/usr/local/www/vpn_ipsec_phase1.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase1.php @ 013b4695

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase1.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase1
34			##\|*NAME=VPN: IPsec: Edit Phase 1 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 1' page.
36			##\|MATCH=vpn_ipsec_phase1.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44			if (!is_array($config['ipsec']['phase1']))
45			$config['ipsec']['phase1'] = array();
46
47	647c7c48	Seth Mos	if (!is_array($config['ipsec']['phase2']))
48			$config['ipsec']['phase2'] = array();
49
50	a93e56c5	Matthew Grooms	$a_phase1 = &$config['ipsec']['phase1'];
51	647c7c48	Seth Mos	$a_phase2 = &$config['ipsec']['phase2'];
52	a93e56c5	Matthew Grooms
53	0e6cf71b	Renato Botelho	if (is_numericint($_GET['p1index']))
54			$p1index = $_GET['p1index'];
55			if (isset($_POST['p1index']) && is_numericint($_GET['p1index']))
56	a93e56c5	Matthew Grooms	$p1index = $_POST['p1index'];
57
58	0e6cf71b	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
59	a93e56c5	Matthew Grooms	$p1index = $_GET['dup'];
60
61	fad728ab	sullrich	if (isset($p1index) && $a_phase1[$p1index]) {
62	99bbd213	Matthew Grooms	// don't copy the ikeid on dup
63	0e6cf71b	Renato Botelho	if (!isset($_GET['dup']) \|\| !is_numericint($_GET['dup']))
64	99bbd213	Matthew Grooms	$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
65	7fc26246	Seth Mos
66	647c7c48	Seth Mos	$old_ph1ent = $a_phase1[$p1index];
67	99bbd213	Matthew Grooms
68	a93e56c5	Matthew Grooms	$pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']);
69
70			if ($a_phase1[$p1index]['interface'])
71			$pconfig['interface'] = $a_phase1[$p1index]['interface'];
72			else
73			$pconfig['interface'] = "wan";
74
75			list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
76	3462a529	Matthew Grooms
77			if (isset($a_phase1[$p1index]['mobile']))
78			$pconfig['mobile'] = 'true';
79			else
80			$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
81
82	a93e56c5	Matthew Grooms	$pconfig['mode'] = $a_phase1[$p1index]['mode'];
83	e79b24ab	Seth Mos	$pconfig['protocol'] = $a_phase1[$p1index]['protocol'];
84	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
85			$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data'];
86			$pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type'];
87			$pconfig['peerid_data'] = $a_phase1[$p1index]['peerid_data'];
88	6d0f5a63	Renato Botelho	$pconfig['verify_identifier'] = isset($a_phase1[$p1index]['verify_identifier']);
89	a93e56c5	Matthew Grooms	$pconfig['ealgo'] = $a_phase1[$p1index]['encryption-algorithm'];
90			$pconfig['halgo'] = $a_phase1[$p1index]['hash-algorithm'];
91			$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup'];
92			$pconfig['lifetime'] = $a_phase1[$p1index]['lifetime'];
93			$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
94	5cd9e96a	jim-p	$pconfig['generate_policy'] = $a_phase1[$p1index]['generate_policy'];
95	812dd35d	jim-p	$pconfig['proposal_check'] = $a_phase1[$p1index]['proposal_check'];
96	4e2af464	Matthew Grooms
97	ab2ccd9f	Renato Botelho	if (($pconfig['authentication_method'] == "pre_shared_key") \|\|
98	4e2af464	Matthew Grooms	($pconfig['authentication_method'] == "xauth_psk_server")) {
99			$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
100			} else {
101	73fbece8	mgrooms	$pconfig['certref'] = $a_phase1[$p1index]['certref'];
102	a22d475f	jim-p	$pconfig['caref'] = $a_phase1[$p1index]['caref'];
103	4e2af464	Matthew Grooms	}
104	a93e56c5	Matthew Grooms
105			$pconfig['descr'] = $a_phase1[$p1index]['descr'];
106			$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
107	3462a529	Matthew Grooms
108			if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) {
109			$pconfig['dpd_enable'] = true;
110			$pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay'];
111			$pconfig['dpd_maxfail'] = $a_phase1[$p1index]['dpd_maxfail'];
112			}
113	fad728ab	sullrich	} else {
114	a93e56c5	Matthew Grooms	/* defaults */
115			$pconfig['interface'] = "wan";
116	ab2ccd9f	Renato Botelho	if($config['interfaces']['lan'])
117	a93e56c5	Matthew Grooms	$pconfig['localnet'] = "lan";
118			$pconfig['mode'] = "aggressive";
119	e79b24ab	Seth Mos	$pconfig['protocol'] = "inet";
120	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = "myaddress";
121			$pconfig['peerid_type'] = "peeraddress";
122			$pconfig['authentication_method'] = "pre_shared_key";
123			$pconfig['ealgo'] = array( name => "3des" );
124			$pconfig['halgo'] = "sha1";
125			$pconfig['dhgroup'] = "2";
126			$pconfig['lifetime'] = "28800";
127			$pconfig['nat_traversal'] = "on";
128	3462a529	Matthew Grooms	$pconfig['dpd_enable'] = true;
129
130			/* mobile client */
131			if($_GET['mobile'])
132			$pconfig['mobile']=true;
133	a93e56c5	Matthew Grooms	}
134
135	0e6cf71b	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
136	a93e56c5	Matthew Grooms	unset($p1index);
137
138			if ($_POST) {
139			unset($input_errors);
140			$pconfig = $_POST;
141
142			/* input validation */
143	3462a529	Matthew Grooms
144			$method = $pconfig['authentication_method'];
145	f27526cd	Evgeny Yurchenko	// Unset ca and cert if not required to avaoid storing in config
146	c7a7a4ee	Ermal Luçi	if ($method == "pre_shared_key" \|\| $method == "xauth_psk_server"){
147	ab2ccd9f	Renato Botelho	unset($pconfig['caref']);
148			unset($pconfig['certref']);
149	f27526cd	Evgeny Yurchenko	}
150	99642234	jim-p
151	1f65618b	jim-p	// Only require PSK here for normal PSK tunnels (not mobile) or xauth.
152	0a7c9c8e	jim-p	// For RSA methods, require the CA/Cert.
153	99642234	jim-p	switch ($method) {
154			case "pre_shared_key":
155	ab2ccd9f	Renato Botelho	// If this is a mobile PSK tunnel the user PSKs go on
156	0a7c9c8e	jim-p	// the PSK tab, not here, so skip the check.
157	99642234	jim-p	if ($pconfig['mobile'])
158			break;
159			case "xauth_psk_server":
160			$reqdfields = explode(" ", "pskey");
161			$reqdfieldsn = array(gettext("Pre-Shared Key"));
162			break;
163			case "hybrid_rsa_server":
164			case "xauth_rsa_server":
165			case "rsasig":
166			$reqdfields = explode(" ", "caref certref");
167			$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
168			break;
169	a93e56c5	Matthew Grooms	}
170	3462a529	Matthew Grooms	if (!$pconfig['mobile']) {
171			$reqdfields[] = "remotegw";
172	2fbb33f1	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote gateway");
173	3462a529	Matthew Grooms	}
174	a93e56c5	Matthew Grooms
175	3462a529	Matthew Grooms	do_input_validation($pconfig, $reqdfields, $reqdfieldsn, &$input_errors);
176	a93e56c5	Matthew Grooms
177	3462a529	Matthew Grooms	if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
178	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("The P1 lifetime must be an integer.");
179	a93e56c5	Matthew Grooms
180	e4ffca08	Renato Botelho	if ($pconfig['remotegw']) {
181			if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw']))
182			$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
183			elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet"))
184			$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6");
185			elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6"))
186			$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4");
187			}
188	a93e56c5	Matthew Grooms
189	3462a529	Matthew Grooms	if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
190	a93e56c5	Matthew Grooms	$t = 0;
191			foreach ($a_phase1 as $ph1tmp) {
192			if ($p1index <> $t) {
193			$tremotegw = $pconfig['remotegw'];
194			if (($ph1tmp['remote-gateway'] == $tremotegw) && !isset($ph1tmp['disabled'])) {
195	ddc55e12	Erik Fonnesbeck	$input_errors[] = sprintf(gettext('The remote gateway "%1$s" is already used by phase1 "%2$s".'), $tremotegw, $ph1tmp['descr']);
196	a93e56c5	Matthew Grooms	}
197			}
198			$t++;
199			}
200			}
201
202	e4ffca08	Renato Botelho	if (is_array($a_phase2) && (count($a_phase2))) {
203			foreach ($a_phase2 as $phase2) {
204			if($phase2['ikeid'] == $pconfig['ikeid']) {
205			if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) {
206			$input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4.");
207			break;
208			}
209			if (($pconfig['protocol'] == "inet6") && ($phase2['mode'] == "tunnel")) {
210			$input_errors[] = gettext("There is a Phase 2 using IPv4, you cannot use IPv6.");
211			break;
212			}
213			}
214			}
215			}
216
217	a93e56c5	Matthew Grooms	/* My identity */
218
219	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "myaddress")
220			$pconfig['myid_data'] = "";
221	a93e56c5	Matthew Grooms
222	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
223	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter an address for 'My Identifier'");
224
225	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
226	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
227
228	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
229	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
230
231	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
232	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
233
234	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
235	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
236
237	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
238	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'My identifier' must be specified.");
239	a93e56c5	Matthew Grooms
240	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
241	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'My identifier' must be specified.");
242	a93e56c5	Matthew Grooms
243	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn")
244			if (is_domain($pconfig['myid_data']) == false)
245	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified.");
246	a93e56c5	Matthew Grooms
247	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn") {
248			$user_fqdn = explode("@",$pconfig['myid_data']);
249	a93e56c5	Matthew Grooms	if (is_domain($user_fqdn[1]) == false)
250	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.");
251	a93e56c5	Matthew Grooms	}
252
253	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns")
254			if (is_domain($pconfig['myid_data']) == false)
255	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified.");
256	a93e56c5	Matthew Grooms
257			/* Peer identity */
258
259	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "peeraddress")
260			$pconfig['peerid_data'] = "";
261
262	1f65618b	jim-p	// Only enforce peer ID if we are not dealing with a pure-psk mobile config.
263			if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) {
264			if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
265			$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
266	a93e56c5	Matthew Grooms
267	1f65618b	jim-p	if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
268			$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
269	a93e56c5	Matthew Grooms
270	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
271			$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
272	a93e56c5	Matthew Grooms
273	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
274			$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
275	a93e56c5	Matthew Grooms
276	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
277	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified.");
278	a93e56c5	Matthew Grooms
279	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
280	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified.");
281	a93e56c5	Matthew Grooms
282	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn")
283			if (is_domain($pconfig['peerid_data']) == false)
284	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified.");
285	a93e56c5	Matthew Grooms
286	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn") {
287			$user_fqdn = explode("@",$pconfig['peerid_data']);
288			if (is_domain($user_fqdn[1]) == false)
289	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.");
290	1f65618b	jim-p	}
291	a93e56c5	Matthew Grooms	}
292
293	3462a529	Matthew Grooms	if ($pconfig['dpd_enable']) {
294			if (!is_numeric($pconfig['dpd_delay']))
295	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD delay.");
296	a93e56c5	Matthew Grooms
297	3462a529	Matthew Grooms	if (!is_numeric($pconfig['dpd_maxfail']))
298	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD retries.");
299	a93e56c5	Matthew Grooms	}
300
301			/* build our encryption algorithms array */
302			$pconfig['ealgo'] = array();
303			$pconfig['ealgo']['name'] = $_POST['ealgo'];
304	3462a529	Matthew Grooms	if($pconfig['ealgo_keylen'])
305	a93e56c5	Matthew Grooms	$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
306
307			if (!$input_errors) {
308	3462a529	Matthew Grooms	$ph1ent['ikeid'] = $pconfig['ikeid'];
309			$ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
310	a93e56c5	Matthew Grooms	$ph1ent['interface'] = $pconfig['interface'];
311			/* if the remote gateway changed and the interface is not WAN then remove route */
312			/* the vpn_ipsec_configure() handles adding the route */
313	3462a529	Matthew Grooms	if ($pconfig['interface'] <> "wan") {
314	7fc26246	Seth Mos	if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
315	3acab378	smos	mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
316	a93e56c5	Matthew Grooms	}
317			}
318
319	3462a529	Matthew Grooms	if ($pconfig['mobile'])
320			$ph1ent['mobile'] = true;
321			else
322			$ph1ent['remote-gateway'] = $pconfig['remotegw'];
323
324			$ph1ent['mode'] = $pconfig['mode'];
325	e79b24ab	Seth Mos	$ph1ent['protocol'] = $pconfig['protocol'];
326	3462a529	Matthew Grooms
327			$ph1ent['myid_type'] = $pconfig['myid_type'];
328			$ph1ent['myid_data'] = $pconfig['myid_data'];
329			$ph1ent['peerid_type'] = $pconfig['peerid_type'];
330			$ph1ent['peerid_data'] = $pconfig['peerid_data'];
331	6d0f5a63	Renato Botelho	if (isset($pconfig['verify_identifier']))
332			$ph1ent['verify_identifier'] = true;
333			else
334			unset($ph1ent['verify_identifier']);
335	a93e56c5	Matthew Grooms
336			$ph1ent['encryption-algorithm'] = $pconfig['ealgo'];
337	3462a529	Matthew Grooms	$ph1ent['hash-algorithm'] = $pconfig['halgo'];
338			$ph1ent['dhgroup'] = $pconfig['dhgroup'];
339			$ph1ent['lifetime'] = $pconfig['lifetime'];
340			$ph1ent['pre-shared-key'] = $pconfig['pskey'];
341			$ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
342	73fbece8	mgrooms	$ph1ent['certref'] = $pconfig['certref'];
343	a22d475f	jim-p	$ph1ent['caref'] = $pconfig['caref'];
344	3462a529	Matthew Grooms	$ph1ent['authentication_method'] = $pconfig['authentication_method'];
345	5cd9e96a	jim-p	$ph1ent['generate_policy'] = $pconfig['generate_policy'];
346	812dd35d	jim-p	$ph1ent['proposal_check'] = $pconfig['proposal_check'];
347	3462a529	Matthew Grooms	$ph1ent['descr'] = $pconfig['descr'];
348			$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
349
350			if (isset($pconfig['dpd_enable'])) {
351			$ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
352			$ph1ent['dpd_maxfail'] = $pconfig['dpd_maxfail'];
353			}
354
355	a93e56c5	Matthew Grooms	/* generate unique phase1 ikeid */
356	d799787e	Matthew Grooms	if ($ph1ent['ikeid'] == 0)
357			$ph1ent['ikeid'] = ipsec_ikeid_next();
358	a93e56c5	Matthew Grooms
359			if (isset($p1index) && $a_phase1[$p1index])
360			$a_phase1[$p1index] = $ph1ent;
361			else
362			$a_phase1[] = $ph1ent;
363
364	647c7c48	Seth Mos	/* now we need to find all phase2 entries for this host */
365			if (is_array($a_phase2) && (count($a_phase2))) {
366			foreach ($a_phase2 as $phase2) {
367			if($phase2['ikeid'] == $ph1ent['ikeid']) {
368	7fc26246	Seth Mos	log_error("Reload {$ph1ent['descr']} tunnel(s)");
369	647c7c48	Seth Mos	$old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']);
370			$old_phase2 = $phase2;
371			reload_tunnel_spd_policy ($ph1ent, $phase2, $old_ph1ent, $old_phase2);
372			}
373			}
374			}
375	a93e56c5	Matthew Grooms	write_config();
376	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
377	a93e56c5	Matthew Grooms
378			header("Location: vpn_ipsec.php");
379			exit;
380			}
381			}
382
383	3462a529	Matthew Grooms	if ($pconfig['mobile'])
384	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client"));
385	3462a529	Matthew Grooms	else
386	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"));
387	b32dd0a6	jim-p	$shortcut_section = "ipsec";
388	6deedfde	jim-p
389	3462a529	Matthew Grooms
390	a93e56c5	Matthew Grooms	include("head.inc");
391
392			?>
393
394			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
395			<?php include("fbegin.inc"); ?>
396	c58a9ec3	N0YB	<script type="text/JavaScript">
397	a93e56c5	Matthew Grooms	<!--
398	3462a529	Matthew Grooms
399			function myidsel_change() {
400			index = document.iform.myid_type.selectedIndex;
401			value = document.iform.myid_type.options[index].value;
402			if (value == 'myaddress')
403	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'hidden';
404	3462a529	Matthew Grooms	else
405	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'visible';
406	3462a529	Matthew Grooms	}
407
408			function peeridsel_change() {
409			index = document.iform.peerid_type.selectedIndex;
410			value = document.iform.peerid_type.options[index].value;
411			if (value == 'peeraddress')
412	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'hidden';
413	3462a529	Matthew Grooms	else
414	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'visible';
415	6d0f5a63	Renato Botelho
416			if (value == 'asn1dn')
417			document.getElementById('opt_verify_identifier').style.visibility = 'visible';
418			else
419			document.getElementById('opt_verify_identifier').style.visibility = 'hidden';
420	3462a529	Matthew Grooms	}
421
422	a93e56c5	Matthew Grooms	function methodsel_change() {
423	3462a529	Matthew Grooms	index = document.iform.authentication_method.selectedIndex;
424			value = document.iform.authentication_method.options[index].value;
425
426			switch (value) {
427			case 'hybrid_rsa_server':
428	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = 'none';
429	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
430	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = '';
431	a22d475f	jim-p	document.getElementById('opt_ca').style.display = '';
432	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = false;
433			document.getElementById('opt_ca').disabled = false;
434	3462a529	Matthew Grooms	break;
435			case 'xauth_rsa_server':
436			case 'rsasig':
437	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = 'none';
438	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
439	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = '';
440	a22d475f	jim-p	document.getElementById('opt_ca').style.display = '';
441	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = false;
442			document.getElementById('opt_ca').disabled = false;
443	a93e56c5	Matthew Grooms	break;
444	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
445			case 'pre_shared_key':
446			document.getElementById('opt_psk').style.display = 'none';
447			document.getElementById('opt_peerid').style.display = 'none';
448			document.getElementById('opt_cert').style.display = 'none';
449	a22d475f	jim-p	document.getElementById('opt_ca').style.display = 'none';
450	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = true;
451			document.getElementById('opt_ca').disabled = true;
452	1f65618b	jim-p	break;
453			<?php } ?>
454	3462a529	Matthew Grooms	default: /* psk modes*/
455	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = '';
456	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
457	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = 'none';
458	a22d475f	jim-p	document.getElementById('opt_ca').style.display = 'none';
459	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = true;
460			document.getElementById('opt_ca').disabled = true;
461	a93e56c5	Matthew Grooms	break;
462			}
463			}
464
465			/* PHP generated java script for variable length keys */
466			function ealgosel_change(bits) {
467			switch (document.iform.ealgo.selectedIndex) {
468			<?php
469	ab2ccd9f	Renato Botelho	$i = 0;
470			foreach ($p1_ealgos as $algo => $algodata) {
471			if (is_array($algodata['keysel'])) {
472			echo " case {$i}:\n";
473			echo " document.iform.ealgo_keylen.style.visibility = 'visible';\n";
474			echo " document.iform.ealgo_keylen.options.length = 0;\n";
475			// echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
476
477			$key_hi = $algodata['keysel']['hi'];
478			$key_lo = $algodata['keysel']['lo'];
479			$key_step = $algodata['keysel']['step'];
480
481			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step)
482			echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n";
483			echo " break;\n";
484			} else {
485			echo " case {$i}:\n";
486			echo " document.iform.ealgo_keylen.style.visibility = 'hidden';\n";
487			echo " document.iform.ealgo_keylen.options.length = 0;\n";
488			echo " break;\n";
489			}
490			$i++;
491			}
492	a93e56c5	Matthew Grooms	?>
493			}
494
495			if( bits )
496			document.iform.ealgo_keylen.value = bits;
497			}
498	3462a529	Matthew Grooms
499	a93e56c5	Matthew Grooms	function dpdchkbox_change() {
500	5a3b0d3b	mgrooms	if( document.iform.dpd_enable.checked )
501			document.getElementById('opt_dpd').style.display = '';
502			else
503			document.getElementById('opt_dpd').style.display = 'none';
504	3462a529	Matthew Grooms
505			if (!document.iform.dpd_delay.value)
506			document.iform.dpd_delay.value = "10";
507
508			if (!document.iform.dpd_maxfail.value)
509			document.iform.dpd_maxfail.value = "5";
510	a93e56c5	Matthew Grooms	}
511	3462a529	Matthew Grooms
512	a93e56c5	Matthew Grooms	//-->
513			</script>
514	5a3b0d3b	mgrooms
515			<form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform">
516
517			<?php
518			if ($input_errors)
519			print_input_errors($input_errors);
520			?>
521
522			<table width="100%" border="0" cellpadding="0" cellspacing="0">
523			<tr class="tabnavtbl">
524			<td id="tabnav">
525			<?php
526			$tab_array = array();
527	2fbb33f1	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
528			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
529	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
530	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
531			?>
532			</td>
533			</tr>
534			<tr>
535			<td id="mainarea">
536			<div class="tabcont">
537			<table width="100%" border="0" cellpadding="6" cellspacing="0">
538			<tr>
539	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
540	5a3b0d3b	mgrooms	</tr>
541			<tr>
542	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
543	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
544	c58a9ec3	N0YB	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?>/>
545			<strong><?=gettext("Disable this phase1 entry"); ?></strong><br />
546	5a3b0d3b	mgrooms	<span class="vexpl">
547	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this phase1 without " .
548			"removing it from the list"); ?>.
549	5a3b0d3b	mgrooms	</span>
550			</td>
551			</tr>
552	e79b24ab	Seth Mos	<tr>
553			<td width="22%" valign="top" class="vncellreq"><?=gettext("Internet Protocol"); ?></td>
554			<td width="78%" class="vtable">
555			<select name="protocol" class="formselect">
556			<?php
557			$protocols = array("inet" => "IPv4", "inet6" => "IPv6");
558			foreach ($protocols as $protocol => $name):
559			?>
560	c58a9ec3	N0YB	<option value="<?=$protocol;?>" <?php if ($protocol == $pconfig['protocol']) echo "selected=\"selected\""; ?>>
561	e79b24ab	Seth Mos	<?=htmlspecialchars($name);?>
562			</option>
563			<?php endforeach; ?>
564	c58a9ec3	N0YB	</select> <br /> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
565	e79b24ab	Seth Mos	</td>
566			</tr>
567	5a3b0d3b	mgrooms	<tr>
568	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
569	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
570			<select name="interface" class="formselect">
571	ab2ccd9f	Renato Botelho	<?php
572	5a3b0d3b	mgrooms	$interfaces = get_configured_interface_with_descr();
573	6dbffeda	smos
574	abcb2bed	Ermal Lu?i	$carplist = get_configured_carp_interface_list();
575			foreach ($carplist as $cif => $carpip)
576	dd62256f	Pierre POMES	$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
577	6dbffeda	smos
578	25f6730a	Pierre POMES	$aliaslist = get_configured_ip_aliases_list();
579			foreach ($aliaslist as $aliasip => $aliasif)
580	96b4c29a	Pierre POMES	$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
581	6dbffeda	smos
582			$grouplist = return_gateway_groups_array();
583			foreach ($grouplist as $name => $group) {
584			if($group[0]['vip'] <> "")
585			$vipif = $group[0]['vip'];
586			else
587			$vipif = $group[0]['int'];
588			$interfaces[$name] = "GW Group {$name}";
589			}
590
591
592	5a3b0d3b	mgrooms	foreach ($interfaces as $iface => $ifacename):
593			?>
594	c58a9ec3	N0YB	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
595	5a3b0d3b	mgrooms	<?=htmlspecialchars($ifacename);?>
596			</option>
597			<?php endforeach; ?>
598			</select>
599	c58a9ec3	N0YB	<br />
600	2fbb33f1	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Select the interface for the local endpoint of this phase1 entry"); ?>.</span>
601	5a3b0d3b	mgrooms	</td>
602			</tr>
603
604			<?php if (!$pconfig['mobile']): ?>
605
606			<tr>
607	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote gateway"); ?></td>
608	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
609	c58a9ec3	N0YB	<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="28" value="<?=htmlspecialchars($pconfig['remotegw']);?>"/>
610			<br />
611	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Enter the public IP address or host name of the remote gateway"); ?>
612	5a3b0d3b	mgrooms	</td>
613			</tr>
614
615			<?php endif; ?>
616
617			<tr>
618	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
619	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
620	c58a9ec3	N0YB	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
621			<br />
622	5a3b0d3b	mgrooms	<span class="vexpl">
623	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
624			"for your reference (not parsed)"); ?>.
625	5a3b0d3b	mgrooms	</span>
626			</td>
627			</tr>
628			<tr>
629			<td colspan="2" class="list" height="12"></td>
630			</tr>
631			<tr>
632			<td colspan="2" valign="top" class="listtopic">
633	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Phase 1 proposal (Authentication)"); ?>
634	5a3b0d3b	mgrooms	</td>
635			</tr>
636	71d61aa5	jim-p	<tr>
637	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication method"); ?></td>
638	71d61aa5	jim-p	<td width="78%" class="vtable">
639	c58a9ec3	N0YB	<select name="authentication_method" class="formselect" onchange="methodsel_change()">
640	71d61aa5	jim-p	<?php
641			foreach ($p1_authentication_methods as $method_type => $method_params):
642			if (!$pconfig['mobile'] && $method_params['mobile'])
643			continue;
644			?>
645	c58a9ec3	N0YB	<option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected=\"selected\""; ?>>
646	71d61aa5	jim-p	<?=htmlspecialchars($method_params['name']);?>
647			</option>
648			<?php endforeach; ?>
649			</select>
650	c58a9ec3	N0YB	<br />
651	71d61aa5	jim-p	<span class="vexpl">
652	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
653	71d61aa5	jim-p	</span>
654			</td>
655			</tr>
656	5a3b0d3b	mgrooms	<tr>
657	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Negotiation mode"); ?></td>
658	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
659			<select name="mode" class="formselect">
660			<?php
661	d5d15542	jim-p	$modes = array("main","aggressive","base");
662	5a3b0d3b	mgrooms	foreach ($modes as $mode):
663			?>
664	c58a9ec3	N0YB	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['mode']) echo "selected=\"selected\""; ?>>
665	5a3b0d3b	mgrooms	<?=htmlspecialchars($mode);?>
666			</option>
667			<?php endforeach; ?>
668	c58a9ec3	N0YB	</select> <br /> <span class="vexpl"><?=gettext("Aggressive is more flexible, but less secure"); ?>.</span>
669	5a3b0d3b	mgrooms	</td>
670			</tr>
671			<tr>
672	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My identifier"); ?></td>
673	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
674	c58a9ec3	N0YB	<select name="myid_type" class="formselect" onchange="myidsel_change()">
675	5a3b0d3b	mgrooms	<?php foreach ($my_identifier_list as $id_type => $id_params): ?>
676	c58a9ec3	N0YB	<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['myid_type']) echo "selected=\"selected\""; ?>>
677	5a3b0d3b	mgrooms	<?=htmlspecialchars($id_params['desc']);?>
678			</option>
679			<?php endforeach; ?>
680			</select>
681	c58a9ec3	N0YB	<input name="myid_data" type="text" class="formfld unknown" id="myid_data" size="30" value="<?=htmlspecialchars($pconfig['myid_data']);?>"/>
682	5a3b0d3b	mgrooms	</td>
683			</tr>
684	1f65618b	jim-p	<tr id="opt_peerid">
685	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer identifier"); ?></td>
686	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
687	c58a9ec3	N0YB	<select name="peerid_type" class="formselect" onchange="peeridsel_change()">
688	5a3b0d3b	mgrooms	<?php
689			foreach ($peer_identifier_list as $id_type => $id_params):
690			if ($pconfig['mobile'] && !$id_params['mobile'])
691			continue;
692			?>
693	c58a9ec3	N0YB	<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected=\"selected\""; ?>>
694	5a3b0d3b	mgrooms	<?=htmlspecialchars($id_params['desc']);?>
695			</option>
696			<?php endforeach; ?>
697			</select>
698	c58a9ec3	N0YB	<input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=htmlspecialchars($pconfig['peerid_data']);?>"/>
699	6d0f5a63	Renato Botelho	<span id="opt_verify_identifier">
700			<input id="verify_identifier" name="verify_identifier" type="checkbox" value="yes" <?php if ($pconfig['verify_identifier']) echo "checked=\"checked\""; ?> />
701			<span class="vexpl"><?=gettext("Verify peer's identifier"); ?>.</span>
702			</span>
703	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
704	2fbb33f1	Carlos Eduardo Ramos	<br/><br/><?=gettext("NOTE: This is known as the \"group\" setting on some VPN client implementations"); ?>.
705	1f65618b	jim-p	<?php } ?>
706	5a3b0d3b	mgrooms	</td>
707			</tr>
708	71d61aa5	jim-p	<tr id="opt_psk">
709	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
710	71d61aa5	jim-p	<td width="78%" class="vtable">
711			<?=$mandfldhtml;?>
712	c58a9ec3	N0YB	<input name="pskey" type="text" class="formfld unknown" id="pskey" size="40" value="<?=htmlspecialchars($pconfig['pskey']);?>"/>
713	71d61aa5	jim-p	<span class="vexpl">
714	c58a9ec3	N0YB	<br />
715	2a2b247b	jim-p	<?=gettext("Input your Pre-Shared Key string"); ?>.
716	71d61aa5	jim-p	</span>
717			</td>
718			</tr>
719	5cd9e96a	jim-p	<tr id="generate_policy">
720			<td width="22%" valign="top" class="vncellreq"><?=gettext("Policy Generation"); ?></td>
721			<td width="78%" class="vtable">
722			<select name="generate_policy" class="formselect">
723	c58a9ec3	N0YB	<option value="" <?php if (empty($pconfig['generate_policy'])) echo "selected=\"selected\""; ?>>Default</option>
724			<option value="on" <?php if ($pconfig['generate_policy'] == "on") echo "selected=\"selected\""; ?>>On</option>
725			<option value="off" <?php if ($pconfig['generate_policy'] == "off") echo "selected=\"selected\""; ?>>Off</option>
726			<option value="require" <?php if ($pconfig['generate_policy'] == "require") echo "selected=\"selected\""; ?>>Require</option>
727			<option value="unique" <?php if ($pconfig['generate_policy'] == "unique") echo "selected=\"selected\""; ?>>Unique</option>
728	5cd9e96a	jim-p	</select>
729	c58a9ec3	N0YB	<br />
730	5cd9e96a	jim-p	<span class="vexpl">
731			<?=gettext("When working as a responder (as with mobile clients), this controls how policies are generated based on SA proposals."); ?>
732			</span>
733			</td>
734			</tr>
735	812dd35d	jim-p	<tr id="proposal_check">
736			<td width="22%" valign="top" class="vncellreq"><?=gettext("Proposal Checking"); ?></td>
737			<td width="78%" class="vtable">
738			<select name="proposal_check" class="formselect">
739	c58a9ec3	N0YB	<option value="" <?php if (empty($pconfig['proposal_check'])) echo "selected=\"selected\""; ?>>Default</option>
740			<option value="obey" <?php if ($pconfig['proposal_check'] == "obey") echo "selected=\"selected\""; ?>>Obey</option>
741			<option value="strict" <?php if ($pconfig['proposal_check'] == "strict") echo "selected=\"selected\""; ?>>Strict</option>
742			<option value="claim" <?php if ($pconfig['proposal_check'] == "claim") echo "selected=\"selected\""; ?>>Claim</option>
743			<option value="exact" <?php if ($pconfig['proposal_check'] == "exact") echo "selected=\"selected\""; ?>>Exact</option>
744	812dd35d	jim-p	</select>
745	c58a9ec3	N0YB	<br />
746	812dd35d	jim-p	<span class="vexpl">
747			<?=gettext("Specifies the action of lifetime length, key length, and PFS of the phase 2 selection on the responder side, and the action of lifetime check in phase 1."); ?>
748			</span>
749			</td>
750			</tr>
751	5a3b0d3b	mgrooms	<tr>
752	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
753	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
754	c58a9ec3	N0YB	<select name="ealgo" class="formselect" onchange="ealgosel_change()">
755	5a3b0d3b	mgrooms	<?php
756			foreach ($p1_ealgos as $algo => $algodata):
757			$selected = '';
758			if ($algo == $pconfig['ealgo']['name'])
759	c58a9ec3	N0YB	$selected = 'selected="selected"';
760	5a3b0d3b	mgrooms	?>
761	c58a9ec3	N0YB	<option value="<?=$algo;?>" <?=$selected?>>
762	5a3b0d3b	mgrooms	<?=htmlspecialchars($algodata['name']);?>
763			</option>
764			<?php endforeach; ?>
765			</select>
766	c58a9ec3	N0YB	<select name="ealgo_keylen" style="width:30" class="formselect">
767			<option></option>
768	5a3b0d3b	mgrooms	</select>
769			</td>
770			</tr>
771			<tr>
772	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithm"); ?></td>
773	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
774			<select name="halgo" class="formselect">
775			<?php foreach ($p1_halgos as $algo => $algoname): ?>
776	c58a9ec3	N0YB	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['halgo']) echo "selected=\"selected\""; ?>>
777	5a3b0d3b	mgrooms	<?=htmlspecialchars($algoname);?>
778			</option>
779			<?php endforeach; ?>
780			</select>
781	c58a9ec3	N0YB	<br />
782	5a3b0d3b	mgrooms	<span class="vexpl">
783	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
784	5a3b0d3b	mgrooms	</span>
785			</td>
786			</tr>
787			<tr>
788	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH key group"); ?></td>
789	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
790			<select name="dhgroup" class="formselect">
791	665340db	jim-p	<?php foreach ($p1_dhgroups as $keygroup => $keygroupname): ?>
792	c58a9ec3	N0YB	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['dhgroup']) echo "selected=\"selected\""; ?>>
793	665340db	jim-p	<?=htmlspecialchars($keygroupname);?>
794	5a3b0d3b	mgrooms	</option>
795			<?php endforeach; ?>
796			</select>
797	c58a9ec3	N0YB	<br />
798	5a3b0d3b	mgrooms	<span class="vexpl">
799	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
800	5a3b0d3b	mgrooms	</span>
801			</td>
802			</tr>
803			<tr>
804	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
805	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
806	c58a9ec3	N0YB	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
807	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
808	5a3b0d3b	mgrooms	</td>
809			</tr>
810	73fbece8	mgrooms	<tr id="opt_cert">
811	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td>
812	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
813	73fbece8	mgrooms	<select name='certref' class="formselect">
814			<?php
815	b4e6524c	jim-p	foreach ($config['cert'] as $cert):
816	73fbece8	mgrooms	$selected = "";
817			if ($pconfig['certref'] == $cert['refid'])
818	c58a9ec3	N0YB	$selected = "selected=\"selected\"";
819	73fbece8	mgrooms	?>
820	f2a86ca9	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option>
821	73fbece8	mgrooms	<?php endforeach; ?>
822			</select>
823	c58a9ec3	N0YB	<br />
824	73fbece8	mgrooms	<span class="vexpl">
825	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>.
826	73fbece8	mgrooms	</span>
827	5a3b0d3b	mgrooms	</td>
828			</tr>
829	a22d475f	jim-p	<tr id="opt_ca">
830			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
831			<td width="78%" class="vtable">
832			<select name='caref' class="formselect">
833			<?php
834	b4e6524c	jim-p	foreach ($config['ca'] as $ca):
835	a22d475f	jim-p	$selected = "";
836			if ($pconfig['caref'] == $ca['refid'])
837	c58a9ec3	N0YB	$selected = "selected=\"selected\"";
838	a22d475f	jim-p	?>
839	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
840	a22d475f	jim-p	<?php endforeach; ?>
841			</select>
842	c58a9ec3	N0YB	<br />
843	a22d475f	jim-p	<span class="vexpl">
844			<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
845			</span>
846			</td>
847			</tr>
848	5a3b0d3b	mgrooms	<tr>
849			<td colspan="2" class="list" height="12"></td>
850			</tr>
851			<tr>
852	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
853	5a3b0d3b	mgrooms	</tr>
854			<tr>
855	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT Traversal"); ?></td>
856	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
857			<select name="nat_traversal" class="formselect">
858	c58a9ec3	N0YB	<option value="off" <?php if ($pconfig['nat_traversal'] == "off") echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
859			<option value="on" <?php if ($pconfig['nat_traversal'] == "on") echo "selected=\"selected\""; ?>><?=gettext("Enable"); ?></option>
860			<option value="force" <?php if ($pconfig['nat_traversal'] == "force") echo "selected=\"selected\""; ?>><?=gettext("Force"); ?></option>
861	5a3b0d3b	mgrooms	</select>
862			<br/>
863			<span class="vexpl">
864	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed, " .
865			"which can help with clients that are behind restrictive firewalls"); ?>.
866	5a3b0d3b	mgrooms	</span>
867			</td>
868			</tr>
869			<tr>
870	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dead Peer Detection"); ?></td>
871	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
872	c58a9ec3	N0YB	<input name="dpd_enable" type="checkbox" id="dpd_enable" value="yes" <?php if (isset($pconfig['dpd_enable'])) echo "checked=\"checked\""; ?> onclick="dpdchkbox_change()"/>
873			<?=gettext("Enable DPD"); ?><br />
874	5a3b0d3b	mgrooms	<div id="opt_dpd">
875	c58a9ec3	N0YB	<br />
876			<input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=htmlspecialchars($pconfig['dpd_delay']);?>"/>
877			<?=gettext("seconds"); ?><br />
878	5a3b0d3b	mgrooms	<span class="vexpl">
879	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Delay between requesting peer acknowledgement"); ?>.
880	c58a9ec3	N0YB	</span><br />
881			<br />
882			<input name="dpd_maxfail" type="text" class="formfld unknown" id="dpd_maxfail" size="5" value="<?=htmlspecialchars($pconfig['dpd_maxfail']);?>"/>
883			<?=gettext("retries"); ?><br />
884	5a3b0d3b	mgrooms	<span class="vexpl">
885	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Number of consecutive failures allowed before disconnect"); ?>.
886	5a3b0d3b	mgrooms	</span>
887	c58a9ec3	N0YB	<br />
888	5a3b0d3b	mgrooms	</div>
889			</td>
890			</tr>
891			<tr>
892			<td width="22%" valign="top"> </td>
893			<td width="78%">
894			<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
895	0e6cf71b	Renato Botelho	<input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>"/>
896	5a3b0d3b	mgrooms	<?php endif; ?>
897			<?php if ($pconfig['mobile']): ?>
898	c58a9ec3	N0YB	<input name="mobile" type="hidden" value="true"/>
899	5a3b0d3b	mgrooms	<?php endif; ?>
900	c58a9ec3	N0YB	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>"/>
901			<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"/>
902	5a3b0d3b	mgrooms	</td>
903			</tr>
904			</table>
905			</div>
906			</td>
907			</tr>
908			</table>
909	a93e56c5	Matthew Grooms	</form>
910	5a3b0d3b	mgrooms
911	c58a9ec3	N0YB	<script type="text/JavaScript">
912	a93e56c5	Matthew Grooms	<!--
913			<?php
914			/* determine if we should init the key length */
915			$keyset = '';
916			if (isset($pconfig['ealgo']['keylen']))
917			if (is_numeric($pconfig['ealgo']['keylen']))
918			$keyset = $pconfig['ealgo']['keylen'];
919			?>
920	3462a529	Matthew Grooms	myidsel_change();
921			peeridsel_change();
922	a93e56c5	Matthew Grooms	methodsel_change();
923			ealgosel_change(<?=$keyset;?>);
924			dpdchkbox_change();
925			//-->
926			</script>
927			<?php include("fend.inc"); ?>
928	3462a529	Matthew Grooms	</body>
929			</html>

Project

General

Profile

pfSense