/usr/local/www/vpn_ipsec_phase1.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase1.php @ 460719c8

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase1.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8	fa4e059e	Ermal	Copyright (C) 2014 Ermal LUÇI
9	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
10	a93e56c5	Matthew Grooms	All rights reserved.
11
12			Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14
15			1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17
18			2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21
22			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33
34	6b07c15a	Matthew Grooms	##\|+PRIV
35			##\|*IDENT=page-vpn-ipsec-editphase1
36			##\|*NAME=VPN: IPsec: Edit Phase 1 page
37			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 1' page.
38			##\|MATCH=vpn_ipsec_phase1.php
39			##\|-PRIV
40
41	0f84b741	Scott Ullrich	require("functions.inc");
42	a93e56c5	Matthew Grooms	require("guiconfig.inc");
43	483e6de8	Scott Ullrich	require_once("ipsec.inc");
44			require_once("vpn.inc");
45	a93e56c5	Matthew Grooms
46			if (!is_array($config['ipsec']['phase1']))
47			$config['ipsec']['phase1'] = array();
48
49	647c7c48	Seth Mos	if (!is_array($config['ipsec']['phase2']))
50			$config['ipsec']['phase2'] = array();
51
52	a93e56c5	Matthew Grooms	$a_phase1 = &$config['ipsec']['phase1'];
53	647c7c48	Seth Mos	$a_phase2 = &$config['ipsec']['phase2'];
54	a93e56c5	Matthew Grooms
55	e41ec584	Renato Botelho	if (is_numericint($_GET['p1index']))
56			$p1index = $_GET['p1index'];
57	9caf5eca	Renato Botelho	if (isset($_POST['p1index']) && is_numericint($_POST['p1index']))
58	a93e56c5	Matthew Grooms	$p1index = $_POST['p1index'];
59
60	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
61	a93e56c5	Matthew Grooms	$p1index = $_GET['dup'];
62
63	fad728ab	sullrich	if (isset($p1index) && $a_phase1[$p1index]) {
64	99bbd213	Matthew Grooms	// don't copy the ikeid on dup
65	e41ec584	Renato Botelho	if (!isset($_GET['dup']) \|\| !is_numericint($_GET['dup']))
66	99bbd213	Matthew Grooms	$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
67	7fc26246	Seth Mos
68	647c7c48	Seth Mos	$old_ph1ent = $a_phase1[$p1index];
69	99bbd213	Matthew Grooms
70	a93e56c5	Matthew Grooms	$pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']);
71
72			if ($a_phase1[$p1index]['interface'])
73			$pconfig['interface'] = $a_phase1[$p1index]['interface'];
74			else
75			$pconfig['interface'] = "wan";
76
77			list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
78	3462a529	Matthew Grooms
79			if (isset($a_phase1[$p1index]['mobile']))
80			$pconfig['mobile'] = 'true';
81			else
82			$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
83
84	fa4e059e	Ermal	if (empty($a_phase1[$p1index]['iketype']))
85			$pconfig['iketype'] = "ikev1";
86			else
87			$pconfig['iketype'] = $a_phase1[$p1index]['iketype'];
88	a93e56c5	Matthew Grooms	$pconfig['mode'] = $a_phase1[$p1index]['mode'];
89	e79b24ab	Seth Mos	$pconfig['protocol'] = $a_phase1[$p1index]['protocol'];
90	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
91			$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data'];
92			$pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type'];
93			$pconfig['peerid_data'] = $a_phase1[$p1index]['peerid_data'];
94			$pconfig['ealgo'] = $a_phase1[$p1index]['encryption-algorithm'];
95			$pconfig['halgo'] = $a_phase1[$p1index]['hash-algorithm'];
96			$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup'];
97			$pconfig['lifetime'] = $a_phase1[$p1index]['lifetime'];
98			$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
99	4e2af464	Matthew Grooms
100	ab2ccd9f	Renato Botelho	if (($pconfig['authentication_method'] == "pre_shared_key") \|\|
101	4e2af464	Matthew Grooms	($pconfig['authentication_method'] == "xauth_psk_server")) {
102			$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
103			} else {
104	73fbece8	mgrooms	$pconfig['certref'] = $a_phase1[$p1index]['certref'];
105	a22d475f	jim-p	$pconfig['caref'] = $a_phase1[$p1index]['caref'];
106	4e2af464	Matthew Grooms	}
107	a93e56c5	Matthew Grooms
108			$pconfig['descr'] = $a_phase1[$p1index]['descr'];
109			$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
110	3462a529	Matthew Grooms
111	ce21dfca	Ermal	if (isset($a_phase1[$p1index]['reauth_enable']))
112	0e7aad67	Ermal	$pconfig['reauth_enable'] = true;
113	ce21dfca	Ermal	if (isset($a_phase1[$p1index]['rekey_enable']))
114	0e7aad67	Ermal	$pconfig['rekey_enable'] = true;
115
116	3462a529	Matthew Grooms	if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) {
117			$pconfig['dpd_enable'] = true;
118			$pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay'];
119			$pconfig['dpd_maxfail'] = $a_phase1[$p1index]['dpd_maxfail'];
120			}
121	fad728ab	sullrich	} else {
122	a93e56c5	Matthew Grooms	/* defaults */
123			$pconfig['interface'] = "wan";
124	ab2ccd9f	Renato Botelho	if($config['interfaces']['lan'])
125	a93e56c5	Matthew Grooms	$pconfig['localnet'] = "lan";
126	460719c8	Chris Buechler	$pconfig['mode'] = "main";
127	e79b24ab	Seth Mos	$pconfig['protocol'] = "inet";
128	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = "myaddress";
129			$pconfig['peerid_type'] = "peeraddress";
130			$pconfig['authentication_method'] = "pre_shared_key";
131			$pconfig['ealgo'] = array( name => "3des" );
132			$pconfig['halgo'] = "sha1";
133			$pconfig['dhgroup'] = "2";
134			$pconfig['lifetime'] = "28800";
135	86ef7a0a	Ermal	$pconfig['nat_traversal'] = 'on';
136	3462a529	Matthew Grooms	$pconfig['dpd_enable'] = true;
137	20452c68	Ermal	$pconfig['iketype'] = "ikev1";
138	3462a529	Matthew Grooms
139			/* mobile client */
140	460719c8	Chris Buechler	if($_GET['mobile']) {
141	3462a529	Matthew Grooms	$pconfig['mobile']=true;
142	460719c8	Chris Buechler	$pconfig['mode'] = "aggressive";
143			}
144	a93e56c5	Matthew Grooms	}
145
146	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
147	a93e56c5	Matthew Grooms	unset($p1index);
148
149			if ($_POST) {
150			unset($input_errors);
151			$pconfig = $_POST;
152
153			/* input validation */
154	3462a529	Matthew Grooms
155			$method = $pconfig['authentication_method'];
156	f27526cd	Evgeny Yurchenko	// Unset ca and cert if not required to avaoid storing in config
157	c7a7a4ee	Ermal Luçi	if ($method == "pre_shared_key" \|\| $method == "xauth_psk_server"){
158	ab2ccd9f	Renato Botelho	unset($pconfig['caref']);
159			unset($pconfig['certref']);
160	f27526cd	Evgeny Yurchenko	}
161	99642234	jim-p
162	1f65618b	jim-p	// Only require PSK here for normal PSK tunnels (not mobile) or xauth.
163	0a7c9c8e	jim-p	// For RSA methods, require the CA/Cert.
164	99642234	jim-p	switch ($method) {
165	fa4e059e	Ermal	case "eap-tls":
166			if ($pconfig['iketype'] != 'ikev2')
167			$input_errors[] = gettext("EAP-TLS can only be used with IKEv2 type VPNs.");
168			break;
169	99642234	jim-p	case "pre_shared_key":
170	ab2ccd9f	Renato Botelho	// If this is a mobile PSK tunnel the user PSKs go on
171	0a7c9c8e	jim-p	// the PSK tab, not here, so skip the check.
172	99642234	jim-p	if ($pconfig['mobile'])
173			break;
174			case "xauth_psk_server":
175			$reqdfields = explode(" ", "pskey");
176			$reqdfieldsn = array(gettext("Pre-Shared Key"));
177	69b79ff0	Renato Botelho	$validate_pskey = true;
178	99642234	jim-p	break;
179			case "hybrid_rsa_server":
180			case "xauth_rsa_server":
181			case "rsasig":
182			$reqdfields = explode(" ", "caref certref");
183			$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
184			break;
185	a93e56c5	Matthew Grooms	}
186	3462a529	Matthew Grooms	if (!$pconfig['mobile']) {
187			$reqdfields[] = "remotegw";
188	2fbb33f1	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote gateway");
189	3462a529	Matthew Grooms	}
190	a93e56c5	Matthew Grooms
191	1e9b4611	Renato Botelho	do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
192	a93e56c5	Matthew Grooms
193	69b79ff0	Renato Botelho	if (isset($validate_pskey) && isset($pconfig['pskey']) && !preg_match('/^[[:ascii:]]*$/', $pconfig['pskey'])) {
194			unset($validate_pskey);
195			$input_errors[] = gettext("Pre-Shared Key contains invalid characters.");
196			}
197
198	3462a529	Matthew Grooms	if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
199	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("The P1 lifetime must be an integer.");
200	a93e56c5	Matthew Grooms
201	e4ffca08	Renato Botelho	if ($pconfig['remotegw']) {
202			if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw']))
203			$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
204			elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet"))
205			$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6");
206			elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6"))
207			$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4");
208			}
209	a93e56c5	Matthew Grooms
210	3462a529	Matthew Grooms	if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
211	a93e56c5	Matthew Grooms	$t = 0;
212			foreach ($a_phase1 as $ph1tmp) {
213			if ($p1index <> $t) {
214			$tremotegw = $pconfig['remotegw'];
215			if (($ph1tmp['remote-gateway'] == $tremotegw) && !isset($ph1tmp['disabled'])) {
216	ddc55e12	Erik Fonnesbeck	$input_errors[] = sprintf(gettext('The remote gateway "%1$s" is already used by phase1 "%2$s".'), $tremotegw, $ph1tmp['descr']);
217	a93e56c5	Matthew Grooms	}
218			}
219			$t++;
220			}
221			}
222
223	e4ffca08	Renato Botelho	if (is_array($a_phase2) && (count($a_phase2))) {
224			foreach ($a_phase2 as $phase2) {
225			if($phase2['ikeid'] == $pconfig['ikeid']) {
226			if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) {
227			$input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4.");
228			break;
229			}
230			if (($pconfig['protocol'] == "inet6") && ($phase2['mode'] == "tunnel")) {
231			$input_errors[] = gettext("There is a Phase 2 using IPv4, you cannot use IPv6.");
232			break;
233			}
234			}
235			}
236			}
237
238	a93e56c5	Matthew Grooms	/* My identity */
239
240	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "myaddress")
241			$pconfig['myid_data'] = "";
242	a93e56c5	Matthew Grooms
243	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
244	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter an address for 'My Identifier'");
245
246	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
247	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
248
249	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
250	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
251
252	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
253	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
254
255	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
256	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
257
258	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
259	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'My identifier' must be specified.");
260	a93e56c5	Matthew Grooms
261	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
262	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'My identifier' must be specified.");
263	a93e56c5	Matthew Grooms
264	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn")
265			if (is_domain($pconfig['myid_data']) == false)
266	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified.");
267	a93e56c5	Matthew Grooms
268	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn") {
269			$user_fqdn = explode("@",$pconfig['myid_data']);
270	a93e56c5	Matthew Grooms	if (is_domain($user_fqdn[1]) == false)
271	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.");
272	a93e56c5	Matthew Grooms	}
273
274	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns")
275			if (is_domain($pconfig['myid_data']) == false)
276	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified.");
277	a93e56c5	Matthew Grooms
278			/* Peer identity */
279
280	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "peeraddress")
281			$pconfig['peerid_data'] = "";
282
283	1f65618b	jim-p	// Only enforce peer ID if we are not dealing with a pure-psk mobile config.
284			if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) {
285			if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
286			$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
287	a93e56c5	Matthew Grooms
288	1f65618b	jim-p	if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
289			$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
290	a93e56c5	Matthew Grooms
291	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
292			$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
293	a93e56c5	Matthew Grooms
294	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
295			$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
296	a93e56c5	Matthew Grooms
297	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
298	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified.");
299	a93e56c5	Matthew Grooms
300	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
301	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified.");
302	a93e56c5	Matthew Grooms
303	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn")
304			if (is_domain($pconfig['peerid_data']) == false)
305	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified.");
306	a93e56c5	Matthew Grooms
307	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn") {
308			$user_fqdn = explode("@",$pconfig['peerid_data']);
309			if (is_domain($user_fqdn[1]) == false)
310	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.");
311	1f65618b	jim-p	}
312	a93e56c5	Matthew Grooms	}
313
314	3462a529	Matthew Grooms	if ($pconfig['dpd_enable']) {
315			if (!is_numeric($pconfig['dpd_delay']))
316	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD delay.");
317	a93e56c5	Matthew Grooms
318	3462a529	Matthew Grooms	if (!is_numeric($pconfig['dpd_maxfail']))
319	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD retries.");
320	a93e56c5	Matthew Grooms	}
321
322	ddabd9d6	Ermal	if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2" && $pconfig['iketype'] != "auto")
323			$input_errors[] = gettext("Valid arguments for IKE type is v1 or v2 or auto");
324	20452c68	Ermal
325	a93e56c5	Matthew Grooms	/* build our encryption algorithms array */
326			$pconfig['ealgo'] = array();
327			$pconfig['ealgo']['name'] = $_POST['ealgo'];
328	3462a529	Matthew Grooms	if($pconfig['ealgo_keylen'])
329	a93e56c5	Matthew Grooms	$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
330
331			if (!$input_errors) {
332	3462a529	Matthew Grooms	$ph1ent['ikeid'] = $pconfig['ikeid'];
333	20452c68	Ermal	$ph1ent['iketype'] = $pconfig['iketype'];
334	8e87f714	Ermal LUÇI	if ($pconfig['iketype'] != 'ikev1')
335			unset($ph1ent['mode']);
336			else
337			$ph1ent['mode'] = $pconfig['mode'];
338	3462a529	Matthew Grooms	$ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
339	a93e56c5	Matthew Grooms	$ph1ent['interface'] = $pconfig['interface'];
340			/* if the remote gateway changed and the interface is not WAN then remove route */
341			/* the vpn_ipsec_configure() handles adding the route */
342	3462a529	Matthew Grooms	if ($pconfig['interface'] <> "wan") {
343	7fc26246	Seth Mos	if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
344	3acab378	smos	mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
345	a93e56c5	Matthew Grooms	}
346			}
347
348	3462a529	Matthew Grooms	if ($pconfig['mobile'])
349			$ph1ent['mobile'] = true;
350			else
351			$ph1ent['remote-gateway'] = $pconfig['remotegw'];
352
353	e79b24ab	Seth Mos	$ph1ent['protocol'] = $pconfig['protocol'];
354	3462a529	Matthew Grooms
355			$ph1ent['myid_type'] = $pconfig['myid_type'];
356			$ph1ent['myid_data'] = $pconfig['myid_data'];
357			$ph1ent['peerid_type'] = $pconfig['peerid_type'];
358			$ph1ent['peerid_data'] = $pconfig['peerid_data'];
359	a93e56c5	Matthew Grooms
360			$ph1ent['encryption-algorithm'] = $pconfig['ealgo'];
361	3462a529	Matthew Grooms	$ph1ent['hash-algorithm'] = $pconfig['halgo'];
362			$ph1ent['dhgroup'] = $pconfig['dhgroup'];
363			$ph1ent['lifetime'] = $pconfig['lifetime'];
364			$ph1ent['pre-shared-key'] = $pconfig['pskey'];
365			$ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
366	73fbece8	mgrooms	$ph1ent['certref'] = $pconfig['certref'];
367	a22d475f	jim-p	$ph1ent['caref'] = $pconfig['caref'];
368	3462a529	Matthew Grooms	$ph1ent['authentication_method'] = $pconfig['authentication_method'];
369			$ph1ent['descr'] = $pconfig['descr'];
370			$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
371
372	0e7aad67	Ermal	if (isset($pconfig['reauth_enable']))
373			$ph1ent['reauth_enable'] = true;
374			if (isset($pconfig['rekey_enable']))
375			$ph1ent['rekey_enable'] = true;
376
377	3462a529	Matthew Grooms	if (isset($pconfig['dpd_enable'])) {
378			$ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
379			$ph1ent['dpd_maxfail'] = $pconfig['dpd_maxfail'];
380			}
381
382	a93e56c5	Matthew Grooms	/* generate unique phase1 ikeid */
383	d799787e	Matthew Grooms	if ($ph1ent['ikeid'] == 0)
384			$ph1ent['ikeid'] = ipsec_ikeid_next();
385	a93e56c5	Matthew Grooms
386			if (isset($p1index) && $a_phase1[$p1index])
387			$a_phase1[$p1index] = $ph1ent;
388			else
389			$a_phase1[] = $ph1ent;
390
391			write_config();
392	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
393	a93e56c5	Matthew Grooms
394			header("Location: vpn_ipsec.php");
395			exit;
396			}
397			}
398
399	3462a529	Matthew Grooms	if ($pconfig['mobile'])
400	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client"));
401	3462a529	Matthew Grooms	else
402	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"));
403	b32dd0a6	jim-p	$shortcut_section = "ipsec";
404	6deedfde	jim-p
405	3462a529	Matthew Grooms
406	a93e56c5	Matthew Grooms	include("head.inc");
407
408			?>
409
410			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
411			<?php include("fbegin.inc"); ?>
412	91f026b0	ayvis	<script type="text/javascript">
413	a0fca224	Colin Fleming	//<![CDATA[
414	3462a529	Matthew Grooms
415			function myidsel_change() {
416			index = document.iform.myid_type.selectedIndex;
417			value = document.iform.myid_type.options[index].value;
418			if (value == 'myaddress')
419	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'hidden';
420	3462a529	Matthew Grooms	else
421	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'visible';
422	3462a529	Matthew Grooms	}
423
424	0771969b	Ermal LUÇI	function iketype_change() {
425			index = document.iform.iketype.selectedIndex;
426			value = document.iform.iketype.options[index].value;
427			if (value == 'ikev2')
428			document.getElementById('negmode').style.display= 'none';
429			else
430			document.getElementById('negmode').style.display = '';
431			}
432
433	3462a529	Matthew Grooms	function peeridsel_change() {
434			index = document.iform.peerid_type.selectedIndex;
435			value = document.iform.peerid_type.options[index].value;
436			if (value == 'peeraddress')
437	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'hidden';
438	3462a529	Matthew Grooms	else
439	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'visible';
440	3462a529	Matthew Grooms	}
441
442	a93e56c5	Matthew Grooms	function methodsel_change() {
443	3462a529	Matthew Grooms	index = document.iform.authentication_method.selectedIndex;
444			value = document.iform.authentication_method.options[index].value;
445
446			switch (value) {
447	fa4e059e	Ermal	case 'eap-tls':
448			document.getElementById('opt_psk').style.display = 'none';
449			document.getElementById('opt_peerid').style.display = '';
450			document.getElementById('opt_cert').style.display = '';
451			document.getElementById('opt_ca').style.display = '';
452			document.getElementById('opt_cert').disabled = false;
453			document.getElementById('opt_ca').disabled = false;
454			break;
455			case 'hybrid_rsa_server':
456			document.getElementById('opt_psk').style.display = 'none';
457			document.getElementById('opt_peerid').style.display = '';
458			document.getElementById('opt_cert').style.display = '';
459			document.getElementById('opt_ca').style.display = '';
460			document.getElementById('opt_cert').disabled = false;
461			document.getElementById('opt_ca').disabled = false;
462			break;
463			case 'xauth_rsa_server':
464			case 'rsasig':
465			document.getElementById('opt_psk').style.display = 'none';
466			document.getElementById('opt_peerid').style.display = '';
467			document.getElementById('opt_cert').style.display = '';
468			document.getElementById('opt_ca').style.display = '';
469			document.getElementById('opt_cert').disabled = false;
470			document.getElementById('opt_ca').disabled = false;
471			break;
472	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
473	fa4e059e	Ermal	case 'pre_shared_key':
474			document.getElementById('opt_psk').style.display = 'none';
475			document.getElementById('opt_peerid').style.display = 'none';
476			document.getElementById('opt_cert').style.display = 'none';
477			document.getElementById('opt_ca').style.display = 'none';
478			document.getElementById('opt_cert').disabled = true;
479			document.getElementById('opt_ca').disabled = true;
480			break;
481	1f65618b	jim-p	<?php } ?>
482	fa4e059e	Ermal	default: /* psk modes*/
483			document.getElementById('opt_psk').style.display = '';
484			document.getElementById('opt_peerid').style.display = '';
485			document.getElementById('opt_cert').style.display = 'none';
486			document.getElementById('opt_ca').style.display = 'none';
487			document.getElementById('opt_cert').disabled = true;
488			document.getElementById('opt_ca').disabled = true;
489			break;
490	a93e56c5	Matthew Grooms	}
491			}
492
493			/* PHP generated java script for variable length keys */
494			function ealgosel_change(bits) {
495			switch (document.iform.ealgo.selectedIndex) {
496			<?php
497	ab2ccd9f	Renato Botelho	$i = 0;
498			foreach ($p1_ealgos as $algo => $algodata) {
499			if (is_array($algodata['keysel'])) {
500			echo " case {$i}:\n";
501			echo " document.iform.ealgo_keylen.style.visibility = 'visible';\n";
502			echo " document.iform.ealgo_keylen.options.length = 0;\n";
503			// echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
504
505			$key_hi = $algodata['keysel']['hi'];
506			$key_lo = $algodata['keysel']['lo'];
507			$key_step = $algodata['keysel']['step'];
508
509			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step)
510			echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n";
511			echo " break;\n";
512			} else {
513			echo " case {$i}:\n";
514			echo " document.iform.ealgo_keylen.style.visibility = 'hidden';\n";
515			echo " document.iform.ealgo_keylen.options.length = 0;\n";
516			echo " break;\n";
517			}
518			$i++;
519			}
520	a93e56c5	Matthew Grooms	?>
521			}
522
523			if( bits )
524			document.iform.ealgo_keylen.value = bits;
525			}
526	3462a529	Matthew Grooms
527	a93e56c5	Matthew Grooms	function dpdchkbox_change() {
528	5a3b0d3b	mgrooms	if( document.iform.dpd_enable.checked )
529			document.getElementById('opt_dpd').style.display = '';
530			else
531			document.getElementById('opt_dpd').style.display = 'none';
532	3462a529	Matthew Grooms
533			if (!document.iform.dpd_delay.value)
534			document.iform.dpd_delay.value = "10";
535
536			if (!document.iform.dpd_maxfail.value)
537			document.iform.dpd_maxfail.value = "5";
538	a93e56c5	Matthew Grooms	}
539	3462a529	Matthew Grooms
540	a0fca224	Colin Fleming	//]]>
541	a93e56c5	Matthew Grooms	</script>
542	5a3b0d3b	mgrooms
543			<form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform">
544
545			<?php
546			if ($input_errors)
547			print_input_errors($input_errors);
548			?>
549
550	a0fca224	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-1">
551	5a3b0d3b	mgrooms	<tr class="tabnavtbl">
552			<td id="tabnav">
553			<?php
554			$tab_array = array();
555	2fbb33f1	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
556			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
557	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
558	71172088	jim-p	$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
559	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
560			?>
561			</td>
562			</tr>
563			<tr>
564			<td id="mainarea">
565			<div class="tabcont">
566	a0fca224	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
567	5a3b0d3b	mgrooms	<tr>
568	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
569	5a3b0d3b	mgrooms	</tr>
570			<tr>
571	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
572	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
573	a0fca224	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
574	8cd558b6	ayvis	<strong><?=gettext("Disable this phase1 entry"); ?></strong><br />
575	5a3b0d3b	mgrooms	<span class="vexpl">
576	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this phase1 without " .
577			"removing it from the list"); ?>.
578	5a3b0d3b	mgrooms	</span>
579			</td>
580			</tr>
581	20452c68	Ermal	<tr>
582			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key Exchange version"); ?></td>
583			<td width="78%" class="vtable">
584	0771969b	Ermal LUÇI	<select name="iketype" class="formselect" onchange='iketype_change()'>
585	20452c68	Ermal	<?php
586	ddabd9d6	Ermal	$keyexchange = array("ikev1" => "V1", "ikev2" => "V2", "auto" => "Auto");
587	20452c68	Ermal	foreach ($keyexchange as $kidx => $name):
588			?>
589	a0fca224	Colin Fleming	<option value="<?=$kidx;?>" <?php if ($kidx == $pconfig['iketype']) echo "selected=\"selected\""; ?>>
590	20452c68	Ermal	<?=htmlspecialchars($name);?>
591			</option>
592			<?php endforeach; ?>
593	24aa9e40	Chris Buechler	</select> <br /> <span class="vexpl"><?=gettext("Select the Internet Key Exchange protocol version to be used, IKEv1 or IKEv2"); ?>.</span>
594	20452c68	Ermal	</td>
595			</tr>
596	e79b24ab	Seth Mos	<tr>
597			<td width="22%" valign="top" class="vncellreq"><?=gettext("Internet Protocol"); ?></td>
598			<td width="78%" class="vtable">
599			<select name="protocol" class="formselect">
600			<?php
601			$protocols = array("inet" => "IPv4", "inet6" => "IPv6");
602			foreach ($protocols as $protocol => $name):
603			?>
604	a0fca224	Colin Fleming	<option value="<?=$protocol;?>" <?php if ($protocol == $pconfig['protocol']) echo "selected=\"selected\""; ?>>
605	e79b24ab	Seth Mos	<?=htmlspecialchars($name);?>
606			</option>
607			<?php endforeach; ?>
608	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
609	e79b24ab	Seth Mos	</td>
610			</tr>
611	5a3b0d3b	mgrooms	<tr>
612	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
613	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
614			<select name="interface" class="formselect">
615	ab2ccd9f	Renato Botelho	<?php
616	5a3b0d3b	mgrooms	$interfaces = get_configured_interface_with_descr();
617	6dbffeda	smos
618	abcb2bed	Ermal Lu?i	$carplist = get_configured_carp_interface_list();
619			foreach ($carplist as $cif => $carpip)
620	dd62256f	Pierre POMES	$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
621	6dbffeda	smos
622	25f6730a	Pierre POMES	$aliaslist = get_configured_ip_aliases_list();
623			foreach ($aliaslist as $aliasip => $aliasif)
624	96b4c29a	Pierre POMES	$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
625	6dbffeda	smos
626			$grouplist = return_gateway_groups_array();
627			foreach ($grouplist as $name => $group) {
628			if($group[0]['vip'] <> "")
629			$vipif = $group[0]['vip'];
630			else
631			$vipif = $group[0]['int'];
632			$interfaces[$name] = "GW Group {$name}";
633			}
634
635
636	5a3b0d3b	mgrooms	foreach ($interfaces as $iface => $ifacename):
637			?>
638	a0fca224	Colin Fleming	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
639	5a3b0d3b	mgrooms	<?=htmlspecialchars($ifacename);?>
640			</option>
641			<?php endforeach; ?>
642			</select>
643	8cd558b6	ayvis	<br />
644	2fbb33f1	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Select the interface for the local endpoint of this phase1 entry"); ?>.</span>
645	5a3b0d3b	mgrooms	</td>
646			</tr>
647
648			<?php if (!$pconfig['mobile']): ?>
649
650			<tr>
651	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote gateway"); ?></td>
652	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
653	a0fca224	Colin Fleming	<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="28" value="<?=htmlspecialchars($pconfig['remotegw']);?>" />
654	8cd558b6	ayvis	<br />
655	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Enter the public IP address or host name of the remote gateway"); ?>
656	5a3b0d3b	mgrooms	</td>
657			</tr>
658
659			<?php endif; ?>
660
661			<tr>
662	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
663	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
664	a0fca224	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
665	8cd558b6	ayvis	<br />
666	5a3b0d3b	mgrooms	<span class="vexpl">
667	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
668			"for your reference (not parsed)"); ?>.
669	5a3b0d3b	mgrooms	</span>
670			</td>
671			</tr>
672			<tr>
673			<td colspan="2" class="list" height="12"></td>
674			</tr>
675			<tr>
676			<td colspan="2" valign="top" class="listtopic">
677	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Phase 1 proposal (Authentication)"); ?>
678	5a3b0d3b	mgrooms	</td>
679			</tr>
680	71d61aa5	jim-p	<tr>
681	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication method"); ?></td>
682	71d61aa5	jim-p	<td width="78%" class="vtable">
683	a0fca224	Colin Fleming	<select name="authentication_method" class="formselect" onchange="methodsel_change()">
684	71d61aa5	jim-p	<?php
685			foreach ($p1_authentication_methods as $method_type => $method_params):
686			if (!$pconfig['mobile'] && $method_params['mobile'])
687			continue;
688			?>
689	a0fca224	Colin Fleming	<option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected=\"selected\""; ?>>
690	71d61aa5	jim-p	<?=htmlspecialchars($method_params['name']);?>
691			</option>
692			<?php endforeach; ?>
693			</select>
694	8cd558b6	ayvis	<br />
695	71d61aa5	jim-p	<span class="vexpl">
696	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
697	71d61aa5	jim-p	</span>
698			</td>
699			</tr>
700	0771969b	Ermal LUÇI	<tr id='negmode' >
701	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Negotiation mode"); ?></td>
702	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
703			<select name="mode" class="formselect">
704			<?php
705	fc835b04	Ermal	$modes = array("main" => "Main", "aggressive" => "Aggressive");
706	0dc05b20	Ermal	foreach ($modes as $mode => $mdescr):
707	5a3b0d3b	mgrooms	?>
708	a0fca224	Colin Fleming	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['mode']) echo "selected=\"selected\""; ?>>
709	0dc05b20	Ermal	<?=htmlspecialchars($mdescr);?>
710	5a3b0d3b	mgrooms	</option>
711			<?php endforeach; ?>
712	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Aggressive is more flexible, but less secure"); ?>.</span>
713	5a3b0d3b	mgrooms	</td>
714			</tr>
715			<tr>
716	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My identifier"); ?></td>
717	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
718	a0fca224	Colin Fleming	<select name="myid_type" class="formselect" onchange="myidsel_change()">
719	5a3b0d3b	mgrooms	<?php foreach ($my_identifier_list as $id_type => $id_params): ?>
720	a0fca224	Colin Fleming	<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['myid_type']) echo "selected=\"selected\""; ?>>
721	5a3b0d3b	mgrooms	<?=htmlspecialchars($id_params['desc']);?>
722			</option>
723			<?php endforeach; ?>
724			</select>
725	a0fca224	Colin Fleming	<input name="myid_data" type="text" class="formfld unknown" id="myid_data" size="30" value="<?=htmlspecialchars($pconfig['myid_data']);?>" />
726	5a3b0d3b	mgrooms	</td>
727			</tr>
728	1f65618b	jim-p	<tr id="opt_peerid">
729	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer identifier"); ?></td>
730	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
731	a0fca224	Colin Fleming	<select name="peerid_type" class="formselect" onchange="peeridsel_change()">
732	5a3b0d3b	mgrooms	<?php
733			foreach ($peer_identifier_list as $id_type => $id_params):
734			if ($pconfig['mobile'] && !$id_params['mobile'])
735			continue;
736			?>
737	a0fca224	Colin Fleming	<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected=\"selected\""; ?>>
738	5a3b0d3b	mgrooms	<?=htmlspecialchars($id_params['desc']);?>
739			</option>
740			<?php endforeach; ?>
741			</select>
742	a0fca224	Colin Fleming	<input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=htmlspecialchars($pconfig['peerid_data']);?>" />
743	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
744	8cd558b6	ayvis	<br /><br /><?=gettext("NOTE: This is known as the \"group\" setting on some VPN client implementations"); ?>.
745	1f65618b	jim-p	<?php } ?>
746	5a3b0d3b	mgrooms	</td>
747			</tr>
748	71d61aa5	jim-p	<tr id="opt_psk">
749	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
750	71d61aa5	jim-p	<td width="78%" class="vtable">
751			<?=$mandfldhtml;?>
752	a0fca224	Colin Fleming	<input name="pskey" type="text" class="formfld unknown" id="pskey" size="40" value="<?=htmlspecialchars($pconfig['pskey']);?>" />
753	71d61aa5	jim-p	<span class="vexpl">
754	8cd558b6	ayvis	<br />
755	2a2b247b	jim-p	<?=gettext("Input your Pre-Shared Key string"); ?>.
756	71d61aa5	jim-p	</span>
757			</td>
758			</tr>
759	fa4e059e	Ermal	<tr id="opt_cert">
760			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td>
761			<td width="78%" class="vtable">
762			<select name="certref" class="formselect">
763			<?php
764			foreach ($config['cert'] as $cert):
765			$selected = "";
766			if ($pconfig['certref'] == $cert['refid'])
767			$selected = "selected=\"selected\"";
768			?>
769			<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option>
770			<?php endforeach; ?>
771			</select>
772			<br />
773			<span class="vexpl">
774			<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>.
775			</span>
776			</td>
777			</tr>
778			<tr id="opt_ca">
779			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
780			<td width="78%" class="vtable">
781			<select name="caref" class="formselect">
782			<?php
783			foreach ($config['ca'] as $ca):
784			$selected = "";
785			if ($pconfig['caref'] == $ca['refid'])
786			$selected = "selected=\"selected\"";
787			?>
788			<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
789			<?php endforeach; ?>
790			</select>
791			<br />
792			<span class="vexpl">
793			<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
794			</span>
795			</td>
796			</tr>
797			<tr>
798			<td colspan="2" valign="top" class="listtopic">
799			<?=gettext("Phase 1 proposal (Algorithms)"); ?>
800			</td>
801			</tr>
802	5a3b0d3b	mgrooms	<tr>
803	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
804	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
805	a0fca224	Colin Fleming	<select name="ealgo" class="formselect" onchange="ealgosel_change()">
806	5a3b0d3b	mgrooms	<?php
807			foreach ($p1_ealgos as $algo => $algodata):
808	a0fca224	Colin Fleming	$selected = "";
809	5a3b0d3b	mgrooms	if ($algo == $pconfig['ealgo']['name'])
810	a0fca224	Colin Fleming	$selected = " selected=\"selected\"";
811	5a3b0d3b	mgrooms	?>
812			<option value="<?=$algo;?>"<?=$selected?>>
813			<?=htmlspecialchars($algodata['name']);?>
814			</option>
815			<?php endforeach; ?>
816			</select>
817			<select name="ealgo_keylen" width="30" class="formselect">
818			</select>
819			</td>
820			</tr>
821			<tr>
822	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithm"); ?></td>
823	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
824			<select name="halgo" class="formselect">
825			<?php foreach ($p1_halgos as $algo => $algoname): ?>
826	a0fca224	Colin Fleming	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['halgo']) echo "selected=\"selected\""; ?>>
827	5a3b0d3b	mgrooms	<?=htmlspecialchars($algoname);?>
828			</option>
829			<?php endforeach; ?>
830			</select>
831	8cd558b6	ayvis	<br />
832	5a3b0d3b	mgrooms	<span class="vexpl">
833	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
834	5a3b0d3b	mgrooms	</span>
835			</td>
836			</tr>
837			<tr>
838	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH key group"); ?></td>
839	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
840			<select name="dhgroup" class="formselect">
841	665340db	jim-p	<?php foreach ($p1_dhgroups as $keygroup => $keygroupname): ?>
842	a0fca224	Colin Fleming	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['dhgroup']) echo "selected=\"selected\""; ?>>
843	665340db	jim-p	<?=htmlspecialchars($keygroupname);?>
844	5a3b0d3b	mgrooms	</option>
845			<?php endforeach; ?>
846			</select>
847	8cd558b6	ayvis	<br />
848	5a3b0d3b	mgrooms	<span class="vexpl">
849	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
850	5a3b0d3b	mgrooms	</span>
851			</td>
852			</tr>
853			<tr>
854	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
855	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
856	a0fca224	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />
857	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
858	5a3b0d3b	mgrooms	</td>
859			</tr>
860			<tr>
861			<td colspan="2" class="list" height="12"></td>
862			</tr>
863			<tr>
864	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
865	5a3b0d3b	mgrooms	</tr>
866	0e7aad67	Ermal	<tr>
867	3b9ef0ef	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Disable Rekey");?></td>
868	0e7aad67	Ermal	<td width="78%" class="vtable">
869			<input name="rekey_enable" type="checkbox" id="rekey_enable" value="yes" <?php if (isset($pconfig['rekey_enable'])) echo "checked=\"checked\""; ?> />
870			<?=gettext("Whether a connection should be renegotiated when it is about to expire."); ?><br />
871			</td>
872			</tr>
873			<tr>
874	3b9ef0ef	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Disable Reauth");?></td>
875	0e7aad67	Ermal	<td width="78%" class="vtable">
876			<input name="reauth_enable" type="checkbox" id="reauth_enable" value="yes" <?php if (isset($pconfig['reauth_enable'])) echo "checked=\"checked\""; ?> />
877	76266acd	Ermal	<?=gettext("Whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done."); ?><br />
878	0e7aad67	Ermal	</td>
879			</tr>
880	5a3b0d3b	mgrooms	<tr>
881	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT Traversal"); ?></td>
882	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
883			<select name="nat_traversal" class="formselect">
884	0810a719	Ermal	<option value="on" <?php if ($pconfig['nat_traversal'] != 'on') echo "selected=\"selected\""; ?>><?=gettext("Auto"); ?></option>
885			<option value="force" <?php if ($pconfig['nat_traversal'] == 'force') echo "selected=\"selected\""; ?>><?=gettext("Force"); ?></option>
886	5a3b0d3b	mgrooms	</select>
887	8cd558b6	ayvis	<br />
888	5a3b0d3b	mgrooms	<span class="vexpl">
889	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed, " .
890			"which can help with clients that are behind restrictive firewalls"); ?>.
891	5a3b0d3b	mgrooms	</span>
892			</td>
893			</tr>
894			<tr>
895	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dead Peer Detection"); ?></td>
896	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
897	a0fca224	Colin Fleming	<input name="dpd_enable" type="checkbox" id="dpd_enable" value="yes" <?php if (isset($pconfig['dpd_enable'])) echo "checked=\"checked\""; ?> onclick="dpdchkbox_change()" />
898	8cd558b6	ayvis	<?=gettext("Enable DPD"); ?><br />
899	5a3b0d3b	mgrooms	<div id="opt_dpd">
900	8cd558b6	ayvis	<br />
901	a0fca224	Colin Fleming	<input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=htmlspecialchars($pconfig['dpd_delay']);?>" />
902	8cd558b6	ayvis	<?=gettext("seconds"); ?><br />
903	5a3b0d3b	mgrooms	<span class="vexpl">
904	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Delay between requesting peer acknowledgement"); ?>.
905	8cd558b6	ayvis	</span><br />
906			<br />
907	a0fca224	Colin Fleming	<input name="dpd_maxfail" type="text" class="formfld unknown" id="dpd_maxfail" size="5" value="<?=htmlspecialchars($pconfig['dpd_maxfail']);?>" />
908	8cd558b6	ayvis	<?=gettext("retries"); ?><br />
909	5a3b0d3b	mgrooms	<span class="vexpl">
910	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Number of consecutive failures allowed before disconnect"); ?>.
911	5a3b0d3b	mgrooms	</span>
912	8cd558b6	ayvis	<br />
913	5a3b0d3b	mgrooms	</div>
914			</td>
915			</tr>
916			<tr>
917			<td width="22%" valign="top"> </td>
918			<td width="78%">
919			<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
920	a0fca224	Colin Fleming	<input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>" />
921	5a3b0d3b	mgrooms	<?php endif; ?>
922			<?php if ($pconfig['mobile']): ?>
923	a0fca224	Colin Fleming	<input name="mobile" type="hidden" value="true" />
924	5a3b0d3b	mgrooms	<?php endif; ?>
925	a0fca224	Colin Fleming	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" />
926			<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
927	5a3b0d3b	mgrooms	</td>
928			</tr>
929			</table>
930			</div>
931			</td>
932			</tr>
933			</table>
934	a93e56c5	Matthew Grooms	</form>
935	5a3b0d3b	mgrooms
936	a0fca224	Colin Fleming	<script type="text/javascript">
937			//<![CDATA[
938	a93e56c5	Matthew Grooms	<?php
939			/* determine if we should init the key length */
940			$keyset = '';
941			if (isset($pconfig['ealgo']['keylen']))
942			if (is_numeric($pconfig['ealgo']['keylen']))
943			$keyset = $pconfig['ealgo']['keylen'];
944			?>
945	3462a529	Matthew Grooms	myidsel_change();
946			peeridsel_change();
947	0771969b	Ermal LUÇI	iketype_change();
948	a93e56c5	Matthew Grooms	methodsel_change();
949			ealgosel_change(<?=$keyset;?>);
950			dpdchkbox_change();
951	a0fca224	Colin Fleming	//]]>
952	a93e56c5	Matthew Grooms	</script>
953			<?php include("fend.inc"); ?>
954	3462a529	Matthew Grooms	</body>
955			</html>

Project

General

Profile

pfSense