Merge

conf/openvpn_client.conf.tpl

@@ -1,8 +1,8 @@
-# [WARN] Edit this raw configuration ONLY IF YOU KNOW what
-#        you do!
-# [WARN] Continue to use the placeholders <TPL:*> and keep
-#        update their value on the web admin (they are not
-#        only used for this file).
+# [WARN] Edit this raw configuration ONLY IF YOU KNOW 
+#        what you do!
+# [WARN] Continue to use the placeholders <TPL:*> and
+#        keep update their value on the web admin (they 
+#        are not only used for this file).
 
 remote <TPL:SERVER_NAME>
 proto <TPL:PROTO>
@@ -14,6 +14,7 @@ dev tun
 tun-ipv6
 keepalive 10 30
 comp-lzo adaptive
+resolv-retry infinite
 
 # Authentication by login
 <TPL:LOGIN_COMMENT>auth-user-pass /etc/openvpn/keys/credentials
@@ -23,7 +24,9 @@ comp-lzo adaptive
 
 # TLS
 tls-client
+<TPL:TA_COMMENT>tls-auth /etc/openvpn/keys/user_ta.key 1
 remote-cert-tls server
+ns-cert-type server
 ca /etc/openvpn/keys/ca-server.crt
 <TPL:CERT_COMMENT>cert /etc/openvpn/keys/user.crt
 <TPL:CERT_COMMENT>key /etc/openvpn/keys/user.key

conf/ynh-vpnclient

@@ -59,6 +59,11 @@ is_serverip6route_set() {
   fi
 }
 
+is_dns_set() {
+  [ -e /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient ]\
+  && grep -q ${ynh_dns0} /etc/resolv.conf
+}
+
 is_openvpn_running() {
   systemctl is-active openvpn@client.service &> /dev/null
 }
@@ -66,7 +71,7 @@ is_openvpn_running() {
 is_running() {
   ((has_nativeip6 && is_serverip6route_set "${new_server_ip6}") || ! has_nativeip6)\
   && ((! has_hotspot_app && has_ip6delegatedprefix && is_ip6addr_set) || has_hotspot_app || ! has_ip6delegatedprefix)\
-  && is_firewall_set && is_openvpn_running
+  && is_dns_set && is_firewall_set && is_openvpn_running
 }
 
 ## Setters
@@ -96,6 +101,15 @@ set_serverip6route() {
   ip route add "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
 }
 
+set_dns() {
+  cat << EOF > /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient
+echo nameserver ${ynh_dns0} > /etc/resolv.conf
+echo nameserver ${ynh_dns1} >> /etc/resolv.conf
+EOF
+
+  bash /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient
+}
+
 start_openvpn() {
   ip6_gw=${1}
   server_ip6=${2}
@@ -120,6 +134,12 @@ start_openvpn() {
     sed 's|^<TPL:CERT_COMMENT>|;|' -i /etc/openvpn/client.conf
   fi
 
+  if [ -e /etc/openvpn/keys/user_ta.key ]; then
+    sed 's|^<TPL:TA_COMMENT>||' -i /etc/openvpn/client.conf
+  else
+    sed 's|^<TPL:TA_COMMENT>|;|' -i /etc/openvpn/client.conf
+  fi
+
   if [[ "${proto}" =~ udp ]]; then
     sed 's|^<TPL:UDP_COMMENT>||' -i /etc/openvpn/client.conf
   else
@@ -154,6 +174,10 @@ unset_serverip6route() {
   ip route delete "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
 }
 
+unset_dns() {
+  rm -f /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient
+}
+
 stop_openvpn() {
   systemctl stop openvpn.service
 }
@@ -212,6 +236,8 @@ if [ "$1" != restart ]; then
   ynh_server_proto=$(ynh_setting_get vpnclient server_proto)
   ynh_ip6_addr=$(ynh_setting_get vpnclient ip6_addr)
   ynh_login_user=$(ynh_setting_get vpnclient login_user)
+  ynh_dns0=$(ynh_setting_get vpnclient dns0)
+  ynh_dns1=$(ynh_setting_get vpnclient dns1)
 
   old_ip6_gw=$(ynh_setting_get vpnclient ip6_gw)
   old_wired_device=$(ynh_setting_get vpnclient wired_device)
@@ -280,6 +306,12 @@ case "${1}" in
         set_ip6addr
       fi
 
+      # Set host DNS resolvers
+      if ! is_dns_set; then
+        echo "Set host DNS resolvers"
+        set_dns
+      fi
+
       # Set ipv6/ipv4 firewall
       if ! is_firewall_set "${new_wired_device}"; then
         echo "Set IPv6/IPv4 firewall"
@@ -316,6 +348,11 @@ case "${1}" in
       unset_firewall
     fi
 
+    if is_dns_set; then
+      echo "Unset forced host DNS resolvers"
+      unset_dns
+    fi
+
     if is_openvpn_running; then
       echo "Stop openvpn"
       stop_openvpn
@@ -387,6 +424,14 @@ case "${1}" in
       echo "[OK] IPv6/IPv4 firewall set"
     else
       echo "[ERR] No IPv6/IPv4 firewall set"
+      exitcode=1
+    fi
+
+    if is_dns_set; then
+      echo "[OK] Host DNS correctly set"
+    else
+      echo "[ERR] No host DNS set"
+      exitcode=1
     fi
 
     if is_openvpn_running; then

scripts/install

@@ -65,6 +65,8 @@ if ! $upgrade; then
   sudo yunohost app setting vpnclient ip6_net -v none
   sudo yunohost app setting vpnclient login_user -v "${login_user}"
   sudo yunohost app setting vpnclient login_passphrase -v "${login_passphrase}"
+  sudo yunohost app setting vpnclient dns0 -v 89.234.141.66
+  sudo yunohost app setting vpnclient dns1 -v 2001:913::8
 
 fi
 

sources/controller.php

@@ -64,6 +64,29 @@ function ipv6_compressed($ip) {
   return $output[0];
 }
 
+function readAutoConf($file) {
+  $json = file_get_contents($file);
+  $config = json_decode($json, true);
+
+  if(!empty($config['crt_server_ca'])) {
+    $config['crt_server_ca'] = str_replace('|', "\n", $config['crt_server_ca']);
+  }
+
+  if(!empty($config['crt_client'])) {
+    $config['crt_client'] = str_replace('|', "\n", $config['crt_client']);
+  }
+
+  if(!empty($config['crt_client_key'])) {
+    $config['crt_client_key'] = str_replace('|', "\n", $config['crt_client_key']);
+  }
+
+  if(!empty($config['crt_client_ta'])) {
+    $config['crt_client_ta'] = str_replace('|', "\n", $config['crt_client_ta']);
+  }
+
+  return $config;
+}
+
 dispatch('/', function() {
   $ip6_net = ynh_setting_get('ip6_net');
   $ip6_net = ($ip6_net == 'none') ? '' : $ip6_net;
@@ -78,51 +101,73 @@ dispatch('/', function() {
   set('ip6_net', $ip6_net);
   set('crt_client_exists', file_exists('/etc/openvpn/keys/user.crt'));
   set('crt_client_key_exists', file_exists('/etc/openvpn/keys/user.key'));
+  set('crt_client_ta_exists', file_exists('/etc/openvpn/keys/user_ta.key'));
   set('crt_server_ca_exists', file_exists('/etc/openvpn/keys/ca-server.crt'));
   set('faststatus', service_faststatus() == 0);
   set('raw_openvpn', $raw_openvpn);
+  set('dns0', ynh_setting_get('dns0'));
+  set('dns1', ynh_setting_get('dns1'));
 
   return render('settings.html.php');
 });
 
 dispatch_put('/settings', function() {
-  $crt_client_exists = file_exists('/etc/openvpn/keys/user.crt');
-  $crt_client_key_exists = file_exists('/etc/openvpn/keys/user.key');
-  $crt_server_ca_exists = file_exists('/etc/openvpn/keys/ca-server.crt');
-
   $service_enabled = isset($_POST['service_enabled']) ? 1 : 0;
-  $ip6_net = empty($_POST['ip6_net']) ? 'none' : $_POST['ip6_net'];
-  $ip6_addr = 'none';
 
   if($service_enabled == 1) {
+    $crt_client_exists = file_exists('/etc/openvpn/keys/user.crt');
+    $crt_client_key_exists = file_exists('/etc/openvpn/keys/user.key');
+    $crt_server_ca_exists = file_exists('/etc/openvpn/keys/ca-server.crt');
+
+    $config = $_POST;
+    $autoconf = false;
+
     try {
-      if(empty($_POST['server_name']) || empty($_POST['server_port']) || empty($_POST['server_proto'])) {
+      if($_FILES['cubefile']['error'] == UPLOAD_ERR_OK) {
+        $config = readAutoConf($_FILES['cubefile']['tmp_name']);
+
+        if(is_null($config)) {
+          throw new Exception(_('Json Syntax Error, please check your dot cube file'));
+        }
+
+        $autoconf = true;
+      }
+  
+      $ip6_net = empty($config['ip6_net']) ? 'none' : $config['ip6_net'];
+      $ip6_addr = 'none';
+
+      if(empty($config['server_name']) || empty($config['server_port']) || empty($config['server_proto'])) {
         throw new Exception(_('The Server Address, the Server Port and the Protocol cannot be empty'));
       }
     
-      if(!preg_match('/^\d+$/', $_POST['server_port'])) {
+      if(!preg_match('/^\d+$/', $config['server_port'])) {
         throw new Exception(_('The Server Port must be only composed of digits'));
       }
     
-      if($_POST['server_proto'] != 'udp' && $_POST['server_proto'] != 'tcp') {
+      if($config['server_proto'] != 'udp' && $config['server_proto'] != 'tcp') {
         throw new Exception(_('The Protocol must be "udp" or "tcp"'));
       }
-    
-      if(($_FILES['crt_client']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1))
-        || ($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client']['error'] != UPLOAD_ERR_OK && (!$crt_client_exists || $_POST['crt_client_delete'] == 1))) {
-    
-        throw new Exception(_('A Client Certificate is needed when you suggest a Key, or vice versa'));
+
+      if(empty($config['dns0']) || empty($config['dns1'])) {
+        throw new Exception(_('You need to define two DNS resolver addresses'));
       }
-    
-      if(empty($_POST['login_user']) xor empty($_POST['login_passphrase'])) {
+
+      if(empty($config['login_user']) xor empty($config['login_passphrase'])) {
         throw new Exception(_('A Password is needed when you suggest a Username, or vice versa'));
       }
-    
-      if($_FILES['crt_server_ca']['error'] != UPLOAD_ERR_OK && !$crt_server_ca_exists) {
+
+      if((!$autoconf && (($_FILES['crt_client']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1))
+        || ($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client']['error'] != UPLOAD_ERR_OK && (!$crt_client_exists || $_POST['crt_client_delete'] == 1))))
+        || ($autoconf && (empty($config['crt_client']) xor empty($config['crt_client_key'])))) {
+      
+        throw new Exception(_('A Client Certificate is needed when you suggest a Key, or vice versa'));
+      } 
+ 
+      if((!$autoconf && $_FILES['crt_server_ca']['error'] != UPLOAD_ERR_OK && !$crt_server_ca_exists) || ($autoconf && empty($config['crt_server_ca']))) {
         throw new Exception(_('You need a Server CA.'));
       }
-    
-      if(($_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1)) && empty($_POST['login_user'])) {
+      
+      if(((!$autoconf && $_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1)) || ($autoconf && empty($config['crt_client_key']))) && empty($config['login_user'])) {
         throw new Exception(_('You need either a Client Certificate, either a Username, or both'));
       }
     
@@ -151,34 +196,110 @@ dispatch_put('/settings', function() {
   ynh_setting_set('service_enabled', $service_enabled);
 
   if($service_enabled == 1) {
-    ynh_setting_set('server_name', $_POST['server_name']);
-    ynh_setting_set('server_port', $_POST['server_port']);
-    ynh_setting_set('server_proto', $_POST['server_proto']);
-    ynh_setting_set('login_user', $_POST['login_user']);
-    ynh_setting_set('login_passphrase', $_POST['login_passphrase']);
+    ynh_setting_set('server_name', $config['server_name']);
+    ynh_setting_set('server_port', $config['server_port']);
+    ynh_setting_set('server_proto', $config['server_proto']);
+    ynh_setting_set('dns0', $config['dns0']);
+    ynh_setting_set('dns1', $config['dns1']);
+    ynh_setting_set('login_user', $config['login_user']);
+    ynh_setting_set('login_passphrase', $config['login_passphrase']);
     ynh_setting_set('ip6_net', $ip6_net);
     ynh_setting_set('ip6_addr', $ip6_addr);
-    
-    file_put_contents('/etc/openvpn/client.conf.tpl', $_POST['raw_openvpn']);
 
-    if($_FILES['crt_client']['error'] == UPLOAD_ERR_OK) {
-      move_uploaded_file($_FILES['crt_client']['tmp_name'], '/etc/openvpn/keys/user.crt');
-    } elseif($_POST['crt_client_delete'] == 1) {
-      unlink('/etc/openvpn/keys/user.crt');
-    }
-    
-    if($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK) {
-      move_uploaded_file($_FILES['crt_client_key']['tmp_name'], '/etc/openvpn/keys/user.key');
-    } elseif($_POST['crt_client_key_delete'] == 1) {
-      unlink('/etc/openvpn/keys/user.key');
-    }
-    
-    if($_FILES['crt_server_ca']['error'] == UPLOAD_ERR_OK) {
-      move_uploaded_file($_FILES['crt_server_ca']['tmp_name'], '/etc/openvpn/keys/ca-server.crt');
+    if($autoconf) {
+      copy('/etc/openvpn/client.conf.tpl.restore', '/etc/openvpn/client.conf.tpl');
+
+      if(!empty($config['openvpn_rm'])) {
+        $raw_openvpn = explode("\n", file_get_contents('/etc/openvpn/client.conf.tpl'));
+        $fopenvpn = fopen('/etc/openvpn/client.conf.tpl', 'w');
+
+        foreach($raw_openvpn AS $opt) {
+          $filtered = false;
+
+          if(!preg_match('/^#/', $opt) && !preg_match('/<TPL:/', $opt)) {
+            foreach($config['openvpn_rm'] AS $filter) {
+              if(preg_match("/$filter/i", $opt)) {
+                $filtered = true;
+              }
+            }
+          }
+
+          if(!$filtered) {
+            fwrite($fopenvpn, "$opt\n");
+          }
+        }
+
+        fclose($fopenvpn);
+      }
+
+      if(!empty($config['openvpn_add'])) {
+        $raw_openvpn = file_get_contents('/etc/openvpn/client.conf.tpl');
+        $raw_openvpn .= "\n# Custom\n".implode("\n", $config['openvpn_add']);
+
+        file_put_contents('/etc/openvpn/client.conf.tpl', $raw_openvpn);
+      }
+
+      if(empty($config['crt_client'])) {
+        if(file_exists('/etc/openvpn/keys/user.crt')) {
+          unlink('/etc/openvpn/keys/user.crt');
+        }
+      } else {
+        file_put_contents('/etc/openvpn/keys/user.crt', $config['crt_client']);
+      }
+
+      if(empty($config['crt_client_key'])) {
+        if(file_exists('/etc/openvpn/keys/user.key')) {
+          unlink('/etc/openvpn/keys/user.key');
+        }
+      } else {
+        file_put_contents('/etc/openvpn/keys/user.key', $config['crt_client_key']);
+      }
+
+      if(empty($config['crt_client_ta'])) {
+        if(file_exists('/etc/openvpn/keys/user_ta.key')) {
+          unlink('/etc/openvpn/keys/user_ta.key');
+        }
+      } else {
+        file_put_contents('/etc/openvpn/keys/user_ta.key', $config['crt_client_ta']);
+      }
+
+      if(empty($config['crt_server_ca'])) {
+        if(file_exists('/etc/openvpn/keys/ca-server.crt')) {
+          unlink('/etc/openvpn/keys/ca-server.crt');
+        }
+      } else {
+        file_put_contents('/etc/openvpn/keys/ca-server.crt', $config['crt_server_ca']);
+      }
+
+    } else {
+
+      file_put_contents('/etc/openvpn/client.conf.tpl', $_POST['raw_openvpn']);
+
+      if($_FILES['crt_client']['error'] == UPLOAD_ERR_OK) {
+        move_uploaded_file($_FILES['crt_client']['tmp_name'], '/etc/openvpn/keys/user.crt');
+      } elseif($_POST['crt_client_delete'] == 1) {
+        unlink('/etc/openvpn/keys/user.crt');
+      }
+      
+      if($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK) {
+        move_uploaded_file($_FILES['crt_client_key']['tmp_name'], '/etc/openvpn/keys/user.key');
+      } elseif($_POST['crt_client_key_delete'] == 1) {
+        unlink('/etc/openvpn/keys/user.key');
+      }
+  
+      if($_FILES['crt_client_ta']['error'] == UPLOAD_ERR_OK) {
+        move_uploaded_file($_FILES['crt_client_ta']['tmp_name'], '/etc/openvpn/keys/user_ta.key');
+      } elseif($_POST['crt_client_ta_delete'] == 1) {
+        unlink('/etc/openvpn/keys/user_ta.key');
+      }
+      
+      if($_FILES['crt_server_ca']['error'] == UPLOAD_ERR_OK) {
+        move_uploaded_file($_FILES['crt_server_ca']['tmp_name'], '/etc/openvpn/keys/ca-server.crt');
+      }
     }
     
-    if(!empty($_POST['login_user'])) {
-      file_put_contents('/etc/openvpn/keys/credentials', "${_POST['login_user']}\n${_POST['login_passphrase']}");
+    if(!empty($config['login_user'])) {
+      file_put_contents('/etc/openvpn/keys/credentials', "${config['login_user']}\n${config['login_passphrase']}");
     } else {
       file_put_contents('/etc/openvpn/keys/credentials', '');
     }

sources/i18n/fr_FR/LC_MESSAGES/localization.po

@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: data 2\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-07-25 10:42+0200\n"
-"PO-Revision-Date: 2015-07-25 10:50+0100\n"
+"POT-Creation-Date: 2015-09-29 14:09+0200\n"
+"PO-Revision-Date: 2015-09-29 14:10+0200\n"
 "Last-Translator: samy boutayeb <samy@langues-etcetera.fr>\n"
 "Language-Team: none\n"
 "Language: fr\n"
@@ -17,60 +17,68 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Poedit 1.6.10\n"
+"X-Generator: Poedit 1.8.4\n"
 
-#: sources/controller.php:100
+#: sources/controller.php:130
+msgid "Json Syntax Error, please check your dot cube file"
+msgstr "Error de syntaxe Json, merci de vérifier votre fichier .cube"
+
+#: sources/controller.php:140
 msgid "The Server Address, the Server Port and the Protocol cannot be empty"
 msgstr ""
 "L'adresse du serveur, le port du serveur et le protocole ne peuvent pas être "
 "vides"
 
-#: sources/controller.php:104
+#: sources/controller.php:144
 msgid "The Server Port must be only composed of digits"
 msgstr "Le port du serveur ne peut correspondre qu'à des chiffres"
 
-#: sources/controller.php:108
+#: sources/controller.php:148
 msgid "The Protocol must be \"udp\" or \"tcp\""
 msgstr "Le protocole ne peut correspondre qu'à \"udp\" ou \"tcp\""
 
-#: sources/controller.php:114
-msgid "A Client Certificate is needed when you suggest a Key, or vice versa"
-msgstr ""
-"Un certificat client est nécessaire si vous proposez une clé, et inversement"
+#: sources/controller.php:152
+msgid "You need to define two DNS resolver addresses"
+msgstr "Vous devez définir deux adresses de résolveur DNS"
 
-#: sources/controller.php:118
+#: sources/controller.php:156
 msgid "A Password is needed when you suggest a Username, or vice versa"
 msgstr ""
 "Un mot de passe est nécessaire si vous proposez un nom d'utilisateur, et "
 "inversement"
 
-#: sources/controller.php:122
+#: sources/controller.php:163
+msgid "A Client Certificate is needed when you suggest a Key, or vice versa"
+msgstr ""
+"Un certificat client est nécessaire si vous proposez une clé, et inversement"
+
+#: sources/controller.php:167
 msgid "You need a Server CA."
 msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur"
 
-#: sources/controller.php:126
+#: sources/controller.php:171
 msgid "You need either a Client Certificate, either a Username, or both"
 msgstr ""
 "Vous devez avoir soit un certificat client, soit un nom d'utilisateur, soit "
 "les deux"
 
-#: sources/controller.php:133
+#: sources/controller.php:178
 msgid "The IPv6 Delegated Prefix format looks bad"
 msgstr "Le format du préfixe IPv6 délégué semble incorrect"
 
-#: sources/controller.php:144
+#: sources/controller.php:189
 msgid "configuration not updated"
 msgstr "configuration non-mise à jour"
 
-#: sources/controller.php:189
+#: sources/controller.php:310
 msgid "Configuration updated and service successfully reloaded"
 msgstr "Configuration mise à jour et service correctement rechargé"
 
-#: sources/controller.php:191
+#: sources/controller.php:312
 msgid "Configuration updated but service reload failed"
 msgstr "Configuration mise à jour mais le rechargement du service a échoué"
 
-#: sources/controller.php:195
+#: sources/controller.php:316
 msgid "Service successfully disabled"
 msgstr "Service désactivé avec succès"
 
@@ -82,8 +90,8 @@ msgstr "Client VPN"
 msgid "Error"
 msgstr "Erreur"
 
-#: sources/views/layout.html.php:54 sources/views/settings.html.php:125
-#: sources/views/settings.html.php:165
+#: sources/views/layout.html.php:54 sources/views/settings.html.php:124
+#: sources/views/settings.html.php:138
 msgid "Notice"
 msgstr "Notice"
 
@@ -127,57 +135,53 @@ msgid "VPN Enabled"
 msgstr "VPN activé"
 
 #: sources/views/settings.html.php:60
+msgid "Manual"
+msgstr "Manuel"
+
+#: sources/views/settings.html.php:61
+msgid "Automatic"
+msgstr "Automatique"
+
+#: sources/views/settings.html.php:67
 msgid "VPN"
 msgstr "VPN"
 
-#: sources/views/settings.html.php:65
+#: sources/views/settings.html.php:72
 msgid "Server Address"
 msgstr "Adresse du serveur"
 
-#: sources/views/settings.html.php:72
+#: sources/views/settings.html.php:79
 msgid "Server Port"
 msgstr "Port du serveur"
 
-#: sources/views/settings.html.php:74
+#: sources/views/settings.html.php:81
 msgid "With restricted access, you should use 443 (TCP) or 53 (UDP)"
 msgstr "En cas d'accès restreint, utiliser 443 (TCP) ou 53 (UDP)"
 
-#: sources/views/settings.html.php:79
+#: sources/views/settings.html.php:86
 msgid "Protocol"
 msgstr "Protocole"
 
-#: sources/views/settings.html.php:82
+#: sources/views/settings.html.php:89
 msgid "UDP"
 msgstr "UDP"
 
-#: sources/views/settings.html.php:85
+#: sources/views/settings.html.php:92
 msgid ""
 "UDP is more efficient than TCP (but more filtered in case of restrictive "
 "access)"
 msgstr ""
 "UDP est plus performant que TCP (mais plus filtré en cas d'accès restreint)"
 
-#: sources/views/settings.html.php:86
+#: sources/views/settings.html.php:93
 msgid "TCP"
 msgstr "TCP"
 
-#: sources/views/settings.html.php:94
-msgid "Edit the raw configuration only if you know what you do!"
-msgstr "N'éditez la configuration brute que si vous savez ce que vous faites !"
-
-#: sources/views/settings.html.php:94 sources/views/settings.html.php:99
-msgid "Advanced"
-msgstr "Avancé"
+#: sources/views/settings.html.php:99
+msgid "Delegated prefix (IPv6)"
+msgstr "Préfixe délégué (IPv6)"
 
-#: sources/views/settings.html.php:109
-msgid "IPv6"
-msgstr "IPv6"
-
-#: sources/views/settings.html.php:114
-msgid "Delegated prefix"
-msgstr "Préfixe délégué"
-
-#: sources/views/settings.html.php:116
+#: sources/views/settings.html.php:101
 msgid ""
 "Leave empty if your Internet Service Provider does not give you a delegated "
 "prefix"
@@ -185,7 +189,15 @@ msgstr ""
 "Laissez vide si votre Fournisseur d'Accès à Internet ne vous fournit pas de "
 "préfixe délégué."
 
-#: sources/views/settings.html.php:125
+#: sources/views/settings.html.php:108
+msgid "Edit the raw configuration only if you know what you do!"
+msgstr "N'éditez la configuration brute que si vous savez ce que vous faites !"
+
+#: sources/views/settings.html.php:108 sources/views/settings.html.php:113
+msgid "Advanced"
+msgstr "Avancé"
+
+#: sources/views/settings.html.php:124
 msgid ""
 "You need to upload a Client Certificate, or define a Username (or both) for "
 "starting your VPN Client."
@@ -193,83 +205,132 @@ msgstr ""
 "Vous devez téléverser le certificat du client, ou définir un nom "
 "d'utilisateur (ou les deux) pour démarrer votre client VPN."
 
-#: sources/views/settings.html.php:131
-msgid "Certificates"
-msgstr "Certificats"
+#: sources/views/settings.html.php:130
+msgid "Authentication"
+msgstr "Authentification"
+
+#: sources/views/settings.html.php:138
+msgid "You need to upload a Server CA for starting your VPN Client."
+msgstr "Vous devez transférer un CA de serveur pour démarrer votre client VPN."
+
+#: sources/views/settings.html.php:142
+msgid "Update Server CA"
+msgstr "Actualiser le CA du serveur"
 
-#: sources/views/settings.html.php:136
+#: sources/views/settings.html.php:142
+msgid "Upload Server CA"
+msgstr "Transférer le CA du serveur"
+
+#: sources/views/settings.html.php:145
+msgid "You cannot have no server CA"
+msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur"
+
+#: sources/views/settings.html.php:150 sources/views/settings.html.php:163
+#: sources/views/settings.html.php:176 sources/views/settings.html.php:189
+#: sources/views/settings.html.php:244
+msgid "Browse"
+msgstr "Parcourir"
+
+#: sources/views/settings.html.php:155
 msgid "Update Client Cert."
 msgstr "Actualiser le certificat client"
 
-#: sources/views/settings.html.php:136
+#: sources/views/settings.html.php:155
 msgid "Upload Client Cert."
-msgstr "Téléverser le certificat client"
+msgstr "Téléverser un certificat client"
 
-#: sources/views/settings.html.php:139 sources/views/settings.html.php:152
+#: sources/views/settings.html.php:158 sources/views/settings.html.php:171
+#: sources/views/settings.html.php:184
 msgid "Delete this certificate"
 msgstr "Supprimer ce certificat"
 
-#: sources/views/settings.html.php:144 sources/views/settings.html.php:157
-#: sources/views/settings.html.php:177
-msgid "Browse"
-msgstr "Parcourir"
-
-#: sources/views/settings.html.php:149
+#: sources/views/settings.html.php:168
 msgid "Update Client Key"
 msgstr "Actualiser la clé client"
 
-#: sources/views/settings.html.php:149
+#: sources/views/settings.html.php:168
 msgid "Upload Client Key"
-msgstr "Téléverser la clé client"
+msgstr "Téléverser un clé client"
 
-#: sources/views/settings.html.php:155
+#: sources/views/settings.html.php:174 sources/views/settings.html.php:187
 msgid "Make sure your browser is able to read the key file before uploading"
 msgstr ""
 "Assurez-vous que votre navigateur peut lire le fichier contenant la clé "
 "avant de le téléverser"
 
-#: sources/views/settings.html.php:157
+#: sources/views/settings.html.php:176 sources/views/settings.html.php:189
 msgid "make sure your browser is able to read the key file before uploading"
 msgstr ""
 "assurez-vous que votre navigateur peut lire le fichier contenant la clé "
 "avant de le téléverser"
 
-#: sources/views/settings.html.php:165
-msgid "You need to upload a Server CA for starting your VPN Client."
-msgstr "Vous devez transférer un CA de serveur pour démarrer votre client VPN."
-
-#: sources/views/settings.html.php:169
-msgid "Update Server CA"
-msgstr "Actualiser le CA du serveur"
-
-#: sources/views/settings.html.php:169
-msgid "Upload Server CA"
-msgstr "Transférer le CA du serveur"
-
-#: sources/views/settings.html.php:172
-msgid "You cannot have no server CA"
-msgstr "Vous ne pouvez pas ne pas avoir de CA de serveur"
+#: sources/views/settings.html.php:181
+msgid "Update Shared-Secret"
+msgstr "Actualiser le secret partagé"
 
-#: sources/views/settings.html.php:185
-msgid "Login"
-msgstr "Identifiant"
+#: sources/views/settings.html.php:181
+msgid "Upload Shared-Secret"
+msgstr "Téléverser un secret partagé"
 
-#: sources/views/settings.html.php:190
+#: sources/views/settings.html.php:194
 msgid "Username"
 msgstr "Nom d'utilisateur"
 
-#: sources/views/settings.html.php:192 sources/views/settings.html.php:199
+#: sources/views/settings.html.php:196 sources/views/settings.html.php:203
 msgid "Leave empty if not necessary"
 msgstr "Laisser vide si non nécessaire"
 
-#: sources/views/settings.html.php:197
+#: sources/views/settings.html.php:201
 msgid "Password"
 msgstr "Mot de passe"
 
-#: sources/views/settings.html.php:207
+#: sources/views/settings.html.php:211
+msgid "DNS"
+msgstr "DNS"
+
+#: sources/views/settings.html.php:216
+msgid "First resolver"
+msgstr "Premier résolveur"
+
+#: sources/views/settings.html.php:218 sources/views/settings.html.php:225
+msgid "IPv6 or IPv4"
+msgstr "IPv6 ou IPv4"
+
+#: sources/views/settings.html.php:223
+msgid "Second resolver"
+msgstr "Second résolveur"
+
+#: sources/views/settings.html.php:235
+msgid "Auto Configuration"
+msgstr "Configuration automatique"
+
+#: sources/views/settings.html.php:240
+msgid "Upload Config"
+msgstr "Téléverser une configuration"
+
+#: sources/views/settings.html.php:247
+msgid "What is a dot cube file?"
+msgstr "Qu'est-ce qu'un fichier .cube ?"
+
+#: sources/views/settings.html.php:255
 msgid "Reloading may take a few minutes. Be patient."
 msgstr "Le rechargement peut prendre quelques minutes. Soyez patient."
 
-#: sources/views/settings.html.php:207
+#: sources/views/settings.html.php:255
 msgid "Save and reload"
 msgstr "Sauvegarder et recharger"
+
+#~ msgid "ta.key"
+#~ msgstr "ta.key"
+
+#~ msgid "IPv6"
+#~ msgstr "IPv6"
+
+#~ msgid "Delegated prefix"
+#~ msgstr "Préfixe délégué"
+
+#~ msgid "Certificates"
+#~ msgstr "Certificats"
+
+#~ msgid "Login"
+#~ msgstr "Identifiant"

sources/i18n/localization.pot

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-07-25 10:42+0200\n"
+"POT-Creation-Date: 2015-09-29 14:09+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,51 +17,59 @@ msgstr ""
 "Content-Type: text/plain; charset=CHARSET\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: sources/controller.php:100
+#: sources/controller.php:130
+msgid "Json Syntax Error, please check your dot cube file"
+msgstr ""
+
+#: sources/controller.php:140
 msgid "The Server Address, the Server Port and the Protocol cannot be empty"
 msgstr ""
 
-#: sources/controller.php:104
+#: sources/controller.php:144
 msgid "The Server Port must be only composed of digits"
 msgstr ""
 
-#: sources/controller.php:108
+#: sources/controller.php:148
 msgid "The Protocol must be \"udp\" or \"tcp\""
 msgstr ""
 
-#: sources/controller.php:114
-msgid "A Client Certificate is needed when you suggest a Key, or vice versa"
+#: sources/controller.php:152
+msgid "You need to define two DNS resolver addresses"
 msgstr ""
 
-#: sources/controller.php:118
+#: sources/controller.php:156
 msgid "A Password is needed when you suggest a Username, or vice versa"
 msgstr ""
 
-#: sources/controller.php:122
+#: sources/controller.php:163
+msgid "A Client Certificate is needed when you suggest a Key, or vice versa"
+msgstr ""
+
+#: sources/controller.php:167
 msgid "You need a Server CA."
 msgstr ""
 
-#: sources/controller.php:126
+#: sources/controller.php:171
 msgid "You need either a Client Certificate, either a Username, or both"
 msgstr ""
 
-#: sources/controller.php:133
+#: sources/controller.php:178
 msgid "The IPv6 Delegated Prefix format looks bad"
 msgstr ""
 
-#: sources/controller.php:144
+#: sources/controller.php:189
 msgid "configuration not updated"
 msgstr ""
 
-#: sources/controller.php:189
+#: sources/controller.php:310
 msgid "Configuration updated and service successfully reloaded"
 msgstr ""
 
-#: sources/controller.php:191
+#: sources/controller.php:312
 msgid "Configuration updated but service reload failed"
 msgstr ""
 
-#: sources/controller.php:195
+#: sources/controller.php:316
 msgid "Service successfully disabled"
 msgstr ""
 
@@ -73,8 +81,8 @@ msgstr ""
 msgid "Error"
 msgstr ""
 
-#: sources/views/layout.html.php:54 sources/views/settings.html.php:125
-#: sources/views/settings.html.php:165
+#: sources/views/layout.html.php:54 sources/views/settings.html.php:124
+#: sources/views/settings.html.php:138
 msgid "Notice"
 msgstr ""
 
@@ -116,140 +124,178 @@ msgid "VPN Enabled"
 msgstr ""
 
 #: sources/views/settings.html.php:60
+msgid "Manual"
+msgstr ""
+
+#: sources/views/settings.html.php:61
+msgid "Automatic"
+msgstr ""
+
+#: sources/views/settings.html.php:67
 msgid "VPN"
 msgstr ""
 
-#: sources/views/settings.html.php:65
+#: sources/views/settings.html.php:72
 msgid "Server Address"
 msgstr ""
 
-#: sources/views/settings.html.php:72
+#: sources/views/settings.html.php:79
 msgid "Server Port"
 msgstr ""
 
-#: sources/views/settings.html.php:74
+#: sources/views/settings.html.php:81
 msgid "With restricted access, you should use 443 (TCP) or 53 (UDP)"
 msgstr ""
 
-#: sources/views/settings.html.php:79
+#: sources/views/settings.html.php:86
 msgid "Protocol"
 msgstr ""
 
-#: sources/views/settings.html.php:82
+#: sources/views/settings.html.php:89
 msgid "UDP"
 msgstr ""
 
-#: sources/views/settings.html.php:85
+#: sources/views/settings.html.php:92
 msgid ""
 "UDP is more efficient than TCP (but more filtered in case of restrictive "
 "access)"
 msgstr ""
 
-#: sources/views/settings.html.php:86
+#: sources/views/settings.html.php:93
 msgid "TCP"
 msgstr ""
 
-#: sources/views/settings.html.php:94
+#: sources/views/settings.html.php:99
+msgid "Delegated prefix (IPv6)"
+msgstr ""
+
+#: sources/views/settings.html.php:101
+msgid ""
+"Leave empty if your Internet Service Provider does not give you a delegated "
+"prefix"
+msgstr ""
+
+#: sources/views/settings.html.php:108
 msgid "Edit the raw configuration only if you know what you do!"
 msgstr ""
 
-#: sources/views/settings.html.php:94 sources/views/settings.html.php:99
+#: sources/views/settings.html.php:108 sources/views/settings.html.php:113
 msgid "Advanced"
 msgstr ""
 
-#: sources/views/settings.html.php:109
-msgid "IPv6"
+#: sources/views/settings.html.php:124
+msgid ""
+"You need to upload a Client Certificate, or define a Username (or both) for "
+"starting your VPN Client."
 msgstr ""
 
-#: sources/views/settings.html.php:114
-msgid "Delegated prefix"
+#: sources/views/settings.html.php:130
+msgid "Authentication"
 msgstr ""
 
-#: sources/views/settings.html.php:116
-msgid ""
-"Leave empty if your Internet Service Provider does not give you a delegated "
-"prefix"
+#: sources/views/settings.html.php:138
+msgid "You need to upload a Server CA for starting your VPN Client."
 msgstr ""
 
-#: sources/views/settings.html.php:125
-msgid ""
-"You need to upload a Client Certificate, or define a Username (or both) for "
-"starting your VPN Client."
+#: sources/views/settings.html.php:142
+msgid "Update Server CA"
 msgstr ""
 
-#: sources/views/settings.html.php:131
-msgid "Certificates"
+#: sources/views/settings.html.php:142
+msgid "Upload Server CA"
 msgstr ""
 
-#: sources/views/settings.html.php:136
+#: sources/views/settings.html.php:145
+msgid "You cannot have no server CA"
+msgstr ""
+
+#: sources/views/settings.html.php:150 sources/views/settings.html.php:163
+#: sources/views/settings.html.php:176 sources/views/settings.html.php:189
+#: sources/views/settings.html.php:244
+msgid "Browse"
+msgstr ""
+
+#: sources/views/settings.html.php:155
 msgid "Update Client Cert."
 msgstr ""
 
-#: sources/views/settings.html.php:136
+#: sources/views/settings.html.php:155
 msgid "Upload Client Cert."
 msgstr ""
 
-#: sources/views/settings.html.php:139 sources/views/settings.html.php:152
+#: sources/views/settings.html.php:158 sources/views/settings.html.php:171
+#: sources/views/settings.html.php:184
 msgid "Delete this certificate"
 msgstr ""
 
-#: sources/views/settings.html.php:144 sources/views/settings.html.php:157
-#: sources/views/settings.html.php:177
-msgid "Browse"
-msgstr ""
-
-#: sources/views/settings.html.php:149
+#: sources/views/settings.html.php:168
 msgid "Update Client Key"
 msgstr ""
 
-#: sources/views/settings.html.php:149
+#: sources/views/settings.html.php:168
 msgid "Upload Client Key"
 msgstr ""
 
-#: sources/views/settings.html.php:155
+#: sources/views/settings.html.php:174 sources/views/settings.html.php:187
 msgid "Make sure your browser is able to read the key file before uploading"
 msgstr ""
 
-#: sources/views/settings.html.php:157
+#: sources/views/settings.html.php:176 sources/views/settings.html.php:189
 msgid "make sure your browser is able to read the key file before uploading"
 msgstr ""
 
-#: sources/views/settings.html.php:165
-msgid "You need to upload a Server CA for starting your VPN Client."
+#: sources/views/settings.html.php:181
+msgid "Update Shared-Secret"
 msgstr ""
 
-#: sources/views/settings.html.php:169
-msgid "Update Server CA"
+#: sources/views/settings.html.php:181
+msgid "Upload Shared-Secret"
 msgstr ""
 
-#: sources/views/settings.html.php:169
-msgid "Upload Server CA"
+#: sources/views/settings.html.php:194
+msgid "Username"
 msgstr ""
 
-#: sources/views/settings.html.php:172
-msgid "You cannot have no server CA"
+#: sources/views/settings.html.php:196 sources/views/settings.html.php:203
+msgid "Leave empty if not necessary"
 msgstr ""
 
-#: sources/views/settings.html.php:185
-msgid "Login"
+#: sources/views/settings.html.php:201
+msgid "Password"
 msgstr ""
 
-#: sources/views/settings.html.php:190
-msgid "Username"
+#: sources/views/settings.html.php:211
+msgid "DNS"
 msgstr ""
 
-#: sources/views/settings.html.php:192 sources/views/settings.html.php:199
-msgid "Leave empty if not necessary"
+#: sources/views/settings.html.php:216
+msgid "First resolver"
 msgstr ""
 
-#: sources/views/settings.html.php:197
-msgid "Password"
+#: sources/views/settings.html.php:218 sources/views/settings.html.php:225
+msgid "IPv6 or IPv4"
+msgstr ""
+
+#: sources/views/settings.html.php:223
+msgid "Second resolver"
+msgstr ""
+
+#: sources/views/settings.html.php:235
+msgid "Auto Configuration"
+msgstr ""
+
+#: sources/views/settings.html.php:240
+msgid "Upload Config"
+msgstr ""
+
+#: sources/views/settings.html.php:247
+msgid "What is a dot cube file?"
 msgstr ""
 
-#: sources/views/settings.html.php:207
+#: sources/views/settings.html.php:255
 msgid "Reloading may take a few minutes. Be patient."
 msgstr ""
 
-#: sources/views/settings.html.php:207
+#: sources/views/settings.html.php:255
 msgid "Save and reload"
 msgstr ""

sources/public/css/style.css

@@ -96,3 +96,12 @@ textarea#raw_openvpn {
   height: 300px;
   border: 1px solid #D9534F;
 }
+
+ul.nav {
+  margin-top: 30px;
+  margin-bottom: 20px;
+}
+
+ul.nav a {
+  outline: none;
+}

sources/public/js/custom.js

@@ -16,11 +16,24 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+function tabsClick() {
+  var tab = $(this).parent().attr('data-tab');
+
+  $('.nav').find('li.active').removeClass('active');
+  $(this).parent().addClass('active');
+
+  $('.tabs').hide();
+  $('.tab' + tab).show();
+
+  return false;
+}
+
 $(document).ready(function() {
   $('.btn-group').button();
   $('[data-toggle="tooltip"]').tooltip();
 
   $('.switch').bootstrapToggle();
+  $('.nav-tabs a').click(tabsClick);
 
   $('.fileinput').click(function() {
     if(!$(this).hasClass('btn-danger')) {
@@ -47,7 +60,7 @@ $(document).ready(function() {
       if($(choosertxtid).hasClass('btn-danger') != $('#crt_client_choosertxt').hasClass('btn-danger')) {
         $('#crt_client_deletebtn').click();
       }
-    } else {
+    } else if($(this).attr('id').search('_ta') < 0) {
       if($(choosertxtid).hasClass('btn-danger') != $('#crt_client_key_choosertxt').hasClass('btn-danger')) {
         $('#crt_client_key_deletebtn').click();
       }

sources/views/settings.html.php

@@ -55,148 +55,196 @@
         </div>
       </div>
 
-      <div class="panel panel-default enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
-        <div class="panel-heading">
-          <h3 class="panel-title"><?= _("VPN") ?></h3>
-        </div>
+      <div class="enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
+        <ul class="nav nav-tabs nav-justified">
+          <li role="presentation" data-tab="manualconfig" class="active"><a href="#"><?= _("Manual") ?></a></li>
+          <li role="presentation" data-tab="autoconfig"><a href="#"><?= _("Automatic") ?></a></li>
+        </ul>
 
-        <div style="padding: 14px 14px 0 10px">
-          <div class="form-group">
-            <label for="server_name" class="col-sm-3 control-label"><?= _('Server Address') ?></label>
-            <div class="col-sm-9">
-              <input type="text" class="form-control" name="server_name" id="server_name" placeholder="access.ldn-fai.net" value="<?= $server_name ?>" />
+        <div class="tabs tabmanualconfig">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <h3 class="panel-title"><?= _("VPN") ?></h3>
             </div>
-          </div>
+
+            <div style="padding: 14px 14px 0 10px">
+              <div class="form-group">
+                <label for="server_name" class="col-sm-3 control-label"><?= _('Server Address') ?></label>
+                <div class="col-sm-9">
+                  <input type="text" class="form-control" name="server_name" id="server_name" placeholder="access.ldn-fai.net" value="<?= $server_name ?>" />
+                </div>
+              </div>
     
-          <div class="form-group">
-            <label for="server_port" class="col-sm-3 control-label"><?= _('Server Port') ?></label>
-            <div class="col-sm-9">
-              <input type="text" data-toggle="tooltip" data-title="<?= _('With restricted access, you should use 443 (TCP) or 53 (UDP)') ?>" class="form-control" name="server_port" id="server_port" placeholder="1194" value="<?= $server_port ?>" />
-            </div>
-          </div>
+              <div class="form-group">
+                <label for="server_port" class="col-sm-3 control-label"><?= _('Server Port') ?></label>
+                <div class="col-sm-9">
+                  <input type="text" data-toggle="tooltip" data-title="<?= _('With restricted access, you should use 443 (TCP) or 53 (UDP)') ?>" class="form-control" name="server_port" id="server_port" placeholder="1194" value="<?= $server_port ?>" />
+                </div>
+              </div>
     
-          <div class="form-group">
-            <label for="server_proto" class="col-sm-3 control-label"><?= _('Protocol') ?></label>
-            <div class="btn-group col-sm-9" data-toggle="buttons">
-              <label class="btn btn-default <?= $server_proto == 'udp' ? 'active' : '' ?>">
-                <input type="radio" name="server_proto" value="udp" <?= $server_proto == 'udp' ? 'checked="cheked"' : '' ?> /> <?= _('UDP') ?>
-              </label>
+              <div class="form-group">
+                <label for="server_proto" class="col-sm-3 control-label"><?= _('Protocol') ?></label>
+                <div class="btn-group col-sm-9" data-toggle="buttons">
+                  <label class="btn btn-default <?= $server_proto == 'udp' ? 'active' : '' ?>">
+                    <input type="radio" name="server_proto" value="udp" <?= $server_proto == 'udp' ? 'checked="cheked"' : '' ?> /> <?= _('UDP') ?>
+                  </label>
     
-              <label class="btn btn-default <?= $server_proto == 'tcp' ? 'active' : '' ?>" data-toggle="tooltip" data-title="<?= _('UDP is more efficient than TCP (but more filtered in case of restrictive access)') ?>">
-                <input type="radio" name="server_proto" value="tcp" <?= $server_proto == 'tcp' ? 'checked="cheked"' : '' ?> /> <?= _('TCP') ?>
-              </label>
+                  <label class="btn btn-default <?= $server_proto == 'tcp' ? 'active' : '' ?>" data-toggle="tooltip" data-title="<?= _('UDP is more efficient than TCP (but more filtered in case of restrictive access)') ?>">
+                    <input type="radio" name="server_proto" value="tcp" <?= $server_proto == 'tcp' ? 'checked="cheked"' : '' ?> /> <?= _('TCP') ?>
+                  </label>
+                </div>
+              </div>
+
+              <div class="form-group">
+                <label for="ip6_net" class="col-sm-3 control-label"><?= _('Delegated prefix (IPv6)') ?></label>
+                <div class="col-sm-9">
+                  <input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if your Internet Service Provider does not give you a delegated prefix') ?>" class="form-control" name="ip6_net" id="ip6_net" placeholder="2001:db8:42::" value="<?= $ip6_net ?>" />
+                </div>
+              </div>
+
+              <div class="form-group" id="raw_openvpn_btnpanel">
+                <label class="col-sm-3 control-label"></label>
+                <div class="col-sm-9">
+                  <span class="glyphicon glyphicon-cog"></span> <a href="javascript:" id="raw_openvpn_btn" data-toggle="tooltip" data-title="<?= _('Edit the raw configuration only if you know what you do!') ?>"><?= _('Advanced') ?></a>
+                </div>
+              </div>
+
+              <div class="form-group" id="raw_openvpn_panel">
+                <label for="raw_openvpn" class="col-sm-3 control-label"><?= _('Advanced') ?></label>
+                <div class="col-sm-9">
+                  <pre><textarea class="form-control" name="raw_openvpn" id="raw_openvpn"><?= $raw_openvpn ?></textarea></pre>
+                </div>
+              </div>
             </div>
           </div>
 
-          <div class="form-group" id="raw_openvpn_btnpanel">
-            <label class="col-sm-3 control-label"></label>
-            <div class="col-sm-9">
-              <span class="glyphicon glyphicon-cog"></span> <a href="#" id="raw_openvpn_btn" data-toggle="tooltip" data-title="<?= _('Edit the raw configuration only if you know what you do!') ?>"><?= _('Advanced') ?></a>
+          <?php if(!$crt_client_key_exists && empty($login_user)): ?>
+            <div class="alert alert-dismissible alert-warning fade in" style="margin: 2px 0px 17px" role="alert">
+              <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
+              <strong><?= _('Notice') ?>:</strong> <?= _("You need to upload a Client Certificate, or define a Username (or both) for starting your VPN Client.") ?>
             </div>
-          </div>
+          <?php endif; ?>
 
-          <div class="form-group" id="raw_openvpn_panel">
-            <label for="raw_openvpn" class="col-sm-3 control-label"><?= _('Advanced') ?></label>
-            <div class="col-sm-9">
-              <pre><textarea class="form-control" name="raw_openvpn" id="raw_openvpn"><?= $raw_openvpn ?></textarea></pre>
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <h3 class="panel-title"><?= _("Authentication") ?></h3>
             </div>
-          </div>
-        </div>
-      </div>
 
-      <div class="panel panel-default enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
-        <div class="panel-heading">
-          <h3 class="panel-title"><?= _("IPv6") ?></h3>
-        </div>
+            <div style="padding: 14px 14px 0 10px">
+              <div class="form-group">
+                <?php if(!$crt_server_ca_exists): ?>
+                  <div class="alert alert-dismissible alert-warning fade in" style="margin: 2px 16px 17px" role="alert">
+                    <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
+                    <strong><?= _('Notice') ?>:</strong> <?= _("You need to upload a Server CA for starting your VPN Client.") ?>
+                  </div>
+                <?php endif; ?>
 
-        <div style="padding: 14px 14px 0 10px">
-          <div class="form-group">
-            <label for="ip6_net" class="col-sm-3 control-label"><?= _('Delegated prefix') ?></label>
-            <div class="col-sm-9">
-              <input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if your Internet Service Provider does not give you a delegated prefix') ?>" class="form-control" name="ip6_net" id="ip6_net" placeholder="2001:db8:42::" value="<?= $ip6_net ?>" />
-            </div>
-          </div>
-        </div>
-      </div>
+                <label for="crt_server_ca" class="col-sm-3 control-label"><?= $crt_server_ca_exists ? _('Update Server CA') : _('Upload Server CA') ?></label>
+                <div class="input-group col-sm-9" style="padding: 0 15px">
+                  <?php if($crt_server_ca_exists): ?>
+                    <a class="btn btn-danger not-allowed btn-disabled input-group-addon" id="crt_server_ca_deletebtn" data-toggle="tooltip" data-title="<?= _('You cannot have no server CA') ?>"><span class="glyphicon glyphicon-remove"></span></a>
+                    <input id="crt_server_ca_delete" name="crt_server_ca_delete" type="checkbox" value="1" style="display: none" />
+                  <?php endif; ?>
+                  <input type="text" class="form-control fileinput" id="crt_server_ca_choosertxt" placeholder="-----BEGIN CERTIFICATE-----" readonly="readonly" />
+                  <input id="crt_server_ca" name="crt_server_ca" type="file" style="display: none" />
+                  <a class="btn input-group-addon fileinput" id="crt_server_ca_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?>"><span class="glyphicon glyphicon-search"></span></a>
+                </div>
+              </div>
 
-      <?php if(!$crt_client_key_exists && empty($login_user)): ?>
-        <div class="alert alert-dismissible alert-warning fade in enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?> style="margin: 2px 0px 17px" role="alert">
-          <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
-          <strong><?= _('Notice') ?>:</strong> <?= _("You need to upload a Client Certificate, or define a Username (or both) for starting your VPN Client.") ?>
-        </div>
-      <?php endif; ?>
+              <div class="form-group">
+                <label for="crt_client" class="col-sm-3 control-label"><?= $crt_client_exists ? _('Update Client Cert.') : _('Upload Client Cert.') ?></label>
+                <div class="input-group col-sm-9" style="padding: 0 15px">
+                  <?php if($crt_client_exists): ?>
+                    <a class="btn btn-danger input-group-addon deletefile" id="crt_client_deletebtn" data-toggle="tooltip" data-title="<?= _('Delete this certificate') ?>"><span class="glyphicon glyphicon-remove"></span></a>
+                    <input id="crt_client_delete" name="crt_client_delete" type="checkbox" value="1" style="display: none" />
+                  <?php endif; ?>
+                  <input type="text" class="form-control fileinput" id="crt_client_choosertxt" placeholder="-----BEGIN CERTIFICATE-----" readonly="readonly" />
+                  <input id="crt_client" name="crt_client" type="file" style="display: none" />
+                  <a class="btn input-group-addon fileinput" id="crt_client_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?>"><span class="glyphicon glyphicon-search"></span></a>
+                </div>
+              </div>
 
-      <div class="panel panel-default enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
-        <div class="panel-heading">
-          <h3 class="panel-title"><?= _("Certificates") ?></h3>
-        </div>
+              <div class="form-group">
+                <label for="crt_client_key" class="col-sm-3 control-label"><?= $crt_client_key_exists ? _('Update Client Key') : _('Upload Client Key') ?></label>
+                <div class="input-group col-sm-9" style="padding: 0 15px">
+                  <?php if($crt_client_key_exists): ?>
+                    <a class="btn btn-danger input-group-addon deletefile" id="crt_client_key_deletebtn" data-toggle="tooltip" data-title="<?= _('Delete this certificate') ?>"><span class="glyphicon glyphicon-remove"></span></a>
+                    <input id="crt_client_key_delete" name="crt_client_key_delete" type="checkbox" value="1" style="display: none" />
+                  <?php endif; ?>
+                  <input type="text" class="form-control fileinput" id="crt_client_key_choosertxt" data-toggle="tooltip" data-title="<?= _('Make sure your browser is able to read the key file before uploading') ?>" placeholder="-----BEGIN PRIVATE KEY-----" readonly="readonly" />
+                  <input id="crt_client_key" name="crt_client_key" type="file" style="display: none" />
+                  <a class="btn input-group-addon fileinput" id="crt_client_key_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?> (<?= _('make sure your browser is able to read the key file before uploading') ?>)"><span class="glyphicon glyphicon-search"></span></a>
+                </div>
+              </div>
 
-        <div style="padding: 14px 14px 0 10px">
-          <div class="form-group">
-            <label for="crt_client" class="col-sm-3 control-label"><?= $crt_client_exists ? _('Update Client Cert.') : _('Upload Client Cert.') ?></label>
-            <div class="input-group col-sm-9" style="padding: 0 15px">
-              <?php if($crt_client_exists): ?>
-                <a class="btn btn-danger input-group-addon deletefile" id="crt_client_deletebtn" data-toggle="tooltip" data-title="<?= _('Delete this certificate') ?>"><span class="glyphicon glyphicon-remove"></span></a>
-                <input id="crt_client_delete" name="crt_client_delete" type="checkbox" value="1" style="display: none" />
-              <?php endif; ?>
-              <input type="text" class="form-control fileinput" id="crt_client_choosertxt" placeholder="-----BEGIN CERTIFICATE-----" readonly="readonly" />
-              <input id="crt_client" name="crt_client" type="file" style="display: none" />
-              <a class="btn input-group-addon fileinput" id="crt_client_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?>"><span class="glyphicon glyphicon-search"></span></a>
+              <div class="form-group">
+                <label for="crt_client_ta" class="col-sm-3 control-label"><?= $crt_client_ta_exists ? _('Update Shared-Secret') : _('Upload Shared-Secret') ?></label>
+                <div class="input-group col-sm-9" style="padding: 0 15px">
+                  <?php if($crt_client_ta_exists): ?>
+                    <a class="btn btn-danger input-group-addon deletefile" id="crt_client_ta_deletebtn" data-toggle="tooltip" data-title="<?= _('Delete this certificate') ?>"><span class="glyphicon glyphicon-remove"></span></a>
+                    <input id="crt_client_ta_delete" name="crt_client_ta_delete" type="checkbox" value="1" style="display: none" />
+                  <?php endif; ?>
+                  <input type="text" class="form-control fileinput" id="crt_client_ta_choosertxt" data-toggle="tooltip" data-title="<?= _('Make sure your browser is able to read the key file before uploading') ?>" placeholder="ta.key" readonly="readonly" />
+                  <input id="crt_client_ta" name="crt_client_ta" type="file" style="display: none" />
+                  <a class="btn input-group-addon fileinput" id="crt_client_ta_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?> (<?= _('make sure your browser is able to read the key file before uploading') ?>)"><span class="glyphicon glyphicon-search"></span></a>
+                </div>
+              </div>
+
+              <div class="form-group">
+                <label for="login_user" class="col-sm-3 control-label"><?= _('Username') ?></label>
+                <div class="col-sm-9">
+                  <input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if not necessary') ?>" class="form-control" name="login_user" id="login_user" placeholder="michu" value="<?= $login_user ?>" />
+                </div>
+              </div>
+
+              <div class="form-group">
+                <label for="login_passphrase" class="col-sm-3 control-label"><?= _('Password') ?></label>
+                <div class="col-sm-9">
+                  <input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if not necessary') ?>" class="form-control" name="login_passphrase" id="login_passphrase" placeholder="XVCwSbDkxnqQ" value="<?= $login_passphrase ?>" />
+                </div>
+              </div>
             </div>
           </div>
 
-          <div class="form-group">
-            <label for="crt_client_key" class="col-sm-3 control-label"><?= $crt_client_key_exists ? _('Update Client Key') : _('Upload Client Key') ?></label>
-            <div class="input-group col-sm-9" style="padding: 0 15px">
-              <?php if($crt_client_key_exists): ?>
-                <a class="btn btn-danger input-group-addon deletefile" id="crt_client_key_deletebtn" data-toggle="tooltip" data-title="<?= _('Delete this certificate') ?>"><span class="glyphicon glyphicon-remove"></span></a>
-                <input id="crt_client_key_delete" name="crt_client_key_delete" type="checkbox" value="1" style="display: none" />
-              <?php endif; ?>
-              <input type="text" class="form-control fileinput" id="crt_client_key_choosertxt" data-toggle="tooltip" data-title="<?= _('Make sure your browser is able to read the key file before uploading') ?>" placeholder="-----BEGIN PRIVATE KEY-----" readonly="readonly" />
-              <input id="crt_client_key" name="crt_client_key" type="file" style="display: none" />
-              <a class="btn input-group-addon fileinput" id="crt_client_key_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?> (<?= _('make sure your browser is able to read the key file before uploading') ?>)"><span class="glyphicon glyphicon-search"></span></a>
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <h3 class="panel-title"><?= _("DNS") ?></h3>
             </div>
-          </div>
 
-          <div class="form-group">
-            <?php if(!$crt_server_ca_exists): ?>
-              <div class="alert alert-dismissible alert-warning fade in" style="margin: 2px 16px 17px" role="alert">
-                <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
-                <strong><?= _('Notice') ?>:</strong> <?= _("You need to upload a Server CA for starting your VPN Client.") ?>
-              </div>
-            <?php endif; ?>
-
-            <label for="crt_server_ca" class="col-sm-3 control-label"><?= $crt_server_ca_exists ? _('Update Server CA') : _('Upload Server CA') ?></label>
-            <div class="input-group col-sm-9" style="padding: 0 15px">
-              <?php if($crt_server_ca_exists): ?>
-                <a class="btn btn-danger not-allowed btn-disabled input-group-addon" id="crt_server_ca_deletebtn" data-toggle="tooltip" data-title="<?= _('You cannot have no server CA') ?>"><span class="glyphicon glyphicon-remove"></span></a>
-                <input id="crt_server_ca_delete" name="crt_server_ca_delete" type="checkbox" value="1" style="display: none" />
-              <?php endif; ?>
-              <input type="text" class="form-control fileinput" id="crt_server_ca_choosertxt" placeholder="-----BEGIN CERTIFICATE-----" readonly="readonly" />
-              <input id="crt_server_ca" name="crt_server_ca" type="file" style="display: none" />
-              <a class="btn input-group-addon fileinput" id="crt_server_ca_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?>"><span class="glyphicon glyphicon-search"></span></a>
+            <div style="padding: 14px 14px 0 10px">
+              <div class="form-group">
+                <label for="dns0" class="col-sm-3 control-label"><?= _('First resolver') ?></label>
+                <div class="col-sm-9">
+                  <input type="text" data-toggle="tooltip" data-title="<?= _('IPv6 or IPv4') ?>" class="form-control" name="dns0" id="dns0" placeholder="89.234.141.66" value="<?= $dns0 ?>" />
+                </div>
+              </div>
+
+              <div class="form-group">
+                <label for="dns1" class="col-sm-3 control-label"><?= _('Second resolver') ?></label>
+                <div class="col-sm-9">
+                  <input type="text" data-toggle="tooltip" data-title="<?= _('IPv6 or IPv4') ?>" class="form-control" name="dns1" id="dns1" placeholder="2001:913::8" value="<?= $dns1 ?>" />
+                </div>
+              </div>
             </div>
           </div>
         </div>
-      </div>
-
-      <div class="panel panel-default enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
-        <div class="panel-heading">
-          <h3 class="panel-title"><?= _("Login") ?></h3>
-        </div>
 
-        <div style="padding: 14px 14px 0 10px">
-          <div class="form-group">
-            <label for="login_user" class="col-sm-3 control-label"><?= _('Username') ?></label>
-            <div class="col-sm-9">
-              <input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if not necessary') ?>" class="form-control" name="login_user" id="login_user" placeholder="michu" value="<?= $login_user ?>" />
+        <div class="tabs tabautoconfig" style="display: none">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <h3 class="panel-title"><?= _("Auto Configuration") ?></h3>
             </div>
-          </div>
 
-          <div class="form-group">
-            <label for="login_passphrase" class="col-sm-3 control-label"><?= _('Password') ?></label>
-            <div class="col-sm-9">
-              <input type="text" data-toggle="tooltip" data-title="<?= _('Leave empty if not necessary') ?>" class="form-control" name="login_passphrase" id="login_passphrase" placeholder="XVCwSbDkxnqQ" value="<?= $login_passphrase ?>" />
+            <div style="padding: 14px 14px 0 10px">
+              <div class="form-group">
+                <label for="cubefile" class="col-sm-3 control-label"><?= _('Upload Config') ?></label>
+                <div class="input-group col-sm-9" style="padding: 0 15px">
+                  <input type="text" class="form-control fileinput" id="cubefile_choosertxt" placeholder="config.cube" readonly="readonly" />
+                  <input id="cubefile" name="cubefile" type="file" style="display: none" />
+                  <a class="btn input-group-addon fileinput" id="cubefile_chooserbtn" data-toggle="tooltip" data-title="<?= _('Browse') ?>"><span class="glyphicon glyphicon-search"></span></a>
+                </div>
+              </div>
+              <p style="text-align: center"><a href="http://internetcu.be/dotcubefiles.html"><?= _('What is a dot cube file?') ?></a></p>
             </div>
           </div>
         </div>