"; } if ($_GET['act'] == "new") { $pconfig['autokey_enable'] = "yes"; $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; $pconfig['interface'] = "wan"; $pconfig['server_port'] = 1194; $pconfig['verbosity_level'] = 1; // Default verbosity is 1 // OpenVPN Defaults to SHA1 $pconfig['digest'] = "SHA1"; } global $simplefields; $simplefields = array('auth_user', 'auth_pass'); if ($_GET['act'] == "edit") { if (isset($id) && $a_client[$id]) { foreach ($simplefields as $stat) { $pconfig[$stat] = $a_client[$id][$stat]; } $pconfig['disable'] = isset($a_client[$id]['disable']); $pconfig['mode'] = $a_client[$id]['mode']; $pconfig['protocol'] = $a_client[$id]['protocol']; $pconfig['interface'] = $a_client[$id]['interface']; if (!empty($a_client[$id]['ipaddr'])) { $pconfig['interface'] = $pconfig['interface'] . '|' . $a_client[$id]['ipaddr']; } $pconfig['local_port'] = $a_client[$id]['local_port']; $pconfig['server_addr'] = $a_client[$id]['server_addr']; $pconfig['server_port'] = $a_client[$id]['server_port']; $pconfig['resolve_retry'] = $a_client[$id]['resolve_retry']; $pconfig['proxy_addr'] = $a_client[$id]['proxy_addr']; $pconfig['proxy_port'] = $a_client[$id]['proxy_port']; $pconfig['proxy_user'] = $a_client[$id]['proxy_user']; $pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd']; $pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype']; $pconfig['description'] = $a_client[$id]['description']; $pconfig['custom_options'] = $a_client[$id]['custom_options']; $pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type']; $pconfig['dev_mode'] = $a_client[$id]['dev_mode']; if ($pconfig['mode'] != "p2p_shared_key") { $pconfig['caref'] = $a_client[$id]['caref']; $pconfig['certref'] = $a_client[$id]['certref']; if ($a_client[$id]['tls']) { $pconfig['tlsauth_enable'] = "yes"; $pconfig['tls'] = base64_decode($a_client[$id]['tls']); } } else { $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']); } $pconfig['crypto'] = $a_client[$id]['crypto']; // OpenVPN Defaults to SHA1 if unset $pconfig['digest'] = !empty($a_client[$id]['digest']) ? $a_client[$id]['digest'] : "SHA1"; $pconfig['engine'] = $a_client[$id]['engine']; $pconfig['tunnel_network'] = $a_client[$id]['tunnel_network']; $pconfig['tunnel_networkv6'] = $a_client[$id]['tunnel_networkv6']; $pconfig['remote_network'] = $a_client[$id]['remote_network']; $pconfig['remote_networkv6'] = $a_client[$id]['remote_networkv6']; $pconfig['use_shaper'] = $a_client[$id]['use_shaper']; $pconfig['compression'] = $a_client[$id]['compression']; $pconfig['passtos'] = $a_client[$id]['passtos']; // just in case the modes switch $pconfig['autokey_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; $pconfig['no_tun_ipv6'] = $a_client[$id]['no_tun_ipv6']; $pconfig['route_no_pull'] = $a_client[$id]['route_no_pull']; $pconfig['route_no_exec'] = $a_client[$id]['route_no_exec']; if (isset($a_client[$id]['verbosity_level'])) { $pconfig['verbosity_level'] = $a_client[$id]['verbosity_level']; } else { $pconfig['verbosity_level'] = 1; // Default verbosity is 1 } } } if ($_POST) { unset($input_errors); $pconfig = $_POST; if (isset($id) && $a_client[$id]) { $vpnid = $a_client[$id]['vpnid']; } else { $vpnid = 0; } list($iv_iface, $iv_ip) = explode ("|", $pconfig['interface']); if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) { $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address."); } elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) { $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address."); } elseif ((stristr($pconfig['protocol'], "6") === false) && !get_interface_ip($iv_iface) && ($pconfig['interface'] != "any")) { $input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address."); } elseif ((stristr($pconfig['protocol'], "6") !== false) && !get_interface_ipv6($iv_iface) && ($pconfig['interface'] != "any")) { $input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address."); } if ($pconfig['mode'] != "p2p_shared_key") { $tls_mode = true; } else { $tls_mode = false; } /* input validation */ if ($pconfig['local_port']) { if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) { $input_errors[] = $result; } $portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid); if (($portused != $vpnid) && ($portused != 0)) { $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value"); } } if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address')) { $input_errors[] = $result; } if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port')) { $input_errors[] = $result; } if ($pconfig['proxy_addr']) { if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address')) { $input_errors[] = $result; } if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port')) { $input_errors[] = $result; } if ($pconfig['proxy_authtype'] != "none") { if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd'])) { $input_errors[] = gettext("User name and password are required for proxy with authentication."); } } } if ($pconfig['tunnel_network']) { if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) { $input_errors[] = $result; } } if ($pconfig['tunnel_networkv6']) { if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) { $input_errors[] = $result; } } if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) { $input_errors[] = $result; } if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) { $input_errors[] = $result; } if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) || ($pconfig['use_shaper'] <= 0))) { $input_errors[] = gettext("The bandwidth limit must be a positive numeric value."); } if ($pconfig['autokey_enable']) { $pconfig['shared_key'] = openvpn_create_key(); } if (!$tls_mode && !$pconfig['autokey_enable']) { if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") || !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) { $input_errors[] = gettext("The field 'Shared Key' does not appear to be valid"); } } if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) { if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") || !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) { $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid"); } } /* If we are not in shared key mode, then we need the CA/Cert. */ if ($pconfig['mode'] != "p2p_shared_key") { $reqdfields = explode(" ", "caref"); $reqdfieldsn = array(gettext("Certificate Authority")); } elseif (!$pconfig['autokey_enable']) { /* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */ $reqdfields = array('shared_key'); $reqdfieldsn = array(gettext('Shared key')); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (($pconfig['mode'] != "p2p_shared_key") && empty($pconfig['certref']) && empty($pconfig['auth_user']) && empty($pconfig['auth_pass'])) { $input_errors[] = gettext("If no Client Certificate is selected, a username and/or password must be entered."); } if (!$input_errors) { $client = array(); foreach ($simplefields as $stat) { update_if_changed($stat, $client[$stat], $_POST[$stat]); } if ($vpnid) { $client['vpnid'] = $vpnid; } else { $client['vpnid'] = openvpn_vpnid_next(); } if ($_POST['disable'] == "yes") { $client['disable'] = true; } $client['protocol'] = $pconfig['protocol']; $client['dev_mode'] = $pconfig['dev_mode']; list($client['interface'], $client['ipaddr']) = explode ("|", $pconfig['interface']); $client['local_port'] = $pconfig['local_port']; $client['server_addr'] = $pconfig['server_addr']; $client['server_port'] = $pconfig['server_port']; $client['resolve_retry'] = $pconfig['resolve_retry']; $client['proxy_addr'] = $pconfig['proxy_addr']; $client['proxy_port'] = $pconfig['proxy_port']; $client['proxy_authtype'] = $pconfig['proxy_authtype']; $client['proxy_user'] = $pconfig['proxy_user']; $client['proxy_passwd'] = $pconfig['proxy_passwd']; $client['description'] = $pconfig['description']; $client['mode'] = $pconfig['mode']; $client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']); if ($tls_mode) { $client['caref'] = $pconfig['caref']; $client['certref'] = $pconfig['certref']; if ($pconfig['tlsauth_enable']) { if ($pconfig['autotls_enable']) { $pconfig['tls'] = openvpn_create_key(); } $client['tls'] = base64_encode($pconfig['tls']); } } else { $client['shared_key'] = base64_encode($pconfig['shared_key']); } $client['crypto'] = $pconfig['crypto']; $client['digest'] = $pconfig['digest']; $client['engine'] = $pconfig['engine']; $client['tunnel_network'] = $pconfig['tunnel_network']; $client['tunnel_networkv6'] = $pconfig['tunnel_networkv6']; $client['remote_network'] = $pconfig['remote_network']; $client['remote_networkv6'] = $pconfig['remote_networkv6']; $client['use_shaper'] = $pconfig['use_shaper']; $client['compression'] = $pconfig['compression']; $client['passtos'] = $pconfig['passtos']; $client['no_tun_ipv6'] = $pconfig['no_tun_ipv6']; $client['route_no_pull'] = $pconfig['route_no_pull']; $client['route_no_exec'] = $pconfig['route_no_exec']; $client['verbosity_level'] = $pconfig['verbosity_level']; if (isset($id) && $a_client[$id]) { $a_client[$id] = $client; } else { $a_client[] = $client; } openvpn_resync('client', $client); write_config(); header("Location: vpn_openvpn_client.php"); exit; } } include("head.inc"); ?> ">

/>   . $desc): $selected = ""; if ($pconfig['mode'] == $name) { $selected = "selected=\"selected\""; } ?> > > > $carpip) { $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; } $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif) { $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; } $grouplist = return_gateway_groups_array(); foreach ($grouplist as $name => $group) { if ($group['ipprotocol'] != inet) { continue; } if ($group[0]['vip'] <> "") { $vipif = $group[0]['vip']; } else { $vipif = $group[0]['int']; } $interfaces[$name] = "GW Group {$name}"; } $interfaces['lo0'] = "Localhost"; $interfaces['any'] = "any"; foreach ($interfaces as $iface => $ifacename): $selected = ""; if ($iface == $pconfig['interface']) { $selected = "selected=\"selected\""; } ?> >   :  > > >   :    :  /> . .   :    :  onclick="tlsauth_change()" /> . onclick="autotls_change()" /> . <?=htmlspecialchars($pconfig['tls']);?> . > No Certificate Authorities defined. Create one under System > Cert Manager. > >None (Username and/or Password required) No Certificates defined. Create one under System > Cert Manager if one is required for this connection. onclick="autokey_change()" /> . <?=htmlspecialchars($pconfig['shared_key']);?> . $desc): $selected = ""; if ($name == $pconfig['crypto']) { $selected = " selected=\"selected\""; } ?> > $desc): $selected = ""; if ($name == $pconfig['digest']) { $selected = " selected=\"selected\""; } ?> > $desc): $selected = ""; if ($name == $pconfig['engine']) { $selected = " selected=\"selected\""; } ?> > . . . . . $cmodedesc): $selected = ""; if ($cmode == $pconfig['compression']) { $selected = " selected=\"selected\""; } ?> > . /> . /> . /> . /> --route-up . <?=htmlspecialchars($pconfig['custom_options']);?> remote server.example.com 1194; or remote 1.2.3.4 1194; $verb_desc): $selected = ""; if ($pconfig['verbosity_level'] == $verb_value) { $selected = "selected=\"selected\""; } ?> > . none -- . default-4 -- . 5 -- . 6-11 -- .   " /> " width="17" height="17" border="0" alt="add" /> " width="17" height="17" border="0" alt="edit" />   ')"> " width="17" height="17" border="0" alt="delete" />