/usr/local/www/vpn_ipsec_phase1.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase1.php @ 048dd7b9

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase1.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase1
34			##\|*NAME=VPN: IPsec: Edit Phase 1 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 1' page.
36			##\|MATCH=vpn_ipsec_phase1.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44			if (!is_array($config['ipsec']['phase1']))
45			$config['ipsec']['phase1'] = array();
46
47	647c7c48	Seth Mos	if (!is_array($config['ipsec']['phase2']))
48			$config['ipsec']['phase2'] = array();
49
50	a93e56c5	Matthew Grooms	$a_phase1 = &$config['ipsec']['phase1'];
51	647c7c48	Seth Mos	$a_phase2 = &$config['ipsec']['phase2'];
52	a93e56c5	Matthew Grooms
53	e41ec584	Renato Botelho	if (is_numericint($_GET['p1index']))
54			$p1index = $_GET['p1index'];
55	9caf5eca	Renato Botelho	if (isset($_POST['p1index']) && is_numericint($_POST['p1index']))
56	a93e56c5	Matthew Grooms	$p1index = $_POST['p1index'];
57
58	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
59	a93e56c5	Matthew Grooms	$p1index = $_GET['dup'];
60
61	fad728ab	sullrich	if (isset($p1index) && $a_phase1[$p1index]) {
62	99bbd213	Matthew Grooms	// don't copy the ikeid on dup
63	e41ec584	Renato Botelho	if (!isset($_GET['dup']) \|\| !is_numericint($_GET['dup']))
64	99bbd213	Matthew Grooms	$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
65	7fc26246	Seth Mos
66	647c7c48	Seth Mos	$old_ph1ent = $a_phase1[$p1index];
67	99bbd213	Matthew Grooms
68	a93e56c5	Matthew Grooms	$pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']);
69
70			if ($a_phase1[$p1index]['interface'])
71			$pconfig['interface'] = $a_phase1[$p1index]['interface'];
72			else
73			$pconfig['interface'] = "wan";
74
75			list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
76	3462a529	Matthew Grooms
77			if (isset($a_phase1[$p1index]['mobile']))
78			$pconfig['mobile'] = 'true';
79			else
80			$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
81
82	20452c68	Ermal	$pconfig['iketype'] = $a_phase1[$p1index]['iketype'];
83	a93e56c5	Matthew Grooms	$pconfig['mode'] = $a_phase1[$p1index]['mode'];
84	e79b24ab	Seth Mos	$pconfig['protocol'] = $a_phase1[$p1index]['protocol'];
85	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
86			$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data'];
87			$pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type'];
88			$pconfig['peerid_data'] = $a_phase1[$p1index]['peerid_data'];
89			$pconfig['ealgo'] = $a_phase1[$p1index]['encryption-algorithm'];
90			$pconfig['halgo'] = $a_phase1[$p1index]['hash-algorithm'];
91			$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup'];
92			$pconfig['lifetime'] = $a_phase1[$p1index]['lifetime'];
93			$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
94	4e2af464	Matthew Grooms
95	ab2ccd9f	Renato Botelho	if (($pconfig['authentication_method'] == "pre_shared_key") \|\|
96	4e2af464	Matthew Grooms	($pconfig['authentication_method'] == "xauth_psk_server")) {
97			$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
98			} else {
99	73fbece8	mgrooms	$pconfig['certref'] = $a_phase1[$p1index]['certref'];
100	a22d475f	jim-p	$pconfig['caref'] = $a_phase1[$p1index]['caref'];
101	4e2af464	Matthew Grooms	}
102	a93e56c5	Matthew Grooms
103			$pconfig['descr'] = $a_phase1[$p1index]['descr'];
104			$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
105	3462a529	Matthew Grooms
106			if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) {
107			$pconfig['dpd_enable'] = true;
108			$pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay'];
109			$pconfig['dpd_maxfail'] = $a_phase1[$p1index]['dpd_maxfail'];
110			}
111	fad728ab	sullrich	} else {
112	a93e56c5	Matthew Grooms	/* defaults */
113			$pconfig['interface'] = "wan";
114	ab2ccd9f	Renato Botelho	if($config['interfaces']['lan'])
115	a93e56c5	Matthew Grooms	$pconfig['localnet'] = "lan";
116			$pconfig['mode'] = "aggressive";
117	e79b24ab	Seth Mos	$pconfig['protocol'] = "inet";
118	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = "myaddress";
119			$pconfig['peerid_type'] = "peeraddress";
120			$pconfig['authentication_method'] = "pre_shared_key";
121			$pconfig['ealgo'] = array( name => "3des" );
122			$pconfig['halgo'] = "sha1";
123			$pconfig['dhgroup'] = "2";
124			$pconfig['lifetime'] = "28800";
125			$pconfig['nat_traversal'] = "on";
126	3462a529	Matthew Grooms	$pconfig['dpd_enable'] = true;
127	20452c68	Ermal	$pconfig['iketype'] = "ikev1";
128	3462a529	Matthew Grooms
129			/* mobile client */
130			if($_GET['mobile'])
131			$pconfig['mobile']=true;
132	a93e56c5	Matthew Grooms	}
133
134	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
135	a93e56c5	Matthew Grooms	unset($p1index);
136
137			if ($_POST) {
138			unset($input_errors);
139			$pconfig = $_POST;
140
141			/* input validation */
142	3462a529	Matthew Grooms
143			$method = $pconfig['authentication_method'];
144	f27526cd	Evgeny Yurchenko	// Unset ca and cert if not required to avaoid storing in config
145	c7a7a4ee	Ermal Luçi	if ($method == "pre_shared_key" \|\| $method == "xauth_psk_server"){
146	ab2ccd9f	Renato Botelho	unset($pconfig['caref']);
147			unset($pconfig['certref']);
148	f27526cd	Evgeny Yurchenko	}
149	99642234	jim-p
150	1f65618b	jim-p	// Only require PSK here for normal PSK tunnels (not mobile) or xauth.
151	0a7c9c8e	jim-p	// For RSA methods, require the CA/Cert.
152	99642234	jim-p	switch ($method) {
153			case "pre_shared_key":
154	ab2ccd9f	Renato Botelho	// If this is a mobile PSK tunnel the user PSKs go on
155	0a7c9c8e	jim-p	// the PSK tab, not here, so skip the check.
156	99642234	jim-p	if ($pconfig['mobile'])
157			break;
158			case "xauth_psk_server":
159			$reqdfields = explode(" ", "pskey");
160			$reqdfieldsn = array(gettext("Pre-Shared Key"));
161			break;
162			case "hybrid_rsa_server":
163			case "xauth_rsa_server":
164			case "rsasig":
165			$reqdfields = explode(" ", "caref certref");
166			$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
167			break;
168	a93e56c5	Matthew Grooms	}
169	3462a529	Matthew Grooms	if (!$pconfig['mobile']) {
170			$reqdfields[] = "remotegw";
171	2fbb33f1	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote gateway");
172	3462a529	Matthew Grooms	}
173	a93e56c5	Matthew Grooms
174	1e9b4611	Renato Botelho	do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
175	a93e56c5	Matthew Grooms
176	3462a529	Matthew Grooms	if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
177	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("The P1 lifetime must be an integer.");
178	a93e56c5	Matthew Grooms
179	e4ffca08	Renato Botelho	if ($pconfig['remotegw']) {
180			if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw']))
181			$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
182			elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet"))
183			$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6");
184			elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6"))
185			$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4");
186			}
187	a93e56c5	Matthew Grooms
188	3462a529	Matthew Grooms	if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
189	a93e56c5	Matthew Grooms	$t = 0;
190			foreach ($a_phase1 as $ph1tmp) {
191			if ($p1index <> $t) {
192			$tremotegw = $pconfig['remotegw'];
193			if (($ph1tmp['remote-gateway'] == $tremotegw) && !isset($ph1tmp['disabled'])) {
194	ddc55e12	Erik Fonnesbeck	$input_errors[] = sprintf(gettext('The remote gateway "%1$s" is already used by phase1 "%2$s".'), $tremotegw, $ph1tmp['descr']);
195	a93e56c5	Matthew Grooms	}
196			}
197			$t++;
198			}
199			}
200
201	e4ffca08	Renato Botelho	if (is_array($a_phase2) && (count($a_phase2))) {
202			foreach ($a_phase2 as $phase2) {
203			if($phase2['ikeid'] == $pconfig['ikeid']) {
204			if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) {
205			$input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4.");
206			break;
207			}
208			if (($pconfig['protocol'] == "inet6") && ($phase2['mode'] == "tunnel")) {
209			$input_errors[] = gettext("There is a Phase 2 using IPv4, you cannot use IPv6.");
210			break;
211			}
212			}
213			}
214			}
215
216	a93e56c5	Matthew Grooms	/* My identity */
217
218	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "myaddress")
219			$pconfig['myid_data'] = "";
220	a93e56c5	Matthew Grooms
221	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
222	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter an address for 'My Identifier'");
223
224	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
225	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
226
227	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
228	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
229
230	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
231	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
232
233	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
234	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
235
236	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
237	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'My identifier' must be specified.");
238	a93e56c5	Matthew Grooms
239	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
240	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'My identifier' must be specified.");
241	a93e56c5	Matthew Grooms
242	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn")
243			if (is_domain($pconfig['myid_data']) == false)
244	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified.");
245	a93e56c5	Matthew Grooms
246	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn") {
247			$user_fqdn = explode("@",$pconfig['myid_data']);
248	a93e56c5	Matthew Grooms	if (is_domain($user_fqdn[1]) == false)
249	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.");
250	a93e56c5	Matthew Grooms	}
251
252	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns")
253			if (is_domain($pconfig['myid_data']) == false)
254	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified.");
255	a93e56c5	Matthew Grooms
256			/* Peer identity */
257
258	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "peeraddress")
259			$pconfig['peerid_data'] = "";
260
261	1f65618b	jim-p	// Only enforce peer ID if we are not dealing with a pure-psk mobile config.
262			if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) {
263			if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
264			$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
265	a93e56c5	Matthew Grooms
266	1f65618b	jim-p	if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
267			$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
268	a93e56c5	Matthew Grooms
269	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
270			$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
271	a93e56c5	Matthew Grooms
272	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
273			$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
274	a93e56c5	Matthew Grooms
275	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
276	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified.");
277	a93e56c5	Matthew Grooms
278	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
279	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified.");
280	a93e56c5	Matthew Grooms
281	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn")
282			if (is_domain($pconfig['peerid_data']) == false)
283	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified.");
284	a93e56c5	Matthew Grooms
285	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn") {
286			$user_fqdn = explode("@",$pconfig['peerid_data']);
287			if (is_domain($user_fqdn[1]) == false)
288	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.");
289	1f65618b	jim-p	}
290	a93e56c5	Matthew Grooms	}
291
292	3462a529	Matthew Grooms	if ($pconfig['dpd_enable']) {
293			if (!is_numeric($pconfig['dpd_delay']))
294	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD delay.");
295	a93e56c5	Matthew Grooms
296	3462a529	Matthew Grooms	if (!is_numeric($pconfig['dpd_maxfail']))
297	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD retries.");
298	a93e56c5	Matthew Grooms	}
299
300	20452c68	Ermal	if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2")
301			$input_errors[] = gettext("Valid arguments for IKE type is v1 or v2");
302
303	a93e56c5	Matthew Grooms	/* build our encryption algorithms array */
304			$pconfig['ealgo'] = array();
305			$pconfig['ealgo']['name'] = $_POST['ealgo'];
306	3462a529	Matthew Grooms	if($pconfig['ealgo_keylen'])
307	a93e56c5	Matthew Grooms	$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
308
309			if (!$input_errors) {
310	3462a529	Matthew Grooms	$ph1ent['ikeid'] = $pconfig['ikeid'];
311	20452c68	Ermal	$ph1ent['iketype'] = $pconfig['iketype'];
312	3462a529	Matthew Grooms	$ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
313	a93e56c5	Matthew Grooms	$ph1ent['interface'] = $pconfig['interface'];
314			/* if the remote gateway changed and the interface is not WAN then remove route */
315			/* the vpn_ipsec_configure() handles adding the route */
316	3462a529	Matthew Grooms	if ($pconfig['interface'] <> "wan") {
317	7fc26246	Seth Mos	if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
318	3acab378	smos	mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
319	a93e56c5	Matthew Grooms	}
320			}
321
322	3462a529	Matthew Grooms	if ($pconfig['mobile'])
323			$ph1ent['mobile'] = true;
324			else
325			$ph1ent['remote-gateway'] = $pconfig['remotegw'];
326
327			$ph1ent['mode'] = $pconfig['mode'];
328	e79b24ab	Seth Mos	$ph1ent['protocol'] = $pconfig['protocol'];
329	3462a529	Matthew Grooms
330			$ph1ent['myid_type'] = $pconfig['myid_type'];
331			$ph1ent['myid_data'] = $pconfig['myid_data'];
332			$ph1ent['peerid_type'] = $pconfig['peerid_type'];
333			$ph1ent['peerid_data'] = $pconfig['peerid_data'];
334	a93e56c5	Matthew Grooms
335			$ph1ent['encryption-algorithm'] = $pconfig['ealgo'];
336	3462a529	Matthew Grooms	$ph1ent['hash-algorithm'] = $pconfig['halgo'];
337			$ph1ent['dhgroup'] = $pconfig['dhgroup'];
338			$ph1ent['lifetime'] = $pconfig['lifetime'];
339			$ph1ent['pre-shared-key'] = $pconfig['pskey'];
340			$ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
341	73fbece8	mgrooms	$ph1ent['certref'] = $pconfig['certref'];
342	a22d475f	jim-p	$ph1ent['caref'] = $pconfig['caref'];
343	3462a529	Matthew Grooms	$ph1ent['authentication_method'] = $pconfig['authentication_method'];
344			$ph1ent['descr'] = $pconfig['descr'];
345			$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
346
347			if (isset($pconfig['dpd_enable'])) {
348			$ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
349			$ph1ent['dpd_maxfail'] = $pconfig['dpd_maxfail'];
350			}
351
352	a93e56c5	Matthew Grooms	/* generate unique phase1 ikeid */
353	d799787e	Matthew Grooms	if ($ph1ent['ikeid'] == 0)
354			$ph1ent['ikeid'] = ipsec_ikeid_next();
355	a93e56c5	Matthew Grooms
356			if (isset($p1index) && $a_phase1[$p1index])
357			$a_phase1[$p1index] = $ph1ent;
358			else
359			$a_phase1[] = $ph1ent;
360
361			write_config();
362	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
363	a93e56c5	Matthew Grooms
364			header("Location: vpn_ipsec.php");
365			exit;
366			}
367			}
368
369	3462a529	Matthew Grooms	if ($pconfig['mobile'])
370	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client"));
371	3462a529	Matthew Grooms	else
372	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"));
373	b32dd0a6	jim-p	$shortcut_section = "ipsec";
374	6deedfde	jim-p
375	3462a529	Matthew Grooms
376	a93e56c5	Matthew Grooms	include("head.inc");
377
378			?>
379
380			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
381			<?php include("fbegin.inc"); ?>
382	91f026b0	ayvis	<script type="text/javascript">
383	a0fca224	Colin Fleming	//<![CDATA[
384	3462a529	Matthew Grooms
385			function myidsel_change() {
386			index = document.iform.myid_type.selectedIndex;
387			value = document.iform.myid_type.options[index].value;
388			if (value == 'myaddress')
389	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'hidden';
390	3462a529	Matthew Grooms	else
391	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'visible';
392	3462a529	Matthew Grooms	}
393
394			function peeridsel_change() {
395			index = document.iform.peerid_type.selectedIndex;
396			value = document.iform.peerid_type.options[index].value;
397			if (value == 'peeraddress')
398	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'hidden';
399	3462a529	Matthew Grooms	else
400	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'visible';
401	3462a529	Matthew Grooms	}
402
403	a93e56c5	Matthew Grooms	function methodsel_change() {
404	3462a529	Matthew Grooms	index = document.iform.authentication_method.selectedIndex;
405			value = document.iform.authentication_method.options[index].value;
406
407			switch (value) {
408			case 'hybrid_rsa_server':
409	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = 'none';
410	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
411	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = '';
412	a22d475f	jim-p	document.getElementById('opt_ca').style.display = '';
413	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = false;
414			document.getElementById('opt_ca').disabled = false;
415	3462a529	Matthew Grooms	break;
416			case 'xauth_rsa_server':
417			case 'rsasig':
418	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = 'none';
419	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
420	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = '';
421	a22d475f	jim-p	document.getElementById('opt_ca').style.display = '';
422	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = false;
423			document.getElementById('opt_ca').disabled = false;
424	a93e56c5	Matthew Grooms	break;
425	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
426			case 'pre_shared_key':
427			document.getElementById('opt_psk').style.display = 'none';
428			document.getElementById('opt_peerid').style.display = 'none';
429			document.getElementById('opt_cert').style.display = 'none';
430	a22d475f	jim-p	document.getElementById('opt_ca').style.display = 'none';
431	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = true;
432			document.getElementById('opt_ca').disabled = true;
433	1f65618b	jim-p	break;
434			<?php } ?>
435	3462a529	Matthew Grooms	default: /* psk modes*/
436	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = '';
437	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
438	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = 'none';
439	a22d475f	jim-p	document.getElementById('opt_ca').style.display = 'none';
440	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = true;
441			document.getElementById('opt_ca').disabled = true;
442	a93e56c5	Matthew Grooms	break;
443			}
444			}
445
446			/* PHP generated java script for variable length keys */
447			function ealgosel_change(bits) {
448			switch (document.iform.ealgo.selectedIndex) {
449			<?php
450	ab2ccd9f	Renato Botelho	$i = 0;
451			foreach ($p1_ealgos as $algo => $algodata) {
452			if (is_array($algodata['keysel'])) {
453			echo " case {$i}:\n";
454			echo " document.iform.ealgo_keylen.style.visibility = 'visible';\n";
455			echo " document.iform.ealgo_keylen.options.length = 0;\n";
456			// echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
457
458			$key_hi = $algodata['keysel']['hi'];
459			$key_lo = $algodata['keysel']['lo'];
460			$key_step = $algodata['keysel']['step'];
461
462			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step)
463			echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n";
464			echo " break;\n";
465			} else {
466			echo " case {$i}:\n";
467			echo " document.iform.ealgo_keylen.style.visibility = 'hidden';\n";
468			echo " document.iform.ealgo_keylen.options.length = 0;\n";
469			echo " break;\n";
470			}
471			$i++;
472			}
473	a93e56c5	Matthew Grooms	?>
474			}
475
476			if( bits )
477			document.iform.ealgo_keylen.value = bits;
478			}
479	3462a529	Matthew Grooms
480	a93e56c5	Matthew Grooms	function dpdchkbox_change() {
481	5a3b0d3b	mgrooms	if( document.iform.dpd_enable.checked )
482			document.getElementById('opt_dpd').style.display = '';
483			else
484			document.getElementById('opt_dpd').style.display = 'none';
485	3462a529	Matthew Grooms
486			if (!document.iform.dpd_delay.value)
487			document.iform.dpd_delay.value = "10";
488
489			if (!document.iform.dpd_maxfail.value)
490			document.iform.dpd_maxfail.value = "5";
491	a93e56c5	Matthew Grooms	}
492	3462a529	Matthew Grooms
493	a0fca224	Colin Fleming	//]]>
494	a93e56c5	Matthew Grooms	</script>
495	5a3b0d3b	mgrooms
496			<form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform">
497
498			<?php
499			if ($input_errors)
500			print_input_errors($input_errors);
501			?>
502
503	a0fca224	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-1">
504	5a3b0d3b	mgrooms	<tr class="tabnavtbl">
505			<td id="tabnav">
506			<?php
507			$tab_array = array();
508	2fbb33f1	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
509			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
510	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
511	71172088	jim-p	$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
512	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
513			?>
514			</td>
515			</tr>
516			<tr>
517			<td id="mainarea">
518			<div class="tabcont">
519	a0fca224	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
520	5a3b0d3b	mgrooms	<tr>
521	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
522	5a3b0d3b	mgrooms	</tr>
523			<tr>
524	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
525	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
526	a0fca224	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
527	8cd558b6	ayvis	<strong><?=gettext("Disable this phase1 entry"); ?></strong><br />
528	5a3b0d3b	mgrooms	<span class="vexpl">
529	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this phase1 without " .
530			"removing it from the list"); ?>.
531	5a3b0d3b	mgrooms	</span>
532			</td>
533			</tr>
534	20452c68	Ermal	<tr>
535			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key Exchange version"); ?></td>
536			<td width="78%" class="vtable">
537			<select name="iketype" class="formselect">
538			<?php
539			$keyexchange = array("ikev1" => "V1", "ikev2" => "V2");
540			foreach ($keyexchange as $kidx => $name):
541			?>
542	a0fca224	Colin Fleming	<option value="<?=$kidx;?>" <?php if ($kidx == $pconfig['iketype']) echo "selected=\"selected\""; ?>>
543	20452c68	Ermal	<?=htmlspecialchars($name);?>
544			</option>
545			<?php endforeach; ?>
546			</select> <br /> <span class="vexpl"><?=gettext("Select the KeyExchange Protocol version to be used. Usually known as IKEv1 or IKEv2."); ?>.</span>
547			</td>
548			</tr>
549	e79b24ab	Seth Mos	<tr>
550			<td width="22%" valign="top" class="vncellreq"><?=gettext("Internet Protocol"); ?></td>
551			<td width="78%" class="vtable">
552			<select name="protocol" class="formselect">
553			<?php
554			$protocols = array("inet" => "IPv4", "inet6" => "IPv6");
555			foreach ($protocols as $protocol => $name):
556			?>
557	a0fca224	Colin Fleming	<option value="<?=$protocol;?>" <?php if ($protocol == $pconfig['protocol']) echo "selected=\"selected\""; ?>>
558	e79b24ab	Seth Mos	<?=htmlspecialchars($name);?>
559			</option>
560			<?php endforeach; ?>
561	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
562	e79b24ab	Seth Mos	</td>
563			</tr>
564	5a3b0d3b	mgrooms	<tr>
565	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
566	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
567			<select name="interface" class="formselect">
568	ab2ccd9f	Renato Botelho	<?php
569	5a3b0d3b	mgrooms	$interfaces = get_configured_interface_with_descr();
570	6dbffeda	smos
571	abcb2bed	Ermal Lu?i	$carplist = get_configured_carp_interface_list();
572			foreach ($carplist as $cif => $carpip)
573	dd62256f	Pierre POMES	$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
574	6dbffeda	smos
575	25f6730a	Pierre POMES	$aliaslist = get_configured_ip_aliases_list();
576			foreach ($aliaslist as $aliasip => $aliasif)
577	96b4c29a	Pierre POMES	$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
578	6dbffeda	smos
579			$grouplist = return_gateway_groups_array();
580			foreach ($grouplist as $name => $group) {
581			if($group[0]['vip'] <> "")
582			$vipif = $group[0]['vip'];
583			else
584			$vipif = $group[0]['int'];
585			$interfaces[$name] = "GW Group {$name}";
586			}
587
588
589	5a3b0d3b	mgrooms	foreach ($interfaces as $iface => $ifacename):
590			?>
591	a0fca224	Colin Fleming	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
592	5a3b0d3b	mgrooms	<?=htmlspecialchars($ifacename);?>
593			</option>
594			<?php endforeach; ?>
595			</select>
596	8cd558b6	ayvis	<br />
597	2fbb33f1	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Select the interface for the local endpoint of this phase1 entry"); ?>.</span>
598	5a3b0d3b	mgrooms	</td>
599			</tr>
600
601			<?php if (!$pconfig['mobile']): ?>
602
603			<tr>
604	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote gateway"); ?></td>
605	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
606	a0fca224	Colin Fleming	<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="28" value="<?=htmlspecialchars($pconfig['remotegw']);?>" />
607	8cd558b6	ayvis	<br />
608	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Enter the public IP address or host name of the remote gateway"); ?>
609	5a3b0d3b	mgrooms	</td>
610			</tr>
611
612			<?php endif; ?>
613
614			<tr>
615	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
616	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
617	a0fca224	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
618	8cd558b6	ayvis	<br />
619	5a3b0d3b	mgrooms	<span class="vexpl">
620	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
621			"for your reference (not parsed)"); ?>.
622	5a3b0d3b	mgrooms	</span>
623			</td>
624			</tr>
625			<tr>
626			<td colspan="2" class="list" height="12"></td>
627			</tr>
628			<tr>
629			<td colspan="2" valign="top" class="listtopic">
630	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Phase 1 proposal (Authentication)"); ?>
631	5a3b0d3b	mgrooms	</td>
632			</tr>
633	71d61aa5	jim-p	<tr>
634	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication method"); ?></td>
635	71d61aa5	jim-p	<td width="78%" class="vtable">
636	a0fca224	Colin Fleming	<select name="authentication_method" class="formselect" onchange="methodsel_change()">
637	71d61aa5	jim-p	<?php
638			foreach ($p1_authentication_methods as $method_type => $method_params):
639			if (!$pconfig['mobile'] && $method_params['mobile'])
640			continue;
641			?>
642	a0fca224	Colin Fleming	<option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected=\"selected\""; ?>>
643	71d61aa5	jim-p	<?=htmlspecialchars($method_params['name']);?>
644			</option>
645			<?php endforeach; ?>
646			</select>
647	8cd558b6	ayvis	<br />
648	71d61aa5	jim-p	<span class="vexpl">
649	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
650	71d61aa5	jim-p	</span>
651			</td>
652			</tr>
653	5a3b0d3b	mgrooms	<tr>
654	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Negotiation mode"); ?></td>
655	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
656			<select name="mode" class="formselect">
657			<?php
658	fc835b04	Ermal	$modes = array("main" => "Main", "aggressive" => "Aggressive");
659	0dc05b20	Ermal	foreach ($modes as $mode => $mdescr):
660	5a3b0d3b	mgrooms	?>
661	a0fca224	Colin Fleming	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['mode']) echo "selected=\"selected\""; ?>>
662	0dc05b20	Ermal	<?=htmlspecialchars($mdescr);?>
663	5a3b0d3b	mgrooms	</option>
664			<?php endforeach; ?>
665	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Aggressive is more flexible, but less secure"); ?>.</span>
666	5a3b0d3b	mgrooms	</td>
667			</tr>
668			<tr>
669	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My identifier"); ?></td>
670	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
671	a0fca224	Colin Fleming	<select name="myid_type" class="formselect" onchange="myidsel_change()">
672	5a3b0d3b	mgrooms	<?php foreach ($my_identifier_list as $id_type => $id_params): ?>
673	a0fca224	Colin Fleming	<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['myid_type']) echo "selected=\"selected\""; ?>>
674	5a3b0d3b	mgrooms	<?=htmlspecialchars($id_params['desc']);?>
675			</option>
676			<?php endforeach; ?>
677			</select>
678	a0fca224	Colin Fleming	<input name="myid_data" type="text" class="formfld unknown" id="myid_data" size="30" value="<?=htmlspecialchars($pconfig['myid_data']);?>" />
679	5a3b0d3b	mgrooms	</td>
680			</tr>
681	1f65618b	jim-p	<tr id="opt_peerid">
682	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer identifier"); ?></td>
683	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
684	a0fca224	Colin Fleming	<select name="peerid_type" class="formselect" onchange="peeridsel_change()">
685	5a3b0d3b	mgrooms	<?php
686			foreach ($peer_identifier_list as $id_type => $id_params):
687			if ($pconfig['mobile'] && !$id_params['mobile'])
688			continue;
689			?>
690	a0fca224	Colin Fleming	<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected=\"selected\""; ?>>
691	5a3b0d3b	mgrooms	<?=htmlspecialchars($id_params['desc']);?>
692			</option>
693			<?php endforeach; ?>
694			</select>
695	a0fca224	Colin Fleming	<input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=htmlspecialchars($pconfig['peerid_data']);?>" />
696	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
697	8cd558b6	ayvis	<br /><br /><?=gettext("NOTE: This is known as the \"group\" setting on some VPN client implementations"); ?>.
698	1f65618b	jim-p	<?php } ?>
699	5a3b0d3b	mgrooms	</td>
700			</tr>
701	71d61aa5	jim-p	<tr id="opt_psk">
702	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
703	71d61aa5	jim-p	<td width="78%" class="vtable">
704			<?=$mandfldhtml;?>
705	a0fca224	Colin Fleming	<input name="pskey" type="text" class="formfld unknown" id="pskey" size="40" value="<?=htmlspecialchars($pconfig['pskey']);?>" />
706	71d61aa5	jim-p	<span class="vexpl">
707	8cd558b6	ayvis	<br />
708	2a2b247b	jim-p	<?=gettext("Input your Pre-Shared Key string"); ?>.
709	71d61aa5	jim-p	</span>
710			</td>
711			</tr>
712	5a3b0d3b	mgrooms	<tr>
713	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
714	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
715	a0fca224	Colin Fleming	<select name="ealgo" class="formselect" onchange="ealgosel_change()">
716	5a3b0d3b	mgrooms	<?php
717			foreach ($p1_ealgos as $algo => $algodata):
718	a0fca224	Colin Fleming	$selected = "";
719	5a3b0d3b	mgrooms	if ($algo == $pconfig['ealgo']['name'])
720	a0fca224	Colin Fleming	$selected = " selected=\"selected\"";
721	5a3b0d3b	mgrooms	?>
722			<option value="<?=$algo;?>"<?=$selected?>>
723			<?=htmlspecialchars($algodata['name']);?>
724			</option>
725			<?php endforeach; ?>
726			</select>
727			<select name="ealgo_keylen" width="30" class="formselect">
728			</select>
729			</td>
730			</tr>
731			<tr>
732	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithm"); ?></td>
733	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
734			<select name="halgo" class="formselect">
735			<?php foreach ($p1_halgos as $algo => $algoname): ?>
736	a0fca224	Colin Fleming	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['halgo']) echo "selected=\"selected\""; ?>>
737	5a3b0d3b	mgrooms	<?=htmlspecialchars($algoname);?>
738			</option>
739			<?php endforeach; ?>
740			</select>
741	8cd558b6	ayvis	<br />
742	5a3b0d3b	mgrooms	<span class="vexpl">
743	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
744	5a3b0d3b	mgrooms	</span>
745			</td>
746			</tr>
747			<tr>
748	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH key group"); ?></td>
749	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
750			<select name="dhgroup" class="formselect">
751	665340db	jim-p	<?php foreach ($p1_dhgroups as $keygroup => $keygroupname): ?>
752	a0fca224	Colin Fleming	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['dhgroup']) echo "selected=\"selected\""; ?>>
753	665340db	jim-p	<?=htmlspecialchars($keygroupname);?>
754	5a3b0d3b	mgrooms	</option>
755			<?php endforeach; ?>
756			</select>
757	8cd558b6	ayvis	<br />
758	5a3b0d3b	mgrooms	<span class="vexpl">
759	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
760	5a3b0d3b	mgrooms	</span>
761			</td>
762			</tr>
763			<tr>
764	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
765	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
766	a0fca224	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />
767	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
768	5a3b0d3b	mgrooms	</td>
769			</tr>
770	73fbece8	mgrooms	<tr id="opt_cert">
771	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td>
772	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
773	a0fca224	Colin Fleming	<select name="certref" class="formselect">
774	73fbece8	mgrooms	<?php
775	b4e6524c	jim-p	foreach ($config['cert'] as $cert):
776	73fbece8	mgrooms	$selected = "";
777			if ($pconfig['certref'] == $cert['refid'])
778	a0fca224	Colin Fleming	$selected = "selected=\"selected\"";
779	73fbece8	mgrooms	?>
780	f2a86ca9	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option>
781	73fbece8	mgrooms	<?php endforeach; ?>
782			</select>
783	8cd558b6	ayvis	<br />
784	73fbece8	mgrooms	<span class="vexpl">
785	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>.
786	73fbece8	mgrooms	</span>
787	5a3b0d3b	mgrooms	</td>
788			</tr>
789	a22d475f	jim-p	<tr id="opt_ca">
790			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
791			<td width="78%" class="vtable">
792	a0fca224	Colin Fleming	<select name="caref" class="formselect">
793	a22d475f	jim-p	<?php
794	b4e6524c	jim-p	foreach ($config['ca'] as $ca):
795	a22d475f	jim-p	$selected = "";
796			if ($pconfig['caref'] == $ca['refid'])
797	a0fca224	Colin Fleming	$selected = "selected=\"selected\"";
798	a22d475f	jim-p	?>
799	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
800	a22d475f	jim-p	<?php endforeach; ?>
801			</select>
802	8cd558b6	ayvis	<br />
803	a22d475f	jim-p	<span class="vexpl">
804			<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
805			</span>
806			</td>
807			</tr>
808	5a3b0d3b	mgrooms	<tr>
809			<td colspan="2" class="list" height="12"></td>
810			</tr>
811			<tr>
812	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
813	5a3b0d3b	mgrooms	</tr>
814			<tr>
815	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT Traversal"); ?></td>
816	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
817			<select name="nat_traversal" class="formselect">
818	a0fca224	Colin Fleming	<option value="off" <?php if ($pconfig['nat_traversal'] == "off") echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
819			<option value="on" <?php if ($pconfig['nat_traversal'] == "on") echo "selected=\"selected\""; ?>><?=gettext("Enable"); ?></option>
820			<option value="force" <?php if ($pconfig['nat_traversal'] == "force") echo "selected=\"selected\""; ?>><?=gettext("Force"); ?></option>
821	5a3b0d3b	mgrooms	</select>
822	8cd558b6	ayvis	<br />
823	5a3b0d3b	mgrooms	<span class="vexpl">
824	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed, " .
825			"which can help with clients that are behind restrictive firewalls"); ?>.
826	5a3b0d3b	mgrooms	</span>
827			</td>
828			</tr>
829			<tr>
830	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dead Peer Detection"); ?></td>
831	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
832	a0fca224	Colin Fleming	<input name="dpd_enable" type="checkbox" id="dpd_enable" value="yes" <?php if (isset($pconfig['dpd_enable'])) echo "checked=\"checked\""; ?> onclick="dpdchkbox_change()" />
833	8cd558b6	ayvis	<?=gettext("Enable DPD"); ?><br />
834	5a3b0d3b	mgrooms	<div id="opt_dpd">
835	8cd558b6	ayvis	<br />
836	a0fca224	Colin Fleming	<input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=htmlspecialchars($pconfig['dpd_delay']);?>" />
837	8cd558b6	ayvis	<?=gettext("seconds"); ?><br />
838	5a3b0d3b	mgrooms	<span class="vexpl">
839	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Delay between requesting peer acknowledgement"); ?>.
840	8cd558b6	ayvis	</span><br />
841			<br />
842	a0fca224	Colin Fleming	<input name="dpd_maxfail" type="text" class="formfld unknown" id="dpd_maxfail" size="5" value="<?=htmlspecialchars($pconfig['dpd_maxfail']);?>" />
843	8cd558b6	ayvis	<?=gettext("retries"); ?><br />
844	5a3b0d3b	mgrooms	<span class="vexpl">
845	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Number of consecutive failures allowed before disconnect"); ?>.
846	5a3b0d3b	mgrooms	</span>
847	8cd558b6	ayvis	<br />
848	5a3b0d3b	mgrooms	</div>
849			</td>
850			</tr>
851			<tr>
852			<td width="22%" valign="top"> </td>
853			<td width="78%">
854			<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
855	a0fca224	Colin Fleming	<input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>" />
856	5a3b0d3b	mgrooms	<?php endif; ?>
857			<?php if ($pconfig['mobile']): ?>
858	a0fca224	Colin Fleming	<input name="mobile" type="hidden" value="true" />
859	5a3b0d3b	mgrooms	<?php endif; ?>
860	a0fca224	Colin Fleming	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" />
861			<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
862	5a3b0d3b	mgrooms	</td>
863			</tr>
864			</table>
865			</div>
866			</td>
867			</tr>
868			</table>
869	a93e56c5	Matthew Grooms	</form>
870	5a3b0d3b	mgrooms
871	a0fca224	Colin Fleming	<script type="text/javascript">
872			//<![CDATA[
873	a93e56c5	Matthew Grooms	<?php
874			/* determine if we should init the key length */
875			$keyset = '';
876			if (isset($pconfig['ealgo']['keylen']))
877			if (is_numeric($pconfig['ealgo']['keylen']))
878			$keyset = $pconfig['ealgo']['keylen'];
879			?>
880	3462a529	Matthew Grooms	myidsel_change();
881			peeridsel_change();
882	a93e56c5	Matthew Grooms	methodsel_change();
883			ealgosel_change(<?=$keyset;?>);
884			dpdchkbox_change();
885	a0fca224	Colin Fleming	//]]>
886	a93e56c5	Matthew Grooms	</script>
887			<?php include("fend.inc"); ?>
888	3462a529	Matthew Grooms	</body>
889			</html>

Project

General

Profile

pfSense