/usr/local/www/vpn_openvpn_client.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_openvpn_client.php @ 55d6f48b

1	88e545b4	jim-p	<?php
2	d799787e	Matthew Grooms	/*
3			vpn_openvpn_client.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6	88e545b4	jim-p	All rights reserved.
7	d799787e	Matthew Grooms
8			Redistribution and use in source and binary forms, with or without
9			modification, are permitted provided that the following conditions are met:
10	88e545b4	jim-p
11	d799787e	Matthew Grooms	1. Redistributions of source code must retain the above copyright notice,
12			this list of conditions and the following disclaimer.
13	88e545b4	jim-p
14	d799787e	Matthew Grooms	2. Redistributions in binary form must reproduce the above copyright
15			notice, this list of conditions and the following disclaimer in the
16			documentation and/or other materials provided with the distribution.
17	88e545b4	jim-p
18	d799787e	Matthew Grooms	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27			POSSIBILITY OF SUCH DAMAGE.
28			*/
29
30			##\|+PRIV
31			##\|*IDENT=page-openvpn-client
32			##\|*NAME=OpenVPN: Client page
33			##\|*DESCR=Allow access to the 'OpenVPN: Client' page.
34			##\|MATCH=vpn_openvpn_client.php
35			##\|-PRIV
36
37			require("guiconfig.inc");
38	d84bd468	Ermal Lu?i	require_once("openvpn.inc");
39	d799787e	Matthew Grooms
40	2fa7a468	Carlos Eduardo Ramos	$pgtitle = array(gettext("OpenVPN"), gettext("Client"));
41	b32dd0a6	jim-p	$shortcut_section = "openvpn";
42	d799787e	Matthew Grooms
43			if (!is_array($config['openvpn']['openvpn-client']))
44			$config['openvpn']['openvpn-client'] = array();
45
46			$a_client = &$config['openvpn']['openvpn-client'];
47
48	428e66b6	jim-p	if (!is_array($config['ca']))
49			$config['ca'] = array();
50
51			$a_ca =& $config['ca'];
52
53			if (!is_array($config['cert']))
54			$config['cert'] = array();
55
56			$a_cert =& $config['cert'];
57
58			if (!is_array($config['crl']))
59			$config['crl'] = array();
60
61			$a_crl =& $config['crl'];
62
63	e41ec584	Renato Botelho	if (is_numericint($_GET['id']))
64			$id = $_GET['id'];
65			if (isset($_POST['id']) && is_numericint($_POST['id']))
66	d799787e	Matthew Grooms	$id = $_POST['id'];
67
68			$act = $_GET['act'];
69			if (isset($_POST['act']))
70			$act = $_POST['act'];
71
72	6d9b1074	jim-p	if (isset($id) && $a_client[$id])
73			$vpnid = $a_client[$id]['vpnid'];
74			else
75			$vpnid = 0;
76
77	d799787e	Matthew Grooms	if ($_GET['act'] == "del") {
78
79	767cf960	jim-p	if (!isset($a_client[$id])) {
80	d799787e	Matthew Grooms	pfSenseHeader("vpn_openvpn_client.php");
81			exit;
82			}
83	767cf960	jim-p	if (!empty($a_client[$id]))
84			openvpn_delete('client', $a_client[$id]);
85	d799787e	Matthew Grooms	unset($a_client[$id]);
86			write_config();
87	8cd558b6	ayvis	$savemsg = gettext("Client successfully deleted")."<br />";
88	d799787e	Matthew Grooms	}
89
90	f432e364	Matthew Grooms	if($_GET['act']=="new"){
91	3c11bd3c	Matthew Grooms	$pconfig['autokey_enable'] = "yes";
92			$pconfig['tlsauth_enable'] = "yes";
93			$pconfig['autotls_enable'] = "yes";
94	f432e364	Matthew Grooms	$pconfig['interface'] = "wan";
95			$pconfig['server_port'] = 1194;
96	b9e9903d	Dmitriy K.	$pconfig['verbosity_level'] = 1; // Default verbosity is 1
97	97d5b59b	jim-p	// OpenVPN Defaults to SHA1
98			$pconfig['digest'] = "SHA1";
99	f432e364	Matthew Grooms	}
100
101	5f242576	PiBa-NL	global $simplefields;
102			$simplefields = array('auth_user','auth_pass');
103
104	d799787e	Matthew Grooms	if($_GET['act']=="edit"){
105
106			if (isset($id) && $a_client[$id]) {
107	5f242576	PiBa-NL	foreach($simplefields as $stat)
108			$pconfig[$stat] = $a_client[$id][$stat];
109	88e545b4	jim-p
110	8319ee63	jim-p	$pconfig['disable'] = isset($a_client[$id]['disable']);
111	3c11bd3c	Matthew Grooms	$pconfig['mode'] = $a_client[$id]['mode'];
112	d799787e	Matthew Grooms	$pconfig['protocol'] = $a_client[$id]['protocol'];
113			$pconfig['interface'] = $a_client[$id]['interface'];
114	67b0902f	pierrepomes	if (!empty($a_client[$id]['ipaddr'])) {
115			$pconfig['interface'] = $pconfig['interface'] . '\|' . $a_client[$id]['ipaddr'];
116			}
117	d799787e	Matthew Grooms	$pconfig['local_port'] = $a_client[$id]['local_port'];
118			$pconfig['server_addr'] = $a_client[$id]['server_addr'];
119			$pconfig['server_port'] = $a_client[$id]['server_port'];
120			$pconfig['resolve_retry'] = $a_client[$id]['resolve_retry'];
121			$pconfig['proxy_addr'] = $a_client[$id]['proxy_addr'];
122			$pconfig['proxy_port'] = $a_client[$id]['proxy_port'];
123	762a24a3	Ermal Lu?i	$pconfig['proxy_user'] = $a_client[$id]['proxy_user'];
124			$pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd'];
125			$pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype'];
126	d799787e	Matthew Grooms	$pconfig['description'] = $a_client[$id]['description'];
127	c7323d81	sullrich	$pconfig['custom_options'] = $a_client[$id]['custom_options'];
128	691fbf14	Ermal Lu?i	$pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type'];
129	4936ff53	jim-p	$pconfig['dev_mode'] = $a_client[$id]['dev_mode'];
130	88e545b4	jim-p
131	3c11bd3c	Matthew Grooms	if ($pconfig['mode'] != "p2p_shared_key") {
132	d799787e	Matthew Grooms	$pconfig['caref'] = $a_client[$id]['caref'];
133			$pconfig['certref'] = $a_client[$id]['certref'];
134	3c11bd3c	Matthew Grooms	if ($a_client[$id]['tls']) {
135			$pconfig['tlsauth_enable'] = "yes";
136			$pconfig['tls'] = base64_decode($a_client[$id]['tls']);
137			}
138			} else
139			$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
140	d799787e	Matthew Grooms	$pconfig['crypto'] = $a_client[$id]['crypto'];
141	97d5b59b	jim-p	// OpenVPN Defaults to SHA1 if unset
142			$pconfig['digest'] = !empty($a_client[$id]['digest']) ? $a_client[$id]['digest'] : "SHA1";
143	f5c704b6	jim-p	$pconfig['engine'] = $a_client[$id]['engine'];
144	d799787e	Matthew Grooms
145			$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
146	4856df9b	jim-p	$pconfig['tunnel_networkv6'] = $a_client[$id]['tunnel_networkv6'];
147	d799787e	Matthew Grooms	$pconfig['remote_network'] = $a_client[$id]['remote_network'];
148	4856df9b	jim-p	$pconfig['remote_networkv6'] = $a_client[$id]['remote_networkv6'];
149	b422360c	jim-p	$pconfig['use_shaper'] = $a_client[$id]['use_shaper'];
150	d799787e	Matthew Grooms	$pconfig['compression'] = $a_client[$id]['compression'];
151	1cb0b40a	Matthew Grooms	$pconfig['passtos'] = $a_client[$id]['passtos'];
152	3c11bd3c	Matthew Grooms
153			// just in case the modes switch
154			$pconfig['autokey_enable'] = "yes";
155			$pconfig['autotls_enable'] = "yes";
156	b9e9903d	Dmitriy K.
157			$pconfig['no_tun_ipv6'] = $a_client[$id]['no_tun_ipv6'];
158			$pconfig['route_no_pull'] = $a_client[$id]['route_no_pull'];
159			$pconfig['route_no_exec'] = $a_client[$id]['route_no_exec'];
160	c7264382	Dmitriy K.	if (isset($a_client[$id]['verbosity_level']))
161			$pconfig['verbosity_level'] = $a_client[$id]['verbosity_level'];
162			else
163			$pconfig['verbosity_level'] = 1; // Default verbosity is 1
164	d799787e	Matthew Grooms	}
165			}
166
167			if ($_POST) {
168
169			unset($input_errors);
170			$pconfig = $_POST;
171
172	dc408939	Matthew Grooms	if (isset($id) && $a_client[$id])
173			$vpnid = $a_client[$id]['vpnid'];
174	f432e364	Matthew Grooms	else
175			$vpnid = 0;
176
177	198bb449	jim-p	list($iv_iface, $iv_ip) = explode ("\|",$pconfig['interface']);
178			if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) {
179			$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
180			} elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) {
181			$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address.");
182	489f484c	jim-p	} elseif ((stristr($pconfig['protocol'], "6") === false) && !get_interface_ip($iv_iface) && ($pconfig['interface'] != "any")) {
183	198bb449	jim-p	$input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address.");
184	489f484c	jim-p	} elseif ((stristr($pconfig['protocol'], "6") !== false) && !get_interface_ipv6($iv_iface) && ($pconfig['interface'] != "any")) {
185	198bb449	jim-p	$input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
186			}
187
188	98c0c87a	jim-p	if ($pconfig['mode'] != "p2p_shared_key")
189	3c11bd3c	Matthew Grooms	$tls_mode = true;
190			else
191			$tls_mode = false;
192
193	d799787e	Matthew Grooms	/* input validation */
194	f432e364	Matthew Grooms	if ($pconfig['local_port']) {
195
196			if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
197			$input_errors[] = $result;
198
199	49b76122	Renato Botelho	$portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid);
200	5accf130	jim-p	if (($portused != $vpnid) && ($portused != 0))
201	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
202	f432e364	Matthew Grooms	}
203
204	d799787e	Matthew Grooms	if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address'))
205			$input_errors[] = $result;
206
207			if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port'))
208			$input_errors[] = $result;
209
210			if ($pconfig['proxy_addr']) {
211
212			if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address'))
213			$input_errors[] = $result;
214
215			if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port'))
216			$input_errors[] = $result;
217	762a24a3	Ermal Lu?i
218			if ($pconfig['proxy_authtype'] != "none") {
219			if (empty($pconfig['proxy_user']) \|\| empty($pconfig['proxy_passwd']))
220	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("User name and password are required for proxy with authentication.");
221	762a24a3	Ermal Lu?i	}
222	d799787e	Matthew Grooms	}
223
224	c13b87a0	sullrich	if($pconfig['tunnel_network'])
225	a28d40cb	jim-p	if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4"))
226	c13b87a0	sullrich	$input_errors[] = $result;
227	d799787e	Matthew Grooms
228	a28d40cb	jim-p	if($pconfig['tunnel_networkv6'])
229			if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6"))
230			$input_errors[] = $result;
231
232			if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4"))
233			$input_errors[] = $result;
234
235			if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6"))
236	d799787e	Matthew Grooms	$input_errors[] = $result;
237
238	b422360c	jim-p	if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) \|\| ($pconfig['use_shaper'] <= 0)))
239			$input_errors[] = gettext("The bandwidth limit must be a positive numeric value.");
240
241	88e545b4	jim-p	if ($pconfig['autokey_enable'])
242			$pconfig['shared_key'] = openvpn_create_key();
243	89e6e210	jim-p
244	3c11bd3c	Matthew Grooms	if (!$tls_mode && !$pconfig['autokey_enable'])
245	d799787e	Matthew Grooms	if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") \|\|
246			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
247	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
248	3c11bd3c	Matthew Grooms
249			if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
250			if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") \|\|
251			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
252	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
253	d799787e	Matthew Grooms
254	6180c3ae	jim-p	/* If we are not in shared key mode, then we need the CA/Cert. */
255			if ($pconfig['mode'] != "p2p_shared_key") {
256	2da48592	jim-p	$reqdfields = explode(" ", "caref");
257			$reqdfieldsn = array(gettext("Certificate Authority"));
258	6180c3ae	jim-p	} elseif (!$pconfig['autokey_enable']) {
259			/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
260			$reqdfields = array('shared_key');
261	2fa7a468	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext('Shared key'));
262	d799787e	Matthew Grooms	}
263
264	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
265	2da48592	jim-p
266			if (($pconfig['mode'] != "p2p_shared_key") && empty($pconfig['certref']) && empty($pconfig['auth_user']) && empty($pconfig['auth_pass'])) {
267			$input_errors[] = gettext("If no Client Certificate is selected, a username and password must be entered.");
268			}
269
270	d799787e	Matthew Grooms	if (!$input_errors) {
271
272			$client = array();
273	88e545b4	jim-p
274	5f242576	PiBa-NL	foreach($simplefields as $stat)
275			update_if_changed($stat, $client[$stat], $_POST[$stat]);
276	88e545b4	jim-p
277	f432e364	Matthew Grooms	if ($vpnid)
278			$client['vpnid'] = $vpnid;
279	d799787e	Matthew Grooms	else
280			$client['vpnid'] = openvpn_vpnid_next();
281
282	8319ee63	jim-p	if ($_POST['disable'] == "yes")
283	b65f56f6	jim-p	$client['disable'] = true;
284	d799787e	Matthew Grooms	$client['protocol'] = $pconfig['protocol'];
285	4936ff53	jim-p	$client['dev_mode'] = $pconfig['dev_mode'];
286	67b0902f	pierrepomes	list($client['interface'], $client['ipaddr']) = explode ("\|",$pconfig['interface']);
287	d799787e	Matthew Grooms	$client['local_port'] = $pconfig['local_port'];
288			$client['server_addr'] = $pconfig['server_addr'];
289			$client['server_port'] = $pconfig['server_port'];
290			$client['resolve_retry'] = $pconfig['resolve_retry'];
291			$client['proxy_addr'] = $pconfig['proxy_addr'];
292			$client['proxy_port'] = $pconfig['proxy_port'];
293	762a24a3	Ermal Lu?i	$client['proxy_authtype'] = $pconfig['proxy_authtype'];
294			$client['proxy_user'] = $pconfig['proxy_user'];
295			$client['proxy_passwd'] = $pconfig['proxy_passwd'];
296	d799787e	Matthew Grooms	$client['description'] = $pconfig['description'];
297	50a9d5b9	jim-p	$client['mode'] = $pconfig['mode'];
298	e3bbd29a	Ermal	$client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
299	d799787e	Matthew Grooms
300	88e545b4	jim-p	if ($tls_mode) {
301			$client['caref'] = $pconfig['caref'];
302			$client['certref'] = $pconfig['certref'];
303			if ($pconfig['tlsauth_enable']) {
304			if ($pconfig['autotls_enable'])
305			$pconfig['tls'] = openvpn_create_key();
306			$client['tls'] = base64_encode($pconfig['tls']);
307			}
308			} else {
309			$client['shared_key'] = base64_encode($pconfig['shared_key']);
310			}
311	d799787e	Matthew Grooms	$client['crypto'] = $pconfig['crypto'];
312	97d5b59b	jim-p	$client['digest'] = $pconfig['digest'];
313	582c58ae	jim-p	$client['engine'] = $pconfig['engine'];
314	d799787e	Matthew Grooms
315			$client['tunnel_network'] = $pconfig['tunnel_network'];
316	4856df9b	jim-p	$client['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
317	d799787e	Matthew Grooms	$client['remote_network'] = $pconfig['remote_network'];
318	4856df9b	jim-p	$client['remote_networkv6'] = $pconfig['remote_networkv6'];
319	b422360c	jim-p	$client['use_shaper'] = $pconfig['use_shaper'];
320	d799787e	Matthew Grooms	$client['compression'] = $pconfig['compression'];
321	e067306d	pierrepomes	$client['passtos'] = $pconfig['passtos'];
322	d799787e	Matthew Grooms
323	b9e9903d	Dmitriy K.	$client['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
324			$client['route_no_pull'] = $pconfig['route_no_pull'];
325			$client['route_no_exec'] = $pconfig['route_no_exec'];
326			$client['verbosity_level'] = $pconfig['verbosity_level'];
327
328	d799787e	Matthew Grooms	if (isset($id) && $a_client[$id])
329			$a_client[$id] = $client;
330			else
331			$a_client[] = $client;
332
333	dc408939	Matthew Grooms	openvpn_resync('client', $client);
334	d799787e	Matthew Grooms	write_config();
335	88e545b4	jim-p
336	d799787e	Matthew Grooms	header("Location: vpn_openvpn_client.php");
337			exit;
338			}
339			}
340
341			include("head.inc");
342
343			?>
344
345			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
346			<?php include("fbegin.inc"); ?>
347	91f026b0	ayvis	<script type="text/javascript">
348	770f29c4	Colin Fleming	//<![CDATA[
349	d799787e	Matthew Grooms
350	3c11bd3c	Matthew Grooms	function mode_change() {
351			index = document.iform.mode.selectedIndex;
352			value = document.iform.mode.options[index].value;
353	d799787e	Matthew Grooms	switch(value) {
354	3c11bd3c	Matthew Grooms	case "p2p_tls":
355			document.getElementById("tls").style.display="";
356			document.getElementById("tls_ca").style.display="";
357			document.getElementById("tls_cert").style.display="";
358	d799787e	Matthew Grooms	document.getElementById("psk").style.display="none";
359			break;
360	3c11bd3c	Matthew Grooms	case "p2p_shared_key":
361			document.getElementById("tls").style.display="none";
362			document.getElementById("tls_ca").style.display="none";
363			document.getElementById("tls_cert").style.display="none";
364	d799787e	Matthew Grooms	document.getElementById("psk").style.display="";
365			break;
366			}
367			}
368
369	b9e9903d	Dmitriy K.	function dev_mode_change() {
370			index = document.iform.dev_mode.selectedIndex;
371			value = document.iform.dev_mode.options[index].value;
372			switch(value) {
373			case "tun":
374			document.getElementById("chkboxNoTunIPv6").style.display="";
375			break;
376			case "tap":
377			document.getElementById("chkboxNoTunIPv6").style.display="none";
378			break;
379			}
380			}
381
382	3c11bd3c	Matthew Grooms	function autokey_change() {
383			if (document.iform.autokey_enable.checked)
384			document.getElementById("autokey_opts").style.display="none";
385			else
386			document.getElementById("autokey_opts").style.display="";
387			}
388
389	762a24a3	Ermal Lu?i	function useproxy_changed() {
390
391	ea1cea05	Vinicius Coque	if (jQuery('#proxy_authtype').val() != 'none') {
392	88e545b4	jim-p	jQuery('#proxy_authtype_opts').show();
393			} else {
394			jQuery('#proxy_authtype_opts').hide();
395			}
396	762a24a3	Ermal Lu?i	}
397
398	3c11bd3c	Matthew Grooms	function tlsauth_change() {
399
400			<?php if (!$pconfig['tls']): ?>
401			if (document.iform.tlsauth_enable.checked)
402			document.getElementById("tlsauth_opts").style.display="";
403			else
404			document.getElementById("tlsauth_opts").style.display="none";
405			<?php endif; ?>
406
407			autotls_change();
408			}
409
410			function autotls_change() {
411
412			<?php if (!$pconfig['tls']): ?>
413			autocheck = document.iform.autotls_enable.checked;
414			<?php else: ?>
415			autocheck = false;
416			<?php endif; ?>
417
418			if (document.iform.tlsauth_enable.checked && !autocheck)
419			document.getElementById("autotls_opts").style.display="";
420			else
421			document.getElementById("autotls_opts").style.display="none";
422			}
423
424	770f29c4	Colin Fleming	//]]>
425	d799787e	Matthew Grooms	</script>
426			<?php
427	428e66b6	jim-p	if (!$savemsg)
428			$savemsg = "";
429
430			if ($input_errors)
431			print_input_errors($input_errors);
432			if ($savemsg)
433			print_info_box($savemsg);
434	d799787e	Matthew Grooms	?>
435	770f29c4	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn client">
436	88e545b4	jim-p	<tr>
437	d799787e	Matthew Grooms	<td class="tabnavtbl">
438	88e545b4	jim-p	<?php
439	d799787e	Matthew Grooms	$tab_array = array();
440			$tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php");
441			$tab_array[] = array(gettext("Client"), true, "vpn_openvpn_client.php");
442			$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
443	5540aee6	Ermal Lu?i	$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
444	b63f2e8b	Matthew Grooms	add_package_tabs("OpenVPN", $tab_array);
445	d799787e	Matthew Grooms	display_top_tabs($tab_array);
446			?>
447			</td>
448	88e545b4	jim-p	</tr>
449	d799787e	Matthew Grooms	<tr>
450			<td class="tabcont">
451
452			<?php if($act=="new" \|\| $act=="edit"): ?>
453
454			<form action="vpn_openvpn_client.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
455	770f29c4	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="general information">
456	47c00c09	Scott Ullrich	<tr>
457	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
458	47c00c09	Scott Ullrich	</tr>
459	d799787e	Matthew Grooms	<tr>
460	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
461	d799787e	Matthew Grooms	<td width="78%" class="vtable">
462	770f29c4	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="enable disable client">
463	d799787e	Matthew Grooms	<tr>
464			<td>
465			<?php set_checked($pconfig['disable'],$chk); ?>
466	770f29c4	Colin Fleming	<input name="disable" type="checkbox" value="yes" <?=$chk;?> />
467	d799787e	Matthew Grooms	</td>
468			<td>
469
470			<span class="vexpl">
471	8cd558b6	ayvis	<strong><?=gettext("Disable this client"); ?></strong><br />
472	d799787e	Matthew Grooms	</span>
473			</td>
474			</tr>
475			</table>
476	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this client without removing it from the list"); ?>.
477	d799787e	Matthew Grooms	</td>
478			</tr>
479	3c11bd3c	Matthew Grooms	<tr>
480			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
481			<td width="78%" class="vtable">
482	770f29c4	Colin Fleming	<select name="mode" id="mode" class="formselect" onchange="mode_change()">
483	3c11bd3c	Matthew Grooms	<?php
484			foreach ($openvpn_client_modes as $name => $desc):
485			$selected = "";
486			if ($pconfig['mode'] == $name)
487	770f29c4	Colin Fleming	$selected = "selected=\"selected\"";
488	3c11bd3c	Matthew Grooms	?>
489			<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
490			<?php endforeach; ?>
491			</select>
492			</td>
493			</tr>
494	d799787e	Matthew Grooms	<tr>
495			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
496			<td width="78%" class="vtable">
497			<select name='protocol' class="formselect">
498			<?php
499			foreach ($openvpn_prots as $prot):
500			$selected = "";
501			if ($pconfig['protocol'] == $prot)
502	770f29c4	Colin Fleming	$selected = "selected=\"selected\"";
503	d799787e	Matthew Grooms	?>
504			<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
505			<?php endforeach; ?>
506			</select>
507			</td>
508			</tr>
509	88e545b4	jim-p	<tr>
510			<td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td>
511			<td width="78%" class="vtable">
512	b9e9903d	Dmitriy K.	<select name='dev_mode' class="formselect" onchange="dev_mode_change()">
513	88e545b4	jim-p	<?php
514			foreach ($openvpn_dev_mode as $mode):
515			$selected = "";
516			if ($pconfig['dev_mode'] == $mode)
517			$selected = "selected=\"selected\"";
518			?>
519			<option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option>
520			<?php endforeach; ?>
521			</select>
522			</td>
523			</tr>
524	d799787e	Matthew Grooms	<tr>
525	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
526	d799787e	Matthew Grooms	<td width="78%" class="vtable">
527			<select name="interface" class="formselect">
528			<?php
529			$interfaces = get_configured_interface_with_descr();
530	3d06e8f0	pierrepomes	$carplist = get_configured_carp_interface_list();
531			foreach ($carplist as $cif => $carpip)
532	dd62256f	Pierre POMES	$interfaces[$cif.'\|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
533	67b0902f	pierrepomes	$aliaslist = get_configured_ip_aliases_list();
534			foreach ($aliaslist as $aliasip => $aliasif)
535	dd62256f	Pierre POMES	$interfaces[$aliasif.'\|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
536	174ba22b	smos	$grouplist = return_gateway_groups_array();
537			foreach ($grouplist as $name => $group) {
538			if($group['ipprotocol'] != inet)
539			continue;
540			if($group[0]['vip'] <> "")
541			$vipif = $group[0]['vip'];
542			else
543			$vipif = $group[0]['int'];
544			$interfaces[$name] = "GW Group {$name}";
545			}
546	5c94aa12	jim-p	$interfaces['lo0'] = "Localhost";
547	67b0902f	pierrepomes	$interfaces['any'] = "any";
548	3d06e8f0	pierrepomes	foreach ($interfaces as $iface => $ifacename):
549	1d3bcd2a	Matthew Grooms	$selected = "";
550			if ($iface == $pconfig['interface'])
551	770f29c4	Colin Fleming	$selected = "selected=\"selected\"";
552	d799787e	Matthew Grooms	?>
553	1d3bcd2a	Matthew Grooms	<option value="<?=$iface;?>" <?=$selected;?>>
554			<?=htmlspecialchars($ifacename);?>
555			</option>
556	d799787e	Matthew Grooms	<?php endforeach; ?>
557	8cd558b6	ayvis	</select> <br />
558	d799787e	Matthew Grooms	</td>
559			</tr>
560	1d3bcd2a	Matthew Grooms	<tr>
561			<td width="22%" valign="top" class="vncell"><?=gettext("Local port");?></td>
562			<td width="78%" class="vtable">
563	770f29c4	Colin Fleming	<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>" />
564	8cd558b6	ayvis	<br />
565	5708241f	jim-p	<?=gettext("Set this option if you would like to bind to a specific port. Leave this blank or enter 0 for a random dynamic port."); ?>
566	1d3bcd2a	Matthew Grooms	</td>
567			</tr>
568	d799787e	Matthew Grooms	<tr>
569			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server host or address");?></td>
570			<td width="78%" class="vtable">
571	770f29c4	Colin Fleming	<input name="server_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['server_addr']);?>" />
572	d799787e	Matthew Grooms	</td>
573			</tr>
574			<tr>
575			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server port");?></td>
576			<td width="78%" class="vtable">
577	770f29c4	Colin Fleming	<input name="server_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['server_port']);?>" />
578	d799787e	Matthew Grooms	</td>
579			</tr>
580			<tr>
581			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy host or address");?></td>
582			<td width="78%" class="vtable">
583	770f29c4	Colin Fleming	<input name="proxy_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['proxy_addr']);?>" />
584	d799787e	Matthew Grooms	</td>
585			</tr>
586			<tr>
587			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy port");?></td>
588			<td width="78%" class="vtable">
589	770f29c4	Colin Fleming	<input name="proxy_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['proxy_port']);?>" />
590	d799787e	Matthew Grooms	</td>
591			</tr>
592	762a24a3	Ermal Lu?i	<tr>
593			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy authentication extra options");?></td>
594			<td width="78%" class="vtable">
595	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="proxy authentication">
596	762a24a3	Ermal Lu?i	<tr>
597	88e545b4	jim-p	<td align="right" width="25%">
598			<span class="vexpl">
599			<?=gettext("Authentication method"); ?> :
600			</span>
601			</td>
602			<td>
603	770f29c4	Colin Fleming	<select name="proxy_authtype" id="proxy_authtype" class="formfld select" onchange="useproxy_changed()">
604			<option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected=\"selected\""; ?>><?=gettext("none"); ?></option>
605			<option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected=\"selected\""; ?>><?=gettext("basic"); ?></option>
606			<option value="ntlm" <?php if ($pconfig['proxy_authtype'] == "ntlm") echo "selected=\"selected\""; ?>><?=gettext("ntlm"); ?></option>
607	762a24a3	Ermal Lu?i	</select>
608			</td>
609			</tr>
610			</table>
611			<br />
612	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none" summary="proxy authentication options">
613	88e545b4	jim-p	<tr>
614			<td align="right" width="25%">
615			<span class="vexpl">
616			<?=gettext("Username"); ?> :
617			</span>
618			</td>
619			<td>
620			<input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" />
621			</td>
622			</tr>
623			<tr>
624			<td align="right" width="25%">
625			<span class="vexpl">
626			<?=gettext("Password"); ?> :
627			</span>
628			</td>
629			<td>
630			<input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" />
631			</td>
632			</tr>
633			</table>
634	762a24a3	Ermal Lu?i	</td>
635			</tr>
636	d799787e	Matthew Grooms	<tr>
637	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Server host name resolution"); ?></td>
638	d799787e	Matthew Grooms	<td width="78%" class="vtable">
639	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="server host name resolution">
640	d799787e	Matthew Grooms	<tr>
641			<td>
642			<?php set_checked($pconfig['resolve_retry'],$chk); ?>
643	770f29c4	Colin Fleming	<input name="resolve_retry" type="checkbox" value="yes" <?=$chk;?> />
644	d799787e	Matthew Grooms	</td>
645			<td>
646			<span class="vexpl">
647	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Infinitely resolve server"); ?>
648	d799787e	Matthew Grooms	</span>
649			</td>
650			</tr>
651			</table>
652	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Continuously attempt to resolve the server host " .
653			"name. Useful when communicating with a server " .
654			"that is not permanently connected to the Internet"); ?>.
655	d799787e	Matthew Grooms	</td>
656			</tr>
657	88e545b4	jim-p	<tr>
658	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
659	88e545b4	jim-p	<td width="78%" class="vtable">
660	770f29c4	Colin Fleming	<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>" />
661	8cd558b6	ayvis	<br />
662	2fa7a468	Carlos Eduardo Ramos	<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
663	d799787e	Matthew Grooms	</td>
664			</tr>
665			<tr>
666			<td colspan="2" class="list" height="12"></td>
667			</tr>
668	5f242576	PiBa-NL	<tr>
669			<td colspan="2" valign="top" class="listtopic"><?=gettext("User Authentication Settings"); ?></td>
670			</tr>
671			<tr>
672			<td width="22%" valign="top" class="vncell"><?=gettext("User name/pass"); ?></td>
673			<td width="78%" class="vtable">
674			<?=gettext("Leave empty when no user name and password are needed."); ?>
675	770f29c4	Colin Fleming	<br/>
676			<table border="0" cellpadding="2" cellspacing="0" summary="user name password">
677	5f242576	PiBa-NL	<tr>
678			<td align="right" width="25%">
679			<span class="vexpl">
680			<?=gettext("Username"); ?> :
681			</span>
682			</td>
683			<td>
684			<input name="auth_user" id="auth_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['auth_user']);?>" />
685			</td>
686			</tr>
687			<tr>
688			<td align="right" width="25%">
689			<span class="vexpl">
690			<?=gettext("Password"); ?> :
691			</span>
692			</td>
693			<td>
694			<input name="auth_pass" id="auth_pass" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['auth_pass']);?>" />
695			</td>
696			</tr>
697			</table>
698			</td>
699			</tr>
700	d799787e	Matthew Grooms	<tr>
701	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
702	d799787e	Matthew Grooms	</tr>
703	3c11bd3c	Matthew Grooms	<tr id="tls">
704	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
705	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
706	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="tls authentication">
707	3c11bd3c	Matthew Grooms	<tr>
708			<td>
709			<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
710	770f29c4	Colin Fleming	<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onclick="tlsauth_change()" />
711	3c11bd3c	Matthew Grooms	</td>
712			<td>
713			<span class="vexpl">
714	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Enable authentication of TLS packets"); ?>.
715	3c11bd3c	Matthew Grooms	</span>
716			</td>
717			</tr>
718			</table>
719			<?php if (!$pconfig['tls']): ?>
720	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="tlsauth_opts" summary="tls authentication options">
721	3c11bd3c	Matthew Grooms	<tr>
722			<td>
723			<?php set_checked($pconfig['autotls_enable'],$chk); ?>
724	770f29c4	Colin Fleming	<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autotls_change()" />
725	3c11bd3c	Matthew Grooms	</td>
726			<td>
727			<span class="vexpl">
728	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
729	3c11bd3c	Matthew Grooms	</span>
730			</td>
731			</tr>
732			</table>
733			<?php endif; ?>
734	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="autotls_opts" summary="tls authentication options">
735	3c11bd3c	Matthew Grooms	<tr>
736			<td>
737			<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
738	8cd558b6	ayvis	<br />
739	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
740	3c11bd3c	Matthew Grooms	</td>
741			</tr>
742			</table>
743			</td>
744	d799787e	Matthew Grooms	</tr>
745	3c11bd3c	Matthew Grooms	<tr id="tls_ca">
746	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
747	d799787e	Matthew Grooms	<td width="78%" class="vtable">
748	19cdeb3e	jim-p	<?php if (count($a_ca)): ?>
749	d799787e	Matthew Grooms	<select name='caref' class="formselect">
750			<?php
751	428e66b6	jim-p	foreach ($a_ca as $ca):
752	d799787e	Matthew Grooms	$selected = "";
753			if ($pconfig['caref'] == $ca['refid'])
754	770f29c4	Colin Fleming	$selected = "selected=\"selected\"";
755	d799787e	Matthew Grooms	?>
756	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
757	d799787e	Matthew Grooms	<?php endforeach; ?>
758			</select>
759	19cdeb3e	jim-p	<?php else: ?>
760	8cd558b6	ayvis	<b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System > Cert Manager</a>.
761	19cdeb3e	jim-p	<?php endif; ?>
762	d799787e	Matthew Grooms	</td>
763			</tr>
764	3c11bd3c	Matthew Grooms	<tr id="tls_cert">
765	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td>
766	d799787e	Matthew Grooms	<td width="78%" class="vtable">
767			<select name='certref' class="formselect">
768			<?php
769	428e66b6	jim-p	foreach ($a_cert as $cert):
770	9e303f2f	jim-p	$selected = "";
771			$caname = "";
772			$inuse = "";
773			$revoked = "";
774			$ca = lookup_ca($cert['caref']);
775			if ($ca)
776			$caname = " (CA: {$ca['descr']})";
777			if ($pconfig['certref'] == $cert['refid'])
778	770f29c4	Colin Fleming	$selected = "selected=\"selected\"";
779	9e303f2f	jim-p	if (cert_in_use($cert['refid']))
780			$inuse = " *In Use";
781			if (is_cert_revoked($cert))
782			$revoked = " *Revoked";
783	d799787e	Matthew Grooms	?>
784	6a0b3ea4	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
785	d799787e	Matthew Grooms	<?php endforeach; ?>
786	2da48592	jim-p	<option value="" <?PHP if (empty($pconfig['certref'])) echo "selected=\"selected\""; ?>>None (Username and Password required)</option>
787	d799787e	Matthew Grooms	</select>
788	2da48592	jim-p	<?php if (!count($a_cert)): ?>
789			<b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a> if one is required for this connection.
790	19cdeb3e	jim-p	<?php endif; ?>
791	d799787e	Matthew Grooms	</td>
792			</tr>
793			<tr id="psk">
794	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
795	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
796			<?php if (!$pconfig['shared_key']): ?>
797	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="shared key">
798	3c11bd3c	Matthew Grooms	<tr>
799			<td>
800			<?php set_checked($pconfig['autokey_enable'],$chk); ?>
801	770f29c4	Colin Fleming	<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autokey_change()" />
802	3c11bd3c	Matthew Grooms	</td>
803			<td>
804			<span class="vexpl">
805	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared key"); ?>.
806	3c11bd3c	Matthew Grooms	</span>
807			</td>
808			</tr>
809			</table>
810			<?php endif; ?>
811	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="autokey_opts" summary="shared key options">
812	3c11bd3c	Matthew Grooms	<tr>
813			<td>
814			<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
815	8cd558b6	ayvis	<br />
816	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
817	3c11bd3c	Matthew Grooms	</td>
818			</tr>
819			</table>
820	d799787e	Matthew Grooms	</td>
821			</tr>
822			<tr>
823	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
824	d799787e	Matthew Grooms	<td width="78%" class="vtable">
825			<select name="crypto" class="formselect">
826			<?php
827			$cipherlist = openvpn_get_cipherlist();
828			foreach ($cipherlist as $name => $desc):
829	770f29c4	Colin Fleming	$selected = "";
830	d799787e	Matthew Grooms	if ($name == $pconfig['crypto'])
831	770f29c4	Colin Fleming	$selected = " selected=\"selected\"";
832	d799787e	Matthew Grooms	?>
833			<option value="<?=$name;?>"<?=$selected?>>
834			<?=htmlspecialchars($desc);?>
835			</option>
836			<?php endforeach; ?>
837			</select>
838			</td>
839			</tr>
840	97d5b59b	jim-p	<tr>
841			<td width="22%" valign="top" class="vncellreq"><?=gettext("Auth Digest Algorithm"); ?></td>
842			<td width="78%" class="vtable">
843			<select name="digest" class="formselect">
844			<?php
845			$digestlist = openvpn_get_digestlist();
846			foreach ($digestlist as $name => $desc):
847	770f29c4	Colin Fleming	$selected = "";
848	97d5b59b	jim-p	if ($name == $pconfig['digest'])
849	770f29c4	Colin Fleming	$selected = " selected=\"selected\"";
850	97d5b59b	jim-p	?>
851			<option value="<?=$name;?>"<?=$selected?>>
852			<?=htmlspecialchars($desc);?>
853			</option>
854			<?php endforeach; ?>
855			</select>
856			</td>
857			</tr>
858	582c58ae	jim-p	<tr id="engine">
859			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
860			<td width="78%" class="vtable">
861			<select name="engine" class="formselect">
862			<?php
863			$engines = openvpn_get_engines();
864			foreach ($engines as $name => $desc):
865	770f29c4	Colin Fleming	$selected = "";
866	582c58ae	jim-p	if ($name == $pconfig['engine'])
867	770f29c4	Colin Fleming	$selected = " selected=\"selected\"";
868	582c58ae	jim-p	?>
869			<option value="<?=$name;?>"<?=$selected?>>
870			<?=htmlspecialchars($desc);?>
871			</option>
872			<?php endforeach; ?>
873			</select>
874			</td>
875			</tr>
876	d799787e	Matthew Grooms	<tr>
877			<td colspan="2" class="list" height="12"></td>
878			</tr>
879			<tr>
880	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
881	d799787e	Matthew Grooms	</tr>
882			<tr>
883	4856df9b	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Tunnel Network"); ?></td>
884	d799787e	Matthew Grooms	<td width="78%" class="vtable">
885	770f29c4	Colin Fleming	<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>" />
886	8cd558b6	ayvis	<br />
887	2fa7a468	Carlos Eduardo Ramos	<?=gettext("This is the virtual network used for private " .
888			"communications between this client and the " .
889			"server expressed using CIDR (eg. 10.0.8.0/24). " .
890			"The first network address is assumed to be the " .
891			"server address and the second network address " .
892			"will be assigned to the client virtual " .
893			"interface"); ?>.
894	d799787e	Matthew Grooms	</td>
895			</tr>
896			<tr>
897	4856df9b	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Tunnel Network"); ?></td>
898			<td width="78%" class="vtable">
899	770f29c4	Colin Fleming	<input name="tunnel_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_networkv6']);?>" />
900	8cd558b6	ayvis	<br />
901	4856df9b	jim-p	<?=gettext("This is the IPv6 virtual network used for private " .
902			"communications between this client and the " .
903			"server expressed using CIDR (eg. fe80::/64). " .
904			"The first network address is assumed to be the " .
905			"server address and the second network address " .
906			"will be assigned to the client virtual " .
907			"interface"); ?>.
908			</td>
909			</tr>
910			<tr>
911	3835613a	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Remote Network/s"); ?></td>
912	d799787e	Matthew Grooms	<td width="78%" class="vtable">
913	770f29c4	Colin Fleming	<input name="remote_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_network']);?>" />
914	8cd558b6	ayvis	<br />
915	3835613a	Phil Davis	<?=gettext("These are the IPv4 networks that will be routed through " .
916	2fa7a468	Carlos Eduardo Ramos	"the tunnel, so that a site-to-site VPN can be " .
917	3835613a	Phil Davis	"established without manually changing the routing tables. " .
918			"Expressed as a comma-separated list of one or more CIDR ranges. " .
919			"If this is a site-to-site VPN, enter the " .
920			"remote LAN/s here. You may leave this blank to " .
921	2fa7a468	Carlos Eduardo Ramos	"only communicate with other clients"); ?>.
922	d799787e	Matthew Grooms	</td>
923			</tr>
924	4856df9b	jim-p	<tr>
925	3835613a	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Remote Network/s"); ?></td>
926	4856df9b	jim-p	<td width="78%" class="vtable">
927	770f29c4	Colin Fleming	<input name="remote_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_networkv6']);?>" />
928	8cd558b6	ayvis	<br />
929	3835613a	Phil Davis	<?=gettext("These are the IPv6 networks that will be routed through " .
930	4856df9b	jim-p	"the tunnel, so that a site-to-site VPN can be " .
931	3835613a	Phil Davis	"established without manually changing the routing tables. " .
932			"Expressed as a comma-separated list of one or more IP/PREFIX. " .
933			"If this is a site-to-site VPN, enter the " .
934			"remote LAN/s here. You may leave this blank to " .
935	4856df9b	jim-p	"only communicate with other clients"); ?>.
936			</td>
937			</tr>
938	d799787e	Matthew Grooms	<tr>
939			<td width="22%" valign="top" class="vncell"><?=gettext("Limit outgoing bandwidth");?></td>
940			<td width="78%" class="vtable">
941	770f29c4	Colin Fleming	<input name="use_shaper" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['use_shaper']);?>" />
942	8cd558b6	ayvis	<br />
943	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Maximum outgoing bandwidth for this tunnel. " .
944			"Leave empty for no limit. The input value has " .
945			"to be something between 100 bytes/sec and 100 " .
946			"Mbytes/sec (entered as bytes per second)"); ?>.
947	d799787e	Matthew Grooms	</td>
948			</tr>
949			<tr>
950	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
951	d799787e	Matthew Grooms	<td width="78%" class="vtable">
952	edba1982	jim-p	<select name="compression" class="formselect">
953			<?php
954			foreach ($openvpn_compression_modes as $cmode => $cmodedesc):
955	770f29c4	Colin Fleming	$selected = "";
956	edba1982	jim-p	if ($cmode == $pconfig['compression'])
957	770f29c4	Colin Fleming	$selected = " selected=\"selected\"";
958	edba1982	jim-p	?>
959			<option value="<?= $cmode ?>" <?= $selected ?>><?= $cmodedesc ?></option>
960			<?php endforeach; ?>
961			</select>
962	8cd558b6	ayvis	<br />
963	edba1982	jim-p	<?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently."); ?>.
964	d799787e	Matthew Grooms	</td>
965			</tr>
966			<tr>
967	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
968	d799787e	Matthew Grooms	<td width="78%" class="vtable">
969	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="type-of-service">
970	d799787e	Matthew Grooms	<tr>
971			<td>
972	1cb0b40a	Matthew Grooms	<?php set_checked($pconfig['passtos'],$chk); ?>
973	770f29c4	Colin Fleming	<input name="passtos" type="checkbox" value="yes" <?=$chk;?> />
974	d799787e	Matthew Grooms	</td>
975			<td>
976			<span class="vexpl">
977	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
978	d799787e	Matthew Grooms	</span>
979			</td>
980			</tr>
981			</table>
982			</td>
983			</tr>
984	b9e9903d	Dmitriy K.
985			<tr id="chkboxNoTunIPv6">
986			<td width="22%" valign="top" class="vncell"><?=gettext("Disable IPv6"); ?></td>
987			<td width="78%" class="vtable">
988			<table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6">
989			<tr>
990			<td>
991			<?php set_checked($pconfig['no_tun_ipv6'],$chk); ?>
992			<input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> />
993			</td>
994			<td>
995			<span class="vexpl">
996	4be2bfed	Dmitriy K.	<?=gettext("Don't forward IPv6 traffic"); ?>.
997	b9e9903d	Dmitriy K.	</span>
998			</td>
999			</tr>
1000			</table>
1001			</td>
1002			</tr>
1003
1004			<tr id="chkboxRouteNoPull">
1005	4be2bfed	Dmitriy K.	<td width="22%" valign="top" class="vncell"><?=gettext("Don't pull routes"); ?></td>
1006	b9e9903d	Dmitriy K.	<td width="78%" class="vtable">
1007			<table border="0" cellpadding="2" cellspacing="0" summary="dont-pull-routes">
1008			<tr>
1009			<td>
1010			<?php set_checked($pconfig['route_no_pull'],$chk); ?>
1011			<input name="route_no_pull" type="checkbox" value="yes" <?=$chk;?> />
1012			</td>
1013			<td>
1014			<span class="vexpl">
1015			<?=gettext("Don't add or remove routes automatically. Instead pass routes to "); ?> <strong>--route-up</strong> <?=gettext("script using environmental variables"); ?>.
1016			</span>
1017			</td>
1018			</tr>
1019			</table>
1020			</td>
1021			</tr>
1022
1023			<tr id="chkboxRouteNoExec">
1024	4be2bfed	Dmitriy K.	<td width="22%" valign="top" class="vncell"><?=gettext("Don't add/remove routes"); ?></td>
1025	b9e9903d	Dmitriy K.	<td width="78%" class="vtable">
1026			<table border="0" cellpadding="2" cellspacing="0" summary="dont-exec-routes">
1027			<tr>
1028			<td>
1029			<?php set_checked($pconfig['route_no_exec'],$chk); ?>
1030			<input name="route_no_exec" type="checkbox" value="yes" <?=$chk;?> />
1031			</td>
1032			<td>
1033			<span class="vexpl">
1034			<?=gettext("This option effectively bars the server from adding routes to the client's routing table, however note that this option still allows the server to set the TCP/IP properties of the client's TUN/TAP interface"); ?>.
1035			</span>
1036			</td>
1037			</tr>
1038			</table>
1039			</td>
1040			</tr>
1041	4856df9b	jim-p	</table>
1042
1043	770f29c4	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="advance configuration">
1044	c7323d81	sullrich	<tr>
1045			<td colspan="2" class="list" height="12"></td>
1046			</tr>
1047			<tr>
1048	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
1049	c7323d81	sullrich	</tr>
1050			<tr>
1051	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
1052	c7323d81	sullrich	<td width="78%" class="vtable">
1053	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="advance configuration">
1054	c7323d81	sullrich	<tr>
1055			<td>
1056	8cd558b6	ayvis	<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br />
1057			<?=gettext("Enter any additional options you would like to add to the OpenVPN client configuration here, separated by a semicolon"); ?><br />
1058	3835613a	Phil Davis	<?=gettext("EXAMPLE:"); ?> <strong>remote server.mysite.com 1194;</strong> or <strong>remote 1.2.3.4 1194;</strong>
1059	c7323d81	sullrich	</td>
1060			</tr>
1061			</table>
1062			</td>
1063	4856df9b	jim-p	</tr>
1064	b9e9903d	Dmitriy K.
1065			<tr id="comboboxVerbosityLevel">
1066			<td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td>
1067			<td width="78%" class="vtable">
1068			<select name="verbosity_level" class="formselect">
1069			<?php
1070			foreach ($openvpn_verbosity_level as $verb_value => $verb_desc):
1071			$selected = "";
1072			if ($pconfig['verbosity_level'] == $verb_value)
1073			$selected = "selected=\"selected\"";
1074			?>
1075			<option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option>
1076			<?php endforeach; ?>
1077			</select>
1078			<br />
1079			<?=gettext("Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output"); ?>.<br /> <br />
1080			<strong>none</strong> -- <?=gettext("No output except fatal errors"); ?>. <br />
1081			<strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br />
1082			<strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br />
1083			<strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>.
1084			</td>
1085			</tr>
1086
1087	4856df9b	jim-p	</table>
1088
1089	8cd558b6	ayvis	<br />
1090	770f29c4	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="icons">
1091	d799787e	Matthew Grooms	<tr>
1092			<td width="22%" valign="top"> </td>
1093	88e545b4	jim-p	<td width="78%">
1094			<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
1095	770f29c4	Colin Fleming	<input name="act" type="hidden" value="<?=$act;?>" />
1096	d799787e	Matthew Grooms	<?php if (isset($id) && $a_client[$id]): ?>
1097	770f29c4	Colin Fleming	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
1098	d799787e	Matthew Grooms	<?php endif; ?>
1099			</td>
1100			</tr>
1101			</table>
1102			</form>
1103
1104			<?php else: ?>
1105
1106	770f29c4	Colin Fleming	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="list of openvpn clients">
1107	7773b868	jim-p	<thead>
1108	d799787e	Matthew Grooms	<tr>
1109	2fa7a468	Carlos Eduardo Ramos	<td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td>
1110			<td width="10%" class="listhdrr"><?=gettext("Protocol"); ?></td>
1111			<td width="30%" class="listhdrr"><?=gettext("Server"); ?></td>
1112			<td width="40%" class="listhdrr"><?=gettext("Description"); ?></td>
1113	d799787e	Matthew Grooms	<td width="10%" class="list"></td>
1114			</tr>
1115	7773b868	jim-p	</thead>
1116	770f29c4	Colin Fleming	<tfoot>
1117			<tr>
1118			<td class="list" colspan="4"></td>
1119			<td class="list">
1120			<a href="vpn_openvpn_client.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add client"); ?>" width="17" height="17" border="0" alt="add" />
1121			</a>
1122			</td>
1123			</tr>
1124			<tr>
1125			<td colspan="4">
1126			<p>
1127			<?=gettext("Additional OpenVPN clients can be added here.");?>
1128			</p>
1129			</td>
1130			</tr>
1131			</tfoot>
1132	7773b868	jim-p	<tbody>
1133	d799787e	Matthew Grooms	<?php
1134			$i = 0;
1135			foreach($a_client as $client):
1136			$disabled = "NO";
1137	8319ee63	jim-p	if (isset($client['disable']))
1138	d799787e	Matthew Grooms	$disabled = "YES";
1139			$server = "{$client['server_addr']}:{$client['server_port']}";
1140			?>
1141	770f29c4	Colin Fleming	<tr ondblclick="document.location='vpn_openvpn_client.php?act=edit&id=<?=$i;?>'">
1142	d799787e	Matthew Grooms	<td class="listlr">
1143			<?=$disabled;?>
1144			</td>
1145			<td class="listr">
1146			<?=htmlspecialchars($client['protocol']);?>
1147			</td>
1148			<td class="listr">
1149			<?=htmlspecialchars($server);?>
1150			</td>
1151	296a3cb6	Scott Ullrich	<td class="listbg">
1152	d799787e	Matthew Grooms	<?=htmlspecialchars($client['description']);?>
1153			</td>
1154	770f29c4	Colin Fleming	<td valign="middle" class="list nowrap">
1155			<a href="vpn_openvpn_client.php?act=edit&id=<?=$i;?>">
1156			<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit client"); ?>" width="17" height="17" border="0" alt="edit" />
1157	d799787e	Matthew Grooms	</a>
1158
1159	770f29c4	Colin Fleming	<a href="vpn_openvpn_client.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this client?"); ?>')">
1160			<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete client"); ?>" width="17" height="17" border="0" alt="delete" />
1161	d799787e	Matthew Grooms	</a>
1162			</td>
1163			</tr>
1164			<?php
1165			$i++;
1166			endforeach;
1167			?>
1168	770f29c4	Colin Fleming	<tr style="dispaly:none;"><td></td></tr>
1169	7773b868	jim-p	</tbody>
1170	d799787e	Matthew Grooms	</table>
1171
1172	ee9933b6	Renato Botelho	<?php endif; ?>
1173	d799787e	Matthew Grooms
1174			</td>
1175			</tr>
1176			</table>
1177	91f026b0	ayvis	<script type="text/javascript">
1178	770f29c4	Colin Fleming	//<![CDATA[
1179	3c11bd3c	Matthew Grooms	mode_change();
1180			autokey_change();
1181			tlsauth_change();
1182	762a24a3	Ermal Lu?i	useproxy_changed();
1183	770f29c4	Colin Fleming	//]]>
1184	d799787e	Matthew Grooms	</script>
1185			<?php include("fend.inc"); ?>
1186	770f29c4	Colin Fleming	</body>
1187			</html>
1188	d799787e	Matthew Grooms
1189			<?php
1190
1191			/* local utility functions */
1192
1193			function set_checked($var,& $chk) {
1194	88e545b4	jim-p	if($var)
1195			$chk = "checked=\"checked\"";
1196			else
1197			$chk = "";
1198	d799787e	Matthew Grooms	}
1199
1200	174ba22b	smos	?>

Project

General

Profile

pfSense