/usr/local/www/vpn_openvpn_server.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_openvpn_server.php @ fdae0912

1	d799787e	Matthew Grooms	<?php
2			/*
3			vpn_openvpn_server.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
7	d799787e	Matthew Grooms	All rights reserved.
8
9			Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11
12			1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14
15			2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18
19			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30
31			##\|+PRIV
32			##\|*IDENT=page-openvpn-server
33			##\|*NAME=OpenVPN: Server page
34			##\|*DESCR=Allow access to the 'OpenVPN: Server' page.
35			##\|MATCH=vpn_openvpn_server.php
36			##\|-PRIV
37
38			require("guiconfig.inc");
39	d84bd468	Ermal Lu?i	require_once("openvpn.inc");
40	fdae0912	Renato Botelho	require_once("pkg-utils.inc");
41	d799787e	Matthew Grooms
42			if (!is_array($config['openvpn']['openvpn-server']))
43			$config['openvpn']['openvpn-server'] = array();
44
45			$a_server = &$config['openvpn']['openvpn-server'];
46
47	428e66b6	jim-p	if (!is_array($config['ca']))
48			$config['ca'] = array();
49
50			$a_ca =& $config['ca'];
51
52			if (!is_array($config['cert']))
53			$config['cert'] = array();
54
55			$a_cert =& $config['cert'];
56
57			if (!is_array($config['crl']))
58			$config['crl'] = array();
59
60			$a_crl =& $config['crl'];
61
62	c1f95f5c	jim-p	foreach ($a_crl as $cid => $acrl)
63			if (!isset($acrl['refid']))
64			unset ($a_crl[$cid]);
65
66	e41ec584	Renato Botelho	if (is_numericint($_GET['id']))
67			$id = $_GET['id'];
68			if (isset($_POST['id']) && is_numericint($_POST['id']))
69	d799787e	Matthew Grooms	$id = $_POST['id'];
70
71			$act = $_GET['act'];
72			if (isset($_POST['act']))
73			$act = $_POST['act'];
74
75	6d9b1074	jim-p	if (isset($id) && $a_server[$id])
76			$vpnid = $a_server[$id]['vpnid'];
77			else
78			$vpnid = 0;
79
80	d799787e	Matthew Grooms	if ($_GET['act'] == "del") {
81
82	767cf960	jim-p	if (!isset($a_server[$id])) {
83	d799787e	Matthew Grooms	pfSenseHeader("vpn_openvpn_server.php");
84			exit;
85			}
86	767cf960	jim-p	if (!empty($a_server[$id]))
87			openvpn_delete('server', $a_server[$id]);
88	d799787e	Matthew Grooms	unset($a_server[$id]);
89			write_config();
90	8cd558b6	ayvis	$savemsg = gettext("Server successfully deleted")."<br />";
91	d799787e	Matthew Grooms	}
92
93	3e41ad59	Phil Davis	if($_GET['act']=="new") {
94	3c11bd3c	Matthew Grooms	$pconfig['autokey_enable'] = "yes";
95			$pconfig['tlsauth_enable'] = "yes";
96			$pconfig['autotls_enable'] = "yes";
97	fe787fc7	Matthew Grooms	$pconfig['dh_length'] = 1024;
98	4936ff53	jim-p	$pconfig['dev_mode'] = "tun";
99	f432e364	Matthew Grooms	$pconfig['interface'] = "wan";
100	8cd0a3fa	jim-p	$pconfig['local_port'] = openvpn_port_next('UDP');
101	f432e364	Matthew Grooms	$pconfig['pool_enable'] = "yes";
102	41936acc	jim-p	$pconfig['cert_depth'] = 1;
103	b9e9903d	Dmitriy K.	$pconfig['verbosity_level'] = 1; // Default verbosity is 1
104	97d5b59b	jim-p	// OpenVPN Defaults to SHA1
105			$pconfig['digest'] = "SHA1";
106	f432e364	Matthew Grooms	}
107
108	3e41ad59	Phil Davis	if($_GET['act']=="edit") {
109	d799787e	Matthew Grooms
110			if (isset($id) && $a_server[$id]) {
111	870318b9	Ermal Lu?i	$pconfig['disable'] = isset($a_server[$id]['disable']);
112	3c11bd3c	Matthew Grooms	$pconfig['mode'] = $a_server[$id]['mode'];
113	d799787e	Matthew Grooms	$pconfig['protocol'] = $a_server[$id]['protocol'];
114	e8a58de4	Ermal Lu?i	$pconfig['authmode'] = $a_server[$id]['authmode'];
115	4936ff53	jim-p	$pconfig['dev_mode'] = $a_server[$id]['dev_mode'];
116	d799787e	Matthew Grooms	$pconfig['interface'] = $a_server[$id]['interface'];
117	67b0902f	pierrepomes	if (!empty($a_server[$id]['ipaddr'])) {
118			$pconfig['interface'] = $pconfig['interface'] . '\|' . $a_server[$id]['ipaddr'];
119			}
120	d799787e	Matthew Grooms	$pconfig['local_port'] = $a_server[$id]['local_port'];
121			$pconfig['description'] = $a_server[$id]['description'];
122	a9a613dd	Scott Ullrich	$pconfig['custom_options'] = $a_server[$id]['custom_options'];
123	d799787e	Matthew Grooms
124	3c11bd3c	Matthew Grooms	if ($pconfig['mode'] != "p2p_shared_key") {
125			if ($a_server[$id]['tls']) {
126			$pconfig['tlsauth_enable'] = "yes";
127			$pconfig['tls'] = base64_decode($a_server[$id]['tls']);
128			}
129	fe787fc7	Matthew Grooms	$pconfig['caref'] = $a_server[$id]['caref'];
130	6db02381	jim-p	$pconfig['crlref'] = $a_server[$id]['crlref'];
131	fe787fc7	Matthew Grooms	$pconfig['certref'] = $a_server[$id]['certref'];
132			$pconfig['dh_length'] = $a_server[$id]['dh_length'];
133	41936acc	jim-p	if (isset($a_server[$id]['cert_depth']))
134			$pconfig['cert_depth'] = $a_server[$id]['cert_depth'];
135			else
136			$pconfig['cert_depth'] = 1;
137	94823361	jim-p	if ($pconfig['mode'] == "server_tls_user")
138			$pconfig['strictusercn'] = $a_server[$id]['strictusercn'];
139	3c11bd3c	Matthew Grooms	} else
140			$pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
141	d799787e	Matthew Grooms	$pconfig['crypto'] = $a_server[$id]['crypto'];
142	97d5b59b	jim-p	// OpenVPN Defaults to SHA1 if unset
143			$pconfig['digest'] = !empty($a_server[$id]['digest']) ? $a_server[$id]['digest'] : "SHA1";
144	582c58ae	jim-p	$pconfig['engine'] = $a_server[$id]['engine'];
145	d799787e	Matthew Grooms
146			$pconfig['tunnel_network'] = $a_server[$id]['tunnel_network'];
147	b1ba04cf	Seth Mos	$pconfig['tunnel_networkv6'] = $a_server[$id]['tunnel_networkv6'];
148	1ab6bdb5	jim-p
149	d799787e	Matthew Grooms	$pconfig['remote_network'] = $a_server[$id]['remote_network'];
150	4856df9b	jim-p	$pconfig['remote_networkv6'] = $a_server[$id]['remote_networkv6'];
151	d799787e	Matthew Grooms	$pconfig['gwredir'] = $a_server[$id]['gwredir'];
152			$pconfig['local_network'] = $a_server[$id]['local_network'];
153	b1ba04cf	Seth Mos	$pconfig['local_networkv6'] = $a_server[$id]['local_networkv6'];
154	d799787e	Matthew Grooms	$pconfig['maxclients'] = $a_server[$id]['maxclients'];
155			$pconfig['compression'] = $a_server[$id]['compression'];
156	1cb0b40a	Matthew Grooms	$pconfig['passtos'] = $a_server[$id]['passtos'];
157	d799787e	Matthew Grooms	$pconfig['client2client'] = $a_server[$id]['client2client'];
158
159	65ff8497	jim-p	$pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip'];
160	d799787e	Matthew Grooms	$pconfig['pool_enable'] = $a_server[$id]['pool_enable'];
161	ee55ce7d	jim-p	$pconfig['topology_subnet'] = $a_server[$id]['topology_subnet'];
162	d799787e	Matthew Grooms
163	1ab6bdb5	jim-p	$pconfig['serverbridge_dhcp'] = $a_server[$id]['serverbridge_dhcp'];
164			$pconfig['serverbridge_interface'] = $a_server[$id]['serverbridge_interface'];
165			$pconfig['serverbridge_dhcp_start'] = $a_server[$id]['serverbridge_dhcp_start'];
166			$pconfig['serverbridge_dhcp_end'] = $a_server[$id]['serverbridge_dhcp_end'];
167
168	d799787e	Matthew Grooms	$pconfig['dns_domain'] = $a_server[$id]['dns_domain'];
169			if ($pconfig['dns_domain'])
170			$pconfig['dns_domain_enable'] = true;
171
172			$pconfig['dns_server1'] = $a_server[$id]['dns_server1'];
173			$pconfig['dns_server2'] = $a_server[$id]['dns_server2'];
174			$pconfig['dns_server3'] = $a_server[$id]['dns_server3'];
175			$pconfig['dns_server4'] = $a_server[$id]['dns_server4'];
176			if ($pconfig['dns_server1'] \|\|
177			$pconfig['dns_server2'] \|\|
178			$pconfig['dns_server3'] \|\|
179			$pconfig['dns_server4'])
180			$pconfig['dns_server_enable'] = true;
181
182			$pconfig['ntp_server1'] = $a_server[$id]['ntp_server1'];
183			$pconfig['ntp_server2'] = $a_server[$id]['ntp_server2'];
184			if ($pconfig['ntp_server1'] \|\|
185			$pconfig['ntp_server2'])
186			$pconfig['ntp_server_enable'] = true;
187
188			$pconfig['netbios_enable'] = $a_server[$id]['netbios_enable'];
189			$pconfig['netbios_ntype'] = $a_server[$id]['netbios_ntype'];
190			$pconfig['netbios_scope'] = $a_server[$id]['netbios_scope'];
191
192			$pconfig['wins_server1'] = $a_server[$id]['wins_server1'];
193			$pconfig['wins_server2'] = $a_server[$id]['wins_server2'];
194			if ($pconfig['wins_server1'] \|\|
195			$pconfig['wins_server2'])
196			$pconfig['wins_server_enable'] = true;
197
198	faf61f12	Phil Davis	$pconfig['client_mgmt_port'] = $a_server[$id]['client_mgmt_port'];
199			if ($pconfig['client_mgmt_port'])
200			$pconfig['client_mgmt_port_enable'] = true;
201
202	d799787e	Matthew Grooms	$pconfig['nbdd_server1'] = $a_server[$id]['nbdd_server1'];
203			if ($pconfig['nbdd_server1'])
204			$pconfig['nbdd_server_enable'] = true;
205	3c11bd3c	Matthew Grooms
206			// just in case the modes switch
207			$pconfig['autokey_enable'] = "yes";
208			$pconfig['autotls_enable'] = "yes";
209	bca35cff	jim-p
210			$pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']);
211	b9e9903d	Dmitriy K.
212			$pconfig['no_tun_ipv6'] = $a_server[$id]['no_tun_ipv6'];
213	c7264382	Dmitriy K.	if (isset($a_server[$id]['verbosity_level']))
214			$pconfig['verbosity_level'] = $a_server[$id]['verbosity_level'];
215			else
216			$pconfig['verbosity_level'] = 1; // Default verbosity is 1
217	c38764dc	Dmitriy K.
218			$pconfig['push_register_dns'] = $a_server[$id]['push_register_dns'];
219	d799787e	Matthew Grooms	}
220			}
221			if ($_POST) {
222
223			unset($input_errors);
224			$pconfig = $_POST;
225
226	f432e364	Matthew Grooms	if (isset($id) && $a_server[$id])
227			$vpnid = $a_server[$id]['vpnid'];
228			else
229			$vpnid = 0;
230
231	198bb449	jim-p	list($iv_iface, $iv_ip) = explode ("\|",$pconfig['interface']);
232			if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) {
233			$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
234			} elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) {
235			$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address.");
236	489f484c	jim-p	} elseif ((stristr($pconfig['protocol'], "6") === false) && !get_interface_ip($iv_iface) && ($pconfig['interface'] != "any")) {
237	198bb449	jim-p	$input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address.");
238	489f484c	jim-p	} elseif ((stristr($pconfig['protocol'], "6") !== false) && !get_interface_ipv6($iv_iface) && ($pconfig['interface'] != "any")) {
239	198bb449	jim-p	$input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
240			}
241
242	98c0c87a	jim-p	if ($pconfig['mode'] != "p2p_shared_key")
243	3c11bd3c	Matthew Grooms	$tls_mode = true;
244			else
245			$tls_mode = false;
246
247	b0b6d575	jim-p	if (empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") \|\| ($pconfig['mode'] == "server_tls_user")))
248			$input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth.");
249
250	d799787e	Matthew Grooms	/* input validation */
251			if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
252			$input_errors[] = $result;
253
254	a28d40cb	jim-p	if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4"))
255	d799787e	Matthew Grooms	$input_errors[] = $result;
256
257	a28d40cb	jim-p	if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6"))
258	d799787e	Matthew Grooms	$input_errors[] = $result;
259
260	a28d40cb	jim-p	if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4"))
261			$input_errors[] = $result;
262
263			if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6"))
264			$input_errors[] = $result;
265
266			if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4"))
267			$input_errors[] = $result;
268
269			if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6"))
270	d799787e	Matthew Grooms	$input_errors[] = $result;
271
272	49b76122	Renato Botelho	$portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid);
273	5accf130	jim-p	if (($portused != $vpnid) && ($portused != 0))
274	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
275	f432e364	Matthew Grooms
276	89e6e210	jim-p	if ($pconfig['autokey_enable'])
277			$pconfig['shared_key'] = openvpn_create_key();
278
279	3c11bd3c	Matthew Grooms	if (!$tls_mode && !$pconfig['autokey_enable'])
280	d799787e	Matthew Grooms	if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") \|\|
281			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
282	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
283	3c11bd3c	Matthew Grooms
284			if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
285			if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") \|\|
286			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
287	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
288	d799787e	Matthew Grooms
289			if ($pconfig['dns_server_enable']) {
290			if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1'])))
291	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
292	d799787e	Matthew Grooms	if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2'])))
293	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
294	d799787e	Matthew Grooms	if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3'])))
295	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
296	d799787e	Matthew Grooms	if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4'])))
297	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
298	d799787e	Matthew Grooms	}
299
300			if ($pconfig['ntp_server_enable']) {
301			if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1'])))
302	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
303	d799787e	Matthew Grooms	if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2'])))
304	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
305	d799787e	Matthew Grooms	if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3'])))
306	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address");
307	d799787e	Matthew Grooms	if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4'])))
308	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address");
309	d799787e	Matthew Grooms	}
310
311			if ($pconfig['netbios_enable']) {
312			if ($pconfig['wins_server_enable']) {
313			if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1'])))
314	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
315	d799787e	Matthew Grooms	if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2'])))
316	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
317	d799787e	Matthew Grooms	}
318			if ($pconfig['nbdd_server_enable'])
319			if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1'])))
320	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
321	d799787e	Matthew Grooms	}
322
323	faf61f12	Phil Davis	if ($pconfig['client_mgmt_port_enable']) {
324			if ($result = openvpn_validate_port($pconfig['client_mgmt_port'], 'Client management port'))
325			$input_errors[] = $result;
326			}
327
328	d799787e	Matthew Grooms	if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients']))
329	4d8b3382	Carlos Eduardo Ramos	$input_errors[] = gettext("The field 'Concurrent connections' must be numeric.");
330	d799787e	Matthew Grooms
331	21c776dd	jim-p	/* If we are not in shared key mode, then we need the CA/Cert. */
332			if ($pconfig['mode'] != "p2p_shared_key") {
333	872d9195	Matthew Grooms	$reqdfields = explode(" ", "caref certref");
334	fe6d7a55	jim-p	$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
335	21c776dd	jim-p	} elseif (!$pconfig['autokey_enable']) {
336			/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
337			$reqdfields = array('shared_key');
338	4d8b3382	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext('Shared key'));
339	d799787e	Matthew Grooms	}
340
341	1ab6bdb5	jim-p	if ($pconfig['dev_mode'] != "tap") {
342			$reqdfields[] = 'tunnel_network';
343			$reqdfieldsn[] = gettext('Tunnel network');
344			} else {
345	74a556a3	jim-p	if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network'])
346			$input_errors[] = gettext("Using a tunnel network and server bridge settings together is not allowed.");
347	1ab6bdb5	jim-p	if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end'])
348			\|\| (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end']))
349			$input_errors[] = gettext("Server Bridge DHCP Start and End must both be empty, or defined.");
350			if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_start'])))
351			$input_errors[] = gettext("Server Bridge DHCP Start must be an IPv4 address.");
352			if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_end'])))
353			$input_errors[] = gettext("Server Bridge DHCP End must be an IPv4 address.");
354			if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end']))
355			$input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end).");
356			}
357	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
358	d799787e	Matthew Grooms
359			if (!$input_errors) {
360
361			$server = array();
362
363	da601f8e	PiBa-NL	if ($id && $pconfig['dev_mode'] <> $a_server[$id]['dev_mode'])
364			openvpn_delete('server', $a_server[$id]);// delete(rename) old interface so a new TUN or TAP interface can be created.
365
366	f432e364	Matthew Grooms	if ($vpnid)
367			$server['vpnid'] = $vpnid;
368	e28120e5	Matthew Grooms	else
369	d799787e	Matthew Grooms	$server['vpnid'] = openvpn_vpnid_next();
370
371	870318b9	Ermal Lu?i	if ($_POST['disable'] == "yes")
372			$server['disable'] = true;
373	3c11bd3c	Matthew Grooms	$server['mode'] = $pconfig['mode'];
374	a087e197	Phil Davis	if (!empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") \|\| ($pconfig['mode'] == "server_tls_user")))
375	8a47c190	Ermal Lu?i	$server['authmode'] = implode(",", $pconfig['authmode']);
376	d799787e	Matthew Grooms	$server['protocol'] = $pconfig['protocol'];
377	4936ff53	jim-p	$server['dev_mode'] = $pconfig['dev_mode'];
378	67b0902f	pierrepomes	list($server['interface'], $server['ipaddr']) = explode ("\|",$pconfig['interface']);
379	d799787e	Matthew Grooms	$server['local_port'] = $pconfig['local_port'];
380			$server['description'] = $pconfig['description'];
381	e3bbd29a	Ermal	$server['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
382	d799787e	Matthew Grooms
383	3c11bd3c	Matthew Grooms	if ($tls_mode) {
384			if ($pconfig['tlsauth_enable']) {
385			if ($pconfig['autotls_enable'])
386			$pconfig['tls'] = openvpn_create_key();
387			$server['tls'] = base64_encode($pconfig['tls']);
388			}
389	fe787fc7	Matthew Grooms	$server['caref'] = $pconfig['caref'];
390	6db02381	jim-p	$server['crlref'] = $pconfig['crlref'];
391	fe787fc7	Matthew Grooms	$server['certref'] = $pconfig['certref'];
392			$server['dh_length'] = $pconfig['dh_length'];
393	98963f27	jim-p	$server['cert_depth'] = $pconfig['cert_depth'];
394	94823361	jim-p	if ($pconfig['mode'] == "server_tls_user")
395			$server['strictusercn'] = $pconfig['strictusercn'];
396	3c11bd3c	Matthew Grooms	} else {
397			$server['shared_key'] = base64_encode($pconfig['shared_key']);
398	d799787e	Matthew Grooms	}
399			$server['crypto'] = $pconfig['crypto'];
400	97d5b59b	jim-p	$server['digest'] = $pconfig['digest'];
401	582c58ae	jim-p	$server['engine'] = $pconfig['engine'];
402	d799787e	Matthew Grooms
403			$server['tunnel_network'] = $pconfig['tunnel_network'];
404	b1ba04cf	Seth Mos	$server['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
405	d799787e	Matthew Grooms	$server['remote_network'] = $pconfig['remote_network'];
406	4856df9b	jim-p	$server['remote_networkv6'] = $pconfig['remote_networkv6'];
407	d799787e	Matthew Grooms	$server['gwredir'] = $pconfig['gwredir'];
408			$server['local_network'] = $pconfig['local_network'];
409	b1ba04cf	Seth Mos	$server['local_networkv6'] = $pconfig['local_networkv6'];
410	d799787e	Matthew Grooms	$server['maxclients'] = $pconfig['maxclients'];
411			$server['compression'] = $pconfig['compression'];
412	1cb0b40a	Matthew Grooms	$server['passtos'] = $pconfig['passtos'];
413	d799787e	Matthew Grooms	$server['client2client'] = $pconfig['client2client'];
414
415	65ff8497	jim-p	$server['dynamic_ip'] = $pconfig['dynamic_ip'];
416	d799787e	Matthew Grooms	$server['pool_enable'] = $pconfig['pool_enable'];
417	ee55ce7d	jim-p	$server['topology_subnet'] = $pconfig['topology_subnet'];
418	d799787e	Matthew Grooms
419	1ab6bdb5	jim-p	$server['serverbridge_dhcp'] = $pconfig['serverbridge_dhcp'];
420			$server['serverbridge_interface'] = $pconfig['serverbridge_interface'];
421			$server['serverbridge_dhcp_start'] = $pconfig['serverbridge_dhcp_start'];
422			$server['serverbridge_dhcp_end'] = $pconfig['serverbridge_dhcp_end'];
423
424	d799787e	Matthew Grooms	if ($pconfig['dns_domain_enable'])
425			$server['dns_domain'] = $pconfig['dns_domain'];
426
427			if ($pconfig['dns_server_enable']) {
428			$server['dns_server1'] = $pconfig['dns_server1'];
429			$server['dns_server2'] = $pconfig['dns_server2'];
430			$server['dns_server3'] = $pconfig['dns_server3'];
431			$server['dns_server4'] = $pconfig['dns_server4'];
432			}
433
434	c38764dc	Dmitriy K.	if ($pconfig['push_register_dns'])
435			$server['push_register_dns'] = $pconfig['push_register_dns'];
436
437	d799787e	Matthew Grooms	if ($pconfig['ntp_server_enable']) {
438			$server['ntp_server1'] = $pconfig['ntp_server1'];
439			$server['ntp_server2'] = $pconfig['ntp_server2'];
440			}
441
442			$server['netbios_enable'] = $pconfig['netbios_enable'];
443			$server['netbios_ntype'] = $pconfig['netbios_ntype'];
444			$server['netbios_scope'] = $pconfig['netbios_scope'];
445	b9e9903d	Dmitriy K.
446			$server['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
447			$server['verbosity_level'] = $pconfig['verbosity_level'];
448	d799787e	Matthew Grooms
449			if ($pconfig['netbios_enable']) {
450
451			if ($pconfig['wins_server_enable']) {
452			$server['wins_server1'] = $pconfig['wins_server1'];
453			$server['wins_server2'] = $pconfig['wins_server2'];
454			}
455
456			if ($pconfig['dns_server_enable'])
457			$server['nbdd_server1'] = $pconfig['nbdd_server1'];
458			}
459	bca35cff	jim-p
460	faf61f12	Phil Davis	if ($pconfig['client_mgmt_port_enable'])
461			$server['client_mgmt_port'] = $pconfig['client_mgmt_port'];
462
463	bca35cff	jim-p	if ($_POST['duplicate_cn'] == "yes")
464			$server['duplicate_cn'] = true;
465
466	d799787e	Matthew Grooms	if (isset($id) && $a_server[$id])
467			$a_server[$id] = $server;
468			else
469			$a_server[] = $server;
470
471	dc408939	Matthew Grooms	openvpn_resync('server', $server);
472	d799787e	Matthew Grooms	write_config();
473
474			header("Location: vpn_openvpn_server.php");
475			exit;
476			}
477	8a47c190	Ermal Lu?i	if (!empty($pconfig['authmode']))
478			$pconfig['authmode'] = implode(",", $pconfig['authmode']);
479	d799787e	Matthew Grooms	}
480	6d9b1074	jim-p	$pgtitle = array(gettext("OpenVPN"), gettext("Server"));
481			$shortcut_section = "openvpn";
482	d799787e	Matthew Grooms
483			include("head.inc");
484
485			?>
486
487	f6510207	xbipin	<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
488	d799787e	Matthew Grooms	<?php include("fbegin.inc"); ?>
489	91f026b0	ayvis	<script type="text/javascript">
490	2b5c9e58	Colin Fleming	//<![CDATA[
491	d799787e	Matthew Grooms
492	3c11bd3c	Matthew Grooms	function mode_change() {
493			index = document.iform.mode.selectedIndex;
494			value = document.iform.mode.options[index].value;
495	d799787e	Matthew Grooms	switch(value) {
496	3c11bd3c	Matthew Grooms	case "p2p_tls":
497			case "server_tls":
498			case "server_user":
499	94823361	jim-p	document.getElementById("tls").style.display="";
500			document.getElementById("tls_ca").style.display="";
501			document.getElementById("tls_crl").style.display="";
502			document.getElementById("tls_cert").style.display="";
503			document.getElementById("tls_dh").style.display="";
504	98963f27	jim-p	document.getElementById("cert_depth").style.display="";
505	94823361	jim-p	document.getElementById("strictusercn").style.display="none";
506			document.getElementById("psk").style.display="none";
507			break;
508	3c11bd3c	Matthew Grooms	case "server_tls_user":
509			document.getElementById("tls").style.display="";
510			document.getElementById("tls_ca").style.display="";
511	6db02381	jim-p	document.getElementById("tls_crl").style.display="";
512	3c11bd3c	Matthew Grooms	document.getElementById("tls_cert").style.display="";
513	fe787fc7	Matthew Grooms	document.getElementById("tls_dh").style.display="";
514	98963f27	jim-p	document.getElementById("cert_depth").style.display="";
515	94823361	jim-p	document.getElementById("strictusercn").style.display="";
516	d799787e	Matthew Grooms	document.getElementById("psk").style.display="none";
517			break;
518	3c11bd3c	Matthew Grooms	case "p2p_shared_key":
519			document.getElementById("tls").style.display="none";
520			document.getElementById("tls_ca").style.display="none";
521	6db02381	jim-p	document.getElementById("tls_crl").style.display="none";
522	3c11bd3c	Matthew Grooms	document.getElementById("tls_cert").style.display="none";
523	fe787fc7	Matthew Grooms	document.getElementById("tls_dh").style.display="none";
524	98963f27	jim-p	document.getElementById("cert_depth").style.display="none";
525	94823361	jim-p	document.getElementById("strictusercn").style.display="none";
526	d799787e	Matthew Grooms	document.getElementById("psk").style.display="";
527			break;
528			}
529	3c11bd3c	Matthew Grooms	switch(value) {
530			case "p2p_shared_key":
531			document.getElementById("client_opts").style.display="none";
532	415bddea	jim-p	document.getElementById("remote_optsv4").style.display="";
533			document.getElementById("remote_optsv6").style.display="";
534	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="none";
535	4856df9b	jim-p	document.getElementById("local_optsv4").style.display="none";
536			document.getElementById("local_optsv6").style.display="none";
537	b008c1eb	jim-p	document.getElementById("authmodetr").style.display="none";
538	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="none";
539	b008c1eb	jim-p	break;
540			case "p2p_tls":
541			document.getElementById("client_opts").style.display="none";
542	415bddea	jim-p	document.getElementById("remote_optsv4").style.display="";
543			document.getElementById("remote_optsv6").style.display="";
544	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="";
545	4856df9b	jim-p	document.getElementById("local_optsv4").style.display="";
546			document.getElementById("local_optsv6").style.display="";
547	e8a58de4	Ermal Lu?i	document.getElementById("authmodetr").style.display="none";
548	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="none";
549	3c11bd3c	Matthew Grooms	break;
550	e8a58de4	Ermal Lu?i	case "server_user":
551	3e41ad59	Phil Davis	case "server_tls_user":
552	e8a58de4	Ermal Lu?i	document.getElementById("authmodetr").style.display="";
553	54b9de56	Ermal Lu?i	document.getElementById("client_opts").style.display="";
554	415bddea	jim-p	document.getElementById("remote_optsv4").style.display="none";
555			document.getElementById("remote_optsv6").style.display="none";
556	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="";
557	4856df9b	jim-p	document.getElementById("local_optsv4").style.display="";
558			document.getElementById("local_optsv6").style.display="";
559	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="";
560	54b9de56	Ermal Lu?i	break;
561			case "server_tls":
562			document.getElementById("authmodetr").style.display="none";
563	3c11bd3c	Matthew Grooms	default:
564			document.getElementById("client_opts").style.display="";
565	415bddea	jim-p	document.getElementById("remote_optsv4").style.display="none";
566			document.getElementById("remote_optsv6").style.display="none";
567	a2ff08f8	jim-p	document.getElementById("gwredir_opts").style.display="";
568	4856df9b	jim-p	document.getElementById("local_optsv4").style.display="";
569			document.getElementById("local_optsv6").style.display="";
570	107794cc	jim-p	document.getElementById("inter_client_communication").style.display="";
571	3c11bd3c	Matthew Grooms	break;
572			}
573	a2ff08f8	jim-p	gwredir_change();
574	3c11bd3c	Matthew Grooms	}
575
576			function autokey_change() {
577
578	f54712b6	jim-p	if ((document.iform.autokey_enable != null) && (document.iform.autokey_enable.checked))
579	3c11bd3c	Matthew Grooms	document.getElementById("autokey_opts").style.display="none";
580			else
581			document.getElementById("autokey_opts").style.display="";
582			}
583
584			function tlsauth_change() {
585
586			<?php if (!$pconfig['tls']): ?>
587			if (document.iform.tlsauth_enable.checked)
588			document.getElementById("tlsauth_opts").style.display="";
589			else
590			document.getElementById("tlsauth_opts").style.display="none";
591			<?php endif; ?>
592
593			autotls_change();
594			}
595
596			function autotls_change() {
597
598			<?php if (!$pconfig['tls']): ?>
599			autocheck = document.iform.autotls_enable.checked;
600			<?php else: ?>
601			autocheck = false;
602			<?php endif; ?>
603
604			if (document.iform.tlsauth_enable.checked && !autocheck)
605			document.getElementById("autotls_opts").style.display="";
606			else
607			document.getElementById("autotls_opts").style.display="none";
608	d799787e	Matthew Grooms	}
609
610			function gwredir_change() {
611
612	fd96a3fc	bcyrill	if (document.iform.gwredir.checked) {
613			document.getElementById("local_optsv4").style.display="none";
614			document.getElementById("local_optsv6").style.display="none";
615			} else {
616			document.getElementById("local_optsv4").style.display="";
617			document.getElementById("local_optsv6").style.display="";
618			}
619	d799787e	Matthew Grooms	}
620
621			function dns_domain_change() {
622
623			if (document.iform.dns_domain_enable.checked)
624			document.getElementById("dns_domain_data").style.display="";
625			else
626			document.getElementById("dns_domain_data").style.display="none";
627			}
628
629			function dns_server_change() {
630
631			if (document.iform.dns_server_enable.checked)
632			document.getElementById("dns_server_data").style.display="";
633			else
634			document.getElementById("dns_server_data").style.display="none";
635			}
636
637			function wins_server_change() {
638
639			if (document.iform.wins_server_enable.checked)
640			document.getElementById("wins_server_data").style.display="";
641			else
642			document.getElementById("wins_server_data").style.display="none";
643			}
644
645	faf61f12	Phil Davis	function client_mgmt_port_change() {
646
647			if (document.iform.client_mgmt_port_enable.checked)
648			document.getElementById("client_mgmt_port_data").style.display="";
649			else
650			document.getElementById("client_mgmt_port_data").style.display="none";
651			}
652
653	d799787e	Matthew Grooms	function ntp_server_change() {
654
655			if (document.iform.ntp_server_enable.checked)
656			document.getElementById("ntp_server_data").style.display="";
657			else
658			document.getElementById("ntp_server_data").style.display="none";
659			}
660
661			function netbios_change() {
662
663			if (document.iform.netbios_enable.checked) {
664			document.getElementById("netbios_data").style.display="";
665			document.getElementById("wins_opts").style.display="";
666			} else {
667			document.getElementById("netbios_data").style.display="none";
668			document.getElementById("wins_opts").style.display="none";
669			}
670			}
671
672	1ab6bdb5	jim-p	function tuntap_change() {
673
674			mindex = document.iform.mode.selectedIndex;
675			mvalue = document.iform.mode.options[mindex].value;
676
677			switch(mvalue) {
678			case "p2p_tls":
679			case "p2p_shared_key":
680			p2p = true;
681			break;
682			default:
683			p2p = false;
684			break;
685			}
686
687			index = document.iform.dev_mode.selectedIndex;
688			value = document.iform.dev_mode.options[index].value;
689			switch(value) {
690			case "tun":
691	caf58ced	Dmitriy K.	document.getElementById("chkboxNoTunIPv6").style.display="";
692	74a556a3	jim-p	document.getElementById("ipv4_tunnel_network").className="vncellreq";
693	1ab6bdb5	jim-p	document.getElementById("serverbridge_dhcp").style.display="none";
694			document.getElementById("serverbridge_interface").style.display="none";
695			document.getElementById("serverbridge_dhcp_start").style.display="none";
696			document.getElementById("serverbridge_dhcp_end").style.display="none";
697	ee55ce7d	jim-p	document.getElementById("topology_subnet_opt").style.display="";
698	1ab6bdb5	jim-p	break;
699			case "tap":
700	caf58ced	Dmitriy K.	document.getElementById("chkboxNoTunIPv6").style.display="none";
701	74a556a3	jim-p	document.getElementById("ipv4_tunnel_network").className="vncell";
702	1ab6bdb5	jim-p	if (!p2p) {
703			document.getElementById("serverbridge_dhcp").style.display="";
704			document.getElementById("serverbridge_interface").style.display="";
705			document.getElementById("serverbridge_dhcp_start").style.display="";
706			document.getElementById("serverbridge_dhcp_end").style.display="";
707	ee55ce7d	jim-p	document.getElementById("topology_subnet_opt").style.display="none";
708	f54712b6	jim-p	document.iform.serverbridge_dhcp.disabled = false;
709	1ab6bdb5	jim-p	if (document.iform.serverbridge_dhcp.checked) {
710			document.iform.serverbridge_interface.disabled = false;
711			document.iform.serverbridge_dhcp_start.disabled = false;
712			document.iform.serverbridge_dhcp_end.disabled = false;
713			} else {
714			document.iform.serverbridge_interface.disabled = true;
715			document.iform.serverbridge_dhcp_start.disabled = true;
716			document.iform.serverbridge_dhcp_end.disabled = true;
717			}
718			} else {
719	ee55ce7d	jim-p	document.getElementById("topology_subnet_opt").style.display="none";
720	1ab6bdb5	jim-p	document.iform.serverbridge_dhcp.disabled = true;
721			document.iform.serverbridge_interface.disabled = true;
722			document.iform.serverbridge_dhcp_start.disabled = true;
723			document.iform.serverbridge_dhcp_end.disabled = true;
724			}
725			break;
726			}
727			}
728	2b5c9e58	Colin Fleming	//]]>
729	d799787e	Matthew Grooms	</script>
730			<?php
731	428e66b6	jim-p	if (!$savemsg)
732			$savemsg = "";
733
734			if ($input_errors)
735			print_input_errors($input_errors);
736			if ($savemsg)
737			print_info_box_np($savemsg);
738	d799787e	Matthew Grooms	?>
739	2b5c9e58	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn server">
740	5a3b0d3b	mgrooms	<tr>
741	d799787e	Matthew Grooms	<td class="tabnavtbl">
742			<?php
743			$tab_array = array();
744			$tab_array[] = array(gettext("Server"), true, "vpn_openvpn_server.php");
745			$tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php");
746			$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
747	5540aee6	Ermal Lu?i	$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
748	fdae0912	Renato Botelho	add_package_tabs("openvpn-client-export", $tab_array);
749	d799787e	Matthew Grooms	display_top_tabs($tab_array);
750			?>
751			</td>
752			</tr>
753			<tr>
754			<td class="tabcont">
755
756			<?php if($act=="new" \|\| $act=="edit"): ?>
757
758			<form action="vpn_openvpn_server.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
759	2b5c9e58	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="general information">
760	47c00c09	Scott Ullrich	<tr>
761	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
762	b63f2e8b	Matthew Grooms	</tr>
763	d799787e	Matthew Grooms	<tr>
764	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
765	d799787e	Matthew Grooms	<td width="78%" class="vtable">
766	2b5c9e58	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="enable disable server">
767	d799787e	Matthew Grooms	<tr>
768			<td>
769			<?php set_checked($pconfig['disable'],$chk); ?>
770	2b5c9e58	Colin Fleming	<input name="disable" type="checkbox" value="yes" <?=$chk;?> />
771	d799787e	Matthew Grooms	</td>
772			<td>
773
774			<span class="vexpl">
775	8cd558b6	ayvis	<strong><?=gettext("Disable this server"); ?></strong><br />
776	d799787e	Matthew Grooms	</span>
777			</td>
778			</tr>
779			</table>
780	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this server without removing it from the list"); ?>.
781	d799787e	Matthew Grooms	</td>
782			</tr>
783	3c11bd3c	Matthew Grooms	<tr>
784			<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
785			<td width="78%" class="vtable">
786	1ab6bdb5	jim-p	<select name='mode' id='mode' class="formselect" onchange='mode_change(); tuntap_change()'>
787	3c11bd3c	Matthew Grooms	<?php
788			foreach ($openvpn_server_modes as $name => $desc):
789			$selected = "";
790			if ($pconfig['mode'] == $name)
791	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
792	3c11bd3c	Matthew Grooms	?>
793			<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
794			<?php endforeach; ?>
795			</select>
796			</td>
797			</tr>
798	e8a58de4	Ermal Lu?i	<tr id="authmodetr" style="display:none">
799	3e41ad59	Phil Davis	<td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td>
800			<td width="78%" class="vtable">
801			<select name='authmode[]' id='authmode' class="formselect" multiple="multiple" size="<?php echo count($auth_servers); ?>">
802			<?php
803	a087e197	Phil Davis	$authmodes = explode(",", $pconfig['authmode']);
804	6306b5dd	Ermal Lu?i	$auth_servers = auth_get_authserver_list();
805	a087e197	Phil Davis	// If no authmodes set then default to selecting the first entry in auth_servers
806			if (empty($authmodes[0]) && !empty(key($auth_servers)))
807			$authmodes[0] = key($auth_servers);
808
809	3e41ad59	Phil Davis	foreach ($auth_servers as $auth_server_key => $auth_server):
810			$selected = "";
811			if (in_array($auth_server_key, $authmodes))
812			$selected = "selected=\"selected\"";
813			?>
814			<option value="<?=$auth_server_key;?>" <?=$selected;?>><?=$auth_server['name'];?></option>
815			<?php endforeach; ?>
816			</select>
817			</td>
818			</tr>
819	d799787e	Matthew Grooms	<tr>
820			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
821			<td width="78%" class="vtable">
822			<select name='protocol' class="formselect">
823			<?php
824			foreach ($openvpn_prots as $prot):
825			$selected = "";
826			if ($pconfig['protocol'] == $prot)
827	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
828	d799787e	Matthew Grooms	?>
829			<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
830			<?php endforeach; ?>
831			</select>
832	3e41ad59	Phil Davis	</td>
833	d799787e	Matthew Grooms	</tr>
834	bf87b4d7	lgcosta	<tr>
835			<td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td>
836			<td width="78%" class="vtable">
837	1ab6bdb5	jim-p	<select name="dev_mode" class="formselect" onchange='tuntap_change()'>
838	3e41ad59	Phil Davis	<?php
839			foreach ($openvpn_dev_mode as $device):
840			$selected = "";
841			if (! empty($pconfig['dev_mode'])) {
842			if ($pconfig['dev_mode'] == $device)
843			$selected = "selected=\"selected\"";
844			} else {
845			if ($device == "tun")
846			$selected = "selected=\"selected\"";
847			}
848			?>
849			<option value="<?=$device;?>" <?=$selected;?>><?=$device;?></option>
850			<?php endforeach; ?>
851			</select>
852			</td>
853			</tr>
854	d799787e	Matthew Grooms	<tr>
855	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
856	d799787e	Matthew Grooms	<td width="78%" class="vtable">
857			<select name="interface" class="formselect">
858			<?php
859			$interfaces = get_configured_interface_with_descr();
860	3d06e8f0	pierrepomes	$carplist = get_configured_carp_interface_list();
861			foreach ($carplist as $cif => $carpip)
862	dd62256f	Pierre POMES	$interfaces[$cif.'\|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
863	67b0902f	pierrepomes	$aliaslist = get_configured_ip_aliases_list();
864			foreach ($aliaslist as $aliasip => $aliasif)
865	dd62256f	Pierre POMES	$interfaces[$aliasif.'\|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
866	47c48e28	smos	$grouplist = return_gateway_groups_array();
867			foreach ($grouplist as $name => $group) {
868			if($group['ipprotocol'] != inet)
869			continue;
870			if($group[0]['vip'] <> "")
871			$vipif = $group[0]['vip'];
872			else
873			$vipif = $group[0]['int'];
874			$interfaces[$name] = "GW Group {$name}";
875			}
876	5c94aa12	jim-p	$interfaces['lo0'] = "Localhost";
877	67b0902f	pierrepomes	$interfaces['any'] = "any";
878	d799787e	Matthew Grooms	foreach ($interfaces as $iface => $ifacename):
879	1d3bcd2a	Matthew Grooms	$selected = "";
880			if ($iface == $pconfig['interface'])
881	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
882	d799787e	Matthew Grooms	?>
883	1d3bcd2a	Matthew Grooms	<option value="<?=$iface;?>" <?=$selected;?>>
884			<?=htmlspecialchars($ifacename);?>
885			</option>
886	d799787e	Matthew Grooms	<?php endforeach; ?>
887	8cd558b6	ayvis	</select> <br />
888	d799787e	Matthew Grooms	</td>
889			</tr>
890			<tr>
891			<td width="22%" valign="top" class="vncellreq"><?=gettext("Local port");?></td>
892			<td width="78%" class="vtable">
893	2b5c9e58	Colin Fleming	<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>" />
894	d799787e	Matthew Grooms	</td>
895			</tr>
896			<tr>
897	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
898	d799787e	Matthew Grooms	<td width="78%" class="vtable">
899	2b5c9e58	Colin Fleming	<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>" />
900	8cd558b6	ayvis	<br />
901	4d8b3382	Carlos Eduardo Ramos	<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
902	d799787e	Matthew Grooms	</td>
903			</tr>
904			<tr>
905			<td colspan="2" class="list" height="12"></td>
906			</tr>
907			<tr>
908	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
909	d799787e	Matthew Grooms	</tr>
910	3c11bd3c	Matthew Grooms	<tr id="tls">
911	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
912	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
913	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="tls authentication">
914	3c11bd3c	Matthew Grooms	<tr>
915			<td>
916			<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
917	2b5c9e58	Colin Fleming	<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onclick="tlsauth_change()" />
918	3c11bd3c	Matthew Grooms	</td>
919			<td>
920			<span class="vexpl">
921	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Enable authentication of TLS packets"); ?>.
922	3c11bd3c	Matthew Grooms	</span>
923			</td>
924			</tr>
925			</table>
926			<?php if (!$pconfig['tls']): ?>
927	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="tlsauth_opts" summary="tls authentication options">
928	3c11bd3c	Matthew Grooms	<tr>
929			<td>
930			<?php set_checked($pconfig['autotls_enable'],$chk); ?>
931	2b5c9e58	Colin Fleming	<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autotls_change()" />
932	3c11bd3c	Matthew Grooms	</td>
933			<td>
934			<span class="vexpl">
935	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
936	3c11bd3c	Matthew Grooms	</span>
937			</td>
938			</tr>
939			</table>
940			<?php endif; ?>
941	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="autotls_opts" summary="tls authentication key">
942	3c11bd3c	Matthew Grooms	<tr>
943			<td>
944			<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
945	8cd558b6	ayvis	<br />
946	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
947	3c11bd3c	Matthew Grooms	</td>
948			</tr>
949			</table>
950			</td>
951	d799787e	Matthew Grooms	</tr>
952	3c11bd3c	Matthew Grooms	<tr id="tls_ca">
953	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
954	d799787e	Matthew Grooms	<td width="78%" class="vtable">
955	19cdeb3e	jim-p	<?php if (count($a_ca)): ?>
956	d799787e	Matthew Grooms	<select name='caref' class="formselect">
957			<?php
958	428e66b6	jim-p	foreach ($a_ca as $ca):
959	d799787e	Matthew Grooms	$selected = "";
960			if ($pconfig['caref'] == $ca['refid'])
961	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
962	d799787e	Matthew Grooms	?>
963	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
964	d799787e	Matthew Grooms	<?php endforeach; ?>
965			</select>
966	19cdeb3e	jim-p	<?php else: ?>
967	8cd558b6	ayvis	<b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System > Cert Manager</a>.
968	19cdeb3e	jim-p	<?php endif; ?>
969	d799787e	Matthew Grooms	</td>
970			</tr>
971	6db02381	jim-p	<tr id="tls_crl">
972			<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Revocation List"); ?></td>
973			<td width="78%" class="vtable">
974	19cdeb3e	jim-p	<?php if (count($a_crl)): ?>
975	6db02381	jim-p	<select name='crlref' class="formselect">
976			<option value="">None</option>
977			<?php
978	428e66b6	jim-p	foreach ($a_crl as $crl):
979	6db02381	jim-p	$selected = "";
980	f02c3e1d	jim-p	$caname = "";
981			$ca = lookup_ca($crl['caref']);
982			if ($ca) {
983			$caname = " (CA: {$ca['descr']})";
984			if ($pconfig['crlref'] == $crl['refid'])
985	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
986	f02c3e1d	jim-p	}
987	6db02381	jim-p	?>
988	f02c3e1d	jim-p	<option value="<?=$crl['refid'];?>" <?=$selected;?>><?=$crl['descr'] . $caname;?></option>
989	6db02381	jim-p	<?php endforeach; ?>
990			</select>
991	19cdeb3e	jim-p	<?php else: ?>
992	8cd558b6	ayvis	<b>No Certificate Revocation Lists (CRLs) defined.</b> <br />Create one under <a href="system_crlmanager.php">System > Cert Manager</a>.
993	19cdeb3e	jim-p	<?php endif; ?>
994	6db02381	jim-p	</td>
995			</tr>
996	3c11bd3c	Matthew Grooms	<tr id="tls_cert">
997	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Certificate"); ?></td>
998	d799787e	Matthew Grooms	<td width="78%" class="vtable">
999	19cdeb3e	jim-p	<?php if (count($a_cert)): ?>
1000	d799787e	Matthew Grooms	<select name='certref' class="formselect">
1001			<?php
1002	3e41ad59	Phil Davis	foreach ($a_cert as $cert):
1003			$selected = "";
1004			$caname = "";
1005			$inuse = "";
1006			$revoked = "";
1007			$ca = lookup_ca($cert['caref']);
1008			if ($ca)
1009			$caname = " (CA: {$ca['descr']})";
1010			if ($pconfig['certref'] == $cert['refid'])
1011			$selected = "selected=\"selected\"";
1012			if (cert_in_use($cert['refid']))
1013			$inuse = " *In Use";
1014			if (is_cert_revoked($cert))
1015			$revoked = " *Revoked";
1016	d799787e	Matthew Grooms	?>
1017	6a0b3ea4	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
1018	d799787e	Matthew Grooms	<?php endforeach; ?>
1019			</select>
1020	19cdeb3e	jim-p	<?php else: ?>
1021	8cd558b6	ayvis	<b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a>.
1022	19cdeb3e	jim-p	<?php endif; ?>
1023	d799787e	Matthew Grooms	</td>
1024			</tr>
1025	fe787fc7	Matthew Grooms	<tr id="tls_dh">
1026	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH Parameters Length"); ?></td>
1027	fe787fc7	Matthew Grooms	<td width="78%" class="vtable">
1028			<select name="dh_length" class="formselect">
1029			<?php
1030			foreach ($openvpn_dh_lengths as $length):
1031	2b5c9e58	Colin Fleming	$selected = "";
1032	fe787fc7	Matthew Grooms	if ($length == $pconfig['dh_length'])
1033	2b5c9e58	Colin Fleming	$selected = " selected=\"selected\"";
1034	fe787fc7	Matthew Grooms	?>
1035			<option<?=$selected?>><?=$length;?></option>
1036			<?php endforeach; ?>
1037			</select>
1038			<span class="vexpl">
1039	1c83021a	Carlos Eduardo Ramos	<?=gettext("bits"); ?>
1040	fe787fc7	Matthew Grooms	</span>
1041			</td>
1042			</tr>
1043	d799787e	Matthew Grooms	<tr id="psk">
1044	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
1045	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
1046			<?php if (!$pconfig['shared_key']): ?>
1047	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="shared key">
1048	3c11bd3c	Matthew Grooms	<tr>
1049			<td>
1050			<?php set_checked($pconfig['autokey_enable'],$chk); ?>
1051	2b5c9e58	Colin Fleming	<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autokey_change()" />
1052	3c11bd3c	Matthew Grooms	</td>
1053			<td>
1054			<span class="vexpl">
1055	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Automatically generate a shared key"); ?>.
1056	3c11bd3c	Matthew Grooms	</span>
1057			</td>
1058			</tr>
1059			</table>
1060			<?php endif; ?>
1061	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="autokey_opts" summary="shared key">
1062	3c11bd3c	Matthew Grooms	<tr>
1063			<td>
1064			<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
1065	8cd558b6	ayvis	<br />
1066	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Paste your shared key here"); ?>.
1067	3c11bd3c	Matthew Grooms	</td>
1068			</tr>
1069			</table>
1070	d799787e	Matthew Grooms	</td>
1071			</tr>
1072			<tr>
1073	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
1074	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1075			<select name="crypto" class="formselect">
1076			<?php
1077			$cipherlist = openvpn_get_cipherlist();
1078			foreach ($cipherlist as $name => $desc):
1079	3e41ad59	Phil Davis	$selected = "";
1080			if ($name == $pconfig['crypto'])
1081			$selected = " selected=\"selected\"";
1082	d799787e	Matthew Grooms	?>
1083	3e41ad59	Phil Davis	<option value="<?=$name;?>"<?=$selected?>>
1084			<?=htmlspecialchars($desc);?>
1085			</option>
1086	d799787e	Matthew Grooms	<?php endforeach; ?>
1087	582c58ae	jim-p	</select>
1088			</td>
1089			</tr>
1090	97d5b59b	jim-p	<tr>
1091			<td width="22%" valign="top" class="vncellreq"><?=gettext("Auth Digest Algorithm"); ?></td>
1092			<td width="78%" class="vtable">
1093			<select name="digest" class="formselect">
1094			<?php
1095			$digestlist = openvpn_get_digestlist();
1096			foreach ($digestlist as $name => $desc):
1097	3e41ad59	Phil Davis	$selected = "";
1098			if ($name == $pconfig['digest'])
1099			$selected = " selected=\"selected\"";
1100	97d5b59b	jim-p	?>
1101	3e41ad59	Phil Davis	<option value="<?=$name;?>"<?=$selected?>>
1102			<?=htmlspecialchars($desc);?>
1103			</option>
1104	97d5b59b	jim-p	<?php endforeach; ?>
1105			</select>
1106	73b8c162	jim-p	<br /><?PHP echo gettext("NOTE: Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN."); ?>
1107	97d5b59b	jim-p	</td>
1108			</tr>
1109	582c58ae	jim-p	<tr id="engine">
1110			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
1111			<td width="78%" class="vtable">
1112			<select name="engine" class="formselect">
1113			<?php
1114			$engines = openvpn_get_engines();
1115			foreach ($engines as $name => $desc):
1116	3e41ad59	Phil Davis	$selected = "";
1117			if ($name == $pconfig['engine'])
1118			$selected = " selected=\"selected\"";
1119	582c58ae	jim-p	?>
1120	3e41ad59	Phil Davis	<option value="<?=$name;?>"<?=$selected?>>
1121			<?=htmlspecialchars($desc);?>
1122			</option>
1123	582c58ae	jim-p	<?php endforeach; ?>
1124	d799787e	Matthew Grooms	</select>
1125			</td>
1126			</tr>
1127	98963f27	jim-p	<tr id="cert_depth">
1128			<td width="22%" valign="top" class="vncell"><?=gettext("Certificate Depth"); ?></td>
1129			<td width="78%" class="vtable">
1130	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="certificate depth">
1131	98963f27	jim-p	<tr><td>
1132			<select name="cert_depth" class="formselect">
1133			<option value="">Do Not Check</option>
1134			<?php
1135			foreach ($openvpn_cert_depths as $depth => $depthdesc):
1136	3e41ad59	Phil Davis	$selected = "";
1137			if ($depth == $pconfig['cert_depth'])
1138			$selected = " selected=\"selected\"";
1139	98963f27	jim-p	?>
1140	3e41ad59	Phil Davis	<option value="<?= $depth ?>" <?= $selected ?>><?= $depthdesc ?></option>
1141	98963f27	jim-p	<?php endforeach; ?>
1142			</select>
1143			</td></tr>
1144			<tr><td>
1145			<span class="vexpl">
1146			<?=gettext("When a certificate-based client logs in, do not accept certificates below this depth. Useful for denying certificates made with intermediate CAs generated from the same CA as the server."); ?>
1147			</span>
1148			</td></tr>
1149			</table>
1150			</td>
1151			</tr>
1152	94823361	jim-p	<tr id="strictusercn">
1153			<td width="22%" valign="top" class="vncell"><?=gettext("Strict User/CN Matching"); ?></td>
1154			<td width="78%" class="vtable">
1155	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="strict user/cn matching">
1156	94823361	jim-p	<tr>
1157			<td>
1158			<?php set_checked($pconfig['strictusercn'],$chk); ?>
1159	2b5c9e58	Colin Fleming	<input name="strictusercn" type="checkbox" value="yes" <?=$chk;?> />
1160	94823361	jim-p	</td>
1161			<td>
1162			<span class="vexpl">
1163			<?=gettext("When authenticating users, enforce a match between the common name of the client certificate and the username given at login."); ?>
1164			</span>
1165			</td>
1166			</tr>
1167			</table>
1168			</td>
1169			</tr>
1170	d799787e	Matthew Grooms	<tr>
1171			<td colspan="2" class="list" height="12"></td>
1172			</tr>
1173			<tr>
1174	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
1175	d799787e	Matthew Grooms	</tr>
1176	74a556a3	jim-p	<tr>
1177			<td width="22%" valign="top" class="vncellreq" id="ipv4_tunnel_network"><?=gettext("IPv4 Tunnel Network"); ?></td>
1178	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1179	2b5c9e58	Colin Fleming	<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>" />
1180	8cd558b6	ayvis	<br />
1181	b1ba04cf	Seth Mos	<?=gettext("This is the IPv4 virtual network used for private " .
1182	4d8b3382	Carlos Eduardo Ramos	"communications between this server and client " .
1183			"hosts expressed using CIDR (eg. 10.0.8.0/24). " .
1184			"The first network address will be assigned to " .
1185	3e41ad59	Phil Davis	"the server virtual interface. The remaining " .
1186	4d8b3382	Carlos Eduardo Ramos	"network addresses can optionally be assigned " .
1187			"to connecting clients. (see Address Pool)"); ?>
1188	d799787e	Matthew Grooms	</td>
1189			</tr>
1190	74a556a3	jim-p	<tr>
1191			<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Tunnel Network"); ?></td>
1192	b1ba04cf	Seth Mos	<td width="78%" class="vtable">
1193	2b5c9e58	Colin Fleming	<input name="tunnel_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_networkv6']);?>" />
1194	8cd558b6	ayvis	<br />
1195	b1ba04cf	Seth Mos	<?=gettext("This is the IPv6 virtual network used for private " .
1196			"communications between this server and client " .
1197			"hosts expressed using CIDR (eg. fe80::/64). " .
1198			"The first network address will be assigned to " .
1199	4856df9b	jim-p	"the server virtual interface. The remaining " .
1200	b1ba04cf	Seth Mos	"network addresses can optionally be assigned " .
1201			"to connecting clients. (see Address Pool)"); ?>
1202			</td>
1203			</tr>
1204	1ab6bdb5	jim-p	<tr id="serverbridge_dhcp">
1205			<td width="22%" valign="top" class="vncell"><?=gettext("Bridge DHCP"); ?></td>
1206			<td width="78%" class="vtable">
1207	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="bridge dhcp">
1208	1ab6bdb5	jim-p	<tr>
1209			<td>
1210			<?php set_checked($pconfig['serverbridge_dhcp'],$chk); ?>
1211	2b5c9e58	Colin Fleming	<input name="serverbridge_dhcp" type="checkbox" value="yes" <?=$chk;?> onchange="tuntap_change()" />
1212	1ab6bdb5	jim-p	</td>
1213			<td>
1214			<span class="vexpl">
1215	8cd558b6	ayvis	<?=gettext("Allow clients on the bridge to obtain DHCP."); ?><br />
1216	1ab6bdb5	jim-p	</span>
1217			</td>
1218			</tr>
1219			</table>
1220			</td>
1221			</tr>
1222			<tr id="serverbridge_interface">
1223			<td width="22%" valign="top" class="vncell"><?=gettext("Bridge Interface"); ?></td>
1224			<td width="78%" class="vtable">
1225			<select name="serverbridge_interface" class="formselect">
1226			<?php
1227			$serverbridge_interface['none'] = "none";
1228			$serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr());
1229			$carplist = get_configured_carp_interface_list();
1230			foreach ($carplist as $cif => $carpip)
1231			$serverbridge_interface[$cif.'\|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
1232			$aliaslist = get_configured_ip_aliases_list();
1233			foreach ($aliaslist as $aliasip => $aliasif)
1234			$serverbridge_interface[$aliasif.'\|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
1235			foreach ($serverbridge_interface as $iface => $ifacename):
1236			$selected = "";
1237			if ($iface == $pconfig['serverbridge_interface'])
1238	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
1239	1ab6bdb5	jim-p	?>
1240			<option value="<?=$iface;?>" <?=$selected;?>>
1241			<?=htmlspecialchars($ifacename);?>
1242			</option>
1243			<?php endforeach; ?>
1244	8cd558b6	ayvis	</select> <br />
1245	8e932fb5	Phil Davis	<?=gettext("The interface to which this tap instance will be " .
1246	1ab6bdb5	jim-p	"bridged. This is not done automatically. You must assign this " .
1247			"interface and create the bridge separately. " .
1248			"This setting controls which existing IP address and subnet " .
1249			"mask are used by OpenVPN for the bridge. Setting this to " .
1250			"'none' will cause the Server Bridge DHCP settings below to be ignored."); ?>
1251			</td>
1252			</tr>
1253			<tr id="serverbridge_dhcp_start">
1254			<td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP Start"); ?></td>
1255			<td width="78%" class="vtable">
1256	2b5c9e58	Colin Fleming	<input name="serverbridge_dhcp_start" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_start']);?>" />
1257	8cd558b6	ayvis	<br />
1258	8e932fb5	Phil Davis	<?=gettext("When using tap mode as a multi-point server, " .
1259	1ab6bdb5	jim-p	"you may optionally supply a DHCP range to use on the " .
1260			"interface to which this tap instance is bridged. " .
1261			"If these settings are left blank, DHCP will be passed " .
1262			"through to the LAN, and the interface setting above " .
1263			"will be ignored."); ?>
1264			</td>
1265			</tr>
1266			<tr id="serverbridge_dhcp_end">
1267	850ae59e	Irving Popovetsky	<td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP End"); ?></td>
1268	1ab6bdb5	jim-p	<td width="78%" class="vtable">
1269	2b5c9e58	Colin Fleming	<input name="serverbridge_dhcp_end" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_end']);?>" />
1270	8cd558b6	ayvis	<br />
1271	1ab6bdb5	jim-p	</td>
1272			</tr>
1273	a2ff08f8	jim-p	<tr id="gwredir_opts">
1274	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td>
1275	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1276	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="redirect gateway">
1277	d799787e	Matthew Grooms	<tr>
1278			<td>
1279			<?php set_checked($pconfig['gwredir'],$chk); ?>
1280	2b5c9e58	Colin Fleming	<input name="gwredir" type="checkbox" value="yes" <?=$chk;?> onclick="gwredir_change()" />
1281	d799787e	Matthew Grooms	</td>
1282			<td>
1283			<span class="vexpl">
1284	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Force all client generated traffic through the tunnel"); ?>.
1285	d799787e	Matthew Grooms	</span>
1286			</td>
1287			</tr>
1288			</table>
1289			</td>
1290			</tr>
1291	4856df9b	jim-p	<tr id="local_optsv4">
1292	332f5781	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Local Network/s"); ?></td>
1293	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1294	2b5c9e58	Colin Fleming	<input name="local_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['local_network']);?>" />
1295	8cd558b6	ayvis	<br />
1296	332f5781	Phil Davis	<?=gettext("These are the IPv4 networks that will be accessible " .
1297			"from the remote endpoint. Expressed as a comma-separated list of one or more CIDR ranges. " .
1298			"You may leave this blank if you don't " .
1299	4d8b3382	Carlos Eduardo Ramos	"want to add a route to the local network " .
1300			"through this tunnel on the remote machine. " .
1301			"This is generally set to your LAN network"); ?>.
1302	d799787e	Matthew Grooms	</td>
1303			</tr>
1304	4856df9b	jim-p	<tr id="local_optsv6">
1305	332f5781	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Local Network/s"); ?></td>
1306	b1ba04cf	Seth Mos	<td width="78%" class="vtable">
1307	2b5c9e58	Colin Fleming	<input name="local_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['local_networkv6']);?>" />
1308	8cd558b6	ayvis	<br />
1309	332f5781	Phil Davis	<?=gettext("These are the IPv6 networks that will be accessible " .
1310			"from the remote endpoint. Expressed as a comma-separated list of one or more IP/PREFIX. " .
1311			"You may leave this blank if you don't " .
1312	b1ba04cf	Seth Mos	"want to add a route to the local network " .
1313			"through this tunnel on the remote machine. " .
1314			"This is generally set to your LAN network"); ?>.
1315			</td>
1316			</tr>
1317	415bddea	jim-p	<tr id="remote_optsv4">
1318	332f5781	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Remote Network/s"); ?></td>
1319	3c11bd3c	Matthew Grooms	<td width="78%" class="vtable">
1320	2b5c9e58	Colin Fleming	<input name="remote_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_network']);?>" />
1321	8cd558b6	ayvis	<br />
1322	332f5781	Phil Davis	<?=gettext("These are the IPv4 networks that will be routed through " .
1323	4d8b3382	Carlos Eduardo Ramos	"the tunnel, so that a site-to-site VPN can be " .
1324	332f5781	Phil Davis	"established without manually changing the routing tables. " .
1325			"Expressed as a comma-separated list of one or more CIDR ranges. " .
1326			"If this is a site-to-site VPN, enter the " .
1327			"remote LAN/s here. You may leave this blank if " .
1328	4d8b3382	Carlos Eduardo Ramos	"you don't want a site-to-site VPN"); ?>.
1329	3c11bd3c	Matthew Grooms	</td>
1330			</tr>
1331	415bddea	jim-p	<tr id="remote_optsv6">
1332	332f5781	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Remote Network/s"); ?></td>
1333	4856df9b	jim-p	<td width="78%" class="vtable">
1334	2b5c9e58	Colin Fleming	<input name="remote_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_networkv6']);?>" />
1335	8cd558b6	ayvis	<br />
1336	332f5781	Phil Davis	<?=gettext("These are the IPv6 networks that will be routed through " .
1337	4856df9b	jim-p	"the tunnel, so that a site-to-site VPN can be " .
1338	332f5781	Phil Davis	"established without manually changing the routing tables. " .
1339			"Expressed as a comma-separated list of one or more IP/PREFIX. " .
1340			"If this is a site-to-site VPN, enter the " .
1341			"remote LAN/s here. You may leave this blank if " .
1342	4856df9b	jim-p	"you don't want a site-to-site VPN"); ?>.
1343			</td>
1344			</tr>
1345	d799787e	Matthew Grooms	<tr>
1346			<td width="22%" valign="top" class="vncell"><?=gettext("Concurrent connections");?></td>
1347			<td width="78%" class="vtable">
1348	2b5c9e58	Colin Fleming	<input name="maxclients" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['maxclients']);?>" />
1349	8cd558b6	ayvis	<br />
1350	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Specify the maximum number of clients allowed to concurrently connect to this server"); ?>.
1351	d799787e	Matthew Grooms	</td>
1352			</tr>
1353			<tr>
1354	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
1355	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1356	edba1982	jim-p	<select name="compression" class="formselect">
1357			<?php
1358			foreach ($openvpn_compression_modes as $cmode => $cmodedesc):
1359	3e41ad59	Phil Davis	$selected = "";
1360			if ($cmode == $pconfig['compression'])
1361			$selected = " selected=\"selected\"";
1362	edba1982	jim-p	?>
1363	3e41ad59	Phil Davis	<option value="<?= $cmode ?>" <?= $selected ?>><?= $cmodedesc ?></option>
1364	edba1982	jim-p	<?php endforeach; ?>
1365			</select>
1366	8cd558b6	ayvis	<br />
1367	caf58ced	Dmitriy K.	<?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently"); ?>.
1368	d799787e	Matthew Grooms	</td>
1369			</tr>
1370			<tr>
1371	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
1372	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1373	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="type-of-service">
1374	d799787e	Matthew Grooms	<tr>
1375			<td>
1376	1cb0b40a	Matthew Grooms	<?php set_checked($pconfig['passtos'],$chk); ?>
1377	2b5c9e58	Colin Fleming	<input name="passtos" type="checkbox" value="yes" <?=$chk;?> />
1378	d799787e	Matthew Grooms	</td>
1379			<td>
1380			<span class="vexpl">
1381	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
1382	d799787e	Matthew Grooms	</span>
1383			</td>
1384			</tr>
1385			</table>
1386			</td>
1387			</tr>
1388	107794cc	jim-p	<tr id="inter_client_communication">
1389	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Inter-client communication"); ?></td>
1390	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1391	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="inter-client communication">
1392	d799787e	Matthew Grooms	<tr>
1393			<td>
1394			<?php set_checked($pconfig['client2client'],$chk); ?>
1395	2b5c9e58	Colin Fleming	<input name="client2client" type="checkbox" value="yes" <?=$chk;?> />
1396	d799787e	Matthew Grooms	</td>
1397			<td>
1398			<span class="vexpl">
1399	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Allow communication between clients connected to this server"); ?>
1400	d799787e	Matthew Grooms	</span>
1401			</td>
1402			</tr>
1403			</table>
1404			</td>
1405			</tr>
1406	bca35cff	jim-p	<tr id="duplicate_cn">
1407			<td width="22%" valign="top" class="vncell"><?=gettext("Duplicate Connections"); ?></td>
1408			<td width="78%" class="vtable">
1409	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="duplicate connection">
1410	bca35cff	jim-p	<tr>
1411			<td>
1412			<?php set_checked($pconfig['duplicate_cn'],$chk); ?>
1413	2b5c9e58	Colin Fleming	<input name="duplicate_cn" type="checkbox" value="yes" <?=$chk;?> />
1414	bca35cff	jim-p	</td>
1415			<td>
1416			<span class="vexpl">
1417	8cd558b6	ayvis	<?=gettext("Allow multiple concurrent connections from clients using the same Common Name.<br />NOTE: This is not generally recommended, but may be needed for some scenarios."); ?>
1418	bca35cff	jim-p	</span>
1419			</td>
1420			</tr>
1421			</table>
1422			</td>
1423			</tr>
1424	b9e9903d	Dmitriy K.
1425	caf58ced	Dmitriy K.	<tr id="chkboxNoTunIPv6">
1426	b9e9903d	Dmitriy K.	<td width="22%" valign="top" class="vncell"><?=gettext("Disable IPv6"); ?></td>
1427			<td width="78%" class="vtable">
1428			<table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6-srv">
1429			<tr>
1430			<td>
1431			<?php set_checked($pconfig['no_tun_ipv6'],$chk); ?>
1432			<input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> />
1433			</td>
1434			<td>
1435			<span class="vexpl">
1436	b176474b	Dmitriy K.	<?=gettext("Don't forward IPv6 traffic"); ?>.
1437	b9e9903d	Dmitriy K.	</span>
1438			</td>
1439			</tr>
1440			</table>
1441			</td>
1442			</tr>
1443
1444	3c11bd3c	Matthew Grooms	</table>
1445
1446	2b5c9e58	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="client settings">
1447	d799787e	Matthew Grooms	<tr>
1448			<td colspan="2" class="list" height="12"></td>
1449			</tr>
1450			<tr>
1451	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Client Settings"); ?></td>
1452	d799787e	Matthew Grooms	</tr>
1453	65ff8497	jim-p	<tr>
1454	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dynamic IP"); ?></td>
1455	65ff8497	jim-p	<td width="78%" class="vtable">
1456	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="dynamic ip">
1457	65ff8497	jim-p	<tr>
1458			<td>
1459			<?php set_checked($pconfig['dynamic_ip'],$chk); ?>
1460	2b5c9e58	Colin Fleming	<input name="dynamic_ip" type="checkbox" id="dynamic_ip" value="yes" <?=$chk;?> />
1461	65ff8497	jim-p	</td>
1462			<td>
1463			<span class="vexpl">
1464	8cd558b6	ayvis	<?=gettext("Allow connected clients to retain their connections if their IP address changes"); ?>.<br />
1465	65ff8497	jim-p	</span>
1466			</td>
1467			</tr>
1468			</table>
1469			</td>
1470			</tr>
1471	d799787e	Matthew Grooms	<tr>
1472	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Address Pool"); ?></td>
1473	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1474	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="address pool">
1475	d799787e	Matthew Grooms	<tr>
1476			<td>
1477			<?php set_checked($pconfig['pool_enable'],$chk); ?>
1478	2b5c9e58	Colin Fleming	<input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?> />
1479	d799787e	Matthew Grooms	</td>
1480			<td>
1481			<span class="vexpl">
1482	8cd558b6	ayvis	<?=gettext("Provide a virtual adapter IP address to clients (see Tunnel Network)"); ?><br />
1483	d799787e	Matthew Grooms	</span>
1484			</td>
1485			</tr>
1486			</table>
1487			</td>
1488			</tr>
1489	ee55ce7d	jim-p	<tr id="topology_subnet_opt">
1490			<td width="22%" valign="top" class="vncell"><?=gettext("Topology"); ?></td>
1491			<td width="78%" class="vtable">
1492	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="topology">
1493	ee55ce7d	jim-p	<tr>
1494			<td>
1495			<?php set_checked($pconfig['topology_subnet'],$chk); ?>
1496	2b5c9e58	Colin Fleming	<input name="topology_subnet" type="checkbox" id="topology_subnet" value="yes" <?=$chk;?> />
1497	ee55ce7d	jim-p	</td>
1498			<td>
1499			<span class="vexpl">
1500	8cd558b6	ayvis	<?=gettext("Allocate only one IP per client (topology subnet), rather than an isolated subnet per client (topology net30)."); ?><br />
1501	ee55ce7d	jim-p	</span>
1502			</td>
1503			</tr>
1504			<tr>
1505			<td> </td>
1506			<td>
1507	8cd558b6	ayvis	<?=gettext("Relevant when supplying a virtual adapter IP address to clients when using tun mode on IPv4."); ?><br />
1508			<?=gettext("Some clients may require this even for IPv6, such as OpenVPN Connect (iOS/Android). Others may break if it is present, such as older versions of OpenVPN or clients such as Yealink phones."); ?><br />
1509	ee55ce7d	jim-p	</td>
1510			</tr>
1511			</table>
1512			</td>
1513			</tr>
1514	d799787e	Matthew Grooms	<tr>
1515	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("DNS Default Domain"); ?></td>
1516	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1517	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="dns default domain">
1518	d799787e	Matthew Grooms	<tr>
1519			<td>
1520			<?php set_checked($pconfig['dns_domain_enable'],$chk); ?>
1521	2b5c9e58	Colin Fleming	<input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onclick="dns_domain_change()" />
1522	d799787e	Matthew Grooms	</td>
1523			<td>
1524			<span class="vexpl">
1525	8cd558b6	ayvis	<?=gettext("Provide a default domain name to clients"); ?><br />
1526	d799787e	Matthew Grooms	</span>
1527			</td>
1528			</tr>
1529			</table>
1530	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="dns_domain_data" summary="dns domain data">
1531	d799787e	Matthew Grooms	<tr>
1532			<td>
1533	2b5c9e58	Colin Fleming	<input name="dns_domain" type="text" class="formfld unknown" id="dns_domain" size="30" value="<?=htmlspecialchars($pconfig['dns_domain']);?>" />
1534	d799787e	Matthew Grooms	</td>
1535			</tr>
1536			</table>
1537			</td>
1538			</tr>
1539			<tr>
1540	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("DNS Servers"); ?></td>
1541	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1542	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="dns servers">
1543	d799787e	Matthew Grooms	<tr>
1544			<td>
1545			<?php set_checked($pconfig['dns_server_enable'],$chk); ?>
1546	2b5c9e58	Colin Fleming	<input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onclick="dns_server_change()" />
1547	d799787e	Matthew Grooms	</td>
1548			<td>
1549			<span class="vexpl">
1550	8cd558b6	ayvis	<?=gettext("Provide a DNS server list to clients"); ?><br />
1551	d799787e	Matthew Grooms	</span>
1552			</td>
1553			</tr>
1554			</table>
1555	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="dns_server_data" summary="dns servers">
1556	d799787e	Matthew Grooms	<tr>
1557			<td>
1558			<span class="vexpl">
1559	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #1:
1560	d799787e	Matthew Grooms	</span>
1561	2b5c9e58	Colin Fleming	<input name="dns_server1" type="text" class="formfld unknown" id="dns_server1" size="20" value="<?=htmlspecialchars($pconfig['dns_server1']);?>" />
1562	d799787e	Matthew Grooms	</td>
1563			</tr>
1564			<tr>
1565			<td>
1566			<span class="vexpl">
1567	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #2:
1568	d799787e	Matthew Grooms	</span>
1569	2b5c9e58	Colin Fleming	<input name="dns_server2" type="text" class="formfld unknown" id="dns_server2" size="20" value="<?=htmlspecialchars($pconfig['dns_server2']);?>" />
1570	d799787e	Matthew Grooms	</td>
1571			</tr>
1572			<tr>
1573			<td>
1574			<span class="vexpl">
1575	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #3:
1576	d799787e	Matthew Grooms	</span>
1577	2b5c9e58	Colin Fleming	<input name="dns_server3" type="text" class="formfld unknown" id="dns_server3" size="20" value="<?=htmlspecialchars($pconfig['dns_server3']);?>" />
1578	d799787e	Matthew Grooms	</td>
1579			</tr>
1580			<tr>
1581			<td>
1582			<span class="vexpl">
1583	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #4:
1584	d799787e	Matthew Grooms	</span>
1585	2b5c9e58	Colin Fleming	<input name="dns_server4" type="text" class="formfld unknown" id="dns_server4" size="20" value="<?=htmlspecialchars($pconfig['dns_server4']);?>" />
1586	d799787e	Matthew Grooms	</td>
1587			</tr>
1588			</table>
1589			</td>
1590			</tr>
1591	c38764dc	Dmitriy K.
1592			<tr id="chkboxPushRegisterDNS">
1593			<td width="22%" valign="top" class="vncell"><?=gettext("Force DNS cache update"); ?></td>
1594			<td width="78%" class="vtable">
1595			<table border="0" cellpadding="2" cellspacing="0" summary="push register dns">
1596			<tr>
1597			<td>
1598			<?php set_checked($pconfig['push_register_dns'],$chk); ?>
1599			<input name="push_register_dns" type="checkbox" value="yes" <?=$chk;?> />
1600			</td>
1601			<td>
1602			<span class="vexpl">
1603			<?=gettext("Run ''net stop dnscache'', ''net start dnscache'', ''ipconfig /flushdns'' and ''ipconfig /registerdns'' on connection initiation. This is known to kick Windows into recognizing pushed DNS servers."); ?><br />
1604			</span>
1605			</td>
1606			</tr>
1607			</table>
1608			</td>
1609			</tr>
1610
1611	d799787e	Matthew Grooms	<tr>
1612	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NTP Servers"); ?></td>
1613	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1614	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="ntp servers">
1615	d799787e	Matthew Grooms	<tr>
1616			<td>
1617			<?php set_checked($pconfig['ntp_server_enable'],$chk); ?>
1618	2b5c9e58	Colin Fleming	<input name="ntp_server_enable" type="checkbox" id="ntp_server_enable" value="yes" <?=$chk;?> onclick="ntp_server_change()" />
1619	d799787e	Matthew Grooms	</td>
1620			<td>
1621			<span class="vexpl">
1622	8cd558b6	ayvis	<?=gettext("Provide a NTP server list to clients"); ?><br />
1623	d799787e	Matthew Grooms	</span>
1624			</td>
1625			</tr>
1626			</table>
1627	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="ntp_server_data" summary="ntp servers">
1628	d799787e	Matthew Grooms	<tr>
1629			<td>
1630			<span class="vexpl">
1631	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #1:
1632	d799787e	Matthew Grooms	</span>
1633	2b5c9e58	Colin Fleming	<input name="ntp_server1" type="text" class="formfld unknown" id="ntp_server1" size="20" value="<?=htmlspecialchars($pconfig['ntp_server1']);?>" />
1634	d799787e	Matthew Grooms	</td>
1635			</tr>
1636			<tr>
1637			<td>
1638			<span class="vexpl">
1639	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #2:
1640	d799787e	Matthew Grooms	</span>
1641	2b5c9e58	Colin Fleming	<input name="ntp_server2" type="text" class="formfld unknown" id="ntp_server2" size="20" value="<?=htmlspecialchars($pconfig['ntp_server2']);?>" />
1642	d799787e	Matthew Grooms	</td>
1643			</tr>
1644			</table>
1645			</td>
1646			</tr>
1647			<tr>
1648	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NetBIOS Options"); ?></td>
1649	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1650	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="netboios options">
1651	d799787e	Matthew Grooms	<tr>
1652			<td>
1653			<?php set_checked($pconfig['netbios_enable'],$chk); ?>
1654	2b5c9e58	Colin Fleming	<input name="netbios_enable" type="checkbox" id="netbios_enable" value="yes" <?=$chk;?> onclick="netbios_change()" />
1655	d799787e	Matthew Grooms	</td>
1656			<td>
1657			<span class="vexpl">
1658	8cd558b6	ayvis	<?=gettext("Enable NetBIOS over TCP/IP"); ?><br />
1659	d799787e	Matthew Grooms	</span>
1660			</td>
1661			</tr>
1662			</table>
1663	4d8b3382	Carlos Eduardo Ramos	<?=gettext("If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled"); ?>.
1664	8cd558b6	ayvis	<br />
1665	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="netbios_data" summary="netboios options">
1666	d799787e	Matthew Grooms	<tr>
1667			<td>
1668	8cd558b6	ayvis	<br />
1669	d799787e	Matthew Grooms	<span class="vexpl">
1670	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Node Type"); ?>:
1671	d799787e	Matthew Grooms	</span>
1672			<select name='netbios_ntype' class="formselect">
1673			<?php
1674			foreach ($netbios_nodetypes as $type => $name):
1675			$selected = "";
1676			if ($pconfig['netbios_ntype'] == $type)
1677	2b5c9e58	Colin Fleming	$selected = "selected=\"selected\"";
1678	d799787e	Matthew Grooms	?>
1679			<option value="<?=$type;?>" <?=$selected;?>><?=$name;?></option>
1680			<?php endforeach; ?>
1681			</select>
1682	8cd558b6	ayvis	<br />
1683	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Possible options: b-node (broadcasts), p-node " .
1684			"(point-to-point name queries to a WINS server), " .
1685			"m-node (broadcast then query name server), and " .
1686			"h-node (query name server, then broadcast)"); ?>.
1687	d799787e	Matthew Grooms	</td>
1688			</tr>
1689			<tr>
1690			<td>
1691	8cd558b6	ayvis	<br />
1692	d799787e	Matthew Grooms	<span class="vexpl">
1693	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Scope ID"); ?>:
1694	d799787e	Matthew Grooms	</span>
1695	2b5c9e58	Colin Fleming	<input name="netbios_scope" type="text" class="formfld unknown" id="netbios_scope" size="30" value="<?=htmlspecialchars($pconfig['netbios_scope']);?>" />
1696	8cd558b6	ayvis	<br />
1697	4d8b3382	Carlos Eduardo Ramos	<?=gettext("A NetBIOS Scope ID provides an extended naming " .
1698	3e41ad59	Phil Davis	"service for NetBIOS over TCP/IP. The NetBIOS " .
1699	4d8b3382	Carlos Eduardo Ramos	"scope ID isolates NetBIOS traffic on a single " .
1700			"network to only those nodes with the same " .
1701			"NetBIOS scope ID"); ?>.
1702	d799787e	Matthew Grooms	</td>
1703			</tr>
1704			</table>
1705			</td>
1706			</tr>
1707			<tr id="wins_opts">
1708	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("WINS Servers"); ?></td>
1709	d799787e	Matthew Grooms	<td width="78%" class="vtable">
1710	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="wins servers">
1711	d799787e	Matthew Grooms	<tr>
1712			<td>
1713			<?php set_checked($pconfig['wins_server_enable'],$chk); ?>
1714	2b5c9e58	Colin Fleming	<input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onclick="wins_server_change()" />
1715	d799787e	Matthew Grooms	</td>
1716			<td>
1717			<span class="vexpl">
1718	8cd558b6	ayvis	<?=gettext("Provide a WINS server list to clients"); ?><br />
1719	d799787e	Matthew Grooms	</span>
1720			</td>
1721			</tr>
1722			</table>
1723	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="wins_server_data" summary="wins servers">
1724	d799787e	Matthew Grooms	<tr>
1725			<td>
1726			<span class="vexpl">
1727	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #1:
1728	d799787e	Matthew Grooms	</span>
1729	2b5c9e58	Colin Fleming	<input name="wins_server1" type="text" class="formfld unknown" id="wins_server1" size="20" value="<?=htmlspecialchars($pconfig['wins_server1']);?>" />
1730	d799787e	Matthew Grooms	</td>
1731			</tr>
1732			<tr>
1733			<td>
1734			<span class="vexpl">
1735	4d8b3382	Carlos Eduardo Ramos	<?=gettext("Server"); ?> #2:
1736	d799787e	Matthew Grooms	</span>
1737	2b5c9e58	Colin Fleming	<input name="wins_server2" type="text" class="formfld unknown" id="wins_server2" size="20" value="<?=htmlspecialchars($pconfig['wins_server2']);?>" />
1738	d799787e	Matthew Grooms	</td>
1739			</tr>
1740			</table>
1741			</td>
1742			</tr>
1743	faf61f12	Phil Davis	<tr>
1744			<td width="22%" valign="top" class="vncell"><?=gettext("Client Management Port"); ?></td>
1745			<td width="78%" class="vtable">
1746	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="client management port">
1747	faf61f12	Phil Davis	<tr>
1748			<td>
1749			<?php set_checked($pconfig['client_mgmt_port_enable'],$chk); ?>
1750	2b5c9e58	Colin Fleming	<input name="client_mgmt_port_enable" type="checkbox" id="client_mgmt_port_enable" value="yes" <?=$chk;?> onclick="client_mgmt_port_change()" />
1751	faf61f12	Phil Davis	</td>
1752			<td>
1753			<span class="vexpl">
1754	8cd558b6	ayvis	<?=gettext("Use a different management port on clients. The default port is 166. Specify a different port if the client machines need to select from multiple OpenVPN links."); ?><br />
1755	faf61f12	Phil Davis	</span>
1756			</td>
1757			</tr>
1758			</table>
1759	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" id="client_mgmt_port_data" summary="client management port">
1760	faf61f12	Phil Davis	<tr>
1761			<td>
1762	2b5c9e58	Colin Fleming	<input name="client_mgmt_port" type="text" class="formfld unknown" id="client_mgmt_port" size="30" value="<?=htmlspecialchars($pconfig['client_mgmt_port']);?>" />
1763	faf61f12	Phil Davis	</td>
1764			</tr>
1765			</table>
1766			</td>
1767			</tr>
1768	3c11bd3c	Matthew Grooms	</table>
1769
1770	2b5c9e58	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="advance configuration">
1771	2f4f30ee	Scott Ullrich	<tr>
1772			<td colspan="2" class="list" height="12"></td>
1773			</tr>
1774			<tr>
1775	4d8b3382	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
1776	2f4f30ee	Scott Ullrich	</tr>
1777			<tr>
1778	4d8b3382	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
1779	2f4f30ee	Scott Ullrich	<td width="78%" class="vtable">
1780	2b5c9e58	Colin Fleming	<table border="0" cellpadding="2" cellspacing="0" summary="advance configuration">
1781	2f4f30ee	Scott Ullrich	<tr>
1782			<td>
1783	8cd558b6	ayvis	<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br />
1784			<?=gettext("Enter any additional options you would like to add to the OpenVPN server configuration here, separated by a semicolon"); ?><br />
1785	4d8b3382	Carlos Eduardo Ramos	<?=gettext("EXAMPLE: push \"route 10.0.0.0 255.255.255.0\""); ?>;
1786	2f4f30ee	Scott Ullrich	</td>
1787			</tr>
1788			</table>
1789			</td>
1790			</tr>
1791	b9e9903d	Dmitriy K.
1792			<tr id="comboboxVerbosityLevel">
1793	3e41ad59	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td>
1794			<td width="78%" class="vtable">
1795	b9e9903d	Dmitriy K.	<select name="verbosity_level" class="formselect">
1796			<?php
1797			foreach ($openvpn_verbosity_level as $verb_value => $verb_desc):
1798			$selected = "";
1799			if ($pconfig['verbosity_level'] == $verb_value)
1800			$selected = "selected=\"selected\"";
1801			?>
1802			<option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option>
1803			<?php endforeach; ?>
1804			</select>
1805			<br />
1806			<?=gettext("Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output"); ?>.<br /> <br />
1807			<strong>none</strong> -- <?=gettext("No output except fatal errors"); ?>. <br />
1808			<strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br />
1809			<strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br />
1810			<strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>.
1811	3e41ad59	Phil Davis	</td>
1812	b9e9903d	Dmitriy K.	</tr>
1813
1814	2f4f30ee	Scott Ullrich	</table>
1815
1816	8cd558b6	ayvis	<br />
1817	2b5c9e58	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="icons">
1818	d799787e	Matthew Grooms	<tr>
1819			<td width="22%" valign="top"> </td>
1820			<td width="78%">
1821	2b5c9e58	Colin Fleming	<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
1822			<input name="act" type="hidden" value="<?=$act;?>" />
1823	d799787e	Matthew Grooms	<?php if (isset($id) && $a_server[$id]): ?>
1824	2b5c9e58	Colin Fleming	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
1825	d799787e	Matthew Grooms	<?php endif; ?>
1826			</td>
1827			</tr>
1828			</table>
1829			</form>
1830
1831			<?php else: ?>
1832
1833	2b5c9e58	Colin Fleming	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="list">
1834	80fa045a	jim-p	<thead>
1835	d799787e	Matthew Grooms	<tr>
1836	4d8b3382	Carlos Eduardo Ramos	<td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td>
1837			<td width="10%" class="listhdrr"><?=gettext("Protocol / Port"); ?></td>
1838			<td width="30%" class="listhdrr"><?=gettext("Tunnel Network"); ?></td>
1839			<td width="40%" class="listhdrr"><?=gettext("Description"); ?></td>
1840	d799787e	Matthew Grooms	<td width="10%" class="list"></td>
1841			</tr>
1842	80fa045a	jim-p	</thead>
1843	2b5c9e58	Colin Fleming	<tfoot>
1844			<tr>
1845			<td class="list" colspan="4"></td>
1846			<td class="list">
1847			<a href="vpn_openvpn_server.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add server"); ?>" width="17" height="17" border="0" alt="add" />
1848			</a>
1849			</td>
1850			</tr>
1851			</tfoot>
1852	80fa045a	jim-p	<tbody>
1853	d799787e	Matthew Grooms	<?php
1854			$i = 0;
1855			foreach($a_server as $server):
1856			$disabled = "NO";
1857	870318b9	Ermal Lu?i	if (isset($server['disable']))
1858	d799787e	Matthew Grooms	$disabled = "YES";
1859			?>
1860			<tr>
1861	2b5c9e58	Colin Fleming	<td class="listlr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1862	d799787e	Matthew Grooms	<?=$disabled;?>
1863			</td>
1864	2b5c9e58	Colin Fleming	<td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1865	43cea754	Chris Buechler	<?=htmlspecialchars($server['protocol']);?> / <?=htmlspecialchars($server['local_port']);?>
1866	d799787e	Matthew Grooms	</td>
1867	2b5c9e58	Colin Fleming	<td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1868	8cd558b6	ayvis	<?=htmlspecialchars($server['tunnel_network']);?><br />
1869			<?=htmlspecialchars($server['tunnel_networkv6']);?><br />
1870	d799787e	Matthew Grooms	</td>
1871	2b5c9e58	Colin Fleming	<td class="listbg" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'">
1872	d799787e	Matthew Grooms	<?=htmlspecialchars($server['description']);?>
1873			</td>
1874	2b5c9e58	Colin Fleming	<td valign="middle" class="list nowrap">
1875			<a href="vpn_openvpn_server.php?act=edit&id=<?=$i;?>">
1876			<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit server"); ?>" width="17" height="17" border="0" alt="edit" />
1877	d799787e	Matthew Grooms	</a>
1878
1879	2b5c9e58	Colin Fleming	<a href="vpn_openvpn_server.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this server?"); ?>')">
1880			<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete server"); ?>" width="17" height="17" border="0" alt="delete" />
1881	d799787e	Matthew Grooms	</a>
1882			</td>
1883			</tr>
1884			<?php
1885			$i++;
1886			endforeach;
1887			?>
1888	cbd49c77	Phil Davis	<tr style="display:none;"><td></td></tr>
1889	80fa045a	jim-p	</tbody>
1890	d799787e	Matthew Grooms	</table>
1891
1892	7128ed17	Scott Ullrich	<?=gettext("Additional OpenVPN servers can be added here.");?>
1893
1894	ee9933b6	Renato Botelho	<?php endif; ?>
1895	d799787e	Matthew Grooms
1896			</td>
1897			</tr>
1898			</table>
1899	91f026b0	ayvis	<script type="text/javascript">
1900	2b5c9e58	Colin Fleming	//<![CDATA[
1901	3c11bd3c	Matthew Grooms	mode_change();
1902			autokey_change();
1903			tlsauth_change();
1904	d799787e	Matthew Grooms	gwredir_change();
1905			dns_domain_change();
1906			dns_server_change();
1907			wins_server_change();
1908	faf61f12	Phil Davis	client_mgmt_port_change();
1909	d799787e	Matthew Grooms	ntp_server_change();
1910			netbios_change();
1911	1ab6bdb5	jim-p	tuntap_change();
1912	2b5c9e58	Colin Fleming	//]]>
1913	d799787e	Matthew Grooms	</script>
1914			<?php include("fend.inc"); ?>
1915	2b5c9e58	Colin Fleming	</body>
1916			</html>
1917	d799787e	Matthew Grooms	<?php
1918
1919			/* local utility functions */
1920
1921			function set_checked($var,& $chk) {
1922	3e41ad59	Phil Davis	if($var)
1923			$chk = "checked=\"checked\"";
1924			else
1925			$chk = "";
1926	d799787e	Matthew Grooms	}
1927
1928	52971880	Vinicius Coque	?>

Project

General

Profile

pfSense