/src/usr/local/www/status_ipsec.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/status_ipsec.php @ 3032e3b7

1	cf7d1057	Scott Ullrich	<?php
2			/*
3	c5d81585	Renato Botelho	* status_ipsec.php
4	86b2861c	Matt Smith	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	8f585441	Luiz Souza	* Copyright (c) 2014-2021 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* All rights reserved.
10	fd9ebcd5	Stephen Beaver	*
11	c5d81585	Renato Botelho	* originally based on m0n0wall (http://m0n0.ch/wall)
12			* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
13			* All rights reserved.
14	fd9ebcd5	Stephen Beaver	*
15	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
16			* you may not use this file except in compliance with the License.
17			* You may obtain a copy of the License at
18	fd9ebcd5	Stephen Beaver	*
19	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
20	fd9ebcd5	Stephen Beaver	*
21	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
22			* distributed under the License is distributed on an "AS IS" BASIS,
23			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24			* See the License for the specific language governing permissions and
25			* limitations under the License.
26	fd9ebcd5	Stephen Beaver	*/
27	cf7d1057	Scott Ullrich
28	6b07c15a	Matthew Grooms	##\|+PRIV
29			##\|*IDENT=page-status-ipsec
30	5230f468	jim-p	##\|*NAME=Status: IPsec
31	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'Status: IPsec' page.
32	1af5edbf	Stephen Beaver	##\|MATCH=status_ipsec.php
33	6b07c15a	Matthew Grooms	##\|-PRIV
34
35	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
36	4260c32a	Stephen Beaver	require_once("ipsec.inc");
37	6b07c15a	Matthew Grooms
38	a93e56c5	Matthew Grooms	global $g;
39
40	c6c398c6	jim-p	init_config_arr(array('ipsec', 'phase1'));
41	4b5f2ab3	Phil Davis
42	4260c32a	Stephen Beaver	// If this is just an AJAX call to update the table body, just generate the body and quit
43			if ($_REQUEST['ajax']) {
44			print_ipsec_body();
45			exit;
46			}
47	a93e56c5	Matthew Grooms
48	c6220dcf	jim-p	if (($_POST['act'] == 'connect') \|\| ($_POST['act'] == 'childconnect')) {
49	64d53c69	Steve Beaver	if (ctype_digit($_POST['ikeid'])) {
50			$ph1ent = ipsec_get_phase1($_POST['ikeid']);
51	483c3b5b	Ermal LUÇI	if (!empty($ph1ent)) {
52	c6220dcf	jim-p	if (empty($ph1ent['iketype']) \|\| ($ph1ent['iketype'] == 'ikev1') \|\| isset($ph1ent['splitconn'])) {
53	50c2b3f9	jim-p	$ph2entries = ipsec_get_number_of_phase2($ph1ent['ikeid']);
54	483c3b5b	Ermal LUÇI	for ($i = 0; $i < $ph2entries; $i++) {
55	50c2b3f9	jim-p	if (get_ipsecifnum($ph1ent['ikeid'], $i)) {
56			$connum = get_ipsecifnum($ph1ent['ikeid'], $i);
57			} else {
58			$connum = "{$ph1ent['ikeid']}00000";
59			}
60			$connid = escapeshellarg("con" . $connum);
61	c6220dcf	jim-p	if ($_POST['act'] != 'childconnect') {
62			mwexec_bg("/usr/local/sbin/swanctl --terminate --child {$connid}");
63			}
64			mwexec_bg("/usr/local/sbin/swanctl --initiate --child {$connid}");
65	483c3b5b	Ermal LUÇI	}
66			} else {
67	50c2b3f9	jim-p	if (get_ipsecifnum($ph1ent['ikeid'], 0)) {
68			$connum = get_ipsecifnum($ph1ent['ikeid'], 0);
69			} else {
70			$connum = "{$ph1ent['ikeid']}00000";
71			}
72	c6220dcf	jim-p	if ($_POST['act'] != 'childconnect') {
73	50c2b3f9	jim-p	mwexec_bg("/usr/local/sbin/swanctl --terminate --ike " . escapeshellarg("con{$connum}"));
74	c6220dcf	jim-p	}
75	50c2b3f9	jim-p	mwexec_bg("/usr/local/sbin/swanctl --initiate --child " . escapeshellarg("con{$connum}"));
76	483c3b5b	Ermal LUÇI	}
77			}
78	6e8b0ec3	jim-p	}
79	64d53c69	Steve Beaver	} else if ($_POST['act'] == 'ikedisconnect') {
80	3c5f4441	Stephen Jones	if (!empty($_POST['ikesaid']) && ctype_digit($_POST['ikesaid'])) {
81	c6220dcf	jim-p	mwexec_bg("/usr/local/sbin/swanctl --terminate --ike " . escapeshellarg($_POST['ikeid']) . " --ike-id " .escapeshellarg($_POST['ikesaid']));
82	3c5f4441	Stephen Jones	} else {
83	c6220dcf	jim-p	mwexec_bg("/usr/local/sbin/swanctl --terminate --ike " . escapeshellarg($_POST['ikeid']));
84	614be051	bcyrill	}
85	64d53c69	Steve Beaver	} else if ($_POST['act'] == 'childdisconnect') {
86	130f3c92	Stephen Jones	//pull out number from id
87	64d53c69	Steve Beaver	if (!empty($_POST['ikesaid']) && ctype_digit($_POST['ikesaid'])) {
88	c6220dcf	jim-p	mwexec_bg("/usr/local/sbin/swanctl --terminate --child " . escapeshellarg($_POST['ikeid']) . " --child-id " . escapeshellarg($_POST['ikesaid']));
89	5f601060	Phil Davis	}
90	6e0b68bf	jim-p	}
91
92	4260c32a	Stephen Beaver	// Table body is composed here so that it can be more easily updated via AJAX
93			function print_ipsec_body() {
94			global $config;
95			$a_phase1 = &$config['ipsec']['phase1'];
96	4e5857b6	jim-p	$conmap = array();
97			foreach ($a_phase1 as $ph1ent) {
98			if (get_ipsecifnum($ph1ent['ikeid'], 0)) {
99			$cname = "con" . get_ipsecifnum($ph1ent['ikeid'], 0);
100			} else {
101			$cname = "con{$ph1ent['ikeid']}00000";
102			}
103			$conmap[$cname] = $ph1ent['ikeid'];
104			}
105
106	4260c32a	Stephen Beaver	$status = ipsec_list_sa();
107			$ipsecconnected = array();
108			if (is_array($status)) {
109			foreach ($status as $ikeid => $ikesa) {
110	130f3c92	Stephen Jones	//check which array format
111	4e5857b6	jim-p	if (isset($ikesa['con-id'])) {
112			$con_id = substr($ikesa['con-id'], 3);
113			} else {
114	130f3c92	Stephen Jones	$con_id = filter_var($ikeid, FILTER_SANITIZE_NUMBER_INT);
115			}
116	4e5857b6	jim-p	$con_name = "con" . $con_id;
117	4260c32a	Stephen Beaver	if ($ikesa['version'] == 1) {
118	4e5857b6	jim-p	$ph1idx = $conmap[$con_name];
119	4260c32a	Stephen Beaver	$ipsecconnected[$ph1idx] = $ph1idx;
120			} else {
121	109a304e	Graham Collinson	if (!ipsec_ikeid_used($con_id)) {
122			// probably a v2 with split connection then
123	4e5857b6	jim-p	$ph1idx = $conmap[$con_name];
124	109a304e	Graham Collinson	$ipsecconnected[$ph1idx] = $ph1idx;
125			} else {
126			$ipsecconnected[$con_id] = $ph1idx = $con_id;
127			}
128	4260c32a	Stephen Beaver	}
129	3795cc0a	sbeaver
130	4260c32a	Stephen Beaver	print("<tr>\n");
131	3c5f4441	Stephen Jones
132			print("<td>\n");
133			print(htmlspecialchars($ikesa['con-id'])) . ":\n";
134			print('#' . htmlspecialchars($ikesa['uniqueid']));
135			print("</td>\n");
136
137	4260c32a	Stephen Beaver	print("<td>\n");
138	80392e01	Stephen Jones	if (is_array($a_phase1) && htmlspecialchars(ipsec_get_descr($ph1idx)) == "") {
139	29c1ecb8	Stephen Jones	foreach ($a_phase1 as $ph1) {
140	4e5857b6	jim-p	if ($con_id == $ph1['ikeid'] && isset($ph1['mobile'])) {
141	80392e01	Stephen Jones	print(htmlspecialchars($ph1['descr']));
142	29c1ecb8	Stephen Jones	break;
143			}
144			}
145			}
146	4260c32a	Stephen Beaver	print(htmlspecialchars(ipsec_get_descr($ph1idx)));
147			print("</td>\n");
148	3c5f4441	Stephen Jones
149	4260c32a	Stephen Beaver	print("<td>\n");
150	0da0d43e	Phil Davis
151	8af4e81e	jim-p	print("<b>ID:</b> ");
152	4260c32a	Stephen Beaver	if (!empty($ikesa['local-id'])) {
153			if ($ikesa['local-id'] == '%any') {
154			print(gettext('Any identifier'));
155			} else {
156			print(htmlspecialchars($ikesa['local-id']));
157			}
158	5f601060	Phil Davis	} else {
159	4260c32a	Stephen Beaver	print(gettext("Unknown"));
160	5f601060	Phil Davis	}
161	86b2861c	Matt Smith
162	8af4e81e	jim-p	print("<br/>");
163			print("<b>Host:</b> ");
164	4260c32a	Stephen Beaver
165			if (!empty($ikesa['local-host'])) {
166	8af4e81e	jim-p	$lhost = $ikesa['local-host'];
167			if (!empty($ikesa['local-port'])) {
168			if (is_ipaddrv6($ikesa['local-host'])) {
169			$lhost = "[{$lhost}]";
170			}
171			$lhost .= ":{$ikesa['local-port']}";
172			}
173			print(htmlspecialchars($lhost));
174
175	86b2861c	Matt Smith	} else {
176	4260c32a	Stephen Beaver	print(gettext("Unknown"));
177	86b2861c	Matt Smith	}
178	4260c32a	Stephen Beaver
179	8af4e81e	jim-p	print("<br/>");
180			print("<b>SPI:</b> " . htmlspecialchars( ($ikesa['initiator'] == 'yes') ? $ikesa['initiator-spi'] : $ikesa['responder-spi'] ));
181
182	4260c32a	Stephen Beaver	/*
183			* XXX: local-nat-t was defined by pfSense
184			* When strongswan team accepted the change, they changed it to
185			* nat-local. Keep both for a while and remove local-nat-t in
186			* the future
187			*/
188			if (isset($ikesa['local-nat-t']) \|\| isset($ikesa['nat-local'])) {
189	e96b20f6	Jose Luis Duran	print(" NAT-T");
190	4260c32a	Stephen Beaver	}
191
192			print("</td>\n");
193			print("<td>\n");
194
195	8af4e81e	jim-p	print("<b>ID:</b> ");
196
197	4260c32a	Stephen Beaver	$identity = "";
198			if (!empty($ikesa['remote-id'])) {
199			if ($ikesa['remote-id'] == '%any') {
200			$identity = htmlspecialchars(gettext('Any identifier'));
201			} else {
202			$identity = htmlspecialchars($ikesa['remote-id']);
203			}
204			}
205
206			if (!empty($ikesa['remote-xauth-id'])) {
207			echo htmlspecialchars($ikesa['remote-xauth-id']);
208			echo "<br/>{$identity}";
209			} elseif (!empty($ikesa['remote-eap-id'])) {
210			echo htmlspecialchars($ikesa['remote-eap-id']);
211			echo "<br/>{$identity}";
212			} else {
213			if (empty($identity)) {
214			print(gettext("Unknown"));
215			} else {
216			print($identity);
217			}
218			}
219
220	8af4e81e	jim-p	print("<br/>");
221			print("<b>Host:</b> ");
222	4260c32a	Stephen Beaver
223			if (!empty($ikesa['remote-host'])) {
224	8af4e81e	jim-p	$rhost = $ikesa['remote-host'];
225			if (!empty($ikesa['remote-port'])) {
226			if (is_ipaddrv6($ikesa['remote-host'])) {
227			$rhost = "[{$rhost}]";
228			}
229			$rhost .= ":{$ikesa['remote-port']}";
230			}
231			print(htmlspecialchars($rhost));
232	4260c32a	Stephen Beaver	} else {
233	3795cc0a	sbeaver	print(gettext("Unknown"));
234	4260c32a	Stephen Beaver	}
235			/*
236			* XXX: remote-nat-t was defined by pfSense
237			* When strongswan team accepted the change, they changed it to
238			* nat-remote. Keep both for a while and remove remote-nat-t in
239			* the future
240			*/
241			if (isset($ikesa['remote-nat-t']) \|\| isset($ikesa['nat-remote'])) {
242			print(" NAT-T");
243			}
244
245	8af4e81e	jim-p	print("<br/>");
246			print("<b>SPI:</b> " . htmlspecialchars( ($ikesa['initiator'] == 'yes') ? $ikesa['responder-spi'] : $ikesa['initiator-spi'] ));
247
248	4260c32a	Stephen Beaver	print("</td>\n");
249			print("<td>\n");
250			print("IKEv" . htmlspecialchars($ikesa['version']));
251			print("<br/>\n");
252
253			if ($ikesa['initiator'] == 'yes') {
254			print("initiator");
255			} else {
256			print("responder");
257			}
258
259			print("</td>\n");
260			print("<td>\n");
261	9701089e	jim-p	if ($ikesa['version'] == 2) {
262			print("<b>" . gettext("Rekey:") . "</b> ");
263			if (!empty($ikesa['rekey-time'])) {
264			print(htmlspecialchars($ikesa['rekey-time']) . gettext("s (") . convert_seconds_to_dhms($ikesa['rekey-time']) . ")");
265			} else {
266			print(gettext("Disabled"));
267			}
268	8af4e81e	jim-p	print("<br/>");
269			}
270	9701089e	jim-p	print("<b>" . gettext("Reauth:") . "</b> ");
271			if (!empty($ikesa['reauth-time'])) {
272			print(htmlspecialchars($ikesa['reauth-time']) . gettext("s (") . convert_seconds_to_dhms($ikesa['reauth-time']) . ")");
273			} else {
274			print(gettext("Disabled"));
275	8af4e81e	jim-p	}
276	4260c32a	Stephen Beaver	print("</td>\n");
277			print("<td>\n");
278			print(htmlspecialchars($ikesa['encr-alg']));
279	8af4e81e	jim-p	if (!empty($ikesa['encr-keysize'])) {
280			print(" (" . htmlspecialchars($ikesa['encr-keysize']) . ")");
281			}
282	4260c32a	Stephen Beaver	print("<br/>");
283			print(htmlspecialchars($ikesa['integ-alg']));
284			print("<br/>");
285			print(htmlspecialchars($ikesa['prf-alg']));
286			print("<br/>\n");
287			print(htmlspecialchars($ikesa['dh-group']));
288			print("</td>\n");
289			print("<td>\n");
290
291			if ($ikesa['state'] == 'ESTABLISHED') {
292			print('<span class="text-success">');
293			} else {
294			print('<span>');
295			}
296
297			print(ucfirst(htmlspecialchars($ikesa['state'])));
298	9e820b59	Phil Davis
299			if ($ikesa['state'] == 'ESTABLISHED') {
300	7f0d6ccf	Phil Davis	print("<br/>");
301			printf(gettext('%1$s seconds (%2$s) ago'), htmlspecialchars($ikesa['established']), convert_seconds_to_dhms($ikesa['established']));
302	9e820b59	Phil Davis	}
303
304	3c5f4441	Stephen Jones	print("</span><br /><br />");
305	4260c32a	Stephen Beaver
306			if ($ikesa['state'] != 'ESTABLISHED') {
307
308	1144e24c	Steve Beaver	print('<a href="status_ipsec.php?act=connect&ikeid=' . $con_id . '&ikesaid=' .$ikesa['uniqueid'] . '" class="btn btn-xs btn-success" data-toggle="tooltip" title="' . gettext("Connect VPN"). '" usepost>');
309	9e820b59	Phil Davis	print('<i class="fa fa-sign-in icon-embed-btn"></i>');
310			print(gettext("Connect VPN"));
311			print("</a>\n");
312	4260c32a	Stephen Beaver
313	86b2861c	Matt Smith	} else {
314	4260c32a	Stephen Beaver
315	3c5f4441	Stephen Jones	print('<a href="status_ipsec.php?act=ikedisconnect&ikeid=' . $ikesa['con-id']. '&ikesaid=' .$ikesa['uniqueid'] . '"class="btn btn-xs btn-danger" data-toggle="tooltip" title="' . gettext("Disconnect VPN") . '" usepost>');
316	4260c32a	Stephen Beaver	print('<i class="fa fa-trash icon-embed-btn"></i>');
317			print(gettext("Disconnect"));
318			print("</a><br />\n");
319
320			}
321	c6220dcf	jim-p	if (empty($ikesa['child-sas'])) {
322			print('<br/><a href="status_ipsec.php?act=childconnect&ikeid=' . substr($con_id, 0, -3) . '" class="btn btn-xs btn-success" data-toggle="tooltip" title="' . gettext("Connect Children"). '" usepost>');
323			print('<i class="fa fa-sign-in icon-embed-btn"></i>');
324			print(gettext("Connect Children"));
325			print("</a>\n");
326			}
327	4260c32a	Stephen Beaver
328			print("</td>\n");
329			print("</tr>\n");
330			print("<tr>\n");
331			print("<td colspan = 10>\n");
332
333			if (is_array($ikesa['child-sas']) && (count($ikesa['child-sas']) > 0)) {
334	130f3c92	Stephen Jones	$child_key = "";
335			foreach ($ikesa['child-sas'] as $key => $val){
336			$child_key = $key;
337			break;
338			}
339	4260c32a	Stephen Beaver
340	067551a4	Stephen Beaver	print('<div>');
341	130f3c92	Stephen Jones	print('<a type="button" id="btnchildsa-'. $child_key . '" class="btn btn-sm btn-info">');
342	4260c32a	Stephen Beaver	print('<i class="fa fa-plus-circle icon-embed-btn"></i>');
343	c6220dcf	jim-p	print(sprintf(gettext('Show child SA entries (%d)'), count($ikesa['child-sas'])));
344	4260c32a	Stephen Beaver	print("</a>\n");
345			print(" </div>\n");
346
347	130f3c92	Stephen Jones	print('<table class="table table-hover table-condensed" id="childsa-'.$child_key . '" style="display:none">');
348	4260c32a	Stephen Beaver	print("<thead>\n");
349			print('<tr class="bg-info">');
350	3c5f4441	Stephen Jones	print('<th>' . gettext("IPsec ID") . '</th>');
351			print('<th>' . gettext("Local subnets") . '</th>');
352			print('<th>' . gettext("Local SPI(s)") . '</th>');
353			print('<th>' . gettext("Remote subnets") . '</th>');
354			print('<th>' . gettext("Times") . '</th>');
355			print('<th>' . gettext("Algo") . '</th>');
356			print('<th>' . gettext("Stats") . '</th>');
357	4260c32a	Stephen Beaver	print('<th><!-- Buttons --></th>');
358			print("</tr\n");
359			print("</thead>\n");
360			print("<tbody>\n");
361
362			foreach ($ikesa['child-sas'] as $childid => $childsa) {
363			print("<tr>");
364			print("<td>\n");
365	3c5f4441	Stephen Jones	print($childsa['name'] . ":<br />");
366			print("#" . $childsa['uniqueid']);
367			print("</td>\n");
368			print("<td>\n");
369	4260c32a	Stephen Beaver
370			if (is_array($childsa['local-ts'])) {
371			foreach ($childsa['local-ts'] as $lnets) {
372			print(htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />");
373			}
374			} else {
375			print(gettext("Unknown"));
376			}
377
378			print("</td>\n");
379			print("<td>\n");
380
381			if (isset($childsa['spi-in'])) {
382	8af4e81e	jim-p	print("<b>" . gettext("Local:") . "</b> " . htmlspecialchars($childsa['spi-in']));
383	4260c32a	Stephen Beaver	}
384
385			if (isset($childsa['spi-out'])) {
386	8af4e81e	jim-p	print("<br/>");
387			print("<b>" . gettext('Remote:') . "</b> " . htmlspecialchars($childsa['spi-out']));
388	4260c32a	Stephen Beaver	}
389
390			print("</td>\n");
391			print("<td>\n");
392
393			if (is_array($childsa['remote-ts'])) {
394			foreach ($childsa['remote-ts'] as $rnets) {
395			print(htmlspecialchars(ipsec_fixup_network($rnets)) . '<br />');
396			}
397			} else {
398			print(gettext("Unknown"));
399			}
400
401			print("</td>\n");
402			print("<td>\n");
403
404	8af4e81e	jim-p	printf(gettext('%3$sRekey: %4$s%1$s seconds (%2$s)'), htmlspecialchars($childsa['rekey-time']), convert_seconds_to_dhms($childsa['rekey-time']), "<b>", "</b>");
405	7f0d6ccf	Phil Davis	print('<br/>');
406	8af4e81e	jim-p	printf(gettext('%3$sLife: %4$s%1$s seconds (%2$s)'), htmlspecialchars($childsa['life-time']), convert_seconds_to_dhms($childsa['life-time']), "<b>", "</b>");
407	7f0d6ccf	Phil Davis	print('<br/>');
408	8af4e81e	jim-p	printf(gettext('%3$sInstall: %4$s%1$s seconds (%2$s)'), htmlspecialchars($childsa['install-time']), convert_seconds_to_dhms($childsa['install-time']), "<b>", "</b>");
409	4260c32a	Stephen Beaver
410
411			print("</td>\n");
412			print("<td>\n");
413
414	8af4e81e	jim-p	print(htmlspecialchars($childsa['encr-alg']));
415			if (!empty($childsa['encr-keysize'])) {
416			print(" (" . htmlspecialchars($childsa['encr-keysize']) . ")");
417			}
418			print('<br/>');
419
420	4260c32a	Stephen Beaver	print(htmlspecialchars($childsa['integ-alg']) . '<br/>');
421
422			if (!empty($childsa['prf-alg'])) {
423			print(htmlspecialchars($childsa['prf-alg']) . '<br/>');
424			}
425
426			if (!empty($childsa['dh-group'])) {
427			print(htmlspecialchars($childsa['dh-group']) . '<br/>');
428			}
429
430			if (!empty($childsa['esn'])) {
431			print(htmlspecialchars($childsa['esn']) . '<br/>');
432			}
433
434			print(gettext("IPComp: "));
435			if (!empty($childsa['cpi-in']) \|\| !empty($childsa['cpi-out'])) {
436			print(htmlspecialchars($childsa['cpi-in']) . " " . htmlspecialchars($childsa['cpi-out']));
437			} else {
438			print(gettext('none'));
439			}
440
441			print("</td>\n");
442			print("<td>\n");
443
444	8af4e81e	jim-p	print("<b>" . gettext("Bytes-In:") . "</b> " . htmlspecialchars(number_format($childsa['bytes-in'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-in'])) . ')<br/>');
445			print("<b>" . gettext("Packets-In:") . "</b> " . htmlspecialchars(number_format($childsa['packets-in'])) . '<br/>');
446			print("<b>" . gettext("Bytes-Out:") . "</b> " . htmlspecialchars(number_format($childsa['bytes-out'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-out'])) . ')<br/>');
447			print("<b>" . gettext("Packets-Out:") . "</b> " . htmlspecialchars(number_format($childsa['packets-out'])) . '<br/>');
448	4260c32a	Stephen Beaver
449			print("</td>\n");
450			print("<td>\n");
451	130f3c92	Stephen Jones	print('<a href="status_ipsec.php?act=childdisconnect&ikeid=' . $childsa['name'] . '&ikesaid=' . $childsa['uniqueid'] . '" class="btn btn-xs btn-warning" data-toggle="tooltip" title="' . gettext('Disconnect Child SA') . '" usepost>');
452	4260c32a	Stephen Beaver	print('<i class="fa fa-trash icon-embed-btn"></i>');
453			print(gettext("Disconnect"));
454			print("</a>\n");
455			print("</td>\n");
456			print("</tr>\n");
457
458			}
459
460			print("</tbody>\n");
461			print(" </table>\n");
462			print("</td>\n");
463	9723b525	Stephen Beaver	print("</tr>\n");
464	4260c32a	Stephen Beaver
465	3795cc0a	sbeaver	}
466	4260c32a	Stephen Beaver
467			unset($con_id);
468	86b2861c	Matt Smith	}
469	4260c32a	Stephen Beaver
470			}
471
472			$rgmap = array();
473	4b5f2ab3	Phil Davis	if (is_array($a_phase1)) {
474			foreach ($a_phase1 as $ph1ent) {
475			if (isset($ph1ent['disabled'])) {
476			continue;
477			}
478	4260c32a	Stephen Beaver
479	4b5f2ab3	Phil Davis	$rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway'];
480	4260c32a	Stephen Beaver
481	4b5f2ab3	Phil Davis	if ($ipsecconnected[$ph1ent['ikeid']]) {
482			continue;
483			}
484	4260c32a	Stephen Beaver
485	4b5f2ab3	Phil Davis	print("<tr>\n");
486	437263f2	Stephen Jones	print("<td></td>\n");
487	360e7711	Stephen Jones	print("<td>\n");
488	4b5f2ab3	Phil Davis	print(htmlspecialchars($ph1ent['descr']));
489			print("</td>\n");
490			print("<td>\n");
491	8af4e81e	jim-p	print("<b>ID:</b> \n");
492	4b5f2ab3	Phil Davis	list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
493	4260c32a	Stephen Beaver
494	4b5f2ab3	Phil Davis	if (empty($myid_data)) {
495			print(gettext("Unknown"));
496			} else {
497			print(htmlspecialchars($myid_data));
498			}
499	4260c32a	Stephen Beaver
500	8af4e81e	jim-p	print("<br/>\n");
501			print("<b>Host:</b> \n");
502	4b5f2ab3	Phil Davis	$ph1src = ipsec_get_phase1_src($ph1ent);
503	4260c32a	Stephen Beaver
504	4b5f2ab3	Phil Davis	if (empty($ph1src)) {
505			print(gettext("Unknown"));
506			} else {
507	c6220dcf	jim-p	print(htmlspecialchars(str_replace(',', ', ', $ph1src)));
508	4b5f2ab3	Phil Davis	}
509	4260c32a	Stephen Beaver
510	4b5f2ab3	Phil Davis	print("</td>\n");
511			print("<td>\n");
512	0da0d43e	Phil Davis
513	8af4e81e	jim-p	print("<b>ID:</b> \n");
514
515	4b5f2ab3	Phil Davis	list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
516	3795cc0a	sbeaver
517	4b5f2ab3	Phil Davis	if (empty($peerid_data)) {
518			print(gettext("Unknown"));
519			} else {
520			print(htmlspecialchars($peerid_data));
521			}
522	8af4e81e	jim-p
523			print("<br/>\n");
524			print("<b>Host:</b> \n");
525
526	4b5f2ab3	Phil Davis	$ph1src = ipsec_get_phase1_dst($ph1ent);
527	0da0d43e	Phil Davis
528	4b5f2ab3	Phil Davis	if (empty($ph1src)) {
529			print(gettext("Unknown"));
530			} else {
531			print(htmlspecialchars($ph1src));
532			}
533	0da0d43e	Phil Davis
534	4260c32a	Stephen Beaver	print("</td>\n");
535			print("<td>\n");
536			print("</td>\n");
537			print("<td>\n");
538			print("</td>\n");
539			print("<td>\n");
540			print("</td>\n");
541	3795cc0a	sbeaver
542	4b5f2ab3	Phil Davis	if (isset($ph1ent['mobile'])) {
543
544			print("<td>\n");
545			print(gettext("Awaiting connections"));
546			print("</td>\n");
547			print("<td>\n");
548			print("</td>\n");
549			print("</td>\n");
550			} else {
551
552			print("<td>\n");
553			print(gettext("Disconnected"));
554	c6220dcf	jim-p	print("<br/>\n");
555	64d53c69	Steve Beaver	print('<a href="status_ipsec.php?act=connect&ikeid=' . $ph1ent['ikeid'] . '" class="btn btn-xs btn-success" usepost>');
556	4b5f2ab3	Phil Davis	print('<i class="fa fa-sign-in icon-embed-btn"></i>');
557			print(gettext("Connect VPN"));
558			print("</a>\n");
559			print("</td>\n");
560
561			}
562			print("</tr>\n");
563	4260c32a	Stephen Beaver	}
564	97242546	Matt Smith	}
565
566	4260c32a	Stephen Beaver	unset($ipsecconnected, $phase1, $rgmap);
567	86b2861c	Matt Smith	}
568	3795cc0a	sbeaver
569	4260c32a	Stephen Beaver	$pgtitle = array(gettext("Status"), gettext("IPsec"), gettext("Overview"));
570	edcd7535	Phil Davis	$pglinks = array("", "@self", "@self");
571	4260c32a	Stephen Beaver	$shortcut_section = "ipsec";
572	0da0d43e	Phil Davis
573	4260c32a	Stephen Beaver	include("head.inc");
574	0da0d43e	Phil Davis
575	4260c32a	Stephen Beaver	$tab_array = array();
576			$tab_array[] = array(gettext("Overview"), true, "status_ipsec.php");
577			$tab_array[] = array(gettext("Leases"), false, "status_ipsec_leases.php");
578			$tab_array[] = array(gettext("SADs"), false, "status_ipsec_sad.php");
579			$tab_array[] = array(gettext("SPDs"), false, "status_ipsec_spd.php");
580			display_top_tabs($tab_array);
581	3795cc0a	sbeaver	?>
582	0da0d43e	Phil Davis
583	4260c32a	Stephen Beaver	<div class="panel panel-default">
584			<div class="panel-heading"><h2 class="panel-title"><?=gettext("IPsec Status");?></h2></div>
585			<div class="panel-body table-responsive">
586			<table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable>
587			<thead>
588			<tr>
589	3c5f4441	Stephen Jones	<th><?=gettext("IPsec ID")?></th>
590	4260c32a	Stephen Beaver	<th><?=gettext("Description")?></th>
591	8af4e81e	jim-p	<th><?=gettext("Local")?></th>
592			<th><?=gettext("Remote")?></th>
593	4260c32a	Stephen Beaver	<th><?=gettext("Role")?></th>
594	8af4e81e	jim-p	<th><?=gettext("Timers")?></th>
595	4260c32a	Stephen Beaver	<th><?=gettext("Algo")?></th>
596			<th><?=gettext("Status")?></th>
597			<th></th>
598			</tr>
599			</thead>
600			<tbody id="ipsec-body">
601			<tr>
602	fc48da17	NOYB	<td colspan="10">
603	6a9fa747	Steve Beaver	<?=print_info_box('<i class="fa fa-gear fa-spin"></i>  ' .
604			gettext("Collecting IPsec status information."), "warning", "")?>
605	3795cc0a	sbeaver	</td>
606			</tr>
607			</tbody>
608	c7fbdd6c	Ermal	</table>
609			</div>
610	3795cc0a	sbeaver	</div>
611
612			<?php
613			unset($status);
614	4260c32a	Stephen Beaver
615	d2c1089f	Phil Davis	if (ipsec_enabled()) {
616	4260c32a	Stephen Beaver	print('<div class="infoblock">');
617	d2c1089f	Phil Davis	} else {
618	4260c32a	Stephen Beaver	print('<div class="infoblock blockopen">');
619	d2c1089f	Phil Davis	}
620	4260c32a	Stephen Beaver
621	530c7ccf	NOYB	print_info_box(sprintf(gettext('IPsec can be configured %1$shere%2$s.'), '<a href="vpn_ipsec.php">', '</a>'), 'info', false);
622	d2c1089f	Phil Davis	?>
623			</div>
624	4260c32a	Stephen Beaver
625			<script type="text/javascript">
626			//<![CDATA[
627
628			events.push(function() {
629	067551a4	Stephen Beaver	ajax_lock = false; // Mutex so we don't make a call until the previous call is finished
630			sa_open = new Array(); // Array in which to keep the child SA show/hide state
631	29c1ecb8	Stephen Jones	tryCount = 3;
632	4260c32a	Stephen Beaver	// Fetch the tbody contents from the server
633			function update_table() {
634			if (ajax_lock) {
635			return;
636			}
637
638			ajax_lock = true;
639
640			ajaxRequest = $.ajax(
641			{
642			url: "/status_ipsec.php",
643			type: "post",
644			data: {
645			ajax: "ajax"
646	1144e24c	Steve Beaver	},
647			error: function(xhr, textStatus, errorThrown){
648			//alert("error.... retrying");
649	29c1ecb8	Stephen Jones	if (tryCount > 0){
650			tryCount --;
651	1144e24c	Steve Beaver	ajax_lock = false;
652			update_table();
653			}
654			return;
655	4260c32a	Stephen Beaver	}
656			}
657			);
658
659			// Deal with the results of the above ajax call
660			ajaxRequest.done(function (response, textStatus, jqXHR) {
661	29c1ecb8	Stephen Jones	if(textStatus === "success"){
662			tryCount =3;
663			}
664	fc48da17	NOYB	if (!response) {
665	2807660f	Stephen Jones	response = '<tr><td colspan="10"><?=print_info_box(addslashes(gettext("No IPsec status information available.")), "warning", "")?></td></tr>';
666	fc48da17	NOYB	}
667
668	4260c32a	Stephen Beaver	$('#ipsec-body').html(response);
669			ajax_lock = false;
670
671	067551a4	Stephen Beaver	// Update "Show child SA" handlers
672			$('[id^=btnchildsa-]').click(function () {
673	3c5f4441	Stephen Jones	show_childsa($(this).prop("id").replace( 'btnchildsa-', ''));
674	067551a4	Stephen Beaver	});
675
676			// Check the sa_open array for child SAs that have been opened
677	3c5f4441	Stephen Jones	$('[id^=childsa-]').each(function(idx) {
678			sa_idx = $(this).prop("id").replace( 'childsa-', '');
679	4260c32a	Stephen Beaver
680			if (sa_open[sa_idx]) {
681	067551a4	Stephen Beaver	show_childsa(sa_idx);
682	4260c32a	Stephen Beaver	}
683			});
684
685	64d53c69	Steve Beaver	// re-attached the GET to POST handler
686			interceptGET();
687
688	4260c32a	Stephen Beaver	// and do it again
689			setTimeout(update_table, 5000);
690			});
691			}
692
693	067551a4	Stephen Beaver	function show_childsa(said) {
694			sa_open[said] = true;
695	3c5f4441	Stephen Jones	$('#childsa-' + said).show();
696	c6220dcf	jim-p	$('#btnchildsa-' + said).hide();
697	067551a4	Stephen Beaver	}
698
699	4260c32a	Stephen Beaver	// Populate the tbody on page load
700			update_table();
701			});
702			//]]>
703			</script>
704
705	d2c1089f	Phil Davis	<?php
706	3795cc0a	sbeaver	include("foot.inc"); ?>

Project

General

Profile

pfSense