/usr/local/www/vpn_ipsec.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec.php @ 457106da

1	5b237745	Scott Ullrich	<?php
2			/*
3			vpn_ipsec.php
4	e2411886	Scott Ullrich	part of m0n0wall (http://m0n0.ch/wall)
5	574a2b47	Scott Ullrich
6	e2411886	Scott Ullrich	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
7	a93e56c5	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc
8	cfc707f7	Scott Ullrich	All rights reserved.
9	574a2b47	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	574a2b47	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	574a2b47	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	574a2b47	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec
34			##\|*NAME=VPN: IPsec page
35			##\|*DESCR=Allow access to the 'VPN: IPsec' page.
36			##\|MATCH=vpn_ipsec.php
37			##\|-PRIV
38
39
40	5b237745	Scott Ullrich	require("guiconfig.inc");
41
42	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase1']))
43			$config['ipsec']['phase1'] = array();
44
45			if (!is_array($config['ipsec']['phase2']))
46			$config['ipsec']['phase2'] = array();
47
48			$a_phase1 = &$config['ipsec']['phase1'];
49			$a_phase2 = &$config['ipsec']['phase2'];
50
51	e2411886	Scott Ullrich	$wancfg = &$config['interfaces']['wan'];
52	5b237745	Scott Ullrich
53			$pconfig['enable'] = isset($config['ipsec']['enable']);
54
55			if ($_POST) {
56
57			if ($_POST['apply']) {
58			$retval = 0;
59	647c7c48	Seth Mos	$retval = vpn_ipsec_refresh_policies();
60	3851094f	Scott Ullrich	$retval = vpn_ipsec_configure();
61	04b46591	Ermal Lu?i	/* reload the filter in the background */
62			filter_configure();
63	5b237745	Scott Ullrich	$savemsg = get_std_save_message($retval);
64			if ($retval == 0) {
65			if (file_exists($d_ipsecconfdirty_path))
66			unlink($d_ipsecconfdirty_path);
67			}
68			} else if ($_POST['submit']) {
69			$pconfig = $_POST;
70	574a2b47	Scott Ullrich
71	5b237745	Scott Ullrich	$config['ipsec']['enable'] = $_POST['enable'] ? true : false;
72	91f1378c	Scott Ullrich
73	5b237745	Scott Ullrich	write_config();
74			}
75			}
76
77	a93e56c5	Matthew Grooms	if ($_GET['act'] == "delph1")
78			{
79			if ($a_phase1[$_GET['p1index']]) {
80	6de5d673	Seth Mos	/* remove static route if interface is not WAN */
81	99bbd213	Matthew Grooms	if ($a_phase1[$_GET['p1index']]['interface'] <> "wan")
82	a93e56c5	Matthew Grooms	mwexec("/sbin/route delete -host {$$a_phase1[$_GET['p1index']]['remote-gateway']}");
83
84			/* remove all phase2 entries that match the ikeid */
85			$ikeid = $a_phase1[$_GET['p1index']]['ikeid'];
86	99bbd213	Matthew Grooms	foreach ($a_phase2 as $p2index => $ph2tmp)
87			if ($ph2tmp['ikeid'] == $ikeid)
88	a93e56c5	Matthew Grooms	unset($a_phase2[$p2index]);
89
90			/* remove the phase1 entry */
91			unset($a_phase1[$_GET['p1index']]);
92	647c7c48	Seth Mos	vpn_ipsec_refresh_policies();
93			vpn_ipsec_configure();
94	a93e56c5	Matthew Grooms	write_config();
95	72bd8df5	Ermal Lu?i	filter_configure();
96	a93e56c5	Matthew Grooms	header("Location: vpn_ipsec.php");
97			exit;
98			}
99			}
100
101			if ($_GET['act'] == "delph2")
102			{
103			if ($a_phase2[$_GET['p2index']]) {
104			/* remove the phase2 entry */
105			unset($a_phase2[$_GET['p2index']]);
106	647c7c48	Seth Mos	vpn_ipsec_refresh_policies();
107			vpn_ipsec_configure();
108	3fdb04a6	Scott Ullrich	filter_configure();
109	5b237745	Scott Ullrich	write_config();
110			header("Location: vpn_ipsec.php");
111			exit;
112			}
113			}
114	4df96eff	Scott Ullrich
115	d88c6a9f	Scott Ullrich	$pgtitle = array("VPN","IPsec");
116	4df96eff	Scott Ullrich	include("head.inc");
117
118	5b237745	Scott Ullrich	?>
119	4df96eff	Scott Ullrich
120	422f27c0	Scott Ullrich
121			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
122	5b237745	Scott Ullrich	<?php include("fbegin.inc"); ?>
123			<form action="vpn_ipsec.php" method="post">
124	323d040b	Scott Ullrich	<?php
125	a93e56c5	Matthew Grooms	if ($savemsg)
126			print_info_box($savemsg);
127			if ($pconfig['enable'] && file_exists($d_ipsecconfdirty_path))
128			print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect.");
129	574a2b47	Scott Ullrich	?>
130	a93e56c5	Matthew Grooms	<table width="100%" border="0" cellpadding="0" cellspacing="0">
131			<tr>
132			<td class="tabnavtbl">
133			<?php
134			$tab_array = array();
135			$tab_array[0] = array("Tunnels", true, "vpn_ipsec.php");
136	3462a529	Matthew Grooms	$tab_array[1] = array("Mobile clients", false, "vpn_ipsec_mobile.php");
137	a93e56c5	Matthew Grooms	display_top_tabs($tab_array);
138			?>
139			</td>
140			</tr>
141			<tr>
142			<td>
143			<div id="mainarea">
144	5bba8dfb	Scott Ullrich	<table border='1'>
145	a93e56c5	Matthew Grooms	<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
146			<tr>
147			<td class="vtable">
148	667725ce	Matthew Grooms	<table border="0" cellspacing="2" cellpadding="0">
149			<tr>
150			<td>
151			<input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked";?>>
152			</td>
153			<td>
154			<strong>Enable IPsec</strong>
155			</td>
156			</tr>
157			</table>
158	a93e56c5	Matthew Grooms	</td>
159			</tr>
160			<tr>
161			<td>
162			<input name="submit" type="submit" class="formbtn" value="Save">
163			</td>
164			</tr>
165			</table>
166			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
167	5bba8dfb	Scott Ullrich	<?php
168			$i = 0;
169			foreach ($a_phase1 as $ph1ent) {
170			if (isset( $ph1ent['disabled'])) {
171			$spans = "<span class=\"gray\">";
172			$spane = "</span>";
173			}
174			else
175			$spans = $spane = "";
176	96162327	Scott Ullrich
177			show_ipsec_header($ph1ent);
178			$counter++; // used to deterimine if we need to output header manually (no records exist)
179			?>
180	a0d4c5da	Matthew Grooms	<tr valign="top" ondblclick="document.location='vpn_ipsec_phase1.php?p1index=<?=$i;?>'">
181			<td class="listlr">
182	a93e56c5	Matthew Grooms	<?=$spans;?>
183			<?php
184			if ($ph1ent['interface']) {
185			$iflabels = get_configured_interface_with_descr();
186			$carpips = find_number_of_needed_carp_interfaces();
187			for( $j=0; $j<$carpips; $j++ ) {
188			$carpip = find_interface_ip("carp" . $j);
189			$iflabels['carp' . $j] = "CARP{$j} ({$carpip})";
190			}
191			$if = htmlspecialchars($iflabels[$ph1ent['interface']]);
192			}
193			else
194			$if = "WAN";
195
196	3462a529	Matthew Grooms	if (!isset($ph1ent['mobile']))
197			echo $if."<br>".$ph1ent['remote-gateway'];
198			else
199			echo $if."<br><strong>Mobile Client</strong>";
200	a93e56c5	Matthew Grooms	?>
201			<?=$spane;?>
202			</td>
203	a0d4c5da	Matthew Grooms	<td class="listr">
204	a93e56c5	Matthew Grooms	<?=$spans;?>
205			<?=$ph1ent['mode'];?>
206			<?=$spane;?>
207			</td>
208	a0d4c5da	Matthew Grooms	<td class="listr">
209	a93e56c5	Matthew Grooms	<?=$spans;?>
210			<?=$p1_ealgos[$ph1ent['encryption-algorithm']['name']]['name'];?>
211			<?php
212			if ($ph1ent['encryption-algorithm']['keylen']) {
213			if ($ph1ent['encryption-algorithm']['keylen']=="auto")
214			echo " (auto)";
215			else
216			echo " ({$ph1ent['encryption-algorithm']['keylen']} bits)";
217			}
218			?>
219			<?=$spane;?>
220			</td>
221	a0d4c5da	Matthew Grooms	<td class="listr">
222	a93e56c5	Matthew Grooms	<?=$spans;?>
223			<?=$p1_halgos[$ph1ent['hash-algorithm']];?>
224			<?=$spane;?>
225			</td>
226	b9056c39	Scott Ullrich	<td class="listbg">
227	a93e56c5	Matthew Grooms	<?=$spans;?>
228	b9056c39	Scott Ullrich	<?=htmlspecialchars($ph1ent['descr']);?>
229	a93e56c5	Matthew Grooms	<?=$spane;?>
230			</td>
231			<td valign="middle" nowrap class="list">
232			<table border="0" cellspacing="0" cellpadding="1">
233			<tr>
234			<td>
235			<a href="vpn_ipsec_phase1.php?p1index=<?=$i;?>">
236			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit phase1 entry" width="17" height="17" border="0">
237			</a>
238			</td>
239			<td>
240			<a href="vpn_ipsec.php?act=delph1&p1index=<?=$i;?>" onclick="return confirm('Do you really want to delete this phase1 and all associated phase2 entries?')">
241			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete phase1 entry" width="17" height="17" border="0">
242			</a>
243			</td>
244			</tr>
245	fce61eda	Matthew Grooms	<?php if (!isset($ph1ent['mobile'])): ?>
246	a93e56c5	Matthew Grooms	<tr>
247			<td>
248			</td>
249			<td>
250			<a href="vpn_ipsec_phase1.php?dup=<?=$i;?>">
251			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="copy phase1 entry" width="17" height="17" border="0">
252			</a>
253			</td>
254			</tr>
255	fce61eda	Matthew Grooms	<?php endif; ?>
256	a93e56c5	Matthew Grooms	</table>
257			</td>
258			</tr>
259			<tr>
260	abd378bf	Scott Ullrich	<td class="listrborder" colspan="5">
261	0a95b653	Scott Ullrich	<div id="shph2but-<?=$i?>">
262	e1b74950	Scott Ullrich	<?php
263			$phase2count=0;
264	b2a189a8	Scott Ullrich	foreach ($a_phase2 as $ph2ent) {
265	c82c89ac	Scott Ullrich	if ($ph2ent['ikeid'] != $ph1ent['ikeid'])
266	b2a189a8	Scott Ullrich	continue;
267			if (isset( $ph2ent['disabled']) \|\| isset($ph1ent['disabled']))
268			continue;
269	e1b74950	Scott Ullrich	$phase2count++;
270	b2a189a8	Scott Ullrich	}
271	e1b74950	Scott Ullrich	?>
272			<input type="button" onClick="show_phase2('tdph2-<?=$i?>','shph2but-<?=$i?>')" value="+"></input> - Show <?=$phase2count?> Phase-2 entries</a>
273	0a95b653	Scott Ullrich	</div>
274			<table class="tabcont" width="100%" height="100%" border="0" cellspacing="0" cellpadding="0" id="tdph2-<?=$i?>" style="display:none">
275	a93e56c5	Matthew Grooms	<tr>
276	4b96b367	mgrooms	<td class="listhdrr">Mode</td>
277			<?php if($ph2ent['mode'] == "tunnel"): ?>
278	fabd8cdb	Seth Mos	<td class="listhdrr">Local Subnet</td>
279			<td class="listhdrr">Remote Subnet</td>
280	4b96b367	mgrooms	<?php endif; ?>
281	fabd8cdb	Seth Mos	<td class="listhdrr">P2 Protocol</td>
282			<td class="listhdrr">P2 Transforms</td>
283			<td class="listhdrr">P2 Auth Methods</td>
284	a93e56c5	Matthew Grooms	<td class ="list">
285	3462a529	Matthew Grooms	<a href="vpn_ipsec_phase2.php?ikeid=<?=$ph1ent['ikeid'];?><?php if (isset($ph1ent['mobile'])) echo "&mobile=true";?>">
286	a93e56c5	Matthew Grooms	<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add phase2 entry" width="17" height="17" border="0">
287			</a>
288			</td>
289			</tr>
290			<?php
291			$j = 0;
292			foreach ($a_phase2 as $ph2ent) {
293			if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
294			$j++;
295			continue;
296			}
297
298			if (isset( $ph2ent['disabled']) \|\| isset($ph1ent['disabled'])) {
299			$spans = "<span class=\"gray\">";
300			$spane = "</span>";
301			}
302			else
303			$spans = $spane = "";
304			?>
305	a0d4c5da	Matthew Grooms	<tr valign="top" ondblclick="document.location='vpn_ipsec_phase2.php?p2index=<?=$i;?>'">
306	3462a529	Matthew Grooms
307	a0d4c5da	Matthew Grooms	<td nowrap class="listlr">
308	4b96b367	mgrooms	<?=$spans;?>
309			<?=$ph2ent['mode'];?>
310			<?=$spane;?>
311			</td>
312			<?php if($ph2ent['mode'] == "tunnel"): ?>
313			<td nowrap class="listr">
314	a93e56c5	Matthew Grooms	<?=$spans;?>
315	3462a529	Matthew Grooms	<?=ipsec_idinfo_to_text($ph2ent['localid']); ?>
316	a93e56c5	Matthew Grooms	<?=$spane;?>
317			</td>
318	a0d4c5da	Matthew Grooms	<td nowrap class="listr">
319	a93e56c5	Matthew Grooms	<?=$spans;?>
320	3462a529	Matthew Grooms	<?=ipsec_idinfo_to_text($ph2ent['remoteid']); ?>
321	a93e56c5	Matthew Grooms	<?=$spane;?>
322			</td>
323	4b96b367	mgrooms	<?php endif; ?>
324	a0d4c5da	Matthew Grooms	<td nowrap class="listr">
325	a93e56c5	Matthew Grooms	<?=$spans;?>
326	3462a529	Matthew Grooms	<?php echo $p2_protos[$ph2ent['protocol']]; ?>
327	a93e56c5	Matthew Grooms	<?=$spane;?>
328			</td>
329	a0d4c5da	Matthew Grooms	<td class="listr">
330	a93e56c5	Matthew Grooms	<?=$spans;?>
331			<?php
332			$k = 0;
333			foreach ($ph2ent['encryption-algorithm-option'] as $ph2ea) {
334			if ($k++)
335			echo ", ";
336			echo $p2_ealgos[$ph2ea['name']]['name'];
337			if ($ph2ea['keylen']) {
338			if ($ph2ea['keylen']=="auto")
339			echo " (auto)";
340			else
341			echo " ({$ph2ea['keylen']} bits)";
342			}
343			}
344			?>
345			<?=$spane;?>
346			</td>
347	a0d4c5da	Matthew Grooms	<td nowrap class="listr">
348	a93e56c5	Matthew Grooms	<?=$spans;?>
349			<?php
350			$k = 0;
351			foreach ($ph2ent['hash-algorithm-option'] as $ph2ha) {
352			if ($k++)
353			echo ", ";
354			echo $p2_halgos[$ph2ha];
355			}
356			?>
357			<?=$spane;?>
358			</td>
359			<td nowrap class="list">
360			<a href="vpn_ipsec_phase2.php?p2index=<?=$j;?>">
361			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit phase2 entry" width="17" height="17" border="0">
362			</a>
363			<a href="vpn_ipsec.php?act=delph2&p2index=<?=$j;?>" onclick="return confirm('Do you really want to delete this phase2 entry?')">
364			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete phase2 entry" width="17" height="17" border="0">
365			</a>
366			</td>
367			</tr>
368	3462a529	Matthew Grooms
369	a93e56c5	Matthew Grooms	<?php
370			$j++;
371			}
372			?>
373			</table>
374			</td>
375			</tr>
376	0a95b653	Scott Ullrich	<tr>
377			<td>
378
379			</td>
380			</tr>
381	a93e56c5	Matthew Grooms	<?php
382			$i++;
383			}
384	96162327	Scott Ullrich	if(!$counter)
385			show_ipsec_header();
386	5b237745	Scott Ullrich	?>
387	a93e56c5	Matthew Grooms	<tr>
388			<td class="list" colspan="5"></td>
389			<td class="list">
390			<table border="0" cellspacing="0" cellpadding="1">
391			<tr>
392			<td width="17"></td>
393			<td>
394			<a href="vpn_ipsec_phase1.php">
395			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add phase1 entry" width="17" height="17" border="0">
396			</a>
397			</td>
398			</tr>
399			</table>
400			<td>
401			</tr>
402			<tr>
403			<td colspan="4">
404			<p>
405			<span class="vexpl">
406			<span class="red">
407			<strong>Note:<br></strong>
408			</span>
409			You can check your IPsec status at <a href="diag_ipsec.php">Status:IPsec</a>.
410			</span>
411			</p>
412			</td>
413			</tr>
414			</table>
415			</div>
416			</td>
417	5b237745	Scott Ullrich	</tr>
418			</table>
419			</form>
420			<?php include("fend.inc"); ?>
421	0a95b653	Scott Ullrich	<script type="text/javascript">
422			function show_phase2(id, buttonid) {
423			document.getElementById(buttonid).innerHTML='';
424			aodiv = document.getElementById(id);
425			aodiv.style.display = "block";
426			}
427			</script>
428	323d040b	Scott Ullrich	</body>
429			</html>
430	96162327	Scott Ullrich
431			<?php
432
433			function show_ipsec_header() {
434			if (isset($ph1ent['mobile'])) $mobile = "&mobile=true";
435			echo <<<EOF
436			<tr>
437	fabd8cdb	Seth Mos	<td class="listhdrr">Remote Gateway</td>
438			<td class="listhdrr">Mode</td>
439			<td class="listhdrr">P1 Protocol</td>
440			<td class="listhdrr">P1 Transforms</td>
441	87e07f52	mgrooms	<td class="listhdrr">P1 Description</td>
442	96162327	Scott Ullrich	<td class ="list">
443			<a href="vpn_ipsec_phase2.php?ikeid={$ph1ent['ikeid']}{$mobile}">
444			<img src="./themes/{$g['theme']}/images/icons/icon_plus.gif" title="add phase2 entry" width="17" height="17" border="0">
445			</a>
446			</td>
447			</tr>
448
449			EOF;
450
451			}
452
453	04831121	Bill Marquette	?>

Project

General

Profile

pfSense