/usr/local/www/vpn_openvpn_client.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_openvpn_client.php @ 1b01056c

1	d799787e	Matthew Grooms	<?php
2			/*
3			vpn_openvpn_client.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6			All rights reserved.
7
8			Redistribution and use in source and binary forms, with or without
9			modification, are permitted provided that the following conditions are met:
10
11			1. Redistributions of source code must retain the above copyright notice,
12			this list of conditions and the following disclaimer.
13
14			2. Redistributions in binary form must reproduce the above copyright
15			notice, this list of conditions and the following disclaimer in the
16			documentation and/or other materials provided with the distribution.
17
18			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27			POSSIBILITY OF SUCH DAMAGE.
28			*/
29
30			##\|+PRIV
31			##\|*IDENT=page-openvpn-client
32			##\|*NAME=OpenVPN: Client page
33			##\|*DESCR=Allow access to the 'OpenVPN: Client' page.
34			##\|MATCH=vpn_openvpn_client.php
35			##\|-PRIV
36
37			require("guiconfig.inc");
38	d84bd468	Ermal Lu?i	require_once("openvpn.inc");
39	d799787e	Matthew Grooms
40	2fa7a468	Carlos Eduardo Ramos	$pgtitle = array(gettext("OpenVPN"), gettext("Client"));
41	efe2be81	jim-p	$statusurl = "status_openvpn.php";
42			$logurl = "diag_logs_openvpn.php";
43	d799787e	Matthew Grooms
44			if (!is_array($config['openvpn']['openvpn-client']))
45			$config['openvpn']['openvpn-client'] = array();
46
47			$a_client = &$config['openvpn']['openvpn-client'];
48
49	428e66b6	jim-p	if (!is_array($config['ca']))
50			$config['ca'] = array();
51
52			$a_ca =& $config['ca'];
53
54			if (!is_array($config['cert']))
55			$config['cert'] = array();
56
57			$a_cert =& $config['cert'];
58
59			if (!is_array($config['crl']))
60			$config['crl'] = array();
61
62			$a_crl =& $config['crl'];
63
64	d799787e	Matthew Grooms	$id = $_GET['id'];
65			if (isset($_POST['id']))
66			$id = $_POST['id'];
67
68			$act = $_GET['act'];
69			if (isset($_POST['act']))
70			$act = $_POST['act'];
71
72			if ($_GET['act'] == "del") {
73
74			if (!$a_client[$id]) {
75			pfSenseHeader("vpn_openvpn_client.php");
76			exit;
77			}
78
79	dc408939	Matthew Grooms	openvpn_delete('client', $a_client[$id]);
80	d799787e	Matthew Grooms	unset($a_client[$id]);
81			write_config();
82			$savemsg = gettext("Client successfully deleted")."<br/>";
83			}
84
85	f432e364	Matthew Grooms	if($_GET['act']=="new"){
86	3c11bd3c	Matthew Grooms	$pconfig['autokey_enable'] = "yes";
87			$pconfig['tlsauth_enable'] = "yes";
88			$pconfig['autotls_enable'] = "yes";
89	f432e364	Matthew Grooms	$pconfig['interface'] = "wan";
90			$pconfig['server_port'] = 1194;
91			}
92
93	d799787e	Matthew Grooms	if($_GET['act']=="edit"){
94
95			if (isset($id) && $a_client[$id]) {
96
97	8319ee63	jim-p	$pconfig['disable'] = isset($a_client[$id]['disable']);
98	3c11bd3c	Matthew Grooms	$pconfig['mode'] = $a_client[$id]['mode'];
99	d799787e	Matthew Grooms	$pconfig['protocol'] = $a_client[$id]['protocol'];
100			$pconfig['interface'] = $a_client[$id]['interface'];
101	67b0902f	pierrepomes	if (!empty($a_client[$id]['ipaddr'])) {
102			$pconfig['interface'] = $pconfig['interface'] . '\|' . $a_client[$id]['ipaddr'];
103			}
104	d799787e	Matthew Grooms	$pconfig['local_port'] = $a_client[$id]['local_port'];
105			$pconfig['server_addr'] = $a_client[$id]['server_addr'];
106			$pconfig['server_port'] = $a_client[$id]['server_port'];
107			$pconfig['resolve_retry'] = $a_client[$id]['resolve_retry'];
108			$pconfig['proxy_addr'] = $a_client[$id]['proxy_addr'];
109			$pconfig['proxy_port'] = $a_client[$id]['proxy_port'];
110	762a24a3	Ermal Lu?i	$pconfig['proxy_user'] = $a_client[$id]['proxy_user'];
111			$pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd'];
112			$pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype'];
113	d799787e	Matthew Grooms	$pconfig['description'] = $a_client[$id]['description'];
114	c7323d81	sullrich	$pconfig['custom_options'] = $a_client[$id]['custom_options'];
115	691fbf14	Ermal Lu?i	$pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type'];
116			$pconfig['dev_mode'] = $a_client[$id]['dev_mode'];
117
118	3c11bd3c	Matthew Grooms	if ($pconfig['mode'] != "p2p_shared_key") {
119	d799787e	Matthew Grooms	$pconfig['caref'] = $a_client[$id]['caref'];
120			$pconfig['certref'] = $a_client[$id]['certref'];
121	3c11bd3c	Matthew Grooms	if ($a_client[$id]['tls']) {
122			$pconfig['tlsauth_enable'] = "yes";
123			$pconfig['tls'] = base64_decode($a_client[$id]['tls']);
124			}
125			} else
126			$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
127	d799787e	Matthew Grooms	$pconfig['crypto'] = $a_client[$id]['crypto'];
128	582c58ae	jim-p	$pconfig['engine'] = $a_server[$id]['engine'];
129	d799787e	Matthew Grooms
130			$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
131			$pconfig['remote_network'] = $a_client[$id]['remote_network'];
132			$pconfig['compression'] = $a_client[$id]['compression'];
133	1cb0b40a	Matthew Grooms	$pconfig['passtos'] = $a_client[$id]['passtos'];
134	3c11bd3c	Matthew Grooms
135			// just in case the modes switch
136			$pconfig['autokey_enable'] = "yes";
137			$pconfig['autotls_enable'] = "yes";
138	d799787e	Matthew Grooms	}
139			}
140
141			if ($_POST) {
142
143			unset($input_errors);
144			$pconfig = $_POST;
145
146	dc408939	Matthew Grooms	if (isset($id) && $a_client[$id])
147			$vpnid = $a_client[$id]['vpnid'];
148	f432e364	Matthew Grooms	else
149			$vpnid = 0;
150
151	98c0c87a	jim-p	if ($pconfig['mode'] != "p2p_shared_key")
152	3c11bd3c	Matthew Grooms	$tls_mode = true;
153			else
154			$tls_mode = false;
155
156	d799787e	Matthew Grooms	/* input validation */
157	f432e364	Matthew Grooms	if ($pconfig['local_port']) {
158
159			if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
160			$input_errors[] = $result;
161
162	5accf130	jim-p	$portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']);
163			if (($portused != $vpnid) && ($portused != 0))
164	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
165	f432e364	Matthew Grooms	}
166
167	d799787e	Matthew Grooms	if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address'))
168			$input_errors[] = $result;
169
170			if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port'))
171			$input_errors[] = $result;
172
173			if ($pconfig['proxy_addr']) {
174
175			if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address'))
176			$input_errors[] = $result;
177
178			if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port'))
179			$input_errors[] = $result;
180	762a24a3	Ermal Lu?i
181			if ($pconfig['proxy_authtype'] != "none") {
182			if (empty($pconfig['proxy_user']) \|\| empty($pconfig['proxy_passwd']))
183	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("User name and password are required for proxy with authentication.");
184	762a24a3	Ermal Lu?i	}
185	d799787e	Matthew Grooms	}
186
187	c13b87a0	sullrich	if($pconfig['tunnel_network'])
188			if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network'))
189			$input_errors[] = $result;
190	d799787e	Matthew Grooms
191			if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network'))
192			$input_errors[] = $result;
193
194	89e6e210	jim-p	if ($pconfig['autokey_enable'])
195			$pconfig['shared_key'] = openvpn_create_key();
196
197	3c11bd3c	Matthew Grooms	if (!$tls_mode && !$pconfig['autokey_enable'])
198	d799787e	Matthew Grooms	if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") \|\|
199			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
200	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
201	3c11bd3c	Matthew Grooms
202			if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
203			if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") \|\|
204			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
205	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
206	d799787e	Matthew Grooms
207	6180c3ae	jim-p	/* If we are not in shared key mode, then we need the CA/Cert. */
208			if ($pconfig['mode'] != "p2p_shared_key") {
209	872d9195	Matthew Grooms	$reqdfields = explode(" ", "caref certref");
210	2fa7a468	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
211	6180c3ae	jim-p	} elseif (!$pconfig['autokey_enable']) {
212			/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
213			$reqdfields = array('shared_key');
214	2fa7a468	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext('Shared key'));
215	d799787e	Matthew Grooms	}
216
217			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
218
219			if (!$input_errors) {
220
221			$client = array();
222
223	f432e364	Matthew Grooms	if ($vpnid)
224			$client['vpnid'] = $vpnid;
225	d799787e	Matthew Grooms	else
226			$client['vpnid'] = openvpn_vpnid_next();
227
228	8319ee63	jim-p	if ($_POST['disable'] == "yes")
229	b65f56f6	jim-p	$client['disable'] = true;
230	d799787e	Matthew Grooms	$client['protocol'] = $pconfig['protocol'];
231	691fbf14	Ermal Lu?i	$client['dev_mode'] = $pconfig['dev_mode'];
232	67b0902f	pierrepomes	list($client['interface'], $client['ipaddr']) = explode ("\|",$pconfig['interface']);
233	d799787e	Matthew Grooms	$client['local_port'] = $pconfig['local_port'];
234			$client['server_addr'] = $pconfig['server_addr'];
235			$client['server_port'] = $pconfig['server_port'];
236			$client['resolve_retry'] = $pconfig['resolve_retry'];
237			$client['proxy_addr'] = $pconfig['proxy_addr'];
238			$client['proxy_port'] = $pconfig['proxy_port'];
239	762a24a3	Ermal Lu?i	$client['proxy_authtype'] = $pconfig['proxy_authtype'];
240			$client['proxy_user'] = $pconfig['proxy_user'];
241			$client['proxy_passwd'] = $pconfig['proxy_passwd'];
242	d799787e	Matthew Grooms	$client['description'] = $pconfig['description'];
243	50a9d5b9	jim-p	$client['mode'] = $pconfig['mode'];
244	e3bbd29a	Ermal	$client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
245	d799787e	Matthew Grooms
246	3c11bd3c	Matthew Grooms	if ($tls_mode) {
247			$client['caref'] = $pconfig['caref'];
248			$client['certref'] = $pconfig['certref'];
249			if ($pconfig['tlsauth_enable']) {
250			if ($pconfig['autotls_enable'])
251			$pconfig['tls'] = openvpn_create_key();
252			$client['tls'] = base64_encode($pconfig['tls']);
253			}
254			} else {
255			$client['shared_key'] = base64_encode($pconfig['shared_key']);
256			}
257	d799787e	Matthew Grooms	$client['crypto'] = $pconfig['crypto'];
258	582c58ae	jim-p	$client['engine'] = $pconfig['engine'];
259	d799787e	Matthew Grooms
260			$client['tunnel_network'] = $pconfig['tunnel_network'];
261			$client['remote_network'] = $pconfig['remote_network'];
262			$client['compression'] = $pconfig['compression'];
263	e067306d	pierrepomes	$client['passtos'] = $pconfig['passtos'];
264	d799787e	Matthew Grooms
265			if (isset($id) && $a_client[$id])
266			$a_client[$id] = $client;
267			else
268			$a_client[] = $client;
269
270	dc408939	Matthew Grooms	openvpn_resync('client', $client);
271	d799787e	Matthew Grooms	write_config();
272
273			header("Location: vpn_openvpn_client.php");
274			exit;
275			}
276			}
277
278			include("head.inc");
279
280			?>
281
282			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
283			<?php include("fbegin.inc"); ?>
284			<script language="JavaScript">
285			<!--
286
287	3c11bd3c	Matthew Grooms	function mode_change() {
288			index = document.iform.mode.selectedIndex;
289			value = document.iform.mode.options[index].value;
290	d799787e	Matthew Grooms	switch(value) {
291	3c11bd3c	Matthew Grooms	case "p2p_tls":
292			document.getElementById("tls").style.display="";
293			document.getElementById("tls_ca").style.display="";
294			document.getElementById("tls_cert").style.display="";
295	d799787e	Matthew Grooms	document.getElementById("psk").style.display="none";
296			break;
297	3c11bd3c	Matthew Grooms	case "p2p_shared_key":
298			document.getElementById("tls").style.display="none";
299			document.getElementById("tls_ca").style.display="none";
300			document.getElementById("tls_cert").style.display="none";
301	d799787e	Matthew Grooms	document.getElementById("psk").style.display="";
302			break;
303			}
304			}
305
306	3c11bd3c	Matthew Grooms	function autokey_change() {
307			if (document.iform.autokey_enable.checked)
308			document.getElementById("autokey_opts").style.display="none";
309			else
310			document.getElementById("autokey_opts").style.display="";
311			}
312
313	762a24a3	Ermal Lu?i	function useproxy_changed() {
314
315			if ($('proxy_authtype').value != 'none') {
316			$('proxy_authtype_opts').show();
317			} else {
318			$('proxy_authtype_opts').hide();
319			}
320			}
321
322	3c11bd3c	Matthew Grooms	function tlsauth_change() {
323
324			<?php if (!$pconfig['tls']): ?>
325			if (document.iform.tlsauth_enable.checked)
326			document.getElementById("tlsauth_opts").style.display="";
327			else
328			document.getElementById("tlsauth_opts").style.display="none";
329			<?php endif; ?>
330
331			autotls_change();
332			}
333
334			function autotls_change() {
335
336			<?php if (!$pconfig['tls']): ?>
337			autocheck = document.iform.autotls_enable.checked;
338			<?php else: ?>
339			autocheck = false;
340			<?php endif; ?>
341
342			if (document.iform.tlsauth_enable.checked && !autocheck)
343			document.getElementById("autotls_opts").style.display="";
344			else
345			document.getElementById("autotls_opts").style.display="none";
346			}
347
348	d799787e	Matthew Grooms	//-->
349			</script>
350			<?php
351	428e66b6	jim-p	if (!$savemsg)
352			$savemsg = "";
353			if (count($a_ca) == 0)
354			$savemsg .= "You have no Certificate Authorities defined. You must visit the <a href=\"system_camanager.php\">Certificate Manager</a> to make one.";
355			if (count($a_cert) == 0)
356			$savemsg .= "<br/>You have no Certificates defined. You must visit the <a href=\"system_camanager.php\">Certificate Manager</a> to make one.";
357
358			if ($input_errors)
359			print_input_errors($input_errors);
360			if ($savemsg)
361			print_info_box($savemsg);
362	d799787e	Matthew Grooms	?>
363			<table width="100%" border="0" cellpadding="0" cellspacing="0">
364			<tr>
365			<td class="tabnavtbl">
366			<ul id="tabnav">
367			<?php
368			$tab_array = array();
369			$tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php");
370			$tab_array[] = array(gettext("Client"), true, "vpn_openvpn_client.php");
371			$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
372	5540aee6	Ermal Lu?i	$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
373	b63f2e8b	Matthew Grooms	add_package_tabs("OpenVPN", $tab_array);
374	d799787e	Matthew Grooms	display_top_tabs($tab_array);
375			?>
376			</ul>
377			</td>
378			</tr>
379			<tr>
380			<td class="tabcont">
381
382			<?php if($act=="new" \|\| $act=="edit"): ?>
383
384			<form action="vpn_openvpn_client.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
385			<table width="100%" border="0" cellpadding="6" cellspacing="0">
386	47c00c09	Scott Ullrich	<tr>
387	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
388	47c00c09	Scott Ullrich	</tr>
389	d799787e	Matthew Grooms	<tr>
390	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
391	d799787e	Matthew Grooms	<td width="78%" class="vtable">
392			<table border="0" cellpadding="0" cellspacing="0">
393			<tr>
394			<td>
395			<?php set_checked($pconfig['disable'],$chk); ?>
396			<input name="disable" type="checkbox" value="yes" <?=$chk;?>/>
397			</td>
398			<td>
399
400			<span class="vexpl">
401	2fa7a468	Carlos Eduardo Ramos	<strong><?=gettext("Disable this client"); ?></strong><br>
402	d799787e	Matthew Grooms	</span>
403			</td>
404			</tr>
405			</table>
406	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this client without removing it from the list"); ?>.
407	d799787e	Matthew Grooms	</td>
408			</tr>
409	3c11bd3c	Matthew Grooms	<tr>
410			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
411			<td width="78%" class="vtable">
412			<select name='mode' id='mode' class="formselect" onchange='mode_change()'>
413			<?php
414			foreach ($openvpn_client_modes as $name => $desc):
415			$selected = "";
416			if ($pconfig['mode'] == $name)
417			$selected = "selected";
418			?>
419			<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
420			<?php endforeach; ?>
421			</select>
422			</td>
423			</tr>
424	d799787e	Matthew Grooms	<tr>
425			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
426			<td width="78%" class="vtable">
427			<select name='protocol' class="formselect">
428			<?php
429			foreach ($openvpn_prots as $prot):
430			$selected = "";
431			if ($pconfig['protocol'] == $prot)
432			$selected = "selected";
433			?>
434			<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
435			<?php endforeach; ?>
436			</select>
437			</td>
438			</tr>
439	691fbf14	Ermal Lu?i	<tr>
440			<td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td>
441			<td width="78%" class="vtable">
442			<select name='dev_mode' class="formselect">
443			<?php
444			foreach ($openvpn_dev_mode as $mode):
445			$selected = "";
446			if ($pconfig['dev_mode'] == $mode)
447			$selected = "selected";
448			?>
449			<option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option>
450			<?php endforeach; ?>
451			</select>
452			</td>
453			</tr>
454	d799787e	Matthew Grooms	<tr>
455	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
456	d799787e	Matthew Grooms	<td width="78%" class="vtable">
457			<select name="interface" class="formselect">
458			<?php
459			$interfaces = get_configured_interface_with_descr();
460	3d06e8f0	pierrepomes	$carplist = get_configured_carp_interface_list();
461			foreach ($carplist as $cif => $carpip)
462	dd62256f	Pierre POMES	$interfaces[$cif.'\|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
463	67b0902f	pierrepomes	$aliaslist = get_configured_ip_aliases_list();
464			foreach ($aliaslist as $aliasip => $aliasif)
465	dd62256f	Pierre POMES	$interfaces[$aliasif.'\|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
466	67b0902f	pierrepomes	$interfaces['any'] = "any";
467	3d06e8f0	pierrepomes	foreach ($interfaces as $iface => $ifacename):
468	1d3bcd2a	Matthew Grooms	$selected = "";
469			if ($iface == $pconfig['interface'])
470			$selected = "selected";
471	d799787e	Matthew Grooms	?>
472	1d3bcd2a	Matthew Grooms	<option value="<?=$iface;?>" <?=$selected;?>>
473			<?=htmlspecialchars($ifacename);?>
474			</option>
475	d799787e	Matthew Grooms	<?php endforeach; ?>
476			</select> <br>
477			</td>
478			</tr>
479	1d3bcd2a	Matthew Grooms	<tr>
480			<td width="22%" valign="top" class="vncell"><?=gettext("Local port");?></td>
481			<td width="78%" class="vtable">
482			<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>"/>
483	d799787e	Matthew Grooms	<br/>
484	5708241f	jim-p	<?=gettext("Set this option if you would like to bind to a specific port. Leave this blank or enter 0 for a random dynamic port."); ?>
485	1d3bcd2a	Matthew Grooms	</td>
486			</tr>
487	d799787e	Matthew Grooms	<tr>
488			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server host or address");?></td>
489			<td width="78%" class="vtable">
490			<input name="server_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['server_addr']);?>"/>
491			</td>
492			</tr>
493			<tr>
494			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server port");?></td>
495			<td width="78%" class="vtable">
496			<input name="server_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['server_port']);?>"/>
497			</td>
498			</tr>
499			<tr>
500			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy host or address");?></td>
501			<td width="78%" class="vtable">
502			<input name="proxy_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['proxy_addr']);?>"/>
503			</td>
504			</tr>
505			<tr>
506			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy port");?></td>
507			<td width="78%" class="vtable">
508			<input name="proxy_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['proxy_port']);?>"/>
509			</td>
510			</tr>
511	762a24a3	Ermal Lu?i	<tr>
512			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy authentication extra options");?></td>
513			<td width="78%" class="vtable">
514			<table border="0" cellpadding="2" cellspacing="0">
515			<tr>
516			<td align="right" width="25%">
517			<span class="vexpl">
518	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Authentication method"); ?> :
519	762a24a3	Ermal Lu?i	</span>
520			</td>
521			<td>
522			<select name="proxy_authtype" id="proxy_authtype" class="formfld select" onChange="useproxy_changed()">
523	2fa7a468	Carlos Eduardo Ramos	<option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected"; ?>><?=gettext("none"); ?></option>
524			<option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected"; ?>><?=gettext("basic"); ?></option>
525			<option value="ntlm" <?php if ($pconfig['proxy_authtype'] == "ntlm") echo "selected"; ?>><?=gettext("ntlm"); ?></option>
526	762a24a3	Ermal Lu?i	</select>
527			</td>
528			</tr>
529			</table>
530			<br />
531			<table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none">
532			<tr>
533			<td align="right" width="25%">
534			<span class="vexpl">
535	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Username"); ?> :
536	762a24a3	Ermal Lu?i	</span>
537			</td>
538			<td>
539			<input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" />
540			</td>
541			</tr>
542			<tr>
543			<td align="right" width="25%">
544			<span class="vexpl">
545	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Password"); ?> :
546	762a24a3	Ermal Lu?i	</span>
547			</td>
548			<td>
549			<input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" />
550			</td>
551			</tr>
552			</table>
553			</td>
554			</tr>
555	d799787e	Matthew Grooms	<tr>
556	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Server host name resolution"); ?></td>
557	d799787e	Matthew Grooms	<td width="78%" class="vtable">
558			<table border="0" cellpadding="2" cellspacing="0">
559			<tr>
560			<td>
561			<?php set_checked($pconfig['resolve_retry'],$chk); ?>
562	db2872a2	Ermal Lu?i	<input name="resolve_retry" type="checkbox" value="yes" <?=$chk;?>>
563	d799787e	Matthew Grooms	</td>
564			<td>
565			<span class="vexpl">
566	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Infinitely resolve server"); ?>
567	d799787e	Matthew Grooms	</span>
568			</td>
569			</tr>
570			</table>
571	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Continuously attempt to resolve the server host " .
572			"name. Useful when communicating with a server " .
573			"that is not permanently connected to the Internet"); ?>.
574	d799787e	Matthew Grooms	</td>
575			</tr>
576			<tr>
577	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
578	d799787e	Matthew Grooms	<td width="78%" class="vtable">
579			<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>">
580			<br>
581	2fa7a468	Carlos Eduardo Ramos	<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
582	d799787e	Matthew Grooms	</td>
583			</tr>
584			<tr>
585			<td colspan="2" class="list" height="12"></td>
586			</tr>
587			<tr>
588	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
589	d799787e	Matthew Grooms	</tr>
590	3c11bd3c	Matthew Grooms	<tr id="tls">
591	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
592	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
593			<table border="0" cellpadding="2" cellspacing="0">
594			<tr>
595			<td>
596			<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
597			<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onClick="tlsauth_change()">
598			</td>
599			<td>
600			<span class="vexpl">
601	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Enable authentication of TLS packets"); ?>.
602	3c11bd3c	Matthew Grooms	</span>
603			</td>
604			</tr>
605			</table>
606			<?php if (!$pconfig['tls']): ?>
607			<table border="0" cellpadding="2" cellspacing="0" id='tlsauth_opts'>
608			<tr>
609			<td>
610			<?php set_checked($pconfig['autotls_enable'],$chk); ?>
611			<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autotls_change()">
612			</td>
613			<td>
614			<span class="vexpl">
615	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
616	3c11bd3c	Matthew Grooms	</span>
617			</td>
618			</tr>
619			</table>
620			<?php endif; ?>
621			<table border="0" cellpadding="2" cellspacing="0" id='autotls_opts'>
622			<tr>
623			<td>
624			<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
625			<br/>
626	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
627	3c11bd3c	Matthew Grooms	</td>
628			</tr>
629			</table>
630			</td>
631	d799787e	Matthew Grooms	</tr>
632	3c11bd3c	Matthew Grooms	<tr id="tls_ca">
633	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
634	d799787e	Matthew Grooms	<td width="78%" class="vtable">
635			<select name='caref' class="formselect">
636			<?php
637	428e66b6	jim-p	foreach ($a_ca as $ca):
638	d799787e	Matthew Grooms	$selected = "";
639			if ($pconfig['caref'] == $ca['refid'])
640			$selected = "selected";
641			?>
642	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
643	d799787e	Matthew Grooms	<?php endforeach; ?>
644			</select>
645			</td>
646			</tr>
647	3c11bd3c	Matthew Grooms	<tr id="tls_cert">
648	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td>
649	d799787e	Matthew Grooms	<td width="78%" class="vtable">
650			<select name='certref' class="formselect">
651			<?php
652	428e66b6	jim-p	foreach ($a_cert as $cert):
653	9e303f2f	jim-p	$selected = "";
654			$caname = "";
655			$inuse = "";
656			$revoked = "";
657			if (is_user_cert($cert['refid']))
658			continue;
659			$ca = lookup_ca($cert['caref']);
660			if ($ca)
661			$caname = " (CA: {$ca['descr']})";
662			if ($pconfig['certref'] == $cert['refid'])
663			$selected = "selected";
664			if (cert_in_use($cert['refid']))
665			$inuse = " *In Use";
666			if (is_cert_revoked($cert))
667			$revoked = " *Revoked";
668	d799787e	Matthew Grooms	?>
669	6a0b3ea4	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
670	d799787e	Matthew Grooms	<?php endforeach; ?>
671			</select>
672			</td>
673			</tr>
674			<tr id="psk">
675	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
676	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
677			<?php if (!$pconfig['shared_key']): ?>
678			<table border="0" cellpadding="2" cellspacing="0">
679			<tr>
680			<td>
681			<?php set_checked($pconfig['autokey_enable'],$chk); ?>
682			<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autokey_change()">
683			</td>
684			<td>
685			<span class="vexpl">
686	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared key"); ?>.
687	3c11bd3c	Matthew Grooms	</span>
688			</td>
689			</tr>
690			</table>
691			<?php endif; ?>
692			<table border="0" cellpadding="2" cellspacing="0" id='autokey_opts'>
693			<tr>
694			<td>
695			<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
696			<br/>
697	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
698	3c11bd3c	Matthew Grooms	</td>
699			</tr>
700			</table>
701	d799787e	Matthew Grooms	</td>
702			</tr>
703			<tr>
704	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
705	d799787e	Matthew Grooms	<td width="78%" class="vtable">
706			<select name="crypto" class="formselect">
707			<?php
708			$cipherlist = openvpn_get_cipherlist();
709			foreach ($cipherlist as $name => $desc):
710			$selected = '';
711			if ($name == $pconfig['crypto'])
712			$selected = ' selected';
713			?>
714			<option value="<?=$name;?>"<?=$selected?>>
715			<?=htmlspecialchars($desc);?>
716			</option>
717			<?php endforeach; ?>
718			</select>
719			</td>
720			</tr>
721	582c58ae	jim-p	<tr id="engine">
722			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
723			<td width="78%" class="vtable">
724			<select name="engine" class="formselect">
725			<?php
726			$engines = openvpn_get_engines();
727			foreach ($engines as $name => $desc):
728			$selected = '';
729			if ($name == $pconfig['engine'])
730			$selected = ' selected';
731			?>
732			<option value="<?=$name;?>"<?=$selected?>>
733			<?=htmlspecialchars($desc);?>
734			</option>
735			<?php endforeach; ?>
736			</select>
737			</td>
738			</tr>
739	d799787e	Matthew Grooms	<tr>
740			<td colspan="2" class="list" height="12"></td>
741			</tr>
742			<tr>
743	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
744	d799787e	Matthew Grooms	</tr>
745			<tr>
746	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Tunnel Network"); ?></td>
747	d799787e	Matthew Grooms	<td width="78%" class="vtable">
748			<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>">
749			<br>
750	2fa7a468	Carlos Eduardo Ramos	<?=gettext("This is the virtual network used for private " .
751			"communications between this client and the " .
752			"server expressed using CIDR (eg. 10.0.8.0/24). " .
753			"The first network address is assumed to be the " .
754			"server address and the second network address " .
755			"will be assigned to the client virtual " .
756			"interface"); ?>.
757	d799787e	Matthew Grooms	</td>
758			</tr>
759			<tr>
760	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Remote Network"); ?></td>
761	d799787e	Matthew Grooms	<td width="78%" class="vtable">
762			<input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>">
763			<br>
764	2fa7a468	Carlos Eduardo Ramos	<?=gettext("This is a network that will be routed through " .
765			"the tunnel, so that a site-to-site VPN can be " .
766			"established without manually changing the " .
767			"routing tables. Expressed as a CIDR range. If " .
768			"this is a site-to-site VPN, enter here the " .
769			"remote LAN here. You may leave this blank to " .
770			"only communicate with other clients"); ?>.
771	d799787e	Matthew Grooms	</td>
772			</tr>
773			<tr>
774			<td width="22%" valign="top" class="vncell"><?=gettext("Limit outgoing bandwidth");?></td>
775			<td width="78%" class="vtable">
776			<input name="use_shaper" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['use_shaper']);?>"/>
777			<br/>
778	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Maximum outgoing bandwidth for this tunnel. " .
779			"Leave empty for no limit. The input value has " .
780			"to be something between 100 bytes/sec and 100 " .
781			"Mbytes/sec (entered as bytes per second)"); ?>.
782	d799787e	Matthew Grooms	</td>
783			</tr>
784			<tr>
785	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
786	d799787e	Matthew Grooms	<td width="78%" class="vtable">
787			<table border="0" cellpadding="2" cellspacing="0">
788			<tr>
789			<td>
790			<?php set_checked($pconfig['compression'],$chk); ?>
791			<input name="compression" type="checkbox" value="yes" <?=$chk;?>>
792			</td>
793			<td>
794			<span class="vexpl">
795	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Compress tunnel packets using the LZO algorithm"); ?>.
796	d799787e	Matthew Grooms	</span>
797			</td>
798			</tr>
799			</table>
800			</td>
801			</tr>
802			<tr>
803	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
804	d799787e	Matthew Grooms	<td width="78%" class="vtable">
805			<table border="0" cellpadding="2" cellspacing="0">
806			<tr>
807			<td>
808	1cb0b40a	Matthew Grooms	<?php set_checked($pconfig['passtos'],$chk); ?>
809			<input name="passtos" type="checkbox" value="yes" <?=$chk;?>>
810	d799787e	Matthew Grooms	</td>
811			<td>
812			<span class="vexpl">
813	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
814	d799787e	Matthew Grooms	</span>
815			</td>
816			</tr>
817			</table>
818			</td>
819			</tr>
820	c7323d81	sullrich	<tr>
821			<td colspan="2" class="list" height="12"></td>
822			</tr>
823			<tr>
824	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
825	c7323d81	sullrich	</tr>
826			<tr>
827	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
828	c7323d81	sullrich	<td width="78%" class="vtable">
829			<table border="0" cellpadding="2" cellspacing="0">
830			<tr>
831			<td>
832	dd5bf424	Scott Ullrich	<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br/>
833	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Enter any additional options you would like to add to the OpenVPN client configuration here, separated by a semicolon"); ?><br/>
834			<?=gettext("EXAMPLE: route 10.0.0.0 255.255.255.0;"); ?>
835	c7323d81	sullrich	</td>
836			</tr>
837			</table>
838			</td>
839			</tr>
840	d799787e	Matthew Grooms	<tr>
841			<td width="22%" valign="top"> </td>
842			<td width="78%">
843	2fa7a468	Carlos Eduardo Ramos	<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
844	d799787e	Matthew Grooms	<input name="act" type="hidden" value="<?=$act;?>">
845			<?php if (isset($id) && $a_client[$id]): ?>
846			<input name="id" type="hidden" value="<?=$id;?>">
847			<?php endif; ?>
848			</td>
849			</tr>
850			</table>
851			</form>
852
853			<?php else: ?>
854
855	7773b868	jim-p	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
856			<thead>
857	d799787e	Matthew Grooms	<tr>
858	2fa7a468	Carlos Eduardo Ramos	<td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td>
859			<td width="10%" class="listhdrr"><?=gettext("Protocol"); ?></td>
860			<td width="30%" class="listhdrr"><?=gettext("Server"); ?></td>
861			<td width="40%" class="listhdrr"><?=gettext("Description"); ?></td>
862	d799787e	Matthew Grooms	<td width="10%" class="list"></td>
863			</tr>
864	7773b868	jim-p	</thead>
865			<tbody>
866	d799787e	Matthew Grooms	<?php
867			$i = 0;
868			foreach($a_client as $client):
869			$disabled = "NO";
870	8319ee63	jim-p	if (isset($client['disable']))
871	d799787e	Matthew Grooms	$disabled = "YES";
872			$server = "{$client['server_addr']}:{$client['server_port']}";
873			?>
874	c67bbe04	Chris Buechler	<tr ondblclick="document.location='vpn_openvpn_client.php?act=edit&id=<?=$i;?>'">
875	d799787e	Matthew Grooms	<td class="listlr">
876			<?=$disabled;?>
877			</td>
878			<td class="listr">
879			<?=htmlspecialchars($client['protocol']);?>
880			</td>
881			<td class="listr">
882			<?=htmlspecialchars($server);?>
883			</td>
884	296a3cb6	Scott Ullrich	<td class="listbg">
885	d799787e	Matthew Grooms	<?=htmlspecialchars($client['description']);?>
886			</td>
887			<td valign="middle" nowrap class="list">
888			<a href="vpn_openvpn_client.php?act=edit&id=<?=$i;?>">
889	2fa7a468	Carlos Eduardo Ramos	<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit client"); ?>" width="17" height="17" border="0">
890	d799787e	Matthew Grooms	</a>
891
892	2fa7a468	Carlos Eduardo Ramos	<a href="vpn_openvpn_client.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this client?"); ?>')">
893			<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete client"); ?>" width="17" height="17" border="0">
894	d799787e	Matthew Grooms	</a>
895			</td>
896			</tr>
897			<?php
898			$i++;
899			endforeach;
900			?>
901	7773b868	jim-p	</tbody>
902			<tfoot>
903	d799787e	Matthew Grooms	<tr>
904			<td class="list" colspan="4"></td>
905			<td class="list">
906	2fa7a468	Carlos Eduardo Ramos	<a href="vpn_openvpn_client.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add client"); ?>" width="17" height="17" border="0">
907	d799787e	Matthew Grooms	</a>
908			</td>
909			</tr>
910			<tr>
911			<td colspan="4">
912			<p>
913			<?=gettext("Additional OpenVPN clients can be added here.");?>
914			</p>
915			</td>
916			</tr>
917	7773b868	jim-p	</tfoot>
918	d799787e	Matthew Grooms	</table>
919
920	ee9933b6	Renato Botelho	<?php endif; ?>
921	d799787e	Matthew Grooms
922			</td>
923			</tr>
924			</table>
925			<script language="JavaScript">
926			<!--
927	3c11bd3c	Matthew Grooms	mode_change();
928			autokey_change();
929			tlsauth_change();
930	762a24a3	Ermal Lu?i	useproxy_changed();
931	d799787e	Matthew Grooms	//-->
932			</script>
933			</body>
934			<?php include("fend.inc"); ?>
935
936			<?php
937
938			/* local utility functions */
939
940			function set_checked($var,& $chk) {
941			if($var)
942			$chk = 'checked';
943			else
944			$chk = '';
945			}
946
947			?>

Project

General

Profile

pfSense