diff options
Diffstat (limited to 'src/usr/local/www/vpn_openvpn_server.php')
-rw-r--r-- | src/usr/local/www/vpn_openvpn_server.php | 2461 |
1 files changed, 1029 insertions, 1432 deletions
diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index a7ff4ce..a7a95c3 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -125,9 +125,11 @@ if ($_GET['act'] == "edit") { $pconfig['authmode'] = $a_server[$id]['authmode']; $pconfig['dev_mode'] = $a_server[$id]['dev_mode']; $pconfig['interface'] = $a_server[$id]['interface']; + if (!empty($a_server[$id]['ipaddr'])) { $pconfig['interface'] = $pconfig['interface'] . '|' . $a_server[$id]['ipaddr']; } + $pconfig['local_port'] = $a_server[$id]['local_port']; $pconfig['description'] = $a_server[$id]['description']; $pconfig['custom_options'] = $a_server[$id]['custom_options']; @@ -137,6 +139,7 @@ if ($_GET['act'] == "edit") { $pconfig['tlsauth_enable'] = "yes"; $pconfig['tls'] = base64_decode($a_server[$id]['tls']); } + $pconfig['caref'] = $a_server[$id]['caref']; $pconfig['crlref'] = $a_server[$id]['crlref']; $pconfig['certref'] = $a_server[$id]['certref']; @@ -188,6 +191,7 @@ if ($_GET['act'] == "edit") { $pconfig['dns_server2'] = $a_server[$id]['dns_server2']; $pconfig['dns_server3'] = $a_server[$id]['dns_server3']; $pconfig['dns_server4'] = $a_server[$id]['dns_server4']; + if ($pconfig['dns_server1'] || $pconfig['dns_server2'] || $pconfig['dns_server3'] || @@ -197,6 +201,7 @@ if ($_GET['act'] == "edit") { $pconfig['ntp_server1'] = $a_server[$id]['ntp_server1']; $pconfig['ntp_server2'] = $a_server[$id]['ntp_server2']; + if ($pconfig['ntp_server1'] || $pconfig['ntp_server2']) { $pconfig['ntp_server_enable'] = true; @@ -208,6 +213,7 @@ if ($_GET['act'] == "edit") { $pconfig['wins_server1'] = $a_server[$id]['wins_server1']; $pconfig['wins_server2'] = $a_server[$id]['wins_server2']; + if ($pconfig['wins_server1'] || $pconfig['wins_server2']) { $pconfig['wins_server_enable'] = true; @@ -458,6 +464,7 @@ if ($_POST) { } else { $server['shared_key'] = base64_encode($pconfig['shared_key']); } + $server['crypto'] = $pconfig['crypto']; $server['digest'] = $pconfig['digest']; $server['engine'] = $pconfig['engine']; @@ -546,1497 +553,1087 @@ if ($_POST) { $pconfig['authmode'] = implode(",", $pconfig['authmode']); } } + $pgtitle = array(gettext("OpenVPN"), gettext("Server")); $shortcut_section = "openvpn"; include("head.inc"); -?> +function build_mode_list() { + global $openvpn_server_modes; -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> -<?php include("fbegin.inc"); ?> -<script type="text/javascript"> -//<![CDATA[ + $list = array(); -function mode_change() { - index = document.iform.mode.selectedIndex; - value = document.iform.mode.options[index].value; - switch (value) { - case "p2p_tls": - case "server_tls": - case "server_user": - document.getElementById("tls").style.display=""; - document.getElementById("tls_ca").style.display=""; - document.getElementById("tls_crl").style.display=""; - document.getElementById("tls_cert").style.display=""; - document.getElementById("tls_dh").style.display=""; - document.getElementById("cert_depth").style.display=""; - document.getElementById("strictusercn").style.display="none"; - document.getElementById("psk").style.display="none"; - break; - case "server_tls_user": - document.getElementById("tls").style.display=""; - document.getElementById("tls_ca").style.display=""; - document.getElementById("tls_crl").style.display=""; - document.getElementById("tls_cert").style.display=""; - document.getElementById("tls_dh").style.display=""; - document.getElementById("cert_depth").style.display=""; - document.getElementById("strictusercn").style.display=""; - document.getElementById("psk").style.display="none"; - break; - case "p2p_shared_key": - document.getElementById("tls").style.display="none"; - document.getElementById("tls_ca").style.display="none"; - document.getElementById("tls_crl").style.display="none"; - document.getElementById("tls_cert").style.display="none"; - document.getElementById("tls_dh").style.display="none"; - document.getElementById("cert_depth").style.display="none"; - document.getElementById("strictusercn").style.display="none"; - document.getElementById("psk").style.display=""; - break; - } - switch (value) { - case "p2p_shared_key": - document.getElementById("client_opts").style.display="none"; - document.getElementById("remote_optsv4").style.display=""; - document.getElementById("remote_optsv6").style.display=""; - document.getElementById("gwredir_opts").style.display="none"; - document.getElementById("local_optsv4").style.display="none"; - document.getElementById("local_optsv6").style.display="none"; - document.getElementById("authmodetr").style.display="none"; - document.getElementById("inter_client_communication").style.display="none"; - break; - case "p2p_tls": - document.getElementById("client_opts").style.display="none"; - document.getElementById("remote_optsv4").style.display=""; - document.getElementById("remote_optsv6").style.display=""; - document.getElementById("gwredir_opts").style.display=""; - document.getElementById("local_optsv4").style.display=""; - document.getElementById("local_optsv6").style.display=""; - document.getElementById("authmodetr").style.display="none"; - document.getElementById("inter_client_communication").style.display="none"; - break; - case "server_user": - case "server_tls_user": - document.getElementById("authmodetr").style.display=""; - document.getElementById("client_opts").style.display=""; - document.getElementById("remote_optsv4").style.display="none"; - document.getElementById("remote_optsv6").style.display="none"; - document.getElementById("gwredir_opts").style.display=""; - document.getElementById("local_optsv4").style.display=""; - document.getElementById("local_optsv6").style.display=""; - document.getElementById("inter_client_communication").style.display=""; - break; - case "server_tls": - document.getElementById("authmodetr").style.display="none"; - default: - document.getElementById("client_opts").style.display=""; - document.getElementById("remote_optsv4").style.display="none"; - document.getElementById("remote_optsv6").style.display="none"; - document.getElementById("gwredir_opts").style.display=""; - document.getElementById("local_optsv4").style.display=""; - document.getElementById("local_optsv6").style.display=""; - document.getElementById("inter_client_communication").style.display=""; - break; - } - gwredir_change(); + foreach ($openvpn_server_modes as $name => $desc) + $list[$name] = $desc; + + return($list); } -function autokey_change() { +function build_if_list() { + $list = array(); - if ((document.iform.autokey_enable != null) && (document.iform.autokey_enable.checked)) { - document.getElementById("autokey_opts").style.display="none"; - } else { - document.getElementById("autokey_opts").style.display=""; - } -} + $interfaces = get_configured_interface_with_descr(); + $carplist = get_configured_carp_interface_list(); -function tlsauth_change() { + foreach ($carplist as $cif => $carpip) + $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; -<?php if (!$pconfig['tls']): ?> - if (document.iform.tlsauth_enable.checked) { - document.getElementById("tlsauth_opts").style.display=""; - } else { - document.getElementById("tlsauth_opts").style.display="none"; - } -<?php endif; ?> + $aliaslist = get_configured_ip_aliases_list(); - autotls_change(); -} + foreach ($aliaslist as $aliasip => $aliasif) + $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; -function autotls_change() { + $grouplist = return_gateway_groups_array(); -<?php if (!$pconfig['tls']): ?> - autocheck = document.iform.autotls_enable.checked; -<?php else: ?> - autocheck = false; -<?php endif; ?> + foreach ($grouplist as $name => $group) { + if($group['ipprotocol'] != inet) + continue; - if (document.iform.tlsauth_enable.checked && !autocheck) { - document.getElementById("autotls_opts").style.display=""; - } else { - document.getElementById("autotls_opts").style.display="none"; + if($group[0]['vip'] != "") + $vipif = $group[0]['vip']; + else + $vipif = $group[0]['int']; + + $interfaces[$name] = "GW Group {$name}"; } -} -function gwredir_change() { + $interfaces['lo0'] = "Localhost"; + $interfaces['any'] = "any"; - if (document.iform.gwredir.checked) { - document.getElementById("local_optsv4").style.display="none"; - document.getElementById("local_optsv6").style.display="none"; - } else { - document.getElementById("local_optsv4").style.display=""; - document.getElementById("local_optsv6").style.display=""; - } + foreach ($interfaces as $iface => $ifacename) + $list[$iface] = $ifacename; + + return($list); } -function dns_domain_change() { +function build_crl_list() { + global $a_crl; - if (document.iform.dns_domain_enable.checked) { - document.getElementById("dns_domain_data").style.display=""; - } else { - document.getElementById("dns_domain_data").style.display="none"; - } -} + $list = array('' => 'None'); -function dns_server_change() { + foreach ($a_crl as $crl) { + $caname = ""; + $ca = lookup_ca($crl['caref']); - if (document.iform.dns_server_enable.checked) { - document.getElementById("dns_server_data").style.display=""; - } else { - document.getElementById("dns_server_data").style.display="none"; + if ($ca) + $caname = " (CA: {$ca['descr']})"; + + $list[$crl['refid']] = $crl['descr'] . $caname; } + + return($list); } -function wins_server_change() { +function build_cert_list() { + global $a_cert; - if (document.iform.wins_server_enable.checked) { - document.getElementById("wins_server_data").style.display=""; - } else { - document.getElementById("wins_server_data").style.display="none"; - } -} + $list = array(); -function client_mgmt_port_change() { + foreach ($a_cert as $cert) { + $caname = ""; + $inuse = ""; + $revoked = ""; + $ca = lookup_ca($cert['caref']); - if (document.iform.client_mgmt_port_enable.checked) { - document.getElementById("client_mgmt_port_data").style.display=""; - } else { - document.getElementById("client_mgmt_port_data").style.display="none"; + if ($ca) + $caname = " (CA: {$ca['descr']})"; + + if ($pconfig['certref'] == $cert['refid']) + $selected = "selected=\"selected\""; + + if (cert_in_use($cert['refid'])) + $inuse = " *In Use"; + + if (is_cert_revoked($cert)) + $revoked = " *Revoked"; + + $list[$cert['refid']] = $cert['descr'] . $caname . $inuse . $revoked; } + + return($list); } -function ntp_server_change() { +function build_bridge_list() { + $list = array(); - if (document.iform.ntp_server_enable.checked) { - document.getElementById("ntp_server_data").style.display=""; - } else { - document.getElementById("ntp_server_data").style.display="none"; - } + $serverbridge_interface['none'] = "none"; + $serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr()); + $carplist = get_configured_carp_interface_list(); + + foreach ($carplist as $cif => $carpip) + $serverbridge_interface[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; + + $aliaslist = get_configured_ip_aliases_list(); + + foreach ($aliaslist as $aliasip => $aliasif) + $serverbridge_interface[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + + foreach ($serverbridge_interface as $iface => $ifacename) + $list[$iface] = htmlspecialchars($ifacename); + + return($list); } -function netbios_change() { +if (!$savemsg) + $savemsg = ""; - if (document.iform.netbios_enable.checked) { - document.getElementById("netbios_data").style.display=""; - document.getElementById("wins_opts").style.display=""; +if ($input_errors) + print_input_errors($input_errors); + +if ($savemsg) + print_info_box_np($savemsg, 'success'); + +$tab_array = array(); +$tab_array[] = array(gettext("Server"), true, "vpn_openvpn_server.php"); +$tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php"); +$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php"); +$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml"); +add_package_tabs("OpenVPN", $tab_array); +display_top_tabs($tab_array); + +require_once('classes/Form.class.php'); + +$form = new Form(); + +if($act=="new" || $act=="edit") : + + + $section = new Form_Section('General Information'); + + $section->addInput(new Form_checkbox( + 'disable', + 'Disabled', + 'Disable this server', + $pconfig['disable'] + ))->setHelp('Set this option to disable this server without removing it from the list'); + + $section->addInput(new Form_Select( + 'mode', + 'Server mode', + $pconfig['mode'], + build_mode_list() + )); + + $section->addInput(new Form_Select( + 'dev_mode', + 'Device mode', + empty($pconfig['dev_mode']) ? 'tun':$pconfig['dev_mode'], + array_combine($openvpn_dev_mode, $openvpn_dev_mode) + )); + + $section->addInput(new Form_Select( + 'interface', + 'Interface', + $pconfig['interface'], + build_if_list() + )); + + $section->addInput(new Form_Input( + 'local_port', + 'Local port', + 'number', + $pconfig['local_port'] + )); + + $section->addInput(new Form_Input( + 'description', + 'Description', + 'text', + $pconfig['description'] + ))->setHelp('You may enter a description here for your reference (not parsed).'); + + $form->add($section); + + $section = new Form_Section('Cryptographic settings'); + + $section->addInput(new Form_checkbox( + 'tlsauth_enable', + 'TLS authentication', + 'Enable authentication of TLS packets.', + $pconfig['tlsauth_enable'] + )); + + if (!$pconfig['tls']) { + $section->addInput(new Form_checkbox( + 'autotls_enable', + null, + 'Automatically generate a shared TLS authentication key.', + $pconfig['autotls_enable'] + )); + } + + $section->addInput(new Form_TextArea( + 'tls', + 'Key', + $pconfig['tls'] + ))->setHelp('Paste your shared key here'); + + if (count($a_ca)) { + + $list = array(); + foreach ($a_ca as $ca) + $list[$ca['refid']] = $ca['descr']; + + $section->addInput(new Form_Select( + 'caref', + 'Peer Certifiacte Authority', + $pconfig['caref'], + $list + )); } else { - document.getElementById("netbios_data").style.display="none"; - document.getElementById("wins_opts").style.display="none"; + $section->addInput(new Form_StaticText( + 'Peer Certificate Authority', + sprintf('No Certificate Authorities defined. You may create one here: %s', '<a href="system_camanager.php">System > Cert Manager</a>') + )); + } + + if (count($a_crl)) { + $section->addInput(new Form_Select( + 'crlref', + 'Peer Certificate Revocation list', + $pconfig['crlref'], + build_crl_list() + )); + } else { + $section->addInput(new Form_StaticText( + 'Peer Certificate Revocation list', + sprintf('No Certificate Revocation Lists defined. You may create one here: %s', '<a href="system_camanager.php">System > Cert Manager</a>') + )); } -} -function tuntap_change() { + $section->addInput(new Form_Select( + 'certref', + 'Peer Certifiacte Authority', + $pconfig['certref'], + build_cert_list() + ))->setHelp(count($a_cert) ? '':sprintf('No Certificates defined. You may create one here: %s', '<a href="system_camanager.php">System > Cert Manager</a>')); + + $section->addInput(new Form_Select( + 'dh_length', + 'DH Parameter length (bits)', + $pconfig['dh_length'], + array_combine($openvpn_dh_lengths,$openvpn_dh_lengths) + ))->setHelp(count($a_cert) ? '':sprintf('No Certificates defined. You may create one here: %s', '<a href="system_camanager.php">System > Cert Manager</a>')); + + if (!$pconfig['shared_key']) { + $section->addInput(new Form_checkbox( + 'autokey_enable', + 'Auto generate', + 'Automatically generate a shared key', + $pconfig['autokey_enable'] + )); + } - mindex = document.iform.mode.selectedIndex; - mvalue = document.iform.mode.options[mindex].value; + $section->addInput(new Form_TextArea( + 'shared_key', + 'Shared Key', + $pconfig['shared_key'] + ))->setHelp('Paste your shared key here'); + + $section->addInput(new Form_Select( + 'crypto', + 'Encryption Algorithm', + $pconfig['crypto'], + openvpn_get_cipherlist() + )); + + $section->addInput(new Form_Select( + 'digest', + 'Auth digest algorithm', + $pconfig['digest'], + openvpn_get_digestlist() + ))->setHelp('Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN. '); + + $section->addInput(new Form_Select( + 'engine', + 'Hardware Crypto', + $pconfig['engine'], + openvpn_get_engines() + )); + + $section->addInput(new Form_Select( + 'cert_depth', + 'Certificate Depth', + $pconfig['cert_depth'], + $openvpn_cert_depths + ))->setHelp('When a certificate-based client logs in, do not accept certificates below this depth. ' . + 'Useful for denying certificates made with intermediate CAs generated from the same CA as the server.'); + + $section->addInput(new Form_checkbox( + 'strictusercn', + 'Strict User-CN Matching', + null, + $pconfig['strictusercn'] + ))->setHelp('When authenticating users, enforce a match between the common name of the client certificate and the username given at login.'); + + $form->add($section); + + $section = new Form_Section('Tunnel settings'); + + $section->addInput(new Form_Input( + 'tunnel_network', + 'IPv4 Tunnel Network', + 'text', + $pconfig['tunnel_network'] + ))->setHelp('This is the IPv4 virtual network used for private communications between this server and client ' . + 'hosts expressed using CIDR (eg. 10.0.8.0/24). The first network address will be assigned to ' . + 'the server virtual interface. The remaining network addresses can optionally be assigned ' . + 'to connecting clients. (see Address Pool)'); + + $section->addInput(new Form_Input( + 'tunnel_networkv6', + 'IPv6 Tunnel Network', + 'text', + $pconfig['tunnel_networkv6'] + ))->setHelp('This is the IPv6 virtual network used for private ' . + 'communications between this server and client hosts expressed using CIDR (eg. fe80::/64). ' . + 'The first network address will be assigned to the server virtual interface. The remaining ' . + 'network addresses can optionally be assigned to connecting clients. (see Address Pool)'); + + $section->addInput(new Form_checkbox( + 'serverbridge_dhcp', + 'Bridge DHCP', + 'Allow clients on the bridge to obtain DHCP.', + $pconfig['serverbridge_dhcp'] + )); + + $section->addInput(new Form_Select( + 'serberbridge_inerface', + 'Bridge Interface', + $pconfig['serberbridge_inerface'], + build_bridge_list() + ))->setHelp('The interface to which this tap instance will be bridged. This is not done automatically. You must assign this ' . + 'interface and create the bridge separately. This setting controls which existing IP address and subnet ' . + 'mask are used by OpenVPN for the bridge. Setting this to "none" will cause the Server Bridge DHCP settings below to be ignored.'); + + $section->addInput(new Form_Input( + 'serverbridge_dhcp_start', + 'Server Bridge DHCP Start', + 'text', + $pconfig['serverbridge_dhcp_start'] + ))->setHelp('When using tap mode as a multi-point server, you may optionally supply a DHCP range to use on the ' . + 'interface to which this tap instance is bridged. If these settings are left blank, DHCP will be passed ' . + 'through to the LAN, and the interface setting above will be ignored.'); + + $section->addInput(new Form_Input( + 'serverbridge_dhcp_end', + 'Server Bridge DHCP End', + 'text', + $pconfig['serverbridge_dhcp_end'] + )); + + $section->addInput(new Form_checkbox( + 'gwredir', + 'Redirect Gateway', + 'Force all client generated traffic through the tunnel.', + $pconfig['gwredit'] + )); + + $section->addInput(new Form_Input( + 'local_network', + 'IPv4 Local network(s)', + 'text', + $pconfig['local_network'] + ))->setHelp('IPv4 networks that will be accessible from the remote endpoint. ' . + 'Expressed as a comma-separated list of one or more CIDR ranges. ' . + 'You may leave this blank if you don\'t want to add a route to the local network through this tunnel on the remote machine. ' . + 'This is generally set to your LAN network.'); + + $section->addInput(new Form_Input( + 'local_networkv6', + 'IPv6 Local network(s)', + 'text', + $pconfig['local_networkv6'] + ))->setHelp('IPv6 networks that will be accessible from the remote endpoint. ' . + 'Expressed as a comma-separated list of one or more IP/PREFIX. You may leave this blank if you don\'t want to add a ' . + 'route to the local network through this tunnel on the remote machine. This is generally set to your LAN network.'); + + $section->addInput(new Form_Input( + 'remote_network', + 'IPv4 Remote network(s)', + 'text', + $pconfig['remote_network'] + ))->setHelp('IPv4 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' . + 'changing the routing tables. Expressed as a comma-separated list of one or more CIDR ranges. ' . + 'If this is a site-to-site VPN, enter the remote LAN/s here. You may leave this blank if you don\'t want a site-to-site VPN.'); + + $section->addInput(new Form_Input( + 'remote_networkv6', + 'IPv6 Remote network(s)', + 'text', + $pconfig['remote_networkv6'] + ))->setHelp('These are the IPv6 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' . + 'changing the routing tables. Expressed as a comma-separated list of one or more IP/PREFIX. ' . + 'If this is a site-to-site VPN, enter the remote LAN/s here. You may leave this blank if you don\'t want a site-to-site VPN.'); + + $section->addInput(new Form_Input( + 'maxclients', + 'Concurrent connections', + 'number', + $pconfig['maxclients'] + ))->setHelp('Specify the maximum number of clients allowed to concurrently connect to this server.'); + + $section->addInput(new Form_Select( + 'compression', + 'Compression', + $pconfig['compression'], + $openvpn_compression_modes + ))->setHelp('Compress tunnel packets using the LZO algorithm. ' . + 'Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the ' . + 'packets is not being compressed efficiently"'); + + $section->addInput(new Form_checkbox( + 'passtos', + 'Type-of-Service', + 'Set the TOS IP header value of tunnel packets to match the encapsulated packet value.', + $pconfig['passtos'] + )); + + $section->addInput(new Form_checkbox( + 'client2client', + 'Inter-client communication', + 'Allow communication between clients connected to this server', + $pconfig['client2client'] + )); + + $section->addInput(new Form_checkbox( + 'duplicate_cn', + 'Duplicate Connection', + 'Allow multiple concurrent connections from clients using the same Common Name.', + $pconfig['duplicate_cn'] + ))->setHelp('(This is not generally recommended, but may be needed for some scenarios.)'); + + $section->addInput(new Form_checkbox( + 'no_tun_ipv6', + 'Disable IPv6', + 'Don\'t forward IPv6 traffic. ', + $pconfig['no_tun_ipv6'] + )); + + $form->add($section); + + $section = new Form_Section('Client Settings'); + + $section->addInput(new Form_checkbox( + 'dynamic_ip', + 'Dynamic IP', + 'Allow connected clients to retain their connections if their IP address changes', + $pconfig['dynamic_ip'] + )); + + $section->addInput(new Form_checkbox( + 'pool_enable', + 'Address Pool', + 'Provide a virtual adapter IP address to clients (see Tunnel Network)', + $pconfig['pool_enable'] + )); + + $section->addInput(new Form_checkbox( + 'topology_subnet', + 'Topology', + 'Allocate only one IP per client (topology subnet), rather than an isolated subnet per client (topology net30).', + $pconfig['topology_subnet'] + ))->setHelp('Relevant when supplying a virtual adapter IP address to clients when using tun mode on IPv4.").' . '<br />' . + 'Some clients may require this even for IPv6, such as OpenVPN Connect (iOS/Android). ' . + 'Others may break if it is present, such as older versions of OpenVPN or clients such as Yealink phones.'); + + $section->addInput(new Form_checkbox( + 'dns_domain_enable', + 'DNS Default Domain', + 'Provide a default domain name to clients', + $pconfig['dns_domain_enable'] + )); + + $section->addInput(new Form_Input( + 'dns_domain', + 'DNS Default Domain', + 'text', + $pconfig['dns_domain'] + )); + + $section->addInput(new Form_checkbox( + 'dns_server_enable', + 'DNS Server enable', + 'Provide a DNS server list to clients', + $pconfig['dns_server_enable'] + )); + + $section->addInput(new Form_Input( + 'dns_server1', + 'DNS Server 1', + 'text', + $pconfig['dns_server1'] + )); + + $section->addInput(new Form_Input( + 'dns_server2', + 'DNS Server 2', + 'text', + $pconfig['dns_server2'] + )); + + $section->addInput(new Form_Input( + 'dns_server3', + 'DNS Server 3', + 'text', + $pconfig['dns_server3'] + )); + + $section->addInput(new Form_Input( + 'dns_server4', + 'DNS Server 4', + 'text', + $pconfig['dns_server4'] + )); + + $section->addInput(new Form_checkbox( + 'push_register_dns', + 'Force DNS cache update', + 'Run "net stop dnscache", "net start dnscache", "ipconfig /flushdns" and "ipconfig /registerdns" on connection initiation.', + $pconfig['push_register_dns'] + ))->setHelp('This is known to kick Windows into recognizing pushed DNS servers.'); + + $section->addInput(new Form_checkbox( + 'ntp_server_enable', + 'NTP Server enable', + 'Provide an NTP server list to clients', + $pconfig['ntp_server_enable'] + )); + + $section->addInput(new Form_Input( + 'ntp_server1', + 'NTP Server 1', + 'text', + $pconfig['ntp_server1'] + )); + + $section->addInput(new Form_Input( + 'ntp_server2', + 'NTP Server 2', + 'text', + $pconfig['ntp_server2'] + )); + + $form->add($section); + + $section = new Form_Section('Netbios Options'); + + $section->addInput(new Form_checkbox( + 'netbios_enable', + 'Netbios enable', + 'Enable NetBIOS over TCP/IP', + $pconfig['ntp_server_enable'] + ))->setHelp('If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled'); + + $section->addInput(new Form_Select( + 'netbios_ntype', + 'Node Type', + $pconfig['nbios_ntype'], + $netbios_nodetypes + ))->setHelp('Possible options: b-node (broadcasts), p-node (point-to-point name queries to a WINS server), ' . + 'm-node (broadcast then query name server), and h-node (query name server, then broadcast)'); + + $section->addInput(new Form_Input( + 'netbios_scope', + 'Scope ID', + 'text', + $pconfig['netbios_scope'] + ))->setHelp('A NetBIOS Scope ID provides an extended naming service for NetBIOS over TCP/IP. The NetBIOS ' . + 'scope ID isolates NetBIOS traffic on a single network to only those nodes with the same ' . + 'NetBIOS scope ID'); + + $section->addInput(new Form_checkbox( + 'wins_server_enable', + 'WINS server enable', + 'Provide a WINS server list to clients', + $pconfig['wins_server_enable'] + )); + + $section->addInput(new Form_Input( + 'wins_server1', + 'WINS Server 1', + 'text', + $pconfig['wins_server1'] + )); + + $section->addInput(new Form_Input( + 'wins_server2', + 'WINS Server 2', + 'text', + $pconfig['wins_server2'] + )); + + $section->addInput(new Form_checkbox( + 'client_mgmt_port_enable', + 'Enable custom port ', + 'Use a different management port for clients.', + $pconfig['client_mgmt_port_enable'] + )); + + $section->addInput(new Form_Input( + 'client_mgmt_port', + 'Management port', + 'number', + $pconfig['client_mgmt_port'] + ))->setHelp('The default port is 166. Specify a different port if the client machines need to select from multiple OpenVPN links.'); + + + $form->add($section); + + $section = new Form_Section('Advanced Configuration'); + $section->addClass('advanced'); + + $section->addInput(new Form_TextArea( + 'custom_options', + 'Custom options', + $pconfig['custom_options'] + ))->setHelp('Enter any additional options you would like to add to the OpenVPN server configuration here, separated by semicolon' . '<br />' . + 'EXAMPLE: push "route 10.0.0.0 255.255.255.0"'); + + $section->addInput(new Form_Select( + 'verbosity_level', + 'Verbosity level', + $pconfig['verbosity_level'], + $openvpn_verbosity_level + ))->setHelp('Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what\'s happening without being swamped by output' . '<br /><br />' . + 'None: Only fatal errors' . '<br />' . + 'Default: Normal usage range' . '<br />' . + '5: Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets' .'<br />' . + '6: Debug info range'); + + $section->addInput(new Form_Input( + 'act', + null, + 'hidden', + $act + )); - switch (mvalue) { - case "p2p_tls": - case "p2p_shared_key": - p2p = true; - break; - default: - p2p = false; - break; + if (isset($id) && $a_server[$id]) { + $section->addInput(new Form_Input( + 'id', + null, + 'hidden', + $id + )); } - index = document.iform.dev_mode.selectedIndex; - value = document.iform.dev_mode.options[index].value; - switch (value) { - case "tun": - document.getElementById("chkboxNoTunIPv6").style.display=""; - document.getElementById("ipv4_tunnel_network").className="vncellreq"; - document.getElementById("serverbridge_dhcp").style.display="none"; - document.getElementById("serverbridge_interface").style.display="none"; - document.getElementById("serverbridge_dhcp_start").style.display="none"; - document.getElementById("serverbridge_dhcp_end").style.display="none"; - document.getElementById("topology_subnet_opt").style.display=""; - break; - case "tap": - document.getElementById("chkboxNoTunIPv6").style.display="none"; - document.getElementById("ipv4_tunnel_network").className="vncell"; - if (!p2p) { - document.getElementById("serverbridge_dhcp").style.display=""; - document.getElementById("serverbridge_interface").style.display=""; - document.getElementById("serverbridge_dhcp_start").style.display=""; - document.getElementById("serverbridge_dhcp_end").style.display=""; - document.getElementById("topology_subnet_opt").style.display="none"; - document.iform.serverbridge_dhcp.disabled = false; - if (document.iform.serverbridge_dhcp.checked) { - document.iform.serverbridge_interface.disabled = false; - document.iform.serverbridge_dhcp_start.disabled = false; - document.iform.serverbridge_dhcp_end.disabled = false; - } else { - document.iform.serverbridge_interface.disabled = true; - document.iform.serverbridge_dhcp_start.disabled = true; - document.iform.serverbridge_dhcp_end.disabled = true; - } - } else { - document.getElementById("topology_subnet_opt").style.display="none"; - document.iform.serverbridge_dhcp.disabled = true; - document.iform.serverbridge_interface.disabled = true; - document.iform.serverbridge_dhcp_start.disabled = true; - document.iform.serverbridge_dhcp_end.disabled = true; - } - break; - } -} -//]]> -</script> -<?php -if (!$savemsg) { - $savemsg = ""; -} + $form->add($section); + print($form); -if ($input_errors) { - print_input_errors($input_errors); -} -if ($savemsg) { - print_info_box_np($savemsg); -} +else: ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn server"> - <tr> - <td class="tabnavtbl"> - <?php - $tab_array = array(); - $tab_array[] = array(gettext("Server"), true, "vpn_openvpn_server.php"); - $tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php"); - $tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php"); - $tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml"); - add_package_tabs("openvpn-client-export", $tab_array); - display_top_tabs($tab_array); - ?> - </td> - </tr> - <tr> - <td class="tabcont"> - - <?php if ($act == "new" || $act == "edit"): ?> - - <form action="vpn_openvpn_server.php" method="post" name="iform" id="iform" onsubmit="presubmit()"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="general information"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="0" cellspacing="0" summary="enable disable server"> - <tr> - <td> - <?php set_checked($pconfig['disable'], $chk); ?> - <input name="disable" type="checkbox" value="yes" <?=$chk;?> /> - </td> - <td> - - <span class="vexpl"> - <strong><?=gettext("Disable this server"); ?></strong><br /> - </span> - </td> - </tr> - </table> - <?=gettext("Set this option to disable this server without removing it from the list"); ?>. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td> - <td width="78%" class="vtable"> - <select name='mode' id='mode' class="formselect" onchange='mode_change(); tuntap_change()'> - <?php - foreach ($openvpn_server_modes as $name => $desc): - $selected = ""; - if ($pconfig['mode'] == $name) { - $selected = "selected=\"selected\""; - } - ?> - <option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option> - <?php endforeach; ?> - </select> - </td> - </tr> - <tr id="authmodetr" style="display:none"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td> - <td width="78%" class="vtable"> - <select name='authmode[]' id='authmode' class="formselect" multiple="multiple" size="<?php echo count($auth_servers); ?>"> - <?php - $authmodes = explode(",", $pconfig['authmode']); - $auth_servers = auth_get_authserver_list(); - // If no authmodes set then default to selecting the first entry in auth_servers - if (empty($authmodes[0]) && !empty(key($auth_servers))) { - $authmodes[0] = key($auth_servers); - } - - foreach ($auth_servers as $auth_server_key => $auth_server): - $selected = ""; - if (in_array($auth_server_key, $authmodes)) { - $selected = "selected=\"selected\""; - } - ?> - <option value="<?=$auth_server_key;?>" <?=$selected;?>><?=$auth_server['name'];?></option> - <?php endforeach; ?> - </select> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td> - <td width="78%" class="vtable"> - <select name='protocol' class="formselect"> - <?php - foreach ($openvpn_prots as $prot): - $selected = ""; - if ($pconfig['protocol'] == $prot) { - $selected = "selected=\"selected\""; - } - ?> - <option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option> - <?php endforeach; ?> - </select> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td> - <td width="78%" class="vtable"> - <select name="dev_mode" class="formselect" onchange='tuntap_change()'> - <?php - foreach ($openvpn_dev_mode as $device): - $selected = ""; - if (!empty($pconfig['dev_mode'])) { - if ($pconfig['dev_mode'] == $device) { - $selected = "selected=\"selected\""; - } - } else { - if ($device == "tun") { - $selected = "selected=\"selected\""; - } - } - ?> - <option value="<?=$device;?>" <?=$selected;?>><?=$device;?></option> - <?php endforeach; ?> - </select> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> - <td width="78%" class="vtable"> - <select name="interface" class="formselect"> - <?php - $interfaces = get_configured_interface_with_descr(); - $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) { - $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; - } - $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) { - $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; - } - $grouplist = return_gateway_groups_array(); - foreach ($grouplist as $name => $group) { - if ($group['ipprotocol'] != inet) { - continue; - } - if ($group[0]['vip'] <> "") { - $vipif = $group[0]['vip']; - } else { - $vipif = $group[0]['int']; - } - $interfaces[$name] = "GW Group {$name}"; - } - $interfaces['lo0'] = "Localhost"; - $interfaces['any'] = "any"; - foreach ($interfaces as $iface => $ifacename): - $selected = ""; - if ($iface == $pconfig['interface']) { - $selected = "selected=\"selected\""; - } - ?> - <option value="<?=$iface;?>" <?=$selected;?>> - <?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select> <br /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Local port");?></td> - <td width="78%" class="vtable"> - <input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> - <td width="78%" class="vtable"> - <input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>" /> - <br /> - <?=gettext("You may enter a description here for your reference (not parsed)"); ?>. - </td> - </tr> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td> - </tr> - <tr id="tls"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="tls authentication"> - <tr> - <td> - <?php set_checked($pconfig['tlsauth_enable'], $chk); ?> - <input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onclick="tlsauth_change()" /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Enable authentication of TLS packets"); ?>. - </span> - </td> - </tr> - </table> - <?php if (!$pconfig['tls']): ?> - <table border="0" cellpadding="2" cellspacing="0" id="tlsauth_opts" summary="tls authentication options"> - <tr> - <td> - <?php set_checked($pconfig['autotls_enable'], $chk); ?> - <input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autotls_change()" /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Automatically generate a shared TLS authentication key"); ?>. - </span> - </td> - </tr> - </table> - <?php endif; ?> - <table border="0" cellpadding="2" cellspacing="0" id="autotls_opts" summary="tls authentication key"> - <tr> - <td> - <textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea> - <br /> - <?=gettext("Paste your shared key here"); ?>. - </td> - </tr> - </table> - </td> - </tr> - <tr id="tls_ca"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td> - <td width="78%" class="vtable"> - <?php if (count($a_ca)): ?> - <select name='caref' class="formselect"> - <?php - foreach ($a_ca as $ca): - $selected = ""; - if ($pconfig['caref'] == $ca['refid']) { - $selected = "selected=\"selected\""; - } - ?> - <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=htmlspecialchars($ca['descr']);?></option> - <?php endforeach; ?> - </select> - <?php else: ?> - <b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System > Cert Manager</a>. - <?php endif; ?> - </td> - </tr> - <tr id="tls_crl"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Revocation List"); ?></td> - <td width="78%" class="vtable"> - <?php if (count($a_crl)): ?> - <select name='crlref' class="formselect"> - <option value="">None</option> - <?php - foreach ($a_crl as $crl): - $selected = ""; - $caname = ""; - $ca = lookup_ca($crl['caref']); - if ($ca) { - $caname = " (CA: " . htmlspecialchars($ca['descr']) . ")"; - if ($pconfig['crlref'] == $crl['refid']) { - $selected = "selected=\"selected\""; - } - } - ?> - <option value="<?=$crl['refid'];?>" <?=$selected;?>><?=htmlspecialchars($crl['descr']) . $caname;?></option> - <?php endforeach; ?> - </select> - <?php else: ?> - <b>No Certificate Revocation Lists (CRLs) defined.</b> <br />Create one under <a href="system_crlmanager.php">System > Cert Manager</a>. - <?php endif; ?> - </td> - </tr> - <tr id="tls_cert"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Server Certificate"); ?></td> - <td width="78%" class="vtable"> - <?php if (count($a_cert)): ?> - <select name='certref' class="formselect"> - <?php - foreach ($a_cert as $cert): - $selected = ""; - $caname = ""; - $inuse = ""; - $revoked = ""; - $ca = lookup_ca($cert['caref']); - if ($ca) { - $caname = " (CA: " . htmlspecialchars($ca['descr']) . ")"; - } - if ($pconfig['certref'] == $cert['refid']) { - $selected = "selected=\"selected\""; - } - if (cert_in_use($cert['refid'])) { - $inuse = " *In Use"; - } - if (is_cert_revoked($cert)) { - $revoked = " *Revoked"; - } - ?> - <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=htmlspecialchars($cert['descr']) . $caname . $inuse . $revoked;?></option> - <?php endforeach; ?> - </select> - <?php else: ?> - <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a>. - <?php endif; ?> - </td> - </tr> - <tr id="tls_dh"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("DH Parameters Length"); ?></td> - <td width="78%" class="vtable"> - <select name="dh_length" class="formselect"> - <?php - foreach ($openvpn_dh_lengths as $length): - $selected = ""; - if ($length == $pconfig['dh_length']) { - $selected = " selected=\"selected\""; - } - ?> - <option<?=$selected?>><?=$length;?></option> - <?php endforeach; ?> - </select> - <span class="vexpl"> - <?=gettext("bits"); ?> - </span> - </td> - </tr> - <tr id="psk"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td> - <td width="78%" class="vtable"> - <?php if (!$pconfig['shared_key']): ?> - <table border="0" cellpadding="2" cellspacing="0" summary="shared key"> - <tr> - <td> - <?php set_checked($pconfig['autokey_enable'], $chk); ?> - <input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autokey_change()" /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Automatically generate a shared key"); ?>. - </span> - </td> - </tr> - </table> - <?php endif; ?> - <table border="0" cellpadding="2" cellspacing="0" id="autokey_opts" summary="shared key"> - <tr> - <td> - <textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea> - <br /> - <?=gettext("Paste your shared key here"); ?>. - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td> - <td width="78%" class="vtable"> - <select name="crypto" class="formselect"> - <?php - $cipherlist = openvpn_get_cipherlist(); - foreach ($cipherlist as $name => $desc): - $selected = ""; - if ($name == $pconfig['crypto']) { - $selected = " selected=\"selected\""; - } - ?> - <option value="<?=$name;?>"<?=$selected?>> - <?=htmlspecialchars($desc);?> - </option> - <?php endforeach; ?> - </select> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Auth Digest Algorithm"); ?></td> - <td width="78%" class="vtable"> - <select name="digest" class="formselect"> - <?php - $digestlist = openvpn_get_digestlist(); - foreach ($digestlist as $name => $desc): - $selected = ""; - if ($name == $pconfig['digest']) { - $selected = " selected=\"selected\""; - } - ?> - <option value="<?=$name;?>"<?=$selected?>> - <?=htmlspecialchars($desc);?> - </option> - <?php endforeach; ?> - </select> - <br /><?PHP echo gettext("NOTE: Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN."); ?> - </td> - </tr> - <tr id="engine"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td> - <td width="78%" class="vtable"> - <select name="engine" class="formselect"> - <?php - $engines = openvpn_get_engines(); - foreach ($engines as $name => $desc): - $selected = ""; - if ($name == $pconfig['engine']) { - $selected = " selected=\"selected\""; - } - ?> - <option value="<?=$name;?>"<?=$selected?>> - <?=htmlspecialchars($desc);?> - </option> - <?php endforeach; ?> - </select> - </td> - </tr> - <tr id="cert_depth"> - <td width="22%" valign="top" class="vncell"><?=gettext("Certificate Depth"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="certificate depth"> - <tr> - <td> - <select name="cert_depth" class="formselect"> - <option value="">Do Not Check</option> - <?php - foreach ($openvpn_cert_depths as $depth => $depthdesc): - $selected = ""; - if ($depth == $pconfig['cert_depth']) { - $selected = " selected=\"selected\""; - } - ?> - <option value="<?= $depth ?>" <?= $selected ?>><?= $depthdesc ?></option> - <?php endforeach; ?> - </select> - </td> - </tr> - <tr> - <td> - <span class="vexpl"> - <?=gettext("When a certificate-based client logs in, do not accept certificates below this depth. Useful for denying certificates made with intermediate CAs generated from the same CA as the server."); ?> - </span> - </td> - </tr> - </table> - </td> - </tr> - <tr id="strictusercn"> - <td width="22%" valign="top" class="vncell"><?=gettext("Strict User/CN Matching"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="strict user/cn matching"> - <tr> - <td> - <?php set_checked($pconfig['strictusercn'], $chk); ?> - <input name="strictusercn" type="checkbox" value="yes" <?=$chk;?> /> - </td> - <td> - <span class="vexpl"> - <?=gettext("When authenticating users, enforce a match between the common name of the client certificate and the username given at login."); ?> - </span> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="ipv4_tunnel_network"><?=gettext("IPv4 Tunnel Network"); ?></td> - <td width="78%" class="vtable"> - <input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>" /> - <br /> - <?=gettext("This is the IPv4 virtual network used for private " . - "communications between this server and client " . - "hosts expressed using CIDR (eg. 10.0.8.0/24). " . - "The first network address will be assigned to " . - "the server virtual interface. The remaining " . - "network addresses can optionally be assigned " . - "to connecting clients. (see Address Pool)"); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Tunnel Network"); ?></td> - <td width="78%" class="vtable"> - <input name="tunnel_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_networkv6']);?>" /> - <br /> - <?=gettext("This is the IPv6 virtual network used for private " . - "communications between this server and client " . - "hosts expressed using CIDR (eg. fe80::/64). " . - "The first network address will be assigned to " . - "the server virtual interface. The remaining " . - "network addresses can optionally be assigned " . - "to connecting clients. (see Address Pool)"); ?> - </td> - </tr> - <tr id="serverbridge_dhcp"> - <td width="22%" valign="top" class="vncell"><?=gettext("Bridge DHCP"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="bridge dhcp"> - <tr> - <td> - <?php set_checked($pconfig['serverbridge_dhcp'], $chk); ?> - <input name="serverbridge_dhcp" type="checkbox" value="yes" <?=$chk;?> onchange="tuntap_change()" /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Allow clients on the bridge to obtain DHCP."); ?><br /> - </span> - </td> - </tr> - </table> - </td> - </tr> - <tr id="serverbridge_interface"> - <td width="22%" valign="top" class="vncell"><?=gettext("Bridge Interface"); ?></td> - <td width="78%" class="vtable"> - <select name="serverbridge_interface" class="formselect"> - <?php - $serverbridge_interface['none'] = "none"; - $serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr()); - $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) { - $serverbridge_interface[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; - } - $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) { - $serverbridge_interface[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; - } - foreach ($serverbridge_interface as $iface => $ifacename): - $selected = ""; - if ($iface == $pconfig['serverbridge_interface']) { - $selected = "selected=\"selected\""; - } - ?> - <option value="<?=$iface;?>" <?=$selected;?>> - <?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select> <br /> - <?=gettext("The interface to which this tap instance will be " . - "bridged. This is not done automatically. You must assign this " . - "interface and create the bridge separately. " . - "This setting controls which existing IP address and subnet " . - "mask are used by OpenVPN for the bridge. Setting this to " . - "'none' will cause the Server Bridge DHCP settings below to be ignored."); ?> - </td> - </tr> - <tr id="serverbridge_dhcp_start"> - <td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP Start"); ?></td> - <td width="78%" class="vtable"> - <input name="serverbridge_dhcp_start" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_start']);?>" /> - <br /> - <?=gettext("When using tap mode as a multi-point server, " . - "you may optionally supply a DHCP range to use on the " . - "interface to which this tap instance is bridged. " . - "If these settings are left blank, DHCP will be passed " . - "through to the LAN, and the interface setting above " . - "will be ignored."); ?> - </td> - </tr> - <tr id="serverbridge_dhcp_end"> - <td width="22%" valign="top" class="vncell"><?=gettext("Server Bridge DHCP End"); ?></td> - <td width="78%" class="vtable"> - <input name="serverbridge_dhcp_end" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['serverbridge_dhcp_end']);?>" /> - <br /> - </td> - </tr> - <tr id="gwredir_opts"> - <td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="redirect gateway"> - <tr> - <td> - <?php set_checked($pconfig['gwredir'], $chk); ?> - <input name="gwredir" type="checkbox" value="yes" <?=$chk;?> onclick="gwredir_change()" /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Force all client generated traffic through the tunnel"); ?>. - </span> - </td> - </tr> - </table> - </td> - </tr> - <tr id="local_optsv4"> - <td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Local Network/s"); ?></td> - <td width="78%" class="vtable"> - <input name="local_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['local_network']);?>" /> - <br /> - <?=gettext("These are the IPv4 networks that will be accessible " . - "from the remote endpoint. Expressed as a comma-separated list of one or more CIDR ranges. " . - "You may leave this blank if you don't " . - "want to add a route to the local network " . - "through this tunnel on the remote machine. " . - "This is generally set to your LAN network"); ?>. - </td> - </tr> - <tr id="local_optsv6"> - <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Local Network/s"); ?></td> - <td width="78%" class="vtable"> - <input name="local_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['local_networkv6']);?>" /> - <br /> - <?=gettext("These are the IPv6 networks that will be accessible " . - "from the remote endpoint. Expressed as a comma-separated list of one or more IP/PREFIX. " . - "You may leave this blank if you don't " . - "want to add a route to the local network " . - "through this tunnel on the remote machine. " . - "This is generally set to your LAN network"); ?>. - </td> - </tr> - <tr id="remote_optsv4"> - <td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Remote Network/s"); ?></td> - <td width="78%" class="vtable"> - <input name="remote_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_network']);?>" /> - <br /> - <?=gettext("These are the IPv4 networks that will be routed through " . - "the tunnel, so that a site-to-site VPN can be " . - "established without manually changing the routing tables. " . - "Expressed as a comma-separated list of one or more CIDR ranges. " . - "If this is a site-to-site VPN, enter the " . - "remote LAN/s here. You may leave this blank if " . - "you don't want a site-to-site VPN"); ?>. - </td> - </tr> - <tr id="remote_optsv6"> - <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Remote Network/s"); ?></td> - <td width="78%" class="vtable"> - <input name="remote_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_networkv6']);?>" /> - <br /> - <?=gettext("These are the IPv6 networks that will be routed through " . - "the tunnel, so that a site-to-site VPN can be " . - "established without manually changing the routing tables. " . - "Expressed as a comma-separated list of one or more IP/PREFIX. " . - "If this is a site-to-site VPN, enter the " . - "remote LAN/s here. You may leave this blank if " . - "you don't want a site-to-site VPN"); ?>. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Concurrent connections");?></td> - <td width="78%" class="vtable"> - <input name="maxclients" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['maxclients']);?>" /> - <br /> - <?=gettext("Specify the maximum number of clients allowed to concurrently connect to this server"); ?>. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td> - <td width="78%" class="vtable"> - <select name="compression" class="formselect"> - <?php - foreach ($openvpn_compression_modes as $cmode => $cmodedesc): - $selected = ""; - if ($cmode == $pconfig['compression']) { - $selected = " selected=\"selected\""; - } - ?> - <option value="<?= $cmode ?>" <?= $selected ?>><?= $cmodedesc ?></option> - <?php endforeach; ?> - </select> - <br /> - <?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently"); ?>. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="type-of-service"> - <tr> - <td> - <?php set_checked($pconfig['passtos'], $chk); ?> - <input name="passtos" type="checkbox" value="yes" <?=$chk;?> /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>. - </span> - </td> - </tr> - </table> - </td> - </tr> - <tr id="inter_client_communication"> - <td width="22%" valign="top" class="vncell"><?=gettext("Inter-client communication"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="inter-client communication"> - <tr> - <td> - <?php set_checked($pconfig['client2client'], $chk); ?> - <input name="client2client" type="checkbox" value="yes" <?=$chk;?> /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Allow communication between clients connected to this server"); ?> - </span> - </td> - </tr> - </table> - </td> - </tr> - <tr id="duplicate_cn"> - <td width="22%" valign="top" class="vncell"><?=gettext("Duplicate Connections"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="duplicate connection"> - <tr> - <td> - <?php set_checked($pconfig['duplicate_cn'], $chk); ?> - <input name="duplicate_cn" type="checkbox" value="yes" <?=$chk;?> /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Allow multiple concurrent connections from clients using the same Common Name.<br />NOTE: This is not generally recommended, but may be needed for some scenarios."); ?> - </span> - </td> - </tr> - </table> - </td> - </tr> - - <tr id="chkboxNoTunIPv6"> - <td width="22%" valign="top" class="vncell"><?=gettext("Disable IPv6"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6-srv"> - <tr> - <td> - <?php set_checked($pconfig['no_tun_ipv6'], $chk); ?> - <input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Don't forward IPv6 traffic"); ?>. - </span> - </td> - </tr> - </table> - </td> - </tr> - - </table> - - <table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="client settings"> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Client Settings"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Dynamic IP"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="dynamic ip"> - <tr> - <td> - <?php set_checked($pconfig['dynamic_ip'], $chk); ?> - <input name="dynamic_ip" type="checkbox" id="dynamic_ip" value="yes" <?=$chk;?> /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Allow connected clients to retain their connections if their IP address changes"); ?>.<br /> - </span> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Address Pool"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="address pool"> - <tr> - <td> - <?php set_checked($pconfig['pool_enable'], $chk); ?> - <input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?> /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Provide a virtual adapter IP address to clients (see Tunnel Network)"); ?><br /> - </span> - </td> - </tr> - </table> - </td> - </tr> - <tr id="topology_subnet_opt"> - <td width="22%" valign="top" class="vncell"><?=gettext("Topology"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="topology"> - <tr> - <td> - <?php set_checked($pconfig['topology_subnet'], $chk); ?> - <input name="topology_subnet" type="checkbox" id="topology_subnet" value="yes" <?=$chk;?> /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Allocate only one IP per client (topology subnet), rather than an isolated subnet per client (topology net30)."); ?><br /> - </span> - </td> - </tr> - <tr> - <td> </td> - <td> - <?=gettext("Relevant when supplying a virtual adapter IP address to clients when using tun mode on IPv4."); ?><br /> - <?=gettext("Some clients may require this even for IPv6, such as OpenVPN Connect (iOS/Android). Others may break if it is present, such as older versions of OpenVPN or clients such as Yealink phones."); ?><br /> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("DNS Default Domain"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="dns default domain"> - <tr> - <td> - <?php set_checked($pconfig['dns_domain_enable'], $chk); ?> - <input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onclick="dns_domain_change()" /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Provide a default domain name to clients"); ?><br /> - </span> - </td> - </tr> - </table> - <table border="0" cellpadding="2" cellspacing="0" id="dns_domain_data" summary="dns domain data"> - <tr> - <td> - <input name="dns_domain" type="text" class="formfld unknown" id="dns_domain" size="30" value="<?=htmlspecialchars($pconfig['dns_domain']);?>" /> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("DNS Servers"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="dns servers"> - <tr> - <td> - <?php set_checked($pconfig['dns_server_enable'], $chk); ?> - <input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onclick="dns_server_change()" /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Provide a DNS server list to clients"); ?><br /> - </span> - </td> - </tr> - </table> - <table border="0" cellpadding="2" cellspacing="0" id="dns_server_data" summary="dns servers"> - <tr> - <td> - <span class="vexpl"> - <?=gettext("Server"); ?> #1: - </span> - <input name="dns_server1" type="text" class="formfld unknown" id="dns_server1" size="20" value="<?=htmlspecialchars($pconfig['dns_server1']);?>" /> - </td> - </tr> - <tr> - <td> - <span class="vexpl"> - <?=gettext("Server"); ?> #2: - </span> - <input name="dns_server2" type="text" class="formfld unknown" id="dns_server2" size="20" value="<?=htmlspecialchars($pconfig['dns_server2']);?>" /> - </td> - </tr> - <tr> - <td> - <span class="vexpl"> - <?=gettext("Server"); ?> #3: - </span> - <input name="dns_server3" type="text" class="formfld unknown" id="dns_server3" size="20" value="<?=htmlspecialchars($pconfig['dns_server3']);?>" /> - </td> - </tr> - <tr> - <td> - <span class="vexpl"> - <?=gettext("Server"); ?> #4: - </span> - <input name="dns_server4" type="text" class="formfld unknown" id="dns_server4" size="20" value="<?=htmlspecialchars($pconfig['dns_server4']);?>" /> - </td> - </tr> - </table> - </td> - </tr> - - <tr id="chkboxPushRegisterDNS"> - <td width="22%" valign="top" class="vncell"><?=gettext("Force DNS cache update"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="push register dns"> - <tr> - <td> - <?php set_checked($pconfig['push_register_dns'], $chk); ?> - <input name="push_register_dns" type="checkbox" value="yes" <?=$chk;?> /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Run ''net stop dnscache'', ''net start dnscache'', ''ipconfig /flushdns'' and ''ipconfig /registerdns'' on connection initiation. This is known to kick Windows into recognizing pushed DNS servers."); ?><br /> - </span> - </td> - </tr> - </table> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("NTP Servers"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="ntp servers"> - <tr> - <td> - <?php set_checked($pconfig['ntp_server_enable'], $chk); ?> - <input name="ntp_server_enable" type="checkbox" id="ntp_server_enable" value="yes" <?=$chk;?> onclick="ntp_server_change()" /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Provide a NTP server list to clients"); ?><br /> - </span> - </td> - </tr> - </table> - <table border="0" cellpadding="2" cellspacing="0" id="ntp_server_data" summary="ntp servers"> - <tr> - <td> - <span class="vexpl"> - <?=gettext("Server"); ?> #1: - </span> - <input name="ntp_server1" type="text" class="formfld unknown" id="ntp_server1" size="20" value="<?=htmlspecialchars($pconfig['ntp_server1']);?>" /> - </td> - </tr> - <tr> - <td> - <span class="vexpl"> - <?=gettext("Server"); ?> #2: - </span> - <input name="ntp_server2" type="text" class="formfld unknown" id="ntp_server2" size="20" value="<?=htmlspecialchars($pconfig['ntp_server2']);?>" /> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("NetBIOS Options"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="netboios options"> - <tr> - <td> - <?php set_checked($pconfig['netbios_enable'], $chk); ?> - <input name="netbios_enable" type="checkbox" id="netbios_enable" value="yes" <?=$chk;?> onclick="netbios_change()" /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Enable NetBIOS over TCP/IP"); ?><br /> - </span> - </td> - </tr> - </table> - <?=gettext("If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled"); ?>. - <br /> - <table border="0" cellpadding="2" cellspacing="0" id="netbios_data" summary="netboios options"> - <tr> - <td> - <br /> - <span class="vexpl"> - <?=gettext("Node Type"); ?>: - </span> - <select name='netbios_ntype' class="formselect"> - <?php - foreach ($netbios_nodetypes as $type => $name): - $selected = ""; - if ($pconfig['netbios_ntype'] == $type) { - $selected = "selected=\"selected\""; - } - ?> - <option value="<?=$type;?>" <?=$selected;?>><?=$name;?></option> - <?php endforeach; ?> - </select> - <br /> - <?=gettext("Possible options: b-node (broadcasts), p-node " . - "(point-to-point name queries to a WINS server), " . - "m-node (broadcast then query name server), and " . - "h-node (query name server, then broadcast)"); ?>. - </td> - </tr> - <tr> - <td> - <br /> - <span class="vexpl"> - <?=gettext("Scope ID"); ?>: - </span> - <input name="netbios_scope" type="text" class="formfld unknown" id="netbios_scope" size="30" value="<?=htmlspecialchars($pconfig['netbios_scope']);?>" /> - <br /> - <?=gettext("A NetBIOS Scope ID provides an extended naming " . - "service for NetBIOS over TCP/IP. The NetBIOS " . - "scope ID isolates NetBIOS traffic on a single " . - "network to only those nodes with the same " . - "NetBIOS scope ID"); ?>. - </td> - </tr> - </table> - </td> - </tr> - <tr id="wins_opts"> - <td width="22%" valign="top" class="vncell"><?=gettext("WINS Servers"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="wins servers"> - <tr> - <td> - <?php set_checked($pconfig['wins_server_enable'], $chk); ?> - <input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onclick="wins_server_change()" /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Provide a WINS server list to clients"); ?><br /> - </span> - </td> - </tr> - </table> - <table border="0" cellpadding="2" cellspacing="0" id="wins_server_data" summary="wins servers"> - <tr> - <td> - <span class="vexpl"> - <?=gettext("Server"); ?> #1: - </span> - <input name="wins_server1" type="text" class="formfld unknown" id="wins_server1" size="20" value="<?=htmlspecialchars($pconfig['wins_server1']);?>" /> - </td> - </tr> - <tr> - <td> - <span class="vexpl"> - <?=gettext("Server"); ?> #2: - </span> - <input name="wins_server2" type="text" class="formfld unknown" id="wins_server2" size="20" value="<?=htmlspecialchars($pconfig['wins_server2']);?>" /> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Client Management Port"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="client management port"> - <tr> - <td> - <?php set_checked($pconfig['client_mgmt_port_enable'], $chk); ?> - <input name="client_mgmt_port_enable" type="checkbox" id="client_mgmt_port_enable" value="yes" <?=$chk;?> onclick="client_mgmt_port_change()" /> - </td> - <td> - <span class="vexpl"> - <?=gettext("Use a different management port on clients. The default port is 166. Specify a different port if the client machines need to select from multiple OpenVPN links."); ?><br /> - </span> - </td> - </tr> - </table> - <table border="0" cellpadding="2" cellspacing="0" id="client_mgmt_port_data" summary="client management port"> - <tr> - <td> - <input name="client_mgmt_port" type="text" class="formfld unknown" id="client_mgmt_port" size="30" value="<?=htmlspecialchars($pconfig['client_mgmt_port']);?>" /> - </td> - </tr> - </table> - </td> - </tr> - </table> - - <table width="100%" border="0" cellpadding="6" cellspacing="0" id="client_opts" summary="advance configuration"> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0" summary="advance configuration"> - <tr> - <td> - <textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br /> - <?=gettext("Enter any additional options you would like to add to the OpenVPN server configuration here, separated by a semicolon"); ?><br /> - <?=gettext("EXAMPLE: push \"route 10.0.0.0 255.255.255.0\""); ?>; - </td> - </tr> - </table> - </td> - </tr> - - <tr id="comboboxVerbosityLevel"> - <td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td> - <td width="78%" class="vtable"> - <select name="verbosity_level" class="formselect"> - <?php - foreach ($openvpn_verbosity_level as $verb_value => $verb_desc): - $selected = ""; - if ($pconfig['verbosity_level'] == $verb_value) { - $selected = "selected=\"selected\""; - } - ?> - <option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option> - <?php endforeach; ?> - </select> - <br /> - <?=gettext("Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output"); ?>.<br /> <br /> - <strong>none</strong> -- <?=gettext("No output except fatal errors"); ?>. <br /> - <strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br /> - <strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br /> - <strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>. - </td> - </tr> - - </table> - - <br /> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="icons"> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <input name="act" type="hidden" value="<?=$act;?>" /> - <?php if (isset($id) && $a_server[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif; ?> - </td> - </tr> - </table> - </form> - - <?php else: ?> - - <table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="list"> - <thead> - <tr> - <td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td> - <td width="10%" class="listhdrr"><?=gettext("Protocol / Port"); ?></td> - <td width="30%" class="listhdrr"><?=gettext("Tunnel Network"); ?></td> - <td width="40%" class="listhdrr"><?=gettext("Description"); ?></td> - <td width="10%" class="list"></td> - </tr> - </thead> - <tfoot> +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=gettext('OpenVPN Servers')?></h2></div> + <div class="panel-body table-responsive"> + <table class="table table-striped table-hover table-condensed"> + <thead> <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <a href="vpn_openvpn_server.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add server"); ?>" width="17" height="17" border="0" alt="add" /> - </a> - </td> + <th><?=gettext("Protocol / Port")?></th> + <th><?=gettext("Tunnel Network")?></th> + <th><?=gettext("Description")?></th> + <th><!-- Buttons --></th> </tr> - </tfoot> - <tbody> - <?php - $i = 0; - foreach ($a_server as $server): - $disabled = "NO"; - if (isset($server['disable'])) { - $disabled = "YES"; - } - ?> - <tr> - <td class="listlr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'"> - <?=$disabled;?> - </td> - <td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'"> - <?=htmlspecialchars($server['protocol']);?> / <?=htmlspecialchars($server['local_port']);?> + </thead> + + <tbody> +<?php + $i = 0; + foreach($a_server as $server): +?> + <tr <?=isset($server['disable']) ? 'class="disabled"':''?>> + <td> + <?=htmlspecialchars($server['protocol'])?> / <?=htmlspecialchars($server['local_port'])?> </td> - <td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'"> - <?=htmlspecialchars($server['tunnel_network']);?><br /> - <?=htmlspecialchars($server['tunnel_networkv6']);?><br /> + <td> + <?=htmlspecialchars($server['tunnel_network'])?><br /> + <?=htmlspecialchars($server['tunnel_networkv6'])?> </td> - <td class="listbg" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'"> - <?=htmlspecialchars($server['description']);?> + <td> + <?=htmlspecialchars($server['description'])?> </td> - <td valign="middle" class="list nowrap"> - <a href="vpn_openvpn_server.php?act=edit&id=<?=$i;?>"> - <img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit server"); ?>" width="17" height="17" border="0" alt="edit" /> - </a> - - <a href="vpn_openvpn_server.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this server?"); ?>')"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete server"); ?>" width="17" height="17" border="0" alt="delete" /> - </a> + <td> + <a href="vpn_openvpn_server.php?act=edit&id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext("Edit")?></a> + <a href="vpn_openvpn_server.php?act=del&id=<?=$i?>" class="btn btn-xs btn-danger"><?=gettext("Delete")?></a> </td> </tr> - <?php - $i++; - endforeach; - ?> - <tr style="display:none;"><td></td></tr> - </tbody> - </table> +<?php + $i++; + endforeach; +?> + </tbody> + </table> + </div> +</div> - <?=gettext("Additional OpenVPN servers can be added here.");?> +<nav class="action-buttons"> + <a href="vpn_openvpn_server.php?act=new" class="btn btn-sm btn-success"> + <?=gettext("Add server")?> + </a> +</nav> - <?php endif; ?> +<?php +endif; + +// Note: +// The following *_change() functions were converted from Javascript/DOM to JQuery but otherwise +// mostly left unchanged. The logic on this form is complex and this works! +?> - </td> - </tr> -</table> <script type="text/javascript"> //<![CDATA[ -mode_change(); -autokey_change(); -tlsauth_change(); -gwredir_change(); -dns_domain_change(); -dns_server_change(); -wins_server_change(); -client_mgmt_port_change(); -ntp_server_change(); -netbios_change(); -tuntap_change(); -//]]> -</script> -<?php include("fend.inc"); ?> -</body> -</html> -<?php +events.push(function(){ + + function mode_change() { + value = $('#mode').val(); + + switch(value) { + case "p2p_tls": + case "server_tls": + case "server_user": + hideCheckbox('tlsauth_enable', false); + hideCheckbox('auto_tls_enable', false); + hideInput('tls', false); + hideInput('ca_ref', false); + hideInput('crl_ref', false); + hideInput('certref', false); + hideInput('dh_length', false); + hideInput('cert_depth', false); + hideInput('strictusercn', true); + hideInput('autokey_enable', false); + hideInput('shared_key', false); + break; + case "server_tls_user": + hideCheckbox('tlsauth_enable', false); + hideCheckbox('auto_tls_enable', false); + hideInput('tls', false); + hideInput('ca_ref', false); + hideInput('crl_ref', false); + hideInput('certref', false); + hideInput('dh_length', false); + hideInput('cert_depth', false); + hideInput('strictusercn', false); + hideInput('autokey_enable', true); + hideInput('shared_key', true); + break; + case "p2p_shared_key": + hideCheckbox('tlsauth_enable', true); + hideCheckbox('auto_tls_enable', true); + hideInput('tls', true); + hideInput('ca_ref', true); + hideInput('crl_ref', true); + hideInput('certref', true); + hideInput('dh_length', true); + hideInput('cert_depth', true); + hideInput('strictusercn', true); + hideInput('autokey_enable', false); + hideInput('shared_key', false); + break; + } -/* local utility functions */ + switch(value) { + case "p2p_shared_key": + hideClass('advanced', true); + hideInput('remote_network', false); + hideInput('remote_networkv6', false); + hideInput('gwredir', true); + hideInput('local_network', true); + hideInput('local_networkv6', true); + hideInput('authmode', true); + hideInput('client2client', true); + break; + case "p2p_tls": + hideClass('advanced', true); + hideInput('remote_network', false); + hideInput('remote_networkv6', false); + hideInput('gwredir', false); + hideInput('local_network', false); + hideInput('local_networkv6', false); + hideInput('authmode', true); + hideInput('client2client', true); + break; + case "server_user": + case "server_tls_user": + hideClass('advanced', false); + hideInput('remote_network', true); + hideInput('remote_networkv6', true); + hideInput('gwredir', false); + hideInput('local_network', false); + hideInput('local_networkv6', false); + hideInput('authmode', false); + hideInput('client2client', false); + break; + case "server_tls": + hideInput('authmode', true); + default: + hideInput('custom_options', false); + hideInput('verbosity_level', false); + hideInput('remote_network', true); + hideInput('remote_networkv6', true); + hideInput('gwredir', false); + hideInput('local_network', false); + hideInput('local_networkv6', false); + hideInput('client2client', false); + break; + } -function set_checked($var,& $chk) { - if ($var) { - $chk = "checked=\"checked\""; - } else { - $chk = ""; + gwredir_change(); } -} -?> + function autokey_change() { + var hide = ! $('#autokey_enable').prop('checked') + + hideInput('shared_key', hide); + } + + function tlsauth_change() { + var hide = ! $('#tlsauth_enable').prop('checked') + + <?php if (!$pconfig['tls']): ?> + hideCheckbox('autotls_enable', hide); + <?php endif; ?> + + autotls_change(); + } + + function autotls_change() { + + <?php if (!$pconfig['tls']): ?> + autocheck = $('#autotls_enable').prop('checked'); + <?php else: ?> + autocheck = false; + <?php endif; ?> + + if ($('#tlsauth_enable').prop('checked') && !autocheck) + hideInput('tls', false); + else + hideInput('tls', true); + } + + function gwredir_change() { + var hide = ! $('#gwredir').prop('checked') + + hideInput('local_network', hide); + hideInput('local_networkv6', hide); + hideInput('remote_network', hide); + hideInput('remote_networkv6', hide); + } + + function dns_domain_change() { + var hide = ! $('#dns_domain_enable').prop('checked') + + hideInput('dns_domain', hide); + } + + function dns_server_change() { + var hide = ! $('#dns_server_enable').prop('checked') + + hideInput('dns_server1', hide); + hideInput('dns_server2', hide); + hideInput('dns_server3', hide); + hideInput('dns_server4', hide); + } + + function wins_server_change() { + var hide = ! $('#wins_server_enable').prop('checked') + + hideInput('wins_server1', hide); + hideInput('wins_server2', hide); + } + + function client_mgmt_port_change() { + var hide = ! $('#client_mgmt_port_enable').prop('checked') + + hideInput('client_mgmt_port', hide); + } + + function ntp_server_change() { + var hide = ! $('#ntp_server_enable').prop('checked') + + hideInput('ntp_server1', hide); + hideInput('ntp_server2', hide); + } + + function netbios_change() { + var hide = ! $('#netbios_enable').prop('checked') + + hideInput('netbios_ntype', hide); + hideInput('netbios_scope', hide); + hideCheckbox('wins_server_enable', hide); + wins_server_change(); + hideCheckbox('client_mgmt_port_enable', hide); + client_mgmt_port_change(); + } + + function tuntap_change() { + + mvalue = $('#mode').val(); + + switch(mvalue) { + case "p2p_tls": + case "p2p_shared_key": + p2p = true; + break; + default: + p2p = false; + break; + } + + value = $('#dev_mode').val(); + + switch(value) { + case "tun": + hideCheckbox('no_tun_ipv6', false); + hideInput('tunnel_network', false); + hideCheckbox('serverbridge_dhcp', true); + hideInput('serverbridge_interface', true); + hideInput('serverbridge_dhcp_start', true); + hideInput('serverbridge_dhcp_end', true); + hideInput('topology_subnet', false); + break; + + case "tap": + hideCheckbox('no_tun_ipv6', true); + hideInput('tunnel_network', false); + + if (!p2p) { + hideCheckbox('serverbridge_dhcp', false); + hideInput('serverbridge_interface', false); + hideInput('serverbridge_dhcp_start', false); + hideInput('serverbridge_dhcp_end', false); + hideInput('topology_subnet', false); + + if( $('#serverbridge_dhcp').prop('checked')) { + disableInput('serverbridge_interface', false); + disableInput('serverbridge_dhcp_start', false); + disableInput('serverbridge_dhcp_end', false); + } else { + disableInput('serverbridge_interface', true); + disableInput('serverbridge_dhcp_start', true); + disableInput('serverbridge_dhcp_end', true); + } + } else { + hideInput('topology_subnet', true); + disableInput('serverbridge_dhcp', true); + disableInput('serverbridge_interface', true); + disableInput('serverbridge_dhcp_start', true); + disableInput('serverbridge_dhcp_end', true); + } + + break; + } + } + + // ---------- Library of show/hide functions ---------------------------------------------------------------------- + + // Hides the <div> in which the specified input element lives so that the input, + // its label and help text are hidden + function hideInput(id, hide) { + if(hide) + $('#' + id).parent().parent('div').addClass('hidden'); + else + $('#' + id).parent().parent('div').removeClass('hidden'); + } + + // Hides the <div> in which the specified checkbox lives so that the checkbox, + // its label and help text are hidden + function hideCheckbox(id, hide) { + if(hide) + $('#' + id).parent().parent().parent('div').addClass('hidden'); + else + $('#' + id).parent().parent().parent('div').removeClass('hidden'); + } + + // Disables the specified input element + function disableInput(id, disable) { + $('#' + id).prop("disabled", disable); + } + + // Hides all elements of the specified class. This will usually be a section or group + function hideClass(s_class, hide) { + if(hide) + $('.' + s_class).hide(); + else + $('.' + s_class).show(); + } + + // ---------- Monitor elements for change and call the appropriate display functions ------------------------------ + + // NTP + $('#ntp_server_enable').click(function () { + ntp_server_change(); + }); + + // Netbios + $('#netbios_enable').click(function () { + netbios_change(); + }); + + // Client management port + $('#client_mgmt_port_enable').click(function () { + client_mgmt_port_change(); + }); + + // Wins server port + $('#wins_server_enable').click(function () { + wins_server_change(); + }); + + // DNS server port + $('#dns_server_enable').click(function () { + dns_server_change(); + }); + + // DNS server port + $('#dns_domain_enable').click(function () { + dns_domain_change(); + }); + + // Gateway redirect + $('#gwredir').click(function () { + gwredir_change(); + }); + + // Auto TLSkey generation + $('#autotls_enable').click(function () { + autotls_change(); + }); + + // TLS Authorization + $('#tlsauth_enable').click(function () { + tlsauth_change(); + }); + + // Auto key + $('#autokey_enable').click(function () { + autokey_change(); + }); + + // Mode + $('#mode').click(function () { + mode_change(); + }); + + // Tun/tap mode + $('#dev_mode').click(function () { + tuntap_change(); + }); + + // ---------- Set initial page display state ---------------------------------------------------------------------- + mode_change(); + autokey_change(); + tlsauth_change(); + gwredir_change(); + dns_domain_change(); + dns_server_change(); + wins_server_change(); + client_mgmt_port_change(); + ntp_server_change(); + netbios_change(); + tuntap_change(); +}); +//]]> +</script> +<?php + +include("foot.inc"); |