"; } if($_GET['act']=="new"){ $pconfig['autokey_enable'] = "yes"; $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; $pconfig['interface'] = "wan"; $pconfig['server_port'] = 1194; } if($_GET['act']=="edit"){ if (isset($id) && $a_client[$id]) { $pconfig['disable'] = $a_client[$id]['disable']; $pconfig['mode'] = $a_client[$id]['mode']; $pconfig['protocol'] = $a_client[$id]['protocol']; $pconfig['interface'] = $a_client[$id]['interface']; $pconfig['local_port'] = $a_client[$id]['local_port']; $pconfig['server_addr'] = $a_client[$id]['server_addr']; $pconfig['server_port'] = $a_client[$id]['server_port']; $pconfig['resolve_retry'] = $a_client[$id]['resolve_retry']; $pconfig['proxy_addr'] = $a_client[$id]['proxy_addr']; $pconfig['proxy_port'] = $a_client[$id]['proxy_port']; $pconfig['description'] = $a_client[$id]['description']; if ($pconfig['mode'] != "p2p_shared_key") { $pconfig['caref'] = $a_client[$id]['caref']; $pconfig['certref'] = $a_client[$id]['certref']; if ($a_client[$id]['tls']) { $pconfig['tlsauth_enable'] = "yes"; $pconfig['tls'] = base64_decode($a_client[$id]['tls']); } } else $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']); $pconfig['crypto'] = $a_client[$id]['crypto']; $pconfig['tunnel_network'] = $a_client[$id]['tunnel_network']; $pconfig['remote_network'] = $a_client[$id]['remote_network']; $pconfig['compression'] = $a_client[$id]['compression']; $pconfig['passtos'] = $a_client[$id]['passtos']; // just in case the modes switch $pconfig['autokey_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; } } if ($_POST) { unset($input_errors); $pconfig = $_POST; if (isset($id) && $a_client[$id]) $vpnid = $a_client[$id]['vpnid']; else $vpnid = 0; if ($client['mode'] != "p2p_shared_key") $tls_mode = true; else $tls_mode = false; /* input validation */ if ($pconfig['local_port']) { if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) $input_errors[] = $result; if (openvpn_port_used($pconfig['protocol'], $pconfig['local_port']) != $vpnid) $input_errors[] = "The specified 'Local port' is in use. Please select another value"; } if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address')) $input_errors[] = $result; if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port')) $input_errors[] = $result; if ($pconfig['proxy_addr']) { if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address')) $input_errors[] = $result; if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port')) $input_errors[] = $result; } if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network')) $input_errors[] = $result; if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network')) $input_errors[] = $result; if (!$tls_mode && !$pconfig['autokey_enable']) if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") || !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) $input_errors[] = "The field 'Shared Key' does not appear to be valid"; if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") || !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) $input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid"; if (!$tls_mode) { $reqdfields = array('shared_key'); $reqdfieldsn = array('Shared key'); } else { $reqdfields = explode(" ", "caref certref"); $reqdfieldsn = explode(",", "Certificate Authority,Certificate");; } $reqdfields[] = 'tunnel_network'; $reqdfieldsn[] = 'Tunnel network'; do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if (!$input_errors) { $client = array(); if ($vpnid) $client['vpnid'] = $vpnid; else $client['vpnid'] = openvpn_vpnid_next(); $client['disable'] = $pconfig['disable']; $client['protocol'] = $pconfig['protocol']; $client['interface'] = $pconfig['interface']; $client['local_port'] = $pconfig['local_port']; $client['server_addr'] = $pconfig['server_addr']; $client['server_port'] = $pconfig['server_port']; $client['resolve_retry'] = $pconfig['resolve_retry']; $client['proxy_addr'] = $pconfig['proxy_addr']; $client['proxy_port'] = $pconfig['proxy_port']; $client['description'] = $pconfig['description']; if ($tls_mode) { $client['caref'] = $pconfig['caref']; $client['certref'] = $pconfig['certref']; if ($pconfig['tlsauth_enable']) { if ($pconfig['autotls_enable']) $pconfig['tls'] = openvpn_create_key(); $client['tls'] = base64_encode($pconfig['tls']); } } else { if ($pconfig['autokey_enable']) $pconfig['shared_key'] = openvpn_create_key(); $client['shared_key'] = base64_encode($pconfig['shared_key']); } $client['crypto'] = $pconfig['crypto']; $client['tunnel_network'] = $pconfig['tunnel_network']; $client['remote_network'] = $pconfig['remote_network']; $client['compression'] = $pconfig['compression']; if (isset($id) && $a_client[$id]) $a_client[$id] = $client; else $a_client[] = $client; openvpn_resync('client', $client); write_config(); header("Location: vpn_openvpn_client.php"); exit; } } include("head.inc"); ?> ">

General information Disabled />   Disable this client Set this option to disable this client without removing it from the list. $desc): $selected = ""; if ($pconfig['mode'] == $name) $selected = "selected"; ?> > > Interface $ifacename): $selected = ""; if ($iface == $pconfig['interface']) $selected = "selected"; ?> > Set this option if you would like to bind to a specific port. Server host name resolution > Infinitely resolve server Continuously attempt to resolve the server host name. Useful when communicating with a server that is not permanently connected to the internet. Description You may enter a description here for your reference (not parsed). Cryptographic Settings TLS Authentication onClick="tlsauth_change()"> Enable authentication of TLS packets. onClick="autotls_change()"> Automatically generate a shared TLS authentication key. <?=htmlspecialchars($pconfig['tls']);?> Paste your shared key here. Peer Certificate Authority > Client Certificate > Shared Key onClick="autokey_change()"> Automatically generate a shared key. <?=htmlspecialchars($pconfig['shared_key']);?> Paste your shared key here. Encryption algorithm $desc): $selected = ''; if ($name == $pconfig['crypto']) $selected = ' selected'; ?> > Tunnel Settings Tunnel Network This is the virtual network used for private communications between this client and the server expressed using CIDR (eg. 10.0.8.0/24). The first network address is assumed to be the server address and the second network address will be assigned to the client virtual interface. Remote Network This is a network that will be routed through the tunnel, so that a site-to-site VPN can be established without manually changing the routing tables. Expressed as a CIDR range. If this is a site-to-site VPN, enter here the remote LAN here. You may leave this blank to only communicate with other clients. Maximum outgoing bandwidth for this tunnel. Leave empty for no limit. The input value has to be something between 100 bytes/sec and 100 Mbytes/sec (entered as bytes per second). Compression > Compress tunnel packets using the LZO algorithm. Type-of-Service > Set the TOS IP header value of tunnel packets to match the encapsulated packet value.   Disabled Protocol Server Description