/usr/local/www/vpn_ipsec_phase2.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase2.php @ 1b01056c

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase2.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase2
34			##\|*NAME=VPN: IPsec: Edit Phase 2 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
36			##\|MATCH=vpn_ipsec_phase2.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44	3462a529	Matthew Grooms	if (!is_array($config['ipsec']['client']))
45			$config['ipsec']['client'] = array();
46
47			$a_client = &$config['ipsec']['client'];
48
49	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase2']))
50			$config['ipsec']['phase2'] = array();
51
52			$a_phase2 = &$config['ipsec']['phase2'];
53
54			$p2index = $_GET['p2index'];
55			if (isset($_POST['p2index']))
56			$p2index = $_POST['p2index'];
57
58			if (isset($_GET['dup']))
59			$p2index = $_GET['dup'];
60
61			if (isset($p2index) && $a_phase2[$p2index])
62			{
63			$pconfig['ikeid'] = $a_phase2[$p2index]['ikeid'];
64			$pconfig['disabled'] = isset($a_phase2[$p2index]['disabled']);
65	4b96b367	mgrooms	$pconfig['mode'] = $a_phase2[$p2index]['mode'];
66	a93e56c5	Matthew Grooms	$pconfig['descr'] = $a_phase2[$p2index]['descr'];
67	e92fb875	Seth Mos	$old_ph2ent = $a_phase2[$p2index];
68	a93e56c5	Matthew Grooms
69			idinfo_to_pconfig("local",$a_phase2[$p2index]['localid'],$pconfig);
70			idinfo_to_pconfig("remote",$a_phase2[$p2index]['remoteid'],$pconfig);
71
72			$pconfig['proto'] = $a_phase2[$p2index]['protocol'];
73			ealgos_to_pconfig($a_phase2[$p2index]['encryption-algorithm-option'],$pconfig);
74			$pconfig['halgos'] = $a_phase2[$p2index]['hash-algorithm-option'];
75			$pconfig['pfsgroup'] = $a_phase2[$p2index]['pfsgroup'];
76			$pconfig['lifetime'] = $a_phase2[$p2index]['lifetime'];
77	87e07f52	mgrooms	$pconfig['pinghost'] = $a_phase2[$p2index]['pinghost'];
78	3462a529	Matthew Grooms
79			if (isset($a_phase2[$p2index]['mobile']))
80			$pconfig['mobile'] = true;
81	a93e56c5	Matthew Grooms	}
82			else
83			{
84			$pconfig['ikeid'] = $_GET['ikeid'];
85
86			/* defaults */
87			$pconfig['localid_type'] = "lan";
88			$pconfig['remoteid_type'] = "network";
89			$pconfig['proto'] = "esp";
90			$pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes");
91			$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
92			$pconfig['pfsgroup'] = "0";
93			$pconfig['lifetime'] = "3600";
94	3462a529	Matthew Grooms
95			/* mobile client */
96			if($_GET['mobile'])
97			$pconfig['mobile']=true;
98	a93e56c5	Matthew Grooms	}
99
100			if (isset($_GET['dup']))
101			unset($p2index);
102
103			if ($_POST) {
104
105			unset($input_errors);
106			$pconfig = $_POST;
107
108			if (!isset( $_POST['ikeid']))
109	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid ikeid must be specified.");
110	a93e56c5	Matthew Grooms
111			/* input validation */
112	3462a529	Matthew Grooms	$reqdfields = explode(" ", "localid_type halgos");
113	123929e0	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Local network type"),gettext("P2 Hash Algorithms"));
114	3462a529	Matthew Grooms	if (!isset($pconfig['mobile'])){
115			$reqdfields[] = "remoteid_type";
116	123929e0	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote network type");
117	3462a529	Matthew Grooms	}
118	a93e56c5	Matthew Grooms
119			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
120
121	4b96b367	mgrooms	if($pconfig['mode'] == "tunnel")
122			{
123			switch ($pconfig['localid_type']) {
124			case "network":
125	184d50b5	Ermal Lu?i	if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) \|\| !is_numeric($pconfig['localid_netbits']))
126	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network bit count must be specified.");
127	4b96b367	mgrooms	case "address":
128			if (!$pconfig['localid_address'] \|\| !is_ipaddr($pconfig['localid_address']))
129	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network IP address must be specified.");
130	4b96b367	mgrooms	break;
131			}
132	a93e56c5	Matthew Grooms
133	4b96b367	mgrooms	switch ($pconfig['remoteid_type']) {
134			case "network":
135	184d50b5	Ermal Lu?i	if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) \|\| !is_numeric($pconfig['remoteid_netbits']))
136	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network bit count must be specified.");
137	4b96b367	mgrooms	case "address":
138			if (!$pconfig['remoteid_address'] \|\| !is_ipaddr($pconfig['remoteid_address']))
139	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network IP address must be specified.");
140	4b96b367	mgrooms	break;
141			}
142	a93e56c5	Matthew Grooms	}
143
144			/* TODO : Validate enabled phase2's are not duplicates */
145
146	3462a529	Matthew Grooms	$ealgos = pconfig_to_ealgos($pconfig);
147
148	a93e56c5	Matthew Grooms	if (!count($ealgos)) {
149	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("At least one encryption algorithm must be selected.");
150	a93e56c5	Matthew Grooms	}
151			if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
152	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("The P2 lifetime must be an integer.");
153	a93e56c5	Matthew Grooms	}
154
155			if (!$input_errors) {
156	3462a529	Matthew Grooms
157			$ph2ent['ikeid'] = $pconfig['ikeid'];
158	4b96b367	mgrooms	$ph2ent['mode'] = $pconfig['mode'];
159	3462a529	Matthew Grooms	$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
160
161	4b96b367	mgrooms	if($ph2ent['mode'] == "tunnel") {
162			$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
163			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
164			}
165	3462a529	Matthew Grooms
166			$ph2ent['protocol'] = $pconfig['proto'];
167	a93e56c5	Matthew Grooms	$ph2ent['encryption-algorithm-option'] = $ealgos;
168	3462a529	Matthew Grooms	$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
169			$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
170			$ph2ent['lifetime'] = $pconfig['lifetime'];
171	87e07f52	mgrooms	$ph2ent['pinghost'] = $pconfig['pinghost'];
172	3462a529	Matthew Grooms	$ph2ent['descr'] = $pconfig['descr'];
173
174			if (isset($pconfig['mobile']))
175			$ph2ent['mobile'] = true;
176	a93e56c5	Matthew Grooms
177			if (isset($p2index) && $a_phase2[$p2index])
178			$a_phase2[$p2index] = $ph2ent;
179			else
180			$a_phase2[] = $ph2ent;
181
182	e92fb875	Seth Mos
183			/* now we need to find all phase2 entries for this host */
184			if(is_array($ph2ent)) {
185			ipsec_lookup_phase1($ph2ent, $ph1ent);
186			$old_ph1ent = $ph1ent;
187			reload_tunnel_spd_policy ($ph1ent, $ph2ent, $old_ph1ent, $old_ph2ent);
188			}
189
190	a93e56c5	Matthew Grooms	write_config();
191	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
192	a93e56c5	Matthew Grooms
193			header("Location: vpn_ipsec.php");
194			exit;
195			}
196			}
197
198	3462a529	Matthew Grooms	if ($pconfig['mobile'])
199	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
200	3462a529	Matthew Grooms	else
201	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
202	6deedfde	jim-p	$statusurl = "diag_ipsec.php";
203			$logurl = "diag_logs_ipsec.php";
204
205	3462a529	Matthew Grooms
206	a93e56c5	Matthew Grooms	include("head.inc");
207
208			?>
209
210			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
211			<?php include("fbegin.inc"); ?>
212			<script language="JavaScript">
213			<!--
214	4b96b367	mgrooms
215			function change_mode() {
216			index = document.iform.mode.selectedIndex;
217			value = document.iform.mode.options[index].value;
218			if (value == 'tunnel') {
219			document.getElementById('opt_localid').style.display = '';
220	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
221	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = '';
222	71880c96	pierrepomes	<?php endif; ?>
223	4b96b367	mgrooms	} else {
224			document.getElementById('opt_localid').style.display = 'none';
225	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
226	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = 'none';
227	71880c96	pierrepomes	<?php endif; ?>
228	4b96b367	mgrooms	}
229			}
230
231	a93e56c5	Matthew Grooms	function typesel_change_local(bits) {
232
233	744187e8	pierrepomes	if (typeof(bits)=="undefined")
234	a93e56c5	Matthew Grooms	bits = 24;
235
236			switch (document.iform.localid_type.selectedIndex) {
237			case 0: /* single */
238			document.iform.localid_address.disabled = 0;
239			document.iform.localid_netbits.value = 0;
240			document.iform.localid_netbits.disabled = 1;
241			break;
242			case 1: /* network */
243			document.iform.localid_address.disabled = 0;
244			document.iform.localid_netbits.value = bits;
245			document.iform.localid_netbits.disabled = 0;
246			break;
247	63017a73	Ermal Lu?i	case 3: /* none */
248			document.iform.localid_address.disabled = 1;
249			document.iform.localid_netbits.disabled = 1;
250			break;
251	a93e56c5	Matthew Grooms	default:
252			document.iform.localid_address.value = "";
253			document.iform.localid_address.disabled = 1;
254			document.iform.localid_netbits.value = 0;
255			document.iform.localid_netbits.disabled = 1;
256			break;
257			}
258			}
259	3462a529	Matthew Grooms
260	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
261	3462a529	Matthew Grooms
262	a93e56c5	Matthew Grooms	function typesel_change_remote(bits) {
263
264	744187e8	pierrepomes	if (typeof(bits)=="undefined")
265	a93e56c5	Matthew Grooms	bits = 24;
266
267			switch (document.iform.remoteid_type.selectedIndex) {
268			case 0: /* single */
269			document.iform.remoteid_address.disabled = 0;
270			document.iform.remoteid_netbits.value = 0;
271			document.iform.remoteid_netbits.disabled = 1;
272			break;
273			case 1: /* network */
274			document.iform.remoteid_address.disabled = 0;
275			document.iform.remoteid_netbits.value = bits;
276			document.iform.remoteid_netbits.disabled = 0;
277			break;
278			default:
279			document.iform.remoteid_address.value = "";
280			document.iform.remoteid_address.disabled = 1;
281			document.iform.remoteid_netbits.value = 0;
282			document.iform.remoteid_netbits.disabled = 1;
283			break;
284			}
285			}
286	3462a529	Matthew Grooms
287			<?php endif; ?>
288
289	4b96b367	mgrooms	function change_protocol() {
290	87e07f52	mgrooms	index = document.iform.proto.selectedIndex;
291			value = document.iform.proto.options[index].value;
292			if (value == 'esp')
293			document.getElementById('opt_enc').style.display = '';
294			else
295			document.getElementById('opt_enc').style.display = 'none';
296			}
297
298	a93e56c5	Matthew Grooms	//-->
299			</script>
300	5a3b0d3b	mgrooms
301			<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
302
303			<?php
304			if ($input_errors)
305			print_input_errors($input_errors);
306			?>
307
308			<table width="100%" border="0" cellpadding="0" cellspacing="0">
309			<tr class="tabnavtbl">
310			<td id="tabnav">
311			<?php
312			$tab_array = array();
313	123929e0	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
314			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
315			$tab_array[2] = array(gettext("Pre-shared keys"), false, "vpn_ipsec_keys.php");
316	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
317			?>
318			</td>
319			</tr>
320			<tr>
321			<td id="mainarea">
322			<div class="tabcont">
323			<table width="100%" border="0" cellpadding="6" cellspacing="0">
324			<tr>
325	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
326	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
327			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
328	123929e0	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase2 entry"); ?></strong>
329	5a3b0d3b	mgrooms	<br>
330	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
331			"removing it from the list"); ?>.
332	5a3b0d3b	mgrooms	</span>
333			</td>
334			</tr>
335			<tr>
336	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
337	4b96b367	mgrooms	<td width="78%" class="vtable">
338			<select name="mode" class="formselect" onChange="change_mode()">
339			<?php
340			foreach($p2_modes as $name => $value):
341			$selected = "";
342			if ($name == $pconfig['mode'])
343			$selected = "selected";
344			?>
345			<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
346			<?php endforeach; ?>
347			</select>
348			</td>
349			</tr>
350			<tr id="opt_localid">
351	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
352	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
353			<table border="0" cellspacing="0" cellpadding="0">
354			<tr>
355	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
356	5a3b0d3b	mgrooms	<td></td>
357			<td>
358			<select name="localid_type" class="formselect" onChange="typesel_change_local()">
359	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected";?>><?=gettext("Address"); ?></option>
360			<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected";?>><?=gettext("Network"); ?></option>
361	d48dbceb	Erik Fonnesbeck	<?php
362			$iflist = get_configured_interface_with_descr();
363			foreach ($iflist as $ifname => $ifdescr):
364			?>
365			<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
366			<?php endforeach; ?>
367	123929e0	Carlos Eduardo Ramos	<option value="none" <?php if ($pconfig['localid_type'] == "none" ) echo "selected";?>><?=gettext("None"); ?></option>
368	5a3b0d3b	mgrooms	</select>
369			</td>
370			</tr>
371			<tr>
372	11c160b0	Rafael Lucas	<td><?=gettext("Address:");?>  </td>
373	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
374			<td>
375	dd5bf424	Scott Ullrich	<input name="localid_address" type="text" class="formfld unknown" id="localid_address" size="20" value="<?=htmlspecialchars($pconfig['localid_address']);?>">
376	5a3b0d3b	mgrooms	/
377			<select name="localid_netbits" class="formselect" id="localid_netbits">
378			<?php for ($i = 32; $i >= 0; $i--): ?>
379			<option value="<?=$i;?>" <?php if ($i == $pconfig['localid_netbits']) echo "selected"; ?>>
380			<?=$i;?>
381			</option>
382			<?php endfor; ?>
383			</select>
384			</td>
385			</tr>
386			</table>
387			</td>
388			</tr>
389
390			<?php if (!isset($pconfig['mobile'])): ?>
391
392	4b96b367	mgrooms	<tr id="opt_remoteid">
393	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
394	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
395			<table border="0" cellspacing="0" cellpadding="0">
396			<tr>
397	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
398	5a3b0d3b	mgrooms	<td></td>
399			<td>
400			<select name="remoteid_type" class="formselect" onChange="typesel_change_remote()">
401	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected"; ?>><?=gettext("Address"); ?></option>
402			<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected"; ?>><?=gettext("Network"); ?></option>
403	5a3b0d3b	mgrooms	</select>
404			</td>
405			</tr>
406			<tr>
407	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Address"); ?>:  </td>
408	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
409			<td>
410	dd5bf424	Scott Ullrich	<input name="remoteid_address" type="text" class="formfld unknown" id="remoteid_address" size="20" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>">
411	5a3b0d3b	mgrooms	/
412			<select name="remoteid_netbits" class="formselect" id="remoteid_netbits">
413	184d50b5	Ermal Lu?i	<?php for ($i = 32; $i >= 0; $i--) {
414
415			echo "<option value=\"{$i}\"";
416			if ($i == $pconfig['remoteid_netbits']) echo " selected";
417			echo ">{$i}</option>\n";
418			} ?>
419	5a3b0d3b	mgrooms	</select>
420			</td>
421			</tr>
422			</table>
423	a93e56c5	Matthew Grooms	</td>
424	5a3b0d3b	mgrooms	</tr>
425
426	3462a529	Matthew Grooms	<?php endif; ?>
427	5a3b0d3b	mgrooms
428			<tr>
429	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
430	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
431			<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
432			<br>
433			<span class="vexpl">
434	123929e0	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
435			"for your reference (not parsed)"); ?>.
436	5a3b0d3b	mgrooms	</span>
437			</td>
438			</tr>
439			<tr>
440			<td colspan="2" class="list" height="12"></td>
441			</tr>
442			<tr>
443			<td colspan="2" valign="top" class="listtopic">
444	123929e0	Carlos Eduardo Ramos	<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
445	5a3b0d3b	mgrooms	</td>
446			</tr>
447			<tr>
448	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
449	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
450	4b96b367	mgrooms	<select name="proto" class="formselect" onChange="change_protocol()">
451	5a3b0d3b	mgrooms	<?php foreach ($p2_protos as $proto => $protoname): ?>
452			<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected"; ?>>
453			<?=htmlspecialchars($protoname);?>
454			</option>
455			<?php endforeach; ?>
456			</select>
457			<br>
458			<span class="vexpl">
459	123929e0	Carlos Eduardo Ramos	<?=gettext("ESP is encryption, AH is authentication only"); ?>
460	5a3b0d3b	mgrooms	</span>
461			</td>
462			</tr>
463	87e07f52	mgrooms	<tr id="opt_enc">
464	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
465	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
466			<table border="0" cellspacing="0" cellpadding="0">
467			<?php
468			foreach ($p2_ealgos as $algo => $algodata):
469			$checked = '';
470			if (in_array($algo,$pconfig['ealgos']))
471			$checked = " checked";
472			?>
473			<tr>
474			<td>
475			<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?>>
476			</td>
477			<td>
478			<?=htmlspecialchars($algodata['name']);?>
479			</td>
480			<td>
481			<?php if(is_array($algodata['keysel'])): ?>
482
483			<select name="keylen_<?=$algo;?>" class="formselect">
484	123929e0	Carlos Eduardo Ramos	<option value="auto"><?=gettext("auto"); ?></option>
485	5a3b0d3b	mgrooms	<?php
486			$key_hi = $algodata['keysel']['hi'];
487			$key_lo = $algodata['keysel']['lo'];
488			$key_step = $algodata['keysel']['step'];
489			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
490			$selected = '';
491			// if ($checked && in_array("keylen_".$algo,$pconfig))
492			if ($keylen == $pconfig["keylen_".$algo])
493			$selected = " selected";
494			?>
495	123929e0	Carlos Eduardo Ramos	<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
496	5a3b0d3b	mgrooms	<?php endfor; ?>
497			</select>
498			<?php endif; ?>
499			</td>
500			</tr>
501
502			<?php endforeach; ?>
503
504			</table>
505			<br>
506	123929e0	Carlos Eduardo Ramos	<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
507			"crypto accelerator card. Blowfish is usually the fastest in " .
508			"software encryption"); ?>.
509	5a3b0d3b	mgrooms	</td>
510			</tr>
511			<tr>
512	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
513	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
514			<?php foreach ($p2_halgos as $algo => $algoname): ?>
515			<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked"; ?>>
516			<?=htmlspecialchars($algoname);?>
517			<br>
518			<?php endforeach; ?>
519			</td>
520			</tr>
521			<tr>
522	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
523	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
524			<?php if (!isset($pconfig['mobile']) \|\| !isset($a_client['pfs_group'])): ?>
525			<select name="pfsgroup" class="formselect">
526			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
527			<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected"; ?>>
528			<?=htmlspecialchars($keygroupname);?>
529			</option>
530			<?php endforeach; ?>
531			</select>
532			<br>
533			<span class="vexpl">
534			<em>
535	123929e0	Carlos Eduardo Ramos	<?=gettext("1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit"); ?>
536	5a3b0d3b	mgrooms	</em>
537			</span>
538
539			<?php else: ?>
540
541			<select class="formselect" disabled>
542			<option selected><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
543			</select>
544	dd5bf424	Scott Ullrich	<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>">
545	5a3b0d3b	mgrooms	<br>
546	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
547	5a3b0d3b	mgrooms	<?php endif; ?>
548			</td>
549			</tr>
550			<tr>
551	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
552	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
553	dd5bf424	Scott Ullrich	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>">
554	123929e0	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
555	5a3b0d3b	mgrooms	</td>
556			</tr>
557	87e07f52	mgrooms	<tr>
558			<td colspan="2" class="list" height="12"></td>
559			</tr>
560			<tr>
561	123929e0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
562	87e07f52	mgrooms	</tr>
563			<tr>
564	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
565	87e07f52	mgrooms	<td width="78%" class="vtable">
566	dd5bf424	Scott Ullrich	<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="20" value="<?=htmlspecialchars($pconfig['pinghost']);?>">
567	123929e0	Carlos Eduardo Ramos	<?=gettext("IP address"); ?>
568	87e07f52	mgrooms	</td>
569			</tr>
570	5a3b0d3b	mgrooms	<tr>
571			<td width="22%" valign="top"> </td>
572			<td width="78%">
573			<?php if (isset($p2index) && $a_phase2[$p2index]): ?>
574			<input name="p2index" type="hidden" value="<?=$p2index;?>">
575			<?php endif; ?>
576			<?php if ($pconfig['mobile']): ?>
577			<input name="mobile" type="hidden" value="true">
578			<input name="remoteid_type" type="hidden" value="mobile">
579			<?php endif; ?>
580	123929e0	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
581	dd5bf424	Scott Ullrich	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>">
582	5a3b0d3b	mgrooms	</td>
583			</tr>
584			</table>
585			</div>
586			</td>
587			</tr>
588			</table>
589	a93e56c5	Matthew Grooms	</form>
590			<script lannguage="JavaScript">
591			<!--
592	dd5bf424	Scott Ullrich	change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
593			change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
594			typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
595	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
596	dd5bf424	Scott Ullrich	typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
597	71880c96	pierrepomes	<?php endif; ?>
598	a93e56c5	Matthew Grooms	//-->
599			</script>
600			<?php include("fend.inc"); ?>
601	3462a529	Matthew Grooms	</body>
602			</html>
603	a93e56c5	Matthew Grooms
604			<?php
605
606	3462a529	Matthew Grooms	/* local utility functions */
607
608	a93e56c5	Matthew Grooms	function pconfig_to_ealgos(& $pconfig) {
609
610			global $p2_ealgos;
611
612			$ealgos = array();
613			foreach ($p2_ealgos as $algo_name => $algo_data) {
614			if (in_array($algo_name,$pconfig['ealgos'])) {
615			$ealg = array();
616			$ealg['name'] = $algo_name;
617			if (is_array($algo_data['keysel']))
618			$ealg['keylen'] = $_POST["keylen_".$algo_name];
619			$ealgos[] = $ealg;
620			}
621			}
622
623			return $ealgos;
624			}
625
626			function ealgos_to_pconfig(& $ealgos,& $pconfig) {
627
628			$pconfig['ealgos'] = array();
629			foreach ($ealgos as $algo_data) {
630			$pconfig['ealgos'][] = $algo_data['name'];
631			if (isset($algo_data['keylen']))
632			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
633			}
634
635			return $ealgos;
636			}
637
638			function pconfig_to_idinfo($prefix,& $pconfig) {
639
640			$type = $pconfig[$prefix."id_type"];
641			$address = $pconfig[$prefix."id_address"];
642			$netbits = $pconfig[$prefix."id_netbits"];
643
644			switch( $type )
645			{
646			case "address":
647			return array('type' => $type, 'address' => $address);
648			case "network":
649			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
650			default:
651			return array('type' => $type );
652			}
653			}
654
655			function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
656
657			switch( $idinfo['type'] )
658			{
659			case "address":
660			$pconfig[$prefix."id_type"] = $idinfo['type'];
661			$pconfig[$prefix."id_address"] = $idinfo['address'];
662			break;
663			case "network":
664			$pconfig[$prefix."id_type"] = $idinfo['type'];
665			$pconfig[$prefix."id_address"] = $idinfo['address'];
666			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
667			break;
668			default:
669			$pconfig[$prefix."id_type"] = $idinfo['type'];
670			break;
671			}
672			}
673
674			?>

Project

General

Profile

pfSense