/usr/local/www/vpn_ipsec_phase2.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase2.php @ 0d5c21f7

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase2.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase2
34			##\|*NAME=VPN: IPsec: Edit Phase 2 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
36			##\|MATCH=vpn_ipsec_phase2.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44	3462a529	Matthew Grooms	if (!is_array($config['ipsec']['client']))
45			$config['ipsec']['client'] = array();
46
47			$a_client = &$config['ipsec']['client'];
48
49	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase2']))
50			$config['ipsec']['phase2'] = array();
51
52			$a_phase2 = &$config['ipsec']['phase2'];
53
54			$p2index = $_GET['p2index'];
55			if (isset($_POST['p2index']))
56			$p2index = $_POST['p2index'];
57
58			if (isset($_GET['dup']))
59			$p2index = $_GET['dup'];
60
61			if (isset($p2index) && $a_phase2[$p2index])
62			{
63			$pconfig['ikeid'] = $a_phase2[$p2index]['ikeid'];
64			$pconfig['disabled'] = isset($a_phase2[$p2index]['disabled']);
65	4b96b367	mgrooms	$pconfig['mode'] = $a_phase2[$p2index]['mode'];
66	a93e56c5	Matthew Grooms	$pconfig['descr'] = $a_phase2[$p2index]['descr'];
67	e92fb875	Seth Mos	$old_ph2ent = $a_phase2[$p2index];
68	a93e56c5	Matthew Grooms
69			idinfo_to_pconfig("local",$a_phase2[$p2index]['localid'],$pconfig);
70			idinfo_to_pconfig("remote",$a_phase2[$p2index]['remoteid'],$pconfig);
71
72			$pconfig['proto'] = $a_phase2[$p2index]['protocol'];
73			ealgos_to_pconfig($a_phase2[$p2index]['encryption-algorithm-option'],$pconfig);
74			$pconfig['halgos'] = $a_phase2[$p2index]['hash-algorithm-option'];
75			$pconfig['pfsgroup'] = $a_phase2[$p2index]['pfsgroup'];
76			$pconfig['lifetime'] = $a_phase2[$p2index]['lifetime'];
77	87e07f52	mgrooms	$pconfig['pinghost'] = $a_phase2[$p2index]['pinghost'];
78	3462a529	Matthew Grooms
79			if (isset($a_phase2[$p2index]['mobile']))
80			$pconfig['mobile'] = true;
81	a93e56c5	Matthew Grooms	}
82			else
83			{
84			$pconfig['ikeid'] = $_GET['ikeid'];
85
86			/* defaults */
87			$pconfig['localid_type'] = "lan";
88			$pconfig['remoteid_type'] = "network";
89			$pconfig['proto'] = "esp";
90			$pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes");
91			$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
92			$pconfig['pfsgroup'] = "0";
93			$pconfig['lifetime'] = "3600";
94	3462a529	Matthew Grooms
95			/* mobile client */
96			if($_GET['mobile'])
97			$pconfig['mobile']=true;
98	a93e56c5	Matthew Grooms	}
99
100			if (isset($_GET['dup']))
101			unset($p2index);
102
103			if ($_POST) {
104
105			unset($input_errors);
106			$pconfig = $_POST;
107
108			if (!isset( $_POST['ikeid']))
109	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid ikeid must be specified.");
110	a93e56c5	Matthew Grooms
111			/* input validation */
112	3462a529	Matthew Grooms	$reqdfields = explode(" ", "localid_type halgos");
113	123929e0	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Local network type"),gettext("P2 Hash Algorithms"));
114	3462a529	Matthew Grooms	if (!isset($pconfig['mobile'])){
115			$reqdfields[] = "remoteid_type";
116	123929e0	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote network type");
117	3462a529	Matthew Grooms	}
118	a93e56c5	Matthew Grooms
119			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
120
121	4b96b367	mgrooms	if($pconfig['mode'] == "tunnel")
122			{
123			switch ($pconfig['localid_type']) {
124			case "network":
125	184d50b5	Ermal Lu?i	if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) \|\| !is_numeric($pconfig['localid_netbits']))
126	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network bit count must be specified.");
127	4b96b367	mgrooms	case "address":
128			if (!$pconfig['localid_address'] \|\| !is_ipaddr($pconfig['localid_address']))
129	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network IP address must be specified.");
130	4b96b367	mgrooms	break;
131			}
132	a93e56c5	Matthew Grooms
133	4b96b367	mgrooms	switch ($pconfig['remoteid_type']) {
134			case "network":
135	184d50b5	Ermal Lu?i	if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) \|\| !is_numeric($pconfig['remoteid_netbits']))
136	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network bit count must be specified.");
137	4b96b367	mgrooms	case "address":
138			if (!$pconfig['remoteid_address'] \|\| !is_ipaddr($pconfig['remoteid_address']))
139	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network IP address must be specified.");
140	4b96b367	mgrooms	break;
141			}
142	a93e56c5	Matthew Grooms	}
143
144	563b47bf	smos	/* TODO : Validate enabled phase2's are not duplicates */
145	a93e56c5	Matthew Grooms
146	3462a529	Matthew Grooms	$ealgos = pconfig_to_ealgos($pconfig);
147
148	a93e56c5	Matthew Grooms	if (!count($ealgos)) {
149	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("At least one encryption algorithm must be selected.");
150	a93e56c5	Matthew Grooms	}
151			if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
152	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("The P2 lifetime must be an integer.");
153	a93e56c5	Matthew Grooms	}
154
155			if (!$input_errors) {
156	3462a529	Matthew Grooms
157			$ph2ent['ikeid'] = $pconfig['ikeid'];
158	4b96b367	mgrooms	$ph2ent['mode'] = $pconfig['mode'];
159	3462a529	Matthew Grooms	$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
160
161	4b96b367	mgrooms	if($ph2ent['mode'] == "tunnel") {
162			$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
163			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
164			}
165	3462a529	Matthew Grooms
166			$ph2ent['protocol'] = $pconfig['proto'];
167	a93e56c5	Matthew Grooms	$ph2ent['encryption-algorithm-option'] = $ealgos;
168	3462a529	Matthew Grooms	$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
169			$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
170			$ph2ent['lifetime'] = $pconfig['lifetime'];
171	87e07f52	mgrooms	$ph2ent['pinghost'] = $pconfig['pinghost'];
172	3462a529	Matthew Grooms	$ph2ent['descr'] = $pconfig['descr'];
173
174			if (isset($pconfig['mobile']))
175			$ph2ent['mobile'] = true;
176	a93e56c5	Matthew Grooms
177			if (isset($p2index) && $a_phase2[$p2index])
178			$a_phase2[$p2index] = $ph2ent;
179			else
180			$a_phase2[] = $ph2ent;
181
182	e92fb875	Seth Mos
183			/* now we need to find all phase2 entries for this host */
184			if(is_array($ph2ent)) {
185			ipsec_lookup_phase1($ph2ent, $ph1ent);
186			$old_ph1ent = $ph1ent;
187	563b47bf	smos	$old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']);
188	e92fb875	Seth Mos	reload_tunnel_spd_policy ($ph1ent, $ph2ent, $old_ph1ent, $old_ph2ent);
189			}
190
191	a93e56c5	Matthew Grooms	write_config();
192	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
193	a93e56c5	Matthew Grooms
194			header("Location: vpn_ipsec.php");
195			exit;
196			}
197			}
198
199	3462a529	Matthew Grooms	if ($pconfig['mobile'])
200	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
201	3462a529	Matthew Grooms	else
202	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
203	6deedfde	jim-p	$statusurl = "diag_ipsec.php";
204			$logurl = "diag_logs_ipsec.php";
205
206	3462a529	Matthew Grooms
207	a93e56c5	Matthew Grooms	include("head.inc");
208
209			?>
210
211			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
212			<?php include("fbegin.inc"); ?>
213			<script language="JavaScript">
214			<!--
215	4b96b367	mgrooms
216			function change_mode() {
217			index = document.iform.mode.selectedIndex;
218			value = document.iform.mode.options[index].value;
219			if (value == 'tunnel') {
220			document.getElementById('opt_localid').style.display = '';
221	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
222	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = '';
223	71880c96	pierrepomes	<?php endif; ?>
224	4b96b367	mgrooms	} else {
225			document.getElementById('opt_localid').style.display = 'none';
226	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
227	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = 'none';
228	71880c96	pierrepomes	<?php endif; ?>
229	4b96b367	mgrooms	}
230			}
231
232	a93e56c5	Matthew Grooms	function typesel_change_local(bits) {
233
234	744187e8	pierrepomes	if (typeof(bits)=="undefined")
235	a93e56c5	Matthew Grooms	bits = 24;
236
237			switch (document.iform.localid_type.selectedIndex) {
238			case 0: /* single */
239			document.iform.localid_address.disabled = 0;
240			document.iform.localid_netbits.value = 0;
241			document.iform.localid_netbits.disabled = 1;
242			break;
243			case 1: /* network */
244			document.iform.localid_address.disabled = 0;
245			document.iform.localid_netbits.value = bits;
246			document.iform.localid_netbits.disabled = 0;
247			break;
248	63017a73	Ermal Lu?i	case 3: /* none */
249			document.iform.localid_address.disabled = 1;
250			document.iform.localid_netbits.disabled = 1;
251			break;
252	a93e56c5	Matthew Grooms	default:
253			document.iform.localid_address.value = "";
254			document.iform.localid_address.disabled = 1;
255			document.iform.localid_netbits.value = 0;
256			document.iform.localid_netbits.disabled = 1;
257			break;
258			}
259			}
260	3462a529	Matthew Grooms
261	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
262	3462a529	Matthew Grooms
263	a93e56c5	Matthew Grooms	function typesel_change_remote(bits) {
264
265	744187e8	pierrepomes	if (typeof(bits)=="undefined")
266	a93e56c5	Matthew Grooms	bits = 24;
267
268			switch (document.iform.remoteid_type.selectedIndex) {
269			case 0: /* single */
270			document.iform.remoteid_address.disabled = 0;
271			document.iform.remoteid_netbits.value = 0;
272			document.iform.remoteid_netbits.disabled = 1;
273			break;
274			case 1: /* network */
275			document.iform.remoteid_address.disabled = 0;
276			document.iform.remoteid_netbits.value = bits;
277			document.iform.remoteid_netbits.disabled = 0;
278			break;
279			default:
280			document.iform.remoteid_address.value = "";
281			document.iform.remoteid_address.disabled = 1;
282			document.iform.remoteid_netbits.value = 0;
283			document.iform.remoteid_netbits.disabled = 1;
284			break;
285			}
286			}
287	3462a529	Matthew Grooms
288			<?php endif; ?>
289
290	4b96b367	mgrooms	function change_protocol() {
291	87e07f52	mgrooms	index = document.iform.proto.selectedIndex;
292			value = document.iform.proto.options[index].value;
293			if (value == 'esp')
294			document.getElementById('opt_enc').style.display = '';
295			else
296			document.getElementById('opt_enc').style.display = 'none';
297			}
298
299	a93e56c5	Matthew Grooms	//-->
300			</script>
301	5a3b0d3b	mgrooms
302			<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
303
304			<?php
305			if ($input_errors)
306			print_input_errors($input_errors);
307			?>
308
309			<table width="100%" border="0" cellpadding="0" cellspacing="0">
310			<tr class="tabnavtbl">
311			<td id="tabnav">
312			<?php
313			$tab_array = array();
314	123929e0	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
315			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
316			$tab_array[2] = array(gettext("Pre-shared keys"), false, "vpn_ipsec_keys.php");
317	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
318			?>
319			</td>
320			</tr>
321			<tr>
322			<td id="mainarea">
323			<div class="tabcont">
324			<table width="100%" border="0" cellpadding="6" cellspacing="0">
325			<tr>
326	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
327	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
328			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
329	123929e0	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase2 entry"); ?></strong>
330	5a3b0d3b	mgrooms	<br>
331	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
332			"removing it from the list"); ?>.
333	5a3b0d3b	mgrooms	</span>
334			</td>
335			</tr>
336			<tr>
337	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
338	4b96b367	mgrooms	<td width="78%" class="vtable">
339			<select name="mode" class="formselect" onChange="change_mode()">
340			<?php
341			foreach($p2_modes as $name => $value):
342			$selected = "";
343			if ($name == $pconfig['mode'])
344			$selected = "selected";
345			?>
346			<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
347			<?php endforeach; ?>
348			</select>
349			</td>
350			</tr>
351			<tr id="opt_localid">
352	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
353	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
354			<table border="0" cellspacing="0" cellpadding="0">
355			<tr>
356	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
357	5a3b0d3b	mgrooms	<td></td>
358			<td>
359			<select name="localid_type" class="formselect" onChange="typesel_change_local()">
360	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected";?>><?=gettext("Address"); ?></option>
361			<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected";?>><?=gettext("Network"); ?></option>
362	d48dbceb	Erik Fonnesbeck	<?php
363			$iflist = get_configured_interface_with_descr();
364			foreach ($iflist as $ifname => $ifdescr):
365			?>
366			<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
367			<?php endforeach; ?>
368	123929e0	Carlos Eduardo Ramos	<option value="none" <?php if ($pconfig['localid_type'] == "none" ) echo "selected";?>><?=gettext("None"); ?></option>
369	5a3b0d3b	mgrooms	</select>
370			</td>
371			</tr>
372			<tr>
373	11c160b0	Rafael Lucas	<td><?=gettext("Address:");?>  </td>
374	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
375			<td>
376	dd5bf424	Scott Ullrich	<input name="localid_address" type="text" class="formfld unknown" id="localid_address" size="20" value="<?=htmlspecialchars($pconfig['localid_address']);?>">
377	5a3b0d3b	mgrooms	/
378			<select name="localid_netbits" class="formselect" id="localid_netbits">
379			<?php for ($i = 32; $i >= 0; $i--): ?>
380			<option value="<?=$i;?>" <?php if ($i == $pconfig['localid_netbits']) echo "selected"; ?>>
381			<?=$i;?>
382			</option>
383			<?php endfor; ?>
384			</select>
385			</td>
386			</tr>
387			</table>
388			</td>
389			</tr>
390
391			<?php if (!isset($pconfig['mobile'])): ?>
392
393	4b96b367	mgrooms	<tr id="opt_remoteid">
394	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
395	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
396			<table border="0" cellspacing="0" cellpadding="0">
397			<tr>
398	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
399	5a3b0d3b	mgrooms	<td></td>
400			<td>
401			<select name="remoteid_type" class="formselect" onChange="typesel_change_remote()">
402	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected"; ?>><?=gettext("Address"); ?></option>
403			<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected"; ?>><?=gettext("Network"); ?></option>
404	5a3b0d3b	mgrooms	</select>
405			</td>
406			</tr>
407			<tr>
408	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Address"); ?>:  </td>
409	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
410			<td>
411	dd5bf424	Scott Ullrich	<input name="remoteid_address" type="text" class="formfld unknown" id="remoteid_address" size="20" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>">
412	5a3b0d3b	mgrooms	/
413			<select name="remoteid_netbits" class="formselect" id="remoteid_netbits">
414	184d50b5	Ermal Lu?i	<?php for ($i = 32; $i >= 0; $i--) {
415
416			echo "<option value=\"{$i}\"";
417			if ($i == $pconfig['remoteid_netbits']) echo " selected";
418			echo ">{$i}</option>\n";
419			} ?>
420	5a3b0d3b	mgrooms	</select>
421			</td>
422			</tr>
423			</table>
424	a93e56c5	Matthew Grooms	</td>
425	5a3b0d3b	mgrooms	</tr>
426
427	3462a529	Matthew Grooms	<?php endif; ?>
428	5a3b0d3b	mgrooms
429			<tr>
430	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
431	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
432			<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
433			<br>
434			<span class="vexpl">
435	123929e0	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
436			"for your reference (not parsed)"); ?>.
437	5a3b0d3b	mgrooms	</span>
438			</td>
439			</tr>
440			<tr>
441			<td colspan="2" class="list" height="12"></td>
442			</tr>
443			<tr>
444			<td colspan="2" valign="top" class="listtopic">
445	123929e0	Carlos Eduardo Ramos	<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
446	5a3b0d3b	mgrooms	</td>
447			</tr>
448			<tr>
449	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
450	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
451	4b96b367	mgrooms	<select name="proto" class="formselect" onChange="change_protocol()">
452	5a3b0d3b	mgrooms	<?php foreach ($p2_protos as $proto => $protoname): ?>
453			<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected"; ?>>
454			<?=htmlspecialchars($protoname);?>
455			</option>
456			<?php endforeach; ?>
457			</select>
458			<br>
459			<span class="vexpl">
460	123929e0	Carlos Eduardo Ramos	<?=gettext("ESP is encryption, AH is authentication only"); ?>
461	5a3b0d3b	mgrooms	</span>
462			</td>
463			</tr>
464	87e07f52	mgrooms	<tr id="opt_enc">
465	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
466	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
467			<table border="0" cellspacing="0" cellpadding="0">
468			<?php
469			foreach ($p2_ealgos as $algo => $algodata):
470			$checked = '';
471			if (in_array($algo,$pconfig['ealgos']))
472			$checked = " checked";
473			?>
474			<tr>
475			<td>
476			<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?>>
477			</td>
478			<td>
479			<?=htmlspecialchars($algodata['name']);?>
480			</td>
481			<td>
482			<?php if(is_array($algodata['keysel'])): ?>
483
484			<select name="keylen_<?=$algo;?>" class="formselect">
485	123929e0	Carlos Eduardo Ramos	<option value="auto"><?=gettext("auto"); ?></option>
486	5a3b0d3b	mgrooms	<?php
487			$key_hi = $algodata['keysel']['hi'];
488			$key_lo = $algodata['keysel']['lo'];
489			$key_step = $algodata['keysel']['step'];
490			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
491			$selected = '';
492			// if ($checked && in_array("keylen_".$algo,$pconfig))
493			if ($keylen == $pconfig["keylen_".$algo])
494			$selected = " selected";
495			?>
496	123929e0	Carlos Eduardo Ramos	<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
497	5a3b0d3b	mgrooms	<?php endfor; ?>
498			</select>
499			<?php endif; ?>
500			</td>
501			</tr>
502
503			<?php endforeach; ?>
504
505			</table>
506			<br>
507	123929e0	Carlos Eduardo Ramos	<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
508			"crypto accelerator card. Blowfish is usually the fastest in " .
509			"software encryption"); ?>.
510	5a3b0d3b	mgrooms	</td>
511			</tr>
512			<tr>
513	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
514	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
515			<?php foreach ($p2_halgos as $algo => $algoname): ?>
516			<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked"; ?>>
517			<?=htmlspecialchars($algoname);?>
518			<br>
519			<?php endforeach; ?>
520			</td>
521			</tr>
522			<tr>
523	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
524	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
525			<?php if (!isset($pconfig['mobile']) \|\| !isset($a_client['pfs_group'])): ?>
526			<select name="pfsgroup" class="formselect">
527			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
528			<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected"; ?>>
529			<?=htmlspecialchars($keygroupname);?>
530			</option>
531			<?php endforeach; ?>
532			</select>
533			<br>
534			<span class="vexpl">
535			<em>
536	123929e0	Carlos Eduardo Ramos	<?=gettext("1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit"); ?>
537	5a3b0d3b	mgrooms	</em>
538			</span>
539
540			<?php else: ?>
541
542			<select class="formselect" disabled>
543			<option selected><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
544			</select>
545	dd5bf424	Scott Ullrich	<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>">
546	5a3b0d3b	mgrooms	<br>
547	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
548	5a3b0d3b	mgrooms	<?php endif; ?>
549			</td>
550			</tr>
551			<tr>
552	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
553	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
554	dd5bf424	Scott Ullrich	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>">
555	123929e0	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
556	5a3b0d3b	mgrooms	</td>
557			</tr>
558	87e07f52	mgrooms	<tr>
559			<td colspan="2" class="list" height="12"></td>
560			</tr>
561			<tr>
562	123929e0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
563	87e07f52	mgrooms	</tr>
564			<tr>
565	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
566	87e07f52	mgrooms	<td width="78%" class="vtable">
567	dd5bf424	Scott Ullrich	<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="20" value="<?=htmlspecialchars($pconfig['pinghost']);?>">
568	123929e0	Carlos Eduardo Ramos	<?=gettext("IP address"); ?>
569	87e07f52	mgrooms	</td>
570			</tr>
571	5a3b0d3b	mgrooms	<tr>
572			<td width="22%" valign="top"> </td>
573			<td width="78%">
574			<?php if (isset($p2index) && $a_phase2[$p2index]): ?>
575			<input name="p2index" type="hidden" value="<?=$p2index;?>">
576			<?php endif; ?>
577			<?php if ($pconfig['mobile']): ?>
578			<input name="mobile" type="hidden" value="true">
579			<input name="remoteid_type" type="hidden" value="mobile">
580			<?php endif; ?>
581	123929e0	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
582	dd5bf424	Scott Ullrich	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>">
583	5a3b0d3b	mgrooms	</td>
584			</tr>
585			</table>
586			</div>
587			</td>
588			</tr>
589			</table>
590	a93e56c5	Matthew Grooms	</form>
591			<script lannguage="JavaScript">
592			<!--
593	dd5bf424	Scott Ullrich	change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
594			change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
595			typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
596	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
597	dd5bf424	Scott Ullrich	typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
598	71880c96	pierrepomes	<?php endif; ?>
599	a93e56c5	Matthew Grooms	//-->
600			</script>
601			<?php include("fend.inc"); ?>
602	3462a529	Matthew Grooms	</body>
603			</html>
604	a93e56c5	Matthew Grooms
605			<?php
606
607	3462a529	Matthew Grooms	/* local utility functions */
608
609	a93e56c5	Matthew Grooms	function pconfig_to_ealgos(& $pconfig) {
610
611			global $p2_ealgos;
612
613			$ealgos = array();
614			foreach ($p2_ealgos as $algo_name => $algo_data) {
615			if (in_array($algo_name,$pconfig['ealgos'])) {
616			$ealg = array();
617			$ealg['name'] = $algo_name;
618			if (is_array($algo_data['keysel']))
619			$ealg['keylen'] = $_POST["keylen_".$algo_name];
620			$ealgos[] = $ealg;
621			}
622			}
623
624			return $ealgos;
625			}
626
627			function ealgos_to_pconfig(& $ealgos,& $pconfig) {
628
629			$pconfig['ealgos'] = array();
630			foreach ($ealgos as $algo_data) {
631			$pconfig['ealgos'][] = $algo_data['name'];
632			if (isset($algo_data['keylen']))
633			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
634			}
635
636			return $ealgos;
637			}
638
639			function pconfig_to_idinfo($prefix,& $pconfig) {
640
641			$type = $pconfig[$prefix."id_type"];
642			$address = $pconfig[$prefix."id_address"];
643			$netbits = $pconfig[$prefix."id_netbits"];
644
645			switch( $type )
646			{
647			case "address":
648			return array('type' => $type, 'address' => $address);
649			case "network":
650			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
651			default:
652			return array('type' => $type );
653			}
654			}
655
656			function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
657
658			switch( $idinfo['type'] )
659			{
660			case "address":
661			$pconfig[$prefix."id_type"] = $idinfo['type'];
662			$pconfig[$prefix."id_address"] = $idinfo['address'];
663			break;
664			case "network":
665			$pconfig[$prefix."id_type"] = $idinfo['type'];
666			$pconfig[$prefix."id_address"] = $idinfo['address'];
667			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
668			break;
669			default:
670			$pconfig[$prefix."id_type"] = $idinfo['type'];
671			break;
672			}
673			}
674
675			?>

Project

General

Profile

pfSense