Revision 22dbacd0
Added by Pi Ba over 7 years ago
| src/etc/inc/globals.inc | ||
|---|---|---|
| 74 | 74 |
"disablecrashreporter" => false, |
| 75 | 75 |
"crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", |
| 76 | 76 |
"debug" => false, |
| 77 |
"latest_config" => "17.3",
|
|
| 77 |
"latest_config" => "17.4",
|
|
| 78 | 78 |
"minimum_ram_warning" => "101", |
| 79 | 79 |
"minimum_ram_warning_text" => "128 MB", |
| 80 | 80 |
"wan_interface_name" => "wan", |
| src/etc/inc/upgrade_config.inc | ||
|---|---|---|
| 5505 | 5505 |
global $config; |
| 5506 | 5506 |
} |
| 5507 | 5507 |
|
| 5508 |
/* IPsec Phase1 now supports multiple authentication ciphers to be specified from the webgui. |
|
| 5509 |
* This is usefull for mobile users using different OS's supporting different ciphers. |
|
| 5510 |
*/ |
|
| 5511 |
function upgrade_173_to_174() {
|
|
| 5512 |
global $config; |
|
| 5513 |
if (is_array($config['ipsec']['phase1'])) {
|
|
| 5514 |
$a_phase1 = &$config['ipsec']['phase1']; |
|
| 5515 |
foreach($a_phase1 as &$phase1) {
|
|
| 5516 |
$item = array(); |
|
| 5517 |
$item['encryption-algorithm'] = $phase1['encryption-algorithm']; |
|
| 5518 |
$item['hash-algorithm'] = $phase1['hash-algorithm']; |
|
| 5519 |
$item['dhgroup'] = $phase1['dhgroup']; |
|
| 5520 |
$phase1['encryption']['item'][] = $item; |
|
| 5521 |
unset($phase1['encryption-algorithm']); |
|
| 5522 |
unset($phase1['hash-algorithm']); |
|
| 5523 |
unset($phase1['dhgroup']); |
|
| 5524 |
} |
|
| 5525 |
} |
|
| 5526 |
} |
|
| 5508 | 5527 |
?> |
| src/etc/inc/vpn.inc | ||
|---|---|---|
| 951 | 951 |
} |
| 952 | 952 |
} |
| 953 | 953 |
|
| 954 |
if (is_array($ph1ent['encryption-algorithm']) && !empty($ph1ent['encryption-algorithm']['name']) && !empty($ph1ent['hash-algorithm'])) {
|
|
| 955 |
$ealgosp1 = ''; |
|
| 956 |
$ealg_id = $ph1ent['encryption-algorithm']['name']; |
|
| 957 |
$ealg_kl = $ph1ent['encryption-algorithm']['keylen']; |
|
| 958 |
if ($ealg_kl) {
|
|
| 959 |
$ealgosp1 = "ike = {$ealg_id}{$ealg_kl}-{$ph1ent['hash-algorithm']}";
|
|
| 960 |
} else {
|
|
| 961 |
$ealgosp1 = "ike = {$ealg_id}-{$ph1ent['hash-algorithm']}";
|
|
| 962 |
} |
|
| 954 |
$ealgosp1 = ''; |
|
| 955 |
if (is_array($ph1ent['encryption']['item'])) {
|
|
| 956 |
$ciphers = ""; |
|
| 957 |
foreach($ph1ent['encryption']['item'] as $p1enc) {
|
|
| 958 |
if (!is_array($p1enc['encryption-algorithm']) || |
|
| 959 |
empty($p1enc['encryption-algorithm']['name']) || |
|
| 960 |
empty($p1enc['hash-algorithm'])) {
|
|
| 961 |
continue; |
|
| 962 |
} |
|
| 963 |
$ciphers .= ","; |
|
| 964 |
$ciphers .= $p1enc['encryption-algorithm']['name']; |
|
| 965 |
$ealg_kl = $p1enc['encryption-algorithm']['keylen']; |
|
| 966 |
if ($ealg_kl) {
|
|
| 967 |
$ciphers .= "{$ealg_kl}";
|
|
| 968 |
} |
|
| 969 |
$ciphers .= "-{$p1enc['hash-algorithm']}";
|
|
| 963 | 970 |
|
| 964 |
$modp = vpn_ipsec_convert_to_modp($ph1ent['dhgroup']); |
|
| 965 |
if (!empty($modp)) {
|
|
| 966 |
$ealgosp1 .= "-{$modp}";
|
|
| 971 |
$modp = vpn_ipsec_convert_to_modp($p1enc['dhgroup']); |
|
| 972 |
if (!empty($modp)) {
|
|
| 973 |
$ciphers .= "-{$modp}";
|
|
| 974 |
} |
|
| 967 | 975 |
} |
| 968 |
|
|
| 969 |
$ealgosp1 .= "!";
|
|
| 976 |
$ciphers = substr($ciphers, 1); |
|
| 977 |
$ealgosp1 = "ike = {$ciphers}!";
|
|
| 970 | 978 |
} |
| 971 | 979 |
|
| 972 | 980 |
if ($ph1ent['dpd_delay'] && $ph1ent['dpd_maxfail']) {
|
| src/usr/local/www/classes/Form/ListItem.class.php | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
/* |
|
| 3 |
* ListItem.class.php |
|
| 4 |
* |
|
| 5 |
* part of pfSense (https://www.pfsense.org) |
|
| 6 |
* Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate) |
|
| 7 |
* Copyright (c) 2015 Sjon Hortensius |
|
| 8 |
* All rights reserved. |
|
| 9 |
* |
|
| 10 |
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
| 11 |
* you may not use this file except in compliance with the License. |
|
| 12 |
* You may obtain a copy of the License at |
|
| 13 |
* |
|
| 14 |
* http://www.apache.org/licenses/LICENSE-2.0 |
|
| 15 |
* |
|
| 16 |
* Unless required by applicable law or agreed to in writing, software |
|
| 17 |
* distributed under the License is distributed on an "AS IS" BASIS, |
|
| 18 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
| 19 |
* See the License for the specific language governing permissions and |
|
| 20 |
* limitations under the License. |
|
| 21 |
*/ |
|
| 22 |
|
|
| 23 |
class Form_ListItem extends Form_Group |
|
| 24 |
{
|
|
| 25 |
protected $_tagName = 'div'; |
|
| 26 |
protected $_attributes = array( |
|
| 27 |
'class' => array('form-listitem' => true),
|
|
| 28 |
); |
|
| 29 |
protected $_title; |
|
| 30 |
protected $_inputs = array(); |
|
| 31 |
protected $_labelTarget; |
|
| 32 |
protected $_help; |
|
| 33 |
protected $_helpParams = array(); |
|
| 34 |
|
|
| 35 |
public function __construct($title) |
|
| 36 |
{
|
|
| 37 |
$this->_title = $title; |
|
| 38 |
} |
|
| 39 |
|
|
| 40 |
public function add(Form_Element $input) |
|
| 41 |
{
|
|
| 42 |
if ($input instanceof Form_Input) {
|
|
| 43 |
$group = new Form_Group($input->getTitle()); |
|
| 44 |
$group->add($input); |
|
| 45 |
$input = $group; |
|
| 46 |
} |
|
| 47 |
|
|
| 48 |
|
|
| 49 |
array_push($this->_inputs, $input); |
|
| 50 |
|
|
| 51 |
return $input; |
|
| 52 |
} |
|
| 53 |
|
|
| 54 |
public function setLabelTarget(Form_Input $input) |
|
| 55 |
{
|
|
| 56 |
$this->_labelTarget = $input; |
|
| 57 |
} |
|
| 58 |
|
|
| 59 |
public function setHelp() |
|
| 60 |
{
|
|
| 61 |
$args = func_get_args(); |
|
| 62 |
$arg0_len = strlen($args[0]); |
|
| 63 |
|
|
| 64 |
if (($arg0_len > 0) && ($arg0_len < 4096)) {
|
|
| 65 |
$args[0] = gettext($args[0]); |
|
| 66 |
} |
|
| 67 |
|
|
| 68 |
if (func_num_args() == 1) {
|
|
| 69 |
$this->_help = $args[0]; |
|
| 70 |
} else {
|
|
| 71 |
$this->_help = call_user_func_array('sprintf', $args);
|
|
| 72 |
} |
|
| 73 |
|
|
| 74 |
$this->_helpParams = ""; |
|
| 75 |
|
|
| 76 |
return $this; |
|
| 77 |
} |
|
| 78 |
|
|
| 79 |
public function enableDuplication($max = null, $horiz = false) |
|
| 80 |
{
|
|
| 81 |
if ($horiz) |
|
| 82 |
$this->addClass('user-duplication-horiz'); // added buttons are 2 cols wide with no offset
|
|
| 83 |
else |
|
| 84 |
$this->addClass('user-duplication'); // added buttons 10 cols wide with 2 col offset
|
|
| 85 |
|
|
| 86 |
if (isset($max)) |
|
| 87 |
$this->_attributes('data-duplicate-max', $max);
|
|
| 88 |
|
|
| 89 |
foreach ($this->_inputs as $input) {
|
|
| 90 |
if ($input instanceof Form_Input) |
|
| 91 |
$input->setIsRepeated(); |
|
| 92 |
} |
|
| 93 |
|
|
| 94 |
return $this; |
|
| 95 |
} |
|
| 96 |
|
|
| 97 |
protected function _getHelp() |
|
| 98 |
{
|
|
| 99 |
if (empty($this->_help)) |
|
| 100 |
return null; |
|
| 101 |
|
|
| 102 |
$group = new Form_Element; |
|
| 103 |
$group->addClass('col-sm-'. Form::MAX_INPUT_WIDTH, 'col-sm-offset-'. Form::LABEL_WIDTH);
|
|
| 104 |
|
|
| 105 |
$help = $this->_help; |
|
| 106 |
|
|
| 107 |
return <<<EOT |
|
| 108 |
{$group}
|
|
| 109 |
<span class="help-block"> |
|
| 110 |
{$help}
|
|
| 111 |
</span> |
|
| 112 |
</div> |
|
| 113 |
EOT; |
|
| 114 |
} |
|
| 115 |
|
|
| 116 |
public function __toString() |
|
| 117 |
{
|
|
| 118 |
global $config, $user_settings; |
|
| 119 |
|
|
| 120 |
$element = Form_Element::__toString(); |
|
| 121 |
|
|
| 122 |
// Automatically determine width for inputs without explicit set |
|
| 123 |
$spaceLeft = Form::MAX_INPUT_WIDTH; |
|
| 124 |
$missingWidth = array(); |
|
| 125 |
|
|
| 126 |
foreach ($this->_inputs as $input) |
|
| 127 |
{
|
|
| 128 |
if ($input instanceof Form_Input) {
|
|
| 129 |
$width = $input->getWidth(); |
|
| 130 |
} else {
|
|
| 131 |
unset($width); |
|
| 132 |
} |
|
| 133 |
if (isset($width)) |
|
| 134 |
$spaceLeft -= $width; |
|
| 135 |
else |
|
| 136 |
array_push($missingWidth, $input); |
|
| 137 |
} |
|
| 138 |
|
|
| 139 |
if ($this->_labelTarget instanceof Form_Input) {
|
|
| 140 |
if (strtolower($this->_labelTarget->getType()) == 'hidden') {
|
|
| 141 |
$hidden = true; |
|
| 142 |
} |
|
| 143 |
|
|
| 144 |
$form_controls = array('input', 'select', 'button', 'textarea', 'option', 'optgroup', 'fieldset', 'label');
|
|
| 145 |
|
|
| 146 |
if (in_array(strtolower($this->_labelTarget->getTagName()), $form_controls) && !$hidden) {
|
|
| 147 |
$target = $this->_labelTarget->getId(); |
|
| 148 |
} |
|
| 149 |
} |
|
| 150 |
$inputs = implode('', $this->_inputs);
|
|
| 151 |
$help = $this->_getHelp(); |
|
| 152 |
|
|
| 153 |
if (!$user_settings['webgui']['webguileftcolumnhyper']) {
|
|
| 154 |
$target = null; |
|
| 155 |
} |
|
| 156 |
|
|
| 157 |
if (!empty(trim($this->_title)) || is_numeric($this->_title)) {
|
|
| 158 |
$title = htmlspecialchars(gettext($this->_title)); |
|
| 159 |
|
|
| 160 |
// If the element tile (label) begins with a '*', remove the '*' and add a span with class |
|
| 161 |
// 'element-required'. Text decoration can then be added in the CSS to indicate that this is a |
|
| 162 |
// required field |
|
| 163 |
if (substr($title, 0, 1 ) === "*" ) {
|
|
| 164 |
$title = '<span class="element-required">' . substr($title, 1) . '</span>'; |
|
| 165 |
} else {
|
|
| 166 |
$title = '<span>' . $title . '</span>'; |
|
| 167 |
} |
|
| 168 |
} |
|
| 169 |
|
|
| 170 |
/*return <<<EOT |
|
| 171 |
<div class="hoihoi"> |
|
| 172 |
{$inputs}
|
|
| 173 |
</div> |
|
| 174 |
EOT;*/ |
|
| 175 |
|
|
| 176 |
return <<<EOT |
|
| 177 |
{$element}
|
|
| 178 |
{$label}
|
|
| 179 |
{$title}
|
|
| 180 |
</label> |
|
| 181 |
{$inputs}
|
|
| 182 |
{$help}
|
|
| 183 |
</div> |
|
| 184 |
EOT; |
|
| 185 |
} |
|
| 186 |
} |
|
| src/usr/local/www/css/Compact-RED.css | ||
|---|---|---|
| 128 | 128 |
.form-group {
|
| 129 | 129 |
padding: 2px 5px 2px 5px; |
| 130 | 130 |
} |
| 131 |
|
|
| 132 |
.user-duplication .controls {
|
|
| 133 |
margin-top: 0px; |
|
| 134 |
} |
|
| 135 |
|
|
| 131 | 136 |
.table>tbody>tr>td,.table>tbody>tr>th,.table>tfoot>tr>td,.table>tfoot>tr>th,.table>thead>tr>td,.table>thead>tr>th {
|
| 132 | 137 |
padding:2px; |
| 133 | 138 |
} |
| src/usr/local/www/css/pfSense.css | ||
|---|---|---|
| 303 | 303 |
border-bottom: none; |
| 304 | 304 |
} |
| 305 | 305 |
|
| 306 |
.form-listitem {
|
|
| 307 |
border-top: 3px solid #E0E0E0; |
|
| 308 |
} |
|
| 309 |
.form-listitem:first-child {
|
|
| 310 |
border-top: none; |
|
| 311 |
} |
|
| 312 |
|
|
| 306 | 313 |
.input-group-addon {
|
| 307 | 314 |
padding: 0 12px; |
| 308 | 315 |
} |
| src/usr/local/www/js/pfSense.js | ||
|---|---|---|
| 113 | 113 |
}); |
| 114 | 114 |
})(); |
| 115 | 115 |
|
| 116 |
// Add +/- buttons to certain Groups; to allow adding multiple entries |
|
| 117 |
(function() |
|
| 118 |
{
|
|
| 119 |
var groups = $('div.form-listitem.user-duplication');
|
|
| 120 |
var fg = $('<div class="form-group"></div>');
|
|
| 121 |
var controlsContainer = $('<div class="col-sm-10 col-sm-offset-2 controls"></div>');
|
|
| 122 |
var plus = $('<a class="btn btn-xs btn-success"><i class="fa fa-plus icon-embed-btn"></i>Add</a>');
|
|
| 123 |
var minus = $('<a class="btn btn-xs btn-warning"><i class="fa fa-trash icon-embed-btn"></i>Delete</a>');
|
|
| 124 |
|
|
| 125 |
minus.on('click', function(){
|
|
| 126 |
var groups = $('div.form-listitem.user-duplication');
|
|
| 127 |
if (groups.length > 1) {
|
|
| 128 |
$(this).parents('div.form-listitem').remove();
|
|
| 129 |
} |
|
| 130 |
}); |
|
| 131 |
|
|
| 132 |
plus.on('click', function(){
|
|
| 133 |
var group = $(this).parents('div.form-listitem');
|
|
| 134 |
var clone = group.clone(true); |
|
| 135 |
bump_input_id(clone); |
|
| 136 |
clone.appendTo(group.parent()); |
|
| 137 |
}); |
|
| 138 |
|
|
| 139 |
groups.each(function(idx, group){
|
|
| 140 |
var fgClone = fg.clone(true).appendTo(group); |
|
| 141 |
var controlsClone = controlsContainer.clone(true).appendTo(fgClone); |
|
| 142 |
minus.clone(true).appendTo(controlsClone); |
|
| 143 |
plus.clone(true).appendTo(controlsClone); |
|
| 144 |
}); |
|
| 145 |
})(); |
|
| 146 |
|
|
| 116 | 147 |
// Automatically change IpAddress mask selectors to 128/32 options for IPv6/IPv4 addresses |
| 117 | 148 |
$('span.pfIpMask + select').each(function (idx, select){
|
| 118 | 149 |
var input = $(select).prevAll('input[type=text]');
|
| src/usr/local/www/js/pfSenseHelpers.js | ||
|---|---|---|
| 219 | 219 |
}); |
| 220 | 220 |
} |
| 221 | 221 |
|
| 222 |
// Increment the number at the end of the string |
|
| 223 |
function getStringInt( str ) {
|
|
| 224 |
var data = str.match(/(\D*)(\d+)(\D*)/), newStr = ""; |
|
| 225 |
return Number( data[ 2 ] ); |
|
| 226 |
} |
|
| 227 |
|
|
| 222 | 228 |
// Increment the number at the end of the string |
| 223 | 229 |
function bumpStringInt( str ) {
|
| 224 | 230 |
var data = str.match(/(\D*)(\d+)(\D*)/), newStr = ""; |
| ... | ... | |
| 293 | 299 |
} |
| 294 | 300 |
} |
| 295 | 301 |
|
| 296 |
function add_row() {
|
|
| 297 |
// Find the last repeatable group |
|
| 298 |
var lastRepeatableGroup = $('.repeatable:last');
|
|
| 299 |
|
|
| 300 |
// If the number of repeats exceeds the maximum, do not add another clone |
|
| 301 |
if ($('.repeatable').length >= lastRepeatableGroup.attr('max_repeats')) {
|
|
| 302 |
// Alert user if alert message is specified |
|
| 303 |
if (typeof lastRepeatableGroup.attr('max_repeats_alert') !== 'undefined') {
|
|
| 304 |
alert(lastRepeatableGroup.attr('max_repeats_alert'));
|
|
| 305 |
} |
|
| 306 |
return; |
|
| 307 |
} |
|
| 308 |
|
|
| 309 |
// Clone it |
|
| 310 |
var newGroup = lastRepeatableGroup.clone(); |
|
| 311 |
|
|
| 312 |
// Increment the suffix number for each input element in the new group |
|
| 302 |
function bump_input_id(newGroup) {
|
|
| 313 | 303 |
$(newGroup).find('input').each(function() {
|
| 314 | 304 |
$(this).prop("id", bumpStringInt(this.id));
|
| 315 | 305 |
$(this).prop("name", bumpStringInt(this.name));
|
| ... | ... | |
| 339 | 329 |
} |
| 340 | 330 |
} |
| 341 | 331 |
}); |
| 332 |
} |
|
| 333 |
function add_row() {
|
|
| 334 |
// Find the last repeatable group |
|
| 335 |
var lastRepeatableGroup = $('.repeatable:last');
|
|
| 336 |
|
|
| 337 |
// If the number of repeats exceeds the maximum, do not add another clone |
|
| 338 |
if ($('.repeatable').length >= lastRepeatableGroup.attr('max_repeats')) {
|
|
| 339 |
// Alert user if alert message is specified |
|
| 340 |
if (typeof lastRepeatableGroup.attr('max_repeats_alert') !== 'undefined') {
|
|
| 341 |
alert(lastRepeatableGroup.attr('max_repeats_alert'));
|
|
| 342 |
} |
|
| 343 |
return; |
|
| 344 |
} |
|
| 345 |
|
|
| 346 |
// Clone it |
|
| 347 |
var newGroup = lastRepeatableGroup.clone(); |
|
| 348 |
|
|
| 349 |
// Increment the suffix number for each input element in the new group |
|
| 350 |
bump_input_id(newGroup); |
|
| 342 | 351 |
|
| 343 | 352 |
// And for "for" tags |
| 344 | 353 |
// $(newGroup).find('label').attr('for', bumpStringInt($(newGroup).find('label').attr('for')));
|
| src/usr/local/www/vpn_ipsec.php | ||
|---|---|---|
| 252 | 252 |
<th><?=gettext("Mode")?></th>
|
| 253 | 253 |
<th><?=gettext("P1 Protocol")?></th>
|
| 254 | 254 |
<th><?=gettext("P1 Transforms")?></th>
|
| 255 |
<th><?=gettext("P1 DH-Group")?></th>
|
|
| 255 | 256 |
<th><?=gettext("P1 Description")?></th>
|
| 256 | 257 |
<th><?=gettext("Actions")?></th>
|
| 257 | 258 |
</tr> |
| ... | ... | |
| 334 | 335 |
<?=$spane?> |
| 335 | 336 |
</td> |
| 336 | 337 |
<td id="frd<?=$i?>"> |
| 337 |
<?=$p1_ealgos[$ph1ent['encryption-algorithm']['name']]['name']?> |
|
| 338 | 338 |
<?php |
| 339 |
if ($ph1ent['encryption-algorithm']['keylen']) {
|
|
| 340 |
if ($ph1ent['encryption-algorithm']['keylen'] == "auto") {
|
|
| 341 |
echo " (" . gettext("auto") . ")";
|
|
| 342 |
} else {
|
|
| 343 |
echo " ({$ph1ent['encryption-algorithm']['keylen']} " . gettext("bits") . ")";
|
|
| 339 |
$first = true; |
|
| 340 |
if (is_array($ph1ent['encryption']['item'])) {
|
|
| 341 |
foreach($ph1ent['encryption']['item'] as $p1algo) {
|
|
| 342 |
if (!$first) {
|
|
| 343 |
echo "<br/>"; |
|
| 344 |
} |
|
| 345 |
echo $p1_ealgos[$p1algo['encryption-algorithm']['name']]['name']; |
|
| 346 |
if ($p1algo['encryption-algorithm']['keylen']) {
|
|
| 347 |
if ($p1algo['encryption-algorithm']['keylen'] == "auto") {
|
|
| 348 |
echo " (" . gettext("auto") . ")";
|
|
| 349 |
} else {
|
|
| 350 |
echo " ({$p1algo['encryption-algorithm']['keylen']} " . gettext("bits") . ")";
|
|
| 351 |
} |
|
| 352 |
} |
|
| 353 |
$first = false; |
|
| 354 |
} |
|
| 344 | 355 |
} |
| 345 |
} |
|
| 346 | 356 |
?> |
| 347 | 357 |
</td> |
| 348 | 358 |
<td> |
| 349 |
<?=$p1_halgos[$ph1ent['hash-algorithm']]?> |
|
| 359 |
<?php $first = true; |
|
| 360 |
if (is_array($ph1ent['encryption']['item'])) {
|
|
| 361 |
foreach($ph1ent['encryption']['item'] as $p1algo) {
|
|
| 362 |
if (!$first) {
|
|
| 363 |
echo "<br/>"; |
|
| 364 |
} |
|
| 365 |
echo $p1_halgos[$p1algo['hash-algorithm']]; |
|
| 366 |
$first = false; |
|
| 367 |
} |
|
| 368 |
} |
|
| 369 |
?> |
|
| 370 |
</td> |
|
| 371 |
<td> |
|
| 372 |
<?php $first = true; |
|
| 373 |
if (is_array($ph1ent['encryption']['item'])) {
|
|
| 374 |
foreach($ph1ent['encryption']['item'] as $p1algo) {
|
|
| 375 |
if (!$first) {
|
|
| 376 |
echo "<br/>"; |
|
| 377 |
} |
|
| 378 |
echo str_replace(" "," ",$p1_dhgroups[$p1algo['dhgroup']]);
|
|
| 379 |
$first = false; |
|
| 380 |
} |
|
| 381 |
} |
|
| 382 |
?> |
|
| 350 | 383 |
</td> |
| 351 | 384 |
<td> |
| 352 | 385 |
<?=htmlspecialchars($ph1ent['descr'])?> |
| src/usr/local/www/vpn_ipsec_phase1.php | ||
|---|---|---|
| 91 | 91 |
$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data']; |
| 92 | 92 |
$pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type']; |
| 93 | 93 |
$pconfig['peerid_data'] = $a_phase1[$p1index]['peerid_data']; |
| 94 |
$pconfig['ealgo'] = $a_phase1[$p1index]['encryption-algorithm']; |
|
| 95 |
$pconfig['halgo'] = $a_phase1[$p1index]['hash-algorithm']; |
|
| 96 |
$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup']; |
|
| 94 |
$pconfig['encryption'] = $a_phase1[$p1index]['encryption']; |
|
| 97 | 95 |
$pconfig['lifetime'] = $a_phase1[$p1index]['lifetime']; |
| 98 | 96 |
$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method']; |
| 99 | 97 |
|
| ... | ... | |
| 153 | 151 |
$pconfig['myid_type'] = "myaddress"; |
| 154 | 152 |
$pconfig['peerid_type'] = "peeraddress"; |
| 155 | 153 |
$pconfig['authentication_method'] = "pre_shared_key"; |
| 156 |
$pconfig['ealgo'] = array(name => "aes"); |
|
| 157 |
$pconfig['halgo'] = "sha1"; |
|
| 158 |
$pconfig['dhgroup'] = "2"; |
|
| 159 | 154 |
$pconfig['lifetime'] = "28800"; |
| 160 | 155 |
$pconfig['rekey_enable'] = true; |
| 161 | 156 |
$pconfig['nat_traversal'] = 'on'; |
| ... | ... | |
| 169 | 164 |
$pconfig['mode'] = "aggressive"; |
| 170 | 165 |
} |
| 171 | 166 |
} |
| 167 |
// default value for new P1 and failsafe to always have at least 1 encryption item for the Form_ListItem |
|
| 168 |
if (!is_array($pconfig['encryption']['item']) || count($pconfig['encryption']['item']) == 0) {
|
|
| 169 |
$item = array(); |
|
| 170 |
$item['encryption-algorithm'] = array(name => "aes"); |
|
| 171 |
$item['hash-algorithm'] = "sha1"; |
|
| 172 |
$item['dhgroup'] = "2"; |
|
| 173 |
$pconfig['encryption']['item'][] = $item; |
|
| 174 |
} |
|
| 172 | 175 |
|
| 173 | 176 |
if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) {
|
| 174 | 177 |
unset($p1index); |
| ... | ... | |
| 178 | 181 |
unset($input_errors); |
| 179 | 182 |
$pconfig = $_POST; |
| 180 | 183 |
|
| 184 |
for($i = 0; $i < 100; $i++) {
|
|
| 185 |
if (isset($_POST['ealgo_algo'.$i])) {
|
|
| 186 |
$item = array(); |
|
| 187 |
$item['encryption-algorithm']['name'] = $_POST['ealgo_algo'.$i]; |
|
| 188 |
$item['encryption-algorithm']['keylen'] = $_POST['ealgo_keylen'.$i]; |
|
| 189 |
$item['hash-algorithm'] = $_POST['halgo'.$i]; |
|
| 190 |
$item['dhgroup'] = $_POST['dhgroup'.$i]; |
|
| 191 |
$pconfig['encryption']['item'][] = $item; |
|
| 192 |
} |
|
| 193 |
} |
|
| 194 |
|
|
| 181 | 195 |
/* input validation */ |
| 182 | 196 |
|
| 183 | 197 |
$method = $pconfig['authentication_method']; |
| ... | ... | |
| 407 | 421 |
if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2" && $pconfig['iketype'] != "auto") {
|
| 408 | 422 |
$input_errors[] = gettext("Valid arguments for IKE type are v1, v2 or auto");
|
| 409 | 423 |
} |
| 410 |
|
|
| 411 |
if (preg_match("/aes\d+gcm/", $_POST['ealgo']) && $_POST['iketype'] != "ikev2") {
|
|
| 412 |
$input_errors[] = gettext("Encryption Algorithm AES-GCM can only be used with IKEv2");
|
|
| 424 |
|
|
| 425 |
foreach($pconfig['encryption']['item'] as $p1algo) {
|
|
| 426 |
if (preg_match("/aes\d+gcm/", $p1algo['encryption-algorithm']['name']) && $_POST['iketype'] != "ikev2") {
|
|
| 427 |
$input_errors[] = gettext("Encryption Algorithm AES-GCM can only be used with IKEv2");
|
|
| 428 |
} |
|
| 413 | 429 |
} |
| 414 |
|
|
| 415 | 430 |
/* auth backend for mobile eap-radius VPNs should be a RADIUS server */ |
| 416 | 431 |
if (($pconfig['authentication_method'] == 'eap-radius') && $pconfig['mobile']) {
|
| 417 | 432 |
if (!empty($config['ipsec']['client']['user_source'])) {
|
| ... | ... | |
| 425 | 440 |
} |
| 426 | 441 |
} |
| 427 | 442 |
|
| 428 |
/* build our encryption algorithms array */ |
|
| 429 |
$pconfig['ealgo'] = array(); |
|
| 430 |
$pconfig['ealgo']['name'] = $_POST['ealgo']; |
|
| 431 |
if ($pconfig['ealgo_keylen']) {
|
|
| 432 |
$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen']; |
|
| 433 |
} |
|
| 434 |
|
|
| 435 | 443 |
if (!$input_errors) {
|
| 436 | 444 |
$ph1ent['ikeid'] = $pconfig['ikeid']; |
| 437 | 445 |
$ph1ent['iketype'] = $pconfig['iketype']; |
| ... | ... | |
| 463 | 471 |
$ph1ent['peerid_type'] = $pconfig['peerid_type']; |
| 464 | 472 |
$ph1ent['peerid_data'] = $pconfig['peerid_data']; |
| 465 | 473 |
|
| 466 |
$ph1ent['encryption-algorithm'] = $pconfig['ealgo']; |
|
| 467 |
$ph1ent['hash-algorithm'] = $pconfig['halgo']; |
|
| 468 |
$ph1ent['dhgroup'] = $pconfig['dhgroup']; |
|
| 474 |
$ph1ent['encryption'] = $pconfig['encryption']; |
|
| 469 | 475 |
$ph1ent['lifetime'] = $pconfig['lifetime']; |
| 470 | 476 |
$ph1ent['pre-shared-key'] = $pconfig['pskey']; |
| 471 | 477 |
$ph1ent['private-key'] = base64_encode($pconfig['privatekey']); |
| ... | ... | |
| 798 | 804 |
build_ca_list() |
| 799 | 805 |
))->setHelp('Select a certificate authority previously configured in the Certificate Manager.');
|
| 800 | 806 |
|
| 807 |
$form->add($section); |
|
| 808 |
$section = new Form_Section('NOTITLE');
|
|
| 809 |
foreach($pconfig['encryption']['item'] as $key => $p1enc) {
|
|
| 810 |
$li = new Form_ListItem("");
|
|
| 811 |
$group = new Form_Group('*Encryption Algorithm');
|
|
| 812 |
$group->add(new Form_Select( |
|
| 813 |
'ealgo_algo'.$key, |
|
| 814 |
null, |
|
| 815 |
$p1enc['encryption-algorithm']['name'], |
|
| 816 |
build_eal_list() |
|
| 817 |
)); |
|
| 818 |
$group->add(new Form_Select( |
|
| 819 |
'ealgo_keylen'.$key, |
|
| 820 |
null, |
|
| 821 |
$p1enc['encryption-algorithm']['keylen'], |
|
| 822 |
array() |
|
| 823 |
)); |
|
| 824 |
$li->add($group); |
|
| 825 |
|
|
| 826 |
$li->add(new Form_Select( |
|
| 827 |
'halgo'.$key, |
|
| 828 |
'*Hash Algorithm', |
|
| 829 |
$p1enc['hash-algorithm'], |
|
| 830 |
$p1_halgos |
|
| 831 |
))->setHelp('Must match the setting chosen on the remote side.');
|
|
| 832 |
|
|
| 833 |
$li->add(new Form_Select( |
|
| 834 |
'dhgroup'.$key, |
|
| 835 |
'*DH Group', |
|
| 836 |
$p1enc['dhgroup'], |
|
| 837 |
$p1_dhgroups |
|
| 838 |
))->setHelp('Must match the setting chosen on the remote side.');
|
|
| 839 |
|
|
| 840 |
$li->enableDuplication(null); |
|
| 841 |
$section->add($li); |
|
| 842 |
} |
|
| 801 | 843 |
$form->add($section); |
| 802 | 844 |
|
| 803 |
$section = new Form_Section('Phase 1 Proposal (Algorithms)');
|
|
| 804 |
|
|
| 805 |
$group = new Form_Group('*Encryption Algorithm');
|
|
| 806 |
|
|
| 807 |
$group->add(new Form_Select( |
|
| 808 |
'ealgo', |
|
| 809 |
null, |
|
| 810 |
$pconfig['ealgo']['name'], |
|
| 811 |
build_eal_list() |
|
| 812 |
)); |
|
| 813 |
|
|
| 814 |
$group->add(new Form_Select( |
|
| 815 |
'ealgo_keylen', |
|
| 845 |
$section = new Form_Section('NOTITLE');
|
|
| 846 |
$btnaddopt = new Form_Button( |
|
| 847 |
'algoaddrow', |
|
| 848 |
'Add Encryption Settings', |
|
| 816 | 849 |
null, |
| 817 |
$pconfig['ealgo_keylen'], |
|
| 818 |
array() |
|
| 819 |
)); |
|
| 820 |
|
|
| 821 |
$section->add($group); |
|
| 822 |
|
|
| 823 |
$section->addInput(new Form_Select( |
|
| 824 |
'halgo', |
|
| 825 |
'*Hash Algorithm', |
|
| 826 |
$pconfig['halgo'], |
|
| 827 |
$p1_halgos |
|
| 828 |
))->setHelp('Must match the setting chosen on the remote side.');
|
|
| 829 |
|
|
| 830 |
$section->addInput(new Form_Select( |
|
| 831 |
'dhgroup', |
|
| 832 |
'*DH Group', |
|
| 833 |
$pconfig['dhgroup'], |
|
| 834 |
$p1_dhgroups |
|
| 835 |
))->setHelp('Must match the setting chosen on the remote side.');
|
|
| 850 |
'fa-plus' |
|
| 851 |
); |
|
| 852 |
$btnaddopt->removeClass('btn-primary')->addClass('btn-success btn-sm');
|
|
| 836 | 853 |
|
| 837 | 854 |
$section->addInput(new Form_Input( |
| 838 | 855 |
'lifetime', |
| ... | ... | |
| 964 | 981 |
|
| 965 | 982 |
print($form); |
| 966 | 983 |
|
| 967 |
/* determine if we should init the key length */ |
|
| 968 |
$keyset = ''; |
|
| 969 |
if (isset($pconfig['ealgo']['keylen'])) {
|
|
| 970 |
if (is_numericint($pconfig['ealgo']['keylen'])) {
|
|
| 971 |
$keyset = $pconfig['ealgo']['keylen']; |
|
| 972 |
} |
|
| 973 |
} |
|
| 974 | 984 |
?> |
| 975 | 985 |
|
| 976 | 986 |
|
| ... | ... | |
| 979 | 989 |
<script type="text/javascript"> |
| 980 | 990 |
//<![CDATA[ |
| 981 | 991 |
events.push(function() {
|
| 992 |
|
|
| 993 |
$('[id^=algoaddrow]').prop('type','button');
|
|
| 994 |
|
|
| 995 |
$('[id^=algoaddrow]').click(function() {
|
|
| 996 |
add_row(); |
|
| 997 |
|
|
| 998 |
var lastRepeatableGroup = $('.repeatable:last');
|
|
| 999 |
$(lastRepeatableGroup).find('[id^=ealgo_algo]select').change(function () {
|
|
| 1000 |
id = getStringInt(this.id); |
|
| 1001 |
ealgosel_change(id, ''); |
|
| 1002 |
}); |
|
| 1003 |
|
|
| 1004 |
}); |
|
| 982 | 1005 |
|
| 983 | 1006 |
function myidsel_change() {
|
| 984 | 1007 |
hideGroupInput('myid_data', ($('#myid_type').val() == 'myaddress'));
|
| ... | ... | |
| 1054 | 1077 |
} |
| 1055 | 1078 |
|
| 1056 | 1079 |
/* PHP generates javascript case statements for variable length keys */ |
| 1057 |
function ealgosel_change(bits) {
|
|
| 1080 |
function ealgosel_change(id, bits) {
|
|
| 1058 | 1081 |
|
| 1059 |
$("select[name='ealgo_keylen']").find('option').remove().end();
|
|
| 1082 |
$("select[name='ealgo_keylen"+id+"']").find('option').remove().end();
|
|
| 1060 | 1083 |
|
| 1061 |
switch ($('#ealgo').find(":selected").index().toString()) {
|
|
| 1084 |
switch ($('#ealgo_algo'+id).find(":selected").index().toString()) {
|
|
| 1062 | 1085 |
<?php |
| 1063 | 1086 |
$i = 0; |
| 1064 | 1087 |
foreach ($p1_ealgos as $algo => $algodata) {
|
| 1065 | 1088 |
if (is_array($algodata['keysel'])) {
|
| 1066 | 1089 |
?> |
| 1067 | 1090 |
case '<?=$i?>': |
| 1068 |
hideGroupInput('ealgo_keylen', false);
|
|
| 1091 |
hideGroupInput('ealgo_keylen'+id, false);
|
|
| 1069 | 1092 |
<?php |
| 1070 | 1093 |
$key_hi = $algodata['keysel']['hi']; |
| 1071 | 1094 |
$key_lo = $algodata['keysel']['lo']; |
| ... | ... | |
| 1073 | 1096 |
|
| 1074 | 1097 |
for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step) {
|
| 1075 | 1098 |
?> |
| 1076 |
$("select[name='ealgo_keylen']").append($('<option value="<?=$keylen?>"><?=$keylen?> bits</option>'));
|
|
| 1099 |
$("select[name='ealgo_keylen"+id+"']").append($('<option value="<?=$keylen?>"><?=$keylen?> bits</option>'));
|
|
| 1077 | 1100 |
<?php |
| 1078 | 1101 |
} |
| 1079 | 1102 |
?> |
| ... | ... | |
| 1082 | 1105 |
} else {
|
| 1083 | 1106 |
?> |
| 1084 | 1107 |
case '<?=$i?>': |
| 1085 |
hideGroupInput('ealgo_keylen', true);
|
|
| 1108 |
hideGroupInput('ealgo_keylen'+id, true);
|
|
| 1086 | 1109 |
break; |
| 1087 | 1110 |
<?php |
| 1088 | 1111 |
} |
| ... | ... | |
| 1092 | 1115 |
} |
| 1093 | 1116 |
|
| 1094 | 1117 |
if (bits) {
|
| 1095 |
$('#ealgo_keylen').val(bits);
|
|
| 1118 |
$('#ealgo_keylen'+id).val(bits);
|
|
| 1096 | 1119 |
} |
| 1097 | 1120 |
} |
| 1098 | 1121 |
|
| ... | ... | |
| 1161 | 1184 |
}); |
| 1162 | 1185 |
|
| 1163 | 1186 |
// algorithm |
| 1164 |
$('#ealgo').change(function () {
|
|
| 1165 |
ealgosel_change(<?=$keyset?>); |
|
| 1187 |
$('[id^=ealgo_algo]select').change(function () {
|
|
| 1188 |
id = getStringInt(this.id); |
|
| 1189 |
ealgosel_change(id, <?=$keyset?>); |
|
| 1166 | 1190 |
}); |
| 1167 | 1191 |
|
| 1168 | 1192 |
// On ititial page load |
| ... | ... | |
| 1170 | 1194 |
peeridsel_change(); |
| 1171 | 1195 |
iketype_change(); |
| 1172 | 1196 |
methodsel_change(); |
| 1173 |
ealgosel_change(<?=$keyset?>); |
|
| 1174 | 1197 |
rekeychkbox_change(); |
| 1175 | 1198 |
dpdchkbox_change(); |
| 1199 |
<?php |
|
| 1200 |
foreach($pconfig['encryption']['item'] as $key => $p1enc) {
|
|
| 1201 |
$keylen = $p1enc['encryption-algorithm']['keylen']; |
|
| 1202 |
if (!is_numericint($keylen)) {
|
|
| 1203 |
$keylen = "''"; |
|
| 1204 |
} |
|
| 1205 |
echo "ealgosel_change({$key}, {$keylen});";
|
|
| 1206 |
} |
|
| 1207 |
?> |
|
| 1176 | 1208 |
|
| 1177 | 1209 |
// ---------- On initial page load ------------------------------------------------------------ |
| 1178 | 1210 |
|
Also available in: Unified diff
ipsec, allow configuration of multiple ike phase1 encryption ciphers (algo/bits/hash/dh)
this is useful for mobile users that need to connect with different operating systems. This way there is no need to find a single commonly supported weaker cipher.