
991 |
<typehint>Set the TOS IP header value of tunnel packets to match the encapsulated packet's TOS value.</typehint>
|
| 958 |
992 |
<bindstofield>ovpnserver->step10->tos</bindstofield>
|
| 959 |
993 |
</field>
|
| 960 |
994 |
<field>
|
| 961 |
995 |
<displayname>Inter-Client Communication</displayname>
|
| 962 |
996 |
<name>interclient</name>
|
| 963 |
997 |
<type>checkbox</type>
|
| 964 |
|
<description>Allow communication between clients connected to this server.</description>
|
|
998 |
<typehint>Allow communication between clients connected to this server.</typehint>
|
| 965 |
999 |
<bindstofield>ovpnserver->step10->interclient</bindstofield>
|
| 966 |
1000 |
</field>
|
| 967 |
1001 |
<field>
|
| 968 |
1002 |
<displayname>Duplicate Connections</displayname>
|
| 969 |
1003 |
<name>duplicate_cn</name>
|
| 970 |
1004 |
<type>checkbox</type>
|
| 971 |
|
<description>Allow multiple concurrent connections from clients using the same Common Name.<br/>NOTE: This is not generally recommended, but may be needed for some scenarios.</description>
|
|
1005 |
<typehint>Allow multiple concurrent connections from clients using the same Common Name.</typehint>
|
|
1006 |
<description>NOTE: This is not generally recommended, but may be needed for some scenarios.</description>
|
| 972 |
1007 |
<bindstofield>ovpnserver->step10->duplicate_cn</bindstofield>
|
| 973 |
1008 |
</field>
|
| 974 |
1009 |
<field>
|
| ... | ... | |
| 987 |
1022 |
<displayname>Dynamic IP</displayname>
|
| 988 |
1023 |
<name>dynip</name>
|
| 989 |
1024 |
<type>checkbox</type>
|
|
1025 |
<typehint>Allow connected clients to retain their connections if their IP address changes.</typehint>
|
| 990 |
1026 |
<value>on</value>
|
| 991 |
|
<description>Allow connected clients to retain their connections if their IP address changes.</description>
|
| 992 |
1027 |
<bindstofield>ovpnserver->step10->dynip</bindstofield>
|
| 993 |
1028 |
</field>
|
| 994 |
1029 |
<field>
|
| ... | ... | |
| 1009 |
1044 |
</options>
|
| 1010 |
1045 |
<description>Specifies the method used to supply a virtual adapter IP address to clients when using tun mode on IPv4.<br />Some clients may require this be set to "subnet" even for IPv6, such as OpenVPN Connect (iOS/Android).<br />Older versions of OpenVPN (before 2.0.9) or clients such as Yealink phones may require "net30".</description>
|
| 1011 |
1046 |
</field>
|
|
1047 |
<field>
|
|
1048 |
<type>listtopic</type>
|
|
1049 |
<name>Advanced Client Settings</name>
|
|
1050 |
</field>
|
| 1012 |
1051 |
<field>
|
| 1013 |
1052 |
<displayname>DNS Default Domain</displayname>
|
| 1014 |
1053 |
<name>defaultdomain</name>
|
| ... | ... | |
| 1061 |
1100 |
<field>
|
| 1062 |
1101 |
<name>nbtenable</name>
|
| 1063 |
1102 |
<type>checkbox</type>
|
|
1103 |
<typehint>Enable NetBIOS over TCP/IP.</typehint>
|
| 1064 |
1104 |
<displayname>NetBIOS Options</displayname>
|
| 1065 |
1105 |
<bindstofield>ovpnserver->step10->nbtenable</bindstofield>
|
| 1066 |
|
<description>Enable NetBIOS over TCP/IP. <br/>If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled. </description>
|
|
1106 |
<description>If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled. </description>
|
| 1067 |
1107 |
</field>
|
| 1068 |
1108 |
<field>
|
| 1069 |
1109 |
<displayname>NetBIOS Node Type</displayname>
|
| ... | ... | |
| 1111 |
1151 |
<step>
|
| 1112 |
1152 |
<id>11</id>
|
| 1113 |
1153 |
<title>Firewall Rule Configuration</title>
|
| 1114 |
|
<description>OpenVPN Remote Access Server Setup Wizard</description>
|
|
1154 |
<description>OpenVPN Remote Access Server Firewall Rules</description>
|
| 1115 |
1155 |
<disableheader>true</disableheader>
|
| 1116 |
1156 |
<fields>
|
| 1117 |
|
<field>
|
| 1118 |
|
<type>listtopic</type>
|
| 1119 |
|
<name>Firewall Rule Configuration</name>
|
| 1120 |
|
</field>
|
| 1121 |
1157 |
<field>
|
| 1122 |
1158 |
<type>text</type>
|
| 1123 |
|
<description>Firewall rules control what network traffic is permitted. Rules must be added to allow traffic to the OpenVPN server's IP and port, as well as allowing traffic from connected clients through the tunnel. These rules can be automatically added here, or configured manually after completing the wizard.</description>
|
|
1159 |
<description>
|
|
1160 |
Rules control passing or blocking network traffic as it flows
|
|
1161 |
through the firewall.
|
|
1162 |
<br/><br/>
|
|
1163 |
Rules must be added which allow traffic to reach the OpenVPN server
|
|
1164 |
IP address and port, as well as to allow traffic from connected clients
|
|
1165 |
inside the OpenVPN tunnel.
|
|
1166 |
<br/><br/>
|
|
1167 |
The options on this step can add automatic rules to pass this traffic,
|
|
1168 |
or rules can be configured manually after completing the wizard.
|
|
1169 |
</description>
|
| 1124 |
1170 |
</field>
|
| 1125 |
1171 |
<field>
|
| 1126 |
1172 |
<type>listtopic</type>
|
| ... | ... | |
| 1129 |
1175 |
<field>
|
| 1130 |
1176 |
<name>ovpnrule</name>
|
| 1131 |
1177 |
<displayname>Firewall Rule</displayname>
|
| 1132 |
|
<description>Add a rule to permit connections to this OpenVPN server process from clients anywhere on the Internet.</description>
|
| 1133 |
1178 |
<type>checkbox</type>
|
|
1179 |
<typehint>Add a rule to permit connections to this OpenVPN server instance from clients anywhere on the Internet.</typehint>
|
| 1134 |
1180 |
<bindstofield>ovpnserver->step11->ovpnrule</bindstofield>
|
| 1135 |
1181 |
</field>
|
| 1136 |
1182 |
<field>
|
| ... | ... | |
| 1140 |
1186 |
<field>
|
| 1141 |
1187 |
<name>ovpnallow</name>
|
| 1142 |
1188 |
<displayname>OpenVPN rule</displayname>
|
| 1143 |
|
<description>Add a rule to allow all traffic from connected clients to pass inside the VPN tunnel.</description>
|
| 1144 |
1189 |
<type>checkbox</type>
|
|
1190 |
<typehint>Add a rule to allow all traffic from connected clients to pass inside the VPN tunnel.</typehint>
|
| 1145 |
1191 |
<bindstofield>ovpnserver->step11->ovpnallow</bindstofield>
|
| 1146 |
1192 |
</field>
|
| 1147 |
1193 |
<field>
|
| ... | ... | |
| 1162 |
1208 |
</field>
|
| 1163 |
1209 |
<field>
|
| 1164 |
1210 |
<type>text</type>
|
| 1165 |
|
<description>The configuration is now complete.</description>
|
| 1166 |
|
</field>
|
| 1167 |
|
<field>
|
| 1168 |
|
<type>text</type>
|
| 1169 |
|
<description>To be able to export client configurations, browse to System->Packages and install the OpenVPN Client Export package.</description>
|
|
1211 |
<description>
|
|
1212 |
The configuration is now complete.
|
|
1213 |
<br/><br/>
|
|
1214 |
Adding users for the VPN depends on the chosen authentication method.
|
|
1215 |
For example, add local users with certificates under <a href="system_usermanager.php"><strong>System > User Manager</strong></a>.
|
|
1216 |
For remote authentication servers, add certificates directly in <a href="system_certmanager.php"><strong>System > Certificate Manager</strong></a>.
|
|
1217 |
<br/><br/>
|
|
1218 |
To easily export client configurations, browse to <a href="pkg_mgr_installed.php"><strong>System > Packages</strong></a> and install the OpenVPN Client Export package.
|
|
1219 |
</description>
|
| 1170 |
1220 |
</field>
|
| 1171 |
1221 |
<field>
|
| 1172 |
1222 |
<type>submit</type>
|
Added by Jim Pingle over 2 years ago
OpenVPN wizard updates. Fixes #14183