Revision 1bbdab13
Added by Phil Davis over 8 years ago
| src/usr/local/www/vpn_ipsec_keys_edit.php | ||
|---|---|---|
| 134 | 134 |
|
| 135 | 135 |
$section->addInput(new Form_Input( |
| 136 | 136 |
'ident', |
| 137 |
'Identifier', |
|
| 137 |
'*Identifier',
|
|
| 138 | 138 |
'text', |
| 139 | 139 |
$pconfig['ident'] |
| 140 | 140 |
))->setHelp('This can be either an IP address, fully qualified domain name or an e-mail address.');
|
| 141 | 141 |
|
| 142 | 142 |
$section->addInput(new Form_Select( |
| 143 | 143 |
'type', |
| 144 |
'Secret type', |
|
| 144 |
'*Secret type',
|
|
| 145 | 145 |
$pconfig['type'], |
| 146 | 146 |
$ipsec_preshared_key_type |
| 147 | 147 |
))->setWidth(2); |
| 148 | 148 |
|
| 149 | 149 |
$section->addInput(new Form_Input( |
| 150 | 150 |
'psk', |
| 151 |
'Pre-Shared Key', |
|
| 151 |
'*Pre-Shared Key',
|
|
| 152 | 152 |
'text', |
| 153 | 153 |
$pconfig['psk'] |
| 154 | 154 |
)); |
| src/usr/local/www/vpn_ipsec_mobile.php | ||
|---|---|---|
| 448 | 448 |
|
| 449 | 449 |
$section->addInput(new Form_Select( |
| 450 | 450 |
'user_source', |
| 451 |
'User Authentication', |
|
| 451 |
'*User Authentication',
|
|
| 452 | 452 |
explode(",", $pconfig['user_source']),
|
| 453 | 453 |
$authServers, |
| 454 | 454 |
true |
| ... | ... | |
| 456 | 456 |
|
| 457 | 457 |
$section->addInput(new Form_Select( |
| 458 | 458 |
'group_source', |
| 459 |
'Group Authentication', |
|
| 459 |
'*Group Authentication',
|
|
| 460 | 460 |
$pconfig['group_source'], |
| 461 | 461 |
array( |
| 462 | 462 |
'none' => gettext('none'),
|
| src/usr/local/www/vpn_ipsec_phase1.php | ||
|---|---|---|
| 659 | 659 |
|
| 660 | 660 |
$section->addInput(new Form_Select( |
| 661 | 661 |
'iketype', |
| 662 |
'Key Exchange version', |
|
| 662 |
'*Key Exchange version',
|
|
| 663 | 663 |
$pconfig['iketype'], |
| 664 | 664 |
array("ikev1" => "IKEv1", "ikev2" => "IKEv2", "auto" => gettext("Auto"))
|
| 665 | 665 |
))->setHelp('Select the Internet Key Exchange protocol version to be used. Auto uses IKEv2 when initiator, and accepts either IKEv1 or IKEv2 as responder.');
|
| 666 | 666 |
|
| 667 | 667 |
$section->addInput(new Form_Select( |
| 668 | 668 |
'protocol', |
| 669 |
'Internet Protocol', |
|
| 669 |
'*Internet Protocol',
|
|
| 670 | 670 |
$pconfig['protocol'], |
| 671 | 671 |
array("inet" => "IPv4", "inet6" => "IPv6")
|
| 672 | 672 |
))->setHelp('Select the Internet Protocol family.');
|
| 673 | 673 |
|
| 674 | 674 |
$section->addInput(new Form_Select( |
| 675 | 675 |
'interface', |
| 676 |
'Interface', |
|
| 676 |
'*Interface',
|
|
| 677 | 677 |
$pconfig['interface'], |
| 678 | 678 |
build_interface_list() |
| 679 | 679 |
))->setHelp('Select the interface for the local endpoint of this phase1 entry.');
|
| ... | ... | |
| 681 | 681 |
if (!$pconfig['mobile']) {
|
| 682 | 682 |
$section->addInput(new Form_Input( |
| 683 | 683 |
'remotegw', |
| 684 |
'Remote Gateway', |
|
| 684 |
'*Remote Gateway',
|
|
| 685 | 685 |
'text', |
| 686 | 686 |
$pconfig['remotegw'] |
| 687 | 687 |
))->setHelp('Enter the public IP address or host name of the remote gateway.');
|
| ... | ... | |
| 700 | 700 |
|
| 701 | 701 |
$section->addInput(new Form_Select( |
| 702 | 702 |
'authentication_method', |
| 703 |
'Authentication Method', |
|
| 703 |
'*Authentication Method',
|
|
| 704 | 704 |
$pconfig['authentication_method'], |
| 705 | 705 |
build_auth_method_list() |
| 706 | 706 |
))->setHelp('Must match the setting chosen on the remote side.');
|
| 707 | 707 |
|
| 708 | 708 |
$section->addInput(new Form_Select( |
| 709 | 709 |
'mode', |
| 710 |
'Negotiation mode', |
|
| 710 |
'*Negotiation mode',
|
|
| 711 | 711 |
$pconfig['mode'], |
| 712 | 712 |
array("main" => gettext("Main"), "aggressive" => gettext("Aggressive"))
|
| 713 | 713 |
))->setHelp('Aggressive is more flexible, but less secure.');
|
| 714 | 714 |
|
| 715 |
$group = new Form_Group('My identifier');
|
|
| 715 |
$group = new Form_Group('*My identifier');
|
|
| 716 | 716 |
|
| 717 | 717 |
$group->add(new Form_Select( |
| 718 | 718 |
'myid_type', |
| ... | ... | |
| 730 | 730 |
|
| 731 | 731 |
$section->add($group); |
| 732 | 732 |
|
| 733 |
$group = new Form_Group('Peer identifier');
|
|
| 733 |
$group = new Form_Group('*Peer identifier');
|
|
| 734 | 734 |
$group->addClass('peeridgroup');
|
| 735 | 735 |
|
| 736 | 736 |
$group->add(new Form_Select( |
| ... | ... | |
| 755 | 755 |
|
| 756 | 756 |
$section->addInput(new Form_Input( |
| 757 | 757 |
'pskey', |
| 758 |
'Pre-Shared Key', |
|
| 758 |
'*Pre-Shared Key',
|
|
| 759 | 759 |
'text', |
| 760 | 760 |
$pconfig['pskey'] |
| 761 | 761 |
))->setHelp('Enter the Pre-Shared Key string.');
|
| 762 | 762 |
|
| 763 | 763 |
$section->addInput(new Form_Select( |
| 764 | 764 |
'certref', |
| 765 |
'My Certificate', |
|
| 765 |
'*My Certificate',
|
|
| 766 | 766 |
$pconfig['certref'], |
| 767 | 767 |
build_cert_list() |
| 768 | 768 |
))->setHelp('Select a certificate previously configured in the Certificate Manager.');
|
| 769 | 769 |
|
| 770 | 770 |
$section->addInput(new Form_Select( |
| 771 | 771 |
'caref', |
| 772 |
'Peer Certificate Authority', |
|
| 772 |
'*Peer Certificate Authority',
|
|
| 773 | 773 |
$pconfig['caref'], |
| 774 | 774 |
build_ca_list() |
| 775 | 775 |
))->setHelp('Select a certificate authority previously configured in the Certificate Manager.');
|
| ... | ... | |
| 778 | 778 |
|
| 779 | 779 |
$section = new Form_Section('Phase 1 Proposal (Algorithms)');
|
| 780 | 780 |
|
| 781 |
$group = new Form_Group('Encryption Algorithm');
|
|
| 781 |
$group = new Form_Group('*Encryption Algorithm');
|
|
| 782 | 782 |
|
| 783 | 783 |
$group->add(new Form_Select( |
| 784 | 784 |
'ealgo', |
| ... | ... | |
| 798 | 798 |
|
| 799 | 799 |
$section->addInput(new Form_Select( |
| 800 | 800 |
'halgo', |
| 801 |
'Hash Algorithm', |
|
| 801 |
'*Hash Algorithm',
|
|
| 802 | 802 |
$pconfig['halgo'], |
| 803 | 803 |
$p1_halgos |
| 804 | 804 |
))->setHelp('Must match the setting chosen on the remote side.');
|
| 805 | 805 |
|
| 806 | 806 |
$section->addInput(new Form_Select( |
| 807 | 807 |
'dhgroup', |
| 808 |
'DH Group', |
|
| 808 |
'*DH Group',
|
|
| 809 | 809 |
$pconfig['dhgroup'], |
| 810 | 810 |
$p1_dhgroups |
| 811 | 811 |
))->setHelp('Must match the setting chosen on the remote side.');
|
| 812 | 812 |
|
| 813 | 813 |
$section->addInput(new Form_Input( |
| 814 | 814 |
'lifetime', |
| 815 |
'Lifetime (Seconds)', |
|
| 815 |
'*Lifetime (Seconds)',
|
|
| 816 | 816 |
'number', |
| 817 | 817 |
$pconfig['lifetime'] |
| 818 | 818 |
)); |
| src/usr/local/www/vpn_ipsec_phase2.php | ||
|---|---|---|
| 503 | 503 |
|
| 504 | 504 |
$section->addInput(new Form_Select( |
| 505 | 505 |
'mode', |
| 506 |
'Mode', |
|
| 506 |
'*Mode',
|
|
| 507 | 507 |
$pconfig['mode'], |
| 508 | 508 |
$p2_modes |
| 509 | 509 |
)); |
| 510 | 510 |
|
| 511 |
$group = new Form_Group('Local Network');
|
|
| 511 |
$group = new Form_Group('*Local Network');
|
|
| 512 | 512 |
$group->addClass('opt_localid');
|
| 513 | 513 |
|
| 514 | 514 |
$subnetarray = get_configured_interface_with_descr(); |
| ... | ... | |
| 559 | 559 |
$section->add($group); |
| 560 | 560 |
|
| 561 | 561 |
if (!isset($pconfig['mobile'])) {
|
| 562 |
$group = new Form_Group('Remote Network');
|
|
| 562 |
$group = new Form_Group('*Remote Network');
|
|
| 563 | 563 |
$group->addClass('opt_remoteid');
|
| 564 | 564 |
|
| 565 | 565 |
$group->add(new Form_Select( |
| ... | ... | |
| 591 | 591 |
|
| 592 | 592 |
$section->addInput(new Form_Select( |
| 593 | 593 |
'proto', |
| 594 |
'Protocol', |
|
| 594 |
'*Protocol',
|
|
| 595 | 595 |
$pconfig['proto'], |
| 596 | 596 |
$p2_protos |
| 597 | 597 |
))->setHelp('ESP is encryption, AH is authentication only.');
|
| ... | ... | |
| 600 | 600 |
$rows = count($p2_ealgos) - 1; |
| 601 | 601 |
|
| 602 | 602 |
foreach ($p2_ealgos as $algo => $algodata) {
|
| 603 |
$group = new Form_Group($i == 0 ? 'Encryption Algorithms':''); |
|
| 603 |
$group = new Form_Group($i == 0 ? '*Encryption Algorithms':'');
|
|
| 604 | 604 |
$group->addClass('encalg');
|
| 605 | 605 |
|
| 606 | 606 |
// Note: ID attribute of each element created is to be unique. Not being used, suppressing it. |
| ... | ... | |
| 638 | 638 |
$section->add($group); |
| 639 | 639 |
} |
| 640 | 640 |
|
| 641 |
$group = new Form_Group('Hash Algorithms');
|
|
| 641 |
$group = new Form_Group('*Hash Algorithms');
|
|
| 642 | 642 |
|
| 643 | 643 |
foreach ($p2_halgos as $algo => $algoname) {
|
| 644 | 644 |
// Note: ID attribute of each element created is to be unique. Not being used, suppressing it. |
| src/usr/local/www/vpn_l2tp.php | ||
|---|---|---|
| 208 | 208 |
|
| 209 | 209 |
$section->addInput(new Form_Select( |
| 210 | 210 |
'interface', |
| 211 |
'Interface', |
|
| 211 |
'*Interface',
|
|
| 212 | 212 |
$pconfig['interface'], |
| 213 | 213 |
$iflist |
| 214 | 214 |
)); |
| 215 | 215 |
|
| 216 | 216 |
$section->addInput(new Form_Input( |
| 217 | 217 |
'localip', |
| 218 |
'Server address', |
|
| 218 |
'*Server address',
|
|
| 219 | 219 |
'text', |
| 220 | 220 |
$pconfig['localip'] |
| 221 | 221 |
))->setHelp('Enter the IP address the L2TP server should give to clients for use as their "gateway". ' . '<br />' .
|
| ... | ... | |
| 224 | 224 |
|
| 225 | 225 |
$section->addInput(new Form_IpAddress( |
| 226 | 226 |
'remoteip', |
| 227 |
'Remote address range', |
|
| 227 |
'*Remote address range',
|
|
| 228 | 228 |
$pconfig['remoteip'] |
| 229 | 229 |
))->addMask(l2tp_subnet, $pconfig['l2tp_subnet']) |
| 230 | 230 |
->setHelp('Specify the starting address for the client IP address subnet.');
|
| 231 | 231 |
|
| 232 | 232 |
$section->addInput(new Form_Select( |
| 233 | 233 |
'n_l2tp_units', |
| 234 |
'Number of L2TP users', |
|
| 234 |
'*Number of L2TP users',
|
|
| 235 | 235 |
$pconfig['n_l2tp_units'], |
| 236 | 236 |
array_combine(range(1, 255, 1), range(1, 255, 1)) |
| 237 | 237 |
)); |
| ... | ... | |
| 245 | 245 |
|
| 246 | 246 |
$section->addInput(new Form_Select( |
| 247 | 247 |
'paporchap', |
| 248 |
'Authentication type', |
|
| 248 |
'*Authentication type',
|
|
| 249 | 249 |
$pconfig['paporchap'], |
| 250 | 250 |
array( |
| 251 | 251 |
'chap' => 'CHAP', |
| ... | ... | |
| 289 | 289 |
|
| 290 | 290 |
$section->addInput(new Form_IpAddress( |
| 291 | 291 |
'radiusserver', |
| 292 |
'Server', |
|
| 292 |
'*Server',
|
|
| 293 | 293 |
$pconfig['radiusserver'] |
| 294 | 294 |
))->setHelp('Enter the IP address of the RADIUS server.');
|
| 295 | 295 |
|
| 296 | 296 |
$section->addPassword(new Form_Input( |
| 297 | 297 |
'radiussecret', |
| 298 |
'Secret', |
|
| 298 |
'*Secret',
|
|
| 299 | 299 |
'password', |
| 300 | 300 |
$pconfig['radiussecret'] |
| 301 | 301 |
))->setHelp('Enter the shared secret that will be used to authenticate to the RADIUS server.');
|
| src/usr/local/www/vpn_l2tp_users_edit.php | ||
|---|---|---|
| 62 | 62 |
if (isset($id) && $a_secret[$id]) {
|
| 63 | 63 |
$pconfig['usernamefld'] = $a_secret[$id]['name']; |
| 64 | 64 |
$pconfig['ip'] = $a_secret[$id]['ip']; |
| 65 |
$pwd_required = ""; |
|
| 66 |
} else {
|
|
| 67 |
$pwd_required = "*"; |
|
| 65 | 68 |
} |
| 66 | 69 |
|
| 67 | 70 |
if ($_POST) {
|
| ... | ... | |
| 147 | 150 |
|
| 148 | 151 |
$section->addInput(new Form_Input( |
| 149 | 152 |
'usernamefld', |
| 150 |
'Username', |
|
| 153 |
'*Username',
|
|
| 151 | 154 |
'text', |
| 152 | 155 |
$pconfig['usernamefld'] |
| 153 | 156 |
)); |
| 154 | 157 |
|
| 155 | 158 |
$pwd = new Form_Input( |
| 156 | 159 |
'passwordfld', |
| 157 |
'Password', |
|
| 160 |
$pwd_required . 'Password',
|
|
| 158 | 161 |
'text', |
| 159 | 162 |
$pconfig['passwordfld'] |
| 160 | 163 |
); |
| src/usr/local/www/vpn_openvpn_client.php | ||
|---|---|---|
| 492 | 492 |
|
| 493 | 493 |
$section->addInput(new Form_Select( |
| 494 | 494 |
'mode', |
| 495 |
'Server mode', |
|
| 495 |
'*Server mode',
|
|
| 496 | 496 |
$pconfig['mode'], |
| 497 | 497 |
$openvpn_client_modes |
| 498 | 498 |
)); |
| 499 | 499 |
|
| 500 | 500 |
$section->addInput(new Form_Select( |
| 501 | 501 |
'protocol', |
| 502 |
'Protocol', |
|
| 502 |
'*Protocol',
|
|
| 503 | 503 |
$pconfig['protocol'], |
| 504 | 504 |
$openvpn_prots |
| 505 | 505 |
)); |
| 506 | 506 |
|
| 507 | 507 |
$section->addInput(new Form_Select( |
| 508 | 508 |
'dev_mode', |
| 509 |
'Device mode', |
|
| 509 |
'*Device mode',
|
|
| 510 | 510 |
empty($pconfig['dev_mode']) ? 'tun':$pconfig['dev_mode'], |
| 511 | 511 |
$openvpn_dev_mode |
| 512 | 512 |
))->setHelp("\"tun\" mode carries IPv4 and IPv6 (OSI layer 3) and is the most common and compatible mode across all platforms." .
|
| ... | ... | |
| 514 | 514 |
|
| 515 | 515 |
$section->addInput(new Form_Select( |
| 516 | 516 |
'interface', |
| 517 |
'Interface', |
|
| 517 |
'*Interface',
|
|
| 518 | 518 |
$pconfig['interface'], |
| 519 | 519 |
openvpn_build_if_list() |
| 520 | 520 |
))->setHelp("The interface used by the firewall to originate this OpenVPN client connection");
|
| ... | ... | |
| 529 | 529 |
|
| 530 | 530 |
$section->addInput(new Form_Input( |
| 531 | 531 |
'server_addr', |
| 532 |
'Server host or address', |
|
| 532 |
'*Server host or address',
|
|
| 533 | 533 |
'text', |
| 534 | 534 |
$pconfig['server_addr'] |
| 535 | 535 |
))->setHelp("The IP address or hostname of the OpenVPN server.");
|
| ... | ... | |
| 544 | 544 |
|
| 545 | 545 |
$section->addInput(new Form_Input( |
| 546 | 546 |
'server_port', |
| 547 |
'Server port', |
|
| 547 |
'*Server port',
|
|
| 548 | 548 |
'number', |
| 549 | 549 |
$pconfig['server_port'] |
| 550 | 550 |
))->setHelp("The port used by the server to receive client connections.");
|
| ... | ... | |
| 634 | 634 |
|
| 635 | 635 |
$section->addInput(new Form_Textarea( |
| 636 | 636 |
'tls', |
| 637 |
'TLS Key', |
|
| 637 |
'*TLS Key',
|
|
| 638 | 638 |
$pconfig['tls'] |
| 639 | 639 |
))->setHelp("Paste the TLS key here." .
|
| 640 | 640 |
"<br/>" . |
| ... | ... | |
| 642 | 642 |
|
| 643 | 643 |
$section->addInput(new Form_Select( |
| 644 | 644 |
'tls_type', |
| 645 |
'TLS Key Usage Mode', |
|
| 645 |
'*TLS Key Usage Mode',
|
|
| 646 | 646 |
empty($pconfig['tls_type']) ? 'auth':$pconfig['tls_type'], |
| 647 | 647 |
$openvpn_tls_modes |
| 648 | 648 |
))->setHelp("In Authentication mode the TLS key is used only as HMAC authentication for the control channel, protecting the peers from unauthorized connections. " .
|
| ... | ... | |
| 657 | 657 |
|
| 658 | 658 |
$section->addInput(new Form_Select( |
| 659 | 659 |
'caref', |
| 660 |
'Peer Certificate Authority', |
|
| 660 |
'*Peer Certificate Authority',
|
|
| 661 | 661 |
$pconfig['caref'], |
| 662 | 662 |
$list |
| 663 | 663 |
)); |
| 664 | 664 |
} else {
|
| 665 | 665 |
$section->addInput(new Form_StaticText( |
| 666 |
'Peer Certificate Authority', |
|
| 666 |
'*Peer Certificate Authority',
|
|
| 667 | 667 |
sprintf('No Certificate Authorities defined. One may be created here: %s', '<a href="system_camanager.php">System > Cert. Manager</a>')
|
| 668 | 668 |
)); |
| 669 | 669 |
} |
| ... | ... | |
| 691 | 691 |
|
| 692 | 692 |
$section->addInput(new Form_Textarea( |
| 693 | 693 |
'shared_key', |
| 694 |
'Shared Key', |
|
| 694 |
'*Shared Key',
|
|
| 695 | 695 |
$pconfig['shared_key'] |
| 696 | 696 |
))->setHelp('Paste the shared key here');
|
| 697 | 697 |
|
| ... | ... | |
| 706 | 706 |
|
| 707 | 707 |
$section->addInput(new Form_Select( |
| 708 | 708 |
'crypto', |
| 709 |
'Encryption Algorithm', |
|
| 709 |
'*Encryption Algorithm',
|
|
| 710 | 710 |
$pconfig['crypto'], |
| 711 | 711 |
openvpn_get_cipherlist() |
| 712 | 712 |
))->setHelp('The Encryption Algorithm used for data channel packets when Negotiable Cryptographic Parameter (NCP) support is not available.');
|
| ... | ... | |
| 745 | 745 |
->setAttribute('size', '10')
|
| 746 | 746 |
->setHelp('Allowed NCP Encryption Algorithms. Click an algorithm name to remove it from the list');
|
| 747 | 747 |
|
| 748 |
$group->setHelp( 'The order of the selected NCP Encryption Algorithms is respected by OpenVPN.' .
|
|
| 748 |
$group->setHelp('The order of the selected NCP Encryption Algorithms is respected by OpenVPN.' .
|
|
| 749 | 749 |
'<div class="infoblock">' . sprint_info_box( |
| 750 | 750 |
'For backward compatibility, when an older peer connects that does not support NCP, OpenVPN will use the Encryption Algorithm ' . |
| 751 | 751 |
'requested by the peer so long as it is selected in this list or chosen as the Encryption Algorithm.', 'info', false) . |
| ... | ... | |
| 755 | 755 |
|
| 756 | 756 |
$section->addInput(new Form_Select( |
| 757 | 757 |
'digest', |
| 758 |
'Auth digest algorithm', |
|
| 758 |
'*Auth digest algorithm',
|
|
| 759 | 759 |
$pconfig['digest'], |
| 760 | 760 |
openvpn_get_digestlist() |
| 761 | 761 |
))->setHelp('The algorithm used to authenticate data channel packets, and control channel packets if a TLS Key is present.' .
|
| src/usr/local/www/vpn_openvpn_csc.php | ||
|---|---|---|
| 339 | 339 |
|
| 340 | 340 |
$section->addInput(new Form_Input( |
| 341 | 341 |
'common_name', |
| 342 |
'Common Name', |
|
| 342 |
'*Common Name',
|
|
| 343 | 343 |
'text', |
| 344 | 344 |
$pconfig['common_name'] |
| 345 | 345 |
))->setHelp('Enter the X.509 common name for the client certificate, or the username for VPNs utilizing password authentication. This match is case sensitive.');
|
| src/usr/local/www/vpn_openvpn_server.php | ||
|---|---|---|
| 677 | 677 |
|
| 678 | 678 |
$section->addInput(new Form_Select( |
| 679 | 679 |
'mode', |
| 680 |
'Server mode', |
|
| 680 |
'*Server mode',
|
|
| 681 | 681 |
$pconfig['mode'], |
| 682 | 682 |
openvpn_build_mode_list() |
| 683 | 683 |
)); |
| ... | ... | |
| 703 | 703 |
|
| 704 | 704 |
$section->addInput(new Form_Select( |
| 705 | 705 |
'authmode', |
| 706 |
'Backend for authentication', |
|
| 706 |
'*Backend for authentication',
|
|
| 707 | 707 |
$authmodes, |
| 708 | 708 |
$options, |
| 709 | 709 |
true |
| ... | ... | |
| 711 | 711 |
|
| 712 | 712 |
$section->addInput(new Form_Select( |
| 713 | 713 |
'protocol', |
| 714 |
'Protocol', |
|
| 714 |
'*Protocol',
|
|
| 715 | 715 |
$pconfig['protocol'], |
| 716 | 716 |
$openvpn_prots |
| 717 | 717 |
)); |
| 718 | 718 |
|
| 719 | 719 |
$section->addInput(new Form_Select( |
| 720 | 720 |
'dev_mode', |
| 721 |
'Device mode', |
|
| 721 |
'*Device mode',
|
|
| 722 | 722 |
empty($pconfig['dev_mode']) ? 'tun':$pconfig['dev_mode'], |
| 723 | 723 |
$openvpn_dev_mode |
| 724 | 724 |
))->setHelp("\"tun\" mode carries IPv4 and IPv6 (OSI layer 3) and is the most common and compatible mode across all platforms." .
|
| ... | ... | |
| 726 | 726 |
|
| 727 | 727 |
$section->addInput(new Form_Select( |
| 728 | 728 |
'interface', |
| 729 |
'Interface', |
|
| 729 |
'*Interface',
|
|
| 730 | 730 |
$pconfig['interface'], |
| 731 | 731 |
openvpn_build_if_list() |
| 732 | 732 |
))->setHelp("The interface or Virtual IP address where OpenVPN will receive client connections.");
|
| 733 | 733 |
|
| 734 | 734 |
$section->addInput(new Form_Input( |
| 735 | 735 |
'local_port', |
| 736 |
'Local port', |
|
| 736 |
'*Local port',
|
|
| 737 | 737 |
'number', |
| 738 | 738 |
$pconfig['local_port'], |
| 739 | 739 |
['min' => '0'] |
| ... | ... | |
| 770 | 770 |
|
| 771 | 771 |
$section->addInput(new Form_Textarea( |
| 772 | 772 |
'tls', |
| 773 |
'TLS Key', |
|
| 773 |
'*TLS Key',
|
|
| 774 | 774 |
$pconfig['tls'] |
| 775 | 775 |
))->setHelp("Paste the TLS key here." .
|
| 776 | 776 |
"<br/>" . |
| ... | ... | |
| 778 | 778 |
|
| 779 | 779 |
$section->addInput(new Form_Select( |
| 780 | 780 |
'tls_type', |
| 781 |
'TLS Key Usage Mode', |
|
| 781 |
'*TLS Key Usage Mode',
|
|
| 782 | 782 |
empty($pconfig['tls_type']) ? 'auth':$pconfig['tls_type'], |
| 783 | 783 |
$openvpn_tls_modes |
| 784 | 784 |
))->setHelp("In Authentication mode the TLS key is used only as HMAC authentication for the control channel, protecting the peers from unauthorized connections. " .
|
| ... | ... | |
| 794 | 794 |
|
| 795 | 795 |
$section->addInput(new Form_Select( |
| 796 | 796 |
'caref', |
| 797 |
'Peer Certificate Authority', |
|
| 797 |
'*Peer Certificate Authority',
|
|
| 798 | 798 |
$pconfig['caref'], |
| 799 | 799 |
$list |
| 800 | 800 |
)); |
| 801 | 801 |
} else {
|
| 802 | 802 |
$section->addInput(new Form_StaticText( |
| 803 |
'Peer Certificate Authority', |
|
| 803 |
'*Peer Certificate Authority',
|
|
| 804 | 804 |
sprintf('No Certificate Authorities defined. One may be created here: %s', '<a href="system_camanager.php">System > Cert. Manager</a>')
|
| 805 | 805 |
)); |
| 806 | 806 |
} |
| ... | ... | |
| 839 | 839 |
|
| 840 | 840 |
$section->addInput(new Form_Select( |
| 841 | 841 |
'certref', |
| 842 |
'Server certificate', |
|
| 842 |
'*Server certificate',
|
|
| 843 | 843 |
$pconfig['certref'], |
| 844 | 844 |
$cl['server'] + $cl['non-server'] |
| 845 | 845 |
))->setHelp($certhelp); |
| 846 | 846 |
|
| 847 | 847 |
$section->addInput(new Form_Select( |
| 848 | 848 |
'dh_length', |
| 849 |
'DH Parameter Length', |
|
| 849 |
'*DH Parameter Length',
|
|
| 850 | 850 |
$pconfig['dh_length'], |
| 851 | 851 |
$openvpn_dh_lengths |
| 852 | 852 |
))->setHelp('Diffie-Hellman (DH) parameter set used for key exchange.' .
|
| ... | ... | |
| 879 | 879 |
|
| 880 | 880 |
$section->addInput(new Form_Textarea( |
| 881 | 881 |
'shared_key', |
| 882 |
'Shared Key', |
|
| 882 |
'*Shared Key',
|
|
| 883 | 883 |
$pconfig['shared_key'] |
| 884 | 884 |
))->setHelp('Paste the shared key here');
|
| 885 | 885 |
|
| 886 | 886 |
$section->addInput(new Form_Select( |
| 887 | 887 |
'crypto', |
| 888 |
'Encryption Algorithm', |
|
| 888 |
'*Encryption Algorithm',
|
|
| 889 | 889 |
$pconfig['crypto'], |
| 890 | 890 |
openvpn_get_cipherlist() |
| 891 | 891 |
))->setHelp('The Encryption Algorithm used for data channel packets when Negotiable Cryptographic Parameter (NCP) support is not available.');
|
| ... | ... | |
| 921 | 921 |
->setAttribute('size', '10')
|
| 922 | 922 |
->setHelp('Allowed NCP Encryption Algorithms. Click an algorithm name to remove it from the list');
|
| 923 | 923 |
|
| 924 |
$group->setHelp( 'The order of the selected NCP Encryption Algorithms is respected by OpenVPN.' .
|
|
| 924 |
$group->setHelp('The order of the selected NCP Encryption Algorithms is respected by OpenVPN.' .
|
|
| 925 | 925 |
'<div class="infoblock">' . sprint_info_box( |
| 926 | 926 |
'For backward compatibility, when an older peer connects that does not support NCP, OpenVPN will use the Encryption Algorithm ' . |
| 927 | 927 |
'requested by the peer so long as it is selected in this list or chosen as the Encryption Algorithm.', 'info', false) . |
| ... | ... | |
| 931 | 931 |
|
| 932 | 932 |
$section->addInput(new Form_Select( |
| 933 | 933 |
'digest', |
| 934 |
'Auth digest algorithm', |
|
| 934 |
'*Auth digest algorithm',
|
|
| 935 | 935 |
$pconfig['digest'], |
| 936 | 936 |
openvpn_get_digestlist() |
| 937 | 937 |
))->setHelp('The algorithm used to authenticate data channel packets, and control channel packets if a TLS Key is present.' .
|
| ... | ... | |
| 949 | 949 |
|
| 950 | 950 |
$section->addInput(new Form_Select( |
| 951 | 951 |
'cert_depth', |
| 952 |
'Certificate Depth', |
|
| 952 |
'*Certificate Depth',
|
|
| 953 | 953 |
$pconfig['cert_depth'], |
| 954 | 954 |
["" => gettext("Do Not Check")] + $openvpn_cert_depths
|
| 955 | 955 |
))->setHelp('When a certificate-based client logs in, do not accept certificates below this depth. ' .
|
| ... | ... | |
| 1640 | 1640 |
hideInput('serverbridge_interface', true);
|
| 1641 | 1641 |
hideInput('serverbridge_dhcp_start', true);
|
| 1642 | 1642 |
hideInput('serverbridge_dhcp_end', true);
|
| 1643 |
setRequired('tunnel_network', true);
|
|
| 1643 | 1644 |
if (sharedkey) {
|
| 1644 | 1645 |
hideInput('local_network', true);
|
| 1645 | 1646 |
hideInput('local_networkv6', true);
|
| ... | ... | |
| 1655 | 1656 |
|
| 1656 | 1657 |
case "tap": |
| 1657 | 1658 |
hideInput('tunnel_network', false);
|
| 1659 |
setRequired('tunnel_network', false);
|
|
| 1658 | 1660 |
|
| 1659 | 1661 |
if (!p2p) {
|
| 1660 | 1662 |
hideCheckbox('serverbridge_dhcp', false);
|
Also available in: Unified diff
Required fields for VPN pages