Project

General

Profile

Download (32.2 KB) Statistics
| Branch: | Tag: | Revision:
1 d799787e Matthew Grooms
<?php 
2
/*
3
	vpn_openvpn_client.php
4
5
	Copyright (C) 2008 Shrew Soft Inc.
6
	All rights reserved. 
7
8
	Redistribution and use in source and binary forms, with or without
9
	modification, are permitted provided that the following conditions are met:
10
	
11
	1. Redistributions of source code must retain the above copyright notice,
12
	   this list of conditions and the following disclaimer.
13
	
14
	2. Redistributions in binary form must reproduce the above copyright
15
	   notice, this list of conditions and the following disclaimer in the
16
	   documentation and/or other materials provided with the distribution.
17
	
18
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
	POSSIBILITY OF SUCH DAMAGE.
28
*/
29
30
##|+PRIV
31
##|*IDENT=page-openvpn-client
32
##|*NAME=OpenVPN: Client page
33
##|*DESCR=Allow access to the 'OpenVPN: Client' page.
34
##|*MATCH=vpn_openvpn_client.php*
35
##|-PRIV
36
37
require("guiconfig.inc");
38 d84bd468 Ermal Lu?i
require_once("openvpn.inc");
39 d799787e Matthew Grooms
40
$pgtitle = array("OpenVPN", "Client");
41 efe2be81 jim-p
$statusurl = "status_openvpn.php";
42
$logurl = "diag_logs_openvpn.php";
43 d799787e Matthew Grooms
44
if (!is_array($config['openvpn']['openvpn-client']))
45
	$config['openvpn']['openvpn-client'] = array();
46
47
$a_client = &$config['openvpn']['openvpn-client'];
48
49
$id = $_GET['id'];
50
if (isset($_POST['id']))
51
	$id = $_POST['id'];
52
53
$act = $_GET['act'];
54
if (isset($_POST['act']))
55
	$act = $_POST['act'];
56
57
if ($_GET['act'] == "del") {
58
59
	if (!$a_client[$id]) {
60
		pfSenseHeader("vpn_openvpn_client.php");
61
		exit;
62
	}
63
64 dc408939 Matthew Grooms
	openvpn_delete('client', $a_client[$id]);
65 d799787e Matthew Grooms
	unset($a_client[$id]);
66
	write_config();
67
	$savemsg = gettext("Client successfully deleted")."<br/>";
68
}
69
70 f432e364 Matthew Grooms
if($_GET['act']=="new"){
71 3c11bd3c Matthew Grooms
	$pconfig['autokey_enable'] = "yes";
72
	$pconfig['tlsauth_enable'] = "yes";
73
	$pconfig['autotls_enable'] = "yes";
74 f432e364 Matthew Grooms
	$pconfig['interface'] = "wan";
75
	$pconfig['server_port'] = 1194;
76
}
77
78 d799787e Matthew Grooms
if($_GET['act']=="edit"){
79
80
	if (isset($id) && $a_client[$id]) {
81
82 8319ee63 jim-p
		$pconfig['disable'] = isset($a_client[$id]['disable']);
83 3c11bd3c Matthew Grooms
		$pconfig['mode'] = $a_client[$id]['mode'];
84 d799787e Matthew Grooms
		$pconfig['protocol'] = $a_client[$id]['protocol'];
85
		$pconfig['interface'] = $a_client[$id]['interface'];
86 67b0902f pierrepomes
		if (!empty($a_client[$id]['ipaddr'])) {
87
			$pconfig['interface'] = $pconfig['interface'] . '|' . $a_client[$id]['ipaddr'];
88
		}
89 d799787e Matthew Grooms
		$pconfig['local_port'] = $a_client[$id]['local_port'];
90
		$pconfig['server_addr'] = $a_client[$id]['server_addr'];
91
		$pconfig['server_port'] = $a_client[$id]['server_port'];
92
		$pconfig['resolve_retry'] = $a_client[$id]['resolve_retry'];
93
		$pconfig['proxy_addr'] = $a_client[$id]['proxy_addr'];
94
		$pconfig['proxy_port'] = $a_client[$id]['proxy_port'];
95 762a24a3 Ermal Lu?i
		$pconfig['proxy_user'] = $a_client[$id]['proxy_user'];
96
		$pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd'];
97
		$pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype'];
98 d799787e Matthew Grooms
		$pconfig['description'] = $a_client[$id]['description'];
99 c7323d81 sullrich
		$pconfig['custom_options'] = $a_client[$id]['custom_options'];
100 691fbf14 Ermal Lu?i
		$pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type'];
101
		$pconfig['dev_mode'] = $a_client[$id]['dev_mode'];
102
	
103 3c11bd3c Matthew Grooms
		if ($pconfig['mode'] != "p2p_shared_key") {
104 d799787e Matthew Grooms
			$pconfig['caref'] = $a_client[$id]['caref'];
105
			$pconfig['certref'] = $a_client[$id]['certref'];
106 3c11bd3c Matthew Grooms
			if ($a_client[$id]['tls']) {
107
				$pconfig['tlsauth_enable'] = "yes";
108
				$pconfig['tls'] = base64_decode($a_client[$id]['tls']);
109
			}
110
		} else
111
			$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
112 d799787e Matthew Grooms
		$pconfig['crypto'] = $a_client[$id]['crypto'];
113
114
		$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
115
		$pconfig['remote_network'] = $a_client[$id]['remote_network'];
116
		$pconfig['compression'] = $a_client[$id]['compression'];
117 1cb0b40a Matthew Grooms
		$pconfig['passtos'] = $a_client[$id]['passtos'];
118 3c11bd3c Matthew Grooms
119
		// just in case the modes switch
120
		$pconfig['autokey_enable'] = "yes";
121
		$pconfig['autotls_enable'] = "yes";
122 d799787e Matthew Grooms
	}
123
}
124
125
if ($_POST) {
126
127
	unset($input_errors);
128
	$pconfig = $_POST;
129
130 dc408939 Matthew Grooms
	if (isset($id) && $a_client[$id])
131
		$vpnid = $a_client[$id]['vpnid'];
132 f432e364 Matthew Grooms
	else
133
		$vpnid = 0;
134
135 98c0c87a jim-p
	if ($pconfig['mode'] != "p2p_shared_key")
136 3c11bd3c Matthew Grooms
		$tls_mode = true;
137
	else
138
		$tls_mode = false;
139
140 d799787e Matthew Grooms
	/* input validation */
141 f432e364 Matthew Grooms
	if ($pconfig['local_port']) {
142
143
		if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
144
			$input_errors[] = $result;
145
146 5accf130 jim-p
		$portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']);
147
		if (($portused != $vpnid) && ($portused != 0))
148 f432e364 Matthew Grooms
			$input_errors[] = "The specified 'Local port' is in use. Please select another value";
149
	}
150
151 d799787e Matthew Grooms
	if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address'))
152
		$input_errors[] = $result;
153
154
	if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port'))
155
		$input_errors[] = $result;
156
157
	if ($pconfig['proxy_addr']) {
158
159
		if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address'))
160
			$input_errors[] = $result;
161
162
		if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port'))
163
			$input_errors[] = $result;
164 762a24a3 Ermal Lu?i
165
		if ($pconfig['proxy_authtype'] != "none") {
166
			if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd']))
167
				$input_errors[] = "User name and password are required for proxy with authentication.";
168
		}
169 d799787e Matthew Grooms
	}
170
171 c13b87a0 sullrich
	if($pconfig['tunnel_network'])
172
		if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network'))
173
			$input_errors[] = $result;
174 d799787e Matthew Grooms
175
	if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network'))
176
		$input_errors[] = $result;
177
178 89e6e210 jim-p
    if ($pconfig['autokey_enable'])
179
        $pconfig['shared_key'] = openvpn_create_key();
180
181 3c11bd3c Matthew Grooms
	if (!$tls_mode && !$pconfig['autokey_enable'])
182 d799787e Matthew Grooms
		if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
183
			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
184 3c11bd3c Matthew Grooms
			$input_errors[] = "The field 'Shared Key' does not appear to be valid";
185
186
	if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
187
		if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
188
			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
189
			$input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid";
190 d799787e Matthew Grooms
191 6180c3ae jim-p
	/* If we are not in shared key mode, then we need the CA/Cert. */
192
	if ($pconfig['mode'] != "p2p_shared_key") {
193 872d9195 Matthew Grooms
		$reqdfields = explode(" ", "caref certref");
194
		$reqdfieldsn = explode(",", "Certificate Authority,Certificate");;
195 6180c3ae jim-p
	} elseif (!$pconfig['autokey_enable']) {
196
		/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
197
		$reqdfields = array('shared_key');
198
		$reqdfieldsn = array('Shared key');
199 d799787e Matthew Grooms
	}
200
201
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
202
	
203
	if (!$input_errors) {
204
205
		$client = array();
206
207 f432e364 Matthew Grooms
		if ($vpnid)
208
			$client['vpnid'] = $vpnid;
209 d799787e Matthew Grooms
		else
210
			$client['vpnid'] = openvpn_vpnid_next();
211
212 8319ee63 jim-p
		if ($_POST['disable'] == "yes")
213 b65f56f6 jim-p
			$client['disable'] = true;
214 d799787e Matthew Grooms
		$client['protocol'] = $pconfig['protocol'];
215 691fbf14 Ermal Lu?i
		$client['dev_mode'] = $pconfig['dev_mode'];
216 67b0902f pierrepomes
		list($client['interface'], $client['ipaddr']) = explode ("|",$pconfig['interface']);
217 d799787e Matthew Grooms
		$client['local_port'] = $pconfig['local_port'];
218
		$client['server_addr'] = $pconfig['server_addr'];
219
		$client['server_port'] = $pconfig['server_port'];
220
		$client['resolve_retry'] = $pconfig['resolve_retry'];
221
		$client['proxy_addr'] = $pconfig['proxy_addr'];
222
		$client['proxy_port'] = $pconfig['proxy_port'];
223 762a24a3 Ermal Lu?i
		$client['proxy_authtype'] = $pconfig['proxy_authtype'];
224
		$client['proxy_user'] = $pconfig['proxy_user'];
225
		$client['proxy_passwd'] = $pconfig['proxy_passwd'];
226 d799787e Matthew Grooms
		$client['description'] = $pconfig['description'];
227 50a9d5b9 jim-p
		$client['mode'] = $pconfig['mode'];
228 c7323d81 sullrich
		$client['custom_options'] = $pconfig['custom_options'];
229 d799787e Matthew Grooms
230 3c11bd3c Matthew Grooms
        if ($tls_mode) {
231
            $client['caref'] = $pconfig['caref'];
232
            $client['certref'] = $pconfig['certref'];
233
            if ($pconfig['tlsauth_enable']) {
234
                if ($pconfig['autotls_enable'])
235
                    $pconfig['tls'] = openvpn_create_key();
236
                $client['tls'] = base64_encode($pconfig['tls']);
237
            }
238
        } else {
239
            $client['shared_key'] = base64_encode($pconfig['shared_key']);
240
        }
241 d799787e Matthew Grooms
		$client['crypto'] = $pconfig['crypto'];
242
243
		$client['tunnel_network'] = $pconfig['tunnel_network'];
244
		$client['remote_network'] = $pconfig['remote_network'];
245
		$client['compression'] = $pconfig['compression'];
246 e067306d pierrepomes
		$client['passtos'] = $pconfig['passtos'];
247 d799787e Matthew Grooms
248
		if (isset($id) && $a_client[$id])
249
			$a_client[$id] = $client;
250
		else
251
			$a_client[] = $client;
252
253 dc408939 Matthew Grooms
		openvpn_resync('client', $client);
254 d799787e Matthew Grooms
		write_config();
255
		
256
		header("Location: vpn_openvpn_client.php");
257
		exit;
258
	}
259
}
260
261
include("head.inc");
262
263
?>
264
265
<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
266
<?php include("fbegin.inc"); ?>
267
<script language="JavaScript">
268
<!--
269
270 3c11bd3c Matthew Grooms
function mode_change() {
271
	index = document.iform.mode.selectedIndex;
272
	value = document.iform.mode.options[index].value;
273 d799787e Matthew Grooms
	switch(value) {
274 3c11bd3c Matthew Grooms
		case "p2p_tls":
275
			document.getElementById("tls").style.display="";
276
			document.getElementById("tls_ca").style.display="";
277
			document.getElementById("tls_cert").style.display="";
278 d799787e Matthew Grooms
			document.getElementById("psk").style.display="none";
279
			break;
280 3c11bd3c Matthew Grooms
		case "p2p_shared_key":
281
			document.getElementById("tls").style.display="none";
282
			document.getElementById("tls_ca").style.display="none";
283
			document.getElementById("tls_cert").style.display="none";
284 d799787e Matthew Grooms
			document.getElementById("psk").style.display="";
285
			break;
286
	}
287
}
288
289 3c11bd3c Matthew Grooms
function autokey_change() {
290
	if (document.iform.autokey_enable.checked)
291
		document.getElementById("autokey_opts").style.display="none";
292
	else
293
		document.getElementById("autokey_opts").style.display="";
294
}
295
296 762a24a3 Ermal Lu?i
function useproxy_changed() {
297
298
	if ($('proxy_authtype').value != 'none') {
299
                $('proxy_authtype_opts').show();
300
        } else {
301
                $('proxy_authtype_opts').hide();
302
        }
303
}
304
305 3c11bd3c Matthew Grooms
function tlsauth_change() {
306
307
<?php if (!$pconfig['tls']): ?>
308
	if (document.iform.tlsauth_enable.checked)
309
		document.getElementById("tlsauth_opts").style.display="";
310
	else
311
		document.getElementById("tlsauth_opts").style.display="none";
312
<?php endif; ?>
313
314
	autotls_change();
315
}
316
317
function autotls_change() {
318
319
<?php if (!$pconfig['tls']): ?>
320
	autocheck = document.iform.autotls_enable.checked;
321
<?php else: ?>
322
	autocheck = false;
323
<?php endif; ?>
324
325
	if (document.iform.tlsauth_enable.checked && !autocheck)
326
		document.getElementById("autotls_opts").style.display="";
327
	else
328
		document.getElementById("autotls_opts").style.display="none";
329
}
330
331 d799787e Matthew Grooms
//-->
332
</script>
333
<?php
334
	if ($input_errors)
335
		print_input_errors($input_errors);
336
	if ($savemsg)
337
		print_info_box($savemsg);
338
?>
339
<table width="100%" border="0" cellpadding="0" cellspacing="0">
340
 	<tr>
341
		<td class="tabnavtbl">
342
			<ul id="tabnav">
343
			<?php 
344
				$tab_array = array();
345
				$tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php");
346
				$tab_array[] = array(gettext("Client"), true, "vpn_openvpn_client.php");
347
				$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
348 5540aee6 Ermal Lu?i
				$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
349 b63f2e8b Matthew Grooms
				add_package_tabs("OpenVPN", $tab_array);
350 d799787e Matthew Grooms
				display_top_tabs($tab_array);
351
			?>
352
			</ul>
353
		</td>
354
	</tr>    
355
	<tr>
356
		<td class="tabcont">
357
358
			<?php if($act=="new" || $act=="edit"): ?>
359
360
			<form action="vpn_openvpn_client.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
361
				<table width="100%" border="0" cellpadding="6" cellspacing="0">
362 47c00c09 Scott Ullrich
					<tr>
363
						<td colspan="2" valign="top" class="listtopic">General information</td>
364
					</tr>
365 d799787e Matthew Grooms
					<tr>
366
						<td width="22%" valign="top" class="vncellreq">Disabled</td>
367
						<td width="78%" class="vtable">
368
							<table border="0" cellpadding="0" cellspacing="0">
369
								<tr>
370
									<td>
371
										<?php set_checked($pconfig['disable'],$chk); ?>
372
										<input name="disable" type="checkbox" value="yes" <?=$chk;?>/>
373
									</td>
374
									<td>
375
										&nbsp;
376
										<span class="vexpl">
377
											<strong>Disable this client</strong><br>
378
										</span>
379
									</td>
380
								</tr>
381
							</table>
382
							Set this option to disable this client without removing it from the list.
383
						</td>
384
					</tr>
385 3c11bd3c Matthew Grooms
					<tr>
386
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
387
						<td width="78%" class="vtable">
388
							<select name='mode' id='mode' class="formselect" onchange='mode_change()'>
389
							<?php
390
								foreach ($openvpn_client_modes as $name => $desc):
391
									$selected = "";
392
									if ($pconfig['mode'] == $name)
393
										$selected = "selected";
394
							?>
395
								<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
396
							<?php endforeach; ?>
397
							</select>
398
						</td>
399
					</tr>
400 d799787e Matthew Grooms
					<tr>
401
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
402
							<td width="78%" class="vtable">
403
							<select name='protocol' class="formselect">
404
							<?php
405
								foreach ($openvpn_prots as $prot):
406
									$selected = "";
407
									if ($pconfig['protocol'] == $prot)
408
										$selected = "selected";
409
							?>
410
								<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
411
							<?php endforeach; ?>
412
							</select>
413
							</td>
414
					</tr>
415 691fbf14 Ermal Lu?i
                                        <tr>
416
                                                <td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td>
417
                                                        <td width="78%" class="vtable">
418
                                                        <select name='dev_mode' class="formselect">
419
                                                        <?php
420
                                                                foreach ($openvpn_dev_mode as $mode):
421
                                                                        $selected = "";
422
                                                                        if ($pconfig['dev_mode'] == $mode)
423
                                                                                $selected = "selected";
424
                                                        ?>
425
                                                                <option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option>
426
                                                        <?php endforeach; ?>
427
                                                        </select>
428
                                                        </td>
429
                                        </tr>
430 d799787e Matthew Grooms
					<tr>
431
						<td width="22%" valign="top" class="vncellreq">Interface</td>
432
						<td width="78%" class="vtable">
433
							<select name="interface" class="formselect">
434
								<?php
435
									$interfaces = get_configured_interface_with_descr();
436 3d06e8f0 pierrepomes
									$carplist = get_configured_carp_interface_list();
437
									foreach ($carplist as $cif => $carpip)
438 67b0902f pierrepomes
										$interfaces[$cif.'|'.$carpip] = strtoupper($cif) . " ({$carpip})";
439
									$aliaslist = get_configured_ip_aliases_list();
440
									foreach ($aliaslist as $aliasip => $aliasif)
441
										$interfaces[$aliasif.'|'.$aliasip] = strtoupper($aliasif) . " ({$aliasip})";
442
									$interfaces['any'] = "any";
443 3d06e8f0 pierrepomes
									foreach ($interfaces as $iface => $ifacename):
444 1d3bcd2a Matthew Grooms
										$selected = "";
445
										if ($iface == $pconfig['interface'])
446
											$selected = "selected";
447 d799787e Matthew Grooms
								?>
448 1d3bcd2a Matthew Grooms
									<option value="<?=$iface;?>" <?=$selected;?>>
449
										<?=htmlspecialchars($ifacename);?>
450
									</option>
451 d799787e Matthew Grooms
								<?php endforeach; ?>
452
							</select> <br>
453
						</td>
454
					</tr>
455 1d3bcd2a Matthew Grooms
					<tr>
456
						<td width="22%" valign="top" class="vncell"><?=gettext("Local port");?></td>
457
						<td width="78%" class="vtable">
458
							<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>"/>
459 d799787e Matthew Grooms
							<br/>
460
							Set this option if you would like to bind to a specific port.
461 1d3bcd2a Matthew Grooms
						</td>
462
					</tr>
463 d799787e Matthew Grooms
					<tr>
464
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server host or address");?></td>
465
						<td width="78%" class="vtable">
466
							<input name="server_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['server_addr']);?>"/>
467
						</td>
468
					</tr>
469
					<tr>
470
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server port");?></td>
471
						<td width="78%" class="vtable">
472
							<input name="server_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['server_port']);?>"/>
473
						</td>
474
					</tr>
475
					<tr>
476
						<td width="22%" valign="top" class="vncell"><?=gettext("Proxy host or address");?></td>
477
						<td width="78%" class="vtable">
478
							<input name="proxy_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['proxy_addr']);?>"/>
479
						</td>
480
					</tr>
481
					<tr>
482
						<td width="22%" valign="top" class="vncell"><?=gettext("Proxy port");?></td>
483
						<td width="78%" class="vtable">
484
							<input name="proxy_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['proxy_port']);?>"/>
485
						</td>
486
					</tr>
487 762a24a3 Ermal Lu?i
					<tr>
488
						<td width="22%" valign="top" class="vncell"><?=gettext("Proxy authentication extra options");?></td>
489
						<td width="78%" class="vtable">
490
							<table border="0" cellpadding="2" cellspacing="0">
491
								<tr>
492
                                                                        <td align="right" width="25%">
493
                                                                                <span class="vexpl">
494
                                                                                         &nbsp;Authentication method :&nbsp;
495
                                                                                </span>
496
                                                                        </td>
497
                                                                        <td>
498
										<select name="proxy_authtype" id="proxy_authtype" class="formfld select" onChange="useproxy_changed()">
499
											<option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected"; ?>>none</option>
500
											<option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected"; ?>>basic</option>
501
											<option value="ntlm" <?php if ($pconfig['proxy_authtype'] == "ntlm") echo "selected"; ?>>ntlm</option>
502
										</select>
503
									</td>
504
								</tr>
505
							</table>
506
							<br />
507
							 <table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none">
508
                                                                <tr>
509
                                                                        <td align="right" width="25%">
510
                                                                                <span class="vexpl">
511
                                                                                         &nbsp;Username :&nbsp;
512
                                                                                </span>
513
                                                                        </td>
514
                                                                        <td>
515
                                                                                <input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" />
516
                                                                        </td>
517
                                                                </tr>
518
                                                                <tr>
519
                                                                        <td align="right" width="25%">
520
                                                                                <span class="vexpl">
521
                                                                                         &nbsp;Password :&nbsp;
522
                                                                                </span>
523
                                                                        </td>
524
                                                                        <td>
525
                                                                                <input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" />
526
                                                                        </td>
527
                                                                </tr>
528
                                                        </table>
529
						</td>
530
					</tr>
531 d799787e Matthew Grooms
					<tr>
532
						<td width="22%" valign="top" class="vncell">Server host name resolution</td>
533
						<td width="78%" class="vtable">
534
							<table border="0" cellpadding="2" cellspacing="0">
535
								<tr>
536
									<td>
537
										<?php set_checked($pconfig['resolve_retry'],$chk); ?>
538 db2872a2 Ermal Lu?i
										<input name="resolve_retry" type="checkbox" value="yes" <?=$chk;?>>
539 d799787e Matthew Grooms
									</td>
540
									<td>
541
										<span class="vexpl">
542
											Infinitely resolve server
543
										</span>
544
									</td>
545
								</tr>
546
							</table>
547
							Continuously attempt to resolve the server host
548
							name. Useful when communicating with a server
549 2953c7e9 Chris Buechler
							that is not permanently connected to the Internet.
550 d799787e Matthew Grooms
						</td>
551
					</tr>
552
					<tr> 
553
						<td width="22%" valign="top" class="vncell">Description</td>
554
						<td width="78%" class="vtable"> 
555
							<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>">
556
							<br>
557
							You may enter a description here for your reference (not parsed).
558
						</td>
559
					</tr>
560
					<tr>
561
						<td colspan="2" class="list" height="12"></td>
562
					</tr>
563
					<tr>
564
						<td colspan="2" valign="top" class="listtopic">Cryptographic Settings</td>
565
					</tr>
566 3c11bd3c Matthew Grooms
					<tr id="tls">
567
						<td width="22%" valign="top" class="vncellreq">TLS Authentication</td>
568
						<td width="78%" class="vtable">
569
							<table border="0" cellpadding="2" cellspacing="0">
570
								<tr>
571
									<td>
572
										<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
573
										<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onClick="tlsauth_change()">
574
									</td>
575
									<td>
576
										<span class="vexpl">
577
											Enable authentication of TLS packets.
578
										</span>
579
									</td>
580
								</tr>
581
							</table>
582
							<?php if (!$pconfig['tls']): ?>
583
							<table border="0" cellpadding="2" cellspacing="0" id='tlsauth_opts'>
584
								<tr>
585
									<td>
586
										<?php set_checked($pconfig['autotls_enable'],$chk); ?>
587
										<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autotls_change()">
588
									</td>
589
									<td>
590
										<span class="vexpl">
591
											Automatically generate a shared TLS authentication key.
592
										</span>
593
									</td>
594
								</tr>
595
							</table>
596
							<?php endif; ?>
597
							<table border="0" cellpadding="2" cellspacing="0" id='autotls_opts'>
598
								<tr>
599
									<td>
600
										<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
601
										<br/>
602
										Paste your shared key here.
603
									</td>
604
								</tr>
605
							</table>
606
						</td>
607 d799787e Matthew Grooms
					</tr>
608 3c11bd3c Matthew Grooms
					<tr id="tls_ca">
609
						<td width="22%" valign="top" class="vncellreq">Peer Certificate Authority</td>
610 d799787e Matthew Grooms
							<td width="78%" class="vtable">
611
							<select name='caref' class="formselect">
612
							<?php
613
								foreach ($config['system']['ca'] as $ca):
614
									$selected = "";
615
									if ($pconfig['caref'] == $ca['refid'])
616
										$selected = "selected";
617
							?>
618
								<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['name'];?></option>
619
							<?php endforeach; ?>
620
							</select>
621
							</td>
622
					</tr>
623 3c11bd3c Matthew Grooms
					<tr id="tls_cert">
624
						<td width="22%" valign="top" class="vncellreq">Client Certificate</td>
625 d799787e Matthew Grooms
							<td width="78%" class="vtable">
626
							<select name='certref' class="formselect">
627
							<?php
628
								foreach ($config['system']['cert'] as $cert):
629
									$selected = "";
630
									if ($pconfig['certref'] == $cert['refid'])
631
										$selected = "selected";
632
							?>
633
								<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['name'];?></option>
634
							<?php endforeach; ?>
635
							</select>
636
						</td>
637
					</tr>
638
					<tr id="psk">
639
						<td width="22%" valign="top" class="vncellreq">Shared Key</td>
640 3c11bd3c Matthew Grooms
						<td width="78%" class="vtable">
641
							<?php if (!$pconfig['shared_key']): ?>
642
							<table border="0" cellpadding="2" cellspacing="0">
643
								<tr>
644
									<td>
645
										<?php set_checked($pconfig['autokey_enable'],$chk); ?>
646
										<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autokey_change()">
647
									</td>
648
									<td>
649
										<span class="vexpl">
650
											Automatically generate a shared key.
651
										</span>
652
									</td>
653
								</tr>
654
							</table>
655
							<?php endif; ?>
656
							<table border="0" cellpadding="2" cellspacing="0" id='autokey_opts'>
657
								<tr>
658
									<td>
659
										<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
660
										<br/>
661
										Paste your shared key here.
662
									</td>
663
								</tr>
664
							</table>
665 d799787e Matthew Grooms
						</td>
666
					</tr>
667
					<tr>
668
						<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
669
						<td width="78%" class="vtable">
670
							<select name="crypto" class="formselect">
671
								<?php
672
									$cipherlist = openvpn_get_cipherlist();
673
									foreach ($cipherlist as $name => $desc):
674
									$selected = '';
675
									if ($name == $pconfig['crypto'])
676
										$selected = ' selected';
677
								?>
678
								<option value="<?=$name;?>"<?=$selected?>>
679
									<?=htmlspecialchars($desc);?>
680
								</option>
681
								<?php endforeach; ?>
682
							</select>
683
						</td>
684
					</tr>
685
					<tr>
686
						<td colspan="2" class="list" height="12"></td>
687
					</tr>
688
					<tr>
689
						<td colspan="2" valign="top" class="listtopic">Tunnel Settings</td>
690
					</tr>
691
					<tr>
692 c13b87a0 sullrich
						<td width="22%" valign="top" class="vncell">Tunnel Network</td>
693 d799787e Matthew Grooms
						<td width="78%" class="vtable">
694
							<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>">
695
							<br>
696
							This is the virtual network used for private
697
							communications between this client and the
698
							server expressed using CIDR (eg. 10.0.8.0/24).
699
							The first network address is assumed to be the
700
							server address and the second network address
701
							will be assigned to the client virtual
702
							interface.
703
						</td>
704
					</tr>
705
					<tr>
706
						<td width="22%" valign="top" class="vncell">Remote Network</td>
707
						<td width="78%" class="vtable">
708
							<input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>">
709
							<br>
710
							This is a network that will be routed through
711
							the tunnel, so that a site-to-site VPN can be
712
							established without manually changing the
713
							routing tables. Expressed as a CIDR range. If
714
							this is a site-to-site VPN, enter here the
715
							remote LAN here. You may leave this blank to
716
							only communicate with other clients.
717
						</td>
718
					</tr>
719
					<tr>
720
						<td width="22%" valign="top" class="vncell"><?=gettext("Limit outgoing bandwidth");?></td>
721
						<td width="78%" class="vtable">
722
							<input name="use_shaper" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['use_shaper']);?>"/>
723
							<br/>
724
							Maximum outgoing bandwidth for this tunnel.
725
							Leave empty for no limit. The input value has
726
							to be something between 100 bytes/sec and 100
727
							Mbytes/sec (entered as bytes per second).
728
						</td>
729
					</tr>
730
					<tr>
731
						<td width="22%" valign="top" class="vncell">Compression</td>
732
						<td width="78%" class="vtable">
733
							<table border="0" cellpadding="2" cellspacing="0">
734
								<tr>
735
									<td>
736
										<?php set_checked($pconfig['compression'],$chk); ?>
737
										<input name="compression" type="checkbox" value="yes" <?=$chk;?>>
738
									</td>
739
									<td>
740
										<span class="vexpl">
741
											Compress tunnel packets using the LZO algorithm.
742
										</span>
743
									</td>
744
								</tr>
745
							</table>
746
						</td>
747
					</tr>
748
					<tr>
749
						<td width="22%" valign="top" class="vncell">Type-of-Service</td>
750
						<td width="78%" class="vtable">
751
							<table border="0" cellpadding="2" cellspacing="0">
752
								<tr>
753
									<td>
754 1cb0b40a Matthew Grooms
										<?php set_checked($pconfig['passtos'],$chk); ?>
755
										<input name="passtos" type="checkbox" value="yes" <?=$chk;?>>
756 d799787e Matthew Grooms
									</td>
757
									<td>
758
										<span class="vexpl">
759
											Set the TOS IP header value of tunnel packets to match the encapsulated packet value.
760
										</span>
761
									</td>
762
								</tr>
763
							</table>
764
						</td>
765
					</tr>
766 c7323d81 sullrich
					<tr>
767
						<td colspan="2" class="list" height="12"></td>
768
					</tr>
769
					<tr>
770
						<td colspan="2" valign="top" class="listtopic">Advanced configuration</td>
771
					</tr>
772
					<tr>
773
						<td width="22%" valign="top" class="vncell">Advanced</td>
774
						<td width="78%" class="vtable">
775
							<table border="0" cellpadding="2" cellspacing="0">
776
								<tr>
777
									<td>
778
										<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=$pconfig['custom_options'];?></textarea><br/>
779 1a4f9b42 Chris Buechler
										Enter any additional options you would like to add to the OpenVPN client configuration here, separated by a semicolon<br/>
780 2953c7e9 Chris Buechler
										EXAMPLE: route 10.0.0.0 255.255.255.0;
781 c7323d81 sullrich
									</td>
782
								</tr>
783
							</table>
784
						</td>
785
					</tr>					
786 d799787e Matthew Grooms
					<tr>
787
						<td width="22%" valign="top">&nbsp;</td>
788
						<td width="78%"> 
789
							<input name="save" type="submit" class="formbtn" value="Save"> 
790
							<input name="act" type="hidden" value="<?=$act;?>">
791
							<?php if (isset($id) && $a_client[$id]): ?>
792
							<input name="id" type="hidden" value="<?=$id;?>">
793
							<?php endif; ?>
794
						</td>
795
					</tr>
796
				</table>
797
			</form>
798
799
			<?php else: ?>
800
801
			<table width="100%" border="0" cellpadding="0" cellspacing="0">
802
				<tr>
803
					<td width="10%" class="listhdrr">Disabled</td>
804
					<td width="10%" class="listhdrr">Protocol</td>
805
					<td width="30%" class="listhdrr">Server</td>
806
					<td width="40%" class="listhdrr">Description</td>
807
					<td width="10%" class="list"></td>
808
				</tr>
809
				<?php
810
					$i = 0;
811
					foreach($a_client as $client):
812
						$disabled = "NO";
813 8319ee63 jim-p
						if (isset($client['disable']))
814 d799787e Matthew Grooms
							$disabled = "YES";
815
						$server = "{$client['server_addr']}:{$client['server_port']}";
816
				?>
817 c67bbe04 Chris Buechler
				<tr ondblclick="document.location='vpn_openvpn_client.php?act=edit&id=<?=$i;?>'">
818 d799787e Matthew Grooms
					<td class="listlr">
819
						<?=$disabled;?>
820
					</td>
821
					<td class="listr">
822
						<?=htmlspecialchars($client['protocol']);?>
823
					</td>
824
					<td class="listr">
825
						<?=htmlspecialchars($server);?>
826
					</td>
827 296a3cb6 Scott Ullrich
					<td class="listbg">
828 d799787e Matthew Grooms
						<?=htmlspecialchars($client['description']);?>
829
					</td>
830
					<td valign="middle" nowrap class="list">
831
						<a href="vpn_openvpn_client.php?act=edit&id=<?=$i;?>">
832
							<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="edit client" width="17" height="17" border="0">
833
						</a>
834
						&nbsp;
835
						<a href="vpn_openvpn_client.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client?')">
836
							<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="delete client" width="17" height="17" border="0">
837
						</a>
838
					</td>
839
				</tr>
840
				<?php
841
					$i++;
842
					endforeach;
843
				?>
844
				<tr>
845
					<td class="list" colspan="4"></td>
846
					<td class="list">
847
						<a href="vpn_openvpn_client.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="add client" width="17" height="17" border="0">
848
						</a>
849
					</td>
850
				</tr>
851
				<tr>
852
					<td colspan="4">
853
						<p>
854
							<?=gettext("Additional OpenVPN clients can be added here.");?>
855
						</p>
856
					</td>
857
				</tr>
858
			</table>
859
860
			<? endif; ?>
861
862
		</td>
863
	</tr>
864
</table>
865
<script language="JavaScript">
866
<!--
867 3c11bd3c Matthew Grooms
mode_change();
868
autokey_change();
869
tlsauth_change();
870 762a24a3 Ermal Lu?i
useproxy_changed();
871 d799787e Matthew Grooms
//-->
872
</script>
873
</body>
874
<?php include("fend.inc"); ?>
875
876
<?php
877
878
/* local utility functions */
879
880
function set_checked($var,& $chk) {
881
    if($var)
882
        $chk = 'checked';
883
    else
884
        $chk = '';
885
}
886
887
?>