Project

General

Profile

Download (54 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php 
2
/*
3
	vpn_openvpn_server.php
4

    
5
	Copyright (C) 2008 Shrew Soft Inc.
6
	All rights reserved. 
7

    
8
	Redistribution and use in source and binary forms, with or without
9
	modification, are permitted provided that the following conditions are met:
10
	
11
	1. Redistributions of source code must retain the above copyright notice,
12
	   this list of conditions and the following disclaimer.
13
	
14
	2. Redistributions in binary form must reproduce the above copyright
15
	   notice, this list of conditions and the following disclaimer in the
16
	   documentation and/or other materials provided with the distribution.
17
	
18
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
	POSSIBILITY OF SUCH DAMAGE.
28
*/
29

    
30
##|+PRIV
31
##|*IDENT=page-openvpn-server
32
##|*NAME=OpenVPN: Server page
33
##|*DESCR=Allow access to the 'OpenVPN: Server' page.
34
##|*MATCH=vpn_openvpn_server.php*
35
##|-PRIV
36

    
37
require("guiconfig.inc");
38
require_once("openvpn.inc");
39

    
40
$pgtitle = array(gettext("OpenVPN"), gettext("Server"));
41
$statusurl = "status_openvpn.php";
42
$logurl = "diag_logs_openvpn.php";
43

    
44
if (!is_array($config['openvpn']['openvpn-server']))
45
	$config['openvpn']['openvpn-server'] = array();
46

    
47
$a_server = &$config['openvpn']['openvpn-server'];
48

    
49
if (!is_array($config['ca']))
50
	$config['ca'] = array();
51

    
52
$a_ca =& $config['ca'];
53

    
54
if (!is_array($config['cert']))
55
	$config['cert'] = array();
56

    
57
$a_cert =& $config['cert'];
58

    
59
if (!is_array($config['crl']))
60
	$config['crl'] = array();
61

    
62
$a_crl =& $config['crl'];
63

    
64
foreach ($a_crl as $cid => $acrl)
65
	if (!isset($acrl['refid']))
66
		unset ($a_crl[$cid]);
67

    
68
$id = $_GET['id'];
69
if (isset($_POST['id']))
70
	$id = $_POST['id'];
71

    
72
$act = $_GET['act'];
73
if (isset($_POST['act']))
74
	$act = $_POST['act'];
75

    
76
if ($_GET['act'] == "del") {
77

    
78
	if (!$a_server[$id]) {
79
		pfSenseHeader("vpn_openvpn_server.php");
80
		exit;
81
	}
82

    
83
	openvpn_delete('server', $a_server[$id]);
84
	unset($a_server[$id]);
85
	write_config();
86
	$savemsg = gettext("Server successfully deleted")."<br/>";
87
}
88

    
89
if($_GET['act']=="new"){
90
	$pconfig['autokey_enable'] = "yes";
91
	$pconfig['tlsauth_enable'] = "yes";
92
	$pconfig['autotls_enable'] = "yes";
93
	$pconfig['dh_length'] = 1024;
94
	$pconfig['dev_mode'] = "tun";
95
	$pconfig['interface'] = "wan";
96
	$pconfig['local_port'] = openvpn_port_next('UDP');
97
	$pconfig['pool_enable'] = "yes";
98
}
99

    
100
if($_GET['act']=="edit"){
101

    
102
	if (isset($id) && $a_server[$id]) {
103

    
104
		$pconfig['disable'] = isset($a_server[$id]['disable']);
105
		$pconfig['mode'] = $a_server[$id]['mode'];
106
		$pconfig['protocol'] = $a_server[$id]['protocol'];
107
		$pconfig['authmode'] = $a_server[$id]['authmode'];
108
		$pconfig['dev_mode'] = $a_server[$id]['dev_mode'];
109
		$pconfig['interface'] = $a_server[$id]['interface'];
110
		if (!empty($a_server[$id]['ipaddr'])) {
111
			$pconfig['interface'] = $pconfig['interface'] . '|' . $a_server[$id]['ipaddr'];
112
		}
113
		$pconfig['local_port'] = $a_server[$id]['local_port'];
114
		$pconfig['description'] = $a_server[$id]['description'];
115
		$pconfig['custom_options'] = $a_server[$id]['custom_options'];
116

    
117
		if ($pconfig['mode'] != "p2p_shared_key") {
118
			if ($a_server[$id]['tls']) {
119
				$pconfig['tlsauth_enable'] = "yes";
120
				$pconfig['tls'] = base64_decode($a_server[$id]['tls']);
121
			}
122
			$pconfig['caref'] = $a_server[$id]['caref'];
123
			$pconfig['crlref'] = $a_server[$id]['crlref'];
124
			$pconfig['certref'] = $a_server[$id]['certref'];
125
			$pconfig['dh_length'] = $a_server[$id]['dh_length'];
126
			if ($pconfig['mode'] == "server_tls_user")
127
				$pconfig['strictusercn'] = $a_server[$id]['strictusercn'];
128
		} else
129
			$pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
130
		$pconfig['crypto'] = $a_server[$id]['crypto'];
131
		$pconfig['engine'] = $a_server[$id]['engine'];
132

    
133
		$pconfig['tunnel_network'] = $a_server[$id]['tunnel_network'];
134
		$pconfig['remote_network'] = $a_server[$id]['remote_network'];
135
		$pconfig['gwredir'] = $a_server[$id]['gwredir'];
136
		$pconfig['local_network'] = $a_server[$id]['local_network'];
137
		$pconfig['maxclients'] = $a_server[$id]['maxclients'];
138
		$pconfig['compression'] = $a_server[$id]['compression'];
139
		$pconfig['passtos'] = $a_server[$id]['passtos'];
140
		$pconfig['client2client'] = $a_server[$id]['client2client'];
141

    
142
		$pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip'];
143
		$pconfig['pool_enable'] = $a_server[$id]['pool_enable'];
144

    
145
		$pconfig['dns_domain'] = $a_server[$id]['dns_domain'];
146
		if ($pconfig['dns_domain'])
147
			$pconfig['dns_domain_enable'] = true;
148

    
149
		$pconfig['dns_server1'] = $a_server[$id]['dns_server1'];
150
		$pconfig['dns_server2'] = $a_server[$id]['dns_server2'];
151
		$pconfig['dns_server3'] = $a_server[$id]['dns_server3'];
152
		$pconfig['dns_server4'] = $a_server[$id]['dns_server4'];
153
		if ($pconfig['dns_server1'] ||
154
			$pconfig['dns_server2'] ||
155
			$pconfig['dns_server3'] ||
156
			$pconfig['dns_server4'])
157
			$pconfig['dns_server_enable'] = true;
158

    
159
		$pconfig['ntp_server1'] = $a_server[$id]['ntp_server1'];
160
		$pconfig['ntp_server2'] = $a_server[$id]['ntp_server2'];
161
		if ($pconfig['ntp_server1'] ||
162
			$pconfig['ntp_server2'])
163
			$pconfig['ntp_server_enable'] = true;
164

    
165
		$pconfig['netbios_enable'] = $a_server[$id]['netbios_enable'];
166
		$pconfig['netbios_ntype'] = $a_server[$id]['netbios_ntype'];
167
		$pconfig['netbios_scope'] = $a_server[$id]['netbios_scope'];
168

    
169
		$pconfig['wins_server1'] = $a_server[$id]['wins_server1'];
170
		$pconfig['wins_server2'] = $a_server[$id]['wins_server2'];
171
		if ($pconfig['wins_server1'] ||
172
			$pconfig['wins_server2'])
173
			$pconfig['wins_server_enable'] = true;
174

    
175
		$pconfig['nbdd_server1'] = $a_server[$id]['nbdd_server1'];
176
		if ($pconfig['nbdd_server1'])
177
			$pconfig['nbdd_server_enable'] = true;
178

    
179
		// just in case the modes switch
180
		$pconfig['autokey_enable'] = "yes";
181
		$pconfig['autotls_enable'] = "yes";
182

    
183
		$pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']);
184
	}
185
}
186

    
187
if ($_POST) {
188

    
189
	unset($input_errors);
190
	$pconfig = $_POST;
191

    
192
	if (isset($id) && $a_server[$id])
193
		$vpnid = $a_server[$id]['vpnid'];
194
	else
195
		$vpnid = 0;
196

    
197
	if ($pconfig['mode'] != "p2p_shared_key")
198
		$tls_mode = true;
199
	else
200
		$tls_mode = false;
201

    
202
	if (empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user")))
203
		$input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth.");
204

    
205
	/* input validation */
206
	if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
207
		$input_errors[] = $result;
208

    
209
	if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network'))
210
		$input_errors[] = $result;
211

    
212
	if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network'))
213
		$input_errors[] = $result;
214

    
215
	if ($result = openvpn_validate_cidr($pconfig['local_network'], 'Local network'))
216
		$input_errors[] = $result;
217

    
218
	$portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']);
219
	if (($portused != $vpnid) && ($portused != 0))
220
		$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
221

    
222
	if ($pconfig['autokey_enable'])
223
		$pconfig['shared_key'] = openvpn_create_key();
224

    
225
	if (!$tls_mode && !$pconfig['autokey_enable'])
226
		if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
227
			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
228
			$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
229

    
230
	if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
231
		if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
232
			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
233
			$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
234

    
235
	if ($pconfig['dns_server_enable']) {
236
		if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1'])))
237
			$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
238
		if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2'])))
239
			$input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
240
		if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3'])))
241
			$input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
242
		if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4'])))
243
			$input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
244
	}
245

    
246
	if ($pconfig['ntp_server_enable']) {
247
		if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1'])))
248
			$input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
249
		if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2'])))
250
			$input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
251
		if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3'])))
252
			$input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address");
253
		if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4'])))
254
			$input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address");
255
	}
256

    
257
	if ($pconfig['netbios_enable']) {
258
		if ($pconfig['wins_server_enable']) {
259
			if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1'])))
260
				$input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
261
			if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2'])))
262
				$input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
263
		}
264
		if ($pconfig['nbdd_server_enable'])
265
			if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1'])))
266
				$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
267
	}
268

    
269
	if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients']))
270
		$input_errors[] = gettext("The field 'Concurrent connections' must be numeric.");
271

    
272
	/* If we are not in shared key mode, then we need the CA/Cert. */
273
	if ($pconfig['mode'] != "p2p_shared_key") {
274
		$reqdfields = explode(" ", "caref certref");
275
		$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
276
	} elseif (!$pconfig['autokey_enable']) {
277
		/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
278
		$reqdfields = array('shared_key');
279
		$reqdfieldsn = array(gettext('Shared key'));
280
	}
281

    
282
	$reqdfields[] = 'tunnel_network';
283
	$reqdfieldsn[] = gettext('Tunnel network');
284

    
285
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
286
	
287
	if (!$input_errors) {
288

    
289
		$server = array();
290

    
291
		if ($vpnid)
292
			$server['vpnid'] = $vpnid;
293
		else
294
			$server['vpnid'] = openvpn_vpnid_next();
295

    
296
		if ($_POST['disable'] == "yes")
297
			$server['disable'] = true;
298
		$server['mode'] = $pconfig['mode'];
299
		if (!empty($pconfig['authmode']))
300
			$server['authmode'] = implode(",", $pconfig['authmode']);
301
		$server['protocol'] = $pconfig['protocol'];
302
		$server['dev_mode'] = $pconfig['dev_mode'];
303
		list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']);
304
		$server['local_port'] = $pconfig['local_port'];
305
		$server['description'] = $pconfig['description'];
306
		$server['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
307

    
308
		if ($tls_mode) {
309
			if ($pconfig['tlsauth_enable']) {
310
				if ($pconfig['autotls_enable'])
311
					$pconfig['tls'] = openvpn_create_key();
312
				$server['tls'] = base64_encode($pconfig['tls']);
313
			}
314
			$server['caref'] = $pconfig['caref'];
315
			$server['crlref'] = $pconfig['crlref'];
316
			$server['certref'] = $pconfig['certref'];
317
			$server['dh_length'] = $pconfig['dh_length'];
318
			if ($pconfig['mode'] == "server_tls_user")
319
				$server['strictusercn'] = $pconfig['strictusercn'];
320
		} else {
321
			$server['shared_key'] = base64_encode($pconfig['shared_key']);
322
		}
323
		$server['crypto'] = $pconfig['crypto'];
324
		$server['engine'] = $pconfig['engine'];
325

    
326
		$server['tunnel_network'] = $pconfig['tunnel_network'];
327
		$server['remote_network'] = $pconfig['remote_network'];
328
		$server['gwredir'] = $pconfig['gwredir'];
329
		$server['local_network'] = $pconfig['local_network'];
330
		$server['maxclients'] = $pconfig['maxclients'];
331
		$server['compression'] = $pconfig['compression'];
332
		$server['passtos'] = $pconfig['passtos'];
333
		$server['client2client'] = $pconfig['client2client'];
334

    
335
		$server['dynamic_ip'] = $pconfig['dynamic_ip'];
336
		$server['pool_enable'] = $pconfig['pool_enable'];
337

    
338
		if ($pconfig['dns_domain_enable'])
339
			$server['dns_domain'] = $pconfig['dns_domain'];
340

    
341
		if ($pconfig['dns_server_enable']) {
342
			$server['dns_server1'] = $pconfig['dns_server1'];
343
			$server['dns_server2'] = $pconfig['dns_server2'];
344
			$server['dns_server3'] = $pconfig['dns_server3'];
345
			$server['dns_server4'] = $pconfig['dns_server4'];
346
		}
347

    
348
		if ($pconfig['ntp_server_enable']) {
349
			$server['ntp_server1'] = $pconfig['ntp_server1'];
350
			$server['ntp_server2'] = $pconfig['ntp_server2'];
351
		}
352

    
353
		$server['netbios_enable'] = $pconfig['netbios_enable'];
354
		$server['netbios_ntype'] = $pconfig['netbios_ntype'];
355
		$server['netbios_scope'] = $pconfig['netbios_scope'];
356

    
357
		if ($pconfig['netbios_enable']) {
358

    
359
			if ($pconfig['wins_server_enable']) {
360
				$server['wins_server1'] = $pconfig['wins_server1'];
361
				$server['wins_server2'] = $pconfig['wins_server2'];
362
			}
363

    
364
			if ($pconfig['dns_server_enable'])
365
				$server['nbdd_server1'] = $pconfig['nbdd_server1'];
366
		}
367

    
368
		if ($_POST['duplicate_cn'] == "yes")
369
			$server['duplicate_cn'] = true;
370

    
371
		if (isset($id) && $a_server[$id])
372
			$a_server[$id] = $server;
373
		else
374
			$a_server[] = $server;
375

    
376
		openvpn_resync('server', $server);
377
		write_config();
378
		
379
		header("Location: vpn_openvpn_server.php");
380
		exit;
381
	}
382
	if (!empty($pconfig['authmode']))
383
		$pconfig['authmode'] = implode(",", $pconfig['authmode']);
384
}
385

    
386
include("head.inc");
387

    
388
?>
389

    
390
<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
391
<?php include("fbegin.inc"); ?>
392
<script language="JavaScript">
393
<!--
394

    
395
function mode_change() {
396
	index = document.iform.mode.selectedIndex;
397
	value = document.iform.mode.options[index].value;
398
	switch(value) {
399
		case "p2p_tls":
400
		case "server_tls":
401
		case "server_user":
402
			document.getElementById("tls").style.display="";
403
			document.getElementById("tls_ca").style.display="";
404
			document.getElementById("tls_crl").style.display="";
405
			document.getElementById("tls_cert").style.display="";
406
			document.getElementById("tls_dh").style.display="";
407
			document.getElementById("strictusercn").style.display="none";
408
			document.getElementById("psk").style.display="none";
409
			break;
410
		case "server_tls_user":
411
			document.getElementById("tls").style.display="";
412
			document.getElementById("tls_ca").style.display="";
413
			document.getElementById("tls_crl").style.display="";
414
			document.getElementById("tls_cert").style.display="";
415
			document.getElementById("tls_dh").style.display="";
416
			document.getElementById("strictusercn").style.display="";
417
			document.getElementById("psk").style.display="none";
418
			break;
419
		case "p2p_shared_key":
420
			document.getElementById("tls").style.display="none";
421
			document.getElementById("tls_ca").style.display="none";
422
			document.getElementById("tls_crl").style.display="none";
423
			document.getElementById("tls_cert").style.display="none";
424
			document.getElementById("tls_dh").style.display="none";
425
			document.getElementById("strictusercn").style.display="none";
426
			document.getElementById("psk").style.display="";
427
			break;
428
	}
429
	switch(value) {
430
		case "p2p_shared_key":
431
			document.getElementById("client_opts").style.display="none";
432
			document.getElementById("remote_opts").style.display="";
433
			document.getElementById("gwredir_opts").style.display="none";
434
			document.getElementById("local_opts").style.display="none";
435
			document.getElementById("authmodetr").style.display="none";
436
			document.getElementById("inter_client_communication").style.display="none";
437
			break;
438
		case "p2p_tls":
439
			document.getElementById("client_opts").style.display="none";
440
			document.getElementById("remote_opts").style.display="";
441
			document.getElementById("gwredir_opts").style.display="";
442
			document.getElementById("local_opts").style.display="";
443
			document.getElementById("authmodetr").style.display="none";
444
			document.getElementById("inter_client_communication").style.display="none";
445
			break;
446
		case "server_user":
447
                case "server_tls_user":
448
			document.getElementById("authmodetr").style.display="";
449
			document.getElementById("client_opts").style.display="";
450
			document.getElementById("remote_opts").style.display="none";
451
			document.getElementById("gwredir_opts").style.display="";
452
			document.getElementById("local_opts").style.display="";
453
			document.getElementById("inter_client_communication").style.display="";
454
			break;
455
		case "server_tls":
456
			document.getElementById("authmodetr").style.display="none";
457
		default:
458
			document.getElementById("client_opts").style.display="";
459
			document.getElementById("remote_opts").style.display="none";
460
			document.getElementById("gwredir_opts").style.display="";
461
			document.getElementById("local_opts").style.display="";
462
			document.getElementById("inter_client_communication").style.display="";
463
			break;
464
	}
465
	gwredir_change();
466
}
467

    
468
function autokey_change() {
469

    
470
	if (document.iform.autokey_enable.checked)
471
		document.getElementById("autokey_opts").style.display="none";
472
	else
473
		document.getElementById("autokey_opts").style.display="";
474
}
475

    
476
function tlsauth_change() {
477

    
478
<?php if (!$pconfig['tls']): ?>
479
	if (document.iform.tlsauth_enable.checked)
480
		document.getElementById("tlsauth_opts").style.display="";
481
	else
482
		document.getElementById("tlsauth_opts").style.display="none";
483
<?php endif; ?>
484

    
485
	autotls_change();
486
}
487

    
488
function autotls_change() {
489

    
490
<?php if (!$pconfig['tls']): ?>
491
	autocheck = document.iform.autotls_enable.checked;
492
<?php else: ?>
493
	autocheck = false;
494
<?php endif; ?>
495

    
496
	if (document.iform.tlsauth_enable.checked && !autocheck)
497
		document.getElementById("autotls_opts").style.display="";
498
	else
499
		document.getElementById("autotls_opts").style.display="none";
500
}
501

    
502
function gwredir_change() {
503

    
504
	if (document.iform.gwredir.checked)
505
		document.getElementById("local_opts").style.display="none";
506
	else
507
		document.getElementById("local_opts").style.display="";
508
}
509

    
510
function dns_domain_change() {
511

    
512
	if (document.iform.dns_domain_enable.checked)
513
		document.getElementById("dns_domain_data").style.display="";
514
	else
515
		document.getElementById("dns_domain_data").style.display="none";
516
}
517

    
518
function dns_server_change() {
519

    
520
	if (document.iform.dns_server_enable.checked)
521
		document.getElementById("dns_server_data").style.display="";
522
	else
523
		document.getElementById("dns_server_data").style.display="none";
524
}
525

    
526
function wins_server_change() {
527

    
528
	if (document.iform.wins_server_enable.checked)
529
		document.getElementById("wins_server_data").style.display="";
530
	else
531
		document.getElementById("wins_server_data").style.display="none";
532
}
533

    
534
function ntp_server_change() {
535

    
536
	if (document.iform.ntp_server_enable.checked)
537
		document.getElementById("ntp_server_data").style.display="";
538
	else
539
		document.getElementById("ntp_server_data").style.display="none";
540
}
541

    
542
function netbios_change() {
543

    
544
	if (document.iform.netbios_enable.checked) {
545
		document.getElementById("netbios_data").style.display="";
546
		document.getElementById("wins_opts").style.display="";
547
	} else {
548
		document.getElementById("netbios_data").style.display="none";
549
		document.getElementById("wins_opts").style.display="none";
550
	}
551
}
552

    
553
//-->
554
</script>
555
<?php
556
if (!$savemsg)
557
	$savemsg = "";
558
if (count($a_ca) == 0)
559
	$savemsg .= "You have no Certificate Authorities defined. You can visit the <a href=\"system_camanager.php\">Certificate Manager</a> or use the <a href=\"wizard.php?xml=openvpn_wizard.xml\">Wizard.</a> to create one. ";
560
if (count($a_cert) == 0)
561
	$savemsg .= "<br/>You have no Certificates defined. You can visit the <a href=\"system_camanager.php\">Certificate Manager</a> or use the <a href=\"wizard.php?xml=openvpn_wizard.xml\">Wizard.</a> to create one. ";
562

    
563
if ($input_errors)
564
	print_input_errors($input_errors);
565
if ($savemsg)
566
	print_info_box_np($savemsg);
567
?>
568
<table width="100%" border="0" cellpadding="0" cellspacing="0">
569
	<tr>
570
		<td class="tabnavtbl">
571
			<ul id="tabnav">
572
			<?php 
573
				$tab_array = array();
574
				$tab_array[] = array(gettext("Server"), true, "vpn_openvpn_server.php");
575
				$tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php");
576
				$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
577
				$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
578
				add_package_tabs("OpenVPN", $tab_array);
579
				display_top_tabs($tab_array);
580
			?>
581
			</ul>
582
		</td>
583
	</tr>    
584
	<tr>
585
		<td class="tabcont">
586

    
587
			<?php if($act=="new" || $act=="edit"): ?>
588

    
589
			<form action="vpn_openvpn_server.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
590
				<table width="100%" border="0" cellpadding="6" cellspacing="0">
591
					<tr>
592
						<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
593
					</tr>
594
					<tr>
595
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
596
						<td width="78%" class="vtable">
597
							<table border="0" cellpadding="0" cellspacing="0">
598
								<tr>
599
									<td>
600
										<?php set_checked($pconfig['disable'],$chk); ?>
601
										<input name="disable" type="checkbox" value="yes" <?=$chk;?>/>
602
									</td>
603
									<td>
604
										&nbsp;
605
										<span class="vexpl">
606
											<strong><?=gettext("Disable this server"); ?></strong><br>
607
										</span>
608
									</td>
609
								</tr>
610
							</table>
611
							<?=gettext("Set this option to disable this server without removing it from the list"); ?>.
612
						</td>
613
					</tr>
614
					<tr>
615
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
616
							<td width="78%" class="vtable">
617
							<select name='mode' id='mode' class="formselect" onchange='mode_change()'>
618
							<?php
619
								foreach ($openvpn_server_modes as $name => $desc):
620
									$selected = "";
621
									if ($pconfig['mode'] == $name)
622
										$selected = "selected";
623
							?>
624
								<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
625
							<?php endforeach; ?>
626
							</select>
627
						</td>
628
					</tr>
629
					<tr id="authmodetr" style="display:none">
630
                                                <td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td>
631
                                                        <td width="78%" class="vtable">
632
                                                        <select name='authmode[]' id='authmode' class="formselect" multiple="true" size="<?php echo count($auth_servers); ?>">
633
							<?php $authmodes = explode(",", $pconfig['authmode']); ?>
634
                                                        <?php
635
								$auth_servers = auth_get_authserver_list();
636
                                                                foreach ($auth_servers as $auth_server):
637
                                                                        $selected = "";
638
                                                                        if (in_array($auth_server['name'], $authmodes))
639
                                                                                $selected = "selected";
640
                                                        ?>
641
                                                                <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option>
642
                                                        <?php 	endforeach; ?>
643
                                                        </select>
644
                                                </td>
645
                                        </tr>
646
					<tr>
647
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
648
							<td width="78%" class="vtable">
649
							<select name='protocol' class="formselect">
650
							<?php
651
								foreach ($openvpn_prots as $prot):
652
									$selected = "";
653
									if ($pconfig['protocol'] == $prot)
654
										$selected = "selected";
655
							?>
656
								<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
657
							<?php endforeach; ?>
658
							</select>
659
							</td>
660
					</tr>
661
					<tr>
662
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td>
663
						<td width="78%" class="vtable">
664
							<select name="dev_mode" class="formselect">
665
                                                        <?php
666
                                                                foreach ($openvpn_dev_mode as $device):
667
                                                                       $selected = "";
668
                                                                       if (! empty($pconfig['dev_mode'])) {
669
                                                                               if ($pconfig['dev_mode'] == $device)
670
                                                                                       $selected = "selected";
671
                                                                       } else {
672
                                                                               if ($device == "tun")
673
                                                                                       $selected = "selected";
674
                                                                       }
675
                                                        ?>
676
                                                                <option value="<?=$device;?>" <?=$selected;?>><?=$device;?></option>
677
                                                        <?php endforeach; ?>
678
                                                        </select>
679
                                                        </td>
680
                                        </tr>
681
					<tr>
682
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
683
						<td width="78%" class="vtable">
684
							<select name="interface" class="formselect">
685
								<?php
686
									$interfaces = get_configured_interface_with_descr();
687
									$carplist = get_configured_carp_interface_list();
688
									foreach ($carplist as $cif => $carpip)
689
										$interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
690
									$aliaslist = get_configured_ip_aliases_list();
691
									foreach ($aliaslist as $aliasip => $aliasif)
692
										$interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
693
									$interfaces['any'] = "any";
694
									foreach ($interfaces as $iface => $ifacename):
695
										$selected = "";
696
										if ($iface == $pconfig['interface'])
697
											$selected = "selected";
698
								?>
699
									<option value="<?=$iface;?>" <?=$selected;?>>
700
										<?=htmlspecialchars($ifacename);?>
701
									</option>
702
								<?php endforeach; ?>
703
							</select> <br>
704
						</td>
705
					</tr>
706
					<tr>
707
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Local port");?></td>
708
						<td width="78%" class="vtable">
709
							<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>"/>
710
						</td>
711
					</tr>
712
					<tr> 
713
						<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
714
						<td width="78%" class="vtable"> 
715
							<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>">
716
							<br>
717
							<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
718
						</td>
719
					</tr>
720
					<tr>
721
						<td colspan="2" class="list" height="12"></td>
722
					</tr>
723
					<tr>
724
						<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
725
					</tr>
726
					<tr id="tls">
727
						<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
728
						<td width="78%" class="vtable">
729
							<table border="0" cellpadding="2" cellspacing="0">
730
								<tr>
731
									<td>
732
										<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
733
										<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onClick="tlsauth_change()">
734
									</td>
735
									<td>
736
										<span class="vexpl">
737
											<?=gettext("Enable authentication of TLS packets"); ?>.
738
										</span>
739
									</td>
740
								</tr>
741
							</table>
742
							<?php if (!$pconfig['tls']): ?>
743
							<table border="0" cellpadding="2" cellspacing="0" id='tlsauth_opts'>
744
								<tr>
745
									<td>
746
										<?php set_checked($pconfig['autotls_enable'],$chk); ?>
747
										<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autotls_change()">
748
									</td>
749
									<td>
750
										<span class="vexpl">
751
											<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
752
										</span>
753
									</td>
754
								</tr>
755
							</table>
756
							<?php endif; ?>
757
							<table border="0" cellpadding="2" cellspacing="0" id='autotls_opts'>
758
								<tr>
759
									<td>
760
										<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
761
										<br/>
762
										<?=gettext("Paste your shared key here"); ?>.
763
									</td>
764
								</tr>
765
							</table>
766
						</td>
767
					</tr>
768
					<tr id="tls_ca">
769
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
770
							<td width="78%" class="vtable">
771
							<select name='caref' class="formselect">
772
							<?php
773
								foreach ($a_ca as $ca):
774
									$selected = "";
775
									if ($pconfig['caref'] == $ca['refid'])
776
										$selected = "selected";
777
							?>
778
								<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
779
							<?php endforeach; ?>
780
							</select>
781
							</td>
782
					</tr>
783
					<tr id="tls_crl">
784
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Revocation List"); ?></td>
785
							<td width="78%" class="vtable">
786
							<select name='crlref' class="formselect">
787
								<option value="">None</option>
788
							<?php
789
								foreach ($a_crl as $crl):
790
									$selected = "";
791
									$caname = "";
792
									$ca = lookup_ca($crl['caref']);
793
									if ($ca) {
794
										$caname = " (CA: {$ca['descr']})";
795
										if ($pconfig['crlref'] == $crl['refid'])
796
											$selected = "selected";
797
									}
798
							?>
799
								<option value="<?=$crl['refid'];?>" <?=$selected;?>><?=$crl['descr'] . $caname;?></option>
800
							<?php endforeach; ?>
801
							</select>
802
							</td>
803
					</tr>
804
					<tr id="tls_cert">
805
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Certificate"); ?></td>
806
							<td width="78%" class="vtable">
807
							<select name='certref' class="formselect">
808
							<?php
809
							foreach ($a_cert as $cert):
810
								$selected = "";
811
								$caname = "";
812
								$inuse = "";
813
								$revoked = "";
814
								$ca = lookup_ca($cert['caref']);
815
								if ($ca)
816
									$caname = " (CA: {$ca['descr']})";
817
								if ($pconfig['certref'] == $cert['refid'])
818
									$selected = "selected";
819
								if (cert_in_use($cert['refid']))
820
									$inuse = " *In Use";
821
								if (is_cert_revoked($cert))
822
								$revoked = " *Revoked";
823
							?>
824
								<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
825
							<?php endforeach; ?>
826
							</select>
827
						</td>
828
					</tr>
829
					<tr id="tls_dh">
830
						<td width="22%" valign="top" class="vncellreq"><?=gettext("DH Parameters Length"); ?></td>
831
						<td width="78%" class="vtable">
832
							<select name="dh_length" class="formselect">
833
								<?php
834
									foreach ($openvpn_dh_lengths as $length):
835
									$selected = '';
836
									if ($length == $pconfig['dh_length'])
837
										$selected = ' selected';
838
								?>
839
								<option<?=$selected?>><?=$length;?></option>
840
								<?php endforeach; ?>
841
							</select>
842
							<span class="vexpl">
843
								<?=gettext("bits"); ?>
844
							</span>
845
						</td>
846
					</tr>
847
					<tr id="psk">
848
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
849
						<td width="78%" class="vtable">
850
							<?php if (!$pconfig['shared_key']): ?>
851
							<table border="0" cellpadding="2" cellspacing="0">
852
								<tr>
853
									<td>
854
										<?php set_checked($pconfig['autokey_enable'],$chk); ?>
855
										<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autokey_change()">
856
									</td>
857
									<td>
858
										<span class="vexpl">
859
											<?=gettext("Automatically generate a shared key"); ?>.
860
										</span>
861
									</td>
862
								</tr>
863
							</table>
864
							<?php endif; ?>
865
							<table border="0" cellpadding="2" cellspacing="0" id='autokey_opts'>
866
								<tr>
867
									<td>
868
										<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
869
										<br/>
870
										<?=gettext("Paste your shared key here"); ?>.
871
									</td>
872
								</tr>
873
							</table>
874
						</td>
875
					</tr>
876
					<tr>
877
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
878
						<td width="78%" class="vtable">
879
							<select name="crypto" class="formselect">
880
								<?php
881
									$cipherlist = openvpn_get_cipherlist();
882
									foreach ($cipherlist as $name => $desc):
883
									$selected = '';
884
									if ($name == $pconfig['crypto'])
885
										$selected = ' selected';
886
								?>
887
								<option value="<?=$name;?>"<?=$selected?>>
888
									<?=htmlspecialchars($desc);?>
889
								</option>
890
								<?php endforeach; ?>
891
							</select>
892
						</td>
893
					</tr>
894
					<tr id="engine">
895
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
896
						<td width="78%" class="vtable">
897
							<select name="engine" class="formselect">
898
								<?php
899
									$engines = openvpn_get_engines();
900
									foreach ($engines as $name => $desc):
901
									$selected = '';
902
									if ($name == $pconfig['engine'])
903
										$selected = ' selected';
904
								?>
905
								<option value="<?=$name;?>"<?=$selected?>>
906
									<?=htmlspecialchars($desc);?>
907
								</option>
908
								<?php endforeach; ?>
909
							</select>
910
						</td>
911
					</tr>
912
					<tr id="strictusercn">
913
						<td width="22%" valign="top" class="vncell"><?=gettext("Strict User/CN Matching"); ?></td>
914
						<td width="78%" class="vtable">
915
							<table border="0" cellpadding="2" cellspacing="0">
916
								<tr>
917
									<td>
918
										<?php set_checked($pconfig['strictusercn'],$chk); ?>
919
										<input name="strictusercn" type="checkbox" value="yes" <?=$chk;?>/>
920
									</td>
921
									<td>
922
										<span class="vexpl">
923
											<?=gettext("When authenticating users, enforce a match between the common name of the client certificate and the username given at login."); ?>
924
										</span>
925
									</td>
926
								</tr>
927
							</table>
928
						</td>
929
					</tr>
930
					<tr>
931
						<td colspan="2" class="list" height="12"></td>
932
					</tr>
933
					<tr>
934
						<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
935
					</tr>
936
					<tr>
937
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Tunnel Network"); ?></td>
938
						<td width="78%" class="vtable">
939
							<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>">
940
							<br>
941
							<?=gettext("This is the virtual network used for private " .
942
							"communications between this server and client " .
943
							"hosts expressed using CIDR (eg. 10.0.8.0/24). " .
944
							"The first network address will be assigned to " .
945
							"the	server virtual interface. The remaining " .
946
							"network addresses can optionally be assigned " .
947
							"to connecting clients. (see Address Pool)"); ?>
948
						</td>
949
					</tr>
950
					<tr id="gwredir_opts">
951
						<td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td>
952
						<td width="78%" class="vtable">
953
							<table border="0" cellpadding="2" cellspacing="0">
954
								<tr>
955
									<td>
956
										<?php set_checked($pconfig['gwredir'],$chk); ?>
957
										<input name="gwredir" type="checkbox" value="yes" <?=$chk;?> onClick="gwredir_change()"/>
958
									</td>
959
									<td>
960
										<span class="vexpl">
961
											<?=gettext("Force all client generated traffic through the tunnel"); ?>.
962
										</span>
963
									</td>
964
								</tr>
965
							</table>
966
						</td>
967
					</tr>
968
					<tr id="local_opts">
969
						<td width="22%" valign="top" class="vncell"><?=gettext("Local Network"); ?></td>
970
						<td width="78%" class="vtable">
971
							<input name="local_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['local_network']);?>">
972
							<br>
973
							<?=gettext("This is the network that will be accessible " .
974
							"from the remote endpoint. Expressed as a CIDR " .
975
							"range. You may leave this blank if you don't " .
976
							"want to add a route to the local network " .
977
							"through this tunnel on the remote machine. " .
978
							"This is generally set to your LAN network"); ?>.
979
						</td>
980
					</tr>
981
					<tr id="remote_opts">
982
						<td width="22%" valign="top" class="vncell"><?=gettext("Remote Network"); ?></td>
983
						<td width="78%" class="vtable">
984
							<input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>">
985
							<br>
986
							<?=gettext("This is a network that will be routed through " .
987
							"the tunnel, so that a site-to-site VPN can be " .
988
							"established without manually changing the " .
989
							"routing tables. Expressed as a CIDR range. If " .
990
							"this is a site-to-site VPN, enter here the " .
991
							"remote LAN here. You may leave this blank if " .
992
							"you don't want a site-to-site VPN"); ?>.
993
						</td>
994
					</tr>
995
					<tr>
996
						<td width="22%" valign="top" class="vncell"><?=gettext("Concurrent connections");?></td>
997
						<td width="78%" class="vtable">
998
							<input name="maxclients" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['maxclients']);?>"/>
999
							<br/>
1000
							<?=gettext("Specify the maximum number of clients allowed to concurrently connect to this server"); ?>.
1001
						</td>
1002
					</tr>
1003
					<tr>
1004
						<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
1005
						<td width="78%" class="vtable">
1006
							<table border="0" cellpadding="2" cellspacing="0">
1007
								<tr>
1008
									<td>
1009
										<?php set_checked($pconfig['compression'],$chk); ?>
1010
										<input name="compression" type="checkbox" value="yes" <?=$chk;?>>
1011
									</td>
1012
									<td>
1013
										<span class="vexpl">
1014
											<?=gettext("Compress tunnel packets using the LZO algorithm"); ?>.
1015
										</span>
1016
									</td>
1017
								</tr>
1018
							</table>
1019
						</td>
1020
					</tr>
1021
					<tr>
1022
						<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
1023
						<td width="78%" class="vtable">
1024
							<table border="0" cellpadding="2" cellspacing="0">
1025
								<tr>
1026
									<td>
1027
										<?php set_checked($pconfig['passtos'],$chk); ?>
1028
										<input name="passtos" type="checkbox" value="yes" <?=$chk;?>>
1029
									</td>
1030
									<td>
1031
										<span class="vexpl">
1032
											<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
1033
										</span>
1034
									</td>
1035
								</tr>
1036
							</table>
1037
						</td>
1038
					</tr>
1039
					<tr id="inter_client_communication">
1040
						<td width="22%" valign="top" class="vncell"><?=gettext("Inter-client communication"); ?></td>
1041
						<td width="78%" class="vtable">
1042
							<table border="0" cellpadding="2" cellspacing="0">
1043
								<tr>
1044
									<td>
1045
										<?php set_checked($pconfig['client2client'],$chk); ?>
1046
										<input name="client2client" type="checkbox" value="yes" <?=$chk;?>/>
1047
									</td>
1048
									<td>
1049
										<span class="vexpl">
1050
											<?=gettext("Allow communication between clients connected to this server"); ?>
1051
										</span>
1052
									</td>
1053
								</tr>
1054
							</table>
1055
						</td>
1056
					</tr>
1057
					<tr id="duplicate_cn">
1058
						<td width="22%" valign="top" class="vncell"><?=gettext("Duplicate Connections"); ?></td>
1059
						<td width="78%" class="vtable">
1060
							<table border="0" cellpadding="2" cellspacing="0">
1061
								<tr>
1062
									<td>
1063
										<?php set_checked($pconfig['duplicate_cn'],$chk); ?>
1064
										<input name="duplicate_cn" type="checkbox" value="yes" <?=$chk;?>/>
1065
									</td>
1066
									<td>
1067
										<span class="vexpl">
1068
											<?=gettext("Allow multiple concurrent connections from clients using the same Common Name.<br/>NOTE: This is not generally recommended, but may be needed for some scenarios."); ?>
1069
										</span>
1070
									</td>
1071
								</tr>
1072
							</table>
1073
						</td>
1074
					</tr>
1075
				</table>
1076

    
1077
				<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts">
1078
					<tr>
1079
						<td colspan="2" class="list" height="12"></td>
1080
					</tr>
1081
					<tr>
1082
						<td colspan="2" valign="top" class="listtopic"><?=gettext("Client Settings"); ?></td>
1083
					</tr>
1084
					<tr>
1085
						<td width="22%" valign="top" class="vncell"><?=gettext("Dynamic IP"); ?></td>
1086
						<td width="78%" class="vtable">
1087
							<table border="0" cellpadding="2" cellspacing="0">
1088
								<tr>
1089
									<td>
1090
										<?php set_checked($pconfig['dynamic_ip'],$chk); ?>
1091
										<input name="dynamic_ip" type="checkbox" id="dynamic_ip" value="yes" <?=$chk;?>/>
1092
									</td>
1093
									<td>
1094
										<span class="vexpl">
1095
											<?=gettext("Allow connected clients to retain their connections if their IP address changes"); ?>.<br>
1096
										</span>
1097
									</td>
1098
								</tr>
1099
							</table>
1100
						</td>
1101
					</tr>
1102
					<tr>
1103
						<td width="22%" valign="top" class="vncell"><?=gettext("Address Pool"); ?></td>
1104
						<td width="78%" class="vtable">
1105
							<table border="0" cellpadding="2" cellspacing="0">
1106
								<tr>
1107
									<td>
1108
										<?php set_checked($pconfig['pool_enable'],$chk); ?>
1109
										<input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?>/>
1110
									</td>
1111
									<td>
1112
										<span class="vexpl">
1113
											<?=gettext("Provide a virtual adapter IP address to clients (see Tunnel Network)"); ?><br>
1114
										</span>
1115
									</td>
1116
								</tr>
1117
							</table>
1118
						</td>
1119
					</tr>
1120
					<tr>
1121
						<td width="22%" valign="top" class="vncell"><?=gettext("DNS Default Domain"); ?></td>
1122
						<td width="78%" class="vtable">
1123
							<table border="0" cellpadding="2" cellspacing="0">
1124
								<tr>
1125
									<td>
1126
										<?php set_checked($pconfig['dns_domain_enable'],$chk); ?>
1127
										<input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onClick="dns_domain_change()">
1128
									</td>
1129
									<td>
1130
										<span class="vexpl">
1131
	                                        <?=gettext("Provide a default domain name to clients"); ?><br>
1132
										</span>
1133
									</td>
1134
								</tr>
1135
							</table>
1136
							<table border="0" cellpadding="2" cellspacing="0" id="dns_domain_data">
1137
								<tr>
1138
									<td>
1139
										<input name="dns_domain" type="text" class="formfld unknown" id="dns_domain" size="30" value="<?=htmlspecialchars($pconfig['dns_domain']);?>">
1140
									</td>
1141
								</tr>
1142
							</table>
1143
						</td>
1144
					</tr>
1145
					<tr>
1146
						<td width="22%" valign="top" class="vncell"><?=gettext("DNS Servers"); ?></td>
1147
						<td width="78%" class="vtable">
1148
							<table border="0" cellpadding="2" cellspacing="0">
1149
								<tr>
1150
									<td>
1151
										<?php set_checked($pconfig['dns_server_enable'],$chk); ?>
1152
										<input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onClick="dns_server_change()">
1153
									</td>
1154
									<td>
1155
										<span class="vexpl">
1156
											<?=gettext("Provide a DNS server list to clients"); ?><br>
1157
										</span>
1158
									</td>
1159
								</tr>
1160
							</table>
1161
							<table border="0" cellpadding="2" cellspacing="0" id="dns_server_data">
1162
								<tr>
1163
									<td>
1164
										<span class="vexpl">
1165
											<?=gettext("Server"); ?> #1:&nbsp;
1166
										</span>
1167
										<input name="dns_server1" type="text" class="formfld unknown" id="dns_server1" size="20" value="<?=htmlspecialchars($pconfig['dns_server1']);?>">
1168
									</td>
1169
								</tr>
1170
								<tr>
1171
									<td>
1172
										<span class="vexpl">
1173
											<?=gettext("Server"); ?> #2:&nbsp;
1174
										</span>
1175
										<input name="dns_server2" type="text" class="formfld unknown" id="dns_server2" size="20" value="<?=htmlspecialchars($pconfig['dns_server2']);?>">
1176
									</td>
1177
								</tr>
1178
								<tr>
1179
									<td>
1180
										<span class="vexpl">
1181
											<?=gettext("Server"); ?> #3:&nbsp;
1182
										</span>
1183
										<input name="dns_server3" type="text" class="formfld unknown" id="dns_server3" size="20" value="<?=htmlspecialchars($pconfig['dns_server3']);?>">
1184
									</td>
1185
								</tr>
1186
								<tr>
1187
									<td>
1188
										<span class="vexpl">
1189
											<?=gettext("Server"); ?> #4:&nbsp;
1190
										</span>
1191
										<input name="dns_server4" type="text" class="formfld unknown" id="dns_server4" size="20" value="<?=htmlspecialchars($pconfig['dns_server4']);?>">
1192
									</td>
1193
								</tr>
1194
							</table>
1195
						</td>
1196
					</tr>
1197
					<tr>
1198
						<td width="22%" valign="top" class="vncell"><?=gettext("NTP Servers"); ?></td>
1199
						<td width="78%" class="vtable">
1200
							<table border="0" cellpadding="2" cellspacing="0">
1201
								<tr>
1202
									<td>
1203
										<?php set_checked($pconfig['ntp_server_enable'],$chk); ?>
1204
										<input name="ntp_server_enable" type="checkbox" id="ntp_server_enable" value="yes" <?=$chk;?> onClick="ntp_server_change()">
1205
									</td>
1206
									<td>
1207
										<span class="vexpl">
1208
											<?=gettext("Provide a NTP server list to clients"); ?><br>
1209
										</span>
1210
									</td>
1211
								</tr>
1212
							</table>
1213
							<table border="0" cellpadding="2" cellspacing="0" id="ntp_server_data">
1214
								<tr>
1215
									<td>
1216
										<span class="vexpl">
1217
											<?=gettext("Server"); ?> #1:&nbsp;
1218
										</span>
1219
										<input name="ntp_server1" type="text" class="formfld unknown" id="ntp_server1" size="20" value="<?=htmlspecialchars($pconfig['ntp_server1']);?>">
1220
									</td>
1221
								</tr>
1222
								<tr>
1223
									<td>
1224
										<span class="vexpl">
1225
											<?=gettext("Server"); ?> #2:&nbsp;
1226
										</span>
1227
										<input name="ntp_server2" type="text" class="formfld unknown" id="ntp_server2" size="20" value="<?=htmlspecialchars($pconfig['ntp_server2']);?>">
1228
									</td>
1229
								</tr>
1230
							</table>
1231
						</td>
1232
					</tr>
1233
					<tr>
1234
						<td width="22%" valign="top" class="vncell"><?=gettext("NetBIOS Options"); ?></td>
1235
						<td width="78%" class="vtable">
1236
							<table border="0" cellpadding="2" cellspacing="0">
1237
								<tr>
1238
									<td>
1239
										<?php set_checked($pconfig['netbios_enable'],$chk); ?>
1240
										<input name="netbios_enable" type="checkbox" id="netbios_enable" value="yes" <?=$chk;?> onClick="netbios_change()">
1241
									</td>
1242
									<td>
1243
										<span class="vexpl">
1244
											<?=gettext("Enable NetBIOS over TCP/IP"); ?><br>
1245
										</span>
1246
									</td>
1247
								</tr>
1248
							</table>
1249
							<?=gettext("If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled"); ?>.
1250
							<br/>
1251
							<table border="0" cellpadding="2" cellspacing="0" id="netbios_data">
1252
								<tr>
1253
									<td>
1254
										<br/>
1255
										<span class="vexpl">
1256
											<?=gettext("Node Type"); ?>:&nbsp;
1257
										</span>
1258
										<select name='netbios_ntype' class="formselect">
1259
										<?php
1260
											foreach ($netbios_nodetypes as $type => $name):
1261
												$selected = "";
1262
												if ($pconfig['netbios_ntype'] == $type)
1263
													$selected = "selected";
1264
										?>
1265
											<option value="<?=$type;?>" <?=$selected;?>><?=$name;?></option>
1266
										<?php endforeach; ?>
1267
										</select>
1268
										<br/>
1269
										<?=gettext("Possible options: b-node (broadcasts), p-node " .
1270
										"(point-to-point name queries to a WINS server), " .
1271
										"m-node (broadcast then query name server), and " .
1272
										"h-node (query name server, then broadcast)"); ?>.
1273
									</td>
1274
								</tr>
1275
								<tr>
1276
									<td>
1277
										<br/>
1278
										<span class="vexpl">
1279
											<?=gettext("Scope ID"); ?>:&nbsp;
1280
										</span>
1281
										<input name="netbios_scope" type="text" class="formfld unknown" id="netbios_scope" size="30" value="<?=htmlspecialchars($pconfig['netbios_scope']);?>">
1282
										<br/>
1283
										<?=gettext("A NetBIOS Scope	ID provides an extended naming " .
1284
										"service for	NetBIOS over TCP/IP. The NetBIOS " .
1285
										"scope ID isolates NetBIOS traffic on a single " .
1286
										"network to only those nodes with the same " .
1287
										"NetBIOS scope ID"); ?>.
1288
									</td>
1289
								</tr>
1290
							</table>
1291
						</td>
1292
					</tr>
1293
					<tr id="wins_opts">
1294
						<td width="22%" valign="top" class="vncell"><?=gettext("WINS Servers"); ?></td>
1295
						<td width="78%" class="vtable">
1296
							<table border="0" cellpadding="2" cellspacing="0">
1297
								<tr>
1298
									<td>
1299
										<?php set_checked($pconfig['wins_server_enable'],$chk); ?>
1300
										<input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onClick="wins_server_change()">
1301
									</td>
1302
									<td>
1303
										<span class="vexpl">
1304
											<?=gettext("Provide a WINS server list to clients"); ?><br>
1305
										</span>
1306
									</td>
1307
								</tr>
1308
							</table>
1309
							<table border="0" cellpadding="2" cellspacing="0" id="wins_server_data">
1310
								<tr>
1311
									<td>
1312
										<span class="vexpl">
1313
											<?=gettext("Server"); ?> #1:&nbsp;
1314
										</span>
1315
										<input name="wins_server1" type="text" class="formfld unknown" id="wins_server1" size="20" value="<?=htmlspecialchars($pconfig['wins_server1']);?>">
1316
									</td>
1317
								</tr>
1318
								<tr>
1319
									<td>
1320
										<span class="vexpl">
1321
											<?=gettext("Server"); ?> #2:&nbsp;
1322
										</span>
1323
										<input name="wins_server2" type="text" class="formfld unknown" id="wins_server2" size="20" value="<?=htmlspecialchars($pconfig['wins_server2']);?>">
1324
									</td>
1325
								</tr>
1326
							</table>
1327
						</td>
1328
					</tr>
1329
				</table>
1330

    
1331
				<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts">
1332
					<tr>
1333
						<td colspan="2" class="list" height="12"></td>
1334
					</tr>
1335
					<tr>
1336
						<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
1337
					</tr>
1338
					<tr>
1339
						<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
1340
						<td width="78%" class="vtable">
1341
							<table border="0" cellpadding="2" cellspacing="0">
1342
								<tr>
1343
									<td>
1344
										<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br/>
1345
										<?=gettext("Enter any additional options you would like to add to the OpenVPN server configuration here, separated by a semicolon"); ?><br/>
1346
										<?=gettext("EXAMPLE: push \"route 10.0.0.0 255.255.255.0\""); ?>;
1347
									</td>
1348
								</tr>
1349
							</table>
1350
						</td>
1351
					</tr>
1352
				</table>
1353

    
1354
				<br/>
1355

    
1356
				<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts">
1357
					<tr>
1358
						<td width="22%" valign="top">&nbsp;</td>
1359
						<td width="78%"> 
1360
							<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> 
1361
							<input name="act" type="hidden" value="<?=$act;?>">
1362
							<?php if (isset($id) && $a_server[$id]): ?>
1363
							<input name="id" type="hidden" value="<?=$id;?>">
1364
							<?php endif; ?>
1365
						</td>
1366
					</tr>
1367
				</table>
1368
			</form>
1369

    
1370
			<?php else: ?>
1371

    
1372
			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
1373
				<thead>
1374
				<tr>
1375
					<td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td>
1376
					<td width="10%" class="listhdrr"><?=gettext("Protocol / Port"); ?></td>
1377
					<td width="30%" class="listhdrr"><?=gettext("Tunnel Network"); ?></td>
1378
					<td width="40%" class="listhdrr"><?=gettext("Description"); ?></td>
1379
					<td width="10%" class="list"></td>
1380
				</tr>
1381
				</thead>
1382
				<tbody>
1383
				<?php
1384
					$i = 0;
1385
					foreach($a_server as $server):
1386
						$disabled = "NO";
1387
						if (isset($server['disable']))
1388
							$disabled = "YES";
1389
				?>
1390
				<tr>
1391
					<td class="listlr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1392
						<?=$disabled;?>
1393
					</td>
1394
					<td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1395
						<?=htmlspecialchars($server['protocol']);?> / <?=htmlspecialchars($server['local_port']);?>
1396
					</td>
1397
					<td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1398
						<?=htmlspecialchars($server['tunnel_network']);?>
1399
					</td>
1400
					<td class="listbg" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1401
						<?=htmlspecialchars($server['description']);?>
1402
					</td>
1403
					<td valign="middle" nowrap class="list">
1404
						<a href="vpn_openvpn_server.php?act=edit&id=<?=$i;?>">
1405
							<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit server"); ?>" width="17" height="17" border="0">
1406
						</a>
1407
						&nbsp;
1408
						<a href="vpn_openvpn_server.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this server?"); ?>')">
1409
							<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete server"); ?>" width="17" height="17" border="0">
1410
						</a>
1411
					</td>
1412
				</tr>
1413
				<?php
1414
					$i++;
1415
					endforeach;
1416
				?>
1417
				</tbody>
1418
				<tfoot>
1419
				<tr>
1420
					<td class="list" colspan="4"></td>
1421
					<td class="list">
1422
						<a href="vpn_openvpn_server.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add server"); ?>" width="17" height="17" border="0">
1423
						</a>
1424
					</td>
1425
				</tr>
1426
				</tfoot>
1427
			</table>
1428

    
1429
			<?=gettext("Additional OpenVPN servers can be added here.");?>
1430

    
1431
			<?php endif; ?>
1432

    
1433
		</td>
1434
	</tr>
1435
</table>
1436
<script language="JavaScript">
1437
<!--
1438
mode_change();
1439
autokey_change();
1440
tlsauth_change();
1441
gwredir_change();
1442
dns_domain_change();
1443
dns_server_change();
1444
wins_server_change();
1445
ntp_server_change();
1446
netbios_change();
1447
//-->
1448
</script>
1449
</body>
1450
<?php include("fend.inc"); ?>
1451

    
1452
<?php
1453

    
1454
/* local utility functions */
1455

    
1456
function set_checked($var,& $chk) {
1457
    if($var)
1458
        $chk = 'checked';
1459
    else
1460
        $chk = '';
1461
}
1462

    
1463
?>
(218-218/225)