"; } if($_GET['act']=="new"){ $pconfig['autokey_enable'] = "yes"; $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; $pconfig['dh_length'] = 1024; $pconfig['interface'] = "wan"; $pconfig['local_port'] = openvpn_port_next('UDP'); $pconfig['pool_enable'] = "yes"; } if($_GET['act']=="edit"){ if (isset($id) && $a_server[$id]) { $pconfig['disable'] = isset($a_server[$id]['disable']); $pconfig['mode'] = $a_server[$id]['mode']; $pconfig['protocol'] = $a_server[$id]['protocol']; $pconfig['authmode'] = $a_server[$id]['authmode']; $pconfig['interface'] = $a_server[$id]['interface']; if (!empty($a_server[$id]['ipaddr'])) { $pconfig['interface'] = $pconfig['interface'] . '|' . $a_server[$id]['ipaddr']; } $pconfig['local_port'] = $a_server[$id]['local_port']; $pconfig['description'] = $a_server[$id]['description']; $pconfig['custom_options'] = $a_server[$id]['custom_options']; if ($pconfig['mode'] != "p2p_shared_key") { if ($a_server[$id]['tls']) { $pconfig['tlsauth_enable'] = "yes"; $pconfig['tls'] = base64_decode($a_server[$id]['tls']); } $pconfig['caref'] = $a_server[$id]['caref']; $pconfig['certref'] = $a_server[$id]['certref']; $pconfig['dh_length'] = $a_server[$id]['dh_length']; } else $pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']); $pconfig['crypto'] = $a_server[$id]['crypto']; $pconfig['tunnel_network'] = $a_server[$id]['tunnel_network']; $pconfig['remote_network'] = $a_server[$id]['remote_network']; $pconfig['gwredir'] = $a_server[$id]['gwredir']; $pconfig['local_network'] = $a_server[$id]['local_network']; $pconfig['maxclients'] = $a_server[$id]['maxclients']; $pconfig['compression'] = $a_server[$id]['compression']; $pconfig['passtos'] = $a_server[$id]['passtos']; $pconfig['client2client'] = $a_server[$id]['client2client']; $pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip']; $pconfig['pool_enable'] = $a_server[$id]['pool_enable']; $pconfig['dns_domain'] = $a_server[$id]['dns_domain']; if ($pconfig['dns_domain']) $pconfig['dns_domain_enable'] = true; $pconfig['dns_server1'] = $a_server[$id]['dns_server1']; $pconfig['dns_server2'] = $a_server[$id]['dns_server2']; $pconfig['dns_server3'] = $a_server[$id]['dns_server3']; $pconfig['dns_server4'] = $a_server[$id]['dns_server4']; if ($pconfig['dns_server1'] || $pconfig['dns_server2'] || $pconfig['dns_server3'] || $pconfig['dns_server4']) $pconfig['dns_server_enable'] = true; $pconfig['ntp_server1'] = $a_server[$id]['ntp_server1']; $pconfig['ntp_server2'] = $a_server[$id]['ntp_server2']; if ($pconfig['ntp_server1'] || $pconfig['ntp_server2']) $pconfig['ntp_server_enable'] = true; $pconfig['netbios_enable'] = $a_server[$id]['netbios_enable']; $pconfig['netbios_ntype'] = $a_server[$id]['netbios_ntype']; $pconfig['netbios_scope'] = $a_server[$id]['netbios_scope']; $pconfig['wins_server1'] = $a_server[$id]['wins_server1']; $pconfig['wins_server2'] = $a_server[$id]['wins_server2']; if ($pconfig['wins_server1'] || $pconfig['wins_server2']) $pconfig['wins_server_enable'] = true; $pconfig['nbdd_server1'] = $a_server[$id]['nbdd_server1']; if ($pconfig['nbdd_server1']) $pconfig['nbdd_server_enable'] = true; // just in case the modes switch $pconfig['autokey_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; } } if ($_POST) { unset($input_errors); $pconfig = $_POST; if (isset($id) && $a_server[$id]) $vpnid = $a_server[$id]['vpnid']; else $vpnid = 0; if ($pconfig['mode'] != "p2p_shared_key") $tls_mode = true; else $tls_mode = false; if (!empty($pconfig['authmode'])) { foreach ($pconfig['authmode'] as $pauthmode) { if ($pauthmode != "Local Database" && $pconfig['mode'] == "server_tls_user") $input_errors[] = "Only 'Local authentication database' is allowed with " . $openvpn_server_modes[$pconfig['mode']]; } } /* input validation */ if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) $input_errors[] = $result; if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network')) $input_errors[] = $result; if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network')) $input_errors[] = $result; if ($result = openvpn_validate_cidr($pconfig['local_network'], 'Local network')) $input_errors[] = $result; $portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']); if (($portused != $vpnid) && ($portused != 0)) $input_errors[] = "The specified 'Local port' is in use. Please select another value"; if ($pconfig['autokey_enable']) $pconfig['shared_key'] = openvpn_create_key(); if (!$tls_mode && !$pconfig['autokey_enable']) if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") || !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) $input_errors[] = "The field 'Shared Key' does not appear to be valid"; if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") || !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) $input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid"; if ($pconfig['dns_server_enable']) { if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) $input_errors[] = "The field 'DNS Server #1' must contain a valid IP address"; if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) $input_errors[] = "The field 'DNS Server #2' must contain a valid IP address"; if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) $input_errors[] = "The field 'DNS Server #3' must contain a valid IP address"; if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) $input_errors[] = "The field 'DNS Server #4' must contain a valid IP address"; } if ($pconfig['ntp_server_enable']) { if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) $input_errors[] = "The field 'NTP Server #1' must contain a valid IP address"; if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) $input_errors[] = "The field 'NTP Server #2' must contain a valid IP address"; if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) $input_errors[] = "The field 'NTP Server #3' must contain a valid IP address"; if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) $input_errors[] = "The field 'NTP Server #4' must contain a valid IP address"; } if ($pconfig['netbios_enable']) { if ($pconfig['wins_server_enable']) { if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) $input_errors[] = "The field 'WINS Server #1' must contain a valid IP address"; if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) $input_errors[] = "The field 'WINS Server #2' must contain a valid IP address"; } if ($pconfig['nbdd_server_enable']) if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) $input_errors[] = "The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address"; } if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients'])) $input_errors[] = "The field 'Concurrent connections' must be numeric."; /* If we are not in shared key mode, then we need the CA/Cert. */ if ($pconfig['mode'] != "p2p_shared_key") { $reqdfields = explode(" ", "caref certref"); $reqdfieldsn = explode(",", "Certificate Authority,Certificate");; } elseif (!$pconfig['autokey_enable']) { /* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */ $reqdfields = array('shared_key'); $reqdfieldsn = array('Shared key'); } $reqdfields[] = 'tunnel_network'; $reqdfieldsn[] = 'Tunnel network'; do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if (!$input_errors) { $server = array(); if ($vpnid) $server['vpnid'] = $vpnid; else $server['vpnid'] = openvpn_vpnid_next(); if ($_POST['disable'] == "yes") $server['disable'] = true; $server['mode'] = $pconfig['mode']; if (!empty($pconfig['authmode'])) $server['authmode'] = implode(",", $pconfig['authmode']); $server['protocol'] = $pconfig['protocol']; list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']); $server['local_port'] = $pconfig['local_port']; $server['description'] = $pconfig['description']; $server['custom_options'] = $pconfig['custom_options']; if ($tls_mode) { if ($pconfig['tlsauth_enable']) { if ($pconfig['autotls_enable']) $pconfig['tls'] = openvpn_create_key(); $server['tls'] = base64_encode($pconfig['tls']); } $server['caref'] = $pconfig['caref']; $server['certref'] = $pconfig['certref']; $server['dh_length'] = $pconfig['dh_length']; } else { $server['shared_key'] = base64_encode($pconfig['shared_key']); } $server['crypto'] = $pconfig['crypto']; $server['tunnel_network'] = $pconfig['tunnel_network']; $server['remote_network'] = $pconfig['remote_network']; $server['gwredir'] = $pconfig['gwredir']; $server['local_network'] = $pconfig['local_network']; $server['maxclients'] = $pconfig['maxclients']; $server['compression'] = $pconfig['compression']; $server['passtos'] = $pconfig['passtos']; $server['client2client'] = $pconfig['client2client']; $server['dynamic_ip'] = $pconfig['dynamic_ip']; $server['pool_enable'] = $pconfig['pool_enable']; if ($pconfig['dns_domain_enable']) $server['dns_domain'] = $pconfig['dns_domain']; if ($pconfig['dns_server_enable']) { $server['dns_server1'] = $pconfig['dns_server1']; $server['dns_server2'] = $pconfig['dns_server2']; $server['dns_server3'] = $pconfig['dns_server3']; $server['dns_server4'] = $pconfig['dns_server4']; } if ($pconfig['ntp_server_enable']) { $server['ntp_server1'] = $pconfig['ntp_server1']; $server['ntp_server2'] = $pconfig['ntp_server2']; } $server['netbios_enable'] = $pconfig['netbios_enable']; $server['netbios_ntype'] = $pconfig['netbios_ntype']; $server['netbios_scope'] = $pconfig['netbios_scope']; if ($pconfig['netbios_enable']) { if ($pconfig['wins_server_enable']) { $server['wins_server1'] = $pconfig['wins_server1']; $server['wins_server2'] = $pconfig['wins_server2']; } if ($pconfig['dns_server_enable']) $server['nbdd_server1'] = $pconfig['nbdd_server1']; } if (isset($id) && $a_server[$id]) $a_server[$id] = $server; else $a_server[] = $server; openvpn_resync('server', $server); write_config(); header("Location: vpn_openvpn_server.php"); exit; } if (!empty($pconfig['authmode'])) $pconfig['authmode'] = implode(",", $pconfig['authmode']); } include("head.inc"); ?> ">

General information Disabled />   Disable this server Set this option to disable this server without removing it from the list. $desc): $selected = ""; if ($pconfig['mode'] == $name) $selected = "selected"; ?> > > > Interface $carpip) $interfaces[$cif.'|'.$carpip] = strtoupper($cif) . " ({$carpip})"; $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif) $interfaces[$aliasif.'|'.$aliasip] = strtoupper($aliasif) . " ({$aliasip})"; $interfaces['any'] = "any"; foreach ($interfaces as $iface => $ifacename): $selected = ""; if ($iface == $pconfig['interface']) $selected = "selected"; ?> > Description You may enter a description here for your reference (not parsed). Cryptographic Settings TLS Authentication onClick="tlsauth_change()"> Enable authentication of TLS packets. onClick="autotls_change()"> Automatically generate a shared TLS authentication key. <?=htmlspecialchars($pconfig['tls']);?> Paste your shared key here. Peer Certificate Authority > Server Certificate > DH Parameters Length > bits Shared Key onClick="autokey_change()"> Automatically generate a shared key. <?=htmlspecialchars($pconfig['shared_key']);?> Paste your shared key here. Encryption algorithm $desc): $selected = ''; if ($name == $pconfig['crypto']) $selected = ' selected'; ?> > Tunnel Settings Tunnel Network This is the virtual network used for private communications between this server and client hosts expressed using CIDR (eg. 10.0.8.0/24). The first network address will be assigned to the server virtual interface. The remaining network addresses can optionally be assigned to connecting clients. (see Address Pool) Redirect Gateway onClick="gwredir_change()"/> Force all client generated traffic through the tunnel. Local Network This is the network that will be accessible from the remote endpoint. Expressed as a CIDR range. You may leave this blank if you don't want to add a route to the local network through this tunnel on the remote machine. This is generally set to your LAN network. Remote Network This is a network that will be routed through the tunnel, so that a site-to-site VPN can be established without manually changing the routing tables. Expressed as a CIDR range. If this is a site-to-site VPN, enter here the remote LAN here. You may leave this blank if you don't want a site-to-site VPN. Specify the maximum number of clients allowed to concurrently connect to this server. Compression > Compress tunnel packets using the LZO algorithm. Type-of-Service > Set the TOS IP header value of tunnel packets to match the encapsulated packet value. Inter-client communication /> Allow communication between clients connected to this server Client Settings Dynamic IP "> Allow connected clients to retain their connections if their IP address changes. Address Pool "> Provide a virtual adapter IP address to clients (see Tunnel Network) DNS Default Domain onClick="dns_domain_change()"> Provide a default domain name to clients DNS Servers onClick="dns_server_change()"> Provide a DNS server list to clients Server #1:  Server #2:  Server #3:  Server #4:  NTP Servers onClick="ntp_server_change()"> Provide a NTP server list to clients Server #1:  Server #2:  NetBIOS Options onClick="netbios_change()"> Enable NetBIOS over TCP/IP If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled. Node Type:  $name): $selected = ""; if ($pconfig['netbios_ntype'] == $type) $selected = "selected"; ?> > Possible options: b-node (broadcasts), p-node (point-to-point name queries to a WINS server), m-node (broadcast then query name server), and h-node (query name server, then broadcast). Scope ID:  A NetBIOS Scope ID provides an extended naming service for NetBIOS over TCP/IP. The NetBIOS scope ID isolates NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID. WINS Servers onClick="wins_server_change()"> Provide a WINS server list to clients Server #1:  Server #2:  Advanced configuration Advanced <?=$pconfig['custom_options'];?> Enter any additional options you would like to add to the OpenVPN server configuration here, separated by a semicolon EXAMPLE: push "route 10.0.0.0 255.255.255.0"; Disabled Protocol / Port Tunnel Network Description /