diff --git a/src/www/vpn_openvpn_server.php b/src/www/vpn_openvpn_server.php
index 3d9170624..2bca6d90a 100644
--- a/src/www/vpn_openvpn_server.php
+++ b/src/www/vpn_openvpn_server.php
@@ -26,530 +26,381 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("openvpn.inc");
require_once("services.inc");
require_once("interfaces.inc");
-$openvpn_dh_lengths = array(1024, 2048, 4096 );
-$openvpn_cert_depths = array(
- 1 => "One (Client+Server)",
- 2 => "Two (Client+Intermediate+Server)",
- 3 => "Three (Client+2xIntermediate+Server)",
- 4 => "Four (Client+3xIntermediate+Server)",
- 5 => "Five (Client+4xIntermediate+Server)"
-);
-
-$openvpn_server_modes = array(
- 'p2p_tls' => gettext("Peer to Peer ( SSL/TLS )"),
- 'p2p_shared_key' => gettext("Peer to Peer ( Shared Key )"),
- 'server_tls' => gettext("Remote Access ( SSL/TLS )"),
- 'server_user' => gettext("Remote Access ( User Auth )"),
- 'server_tls_user' => gettext("Remote Access ( SSL/TLS + User Auth )"));
-
if (!isset($config['openvpn']['openvpn-server'])) {
$config['openvpn']['openvpn-server'] = array();
}
-
$a_server = &$config['openvpn']['openvpn-server'];
-if (!is_array($config['ca'])) {
- $config['ca'] = array();
-}
-
-$a_ca =& $config['ca'];
-
-if (!isset($config['cert']) || !is_array($config['cert'])) {
- $config['cert'] = array();
-}
-
-$a_cert =& $config['cert'];
-
-if (!isset($config['crl']) || !is_array($config['crl'])) {
- $config['crl'] = array();
-}
-
-$a_crl =& $config['crl'];
-
-foreach ($a_crl as $cid => $acrl) {
- if (!isset($acrl['refid'])) {
- unset ($a_crl[$cid]);
- }
-}
-
-if (isset($_GET['id']) && is_numericint($_GET['id'])) {
- $id = $_GET['id'];
-}
-if (isset($_POST['id']) && is_numericint($_POST['id'])) {
- $id = $_POST['id'];
-}
-
-if (isset($_POST['act'])) {
- $act = $_POST['act'];
-} elseif (isset($_GET['act'])) {
- $act = $_GET['act'];
-} else {
- $act = null;
-}
-
-if (isset($id) && $a_server[$id]) {
- $vpnid = $a_server[$id]['vpnid'];
-} else {
- $vpnid = 0;
-}
-
-if (isset($_GET['act']) && $_GET['act'] == "del") {
- if (!isset($a_server[$id])) {
- redirectHeader("vpn_openvpn_server.php");
- exit;
- }
- if (!empty($a_server[$id])) {
- openvpn_delete('server', $a_server[$id]);
- }
- unset($a_server[$id]);
- write_config();
- $savemsg = gettext("Server successfully deleted")."
";
-}
-
-if (isset($_GET['act']) && $_GET['act']=="new") {
- $pconfig['autokey_enable'] = "yes";
- $pconfig['tlsauth_enable'] = "yes";
- $pconfig['autotls_enable'] = "yes";
- $pconfig['dh_length'] = 1024;
- $pconfig['dev_mode'] = "tun";
- $pconfig['interface'] = "wan";
- $pconfig['local_port'] = openvpn_port_next('UDP');
- $pconfig['pool_enable'] = "yes";
- $pconfig['cert_depth'] = 1;
- $pconfig['verbosity_level'] = 1; // Default verbosity is 1
- // OpenVPN Defaults to SHA1
- $pconfig['digest'] = "SHA1";
-}
-
-if (isset($_GET['act']) && $_GET['act']=="edit") {
- if (isset($id) && $a_server[$id]) {
- $pconfig['disable'] = isset($a_server[$id]['disable']);
- $pconfig['mode'] = $a_server[$id]['mode'];
- $pconfig['protocol'] = $a_server[$id]['protocol'];
- $pconfig['authmode'] = $a_server[$id]['authmode'];
- $pconfig['dev_mode'] = $a_server[$id]['dev_mode'];
- $pconfig['interface'] = $a_server[$id]['interface'];
- if (!empty($a_server[$id]['ipaddr'])) {
- $pconfig['interface'] = $pconfig['interface'] . '|' . $a_server[$id]['ipaddr'];
- }
- $pconfig['local_port'] = $a_server[$id]['local_port'];
- $pconfig['description'] = $a_server[$id]['description'];
- $pconfig['custom_options'] = $a_server[$id]['custom_options'];
-
- if ($pconfig['mode'] != "p2p_shared_key") {
- if ($a_server[$id]['tls']) {
- $pconfig['tlsauth_enable'] = "yes";
- $pconfig['tls'] = base64_decode($a_server[$id]['tls']);
- }
- $pconfig['caref'] = $a_server[$id]['caref'];
- $pconfig['crlref'] = $a_server[$id]['crlref'];
- $pconfig['certref'] = $a_server[$id]['certref'];
- $pconfig['dh_length'] = $a_server[$id]['dh_length'];
- if (isset($a_server[$id]['cert_depth'])) {
- $pconfig['cert_depth'] = $a_server[$id]['cert_depth'];
- } else {
- $pconfig['cert_depth'] = 1;
- }
- if ($pconfig['mode'] == "server_tls_user") {
- $pconfig['strictusercn'] = $a_server[$id]['strictusercn'];
- }
- } else {
- $pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
- }
- $pconfig['crypto'] = $a_server[$id]['crypto'];
- // OpenVPN Defaults to SHA1 if unset
- $pconfig['digest'] = !empty($a_server[$id]['digest']) ? $a_server[$id]['digest'] : "SHA1";
- $pconfig['engine'] = $a_server[$id]['engine'];
-
- $pconfig['tunnel_network'] = $a_server[$id]['tunnel_network'];
- $pconfig['tunnel_networkv6'] = $a_server[$id]['tunnel_networkv6'];
-
- $pconfig['remote_network'] = $a_server[$id]['remote_network'];
- $pconfig['remote_networkv6'] = $a_server[$id]['remote_networkv6'];
- $pconfig['gwredir'] = $a_server[$id]['gwredir'];
- $pconfig['local_network'] = $a_server[$id]['local_network'];
- $pconfig['local_networkv6'] = $a_server[$id]['local_networkv6'];
- $pconfig['maxclients'] = $a_server[$id]['maxclients'];
- $pconfig['compression'] = $a_server[$id]['compression'];
- $pconfig['passtos'] = $a_server[$id]['passtos'];
- $pconfig['client2client'] = $a_server[$id]['client2client'];
-
- $pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip'];
- $pconfig['pool_enable'] = $a_server[$id]['pool_enable'];
- $pconfig['topology_subnet'] = $a_server[$id]['topology_subnet'];
-
- $pconfig['serverbridge_dhcp'] = $a_server[$id]['serverbridge_dhcp'];
- $pconfig['serverbridge_interface'] = $a_server[$id]['serverbridge_interface'];
- $pconfig['serverbridge_dhcp_start'] = $a_server[$id]['serverbridge_dhcp_start'];
- $pconfig['serverbridge_dhcp_end'] = $a_server[$id]['serverbridge_dhcp_end'];
-
- $pconfig['dns_domain'] = $a_server[$id]['dns_domain'];
- if ($pconfig['dns_domain']) {
- $pconfig['dns_domain_enable'] = true;
- }
-
- $pconfig['dns_server1'] = $a_server[$id]['dns_server1'];
- $pconfig['dns_server2'] = $a_server[$id]['dns_server2'];
- $pconfig['dns_server3'] = $a_server[$id]['dns_server3'];
- $pconfig['dns_server4'] = $a_server[$id]['dns_server4'];
- if ($pconfig['dns_server1'] ||
- $pconfig['dns_server2'] ||
- $pconfig['dns_server3'] ||
- $pconfig['dns_server4']) {
- $pconfig['dns_server_enable'] = true;
- }
-
- $pconfig['ntp_server1'] = $a_server[$id]['ntp_server1'];
- $pconfig['ntp_server2'] = $a_server[$id]['ntp_server2'];
- if ($pconfig['ntp_server1'] ||
- $pconfig['ntp_server2']) {
- $pconfig['ntp_server_enable'] = true;
- }
-
- $pconfig['netbios_enable'] = $a_server[$id]['netbios_enable'];
- $pconfig['netbios_ntype'] = $a_server[$id]['netbios_ntype'];
- $pconfig['netbios_scope'] = $a_server[$id]['netbios_scope'];
-
- $pconfig['wins_server1'] = $a_server[$id]['wins_server1'];
- $pconfig['wins_server2'] = $a_server[$id]['wins_server2'];
- if ($pconfig['wins_server1'] ||
- $pconfig['wins_server2']) {
- $pconfig['wins_server_enable'] = true;
- }
-
- $pconfig['client_mgmt_port'] = $a_server[$id]['client_mgmt_port'];
- if ($pconfig['client_mgmt_port']) {
- $pconfig['client_mgmt_port_enable'] = true;
- }
-
- $pconfig['nbdd_server1'] = $a_server[$id]['nbdd_server1'];
- if ($pconfig['nbdd_server1']) {
- $pconfig['nbdd_server_enable'] = true;
- }
-
- // just in case the modes switch
- $pconfig['autokey_enable'] = "yes";
- $pconfig['autotls_enable'] = "yes";
-
- $pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']);
-
- $pconfig['no_tun_ipv6'] = $a_server[$id]['no_tun_ipv6'];
- if (isset($a_server[$id]['verbosity_level'])) {
- $pconfig['verbosity_level'] = $a_server[$id]['verbosity_level'];
- } else {
- $pconfig['verbosity_level'] = 1; // Default verbosity is 1
- }
- $pconfig['push_register_dns'] = $a_server[$id]['push_register_dns'];
- }
-}
-if ($_POST) {
- $input_errors = array();
- $pconfig = $_POST;
-
- if (isset($id) && $a_server[$id]) {
- $vpnid = $a_server[$id]['vpnid'];
- } else {
- $vpnid = 0;
- }
-
- list($iv_iface, $iv_ip) = explode("|", $pconfig['interface']);
- if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) {
- $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
- } elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) {
- $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address.");
- } elseif ((stristr($pconfig['protocol'], "6") === false) && !get_interface_ip($iv_iface) && ($pconfig['interface'] != "any")) {
- $input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address.");
- } elseif ((stristr($pconfig['protocol'], "6") !== false) && !get_interface_ipv6($iv_iface) && ($pconfig['interface'] != "any")) {
- $input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
- }
-
- if ($pconfig['mode'] != "p2p_shared_key") {
- $tls_mode = true;
- } else {
- $tls_mode = false;
- }
-
- if (empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user"))) {
- $input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth.");
- }
-
- /* input validation */
- if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) {
- $input_errors[] = $result;
- }
-
- if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) {
- $input_errors[] = $result;
- }
-
- if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) {
- $input_errors[] = $result;
- }
-
- if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) {
- $input_errors[] = $result;
- }
-
- if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) {
- $input_errors[] = $result;
- }
-
- if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4")) {
- $input_errors[] = $result;
- }
-
- if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6")) {
- $input_errors[] = $result;
- }
-
- $portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid);
- if (($portused != $vpnid) && ($portused != 0)) {
- $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
- }
-
- if ($pconfig['autokey_enable']) {
- $pconfig['shared_key'] = openvpn_create_key();
- }
-
- if (!$tls_mode && !$pconfig['autokey_enable']) {
- if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
- !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) {
- $input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
- }
- }
-
- if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) {
- if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
- !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) {
- $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
- }
- }
-
- if ($pconfig['dns_server_enable']) {
- if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) {
- $input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
- }
- if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) {
- $input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
- }
- if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) {
- $input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
- }
- if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) {
- $input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
- }
- }
-
- if ($pconfig['ntp_server_enable']) {
- if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) {
- $input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
- }
- if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) {
- $input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
- }
- if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) {
- $input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address");
- }
- if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) {
- $input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address");
- }
- }
-
- if ($pconfig['netbios_enable']) {
- if ($pconfig['wins_server_enable']) {
- if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) {
- $input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
- }
- if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) {
- $input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
- }
- }
- if ($pconfig['nbdd_server_enable']) {
- if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) {
- $input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
- }
- }
- }
-
- if ($pconfig['client_mgmt_port_enable']) {
- if ($result = openvpn_validate_port($pconfig['client_mgmt_port'], 'Client management port')) {
- $input_errors[] = $result;
- }
- }
-
- if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients'])) {
- $input_errors[] = gettext("The field 'Concurrent connections' must be numeric.");
- }
-
- /* If we are not in shared key mode, then we need the CA/Cert. */
- if ($pconfig['mode'] != "p2p_shared_key") {
- $reqdfields = explode(" ", "caref certref");
- $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
- } elseif (!$pconfig['autokey_enable']) {
- /* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
- $reqdfields = array('shared_key');
- $reqdfieldsn = array(gettext('Shared key'));
- }
-
- if ($pconfig['dev_mode'] != "tap") {
- $reqdfields[] = 'tunnel_network';
- $reqdfieldsn[] = gettext('Tunnel network');
- } else {
- if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network']) {
- $input_errors[] = gettext("Using a tunnel network and server bridge settings together is not allowed.");
- }
- if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end'])
- || (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end'])) {
- $input_errors[] = gettext("Server Bridge DHCP Start and End must both be empty, or defined.");
- }
- if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_start']))) {
- $input_errors[] = gettext("Server Bridge DHCP Start must be an IPv4 address.");
- }
- if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_end']))) {
- $input_errors[] = gettext("Server Bridge DHCP End must be an IPv4 address.");
- }
- if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end'])) {
- $input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end).");
- }
- }
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
-
- if (!$input_errors) {
- $server = array();
-
- if ($id && $pconfig['dev_mode'] <> $a_server[$id]['dev_mode']) {
- openvpn_delete('server', $a_server[$id]);// delete(rename) old interface so a new TUN or TAP interface can be created.
- }
- if ($vpnid) {
- $server['vpnid'] = $vpnid;
- } else {
- $server['vpnid'] = openvpn_vpnid_next();
- }
-
- if ($_POST['disable'] == "yes") {
- $server['disable'] = true;
- }
- $server['mode'] = $pconfig['mode'];
- if (!empty($pconfig['authmode'])) {
- $server['authmode'] = implode(",", $pconfig['authmode']);
- }
- $server['protocol'] = $pconfig['protocol'];
- $server['dev_mode'] = $pconfig['dev_mode'];
- list($server['interface'], $server['ipaddr']) = explode("|", $pconfig['interface']);
- $server['local_port'] = $pconfig['local_port'];
- $server['description'] = $pconfig['description'];
- $server['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
-
- if ($tls_mode) {
- if ($pconfig['tlsauth_enable']) {
- if ($pconfig['autotls_enable']) {
- $pconfig['tls'] = openvpn_create_key();
- }
- $server['tls'] = base64_encode($pconfig['tls']);
- }
- $server['caref'] = $pconfig['caref'];
- $server['crlref'] = $pconfig['crlref'];
- $server['certref'] = $pconfig['certref'];
- $server['dh_length'] = $pconfig['dh_length'];
- $server['cert_depth'] = $pconfig['cert_depth'];
- if ($pconfig['mode'] == "server_tls_user") {
- $server['strictusercn'] = $pconfig['strictusercn'];
- }
- } else {
- $server['shared_key'] = base64_encode($pconfig['shared_key']);
- }
- $server['crypto'] = $pconfig['crypto'];
- $server['digest'] = $pconfig['digest'];
- $server['engine'] = $pconfig['engine'];
-
- $server['tunnel_network'] = $pconfig['tunnel_network'];
- $server['tunnel_networkv6'] = $pconfig['tunnel_networkv6'];
- $server['remote_network'] = $pconfig['remote_network'];
- $server['remote_networkv6'] = $pconfig['remote_networkv6'];
- $server['gwredir'] = $pconfig['gwredir'];
- $server['local_network'] = $pconfig['local_network'];
- $server['local_networkv6'] = $pconfig['local_networkv6'];
- $server['maxclients'] = $pconfig['maxclients'];
- $server['compression'] = $pconfig['compression'];
- $server['passtos'] = $pconfig['passtos'];
- $server['client2client'] = $pconfig['client2client'];
-
- $server['dynamic_ip'] = $pconfig['dynamic_ip'];
- $server['pool_enable'] = $pconfig['pool_enable'];
- $server['topology_subnet'] = $pconfig['topology_subnet'];
-
- $server['serverbridge_dhcp'] = $pconfig['serverbridge_dhcp'];
- $server['serverbridge_interface'] = $pconfig['serverbridge_interface'];
- $server['serverbridge_dhcp_start'] = $pconfig['serverbridge_dhcp_start'];
- $server['serverbridge_dhcp_end'] = $pconfig['serverbridge_dhcp_end'];
-
- if ($pconfig['dns_domain_enable']) {
- $server['dns_domain'] = $pconfig['dns_domain'];
- }
-
- if ($pconfig['dns_server_enable']) {
- $server['dns_server1'] = $pconfig['dns_server1'];
- $server['dns_server2'] = $pconfig['dns_server2'];
- $server['dns_server3'] = $pconfig['dns_server3'];
- $server['dns_server4'] = $pconfig['dns_server4'];
- }
-
- if ($pconfig['push_register_dns']) {
- $server['push_register_dns'] = $pconfig['push_register_dns'];
- }
-
- if ($pconfig['ntp_server_enable']) {
- $server['ntp_server1'] = $pconfig['ntp_server1'];
- $server['ntp_server2'] = $pconfig['ntp_server2'];
- }
-
- $server['netbios_enable'] = $pconfig['netbios_enable'];
- $server['netbios_ntype'] = $pconfig['netbios_ntype'];
- $server['netbios_scope'] = $pconfig['netbios_scope'];
-
- $server['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
- $server['verbosity_level'] = $pconfig['verbosity_level'];
-
- if ($pconfig['netbios_enable']) {
- if ($pconfig['wins_server_enable']) {
- $server['wins_server1'] = $pconfig['wins_server1'];
- $server['wins_server2'] = $pconfig['wins_server2'];
- }
-
- if ($pconfig['dns_server_enable']) {
- $server['nbdd_server1'] = $pconfig['nbdd_server1'];
- }
- }
-
- if ($pconfig['client_mgmt_port_enable']) {
- $server['client_mgmt_port'] = $pconfig['client_mgmt_port'];
- }
-
- if ($_POST['duplicate_cn'] == "yes") {
- $server['duplicate_cn'] = true;
- }
-
- if (isset($id) && $a_server[$id]) {
- $a_server[$id] = $server;
- } else {
- $a_server[] = $server;
- }
-
- openvpn_resync('server', $server);
- write_config();
-
- header("Location: vpn_openvpn_server.php");
- exit;
- }
- if (!empty($pconfig['authmode'])) {
- $pconfig['authmode'] = implode(",", $pconfig['authmode']);
- }
+$act = null;
+if ($_SERVER['REQUEST_METHOD'] === 'GET') {
+ // fetch id if provided
+ if (isset($_GET['id']) && is_numericint($_GET['id'])) {
+ $id = $_GET['id'];
+ }
+ if (isset($_GET['act'])) {
+ $act = $_GET['act'];
+ }
+ $pconfig = array();
+ // defaults
+ $vpnid = 0;
+ $pconfig['verbosity_level'] = 1;
+ $pconfig['digest'] = "SHA1"; // OpenVPN Defaults to SHA1 if unset
+ $pconfig['autokey_enable'] = "yes";
+ $pconfig['autotls_enable'] = "yes";
+ $pconfig['tlsauth_enable'] = "yes";
+ if ($act == "edit") {
+ if (isset($id) && isset($a_server[$id])) {
+ if ($a_server[$id]['mode'] != "p2p_shared_key") {
+ $pconfig['cert_depth'] = 1;
+ }
+
+ // 1 on 1 copy of config attributes
+ $copy_fields = "mode,protocol,authmode,dev_mode,interface,local_port
+ ,description,custom_options,crypto,engine,tunnel_network
+ ,tunnel_networkv6,remote_network,remote_networkv6,gwredir,local_network
+ ,local_networkv6,maxclients,compression,passtos,client2client
+ ,dynamic_ip,pool_enable,topology_subnet,serverbridge_dhcp
+ ,serverbridge_interface,serverbridge_dhcp_start,serverbridge_dhcp_end
+ ,dns_server1,dns_server2,dns_server3,dns_server4,ntp_server1
+ ,ntp_server2,netbios_enable,netbios_ntype,netbios_scope,wins_server1
+ ,wins_server2,no_tun_ipv6,push_register_dns,dns_domain,nbdd_server1
+ ,client_mgmt_port,verbosity_level,caref,crlref,certref,dh_length
+ ,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid";
+
+ foreach (explode(",",$copy_fields) as $fieldname) {
+ $fieldname = trim($fieldname);
+ if(isset($a_server[$id][$fieldname])) {
+ $pconfig[$fieldname] = $a_server[$id][$fieldname];
+ } elseif (!isset($pconfig[$fieldname])) {
+ // initialize element
+ $pconfig[$fieldname] = null;
+ }
+ }
+
+ // load / convert
+ if (!empty($a_server[$id]['ipaddr'])) {
+ $pconfig['interface'] = $pconfig['interface'] . '|' . $a_server[$id]['ipaddr'];
+ }
+ if (!empty($a_server[$id]['shared_key'])) {
+ $pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
+ } else {
+ $pconfig['shared_key'] = null;
+ }
+ if (!empty($a_server[$id]['tls'])) {
+ $pconfig['tlsauth_enable'] = "yes";
+ $pconfig['tls'] = base64_decode($a_server[$id]['tls']);
+ } else {
+ $pconfig['tls'] = null;
+ }
+ }
+ } elseif ($act == "new") {
+ $pconfig['dh_length'] = 1024;
+ $pconfig['dev_mode'] = "tun";
+ $pconfig['interface'] = "wan";
+ $pconfig['local_port'] = openvpn_port_next('UDP');
+ $pconfig['pool_enable'] = "yes";
+ $pconfig['cert_depth'] = 1;
+ // init all fields used in the form
+ $init_fields = "mode,protocol,authmode,dev_mode,interface,local_port
+ ,description,custom_options,crypto,engine,tunnel_network
+ ,tunnel_networkv6,remote_network,remote_networkv6,gwredir,local_network
+ ,local_networkv6,maxclients,compression,passtos,client2client
+ ,dynamic_ip,pool_enable,topology_subnet,serverbridge_dhcp
+ ,serverbridge_interface,serverbridge_dhcp_start,serverbridge_dhcp_end
+ ,dns_server1,dns_server2,dns_server3,dns_server4,ntp_server1
+ ,ntp_server2,netbios_enable,netbios_ntype,netbios_scope,wins_server1
+ ,wins_server2,no_tun_ipv6,push_register_dns,dns_domain,nbdd_server1
+ ,client_mgmt_port,verbosity_level,caref,crlref,certref,dh_length
+ ,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,shared_key,tls";
+ foreach (explode(",",$copy_fields) as $fieldname) {
+ $fieldname = trim($fieldname);
+ if (!isset($pconfig[$fieldname])) {
+ $pconfig[$fieldname] = null;
+ }
+ }
+
+ }
+} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
+ if (isset($_POST['id']) && is_numericint($_POST['id'])) {
+ $id = $_POST['id'];
+ }
+ if (isset($_POST['act'])) {
+ $act = $_POST['act'];
+ }
+
+ if ($act == "del") {
+ // action delete
+ if (!isset($a_server[$id])) {
+ redirectHeader("vpn_openvpn_server.php");
+ exit;
+ }
+ if (!empty($a_server[$id])) {
+ openvpn_delete('server', $a_server[$id]);
+ }
+ unset($a_server[$id]);
+ write_config();
+ $savemsg = gettext("Server successfully deleted")."
";
+ } else {
+ // action add/update
+ $input_errors = array();
+ $pconfig = $_POST;
+
+ if (isset($id) && $a_server[$id]) {
+ $vpnid = $a_server[$id]['vpnid'];
+ } else {
+ $vpnid = 0;
+ }
+ if ($pconfig['mode'] != "p2p_shared_key") {
+ $tls_mode = true;
+ } else {
+ $tls_mode = false;
+ }
+ if (!empty($pconfig['autokey_enable'])) {
+ $pconfig['shared_key'] = openvpn_create_key();
+ }
+
+ // all input validators
+ if (strpos($pconfig['interface'],'|') !== false) {
+ list($iv_iface, $iv_ip) = explode("|", $pconfig['interface']);
+ } else {
+ $iv_iface = $pconfig['interface'];
+ $iv_ip = null;
+ }
+
+ if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) {
+ $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
+ } elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) {
+ $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address.");
+ } elseif ((stristr($pconfig['protocol'], "6") === false) && !get_interface_ip($iv_iface) && ($pconfig['interface'] != "any")) {
+ $input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address.");
+ } elseif ((stristr($pconfig['protocol'], "6") !== false) && !get_interface_ipv6($iv_iface) && ($pconfig['interface'] != "any")) {
+ $input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
+ }
+
+ if (empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user"))) {
+ $input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth.");
+ }
+
+ if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) {
+ $input_errors[] = $result;
+ }
+
+ if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) {
+ $input_errors[] = $result;
+ }
+
+ if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) {
+ $input_errors[] = $result;
+ }
+
+ if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) {
+ $input_errors[] = $result;
+ }
+
+ if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) {
+ $input_errors[] = $result;
+ }
+
+ if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4")) {
+ $input_errors[] = $result;
+ }
+
+ if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6")) {
+ $input_errors[] = $result;
+ }
+
+ $portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid);
+ if (($portused != $vpnid) && ($portused != 0)) {
+ $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
+ }
+
+ if (!$tls_mode && empty($pconfig['autokey_enable'])) {
+ if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
+ !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) {
+ $input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
+ }
+ }
+
+ if ($tls_mode && !empty($pconfig['tlsauth_enable']) && empty($pconfig['autotls_enable'])) {
+ if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
+ !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) {
+ $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
+ }
+ }
+
+ if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) {
+ $input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
+ }
+ if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) {
+ $input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
+ }
+ if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) {
+ $input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
+ }
+ if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) {
+ $input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
+ }
+
+ if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) {
+ $input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
+ }
+ if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) {
+ $input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
+ }
+ if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) {
+ $input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address");
+ }
+ if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) {
+ $input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address");
+ }
+
+ if (!empty($pconfig['wins_server_enable'])) {
+ if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) {
+ $input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
+ }
+ if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) {
+ $input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
+ }
+ }
+ if (!empty($pconfig['nbdd_server_enable'])) {
+ if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) {
+ $input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
+ }
+ }
+
+ if (!empty($pconfig['client_mgmt_port_enable'])) {
+ if ($result = openvpn_validate_port($pconfig['client_mgmt_port'], 'Client management port')) {
+ $input_errors[] = $result;
+ }
+ }
+
+ if (!empty($pconfig['maxclients']) && !is_numeric($pconfig['maxclients'])) {
+ $input_errors[] = gettext("The field 'Concurrent connections' must be numeric.");
+ }
+
+ /* If we are not in shared key mode, then we need the CA/Cert. */
+ if (isset($pconfig['mode']) && $pconfig['mode'] != "p2p_shared_key") {
+ $reqdfields = explode(" ", "caref certref");
+ $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
+ } elseif (empty($pconfig['autokey_enable'])) {
+ /* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
+ $reqdfields = array('shared_key');
+ $reqdfieldsn = array(gettext('Shared key'));
+ }
+
+ if ($pconfig['dev_mode'] != "tap") {
+ $reqdfields[] = 'tunnel_network';
+ $reqdfieldsn[] = gettext('Tunnel network');
+ } else {
+ if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network']) {
+ $input_errors[] = gettext("Using a tunnel network and server bridge settings together is not allowed.");
+ }
+ if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end'])
+ || (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end'])) {
+ $input_errors[] = gettext("Server Bridge DHCP Start and End must both be empty, or defined.");
+ }
+ if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_start']))) {
+ $input_errors[] = gettext("Server Bridge DHCP Start must be an IPv4 address.");
+ }
+ if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_end']))) {
+ $input_errors[] = gettext("Server Bridge DHCP End must be an IPv4 address.");
+ }
+ if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end'])) {
+ $input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end).");
+ }
+ }
+ do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
+
+ if (count($input_errors) == 0) {
+ // validation correct, save data
+ $server = array();
+
+ // delete(rename) old interface so a new TUN or TAP interface can be created.
+ if (isset($id) && $pconfig['dev_mode'] <> $a_server[$id]['dev_mode']) {
+ openvpn_delete('server', $a_server[$id]);
+ }
+ // 1 on 1 copy of config attributes
+ $copy_fields = "mode,protocol,dev_mode,local_port,description,crypto,digest,engine
+ ,tunnel_network,tunnel_networkv6,remote_network,remote_networkv6
+ ,gwredir,local_network,local_networkv6,maxclients,compression
+ ,passtos,client2client,dynamic_ip,pool_enable,topology_subnet
+ ,serverbridge_dhcp,serverbridge_interface,serverbridge_dhcp_start
+ ,serverbridge_dhcp_end,dns_domain,dns_server1,dns_server2,dns_server3
+ ,dns_server4,push_register_dns,ntp_server1,ntp_server2,netbios_enable
+ ,netbios_ntype,netbios_scope,no_tun_ipv6,verbosity_level,wins_server1
+ ,wins_server2,nbdd_server1,client_mgmt_port";
+
+ foreach (explode(",",$copy_fields) as $fieldname) {
+ $fieldname = trim($fieldname);
+ if(isset($pconfig[$fieldname])) {
+ $server[$fieldname] = $pconfig[$fieldname];
+ }
+ }
+
+ // attributes containing some kind of logic
+ if ($vpnid != 0) {
+ $server['vpnid'] = $vpnid;
+ } else {
+ $server['vpnid'] = openvpn_vpnid_next();
+ }
+
+ if ($pconfig['disable'] == "yes") {
+ $server['disable'] = true;
+ }
+ if (!empty($pconfig['authmode'])) {
+ $server['authmode'] = implode(",", $pconfig['authmode']);
+ }
+ if (strpos($pconfig['interface'], "|") !== false) {
+ list($server['interface'], $server['ipaddr']) = explode("|", $pconfig['interface']);
+ }
+
+ $server['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
+
+ if ($tls_mode) {
+ if ($pconfig['tlsauth_enable']) {
+ if (!empty($pconfig['autotls_enable'])) {
+ $pconfig['tls'] = openvpn_create_key();
+ }
+ $server['tls'] = base64_encode($pconfig['tls']);
+ }
+ foreach (array("caref","crlref",
+ "certref","dh_length","cert_depth") as $cpKey) {
+ if (isset($pconfig[$cpKey])) {
+ $server[$cpKey] = $pconfig[$cpKey];
+ }
+ }
+ if (isset($pconfig['mode']) && $pconfig['mode'] == "server_tls_user" && isset($server['strictusercn'])) {
+ $server['strictusercn'] = $pconfig['strictusercn'];
+ }
+ } else {
+ $server['shared_key'] = base64_encode($pconfig['shared_key']);
+ }
+
+ if (isset($_POST['duplicate_cn']) && $_POST['duplicate_cn'] == "yes") {
+ $server['duplicate_cn'] = true;
+ }
+
+ // update or add to config
+ if (isset($id) && $a_server[$id]) {
+ $a_server[$id] = $server;
+ } else {
+ $a_server[] = $server;
+ }
+
+ openvpn_resync('server', $server);
+ write_config();
+
+ header("Location: vpn_openvpn_server.php");
+ exit;
+ } elseif (!empty($pconfig['authmode'])) {
+ $pconfig['authmode'] = implode(",", $pconfig['authmode']);
+ }
+ }
}
$pgtitle = array(gettext("OpenVPN"), gettext("Server"));
$shortcut_section = "openvpn";
@@ -560,13 +411,52 @@ $main_buttons = array(
array('href'=>'vpn_openvpn_server.php?act=new', 'label'=>gettext("add server")),
);
-
+legacy_html_escape_form_data($pconfig);
?>
-