/usr/local/www/vpn_openvpn_server.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_openvpn_server.php @ 5ef4a9e1

1	d799787e	Matthew Grooms	<?php
2			/*
3			vpn_openvpn_server.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6			All rights reserved.
7
8			Redistribution and use in source and binary forms, with or without
9			modification, are permitted provided that the following conditions are met:
10
11			1. Redistributions of source code must retain the above copyright notice,
12			this list of conditions and the following disclaimer.
13
14			2. Redistributions in binary form must reproduce the above copyright
15			notice, this list of conditions and the following disclaimer in the
16			documentation and/or other materials provided with the distribution.
17
18			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27			POSSIBILITY OF SUCH DAMAGE.
28			*/
29
30			##\|+PRIV
31			##\|*IDENT=page-openvpn-server
32			##\|*NAME=OpenVPN: Server page
33			##\|*DESCR=Allow access to the 'OpenVPN: Server' page.
34			##\|MATCH=vpn_openvpn_server.php
35			##\|-PRIV
36
37			require("guiconfig.inc");
38	d84bd468	Ermal Lu?i	require_once("openvpn.inc");
39	d799787e	Matthew Grooms
40	4d8b3382	Carlos Eduardo Ramos	$pgtitle = array(gettext("OpenVPN"), gettext("Server"));
41	efe2be81	jim-p	$statusurl = "status_openvpn.php";
42			$logurl = "diag_logs_openvpn.php";
43	d799787e	Matthew Grooms
44			if (!is_array($config['openvpn']['openvpn-server']))
45			$config['openvpn']['openvpn-server'] = array();
46
47			$a_server = &$config['openvpn']['openvpn-server'];
48
49	428e66b6	jim-p	if (!is_array($config['ca']))
50			$config['ca'] = array();
51
52			$a_ca =& $config['ca'];
53
54			if (!is_array($config['cert']))
55			$config['cert'] = array();
56
57			$a_cert =& $config['cert'];
58
59			if (!is_array($config['crl']))
60			$config['crl'] = array();
61
62			$a_crl =& $config['crl'];
63
64	c1f95f5c	jim-p	foreach ($a_crl as $cid => $acrl)
65			if (!isset($acrl['refid']))
66			unset ($a_crl[$cid]);
67
68	d799787e	Matthew Grooms	$id = $_GET['id'];
69			if (isset($_POST['id']))
70			$id = $_POST['id'];
71
72			$act = $_GET['act'];
73			if (isset($_POST['act']))
74			$act = $_POST['act'];
75
76			if ($_GET['act'] == "del") {
77
78			if (!$a_server[$id]) {
79			pfSenseHeader("vpn_openvpn_server.php");
80			exit;
81			}
82
83	dc408939	Matthew Grooms	openvpn_delete('server', $a_server[$id]);
84	d799787e	Matthew Grooms	unset($a_server[$id]);
85			write_config();
86			$savemsg = gettext("Server successfully deleted")."<br/>";
87			}
88
89	f432e364	Matthew Grooms	if($_GET['act']=="new"){
90	3c11bd3c	Matthew Grooms	$pconfig['autokey_enable'] = "yes";
91			$pconfig['tlsauth_enable'] = "yes";
92			$pconfig['autotls_enable'] = "yes";
93	fe787fc7	Matthew Grooms	$pconfig['dh_length'] = 1024;
94	4936ff53	jim-p	$pconfig['dev_mode'] = "tun";
95	f432e364	Matthew Grooms	$pconfig['interface'] = "wan";
96	8cd0a3fa	jim-p	$pconfig['local_port'] = openvpn_port_next('UDP');
97	f432e364	Matthew Grooms	$pconfig['pool_enable'] = "yes";
98	41936acc	jim-p	$pconfig['cert_depth'] = 1;
99	f432e364	Matthew Grooms	}
100
101	d799787e	Matthew Grooms	if($_GET['act']=="edit"){
102
103			if (isset($id) && $a_server[$id]) {
104
105	870318b9	Ermal Lu?i	$pconfig['disable'] = isset($a_server[$id]['disable']);
106	3c11bd3c	Matthew Grooms	$pconfig['mode'] = $a_server[$id]['mode'];
107	d799787e	Matthew Grooms	$pconfig['protocol'] = $a_server[$id]['protocol'];
108	e8a58de4	Ermal Lu?i	$pconfig['authmode'] = $a_server[$id]['authmode'];
109	4936ff53	jim-p	$pconfig['dev_mode'] = $a_server[$id]['dev_mode'];
110	d799787e	Matthew Grooms	$pconfig['interface'] = $a_server[$id]['interface'];
111	67b0902f	pierrepomes	if (!empty($a_server[$id]['ipaddr'])) {
112			$pconfig['interface'] = $pconfig['interface'] . '\|' . $a_server[$id]['ipaddr'];
113			}
114	d799787e	Matthew Grooms	$pconfig['local_port'] = $a_server[$id]['local_port'];
115			$pconfig['description'] = $a_server[$id]['description'];
116	a9a613dd	Scott Ullrich	$pconfig['custom_options'] = $a_server[$id]['custom_options'];
117	d799787e	Matthew Grooms
118	3c11bd3c	Matthew Grooms	if ($pconfig['mode'] != "p2p_shared_key") {
119			if ($a_server[$id]['tls']) {
120			$pconfig['tlsauth_enable'] = "yes";
121			$pconfig['tls'] = base64_decode($a_server[$id]['tls']);
122			}
123	fe787fc7	Matthew Grooms	$pconfig['caref'] = $a_server[$id]['caref'];
124	6db02381	jim-p	$pconfig['crlref'] = $a_server[$id]['crlref'];
125	fe787fc7	Matthew Grooms	$pconfig['certref'] = $a_server[$id]['certref'];
126			$pconfig['dh_length'] = $a_server[$id]['dh_length'];
127	41936acc	jim-p	if (isset($a_server[$id]['cert_depth']))
128			$pconfig['cert_depth'] = $a_server[$id]['cert_depth'];
129			else
130			$pconfig['cert_depth'] = 1;
131	94823361	jim-p	if ($pconfig['mode'] == "server_tls_user")
132			$pconfig['strictusercn'] = $a_server[$id]['strictusercn'];
133	3c11bd3c	Matthew Grooms	} else
134			$pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
135	d799787e	Matthew Grooms	$pconfig['crypto'] = $a_server[$id]['crypto'];
136	582c58ae	jim-p	$pconfig['engine'] = $a_server[$id]['engine'];
137	d799787e	Matthew Grooms
138			$pconfig['tunnel_network'] = $a_server[$id]['tunnel_network'];
139	b1ba04cf	Seth Mos	$pconfig['tunnel_networkv6'] = $a_server[$id]['tunnel_networkv6'];
140	1ab6bdb5	jim-p
141	d799787e	Matthew Grooms	$pconfig['remote_network'] = $a_server[$id]['remote_network'];
142			$pconfig['gwredir'] = $a_server[$id]['gwredir'];
143			$pconfig['local_network'] = $a_server[$id]['local_network'];
144	b1ba04cf	Seth Mos	$pconfig['local_networkv6'] = $a_server[$id]['local_networkv6'];
145	d799787e	Matthew Grooms	$pconfig['maxclients'] = $a_server[$id]['maxclients'];
146			$pconfig['compression'] = $a_server[$id]['compression'];
147	1cb0b40a	Matthew Grooms	$pconfig['passtos'] = $a_server[$id]['passtos'];
148	d799787e	Matthew Grooms	$pconfig['client2client'] = $a_server[$id]['client2client'];
149
150	65ff8497	jim-p	$pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip'];
151	d799787e	Matthew Grooms	$pconfig['pool_enable'] = $a_server[$id]['pool_enable'];
152
153	1ab6bdb5	jim-p	$pconfig['serverbridge_dhcp'] = $a_server[$id]['serverbridge_dhcp'];
154			$pconfig['serverbridge_interface'] = $a_server[$id]['serverbridge_interface'];
155			$pconfig['serverbridge_dhcp_start'] = $a_server[$id]['serverbridge_dhcp_start'];
156			$pconfig['serverbridge_dhcp_end'] = $a_server[$id]['serverbridge_dhcp_end'];
157
158	d799787e	Matthew Grooms	$pconfig['dns_domain'] = $a_server[$id]['dns_domain'];
159			if ($pconfig['dns_domain'])
160			$pconfig['dns_domain_enable'] = true;
161
162			$pconfig['dns_server1'] = $a_server[$id]['dns_server1'];
163			$pconfig['dns_server2'] = $a_server[$id]['dns_server2'];
164			$pconfig['dns_server3'] = $a_server[$id]['dns_server3'];
165			$pconfig['dns_server4'] = $a_server[$id]['dns_server4'];
166			if ($pconfig['dns_server1'] \|\|
167			$pconfig['dns_server2'] \|\|
168			$pconfig['dns_server3'] \|\|
169			$pconfig['dns_server4'])
170			$pconfig['dns_server_enable'] = true;
171
172			$pconfig['ntp_server1'] = $a_server[$id]['ntp_server1'];
173			$pconfig['ntp_server2'] = $a_server[$id]['ntp_server2'];
174			if ($pconfig['ntp_server1'] \|\|
175			$pconfig['ntp_server2'])
176			$pconfig['ntp_server_enable'] = true;
177
178			$pconfig['netbios_enable'] = $a_server[$id]['netbios_enable'];
179			$pconfig['netbios_ntype'] = $a_server[$id]['netbios_ntype'];
180			$pconfig['netbios_scope'] = $a_server[$id]['netbios_scope'];
181
182			$pconfig['wins_server1'] = $a_server[$id]['wins_server1'];
183			$pconfig['wins_server2'] = $a_server[$id]['wins_server2'];
184			if ($pconfig['wins_server1'] \|\|
185			$pconfig['wins_server2'])
186			$pconfig['wins_server_enable'] = true;
187
188			$pconfig['nbdd_server1'] = $a_server[$id]['nbdd_server1'];
189			if ($pconfig['nbdd_server1'])
190			$pconfig['nbdd_server_enable'] = true;
191	3c11bd3c	Matthew Grooms
192			// just in case the modes switch
193			$pconfig['autokey_enable'] = "yes";
194			$pconfig['autotls_enable'] = "yes";
195	bca35cff	jim-p
196			$pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']);
197	d799787e	Matthew Grooms	}
198			}
199			if ($_POST) {
200
201			unset($input_errors);
202			$pconfig = $_POST;
203
204	f432e364	Matthew Grooms	if (isset($id) && $a_server[$id])
205			$vpnid = $a_server[$id]['vpnid'];
206			else
207			$vpnid = 0;
208
209	98c0c87a	jim-p	if ($pconfig['mode'] != "p2p_shared_key")
210	3c11bd3c	Matthew Grooms	$tls_mode = true;
211			else
212			$tls_mode = false;
213
214	b0b6d575	jim-p	if (empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") \|\| ($pconfig['mode'] == "server_tls_user")))
215			$input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth.");
216
217	d799787e	Matthew Grooms	/* input validation */
218			if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
219			$input_errors[] = $result;
220
221			if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network'))
222			$input_errors[] = $result;
223
224			if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network'))
225			$input_errors[] = $result;
226
227			if ($result = openvpn_validate_cidr($pconfig['local_network'], 'Local network'))
228			$input_errors[] = $result;
229
230	5accf130	jim-p	$portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']);
231			if (($portused != $vpnid) && ($portused != 0))
232	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
233	f432e364	Matthew Grooms
234	89e6e210	jim-p	if ($pconfig['autokey_enable'])
235			$pconfig['shared_key'] = openvpn_create_key();
236
237	3c11bd3c	Matthew Grooms	if (!$tls_mode && !$pconfig['autokey_enable'])
238	d799787e	Matthew Grooms	if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") \|\|
239			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
240	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
241	3c11bd3c	Matthew Grooms
242			if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
243			if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") \|\|
244			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
245	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
246	d799787e	Matthew Grooms
247			if ($pconfig['dns_server_enable']) {
248			if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1'])))
249	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
250	d799787e	Matthew Grooms	if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2'])))
251	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
252	d799787e	Matthew Grooms	if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3'])))
253	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
254	d799787e	Matthew Grooms	if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4'])))
255	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
256	d799787e	Matthew Grooms	}
257
258			if ($pconfig['ntp_server_enable']) {
259			if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1'])))
260	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
261	d799787e	Matthew Grooms	if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2'])))
262	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
263	d799787e	Matthew Grooms	if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3'])))
264	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address");
265	d799787e	Matthew Grooms	if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4'])))
266	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address");
267	d799787e	Matthew Grooms	}
268
269			if ($pconfig['netbios_enable']) {
270			if ($pconfig['wins_server_enable']) {
271			if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1'])))
272	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
273	d799787e	Matthew Grooms	if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2'])))
274	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
275	d799787e	Matthew Grooms	}
276			if ($pconfig['nbdd_server_enable'])
277			if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1'])))
278	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
279	d799787e	Matthew Grooms	}
280
281			if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients']))
282	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Concurrent connections' must be numeric.");
283	d799787e	Matthew Grooms
284	21c776dd	jim-p	/* If we are not in shared key mode, then we need the CA/Cert. */
285			if ($pconfig['mode'] != "p2p_shared_key") {
286	872d9195	Matthew Grooms	$reqdfields = explode(" ", "caref certref");
287	fe6d7a55	jim-p	$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
288	21c776dd	jim-p	} elseif (!$pconfig['autokey_enable']) {
289			/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
290			$reqdfields = array('shared_key');
291	4d8b3382	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext('Shared key'));
292	d799787e	Matthew Grooms	}
293
294	1ab6bdb5	jim-p	if ($pconfig['dev_mode'] != "tap") {
295			$reqdfields[] = 'tunnel_network';
296			$reqdfieldsn[] = gettext('Tunnel network');
297			} else {
298	74a556a3	jim-p	if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network'])
299			$input_errors[] = gettext("Using a tunnel network and server bridge settings together is not allowed.");
300	1ab6bdb5	jim-p	if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end'])
301			\|\| (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end']))
302			$input_errors[] = gettext("Server Bridge DHCP Start and End must both be empty, or defined.");
303			if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_start'])))
304			$input_errors[] = gettext("Server Bridge DHCP Start must be an IPv4 address.");
305			if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_end'])))
306			$input_errors[] = gettext("Server Bridge DHCP End must be an IPv4 address.");
307			if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end']))
308			$input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end).");
309			}
310	d799787e	Matthew Grooms	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
311
312			if (!$input_errors) {
313
314			$server = array();
315
316	f432e364	Matthew Grooms	if ($vpnid)
317			$server['vpnid'] = $vpnid;
318	e28120e5	Matthew Grooms	else
319	d799787e	Matthew Grooms	$server['vpnid'] = openvpn_vpnid_next();
320
321	870318b9	Ermal Lu?i	if ($_POST['disable'] == "yes")
322			$server['disable'] = true;
323	3c11bd3c	Matthew Grooms	$server['mode'] = $pconfig['mode'];
324	8a47c190	Ermal Lu?i	if (!empty($pconfig['authmode']))
325			$server['authmode'] = implode(",", $pconfig['authmode']);
326	d799787e	Matthew Grooms	$server['protocol'] = $pconfig['protocol'];
327	4936ff53	jim-p	$server['dev_mode'] = $pconfig['dev_mode'];
328	67b0902f	pierrepomes	list($server['interface'], $server['ipaddr']) = explode ("\|",$pconfig['interface']);
329	d799787e	Matthew Grooms	$server['local_port'] = $pconfig['local_port'];
330			$server['description'] = $pconfig['description'];
331	e3bbd29a	Ermal	$server['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
332	d799787e	Matthew Grooms
333	3c11bd3c	Matthew Grooms	if ($tls_mode) {
334			if ($pconfig['tlsauth_enable']) {
335			if ($pconfig['autotls_enable'])
336			$pconfig['tls'] = openvpn_create_key();
337			$server['tls'] = base64_encode($pconfig['tls']);
338			}
339	fe787fc7	Matthew Grooms	$server['caref'] = $pconfig['caref'];
340	6db02381	jim-p	$server['crlref'] = $pconfig['crlref'];
341	fe787fc7	Matthew Grooms	$server['certref'] = $pconfig['certref'];
342			$server['dh_length'] = $pconfig['dh_length'];
343	98963f27	jim-p	$server['cert_depth'] = $pconfig['cert_depth'];
344	94823361	jim-p	if ($pconfig['mode'] == "server_tls_user")
345			$server['strictusercn'] = $pconfig['strictusercn'];
346	3c11bd3c	Matthew Grooms	} else {
347			$server['shared_key'] = base64_encode($pconfig['shared_key']);
348	d799787e	Matthew Grooms	}
349			$server['crypto'] = $pconfig['crypto'];
350	582c58ae	jim-p	$server['engine'] = $pconfig['engine'];
351	d799787e	Matthew Grooms
352			$server['tunnel_network'] = $pconfig['tunnel_network'];
353	b1ba04cf	Seth Mos	$server['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
354	d799787e	Matthew Grooms	$server['remote_network'] = $pconfig['remote_network'];
355			$server['gwredir'] = $pconfig['gwredir'];
356			$server['local_network'] = $pconfig['local_network'];
357	b1ba04cf	Seth Mos	$server['local_networkv6'] = $pconfig['local_networkv6'];
358	d799787e	Matthew Grooms	$server['maxclients'] = $pconfig['maxclients'];
359			$server['compression'] = $pconfig['compression'];
360	1cb0b40a	Matthew Grooms	$server['passtos'] = $pconfig['passtos'];
361	d799787e	Matthew Grooms	$server['client2client'] = $pconfig['client2client'];
362
363	65ff8497	jim-p	$server['dynamic_ip'] = $pconfig['dynamic_ip'];
364	d799787e	Matthew Grooms	$server['pool_enable'] = $pconfig['pool_enable'];
365
366	1ab6bdb5	jim-p	$server['serverbridge_dhcp'] = $pconfig['serverbridge_dhcp'];
367			$server['serverbridge_interface'] = $pconfig['serverbridge_interface'];
368			$server['serverbridge_dhcp_start'] = $pconfig['serverbridge_dhcp_start'];
369			$server['serverbridge_dhcp_end'] = $pconfig['serverbridge_dhcp_end'];
370
371	d799787e	Matthew Grooms	if ($pconfig['dns_domain_enable'])
372			$server['dns_domain'] = $pconfig['dns_domain'];
373
374			if ($pconfig['dns_server_enable']) {
375			$server['dns_server1'] = $pconfig['dns_server1'];
376			$server['dns_server2'] = $pconfig['dns_server2'];
377			$server['dns_server3'] = $pconfig['dns_server3'];
378			$server['dns_server4'] = $pconfig['dns_server4'];
379			}
380
381			if ($pconfig['ntp_server_enable']) {
382			$server['ntp_server1'] = $pconfig['ntp_server1'];
383			$server['ntp_server2'] = $pconfig['ntp_server2'];
384			}
385
386			$server['netbios_enable'] = $pconfig['netbios_enable'];
387			$server['netbios_ntype'] = $pconfig['netbios_ntype'];
388			$server['netbios_scope'] = $pconfig['netbios_scope'];
389
390			if ($pconfig['netbios_enable']) {
391
392			if ($pconfig['wins_server_enable']) {
393			$server['wins_server1'] = $pconfig['wins_server1'];
394			$server['wins_server2'] = $pconfig['wins_server2'];
395			}
396
397			if ($pconfig['dns_server_enable'])
398			$server['nbdd_server1'] = $pconfig['nbdd_server1'];
399			}
400	bca35cff	jim-p
401			if ($_POST['duplicate_cn'] == "yes")
402			$server['duplicate_cn'] = true;
403
404	d799787e	Matthew Grooms	if (isset($id) && $a_server[$id])
405			$a_server[$id] = $server;
406			else
407			$a_server[] = $server;
408
409	dc408939	Matthew Grooms	openvpn_resync('server', $server);
410	d799787e	Matthew Grooms	write_config();
411
412			header("Location: vpn_openvpn_server.php");
413			exit;
414			}
415	8a47c190	Ermal Lu?i	if (!empty($pconfig['authmode']))
416			$pconfig['authmode'] = implode(",", $pconfig['authmode']);
417	d799787e	Matthew Grooms	}
418
419			include("head.inc");
420
421			?>
422
423			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
424			<?php include("fbegin.inc"); ?>
425			<script language="JavaScript">
426			<!--
427
428	3c11bd3c	Matthew Grooms	function mode_change() {
429			index = document.iform.mode.selectedIndex;
430			value = document.iform.mode.options[index].value;
431	d799787e	Matthew Grooms	switch(value) {
432	3c11bd3c	Matthew Grooms	case "p2p_tls":
433			case "server_tls":
434			case "server_user":
435	94823361	jim-p	document.getElementById("tls").style.display="";
436			document.getElementById("tls_ca").style.display="";
437			document.getElementById("tls_crl").style.display="";
438			document.getElementById("tls_cert").style.display="";
439			document.getElementById("tls_dh").style.display="";
440	98963f27	jim-p	document.getElementById("cert_depth").style.display="";
441	94823361	jim-p	document.getElementById("strictusercn").style.display="none";
442			document.getElementById("psk").style.display="none";
443			break;
444	3c11bd3c	Matthew Grooms	case "server_tls_user":
445			document.getElementById("tls").style.display="";
446			document.getElementById("tls_ca").style.display="";
447	6db02381	jim-p	document.getElementById("tls_crl").style.display="";
448	3c11bd3c	Matthew Grooms	document.getElementById("tls_cert").style.display="";
449	fe787fc7	Matthew Grooms	document.getElementById("tls_dh").style.display="";
450	98963f27	jim-p	document.getElementById("cert_depth").style.display="";
451	94823361	jim-p	document.getElementById("strictusercn").style.display="";
452	d799787e	Matthew Grooms	document.getElementById("psk").style.display="none";
453			break;
454	3c11bd3c	Matthew Grooms	case "p2p_shared_key":
455			document.getElementById("tls").style.display="none";
456			document.getElementById("tls_ca").style.display="none";
457	6db02381	jim-p	document.getElementById("tls_crl").style.display="none";
458	3c11bd3c	Matthew Grooms	document.getElementById("tls_cert").style.display="none";
459	fe787fc7	Matthew Grooms	document.getElementById("tls_dh").style.display="none";
460	98963f27	jim-p	document.getElementById("cert_depth").style.display="none";
461	94823361	jim-p	document.getElementById("strictusercn").style.display="none";
462	d799787e	Matthew Grooms	document.getElementById("psk").style.display="";
463			break;
464			}
465	3c11bd3c	Matthew Grooms	switch(value) {
466			case "p2p_shared_key":
467			document.getElementById("client_opts").style.display="none";
468			document.getElementById("remote_opts").style.display="";
469	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="none";
470	b008c1eb	jim-p	document.getElementById("local_opts").style.display="none";
471			document.getElementById("authmodetr").style.display="none";
472	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="none";
473	b008c1eb	jim-p	break;
474			case "p2p_tls":
475			document.getElementById("client_opts").style.display="none";
476			document.getElementById("remote_opts").style.display="";
477	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="";
478	b008c1eb	jim-p	document.getElementById("local_opts").style.display="";
479	e8a58de4	Ermal Lu?i	document.getElementById("authmodetr").style.display="none";
480	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="none";
481	3c11bd3c	Matthew Grooms	break;
482	e8a58de4	Ermal Lu?i	case "server_user":
483			case "server_tls_user":
484			document.getElementById("authmodetr").style.display="";
485	54b9de56	Ermal Lu?i	document.getElementById("client_opts").style.display="";
486			document.getElementById("remote_opts").style.display="none";
487	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="";
488	b008c1eb	jim-p	document.getElementById("local_opts").style.display="";
489	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="";
490	54b9de56	Ermal Lu?i	break;
491			case "server_tls":
492			document.getElementById("authmodetr").style.display="none";
493	3c11bd3c	Matthew Grooms	default:
494			document.getElementById("client_opts").style.display="";
495			document.getElementById("remote_opts").style.display="none";
496	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="";
497	b008c1eb	jim-p	document.getElementById("local_opts").style.display="";
498	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="";
499	3c11bd3c	Matthew Grooms	break;
500			}
501	a2ff08f8	jim-p	gwredir_change();
502	3c11bd3c	Matthew Grooms	}
503
504			function autokey_change() {
505
506			if (document.iform.autokey_enable.checked)
507			document.getElementById("autokey_opts").style.display="none";
508			else
509			document.getElementById("autokey_opts").style.display="";
510			}
511
512			function tlsauth_change() {
513
514			<?php if (!$pconfig['tls']): ?>
515			if (document.iform.tlsauth_enable.checked)
516			document.getElementById("tlsauth_opts").style.display="";
517			else
518			document.getElementById("tlsauth_opts").style.display="none";
519			<?php endif; ?>
520
521			autotls_change();
522			}
523
524			function autotls_change() {
525
526			<?php if (!$pconfig['tls']): ?>
527			autocheck = document.iform.autotls_enable.checked;
528			<?php else: ?>
529			autocheck = false;
530			<?php endif; ?>
531
532			if (document.iform.tlsauth_enable.checked && !autocheck)
533			document.getElementById("autotls_opts").style.display="";
534			else
535			document.getElementById("autotls_opts").style.display="none";
536	d799787e	Matthew Grooms	}
537
538			function gwredir_change() {
539
540			if (document.iform.gwredir.checked)
541			document.getElementById("local_opts").style.display="none";
542			else
543			document.getElementById("local_opts").style.display="";
544			}
545
546			function dns_domain_change() {
547
548			if (document.iform.dns_domain_enable.checked)
549			document.getElementById("dns_domain_data").style.display="";
550			else
551			document.getElementById("dns_domain_data").style.display="none";
552			}
553
554			function dns_server_change() {
555
556			if (document.iform.dns_server_enable.checked)
557			document.getElementById("dns_server_data").style.display="";
558			else
559			document.getElementById("dns_server_data").style.display="none";
560			}
561
562			function wins_server_change() {
563
564			if (document.iform.wins_server_enable.checked)
565			document.getElementById("wins_server_data").style.display="";
566			else
567			document.getElementById("wins_server_data").style.display="none";
568			}
569
570			function ntp_server_change() {
571
572			if (document.iform.ntp_server_enable.checked)
573			document.getElementById("ntp_server_data").style.display="";
574			else
575			document.getElementById("ntp_server_data").style.display="none";
576			}
577
578			function netbios_change() {
579
580			if (document.iform.netbios_enable.checked) {
581			document.getElementById("netbios_data").style.display="";
582			document.getElementById("wins_opts").style.display="";
583			} else {
584			document.getElementById("netbios_data").style.display="none";
585			document.getElementById("wins_opts").style.display="none";
586			}
587			}
588
589	1ab6bdb5	jim-p	function tuntap_change() {
590
591			mindex = document.iform.mode.selectedIndex;
592			mvalue = document.iform.mode.options[mindex].value;
593
594			switch(mvalue) {
595			case "p2p_tls":
596			case "p2p_shared_key":
597			p2p = true;
598			break;
599			default:
600			p2p = false;
601			break;
602			}
603
604			index = document.iform.dev_mode.selectedIndex;
605			value = document.iform.dev_mode.options[index].value;
606			switch(value) {
607			case "tun":
608	74a556a3	jim-p	document.getElementById("ipv4_tunnel_network").className="vncellreq";
609	1ab6bdb5	jim-p	document.getElementById("serverbridge_dhcp").style.display="none";
610			document.getElementById("serverbridge_interface").style.display="none";
611			document.getElementById("serverbridge_dhcp_start").style.display="none";
612			document.getElementById("serverbridge_dhcp_end").style.display="none";
613			break;
614			case "tap":
615	74a556a3	jim-p	document.getElementById("ipv4_tunnel_network").className="vncell";
616	1ab6bdb5	jim-p	if (!p2p) {
617			document.getElementById("serverbridge_dhcp").style.display="";
618			document.getElementById("serverbridge_interface").style.display="";
619			document.getElementById("serverbridge_dhcp_start").style.display="";
620			document.getElementById("serverbridge_dhcp_end").style.display="";
621			if (document.iform.serverbridge_dhcp.checked) {
622			document.iform.serverbridge_interface.disabled = false;
623			document.iform.serverbridge_dhcp_start.disabled = false;
624			document.iform.serverbridge_dhcp_end.disabled = false;
625			} else {
626			document.iform.serverbridge_interface.disabled = true;
627			document.iform.serverbridge_dhcp_start.disabled = true;
628			document.iform.serverbridge_dhcp_end.disabled = true;
629			}
630			} else {
631			document.iform.serverbridge_dhcp.disabled = true;
632			document.iform.serverbridge_interface.disabled = true;
633			document.iform.serverbridge_dhcp_start.disabled = true;
634			document.iform.serverbridge_dhcp_end.disabled = true;
635			}
636			break;
637			}
638			}
639	d799787e	Matthew Grooms	//-->
640			</script>
641			<?php
642	428e66b6	jim-p	if (!$savemsg)
643			$savemsg = "";
644
645			if ($input_errors)
646			print_input_errors($input_errors);
647			if ($savemsg)
648			print_info_box_np($savemsg);
649	d799787e	Matthew Grooms	?>
650			<table width="100%" border="0" cellpadding="0" cellspacing="0">
651	5a3b0d3b	mgrooms	<tr>
652	d799787e	Matthew Grooms	<td class="tabnavtbl">
653			<ul id="tabnav">
654			<?php
655			$tab_array = array();
656			$tab_array[] = array(gettext("Server"), true, "vpn_openvpn_server.php");
657			$tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php");
658			$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
659	5540aee6	Ermal Lu?i	$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
660	b63f2e8b	Matthew Grooms	add_package_tabs("OpenVPN", $tab_array);
661	d799787e	Matthew Grooms	display_top_tabs($tab_array);
662			?>
663			</ul>
664			</td>
665			</tr>
666			<tr>
667			<td class="tabcont">
668
669			<?php if($act=="new" \|\| $act=="edit"): ?>
670
671			<form action="vpn_openvpn_server.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
672			<table width="100%" border="0" cellpadding="6" cellspacing="0">
673	47c00c09	Scott Ullrich	<tr>
674	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
675	b63f2e8b	Matthew Grooms	</tr>
676	d799787e	Matthew Grooms	<tr>
677	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
678	d799787e	Matthew Grooms	<td width="78%" class="vtable">
679			<table border="0" cellpadding="0" cellspacing="0">
680			<tr>
681			<td>
682			<?php set_checked($pconfig['disable'],$chk); ?>
683			<input name="disable" type="checkbox" value="yes" <?=$chk;?>/>
684			</td>
685			<td>
686
687			<span class="vexpl">
688	4d8b3382	Carlos Eduardo Ramos	<strong><?=gettext("Disable this server"); ?></strong><br>
689	d799787e	Matthew Grooms	</span>
690			</td>
691			</tr>
692			</table>
693	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this server without removing it from the list"); ?>.
694	d799787e	Matthew Grooms	</td>
695			</tr>
696	3c11bd3c	Matthew Grooms	<tr>
697			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
698			<td width="78%" class="vtable">
699	1ab6bdb5	jim-p	<select name='mode' id='mode' class="formselect" onchange='mode_change(); tuntap_change()'>
700	3c11bd3c	Matthew Grooms	<?php
701			foreach ($openvpn_server_modes as $name => $desc):
702			$selected = "";
703			if ($pconfig['mode'] == $name)
704			$selected = "selected";
705			?>
706			<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
707			<?php endforeach; ?>
708			</select>
709			</td>
710			</tr>
711	e8a58de4	Ermal Lu?i	<tr id="authmodetr" style="display:none">
712			<td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td>
713			<td width="78%" class="vtable">
714	6306b5dd	Ermal Lu?i	<select name='authmode[]' id='authmode' class="formselect" multiple="true" size="<?php echo count($auth_servers); ?>">
715	c61e4626	Ermal Lu?i	<?php $authmodes = explode(",", $pconfig['authmode']); ?>
716	e8a58de4	Ermal Lu?i	<?php
717	6306b5dd	Ermal Lu?i	$auth_servers = auth_get_authserver_list();
718	e8a58de4	Ermal Lu?i	foreach ($auth_servers as $auth_server):
719			$selected = "";
720	c61e4626	Ermal Lu?i	if (in_array($auth_server['name'], $authmodes))
721	e8a58de4	Ermal Lu?i	$selected = "selected";
722			?>
723			<option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option>
724			<?php endforeach; ?>
725			</select>
726			</td>
727			</tr>
728	d799787e	Matthew Grooms	<tr>
729			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
730			<td width="78%" class="vtable">
731			<select name='protocol' class="formselect">
732			<?php
733			foreach ($openvpn_prots as $prot):
734			$selected = "";
735			if ($pconfig['protocol'] == $prot)
736			$selected = "selected";
737			?>
738			<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
739			<?php endforeach; ?>
740			</select>
741			</td>
742			</tr>
743	bf87b4d7	lgcosta	<tr>
744			<td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td>
745			<td width="78%" class="vtable">
746	1ab6bdb5	jim-p	<select name="dev_mode" class="formselect" onchange='tuntap_change()'>
747	bf87b4d7	lgcosta	<?php
748			foreach ($openvpn_dev_mode as $device):
749	71edee5e	lgcosta	$selected = "";
750	4936ff53	jim-p	if (! empty($pconfig['dev_mode'])) {
751			if ($pconfig['dev_mode'] == $device)
752	71edee5e	lgcosta	$selected = "selected";
753			} else {
754			if ($device == "tun")
755			$selected = "selected";
756			}
757	bf87b4d7	lgcosta	?>
758			<option value="<?=$device;?>" <?=$selected;?>><?=$device;?></option>
759			<?php endforeach; ?>
760			</select>
761			</td>
762			</tr>
763	d799787e	Matthew Grooms	<tr>
764	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
765	d799787e	Matthew Grooms	<td width="78%" class="vtable">
766			<select name="interface" class="formselect">
767			<?php
768			$interfaces = get_configured_interface_with_descr();
769	3d06e8f0	pierrepomes	$carplist = get_configured_carp_interface_list();
770			foreach ($carplist as $cif => $carpip)
771	dd62256f	Pierre POMES	$interfaces[$cif.'\|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
772	67b0902f	pierrepomes	$aliaslist = get_configured_ip_aliases_list();
773			foreach ($aliaslist as $aliasip => $aliasif)
774	dd62256f	Pierre POMES	$interfaces[$aliasif.'\|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
775	67b0902f	pierrepomes	$interfaces['any'] = "any";
776	d799787e	Matthew Grooms	foreach ($interfaces as $iface => $ifacename):
777	1d3bcd2a	Matthew Grooms	$selected = "";
778			if ($iface == $pconfig['interface'])
779			$selected = "selected";
780	d799787e	Matthew Grooms	?>
781	1d3bcd2a	Matthew Grooms	<option value="<?=$iface;?>" <?=$selected;?>>
782			<?=htmlspecialchars($ifacename);?>
783			</option>
784	d799787e	Matthew Grooms	<?php endforeach; ?>
785			</select> <br>
786			</td>
787			</tr>
788			<tr>
789			<td width="22%" valign="top" class="vncellreq"><?=gettext("Local port");?></td>
790			<td width="78%" class="vtable">
791			<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>"/>
792			</td>
793			</tr>
794			<tr>
795	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
796	d799787e	Matthew Grooms	<td width="78%" class="vtable">
797			<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>">
798			<br>
799	4d8b3382	Carlos Eduardo Ramos	<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
800	d799787e	Matthew Grooms	</td>
801			</tr>
802			<tr>
803			<td colspan="2" class="list" height="12"></td>
804			</tr>
805			<tr>
806	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
807	d799787e	Matthew Grooms	</tr>
808	3c11bd3c	Matthew Grooms	<tr id="tls">
809	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
810	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
811			<table border="0" cellpadding="2" cellspacing="0">
812			<tr>
813			<td>
814			<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
815			<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onClick="tlsauth_change()">
816			</td>
817			<td>
818			<span class="vexpl">
819	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Enable authentication of TLS packets"); ?>.
820	3c11bd3c	Matthew Grooms	</span>
821			</td>
822			</tr>
823			</table>
824			<?php if (!$pconfig['tls']): ?>
825			<table border="0" cellpadding="2" cellspacing="0" id='tlsauth_opts'>
826			<tr>
827			<td>
828			<?php set_checked($pconfig['autotls_enable'],$chk); ?>
829			<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autotls_change()">
830			</td>
831			<td>
832			<span class="vexpl">
833	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
834	3c11bd3c	Matthew Grooms	</span>
835			</td>
836			</tr>
837			</table>
838			<?php endif; ?>
839			<table border="0" cellpadding="2" cellspacing="0" id='autotls_opts'>
840			<tr>
841			<td>
842			<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
843			<br/>
844	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
845	3c11bd3c	Matthew Grooms	</td>
846			</tr>
847			</table>
848			</td>
849	d799787e	Matthew Grooms	</tr>
850	3c11bd3c	Matthew Grooms	<tr id="tls_ca">
851	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
852	d799787e	Matthew Grooms	<td width="78%" class="vtable">
853	19cdeb3e	jim-p	<?php if (count($a_ca)): ?>
854	d799787e	Matthew Grooms	<select name='caref' class="formselect">
855			<?php
856	428e66b6	jim-p	foreach ($a_ca as $ca):
857	d799787e	Matthew Grooms	$selected = "";
858			if ($pconfig['caref'] == $ca['refid'])
859			$selected = "selected";
860			?>
861	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
862	d799787e	Matthew Grooms	<?php endforeach; ?>
863			</select>
864	19cdeb3e	jim-p	<?php else: ?>
865			<b>No Certificate Authorities defined.</b> <br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>.
866			<?php endif; ?>
867	d799787e	Matthew Grooms	</td>
868			</tr>
869	6db02381	jim-p	<tr id="tls_crl">
870			<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Revocation List"); ?></td>
871			<td width="78%" class="vtable">
872	19cdeb3e	jim-p	<?php if (count($a_crl)): ?>
873	6db02381	jim-p	<select name='crlref' class="formselect">
874			<option value="">None</option>
875			<?php
876	428e66b6	jim-p	foreach ($a_crl as $crl):
877	6db02381	jim-p	$selected = "";
878	f02c3e1d	jim-p	$caname = "";
879			$ca = lookup_ca($crl['caref']);
880			if ($ca) {
881			$caname = " (CA: {$ca['descr']})";
882			if ($pconfig['crlref'] == $crl['refid'])
883			$selected = "selected";
884			}
885	6db02381	jim-p	?>
886	f02c3e1d	jim-p	<option value="<?=$crl['refid'];?>" <?=$selected;?>><?=$crl['descr'] . $caname;?></option>
887	6db02381	jim-p	<?php endforeach; ?>
888			</select>
889	19cdeb3e	jim-p	<?php else: ?>
890			<b>No Certificate Revocation Lists (CRLs) defined.</b> <br/>Create one under <a href="system_crlmanager.php">System > Cert Manager</a>.
891			<?php endif; ?>
892	6db02381	jim-p	</td>
893			</tr>
894	3c11bd3c	Matthew Grooms	<tr id="tls_cert">
895	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Certificate"); ?></td>
896	d799787e	Matthew Grooms	<td width="78%" class="vtable">
897	19cdeb3e	jim-p	<?php if (count($a_cert)): ?>
898	d799787e	Matthew Grooms	<select name='certref' class="formselect">
899			<?php
900	428e66b6	jim-p	foreach ($a_cert as $cert):
901	9e303f2f	jim-p	$selected = "";
902			$caname = "";
903			$inuse = "";
904			$revoked = "";
905			$ca = lookup_ca($cert['caref']);
906			if ($ca)
907			$caname = " (CA: {$ca['descr']})";
908			if ($pconfig['certref'] == $cert['refid'])
909			$selected = "selected";
910			if (cert_in_use($cert['refid']))
911			$inuse = " *In Use";
912			if (is_cert_revoked($cert))
913			$revoked = " *Revoked";
914	d799787e	Matthew Grooms	?>
915	6a0b3ea4	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
916	d799787e	Matthew Grooms	<?php endforeach; ?>
917			</select>
918	19cdeb3e	jim-p	<?php else: ?>
919			<b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>.
920			<?php endif; ?>
921	d799787e	Matthew Grooms	</td>
922			</tr>
923	fe787fc7	Matthew Grooms	<tr id="tls_dh">
924	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH Parameters Length"); ?></td>
925	fe787fc7	Matthew Grooms	<td width="78%" class="vtable">
926			<select name="dh_length" class="formselect">
927			<?php
928			foreach ($openvpn_dh_lengths as $length):
929			$selected = '';
930			if ($length == $pconfig['dh_length'])
931			$selected = ' selected';
932			?>
933			<option<?=$selected?>><?=$length;?></option>
934			<?php endforeach; ?>
935			</select>
936			<span class="vexpl">
937	1c83021a	Carlos Eduardo Ramos	<?=gettext("bits"); ?>
938	fe787fc7	Matthew Grooms	</span>
939			</td>
940			</tr>
941	d799787e	Matthew Grooms	<tr id="psk">
942	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
943	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
944			<?php if (!$pconfig['shared_key']): ?>
945			<table border="0" cellpadding="2" cellspacing="0">
946			<tr>
947			<td>
948			<?php set_checked($pconfig['autokey_enable'],$chk); ?>
949			<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autokey_change()">
950			</td>
951			<td>
952			<span class="vexpl">
953	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared key"); ?>.
954	3c11bd3c	Matthew Grooms	</span>
955			</td>
956			</tr>
957			</table>
958			<?php endif; ?>
959			<table border="0" cellpadding="2" cellspacing="0" id='autokey_opts'>
960			<tr>
961			<td>
962			<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
963			<br/>
964	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
965	3c11bd3c	Matthew Grooms	</td>
966			</tr>
967			</table>
968	d799787e	Matthew Grooms	</td>
969			</tr>
970			<tr>
971	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
972	d799787e	Matthew Grooms	<td width="78%" class="vtable">
973			<select name="crypto" class="formselect">
974			<?php
975			$cipherlist = openvpn_get_cipherlist();
976			foreach ($cipherlist as $name => $desc):
977			$selected = '';
978			if ($name == $pconfig['crypto'])
979			$selected = ' selected';
980			?>
981			<option value="<?=$name;?>"<?=$selected?>>
982			<?=htmlspecialchars($desc);?>
983			</option>
984			<?php endforeach; ?>
985	582c58ae	jim-p	</select>
986			</td>
987			</tr>
988			<tr id="engine">
989			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
990			<td width="78%" class="vtable">
991			<select name="engine" class="formselect">
992			<?php
993			$engines = openvpn_get_engines();
994			foreach ($engines as $name => $desc):
995			$selected = '';
996			if ($name == $pconfig['engine'])
997			$selected = ' selected';
998			?>
999			<option value="<?=$name;?>"<?=$selected?>>
1000			<?=htmlspecialchars($desc);?>
1001			</option>
1002			<?php endforeach; ?>
1003	d799787e	Matthew Grooms	</select>
1004			</td>
1005			</tr>
1006	98963f27	jim-p	<tr id="cert_depth">
1007			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate Depth"); ?></td>
1008			<td width="78%" class="vtable">
1009			<table border="0" cellpadding="2" cellspacing="0">
1010			<tr><td>
1011			<select name="cert_depth" class="formselect">
1012			<option value="">Do Not Check</option>
1013			<?php
1014			foreach ($openvpn_cert_depths as $depth => $depthdesc):
1015			$selected = '';
1016			if ($depth == $pconfig['cert_depth'])
1017			$selected = ' selected';
1018			?>
1019			<option value="<?= $depth ?>" <?= $selected ?>><?= $depthdesc ?></option>
1020			<?php endforeach; ?>
1021			</select>
1022			</td></tr>
1023			<tr><td>
1024			<span class="vexpl">
1025			<?=gettext("When a certificate-based client logs in, do not accept certificates below this depth. Useful for denying certificates made with intermediate CAs generated from the same CA as the server."); ?>
1026			</span>
1027			</td></tr>
1028			</table>
1029			</td>
1030			</tr>
1031	94823361	jim-p	<tr id="strictusercn">
1032			<td width="22%" valign="top" class="vncell"><?=gettext("Strict User/CN Matching"); ?></td>
1033			<td width="78%" class="vtable">
1034			<table border="0" cellpadding="2" cellspacing="0">
1035			<tr>
1036			<td>
1037			<?php set_checked($pconfig['strictusercn'],$chk); ?>
1038			<input name="strictusercn" type="checkbox" value="yes" <?=$chk;?>/>
1039			</td>
1040			<td>
1041			<span class="vexpl">
1042			<?=gettext("When authenticating users, enforce a match between the common name of the client certificate and the username given at login."); ?>
1043			</span>
1044			</td>
1045			</tr>
1046			</table>
1047			</td>
1048			</tr>
1049	d799787e	Matthew Grooms	<tr>
1050			<td colspan="2" class="list" height="12"></td>
1051			</tr>
1052			<tr>
1053	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
1054	d799787e	Matthew Grooms	</tr>
1055	74a556a3	jim-p	<tr>
1056			<td width="22%" valign="top" class="vncellreq" id="ipv4_tunnel_network"><?=gettext("IPv4 Tunnel Network"); ?></td>
1057	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1058			<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>">
1059			<br>
1060	b1ba04cf	Seth Mos	<?=gettext("This is the IPv4 virtual network used for private " .
1061	4d8b3382	Carlos Eduardo Ramos	"communications between this server and client " .
1062			"hosts expressed using CIDR (eg. 10.0.8.0/24). " .
1063			"The first network address will be assigned to " .
1064			"the server virtual interface. The remaining " .
1065			"network addresses can optionally be assigned " .
1066			"to connecting clients. (see Address Pool)"); ?>
1067	d799787e	Matthew Grooms	</td>
1068			</tr>
1069	74a556a3	jim-p	<tr>
1070			<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Tunnel Network"); ?></td>
1071	b1ba04cf	Seth Mos	<td width="78%" class="vtable">
1072			<input name="tunnel_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_networkv6']);?>">
1073			<br>
1074			<?=gettext("This is the IPv6 virtual network used for private " .
1075			"communications between this server and client " .
1076			"hosts expressed using CIDR (eg. fe80::/64). " .
1077			"The first network address will be assigned to " .
1078			"the server virtual interface. The remaining " .
1079			"network addresses can optionally be assigned " .
1080			"to connecting clients. (see Address Pool)"); ?>
1081			</td>
1082			</tr>
1083	1ab6bdb5	jim-p	<tr id="serverbridge_dhcp">
1084			<td width="22%" valign="top" class="vncell"><?=gettext("Bridge DHCP"); ?></td>
1085			<td width="78%" class="vtable">
1086			<table border="0" cellpadding="2" cellspacing="0">
1087			<tr>
1088			<td>
1089			<?php set_checked($pconfig['serverbridge_dhcp'],$chk); ?>
1090			<input name="serverbridge_dhcp" type="checkbox" value="yes" <?=$chk;?> onchange='tuntap_change()' />
1091			</td>
1092			<td>
1093			<span class="vexpl">
1094			<?=gettext("Allow clients on the bridge to obtain DHCP."); ?><br>
1095			</span>
1096			</td>
1097			</tr>
1098			</table>
1099			</td>
1100			</tr>
1101			<tr id="serverbridge_interface">
1102			<td width="22%" valign="top" class="vncell"><?=gettext("Bridge Interface"); ?></td>
1103			<td width="78%" class="vtable">
1104			<select name="serverbridge_interface" class="formselect">
1105			<?php
1106			$serverbridge_interface['none'] = "none";
1107			$serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr());
1108			$carplist = get_configured_carp_interface_list();
1109			foreach ($carplist as $cif => $carpip)
1110			$serverbridge_interface[$cif.'\|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
1111			$aliaslist = get_configured_ip_aliases_list();
1112			foreach ($aliaslist as $aliasip => $aliasif)
1113			$serverbridge_interface[$aliasif.'\|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
1114			foreach ($serverbridge_interface as $iface => $ifacename):
1115			$selected = "";
1116			if ($iface == $pconfig['serverbridge_interface'])
1117			$selected = "selected";
1118			?>
1119			<option value="<?=$iface;?>" <?=$selected;?>>
1120			<?=htmlspecialchars($ifacename);?>
1121			</option>
1122			<?php endforeach; ?>
1123			</select> <br>
1124			<?=gettext("The interface to which this tap instance will be, " .
1125			"bridged. This is not done automatically. You must assign this " .
1126			"interface and create the bridge separately. " .
1127			"This setting controls which existing IP address and subnet " .
1128			"mask are used by OpenVPN for the bridge. Setting this to " .
1129			"'none' will cause the Server Bridge DHCP settings below to be ignored."); ?>
1130			</td>
1131			</tr>
1132			<tr id="serverbridge_dhcp_start">
1133			<td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP Start"); ?></td>
1134			<td width="78%" class="vtable">
1135			<input name="serverbridge_dhcp_start" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_start']);?>">
1136			<br>
1137			<?=gettext("When using tap mode as multi-point server, " .
1138			"you may optionally supply a DHCP range to use on the " .
1139			"interface to which this tap instance is bridged. " .
1140			"If these settings are left blank, DHCP will be passed " .
1141			"through to the LAN, and the interface setting above " .
1142			"will be ignored."); ?>
1143			</td>
1144			</tr>
1145			<tr id="serverbridge_dhcp_end">
1146	850ae59e	Irving Popovetsky	<td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP End"); ?></td>
1147	1ab6bdb5	jim-p	<td width="78%" class="vtable">
1148			<input name="serverbridge_dhcp_end" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_end']);?>">
1149			<br>
1150			<?=gettext(""); ?>
1151			</td>
1152			</tr>
1153	a2ff08f8	jim-p	<tr id="gwredir_opts">
1154	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td>
1155	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1156			<table border="0" cellpadding="2" cellspacing="0">
1157			<tr>
1158			<td>
1159			<?php set_checked($pconfig['gwredir'],$chk); ?>
1160			<input name="gwredir" type="checkbox" value="yes" <?=$chk;?> onClick="gwredir_change()"/>
1161			</td>
1162			<td>
1163			<span class="vexpl">
1164	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Force all client generated traffic through the tunnel"); ?>.
1165	d799787e	Matthew Grooms	</span>
1166			</td>
1167			</tr>
1168			</table>
1169			</td>
1170			</tr>
1171			<tr id="local_opts">
1172	b1ba04cf	Seth Mos	<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Local Network"); ?></td>
1173	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1174			<input name="local_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['local_network']);?>">
1175			<br>
1176	4d8b3382	Carlos Eduardo Ramos	<?=gettext("This is the network that will be accessible " .
1177			"from the remote endpoint. Expressed as a CIDR " .
1178			"range. You may leave this blank if you don't " .
1179			"want to add a route to the local network " .
1180			"through this tunnel on the remote machine. " .
1181			"This is generally set to your LAN network"); ?>.
1182	d799787e	Matthew Grooms	</td>
1183			</tr>
1184	b1ba04cf	Seth Mos	<tr id="local_opts">
1185			<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Local Network"); ?></td>
1186			<td width="78%" class="vtable">
1187			<input name="local_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['local_networkv6']);?>">
1188			<br>
1189			<?=gettext("This is the IPv6 network that will be accessible " .
1190			"from the remote endpoint. Expressed as a CIDR " .
1191			"range. You may leave this blank if you don't " .
1192			"want to add a route to the local network " .
1193			"through this tunnel on the remote machine. " .
1194			"This is generally set to your LAN network"); ?>.
1195			</td>
1196			</tr>
1197	3c11bd3c	Matthew Grooms	<tr id="remote_opts">
1198	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Remote Network"); ?></td>
1199	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
1200			<input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>">
1201			<br>
1202	4d8b3382	Carlos Eduardo Ramos	<?=gettext("This is a network that will be routed through " .
1203			"the tunnel, so that a site-to-site VPN can be " .
1204			"established without manually changing the " .
1205			"routing tables. Expressed as a CIDR range. If " .
1206			"this is a site-to-site VPN, enter here the " .
1207			"remote LAN here. You may leave this blank if " .
1208			"you don't want a site-to-site VPN"); ?>.
1209	3c11bd3c	Matthew Grooms	</td>
1210			</tr>
1211	d799787e	Matthew Grooms	<tr>
1212			<td width="22%" valign="top" class="vncell"><?=gettext("Concurrent connections");?></td>
1213			<td width="78%" class="vtable">
1214			<input name="maxclients" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['maxclients']);?>"/>
1215			<br/>
1216	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Specify the maximum number of clients allowed to concurrently connect to this server"); ?>.
1217	d799787e	Matthew Grooms	</td>
1218			</tr>
1219			<tr>
1220	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
1221	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1222			<table border="0" cellpadding="2" cellspacing="0">
1223			<tr>
1224			<td>
1225			<?php set_checked($pconfig['compression'],$chk); ?>
1226			<input name="compression" type="checkbox" value="yes" <?=$chk;?>>
1227			</td>
1228			<td>
1229			<span class="vexpl">
1230	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Compress tunnel packets using the LZO algorithm"); ?>.
1231	d799787e	Matthew Grooms	</span>
1232			</td>
1233			</tr>
1234			</table>
1235			</td>
1236			</tr>
1237			<tr>
1238	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
1239	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1240			<table border="0" cellpadding="2" cellspacing="0">
1241			<tr>
1242			<td>
1243	1cb0b40a	Matthew Grooms	<?php set_checked($pconfig['passtos'],$chk); ?>
1244			<input name="passtos" type="checkbox" value="yes" <?=$chk;?>>
1245	d799787e	Matthew Grooms	</td>
1246			<td>
1247			<span class="vexpl">
1248	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
1249	d799787e	Matthew Grooms	</span>
1250			</td>
1251			</tr>
1252			</table>
1253			</td>
1254			</tr>
1255	107794cc	jim-p	<tr id="inter_client_communication">
1256	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Inter-client communication"); ?></td>
1257	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1258			<table border="0" cellpadding="2" cellspacing="0">
1259			<tr>
1260			<td>
1261			<?php set_checked($pconfig['client2client'],$chk); ?>
1262			<input name="client2client" type="checkbox" value="yes" <?=$chk;?>/>
1263			</td>
1264			<td>
1265			<span class="vexpl">
1266	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Allow communication between clients connected to this server"); ?>
1267	d799787e	Matthew Grooms	</span>
1268			</td>
1269			</tr>
1270			</table>
1271			</td>
1272			</tr>
1273	bca35cff	jim-p	<tr id="duplicate_cn">
1274			<td width="22%" valign="top" class="vncell"><?=gettext("Duplicate Connections"); ?></td>
1275			<td width="78%" class="vtable">
1276			<table border="0" cellpadding="2" cellspacing="0">
1277			<tr>
1278			<td>
1279			<?php set_checked($pconfig['duplicate_cn'],$chk); ?>
1280			<input name="duplicate_cn" type="checkbox" value="yes" <?=$chk;?>/>
1281			</td>
1282			<td>
1283			<span class="vexpl">
1284			<?=gettext("Allow multiple concurrent connections from clients using the same Common Name.<br/>NOTE: This is not generally recommended, but may be needed for some scenarios."); ?>
1285			</span>
1286			</td>
1287			</tr>
1288			</table>
1289			</td>
1290			</tr>
1291	3c11bd3c	Matthew Grooms	</table>
1292
1293			<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts">
1294	d799787e	Matthew Grooms	<tr>
1295			<td colspan="2" class="list" height="12"></td>
1296			</tr>
1297			<tr>
1298	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Client Settings"); ?></td>
1299	d799787e	Matthew Grooms	</tr>
1300	65ff8497	jim-p	<tr>
1301	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dynamic IP"); ?></td>
1302	65ff8497	jim-p	<td width="78%" class="vtable">
1303			<table border="0" cellpadding="2" cellspacing="0">
1304			<tr>
1305			<td>
1306			<?php set_checked($pconfig['dynamic_ip'],$chk); ?>
1307	b3cf36d7	Erik Fonnesbeck	<input name="dynamic_ip" type="checkbox" id="dynamic_ip" value="yes" <?=$chk;?>/>
1308	65ff8497	jim-p	</td>
1309			<td>
1310			<span class="vexpl">
1311	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Allow connected clients to retain their connections if their IP address changes"); ?>.<br>
1312	65ff8497	jim-p	</span>
1313			</td>
1314			</tr>
1315			</table>
1316			</td>
1317			</tr>
1318	d799787e	Matthew Grooms	<tr>
1319	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Address Pool"); ?></td>
1320	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1321			<table border="0" cellpadding="2" cellspacing="0">
1322			<tr>
1323			<td>
1324			<?php set_checked($pconfig['pool_enable'],$chk); ?>
1325	b3cf36d7	Erik Fonnesbeck	<input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?>/>
1326	d799787e	Matthew Grooms	</td>
1327			<td>
1328			<span class="vexpl">
1329	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Provide a virtual adapter IP address to clients (see Tunnel Network)"); ?><br>
1330	d799787e	Matthew Grooms	</span>
1331			</td>
1332			</tr>
1333			</table>
1334			</td>
1335			</tr>
1336			<tr>
1337	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("DNS Default Domain"); ?></td>
1338	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1339			<table border="0" cellpadding="2" cellspacing="0">
1340			<tr>
1341			<td>
1342			<?php set_checked($pconfig['dns_domain_enable'],$chk); ?>
1343			<input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onClick="dns_domain_change()">
1344			</td>
1345			<td>
1346			<span class="vexpl">
1347	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Provide a default domain name to clients"); ?><br>
1348	d799787e	Matthew Grooms	</span>
1349			</td>
1350			</tr>
1351			</table>
1352			<table border="0" cellpadding="2" cellspacing="0" id="dns_domain_data">
1353			<tr>
1354			<td>
1355			<input name="dns_domain" type="text" class="formfld unknown" id="dns_domain" size="30" value="<?=htmlspecialchars($pconfig['dns_domain']);?>">
1356			</td>
1357			</tr>
1358			</table>
1359			</td>
1360			</tr>
1361			<tr>
1362	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("DNS Servers"); ?></td>
1363	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1364			<table border="0" cellpadding="2" cellspacing="0">
1365			<tr>
1366			<td>
1367			<?php set_checked($pconfig['dns_server_enable'],$chk); ?>
1368			<input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onClick="dns_server_change()">
1369			</td>
1370			<td>
1371			<span class="vexpl">
1372	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Provide a DNS server list to clients"); ?><br>
1373	d799787e	Matthew Grooms	</span>
1374			</td>
1375			</tr>
1376			</table>
1377			<table border="0" cellpadding="2" cellspacing="0" id="dns_server_data">
1378			<tr>
1379			<td>
1380			<span class="vexpl">
1381	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #1:
1382	d799787e	Matthew Grooms	</span>
1383	dd5bf424	Scott Ullrich	<input name="dns_server1" type="text" class="formfld unknown" id="dns_server1" size="20" value="<?=htmlspecialchars($pconfig['dns_server1']);?>">
1384	d799787e	Matthew Grooms	</td>
1385			</tr>
1386			<tr>
1387			<td>
1388			<span class="vexpl">
1389	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #2:
1390	d799787e	Matthew Grooms	</span>
1391	dd5bf424	Scott Ullrich	<input name="dns_server2" type="text" class="formfld unknown" id="dns_server2" size="20" value="<?=htmlspecialchars($pconfig['dns_server2']);?>">
1392	d799787e	Matthew Grooms	</td>
1393			</tr>
1394			<tr>
1395			<td>
1396			<span class="vexpl">
1397	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #3:
1398	d799787e	Matthew Grooms	</span>
1399	dd5bf424	Scott Ullrich	<input name="dns_server3" type="text" class="formfld unknown" id="dns_server3" size="20" value="<?=htmlspecialchars($pconfig['dns_server3']);?>">
1400	d799787e	Matthew Grooms	</td>
1401			</tr>
1402			<tr>
1403			<td>
1404			<span class="vexpl">
1405	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #4:
1406	d799787e	Matthew Grooms	</span>
1407	dd5bf424	Scott Ullrich	<input name="dns_server4" type="text" class="formfld unknown" id="dns_server4" size="20" value="<?=htmlspecialchars($pconfig['dns_server4']);?>">
1408	d799787e	Matthew Grooms	</td>
1409			</tr>
1410			</table>
1411			</td>
1412			</tr>
1413			<tr>
1414	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NTP Servers"); ?></td>
1415	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1416			<table border="0" cellpadding="2" cellspacing="0">
1417			<tr>
1418			<td>
1419			<?php set_checked($pconfig['ntp_server_enable'],$chk); ?>
1420			<input name="ntp_server_enable" type="checkbox" id="ntp_server_enable" value="yes" <?=$chk;?> onClick="ntp_server_change()">
1421			</td>
1422			<td>
1423			<span class="vexpl">
1424	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Provide a NTP server list to clients"); ?><br>
1425	d799787e	Matthew Grooms	</span>
1426			</td>
1427			</tr>
1428			</table>
1429			<table border="0" cellpadding="2" cellspacing="0" id="ntp_server_data">
1430			<tr>
1431			<td>
1432			<span class="vexpl">
1433	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #1:
1434	d799787e	Matthew Grooms	</span>
1435	dd5bf424	Scott Ullrich	<input name="ntp_server1" type="text" class="formfld unknown" id="ntp_server1" size="20" value="<?=htmlspecialchars($pconfig['ntp_server1']);?>">
1436	d799787e	Matthew Grooms	</td>
1437			</tr>
1438			<tr>
1439			<td>
1440			<span class="vexpl">
1441	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #2:
1442	d799787e	Matthew Grooms	</span>
1443	dd5bf424	Scott Ullrich	<input name="ntp_server2" type="text" class="formfld unknown" id="ntp_server2" size="20" value="<?=htmlspecialchars($pconfig['ntp_server2']);?>">
1444	d799787e	Matthew Grooms	</td>
1445			</tr>
1446			</table>
1447			</td>
1448			</tr>
1449			<tr>
1450	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NetBIOS Options"); ?></td>
1451	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1452			<table border="0" cellpadding="2" cellspacing="0">
1453			<tr>
1454			<td>
1455			<?php set_checked($pconfig['netbios_enable'],$chk); ?>
1456			<input name="netbios_enable" type="checkbox" id="netbios_enable" value="yes" <?=$chk;?> onClick="netbios_change()">
1457			</td>
1458			<td>
1459			<span class="vexpl">
1460	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Enable NetBIOS over TCP/IP"); ?><br>
1461	d799787e	Matthew Grooms	</span>
1462			</td>
1463			</tr>
1464			</table>
1465	4d8b3382	Carlos Eduardo Ramos	<?=gettext("If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled"); ?>.
1466	d799787e	Matthew Grooms	<br/>
1467			<table border="0" cellpadding="2" cellspacing="0" id="netbios_data">
1468			<tr>
1469			<td>
1470			<br/>
1471			<span class="vexpl">
1472	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Node Type"); ?>:
1473	d799787e	Matthew Grooms	</span>
1474			<select name='netbios_ntype' class="formselect">
1475			<?php
1476			foreach ($netbios_nodetypes as $type => $name):
1477			$selected = "";
1478			if ($pconfig['netbios_ntype'] == $type)
1479			$selected = "selected";
1480			?>
1481			<option value="<?=$type;?>" <?=$selected;?>><?=$name;?></option>
1482			<?php endforeach; ?>
1483			</select>
1484			<br/>
1485	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Possible options: b-node (broadcasts), p-node " .
1486			"(point-to-point name queries to a WINS server), " .
1487			"m-node (broadcast then query name server), and " .
1488			"h-node (query name server, then broadcast)"); ?>.
1489	d799787e	Matthew Grooms	</td>
1490			</tr>
1491			<tr>
1492			<td>
1493			<br/>
1494			<span class="vexpl">
1495	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Scope ID"); ?>:
1496	d799787e	Matthew Grooms	</span>
1497			<input name="netbios_scope" type="text" class="formfld unknown" id="netbios_scope" size="30" value="<?=htmlspecialchars($pconfig['netbios_scope']);?>">
1498			<br/>
1499	4d8b3382	Carlos Eduardo Ramos	<?=gettext("A NetBIOS Scope ID provides an extended naming " .
1500			"service for NetBIOS over TCP/IP. The NetBIOS " .
1501			"scope ID isolates NetBIOS traffic on a single " .
1502			"network to only those nodes with the same " .
1503			"NetBIOS scope ID"); ?>.
1504	d799787e	Matthew Grooms	</td>
1505			</tr>
1506			</table>
1507			</td>
1508			</tr>
1509			<tr id="wins_opts">
1510	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("WINS Servers"); ?></td>
1511	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1512			<table border="0" cellpadding="2" cellspacing="0">
1513			<tr>
1514			<td>
1515			<?php set_checked($pconfig['wins_server_enable'],$chk); ?>
1516			<input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onClick="wins_server_change()">
1517			</td>
1518			<td>
1519			<span class="vexpl">
1520	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Provide a WINS server list to clients"); ?><br>
1521	d799787e	Matthew Grooms	</span>
1522			</td>
1523			</tr>
1524			</table>
1525			<table border="0" cellpadding="2" cellspacing="0" id="wins_server_data">
1526			<tr>
1527			<td>
1528			<span class="vexpl">
1529	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #1:
1530	d799787e	Matthew Grooms	</span>
1531	dd5bf424	Scott Ullrich	<input name="wins_server1" type="text" class="formfld unknown" id="wins_server1" size="20" value="<?=htmlspecialchars($pconfig['wins_server1']);?>">
1532	d799787e	Matthew Grooms	</td>
1533			</tr>
1534			<tr>
1535			<td>
1536			<span class="vexpl">
1537	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #2:
1538	d799787e	Matthew Grooms	</span>
1539	dd5bf424	Scott Ullrich	<input name="wins_server2" type="text" class="formfld unknown" id="wins_server2" size="20" value="<?=htmlspecialchars($pconfig['wins_server2']);?>">
1540	d799787e	Matthew Grooms	</td>
1541			</tr>
1542			</table>
1543			</td>
1544			</tr>
1545	3c11bd3c	Matthew Grooms	</table>
1546
1547	2f4f30ee	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts">
1548			<tr>
1549			<td colspan="2" class="list" height="12"></td>
1550			</tr>
1551			<tr>
1552	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
1553	2f4f30ee	Scott Ullrich	</tr>
1554			<tr>
1555	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
1556	2f4f30ee	Scott Ullrich	<td width="78%" class="vtable">
1557			<table border="0" cellpadding="2" cellspacing="0">
1558			<tr>
1559			<td>
1560	dd5bf424	Scott Ullrich	<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br/>
1561	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Enter any additional options you would like to add to the OpenVPN server configuration here, separated by a semicolon"); ?><br/>
1562			<?=gettext("EXAMPLE: push \"route 10.0.0.0 255.255.255.0\""); ?>;
1563	2f4f30ee	Scott Ullrich	</td>
1564			</tr>
1565			</table>
1566			</td>
1567			</tr>
1568			</table>
1569
1570	f68fc963	Scott Ullrich	<br/>
1571
1572	3c11bd3c	Matthew Grooms	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts">
1573	d799787e	Matthew Grooms	<tr>
1574			<td width="22%" valign="top"> </td>
1575			<td width="78%">
1576	4d8b3382	Carlos Eduardo Ramos	<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
1577	d799787e	Matthew Grooms	<input name="act" type="hidden" value="<?=$act;?>">
1578			<?php if (isset($id) && $a_server[$id]): ?>
1579			<input name="id" type="hidden" value="<?=$id;?>">
1580			<?php endif; ?>
1581			</td>
1582			</tr>
1583			</table>
1584			</form>
1585
1586			<?php else: ?>
1587
1588	7128ed17	Scott Ullrich	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
1589	80fa045a	jim-p	<thead>
1590	d799787e	Matthew Grooms	<tr>
1591	4d8b3382	Carlos Eduardo Ramos	<td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td>
1592			<td width="10%" class="listhdrr"><?=gettext("Protocol / Port"); ?></td>
1593			<td width="30%" class="listhdrr"><?=gettext("Tunnel Network"); ?></td>
1594			<td width="40%" class="listhdrr"><?=gettext("Description"); ?></td>
1595	d799787e	Matthew Grooms	<td width="10%" class="list"></td>
1596			</tr>
1597	80fa045a	jim-p	</thead>
1598			<tbody>
1599	d799787e	Matthew Grooms	<?php
1600			$i = 0;
1601			foreach($a_server as $server):
1602			$disabled = "NO";
1603	870318b9	Ermal Lu?i	if (isset($server['disable']))
1604	d799787e	Matthew Grooms	$disabled = "YES";
1605			?>
1606			<tr>
1607	d3d9b0ee	Scott Ullrich	<td class="listlr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1608	d799787e	Matthew Grooms	<?=$disabled;?>
1609			</td>
1610	d3d9b0ee	Scott Ullrich	<td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1611	43cea754	Chris Buechler	<?=htmlspecialchars($server['protocol']);?> / <?=htmlspecialchars($server['local_port']);?>
1612	d799787e	Matthew Grooms	</td>
1613	d3d9b0ee	Scott Ullrich	<td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1614	b1ba04cf	Seth Mos	<?=htmlspecialchars($server['tunnel_network']);?><br/>
1615			<?=htmlspecialchars($server['tunnel_networkv6']);?><br/>
1616	d799787e	Matthew Grooms	</td>
1617	d3d9b0ee	Scott Ullrich	<td class="listbg" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1618	d799787e	Matthew Grooms	<?=htmlspecialchars($server['description']);?>
1619			</td>
1620			<td valign="middle" nowrap class="list">
1621			<a href="vpn_openvpn_server.php?act=edit&id=<?=$i;?>">
1622	4d8b3382	Carlos Eduardo Ramos	<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit server"); ?>" width="17" height="17" border="0">
1623	d799787e	Matthew Grooms	</a>
1624
1625	4d8b3382	Carlos Eduardo Ramos	<a href="vpn_openvpn_server.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this server?"); ?>')">
1626			<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete server"); ?>" width="17" height="17" border="0">
1627	d799787e	Matthew Grooms	</a>
1628			</td>
1629			</tr>
1630			<?php
1631			$i++;
1632			endforeach;
1633			?>
1634	80fa045a	jim-p	</tbody>
1635			<tfoot>
1636	d799787e	Matthew Grooms	<tr>
1637			<td class="list" colspan="4"></td>
1638			<td class="list">
1639	4d8b3382	Carlos Eduardo Ramos	<a href="vpn_openvpn_server.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add server"); ?>" width="17" height="17" border="0">
1640	d799787e	Matthew Grooms	</a>
1641			</td>
1642			</tr>
1643	80fa045a	jim-p	</tfoot>
1644	d799787e	Matthew Grooms	</table>
1645
1646	7128ed17	Scott Ullrich	<?=gettext("Additional OpenVPN servers can be added here.");?>
1647
1648	ee9933b6	Renato Botelho	<?php endif; ?>
1649	d799787e	Matthew Grooms
1650			</td>
1651			</tr>
1652			</table>
1653			<script language="JavaScript">
1654			<!--
1655	3c11bd3c	Matthew Grooms	mode_change();
1656			autokey_change();
1657			tlsauth_change();
1658	d799787e	Matthew Grooms	gwredir_change();
1659			dns_domain_change();
1660			dns_server_change();
1661			wins_server_change();
1662			ntp_server_change();
1663			netbios_change();
1664	1ab6bdb5	jim-p	tuntap_change();
1665	d799787e	Matthew Grooms	//-->
1666			</script>
1667			</body>
1668			<?php include("fend.inc"); ?>
1669
1670			<?php
1671
1672			/* local utility functions */
1673
1674			function set_checked($var,& $chk) {
1675			if($var)
1676			$chk = 'checked';
1677			else
1678			$chk = '';
1679			}
1680
1681	4d8b3382	Carlos Eduardo Ramos	?>

Project

General

Profile

pfSense