Project

General

Profile

Download (22 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
 * vpn_ipsec.php
4
 *
5
 * part of pfSense (https://www.pfsense.org)
6
 * Copyright (c) 2004-2013 BSD Perimeter
7
 * Copyright (c) 2013-2016 Electric Sheep Fencing
8
 * Copyright (c) 2014-2020 Rubicon Communications, LLC (Netgate)
9
 * All rights reserved.
10
 *
11
 * originally based on m0n0wall (http://m0n0.ch/wall)
12
 * Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
13
 * All rights reserved.
14
 *
15
 * Licensed under the Apache License, Version 2.0 (the "License");
16
 * you may not use this file except in compliance with the License.
17
 * You may obtain a copy of the License at
18
 *
19
 * http://www.apache.org/licenses/LICENSE-2.0
20
 *
21
 * Unless required by applicable law or agreed to in writing, software
22
 * distributed under the License is distributed on an "AS IS" BASIS,
23
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24
 * See the License for the specific language governing permissions and
25
 * limitations under the License.
26
 */
27

    
28
##|+PRIV
29
##|*IDENT=page-vpn-ipsec
30
##|*NAME=VPN: IPsec
31
##|*DESCR=Allow access to the 'VPN: IPsec' page.
32
##|*MATCH=vpn_ipsec.php*
33
##|-PRIV
34

    
35
require_once("guiconfig.inc");
36
require_once("functions.inc");
37
require_once("filter.inc");
38
require_once("shaper.inc");
39
require_once("ipsec.inc");
40
require_once("vpn.inc");
41

    
42
init_config_arr(array('ipsec', 'phase1'));
43
init_config_arr(array('ipsec', 'phase2'));
44
$a_phase1 = &$config['ipsec']['phase1'];
45
$a_phase2 = &$config['ipsec']['phase2'];
46

    
47

    
48
if ($_POST['apply']) {
49
	$ipsec_dynamic_hosts = ipsec_configure();
50
	ipsec_reload_package_hook();
51
	/* reload the filter in the background */
52
	$retval = 0;
53
	$retval |= filter_configure();
54
	if ($ipsec_dynamic_hosts >= 0) {
55
		if (is_subsystem_dirty('ipsec')) {
56
			clear_subsystem_dirty('ipsec');
57
		}
58
	}
59
} else if (isset($_POST['del'])) {
60
	/* delete selected p1 entries */
61
	if (is_array($_POST['p1entry']) && count($_POST['p1entry'])) {
62
		foreach ($_POST['p1entry'] as $p1entrydel) {
63
			unset($a_phase1[$p1entrydel]);
64
		}
65
		if (write_config(gettext("Deleted selected IPsec Phase 1 entries."))) {
66
			mark_subsystem_dirty('ipsec');
67
		}
68
	}
69
} else if (isset($_POST['delp2'])) {
70
	/* delete selected p2 entries */
71
	if (is_array($_POST['p2entry']) && count($_POST['p2entry'])) {
72
		foreach ($_POST['p2entry'] as $p2entrydel) {
73
			if (is_interface_ipsec_vti_assigned($a_phase2[$p2entrydel]) && ($a_phase2[$p2entrydel]['mode'] == 'vti')) {
74
				$input_errors[] = gettext("Cannot delete a VTI Phase 2 while the interface is assigned. Remove the interface assignment before deleting this P2.");
75
			} else {
76
				unset($a_phase2[$p2entrydel]);
77
			}
78
		}
79
		if (write_config(gettext("Deleted selected IPsec Phase 2 entries."))) {
80
			mark_subsystem_dirty('ipsec');
81
		}
82
	}
83
} else  {
84
	/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
85

    
86
	// TODO: this. is. nasty.
87
	unset($delbtn, $delbtnp2, $movebtn, $movebtnp2, $togglebtn, $togglebtnp2);
88
	foreach ($_POST as $pn => $pd) {
89
		if (preg_match("/del_(\d+)/", $pn, $matches)) {
90
			$delbtn = $matches[1];
91
		} else if (preg_match("/delp2_(\d+)/", $pn, $matches)) {
92
			$delbtnp2 = $matches[1];
93
		} else if (preg_match("/move_(\d+)/", $pn, $matches)) {
94
			$movebtn = $matches[1];
95
		} else if (preg_match("/movep2_(\d+)/", $pn, $matches)) {
96
			$movebtnp2 = $matches[1];
97
		} else if (preg_match("/toggle_(\d+)/", $pn, $matches)) {
98
			$togglebtn = $matches[1];
99
		} else if (preg_match("/togglep2_(\d+)/", $pn, $matches)) {
100
			$togglebtnp2 = $matches[1];
101
		}
102
	}
103

    
104
	$save = 1;
105

    
106
	/* move selected p1 entries before this */
107
	if (isset($movebtn) && is_array($_POST['p1entry']) && count($_POST['p1entry'])) {
108
		$a_phase1_new = array();
109

    
110
		/* copy all p1 entries < $movebtn and not selected */
111
		for ($i = 0; $i < $movebtn; $i++) {
112
			if (!in_array($i, $_POST['p1entry'])) {
113
				$a_phase1_new[] = $a_phase1[$i];
114
			}
115
		}
116

    
117
		/* copy all selected p1 entries */
118
		for ($i = 0; $i < count($a_phase1); $i++) {
119
			if ($i == $movebtn) {
120
				continue;
121
			}
122
			if (in_array($i, $_POST['p1entry'])) {
123
				$a_phase1_new[] = $a_phase1[$i];
124
			}
125
		}
126

    
127
		/* copy $movebtn p1 entry */
128
		if ($movebtn < count($a_phase1)) {
129
			$a_phase1_new[] = $a_phase1[$movebtn];
130
		}
131

    
132
		/* copy all p1 entries > $movebtn and not selected */
133
		for ($i = $movebtn+1; $i < count($a_phase1); $i++) {
134
			if (!in_array($i, $_POST['p1entry'])) {
135
				$a_phase1_new[] = $a_phase1[$i];
136
			}
137
		}
138
		if (count($a_phase1_new) > 0) {
139
			$a_phase1 = $a_phase1_new;
140
		}
141

    
142
	} else if (isset($movebtnp2) && is_array($_POST['p2entry']) && count($_POST['p2entry'])) {
143
		/* move selected p2 entries before this */
144
		$a_phase2_new = array();
145

    
146
		/* copy all p2 entries < $movebtnp2 and not selected */
147
		for ($i = 0; $i < $movebtnp2; $i++) {
148
			if (!in_array($i, $_POST['p2entry'])) {
149
				$a_phase2_new[] = $a_phase2[$i];
150
			}
151
		}
152

    
153
		/* copy all selected p2 entries */
154
		for ($i = 0; $i < count($a_phase2); $i++) {
155
			if ($i == $movebtnp2) {
156
				continue;
157
			}
158
			if (in_array($i, $_POST['p2entry'])) {
159
				$a_phase2_new[] = $a_phase2[$i];
160
			}
161
		}
162

    
163
		/* copy $movebtnp2 p2 entry */
164
		if ($movebtnp2 < count($a_phase2)) {
165
			$a_phase2_new[] = $a_phase2[$movebtnp2];
166
		}
167

    
168
		/* copy all p2 entries > $movebtnp2 and not selected */
169
		for ($i = $movebtnp2+1; $i < count($a_phase2); $i++) {
170
			if (!in_array($i, $_POST['p2entry'])) {
171
				$a_phase2_new[] = $a_phase2[$i];
172
			}
173
		}
174
		if (count($a_phase2_new) > 0) {
175
			$a_phase2 = $a_phase2_new;
176
		}
177

    
178
	} else if (isset($togglebtn)) {
179
		if (isset($a_phase1[$togglebtn]['disabled'])) {
180
			unset($a_phase1[$togglebtn]['disabled']);
181
		} else {
182
			if (ipsec_vti($a_phase1[$togglebtn], false, false)) {
183
				$input_errors[] = gettext("Cannot disable a Phase 1 with a child Phase 2 while the interface is assigned. Remove the interface assignment before disabling this P2.");
184
			} else {
185
				$a_phase1[$togglebtn]['disabled'] = true;
186
			}
187
		}
188
	} else if (isset($togglebtnp2)) {
189
		if (isset($a_phase2[$togglebtnp2]['disabled'])) {
190
			unset($a_phase2[$togglebtnp2]['disabled']);
191
		} else {
192
			if (is_interface_ipsec_vti_assigned($a_phase2[$togglebtnp2]) && ($a_phase2[$togglebtnp2]['mode'] == 'vti')) {
193
				$input_errors[] = gettext("Cannot disable a VTI Phase 2 while the interface is assigned. Remove the interface assignment before disabling this P2.");
194
			} else {
195
				$a_phase2[$togglebtnp2]['disabled'] = true;
196
			}
197
		}
198
	} else if (isset($delbtn)) {
199
		/* remove static route if interface is not WAN */
200
		if ($a_phase1[$delbtn]['interface'] <> "wan") {
201
			$rgateway = exec("/sbin/route -n get {$a_phase1[$delbtn]['remote-gateway']} | /usr/bin/awk '/gateway:/ {print $2;}'");
202
			mwexec("/sbin/route delete -host {$a_phase1[$delbtn]['remote-gateway']} " . escapeshellarg($rgateway));
203
		}
204

    
205
		/* remove all phase2 entries that match the ikeid */
206
		$ikeid = $a_phase1[$delbtn]['ikeid'];
207
		$p1_has_vti = false;
208
		$delp2ids = array();
209
		foreach ($a_phase2 as $p2index => $ph2tmp) {
210
			if ($ph2tmp['ikeid'] == $ikeid) {
211
				if (is_interface_ipsec_vti_assigned($ph2tmp)) {
212
					$p1_has_vti = true;
213
				} else {
214
					$delp2ids[] = $p2index;
215
				}
216
			}
217
		}
218

    
219
		if ($p1_has_vti) {
220
			$input_errors[] = gettext("Cannot delete a Phase 1 which contains an active VTI Phase 2 with an interface assigned. Remove the interface assignment before deleting this P1.");
221
		} else {
222
			foreach ($delp2ids as $dp2idx) {
223
				unset($a_phase2[$dp2idx]);
224
			}
225
			unset($a_phase1[$delbtn]);
226
		}
227

    
228
	} else if (isset($delbtnp2)) {
229
		if (is_interface_ipsec_vti_assigned($a_phase2[$delbtnp2]) && ($a_phase2[$delbtnp2]['mode'] == 'vti')) {
230
			$input_errors[] = gettext("Cannot delete a VTI Phase 2 while the interface is assigned. Remove the interface assignment before deleting this P2.");
231
		} else {
232
			unset($a_phase2[$delbtnp2]);
233
		}
234
	} else {
235
		$save = 0;
236
	}
237

    
238
	if ($save === 1) {
239
		if (write_config(gettext("Saved configuration changes for IPsec tunnels."))) {
240
			mark_subsystem_dirty('ipsec');
241
		}
242
	}
243
}
244

    
245

    
246
$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Tunnels"));
247
$pglinks = array("", "@self", "@self");
248
$shortcut_section = "ipsec";
249

    
250
include("head.inc");
251

    
252
if ($input_errors) {
253
	print_input_errors($input_errors);
254
}
255

    
256
$tab_array = array();
257
$tab_array[] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
258
$tab_array[] = array(gettext("Mobile Clients"), false, "vpn_ipsec_mobile.php");
259
$tab_array[] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
260
$tab_array[] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
261
display_top_tabs($tab_array);
262

    
263
if ($_POST['apply']) {
264
	print_apply_result_box($retval);
265
}
266

    
267
if (is_subsystem_dirty('ipsec')) {
268
	print_apply_box(gettext("The IPsec tunnel configuration has been changed.") . "<br />" . gettext("The changes must be applied for them to take effect."));
269
}
270
?>
271

    
272
<form name="mainform" method="post">
273
	<div class="panel panel-default">
274
		<div class="panel-heading"><h2 class="panel-title"><?=gettext('IPsec Tunnels')?></h2></div>
275
		<div class="panel-body table-responsive">
276
			<table class="table table-striped table-hover">
277
				<thead>
278
					<tr>
279
						<th>&nbsp;</th>
280
						<th>&nbsp;</th>
281
						<th><?=gettext("IKE")?></th>
282
						<th><?=gettext("Remote Gateway")?></th>
283
						<th><?=gettext("Mode")?></th>
284
						<th><?=gettext("P1 Protocol")?></th>
285
						<th><?=gettext("P1 Transforms")?></th>
286
						<th><?=gettext("P1 DH-Group")?></th>
287
						<th><?=gettext("P1 Description")?></th>
288
						<th><?=gettext("Actions")?></th>
289
					</tr>
290
				</thead>
291
				<tbody class="p1-entries">
292
<?php
293
$iflabels = get_configured_interface_with_descr(false, true);
294
$viplist = get_configured_vip_list();
295
foreach ($viplist as $vip => $address) {
296
	$iflabels[$vip] = $address;
297
	if (get_vip_descr($address)) {
298
		$iflabels[$vip] .= " (". get_vip_descr($address) .")";
299
	}
300
}
301
$grouplist = return_gateway_groups_array();
302
foreach ($grouplist as $name => $group) {
303
	if ($group[0]['vip'] != "") {
304
		$vipif = $group[0]['vip'];
305
	} else {
306
		$vipif = $group[0]['int'];
307
	}
308
	$iflabels[$name] = "GW Group {$name}";
309
}
310

    
311
$i = 0; foreach ($a_phase1 as $ph1ent):
312

    
313
	$iconfn = "pass";
314

    
315
	$entryStatus = (isset($ph1ent['disabled']) ? 'disabled' : 'enabled');
316

    
317
	if ($entryStatus == 'disabled') {
318
		$iconfn .= "_d";
319
	}
320
?>
321
					<tr id="fr<?=$i?>" onclick="fr_toggle(<?=$i?>)" id="frd<?=$i?>" ondblclick="document.location='vpn_ipsec_phase1.php?p1index=<?=$i?>'" class="<?= $entryStatus ?>">
322
						<td>
323
							<input type="checkbox" id="frc<?=$i?>" onclick="fr_toggle(<?=$i?>)" name="p1entry[]" value="<?=$i?>"  />
324
							<a	class="fa fa-anchor icon-pointer" id="Xmove_<?=$i?>" title="<?=gettext("Move checked entries to here")?>"></a>
325
						</td>
326
						<td>
327
							<button value="toggle_<?=$i?>" name="toggle_<?=$i?>" title="<?=gettext("click to toggle enabled/disabled status")?>" class="btn btn-xs btn-<?= ($entryStatus == 'disabled' ? 'success' : 'warning') ?>" type="submit"><?= ($entryStatus == 'disabled' ? 'Enable' : 'Disable') ?></button>
328
						</td>
329
						<td id="frd<?=$i?>">
330
<?php
331
			if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1") {
332
				echo "V1";
333
			} elseif ($ph1ent['iketype'] == "ikev2") {
334
				echo "V2";
335
			} elseif ($ph1ent['iketype'] == "auto") {
336
				echo "Auto";
337
			}
338
?>
339
						</td>
340
						<td>
341
<?php
342
			if ($ph1ent['interface']) {
343
				if (isset($iflabels[$ph1ent['interface']])) {
344
					$if = htmlspecialchars($iflabels[$ph1ent['interface']]);
345
				} else {
346
					$if = sprintf("Interface not found: '%s'", $ph1ent['interface']);
347
				}
348
			} else {
349
				$if = "WAN";
350
			}
351

    
352
			if (!isset($ph1ent['mobile'])) {
353
				echo $if."<br />".$ph1ent['remote-gateway'];
354
			} else {
355
				echo $if."<br /><strong>" . gettext("Mobile Client") . "</strong>";
356
			}
357
?>
358
						</td>
359
						<td id="frd<?=$i?>">
360
					<?=$spans?>
361
					<?php
362
					if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1" || $ph1ent['iketype'] == "auto") {
363
						echo "{$ph1ent['mode']}";
364
					}
365
					?>
366
					<?=$spane?>
367
				</td>
368
				<td id="frd<?=$i?>">
369
<?php
370
				$first = true;
371
				if (is_array($ph1ent['encryption']['item'])) {
372
					foreach($ph1ent['encryption']['item'] as $p1algo) {
373
						if (!$first) {
374
							echo "<br/>";
375
						}
376
						echo $p1_ealgos[$p1algo['encryption-algorithm']['name']]['name'];
377
						if ($p1algo['encryption-algorithm']['keylen']) {
378
							echo " ({$p1algo['encryption-algorithm']['keylen']} " . gettext("bits") . ")";
379
						}
380
						$first = false;
381
					}
382
				}
383
?>
384
						</td>
385
						<td>
386
<?php			$first = true;
387
				if (is_array($ph1ent['encryption']['item'])) {
388
					foreach($ph1ent['encryption']['item'] as $p1algo) {
389
						if (!$first) {
390
							echo "<br/>";
391
						}
392
						echo $p1_halgos[$p1algo['hash-algorithm']];
393
						if (isset($ph1ent['prfselect_enable'])) {
394
							echo " / PRF" . $p1_halgos[$p1algo['prf-algorithm']];
395
						}
396
						$first = false;
397
					}
398
				}
399
				?>
400
						</td>
401
						<td>
402
<?php			$first = true;
403
				if (is_array($ph1ent['encryption']['item'])) {
404
					foreach($ph1ent['encryption']['item'] as $p1algo) {
405
						if (!$first) {
406
							echo "<br/>";
407
						}
408
						echo str_replace(" ","&nbsp;",$p1_dhgroups[$p1algo['dhgroup']]);
409
						$first = false;
410
					}
411
				}
412
				?>
413
						</td>
414
						<td>
415
							<?=htmlspecialchars($ph1ent['descr'])?>
416
						</td>
417
						<td style="cursor: pointer;">
418
<!--							<a	class="fa fa-anchor" id="Xmove_<?=$i?>" title="<?=gettext("Move checked entries to here")?>"></a> -->
419
							<button style="display: none;" class="btn btn-default btn-xs" type="submit" id="move_<?=$i?>" name="move_<?=$i?>" value="move_<?=$i?>"><?=gettext("Move checked entries to here")?></button>
420
							<a class="fa fa-pencil" href="vpn_ipsec_phase1.php?p1index=<?=$i?>" title="<?=gettext("Edit phase1 entry"); ?>"></a>
421
<?php if (!isset($ph1ent['mobile'])): ?>
422
							<a class="fa fa-clone" href="vpn_ipsec_phase1.php?dup=<?=$i?>" title="<?=gettext("Copy phase1 entry"); ?>"></a>
423
<?php endif; ?>
424
							<a	class="fa fa-trash no-confirm" id="Xdel_<?=$i?>" title="<?=gettext('Delete phase1 entry'); ?>"></a>
425
							<button style="display: none;" class="btn btn-xs btn-warning" type="submit" id="del_<?=$i?>" name="del_<?=$i?>" value="del_<?=$i?>" title="<?=gettext('Delete phase1 entry'); ?>">delete</button>
426

    
427
						</td>
428
					</tr>
429
					<tr class="<?= $entryStatus ?>">
430
						<td colspan="2"></td>
431
						<td colspan="7" class="contains-table">
432
<?php
433
			if (isset($_REQUEST["tdph2-{$i}-visible"])) {
434
				$tdph2_visible = htmlspecialchars($_REQUEST["tdph2-{$i}-visible"]);
435
			} else {
436
				$tdph2_visible = 0;
437
			}
438
?>
439
							<input type="hidden" name="tdph2-<?=$i?>-visible" id="tdph2-<?=$i?>-visible" value="<?=$tdph2_visible?>" />
440
							<div id="shph2but-<?=$i?>" <?=($tdph2_visible == '1' ? 'style="display:none"' : '')?>>
441
<?php
442
				$phase2count=0;
443

    
444
				foreach ($a_phase2 as $ph2ent) {
445
					if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
446
						continue;
447
					}
448
					$phase2count++;
449
				}
450
				$fr_prefix = "frp2{$i}";
451
				$fr_header = $fr_prefix . "header";
452
?>
453
								<button class="btn btn-info" type="button" onclick="show_phase2('tdph2-<?=$i?>','shph2but-<?=$i?>')" value="+"><i class="fa fa-plus-circle"></i> <?php printf(gettext("Show Phase 2 Entries (%s)"), $phase2count); ?></button>
454
							</div>
455
							<div id="tdph2-<?=$i?>" <?=($tdph2_visible != '1' ? 'style="display:none"' : '')?>>
456
								<table class="table table-striped table-hover">
457
									<thead>
458
										<tr>
459
											<th>&nbsp;</th>
460
											<th>&nbsp;</th>
461
											<th><?=gettext("Mode"); ?></th>
462
											<th><?=gettext("Local Subnet"); ?></th>
463
											<th><?=gettext("Remote Subnet"); ?></th>
464
											<th><?=gettext("P2 Protocol"); ?></th>
465
											<th><?=gettext("P2 Transforms"); ?></th>
466
											<th><?=gettext("P2 Auth Methods"); ?></th>
467
											<th><?=gettext("P2 actions")?></th>
468
										</tr>
469
									</thead>
470
									<tbody class="p2-entries">
471
<?php $j = 0; foreach ($a_phase2 as $ph2index => $ph2ent): ?>
472
<?php
473
						if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
474
							continue;
475
						}
476

    
477
						$fr_c = $fr_prefix . "c" . $j;
478
						$fr_d = $fr_prefix . "d" . $j;
479

    
480
						$iconfn = "pass";
481
						$entryStatus = (isset($ph2ent['disabled']) || isset($ph1ent['disabled']) ? 'disabled' : 'enabled');
482

    
483
						if ($entryStatus == 'disabled') {
484
							$iconfn .= "_d";
485
						}
486
?>
487
										<tr id="<?=$fr_prefix . $j?>" ondblclick="document.location='vpn_ipsec_phase2.php?p2index=<?=$ph2ent['uniqid']?>'" class="<?= $entryStatus ?>">
488
											<td>
489
												<input type="checkbox" id="<?=$fr_c?>" name="p2entry[]" value="<?=$ph2index?>" onclick="fr_bgcolor('<?=$j?>', '<?=$fr_prefix?>')" />
490
												<button class="fa fa-anchor button-icon" type="submit" name="movep2_<?=$j?>" value="movep2_<?=$j?>" title="<?=gettext("Move checked P2s here")?>"></button>
491
											</td>
492
											<td>
493
												<button value="togglep2_<?=$ph2index?>" name="togglep2_<?=$ph2index?>" title="<?=gettext("click to toggle enabled/disabled status")?>" class="btn btn-xs btn-<?= ($entryStatus == 'disabled'? 'success' : 'warning') ?>" type="submit"><?= ($entryStatus == 'disabled'? 'Enable' : 'Disable') ?></button>
494
											</td>
495
											<td id="<?=$fr_d?>" onclick="fr_toggle('<?=$j?>', '<?=$fr_prefix?>')">
496
												<?=$ph2ent['mode']?>
497
											</td>
498
<?php if (($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == "tunnel6") or ($ph2ent['mode'] == "vti")): ?>
499
											<td id="<?=$fr_d?>" onclick="fr_toggle('<?=$j?>', '<?=$fr_prefix?>')">
500
												<?=ipsec_idinfo_to_text($ph2ent['localid']); ?>
501
											</td>
502
											<td id="<?=$fr_d?>" onclick="fr_toggle('<?=$j?>', '<?=$fr_prefix?>')">
503
												<?=ipsec_idinfo_to_text($ph2ent['remoteid']); ?>
504
											</td>
505
		<?php else: ?>
506
											<td colspan="2"></td>
507
<?php endif; ?>
508
											<td id="<?=$fr_d?>" onclick="fr_toggle('<?=$j?>', '<?=$fr_prefix?>')">
509
												<?=$p2_protos[$ph2ent['protocol']]; ?>
510
											</td>
511
											<td id="<?=$fr_d?>" onclick="fr_toggle('<?=$j?>', '<?=$fr_prefix?>')">
512
<?php
513
								foreach ($ph2ent['encryption-algorithm-option'] as $k => $ph2ea) {
514
									if ($k) {
515
										echo ", ";
516
									}
517
									echo $p2_ealgos[$ph2ea['name']]['name'];
518
									if ($ph2ea['keylen']) {
519
										if ($ph2ea['keylen'] == "auto") {
520
											echo " (" . gettext("auto") . ")";
521
										} else {
522
											echo " ({$ph2ea['keylen']} " . gettext("bits") . ")";
523
										}
524
									}
525
								}
526
?>
527
											</td>
528
											<td id="<?=$fr_d?>" onclick="fr_toggle('<?=$j?>', '<?=$fr_prefix?>')">
529
<?php
530
								if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) {
531
									foreach ($ph2ent['hash-algorithm-option'] as $k => $ph2ha) {
532
										if ($k) {
533
											echo ", ";
534
										}
535
										echo $p2_halgos[$ph2ha];
536
									}
537
								}
538
?>
539
											</td>
540
											<td style="cursor: pointer;">
541
<!--												<button class="fa fa-anchor button-icon" type="submit" name="movep2_<?=$j?>" value="movep2_<?=$j?>" title="<?=gettext("Move checked P2s here")?>"></button> -->
542
												<a class="fa fa-pencil" href="vpn_ipsec_phase2.php?p2index=<?=$ph2ent['uniqid']?>" title="<?=gettext("Edit phase2 entry"); ?>"></a>
543
												<a class="fa fa-clone" href="vpn_ipsec_phase2.php?dup=<?=$ph2ent['uniqid']?>" title="<?=gettext("Add a new Phase 2 based on this one"); ?>"></a>
544
												<a	class="fa fa-trash no-confirm" id="Xdelp2_<?=$ph2index?>" title="<?=gettext('Delete phase2 entry'); ?>"></a>
545
												<button style="display: none;" class="btn btn-xs btn-warning" type="submit" id="delp2_<?=$ph2index?>" name="delp2_<?=$ph2index?>" value="delp2_<?=$ph2index?>" title="<?=gettext('delete phase2 entry'); ?>">delete</button>
546
											</td>
547
										</tr>
548
<?php $j++; endforeach; ?>
549
										<tr>
550
											<td></td>
551
											<td>
552
												<a class="btn btn-xs btn-success" href="vpn_ipsec_phase2.php?ikeid=<?=$ph1ent['ikeid']?><?php if (isset($ph1ent['mobile'])) echo "&amp;mobile=true"?>">
553
													<i class="fa fa-plus icon-embed-btn"></i>
554
													<?=gettext("Add P2")?>
555
												</a>
556
											</td>
557
											<td colspan="7"></td>
558
										</tr>
559
									</tbody>
560
								</table>
561
							</div>
562
						</td>
563
					</tr>
564
<?php
565
					$i++;
566
				endforeach;	 // $a_phase1 as $ph1ent
567
?>
568
				</tbody>
569
			</table>
570
		</div>
571
	</div>
572

    
573
	<nav class="action-buttons">
574
<?php
575
/*
576
	if ($i !== 0): ?>
577
	<input type="submit" name="move_<?=$i?>" class="btn btn-default" value="<?=gettext("move selected phase1 entries to end")?>" />
578
<?php endif;
579
*/
580
?>
581
		<a href="vpn_ipsec_phase1.php" class="btn btn-success btn-sm"  usepost>
582
			<i class="fa fa-plus icon-embed-btn"></i>
583
			<?=gettext("Add P1")?>
584
		</a>
585
<?php if ($i !== 0): ?>
586
		<button type="submit" name="del" class="btn btn-danger btn-sm" value="<?=gettext("Delete selected P1s")?>">
587
			<i class="fa fa-trash icon-embed-btn"></i>
588
			<?=gettext("Delete P1s")?>
589
		</button>
590
<?php endif; ?>
591
	</nav>
592
</form>
593

    
594
<div class="infoblock">
595
	<?php print_info_box(sprintf(gettext('The IPsec status can be checked at %1$s%2$s%3$s.'), '<a href="status_ipsec.php">', gettext("Status:IPsec"), '</a>') . '<br />' .
596
	sprintf(gettext('IPsec debug mode can be enabled at %1$s%2$s%3$s.'), '<a href="vpn_ipsec_settings.php">', gettext("VPN:IPsec:Advanced Settings"), '</a>') . '<br />' .
597
	sprintf(gettext('IPsec can be set to prefer older SAs at %1$s%2$s%3$s.'), '<a href="vpn_ipsec_settings.php">', gettext("VPN:IPsec:Advanced Settings"), '</a>'), 'info', false); ?>
598
</div>
599

    
600
<script type="text/javascript">
601
//<![CDATA[
602
function show_phase2(id, buttonid) {
603
	document.getElementById(buttonid).innerHTML='';
604
	document.getElementById(id).style.display = "block";
605
	var visible = id + '-visible';
606
	document.getElementById(visible).value = "1";
607
}
608

    
609
events.push(function() {
610
	$('[id^=Xmove_]').click(function (event) {
611
		// ToDo: We POST shift="yes" if the user has the shift key depressed, but that is not yet used
612
		// by the $_POST code. It is intended to allow the user to choose to move stuff to the row before or
613
		// after the clicked anchor icon
614
		if (event.shiftKey) {
615
			$('form').append('<input type="hidden" id="shift" name="shift" value="yes" />');
616
		}
617

    
618
		$('#' + event.target.id.slice(1)).click();
619
	});
620

    
621
	$('[id^=Xdel_]').click(function (event) {
622
		if (confirm("<?=gettext('Confirmation required to delete this P1 entry.')?>")) {
623
			$('#' + event.target.id.slice(1)).click();
624
		}
625
	});
626

    
627
	$('[id^=Xdelp2_]').click(function (event) {
628
		if (confirm("<?=gettext('Confirmation required to delete this P2 entry.')?>")) {
629
			$('#' + event.target.id.slice(1)).click();
630
		}
631
	});
632
});
633
//]]>
634
</script>
635

    
636
<?php
637
include("foot.inc");
(214-214/228)