diff options
| author | Renato Botelho <renato@netgate.com> | 2017-01-31 13:30:02 -0200 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2017-01-31 13:30:02 -0200 |
| commit | 0a609a57f65517c9a39892a5f1af77a870cf84fe (patch) | |
| tree | 0405ec0f2dd4c10ecfa6d53a700c11e962d8ae55 | |
| parent | 1c505f17c76e23f3d012a2392092a450a728efb0 (diff) | |
| parent | 1bbdab13e436f5f2b9e381886be4d9c2d1a4e44f (diff) | |
| download | pfsense-0a609a57f65517c9a39892a5f1af77a870cf84fe.zip pfsense-0a609a57f65517c9a39892a5f1af77a870cf84fe.tar.gz | |
Merge pull request #3451 from phil-davis/required-fields-vpn
| -rw-r--r-- | src/usr/local/www/vpn_ipsec_keys_edit.php | 6 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_ipsec_mobile.php | 4 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_ipsec_phase1.php | 30 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_ipsec_phase2.php | 12 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_l2tp.php | 14 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_l2tp_users_edit.php | 7 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_openvpn_client.php | 28 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_openvpn_csc.php | 2 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_openvpn_server.php | 36 |
9 files changed, 72 insertions, 67 deletions
diff --git a/src/usr/local/www/vpn_ipsec_keys_edit.php b/src/usr/local/www/vpn_ipsec_keys_edit.php index 13e36ad..c5c515c 100644 --- a/src/usr/local/www/vpn_ipsec_keys_edit.php +++ b/src/usr/local/www/vpn_ipsec_keys_edit.php @@ -134,21 +134,21 @@ $section = new Form_Section('Edit Pre-Shared-Secret'); $section->addInput(new Form_Input( 'ident', - 'Identifier', + '*Identifier', 'text', $pconfig['ident'] ))->setHelp('This can be either an IP address, fully qualified domain name or an e-mail address.'); $section->addInput(new Form_Select( 'type', - 'Secret type', + '*Secret type', $pconfig['type'], $ipsec_preshared_key_type ))->setWidth(2); $section->addInput(new Form_Input( 'psk', - 'Pre-Shared Key', + '*Pre-Shared Key', 'text', $pconfig['psk'] )); diff --git a/src/usr/local/www/vpn_ipsec_mobile.php b/src/usr/local/www/vpn_ipsec_mobile.php index e25c37d..4fa5fe7 100644 --- a/src/usr/local/www/vpn_ipsec_mobile.php +++ b/src/usr/local/www/vpn_ipsec_mobile.php @@ -448,7 +448,7 @@ foreach (auth_get_authserver_list() as $authServer) { $section->addInput(new Form_Select( 'user_source', - 'User Authentication', + '*User Authentication', explode(",", $pconfig['user_source']), $authServers, true @@ -456,7 +456,7 @@ $section->addInput(new Form_Select( $section->addInput(new Form_Select( 'group_source', - 'Group Authentication', + '*Group Authentication', $pconfig['group_source'], array( 'none' => gettext('none'), diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php index 9eb05cd..ac823d9 100644 --- a/src/usr/local/www/vpn_ipsec_phase1.php +++ b/src/usr/local/www/vpn_ipsec_phase1.php @@ -659,21 +659,21 @@ $section->addInput(new Form_Checkbox( $section->addInput(new Form_Select( 'iketype', - 'Key Exchange version', + '*Key Exchange version', $pconfig['iketype'], array("ikev1" => "IKEv1", "ikev2" => "IKEv2", "auto" => gettext("Auto")) ))->setHelp('Select the Internet Key Exchange protocol version to be used. Auto uses IKEv2 when initiator, and accepts either IKEv1 or IKEv2 as responder.'); $section->addInput(new Form_Select( 'protocol', - 'Internet Protocol', + '*Internet Protocol', $pconfig['protocol'], array("inet" => "IPv4", "inet6" => "IPv6") ))->setHelp('Select the Internet Protocol family.'); $section->addInput(new Form_Select( 'interface', - 'Interface', + '*Interface', $pconfig['interface'], build_interface_list() ))->setHelp('Select the interface for the local endpoint of this phase1 entry.'); @@ -681,7 +681,7 @@ $section->addInput(new Form_Select( if (!$pconfig['mobile']) { $section->addInput(new Form_Input( 'remotegw', - 'Remote Gateway', + '*Remote Gateway', 'text', $pconfig['remotegw'] ))->setHelp('Enter the public IP address or host name of the remote gateway.'); @@ -700,19 +700,19 @@ $section = new Form_Section('Phase 1 Proposal (Authentication)'); $section->addInput(new Form_Select( 'authentication_method', - 'Authentication Method', + '*Authentication Method', $pconfig['authentication_method'], build_auth_method_list() ))->setHelp('Must match the setting chosen on the remote side.'); $section->addInput(new Form_Select( 'mode', - 'Negotiation mode', + '*Negotiation mode', $pconfig['mode'], array("main" => gettext("Main"), "aggressive" => gettext("Aggressive")) ))->setHelp('Aggressive is more flexible, but less secure.'); -$group = new Form_Group('My identifier'); +$group = new Form_Group('*My identifier'); $group->add(new Form_Select( 'myid_type', @@ -730,7 +730,7 @@ $group->add(new Form_Input( $section->add($group); -$group = new Form_Group('Peer identifier'); +$group = new Form_Group('*Peer identifier'); $group->addClass('peeridgroup'); $group->add(new Form_Select( @@ -755,21 +755,21 @@ $section->add($group); $section->addInput(new Form_Input( 'pskey', - 'Pre-Shared Key', + '*Pre-Shared Key', 'text', $pconfig['pskey'] ))->setHelp('Enter the Pre-Shared Key string.'); $section->addInput(new Form_Select( 'certref', - 'My Certificate', + '*My Certificate', $pconfig['certref'], build_cert_list() ))->setHelp('Select a certificate previously configured in the Certificate Manager.'); $section->addInput(new Form_Select( 'caref', - 'Peer Certificate Authority', + '*Peer Certificate Authority', $pconfig['caref'], build_ca_list() ))->setHelp('Select a certificate authority previously configured in the Certificate Manager.'); @@ -778,7 +778,7 @@ $form->add($section); $section = new Form_Section('Phase 1 Proposal (Algorithms)'); -$group = new Form_Group('Encryption Algorithm'); +$group = new Form_Group('*Encryption Algorithm'); $group->add(new Form_Select( 'ealgo', @@ -798,21 +798,21 @@ $section->add($group); $section->addInput(new Form_Select( 'halgo', - 'Hash Algorithm', + '*Hash Algorithm', $pconfig['halgo'], $p1_halgos ))->setHelp('Must match the setting chosen on the remote side.'); $section->addInput(new Form_Select( 'dhgroup', - 'DH Group', + '*DH Group', $pconfig['dhgroup'], $p1_dhgroups ))->setHelp('Must match the setting chosen on the remote side.'); $section->addInput(new Form_Input( 'lifetime', - 'Lifetime (Seconds)', + '*Lifetime (Seconds)', 'number', $pconfig['lifetime'] )); diff --git a/src/usr/local/www/vpn_ipsec_phase2.php b/src/usr/local/www/vpn_ipsec_phase2.php index 5c23580..43027af 100644 --- a/src/usr/local/www/vpn_ipsec_phase2.php +++ b/src/usr/local/www/vpn_ipsec_phase2.php @@ -503,12 +503,12 @@ $section->addInput(new Form_Checkbox( $section->addInput(new Form_Select( 'mode', - 'Mode', + '*Mode', $pconfig['mode'], $p2_modes )); -$group = new Form_Group('Local Network'); +$group = new Form_Group('*Local Network'); $group->addClass('opt_localid'); $subnetarray = get_configured_interface_with_descr(); @@ -559,7 +559,7 @@ $group->setHelp('If NAT/BINAT is required on this network specify the address to $section->add($group); if (!isset($pconfig['mobile'])) { - $group = new Form_Group('Remote Network'); + $group = new Form_Group('*Remote Network'); $group->addClass('opt_remoteid'); $group->add(new Form_Select( @@ -591,7 +591,7 @@ $section = new Form_Section('Phase 2 Proposal (SA/Key Exchange)'); $section->addInput(new Form_Select( 'proto', - 'Protocol', + '*Protocol', $pconfig['proto'], $p2_protos ))->setHelp('ESP is encryption, AH is authentication only.'); @@ -600,7 +600,7 @@ $i = 0; $rows = count($p2_ealgos) - 1; foreach ($p2_ealgos as $algo => $algodata) { - $group = new Form_Group($i == 0 ? 'Encryption Algorithms':''); + $group = new Form_Group($i == 0 ? '*Encryption Algorithms':''); $group->addClass('encalg'); // Note: ID attribute of each element created is to be unique. Not being used, suppressing it. @@ -638,7 +638,7 @@ foreach ($p2_ealgos as $algo => $algodata) { $section->add($group); } -$group = new Form_Group('Hash Algorithms'); +$group = new Form_Group('*Hash Algorithms'); foreach ($p2_halgos as $algo => $algoname) { // Note: ID attribute of each element created is to be unique. Not being used, suppressing it. diff --git a/src/usr/local/www/vpn_l2tp.php b/src/usr/local/www/vpn_l2tp.php index 310b732..cb4a0f2 100644 --- a/src/usr/local/www/vpn_l2tp.php +++ b/src/usr/local/www/vpn_l2tp.php @@ -208,14 +208,14 @@ $section->addClass('toggle-l2tp-enable'); $section->addInput(new Form_Select( 'interface', - 'Interface', + '*Interface', $pconfig['interface'], $iflist )); $section->addInput(new Form_Input( 'localip', - 'Server address', + '*Server address', 'text', $pconfig['localip'] ))->setHelp('Enter the IP address the L2TP server should give to clients for use as their "gateway". ' . '<br />' . @@ -224,14 +224,14 @@ $section->addInput(new Form_Input( $section->addInput(new Form_IpAddress( 'remoteip', - 'Remote address range', + '*Remote address range', $pconfig['remoteip'] ))->addMask(l2tp_subnet, $pconfig['l2tp_subnet']) ->setHelp('Specify the starting address for the client IP address subnet.'); $section->addInput(new Form_Select( 'n_l2tp_units', - 'Number of L2TP users', + '*Number of L2TP users', $pconfig['n_l2tp_units'], array_combine(range(1, 255, 1), range(1, 255, 1)) )); @@ -245,7 +245,7 @@ $section->addPassword(new Form_Input( $section->addInput(new Form_Select( 'paporchap', - 'Authentication type', + '*Authentication type', $pconfig['paporchap'], array( 'chap' => 'CHAP', @@ -289,13 +289,13 @@ $section->addInput(new Form_Checkbox( $section->addInput(new Form_IpAddress( 'radiusserver', - 'Server', + '*Server', $pconfig['radiusserver'] ))->setHelp('Enter the IP address of the RADIUS server.'); $section->addPassword(new Form_Input( 'radiussecret', - 'Secret', + '*Secret', 'password', $pconfig['radiussecret'] ))->setHelp('Enter the shared secret that will be used to authenticate to the RADIUS server.'); diff --git a/src/usr/local/www/vpn_l2tp_users_edit.php b/src/usr/local/www/vpn_l2tp_users_edit.php index cab3083..f889307 100644 --- a/src/usr/local/www/vpn_l2tp_users_edit.php +++ b/src/usr/local/www/vpn_l2tp_users_edit.php @@ -62,6 +62,9 @@ if (isset($_POST['id']) && is_numericint($_POST['id'])) { if (isset($id) && $a_secret[$id]) { $pconfig['usernamefld'] = $a_secret[$id]['name']; $pconfig['ip'] = $a_secret[$id]['ip']; + $pwd_required = ""; +} else { + $pwd_required = "*"; } if ($_POST) { @@ -147,14 +150,14 @@ $section = new Form_Section("User"); $section->addInput(new Form_Input( 'usernamefld', - 'Username', + '*Username', 'text', $pconfig['usernamefld'] )); $pwd = new Form_Input( 'passwordfld', - 'Password', + $pwd_required . 'Password', 'text', $pconfig['passwordfld'] ); diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index 24b8737..36cfde8 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -492,21 +492,21 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'mode', - 'Server mode', + '*Server mode', $pconfig['mode'], $openvpn_client_modes )); $section->addInput(new Form_Select( 'protocol', - 'Protocol', + '*Protocol', $pconfig['protocol'], $openvpn_prots )); $section->addInput(new Form_Select( 'dev_mode', - 'Device mode', + '*Device mode', empty($pconfig['dev_mode']) ? 'tun':$pconfig['dev_mode'], $openvpn_dev_mode ))->setHelp("\"tun\" mode carries IPv4 and IPv6 (OSI layer 3) and is the most common and compatible mode across all platforms." . @@ -514,7 +514,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'interface', - 'Interface', + '*Interface', $pconfig['interface'], openvpn_build_if_list() ))->setHelp("The interface used by the firewall to originate this OpenVPN client connection"); @@ -529,7 +529,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Input( 'server_addr', - 'Server host or address', + '*Server host or address', 'text', $pconfig['server_addr'] ))->setHelp("The IP address or hostname of the OpenVPN server."); @@ -544,7 +544,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Input( 'server_port', - 'Server port', + '*Server port', 'number', $pconfig['server_port'] ))->setHelp("The port used by the server to receive client connections."); @@ -634,7 +634,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Textarea( 'tls', - 'TLS Key', + '*TLS Key', $pconfig['tls'] ))->setHelp("Paste the TLS key here." . "<br/>" . @@ -642,7 +642,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'tls_type', - 'TLS Key Usage Mode', + '*TLS Key Usage Mode', empty($pconfig['tls_type']) ? 'auth':$pconfig['tls_type'], $openvpn_tls_modes ))->setHelp("In Authentication mode the TLS key is used only as HMAC authentication for the control channel, protecting the peers from unauthorized connections. " . @@ -657,13 +657,13 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'caref', - 'Peer Certificate Authority', + '*Peer Certificate Authority', $pconfig['caref'], $list )); } else { $section->addInput(new Form_StaticText( - 'Peer Certificate Authority', + '*Peer Certificate Authority', sprintf('No Certificate Authorities defined. One may be created here: %s', '<a href="system_camanager.php">System > Cert. Manager</a>') )); } @@ -691,7 +691,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Textarea( 'shared_key', - 'Shared Key', + '*Shared Key', $pconfig['shared_key'] ))->setHelp('Paste the shared key here'); @@ -706,7 +706,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'crypto', - 'Encryption Algorithm', + '*Encryption Algorithm', $pconfig['crypto'], openvpn_get_cipherlist() ))->setHelp('The Encryption Algorithm used for data channel packets when Negotiable Cryptographic Parameter (NCP) support is not available.'); @@ -745,7 +745,7 @@ if ($act=="new" || $act=="edit"): ->setAttribute('size', '10') ->setHelp('Allowed NCP Encryption Algorithms. Click an algorithm name to remove it from the list'); - $group->setHelp( 'The order of the selected NCP Encryption Algorithms is respected by OpenVPN.' . + $group->setHelp('The order of the selected NCP Encryption Algorithms is respected by OpenVPN.' . '<div class="infoblock">' . sprint_info_box( 'For backward compatibility, when an older peer connects that does not support NCP, OpenVPN will use the Encryption Algorithm ' . 'requested by the peer so long as it is selected in this list or chosen as the Encryption Algorithm.', 'info', false) . @@ -755,7 +755,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'digest', - 'Auth digest algorithm', + '*Auth digest algorithm', $pconfig['digest'], openvpn_get_digestlist() ))->setHelp('The algorithm used to authenticate data channel packets, and control channel packets if a TLS Key is present.' . diff --git a/src/usr/local/www/vpn_openvpn_csc.php b/src/usr/local/www/vpn_openvpn_csc.php index 187c4e8..01a399b 100644 --- a/src/usr/local/www/vpn_openvpn_csc.php +++ b/src/usr/local/www/vpn_openvpn_csc.php @@ -339,7 +339,7 @@ if ($act == "new" || $act == "edit"): $section->addInput(new Form_Input( 'common_name', - 'Common Name', + '*Common Name', 'text', $pconfig['common_name'] ))->setHelp('Enter the X.509 common name for the client certificate, or the username for VPNs utilizing password authentication. This match is case sensitive.'); diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index d12b6bd..bbb0ee6 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -677,7 +677,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'mode', - 'Server mode', + '*Server mode', $pconfig['mode'], openvpn_build_mode_list() )); @@ -703,7 +703,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'authmode', - 'Backend for authentication', + '*Backend for authentication', $authmodes, $options, true @@ -711,14 +711,14 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'protocol', - 'Protocol', + '*Protocol', $pconfig['protocol'], $openvpn_prots )); $section->addInput(new Form_Select( 'dev_mode', - 'Device mode', + '*Device mode', empty($pconfig['dev_mode']) ? 'tun':$pconfig['dev_mode'], $openvpn_dev_mode ))->setHelp("\"tun\" mode carries IPv4 and IPv6 (OSI layer 3) and is the most common and compatible mode across all platforms." . @@ -726,14 +726,14 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'interface', - 'Interface', + '*Interface', $pconfig['interface'], openvpn_build_if_list() ))->setHelp("The interface or Virtual IP address where OpenVPN will receive client connections."); $section->addInput(new Form_Input( 'local_port', - 'Local port', + '*Local port', 'number', $pconfig['local_port'], ['min' => '0'] @@ -770,7 +770,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Textarea( 'tls', - 'TLS Key', + '*TLS Key', $pconfig['tls'] ))->setHelp("Paste the TLS key here." . "<br/>" . @@ -778,7 +778,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'tls_type', - 'TLS Key Usage Mode', + '*TLS Key Usage Mode', empty($pconfig['tls_type']) ? 'auth':$pconfig['tls_type'], $openvpn_tls_modes ))->setHelp("In Authentication mode the TLS key is used only as HMAC authentication for the control channel, protecting the peers from unauthorized connections. " . @@ -794,13 +794,13 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'caref', - 'Peer Certificate Authority', + '*Peer Certificate Authority', $pconfig['caref'], $list )); } else { $section->addInput(new Form_StaticText( - 'Peer Certificate Authority', + '*Peer Certificate Authority', sprintf('No Certificate Authorities defined. One may be created here: %s', '<a href="system_camanager.php">System > Cert. Manager</a>') )); } @@ -839,14 +839,14 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'certref', - 'Server certificate', + '*Server certificate', $pconfig['certref'], $cl['server'] + $cl['non-server'] ))->setHelp($certhelp); $section->addInput(new Form_Select( 'dh_length', - 'DH Parameter Length', + '*DH Parameter Length', $pconfig['dh_length'], $openvpn_dh_lengths ))->setHelp('Diffie-Hellman (DH) parameter set used for key exchange.' . @@ -879,13 +879,13 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Textarea( 'shared_key', - 'Shared Key', + '*Shared Key', $pconfig['shared_key'] ))->setHelp('Paste the shared key here'); $section->addInput(new Form_Select( 'crypto', - 'Encryption Algorithm', + '*Encryption Algorithm', $pconfig['crypto'], openvpn_get_cipherlist() ))->setHelp('The Encryption Algorithm used for data channel packets when Negotiable Cryptographic Parameter (NCP) support is not available.'); @@ -921,7 +921,7 @@ if ($act=="new" || $act=="edit"): ->setAttribute('size', '10') ->setHelp('Allowed NCP Encryption Algorithms. Click an algorithm name to remove it from the list'); - $group->setHelp( 'The order of the selected NCP Encryption Algorithms is respected by OpenVPN.' . + $group->setHelp('The order of the selected NCP Encryption Algorithms is respected by OpenVPN.' . '<div class="infoblock">' . sprint_info_box( 'For backward compatibility, when an older peer connects that does not support NCP, OpenVPN will use the Encryption Algorithm ' . 'requested by the peer so long as it is selected in this list or chosen as the Encryption Algorithm.', 'info', false) . @@ -931,7 +931,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'digest', - 'Auth digest algorithm', + '*Auth digest algorithm', $pconfig['digest'], openvpn_get_digestlist() ))->setHelp('The algorithm used to authenticate data channel packets, and control channel packets if a TLS Key is present.' . @@ -949,7 +949,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'cert_depth', - 'Certificate Depth', + '*Certificate Depth', $pconfig['cert_depth'], ["" => gettext("Do Not Check")] + $openvpn_cert_depths ))->setHelp('When a certificate-based client logs in, do not accept certificates below this depth. ' . @@ -1640,6 +1640,7 @@ events.push(function() { hideInput('serverbridge_interface', true); hideInput('serverbridge_dhcp_start', true); hideInput('serverbridge_dhcp_end', true); + setRequired('tunnel_network', true); if (sharedkey) { hideInput('local_network', true); hideInput('local_networkv6', true); @@ -1655,6 +1656,7 @@ events.push(function() { case "tap": hideInput('tunnel_network', false); + setRequired('tunnel_network', false); if (!p2p) { hideCheckbox('serverbridge_dhcp', false); |
