vpn_openvpn_export.php 39.1 KB
Newer Older
1 2
<?php

3
/*
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
	Copyright (C) 2008 Shrew Soft Inc.
	Copyright (C) 2010 Ermal Luçi
	All rights reserved.

	Redistribution and use in source and binary forms, with or without
	modification, are permitted provided that the following conditions are met:

	1. Redistributions of source code must retain the above copyright notice,
	   this list of conditions and the following disclaimer.

	2. Redistributions in binary form must reproduce the above copyright
	   notice, this list of conditions and the following disclaimer in the
	   documentation and/or other materials provided with the distribution.

	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	POSSIBILITY OF SUCH DAMAGE.
*/
29

30
require_once("guiconfig.inc");
31
require_once("openvpn.inc");
32
require_once("services.inc");
33 34
require_once("filter.inc");
require_once("pfsense-utils.inc");
35
require_once("interfaces.inc");
36
require_once("openvpn-client-export.inc");
37 38 39

global $current_openvpn_version, $current_openvpn_version_rev;

40
$service_hook = 'openvpn';
41 42

$ras_server = array();
43 44 45 46 47
if (isset($config['openvpn']['openvpn-server'])) {
    // collect info
    foreach ($config['openvpn']['openvpn-server'] as $sindex => $server) {
        if (isset($server['disable'])) {
            continue;
48
        }
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75
        $ras_user = array();
        $ras_certs = array();
        if (stripos($server['mode'], "server") === false) {
            continue;
        }
        if (($server['mode'] == "server_tls_user") && ($server['authmode'] == "Local Database")) {
            if (isset($config['system']['user'])) {
                foreach ($config['system']['user'] as $uindex => $user) {
                    if (!isset($user['cert'])) {
                        continue;
                    }
                    foreach ($user['cert'] as $cindex => $cert) {
                        // If $cert is not an array, it's a certref not a cert.
                        if (!is_array($cert)) {
                            $cert = lookup_cert($cert);
                        }

                        if ($cert['caref'] != $server['caref']) {
                            continue;
                        }
                        $ras_userent = array();
                        $ras_userent['uindex'] = $uindex;
                        $ras_userent['cindex'] = $cindex;
                        $ras_userent['name'] = $user['name'];
                        $ras_userent['certname'] = $cert['descr'];
                        $ras_user[] = $ras_userent;
                    }
76 77
                }
            }
78 79
        } elseif (($server['mode'] == "server_tls") || (($server['mode'] == "server_tls_user") && ($server['authmode'] != "Local Database"))) {
            if (isset($config['cert'])) {
80 81 82 83 84 85 86 87 88
                foreach ($config['cert'] as $cindex => $cert) {
                    if (($cert['caref'] != $server['caref']) || ($cert['refid'] == $server['certref'])) {
                        continue;
                    }
                    $ras_cert_entry['cindex'] = $cindex;
                    $ras_cert_entry['certname'] = $cert['descr'];
                    $ras_cert_entry['certref'] = $cert['refid'];
                    $ras_certs[] = $ras_cert_entry;
                }
89 90
            }
        }
91

92 93 94 95 96 97 98 99 100 101 102 103 104 105
        $ras_serverent = array();
        $prot = $server['protocol'];
        $port = $server['local_port'];
        if ($server['description']) {
            $name = "{$server['description']} {$prot}:{$port}";
        } else {
            $name = "Server {$prot}:{$port}";
        }
        $ras_serverent['index'] = $sindex;
        $ras_serverent['name'] = $name;
        $ras_serverent['users'] = $ras_user;
        $ras_serverent['certs'] = $ras_certs;
        $ras_serverent['mode'] = $server['mode'];
        $ras_server[] = $ras_serverent;
106 107
    }

108 109 110 111 112 113 114 115 116
    // handle request export..
    if (!empty($_GET['act'])) {
        $input_errors = array();
        $exp_path = false;
        $act = $_GET['act'];
        $srvid = isset($_GET['srvid']) ? $_GET['srvid'] : false;
        $usrid = isset($_GET['usrid']) ? $_GET['usrid'] : false;
        $crtid = isset($_GET['crtid']) ? $_GET['crtid'] : false;
        if ($srvid === false) {
117
            header("Location: vpn_openvpn_export.php");
118 119 120
            exit;
        } elseif (($config['openvpn']['openvpn-server'][$srvid]['mode'] != "server_user") &&
                 (($usrid === false) || ($crtid === false))) {
121
            header("Location: vpn_openvpn_export.php");
122 123
            exit;
        }
124

125 126 127 128 129
        if ($config['openvpn']['openvpn-server'][$srvid]['mode'] == "server_user") {
            $nokeys = true;
        } else {
            $nokeys = false;
        }
130

131 132 133 134
        $useaddr = '';
        if (isset($_GET['useaddr']) && !empty($_GET['useaddr'])) {
            $useaddr = trim($_GET['useaddr']);
        }
135

136 137
        if (!(is_ipaddr($useaddr) || is_hostname($useaddr) ||
            in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname")))) {
138
            $input_errors[] = gettext("You need to specify an IP or hostname.");
139
        }
140

141 142
        $advancedoptions = isset($_GET['advancedoptions']) ? $_GET['advancedoptions'] : null;
        $openvpnmanager = isset($_GET['openvpnmanager']) ? $_GET['openvpnmanager'] : null;
143

144 145 146 147
        $verifyservercn = isset($_GET['verifyservercn']) ? $_GET['verifyservercn'] : null;
        $randomlocalport = isset($_GET['randomlocalport']) ? $_GET['randomlocalport'] : null;
        $usetoken = $_GET['usetoken'];
        if ($usetoken && (substr($act, 0, 10) == "confinline")) {
148
            $input_errors[] = gettext("You cannot use Microsoft Certificate Storage with an Inline configuration.");
149
        }
150
        if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_yealink_t38g2") || ($act == "conf_snom"))) {
151
            $input_errors[] = gettext("You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration.");
152 153 154 155
        }
        $password = "";
        if (!empty($_GET['password'])) {
            $password = $_GET['password'];
156
        }
157 158 159 160 161

        $proxy = "";
        if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) {
            $proxy = array();
            if (empty($_GET['proxy_addr'])) {
162
                $input_errors[] = gettext("You need to specify an address for the proxy port.");
163
            } else {
164
                $proxy['ip'] = $_GET['proxy_addr'];
165
            }
166
            if (empty($_GET['proxy_port'])) {
167
                $input_errors[] = gettext("You need to specify a port for the proxy ip.");
168
            } else {
169 170 171 172 173 174 175
                $proxy['port'] = $_GET['proxy_port'];
            }
            if (isset($_GET['proxy_type'])) {
                $proxy['proxy_type'] = $_GET['proxy_type'];
            }
            if (isset($_GET['proxy_authtype'])) {
                $proxy['proxy_authtype'] = $_GET['proxy_authtype'];
176 177
                if ($_GET['proxy_authtype'] != "none") {
                    if (empty($_GET['proxy_user'])) {
178
                        $input_errors[] = gettext("You need to specify a username with the proxy config.");
179 180 181 182
                    } else {
                        $proxy['user'] = $_GET['proxy_user'];
                    }
                    if (!empty($_GET['proxy_user']) && empty($_GET['proxy_password'])) {
183
                        $input_errors[] = gettext("You need to specify a password with the proxy user.");
184 185 186 187
                    } else {
                        $proxy['password'] = $_GET['proxy_password'];
                    }
                }
188 189 190
            }
        }

191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231
        $exp_name = openvpn_client_export_prefix($srvid, $usrid, $crtid);

        if (substr($act, 0, 4) == "conf") {
            switch ($act) {
                case "confzip":
                    $exp_name = urlencode($exp_name."-config.zip");
                    $expformat = "zip";
                    break;
                case "conf_yealink_t28":
                    $exp_name = urlencode("client.tar");
                    $expformat = "yealink_t28";
                    break;
                case "conf_yealink_t38g":
                    $exp_name = urlencode("client.tar");
                    $expformat = "yealink_t38g";
                    break;
                case "conf_yealink_t38g2":
                    $exp_name = urlencode("client.tar");
                    $expformat = "yealink_t38g2";
                    break;
                case "conf_snom":
                    $exp_name = urlencode("vpnclient.tar");
                    $expformat = "snom";
                    break;
                case "confinline":
                    $exp_name = urlencode($exp_name."-config.ovpn");
                    $expformat = "inline";
                    break;
                case "confinlinedroid":
                    $exp_name = urlencode($exp_name."-android-config.ovpn");
                    $expformat = "inlinedroid";
                    break;
                case "confinlineios":
                    $exp_name = urlencode($exp_name."-ios-config.ovpn");
                    $expformat = "inlineios";
                    break;
                default:
                    $exp_name = urlencode($exp_name."-config.ovpn");
                    $expformat = "baseconf";
            }
            $exp_path = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, $expformat, $password, false, false, $openvpnmanager, $advancedoptions);
232 233
        }

234 235 236 237
        if ($act == "visc") {
            $exp_name = urlencode($exp_name."-Viscosity.visc.zip");
            $exp_path = viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions);
        }
238

239 240 241 242
        if (substr($act, 0, 4) == "inst") {
            $exp_name = urlencode($exp_name."-install.exe");
            $exp_path = openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $password, $proxy, $openvpnmanager, $advancedoptions, substr($act, 5));
        }
243

244
        if (!$exp_path) {
245
            $input_errors[] = gettext("Failed to export config files!");
246
        }
247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265

        if (count($input_errors) == 0) {
            if (($act == "conf") || (substr($act, 0, 10) == "confinline")) {
                $exp_size = strlen($exp_path);
            } else {
                $exp_size = filesize($exp_path);
            }
            header('Pragma: ');
            header('Cache-Control: ');
            header("Content-Type: application/octet-stream");
            header("Content-Disposition: attachment; filename={$exp_name}");
            header("Content-Length: $exp_size");
            if (($act == "conf") || (substr($act, 0, 10) == "confinline")) {
                echo $exp_path;
            } else {
                readfile($exp_path);
                @unlink($exp_path);
            }
            exit;
266 267
        }
    }
268 269
}

270 271 272 273




274 275 276 277 278 279 280 281 282 283 284
include("head.inc");

?>

<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<script type="text/javascript">
//<![CDATA[
var viscosityAvailable = false;

var servers = new Array();
285 286
<?php foreach ($ras_server as $sindex => $server) :
?>
287
servers[<?=$sindex;?>] = new Array();
288 289
servers[<?=$sindex;
?>][0] = '<?=$server['index'];?>';
290
servers[<?=$sindex;?>][1] = new Array();
291 292
servers[<?=$sindex;
?>][2] = '<?=$server['mode'];?>';
293
servers[<?=$sindex;?>][3] = new Array();
294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322
<?php	  foreach ($server['users'] as $uindex => $user) :
?>
servers[<?=$sindex;
?>][1][<?=$uindex;?>] = new Array();
servers[<?=$sindex;
?>][1][<?=$uindex;
?>][0] = '<?=$user['uindex'];?>';
servers[<?=$sindex;
?>][1][<?=$uindex;
?>][1] = '<?=$user['cindex'];?>';
servers[<?=$sindex;
?>][1][<?=$uindex;
?>][2] = '<?=$user['name'];?>';
servers[<?=$sindex;
?>][1][<?=$uindex;
?>][3] = '<?=str_replace("'", "\\'", $user['certname']);?>';
<?
endforeach; ?>
<?php	  $c=0;
foreach ($server['certs'] as $cert) :
?>
servers[<?=$sindex;
?>][3][<?=$c;?>] = new Array();
servers[<?=$sindex;
?>][3][<?=$c;
?>][0] = '<?=$cert['cindex'];?>';
servers[<?=$sindex;
?>][3][<?=$c;
?>][1] = '<?=str_replace("'", "\\'", $cert['certname']);?>';
323 324
<?php $c++; endforeach; ?>
<?php endforeach; ?>
325 326 327 328 329 330 331 332 333 334 335 336

function download_begin(act, i, j) {

	var index = document.getElementById("server").selectedIndex;
	var users = servers[index][1];
	var certs = servers[index][3];
	var useaddr;

	var advancedoptions;

	if (document.getElementById("useaddr").value == "other") {
		if (document.getElementById("useaddr_hostname").value == "") {
337
			alert("<?=gettext('Please specify an IP address or hostname.') ?>");
338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365
			return;
		}
		useaddr = document.getElementById("useaddr_hostname").value;
	} else
		useaddr = document.getElementById("useaddr").value;

	advancedoptions = document.getElementById("advancedoptions").value;

	var verifyservercn;
	verifyservercn = document.getElementById("verifyservercn").value;

	var randomlocalport = 0;
	if (document.getElementById("randomlocalport").checked)
		randomlocalport = 1;
	var usetoken = 0;
	if (document.getElementById("usetoken").checked)
		usetoken = 1;
	var usepass = 0;
	if (document.getElementById("usepass").checked)
		usepass = 1;
	var openvpnmanager = 0;
	if (document.getElementById("openvpnmanager").checked)
		openvpnmanager = 1;

	var pass = document.getElementById("pass").value;
	var conf = document.getElementById("conf").value;
	if (usepass && (act.substring(0,4) == "inst")) {
		if (!pass || !conf) {
366
			alert("<?=gettext('The password or confirm field is empty') ?>");
367 368 369
			return;
		}
		if (pass != conf) {
370
			alert("<?=gettext('The password and confirm fields must match') ?>");
371 372 373 374 375 376 377 378 379 380 381 382 383
			return;
		}
	}

	var useproxy = 0;
	var useproxypass = 0;
	if (document.getElementById("useproxy").checked)
		useproxy = 1;

	var proxyaddr = document.getElementById("proxyaddr").value;
	var proxyport = document.getElementById("proxyport").value;
	if (useproxy) {
		if (!proxyaddr || !proxyport) {
384
			alert("<?=gettext('The proxy ip and port cannot be empty') ?>");
385 386 387 388 389 390 391 392 393 394 395 396 397 398
			return;
		}

		if (document.getElementById("useproxypass").value != 'none')
			useproxypass = 1;

		var proxytype = document.getElementById("useproxytype").value;

		var proxyauth = document.getElementById("useproxypass").value;
		var proxyuser = document.getElementById("proxyuser").value;
		var proxypass = document.getElementById("proxypass").value;
		var proxyconf = document.getElementById("proxyconf").value;
		if (useproxypass) {
			if (!proxyuser) {
399
				alert("<?=gettext('Please fill the proxy username and password.') ?>");
400 401 402
				return;
			}
			if (!proxypass || !proxyconf) {
403
				alert("<?=gettext('The proxy password or confirm field is empty') ?>");
404 405 406
				return;
			}
			if (proxypass != proxyconf) {
407
				alert("<?=gettext('The proxy password and confirm fields must match') ?>");
408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463
				return;
			}
		}
	}

	var dlurl;
	dlurl  = "/vpn_openvpn_export.php?act=" + act;
	dlurl += "&srvid=" + escape(servers[index][0]);
	if (users[i]) {
		dlurl += "&usrid=" + escape(users[i][0]);
		dlurl += "&crtid=" + escape(users[i][1]);
	}
	if (certs[j]) {
		dlurl += "&usrid=";
		dlurl += "&crtid=" + escape(certs[j][0]);
	}
	dlurl += "&useaddr=" + escape(useaddr);
	dlurl += "&verifyservercn=" + escape(verifyservercn);
	dlurl += "&randomlocalport=" + escape(randomlocalport);
	dlurl += "&openvpnmanager=" + escape(openvpnmanager);
	dlurl += "&usetoken=" + escape(usetoken);
	if (usepass)
		dlurl += "&password=" + escape(pass);
	if (useproxy) {
		dlurl += "&proxy_type=" + escape(proxytype);
		dlurl += "&proxy_addr=" + escape(proxyaddr);
		dlurl += "&proxy_port=" + escape(proxyport);
		dlurl += "&proxy_authtype=" + escape(proxyauth);
		if (useproxypass) {
			dlurl += "&proxy_user=" + escape(proxyuser);
			dlurl += "&proxy_password=" + escape(proxypass);
		}
	}

	dlurl += "&advancedoptions=" + escape(advancedoptions);

	window.open(dlurl,"_self");
}

function server_changed() {

	var table = document.getElementById("users");
	while (table.rows.length > 1 )
		table.deleteRow(1);

	var index = document.getElementById("server").selectedIndex;
	var users = servers[index][1];
	var certs = servers[index][3];
	for (i=0; i < users.length; i++) {
		var row = table.insertRow(table.rows.length);
		var cell0 = row.insertCell(0);
		var cell1 = row.insertCell(1);
		var cell2 = row.insertCell(2);
		cell0.innerHTML = users[i][2];
		cell1.innerHTML = users[i][3];
		cell2.innerHTML = "- Standard Configurations:<br\/>";
464 465 466
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confzip\"," + i + ", -1)'>Archive</button>";
    cell2.innerHTML += "&nbsp;&nbsp;";
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf\"," + i + ", -1)'>Config Only</button>";
467
		cell2.innerHTML += "<br\/>- Inline Configurations:<br\/>";
468
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinlinedroid\"," + i + ", -1)'>Android</button>";
469
		cell2.innerHTML += "&nbsp;&nbsp; ";
470
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinlineios\"," + i + ", -1)'>OpenVPN Connect (iOS/Android)</button>";
471
		cell2.innerHTML += "&nbsp;&nbsp; ";
472
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinline\"," + i + ", -1)'>Others</button>";
473
		cell2.innerHTML += "<br\/>- Windows Installers (<?php echo $current_openvpn_version . '-Ix' . $current_openvpn_version_rev;?>):<br\/>";
474
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x86-xp\"," + i + ", -1)'>x86-xp</button>";
475
		cell2.innerHTML += "&nbsp;&nbsp; ";
476
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x64-xp\"," + i + ", -1)'>x64-xp</button>";
477
		cell2.innerHTML += "&nbsp;&nbsp; ";
478
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x86-win6\"," + i + ", -1)'>x86-win6</button>";
479
		cell2.innerHTML += "&nbsp;&nbsp; ";
480
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x64-win6\"," + i + ", -1)'>x64-win6</button>";
481
		cell2.innerHTML += "<br\/>- Mac OSX:<br\/>";
482
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"visc\"," + i + ", -1)'>Viscosity Bundle</button>";
483 484 485 486 487 488 489 490 491 492 493 494 495 496
	}
	for (j=0; j < certs.length; j++) {
		var row = table.insertRow(table.rows.length);
		var cell0 = row.insertCell(0);
		var cell1 = row.insertCell(1);
		var cell2 = row.insertCell(2);
		if (servers[index][2] == "server_tls") {
			cell0.innerHTML = "Certificate (SSL/TLS, no Auth)";
		} else {
			cell0.innerHTML = "Certificate with External Auth";
		}
		cell1.innerHTML = certs[j][1];
		cell2.innerHTML = "- Standard Configurations:<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
497
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confzip\",-1," + j + ")'>Archive</button>";
498
		cell2.innerHTML += "&nbsp;&nbsp; ";
499
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf\",-1," + j + ")'>File Only</button>";
500 501
		cell2.innerHTML += "<br\/>- Inline Configurations:<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
502
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinlinedroid\",-1," + j + ")'>Android</button>";
503
		cell2.innerHTML += "&nbsp;&nbsp; ";
504
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinlineios\",-1," + j + ")'>OpenVPN Connect (iOS/Android)</button>";
505
		cell2.innerHTML += "&nbsp;&nbsp; ";
506
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinline\",-1," + j + ")'>Others</button>";
507 508
		cell2.innerHTML += "<br\/>- Windows Installers (<?php echo $current_openvpn_version . '-Ix' . $current_openvpn_version_rev;?>):<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
509
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x86-xp\",-1," + j + ")'>x86-xp</button>";
510
		cell2.innerHTML += "&nbsp;&nbsp; ";
511
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x64-xp\",-1," + j + ")'>x64-xp</button>";
512
		cell2.innerHTML += "&nbsp;&nbsp; ";
513
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x86-win6\",-1," + j + ")'>x86-win6</button>";
514
		cell2.innerHTML += "&nbsp;&nbsp; ";
515
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x64-win6\",-1," + j + ")'>x64-win6</button>";
516 517
		cell2.innerHTML += "<br\/>- Mac OSX:<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
518
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"visc\",-1," + j + ")'>Viscosity Bundle</button>";
519 520 521
		if (servers[index][2] == "server_tls") {
			cell2.innerHTML += "<br\/>- Yealink SIP Handsets: <br\/>";
			cell2.innerHTML += "&nbsp;&nbsp; ";
522
      cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf_yealink_t28\",-1," + j + ")'>T28</button>";
523
			cell2.innerHTML += "&nbsp;&nbsp; ";
524
      cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf_yealink_t38g\",-1," + j + ")'>T38G (1)</button>";
525
			cell2.innerHTML += "&nbsp;&nbsp; ";
526
      cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf_yealink_t38g\",-1," + j + ")'>T38G (1)</button>";
527
			cell2.innerHTML += "<br\/>";
528
      cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf_snom\",-1," + j + ")'>SNOM SIP Handset</button>";
529 530 531 532 533 534 535 536 537 538 539
		}
	}
	if (servers[index][2] == 'server_user') {
		var row = table.insertRow(table.rows.length);
		var cell0 = row.insertCell(0);
		var cell1 = row.insertCell(1);
		var cell2 = row.insertCell(2);
		cell0.innerHTML = "Authentication Only (No Cert)";
		cell1.innerHTML = "none";
		cell2.innerHTML = "- Standard Configurations:<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
540
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confzip\"," + i + ")'>Archive</button>";
541 542
		cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\"," + i + ")'>Archive<\/a>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
543
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"conf\"," + i + ")'>File Only</button>";
544 545 546
		cell2.innerHTML += "<a href='javascript:download_begin(\"conf\"," + i + ")'>File Only<\/a>";
		cell2.innerHTML += "<br\/>- Inline Configurations:<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
547
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinlinedroid\"," + i + ")'>Android</button>";
548 549
		cell2.innerHTML += "<a href='javascript:download_begin(\"confinlinedroid\"," + i + ")'>Android<\a>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
550
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinlineios\"," + i + ")'>OpenVPN Connect (iOS/Android)</button>";
551 552
		cell2.innerHTML += "<a href='javascript:download_begin(\"confinlineios\"," + i + ")'>OpenVPN Connect (iOS/Android)<\/a>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
553
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"confinline\"," + i + ")'>Others</button>";
554 555 556
		cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ")'>Others<\/a>";
		cell2.innerHTML += "<br\/>- Windows Installers (<?php echo $current_openvpn_version . '-Ix' . $current_openvpn_version_rev;?>):<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
557
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x86-xp\"," + i + ")'>x86-xp</button>";
558
		cell2.innerHTML += "&nbsp;&nbsp; ";
559
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x64-xp\"," + i + ")'>x64-xp</button>";
560
		cell2.innerHTML += "&nbsp;&nbsp; ";
561
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x86-win6\"," + i + ")'>x86-win6</button>";
562
		cell2.innerHTML += "&nbsp;&nbsp; ";
563
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"inst-x64-win6\"," + i + ")'>x64-win6</button>";
564 565
		cell2.innerHTML += "<br\/>- Mac OSX:<br\/>";
		cell2.innerHTML += "&nbsp;&nbsp; ";
566
    cell2.innerHTML += "<button type='button' class='btn btn-primary btn-xs' onclick='download_begin(\"visc\"," + i + ")'>Viscosity Bundle</button>";
567 568 569 570 571 572
	}
}

function useaddr_changed(obj) {

	if (obj.value == "other")
573
		$('#HostName').show();
574
	else
575
		$('#HostName').hide();
576 577 578 579 580 581 582 583 584 585 586 587 588

}

function usepass_changed() {

	if (document.getElementById("usepass").checked)
		document.getElementById("usepass_opts").style.display = "";
	else
		document.getElementById("usepass_opts").style.display = "none";
}

function useproxy_changed(obj) {

589 590 591 592 593 594 595 596 597 598 599
  if ($('#useproxy').prop( "checked" ) ){
      $('#useproxy_opts').show();
  } else {
      $('#useproxy_opts').hide();
  }

  if ($( "#useproxypass option:selected" ).text() != 'none') {
      $('#useproxypass_opts').show();
  } else {
      $('#useproxypass_opts').hide();
  }
600 601 602 603
}
//]]>
</script>
<?php
604
if (isset($input_errors) && count($input_errors) > 0) {
605 606
    print_input_errors($input_errors);
}
607
if (isset($savemsg)) {
608 609
    print_info_box($savemsg);
}
610
?>
611 612 613 614 615 616 617
<section class="page-content-main">
  <div class="container-fluid">
    <div class="row">
      <section class="col-xs-12">
        <div class="tab-content content-box col-xs-12">
          <div class="table-responsive">
            <table width="100%" border="0" class="table table-striped" cellpadding="0" cellspacing="0">
618 619 620 621
              <tr>
                <td width="22%"></td>
                <td width="78%" align="right">
                  <small><?=gettext("full help"); ?> </small>
622
                  <i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page" type="button"></i></a>
623 624
                </td>
              </tr>
625 626 627 628 629
					<tr>
						<td valign="top"><i class="fa fa-info-circle text-muted"></i> <?=gettext("Remote Access Server");?></td>
						<td>
							<select name="server" id="server" class="formselect" onchange="server_changed()">
								<?php foreach ($ras_server as & $server) :
630
    ?>
631 632
								<option value="<?=$server['index'];
?>"><?=htmlspecialchars($server['name']);?></option>
633
								<?php
634
endforeach; ?>
635 636 637 638 639 640
							</select>
						</td>
					</tr>
					<tr>
						<td valign="top"><i class="fa fa-info-circle text-muted"></i> <?=gettext("Host Name Resolution");?></td>
						<td >
641 642 643
                  <select name="useaddr" id="useaddr" class="formselect" onchange="useaddr_changed(this)">
                    <option value="serveraddr" ><?=gettext("Interface IP Address");?></option>
                    <option value="servermagic" ><?=gettext("Automagic Multi-WAN IPs (port forward targets)");?></option>
644
                    <option value="servermagichost" ><?=gettext("Automagic Multi-WAN dynamic DNS Hostnames (port forward targets)");?></option>
645 646
                    <option value="serverhostname" ><?=gettext("Installation hostname");?></option>
                    <?php if (isset($config['dyndnses']['dyndns'])) :
647
?>
648
                        <?php foreach ($config['dyndnses']['dyndns'] as $ddns) :
649
?>
650
                        <option value="<?php echo $ddns["host"] ?>"><?=gettext("Dynamic DNS");
651 652
?>: <?= htmlspecialchars($ddns["host"]); ?></option>
                        <?php
653
endforeach; ?>
654
                    <?php
655
endif; ?>
656
                    <?php if (isset($config['dnsupdates']['dnsupdate'])) :
657
?>
658
                        <?php foreach ($config['dnsupdates']['dnsupdate'] as $ddns) :
659
?>
660
                        <option value="<?php echo $ddns["host"] ?>"><?=gettext("Dynamic DNS");
661 662
?>: <?= htmlspecialchars($ddns["host"]); ?></option>
                        <?php
663
endforeach; ?>
664
                    <?php
665
endif; ?>
666 667 668 669
                    <option value="other"><?=gettext("Other");?></option>
                  </select>
                  <div id="HostName" style="display:none;" >
                    <div>
670
                        <?=gettext("Enter the hostname or IP address the client will use to connect to this server.");?>
671 672 673
                    </div>
                    <input name="useaddr_hostname" type="text" id="useaddr_hostname" size="40" />
                  </div>
674 675 676 677 678
						</td>
					</tr>
					<tr>
						<td valign="top"><a id="help_for_verify_server_cn" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Verify Server CN");?></td>
						<td >
679 680 681 682 683 684 685 686 687 688 689
                  <select name="verifyservercn" id="verifyservercn" class="formselect">
                    <option value="auto"><?=gettext("Automatic - Use verify-x509-name (OpenVPN 2.3+) where possible");?></option>
                    <option value="tls-remote"><?=gettext("Use tls-remote (Deprecated, use only on old clients &lt;= OpenVPN 2.2.x");?>)</option>
                    <option value="tls-remote-quote"><?=gettext("Use tls-remote and quote the server CN");?></option>
                    <option value="none"><?=gettext("Do not verify the server CN");?></option>
                  </select>
                  <div class="hidden" for="help_for_verify_server_cn">
                    <?=gettext("Optionally verify the server certificate Common Name (CN) when the client connects. Current clients, including the most recent versions of Windows, Viscosity, Tunnelblick, OpenVPN on iOS and Android and so on should all work at the default automatic setting.");?><br/><br/>
                    <?=gettext("Only use tls-remote if you must use an older client that you cannot control. The option has been deprecated by OpenVPN and will be removed in the next major version.");?><br/><br/>
                    <?=gettext("With tls-remote the server CN may optionally be enclosed in quotes. This can help if the server CN contains spaces and certain clients cannot parse the server CN. Some clients have problems parsing the CN with quotes. Use only as needed.");?>
                  </div>
690 691 692 693 694
						</td>
					</tr>
					<tr>
						<td valign="top"><a id="help_for_random_local_port" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Use Random Local Port");?></td>
						<td >
695 696 697 698 699 700
                  <input name="randomlocalport" id="randomlocalport" type="checkbox" value="yes" checked="CHECKED" />
                  <div class="hidden" for="help_for_random_local_port">
                    <?=gettext("Use a random local source port (lport) for traffic from the client. Without this set, two clients may not run concurrently.");?>
                    <br/>
                    <?=gettext("NOTE: Not supported on older clients. Automatically disabled for Yealink and Snom configurations."); ?>
                  </div>
701 702 703 704
					</tr>
					<tr>
						<td valign="top"><i class="fa fa-info-circle text-muted"></i> <?=gettext("Certificate Export Options");?></td>
						<td >
705 706 707 708 709 710 711 712 713 714 715 716 717 718
                  <div>
                    <input name="usetoken" id="usetoken" type="checkbox" value="yes" />
                    <?=gettext("Use Microsoft Certificate Storage instead of local files.");?>
                  </div>
                  <div>
                    <input name="usepass" id="usepass" type="checkbox" value="yes" onclick="usepass_changed()" />
                    <?=gettext("Use a password to protect the pkcs12 file contents or key in Viscosity bundle.");?>
                  </div>
                  <div id="usepass_opts" style="display:none">
                    <?=gettext("Password");?> :
                    <input name="pass" id="pass" type="password" class="formfld pwd" size="20" value="" />
                    <?=gettext("Confirm");?> :
                    <input name="conf" id="conf" type="password" class="formfld pwd" size="20" value="" />
                  </div>
719 720 721 722 723
						</td>
					</tr>
					<tr>
						<td valign="top"><a id="help_for_http_proxy" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Use Proxy");?></td>
						<td >
724 725 726 727 728 729 730 731
                  <input name="useproxy" id="useproxy" type="checkbox" value="yes" onclick="useproxy_changed(this)" />
                  <div class="hidden" for="help_for_http_proxy">
                    <?=gettext("Use proxy to communicate with the server.");?>
                  </div>
                  <div id="useproxy_opts" style="display:none" >
                    <?=gettext("Type");?>
                    <select name="useproxytype" id="useproxytype" class="formselect">
                      <option value="http"><?=gettext("HTTP");?></option>
732
                      <option value="socks"><?=gettext("SOCKS");?></option>
733 734 735 736 737 738
                    </select>
                    <?=gettext("IP Address");?>
                    <input name="proxyaddr" id="proxyaddr" type="text" class="formfld unknown" size="30" value="" />
                    <?=gettext("Port");?> :
                    <input name="proxyport" id="proxyport" type="text" class="formfld unknown" size="5" value="" />
                    <div>
739
                        <?=gettext("Choose proxy authentication if any.");?>
740 741 742 743 744 745 746 747
                      <select name="useproxypass" id="useproxypass" class="formselect" onchange="useproxy_changed(this)">
                        <option value="none"><?=gettext("none");?></option>
                        <option value="basic"><?=gettext("basic");?></option>
                        <option value="ntlm"><?=gettext("ntlm");?></option>
                      </select>
                      <div id="useproxypass_opts" style="display:none">
                        <?=gettext("Username");?> :
                        <input name="proxyuser" id="proxyuser" type="text" class="formfld unknown" size="20" value="" />
748
                            <?=gettext("Password");?> :
749
                        <input name="proxypass" id="proxypass" type="password" class="formfld pwd" size="20" value="" />
750
                            <?=gettext("Confirm");?> :
751 752 753 754
                        <input name="proxyconf" id="proxyconf" type="password" class="formfld pwd" size="20" value="" />
                      </div>
                    </div>
                  </div>
755 756 757 758 759
						</td>
					</tr>
					<tr>
						<td valign="top"><a id="help_for_openvpnmanager" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Management Interface OpenVPNManager");?></td>
						<td >
760 761 762 763 764 765 766 767
                  <input name="openvpnmanager" id="openvpnmanager" type="checkbox" value="yes" />
                  <div class="hidden" for="help_for_openvpnmanager">
                    <?=gettext('This will change the generated .ovpn configuration to allow for usage of the management interface.'.
                    'And include the OpenVPNManager program in the "Windows Installers". With this OpenVPN can be used also by non-administrator users.'.
                    'This is also useful for Windows Vista/7/8 systems where elevated permissions are needed to add routes to the system.');?>
                    <br/>
                    <?=gettext("NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.");?>
                  </div>
768 769 770 771 772 773 774 775
						</td>
					</tr>
					<tr>
						<td colspan="2" class="list" height="12">&nbsp;</td>
					</tr>
					<tr>
						<td valign="top"><a id="help_for_advancedoptions" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Additional configuration options");?></td>
						<td >
776 777 778
                  <textarea rows="6" cols="68" name="advancedoptions" id="advancedoptions"></textarea><br/>
                  <div class="hidden" for="help_for_advancedoptions">
                    <?=gettext("Enter any additional options you would like to add to the OpenVPN client export configuration here, separated by a line break or semicolon"); ?><br/>
779
							<?=gettext("EXAMPLE: remote-random"); ?>;
780
                  </div>
781 782 783 784
						</td>
					</tr>
					<tr>
						<td valign="top"><a id="help_for_clientpkg" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Client Install Packages");?></td>
785 786
                <td>
                  <table width="100%" id="users" border="0" cellpadding="0" cellspacing="0" class="table table-striped table-bordered ">
787 788 789 790 791 792
						<tr>
							<td width="25%" ><b><?=gettext("User");?></b></td>
							<td width="35%" ><b><?=gettext("Certificate Name");?></b></td>
							<td width="40%" ><b><?=gettext("Export");?></b></td>
						</tr>
					</table>
793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808
                  <div class="hidden" for="help_for_clientpkg">
                    <?= gettext("NOTES:") ?> <br/>
                    <?= gettext("The &quot;XP&quot; Windows installers work on Windows XP and later versions. The &quot;win6&quot; Windows installers include a new tap-windows6 driver that works only on Windows Vista and later.") ?><br/>
                    <br/><br/>
                    <strong><?= gettext("Links to OpenVPN clients for various platforms:") ?></strong><br/>
                    <a href="http://openvpn.net/index.php/open-source/downloads.html"><?= gettext("OpenVPN Community Client") ?></a> - <?=gettext("Binaries for Windows, Source for other platforms. Packaged above in the Windows Installers")?><br/>
                    <a href="https://play.google.com/store/apps/details?id=de.blinkt.openvpn"><?= gettext("OpenVPN For Android") ?></a> - <?=gettext("Recommended client for Android")?><br/>
                    <a href="http://www.featvpn.com/"><?= gettext("FEAT VPN For Android") ?></a> - <?=gettext("For older versions of Android")?><br/>
                    <?= gettext("OpenVPN Connect") ?>: <a href="https://play.google.com/store/apps/details?id=net.openvpn.openvpn"><?=gettext("Android (Google Play)")?></a> or <a href="https://itunes.apple.com/us/app/openvpn-connect/id590379981"><?=gettext("iOS (App Store)")?></a> - <?= gettext("Recommended client for iOS") ?>
                    <br/><a href="http://www.sparklabs.com/viscosity/"><?= gettext("Viscosity") ?></a> - <?= gettext("Recommended client for Mac OSX") ?>
                    <br/><a href="http://code.google.com/p/tunnelblick/"><?= gettext("Tunnelblick") ?></a> - <?= gettext("Free client for OSX") ?>
                    <br/><br/>
                    <?= gettext("NOTES:") ?><br/>
                    <?= gettext("If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager.") ?><br/>
                  </div>
                </td>
809 810
					</tr>
				</table>
811 812 813 814 815 816 817
          </div>
        </div>
      </section>
    </div>
  </div>
</section>

818 819 820 821 822 823
<script type="text/javascript">
//<![CDATA[
server_changed();
//]]>
</script>

824
<?php include("foot.inc"); ?>