/usr/local/www/vpn_ipsec_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_edit.php @ 23a8ad04

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2			<?php
3	b46bfcf5	Bill Marquette	/* $Id$ */
4	5b237745	Scott Ullrich	/*
5			vpn_ipsec_edit.php
6	cfc707f7	Scott Ullrich	Copyright (C) 2004 Scott Ullrich
7			All rights reserved.
8	5dd55fa3	Scott Ullrich
9	cfc707f7	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
10	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
11			All rights reserved.
12	40dd6441	Scott Ullrich
13	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
14			modification, are permitted provided that the following conditions are met:
15	5dd55fa3	Scott Ullrich
16	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
17			this list of conditions and the following disclaimer.
18	5dd55fa3	Scott Ullrich
19	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
20			notice, this list of conditions and the following disclaimer in the
21			documentation and/or other materials provided with the distribution.
22	5dd55fa3	Scott Ullrich
23	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
25			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
27			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32			POSSIBILITY OF SUCH DAMAGE.
33			*/
34
35			require("guiconfig.inc");
36
37			if (!is_array($config['ipsec']['tunnel'])) {
38			$config['ipsec']['tunnel'] = array();
39			}
40			$a_ipsec = &$config['ipsec']['tunnel'];
41
42			$specialsrcdst = explode(" ", "lan");
43
44			$id = $_GET['id'];
45			if (isset($_POST['id']))
46			$id = $_POST['id'];
47	5dd55fa3	Scott Ullrich
48	5b237745	Scott Ullrich	function is_specialnet($net) {
49			global $specialsrcdst;
50	5dd55fa3	Scott Ullrich
51	5b237745	Scott Ullrich	if (in_array($net, $specialsrcdst))
52			return true;
53			else
54			return false;
55			}
56
57			if (isset($id) && $a_ipsec[$id]) {
58			$pconfig['disabled'] = isset($a_ipsec[$id]['disabled']);
59			$pconfig['auto'] = isset($a_ipsec[$id]['auto']);
60	5dd55fa3	Scott Ullrich	$pconfig['creategif'] = $a_filter[$id]['creategif'];
61	c8e8de6f	Scott Ullrich
62	5b237745	Scott Ullrich	if (!isset($a_ipsec[$id]['local-subnet']))
63			$pconfig['localnet'] = "lan";
64			else
65	23a8ad04	Bill Marquette	address_to_pconfig($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask'], null, null, null);
66	5dd55fa3	Scott Ullrich
67	5b237745	Scott Ullrich	if ($a_ipsec[$id]['interface'])
68			$pconfig['interface'] = $a_ipsec[$id]['interface'];
69			else
70			$pconfig['interface'] = "wan";
71	5dd55fa3	Scott Ullrich
72	5b237745	Scott Ullrich	list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']);
73			$pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway'];
74			$pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode'];
75	5dd55fa3	Scott Ullrich
76	5b237745	Scott Ullrich	if (isset($a_ipsec[$id]['p1']['myident']['myaddress']))
77			$pconfig['p1myidentt'] = 'myaddress';
78			else if (isset($a_ipsec[$id]['p1']['myident']['address'])) {
79			$pconfig['p1myidentt'] = 'address';
80			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['address'];
81			} else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) {
82			$pconfig['p1myidentt'] = 'fqdn';
83			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn'];
84			} else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) {
85			$pconfig['p1myidentt'] = 'user_fqdn';
86			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
87			}
88	5dd55fa3	Scott Ullrich
89	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
90			$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
91			$pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
92			$pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
93			$pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
94			$pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
95			$pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
96			$pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
97			$pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup'];
98			$pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime'];
99			$pconfig['descr'] = $a_ipsec[$id]['descr'];
100	5dd55fa3	Scott Ullrich
101	5b237745	Scott Ullrich	} else {
102			/* defaults */
103			$pconfig['interface'] = "wan";
104			$pconfig['localnet'] = "lan";
105			$pconfig['p1mode'] = "aggressive";
106			$pconfig['p1myidentt'] = "myaddress";
107			$pconfig['p1ealgo'] = "3des";
108			$pconfig['p1halgo'] = "sha1";
109			$pconfig['p1dhgroup'] = "2";
110			$pconfig['p2proto'] = "esp";
111			$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael");
112			$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
113			$pconfig['p2pfsgroup'] = "0";
114			}
115
116			if ($_POST) {
117			if (is_specialnet($_POST['localnettype'])) {
118			$_POST['localnet'] = $_POST['localnettype'];
119			$_POST['localnetmask'] = 0;
120			} else if ($_POST['localnettype'] == "single") {
121			$_POST['localnetmask'] = 32;
122			}
123	5dd55fa3	Scott Ullrich
124	5b237745	Scott Ullrich	unset($input_errors);
125			$pconfig = $_POST;
126
127			/* input validation */
128			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
129			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
130	5dd55fa3	Scott Ullrich
131	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
132	5dd55fa3	Scott Ullrich
133	5b237745	Scott Ullrich	if (!is_specialnet($_POST['localnettype'])) {
134			if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) {
135			$input_errors[] = "A valid local network IP address must be specified.";
136			}
137			if (($_POST['localnetmask'] && !is_numeric($_POST['localnetmask']))) {
138			$input_errors[] = "A valid local network bit count must be specified.";
139			}
140			}
141			if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
142			$input_errors[] = "The P1 lifetime must be an integer.";
143			}
144			if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
145			$input_errors[] = "The P2 lifetime must be an integer.";
146			}
147			if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) \|\| ($_POST['remotebits'] <= 0) \|\| ($_POST['remotebits'] > 32))) {
148			$input_errors[] = "The remote network bits are invalid.";
149			}
150			if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet']))) {
151			$input_errors[] = "A valid remote network address must be specified.";
152			}
153			if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) {
154			$input_errors[] = "A valid remote gateway address must be specified.";
155			}
156			if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) {
157			$input_errors[] = "A valid IP address for 'My identifier' must be specified.";
158			}
159			if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
160			$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
161			}
162			if ($_POST['p1myidentt'] == "user_fqdn") {
163			$ufqdn = explode("@",$_POST['p1myident']);
164	5dd55fa3	Scott Ullrich	if (!is_domain($ufqdn[1]))
165	5b237745	Scott Ullrich	$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
166			}
167	5dd55fa3	Scott Ullrich
168	5b237745	Scott Ullrich	if ($_POST['p1myidentt'] == "myaddress")
169			$_POST['p1myident'] = "";
170
171			if (!$input_errors) {
172			$ipsecent['disabled'] = $_POST['disabled'] ? true : false;
173			$ipsecent['auto'] = $_POST['auto'] ? true : false;
174			$ipsecent['interface'] = $pconfig['interface'];
175			pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
176			$ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
177			$ipsecent['remote-gateway'] = $_POST['remotegw'];
178			$ipsecent['p1']['mode'] = $_POST['p1mode'];
179	5dd55fa3	Scott Ullrich
180	5b237745	Scott Ullrich	$ipsecent['p1']['myident'] = array();
181			switch ($_POST['p1myidentt']) {
182			case 'myaddress':
183			$ipsecent['p1']['myident']['myaddress'] = true;
184			break;
185			case 'address':
186			$ipsecent['p1']['myident']['address'] = $_POST['p1myident'];
187			break;
188			case 'fqdn':
189			$ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
190			break;
191			case 'user_fqdn':
192			$ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
193			break;
194			}
195	5dd55fa3	Scott Ullrich
196	5b237745	Scott Ullrich	$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
197			$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
198			$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
199			$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
200			$ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
201			$ipsecent['p2']['protocol'] = $_POST['p2proto'];
202			$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
203			$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
204			$ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
205			$ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
206			$ipsecent['descr'] = $_POST['descr'];
207	5dd55fa3	Scott Ullrich
208	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id])
209			$a_ipsec[$id] = $ipsecent;
210			else
211			$a_ipsec[] = $ipsecent;
212	5dd55fa3	Scott Ullrich
213	5b237745	Scott Ullrich	write_config();
214			touch($d_ipsecconfdirty_path);
215	5dd55fa3	Scott Ullrich
216	5b237745	Scott Ullrich	header("Location: vpn_ipsec.php");
217			exit;
218			}
219			}
220			?>
221			<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
222			<html>
223			<head>
224			<title><?=gentitle("VPN: IPsec: Edit tunnel");?></title>
225			<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
226			<link href="gui.css" rel="stylesheet" type="text/css">
227			<script language="JavaScript">
228			<!--
229			function typesel_change() {
230			switch (document.iform.localnettype.selectedIndex) {
231			case 0: /* single */
232			document.iform.localnet.disabled = 0;
233			document.iform.localnetmask.value = "";
234			document.iform.localnetmask.disabled = 1;
235			break;
236			case 1: /* network */
237			document.iform.localnet.disabled = 0;
238			document.iform.localnetmask.disabled = 0;
239			break;
240			default:
241			document.iform.localnet.value = "";
242			document.iform.localnet.disabled = 1;
243			document.iform.localnetmask.value = "";
244			document.iform.localnetmask.disabled = 1;
245			break;
246			}
247			}
248			//-->
249			</script>
250			</head>
251
252			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
253			<?php include("fbegin.inc"); ?>
254			<p class="pgtitle">VPN: IPsec: Edit tunnel</p>
255			<?php if ($input_errors) print_input_errors($input_errors); ?>
256			<form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
257			<table width="100%" border="0" cellpadding="6" cellspacing="0">
258	5dd55fa3	Scott Ullrich	<tr>
259	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Mode</td>
260			<td width="78%" class="vtable"> Tunnel</td>
261			</tr>
262	5dd55fa3	Scott Ullrich	<tr>
263	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Disabled</td>
264	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
265	5b237745	Scott Ullrich	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
266			<strong>Disable this tunnel</strong><br>
267			<span class="vexpl">Set this option to disable this tunnel without
268			removing it from the list.</span></td>
269			</tr>
270	5dd55fa3	Scott Ullrich	<tr>
271	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Auto-establish</td>
272	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
273	5b237745	Scott Ullrich	<input name="auto" type="checkbox" id="auto" value="yes" <?php if ($pconfig['auto']) echo "checked"; ?>>
274			<strong>Automatically establish this tunnel</strong><br>
275			<span class="vexpl">Set this option to automatically re-establish this tunnel after reboots/reconfigures. If this is not set, the tunnel is established on demand.</span></td>
276			</tr>
277	5dd55fa3	Scott Ullrich	<tr>
278	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
279			<td width="78%" class="vtable"> <select name="interface" class="formfld">
280			<?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
281			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
282			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
283			}
284			foreach ($interfaces as $iface => $ifacename): ?>
285	5dd55fa3	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
286	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
287			</option>
288			<?php endforeach; ?>
289			</select> <br>
290			<span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td>
291			</tr>
292	5dd55fa3	Scott Ullrich	<tr>
293	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local subnet</td>
294	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
295	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
296	5dd55fa3	Scott Ullrich	<tr>
297	5b237745	Scott Ullrich	<td>Type:  </td>
298			<td><select name="localnettype" class="formfld" onChange="typesel_change()">
299			<?php $sel = is_specialnet($pconfig['localnet']); ?>
300	5dd55fa3	Scott Ullrich	<option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
301	5b237745	Scott Ullrich	Single host</option>
302	5dd55fa3	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
303	5b237745	Scott Ullrich	Network</option>
304	5dd55fa3	Scott Ullrich	<option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
305	5b237745	Scott Ullrich	LAN subnet</option>
306			</select></td>
307			</tr>
308	5dd55fa3	Scott Ullrich	<tr>
309	5b237745	Scott Ullrich	<td>Address:  </td>
310			<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
311	5dd55fa3	Scott Ullrich	/
312	5b237745	Scott Ullrich	<select name="localnetmask" class="formfld" id="localnetmask">
313	40dd6441	Scott Ullrich	<?php for ($i = 32; $i >= 0; $i--): ?>
314	5b237745	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
315			<?=$i;?>
316			</option>
317			<?php endfor; ?>
318			</select> </td>
319			</tr>
320			</table></td>
321			</tr>
322	5dd55fa3	Scott Ullrich	<tr>
323	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote subnet</td>
324	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
325	5b237745	Scott Ullrich	<input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
326	5dd55fa3	Scott Ullrich	/
327	5b237745	Scott Ullrich	<select name="remotebits" class="formfld" id="remotebits">
328			<?php for ($i = 32; $i > 0; $i--): ?>
329	5dd55fa3	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
330	5b237745	Scott Ullrich	<?=$i;?>
331			</option>
332			<?php endfor; ?>
333			</select></td>
334			</tr>
335	5dd55fa3	Scott Ullrich	<tr>
336	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote gateway</td>
337	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
338			<input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
339	5b237745	Scott Ullrich	<br>
340			Enter the public IP address of the remote gateway</td>
341			</tr>
342	5dd55fa3	Scott Ullrich	<tr>
343	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
344	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
345			<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
346			<br> <span class="vexpl">You may enter a description here
347	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
348			</tr>
349	5dd55fa3	Scott Ullrich	<tr>
350	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
351			</tr>
352	5dd55fa3	Scott Ullrich	<tr>
353			<td colspan="2" valign="top" class="listtopic">Phase 1 proposal
354	5b237745	Scott Ullrich	(Authentication)</td>
355			</tr>
356	5dd55fa3	Scott Ullrich	<tr>
357	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
358			<td width="78%" class="vtable">
359			<select name="p1mode" class="formfld">
360			<?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
361	5dd55fa3	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
362	5b237745	Scott Ullrich	<?=htmlspecialchars($mode);?>
363			</option>
364			<?php endforeach; ?>
365	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl">Aggressive is faster, but
366	5b237745	Scott Ullrich	less secure.</span></td>
367			</tr>
368	5dd55fa3	Scott Ullrich	<tr>
369	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">My identifier</td>
370			<td width="78%" class="vtable">
371			<select name="p1myidentt" class="formfld">
372			<?php foreach ($my_identifier_list as $mode => $modename): ?>
373	5dd55fa3	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
374	5b237745	Scott Ullrich	<?=htmlspecialchars($modename);?>
375			</option>
376			<?php endforeach; ?>
377	5dd55fa3	Scott Ullrich	</select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
378	5b237745	Scott Ullrich	</td>
379			</tr>
380	5dd55fa3	Scott Ullrich	<tr>
381	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
382			<td width="78%" class="vtable">
383			<select name="p1ealgo" class="formfld">
384			<?php foreach ($p1_ealgos as $algo => $algoname): ?>
385	5dd55fa3	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
386	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
387			</option>
388			<?php endforeach; ?>
389	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
390	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
391			</tr>
392	5dd55fa3	Scott Ullrich	<tr>
393	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
394			<td width="78%" class="vtable">
395			<select name="p1halgo" class="formfld">
396			<?php foreach ($p1_halgos as $algo => $algoname): ?>
397	5dd55fa3	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
398	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
399			</option>
400			<?php endforeach; ?>
401	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
402	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
403			</tr>
404	5dd55fa3	Scott Ullrich	<tr>
405	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">DH key group</td>
406			<td width="78%" class="vtable">
407			<select name="p1dhgroup" class="formfld">
408			<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
409	5dd55fa3	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
410	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroup);?>
411			</option>
412			<?php endforeach; ?>
413	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
414	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em><br>
415			Must match the setting chosen on the remote side. </span></td>
416			</tr>
417	5dd55fa3	Scott Ullrich	<tr>
418	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
419	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
420	5b237745	Scott Ullrich	<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
421			seconds</td>
422			</tr>
423	5dd55fa3	Scott Ullrich	<tr>
424	a615fd33	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
425	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
426			<input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
427	a615fd33	Scott Ullrich	<br>ASCII characters only!
428	5b237745	Scott Ullrich	</td>
429			</tr>
430	5dd55fa3	Scott Ullrich	<tr>
431	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
432			</tr>
433	5dd55fa3	Scott Ullrich	<tr>
434			<td colspan="2" valign="top" class="listtopic">Phase 2 proposal
435	5b237745	Scott Ullrich	(SA/Key Exchange)</td>
436			</tr>
437	5dd55fa3	Scott Ullrich	<tr>
438	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
439			<td width="78%" class="vtable">
440			<select name="p2proto" class="formfld">
441			<?php foreach ($p2_protos as $proto => $protoname): ?>
442	5dd55fa3	Scott Ullrich	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
443	5b237745	Scott Ullrich	<?=htmlspecialchars($protoname);?>
444			</option>
445			<?php endforeach; ?>
446	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl">ESP is encryption, AH is
447	5b237745	Scott Ullrich	authentication only </span></td>
448			</tr>
449	5dd55fa3	Scott Ullrich	<tr>
450	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
451	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
452	5b237745	Scott Ullrich	<?php foreach ($p2_ealgos as $algo => $algoname): ?>
453	5dd55fa3	Scott Ullrich	<input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
454	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
455	5dd55fa3	Scott Ullrich	<br>
456	5b237745	Scott Ullrich	<?php endforeach; ?>
457			<br>
458	5dd55fa3	Scott Ullrich	Hint: use 3DES for best compatibility or if you have a hardware
459			crypto accelerator card. Blowfish is usually the fastest in
460	5b237745	Scott Ullrich	software encryption. </td>
461			</tr>
462	5dd55fa3	Scott Ullrich	<tr>
463	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
464	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
465	5b237745	Scott Ullrich	<?php foreach ($p2_halgos as $algo => $algoname): ?>
466	5dd55fa3	Scott Ullrich	<input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
467	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
468	5dd55fa3	Scott Ullrich	<br>
469	5b237745	Scott Ullrich	<?php endforeach; ?>
470			</td>
471			</tr>
472	5dd55fa3	Scott Ullrich	<tr>
473	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">PFS key group</td>
474			<td width="78%" class="vtable">
475			<select name="p2pfsgroup" class="formfld">
476			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
477	5dd55fa3	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
478	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroupname);?>
479			</option>
480			<?php endforeach; ?>
481	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
482	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em></span></td>
483			</tr>
484	5dd55fa3	Scott Ullrich	<tr>
485	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
486	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
487	5b237745	Scott Ullrich	<input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
488			seconds</td>
489			</tr>
490	5dd55fa3	Scott Ullrich
491
492			<tr>
493			<td colspan="2" class="list" height="12"></td>
494			</tr>
495			<tr>
496			<td colspan="2" valign="top" class="listtopic">Misc</td>
497			</tr>
498			<tr>
499			<td width="22%" valign="top" class="vncell">Multi-Tunnel routing</td>
500			<td width="78%" class="vtable">
501			<input name="creategif" type="checkbox" id="creategif" size="40" value="<? if($pconfig['creategif']) echo " CHECKED"; ?>"><b> Turn on multi-subnet routing.</b>
502			<br> <span class="vexpl">If you would like to route multiple subnets across this VPN, check this.</span></td>
503			</tr>
504
505			<tr>
506	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
507	5dd55fa3	Scott Ullrich	<td width="78%">
508	fc01e414	Scott Ullrich	<input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
509	5b237745	Scott Ullrich	<?php if (isset($id) && $a_ipsec[$id]): ?>
510	5dd55fa3	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
511	5b237745	Scott Ullrich	<?php endif; ?>
512			</td>
513			</tr>
514			</table>
515			</form>
516			<script language="JavaScript">
517			<!--
518			typesel_change();
519			//-->
520			</script>
521			<?php include("fend.inc"); ?>
522			</body>
523			</html>

Project

General

Profile

pfSense