Project

General

Profile

Download (31.9 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php 
2
/*
3
	vpn_openvpn_client.php
4

    
5
	Copyright (C) 2008 Shrew Soft Inc.
6
	All rights reserved. 
7

    
8
	Redistribution and use in source and binary forms, with or without
9
	modification, are permitted provided that the following conditions are met:
10
	
11
	1. Redistributions of source code must retain the above copyright notice,
12
	   this list of conditions and the following disclaimer.
13
	
14
	2. Redistributions in binary form must reproduce the above copyright
15
	   notice, this list of conditions and the following disclaimer in the
16
	   documentation and/or other materials provided with the distribution.
17
	
18
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
	POSSIBILITY OF SUCH DAMAGE.
28
*/
29

    
30
##|+PRIV
31
##|*IDENT=page-openvpn-client
32
##|*NAME=OpenVPN: Client page
33
##|*DESCR=Allow access to the 'OpenVPN: Client' page.
34
##|*MATCH=vpn_openvpn_client.php*
35
##|-PRIV
36

    
37
require("guiconfig.inc");
38
require_once("openvpn.inc");
39

    
40
$pgtitle = array("OpenVPN", "Client");
41

    
42
if (!is_array($config['openvpn']['openvpn-client']))
43
	$config['openvpn']['openvpn-client'] = array();
44

    
45
$a_client = &$config['openvpn']['openvpn-client'];
46

    
47
$id = $_GET['id'];
48
if (isset($_POST['id']))
49
	$id = $_POST['id'];
50

    
51
$act = $_GET['act'];
52
if (isset($_POST['act']))
53
	$act = $_POST['act'];
54

    
55
if ($_GET['act'] == "del") {
56

    
57
	if (!$a_client[$id]) {
58
		pfSenseHeader("vpn_openvpn_client.php");
59
		exit;
60
	}
61

    
62
	openvpn_delete('client', $a_client[$id]);
63
	unset($a_client[$id]);
64
	write_config();
65
	$savemsg = gettext("Client successfully deleted")."<br/>";
66
}
67

    
68
if($_GET['act']=="new"){
69
	$pconfig['autokey_enable'] = "yes";
70
	$pconfig['tlsauth_enable'] = "yes";
71
	$pconfig['autotls_enable'] = "yes";
72
	$pconfig['interface'] = "wan";
73
	$pconfig['server_port'] = 1194;
74
}
75

    
76
if($_GET['act']=="edit"){
77

    
78
	if (isset($id) && $a_client[$id]) {
79

    
80
		$pconfig['disable'] = $a_client[$id]['disable'];
81
		$pconfig['mode'] = $a_client[$id]['mode'];
82
		$pconfig['protocol'] = $a_client[$id]['protocol'];
83
		$pconfig['interface'] = $a_client[$id]['interface'];
84
		if (!empty($a_client[$id]['ipaddr'])) {
85
			$pconfig['interface'] = $pconfig['interface'] . '|' . $a_client[$id]['ipaddr'];
86
		}
87
		$pconfig['local_port'] = $a_client[$id]['local_port'];
88
		$pconfig['server_addr'] = $a_client[$id]['server_addr'];
89
		$pconfig['server_port'] = $a_client[$id]['server_port'];
90
		$pconfig['resolve_retry'] = $a_client[$id]['resolve_retry'];
91
		$pconfig['proxy_addr'] = $a_client[$id]['proxy_addr'];
92
		$pconfig['proxy_port'] = $a_client[$id]['proxy_port'];
93
		$pconfig['proxy_user'] = $a_client[$id]['proxy_user'];
94
		$pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd'];
95
		$pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype'];
96
		$pconfig['description'] = $a_client[$id]['description'];
97
		$pconfig['custom_options'] = $a_client[$id]['custom_options'];
98
		$pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type'];
99
		$pconfig['dev_mode'] = $a_client[$id]['dev_mode'];
100
	
101
		if ($pconfig['mode'] != "p2p_shared_key") {
102
			$pconfig['caref'] = $a_client[$id]['caref'];
103
			$pconfig['certref'] = $a_client[$id]['certref'];
104
			if ($a_client[$id]['tls']) {
105
				$pconfig['tlsauth_enable'] = "yes";
106
				$pconfig['tls'] = base64_decode($a_client[$id]['tls']);
107
			}
108
		} else
109
			$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
110
		$pconfig['crypto'] = $a_client[$id]['crypto'];
111

    
112
		$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
113
		$pconfig['remote_network'] = $a_client[$id]['remote_network'];
114
		$pconfig['compression'] = $a_client[$id]['compression'];
115
		$pconfig['passtos'] = $a_client[$id]['passtos'];
116

    
117
		// just in case the modes switch
118
		$pconfig['autokey_enable'] = "yes";
119
		$pconfig['autotls_enable'] = "yes";
120
	}
121
}
122

    
123
if ($_POST) {
124

    
125
	unset($input_errors);
126
	$pconfig = $_POST;
127

    
128
	if (isset($id) && $a_client[$id])
129
		$vpnid = $a_client[$id]['vpnid'];
130
	else
131
		$vpnid = 0;
132

    
133
	if ($pconfig['mode'] != "p2p_shared_key")
134
		$tls_mode = true;
135
	else
136
		$tls_mode = false;
137

    
138
	/* input validation */
139
	if ($pconfig['local_port']) {
140

    
141
		if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
142
			$input_errors[] = $result;
143

    
144
		$portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']);
145
		if (($portused != $vpnid) && ($portused != 0))
146
			$input_errors[] = "The specified 'Local port' is in use. Please select another value";
147
	}
148

    
149
	if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address'))
150
		$input_errors[] = $result;
151

    
152
	if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port'))
153
		$input_errors[] = $result;
154

    
155
	if ($pconfig['proxy_addr']) {
156

    
157
		if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address'))
158
			$input_errors[] = $result;
159

    
160
		if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port'))
161
			$input_errors[] = $result;
162

    
163
		if ($pconfig['proxy_authtype'] != "none") {
164
			if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd']))
165
				$input_errors[] = "User name and password are required for proxy with authentication.";
166
		}
167
	}
168

    
169
	if($pconfig['tunnel_network'])
170
		if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network'))
171
			$input_errors[] = $result;
172

    
173
	if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network'))
174
		$input_errors[] = $result;
175

    
176
    if ($pconfig['autokey_enable'])
177
        $pconfig['shared_key'] = openvpn_create_key();
178

    
179
	if (!$tls_mode && !$pconfig['autokey_enable'])
180
		if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
181
			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
182
			$input_errors[] = "The field 'Shared Key' does not appear to be valid";
183

    
184
	if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
185
		if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
186
			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
187
			$input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid";
188

    
189
	if (!$tls_mode && !$pconfig['autokey_enable']) {
190
		$reqdfields = array('shared_key');
191
		$reqdfieldsn = array('Shared key');
192
    } else {
193
		$reqdfields = explode(" ", "caref certref");
194
		$reqdfieldsn = explode(",", "Certificate Authority,Certificate");;
195
	}
196

    
197
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
198
	
199
	if (!$input_errors) {
200

    
201
		$client = array();
202

    
203
		if ($vpnid)
204
			$client['vpnid'] = $vpnid;
205
		else
206
			$client['vpnid'] = openvpn_vpnid_next();
207

    
208
		$client['disable'] = $pconfig['disable'];
209
		$client['protocol'] = $pconfig['protocol'];
210
		$client['dev_mode'] = $pconfig['dev_mode'];
211
		list($client['interface'], $client['ipaddr']) = explode ("|",$pconfig['interface']);
212
		$client['local_port'] = $pconfig['local_port'];
213
		$client['server_addr'] = $pconfig['server_addr'];
214
		$client['server_port'] = $pconfig['server_port'];
215
		$client['resolve_retry'] = $pconfig['resolve_retry'];
216
		$client['proxy_addr'] = $pconfig['proxy_addr'];
217
		$client['proxy_port'] = $pconfig['proxy_port'];
218
		$client['proxy_authtype'] = $pconfig['proxy_authtype'];
219
		$client['proxy_user'] = $pconfig['proxy_user'];
220
		$client['proxy_passwd'] = $pconfig['proxy_passwd'];
221
		$client['description'] = $pconfig['description'];
222
		$client['mode'] = $pconfig['mode'];
223
		$client['custom_options'] = $pconfig['custom_options'];
224

    
225
        if ($tls_mode) {
226
            $client['caref'] = $pconfig['caref'];
227
            $client['certref'] = $pconfig['certref'];
228
            if ($pconfig['tlsauth_enable']) {
229
                if ($pconfig['autotls_enable'])
230
                    $pconfig['tls'] = openvpn_create_key();
231
                $client['tls'] = base64_encode($pconfig['tls']);
232
            }
233
        } else {
234
            $client['shared_key'] = base64_encode($pconfig['shared_key']);
235
        }
236
		$client['crypto'] = $pconfig['crypto'];
237

    
238
		$client['tunnel_network'] = $pconfig['tunnel_network'];
239
		$client['remote_network'] = $pconfig['remote_network'];
240
		$client['compression'] = $pconfig['compression'];
241
		$client['passtos'] = $pconfig['passtos'];
242

    
243
		if (isset($id) && $a_client[$id])
244
			$a_client[$id] = $client;
245
		else
246
			$a_client[] = $client;
247

    
248
		openvpn_resync('client', $client);
249
		write_config();
250
		
251
		header("Location: vpn_openvpn_client.php");
252
		exit;
253
	}
254
}
255

    
256
include("head.inc");
257

    
258
?>
259

    
260
<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
261
<?php include("fbegin.inc"); ?>
262
<script language="JavaScript">
263
<!--
264

    
265
function mode_change() {
266
	index = document.iform.mode.selectedIndex;
267
	value = document.iform.mode.options[index].value;
268
	switch(value) {
269
		case "p2p_tls":
270
			document.getElementById("tls").style.display="";
271
			document.getElementById("tls_ca").style.display="";
272
			document.getElementById("tls_cert").style.display="";
273
			document.getElementById("psk").style.display="none";
274
			break;
275
		case "p2p_shared_key":
276
			document.getElementById("tls").style.display="none";
277
			document.getElementById("tls_ca").style.display="none";
278
			document.getElementById("tls_cert").style.display="none";
279
			document.getElementById("psk").style.display="";
280
			break;
281
	}
282
}
283

    
284
function autokey_change() {
285
	if (document.iform.autokey_enable.checked)
286
		document.getElementById("autokey_opts").style.display="none";
287
	else
288
		document.getElementById("autokey_opts").style.display="";
289
}
290

    
291
function useproxy_changed() {
292

    
293
	if ($('proxy_authtype').value != 'none') {
294
                $('proxy_authtype_opts').show();
295
        } else {
296
                $('proxy_authtype_opts').hide();
297
        }
298
}
299

    
300
function tlsauth_change() {
301

    
302
<?php if (!$pconfig['tls']): ?>
303
	if (document.iform.tlsauth_enable.checked)
304
		document.getElementById("tlsauth_opts").style.display="";
305
	else
306
		document.getElementById("tlsauth_opts").style.display="none";
307
<?php endif; ?>
308

    
309
	autotls_change();
310
}
311

    
312
function autotls_change() {
313

    
314
<?php if (!$pconfig['tls']): ?>
315
	autocheck = document.iform.autotls_enable.checked;
316
<?php else: ?>
317
	autocheck = false;
318
<?php endif; ?>
319

    
320
	if (document.iform.tlsauth_enable.checked && !autocheck)
321
		document.getElementById("autotls_opts").style.display="";
322
	else
323
		document.getElementById("autotls_opts").style.display="none";
324
}
325

    
326
//-->
327
</script>
328
<?php
329
	if ($input_errors)
330
		print_input_errors($input_errors);
331
	if ($savemsg)
332
		print_info_box($savemsg);
333
?>
334
<table width="100%" border="0" cellpadding="0" cellspacing="0">
335
 	<tr>
336
		<td class="tabnavtbl">
337
			<ul id="tabnav">
338
			<?php 
339
				$tab_array = array();
340
				$tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php");
341
				$tab_array[] = array(gettext("Client"), true, "vpn_openvpn_client.php");
342
				$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
343
				$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
344
				add_package_tabs("OpenVPN", $tab_array);
345
				display_top_tabs($tab_array);
346
			?>
347
			</ul>
348
		</td>
349
	</tr>    
350
	<tr>
351
		<td class="tabcont">
352

    
353
			<?php if($act=="new" || $act=="edit"): ?>
354

    
355
			<form action="vpn_openvpn_client.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
356
				<table width="100%" border="0" cellpadding="6" cellspacing="0">
357
					<tr>
358
						<td colspan="2" valign="top" class="listtopic">General information</td>
359
					</tr>
360
					<tr>
361
						<td width="22%" valign="top" class="vncellreq">Disabled</td>
362
						<td width="78%" class="vtable">
363
							<table border="0" cellpadding="0" cellspacing="0">
364
								<tr>
365
									<td>
366
										<?php set_checked($pconfig['disable'],$chk); ?>
367
										<input name="disable" type="checkbox" value="yes" <?=$chk;?>/>
368
									</td>
369
									<td>
370
										&nbsp;
371
										<span class="vexpl">
372
											<strong>Disable this client</strong><br>
373
										</span>
374
									</td>
375
								</tr>
376
							</table>
377
							Set this option to disable this client without removing it from the list.
378
						</td>
379
					</tr>
380
					<tr>
381
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
382
						<td width="78%" class="vtable">
383
							<select name='mode' id='mode' class="formselect" onchange='mode_change()'>
384
							<?php
385
								foreach ($openvpn_client_modes as $name => $desc):
386
									$selected = "";
387
									if ($pconfig['mode'] == $name)
388
										$selected = "selected";
389
							?>
390
								<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
391
							<?php endforeach; ?>
392
							</select>
393
						</td>
394
					</tr>
395
					<tr>
396
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
397
							<td width="78%" class="vtable">
398
							<select name='protocol' class="formselect">
399
							<?php
400
								foreach ($openvpn_prots as $prot):
401
									$selected = "";
402
									if ($pconfig['protocol'] == $prot)
403
										$selected = "selected";
404
							?>
405
								<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
406
							<?php endforeach; ?>
407
							</select>
408
							</td>
409
					</tr>
410
                                        <tr>
411
                                                <td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td>
412
                                                        <td width="78%" class="vtable">
413
                                                        <select name='dev_mode' class="formselect">
414
                                                        <?php
415
                                                                foreach ($openvpn_dev_mode as $mode):
416
                                                                        $selected = "";
417
                                                                        if ($pconfig['dev_mode'] == $mode)
418
                                                                                $selected = "selected";
419
                                                        ?>
420
                                                                <option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option>
421
                                                        <?php endforeach; ?>
422
                                                        </select>
423
                                                        </td>
424
                                        </tr>
425
					<tr>
426
						<td width="22%" valign="top" class="vncellreq">Interface</td>
427
						<td width="78%" class="vtable">
428
							<select name="interface" class="formselect">
429
								<?php
430
									$interfaces = get_configured_interface_with_descr();
431
									$carplist = get_configured_carp_interface_list();
432
									foreach ($carplist as $cif => $carpip)
433
										$interfaces[$cif.'|'.$carpip] = strtoupper($cif) . " ({$carpip})";
434
									$aliaslist = get_configured_ip_aliases_list();
435
									foreach ($aliaslist as $aliasip => $aliasif)
436
										$interfaces[$aliasif.'|'.$aliasip] = strtoupper($aliasif) . " ({$aliasip})";
437
									$interfaces['any'] = "any";
438
									foreach ($interfaces as $iface => $ifacename):
439
										$selected = "";
440
										if ($iface == $pconfig['interface'])
441
											$selected = "selected";
442
								?>
443
									<option value="<?=$iface;?>" <?=$selected;?>>
444
										<?=htmlspecialchars($ifacename);?>
445
									</option>
446
								<?php endforeach; ?>
447
							</select> <br>
448
						</td>
449
					</tr>
450
					<tr>
451
						<td width="22%" valign="top" class="vncell"><?=gettext("Local port");?></td>
452
						<td width="78%" class="vtable">
453
							<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>"/>
454
							<br/>
455
							Set this option if you would like to bind to a specific port.
456
						</td>
457
					</tr>
458
					<tr>
459
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server host or address");?></td>
460
						<td width="78%" class="vtable">
461
							<input name="server_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['server_addr']);?>"/>
462
						</td>
463
					</tr>
464
					<tr>
465
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server port");?></td>
466
						<td width="78%" class="vtable">
467
							<input name="server_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['server_port']);?>"/>
468
						</td>
469
					</tr>
470
					<tr>
471
						<td width="22%" valign="top" class="vncell"><?=gettext("Proxy host or address");?></td>
472
						<td width="78%" class="vtable">
473
							<input name="proxy_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['proxy_addr']);?>"/>
474
						</td>
475
					</tr>
476
					<tr>
477
						<td width="22%" valign="top" class="vncell"><?=gettext("Proxy port");?></td>
478
						<td width="78%" class="vtable">
479
							<input name="proxy_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['proxy_port']);?>"/>
480
						</td>
481
					</tr>
482
					<tr>
483
						<td width="22%" valign="top" class="vncell"><?=gettext("Proxy authentication extra options");?></td>
484
						<td width="78%" class="vtable">
485
							<table border="0" cellpadding="2" cellspacing="0">
486
								<tr>
487
                                                                        <td align="right" width="25%">
488
                                                                                <span class="vexpl">
489
                                                                                         &nbsp;Authentication method :&nbsp;
490
                                                                                </span>
491
                                                                        </td>
492
                                                                        <td>
493
										<select name="proxy_authtype" id="proxy_authtype" class="formfld select" onChange="useproxy_changed()">
494
											<option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected"; ?>>none</option>
495
											<option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected"; ?>>basic</option>
496
											<option value="ntlm" <?php if ($pconfig['proxy_authtype'] == "ntlm") echo "selected"; ?>>ntlm</option>
497
										</select>
498
									</td>
499
								</tr>
500
							</table>
501
							<br />
502
							 <table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none">
503
                                                                <tr>
504
                                                                        <td align="right" width="25%">
505
                                                                                <span class="vexpl">
506
                                                                                         &nbsp;Username :&nbsp;
507
                                                                                </span>
508
                                                                        </td>
509
                                                                        <td>
510
                                                                                <input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" />
511
                                                                        </td>
512
                                                                </tr>
513
                                                                <tr>
514
                                                                        <td align="right" width="25%">
515
                                                                                <span class="vexpl">
516
                                                                                         &nbsp;Password :&nbsp;
517
                                                                                </span>
518
                                                                        </td>
519
                                                                        <td>
520
                                                                                <input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" />
521
                                                                        </td>
522
                                                                </tr>
523
                                                        </table>
524
						</td>
525
					</tr>
526
					<tr>
527
						<td width="22%" valign="top" class="vncell">Server host name resolution</td>
528
						<td width="78%" class="vtable">
529
							<table border="0" cellpadding="2" cellspacing="0">
530
								<tr>
531
									<td>
532
										<?php set_checked($pconfig['resolve_retry'],$chk); ?>
533
										<input name="resolve_retry" type="checkbox" value="yes" <?=$chk;?>>
534
									</td>
535
									<td>
536
										<span class="vexpl">
537
											Infinitely resolve server
538
										</span>
539
									</td>
540
								</tr>
541
							</table>
542
							Continuously attempt to resolve the server host
543
							name. Useful when communicating with a server
544
							that is not permanently connected to the Internet.
545
						</td>
546
					</tr>
547
					<tr> 
548
						<td width="22%" valign="top" class="vncell">Description</td>
549
						<td width="78%" class="vtable"> 
550
							<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>">
551
							<br>
552
							You may enter a description here for your reference (not parsed).
553
						</td>
554
					</tr>
555
					<tr>
556
						<td colspan="2" class="list" height="12"></td>
557
					</tr>
558
					<tr>
559
						<td colspan="2" valign="top" class="listtopic">Cryptographic Settings</td>
560
					</tr>
561
					<tr id="tls">
562
						<td width="22%" valign="top" class="vncellreq">TLS Authentication</td>
563
						<td width="78%" class="vtable">
564
							<table border="0" cellpadding="2" cellspacing="0">
565
								<tr>
566
									<td>
567
										<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
568
										<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onClick="tlsauth_change()">
569
									</td>
570
									<td>
571
										<span class="vexpl">
572
											Enable authentication of TLS packets.
573
										</span>
574
									</td>
575
								</tr>
576
							</table>
577
							<?php if (!$pconfig['tls']): ?>
578
							<table border="0" cellpadding="2" cellspacing="0" id='tlsauth_opts'>
579
								<tr>
580
									<td>
581
										<?php set_checked($pconfig['autotls_enable'],$chk); ?>
582
										<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autotls_change()">
583
									</td>
584
									<td>
585
										<span class="vexpl">
586
											Automatically generate a shared TLS authentication key.
587
										</span>
588
									</td>
589
								</tr>
590
							</table>
591
							<?php endif; ?>
592
							<table border="0" cellpadding="2" cellspacing="0" id='autotls_opts'>
593
								<tr>
594
									<td>
595
										<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
596
										<br/>
597
										Paste your shared key here.
598
									</td>
599
								</tr>
600
							</table>
601
						</td>
602
					</tr>
603
					<tr id="tls_ca">
604
						<td width="22%" valign="top" class="vncellreq">Peer Certificate Authority</td>
605
							<td width="78%" class="vtable">
606
							<select name='caref' class="formselect">
607
							<?php
608
								foreach ($config['system']['ca'] as $ca):
609
									$selected = "";
610
									if ($pconfig['caref'] == $ca['refid'])
611
										$selected = "selected";
612
							?>
613
								<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['name'];?></option>
614
							<?php endforeach; ?>
615
							</select>
616
							</td>
617
					</tr>
618
					<tr id="tls_cert">
619
						<td width="22%" valign="top" class="vncellreq">Client Certificate</td>
620
							<td width="78%" class="vtable">
621
							<select name='certref' class="formselect">
622
							<?php
623
								foreach ($config['system']['cert'] as $cert):
624
									$selected = "";
625
									if ($pconfig['certref'] == $cert['refid'])
626
										$selected = "selected";
627
							?>
628
								<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['name'];?></option>
629
							<?php endforeach; ?>
630
							</select>
631
						</td>
632
					</tr>
633
					<tr id="psk">
634
						<td width="22%" valign="top" class="vncellreq">Shared Key</td>
635
						<td width="78%" class="vtable">
636
							<?php if (!$pconfig['shared_key']): ?>
637
							<table border="0" cellpadding="2" cellspacing="0">
638
								<tr>
639
									<td>
640
										<?php set_checked($pconfig['autokey_enable'],$chk); ?>
641
										<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autokey_change()">
642
									</td>
643
									<td>
644
										<span class="vexpl">
645
											Automatically generate a shared key.
646
										</span>
647
									</td>
648
								</tr>
649
							</table>
650
							<?php endif; ?>
651
							<table border="0" cellpadding="2" cellspacing="0" id='autokey_opts'>
652
								<tr>
653
									<td>
654
										<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
655
										<br/>
656
										Paste your shared key here.
657
									</td>
658
								</tr>
659
							</table>
660
						</td>
661
					</tr>
662
					<tr>
663
						<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
664
						<td width="78%" class="vtable">
665
							<select name="crypto" class="formselect">
666
								<?php
667
									$cipherlist = openvpn_get_cipherlist();
668
									foreach ($cipherlist as $name => $desc):
669
									$selected = '';
670
									if ($name == $pconfig['crypto'])
671
										$selected = ' selected';
672
								?>
673
								<option value="<?=$name;?>"<?=$selected?>>
674
									<?=htmlspecialchars($desc);?>
675
								</option>
676
								<?php endforeach; ?>
677
							</select>
678
						</td>
679
					</tr>
680
					<tr>
681
						<td colspan="2" class="list" height="12"></td>
682
					</tr>
683
					<tr>
684
						<td colspan="2" valign="top" class="listtopic">Tunnel Settings</td>
685
					</tr>
686
					<tr>
687
						<td width="22%" valign="top" class="vncell">Tunnel Network</td>
688
						<td width="78%" class="vtable">
689
							<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>">
690
							<br>
691
							This is the virtual network used for private
692
							communications between this client and the
693
							server expressed using CIDR (eg. 10.0.8.0/24).
694
							The first network address is assumed to be the
695
							server address and the second network address
696
							will be assigned to the client virtual
697
							interface.
698
						</td>
699
					</tr>
700
					<tr>
701
						<td width="22%" valign="top" class="vncell">Remote Network</td>
702
						<td width="78%" class="vtable">
703
							<input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>">
704
							<br>
705
							This is a network that will be routed through
706
							the tunnel, so that a site-to-site VPN can be
707
							established without manually changing the
708
							routing tables. Expressed as a CIDR range. If
709
							this is a site-to-site VPN, enter here the
710
							remote LAN here. You may leave this blank to
711
							only communicate with other clients.
712
						</td>
713
					</tr>
714
					<tr>
715
						<td width="22%" valign="top" class="vncell"><?=gettext("Limit outgoing bandwidth");?></td>
716
						<td width="78%" class="vtable">
717
							<input name="use_shaper" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['use_shaper']);?>"/>
718
							<br/>
719
							Maximum outgoing bandwidth for this tunnel.
720
							Leave empty for no limit. The input value has
721
							to be something between 100 bytes/sec and 100
722
							Mbytes/sec (entered as bytes per second).
723
						</td>
724
					</tr>
725
					<tr>
726
						<td width="22%" valign="top" class="vncell">Compression</td>
727
						<td width="78%" class="vtable">
728
							<table border="0" cellpadding="2" cellspacing="0">
729
								<tr>
730
									<td>
731
										<?php set_checked($pconfig['compression'],$chk); ?>
732
										<input name="compression" type="checkbox" value="yes" <?=$chk;?>>
733
									</td>
734
									<td>
735
										<span class="vexpl">
736
											Compress tunnel packets using the LZO algorithm.
737
										</span>
738
									</td>
739
								</tr>
740
							</table>
741
						</td>
742
					</tr>
743
					<tr>
744
						<td width="22%" valign="top" class="vncell">Type-of-Service</td>
745
						<td width="78%" class="vtable">
746
							<table border="0" cellpadding="2" cellspacing="0">
747
								<tr>
748
									<td>
749
										<?php set_checked($pconfig['passtos'],$chk); ?>
750
										<input name="passtos" type="checkbox" value="yes" <?=$chk;?>>
751
									</td>
752
									<td>
753
										<span class="vexpl">
754
											Set the TOS IP header value of tunnel packets to match the encapsulated packet value.
755
										</span>
756
									</td>
757
								</tr>
758
							</table>
759
						</td>
760
					</tr>
761
					<tr>
762
						<td colspan="2" class="list" height="12"></td>
763
					</tr>
764
					<tr>
765
						<td colspan="2" valign="top" class="listtopic">Advanced configuration</td>
766
					</tr>
767
					<tr>
768
						<td width="22%" valign="top" class="vncell">Advanced</td>
769
						<td width="78%" class="vtable">
770
							<table border="0" cellpadding="2" cellspacing="0">
771
								<tr>
772
									<td>
773
										<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=$pconfig['custom_options'];?></textarea><br/>
774
										Enter any additional options you would like to add to the OpenVPN client configuration here, separated by a semicolon<br/>
775
										EXAMPLE: route 10.0.0.0 255.255.255.0;
776
									</td>
777
								</tr>
778
							</table>
779
						</td>
780
					</tr>					
781
					<tr>
782
						<td width="22%" valign="top">&nbsp;</td>
783
						<td width="78%"> 
784
							<input name="save" type="submit" class="formbtn" value="Save"> 
785
							<input name="act" type="hidden" value="<?=$act;?>">
786
							<?php if (isset($id) && $a_client[$id]): ?>
787
							<input name="id" type="hidden" value="<?=$id;?>">
788
							<?php endif; ?>
789
						</td>
790
					</tr>
791
				</table>
792
			</form>
793

    
794
			<?php else: ?>
795

    
796
			<table width="100%" border="0" cellpadding="0" cellspacing="0">
797
				<tr>
798
					<td width="10%" class="listhdrr">Disabled</td>
799
					<td width="10%" class="listhdrr">Protocol</td>
800
					<td width="30%" class="listhdrr">Server</td>
801
					<td width="40%" class="listhdrr">Description</td>
802
					<td width="10%" class="list"></td>
803
				</tr>
804
				<?php
805
					$i = 0;
806
					foreach($a_client as $client):
807
						$disabled = "NO";
808
						if ($client['disable'])
809
							$disabled = "YES";
810
						$server = "{$client['server_addr']}:{$client['server_port']}";
811
				?>
812
				<tr ondblclick="document.location='vpn_openvpn_client.php?act=edit&id=<?=$i;?>'">
813
					<td class="listlr">
814
						<?=$disabled;?>
815
					</td>
816
					<td class="listr">
817
						<?=htmlspecialchars($client['protocol']);?>
818
					</td>
819
					<td class="listr">
820
						<?=htmlspecialchars($server);?>
821
					</td>
822
					<td class="listbg">
823
						<?=htmlspecialchars($client['description']);?>
824
					</td>
825
					<td valign="middle" nowrap class="list">
826
						<a href="vpn_openvpn_client.php?act=edit&id=<?=$i;?>">
827
							<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="edit client" width="17" height="17" border="0">
828
						</a>
829
						&nbsp;
830
						<a href="vpn_openvpn_client.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client?')">
831
							<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="delete client" width="17" height="17" border="0">
832
						</a>
833
					</td>
834
				</tr>
835
				<?php
836
					$i++;
837
					endforeach;
838
				?>
839
				<tr>
840
					<td class="list" colspan="4"></td>
841
					<td class="list">
842
						<a href="vpn_openvpn_client.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="add client" width="17" height="17" border="0">
843
						</a>
844
					</td>
845
				</tr>
846
				<tr>
847
					<td colspan="4">
848
						<p>
849
							<?=gettext("Additional OpenVPN clients can be added here.");?>
850
						</p>
851
					</td>
852
				</tr>
853
			</table>
854

    
855
			<? endif; ?>
856

    
857
		</td>
858
	</tr>
859
</table>
860
<script language="JavaScript">
861
<!--
862
mode_change();
863
autokey_change();
864
tlsauth_change();
865
useproxy_changed();
866
//-->
867
</script>
868
</body>
869
<?php include("fend.inc"); ?>
870

    
871
<?php
872

    
873
/* local utility functions */
874

    
875
function set_checked($var,& $chk) {
876
    if($var)
877
        $chk = 'checked';
878
    else
879
        $chk = '';
880
}
881

    
882
?>
883

    
(206-206/216)