/src/usr/local/www/vpn_ipsec.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/vpn_ipsec.php @ 18e5d0ce

1	5b237745	Scott Ullrich	<?php
2			/*
3			vpn_ipsec.php
4			*/
5	30fdf440	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7	191cb31d	Stephen Beaver	*
8			* Some or all of this file is based on the m0n0wall project which is
9			* Copyright (c) 2004 Manuel Kasper (BSD 2 clause)
10	30fdf440	Stephen Beaver	*
11			* Redistribution and use in source and binary forms, with or without modification,
12			* are permitted provided that the following conditions are met:
13			*
14			* 1. Redistributions of source code must retain the above copyright notice,
15			* this list of conditions and the following disclaimer.
16			*
17			* 2. Redistributions in binary form must reproduce the above copyright
18			* notice, this list of conditions and the following disclaimer in
19			* the documentation and/or other materials provided with the
20			* distribution.
21			*
22			* 3. All advertising materials mentioning features or use of this software
23			* must display the following acknowledgment:
24			* "This product includes software developed by the pfSense Project
25			* for use in the pfSense software distribution. (http://www.pfsense.org/).
26			*
27			* 4. The names "pfSense" and "pfSense Project" must not be used to
28			* endorse or promote products derived from this software without
29			* prior written permission. For written permission, please contact
30			* coreteam@pfsense.org.
31			*
32			* 5. Products derived from this software may not be called "pfSense"
33			* nor may "pfSense" appear in their names without prior written
34			* permission of the Electric Sheep Fencing, LLC.
35			*
36			* 6. Redistributions of any form whatsoever must retain the following
37			* acknowledgment:
38			*
39			* "This product includes software developed by the pfSense Project
40			* for use in the pfSense software distribution (http://www.pfsense.org/).
41			*
42			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
43			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
44			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
45			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
46			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
47			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
48			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
49			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
51			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
52			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
53			* OF THE POSSIBILITY OF SUCH DAMAGE.
54			*
55			* ====================================================================
56			*
57			*/
58	5b237745	Scott Ullrich
59	6b07c15a	Matthew Grooms	##\|+PRIV
60			##\|*IDENT=page-vpn-ipsec
61			##\|*NAME=VPN: IPsec page
62			##\|*DESCR=Allow access to the 'VPN: IPsec' page.
63			##\|MATCH=vpn_ipsec.php
64			##\|-PRIV
65
66	5b237745	Scott Ullrich	require("guiconfig.inc");
67	7a927e67	Scott Ullrich	require_once("functions.inc");
68			require_once("filter.inc");
69			require_once("shaper.inc");
70	483e6de8	Scott Ullrich	require_once("ipsec.inc");
71			require_once("vpn.inc");
72	5b237745	Scott Ullrich
73	a1d55e81	Phil Davis	if (!is_array($config['ipsec']['phase1'])) {
74	a93e56c5	Matthew Grooms	$config['ipsec']['phase1'] = array();
75	a1d55e81	Phil Davis	}
76	a93e56c5	Matthew Grooms
77	a1d55e81	Phil Davis	if (!is_array($config['ipsec']['phase2'])) {
78	a93e56c5	Matthew Grooms	$config['ipsec']['phase2'] = array();
79	a1d55e81	Phil Davis	}
80	a93e56c5	Matthew Grooms
81			$a_phase1 = &$config['ipsec']['phase1'];
82			$a_phase2 = &$config['ipsec']['phase2'];
83
84	5b237745	Scott Ullrich	$pconfig['enable'] = isset($config['ipsec']['enable']);
85
86			if ($_POST) {
87	1b6b7fc4	Stephen Beaver
88	5b237745	Scott Ullrich	if ($_POST['apply']) {
89			$retval = 0;
90	3851094f	Scott Ullrich	$retval = vpn_ipsec_configure();
91	04b46591	Ermal Lu?i	/* reload the filter in the background */
92			filter_configure();
93	5b237745	Scott Ullrich	$savemsg = get_std_save_message($retval);
94	d17c7b79	jim-p	if ($retval >= 0) {
95	a1d55e81	Phil Davis	if (is_subsystem_dirty('ipsec')) {
96	a368a026	Ermal Lu?i	clear_subsystem_dirty('ipsec');
97	a1d55e81	Phil Davis	}
98	5b237745	Scott Ullrich	}
99	30fdf440	Stephen Beaver	} else if ($_POST['submit'] == 'Save') {
100	5b237745	Scott Ullrich	$pconfig = $_POST;
101	574a2b47	Scott Ullrich
102	5b237745	Scott Ullrich	$config['ipsec']['enable'] = $_POST['enable'] ? true : false;
103	c20acc35	Scott Ullrich
104	5b237745	Scott Ullrich	write_config();
105	9fad9848	jim-p
106			$retval = vpn_ipsec_configure();
107	135ad35b	Sander van Leeuwen	} else if (isset($_POST['del'])) {
108	eca6f787	Renato Botelho	/* delete selected p1 entries */
109			if (is_array($_POST['p1entry']) && count($_POST['p1entry'])) {
110			foreach ($_POST['p1entry'] as $p1entrydel) {
111			unset($a_phase1[$p1entrydel]);
112			}
113	a1d55e81	Phil Davis	if (write_config()) {
114	eca6f787	Renato Botelho	mark_subsystem_dirty('ipsec');
115	a1d55e81	Phil Davis	}
116	eca6f787	Renato Botelho	}
117	135ad35b	Sander van Leeuwen	} else if (isset($_POST['delp2'])) {
118	761882a1	Renato Botelho	/* delete selected p2 entries */
119			if (is_array($_POST['p2entry']) && count($_POST['p2entry'])) {
120			foreach ($_POST['p2entry'] as $p2entrydel) {
121			unset($a_phase2[$p2entrydel]);
122			}
123	a1d55e81	Phil Davis	if (write_config()) {
124	761882a1	Renato Botelho	mark_subsystem_dirty('ipsec');
125	a1d55e81	Phil Davis	}
126	761882a1	Renato Botelho	}
127	eca6f787	Renato Botelho	} else {
128			/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
129	5ddd7e7b	Sander van Leeuwen
130			// TODO: this. is. nasty.
131	495c7f0c	Renato Botelho	unset($delbtn, $delbtnp2, $movebtn, $movebtnp2, $togglebtn, $togglebtnp2);
132	eca6f787	Renato Botelho	foreach ($_POST as $pn => $pd) {
133	5ddd7e7b	Sander van Leeuwen	if (preg_match("/del_(\d+)/", $pn, $matches)) {
134	495c7f0c	Renato Botelho	$delbtn = $matches[1];
135	5ddd7e7b	Sander van Leeuwen	} else if (preg_match("/delp2_(\d+)/", $pn, $matches)) {
136	495c7f0c	Renato Botelho	$delbtnp2 = $matches[1];
137	5ddd7e7b	Sander van Leeuwen	} else if (preg_match("/move_(\d+)/", $pn, $matches)) {
138	eca6f787	Renato Botelho	$movebtn = $matches[1];
139	5ddd7e7b	Sander van Leeuwen	} else if (preg_match("/movep2_(\d+)/", $pn, $matches)) {
140	495c7f0c	Renato Botelho	$movebtnp2 = $matches[1];
141	5ddd7e7b	Sander van Leeuwen	} else if (preg_match("/toggle_(\d+)/", $pn, $matches)) {
142	495c7f0c	Renato Botelho	$togglebtn = $matches[1];
143	5ddd7e7b	Sander van Leeuwen	} else if (preg_match("/togglep2_(\d+)/", $pn, $matches)) {
144	495c7f0c	Renato Botelho	$togglebtnp2 = $matches[1];
145	eca6f787	Renato Botelho	}
146			}
147	495c7f0c	Renato Botelho
148			$save = 1;
149
150	eca6f787	Renato Botelho	/* move selected p1 entries before this */
151			if (isset($movebtn) && is_array($_POST['p1entry']) && count($_POST['p1entry'])) {
152			$a_phase1_new = array();
153
154			/* copy all p1 entries < $movebtn and not selected */
155			for ($i = 0; $i < $movebtn; $i++) {
156	a1d55e81	Phil Davis	if (!in_array($i, $_POST['p1entry'])) {
157	eca6f787	Renato Botelho	$a_phase1_new[] = $a_phase1[$i];
158	a1d55e81	Phil Davis	}
159	eca6f787	Renato Botelho	}
160
161			/* copy all selected p1 entries */
162			for ($i = 0; $i < count($a_phase1); $i++) {
163	a1d55e81	Phil Davis	if ($i == $movebtn) {
164	eca6f787	Renato Botelho	continue;
165	a1d55e81	Phil Davis	}
166			if (in_array($i, $_POST['p1entry'])) {
167	eca6f787	Renato Botelho	$a_phase1_new[] = $a_phase1[$i];
168	a1d55e81	Phil Davis	}
169	eca6f787	Renato Botelho	}
170
171			/* copy $movebtn p1 entry */
172	a1d55e81	Phil Davis	if ($movebtn < count($a_phase1)) {
173	eca6f787	Renato Botelho	$a_phase1_new[] = $a_phase1[$movebtn];
174	a1d55e81	Phil Davis	}
175	eca6f787	Renato Botelho
176			/* copy all p1 entries > $movebtn and not selected */
177			for ($i = $movebtn+1; $i < count($a_phase1); $i++) {
178	a1d55e81	Phil Davis	if (!in_array($i, $_POST['p1entry'])) {
179	eca6f787	Renato Botelho	$a_phase1_new[] = $a_phase1[$i];
180	a1d55e81	Phil Davis	}
181	eca6f787	Renato Botelho	}
182	a1d55e81	Phil Davis	if (count($a_phase1_new) > 0) {
183	eca6f787	Renato Botelho	$a_phase1 = $a_phase1_new;
184	a1d55e81	Phil Davis	}
185	eca6f787	Renato Botelho
186	495c7f0c	Renato Botelho	} else if (isset($movebtnp2) && is_array($_POST['p2entry']) && count($_POST['p2entry'])) {
187			/* move selected p2 entries before this */
188	761882a1	Renato Botelho	$a_phase2_new = array();
189
190	495c7f0c	Renato Botelho	/* copy all p2 entries < $movebtnp2 and not selected */
191			for ($i = 0; $i < $movebtnp2; $i++) {
192	a1d55e81	Phil Davis	if (!in_array($i, $_POST['p2entry'])) {
193	761882a1	Renato Botelho	$a_phase2_new[] = $a_phase2[$i];
194	a1d55e81	Phil Davis	}
195	761882a1	Renato Botelho	}
196
197			/* copy all selected p2 entries */
198			for ($i = 0; $i < count($a_phase2); $i++) {
199	a1d55e81	Phil Davis	if ($i == $movebtnp2) {
200	761882a1	Renato Botelho	continue;
201	a1d55e81	Phil Davis	}
202			if (in_array($i, $_POST['p2entry'])) {
203	761882a1	Renato Botelho	$a_phase2_new[] = $a_phase2[$i];
204	a1d55e81	Phil Davis	}
205	761882a1	Renato Botelho	}
206
207	495c7f0c	Renato Botelho	/* copy $movebtnp2 p2 entry */
208	a1d55e81	Phil Davis	if ($movebtnp2 < count($a_phase2)) {
209	495c7f0c	Renato Botelho	$a_phase2_new[] = $a_phase2[$movebtnp2];
210	a1d55e81	Phil Davis	}
211	761882a1	Renato Botelho
212	495c7f0c	Renato Botelho	/* copy all p2 entries > $movebtnp2 and not selected */
213			for ($i = $movebtnp2+1; $i < count($a_phase2); $i++) {
214	a1d55e81	Phil Davis	if (!in_array($i, $_POST['p2entry'])) {
215	761882a1	Renato Botelho	$a_phase2_new[] = $a_phase2[$i];
216	a1d55e81	Phil Davis	}
217	761882a1	Renato Botelho	}
218	a1d55e81	Phil Davis	if (count($a_phase2_new) > 0) {
219	761882a1	Renato Botelho	$a_phase2 = $a_phase2_new;
220	a1d55e81	Phil Davis	}
221	761882a1	Renato Botelho
222	495c7f0c	Renato Botelho	} else if (isset($togglebtn)) {
223	a1d55e81	Phil Davis	if (isset($a_phase1[$togglebtn]['disabled'])) {
224	495c7f0c	Renato Botelho	unset($a_phase1[$togglebtn]['disabled']);
225	a1d55e81	Phil Davis	} else {
226	495c7f0c	Renato Botelho	$a_phase1[$togglebtn]['disabled'] = true;
227	a1d55e81	Phil Davis	}
228	495c7f0c	Renato Botelho	} else if (isset($togglebtnp2)) {
229	a1d55e81	Phil Davis	if (isset($a_phase2[$togglebtnp2]['disabled'])) {
230	495c7f0c	Renato Botelho	unset($a_phase2[$togglebtnp2]['disabled']);
231	a1d55e81	Phil Davis	} else {
232	495c7f0c	Renato Botelho	$a_phase2[$togglebtnp2]['disabled'] = true;
233	a1d55e81	Phil Davis	}
234	495c7f0c	Renato Botelho	} else if (isset($delbtn)) {
235			/* remove static route if interface is not WAN */
236	a1d55e81	Phil Davis	if ($a_phase1[$delbtn]['interface'] <> "wan") {
237	495c7f0c	Renato Botelho	mwexec("/sbin/route delete -host {$a_phase1[$delbtn]['remote-gateway']}");
238	a1d55e81	Phil Davis	}
239	eca6f787	Renato Botelho
240	495c7f0c	Renato Botelho	/* remove all phase2 entries that match the ikeid */
241			$ikeid = $a_phase1[$delbtn]['ikeid'];
242	a1d55e81	Phil Davis	foreach ($a_phase2 as $p2index => $ph2tmp) {
243	495c7f0c	Renato Botelho	if ($ph2tmp['ikeid'] == $ikeid) {
244			unset($a_phase2[$p2index]);
245			}
246	a1d55e81	Phil Davis	}
247	495c7f0c	Renato Botelho	unset($a_phase1[$delbtn]);
248	761882a1	Renato Botelho
249	495c7f0c	Renato Botelho	} else if (isset($delbtnp2)) {
250			unset($a_phase2[$delbtnp2]);
251	761882a1	Renato Botelho
252	a1d55e81	Phil Davis	} else {
253	495c7f0c	Renato Botelho	$save = 0;
254	a1d55e81	Phil Davis	}
255	495c7f0c	Renato Botelho
256			if ($save === 1) {
257	a1d55e81	Phil Davis	if (write_config()) {
258	495c7f0c	Renato Botelho	mark_subsystem_dirty('ipsec');
259	a1d55e81	Phil Davis	}
260	495c7f0c	Renato Botelho	}
261			}
262	5b237745	Scott Ullrich	}
263	4df96eff	Scott Ullrich
264	6c07db48	Phil Davis	$pgtitle = array(gettext("VPN"), gettext("IPsec"));
265	b32dd0a6	jim-p	$shortcut_section = "ipsec";
266	6deedfde	jim-p
267	4df96eff	Scott Ullrich	include("head.inc");
268
269	761e41a1	Stephen Beaver	$tab_array = array();
270			$tab_array[] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
271			$tab_array[] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
272			$tab_array[] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
273			$tab_array[] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
274			display_top_tabs($tab_array);
275	53d4b84d	Scott Ullrich	?>
276	422f27c0	Scott Ullrich
277	eca6f787	Renato Botelho	<script type="text/javascript" src="/javascript/row_toggle.js"></script>
278	5ddd7e7b	Sander van Leeuwen
279	323d040b	Scott Ullrich	<?php
280	a1d55e81	Phil Davis	if ($savemsg) {
281	7d7b35b9	Stephen Beaver	print_info_box($savemsg, 'success');
282	a1d55e81	Phil Davis	}
283	7d7b35b9	Stephen Beaver
284	a1d55e81	Phil Davis	if ($pconfig['enable'] && is_subsystem_dirty('ipsec')) {
285	8cd558b6	ayvis	print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));
286	a1d55e81	Phil Davis	}
287	574a2b47	Scott Ullrich	?>
288	5ddd7e7b	Sander van Leeuwen
289	1b6b7fc4	Stephen Beaver	<form name="mainform" method="post">
290	30fdf440	Stephen Beaver	<input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked=\"checked\"";?> />  <?=gettext("Enable IPsec")?><br /><br />
291			<input name="submit" type="submit" class="btn btn-sm btn-primary" value="<?=gettext("Save"); ?>" /><br /><br />
292
293			<div class="panel panel-default">
294			<div class="panel-heading"><h2 class="panel-title"><?=gettext('IPSec tunnels')?></h2></div>
295			<div class="panel-body table-responsive">
296			<table class="table table-striped table-hover">
297			<thead>
298			<tr>
299			<th> </th>
300			<th> </th>
301	1b6b7fc4	Stephen Beaver	<th><?=gettext("IKE")?></th>
302			<th><?=gettext("Remote Gateway")?></th>
303			<th><?=gettext("Mode")?></th>
304			<th><?=gettext("P1 Protocol")?></th>
305			<th><?=gettext("P1 Transforms")?></th>
306			<th><?=gettext("P1 Description")?></th>
307			<th><?=gettext("Actions")?></th>
308	30fdf440	Stephen Beaver	</tr>
309			</thead>
310	1d770fc7	Stephen Beaver	<tbody class="p1-entries">
311	5ddd7e7b	Sander van Leeuwen	<?php $i = 0; foreach ($a_phase1 as $ph1ent): ?>
312	e0fb12c1	Renato Botelho	<?php
313	5ddd7e7b	Sander van Leeuwen	$iconfn = "pass";
314
315			$entryStatus = (isset($ph1ent['disabled']) ? 'disabled' : 'enabled');
316
317			if ($entryStatus == 'disabled') {
318			$iconfn .= "_d";
319			}
320	e0fb12c1	Renato Botelho	?>
321	1b6b7fc4	Stephen Beaver	<tr id="fr<?=$i?>" onclick="fr_toggle(<?=$i?>)" id="frd<?=$i?>" ondblclick="document.location='vpn_ipsec_phase1.php?p1index=<?=$i?>'" class="<?= $entryStatus ?>">
322	30fdf440	Stephen Beaver	<td>
323			<input type="checkbox" id="frc<?=$i?>" name="p1entry[]" value="<?=$i?>" onclick="fr_bgcolor('<?=$i?>')" />
324	7abe8b3e	Stephen Beaver	<a class="fa fa-anchor" id="Xmove_<?=$i?>" title="<?=gettext("Move checked entries to here")?>"></a>
325	30fdf440	Stephen Beaver	</td>
326			<td>
327			<button value="toggle_<?=$i?>" name="toggle_<?=$i?>" title="<?=gettext("click to toggle enabled/disabled status")?>" class="btn btn-xs btn-default" type="submit"><?= ($entryStatus == 'disabled' ? 'enable' : 'disable') ?></button>
328			</td>
329			<td onclick="fr_toggle(<?=$i?>)" id="frd<?=$i?>">
330	e0fb12c1	Renato Botelho	<?php
331	5ddd7e7b	Sander van Leeuwen	if (empty($ph1ent['iketype']) \|\| $ph1ent['iketype'] == "ikev1")
332			echo "V1";
333			else
334			echo "V2";
335	e0fb12c1	Renato Botelho	?>
336	30fdf440	Stephen Beaver	</td>
337	1b6b7fc4	Stephen Beaver	<td>
338	e0fb12c1	Renato Botelho	<?php
339	5ddd7e7b	Sander van Leeuwen	if ($ph1ent['interface']) {
340			$iflabels = get_configured_interface_with_descr();
341
342			$carplist = get_configured_carp_interface_list();
343			foreach ($carplist as $cif => $carpip)
344			$iflabels[$cif] = $carpip." (".get_vip_descr($carpip).")";
345
346			$aliaslist = get_configured_ip_aliases_list();
347			foreach ($aliaslist as $aliasip => $aliasif)
348			$iflabels[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
349
350			$grouplist = return_gateway_groups_array();
351			foreach ($grouplist as $name => $group) {
352			if($group[0]['vip'] != "")
353			$vipif = $group[0]['vip'];
354			else
355			$vipif = $group[0]['int'];
356			$iflabels[$name] = "GW Group {$name}";
357			}
358			$if = htmlspecialchars($iflabels[$ph1ent['interface']]);
359			}
360			else
361			$if = "WAN";
362
363			if (!isset($ph1ent['mobile']))
364			echo $if."<br />".$ph1ent['remote-gateway'];
365			else
366			echo $if."<br /><strong>" . gettext("Mobile Client") . "</strong>";
367	e0fb12c1	Renato Botelho	?>
368	c5b3bb01	Stephen Beaver	</td>
369			<td onclick="fr_toggle(<?=$i?>)" id="frd<?=$i?>">
370	135ad35b	Sander van Leeuwen	<?=$spans?>
371			<?php
372			if (empty($ph1ent['iketype']) \|\| $ph1ent['iketype'] == "ikev1")
373			echo "{$ph1ent['mode']}";
374			?>
375			<?=$spane?>
376			</td>
377			<td onclick="fr_toggle(<?=$i?>)" id="frd<?=$i?>">
378			<?=$p1_ealgos[$ph1ent['encryption-algorithm']['name']]['name']?>
379	e0fb12c1	Renato Botelho	<?php
380	5ddd7e7b	Sander van Leeuwen	if ($ph1ent['encryption-algorithm']['keylen']) {
381			if ($ph1ent['encryption-algorithm']['keylen']=="auto")
382			echo " (" . gettext("auto") . ")";
383			else
384			echo " ({$ph1ent['encryption-algorithm']['keylen']} " . gettext("bits") . ")";
385			}
386	e0fb12c1	Renato Botelho	?>
387	30fdf440	Stephen Beaver	</td>
388			<td>
389			<?=$p1_halgos[$ph1ent['hash-algorithm']]?>
390			</td>
391			<td>
392			<?=htmlspecialchars($ph1ent['descr'])?>
393			</td>
394	1b6b7fc4	Stephen Beaver	<td style="cursor: pointer;">
395	7abe8b3e	Stephen Beaver	<!-- <a class="fa fa-anchor" id="Xmove_<?=$i?>" title="<?=gettext("Move checked entries to here")?>"></a> -->
396	1b6b7fc4	Stephen Beaver	<button style="display: none;" class="btn btn-default btn-xs" type="submit" id="move_<?=$i?>" name="move_<?=$i?>" value="move_<?=$i?>"><?=gettext("Move checked entries to here")?></button>
397			<a class="fa fa-pencil" href="vpn_ipsec_phase1.php?p1index=<?=$i?>" title="<?=gettext("Edit phase1 entry"); ?>"></a>
398			<?php if (!isset($ph1ent['mobile'])): ?>
399			<a class="fa fa-clone" href="vpn_ipsec_phase1.php?dup=<?=$i?>" title="<?=gettext("Copy phase1 entry"); ?>"></a>
400			<?php endif; ?>
401	33f0b0d5	Stephen Beaver	<a class="fa fa-trash no-confirm" id="Xdel_<?=$i?>" title="<?=gettext('Delete phase1 entry'); ?>"></a>
402	1b6b7fc4	Stephen Beaver	<button style="display: none;" class="btn btn-xs btn-warning" type="submit" id="del_<?=$i?>" name="del_<?=$i?>" value="del_<?=$i?>" title="<?=gettext('Delete phase1 entry'); ?>">delete</button>
403
404	30fdf440	Stephen Beaver	</td>
405			</tr>
406			<tr class="<?= $entryStatus ?>">
407			<td colspan="2"></td>
408			<td colspan="7" class="contains-table">
409	e0fb12c1	Renato Botelho	<?php
410	5ddd7e7b	Sander van Leeuwen	if (isset($_POST["tdph2-{$i}-visible"]))
411			$tdph2_visible = htmlspecialchars($_POST["tdph2-{$i}-visible"]);
412			else
413			$tdph2_visible = 0;
414	e0fb12c1	Renato Botelho	?>
415	c5b3bb01	Stephen Beaver	<input type="hidden" name="tdph2-<?=$i?>-visible" id="tdph2-<?=$i?>-visible" value="<?=$tdph2_visible?>" />
416			<div id="shph2but-<?=$i?>" <?=($tdph2_visible == '1' ? 'style="display:none"' : '')?>>
417	91ebc808	Renato Botelho	<?php
418	5ddd7e7b	Sander van Leeuwen	$phase2count=0;
419	7d7b35b9	Stephen Beaver
420	5ddd7e7b	Sander van Leeuwen	foreach ($a_phase2 as $ph2ent) {
421			if ($ph2ent['ikeid'] != $ph1ent['ikeid'])
422			continue;
423			$phase2count++;
424			}
425			$fr_prefix = "frp2{$i}";
426			$fr_header = $fr_prefix . "header";
427	91ebc808	Renato Botelho	?>
428	c5b3bb01	Stephen Beaver	<input type="button" onclick="show_phase2('tdph2-<?=$i?>','shph2but-<?=$i?>')" value="+" /> - <?php printf(gettext("Show %s Phase-2 entries"), $phase2count); ?>
429			</div>
430			<div id="tdph2-<?=$i?>" <?=($tdph2_visible != '1' ? 'style="display:none"' : '')?>>
431			<table class="table table-striped table-hover">
432			<thead>
433			<tr>
434			<th> </th>
435			<th> </th>
436			<th><?=gettext("Mode"); ?></th>
437			<th><?=gettext("Local Subnet"); ?></th>
438			<th><?=gettext("Remote Subnet"); ?></th>
439			<th><?=gettext("P2 Protocol"); ?></th>
440			<th><?=gettext("P2 Transforms"); ?></th>
441			<th><?=gettext("P2 Auth Methods"); ?></th>
442			<th><?=gettext("P2 actions")?></th>
443			</tr>
444			</thead>
445			<tbody class="p2-entries">
446	5ddd7e7b	Sander van Leeuwen	<?php $j = 0; foreach ($a_phase2 as $ph2index => $ph2ent): ?>
447	e0fb12c1	Renato Botelho	<?php
448	5ddd7e7b	Sander van Leeuwen	if ($ph2ent['ikeid'] != $ph1ent['ikeid'])
449			continue;
450
451			$fr_c = $fr_prefix . "c" . $j;
452			$fr_d = $fr_prefix . "d" . $j;
453
454			$iconfn = "pass";
455			$entryStatus = (isset($ph2ent['disabled']) \|\| isset($ph1ent['disabled']) ? 'disabled' : 'enabled');
456
457			if ($entryStatus == 'disabled')
458			$iconfn .= "_d";
459
460	e0fb12c1	Renato Botelho	?>
461	c5b3bb01	Stephen Beaver	<tr id="<?=$fr_prefix . $j?>" ondblclick="document.location='vpn_ipsec_phase2.php?p2index=<?=$ph2ent['uniqid']?>'" class="<?= $entryStatus ?>">
462			<td>
463			<input type="checkbox" id="<?=$fr_c?>" name="p2entry[]" value="<?=$ph2index?>" onclick="fr_bgcolor('<?=$j?>', '<?=$fr_prefix?>')" />
464	7abe8b3e	Stephen Beaver	<button class="fa fa-anchor button-icon" type="submit" name="movep2_<?=$j?>" value="movep2_<?=$j?>" title="<?=gettext("Move checked P2s here")?>"></button>
465	c5b3bb01	Stephen Beaver	</td>
466			<td>
467			<button value="togglep2_<?=$ph2index?>" name="togglep2_<?=$ph2index?>" title="<?=gettext("click to toggle enabled/disabled status")?>" class="btn btn-xs btn-default" type="submit"><?= ($entryStatus == 'disabled'? 'enable' : 'disable') ?></button>
468			</td>
469			<td id="<?=$fr_d?>" onclick="fr_toggle('<?=$j?>', '<?=$fr_prefix?>')">
470			<?=$ph2ent['mode']?>
471			</td>
472	5ddd7e7b	Sander van Leeuwen	<?php if(($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == "tunnel6")): ?>
473	c5b3bb01	Stephen Beaver	<td id="<?=$fr_d?>" onclick="fr_toggle('<?=$j?>', '<?=$fr_prefix?>')">
474			<?=ipsec_idinfo_to_text($ph2ent['localid']); ?>
475			</td>
476			<td id="<?=$fr_d?>" onclick="fr_toggle('<?=$j?>', '<?=$fr_prefix?>')">
477			<?=ipsec_idinfo_to_text($ph2ent['remoteid']); ?>
478			</td>
479			<?php else: ?>
480			<td colspan="2"></td>
481	5ddd7e7b	Sander van Leeuwen	<?php endif; ?>
482	c5b3bb01	Stephen Beaver	<td id="<?=$fr_d?>" onclick="fr_toggle('<?=$j?>', '<?=$fr_prefix?>')">
483			<?=$p2_protos[$ph2ent['protocol']]; ?>
484			</td>
485			<td id="<?=$fr_d?>" onclick="fr_toggle('<?=$j?>', '<?=$fr_prefix?>')">
486	e0fb12c1	Renato Botelho	<?php
487	5ddd7e7b	Sander van Leeuwen	foreach ($ph2ent['encryption-algorithm-option'] as $k => $ph2ea) {
488			if ($k)
489			echo ", ";
490			echo $p2_ealgos[$ph2ea['name']]['name'];
491			if ($ph2ea['keylen']) {
492			if ($ph2ea['keylen']=="auto")
493			echo " (" . gettext("auto") . ")";
494			else
495			echo " ({$ph2ea['keylen']} " . gettext("bits") . ")";
496	761882a1	Renato Botelho	}
497	5ddd7e7b	Sander van Leeuwen	}
498	e0fb12c1	Renato Botelho	?>
499	c5b3bb01	Stephen Beaver	</td>
500			<td id="<?=$fr_d?>" onclick="fr_toggle('<?=$j?>', '<?=$fr_prefix?>')">
501	e0fb12c1	Renato Botelho	<?php
502	5ddd7e7b	Sander van Leeuwen	if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) {
503			foreach ($ph2ent['hash-algorithm-option'] as $k => $ph2ha) {
504			if ($k)
505			echo ", ";
506			echo $p2_halgos[$ph2ha];
507			}
508			}
509	e0fb12c1	Renato Botelho	?>
510	c5b3bb01	Stephen Beaver	</td>
511			<td style="cursor: pointer;">
512	7abe8b3e	Stephen Beaver	<!-- <button class="fa fa-anchor button-icon" type="submit" name="movep2_<?=$j?>" value="movep2_<?=$j?>" title="<?=gettext("Move checked P2s here")?>"></button> -->
513	c5b3bb01	Stephen Beaver	<a class="fa fa-pencil" href="vpn_ipsec_phase2.php?p2index=<?=$ph2ent['uniqid']?>" title="<?=gettext("Edit phase2 entry"); ?>"></a>
514			<a class="fa fa-clone" href="vpn_ipsec_phase2.php?dup=<?=$ph2ent['uniqid']?>" title="<?=gettext("Add a new Phase 2 based on this one"); ?>"></a>
515			<a class="fa fa-trash no-confirm" id="Xdelp2_<?=$i?>" title="<?=gettext('Delete phase2 entry'); ?>"></a>
516			<button style="display: none;" class="btn btn-xs btn-warning" type="submit" id="delp2_<?=$ph2index?>" name="delp2_<?=$ph2index?>" value="delp2_<?=$ph2index?>" title="<?=gettext('delete phase2 entry'); ?>">delete</button>
517			</td>
518			</tr>
519	5ddd7e7b	Sander van Leeuwen	<?php $j++; endforeach; ?>
520	c5b3bb01	Stephen Beaver	<tr>
521			<td></td>
522			<td>
523			<a class="btn btn-xs btn-success" href="vpn_ipsec_phase2.php?ikeid=<?=$ph1ent['ikeid']?><?php if (isset($ph1ent['mobile'])) echo "&mobile=true"?>">
524			<i class="fa fa-plus icon-embed-btn"></i>
525			<?=gettext("Add P2")?>
526			</a>
527	30fdf440	Stephen Beaver	</td>
528	c5b3bb01	Stephen Beaver	<td colspan="8"></td>
529	30fdf440	Stephen Beaver	</tr>
530			</tbody>
531			</table>
532			</div>
533			</td>
534			</tr>
535	761882a1	Renato Botelho	<?php
536	135ad35b	Sander van Leeuwen	$i++;
537	30fdf440	Stephen Beaver	endforeach; // $a_phase1 as $ph1ent
538	761882a1	Renato Botelho	?>
539	c5b3bb01	Stephen Beaver	</tbody>
540			</table>
541			</div>
542	30fdf440	Stephen Beaver	</div>
543	5ddd7e7b	Sander van Leeuwen
544	c5b3bb01	Stephen Beaver	<nav class="action-buttons">
545	1b6b7fc4	Stephen Beaver	<?php
546			/*
547			if ($i !== 0): ?>
548	135ad35b	Sander van Leeuwen	<input type="submit" name="move_<?=$i?>" class="btn btn-default" value="<?=gettext("move selected phase1 entries to end")?>" />
549	1b6b7fc4	Stephen Beaver	<?php endif;
550			*/
551			?>
552	c5b3bb01	Stephen Beaver	<a href="vpn_ipsec_phase1.php" class="btn btn-success btn-sm">
553			<i class="fa fa-plus icon-embed-btn"></i>
554			<?=gettext("Add P1")?>
555			</a>
556	135ad35b	Sander van Leeuwen	<?php if ($i !== 0): ?>
557	c5b3bb01	Stephen Beaver	<button type="submit" name="del" class="btn btn-danger btn-sm" value="<?=gettext("Delete selected P1s")?>">
558			<i class="fa fa-trash icon-embed-btn"></i>
559			<?=gettext("Delete P1s")?>
560			</button>
561	135ad35b	Sander van Leeuwen	<?php endif; ?>
562	c5b3bb01	Stephen Beaver	</nav>
563	5b237745	Scott Ullrich	</form>
564	5ddd7e7b	Sander van Leeuwen
565	33f0b0d5	Stephen Beaver	<div id="infoblock">
566			<?=print_info_box('<strong>' . gettext("Note:") . '</strong><br />' .
567			gettext("You can check your IPsec status at ") . '<a href="diag_ipsec.php">' . gettext("Status:IPsec") . '</a>.<br />' .
568			gettext("IPsec Debug Mode can be enabled at ") . '<a href="vpn_ipsec_settings.php">' .gettext("VPN:IPsec:Advanced Settings") . '</a>.<br />' .
569			gettext("IPsec can be set to prefer older SAs at ") . '<a href="vpn_ipsec_settings.php">' . gettext("VPN:IPsec:Advanced Settings") . '</a>', info)?>
570	5ddd7e7b	Sander van Leeuwen	</div>
571
572	0a95b653	Scott Ullrich	<script type="text/javascript">
573	391453a1	Colin Fleming	//<![CDATA[
574	0a95b653	Scott Ullrich	function show_phase2(id, buttonid) {
575			document.getElementById(buttonid).innerHTML='';
576	91ebc808	Renato Botelho	document.getElementById(id).style.display = "block";
577			var visible = id + '-visible';
578			document.getElementById(visible).value = "1";
579	0a95b653	Scott Ullrich	}
580	1d770fc7	Stephen Beaver
581			events.push(function() {
582	1b6b7fc4	Stephen Beaver	$('[id^=Xmove_]').click(function (event) {
583			$('#' + event.target.id.slice(1)).click();
584			});
585
586			$('[id^=Xdel_]').click(function (event) {
587			if(confirm("<?=gettext('Are you sure you wish to delete this P1 entry?')?>")) {
588			$('#' + event.target.id.slice(1)).click();
589			}
590			});
591
592			$('[id^=Xdelp2_]').click(function (event) {
593			if(confirm("<?=gettext('Are you sure you wish to delete this P2 entry?')?>")) {
594			$('#' + event.target.id.slice(1)).click();
595			}
596			});
597	1d770fc7	Stephen Beaver	});
598	391453a1	Colin Fleming	//]]>
599	8a251ec2	Chris Buechler	</script>
600	1b6b7fc4	Stephen Beaver
601			<?php
602			include("foot.inc");

Project

General

Profile

pfSense