1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
|
<packagegui>
<name>openvpnserver</name>
<title>OpenVPN: Server</title>
<include_file>openvpn.inc</include_file>
<delete_string>An OpenVPN server has been deleted.</delete_string>
<addedit_string>An OpenVPN server has been created/modified.</addedit_string>
<tabs>
<tab>
<text>Server</text>
<url>/pkg.php?xml=openvpn.xml</url>
<active/>
</tab>
<tab>
<text>Client</text>
<url>/pkg.php?xml=openvpn_cli.xml</url>
</tab>
<tab>
<text>Client-specific overrides</text>
<url>/pkg.php?xml=openvpn_csc.xml</url>
</tab>
<tab>
<text>Certificate Authority</text>
<url>/vpn_openvpn_certs.php</url>
</tab>
<tab>
<text>Users</text>
<url>/vpn_openvpn_users.php</url>
</tab>
</tabs>
<adddeleteeditpagefields>
<columnitem>
<fieldname>disable</fieldname>
<fielddescr>Disabled</fielddescr>
<type>checkbox</type>
</columnitem>
<columnitem>
<fieldname>protocol</fieldname>
<fielddescr>Protocol</fielddescr>
</columnitem>
<columnitem>
<fieldname>addresspool</fieldname>
<fielddescr>Address pool</fielddescr>
</columnitem>
<columnitem>
<fieldname>description</fieldname>
<fielddescr>Description</fielddescr>
</columnitem>
</adddeleteeditpagefields>
<fields>
<field>
<fieldname>disable</fieldname>
<fielddescr>Disable this tunnel</fielddescr>
<description>This allows you to disable this tunnel without removing it from the list.</description>
<required/>
<type>checkbox</type>
</field>
<field>
<fieldname>protocol</fieldname>
<fielddescr>Protocol</fielddescr>
<description>The protocol to be used for the VPN.</description>
<required/>
<type>select</type>
<options>
<option>
<value>TCP</value>
<name>TCP</name>
</option>
<option>
<value>UDP</value>
<name>UDP</name>
</option>
</options>
<default_value>UDP</default_value>
</field>
<field>
<fieldname>bind_to_iface</fieldname>
<fielddescr>Bind to an interface</fielddescr>
<description>Check to bind on a specific network interface.</description>
<type>checkbox</type>
<enablefields>interface</enablefields>
</field>
<field>
<fieldname>interface</fieldname>
<fielddescr>Interface</fielddescr>
<description>The interface on which the OpenVPN daemon will listen.</description>
<type>interfaces_selection</type>
<default_value>wan</default_value>
</field>
<field>
<fieldname>dynamic_ip</fieldname>
<fielddescr>Dynamic IP</fielddescr>
<description>Assume dynamic IPs, so that DHCP clients can connect.</description>
<type>checkbox</type>
</field>
<field>
<fieldname>local_port</fieldname>
<fielddescr>Local port</fielddescr>
<description>The port OpenVPN will listen on. You generally want 1194 here.</description>
<required/>
<type>input</type>
<default_value>1194</default_value>
<size>5</size>
</field>
<field>
<fieldname>addresspool</fieldname>
<fielddescr>Address pool</fielddescr>
<description>This is the address pool to be assigned to the clients. Expressed as a CIDR range (eg. 10.0.8.0/24). If the 'Use static IPs' field isn't set, clients will be assigned addresses from this pool. Otherwise, this will be used to set the local interface's IP.</description>
<required/>
<type>input</type>
</field>
<field>
<fieldname>nopool</fieldname>
<fielddescr>Use static IPs</fielddescr>
<description>If this option is set, IPs won't be assigned to clients. Instead, the server will use static IPs on its side, and the clients are expected to use this same value in the 'Address pool' field.</description>
<required/>
<type>checkbox</type>
</field>
<field>
<fieldname>local_network</fieldname>
<fielddescr>Local network</fielddescr>
<description>This is the network that will be accessable from the remote endpoint. Expressed as a CIDR range. You may leave this blank if you don't want to add a route to the local network through this tunnel on the remote machine. This is generally set to your LAN network.</description>
<type>input</type>
</field>
<field>
<fieldname>remote_network</fieldname>
<fielddescr>Remote network</fielddescr>
<description>This is a network that will be routed through the tunnel, so that a site-to-site VPN can be established without manually changing the routing tables. Expressed as a CIDR range. If this is a site-to-site VPN, enter here the remote LAN here. You may leave this blank if you don't want a site-to-site VPN.</description>
<type>input</type>
</field>
<field>
<fieldname>client2client</fieldname>
<fielddescr>Client-to-client VPN</fielddescr>
<description>If this option is set, clients will be able to talk to each other. Otherwise, they will only be able to talk to the server.</description>
<required/>
<type>checkbox</type>
</field>
<field>
<fieldname>crypto</fieldname>
<fielddescr>Cryptography</fielddescr>
<description>Here you can choose the cryptography algorithm to be used.</description>
<required/>
<type>select</type>
<default_value>BF-CBC</default_value>
</field>
<field>
<fieldname>auth_method</fieldname>
<fielddescr>Authentication method</fielddescr>
<description>The authentication method to be used.</description>
<required/>
<type>select</type>
<options>
<option>
<value>shared_key</value>
<name>Shared key</name>
</option>
<option>
<value>pki</value>
<name>PKI (Public Key Infrastructure)</name>
</option>
</options>
<onchange>onAuthMethodChanged()</onchange>
</field>
<field>
<fieldname>cipher</fieldname>
<fielddescr>Shared key</fielddescr>
<description>Shared key to use.</description>
<type>input</type>
<default_value>none</default_value>
</field>
<field>
<fieldname>cipherpki</fieldname>
<fielddescr>Certificate Authority</fielddescr>
<description>CA associated with this server.</description>
<type>select</type>
<default_value>none</default_value>
</field>
<field>
<fieldname>dhcp_domainname</fieldname>
<fielddescr>DHCP-Opt.: DNS-Domainname</fielddescr>
<description>Set connection-specific DNS Suffix.</description>
<type>input</type>
</field>
<field>
<fieldname>dhcp_dns</fieldname>
<fielddescr>DHCP-Opt.: DNS-Server</fielddescr>
<description>Set domain name server addresses, separated by semi-colons (;).</description>
<type>input</type>
</field>
<field>
<fieldname>dhcp_wins</fieldname>
<fielddescr>DHCP-Opt.: WINS-Server</fielddescr>
<description>Set WINS server addresses (NetBIOS over TCP/IP Name Server), separated by semi-colons (;).</description>
<type>input</type>
</field>
<field>
<fieldname>dhcp_nbdd</fieldname>
<fielddescr>DHCP-Opt.: NBDD-Server</fielddescr>
<description>Set NBDD server addresses (NetBIOS over TCP/IP Datagram Distribution Server), separated by semi-colons (;).</description>
<type>input</type>
</field>
<field>
<fieldname>dhcp_ntp</fieldname>
<fielddescr>DHCP-Opt.: NTP-Server</fielddescr>
<description>Set NTP server addresses (Network Time Protocol), separated by semi-colons (;).</description>
<type>input</type>
</field>
<field>
<fieldname>dhcp_nbttype</fieldname>
<fielddescr>DHCP-Opt.: NetBIOS node type</fielddescr>
<description>Set NetBIOS over TCP/IP Node type. Possible options: b-node (broadcasts), p-node (point-to-point name queries to a WINS server), m-node (broadcast then query name server), and h-node (query name server, then broadcast).</description>
<type>select</type>
<options>
<option>
<value>0</value>
<name>none</name>
</option>
<option>
<value>1</value>
<name>b-node</name>
</option>
<option>
<value>2</value>
<name>p-node</name>
</option>
<option>
<value>4</value>
<name>m-node</name>
</option>
<option>
<value>8</value>
<name>h-node</name>
</option>
</options>
<default_value>0</default_value>
</field>
<field>
<fieldname>dhcp_nbtscope</fieldname>
<fielddescr>DHCP-Opt.: NetBIOS Scope</fielddescr>
<description>Set NetBIOS over TCP/IP Scope. A NetBIOS Scope ID provides an extended naming service for NetBIOS over TCP/IP. The NetBIOS scope ID isolates NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID.</description>
<type>input</type>
</field>
<field>
<fieldname>dhcp_nbtdisable</fieldname>
<fielddescr>DHCP-Opt.: Disable NetBIOS</fielddescr>
<description>If this option is set, Netbios-over-TCP/IP will be disabled.</description>
<type>checkbox</type>
</field>
<field>
<fieldname>use_lzo</fieldname>
<fielddescr>LZO compression</fielddescr>
<description>Checking this will compress the packets using the LZO algorithm before sending them.</description>
<type>checkbox</type>
</field>
<field>
<fieldname>maxclients</fieldname>
<fielddescr>Maximum clients</fielddescr>
<description>The maximum number of concurrently connected clients we want to allow.</description>
<type>input</type>
</field>
<field>
<fieldname>passtos</fieldname>
<fielddescr>Pass Type-Of-Service</fielddescr>
<description>Checking this will set the TOS field of the tunnel packet to what the payload's TOS is.</description>
<type>checkbox</type>
</field>
<field>
<fieldname>gwredir</fieldname>
<fielddescr>Redirect Gateway</fielddescr>
<description>Redirect ALL traffic through the OpenVPN server.</description>
<type>checkbox</type>
</field>
<field>
<fieldname>custom_options</fieldname>
<fielddescr>Custom options</fielddescr>
<description>You can put your own custom options here, separated by semi-colons (;). They'll be added to the server configuration.</description>
<type>textarea</type>
<cols>65</cols>
<rows>5</rows>
</field>
<field>
<fieldname>description</fieldname>
<fielddescr>Description</fielddescr>
<description>You may enter a description here. This is optional and is not parsed.</description>
<type>input</type>
</field>
</fields>
<custom_php_command_before_form>
openvpn_get_ciphers(&$pkg);
</custom_php_command_before_form>
<custom_php_after_head_command>
openvpn_print_javascript('server');
</custom_php_after_head_command>
<custom_php_after_form_command>
openvpn_print_javascript2();
</custom_php_after_form_command>
<custom_php_validation_command>
openvpn_validate_input('server', $_POST, &$input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
openvpn_resync('server', $id);
</custom_php_resync_config_command>
</packagegui>
|
