pfSense

				$btn = '<i class="fa ' . $icon_act . ' icon-pointer" title="' . $log_row['act'] . '/' . $log_row['tracker'] . '" onclick="javascript:getURL(\'diag_logs_filter.php?getrulenum=' . $log_row['rulenum'] . ',' . $log_row['tracker'] . ',' . $log_row['act'] . '\', outputrule);"></i>';

$priv_list['page-status-carp']['match'][] = "carp_status.php*";

$priv_list['page-status-ipsec']['match'][] = "diag_ipsec.php*";

$priv_list['page-status-ipsec-leases']['match'][] = "diag_ipsec_leases.php*";

$priv_list['page-status-ipsec-sad']['match'][] = "diag_ipsec_sad.php*";

$priv_list['page-status-ipsec-spd']['match'][] = "diag_ipsec_spd.php*";

$priv_list['page-diagnostics-logs-system']['match'][] = "diag_logs.php";

$priv_list['page-diagnostics-logs-firewall']['match'][] = "diag_logs_filter.php*";

$priv_list['page-diagnostics-logs-firewall-dynamic']['match'][] = "diag_logs_filter_dynamic.php*";

$priv_list['page-diagnostics-logs-firewall-summary']['match'][] = "diag_logs_filter_summary.php*";

$priv_list['page-diagnostics-logs-settings']['match'][] = "diag_logs_settings.php*";

$priv_list['page-diagnostics-logs-pptpvpn']['match'][] = "diag_logs_vpn.php*";

$priv_list['page-status-packagelogs']['match'][] = "diag_pkglogs.php*";

$priv_list['page-diagnostics-system-pftop']['match'][] = "diag_system_pftop.php*";

$priv_list['page-diagnostics-haltsystem']['match'][] = "halt.php*";

$priv_list['page-diagnostics-rebootsystem']['match'][] = "reboot.php*";

$priv_list['page-services-pppoeserver']['match'][] = "vpn_pppoe.php*";

$priv_list['page-services-pppoeserver-edit']['match'][] = "vpn_pppoe_edit.php*";

$priv_list['page-dashboard-all']['match'][] = "diag_logs_filter_dynamic.php*";

$priv_list['page-status-systemlogs-portalauth']['match'][] = "diag_logs.php?logfile=portalauth";

$priv_list['page-diagnostics-logs-dhcp']['match'][] = "diag_logs.php?logfile=dhcpd";

$priv_list['page-diagnostics-logs-gateways']['match'][] = "diag_logs.php?logfile=gateways";

$priv_list['page-diagnostics-logs-resolver']['match'][] = "diag_logs.php?logfile=resolver";

$priv_list['page-status-systemlogs-ipsecvpn']['match'][] = "diag_logs.php?logfile=ipsec";

$priv_list['page-status-systemlogs-ntpd']['match'][] = "diag_logs.php?logfile=ntpd";

$priv_list['page-status-systemlogs-openvpn']['match'][] = "diag_logs.php?logfile=openvpn";

$priv_list['page-status-systemlogs-ppp']['match'][] = "diag_logs.php?logfile=ppp";

$priv_list['page-status-systemlogs-loadbalancer']['match'][] = "diag_logs.php?logfile=relayd";

$priv_list['page-status-systemlogs-routing']['match'][] = "diag_logs.php?logfile=routing";

$priv_list['page-status-systemlogs-wireless']['match'][] = "diag_logs.php?logfile=wireless";

<?php

/*

	carp_status.php

*/

/* ====================================================================

 *  Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved.

 *

 *  Redistribution and use in source and binary forms, with or without modification,

 *  are permitted provided that the following conditions are met:

 *

 *  1. Redistributions of source code must retain the above copyright notice,

 *      this list of conditions and the following disclaimer.

 *

 *  2. Redistributions in binary form must reproduce the above copyright

 *      notice, this list of conditions and the following disclaimer in

 *      the documentation and/or other materials provided with the

 *      distribution.

 *

 *  3. All advertising materials mentioning features or use of this software

 *      must display the following acknowledgment:

 *      "This product includes software developed by the pfSense Project

 *       for use in the pfSense software distribution. (http://www.pfsense.org/).

 *

 *  4. The names "pfSense" and "pfSense Project" must not be used to

 *       endorse or promote products derived from this software without

 *       prior written permission. For written permission, please contact

 *       coreteam@pfsense.org.

 *

 *  5. Products derived from this software may not be called "pfSense"

 *      nor may "pfSense" appear in their names without prior written

 *      permission of the Electric Sheep Fencing, LLC.

 *

 *  6. Redistributions of any form whatsoever must retain the following

 *      acknowledgment:

 *

 *  "This product includes software developed by the pfSense Project

 *  for use in the pfSense software distribution (http://www.pfsense.org/).

 *

 *  THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY

 *  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR

 *  ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 *  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 *  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 *  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 *  OF THE POSSIBILITY OF SUCH DAMAGE.

 *

 *  ====================================================================

 *

 */

##|+PRIV

##|*IDENT=page-status-carp

##|*NAME=Status: CARP

##|*DESCR=Allow access to the 'Status: CARP' page.

##|*MATCH=carp_status.php*

##|-PRIV

/*

	pfSense_MODULE:	carp

*/

require_once("guiconfig.inc");

require_once("globals.inc");

function gentitle_pkg($pgname) {

	global $config;

	return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname;

}

unset($interface_arr_cache);

unset($carp_interface_count_cache);

unset($interface_ip_arr_cache);

$status = get_carp_status();

$status = intval($status);

if ($_POST['carp_maintenancemode'] != "") {

	interfaces_carp_set_maintenancemode(!isset($config["virtualip_carp_maintenancemode"]));

}

if ($_POST['disablecarp'] != "") {

	if ($status > 0) {

		set_single_sysctl('net.inet.carp.allow', '0');

		if (is_array($config['virtualip']['vip'])) {

			$viparr = &$config['virtualip']['vip'];

			foreach ($viparr as $vip) {

				switch ($vip['mode']) {

					case "carp":

						interface_vip_bring_down($vip);

						/*

						 * Reconfigure radvd when necessary

						 * XXX: Is it the best way to do it?

						 */

						if (isset($config['dhcpdv6']) && is_array($config['dhcpdv6'])) {

							foreach ($config['dhcpdv6'] as $dhcpv6if => $dhcpv6ifconf) {

								if ($dhcpv6if !== $vip['interface'] ||

								    $dhcpv6ifconf['ramode'] === "disabled") {

									continue;

								}

								services_radvd_configure();

								break;

							}

						}

						sleep(1);

						break;

				}

			}

		}

		$savemsg = sprintf(gettext("%s IPs have been disabled. Please note that disabling does not survive a reboot and some configuration changes will re-enable."), $carp_counter);

		$status = 0;

	} else {

		$savemsg = gettext("CARP has been enabled.");

		if (is_array($config['virtualip']['vip'])) {

			$viparr = &$config['virtualip']['vip'];

			foreach ($viparr as $vip) {

				switch ($vip['mode']) {

					case "carp":

						interface_carp_configure($vip);

						sleep(1);

						break;

					case 'ipalias':

						if (strpos($vip['interface'], '_vip')) {

							interface_ipalias_configure($vip);

						}

						break;

				}

			}

		}

		interfaces_sync_setup();

		set_single_sysctl('net.inet.carp.allow', '1');

		$status = 1;

	}

}

$carp_detected_problems = get_single_sysctl("net.inet.carp.demotion");

if (!empty($_POST['resetdemotion'])) {

	set_single_sysctl("net.inet.carp.demotion", "-{$carp_detected_problems}");

	sleep(1);

	$carp_detected_problems = get_single_sysctl("net.inet.carp.demotion");

}

$pgtitle = array(gettext("Status"), gettext("CARP"));

$shortcut_section = "carp";

include("head.inc");

if ($savemsg)

	print_info_box($savemsg, 'success');

$carpcount = 0;

if (is_array($config['virtualip']['vip'])) {

	foreach ($config['virtualip']['vip'] as $carp) {

		if ($carp['mode'] == "carp") {

			$carpcount++;

			break;

		}

	}

}

// If $carpcount > 0 display buttons then display table

// otherwise display error box and quit

?>

<?php

if ($carpcount == 0) {

	print_info_box(gettext('No CARP interfaces have been defined.') . '<br />' .

				   '<a href="system_hasync.php" class="alert-link">' .

				   gettext("You can configure high availability sync settings here") .

				   '</a>');

} else

{

?>

<form action="carp_status.php" method="post">

<?php

	if($status > 0)

		$carp_enabled = true;

	else

		$carp_enabled = false;

	// Sadly this needs to be here so that it is inside the form

	if ($carp_detected_problems > 0) {

		print_info_box(

			gettext("CARP has detected a problem and this unit has been demoted to BACKUP status.") . "<br/>" .

			gettext("Check the link status on all interfaces with configured CARP VIPs.") . "<br/>" .

			gettext("Search the") .

			" <a href=\"/diag_logs.php?filtertext=carp%3A+demoted+by\">" .

			gettext("system log") .

			"</a> " .

			gettext("for CARP demotion-related events.") . "<br/><br/>" .

			'<input type="submit" class="btn btn-warning" name="resetdemotion" id="resetdemotion" value="' .

			gettext("Reset CARP Demotion Status") .

			'" />', 'danger'

		);

	}

?>

	<input type="submit" class="btn btn-warning" name="disablecarp" value="<?=($carp_enabled ? gettext("Temporarily Disable CARP") : gettext("Enable CARP"))?>" />

	<input type="submit" class="btn btn-info" name="carp_maintenancemode" id="carp_maintenancemode" value="<?=(isset($config["virtualip_carp_maintenancemode"]) ? gettext("Leave Persistent CARP Maintenance Mode") : gettext("Enter Persistent CARP Maintenance Mode"))?>" />

	<br /><br />

	<div class="panel panel-default">

		<div class="panel-heading"><h2 class="panel-title"><?=gettext('CARP Interfaces')?></h2></div>

			<div class="panel-body table-responsive">

				<table class="table table-striped table-condensed table-hover sortable-theme-bootstrap " data-sortable>

					<thead>

						<tr>

							<th><?=gettext("CARP Interface")?></th>

							<th><?=gettext("Virtual IP")?></th>

							<th><?=gettext("Status")?></th>

						</tr>

					</thead>

					<tbody>

<?php

	foreach ($config['virtualip']['vip'] as $carp) {

		if ($carp['mode'] != "carp") {

			continue;

		}

		$ipaddress = $carp['subnet'];

		$vhid = $carp['vhid'];

		$status = get_carp_interface_status("_vip{$carp['uniqid']}");

		if($carp_enabled == false) {

			$icon = 'times-circle';

			$status = "DISABLED";

		} else {

			if ($status == "MASTER") {

				$icon = 'check-circle';

			} else if ($status == "BACKUP") {

				$icon = 'check-circle-o';

			} else if ($status == "INIT") {

				$icon = 'question-circle';

			}

		}

?>

					<tr>

						<td><?=convert_friendly_interface_to_friendly_descr($carp['interface'])?>@<?=$vhid?></td>

						<td><?=$ipaddress?></td>

						<td><i class="fa fa-<?=$icon?>"></i>&nbsp;<?=$status?></td>

					</tr>

<?php }?>

				</tbody>

			</table>

		</div>

	</div>

</form>

<div class="panel panel-default">

	<div class="panel-heading"><h2 class="panel-title"><?=gettext('pfSync nodes')?></h2></div>

	<div class="panel-body">

		<ul>

<?php

	foreach (explode("\n", exec_command("/sbin/pfctl -vvss | /usr/bin/grep creator | /usr/bin/cut -d\" \" -f7 | /usr/bin/sort -u")) as $node) {

		echo '<li>'. $node .'</li>';

	}

?>

		</ul>

	</div>

</div>

<?php

}

include("foot.inc");

	<form action="reboot.php" method="post">

<?php

/*

	diag_ipsec.php

*/

/* ====================================================================

 *  Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved.

 *  portions Copyright (c) 2008 Shrew Soft Inc <mgrooms@shrew.net>.

 *

 *  Parts of this code originally based on vpn_ipsec_sad.php from m0n0wall,

 *  Copyright (c) 2003-2004 Manuel Kasper (BSD 2 clause)

 *

 *  Redistribution and use in source and binary forms, with or without modification,

 *  are permitted provided that the following conditions are met:

 *

 *  1. Redistributions of source code must retain the above copyright notice,

 *      this list of conditions and the following disclaimer.

 *

 *  2. Redistributions in binary form must reproduce the above copyright

 *      notice, this list of conditions and the following disclaimer in

 *      the documentation and/or other materials provided with the

 *      distribution.

 *

 *  3. All advertising materials mentioning features or use of this software

 *      must display the following acknowledgment:

 *      "This product includes software developed by the pfSense Project

 *       for use in the pfSense software distribution. (http://www.pfsense.org/).

 *

 *  4. The names "pfSense" and "pfSense Project" must not be used to

 *       endorse or promote products derived from this software without

 *       prior written permission. For written permission, please contact

 *       coreteam@pfsense.org.

 *

 *  5. Products derived from this software may not be called "pfSense"

 *      nor may "pfSense" appear in their names without prior written

 *      permission of the Electric Sheep Fencing, LLC.

 *

 *  6. Redistributions of any form whatsoever must retain the following

 *      acknowledgment:

 *

 *  "This product includes software developed by the pfSense Project

 *  for use in the pfSense software distribution (http://www.pfsense.org/).

 *

 *  THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY

 *  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR

 *  ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 *  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 *  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 *  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 *  OF THE POSSIBILITY OF SUCH DAMAGE.

 *

 *  ====================================================================

 *

 */

/*

	pfSense_MODULE: ipsec

*/

##|+PRIV

##|*IDENT=page-status-ipsec

##|*NAME=Status: IPsec

##|*DESCR=Allow access to the 'Status: IPsec' page.

##|*MATCH=diag_ipsec.php*

##|-PRIV

global $g;

$pgtitle = array(gettext("Status"), gettext("IPsec"), gettext("Overview"));

$shortcut_section = "ipsec";

require("guiconfig.inc");

include("head.inc");

require_once("ipsec.inc");

if ($_GET['act'] == 'connect') {

	if (ctype_digit($_GET['ikeid'])) {

		$ph1ent = ipsec_get_phase1($_GET['ikeid']);

		if (!empty($ph1ent)) {

			if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == 'ikev1') {

				$ph2entries = ipsec_get_number_of_phase2($_GET['ikeid']);

				for ($i = 0; $i < $ph2entries; $i++) {

					$connid = escapeshellarg("con{$_GET['ikeid']}00{$i}");

					mwexec("/usr/local/sbin/ipsec down {$connid}");

					mwexec("/usr/local/sbin/ipsec up {$connid}");

				}

			} else {

				mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));

				mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid']));

			}

		}

	}

} else if ($_GET['act'] == 'ikedisconnect') {

	if (ctype_digit($_GET['ikeid'])) {

		if (!empty($_GET['ikesaid']) && ctype_digit($_GET['ikesaid'])) {

			mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']) . "[" . escapeshellarg($_GET['ikesaid']) . "]");

		} else {

			mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));

		}

	}

} else if ($_GET['act'] == 'childdisconnect') {

	if (ctype_digit($_GET['ikeid'])) {

		if (!empty($_GET['ikesaid']) && ctype_digit($_GET['ikesaid'])) {

			mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']) . "{" . escapeshellarg($_GET['ikesaid']) . "}");

		}

	}

}

if (!is_array($config['ipsec']['phase1'])) {

	$config['ipsec']['phase1'] = array();

}

$a_phase1 = &$config['ipsec']['phase1'];

$status = ipsec_list_sa();

$tab_array = array();

$tab_array[] = array(gettext("Overview"), true, "diag_ipsec.php");

$tab_array[] = array(gettext("Leases"), false, "diag_ipsec_leases.php");

$tab_array[] = array(gettext("SAD"), false, "diag_ipsec_sad.php");

$tab_array[] = array(gettext("SPD"), false, "diag_ipsec_spd.php");

display_top_tabs($tab_array);

?>

<div class="panel panel-default">

	<div class="panel-heading">IPsec status</div>

	<div class="panel-body table responsive">

		<table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable>

			<thead>

				<tr>

					<th><?=gettext("Description")?></th>

					<th><?=gettext("Local ID")?></th>

					<th><?=gettext("Local IP")?></th>

					<th><?=gettext("Remote ID")?></th>

					<th><?=gettext("Remote IP")?></th>

					<th><?=gettext("Role")?></th>

					<th><?=gettext("Reauth")?></th>

					<th><?=gettext("Algo")?></th>

					<th><?=gettext("Status")?></th>

					<th></th>

				</tr>

			</thead>

			<tbody>

<?php

$ipsecconnected = array();

if (is_array($status)) {

	foreach ($status as $ikeid => $ikesa) {

	$con_id = substr($ikeid, 3);

		if ($ikesa['version'] == 1) {

			$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));

			$ipsecconnected[$ph1idx] = $ph1idx;

		} else {

			$ipsecconnected[$con_id] = $ph1idx = $con_id;

		}

?>

				<tr>

					<td>

						<?=htmlspecialchars(ipsec_get_descr($ph1idx))?>

					</td>

					<td>

<?php

		if (!empty($ikesa['local-id'])) {

			if ($ikesa['local-id'] == '%any') {

				print(gettext('Any identifier'));

			} else {

				print(htmlspecialchars($ikesa['local-id']));

			}

		} else {

			print(gettext("Unknown"));

		}

?>

					</td>

					<td>

<?php

		if (!empty($ikesa['local-host'])) {

			print(htmlspecialchars($ikesa['local-host']));

		} else {

			print(gettext("Unknown"));

		}

		/*

		 * XXX: local-nat-t was defined by pfSense

		 * When strongswan team accepted the change, they changed it to

		 * nat-local. Keep both for a while and remove local-nat-t in

		 * the future

		 */

		if (isset($ikesa['local-nat-t']) || isset($ikesa['nat-local'])) {

			print(" NAT-T");

		}

?>

					</td>

					<td>

<?php

		$identity = "";

		if (!empty($ikesa['remote-id'])) {

			if ($ikesa['remote-id'] == '%any') {

				$identity = 'Any identifier';

			} else {

				$identity = htmlspecialchars($ikesa['remote']['identification']);

			}

		}

		if (!empty($ikesa['remote-xauth-id'])) {

			echo htmlspecialchars($ikesa['remote-xauth-id']);

			echo "<br/>{$identity}";

		} elseif (!empty($ikesa['remote-eap-id'])) {

			echo htmlspecialchars($ikesa['remote-eap-id']);

			echo "<br/>{$identity}";

		} else {

			if (empty($identity)) {

				print(gettext("Unknown"));

			} else {

				print($identity);

			}

		}

?>

					</td>

					<td>

<?php

		if (!empty($ikesa['remote-host'])) {

			print(htmlspecialchars($ikesa['remote-host']));

		} else {

			print(gettext("Unknown"));

		}

		/*

		 * XXX: remote-nat-t was defined by pfSense

		 * When strongswan team accepted the change, they changed it to

		 * nat-remote. Keep both for a while and remove remote-nat-t in

		 * the future

		 */

		if (isset($ikesa['remote-nat-t']) || isset($ikesa['nat-remote'])) {

			print(" NAT-T");

		}

?>

					</td>

					<td>

						IKEv<?=htmlspecialchars($ikesa['version'])?>

						<br/>

<?php

		if ($ikesa['initiator'] == 'yes') {

			print("initiator");

		} else {

			print("responder");

		}

?>

					</td>

					<td>

						<?=htmlspecialchars($ikesa['reauth-time']) . gettext(" seconds (") . convert_seconds_to_hms($ikesa['reauth-time']) . ")";?>

					</td>

					<td>

						<?=htmlspecialchars($ikesa['encr-alg'])?>

						<br/>

						<?=htmlspecialchars($ikesa['integ-alg'])?>

						<br/>

						<?=htmlspecialchars($ikesa['prf-alg'])?>

						<br/>

						<?=htmlspecialchars($ikesa['dh-group'])?>

					</td>

					<td>

<?php

		if ($ikesa['state'] == 'ESTABLISHED') {

			print('<span style="color:green">');

		} else {

			print('<span>');

		}

?>

						<?=ucfirst(htmlspecialchars($ikesa['state']))?>

						<br/><?=htmlspecialchars($ikesa['established']) . gettext(" seconds (" . convert_seconds_to_hms($ikesa['established']) . ") ago")?>

						</span>

					</td>

					<td >

<?php

		if ($ikesa['state'] != 'ESTABLISHED') {

?>

					<a href="diag_ipsec.php?act=connect&amp;ikeid=<?=$con_id; ?>" class="btn btn-xs btn-success" data-toggle="tooltip" title="Connect VPN" >

							<?=gettext("Connect VPN")?>

						</a>

<?php

		} else {

?>

						<a href="diag_ipsec.php?act=ikedisconnect&amp;ikeid=<?=$con_id; ?>" class="btn btn-xs btn-danger" data-toggle="tooltip" title="Disconnect VPN">

							<?=gettext("Disconnect")?>

						</a><br />

<?php

		}

?>

					</td>

				</tr>

				<tr>

					<td colspan = 10>

<?php

		if (is_array($ikesa['child-sas']) && (count($ikesa['child-sas']) > 0)) {

?>

						<div id="btnchildsa-<?=$ikeid?>">

							<a type="button" onclick="show_childsa('childsa-<?=$ikeid?>','btnchildsa-<?=$ikeid?>');" class="btn btn-sm btn-default" />

								<?=gettext('Show child SA entries')?>

							</a>

						</div>

						<table class="table table-hover table-condensed" id="childsa-<?=$ikeid?>" style="display:none">

							<thead>

								<tr class="info">

									<th><?=gettext("Local subnets")?></th>

									<th><?=gettext("Local SPI(s)")?></th>

									<th><?=gettext("Remote subnets")?></th>

									<th><?=gettext("Times")?></th>

									<th><?=gettext("Algo")?></th>

									<th><?=gettext("Stats")?></th>

									<th><!-- Buttons --></th>

								</tr>

							</thead>

							<tbody>

<?php

			foreach ($ikesa['child-sas'] as $childid => $childsa) {

?>

								<tr>

									<td>

<?php

				if (is_array($childsa['local-ts'])) {

					foreach ($childsa['local-ts'] as $lnets) {

						print(htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />");

					}

				} else {

					print(gettext("Unknown"));

				}

?>

									</td>

									<td>

<?php

				if (isset($childsa['spi-in'])) {

					print(gettext("Local: ") . htmlspecialchars($childsa['spi-in']));

				}

				if (isset($childsa['spi-out'])) {

					print('<br/>' . gettext('Remote: ') . htmlspecialchars($childsa['spi-out']));

				}

?>

									</td>

									<td>

<?php

				if (is_array($childsa['remote-ts'])) {

					foreach ($childsa['remote-ts'] as $rnets) {

						print(htmlspecialchars(ipsec_fixup_network($rnets)) . '<br />');

					}

				} else {

					print(gettext("Unknown"));

				}

?>

									</td>

									<td>

<?php

				print(gettext("Rekey: ") . htmlspecialchars($childsa['rekey-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['rekey-time']) . ")");

				print('<br/>' . gettext('Life: ') . htmlspecialchars($childsa['life-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['life-time']) . ")" );

				print('<br/>' . gettext('Install: ') .htmlspecialchars($childsa['install-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['install-time']) . ")" );

?>

									</td>

									<td>

<?php

				print(htmlspecialchars($childsa['encr-alg']) . '<br/>');

				print(htmlspecialchars($childsa['integ-alg']) . '<br/>');

				if (!empty($childsa['prf-alg'])) {

					print(htmlspecialchars($childsa['prf-alg']) . '<br/>');

				}

				if (!empty($childsa['dh-group'])) {

					print(htmlspecialchars($childsa['dh-group']) . '<br/>');

				}

				if (!empty($childsa['esn'])) {

					print(htmlspecialchars($childsa['esn']) . '<br/>');

				}

				print(gettext("IPComp: "));

				if (!empty($childsa['cpi-in']) || !empty($childsa['cpi-out'])) {

					print(htmlspecialchars($childsa['cpi-in']) . " " . htmlspecialchars($childsa['cpi-out']));

				} else {

					print(gettext('none'));

				}

?>

									</td>

									<td>

<?php

				print(gettext("Bytes-In: ") . htmlspecialchars(number_format($childsa['bytes-in'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-in'])) . ')<br/>');

				print(gettext("Packets-In: ") . htmlspecialchars(number_format($childsa['packets-in'])) . '<br/>');

				print(gettext("Bytes-Out: ") . htmlspecialchars(number_format($childsa['bytes-out'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-out'])) . ')<br/>');

				print(gettext("Packets-Out: ") . htmlspecialchars(number_format($childsa['packets-out'])) . '<br/>');

?>

									</td>

									<td>

										<a href="diag_ipsec.php?act=childdisconnect&amp;ikeid=<?=$con_id; ?>&amp;ikesaid=<?=$childsa['uniqueid']; ?>" class="btn btn-xs btn-warning" data-toggle="tooltip" title="<?=gettext('Disconnect Child SA')?>">

											<?=gettext("Disconnect")?>

										</a>

									</td>

								</tr>

<?php

			}

?>

							</tbody>

						</table>

					</td>

				</tr>

<?php

		}

		unset($con_id);

	}

}

$rgmap = array();

foreach ($a_phase1 as $ph1ent) {

	if (isset($ph1ent['disabled'])) {

		continue;

	}

	$rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway'];

	if ($ipsecconnected[$ph1ent['ikeid']]) {

		continue;

	}

?>

				<tr>

					<td>

<?php

	print(htmlspecialchars($ph1ent['descr']));

?>

					</td>

					<td>

<?php

	list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");

	if (empty($myid_data))

		print(gettext("Unknown"));

	else

		print(htmlspecialchars($myid_data));

?>

					</td>

					<td>

<?php

	$ph1src = ipsec_get_phase1_src($ph1ent);

	if (empty($ph1src))

		print(gettext("Unknown"));

	else

		print(htmlspecialchars($ph1src));

?>

					</td>

					<td>

<?php

	list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);

	if (empty($peerid_data))

		print(gettext("Unknown"));

	else

		print(htmlspecialchars($peerid_data));

?>

					</td>

					<td>

<?php

	$ph1src = ipsec_get_phase1_dst($ph1ent);

	if (empty($ph1src))

		print(gettext("Unknown"));

	else

		print(htmlspecialchars($ph1src));

?>

					</td>

					<td>

					</td>

					<td>

					</td>

					<td>

					</td>

<?php

	if (isset($ph1ent['mobile'])) {

?>

					<td>

						<?=gettext("Awaiting connections")?>

					</td>

					<td>

					</td>

<?php

	} else {

?>

					<td>

						<?=gettext("Disconnected")?>

					</td>

					<td >

						<a href="diag_ipsec.php?act=connect&amp;ikeid=<?=$ph1ent['ikeid']; ?>" class="btn btn-xs btn-success">

							<?=gettext("Connect VPN")?>

						</a>

					</td>

<?php

	}

?>

					<td>

					</td>

				</tr>

<?php

}

unset($ipsecconnected, $phase1, $rgmap);

?>

			</tbody>

		</table>

	</div>

</div>

<script type="text/javascript">

//<![CDATA[

function show_childsa(id, buttonid) {

	document.getElementById(buttonid).innerHTML='';

	aodiv = document.getElementById(id);

	aodiv.style.display = "block";

}

//]]>

</script>

<?php

unset($status);

print_info_box(gettext("You can configure IPsec ") . '<a href="vpn_ipsec.php">Here</a>');

include("foot.inc"); ?>

<?php

/*

	diag_ipsec_leases.php

*/

/* ====================================================================

 *  Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved.

 *

 *  Redistribution and use in source and binary forms, with or without modification,

 *  are permitted provided that the following conditions are met:

 *

 *  1. Redistributions of source code must retain the above copyright notice,

 *      this list of conditions and the following disclaimer.

 *

 *  2. Redistributions in binary form must reproduce the above copyright

 *      notice, this list of conditions and the following disclaimer in

 *      the documentation and/or other materials provided with the

 *      distribution.

 *

 *  3. All advertising materials mentioning features or use of this software

 *      must display the following acknowledgment:

 *      "This product includes software developed by the pfSense Project

 *       for use in the pfSense software distribution. (http://www.pfsense.org/).

 *

 *  4. The names "pfSense" and "pfSense Project" must not be used to

 *       endorse or promote products derived from this software without

 *       prior written permission. For written permission, please contact

 *       coreteam@pfsense.org.

 *

 *  5. Products derived from this software may not be called "pfSense"

 *      nor may "pfSense" appear in their names without prior written

 *      permission of the Electric Sheep Fencing, LLC.

 *

 *  6. Redistributions of any form whatsoever must retain the following

 *      acknowledgment:

 *

 *  "This product includes software developed by the pfSense Project

 *  for use in the pfSense software distribution (http://www.pfsense.org/).

 *

 *  THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY

 *  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR

 *  ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 *  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 *  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 *  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 *  OF THE POSSIBILITY OF SUCH DAMAGE.

 *

 *  ====================================================================

 *

 */

/*

	pfSense_BUILDER_BINARIES:	/usr/local/sbin/ipsec

	pfSense_MODULE: ipsec

*/

##|+PRIV

##|*IDENT=page-status-ipsec-leases

##|*NAME=Status: IPsec: Leases

##|*DESCR=Allow access to the 'Status: IPsec: Leases' page.

##|*MATCH=diag_ipsec_leases.php*

##|-PRIV

define(DEBUG, true); // Force dummy data for testing. Setting up a pFSense box to get real data is far too hard!

require("guiconfig.inc");

require("ipsec.inc");

$pgtitle = array(gettext("Status"), gettext("IPsec"), gettext("Leases"));

$shortcut_section = "ipsec";

include("head.inc");

$mobile = ipsec_dump_mobile();

$tab_array = array();

$tab_array[] = array(gettext("Overview"), false, "diag_ipsec.php");

$tab_array[] = array(gettext("Leases"), true, "diag_ipsec_leases.php");

$tab_array[] = array(gettext("SAD"), false, "diag_ipsec_sad.php");

$tab_array[] = array(gettext("SPD"), false, "diag_ipsec_spd.php");

display_top_tabs($tab_array);

if (isset($mobile['pool']) && is_array($mobile['pool'])) {

?>

	<div class="table-responsive">

		<table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable>

			<thead>

				<tr>

					<th><?=gettext("Pool")?></th>

					<th><?=gettext("Usage")?></th>

					<th><?=gettext("Online")?></th>

					<th><?=gettext("ID")?></th>

					<th><?=gettext("Host")?></th>

					<th><?=gettext("Status")?></th>

				</tr>

			</thead>

			<tbody>

<?php

			foreach ($mobile['pool'] as $pool) {

				// The first row of each pool includes the pool information

?>

				<tr>

					<td>

						<?=$pool['name']?>

					</td>

					<td>

						<?=$pool['usage']?>

					</td>

					<td>

						<?=$pool['online']?>

					</td>

<?php

				$leaserow = true;

				if (is_array($pool['lease']) && count($pool['lease']) > 0) {

					foreach ($pool['lease'] as $lease) {

						if (!$leaserow) {

							// On subsequent rows the first three columns are blank

?>

				<tr>

					<td></td>

					<td></td>

					<td></td>

<?php

						}

						$leaserow = false;

?>

					<td>

						<?=htmlspecialchars($lease['id'])?>

					</td>

					<td>

						<?=htmlspecialchars($lease['host'])?>

					</td>

					<td>

						<?=htmlspecialchars($lease['status'])?>

					</td>

				</tr>

<?php

					}

				}

				else {

?>

					<td colspan="3" class="warning"><?=gettext('No leases from this pool yet.')?></td>

				</tr>

<?php

				}

			}

?>

			</tbody>

		</table>

	</div>

<?php

}

else

	print_info_box(gettext('No IPsec pools.'));

print_info_box(gettext('You can configure your IPsec subsystem by clicking ') . '<a href="vpn_ipsec.php">' . gettext("here.") . '</a>');

include("foot.inc");

<?php

/*

	diag_ipsec_sad.php

*/

/* ====================================================================

 *  Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved.

 *

 *  Some or all of this file is based on the m0n0wall project which is

 *  Copyright (c)  2004 Manuel Kasper (BSD 2 clause)

 *

 *  Redistribution and use in source and binary forms, with or without modification,

 *  are permitted provided that the following conditions are met:

 *

 *  1. Redistributions of source code must retain the above copyright notice,

 *      this list of conditions and the following disclaimer.

 *

 *  2. Redistributions in binary form must reproduce the above copyright

 *      notice, this list of conditions and the following disclaimer in

 *      the documentation and/or other materials provided with the

 *      distribution.

 *

 *  3. All advertising materials mentioning features or use of this software

 *      must display the following acknowledgment:

 *      "This product includes software developed by the pfSense Project

 *       for use in the pfSense software distribution. (http://www.pfsense.org/).

 *

 *  4. The names "pfSense" and "pfSense Project" must not be used to

 *       endorse or promote products derived from this software without

 *       prior written permission. For written permission, please contact

 *       coreteam@pfsense.org.

 *

 *  5. Products derived from this software may not be called "pfSense"

 *      nor may "pfSense" appear in their names without prior written

 *      permission of the Electric Sheep Fencing, LLC.

 *

 *  6. Redistributions of any form whatsoever must retain the following

 *      acknowledgment:

 *

 *  "This product includes software developed by the pfSense Project

 *  for use in the pfSense software distribution (http://www.pfsense.org/).

 *

 *  THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY

 *  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR

 *  ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 *  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 *  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 *  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 *  OF THE POSSIBILITY OF SUCH DAMAGE.

 *