Project

General

Profile

Download (32.8 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
	vpn_ipsec_phase2.php
4
	part of m0n0wall (http://m0n0.ch/wall)
5

    
6
	Copyright (C) 2008 Shrew Soft Inc
7
	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8
	All rights reserved.
9

    
10
	Redistribution and use in source and binary forms, with or without
11
	modification, are permitted provided that the following conditions are met:
12

    
13
	1. Redistributions of source code must retain the above copyright notice,
14
	   this list of conditions and the following disclaimer.
15

    
16
	2. Redistributions in binary form must reproduce the above copyright
17
	   notice, this list of conditions and the following disclaimer in the
18
	   documentation and/or other materials provided with the distribution.
19

    
20
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29
	POSSIBILITY OF SUCH DAMAGE.
30
*/
31

    
32
##|+PRIV
33
##|*IDENT=page-vpn-ipsec-editphase2
34
##|*NAME=VPN: IPsec: Edit Phase 2 page
35
##|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
36
##|*MATCH=vpn_ipsec_phase2.php*
37
##|-PRIV
38

    
39
require("functions.inc");
40
require("guiconfig.inc");
41
require_once("ipsec.inc");
42
require_once("vpn.inc");
43

    
44
if (!is_array($config['ipsec']['client']))
45
	$config['ipsec']['client'] = array();
46

    
47
$a_client = &$config['ipsec']['client'];
48

    
49
if (!is_array($config['ipsec']['phase2']))
50
	$config['ipsec']['phase2'] = array();
51

    
52
$a_phase2 = &$config['ipsec']['phase2'];
53

    
54
$p2index = $_GET['p2index'];
55
if (isset($_POST['p2index']))
56
	$p2index = $_POST['p2index'];
57

    
58
if (isset($_GET['dup']))
59
	$p2index = $_GET['dup'];
60

    
61
if (isset($p2index) && $a_phase2[$p2index])
62
{
63
	$pconfig['ikeid'] = $a_phase2[$p2index]['ikeid'];
64
	$pconfig['disabled'] = isset($a_phase2[$p2index]['disabled']);
65
	$pconfig['mode'] = $a_phase2[$p2index]['mode'];
66
	$pconfig['descr'] = $a_phase2[$p2index]['descr'];
67
	$old_ph2ent = $a_phase2[$p2index];
68

    
69
	if (!empty($a_phase2[$p2index]['natlocalid']))
70
		idinfo_to_pconfig("natlocal",$a_phase2[$p2index]['natlocalid'],$pconfig);
71
	idinfo_to_pconfig("local",$a_phase2[$p2index]['localid'],$pconfig);
72
	idinfo_to_pconfig("remote",$a_phase2[$p2index]['remoteid'],$pconfig);
73

    
74
	$pconfig['proto'] = $a_phase2[$p2index]['protocol'];
75
	ealgos_to_pconfig($a_phase2[$p2index]['encryption-algorithm-option'],$pconfig);
76
	$pconfig['halgos'] = $a_phase2[$p2index]['hash-algorithm-option'];
77
	$pconfig['pfsgroup'] = $a_phase2[$p2index]['pfsgroup'];
78
	$pconfig['lifetime'] = $a_phase2[$p2index]['lifetime'];
79
	$pconfig['pinghost'] = $a_phase2[$p2index]['pinghost'];
80

    
81
	if (isset($a_phase2[$p2index]['mobile']))
82
		$pconfig['mobile'] = true;
83
}
84
else
85
{
86
	$pconfig['ikeid'] = $_GET['ikeid'];
87

    
88
	/* defaults */
89
	$pconfig['localid_type'] = "lan";
90
	$pconfig['remoteid_type'] = "network";
91
	$pconfig['proto'] = "esp";
92
	$pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes");
93
	$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
94
	$pconfig['pfsgroup'] = "0";
95
	$pconfig['lifetime'] = "3600";
96

    
97
    /* mobile client */
98
    if($_GET['mobile'])
99
        $pconfig['mobile']=true;
100
}
101

    
102
if (isset($_GET['dup']))
103
	unset($p2index);
104

    
105
if ($_POST) {
106

    
107
	unset($input_errors);
108
	$pconfig = $_POST;
109

    
110
	if (!isset( $_POST['ikeid']))
111
		$input_errors[] = gettext("A valid ikeid must be specified.");
112

    
113
	/* input validation */
114
	$reqdfields = explode(" ", "localid_type halgos");
115
	$reqdfieldsn = array(gettext("Local network type"),gettext("P2 Hash Algorithms"));
116
	if (!isset($pconfig['mobile'])){
117
		$reqdfields[] = "remoteid_type";
118
		$reqdfieldsn[] = gettext("Remote network type");
119
	}
120

    
121
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
122

    
123
	if(($pconfig['mode'] == "tunnel") || ($pconfig['mode'] == "tunnel6")) 
124
	{
125
		switch ($pconfig['localid_type']) {
126
			case "network":
127
				if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) || !is_numeric($pconfig['localid_netbits']))
128
					$input_errors[] = gettext("A valid local network bit count must be specified.");
129
			case "address":
130
				if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address']))
131
					$input_errors[] = gettext("A valid local network IP address must be specified.");
132
				elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel"))
133
					$input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6");
134
				elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6"))
135
					$input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4");
136
				break;
137
		}
138
		/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
139
		if (is_array($config['interfaces'][$pconfig['localid_type']])) {
140
			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
141
			$address = get_interface_ip($pconfig['localid_type']);
142
			$netbits = get_interface_subnet($pconfig['localid_type']);
143

    
144
			if (empty($address) || empty($netbits))
145
				$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
146
		}
147

    
148
		if (!empty($pconfig['natlocalid_address'])) {
149
			switch ($pconfig['natlocalid_type']) {
150
				case "network":
151
					if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) || !is_numeric($pconfig['natlocalid_netbits']))
152
						$input_errors[] = gettext("A valid NAT local network bit count must be specified.");
153
					if ($pconfig['localid_type'] == "address")
154
						$input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source."); 
155
				case "address":
156
					if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address']))
157
						$input_errors[] = gettext("A valid NAT local network IP address must be specified.");
158
					elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel"))
159
						$input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6");
160
					elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6"))
161
						$input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4");
162
					break;
163
			}
164

    
165
			if (is_array($config['interfaces'][$pconfig['natlocalid_type']])) {
166
				// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
167
				$address = get_interface_ip($pconfig['natlocalid_type']);
168
				$netbits = get_interface_subnet($pconfig['natlocalid_type']);
169

    
170
				if (empty($address) || empty($netbits))
171
					$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['natlocalid_type']) . " " . gettext("has no subnet.");
172
			}
173
		}
174

    
175
		switch ($pconfig['remoteid_type']) {
176
			case "network":
177
				if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits']))
178
					$input_errors[] = gettext("A valid remote network bit count must be specified.");
179
			case "address":
180
				if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address']))
181
					$input_errors[] = gettext("A valid remote network IP address must be specified.");
182
				elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel"))
183
					$input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6");
184
				elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6"))
185
					$input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4");
186
				break;
187
		}
188
	}
189
	/* Validate enabled phase2's are not duplicates */
190
	if (isset($pconfig['mobile'])){
191
		if (substr($pconfig['mode'], 0, 6) != "tunnel")
192
			$input_errors[] = gettext("Mobile IPsec only supports Tunnel mode.");
193
		/* User is adding phase 2 for mobile phase1 */
194
		foreach($a_phase2 as $key => $name){
195
			if (isset($name['mobile'])){
196
				/* check duplicate localids only for mobile clents */
197
				$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
198
				$entered = array();
199
				$entered['type'] = $pconfig['localid_type'];
200
				if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
201
				if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
202
				$entered_localid_data = ipsec_idinfo_to_cidr($entered, false, $pconfig['mode']);
203
				if ($localid_data == $entered_localid_data){
204
					if (!isset($pconfig['p2index'])){
205
						/* adding new p2 entry */
206
						$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
207
						break;
208
					}else if ($pconfig['p2index'] != $key){
209
						/* editing p2 and entered p2 networks match with different p2 for given p1 */
210
						$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
211
						break;
212
					}
213
				}
214
			}
215
		}
216
	}else{
217
		/* User is adding phase 2 for site-to-site phase1 */
218
		$input_error = 0;
219
		foreach($a_phase2 as $key => $name){
220
			if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){
221
				/* check duplicate subnets only for given phase1 */
222
				$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
223
				$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid'], false, $name['mode']);
224
				$entered_local = array();
225
				$entered_local['type'] = $pconfig['localid_type'];
226
				if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
227
				if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
228
				$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
229
				$entered_remote = array();
230
				$entered_remote['type'] = $pconfig['remoteid_type'];
231
				if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
232
				if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
233
				$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
234
				if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) { 
235
					if (!isset($pconfig['p2index'])){
236
						/* adding new p2 entry */
237
						$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
238
						break;
239
					}else if ($pconfig['p2index'] != $key){
240
						/* editing p2 and entered p2 networks match with different p2 for given p1 */
241
						$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
242
						break;
243
					}
244
				}
245
			}
246
		}
247
        }
248

    
249
	/* For ESP protocol, handle encryption algorithms */
250
	if ( $pconfig['proto'] == "esp") {
251
		$ealgos = pconfig_to_ealgos($pconfig);
252

    
253
		if (!count($ealgos)) {
254
			$input_errors[] = gettext("At least one encryption algorithm must be selected.");
255
		}
256
	}
257
	if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
258
		$input_errors[] = gettext("The P2 lifetime must be an integer.");
259
	}
260

    
261
	if (!$input_errors) {
262

    
263
		$ph2ent['ikeid'] = $pconfig['ikeid'];
264
		$ph2ent['mode'] = $pconfig['mode'];
265
		$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
266

    
267
		if(($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")){
268
			if (!empty($pconfig['natlocalid_address']))
269
				$ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal",$pconfig);
270
			$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
271
			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
272
		}
273

    
274
		$ph2ent['protocol'] = $pconfig['proto'];
275
		$ph2ent['encryption-algorithm-option'] = $ealgos;
276
		$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
277
		$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
278
		$ph2ent['lifetime'] = $pconfig['lifetime'];
279
		$ph2ent['pinghost'] = $pconfig['pinghost'];
280
		$ph2ent['descr'] = $pconfig['descr'];
281

    
282
		if (isset($pconfig['mobile']))
283
			$ph2ent['mobile'] = true;
284

    
285
		ipsec_lookup_phase1($ph2ent, $ph1ent);
286
		if (($ph1ent['protocol'] == "inet") && ($ph2ent['mode'] == "tunnel6"))
287
			$input_errors[] = gettext("Phase 1 is using IPv4. You cannot use Tunnel IPv6 on Phase 2.");
288
		if (($ph1ent['protocol'] == "inet6") && ($ph2ent['mode'] == "tunnel"))
289
			$input_errors[] = gettext("Phase 1 is using IPv6. You cannot use Tunnel IPv4 on Phase 2.");
290
	}
291

    
292
	if (!$input_errors) {
293
		if (isset($p2index) && $a_phase2[$p2index])
294
			$a_phase2[$p2index] = $ph2ent;
295
		else
296
			$a_phase2[] = $ph2ent;
297

    
298

    
299
		/* now we need to find all phase2 entries for this host */
300
		if(is_array($ph2ent)) {
301
			ipsec_lookup_phase1($ph2ent, $ph1ent);
302
			$old_ph1ent = $ph1ent;
303
			$old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']);
304
			reload_tunnel_spd_policy ($ph1ent, $ph2ent, $old_ph1ent, $old_ph2ent);
305
		}
306

    
307
		write_config();
308
		mark_subsystem_dirty('ipsec');
309

    
310
		header("Location: vpn_ipsec.php");
311
		exit;
312
	}
313
}
314

    
315
if ($pconfig['mobile'])
316
    $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
317
else
318
    $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
319
$shortcut_section = "ipsec";
320

    
321

    
322
include("head.inc");
323

    
324
?>
325

    
326
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
327
<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
328
<?php include("fbegin.inc"); ?>
329
<script language="JavaScript">
330
<!--
331

    
332
function change_mode() {
333
	index = document.iform.mode.selectedIndex;
334
	value = document.iform.mode.options[index].value;
335
	if ((value == 'tunnel') || (value == 'tunnel6')) {
336
		document.getElementById('opt_localid').style.display = '';
337
<?php if (!isset($pconfig['mobile'])): ?>
338
		document.getElementById('opt_remoteid').style.display = '';
339
<?php endif; ?>
340
	} else {
341
		document.getElementById('opt_localid').style.display = 'none';
342
<?php if (!isset($pconfig['mobile'])): ?>
343
		document.getElementById('opt_remoteid').style.display = 'none';
344
<?php endif; ?>
345
	}
346
}
347

    
348
function typesel_change_natlocal(bits) {
349
	var value = document.iform.mode.options[index].value;
350
	if (typeof(bits) === "undefined") {
351
		if (value === "tunnel") {
352
			bits = 24;
353
		}
354
		else if (value === "tunnel6") {
355
			bits = 64;
356
		}
357
	}
358
	var address_is_blank = !/\S/.test(document.iform.natlocalid_address.value);
359
	switch (document.iform.natlocalid_type.selectedIndex) {
360
		case 0:	/* single */
361
			document.iform.natlocalid_address.disabled = 0;
362
			if (address_is_blank) {
363
				document.iform.natlocalid_netbits.value = 0;
364
			}
365
			document.iform.natlocalid_netbits.disabled = 1;
366
			break;
367
		case 1:	/* network */
368
			document.iform.natlocalid_address.disabled = 0;
369
			if (address_is_blank) {
370
				document.iform.natlocalid_netbits.value = bits;
371
			}
372
			document.iform.natlocalid_netbits.disabled = 0;
373
			break;
374
		case 3:	/* none */
375
			document.iform.natlocalid_address.disabled = 1;
376
			document.iform.natlocalid_netbits.disabled = 1;
377
			break;
378
		default:
379
			document.iform.natlocalid_address.value = "";
380
			document.iform.natlocalid_address.disabled = 1;
381
			if (address_is_blank) {
382
				document.iform.natlocalid_netbits.value = 0;
383
			}
384
			document.iform.natlocalid_netbits.disabled = 1;
385
			break;
386
	}
387
}
388

    
389
function typesel_change_local(bits) {
390
	var value = document.iform.mode.options[index].value;
391
	if (typeof(bits) === "undefined") {
392
		if (value === "tunnel") {
393
			bits = 24;
394
		}
395
		else if (value === "tunnel6") {
396
			bits = 64;
397
		}
398
	}
399
	var address_is_blank = !/\S/.test(document.iform.localid_address.value);
400
	switch (document.iform.localid_type.selectedIndex) {
401
		case 0:	/* single */
402
			document.iform.localid_address.disabled = 0;
403
			if (address_is_blank) {
404
				document.iform.localid_netbits.value = 0;
405
			}
406
			document.iform.localid_netbits.disabled = 1;
407
			break;
408
		case 1:	/* network */
409
			document.iform.localid_address.disabled = 0;
410
			if (address_is_blank) {
411
				document.iform.localid_netbits.value = bits;
412
			}
413
			document.iform.localid_netbits.disabled = 0;
414
			break;
415
		case 3:	/* none */
416
			document.iform.localid_address.disabled = 1;
417
			document.iform.localid_netbits.disabled = 1;
418
			break;
419
		default:
420
			document.iform.localid_address.value = "";
421
			document.iform.localid_address.disabled = 1;
422
			if (address_is_blank) {
423
				document.iform.localid_netbits.value = 0;
424
			}
425
			document.iform.localid_netbits.disabled = 1;
426
			break;
427
	}
428
}
429

    
430
<?php if (!isset($pconfig['mobile'])): ?>
431

    
432
function typesel_change_remote(bits) {
433
	var value = document.iform.mode.options[index].value;
434
	if (typeof(bits) === "undefined") {
435
		if (value === "tunnel") {
436
			bits = 24;
437
		}
438
		else if (value === "tunnel6") {
439
			bits = 64;
440
		}
441
	}
442
	var address_is_blank = !/\S/.test(document.iform.remoteid_address.value);
443
	switch (document.iform.remoteid_type.selectedIndex) {
444
		case 0:	/* single */
445
			document.iform.remoteid_address.disabled = 0;
446
			if (address_is_blank) {
447
				document.iform.remoteid_netbits.value = 0;
448
			}
449
			document.iform.remoteid_netbits.disabled = 1;
450
			break;
451
		case 1:	/* network */
452
			document.iform.remoteid_address.disabled = 0;
453
			if (address_is_blank) {
454
				document.iform.remoteid_netbits.value = bits;
455
			}
456
			document.iform.remoteid_netbits.disabled = 0;
457
			break;
458
		default:
459
			document.iform.remoteid_address.value = "";
460
			document.iform.remoteid_address.disabled = 1;
461
			if (address_is_blank) {
462
				document.iform.remoteid_netbits.value = 0;
463
			}
464
			document.iform.remoteid_netbits.disabled = 1;
465
			break;
466
	}
467
}
468

    
469
<?php endif; ?>
470

    
471
function change_protocol() {
472
	index = document.iform.proto.selectedIndex;
473
	value = document.iform.proto.options[index].value;
474
	if (value == 'esp')
475
		document.getElementById('opt_enc').style.display = '';
476
	else
477
		document.getElementById('opt_enc').style.display = 'none';
478
}
479

    
480
//-->
481
</script>
482

    
483
<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
484

    
485
<?php
486
	if ($input_errors)
487
		print_input_errors($input_errors);
488
?>
489

    
490
<table width="100%" border="0" cellpadding="0" cellspacing="0">
491
	<tr class="tabnavtbl">
492
		<td id="tabnav">
493
			<?php
494
				$tab_array = array();
495
				$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
496
				$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
497
				$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
498
				display_top_tabs($tab_array);
499
			?>
500
		</td>
501
	</tr>
502
	<tr>
503
		<td id="mainarea">
504
			<div class="tabcont">
505
				<table width="100%" border="0" cellpadding="6" cellspacing="0">
506
					<tr>
507
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
508
						<td width="78%" class="vtable">
509
							<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
510
							<strong><?=gettext("Disable this phase2 entry"); ?></strong>
511
							<br>
512
							<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
513
							  "removing it from the list"); ?>.
514
							</span>
515
						</td>
516
					</tr>
517
					<tr>
518
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
519
						<td width="78%" class="vtable">
520
							<select name="mode" class="formselect" onChange="change_mode()">
521
								<?php
522
									foreach($p2_modes as $name => $value):
523
										$selected = "";
524
										if ($name == $pconfig['mode'])
525
											$selected = "selected";
526
								?>
527
								<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
528
								<?php endforeach; ?>
529
							</select>
530
						</td>
531
					</tr>
532
					<tr id="opt_localid">
533
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
534
						<td width="78%" class="vtable">
535
							<table border="0" cellspacing="0" cellpadding="0">
536
								<tr>
537
									<td><?=gettext("Type"); ?>:&nbsp;&nbsp;</td>
538
									<td></td>
539
									<td>
540
										<select name="localid_type" class="formselect" onChange="typesel_change_local()">
541
											<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected";?>><?=gettext("Address"); ?></option>
542
											<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected";?>><?=gettext("Network"); ?></option>
543
											<?php
544
												$iflist = get_configured_interface_with_descr();
545
												foreach ($iflist as $ifname => $ifdescr):
546
											?>
547
											<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
548
											<?php endforeach; ?>
549
										</select>
550
									</td>
551
								</tr>
552
								<tr>
553
									<td><?=gettext("Address:");?>&nbsp;&nbsp;</td>
554
									<td><?=$mandfldhtmlspc;?></td>
555
									<td>
556
										<input name="localid_address" type="text" class="formfld unknown ipv4v6" id="localid_address" size="28" value="<?=htmlspecialchars($pconfig['localid_address']);?>">
557
										/
558
										<select name="localid_netbits" class="formselect ipv4v6" id="localid_netbits">
559
										<?php for ($i = 128; $i >= 0; $i--): ?>
560
											<option value="<?=$i;?>" <?php if (isset($pconfig['localid_netbits']) && $i == $pconfig['localid_netbits']) echo "selected"; ?>>
561
												<?=$i;?>
562
											</option>
563
										<?php endfor; ?>
564
										</select>
565
									</td>
566
								</tr>
567
								<tr> <td colspan="3">
568
								<br/>
569
								<?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?>
570
								</td></tr>
571
								<tr>
572
									<td><?=gettext("Type"); ?>:&nbsp;&nbsp;</td>
573
									<td></td>
574
									<td>
575
										<select name="natlocalid_type" class="formselect" onChange="typesel_change_natlocal()">
576
											<option value="address" <?php if ($pconfig['natlocalid_type'] == "address") echo "selected";?>><?=gettext("Address"); ?></option>
577
											<option value="network" <?php if ($pconfig['natlocalid_type'] == "network") echo "selected";?>><?=gettext("Network"); ?></option>
578
											<?php
579
												$iflist = get_configured_interface_with_descr();
580
												foreach ($iflist as $ifname => $ifdescr):
581
											?>
582
											<option value="<?=$ifname; ?>" <?php if ($pconfig['natlocalid_type'] == $ifname ) echo "selected";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
583
											<?php endforeach; ?>
584
											<option value="none" <?php if (empty($pconfig['natlocalid_type']) || $pconfig['natlocalid_type'] == "none" ) echo "selected";?>><?=gettext("None"); ?></option>
585
										</select>
586
									</td>
587
								</tr>
588
								<tr>
589
									<td><?=gettext("Address:");?>&nbsp;&nbsp;</td>
590
									<td><?=$mandfldhtmlspc;?></td>
591
									<td>
592
										<input name="natlocalid_address" type="text" class="formfld unknown ipv4v6" id="natlocalid_address" size="28" value="<?=htmlspecialchars($pconfig['natlocalid_address']);?>">
593
										/
594
										<select name="natlocalid_netbits" class="formselect ipv4v6" id="natlocalid_netbits">
595
										<?php for ($i = 128; $i >= 0; $i--): ?>
596
											<option value="<?=$i;?>" <?php if (isset($pconfig['natlocalid_netbits']) && $i == $pconfig['natlocalid_netbits']) echo "selected"; ?>>
597
												<?=$i;?>
598
											</option>
599
										<?php endfor; ?>
600
										</select>
601
									</td>
602
								</tr>
603
							</table>
604
						</td>
605
					</tr>
606

    
607
					<?php if (!isset($pconfig['mobile'])): ?>
608
					
609
					<tr id="opt_remoteid">
610
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
611
						<td width="78%" class="vtable">
612
							<table border="0" cellspacing="0" cellpadding="0">
613
								<tr>
614
									<td><?=gettext("Type"); ?>:&nbsp;&nbsp;</td>
615
									<td></td>
616
									<td>
617
										<select name="remoteid_type" class="formselect" onChange="typesel_change_remote()">
618
											<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected"; ?>><?=gettext("Address"); ?></option>
619
											<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected"; ?>><?=gettext("Network"); ?></option>
620
										</select>
621
									</td>
622
								</tr>
623
								<tr>
624
									<td><?=gettext("Address"); ?>:&nbsp;&nbsp;</td>
625
									<td><?=$mandfldhtmlspc;?></td>
626
									<td>
627
										<input name="remoteid_address" type="text" class="formfld unknown ipv4v6" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>">
628
										/
629
										<select name="remoteid_netbits" class="formselect ipv4v6" id="remoteid_netbits">
630
										<?php for ($i = 128; $i >= 0; $i--) { 
631
											
632
											echo "<option value=\"{$i}\"";
633
											if (isset($pconfig['remoteid_netbits']) && $i == $pconfig['remoteid_netbits']) echo " selected";
634
											echo ">{$i}</option>\n";
635
											} ?>
636
										</select>
637
									</td>
638
								</tr>
639
							</table>
640
						</td>
641
					</tr>
642
					
643
					<?php endif; ?>
644
					
645
					<tr>
646
						<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
647
						<td width="78%" class="vtable">
648
							<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
649
							<br>
650
							<span class="vexpl">
651
								<?=gettext("You may enter a description here " .
652
								"for your reference (not parsed)"); ?>.
653
							</span>
654
						</td>
655
					</tr>
656
					<tr>
657
						<td colspan="2" class="list" height="12"></td>
658
					</tr>
659
					<tr>
660
						<td colspan="2" valign="top" class="listtopic">
661
							<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
662
						</td>
663
					</tr>
664
					<tr>
665
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
666
						<td width="78%" class="vtable">
667
							<select name="proto" class="formselect" onChange="change_protocol()">
668
							<?php foreach ($p2_protos as $proto => $protoname): ?>
669
								<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected"; ?>>
670
									<?=htmlspecialchars($protoname);?>
671
								</option>
672
							<?php endforeach; ?>
673
							</select>
674
							<br>
675
							<span class="vexpl">
676
								<?=gettext("ESP is encryption, AH is authentication only"); ?>
677
							</span>
678
						</td>
679
					</tr>
680
					<tr id="opt_enc">
681
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
682
						<td width="78%" class="vtable">
683
							<table border="0" cellspacing="0" cellpadding="0">
684
							<?php
685
								foreach ($p2_ealgos as $algo => $algodata):
686
									$checked = '';
687
									if (is_array($pconfig['ealgos']) && in_array($algo,$pconfig['ealgos']))
688
										$checked = " checked";
689
								?>
690
								<tr>
691
									<td>
692
										<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?>>
693
									</td>
694
									<td>
695
										<?=htmlspecialchars($algodata['name']);?>
696
									</td>
697
									<td>
698
										<?php if(is_array($algodata['keysel'])): ?>
699
										&nbsp;&nbsp;
700
										<select name="keylen_<?=$algo;?>" class="formselect">
701
											<option value="auto"><?=gettext("auto"); ?></option>
702
											<?php
703
												$key_hi = $algodata['keysel']['hi'];
704
												$key_lo = $algodata['keysel']['lo'];
705
												$key_step = $algodata['keysel']['step'];
706
												for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
707
													$selected = '';
708
				//									if ($checked && in_array("keylen_".$algo,$pconfig))
709
													if ($keylen == $pconfig["keylen_".$algo])
710
														$selected = " selected";
711
											?>
712
											<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
713
											<?php endfor; ?>
714
										</select>
715
										<?php endif; ?>
716
									</td>
717
								</tr>
718
								
719
								<?php endforeach; ?>
720
								
721
							</table>
722
							<br>
723
							<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " . 
724
							"crypto accelerator card. Blowfish is usually the fastest in " .
725
							"software encryption"); ?>.
726
						</td>
727
					</tr>
728
					<tr>
729
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
730
						<td width="78%" class="vtable">
731
						<?php foreach ($p2_halgos as $algo => $algoname): ?>
732
							<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked"; ?>>
733
							<?=htmlspecialchars($algoname);?>
734
							<br>
735
						<?php endforeach; ?>
736
						</td>
737
					</tr>
738
					<tr>
739
						<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
740
						<td width="78%" class="vtable">
741
						<?php if (!isset($pconfig['mobile']) || !isset($a_client['pfs_group'])): ?>
742
							<select name="pfsgroup" class="formselect">
743
							<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
744
								<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected"; ?>>
745
									<?=htmlspecialchars($keygroupname);?>
746
								</option>
747
							<?php endforeach; ?>
748
							</select>
749
							<br>
750
							<?php else: ?>
751

    
752
							<select class="formselect" disabled>
753
								<option selected><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
754
							</select>
755
							<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>">
756
							<br>
757
							<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
758
						<?php endif; ?>
759
						</td>
760
					</tr>
761
					<tr>
762
						<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
763
						<td width="78%" class="vtable">
764
							<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>">
765
							<?=gettext("seconds"); ?>
766
						</td>
767
					</tr>
768
					<tr>
769
						<td colspan="2" class="list" height="12"></td>
770
					</tr>
771
					<tr>
772
						<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
773
					</tr>
774
					<tr>
775
						<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
776
						<td width="78%" class="vtable">
777
							<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="28" value="<?=htmlspecialchars($pconfig['pinghost']);?>">
778
							<?=gettext("IP address"); ?>
779
						</td>
780
					</tr>
781
					<tr>
782
						<td width="22%" valign="top">&nbsp;</td>
783
						<td width="78%">
784
						<?php if (isset($p2index) && $a_phase2[$p2index]): ?>
785
							<input name="p2index" type="hidden" value="<?=$p2index;?>">
786
						<?php endif; ?>
787
						<?php if ($pconfig['mobile']): ?>
788
							<input name="mobile" type="hidden" value="true">
789
							<input name="remoteid_type" type="hidden" value="mobile">
790
						<?php endif; ?>
791
							<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
792
							<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>">
793
						</td>
794
					</tr>
795
				</table>
796
			</div>
797
		</td>
798
	</tr>
799
</table>
800
</form>
801
<script lannguage="JavaScript">
802
<!--
803
change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
804
change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
805
typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
806
typesel_change_natlocal(<?=htmlspecialchars($pconfig['natlocalid_netbits'])?>);
807
<?php if (!isset($pconfig['mobile'])): ?>
808
typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
809
<?php endif; ?>
810
//-->
811
</script>
812
<?php include("fend.inc"); ?>
813
</body>
814
</html>
815

    
816
<?php
817

    
818
/* local utility functions */
819

    
820
function pconfig_to_ealgos(& $pconfig) {
821

    
822
	global $p2_ealgos;
823

    
824
	$ealgos = array();
825
	if (is_array($pconfig['ealgos'])) {
826
		foreach ($p2_ealgos as $algo_name => $algo_data) {
827
			if (in_array($algo_name,$pconfig['ealgos'])) {
828
				$ealg = array();
829
				$ealg['name'] = $algo_name;
830
				if (is_array($algo_data['keysel']))
831
					$ealg['keylen'] = $_POST["keylen_".$algo_name];
832
				$ealgos[] = $ealg;
833
			}
834
		}
835
	}
836

    
837
	return $ealgos;
838
}
839

    
840
function ealgos_to_pconfig(& $ealgos,& $pconfig) {
841

    
842
	$pconfig['ealgos'] = array();
843
	foreach ($ealgos as $algo_data) {
844
		$pconfig['ealgos'][] = $algo_data['name'];
845
		if (isset($algo_data['keylen']))
846
			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
847
	}
848

    
849
	return $ealgos;
850
}
851

    
852
function pconfig_to_idinfo($prefix,& $pconfig) {
853

    
854
	$type = $pconfig[$prefix."id_type"];
855
	$address = $pconfig[$prefix."id_address"];
856
	$netbits = $pconfig[$prefix."id_netbits"];
857

    
858
	switch( $type )
859
	{
860
		case "address":
861
			return array('type' => $type, 'address' => $address);
862
		case "network":
863
			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
864
		default:
865
			return array('type' => $type );
866
	}
867
}
868

    
869
function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
870

    
871
	switch( $idinfo['type'] )
872
	{
873
		case "address":
874
			$pconfig[$prefix."id_type"] = $idinfo['type'];
875
			$pconfig[$prefix."id_address"] = $idinfo['address'];
876
			break;
877
		case "network":
878
			$pconfig[$prefix."id_type"] = $idinfo['type'];
879
			$pconfig[$prefix."id_address"] = $idinfo['address'];
880
			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
881
			break;
882
		default:
883
			$pconfig[$prefix."id_type"] = $idinfo['type'];
884
			break;
885
	}
886
}
887

    
888
?>
889

    
(233-233/246)