/usr/local/www/vpn_ipsec_phase1.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase1.php @ 07130afe

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase1.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase1
34			##\|*NAME=VPN: IPsec: Edit Phase 1 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 1' page.
36			##\|MATCH=vpn_ipsec_phase1.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44			if (!is_array($config['ipsec']['phase1']))
45			$config['ipsec']['phase1'] = array();
46
47	647c7c48	Seth Mos	if (!is_array($config['ipsec']['phase2']))
48			$config['ipsec']['phase2'] = array();
49
50	a93e56c5	Matthew Grooms	$a_phase1 = &$config['ipsec']['phase1'];
51	647c7c48	Seth Mos	$a_phase2 = &$config['ipsec']['phase2'];
52	a93e56c5	Matthew Grooms
53	e41ec584	Renato Botelho	if (is_numericint($_GET['p1index']))
54			$p1index = $_GET['p1index'];
55			if (isset($_POST['p1index']) && is_numericint($_GET['p1index']))
56	a93e56c5	Matthew Grooms	$p1index = $_POST['p1index'];
57
58	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
59	a93e56c5	Matthew Grooms	$p1index = $_GET['dup'];
60
61	fad728ab	sullrich	if (isset($p1index) && $a_phase1[$p1index]) {
62	99bbd213	Matthew Grooms	// don't copy the ikeid on dup
63	e41ec584	Renato Botelho	if (!isset($_GET['dup']) \|\| !is_numericint($_GET['dup']))
64	99bbd213	Matthew Grooms	$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
65	7fc26246	Seth Mos
66	647c7c48	Seth Mos	$old_ph1ent = $a_phase1[$p1index];
67	99bbd213	Matthew Grooms
68	a93e56c5	Matthew Grooms	$pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']);
69
70			if ($a_phase1[$p1index]['interface'])
71			$pconfig['interface'] = $a_phase1[$p1index]['interface'];
72			else
73			$pconfig['interface'] = "wan";
74
75			list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
76	3462a529	Matthew Grooms
77			if (isset($a_phase1[$p1index]['mobile']))
78			$pconfig['mobile'] = 'true';
79			else
80			$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
81
82	a93e56c5	Matthew Grooms	$pconfig['mode'] = $a_phase1[$p1index]['mode'];
83	e79b24ab	Seth Mos	$pconfig['protocol'] = $a_phase1[$p1index]['protocol'];
84	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
85			$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data'];
86			$pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type'];
87			$pconfig['peerid_data'] = $a_phase1[$p1index]['peerid_data'];
88			$pconfig['ealgo'] = $a_phase1[$p1index]['encryption-algorithm'];
89			$pconfig['halgo'] = $a_phase1[$p1index]['hash-algorithm'];
90			$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup'];
91			$pconfig['lifetime'] = $a_phase1[$p1index]['lifetime'];
92			$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
93	5cd9e96a	jim-p	$pconfig['generate_policy'] = $a_phase1[$p1index]['generate_policy'];
94	812dd35d	jim-p	$pconfig['proposal_check'] = $a_phase1[$p1index]['proposal_check'];
95	4e2af464	Matthew Grooms
96	ab2ccd9f	Renato Botelho	if (($pconfig['authentication_method'] == "pre_shared_key") \|\|
97	4e2af464	Matthew Grooms	($pconfig['authentication_method'] == "xauth_psk_server")) {
98			$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
99			} else {
100	73fbece8	mgrooms	$pconfig['certref'] = $a_phase1[$p1index]['certref'];
101	a22d475f	jim-p	$pconfig['caref'] = $a_phase1[$p1index]['caref'];
102	4e2af464	Matthew Grooms	}
103	a93e56c5	Matthew Grooms
104			$pconfig['descr'] = $a_phase1[$p1index]['descr'];
105			$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
106	3462a529	Matthew Grooms
107			if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) {
108			$pconfig['dpd_enable'] = true;
109			$pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay'];
110			$pconfig['dpd_maxfail'] = $a_phase1[$p1index]['dpd_maxfail'];
111			}
112	fad728ab	sullrich	} else {
113	a93e56c5	Matthew Grooms	/* defaults */
114			$pconfig['interface'] = "wan";
115	ab2ccd9f	Renato Botelho	if($config['interfaces']['lan'])
116	a93e56c5	Matthew Grooms	$pconfig['localnet'] = "lan";
117			$pconfig['mode'] = "aggressive";
118	e79b24ab	Seth Mos	$pconfig['protocol'] = "inet";
119	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = "myaddress";
120			$pconfig['peerid_type'] = "peeraddress";
121			$pconfig['authentication_method'] = "pre_shared_key";
122			$pconfig['ealgo'] = array( name => "3des" );
123			$pconfig['halgo'] = "sha1";
124			$pconfig['dhgroup'] = "2";
125			$pconfig['lifetime'] = "28800";
126			$pconfig['nat_traversal'] = "on";
127	3462a529	Matthew Grooms	$pconfig['dpd_enable'] = true;
128
129			/* mobile client */
130			if($_GET['mobile'])
131			$pconfig['mobile']=true;
132	a93e56c5	Matthew Grooms	}
133
134	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
135	a93e56c5	Matthew Grooms	unset($p1index);
136
137			if ($_POST) {
138			unset($input_errors);
139			$pconfig = $_POST;
140
141			/* input validation */
142	3462a529	Matthew Grooms
143			$method = $pconfig['authentication_method'];
144	f27526cd	Evgeny Yurchenko	// Unset ca and cert if not required to avaoid storing in config
145	c7a7a4ee	Ermal Luçi	if ($method == "pre_shared_key" \|\| $method == "xauth_psk_server"){
146	ab2ccd9f	Renato Botelho	unset($pconfig['caref']);
147			unset($pconfig['certref']);
148	f27526cd	Evgeny Yurchenko	}
149	99642234	jim-p
150	1f65618b	jim-p	// Only require PSK here for normal PSK tunnels (not mobile) or xauth.
151	0a7c9c8e	jim-p	// For RSA methods, require the CA/Cert.
152	99642234	jim-p	switch ($method) {
153			case "pre_shared_key":
154	ab2ccd9f	Renato Botelho	// If this is a mobile PSK tunnel the user PSKs go on
155	0a7c9c8e	jim-p	// the PSK tab, not here, so skip the check.
156	99642234	jim-p	if ($pconfig['mobile'])
157			break;
158			case "xauth_psk_server":
159			$reqdfields = explode(" ", "pskey");
160			$reqdfieldsn = array(gettext("Pre-Shared Key"));
161			break;
162			case "hybrid_rsa_server":
163			case "xauth_rsa_server":
164			case "rsasig":
165			$reqdfields = explode(" ", "caref certref");
166			$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
167			break;
168	a93e56c5	Matthew Grooms	}
169	3462a529	Matthew Grooms	if (!$pconfig['mobile']) {
170			$reqdfields[] = "remotegw";
171	2fbb33f1	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote gateway");
172	3462a529	Matthew Grooms	}
173	a93e56c5	Matthew Grooms
174	1e9b4611	Renato Botelho	do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
175	a93e56c5	Matthew Grooms
176	3462a529	Matthew Grooms	if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
177	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("The P1 lifetime must be an integer.");
178	a93e56c5	Matthew Grooms
179	e4ffca08	Renato Botelho	if ($pconfig['remotegw']) {
180			if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw']))
181			$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
182			elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet"))
183			$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6");
184			elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6"))
185			$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4");
186			}
187	a93e56c5	Matthew Grooms
188	3462a529	Matthew Grooms	if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
189	a93e56c5	Matthew Grooms	$t = 0;
190			foreach ($a_phase1 as $ph1tmp) {
191			if ($p1index <> $t) {
192			$tremotegw = $pconfig['remotegw'];
193			if (($ph1tmp['remote-gateway'] == $tremotegw) && !isset($ph1tmp['disabled'])) {
194	ddc55e12	Erik Fonnesbeck	$input_errors[] = sprintf(gettext('The remote gateway "%1$s" is already used by phase1 "%2$s".'), $tremotegw, $ph1tmp['descr']);
195	a93e56c5	Matthew Grooms	}
196			}
197			$t++;
198			}
199			}
200
201	e4ffca08	Renato Botelho	if (is_array($a_phase2) && (count($a_phase2))) {
202			foreach ($a_phase2 as $phase2) {
203			if($phase2['ikeid'] == $pconfig['ikeid']) {
204			if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) {
205			$input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4.");
206			break;
207			}
208			if (($pconfig['protocol'] == "inet6") && ($phase2['mode'] == "tunnel")) {
209			$input_errors[] = gettext("There is a Phase 2 using IPv4, you cannot use IPv6.");
210			break;
211			}
212			}
213			}
214			}
215
216	a93e56c5	Matthew Grooms	/* My identity */
217
218	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "myaddress")
219			$pconfig['myid_data'] = "";
220	a93e56c5	Matthew Grooms
221	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
222	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter an address for 'My Identifier'");
223
224	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
225	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
226
227	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
228	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
229
230	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
231	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
232
233	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
234	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
235
236	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
237	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'My identifier' must be specified.");
238	a93e56c5	Matthew Grooms
239	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
240	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'My identifier' must be specified.");
241	a93e56c5	Matthew Grooms
242	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn")
243			if (is_domain($pconfig['myid_data']) == false)
244	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified.");
245	a93e56c5	Matthew Grooms
246	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn") {
247			$user_fqdn = explode("@",$pconfig['myid_data']);
248	a93e56c5	Matthew Grooms	if (is_domain($user_fqdn[1]) == false)
249	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.");
250	a93e56c5	Matthew Grooms	}
251
252	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns")
253			if (is_domain($pconfig['myid_data']) == false)
254	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified.");
255	a93e56c5	Matthew Grooms
256			/* Peer identity */
257
258	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "peeraddress")
259			$pconfig['peerid_data'] = "";
260
261	1f65618b	jim-p	// Only enforce peer ID if we are not dealing with a pure-psk mobile config.
262			if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) {
263			if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
264			$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
265	a93e56c5	Matthew Grooms
266	1f65618b	jim-p	if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
267			$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
268	a93e56c5	Matthew Grooms
269	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
270			$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
271	a93e56c5	Matthew Grooms
272	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
273			$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
274	a93e56c5	Matthew Grooms
275	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
276	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified.");
277	a93e56c5	Matthew Grooms
278	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
279	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified.");
280	a93e56c5	Matthew Grooms
281	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn")
282			if (is_domain($pconfig['peerid_data']) == false)
283	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified.");
284	a93e56c5	Matthew Grooms
285	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn") {
286			$user_fqdn = explode("@",$pconfig['peerid_data']);
287			if (is_domain($user_fqdn[1]) == false)
288	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.");
289	1f65618b	jim-p	}
290	a93e56c5	Matthew Grooms	}
291
292	3462a529	Matthew Grooms	if ($pconfig['dpd_enable']) {
293			if (!is_numeric($pconfig['dpd_delay']))
294	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD delay.");
295	a93e56c5	Matthew Grooms
296	3462a529	Matthew Grooms	if (!is_numeric($pconfig['dpd_maxfail']))
297	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD retries.");
298	a93e56c5	Matthew Grooms	}
299
300			/* build our encryption algorithms array */
301			$pconfig['ealgo'] = array();
302			$pconfig['ealgo']['name'] = $_POST['ealgo'];
303	3462a529	Matthew Grooms	if($pconfig['ealgo_keylen'])
304	a93e56c5	Matthew Grooms	$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
305
306			if (!$input_errors) {
307	3462a529	Matthew Grooms	$ph1ent['ikeid'] = $pconfig['ikeid'];
308			$ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
309	a93e56c5	Matthew Grooms	$ph1ent['interface'] = $pconfig['interface'];
310			/* if the remote gateway changed and the interface is not WAN then remove route */
311			/* the vpn_ipsec_configure() handles adding the route */
312	3462a529	Matthew Grooms	if ($pconfig['interface'] <> "wan") {
313	7fc26246	Seth Mos	if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
314	3acab378	smos	mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
315	a93e56c5	Matthew Grooms	}
316			}
317
318	3462a529	Matthew Grooms	if ($pconfig['mobile'])
319			$ph1ent['mobile'] = true;
320			else
321			$ph1ent['remote-gateway'] = $pconfig['remotegw'];
322
323			$ph1ent['mode'] = $pconfig['mode'];
324	e79b24ab	Seth Mos	$ph1ent['protocol'] = $pconfig['protocol'];
325	3462a529	Matthew Grooms
326			$ph1ent['myid_type'] = $pconfig['myid_type'];
327			$ph1ent['myid_data'] = $pconfig['myid_data'];
328			$ph1ent['peerid_type'] = $pconfig['peerid_type'];
329			$ph1ent['peerid_data'] = $pconfig['peerid_data'];
330	a93e56c5	Matthew Grooms
331			$ph1ent['encryption-algorithm'] = $pconfig['ealgo'];
332	3462a529	Matthew Grooms	$ph1ent['hash-algorithm'] = $pconfig['halgo'];
333			$ph1ent['dhgroup'] = $pconfig['dhgroup'];
334			$ph1ent['lifetime'] = $pconfig['lifetime'];
335			$ph1ent['pre-shared-key'] = $pconfig['pskey'];
336			$ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
337	73fbece8	mgrooms	$ph1ent['certref'] = $pconfig['certref'];
338	a22d475f	jim-p	$ph1ent['caref'] = $pconfig['caref'];
339	3462a529	Matthew Grooms	$ph1ent['authentication_method'] = $pconfig['authentication_method'];
340	5cd9e96a	jim-p	$ph1ent['generate_policy'] = $pconfig['generate_policy'];
341	812dd35d	jim-p	$ph1ent['proposal_check'] = $pconfig['proposal_check'];
342	3462a529	Matthew Grooms	$ph1ent['descr'] = $pconfig['descr'];
343			$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
344
345			if (isset($pconfig['dpd_enable'])) {
346			$ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
347			$ph1ent['dpd_maxfail'] = $pconfig['dpd_maxfail'];
348			}
349
350	a93e56c5	Matthew Grooms	/* generate unique phase1 ikeid */
351	d799787e	Matthew Grooms	if ($ph1ent['ikeid'] == 0)
352			$ph1ent['ikeid'] = ipsec_ikeid_next();
353	a93e56c5	Matthew Grooms
354			if (isset($p1index) && $a_phase1[$p1index])
355			$a_phase1[$p1index] = $ph1ent;
356			else
357			$a_phase1[] = $ph1ent;
358
359			write_config();
360	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
361	a93e56c5	Matthew Grooms
362			header("Location: vpn_ipsec.php");
363			exit;
364			}
365			}
366
367	3462a529	Matthew Grooms	if ($pconfig['mobile'])
368	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client"));
369	3462a529	Matthew Grooms	else
370	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"));
371	b32dd0a6	jim-p	$shortcut_section = "ipsec";
372	6deedfde	jim-p
373	3462a529	Matthew Grooms
374	a93e56c5	Matthew Grooms	include("head.inc");
375
376			?>
377
378			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
379			<?php include("fbegin.inc"); ?>
380	91f026b0	ayvis	<script type="text/javascript">
381	a93e56c5	Matthew Grooms	<!--
382	3462a529	Matthew Grooms
383			function myidsel_change() {
384			index = document.iform.myid_type.selectedIndex;
385			value = document.iform.myid_type.options[index].value;
386			if (value == 'myaddress')
387	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'hidden';
388	3462a529	Matthew Grooms	else
389	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'visible';
390	3462a529	Matthew Grooms	}
391
392			function peeridsel_change() {
393			index = document.iform.peerid_type.selectedIndex;
394			value = document.iform.peerid_type.options[index].value;
395			if (value == 'peeraddress')
396	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'hidden';
397	3462a529	Matthew Grooms	else
398	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'visible';
399	3462a529	Matthew Grooms	}
400
401	a93e56c5	Matthew Grooms	function methodsel_change() {
402	3462a529	Matthew Grooms	index = document.iform.authentication_method.selectedIndex;
403			value = document.iform.authentication_method.options[index].value;
404
405			switch (value) {
406			case 'hybrid_rsa_server':
407	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = 'none';
408	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
409	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = '';
410	a22d475f	jim-p	document.getElementById('opt_ca').style.display = '';
411	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = false;
412			document.getElementById('opt_ca').disabled = false;
413	3462a529	Matthew Grooms	break;
414			case 'xauth_rsa_server':
415			case 'rsasig':
416	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = 'none';
417	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
418	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = '';
419	a22d475f	jim-p	document.getElementById('opt_ca').style.display = '';
420	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = false;
421			document.getElementById('opt_ca').disabled = false;
422	a93e56c5	Matthew Grooms	break;
423	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
424			case 'pre_shared_key':
425			document.getElementById('opt_psk').style.display = 'none';
426			document.getElementById('opt_peerid').style.display = 'none';
427			document.getElementById('opt_cert').style.display = 'none';
428	a22d475f	jim-p	document.getElementById('opt_ca').style.display = 'none';
429	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = true;
430			document.getElementById('opt_ca').disabled = true;
431	1f65618b	jim-p	break;
432			<?php } ?>
433	3462a529	Matthew Grooms	default: /* psk modes*/
434	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = '';
435	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
436	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = 'none';
437	a22d475f	jim-p	document.getElementById('opt_ca').style.display = 'none';
438	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = true;
439			document.getElementById('opt_ca').disabled = true;
440	a93e56c5	Matthew Grooms	break;
441			}
442			}
443
444			/* PHP generated java script for variable length keys */
445			function ealgosel_change(bits) {
446			switch (document.iform.ealgo.selectedIndex) {
447			<?php
448	ab2ccd9f	Renato Botelho	$i = 0;
449			foreach ($p1_ealgos as $algo => $algodata) {
450			if (is_array($algodata['keysel'])) {
451			echo " case {$i}:\n";
452			echo " document.iform.ealgo_keylen.style.visibility = 'visible';\n";
453			echo " document.iform.ealgo_keylen.options.length = 0;\n";
454			// echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
455
456			$key_hi = $algodata['keysel']['hi'];
457			$key_lo = $algodata['keysel']['lo'];
458			$key_step = $algodata['keysel']['step'];
459
460			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step)
461			echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n";
462			echo " break;\n";
463			} else {
464			echo " case {$i}:\n";
465			echo " document.iform.ealgo_keylen.style.visibility = 'hidden';\n";
466			echo " document.iform.ealgo_keylen.options.length = 0;\n";
467			echo " break;\n";
468			}
469			$i++;
470			}
471	a93e56c5	Matthew Grooms	?>
472			}
473
474			if( bits )
475			document.iform.ealgo_keylen.value = bits;
476			}
477	3462a529	Matthew Grooms
478	a93e56c5	Matthew Grooms	function dpdchkbox_change() {
479	5a3b0d3b	mgrooms	if( document.iform.dpd_enable.checked )
480			document.getElementById('opt_dpd').style.display = '';
481			else
482			document.getElementById('opt_dpd').style.display = 'none';
483	3462a529	Matthew Grooms
484			if (!document.iform.dpd_delay.value)
485			document.iform.dpd_delay.value = "10";
486
487			if (!document.iform.dpd_maxfail.value)
488			document.iform.dpd_maxfail.value = "5";
489	a93e56c5	Matthew Grooms	}
490	3462a529	Matthew Grooms
491	a93e56c5	Matthew Grooms	//-->
492			</script>
493	5a3b0d3b	mgrooms
494			<form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform">
495
496			<?php
497			if ($input_errors)
498			print_input_errors($input_errors);
499			?>
500
501			<table width="100%" border="0" cellpadding="0" cellspacing="0">
502			<tr class="tabnavtbl">
503			<td id="tabnav">
504			<?php
505			$tab_array = array();
506	2fbb33f1	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
507			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
508	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
509	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
510			?>
511			</td>
512			</tr>
513			<tr>
514			<td id="mainarea">
515			<div class="tabcont">
516			<table width="100%" border="0" cellpadding="6" cellspacing="0">
517			<tr>
518	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
519	5a3b0d3b	mgrooms	</tr>
520			<tr>
521	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
522	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
523			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
524	8cd558b6	ayvis	<strong><?=gettext("Disable this phase1 entry"); ?></strong><br />
525	5a3b0d3b	mgrooms	<span class="vexpl">
526	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this phase1 without " .
527			"removing it from the list"); ?>.
528	5a3b0d3b	mgrooms	</span>
529			</td>
530			</tr>
531	e79b24ab	Seth Mos	<tr>
532			<td width="22%" valign="top" class="vncellreq"><?=gettext("Internet Protocol"); ?></td>
533			<td width="78%" class="vtable">
534			<select name="protocol" class="formselect">
535			<?php
536			$protocols = array("inet" => "IPv4", "inet6" => "IPv6");
537			foreach ($protocols as $protocol => $name):
538			?>
539			<option value="<?=$protocol;?>" <?php if ($protocol == $pconfig['protocol']) echo "selected"; ?>>
540			<?=htmlspecialchars($name);?>
541			</option>
542			<?php endforeach; ?>
543	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
544	e79b24ab	Seth Mos	</td>
545			</tr>
546	5a3b0d3b	mgrooms	<tr>
547	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
548	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
549			<select name="interface" class="formselect">
550	ab2ccd9f	Renato Botelho	<?php
551	5a3b0d3b	mgrooms	$interfaces = get_configured_interface_with_descr();
552	6dbffeda	smos
553	abcb2bed	Ermal Lu?i	$carplist = get_configured_carp_interface_list();
554			foreach ($carplist as $cif => $carpip)
555	dd62256f	Pierre POMES	$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
556	6dbffeda	smos
557	25f6730a	Pierre POMES	$aliaslist = get_configured_ip_aliases_list();
558			foreach ($aliaslist as $aliasip => $aliasif)
559	96b4c29a	Pierre POMES	$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
560	6dbffeda	smos
561			$grouplist = return_gateway_groups_array();
562			foreach ($grouplist as $name => $group) {
563			if($group[0]['vip'] <> "")
564			$vipif = $group[0]['vip'];
565			else
566			$vipif = $group[0]['int'];
567			$interfaces[$name] = "GW Group {$name}";
568			}
569
570
571	5a3b0d3b	mgrooms	foreach ($interfaces as $iface => $ifacename):
572			?>
573			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
574			<?=htmlspecialchars($ifacename);?>
575			</option>
576			<?php endforeach; ?>
577			</select>
578	8cd558b6	ayvis	<br />
579	2fbb33f1	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Select the interface for the local endpoint of this phase1 entry"); ?>.</span>
580	5a3b0d3b	mgrooms	</td>
581			</tr>
582
583			<?php if (!$pconfig['mobile']): ?>
584
585			<tr>
586	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote gateway"); ?></td>
587	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
588	c271c485	Seth Mos	<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="28" value="<?=htmlspecialchars($pconfig['remotegw']);?>">
589	8cd558b6	ayvis	<br />
590	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Enter the public IP address or host name of the remote gateway"); ?>
591	5a3b0d3b	mgrooms	</td>
592			</tr>
593
594			<?php endif; ?>
595
596			<tr>
597	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
598	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
599			<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
600	8cd558b6	ayvis	<br />
601	5a3b0d3b	mgrooms	<span class="vexpl">
602	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
603			"for your reference (not parsed)"); ?>.
604	5a3b0d3b	mgrooms	</span>
605			</td>
606			</tr>
607			<tr>
608			<td colspan="2" class="list" height="12"></td>
609			</tr>
610			<tr>
611			<td colspan="2" valign="top" class="listtopic">
612	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Phase 1 proposal (Authentication)"); ?>
613	5a3b0d3b	mgrooms	</td>
614			</tr>
615	71d61aa5	jim-p	<tr>
616	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication method"); ?></td>
617	71d61aa5	jim-p	<td width="78%" class="vtable">
618			<select name="authentication_method" class="formselect" onChange="methodsel_change()">
619			<?php
620			foreach ($p1_authentication_methods as $method_type => $method_params):
621			if (!$pconfig['mobile'] && $method_params['mobile'])
622			continue;
623			?>
624			<option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected"; ?>>
625			<?=htmlspecialchars($method_params['name']);?>
626			</option>
627			<?php endforeach; ?>
628			</select>
629	8cd558b6	ayvis	<br />
630	71d61aa5	jim-p	<span class="vexpl">
631	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
632	71d61aa5	jim-p	</span>
633			</td>
634			</tr>
635	5a3b0d3b	mgrooms	<tr>
636	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Negotiation mode"); ?></td>
637	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
638			<select name="mode" class="formselect">
639			<?php
640	d5d15542	jim-p	$modes = array("main","aggressive","base");
641	5a3b0d3b	mgrooms	foreach ($modes as $mode):
642			?>
643			<option value="<?=$mode;?>" <?php if ($mode == $pconfig['mode']) echo "selected"; ?>>
644			<?=htmlspecialchars($mode);?>
645			</option>
646			<?php endforeach; ?>
647	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Aggressive is more flexible, but less secure"); ?>.</span>
648	5a3b0d3b	mgrooms	</td>
649			</tr>
650			<tr>
651	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My identifier"); ?></td>
652	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
653			<select name="myid_type" class="formselect" onChange="myidsel_change()">
654			<?php foreach ($my_identifier_list as $id_type => $id_params): ?>
655			<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['myid_type']) echo "selected"; ?>>
656			<?=htmlspecialchars($id_params['desc']);?>
657			</option>
658			<?php endforeach; ?>
659			</select>
660	dd5bf424	Scott Ullrich	<input name="myid_data" type="text" class="formfld unknown" id="myid_data" size="30" value="<?=htmlspecialchars($pconfig['myid_data']);?>">
661	5a3b0d3b	mgrooms	</td>
662			</tr>
663	1f65618b	jim-p	<tr id="opt_peerid">
664	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer identifier"); ?></td>
665	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
666			<select name="peerid_type" class="formselect" onChange="peeridsel_change()">
667			<?php
668			foreach ($peer_identifier_list as $id_type => $id_params):
669			if ($pconfig['mobile'] && !$id_params['mobile'])
670			continue;
671			?>
672			<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected"; ?>>
673			<?=htmlspecialchars($id_params['desc']);?>
674			</option>
675			<?php endforeach; ?>
676			</select>
677	dd5bf424	Scott Ullrich	<input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=htmlspecialchars($pconfig['peerid_data']);?>">
678	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
679	8cd558b6	ayvis	<br /><br /><?=gettext("NOTE: This is known as the \"group\" setting on some VPN client implementations"); ?>.
680	1f65618b	jim-p	<?php } ?>
681	5a3b0d3b	mgrooms	</td>
682			</tr>
683	71d61aa5	jim-p	<tr id="opt_psk">
684	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
685	71d61aa5	jim-p	<td width="78%" class="vtable">
686			<?=$mandfldhtml;?>
687			<input name="pskey" type="text" class="formfld unknown" id="pskey" size="40" value="<?=htmlspecialchars($pconfig['pskey']);?>">
688			<span class="vexpl">
689	8cd558b6	ayvis	<br />
690	2a2b247b	jim-p	<?=gettext("Input your Pre-Shared Key string"); ?>.
691	71d61aa5	jim-p	</span>
692			</td>
693			</tr>
694	5cd9e96a	jim-p	<tr id="generate_policy">
695			<td width="22%" valign="top" class="vncellreq"><?=gettext("Policy Generation"); ?></td>
696			<td width="78%" class="vtable">
697			<select name="generate_policy" class="formselect">
698			<option value="" <?php if (empty($pconfig['generate_policy'])) echo "selected"; ?>>Default</option>
699			<option value="on" <?php if ($pconfig['generate_policy'] == "on") echo "selected"; ?>>On</option>
700			<option value="off" <?php if ($pconfig['generate_policy'] == "off") echo "selected"; ?>>Off</option>
701			<option value="require" <?php if ($pconfig['generate_policy'] == "require") echo "selected"; ?>>Require</option>
702			<option value="unique" <?php if ($pconfig['generate_policy'] == "unique") echo "selected"; ?>>Unique</option>
703			</select>
704	8cd558b6	ayvis	<br />
705	5cd9e96a	jim-p	<span class="vexpl">
706			<?=gettext("When working as a responder (as with mobile clients), this controls how policies are generated based on SA proposals."); ?>
707			</span>
708			</td>
709			</tr>
710	812dd35d	jim-p	<tr id="proposal_check">
711			<td width="22%" valign="top" class="vncellreq"><?=gettext("Proposal Checking"); ?></td>
712			<td width="78%" class="vtable">
713			<select name="proposal_check" class="formselect">
714			<option value="" <?php if (empty($pconfig['proposal_check'])) echo "selected"; ?>>Default</option>
715			<option value="obey" <?php if ($pconfig['proposal_check'] == "obey") echo "selected"; ?>>Obey</option>
716			<option value="strict" <?php if ($pconfig['proposal_check'] == "strict") echo "selected"; ?>>Strict</option>
717			<option value="claim" <?php if ($pconfig['proposal_check'] == "claim") echo "selected"; ?>>Claim</option>
718			<option value="exact" <?php if ($pconfig['proposal_check'] == "exact") echo "selected"; ?>>Exact</option>
719			</select>
720	8cd558b6	ayvis	<br />
721	812dd35d	jim-p	<span class="vexpl">
722			<?=gettext("Specifies the action of lifetime length, key length, and PFS of the phase 2 selection on the responder side, and the action of lifetime check in phase 1."); ?>
723			</span>
724			</td>
725			</tr>
726	5a3b0d3b	mgrooms	<tr>
727	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
728	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
729			<select name="ealgo" class="formselect" onChange="ealgosel_change()">
730			<?php
731			foreach ($p1_ealgos as $algo => $algodata):
732			$selected = '';
733			if ($algo == $pconfig['ealgo']['name'])
734			$selected = ' selected';
735			?>
736			<option value="<?=$algo;?>"<?=$selected?>>
737			<?=htmlspecialchars($algodata['name']);?>
738			</option>
739			<?php endforeach; ?>
740			</select>
741			<select name="ealgo_keylen" width="30" class="formselect">
742			</select>
743			</td>
744			</tr>
745			<tr>
746	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithm"); ?></td>
747	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
748			<select name="halgo" class="formselect">
749			<?php foreach ($p1_halgos as $algo => $algoname): ?>
750			<option value="<?=$algo;?>" <?php if ($algo == $pconfig['halgo']) echo "selected"; ?>>
751			<?=htmlspecialchars($algoname);?>
752			</option>
753			<?php endforeach; ?>
754			</select>
755	8cd558b6	ayvis	<br />
756	5a3b0d3b	mgrooms	<span class="vexpl">
757	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
758	5a3b0d3b	mgrooms	</span>
759			</td>
760			</tr>
761			<tr>
762	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH key group"); ?></td>
763	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
764			<select name="dhgroup" class="formselect">
765	665340db	jim-p	<?php foreach ($p1_dhgroups as $keygroup => $keygroupname): ?>
766	5a3b0d3b	mgrooms	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['dhgroup']) echo "selected"; ?>>
767	665340db	jim-p	<?=htmlspecialchars($keygroupname);?>
768	5a3b0d3b	mgrooms	</option>
769			<?php endforeach; ?>
770			</select>
771	8cd558b6	ayvis	<br />
772	5a3b0d3b	mgrooms	<span class="vexpl">
773	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
774	5a3b0d3b	mgrooms	</span>
775			</td>
776			</tr>
777			<tr>
778	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
779	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
780	dd5bf424	Scott Ullrich	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>">
781	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
782	5a3b0d3b	mgrooms	</td>
783			</tr>
784	73fbece8	mgrooms	<tr id="opt_cert">
785	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td>
786	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
787	73fbece8	mgrooms	<select name='certref' class="formselect">
788			<?php
789	b4e6524c	jim-p	foreach ($config['cert'] as $cert):
790	73fbece8	mgrooms	$selected = "";
791			if ($pconfig['certref'] == $cert['refid'])
792			$selected = "selected";
793			?>
794	f2a86ca9	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option>
795	73fbece8	mgrooms	<?php endforeach; ?>
796			</select>
797	8cd558b6	ayvis	<br />
798	73fbece8	mgrooms	<span class="vexpl">
799	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>.
800	73fbece8	mgrooms	</span>
801	5a3b0d3b	mgrooms	</td>
802			</tr>
803	a22d475f	jim-p	<tr id="opt_ca">
804			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
805			<td width="78%" class="vtable">
806			<select name='caref' class="formselect">
807			<?php
808	b4e6524c	jim-p	foreach ($config['ca'] as $ca):
809	a22d475f	jim-p	$selected = "";
810			if ($pconfig['caref'] == $ca['refid'])
811			$selected = "selected";
812			?>
813	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
814	a22d475f	jim-p	<?php endforeach; ?>
815			</select>
816	8cd558b6	ayvis	<br />
817	a22d475f	jim-p	<span class="vexpl">
818			<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
819			</span>
820			</td>
821			</tr>
822	5a3b0d3b	mgrooms	<tr>
823			<td colspan="2" class="list" height="12"></td>
824			</tr>
825			<tr>
826	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
827	5a3b0d3b	mgrooms	</tr>
828			<tr>
829	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT Traversal"); ?></td>
830	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
831			<select name="nat_traversal" class="formselect">
832	2fbb33f1	Carlos Eduardo Ramos	<option value="off" <?php if ($pconfig['nat_traversal'] == "off") echo "selected"; ?>><?=gettext("Disable"); ?></option>
833			<option value="on" <?php if ($pconfig['nat_traversal'] == "on") echo "selected"; ?>><?=gettext("Enable"); ?></option>
834			<option value="force" <?php if ($pconfig['nat_traversal'] == "force") echo "selected"; ?>><?=gettext("Force"); ?></option>
835	5a3b0d3b	mgrooms	</select>
836	8cd558b6	ayvis	<br />
837	5a3b0d3b	mgrooms	<span class="vexpl">
838	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed, " .
839			"which can help with clients that are behind restrictive firewalls"); ?>.
840	5a3b0d3b	mgrooms	</span>
841			</td>
842			</tr>
843			<tr>
844	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dead Peer Detection"); ?></td>
845	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
846			<input name="dpd_enable" type="checkbox" id="dpd_enable" value="yes" <?php if (isset($pconfig['dpd_enable'])) echo "checked"; ?> onClick="dpdchkbox_change()">
847	8cd558b6	ayvis	<?=gettext("Enable DPD"); ?><br />
848	5a3b0d3b	mgrooms	<div id="opt_dpd">
849	8cd558b6	ayvis	<br />
850	dd5bf424	Scott Ullrich	<input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=htmlspecialchars($pconfig['dpd_delay']);?>">
851	8cd558b6	ayvis	<?=gettext("seconds"); ?><br />
852	5a3b0d3b	mgrooms	<span class="vexpl">
853	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Delay between requesting peer acknowledgement"); ?>.
854	8cd558b6	ayvis	</span><br />
855			<br />
856	dd5bf424	Scott Ullrich	<input name="dpd_maxfail" type="text" class="formfld unknown" id="dpd_maxfail" size="5" value="<?=htmlspecialchars($pconfig['dpd_maxfail']);?>">
857	8cd558b6	ayvis	<?=gettext("retries"); ?><br />
858	5a3b0d3b	mgrooms	<span class="vexpl">
859	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Number of consecutive failures allowed before disconnect"); ?>.
860	5a3b0d3b	mgrooms	</span>
861	8cd558b6	ayvis	<br />
862	5a3b0d3b	mgrooms	</div>
863			</td>
864			</tr>
865			<tr>
866			<td width="22%" valign="top"> </td>
867			<td width="78%">
868			<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
869	e41ec584	Renato Botelho	<input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>">
870	5a3b0d3b	mgrooms	<?php endif; ?>
871			<?php if ($pconfig['mobile']): ?>
872			<input name="mobile" type="hidden" value="true">
873			<?php endif; ?>
874	dd5bf424	Scott Ullrich	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>">
875	2fbb33f1	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
876	5a3b0d3b	mgrooms	</td>
877			</tr>
878			</table>
879			</div>
880			</td>
881			</tr>
882			</table>
883	a93e56c5	Matthew Grooms	</form>
884	5a3b0d3b	mgrooms
885	a93e56c5	Matthew Grooms	<script lannguage="JavaScript">
886			<!--
887			<?php
888			/* determine if we should init the key length */
889			$keyset = '';
890			if (isset($pconfig['ealgo']['keylen']))
891			if (is_numeric($pconfig['ealgo']['keylen']))
892			$keyset = $pconfig['ealgo']['keylen'];
893			?>
894	3462a529	Matthew Grooms	myidsel_change();
895			peeridsel_change();
896	a93e56c5	Matthew Grooms	methodsel_change();
897			ealgosel_change(<?=$keyset;?>);
898			dpdchkbox_change();
899			//-->
900			</script>
901			<?php include("fend.inc"); ?>
902	3462a529	Matthew Grooms	</body>
903			</html>

Project

General

Profile

pfSense