/usr/local/www/vpn_openvpn_client.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_openvpn_client.php @ e840fc8c

1	88e545b4	jim-p	<?php
2	d799787e	Matthew Grooms	/*
3			vpn_openvpn_client.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6	29aef6c4	Jim Thompson	Copyright (C) 2013-2014 Electric Sheep Fencing, LP
7	88e545b4	jim-p	All rights reserved.
8	d799787e	Matthew Grooms
9			Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11	88e545b4	jim-p
12	d799787e	Matthew Grooms	1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14	88e545b4	jim-p
15	d799787e	Matthew Grooms	2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18	88e545b4	jim-p
19	d799787e	Matthew Grooms	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30
31			##\|+PRIV
32			##\|*IDENT=page-openvpn-client
33			##\|*NAME=OpenVPN: Client page
34			##\|*DESCR=Allow access to the 'OpenVPN: Client' page.
35			##\|MATCH=vpn_openvpn_client.php
36			##\|-PRIV
37
38			require("guiconfig.inc");
39	d84bd468	Ermal Lu?i	require_once("openvpn.inc");
40	d799787e	Matthew Grooms
41	2fa7a468	Carlos Eduardo Ramos	$pgtitle = array(gettext("OpenVPN"), gettext("Client"));
42	b32dd0a6	jim-p	$shortcut_section = "openvpn";
43	d799787e	Matthew Grooms
44			if (!is_array($config['openvpn']['openvpn-client']))
45			$config['openvpn']['openvpn-client'] = array();
46
47			$a_client = &$config['openvpn']['openvpn-client'];
48
49	428e66b6	jim-p	if (!is_array($config['ca']))
50			$config['ca'] = array();
51
52			$a_ca =& $config['ca'];
53
54			if (!is_array($config['cert']))
55			$config['cert'] = array();
56
57			$a_cert =& $config['cert'];
58
59			if (!is_array($config['crl']))
60			$config['crl'] = array();
61
62			$a_crl =& $config['crl'];
63
64	e41ec584	Renato Botelho	if (is_numericint($_GET['id']))
65			$id = $_GET['id'];
66			if (isset($_POST['id']) && is_numericint($_POST['id']))
67	d799787e	Matthew Grooms	$id = $_POST['id'];
68
69			$act = $_GET['act'];
70			if (isset($_POST['act']))
71			$act = $_POST['act'];
72
73	6d9b1074	jim-p	if (isset($id) && $a_client[$id])
74			$vpnid = $a_client[$id]['vpnid'];
75			else
76			$vpnid = 0;
77
78	d799787e	Matthew Grooms	if ($_GET['act'] == "del") {
79
80	767cf960	jim-p	if (!isset($a_client[$id])) {
81	d799787e	Matthew Grooms	pfSenseHeader("vpn_openvpn_client.php");
82			exit;
83			}
84	767cf960	jim-p	if (!empty($a_client[$id]))
85			openvpn_delete('client', $a_client[$id]);
86	d799787e	Matthew Grooms	unset($a_client[$id]);
87			write_config();
88	8cd558b6	ayvis	$savemsg = gettext("Client successfully deleted")."<br />";
89	d799787e	Matthew Grooms	}
90
91	f432e364	Matthew Grooms	if($_GET['act']=="new"){
92	3c11bd3c	Matthew Grooms	$pconfig['autokey_enable'] = "yes";
93			$pconfig['tlsauth_enable'] = "yes";
94			$pconfig['autotls_enable'] = "yes";
95	f432e364	Matthew Grooms	$pconfig['interface'] = "wan";
96			$pconfig['server_port'] = 1194;
97	b9e9903d	Dmitriy K.	$pconfig['verbosity_level'] = 1; // Default verbosity is 1
98	97d5b59b	jim-p	// OpenVPN Defaults to SHA1
99			$pconfig['digest'] = "SHA1";
100	f432e364	Matthew Grooms	}
101
102	5f242576	PiBa-NL	global $simplefields;
103			$simplefields = array('auth_user','auth_pass');
104
105	d799787e	Matthew Grooms	if($_GET['act']=="edit"){
106
107			if (isset($id) && $a_client[$id]) {
108	5f242576	PiBa-NL	foreach($simplefields as $stat)
109			$pconfig[$stat] = $a_client[$id][$stat];
110	88e545b4	jim-p
111	8319ee63	jim-p	$pconfig['disable'] = isset($a_client[$id]['disable']);
112	3c11bd3c	Matthew Grooms	$pconfig['mode'] = $a_client[$id]['mode'];
113	d799787e	Matthew Grooms	$pconfig['protocol'] = $a_client[$id]['protocol'];
114			$pconfig['interface'] = $a_client[$id]['interface'];
115	67b0902f	pierrepomes	if (!empty($a_client[$id]['ipaddr'])) {
116			$pconfig['interface'] = $pconfig['interface'] . '\|' . $a_client[$id]['ipaddr'];
117			}
118	d799787e	Matthew Grooms	$pconfig['local_port'] = $a_client[$id]['local_port'];
119			$pconfig['server_addr'] = $a_client[$id]['server_addr'];
120			$pconfig['server_port'] = $a_client[$id]['server_port'];
121			$pconfig['resolve_retry'] = $a_client[$id]['resolve_retry'];
122			$pconfig['proxy_addr'] = $a_client[$id]['proxy_addr'];
123			$pconfig['proxy_port'] = $a_client[$id]['proxy_port'];
124	762a24a3	Ermal Lu?i	$pconfig['proxy_user'] = $a_client[$id]['proxy_user'];
125			$pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd'];
126			$pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype'];
127	d799787e	Matthew Grooms	$pconfig['description'] = $a_client[$id]['description'];
128	c7323d81	sullrich	$pconfig['custom_options'] = $a_client[$id]['custom_options'];
129	691fbf14	Ermal Lu?i	$pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type'];
130	4936ff53	jim-p	$pconfig['dev_mode'] = $a_client[$id]['dev_mode'];
131	88e545b4	jim-p
132	3c11bd3c	Matthew Grooms	if ($pconfig['mode'] != "p2p_shared_key") {
133	d799787e	Matthew Grooms	$pconfig['caref'] = $a_client[$id]['caref'];
134			$pconfig['certref'] = $a_client[$id]['certref'];
135	3c11bd3c	Matthew Grooms	if ($a_client[$id]['tls']) {
136			$pconfig['tlsauth_enable'] = "yes";
137			$pconfig['tls'] = base64_decode($a_client[$id]['tls']);
138			}
139			} else
140			$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
141	d799787e	Matthew Grooms	$pconfig['crypto'] = $a_client[$id]['crypto'];
142	97d5b59b	jim-p	// OpenVPN Defaults to SHA1 if unset
143			$pconfig['digest'] = !empty($a_client[$id]['digest']) ? $a_client[$id]['digest'] : "SHA1";
144	f5c704b6	jim-p	$pconfig['engine'] = $a_client[$id]['engine'];
145	d799787e	Matthew Grooms
146			$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
147	4856df9b	jim-p	$pconfig['tunnel_networkv6'] = $a_client[$id]['tunnel_networkv6'];
148	d799787e	Matthew Grooms	$pconfig['remote_network'] = $a_client[$id]['remote_network'];
149	4856df9b	jim-p	$pconfig['remote_networkv6'] = $a_client[$id]['remote_networkv6'];
150	b422360c	jim-p	$pconfig['use_shaper'] = $a_client[$id]['use_shaper'];
151	d799787e	Matthew Grooms	$pconfig['compression'] = $a_client[$id]['compression'];
152	1cb0b40a	Matthew Grooms	$pconfig['passtos'] = $a_client[$id]['passtos'];
153	3c11bd3c	Matthew Grooms
154			// just in case the modes switch
155			$pconfig['autokey_enable'] = "yes";
156			$pconfig['autotls_enable'] = "yes";
157	b9e9903d	Dmitriy K.
158			$pconfig['no_tun_ipv6'] = $a_client[$id]['no_tun_ipv6'];
159			$pconfig['route_no_pull'] = $a_client[$id]['route_no_pull'];
160			$pconfig['route_no_exec'] = $a_client[$id]['route_no_exec'];
161	c7264382	Dmitriy K.	if (isset($a_client[$id]['verbosity_level']))
162			$pconfig['verbosity_level'] = $a_client[$id]['verbosity_level'];
163			else
164			$pconfig['verbosity_level'] = 1; // Default verbosity is 1
165	d799787e	Matthew Grooms	}
166			}
167
168			if ($_POST) {
169
170			unset($input_errors);
171			$pconfig = $_POST;
172
173	dc408939	Matthew Grooms	if (isset($id) && $a_client[$id])
174			$vpnid = $a_client[$id]['vpnid'];
175	f432e364	Matthew Grooms	else
176			$vpnid = 0;
177
178	198bb449	jim-p	list($iv_iface, $iv_ip) = explode ("\|",$pconfig['interface']);
179			if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) {
180			$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
181			} elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) {
182			$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address.");
183	489f484c	jim-p	} elseif ((stristr($pconfig['protocol'], "6") === false) && !get_interface_ip($iv_iface) && ($pconfig['interface'] != "any")) {
184	198bb449	jim-p	$input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address.");
185	489f484c	jim-p	} elseif ((stristr($pconfig['protocol'], "6") !== false) && !get_interface_ipv6($iv_iface) && ($pconfig['interface'] != "any")) {
186	198bb449	jim-p	$input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
187			}
188
189	98c0c87a	jim-p	if ($pconfig['mode'] != "p2p_shared_key")
190	3c11bd3c	Matthew Grooms	$tls_mode = true;
191			else
192			$tls_mode = false;
193
194	d799787e	Matthew Grooms	/* input validation */
195	f432e364	Matthew Grooms	if ($pconfig['local_port']) {
196
197			if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
198			$input_errors[] = $result;
199
200	49b76122	Renato Botelho	$portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid);
201	5accf130	jim-p	if (($portused != $vpnid) && ($portused != 0))
202	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
203	f432e364	Matthew Grooms	}
204
205	d799787e	Matthew Grooms	if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address'))
206			$input_errors[] = $result;
207
208			if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port'))
209			$input_errors[] = $result;
210
211			if ($pconfig['proxy_addr']) {
212
213			if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address'))
214			$input_errors[] = $result;
215
216			if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port'))
217			$input_errors[] = $result;
218	762a24a3	Ermal Lu?i
219			if ($pconfig['proxy_authtype'] != "none") {
220			if (empty($pconfig['proxy_user']) \|\| empty($pconfig['proxy_passwd']))
221	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("User name and password are required for proxy with authentication.");
222	762a24a3	Ermal Lu?i	}
223	d799787e	Matthew Grooms	}
224
225	c13b87a0	sullrich	if($pconfig['tunnel_network'])
226	a28d40cb	jim-p	if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4"))
227	c13b87a0	sullrich	$input_errors[] = $result;
228	d799787e	Matthew Grooms
229	a28d40cb	jim-p	if($pconfig['tunnel_networkv6'])
230			if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6"))
231			$input_errors[] = $result;
232
233			if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4"))
234			$input_errors[] = $result;
235
236			if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6"))
237	d799787e	Matthew Grooms	$input_errors[] = $result;
238
239	b422360c	jim-p	if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) \|\| ($pconfig['use_shaper'] <= 0)))
240			$input_errors[] = gettext("The bandwidth limit must be a positive numeric value.");
241
242	88e545b4	jim-p	if ($pconfig['autokey_enable'])
243			$pconfig['shared_key'] = openvpn_create_key();
244	89e6e210	jim-p
245	3c11bd3c	Matthew Grooms	if (!$tls_mode && !$pconfig['autokey_enable'])
246	d799787e	Matthew Grooms	if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") \|\|
247			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
248	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
249	3c11bd3c	Matthew Grooms
250			if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
251			if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") \|\|
252			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
253	2fa7a468	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
254	d799787e	Matthew Grooms
255	6180c3ae	jim-p	/* If we are not in shared key mode, then we need the CA/Cert. */
256			if ($pconfig['mode'] != "p2p_shared_key") {
257	2da48592	jim-p	$reqdfields = explode(" ", "caref");
258			$reqdfieldsn = array(gettext("Certificate Authority"));
259	6180c3ae	jim-p	} elseif (!$pconfig['autokey_enable']) {
260			/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
261			$reqdfields = array('shared_key');
262	2fa7a468	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext('Shared key'));
263	d799787e	Matthew Grooms	}
264
265	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
266	2da48592	jim-p
267			if (($pconfig['mode'] != "p2p_shared_key") && empty($pconfig['certref']) && empty($pconfig['auth_user']) && empty($pconfig['auth_pass'])) {
268			$input_errors[] = gettext("If no Client Certificate is selected, a username and password must be entered.");
269			}
270
271	d799787e	Matthew Grooms	if (!$input_errors) {
272
273			$client = array();
274	88e545b4	jim-p
275	5f242576	PiBa-NL	foreach($simplefields as $stat)
276			update_if_changed($stat, $client[$stat], $_POST[$stat]);
277	88e545b4	jim-p
278	f432e364	Matthew Grooms	if ($vpnid)
279			$client['vpnid'] = $vpnid;
280	d799787e	Matthew Grooms	else
281			$client['vpnid'] = openvpn_vpnid_next();
282
283	8319ee63	jim-p	if ($_POST['disable'] == "yes")
284	b65f56f6	jim-p	$client['disable'] = true;
285	d799787e	Matthew Grooms	$client['protocol'] = $pconfig['protocol'];
286	4936ff53	jim-p	$client['dev_mode'] = $pconfig['dev_mode'];
287	67b0902f	pierrepomes	list($client['interface'], $client['ipaddr']) = explode ("\|",$pconfig['interface']);
288	d799787e	Matthew Grooms	$client['local_port'] = $pconfig['local_port'];
289			$client['server_addr'] = $pconfig['server_addr'];
290			$client['server_port'] = $pconfig['server_port'];
291			$client['resolve_retry'] = $pconfig['resolve_retry'];
292			$client['proxy_addr'] = $pconfig['proxy_addr'];
293			$client['proxy_port'] = $pconfig['proxy_port'];
294	762a24a3	Ermal Lu?i	$client['proxy_authtype'] = $pconfig['proxy_authtype'];
295			$client['proxy_user'] = $pconfig['proxy_user'];
296			$client['proxy_passwd'] = $pconfig['proxy_passwd'];
297	d799787e	Matthew Grooms	$client['description'] = $pconfig['description'];
298	50a9d5b9	jim-p	$client['mode'] = $pconfig['mode'];
299	e3bbd29a	Ermal	$client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
300	d799787e	Matthew Grooms
301	88e545b4	jim-p	if ($tls_mode) {
302			$client['caref'] = $pconfig['caref'];
303			$client['certref'] = $pconfig['certref'];
304			if ($pconfig['tlsauth_enable']) {
305			if ($pconfig['autotls_enable'])
306			$pconfig['tls'] = openvpn_create_key();
307			$client['tls'] = base64_encode($pconfig['tls']);
308			}
309			} else {
310			$client['shared_key'] = base64_encode($pconfig['shared_key']);
311			}
312	d799787e	Matthew Grooms	$client['crypto'] = $pconfig['crypto'];
313	97d5b59b	jim-p	$client['digest'] = $pconfig['digest'];
314	582c58ae	jim-p	$client['engine'] = $pconfig['engine'];
315	d799787e	Matthew Grooms
316			$client['tunnel_network'] = $pconfig['tunnel_network'];
317	4856df9b	jim-p	$client['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
318	d799787e	Matthew Grooms	$client['remote_network'] = $pconfig['remote_network'];
319	4856df9b	jim-p	$client['remote_networkv6'] = $pconfig['remote_networkv6'];
320	b422360c	jim-p	$client['use_shaper'] = $pconfig['use_shaper'];
321	d799787e	Matthew Grooms	$client['compression'] = $pconfig['compression'];
322	e067306d	pierrepomes	$client['passtos'] = $pconfig['passtos'];
323	d799787e	Matthew Grooms
324	b9e9903d	Dmitriy K.	$client['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
325			$client['route_no_pull'] = $pconfig['route_no_pull'];
326			$client['route_no_exec'] = $pconfig['route_no_exec'];
327			$client['verbosity_level'] = $pconfig['verbosity_level'];
328
329	d799787e	Matthew Grooms	if (isset($id) && $a_client[$id])
330			$a_client[$id] = $client;
331			else
332			$a_client[] = $client;
333
334	dc408939	Matthew Grooms	openvpn_resync('client', $client);
335	d799787e	Matthew Grooms	write_config();
336	88e545b4	jim-p
337	d799787e	Matthew Grooms	header("Location: vpn_openvpn_client.php");
338			exit;
339			}
340			}
341
342			include("head.inc");
343
344			?>
345
346			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
347			<?php include("fbegin.inc"); ?>
348	91f026b0	ayvis	<script type="text/javascript">
349	770f29c4	Colin Fleming	//<![CDATA[
350	d799787e	Matthew Grooms
351	3c11bd3c	Matthew Grooms	function mode_change() {
352			index = document.iform.mode.selectedIndex;
353			value = document.iform.mode.options[index].value;
354	d799787e	Matthew Grooms	switch(value) {
355	3c11bd3c	Matthew Grooms	case "p2p_tls":
356			document.getElementById("tls").style.display="";
357			document.getElementById("tls_ca").style.display="";
358			document.getElementById("tls_cert").style.display="";
359	efca0d9e	Ermal	document.getElementById("userpass").style.display="";
360			document.getElementById("userpassheader").style.display="";
361	d799787e	Matthew Grooms	document.getElementById("psk").style.display="none";
362			break;
363	3c11bd3c	Matthew Grooms	case "p2p_shared_key":
364			document.getElementById("tls").style.display="none";
365			document.getElementById("tls_ca").style.display="none";
366			document.getElementById("tls_cert").style.display="none";
367	efca0d9e	Ermal	document.getElementById("userpass").style.display="none";
368			document.getElementById("userpassheader").style.display="none";
369	d799787e	Matthew Grooms	document.getElementById("psk").style.display="";
370			break;
371			}
372			}
373
374	b9e9903d	Dmitriy K.	function dev_mode_change() {
375			index = document.iform.dev_mode.selectedIndex;
376			value = document.iform.dev_mode.options[index].value;
377			switch(value) {
378			case "tun":
379			document.getElementById("chkboxNoTunIPv6").style.display="";
380			break;
381			case "tap":
382			document.getElementById("chkboxNoTunIPv6").style.display="none";
383			break;
384			}
385			}
386
387	3c11bd3c	Matthew Grooms	function autokey_change() {
388			if (document.iform.autokey_enable.checked)
389			document.getElementById("autokey_opts").style.display="none";
390			else
391			document.getElementById("autokey_opts").style.display="";
392			}
393
394	762a24a3	Ermal Lu?i	function useproxy_changed() {
395
396	ea1cea05	Vinicius Coque	if (jQuery('#proxy_authtype').val() != 'none') {
397	88e545b4	jim-p	jQuery('#proxy_authtype_opts').show();
398			} else {
399			jQuery('#proxy_authtype_opts').hide();
400			}
401	762a24a3	Ermal Lu?i	}
402
403	3c11bd3c	Matthew Grooms	function tlsauth_change() {
404
405			<?php if (!$pconfig['tls']): ?>
406			if (document.iform.tlsauth_enable.checked)
407			document.getElementById("tlsauth_opts").style.display="";
408			else
409			document.getElementById("tlsauth_opts").style.display="none";
410			<?php endif; ?>
411
412			autotls_change();
413			}
414
415			function autotls_change() {
416
417			<?php if (!$pconfig['tls']): ?>
418			autocheck = document.iform.autotls_enable.checked;
419			<?php else: ?>
420			autocheck = false;
421			<?php endif; ?>
422
423			if (document.iform.tlsauth_enable.checked && !autocheck)
424			document.getElementById("autotls_opts").style.display="";
425			else
426			document.getElementById("autotls_opts").style.display="none";
427			}
428
429	770f29c4	Colin Fleming	//]]>
430	d799787e	Matthew Grooms	</script>
431			<?php
432	428e66b6	jim-p	if (!$savemsg)
433			$savemsg = "";
434
435			if ($input_errors)
436			print_input_errors($input_errors);
437			if ($savemsg)
438			print_info_box($savemsg);
439	d799787e	Matthew Grooms	?>
440	770f29c4	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn client">
441	88e545b4	jim-p	<tr>
442	d799787e	Matthew Grooms	<td class="tabnavtbl">
443	88e545b4	jim-p	<?php
444	d799787e	Matthew Grooms	$tab_array = array();
445			$tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php");
446			$tab_array[] = array(gettext("Client"), true, "vpn_openvpn_client.php");
447			$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
448	5540aee6	Ermal Lu?i	$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
449	b63f2e8b	Matthew Grooms	add_package_tabs("OpenVPN", $tab_array);
450	d799787e	Matthew Grooms	display_top_tabs($tab_array);
451			?>
452			</td>
453	88e545b4	jim-p	</tr>
454	d799787e	Matthew Grooms	<tr>
455			<td class="tabcont">
456
457			<?php if($act=="new" \|\| $act=="edit"): ?>
458
459			<form action="vpn_openvpn_client.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
460	770f29c4	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="general information">
461	47c00c09	Scott Ullrich	<tr>
462	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
463	47c00c09	Scott Ullrich	</tr>
464	d799787e	Matthew Grooms	<tr>
465	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
466	d799787e	Matthew Grooms	<td width="78%" class="vtable">
467	770f29c4	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="enable disable client">
468	d799787e	Matthew Grooms	<tr>
469			<td>
470			<?php set_checked($pconfig['disable'],$chk); ?>
471	770f29c4	Colin Fleming	<input name="disable" type="checkbox" value="yes" <?=$chk;?> />
472	d799787e	Matthew Grooms	</td>
473			<td>
474
475			<span class="vexpl">
476	8cd558b6	ayvis	<strong><?=gettext("Disable this client"); ?></strong><br />
477	d799787e	Matthew Grooms	</span>
478			</td>
479			</tr>
480			</table>
481	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this client without removing it from the list"); ?>.
482	d799787e	Matthew Grooms	</td>
483			</tr>
484	3c11bd3c	Matthew Grooms	<tr>
485			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
486			<td width="78%" class="vtable">
487	770f29c4	Colin Fleming	<select name="mode" id="mode" class="formselect" onchange="mode_change()">
488	3c11bd3c	Matthew Grooms	<?php
489			foreach ($openvpn_client_modes as $name => $desc):
490			$selected = "";
491			if ($pconfig['mode'] == $name)
492	770f29c4	Colin Fleming	$selected = "selected=\"selected\"";
493	3c11bd3c	Matthew Grooms	?>
494			<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
495			<?php endforeach; ?>
496			</select>
497			</td>
498			</tr>
499	d799787e	Matthew Grooms	<tr>
500			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
501			<td width="78%" class="vtable">
502			<select name='protocol' class="formselect">
503			<?php
504			foreach ($openvpn_prots as $prot):
505			$selected = "";
506			if ($pconfig['protocol'] == $prot)
507	770f29c4	Colin Fleming	$selected = "selected=\"selected\"";
508	d799787e	Matthew Grooms	?>
509			<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
510			<?php endforeach; ?>
511			</select>
512			</td>
513			</tr>
514	88e545b4	jim-p	<tr>
515			<td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td>
516			<td width="78%" class="vtable">
517	b9e9903d	Dmitriy K.	<select name='dev_mode' class="formselect" onchange="dev_mode_change()">
518	88e545b4	jim-p	<?php
519			foreach ($openvpn_dev_mode as $mode):
520			$selected = "";
521			if ($pconfig['dev_mode'] == $mode)
522			$selected = "selected=\"selected\"";
523			?>
524			<option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option>
525			<?php endforeach; ?>
526			</select>
527			</td>
528			</tr>
529	d799787e	Matthew Grooms	<tr>
530	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
531	d799787e	Matthew Grooms	<td width="78%" class="vtable">
532			<select name="interface" class="formselect">
533			<?php
534			$interfaces = get_configured_interface_with_descr();
535	3d06e8f0	pierrepomes	$carplist = get_configured_carp_interface_list();
536			foreach ($carplist as $cif => $carpip)
537	dd62256f	Pierre POMES	$interfaces[$cif.'\|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
538	67b0902f	pierrepomes	$aliaslist = get_configured_ip_aliases_list();
539			foreach ($aliaslist as $aliasip => $aliasif)
540	dd62256f	Pierre POMES	$interfaces[$aliasif.'\|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
541	174ba22b	smos	$grouplist = return_gateway_groups_array();
542			foreach ($grouplist as $name => $group) {
543			if($group['ipprotocol'] != inet)
544			continue;
545			if($group[0]['vip'] <> "")
546			$vipif = $group[0]['vip'];
547			else
548			$vipif = $group[0]['int'];
549			$interfaces[$name] = "GW Group {$name}";
550			}
551	5c94aa12	jim-p	$interfaces['lo0'] = "Localhost";
552	67b0902f	pierrepomes	$interfaces['any'] = "any";
553	3d06e8f0	pierrepomes	foreach ($interfaces as $iface => $ifacename):
554	1d3bcd2a	Matthew Grooms	$selected = "";
555			if ($iface == $pconfig['interface'])
556	770f29c4	Colin Fleming	$selected = "selected=\"selected\"";
557	d799787e	Matthew Grooms	?>
558	1d3bcd2a	Matthew Grooms	<option value="<?=$iface;?>" <?=$selected;?>>
559			<?=htmlspecialchars($ifacename);?>
560			</option>
561	d799787e	Matthew Grooms	<?php endforeach; ?>
562	8cd558b6	ayvis	</select> <br />
563	d799787e	Matthew Grooms	</td>
564			</tr>
565	1d3bcd2a	Matthew Grooms	<tr>
566			<td width="22%" valign="top" class="vncell"><?=gettext("Local port");?></td>
567			<td width="78%" class="vtable">
568	770f29c4	Colin Fleming	<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>" />
569	8cd558b6	ayvis	<br />
570	5708241f	jim-p	<?=gettext("Set this option if you would like to bind to a specific port. Leave this blank or enter 0 for a random dynamic port."); ?>
571	1d3bcd2a	Matthew Grooms	</td>
572			</tr>
573	d799787e	Matthew Grooms	<tr>
574			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server host or address");?></td>
575			<td width="78%" class="vtable">
576	770f29c4	Colin Fleming	<input name="server_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['server_addr']);?>" />
577	d799787e	Matthew Grooms	</td>
578			</tr>
579			<tr>
580			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server port");?></td>
581			<td width="78%" class="vtable">
582	770f29c4	Colin Fleming	<input name="server_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['server_port']);?>" />
583	d799787e	Matthew Grooms	</td>
584			</tr>
585			<tr>
586			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy host or address");?></td>
587			<td width="78%" class="vtable">
588	770f29c4	Colin Fleming	<input name="proxy_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['proxy_addr']);?>" />
589	d799787e	Matthew Grooms	</td>
590			</tr>
591			<tr>
592			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy port");?></td>
593			<td width="78%" class="vtable">
594	770f29c4	Colin Fleming	<input name="proxy_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['proxy_port']);?>" />
595	d799787e	Matthew Grooms	</td>
596			</tr>
597	762a24a3	Ermal Lu?i	<tr>
598			<td width="22%" valign="top" class="vncell"><?=gettext("Proxy authentication extra options");?></td>
599			<td width="78%" class="vtable">
600	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="proxy authentication">
601	762a24a3	Ermal Lu?i	<tr>
602	88e545b4	jim-p	<td align="right" width="25%">
603			<span class="vexpl">
604			<?=gettext("Authentication method"); ?> :
605			</span>
606			</td>
607			<td>
608	770f29c4	Colin Fleming	<select name="proxy_authtype" id="proxy_authtype" class="formfld select" onchange="useproxy_changed()">
609			<option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected=\"selected\""; ?>><?=gettext("none"); ?></option>
610			<option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected=\"selected\""; ?>><?=gettext("basic"); ?></option>
611			<option value="ntlm" <?php if ($pconfig['proxy_authtype'] == "ntlm") echo "selected=\"selected\""; ?>><?=gettext("ntlm"); ?></option>
612	762a24a3	Ermal Lu?i	</select>
613			</td>
614			</tr>
615			</table>
616			<br />
617	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none" summary="proxy authentication options">
618	88e545b4	jim-p	<tr>
619			<td align="right" width="25%">
620			<span class="vexpl">
621			<?=gettext("Username"); ?> :
622			</span>
623			</td>
624			<td>
625			<input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" />
626			</td>
627			</tr>
628			<tr>
629			<td align="right" width="25%">
630			<span class="vexpl">
631			<?=gettext("Password"); ?> :
632			</span>
633			</td>
634			<td>
635			<input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" />
636			</td>
637			</tr>
638			</table>
639	762a24a3	Ermal Lu?i	</td>
640			</tr>
641	d799787e	Matthew Grooms	<tr>
642	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Server host name resolution"); ?></td>
643	d799787e	Matthew Grooms	<td width="78%" class="vtable">
644	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="server host name resolution">
645	d799787e	Matthew Grooms	<tr>
646			<td>
647			<?php set_checked($pconfig['resolve_retry'],$chk); ?>
648	770f29c4	Colin Fleming	<input name="resolve_retry" type="checkbox" value="yes" <?=$chk;?> />
649	d799787e	Matthew Grooms	</td>
650			<td>
651			<span class="vexpl">
652	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Infinitely resolve server"); ?>
653	d799787e	Matthew Grooms	</span>
654			</td>
655			</tr>
656			</table>
657	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Continuously attempt to resolve the server host " .
658			"name. Useful when communicating with a server " .
659			"that is not permanently connected to the Internet"); ?>.
660	d799787e	Matthew Grooms	</td>
661			</tr>
662	88e545b4	jim-p	<tr>
663	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
664	88e545b4	jim-p	<td width="78%" class="vtable">
665	770f29c4	Colin Fleming	<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>" />
666	8cd558b6	ayvis	<br />
667	2fa7a468	Carlos Eduardo Ramos	<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
668	d799787e	Matthew Grooms	</td>
669			</tr>
670			<tr>
671			<td colspan="2" class="list" height="12"></td>
672			</tr>
673	efca0d9e	Ermal	<tr id='userpassheader'>
674	5f242576	PiBa-NL	<td colspan="2" valign="top" class="listtopic"><?=gettext("User Authentication Settings"); ?></td>
675			</tr>
676	efca0d9e	Ermal	<tr id='userpass'>
677	5f242576	PiBa-NL	<td width="22%" valign="top" class="vncell"><?=gettext("User name/pass"); ?></td>
678			<td width="78%" class="vtable">
679			<?=gettext("Leave empty when no user name and password are needed."); ?>
680	770f29c4	Colin Fleming	<br/>
681			<table border="0" cellpadding="2" cellspacing="0" summary="user name password">
682	5f242576	PiBa-NL	<tr>
683			<td align="right" width="25%">
684			<span class="vexpl">
685			<?=gettext("Username"); ?> :
686			</span>
687			</td>
688			<td>
689			<input name="auth_user" id="auth_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['auth_user']);?>" />
690			</td>
691			</tr>
692			<tr>
693			<td align="right" width="25%">
694			<span class="vexpl">
695			<?=gettext("Password"); ?> :
696			</span>
697			</td>
698			<td>
699			<input name="auth_pass" id="auth_pass" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['auth_pass']);?>" />
700			</td>
701			</tr>
702			</table>
703			</td>
704			</tr>
705	d799787e	Matthew Grooms	<tr>
706	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
707	d799787e	Matthew Grooms	</tr>
708	3c11bd3c	Matthew Grooms	<tr id="tls">
709	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
710	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
711	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="tls authentication">
712	3c11bd3c	Matthew Grooms	<tr>
713			<td>
714			<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
715	770f29c4	Colin Fleming	<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onclick="tlsauth_change()" />
716	3c11bd3c	Matthew Grooms	</td>
717			<td>
718			<span class="vexpl">
719	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Enable authentication of TLS packets"); ?>.
720	3c11bd3c	Matthew Grooms	</span>
721			</td>
722			</tr>
723			</table>
724			<?php if (!$pconfig['tls']): ?>
725	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="tlsauth_opts" summary="tls authentication options">
726	3c11bd3c	Matthew Grooms	<tr>
727			<td>
728			<?php set_checked($pconfig['autotls_enable'],$chk); ?>
729	770f29c4	Colin Fleming	<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autotls_change()" />
730	3c11bd3c	Matthew Grooms	</td>
731			<td>
732			<span class="vexpl">
733	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
734	3c11bd3c	Matthew Grooms	</span>
735			</td>
736			</tr>
737			</table>
738			<?php endif; ?>
739	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="autotls_opts" summary="tls authentication options">
740	3c11bd3c	Matthew Grooms	<tr>
741			<td>
742			<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
743	8cd558b6	ayvis	<br />
744	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
745	3c11bd3c	Matthew Grooms	</td>
746			</tr>
747			</table>
748			</td>
749	d799787e	Matthew Grooms	</tr>
750	3c11bd3c	Matthew Grooms	<tr id="tls_ca">
751	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
752	d799787e	Matthew Grooms	<td width="78%" class="vtable">
753	19cdeb3e	jim-p	<?php if (count($a_ca)): ?>
754	d799787e	Matthew Grooms	<select name='caref' class="formselect">
755			<?php
756	428e66b6	jim-p	foreach ($a_ca as $ca):
757	d799787e	Matthew Grooms	$selected = "";
758			if ($pconfig['caref'] == $ca['refid'])
759	770f29c4	Colin Fleming	$selected = "selected=\"selected\"";
760	d799787e	Matthew Grooms	?>
761	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
762	d799787e	Matthew Grooms	<?php endforeach; ?>
763			</select>
764	19cdeb3e	jim-p	<?php else: ?>
765	8cd558b6	ayvis	<b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System > Cert Manager</a>.
766	19cdeb3e	jim-p	<?php endif; ?>
767	d799787e	Matthew Grooms	</td>
768			</tr>
769	3c11bd3c	Matthew Grooms	<tr id="tls_cert">
770	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td>
771	d799787e	Matthew Grooms	<td width="78%" class="vtable">
772			<select name='certref' class="formselect">
773			<?php
774	428e66b6	jim-p	foreach ($a_cert as $cert):
775	9e303f2f	jim-p	$selected = "";
776			$caname = "";
777			$inuse = "";
778			$revoked = "";
779			$ca = lookup_ca($cert['caref']);
780			if ($ca)
781			$caname = " (CA: {$ca['descr']})";
782			if ($pconfig['certref'] == $cert['refid'])
783	770f29c4	Colin Fleming	$selected = "selected=\"selected\"";
784	9e303f2f	jim-p	if (cert_in_use($cert['refid']))
785			$inuse = " *In Use";
786			if (is_cert_revoked($cert))
787			$revoked = " *Revoked";
788	d799787e	Matthew Grooms	?>
789	6a0b3ea4	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
790	d799787e	Matthew Grooms	<?php endforeach; ?>
791	2da48592	jim-p	<option value="" <?PHP if (empty($pconfig['certref'])) echo "selected=\"selected\""; ?>>None (Username and Password required)</option>
792	d799787e	Matthew Grooms	</select>
793	2da48592	jim-p	<?php if (!count($a_cert)): ?>
794			<b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a> if one is required for this connection.
795	19cdeb3e	jim-p	<?php endif; ?>
796	d799787e	Matthew Grooms	</td>
797			</tr>
798			<tr id="psk">
799	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
800	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
801			<?php if (!$pconfig['shared_key']): ?>
802	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="shared key">
803	3c11bd3c	Matthew Grooms	<tr>
804			<td>
805			<?php set_checked($pconfig['autokey_enable'],$chk); ?>
806	770f29c4	Colin Fleming	<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autokey_change()" />
807	3c11bd3c	Matthew Grooms	</td>
808			<td>
809			<span class="vexpl">
810	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared key"); ?>.
811	3c11bd3c	Matthew Grooms	</span>
812			</td>
813			</tr>
814			</table>
815			<?php endif; ?>
816	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="autokey_opts" summary="shared key options">
817	3c11bd3c	Matthew Grooms	<tr>
818			<td>
819			<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
820	8cd558b6	ayvis	<br />
821	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
822	3c11bd3c	Matthew Grooms	</td>
823			</tr>
824			</table>
825	d799787e	Matthew Grooms	</td>
826			</tr>
827			<tr>
828	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
829	d799787e	Matthew Grooms	<td width="78%" class="vtable">
830			<select name="crypto" class="formselect">
831			<?php
832			$cipherlist = openvpn_get_cipherlist();
833			foreach ($cipherlist as $name => $desc):
834	770f29c4	Colin Fleming	$selected = "";
835	d799787e	Matthew Grooms	if ($name == $pconfig['crypto'])
836	770f29c4	Colin Fleming	$selected = " selected=\"selected\"";
837	d799787e	Matthew Grooms	?>
838			<option value="<?=$name;?>"<?=$selected?>>
839			<?=htmlspecialchars($desc);?>
840			</option>
841			<?php endforeach; ?>
842			</select>
843			</td>
844			</tr>
845	97d5b59b	jim-p	<tr>
846			<td width="22%" valign="top" class="vncellreq"><?=gettext("Auth Digest Algorithm"); ?></td>
847			<td width="78%" class="vtable">
848			<select name="digest" class="formselect">
849			<?php
850			$digestlist = openvpn_get_digestlist();
851			foreach ($digestlist as $name => $desc):
852	770f29c4	Colin Fleming	$selected = "";
853	97d5b59b	jim-p	if ($name == $pconfig['digest'])
854	770f29c4	Colin Fleming	$selected = " selected=\"selected\"";
855	97d5b59b	jim-p	?>
856			<option value="<?=$name;?>"<?=$selected?>>
857			<?=htmlspecialchars($desc);?>
858			</option>
859			<?php endforeach; ?>
860			</select>
861	73b8c162	jim-p	<br /><?PHP echo gettext("NOTE: Leave this set to SHA1 unless the server is set to match. SHA1 is the default for OpenVPN."); ?>
862	97d5b59b	jim-p	</td>
863			</tr>
864	582c58ae	jim-p	<tr id="engine">
865			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
866			<td width="78%" class="vtable">
867			<select name="engine" class="formselect">
868			<?php
869			$engines = openvpn_get_engines();
870			foreach ($engines as $name => $desc):
871	770f29c4	Colin Fleming	$selected = "";
872	582c58ae	jim-p	if ($name == $pconfig['engine'])
873	770f29c4	Colin Fleming	$selected = " selected=\"selected\"";
874	582c58ae	jim-p	?>
875			<option value="<?=$name;?>"<?=$selected?>>
876			<?=htmlspecialchars($desc);?>
877			</option>
878			<?php endforeach; ?>
879			</select>
880			</td>
881			</tr>
882	d799787e	Matthew Grooms	<tr>
883			<td colspan="2" class="list" height="12"></td>
884			</tr>
885			<tr>
886	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
887	d799787e	Matthew Grooms	</tr>
888			<tr>
889	4856df9b	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Tunnel Network"); ?></td>
890	d799787e	Matthew Grooms	<td width="78%" class="vtable">
891	770f29c4	Colin Fleming	<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>" />
892	8cd558b6	ayvis	<br />
893	2fa7a468	Carlos Eduardo Ramos	<?=gettext("This is the virtual network used for private " .
894			"communications between this client and the " .
895			"server expressed using CIDR (eg. 10.0.8.0/24). " .
896			"The first network address is assumed to be the " .
897			"server address and the second network address " .
898			"will be assigned to the client virtual " .
899			"interface"); ?>.
900	d799787e	Matthew Grooms	</td>
901			</tr>
902			<tr>
903	4856df9b	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Tunnel Network"); ?></td>
904			<td width="78%" class="vtable">
905	770f29c4	Colin Fleming	<input name="tunnel_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_networkv6']);?>" />
906	8cd558b6	ayvis	<br />
907	4856df9b	jim-p	<?=gettext("This is the IPv6 virtual network used for private " .
908			"communications between this client and the " .
909			"server expressed using CIDR (eg. fe80::/64). " .
910			"The first network address is assumed to be the " .
911			"server address and the second network address " .
912			"will be assigned to the client virtual " .
913			"interface"); ?>.
914			</td>
915			</tr>
916			<tr>
917	3835613a	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Remote Network/s"); ?></td>
918	d799787e	Matthew Grooms	<td width="78%" class="vtable">
919	770f29c4	Colin Fleming	<input name="remote_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_network']);?>" />
920	8cd558b6	ayvis	<br />
921	3835613a	Phil Davis	<?=gettext("These are the IPv4 networks that will be routed through " .
922	2fa7a468	Carlos Eduardo Ramos	"the tunnel, so that a site-to-site VPN can be " .
923	3835613a	Phil Davis	"established without manually changing the routing tables. " .
924			"Expressed as a comma-separated list of one or more CIDR ranges. " .
925			"If this is a site-to-site VPN, enter the " .
926			"remote LAN/s here. You may leave this blank to " .
927	2fa7a468	Carlos Eduardo Ramos	"only communicate with other clients"); ?>.
928	d799787e	Matthew Grooms	</td>
929			</tr>
930	4856df9b	jim-p	<tr>
931	3835613a	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Remote Network/s"); ?></td>
932	4856df9b	jim-p	<td width="78%" class="vtable">
933	770f29c4	Colin Fleming	<input name="remote_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_networkv6']);?>" />
934	8cd558b6	ayvis	<br />
935	3835613a	Phil Davis	<?=gettext("These are the IPv6 networks that will be routed through " .
936	4856df9b	jim-p	"the tunnel, so that a site-to-site VPN can be " .
937	3835613a	Phil Davis	"established without manually changing the routing tables. " .
938			"Expressed as a comma-separated list of one or more IP/PREFIX. " .
939			"If this is a site-to-site VPN, enter the " .
940			"remote LAN/s here. You may leave this blank to " .
941	4856df9b	jim-p	"only communicate with other clients"); ?>.
942			</td>
943			</tr>
944	d799787e	Matthew Grooms	<tr>
945			<td width="22%" valign="top" class="vncell"><?=gettext("Limit outgoing bandwidth");?></td>
946			<td width="78%" class="vtable">
947	770f29c4	Colin Fleming	<input name="use_shaper" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['use_shaper']);?>" />
948	8cd558b6	ayvis	<br />
949	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Maximum outgoing bandwidth for this tunnel. " .
950			"Leave empty for no limit. The input value has " .
951			"to be something between 100 bytes/sec and 100 " .
952			"Mbytes/sec (entered as bytes per second)"); ?>.
953	d799787e	Matthew Grooms	</td>
954			</tr>
955			<tr>
956	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
957	d799787e	Matthew Grooms	<td width="78%" class="vtable">
958	edba1982	jim-p	<select name="compression" class="formselect">
959			<?php
960			foreach ($openvpn_compression_modes as $cmode => $cmodedesc):
961	770f29c4	Colin Fleming	$selected = "";
962	edba1982	jim-p	if ($cmode == $pconfig['compression'])
963	770f29c4	Colin Fleming	$selected = " selected=\"selected\"";
964	edba1982	jim-p	?>
965			<option value="<?= $cmode ?>" <?= $selected ?>><?= $cmodedesc ?></option>
966			<?php endforeach; ?>
967			</select>
968	8cd558b6	ayvis	<br />
969	edba1982	jim-p	<?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently."); ?>.
970	d799787e	Matthew Grooms	</td>
971			</tr>
972			<tr>
973	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
974	d799787e	Matthew Grooms	<td width="78%" class="vtable">
975	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="type-of-service">
976	d799787e	Matthew Grooms	<tr>
977			<td>
978	1cb0b40a	Matthew Grooms	<?php set_checked($pconfig['passtos'],$chk); ?>
979	770f29c4	Colin Fleming	<input name="passtos" type="checkbox" value="yes" <?=$chk;?> />
980	d799787e	Matthew Grooms	</td>
981			<td>
982			<span class="vexpl">
983	2fa7a468	Carlos Eduardo Ramos	<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
984	d799787e	Matthew Grooms	</span>
985			</td>
986			</tr>
987			</table>
988			</td>
989			</tr>
990	b9e9903d	Dmitriy K.
991			<tr id="chkboxNoTunIPv6">
992			<td width="22%" valign="top" class="vncell"><?=gettext("Disable IPv6"); ?></td>
993			<td width="78%" class="vtable">
994			<table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6">
995			<tr>
996			<td>
997			<?php set_checked($pconfig['no_tun_ipv6'],$chk); ?>
998			<input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> />
999			</td>
1000			<td>
1001			<span class="vexpl">
1002	4be2bfed	Dmitriy K.	<?=gettext("Don't forward IPv6 traffic"); ?>.
1003	b9e9903d	Dmitriy K.	</span>
1004			</td>
1005			</tr>
1006			</table>
1007			</td>
1008			</tr>
1009
1010			<tr id="chkboxRouteNoPull">
1011	4be2bfed	Dmitriy K.	<td width="22%" valign="top" class="vncell"><?=gettext("Don't pull routes"); ?></td>
1012	b9e9903d	Dmitriy K.	<td width="78%" class="vtable">
1013			<table border="0" cellpadding="2" cellspacing="0" summary="dont-pull-routes">
1014			<tr>
1015			<td>
1016			<?php set_checked($pconfig['route_no_pull'],$chk); ?>
1017			<input name="route_no_pull" type="checkbox" value="yes" <?=$chk;?> />
1018			</td>
1019			<td>
1020			<span class="vexpl">
1021			<?=gettext("Don't add or remove routes automatically. Instead pass routes to "); ?> <strong>--route-up</strong> <?=gettext("script using environmental variables"); ?>.
1022			</span>
1023			</td>
1024			</tr>
1025			</table>
1026			</td>
1027			</tr>
1028
1029			<tr id="chkboxRouteNoExec">
1030	4be2bfed	Dmitriy K.	<td width="22%" valign="top" class="vncell"><?=gettext("Don't add/remove routes"); ?></td>
1031	b9e9903d	Dmitriy K.	<td width="78%" class="vtable">
1032			<table border="0" cellpadding="2" cellspacing="0" summary="dont-exec-routes">
1033			<tr>
1034			<td>
1035			<?php set_checked($pconfig['route_no_exec'],$chk); ?>
1036			<input name="route_no_exec" type="checkbox" value="yes" <?=$chk;?> />
1037			</td>
1038			<td>
1039			<span class="vexpl">
1040			<?=gettext("This option effectively bars the server from adding routes to the client's routing table, however note that this option still allows the server to set the TCP/IP properties of the client's TUN/TAP interface"); ?>.
1041			</span>
1042			</td>
1043			</tr>
1044			</table>
1045			</td>
1046			</tr>
1047	4856df9b	jim-p	</table>
1048
1049	770f29c4	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="advance configuration">
1050	c7323d81	sullrich	<tr>
1051			<td colspan="2" class="list" height="12"></td>
1052			</tr>
1053			<tr>
1054	2fa7a468	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
1055	c7323d81	sullrich	</tr>
1056			<tr>
1057	2fa7a468	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
1058	c7323d81	sullrich	<td width="78%" class="vtable">
1059	770f29c4	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="advance configuration">
1060	c7323d81	sullrich	<tr>
1061			<td>
1062	8cd558b6	ayvis	<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br />
1063			<?=gettext("Enter any additional options you would like to add to the OpenVPN client configuration here, separated by a semicolon"); ?><br />
1064	3835613a	Phil Davis	<?=gettext("EXAMPLE:"); ?> <strong>remote server.mysite.com 1194;</strong> or <strong>remote 1.2.3.4 1194;</strong>
1065	c7323d81	sullrich	</td>
1066			</tr>
1067			</table>
1068			</td>
1069	4856df9b	jim-p	</tr>
1070	b9e9903d	Dmitriy K.
1071			<tr id="comboboxVerbosityLevel">
1072			<td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td>
1073			<td width="78%" class="vtable">
1074			<select name="verbosity_level" class="formselect">
1075			<?php
1076			foreach ($openvpn_verbosity_level as $verb_value => $verb_desc):
1077			$selected = "";
1078			if ($pconfig['verbosity_level'] == $verb_value)
1079			$selected = "selected=\"selected\"";
1080			?>
1081			<option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option>
1082			<?php endforeach; ?>
1083			</select>
1084			<br />
1085			<?=gettext("Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output"); ?>.<br /> <br />
1086			<strong>none</strong> -- <?=gettext("No output except fatal errors"); ?>. <br />
1087			<strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br />
1088			<strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br />
1089			<strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>.
1090			</td>
1091			</tr>
1092
1093	4856df9b	jim-p	</table>
1094
1095	8cd558b6	ayvis	<br />
1096	770f29c4	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="icons">
1097	d799787e	Matthew Grooms	<tr>
1098			<td width="22%" valign="top"> </td>
1099	88e545b4	jim-p	<td width="78%">
1100			<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
1101	770f29c4	Colin Fleming	<input name="act" type="hidden" value="<?=$act;?>" />
1102	d799787e	Matthew Grooms	<?php if (isset($id) && $a_client[$id]): ?>
1103	770f29c4	Colin Fleming	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
1104	d799787e	Matthew Grooms	<?php endif; ?>
1105			</td>
1106			</tr>
1107			</table>
1108			</form>
1109
1110			<?php else: ?>
1111
1112	770f29c4	Colin Fleming	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="list of openvpn clients">
1113	7773b868	jim-p	<thead>
1114	d799787e	Matthew Grooms	<tr>
1115	2fa7a468	Carlos Eduardo Ramos	<td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td>
1116			<td width="10%" class="listhdrr"><?=gettext("Protocol"); ?></td>
1117			<td width="30%" class="listhdrr"><?=gettext("Server"); ?></td>
1118			<td width="40%" class="listhdrr"><?=gettext("Description"); ?></td>
1119	d799787e	Matthew Grooms	<td width="10%" class="list"></td>
1120			</tr>
1121	7773b868	jim-p	</thead>
1122	770f29c4	Colin Fleming	<tfoot>
1123			<tr>
1124			<td class="list" colspan="4"></td>
1125			<td class="list">
1126			<a href="vpn_openvpn_client.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add client"); ?>" width="17" height="17" border="0" alt="add" />
1127			</a>
1128			</td>
1129			</tr>
1130			<tr>
1131			<td colspan="4">
1132			<p>
1133			<?=gettext("Additional OpenVPN clients can be added here.");?>
1134			</p>
1135			</td>
1136			</tr>
1137			</tfoot>
1138	7773b868	jim-p	<tbody>
1139	d799787e	Matthew Grooms	<?php
1140			$i = 0;
1141			foreach($a_client as $client):
1142			$disabled = "NO";
1143	8319ee63	jim-p	if (isset($client['disable']))
1144	d799787e	Matthew Grooms	$disabled = "YES";
1145			$server = "{$client['server_addr']}:{$client['server_port']}";
1146			?>
1147	770f29c4	Colin Fleming	<tr ondblclick="document.location='vpn_openvpn_client.php?act=edit&id=<?=$i;?>'">
1148	d799787e	Matthew Grooms	<td class="listlr">
1149			<?=$disabled;?>
1150			</td>
1151			<td class="listr">
1152			<?=htmlspecialchars($client['protocol']);?>
1153			</td>
1154			<td class="listr">
1155			<?=htmlspecialchars($server);?>
1156			</td>
1157	296a3cb6	Scott Ullrich	<td class="listbg">
1158	d799787e	Matthew Grooms	<?=htmlspecialchars($client['description']);?>
1159			</td>
1160	770f29c4	Colin Fleming	<td valign="middle" class="list nowrap">
1161			<a href="vpn_openvpn_client.php?act=edit&id=<?=$i;?>">
1162			<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit client"); ?>" width="17" height="17" border="0" alt="edit" />
1163	d799787e	Matthew Grooms	</a>
1164
1165	770f29c4	Colin Fleming	<a href="vpn_openvpn_client.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this client?"); ?>')">
1166			<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete client"); ?>" width="17" height="17" border="0" alt="delete" />
1167	d799787e	Matthew Grooms	</a>
1168			</td>
1169			</tr>
1170			<?php
1171			$i++;
1172			endforeach;
1173			?>
1174	770f29c4	Colin Fleming	<tr style="dispaly:none;"><td></td></tr>
1175	7773b868	jim-p	</tbody>
1176	d799787e	Matthew Grooms	</table>
1177
1178	ee9933b6	Renato Botelho	<?php endif; ?>
1179	d799787e	Matthew Grooms
1180			</td>
1181			</tr>
1182			</table>
1183	91f026b0	ayvis	<script type="text/javascript">
1184	770f29c4	Colin Fleming	//<![CDATA[
1185	3c11bd3c	Matthew Grooms	mode_change();
1186			autokey_change();
1187			tlsauth_change();
1188	762a24a3	Ermal Lu?i	useproxy_changed();
1189	770f29c4	Colin Fleming	//]]>
1190	d799787e	Matthew Grooms	</script>
1191			<?php include("fend.inc"); ?>
1192	770f29c4	Colin Fleming	</body>
1193			</html>
1194	d799787e	Matthew Grooms
1195			<?php
1196
1197			/* local utility functions */
1198
1199			function set_checked($var,& $chk) {
1200	88e545b4	jim-p	if($var)
1201			$chk = "checked=\"checked\"";
1202			else
1203			$chk = "";
1204	d799787e	Matthew Grooms	}
1205
1206	174ba22b	smos	?>

Project

General

Profile

pfSense