vpn_ipsec_mobile.php 24.3 KB
Newer Older
Ad Schellevis's avatar
Ad Schellevis committed
1
<?php
2

Ad Schellevis's avatar
Ad Schellevis committed
3
/*
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
  Copyright (C) 2014-2015 Deciso B.V.
  Copyright (C) 2008 Shrew Soft Inc
  All rights reserved.

  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice,
     this list of conditions and the following disclaimer.

  2. Redistributions in binary form must reproduce the above copyright
     notice, this list of conditions and the following disclaimer in the
     documentation and/or other materials provided with the distribution.

  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
  AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
  OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  POSSIBILITY OF SUCH DAMAGE.
Ad Schellevis's avatar
Ad Schellevis committed
28 29
*/

30
require_once("interfaces.inc");
31
require_once("guiconfig.inc");
32
require_once("filter.inc");
33
require_once("ipsec.inc");
34
require_once("services.inc");
35
require_once("pfsense-utils.inc");
Ad Schellevis's avatar
Ad Schellevis committed
36

37
if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
38
    $config['ipsec'] = array();
39
}
40

41
if (!isset($config['ipsec']['phase1'])) {
42
    $config['ipsec']['phase1'] = array();
43
}
Ad Schellevis's avatar
Ad Schellevis committed
44

45
if (!isset($config['ipsec']['client'])) {
46
    $config['ipsec']['client'] = array();
47
}
Ad Schellevis's avatar
Ad Schellevis committed
48

49 50 51 52 53 54
// define formfields
$form_fields = "user_source,group_source,pool_address,pool_netbits,net_list
,save_passwd,dns_domain,dns_split,dns_server1,dns_server2,dns_server3
,dns_server4,wins_server1,wins_server2,pfs_group,login_banner";

if ($_SERVER['REQUEST_METHOD'] === 'GET') {
55 56 57 58
    // pass savemessage
    if (isset($_GET['savemsg'])) {
        $savemsg = htmlspecialchars($_GET['savemsg']);
    }
59 60 61 62 63
    $pconfig = array();
    // defaults
    $pconfig['pool_netbits'] = 24;

    // copy / initialize $pconfig attributes
64 65 66 67 68 69 70 71
    foreach (explode(",", $form_fields) as $fieldname) {
        $fieldname = trim($fieldname);
        if (isset($config['ipsec']['client'][$fieldname])) {
            $pconfig[$fieldname] = $config['ipsec']['client'][$fieldname];
        } elseif (!isset($pconfig[$fieldname])) {
          // initialize element
            $pconfig[$fieldname] = null;
        }
72
    }
73 74
    if (isset($config['ipsec']['client']['enable'])) {
        $pconfig['enable'] = true;
75
    }
76 77
    if (isset($config['ipsec']['client']['net_list'])) {
        $pconfig['net_list'] = true;
78 79
    }

80 81
    if (isset($config['ipsec']['client']['save_passwd'])) {
        $pconfig['save_passwd'] = true;
82
    }
83 84
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $input_errors = array();
85
    $pconfig = $_POST;
86 87 88
    if (isset($_POST['create'])) {
        // create new phase1 entry
        header("Location: vpn_ipsec_phase1.php?mobile=true");
89
        exit;
90 91
    } elseif (isset($_POST['apply'])) {
        // apply changes
92
        ipsec_configure();
93
        $savemsg = get_std_save_message();
94
        clear_subsystem_dirty('ipsec');
95
        header("Location: vpn_ipsec_mobile.php?savemsg=".$savemsg);
96
        exit;
97 98
    } elseif (isset($_POST['submit'])) {
        // save form changes
Ad Schellevis's avatar
Ad Schellevis committed
99

100 101 102 103
        // input preparations
        if (!empty($pconfig['user_source'])) {
            $pconfig['user_source'] = implode(",", $pconfig['user_source']);
        }
Ad Schellevis's avatar
Ad Schellevis committed
104

105 106 107 108
        /* input validation */
        $reqdfields = explode(" ", "user_source group_source");
        $reqdfieldsn =  array(gettext("User Authentication Source"),gettext("Group Authentication Source"));
        do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
Ad Schellevis's avatar
Ad Schellevis committed
109

110
        if (!empty($pconfig['pool_address']) && !is_ipaddr($pconfig['pool_address'])) {
111 112 113
            $input_errors[] = gettext("A valid IP address for 'Virtual Address Pool Network' must be specified.");
        }

114
        if (!empty($pconfig['dns_domain']) && !is_domain($pconfig['dns_domain'])) {
115 116 117 118 119 120 121 122 123 124 125 126 127
            $input_errors[] = gettext("A valid value for 'DNS Default Domain' must be specified.");
        }

        if (!empty($pconfig['dns_split'])) {
            $domain_array=preg_split("/[ ,]+/", $pconfig['dns_split']);
            foreach ($domain_array as $curdomain) {
                if (!is_domain($curdomain)) {
                    $input_errors[] = gettext("A valid split DNS domain list must be specified.");
                    break;
                }
            }
        }

128
        if (!empty($pconfig['dns_server1']) && !is_ipaddr($pconfig['dns_server1'])) {
129 130
            $input_errors[] = gettext("A valid IP address for 'DNS Server #1' must be specified.");
        }
131
        if (!empty($pconfig['dns_server2']) && !is_ipaddr($pconfig['dns_server2'])) {
132 133
            $input_errors[] = gettext("A valid IP address for 'DNS Server #2' must be specified.");
        }
134
        if (!empty($pconfig['dns_server3']) && !is_ipaddr($pconfig['dns_server3'])) {
135 136
            $input_errors[] = gettext("A valid IP address for 'DNS Server #3' must be specified.");
        }
137
        if (!empty($pconfig['dns_server4']) && !is_ipaddr($pconfig['dns_server4'])) {
138 139 140
            $input_errors[] = gettext("A valid IP address for 'DNS Server #4' must be specified.");
        }

141
        if (!empty($pconfig['wins_server1']) && !is_ipaddr($pconfig['wins_server1'])) {
142 143
            $input_errors[] = gettext("A valid IP address for 'WINS Server #1' must be specified.");
        }
144
        if (!empty($pconfig['wins_server2']) && !is_ipaddr($pconfig['wins_server2'])) {
145 146 147
            $input_errors[] = gettext("A valid IP address for 'WINS Server #2' must be specified.");
        }

148 149 150 151 152
        if (count($input_errors) == 0) {
            $client = array();
            $copy_fields = "user_source,group_source,pool_address,pool_netbits,dns_domain,dns_server1
            ,dns_server2,dns_server3,dns_server4,wins_server1,wins_server2
            ,dns_split,pfs_group,login_banner";
153 154 155 156 157 158
            foreach (explode(",", $copy_fields) as $fieldname) {
                            $fieldname = trim($fieldname);
                if (!empty($pconfig[$fieldname])) {
                    $client[$fieldname] = $pconfig[$fieldname];
                }
            }
159 160 161
            if (!empty($pconfig['enable'])) {
                $client['enable'] = true;
            }
162

163 164 165
            if (!empty($pconfig['net_list'])) {
                $client['net_list'] = true;
            }
166

167 168 169
            if (!empty($pconfig['save_passwd'])) {
                $client['save_passwd'] = true;
            }
170

171
            $config['ipsec']['client'] = $client;
172

173 174
            write_config();
            mark_subsystem_dirty('ipsec');
175

176 177
            header("Location: vpn_ipsec_mobile.php");
            exit;
178
        }
179
    }
Ad Schellevis's avatar
Ad Schellevis committed
180

181
    // initialize missing post attributes
182 183 184 185 186
    foreach (explode(",", $form_fields) as $fieldname) {
        $fieldname = trim($fieldname);
        if (!isset($pconfig[$fieldname])) {
            $pconfig[$fieldname] = null;
        }
187
    }
Ad Schellevis's avatar
Ad Schellevis committed
188 189
}

190 191
legacy_html_escape_form_data($pconfig);

192
$service_hook = 'ipsec';
Ad Schellevis's avatar
Ad Schellevis committed
193 194

include("head.inc");
195

Ad Schellevis's avatar
Ad Schellevis committed
196 197
?>

198
<body>
Ad Schellevis's avatar
Ad Schellevis committed
199 200 201

<script type="text/javascript">
//<![CDATA[
202 203 204 205 206 207 208 209 210
$( document ).ready(function() {
  pool_change();
  dns_domain_change();
  dns_split_change();
  dns_server_change();
  wins_server_change();
  pfs_group_change();
  login_banner_change();
});
Ad Schellevis's avatar
Ad Schellevis committed
211 212 213

function pool_change() {

214 215 216 217 218 219 220
  if (document.iform.pool_enable.checked) {
    document.iform.pool_address.disabled = 0;
    document.iform.pool_netbits.disabled = 0;
  } else {
    document.iform.pool_address.disabled = 1;
    document.iform.pool_netbits.disabled = 1;
  }
Ad Schellevis's avatar
Ad Schellevis committed
221 222 223 224
}

function dns_domain_change() {

225
  if (document.iform.dns_domain_enable.checked) {
226 227 228 229
    document.iform.dns_domain.disabled = 0;
    $("#dns_domain").addClass('show');
    $("#dns_domain").removeClass('hidden');
  } else {
230
    document.iform.dns_domain.disabled = 1;
231 232 233
    $("#dns_domain").addClass('hidden');
    $("#dns_domain").removeClass('show');
  }
Ad Schellevis's avatar
Ad Schellevis committed
234 235 236 237
}

function dns_split_change() {

238
  if (document.iform.dns_split_enable.checked){
239 240 241 242 243 244 245 246 247
    document.iform.dns_split.disabled = 0;
    $("#dns_split").addClass('show');
    $("#dns_split").removeClass('hidden');
  } else {
    document.iform.dns_split.disabled = 1;
    $("#dns_split").addClass('hidden');
    $("#dns_split").removeClass('show');
  }

Ad Schellevis's avatar
Ad Schellevis committed
248 249 250 251
}

function dns_server_change() {

252 253 254 255 256
  if (document.iform.dns_server_enable.checked) {
    document.iform.dns_server1.disabled = 0;
    document.iform.dns_server2.disabled = 0;
    document.iform.dns_server3.disabled = 0;
    document.iform.dns_server4.disabled = 0;
257 258
    $("#dns_server_enable_inputs").addClass('show');
    $("#dns_server_enable_inputs").removeClass('hidden');
259 260 261 262 263
  } else {
    document.iform.dns_server1.disabled = 1;
    document.iform.dns_server2.disabled = 1;
    document.iform.dns_server3.disabled = 1;
    document.iform.dns_server4.disabled = 1;
264 265
    $("#dns_server_enable_inputs").addClass('hidden');
    $("#dns_server_enable_inputs").removeClass('show');
266
  }
Ad Schellevis's avatar
Ad Schellevis committed
267 268 269 270
}

function wins_server_change() {

271 272 273
  if (document.iform.wins_server_enable.checked) {
    document.iform.wins_server1.disabled = 0;
    document.iform.wins_server2.disabled = 0;
274 275
    $("#wins_server_enable_inputs").addClass('show');
    $("#wins_server_enable_inputs").removeClass('hidden');
276 277 278
  } else {
    document.iform.wins_server1.disabled = 1;
    document.iform.wins_server2.disabled = 1;
279 280
    $("#wins_server_enable_inputs").addClass('hidden');
    $("#wins_server_enable_inputs").removeClass('show');
281
  }
Ad Schellevis's avatar
Ad Schellevis committed
282 283 284 285
}

function pfs_group_change() {

286
  if (document.iform.pfs_group_enable.checked) {
287 288 289 290 291 292 293 294
    document.iform.pfs_group.disabled = 0;
    $("#pfs_group").addClass('show');
    $("#pfs_group").removeClass('hidden');
  } else {
    document.iform.pfs_group.disabled = 1;
    $("#pfs_group").addClass('hidden');
    $("#pfs_group").removeClass('show');
  }
Ad Schellevis's avatar
Ad Schellevis committed
295 296 297 298
}

function login_banner_change() {

299
  if (document.iform.login_banner_enable.checked) {
300 301 302 303 304 305 306 307
    document.iform.login_banner.disabled = 0;
    $("#login_banner").addClass('show');
    $("#login_banner").removeClass('hidden');
  } else {
    document.iform.login_banner.disabled = 1;
    $("#login_banner").addClass('hidden');
    $("#login_banner").removeClass('show');
  }
Ad Schellevis's avatar
Ad Schellevis committed
308 309 310 311 312
}

//]]>
</script>

313
<?php include("fbegin.inc"); ?>
Ad Schellevis's avatar
Ad Schellevis committed
314

315 316 317
  <section class="page-content-main">
    <div class="container-fluid">
      <div class="row">
318
<?php
319 320 321 322
if (isset($savemsg)) {
    print_info_box($savemsg);
}
if (isset($config['ipsec']['enable']) && is_subsystem_dirty('ipsec')) {
323
    print_info_box_apply(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));
324
}
325
                $ph1found = false;
326 327 328 329 330
foreach ($config['ipsec']['phase1'] as $ph1ent) {
    if (isset($ph1ent['mobile'])) {
        $ph1found = true;
    }
}
331 332 333

function print_legacy_box($msg, $name, $value)
{
334 335 336 337 338 339 340 341
  $savebutton = "<form action=\"".$_SERVER['REQUEST_URI']."\" method=\"post\">";
  $savebutton .= "<input name=\"{$name}\" type=\"submit\" class=\"btn btn-default\" id=\"${name}\" value=\"{$value}\" />";
  if (!empty($_POST['if'])) {
    $savebutton .= "<input type=\"hidden\" name=\"if\" value=\"" . htmlspecialchars($_POST['if']) . "\" />";
  }
  $savebutton .= '</form>';

  echo <<<EOFnp
342
<div class="col-xs-12">
343 344 345 346
  <div class="alert alert-info alert-dismissible" role="alert">
    {$savebutton}
    <p>{$msg}</p>
  </div>
347 348 349 350
</div>
EOFnp;
}

351
if (!empty($pconfig['enable']) && !$ph1found) {
352
    print_legacy_box(gettext("Support for IPsec Mobile clients is enabled but a Phase1 definition was not found") . ".<br />" . gettext("Please click Create to define one."), "create", gettext("Create Phase1"));
353 354 355 356
}
if (isset($input_errors) && count($input_errors) > 0) {
    print_input_errors($input_errors);
}
357
?>
358 359 360 361 362
          <section class="col-xs-12">
           <div class="tab-content content-box col-xs-12">
               <form action="vpn_ipsec_mobile.php" method="post" name="iform" id="iform">
               <div class="table-responsive">
                <table class="table table-striped table-sort">
363 364 365 366
                    <tr>
                      <td width="22%"><b><?=gettext("IKE Extensions"); ?> </b></td>
                      <td width="78%" align="right">
                        <small><?=gettext("full help"); ?> </small>
Ad Schellevis's avatar
Ad Schellevis committed
367
                        <i class="fa fa-toggle-off text-danger"  style="cursor: pointer;" id="show_all_help_page" type="button"></i>
368 369
                      </td>
                    </tr>
370
                  <tr>
371
                      <td><a id="help_for_enabled" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Enable")?></td>
372
                    <td>
373 374
                        <input name="enable" type="checkbox" id="enable" value="yes" <?= !empty($pconfig['enable']) ? "checked=\"checked\"" : "";?> />
                        <div class="hidden" for="help_for_enabled">
375
                            <?=gettext("Enable IPsec Mobile Client Support"); ?>
376
                        </div>
377 378
                    </td>
                  </tr>
379
                    <tr>
380 381
                    <td colspan="2"><b><?=gettext("Extended Authentication (Xauth)"); ?></b></td>
                  </tr>
382
                    <tr>
383 384 385 386 387
                  <tr>
                    <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("User Authentication"); ?></td>
                    <td>
                      <?=gettext("Source"); ?>:
                      <select name="user_source[]" class="form-control" id="user_source" multiple="multiple" size="3">
388 389 390
<?php
                        $authmodes = explode(",", $pconfig['user_source']);
                        $auth_servers = auth_get_authserver_list();
391 392 393
foreach ($auth_servers as $auth_key => $auth_server) : ?>
  <option value="<?=htmlspecialchars($auth_key)?>" <?=in_array($auth_key, $authmodes) ? 'selected="selected"' : ''?>><?=$auth_server['name']?></option>
<?php                                           endforeach; ?>
394 395 396 397 398 399 400 401 402
                      </select>
                    </td>
                  </tr>
                  <tr>
                    <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Group Authentication"); ?></td>
                    <td>
                      <select name="group_source" class="form-control" id="group_source">
                        <option value="none"><?=gettext("none"); ?></option>
                        <option value="system" <?= $pconfig['group_source'] == "system" ?  "selected=\"selected\"" : "";
403
?>><?=gettext("system"); ?></option>
404 405 406
                      </select>
                    </td>
                  </tr>
407 408 409
                    <tr>
                      <td colspan="2"><b><?=gettext("Client Configuration (mode-cfg)"); ?> </b></td>
                    </tr>
410 411 412
                  <tr>
                    <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Virtual Address Pool"); ?></td>
                    <td>
413 414
                        <input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?= !empty($pconfig['pool_address'])&&!empty($pconfig['pool_netbits']) ? "checked=\"checked\"" : "";?> onclick="pool_change()" />
                        <?=gettext("Provide a virtual IP address to clients"); ?><br />
415 416 417 418 419
                      <?=gettext("Network"); ?>:&nbsp;
                      <input name="pool_address" type="text" class="form-control unknown" id="pool_address" size="20" value="<?=$pconfig['pool_address'];?>" />
                      /
                      <select name="pool_netbits" class="form-control" id="pool_netbits">
                              <?php for ($i = 32; $i >= 0; $i--) :
420
    ?>
421
                              <option value="<?=$i;
422
?>" <?= ($i == $pconfig['pool_netbits']) ? "selected=\"selected\"" : "";?>>
423 424 425
                                <?=$i;?>
                              </option>
                              <?php
426
endfor; ?>
427 428 429 430 431 432
                      </select>
                    </td>
                  </tr>
                  <tr>
                    <td><a id="help_for_net_list" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Network List"); ?></td>
                    <td>
433 434
                        <input name="net_list" type="checkbox" id="net_list_enable" value="yes" <?= !empty($pconfig['net_list']) ? "checked=\"checked\"" : "";?> />
                        <div class="hidden" for="help_for_net_list">
435
                            <?=gettext("Provide a list of accessible networks to clients"); ?><br />
436
                        </div>
437 438 439 440 441
                    </td>
                  </tr>
                  <tr>
                    <td><a id="help_for_save_passwd" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Save Xauth Password"); ?></td>
                    <td>
442 443
                        <input name="save_passwd" type="checkbox" id="save_passwd_enable" value="yes" <?= !empty($pconfig['save_passwd']) ? "checked=\"checked\"" : "";?> />
                        <div class="hidden" for="help_for_save_passwd">
444 445
                            <?=gettext("Allow clients to save Xauth passwords (Cisco VPN client only)."); ?><br />
                            <?=gettext("NOTE: With iPhone clients, this does not work when deployed via the iPhone configuration utility, only by manual entry."); ?><br />
446
                        </div>
447 448 449 450 451
                    </td>
                  </tr>
                  <tr>
                    <td><a id="help_for_dns_domain_enable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("DNS Default Domain"); ?></td>
                    <td>
452 453 454
                        <input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes"  <?= !empty($pconfig['dns_domain']) ? "checked=\"checked\"" : "";?> onclick="dns_domain_change()" />
                        <input name="dns_domain" type="text" id="dns_domain" size="30" value="<?=$pconfig['dns_domain'];?>" />
                        <div class="hidden" for="help_for_dns_domain_enable">
455
                            <?=gettext("Provide a default domain name to clients"); ?>
456
                        </div>
457 458 459 460 461
                    </td>
                  </tr>
                  <tr>
                    <td><a id="help_for_dns_split_enable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Split DNS"); ?></td>
                    <td>
462 463 464
                        <input name="dns_split_enable" type="checkbox" id="dns_split_enable" value="yes" <?= !empty($pconfig['dns_split']) ? "checked=\"checked\"" : "";?> onclick="dns_split_change()" />
                        <input name="dns_split" type="text" class="form-control unknown" id="dns_split" size="30" value="<?=$pconfig['dns_split'];?>" />
                        <div class="hidden" for="help_for_dns_split_enable">
465 466
                            <?=gettext("Provide a list of split DNS domain names to clients. Enter a comma separated list."); ?><br />
                            <?=gettext("NOTE: If left blank, and a default domain is set, it will be used for this value."); ?>
467
                        </div>
468 469 470 471 472
                    </td>
                  </tr>
                  <tr>
                    <td><a id="help_for_dns_server_enable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("DNS Servers"); ?></td>
                    <td>
473 474
                        <input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes"  <?= !empty($pconfig['dns_server1']) || !empty($pconfig['dns_server2']) || !empty($pconfig['dns_server3']) || !empty($pconfig['dns_server4']) ? "checked=\"checked\"" : "";?> onclick="dns_server_change()" />
                        <div id="dns_server_enable_inputs">
475
                            <?=gettext("Server"); ?> #1:
476
                          <input name="dns_server1" type="text" class="form-control unknown" id="dns_server1" size="20" value="<?=$pconfig['dns_server1'];?>" />
477
                            <?=gettext("Server"); ?> #2:
478
                          <input name="dns_server2" type="text" class="form-control unknown" id="dns_server2" size="20" value="<?=$pconfig['dns_server2'];?>" />
479
                            <?=gettext("Server"); ?> #3:
480
                          <input name="dns_server3" type="text" class="form-control unknown" id="dns_server3" size="20" value="<?=$pconfig['dns_server3'];?>" />
481
                            <?=gettext("Server"); ?> #4:
482 483 484
                          <input name="dns_server4" type="text" class="form-control unknown" id="dns_server4" size="20" value="<?=$pconfig['dns_server4'];?>" />
                        </div>
                        <div class="hidden" for="help_for_dns_server_enable">
485
                            <?=gettext("Provide a DNS server list to clients"); ?>
486
                        </div>
487 488 489 490 491
                    </td>
                  </tr>
                  <tr>
                    <td><a id="help_for_wins_server_enable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("WINS Servers"); ?></td>
                    <td>
492 493
                        <input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?= !empty($pconfig['wins_server1']) || !empty($pconfig['wins_server2']) ? "checked=\"checked\"" : "";?> onclick="wins_server_change()" />
                        <div id="wins_server_enable_inputs">
494
                            <?=gettext("Server"); ?> #1:
495
                          <input name="wins_server1" type="text" class="form-control unknown" id="wins_server1" size="20" value="<?=$pconfig['wins_server1'];?>" />
496
                            <?=gettext("Server"); ?> #2:
497 498 499
                          <input name="wins_server2" type="text" class="form-control unknown" id="wins_server2" size="20" value="<?=$pconfig['wins_server2'];?>" />
                        </div>
                        <div class="hidden" for="help_for_wins_server_enable">
500
                            <?=gettext("Provide a WINS server list to clients"); ?>
501
                        </div>
502 503 504 505 506
                    </td>
                  </tr>
                  <tr>
                    <td><a id="help_for_pfs_group_enable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Phase2 PFS Group"); ?></td>
                    <td>
507 508 509 510
                        <input name="pfs_group_enable" type="checkbox" id="pfs_group_enable" value="yes" <?= !empty($pconfig['pfs_group']) ? "checked=\"checked\"" : "";?>  onclick="pfs_group_change()" />

                        <select name="pfs_group" class="form-control" id="pfs_group">
<?php                     foreach ($p2_pfskeygroups as $keygroup => $keygroupname) :
511
?>
512 513
                          <option value="<?=$keygroup;
?>" <?= $pconfig['pfs_group'] == $keygroup ? "selected=\"selected\"" : "" ; ?>>
514 515 516
                            <?=$keygroupname;?>
                          </option>
<?php
517
endforeach;
518 519 520
?>
                        </select>
                        <div class="hidden" for="help_for_pfs_group_enable">
521
                            <?=gettext("Provide the Phase2 PFS group to clients ( overrides all mobile phase2 settings )"); ?>
522
                        </div>
523 524 525 526 527
                    </td>
                  </tr>
                  <tr>
                    <td><a id="help_for_login_banner_enable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Login Banner"); ?></td>
                    <td>
528 529 530
                        <input name="login_banner_enable" type="checkbox" id="login_banner_enable" value="yes" <?= !empty($pconfig['login_banner']) ? "checked=\"checked\"" : "";?> onclick="login_banner_change()" />
                        <textarea name="login_banner" cols="65" rows="7" id="login_banner" class="formpre"><?=$pconfig['login_banner'];?></textarea>
                        <div class="hidden" for="help_for_login_banner_enable">
531
                            <?=gettext("Provide a login banner to clients"); ?><br />
532
                        </div>
533 534 535 536 537 538 539 540 541 542 543 544 545 546 547
                    </td>
                  </tr>
                  <tr>
                    <td>&nbsp;</td>
                    <td>
                      <input name="submit" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
                    </td>
                  </tr>
                </table>
               </div>
               </form>
            </div>
        </section>
      </div>
  </div>
548
</section>
549

550
<?php include("foot.inc"); ?>