Revision 5ce63c3e
Added by Jim Pingle over 15 years ago
| usr/local/www/wizards/openvpn_wizard.inc | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
/* |
| 3 |
Copyright (C) 2010 Ermal Lu?i
|
|
| 4 |
All rights reserved.
|
|
| 5 |
|
|
| 6 |
Redistribution and use in source and binary forms, with or without
|
|
| 7 |
modification, are permitted provided that the following conditions are met:
|
|
| 8 |
|
|
| 9 |
1. Redistributions of source code must retain the above copyright notice,
|
|
| 10 |
this list of conditions and the following disclaimer.
|
|
| 11 |
|
|
| 12 |
2. Redistributions in binary form must reproduce the above copyright
|
|
| 13 |
notice, this list of conditions and the following disclaimer in the
|
|
| 14 |
documentation and/or other materials provided with the distribution.
|
|
| 15 |
|
|
| 16 |
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
| 17 |
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
| 18 |
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
| 19 |
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
| 20 |
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
| 21 |
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
| 22 |
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
| 23 |
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
| 24 |
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
| 25 |
POSSIBILITY OF SUCH DAMAGE.
|
|
| 26 |
|
|
| 27 |
pfSense_MODULE: openvpn
|
|
| 3 |
Copyright (C) 2010 Ermal Lu?i
|
|
| 4 |
All rights reserved.
|
|
| 5 |
|
|
| 6 |
Redistribution and use in source and binary forms, with or without
|
|
| 7 |
modification, are permitted provided that the following conditions are met:
|
|
| 8 |
|
|
| 9 |
1. Redistributions of source code must retain the above copyright notice,
|
|
| 10 |
this list of conditions and the following disclaimer.
|
|
| 11 |
|
|
| 12 |
2. Redistributions in binary form must reproduce the above copyright
|
|
| 13 |
notice, this list of conditions and the following disclaimer in the
|
|
| 14 |
documentation and/or other materials provided with the distribution.
|
|
| 15 |
|
|
| 16 |
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
| 17 |
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
| 18 |
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
| 19 |
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
| 20 |
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
| 21 |
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
| 22 |
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
| 23 |
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
| 24 |
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
| 25 |
POSSIBILITY OF SUCH DAMAGE.
|
|
| 26 |
|
|
| 27 |
pfSense_MODULE: openvpn
|
|
| 28 | 28 |
*/ |
| 29 | 29 |
require_once("openvpn.inc");
|
| 30 | 30 |
|
| ... | ... | |
| 46 | 46 |
global $pkg, $stepid; |
| 47 | 47 |
|
| 48 | 48 |
$fields =& $pkg['step'][1]['fields']['field']; |
| 49 |
|
|
| 49 |
|
|
| 50 | 50 |
$found = false; |
| 51 | 51 |
$authlist = auth_get_authserver_list(); |
| 52 | 52 |
$fields[1]['options']['option'] = array(); |
| ... | ... | |
| 54 | 54 |
if ($auth['type'] != "ldap") |
| 55 | 55 |
continue; |
| 56 | 56 |
$found = true; |
| 57 |
$opts = array();
|
|
| 58 |
$opts['name'] = $auth['name'];
|
|
| 59 |
$opts['value'] = $auth['name'];
|
|
| 60 |
$fields[1]['options']['option'][] = $opts;
|
|
| 57 |
$opts = array();
|
|
| 58 |
$opts['name'] = $auth['name'];
|
|
| 59 |
$opts['value'] = $auth['name'];
|
|
| 60 |
$fields[1]['options']['option'][] = $opts;
|
|
| 61 | 61 |
} |
| 62 | 62 |
if ($found == false) {
|
| 63 |
$stepid = 2;
|
|
| 63 |
$stepid = 2;
|
|
| 64 | 64 |
} |
| 65 | 65 |
} |
| 66 | 66 |
|
| ... | ... | |
| 91 | 91 |
} |
| 92 | 92 |
|
| 93 | 93 |
function step4_stepbeforeformdisplay() {
|
| 94 |
global $pkg, $stepid;
|
|
| 94 |
global $pkg, $stepid;
|
|
| 95 | 95 |
|
| 96 |
$fields =& $pkg['step'][3]['fields']['field'];
|
|
| 96 |
$fields =& $pkg['step'][3]['fields']['field'];
|
|
| 97 | 97 |
|
| 98 | 98 |
$found = false; |
| 99 |
$authlist = auth_get_authserver_list();
|
|
| 100 |
$fields[1]['options']['option'] = array();
|
|
| 101 |
foreach ($authlist as $i => $auth) {
|
|
| 102 |
if ($auth['type'] != "radius")
|
|
| 103 |
continue;
|
|
| 99 |
$authlist = auth_get_authserver_list();
|
|
| 100 |
$fields[1]['options']['option'] = array(); |
|
| 101 |
foreach ($authlist as $i => $auth) {
|
|
| 102 |
if ($auth['type'] != "radius")
|
|
| 103 |
continue;
|
|
| 104 | 104 |
$found = true; |
| 105 |
$opts = array();
|
|
| 106 |
$opts['name'] = $auth['name'];
|
|
| 107 |
$opts['value'] = $auth['name'];
|
|
| 108 |
$fields[1]['options']['option'][] = $opts;
|
|
| 109 |
}
|
|
| 105 |
$opts = array();
|
|
| 106 |
$opts['name'] = $auth['name'];
|
|
| 107 |
$opts['value'] = $auth['name'];
|
|
| 108 |
$fields[1]['options']['option'][] = $opts;
|
|
| 109 |
}
|
|
| 110 | 110 |
if ($found == false) |
| 111 |
$stepid = 4;
|
|
| 111 |
$stepid = 4;
|
|
| 112 | 112 |
} |
| 113 | 113 |
|
| 114 | 114 |
function step4_submitphpaction() {
|
| 115 |
global $stepid;
|
|
| 115 |
global $stepid;
|
|
| 116 | 116 |
|
| 117 | 117 |
if (isset($_POST['next'])) {
|
| 118 |
$_POST['uselist'] = "";
|
|
| 119 |
$stepid++;
|
|
| 120 |
}
|
|
| 118 |
$_POST['uselist'] = "";
|
|
| 119 |
$stepid++;
|
|
| 120 |
}
|
|
| 121 | 121 |
} |
| 122 | 122 |
|
| 123 | 123 |
function step5_submitphpaction() {
|
| 124 | 124 |
global $stepid, $savemsg, $config; |
| 125 | 125 |
|
| 126 |
if (empty($_POST['name']) || empty($_POST['ip']) || empty($_POST['port']) ||
|
|
| 127 |
empty($_POST['secret'])) {
|
|
| 126 |
if (empty($_POST['name']) || empty($_POST['ip']) || empty($_POST['port']) ||
|
|
| 127 |
empty($_POST['secret'])) {
|
|
| 128 | 128 |
$stepid--; |
| 129 |
$savemsg = "Please enter all information for authentication server.";
|
|
| 129 |
$savemsg = "Please enter all information for authentication server.";
|
|
| 130 | 130 |
} else if (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
|
| 131 | 131 |
$stepid--; |
| 132 | 132 |
$savemsg = "Please choose a different name because an authentication server with this name already exists."; |
| 133 |
} else {
|
|
| 133 |
} else {
|
|
| 134 | 134 |
$config['ovpnserver']['step2']['uselist'] = "on"; |
| 135 | 135 |
$_POST['uselist'] = "on"; |
| 136 | 136 |
} |
| ... | ... | |
| 148 | 148 |
global $stepid, $config; |
| 149 | 149 |
|
| 150 | 150 |
if (isset($_POST['next'])) {
|
| 151 |
$_POST['uselist'] = "";
|
|
| 152 |
$stepid++;
|
|
| 153 |
} else {
|
|
| 151 |
$_POST['uselist'] = "";
|
|
| 152 |
$stepid++;
|
|
| 153 |
} else {
|
|
| 154 | 154 |
$config['ovpnserver']['step6']['uselist'] = "on"; |
| 155 |
$_POST['uselist'] = "on";
|
|
| 155 |
$_POST['uselist'] = "on";
|
|
| 156 | 156 |
} |
| 157 | 157 |
} |
| 158 | 158 |
|
| ... | ... | |
| 160 | 160 |
global $stepid, $savemsg, $_POST, $config; |
| 161 | 161 |
|
| 162 | 162 |
if (empty($_POST['name']) || empty($_POST['keylength']) || empty($_POST['lifetime']) || |
| 163 |
empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) ||
|
|
| 164 |
empty($_POST['organization']) || empty($_POST['email'])) {
|
|
| 163 |
empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) ||
|
|
| 164 |
empty($_POST['organization']) || empty($_POST['email'])) {
|
|
| 165 | 165 |
$stepid--; |
| 166 |
$savemsg = "Please enter all information for the new Certificate Authority.";
|
|
| 167 |
} else {
|
|
| 166 |
$savemsg = "Please enter all information for the new Certificate Authority.";
|
|
| 167 |
} else {
|
|
| 168 | 168 |
$config['ovpnserver']['step6']['uselist'] = "on"; |
| 169 | 169 |
$_POST['uselist'] = "on"; |
| 170 | 170 |
} |
| 171 | 171 |
} |
| 172 | 172 |
|
| 173 | 173 |
function step8_stepbeforeformdisplay() {
|
| 174 |
global $stepid, $config;
|
|
| 174 |
global $stepid, $config;
|
|
| 175 | 175 |
|
| 176 |
if (count($config['system']['cert']) < 1 ||
|
|
| 176 |
if (count($config['system']['cert']) < 1 ||
|
|
| 177 | 177 |
(count($config['system']['cert']) == 1 && stristr($config['system']['cert'][0]['name'], "webconf"))) {
|
| 178 | 178 |
$stepid++; |
| 179 |
}
|
|
| 179 |
}
|
|
| 180 | 180 |
} |
| 181 | 181 |
|
| 182 | 182 |
function step8_submitphpaction() {
|
| 183 | 183 |
global $stepid, $_POST; |
| 184 | 184 |
|
| 185 | 185 |
if (isset($_POST['next'])) {
|
| 186 |
$_POST['uselist'] = "";
|
|
| 187 |
$stepid++;
|
|
| 188 |
}
|
|
| 186 |
$_POST['uselist'] = "";
|
|
| 187 |
$stepid++;
|
|
| 188 |
}
|
|
| 189 | 189 |
} |
| 190 | 190 |
|
| 191 | 191 |
function step9_stepbeforeformdisplay() {
|
| ... | ... | |
| 194 | 194 |
$pconfig = $config['ovpnserver']; |
| 195 | 195 |
|
| 196 | 196 |
if (isset($pconfig['step6']['uselist'])) {
|
| 197 |
$country = $pconfig['step6']['country'];
|
|
| 198 |
$state = $pconfig['step6']['state'];
|
|
| 199 |
$city = $pconfig['step6']['city'];
|
|
| 200 |
$org = $pconfig['step6']['organization'];
|
|
| 201 |
} else {
|
|
| 197 |
$country = $pconfig['step6']['country'];
|
|
| 198 |
$state = $pconfig['step6']['state'];
|
|
| 199 |
$city = $pconfig['step6']['city'];
|
|
| 200 |
$org = $pconfig['step6']['organization'];
|
|
| 201 |
} else {
|
|
| 202 | 202 |
$ca = lookup_ca($pconfig['step6']['authcertca']); |
| 203 | 203 |
$cavl = cert_get_subject_array($ca['crt']); |
| 204 | 204 |
$country = $cavl[0]['v']; |
| 205 | 205 |
$state = $cavl[1]['v']; |
| 206 | 206 |
$city = $cavl[2]['v']; |
| 207 | 207 |
$org = $cavl[3]['v']; |
| 208 |
}
|
|
| 208 |
}
|
|
| 209 | 209 |
$fields =& $pkg['step'][$stepid]['fields']['field']; |
| 210 | 210 |
|
| 211 | 211 |
foreach ($fields as $idx => $field) {
|
| ... | ... | |
| 229 | 229 |
function step9_submitphpaction() {
|
| 230 | 230 |
global $stepid, $savemsg, $_POST, $config; |
| 231 | 231 |
|
| 232 |
if (empty($_POST['name']) || empty($_POST['keylength']) || empty($_POST['lifetime']) ||
|
|
| 232 |
if (empty($_POST['name']) || empty($_POST['keylength']) || empty($_POST['lifetime']) ||
|
|
| 233 | 233 |
empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) || |
| 234 | 234 |
empty($_POST['organization']) || empty($_POST['email'])) {
|
| 235 | 235 |
$stepid--; |
| 236 |
$savemsg = "Please enter all information for the new certificate.";
|
|
| 237 |
} else {
|
|
| 236 |
$savemsg = "Please enter all information for the new certificate.";
|
|
| 237 |
} else {
|
|
| 238 | 238 |
$config['ovpnserver']['step9']['uselist'] = "on"; |
| 239 | 239 |
$_POST['uselist'] = "on"; |
| 240 | 240 |
} |
| ... | ... | |
| 245 | 245 |
|
| 246 | 246 |
foreach ($pkg['step'][$stepid]['fields']['field'] as $idx => $field) {
|
| 247 | 247 |
if ($field['name'] == "crypto") {
|
| 248 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
|
|
| 248 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
|
|
| 249 | 249 |
$cipherlist = openvpn_get_cipherlist(); |
| 250 | 250 |
foreach ($cipherlist as $name => $desc) {
|
| 251 | 251 |
$opt = array(); |
| 252 |
$opt['name'] = $desc;
|
|
| 253 |
$opt['value'] = $name;
|
|
| 254 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
|
|
| 252 |
$opt['name'] = $desc;
|
|
| 253 |
$opt['value'] = $name;
|
|
| 254 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
|
|
| 255 | 255 |
} |
| 256 | 256 |
} else if ($field['name'] == "nbttype") {
|
| 257 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
|
|
| 257 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
|
|
| 258 | 258 |
foreach ($netbios_nodetypes as $type => $name) {
|
| 259 | 259 |
$opt = array(); |
| 260 | 260 |
$opt['name'] = $name; |
| 261 | 261 |
$opt['value'] = $type; |
| 262 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
|
|
| 262 |
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
|
|
| 263 | 263 |
} |
| 264 | 264 |
} else if ($field['name'] == "localport") {
|
| 265 | 265 |
if (count($config['openvpn']['openvpn-server']) < 1) |
| ... | ... | |
| 271 | 271 |
function step10_submitphpaction() {
|
| 272 | 272 |
global $savemsg, $stepid; |
| 273 | 273 |
|
| 274 |
/* Default OpenVPN port to 1194 if left empty. */ |
|
| 275 |
if (empty($_POST['localport'])) |
|
| 276 |
$_POST['localport'] = 1194; |
|
| 277 |
|
|
| 274 | 278 |
/* input validation */ |
| 275 |
if ($result = openvpn_validate_port($_POST['localport'], 'Local port'))
|
|
| 276 |
$input_errors[] = $result;
|
|
| 279 |
if ($result = openvpn_validate_port($_POST['localport'], 'Local port'))
|
|
| 280 |
$input_errors[] = $result;
|
|
| 277 | 281 |
|
| 278 |
if ($result = openvpn_validate_cidr($_POST['tunnelnet'], 'Tunnel network'))
|
|
| 279 |
$input_errors[] = $result;
|
|
| 282 |
if ($result = openvpn_validate_cidr($_POST['tunnelnet'], 'Tunnel network'))
|
|
| 283 |
$input_errors[] = $result;
|
|
| 280 | 284 |
|
| 281 |
if ($result = openvpn_validate_cidr($_POST['remotenet'], 'Remote network'))
|
|
| 282 |
$input_errors[] = $result;
|
|
| 285 |
if ($result = openvpn_validate_cidr($_POST['remotenet'], 'Remote network'))
|
|
| 286 |
$input_errors[] = $result;
|
|
| 283 | 287 |
|
| 284 |
if ($result = openvpn_validate_cidr($_POST['localnet'], 'Local network'))
|
|
| 285 |
$input_errors[] = $result;
|
|
| 288 |
if ($result = openvpn_validate_cidr($_POST['localnet'], 'Local network'))
|
|
| 289 |
$input_errors[] = $result;
|
|
| 286 | 290 |
|
| 287 | 291 |
$portused = openvpn_port_used($_POST['protocol'], $_POST['localport']); |
| 288 | 292 |
if ($portused != 0) |
| 289 |
$input_errors[] = "The specified 'Local port' is in use. Please select another value";
|
|
| 290 |
|
|
| 293 |
$input_errors[] = "The specified 'Local port' is in use. Please select another value";
|
|
| 294 |
|
|
| 291 | 295 |
if (!isset($_POST['generatetlskey']) && isset($_POST['tlsauthentication'])) |
| 292 | 296 |
if (!strstr($_POST['tlssharedkey'], "-----BEGIN OpenVPN Static key V1-----") || |
| 293 | 297 |
!strstr($_POST['tlssharedkey'], "-----END OpenVPN Static key V1-----")) |
| 294 |
$input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid";
|
|
| 298 |
$input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid";
|
|
| 295 | 299 |
|
| 296 | 300 |
if (!empty($_POST['dnsserver1']) && !is_ipaddr(trim($_POST['dnsserver1']))) |
| 297 | 301 |
$input_errors[] = "The field 'DNS Server #1' must contain a valid IP address"; |
| ... | ... | |
| 313 | 317 |
$input_errors[] = "The field 'WINS Server #2' must contain a valid IP address"; |
| 314 | 318 |
|
| 315 | 319 |
if ($_POST['concurrentcon'] && !is_numeric($_POST['concurrentcon'])) |
| 316 |
$input_errors[] = "The field 'Concurrent connections' must be numeric.";
|
|
| 320 |
$input_errors[] = "The field 'Concurrent connections' must be numeric.";
|
|
| 317 | 321 |
|
| 318 | 322 |
if (empty($_POST['tunnelnet'])) |
| 319 | 323 |
$input_errors[] = "You must specify a 'Tunnel network'."; |
| ... | ... | |
| 331 | 335 |
|
| 332 | 336 |
if (!is_array($config['ovpnserver'])) {
|
| 333 | 337 |
$message = "No configuration found please retry again."; |
| 334 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
|
|
| 335 |
exit;
|
|
| 338 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
|
|
| 339 |
exit;
|
|
| 336 | 340 |
} |
| 337 | 341 |
|
| 338 | 342 |
if ($pconfig['step1']['type'] == "local") {
|
| ... | ... | |
| 344 | 348 |
$auth['type'] = $pconfig['step1']['type']; |
| 345 | 349 |
$auth['refid'] = uniqid(); |
| 346 | 350 |
$auth['name'] = $pconfig['step2']['authtype']; |
| 347 |
|
|
| 351 |
|
|
| 348 | 352 |
if ($auth['type'] == "ldap") {
|
| 349 | 353 |
$auth['host'] = $pconfig['step2']['ip']; |
| 350 | 354 |
$auth['ldap_port'] = $pconfig['step2']['port']; |
| ... | ... | |
| 372 | 376 |
$config['system']['authserver'][] = $auth; |
| 373 | 377 |
} else if (!isset($pconfig['step2']['uselist']) && empty($pconfig['step2']['authserv'])) {
|
| 374 | 378 |
$message = "Please choose an authentication server ."; |
| 375 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
|
|
| 376 |
exit;
|
|
| 379 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
|
|
| 380 |
exit;
|
|
| 377 | 381 |
} else if (!($auth = auth_get_authserver($pconfig['step2']['authserv']))) {
|
| 378 | 382 |
$message = "Not a valid authentication server has been specified."; |
| 379 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
|
|
| 380 |
exit;
|
|
| 383 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=1&message={$message}");
|
|
| 384 |
exit;
|
|
| 381 | 385 |
} |
| 382 | 386 |
|
| 383 | 387 |
if (isset($pconfig['step6']['uselist'])) {
|
| ... | ... | |
| 399 | 403 |
$config['system']['ca'][] = $ca; |
| 400 | 404 |
} else if (!isset($pconfig['step6']['uselist']) && empty($pconfig['step6']['authcertca'])) {
|
| 401 | 405 |
$message = "Please choose a Certificate Authority."; |
| 402 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
|
|
| 403 |
exit;
|
|
| 406 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
|
|
| 407 |
exit;
|
|
| 404 | 408 |
} else if (!($ca = lookup_ca($pconfig['step6']['authcertca']))) {
|
| 405 | 409 |
$message = "Not a valid Certificate Authority specified."; |
| 406 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
|
|
| 407 |
exit;
|
|
| 410 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=5&message={$message}");
|
|
| 411 |
exit;
|
|
| 408 | 412 |
} |
| 409 | 413 |
|
| 410 | 414 |
if (isset($pconfig['step9']['uselist'])) {
|
| 411 |
$cert = array();
|
|
| 412 |
$cert['refid'] = uniqid();
|
|
| 413 |
$cert['name'] = $pconfig['step9']['certname'];
|
|
| 414 |
$dn = array(
|
|
| 415 |
'countryName' => $pconfig['step9']['country'],
|
|
| 416 |
'stateOrProvinceName' => $pconfig['step9']['state'],
|
|
| 417 |
'localityName' => $pconfig['step9']['city'],
|
|
| 418 |
'organizationName' => $pconfig['step9']['organization'],
|
|
| 419 |
'emailAddress' => $pconfig['step9']['email'],
|
|
| 420 |
'commonName' => $pconfig['step9']['certname']);
|
|
| 421 |
|
|
| 422 |
cert_create($cert, $ca['refid'], $pconfig['step9']['keylength'], $pconfig['step9']['lifetime'], $dn);
|
|
| 423 |
if (!is_array($config['system']['cert']))
|
|
| 424 |
$config['system']['cert'] = array();
|
|
| 425 |
|
|
| 426 |
$config['system']['cert'][] = $cert;
|
|
| 415 |
$cert = array();
|
|
| 416 |
$cert['refid'] = uniqid();
|
|
| 417 |
$cert['name'] = $pconfig['step9']['certname'];
|
|
| 418 |
$dn = array(
|
|
| 419 |
'countryName' => $pconfig['step9']['country'],
|
|
| 420 |
'stateOrProvinceName' => $pconfig['step9']['state'],
|
|
| 421 |
'localityName' => $pconfig['step9']['city'],
|
|
| 422 |
'organizationName' => $pconfig['step9']['organization'],
|
|
| 423 |
'emailAddress' => $pconfig['step9']['email'],
|
|
| 424 |
'commonName' => $pconfig['step9']['certname']);
|
|
| 425 |
|
|
| 426 |
cert_create($cert, $ca['refid'], $pconfig['step9']['keylength'], $pconfig['step9']['lifetime'], $dn);
|
|
| 427 |
if (!is_array($config['system']['cert']))
|
|
| 428 |
$config['system']['cert'] = array();
|
|
| 429 |
|
|
| 430 |
$config['system']['cert'][] = $cert;
|
|
| 427 | 431 |
} else if (!isset($pconfig['step6']['uselist']) && empty($pconfig['step9']['authcertname'])) {
|
| 428 | 432 |
$message = "Please choose a Certificate."; |
| 429 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
|
|
| 430 |
exit;
|
|
| 433 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
|
|
| 434 |
exit;
|
|
| 431 | 435 |
} else if (!($cert = lookup_cert($pconfig['step9']['authcertname']))) {
|
| 432 |
$message = "Not a valid Certificate specified.";
|
|
| 433 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
|
|
| 434 |
exit;
|
|
| 435 |
}
|
|
| 436 |
$message = "Not a valid Certificate specified.";
|
|
| 437 |
header("Location:wizard.php?xml=openvpn_wizard.xml&stepid=7&message={$message}");
|
|
| 438 |
exit;
|
|
| 439 |
}
|
|
| 436 | 440 |
$server = array(); |
| 437 | 441 |
$server['vpnid'] = openvpn_vpnid_next(); |
| 438 | 442 |
switch ($auth['type']) {
|
| 439 | 443 |
case "ldap": |
| 440 |
$server['authmode'] = $auth['name'];
|
|
| 441 |
$server['mode'] = "server_user";
|
|
| 442 |
break;
|
|
| 443 |
case "radius":
|
|
| 444 |
$server['authmode'] = $auth['name'];
|
|
| 445 |
$server['mode'] = "server_user";
|
|
| 446 |
break;
|
|
| 447 |
default:
|
|
| 448 |
$server['authmode'] = "Local Database";
|
|
| 449 |
$server['mode'] = "server_tls_user";
|
|
| 450 |
break;
|
|
| 444 |
$server['authmode'] = $auth['name'];
|
|
| 445 |
$server['mode'] = "server_user";
|
|
| 446 |
break;
|
|
| 447 |
case "radius":
|
|
| 448 |
$server['authmode'] = $auth['name'];
|
|
| 449 |
$server['mode'] = "server_user";
|
|
| 450 |
break;
|
|
| 451 |
default:
|
|
| 452 |
$server['authmode'] = "Local Database";
|
|
| 453 |
$server['mode'] = "server_tls_user";
|
|
| 454 |
break;
|
|
| 451 | 455 |
} |
| 452 | 456 |
$server['caref'] = $ca['refid']; |
| 453 | 457 |
$server['certref'] = $cert['refid']; |
| ... | ... | |
| 522 | 526 |
$config['filter']['rule'][] = $rule; |
| 523 | 527 |
} |
| 524 | 528 |
if (isset($pconfig['step11']['ovpnallow'])) {
|
| 525 |
$rule = array();
|
|
| 526 |
$rule['descr'] = gettext("OpenVPN {$server['description']} wizard rules.");
|
|
| 527 |
$rule['source']['any'] = TRUE;
|
|
| 528 |
$rule['destination']['any'] = TRUE;
|
|
| 529 |
$rule['interface'] = "openvpn";
|
|
| 530 |
//$rule['protocol'] = $server['protocol'];
|
|
| 531 |
$rule['type'] = "pass";
|
|
| 532 |
$rule['enabled'] = "on";
|
|
| 533 |
$config['filter']['rule'][] = $rule;
|
|
| 534 |
}
|
|
| 535 |
|
|
| 529 |
$rule = array();
|
|
| 530 |
$rule['descr'] = gettext("OpenVPN {$server['description']} wizard rules.");
|
|
| 531 |
$rule['source']['any'] = TRUE;
|
|
| 532 |
$rule['destination']['any'] = TRUE;
|
|
| 533 |
$rule['interface'] = "openvpn";
|
|
| 534 |
//$rule['protocol'] = $server['protocol'];
|
|
| 535 |
$rule['type'] = "pass";
|
|
| 536 |
$rule['enabled'] = "on";
|
|
| 537 |
$config['filter']['rule'][] = $rule;
|
|
| 538 |
}
|
|
| 539 |
|
|
| 536 | 540 |
if (!is_array($config['openvpn']['openvpn-server'])) |
| 537 | 541 |
$config['openvpn']['openvpn-server'] = array(); |
| 538 | 542 |
|
| usr/local/www/wizards/openvpn_wizard.xml | ||
|---|---|---|
| 3 | 3 |
<copyright> |
| 4 | 4 |
/* $Id$ */ |
| 5 | 5 |
/* |
| 6 |
part of pfSense (http://www.pfsense.org/)
|
|
| 6 |
part of pfSense (http://www.pfsense.org/)
|
|
| 7 | 7 |
|
| 8 | 8 |
Copyright (C) 2010 Ermal Lui |
| 9 |
All rights reserved.
|
|
| 9 |
All rights reserved.
|
|
| 10 | 10 |
|
| 11 |
Redistribution and use in source and binary forms, with or without
|
|
| 12 |
modification, are permitted provided that the following conditions are met:
|
|
| 11 |
Redistribution and use in source and binary forms, with or without
|
|
| 12 |
modification, are permitted provided that the following conditions are met:
|
|
| 13 | 13 |
|
| 14 |
1. Redistributions of source code must retain the above copyright notice,
|
|
| 15 |
this list of conditions and the following disclaimer.
|
|
| 14 |
1. Redistributions of source code must retain the above copyright notice,
|
|
| 15 |
this list of conditions and the following disclaimer.
|
|
| 16 | 16 |
|
| 17 |
2. Redistributions in binary form must reproduce the above copyright
|
|
| 18 |
notice, this list of conditions and the following disclaimer in the
|
|
| 19 |
documentation and/or other materials provided with the distribution.
|
|
| 17 |
2. Redistributions in binary form must reproduce the above copyright
|
|
| 18 |
notice, this list of conditions and the following disclaimer in the
|
|
| 19 |
documentation and/or other materials provided with the distribution.
|
|
| 20 | 20 |
|
| 21 |
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
| 22 |
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
| 23 |
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
| 24 |
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
| 25 |
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
| 26 |
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
| 27 |
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
| 28 |
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
| 29 |
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
| 30 |
POSSIBILITY OF SUCH DAMAGE.
|
|
| 21 |
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
| 22 |
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
| 23 |
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
| 24 |
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
| 25 |
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
| 26 |
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
| 27 |
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
| 28 |
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
| 29 |
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
| 30 |
POSSIBILITY OF SUCH DAMAGE.
|
|
| 31 | 31 |
*/ |
| 32 | 32 |
</copyright> |
| 33 | 33 |
<totalsteps>12</totalsteps> |
| ... | ... | |
| 40 | 40 |
<type>select</type> |
| 41 | 41 |
<displayname>Type of Server</displayname> |
| 42 | 42 |
<name>authtype</name> |
| 43 |
<description>Choose authentication backend type.</description> |
|
| 43 |
<description>Choose authentication backend type. <br/><b>NOTE:</b> If you are unsure, leave this set to "Local User Aceess."</description>
|
|
| 44 | 44 |
<bindstofield>ovpnserver->step1->type</bindstofield> |
| 45 | 45 |
<options> |
| 46 | 46 |
<option> |
| ... | ... | |
| 63 | 63 |
</field> |
| 64 | 64 |
</fields> |
| 65 | 65 |
<stepsubmitphpaction>step1_submitphpaction();</stepsubmitphpaction> |
| 66 |
<includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile>
|
|
| 66 |
<includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile>
|
|
| 67 | 67 |
</step> |
| 68 | 68 |
<step> |
| 69 | 69 |
<id>2</id> |
| ... | ... | |
| 75 | 75 |
<name>Authentication Servers list</name> |
| 76 | 76 |
</field> |
| 77 | 77 |
<field> |
| 78 |
<name>authserv</name>
|
|
| 79 |
<displayname>Authentication servers</displayname>
|
|
| 80 |
<type>select</type>
|
|
| 81 |
<bindstofield>ovpnserver->step2->authserv</bindstofield>
|
|
| 78 |
<name>authserv</name>
|
|
| 79 |
<displayname>Authentication servers</displayname>
|
|
| 80 |
<type>select</type>
|
|
| 81 |
<bindstofield>ovpnserver->step2->authserv</bindstofield>
|
|
| 82 | 82 |
<options> |
| 83 |
<option>
|
|
| 84 |
<name>dummy</name>
|
|
| 85 |
<value>dummy</value>
|
|
| 86 |
</option>
|
|
| 87 |
</options>
|
|
| 88 |
</field>
|
|
| 83 |
<option>
|
|
| 84 |
<name>dummy</name>
|
|
| 85 |
<value>dummy</value>
|
|
| 86 |
</option>
|
|
| 87 |
</options>
|
|
| 88 |
</field>
|
|
| 89 | 89 |
<field> |
| 90 | 90 |
<type>submit</type> |
| 91 | 91 |
<name>Add new LDAP server</name> |
| ... | ... | |
| 96 | 96 |
</field> |
| 97 | 97 |
</fields> |
| 98 | 98 |
<stepbeforeformdisplay>step2_stepbeforeformdisplay();</stepbeforeformdisplay> |
| 99 |
<stepsubmitphpaction>step2_submitphpaction();</stepsubmitphpaction>
|
|
| 100 |
<javascriptafterformdisplay>enablechange();</javascriptafterformdisplay>
|
|
| 101 |
<includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile>
|
|
| 99 |
<stepsubmitphpaction>step2_submitphpaction();</stepsubmitphpaction>
|
|
| 100 |
<javascriptafterformdisplay>enablechange();</javascriptafterformdisplay>
|
|
| 101 |
<includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile>
|
|
| 102 | 102 |
</step> |
| 103 | 103 |
<step> |
| 104 | 104 |
<id>3</id> |
| ... | ... | |
| 180 | 180 |
<bindstofield>ovpnserver->step2->nameattr</bindstofield> |
| 181 | 181 |
</field> |
| 182 | 182 |
<field> |
| 183 |
<name>memberattr</name>
|
|
| 184 |
<displayname>Member naming attribute</displayname>
|
|
| 185 |
<type>input</type>
|
|
| 186 |
<bindstofield>ovpnserver->step2->memberattr</bindstofield>
|
|
| 187 |
</field>
|
|
| 183 |
<name>memberattr</name>
|
|
| 184 |
<displayname>Member naming attribute</displayname>
|
|
| 185 |
<type>input</type>
|
|
| 186 |
<bindstofield>ovpnserver->step2->memberattr</bindstofield>
|
|
| 187 |
</field>
|
|
| 188 | 188 |
<field> |
| 189 |
<name>groupattr</name>
|
|
| 190 |
<displayname>Group naming attribute</displayname>
|
|
| 191 |
<type>input</type>
|
|
| 192 |
<bindstofield>ovpnserver->step2->groupattr</bindstofield>
|
|
| 193 |
</field>
|
|
| 189 |
<name>groupattr</name>
|
|
| 190 |
<displayname>Group naming attribute</displayname>
|
|
| 191 |
<type>input</type>
|
|
| 192 |
<bindstofield>ovpnserver->step2->groupattr</bindstofield>
|
|
| 193 |
</field>
|
|
| 194 | 194 |
<field> |
| 195 | 195 |
<type>submit</type> |
| 196 | 196 |
<name>Add new Server</name> |
| ... | ... | |
| 201 | 201 |
<includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile> |
| 202 | 202 |
</step> |
| 203 | 203 |
<step> |
| 204 |
<id>4</id>
|
|
| 204 |
<id>4</id>
|
|
| 205 | 205 |
<description>OpenVPN Remote Access Server Setup Wizard</description> |
| 206 | 206 |
<disableheader>on</disableheader> |
| 207 |
<fields>
|
|
| 208 |
<field> |
|
| 209 |
<type>listtopic</type>
|
|
| 210 |
<name>Authentication Servers list</name>
|
|
| 211 |
</field>
|
|
| 212 |
<field>
|
|
| 213 |
<name>authserv</name>
|
|
| 214 |
<displayname>Authentication servers</displayname>
|
|
| 215 |
<type>select</type>
|
|
| 216 |
<bindstofield>ovpnserver->step2->authserv</bindstofield>
|
|
| 217 |
<options>
|
|
| 218 |
<option>
|
|
| 219 |
<name>dummy</name>
|
|
| 220 |
<value>dummy</value>
|
|
| 221 |
</option>
|
|
| 222 |
</options>
|
|
| 223 |
</field>
|
|
| 224 |
<field> |
|
| 225 |
<type>submit</type>
|
|
| 226 |
<name>Add new RADIUS server</name>
|
|
| 227 |
</field>
|
|
| 228 |
<field>
|
|
| 229 |
<type>submit</type>
|
|
| 230 |
<name>Next</name>
|
|
| 231 |
</field>
|
|
| 207 |
<fields>
|
|
| 208 |
<field> |
|
| 209 |
<type>listtopic</type>
|
|
| 210 |
<name>Authentication Servers list</name>
|
|
| 211 |
</field>
|
|
| 212 |
<field>
|
|
| 213 |
<name>authserv</name>
|
|
| 214 |
<displayname>Authentication servers</displayname>
|
|
| 215 |
<type>select</type>
|
|
| 216 |
<bindstofield>ovpnserver->step2->authserv</bindstofield>
|
|
| 217 |
<options>
|
|
| 218 |
<option>
|
|
| 219 |
<name>dummy</name>
|
|
| 220 |
<value>dummy</value>
|
|
| 221 |
</option>
|
|
| 222 |
</options>
|
|
| 223 |
</field>
|
|
| 224 |
<field> |
|
| 225 |
<type>submit</type>
|
|
| 226 |
<name>Add new RADIUS server</name>
|
|
| 227 |
</field>
|
|
| 228 |
<field>
|
|
| 229 |
<type>submit</type>
|
|
| 230 |
<name>Next</name>
|
|
| 231 |
</field>
|
|
| 232 | 232 |
</fields> |
| 233 |
<stepbeforeformdisplay>step4_stepbeforeformdisplay();</stepbeforeformdisplay>
|
|
| 234 |
<stepsubmitphpaction>step4_submitphpaction();</stepsubmitphpaction>
|
|
| 235 |
<javascriptafterformdisplay>enablechange();</javascriptafterformdisplay>
|
|
| 236 |
<includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile>
|
|
| 233 |
<stepbeforeformdisplay>step4_stepbeforeformdisplay();</stepbeforeformdisplay>
|
|
| 234 |
<stepsubmitphpaction>step4_submitphpaction();</stepsubmitphpaction>
|
|
| 235 |
<javascriptafterformdisplay>enablechange();</javascriptafterformdisplay>
|
|
| 236 |
<includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile>
|
|
| 237 | 237 |
</step> |
| 238 | 238 |
<step> |
| 239 | 239 |
<id>5</id> |
| 240 | 240 |
<description>OpenVPN Remote Access Server Setup Wizard</description> |
| 241 | 241 |
<disableheader>on</disableheader> |
| 242 | 242 |
<fields> |
| 243 |
<field>
|
|
| 244 |
<type>listtopic</type>
|
|
| 245 |
<name>Add a new authentication server</name>
|
|
| 246 |
</field>
|
|
| 247 |
<field>
|
|
| 248 |
<name>name</name>
|
|
| 249 |
<displayname>Name</displayname>
|
|
| 250 |
<type>input</type>
|
|
| 243 |
<field>
|
|
| 244 |
<type>listtopic</type>
|
|
| 245 |
<name>Add a new authentication server</name>
|
|
| 246 |
</field>
|
|
| 247 |
<field>
|
|
| 248 |
<name>name</name>
|
|
| 249 |
<displayname>Name</displayname>
|
|
| 250 |
<type>input</type>
|
|
| 251 | 251 |
<bindstofield>ovpnserver->step2->authtype</bindstofield> |
| 252 |
</field>
|
|
| 253 |
<field>
|
|
| 254 |
<name>ip</name>
|
|
| 255 |
<displayname>Hostname or IP address</displayname>
|
|
| 256 |
<type>input</type>
|
|
| 252 |
</field>
|
|
| 253 |
<field>
|
|
| 254 |
<name>ip</name>
|
|
| 255 |
<displayname>Hostname or IP address</displayname>
|
|
| 256 |
<type>input</type>
|
|
| 257 | 257 |
<bindstofield>ovpnserver->step2->ip</bindstofield> |
| 258 |
</field>
|
|
| 259 |
<field>
|
|
| 260 |
<name>port</name>
|
|
| 261 |
<displayname>Authentication Port</displayname>
|
|
| 262 |
<type>input</type>
|
|
| 263 |
<size>8</size>
|
|
| 258 |
</field>
|
|
| 259 |
<field>
|
|
| 260 |
<name>port</name>
|
|
| 261 |
<displayname>Authentication Port</displayname>
|
|
| 262 |
<type>input</type>
|
|
| 263 |
<size>8</size>
|
|
| 264 | 264 |
<bindstofield>ovpnserver->step2->port</bindstofield> |
| 265 |
</field>
|
|
| 266 |
<field>
|
|
| 267 |
<name>secret</name>
|
|
| 268 |
<displayname>Shared Secret</displayname>
|
|
| 269 |
<type>password</type>
|
|
| 270 |
<size>20</size>
|
|
| 265 |
</field>
|
|
| 266 |
<field>
|
|
| 267 |
<name>secret</name>
|
|
| 268 |
<displayname>Shared Secret</displayname>
|
|
| 269 |
<type>password</type>
|
|
| 270 |
<size>20</size>
|
|
| 271 | 271 |
<bindstofield>ovpnserver->step2->password</bindstofield> |
| 272 |
</field>
|
|
| 272 |
</field>
|
|
| 273 | 273 |
<field> |
| 274 | 274 |
<name>Add new Server</name> |
| 275 | 275 |
<type>submit</type> |
| ... | ... | |
| 284 | 284 |
<disableheader>on</disableheader> |
| 285 | 285 |
<fields> |
| 286 | 286 |
<field> |
| 287 |
<name>Choose Certificate Authority</name> |
|
| 287 |
<name>Choose Certificate Authority (CA)</name>
|
|
| 288 | 288 |
<type>listtopic</type> |
| 289 | 289 |
</field> |
| 290 | 290 |
<field> |
| ... | ... | |
| 294 | 294 |
<bindstofield>ovpnserver->step6->authcertca</bindstofield> |
| 295 | 295 |
</field> |
| 296 | 296 |
<field> |
| 297 |
<type>submit</type>
|
|
| 298 |
<name>Add new CA</name>
|
|
| 299 |
</field>
|
|
| 297 |
<type>submit</type>
|
|
| 298 |
<name>Add new CA</name>
|
|
| 299 |
</field>
|
|
| 300 | 300 |
<field> |
| 301 | 301 |
<name>Next</name> |
| 302 | 302 |
<type>submit</type> |
| 303 | 303 |
</field> |
| 304 | 304 |
</fields> |
| 305 |
<stepbeforeformdisplay>step6_stepbeforeformdisplay();</stepbeforeformdisplay>
|
|
| 306 |
<stepsubmitphpaction>step6_submitphpaction();</stepsubmitphpaction>
|
|
| 307 |
<includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile>
|
|
| 305 |
<stepbeforeformdisplay>step6_stepbeforeformdisplay();</stepbeforeformdisplay>
|
|
| 306 |
<stepsubmitphpaction>step6_submitphpaction();</stepsubmitphpaction>
|
|
| 307 |
<includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile>
|
|
| 308 | 308 |
</step> |
| 309 | 309 |
<step> |
| 310 | 310 |
<id>7</id> |
| 311 | 311 |
<description>OpenVPN Remote Access Server Setup Wizard</description> |
| 312 | 312 |
<disableheader>on</disableheader> |
| 313 |
<fields>
|
|
| 313 |
<fields>
|
|
| 314 | 314 |
<field> |
| 315 |
<name>Create a new CA certificate</name>
|
|
| 315 |
<name>Create a new Certificate Authority (CA) certificate</name>
|
|
| 316 | 316 |
<type>listtopic</type> |
| 317 | 317 |
</field> |
| 318 | 318 |
<field> |
| 319 | 319 |
<name>name</name> |
| 320 | 320 |
<displayname>Descriptive name</displayname> |
| 321 |
<description>This is the same as common-name for Certificates</description>
|
|
| 321 |
<description>A name for your reference, to identify this certificate. This is the same as common-name field for other Certificates.</description>
|
|
| 322 | 322 |
<type>input</type> |
| 323 | 323 |
<bindstofield>ovpnserver->step6->certca</bindstofield> |
| 324 | 324 |
</field> |
| 325 | 325 |
<field> |
| 326 | 326 |
<name>keylength</name> |
| 327 | 327 |
<displayname>Key length</displayname> |
| 328 |
<description><br/>Size of the key which will be generated. The larger the key, the more security is offers, but larger keys are generally slower to use.</description> |
|
| 328 | 329 |
<type>select</type> |
| 329 | 330 |
<value>2048</value> |
| 330 | 331 |
<bindstofield>ovpnserver->step6->keylength</bindstofield> |
| 331 | 332 |
<options> |
| 332 |
<option>
|
|
| 333 |
<name>512</name>
|
|
| 334 |
<value>512</value>
|
|
| 335 |
</option>
|
|
| 336 |
<option>
|
|
| 337 |
<name>1024</name>
|
|
| 338 |
<value>1024</value>
|
|
| 339 |
</option>
|
|
| 340 |
<option>
|
|
| 341 |
<name>2048</name>
|
|
| 342 |
<value>2048</value>
|
|
| 343 |
</option>
|
|
| 344 |
<option>
|
|
| 345 |
<name>4096</name>
|
|
| 346 |
<value>4096</value>
|
|
| 347 |
</option>
|
|
| 348 |
</options>
|
|
| 333 |
<option>
|
|
| 334 |
<name>512 bit</name>
|
|
| 335 |
<value>512</value>
|
|
| 336 |
</option>
|
|
| 337 |
<option>
|
|
| 338 |
<name>1024 bit</name>
|
|
| 339 |
<value>1024</value>
|
|
| 340 |
</option>
|
|
| 341 |
<option>
|
|
| 342 |
<name>2048 bit</name>
|
|
| 343 |
<value>2048</value>
|
|
| 344 |
</option>
|
|
| 345 |
<option>
|
|
| 346 |
<name>4096 bit</name>
|
|
| 347 |
<value>4096</value>
|
|
| 348 |
</option>
|
|
| 349 |
</options>
|
|
| 349 | 350 |
</field> |
| 350 | 351 |
<field> |
| 351 | 352 |
<name>lifetime</name> |
| ... | ... | |
| 353 | 354 |
<type>input</type> |
| 354 | 355 |
<size>10</size> |
| 355 | 356 |
<value>3650</value> |
| 356 |
<description>Lifetime in days</description> |
|
| 357 |
<description>Lifetime in days. This is commonly set to 3650 (Approximately 10 years.)</description>
|
|
| 357 | 358 |
<bindstofield>ovpnserver->step6->lifetime</bindstofield> |
| 358 | 359 |
</field> |
| 359 | 360 |
<field> |
| 360 | 361 |
<name>country</name> |
| 361 | 362 |
<displayname>Country Code</displayname> |
| 363 |
<description>Two-letter ISO country code (e.g. US, AU, CA) </description> |
|
| 362 | 364 |
<type>input</type> |
| 363 | 365 |
<size>5</size> |
| 364 | 366 |
<bindstofield>ovpnserver->step6->country</bindstofield> |
| ... | ... | |
| 366 | 368 |
<field> |
| 367 | 369 |
<name>state</name> |
| 368 | 370 |
<displayname>State or Province</displayname> |
| 371 |
<description>Full State of Province name, not abbreviated (e.g. Kentucky, Indiana, Ontario).</description> |
|
| 369 | 372 |
<type>input</type> |
| 370 | 373 |
<size>30</size> |
| 371 | 374 |
<bindstofield>ovpnserver->step6->state</bindstofield> |
| ... | ... | |
| 373 | 376 |
<field> |
| 374 | 377 |
<name>city</name> |
| 375 | 378 |
<displayname>City</displayname> |
| 379 |
<description>City or other Locality name (e.g. Louisville, Indianapolis, Toronto).</description> |
|
| 376 | 380 |
<type>input</type> |
| 377 | 381 |
<size>30</size> |
| 378 | 382 |
<bindstofield>ovpnserver->step6->city</bindstofield> |
| ... | ... | |
| 380 | 384 |
<field> |
| 381 | 385 |
<name>organization</name> |
| 382 | 386 |
<displayname>Organization</displayname> |
| 387 |
<description>Organization name, often the Company or Group name.</description> |
|
| 383 | 388 |
<type>input</type> |
| 384 | 389 |
<size>30</size> |
| 385 | 390 |
<bindstofield>ovpnserver->step6->organization</bindstofield> |
| ... | ... | |
| 387 | 392 |
<field> |
| 388 | 393 |
<name>email</name> |
| 389 | 394 |
<displayname>E-mail</displayname> |
| 395 |
<description>E-mail address for the Certificate contact. Often the e-mail of the person generating the certificate (i.e. You.)</description> |
|
| 390 | 396 |
<type>input</type> |
| 391 | 397 |
<size>30</size> |
| 392 | 398 |
<bindstofield>ovpnserver->step6->email</bindstofield> |
| ... | ... | |
| 406 | 412 |
<disableheader>on</disableheader> |
| 407 | 413 |
<fields> |
| 408 | 414 |
<field> |
| 409 |
<name>Choose Certificate</name>
|
|
| 410 |
<type>listtopic</type>
|
|
| 411 |
</field>
|
|
| 415 |
<name>Choose a Server Certificate</name>
|
|
| 416 |
<type>listtopic</type>
|
|
| 417 |
</field>
|
|
| 412 | 418 |
<field> |
| 413 | 419 |
<type>cert_selection</type> |
| 414 | 420 |
<name>certname</name> |
| ... | ... | |
| 416 | 422 |
<bindstofield>ovpnserver->step9->authcertname</bindstofield> |
| 417 | 423 |
</field> |
| 418 | 424 |
<field> |
| 419 |
<type>submit</type>
|
|
| 420 |
<name>Add new Certificate</name>
|
|
| 421 |
</field>
|
|
| 425 |
<type>submit</type>
|
|
| 426 |
<name>Add new Certificate</name>
|
|
| 427 |
</field>
|
|
| 422 | 428 |
<field> |
| 423 | 429 |
<name>Next</name> |
| 424 | 430 |
<type>submit</type> |
| ... | ... | |
| 426 | 432 |
</fields> |
| 427 | 433 |
<stepbeforeformdisplay>step8_stepbeforeformdisplay();</stepbeforeformdisplay> |
| 428 | 434 |
<stepsubmitphpaction>step8_submitphpaction();</stepsubmitphpaction> |
| 429 |
<includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile>
|
|
| 435 |
<includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile>
|
|
| 430 | 436 |
</step> |
| 431 | 437 |
<step> |
| 432 |
<id>9</id>
|
|
| 438 |
<id>9</id>
|
|
| 433 | 439 |
<description>OpenVPN Remote Access Server Setup Wizard</description> |
| 434 | 440 |
<disableheader>on</disableheader> |
| 435 |
<fields>
|
|
| 441 |
<fields>
|
|
| 436 | 442 |
<field> |
| 437 |
<name>Create a new certificate</name> |
|
| 443 |
<name>Create a new server certificate</name>
|
|
| 438 | 444 |
<type>listtopic</type> |
| 439 | 445 |
</field> |
| 440 | 446 |
<field> |
| 441 | 447 |
<name>name</name> |
| 442 | 448 |
<displayname>Descriptive name</displayname> |
| 449 |
<description>A name for your reference, to identify this certificate. This is also known as the certificate's "Common Name."</description> |
|
| 443 | 450 |
<type>input</type> |
| 444 | 451 |
<bindstofield>ovpnserver->step9->certname</bindstofield> |
| 445 | 452 |
</field> |
| 446 | 453 |
<field> |
| 447 | 454 |
<name>keylength</name> |
| 448 | 455 |
<displayname>Key length</displayname> |
| 456 |
<description><br/>Size of the key which will be generated. The larger the key, the more security is offers, but larger keys are generally slower to use.</description> |
|
| 449 | 457 |
<type>select</type> |
| 450 | 458 |
<value>2048</value> |
| 451 | 459 |
<bindstofield>ovpnserver->step9->keylength</bindstofield> |
| 452 | 460 |
<options> |
| 453 |
<option>
|
|
| 454 |
<name>512</name>
|
|
| 455 |
<value>512</value>
|
|
| 456 |
</option>
|
|
| 457 |
<option>
|
|
| 458 |
<name>1024</name>
|
|
| 459 |
<value>1024</value>
|
|
| 460 |
</option>
|
|
| 461 |
<option>
|
|
| 462 |
<name>2048</name>
|
|
| 463 |
<value>2048</value>
|
|
| 464 |
</option>
|
|
| 465 |
<option>
|
|
| 466 |
<name>4096</name>
|
|
| 467 |
<value>4096</value>
|
|
| 468 |
</option>
|
|
| 469 |
</options>
|
|
| 461 |
<option>
|
|
| 462 |
<name>512 bits</name>
|
|
| 463 |
<value>512</value>
|
|
| 464 |
</option>
|
|
| 465 |
<option>
|
|
| 466 |
<name>1024 bits</name>
|
|
| 467 |
<value>1024</value>
|
|
| 468 |
</option>
|
|
| 469 |
<option>
|
|
| 470 |
<name>2048 bits</name>
|
|
| 471 |
<value>2048</value>
|
|
| 472 |
</option>
|
|
| 473 |
<option>
|
|
| 474 |
<name>4096 bits</name>
|
|
| 475 |
<value>4096</value>
|
|
| 476 |
</option>
|
|
| 477 |
</options>
|
|
| 470 | 478 |
</field> |
| 471 | 479 |
<field> |
| 472 | 480 |
<name>lifetime</name> |
| 473 | 481 |
<displayname>Lifetime</displayname> |
| 482 |
<description>Lifetime in days. This is commonly set to 3650 (Approximately 10 years.)</description> |
|
| 474 | 483 |
<type>input</type> |
| 475 | 484 |
<size>10</size> |
| 476 | 485 |
<value>3650</value> |
| 477 |
<description>Lifetime in days</description> |
|
| 478 | 486 |
<bindstofield>ovpnserver->step9->lifetime</bindstofield> |
| 479 | 487 |
</field> |
| 480 | 488 |
<field> |
| 481 | 489 |
<name>country</name> |
| 482 | 490 |
<displayname>Country Code</displayname> |
| 491 |
<description>Two-letter ISO country code (e.g. US, AU, CA) </description> |
|
| 483 | 492 |
<type>input</type> |
| 484 | 493 |
<size>5</size> |
| 485 | 494 |
<bindstofield>ovpnserver->step9->country</bindstofield> |
| ... | ... | |
| 487 | 496 |
<field> |
| 488 | 497 |
<name>state</name> |
| 489 | 498 |
<displayname>State or Province</displayname> |
| 499 |
<description>Full State of Province name, not abbreviated (e.g. Kentucky, Indiana, Ontario).</description> |
|
| 490 | 500 |
<type>input</type> |
| 491 | 501 |
<size>30</size> |
| 492 | 502 |
<bindstofield>ovpnserver->step9->state</bindstofield> |
| ... | ... | |
| 494 | 504 |
<field> |
| 495 | 505 |
<name>city</name> |
| 496 | 506 |
<displayname>City</displayname> |
| 507 |
<description>City or other Locality name (e.g. Louisville, Indianapolis, Toronto).</description> |
|
| 497 | 508 |
<type>input</type> |
| 498 | 509 |
<size>30</size> |
| 499 | 510 |
<bindstofield>ovpnserver->step9->city</bindstofield> |
| ... | ... | |
| 501 | 512 |
<field> |
| 502 | 513 |
<name>organization</name> |
| 503 | 514 |
<displayname>Organization</displayname> |
| 515 |
<description>Organization name, often the Company or Group name.</description> |
|
| 504 | 516 |
<type>input</type> |
| 505 | 517 |
<size>30</size> |
| 506 | 518 |
<bindstofield>ovpnserver->step9->organization</bindstofield> |
| ... | ... | |
| 508 | 520 |
<field> |
| 509 | 521 |
<name>email</name> |
| 510 | 522 |
<displayname>E-mail</displayname> |
| 523 |
<description>E-mail address for the Certificate contact. Often the e-mail of the person generating the certificate (i.e. You.)</description> |
|
| 511 | 524 |
<type>input</type> |
| 512 | 525 |
<size>30</size> |
| 513 | 526 |
<bindstofield>ovpnserver->step9->email</bindstofield> |
| ... | ... | |
| 533 | 546 |
<field> |
| 534 | 547 |
<name>interface</name> |
| 535 | 548 |
<type>interfaces_selection</type> |
| 549 |
<description>The interface where OpenVPN will listen for incoming connections (typically WAN.)</description> |
|
| 536 | 550 |
<displayname>Interface</displayname> |
| 537 | 551 |
<bindstofield>ovpnserver->step10->interface</bindstofield> |
| 538 | 552 |
</field> |
| ... | ... | |
| 541 | 555 |
<type>select</type> |
| 542 | 556 |
<bindstofield>ovpnserver->step10->protocol</bindstofield> |
| 543 | 557 |
<options> |
| 544 |
<option> |
|
| 545 |
<name>UDP</name> |
|
| 546 |
<value>udp</value> |
|
| 547 |
</option> |
|
| 548 |
<option> |
|
| 549 |
<name>TCP</name> |
|
| 550 |
<value>tcp</value> |
|
| 551 |
</option> |
|
| 552 |
</options> |
|
| 558 |
<option> |
|
| 559 |
<name>UDP</name> |
|
| 560 |
<value>udp</value> |
|
| 561 |
</option> |
|
| 562 |
<option> |
|
| 563 |
<name>TCP</name> |
|
| 564 |
<value>tcp</value> |
|
| 565 |
</option> |
|
| 566 |
</options> |
|
| 567 |
<description><br/>Protocol to use for OpenVPN connections. If you are unsure, leave this set to UDP.</description> |
|
| 553 | 568 |
</field> |
| 554 | 569 |
<field> |
| 555 | 570 |
<name>localport</name> |
| 556 | 571 |
<displayname>Local port</displayname> |
| 572 |
<description>Local port upon which OpenVPN will listen for connections. The default port is 1194. Leave this blank unless you need to use a different port.</description> |
|
| 557 | 573 |
<type>input</type> |
| 558 | 574 |
<size>10</size> |
| 559 | 575 |
<bindstofield>ovpnserver->step10->localport</bindstofield> |
| ... | ... | |
| 561 | 577 |
<field> |
| 562 | 578 |
<name>description</name> |
| 563 | 579 |
<displayname>Description</displayname> |
| 580 |
<description>A name for this OpenVPN instance, for your reference. It can be set however you like, but is often used to distinguish the purpose of the service (e.g. "Remote Technical Staff").</description> |
|
| 564 | 581 |
<type>input</type> |
| 565 | 582 |
<size>30</size> |
| 566 | 583 |
<bindstofield>ovpnserver->step10->descr</bindstofield> |
| ... | ... | |
| 577 | 594 |
<bindstofield>ovpnserver->step10->tlsauth</bindstofield> |
| 578 | 595 |
</field> |
| 579 | 596 |
<field> |
| 580 |
<displayname>Automatically generate a TLS key</displayname>
|
|
| 597 |
<displayname>Generate TLS Key</displayname>
|
|
| 581 | 598 |
<name>generatetlskey</name> |
| 582 | 599 |
<disablefields>tlssharedkey</disablefields> |
| 583 | 600 |
<value>on</value> |
| ... | ... | |
| 586 | 603 |
<bindstofield>ovpnserver->step10->gentlskey</bindstofield> |
| 587 | 604 |
</field> |
| 588 | 605 |
<field> |
| 606 |
<displayname>TLS Shared Key</displayname> |
|
| 589 | 607 |
<name>tlssharedkey</name> |
| 608 |
<description>Paste in a shared TLS key if one has already been generated.</description> |
|
| 590 | 609 |
<type>textarea</type> |
| 591 | 610 |
<cols>30</cols> |
| 592 | 611 |
<rows>5</rows> |
| ... | ... | |
| 598 | 617 |
<type>select</type> |
| 599 | 618 |
<bindstofield>ovpnserver->step10->dhkey</bindstofield> |
| 600 | 619 |
<options> |
| 601 |
<option> |
|
| 602 |
<name>1024</name> |
|
| 603 |
<value>1024</value> |
|
| 604 |
</option> |
|
| 605 |
<option> |
|
| 606 |
<name>2048</name> |
|
| 607 |
<value>2048</value> |
|
| 608 |
</option> |
|
| 609 |
<option> |
|
| 610 |
<name>4096</name> |
|
| 611 |
<value>4096</value> |
|
| 612 |
</option> |
|
| 613 |
</options> |
|
| 620 |
<option> |
|
| 621 |
<name>1024 bit</name> |
|
| 622 |
<value>1024</value> |
|
| 623 |
</option> |
|
| 624 |
<option> |
|
| 625 |
<name>2048 bit</name> |
|
| 626 |
<value>2048</value> |
|
| 627 |
</option> |
|
| 628 |
<option> |
|
| 629 |
<name>4096 bit</name> |
|
| 630 |
<value>4096</value> |
|
| 631 |
</option> |
|
| 632 |
</options> |
|
| 633 |
<description><br/>Length of Diffie-Hellman (DH) key exchange parameters, used for establishing a secure communications channel. As with other such settings, the larger values are more secure, but may be slower in operation.</description> |
|
| 614 | 634 |
</field> |
| 615 | 635 |
<field> |
| 616 | 636 |
<name>crypto</name> |
| ... | ... | |
| 618 | 638 |
<displayname>Encryption algorithm</displayname> |
| 619 | 639 |
<bindstofield>ovpnserver->step10->crypto</bindstofield> |
| 620 | 640 |
<options> |
| 621 |
<option>
|
|
| 622 |
<name>dummy</name>
|
|
| 623 |
<value>dummy</value>
|
|
| 624 |
</option>
|
|
| 641 |
<option>
|
|
| 642 |
<name>dummy</name>
|
|
| 643 |
<value>dummy</value>
|
|
| 644 |
</option>
|
|
| 625 | 645 |
</options> |
| 646 |
<description><br/>The method used to encrypt traffic between endpoints. This setting must match on the client and server side, but is otherwise set however you like. Certain algorithms will perform better on different hardware, depending on the availability of supported VPN accelerator chips.</description> |
|
| 626 | 647 |
</field> |
| 627 | 648 |
<field> |
| 628 | 649 |
<type>listtopic</type> |
| ... | ... | |
| 634 | 655 |
<type>input</type> |
| 635 | 656 |
<size>20</size> |
| 636 | 657 |
<bindstofield>ovpnserver->step10->tunnelnet</bindstofield> |
| 658 |
<description>This is the virtual network used for private communications between this server and client hosts expressed using CIDR notation (eg. 10.0.8.0/24). The first network address will be assigned to the server virtual interface. The remaining network addresses can optionally be assigned to connecting clients. (see Address Pool)</description> |
|
| 637 | 659 |
</field> |
| 638 | 660 |
<field> |
| 639 | 661 |
<displayname>Redirect Gateway</displayname> |
| ... | ... | |
| 642 | 664 |
<description>Force all client generated traffic through the tunnel.</description> |
| 643 | 665 |
<bindstofield>ovpnserver->step10->rdrgw</bindstofield> |
| 644 | 666 |
</field> |
| 645 |
<field> |
|
| 646 |
<displayname>Remote network</displayname> |
|
| 647 |
<name>remotenet</name> |
|
| 648 |
<type>input</type> |
|
| 649 |
<size>20</size> |
|
| 650 |
<bindstofield>ovpnserver->step10->remotenet</bindstofield> |
|
| 651 |
</field> |
|
| 652 | 667 |
<field> |
| 653 | 668 |
<displayname>Local network</displayname> |
| 654 | 669 |
<name>localnet</name> |
| 655 | 670 |
<type>input</type> |
| 656 | 671 |
<size>20</size> |
| 657 | 672 |
<bindstofield>ovpnserver->step10->localnet</bindstofield> |
| 673 |
<description>This is the network that will be accessible from the remote endpoint, expressed as a CIDR range. You may leave this blank if you don't want to add a route to the local network through this tunnel on the remote machine. This is generally set to your LAN network.</description> |
|
| 674 |
</field> |
|
| 675 |
<field> |
|
| 676 |
<displayname>Remote network</displayname> |
|
| 677 |
<name>remotenet</name> |
|
| 678 |
<type>input</type> |
|
| 679 |
<size>20</size> |
|
| 680 |
<bindstofield>ovpnserver->step10->remotenet</bindstofield> |
|
| 681 |
<description>This is a network that will be routed through the tunnel, so that a site-to-site VPN can be established without manually changing the routing tables. Expressed as a CIDR range. If this is a site-to-site VPN, enter the remote LAN here. You may leave this blank if you don't want a site-to-site VPN.</description> |
|
| 658 | 682 |
</field> |
| 659 | 683 |
<field> |
| 660 | 684 |
<displayname>Concurrent Connections</displayname> |
| ... | ... | |
| 665 | 689 |
<bindstofield>ovpnserver->step10->concurrentcon</bindstofield> |
| 666 | 690 |
</field> |
| 667 | 691 |
<field> |
| 668 |
<displayname>Compression</displayname>
|
|
| 669 |
<name>compression</name>
|
|
| 670 |
<type>checkbox</type>
|
|
| 671 |
<description>Compress tunnel packets using the LZO algorithm.</description>
|
|
| 692 |
<displayname>Compression</displayname>
|
|
| 693 |
<name>compression</name>
|
|
| 694 |
<type>checkbox</type>
|
|
| 695 |
<description>Compress tunnel packets using the LZO algorithm.</description>
|
|
| 672 | 696 |
<bindstofield>ovpnserver->step10->compression</bindstofield> |
| 673 |
</field>
|
|
| 697 |
</field>
|
|
| 674 | 698 |
<field> |
| 675 |
<displayname>Type-of-Service</displayname>
|
|
| 676 |
<name>tos</name>
|
|
| 677 |
<type>checkbox</type>
|
|
| 678 |
<description>Set the TOS IP header value of tunnel packets to match the encapsulated packet value.</description>
|
|
| 699 |
<displayname>Type-of-Service</displayname>
|
|
| 700 |
<name>tos</name>
|
|
| 701 |
<type>checkbox</type>
|
|
| 702 |
<description>Set the TOS IP header value of tunnel packets to match the encapsulated packet value.</description>
|
|
| 679 | 703 |
<bindstofield>ovpnserver->step10->tos</bindstofield> |
| 680 |
</field>
|
|
| 704 |
</field>
|
|
| 681 | 705 |
<field> |
| 682 |
<displayname>Inter-client communication</displayname>
|
|
| 683 |
<name>interclient</name>
|
|
| 684 |
<type>checkbox</type>
|
|
| 685 |
<description>Allow communication between clients connected to this server.</description>
|
|
| 706 |
<displayname>Inter-client communication</displayname>
|
|
| 707 |
<name>interclient</name>
|
|
| 708 |
<type>checkbox</type>
|
|
| 709 |
<description>Allow communication between clients connected to this server.</description>
|
|
| 686 | 710 |
<bindstofield>ovpnserver->step10->interclient</bindstofield> |
| 687 |
</field>
|
|
| 711 |
</field>
|
|
| 688 | 712 |
<field> |
| 689 | 713 |
<type>listtopic</type> |
| 690 | 714 |
<name>Client Settings</name> |
| 691 | 715 |
</field> |
| 692 | 716 |
<field> |
| 693 |
<displayname>Address Pool</displayname>
|
|
| 694 |
<name>addrpool</name>
|
|
| 695 |
<type>checkbox</type>
|
|
| 717 |
<displayname>Address Pool</displayname>
|
|
| 718 |
<name>addrpool</name>
|
|
| 719 |
<type>checkbox</type>
|
|
| 696 | 720 |
<value>on</value> |
| 697 |
<description>Provide a virtual adapter IP address to clients (see Tunnel Network).</description>
|
|
| 721 |
<description>Provide a virtual adapter IP address to clients (see Tunnel Network).</description>
|
|
| 698 | 722 |
<bindstofield>ovpnserver->step10->addrpool</bindstofield> |
| 699 |
</field>
|
|
| 700 |
<field>
|
|
| 701 |
<displayname>DNS Default Domain</displayname>
|
|
| 702 |
<name>defaultdomain</name>
|
|
| 703 |
<type>input</type>
|
|
| 704 |
<description>Provide a default domain name to clients.</description>
|
|
| 723 |
</field>
|
|
| 724 |
<field>
|
|
| 725 |
<displayname>DNS Default Domain</displayname>
|
|
| 726 |
<name>defaultdomain</name>
|
|
| 727 |
<type>input</type>
|
|
| 728 |
<description>Provide a default domain name to clients.</description>
|
|
| 705 | 729 |
<bindstofield>ovpnserver->step10->defaultdomain</bindstofield> |
| 706 |
</field>
|
|
| 707 |
<field>
|
|
| 708 |
<displayname>DNS Server 1</displayname>
|
|
| 709 |
<name>dnsserver1</name>
|
|
| 710 |
<type>input</type>
|
|
| 730 |
</field>
|
|
| 731 |
<field>
|
|
| 732 |
<displayname>DNS Server 1</displayname>
|
|
| 733 |
<name>dnsserver1</name>
|
|
| 734 |
<type>input</type>
|
|
| 711 | 735 |
<bindstofield>ovpnserver->step10->dns1</bindstofield> |
| 736 |
<description>DNS server to provide for connecting client systems.</description> |
|
| 712 | 737 |
</field> |
| 713 | 738 |
<field> |
| 714 |
<displayname>DNS Server 2</displayname>
|
|
| 739 |
<displayname>DNS Server 2</displayname>
|
|
| 715 | 740 |
<name>dnserver2</name> |
| 716 | 741 |
<type>input</type> |
| 717 | 742 |
<bindstofield>ovpnserver->step10->dns2</bindstofield> |
| 743 |
<description>DNS server to provide for connecting client systems.</description> |
|
| 718 | 744 |
</field> |
| 719 | 745 |
<field> |
| 720 |
<displayname>DNS Server 3</displayname>
|
|
| 746 |
<displayname>DNS Server 3</displayname>
|
|
| 721 | 747 |
<name>dnserver3</name> |
| 722 | 748 |
<type>input</type> |
| 723 | 749 |
<bindstofield>ovpnserver->step10->dns3</bindstofield> |
| 750 |
<description>DNS server to provide for connecting client systems.</description> |
|
| 724 | 751 |
</field> |
| 725 | 752 |
<field> |
| 726 |
<displayname>DNS Server 4</displayname>
|
|
| 753 |
<displayname>DNS Server 4</displayname>
|
|
| 727 | 754 |
<name>dnserver4</name> |
| 728 | 755 |
<type>input</type> |
| 729 | 756 |
<bindstofield>ovpnserver->step10->dns4</bindstofield> |
| 730 |
</field> |
|
| 757 |
<description>DNS server to provide for connecting client systems.</description> |
|
| 758 |
</field> |
|
| 731 | 759 |
<field> |
| 732 |
<displayname>NTP Server</displayname>
|
|
| 733 |
<name>ntpserver1</name>
|
|
| 734 |
<type>input</type>
|
|
| 760 |
<displayname>NTP Server</displayname>
|
|
| 761 |
<name>ntpserver1</name>
|
|
| 762 |
<type>input</type>
|
|
| 735 | 763 |
<bindstofield>ovpnserver->step10->ntp1</bindstofield> |
| 736 |
</field> |
|
| 737 |
<field> |
|
| 738 |
<displayname>NTP Server 2</displayname> |
|
| 739 |
<name>ntpserver2</name> |
|
| 764 |
<description>Network Time Protocol server to provide for connecting client systems.</description> |
|
| 765 |
</field> |
|
| 766 |
<field> |
|
| 767 |
<displayname>NTP Server 2</displayname> |
|
| 768 |
<name>ntpserver2</name> |
|
| 740 | 769 |
<type>input</type> |
| 741 | 770 |
<bindstofield>ovpnserver->step10->ntp2</bindstofield> |
| 742 |
</field> |
|
| 771 |
<description>Network Time Protocol server to provide for connecting client systems.</description> |
|
| 772 |
</field> |
|
| 743 | 773 |
<field> |
| 744 | 774 |
<name>nbtenable</name> |
| 745 | 775 |
<type>checkbox</type> |
| 746 |
<displayname>Enable NetBios option</displayname> |
|
| 747 |
</field> |
|
| 748 |
<field> |
|
| 749 |
<displayname>NetBios Node Type</displayname> |
|
| 750 |
<name>nbttype</name> |
|
| 751 |
<type>select</type> |
|
| 752 |
<bindstofield>ovpnserver->step10->nbttype</bindstofield> |
|
| 753 |
<options> |
|
| 754 |
<option> |
|
| 755 |
<name>dummy</name> |
|
| 756 |
<value>dummy</value> |
|
| 757 |
</option> |
|
| 758 |
</options> |
|
| 759 |
</field> |
|
| 760 |
<field> |
|
| 761 |
<displayname>NetBios Scope</displayname> |
|
| 762 |
<name>nbtscope</name> |
|
| 763 |
<type>input</type> |
|
| 764 |
<bindstofield>ovpnserver->step10->nbtscope</bindstofield> |
|
| 765 |
</field> |
|
| 766 |
<field> |
|
| 767 |
<displayname>WINS Server 1</displayname> |
|
| 768 |
<name>winsserver1</name> |
|
| 769 |
<type>input</type> |
|
| 770 |
<bindstofield>ovpnserver->step10->wins1</bindstofield> |
|
| 771 |
</field> |
|
| 772 |
<field> |
|
| 773 |
<displayname>WINS Server 2</displayname> |
|
| 774 |
<name>winsserver2</name> |
|
| 775 |
<type>input</type> |
|
| 776 |
<bindstofield>ovpnserver->step10->wins2</bindstofield> |
|
| 777 |
</field> |
|
| 776 |
<displayname>NetBIOS Options</displayname> |
|
| 777 |
<description>Enable NetBIOS over TCP/IP. <br/>If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled. </description> |
|
| 778 |
</field> |
|
| 779 |
<field> |
|
| 780 |
<displayname>NetBIOS Node Type</displayname> |
|
| 781 |
<name>nbttype</name> |
|
| 782 |
<type>select</type> |
|
| 783 |
<bindstofield>ovpnserver->step10->nbttype</bindstofield> |
|
| 784 |
<options> |
|
| 785 |
<option> |
|
| 786 |
<name>dummy</name> |
|
| 787 |
<value>dummy</value> |
|
| 788 |
</option> |
|
| 789 |
</options> |
|
| 790 |
<description><br/>Possible options: b-node (broadcasts), p-node (point-to-point name queries to a WINS server), m-node (broadcast then query name server), and h-node (query name server, then broadcast).</description> |
|
| 791 |
</field> |
|
| 792 |
<field> |
|
| 793 |
<displayname>NetBIOS Scope ID</displayname> |
|
| 794 |
<name>nbtscope</name> |
|
| 795 |
<type>input</type> |
|
| 796 |
<bindstofield>ovpnserver->step10->nbtscope</bindstofield> |
|
| 797 |
<description>A NetBIOS Scope ID provides an extended naming service for NetBIOS over TCP/IP. The NetBIOS scope ID isolates NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID.</description> |
|
| 798 |
</field> |
|
| 799 |
<field> |
|
| 800 |
<displayname>WINS Server 1</displayname> |
|
| 801 |
<name>winsserver1</name> |
|
| 802 |
<type>input</type> |
|
| 803 |
<bindstofield>ovpnserver->step10->wins1</bindstofield> |
|
| 804 |
<description>A Windows Internet Name Service (WINS) server to provide for connecting clients, which allows them to browse Windows shares. This is typically an Active Directory Domain Controller, designated WINS server, or Samba server.</description> |
|
| 805 |
</field> |
|
| 806 |
<field> |
|
| 807 |
<displayname>WINS Server 2</displayname> |
|
| 808 |
<name>winsserver2</name> |
|
| 809 |
<type>input</type> |
|
| 810 |
<bindstofield>ovpnserver->step10->wins2</bindstofield> |
|
| 811 |
<description>A Windows Internet Name Service (WINS) server to provide for connecting clients, which allows them to browse Windows shares. This is typically an Active Directory Domain Controller, designated WINS server, or Samba server.</description> |
|
| 812 |
</field> |
|
| 778 | 813 |
<field> |
| 779 | 814 |
<name>Advanced</name> |
| 780 | 815 |
<type>textarea</type> |
| ... | ... | |
| 799 | 834 |
<fields> |
| 800 | 835 |
<field> |
| 801 | 836 |
<type>listtopic</type> |
| 802 |
<name>Firewall Rules configuration</name>
|
|
| 837 |
<name>Firewall Rule Configuration</name>
|
|
| 803 | 838 |
</field> |
| 804 | 839 |
<field> |
| 805 | 840 |
<type>text</type> |
| 806 |
<description>Firewall Rules control what network traffic is permitted. You must add rules to allow traffic to the OpenVPN server's IP and port, as well as allowing traffic from connected clients through the tunnel. These rules can be auto-added here, or configured manually after completing the wizardr.</description>
|
|
| 841 |
<description>Firewall Rules control what network traffic is permitted. You must add rules to allow traffic to the OpenVPN server's IP and port, as well as allowing traffic from connected clients through the tunnel. These rules can be automtically added here, or configured manually after completing the wizard.</description>
|
|
| 807 | 842 |
</field> |
| 808 | 843 |
<field> |
| 809 | 844 |
<type>listtopic</type> |
| ... | ... | |
| 812 | 847 |
<field> |
| 813 | 848 |
<name>ovpnrule</name> |
| 814 | 849 |
<displayname>Firewall Rule</displayname> |
| 815 |
<description>Automatically add rule to permit</description>
|
|
| 850 |
<description>Add a rule to permit traffic from clients on the Internet to the OpenVPN server process.</description>
|
|
| 816 | 851 |
<type>checkbox</type> |
| 817 | 852 |
<bindstofield>ovpnserver->step11->ovpnrule</bindstofield> |
| 818 | 853 |
</field> |
| ... | ... | |
| 823 | 858 |
<field> |
| 824 | 859 |
<name>ovpnallow</name> |
| 825 | 860 |
<displayname>OpenVPN rule</displayname> |
| 826 |
<description>Add a rule to allow all traffic from connected clients</description> |
|
| 861 |
<description>Add a rule to allow all traffic from connected clients to pass across the VPN tunnel.</description>
|
|
| 827 | 862 |
<type>checkbox</type> |
| 828 | 863 |
<bindstofield>ovpnserver->step11->ovpnallow</bindstofield> |
| 829 | 864 |
</field> |
Also available in: Unified diff
Add/fix wording of descriptions in OpenVPN wizard.
While I'm here, convert leading spaces to tabs.