Merge

2015-09-29 15:01:54 +02:00 · 2015-09-29 15:01:54 +02:00 · 4a10cecb9a
commit 4a10cecb9a
parent 9bc83f4f6a 3f0bb7ed56
10 changed files with 701 additions and 353 deletions
--- a/conf/openvpn_client.conf.tpl
+++ b/conf/openvpn_client.conf.tpl
@ -1,8 +1,8 @@
-# [WARN] Edit this raw configuration ONLY IF YOU KNOW what
+# [WARN] Edit this raw configuration ONLY IF YOU KNOW 
-#        you do!
+#        what you do!
-# [WARN] Continue to use the placeholders <TPL:*> and keep
+# [WARN] Continue to use the placeholders <TPL:*> and
-#        update their value on the web admin (they are not
+#        keep update their value on the web admin (they 
-#        only used for this file).
+#        are not only used for this file).
 remote <TPL:SERVER_NAME>
 proto <TPL:PROTO>
@ -14,6 +14,7 @@ dev tun
 tun-ipv6
 keepalive 10 30
 comp-lzo adaptive
 resolv-retry infinite
 # Authentication by login
 <TPL:LOGIN_COMMENT>auth-user-pass /etc/openvpn/keys/credentials
@ -23,7 +24,9 @@ comp-lzo adaptive
 # TLS
 tls-client
 <TPL:TA_COMMENT>tls-auth /etc/openvpn/keys/user_ta.key 1
 remote-cert-tls server
 ns-cert-type server
 ca /etc/openvpn/keys/ca-server.crt
 <TPL:CERT_COMMENT>cert /etc/openvpn/keys/user.crt
 <TPL:CERT_COMMENT>key /etc/openvpn/keys/user.key
--- a/conf/ynh-vpnclient
+++ b/conf/ynh-vpnclient
@ -59,6 +59,11 @@ is_serverip6route_set() {
  fi
 }
 is_dns_set() {
  [ -e /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient ]\
  && grep -q ${ynh_dns0} /etc/resolv.conf
 }
 is_openvpn_running() {
  systemctl is-active openvpn@client.service &> /dev/null
 }
@ -66,7 +71,7 @@ is_openvpn_running() {
 is_running() {
  ((has_nativeip6 && is_serverip6route_set "${new_server_ip6}") || ! has_nativeip6)\
  && ((! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set) || has_hotspot_app || ! has_ip6delegatedprefix)\
-  && is_firewall_set && is_openvpn_running
+  && is_dns_set && is_firewall_set && is_openvpn_running
 }
 ## Setters
@ -96,6 +101,15 @@ set_serverip6route() {
  ip route add "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
 }
 set_dns() {
  cat << EOF > /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient
 echo nameserver ${ynh_dns0} > /etc/resolv.conf
 echo nameserver ${ynh_dns1} >> /etc/resolv.conf
 EOF
  bash /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient
 }
 start_openvpn() {
  ip6_gw=${1}
  server_ip6=${2}
@ -120,6 +134,12 @@ start_openvpn() {
    sed 's|^<TPL:CERT_COMMENT>|;|' -i /etc/openvpn/client.conf
  fi
  if [ -e /etc/openvpn/keys/user_ta.key ]; then
    sed 's|^<TPL:TA_COMMENT>||' -i /etc/openvpn/client.conf
  else
    sed 's|^<TPL:TA_COMMENT>|;|' -i /etc/openvpn/client.conf
  fi
  if [[ "${proto}" =~ udp ]]; then
    sed 's|^<TPL:UDP_COMMENT>||' -i /etc/openvpn/client.conf
  else
@ -154,6 +174,10 @@ unset_serverip6route() {
  ip route delete "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
 }
 unset_dns() {
  rm -f /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient
 }
 stop_openvpn() {
  systemctl stop openvpn.service
 }
@ -212,6 +236,8 @@ if [ "$1" != restart ]; then
  ynh_server_proto=$(ynh_setting_get vpnclient server_proto)
  ynh_ip6_addr=$(ynh_setting_get vpnclient ip6_addr)
  ynh_login_user=$(ynh_setting_get vpnclient login_user)
  ynh_dns0=$(ynh_setting_get vpnclient dns0)
  ynh_dns1=$(ynh_setting_get vpnclient dns1)
  old_ip6_gw=$(ynh_setting_get vpnclient ip6_gw)
  old_wired_device=$(ynh_setting_get vpnclient wired_device)
@ -280,6 +306,12 @@ case "${1}" in
        set_ip6addr
      fi
      # Set host DNS resolvers
      if ! is_dns_set; then
        echo "Set host DNS resolvers"
        set_dns
      fi
      # Set ipv6/ipv4 firewall
      if ! is_firewall_set "${new_wired_device}"; then
        echo "Set IPv6/IPv4 firewall"
@ -316,6 +348,11 @@ case "${1}" in
      unset_firewall
    fi
    if is_dns_set; then
      echo "Unset forced host DNS resolvers"
      unset_dns
    fi
    if is_openvpn_running; then
      echo "Stop openvpn"
      stop_openvpn
@ -387,6 +424,14 @@ case "${1}" in
      echo "[OK] IPv6/IPv4 firewall set"
    else
      echo "[ERR] No IPv6/IPv4 firewall set"
      exitcode=1
    fi
    if is_dns_set; then
      echo "[OK] Host DNS correctly set"
    else
      echo "[ERR] No host DNS set"
      exitcode=1
    fi
    if is_openvpn_running; then
--- a/scripts/install
+++ b/scripts/install
@ -65,6 +65,8 @@ if ! $upgrade; then
  sudo yunohost app setting vpnclient ip6_net -v none
  sudo yunohost app setting vpnclient login_user -v "${login_user}"
  sudo yunohost app setting vpnclient login_passphrase -v "${login_passphrase}"
  sudo yunohost app setting vpnclient dns0 -v 89.234.141.66
  sudo yunohost app setting vpnclient dns1 -v 2001:913::8
 fi
--- a/sources/controller.php
+++ b/sources/controller.php
@ -64,6 +64,29 @@ function ipv6_compressed($ip) {
  return $output[0];
 }
 function readAutoConf($file) {
  $json = file_get_contents($file);
  $config = json_decode($json, true);
  if(!empty($config['crt_server_ca'])) {
    $config['crt_server_ca'] = str_replace('|', "\n", $config['crt_server_ca']);
  }
  if(!empty($config['crt_client'])) {
    $config['crt_client'] = str_replace('|', "\n", $config['crt_client']);
  }
  if(!empty($config['crt_client_key'])) {
    $config['crt_client_key'] = str_replace('|', "\n", $config['crt_client_key']);
  }
  if(!empty($config['crt_client_ta'])) {
    $config['crt_client_ta'] = str_replace('|', "\n", $config['crt_client_ta']);
  }
  return $config;
 }
 dispatch('/', function() {
  $ip6_net = ynh_setting_get('ip6_net');
  $ip6_net = ($ip6_net == 'none') ? '' : $ip6_net;
@ -78,51 +101,73 @@ dispatch('/', function() {
  set('ip6_net', $ip6_net);
  set('crt_client_exists', file_exists('/etc/openvpn/keys/user.crt'));
  set('crt_client_key_exists', file_exists('/etc/openvpn/keys/user.key'));
  set('crt_client_ta_exists', file_exists('/etc/openvpn/keys/user_ta.key'));
  set('crt_server_ca_exists', file_exists('/etc/openvpn/keys/ca-server.crt'));
  set('faststatus', service_faststatus() == 0);
  set('raw_openvpn', $raw_openvpn);
  set('dns0', ynh_setting_get('dns0'));
  set('dns1', ynh_setting_get('dns1'));
  return render('settings.html.php');
 });
 dispatch_put('/settings', function() {
  $crt_client_exists = file_exists('/etc/openvpn/keys/user.crt');
  $crt_client_key_exists = file_exists('/etc/openvpn/keys/user.key');
  $crt_server_ca_exists = file_exists('/etc/openvpn/keys/ca-server.crt');
  $service_enabled = isset($_POST['service_enabled']) ? 1 : 0;
  $ip6_net = empty($_POST['ip6_net']) ? 'none' : $_POST['ip6_net'];
  $ip6_addr = 'none';
  if($service_enabled == 1) {
    $crt_client_exists = file_exists('/etc/openvpn/keys/user.crt');
    $crt_client_key_exists = file_exists('/etc/openvpn/keys/user.key');
    $crt_server_ca_exists = file_exists('/etc/openvpn/keys/ca-server.crt');
    $config = $_POST;
    $autoconf = false;
    try {
-      if(empty($_POST['server_name']) || empty($_POST['server_port']) || empty($_POST['server_proto'])) {
+      if($_FILES['cubefile']['error'] == UPLOAD_ERR_OK) {
        $config = readAutoConf($_FILES['cubefile']['tmp_name']);
        if(is_null($config)) {
          throw new Exception(_('Json Syntax Error, please check your dot cube file'));
        }
        $autoconf = true;
      }
      $ip6_net = empty($config['ip6_net']) ? 'none' : $config['ip6_net'];
      $ip6_addr = 'none';
      if(empty($config['server_name']) || empty($config['server_port']) || empty($config['server_proto'])) {
        throw new Exception(_('The Server Address, the Server Port and the Protocol cannot be empty'));
      }
-      if(!preg_match('/^\d+$/', $_POST['server_port'])) {
+      if(!preg_match('/^\d+$/', $config['server_port'])) {
        throw new Exception(_('The Server Port must be only composed of digits'));
      }
-      if($_POST['server_proto'] != 'udp' && $_POST['server_proto'] != 'tcp') {
+      if($config['server_proto'] != 'udp' && $config['server_proto'] != 'tcp') {
        throw new Exception(_('The Protocol must be "udp" or "tcp"'));
      }
-    
+
-      if(($_FILES['crt_client']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1))
+      if(empty($config['dns0']) || empty($config['dns1'])) {
-        || ($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client']['error'] != UPLOAD_ERR_OK && (!$crt_client_exists || $_POST['crt_client_delete'] == 1))) {
+        throw new Exception(_('You need to define two DNS resolver addresses'));
        throw new Exception(_('A Client Certificate is needed when you suggest a Key, or vice versa'));
      }
-    
+
-      if(empty($_POST['login_user']) xor empty($_POST['login_passphrase'])) {
+      if(empty($config['login_user']) xor empty($config['login_passphrase'])) {
        throw new Exception(_('A Password is needed when you suggest a Username, or vice versa'));
      }
-    
+
-      if($_FILES['crt_server_ca']['error'] != UPLOAD_ERR_OK && !$crt_server_ca_exists) {
+      if((!$autoconf && (($_FILES['crt_client']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1))
        || ($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client']['error'] != UPLOAD_ERR_OK && (!$crt_client_exists || $_POST['crt_client_delete'] == 1))))
        || ($autoconf && (empty($config['crt_client']) xor empty($config['crt_client_key'])))) {
        throw new Exception(_('A Client Certificate is needed when you suggest a Key, or vice versa'));
      } 
      if((!$autoconf && $_FILES['crt_server_ca']['error'] != UPLOAD_ERR_OK && !$crt_server_ca_exists) || ($autoconf && empty($config['crt_server_ca']))) {
        throw new Exception(_('You need a Server CA.'));
      }
-    
+      
-      if(($_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1)) && empty($_POST['login_user'])) {
+      if(((!$autoconf && $_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1)) || ($autoconf && empty($config['crt_client_key']))) && empty($config['login_user'])) {
        throw new Exception(_('You need either a Client Certificate, either a Username, or both'));
      }
@ -151,34 +196,110 @@ dispatch_put('/settings', function() {
  ynh_setting_set('service_enabled', $service_enabled);
  if($service_enabled == 1) {
-    ynh_setting_set('server_name', $_POST['server_name']);
+    ynh_setting_set('server_name', $config['server_name']);
-    ynh_setting_set('server_port', $_POST['server_port']);
+    ynh_setting_set('server_port', $config['server_port']);
-    ynh_setting_set('server_proto', $_POST['server_proto']);
+    ynh_setting_set('server_proto', $config['server_proto']);
-    ynh_setting_set('login_user', $_POST['login_user']);
+    ynh_setting_set('dns0', $config['dns0']);
-    ynh_setting_set('login_passphrase', $_POST['login_passphrase']);
+    ynh_setting_set('dns1', $config['dns1']);
    ynh_setting_set('login_user', $config['login_user']);
    ynh_setting_set('login_passphrase', $config['login_passphrase']);
    ynh_setting_set('ip6_net', $ip6_net);
    ynh_setting_set('ip6_addr', $ip6_addr);
    file_put_contents('/etc/openvpn/client.conf.tpl', $_POST['raw_openvpn']);
-    if($_FILES['crt_client']['error'] == UPLOAD_ERR_OK) {
+    if($autoconf) {
-      move_uploaded_file($_FILES['crt_client']['tmp_name'], '/etc/openvpn/keys/user.crt');
+      copy('/etc/openvpn/client.conf.tpl.restore', '/etc/openvpn/client.conf.tpl');
-    } elseif($_POST['crt_client_delete'] == 1) {
+
-      unlink('/etc/openvpn/keys/user.crt');
+      if(!empty($config['openvpn_rm'])) {
        $raw_openvpn = explode("\n", file_get_contents('/etc/openvpn/client.conf.tpl'));
        $fopenvpn = fopen('/etc/openvpn/client.conf.tpl', 'w');
        foreach($raw_openvpn AS $opt) {
          $filtered = false;
          if(!preg_match('/^#/', $opt) && !preg_match('/<TPL:/', $opt)) {
            foreach($config['openvpn_rm'] AS $filter) {
              if(preg_match("/$filter/i", $opt)) {
                $filtered = true;
              }
            }
          }
          if(!$filtered) {
            fwrite($fopenvpn, "$opt\n");
          }
        }
        fclose($fopenvpn);
      }
      if(!empty($config['openvpn_add'])) {
        $raw_openvpn = file_get_contents('/etc/openvpn/client.conf.tpl');
        $raw_openvpn .= "\n# Custom\n".implode("\n", $config['openvpn_add']);
        file_put_contents('/etc/openvpn/client.conf.tpl', $raw_openvpn);
      }
      if(empty($config['crt_client'])) {
        if(file_exists('/etc/openvpn/keys/user.crt')) {
          unlink('/etc/openvpn/keys/user.crt');
        }
      } else {
        file_put_contents('/etc/openvpn/keys/user.crt', $config['crt_client']);
      }
      if(empty($config['crt_client_key'])) {
        if(file_exists('/etc/openvpn/keys/user.key')) {
          unlink('/etc/openvpn/keys/user.key');
        }
      } else {
        file_put_contents('/etc/openvpn/keys/user.key', $config['crt_client_key']);
      }
      if(empty($config['crt_client_ta'])) {
        if(file_exists('/etc/openvpn/keys/user_ta.key')) {
          unlink('/etc/openvpn/keys/user_ta.key');
        }
      } else {
        file_put_contents('/etc/openvpn/keys/user_ta.key', $config['crt_client_ta']);
      }
      if(empty($config['crt_server_ca'])) {
        if(file_exists('/etc/openvpn/keys/ca-server.crt')) {
          unlink('/etc/openvpn/keys/ca-server.crt');
        }
      } else {
        file_put_contents('/etc/openvpn/keys/ca-server.crt', $config['crt_server_ca']);
      }
    } else {
      file_put_contents('/etc/openvpn/client.conf.tpl', $_POST['raw_openvpn']);
      if($_FILES['crt_client']['error'] == UPLOAD_ERR_OK) {
        move_uploaded_file($_FILES['crt_client']['tmp_name'], '/etc/openvpn/keys/user.crt');
      } elseif($_POST['crt_client_delete'] == 1) {
        unlink('/etc/openvpn/keys/user.crt');
      }
      if($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK) {
        move_uploaded_file($_FILES['crt_client_key']['tmp_name'], '/etc/openvpn/keys/user.key');
      } elseif($_POST['crt_client_key_delete'] == 1) {
        unlink('/etc/openvpn/keys/user.key');
      }
      if($_FILES['crt_client_ta']['error'] == UPLOAD_ERR_OK) {
        move_uploaded_file($_FILES['crt_client_ta']['tmp_name'], '/etc/openvpn/keys/user_ta.key');
      } elseif($_POST['crt_client_ta_delete'] == 1) {
        unlink('/etc/openvpn/keys/user_ta.key');
      }
      if($_FILES['crt_server_ca']['error'] == UPLOAD_ERR_OK) {
        move_uploaded_file($_FILES['crt_server_ca']['tmp_name'], '/etc/openvpn/keys/ca-server.crt');
      }
    }
-    if($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK) {
+    if(!empty($config['login_user'])) {
-      move_uploaded_file($_FILES['crt_client_key']['tmp_name'], '/etc/openvpn/keys/user.key');
+      file_put_contents('/etc/openvpn/keys/credentials', "${config['login_user']}\n${config['login_passphrase']}");
    } elseif($_POST['crt_client_key_delete'] == 1) {
      unlink('/etc/openvpn/keys/user.key');
    }
    if($_FILES['crt_server_ca']['error'] == UPLOAD_ERR_OK) {
      move_uploaded_file($_FILES['crt_server_ca']['tmp_name'], '/etc/openvpn/keys/ca-server.crt');
    }
    if(!empty($_POST['login_user'])) {
      file_put_contents('/etc/openvpn/keys/credentials', "${_POST['login_user']}\n${_POST['login_passphrase']}");
    } else {
      file_put_contents('/etc/openvpn/keys/credentials', '');
    }
--- a/sources/i18n/fr_FR/LC_MESSAGES/localization.mo
+++ b/sources/i18n/fr_FR/LC_MESSAGES/localization.mo
--- a/sources/i18n/fr_FR/LC_MESSAGES/localization.po
+++ b/sources/i18n/fr_FR/LC_MESSAGES/localization.po
@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: data 2\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-07-25 10:42+0200\n"
+"POT-Creation-Date: 2015-09-29 14:09+0200\n"
-"PO-Revision-Date: 2015-07-25 10:50+0100\n"
+"PO-Revision-Date: 2015-09-29 14:10+0200\n"
 "Last-Translator: samy boutayeb <samy@langues-etcetera.fr>\n"
 "Language-Team: none\n"
 "Language: fr\n"
@ -17,60 +17,68 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Poedit 1.6.10\n"
+"X-Generator: Poedit 1.8.4\n"
-#: sources/controller.php:100
+#: sources/controller.php:130
 msgid "Json Syntax Error, please check your dot cube file"
 msgstr "Error de syntaxe Json, merci de vérifier votre fichier .cube"
 #: sources/controller.php:140
 msgid "The Server Address, the Server Port and the Protocol cannot be empty"
 msgstr ""
 "L'adresse du serveur, le port du serveur et le protocole ne peuvent pas être "
 "vides"
-#: sources/controller.php:104
+#: sources/controller.php:144
 msgid "The Server Port must be only composed of digits"
 msgstr "Le port du serveur ne peut correspondre qu'à des chiffres"
-#: sources/controller.php:108
+#: sources/controller.php:148
 msgid "The Protocol must be \"udp\" or \"tcp\""
 msgstr "Le protocole ne peut correspondre qu'à \"udp\" ou \"tcp\""
-#: sources/controller.php:114
+#: sources/controller.php:152
-msgid "A Client Certificate is needed when you suggest a Key, or vice versa"
+msgid "You need to define two DNS resolver addresses"
-msgstr ""
+msgstr "Vous devez définir deux adresses de résolveur DNS"
 "Un certificat client est nécessaire si vous proposez une clé, et inversement"
-#: sources/controller.php:118
+#: sources/controller.php:156
 msgid "A Password is needed when you suggest a Username, or vice versa"
 msgstr ""
 "Un mot de passe est nécessaire si vous proposez un nom d'utilisateur, et "
 "inversement"
-#: sources/controller.php:122
+#: sources/controller.php:163
 msgid "A Client Certificate is needed when you suggest a Key, or vice versa"
 msgstr ""
 "Un certificat client est nécessaire si vous proposez une clé, et inversement"
 #: sources/controller.php:167
 msgid "You need a Server CA."
 msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur"
-#: sources/controller.php:126
+#: sources/controller.php:171
 msgid "You need either a Client Certificate, either a Username, or both"
 msgstr ""
 "Vous devez avoir soit un certificat client, soit un nom d'utilisateur, soit "
 "les deux"
-#: sources/controller.php:133
+#: sources/controller.php:178
 msgid "The IPv6 Delegated Prefix format looks bad"
 msgstr "Le format du préfixe IPv6 délégué semble incorrect"
-#: sources/controller.php:144
+#: sources/controller.php:189
 msgid "configuration not updated"
 msgstr "configuration non-mise à jour"
-#: sources/controller.php:189
+#: sources/controller.php:310
 msgid "Configuration updated and service successfully reloaded"
 msgstr "Configuration mise à jour et service correctement rechargé"
-#: sources/controller.php:191
+#: sources/controller.php:312
 msgid "Configuration updated but service reload failed"
 msgstr "Configuration mise à jour mais le rechargement du service a échoué"
-#: sources/controller.php:195
+#: sources/controller.php:316
 msgid "Service successfully disabled"
 msgstr "Service désactivé avec succès"
@ -82,8 +90,8 @@ msgstr "Client VPN"
 msgid "Error"
 msgstr "Erreur"
-#: sources/views/layout.html.php:54 sources/views/settings.html.php:125
+#: sources/views/layout.html.php:54 sources/views/settings.html.php:124
-#: sources/views/settings.html.php:165
+#: sources/views/settings.html.php:138
 msgid "Notice"
 msgstr "Notice"
@ -127,57 +135,53 @@ msgid "VPN Enabled"
 msgstr "VPN activé"
 #: sources/views/settings.html.php:60
 msgid "Manual"
 msgstr "Manuel"
 #: sources/views/settings.html.php:61
 msgid "Automatic"
 msgstr "Automatique"
 #: sources/views/settings.html.php:67
 msgid "VPN"
 msgstr "VPN"
-#: sources/views/settings.html.php:65
+#: sources/views/settings.html.php:72
 msgid "Server Address"
 msgstr "Adresse du serveur"
-#: sources/views/settings.html.php:72
+#: sources/views/settings.html.php:79
 msgid "Server Port"
 msgstr "Port du serveur"
-#: sources/views/settings.html.php:74
+#: sources/views/settings.html.php:81
 msgid "With restricted access, you should use 443 (TCP) or 53 (UDP)"
 msgstr "En cas d'accès restreint, utiliser 443 (TCP) ou 53 (UDP)"
-#: sources/views/settings.html.php:79
+#: sources/views/settings.html.php:86
 msgid "Protocol"
 msgstr "Protocole"
-#: sources/views/settings.html.php:82
+#: sources/views/settings.html.php:89
 msgid "UDP"
 msgstr "UDP"
-#: sources/views/settings.html.php:85
+#: sources/views/settings.html.php:92
 msgid ""
 "UDP is more efficient than TCP (but more filtered in case of restrictive "
 "access)"
 msgstr ""
 "UDP est plus performant que TCP (mais plus filtré en cas d'accès restreint)"
-#: sources/views/settings.html.php:86
+#: sources/views/settings.html.php:93
 msgid "TCP"
 msgstr "TCP"
-#: sources/views/settings.html.php:94
+#: sources/views/settings.html.php:99
-msgid "Edit the raw configuration only if you know what you do!"
+msgid "Delegated prefix (IPv6)"
-msgstr "N'éditez la configuration brute que si vous savez ce que vous faites !"
+msgstr "Préfixe délégué (IPv6)"
-#: sources/views/settings.html.php:94 sources/views/settings.html.php:99
+#: sources/views/settings.html.php:101
 msgid "Advanced"
 msgstr "Avancé"
 #: sources/views/settings.html.php:109
 msgid "IPv6"
 msgstr "IPv6"
 #: sources/views/settings.html.php:114
 msgid "Delegated prefix"
 msgstr "Préfixe délégué"
 #: sources/views/settings.html.php:116
 msgid ""
 "Leave empty if your Internet Service Provider does not give you a delegated "
 "prefix"
@ -185,7 +189,15 @@ msgstr ""
 "Laissez vide si votre Fournisseur d'Accès à Internet ne vous fournit pas de "
 "préfixe délégué."
-#: sources/views/settings.html.php:125
+#: sources/views/settings.html.php:108
 msgid "Edit the raw configuration only if you know what you do!"
 msgstr "N'éditez la configuration brute que si vous savez ce que vous faites !"
 #: sources/views/settings.html.php:108 sources/views/settings.html.php:113
 msgid "Advanced"
 msgstr "Avancé"
 #: sources/views/settings.html.php:124
 msgid ""
 "You need to upload a Client Certificate, or define a Username (or both) for "
 "starting your VPN Client."
@ -193,83 +205,132 @@ msgstr ""
 "Vous devez téléverser le certificat du client, ou définir un nom "
 "d'utilisateur (ou les deux) pour démarrer votre client VPN."
-#: sources/views/settings.html.php:131
+#: sources/views/settings.html.php:130
-msgid "Certificates"
+msgid "Authentication"
-msgstr "Certificats"
+msgstr "Authentification"
-#: sources/views/settings.html.php:136
+#: sources/views/settings.html.php:138
-msgid "Update Client Cert."
+msgid "You need to upload a Server CA for starting your VPN Client."
-msgstr "Actualiser le certificat client"
+msgstr "Vous devez transférer un CA de serveur pour démarrer votre client VPN."
-#: sources/views/settings.html.php:136
+#: sources/views/settings.html.php:142
-msgid "Upload Client Cert."
+msgid "Update Server CA"
-msgstr "Téléverser le certificat client"
+msgstr "Actualiser le CA du serveur"
-#: sources/views/settings.html.php:139 sources/views/settings.html.php:152
+#: sources/views/settings.html.php:142
-msgid "Delete this certificate"
+msgid "Upload Server CA"
-msgstr "Supprimer ce certificat"
+msgstr "Transférer le CA du serveur"
-#: sources/views/settings.html.php:144 sources/views/settings.html.php:157
+#: sources/views/settings.html.php:145
-#: sources/views/settings.html.php:177
+msgid "You cannot have no server CA"
 msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur"
 #: sources/views/settings.html.php:150 sources/views/settings.html.php:163
 #: sources/views/settings.html.php:176 sources/views/settings.html.php:189
 #: sources/views/settings.html.php:244
 msgid "Browse"
 msgstr "Parcourir"
-#: sources/views/settings.html.php:149
+#: sources/views/settings.html.php:155
 msgid "Update Client Cert."
 msgstr "Actualiser le certificat client"
 #: sources/views/settings.html.php:155
 msgid "Upload Client Cert."
 msgstr "Téléverser un certificat client"
 #: sources/views/settings.html.php:158 sources/views/settings.html.php:171
 #: sources/views/settings.html.php:184
 msgid "Delete this certificate"
 msgstr "Supprimer ce certificat"
 #: sources/views/settings.html.php:168
 msgid "Update Client Key"
 msgstr "Actualiser la clé client"
-#: sources/views/settings.html.php:149
+#: sources/views/settings.html.php:168
 msgid "Upload Client Key"
-msgstr "Téléverser la clé client"
+msgstr "Téléverser un clé client"
-#: sources/views/settings.html.php:155
+#: sources/views/settings.html.php:174 sources/views/settings.html.php:187
 msgid "Make sure your browser is able to read the key file before uploading"
 msgstr ""
 "Assurez-vous que votre navigateur peut lire le fichier contenant la clé "
 "avant de le téléverser"
-#: sources/views/settings.html.php:157
+#: sources/views/settings.html.php:176 sources/views/settings.html.php:189
 msgid "make sure your browser is able to read the key file before uploading"
 msgstr ""
 "assurez-vous que votre navigateur peut lire le fichier contenant la clé "
 "avant de le téléverser"
-#: sources/views/settings.html.php:165
+#: sources/views/settings.html.php:181
-msgid "You need to upload a Server CA for starting your VPN Client."
+msgid "Update Shared-Secret"
-msgstr "Vous devez transférer un CA de serveur pour démarrer votre client VPN."
+msgstr "Actualiser le secret partagé"
-#: sources/views/settings.html.php:169
+#: sources/views/settings.html.php:181
-msgid "Update Server CA"
+msgid "Upload Shared-Secret"
-msgstr "Actualiser le CA du serveur"
+msgstr "Téléverser un secret partagé"
-#: sources/views/settings.html.php:169
+#: sources/views/settings.html.php:194
 msgid "Upload Server CA"
 msgstr "Transférer le CA du serveur"
 #: sources/views/settings.html.php:172
 msgid "You cannot have no server CA"
 msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur"
 #: sources/views/settings.html.php:185
 msgid "Login"
 msgstr "Identifiant"
 #: sources/views/settings.html.php:190
 msgid "Username"
 msgstr "Nom d'utilisateur"
-#: sources/views/settings.html.php:192 sources/views/settings.html.php:199
+#: sources/views/settings.html.php:196 sources/views/settings.html.php:203
 msgid "Leave empty if not necessary"
 msgstr "Laisser vide si non nécessaire"
-#: sources/views/settings.html.php:197
+#: sources/views/settings.html.php:201
 msgid "Password"
 msgstr "Mot de passe"
-#: sources/views/settings.html.php:207
+#: sources/views/settings.html.php:211
 msgid "DNS"
 msgstr "DNS"
 #: sources/views/settings.html.php:216
 msgid "First resolver"
 msgstr "Premier résolveur"
 #: sources/views/settings.html.php:218 sources/views/settings.html.php:225
 msgid "IPv6 or IPv4"
 msgstr "IPv6 ou IPv4"
 #: sources/views/settings.html.php:223
 msgid "Second resolver"
 msgstr "Second résolveur"
 #: sources/views/settings.html.php:235
 msgid "Auto Configuration"
 msgstr "Configuration automatique"
 #: sources/views/settings.html.php:240
 msgid "Upload Config"
 msgstr "Téléverser une configuration"
 #: sources/views/settings.html.php:247
 msgid "What is a dot cube file?"
 msgstr "Qu'est-ce qu'un fichier .cube ?"
 #: sources/views/settings.html.php:255
 msgid "Reloading may take a few minutes. Be patient."
 msgstr "Le rechargement peut prendre quelques minutes. Soyez patient."
-#: sources/views/settings.html.php:207
+#: sources/views/settings.html.php:255
 msgid "Save and reload"
 msgstr "Sauvegarder et recharger"
 #~ msgid "ta.key"
 #~ msgstr "ta.key"
 #~ msgid "IPv6"
 #~ msgstr "IPv6"
 #~ msgid "Delegated prefix"
 #~ msgstr "Préfixe délégué"
 #~ msgid "Certificates"
 #~ msgstr "Certificats"
 #~ msgid "Login"
 #~ msgstr "Identifiant"
--- a/sources/i18n/localization.pot
+++ b/sources/i18n/localization.pot
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-07-25 10:42+0200\n"
+"POT-Creation-Date: 2015-09-29 14:09+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -17,51 +17,59 @@ msgstr ""
 "Content-Type: text/plain; charset=CHARSET\n"
 "Content-Transfer-Encoding: 8bit\n"
-#: sources/controller.php:100
+#: sources/controller.php:130
 msgid "Json Syntax Error, please check your dot cube file"
 msgstr ""
 #: sources/controller.php:140
 msgid "The Server Address, the Server Port and the Protocol cannot be empty"
 msgstr ""
-#: sources/controller.php:104
+#: sources/controller.php:144
 msgid "The Server Port must be only composed of digits"
 msgstr ""
-#: sources/controller.php:108
+#: sources/controller.php:148
 msgid "The Protocol must be \"udp\" or \"tcp\""
 msgstr ""
-#: sources/controller.php:114
+#: sources/controller.php:152
-msgid "A Client Certificate is needed when you suggest a Key, or vice versa"
+msgid "You need to define two DNS resolver addresses"
 msgstr ""
-#: sources/controller.php:118
+#: sources/controller.php:156
 msgid "A Password is needed when you suggest a Username, or vice versa"
 msgstr ""
-#: sources/controller.php:122
+#: sources/controller.php:163
 msgid "A Client Certificate is needed when you suggest a Key, or vice versa"
 msgstr ""
 #: sources/controller.php:167
 msgid "You need a Server CA."
 msgstr ""
-#: sources/controller.php:126
+#: sources/controller.php:171
 msgid "You need either a Client Certificate, either a Username, or both"
 msgstr ""
-#: sources/controller.php:133
+#: sources/controller.php:178
 msgid "The IPv6 Delegated Prefix format looks bad"
 msgstr ""
-#: sources/controller.php:144
+#: sources/controller.php:189
 msgid "configuration not updated"
 msgstr ""
-#: sources/controller.php:189
+#: sources/controller.php:310
 msgid "Configuration updated and service successfully reloaded"
 msgstr ""
-#: sources/controller.php:191
+#: sources/controller.php:312
 msgid "Configuration updated but service reload failed"
 msgstr ""
-#: sources/controller.php:195
+#: sources/controller.php:316
 msgid "Service successfully disabled"
 msgstr ""
@ -73,8 +81,8 @@ msgstr ""
 msgid "Error"
 msgstr ""
-#: sources/views/layout.html.php:54 sources/views/settings.html.php:125
+#: sources/views/layout.html.php:54 sources/views/settings.html.php:124
-#: sources/views/settings.html.php:165
+#: sources/views/settings.html.php:138
 msgid "Notice"
 msgstr ""
@ -116,140 +124,178 @@ msgid "VPN Enabled"
 msgstr ""
 #: sources/views/settings.html.php:60
 msgid "Manual"
 msgstr ""
 #: sources/views/settings.html.php:61
 msgid "Automatic"
 msgstr ""
 #: sources/views/settings.html.php:67
 msgid "VPN"
 msgstr ""
-#: sources/views/settings.html.php:65
+#: sources/views/settings.html.php:72
 msgid "Server Address"
 msgstr ""
-#: sources/views/settings.html.php:72
+#: sources/views/settings.html.php:79
 msgid "Server Port"
 msgstr ""
-#: sources/views/settings.html.php:74
+#: sources/views/settings.html.php:81
 msgid "With restricted access, you should use 443 (TCP) or 53 (UDP)"
 msgstr ""
-#: sources/views/settings.html.php:79
+#: sources/views/settings.html.php:86
 msgid "Protocol"
 msgstr ""
-#: sources/views/settings.html.php:82
+#: sources/views/settings.html.php:89
 msgid "UDP"
 msgstr ""
-#: sources/views/settings.html.php:85
+#: sources/views/settings.html.php:92
 msgid ""
 "UDP is more efficient than TCP (but more filtered in case of restrictive "
 "access)"
 msgstr ""
-#: sources/views/settings.html.php:86
+#: sources/views/settings.html.php:93
 msgid "TCP"
 msgstr ""
-#: sources/views/settings.html.php:94
+#: sources/views/settings.html.php:99
-msgid "Edit the raw configuration only if you know what you do!"
+msgid "Delegated prefix (IPv6)"
 msgstr ""
-#: sources/views/settings.html.php:94 sources/views/settings.html.php:99
+#: sources/views/settings.html.php:101
 msgid "Advanced"
 msgstr ""
 #: sources/views/settings.html.php:109
 msgid "IPv6"
 msgstr ""
 #: sources/views/settings.html.php:114
 msgid "Delegated prefix"
 msgstr ""
 #: sources/views/settings.html.php:116
 msgid ""
 "Leave empty if your Internet Service Provider does not give you a delegated "
 "prefix"
 msgstr ""
-#: sources/views/settings.html.php:125
+#: sources/views/settings.html.php:108
 msgid "Edit the raw configuration only if you know what you do!"
 msgstr ""
 #: sources/views/settings.html.php:108 sources/views/settings.html.php:113
 msgid "Advanced"
 msgstr ""
 #: sources/views/settings.html.php:124
 msgid ""
 "You need to upload a Client Certificate, or define a Username (or both) for "
 "starting your VPN Client."
 msgstr ""
-#: sources/views/settings.html.php:131
+#: sources/views/settings.html.php:130
-msgid "Certificates"
+msgid "Authentication"
 msgstr ""
-#: sources/views/settings.html.php:136
+#: sources/views/settings.html.php:138
 msgid "Update Client Cert."
 msgstr ""
 #: sources/views/settings.html.php:136
 msgid "Upload Client Cert."
 msgstr ""
 #: sources/views/settings.html.php:139 sources/views/settings.html.php:152
 msgid "Delete this certificate"
 msgstr ""
 #: sources/views/settings.html.php:144 sources/views/settings.html.php:157
 #: sources/views/settings.html.php:177
 msgid "Browse"
 msgstr ""
 #: sources/views/settings.html.php:149
 msgid "Update Client Key"
 msgstr ""
 #: sources/views/settings.html.php:149
 msgid "Upload Client Key"
 msgstr ""
 #: sources/views/settings.html.php:155
 msgid "Make sure your browser is able to read the key file before uploading"
 msgstr ""
 #: sources/views/settings.html.php:157
 msgid "make sure your browser is able to read the key file before uploading"
 msgstr ""
 #: sources/views/settings.html.php:165
 msgid "You need to upload a Server CA for starting your VPN Client."
 msgstr ""
-#: sources/views/settings.html.php:169
+#: sources/views/settings.html.php:142
 msgid "Update Server CA"
 msgstr ""
-#: sources/views/settings.html.php:169
+#: sources/views/settings.html.php:142
 msgid "Upload Server CA"
 msgstr ""
-#: sources/views/settings.html.php:172
+#: sources/views/settings.html.php:145
 msgid "You cannot have no server CA"
 msgstr ""
-#: sources/views/settings.html.php:185
+#: sources/views/settings.html.php:150 sources/views/settings.html.php:163
-msgid "Login"
+#: sources/views/settings.html.php:176 sources/views/settings.html.php:189
 #: sources/views/settings.html.php:244
 msgid "Browse"
 msgstr ""
-#: sources/views/settings.html.php:190
+#: sources/views/settings.html.php:155
 msgid "Update Client Cert."
 msgstr ""
 #: sources/views/settings.html.php:155
 msgid "Upload Client Cert."
 msgstr ""
 #: sources/views/settings.html.php:158 sources/views/settings.html.php:171
 #: sources/views/settings.html.php:184
 msgid "Delete this certificate"
 msgstr ""
 #: sources/views/settings.html.php:168
 msgid "Update Client Key"
 msgstr ""
 #: sources/views/settings.html.php:168
 msgid "Upload Client Key"
 msgstr ""
 #: sources/views/settings.html.php:174 sources/views/settings.html.php:187
 msgid "Make sure your browser is able to read the key file before uploading"
 msgstr ""
 #: sources/views/settings.html.php:176 sources/views/settings.html.php:189
 msgid "make sure your browser is able to read the key file before uploading"
 msgstr ""
 #: sources/views/settings.html.php:181
 msgid "Update Shared-Secret"
 msgstr ""
 #: sources/views/settings.html.php:181
 msgid "Upload Shared-Secret"
 msgstr ""
 #: sources/views/settings.html.php:194
 msgid "Username"
 msgstr ""
-#: sources/views/settings.html.php:192 sources/views/settings.html.php:199
+#: sources/views/settings.html.php:196 sources/views/settings.html.php:203
 msgid "Leave empty if not necessary"
 msgstr ""
-#: sources/views/settings.html.php:197
+#: sources/views/settings.html.php:201
 msgid "Password"
 msgstr ""
-#: sources/views/settings.html.php:207
+#: sources/views/settings.html.php:211
 msgid "DNS"
 msgstr ""
 #: sources/views/settings.html.php:216
 msgid "First resolver"
 msgstr ""
 #: sources/views/settings.html.php:218 sources/views/settings.html.php:225
 msgid "IPv6 or IPv4"
 msgstr ""
 #: sources/views/settings.html.php:223
 msgid "Second resolver"
 msgstr ""
 #: sources/views/settings.html.php:235
 msgid "Auto Configuration"
 msgstr ""
 #: sources/views/settings.html.php:240
 msgid "Upload Config"
 msgstr ""
 #: sources/views/settings.html.php:247
 msgid "What is a dot cube file?"
 msgstr ""
 #: sources/views/settings.html.php:255
 msgid "Reloading may take a few minutes. Be patient."
 msgstr ""
-#: sources/views/settings.html.php:207
+#: sources/views/settings.html.php:255
 msgid "Save and reload"
 msgstr ""
--- a/sources/public/css/style.css
+++ b/sources/public/css/style.css
@ -96,3 +96,12 @@ textarea#raw_openvpn {
  height: 300px;
  border: 1px solid #D9534F;
 }
 ul.nav {
  margin-top: 30px;
  margin-bottom: 20px;
 }
 ul.nav a {
  outline: none;
 }
--- a/sources/public/js/custom.js
+++ b/sources/public/js/custom.js
@ -16,11 +16,24 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 function tabsClick() {
  var tab = $(this).parent().attr('data-tab');
  $('.nav').find('li.active').removeClass('active');
  $(this).parent().addClass('active');
  $('.tabs').hide();
  $('.tab' + tab).show();
  return false;
 }
 $(document).ready(function() {
  $('.btn-group').button();
  $('[data-toggle="tooltip"]').tooltip();
  $('.switch').bootstrapToggle();
  $('.nav-tabs a').click(tabsClick);
  $('.fileinput').click(function() {
    if(!$(this).hasClass('btn-danger')) {
@ -47,7 +60,7 @@ $(document).ready(function() {
      if($(choosertxtid).hasClass('btn-danger') != $('#crt_client_choosertxt').hasClass('btn-danger')) {
        $('#crt_client_deletebtn').click();
      }
-    } else {
+    } else if($(this).attr('id').search('_ta') < 0) {
      if($(choosertxtid).hasClass('btn-danger') != $('#crt_client_key_choosertxt').hasClass('btn-danger')) {
        $('#crt_client_key_deletebtn').click();
      }
--- a/sources/views/settings.html.php
+++ b/sources/views/settings.html.php
@ -55,148 +55,196 @@
        </div>
      </div>
-      <div class="panel panel-default enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
+      <div class="enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
-        <div class="panel-heading">
+        <ul class="nav nav-tabs nav-justified">
-          <h3 class="panel-title"><?= _("VPN") ?></h3>
+          <li role="presentation" data-tab="manualconfig" class="active"><a href="#"><?= _("Manual") ?></a></li>
-        </div>
+          <li role="presentation" data-tab="autoconfig"><a href="#"><?= _("Automatic") ?></a></li>
        </ul>
-        <div style="padding: 14px 14px 0 10px">
+        <div class="tabs tabmanualconfig">
-          <div class="form-group">
+          <div class="panel panel-default">
-            <label for="server_name" class="col-sm-3 control-label"><?= _('Server Address') ?></label>
+            <div class="panel-heading">
-            <div class="col-sm-9">
+              <h3 class="panel-title"><?= _("VPN") ?></h3>
              <input type="text" class="form-control" name="server_name" id="server_name" placeholder="access.ldn-fai.net" value="<?= $server_name ?>" />
            </div>
          </div>
          <div class="form-group">
            <label for="server_port" class="col-sm-3 control-label"><?= _('Server Port') ?></label>
            <div class="col-sm-9">
              <input type="text" data-toggle="tooltip" data-title="<?= _('With restricted access, you should use 443 (TCP) or 53 (UDP)') ?>" class="form-control" name="server_port" id="server_port" placeholder="1194" value="<?= $server_port ?>" />
            </div>
          </div>
          <div class="form-group">
            <label for="server_proto" class="col-sm-3 control-label"><?= _('Protocol') ?></label>
            <div class="btn-group col-sm-9" data-toggle="buttons">
              <label class="btn btn-default <?= $server_proto == 'udp' ? 'active' : '' ?>">
                <input type="radio" name="server_proto" value="udp" <?= $server_proto == 'udp' ? 'checked="cheked"' : '' ?> /> <?= _('UDP') ?>
              </label>
              <label class="btn btn-default <?= $server_proto == 'tcp' ? 'active' : '' ?>" data-toggle="tooltip" data-title="<?= _('UDP is more efficient than TCP (but more filtered in case of restrictive access)') ?>">
                <input type="radio" name="server_proto" value="tcp" <?= $server_proto == 'tcp' ? 'checked="cheked"' : '' ?> /> <?= _('TCP') ?>
              </label>
            </div>
          </div>
-          <div class="form-group" id="raw_openvpn_btnpanel">
+            <div style="padding: 14px 14px 0 10px">
-            <label class="col-sm-3 control-label"></label>
+              <div class="form-group">
-            <div class="col-sm-9">
+                <label for="server_name" class="col-sm-3 control-label"><?= _('Server Address') ?></label>
-              <span class="glyphicon glyphicon-cog"></span> <a href="#" id="raw_openvpn_btn" data-toggle="tooltip" data-title="<?= _('Edit the raw configuration only if you know what you do!') ?>"><?= _('Advanced') ?></a>
+                <div class="col-sm-9">
-            </div>
+                  <input type="text" class="form-control" name="server_name" id="server_name" placeholder="access.ldn-fai.net" value="<?= $server_name ?>" />
-          </div>
+                </div>
-
+              </div>
-          <div class="form-group" id="raw_openvpn_panel">
+    
-            <label for="raw_openvpn" class="col-sm-3 control-label"><?= _('Advanced') ?></label>
+              <div class="form-group">
-            <div class="col-sm-9">
+                <label for="server_port" class="col-sm-3 control-label"><?= _('Server Port') ?></label>
-              <pre><textarea class="form-control" name="raw_openvpn" id="raw_openvpn"><?= $raw_openvpn ?></textarea></pre>
+                <div class="col-sm-9">
-            </div>
+                  <input type="text" data-toggle="tooltip" data-title="<?= _('With restricted access, you should use 443 (TCP) or 53 (UDP)') ?>" class="form-control" name="server_port" id="server_port" placeholder="1194" value="<?= $server_port ?>" />
-          </div>
+                </div>
-        </div>
+              </div>
-      </div>
+    
-
+              <div class="form-group">
-      <div class="panel panel-default enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
+                <label for="server_proto" class="col-sm-3 control-label"><?= _('Protocol') ?></label>
-        <div class="panel-heading">
+                <div class="btn-group col-sm-9" data-toggle="buttons">
-          <h3 class="panel-title"><?= _("IPv6") ?></h3>
+                  <label class="btn btn-default <?= $server_proto == 'udp' ? 'active' : '' ?>">
-        </div>
+                    <input type="radio" name="server_proto" value="udp" <?= $server_proto == 'udp' ? 'checked="cheked"' : '' ?> /> <?= _('UDP') ?>
-
+                  </label>
-        <div style="padding: 14px 14px 0 10px">
+    
-          <div class="form-group">
+                  <label class="btn btn-default <?= $server_proto == 'tcp' ? 'active' : '' ?>" data-toggle="tooltip" data-title="<?= _('UDP is more efficient than TCP (but more filtered in case of restrictive access)') ?>">
-            <label for="ip6_net" class="col-sm-3 control-label"><?= _('Delegated prefix') ?></label>
+                    <input type="radio" name="server_proto" value="tcp" <?= $server_proto == 'tcp' ? 'checked="cheked"' : '' ?> /> <?= _('TCP') ?>
-            <div class="col-sm-9">
+                  </label>
-              <input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if your Internet Service Provider does not give you a delegated prefix') ?>" class="form-control" name="ip6_net" id="ip6_net" placeholder="2001:db8:42::" value="<?= $ip6_net ?>" />
+                </div>
            </div>
          </div>
        </div>
      </div>
      <?php if(!$crt_client_key_exists && empty($login_user)): ?>
        <div class="alert alert-dismissible alert-warning fade in enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?> style="margin: 2px 0px 17px" role="alert">
          <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
          <strong><?= _('Notice') ?>:</strong> <?= _("You need to upload a Client Certificate, or define a Username (or both) for starting your VPN Client.") ?>
        </div>
      <?php endif; ?>
      <div class="panel panel-default enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
        <div class="panel-heading">
          <h3 class="panel-title"><?= _("Certificates") ?></h3>
        </div>
        <div style="padding: 14px 14px 0 10px">
          <div class="form-group">
            <label for="crt_client" class="col-sm-3 control-label"><?= $crt_client_exists ? _('Update Client Cert.') : _('Upload Client Cert.') ?></label>
            <div class="input-group col-sm-9" style="padding: 0 15px">
              <?php if($crt_client_exists): ?>
                <a class="btn btn-danger input-group-addon deletefile" id="crt_client_deletebtn" data-toggle="tooltip" data-title="<?= _('Delete this certificate') ?>"><span class="glyphicon glyphicon-remove"></span></a>
                <input id="crt_client_delete" name="crt_client_delete" type="checkbox" value="1" style="display: none" />
              <?php endif; ?>
              <input type="text" class="form-control fileinput" id="crt_client_choosertxt" placeholder="-----BEGIN CERTIFICATE-----" readonly="readonly" />
              <input id="crt_client" name="crt_client" type="file" style="display: none" />
              <a class="btn input-group-addon fileinput" id="crt_client_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?>"><span class="glyphicon glyphicon-search"></span></a>
            </div>
          </div>
          <div class="form-group">
            <label for="crt_client_key" class="col-sm-3 control-label"><?= $crt_client_key_exists ? _('Update Client Key') : _('Upload Client Key') ?></label>
            <div class="input-group col-sm-9" style="padding: 0 15px">
              <?php if($crt_client_key_exists): ?>
                <a class="btn btn-danger input-group-addon deletefile" id="crt_client_key_deletebtn" data-toggle="tooltip" data-title="<?= _('Delete this certificate') ?>"><span class="glyphicon glyphicon-remove"></span></a>
                <input id="crt_client_key_delete" name="crt_client_key_delete" type="checkbox" value="1" style="display: none" />
              <?php endif; ?>
              <input type="text" class="form-control fileinput" id="crt_client_key_choosertxt" data-toggle="tooltip" data-title="<?= _('Make sure your browser is able to read the key file before uploading') ?>" placeholder="-----BEGIN PRIVATE KEY-----" readonly="readonly" />
              <input id="crt_client_key" name="crt_client_key" type="file" style="display: none" />
              <a class="btn input-group-addon fileinput" id="crt_client_key_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?> (<?= _('make sure your browser is able to read the key file before uploading') ?>)"><span class="glyphicon glyphicon-search"></span></a>
            </div>
          </div>
          <div class="form-group">
            <?php if(!$crt_server_ca_exists): ?>
              <div class="alert alert-dismissible alert-warning fade in" style="margin: 2px 16px 17px" role="alert">
                <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
                <strong><?= _('Notice') ?>:</strong> <?= _("You need to upload a Server CA for starting your VPN Client.") ?>
              </div>
            <?php endif; ?>
-            <label for="crt_server_ca" class="col-sm-3 control-label"><?= $crt_server_ca_exists ? _('Update Server CA') : _('Upload Server CA') ?></label>
+              <div class="form-group">
-            <div class="input-group col-sm-9" style="padding: 0 15px">
+                <label for="ip6_net" class="col-sm-3 control-label"><?= _('Delegated prefix (IPv6)') ?></label>
-              <?php if($crt_server_ca_exists): ?>
+                <div class="col-sm-9">
-                <a class="btn btn-danger not-allowed btn-disabled input-group-addon" id="crt_server_ca_deletebtn" data-toggle="tooltip" data-title="<?= _('You cannot have no server CA') ?>"><span class="glyphicon glyphicon-remove"></span></a>
+                  <input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if your Internet Service Provider does not give you a delegated prefix') ?>" class="form-control" name="ip6_net" id="ip6_net" placeholder="2001:db8:42::" value="<?= $ip6_net ?>" />
-                <input id="crt_server_ca_delete" name="crt_server_ca_delete" type="checkbox" value="1" style="display: none" />
+                </div>
-              <?php endif; ?>
+              </div>
              <input type="text" class="form-control fileinput" id="crt_server_ca_choosertxt" placeholder="-----BEGIN CERTIFICATE-----" readonly="readonly" />
              <input id="crt_server_ca" name="crt_server_ca" type="file" style="display: none" />
              <a class="btn input-group-addon fileinput" id="crt_server_ca_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?>"><span class="glyphicon glyphicon-search"></span></a>
            </div>
          </div>
        </div>
      </div>
-      <div class="panel panel-default enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
+              <div class="form-group" id="raw_openvpn_btnpanel">
-        <div class="panel-heading">
+                <label class="col-sm-3 control-label"></label>
-          <h3 class="panel-title"><?= _("Login") ?></h3>
+                <div class="col-sm-9">
-        </div>
+                  <span class="glyphicon glyphicon-cog"></span> <a href="javascript:" id="raw_openvpn_btn" data-toggle="tooltip" data-title="<?= _('Edit the raw configuration only if you know what you do!') ?>"><?= _('Advanced') ?></a>
                </div>
              </div>
-        <div style="padding: 14px 14px 0 10px">
+              <div class="form-group" id="raw_openvpn_panel">
-          <div class="form-group">
+                <label for="raw_openvpn" class="col-sm-3 control-label"><?= _('Advanced') ?></label>
-            <label for="login_user" class="col-sm-3 control-label"><?= _('Username') ?></label>
+                <div class="col-sm-9">
-            <div class="col-sm-9">
+                  <pre><textarea class="form-control" name="raw_openvpn" id="raw_openvpn"><?= $raw_openvpn ?></textarea></pre>
-              <input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if not necessary') ?>" class="form-control" name="login_user" id="login_user" placeholder="michu" value="<?= $login_user ?>" />
+                </div>
              </div>
            </div>
          </div>
-          <div class="form-group">
+          <?php if(!$crt_client_key_exists && empty($login_user)): ?>
-            <label for="login_passphrase" class="col-sm-3 control-label"><?= _('Password') ?></label>
+            <div class="alert alert-dismissible alert-warning fade in" style="margin: 2px 0px 17px" role="alert">
-            <div class="col-sm-9">
+              <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
-              <input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if not necessary') ?>" class="form-control" name="login_passphrase" id="login_passphrase" placeholder="XVCwSbDkxnqQ" value="<?= $login_passphrase ?>" />
+              <strong><?= _('Notice') ?>:</strong> <?= _("You need to upload a Client Certificate, or define a Username (or both) for starting your VPN Client.") ?>
            </div>
          <?php endif; ?>
          <div class="panel panel-default">
            <div class="panel-heading">
              <h3 class="panel-title"><?= _("Authentication") ?></h3>
            </div>
            <div style="padding: 14px 14px 0 10px">
              <div class="form-group">
                <?php if(!$crt_server_ca_exists): ?>
                  <div class="alert alert-dismissible alert-warning fade in" style="margin: 2px 16px 17px" role="alert">
                    <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
                    <strong><?= _('Notice') ?>:</strong> <?= _("You need to upload a Server CA for starting your VPN Client.") ?>
                  </div>
                <?php endif; ?>
                <label for="crt_server_ca" class="col-sm-3 control-label"><?= $crt_server_ca_exists ? _('Update Server CA') : _('Upload Server CA') ?></label>
                <div class="input-group col-sm-9" style="padding: 0 15px">
                  <?php if($crt_server_ca_exists): ?>
                    <a class="btn btn-danger not-allowed btn-disabled input-group-addon" id="crt_server_ca_deletebtn" data-toggle="tooltip" data-title="<?= _('You cannot have no server CA') ?>"><span class="glyphicon glyphicon-remove"></span></a>
                    <input id="crt_server_ca_delete" name="crt_server_ca_delete" type="checkbox" value="1" style="display: none" />
                  <?php endif; ?>
                  <input type="text" class="form-control fileinput" id="crt_server_ca_choosertxt" placeholder="-----BEGIN CERTIFICATE-----" readonly="readonly" />
                  <input id="crt_server_ca" name="crt_server_ca" type="file" style="display: none" />
                  <a class="btn input-group-addon fileinput" id="crt_server_ca_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?>"><span class="glyphicon glyphicon-search"></span></a>
                </div>
              </div>
              <div class="form-group">
                <label for="crt_client" class="col-sm-3 control-label"><?= $crt_client_exists ? _('Update Client Cert.') : _('Upload Client Cert.') ?></label>
                <div class="input-group col-sm-9" style="padding: 0 15px">
                  <?php if($crt_client_exists): ?>
                    <a class="btn btn-danger input-group-addon deletefile" id="crt_client_deletebtn" data-toggle="tooltip" data-title="<?= _('Delete this certificate') ?>"><span class="glyphicon glyphicon-remove"></span></a>
                    <input id="crt_client_delete" name="crt_client_delete" type="checkbox" value="1" style="display: none" />
                  <?php endif; ?>
                  <input type="text" class="form-control fileinput" id="crt_client_choosertxt" placeholder="-----BEGIN CERTIFICATE-----" readonly="readonly" />
                  <input id="crt_client" name="crt_client" type="file" style="display: none" />
                  <a class="btn input-group-addon fileinput" id="crt_client_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?>"><span class="glyphicon glyphicon-search"></span></a>
                </div>
              </div>
              <div class="form-group">
                <label for="crt_client_key" class="col-sm-3 control-label"><?= $crt_client_key_exists ? _('Update Client Key') : _('Upload Client Key') ?></label>
                <div class="input-group col-sm-9" style="padding: 0 15px">
                  <?php if($crt_client_key_exists): ?>
                    <a class="btn btn-danger input-group-addon deletefile" id="crt_client_key_deletebtn" data-toggle="tooltip" data-title="<?= _('Delete this certificate') ?>"><span class="glyphicon glyphicon-remove"></span></a>
                    <input id="crt_client_key_delete" name="crt_client_key_delete" type="checkbox" value="1" style="display: none" />
                  <?php endif; ?>
                  <input type="text" class="form-control fileinput" id="crt_client_key_choosertxt" data-toggle="tooltip" data-title="<?= _('Make sure your browser is able to read the key file before uploading') ?>" placeholder="-----BEGIN PRIVATE KEY-----" readonly="readonly" />
                  <input id="crt_client_key" name="crt_client_key" type="file" style="display: none" />
                  <a class="btn input-group-addon fileinput" id="crt_client_key_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?> (<?= _('make sure your browser is able to read the key file before uploading') ?>)"><span class="glyphicon glyphicon-search"></span></a>
                </div>
              </div>
              <div class="form-group">
                <label for="crt_client_ta" class="col-sm-3 control-label"><?= $crt_client_ta_exists ? _('Update Shared-Secret') : _('Upload Shared-Secret') ?></label>
                <div class="input-group col-sm-9" style="padding: 0 15px">
                  <?php if($crt_client_ta_exists): ?>
                    <a class="btn btn-danger input-group-addon deletefile" id="crt_client_ta_deletebtn" data-toggle="tooltip" data-title="<?= _('Delete this certificate') ?>"><span class="glyphicon glyphicon-remove"></span></a>
                    <input id="crt_client_ta_delete" name="crt_client_ta_delete" type="checkbox" value="1" style="display: none" />
                  <?php endif; ?>
                  <input type="text" class="form-control fileinput" id="crt_client_ta_choosertxt" data-toggle="tooltip" data-title="<?= _('Make sure your browser is able to read the key file before uploading') ?>" placeholder="ta.key" readonly="readonly" />
                  <input id="crt_client_ta" name="crt_client_ta" type="file" style="display: none" />
                  <a class="btn input-group-addon fileinput" id="crt_client_ta_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?> (<?= _('make sure your browser is able to read the key file before uploading') ?>)"><span class="glyphicon glyphicon-search"></span></a>
                </div>
              </div>
              <div class="form-group">
                <label for="login_user" class="col-sm-3 control-label"><?= _('Username') ?></label>
                <div class="col-sm-9">
                  <input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if not necessary') ?>" class="form-control" name="login_user" id="login_user" placeholder="michu" value="<?= $login_user ?>" />
                </div>
              </div>
              <div class="form-group">
                <label for="login_passphrase" class="col-sm-3 control-label"><?= _('Password') ?></label>
                <div class="col-sm-9">
                  <input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if not necessary') ?>" class="form-control" name="login_passphrase" id="login_passphrase" placeholder="XVCwSbDkxnqQ" value="<?= $login_passphrase ?>" />
                </div>
              </div>
            </div>
          </div>
          <div class="panel panel-default">
            <div class="panel-heading">
              <h3 class="panel-title"><?= _("DNS") ?></h3>
            </div>
            <div style="padding: 14px 14px 0 10px">
              <div class="form-group">
                <label for="dns0" class="col-sm-3 control-label"><?= _('First resolver') ?></label>
                <div class="col-sm-9">
                  <input type="text" data-toggle="tooltip" data-title="<?= _('IPv6 or IPv4') ?>" class="form-control" name="dns0" id="dns0" placeholder="89.234.141.66" value="<?= $dns0 ?>" />
                </div>
              </div>
              <div class="form-group">
                <label for="dns1" class="col-sm-3 control-label"><?= _('Second resolver') ?></label>
                <div class="col-sm-9">
                  <input type="text" data-toggle="tooltip" data-title="<?= _('IPv6 or IPv4') ?>" class="form-control" name="dns1" id="dns1" placeholder="2001:913::8" value="<?= $dns1 ?>" />
                </div>
              </div>
            </div>
          </div>
        </div>
        <div class="tabs tabautoconfig" style="display: none">
          <div class="panel panel-default">
            <div class="panel-heading">
              <h3 class="panel-title"><?= _("Auto Configuration") ?></h3>
            </div>
            <div style="padding: 14px 14px 0 10px">
              <div class="form-group">
                <label for="cubefile" class="col-sm-3 control-label"><?= _('Upload Config') ?></label>
                <div class="input-group col-sm-9" style="padding: 0 15px">
                  <input type="text" class="form-control fileinput" id="cubefile_choosertxt" placeholder="config.cube" readonly="readonly" />
                  <input id="cubefile" name="cubefile" type="file" style="display: none" />
                  <a class="btn input-group-addon fileinput" id="cubefile_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?>"><span class="glyphicon glyphicon-search"></span></a>
                </div>
              </div>
              <p style="text-align: center"><a href="http://internetcu.be/dotcubefiles.html"><?= _('What is a dot cube file?') ?></a></p>
            </div>
          </div>
        </div>