/usr/local/www/vpn_openvpn_client.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_openvpn_client.php @ ae5c8d0e

1	d799787e	Matthew Grooms	<?php
2			/*
3			vpn_openvpn_client.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6			All rights reserved.
7
8			Redistribution and use in source and binary forms, with or without
9			modification, are permitted provided that the following conditions are met:
10
11			1. Redistributions of source code must retain the above copyright notice,
12			this list of conditions and the following disclaimer.
13
14			2. Redistributions in binary form must reproduce the above copyright
15			notice, this list of conditions and the following disclaimer in the
16			documentation and/or other materials provided with the distribution.
17
18			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27			POSSIBILITY OF SUCH DAMAGE.
28			*/
29
30			##\|+PRIV
31			##\|*IDENT=page-openvpn-client
32			##\|*NAME=OpenVPN: Client page
33			##\|*DESCR=Allow access to the 'OpenVPN: Client' page.
34			##\|MATCH=vpn_openvpn_client.php
35			##\|-PRIV
36
37			require("guiconfig.inc");
38	d84bd468	Ermal Lu?i	require_once("openvpn.inc");
39	d799787e	Matthew Grooms
40	2fa7a468	Carlos Eduardo Ramos	$pgtitle = array(gettext("OpenVPN"), gettext("Client"));
41	efe2be81	jim-p	$statusurl = "status_openvpn.php";
42			$logurl = "diag_logs_openvpn.php";
43	d799787e	Matthew Grooms
44			if (!is_array($config['openvpn']['openvpn-client']))
45			$config['openvpn']['openvpn-client'] = array();
46
47			$a_client = &$config['openvpn']['openvpn-client'];
48
49	428e66b6	jim-p	if (!is_array($config['ca']))
50			$config['ca'] = array();
51
52			$a_ca =& $config['ca'];
53
54			if (!is_array($config['cert']))
55			$config['cert'] = array();
56
57			$a_cert =& $config['cert'];
58
59			if (!is_array($config['crl']))
60			$config['crl'] = array();
61
62			$a_crl =& $config['crl'];
63
64	d799787e	Matthew Grooms	$id = $_GET['id'];
65			if (isset($_POST['id']))
66			$id = $_POST['id'];
67
68			$act = $_GET['act'];
69			if (isset($_POST['act']))
70			$act = $_POST['act'];
71
72			if ($_GET['act'] == "del") {
73
74			if (!$a_client[$id]) {
75			pfSenseHeader("vpn_openvpn_client.php");
76			exit;
77			}
78
79	dc408939	Matthew Grooms	openvpn_delete('client', $a_client[$id]);
80	d799787e	Matthew Grooms	unset($a_client[$id]);
81			write_config();
82			$savemsg = gettext("Client successfully deleted")."<br/>";
83			}
84
85	f432e364	Matthew Grooms	if($_GET['act']=="new"){
86	3c11bd3c	Matthew Grooms	$pconfig['autokey_enable'] = "yes";
87			$pconfig['tlsauth_enable'] = "yes";
88			$pconfig['autotls_enable'] = "yes";
89	f432e364	Matthew Grooms	$pconfig['interface'] = "wan";
90			$pconfig['server_port'] = 1194;
91			}
92
93	d799787e	Matthew Grooms	if($_GET['act']=="edit"){
94
95			if (isset($id) && $a_client[$id]) {
96
97	8319ee63	jim-p	$pconfig['disable'] = isset($a_client[$id]['disable']);
98	3c11bd3c	Matthew Grooms	$pconfig['mode'] = $a_client[$id]['mode'];
99	d799787e	Matthew Grooms	$pconfig['protocol'] = $a_client[$id]['protocol'];
100			$pconfig['interface'] = $a_client[$id]['interface'];
101	67b0902f	pierrepomes	if (!empty($a_client[$id]['ipaddr'])) {
102			$pconfig['interface'] = $pconfig['interface'] . '\|' . $a_client[$id]['ipaddr'];
103			}
104	d799787e	Matthew Grooms	$pconfig['local_port'] = $a_client[$id]['local_port'];
105			$pconfig['server_addr'] = $a_client[$id]['server_addr'];
106			$pconfig['server_port'] = $a_client[$id]['server_port'];
107			$pconfig['resolve_retry'] = $a_client[$id]['resolve_retry'];
108			$pconfig['proxy_addr'] = $a_client[$id]['proxy_addr'];
109			$pconfig['proxy_port'] = $a_client[$id]['proxy_port'];
110	762a24a3	Ermal Lu?i	$pconfig['proxy_user'] = $a_client[$id]['proxy_user'];
111			$pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd'];
112			$pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype'];
113	d799787e	Matthew Grooms	$pconfig['description'] = $a_client[$id]['description'];
114	c7323d81	sullrich	$pconfig['custom_options'] = $a_client[$id]['custom_options'];
115	691fbf14	Ermal Lu?i	$pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type'];
116	4936ff53	jim-p	$pconfig['dev_mode'] = $a_client[$id]['dev_mode'];
117	691fbf14	Ermal Lu?i
118	3c11bd3c	Matthew Grooms	if ($pconfig['mode'] != "p2p_shared_key") {
119	d799787e	Matthew Grooms	$pconfig['caref'] = $a_client[$id]['caref'];
120			$pconfig['certref'] = $a_client[$id]['certref'];
121	3c11bd3c	Matthew Grooms	if ($a_client[$id]['tls']) {
122			$pconfig['tlsauth_enable'] = "yes";
123			$pconfig['tls'] = base64_decode($a_client[$id]['tls']);
124			}
125			} else
126			$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
127	d799787e	Matthew Grooms	$pconfig['crypto'] = $a_client[$id]['crypto'];
128	f5c704b6	jim-p	$pconfig['engine'] = $a_client[$id]['engine'];
129	d799787e	Matthew Grooms
130			$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
131			$pconfig['remote_network'] = $a_client[$id]['remote_network'];
132	b422360c	jim-p	$pconfig['use_shaper'] = $a_client[$id]['use_shaper'];
133	d799787e	Matthew Grooms	$pconfig['compression'] = $a_client[$id]['compression'];
134	1cb0b40a	Matthew Grooms	$pconfig['passtos'] = $a_client[$id]['passtos'];
135	3c11bd3c	Matthew Grooms
136			// just in case the modes switch
137			$pconfig['autokey_enable'] = "yes";
138			$pconfig['autotls_enable'] = "yes";
139	d799787e	Matthew Grooms	}
140			}
141
142			if ($_POST) {
143
144			unset($input_errors);
145			$pconfig = $_POST;
146
147	dc408939	Matthew Grooms	if (isset($id) && $a_client[$id])
148			$vpnid = $a_client[$id]['vpnid'];
149	f432e364	Matthew Grooms	else
150			$vpnid = 0;
151
152	98c0c87a	jim-p	if ($pconfig['mode'] != "p2p_shared_key")
153	3c11bd3c	Matthew Grooms	$tls_mode = true;
154			else
155			$tls_mode = false;
156
157	d799787e	Matthew Grooms	/* input validation */
158	f432e364	Matthew Grooms	if ($pconfig['local_port']) {
159
160			if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
161			$input_errors[] = $result;
162
163	5accf130	jim-p	$portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']);
164			if (($portused != $vpnid) && ($portused != 0))
165	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
166	f432e364	Matthew Grooms	}
167
168	d799787e	Matthew Grooms	if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address'))
169			$input_errors[] = $result;
170
171			if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port'))
172			$input_errors[] = $result;
173
174			if ($pconfig['proxy_addr']) {
175
176			if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address'))
177			$input_errors[] = $result;
178
179			if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port'))
180			$input_errors[] = $result;
181	762a24a3	Ermal Lu?i
182			if ($pconfig['proxy_authtype'] != "none") {
183			if (empty($pconfig['proxy_user']) \|\| empty($pconfig['proxy_passwd']))
184	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("User name and password are required for proxy with authentication.");
185	762a24a3	Ermal Lu?i	}
186	d799787e	Matthew Grooms	}
187
188	c13b87a0	sullrich	if($pconfig['tunnel_network'])
189			if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network'))
190			$input_errors[] = $result;
191	d799787e	Matthew Grooms
192			if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network'))
193			$input_errors[] = $result;
194
195	b422360c	jim-p	if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) \|\| ($pconfig['use_shaper'] <= 0)))
196			$input_errors[] = gettext("The bandwidth limit must be a positive numeric value.");
197
198	89e6e210	jim-p	if ($pconfig['autokey_enable'])
199			$pconfig['shared_key'] = openvpn_create_key();
200
201	3c11bd3c	Matthew Grooms	if (!$tls_mode && !$pconfig['autokey_enable'])
202	d799787e	Matthew Grooms	if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") \|\|
203			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
204	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
205	3c11bd3c	Matthew Grooms
206			if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
207			if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") \|\|
208			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
209	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
210	d799787e	Matthew Grooms
211	6180c3ae	jim-p	/* If we are not in shared key mode, then we need the CA/Cert. */
212			if ($pconfig['mode'] != "p2p_shared_key") {
213	872d9195	Matthew Grooms	$reqdfields = explode(" ", "caref certref");
214	2fa7a468	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
215	6180c3ae	jim-p	} elseif (!$pconfig['autokey_enable']) {
216			/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
217			$reqdfields = array('shared_key');
218	2fa7a468	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext('Shared key'));
219	d799787e	Matthew Grooms	}
220
221			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
222
223			if (!$input_errors) {
224
225			$client = array();
226
227	f432e364	Matthew Grooms	if ($vpnid)
228			$client['vpnid'] = $vpnid;
229	d799787e	Matthew Grooms	else
230			$client['vpnid'] = openvpn_vpnid_next();
231
232	8319ee63	jim-p	if ($_POST['disable'] == "yes")
233	b65f56f6	jim-p	$client['disable'] = true;
234	d799787e	Matthew Grooms	$client['protocol'] = $pconfig['protocol'];
235	4936ff53	jim-p	$client['dev_mode'] = $pconfig['dev_mode'];
236	67b0902f	pierrepomes	list($client['interface'], $client['ipaddr']) = explode ("\|",$pconfig['interface']);
237	d799787e	Matthew Grooms	$client['local_port'] = $pconfig['local_port'];
238			$client['server_addr'] = $pconfig['server_addr'];
239			$client['server_port'] = $pconfig['server_port'];
240			$client['resolve_retry'] = $pconfig['resolve_retry'];
241			$client['proxy_addr'] = $pconfig['proxy_addr'];
242			$client['proxy_port'] = $pconfig['proxy_port'];
243	762a24a3	Ermal Lu?i	$client['proxy_authtype'] = $pconfig['proxy_authtype'];
244			$client['proxy_user'] = $pconfig['proxy_user'];
245			$client['proxy_passwd'] = $pconfig['proxy_passwd'];
246	d799787e	Matthew Grooms	$client['description'] = $pconfig['description'];
247	50a9d5b9	jim-p	$client['mode'] = $pconfig['mode'];
248	e3bbd29a	Ermal	$client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
249	d799787e	Matthew Grooms
250	3c11bd3c	Matthew Grooms	if ($tls_mode) {
251			$client['caref'] = $pconfig['caref'];
252			$client['certref'] = $pconfig['certref'];
253			if ($pconfig['tlsauth_enable']) {
254			if ($pconfig['autotls_enable'])
255			$pconfig['tls'] = openvpn_create_key();
256			$client['tls'] = base64_encode($pconfig['tls']);
257			}
258			} else {
259			$client['shared_key'] = base64_encode($pconfig['shared_key']);
260			}
261	d799787e	Matthew Grooms	$client['crypto'] = $pconfig['crypto'];
262	582c58ae	jim-p	$client['engine'] = $pconfig['engine'];
263	d799787e	Matthew Grooms
264			$client['tunnel_network'] = $pconfig['tunnel_network'];
265			$client['remote_network'] = $pconfig['remote_network'];
266	b422360c	jim-p	$client['use_shaper'] = $pconfig['use_shaper'];
267	d799787e	Matthew Grooms	$client['compression'] = $pconfig['compression'];
268	e067306d	pierrepomes	$client['passtos'] = $pconfig['passtos'];
269	d799787e	Matthew Grooms
270			if (isset($id) && $a_client[$id])
271			$a_client[$id] = $client;
272			else
273			$a_client[] = $client;
274
275	dc408939	Matthew Grooms	openvpn_resync('client', $client);
276	d799787e	Matthew Grooms	write_config();
277
278			header("Location: vpn_openvpn_client.php");
279			exit;
280			}
281			}
282
283			include("head.inc");
284
285			?>
286
287			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
288			<?php include("fbegin.inc"); ?>
289			<script language="JavaScript">
290			<!--
291
292	3c11bd3c	Matthew Grooms	function mode_change() {
293			index = document.iform.mode.selectedIndex;
294			value = document.iform.mode.options[index].value;
295	d799787e	Matthew Grooms	switch(value) {
296	3c11bd3c	Matthew Grooms	case "p2p_tls":
297			document.getElementById("tls").style.display="";
298			document.getElementById("tls_ca").style.display="";
299			document.getElementById("tls_cert").style.display="";
300	d799787e	Matthew Grooms	document.getElementById("psk").style.display="none";
301			break;
302	3c11bd3c	Matthew Grooms	case "p2p_shared_key":
303			document.getElementById("tls").style.display="none";
304			document.getElementById("tls_ca").style.display="none";
305			document.getElementById("tls_cert").style.display="none";
306	d799787e	Matthew Grooms	document.getElementById("psk").style.display="";
307			break;
308			}
309			}
310
311	3c11bd3c	Matthew Grooms	function autokey_change() {
312			if (document.iform.autokey_enable.checked)
313			document.getElementById("autokey_opts").style.display="none";
314			else
315			document.getElementById("autokey_opts").style.display="";
316			}
317
318	762a24a3	Ermal Lu?i	function useproxy_changed() {
319
320	ea1cea05	Vinicius Coque	if (jQuery('#proxy_authtype').val() != 'none') {
321			jQuery('#proxy_authtype_opts').show();
322	762a24a3	Ermal Lu?i	} else {
323	ea1cea05	Vinicius Coque	jQuery('#proxy_authtype_opts').hide();
324	762a24a3	Ermal Lu?i	}
325			}
326
327	3c11bd3c	Matthew Grooms	function tlsauth_change() {
328
329			<?php if (!$pconfig['tls']): ?>
330			if (document.iform.tlsauth_enable.checked)
331			document.getElementById("tlsauth_opts").style.display="";
332			else
333			document.getElementById("tlsauth_opts").style.display="none";
334			<?php endif; ?>
335
336			autotls_change();
337			}
338
339			function autotls_change() {
340
341			<?php if (!$pconfig['tls']): ?>
342			autocheck = document.iform.autotls_enable.checked;
343			<?php else: ?>
344			autocheck = false;
345			<?php endif; ?>
346
347			if (document.iform.tlsauth_enable.checked && !autocheck)
348			document.getElementById("autotls_opts").style.display="";
349			else
350			document.getElementById("autotls_opts").style.display="none";
351			}
352
353	d799787e	Matthew Grooms	//-->
354			</script>
355			<?php
356	428e66b6	jim-p	if (!$savemsg)
357			$savemsg = "";
358
359			if ($input_errors)
360			print_input_errors($input_errors);
361			if ($savemsg)
362			print_info_box($savemsg);
363	d799787e	Matthew Grooms	?>
364			<table width="100%" border="0" cellpadding="0" cellspacing="0">
365			<tr>
366			<td class="tabnavtbl">
367			<ul id="tabnav">
368			<?php
369			$tab_array = array();
370			$tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php");
371			$tab_array[] = array(gettext("Client"), true, "vpn_openvpn_client.php");
372			$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
373	5540aee6	Ermal Lu?i	$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
374	b63f2e8b	Matthew Grooms	add_package_tabs("OpenVPN", $tab_array);
375	d799787e	Matthew Grooms	display_top_tabs($tab_array);
376			?>
377			</ul>
378			</td>
379			</tr>
380			<tr>
381			<td class="tabcont">
382
383			<?php if($act=="new" \|\| $act=="edit"): ?>
384
385			<form action="vpn_openvpn_client.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
386			<table width="100%" border="0" cellpadding="6" cellspacing="0">
387	47c00c09	Scott Ullrich	<tr>
388	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
389	47c00c09	Scott Ullrich	</tr>
390	d799787e	Matthew Grooms	<tr>
391	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
392	d799787e	Matthew Grooms	<td width="78%" class="vtable">
393			<table border="0" cellpadding="0" cellspacing="0">
394			<tr>
395			<td>
396			<?php set_checked($pconfig['disable'],$chk); ?>
397			<input name="disable" type="checkbox" value="yes" <?=$chk;?>/>
398			</td>
399			<td>
400
401			<span class="vexpl">
402	2fa7a468	Carlos Eduardo Ramos	<strong><?=gettext("Disable this client"); ?></strong><br>
403	d799787e	Matthew Grooms	</span>
404			</td>
405			</tr>
406			</table>
407	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this client without removing it from the list"); ?>.
408	d799787e	Matthew Grooms	</td>
409			</tr>
410	3c11bd3c	Matthew Grooms	<tr>
411			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
412			<td width="78%" class="vtable">
413			<select name='mode' id='mode' class="formselect" onchange='mode_change()'>
414			<?php
415			foreach ($openvpn_client_modes as $name => $desc):
416			$selected = "";
417			if ($pconfig['mode'] == $name)
418			$selected = "selected";
419			?>
420			<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
421			<?php endforeach; ?>
422			</select>
423			</td>
424			</tr>
425	d799787e	Matthew Grooms	<tr>
426			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
427			<td width="78%" class="vtable">
428			<select name='protocol' class="formselect">
429			<?php
430			foreach ($openvpn_prots as $prot):
431			$selected = "";
432			if ($pconfig['protocol'] == $prot)
433			$selected = "selected";
434			?>
435			<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
436			<?php endforeach; ?>
437			</select>
438			</td>
439			</tr>
440	691fbf14	Ermal Lu?i	<tr>
441			<td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td>
442			<td width="78%" class="vtable">
443	4936ff53	jim-p	<select name='dev_mode' class="formselect">
444	691fbf14	Ermal Lu?i	<?php
445			foreach ($openvpn_dev_mode as $mode):
446			$selected = "";
447	4936ff53	jim-p	if ($pconfig['dev_mode'] == $mode)
448	691fbf14	Ermal Lu?i	$selected = "selected";
449			?>
450			<option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option>
451			<?php endforeach; ?>
452			</select>
453			</td>
454			</tr>
455	d799787e	Matthew Grooms	<tr>
456	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
457	d799787e	Matthew Grooms	<td width="78%" class="vtable">
458			<select name="interface" class="formselect">
459			<?php
460			$interfaces = get_configured_interface_with_descr();
461	3d06e8f0	pierrepomes	$carplist = get_configured_carp_interface_list();
462			foreach ($carplist as $cif => $carpip)
463	dd62256f	Pierre POMES	$interfaces[$cif.'\|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
464	67b0902f	pierrepomes	$aliaslist = get_configured_ip_aliases_list();
465			foreach ($aliaslist as $aliasip => $aliasif)
466	dd62256f	Pierre POMES	$interfaces[$aliasif.'\|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
467	67b0902f	pierrepomes	$interfaces['any'] = "any";
468	3d06e8f0	pierrepomes	foreach ($interfaces as $iface => $ifacename):
469	1d3bcd2a	Matthew Grooms	$selected = "";
470			if ($iface == $pconfig['interface'])
471			$selected = "selected";
472	d799787e	Matthew Grooms	?>
473	1d3bcd2a	Matthew Grooms	<option value="<?=$iface;?>" <?=$selected;?>>
474			<?=htmlspecialchars($ifacename);?>
475			</option>
476	d799787e	Matthew Grooms	<?php endforeach; ?>
477			</select> <br>
478			</td>
479			</tr>
480	1d3bcd2a	Matthew Grooms	<tr>
481			<td width="22%" valign="top" class="vncell"><?=gettext("Local port");?></td>
482			<td width="78%" class="vtable">
483			<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>"/>
484	d799787e	Matthew Grooms	<br/>
485	5708241f	jim-p	<?=gettext("Set this option if you would like to bind to a specific port. Leave this blank or enter 0 for a random dynamic port."); ?>
486	1d3bcd2a	Matthew Grooms	</td>
487			</tr>
488	d799787e	Matthew Grooms	<tr>
489			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server host or address");?></td>
490			<td width="78%" class="vtable">
491			<input name="server_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['server_addr']);?>"/>
492			</td>
493			</tr>
494			<tr>
495			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server port");?></td>
496			<td width="78%" class="vtable">
497			<input name="server_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['server_port']);?>"/>
498			</td>
499			</tr>
500			<tr>
501			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy host or address");?></td>
502			<td width="78%" class="vtable">
503			<input name="proxy_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['proxy_addr']);?>"/>
504			</td>
505			</tr>
506			<tr>
507			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy port");?></td>
508			<td width="78%" class="vtable">
509			<input name="proxy_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['proxy_port']);?>"/>
510			</td>
511			</tr>
512	762a24a3	Ermal Lu?i	<tr>
513			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy authentication extra options");?></td>
514			<td width="78%" class="vtable">
515			<table border="0" cellpadding="2" cellspacing="0">
516			<tr>
517			<td align="right" width="25%">
518			<span class="vexpl">
519	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Authentication method"); ?> :
520	762a24a3	Ermal Lu?i	</span>
521			</td>
522			<td>
523			<select name="proxy_authtype" id="proxy_authtype" class="formfld select" onChange="useproxy_changed()">
524	2fa7a468	Carlos Eduardo Ramos	<option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected"; ?>><?=gettext("none"); ?></option>
525			<option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected"; ?>><?=gettext("basic"); ?></option>
526			<option value="ntlm" <?php if ($pconfig['proxy_authtype'] == "ntlm") echo "selected"; ?>><?=gettext("ntlm"); ?></option>
527	762a24a3	Ermal Lu?i	</select>
528			</td>
529			</tr>
530			</table>
531			<br />
532			<table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none">
533			<tr>
534			<td align="right" width="25%">
535			<span class="vexpl">
536	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Username"); ?> :
537	762a24a3	Ermal Lu?i	</span>
538			</td>
539			<td>
540			<input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" />
541			</td>
542			</tr>
543			<tr>
544			<td align="right" width="25%">
545			<span class="vexpl">
546	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Password"); ?> :
547	762a24a3	Ermal Lu?i	</span>
548			</td>
549			<td>
550			<input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" />
551			</td>
552			</tr>
553			</table>
554			</td>
555			</tr>
556	d799787e	Matthew Grooms	<tr>
557	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Server host name resolution"); ?></td>
558	d799787e	Matthew Grooms	<td width="78%" class="vtable">
559			<table border="0" cellpadding="2" cellspacing="0">
560			<tr>
561			<td>
562			<?php set_checked($pconfig['resolve_retry'],$chk); ?>
563	db2872a2	Ermal Lu?i	<input name="resolve_retry" type="checkbox" value="yes" <?=$chk;?>>
564	d799787e	Matthew Grooms	</td>
565			<td>
566			<span class="vexpl">
567	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Infinitely resolve server"); ?>
568	d799787e	Matthew Grooms	</span>
569			</td>
570			</tr>
571			</table>
572	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Continuously attempt to resolve the server host " .
573			"name. Useful when communicating with a server " .
574			"that is not permanently connected to the Internet"); ?>.
575	d799787e	Matthew Grooms	</td>
576			</tr>
577			<tr>
578	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
579	d799787e	Matthew Grooms	<td width="78%" class="vtable">
580			<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>">
581			<br>
582	2fa7a468	Carlos Eduardo Ramos	<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
583	d799787e	Matthew Grooms	</td>
584			</tr>
585			<tr>
586			<td colspan="2" class="list" height="12"></td>
587			</tr>
588			<tr>
589	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
590	d799787e	Matthew Grooms	</tr>
591	3c11bd3c	Matthew Grooms	<tr id="tls">
592	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
593	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
594			<table border="0" cellpadding="2" cellspacing="0">
595			<tr>
596			<td>
597			<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
598			<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onClick="tlsauth_change()">
599			</td>
600			<td>
601			<span class="vexpl">
602	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Enable authentication of TLS packets"); ?>.
603	3c11bd3c	Matthew Grooms	</span>
604			</td>
605			</tr>
606			</table>
607			<?php if (!$pconfig['tls']): ?>
608			<table border="0" cellpadding="2" cellspacing="0" id='tlsauth_opts'>
609			<tr>
610			<td>
611			<?php set_checked($pconfig['autotls_enable'],$chk); ?>
612			<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autotls_change()">
613			</td>
614			<td>
615			<span class="vexpl">
616	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
617	3c11bd3c	Matthew Grooms	</span>
618			</td>
619			</tr>
620			</table>
621			<?php endif; ?>
622			<table border="0" cellpadding="2" cellspacing="0" id='autotls_opts'>
623			<tr>
624			<td>
625			<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
626			<br/>
627	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
628	3c11bd3c	Matthew Grooms	</td>
629			</tr>
630			</table>
631			</td>
632	d799787e	Matthew Grooms	</tr>
633	3c11bd3c	Matthew Grooms	<tr id="tls_ca">
634	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
635	d799787e	Matthew Grooms	<td width="78%" class="vtable">
636	19cdeb3e	jim-p	<?php if (count($a_ca)): ?>
637	d799787e	Matthew Grooms	<select name='caref' class="formselect">
638			<?php
639	428e66b6	jim-p	foreach ($a_ca as $ca):
640	d799787e	Matthew Grooms	$selected = "";
641			if ($pconfig['caref'] == $ca['refid'])
642			$selected = "selected";
643			?>
644	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
645	d799787e	Matthew Grooms	<?php endforeach; ?>
646			</select>
647	19cdeb3e	jim-p	<?php else: ?>
648			<b>No Certificate Authorities defined.</b> <br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>.
649			<?php endif; ?>
650	d799787e	Matthew Grooms	</td>
651			</tr>
652	3c11bd3c	Matthew Grooms	<tr id="tls_cert">
653	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td>
654	d799787e	Matthew Grooms	<td width="78%" class="vtable">
655	19cdeb3e	jim-p	<?php if (count($a_cert)): ?>
656	d799787e	Matthew Grooms	<select name='certref' class="formselect">
657			<?php
658	428e66b6	jim-p	foreach ($a_cert as $cert):
659	9e303f2f	jim-p	$selected = "";
660			$caname = "";
661			$inuse = "";
662			$revoked = "";
663			$ca = lookup_ca($cert['caref']);
664			if ($ca)
665			$caname = " (CA: {$ca['descr']})";
666			if ($pconfig['certref'] == $cert['refid'])
667			$selected = "selected";
668			if (cert_in_use($cert['refid']))
669			$inuse = " *In Use";
670			if (is_cert_revoked($cert))
671			$revoked = " *Revoked";
672	d799787e	Matthew Grooms	?>
673	6a0b3ea4	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
674	d799787e	Matthew Grooms	<?php endforeach; ?>
675			</select>
676	19cdeb3e	jim-p	<?php else: ?>
677			<b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>.
678			<?php endif; ?>
679	d799787e	Matthew Grooms	</td>
680			</tr>
681			<tr id="psk">
682	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
683	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
684			<?php if (!$pconfig['shared_key']): ?>
685			<table border="0" cellpadding="2" cellspacing="0">
686			<tr>
687			<td>
688			<?php set_checked($pconfig['autokey_enable'],$chk); ?>
689			<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autokey_change()">
690			</td>
691			<td>
692			<span class="vexpl">
693	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared key"); ?>.
694	3c11bd3c	Matthew Grooms	</span>
695			</td>
696			</tr>
697			</table>
698			<?php endif; ?>
699			<table border="0" cellpadding="2" cellspacing="0" id='autokey_opts'>
700			<tr>
701			<td>
702			<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
703			<br/>
704	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
705	3c11bd3c	Matthew Grooms	</td>
706			</tr>
707			</table>
708	d799787e	Matthew Grooms	</td>
709			</tr>
710			<tr>
711	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
712	d799787e	Matthew Grooms	<td width="78%" class="vtable">
713			<select name="crypto" class="formselect">
714			<?php
715			$cipherlist = openvpn_get_cipherlist();
716			foreach ($cipherlist as $name => $desc):
717			$selected = '';
718			if ($name == $pconfig['crypto'])
719			$selected = ' selected';
720			?>
721			<option value="<?=$name;?>"<?=$selected?>>
722			<?=htmlspecialchars($desc);?>
723			</option>
724			<?php endforeach; ?>
725			</select>
726			</td>
727			</tr>
728	582c58ae	jim-p	<tr id="engine">
729			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
730			<td width="78%" class="vtable">
731			<select name="engine" class="formselect">
732			<?php
733			$engines = openvpn_get_engines();
734			foreach ($engines as $name => $desc):
735			$selected = '';
736			if ($name == $pconfig['engine'])
737			$selected = ' selected';
738			?>
739			<option value="<?=$name;?>"<?=$selected?>>
740			<?=htmlspecialchars($desc);?>
741			</option>
742			<?php endforeach; ?>
743			</select>
744			</td>
745			</tr>
746	d799787e	Matthew Grooms	<tr>
747			<td colspan="2" class="list" height="12"></td>
748			</tr>
749			<tr>
750	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
751	d799787e	Matthew Grooms	</tr>
752			<tr>
753	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Tunnel Network"); ?></td>
754	d799787e	Matthew Grooms	<td width="78%" class="vtable">
755			<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>">
756			<br>
757	2fa7a468	Carlos Eduardo Ramos	<?=gettext("This is the virtual network used for private " .
758			"communications between this client and the " .
759			"server expressed using CIDR (eg. 10.0.8.0/24). " .
760			"The first network address is assumed to be the " .
761			"server address and the second network address " .
762			"will be assigned to the client virtual " .
763			"interface"); ?>.
764	d799787e	Matthew Grooms	</td>
765			</tr>
766			<tr>
767	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Remote Network"); ?></td>
768	d799787e	Matthew Grooms	<td width="78%" class="vtable">
769			<input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>">
770			<br>
771	2fa7a468	Carlos Eduardo Ramos	<?=gettext("This is a network that will be routed through " .
772			"the tunnel, so that a site-to-site VPN can be " .
773			"established without manually changing the " .
774			"routing tables. Expressed as a CIDR range. If " .
775			"this is a site-to-site VPN, enter here the " .
776			"remote LAN here. You may leave this blank to " .
777			"only communicate with other clients"); ?>.
778	d799787e	Matthew Grooms	</td>
779			</tr>
780			<tr>
781			<td width="22%" valign="top" class="vncell"><?=gettext("Limit outgoing bandwidth");?></td>
782			<td width="78%" class="vtable">
783			<input name="use_shaper" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['use_shaper']);?>"/>
784			<br/>
785	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Maximum outgoing bandwidth for this tunnel. " .
786			"Leave empty for no limit. The input value has " .
787			"to be something between 100 bytes/sec and 100 " .
788			"Mbytes/sec (entered as bytes per second)"); ?>.
789	d799787e	Matthew Grooms	</td>
790			</tr>
791			<tr>
792	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
793	d799787e	Matthew Grooms	<td width="78%" class="vtable">
794			<table border="0" cellpadding="2" cellspacing="0">
795			<tr>
796			<td>
797			<?php set_checked($pconfig['compression'],$chk); ?>
798			<input name="compression" type="checkbox" value="yes" <?=$chk;?>>
799			</td>
800			<td>
801			<span class="vexpl">
802	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Compress tunnel packets using the LZO algorithm"); ?>.
803	d799787e	Matthew Grooms	</span>
804			</td>
805			</tr>
806			</table>
807			</td>
808			</tr>
809			<tr>
810	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
811	d799787e	Matthew Grooms	<td width="78%" class="vtable">
812			<table border="0" cellpadding="2" cellspacing="0">
813			<tr>
814			<td>
815	1cb0b40a	Matthew Grooms	<?php set_checked($pconfig['passtos'],$chk); ?>
816			<input name="passtos" type="checkbox" value="yes" <?=$chk;?>>
817	d799787e	Matthew Grooms	</td>
818			<td>
819			<span class="vexpl">
820	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
821	d799787e	Matthew Grooms	</span>
822			</td>
823			</tr>
824			</table>
825			</td>
826			</tr>
827	c7323d81	sullrich	<tr>
828			<td colspan="2" class="list" height="12"></td>
829			</tr>
830			<tr>
831	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
832	c7323d81	sullrich	</tr>
833			<tr>
834	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
835	c7323d81	sullrich	<td width="78%" class="vtable">
836			<table border="0" cellpadding="2" cellspacing="0">
837			<tr>
838			<td>
839	dd5bf424	Scott Ullrich	<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br/>
840	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Enter any additional options you would like to add to the OpenVPN client configuration here, separated by a semicolon"); ?><br/>
841			<?=gettext("EXAMPLE: route 10.0.0.0 255.255.255.0;"); ?>
842	c7323d81	sullrich	</td>
843			</tr>
844			</table>
845			</td>
846			</tr>
847	d799787e	Matthew Grooms	<tr>
848			<td width="22%" valign="top"> </td>
849			<td width="78%">
850	2fa7a468	Carlos Eduardo Ramos	<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
851	d799787e	Matthew Grooms	<input name="act" type="hidden" value="<?=$act;?>">
852			<?php if (isset($id) && $a_client[$id]): ?>
853			<input name="id" type="hidden" value="<?=$id;?>">
854			<?php endif; ?>
855			</td>
856			</tr>
857			</table>
858			</form>
859
860			<?php else: ?>
861
862	79633b6c	Evgeny Yurchenko	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
863	7773b868	jim-p	<thead>
864	d799787e	Matthew Grooms	<tr>
865	2fa7a468	Carlos Eduardo Ramos	<td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td>
866			<td width="10%" class="listhdrr"><?=gettext("Protocol"); ?></td>
867			<td width="30%" class="listhdrr"><?=gettext("Server"); ?></td>
868			<td width="40%" class="listhdrr"><?=gettext("Description"); ?></td>
869	d799787e	Matthew Grooms	<td width="10%" class="list"></td>
870			</tr>
871	7773b868	jim-p	</thead>
872			<tbody>
873	d799787e	Matthew Grooms	<?php
874			$i = 0;
875			foreach($a_client as $client):
876			$disabled = "NO";
877	8319ee63	jim-p	if (isset($client['disable']))
878	d799787e	Matthew Grooms	$disabled = "YES";
879			$server = "{$client['server_addr']}:{$client['server_port']}";
880			?>
881	c67bbe04	Chris Buechler	<tr ondblclick="document.location='vpn_openvpn_client.php?act=edit&id=<?=$i;?>'">
882	d799787e	Matthew Grooms	<td class="listlr">
883			<?=$disabled;?>
884			</td>
885			<td class="listr">
886			<?=htmlspecialchars($client['protocol']);?>
887			</td>
888			<td class="listr">
889			<?=htmlspecialchars($server);?>
890			</td>
891	296a3cb6	Scott Ullrich	<td class="listbg">
892	d799787e	Matthew Grooms	<?=htmlspecialchars($client['description']);?>
893			</td>
894			<td valign="middle" nowrap class="list">
895			<a href="vpn_openvpn_client.php?act=edit&id=<?=$i;?>">
896	2fa7a468	Carlos Eduardo Ramos	<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit client"); ?>" width="17" height="17" border="0">
897	d799787e	Matthew Grooms	</a>
898
899	2fa7a468	Carlos Eduardo Ramos	<a href="vpn_openvpn_client.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this client?"); ?>')">
900			<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete client"); ?>" width="17" height="17" border="0">
901	d799787e	Matthew Grooms	</a>
902			</td>
903			</tr>
904			<?php
905			$i++;
906			endforeach;
907			?>
908	7773b868	jim-p	</tbody>
909			<tfoot>
910	d799787e	Matthew Grooms	<tr>
911			<td class="list" colspan="4"></td>
912			<td class="list">
913	2fa7a468	Carlos Eduardo Ramos	<a href="vpn_openvpn_client.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add client"); ?>" width="17" height="17" border="0">
914	d799787e	Matthew Grooms	</a>
915			</td>
916			</tr>
917			<tr>
918			<td colspan="4">
919			<p>
920			<?=gettext("Additional OpenVPN clients can be added here.");?>
921			</p>
922			</td>
923			</tr>
924	7773b868	jim-p	</tfoot>
925	d799787e	Matthew Grooms	</table>
926
927	ee9933b6	Renato Botelho	<?php endif; ?>
928	d799787e	Matthew Grooms
929			</td>
930			</tr>
931			</table>
932			<script language="JavaScript">
933			<!--
934	3c11bd3c	Matthew Grooms	mode_change();
935			autokey_change();
936			tlsauth_change();
937	762a24a3	Ermal Lu?i	useproxy_changed();
938	d799787e	Matthew Grooms	//-->
939			</script>
940			</body>
941			<?php include("fend.inc"); ?>
942
943			<?php
944
945			/* local utility functions */
946
947			function set_checked($var,& $chk) {
948			if($var)
949			$chk = 'checked';
950			else
951			$chk = '';
952			}
953
954			?>

Project

General

Profile

pfSense