Project

General

Profile

Download (33.7 KB) Statistics
| Branch: | Tag: | Revision:
1 a93e56c5 Matthew Grooms
<?php
2
/*
3
	vpn_ipsec_phase1.php
4
	part of m0n0wall (http://m0n0.ch/wall)
5
6
	Copyright (C) 2008 Shrew Soft Inc
7
	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8
	All rights reserved.
9
10
	Redistribution and use in source and binary forms, with or without
11
	modification, are permitted provided that the following conditions are met:
12
13
	1. Redistributions of source code must retain the above copyright notice,
14
	   this list of conditions and the following disclaimer.
15
16
	2. Redistributions in binary form must reproduce the above copyright
17
	   notice, this list of conditions and the following disclaimer in the
18
	   documentation and/or other materials provided with the distribution.
19
20
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29
	POSSIBILITY OF SUCH DAMAGE.
30
*/
31
32 6b07c15a Matthew Grooms
##|+PRIV
33
##|*IDENT=page-vpn-ipsec-editphase1
34
##|*NAME=VPN: IPsec: Edit Phase 1 page
35
##|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 1' page.
36
##|*MATCH=vpn_ipsec_phase1.php*
37
##|-PRIV
38
39 0f84b741 Scott Ullrich
require("functions.inc");
40 a93e56c5 Matthew Grooms
require("guiconfig.inc");
41 483e6de8 Scott Ullrich
require_once("ipsec.inc");
42
require_once("vpn.inc");
43 a93e56c5 Matthew Grooms
44
if (!is_array($config['ipsec']['phase1']))
45
	$config['ipsec']['phase1'] = array();
46
47 647c7c48 Seth Mos
if (!is_array($config['ipsec']['phase2']))
48
	$config['ipsec']['phase2'] = array();
49
50 a93e56c5 Matthew Grooms
$a_phase1 = &$config['ipsec']['phase1'];
51 647c7c48 Seth Mos
$a_phase2 = &$config['ipsec']['phase2'];
52 a93e56c5 Matthew Grooms
53 e41ec584 Renato Botelho
if (is_numericint($_GET['p1index']))
54
	$p1index = $_GET['p1index'];
55 9caf5eca Renato Botelho
if (isset($_POST['p1index']) && is_numericint($_POST['p1index']))
56 a93e56c5 Matthew Grooms
	$p1index = $_POST['p1index'];
57
58 e41ec584 Renato Botelho
if (isset($_GET['dup']) && is_numericint($_GET['dup']))
59 a93e56c5 Matthew Grooms
	$p1index = $_GET['dup'];
60
61 fad728ab sullrich
if (isset($p1index) && $a_phase1[$p1index]) {
62 99bbd213 Matthew Grooms
	// don't copy the ikeid on dup
63 e41ec584 Renato Botelho
	if (!isset($_GET['dup']) || !is_numericint($_GET['dup']))
64 99bbd213 Matthew Grooms
		$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
65 7fc26246 Seth Mos
66 647c7c48 Seth Mos
	$old_ph1ent = $a_phase1[$p1index];
67 99bbd213 Matthew Grooms
68 a93e56c5 Matthew Grooms
	$pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']);
69
70
	if ($a_phase1[$p1index]['interface'])
71
		$pconfig['interface'] = $a_phase1[$p1index]['interface'];
72
	else
73
		$pconfig['interface'] = "wan";
74
75
	list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
76 3462a529 Matthew Grooms
77
	if (isset($a_phase1[$p1index]['mobile']))
78
		$pconfig['mobile'] = 'true';
79
	else
80
		$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
81
82 20452c68 Ermal
	$pconfig['iketype'] = $a_phase1[$p1index]['iketype'];
83 a93e56c5 Matthew Grooms
	$pconfig['mode'] = $a_phase1[$p1index]['mode'];
84 e79b24ab Seth Mos
	$pconfig['protocol'] = $a_phase1[$p1index]['protocol'];
85 a93e56c5 Matthew Grooms
	$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
86
	$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data'];
87
	$pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type'];
88
	$pconfig['peerid_data'] = $a_phase1[$p1index]['peerid_data'];
89
	$pconfig['ealgo'] = $a_phase1[$p1index]['encryption-algorithm'];
90
	$pconfig['halgo'] = $a_phase1[$p1index]['hash-algorithm'];
91
	$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup'];
92
	$pconfig['lifetime'] = $a_phase1[$p1index]['lifetime'];
93
	$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
94 4e2af464 Matthew Grooms
95 ab2ccd9f Renato Botelho
	if (($pconfig['authentication_method'] == "pre_shared_key") ||
96 4e2af464 Matthew Grooms
		($pconfig['authentication_method'] == "xauth_psk_server")) {
97
		$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
98
	} else {
99 73fbece8 mgrooms
		$pconfig['certref'] = $a_phase1[$p1index]['certref'];
100 a22d475f jim-p
		$pconfig['caref'] = $a_phase1[$p1index]['caref'];
101 4e2af464 Matthew Grooms
	}
102 a93e56c5 Matthew Grooms
103
	$pconfig['descr'] = $a_phase1[$p1index]['descr'];
104
	$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
105 3462a529 Matthew Grooms
106
	if ($a_phase1[$p1index]['dpd_delay'] &&	$a_phase1[$p1index]['dpd_maxfail']) {
107
		$pconfig['dpd_enable'] = true;
108
		$pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay'];
109
		$pconfig['dpd_maxfail'] = $a_phase1[$p1index]['dpd_maxfail'];
110
	}
111 fad728ab sullrich
} else {
112 a93e56c5 Matthew Grooms
	/* defaults */
113
	$pconfig['interface'] = "wan";
114 ab2ccd9f Renato Botelho
	if($config['interfaces']['lan'])
115 a93e56c5 Matthew Grooms
		$pconfig['localnet'] = "lan";
116
	$pconfig['mode'] = "aggressive";
117 e79b24ab Seth Mos
	$pconfig['protocol'] = "inet";
118 a93e56c5 Matthew Grooms
	$pconfig['myid_type'] = "myaddress";
119
	$pconfig['peerid_type'] = "peeraddress";
120
	$pconfig['authentication_method'] = "pre_shared_key";
121
	$pconfig['ealgo'] = array( name => "3des" );
122
	$pconfig['halgo'] = "sha1";
123
	$pconfig['dhgroup'] = "2";
124
	$pconfig['lifetime'] = "28800";
125
	$pconfig['nat_traversal'] = "on";
126 3462a529 Matthew Grooms
	$pconfig['dpd_enable'] = true;
127 20452c68 Ermal
	$pconfig['iketype'] = "ikev1";
128 3462a529 Matthew Grooms
129
	/* mobile client */
130
	if($_GET['mobile'])
131
		$pconfig['mobile']=true;
132 a93e56c5 Matthew Grooms
}
133
134 e41ec584 Renato Botelho
if (isset($_GET['dup']) && is_numericint($_GET['dup']))
135 a93e56c5 Matthew Grooms
	unset($p1index);
136
137
if ($_POST) {
138
	unset($input_errors);
139
	$pconfig = $_POST;
140
141
	/* input validation */
142 3462a529 Matthew Grooms
143
	$method = $pconfig['authentication_method'];
144 f27526cd Evgeny Yurchenko
	// Unset ca and cert if not required to avaoid storing in config
145 c7a7a4ee Ermal Luçi
	if ($method == "pre_shared_key" || $method == "xauth_psk_server"){
146 ab2ccd9f Renato Botelho
		unset($pconfig['caref']);
147
		unset($pconfig['certref']);
148 f27526cd Evgeny Yurchenko
	}
149 99642234 jim-p
150 1f65618b jim-p
	// Only require PSK here for normal PSK tunnels (not mobile) or xauth.
151 0a7c9c8e jim-p
	// For RSA methods, require the CA/Cert.
152 99642234 jim-p
	switch ($method) {
153
		case "pre_shared_key":
154 ab2ccd9f Renato Botelho
			// If this is a mobile PSK tunnel the user PSKs go on
155 0a7c9c8e jim-p
			//    the PSK tab, not here, so skip the check.
156 99642234 jim-p
			if ($pconfig['mobile'])
157
				break;
158
		case "xauth_psk_server":
159
			$reqdfields = explode(" ", "pskey");
160
			$reqdfieldsn = array(gettext("Pre-Shared Key"));
161
			break;
162
		case "hybrid_rsa_server":
163
		case "xauth_rsa_server":
164
		case "rsasig":
165
			$reqdfields = explode(" ", "caref certref");
166
			$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
167
			break;
168 a93e56c5 Matthew Grooms
	}
169 3462a529 Matthew Grooms
	if (!$pconfig['mobile']) {
170
		$reqdfields[] = "remotegw";
171 2fbb33f1 Carlos Eduardo Ramos
		$reqdfieldsn[] = gettext("Remote gateway");
172 3462a529 Matthew Grooms
	}
173 a93e56c5 Matthew Grooms
174 1e9b4611 Renato Botelho
	do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
175 a93e56c5 Matthew Grooms
176 3462a529 Matthew Grooms
	if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
177 2fbb33f1 Carlos Eduardo Ramos
		$input_errors[] = gettext("The P1 lifetime must be an integer.");
178 a93e56c5 Matthew Grooms
179 e4ffca08 Renato Botelho
	if ($pconfig['remotegw']) {
180
		if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw']))
181
			$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
182
		elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet"))
183
			$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6");
184
		elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6"))
185
			$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4");
186
	}
187 a93e56c5 Matthew Grooms
188 3462a529 Matthew Grooms
	if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
189 a93e56c5 Matthew Grooms
		$t = 0;
190
		foreach ($a_phase1 as $ph1tmp) {
191
			if ($p1index <> $t) {
192
				$tremotegw = $pconfig['remotegw'];
193
				if (($ph1tmp['remote-gateway'] == $tremotegw) && !isset($ph1tmp['disabled'])) {
194 ddc55e12 Erik Fonnesbeck
					$input_errors[] = sprintf(gettext('The remote gateway "%1$s" is already used by phase1 "%2$s".'), $tremotegw, $ph1tmp['descr']);
195 a93e56c5 Matthew Grooms
				}
196
			}
197
			$t++;
198
		}
199
	}
200
201 e4ffca08 Renato Botelho
	if (is_array($a_phase2) && (count($a_phase2))) {
202
		foreach ($a_phase2 as $phase2) {
203
			if($phase2['ikeid'] == $pconfig['ikeid']) {
204
				if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) {
205
					$input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4.");
206
					break;
207
				}
208
				if (($pconfig['protocol'] == "inet6") && ($phase2['mode'] == "tunnel")) {
209
					$input_errors[] = gettext("There is a Phase 2 using IPv4, you cannot use IPv6.");
210
					break;
211
				}
212
			}
213
		}
214
	}
215
216 a93e56c5 Matthew Grooms
	/* My identity */
217
218 3462a529 Matthew Grooms
	if ($pconfig['myid_type'] == "myaddress")
219
		$pconfig['myid_data'] = "";
220 a93e56c5 Matthew Grooms
221 3462a529 Matthew Grooms
	if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
222 a93e56c5 Matthew Grooms
		$input_errors[] = gettext("Please enter an address for 'My Identifier'");
223
224 3462a529 Matthew Grooms
	if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
225 a93e56c5 Matthew Grooms
		$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
226
227 3462a529 Matthew Grooms
	if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
228 a93e56c5 Matthew Grooms
		$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
229
230 3462a529 Matthew Grooms
	if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
231 a93e56c5 Matthew Grooms
		$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
232
233 3462a529 Matthew Grooms
	if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
234 a93e56c5 Matthew Grooms
		$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
235
236 3462a529 Matthew Grooms
	if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
237 2fbb33f1 Carlos Eduardo Ramos
		$input_errors[] = gettext("A valid IP address for 'My identifier' must be specified.");
238 a93e56c5 Matthew Grooms
239 3462a529 Matthew Grooms
	if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
240 2fbb33f1 Carlos Eduardo Ramos
		$input_errors[] = gettext("A valid domain name for 'My identifier' must be specified.");
241 a93e56c5 Matthew Grooms
242 3462a529 Matthew Grooms
	if ($pconfig['myid_type'] == "fqdn")
243
		if (is_domain($pconfig['myid_data']) == false)
244 2fbb33f1 Carlos Eduardo Ramos
			$input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified.");
245 a93e56c5 Matthew Grooms
246 3462a529 Matthew Grooms
	if ($pconfig['myid_type'] == "user_fqdn") {
247
		$user_fqdn = explode("@",$pconfig['myid_data']);
248 a93e56c5 Matthew Grooms
		if (is_domain($user_fqdn[1]) == false)
249 2fbb33f1 Carlos Eduardo Ramos
			$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.");
250 a93e56c5 Matthew Grooms
	}
251
252 3462a529 Matthew Grooms
	if ($pconfig['myid_type'] == "dyn_dns")
253
		if (is_domain($pconfig['myid_data']) == false)
254 2fbb33f1 Carlos Eduardo Ramos
			$input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified.");
255 a93e56c5 Matthew Grooms
256
	/* Peer identity */
257
258 3462a529 Matthew Grooms
	if ($pconfig['myid_type'] == "peeraddress")
259
		$pconfig['peerid_data'] = "";
260
261 1f65618b jim-p
	// Only enforce peer ID if we are not dealing with a pure-psk mobile config.
262
	if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) {
263
		if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
264
			$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
265 a93e56c5 Matthew Grooms
266 1f65618b jim-p
		if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
267
			$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
268 a93e56c5 Matthew Grooms
269 1f65618b jim-p
		if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
270
			$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
271 a93e56c5 Matthew Grooms
272 1f65618b jim-p
		if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
273
			$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
274 a93e56c5 Matthew Grooms
275 1f65618b jim-p
		if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
276 2fbb33f1 Carlos Eduardo Ramos
			$input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified.");
277 a93e56c5 Matthew Grooms
278 1f65618b jim-p
		if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
279 2fbb33f1 Carlos Eduardo Ramos
			$input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified.");
280 a93e56c5 Matthew Grooms
281 1f65618b jim-p
		if ($pconfig['peerid_type'] == "fqdn")
282
			if (is_domain($pconfig['peerid_data']) == false)
283 2fbb33f1 Carlos Eduardo Ramos
				$input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified.");
284 a93e56c5 Matthew Grooms
285 1f65618b jim-p
		if ($pconfig['peerid_type'] == "user_fqdn") {
286
			$user_fqdn = explode("@",$pconfig['peerid_data']);
287
			if (is_domain($user_fqdn[1]) == false)
288 2fbb33f1 Carlos Eduardo Ramos
				$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.");
289 1f65618b jim-p
		}
290 a93e56c5 Matthew Grooms
	}
291
292 3462a529 Matthew Grooms
	if ($pconfig['dpd_enable']) {
293
		if (!is_numeric($pconfig['dpd_delay']))
294 2fbb33f1 Carlos Eduardo Ramos
			$input_errors[] = gettext("A numeric value must be specified for DPD delay.");
295 a93e56c5 Matthew Grooms
296 3462a529 Matthew Grooms
		if (!is_numeric($pconfig['dpd_maxfail']))
297 2fbb33f1 Carlos Eduardo Ramos
			$input_errors[] = gettext("A numeric value must be specified for DPD retries.");
298 a93e56c5 Matthew Grooms
	}
299
300 20452c68 Ermal
	if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2")
301
		$input_errors[] = gettext("Valid arguments for IKE type is v1 or v2");
302
303 a93e56c5 Matthew Grooms
	/* build our encryption algorithms array */
304
	$pconfig['ealgo'] = array();
305
	$pconfig['ealgo']['name'] = $_POST['ealgo'];
306 3462a529 Matthew Grooms
	if($pconfig['ealgo_keylen'])
307 a93e56c5 Matthew Grooms
		$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
308
309
	if (!$input_errors) {
310 3462a529 Matthew Grooms
		$ph1ent['ikeid'] = $pconfig['ikeid'];
311 20452c68 Ermal
		$ph1ent['iketype'] = $pconfig['iketype'];
312 3462a529 Matthew Grooms
		$ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
313 a93e56c5 Matthew Grooms
		$ph1ent['interface'] = $pconfig['interface'];
314
		/* if the remote gateway changed and the interface is not WAN then remove route */
315
		/* the vpn_ipsec_configure() handles adding the route */
316 3462a529 Matthew Grooms
		if ($pconfig['interface'] <> "wan") {
317 7fc26246 Seth Mos
			if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
318 3acab378 smos
				mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
319 a93e56c5 Matthew Grooms
			}
320
		}
321
322 3462a529 Matthew Grooms
		if ($pconfig['mobile'])
323
			$ph1ent['mobile'] = true;
324
		else
325
			$ph1ent['remote-gateway'] = $pconfig['remotegw'];
326
327
		$ph1ent['mode'] = $pconfig['mode'];
328 e79b24ab Seth Mos
		$ph1ent['protocol'] = $pconfig['protocol'];
329 3462a529 Matthew Grooms
330
		$ph1ent['myid_type'] = $pconfig['myid_type'];
331
		$ph1ent['myid_data'] = $pconfig['myid_data'];
332
		$ph1ent['peerid_type'] = $pconfig['peerid_type'];
333
		$ph1ent['peerid_data'] = $pconfig['peerid_data'];
334 a93e56c5 Matthew Grooms
335
		$ph1ent['encryption-algorithm'] = $pconfig['ealgo'];
336 3462a529 Matthew Grooms
		$ph1ent['hash-algorithm'] = $pconfig['halgo'];
337
		$ph1ent['dhgroup'] = $pconfig['dhgroup'];
338
		$ph1ent['lifetime'] = $pconfig['lifetime'];
339
		$ph1ent['pre-shared-key'] = $pconfig['pskey'];
340
		$ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
341 73fbece8 mgrooms
		$ph1ent['certref'] = $pconfig['certref'];
342 a22d475f jim-p
		$ph1ent['caref'] = $pconfig['caref'];
343 3462a529 Matthew Grooms
		$ph1ent['authentication_method'] = $pconfig['authentication_method'];
344
		$ph1ent['descr'] = $pconfig['descr'];
345
		$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
346
347
		if (isset($pconfig['dpd_enable'])) {
348
			$ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
349
			$ph1ent['dpd_maxfail'] = $pconfig['dpd_maxfail'];
350
		}
351
352 a93e56c5 Matthew Grooms
		/* generate unique phase1 ikeid */
353 d799787e Matthew Grooms
		if ($ph1ent['ikeid'] == 0)
354
			$ph1ent['ikeid'] = ipsec_ikeid_next();
355 a93e56c5 Matthew Grooms
356
		if (isset($p1index) && $a_phase1[$p1index])
357
			$a_phase1[$p1index] = $ph1ent;
358
		else
359
			$a_phase1[] = $ph1ent;
360
361
		write_config();
362 a368a026 Ermal Lu?i
		mark_subsystem_dirty('ipsec');
363 a93e56c5 Matthew Grooms
364
		header("Location: vpn_ipsec.php");
365
		exit;
366
	}
367
}
368
369 3462a529 Matthew Grooms
if ($pconfig['mobile'])
370 2fbb33f1 Carlos Eduardo Ramos
	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client"));
371 3462a529 Matthew Grooms
else
372 2fbb33f1 Carlos Eduardo Ramos
	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"));
373 b32dd0a6 jim-p
$shortcut_section = "ipsec";
374 6deedfde jim-p
375 3462a529 Matthew Grooms
376 a93e56c5 Matthew Grooms
include("head.inc");
377
378
?>
379
380
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
381
<?php include("fbegin.inc"); ?>
382 91f026b0 ayvis
<script type="text/javascript">
383 a0fca224 Colin Fleming
//<![CDATA[
384 3462a529 Matthew Grooms
385
function myidsel_change() {
386
	index = document.iform.myid_type.selectedIndex;
387
	value = document.iform.myid_type.options[index].value;
388
	if (value == 'myaddress')
389 5a3b0d3b mgrooms
			document.getElementById('myid_data').style.visibility = 'hidden';
390 3462a529 Matthew Grooms
	else
391 5a3b0d3b mgrooms
			document.getElementById('myid_data').style.visibility = 'visible';
392 3462a529 Matthew Grooms
}
393
394
function peeridsel_change() {
395
	index = document.iform.peerid_type.selectedIndex;
396
	value = document.iform.peerid_type.options[index].value;
397
	if (value == 'peeraddress')
398 5a3b0d3b mgrooms
			document.getElementById('peerid_data').style.visibility = 'hidden';
399 3462a529 Matthew Grooms
	else
400 5a3b0d3b mgrooms
			document.getElementById('peerid_data').style.visibility = 'visible';
401 3462a529 Matthew Grooms
}
402
403 a93e56c5 Matthew Grooms
function methodsel_change() {
404 3462a529 Matthew Grooms
	index = document.iform.authentication_method.selectedIndex;
405
	value = document.iform.authentication_method.options[index].value;
406
407
	switch (value) {
408
		case 'hybrid_rsa_server':
409 5a3b0d3b mgrooms
			document.getElementById('opt_psk').style.display = 'none';
410 1f65618b jim-p
			document.getElementById('opt_peerid').style.display = '';
411 73fbece8 mgrooms
			document.getElementById('opt_cert').style.display = '';
412 a22d475f jim-p
			document.getElementById('opt_ca').style.display = '';
413 a2eec62a jim-p
			document.getElementById('opt_cert').disabled = false;
414
			document.getElementById('opt_ca').disabled = false;
415 3462a529 Matthew Grooms
			break;
416
		case 'xauth_rsa_server':
417
		case 'rsasig':
418 5a3b0d3b mgrooms
			document.getElementById('opt_psk').style.display = 'none';
419 1f65618b jim-p
			document.getElementById('opt_peerid').style.display = '';
420 73fbece8 mgrooms
			document.getElementById('opt_cert').style.display = '';
421 a22d475f jim-p
			document.getElementById('opt_ca').style.display = '';
422 a2eec62a jim-p
			document.getElementById('opt_cert').disabled = false;
423
			document.getElementById('opt_ca').disabled = false;
424 a93e56c5 Matthew Grooms
			break;
425 1f65618b jim-p
<?php if ($pconfig['mobile']) { ?>
426
		case 'pre_shared_key':
427
			document.getElementById('opt_psk').style.display = 'none';
428
			document.getElementById('opt_peerid').style.display = 'none';
429
			document.getElementById('opt_cert').style.display = 'none';
430 a22d475f jim-p
			document.getElementById('opt_ca').style.display = 'none';
431 a2eec62a jim-p
			document.getElementById('opt_cert').disabled = true;
432
			document.getElementById('opt_ca').disabled = true;
433 1f65618b jim-p
			break;
434
<?php } ?>
435 3462a529 Matthew Grooms
		default: /* psk modes*/
436 5a3b0d3b mgrooms
			document.getElementById('opt_psk').style.display = '';
437 1f65618b jim-p
			document.getElementById('opt_peerid').style.display = '';
438 73fbece8 mgrooms
			document.getElementById('opt_cert').style.display = 'none';
439 a22d475f jim-p
			document.getElementById('opt_ca').style.display = 'none';
440 a2eec62a jim-p
			document.getElementById('opt_cert').disabled = true;
441
			document.getElementById('opt_ca').disabled = true;
442 a93e56c5 Matthew Grooms
			break;
443
	}
444
}
445
446
/* PHP generated java script for variable length keys */
447
function ealgosel_change(bits) {
448
	switch (document.iform.ealgo.selectedIndex) {
449
<?php
450 ab2ccd9f Renato Botelho
$i = 0;
451
foreach ($p1_ealgos as $algo => $algodata) {
452
	if (is_array($algodata['keysel'])) {
453
		echo "		case {$i}:\n";
454
		echo "			document.iform.ealgo_keylen.style.visibility = 'visible';\n";
455
		echo "			document.iform.ealgo_keylen.options.length = 0;\n";
456
	//      echo "			document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
457
458
		$key_hi = $algodata['keysel']['hi'];
459
		$key_lo = $algodata['keysel']['lo'];
460
		$key_step = $algodata['keysel']['step'];
461
462
		for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step)
463
			echo "			document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n";
464
		echo "			break;\n";
465
	} else {
466
		echo "		case {$i}:\n";
467
		echo "			document.iform.ealgo_keylen.style.visibility = 'hidden';\n";
468
		echo "			document.iform.ealgo_keylen.options.length = 0;\n";
469
		echo "			break;\n";
470
	}
471
	$i++;
472
}
473 a93e56c5 Matthew Grooms
?>
474
	}
475
476
	if( bits )
477
		document.iform.ealgo_keylen.value = bits;
478
}
479 3462a529 Matthew Grooms
480 a93e56c5 Matthew Grooms
function dpdchkbox_change() {
481 5a3b0d3b mgrooms
	if( document.iform.dpd_enable.checked )
482
		document.getElementById('opt_dpd').style.display = '';
483
	else
484
		document.getElementById('opt_dpd').style.display = 'none';
485 3462a529 Matthew Grooms
486
	if (!document.iform.dpd_delay.value)
487
		document.iform.dpd_delay.value = "10";
488
489
	if (!document.iform.dpd_maxfail.value)
490
		document.iform.dpd_maxfail.value = "5";
491 a93e56c5 Matthew Grooms
}
492 3462a529 Matthew Grooms
493 a0fca224 Colin Fleming
//]]>
494 a93e56c5 Matthew Grooms
</script>
495 5a3b0d3b mgrooms
496
<form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform">
497
498
<?php
499
	if ($input_errors)
500
		print_input_errors($input_errors);
501
?>
502
503 a0fca224 Colin Fleming
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-1">
504 5a3b0d3b mgrooms
	<tr class="tabnavtbl">
505
		<td id="tabnav">
506
			<?php
507
				$tab_array = array();
508 2fbb33f1 Carlos Eduardo Ramos
				$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
509
				$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
510 2a2b247b jim-p
				$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
511 71172088 jim-p
				$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
512 5a3b0d3b mgrooms
				display_top_tabs($tab_array);
513
			?>
514
		</td>
515
	</tr>
516
	<tr>
517
		<td id="mainarea">
518
			<div class="tabcont">
519 a0fca224 Colin Fleming
				<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
520 5a3b0d3b mgrooms
					<tr>
521 2fbb33f1 Carlos Eduardo Ramos
						<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
522 5a3b0d3b mgrooms
					</tr>
523
					<tr>
524 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
525 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
526 a0fca224 Colin Fleming
							<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
527 8cd558b6 ayvis
							<strong><?=gettext("Disable this phase1 entry"); ?></strong><br />
528 5a3b0d3b mgrooms
							<span class="vexpl">
529 2fbb33f1 Carlos Eduardo Ramos
								<?=gettext("Set this option to disable this phase1 without " .
530
								"removing it from the list"); ?>.
531 5a3b0d3b mgrooms
							</span>
532
						</td>
533
					</tr>
534 20452c68 Ermal
					<tr>
535
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Key Exchange version"); ?></td>
536
						<td width="78%" class="vtable">
537
							<select name="iketype" class="formselect">
538
							<?php
539
								$keyexchange = array("ikev1" => "V1", "ikev2" => "V2");
540
								foreach ($keyexchange as $kidx => $name):
541
							?>
542 a0fca224 Colin Fleming
								<option value="<?=$kidx;?>" <?php if ($kidx == $pconfig['iketype']) echo "selected=\"selected\""; ?>>
543 20452c68 Ermal
									<?=htmlspecialchars($name);?>
544
								</option>
545
							<?php endforeach; ?>
546
							</select> <br /> <span class="vexpl"><?=gettext("Select the KeyExchange Protocol version to be used. Usually known as IKEv1 or IKEv2."); ?>.</span>
547
						</td>
548
					</tr>
549 e79b24ab Seth Mos
					<tr>
550
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Internet Protocol"); ?></td>
551
						<td width="78%" class="vtable">
552
							<select name="protocol" class="formselect">
553
							<?php
554
								$protocols = array("inet" => "IPv4", "inet6" => "IPv6");
555
								foreach ($protocols as $protocol => $name):
556
							?>
557 a0fca224 Colin Fleming
								<option value="<?=$protocol;?>" <?php if ($protocol == $pconfig['protocol']) echo "selected=\"selected\""; ?>>
558 e79b24ab Seth Mos
									<?=htmlspecialchars($name);?>
559
								</option>
560
							<?php endforeach; ?>
561 8cd558b6 ayvis
							</select> <br /> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
562 e79b24ab Seth Mos
						</td>
563
					</tr>
564 5a3b0d3b mgrooms
					<tr>
565 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
566 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
567
							<select name="interface" class="formselect">
568 ab2ccd9f Renato Botelho
							<?php
569 5a3b0d3b mgrooms
								$interfaces = get_configured_interface_with_descr();
570 6dbffeda smos
571 abcb2bed Ermal Lu?i
								$carplist = get_configured_carp_interface_list();
572
								foreach ($carplist as $cif => $carpip)
573 dd62256f Pierre POMES
									$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
574 6dbffeda smos
575 25f6730a Pierre POMES
								$aliaslist = get_configured_ip_aliases_list();
576
								foreach ($aliaslist as $aliasip => $aliasif)
577 96b4c29a Pierre POMES
									$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
578 6dbffeda smos
579
								$grouplist = return_gateway_groups_array();
580
								foreach ($grouplist as $name => $group) {
581
									if($group[0]['vip'] <> "")
582
										$vipif = $group[0]['vip'];
583
									else
584
										$vipif = $group[0]['int'];
585
									$interfaces[$name] = "GW Group {$name}";
586
								}
587
588
589 5a3b0d3b mgrooms
								foreach ($interfaces as $iface => $ifacename):
590
							?>
591 a0fca224 Colin Fleming
								<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
592 5a3b0d3b mgrooms
									<?=htmlspecialchars($ifacename);?>
593
								</option>
594
							<?php endforeach; ?>
595
							</select>
596 8cd558b6 ayvis
							<br />
597 2fbb33f1 Carlos Eduardo Ramos
							<span class="vexpl"><?=gettext("Select the interface for the local endpoint of this phase1 entry"); ?>.</span>
598 5a3b0d3b mgrooms
						</td>
599
					</tr>
600
601
					<?php if (!$pconfig['mobile']): ?>
602
603
					<tr>
604 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote gateway"); ?></td>
605 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
606 a0fca224 Colin Fleming
							<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="28" value="<?=htmlspecialchars($pconfig['remotegw']);?>" />
607 8cd558b6 ayvis
							<br />
608 2fbb33f1 Carlos Eduardo Ramos
							<?=gettext("Enter the public IP address or host name of the remote gateway"); ?>
609 5a3b0d3b mgrooms
						</td>
610
					</tr>
611
612
					<?php endif; ?>
613
614
					<tr>
615 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
616 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
617 a0fca224 Colin Fleming
							<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
618 8cd558b6 ayvis
							<br />
619 5a3b0d3b mgrooms
							<span class="vexpl">
620 2fbb33f1 Carlos Eduardo Ramos
								<?=gettext("You may enter a description here " .
621
								"for your reference (not parsed)"); ?>.
622 5a3b0d3b mgrooms
							</span>
623
						</td>
624
					</tr>
625
					<tr>
626
						<td colspan="2" class="list" height="12"></td>
627
					</tr>
628
					<tr>
629
						<td colspan="2" valign="top" class="listtopic">
630 2fbb33f1 Carlos Eduardo Ramos
							<?=gettext("Phase 1 proposal (Authentication)"); ?>
631 5a3b0d3b mgrooms
						</td>
632
					</tr>
633 71d61aa5 jim-p
					<tr>
634 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication method"); ?></td>
635 71d61aa5 jim-p
						<td width="78%" class="vtable">
636 a0fca224 Colin Fleming
							<select name="authentication_method" class="formselect" onchange="methodsel_change()">
637 71d61aa5 jim-p
							<?php
638
								foreach ($p1_authentication_methods as $method_type => $method_params):
639
									if (!$pconfig['mobile'] && $method_params['mobile'])
640
										continue;
641
							?>
642 a0fca224 Colin Fleming
								<option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected=\"selected\""; ?>>
643 71d61aa5 jim-p
									<?=htmlspecialchars($method_params['name']);?>
644
								</option>
645
							<?php endforeach; ?>
646
							</select>
647 8cd558b6 ayvis
							<br />
648 71d61aa5 jim-p
							<span class="vexpl">
649 2fbb33f1 Carlos Eduardo Ramos
								<?=gettext("Must match the setting chosen on the remote side"); ?>.
650 71d61aa5 jim-p
							</span>
651
						</td>
652
					</tr>
653 5a3b0d3b mgrooms
					<tr>
654 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Negotiation mode"); ?></td>
655 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
656
							<select name="mode" class="formselect">
657
							<?php
658 fc835b04 Ermal
								$modes = array("main" => "Main", "aggressive" => "Aggressive");
659 0dc05b20 Ermal
								foreach ($modes as $mode => $mdescr):
660 5a3b0d3b mgrooms
							?>
661 a0fca224 Colin Fleming
								<option value="<?=$mode;?>" <?php if ($mode == $pconfig['mode']) echo "selected=\"selected\""; ?>>
662 0dc05b20 Ermal
									<?=htmlspecialchars($mdescr);?>
663 5a3b0d3b mgrooms
								</option>
664
							<?php endforeach; ?>
665 8cd558b6 ayvis
							</select> <br /> <span class="vexpl"><?=gettext("Aggressive is more flexible, but less secure"); ?>.</span>
666 5a3b0d3b mgrooms
						</td>
667
					</tr>
668
					<tr>
669 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncellreq"><?=gettext("My identifier"); ?></td>
670 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
671 a0fca224 Colin Fleming
							<select name="myid_type" class="formselect" onchange="myidsel_change()">
672 5a3b0d3b mgrooms
							<?php foreach ($my_identifier_list as $id_type => $id_params): ?>
673 a0fca224 Colin Fleming
								<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['myid_type']) echo "selected=\"selected\""; ?>>
674 5a3b0d3b mgrooms
									<?=htmlspecialchars($id_params['desc']);?>
675
								</option>
676
							<?php endforeach; ?>
677
							</select>
678 a0fca224 Colin Fleming
							<input name="myid_data" type="text" class="formfld unknown" id="myid_data" size="30" value="<?=htmlspecialchars($pconfig['myid_data']);?>" />
679 5a3b0d3b mgrooms
						</td>
680
					</tr>
681 1f65618b jim-p
					<tr id="opt_peerid">
682 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer identifier"); ?></td>
683 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
684 a0fca224 Colin Fleming
							<select name="peerid_type" class="formselect" onchange="peeridsel_change()">
685 5a3b0d3b mgrooms
							<?php
686
								foreach ($peer_identifier_list as $id_type => $id_params):
687
									if ($pconfig['mobile'] && !$id_params['mobile'])
688
										continue;
689
							?>
690 a0fca224 Colin Fleming
							<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected=\"selected\""; ?>>
691 5a3b0d3b mgrooms
								<?=htmlspecialchars($id_params['desc']);?>
692
							</option>
693
							<?php endforeach; ?>
694
							</select>
695 a0fca224 Colin Fleming
							<input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=htmlspecialchars($pconfig['peerid_data']);?>" />
696 1f65618b jim-p
						<?php if ($pconfig['mobile']) { ?>
697 8cd558b6 ayvis
							<br /><br /><?=gettext("NOTE: This is known as the \"group\" setting on some VPN client implementations"); ?>.
698 1f65618b jim-p
						<?php } ?>
699 5a3b0d3b mgrooms
						</td>
700
					</tr>
701 71d61aa5 jim-p
					<tr id="opt_psk">
702 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
703 71d61aa5 jim-p
						<td width="78%" class="vtable">
704
							<?=$mandfldhtml;?>
705 a0fca224 Colin Fleming
							<input name="pskey" type="text" class="formfld unknown" id="pskey" size="40" value="<?=htmlspecialchars($pconfig['pskey']);?>" />
706 71d61aa5 jim-p
							<span class="vexpl">
707 8cd558b6 ayvis
							<br />
708 2a2b247b jim-p
								<?=gettext("Input your Pre-Shared Key string"); ?>.
709 71d61aa5 jim-p
							</span>
710
						</td>
711
					</tr>
712 5a3b0d3b mgrooms
					<tr>
713 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
714 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
715 a0fca224 Colin Fleming
							<select name="ealgo" class="formselect" onchange="ealgosel_change()">
716 5a3b0d3b mgrooms
							<?php
717
								foreach ($p1_ealgos as $algo => $algodata):
718 a0fca224 Colin Fleming
									$selected = "";
719 5a3b0d3b mgrooms
									if ($algo == $pconfig['ealgo']['name'])
720 a0fca224 Colin Fleming
										$selected = " selected=\"selected\"";
721 5a3b0d3b mgrooms
							?>
722
								<option value="<?=$algo;?>"<?=$selected?>>
723
									<?=htmlspecialchars($algodata['name']);?>
724
								</option>
725
							<?php endforeach; ?>
726
							</select>
727
							<select name="ealgo_keylen" width="30" class="formselect">
728
							</select>
729
						</td>
730
					</tr>
731
					<tr>
732 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithm"); ?></td>
733 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
734
							<select name="halgo" class="formselect">
735
							<?php foreach ($p1_halgos as $algo => $algoname): ?>
736 a0fca224 Colin Fleming
								<option value="<?=$algo;?>" <?php if ($algo == $pconfig['halgo']) echo "selected=\"selected\""; ?>>
737 5a3b0d3b mgrooms
									<?=htmlspecialchars($algoname);?>
738
								</option>
739
							<?php endforeach; ?>
740
							</select>
741 8cd558b6 ayvis
							<br />
742 5a3b0d3b mgrooms
							<span class="vexpl">
743 2fbb33f1 Carlos Eduardo Ramos
								<?=gettext("Must match the setting chosen on the remote side"); ?>.
744 5a3b0d3b mgrooms
							</span>
745
						</td>
746
					</tr>
747
					<tr>
748 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncellreq"><?=gettext("DH key group"); ?></td>
749 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
750
							<select name="dhgroup" class="formselect">
751 665340db jim-p
							<?php foreach ($p1_dhgroups as $keygroup => $keygroupname): ?>
752 a0fca224 Colin Fleming
								<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['dhgroup']) echo "selected=\"selected\""; ?>>
753 665340db jim-p
									<?=htmlspecialchars($keygroupname);?>
754 5a3b0d3b mgrooms
								</option>
755
							<?php endforeach; ?>
756
							</select>
757 8cd558b6 ayvis
							<br />
758 5a3b0d3b mgrooms
							<span class="vexpl">
759 2fbb33f1 Carlos Eduardo Ramos
								<?=gettext("Must match the setting chosen on the remote side"); ?>.
760 5a3b0d3b mgrooms
							</span>
761
						</td>
762
					</tr>
763
					<tr>
764 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
765 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
766 a0fca224 Colin Fleming
							<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />
767 2fbb33f1 Carlos Eduardo Ramos
							<?=gettext("seconds"); ?>
768 5a3b0d3b mgrooms
						</td>
769
					</tr>
770 73fbece8 mgrooms
					<tr id="opt_cert">
771 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td>
772 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
773 a0fca224 Colin Fleming
							<select name="certref" class="formselect">
774 73fbece8 mgrooms
							<?php
775 b4e6524c jim-p
								foreach ($config['cert'] as $cert):
776 73fbece8 mgrooms
									$selected = "";
777
									if ($pconfig['certref'] == $cert['refid'])
778 a0fca224 Colin Fleming
										$selected = "selected=\"selected\"";
779 73fbece8 mgrooms
							?>
780 f2a86ca9 jim-p
								<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option>
781 73fbece8 mgrooms
							<?php endforeach; ?>
782
							</select>
783 8cd558b6 ayvis
							<br />
784 73fbece8 mgrooms
							<span class="vexpl">
785 2fbb33f1 Carlos Eduardo Ramos
								<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>.
786 73fbece8 mgrooms
							</span>
787 5a3b0d3b mgrooms
						</td>
788
					</tr>
789 a22d475f jim-p
					<tr id="opt_ca">
790
						<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
791
						<td width="78%" class="vtable">
792 a0fca224 Colin Fleming
							<select name="caref" class="formselect">
793 a22d475f jim-p
							<?php
794 b4e6524c jim-p
								foreach ($config['ca'] as $ca):
795 a22d475f jim-p
									$selected = "";
796
									if ($pconfig['caref'] == $ca['refid'])
797 a0fca224 Colin Fleming
										$selected = "selected=\"selected\"";
798 a22d475f jim-p
							?>
799 f2a86ca9 jim-p
								<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
800 a22d475f jim-p
							<?php endforeach; ?>
801
							</select>
802 8cd558b6 ayvis
							<br />
803 a22d475f jim-p
							<span class="vexpl">
804
								<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
805
							</span>
806
						</td>
807
					</tr>
808 5a3b0d3b mgrooms
					<tr>
809
						<td colspan="2" class="list" height="12"></td>
810
					</tr>
811
					<tr>
812 2fbb33f1 Carlos Eduardo Ramos
						<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
813 5a3b0d3b mgrooms
					</tr>
814
					<tr>
815 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncell"><?=gettext("NAT Traversal"); ?></td>
816 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
817
							<select name="nat_traversal" class="formselect">
818 a0fca224 Colin Fleming
								<option value="off" <?php if ($pconfig['nat_traversal'] == "off") echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
819
								<option value="on" <?php if ($pconfig['nat_traversal'] == "on") echo "selected=\"selected\""; ?>><?=gettext("Enable"); ?></option>
820
								<option value="force" <?php if ($pconfig['nat_traversal'] == "force") echo "selected=\"selected\""; ?>><?=gettext("Force"); ?></option>
821 5a3b0d3b mgrooms
							</select>
822 8cd558b6 ayvis
							<br />
823 5a3b0d3b mgrooms
							<span class="vexpl">
824 2fbb33f1 Carlos Eduardo Ramos
								<?=gettext("Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed, " .
825
								"which can help with clients that are behind restrictive firewalls"); ?>.
826 5a3b0d3b mgrooms
							</span>
827
						</td>
828
					</tr>
829
					<tr>
830 2fbb33f1 Carlos Eduardo Ramos
						<td width="22%" valign="top" class="vncell"><?=gettext("Dead Peer Detection"); ?></td>
831 5a3b0d3b mgrooms
						<td width="78%" class="vtable">
832 a0fca224 Colin Fleming
							<input name="dpd_enable" type="checkbox" id="dpd_enable" value="yes" <?php if (isset($pconfig['dpd_enable'])) echo "checked=\"checked\""; ?> onclick="dpdchkbox_change()" />
833 8cd558b6 ayvis
							<?=gettext("Enable DPD"); ?><br />
834 5a3b0d3b mgrooms
							<div id="opt_dpd">
835 8cd558b6 ayvis
								<br />
836 a0fca224 Colin Fleming
								<input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=htmlspecialchars($pconfig['dpd_delay']);?>" />
837 8cd558b6 ayvis
								<?=gettext("seconds"); ?><br />
838 5a3b0d3b mgrooms
								<span class="vexpl">
839 2fbb33f1 Carlos Eduardo Ramos
									<?=gettext("Delay between requesting peer acknowledgement"); ?>.
840 8cd558b6 ayvis
								</span><br />
841
								<br />
842 a0fca224 Colin Fleming
								<input name="dpd_maxfail" type="text" class="formfld unknown" id="dpd_maxfail" size="5" value="<?=htmlspecialchars($pconfig['dpd_maxfail']);?>" />
843 8cd558b6 ayvis
								<?=gettext("retries"); ?><br />
844 5a3b0d3b mgrooms
								<span class="vexpl">
845 2fbb33f1 Carlos Eduardo Ramos
									<?=gettext("Number of consecutive failures allowed before disconnect"); ?>.
846 5a3b0d3b mgrooms
								</span>
847 8cd558b6 ayvis
								<br />
848 5a3b0d3b mgrooms
							</div>
849
						</td>
850
					</tr>
851
					<tr>
852
						<td width="22%" valign="top">&nbsp;</td>
853
						<td width="78%">
854
							<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
855 a0fca224 Colin Fleming
							<input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>" />
856 5a3b0d3b mgrooms
							<?php endif; ?>
857
							<?php if ($pconfig['mobile']): ?>
858 a0fca224 Colin Fleming
							<input name="mobile" type="hidden" value="true" />
859 5a3b0d3b mgrooms
							<?php endif; ?>
860 a0fca224 Colin Fleming
							<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" />
861
							<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
862 5a3b0d3b mgrooms
						</td>
863
					</tr>
864
				</table>
865
			</div>
866
		</td>
867
	</tr>
868
</table>
869 a93e56c5 Matthew Grooms
</form>
870 5a3b0d3b mgrooms
871 a0fca224 Colin Fleming
<script type="text/javascript">
872
//<![CDATA[
873 a93e56c5 Matthew Grooms
<?php
874
	/* determine if we should init the key length */
875
	$keyset = '';
876
	if (isset($pconfig['ealgo']['keylen']))
877
		if (is_numeric($pconfig['ealgo']['keylen']))
878
			$keyset = $pconfig['ealgo']['keylen'];
879
?>
880 3462a529 Matthew Grooms
myidsel_change();
881
peeridsel_change();
882 a93e56c5 Matthew Grooms
methodsel_change();
883
ealgosel_change(<?=$keyset;?>);
884
dpdchkbox_change();
885 a0fca224 Colin Fleming
//]]>
886 a93e56c5 Matthew Grooms
</script>
887
<?php include("fend.inc"); ?>
888 3462a529 Matthew Grooms
</body>
889
</html>