/* $Id$ */ /* part of pfSense (http://www.pfsense.org/) Copyright (C) 2010 Ermal Lui All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 12 1 OpenVPN Remote Access Server Setup Wizard select Type of Server authtype Choose authentication backend type. ovpnserver->step1->type Local User Access local LDAP ldap Radius radius Next submit step1_submitphpaction(); /usr/local/www/wizards/openvpn_wizard.inc 2 OpenVPN Remote Access Server Setup Wizard on listtopic Authentication Servers list authserv Authentication servers select ovpnserver->step2->authserv dummy dummy submit Add new LDAP server submit Next step2_stepbeforeformdisplay(); step2_submitphpaction(); enablechange(); /usr/local/www/wizards/openvpn_wizard.inc 3 OpenVPN Remote Access Server Setup Wizard on listtopic LDAP authentication server parameters name Name input ovpnserver->step2->authtype ip Hostname or IP address input ovpnserver->step2->ip port Port input 8 ovpnserver->step2->port transport Transport select ovpnserver->step2->transport TCP - Standard tcp SSL - Encrypted ssl scope Search Scope input 30 ovpnserver->step2->scope authscope Authentication Containers input 40 ovpnserver->step2->authscope userdn User DN input 20 If you leave it blank an anonymous bind will be done. ovpnserver->step2->userdn passdn Password password 20 ovpnserver->step2->passdn nameattr User naming attribute input ovpnserver->step2->nameattr memberattr Member naming attribute input ovpnserver->step2->memberattr groupattr Group naming attribute input ovpnserver->step2->groupattr submit Add new Server step3_submitphpaction(); enablechange(); /usr/local/www/wizards/openvpn_wizard.inc 4 OpenVPN Remote Access Server Setup Wizard on listtopic Authentication Servers list authserv Authentication servers select ovpnserver->step2->authserv dummy dummy submit Add new RADIUS server submit Next step4_stepbeforeformdisplay(); step4_submitphpaction(); enablechange(); /usr/local/www/wizards/openvpn_wizard.inc 5 OpenVPN Remote Access Server Setup Wizard on listtopic Add a new authentication server name Name input ovpnserver->step2->authtype ip Hostname or IP address input ovpnserver->step2->ip port Authentication Port input 8 ovpnserver->step2->port secret Shared Secret password 20 ovpnserver->step2->password Add new Server submit step5_submitphpaction(); /usr/local/www/wizards/openvpn_wizard.inc 6 OpenVPN Remote Access Server Setup Wizard on Choose Certificate Authority listtopic certca_selection certca Certificate Authority ovpnserver->step6->authcertca submit Add new CA Next submit step6_stepbeforeformdisplay(); step6_submitphpaction(); /usr/local/www/wizards/openvpn_wizard.inc 7 OpenVPN Remote Access Server Setup Wizard on Create a new CA certificate listtopic name Descriptive name This is the same as common-name for Certificates input ovpnserver->step6->certca keylength Key length select 2048 ovpnserver->step6->keylength 512 512 1024 1024 2048 2048 4096 4096 lifetime Lifetime input 10 3650 Lifetime in days ovpnserver->step6->lifetime country Country Code input 5 ovpnserver->step6->country state State or Province input 30 ovpnserver->step6->state city City input 30 ovpnserver->step6->city organization Organization input 30 ovpnserver->step6->organization email E-mail input 30 ovpnserver->step6->email Add new CA submit step7_submitphpaction(); /usr/local/www/wizards/openvpn_wizard.inc enablechange(); 8 OpenVPN Remote Access Server Setup Wizard on Choose Certificate listtopic cert_selection certname Certificate ovpnserver->step9->authcertname submit Add new Certificate Next submit step8_stepbeforeformdisplay(); step8_submitphpaction(); /usr/local/www/wizards/openvpn_wizard.inc 9 OpenVPN Remote Access Server Setup Wizard on Create a new certificate listtopic name Descriptive name input ovpnserver->step9->certname keylength Key length select 2048 ovpnserver->step9->keylength 512 512 1024 1024 2048 2048 4096 4096 lifetime Lifetime input 10 3650 Lifetime in days ovpnserver->step9->lifetime country Country Code input 5 ovpnserver->step9->country state State or Province input 30 ovpnserver->step9->state city City input 30 ovpnserver->step9->city organization Organization input 30 ovpnserver->step9->organization email E-mail input 30 ovpnserver->step9->email Create new Certificate submit step9_submitphpaction(); /usr/local/www/wizards/openvpn_wizard.inc 10 OpenVPN Remote Access Server Setup Wizard on listtopic General Information interface interfaces_selection Interface ovpnserver->step10->interface Protocol select ovpnserver->step10->protocol UDP udp TCP tcp localport Local port input 10 ovpnserver->step10->localport description Description input 30 ovpnserver->step10->descr listtopic Cryptographic Settings TLS Authentication checkbox on Enable authentication of TLS packets. ovpnserver->step10->tlsauth Automatically generate a TLS key generatetlskey tlssharedkey on checkbox Automatically generate a shared TLS authentication key. ovpnserver->step10->gentlskey tlssharedkey textarea 30 5 ovpnserver->step10->tlskey DH Parameters Length dhparameters select ovpnserver->step10->dhkey 1024 1024 2048 2048 4096 4096 crypto select Encryption algorithm ovpnserver->step10->crypto dummy dummy listtopic Tunnel Settings Tunnel network tunnelnet input 20 ovpnserver->step10->tunnelnet Redirect Gateway redirectgw checkbox Force all client generated traffic through the tunnel. ovpnserver->step10->rdrgw Remote network remotenet input 20 ovpnserver->step10->remotenet Local network localnet input 20 ovpnserver->step10->localnet Concurrent Connections concurrentcon Specify the maximum number of clients allowed to concurrently connect to this server. input 10 ovpnserver->step10->concurrentcon Compression compression checkbox Compress tunnel packets using the LZO algorithm. ovpnserver->step10->compression Type-of-Service tos checkbox Set the TOS IP header value of tunnel packets to match the encapsulated packet value. ovpnserver->step10->tos Inter-client communication interclient checkbox Allow communication between clients connected to this server. ovpnserver->step10->interclient listtopic Client Settings Address Pool addrpool checkbox Provide a virtual adapter IP address to clients (see Tunnel Network). ovpnserver->step10->addrpool DNS Default Domain defaultdomain input Provide a default domain name to clients. ovpnserver->step10->defaultdomain DNS Server 1 dnsserver1 input ovpnserver->step10->dns1 DNS Server 2 dnserver2 input ovpnserver->step10->dns2 DNS Server 3 dnserver3 input ovpnserver->step10->dns3 DNS Server 4 dnserver4 input ovpnserver->step10->dns4 NTP Server ntpserver1 input ovpnserver->step10->ntp1 NTP Server 2 ntpserver2 input ovpnserver->step10->ntp2 nbtenable checkbox Enable NetBios option NetBios Node Type nbttype select ovpnserver->step10->nbttype dummy dummy NetBios Scope nbtscope input ovpnserver->step10->nbtscope WINS Server 1 winsserver1 input ovpnserver->step10->wins1 WINS Server 2 winsserver2 input ovpnserver->step10->wins2 Advanced textarea 30 5 Enter any additional options you would like to add to the OpenVPN server configuration here, separated by a semicolon. EXAMPLE: push "route 10.0.0.0 255.255.255.0" ovpnserver->step10->advanced Next submit step10_stepbeforeformdisplay(); step10_submitphpaction(); /usr/local/www/wizards/openvpn_wizard.inc 11 OpenVPN Remote Access Server Setup Wizard on listtopic Traffic from clients to server ovpnrule Firewall Rule Automatically add rule to permit checkbox ovpnserver->step11->ovpnrule listtopic Traffic from clients through VPN ovpnallow OpenVPN rule Add a rule to allow all traffic from connected clients checkbox ovpnserver->step11->ovpnallow Next submit 12 OpenVPN Remote Access Server Setup Wizard on text Configuration Complete submit Finish step12_submitphpaction(); /usr/local/www/wizards/openvpn_wizard.inc