diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc
index 3f7e62ff5..79f5bac6f 100644
--- a/src/etc/inc/openvpn.inc
+++ b/src/etc/inc/openvpn.inc
@@ -29,9 +29,6 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-global $openvpn_prots;
-$openvpn_prots = array("UDP", "UDP6", "TCP", "TCP6");
-
global $openvpn_dev_mode;
$openvpn_dev_mode = array("tun", "tap");
diff --git a/src/www/vpn_openvpn_client.php b/src/www/vpn_openvpn_client.php
index bfea89639..7acf47b6e 100644
--- a/src/www/vpn_openvpn_client.php
+++ b/src/www/vpn_openvpn_client.php
@@ -32,19 +32,10 @@ require_once("openvpn.inc");
require_once("services.inc");
require_once("interfaces.inc");
-function openvpn_validate_host($value, $name) {
- $value = trim($value);
- if (empty($value) || (!is_domain($value) && !is_ipaddr($value)))
- return sprintf(gettext("The field '%s' must contain a valid IP address or domain name."), $name);
- return false;
-}
+error_reporting(E_ALL);
-$openvpn_client_modes = array(
- 'p2p_tls' => gettext("Peer to Peer ( SSL/TLS )"),
- 'p2p_shared_key' => gettext("Peer to Peer ( Shared Key )") );
-
$pgtitle = array(gettext("OpenVPN"), gettext("Client"));
$shortcut_section = "openvpn";
@@ -73,320 +64,286 @@ if (!isset($config['crl']) || !is_array($config['crl'])) {
$a_crl =& $config['crl'];
-if (isset($_GET['id']) && is_numericint($_GET['id'])) {
- $id = $_GET['id'];
-}
-if (isset($_POST['id']) && is_numericint($_POST['id'])) {
- $id = $_POST['id'];
-}
-if (isset($_POST['act'])) {
- $act = $_POST['act'];
-} elseif (isset($_GET['act'])) {
- $act = $_GET['act'];
-} else {
- $act = null;
-}
-if (isset($id) && $a_client[$id]) {
- $vpnid = $a_client[$id]['vpnid'];
-} else {
- $vpnid = 0;
-}
-if (isset($_GET['act']) && $_GET['act'] == "del") {
- if (!isset($a_client[$id])) {
- redirectHeader("vpn_openvpn_client.php");
- exit;
- }
- if (!empty($a_client[$id])) {
- openvpn_delete('client', $a_client[$id]);
- }
- unset($a_client[$id]);
- write_config();
- $savemsg = gettext("Client successfully deleted")."
";
-}
-if (isset($_GET['act']) && $_GET['act']=="new") {
- $pconfig['autokey_enable'] = "yes";
- $pconfig['tlsauth_enable'] = "yes";
- $pconfig['autotls_enable'] = "yes";
- $pconfig['interface'] = "wan";
- $pconfig['server_port'] = 1194;
- $pconfig['verbosity_level'] = 1; // Default verbosity is 1
- // OpenVPN Defaults to SHA1
- $pconfig['digest'] = "SHA1";
-}
+$vpnid = 0;
+$act = null;
+if ($_SERVER['REQUEST_METHOD'] === 'GET') {
+ if (isset($_GET['id']) && is_numericint($_GET['id'])) {
+ $id = $_GET['id'];
+ }
+ if (isset($_GET['act'])) {
+ $act = $_GET['act'];
+ }
-global $simplefields;
-$simplefields = array('auth_user','auth_pass');
+ $pconfig = array();
+ // set defaults
+ $pconfig['autokey_enable'] = "yes"; // just in case the modes switch
+ $pconfig['autotls_enable'] = "yes"; // just in case the modes switch
+ $pconfig['tlsauth_enable'] = "yes";
+ $pconfig['digest'] = "SHA1";
+ $pconfig['verbosity_level'] = 1; // Default verbosity is 1
-if (isset($_GET['act']) && $_GET['act']=="edit") {
- if (isset($id) && $a_client[$id]) {
- foreach ($simplefields as $stat) {
- $pconfig[$stat] = $a_client[$id][$stat];
- }
+ // edit existing.
+ if ($act=="edit" && isset($id) && $a_client[$id] ) {
+ // 1 on 1 copy of config attributes
+ $copy_fields = "auth_user,auth_pass,disable,mode,protocol,interface
+ ,local_port,server_addr,server_port,resolve_retry
+ ,proxy_addr,proxy_port,proxy_user,proxy_passwd,proxy_authtype,description
+ ,custom_options,ns_cert_type,dev_mode,caref,certref,crypto,digest,engine
+ ,tunnel_network,tunnel_networkv6,remote_network,remote_networkv6,use_shaper
+ ,compression,passtos,no_tun_ipv6,route_no_pull,route_no_exec,verbosity_level";
- $pconfig['disable'] = isset($a_client[$id]['disable']);
- $pconfig['mode'] = $a_client[$id]['mode'];
- $pconfig['protocol'] = $a_client[$id]['protocol'];
- $pconfig['interface'] = $a_client[$id]['interface'];
- if (!empty($a_client[$id]['ipaddr'])) {
+ foreach (explode(",",$copy_fields) as $fieldname) {
+ $fieldname = trim($fieldname);
+ if(isset($a_client[$id][$fieldname])) {
+ $pconfig[$fieldname] = $a_client[$id][$fieldname];
+ } elseif (!isset($pconfig[$fieldname])) {
+ // initialize element
+ $pconfig[$fieldname] = null;
+ }
+ }
+
+ // load / convert
+ if (!empty($a_client[$id]['ipaddr'])) {
$pconfig['interface'] = $pconfig['interface'] . '|' . $a_client[$id]['ipaddr'];
}
- $pconfig['local_port'] = $a_client[$id]['local_port'];
- $pconfig['server_addr'] = $a_client[$id]['server_addr'];
- $pconfig['server_port'] = $a_client[$id]['server_port'];
- $pconfig['resolve_retry'] = $a_client[$id]['resolve_retry'];
- $pconfig['proxy_addr'] = $a_client[$id]['proxy_addr'];
- $pconfig['proxy_port'] = $a_client[$id]['proxy_port'];
- $pconfig['proxy_user'] = $a_client[$id]['proxy_user'];
- $pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd'];
- $pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype'];
- $pconfig['description'] = $a_client[$id]['description'];
- $pconfig['custom_options'] = $a_client[$id]['custom_options'];
- $pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type'];
- $pconfig['dev_mode'] = $a_client[$id]['dev_mode'];
- if ($pconfig['mode'] != "p2p_shared_key") {
- $pconfig['caref'] = $a_client[$id]['caref'];
- $pconfig['certref'] = $a_client[$id]['certref'];
- if ($a_client[$id]['tls']) {
- $pconfig['tlsauth_enable'] = "yes";
- $pconfig['tls'] = base64_decode($a_client[$id]['tls']);
- }
- } else {
- $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
- }
- $pconfig['crypto'] = $a_client[$id]['crypto'];
- // OpenVPN Defaults to SHA1 if unset
- $pconfig['digest'] = !empty($a_client[$id]['digest']) ? $a_client[$id]['digest'] : "SHA1";
- $pconfig['engine'] = $a_client[$id]['engine'];
+ if (isset($a_client[$id]['tls'])) {
+ $pconfig['tls'] = base64_decode($a_client[$id]['tls']);
+ } else {
+ $pconfig['tls'] = null;
+ }
- $pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
- $pconfig['tunnel_networkv6'] = $a_client[$id]['tunnel_networkv6'];
- $pconfig['remote_network'] = $a_client[$id]['remote_network'];
- $pconfig['remote_networkv6'] = $a_client[$id]['remote_networkv6'];
- $pconfig['use_shaper'] = $a_client[$id]['use_shaper'];
- $pconfig['compression'] = $a_client[$id]['compression'];
- $pconfig['passtos'] = $a_client[$id]['passtos'];
+ if (isset($a_client[$id]['shared_key'])) {
+ $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
+ } else {
+ $pconfig['shared_key'] = null ;
+ }
- // just in case the modes switch
- $pconfig['autokey_enable'] = "yes";
- $pconfig['autotls_enable'] = "yes";
+ if (isset($id) && $a_client[$id]) {
+ $vpnid = $a_client[$id]['vpnid'];
+ }
+ } elseif ($act=="new") {
+ // create new
+ $pconfig['interface'] = "wan";
+ $pconfig['server_port'] = 1194;
+ $init_fields = "auth_user,auth_pass,disable,mode,protocol,interface
+ ,local_port,server_addr,server_port,resolve_retry
+ ,proxy_addr,proxy_port,proxy_user,proxy_passwd,proxy_authtype,description
+ ,custom_options,ns_cert_type,dev_mode,caref,certref,crypto,digest,engine
+ ,tunnel_network,tunnel_networkv6,remote_network,remote_networkv6,use_shaper
+ ,compression,passtos,no_tun_ipv6,route_no_pull,route_no_exec,verbosity_level";
- $pconfig['no_tun_ipv6'] = $a_client[$id]['no_tun_ipv6'];
- $pconfig['route_no_pull'] = $a_client[$id]['route_no_pull'];
- $pconfig['route_no_exec'] = $a_client[$id]['route_no_exec'];
- if (isset($a_client[$id]['verbosity_level'])) {
- $pconfig['verbosity_level'] = $a_client[$id]['verbosity_level'];
- } else {
- $pconfig['verbosity_level'] = 1; // Default verbosity is 1
- }
- }
+ foreach (explode(",",$init_fields) as $fieldname) {
+ $fieldname = trim($fieldname);
+ if (!isset($pconfig[$fieldname])) {
+ $pconfig[$fieldname] = null;
+ }
+ }
+ }
+} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
+ if (isset($_POST['id']) && is_numericint($_POST['id'])) {
+ $id = $_POST['id'];
+ }
+ if (isset($_POST['act'])) {
+ $act = $_POST['act'];
+ }
+
+ if ($act == "del") {
+ if (!isset($id) || !isset($a_client[$id])) {
+ redirectHeader("vpn_openvpn_client.php");
+ exit;
+ }
+ if (!empty($a_client[$id])) {
+ openvpn_delete('client', $a_client[$id]);
+ }
+ unset($a_client[$id]);
+ write_config();
+ $savemsg = gettext("Client successfully deleted")."
";
+ } else {
+ $pconfig = $_POST;
+ $input_errors = array();
+
+ if (isset($id) && $a_client[$id]) {
+ $vpnid = $a_client[$id]['vpnid'];
+ }
+ if (isset($pconfig['mode']) && $pconfig['mode'] != "p2p_shared_key") {
+ $tls_mode = true;
+ } else {
+ $tls_mode = false;
+ }
+
+ // generate new key
+ if (!empty($pconfig['autokey_enable'])) {
+ $pconfig['shared_key'] = openvpn_create_key();
+ }
+
+ /* input validation */
+ if (strpos($pconfig['interface'],'|') !== false) {
+ list($iv_iface, $iv_ip) = explode("|", $pconfig['interface']);
+ } else {
+ $iv_iface = $pconfig['interface'];
+ $iv_ip = null;
+ }
+
+ if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) {
+ $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
+ } elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) {
+ $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address.");
+ } elseif ((stristr($pconfig['protocol'], "6") === false) && !get_interface_ip($iv_iface) && ($pconfig['interface'] != "any")) {
+ $input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address.");
+ } elseif ((stristr($pconfig['protocol'], "6") !== false) && !get_interface_ipv6($iv_iface) && ($pconfig['interface'] != "any")) {
+ $input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
+ }
+ if (!empty($pconfig['local_port'])) {
+ if (empty($pconfig['local_port']) || !is_numeric($pconfig['local_port']) || $pconfig['local_port'] < 0 || ($pconfig['local_port'] > 65535)) {
+ $input_errors[] = "The field Local port must contain a valid port, ranging from 0 to 65535.";
+ }
+ $portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid);
+ if (($portused != $vpnid) && ($portused != 0)) {
+ $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
+ }
+ }
+ if (empty($pconfig['server_addr']) || (!is_domain($pconfig['server_addr']) && !is_ipaddr($pconfig['server_addr']))) {
+ $input_errors[] = gettext("The field Server host or address must contain a valid IP address or domain name.") ;
+ }
+
+ if (empty($pconfig['server_port']) || !is_numeric($pconfig['server_port']) || $pconfig['server_port'] < 0 || ($pconfig['server_port'] > 65535)) {
+ $input_errors[] = "The field Server port must contain a valid port, ranging from 0 to 65535.";
+ }
+
+ if (!empty($pconfig['proxy_addr'])) {
+ if (empty($pconfig['proxy_addr']) || (!is_domain($pconfig['proxy_addr']) && !is_ipaddr($pconfig['proxy_addr']))) {
+ $input_errors[] = gettext("The field Proxy host or address must contain a valid IP address or domain name.") ;
+ }
+ if (empty($pconfig['proxy_port']) || !is_numeric($pconfig['proxy_port']) || $pconfig['proxy_port'] < 0 || ($pconfig['proxy_port'] > 65535)) {
+ $input_errors[] = "The field Proxy port must contain a valid port, ranging from 0 to 65535.";
+ }
+ if (isset($pconfig['proxy_authtype']) && $pconfig['proxy_authtype'] != "none") {
+ if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd'])) {
+ $input_errors[] = gettext("User name and password are required for proxy with authentication.");
+ }
+ }
+ }
+ if (!empty($pconfig['tunnel_network'])) {
+ if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) {
+ $input_errors[] = $result;
+ }
+ }
+ if (!empty($pconfig['tunnel_networkv6'])) {
+ if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) {
+ $input_errors[] = $result;
+ }
+ }
+ if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) {
+ $input_errors[] = $result;
+ }
+ if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) {
+ $input_errors[] = $result;
+ }
+ if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) || ($pconfig['use_shaper'] <= 0))) {
+ $input_errors[] = gettext("The bandwidth limit must be a positive numeric value.");
+ }
+ if (!$tls_mode && empty($pconfig['autokey_enable'])) {
+ if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
+ !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) {
+ $input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
+ }
+ }
+ if ($tls_mode && !empty($pconfig['tlsauth_enable']) && empty($pconfig['autotls_enable'])) {
+ if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
+ !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) {
+ $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
+ }
+ }
+
+ /* If we are not in shared key mode, then we need the CA/Cert. */
+ if (isset($pconfig['mode']) && $pconfig['mode'] != "p2p_shared_key") {
+ $reqdfields = explode(" ", "caref");
+ $reqdfieldsn = array(gettext("Certificate Authority"));
+ } elseif (empty($pconfig['autokey_enable'])) {
+ /* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
+ $reqdfields = array('shared_key');
+ $reqdfieldsn = array(gettext('Shared key'));
+ }
+
+ do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
+
+ if (($pconfig['mode'] != "p2p_shared_key") && empty($pconfig['certref']) && empty($pconfig['auth_user']) && empty($pconfig['auth_pass'])) {
+ $input_errors[] = gettext("If no Client Certificate is selected, a username and password must be entered.");
+ }
+
+ if (count($input_errors) == 0) {
+ // save data
+ $client = array();
+ // 1 on 1 copy of config attributes
+ $copy_fields = "auth_user,auth_pass,protocol,dev_mode,local_port
+ ,server_addr,server_port,resolve_retry,proxy_addr,proxy_port
+ ,proxy_authtype,proxy_user,proxy_passwd,description,mode,crypto,digest
+ ,engine,tunnel_network,tunnel_networkv6,remote_network,remote_networkv6
+ ,use_shaper,compression,passtos,no_tun_ipv6,route_no_pull,route_no_exec
+ ,verbosity_level,interface";
+
+ foreach (explode(",",$copy_fields) as $fieldname) {
+ $fieldname = trim($fieldname);
+ if(isset($pconfig[$fieldname])) {
+ $client[$fieldname] = $pconfig[$fieldname];
+ }
+ }
+
+ // attributes containing some kind of logic
+ if ($vpnid) {
+ $client['vpnid'] = $vpnid;
+ } else {
+ $client['vpnid'] = openvpn_vpnid_next();
+ }
+ if ($_POST['disable'] == "yes") {
+ $client['disable'] = true;
+ }
+
+ if (strpos($pconfig['interface'], "|") !== false) {
+ list($client['interface'], $client['ipaddr']) = explode("|", $pconfig['interface']);
+ }
+ $client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
+
+ if ($tls_mode) {
+ $client['caref'] = $pconfig['caref'];
+ $client['certref'] = $pconfig['certref'];
+ if ($pconfig['tlsauth_enable']) {
+ if ($pconfig['autotls_enable']) {
+ $pconfig['tls'] = openvpn_create_key();
+ }
+ $client['tls'] = base64_encode($pconfig['tls']);
+ }
+ } else {
+ $client['shared_key'] = base64_encode($pconfig['shared_key']);
+ }
+
+ if (isset($id) && isset($a_client[$id])) {
+ $a_client[$id] = $client;
+ } else {
+ $a_client[] = $client;
+ }
+
+ openvpn_resync('client', $client);
+ write_config();
+
+ header("Location: vpn_openvpn_client.php");
+ exit;
+ }
+ }
}
-if ($_POST) {
- $input_errors = array();
- $pconfig = $_POST;
-
- if (isset($id) && $a_client[$id]) {
- $vpnid = $a_client[$id]['vpnid'];
- } else {
- $vpnid = 0;
- }
-
- list($iv_iface, $iv_ip) = explode("|", $pconfig['interface']);
- if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) {
- $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
- } elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) {
- $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address.");
- } elseif ((stristr($pconfig['protocol'], "6") === false) && !get_interface_ip($iv_iface) && ($pconfig['interface'] != "any")) {
- $input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address.");
- } elseif ((stristr($pconfig['protocol'], "6") !== false) && !get_interface_ipv6($iv_iface) && ($pconfig['interface'] != "any")) {
- $input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
- }
-
- if ($pconfig['mode'] != "p2p_shared_key") {
- $tls_mode = true;
- } else {
- $tls_mode = false;
- }
-
- /* input validation */
- if ($pconfig['local_port']) {
- if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) {
- $input_errors[] = $result;
- }
-
- $portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid);
- if (($portused != $vpnid) && ($portused != 0)) {
- $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
- }
- }
-
- if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address')) {
- $input_errors[] = $result;
- }
-
- if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port')) {
- $input_errors[] = $result;
- }
-
- if ($pconfig['proxy_addr']) {
- if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address')) {
- $input_errors[] = $result;
- }
-
- if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port')) {
- $input_errors[] = $result;
- }
-
- if ($pconfig['proxy_authtype'] != "none") {
- if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd'])) {
- $input_errors[] = gettext("User name and password are required for proxy with authentication.");
- }
- }
- }
-
- if ($pconfig['tunnel_network']) {
- if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) {
- $input_errors[] = $result;
- }
- }
-
- if ($pconfig['tunnel_networkv6']) {
- if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) {
- $input_errors[] = $result;
- }
- }
-
- if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) {
- $input_errors[] = $result;
- }
-
- if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) {
- $input_errors[] = $result;
- }
-
- if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) || ($pconfig['use_shaper'] <= 0))) {
- $input_errors[] = gettext("The bandwidth limit must be a positive numeric value.");
- }
-
- if ($pconfig['autokey_enable']) {
- $pconfig['shared_key'] = openvpn_create_key();
- }
-
- if (!$tls_mode && !$pconfig['autokey_enable']) {
- if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
- !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) {
- $input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
- }
- }
-
- if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) {
- if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
- !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) {
- $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
- }
- }
-
- /* If we are not in shared key mode, then we need the CA/Cert. */
- if ($pconfig['mode'] != "p2p_shared_key") {
- $reqdfields = explode(" ", "caref");
- $reqdfieldsn = array(gettext("Certificate Authority"));
- } elseif (!$pconfig['autokey_enable']) {
- /* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
- $reqdfields = array('shared_key');
- $reqdfieldsn = array(gettext('Shared key'));
- }
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
-
- if (($pconfig['mode'] != "p2p_shared_key") && empty($pconfig['certref']) && empty($pconfig['auth_user']) && empty($pconfig['auth_pass'])) {
- $input_errors[] = gettext("If no Client Certificate is selected, a username and password must be entered.");
- }
-
- if (!$input_errors) {
- $client = array();
-
- foreach ($simplefields as $stat) {
- update_if_changed($stat, $client[$stat], $_POST[$stat]);
- }
-
- if ($vpnid) {
- $client['vpnid'] = $vpnid;
- } else {
- $client['vpnid'] = openvpn_vpnid_next();
- }
-
- if ($_POST['disable'] == "yes") {
- $client['disable'] = true;
- }
- $client['protocol'] = $pconfig['protocol'];
- $client['dev_mode'] = $pconfig['dev_mode'];
- list($client['interface'], $client['ipaddr']) = explode("|", $pconfig['interface']);
- $client['local_port'] = $pconfig['local_port'];
- $client['server_addr'] = $pconfig['server_addr'];
- $client['server_port'] = $pconfig['server_port'];
- $client['resolve_retry'] = $pconfig['resolve_retry'];
- $client['proxy_addr'] = $pconfig['proxy_addr'];
- $client['proxy_port'] = $pconfig['proxy_port'];
- $client['proxy_authtype'] = $pconfig['proxy_authtype'];
- $client['proxy_user'] = $pconfig['proxy_user'];
- $client['proxy_passwd'] = $pconfig['proxy_passwd'];
- $client['description'] = $pconfig['description'];
- $client['mode'] = $pconfig['mode'];
- $client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
-
- if ($tls_mode) {
- $client['caref'] = $pconfig['caref'];
- $client['certref'] = $pconfig['certref'];
- if ($pconfig['tlsauth_enable']) {
- if ($pconfig['autotls_enable']) {
- $pconfig['tls'] = openvpn_create_key();
- }
- $client['tls'] = base64_encode($pconfig['tls']);
- }
- } else {
- $client['shared_key'] = base64_encode($pconfig['shared_key']);
- }
- $client['crypto'] = $pconfig['crypto'];
- $client['digest'] = $pconfig['digest'];
- $client['engine'] = $pconfig['engine'];
-
- $client['tunnel_network'] = $pconfig['tunnel_network'];
- $client['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
- $client['remote_network'] = $pconfig['remote_network'];
- $client['remote_networkv6'] = $pconfig['remote_networkv6'];
- $client['use_shaper'] = $pconfig['use_shaper'];
- $client['compression'] = $pconfig['compression'];
- $client['passtos'] = $pconfig['passtos'];
-
- $client['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
- $client['route_no_pull'] = $pconfig['route_no_pull'];
- $client['route_no_exec'] = $pconfig['route_no_exec'];
- $client['verbosity_level'] = $pconfig['verbosity_level'];
-
- if (isset($id) && $a_client[$id]) {
- $a_client[$id] = $client;
- } else {
- $a_client[] = $client;
- }
-
- openvpn_resync('client', $client);
- write_config();
-
- header("Location: vpn_openvpn_client.php");
- exit;
- }
-}
+// escape form output before processing
+legacy_html_escape_form_data($pconfig);
include("head.inc");
$main_buttons = array(
array('href'=>'vpn_openvpn_client.php?act=new', 'label'=>gettext("add client")),
-
);
?>
@@ -395,6 +352,38 @@ $main_buttons = array(