$a_client[$id]['dev_mode']) {
/*
* delete old interface so a new TUN or TAP interface
* can be created.
*/
openvpn_delete('client', $a_client[$id]);
}
foreach ($simplefields as $stat) {
if (($stat == 'auth_pass') && ($_POST[$stat] == DMYPWD)) {
$client[$stat] = $a_client[$id]['auth_pass'];
} else {
update_if_changed($stat, $client[$stat], $_POST[$stat]);
}
}
if ($vpnid) {
$client['vpnid'] = $vpnid;
} else {
$client['vpnid'] = openvpn_vpnid_next();
}
if ($_POST['disable'] == "yes") {
$client['disable'] = true;
}
$client['protocol'] = $pconfig['protocol'];
$client['dev_mode'] = $pconfig['dev_mode'];
list($client['interface'], $client['ipaddr']) = explode ("|", $pconfig['interface']);
$client['local_port'] = $pconfig['local_port'];
$client['server_addr'] = $pconfig['server_addr'];
$client['server_port'] = $pconfig['server_port'];
$client['resolve_retry'] = $pconfig['resolve_retry'];
$client['proxy_addr'] = $pconfig['proxy_addr'];
$client['proxy_port'] = $pconfig['proxy_port'];
$client['proxy_authtype'] = $pconfig['proxy_authtype'];
$client['proxy_user'] = $pconfig['proxy_user'];
if ($pconfig['proxy_passwd'] != DMYPWD) {
$client['proxy_passwd'] = $pconfig['proxy_passwd'];
}
$client['description'] = $pconfig['description'];
$client['mode'] = $pconfig['mode'];
$client['topology'] = $pconfig['topology'];
$client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
if ($tls_mode) {
$client['caref'] = $pconfig['caref'];
$client['certref'] = $pconfig['certref'];
if ($pconfig['tlsauth_enable']) {
if ($pconfig['autotls_enable']) {
$pconfig['tls'] = openvpn_create_key();
}
$client['tls'] = base64_encode($pconfig['tls']);
}
} else {
$client['shared_key'] = base64_encode($pconfig['shared_key']);
}
$client['crypto'] = $pconfig['crypto'];
$client['digest'] = $pconfig['digest'];
$client['engine'] = $pconfig['engine'];
$client['tunnel_network'] = $pconfig['tunnel_network'];
$client['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
$client['remote_network'] = $pconfig['remote_network'];
$client['remote_networkv6'] = $pconfig['remote_networkv6'];
$client['use_shaper'] = $pconfig['use_shaper'];
$client['compression'] = $pconfig['compression'];
$client['passtos'] = $pconfig['passtos'];
$client['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
$client['route_no_pull'] = $pconfig['route_no_pull'];
$client['route_no_exec'] = $pconfig['route_no_exec'];
$client['verbosity_level'] = $pconfig['verbosity_level'];
if (isset($id) && $a_client[$id]) {
$a_client[$id] = $client;
} else {
$a_client[] = $client;
}
write_config();
openvpn_resync('client', $client);
header("Location: vpn_openvpn_client.php");
exit;
}
}
$pgtitle = array(gettext("VPN"), gettext("OpenVPN"), gettext("Clients"));
if ($act=="new" || $act=="edit") {
$pgtitle[] = gettext('Edit');
}
$shortcut_section = "openvpn";
include("head.inc");
if (!$savemsg) {
$savemsg = "";
}
if ($input_errors) {
print_input_errors($input_errors);
}
if ($savemsg) {
print_info_box($savemsg, 'success');
}
$tab_array = array();
$tab_array[] = array(gettext("Servers"), false, "vpn_openvpn_server.php");
$tab_array[] = array(gettext("Clients"), true, "vpn_openvpn_client.php");
$tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
$tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml");
add_package_tabs("OpenVPN", $tab_array);
display_top_tabs($tab_array);
if ($act=="new" || $act=="edit"):
$form = new Form();
$section = new Form_Section('General Information');
$section->addInput(new Form_Checkbox(
'disable',
'Disabled',
'Disable this client',
$pconfig['disable']
))->setHelp('Set this option to disable this client without removing it from the list.');
$section->addInput(new Form_Select(
'mode',
'Server mode',
$pconfig['mode'],
$openvpn_client_modes
));
$section->addInput(new Form_Select(
'protocol',
'Protocol',
$pconfig['protocol'],
array_combine($openvpn_prots, $openvpn_prots)
));
$section->addInput(new Form_Select(
'dev_mode',
'Device mode',
empty($pconfig['dev_mode']) ? 'tun':$pconfig['dev_mode'],
array_combine($openvpn_dev_mode, $openvpn_dev_mode)
));
$section->addInput(new Form_Select(
'interface',
'Interface',
$pconfig['interface'],
openvpn_build_if_list()
));
$section->addInput(new Form_Input(
'local_port',
'Local port',
'number',
$pconfig['local_port'],
['min' => '0']
))->setHelp('Set this option to bind to a specific port. Leave this blank or enter 0 for a random dynamic port.');
$section->addInput(new Form_Input(
'server_addr',
'Server host or address',
'text',
$pconfig['server_addr']
));
$section->addInput(new Form_Input(
'server_port',
'Server port',
'number',
$pconfig['server_port']
));
$section->addInput(new Form_Input(
'proxy_addr',
'Proxy host or address',
'text',
$pconfig['proxy_addr']
));
$section->addInput(new Form_Input(
'proxy_port',
'Proxy port',
number,
$pconfig['proxy_port']
));
$section->addInput(new Form_Select(
'proxy_authtype',
'Proxy Auth. - Extra options',
$pconfig['proxy_authtype'],
array('none' => gettext('none'), 'basic' => gettext('basic'), 'ntlm' => gettext('ntlm'))
));
$section->addInput(new Form_Input(
'proxy_user',
'Username',
'text',
$pconfig['proxy_user']
));
$section->addPassword(new Form_Input(
'proxy_passwd',
'Password',
'password',
$pconfig['proxy_passwd']
));
$section->addInput(new Form_Checkbox(
'resolve_retry',
'Server hostname resolution',
'Infinitely resolve server ',
$pconfig['resolve_retry']
))->setHelp('Continuously attempt to resolve the server host name. ' .
'Useful when communicating with a server that is not permanently connected to the Internet.');
$section->addInput(new Form_Input(
'description',
'Description',
'text',
$pconfig['description']
))->setHelp('A description may be entered here for administrative reference (not parsed).');
$form->add($section);
$section = new Form_Section('User Authentication Settings');
$section->addClass('authentication');
$section->addInput(new Form_Input(
'auth_user',
'Username',
'text',
$pconfig['auth_user']
))->setHelp('Leave empty when no user name is needed');
$section->addPassword(new Form_Input(
'auth_pass',
'Password',
'password',
$pconfig['auth_pass']
))->setHelp('Leave empty when no password is needed');
$form->add($section);
$section = new Form_Section('Cryptographic Settings');
$section->addInput(new Form_Checkbox(
'tlsauth_enable',
'TLS authentication',
'Enable authentication of TLS packets.',
$pconfig['tlsauth_enable']
));
if (!$pconfig['tls']) {
$section->addInput(new Form_Checkbox(
'autotls_enable',
null,
'Automatically generate a shared TLS authentication key.',
$pconfig['autotls_enable']
));
}
$section->addInput(new Form_Textarea(
'tls',
'Key',
$pconfig['tls']
))->setHelp('Paste the shared key here');
if (count($a_ca)) {
$list = array();
foreach ($a_ca as $ca) {
$list[$ca['refid']] = $ca['descr'];
}
$section->addInput(new Form_Select(
'caref',
'Peer Certificate Authority',
$pconfig['caref'],
$list
));
} else {
$section->addInput(new Form_StaticText(
'Peer Certificate Authority',
sprintf('No Certificate Authorities defined. One may be created here: %s', 'System > Cert. Manager')
));
}
if (count($a_crl)) {
$section->addInput(new Form_Select(
'crlref',
'Peer Certificate Revocation list',
$pconfig['crlref'],
openvpn_build_crl_list()
));
} else {
$section->addInput(new Form_StaticText(
'Peer Certificate Revocation list',
sprintf('No Certificate Revocation Lists defined. One may be created here: %s', 'System > Cert. Manager > Certificate Revocation')
));
}
$section->addInput(new Form_Checkbox(
'autokey_enable',
'Auto generate',
'Automatically generate a shared key',
$pconfig['autokey_enable'] && empty($pconfig['shared_key'])
));
$section->addInput(new Form_Textarea(
'shared_key',
'Shared Key',
$pconfig['shared_key']
))->setHelp('Paste the shared key here');
$cl = openvpn_build_cert_list(true);
$section->addInput(new Form_Select(
'certref',
'Client Certificate',
$pconfig['certref'],
$cl['server']
));
$section->addInput(new Form_Select(
'crypto',
'Encryption Algorithm',
$pconfig['crypto'],
openvpn_get_cipherlist()
));
$section->addInput(new Form_Select(
'digest',
'Auth digest algorithm',
$pconfig['digest'],
openvpn_get_digestlist()
))->setHelp('Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN. ');
$section->addInput(new Form_Select(
'engine',
'Hardware Crypto',
$pconfig['engine'],
openvpn_get_engines()
));
$form->add($section);
$section = new Form_Section('Tunnel Settings');
$section->addInput(new Form_Input(
'tunnel_network',
'IPv4 Tunnel Network',
'text',
$pconfig['tunnel_network']
))->setHelp('This is the IPv4 virtual network used for private communications between this client and the server ' .
'expressed using CIDR (e.g. 10.0.8.0/24). The second network address will be assigned to ' .
'the client virtual interface.');
$section->addInput(new Form_Input(
'tunnel_networkv6',
'IPv6 Tunnel Network',
'text',
$pconfig['tunnel_networkv6']
))->setHelp('This is the IPv6 virtual network used for private ' .
'communications between this client and the server expressed using CIDR (e.g. fe80::/64). ' .
'The second network address will be assigned to the client virtual interface.');
$section->addInput(new Form_Input(
'remote_network',
'IPv4 Remote network(s)',
'text',
$pconfig['remote_network']
))->setHelp('IPv4 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' .
'changing the routing tables. Expressed as a comma-separated list of one or more CIDR ranges. ' .
'If this is a site-to-site VPN, enter the remote LAN/s here. May be left blank for non site-to-site VPN.');
$section->addInput(new Form_Input(
'remote_networkv6',
'IPv6 Remote network(s)',
'text',
$pconfig['remote_networkv6']
))->setHelp('These are the IPv6 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' .
'changing the routing tables. Expressed as a comma-separated list of one or more IP/PREFIX. ' .
'If this is a site-to-site VPN, enter the remote LAN/s here. May be left blank for non site-to-site VPN.');
$section->addInput(new Form_Input(
'use_shaper',
'Limit outgoing bandwidth',
'number',
$pconfig['use_shaper'],
['min' => 100, 'max' => 100000000, 'placeholder' => 'Between 100 and 100,000,000 bytes/sec']
))->setHelp('Maximum outgoing bandwidth for this tunnel. Leave empty for no limit. The input value has to be something between 100 bytes/sec and 100 Mbytes/sec (entered as bytes per second).');
$section->addInput(new Form_Select(
'compression',
'Compression',
$pconfig['compression'],
$openvpn_compression_modes
))->setHelp('Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently.');
$section->addInput(new Form_Select(
'topology',
'Topology',
$pconfig['topology'],
$openvpn_topologies
))->setHelp('Specifies the method used to configure a virtual adapter IP address.');
$section->addInput(new Form_Checkbox(
'passtos',
'Type-of-Service',
'Set the TOS IP header value of tunnel packets to match the encapsulated packet value.',
$pconfig['passtos']
));
$section->addInput(new Form_Checkbox(
'no_tun_ipv6',
'Disable IPv6',
'Don\'t forward IPv6 traffic. ',
$pconfig['no_tun_ipv6']
));
$section->addInput(new Form_Checkbox(
'route_no_pull',
'Don\'t pull routes',
'Bars the server from adding routes to the client\'s routing table',
$pconfig['route_no_pull']
))->setHelp('This option still allows the server to set the TCP/IP properties of the client\'s TUN/TAP interface. ');
$section->addInput(new Form_Checkbox(
'route_no_exec',
'Don\'t add/remove routes',
'Don\'t add or remove routes automatically',
$pconfig['route_no_exec']
))->setHelp('Pass routes to --route-upscript using environmental variables.');
$form->add($section);
$section = new Form_Section('Advanced Configuration');
$section->addClass('advanced');
$section->addInput(new Form_Textarea(
'custom_options',
'Custom options',
$pconfig['custom_options']
))->setHelp('Enter any additional options to add to the OpenVPN client configuration here, separated by semicolon.');
$section->addInput(new Form_Select(
'verbosity_level',
'Verbosity level',
$pconfig['verbosity_level'],
$openvpn_verbosity_level
))->setHelp('Each level shows all info from the previous levels. Level 3 is recommended for a good summary of what\'s happening without being swamped by output.' . '
' .
'None: Only fatal errors' . '
' .
'Default through 4: Normal usage range' . '
' .
'5: Output R and W characters to the console for each packet read and write. Uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets.' .'
' .
'6-11: Debug info range');
$section->addInput(new Form_Input(
'act',
null,
'hidden',
$act
));
if (isset($id) && $a_client[$id]) {
$section->addInput(new Form_Input(
'id',
null,
'hidden',
$id
));
}
$form->add($section);
print($form);
else:
?>