PHP openvpn_build_cert_list Examples

Programming Language: PHP

Method/Function: openvpn_build_cert_list

Examples at hotexamples.com: 4

PHP openvpn_build_cert_list - 4 examples found. These are the top rated real world PHP examples of openvpn_build_cert_list extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: vpn_openvpn_client.php Project: ffdesousa/pfsense

     $list = array();
     foreach ($a_ca as $ca) {
         $list[$ca['refid']] = $ca['descr'];
     }
     $section->addInput(new Form_Select('caref', 'Peer Certificate Authority', $pconfig['caref'], $list));
 } else {
     $section->addInput(new Form_StaticText('Peer Certificate Authority', sprintf('No Certificate Authorities defined. You may create one here: %s', '<a href="system_camanager.php">System &gt; Cert Manager</a>')));
 }
 if (count($a_crl)) {
     $section->addInput(new Form_Select('crlref', 'Peer Certificate Revocation list', $pconfig['crlref'], openvpn_build_crl_list()));
 } else {
     $section->addInput(new Form_StaticText('Peer Certificate Revocation list', sprintf('No Certificate Revocation Lists defined. You may create one here: %s', '<a href="system_crlmanager.php">System &gt; Cert Manager &gt; Certificate Revocation</a>')));
 }
 $section->addInput(new Form_Checkbox('autokey_enable', 'Auto generate', 'Automatically generate a shared key', $pconfig['autokey_enable'] && empty($pconfig['shared_key'])));
 $section->addInput(new Form_Textarea('shared_key', 'Shared Key', $pconfig['shared_key']))->setHelp('Paste your shared key here');
 $cl = openvpn_build_cert_list(true);
 $section->addInput(new Form_Select('certref', 'Client Certificate', $pconfig['certref'], $cl['server']));
 $section->addInput(new Form_Select('crypto', 'Encryption Algorithm', $pconfig['crypto'], openvpn_get_cipherlist()));
 $section->addInput(new Form_Select('digest', 'Auth digest algorithm', $pconfig['digest'], openvpn_get_digestlist()))->setHelp('Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN. ');
 $section->addInput(new Form_Select('engine', 'Hardware Crypto', $pconfig['engine'], openvpn_get_engines()));
 $form->add($section);
 $section = new Form_Section('Tunnel settings');
 $section->addInput(new Form_Input('tunnel_network', 'IPv4 Tunnel Network', 'text', $pconfig['tunnel_network']))->setHelp('This is the IPv4 virtual network used for private communications between this client and the sercer ' . 'expressed using CIDR (eg. 10.0.8.0/24). The first network address will be assigned to ' . 'the client virtual interface.');
 $section->addInput(new Form_Input('tunnel_networkv6', 'IPv6 Tunnel Network', 'text', $pconfig['tunnel_networkv6']))->setHelp('This is the IPv6 virtual network used for private ' . 'communications between this client and the server	expressed using CIDR (eg. fe80::/64). ' . 'The first network address will be assigned to the server virtual interface.');
 $section->addInput(new Form_Input('remote_network', 'IPv4 Remote network(s)', 'text', $pconfig['remote_network']))->setHelp('IPv4 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' . 'changing the routing tables. Expressed as a comma-separated list of one or more CIDR ranges. ' . 'If this is a site-to-site VPN, enter the remote LAN/s here. You may leave this blank if you don\'t want a site-to-site VPN.');
 $section->addInput(new Form_Input('remote_networkv6', 'IPv6 Remote network(s)', 'text', $pconfig['remote_networkv6']))->setHelp('These are the IPv6 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' . 'changing the routing tables. Expressed as a comma-separated list of one or more IP/PREFIX. ' . 'If this is a site-to-site VPN, enter the remote LAN/s here. You may leave this blank if you don\'t want a site-to-site VPN.');
 $section->addInput(new Form_Input('use_shaper', 'Limit outgoing bandwidth', 'number', $pconfig['use_shaper'], ['min' => 100, 'max' => 100000000, 'placeholder' => 'Between 100 and 100,000,000 bytes/sec']))->setHelp('Maximum outgoing bandwidth for this tunnel. Leave empty for no limit. The input value has to be something between 100 bytes/sec and 100 Mbytes/sec (entered as bytes per second).');
 $section->addInput(new Form_Select('compression', 'Compression', $pconfig['compression'], $openvpn_compression_modes))->setHelp('Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently.');
 $section->addInput(new Form_Checkbox('passtos', 'Type-of-Service', 'Set the TOS IP header value of tunnel packets to match the encapsulated packet value.', $pconfig['passtos']));
 $section->addInput(new Form_Checkbox('no_tun_ipv6', 'Disable IPv6', 'Don\'t forward IPv6 traffic. ', $pconfig['no_tun_ipv6']));
 $section->addInput(new Form_Checkbox('route_no_pull', 'Don\'t pull routes', 'Bars the server from adding routes to the client\'s routing table', $pconfig['route_no_pull']))->setHelp('This option still allows the server to set the TCP/IP properties of the client\'s TUN/TAP interface. ');

Example #2

Show file

File: vpn_openvpn_client.php Project: michaeleino/pfsense

     $list = array();
     foreach ($a_ca as $ca) {
         $list[$ca['refid']] = $ca['descr'];
     }
     $section->addInput(new Form_Select('caref', 'Peer Certificate Authority', $pconfig['caref'], $list));
 } else {
     $section->addInput(new Form_StaticText('Peer Certificate Authority', sprintf('No Certificate Authorities defined. You may create one here: %s', '<a href="system_camanager.php">System &gt; Cert Manager</a>')));
 }
 if (count($a_crl)) {
     $section->addInput(new Form_Select('crlref', 'Peer Certificate Revocation list', $pconfig['crlref'], openvpn_build_crl_list()));
 } else {
     $section->addInput(new Form_StaticText('Peer Certificate Revocation list', sprintf('No Certificate Revocation Lists defined. You may create one here: %s', '<a href="system_camanager.php">System &gt; Cert Manager</a>')));
 }
 $section->addInput(new Form_Checkbox('autokey_enable', 'Auto generate', 'Automatically generate a shared key', $pconfig['autokey_enable'] && empty($pconfig['shared_key'])));
 $section->addInput(new Form_Textarea('shared_key', 'Shared Key', $pconfig['shared_key']))->setHelp('Paste your shared key here');
 $section->addInput(new Form_Select('certref', 'Client Certificate', $pconfig['certref'], openvpn_build_cert_list(true)));
 $section->addInput(new Form_Select('crypto', 'Encryption Algorithm', $pconfig['crypto'], openvpn_get_cipherlist()));
 $section->addInput(new Form_Select('digest', 'Auth digest algorithm', $pconfig['digest'], openvpn_get_digestlist()))->setHelp('Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN. ');
 $section->addInput(new Form_Select('engine', 'Hardware Crypto', $pconfig['engine'], openvpn_get_engines()));
 $form->add($section);
 $section = new Form_Section('Tunnel settings');
 $section->addInput(new Form_Input('tunnel_network', 'IPv4 Tunnel Network', 'text', $pconfig['tunnel_network']))->setHelp('This is the IPv4 virtual network used for private communications between this client and the sercer ' . 'expressed using CIDR (eg. 10.0.8.0/24). The first network address will be assigned to ' . 'the client virtual interface.');
 $section->addInput(new Form_Input('tunnel_networkv6', 'IPv6 Tunnel Network', 'text', $pconfig['tunnel_networkv6']))->setHelp('This is the IPv6 virtual network used for private ' . 'communications between this client and the server	expressed using CIDR (eg. fe80::/64). ' . 'The first network address will be assigned to the server virtual interface.');
 $section->addInput(new Form_Input('remote_network', 'IPv4 Remote network(s)', 'text', $pconfig['remote_network']))->setHelp('IPv4 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' . 'changing the routing tables. Expressed as a comma-separated list of one or more CIDR ranges. ' . 'If this is a site-to-site VPN, enter the remote LAN/s here. You may leave this blank if you don\'t want a site-to-site VPN.');
 $section->addInput(new Form_Input('remote_networkv6', 'IPv6 Remote network(s)', 'text', $pconfig['remote_networkv6']))->setHelp('These are the IPv6 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' . 'changing the routing tables. Expressed as a comma-separated list of one or more IP/PREFIX. ' . 'If this is a site-to-site VPN, enter the remote LAN/s here. You may leave this blank if you don\'t want a site-to-site VPN.');
 $section->addInput(new Form_Input('use_shaper', 'Limit outgoing bandwidth', 'number', $pconfig['use_shaper'], ['min' => 100, 'max' => 100000000, 'placeholder' => 'Between 100 and 100,000,000 bytes/sec']))->setHelp('Maximum outgoing bandwidth for this tunnel. Leave empty for no limit. The input value has to be something between 100 bytes/sec and 100 Mbytes/sec (entered as bytes per second).');
 $section->addInput(new Form_Select('compression', 'Compression', $pconfig['compression'], $openvpn_compression_modes))->setHelp('Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently.');
 $section->addInput(new Form_Checkbox('passtos', 'Type-of-Service', 'Set the TOS IP header value of tunnel packets to match the encapsulated packet value.', $pconfig['passtos']));
 $section->addInput(new Form_Checkbox('no_tun_ipv6', 'Disable IPv6', 'Don\'t forward IPv6 traffic. ', $pconfig['no_tun_ipv6']));
 $section->addInput(new Form_Checkbox('route_no_pull', 'Don\'t pull routes', 'Bars the server from adding routes to the client\'s routing table', $pconfig['route_no_pull']))->setHelp('This option still allows the server to set the TCP/IP properties of the client\'s TUN/TAP interface. ');
 $section->addInput(new Form_Checkbox('route_no_exec', 'Don\'t add/remove routes', 'Don\'t add or remove routes automatically', $pconfig['route_no_exec']))->setHelp('Pass routes to --route-upscript using environmental variables');

Example #3

Show file

File: vpn_openvpn_server.php Project: hexaclock/pfsense

 } else {
     $section->addInput(new Form_StaticText('Peer Certificate Revocation list', sprintf('No Certificate Revocation Lists defined. You may create one here: %s', '<a href="system_camanager.php">System &gt; Cert Manager</a>')));
 }
 $certhelp = '<span id="certtype"></span>';
 if (count($a_cert)) {
     if (!empty(trim($pconfig['certref']))) {
         $thiscert = lookup_cert($pconfig['certref']);
         $purpose = cert_get_purpose($thiscert['crt'], true);
         if ($purpose['server'] != "Yes") {
             $certhelp = '<span id="certtype" class="text-danger">' . gettext("Warning: The selected server certificate was not created as an SSL Server certificate and may not work as expected") . ' </span>';
         }
     }
 } else {
     $certhelp = sprintf('%s%s%s$s', '<span id="certtype">', gettext('No Certificates defined. You may create one here: '), '<a href="system_camanager.php">' . gettext("System &gt; Cert Manager") . '</a>', '</span>');
 }
 $cl = openvpn_build_cert_list(false, true);
 //Save the number of server certs for use at run-time
 $servercerts = count($cl['server']);
 $section->addInput(new Form_Select('certref', 'Server certificate', $pconfig['certref'], $cl['server'] + $cl['non-server']))->setHelp($certhelp);
 $section->addInput(new Form_Select('dh_length', 'DH Parameter length (bits)', $pconfig['dh_length'], array_combine($openvpn_dh_lengths, $openvpn_dh_lengths)))->setHelp(count($a_cert) ? '' : sprintf('No Certificates defined. You may create one here: %s', '<a href="system_camanager.php">System &gt; Cert Manager</a>'));
 if (!$pconfig['shared_key']) {
     $section->addInput(new Form_Checkbox('autokey_enable', 'Shared key', 'Automatically generate a shared key', $pconfig['autokey_enable']));
 }
 $section->addInput(new Form_Textarea('shared_key', 'Shared Key', $pconfig['shared_key']))->setHelp('Paste your shared key here');
 $section->addInput(new Form_Select('crypto', 'Encryption Algorithm', $pconfig['crypto'], openvpn_get_cipherlist()));
 $section->addInput(new Form_Select('digest', 'Auth digest algorithm', $pconfig['digest'], openvpn_get_digestlist()))->setHelp('Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN. ');
 $section->addInput(new Form_Select('engine', 'Hardware Crypto', $pconfig['engine'], openvpn_get_engines()));
 $section->addInput(new Form_Select('cert_depth', 'Certificate Depth', $pconfig['cert_depth'], ["" => gettext("Do Not Check")] + $openvpn_cert_depths))->setHelp('When a certificate-based client logs in, do not accept certificates below this depth. ' . 'Useful for denying certificates made with intermediate CAs generated from the same CA as the server.');
 $section->addInput(new Form_Checkbox('strictusercn', 'Strict User-CN Matching', 'Enforce match', $pconfig['strictusercn']))->setHelp('When authenticating users, enforce a match between the common name of the client certificate and the username given at login.');
 $form->add($section);
 $section = new Form_Section('Tunnel settings');

Example #4

Show file

File: vpn_openvpn_server.php Project: michaeleino/pfsense

 $section->addInput(new Form_Textarea('tls', 'Key', $pconfig['tls']))->setHelp('Paste your shared key here');
 if (count($a_ca)) {
     $list = array();
     foreach ($a_ca as $ca) {
         $list[$ca['refid']] = $ca['descr'];
     }
     $section->addInput(new Form_Select('caref', 'Peer Certificate Authority', $pconfig['caref'], $list));
 } else {
     $section->addInput(new Form_StaticText('Peer Certificate Authority', sprintf('No Certificate Authorities defined. You may create one here: %s', '<a href="system_camanager.php">System &gt; Cert Manager</a>')));
 }
 if (count($a_crl)) {
     $section->addInput(new Form_Select('crlref', 'Peer Certificate Revocation list', $pconfig['crlref'], openvpn_build_crl_list()));
 } else {
     $section->addInput(new Form_StaticText('Peer Certificate Revocation list', sprintf('No Certificate Revocation Lists defined. You may create one here: %s', '<a href="system_camanager.php">System &gt; Cert Manager</a>')));
 }
 $section->addInput(new Form_Select('certref', 'Server certificate', $pconfig['certref'], openvpn_build_cert_list()))->setHelp(count($a_cert) ? '' : sprintf('No Certificates defined. You may create one here: %s', '<a href="system_camanager.php">System &gt; Cert Manager</a>'));
 $section->addInput(new Form_Select('dh_length', 'DH Parameter length (bits)', $pconfig['dh_length'], array_combine($openvpn_dh_lengths, $openvpn_dh_lengths)))->setHelp(count($a_cert) ? '' : sprintf('No Certificates defined. You may create one here: %s', '<a href="system_camanager.php">System &gt; Cert Manager</a>'));
 if (!$pconfig['shared_key']) {
     $section->addInput(new Form_Checkbox('autokey_enable', 'Shared key', 'Automatically generate a shared key', $pconfig['autokey_enable']));
 }
 $section->addInput(new Form_Textarea('shared_key', 'Shared Key', $pconfig['shared_key']))->setHelp('Paste your shared key here');
 $section->addInput(new Form_Select('crypto', 'Encryption Algorithm', $pconfig['crypto'], openvpn_get_cipherlist()));
 $section->addInput(new Form_Select('digest', 'Auth digest algorithm', $pconfig['digest'], openvpn_get_digestlist()))->setHelp('Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN. ');
 $section->addInput(new Form_Select('engine', 'Hardware Crypto', $pconfig['engine'], openvpn_get_engines()));
 $section->addInput(new Form_Select('cert_depth', 'Certificate Depth', $pconfig['cert_depth'], $openvpn_cert_depths))->setHelp('When a certificate-based client logs in, do not accept certificates below this depth. ' . 'Useful for denying certificates made with intermediate CAs generated from the same CA as the server.');
 $section->addInput(new Form_Checkbox('strictusercn', 'Strict User-CN Matching', null, $pconfig['strictusercn']))->setHelp('When authenticating users, enforce a match between the common name of the client certificate and the username given at login.');
 $form->add($section);
 $section = new Form_Section('Tunnel settings');
 $section->addInput(new Form_Input('tunnel_network', 'IPv4 Tunnel Network', 'text', $pconfig['tunnel_network']))->setHelp('This is the IPv4 virtual network used for private communications between this server and client ' . 'hosts expressed using CIDR (eg. 10.0.8.0/24). The first network address will be assigned to ' . 'the server virtual interface. The remaining network addresses can optionally be assigned ' . 'to connecting clients. (see Address Pool)');
 $section->addInput(new Form_Input('tunnel_networkv6', 'IPv6 Tunnel Network', 'text', $pconfig['tunnel_networkv6']))->setHelp('This is the IPv6 virtual network used for private ' . 'communications between this server and client hosts expressed using CIDR (eg. fe80::/64). ' . 'The first network address will be assigned to the server virtual interface. The remaining ' . 'network addresses can optionally be assigned to connecting clients. (see Address Pool)');
 $section->addInput(new Form_Checkbox('serverbridge_dhcp', 'Bridge DHCP', 'Allow clients on the bridge to obtain DHCP.', $pconfig['serverbridge_dhcp']));