"; } if($_GET['act']=="new"){ $pconfig['autokey_enable'] = "yes"; $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; $pconfig['dh_length'] = 1024; $pconfig['interface'] = "wan"; $pconfig['local_port'] = openvpn_port_next('UDP'); $pconfig['pool_enable'] = "yes"; } if($_GET['act']=="edit"){ if (isset($id) && $a_server[$id]) { $pconfig['disable'] = $a_server[$id]['disable']; $pconfig['mode'] = $a_server[$id]['mode']; $pconfig['protocol'] = $a_server[$id]['protocol']; $pconfig['interface'] = $a_server[$id]['interface']; $pconfig['local_port'] = $a_server[$id]['local_port']; $pconfig['description'] = $a_server[$id]['description']; if ($pconfig['mode'] != "p2p_shared_key") { if ($a_server[$id]['tls']) { $pconfig['tlsauth_enable'] = "yes"; $pconfig['tls'] = base64_decode($a_server[$id]['tls']); } $pconfig['caref'] = $a_server[$id]['caref']; $pconfig['certref'] = $a_server[$id]['certref']; $pconfig['dh_length'] = $a_server[$id]['dh_length']; } else $pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']); $pconfig['crypto'] = $a_server[$id]['crypto']; $pconfig['tunnel_network'] = $a_server[$id]['tunnel_network']; $pconfig['remote_network'] = $a_server[$id]['remote_network']; $pconfig['gwredir'] = $a_server[$id]['gwredir']; $pconfig['local_network'] = $a_server[$id]['local_network']; $pconfig['maxclients'] = $a_server[$id]['maxclients']; $pconfig['compression'] = $a_server[$id]['compression']; $pconfig['passtos'] = $a_server[$id]['passtos']; $pconfig['client2client'] = $a_server[$id]['client2client']; $pconfig['pool_enable'] = $a_server[$id]['pool_enable']; $pconfig['dns_domain'] = $a_server[$id]['dns_domain']; if ($pconfig['dns_domain']) $pconfig['dns_domain_enable'] = true; $pconfig['dns_server1'] = $a_server[$id]['dns_server1']; $pconfig['dns_server2'] = $a_server[$id]['dns_server2']; $pconfig['dns_server3'] = $a_server[$id]['dns_server3']; $pconfig['dns_server4'] = $a_server[$id]['dns_server4']; if ($pconfig['dns_server1'] || $pconfig['dns_server2'] || $pconfig['dns_server3'] || $pconfig['dns_server4']) $pconfig['dns_server_enable'] = true; $pconfig['ntp_server1'] = $a_server[$id]['ntp_server1']; $pconfig['ntp_server2'] = $a_server[$id]['ntp_server2']; if ($pconfig['ntp_server1'] || $pconfig['ntp_server2']) $pconfig['ntp_server_enable'] = true; $pconfig['netbios_enable'] = $a_server[$id]['netbios_enable']; $pconfig['netbios_ntype'] = $a_server[$id]['netbios_ntype']; $pconfig['netbios_scope'] = $a_server[$id]['netbios_scope']; $pconfig['wins_server1'] = $a_server[$id]['wins_server1']; $pconfig['wins_server2'] = $a_server[$id]['wins_server2']; if ($pconfig['wins_server1'] || $pconfig['wins_server2']) $pconfig['wins_server_enable'] = true; $pconfig['nbdd_server1'] = $a_server[$id]['nbdd_server1']; if ($pconfig['nbdd_server1']) $pconfig['nbdd_server_enable'] = true; // just in case the modes switch $pconfig['autokey_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; } } if ($_POST) { unset($input_errors); $pconfig = $_POST; if (isset($id) && $a_server[$id]) $vpnid = $a_server[$id]['vpnid']; else $vpnid = 0; if ($server['mode'] != "p2p_shared_key") $tls_mode = true; else $tls_mode = false; /* input validation */ if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) $input_errors[] = $result; if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network')) $input_errors[] = $result; if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network')) $input_errors[] = $result; if ($result = openvpn_validate_cidr($pconfig['local_network'], 'Local network')) $input_errors[] = $result; if (openvpn_port_used($pconfig['protocol'], $pconfig['local_port']) != $vpnid) $input_errors[] = "The specified 'Local port' is in use. Please select another value"; if (!$tls_mode && !$pconfig['autokey_enable']) if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") || !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) $input_errors[] = "The field 'Shared Key' does not appear to be valid"; if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") || !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) $input_errors[] = "The field 'TLS Authentication Key' does not appear to be valid"; if ($pconfig['dns_server_enable']) { if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) $input_errors[] = "The field 'DNS Server #1' must contain a valid IP address"; if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) $input_errors[] = "The field 'DNS Server #2' must contain a valid IP address"; if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) $input_errors[] = "The field 'DNS Server #3' must contain a valid IP address"; if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) $input_errors[] = "The field 'DNS Server #4' must contain a valid IP address"; } if ($pconfig['ntp_server_enable']) { if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) $input_errors[] = "The field 'NTP Server #1' must contain a valid IP address"; if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) $input_errors[] = "The field 'NTP Server #2' must contain a valid IP address"; if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) $input_errors[] = "The field 'NTP Server #3' must contain a valid IP address"; if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) $input_errors[] = "The field 'NTP Server #4' must contain a valid IP address"; } if ($pconfig['netbios_enable']) { if ($pconfig['wins_server_enable']) { if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) $input_errors[] = "The field 'WINS Server #1' must contain a valid IP address"; if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) $input_errors[] = "The field 'WINS Server #2' must contain a valid IP address"; } if ($pconfig['nbdd_server_enable']) if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) $input_errors[] = "The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address"; } if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients'])) $input_errors[] = "The field 'Concurrent connections' must be numeric."; if (!$tls_mode) { $reqdfields = array('shared_key'); $reqfieldsn = array('Shared key'); } else { $reqdfields = explode(" ", "caref certref"); $reqdfieldsn = explode(",", "Certificate Authority,Certificate");; } $reqdfields[] = 'tunnel_network'; $reqdfieldsn[] = 'Tunnel network'; do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if (!$input_errors) { $server = array(); if ($vpnid) $server['vpnid'] = $vpnid; else $server['vpnid'] = openvpn_vpnid_next(); $server['disable'] = $pconfig['disable']; $server['mode'] = $pconfig['mode']; $server['protocol'] = $pconfig['protocol']; $server['interface'] = $pconfig['interface']; $server['local_port'] = $pconfig['local_port']; $server['description'] = $pconfig['description']; if ($tls_mode) { if ($pconfig['tlsauth_enable']) { if ($pconfig['autotls_enable']) $pconfig['tls'] = openvpn_create_key(); $server['tls'] = base64_encode($pconfig['tls']); } $server['caref'] = $pconfig['caref']; $server['certref'] = $pconfig['certref']; $server['dh_length'] = $pconfig['dh_length']; } else { if ($pconfig['autokey_enable']) $pconfig['shared_key'] = openvpn_create_key(); $server['shared_key'] = base64_encode($pconfig['shared_key']); } $server['crypto'] = $pconfig['crypto']; $server['tunnel_network'] = $pconfig['tunnel_network']; $server['remote_network'] = $pconfig['remote_network']; $server['gwredir'] = $pconfig['gwredir']; $server['local_network'] = $pconfig['local_network']; $server['maxclients'] = $pconfig['maxclients']; $server['compression'] = $pconfig['compression']; $server['passtos'] = $pconfig['passtos']; $server['client2client'] = $pconfig['client2client']; $server['pool_enable'] = $pconfig['pool_enable']; if ($pconfig['dns_domain_enable']) $server['dns_domain'] = $pconfig['dns_domain']; if ($pconfig['dns_server_enable']) { $server['dns_server1'] = $pconfig['dns_server1']; $server['dns_server2'] = $pconfig['dns_server2']; $server['dns_server3'] = $pconfig['dns_server3']; $server['dns_server4'] = $pconfig['dns_server4']; } if ($pconfig['ntp_server_enable']) { $server['ntp_server1'] = $pconfig['ntp_server1']; $server['ntp_server2'] = $pconfig['ntp_server2']; } $server['netbios_enable'] = $pconfig['netbios_enable']; $server['netbios_ntype'] = $pconfig['netbios_ntype']; $server['netbios_scope'] = $pconfig['netbios_scope']; if ($pconfig['netbios_enable']) { if ($pconfig['wins_server_enable']) { $server['wins_server1'] = $pconfig['wins_server1']; $server['wins_server2'] = $pconfig['wins_server2']; } if ($pconfig['dns_server_enable']) $server['nbdd_server1'] = $pconfig['nbdd_server1']; } if (isset($id) && $a_server[$id]) $a_server[$id] = $server; else $a_server[] = $server; openvpn_resync('server', $server); write_config(); header("Location: vpn_openvpn_server.php"); exit; } } include("head.inc"); ?> ">
General information
Disabled
/>   Disable this server
Set this option to disable this server without removing it from the list.
Interface
Description
You may enter a description here for your reference (not parsed).
Cryptographic Settings
TLS Authentication
onClick="tlsauth_change()"> Enable authentication of TLS packets.
onClick="autotls_change()"> Automatically generate a shared TLS authentication key.

Paste your shared key here.
Peer Certificate Authority
Server Certificate
DH Parameters Length bits
Shared Key
onClick="autokey_change()"> Automatically generate a shared key.

Paste your shared key here.
Encryption algorithm
Tunnel Settings
Tunnel Network
This is the virtual network used for private communications between this server and client hosts expressed using CIDR (eg. 10.0.8.0/24). The first network address will be assigned to the server virtual interface. The remaining network addresses can optionally be assigned to connecting clients. (see Address Pool)
Redirect Gateway
onClick="gwredir_change()"/> Force all client generated traffic through the tunnel.
Local Network
This is the network that will be accessable from the remote endpoint. Expressed as a CIDR range. You may leave this blank if you don't want to add a route to the local network through this tunnel on the remote machine. This is generally set to your LAN network.
Remote Network
This is a network that will be routed through the tunnel, so that a site-to-site VPN can be established without manually changing the routing tables. Expressed as a CIDR range. If this is a site-to-site VPN, enter here the remote LAN here. You may leave this blank if you don't want a site-to-site VPN.

Specify the maximum number of clients allowed to concurrently connect to this server.
Compression
> Compress tunnel packets using the LZO algorithm.
Type-of-Service
> Set the TOS IP header value of tunnel packets to match the encapsulated packet value.
Inter-client communication
/> Allow communication between clients connected to this server
Client Settings
Address Pool
"> Provide a virtual adapter IP address to clients (see Tunnel Network)
DNS Default Domain
onClick="dns_domain_change()"> Provide a default domain name to clients
DNS Servers
onClick="dns_server_change()"> Provide a DNS server list to clients
Server #1: 
Server #2: 
Server #3: 
Server #4: 
NTP Servers
onClick="ntp_server_change()"> Provide a NTP server list to clients
Server #1: 
Server #2: 
NetBIOS Options
onClick="netbios_change()"> Enable NetBIOS over TCP/IP
If this option is not set, all Netbios-over-TCP/IP options (includeing WINS) will be disabled.

Node Type: 
Possible options: b-node (broadcasts), p-node (point-to-point name queries to a WINS server), m-node (broadcast then query name server), and h-node (query name server, then broadcast).

Scope ID: 
A NetBIOS Scope ID provides an extended naming service for NetBIOS over TCP/IP. The NetBIOS scope ID isolates NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID.
WINS Servers
onClick="wins_server_change()"> Provide a WINS server list to clients
Server #1: 
Server #2: 
 
Disabled Protocol Tunnel Network Description