/usr/local/www/vpn_openvpn_server.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_openvpn_server.php @ da601f8e

1	d799787e	Matthew Grooms	<?php
2			/*
3			vpn_openvpn_server.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6			All rights reserved.
7
8			Redistribution and use in source and binary forms, with or without
9			modification, are permitted provided that the following conditions are met:
10
11			1. Redistributions of source code must retain the above copyright notice,
12			this list of conditions and the following disclaimer.
13
14			2. Redistributions in binary form must reproduce the above copyright
15			notice, this list of conditions and the following disclaimer in the
16			documentation and/or other materials provided with the distribution.
17
18			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27			POSSIBILITY OF SUCH DAMAGE.
28			*/
29
30			##\|+PRIV
31			##\|*IDENT=page-openvpn-server
32			##\|*NAME=OpenVPN: Server page
33			##\|*DESCR=Allow access to the 'OpenVPN: Server' page.
34			##\|MATCH=vpn_openvpn_server.php
35			##\|-PRIV
36
37			require("guiconfig.inc");
38	d84bd468	Ermal Lu?i	require_once("openvpn.inc");
39	d799787e	Matthew Grooms
40			if (!is_array($config['openvpn']['openvpn-server']))
41			$config['openvpn']['openvpn-server'] = array();
42
43			$a_server = &$config['openvpn']['openvpn-server'];
44
45	428e66b6	jim-p	if (!is_array($config['ca']))
46			$config['ca'] = array();
47
48			$a_ca =& $config['ca'];
49
50			if (!is_array($config['cert']))
51			$config['cert'] = array();
52
53			$a_cert =& $config['cert'];
54
55			if (!is_array($config['crl']))
56			$config['crl'] = array();
57
58			$a_crl =& $config['crl'];
59
60	c1f95f5c	jim-p	foreach ($a_crl as $cid => $acrl)
61			if (!isset($acrl['refid']))
62			unset ($a_crl[$cid]);
63
64	d799787e	Matthew Grooms	$id = $_GET['id'];
65			if (isset($_POST['id']))
66			$id = $_POST['id'];
67
68			$act = $_GET['act'];
69			if (isset($_POST['act']))
70			$act = $_POST['act'];
71
72	6d9b1074	jim-p	if (isset($id) && $a_server[$id])
73			$vpnid = $a_server[$id]['vpnid'];
74			else
75			$vpnid = 0;
76
77	d799787e	Matthew Grooms	if ($_GET['act'] == "del") {
78
79	767cf960	jim-p	if (!isset($a_server[$id])) {
80	d799787e	Matthew Grooms	pfSenseHeader("vpn_openvpn_server.php");
81			exit;
82			}
83	767cf960	jim-p	if (!empty($a_server[$id]))
84			openvpn_delete('server', $a_server[$id]);
85	d799787e	Matthew Grooms	unset($a_server[$id]);
86			write_config();
87			$savemsg = gettext("Server successfully deleted")."<br/>";
88			}
89
90	f432e364	Matthew Grooms	if($_GET['act']=="new"){
91	3c11bd3c	Matthew Grooms	$pconfig['autokey_enable'] = "yes";
92			$pconfig['tlsauth_enable'] = "yes";
93			$pconfig['autotls_enable'] = "yes";
94	fe787fc7	Matthew Grooms	$pconfig['dh_length'] = 1024;
95	4936ff53	jim-p	$pconfig['dev_mode'] = "tun";
96	f432e364	Matthew Grooms	$pconfig['interface'] = "wan";
97	8cd0a3fa	jim-p	$pconfig['local_port'] = openvpn_port_next('UDP');
98	f432e364	Matthew Grooms	$pconfig['pool_enable'] = "yes";
99	41936acc	jim-p	$pconfig['cert_depth'] = 1;
100	f432e364	Matthew Grooms	}
101
102	d799787e	Matthew Grooms	if($_GET['act']=="edit"){
103
104			if (isset($id) && $a_server[$id]) {
105	870318b9	Ermal Lu?i	$pconfig['disable'] = isset($a_server[$id]['disable']);
106	3c11bd3c	Matthew Grooms	$pconfig['mode'] = $a_server[$id]['mode'];
107	d799787e	Matthew Grooms	$pconfig['protocol'] = $a_server[$id]['protocol'];
108	e8a58de4	Ermal Lu?i	$pconfig['authmode'] = $a_server[$id]['authmode'];
109	4936ff53	jim-p	$pconfig['dev_mode'] = $a_server[$id]['dev_mode'];
110	d799787e	Matthew Grooms	$pconfig['interface'] = $a_server[$id]['interface'];
111	67b0902f	pierrepomes	if (!empty($a_server[$id]['ipaddr'])) {
112			$pconfig['interface'] = $pconfig['interface'] . '\|' . $a_server[$id]['ipaddr'];
113			}
114	d799787e	Matthew Grooms	$pconfig['local_port'] = $a_server[$id]['local_port'];
115			$pconfig['description'] = $a_server[$id]['description'];
116	a9a613dd	Scott Ullrich	$pconfig['custom_options'] = $a_server[$id]['custom_options'];
117	d799787e	Matthew Grooms
118	3c11bd3c	Matthew Grooms	if ($pconfig['mode'] != "p2p_shared_key") {
119			if ($a_server[$id]['tls']) {
120			$pconfig['tlsauth_enable'] = "yes";
121			$pconfig['tls'] = base64_decode($a_server[$id]['tls']);
122			}
123	fe787fc7	Matthew Grooms	$pconfig['caref'] = $a_server[$id]['caref'];
124	6db02381	jim-p	$pconfig['crlref'] = $a_server[$id]['crlref'];
125	fe787fc7	Matthew Grooms	$pconfig['certref'] = $a_server[$id]['certref'];
126			$pconfig['dh_length'] = $a_server[$id]['dh_length'];
127	41936acc	jim-p	if (isset($a_server[$id]['cert_depth']))
128			$pconfig['cert_depth'] = $a_server[$id]['cert_depth'];
129			else
130			$pconfig['cert_depth'] = 1;
131	94823361	jim-p	if ($pconfig['mode'] == "server_tls_user")
132			$pconfig['strictusercn'] = $a_server[$id]['strictusercn'];
133	3c11bd3c	Matthew Grooms	} else
134			$pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
135	d799787e	Matthew Grooms	$pconfig['crypto'] = $a_server[$id]['crypto'];
136	582c58ae	jim-p	$pconfig['engine'] = $a_server[$id]['engine'];
137	d799787e	Matthew Grooms
138			$pconfig['tunnel_network'] = $a_server[$id]['tunnel_network'];
139	b1ba04cf	Seth Mos	$pconfig['tunnel_networkv6'] = $a_server[$id]['tunnel_networkv6'];
140	1ab6bdb5	jim-p
141	d799787e	Matthew Grooms	$pconfig['remote_network'] = $a_server[$id]['remote_network'];
142	4856df9b	jim-p	$pconfig['remote_networkv6'] = $a_server[$id]['remote_networkv6'];
143	d799787e	Matthew Grooms	$pconfig['gwredir'] = $a_server[$id]['gwredir'];
144			$pconfig['local_network'] = $a_server[$id]['local_network'];
145	b1ba04cf	Seth Mos	$pconfig['local_networkv6'] = $a_server[$id]['local_networkv6'];
146	d799787e	Matthew Grooms	$pconfig['maxclients'] = $a_server[$id]['maxclients'];
147			$pconfig['compression'] = $a_server[$id]['compression'];
148	1cb0b40a	Matthew Grooms	$pconfig['passtos'] = $a_server[$id]['passtos'];
149	d799787e	Matthew Grooms	$pconfig['client2client'] = $a_server[$id]['client2client'];
150
151	65ff8497	jim-p	$pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip'];
152	d799787e	Matthew Grooms	$pconfig['pool_enable'] = $a_server[$id]['pool_enable'];
153
154	1ab6bdb5	jim-p	$pconfig['serverbridge_dhcp'] = $a_server[$id]['serverbridge_dhcp'];
155			$pconfig['serverbridge_interface'] = $a_server[$id]['serverbridge_interface'];
156			$pconfig['serverbridge_dhcp_start'] = $a_server[$id]['serverbridge_dhcp_start'];
157			$pconfig['serverbridge_dhcp_end'] = $a_server[$id]['serverbridge_dhcp_end'];
158
159	d799787e	Matthew Grooms	$pconfig['dns_domain'] = $a_server[$id]['dns_domain'];
160			if ($pconfig['dns_domain'])
161			$pconfig['dns_domain_enable'] = true;
162
163			$pconfig['dns_server1'] = $a_server[$id]['dns_server1'];
164			$pconfig['dns_server2'] = $a_server[$id]['dns_server2'];
165			$pconfig['dns_server3'] = $a_server[$id]['dns_server3'];
166			$pconfig['dns_server4'] = $a_server[$id]['dns_server4'];
167			if ($pconfig['dns_server1'] \|\|
168			$pconfig['dns_server2'] \|\|
169			$pconfig['dns_server3'] \|\|
170			$pconfig['dns_server4'])
171			$pconfig['dns_server_enable'] = true;
172
173			$pconfig['ntp_server1'] = $a_server[$id]['ntp_server1'];
174			$pconfig['ntp_server2'] = $a_server[$id]['ntp_server2'];
175			if ($pconfig['ntp_server1'] \|\|
176			$pconfig['ntp_server2'])
177			$pconfig['ntp_server_enable'] = true;
178
179			$pconfig['netbios_enable'] = $a_server[$id]['netbios_enable'];
180			$pconfig['netbios_ntype'] = $a_server[$id]['netbios_ntype'];
181			$pconfig['netbios_scope'] = $a_server[$id]['netbios_scope'];
182
183			$pconfig['wins_server1'] = $a_server[$id]['wins_server1'];
184			$pconfig['wins_server2'] = $a_server[$id]['wins_server2'];
185			if ($pconfig['wins_server1'] \|\|
186			$pconfig['wins_server2'])
187			$pconfig['wins_server_enable'] = true;
188
189			$pconfig['nbdd_server1'] = $a_server[$id]['nbdd_server1'];
190			if ($pconfig['nbdd_server1'])
191			$pconfig['nbdd_server_enable'] = true;
192	3c11bd3c	Matthew Grooms
193			// just in case the modes switch
194			$pconfig['autokey_enable'] = "yes";
195			$pconfig['autotls_enable'] = "yes";
196	bca35cff	jim-p
197			$pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']);
198	d799787e	Matthew Grooms	}
199			}
200			if ($_POST) {
201
202			unset($input_errors);
203			$pconfig = $_POST;
204
205	f432e364	Matthew Grooms	if (isset($id) && $a_server[$id])
206			$vpnid = $a_server[$id]['vpnid'];
207			else
208			$vpnid = 0;
209
210	98c0c87a	jim-p	if ($pconfig['mode'] != "p2p_shared_key")
211	3c11bd3c	Matthew Grooms	$tls_mode = true;
212			else
213			$tls_mode = false;
214
215	b0b6d575	jim-p	if (empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") \|\| ($pconfig['mode'] == "server_tls_user")))
216			$input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth.");
217
218	d799787e	Matthew Grooms	/* input validation */
219			if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
220			$input_errors[] = $result;
221
222			if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network'))
223			$input_errors[] = $result;
224
225			if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network'))
226			$input_errors[] = $result;
227
228			if ($result = openvpn_validate_cidr($pconfig['local_network'], 'Local network'))
229			$input_errors[] = $result;
230
231	5accf130	jim-p	$portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']);
232			if (($portused != $vpnid) && ($portused != 0))
233	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
234	f432e364	Matthew Grooms
235	89e6e210	jim-p	if ($pconfig['autokey_enable'])
236			$pconfig['shared_key'] = openvpn_create_key();
237
238	3c11bd3c	Matthew Grooms	if (!$tls_mode && !$pconfig['autokey_enable'])
239	d799787e	Matthew Grooms	if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") \|\|
240			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
241	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
242	3c11bd3c	Matthew Grooms
243			if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
244			if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") \|\|
245			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
246	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
247	d799787e	Matthew Grooms
248			if ($pconfig['dns_server_enable']) {
249			if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1'])))
250	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
251	d799787e	Matthew Grooms	if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2'])))
252	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
253	d799787e	Matthew Grooms	if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3'])))
254	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
255	d799787e	Matthew Grooms	if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4'])))
256	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
257	d799787e	Matthew Grooms	}
258
259			if ($pconfig['ntp_server_enable']) {
260			if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1'])))
261	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
262	d799787e	Matthew Grooms	if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2'])))
263	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
264	d799787e	Matthew Grooms	if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3'])))
265	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address");
266	d799787e	Matthew Grooms	if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4'])))
267	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address");
268	d799787e	Matthew Grooms	}
269
270			if ($pconfig['netbios_enable']) {
271			if ($pconfig['wins_server_enable']) {
272			if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1'])))
273	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
274	d799787e	Matthew Grooms	if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2'])))
275	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
276	d799787e	Matthew Grooms	}
277			if ($pconfig['nbdd_server_enable'])
278			if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1'])))
279	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
280	d799787e	Matthew Grooms	}
281
282			if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients']))
283	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Concurrent connections' must be numeric.");
284	d799787e	Matthew Grooms
285	21c776dd	jim-p	/* If we are not in shared key mode, then we need the CA/Cert. */
286			if ($pconfig['mode'] != "p2p_shared_key") {
287	872d9195	Matthew Grooms	$reqdfields = explode(" ", "caref certref");
288	fe6d7a55	jim-p	$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
289	21c776dd	jim-p	} elseif (!$pconfig['autokey_enable']) {
290			/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
291			$reqdfields = array('shared_key');
292	4d8b3382	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext('Shared key'));
293	d799787e	Matthew Grooms	}
294
295	1ab6bdb5	jim-p	if ($pconfig['dev_mode'] != "tap") {
296			$reqdfields[] = 'tunnel_network';
297			$reqdfieldsn[] = gettext('Tunnel network');
298			} else {
299	74a556a3	jim-p	if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network'])
300			$input_errors[] = gettext("Using a tunnel network and server bridge settings together is not allowed.");
301	1ab6bdb5	jim-p	if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end'])
302			\|\| (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end']))
303			$input_errors[] = gettext("Server Bridge DHCP Start and End must both be empty, or defined.");
304			if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_start'])))
305			$input_errors[] = gettext("Server Bridge DHCP Start must be an IPv4 address.");
306			if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_end'])))
307			$input_errors[] = gettext("Server Bridge DHCP End must be an IPv4 address.");
308			if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end']))
309			$input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end).");
310			}
311	d799787e	Matthew Grooms	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
312
313			if (!$input_errors) {
314
315			$server = array();
316
317	da601f8e	PiBa-NL	if ($id && $pconfig['dev_mode'] <> $a_server[$id]['dev_mode'])
318			openvpn_delete('server', $a_server[$id]);// delete(rename) old interface so a new TUN or TAP interface can be created.
319
320	f432e364	Matthew Grooms	if ($vpnid)
321			$server['vpnid'] = $vpnid;
322	e28120e5	Matthew Grooms	else
323	d799787e	Matthew Grooms	$server['vpnid'] = openvpn_vpnid_next();
324
325	870318b9	Ermal Lu?i	if ($_POST['disable'] == "yes")
326			$server['disable'] = true;
327	3c11bd3c	Matthew Grooms	$server['mode'] = $pconfig['mode'];
328	8a47c190	Ermal Lu?i	if (!empty($pconfig['authmode']))
329			$server['authmode'] = implode(",", $pconfig['authmode']);
330	d799787e	Matthew Grooms	$server['protocol'] = $pconfig['protocol'];
331	4936ff53	jim-p	$server['dev_mode'] = $pconfig['dev_mode'];
332	67b0902f	pierrepomes	list($server['interface'], $server['ipaddr']) = explode ("\|",$pconfig['interface']);
333	d799787e	Matthew Grooms	$server['local_port'] = $pconfig['local_port'];
334			$server['description'] = $pconfig['description'];
335	e3bbd29a	Ermal	$server['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
336	d799787e	Matthew Grooms
337	3c11bd3c	Matthew Grooms	if ($tls_mode) {
338			if ($pconfig['tlsauth_enable']) {
339			if ($pconfig['autotls_enable'])
340			$pconfig['tls'] = openvpn_create_key();
341			$server['tls'] = base64_encode($pconfig['tls']);
342			}
343	fe787fc7	Matthew Grooms	$server['caref'] = $pconfig['caref'];
344	6db02381	jim-p	$server['crlref'] = $pconfig['crlref'];
345	fe787fc7	Matthew Grooms	$server['certref'] = $pconfig['certref'];
346			$server['dh_length'] = $pconfig['dh_length'];
347	98963f27	jim-p	$server['cert_depth'] = $pconfig['cert_depth'];
348	94823361	jim-p	if ($pconfig['mode'] == "server_tls_user")
349			$server['strictusercn'] = $pconfig['strictusercn'];
350	3c11bd3c	Matthew Grooms	} else {
351			$server['shared_key'] = base64_encode($pconfig['shared_key']);
352	d799787e	Matthew Grooms	}
353			$server['crypto'] = $pconfig['crypto'];
354	582c58ae	jim-p	$server['engine'] = $pconfig['engine'];
355	d799787e	Matthew Grooms
356			$server['tunnel_network'] = $pconfig['tunnel_network'];
357	b1ba04cf	Seth Mos	$server['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
358	d799787e	Matthew Grooms	$server['remote_network'] = $pconfig['remote_network'];
359	4856df9b	jim-p	$server['remote_networkv6'] = $pconfig['remote_networkv6'];
360	d799787e	Matthew Grooms	$server['gwredir'] = $pconfig['gwredir'];
361			$server['local_network'] = $pconfig['local_network'];
362	b1ba04cf	Seth Mos	$server['local_networkv6'] = $pconfig['local_networkv6'];
363	d799787e	Matthew Grooms	$server['maxclients'] = $pconfig['maxclients'];
364			$server['compression'] = $pconfig['compression'];
365	1cb0b40a	Matthew Grooms	$server['passtos'] = $pconfig['passtos'];
366	d799787e	Matthew Grooms	$server['client2client'] = $pconfig['client2client'];
367
368	65ff8497	jim-p	$server['dynamic_ip'] = $pconfig['dynamic_ip'];
369	d799787e	Matthew Grooms	$server['pool_enable'] = $pconfig['pool_enable'];
370
371	1ab6bdb5	jim-p	$server['serverbridge_dhcp'] = $pconfig['serverbridge_dhcp'];
372			$server['serverbridge_interface'] = $pconfig['serverbridge_interface'];
373			$server['serverbridge_dhcp_start'] = $pconfig['serverbridge_dhcp_start'];
374			$server['serverbridge_dhcp_end'] = $pconfig['serverbridge_dhcp_end'];
375
376	d799787e	Matthew Grooms	if ($pconfig['dns_domain_enable'])
377			$server['dns_domain'] = $pconfig['dns_domain'];
378
379			if ($pconfig['dns_server_enable']) {
380			$server['dns_server1'] = $pconfig['dns_server1'];
381			$server['dns_server2'] = $pconfig['dns_server2'];
382			$server['dns_server3'] = $pconfig['dns_server3'];
383			$server['dns_server4'] = $pconfig['dns_server4'];
384			}
385
386			if ($pconfig['ntp_server_enable']) {
387			$server['ntp_server1'] = $pconfig['ntp_server1'];
388			$server['ntp_server2'] = $pconfig['ntp_server2'];
389			}
390
391			$server['netbios_enable'] = $pconfig['netbios_enable'];
392			$server['netbios_ntype'] = $pconfig['netbios_ntype'];
393			$server['netbios_scope'] = $pconfig['netbios_scope'];
394
395			if ($pconfig['netbios_enable']) {
396
397			if ($pconfig['wins_server_enable']) {
398			$server['wins_server1'] = $pconfig['wins_server1'];
399			$server['wins_server2'] = $pconfig['wins_server2'];
400			}
401
402			if ($pconfig['dns_server_enable'])
403			$server['nbdd_server1'] = $pconfig['nbdd_server1'];
404			}
405	bca35cff	jim-p
406			if ($_POST['duplicate_cn'] == "yes")
407			$server['duplicate_cn'] = true;
408
409	d799787e	Matthew Grooms	if (isset($id) && $a_server[$id])
410			$a_server[$id] = $server;
411			else
412			$a_server[] = $server;
413
414	dc408939	Matthew Grooms	openvpn_resync('server', $server);
415	d799787e	Matthew Grooms	write_config();
416
417			header("Location: vpn_openvpn_server.php");
418			exit;
419			}
420	8a47c190	Ermal Lu?i	if (!empty($pconfig['authmode']))
421			$pconfig['authmode'] = implode(",", $pconfig['authmode']);
422	d799787e	Matthew Grooms	}
423	6d9b1074	jim-p	$pgtitle = array(gettext("OpenVPN"), gettext("Server"));
424			$shortcut_section = "openvpn";
425	d799787e	Matthew Grooms
426			include("head.inc");
427
428			?>
429
430			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
431			<?php include("fbegin.inc"); ?>
432			<script language="JavaScript">
433			<!--
434
435	3c11bd3c	Matthew Grooms	function mode_change() {
436			index = document.iform.mode.selectedIndex;
437			value = document.iform.mode.options[index].value;
438	d799787e	Matthew Grooms	switch(value) {
439	3c11bd3c	Matthew Grooms	case "p2p_tls":
440			case "server_tls":
441			case "server_user":
442	94823361	jim-p	document.getElementById("tls").style.display="";
443			document.getElementById("tls_ca").style.display="";
444			document.getElementById("tls_crl").style.display="";
445			document.getElementById("tls_cert").style.display="";
446			document.getElementById("tls_dh").style.display="";
447	98963f27	jim-p	document.getElementById("cert_depth").style.display="";
448	94823361	jim-p	document.getElementById("strictusercn").style.display="none";
449			document.getElementById("psk").style.display="none";
450			break;
451	3c11bd3c	Matthew Grooms	case "server_tls_user":
452			document.getElementById("tls").style.display="";
453			document.getElementById("tls_ca").style.display="";
454	6db02381	jim-p	document.getElementById("tls_crl").style.display="";
455	3c11bd3c	Matthew Grooms	document.getElementById("tls_cert").style.display="";
456	fe787fc7	Matthew Grooms	document.getElementById("tls_dh").style.display="";
457	98963f27	jim-p	document.getElementById("cert_depth").style.display="";
458	94823361	jim-p	document.getElementById("strictusercn").style.display="";
459	d799787e	Matthew Grooms	document.getElementById("psk").style.display="none";
460			break;
461	3c11bd3c	Matthew Grooms	case "p2p_shared_key":
462			document.getElementById("tls").style.display="none";
463			document.getElementById("tls_ca").style.display="none";
464	6db02381	jim-p	document.getElementById("tls_crl").style.display="none";
465	3c11bd3c	Matthew Grooms	document.getElementById("tls_cert").style.display="none";
466	fe787fc7	Matthew Grooms	document.getElementById("tls_dh").style.display="none";
467	98963f27	jim-p	document.getElementById("cert_depth").style.display="none";
468	94823361	jim-p	document.getElementById("strictusercn").style.display="none";
469	d799787e	Matthew Grooms	document.getElementById("psk").style.display="";
470			break;
471			}
472	3c11bd3c	Matthew Grooms	switch(value) {
473			case "p2p_shared_key":
474			document.getElementById("client_opts").style.display="none";
475	415bddea	jim-p	document.getElementById("remote_optsv4").style.display="";
476			document.getElementById("remote_optsv6").style.display="";
477	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="none";
478	4856df9b	jim-p	document.getElementById("local_optsv4").style.display="none";
479			document.getElementById("local_optsv6").style.display="none";
480	b008c1eb	jim-p	document.getElementById("authmodetr").style.display="none";
481	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="none";
482	b008c1eb	jim-p	break;
483			case "p2p_tls":
484			document.getElementById("client_opts").style.display="none";
485	415bddea	jim-p	document.getElementById("remote_optsv4").style.display="";
486			document.getElementById("remote_optsv6").style.display="";
487	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="";
488	4856df9b	jim-p	document.getElementById("local_optsv4").style.display="";
489			document.getElementById("local_optsv6").style.display="";
490	e8a58de4	Ermal Lu?i	document.getElementById("authmodetr").style.display="none";
491	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="none";
492	3c11bd3c	Matthew Grooms	break;
493	e8a58de4	Ermal Lu?i	case "server_user":
494			case "server_tls_user":
495			document.getElementById("authmodetr").style.display="";
496	54b9de56	Ermal Lu?i	document.getElementById("client_opts").style.display="";
497	415bddea	jim-p	document.getElementById("remote_optsv4").style.display="none";
498			document.getElementById("remote_optsv6").style.display="none";
499	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="";
500	4856df9b	jim-p	document.getElementById("local_optsv4").style.display="";
501			document.getElementById("local_optsv6").style.display="";
502	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="";
503	54b9de56	Ermal Lu?i	break;
504			case "server_tls":
505			document.getElementById("authmodetr").style.display="none";
506	3c11bd3c	Matthew Grooms	default:
507			document.getElementById("client_opts").style.display="";
508	415bddea	jim-p	document.getElementById("remote_optsv4").style.display="none";
509			document.getElementById("remote_optsv6").style.display="none";
510	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="";
511	4856df9b	jim-p	document.getElementById("local_optsv4").style.display="";
512			document.getElementById("local_optsv6").style.display="";
513	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="";
514	3c11bd3c	Matthew Grooms	break;
515			}
516	a2ff08f8	jim-p	gwredir_change();
517	3c11bd3c	Matthew Grooms	}
518
519			function autokey_change() {
520
521			if (document.iform.autokey_enable.checked)
522			document.getElementById("autokey_opts").style.display="none";
523			else
524			document.getElementById("autokey_opts").style.display="";
525			}
526
527			function tlsauth_change() {
528
529			<?php if (!$pconfig['tls']): ?>
530			if (document.iform.tlsauth_enable.checked)
531			document.getElementById("tlsauth_opts").style.display="";
532			else
533			document.getElementById("tlsauth_opts").style.display="none";
534			<?php endif; ?>
535
536			autotls_change();
537			}
538
539			function autotls_change() {
540
541			<?php if (!$pconfig['tls']): ?>
542			autocheck = document.iform.autotls_enable.checked;
543			<?php else: ?>
544			autocheck = false;
545			<?php endif; ?>
546
547			if (document.iform.tlsauth_enable.checked && !autocheck)
548			document.getElementById("autotls_opts").style.display="";
549			else
550			document.getElementById("autotls_opts").style.display="none";
551	d799787e	Matthew Grooms	}
552
553			function gwredir_change() {
554
555	fd96a3fc	bcyrill	if (document.iform.gwredir.checked) {
556			document.getElementById("local_optsv4").style.display="none";
557			document.getElementById("local_optsv6").style.display="none";
558			} else {
559			document.getElementById("local_optsv4").style.display="";
560			document.getElementById("local_optsv6").style.display="";
561			}
562	d799787e	Matthew Grooms	}
563
564			function dns_domain_change() {
565
566			if (document.iform.dns_domain_enable.checked)
567			document.getElementById("dns_domain_data").style.display="";
568			else
569			document.getElementById("dns_domain_data").style.display="none";
570			}
571
572			function dns_server_change() {
573
574			if (document.iform.dns_server_enable.checked)
575			document.getElementById("dns_server_data").style.display="";
576			else
577			document.getElementById("dns_server_data").style.display="none";
578			}
579
580			function wins_server_change() {
581
582			if (document.iform.wins_server_enable.checked)
583			document.getElementById("wins_server_data").style.display="";
584			else
585			document.getElementById("wins_server_data").style.display="none";
586			}
587
588			function ntp_server_change() {
589
590			if (document.iform.ntp_server_enable.checked)
591			document.getElementById("ntp_server_data").style.display="";
592			else
593			document.getElementById("ntp_server_data").style.display="none";
594			}
595
596			function netbios_change() {
597
598			if (document.iform.netbios_enable.checked) {
599			document.getElementById("netbios_data").style.display="";
600			document.getElementById("wins_opts").style.display="";
601			} else {
602			document.getElementById("netbios_data").style.display="none";
603			document.getElementById("wins_opts").style.display="none";
604			}
605			}
606
607	1ab6bdb5	jim-p	function tuntap_change() {
608
609			mindex = document.iform.mode.selectedIndex;
610			mvalue = document.iform.mode.options[mindex].value;
611
612			switch(mvalue) {
613			case "p2p_tls":
614			case "p2p_shared_key":
615			p2p = true;
616			break;
617			default:
618			p2p = false;
619			break;
620			}
621
622			index = document.iform.dev_mode.selectedIndex;
623			value = document.iform.dev_mode.options[index].value;
624			switch(value) {
625			case "tun":
626	74a556a3	jim-p	document.getElementById("ipv4_tunnel_network").className="vncellreq";
627	1ab6bdb5	jim-p	document.getElementById("serverbridge_dhcp").style.display="none";
628			document.getElementById("serverbridge_interface").style.display="none";
629			document.getElementById("serverbridge_dhcp_start").style.display="none";
630			document.getElementById("serverbridge_dhcp_end").style.display="none";
631			break;
632			case "tap":
633	74a556a3	jim-p	document.getElementById("ipv4_tunnel_network").className="vncell";
634	1ab6bdb5	jim-p	if (!p2p) {
635			document.getElementById("serverbridge_dhcp").style.display="";
636			document.getElementById("serverbridge_interface").style.display="";
637			document.getElementById("serverbridge_dhcp_start").style.display="";
638			document.getElementById("serverbridge_dhcp_end").style.display="";
639			if (document.iform.serverbridge_dhcp.checked) {
640			document.iform.serverbridge_interface.disabled = false;
641			document.iform.serverbridge_dhcp_start.disabled = false;
642			document.iform.serverbridge_dhcp_end.disabled = false;
643			} else {
644			document.iform.serverbridge_interface.disabled = true;
645			document.iform.serverbridge_dhcp_start.disabled = true;
646			document.iform.serverbridge_dhcp_end.disabled = true;
647			}
648			} else {
649			document.iform.serverbridge_dhcp.disabled = true;
650			document.iform.serverbridge_interface.disabled = true;
651			document.iform.serverbridge_dhcp_start.disabled = true;
652			document.iform.serverbridge_dhcp_end.disabled = true;
653			}
654			break;
655			}
656			}
657	d799787e	Matthew Grooms	//-->
658			</script>
659			<?php
660	428e66b6	jim-p	if (!$savemsg)
661			$savemsg = "";
662
663			if ($input_errors)
664			print_input_errors($input_errors);
665			if ($savemsg)
666			print_info_box_np($savemsg);
667	d799787e	Matthew Grooms	?>
668			<table width="100%" border="0" cellpadding="0" cellspacing="0">
669	5a3b0d3b	mgrooms	<tr>
670	d799787e	Matthew Grooms	<td class="tabnavtbl">
671			<ul id="tabnav">
672			<?php
673			$tab_array = array();
674			$tab_array[] = array(gettext("Server"), true, "vpn_openvpn_server.php");
675			$tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php");
676			$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
677	5540aee6	Ermal Lu?i	$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
678	b63f2e8b	Matthew Grooms	add_package_tabs("OpenVPN", $tab_array);
679	d799787e	Matthew Grooms	display_top_tabs($tab_array);
680			?>
681			</ul>
682			</td>
683			</tr>
684			<tr>
685			<td class="tabcont">
686
687			<?php if($act=="new" \|\| $act=="edit"): ?>
688
689			<form action="vpn_openvpn_server.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
690			<table width="100%" border="0" cellpadding="6" cellspacing="0">
691	47c00c09	Scott Ullrich	<tr>
692	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
693	b63f2e8b	Matthew Grooms	</tr>
694	d799787e	Matthew Grooms	<tr>
695	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
696	d799787e	Matthew Grooms	<td width="78%" class="vtable">
697			<table border="0" cellpadding="0" cellspacing="0">
698			<tr>
699			<td>
700			<?php set_checked($pconfig['disable'],$chk); ?>
701			<input name="disable" type="checkbox" value="yes" <?=$chk;?>/>
702			</td>
703			<td>
704
705			<span class="vexpl">
706	4d8b3382	Carlos Eduardo Ramos	<strong><?=gettext("Disable this server"); ?></strong><br>
707	d799787e	Matthew Grooms	</span>
708			</td>
709			</tr>
710			</table>
711	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this server without removing it from the list"); ?>.
712	d799787e	Matthew Grooms	</td>
713			</tr>
714	3c11bd3c	Matthew Grooms	<tr>
715			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
716			<td width="78%" class="vtable">
717	1ab6bdb5	jim-p	<select name='mode' id='mode' class="formselect" onchange='mode_change(); tuntap_change()'>
718	3c11bd3c	Matthew Grooms	<?php
719			foreach ($openvpn_server_modes as $name => $desc):
720			$selected = "";
721			if ($pconfig['mode'] == $name)
722			$selected = "selected";
723			?>
724			<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
725			<?php endforeach; ?>
726			</select>
727			</td>
728			</tr>
729	e8a58de4	Ermal Lu?i	<tr id="authmodetr" style="display:none">
730			<td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td>
731			<td width="78%" class="vtable">
732	6306b5dd	Ermal Lu?i	<select name='authmode[]' id='authmode' class="formselect" multiple="true" size="<?php echo count($auth_servers); ?>">
733	c61e4626	Ermal Lu?i	<?php $authmodes = explode(",", $pconfig['authmode']); ?>
734	e8a58de4	Ermal Lu?i	<?php
735	6306b5dd	Ermal Lu?i	$auth_servers = auth_get_authserver_list();
736	e8a58de4	Ermal Lu?i	foreach ($auth_servers as $auth_server):
737			$selected = "";
738	c61e4626	Ermal Lu?i	if (in_array($auth_server['name'], $authmodes))
739	e8a58de4	Ermal Lu?i	$selected = "selected";
740			?>
741			<option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option>
742			<?php endforeach; ?>
743			</select>
744			</td>
745			</tr>
746	d799787e	Matthew Grooms	<tr>
747			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
748			<td width="78%" class="vtable">
749			<select name='protocol' class="formselect">
750			<?php
751			foreach ($openvpn_prots as $prot):
752			$selected = "";
753			if ($pconfig['protocol'] == $prot)
754			$selected = "selected";
755			?>
756			<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
757			<?php endforeach; ?>
758			</select>
759			</td>
760			</tr>
761	bf87b4d7	lgcosta	<tr>
762			<td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td>
763			<td width="78%" class="vtable">
764	1ab6bdb5	jim-p	<select name="dev_mode" class="formselect" onchange='tuntap_change()'>
765	bf87b4d7	lgcosta	<?php
766			foreach ($openvpn_dev_mode as $device):
767	71edee5e	lgcosta	$selected = "";
768	4936ff53	jim-p	if (! empty($pconfig['dev_mode'])) {
769			if ($pconfig['dev_mode'] == $device)
770	71edee5e	lgcosta	$selected = "selected";
771			} else {
772			if ($device == "tun")
773			$selected = "selected";
774			}
775	bf87b4d7	lgcosta	?>
776			<option value="<?=$device;?>" <?=$selected;?>><?=$device;?></option>
777			<?php endforeach; ?>
778			</select>
779			</td>
780			</tr>
781	d799787e	Matthew Grooms	<tr>
782	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
783	d799787e	Matthew Grooms	<td width="78%" class="vtable">
784			<select name="interface" class="formselect">
785			<?php
786			$interfaces = get_configured_interface_with_descr();
787	3d06e8f0	pierrepomes	$carplist = get_configured_carp_interface_list();
788			foreach ($carplist as $cif => $carpip)
789	dd62256f	Pierre POMES	$interfaces[$cif.'\|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
790	67b0902f	pierrepomes	$aliaslist = get_configured_ip_aliases_list();
791			foreach ($aliaslist as $aliasip => $aliasif)
792	dd62256f	Pierre POMES	$interfaces[$aliasif.'\|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
793	47c48e28	smos	$grouplist = return_gateway_groups_array();
794			foreach ($grouplist as $name => $group) {
795			if($group['ipprotocol'] != inet)
796			continue;
797			if($group[0]['vip'] <> "")
798			$vipif = $group[0]['vip'];
799			else
800			$vipif = $group[0]['int'];
801			$interfaces[$name] = "GW Group {$name}";
802			}
803	67b0902f	pierrepomes	$interfaces['any'] = "any";
804	d799787e	Matthew Grooms	foreach ($interfaces as $iface => $ifacename):
805	1d3bcd2a	Matthew Grooms	$selected = "";
806			if ($iface == $pconfig['interface'])
807			$selected = "selected";
808	d799787e	Matthew Grooms	?>
809	1d3bcd2a	Matthew Grooms	<option value="<?=$iface;?>" <?=$selected;?>>
810			<?=htmlspecialchars($ifacename);?>
811			</option>
812	d799787e	Matthew Grooms	<?php endforeach; ?>
813			</select> <br>
814			</td>
815			</tr>
816			<tr>
817			<td width="22%" valign="top" class="vncellreq"><?=gettext("Local port");?></td>
818			<td width="78%" class="vtable">
819			<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>"/>
820			</td>
821			</tr>
822			<tr>
823	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
824	d799787e	Matthew Grooms	<td width="78%" class="vtable">
825			<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>">
826			<br>
827	4d8b3382	Carlos Eduardo Ramos	<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
828	d799787e	Matthew Grooms	</td>
829			</tr>
830			<tr>
831			<td colspan="2" class="list" height="12"></td>
832			</tr>
833			<tr>
834	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
835	d799787e	Matthew Grooms	</tr>
836	3c11bd3c	Matthew Grooms	<tr id="tls">
837	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
838	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
839			<table border="0" cellpadding="2" cellspacing="0">
840			<tr>
841			<td>
842			<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
843			<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onClick="tlsauth_change()">
844			</td>
845			<td>
846			<span class="vexpl">
847	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Enable authentication of TLS packets"); ?>.
848	3c11bd3c	Matthew Grooms	</span>
849			</td>
850			</tr>
851			</table>
852			<?php if (!$pconfig['tls']): ?>
853			<table border="0" cellpadding="2" cellspacing="0" id='tlsauth_opts'>
854			<tr>
855			<td>
856			<?php set_checked($pconfig['autotls_enable'],$chk); ?>
857			<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autotls_change()">
858			</td>
859			<td>
860			<span class="vexpl">
861	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
862	3c11bd3c	Matthew Grooms	</span>
863			</td>
864			</tr>
865			</table>
866			<?php endif; ?>
867			<table border="0" cellpadding="2" cellspacing="0" id='autotls_opts'>
868			<tr>
869			<td>
870			<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
871			<br/>
872	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
873	3c11bd3c	Matthew Grooms	</td>
874			</tr>
875			</table>
876			</td>
877	d799787e	Matthew Grooms	</tr>
878	3c11bd3c	Matthew Grooms	<tr id="tls_ca">
879	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
880	d799787e	Matthew Grooms	<td width="78%" class="vtable">
881	19cdeb3e	jim-p	<?php if (count($a_ca)): ?>
882	d799787e	Matthew Grooms	<select name='caref' class="formselect">
883			<?php
884	428e66b6	jim-p	foreach ($a_ca as $ca):
885	d799787e	Matthew Grooms	$selected = "";
886			if ($pconfig['caref'] == $ca['refid'])
887			$selected = "selected";
888			?>
889	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
890	d799787e	Matthew Grooms	<?php endforeach; ?>
891			</select>
892	19cdeb3e	jim-p	<?php else: ?>
893			<b>No Certificate Authorities defined.</b> <br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>.
894			<?php endif; ?>
895	d799787e	Matthew Grooms	</td>
896			</tr>
897	6db02381	jim-p	<tr id="tls_crl">
898			<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Revocation List"); ?></td>
899			<td width="78%" class="vtable">
900	19cdeb3e	jim-p	<?php if (count($a_crl)): ?>
901	6db02381	jim-p	<select name='crlref' class="formselect">
902			<option value="">None</option>
903			<?php
904	428e66b6	jim-p	foreach ($a_crl as $crl):
905	6db02381	jim-p	$selected = "";
906	f02c3e1d	jim-p	$caname = "";
907			$ca = lookup_ca($crl['caref']);
908			if ($ca) {
909			$caname = " (CA: {$ca['descr']})";
910			if ($pconfig['crlref'] == $crl['refid'])
911			$selected = "selected";
912			}
913	6db02381	jim-p	?>
914	f02c3e1d	jim-p	<option value="<?=$crl['refid'];?>" <?=$selected;?>><?=$crl['descr'] . $caname;?></option>
915	6db02381	jim-p	<?php endforeach; ?>
916			</select>
917	19cdeb3e	jim-p	<?php else: ?>
918			<b>No Certificate Revocation Lists (CRLs) defined.</b> <br/>Create one under <a href="system_crlmanager.php">System > Cert Manager</a>.
919			<?php endif; ?>
920	6db02381	jim-p	</td>
921			</tr>
922	3c11bd3c	Matthew Grooms	<tr id="tls_cert">
923	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Certificate"); ?></td>
924	d799787e	Matthew Grooms	<td width="78%" class="vtable">
925	19cdeb3e	jim-p	<?php if (count($a_cert)): ?>
926	d799787e	Matthew Grooms	<select name='certref' class="formselect">
927			<?php
928	428e66b6	jim-p	foreach ($a_cert as $cert):
929	9e303f2f	jim-p	$selected = "";
930			$caname = "";
931			$inuse = "";
932			$revoked = "";
933			$ca = lookup_ca($cert['caref']);
934			if ($ca)
935			$caname = " (CA: {$ca['descr']})";
936			if ($pconfig['certref'] == $cert['refid'])
937			$selected = "selected";
938			if (cert_in_use($cert['refid']))
939			$inuse = " *In Use";
940			if (is_cert_revoked($cert))
941			$revoked = " *Revoked";
942	d799787e	Matthew Grooms	?>
943	6a0b3ea4	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
944	d799787e	Matthew Grooms	<?php endforeach; ?>
945			</select>
946	19cdeb3e	jim-p	<?php else: ?>
947			<b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>.
948			<?php endif; ?>
949	d799787e	Matthew Grooms	</td>
950			</tr>
951	fe787fc7	Matthew Grooms	<tr id="tls_dh">
952	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH Parameters Length"); ?></td>
953	fe787fc7	Matthew Grooms	<td width="78%" class="vtable">
954			<select name="dh_length" class="formselect">
955			<?php
956			foreach ($openvpn_dh_lengths as $length):
957			$selected = '';
958			if ($length == $pconfig['dh_length'])
959			$selected = ' selected';
960			?>
961			<option<?=$selected?>><?=$length;?></option>
962			<?php endforeach; ?>
963			</select>
964			<span class="vexpl">
965	1c83021a	Carlos Eduardo Ramos	<?=gettext("bits"); ?>
966	fe787fc7	Matthew Grooms	</span>
967			</td>
968			</tr>
969	d799787e	Matthew Grooms	<tr id="psk">
970	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
971	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
972			<?php if (!$pconfig['shared_key']): ?>
973			<table border="0" cellpadding="2" cellspacing="0">
974			<tr>
975			<td>
976			<?php set_checked($pconfig['autokey_enable'],$chk); ?>
977			<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autokey_change()">
978			</td>
979			<td>
980			<span class="vexpl">
981	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared key"); ?>.
982	3c11bd3c	Matthew Grooms	</span>
983			</td>
984			</tr>
985			</table>
986			<?php endif; ?>
987			<table border="0" cellpadding="2" cellspacing="0" id='autokey_opts'>
988			<tr>
989			<td>
990			<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
991			<br/>
992	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
993	3c11bd3c	Matthew Grooms	</td>
994			</tr>
995			</table>
996	d799787e	Matthew Grooms	</td>
997			</tr>
998			<tr>
999	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
1000	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1001			<select name="crypto" class="formselect">
1002			<?php
1003			$cipherlist = openvpn_get_cipherlist();
1004			foreach ($cipherlist as $name => $desc):
1005			$selected = '';
1006			if ($name == $pconfig['crypto'])
1007			$selected = ' selected';
1008			?>
1009			<option value="<?=$name;?>"<?=$selected?>>
1010			<?=htmlspecialchars($desc);?>
1011			</option>
1012			<?php endforeach; ?>
1013	582c58ae	jim-p	</select>
1014			</td>
1015			</tr>
1016			<tr id="engine">
1017			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
1018			<td width="78%" class="vtable">
1019			<select name="engine" class="formselect">
1020			<?php
1021			$engines = openvpn_get_engines();
1022			foreach ($engines as $name => $desc):
1023			$selected = '';
1024			if ($name == $pconfig['engine'])
1025			$selected = ' selected';
1026			?>
1027			<option value="<?=$name;?>"<?=$selected?>>
1028			<?=htmlspecialchars($desc);?>
1029			</option>
1030			<?php endforeach; ?>
1031	d799787e	Matthew Grooms	</select>
1032			</td>
1033			</tr>
1034	98963f27	jim-p	<tr id="cert_depth">
1035			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate Depth"); ?></td>
1036			<td width="78%" class="vtable">
1037			<table border="0" cellpadding="2" cellspacing="0">
1038			<tr><td>
1039			<select name="cert_depth" class="formselect">
1040			<option value="">Do Not Check</option>
1041			<?php
1042			foreach ($openvpn_cert_depths as $depth => $depthdesc):
1043			$selected = '';
1044			if ($depth == $pconfig['cert_depth'])
1045			$selected = ' selected';
1046			?>
1047			<option value="<?= $depth ?>" <?= $selected ?>><?= $depthdesc ?></option>
1048			<?php endforeach; ?>
1049			</select>
1050			</td></tr>
1051			<tr><td>
1052			<span class="vexpl">
1053			<?=gettext("When a certificate-based client logs in, do not accept certificates below this depth. Useful for denying certificates made with intermediate CAs generated from the same CA as the server."); ?>
1054			</span>
1055			</td></tr>
1056			</table>
1057			</td>
1058			</tr>
1059	94823361	jim-p	<tr id="strictusercn">
1060			<td width="22%" valign="top" class="vncell"><?=gettext("Strict User/CN Matching"); ?></td>
1061			<td width="78%" class="vtable">
1062			<table border="0" cellpadding="2" cellspacing="0">
1063			<tr>
1064			<td>
1065			<?php set_checked($pconfig['strictusercn'],$chk); ?>
1066			<input name="strictusercn" type="checkbox" value="yes" <?=$chk;?>/>
1067			</td>
1068			<td>
1069			<span class="vexpl">
1070			<?=gettext("When authenticating users, enforce a match between the common name of the client certificate and the username given at login."); ?>
1071			</span>
1072			</td>
1073			</tr>
1074			</table>
1075			</td>
1076			</tr>
1077	d799787e	Matthew Grooms	<tr>
1078			<td colspan="2" class="list" height="12"></td>
1079			</tr>
1080			<tr>
1081	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
1082	d799787e	Matthew Grooms	</tr>
1083	74a556a3	jim-p	<tr>
1084			<td width="22%" valign="top" class="vncellreq" id="ipv4_tunnel_network"><?=gettext("IPv4 Tunnel Network"); ?></td>
1085	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1086			<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>">
1087			<br>
1088	b1ba04cf	Seth Mos	<?=gettext("This is the IPv4 virtual network used for private " .
1089	4d8b3382	Carlos Eduardo Ramos	"communications between this server and client " .
1090			"hosts expressed using CIDR (eg. 10.0.8.0/24). " .
1091			"The first network address will be assigned to " .
1092			"the server virtual interface. The remaining " .
1093			"network addresses can optionally be assigned " .
1094			"to connecting clients. (see Address Pool)"); ?>
1095	d799787e	Matthew Grooms	</td>
1096			</tr>
1097	74a556a3	jim-p	<tr>
1098			<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Tunnel Network"); ?></td>
1099	b1ba04cf	Seth Mos	<td width="78%" class="vtable">
1100			<input name="tunnel_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_networkv6']);?>">
1101			<br>
1102			<?=gettext("This is the IPv6 virtual network used for private " .
1103			"communications between this server and client " .
1104			"hosts expressed using CIDR (eg. fe80::/64). " .
1105			"The first network address will be assigned to " .
1106	4856df9b	jim-p	"the server virtual interface. The remaining " .
1107	b1ba04cf	Seth Mos	"network addresses can optionally be assigned " .
1108			"to connecting clients. (see Address Pool)"); ?>
1109			</td>
1110			</tr>
1111	1ab6bdb5	jim-p	<tr id="serverbridge_dhcp">
1112			<td width="22%" valign="top" class="vncell"><?=gettext("Bridge DHCP"); ?></td>
1113			<td width="78%" class="vtable">
1114			<table border="0" cellpadding="2" cellspacing="0">
1115			<tr>
1116			<td>
1117			<?php set_checked($pconfig['serverbridge_dhcp'],$chk); ?>
1118			<input name="serverbridge_dhcp" type="checkbox" value="yes" <?=$chk;?> onchange='tuntap_change()' />
1119			</td>
1120			<td>
1121			<span class="vexpl">
1122			<?=gettext("Allow clients on the bridge to obtain DHCP."); ?><br>
1123			</span>
1124			</td>
1125			</tr>
1126			</table>
1127			</td>
1128			</tr>
1129			<tr id="serverbridge_interface">
1130			<td width="22%" valign="top" class="vncell"><?=gettext("Bridge Interface"); ?></td>
1131			<td width="78%" class="vtable">
1132			<select name="serverbridge_interface" class="formselect">
1133			<?php
1134			$serverbridge_interface['none'] = "none";
1135			$serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr());
1136			$carplist = get_configured_carp_interface_list();
1137			foreach ($carplist as $cif => $carpip)
1138			$serverbridge_interface[$cif.'\|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
1139			$aliaslist = get_configured_ip_aliases_list();
1140			foreach ($aliaslist as $aliasip => $aliasif)
1141			$serverbridge_interface[$aliasif.'\|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
1142			foreach ($serverbridge_interface as $iface => $ifacename):
1143			$selected = "";
1144			if ($iface == $pconfig['serverbridge_interface'])
1145			$selected = "selected";
1146			?>
1147			<option value="<?=$iface;?>" <?=$selected;?>>
1148			<?=htmlspecialchars($ifacename);?>
1149			</option>
1150			<?php endforeach; ?>
1151			</select> <br>
1152	8e932fb5	Phil Davis	<?=gettext("The interface to which this tap instance will be " .
1153	1ab6bdb5	jim-p	"bridged. This is not done automatically. You must assign this " .
1154			"interface and create the bridge separately. " .
1155			"This setting controls which existing IP address and subnet " .
1156			"mask are used by OpenVPN for the bridge. Setting this to " .
1157			"'none' will cause the Server Bridge DHCP settings below to be ignored."); ?>
1158			</td>
1159			</tr>
1160			<tr id="serverbridge_dhcp_start">
1161			<td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP Start"); ?></td>
1162			<td width="78%" class="vtable">
1163			<input name="serverbridge_dhcp_start" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_start']);?>">
1164			<br>
1165	8e932fb5	Phil Davis	<?=gettext("When using tap mode as a multi-point server, " .
1166	1ab6bdb5	jim-p	"you may optionally supply a DHCP range to use on the " .
1167			"interface to which this tap instance is bridged. " .
1168			"If these settings are left blank, DHCP will be passed " .
1169			"through to the LAN, and the interface setting above " .
1170			"will be ignored."); ?>
1171			</td>
1172			</tr>
1173			<tr id="serverbridge_dhcp_end">
1174	850ae59e	Irving Popovetsky	<td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP End"); ?></td>
1175	1ab6bdb5	jim-p	<td width="78%" class="vtable">
1176			<input name="serverbridge_dhcp_end" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_end']);?>">
1177			<br>
1178			<?=gettext(""); ?>
1179			</td>
1180			</tr>
1181	a2ff08f8	jim-p	<tr id="gwredir_opts">
1182	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td>
1183	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1184			<table border="0" cellpadding="2" cellspacing="0">
1185			<tr>
1186			<td>
1187			<?php set_checked($pconfig['gwredir'],$chk); ?>
1188			<input name="gwredir" type="checkbox" value="yes" <?=$chk;?> onClick="gwredir_change()"/>
1189			</td>
1190			<td>
1191			<span class="vexpl">
1192	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Force all client generated traffic through the tunnel"); ?>.
1193	d799787e	Matthew Grooms	</span>
1194			</td>
1195			</tr>
1196			</table>
1197			</td>
1198			</tr>
1199	4856df9b	jim-p	<tr id="local_optsv4">
1200	b1ba04cf	Seth Mos	<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Local Network"); ?></td>
1201	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1202			<input name="local_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['local_network']);?>">
1203			<br>
1204	4d8b3382	Carlos Eduardo Ramos	<?=gettext("This is the network that will be accessible " .
1205			"from the remote endpoint. Expressed as a CIDR " .
1206			"range. You may leave this blank if you don't " .
1207			"want to add a route to the local network " .
1208			"through this tunnel on the remote machine. " .
1209			"This is generally set to your LAN network"); ?>.
1210	d799787e	Matthew Grooms	</td>
1211			</tr>
1212	4856df9b	jim-p	<tr id="local_optsv6">
1213	b1ba04cf	Seth Mos	<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Local Network"); ?></td>
1214			<td width="78%" class="vtable">
1215			<input name="local_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['local_networkv6']);?>">
1216			<br>
1217			<?=gettext("This is the IPv6 network that will be accessible " .
1218			"from the remote endpoint. Expressed as a CIDR " .
1219			"range. You may leave this blank if you don't " .
1220			"want to add a route to the local network " .
1221			"through this tunnel on the remote machine. " .
1222			"This is generally set to your LAN network"); ?>.
1223			</td>
1224			</tr>
1225	415bddea	jim-p	<tr id="remote_optsv4">
1226	4856df9b	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Remote Network"); ?></td>
1227	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
1228			<input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>">
1229			<br>
1230	4d8b3382	Carlos Eduardo Ramos	<?=gettext("This is a network that will be routed through " .
1231			"the tunnel, so that a site-to-site VPN can be " .
1232			"established without manually changing the " .
1233			"routing tables. Expressed as a CIDR range. If " .
1234	8e932fb5	Phil Davis	"this is a site-to-site VPN, enter the " .
1235	4d8b3382	Carlos Eduardo Ramos	"remote LAN here. You may leave this blank if " .
1236			"you don't want a site-to-site VPN"); ?>.
1237	3c11bd3c	Matthew Grooms	</td>
1238			</tr>
1239	415bddea	jim-p	<tr id="remote_optsv6">
1240	4856df9b	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Remote Network"); ?></td>
1241			<td width="78%" class="vtable">
1242			<input name="remote_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_networkv6']);?>">
1243			<br>
1244			<?=gettext("This is an IPv6 network that will be routed through " .
1245			"the tunnel, so that a site-to-site VPN can be " .
1246			"established without manually changing the " .
1247			"routing tables. Expressed as an IP/PREFIX. If " .
1248			"this is a site-to-site VPN, enter the " .
1249			"remote LAN here. You may leave this blank if " .
1250			"you don't want a site-to-site VPN"); ?>.
1251			</td>
1252			</tr>
1253	d799787e	Matthew Grooms	<tr>
1254			<td width="22%" valign="top" class="vncell"><?=gettext("Concurrent connections");?></td>
1255			<td width="78%" class="vtable">
1256			<input name="maxclients" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['maxclients']);?>"/>
1257			<br/>
1258	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Specify the maximum number of clients allowed to concurrently connect to this server"); ?>.
1259	d799787e	Matthew Grooms	</td>
1260			</tr>
1261			<tr>
1262	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
1263	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1264			<table border="0" cellpadding="2" cellspacing="0">
1265			<tr>
1266			<td>
1267			<?php set_checked($pconfig['compression'],$chk); ?>
1268			<input name="compression" type="checkbox" value="yes" <?=$chk;?>>
1269			</td>
1270			<td>
1271			<span class="vexpl">
1272	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Compress tunnel packets using the LZO algorithm"); ?>.
1273	d799787e	Matthew Grooms	</span>
1274			</td>
1275			</tr>
1276			</table>
1277			</td>
1278			</tr>
1279			<tr>
1280	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
1281	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1282			<table border="0" cellpadding="2" cellspacing="0">
1283			<tr>
1284			<td>
1285	1cb0b40a	Matthew Grooms	<?php set_checked($pconfig['passtos'],$chk); ?>
1286			<input name="passtos" type="checkbox" value="yes" <?=$chk;?>>
1287	d799787e	Matthew Grooms	</td>
1288			<td>
1289			<span class="vexpl">
1290	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
1291	d799787e	Matthew Grooms	</span>
1292			</td>
1293			</tr>
1294			</table>
1295			</td>
1296			</tr>
1297	107794cc	jim-p	<tr id="inter_client_communication">
1298	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Inter-client communication"); ?></td>
1299	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1300			<table border="0" cellpadding="2" cellspacing="0">
1301			<tr>
1302			<td>
1303			<?php set_checked($pconfig['client2client'],$chk); ?>
1304			<input name="client2client" type="checkbox" value="yes" <?=$chk;?>/>
1305			</td>
1306			<td>
1307			<span class="vexpl">
1308	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Allow communication between clients connected to this server"); ?>
1309	d799787e	Matthew Grooms	</span>
1310			</td>
1311			</tr>
1312			</table>
1313			</td>
1314			</tr>
1315	bca35cff	jim-p	<tr id="duplicate_cn">
1316			<td width="22%" valign="top" class="vncell"><?=gettext("Duplicate Connections"); ?></td>
1317			<td width="78%" class="vtable">
1318			<table border="0" cellpadding="2" cellspacing="0">
1319			<tr>
1320			<td>
1321			<?php set_checked($pconfig['duplicate_cn'],$chk); ?>
1322			<input name="duplicate_cn" type="checkbox" value="yes" <?=$chk;?>/>
1323			</td>
1324			<td>
1325			<span class="vexpl">
1326			<?=gettext("Allow multiple concurrent connections from clients using the same Common Name.<br/>NOTE: This is not generally recommended, but may be needed for some scenarios."); ?>
1327			</span>
1328			</td>
1329			</tr>
1330			</table>
1331			</td>
1332			</tr>
1333	3c11bd3c	Matthew Grooms	</table>
1334
1335			<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts">
1336	d799787e	Matthew Grooms	<tr>
1337			<td colspan="2" class="list" height="12"></td>
1338			</tr>
1339			<tr>
1340	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Client Settings"); ?></td>
1341	d799787e	Matthew Grooms	</tr>
1342	65ff8497	jim-p	<tr>
1343	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dynamic IP"); ?></td>
1344	65ff8497	jim-p	<td width="78%" class="vtable">
1345			<table border="0" cellpadding="2" cellspacing="0">
1346			<tr>
1347			<td>
1348			<?php set_checked($pconfig['dynamic_ip'],$chk); ?>
1349	b3cf36d7	Erik Fonnesbeck	<input name="dynamic_ip" type="checkbox" id="dynamic_ip" value="yes" <?=$chk;?>/>
1350	65ff8497	jim-p	</td>
1351			<td>
1352			<span class="vexpl">
1353	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Allow connected clients to retain their connections if their IP address changes"); ?>.<br>
1354	65ff8497	jim-p	</span>
1355			</td>
1356			</tr>
1357			</table>
1358			</td>
1359			</tr>
1360	d799787e	Matthew Grooms	<tr>
1361	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Address Pool"); ?></td>
1362	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1363			<table border="0" cellpadding="2" cellspacing="0">
1364			<tr>
1365			<td>
1366			<?php set_checked($pconfig['pool_enable'],$chk); ?>
1367	b3cf36d7	Erik Fonnesbeck	<input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?>/>
1368	d799787e	Matthew Grooms	</td>
1369			<td>
1370			<span class="vexpl">
1371	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Provide a virtual adapter IP address to clients (see Tunnel Network)"); ?><br>
1372	d799787e	Matthew Grooms	</span>
1373			</td>
1374			</tr>
1375			</table>
1376			</td>
1377			</tr>
1378			<tr>
1379	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("DNS Default Domain"); ?></td>
1380	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1381			<table border="0" cellpadding="2" cellspacing="0">
1382			<tr>
1383			<td>
1384			<?php set_checked($pconfig['dns_domain_enable'],$chk); ?>
1385			<input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onClick="dns_domain_change()">
1386			</td>
1387			<td>
1388			<span class="vexpl">
1389	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Provide a default domain name to clients"); ?><br>
1390	d799787e	Matthew Grooms	</span>
1391			</td>
1392			</tr>
1393			</table>
1394			<table border="0" cellpadding="2" cellspacing="0" id="dns_domain_data">
1395			<tr>
1396			<td>
1397			<input name="dns_domain" type="text" class="formfld unknown" id="dns_domain" size="30" value="<?=htmlspecialchars($pconfig['dns_domain']);?>">
1398			</td>
1399			</tr>
1400			</table>
1401			</td>
1402			</tr>
1403			<tr>
1404	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("DNS Servers"); ?></td>
1405	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1406			<table border="0" cellpadding="2" cellspacing="0">
1407			<tr>
1408			<td>
1409			<?php set_checked($pconfig['dns_server_enable'],$chk); ?>
1410			<input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onClick="dns_server_change()">
1411			</td>
1412			<td>
1413			<span class="vexpl">
1414	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Provide a DNS server list to clients"); ?><br>
1415	d799787e	Matthew Grooms	</span>
1416			</td>
1417			</tr>
1418			</table>
1419			<table border="0" cellpadding="2" cellspacing="0" id="dns_server_data">
1420			<tr>
1421			<td>
1422			<span class="vexpl">
1423	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #1:
1424	d799787e	Matthew Grooms	</span>
1425	dd5bf424	Scott Ullrich	<input name="dns_server1" type="text" class="formfld unknown" id="dns_server1" size="20" value="<?=htmlspecialchars($pconfig['dns_server1']);?>">
1426	d799787e	Matthew Grooms	</td>
1427			</tr>
1428			<tr>
1429			<td>
1430			<span class="vexpl">
1431	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #2:
1432	d799787e	Matthew Grooms	</span>
1433	dd5bf424	Scott Ullrich	<input name="dns_server2" type="text" class="formfld unknown" id="dns_server2" size="20" value="<?=htmlspecialchars($pconfig['dns_server2']);?>">
1434	d799787e	Matthew Grooms	</td>
1435			</tr>
1436			<tr>
1437			<td>
1438			<span class="vexpl">
1439	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #3:
1440	d799787e	Matthew Grooms	</span>
1441	dd5bf424	Scott Ullrich	<input name="dns_server3" type="text" class="formfld unknown" id="dns_server3" size="20" value="<?=htmlspecialchars($pconfig['dns_server3']);?>">
1442	d799787e	Matthew Grooms	</td>
1443			</tr>
1444			<tr>
1445			<td>
1446			<span class="vexpl">
1447	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #4:
1448	d799787e	Matthew Grooms	</span>
1449	dd5bf424	Scott Ullrich	<input name="dns_server4" type="text" class="formfld unknown" id="dns_server4" size="20" value="<?=htmlspecialchars($pconfig['dns_server4']);?>">
1450	d799787e	Matthew Grooms	</td>
1451			</tr>
1452			</table>
1453			</td>
1454			</tr>
1455			<tr>
1456	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NTP Servers"); ?></td>
1457	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1458			<table border="0" cellpadding="2" cellspacing="0">
1459			<tr>
1460			<td>
1461			<?php set_checked($pconfig['ntp_server_enable'],$chk); ?>
1462			<input name="ntp_server_enable" type="checkbox" id="ntp_server_enable" value="yes" <?=$chk;?> onClick="ntp_server_change()">
1463			</td>
1464			<td>
1465			<span class="vexpl">
1466	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Provide a NTP server list to clients"); ?><br>
1467	d799787e	Matthew Grooms	</span>
1468			</td>
1469			</tr>
1470			</table>
1471			<table border="0" cellpadding="2" cellspacing="0" id="ntp_server_data">
1472			<tr>
1473			<td>
1474			<span class="vexpl">
1475	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #1:
1476	d799787e	Matthew Grooms	</span>
1477	dd5bf424	Scott Ullrich	<input name="ntp_server1" type="text" class="formfld unknown" id="ntp_server1" size="20" value="<?=htmlspecialchars($pconfig['ntp_server1']);?>">
1478	d799787e	Matthew Grooms	</td>
1479			</tr>
1480			<tr>
1481			<td>
1482			<span class="vexpl">
1483	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #2:
1484	d799787e	Matthew Grooms	</span>
1485	dd5bf424	Scott Ullrich	<input name="ntp_server2" type="text" class="formfld unknown" id="ntp_server2" size="20" value="<?=htmlspecialchars($pconfig['ntp_server2']);?>">
1486	d799787e	Matthew Grooms	</td>
1487			</tr>
1488			</table>
1489			</td>
1490			</tr>
1491			<tr>
1492	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NetBIOS Options"); ?></td>
1493	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1494			<table border="0" cellpadding="2" cellspacing="0">
1495			<tr>
1496			<td>
1497			<?php set_checked($pconfig['netbios_enable'],$chk); ?>
1498			<input name="netbios_enable" type="checkbox" id="netbios_enable" value="yes" <?=$chk;?> onClick="netbios_change()">
1499			</td>
1500			<td>
1501			<span class="vexpl">
1502	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Enable NetBIOS over TCP/IP"); ?><br>
1503	d799787e	Matthew Grooms	</span>
1504			</td>
1505			</tr>
1506			</table>
1507	4d8b3382	Carlos Eduardo Ramos	<?=gettext("If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled"); ?>.
1508	d799787e	Matthew Grooms	<br/>
1509			<table border="0" cellpadding="2" cellspacing="0" id="netbios_data">
1510			<tr>
1511			<td>
1512			<br/>
1513			<span class="vexpl">
1514	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Node Type"); ?>:
1515	d799787e	Matthew Grooms	</span>
1516			<select name='netbios_ntype' class="formselect">
1517			<?php
1518			foreach ($netbios_nodetypes as $type => $name):
1519			$selected = "";
1520			if ($pconfig['netbios_ntype'] == $type)
1521			$selected = "selected";
1522			?>
1523			<option value="<?=$type;?>" <?=$selected;?>><?=$name;?></option>
1524			<?php endforeach; ?>
1525			</select>
1526			<br/>
1527	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Possible options: b-node (broadcasts), p-node " .
1528			"(point-to-point name queries to a WINS server), " .
1529			"m-node (broadcast then query name server), and " .
1530			"h-node (query name server, then broadcast)"); ?>.
1531	d799787e	Matthew Grooms	</td>
1532			</tr>
1533			<tr>
1534			<td>
1535			<br/>
1536			<span class="vexpl">
1537	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Scope ID"); ?>:
1538	d799787e	Matthew Grooms	</span>
1539			<input name="netbios_scope" type="text" class="formfld unknown" id="netbios_scope" size="30" value="<?=htmlspecialchars($pconfig['netbios_scope']);?>">
1540			<br/>
1541	4d8b3382	Carlos Eduardo Ramos	<?=gettext("A NetBIOS Scope ID provides an extended naming " .
1542			"service for NetBIOS over TCP/IP. The NetBIOS " .
1543			"scope ID isolates NetBIOS traffic on a single " .
1544			"network to only those nodes with the same " .
1545			"NetBIOS scope ID"); ?>.
1546	d799787e	Matthew Grooms	</td>
1547			</tr>
1548			</table>
1549			</td>
1550			</tr>
1551			<tr id="wins_opts">
1552	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("WINS Servers"); ?></td>
1553	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1554			<table border="0" cellpadding="2" cellspacing="0">
1555			<tr>
1556			<td>
1557			<?php set_checked($pconfig['wins_server_enable'],$chk); ?>
1558			<input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onClick="wins_server_change()">
1559			</td>
1560			<td>
1561			<span class="vexpl">
1562	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Provide a WINS server list to clients"); ?><br>
1563	d799787e	Matthew Grooms	</span>
1564			</td>
1565			</tr>
1566			</table>
1567			<table border="0" cellpadding="2" cellspacing="0" id="wins_server_data">
1568			<tr>
1569			<td>
1570			<span class="vexpl">
1571	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #1:
1572	d799787e	Matthew Grooms	</span>
1573	dd5bf424	Scott Ullrich	<input name="wins_server1" type="text" class="formfld unknown" id="wins_server1" size="20" value="<?=htmlspecialchars($pconfig['wins_server1']);?>">
1574	d799787e	Matthew Grooms	</td>
1575			</tr>
1576			<tr>
1577			<td>
1578			<span class="vexpl">
1579	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #2:
1580	d799787e	Matthew Grooms	</span>
1581	dd5bf424	Scott Ullrich	<input name="wins_server2" type="text" class="formfld unknown" id="wins_server2" size="20" value="<?=htmlspecialchars($pconfig['wins_server2']);?>">
1582	d799787e	Matthew Grooms	</td>
1583			</tr>
1584			</table>
1585			</td>
1586			</tr>
1587	3c11bd3c	Matthew Grooms	</table>
1588
1589	2f4f30ee	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts">
1590			<tr>
1591			<td colspan="2" class="list" height="12"></td>
1592			</tr>
1593			<tr>
1594	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
1595	2f4f30ee	Scott Ullrich	</tr>
1596			<tr>
1597	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
1598	2f4f30ee	Scott Ullrich	<td width="78%" class="vtable">
1599			<table border="0" cellpadding="2" cellspacing="0">
1600			<tr>
1601			<td>
1602	dd5bf424	Scott Ullrich	<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br/>
1603	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Enter any additional options you would like to add to the OpenVPN server configuration here, separated by a semicolon"); ?><br/>
1604			<?=gettext("EXAMPLE: push \"route 10.0.0.0 255.255.255.0\""); ?>;
1605	2f4f30ee	Scott Ullrich	</td>
1606			</tr>
1607			</table>
1608			</td>
1609			</tr>
1610			</table>
1611
1612	f68fc963	Scott Ullrich	<br/>
1613	4856df9b	jim-p	<table width="100%" border="0" cellpadding="6" cellspacing="0">
1614	d799787e	Matthew Grooms	<tr>
1615			<td width="22%" valign="top"> </td>
1616			<td width="78%">
1617	4d8b3382	Carlos Eduardo Ramos	<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
1618	d799787e	Matthew Grooms	<input name="act" type="hidden" value="<?=$act;?>">
1619			<?php if (isset($id) && $a_server[$id]): ?>
1620			<input name="id" type="hidden" value="<?=$id;?>">
1621			<?php endif; ?>
1622			</td>
1623			</tr>
1624			</table>
1625			</form>
1626
1627			<?php else: ?>
1628
1629	7128ed17	Scott Ullrich	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
1630	80fa045a	jim-p	<thead>
1631	d799787e	Matthew Grooms	<tr>
1632	4d8b3382	Carlos Eduardo Ramos	<td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td>
1633			<td width="10%" class="listhdrr"><?=gettext("Protocol / Port"); ?></td>
1634			<td width="30%" class="listhdrr"><?=gettext("Tunnel Network"); ?></td>
1635			<td width="40%" class="listhdrr"><?=gettext("Description"); ?></td>
1636	d799787e	Matthew Grooms	<td width="10%" class="list"></td>
1637			</tr>
1638	80fa045a	jim-p	</thead>
1639			<tbody>
1640	d799787e	Matthew Grooms	<?php
1641			$i = 0;
1642			foreach($a_server as $server):
1643			$disabled = "NO";
1644	870318b9	Ermal Lu?i	if (isset($server['disable']))
1645	d799787e	Matthew Grooms	$disabled = "YES";
1646			?>
1647			<tr>
1648	d3d9b0ee	Scott Ullrich	<td class="listlr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1649	d799787e	Matthew Grooms	<?=$disabled;?>
1650			</td>
1651	d3d9b0ee	Scott Ullrich	<td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1652	43cea754	Chris Buechler	<?=htmlspecialchars($server['protocol']);?> / <?=htmlspecialchars($server['local_port']);?>
1653	d799787e	Matthew Grooms	</td>
1654	d3d9b0ee	Scott Ullrich	<td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1655	b1ba04cf	Seth Mos	<?=htmlspecialchars($server['tunnel_network']);?><br/>
1656			<?=htmlspecialchars($server['tunnel_networkv6']);?><br/>
1657	d799787e	Matthew Grooms	</td>
1658	d3d9b0ee	Scott Ullrich	<td class="listbg" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1659	d799787e	Matthew Grooms	<?=htmlspecialchars($server['description']);?>
1660			</td>
1661			<td valign="middle" nowrap class="list">
1662			<a href="vpn_openvpn_server.php?act=edit&id=<?=$i;?>">
1663	4d8b3382	Carlos Eduardo Ramos	<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit server"); ?>" width="17" height="17" border="0">
1664	d799787e	Matthew Grooms	</a>
1665
1666	4d8b3382	Carlos Eduardo Ramos	<a href="vpn_openvpn_server.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this server?"); ?>')">
1667			<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete server"); ?>" width="17" height="17" border="0">
1668	d799787e	Matthew Grooms	</a>
1669			</td>
1670			</tr>
1671			<?php
1672			$i++;
1673			endforeach;
1674			?>
1675	80fa045a	jim-p	</tbody>
1676			<tfoot>
1677	d799787e	Matthew Grooms	<tr>
1678			<td class="list" colspan="4"></td>
1679			<td class="list">
1680	4d8b3382	Carlos Eduardo Ramos	<a href="vpn_openvpn_server.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add server"); ?>" width="17" height="17" border="0">
1681	d799787e	Matthew Grooms	</a>
1682			</td>
1683			</tr>
1684	80fa045a	jim-p	</tfoot>
1685	d799787e	Matthew Grooms	</table>
1686
1687	7128ed17	Scott Ullrich	<?=gettext("Additional OpenVPN servers can be added here.");?>
1688
1689	ee9933b6	Renato Botelho	<?php endif; ?>
1690	d799787e	Matthew Grooms
1691			</td>
1692			</tr>
1693			</table>
1694			<script language="JavaScript">
1695			<!--
1696	3c11bd3c	Matthew Grooms	mode_change();
1697			autokey_change();
1698			tlsauth_change();
1699	d799787e	Matthew Grooms	gwredir_change();
1700			dns_domain_change();
1701			dns_server_change();
1702			wins_server_change();
1703			ntp_server_change();
1704			netbios_change();
1705	1ab6bdb5	jim-p	tuntap_change();
1706	d799787e	Matthew Grooms	//-->
1707			</script>
1708			</body>
1709			<?php include("fend.inc"); ?>
1710
1711			<?php
1712
1713			/* local utility functions */
1714
1715			function set_checked($var,& $chk) {
1716			if($var)
1717			$chk = 'checked';
1718			else
1719			$chk = '';
1720			}
1721
1722	8e932fb5	Phil Davis	?>

Project

General

Profile

pfSense