Project

General

Profile

Download (77.1 KB) Statistics
| Branch: | Tag: | Revision:

univnautes / usr / local / www / vpn_openvpn_server.php @ a1b66bec

1
<?php 
2
/*
3
	vpn_openvpn_server.php
4

    
5
	Copyright (C) 2008 Shrew Soft Inc.
6
	All rights reserved. 
7

    
8
	Redistribution and use in source and binary forms, with or without
9
	modification, are permitted provided that the following conditions are met:
10
	
11
	1. Redistributions of source code must retain the above copyright notice,
12
	   this list of conditions and the following disclaimer.
13
	
14
	2. Redistributions in binary form must reproduce the above copyright
15
	   notice, this list of conditions and the following disclaimer in the
16
	   documentation and/or other materials provided with the distribution.
17
	
18
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
	POSSIBILITY OF SUCH DAMAGE.
28
*/
29

    
30
##|+PRIV
31
##|*IDENT=page-openvpn-server
32
##|*NAME=OpenVPN: Server page
33
##|*DESCR=Allow access to the 'OpenVPN: Server' page.
34
##|*MATCH=vpn_openvpn_server.php*
35
##|-PRIV
36

    
37
require("guiconfig.inc");
38
require_once("openvpn.inc");
39

    
40
if (!is_array($config['openvpn']['openvpn-server']))
41
	$config['openvpn']['openvpn-server'] = array();
42

    
43
$a_server = &$config['openvpn']['openvpn-server'];
44

    
45
if (!is_array($config['ca']))
46
	$config['ca'] = array();
47

    
48
$a_ca =& $config['ca'];
49

    
50
if (!is_array($config['cert']))
51
	$config['cert'] = array();
52

    
53
$a_cert =& $config['cert'];
54

    
55
if (!is_array($config['crl']))
56
	$config['crl'] = array();
57

    
58
$a_crl =& $config['crl'];
59

    
60
foreach ($a_crl as $cid => $acrl)
61
	if (!isset($acrl['refid']))
62
		unset ($a_crl[$cid]);
63

    
64
if (is_numericint($_GET['id']))
65
	$id = $_GET['id'];
66
if (isset($_POST['id']) && is_numericint($_POST['id']))
67
	$id = $_POST['id'];
68

    
69
$act = $_GET['act'];
70
if (isset($_POST['act']))
71
	$act = $_POST['act'];
72

    
73
if (isset($id) && $a_server[$id])
74
	$vpnid = $a_server[$id]['vpnid'];
75
else
76
	$vpnid = 0;
77

    
78
if ($_GET['act'] == "del") {
79

    
80
	if (!isset($a_server[$id])) {
81
		pfSenseHeader("vpn_openvpn_server.php");
82
		exit;
83
	}
84
	if (!empty($a_server[$id]))
85
		openvpn_delete('server', $a_server[$id]);
86
	unset($a_server[$id]);
87
	write_config();
88
	$savemsg = gettext("Server successfully deleted")."<br />";
89
}
90

    
91
if($_GET['act']=="new"){
92
	$pconfig['autokey_enable'] = "yes";
93
	$pconfig['tlsauth_enable'] = "yes";
94
	$pconfig['autotls_enable'] = "yes";
95
	$pconfig['dh_length'] = 1024;
96
	$pconfig['dev_mode'] = "tun";
97
	$pconfig['interface'] = "wan";
98
	$pconfig['local_port'] = openvpn_port_next('UDP');
99
	$pconfig['pool_enable'] = "yes";
100
	$pconfig['cert_depth'] = 1;
101
	$pconfig['verbosity_level'] = 1; // Default verbosity is 1
102
	// OpenVPN Defaults to SHA1
103
	$pconfig['digest'] = "SHA1";
104
}
105

    
106
if($_GET['act']=="edit"){
107

    
108
	if (isset($id) && $a_server[$id]) {
109
		$pconfig['disable'] = isset($a_server[$id]['disable']);
110
		$pconfig['mode'] = $a_server[$id]['mode'];
111
		$pconfig['protocol'] = $a_server[$id]['protocol'];
112
		$pconfig['authmode'] = $a_server[$id]['authmode'];
113
		$pconfig['dev_mode'] = $a_server[$id]['dev_mode'];
114
		$pconfig['interface'] = $a_server[$id]['interface'];
115
		if (!empty($a_server[$id]['ipaddr'])) {
116
			$pconfig['interface'] = $pconfig['interface'] . '|' . $a_server[$id]['ipaddr'];
117
		}
118
		$pconfig['local_port'] = $a_server[$id]['local_port'];
119
		$pconfig['description'] = $a_server[$id]['description'];
120
		$pconfig['custom_options'] = $a_server[$id]['custom_options'];
121

    
122
		if ($pconfig['mode'] != "p2p_shared_key") {
123
			if ($a_server[$id]['tls']) {
124
				$pconfig['tlsauth_enable'] = "yes";
125
				$pconfig['tls'] = base64_decode($a_server[$id]['tls']);
126
			}
127
			$pconfig['caref'] = $a_server[$id]['caref'];
128
			$pconfig['crlref'] = $a_server[$id]['crlref'];
129
			$pconfig['certref'] = $a_server[$id]['certref'];
130
			$pconfig['dh_length'] = $a_server[$id]['dh_length'];
131
			if (isset($a_server[$id]['cert_depth']))
132
				$pconfig['cert_depth'] = $a_server[$id]['cert_depth'];
133
			else
134
				$pconfig['cert_depth'] = 1;
135
			if ($pconfig['mode'] == "server_tls_user")
136
				$pconfig['strictusercn'] = $a_server[$id]['strictusercn'];
137
		} else
138
			$pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
139
		$pconfig['crypto'] = $a_server[$id]['crypto'];
140
		// OpenVPN Defaults to SHA1 if unset
141
		$pconfig['digest'] = !empty($a_server[$id]['digest']) ? $a_server[$id]['digest'] : "SHA1";
142
		$pconfig['engine'] = $a_server[$id]['engine'];
143

    
144
		$pconfig['tunnel_network'] = $a_server[$id]['tunnel_network'];
145
		$pconfig['tunnel_networkv6'] = $a_server[$id]['tunnel_networkv6'];
146

    
147
		$pconfig['remote_network'] = $a_server[$id]['remote_network'];
148
		$pconfig['remote_networkv6'] = $a_server[$id]['remote_networkv6'];
149
		$pconfig['gwredir'] = $a_server[$id]['gwredir'];
150
		$pconfig['local_network'] = $a_server[$id]['local_network'];
151
		$pconfig['local_networkv6'] = $a_server[$id]['local_networkv6'];
152
		$pconfig['maxclients'] = $a_server[$id]['maxclients'];
153
		$pconfig['compression'] = $a_server[$id]['compression'];
154
		$pconfig['passtos'] = $a_server[$id]['passtos'];
155
		$pconfig['client2client'] = $a_server[$id]['client2client'];
156

    
157
		$pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip'];
158
		$pconfig['pool_enable'] = $a_server[$id]['pool_enable'];
159
		$pconfig['topology_subnet'] = $a_server[$id]['topology_subnet'];
160

    
161
		$pconfig['serverbridge_dhcp'] = $a_server[$id]['serverbridge_dhcp'];
162
		$pconfig['serverbridge_interface'] = $a_server[$id]['serverbridge_interface'];
163
		$pconfig['serverbridge_dhcp_start'] = $a_server[$id]['serverbridge_dhcp_start'];
164
		$pconfig['serverbridge_dhcp_end'] = $a_server[$id]['serverbridge_dhcp_end'];
165

    
166
		$pconfig['dns_domain'] = $a_server[$id]['dns_domain'];
167
		if ($pconfig['dns_domain'])
168
			$pconfig['dns_domain_enable'] = true;
169

    
170
		$pconfig['dns_server1'] = $a_server[$id]['dns_server1'];
171
		$pconfig['dns_server2'] = $a_server[$id]['dns_server2'];
172
		$pconfig['dns_server3'] = $a_server[$id]['dns_server3'];
173
		$pconfig['dns_server4'] = $a_server[$id]['dns_server4'];
174
		if ($pconfig['dns_server1'] ||
175
			$pconfig['dns_server2'] ||
176
			$pconfig['dns_server3'] ||
177
			$pconfig['dns_server4'])
178
			$pconfig['dns_server_enable'] = true;
179

    
180
		$pconfig['ntp_server1'] = $a_server[$id]['ntp_server1'];
181
		$pconfig['ntp_server2'] = $a_server[$id]['ntp_server2'];
182
		if ($pconfig['ntp_server1'] ||
183
			$pconfig['ntp_server2'])
184
			$pconfig['ntp_server_enable'] = true;
185

    
186
		$pconfig['netbios_enable'] = $a_server[$id]['netbios_enable'];
187
		$pconfig['netbios_ntype'] = $a_server[$id]['netbios_ntype'];
188
		$pconfig['netbios_scope'] = $a_server[$id]['netbios_scope'];
189

    
190
		$pconfig['wins_server1'] = $a_server[$id]['wins_server1'];
191
		$pconfig['wins_server2'] = $a_server[$id]['wins_server2'];
192
		if ($pconfig['wins_server1'] ||
193
			$pconfig['wins_server2'])
194
			$pconfig['wins_server_enable'] = true;
195

    
196
		$pconfig['client_mgmt_port'] = $a_server[$id]['client_mgmt_port'];
197
		if ($pconfig['client_mgmt_port'])
198
			$pconfig['client_mgmt_port_enable'] = true;
199

    
200
		$pconfig['nbdd_server1'] = $a_server[$id]['nbdd_server1'];
201
		if ($pconfig['nbdd_server1'])
202
			$pconfig['nbdd_server_enable'] = true;
203

    
204
		// just in case the modes switch
205
		$pconfig['autokey_enable'] = "yes";
206
		$pconfig['autotls_enable'] = "yes";
207

    
208
		$pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']);
209
		
210
		$pconfig['no_tun_ipv6'] = $a_server[$id]['no_tun_ipv6'];
211
		if (isset($a_server[$id]['verbosity_level']))
212
			$pconfig['verbosity_level'] = $a_server[$id]['verbosity_level'];
213
		else
214
			$pconfig['verbosity_level'] = 1; // Default verbosity is 1
215
		
216
		$pconfig['push_register_dns'] = $a_server[$id]['push_register_dns'];
217
	}
218
}
219
if ($_POST) {
220

    
221
	unset($input_errors);
222
	$pconfig = $_POST;
223

    
224
	if (isset($id) && $a_server[$id])
225
		$vpnid = $a_server[$id]['vpnid'];
226
	else
227
		$vpnid = 0;
228

    
229
	list($iv_iface, $iv_ip) = explode ("|",$pconfig['interface']);
230
	if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) {
231
		$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
232
	} elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) {
233
		$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address.");
234
	} elseif ((stristr($pconfig['protocol'], "6") === false) && !get_interface_ip($iv_iface) && ($pconfig['interface'] != "any")) {
235
		$input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address.");
236
	} elseif ((stristr($pconfig['protocol'], "6") !== false) && !get_interface_ipv6($iv_iface) && ($pconfig['interface'] != "any")) {
237
		$input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
238
	}
239

    
240
	if ($pconfig['mode'] != "p2p_shared_key")
241
		$tls_mode = true;
242
	else
243
		$tls_mode = false;
244

    
245
	if (empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user")))
246
		$input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth.");
247

    
248
	/* input validation */
249
	if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
250
		$input_errors[] = $result;
251

    
252
	if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4"))
253
		$input_errors[] = $result;
254

    
255
	if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6"))
256
		$input_errors[] = $result;
257

    
258
	if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4"))
259
		$input_errors[] = $result;
260

    
261
	if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6"))
262
		$input_errors[] = $result;
263

    
264
	if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4"))
265
		$input_errors[] = $result;
266

    
267
	if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6"))
268
		$input_errors[] = $result;
269

    
270
	$portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid);
271
	if (($portused != $vpnid) && ($portused != 0))
272
		$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
273

    
274
	if ($pconfig['autokey_enable'])
275
		$pconfig['shared_key'] = openvpn_create_key();
276

    
277
	if (!$tls_mode && !$pconfig['autokey_enable'])
278
		if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
279
			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
280
			$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
281

    
282
	if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
283
		if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
284
			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
285
			$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
286

    
287
	if ($pconfig['dns_server_enable']) {
288
		if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1'])))
289
			$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
290
		if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2'])))
291
			$input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
292
		if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3'])))
293
			$input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
294
		if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4'])))
295
			$input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
296
	}
297

    
298
	if ($pconfig['ntp_server_enable']) {
299
		if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1'])))
300
			$input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
301
		if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2'])))
302
			$input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
303
		if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3'])))
304
			$input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address");
305
		if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4'])))
306
			$input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address");
307
	}
308

    
309
	if ($pconfig['netbios_enable']) {
310
		if ($pconfig['wins_server_enable']) {
311
			if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1'])))
312
				$input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
313
			if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2'])))
314
				$input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
315
		}
316
		if ($pconfig['nbdd_server_enable'])
317
			if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1'])))
318
				$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
319
	}
320

    
321
	if ($pconfig['client_mgmt_port_enable']) {
322
		if ($result = openvpn_validate_port($pconfig['client_mgmt_port'], 'Client management port'))
323
			$input_errors[] = $result;
324
	}
325

    
326
	if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients']))
327
		$input_errors[] = gettext("The field 'Concurrent connections' must be numeric.");
328

    
329
	/* If we are not in shared key mode, then we need the CA/Cert. */
330
	if ($pconfig['mode'] != "p2p_shared_key") {
331
		$reqdfields = explode(" ", "caref certref");
332
		$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
333
	} elseif (!$pconfig['autokey_enable']) {
334
		/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
335
		$reqdfields = array('shared_key');
336
		$reqdfieldsn = array(gettext('Shared key'));
337
	}
338

    
339
	if ($pconfig['dev_mode'] != "tap") {
340
		$reqdfields[] = 'tunnel_network';
341
		$reqdfieldsn[] = gettext('Tunnel network');
342
	} else {
343
		if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network'])
344
			$input_errors[] = gettext("Using a tunnel network and server bridge settings together is not allowed.");
345
		if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end']) 
346
		|| (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end']))
347
			$input_errors[] = gettext("Server Bridge DHCP Start and End must both be empty, or defined.");
348
		if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_start'])))
349
			$input_errors[] = gettext("Server Bridge DHCP Start must be an IPv4 address.");
350
		if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_end'])))
351
			$input_errors[] = gettext("Server Bridge DHCP End must be an IPv4 address.");
352
		if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end']))
353
			$input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end).");
354
	}
355
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
356
	
357
	if (!$input_errors) {
358

    
359
		$server = array();
360

    
361
		if ($id && $pconfig['dev_mode'] <> $a_server[$id]['dev_mode'])
362
			openvpn_delete('server', $a_server[$id]);// delete(rename) old interface so a new TUN or TAP interface can be created.
363

    
364
		if ($vpnid)
365
			$server['vpnid'] = $vpnid;
366
		else
367
			$server['vpnid'] = openvpn_vpnid_next();
368

    
369
		if ($_POST['disable'] == "yes")
370
			$server['disable'] = true;
371
		$server['mode'] = $pconfig['mode'];
372
		if (!empty($pconfig['authmode']))
373
			$server['authmode'] = implode(",", $pconfig['authmode']);
374
		$server['protocol'] = $pconfig['protocol'];
375
		$server['dev_mode'] = $pconfig['dev_mode'];
376
		list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']);
377
		$server['local_port'] = $pconfig['local_port'];
378
		$server['description'] = $pconfig['description'];
379
		$server['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
380

    
381
		if ($tls_mode) {
382
			if ($pconfig['tlsauth_enable']) {
383
				if ($pconfig['autotls_enable'])
384
					$pconfig['tls'] = openvpn_create_key();
385
				$server['tls'] = base64_encode($pconfig['tls']);
386
			}
387
			$server['caref'] = $pconfig['caref'];
388
			$server['crlref'] = $pconfig['crlref'];
389
			$server['certref'] = $pconfig['certref'];
390
			$server['dh_length'] = $pconfig['dh_length'];
391
			$server['cert_depth'] = $pconfig['cert_depth'];
392
			if ($pconfig['mode'] == "server_tls_user")
393
				$server['strictusercn'] = $pconfig['strictusercn'];
394
		} else {
395
			$server['shared_key'] = base64_encode($pconfig['shared_key']);
396
		}
397
		$server['crypto'] = $pconfig['crypto'];
398
		$server['digest'] = $pconfig['digest'];
399
		$server['engine'] = $pconfig['engine'];
400

    
401
		$server['tunnel_network'] = $pconfig['tunnel_network'];
402
		$server['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
403
		$server['remote_network'] = $pconfig['remote_network'];
404
		$server['remote_networkv6'] = $pconfig['remote_networkv6'];
405
		$server['gwredir'] = $pconfig['gwredir'];
406
		$server['local_network'] = $pconfig['local_network'];
407
		$server['local_networkv6'] = $pconfig['local_networkv6'];
408
		$server['maxclients'] = $pconfig['maxclients'];
409
		$server['compression'] = $pconfig['compression'];
410
		$server['passtos'] = $pconfig['passtos'];
411
		$server['client2client'] = $pconfig['client2client'];
412

    
413
		$server['dynamic_ip'] = $pconfig['dynamic_ip'];
414
		$server['pool_enable'] = $pconfig['pool_enable'];
415
		$server['topology_subnet'] = $pconfig['topology_subnet'];
416

    
417
		$server['serverbridge_dhcp'] = $pconfig['serverbridge_dhcp'];
418
		$server['serverbridge_interface'] = $pconfig['serverbridge_interface'];
419
		$server['serverbridge_dhcp_start'] = $pconfig['serverbridge_dhcp_start'];
420
		$server['serverbridge_dhcp_end'] = $pconfig['serverbridge_dhcp_end'];
421

    
422
		if ($pconfig['dns_domain_enable'])
423
			$server['dns_domain'] = $pconfig['dns_domain'];
424

    
425
		if ($pconfig['dns_server_enable']) {
426
			$server['dns_server1'] = $pconfig['dns_server1'];
427
			$server['dns_server2'] = $pconfig['dns_server2'];
428
			$server['dns_server3'] = $pconfig['dns_server3'];
429
			$server['dns_server4'] = $pconfig['dns_server4'];
430
		}
431

    
432
		if ($pconfig['push_register_dns'])
433
			$server['push_register_dns'] = $pconfig['push_register_dns'];
434

    
435
		if ($pconfig['ntp_server_enable']) {
436
			$server['ntp_server1'] = $pconfig['ntp_server1'];
437
			$server['ntp_server2'] = $pconfig['ntp_server2'];
438
		}
439

    
440
		$server['netbios_enable'] = $pconfig['netbios_enable'];
441
		$server['netbios_ntype'] = $pconfig['netbios_ntype'];
442
		$server['netbios_scope'] = $pconfig['netbios_scope'];
443
		 
444
		$server['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
445
		$server['verbosity_level'] = $pconfig['verbosity_level'];
446

    
447
		if ($pconfig['netbios_enable']) {
448

    
449
			if ($pconfig['wins_server_enable']) {
450
				$server['wins_server1'] = $pconfig['wins_server1'];
451
				$server['wins_server2'] = $pconfig['wins_server2'];
452
			}
453

    
454
			if ($pconfig['dns_server_enable'])
455
				$server['nbdd_server1'] = $pconfig['nbdd_server1'];
456
		}
457

    
458
		if ($pconfig['client_mgmt_port_enable'])
459
			$server['client_mgmt_port'] = $pconfig['client_mgmt_port'];
460

    
461
		if ($_POST['duplicate_cn'] == "yes")
462
			$server['duplicate_cn'] = true;
463

    
464
		if (isset($id) && $a_server[$id])
465
			$a_server[$id] = $server;
466
		else
467
			$a_server[] = $server;
468

    
469
		openvpn_resync('server', $server);
470
		write_config();
471
		
472
		header("Location: vpn_openvpn_server.php");
473
		exit;
474
	}
475
	if (!empty($pconfig['authmode']))
476
		$pconfig['authmode'] = implode(",", $pconfig['authmode']);
477
}
478
$pgtitle = array(gettext("OpenVPN"), gettext("Server"));
479
$shortcut_section = "openvpn";
480

    
481
include("head.inc");
482

    
483
?>
484

    
485
<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
486
<?php include("fbegin.inc"); ?>
487
<script type="text/javascript">
488
//<![CDATA[
489

    
490
function mode_change() {
491
	index = document.iform.mode.selectedIndex;
492
	value = document.iform.mode.options[index].value;
493
	switch(value) {
494
		case "p2p_tls":
495
		case "server_tls":
496
		case "server_user":
497
			document.getElementById("tls").style.display="";
498
			document.getElementById("tls_ca").style.display="";
499
			document.getElementById("tls_crl").style.display="";
500
			document.getElementById("tls_cert").style.display="";
501
			document.getElementById("tls_dh").style.display="";
502
			document.getElementById("cert_depth").style.display="";
503
			document.getElementById("strictusercn").style.display="none";
504
			document.getElementById("psk").style.display="none";
505
			break;
506
		case "server_tls_user":
507
			document.getElementById("tls").style.display="";
508
			document.getElementById("tls_ca").style.display="";
509
			document.getElementById("tls_crl").style.display="";
510
			document.getElementById("tls_cert").style.display="";
511
			document.getElementById("tls_dh").style.display="";
512
			document.getElementById("cert_depth").style.display="";
513
			document.getElementById("strictusercn").style.display="";
514
			document.getElementById("psk").style.display="none";
515
			break;
516
		case "p2p_shared_key":
517
			document.getElementById("tls").style.display="none";
518
			document.getElementById("tls_ca").style.display="none";
519
			document.getElementById("tls_crl").style.display="none";
520
			document.getElementById("tls_cert").style.display="none";
521
			document.getElementById("tls_dh").style.display="none";
522
			document.getElementById("cert_depth").style.display="none";
523
			document.getElementById("strictusercn").style.display="none";
524
			document.getElementById("psk").style.display="";
525
			break;
526
	}
527
	switch(value) {
528
		case "p2p_shared_key":
529
			document.getElementById("client_opts").style.display="none";
530
			document.getElementById("remote_optsv4").style.display="";
531
			document.getElementById("remote_optsv6").style.display="";
532
			document.getElementById("gwredir_opts").style.display="none";
533
			document.getElementById("local_optsv4").style.display="none";
534
			document.getElementById("local_optsv6").style.display="none";
535
			document.getElementById("authmodetr").style.display="none";
536
			document.getElementById("inter_client_communication").style.display="none";
537
			break;
538
		case "p2p_tls":
539
			document.getElementById("client_opts").style.display="none";
540
			document.getElementById("remote_optsv4").style.display="";
541
			document.getElementById("remote_optsv6").style.display="";
542
			document.getElementById("gwredir_opts").style.display="";
543
			document.getElementById("local_optsv4").style.display="";
544
			document.getElementById("local_optsv6").style.display="";
545
			document.getElementById("authmodetr").style.display="none";
546
			document.getElementById("inter_client_communication").style.display="none";
547
			break;
548
		case "server_user":
549
                case "server_tls_user":
550
			document.getElementById("authmodetr").style.display="";
551
			document.getElementById("client_opts").style.display="";
552
			document.getElementById("remote_optsv4").style.display="none";
553
			document.getElementById("remote_optsv6").style.display="none";
554
			document.getElementById("gwredir_opts").style.display="";
555
			document.getElementById("local_optsv4").style.display="";
556
			document.getElementById("local_optsv6").style.display="";
557
			document.getElementById("inter_client_communication").style.display="";
558
			break;
559
		case "server_tls":
560
			document.getElementById("authmodetr").style.display="none";
561
		default:
562
			document.getElementById("client_opts").style.display="";
563
			document.getElementById("remote_optsv4").style.display="none";
564
			document.getElementById("remote_optsv6").style.display="none";
565
			document.getElementById("gwredir_opts").style.display="";
566
			document.getElementById("local_optsv4").style.display="";
567
			document.getElementById("local_optsv6").style.display="";
568
			document.getElementById("inter_client_communication").style.display="";
569
			break;
570
	}
571
	gwredir_change();
572
}
573

    
574
function autokey_change() {
575

    
576
	if ((document.iform.autokey_enable != null) && (document.iform.autokey_enable.checked))
577
		document.getElementById("autokey_opts").style.display="none";
578
	else
579
		document.getElementById("autokey_opts").style.display="";
580
}
581

    
582
function tlsauth_change() {
583

    
584
<?php if (!$pconfig['tls']): ?>
585
	if (document.iform.tlsauth_enable.checked)
586
		document.getElementById("tlsauth_opts").style.display="";
587
	else
588
		document.getElementById("tlsauth_opts").style.display="none";
589
<?php endif; ?>
590

    
591
	autotls_change();
592
}
593

    
594
function autotls_change() {
595

    
596
<?php if (!$pconfig['tls']): ?>
597
	autocheck = document.iform.autotls_enable.checked;
598
<?php else: ?>
599
	autocheck = false;
600
<?php endif; ?>
601

    
602
	if (document.iform.tlsauth_enable.checked && !autocheck)
603
		document.getElementById("autotls_opts").style.display="";
604
	else
605
		document.getElementById("autotls_opts").style.display="none";
606
}
607

    
608
function gwredir_change() {
609

    
610
	if (document.iform.gwredir.checked) {
611
		document.getElementById("local_optsv4").style.display="none";
612
		document.getElementById("local_optsv6").style.display="none";
613
	} else {
614
		document.getElementById("local_optsv4").style.display="";
615
		document.getElementById("local_optsv6").style.display="";
616
	}
617
}
618

    
619
function dns_domain_change() {
620

    
621
	if (document.iform.dns_domain_enable.checked)
622
		document.getElementById("dns_domain_data").style.display="";
623
	else
624
		document.getElementById("dns_domain_data").style.display="none";
625
}
626

    
627
function dns_server_change() {
628

    
629
	if (document.iform.dns_server_enable.checked)
630
		document.getElementById("dns_server_data").style.display="";
631
	else
632
		document.getElementById("dns_server_data").style.display="none";
633
}
634

    
635
function wins_server_change() {
636

    
637
	if (document.iform.wins_server_enable.checked)
638
		document.getElementById("wins_server_data").style.display="";
639
	else
640
		document.getElementById("wins_server_data").style.display="none";
641
}
642

    
643
function client_mgmt_port_change() {
644

    
645
	if (document.iform.client_mgmt_port_enable.checked)
646
		document.getElementById("client_mgmt_port_data").style.display="";
647
	else
648
		document.getElementById("client_mgmt_port_data").style.display="none";
649
}
650

    
651
function ntp_server_change() {
652

    
653
	if (document.iform.ntp_server_enable.checked)
654
		document.getElementById("ntp_server_data").style.display="";
655
	else
656
		document.getElementById("ntp_server_data").style.display="none";
657
}
658

    
659
function netbios_change() {
660

    
661
	if (document.iform.netbios_enable.checked) {
662
		document.getElementById("netbios_data").style.display="";
663
		document.getElementById("wins_opts").style.display="";
664
	} else {
665
		document.getElementById("netbios_data").style.display="none";
666
		document.getElementById("wins_opts").style.display="none";
667
	}
668
}
669

    
670
function tuntap_change() {
671

    
672
	mindex = document.iform.mode.selectedIndex;
673
	mvalue = document.iform.mode.options[mindex].value;
674

    
675
	switch(mvalue) {
676
		case "p2p_tls":
677
		case "p2p_shared_key":
678
			p2p = true;
679
			break;
680
		default:
681
			p2p = false;
682
			break;
683
	}
684

    
685
	index = document.iform.dev_mode.selectedIndex;
686
	value = document.iform.dev_mode.options[index].value;
687
	switch(value) {
688
		case "tun":
689
			document.getElementById("chkboxNoTunIPv6").style.display="";
690
			document.getElementById("ipv4_tunnel_network").className="vncellreq";
691
			document.getElementById("serverbridge_dhcp").style.display="none";
692
			document.getElementById("serverbridge_interface").style.display="none";
693
			document.getElementById("serverbridge_dhcp_start").style.display="none";
694
			document.getElementById("serverbridge_dhcp_end").style.display="none";
695
			document.getElementById("topology_subnet_opt").style.display="";
696
			break;
697
		case "tap":
698
			document.getElementById("chkboxNoTunIPv6").style.display="none";
699
			document.getElementById("ipv4_tunnel_network").className="vncell";
700
			if (!p2p) {
701
				document.getElementById("serverbridge_dhcp").style.display="";
702
				document.getElementById("serverbridge_interface").style.display="";
703
				document.getElementById("serverbridge_dhcp_start").style.display="";
704
				document.getElementById("serverbridge_dhcp_end").style.display="";
705
				document.getElementById("topology_subnet_opt").style.display="none";
706
				document.iform.serverbridge_dhcp.disabled = false;
707
				if (document.iform.serverbridge_dhcp.checked) {
708
					document.iform.serverbridge_interface.disabled = false;
709
					document.iform.serverbridge_dhcp_start.disabled = false;
710
					document.iform.serverbridge_dhcp_end.disabled = false;
711
				} else {
712
					document.iform.serverbridge_interface.disabled = true;
713
					document.iform.serverbridge_dhcp_start.disabled = true;
714
					document.iform.serverbridge_dhcp_end.disabled = true;
715
				}
716
			} else {
717
				document.getElementById("topology_subnet_opt").style.display="none";
718
				document.iform.serverbridge_dhcp.disabled = true;
719
				document.iform.serverbridge_interface.disabled = true;
720
				document.iform.serverbridge_dhcp_start.disabled = true;
721
				document.iform.serverbridge_dhcp_end.disabled = true;
722
			}
723
			break;
724
	}
725
}
726
//]]>
727
</script>
728
<?php
729
if (!$savemsg)
730
	$savemsg = "";
731

    
732
if ($input_errors)
733
	print_input_errors($input_errors);
734
if ($savemsg)
735
	print_info_box_np($savemsg);
736
?>
737
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn server">
738
	<tr>
739
		<td class="tabnavtbl">
740
			<?php 
741
				$tab_array = array();
742
				$tab_array[] = array(gettext("Server"), true, "vpn_openvpn_server.php");
743
				$tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php");
744
				$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
745
				$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
746
				add_package_tabs("OpenVPN", $tab_array);
747
				display_top_tabs($tab_array);
748
			?>
749
		</td>
750
	</tr>    
751
	<tr>
752
		<td class="tabcont">
753

    
754
			<?php if($act=="new" || $act=="edit"): ?>
755

    
756
			<form action="vpn_openvpn_server.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
757
				<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="general information">
758
					<tr>
759
						<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
760
					</tr>
761
					<tr>
762
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
763
						<td width="78%" class="vtable">
764
							<table border="0" cellpadding="0" cellspacing="0" summary="enable disable server">
765
								<tr>
766
									<td>
767
										<?php set_checked($pconfig['disable'],$chk); ?>
768
										<input name="disable" type="checkbox" value="yes" <?=$chk;?> />
769
									</td>
770
									<td>
771
										&nbsp;
772
										<span class="vexpl">
773
											<strong><?=gettext("Disable this server"); ?></strong><br />
774
										</span>
775
									</td>
776
								</tr>
777
							</table>
778
							<?=gettext("Set this option to disable this server without removing it from the list"); ?>.
779
						</td>
780
					</tr>
781
					<tr>
782
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
783
							<td width="78%" class="vtable">
784
							<select name='mode' id='mode' class="formselect" onchange='mode_change(); tuntap_change()'>
785
							<?php
786
								foreach ($openvpn_server_modes as $name => $desc):
787
									$selected = "";
788
									if ($pconfig['mode'] == $name)
789
										$selected = "selected=\"selected\"";
790
							?>
791
								<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
792
							<?php endforeach; ?>
793
							</select>
794
						</td>
795
					</tr>
796
					<tr id="authmodetr" style="display:none">
797
                                                <td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td>
798
                                                        <td width="78%" class="vtable">
799
                                                        <select name='authmode[]' id='authmode' class="formselect" multiple="multiple" size="<?php echo count($auth_servers); ?>">
800
							<?php $authmodes = explode(",", $pconfig['authmode']); ?>
801
                                                        <?php
802
								$auth_servers = auth_get_authserver_list();
803
                                                                foreach ($auth_servers as $auth_server):
804
                                                                        $selected = "";
805
                                                                        if (in_array($auth_server['name'], $authmodes))
806
                                                                                $selected = "selected=\"selected\"";
807
                                                        ?>
808
                                                                <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option>
809
                                                        <?php 	endforeach; ?>
810
                                                        </select>
811
                                                </td>
812
                                        </tr>
813
					<tr>
814
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
815
							<td width="78%" class="vtable">
816
							<select name='protocol' class="formselect">
817
							<?php
818
								foreach ($openvpn_prots as $prot):
819
									$selected = "";
820
									if ($pconfig['protocol'] == $prot)
821
										$selected = "selected=\"selected\"";
822
							?>
823
								<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
824
							<?php endforeach; ?>
825
							</select>
826
							</td>
827
					</tr>
828
					<tr>
829
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td>
830
						<td width="78%" class="vtable">
831
							<select name="dev_mode" class="formselect" onchange='tuntap_change()'>
832
                                                        <?php
833
                                                                foreach ($openvpn_dev_mode as $device):
834
                                                                       $selected = "";
835
                                                                       if (! empty($pconfig['dev_mode'])) {
836
                                                                               if ($pconfig['dev_mode'] == $device)
837
                                                                                       $selected = "selected=\"selected\"";
838
                                                                       } else {
839
                                                                               if ($device == "tun")
840
                                                                                       $selected = "selected=\"selected\"";
841
                                                                       }
842
                                                        ?>
843
                                                                <option value="<?=$device;?>" <?=$selected;?>><?=$device;?></option>
844
                                                        <?php endforeach; ?>
845
                                                        </select>
846
                                                        </td>
847
                                        </tr>
848
					<tr>
849
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
850
						<td width="78%" class="vtable">
851
							<select name="interface" class="formselect">
852
								<?php
853
									$interfaces = get_configured_interface_with_descr();
854
									$carplist = get_configured_carp_interface_list();
855
									foreach ($carplist as $cif => $carpip)
856
										$interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
857
									$aliaslist = get_configured_ip_aliases_list();
858
									foreach ($aliaslist as $aliasip => $aliasif)
859
										$interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
860
									$grouplist = return_gateway_groups_array();
861
									foreach ($grouplist as $name => $group) {
862
										if($group['ipprotocol'] != inet)
863
											continue;
864
										if($group[0]['vip'] <> "")
865
											$vipif = $group[0]['vip'];
866
										else
867
											$vipif = $group[0]['int'];
868
										$interfaces[$name] = "GW Group {$name}";
869
									}
870
									$interfaces['lo0'] = "Localhost";
871
									$interfaces['any'] = "any";
872
									foreach ($interfaces as $iface => $ifacename):
873
										$selected = "";
874
										if ($iface == $pconfig['interface'])
875
											$selected = "selected=\"selected\"";
876
								?>
877
									<option value="<?=$iface;?>" <?=$selected;?>>
878
										<?=htmlspecialchars($ifacename);?>
879
									</option>
880
								<?php endforeach; ?>
881
							</select> <br />
882
						</td>
883
					</tr>
884
					<tr>
885
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Local port");?></td>
886
						<td width="78%" class="vtable">
887
							<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>" />
888
						</td>
889
					</tr>
890
					<tr> 
891
						<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
892
						<td width="78%" class="vtable"> 
893
							<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>" />
894
							<br />
895
							<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
896
						</td>
897
					</tr>
898
					<tr>
899
						<td colspan="2" class="list" height="12"></td>
900
					</tr>
901
					<tr>
902
						<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
903
					</tr>
904
					<tr id="tls">
905
						<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
906
						<td width="78%" class="vtable">
907
							<table border="0" cellpadding="2" cellspacing="0" summary="tls authentication">
908
								<tr>
909
									<td>
910
										<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
911
										<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onclick="tlsauth_change()" />
912
									</td>
913
									<td>
914
										<span class="vexpl">
915
											<?=gettext("Enable authentication of TLS packets"); ?>.
916
										</span>
917
									</td>
918
								</tr>
919
							</table>
920
							<?php if (!$pconfig['tls']): ?>
921
							<table border="0" cellpadding="2" cellspacing="0" id="tlsauth_opts" summary="tls authentication options">
922
								<tr>
923
									<td>
924
										<?php set_checked($pconfig['autotls_enable'],$chk); ?>
925
										<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autotls_change()" />
926
									</td>
927
									<td>
928
										<span class="vexpl">
929
											<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
930
										</span>
931
									</td>
932
								</tr>
933
							</table>
934
							<?php endif; ?>
935
							<table border="0" cellpadding="2" cellspacing="0" id="autotls_opts" summary="tls authentication key">
936
								<tr>
937
									<td>
938
										<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
939
										<br />
940
										<?=gettext("Paste your shared key here"); ?>.
941
									</td>
942
								</tr>
943
							</table>
944
						</td>
945
					</tr>
946
					<tr id="tls_ca">
947
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
948
							<td width="78%" class="vtable">
949
							<?php if (count($a_ca)): ?>
950
							<select name='caref' class="formselect">
951
							<?php
952
								foreach ($a_ca as $ca):
953
									$selected = "";
954
									if ($pconfig['caref'] == $ca['refid'])
955
										$selected = "selected=\"selected\"";
956
							?>
957
								<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
958
							<?php endforeach; ?>
959
							</select>
960
							<?php else: ?>
961
								<b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System &gt; Cert Manager</a>.
962
							<?php endif; ?>
963
							</td>
964
					</tr>
965
					<tr id="tls_crl">
966
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Revocation List"); ?></td>
967
							<td width="78%" class="vtable">
968
							<?php if (count($a_crl)): ?>
969
							<select name='crlref' class="formselect">
970
								<option value="">None</option>
971
							<?php
972
								foreach ($a_crl as $crl):
973
									$selected = "";
974
									$caname = "";
975
									$ca = lookup_ca($crl['caref']);
976
									if ($ca) {
977
										$caname = " (CA: {$ca['descr']})";
978
										if ($pconfig['crlref'] == $crl['refid'])
979
											$selected = "selected=\"selected\"";
980
									}
981
							?>
982
								<option value="<?=$crl['refid'];?>" <?=$selected;?>><?=$crl['descr'] . $caname;?></option>
983
							<?php endforeach; ?>
984
							</select>
985
							<?php else: ?>
986
								<b>No Certificate Revocation Lists (CRLs) defined.</b> <br />Create one under <a href="system_crlmanager.php">System &gt; Cert Manager</a>.
987
							<?php endif; ?>
988
							</td>
989
					</tr>
990
					<tr id="tls_cert">
991
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Certificate"); ?></td>
992
							<td width="78%" class="vtable">
993
							<?php if (count($a_cert)): ?>
994
							<select name='certref' class="formselect">
995
							<?php
996
							foreach ($a_cert as $cert):
997
								$selected = "";
998
								$caname = "";
999
								$inuse = "";
1000
								$revoked = "";
1001
								$ca = lookup_ca($cert['caref']);
1002
								if ($ca)
1003
									$caname = " (CA: {$ca['descr']})";
1004
								if ($pconfig['certref'] == $cert['refid'])
1005
									$selected = "selected=\"selected\"";
1006
								if (cert_in_use($cert['refid']))
1007
									$inuse = " *In Use";
1008
								if (is_cert_revoked($cert))
1009
								$revoked = " *Revoked";
1010
							?>
1011
								<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
1012
							<?php endforeach; ?>
1013
							</select>
1014
							<?php else: ?>
1015
								<b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System &gt; Cert Manager</a>.
1016
							<?php endif; ?>
1017
						</td>
1018
					</tr>
1019
					<tr id="tls_dh">
1020
						<td width="22%" valign="top" class="vncellreq"><?=gettext("DH Parameters Length"); ?></td>
1021
						<td width="78%" class="vtable">
1022
							<select name="dh_length" class="formselect">
1023
								<?php
1024
									foreach ($openvpn_dh_lengths as $length):
1025
									$selected = "";
1026
									if ($length == $pconfig['dh_length'])
1027
										$selected = " selected=\"selected\"";
1028
								?>
1029
								<option<?=$selected?>><?=$length;?></option>
1030
								<?php endforeach; ?>
1031
							</select>
1032
							<span class="vexpl">
1033
								<?=gettext("bits"); ?>
1034
							</span>
1035
						</td>
1036
					</tr>
1037
					<tr id="psk">
1038
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
1039
						<td width="78%" class="vtable">
1040
							<?php if (!$pconfig['shared_key']): ?>
1041
							<table border="0" cellpadding="2" cellspacing="0" summary="shared key">
1042
								<tr>
1043
									<td>
1044
										<?php set_checked($pconfig['autokey_enable'],$chk); ?>
1045
										<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autokey_change()" />
1046
									</td>
1047
									<td>
1048
										<span class="vexpl">
1049
											<?=gettext("Automatically generate a shared key"); ?>.
1050
										</span>
1051
									</td>
1052
								</tr>
1053
							</table>
1054
							<?php endif; ?>
1055
							<table border="0" cellpadding="2" cellspacing="0" id="autokey_opts" summary="shared key">
1056
								<tr>
1057
									<td>
1058
										<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
1059
										<br />
1060
										<?=gettext("Paste your shared key here"); ?>.
1061
									</td>
1062
								</tr>
1063
							</table>
1064
						</td>
1065
					</tr>
1066
					<tr>
1067
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
1068
						<td width="78%" class="vtable">
1069
							<select name="crypto" class="formselect">
1070
								<?php
1071
									$cipherlist = openvpn_get_cipherlist();
1072
									foreach ($cipherlist as $name => $desc):
1073
									$selected = "";
1074
									if ($name == $pconfig['crypto'])
1075
										$selected = " selected=\"selected\"";
1076
								?>
1077
								<option value="<?=$name;?>"<?=$selected?>>
1078
									<?=htmlspecialchars($desc);?>
1079
								</option>
1080
								<?php endforeach; ?>
1081
							</select>
1082
						</td>
1083
					</tr>
1084
					<tr>
1085
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Auth Digest Algorithm"); ?></td>
1086
						<td width="78%" class="vtable">
1087
							<select name="digest" class="formselect">
1088
								<?php
1089
									$digestlist = openvpn_get_digestlist();
1090
									foreach ($digestlist as $name => $desc):
1091
									$selected = "";
1092
									if ($name == $pconfig['digest'])
1093
										$selected = " selected=\"selected\"";
1094
								?>
1095
								<option value="<?=$name;?>"<?=$selected?>>
1096
									<?=htmlspecialchars($desc);?>
1097
								</option>
1098
								<?php endforeach; ?>
1099
							</select>
1100
							<br /><?PHP echo gettext("NOTE: Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN."); ?>
1101
						</td>
1102
					</tr>
1103
					<tr id="engine">
1104
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
1105
						<td width="78%" class="vtable">
1106
							<select name="engine" class="formselect">
1107
								<?php
1108
									$engines = openvpn_get_engines();
1109
									foreach ($engines as $name => $desc):
1110
									$selected = "";
1111
									if ($name == $pconfig['engine'])
1112
										$selected = " selected=\"selected\"";
1113
								?>
1114
								<option value="<?=$name;?>"<?=$selected?>>
1115
									<?=htmlspecialchars($desc);?>
1116
								</option>
1117
								<?php endforeach; ?>
1118
							</select>
1119
						</td>
1120
					</tr>
1121
					<tr id="cert_depth">
1122
						<td width="22%" valign="top" class="vncell"><?=gettext("Certificate Depth"); ?></td>
1123
						<td width="78%" class="vtable">
1124
							<table border="0" cellpadding="2" cellspacing="0" summary="certificate depth">
1125
							<tr><td>
1126
							<select name="cert_depth" class="formselect">
1127
								<option value="">Do Not Check</option>
1128
								<?php
1129
									foreach ($openvpn_cert_depths as $depth => $depthdesc):
1130
									$selected = "";
1131
									if ($depth == $pconfig['cert_depth'])
1132
										$selected = " selected=\"selected\"";
1133
								?>
1134
								<option value="<?= $depth ?>" <?= $selected ?>><?= $depthdesc ?></option>
1135
								<?php endforeach; ?>
1136
							</select>
1137
							</td></tr>
1138
							<tr><td>
1139
							<span class="vexpl">
1140
								<?=gettext("When a certificate-based client logs in, do not accept certificates below this depth. Useful for denying certificates made with intermediate CAs generated from the same CA as the server."); ?>
1141
							</span>
1142
							</td></tr>
1143
							</table>
1144
						</td>
1145
					</tr>
1146
					<tr id="strictusercn">
1147
						<td width="22%" valign="top" class="vncell"><?=gettext("Strict User/CN Matching"); ?></td>
1148
						<td width="78%" class="vtable">
1149
							<table border="0" cellpadding="2" cellspacing="0" summary="strict user/cn matching">
1150
								<tr>
1151
									<td>
1152
										<?php set_checked($pconfig['strictusercn'],$chk); ?>
1153
										<input name="strictusercn" type="checkbox" value="yes" <?=$chk;?> />
1154
									</td>
1155
									<td>
1156
										<span class="vexpl">
1157
											<?=gettext("When authenticating users, enforce a match between the common name of the client certificate and the username given at login."); ?>
1158
										</span>
1159
									</td>
1160
								</tr>
1161
							</table>
1162
						</td>
1163
					</tr>
1164
					<tr>
1165
						<td colspan="2" class="list" height="12"></td>
1166
					</tr>
1167
					<tr>
1168
						<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
1169
					</tr>
1170
					<tr>
1171
						<td width="22%" valign="top" class="vncellreq" id="ipv4_tunnel_network"><?=gettext("IPv4 Tunnel Network"); ?></td>
1172
						<td width="78%" class="vtable">
1173
							<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>" />
1174
							<br />
1175
							<?=gettext("This is the IPv4 virtual network used for private " .
1176
							"communications between this server and client " .
1177
							"hosts expressed using CIDR (eg. 10.0.8.0/24). " .
1178
							"The first network address will be assigned to " .
1179
							"the	server virtual interface. The remaining " .
1180
							"network addresses can optionally be assigned " .
1181
							"to connecting clients. (see Address Pool)"); ?>
1182
						</td>
1183
					</tr>
1184
					<tr>
1185
						<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Tunnel Network"); ?></td>
1186
						<td width="78%" class="vtable">
1187
							<input name="tunnel_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_networkv6']);?>" />
1188
							<br />
1189
							<?=gettext("This is the IPv6 virtual network used for private " .
1190
							"communications between this server and client " .
1191
							"hosts expressed using CIDR (eg. fe80::/64). " .
1192
							"The first network address will be assigned to " .
1193
							"the server virtual interface. The remaining " .
1194
							"network addresses can optionally be assigned " .
1195
							"to connecting clients. (see Address Pool)"); ?>
1196
						</td>
1197
					</tr>
1198
					<tr id="serverbridge_dhcp">
1199
						<td width="22%" valign="top" class="vncell"><?=gettext("Bridge DHCP"); ?></td>
1200
						<td width="78%" class="vtable">
1201
							<table border="0" cellpadding="2" cellspacing="0" summary="bridge dhcp">
1202
								<tr>
1203
									<td>
1204
										<?php set_checked($pconfig['serverbridge_dhcp'],$chk); ?>
1205
										<input name="serverbridge_dhcp" type="checkbox" value="yes" <?=$chk;?> onchange="tuntap_change()" />
1206
									</td>
1207
									<td>
1208
										<span class="vexpl">
1209
											<?=gettext("Allow clients on the bridge to obtain DHCP."); ?><br />
1210
										</span>
1211
									</td>
1212
								</tr>
1213
							</table>
1214
						</td>
1215
					</tr>
1216
					<tr id="serverbridge_interface">
1217
						<td width="22%" valign="top" class="vncell"><?=gettext("Bridge Interface"); ?></td>
1218
						<td width="78%" class="vtable">
1219
							<select name="serverbridge_interface" class="formselect">
1220
								<?php
1221
									$serverbridge_interface['none'] = "none";
1222
									$serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr());
1223
									$carplist = get_configured_carp_interface_list();
1224
									foreach ($carplist as $cif => $carpip)
1225
										$serverbridge_interface[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
1226
									$aliaslist = get_configured_ip_aliases_list();
1227
									foreach ($aliaslist as $aliasip => $aliasif)
1228
										$serverbridge_interface[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
1229
									foreach ($serverbridge_interface as $iface => $ifacename):
1230
										$selected = "";
1231
										if ($iface == $pconfig['serverbridge_interface'])
1232
											$selected = "selected=\"selected\"";
1233
								?>
1234
									<option value="<?=$iface;?>" <?=$selected;?>>
1235
										<?=htmlspecialchars($ifacename);?>
1236
									</option>
1237
								<?php endforeach; ?>
1238
							</select> <br />
1239
							<?=gettext("The interface to which this tap instance will be " .
1240
							"bridged. This is not done automatically. You must assign this " .
1241
							"interface and create the bridge separately. " .
1242
							"This setting controls which existing IP address and subnet " .
1243
							"mask are used by OpenVPN for the bridge. Setting this to " .
1244
							"'none' will cause the Server Bridge DHCP settings below to be ignored."); ?>
1245
						</td>
1246
					</tr>
1247
					<tr id="serverbridge_dhcp_start">
1248
						<td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP Start"); ?></td>
1249
						<td width="78%" class="vtable">
1250
							<input name="serverbridge_dhcp_start" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_start']);?>" />
1251
							<br />
1252
							<?=gettext("When using tap mode as a multi-point server, " .
1253
							"you may optionally supply a DHCP range to use on the " .
1254
							"interface to which this tap instance is bridged. " .
1255
							"If these settings are left blank, DHCP will be passed " .
1256
							"through to the LAN, and the interface setting above " .
1257
							"will be ignored."); ?>
1258
						</td>
1259
					</tr>
1260
					<tr id="serverbridge_dhcp_end">
1261
						<td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP End"); ?></td>
1262
						<td width="78%" class="vtable">
1263
							<input name="serverbridge_dhcp_end" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_end']);?>" />
1264
							<br />
1265
						</td>
1266
					</tr>
1267
					<tr id="gwredir_opts">
1268
						<td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td>
1269
						<td width="78%" class="vtable">
1270
							<table border="0" cellpadding="2" cellspacing="0" summary="redirect gateway">
1271
								<tr>
1272
									<td>
1273
										<?php set_checked($pconfig['gwredir'],$chk); ?>
1274
										<input name="gwredir" type="checkbox" value="yes" <?=$chk;?> onclick="gwredir_change()" />
1275
									</td>
1276
									<td>
1277
										<span class="vexpl">
1278
											<?=gettext("Force all client generated traffic through the tunnel"); ?>.
1279
										</span>
1280
									</td>
1281
								</tr>
1282
							</table>
1283
						</td>
1284
					</tr>
1285
					<tr id="local_optsv4">
1286
						<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Local Network/s"); ?></td>
1287
						<td width="78%" class="vtable">
1288
							<input name="local_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['local_network']);?>" />
1289
							<br />
1290
							<?=gettext("These are the IPv4 networks that will be accessible " .
1291
							"from the remote endpoint. Expressed as a comma-separated list of one or more CIDR ranges. " .
1292
							"You may leave this blank if you don't " .
1293
							"want to add a route to the local network " .
1294
							"through this tunnel on the remote machine. " .
1295
							"This is generally set to your LAN network"); ?>.
1296
						</td>
1297
					</tr>
1298
					<tr id="local_optsv6">
1299
						<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Local Network/s"); ?></td>
1300
						<td width="78%" class="vtable">
1301
							<input name="local_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['local_networkv6']);?>" />
1302
							<br />
1303
							<?=gettext("These are the IPv6 networks that will be accessible " .
1304
							"from the remote endpoint. Expressed as a comma-separated list of one or more IP/PREFIX. " .
1305
							"You may leave this blank if you don't " .
1306
							"want to add a route to the local network " .
1307
							"through this tunnel on the remote machine. " .
1308
							"This is generally set to your LAN network"); ?>.
1309
						</td>
1310
					</tr>
1311
					<tr id="remote_optsv4">
1312
						<td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Remote Network/s"); ?></td>
1313
						<td width="78%" class="vtable">
1314
							<input name="remote_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_network']);?>" />
1315
							<br />
1316
							<?=gettext("These are the IPv4 networks that will be routed through " .
1317
							"the tunnel, so that a site-to-site VPN can be " .
1318
							"established without manually changing the routing tables. " .
1319
							"Expressed as a comma-separated list of one or more CIDR ranges. " .
1320
							"If this is a site-to-site VPN, enter the " .
1321
							"remote LAN/s here. You may leave this blank if " .
1322
							"you don't want a site-to-site VPN"); ?>.
1323
						</td>
1324
					</tr>
1325
					<tr id="remote_optsv6">
1326
						<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Remote Network/s"); ?></td>
1327
						<td width="78%" class="vtable">
1328
							<input name="remote_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_networkv6']);?>" />
1329
							<br />
1330
							<?=gettext("These are the IPv6 networks that will be routed through " .
1331
							"the tunnel, so that a site-to-site VPN can be " .
1332
							"established without manually changing the routing tables. " .
1333
							"Expressed as a comma-separated list of one or more IP/PREFIX. " .
1334
							"If this is a site-to-site VPN, enter the " .
1335
							"remote LAN/s here. You may leave this blank if " .
1336
							"you don't want a site-to-site VPN"); ?>.
1337
						</td>
1338
					</tr>
1339
					<tr>
1340
						<td width="22%" valign="top" class="vncell"><?=gettext("Concurrent connections");?></td>
1341
						<td width="78%" class="vtable">
1342
							<input name="maxclients" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['maxclients']);?>" />
1343
							<br />
1344
							<?=gettext("Specify the maximum number of clients allowed to concurrently connect to this server"); ?>.
1345
						</td>
1346
					</tr>
1347
					<tr>
1348
						<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
1349
						<td width="78%" class="vtable">
1350
							<select name="compression" class="formselect">
1351
								<?php
1352
									foreach ($openvpn_compression_modes as $cmode => $cmodedesc):
1353
									$selected = "";
1354
									if ($cmode == $pconfig['compression'])
1355
										$selected = " selected=\"selected\"";
1356
								?>
1357
								<option value="<?= $cmode ?>" <?= $selected ?>><?= $cmodedesc ?></option>
1358
								<?php endforeach; ?>
1359
							</select>
1360
							<br />
1361
							<?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently"); ?>.
1362
						</td>
1363
					</tr>
1364
					<tr>
1365
						<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
1366
						<td width="78%" class="vtable">
1367
							<table border="0" cellpadding="2" cellspacing="0" summary="type-of-service">
1368
								<tr>
1369
									<td>
1370
										<?php set_checked($pconfig['passtos'],$chk); ?>
1371
										<input name="passtos" type="checkbox" value="yes" <?=$chk;?> />
1372
									</td>
1373
									<td>
1374
										<span class="vexpl">
1375
											<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
1376
										</span>
1377
									</td>
1378
								</tr>
1379
							</table>
1380
						</td>
1381
					</tr>
1382
					<tr id="inter_client_communication">
1383
						<td width="22%" valign="top" class="vncell"><?=gettext("Inter-client communication"); ?></td>
1384
						<td width="78%" class="vtable">
1385
							<table border="0" cellpadding="2" cellspacing="0" summary="inter-client communication">
1386
								<tr>
1387
									<td>
1388
										<?php set_checked($pconfig['client2client'],$chk); ?>
1389
										<input name="client2client" type="checkbox" value="yes" <?=$chk;?> />
1390
									</td>
1391
									<td>
1392
										<span class="vexpl">
1393
											<?=gettext("Allow communication between clients connected to this server"); ?>
1394
										</span>
1395
									</td>
1396
								</tr>
1397
							</table>
1398
						</td>
1399
					</tr>
1400
					<tr id="duplicate_cn">
1401
						<td width="22%" valign="top" class="vncell"><?=gettext("Duplicate Connections"); ?></td>
1402
						<td width="78%" class="vtable">
1403
							<table border="0" cellpadding="2" cellspacing="0" summary="duplicate connection">
1404
								<tr>
1405
									<td>
1406
										<?php set_checked($pconfig['duplicate_cn'],$chk); ?>
1407
										<input name="duplicate_cn" type="checkbox" value="yes" <?=$chk;?> />
1408
									</td>
1409
									<td>
1410
										<span class="vexpl">
1411
											<?=gettext("Allow multiple concurrent connections from clients using the same Common Name.<br />NOTE: This is not generally recommended, but may be needed for some scenarios."); ?>
1412
										</span>
1413
									</td>
1414
								</tr>
1415
							</table>
1416
						</td>
1417
					</tr>
1418

    
1419
					<tr id="chkboxNoTunIPv6">
1420
						<td width="22%" valign="top" class="vncell"><?=gettext("Disable IPv6"); ?></td>
1421
						<td width="78%" class="vtable">
1422
							<table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6-srv">
1423
								<tr>
1424
									<td>
1425
										<?php set_checked($pconfig['no_tun_ipv6'],$chk); ?>
1426
										<input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> />
1427
									</td>
1428
									<td>
1429
										<span class="vexpl">
1430
											<?=gettext("Don't forward IPv6 traffic"); ?>.
1431
										</span>
1432
									</td>
1433
								</tr>
1434
							</table>
1435
						</td>
1436
					</tr>
1437

    
1438
				</table>
1439

    
1440
				<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="client settings">
1441
					<tr>
1442
						<td colspan="2" class="list" height="12"></td>
1443
					</tr>
1444
					<tr>
1445
						<td colspan="2" valign="top" class="listtopic"><?=gettext("Client Settings"); ?></td>
1446
					</tr>
1447
					<tr>
1448
						<td width="22%" valign="top" class="vncell"><?=gettext("Dynamic IP"); ?></td>
1449
						<td width="78%" class="vtable">
1450
							<table border="0" cellpadding="2" cellspacing="0" summary="dynamic ip">
1451
								<tr>
1452
									<td>
1453
										<?php set_checked($pconfig['dynamic_ip'],$chk); ?>
1454
										<input name="dynamic_ip" type="checkbox" id="dynamic_ip" value="yes" <?=$chk;?> />
1455
									</td>
1456
									<td>
1457
										<span class="vexpl">
1458
											<?=gettext("Allow connected clients to retain their connections if their IP address changes"); ?>.<br />
1459
										</span>
1460
									</td>
1461
								</tr>
1462
							</table>
1463
						</td>
1464
					</tr>
1465
					<tr>
1466
						<td width="22%" valign="top" class="vncell"><?=gettext("Address Pool"); ?></td>
1467
						<td width="78%" class="vtable">
1468
							<table border="0" cellpadding="2" cellspacing="0" summary="address pool">
1469
								<tr>
1470
									<td>
1471
										<?php set_checked($pconfig['pool_enable'],$chk); ?>
1472
										<input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?> />
1473
									</td>
1474
									<td>
1475
										<span class="vexpl">
1476
											<?=gettext("Provide a virtual adapter IP address to clients (see Tunnel Network)"); ?><br />
1477
										</span>
1478
									</td>
1479
								</tr>
1480
							</table>
1481
						</td>
1482
					</tr>
1483
					<tr id="topology_subnet_opt">
1484
						<td width="22%" valign="top" class="vncell"><?=gettext("Topology"); ?></td>
1485
						<td width="78%" class="vtable">
1486
							<table border="0" cellpadding="2" cellspacing="0" summary="topology">
1487
								<tr>
1488
									<td>
1489
										<?php set_checked($pconfig['topology_subnet'],$chk); ?>
1490
										<input name="topology_subnet" type="checkbox" id="topology_subnet" value="yes" <?=$chk;?> />
1491
									</td>
1492
									<td>
1493
										<span class="vexpl">
1494
											<?=gettext("Allocate only one IP per client (topology subnet), rather than an isolated subnet per client (topology net30)."); ?><br />
1495
										</span>
1496
									</td>
1497
								</tr>
1498
								<tr>
1499
									<td>&nbsp;</td>
1500
									<td>
1501
										<?=gettext("Relevant when supplying a virtual adapter IP address to clients when using tun mode on IPv4."); ?><br />
1502
										<?=gettext("Some clients may require this even for IPv6, such as OpenVPN Connect (iOS/Android). Others may break if it is present, such as older versions of OpenVPN or clients such as Yealink phones."); ?><br />
1503
									</td>
1504
								</tr>
1505
							</table>
1506
						</td>
1507
					</tr>
1508
					<tr>
1509
						<td width="22%" valign="top" class="vncell"><?=gettext("DNS Default Domain"); ?></td>
1510
						<td width="78%" class="vtable">
1511
							<table border="0" cellpadding="2" cellspacing="0" summary="dns default domain">
1512
								<tr>
1513
									<td>
1514
										<?php set_checked($pconfig['dns_domain_enable'],$chk); ?>
1515
										<input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onclick="dns_domain_change()" />
1516
									</td>
1517
									<td>
1518
										<span class="vexpl">
1519
	                                        <?=gettext("Provide a default domain name to clients"); ?><br />
1520
										</span>
1521
									</td>
1522
								</tr>
1523
							</table>
1524
							<table border="0" cellpadding="2" cellspacing="0" id="dns_domain_data" summary="dns domain data">
1525
								<tr>
1526
									<td>
1527
										<input name="dns_domain" type="text" class="formfld unknown" id="dns_domain" size="30" value="<?=htmlspecialchars($pconfig['dns_domain']);?>" />
1528
									</td>
1529
								</tr>
1530
							</table>
1531
						</td>
1532
					</tr>
1533
					<tr>
1534
						<td width="22%" valign="top" class="vncell"><?=gettext("DNS Servers"); ?></td>
1535
						<td width="78%" class="vtable">
1536
							<table border="0" cellpadding="2" cellspacing="0" summary="dns servers">
1537
								<tr>
1538
									<td>
1539
										<?php set_checked($pconfig['dns_server_enable'],$chk); ?>
1540
										<input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onclick="dns_server_change()" />
1541
									</td>
1542
									<td>
1543
										<span class="vexpl">
1544
											<?=gettext("Provide a DNS server list to clients"); ?><br />
1545
										</span>
1546
									</td>
1547
								</tr>
1548
							</table>
1549
							<table border="0" cellpadding="2" cellspacing="0" id="dns_server_data" summary="dns servers">
1550
								<tr>
1551
									<td>
1552
										<span class="vexpl">
1553
											<?=gettext("Server"); ?> #1:&nbsp;
1554
										</span>
1555
										<input name="dns_server1" type="text" class="formfld unknown" id="dns_server1" size="20" value="<?=htmlspecialchars($pconfig['dns_server1']);?>" />
1556
									</td>
1557
								</tr>
1558
								<tr>
1559
									<td>
1560
										<span class="vexpl">
1561
											<?=gettext("Server"); ?> #2:&nbsp;
1562
										</span>
1563
										<input name="dns_server2" type="text" class="formfld unknown" id="dns_server2" size="20" value="<?=htmlspecialchars($pconfig['dns_server2']);?>" />
1564
									</td>
1565
								</tr>
1566
								<tr>
1567
									<td>
1568
										<span class="vexpl">
1569
											<?=gettext("Server"); ?> #3:&nbsp;
1570
										</span>
1571
										<input name="dns_server3" type="text" class="formfld unknown" id="dns_server3" size="20" value="<?=htmlspecialchars($pconfig['dns_server3']);?>" />
1572
									</td>
1573
								</tr>
1574
								<tr>
1575
									<td>
1576
										<span class="vexpl">
1577
											<?=gettext("Server"); ?> #4:&nbsp;
1578
										</span>
1579
										<input name="dns_server4" type="text" class="formfld unknown" id="dns_server4" size="20" value="<?=htmlspecialchars($pconfig['dns_server4']);?>" />
1580
									</td>
1581
								</tr>
1582
							</table>
1583
						</td>
1584
					</tr>
1585

    
1586
					<tr id="chkboxPushRegisterDNS">
1587
						<td width="22%" valign="top" class="vncell"><?=gettext("Force DNS cache update"); ?></td>
1588
						<td width="78%" class="vtable">
1589
							<table border="0" cellpadding="2" cellspacing="0" summary="push register dns">
1590
								<tr>
1591
									<td>
1592
										<?php set_checked($pconfig['push_register_dns'],$chk); ?>
1593
										<input name="push_register_dns" type="checkbox" value="yes" <?=$chk;?> />
1594
									</td>
1595
									<td>
1596
										<span class="vexpl">
1597
											<?=gettext("Run ''net stop dnscache'', ''net start dnscache'', ''ipconfig /flushdns'' and ''ipconfig /registerdns'' on connection initiation. This is known to kick Windows into recognizing pushed DNS servers."); ?><br />
1598
										</span>
1599
									</td>
1600
								</tr>
1601
							</table>
1602
						</td>
1603
					</tr>
1604

    
1605
					<tr>
1606
						<td width="22%" valign="top" class="vncell"><?=gettext("NTP Servers"); ?></td>
1607
						<td width="78%" class="vtable">
1608
							<table border="0" cellpadding="2" cellspacing="0" summary="ntp servers">
1609
								<tr>
1610
									<td>
1611
										<?php set_checked($pconfig['ntp_server_enable'],$chk); ?>
1612
										<input name="ntp_server_enable" type="checkbox" id="ntp_server_enable" value="yes" <?=$chk;?> onclick="ntp_server_change()" />
1613
									</td>
1614
									<td>
1615
										<span class="vexpl">
1616
											<?=gettext("Provide a NTP server list to clients"); ?><br />
1617
										</span>
1618
									</td>
1619
								</tr>
1620
							</table>
1621
							<table border="0" cellpadding="2" cellspacing="0" id="ntp_server_data" summary="ntp servers">
1622
								<tr>
1623
									<td>
1624
										<span class="vexpl">
1625
											<?=gettext("Server"); ?> #1:&nbsp;
1626
										</span>
1627
										<input name="ntp_server1" type="text" class="formfld unknown" id="ntp_server1" size="20" value="<?=htmlspecialchars($pconfig['ntp_server1']);?>" />
1628
									</td>
1629
								</tr>
1630
								<tr>
1631
									<td>
1632
										<span class="vexpl">
1633
											<?=gettext("Server"); ?> #2:&nbsp;
1634
										</span>
1635
										<input name="ntp_server2" type="text" class="formfld unknown" id="ntp_server2" size="20" value="<?=htmlspecialchars($pconfig['ntp_server2']);?>" />
1636
									</td>
1637
								</tr>
1638
							</table>
1639
						</td>
1640
					</tr>
1641
					<tr>
1642
						<td width="22%" valign="top" class="vncell"><?=gettext("NetBIOS Options"); ?></td>
1643
						<td width="78%" class="vtable">
1644
							<table border="0" cellpadding="2" cellspacing="0" summary="netboios options">
1645
								<tr>
1646
									<td>
1647
										<?php set_checked($pconfig['netbios_enable'],$chk); ?>
1648
										<input name="netbios_enable" type="checkbox" id="netbios_enable" value="yes" <?=$chk;?> onclick="netbios_change()" />
1649
									</td>
1650
									<td>
1651
										<span class="vexpl">
1652
											<?=gettext("Enable NetBIOS over TCP/IP"); ?><br />
1653
										</span>
1654
									</td>
1655
								</tr>
1656
							</table>
1657
							<?=gettext("If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled"); ?>.
1658
							<br />
1659
							<table border="0" cellpadding="2" cellspacing="0" id="netbios_data" summary="netboios options">
1660
								<tr>
1661
									<td>
1662
										<br />
1663
										<span class="vexpl">
1664
											<?=gettext("Node Type"); ?>:&nbsp;
1665
										</span>
1666
										<select name='netbios_ntype' class="formselect">
1667
										<?php
1668
											foreach ($netbios_nodetypes as $type => $name):
1669
												$selected = "";
1670
												if ($pconfig['netbios_ntype'] == $type)
1671
													$selected = "selected=\"selected\"";
1672
										?>
1673
											<option value="<?=$type;?>" <?=$selected;?>><?=$name;?></option>
1674
										<?php endforeach; ?>
1675
										</select>
1676
										<br />
1677
										<?=gettext("Possible options: b-node (broadcasts), p-node " .
1678
										"(point-to-point name queries to a WINS server), " .
1679
										"m-node (broadcast then query name server), and " .
1680
										"h-node (query name server, then broadcast)"); ?>.
1681
									</td>
1682
								</tr>
1683
								<tr>
1684
									<td>
1685
										<br />
1686
										<span class="vexpl">
1687
											<?=gettext("Scope ID"); ?>:&nbsp;
1688
										</span>
1689
										<input name="netbios_scope" type="text" class="formfld unknown" id="netbios_scope" size="30" value="<?=htmlspecialchars($pconfig['netbios_scope']);?>" />
1690
										<br />
1691
										<?=gettext("A NetBIOS Scope	ID provides an extended naming " .
1692
										"service for	NetBIOS over TCP/IP. The NetBIOS " .
1693
										"scope ID isolates NetBIOS traffic on a single " .
1694
										"network to only those nodes with the same " .
1695
										"NetBIOS scope ID"); ?>.
1696
									</td>
1697
								</tr>
1698
							</table>
1699
						</td>
1700
					</tr>
1701
					<tr id="wins_opts">
1702
						<td width="22%" valign="top" class="vncell"><?=gettext("WINS Servers"); ?></td>
1703
						<td width="78%" class="vtable">
1704
							<table border="0" cellpadding="2" cellspacing="0" summary="wins servers">
1705
								<tr>
1706
									<td>
1707
										<?php set_checked($pconfig['wins_server_enable'],$chk); ?>
1708
										<input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onclick="wins_server_change()" />
1709
									</td>
1710
									<td>
1711
										<span class="vexpl">
1712
											<?=gettext("Provide a WINS server list to clients"); ?><br />
1713
										</span>
1714
									</td>
1715
								</tr>
1716
							</table>
1717
							<table border="0" cellpadding="2" cellspacing="0" id="wins_server_data" summary="wins servers">
1718
								<tr>
1719
									<td>
1720
										<span class="vexpl">
1721
											<?=gettext("Server"); ?> #1:&nbsp;
1722
										</span>
1723
										<input name="wins_server1" type="text" class="formfld unknown" id="wins_server1" size="20" value="<?=htmlspecialchars($pconfig['wins_server1']);?>" />
1724
									</td>
1725
								</tr>
1726
								<tr>
1727
									<td>
1728
										<span class="vexpl">
1729
											<?=gettext("Server"); ?> #2:&nbsp;
1730
										</span>
1731
										<input name="wins_server2" type="text" class="formfld unknown" id="wins_server2" size="20" value="<?=htmlspecialchars($pconfig['wins_server2']);?>" />
1732
									</td>
1733
								</tr>
1734
							</table>
1735
						</td>
1736
					</tr>
1737
					<tr>
1738
						<td width="22%" valign="top" class="vncell"><?=gettext("Client Management Port"); ?></td>
1739
						<td width="78%" class="vtable">
1740
							<table border="0" cellpadding="2" cellspacing="0" summary="client management port">
1741
								<tr>
1742
									<td>
1743
										<?php set_checked($pconfig['client_mgmt_port_enable'],$chk); ?>
1744
										<input name="client_mgmt_port_enable" type="checkbox" id="client_mgmt_port_enable" value="yes" <?=$chk;?> onclick="client_mgmt_port_change()" />
1745
									</td>
1746
									<td>
1747
										<span class="vexpl">
1748
	                                        <?=gettext("Use a different management port on clients. The default port is 166. Specify a different port if the client machines need to select from multiple OpenVPN links."); ?><br />
1749
										</span>
1750
									</td>
1751
								</tr>
1752
							</table>
1753
							<table border="0" cellpadding="2" cellspacing="0" id="client_mgmt_port_data" summary="client management port">
1754
								<tr>
1755
									<td>
1756
										<input name="client_mgmt_port" type="text" class="formfld unknown" id="client_mgmt_port" size="30" value="<?=htmlspecialchars($pconfig['client_mgmt_port']);?>" />
1757
									</td>
1758
								</tr>
1759
							</table>
1760
						</td>
1761
					</tr>
1762
				</table>
1763

    
1764
				<table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="advance configuration">
1765
					<tr>
1766
						<td colspan="2" class="list" height="12"></td>
1767
					</tr>
1768
					<tr>
1769
						<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
1770
					</tr>
1771
					<tr>
1772
						<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
1773
						<td width="78%" class="vtable">
1774
							<table border="0" cellpadding="2" cellspacing="0" summary="advance configuration">
1775
								<tr>
1776
									<td>
1777
										<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br />
1778
										<?=gettext("Enter any additional options you would like to add to the OpenVPN server configuration here, separated by a semicolon"); ?><br />
1779
										<?=gettext("EXAMPLE: push \"route 10.0.0.0 255.255.255.0\""); ?>;
1780
									</td>
1781
								</tr>
1782
							</table>
1783
						</td>
1784
					</tr>
1785

    
1786
					<tr id="comboboxVerbosityLevel">
1787
							<td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td>
1788
							<td width="78%" class="vtable">
1789
							<select name="verbosity_level" class="formselect">
1790
							<?php
1791
								foreach ($openvpn_verbosity_level as $verb_value => $verb_desc):
1792
									$selected = "";
1793
									if ($pconfig['verbosity_level'] == $verb_value)
1794
										$selected = "selected=\"selected\"";
1795
							?>
1796
								<option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option>
1797
							<?php endforeach; ?>
1798
							</select>
1799
							<br />
1800
							<?=gettext("Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output"); ?>.<br /> <br />
1801
							<strong>none</strong> -- <?=gettext("No output except fatal errors"); ?>. <br />
1802
							<strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br />
1803
							<strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br />
1804
							<strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>.
1805
							</td>
1806
					</tr>
1807

    
1808
				</table>
1809

    
1810
				<br />
1811
				<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="icons">
1812
					<tr>
1813
						<td width="22%" valign="top">&nbsp;</td>
1814
						<td width="78%"> 
1815
							<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> 
1816
							<input name="act" type="hidden" value="<?=$act;?>" />
1817
							<?php if (isset($id) && $a_server[$id]): ?>
1818
							<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
1819
							<?php endif; ?>
1820
						</td>
1821
					</tr>
1822
				</table>
1823
			</form>
1824

    
1825
			<?php else: ?>
1826

    
1827
			<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="list">
1828
				<thead>
1829
				<tr>
1830
					<td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td>
1831
					<td width="10%" class="listhdrr"><?=gettext("Protocol / Port"); ?></td>
1832
					<td width="30%" class="listhdrr"><?=gettext("Tunnel Network"); ?></td>
1833
					<td width="40%" class="listhdrr"><?=gettext("Description"); ?></td>
1834
					<td width="10%" class="list"></td>
1835
				</tr>
1836
				</thead>
1837
				<tfoot>
1838
				<tr>
1839
					<td class="list" colspan="4"></td>
1840
					<td class="list">
1841
						<a href="vpn_openvpn_server.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add server"); ?>" width="17" height="17" border="0" alt="add" />
1842
						</a>
1843
					</td>
1844
				</tr>
1845
				</tfoot>
1846
				<tbody>
1847
				<?php
1848
					$i = 0;
1849
					foreach($a_server as $server):
1850
						$disabled = "NO";
1851
						if (isset($server['disable']))
1852
							$disabled = "YES";
1853
				?>
1854
				<tr>
1855
					<td class="listlr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&amp;id=<?=$i;?>'">
1856
						<?=$disabled;?>
1857
					</td>
1858
					<td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&amp;id=<?=$i;?>'">
1859
						<?=htmlspecialchars($server['protocol']);?> / <?=htmlspecialchars($server['local_port']);?>
1860
					</td>
1861
					<td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&amp;id=<?=$i;?>'">
1862
						<?=htmlspecialchars($server['tunnel_network']);?><br />
1863
						<?=htmlspecialchars($server['tunnel_networkv6']);?><br />
1864
					</td>
1865
					<td class="listbg" ondblclick="document.location='vpn_openvpn_server.php?act=edit&amp;id=<?=$i;?>'">
1866
						<?=htmlspecialchars($server['description']);?>
1867
					</td>
1868
					<td valign="middle" class="list nowrap">
1869
						<a href="vpn_openvpn_server.php?act=edit&amp;id=<?=$i;?>">
1870
							<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit server"); ?>" width="17" height="17" border="0" alt="edit" />
1871
						</a>
1872
						&nbsp;
1873
						<a href="vpn_openvpn_server.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this server?"); ?>')">
1874
							<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete server"); ?>" width="17" height="17" border="0" alt="delete" />
1875
						</a>
1876
					</td>
1877
				</tr>
1878
				<?php
1879
					$i++;
1880
					endforeach;
1881
				?>
1882
				<tr style="dispaly:none;"><td></td></tr>
1883
				</tbody>
1884
			</table>
1885

    
1886
			<?=gettext("Additional OpenVPN servers can be added here.");?>
1887

    
1888
			<?php endif; ?>
1889

    
1890
		</td>
1891
	</tr>
1892
</table>
1893
<script type="text/javascript">
1894
//<![CDATA[
1895
mode_change();
1896
autokey_change();
1897
tlsauth_change();
1898
gwredir_change();
1899
dns_domain_change();
1900
dns_server_change();
1901
wins_server_change();
1902
client_mgmt_port_change();
1903
ntp_server_change();
1904
netbios_change();
1905
tuntap_change();
1906
//]]>
1907
</script>
1908
<?php include("fend.inc"); ?>
1909
</body>
1910
</html>
1911
<?php
1912

    
1913
/* local utility functions */
1914

    
1915
function set_checked($var,& $chk) {
1916
    if($var)
1917
        $chk = "checked=\"checked\"";
1918
    else
1919
        $chk = "";
1920
}
1921

    
1922
?>
(249-249/256)