/usr/local/www/vpn_openvpn_client.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_openvpn_client.php @ 2bfade90

1	d799787e	Matthew Grooms	<?php
2			/*
3			vpn_openvpn_client.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6			All rights reserved.
7
8			Redistribution and use in source and binary forms, with or without
9			modification, are permitted provided that the following conditions are met:
10
11			1. Redistributions of source code must retain the above copyright notice,
12			this list of conditions and the following disclaimer.
13
14			2. Redistributions in binary form must reproduce the above copyright
15			notice, this list of conditions and the following disclaimer in the
16			documentation and/or other materials provided with the distribution.
17
18			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27			POSSIBILITY OF SUCH DAMAGE.
28			*/
29
30			##\|+PRIV
31			##\|*IDENT=page-openvpn-client
32			##\|*NAME=OpenVPN: Client page
33			##\|*DESCR=Allow access to the 'OpenVPN: Client' page.
34			##\|MATCH=vpn_openvpn_client.php
35			##\|-PRIV
36
37			require("guiconfig.inc");
38	d84bd468	Ermal Lu?i	require_once("openvpn.inc");
39	d799787e	Matthew Grooms
40	2fa7a468	Carlos Eduardo Ramos	$pgtitle = array(gettext("OpenVPN"), gettext("Client"));
41	efe2be81	jim-p	$statusurl = "status_openvpn.php";
42			$logurl = "diag_logs_openvpn.php";
43	d799787e	Matthew Grooms
44			if (!is_array($config['openvpn']['openvpn-client']))
45			$config['openvpn']['openvpn-client'] = array();
46
47			$a_client = &$config['openvpn']['openvpn-client'];
48
49	428e66b6	jim-p	if (!is_array($config['ca']))
50			$config['ca'] = array();
51
52			$a_ca =& $config['ca'];
53
54			if (!is_array($config['cert']))
55			$config['cert'] = array();
56
57			$a_cert =& $config['cert'];
58
59			if (!is_array($config['crl']))
60			$config['crl'] = array();
61
62			$a_crl =& $config['crl'];
63
64	d799787e	Matthew Grooms	$id = $_GET['id'];
65			if (isset($_POST['id']))
66			$id = $_POST['id'];
67
68			$act = $_GET['act'];
69			if (isset($_POST['act']))
70			$act = $_POST['act'];
71
72			if ($_GET['act'] == "del") {
73
74			if (!$a_client[$id]) {
75			pfSenseHeader("vpn_openvpn_client.php");
76			exit;
77			}
78
79	dc408939	Matthew Grooms	openvpn_delete('client', $a_client[$id]);
80	d799787e	Matthew Grooms	unset($a_client[$id]);
81			write_config();
82			$savemsg = gettext("Client successfully deleted")."<br/>";
83			}
84
85	f432e364	Matthew Grooms	if($_GET['act']=="new"){
86	3c11bd3c	Matthew Grooms	$pconfig['autokey_enable'] = "yes";
87			$pconfig['tlsauth_enable'] = "yes";
88			$pconfig['autotls_enable'] = "yes";
89	f432e364	Matthew Grooms	$pconfig['interface'] = "wan";
90			$pconfig['server_port'] = 1194;
91			}
92
93	d799787e	Matthew Grooms	if($_GET['act']=="edit"){
94
95			if (isset($id) && $a_client[$id]) {
96
97	8319ee63	jim-p	$pconfig['disable'] = isset($a_client[$id]['disable']);
98	3c11bd3c	Matthew Grooms	$pconfig['mode'] = $a_client[$id]['mode'];
99	d799787e	Matthew Grooms	$pconfig['protocol'] = $a_client[$id]['protocol'];
100			$pconfig['interface'] = $a_client[$id]['interface'];
101	67b0902f	pierrepomes	if (!empty($a_client[$id]['ipaddr'])) {
102			$pconfig['interface'] = $pconfig['interface'] . '\|' . $a_client[$id]['ipaddr'];
103			}
104	d799787e	Matthew Grooms	$pconfig['local_port'] = $a_client[$id]['local_port'];
105			$pconfig['server_addr'] = $a_client[$id]['server_addr'];
106			$pconfig['server_port'] = $a_client[$id]['server_port'];
107			$pconfig['resolve_retry'] = $a_client[$id]['resolve_retry'];
108			$pconfig['proxy_addr'] = $a_client[$id]['proxy_addr'];
109			$pconfig['proxy_port'] = $a_client[$id]['proxy_port'];
110	762a24a3	Ermal Lu?i	$pconfig['proxy_user'] = $a_client[$id]['proxy_user'];
111			$pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd'];
112			$pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype'];
113	d799787e	Matthew Grooms	$pconfig['description'] = $a_client[$id]['description'];
114	c7323d81	sullrich	$pconfig['custom_options'] = $a_client[$id]['custom_options'];
115	691fbf14	Ermal Lu?i	$pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type'];
116			$pconfig['dev_mode'] = $a_client[$id]['dev_mode'];
117
118	3c11bd3c	Matthew Grooms	if ($pconfig['mode'] != "p2p_shared_key") {
119	d799787e	Matthew Grooms	$pconfig['caref'] = $a_client[$id]['caref'];
120			$pconfig['certref'] = $a_client[$id]['certref'];
121	3c11bd3c	Matthew Grooms	if ($a_client[$id]['tls']) {
122			$pconfig['tlsauth_enable'] = "yes";
123			$pconfig['tls'] = base64_decode($a_client[$id]['tls']);
124			}
125			} else
126			$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
127	d799787e	Matthew Grooms	$pconfig['crypto'] = $a_client[$id]['crypto'];
128
129			$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
130			$pconfig['remote_network'] = $a_client[$id]['remote_network'];
131			$pconfig['compression'] = $a_client[$id]['compression'];
132	1cb0b40a	Matthew Grooms	$pconfig['passtos'] = $a_client[$id]['passtos'];
133	3c11bd3c	Matthew Grooms
134			// just in case the modes switch
135			$pconfig['autokey_enable'] = "yes";
136			$pconfig['autotls_enable'] = "yes";
137	d799787e	Matthew Grooms	}
138			}
139
140			if ($_POST) {
141
142			unset($input_errors);
143			$pconfig = $_POST;
144
145	dc408939	Matthew Grooms	if (isset($id) && $a_client[$id])
146			$vpnid = $a_client[$id]['vpnid'];
147	f432e364	Matthew Grooms	else
148			$vpnid = 0;
149
150	98c0c87a	jim-p	if ($pconfig['mode'] != "p2p_shared_key")
151	3c11bd3c	Matthew Grooms	$tls_mode = true;
152			else
153			$tls_mode = false;
154
155	d799787e	Matthew Grooms	/* input validation */
156	f432e364	Matthew Grooms	if ($pconfig['local_port']) {
157
158			if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
159			$input_errors[] = $result;
160
161	5accf130	jim-p	$portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']);
162			if (($portused != $vpnid) && ($portused != 0))
163	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
164	f432e364	Matthew Grooms	}
165
166	d799787e	Matthew Grooms	if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address'))
167			$input_errors[] = $result;
168
169			if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port'))
170			$input_errors[] = $result;
171
172			if ($pconfig['proxy_addr']) {
173
174			if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address'))
175			$input_errors[] = $result;
176
177			if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port'))
178			$input_errors[] = $result;
179	762a24a3	Ermal Lu?i
180			if ($pconfig['proxy_authtype'] != "none") {
181			if (empty($pconfig['proxy_user']) \|\| empty($pconfig['proxy_passwd']))
182	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("User name and password are required for proxy with authentication.");
183	762a24a3	Ermal Lu?i	}
184	d799787e	Matthew Grooms	}
185
186	c13b87a0	sullrich	if($pconfig['tunnel_network'])
187			if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network'))
188			$input_errors[] = $result;
189	d799787e	Matthew Grooms
190			if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network'))
191			$input_errors[] = $result;
192
193	89e6e210	jim-p	if ($pconfig['autokey_enable'])
194			$pconfig['shared_key'] = openvpn_create_key();
195
196	3c11bd3c	Matthew Grooms	if (!$tls_mode && !$pconfig['autokey_enable'])
197	d799787e	Matthew Grooms	if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") \|\|
198			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
199	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
200	3c11bd3c	Matthew Grooms
201			if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
202			if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") \|\|
203			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
204	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
205	d799787e	Matthew Grooms
206	6180c3ae	jim-p	/* If we are not in shared key mode, then we need the CA/Cert. */
207			if ($pconfig['mode'] != "p2p_shared_key") {
208	872d9195	Matthew Grooms	$reqdfields = explode(" ", "caref certref");
209	2fa7a468	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
210	6180c3ae	jim-p	} elseif (!$pconfig['autokey_enable']) {
211			/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
212			$reqdfields = array('shared_key');
213	2fa7a468	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext('Shared key'));
214	d799787e	Matthew Grooms	}
215
216			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
217
218			if (!$input_errors) {
219
220			$client = array();
221
222	f432e364	Matthew Grooms	if ($vpnid)
223			$client['vpnid'] = $vpnid;
224	d799787e	Matthew Grooms	else
225			$client['vpnid'] = openvpn_vpnid_next();
226
227	8319ee63	jim-p	if ($_POST['disable'] == "yes")
228	b65f56f6	jim-p	$client['disable'] = true;
229	d799787e	Matthew Grooms	$client['protocol'] = $pconfig['protocol'];
230	691fbf14	Ermal Lu?i	$client['dev_mode'] = $pconfig['dev_mode'];
231	67b0902f	pierrepomes	list($client['interface'], $client['ipaddr']) = explode ("\|",$pconfig['interface']);
232	d799787e	Matthew Grooms	$client['local_port'] = $pconfig['local_port'];
233			$client['server_addr'] = $pconfig['server_addr'];
234			$client['server_port'] = $pconfig['server_port'];
235			$client['resolve_retry'] = $pconfig['resolve_retry'];
236			$client['proxy_addr'] = $pconfig['proxy_addr'];
237			$client['proxy_port'] = $pconfig['proxy_port'];
238	762a24a3	Ermal Lu?i	$client['proxy_authtype'] = $pconfig['proxy_authtype'];
239			$client['proxy_user'] = $pconfig['proxy_user'];
240			$client['proxy_passwd'] = $pconfig['proxy_passwd'];
241	d799787e	Matthew Grooms	$client['description'] = $pconfig['description'];
242	50a9d5b9	jim-p	$client['mode'] = $pconfig['mode'];
243	e3bbd29a	Ermal	$client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
244	d799787e	Matthew Grooms
245	3c11bd3c	Matthew Grooms	if ($tls_mode) {
246			$client['caref'] = $pconfig['caref'];
247			$client['certref'] = $pconfig['certref'];
248			if ($pconfig['tlsauth_enable']) {
249			if ($pconfig['autotls_enable'])
250			$pconfig['tls'] = openvpn_create_key();
251			$client['tls'] = base64_encode($pconfig['tls']);
252			}
253			} else {
254			$client['shared_key'] = base64_encode($pconfig['shared_key']);
255			}
256	d799787e	Matthew Grooms	$client['crypto'] = $pconfig['crypto'];
257
258			$client['tunnel_network'] = $pconfig['tunnel_network'];
259			$client['remote_network'] = $pconfig['remote_network'];
260			$client['compression'] = $pconfig['compression'];
261	e067306d	pierrepomes	$client['passtos'] = $pconfig['passtos'];
262	d799787e	Matthew Grooms
263			if (isset($id) && $a_client[$id])
264			$a_client[$id] = $client;
265			else
266			$a_client[] = $client;
267
268	dc408939	Matthew Grooms	openvpn_resync('client', $client);
269	d799787e	Matthew Grooms	write_config();
270
271			header("Location: vpn_openvpn_client.php");
272			exit;
273			}
274			}
275
276			include("head.inc");
277
278			?>
279
280			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
281			<?php include("fbegin.inc"); ?>
282			<script language="JavaScript">
283			<!--
284
285	3c11bd3c	Matthew Grooms	function mode_change() {
286			index = document.iform.mode.selectedIndex;
287			value = document.iform.mode.options[index].value;
288	d799787e	Matthew Grooms	switch(value) {
289	3c11bd3c	Matthew Grooms	case "p2p_tls":
290			document.getElementById("tls").style.display="";
291			document.getElementById("tls_ca").style.display="";
292			document.getElementById("tls_cert").style.display="";
293	d799787e	Matthew Grooms	document.getElementById("psk").style.display="none";
294			break;
295	3c11bd3c	Matthew Grooms	case "p2p_shared_key":
296			document.getElementById("tls").style.display="none";
297			document.getElementById("tls_ca").style.display="none";
298			document.getElementById("tls_cert").style.display="none";
299	d799787e	Matthew Grooms	document.getElementById("psk").style.display="";
300			break;
301			}
302			}
303
304	3c11bd3c	Matthew Grooms	function autokey_change() {
305			if (document.iform.autokey_enable.checked)
306			document.getElementById("autokey_opts").style.display="none";
307			else
308			document.getElementById("autokey_opts").style.display="";
309			}
310
311	762a24a3	Ermal Lu?i	function useproxy_changed() {
312
313			if ($('proxy_authtype').value != 'none') {
314			$('proxy_authtype_opts').show();
315			} else {
316			$('proxy_authtype_opts').hide();
317			}
318			}
319
320	3c11bd3c	Matthew Grooms	function tlsauth_change() {
321
322			<?php if (!$pconfig['tls']): ?>
323			if (document.iform.tlsauth_enable.checked)
324			document.getElementById("tlsauth_opts").style.display="";
325			else
326			document.getElementById("tlsauth_opts").style.display="none";
327			<?php endif; ?>
328
329			autotls_change();
330			}
331
332			function autotls_change() {
333
334			<?php if (!$pconfig['tls']): ?>
335			autocheck = document.iform.autotls_enable.checked;
336			<?php else: ?>
337			autocheck = false;
338			<?php endif; ?>
339
340			if (document.iform.tlsauth_enable.checked && !autocheck)
341			document.getElementById("autotls_opts").style.display="";
342			else
343			document.getElementById("autotls_opts").style.display="none";
344			}
345
346	d799787e	Matthew Grooms	//-->
347			</script>
348			<?php
349	428e66b6	jim-p	if (!$savemsg)
350			$savemsg = "";
351			if (count($a_ca) == 0)
352			$savemsg .= "You have no Certificate Authorities defined. You must visit the <a href=\"system_camanager.php\">Certificate Manager</a> to make one.";
353			if (count($a_cert) == 0)
354			$savemsg .= "<br/>You have no Certificates defined. You must visit the <a href=\"system_camanager.php\">Certificate Manager</a> to make one.";
355
356			if ($input_errors)
357			print_input_errors($input_errors);
358			if ($savemsg)
359			print_info_box($savemsg);
360	d799787e	Matthew Grooms	?>
361			<table width="100%" border="0" cellpadding="0" cellspacing="0">
362			<tr>
363			<td class="tabnavtbl">
364			<ul id="tabnav">
365			<?php
366			$tab_array = array();
367			$tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php");
368			$tab_array[] = array(gettext("Client"), true, "vpn_openvpn_client.php");
369			$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
370	5540aee6	Ermal Lu?i	$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
371	b63f2e8b	Matthew Grooms	add_package_tabs("OpenVPN", $tab_array);
372	d799787e	Matthew Grooms	display_top_tabs($tab_array);
373			?>
374			</ul>
375			</td>
376			</tr>
377			<tr>
378			<td class="tabcont">
379
380			<?php if($act=="new" \|\| $act=="edit"): ?>
381
382			<form action="vpn_openvpn_client.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
383			<table width="100%" border="0" cellpadding="6" cellspacing="0">
384	47c00c09	Scott Ullrich	<tr>
385	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
386	47c00c09	Scott Ullrich	</tr>
387	d799787e	Matthew Grooms	<tr>
388	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
389	d799787e	Matthew Grooms	<td width="78%" class="vtable">
390			<table border="0" cellpadding="0" cellspacing="0">
391			<tr>
392			<td>
393			<?php set_checked($pconfig['disable'],$chk); ?>
394			<input name="disable" type="checkbox" value="yes" <?=$chk;?>/>
395			</td>
396			<td>
397
398			<span class="vexpl">
399	2fa7a468	Carlos Eduardo Ramos	<strong><?=gettext("Disable this client"); ?></strong><br>
400	d799787e	Matthew Grooms	</span>
401			</td>
402			</tr>
403			</table>
404	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this client without removing it from the list"); ?>.
405	d799787e	Matthew Grooms	</td>
406			</tr>
407	3c11bd3c	Matthew Grooms	<tr>
408			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
409			<td width="78%" class="vtable">
410			<select name='mode' id='mode' class="formselect" onchange='mode_change()'>
411			<?php
412			foreach ($openvpn_client_modes as $name => $desc):
413			$selected = "";
414			if ($pconfig['mode'] == $name)
415			$selected = "selected";
416			?>
417			<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
418			<?php endforeach; ?>
419			</select>
420			</td>
421			</tr>
422	d799787e	Matthew Grooms	<tr>
423			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
424			<td width="78%" class="vtable">
425			<select name='protocol' class="formselect">
426			<?php
427			foreach ($openvpn_prots as $prot):
428			$selected = "";
429			if ($pconfig['protocol'] == $prot)
430			$selected = "selected";
431			?>
432			<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
433			<?php endforeach; ?>
434			</select>
435			</td>
436			</tr>
437	691fbf14	Ermal Lu?i	<tr>
438			<td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td>
439			<td width="78%" class="vtable">
440			<select name='dev_mode' class="formselect">
441			<?php
442			foreach ($openvpn_dev_mode as $mode):
443			$selected = "";
444			if ($pconfig['dev_mode'] == $mode)
445			$selected = "selected";
446			?>
447			<option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option>
448			<?php endforeach; ?>
449			</select>
450			</td>
451			</tr>
452	d799787e	Matthew Grooms	<tr>
453	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
454	d799787e	Matthew Grooms	<td width="78%" class="vtable">
455			<select name="interface" class="formselect">
456			<?php
457			$interfaces = get_configured_interface_with_descr();
458	3d06e8f0	pierrepomes	$carplist = get_configured_carp_interface_list();
459			foreach ($carplist as $cif => $carpip)
460	67b0902f	pierrepomes	$interfaces[$cif.'\|'.$carpip] = strtoupper($cif) . " ({$carpip})";
461			$aliaslist = get_configured_ip_aliases_list();
462			foreach ($aliaslist as $aliasip => $aliasif)
463			$interfaces[$aliasif.'\|'.$aliasip] = strtoupper($aliasif) . " ({$aliasip})";
464			$interfaces['any'] = "any";
465	3d06e8f0	pierrepomes	foreach ($interfaces as $iface => $ifacename):
466	1d3bcd2a	Matthew Grooms	$selected = "";
467			if ($iface == $pconfig['interface'])
468			$selected = "selected";
469	d799787e	Matthew Grooms	?>
470	1d3bcd2a	Matthew Grooms	<option value="<?=$iface;?>" <?=$selected;?>>
471			<?=htmlspecialchars($ifacename);?>
472			</option>
473	d799787e	Matthew Grooms	<?php endforeach; ?>
474			</select> <br>
475			</td>
476			</tr>
477	1d3bcd2a	Matthew Grooms	<tr>
478			<td width="22%" valign="top" class="vncell"><?=gettext("Local port");?></td>
479			<td width="78%" class="vtable">
480			<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>"/>
481	d799787e	Matthew Grooms	<br/>
482	5708241f	jim-p	<?=gettext("Set this option if you would like to bind to a specific port. Leave this blank or enter 0 for a random dynamic port."); ?>
483	1d3bcd2a	Matthew Grooms	</td>
484			</tr>
485	d799787e	Matthew Grooms	<tr>
486			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server host or address");?></td>
487			<td width="78%" class="vtable">
488			<input name="server_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['server_addr']);?>"/>
489			</td>
490			</tr>
491			<tr>
492			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server port");?></td>
493			<td width="78%" class="vtable">
494			<input name="server_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['server_port']);?>"/>
495			</td>
496			</tr>
497			<tr>
498			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy host or address");?></td>
499			<td width="78%" class="vtable">
500			<input name="proxy_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['proxy_addr']);?>"/>
501			</td>
502			</tr>
503			<tr>
504			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy port");?></td>
505			<td width="78%" class="vtable">
506			<input name="proxy_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['proxy_port']);?>"/>
507			</td>
508			</tr>
509	762a24a3	Ermal Lu?i	<tr>
510			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy authentication extra options");?></td>
511			<td width="78%" class="vtable">
512			<table border="0" cellpadding="2" cellspacing="0">
513			<tr>
514			<td align="right" width="25%">
515			<span class="vexpl">
516	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Authentication method"); ?> :
517	762a24a3	Ermal Lu?i	</span>
518			</td>
519			<td>
520			<select name="proxy_authtype" id="proxy_authtype" class="formfld select" onChange="useproxy_changed()">
521	2fa7a468	Carlos Eduardo Ramos	<option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected"; ?>><?=gettext("none"); ?></option>
522			<option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected"; ?>><?=gettext("basic"); ?></option>
523			<option value="ntlm" <?php if ($pconfig['proxy_authtype'] == "ntlm") echo "selected"; ?>><?=gettext("ntlm"); ?></option>
524	762a24a3	Ermal Lu?i	</select>
525			</td>
526			</tr>
527			</table>
528			<br />
529			<table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none">
530			<tr>
531			<td align="right" width="25%">
532			<span class="vexpl">
533	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Username"); ?> :
534	762a24a3	Ermal Lu?i	</span>
535			</td>
536			<td>
537			<input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" />
538			</td>
539			</tr>
540			<tr>
541			<td align="right" width="25%">
542			<span class="vexpl">
543	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Password"); ?> :
544	762a24a3	Ermal Lu?i	</span>
545			</td>
546			<td>
547			<input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" />
548			</td>
549			</tr>
550			</table>
551			</td>
552			</tr>
553	d799787e	Matthew Grooms	<tr>
554	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Server host name resolution"); ?></td>
555	d799787e	Matthew Grooms	<td width="78%" class="vtable">
556			<table border="0" cellpadding="2" cellspacing="0">
557			<tr>
558			<td>
559			<?php set_checked($pconfig['resolve_retry'],$chk); ?>
560	db2872a2	Ermal Lu?i	<input name="resolve_retry" type="checkbox" value="yes" <?=$chk;?>>
561	d799787e	Matthew Grooms	</td>
562			<td>
563			<span class="vexpl">
564	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Infinitely resolve server"); ?>
565	d799787e	Matthew Grooms	</span>
566			</td>
567			</tr>
568			</table>
569	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Continuously attempt to resolve the server host " .
570			"name. Useful when communicating with a server " .
571			"that is not permanently connected to the Internet"); ?>.
572	d799787e	Matthew Grooms	</td>
573			</tr>
574			<tr>
575	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
576	d799787e	Matthew Grooms	<td width="78%" class="vtable">
577			<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>">
578			<br>
579	2fa7a468	Carlos Eduardo Ramos	<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
580	d799787e	Matthew Grooms	</td>
581			</tr>
582			<tr>
583			<td colspan="2" class="list" height="12"></td>
584			</tr>
585			<tr>
586	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
587	d799787e	Matthew Grooms	</tr>
588	3c11bd3c	Matthew Grooms	<tr id="tls">
589	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
590	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
591			<table border="0" cellpadding="2" cellspacing="0">
592			<tr>
593			<td>
594			<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
595			<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onClick="tlsauth_change()">
596			</td>
597			<td>
598			<span class="vexpl">
599	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Enable authentication of TLS packets"); ?>.
600	3c11bd3c	Matthew Grooms	</span>
601			</td>
602			</tr>
603			</table>
604			<?php if (!$pconfig['tls']): ?>
605			<table border="0" cellpadding="2" cellspacing="0" id='tlsauth_opts'>
606			<tr>
607			<td>
608			<?php set_checked($pconfig['autotls_enable'],$chk); ?>
609			<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autotls_change()">
610			</td>
611			<td>
612			<span class="vexpl">
613	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
614	3c11bd3c	Matthew Grooms	</span>
615			</td>
616			</tr>
617			</table>
618			<?php endif; ?>
619			<table border="0" cellpadding="2" cellspacing="0" id='autotls_opts'>
620			<tr>
621			<td>
622			<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
623			<br/>
624	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
625	3c11bd3c	Matthew Grooms	</td>
626			</tr>
627			</table>
628			</td>
629	d799787e	Matthew Grooms	</tr>
630	3c11bd3c	Matthew Grooms	<tr id="tls_ca">
631	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
632	d799787e	Matthew Grooms	<td width="78%" class="vtable">
633			<select name='caref' class="formselect">
634			<?php
635	428e66b6	jim-p	foreach ($a_ca as $ca):
636	d799787e	Matthew Grooms	$selected = "";
637			if ($pconfig['caref'] == $ca['refid'])
638			$selected = "selected";
639			?>
640	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
641	d799787e	Matthew Grooms	<?php endforeach; ?>
642			</select>
643			</td>
644			</tr>
645	3c11bd3c	Matthew Grooms	<tr id="tls_cert">
646	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td>
647	d799787e	Matthew Grooms	<td width="78%" class="vtable">
648			<select name='certref' class="formselect">
649			<?php
650	428e66b6	jim-p	foreach ($a_cert as $cert):
651	9e303f2f	jim-p	$selected = "";
652			$caname = "";
653			$inuse = "";
654			$revoked = "";
655			if (is_user_cert($cert['refid']))
656			continue;
657			$ca = lookup_ca($cert['caref']);
658			if ($ca)
659			$caname = " (CA: {$ca['descr']})";
660			if ($pconfig['certref'] == $cert['refid'])
661			$selected = "selected";
662			if (cert_in_use($cert['refid']))
663			$inuse = " *In Use";
664			if (is_cert_revoked($cert))
665			$revoked = " *Revoked";
666	d799787e	Matthew Grooms	?>
667	6a0b3ea4	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
668	d799787e	Matthew Grooms	<?php endforeach; ?>
669			</select>
670			</td>
671			</tr>
672			<tr id="psk">
673	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
674	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
675			<?php if (!$pconfig['shared_key']): ?>
676			<table border="0" cellpadding="2" cellspacing="0">
677			<tr>
678			<td>
679			<?php set_checked($pconfig['autokey_enable'],$chk); ?>
680			<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autokey_change()">
681			</td>
682			<td>
683			<span class="vexpl">
684	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared key"); ?>.
685	3c11bd3c	Matthew Grooms	</span>
686			</td>
687			</tr>
688			</table>
689			<?php endif; ?>
690			<table border="0" cellpadding="2" cellspacing="0" id='autokey_opts'>
691			<tr>
692			<td>
693			<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
694			<br/>
695	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
696	3c11bd3c	Matthew Grooms	</td>
697			</tr>
698			</table>
699	d799787e	Matthew Grooms	</td>
700			</tr>
701			<tr>
702	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
703	d799787e	Matthew Grooms	<td width="78%" class="vtable">
704			<select name="crypto" class="formselect">
705			<?php
706			$cipherlist = openvpn_get_cipherlist();
707			foreach ($cipherlist as $name => $desc):
708			$selected = '';
709			if ($name == $pconfig['crypto'])
710			$selected = ' selected';
711			?>
712			<option value="<?=$name;?>"<?=$selected?>>
713			<?=htmlspecialchars($desc);?>
714			</option>
715			<?php endforeach; ?>
716			</select>
717			</td>
718			</tr>
719			<tr>
720			<td colspan="2" class="list" height="12"></td>
721			</tr>
722			<tr>
723	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
724	d799787e	Matthew Grooms	</tr>
725			<tr>
726	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Tunnel Network"); ?></td>
727	d799787e	Matthew Grooms	<td width="78%" class="vtable">
728			<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>">
729			<br>
730	2fa7a468	Carlos Eduardo Ramos	<?=gettext("This is the virtual network used for private " .
731			"communications between this client and the " .
732			"server expressed using CIDR (eg. 10.0.8.0/24). " .
733			"The first network address is assumed to be the " .
734			"server address and the second network address " .
735			"will be assigned to the client virtual " .
736			"interface"); ?>.
737	d799787e	Matthew Grooms	</td>
738			</tr>
739			<tr>
740	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Remote Network"); ?></td>
741	d799787e	Matthew Grooms	<td width="78%" class="vtable">
742			<input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>">
743			<br>
744	2fa7a468	Carlos Eduardo Ramos	<?=gettext("This is a network that will be routed through " .
745			"the tunnel, so that a site-to-site VPN can be " .
746			"established without manually changing the " .
747			"routing tables. Expressed as a CIDR range. If " .
748			"this is a site-to-site VPN, enter here the " .
749			"remote LAN here. You may leave this blank to " .
750			"only communicate with other clients"); ?>.
751	d799787e	Matthew Grooms	</td>
752			</tr>
753			<tr>
754			<td width="22%" valign="top" class="vncell"><?=gettext("Limit outgoing bandwidth");?></td>
755			<td width="78%" class="vtable">
756			<input name="use_shaper" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['use_shaper']);?>"/>
757			<br/>
758	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Maximum outgoing bandwidth for this tunnel. " .
759			"Leave empty for no limit. The input value has " .
760			"to be something between 100 bytes/sec and 100 " .
761			"Mbytes/sec (entered as bytes per second)"); ?>.
762	d799787e	Matthew Grooms	</td>
763			</tr>
764			<tr>
765	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
766	d799787e	Matthew Grooms	<td width="78%" class="vtable">
767			<table border="0" cellpadding="2" cellspacing="0">
768			<tr>
769			<td>
770			<?php set_checked($pconfig['compression'],$chk); ?>
771			<input name="compression" type="checkbox" value="yes" <?=$chk;?>>
772			</td>
773			<td>
774			<span class="vexpl">
775	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Compress tunnel packets using the LZO algorithm"); ?>.
776	d799787e	Matthew Grooms	</span>
777			</td>
778			</tr>
779			</table>
780			</td>
781			</tr>
782			<tr>
783	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
784	d799787e	Matthew Grooms	<td width="78%" class="vtable">
785			<table border="0" cellpadding="2" cellspacing="0">
786			<tr>
787			<td>
788	1cb0b40a	Matthew Grooms	<?php set_checked($pconfig['passtos'],$chk); ?>
789			<input name="passtos" type="checkbox" value="yes" <?=$chk;?>>
790	d799787e	Matthew Grooms	</td>
791			<td>
792			<span class="vexpl">
793	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
794	d799787e	Matthew Grooms	</span>
795			</td>
796			</tr>
797			</table>
798			</td>
799			</tr>
800	c7323d81	sullrich	<tr>
801			<td colspan="2" class="list" height="12"></td>
802			</tr>
803			<tr>
804	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
805	c7323d81	sullrich	</tr>
806			<tr>
807	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
808	c7323d81	sullrich	<td width="78%" class="vtable">
809			<table border="0" cellpadding="2" cellspacing="0">
810			<tr>
811			<td>
812	dd5bf424	Scott Ullrich	<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br/>
813	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Enter any additional options you would like to add to the OpenVPN client configuration here, separated by a semicolon"); ?><br/>
814			<?=gettext("EXAMPLE: route 10.0.0.0 255.255.255.0;"); ?>
815	c7323d81	sullrich	</td>
816			</tr>
817			</table>
818			</td>
819			</tr>
820	d799787e	Matthew Grooms	<tr>
821			<td width="22%" valign="top"> </td>
822			<td width="78%">
823	2fa7a468	Carlos Eduardo Ramos	<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
824	d799787e	Matthew Grooms	<input name="act" type="hidden" value="<?=$act;?>">
825			<?php if (isset($id) && $a_client[$id]): ?>
826			<input name="id" type="hidden" value="<?=$id;?>">
827			<?php endif; ?>
828			</td>
829			</tr>
830			</table>
831			</form>
832
833			<?php else: ?>
834
835	7773b868	jim-p	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
836			<thead>
837	d799787e	Matthew Grooms	<tr>
838	2fa7a468	Carlos Eduardo Ramos	<td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td>
839			<td width="10%" class="listhdrr"><?=gettext("Protocol"); ?></td>
840			<td width="30%" class="listhdrr"><?=gettext("Server"); ?></td>
841			<td width="40%" class="listhdrr"><?=gettext("Description"); ?></td>
842	d799787e	Matthew Grooms	<td width="10%" class="list"></td>
843			</tr>
844	7773b868	jim-p	</thead>
845			<tbody>
846	d799787e	Matthew Grooms	<?php
847			$i = 0;
848			foreach($a_client as $client):
849			$disabled = "NO";
850	8319ee63	jim-p	if (isset($client['disable']))
851	d799787e	Matthew Grooms	$disabled = "YES";
852			$server = "{$client['server_addr']}:{$client['server_port']}";
853			?>
854	c67bbe04	Chris Buechler	<tr ondblclick="document.location='vpn_openvpn_client.php?act=edit&id=<?=$i;?>'">
855	d799787e	Matthew Grooms	<td class="listlr">
856			<?=$disabled;?>
857			</td>
858			<td class="listr">
859			<?=htmlspecialchars($client['protocol']);?>
860			</td>
861			<td class="listr">
862			<?=htmlspecialchars($server);?>
863			</td>
864	296a3cb6	Scott Ullrich	<td class="listbg">
865	d799787e	Matthew Grooms	<?=htmlspecialchars($client['description']);?>
866			</td>
867			<td valign="middle" nowrap class="list">
868			<a href="vpn_openvpn_client.php?act=edit&id=<?=$i;?>">
869	2fa7a468	Carlos Eduardo Ramos	<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit client"); ?>" width="17" height="17" border="0">
870	d799787e	Matthew Grooms	</a>
871
872	2fa7a468	Carlos Eduardo Ramos	<a href="vpn_openvpn_client.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this client?"); ?>')">
873			<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete client"); ?>" width="17" height="17" border="0">
874	d799787e	Matthew Grooms	</a>
875			</td>
876			</tr>
877			<?php
878			$i++;
879			endforeach;
880			?>
881	7773b868	jim-p	</tbody>
882			<tfoot>
883	d799787e	Matthew Grooms	<tr>
884			<td class="list" colspan="4"></td>
885			<td class="list">
886	2fa7a468	Carlos Eduardo Ramos	<a href="vpn_openvpn_client.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add client"); ?>" width="17" height="17" border="0">
887	d799787e	Matthew Grooms	</a>
888			</td>
889			</tr>
890			<tr>
891			<td colspan="4">
892			<p>
893			<?=gettext("Additional OpenVPN clients can be added here.");?>
894			</p>
895			</td>
896			</tr>
897	7773b868	jim-p	</tfoot>
898	d799787e	Matthew Grooms	</table>
899
900	ee9933b6	Renato Botelho	<?php endif; ?>
901	d799787e	Matthew Grooms
902			</td>
903			</tr>
904			</table>
905			<script language="JavaScript">
906			<!--
907	3c11bd3c	Matthew Grooms	mode_change();
908			autokey_change();
909			tlsauth_change();
910	762a24a3	Ermal Lu?i	useproxy_changed();
911	d799787e	Matthew Grooms	//-->
912			</script>
913			</body>
914			<?php include("fend.inc"); ?>
915
916			<?php
917
918			/* local utility functions */
919
920			function set_checked($var,& $chk) {
921			if($var)
922			$chk = 'checked';
923			else
924			$chk = '';
925			}
926
927			?>

Project

General

Profile

pfSense