addInput(new Form_Checkbox(
'disable',
'Disabled',
'Disable this client',
$pconfig['disable']
))->setHelp('Set this option to disable this client without removing it from the list');
$section->addInput(new Form_Select(
'mode',
'Server mode',
$pconfig['mode'],
$openvpn_client_modes
));
$section->addInput(new Form_Select(
'protocol',
'Protocol',
$pconfig['protocol'],
array_combine($openvpn_prots, $openvpn_prots)
));
$section->addInput(new Form_Select(
'dev_mode',
'Device mode',
empty($pconfig['dev_mode']) ? 'tun':$pconfig['dev_mode'],
array_combine($openvpn_dev_mode, $openvpn_dev_mode)
));
$section->addInput(new Form_Select(
'interface',
'Interface',
$pconfig['interface'],
openvpn_build_if_list()
));
$section->addInput(new Form_Input(
'local_port',
'Local port',
'number',
$pconfig['local_port']
))->setHelp('Set this option if you would like to bind to a specific port. Leave this blank or enter 0 for a random dynamic port.');
$section->addInput(new Form_Input(
'server_addr',
'Server host or address',
'text',
$pconfig['server_addr']
));
$section->addInput(new Form_Input(
'server_port',
'Server port',
'number',
$pconfig['server_port']
));
$section->addInput(new Form_Input(
'proxy_addr',
'Proxy host or address',
'text',
$pconfig['proxy_addr']
));
$section->addInput(new Form_Select(
'proxy_authtype',
'Proxy Auth. - Extra options',
$pconfig['proxy_authtype'],
array('none' => gettext('none'), 'basic' => gettext('basic'), 'ntlm' => gettext('ntlm'))
));
$section->addInput(new Form_Input(
'proxy_user',
'Username',
'text',
$pconfig['proxy_user']
));
$section->addPassword(new Form_Input(
'proxy_passwd',
'Password',
'password',
$pconfig['proxy_passwd']
));
$section->addInput(new Form_Checkbox(
'resolve_retry',
'Server hostname resolution',
'Infinitely resolve server ',
$pconfig['resolve_retry']
))->setHelp('Continuously attempt to resolve the server host name. ' .
'Useful when communicating with a server that is not permanently connected to the Internet.');
$section->addInput(new Form_Input(
'description',
'Description',
'text',
$pconfig['description']
))->setHelp('You may enter a description here for your reference (not parsed).');
$form->add($section);
$section = new Form_Section('User Authentication Settings');
$section->addClass('authentication');
$section->addInput(new Form_Input(
'auth_user',
'Username',
'text',
$pconfig['auth_user']
))->setHelp('Leave empty when no user name is needed');
$section->addPassword(new Form_Input(
'auth_pass',
'Password',
'password',
$pconfig['auth_pass']
))->setHelp('Leave empty when no password is needed');
$form->add($section);
$section = new Form_Section('Cryptographic Settings');
$section->addInput(new Form_Checkbox(
'tlsauth_enable',
'TLS authentication',
'Enable authentication of TLS packets.',
$pconfig['tlsauth_enable']
));
if (!$pconfig['tls']) {
$section->addInput(new Form_Checkbox(
'autotls_enable',
null,
'Automatically generate a shared TLS authentication key.',
$pconfig['autotls_enable']
));
}
$section->addInput(new Form_Textarea(
'tls',
'Key',
$pconfig['tls']
))->setHelp('Paste your shared key here');
if (count($a_ca)) {
$list = array();
foreach ($a_ca as $ca) {
$list[$ca['refid']] = $ca['descr'];
}
$section->addInput(new Form_Select(
'caref',
'Peer Certificate Authority',
$pconfig['caref'],
$list
));
} else {
$section->addInput(new Form_StaticText(
'Peer Certificate Authority',
sprintf('No Certificate Authorities defined. You may create one here: %s', 'System > Cert Manager')
));
}
if (count($a_crl)) {
$section->addInput(new Form_Select(
'crlref',
'Peer Certificate Revocation list',
$pconfig['crlref'],
openvpn_build_crl_list()
));
} else {
$section->addInput(new Form_StaticText(
'Peer Certificate Revocation list',
sprintf('No Certificate Revocation Lists defined. You may create one here: %s', 'System > Cert Manager > Certificate Revocation')
));
}
$section->addInput(new Form_Checkbox(
'autokey_enable',
'Auto generate',
'Automatically generate a shared key',
$pconfig['autokey_enable'] && empty($pconfig['shared_key'])
));
$section->addInput(new Form_Textarea(
'shared_key',
'Shared Key',
$pconfig['shared_key']
))->setHelp('Paste your shared key here');
$cl = openvpn_build_cert_list(true);
$section->addInput(new Form_Select(
'certref',
'Client Certificate',
$pconfig['certref'],
$cl['server']
));
$section->addInput(new Form_Select(
'crypto',
'Encryption Algorithm',
$pconfig['crypto'],
openvpn_get_cipherlist()
));
$section->addInput(new Form_Select(
'digest',
'Auth digest algorithm',
$pconfig['digest'],
openvpn_get_digestlist()
))->setHelp('Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN. ');
$section->addInput(new Form_Select(
'engine',
'Hardware Crypto',
$pconfig['engine'],
openvpn_get_engines()
));
$form->add($section);
$section = new Form_Section('Tunnel Settings');
$section->addInput(new Form_Input(
'tunnel_network',
'IPv4 Tunnel Network',
'text',
$pconfig['tunnel_network']
))->setHelp('This is the IPv4 virtual network used for private communications between this client and the server ' .
'expressed using CIDR (eg. 10.0.8.0/24). The first network address will be assigned to ' .
'the client virtual interface.');
$section->addInput(new Form_Input(
'tunnel_networkv6',
'IPv6 Tunnel Network',
'text',
$pconfig['tunnel_networkv6']
))->setHelp('This is the IPv6 virtual network used for private ' .
'communications between this client and the server expressed using CIDR (eg. fe80::/64). ' .
'The first network address will be assigned to the server virtual interface.');
$section->addInput(new Form_Input(
'remote_network',
'IPv4 Remote network(s)',
'text',
$pconfig['remote_network']
))->setHelp('IPv4 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' .
'changing the routing tables. Expressed as a comma-separated list of one or more CIDR ranges. ' .
'If this is a site-to-site VPN, enter the remote LAN/s here. You may leave this blank if you don\'t want a site-to-site VPN.');
$section->addInput(new Form_Input(
'remote_networkv6',
'IPv6 Remote network(s)',
'text',
$pconfig['remote_networkv6']
))->setHelp('These are the IPv6 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' .
'changing the routing tables. Expressed as a comma-separated list of one or more IP/PREFIX. ' .
'If this is a site-to-site VPN, enter the remote LAN/s here. You may leave this blank if you don\'t want a site-to-site VPN.');
$section->addInput(new Form_Input(
'use_shaper',
'Limit outgoing bandwidth',
'number',
$pconfig['use_shaper'],
['min' => 100, 'max' => 100000000, 'placeholder' => 'Between 100 and 100,000,000 bytes/sec']
))->setHelp('Maximum outgoing bandwidth for this tunnel. Leave empty for no limit. The input value has to be something between 100 bytes/sec and 100 Mbytes/sec (entered as bytes per second).');
$section->addInput(new Form_Select(
'compression',
'Compression',
$pconfig['compression'],
$openvpn_compression_modes
))->setHelp('Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently.');
$section->addInput(new Form_Select(
'topology',
'Topology',
$pconfig['topology'],
$openvpn_topologies
))->setHelp('Specifies the method used to configure a virtual adapter IP address.');
$section->addInput(new Form_Checkbox(
'passtos',
'Type-of-Service',
'Set the TOS IP header value of tunnel packets to match the encapsulated packet value.',
$pconfig['passtos']
));
$section->addInput(new Form_Checkbox(
'no_tun_ipv6',
'Disable IPv6',
'Don\'t forward IPv6 traffic. ',
$pconfig['no_tun_ipv6']
));
$section->addInput(new Form_Checkbox(
'route_no_pull',
'Don\'t pull routes',
'Bars the server from adding routes to the client\'s routing table',
$pconfig['route_no_pull']
))->setHelp('This option still allows the server to set the TCP/IP properties of the client\'s TUN/TAP interface. ');
$section->addInput(new Form_Checkbox(
'route_no_exec',
'Don\'t add/remove routes',
'Don\'t add or remove routes automatically',
$pconfig['route_no_exec']
))->setHelp('Pass routes to --route-upscript using environmental variables');
$form->add($section);
$section = new Form_Section('Advanced Configuration');
$section->addClass('advanced');
$section->addInput(new Form_Textarea(
'custom_options',
'Custom options',
$pconfig['custom_options']
))->setHelp('Enter any additional options you would like to add to the OpenVPN server configuration here, separated by semicolon' . '
' .
'EXAMPLE: push "route 10.0.0.0 255.255.255.0"');
$section->addInput(new Form_Select(
'verbosity_level',
'Verbosity level',
$pconfig['verbosity_level'],
$openvpn_verbosity_level
))->setHelp('Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what\'s happening without being swamped by output' . '
' .
'None: Only fatal errors' . '
' .
'Default: Normal usage range' . '
' .
'5: Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets' .'
' .
'6: Debug info range');
$section->addInput(new Form_Input(
'act',
null,
'hidden',
$act
));
if (isset($id) && $a_server[$id]) {
$section->addInput(new Form_Input(
'id',
null,
'hidden',
$id
));
}
$form->add($section);
print($form);
else:
?>