/usr/local/www/vpn_ipsec_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_edit.php @ 102239f9

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2			<?php
3			/*
4			vpn_ipsec_edit.php
5	e2411886	Scott Ullrich	part of m0n0wall (http://m0n0.ch/wall)
6
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8	cfc707f7	Scott Ullrich	All rights reserved.
9	e2411886	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	e2411886	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	e2411886	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	e2411886	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32			require("guiconfig.inc");
33
34			if (!is_array($config['ipsec']['tunnel'])) {
35			$config['ipsec']['tunnel'] = array();
36			}
37			$a_ipsec = &$config['ipsec']['tunnel'];
38
39			$specialsrcdst = explode(" ", "lan");
40
41			$id = $_GET['id'];
42			if (isset($_POST['id']))
43			$id = $_POST['id'];
44	e2411886	Scott Ullrich
45	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id]) {
46			$pconfig['disabled'] = isset($a_ipsec[$id]['disabled']);
47	9f8018c2	Scott Ullrich	$pconfig['auto'] = isset($a_ipsec[$id]['auto']);
48	c8e8de6f	Scott Ullrich
49	5b237745	Scott Ullrich	if (!isset($a_ipsec[$id]['local-subnet']))
50			$pconfig['localnet'] = "lan";
51			else
52	94420171	Scott Ullrich	address_to_pconfig_vpn($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']);
53	e2411886	Scott Ullrich
54	5b237745	Scott Ullrich	if ($a_ipsec[$id]['interface'])
55			$pconfig['interface'] = $a_ipsec[$id]['interface'];
56			else
57			$pconfig['interface'] = "wan";
58	e2411886	Scott Ullrich
59	5b237745	Scott Ullrich	list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']);
60			$pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway'];
61			$pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode'];
62	e2411886	Scott Ullrich
63	5b237745	Scott Ullrich	if (isset($a_ipsec[$id]['p1']['myident']['myaddress']))
64			$pconfig['p1myidentt'] = 'myaddress';
65			else if (isset($a_ipsec[$id]['p1']['myident']['address'])) {
66			$pconfig['p1myidentt'] = 'address';
67			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['address'];
68			} else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) {
69			$pconfig['p1myidentt'] = 'fqdn';
70			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn'];
71			} else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) {
72			$pconfig['p1myidentt'] = 'user_fqdn';
73			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
74	52e5d56a	Scott Ullrich	} else if (isset($a_ipsec[$id]['p1']['myident']['dyn_dns'])) {
75			$pconfig['p1myidentt'] = 'dyn_dns';
76			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['dyn_dns'];
77			}
78	e2411886	Scott Ullrich
79	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
80			$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
81			$pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
82			$pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
83	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = $a_ipsec[$id]['p1']['authentication_method'];
84	5b237745	Scott Ullrich	$pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
85	e2411886	Scott Ullrich	$pconfig['p1cert'] = base64_decode($a_ipsec[$id]['p1']['cert']);
86			$pconfig['p1peercert'] = base64_decode($a_ipsec[$id]['p1']['peercert']);
87			$pconfig['p1privatekey'] = base64_decode($a_ipsec[$id]['p1']['private-key']);
88	5b237745	Scott Ullrich	$pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
89			$pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
90			$pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
91			$pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup'];
92			$pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime'];
93			$pconfig['descr'] = $a_ipsec[$id]['descr'];
94	e2411886	Scott Ullrich
95	5b237745	Scott Ullrich	} else {
96			/* defaults */
97			$pconfig['interface'] = "wan";
98			$pconfig['localnet'] = "lan";
99			$pconfig['p1mode'] = "aggressive";
100			$pconfig['p1myidentt'] = "myaddress";
101	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = "pre_shared_key";
102	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = "3des";
103			$pconfig['p1halgo'] = "sha1";
104			$pconfig['p1dhgroup'] = "2";
105			$pconfig['p2proto'] = "esp";
106			$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael");
107			$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
108			$pconfig['p2pfsgroup'] = "0";
109	e2411886	Scott Ullrich	$pconfig['remotebits'] = 32;
110	5b237745	Scott Ullrich	}
111
112			if ($_POST) {
113			if (is_specialnet($_POST['localnettype'])) {
114			$_POST['localnet'] = $_POST['localnettype'];
115			$_POST['localnetmask'] = 0;
116			} else if ($_POST['localnettype'] == "single") {
117			$_POST['localnetmask'] = 32;
118			}
119	e2411886	Scott Ullrich
120	5b237745	Scott Ullrich	unset($input_errors);
121			$pconfig = $_POST;
122
123			/* input validation */
124	e2411886	Scott Ullrich	if ($_POST['p1authentication_method'] == "pre_shared_key") {
125			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
126			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
127			}
128			else {
129			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p2ealgos p2halgos");
130			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,P2 Encryption Algorithms,P2 Hash Algorithms");
131			if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1cert'], "END CERTIFICATE"))
132			$input_errors[] = "This certificate does not appear to be valid.";
133			if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY"))
134			$input_errors[] = "This key does not appear to be valid.";
135			if ($_POST['p1peercert']!="" && (!strstr($_POST['p1peercert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1peercert'], "END CERTIFICATE")))
136			$input_errors[] = "This peer certificate does not appear to be valid.";
137			}
138
139	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
140	e2411886	Scott Ullrich
141	5b237745	Scott Ullrich	if (!is_specialnet($_POST['localnettype'])) {
142			if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) {
143			$input_errors[] = "A valid local network IP address must be specified.";
144			}
145			if (($_POST['localnetmask'] && !is_numeric($_POST['localnetmask']))) {
146			$input_errors[] = "A valid local network bit count must be specified.";
147			}
148			}
149			if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
150			$input_errors[] = "The P1 lifetime must be an integer.";
151			}
152			if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
153			$input_errors[] = "The P2 lifetime must be an integer.";
154			}
155	e2411886	Scott Ullrich	if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) \|\| ($_POST['remotebits'] < 0) \|\| ($_POST['remotebits'] > 32))) {
156	5b237745	Scott Ullrich	$input_errors[] = "The remote network bits are invalid.";
157			}
158			if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet']))) {
159			$input_errors[] = "A valid remote network address must be specified.";
160			}
161			if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) {
162			$input_errors[] = "A valid remote gateway address must be specified.";
163			}
164			if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) {
165			$input_errors[] = "A valid IP address for 'My identifier' must be specified.";
166			}
167			if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
168			$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
169			}
170			if ($_POST['p1myidentt'] == "user_fqdn") {
171			$ufqdn = explode("@",$_POST['p1myident']);
172	e2411886	Scott Ullrich	if (!is_domain($ufqdn[1]))
173	5b237745	Scott Ullrich	$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
174	52e5d56a	Scott Ullrich	}
175			if ($_POST['p1myidentt'] == "dyn_dns") {
176			$dyn_dns = explode("@",$_POST['p1myident']);
177	41c649df	Scott Ullrich	//if (!is_domain($dyn_dns[1]))
178			//$input_errors[] = "A valid Dynamic DNS address for 'My identifier' must be specified.";
179	5b237745	Scott Ullrich	}
180	e2411886	Scott Ullrich
181	5b237745	Scott Ullrich	if ($_POST['p1myidentt'] == "myaddress")
182			$_POST['p1myident'] = "";
183
184			if (!$input_errors) {
185			$ipsecent['disabled'] = $_POST['disabled'] ? true : false;
186	9f8018c2	Scott Ullrich	$ipsecent['auto'] = $_POST['auto'] ? true : false;
187	5b237745	Scott Ullrich	$ipsecent['interface'] = $pconfig['interface'];
188			pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
189			$ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
190			$ipsecent['remote-gateway'] = $_POST['remotegw'];
191			$ipsecent['p1']['mode'] = $_POST['p1mode'];
192	e2411886	Scott Ullrich
193	5b237745	Scott Ullrich	$ipsecent['p1']['myident'] = array();
194			switch ($_POST['p1myidentt']) {
195			case 'myaddress':
196			$ipsecent['p1']['myident']['myaddress'] = true;
197			break;
198			case 'address':
199			$ipsecent['p1']['myident']['address'] = $_POST['p1myident'];
200			break;
201			case 'fqdn':
202			$ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
203			break;
204			case 'user_fqdn':
205			$ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
206			break;
207	52e5d56a	Scott Ullrich	case 'dyn_dns':
208			$ipsecent['p1']['myident']['dyn_dns'] = $_POST['p1myident'];
209			break;
210	5b237745	Scott Ullrich	}
211	e2411886	Scott Ullrich
212	5b237745	Scott Ullrich	$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
213			$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
214			$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
215			$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
216			$ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
217	e2411886	Scott Ullrich	$ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']);
218			$ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']);
219			$ipsecent['p1']['peercert'] = base64_encode($_POST['p1peercert']);
220			$ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method'];
221	5b237745	Scott Ullrich	$ipsecent['p2']['protocol'] = $_POST['p2proto'];
222			$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
223			$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
224			$ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
225			$ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
226			$ipsecent['descr'] = $_POST['descr'];
227	e2411886	Scott Ullrich
228	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id])
229			$a_ipsec[$id] = $ipsecent;
230			else
231			$a_ipsec[] = $ipsecent;
232	e2411886	Scott Ullrich
233	5b237745	Scott Ullrich	write_config();
234			touch($d_ipsecconfdirty_path);
235	e2411886	Scott Ullrich
236	5b237745	Scott Ullrich	header("Location: vpn_ipsec.php");
237			exit;
238			}
239			}
240	4df96eff	Scott Ullrich
241	b128368a	Bill Marquette	$pgtitle = "VPN: IPsec: Edit tunnel";
242	4df96eff	Scott Ullrich	include("head.inc");
243
244	5b237745	Scott Ullrich	?>
245	422f27c0	Scott Ullrich
246			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
247	e2411886	Scott Ullrich	<?php include("fbegin.inc"); ?>
248	b128368a	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
249	5b237745	Scott Ullrich	<script language="JavaScript">
250			<!--
251			function typesel_change() {
252			switch (document.iform.localnettype.selectedIndex) {
253			case 0: /* single */
254			document.iform.localnet.disabled = 0;
255			document.iform.localnetmask.value = "";
256			document.iform.localnetmask.disabled = 1;
257			break;
258			case 1: /* network */
259			document.iform.localnet.disabled = 0;
260			document.iform.localnetmask.disabled = 0;
261			break;
262			default:
263			document.iform.localnet.value = "";
264			document.iform.localnet.disabled = 1;
265			document.iform.localnetmask.value = "";
266			document.iform.localnetmask.disabled = 1;
267			break;
268			}
269			}
270	e2411886	Scott Ullrich	function methodsel_change() {
271			switch (document.iform.p1authentication_method.selectedIndex) {
272			case 1: /* rsa */
273			document.iform.p1pskey.disabled = 1;
274			document.iform.p1privatekey.disabled = 0;
275			document.iform.p1cert.disabled = 0;
276			document.iform.p1peercert.disabled = 0;
277			break;
278			default: /* pre-shared */
279			document.iform.p1pskey.disabled = 0;
280			document.iform.p1privatekey.disabled = 1;
281			document.iform.p1cert.disabled = 1;
282			document.iform.p1peercert.disabled = 1;
283			break;
284			}
285			}
286	5b237745	Scott Ullrich	//-->
287			</script>
288			<?php if ($input_errors) print_input_errors($input_errors); ?>
289			<form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
290	ef97ce1b	Bill Marquette	<?display_topbar()?>
291	5b237745	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
292	e2411886	Scott Ullrich	<tr>
293	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Mode</td>
294			<td width="78%" class="vtable"> Tunnel</td>
295			</tr>
296	e2411886	Scott Ullrich	<tr>
297	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Disabled</td>
298	e2411886	Scott Ullrich	<td width="78%" class="vtable">
299	5b237745	Scott Ullrich	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
300			<strong>Disable this tunnel</strong><br>
301			<span class="vexpl">Set this option to disable this tunnel without
302			removing it from the list.</span></td>
303			</tr>
304	9f8018c2	Scott Ullrich	<tr>
305	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Auto-establish</td>
306	e2411886	Scott Ullrich	<td width="78%" class="vtable">
307	5b237745	Scott Ullrich	<input name="auto" type="checkbox" id="auto" value="yes" <?php if ($pconfig['auto']) echo "checked"; ?>>
308			<strong>Automatically establish this tunnel</strong><br>
309			<span class="vexpl">Set this option to automatically re-establish this tunnel after reboots/reconfigures. If this is not set, the tunnel is established on demand.</span></td>
310	9f8018c2	Scott Ullrich	</tr>
311	e2411886	Scott Ullrich	<tr>
312	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
313	e2411886	Scott Ullrich	<td width="78%" class="vtable"><select name="interface" class="formfld">
314	5b237745	Scott Ullrich	<?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
315			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
316			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
317			}
318			foreach ($interfaces as $iface => $ifacename): ?>
319	e2411886	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
320	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
321			</option>
322			<?php endforeach; ?>
323			</select> <br>
324			<span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td>
325			</tr>
326	e2411886	Scott Ullrich	<tr>
327	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local subnet</td>
328	e2411886	Scott Ullrich	<td width="78%" class="vtable">
329	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
330	e2411886	Scott Ullrich	<tr>
331	5b237745	Scott Ullrich	<td>Type:  </td>
332	e2411886	Scott Ullrich	<td></td>
333	5b237745	Scott Ullrich	<td><select name="localnettype" class="formfld" onChange="typesel_change()">
334			<?php $sel = is_specialnet($pconfig['localnet']); ?>
335	e2411886	Scott Ullrich	<option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
336	5b237745	Scott Ullrich	Single host</option>
337	e2411886	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
338	5b237745	Scott Ullrich	Network</option>
339	e2411886	Scott Ullrich	<option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
340	5b237745	Scott Ullrich	LAN subnet</option>
341			</select></td>
342			</tr>
343	e2411886	Scott Ullrich	<tr>
344	5b237745	Scott Ullrich	<td>Address:  </td>
345	e2411886	Scott Ullrich	<td><?=$mandfldhtmlspc;?></td>
346	5b237745	Scott Ullrich	<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
347	e2411886	Scott Ullrich	/
348	5b237745	Scott Ullrich	<select name="localnetmask" class="formfld" id="localnetmask">
349	e2411886	Scott Ullrich	<?php for ($i = 31; $i >= 0; $i--): ?>
350	5b237745	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
351			<?=$i;?>
352			</option>
353			<?php endfor; ?>
354			</select> </td>
355			</tr>
356			</table></td>
357			</tr>
358	e2411886	Scott Ullrich	<tr>
359	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote subnet</td>
360	e2411886	Scott Ullrich	<td width="78%" class="vtable">
361			<?=$mandfldhtml;?><input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
362			/
363	5b237745	Scott Ullrich	<select name="remotebits" class="formfld" id="remotebits">
364	e2411886	Scott Ullrich	<?php for ($i = 32; $i >= 0; $i--): ?>
365			<option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
366	5b237745	Scott Ullrich	<?=$i;?>
367			</option>
368			<?php endfor; ?>
369			</select></td>
370			</tr>
371	e2411886	Scott Ullrich	<tr>
372	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote gateway</td>
373	e2411886	Scott Ullrich	<td width="78%" class="vtable">
374			<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
375	5b237745	Scott Ullrich	<br>
376			Enter the public IP address of the remote gateway</td>
377			</tr>
378	e2411886	Scott Ullrich	<tr>
379	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
380	e2411886	Scott Ullrich	<td width="78%" class="vtable">
381			<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
382			<br> <span class="vexpl">You may enter a description here
383	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
384			</tr>
385	e2411886	Scott Ullrich	<tr>
386	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
387			</tr>
388	e2411886	Scott Ullrich	<tr>
389			<td colspan="2" valign="top" class="listtopic">Phase 1 proposal
390	5b237745	Scott Ullrich	(Authentication)</td>
391			</tr>
392	e2411886	Scott Ullrich	<tr>
393	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
394			<td width="78%" class="vtable">
395	e2411886	Scott Ullrich	<select name="p1mode" class="formfld">
396	5b237745	Scott Ullrich	<?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
397	e2411886	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
398	5b237745	Scott Ullrich	<?=htmlspecialchars($mode);?>
399			</option>
400			<?php endforeach; ?>
401	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">Aggressive is faster, but
402	5b237745	Scott Ullrich	less secure.</span></td>
403			</tr>
404	e2411886	Scott Ullrich	<tr>
405	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">My identifier</td>
406			<td width="78%" class="vtable">
407	e2411886	Scott Ullrich	<select name="p1myidentt" class="formfld">
408	5b237745	Scott Ullrich	<?php foreach ($my_identifier_list as $mode => $modename): ?>
409	e2411886	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
410	5b237745	Scott Ullrich	<?=htmlspecialchars($modename);?>
411			</option>
412			<?php endforeach; ?>
413	e2411886	Scott Ullrich	</select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
414	5b237745	Scott Ullrich	</td>
415			</tr>
416	e2411886	Scott Ullrich	<tr>
417	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
418			<td width="78%" class="vtable">
419	e2411886	Scott Ullrich	<select name="p1ealgo" class="formfld">
420	5b237745	Scott Ullrich	<?php foreach ($p1_ealgos as $algo => $algoname): ?>
421	e2411886	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
422	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
423			</option>
424			<?php endforeach; ?>
425	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
426	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
427			</tr>
428	e2411886	Scott Ullrich	<tr>
429	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
430			<td width="78%" class="vtable">
431	e2411886	Scott Ullrich	<select name="p1halgo" class="formfld">
432	5b237745	Scott Ullrich	<?php foreach ($p1_halgos as $algo => $algoname): ?>
433	e2411886	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
434	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
435			</option>
436			<?php endforeach; ?>
437	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
438	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
439			</tr>
440	e2411886	Scott Ullrich	<tr>
441	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">DH key group</td>
442			<td width="78%" class="vtable">
443	e2411886	Scott Ullrich	<select name="p1dhgroup" class="formfld">
444	5b237745	Scott Ullrich	<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
445	e2411886	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
446	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroup);?>
447			</option>
448			<?php endforeach; ?>
449	e2411886	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
450	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em><br>
451			Must match the setting chosen on the remote side. </span></td>
452			</tr>
453	e2411886	Scott Ullrich	<tr>
454	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
455	e2411886	Scott Ullrich	<td width="78%" class="vtable">
456	5b237745	Scott Ullrich	<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
457			seconds</td>
458			</tr>
459	e2411886	Scott Ullrich	<tr>
460			<td width="22%" valign="top" class="vncellreq">Authentication method</td>
461	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
462	e2411886	Scott Ullrich	<select name="p1authentication_method" class="formfld" onChange="methodsel_change()">
463			<?php foreach ($p1_authentication_methods as $method => $methodname): ?>
464			<option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>>
465			<?=htmlspecialchars($methodname);?>
466			</option>
467			<?php endforeach; ?>
468			</select> <br> <span class="vexpl">Must match the setting
469			chosen on the remote side.</span></td>
470			</tr>
471			<tr>
472			<td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
473			<td width="78%" class="vtable">
474			<?=$mandfldhtml;?><input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
475	5b237745	Scott Ullrich	</td>
476			</tr>
477	e2411886	Scott Ullrich	<tr>
478			<td width="22%" valign="top" class="vncellreq">Certificate</td>
479			<td width="78%" class="vtable">
480			<textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea>
481			<br>
482			Paste a certificate in X.509 PEM format here.</td>
483			</tr>
484			<tr>
485			<td width="22%" valign="top" class="vncellreq">Key</td>
486			<td width="78%" class="vtable">
487			<textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea>
488			<br>
489			Paste an RSA private key in PEM format here.</td>
490			</tr>
491			<tr>
492			<td width="22%" valign="top" class="vncell">Peer certificate</td>
493			<td width="78%" class="vtable">
494			<textarea name="p1peercert" cols="65" rows="7" id="p1peercert" class="formpre"><?=htmlspecialchars($pconfig['p1peercert']);?></textarea>
495			<br>
496			Paste the peer X.509 certificate in PEM format here.<br>
497			Leave this blank if you want to use a CA certificate for identity validation.</td>
498			</tr>
499			<tr>
500	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
501			</tr>
502	e2411886	Scott Ullrich	<tr>
503			<td colspan="2" valign="top" class="listtopic">Phase 2 proposal
504	5b237745	Scott Ullrich	(SA/Key Exchange)</td>
505			</tr>
506	e2411886	Scott Ullrich	<tr>
507	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
508			<td width="78%" class="vtable">
509	e2411886	Scott Ullrich	<select name="p2proto" class="formfld">
510	5b237745	Scott Ullrich	<?php foreach ($p2_protos as $proto => $protoname): ?>
511	e2411886	Scott Ullrich	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
512	5b237745	Scott Ullrich	<?=htmlspecialchars($protoname);?>
513			</option>
514			<?php endforeach; ?>
515	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">ESP is encryption, AH is
516	5b237745	Scott Ullrich	authentication only </span></td>
517			</tr>
518	e2411886	Scott Ullrich	<tr>
519	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
520	e2411886	Scott Ullrich	<td width="78%" class="vtable">
521	5b237745	Scott Ullrich	<?php foreach ($p2_ealgos as $algo => $algoname): ?>
522	e2411886	Scott Ullrich	<input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
523	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
524	e2411886	Scott Ullrich	<br>
525	5b237745	Scott Ullrich	<?php endforeach; ?>
526			<br>
527	e2411886	Scott Ullrich	Hint: use 3DES for best compatibility or if you have a hardware
528			crypto accelerator card. Blowfish is usually the fastest in
529	5b237745	Scott Ullrich	software encryption. </td>
530			</tr>
531	e2411886	Scott Ullrich	<tr>
532	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
533	e2411886	Scott Ullrich	<td width="78%" class="vtable">
534	5b237745	Scott Ullrich	<?php foreach ($p2_halgos as $algo => $algoname): ?>
535	e2411886	Scott Ullrich	<input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
536	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
537	e2411886	Scott Ullrich	<br>
538	5b237745	Scott Ullrich	<?php endforeach; ?>
539			</td>
540			</tr>
541	e2411886	Scott Ullrich	<tr>
542	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">PFS key group</td>
543			<td width="78%" class="vtable">
544	e2411886	Scott Ullrich	<select name="p2pfsgroup" class="formfld">
545	5b237745	Scott Ullrich	<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
546	e2411886	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
547	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroupname);?>
548			</option>
549			<?php endforeach; ?>
550	e2411886	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
551	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em></span></td>
552			</tr>
553	e2411886	Scott Ullrich	<tr>
554	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
555	e2411886	Scott Ullrich	<td width="78%" class="vtable">
556	5b237745	Scott Ullrich	<input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
557			seconds</td>
558			</tr>
559	e2411886	Scott Ullrich	<tr>
560	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
561	e2411886	Scott Ullrich	<td width="78%">
562			<input name="Submit" type="submit" class="formbtn" value="Save">
563	5b237745	Scott Ullrich	<?php if (isset($id) && $a_ipsec[$id]): ?>
564	e2411886	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
565	5b237745	Scott Ullrich	<?php endif; ?>
566			</td>
567			</tr>
568			</table>
569			</form>
570			<script language="JavaScript">
571			<!--
572			typesel_change();
573	e2411886	Scott Ullrich	methodsel_change();
574	5b237745	Scott Ullrich	//-->
575			</script>
576			<?php include("fend.inc"); ?>
577	94420171	Scott Ullrich
578
579			<?php
580
581			function address_to_pconfig_vpn($adr, &$padr, &$pmask) {
582
583			if ($adr['network'])
584			$padr = $adr['network'];
585			else if ($adr['address']) {
586			list($padr, $pmask) = explode("/", $adr['address']);
587			if (is_null($pmask))
588			$pmask = 32;
589			}
590			}
591
592	b128368a	Bill Marquette	?>

Project

General

Profile

pfSense