/usr/local/www/vpn_openvpn_server.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_openvpn_server.php @ 377e3872

1	d799787e	Matthew Grooms	<?php
2			/*
3			vpn_openvpn_server.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
7	d799787e	Matthew Grooms	All rights reserved.
8
9			Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11
12			1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14
15			2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18
19			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30
31			##\|+PRIV
32			##\|*IDENT=page-openvpn-server
33			##\|*NAME=OpenVPN: Server page
34			##\|*DESCR=Allow access to the 'OpenVPN: Server' page.
35			##\|MATCH=vpn_openvpn_server.php
36			##\|-PRIV
37
38			require("guiconfig.inc");
39	d84bd468	Ermal Lu?i	require_once("openvpn.inc");
40	d799787e	Matthew Grooms
41			if (!is_array($config['openvpn']['openvpn-server']))
42			$config['openvpn']['openvpn-server'] = array();
43
44			$a_server = &$config['openvpn']['openvpn-server'];
45
46	428e66b6	jim-p	if (!is_array($config['ca']))
47			$config['ca'] = array();
48
49			$a_ca =& $config['ca'];
50
51			if (!is_array($config['cert']))
52			$config['cert'] = array();
53
54			$a_cert =& $config['cert'];
55
56			if (!is_array($config['crl']))
57			$config['crl'] = array();
58
59			$a_crl =& $config['crl'];
60
61	c1f95f5c	jim-p	foreach ($a_crl as $cid => $acrl)
62			if (!isset($acrl['refid']))
63			unset ($a_crl[$cid]);
64
65	e41ec584	Renato Botelho	if (is_numericint($_GET['id']))
66			$id = $_GET['id'];
67			if (isset($_POST['id']) && is_numericint($_POST['id']))
68	d799787e	Matthew Grooms	$id = $_POST['id'];
69
70			$act = $_GET['act'];
71			if (isset($_POST['act']))
72			$act = $_POST['act'];
73
74	6d9b1074	jim-p	if (isset($id) && $a_server[$id])
75			$vpnid = $a_server[$id]['vpnid'];
76			else
77			$vpnid = 0;
78
79	d799787e	Matthew Grooms	if ($_GET['act'] == "del") {
80
81	767cf960	jim-p	if (!isset($a_server[$id])) {
82	d799787e	Matthew Grooms	pfSenseHeader("vpn_openvpn_server.php");
83			exit;
84			}
85	767cf960	jim-p	if (!empty($a_server[$id]))
86			openvpn_delete('server', $a_server[$id]);
87	d799787e	Matthew Grooms	unset($a_server[$id]);
88			write_config();
89	8cd558b6	ayvis	$savemsg = gettext("Server successfully deleted")."<br />";
90	d799787e	Matthew Grooms	}
91
92	3e41ad59	Phil Davis	if($_GET['act']=="new") {
93	3c11bd3c	Matthew Grooms	$pconfig['autokey_enable'] = "yes";
94			$pconfig['tlsauth_enable'] = "yes";
95			$pconfig['autotls_enable'] = "yes";
96	fe787fc7	Matthew Grooms	$pconfig['dh_length'] = 1024;
97	4936ff53	jim-p	$pconfig['dev_mode'] = "tun";
98	f432e364	Matthew Grooms	$pconfig['interface'] = "wan";
99	8cd0a3fa	jim-p	$pconfig['local_port'] = openvpn_port_next('UDP');
100	f432e364	Matthew Grooms	$pconfig['pool_enable'] = "yes";
101	41936acc	jim-p	$pconfig['cert_depth'] = 1;
102	b9e9903d	Dmitriy K.	$pconfig['verbosity_level'] = 1; // Default verbosity is 1
103	97d5b59b	jim-p	// OpenVPN Defaults to SHA1
104			$pconfig['digest'] = "SHA1";
105	f432e364	Matthew Grooms	}
106
107	3e41ad59	Phil Davis	if($_GET['act']=="edit") {
108	d799787e	Matthew Grooms
109			if (isset($id) && $a_server[$id]) {
110	870318b9	Ermal Lu?i	$pconfig['disable'] = isset($a_server[$id]['disable']);
111	3c11bd3c	Matthew Grooms	$pconfig['mode'] = $a_server[$id]['mode'];
112	d799787e	Matthew Grooms	$pconfig['protocol'] = $a_server[$id]['protocol'];
113	e8a58de4	Ermal Lu?i	$pconfig['authmode'] = $a_server[$id]['authmode'];
114	4936ff53	jim-p	$pconfig['dev_mode'] = $a_server[$id]['dev_mode'];
115	d799787e	Matthew Grooms	$pconfig['interface'] = $a_server[$id]['interface'];
116	67b0902f	pierrepomes	if (!empty($a_server[$id]['ipaddr'])) {
117			$pconfig['interface'] = $pconfig['interface'] . '\|' . $a_server[$id]['ipaddr'];
118			}
119	d799787e	Matthew Grooms	$pconfig['local_port'] = $a_server[$id]['local_port'];
120			$pconfig['description'] = $a_server[$id]['description'];
121	a9a613dd	Scott Ullrich	$pconfig['custom_options'] = $a_server[$id]['custom_options'];
122	d799787e	Matthew Grooms
123	3c11bd3c	Matthew Grooms	if ($pconfig['mode'] != "p2p_shared_key") {
124			if ($a_server[$id]['tls']) {
125			$pconfig['tlsauth_enable'] = "yes";
126			$pconfig['tls'] = base64_decode($a_server[$id]['tls']);
127			}
128	fe787fc7	Matthew Grooms	$pconfig['caref'] = $a_server[$id]['caref'];
129	6db02381	jim-p	$pconfig['crlref'] = $a_server[$id]['crlref'];
130	fe787fc7	Matthew Grooms	$pconfig['certref'] = $a_server[$id]['certref'];
131			$pconfig['dh_length'] = $a_server[$id]['dh_length'];
132	41936acc	jim-p	if (isset($a_server[$id]['cert_depth']))
133			$pconfig['cert_depth'] = $a_server[$id]['cert_depth'];
134			else
135			$pconfig['cert_depth'] = 1;
136	94823361	jim-p	if ($pconfig['mode'] == "server_tls_user")
137			$pconfig['strictusercn'] = $a_server[$id]['strictusercn'];
138	3c11bd3c	Matthew Grooms	} else
139			$pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
140	d799787e	Matthew Grooms	$pconfig['crypto'] = $a_server[$id]['crypto'];
141	97d5b59b	jim-p	// OpenVPN Defaults to SHA1 if unset
142			$pconfig['digest'] = !empty($a_server[$id]['digest']) ? $a_server[$id]['digest'] : "SHA1";
143	582c58ae	jim-p	$pconfig['engine'] = $a_server[$id]['engine'];
144	d799787e	Matthew Grooms
145			$pconfig['tunnel_network'] = $a_server[$id]['tunnel_network'];
146	b1ba04cf	Seth Mos	$pconfig['tunnel_networkv6'] = $a_server[$id]['tunnel_networkv6'];
147	1ab6bdb5	jim-p
148	d799787e	Matthew Grooms	$pconfig['remote_network'] = $a_server[$id]['remote_network'];
149	4856df9b	jim-p	$pconfig['remote_networkv6'] = $a_server[$id]['remote_networkv6'];
150	d799787e	Matthew Grooms	$pconfig['gwredir'] = $a_server[$id]['gwredir'];
151			$pconfig['local_network'] = $a_server[$id]['local_network'];
152	b1ba04cf	Seth Mos	$pconfig['local_networkv6'] = $a_server[$id]['local_networkv6'];
153	d799787e	Matthew Grooms	$pconfig['maxclients'] = $a_server[$id]['maxclients'];
154			$pconfig['compression'] = $a_server[$id]['compression'];
155	1cb0b40a	Matthew Grooms	$pconfig['passtos'] = $a_server[$id]['passtos'];
156	d799787e	Matthew Grooms	$pconfig['client2client'] = $a_server[$id]['client2client'];
157
158	65ff8497	jim-p	$pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip'];
159	d799787e	Matthew Grooms	$pconfig['pool_enable'] = $a_server[$id]['pool_enable'];
160	ee55ce7d	jim-p	$pconfig['topology_subnet'] = $a_server[$id]['topology_subnet'];
161	d799787e	Matthew Grooms
162	1ab6bdb5	jim-p	$pconfig['serverbridge_dhcp'] = $a_server[$id]['serverbridge_dhcp'];
163			$pconfig['serverbridge_interface'] = $a_server[$id]['serverbridge_interface'];
164			$pconfig['serverbridge_dhcp_start'] = $a_server[$id]['serverbridge_dhcp_start'];
165			$pconfig['serverbridge_dhcp_end'] = $a_server[$id]['serverbridge_dhcp_end'];
166
167	d799787e	Matthew Grooms	$pconfig['dns_domain'] = $a_server[$id]['dns_domain'];
168			if ($pconfig['dns_domain'])
169			$pconfig['dns_domain_enable'] = true;
170
171			$pconfig['dns_server1'] = $a_server[$id]['dns_server1'];
172			$pconfig['dns_server2'] = $a_server[$id]['dns_server2'];
173			$pconfig['dns_server3'] = $a_server[$id]['dns_server3'];
174			$pconfig['dns_server4'] = $a_server[$id]['dns_server4'];
175			if ($pconfig['dns_server1'] \|\|
176			$pconfig['dns_server2'] \|\|
177			$pconfig['dns_server3'] \|\|
178			$pconfig['dns_server4'])
179			$pconfig['dns_server_enable'] = true;
180
181			$pconfig['ntp_server1'] = $a_server[$id]['ntp_server1'];
182			$pconfig['ntp_server2'] = $a_server[$id]['ntp_server2'];
183			if ($pconfig['ntp_server1'] \|\|
184			$pconfig['ntp_server2'])
185			$pconfig['ntp_server_enable'] = true;
186
187			$pconfig['netbios_enable'] = $a_server[$id]['netbios_enable'];
188			$pconfig['netbios_ntype'] = $a_server[$id]['netbios_ntype'];
189			$pconfig['netbios_scope'] = $a_server[$id]['netbios_scope'];
190
191			$pconfig['wins_server1'] = $a_server[$id]['wins_server1'];
192			$pconfig['wins_server2'] = $a_server[$id]['wins_server2'];
193			if ($pconfig['wins_server1'] \|\|
194			$pconfig['wins_server2'])
195			$pconfig['wins_server_enable'] = true;
196
197	faf61f12	Phil Davis	$pconfig['client_mgmt_port'] = $a_server[$id]['client_mgmt_port'];
198			if ($pconfig['client_mgmt_port'])
199			$pconfig['client_mgmt_port_enable'] = true;
200
201	d799787e	Matthew Grooms	$pconfig['nbdd_server1'] = $a_server[$id]['nbdd_server1'];
202			if ($pconfig['nbdd_server1'])
203			$pconfig['nbdd_server_enable'] = true;
204	3c11bd3c	Matthew Grooms
205			// just in case the modes switch
206			$pconfig['autokey_enable'] = "yes";
207			$pconfig['autotls_enable'] = "yes";
208	bca35cff	jim-p
209			$pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']);
210	b9e9903d	Dmitriy K.
211			$pconfig['no_tun_ipv6'] = $a_server[$id]['no_tun_ipv6'];
212	c7264382	Dmitriy K.	if (isset($a_server[$id]['verbosity_level']))
213			$pconfig['verbosity_level'] = $a_server[$id]['verbosity_level'];
214			else
215			$pconfig['verbosity_level'] = 1; // Default verbosity is 1
216	c38764dc	Dmitriy K.
217			$pconfig['push_register_dns'] = $a_server[$id]['push_register_dns'];
218	d799787e	Matthew Grooms	}
219			}
220			if ($_POST) {
221
222			unset($input_errors);
223			$pconfig = $_POST;
224
225	f432e364	Matthew Grooms	if (isset($id) && $a_server[$id])
226			$vpnid = $a_server[$id]['vpnid'];
227			else
228			$vpnid = 0;
229
230	198bb449	jim-p	list($iv_iface, $iv_ip) = explode ("\|",$pconfig['interface']);
231			if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) {
232			$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
233			} elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) {
234			$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address.");
235	489f484c	jim-p	} elseif ((stristr($pconfig['protocol'], "6") === false) && !get_interface_ip($iv_iface) && ($pconfig['interface'] != "any")) {
236	198bb449	jim-p	$input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address.");
237	489f484c	jim-p	} elseif ((stristr($pconfig['protocol'], "6") !== false) && !get_interface_ipv6($iv_iface) && ($pconfig['interface'] != "any")) {
238	198bb449	jim-p	$input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
239			}
240
241	98c0c87a	jim-p	if ($pconfig['mode'] != "p2p_shared_key")
242	3c11bd3c	Matthew Grooms	$tls_mode = true;
243			else
244			$tls_mode = false;
245
246	b0b6d575	jim-p	if (empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") \|\| ($pconfig['mode'] == "server_tls_user")))
247			$input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth.");
248
249	d799787e	Matthew Grooms	/* input validation */
250			if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
251			$input_errors[] = $result;
252
253	a28d40cb	jim-p	if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4"))
254	d799787e	Matthew Grooms	$input_errors[] = $result;
255
256	a28d40cb	jim-p	if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6"))
257	d799787e	Matthew Grooms	$input_errors[] = $result;
258
259	a28d40cb	jim-p	if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4"))
260			$input_errors[] = $result;
261
262			if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6"))
263			$input_errors[] = $result;
264
265			if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4"))
266			$input_errors[] = $result;
267
268			if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6"))
269	d799787e	Matthew Grooms	$input_errors[] = $result;
270
271	49b76122	Renato Botelho	$portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid);
272	5accf130	jim-p	if (($portused != $vpnid) && ($portused != 0))
273	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
274	f432e364	Matthew Grooms
275	89e6e210	jim-p	if ($pconfig['autokey_enable'])
276			$pconfig['shared_key'] = openvpn_create_key();
277
278	3c11bd3c	Matthew Grooms	if (!$tls_mode && !$pconfig['autokey_enable'])
279	d799787e	Matthew Grooms	if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") \|\|
280			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
281	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
282	3c11bd3c	Matthew Grooms
283			if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
284			if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") \|\|
285			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
286	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
287	d799787e	Matthew Grooms
288			if ($pconfig['dns_server_enable']) {
289			if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1'])))
290	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
291	d799787e	Matthew Grooms	if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2'])))
292	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
293	d799787e	Matthew Grooms	if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3'])))
294	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
295	d799787e	Matthew Grooms	if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4'])))
296	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
297	d799787e	Matthew Grooms	}
298
299			if ($pconfig['ntp_server_enable']) {
300			if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1'])))
301	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
302	d799787e	Matthew Grooms	if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2'])))
303	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
304	d799787e	Matthew Grooms	if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3'])))
305	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address");
306	d799787e	Matthew Grooms	if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4'])))
307	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address");
308	d799787e	Matthew Grooms	}
309
310			if ($pconfig['netbios_enable']) {
311			if ($pconfig['wins_server_enable']) {
312			if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1'])))
313	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
314	d799787e	Matthew Grooms	if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2'])))
315	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
316	d799787e	Matthew Grooms	}
317			if ($pconfig['nbdd_server_enable'])
318			if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1'])))
319	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
320	d799787e	Matthew Grooms	}
321
322	faf61f12	Phil Davis	if ($pconfig['client_mgmt_port_enable']) {
323			if ($result = openvpn_validate_port($pconfig['client_mgmt_port'], 'Client management port'))
324			$input_errors[] = $result;
325			}
326
327	d799787e	Matthew Grooms	if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients']))
328	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Concurrent connections' must be numeric.");
329	d799787e	Matthew Grooms
330	21c776dd	jim-p	/* If we are not in shared key mode, then we need the CA/Cert. */
331			if ($pconfig['mode'] != "p2p_shared_key") {
332	872d9195	Matthew Grooms	$reqdfields = explode(" ", "caref certref");
333	fe6d7a55	jim-p	$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
334	21c776dd	jim-p	} elseif (!$pconfig['autokey_enable']) {
335			/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
336			$reqdfields = array('shared_key');
337	4d8b3382	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext('Shared key'));
338	d799787e	Matthew Grooms	}
339
340	1ab6bdb5	jim-p	if ($pconfig['dev_mode'] != "tap") {
341			$reqdfields[] = 'tunnel_network';
342			$reqdfieldsn[] = gettext('Tunnel network');
343			} else {
344	74a556a3	jim-p	if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network'])
345			$input_errors[] = gettext("Using a tunnel network and server bridge settings together is not allowed.");
346	1ab6bdb5	jim-p	if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end'])
347			\|\| (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end']))
348			$input_errors[] = gettext("Server Bridge DHCP Start and End must both be empty, or defined.");
349			if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_start'])))
350			$input_errors[] = gettext("Server Bridge DHCP Start must be an IPv4 address.");
351			if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_end'])))
352			$input_errors[] = gettext("Server Bridge DHCP End must be an IPv4 address.");
353			if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end']))
354			$input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end).");
355			}
356	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
357	d799787e	Matthew Grooms
358			if (!$input_errors) {
359
360			$server = array();
361
362	da601f8e	PiBa-NL	if ($id && $pconfig['dev_mode'] <> $a_server[$id]['dev_mode'])
363			openvpn_delete('server', $a_server[$id]);// delete(rename) old interface so a new TUN or TAP interface can be created.
364
365	f432e364	Matthew Grooms	if ($vpnid)
366			$server['vpnid'] = $vpnid;
367	e28120e5	Matthew Grooms	else
368	d799787e	Matthew Grooms	$server['vpnid'] = openvpn_vpnid_next();
369
370	870318b9	Ermal Lu?i	if ($_POST['disable'] == "yes")
371			$server['disable'] = true;
372	3c11bd3c	Matthew Grooms	$server['mode'] = $pconfig['mode'];
373	a087e197	Phil Davis	if (!empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") \|\| ($pconfig['mode'] == "server_tls_user")))
374	8a47c190	Ermal Lu?i	$server['authmode'] = implode(",", $pconfig['authmode']);
375	d799787e	Matthew Grooms	$server['protocol'] = $pconfig['protocol'];
376	4936ff53	jim-p	$server['dev_mode'] = $pconfig['dev_mode'];
377	67b0902f	pierrepomes	list($server['interface'], $server['ipaddr']) = explode ("\|",$pconfig['interface']);
378	d799787e	Matthew Grooms	$server['local_port'] = $pconfig['local_port'];
379			$server['description'] = $pconfig['description'];
380	e3bbd29a	Ermal	$server['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
381	d799787e	Matthew Grooms
382	3c11bd3c	Matthew Grooms	if ($tls_mode) {
383			if ($pconfig['tlsauth_enable']) {
384			if ($pconfig['autotls_enable'])
385			$pconfig['tls'] = openvpn_create_key();
386			$server['tls'] = base64_encode($pconfig['tls']);
387			}
388	fe787fc7	Matthew Grooms	$server['caref'] = $pconfig['caref'];
389	6db02381	jim-p	$server['crlref'] = $pconfig['crlref'];
390	fe787fc7	Matthew Grooms	$server['certref'] = $pconfig['certref'];
391			$server['dh_length'] = $pconfig['dh_length'];
392	98963f27	jim-p	$server['cert_depth'] = $pconfig['cert_depth'];
393	94823361	jim-p	if ($pconfig['mode'] == "server_tls_user")
394			$server['strictusercn'] = $pconfig['strictusercn'];
395	3c11bd3c	Matthew Grooms	} else {
396			$server['shared_key'] = base64_encode($pconfig['shared_key']);
397	d799787e	Matthew Grooms	}
398			$server['crypto'] = $pconfig['crypto'];
399	97d5b59b	jim-p	$server['digest'] = $pconfig['digest'];
400	582c58ae	jim-p	$server['engine'] = $pconfig['engine'];
401	d799787e	Matthew Grooms
402			$server['tunnel_network'] = $pconfig['tunnel_network'];
403	b1ba04cf	Seth Mos	$server['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
404	d799787e	Matthew Grooms	$server['remote_network'] = $pconfig['remote_network'];
405	4856df9b	jim-p	$server['remote_networkv6'] = $pconfig['remote_networkv6'];
406	d799787e	Matthew Grooms	$server['gwredir'] = $pconfig['gwredir'];
407			$server['local_network'] = $pconfig['local_network'];
408	b1ba04cf	Seth Mos	$server['local_networkv6'] = $pconfig['local_networkv6'];
409	d799787e	Matthew Grooms	$server['maxclients'] = $pconfig['maxclients'];
410			$server['compression'] = $pconfig['compression'];
411	1cb0b40a	Matthew Grooms	$server['passtos'] = $pconfig['passtos'];
412	d799787e	Matthew Grooms	$server['client2client'] = $pconfig['client2client'];
413
414	65ff8497	jim-p	$server['dynamic_ip'] = $pconfig['dynamic_ip'];
415	d799787e	Matthew Grooms	$server['pool_enable'] = $pconfig['pool_enable'];
416	ee55ce7d	jim-p	$server['topology_subnet'] = $pconfig['topology_subnet'];
417	d799787e	Matthew Grooms
418	1ab6bdb5	jim-p	$server['serverbridge_dhcp'] = $pconfig['serverbridge_dhcp'];
419			$server['serverbridge_interface'] = $pconfig['serverbridge_interface'];
420			$server['serverbridge_dhcp_start'] = $pconfig['serverbridge_dhcp_start'];
421			$server['serverbridge_dhcp_end'] = $pconfig['serverbridge_dhcp_end'];
422
423	d799787e	Matthew Grooms	if ($pconfig['dns_domain_enable'])
424			$server['dns_domain'] = $pconfig['dns_domain'];
425
426			if ($pconfig['dns_server_enable']) {
427			$server['dns_server1'] = $pconfig['dns_server1'];
428			$server['dns_server2'] = $pconfig['dns_server2'];
429			$server['dns_server3'] = $pconfig['dns_server3'];
430			$server['dns_server4'] = $pconfig['dns_server4'];
431			}
432
433	c38764dc	Dmitriy K.	if ($pconfig['push_register_dns'])
434			$server['push_register_dns'] = $pconfig['push_register_dns'];
435
436	d799787e	Matthew Grooms	if ($pconfig['ntp_server_enable']) {
437			$server['ntp_server1'] = $pconfig['ntp_server1'];
438			$server['ntp_server2'] = $pconfig['ntp_server2'];
439			}
440
441			$server['netbios_enable'] = $pconfig['netbios_enable'];
442			$server['netbios_ntype'] = $pconfig['netbios_ntype'];
443			$server['netbios_scope'] = $pconfig['netbios_scope'];
444	b9e9903d	Dmitriy K.
445			$server['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
446			$server['verbosity_level'] = $pconfig['verbosity_level'];
447	d799787e	Matthew Grooms
448			if ($pconfig['netbios_enable']) {
449
450			if ($pconfig['wins_server_enable']) {
451			$server['wins_server1'] = $pconfig['wins_server1'];
452			$server['wins_server2'] = $pconfig['wins_server2'];
453			}
454
455			if ($pconfig['dns_server_enable'])
456			$server['nbdd_server1'] = $pconfig['nbdd_server1'];
457			}
458	bca35cff	jim-p
459	faf61f12	Phil Davis	if ($pconfig['client_mgmt_port_enable'])
460			$server['client_mgmt_port'] = $pconfig['client_mgmt_port'];
461
462	bca35cff	jim-p	if ($_POST['duplicate_cn'] == "yes")
463			$server['duplicate_cn'] = true;
464
465	d799787e	Matthew Grooms	if (isset($id) && $a_server[$id])
466			$a_server[$id] = $server;
467			else
468			$a_server[] = $server;
469
470	dc408939	Matthew Grooms	openvpn_resync('server', $server);
471	d799787e	Matthew Grooms	write_config();
472
473			header("Location: vpn_openvpn_server.php");
474			exit;
475			}
476	8a47c190	Ermal Lu?i	if (!empty($pconfig['authmode']))
477			$pconfig['authmode'] = implode(",", $pconfig['authmode']);
478	d799787e	Matthew Grooms	}
479	6d9b1074	jim-p	$pgtitle = array(gettext("OpenVPN"), gettext("Server"));
480			$shortcut_section = "openvpn";
481	d799787e	Matthew Grooms
482			include("head.inc");
483
484			?>
485
486	f6510207	xbipin	<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
487	d799787e	Matthew Grooms	<?php include("fbegin.inc"); ?>
488	91f026b0	ayvis	<script type="text/javascript">
489	2b5c9e58	Colin Fleming	//<![CDATA[
490	d799787e	Matthew Grooms
491	3c11bd3c	Matthew Grooms	function mode_change() {
492			index = document.iform.mode.selectedIndex;
493			value = document.iform.mode.options[index].value;
494	d799787e	Matthew Grooms	switch(value) {
495	3c11bd3c	Matthew Grooms	case "p2p_tls":
496			case "server_tls":
497			case "server_user":
498	94823361	jim-p	document.getElementById("tls").style.display="";
499			document.getElementById("tls_ca").style.display="";
500			document.getElementById("tls_crl").style.display="";
501			document.getElementById("tls_cert").style.display="";
502			document.getElementById("tls_dh").style.display="";
503	98963f27	jim-p	document.getElementById("cert_depth").style.display="";
504	94823361	jim-p	document.getElementById("strictusercn").style.display="none";
505			document.getElementById("psk").style.display="none";
506			break;
507	3c11bd3c	Matthew Grooms	case "server_tls_user":
508			document.getElementById("tls").style.display="";
509			document.getElementById("tls_ca").style.display="";
510	6db02381	jim-p	document.getElementById("tls_crl").style.display="";
511	3c11bd3c	Matthew Grooms	document.getElementById("tls_cert").style.display="";
512	fe787fc7	Matthew Grooms	document.getElementById("tls_dh").style.display="";
513	98963f27	jim-p	document.getElementById("cert_depth").style.display="";
514	94823361	jim-p	document.getElementById("strictusercn").style.display="";
515	d799787e	Matthew Grooms	document.getElementById("psk").style.display="none";
516			break;
517	3c11bd3c	Matthew Grooms	case "p2p_shared_key":
518			document.getElementById("tls").style.display="none";
519			document.getElementById("tls_ca").style.display="none";
520	6db02381	jim-p	document.getElementById("tls_crl").style.display="none";
521	3c11bd3c	Matthew Grooms	document.getElementById("tls_cert").style.display="none";
522	fe787fc7	Matthew Grooms	document.getElementById("tls_dh").style.display="none";
523	98963f27	jim-p	document.getElementById("cert_depth").style.display="none";
524	94823361	jim-p	document.getElementById("strictusercn").style.display="none";
525	d799787e	Matthew Grooms	document.getElementById("psk").style.display="";
526			break;
527			}
528	3c11bd3c	Matthew Grooms	switch(value) {
529			case "p2p_shared_key":
530			document.getElementById("client_opts").style.display="none";
531	415bddea	jim-p	document.getElementById("remote_optsv4").style.display="";
532			document.getElementById("remote_optsv6").style.display="";
533	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="none";
534	4856df9b	jim-p	document.getElementById("local_optsv4").style.display="none";
535			document.getElementById("local_optsv6").style.display="none";
536	b008c1eb	jim-p	document.getElementById("authmodetr").style.display="none";
537	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="none";
538	b008c1eb	jim-p	break;
539			case "p2p_tls":
540			document.getElementById("client_opts").style.display="none";
541	415bddea	jim-p	document.getElementById("remote_optsv4").style.display="";
542			document.getElementById("remote_optsv6").style.display="";
543	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="";
544	4856df9b	jim-p	document.getElementById("local_optsv4").style.display="";
545			document.getElementById("local_optsv6").style.display="";
546	e8a58de4	Ermal Lu?i	document.getElementById("authmodetr").style.display="none";
547	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="none";
548	3c11bd3c	Matthew Grooms	break;
549	e8a58de4	Ermal Lu?i	case "server_user":
550	3e41ad59	Phil Davis	case "server_tls_user":
551	e8a58de4	Ermal Lu?i	document.getElementById("authmodetr").style.display="";
552	54b9de56	Ermal Lu?i	document.getElementById("client_opts").style.display="";
553	415bddea	jim-p	document.getElementById("remote_optsv4").style.display="none";
554			document.getElementById("remote_optsv6").style.display="none";
555	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="";
556	4856df9b	jim-p	document.getElementById("local_optsv4").style.display="";
557			document.getElementById("local_optsv6").style.display="";
558	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="";
559	54b9de56	Ermal Lu?i	break;
560			case "server_tls":
561			document.getElementById("authmodetr").style.display="none";
562	3c11bd3c	Matthew Grooms	default:
563			document.getElementById("client_opts").style.display="";
564	415bddea	jim-p	document.getElementById("remote_optsv4").style.display="none";
565			document.getElementById("remote_optsv6").style.display="none";
566	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="";
567	4856df9b	jim-p	document.getElementById("local_optsv4").style.display="";
568			document.getElementById("local_optsv6").style.display="";
569	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="";
570	3c11bd3c	Matthew Grooms	break;
571			}
572	a2ff08f8	jim-p	gwredir_change();
573	3c11bd3c	Matthew Grooms	}
574
575			function autokey_change() {
576
577	f54712b6	jim-p	if ((document.iform.autokey_enable != null) && (document.iform.autokey_enable.checked))
578	3c11bd3c	Matthew Grooms	document.getElementById("autokey_opts").style.display="none";
579			else
580			document.getElementById("autokey_opts").style.display="";
581			}
582
583			function tlsauth_change() {
584
585			<?php if (!$pconfig['tls']): ?>
586			if (document.iform.tlsauth_enable.checked)
587			document.getElementById("tlsauth_opts").style.display="";
588			else
589			document.getElementById("tlsauth_opts").style.display="none";
590			<?php endif; ?>
591
592			autotls_change();
593			}
594
595			function autotls_change() {
596
597			<?php if (!$pconfig['tls']): ?>
598			autocheck = document.iform.autotls_enable.checked;
599			<?php else: ?>
600			autocheck = false;
601			<?php endif; ?>
602
603			if (document.iform.tlsauth_enable.checked && !autocheck)
604			document.getElementById("autotls_opts").style.display="";
605			else
606			document.getElementById("autotls_opts").style.display="none";
607	d799787e	Matthew Grooms	}
608
609			function gwredir_change() {
610
611	fd96a3fc	bcyrill	if (document.iform.gwredir.checked) {
612			document.getElementById("local_optsv4").style.display="none";
613			document.getElementById("local_optsv6").style.display="none";
614			} else {
615			document.getElementById("local_optsv4").style.display="";
616			document.getElementById("local_optsv6").style.display="";
617			}
618	d799787e	Matthew Grooms	}
619
620			function dns_domain_change() {
621
622			if (document.iform.dns_domain_enable.checked)
623			document.getElementById("dns_domain_data").style.display="";
624			else
625			document.getElementById("dns_domain_data").style.display="none";
626			}
627
628			function dns_server_change() {
629
630			if (document.iform.dns_server_enable.checked)
631			document.getElementById("dns_server_data").style.display="";
632			else
633			document.getElementById("dns_server_data").style.display="none";
634			}
635
636			function wins_server_change() {
637
638			if (document.iform.wins_server_enable.checked)
639			document.getElementById("wins_server_data").style.display="";
640			else
641			document.getElementById("wins_server_data").style.display="none";
642			}
643
644	faf61f12	Phil Davis	function client_mgmt_port_change() {
645
646			if (document.iform.client_mgmt_port_enable.checked)
647			document.getElementById("client_mgmt_port_data").style.display="";
648			else
649			document.getElementById("client_mgmt_port_data").style.display="none";
650			}
651
652	d799787e	Matthew Grooms	function ntp_server_change() {
653
654			if (document.iform.ntp_server_enable.checked)
655			document.getElementById("ntp_server_data").style.display="";
656			else
657			document.getElementById("ntp_server_data").style.display="none";
658			}
659
660			function netbios_change() {
661
662			if (document.iform.netbios_enable.checked) {
663			document.getElementById("netbios_data").style.display="";
664			document.getElementById("wins_opts").style.display="";
665			} else {
666			document.getElementById("netbios_data").style.display="none";
667			document.getElementById("wins_opts").style.display="none";
668			}
669			}
670
671	1ab6bdb5	jim-p	function tuntap_change() {
672
673			mindex = document.iform.mode.selectedIndex;
674			mvalue = document.iform.mode.options[mindex].value;
675
676			switch(mvalue) {
677			case "p2p_tls":
678			case "p2p_shared_key":
679			p2p = true;
680			break;
681			default:
682			p2p = false;
683			break;
684			}
685
686			index = document.iform.dev_mode.selectedIndex;
687			value = document.iform.dev_mode.options[index].value;
688			switch(value) {
689			case "tun":
690	caf58ced	Dmitriy K.	document.getElementById("chkboxNoTunIPv6").style.display="";
691	74a556a3	jim-p	document.getElementById("ipv4_tunnel_network").className="vncellreq";
692	1ab6bdb5	jim-p	document.getElementById("serverbridge_dhcp").style.display="none";
693			document.getElementById("serverbridge_interface").style.display="none";
694			document.getElementById("serverbridge_dhcp_start").style.display="none";
695			document.getElementById("serverbridge_dhcp_end").style.display="none";
696	ee55ce7d	jim-p	document.getElementById("topology_subnet_opt").style.display="";
697	1ab6bdb5	jim-p	break;
698			case "tap":
699	caf58ced	Dmitriy K.	document.getElementById("chkboxNoTunIPv6").style.display="none";
700	74a556a3	jim-p	document.getElementById("ipv4_tunnel_network").className="vncell";
701	1ab6bdb5	jim-p	if (!p2p) {
702			document.getElementById("serverbridge_dhcp").style.display="";
703			document.getElementById("serverbridge_interface").style.display="";
704			document.getElementById("serverbridge_dhcp_start").style.display="";
705			document.getElementById("serverbridge_dhcp_end").style.display="";
706	ee55ce7d	jim-p	document.getElementById("topology_subnet_opt").style.display="none";
707	f54712b6	jim-p	document.iform.serverbridge_dhcp.disabled = false;
708	1ab6bdb5	jim-p	if (document.iform.serverbridge_dhcp.checked) {
709			document.iform.serverbridge_interface.disabled = false;
710			document.iform.serverbridge_dhcp_start.disabled = false;
711			document.iform.serverbridge_dhcp_end.disabled = false;
712			} else {
713			document.iform.serverbridge_interface.disabled = true;
714			document.iform.serverbridge_dhcp_start.disabled = true;
715			document.iform.serverbridge_dhcp_end.disabled = true;
716			}
717			} else {
718	ee55ce7d	jim-p	document.getElementById("topology_subnet_opt").style.display="none";
719	1ab6bdb5	jim-p	document.iform.serverbridge_dhcp.disabled = true;
720			document.iform.serverbridge_interface.disabled = true;
721			document.iform.serverbridge_dhcp_start.disabled = true;
722			document.iform.serverbridge_dhcp_end.disabled = true;
723			}
724			break;
725			}
726			}
727	2b5c9e58	Colin Fleming	//]]>
728	d799787e	Matthew Grooms	</script>
729			<?php
730	428e66b6	jim-p	if (!$savemsg)
731			$savemsg = "";
732
733			if ($input_errors)
734			print_input_errors($input_errors);
735			if ($savemsg)
736			print_info_box_np($savemsg);
737	d799787e	Matthew Grooms	?>
738	2b5c9e58	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn server">
739	5a3b0d3b	mgrooms	<tr>
740	d799787e	Matthew Grooms	<td class="tabnavtbl">
741			<?php
742			$tab_array = array();
743			$tab_array[] = array(gettext("Server"), true, "vpn_openvpn_server.php");
744			$tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php");
745			$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
746	5540aee6	Ermal Lu?i	$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
747	b63f2e8b	Matthew Grooms	add_package_tabs("OpenVPN", $tab_array);
748	d799787e	Matthew Grooms	display_top_tabs($tab_array);
749			?>
750			</td>
751			</tr>
752			<tr>
753			<td class="tabcont">
754
755			<?php if($act=="new" \|\| $act=="edit"): ?>
756
757			<form action="vpn_openvpn_server.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
758	2b5c9e58	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="general information">
759	47c00c09	Scott Ullrich	<tr>
760	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
761	b63f2e8b	Matthew Grooms	</tr>
762	d799787e	Matthew Grooms	<tr>
763	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
764	d799787e	Matthew Grooms	<td width="78%" class="vtable">
765	2b5c9e58	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="enable disable server">
766	d799787e	Matthew Grooms	<tr>
767			<td>
768			<?php set_checked($pconfig['disable'],$chk); ?>
769	2b5c9e58	Colin Fleming	<input name="disable" type="checkbox" value="yes" <?=$chk;?> />
770	d799787e	Matthew Grooms	</td>
771			<td>
772
773			<span class="vexpl">
774	8cd558b6	ayvis	<strong><?=gettext("Disable this server"); ?></strong><br />
775	d799787e	Matthew Grooms	</span>
776			</td>
777			</tr>
778			</table>
779	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this server without removing it from the list"); ?>.
780	d799787e	Matthew Grooms	</td>
781			</tr>
782	3c11bd3c	Matthew Grooms	<tr>
783			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
784			<td width="78%" class="vtable">
785	1ab6bdb5	jim-p	<select name='mode' id='mode' class="formselect" onchange='mode_change(); tuntap_change()'>
786	3c11bd3c	Matthew Grooms	<?php
787			foreach ($openvpn_server_modes as $name => $desc):
788			$selected = "";
789			if ($pconfig['mode'] == $name)
790	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
791	3c11bd3c	Matthew Grooms	?>
792			<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
793			<?php endforeach; ?>
794			</select>
795			</td>
796			</tr>
797	e8a58de4	Ermal Lu?i	<tr id="authmodetr" style="display:none">
798	3e41ad59	Phil Davis	<td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td>
799			<td width="78%" class="vtable">
800			<select name='authmode[]' id='authmode' class="formselect" multiple="multiple" size="<?php echo count($auth_servers); ?>">
801			<?php
802	a087e197	Phil Davis	$authmodes = explode(",", $pconfig['authmode']);
803	6306b5dd	Ermal Lu?i	$auth_servers = auth_get_authserver_list();
804	a087e197	Phil Davis	// If no authmodes set then default to selecting the first entry in auth_servers
805			if (empty($authmodes[0]) && !empty(key($auth_servers)))
806			$authmodes[0] = key($auth_servers);
807
808	3e41ad59	Phil Davis	foreach ($auth_servers as $auth_server_key => $auth_server):
809			$selected = "";
810			if (in_array($auth_server_key, $authmodes))
811			$selected = "selected=\"selected\"";
812			?>
813			<option value="<?=$auth_server_key;?>" <?=$selected;?>><?=$auth_server['name'];?></option>
814			<?php endforeach; ?>
815			</select>
816			</td>
817			</tr>
818	d799787e	Matthew Grooms	<tr>
819			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
820			<td width="78%" class="vtable">
821			<select name='protocol' class="formselect">
822			<?php
823			foreach ($openvpn_prots as $prot):
824			$selected = "";
825			if ($pconfig['protocol'] == $prot)
826	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
827	d799787e	Matthew Grooms	?>
828			<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
829			<?php endforeach; ?>
830			</select>
831	3e41ad59	Phil Davis	</td>
832	d799787e	Matthew Grooms	</tr>
833	bf87b4d7	lgcosta	<tr>
834			<td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td>
835			<td width="78%" class="vtable">
836	1ab6bdb5	jim-p	<select name="dev_mode" class="formselect" onchange='tuntap_change()'>
837	3e41ad59	Phil Davis	<?php
838			foreach ($openvpn_dev_mode as $device):
839			$selected = "";
840			if (! empty($pconfig['dev_mode'])) {
841			if ($pconfig['dev_mode'] == $device)
842			$selected = "selected=\"selected\"";
843			} else {
844			if ($device == "tun")
845			$selected = "selected=\"selected\"";
846			}
847			?>
848			<option value="<?=$device;?>" <?=$selected;?>><?=$device;?></option>
849			<?php endforeach; ?>
850			</select>
851			</td>
852			</tr>
853	d799787e	Matthew Grooms	<tr>
854	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
855	d799787e	Matthew Grooms	<td width="78%" class="vtable">
856			<select name="interface" class="formselect">
857			<?php
858			$interfaces = get_configured_interface_with_descr();
859	3d06e8f0	pierrepomes	$carplist = get_configured_carp_interface_list();
860			foreach ($carplist as $cif => $carpip)
861	dd62256f	Pierre POMES	$interfaces[$cif.'\|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
862	67b0902f	pierrepomes	$aliaslist = get_configured_ip_aliases_list();
863			foreach ($aliaslist as $aliasip => $aliasif)
864	dd62256f	Pierre POMES	$interfaces[$aliasif.'\|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
865	47c48e28	smos	$grouplist = return_gateway_groups_array();
866			foreach ($grouplist as $name => $group) {
867			if($group['ipprotocol'] != inet)
868			continue;
869			if($group[0]['vip'] <> "")
870			$vipif = $group[0]['vip'];
871			else
872			$vipif = $group[0]['int'];
873			$interfaces[$name] = "GW Group {$name}";
874			}
875	5c94aa12	jim-p	$interfaces['lo0'] = "Localhost";
876	67b0902f	pierrepomes	$interfaces['any'] = "any";
877	d799787e	Matthew Grooms	foreach ($interfaces as $iface => $ifacename):
878	1d3bcd2a	Matthew Grooms	$selected = "";
879			if ($iface == $pconfig['interface'])
880	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
881	d799787e	Matthew Grooms	?>
882	1d3bcd2a	Matthew Grooms	<option value="<?=$iface;?>" <?=$selected;?>>
883			<?=htmlspecialchars($ifacename);?>
884			</option>
885	d799787e	Matthew Grooms	<?php endforeach; ?>
886	8cd558b6	ayvis	</select> <br />
887	d799787e	Matthew Grooms	</td>
888			</tr>
889			<tr>
890			<td width="22%" valign="top" class="vncellreq"><?=gettext("Local port");?></td>
891			<td width="78%" class="vtable">
892	2b5c9e58	Colin Fleming	<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>" />
893	d799787e	Matthew Grooms	</td>
894			</tr>
895			<tr>
896	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
897	d799787e	Matthew Grooms	<td width="78%" class="vtable">
898	2b5c9e58	Colin Fleming	<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>" />
899	8cd558b6	ayvis	<br />
900	4d8b3382	Carlos Eduardo Ramos	<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
901	d799787e	Matthew Grooms	</td>
902			</tr>
903			<tr>
904			<td colspan="2" class="list" height="12"></td>
905			</tr>
906			<tr>
907	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
908	d799787e	Matthew Grooms	</tr>
909	3c11bd3c	Matthew Grooms	<tr id="tls">
910	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
911	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
912	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="tls authentication">
913	3c11bd3c	Matthew Grooms	<tr>
914			<td>
915			<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
916	2b5c9e58	Colin Fleming	<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onclick="tlsauth_change()" />
917	3c11bd3c	Matthew Grooms	</td>
918			<td>
919			<span class="vexpl">
920	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Enable authentication of TLS packets"); ?>.
921	3c11bd3c	Matthew Grooms	</span>
922			</td>
923			</tr>
924			</table>
925			<?php if (!$pconfig['tls']): ?>
926	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="tlsauth_opts" summary="tls authentication options">
927	3c11bd3c	Matthew Grooms	<tr>
928			<td>
929			<?php set_checked($pconfig['autotls_enable'],$chk); ?>
930	2b5c9e58	Colin Fleming	<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autotls_change()" />
931	3c11bd3c	Matthew Grooms	</td>
932			<td>
933			<span class="vexpl">
934	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
935	3c11bd3c	Matthew Grooms	</span>
936			</td>
937			</tr>
938			</table>
939			<?php endif; ?>
940	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="autotls_opts" summary="tls authentication key">
941	3c11bd3c	Matthew Grooms	<tr>
942			<td>
943			<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
944	8cd558b6	ayvis	<br />
945	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
946	3c11bd3c	Matthew Grooms	</td>
947			</tr>
948			</table>
949			</td>
950	d799787e	Matthew Grooms	</tr>
951	3c11bd3c	Matthew Grooms	<tr id="tls_ca">
952	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
953	d799787e	Matthew Grooms	<td width="78%" class="vtable">
954	19cdeb3e	jim-p	<?php if (count($a_ca)): ?>
955	d799787e	Matthew Grooms	<select name='caref' class="formselect">
956			<?php
957	428e66b6	jim-p	foreach ($a_ca as $ca):
958	d799787e	Matthew Grooms	$selected = "";
959			if ($pconfig['caref'] == $ca['refid'])
960	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
961	d799787e	Matthew Grooms	?>
962	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
963	d799787e	Matthew Grooms	<?php endforeach; ?>
964			</select>
965	19cdeb3e	jim-p	<?php else: ?>
966	8cd558b6	ayvis	<b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System > Cert Manager</a>.
967	19cdeb3e	jim-p	<?php endif; ?>
968	d799787e	Matthew Grooms	</td>
969			</tr>
970	6db02381	jim-p	<tr id="tls_crl">
971			<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Revocation List"); ?></td>
972			<td width="78%" class="vtable">
973	19cdeb3e	jim-p	<?php if (count($a_crl)): ?>
974	6db02381	jim-p	<select name='crlref' class="formselect">
975			<option value="">None</option>
976			<?php
977	428e66b6	jim-p	foreach ($a_crl as $crl):
978	6db02381	jim-p	$selected = "";
979	f02c3e1d	jim-p	$caname = "";
980			$ca = lookup_ca($crl['caref']);
981			if ($ca) {
982			$caname = " (CA: {$ca['descr']})";
983			if ($pconfig['crlref'] == $crl['refid'])
984	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
985	f02c3e1d	jim-p	}
986	6db02381	jim-p	?>
987	f02c3e1d	jim-p	<option value="<?=$crl['refid'];?>" <?=$selected;?>><?=$crl['descr'] . $caname;?></option>
988	6db02381	jim-p	<?php endforeach; ?>
989			</select>
990	19cdeb3e	jim-p	<?php else: ?>
991	8cd558b6	ayvis	<b>No Certificate Revocation Lists (CRLs) defined.</b> <br />Create one under <a href="system_crlmanager.php">System > Cert Manager</a>.
992	19cdeb3e	jim-p	<?php endif; ?>
993	6db02381	jim-p	</td>
994			</tr>
995	3c11bd3c	Matthew Grooms	<tr id="tls_cert">
996	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Certificate"); ?></td>
997	d799787e	Matthew Grooms	<td width="78%" class="vtable">
998	19cdeb3e	jim-p	<?php if (count($a_cert)): ?>
999	d799787e	Matthew Grooms	<select name='certref' class="formselect">
1000			<?php
1001	3e41ad59	Phil Davis	foreach ($a_cert as $cert):
1002			$selected = "";
1003			$caname = "";
1004			$inuse = "";
1005			$revoked = "";
1006			$ca = lookup_ca($cert['caref']);
1007			if ($ca)
1008			$caname = " (CA: {$ca['descr']})";
1009			if ($pconfig['certref'] == $cert['refid'])
1010			$selected = "selected=\"selected\"";
1011			if (cert_in_use($cert['refid']))
1012			$inuse = " *In Use";
1013			if (is_cert_revoked($cert))
1014			$revoked = " *Revoked";
1015	d799787e	Matthew Grooms	?>
1016	6a0b3ea4	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
1017	d799787e	Matthew Grooms	<?php endforeach; ?>
1018			</select>
1019	19cdeb3e	jim-p	<?php else: ?>
1020	8cd558b6	ayvis	<b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a>.
1021	19cdeb3e	jim-p	<?php endif; ?>
1022	d799787e	Matthew Grooms	</td>
1023			</tr>
1024	fe787fc7	Matthew Grooms	<tr id="tls_dh">
1025	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH Parameters Length"); ?></td>
1026	fe787fc7	Matthew Grooms	<td width="78%" class="vtable">
1027			<select name="dh_length" class="formselect">
1028			<?php
1029			foreach ($openvpn_dh_lengths as $length):
1030	2b5c9e58	Colin Fleming	$selected = "";
1031	fe787fc7	Matthew Grooms	if ($length == $pconfig['dh_length'])
1032	2b5c9e58	Colin Fleming	$selected = " selected=\"selected\"";
1033	fe787fc7	Matthew Grooms	?>
1034			<option<?=$selected?>><?=$length;?></option>
1035			<?php endforeach; ?>
1036			</select>
1037			<span class="vexpl">
1038	1c83021a	Carlos Eduardo Ramos	<?=gettext("bits"); ?>
1039	fe787fc7	Matthew Grooms	</span>
1040			</td>
1041			</tr>
1042	d799787e	Matthew Grooms	<tr id="psk">
1043	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
1044	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
1045			<?php if (!$pconfig['shared_key']): ?>
1046	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="shared key">
1047	3c11bd3c	Matthew Grooms	<tr>
1048			<td>
1049			<?php set_checked($pconfig['autokey_enable'],$chk); ?>
1050	2b5c9e58	Colin Fleming	<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autokey_change()" />
1051	3c11bd3c	Matthew Grooms	</td>
1052			<td>
1053			<span class="vexpl">
1054	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared key"); ?>.
1055	3c11bd3c	Matthew Grooms	</span>
1056			</td>
1057			</tr>
1058			</table>
1059			<?php endif; ?>
1060	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="autokey_opts" summary="shared key">
1061	3c11bd3c	Matthew Grooms	<tr>
1062			<td>
1063			<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
1064	8cd558b6	ayvis	<br />
1065	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
1066	3c11bd3c	Matthew Grooms	</td>
1067			</tr>
1068			</table>
1069	d799787e	Matthew Grooms	</td>
1070			</tr>
1071			<tr>
1072	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
1073	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1074			<select name="crypto" class="formselect">
1075			<?php
1076			$cipherlist = openvpn_get_cipherlist();
1077			foreach ($cipherlist as $name => $desc):
1078	3e41ad59	Phil Davis	$selected = "";
1079			if ($name == $pconfig['crypto'])
1080			$selected = " selected=\"selected\"";
1081	d799787e	Matthew Grooms	?>
1082	3e41ad59	Phil Davis	<option value="<?=$name;?>"<?=$selected?>>
1083			<?=htmlspecialchars($desc);?>
1084			</option>
1085	d799787e	Matthew Grooms	<?php endforeach; ?>
1086	582c58ae	jim-p	</select>
1087			</td>
1088			</tr>
1089	97d5b59b	jim-p	<tr>
1090			<td width="22%" valign="top" class="vncellreq"><?=gettext("Auth Digest Algorithm"); ?></td>
1091			<td width="78%" class="vtable">
1092			<select name="digest" class="formselect">
1093			<?php
1094			$digestlist = openvpn_get_digestlist();
1095			foreach ($digestlist as $name => $desc):
1096	3e41ad59	Phil Davis	$selected = "";
1097			if ($name == $pconfig['digest'])
1098			$selected = " selected=\"selected\"";
1099	97d5b59b	jim-p	?>
1100	3e41ad59	Phil Davis	<option value="<?=$name;?>"<?=$selected?>>
1101			<?=htmlspecialchars($desc);?>
1102			</option>
1103	97d5b59b	jim-p	<?php endforeach; ?>
1104			</select>
1105	73b8c162	jim-p	<br /><?PHP echo gettext("NOTE: Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN."); ?>
1106	97d5b59b	jim-p	</td>
1107			</tr>
1108	582c58ae	jim-p	<tr id="engine">
1109			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
1110			<td width="78%" class="vtable">
1111			<select name="engine" class="formselect">
1112			<?php
1113			$engines = openvpn_get_engines();
1114			foreach ($engines as $name => $desc):
1115	3e41ad59	Phil Davis	$selected = "";
1116			if ($name == $pconfig['engine'])
1117			$selected = " selected=\"selected\"";
1118	582c58ae	jim-p	?>
1119	3e41ad59	Phil Davis	<option value="<?=$name;?>"<?=$selected?>>
1120			<?=htmlspecialchars($desc);?>
1121			</option>
1122	582c58ae	jim-p	<?php endforeach; ?>
1123	d799787e	Matthew Grooms	</select>
1124			</td>
1125			</tr>
1126	98963f27	jim-p	<tr id="cert_depth">
1127			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate Depth"); ?></td>
1128			<td width="78%" class="vtable">
1129	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="certificate depth">
1130	98963f27	jim-p	<tr><td>
1131			<select name="cert_depth" class="formselect">
1132			<option value="">Do Not Check</option>
1133			<?php
1134			foreach ($openvpn_cert_depths as $depth => $depthdesc):
1135	3e41ad59	Phil Davis	$selected = "";
1136			if ($depth == $pconfig['cert_depth'])
1137			$selected = " selected=\"selected\"";
1138	98963f27	jim-p	?>
1139	3e41ad59	Phil Davis	<option value="<?= $depth ?>" <?= $selected ?>><?= $depthdesc ?></option>
1140	98963f27	jim-p	<?php endforeach; ?>
1141			</select>
1142			</td></tr>
1143			<tr><td>
1144			<span class="vexpl">
1145			<?=gettext("When a certificate-based client logs in, do not accept certificates below this depth. Useful for denying certificates made with intermediate CAs generated from the same CA as the server."); ?>
1146			</span>
1147			</td></tr>
1148			</table>
1149			</td>
1150			</tr>
1151	94823361	jim-p	<tr id="strictusercn">
1152			<td width="22%" valign="top" class="vncell"><?=gettext("Strict User/CN Matching"); ?></td>
1153			<td width="78%" class="vtable">
1154	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="strict user/cn matching">
1155	94823361	jim-p	<tr>
1156			<td>
1157			<?php set_checked($pconfig['strictusercn'],$chk); ?>
1158	2b5c9e58	Colin Fleming	<input name="strictusercn" type="checkbox" value="yes" <?=$chk;?> />
1159	94823361	jim-p	</td>
1160			<td>
1161			<span class="vexpl">
1162			<?=gettext("When authenticating users, enforce a match between the common name of the client certificate and the username given at login."); ?>
1163			</span>
1164			</td>
1165			</tr>
1166			</table>
1167			</td>
1168			</tr>
1169	d799787e	Matthew Grooms	<tr>
1170			<td colspan="2" class="list" height="12"></td>
1171			</tr>
1172			<tr>
1173	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
1174	d799787e	Matthew Grooms	</tr>
1175	74a556a3	jim-p	<tr>
1176			<td width="22%" valign="top" class="vncellreq" id="ipv4_tunnel_network"><?=gettext("IPv4 Tunnel Network"); ?></td>
1177	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1178	2b5c9e58	Colin Fleming	<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>" />
1179	8cd558b6	ayvis	<br />
1180	b1ba04cf	Seth Mos	<?=gettext("This is the IPv4 virtual network used for private " .
1181	4d8b3382	Carlos Eduardo Ramos	"communications between this server and client " .
1182			"hosts expressed using CIDR (eg. 10.0.8.0/24). " .
1183			"The first network address will be assigned to " .
1184	3e41ad59	Phil Davis	"the server virtual interface. The remaining " .
1185	4d8b3382	Carlos Eduardo Ramos	"network addresses can optionally be assigned " .
1186			"to connecting clients. (see Address Pool)"); ?>
1187	d799787e	Matthew Grooms	</td>
1188			</tr>
1189	74a556a3	jim-p	<tr>
1190			<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Tunnel Network"); ?></td>
1191	b1ba04cf	Seth Mos	<td width="78%" class="vtable">
1192	2b5c9e58	Colin Fleming	<input name="tunnel_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_networkv6']);?>" />
1193	8cd558b6	ayvis	<br />
1194	b1ba04cf	Seth Mos	<?=gettext("This is the IPv6 virtual network used for private " .
1195			"communications between this server and client " .
1196			"hosts expressed using CIDR (eg. fe80::/64). " .
1197			"The first network address will be assigned to " .
1198	4856df9b	jim-p	"the server virtual interface. The remaining " .
1199	b1ba04cf	Seth Mos	"network addresses can optionally be assigned " .
1200			"to connecting clients. (see Address Pool)"); ?>
1201			</td>
1202			</tr>
1203	1ab6bdb5	jim-p	<tr id="serverbridge_dhcp">
1204			<td width="22%" valign="top" class="vncell"><?=gettext("Bridge DHCP"); ?></td>
1205			<td width="78%" class="vtable">
1206	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="bridge dhcp">
1207	1ab6bdb5	jim-p	<tr>
1208			<td>
1209			<?php set_checked($pconfig['serverbridge_dhcp'],$chk); ?>
1210	2b5c9e58	Colin Fleming	<input name="serverbridge_dhcp" type="checkbox" value="yes" <?=$chk;?> onchange="tuntap_change()" />
1211	1ab6bdb5	jim-p	</td>
1212			<td>
1213			<span class="vexpl">
1214	8cd558b6	ayvis	<?=gettext("Allow clients on the bridge to obtain DHCP."); ?><br />
1215	1ab6bdb5	jim-p	</span>
1216			</td>
1217			</tr>
1218			</table>
1219			</td>
1220			</tr>
1221			<tr id="serverbridge_interface">
1222			<td width="22%" valign="top" class="vncell"><?=gettext("Bridge Interface"); ?></td>
1223			<td width="78%" class="vtable">
1224			<select name="serverbridge_interface" class="formselect">
1225			<?php
1226			$serverbridge_interface['none'] = "none";
1227			$serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr());
1228			$carplist = get_configured_carp_interface_list();
1229			foreach ($carplist as $cif => $carpip)
1230			$serverbridge_interface[$cif.'\|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
1231			$aliaslist = get_configured_ip_aliases_list();
1232			foreach ($aliaslist as $aliasip => $aliasif)
1233			$serverbridge_interface[$aliasif.'\|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
1234			foreach ($serverbridge_interface as $iface => $ifacename):
1235			$selected = "";
1236			if ($iface == $pconfig['serverbridge_interface'])
1237	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
1238	1ab6bdb5	jim-p	?>
1239			<option value="<?=$iface;?>" <?=$selected;?>>
1240			<?=htmlspecialchars($ifacename);?>
1241			</option>
1242			<?php endforeach; ?>
1243	8cd558b6	ayvis	</select> <br />
1244	8e932fb5	Phil Davis	<?=gettext("The interface to which this tap instance will be " .
1245	1ab6bdb5	jim-p	"bridged. This is not done automatically. You must assign this " .
1246			"interface and create the bridge separately. " .
1247			"This setting controls which existing IP address and subnet " .
1248			"mask are used by OpenVPN for the bridge. Setting this to " .
1249			"'none' will cause the Server Bridge DHCP settings below to be ignored."); ?>
1250			</td>
1251			</tr>
1252			<tr id="serverbridge_dhcp_start">
1253			<td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP Start"); ?></td>
1254			<td width="78%" class="vtable">
1255	2b5c9e58	Colin Fleming	<input name="serverbridge_dhcp_start" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_start']);?>" />
1256	8cd558b6	ayvis	<br />
1257	8e932fb5	Phil Davis	<?=gettext("When using tap mode as a multi-point server, " .
1258	1ab6bdb5	jim-p	"you may optionally supply a DHCP range to use on the " .
1259			"interface to which this tap instance is bridged. " .
1260			"If these settings are left blank, DHCP will be passed " .
1261			"through to the LAN, and the interface setting above " .
1262			"will be ignored."); ?>
1263			</td>
1264			</tr>
1265			<tr id="serverbridge_dhcp_end">
1266	850ae59e	Irving Popovetsky	<td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP End"); ?></td>
1267	1ab6bdb5	jim-p	<td width="78%" class="vtable">
1268	2b5c9e58	Colin Fleming	<input name="serverbridge_dhcp_end" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_end']);?>" />
1269	8cd558b6	ayvis	<br />
1270	1ab6bdb5	jim-p	</td>
1271			</tr>
1272	a2ff08f8	jim-p	<tr id="gwredir_opts">
1273	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td>
1274	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1275	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="redirect gateway">
1276	d799787e	Matthew Grooms	<tr>
1277			<td>
1278			<?php set_checked($pconfig['gwredir'],$chk); ?>
1279	2b5c9e58	Colin Fleming	<input name="gwredir" type="checkbox" value="yes" <?=$chk;?> onclick="gwredir_change()" />
1280	d799787e	Matthew Grooms	</td>
1281			<td>
1282			<span class="vexpl">
1283	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Force all client generated traffic through the tunnel"); ?>.
1284	d799787e	Matthew Grooms	</span>
1285			</td>
1286			</tr>
1287			</table>
1288			</td>
1289			</tr>
1290	4856df9b	jim-p	<tr id="local_optsv4">
1291	332f5781	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Local Network/s"); ?></td>
1292	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1293	2b5c9e58	Colin Fleming	<input name="local_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['local_network']);?>" />
1294	8cd558b6	ayvis	<br />
1295	332f5781	Phil Davis	<?=gettext("These are the IPv4 networks that will be accessible " .
1296			"from the remote endpoint. Expressed as a comma-separated list of one or more CIDR ranges. " .
1297			"You may leave this blank if you don't " .
1298	4d8b3382	Carlos Eduardo Ramos	"want to add a route to the local network " .
1299			"through this tunnel on the remote machine. " .
1300			"This is generally set to your LAN network"); ?>.
1301	d799787e	Matthew Grooms	</td>
1302			</tr>
1303	4856df9b	jim-p	<tr id="local_optsv6">
1304	332f5781	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Local Network/s"); ?></td>
1305	b1ba04cf	Seth Mos	<td width="78%" class="vtable">
1306	2b5c9e58	Colin Fleming	<input name="local_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['local_networkv6']);?>" />
1307	8cd558b6	ayvis	<br />
1308	332f5781	Phil Davis	<?=gettext("These are the IPv6 networks that will be accessible " .
1309			"from the remote endpoint. Expressed as a comma-separated list of one or more IP/PREFIX. " .
1310			"You may leave this blank if you don't " .
1311	b1ba04cf	Seth Mos	"want to add a route to the local network " .
1312			"through this tunnel on the remote machine. " .
1313			"This is generally set to your LAN network"); ?>.
1314			</td>
1315			</tr>
1316	415bddea	jim-p	<tr id="remote_optsv4">
1317	332f5781	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Remote Network/s"); ?></td>
1318	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
1319	2b5c9e58	Colin Fleming	<input name="remote_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_network']);?>" />
1320	8cd558b6	ayvis	<br />
1321	332f5781	Phil Davis	<?=gettext("These are the IPv4 networks that will be routed through " .
1322	4d8b3382	Carlos Eduardo Ramos	"the tunnel, so that a site-to-site VPN can be " .
1323	332f5781	Phil Davis	"established without manually changing the routing tables. " .
1324			"Expressed as a comma-separated list of one or more CIDR ranges. " .
1325			"If this is a site-to-site VPN, enter the " .
1326			"remote LAN/s here. You may leave this blank if " .
1327	4d8b3382	Carlos Eduardo Ramos	"you don't want a site-to-site VPN"); ?>.
1328	3c11bd3c	Matthew Grooms	</td>
1329			</tr>
1330	415bddea	jim-p	<tr id="remote_optsv6">
1331	332f5781	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Remote Network/s"); ?></td>
1332	4856df9b	jim-p	<td width="78%" class="vtable">
1333	2b5c9e58	Colin Fleming	<input name="remote_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_networkv6']);?>" />
1334	8cd558b6	ayvis	<br />
1335	332f5781	Phil Davis	<?=gettext("These are the IPv6 networks that will be routed through " .
1336	4856df9b	jim-p	"the tunnel, so that a site-to-site VPN can be " .
1337	332f5781	Phil Davis	"established without manually changing the routing tables. " .
1338			"Expressed as a comma-separated list of one or more IP/PREFIX. " .
1339			"If this is a site-to-site VPN, enter the " .
1340			"remote LAN/s here. You may leave this blank if " .
1341	4856df9b	jim-p	"you don't want a site-to-site VPN"); ?>.
1342			</td>
1343			</tr>
1344	d799787e	Matthew Grooms	<tr>
1345			<td width="22%" valign="top" class="vncell"><?=gettext("Concurrent connections");?></td>
1346			<td width="78%" class="vtable">
1347	2b5c9e58	Colin Fleming	<input name="maxclients" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['maxclients']);?>" />
1348	8cd558b6	ayvis	<br />
1349	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Specify the maximum number of clients allowed to concurrently connect to this server"); ?>.
1350	d799787e	Matthew Grooms	</td>
1351			</tr>
1352			<tr>
1353	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
1354	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1355	edba1982	jim-p	<select name="compression" class="formselect">
1356			<?php
1357			foreach ($openvpn_compression_modes as $cmode => $cmodedesc):
1358	3e41ad59	Phil Davis	$selected = "";
1359			if ($cmode == $pconfig['compression'])
1360			$selected = " selected=\"selected\"";
1361	edba1982	jim-p	?>
1362	3e41ad59	Phil Davis	<option value="<?= $cmode ?>" <?= $selected ?>><?= $cmodedesc ?></option>
1363	edba1982	jim-p	<?php endforeach; ?>
1364			</select>
1365	8cd558b6	ayvis	<br />
1366	caf58ced	Dmitriy K.	<?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently"); ?>.
1367	d799787e	Matthew Grooms	</td>
1368			</tr>
1369			<tr>
1370	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
1371	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1372	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="type-of-service">
1373	d799787e	Matthew Grooms	<tr>
1374			<td>
1375	1cb0b40a	Matthew Grooms	<?php set_checked($pconfig['passtos'],$chk); ?>
1376	2b5c9e58	Colin Fleming	<input name="passtos" type="checkbox" value="yes" <?=$chk;?> />
1377	d799787e	Matthew Grooms	</td>
1378			<td>
1379			<span class="vexpl">
1380	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
1381	d799787e	Matthew Grooms	</span>
1382			</td>
1383			</tr>
1384			</table>
1385			</td>
1386			</tr>
1387	107794cc	jim-p	<tr id="inter_client_communication">
1388	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Inter-client communication"); ?></td>
1389	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1390	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="inter-client communication">
1391	d799787e	Matthew Grooms	<tr>
1392			<td>
1393			<?php set_checked($pconfig['client2client'],$chk); ?>
1394	2b5c9e58	Colin Fleming	<input name="client2client" type="checkbox" value="yes" <?=$chk;?> />
1395	d799787e	Matthew Grooms	</td>
1396			<td>
1397			<span class="vexpl">
1398	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Allow communication between clients connected to this server"); ?>
1399	d799787e	Matthew Grooms	</span>
1400			</td>
1401			</tr>
1402			</table>
1403			</td>
1404			</tr>
1405	bca35cff	jim-p	<tr id="duplicate_cn">
1406			<td width="22%" valign="top" class="vncell"><?=gettext("Duplicate Connections"); ?></td>
1407			<td width="78%" class="vtable">
1408	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="duplicate connection">
1409	bca35cff	jim-p	<tr>
1410			<td>
1411			<?php set_checked($pconfig['duplicate_cn'],$chk); ?>
1412	2b5c9e58	Colin Fleming	<input name="duplicate_cn" type="checkbox" value="yes" <?=$chk;?> />
1413	bca35cff	jim-p	</td>
1414			<td>
1415			<span class="vexpl">
1416	8cd558b6	ayvis	<?=gettext("Allow multiple concurrent connections from clients using the same Common Name.<br />NOTE: This is not generally recommended, but may be needed for some scenarios."); ?>
1417	bca35cff	jim-p	</span>
1418			</td>
1419			</tr>
1420			</table>
1421			</td>
1422			</tr>
1423	b9e9903d	Dmitriy K.
1424	caf58ced	Dmitriy K.	<tr id="chkboxNoTunIPv6">
1425	b9e9903d	Dmitriy K.	<td width="22%" valign="top" class="vncell"><?=gettext("Disable IPv6"); ?></td>
1426			<td width="78%" class="vtable">
1427			<table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6-srv">
1428			<tr>
1429			<td>
1430			<?php set_checked($pconfig['no_tun_ipv6'],$chk); ?>
1431			<input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> />
1432			</td>
1433			<td>
1434			<span class="vexpl">
1435	b176474b	Dmitriy K.	<?=gettext("Don't forward IPv6 traffic"); ?>.
1436	b9e9903d	Dmitriy K.	</span>
1437			</td>
1438			</tr>
1439			</table>
1440			</td>
1441			</tr>
1442
1443	3c11bd3c	Matthew Grooms	</table>
1444
1445	2b5c9e58	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="client settings">
1446	d799787e	Matthew Grooms	<tr>
1447			<td colspan="2" class="list" height="12"></td>
1448			</tr>
1449			<tr>
1450	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Client Settings"); ?></td>
1451	d799787e	Matthew Grooms	</tr>
1452	65ff8497	jim-p	<tr>
1453	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dynamic IP"); ?></td>
1454	65ff8497	jim-p	<td width="78%" class="vtable">
1455	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="dynamic ip">
1456	65ff8497	jim-p	<tr>
1457			<td>
1458			<?php set_checked($pconfig['dynamic_ip'],$chk); ?>
1459	2b5c9e58	Colin Fleming	<input name="dynamic_ip" type="checkbox" id="dynamic_ip" value="yes" <?=$chk;?> />
1460	65ff8497	jim-p	</td>
1461			<td>
1462			<span class="vexpl">
1463	8cd558b6	ayvis	<?=gettext("Allow connected clients to retain their connections if their IP address changes"); ?>.<br />
1464	65ff8497	jim-p	</span>
1465			</td>
1466			</tr>
1467			</table>
1468			</td>
1469			</tr>
1470	d799787e	Matthew Grooms	<tr>
1471	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Address Pool"); ?></td>
1472	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1473	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="address pool">
1474	d799787e	Matthew Grooms	<tr>
1475			<td>
1476			<?php set_checked($pconfig['pool_enable'],$chk); ?>
1477	2b5c9e58	Colin Fleming	<input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?> />
1478	d799787e	Matthew Grooms	</td>
1479			<td>
1480			<span class="vexpl">
1481	8cd558b6	ayvis	<?=gettext("Provide a virtual adapter IP address to clients (see Tunnel Network)"); ?><br />
1482	d799787e	Matthew Grooms	</span>
1483			</td>
1484			</tr>
1485			</table>
1486			</td>
1487			</tr>
1488	ee55ce7d	jim-p	<tr id="topology_subnet_opt">
1489			<td width="22%" valign="top" class="vncell"><?=gettext("Topology"); ?></td>
1490			<td width="78%" class="vtable">
1491	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="topology">
1492	ee55ce7d	jim-p	<tr>
1493			<td>
1494			<?php set_checked($pconfig['topology_subnet'],$chk); ?>
1495	2b5c9e58	Colin Fleming	<input name="topology_subnet" type="checkbox" id="topology_subnet" value="yes" <?=$chk;?> />
1496	ee55ce7d	jim-p	</td>
1497			<td>
1498			<span class="vexpl">
1499	8cd558b6	ayvis	<?=gettext("Allocate only one IP per client (topology subnet), rather than an isolated subnet per client (topology net30)."); ?><br />
1500	ee55ce7d	jim-p	</span>
1501			</td>
1502			</tr>
1503			<tr>
1504			<td> </td>
1505			<td>
1506	8cd558b6	ayvis	<?=gettext("Relevant when supplying a virtual adapter IP address to clients when using tun mode on IPv4."); ?><br />
1507			<?=gettext("Some clients may require this even for IPv6, such as OpenVPN Connect (iOS/Android). Others may break if it is present, such as older versions of OpenVPN or clients such as Yealink phones."); ?><br />
1508	ee55ce7d	jim-p	</td>
1509			</tr>
1510			</table>
1511			</td>
1512			</tr>
1513	d799787e	Matthew Grooms	<tr>
1514	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("DNS Default Domain"); ?></td>
1515	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1516	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="dns default domain">
1517	d799787e	Matthew Grooms	<tr>
1518			<td>
1519			<?php set_checked($pconfig['dns_domain_enable'],$chk); ?>
1520	2b5c9e58	Colin Fleming	<input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onclick="dns_domain_change()" />
1521	d799787e	Matthew Grooms	</td>
1522			<td>
1523			<span class="vexpl">
1524	8cd558b6	ayvis	<?=gettext("Provide a default domain name to clients"); ?><br />
1525	d799787e	Matthew Grooms	</span>
1526			</td>
1527			</tr>
1528			</table>
1529	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="dns_domain_data" summary="dns domain data">
1530	d799787e	Matthew Grooms	<tr>
1531			<td>
1532	2b5c9e58	Colin Fleming	<input name="dns_domain" type="text" class="formfld unknown" id="dns_domain" size="30" value="<?=htmlspecialchars($pconfig['dns_domain']);?>" />
1533	d799787e	Matthew Grooms	</td>
1534			</tr>
1535			</table>
1536			</td>
1537			</tr>
1538			<tr>
1539	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("DNS Servers"); ?></td>
1540	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1541	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="dns servers">
1542	d799787e	Matthew Grooms	<tr>
1543			<td>
1544			<?php set_checked($pconfig['dns_server_enable'],$chk); ?>
1545	2b5c9e58	Colin Fleming	<input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onclick="dns_server_change()" />
1546	d799787e	Matthew Grooms	</td>
1547			<td>
1548			<span class="vexpl">
1549	8cd558b6	ayvis	<?=gettext("Provide a DNS server list to clients"); ?><br />
1550	d799787e	Matthew Grooms	</span>
1551			</td>
1552			</tr>
1553			</table>
1554	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="dns_server_data" summary="dns servers">
1555	d799787e	Matthew Grooms	<tr>
1556			<td>
1557			<span class="vexpl">
1558	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #1:
1559	d799787e	Matthew Grooms	</span>
1560	2b5c9e58	Colin Fleming	<input name="dns_server1" type="text" class="formfld unknown" id="dns_server1" size="20" value="<?=htmlspecialchars($pconfig['dns_server1']);?>" />
1561	d799787e	Matthew Grooms	</td>
1562			</tr>
1563			<tr>
1564			<td>
1565			<span class="vexpl">
1566	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #2:
1567	d799787e	Matthew Grooms	</span>
1568	2b5c9e58	Colin Fleming	<input name="dns_server2" type="text" class="formfld unknown" id="dns_server2" size="20" value="<?=htmlspecialchars($pconfig['dns_server2']);?>" />
1569	d799787e	Matthew Grooms	</td>
1570			</tr>
1571			<tr>
1572			<td>
1573			<span class="vexpl">
1574	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #3:
1575	d799787e	Matthew Grooms	</span>
1576	2b5c9e58	Colin Fleming	<input name="dns_server3" type="text" class="formfld unknown" id="dns_server3" size="20" value="<?=htmlspecialchars($pconfig['dns_server3']);?>" />
1577	d799787e	Matthew Grooms	</td>
1578			</tr>
1579			<tr>
1580			<td>
1581			<span class="vexpl">
1582	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #4:
1583	d799787e	Matthew Grooms	</span>
1584	2b5c9e58	Colin Fleming	<input name="dns_server4" type="text" class="formfld unknown" id="dns_server4" size="20" value="<?=htmlspecialchars($pconfig['dns_server4']);?>" />
1585	d799787e	Matthew Grooms	</td>
1586			</tr>
1587			</table>
1588			</td>
1589			</tr>
1590	c38764dc	Dmitriy K.
1591			<tr id="chkboxPushRegisterDNS">
1592			<td width="22%" valign="top" class="vncell"><?=gettext("Force DNS cache update"); ?></td>
1593			<td width="78%" class="vtable">
1594			<table border="0" cellpadding="2" cellspacing="0" summary="push register dns">
1595			<tr>
1596			<td>
1597			<?php set_checked($pconfig['push_register_dns'],$chk); ?>
1598			<input name="push_register_dns" type="checkbox" value="yes" <?=$chk;?> />
1599			</td>
1600			<td>
1601			<span class="vexpl">
1602			<?=gettext("Run ''net stop dnscache'', ''net start dnscache'', ''ipconfig /flushdns'' and ''ipconfig /registerdns'' on connection initiation. This is known to kick Windows into recognizing pushed DNS servers."); ?><br />
1603			</span>
1604			</td>
1605			</tr>
1606			</table>
1607			</td>
1608			</tr>
1609
1610	d799787e	Matthew Grooms	<tr>
1611	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NTP Servers"); ?></td>
1612	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1613	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="ntp servers">
1614	d799787e	Matthew Grooms	<tr>
1615			<td>
1616			<?php set_checked($pconfig['ntp_server_enable'],$chk); ?>
1617	2b5c9e58	Colin Fleming	<input name="ntp_server_enable" type="checkbox" id="ntp_server_enable" value="yes" <?=$chk;?> onclick="ntp_server_change()" />
1618	d799787e	Matthew Grooms	</td>
1619			<td>
1620			<span class="vexpl">
1621	8cd558b6	ayvis	<?=gettext("Provide a NTP server list to clients"); ?><br />
1622	d799787e	Matthew Grooms	</span>
1623			</td>
1624			</tr>
1625			</table>
1626	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="ntp_server_data" summary="ntp servers">
1627	d799787e	Matthew Grooms	<tr>
1628			<td>
1629			<span class="vexpl">
1630	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #1:
1631	d799787e	Matthew Grooms	</span>
1632	2b5c9e58	Colin Fleming	<input name="ntp_server1" type="text" class="formfld unknown" id="ntp_server1" size="20" value="<?=htmlspecialchars($pconfig['ntp_server1']);?>" />
1633	d799787e	Matthew Grooms	</td>
1634			</tr>
1635			<tr>
1636			<td>
1637			<span class="vexpl">
1638	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #2:
1639	d799787e	Matthew Grooms	</span>
1640	2b5c9e58	Colin Fleming	<input name="ntp_server2" type="text" class="formfld unknown" id="ntp_server2" size="20" value="<?=htmlspecialchars($pconfig['ntp_server2']);?>" />
1641	d799787e	Matthew Grooms	</td>
1642			</tr>
1643			</table>
1644			</td>
1645			</tr>
1646			<tr>
1647	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NetBIOS Options"); ?></td>
1648	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1649	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="netboios options">
1650	d799787e	Matthew Grooms	<tr>
1651			<td>
1652			<?php set_checked($pconfig['netbios_enable'],$chk); ?>
1653	2b5c9e58	Colin Fleming	<input name="netbios_enable" type="checkbox" id="netbios_enable" value="yes" <?=$chk;?> onclick="netbios_change()" />
1654	d799787e	Matthew Grooms	</td>
1655			<td>
1656			<span class="vexpl">
1657	8cd558b6	ayvis	<?=gettext("Enable NetBIOS over TCP/IP"); ?><br />
1658	d799787e	Matthew Grooms	</span>
1659			</td>
1660			</tr>
1661			</table>
1662	4d8b3382	Carlos Eduardo Ramos	<?=gettext("If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled"); ?>.
1663	8cd558b6	ayvis	<br />
1664	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="netbios_data" summary="netboios options">
1665	d799787e	Matthew Grooms	<tr>
1666			<td>
1667	8cd558b6	ayvis	<br />
1668	d799787e	Matthew Grooms	<span class="vexpl">
1669	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Node Type"); ?>:
1670	d799787e	Matthew Grooms	</span>
1671			<select name='netbios_ntype' class="formselect">
1672			<?php
1673			foreach ($netbios_nodetypes as $type => $name):
1674			$selected = "";
1675			if ($pconfig['netbios_ntype'] == $type)
1676	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
1677	d799787e	Matthew Grooms	?>
1678			<option value="<?=$type;?>" <?=$selected;?>><?=$name;?></option>
1679			<?php endforeach; ?>
1680			</select>
1681	8cd558b6	ayvis	<br />
1682	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Possible options: b-node (broadcasts), p-node " .
1683			"(point-to-point name queries to a WINS server), " .
1684			"m-node (broadcast then query name server), and " .
1685			"h-node (query name server, then broadcast)"); ?>.
1686	d799787e	Matthew Grooms	</td>
1687			</tr>
1688			<tr>
1689			<td>
1690	8cd558b6	ayvis	<br />
1691	d799787e	Matthew Grooms	<span class="vexpl">
1692	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Scope ID"); ?>:
1693	d799787e	Matthew Grooms	</span>
1694	2b5c9e58	Colin Fleming	<input name="netbios_scope" type="text" class="formfld unknown" id="netbios_scope" size="30" value="<?=htmlspecialchars($pconfig['netbios_scope']);?>" />
1695	8cd558b6	ayvis	<br />
1696	4d8b3382	Carlos Eduardo Ramos	<?=gettext("A NetBIOS Scope ID provides an extended naming " .
1697	3e41ad59	Phil Davis	"service for NetBIOS over TCP/IP. The NetBIOS " .
1698	4d8b3382	Carlos Eduardo Ramos	"scope ID isolates NetBIOS traffic on a single " .
1699			"network to only those nodes with the same " .
1700			"NetBIOS scope ID"); ?>.
1701	d799787e	Matthew Grooms	</td>
1702			</tr>
1703			</table>
1704			</td>
1705			</tr>
1706			<tr id="wins_opts">
1707	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("WINS Servers"); ?></td>
1708	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1709	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="wins servers">
1710	d799787e	Matthew Grooms	<tr>
1711			<td>
1712			<?php set_checked($pconfig['wins_server_enable'],$chk); ?>
1713	2b5c9e58	Colin Fleming	<input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onclick="wins_server_change()" />
1714	d799787e	Matthew Grooms	</td>
1715			<td>
1716			<span class="vexpl">
1717	8cd558b6	ayvis	<?=gettext("Provide a WINS server list to clients"); ?><br />
1718	d799787e	Matthew Grooms	</span>
1719			</td>
1720			</tr>
1721			</table>
1722	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="wins_server_data" summary="wins servers">
1723	d799787e	Matthew Grooms	<tr>
1724			<td>
1725			<span class="vexpl">
1726	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #1:
1727	d799787e	Matthew Grooms	</span>
1728	2b5c9e58	Colin Fleming	<input name="wins_server1" type="text" class="formfld unknown" id="wins_server1" size="20" value="<?=htmlspecialchars($pconfig['wins_server1']);?>" />
1729	d799787e	Matthew Grooms	</td>
1730			</tr>
1731			<tr>
1732			<td>
1733			<span class="vexpl">
1734	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #2:
1735	d799787e	Matthew Grooms	</span>
1736	2b5c9e58	Colin Fleming	<input name="wins_server2" type="text" class="formfld unknown" id="wins_server2" size="20" value="<?=htmlspecialchars($pconfig['wins_server2']);?>" />
1737	d799787e	Matthew Grooms	</td>
1738			</tr>
1739			</table>
1740			</td>
1741			</tr>
1742	faf61f12	Phil Davis	<tr>
1743			<td width="22%" valign="top" class="vncell"><?=gettext("Client Management Port"); ?></td>
1744			<td width="78%" class="vtable">
1745	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="client management port">
1746	faf61f12	Phil Davis	<tr>
1747			<td>
1748			<?php set_checked($pconfig['client_mgmt_port_enable'],$chk); ?>
1749	2b5c9e58	Colin Fleming	<input name="client_mgmt_port_enable" type="checkbox" id="client_mgmt_port_enable" value="yes" <?=$chk;?> onclick="client_mgmt_port_change()" />
1750	faf61f12	Phil Davis	</td>
1751			<td>
1752			<span class="vexpl">
1753	8cd558b6	ayvis	<?=gettext("Use a different management port on clients. The default port is 166. Specify a different port if the client machines need to select from multiple OpenVPN links."); ?><br />
1754	faf61f12	Phil Davis	</span>
1755			</td>
1756			</tr>
1757			</table>
1758	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="client_mgmt_port_data" summary="client management port">
1759	faf61f12	Phil Davis	<tr>
1760			<td>
1761	2b5c9e58	Colin Fleming	<input name="client_mgmt_port" type="text" class="formfld unknown" id="client_mgmt_port" size="30" value="<?=htmlspecialchars($pconfig['client_mgmt_port']);?>" />
1762	faf61f12	Phil Davis	</td>
1763			</tr>
1764			</table>
1765			</td>
1766			</tr>
1767	3c11bd3c	Matthew Grooms	</table>
1768
1769	2b5c9e58	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="advance configuration">
1770	2f4f30ee	Scott Ullrich	<tr>
1771			<td colspan="2" class="list" height="12"></td>
1772			</tr>
1773			<tr>
1774	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
1775	2f4f30ee	Scott Ullrich	</tr>
1776			<tr>
1777	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
1778	2f4f30ee	Scott Ullrich	<td width="78%" class="vtable">
1779	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="advance configuration">
1780	2f4f30ee	Scott Ullrich	<tr>
1781			<td>
1782	8cd558b6	ayvis	<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br />
1783			<?=gettext("Enter any additional options you would like to add to the OpenVPN server configuration here, separated by a semicolon"); ?><br />
1784	4d8b3382	Carlos Eduardo Ramos	<?=gettext("EXAMPLE: push \"route 10.0.0.0 255.255.255.0\""); ?>;
1785	2f4f30ee	Scott Ullrich	</td>
1786			</tr>
1787			</table>
1788			</td>
1789			</tr>
1790	b9e9903d	Dmitriy K.
1791			<tr id="comboboxVerbosityLevel">
1792	3e41ad59	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td>
1793			<td width="78%" class="vtable">
1794	b9e9903d	Dmitriy K.	<select name="verbosity_level" class="formselect">
1795			<?php
1796			foreach ($openvpn_verbosity_level as $verb_value => $verb_desc):
1797			$selected = "";
1798			if ($pconfig['verbosity_level'] == $verb_value)
1799			$selected = "selected=\"selected\"";
1800			?>
1801			<option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option>
1802			<?php endforeach; ?>
1803			</select>
1804			<br />
1805			<?=gettext("Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output"); ?>.<br /> <br />
1806			<strong>none</strong> -- <?=gettext("No output except fatal errors"); ?>. <br />
1807			<strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br />
1808			<strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br />
1809			<strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>.
1810	3e41ad59	Phil Davis	</td>
1811	b9e9903d	Dmitriy K.	</tr>
1812
1813	2f4f30ee	Scott Ullrich	</table>
1814
1815	8cd558b6	ayvis	<br />
1816	2b5c9e58	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="icons">
1817	d799787e	Matthew Grooms	<tr>
1818			<td width="22%" valign="top"> </td>
1819			<td width="78%">
1820	2b5c9e58	Colin Fleming	<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
1821			<input name="act" type="hidden" value="<?=$act;?>" />
1822	d799787e	Matthew Grooms	<?php if (isset($id) && $a_server[$id]): ?>
1823	2b5c9e58	Colin Fleming	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
1824	d799787e	Matthew Grooms	<?php endif; ?>
1825			</td>
1826			</tr>
1827			</table>
1828			</form>
1829
1830			<?php else: ?>
1831
1832	2b5c9e58	Colin Fleming	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="list">
1833	80fa045a	jim-p	<thead>
1834	d799787e	Matthew Grooms	<tr>
1835	4d8b3382	Carlos Eduardo Ramos	<td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td>
1836			<td width="10%" class="listhdrr"><?=gettext("Protocol / Port"); ?></td>
1837			<td width="30%" class="listhdrr"><?=gettext("Tunnel Network"); ?></td>
1838			<td width="40%" class="listhdrr"><?=gettext("Description"); ?></td>
1839	d799787e	Matthew Grooms	<td width="10%" class="list"></td>
1840			</tr>
1841	80fa045a	jim-p	</thead>
1842	2b5c9e58	Colin Fleming	<tfoot>
1843			<tr>
1844			<td class="list" colspan="4"></td>
1845			<td class="list">
1846			<a href="vpn_openvpn_server.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add server"); ?>" width="17" height="17" border="0" alt="add" />
1847			</a>
1848			</td>
1849			</tr>
1850			</tfoot>
1851	80fa045a	jim-p	<tbody>
1852	d799787e	Matthew Grooms	<?php
1853			$i = 0;
1854			foreach($a_server as $server):
1855			$disabled = "NO";
1856	870318b9	Ermal Lu?i	if (isset($server['disable']))
1857	d799787e	Matthew Grooms	$disabled = "YES";
1858			?>
1859			<tr>
1860	2b5c9e58	Colin Fleming	<td class="listlr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1861	d799787e	Matthew Grooms	<?=$disabled;?>
1862			</td>
1863	2b5c9e58	Colin Fleming	<td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1864	43cea754	Chris Buechler	<?=htmlspecialchars($server['protocol']);?> / <?=htmlspecialchars($server['local_port']);?>
1865	d799787e	Matthew Grooms	</td>
1866	2b5c9e58	Colin Fleming	<td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1867	8cd558b6	ayvis	<?=htmlspecialchars($server['tunnel_network']);?><br />
1868			<?=htmlspecialchars($server['tunnel_networkv6']);?><br />
1869	d799787e	Matthew Grooms	</td>
1870	2b5c9e58	Colin Fleming	<td class="listbg" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1871	d799787e	Matthew Grooms	<?=htmlspecialchars($server['description']);?>
1872			</td>
1873	2b5c9e58	Colin Fleming	<td valign="middle" class="list nowrap">
1874			<a href="vpn_openvpn_server.php?act=edit&id=<?=$i;?>">
1875			<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit server"); ?>" width="17" height="17" border="0" alt="edit" />
1876	d799787e	Matthew Grooms	</a>
1877
1878	2b5c9e58	Colin Fleming	<a href="vpn_openvpn_server.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this server?"); ?>')">
1879			<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete server"); ?>" width="17" height="17" border="0" alt="delete" />
1880	d799787e	Matthew Grooms	</a>
1881			</td>
1882			</tr>
1883			<?php
1884			$i++;
1885			endforeach;
1886			?>
1887	cbd49c77	Phil Davis	<tr style="display:none;"><td></td></tr>
1888	80fa045a	jim-p	</tbody>
1889	d799787e	Matthew Grooms	</table>
1890
1891	7128ed17	Scott Ullrich	<?=gettext("Additional OpenVPN servers can be added here.");?>
1892
1893	ee9933b6	Renato Botelho	<?php endif; ?>
1894	d799787e	Matthew Grooms
1895			</td>
1896			</tr>
1897			</table>
1898	91f026b0	ayvis	<script type="text/javascript">
1899	2b5c9e58	Colin Fleming	//<![CDATA[
1900	3c11bd3c	Matthew Grooms	mode_change();
1901			autokey_change();
1902			tlsauth_change();
1903	d799787e	Matthew Grooms	gwredir_change();
1904			dns_domain_change();
1905			dns_server_change();
1906			wins_server_change();
1907	faf61f12	Phil Davis	client_mgmt_port_change();
1908	d799787e	Matthew Grooms	ntp_server_change();
1909			netbios_change();
1910	1ab6bdb5	jim-p	tuntap_change();
1911	2b5c9e58	Colin Fleming	//]]>
1912	d799787e	Matthew Grooms	</script>
1913			<?php include("fend.inc"); ?>
1914	2b5c9e58	Colin Fleming	</body>
1915			</html>
1916	d799787e	Matthew Grooms	<?php
1917
1918			/* local utility functions */
1919
1920			function set_checked($var,& $chk) {
1921	3e41ad59	Phil Davis	if($var)
1922			$chk = "checked=\"checked\"";
1923			else
1924			$chk = "";
1925	d799787e	Matthew Grooms	}
1926
1927	52971880	Vinicius Coque	?>

Project

General

Profile

pfSense