vpn_openvpn_export.php 39.5 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
<?php
/*
	vpn_openvpn_export.php

	Copyright (C) 2008 Shrew Soft Inc.
	Copyright (C) 2010 Ermal Luçi
	All rights reserved.

	Redistribution and use in source and binary forms, with or without
	modification, are permitted provided that the following conditions are met:

	1. Redistributions of source code must retain the above copyright notice,
	   this list of conditions and the following disclaimer.

	2. Redistributions in binary form must reproduce the above copyright
	   notice, this list of conditions and the following disclaimer in the
	   documentation and/or other materials provided with the distribution.

	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	POSSIBILITY OF SUCH DAMAGE.

	DISABLE_PHP_LINT_CHECKING
*/
32
require_once("guiconfig.inc");
33 34 35
require_once("openvpn.inc");
require_once("filter.inc");
require_once("pfsense-utils.inc");
36
require_once("interfaces.inc");
37
require_once("openvpn-client-export.inc");
38 39 40 41 42 43

global $current_openvpn_version, $current_openvpn_version_rev;

$pgtitle = array("OpenVPN", "Client Export Utility");

$ras_server = array();
44 45 46 47 48
if (isset($config['openvpn']['openvpn-server'])) {
    // collect info
    foreach ($config['openvpn']['openvpn-server'] as $sindex => $server) {
        if (isset($server['disable'])) {
            continue;
49
        }
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
        $ras_user = array();
        $ras_certs = array();
        if (stripos($server['mode'], "server") === false) {
            continue;
        }
        if (($server['mode'] == "server_tls_user") && ($server['authmode'] == "Local Database")) {
            if (isset($config['system']['user'])) {
                foreach ($config['system']['user'] as $uindex => $user) {
                    if (!isset($user['cert'])) {
                        continue;
                    }
                    foreach ($user['cert'] as $cindex => $cert) {
                        // If $cert is not an array, it's a certref not a cert.
                        if (!is_array($cert)) {
                            $cert = lookup_cert($cert);
                        }

                        if ($cert['caref'] != $server['caref']) {
                            continue;
                        }
                        $ras_userent = array();
                        $ras_userent['uindex'] = $uindex;
                        $ras_userent['cindex'] = $cindex;
                        $ras_userent['name'] = $user['name'];
                        $ras_userent['certname'] = $cert['descr'];
                        $ras_user[] = $ras_userent;
                    }
77 78
                }
            }
79 80
        } elseif (($server['mode'] == "server_tls") || (($server['mode'] == "server_tls_user") && ($server['authmode'] != "Local Database"))) {
            if (isset($config['cert'])) {
81 82 83 84 85 86 87 88 89
                foreach ($config['cert'] as $cindex => $cert) {
                    if (($cert['caref'] != $server['caref']) || ($cert['refid'] == $server['certref'])) {
                        continue;
                    }
                    $ras_cert_entry['cindex'] = $cindex;
                    $ras_cert_entry['certname'] = $cert['descr'];
                    $ras_cert_entry['certref'] = $cert['refid'];
                    $ras_certs[] = $ras_cert_entry;
                }
90 91
            }
        }
92

93 94 95 96 97 98 99 100 101 102 103 104 105 106
        $ras_serverent = array();
        $prot = $server['protocol'];
        $port = $server['local_port'];
        if ($server['description']) {
            $name = "{$server['description']} {$prot}:{$port}";
        } else {
            $name = "Server {$prot}:{$port}";
        }
        $ras_serverent['index'] = $sindex;
        $ras_serverent['name'] = $name;
        $ras_serverent['users'] = $ras_user;
        $ras_serverent['certs'] = $ras_certs;
        $ras_serverent['mode'] = $server['mode'];
        $ras_server[] = $ras_serverent;
107 108
    }

109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124
    // handle request export..
    if (!empty($_GET['act'])) {
        $input_errors = array();
        $exp_path = false;
        $act = $_GET['act'];
        $srvid = isset($_GET['srvid']) ? $_GET['srvid'] : false;
        $usrid = isset($_GET['usrid']) ? $_GET['usrid'] : false;
        $crtid = isset($_GET['crtid']) ? $_GET['crtid'] : false;
        if ($srvid === false) {
            redirectHeader("vpn_openvpn_export.php");
            exit;
        } elseif (($config['openvpn']['openvpn-server'][$srvid]['mode'] != "server_user") &&
                 (($usrid === false) || ($crtid === false))) {
            redirectHeader("vpn_openvpn_export.php");
            exit;
        }
125

126 127 128 129 130
        if ($config['openvpn']['openvpn-server'][$srvid]['mode'] == "server_user") {
            $nokeys = true;
        } else {
            $nokeys = false;
        }
131

132 133 134 135
        $useaddr = '';
        if (isset($_GET['useaddr']) && !empty($_GET['useaddr'])) {
            $useaddr = trim($_GET['useaddr']);
        }
136

137 138 139 140
        if (!(is_ipaddr($useaddr) || is_hostname($useaddr) ||
            in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname")))) {
            $input_errors[] = "You need to specify an IP or hostname.";
        }
141

142 143
        $advancedoptions = isset($_GET['advancedoptions']) ? $_GET['advancedoptions'] : null;
        $openvpnmanager = isset($_GET['openvpnmanager']) ? $_GET['openvpnmanager'] : null;
144

145 146 147 148 149
        $verifyservercn = isset($_GET['verifyservercn']) ? $_GET['verifyservercn'] : null;
        $randomlocalport = isset($_GET['randomlocalport']) ? $_GET['randomlocalport'] : null;
        $usetoken = $_GET['usetoken'];
        if ($usetoken && (substr($act, 0, 10) == "confinline")) {
            $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration.";
150
        }
151 152 153 154 155 156
        if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_yealink_t38g2") || ($act == "conf_snom"))) {
            $input_errors[] = "You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration.";
        }
        $password = "";
        if (!empty($_GET['password'])) {
            $password = $_GET['password'];
157
        }
158 159 160 161 162 163

        $proxy = "";
        if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) {
            $proxy = array();
            if (empty($_GET['proxy_addr'])) {
                $input_errors[] = "You need to specify an address for the proxy port.";
164
            } else {
165
                $proxy['ip'] = $_GET['proxy_addr'];
166
            }
167 168
            if (empty($_GET['proxy_port'])) {
                $input_errors[] = "You need to specify a port for the proxy ip.";
169
            } else {
170 171 172 173 174 175 176
                $proxy['port'] = $_GET['proxy_port'];
            }
            if (isset($_GET['proxy_type'])) {
                $proxy['proxy_type'] = $_GET['proxy_type'];
            }
            if (isset($_GET['proxy_authtype'])) {
                $proxy['proxy_authtype'] = $_GET['proxy_authtype'];
177 178 179 180 181 182 183 184 185 186 187 188
                if ($_GET['proxy_authtype'] != "none") {
                    if (empty($_GET['proxy_user'])) {
                        $input_errors[] = "You need to specify a username with the proxy config.";
                    } else {
                        $proxy['user'] = $_GET['proxy_user'];
                    }
                    if (!empty($_GET['proxy_user']) && empty($_GET['proxy_password'])) {
                        $input_errors[] = "You need to specify a password with the proxy user.";
                    } else {
                        $proxy['password'] = $_GET['proxy_password'];
                    }
                }
189 190 191
            }
        }

192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232
        $exp_name = openvpn_client_export_prefix($srvid, $usrid, $crtid);

        if (substr($act, 0, 4) == "conf") {
            switch ($act) {
                case "confzip":
                    $exp_name = urlencode($exp_name."-config.zip");
                    $expformat = "zip";
                    break;
                case "conf_yealink_t28":
                    $exp_name = urlencode("client.tar");
                    $expformat = "yealink_t28";
                    break;
                case "conf_yealink_t38g":
                    $exp_name = urlencode("client.tar");
                    $expformat = "yealink_t38g";
                    break;
                case "conf_yealink_t38g2":
                    $exp_name = urlencode("client.tar");
                    $expformat = "yealink_t38g2";
                    break;
                case "conf_snom":
                    $exp_name = urlencode("vpnclient.tar");
                    $expformat = "snom";
                    break;
                case "confinline":
                    $exp_name = urlencode($exp_name."-config.ovpn");
                    $expformat = "inline";
                    break;
                case "confinlinedroid":
                    $exp_name = urlencode($exp_name."-android-config.ovpn");
                    $expformat = "inlinedroid";
                    break;
                case "confinlineios":
                    $exp_name = urlencode($exp_name."-ios-config.ovpn");
                    $expformat = "inlineios";
                    break;
                default:
                    $exp_name = urlencode($exp_name."-config.ovpn");
                    $expformat = "baseconf";
            }
            $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions);
233 234
        }

235 236 237 238
        if ($act == "visc") {
            $exp_name = urlencode($exp_name."-Viscosity.visc.zip");
            $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions);
        }
239

240 241 242 243
        if (substr($act, 0, 4) == "inst") {
            $exp_name = urlencode($exp_name."-install.exe");
            $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5));
        }
244

245 246
        if (!$exp_path) {
            $input_errors[] = "Failed to export config files!";
247
        }
248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266

        if (count($input_errors) == 0) {
            if (($act == "conf") || (substr($act, 0, 10) == "confinline")) {
                $exp_size = strlen($exp_path);
            } else {
                $exp_size = filesize($exp_path);
            }
            header('Pragma: ');
            header('Cache-Control: ');
            header("Content-Type: application/octet-stream");
            header("Content-Disposition: attachment; filename={$exp_name}");
            header("Content-Length: $exp_size");
            if (($act == "conf") || (substr($act, 0, 10) == "confinline")) {
                echo $exp_path;
            } else {
                readfile($exp_path);
                @unlink($exp_path);
            }
            exit;
267 268
        }
    }
269 270
}

271 272 273 274




275 276 277 278 279 280 281 282 283 284 285
include("head.inc");

?>

<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<script type="text/javascript">
//<![CDATA[
var viscosityAvailable = false;

var servers = new Array();
286 287
<?php foreach ($ras_server as $sindex => $server) :
?>
288
servers[<?=$sindex;?>] = new Array();
289 290
servers[<?=$sindex;
?>][0] = '<?=$server['index'];?>';
291
servers[<?=$sindex;?>][1] = new Array();
292 293
servers[<?=$sindex;
?>][2] = '<?=$server['mode'];?>';
294
servers[<?=$sindex;?>][3] = new Array();
295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327
<?php	  foreach ($server['users'] as $uindex => $user) :
?>
servers[<?=$sindex;
?>][1][<?=$uindex;?>] = new Array();
servers[<?=$sindex;
?>][1][<?=$uindex;
?>][0] = '<?=$user['uindex'];?>';
servers[<?=$sindex;
?>][1][<?=$uindex;
?>][1] = '<?=$user['cindex'];?>';
servers[<?=$sindex;
?>][1][<?=$uindex;
?>][2] = '<?=$user['name'];?>';
servers[<?=$sindex;
?>][1][<?=$uindex;
?>][3] = '<?=str_replace("'", "\\'", $user['certname']);?>';
<?
endforeach; ?>
<?php	  $c=0;
foreach ($server['certs'] as $cert) :
?>
servers[<?=$sindex;
?>][3][<?=$c;?>] = new Array();
servers[<?=$sindex;
?>][3][<?=$c;
?>][0] = '<?=$cert['cindex'];?>';
servers[<?=$sindex;
?>][3][<?=$c;
?>][1] = '<?=str_replace("'", "\\'", $cert['certname']);?>';
<?      $c++;
endforeach; ?>
<?
endforeach; ?>
328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466

function download_begin(act, i, j) {

	var index = document.getElementById("server").selectedIndex;
	var users = servers[index][1];
	var certs = servers[index][3];
	var useaddr;

	var advancedoptions;

	if (document.getElementById("useaddr").value == "other") {
		if (document.getElementById("useaddr_hostname").value == "") {
			alert("Please specify an IP address or hostname.");
			return;
		}
		useaddr = document.getElementById("useaddr_hostname").value;
	} else
		useaddr = document.getElementById("useaddr").value;

	advancedoptions = document.getElementById("advancedoptions").value;

	var verifyservercn;
	verifyservercn = document.getElementById("verifyservercn").value;

	var randomlocalport = 0;
	if (document.getElementById("randomlocalport").checked)
		randomlocalport = 1;
	var usetoken = 0;
	if (document.getElementById("usetoken").checked)
		usetoken = 1;
	var usepass = 0;
	if (document.getElementById("usepass").checked)
		usepass = 1;
	var openvpnmanager = 0;
	if (document.getElementById("openvpnmanager").checked)
		openvpnmanager = 1;

	var pass = document.getElementById("pass").value;
	var conf = document.getElementById("conf").value;
	if (usepass && (act.substring(0,4) == "inst")) {
		if (!pass || !conf) {
			alert("The password or confirm field is empty");
			return;
		}
		if (pass != conf) {
			alert("The password and confirm fields must match");
			return;
		}
	}

	var useproxy = 0;
	var useproxypass = 0;
	if (document.getElementById("useproxy").checked)
		useproxy = 1;

	var proxyaddr = document.getElementById("proxyaddr").value;
	var proxyport = document.getElementById("proxyport").value;
	if (useproxy) {
		if (!proxyaddr || !proxyport) {
			alert("The proxy ip and port cannot be empty");
			return;
		}

		if (document.getElementById("useproxypass").value != 'none')
			useproxypass = 1;

		var proxytype = document.getElementById("useproxytype").value;

		var proxyauth = document.getElementById("useproxypass").value;
		var proxyuser = document.getElementById("proxyuser").value;
		var proxypass = document.getElementById("proxypass").value;
		var proxyconf = document.getElementById("proxyconf").value;
		if (useproxypass) {
			if (!proxyuser) {
				alert("Please fill the proxy username and password.");
				return;
			}
			if (!proxypass || !proxyconf) {
				alert("The proxy password or confirm field is empty");
				return;
			}
			if (proxypass != proxyconf) {
				alert("The proxy password and confirm fields must match");
				return;
			}
		}
	}

	var dlurl;
	dlurl  = "/vpn_openvpn_export.php?act=" + act;
	dlurl += "&srvid=" + escape(servers[index][0]);
	if (users[i]) {
		dlurl += "&usrid=" + escape(users[i][0]);
		dlurl += "&crtid=" + escape(users[i][1]);
	}
	if (certs[j]) {
		dlurl += "&usrid=";
		dlurl += "&crtid=" + escape(certs[j][0]);
	}
	dlurl += "&useaddr=" + escape(useaddr);
	dlurl += "&verifyservercn=" + escape(verifyservercn);
	dlurl += "&randomlocalport=" + escape(randomlocalport);
	dlurl += "&openvpnmanager=" + escape(openvpnmanager);
	dlurl += "&usetoken=" + escape(usetoken);
	if (usepass)
		dlurl += "&password=" + escape(pass);
	if (useproxy) {
		dlurl += "&proxy_type=" + escape(proxytype);
		dlurl += "&proxy_addr=" + escape(proxyaddr);
		dlurl += "&proxy_port=" + escape(proxyport);
		dlurl += "&proxy_authtype=" + escape(proxyauth);
		if (useproxypass) {
			dlurl += "&proxy_user=" + escape(proxyuser);
			dlurl += "&proxy_password=" + escape(proxypass);
		}
	}

	dlurl += "&advancedoptions=" + escape(advancedoptions);

	window.open(dlurl,"_self");
}

function server_changed() {

	var table = document.getElementById("users");
	while (table.rows.length > 1 )
		table.deleteRow(1);

	var index = document.getElementById("server").selectedIndex;
	var users = servers[index][1];
	var certs = servers[index][3];
	for (i=0; i < users.length; i++) {
		var row = table.insertRow(table.rows.length);
		var cell0 = row.insertCell(0);
		var cell1 = row.insertCell(1);
		var cell2 = row.insertCell(2);
		cell0.innerHTML = users[i][2];
		cell1.innerHTML = users[i][3];
		cell2.innerHTML = "- Standard Configurations:<br\/>";
467 468 469
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confzip\"," + i + ", -1)'>Archive</button>";
    cell2.innerHTML += "&nbsp;&nbsp;";
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf\"," + i + ", -1)'>Config Only</button>";
470
		cell2.innerHTML += "<br\/>- Inline Configurations:<br\/>";
471
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinlinedroid\"," + i + ", -1)'>Android</button>";
472
		cell2.innerHTML += "&nbsp;&nbsp; ";
473
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinlineios\"," + i + ", -1)'>OpenVPN Connect (iOS/Android)</button>";
474
		cell2.innerHTML += "&nbsp;&nbsp; ";
475
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinline\"," + i + ", -1)'>Others</button>";
476
		cell2.innerHTML += "<br\/>- Windows Installers (<?php echo $current_openvpn_version . '-Ix' . $current_openvpn_version_rev;?>):<br\/>";
477
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x86-xp\"," + i + ", -1)'>x86-xp</button>";
478
		cell2.innerHTML += "&nbsp;&nbsp; ";
479
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x64-xp\"," + i + ", -1)'>x64-xp</button>";
480
		cell2.innerHTML += "&nbsp;&nbsp; ";
481
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x86-win6\"," + i + ", -1)'>x86-win6</button>";
482
		cell2.innerHTML += "&nbsp;&nbsp; ";
483
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x64-win6\"," + i + ", -1)'>x64-win6</button>";
484
		cell2.innerHTML += "<br\/>- Mac OSX:<br\/>";
485
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"visc\"," + i + ", -1)'>Viscosity Bundle</button>";
486 487 488 489 490 491 492 493 494 495 496 497 498 499
	}
	for (j=0; j < certs.length; j++) {
		var row = table.insertRow(table.rows.length);
		var cell0 = row.insertCell(0);
		var cell1 = row.insertCell(1);
		var cell2 = row.insertCell(2);
		if (servers[index][2] == "server_tls") {
			cell0.innerHTML = "Certificate (SSL/TLS, no Auth)";
		} else {
			cell0.innerHTML = "Certificate with External Auth";
		}
		cell1.innerHTML = certs[j][1];
		cell2.innerHTML = "- Standard Configurations:<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
500
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confzip\",-1," + j + ")'>Archive</button>";
501
		cell2.innerHTML += "&nbsp;&nbsp; ";
502
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf\",-1," + j + ")'>File Only</button>";
503 504
		cell2.innerHTML += "<br\/>- Inline Configurations:<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
505
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinlinedroid\",-1," + j + ")'>Android</button>";
506
		cell2.innerHTML += "&nbsp;&nbsp; ";
507
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinlineios\",-1," + j + ")'>OpenVPN Connect (iOS/Android)</button>";
508
		cell2.innerHTML += "&nbsp;&nbsp; ";
509
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinline\",-1," + j + ")'>Others</button>";
510 511
		cell2.innerHTML += "<br\/>- Windows Installers (<?php echo $current_openvpn_version . '-Ix' . $current_openvpn_version_rev;?>):<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
512
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x86-xp\",-1," + j + ")'>x86-xp</button>";
513
		cell2.innerHTML += "&nbsp;&nbsp; ";
514
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x64-xp\",-1," + j + ")'>x64-xp</button>";
515
		cell2.innerHTML += "&nbsp;&nbsp; ";
516
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x86-win6\",-1," + j + ")'>x86-win6</button>";
517
		cell2.innerHTML += "&nbsp;&nbsp; ";
518
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x64-win6\",-1," + j + ")'>x64-win6</button>";
519 520
		cell2.innerHTML += "<br\/>- Mac OSX:<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
521
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"visc\",-1," + j + ")'>Viscosity Bundle</button>";
522 523 524
		if (servers[index][2] == "server_tls") {
			cell2.innerHTML += "<br\/>- Yealink SIP Handsets: <br\/>";
			cell2.innerHTML += "&nbsp;&nbsp; ";
525
      cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf_yealink_t28\",-1," + j + ")'>T28</button>";
526
			cell2.innerHTML += "&nbsp;&nbsp; ";
527
      cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf_yealink_t38g\",-1," + j + ")'>T38G (1)</button>";
528
			cell2.innerHTML += "&nbsp;&nbsp; ";
529
      cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf_yealink_t38g\",-1," + j + ")'>T38G (1)</button>";
530
			cell2.innerHTML += "<br\/>";
531
      cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf_snom\",-1," + j + ")'>SNOM SIP Handset</button>";
532 533 534 535 536 537 538 539 540 541 542
		}
	}
	if (servers[index][2] == 'server_user') {
		var row = table.insertRow(table.rows.length);
		var cell0 = row.insertCell(0);
		var cell1 = row.insertCell(1);
		var cell2 = row.insertCell(2);
		cell0.innerHTML = "Authentication Only (No Cert)";
		cell1.innerHTML = "none";
		cell2.innerHTML = "- Standard Configurations:<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
543
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confzip\"," + i + ")'>Archive</button>";
544 545
		cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\"," + i + ")'>Archive<\/a>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
546
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf\"," + i + ")'>File Only</button>";
547 548 549
		cell2.innerHTML += "<a href='javascript:download_begin(\"conf\"," + i + ")'>File Only<\/a>";
		cell2.innerHTML += "<br\/>- Inline Configurations:<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
550
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinlinedroid\"," + i + ")'>Android</button>";
551 552
		cell2.innerHTML += "<a href='javascript:download_begin(\"confinlinedroid\"," + i + ")'>Android<\a>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
553
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinlineios\"," + i + ")'>OpenVPN Connect (iOS/Android)</button>";
554 555
		cell2.innerHTML += "<a href='javascript:download_begin(\"confinlineios\"," + i + ")'>OpenVPN Connect (iOS/Android)<\/a>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
556
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinline\"," + i + ")'>Others</button>";
557 558 559
		cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ")'>Others<\/a>";
		cell2.innerHTML += "<br\/>- Windows Installers (<?php echo $current_openvpn_version . '-Ix' . $current_openvpn_version_rev;?>):<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
560
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x86-xp\"," + i + ")'>x86-xp</button>";
561
		cell2.innerHTML += "&nbsp;&nbsp; ";
562
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x64-xp\"," + i + ")'>x64-xp</button>";
563
		cell2.innerHTML += "&nbsp;&nbsp; ";
564
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x86-win6\"," + i + ")'>x86-win6</button>";
565
		cell2.innerHTML += "&nbsp;&nbsp; ";
566
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x64-win6\"," + i + ")'>x64-win6</button>";
567 568
		cell2.innerHTML += "<br\/>- Mac OSX:<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
569
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"visc\"," + i + ")'>Viscosity Bundle</button>";
570 571 572 573 574 575
	}
}

function useaddr_changed(obj) {

	if (obj.value == "other")
576
		$('#HostName').show();
577
	else
578
		$('#HostName').hide();
579 580 581 582 583 584 585 586 587 588 589 590 591

}

function usepass_changed() {

	if (document.getElementById("usepass").checked)
		document.getElementById("usepass_opts").style.display = "";
	else
		document.getElementById("usepass_opts").style.display = "none";
}

function useproxy_changed(obj) {

592 593 594 595 596 597 598 599 600 601 602
  if ($('#useproxy').prop( "checked" ) ){
      $('#useproxy_opts').show();
  } else {
      $('#useproxy_opts').hide();
  }

  if ($( "#useproxypass option:selected" ).text() != 'none') {
      $('#useproxypass_opts').show();
  } else {
      $('#useproxypass_opts').hide();
  }
603 604 605 606
}
//]]>
</script>
<?php
607
if (isset($input_errors) && count($input_errors) > 0) {
608 609
    print_input_errors($input_errors);
}
610
if (isset($savemsg)) {
611 612
    print_info_box($savemsg);
}
613
?>
614 615 616 617 618 619 620 621 622 623 624 625
<section class="page-content-main">
  <div class="container-fluid">
    <div class="row">
      <section class="col-xs-12">
        <?php
                  $tab_array = array();
                  $tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php");
                  $tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php");
                  $tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php");
                  $tab_array[] = array(gettext("Client Export"), true, "vpn_openvpn_export.php");
                  $tab_array[] = array(gettext("Shared Key Export"), false, "vpn_openvpn_export_shared.php");
                  display_top_tabs($tab_array);
626
                ?>
627 628 629
        <div class="tab-content content-box col-xs-12">
          <div class="table-responsive">
            <table width="100%" border="0" class="table table-striped" cellpadding="0" cellspacing="0">
630 631 632 633
              <tr>
                <td width="22%"></td>
                <td width="78%" align="right">
                  <small><?=gettext("full help"); ?> </small>
634
                  <i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page" type="button"></i></a>
635 636
                </td>
              </tr>
637 638 639 640 641
					<tr>
						<td valign="top"><i class="fa fa-info-circle text-muted"></i> <?=gettext("Remote Access Server");?></td>
						<td>
							<select name="server" id="server" class="formselect" onchange="server_changed()">
								<?php foreach ($ras_server as & $server) :
642
    ?>
643 644
								<option value="<?=$server['index'];
?>"><?=htmlspecialchars($server['name']);?></option>
645
								<?php
646
endforeach; ?>
647 648 649 650 651 652
							</select>
						</td>
					</tr>
					<tr>
						<td valign="top"><i class="fa fa-info-circle text-muted"></i> <?=gettext("Host Name Resolution");?></td>
						<td >
653 654 655
                  <select name="useaddr" id="useaddr" class="formselect" onchange="useaddr_changed(this)">
                    <option value="serveraddr" ><?=gettext("Interface IP Address");?></option>
                    <option value="servermagic" ><?=gettext("Automagic Multi-WAN IPs (port forward targets)");?></option>
656
                    <option value="servermagichost" ><?=gettext("Automagic Multi-WAN dynamic DNS Hostnames (port forward targets)");?></option>
657 658
                    <option value="serverhostname" ><?=gettext("Installation hostname");?></option>
                    <?php if (isset($config['dyndnses']['dyndns'])) :
659
?>
660
                        <?php foreach ($config['dyndnses']['dyndns'] as $ddns) :
661
?>
662
                        <option value="<?php echo $ddns["host"] ?>"><?=gettext("Dynamic DNS");
663 664
?>: <?= htmlspecialchars($ddns["host"]); ?></option>
                        <?php
665
endforeach; ?>
666
                    <?php
667
endif; ?>
668
                    <?php if (isset($config['dnsupdates']['dnsupdate'])) :
669
?>
670
                        <?php foreach ($config['dnsupdates']['dnsupdate'] as $ddns) :
671
?>
672
                        <option value="<?php echo $ddns["host"] ?>"><?=gettext("Dynamic DNS");
673 674
?>: <?= htmlspecialchars($ddns["host"]); ?></option>
                        <?php
675
endforeach; ?>
676
                    <?php
677
endif; ?>
678 679 680 681
                    <option value="other"><?=gettext("Other");?></option>
                  </select>
                  <div id="HostName" style="display:none;" >
                    <div>
682
                        <?=gettext("Enter the hostname or IP address the client will use to connect to this server.");?>
683 684 685
                    </div>
                    <input name="useaddr_hostname" type="text" id="useaddr_hostname" size="40" />
                  </div>
686 687 688 689 690
						</td>
					</tr>
					<tr>
						<td valign="top"><a id="help_for_verify_server_cn" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Verify Server CN");?></td>
						<td >
691 692 693 694 695 696 697 698 699 700 701
                  <select name="verifyservercn" id="verifyservercn" class="formselect">
                    <option value="auto"><?=gettext("Automatic - Use verify-x509-name (OpenVPN 2.3+) where possible");?></option>
                    <option value="tls-remote"><?=gettext("Use tls-remote (Deprecated, use only on old clients &lt;= OpenVPN 2.2.x");?>)</option>
                    <option value="tls-remote-quote"><?=gettext("Use tls-remote and quote the server CN");?></option>
                    <option value="none"><?=gettext("Do not verify the server CN");?></option>
                  </select>
                  <div class="hidden" for="help_for_verify_server_cn">
                    <?=gettext("Optionally verify the server certificate Common Name (CN) when the client connects. Current clients, including the most recent versions of Windows, Viscosity, Tunnelblick, OpenVPN on iOS and Android and so on should all work at the default automatic setting.");?><br/><br/>
                    <?=gettext("Only use tls-remote if you must use an older client that you cannot control. The option has been deprecated by OpenVPN and will be removed in the next major version.");?><br/><br/>
                    <?=gettext("With tls-remote the server CN may optionally be enclosed in quotes. This can help if the server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed.");?>
                  </div>
702 703 704 705 706
						</td>
					</tr>
					<tr>
						<td valign="top"><a id="help_for_random_local_port" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Use Random Local Port");?></td>
						<td >
707 708 709 710 711 712
                  <input name="randomlocalport" id="randomlocalport" type="checkbox" value="yes" checked="CHECKED" />
                  <div class="hidden" for="help_for_random_local_port">
                    <?=gettext("Use a random local source port (lport) for traffic from the client. Without this set, two clients may not run concurrently.");?>
                    <br/>
                    <?=gettext("NOTE: Not supported on older clients. Automatically disabled for Yealink and Snom configurations."); ?>
                  </div>
713 714 715 716
					</tr>
					<tr>
						<td valign="top"><i class="fa fa-info-circle text-muted"></i> <?=gettext("Certificate Export Options");?></td>
						<td >
717 718 719 720 721 722 723 724 725 726 727 728 729 730
                  <div>
                    <input name="usetoken" id="usetoken" type="checkbox" value="yes" />
                    <?=gettext("Use Microsoft Certificate Storage instead of local files.");?>
                  </div>
                  <div>
                    <input name="usepass" id="usepass" type="checkbox" value="yes" onclick="usepass_changed()" />
                    <?=gettext("Use a password to protect the pkcs12 file contents or key in Viscosity bundle.");?>
                  </div>
                  <div id="usepass_opts" style="display:none">
                    <?=gettext("Password");?> :
                    <input name="pass" id="pass" type="password" class="formfld pwd" size="20" value="" />
                    <?=gettext("Confirm");?> :
                    <input name="conf" id="conf" type="password" class="formfld pwd" size="20" value="" />
                  </div>
731 732 733 734 735
						</td>
					</tr>
					<tr>
						<td valign="top"><a id="help_for_http_proxy" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Use Proxy");?></td>
						<td >
736 737 738 739 740 741 742 743 744 745 746 747 748 749 750
                  <input name="useproxy" id="useproxy" type="checkbox" value="yes" onclick="useproxy_changed(this)" />
                  <div class="hidden" for="help_for_http_proxy">
                    <?=gettext("Use proxy to communicate with the server.");?>
                  </div>
                  <div id="useproxy_opts" style="display:none" >
                    <?=gettext("Type");?>
                    <select name="useproxytype" id="useproxytype" class="formselect">
                      <option value="http"><?=gettext("HTTP");?></option>
                      <option value="socks"><?=gettext("Socks");?></option>
                    </select>
                    <?=gettext("IP Address");?>
                    <input name="proxyaddr" id="proxyaddr" type="text" class="formfld unknown" size="30" value="" />
                    <?=gettext("Port");?> :
                    <input name="proxyport" id="proxyport" type="text" class="formfld unknown" size="5" value="" />
                    <div>
751
                        <?=gettext("Choose proxy authentication if any.");?>
752 753 754 755 756 757 758 759
                      <select name="useproxypass" id="useproxypass" class="formselect" onchange="useproxy_changed(this)">
                        <option value="none"><?=gettext("none");?></option>
                        <option value="basic"><?=gettext("basic");?></option>
                        <option value="ntlm"><?=gettext("ntlm");?></option>
                      </select>
                      <div id="useproxypass_opts" style="display:none">
                        <?=gettext("Username");?> :
                        <input name="proxyuser" id="proxyuser" type="text" class="formfld unknown" size="20" value="" />
760
                            <?=gettext("Password");?> :
761
                        <input name="proxypass" id="proxypass" type="password" class="formfld pwd" size="20" value="" />
762
                            <?=gettext("Confirm");?> :
763 764 765 766
                        <input name="proxyconf" id="proxyconf" type="password" class="formfld pwd" size="20" value="" />
                      </div>
                    </div>
                  </div>
767 768 769 770 771
						</td>
					</tr>
					<tr>
						<td valign="top"><a id="help_for_openvpnmanager" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Management Interface OpenVPNManager");?></td>
						<td >
772 773 774 775 776 777 778 779
                  <input name="openvpnmanager" id="openvpnmanager" type="checkbox" value="yes" />
                  <div class="hidden" for="help_for_openvpnmanager">
                    <?=gettext('This will change the generated .ovpn configuration to allow for usage of the management interface.'.
                    'And include the OpenVPNManager program in the "Windows Installers". With this OpenVPN can be used also by non-administrator users.'.
                    'This is also useful for Windows Vista/7/8 systems where elevated permissions are needed to add routes to the system.');?>
                    <br/>
                    <?=gettext("NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.");?>
                  </div>
780 781 782 783 784 785 786 787
						</td>
					</tr>
					<tr>
						<td colspan="2" class="list" height="12">&nbsp;</td>
					</tr>
					<tr>
						<td valign="top"><a id="help_for_advancedoptions" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Additional configuration options");?></td>
						<td >
788 789 790
                  <textarea rows="6" cols="68" name="advancedoptions" id="advancedoptions"></textarea><br/>
                  <div class="hidden" for="help_for_advancedoptions">
                    <?=gettext("Enter any additional options you would like to add to the OpenVPN client export configuration here, separated by a line break or semicolon"); ?><br/>
791
							<?=gettext("EXAMPLE: remote-random"); ?>;
792
                  </div>
793 794 795 796
						</td>
					</tr>
					<tr>
						<td valign="top"><a id="help_for_clientpkg" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Client Install Packages");?></td>
797 798
                <td>
                  <table width="100%" id="users" border="0" cellpadding="0" cellspacing="0" class="table table-striped table-bordered ">
799 800 801 802 803 804
						<tr>
							<td width="25%" ><b><?=gettext("User");?></b></td>
							<td width="35%" ><b><?=gettext("Certificate Name");?></b></td>
							<td width="40%" ><b><?=gettext("Export");?></b></td>
						</tr>
					</table>
805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820
                  <div class="hidden" for="help_for_clientpkg">
                    <?= gettext("NOTES:") ?> <br/>
                    <?= gettext("The &quot;XP&quot; Windows installers work on Windows XP and later versions. The &quot;win6&quot; Windows installers include a new tap-windows6 driver that works only on Windows Vista and later.") ?><br/>
                    <br/><br/>
                    <strong><?= gettext("Links to OpenVPN clients for various platforms:") ?></strong><br/>
                    <a href="http://openvpn.net/index.php/open-source/downloads.html"><?= gettext("OpenVPN Community Client") ?></a> - <?=gettext("Binaries for Windows, Source for other platforms. Packaged above in the Windows Installers")?><br/>
                    <a href="https://play.google.com/store/apps/details?id=de.blinkt.openvpn"><?= gettext("OpenVPN For Android") ?></a> - <?=gettext("Recommended client for Android")?><br/>
                    <a href="http://www.featvpn.com/"><?= gettext("FEAT VPN For Android") ?></a> - <?=gettext("For older versions of Android")?><br/>
                    <?= gettext("OpenVPN Connect") ?>: <a href="https://play.google.com/store/apps/details?id=net.openvpn.openvpn"><?=gettext("Android (Google Play)")?></a> or <a href="https://itunes.apple.com/us/app/openvpn-connect/id590379981"><?=gettext("iOS (App Store)")?></a> - <?= gettext("Recommended client for iOS") ?>
                    <br/><a href="http://www.sparklabs.com/viscosity/"><?= gettext("Viscosity") ?></a> - <?= gettext("Recommended client for Mac OSX") ?>
                    <br/><a href="http://code.google.com/p/tunnelblick/"><?= gettext("Tunnelblick") ?></a> - <?= gettext("Free client for OSX") ?>
                    <br/><br/>
                    <?= gettext("NOTES:") ?><br/>
                    <?= gettext("If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager.") ?><br/>
                  </div>
                </td>
821 822
					</tr>
				</table>
823 824 825 826 827 828 829
          </div>
        </div>
      </section>
    </div>
  </div>
</section>

830 831 832 833 834 835
<script type="text/javascript">
//<![CDATA[
server_changed();
//]]>
</script>

836
<?php include("foot.inc"); ?>