/usr/local/www/vpn_ipsec_phase1.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase1.php @ 52cbfd45

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase1.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8	fa4e059e	Ermal	Copyright (C) 2014 Ermal LUÇI
9	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
10	a93e56c5	Matthew Grooms	All rights reserved.
11
12			Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14
15			1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17
18			2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21
22			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33
34	6b07c15a	Matthew Grooms	##\|+PRIV
35			##\|*IDENT=page-vpn-ipsec-editphase1
36			##\|*NAME=VPN: IPsec: Edit Phase 1 page
37			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 1' page.
38			##\|MATCH=vpn_ipsec_phase1.php
39			##\|-PRIV
40
41	0f84b741	Scott Ullrich	require("functions.inc");
42	a93e56c5	Matthew Grooms	require("guiconfig.inc");
43	483e6de8	Scott Ullrich	require_once("ipsec.inc");
44			require_once("vpn.inc");
45	caaaf9ce	Renato Botelho	require_once("filter.inc");
46	a93e56c5	Matthew Grooms
47			if (!is_array($config['ipsec']['phase1']))
48			$config['ipsec']['phase1'] = array();
49
50	647c7c48	Seth Mos	if (!is_array($config['ipsec']['phase2']))
51			$config['ipsec']['phase2'] = array();
52
53	a93e56c5	Matthew Grooms	$a_phase1 = &$config['ipsec']['phase1'];
54	647c7c48	Seth Mos	$a_phase2 = &$config['ipsec']['phase2'];
55	a93e56c5	Matthew Grooms
56	e41ec584	Renato Botelho	if (is_numericint($_GET['p1index']))
57			$p1index = $_GET['p1index'];
58	9caf5eca	Renato Botelho	if (isset($_POST['p1index']) && is_numericint($_POST['p1index']))
59	a93e56c5	Matthew Grooms	$p1index = $_POST['p1index'];
60
61	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
62	a93e56c5	Matthew Grooms	$p1index = $_GET['dup'];
63
64	fad728ab	sullrich	if (isset($p1index) && $a_phase1[$p1index]) {
65	99bbd213	Matthew Grooms	// don't copy the ikeid on dup
66	e41ec584	Renato Botelho	if (!isset($_GET['dup']) \|\| !is_numericint($_GET['dup']))
67	99bbd213	Matthew Grooms	$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
68	7fc26246	Seth Mos
69	647c7c48	Seth Mos	$old_ph1ent = $a_phase1[$p1index];
70	99bbd213	Matthew Grooms
71	a93e56c5	Matthew Grooms	$pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']);
72
73			if ($a_phase1[$p1index]['interface'])
74			$pconfig['interface'] = $a_phase1[$p1index]['interface'];
75			else
76			$pconfig['interface'] = "wan";
77
78			list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
79	3462a529	Matthew Grooms
80			if (isset($a_phase1[$p1index]['mobile']))
81			$pconfig['mobile'] = 'true';
82			else
83			$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
84
85	fa4e059e	Ermal	if (empty($a_phase1[$p1index]['iketype']))
86			$pconfig['iketype'] = "ikev1";
87			else
88			$pconfig['iketype'] = $a_phase1[$p1index]['iketype'];
89	a93e56c5	Matthew Grooms	$pconfig['mode'] = $a_phase1[$p1index]['mode'];
90	e79b24ab	Seth Mos	$pconfig['protocol'] = $a_phase1[$p1index]['protocol'];
91	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
92			$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data'];
93			$pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type'];
94			$pconfig['peerid_data'] = $a_phase1[$p1index]['peerid_data'];
95			$pconfig['ealgo'] = $a_phase1[$p1index]['encryption-algorithm'];
96			$pconfig['halgo'] = $a_phase1[$p1index]['hash-algorithm'];
97			$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup'];
98			$pconfig['lifetime'] = $a_phase1[$p1index]['lifetime'];
99			$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
100	4e2af464	Matthew Grooms
101	ab2ccd9f	Renato Botelho	if (($pconfig['authentication_method'] == "pre_shared_key") \|\|
102	4e2af464	Matthew Grooms	($pconfig['authentication_method'] == "xauth_psk_server")) {
103			$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
104			} else {
105	73fbece8	mgrooms	$pconfig['certref'] = $a_phase1[$p1index]['certref'];
106	a22d475f	jim-p	$pconfig['caref'] = $a_phase1[$p1index]['caref'];
107	4e2af464	Matthew Grooms	}
108	a93e56c5	Matthew Grooms
109			$pconfig['descr'] = $a_phase1[$p1index]['descr'];
110			$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
111	065e78b3	Chris Buechler	$pconfig['mobike'] = $a_phase1[$p1index]['mobike'];
112	3462a529	Matthew Grooms
113	ce21dfca	Ermal	if (isset($a_phase1[$p1index]['reauth_enable']))
114	0e7aad67	Ermal	$pconfig['reauth_enable'] = true;
115	ce21dfca	Ermal	if (isset($a_phase1[$p1index]['rekey_enable']))
116	0e7aad67	Ermal	$pconfig['rekey_enable'] = true;
117	87808568	Ermal LUÇI	if (isset($a_phase1[$p1index]['responderonly']))
118			$pconfig['responderonly'] = true;
119	0e7aad67	Ermal
120	3462a529	Matthew Grooms	if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) {
121			$pconfig['dpd_enable'] = true;
122			$pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay'];
123			$pconfig['dpd_maxfail'] = $a_phase1[$p1index]['dpd_maxfail'];
124			}
125	fad728ab	sullrich	} else {
126	a93e56c5	Matthew Grooms	/* defaults */
127			$pconfig['interface'] = "wan";
128	ab2ccd9f	Renato Botelho	if($config['interfaces']['lan'])
129	a93e56c5	Matthew Grooms	$pconfig['localnet'] = "lan";
130	460719c8	Chris Buechler	$pconfig['mode'] = "main";
131	e79b24ab	Seth Mos	$pconfig['protocol'] = "inet";
132	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = "myaddress";
133			$pconfig['peerid_type'] = "peeraddress";
134			$pconfig['authentication_method'] = "pre_shared_key";
135	c5ddb6ad	Chris Buechler	$pconfig['ealgo'] = array( name => "aes" );
136	a93e56c5	Matthew Grooms	$pconfig['halgo'] = "sha1";
137			$pconfig['dhgroup'] = "2";
138			$pconfig['lifetime'] = "28800";
139	86ef7a0a	Ermal	$pconfig['nat_traversal'] = 'on';
140	065e78b3	Chris Buechler	$pconfig['mobike'] = 'off';
141	3462a529	Matthew Grooms	$pconfig['dpd_enable'] = true;
142	20452c68	Ermal	$pconfig['iketype'] = "ikev1";
143	3462a529	Matthew Grooms
144			/* mobile client */
145	460719c8	Chris Buechler	if($_GET['mobile']) {
146	3462a529	Matthew Grooms	$pconfig['mobile']=true;
147	460719c8	Chris Buechler	$pconfig['mode'] = "aggressive";
148			}
149	a93e56c5	Matthew Grooms	}
150
151	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
152	a93e56c5	Matthew Grooms	unset($p1index);
153
154			if ($_POST) {
155			unset($input_errors);
156			$pconfig = $_POST;
157
158			/* input validation */
159	3462a529	Matthew Grooms
160			$method = $pconfig['authentication_method'];
161	f27526cd	Evgeny Yurchenko	// Unset ca and cert if not required to avaoid storing in config
162	c7a7a4ee	Ermal Luçi	if ($method == "pre_shared_key" \|\| $method == "xauth_psk_server"){
163	ab2ccd9f	Renato Botelho	unset($pconfig['caref']);
164			unset($pconfig['certref']);
165	f27526cd	Evgeny Yurchenko	}
166	99642234	jim-p
167	1f65618b	jim-p	// Only require PSK here for normal PSK tunnels (not mobile) or xauth.
168	0a7c9c8e	jim-p	// For RSA methods, require the CA/Cert.
169	99642234	jim-p	switch ($method) {
170	10e2acb5	Ermal LUÇI	case 'eap-mschapv2':
171			if ($pconfig['iketype'] != 'ikev2')
172			$input_errors[] = gettext("EAP-MSChapv2 can only be used with IKEv2 type VPNs.");
173			break;
174	fa4e059e	Ermal	case "eap-tls":
175			if ($pconfig['iketype'] != 'ikev2')
176			$input_errors[] = gettext("EAP-TLS can only be used with IKEv2 type VPNs.");
177			break;
178	99642234	jim-p	case "pre_shared_key":
179	ab2ccd9f	Renato Botelho	// If this is a mobile PSK tunnel the user PSKs go on
180	0a7c9c8e	jim-p	// the PSK tab, not here, so skip the check.
181	99642234	jim-p	if ($pconfig['mobile'])
182			break;
183			case "xauth_psk_server":
184			$reqdfields = explode(" ", "pskey");
185			$reqdfieldsn = array(gettext("Pre-Shared Key"));
186	69b79ff0	Renato Botelho	$validate_pskey = true;
187	99642234	jim-p	break;
188			case "hybrid_rsa_server":
189			case "xauth_rsa_server":
190			case "rsasig":
191			$reqdfields = explode(" ", "caref certref");
192			$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
193			break;
194	a93e56c5	Matthew Grooms	}
195	3462a529	Matthew Grooms	if (!$pconfig['mobile']) {
196			$reqdfields[] = "remotegw";
197	2fbb33f1	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote gateway");
198	3462a529	Matthew Grooms	}
199	a93e56c5	Matthew Grooms
200	1e9b4611	Renato Botelho	do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
201	a93e56c5	Matthew Grooms
202	69b79ff0	Renato Botelho	if (isset($validate_pskey) && isset($pconfig['pskey']) && !preg_match('/^[[:ascii:]]*$/', $pconfig['pskey'])) {
203			unset($validate_pskey);
204			$input_errors[] = gettext("Pre-Shared Key contains invalid characters.");
205			}
206
207	3462a529	Matthew Grooms	if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
208	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("The P1 lifetime must be an integer.");
209	a93e56c5	Matthew Grooms
210	e4ffca08	Renato Botelho	if ($pconfig['remotegw']) {
211			if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw']))
212			$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
213			elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet"))
214			$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6");
215			elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6"))
216			$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4");
217			}
218	a93e56c5	Matthew Grooms
219	3462a529	Matthew Grooms	if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
220	a93e56c5	Matthew Grooms	$t = 0;
221			foreach ($a_phase1 as $ph1tmp) {
222			if ($p1index <> $t) {
223			$tremotegw = $pconfig['remotegw'];
224			if (($ph1tmp['remote-gateway'] == $tremotegw) && !isset($ph1tmp['disabled'])) {
225	ddc55e12	Erik Fonnesbeck	$input_errors[] = sprintf(gettext('The remote gateway "%1$s" is already used by phase1 "%2$s".'), $tremotegw, $ph1tmp['descr']);
226	a93e56c5	Matthew Grooms	}
227			}
228			$t++;
229			}
230			}
231
232	e4ffca08	Renato Botelho	if (is_array($a_phase2) && (count($a_phase2))) {
233			foreach ($a_phase2 as $phase2) {
234			if($phase2['ikeid'] == $pconfig['ikeid']) {
235			if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) {
236			$input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4.");
237			break;
238			}
239			if (($pconfig['protocol'] == "inet6") && ($phase2['mode'] == "tunnel")) {
240			$input_errors[] = gettext("There is a Phase 2 using IPv4, you cannot use IPv6.");
241			break;
242			}
243			}
244			}
245			}
246
247	a93e56c5	Matthew Grooms	/* My identity */
248
249	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "myaddress")
250			$pconfig['myid_data'] = "";
251	a93e56c5	Matthew Grooms
252	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
253	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter an address for 'My Identifier'");
254
255	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
256	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
257
258	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
259	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
260
261	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
262	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
263
264	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
265	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
266
267	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
268	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'My identifier' must be specified.");
269	a93e56c5	Matthew Grooms
270	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
271	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'My identifier' must be specified.");
272	a93e56c5	Matthew Grooms
273	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn")
274			if (is_domain($pconfig['myid_data']) == false)
275	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified.");
276	a93e56c5	Matthew Grooms
277	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn") {
278			$user_fqdn = explode("@",$pconfig['myid_data']);
279	a93e56c5	Matthew Grooms	if (is_domain($user_fqdn[1]) == false)
280	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.");
281	a93e56c5	Matthew Grooms	}
282
283	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns")
284			if (is_domain($pconfig['myid_data']) == false)
285	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified.");
286	a93e56c5	Matthew Grooms
287			/* Peer identity */
288
289	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "peeraddress")
290			$pconfig['peerid_data'] = "";
291
292	1f65618b	jim-p	// Only enforce peer ID if we are not dealing with a pure-psk mobile config.
293			if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) {
294			if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
295			$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
296	a93e56c5	Matthew Grooms
297	1f65618b	jim-p	if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
298			$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
299	a93e56c5	Matthew Grooms
300	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
301			$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
302	a93e56c5	Matthew Grooms
303	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
304			$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
305	a93e56c5	Matthew Grooms
306	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
307	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified.");
308	a93e56c5	Matthew Grooms
309	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
310	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified.");
311	a93e56c5	Matthew Grooms
312	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn")
313			if (is_domain($pconfig['peerid_data']) == false)
314	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified.");
315	a93e56c5	Matthew Grooms
316	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn") {
317			$user_fqdn = explode("@",$pconfig['peerid_data']);
318			if (is_domain($user_fqdn[1]) == false)
319	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.");
320	1f65618b	jim-p	}
321	a93e56c5	Matthew Grooms	}
322
323	3462a529	Matthew Grooms	if ($pconfig['dpd_enable']) {
324			if (!is_numeric($pconfig['dpd_delay']))
325	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD delay.");
326	a93e56c5	Matthew Grooms
327	3462a529	Matthew Grooms	if (!is_numeric($pconfig['dpd_maxfail']))
328	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD retries.");
329	a93e56c5	Matthew Grooms	}
330
331	ddabd9d6	Ermal	if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2" && $pconfig['iketype'] != "auto")
332			$input_errors[] = gettext("Valid arguments for IKE type is v1 or v2 or auto");
333	69aeef21	Chris Buechler
334			if (!empty($_POST['ealgo']) && isset($config['system']['crypto_hardware'])) {
335			if ($config['system']['crypto_hardware'] == "glxsb") {
336			if ($_POST['ealgo'] == "aes" && $_POST['ealgo_keylen'] != "128")
337			$input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled.");
338			}
339			}
340	20452c68	Ermal
341	a93e56c5	Matthew Grooms	/* build our encryption algorithms array */
342			$pconfig['ealgo'] = array();
343			$pconfig['ealgo']['name'] = $_POST['ealgo'];
344	3462a529	Matthew Grooms	if($pconfig['ealgo_keylen'])
345	a93e56c5	Matthew Grooms	$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
346
347			if (!$input_errors) {
348	3462a529	Matthew Grooms	$ph1ent['ikeid'] = $pconfig['ikeid'];
349	20452c68	Ermal	$ph1ent['iketype'] = $pconfig['iketype'];
350	8e87f714	Ermal LUÇI	if ($pconfig['iketype'] != 'ikev1')
351			unset($ph1ent['mode']);
352			else
353			$ph1ent['mode'] = $pconfig['mode'];
354	3462a529	Matthew Grooms	$ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
355	a93e56c5	Matthew Grooms	$ph1ent['interface'] = $pconfig['interface'];
356			/* if the remote gateway changed and the interface is not WAN then remove route */
357			/* the vpn_ipsec_configure() handles adding the route */
358	3462a529	Matthew Grooms	if ($pconfig['interface'] <> "wan") {
359	7fc26246	Seth Mos	if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
360	3acab378	smos	mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
361	a93e56c5	Matthew Grooms	}
362			}
363
364	3462a529	Matthew Grooms	if ($pconfig['mobile'])
365			$ph1ent['mobile'] = true;
366			else
367			$ph1ent['remote-gateway'] = $pconfig['remotegw'];
368
369	e79b24ab	Seth Mos	$ph1ent['protocol'] = $pconfig['protocol'];
370	3462a529	Matthew Grooms
371			$ph1ent['myid_type'] = $pconfig['myid_type'];
372			$ph1ent['myid_data'] = $pconfig['myid_data'];
373			$ph1ent['peerid_type'] = $pconfig['peerid_type'];
374			$ph1ent['peerid_data'] = $pconfig['peerid_data'];
375	a93e56c5	Matthew Grooms
376			$ph1ent['encryption-algorithm'] = $pconfig['ealgo'];
377	3462a529	Matthew Grooms	$ph1ent['hash-algorithm'] = $pconfig['halgo'];
378			$ph1ent['dhgroup'] = $pconfig['dhgroup'];
379			$ph1ent['lifetime'] = $pconfig['lifetime'];
380			$ph1ent['pre-shared-key'] = $pconfig['pskey'];
381			$ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
382	73fbece8	mgrooms	$ph1ent['certref'] = $pconfig['certref'];
383	a22d475f	jim-p	$ph1ent['caref'] = $pconfig['caref'];
384	3462a529	Matthew Grooms	$ph1ent['authentication_method'] = $pconfig['authentication_method'];
385			$ph1ent['descr'] = $pconfig['descr'];
386			$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
387	065e78b3	Chris Buechler	$ph1ent['mobike'] = $pconfig['mobike'];
388	3462a529	Matthew Grooms
389	0e7aad67	Ermal	if (isset($pconfig['reauth_enable']))
390			$ph1ent['reauth_enable'] = true;
391	a6a42b6d	Ermal LUÇI	else
392			unset($ph1ent['reauth_enable']);
393	0e7aad67	Ermal	if (isset($pconfig['rekey_enable']))
394			$ph1ent['rekey_enable'] = true;
395	a6a42b6d	Ermal LUÇI	else
396			unset($ph1ent['rekey_enable']);
397	0e7aad67	Ermal
398	87808568	Ermal LUÇI	if (isset($pconfig['responderonly']))
399			$ph1ent['responderonly'] = true;
400			else
401			unset($ph1ent['responderonly']);
402
403	3462a529	Matthew Grooms	if (isset($pconfig['dpd_enable'])) {
404			$ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
405			$ph1ent['dpd_maxfail'] = $pconfig['dpd_maxfail'];
406			}
407
408	a93e56c5	Matthew Grooms	/* generate unique phase1 ikeid */
409	d799787e	Matthew Grooms	if ($ph1ent['ikeid'] == 0)
410			$ph1ent['ikeid'] = ipsec_ikeid_next();
411	a93e56c5	Matthew Grooms
412			if (isset($p1index) && $a_phase1[$p1index])
413			$a_phase1[$p1index] = $ph1ent;
414			else
415			$a_phase1[] = $ph1ent;
416
417			write_config();
418	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
419	a93e56c5	Matthew Grooms
420			header("Location: vpn_ipsec.php");
421			exit;
422			}
423			}
424
425	3462a529	Matthew Grooms	if ($pconfig['mobile'])
426	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client"));
427	3462a529	Matthew Grooms	else
428	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"));
429	b32dd0a6	jim-p	$shortcut_section = "ipsec";
430	6deedfde	jim-p
431	3462a529	Matthew Grooms
432	a93e56c5	Matthew Grooms	include("head.inc");
433
434			?>
435
436			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
437			<?php include("fbegin.inc"); ?>
438	91f026b0	ayvis	<script type="text/javascript">
439	a0fca224	Colin Fleming	//<![CDATA[
440	3462a529	Matthew Grooms
441			function myidsel_change() {
442			index = document.iform.myid_type.selectedIndex;
443			value = document.iform.myid_type.options[index].value;
444			if (value == 'myaddress')
445	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'hidden';
446	3462a529	Matthew Grooms	else
447	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'visible';
448	3462a529	Matthew Grooms	}
449
450	0771969b	Ermal LUÇI	function iketype_change() {
451			index = document.iform.iketype.selectedIndex;
452			value = document.iform.iketype.options[index].value;
453	065e78b3	Chris Buechler	if (value == 'ikev2') {
454	0771969b	Ermal LUÇI	document.getElementById('negmode').style.display= 'none';
455	065e78b3	Chris Buechler	document.getElementById('mobike').style.display= '';
456			document.getElementById('natt').style.display= 'none';
457			document.getElementById('disablereauth').style.display= '';
458			} else {
459	0771969b	Ermal LUÇI	document.getElementById('negmode').style.display = '';
460	065e78b3	Chris Buechler	document.getElementById('mobike').style.display = 'none';
461			document.getElementById('natt').style.display= '';
462			document.getElementById('disablereauth').style.display= 'none';
463			}
464	0771969b	Ermal LUÇI	}
465
466	3462a529	Matthew Grooms	function peeridsel_change() {
467			index = document.iform.peerid_type.selectedIndex;
468			value = document.iform.peerid_type.options[index].value;
469			if (value == 'peeraddress')
470	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'hidden';
471	3462a529	Matthew Grooms	else
472	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'visible';
473	3462a529	Matthew Grooms	}
474
475	a93e56c5	Matthew Grooms	function methodsel_change() {
476	3462a529	Matthew Grooms	index = document.iform.authentication_method.selectedIndex;
477			value = document.iform.authentication_method.options[index].value;
478
479			switch (value) {
480	10e2acb5	Ermal LUÇI	case 'eap-mschapv2':
481	fa4e059e	Ermal	case 'eap-tls':
482			document.getElementById('opt_psk').style.display = 'none';
483			document.getElementById('opt_peerid').style.display = '';
484			document.getElementById('opt_cert').style.display = '';
485			document.getElementById('opt_ca').style.display = '';
486			document.getElementById('opt_cert').disabled = false;
487			document.getElementById('opt_ca').disabled = false;
488			break;
489			case 'hybrid_rsa_server':
490			document.getElementById('opt_psk').style.display = 'none';
491			document.getElementById('opt_peerid').style.display = '';
492			document.getElementById('opt_cert').style.display = '';
493			document.getElementById('opt_ca').style.display = '';
494			document.getElementById('opt_cert').disabled = false;
495			document.getElementById('opt_ca').disabled = false;
496			break;
497			case 'xauth_rsa_server':
498			case 'rsasig':
499			document.getElementById('opt_psk').style.display = 'none';
500			document.getElementById('opt_peerid').style.display = '';
501			document.getElementById('opt_cert').style.display = '';
502			document.getElementById('opt_ca').style.display = '';
503			document.getElementById('opt_cert').disabled = false;
504			document.getElementById('opt_ca').disabled = false;
505			break;
506	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
507	fa4e059e	Ermal	case 'pre_shared_key':
508			document.getElementById('opt_psk').style.display = 'none';
509			document.getElementById('opt_peerid').style.display = 'none';
510			document.getElementById('opt_cert').style.display = 'none';
511			document.getElementById('opt_ca').style.display = 'none';
512			document.getElementById('opt_cert').disabled = true;
513			document.getElementById('opt_ca').disabled = true;
514			break;
515	1f65618b	jim-p	<?php } ?>
516	fa4e059e	Ermal	default: /* psk modes*/
517			document.getElementById('opt_psk').style.display = '';
518			document.getElementById('opt_peerid').style.display = '';
519			document.getElementById('opt_cert').style.display = 'none';
520			document.getElementById('opt_ca').style.display = 'none';
521			document.getElementById('opt_cert').disabled = true;
522			document.getElementById('opt_ca').disabled = true;
523			break;
524	a93e56c5	Matthew Grooms	}
525			}
526
527			/* PHP generated java script for variable length keys */
528			function ealgosel_change(bits) {
529			switch (document.iform.ealgo.selectedIndex) {
530			<?php
531	ab2ccd9f	Renato Botelho	$i = 0;
532			foreach ($p1_ealgos as $algo => $algodata) {
533			if (is_array($algodata['keysel'])) {
534			echo " case {$i}:\n";
535			echo " document.iform.ealgo_keylen.style.visibility = 'visible';\n";
536			echo " document.iform.ealgo_keylen.options.length = 0;\n";
537			// echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
538
539			$key_hi = $algodata['keysel']['hi'];
540			$key_lo = $algodata['keysel']['lo'];
541			$key_step = $algodata['keysel']['step'];
542
543			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step)
544			echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n";
545			echo " break;\n";
546			} else {
547			echo " case {$i}:\n";
548			echo " document.iform.ealgo_keylen.style.visibility = 'hidden';\n";
549			echo " document.iform.ealgo_keylen.options.length = 0;\n";
550			echo " break;\n";
551			}
552			$i++;
553			}
554	a93e56c5	Matthew Grooms	?>
555			}
556
557			if( bits )
558			document.iform.ealgo_keylen.value = bits;
559			}
560	3462a529	Matthew Grooms
561	a93e56c5	Matthew Grooms	function dpdchkbox_change() {
562	5a3b0d3b	mgrooms	if( document.iform.dpd_enable.checked )
563			document.getElementById('opt_dpd').style.display = '';
564			else
565			document.getElementById('opt_dpd').style.display = 'none';
566	3462a529	Matthew Grooms
567			if (!document.iform.dpd_delay.value)
568			document.iform.dpd_delay.value = "10";
569
570			if (!document.iform.dpd_maxfail.value)
571			document.iform.dpd_maxfail.value = "5";
572	a93e56c5	Matthew Grooms	}
573	3462a529	Matthew Grooms
574	a0fca224	Colin Fleming	//]]>
575	a93e56c5	Matthew Grooms	</script>
576	5a3b0d3b	mgrooms
577			<form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform">
578
579			<?php
580			if ($input_errors)
581			print_input_errors($input_errors);
582			?>
583
584	a0fca224	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-1">
585	5a3b0d3b	mgrooms	<tr class="tabnavtbl">
586			<td id="tabnav">
587			<?php
588			$tab_array = array();
589	2fbb33f1	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
590			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
591	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
592	71172088	jim-p	$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
593	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
594			?>
595			</td>
596			</tr>
597			<tr>
598			<td id="mainarea">
599			<div class="tabcont">
600	a0fca224	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
601	5a3b0d3b	mgrooms	<tr>
602	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
603	5a3b0d3b	mgrooms	</tr>
604			<tr>
605	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
606	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
607	a0fca224	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
608	8cd558b6	ayvis	<strong><?=gettext("Disable this phase1 entry"); ?></strong><br />
609	5a3b0d3b	mgrooms	<span class="vexpl">
610	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this phase1 without " .
611			"removing it from the list"); ?>.
612	5a3b0d3b	mgrooms	</span>
613			</td>
614			</tr>
615	20452c68	Ermal	<tr>
616			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key Exchange version"); ?></td>
617			<td width="78%" class="vtable">
618	0771969b	Ermal LUÇI	<select name="iketype" class="formselect" onchange='iketype_change()'>
619	20452c68	Ermal	<?php
620	ddabd9d6	Ermal	$keyexchange = array("ikev1" => "V1", "ikev2" => "V2", "auto" => "Auto");
621	20452c68	Ermal	foreach ($keyexchange as $kidx => $name):
622			?>
623	a0fca224	Colin Fleming	<option value="<?=$kidx;?>" <?php if ($kidx == $pconfig['iketype']) echo "selected=\"selected\""; ?>>
624	20452c68	Ermal	<?=htmlspecialchars($name);?>
625			</option>
626			<?php endforeach; ?>
627	24aa9e40	Chris Buechler	</select> <br /> <span class="vexpl"><?=gettext("Select the Internet Key Exchange protocol version to be used, IKEv1 or IKEv2"); ?>.</span>
628	20452c68	Ermal	</td>
629			</tr>
630	e79b24ab	Seth Mos	<tr>
631			<td width="22%" valign="top" class="vncellreq"><?=gettext("Internet Protocol"); ?></td>
632			<td width="78%" class="vtable">
633			<select name="protocol" class="formselect">
634			<?php
635			$protocols = array("inet" => "IPv4", "inet6" => "IPv6");
636			foreach ($protocols as $protocol => $name):
637			?>
638	a0fca224	Colin Fleming	<option value="<?=$protocol;?>" <?php if ($protocol == $pconfig['protocol']) echo "selected=\"selected\""; ?>>
639	e79b24ab	Seth Mos	<?=htmlspecialchars($name);?>
640			</option>
641			<?php endforeach; ?>
642	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
643	e79b24ab	Seth Mos	</td>
644			</tr>
645	5a3b0d3b	mgrooms	<tr>
646	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
647	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
648			<select name="interface" class="formselect">
649	ab2ccd9f	Renato Botelho	<?php
650	5a3b0d3b	mgrooms	$interfaces = get_configured_interface_with_descr();
651	6dbffeda	smos
652	abcb2bed	Ermal Lu?i	$carplist = get_configured_carp_interface_list();
653			foreach ($carplist as $cif => $carpip)
654	dd62256f	Pierre POMES	$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
655	6dbffeda	smos
656	25f6730a	Pierre POMES	$aliaslist = get_configured_ip_aliases_list();
657			foreach ($aliaslist as $aliasip => $aliasif)
658	96b4c29a	Pierre POMES	$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
659	6dbffeda	smos
660			$grouplist = return_gateway_groups_array();
661			foreach ($grouplist as $name => $group) {
662			if($group[0]['vip'] <> "")
663			$vipif = $group[0]['vip'];
664			else
665			$vipif = $group[0]['int'];
666			$interfaces[$name] = "GW Group {$name}";
667			}
668
669
670	5a3b0d3b	mgrooms	foreach ($interfaces as $iface => $ifacename):
671			?>
672	a0fca224	Colin Fleming	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
673	5a3b0d3b	mgrooms	<?=htmlspecialchars($ifacename);?>
674			</option>
675			<?php endforeach; ?>
676			</select>
677	8cd558b6	ayvis	<br />
678	2fbb33f1	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Select the interface for the local endpoint of this phase1 entry"); ?>.</span>
679	5a3b0d3b	mgrooms	</td>
680			</tr>
681
682			<?php if (!$pconfig['mobile']): ?>
683
684			<tr>
685	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote gateway"); ?></td>
686	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
687	a0fca224	Colin Fleming	<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="28" value="<?=htmlspecialchars($pconfig['remotegw']);?>" />
688	8cd558b6	ayvis	<br />
689	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Enter the public IP address or host name of the remote gateway"); ?>
690	5a3b0d3b	mgrooms	</td>
691			</tr>
692
693			<?php endif; ?>
694
695			<tr>
696	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
697	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
698	a0fca224	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
699	8cd558b6	ayvis	<br />
700	5a3b0d3b	mgrooms	<span class="vexpl">
701	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
702			"for your reference (not parsed)"); ?>.
703	5a3b0d3b	mgrooms	</span>
704			</td>
705			</tr>
706			<tr>
707			<td colspan="2" class="list" height="12"></td>
708			</tr>
709			<tr>
710			<td colspan="2" valign="top" class="listtopic">
711	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Phase 1 proposal (Authentication)"); ?>
712	5a3b0d3b	mgrooms	</td>
713			</tr>
714	71d61aa5	jim-p	<tr>
715	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication method"); ?></td>
716	71d61aa5	jim-p	<td width="78%" class="vtable">
717	a0fca224	Colin Fleming	<select name="authentication_method" class="formselect" onchange="methodsel_change()">
718	71d61aa5	jim-p	<?php
719			foreach ($p1_authentication_methods as $method_type => $method_params):
720			if (!$pconfig['mobile'] && $method_params['mobile'])
721			continue;
722			?>
723	a0fca224	Colin Fleming	<option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected=\"selected\""; ?>>
724	71d61aa5	jim-p	<?=htmlspecialchars($method_params['name']);?>
725			</option>
726			<?php endforeach; ?>
727			</select>
728	8cd558b6	ayvis	<br />
729	71d61aa5	jim-p	<span class="vexpl">
730	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
731	71d61aa5	jim-p	</span>
732			</td>
733			</tr>
734	0771969b	Ermal LUÇI	<tr id='negmode' >
735	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Negotiation mode"); ?></td>
736	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
737			<select name="mode" class="formselect">
738			<?php
739	fc835b04	Ermal	$modes = array("main" => "Main", "aggressive" => "Aggressive");
740	0dc05b20	Ermal	foreach ($modes as $mode => $mdescr):
741	5a3b0d3b	mgrooms	?>
742	a0fca224	Colin Fleming	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['mode']) echo "selected=\"selected\""; ?>>
743	0dc05b20	Ermal	<?=htmlspecialchars($mdescr);?>
744	5a3b0d3b	mgrooms	</option>
745			<?php endforeach; ?>
746	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Aggressive is more flexible, but less secure"); ?>.</span>
747	5a3b0d3b	mgrooms	</td>
748			</tr>
749			<tr>
750	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My identifier"); ?></td>
751	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
752	a0fca224	Colin Fleming	<select name="myid_type" class="formselect" onchange="myidsel_change()">
753	5a3b0d3b	mgrooms	<?php foreach ($my_identifier_list as $id_type => $id_params): ?>
754	a0fca224	Colin Fleming	<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['myid_type']) echo "selected=\"selected\""; ?>>
755	5a3b0d3b	mgrooms	<?=htmlspecialchars($id_params['desc']);?>
756			</option>
757			<?php endforeach; ?>
758			</select>
759	a0fca224	Colin Fleming	<input name="myid_data" type="text" class="formfld unknown" id="myid_data" size="30" value="<?=htmlspecialchars($pconfig['myid_data']);?>" />
760	5a3b0d3b	mgrooms	</td>
761			</tr>
762	1f65618b	jim-p	<tr id="opt_peerid">
763	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer identifier"); ?></td>
764	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
765	a0fca224	Colin Fleming	<select name="peerid_type" class="formselect" onchange="peeridsel_change()">
766	5a3b0d3b	mgrooms	<?php
767			foreach ($peer_identifier_list as $id_type => $id_params):
768			if ($pconfig['mobile'] && !$id_params['mobile'])
769			continue;
770			?>
771	a0fca224	Colin Fleming	<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected=\"selected\""; ?>>
772	5a3b0d3b	mgrooms	<?=htmlspecialchars($id_params['desc']);?>
773			</option>
774			<?php endforeach; ?>
775			</select>
776	a0fca224	Colin Fleming	<input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=htmlspecialchars($pconfig['peerid_data']);?>" />
777	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
778	8cd558b6	ayvis	<br /><br /><?=gettext("NOTE: This is known as the \"group\" setting on some VPN client implementations"); ?>.
779	1f65618b	jim-p	<?php } ?>
780	5a3b0d3b	mgrooms	</td>
781			</tr>
782	71d61aa5	jim-p	<tr id="opt_psk">
783	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
784	71d61aa5	jim-p	<td width="78%" class="vtable">
785			<?=$mandfldhtml;?>
786	a0fca224	Colin Fleming	<input name="pskey" type="text" class="formfld unknown" id="pskey" size="40" value="<?=htmlspecialchars($pconfig['pskey']);?>" />
787	71d61aa5	jim-p	<span class="vexpl">
788	8cd558b6	ayvis	<br />
789	2a2b247b	jim-p	<?=gettext("Input your Pre-Shared Key string"); ?>.
790	71d61aa5	jim-p	</span>
791			</td>
792			</tr>
793	fa4e059e	Ermal	<tr id="opt_cert">
794			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td>
795			<td width="78%" class="vtable">
796			<select name="certref" class="formselect">
797			<?php
798			foreach ($config['cert'] as $cert):
799			$selected = "";
800			if ($pconfig['certref'] == $cert['refid'])
801			$selected = "selected=\"selected\"";
802			?>
803			<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option>
804			<?php endforeach; ?>
805			</select>
806			<br />
807			<span class="vexpl">
808			<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>.
809			</span>
810			</td>
811			</tr>
812			<tr id="opt_ca">
813			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
814			<td width="78%" class="vtable">
815			<select name="caref" class="formselect">
816			<?php
817			foreach ($config['ca'] as $ca):
818			$selected = "";
819			if ($pconfig['caref'] == $ca['refid'])
820			$selected = "selected=\"selected\"";
821			?>
822			<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
823			<?php endforeach; ?>
824			</select>
825			<br />
826			<span class="vexpl">
827			<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
828			</span>
829			</td>
830			</tr>
831			<tr>
832			<td colspan="2" valign="top" class="listtopic">
833			<?=gettext("Phase 1 proposal (Algorithms)"); ?>
834			</td>
835			</tr>
836	5a3b0d3b	mgrooms	<tr>
837	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
838	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
839	a0fca224	Colin Fleming	<select name="ealgo" class="formselect" onchange="ealgosel_change()">
840	5a3b0d3b	mgrooms	<?php
841			foreach ($p1_ealgos as $algo => $algodata):
842	a0fca224	Colin Fleming	$selected = "";
843	5a3b0d3b	mgrooms	if ($algo == $pconfig['ealgo']['name'])
844	a0fca224	Colin Fleming	$selected = " selected=\"selected\"";
845	5a3b0d3b	mgrooms	?>
846			<option value="<?=$algo;?>"<?=$selected?>>
847			<?=htmlspecialchars($algodata['name']);?>
848			</option>
849			<?php endforeach; ?>
850			</select>
851			<select name="ealgo_keylen" width="30" class="formselect">
852			</select>
853			</td>
854			</tr>
855			<tr>
856	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithm"); ?></td>
857	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
858			<select name="halgo" class="formselect">
859			<?php foreach ($p1_halgos as $algo => $algoname): ?>
860	a0fca224	Colin Fleming	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['halgo']) echo "selected=\"selected\""; ?>>
861	5a3b0d3b	mgrooms	<?=htmlspecialchars($algoname);?>
862			</option>
863			<?php endforeach; ?>
864			</select>
865	8cd558b6	ayvis	<br />
866	5a3b0d3b	mgrooms	<span class="vexpl">
867	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
868	5a3b0d3b	mgrooms	</span>
869			</td>
870			</tr>
871			<tr>
872	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH key group"); ?></td>
873	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
874			<select name="dhgroup" class="formselect">
875	665340db	jim-p	<?php foreach ($p1_dhgroups as $keygroup => $keygroupname): ?>
876	a0fca224	Colin Fleming	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['dhgroup']) echo "selected=\"selected\""; ?>>
877	665340db	jim-p	<?=htmlspecialchars($keygroupname);?>
878	5a3b0d3b	mgrooms	</option>
879			<?php endforeach; ?>
880			</select>
881	8cd558b6	ayvis	<br />
882	5a3b0d3b	mgrooms	<span class="vexpl">
883	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
884	5a3b0d3b	mgrooms	</span>
885			</td>
886			</tr>
887			<tr>
888	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
889	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
890	a0fca224	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />
891	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
892	5a3b0d3b	mgrooms	</td>
893			</tr>
894			<tr>
895			<td colspan="2" class="list" height="12"></td>
896			</tr>
897			<tr>
898	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
899	5a3b0d3b	mgrooms	</tr>
900	0e7aad67	Ermal	<tr>
901	3b9ef0ef	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Disable Rekey");?></td>
902	0e7aad67	Ermal	<td width="78%" class="vtable">
903			<input name="rekey_enable" type="checkbox" id="rekey_enable" value="yes" <?php if (isset($pconfig['rekey_enable'])) echo "checked=\"checked\""; ?> />
904			<?=gettext("Whether a connection should be renegotiated when it is about to expire."); ?><br />
905			</td>
906			</tr>
907	065e78b3	Chris Buechler	<tr id='disablereauth'>
908	3b9ef0ef	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Disable Reauth");?></td>
909	0e7aad67	Ermal	<td width="78%" class="vtable">
910			<input name="reauth_enable" type="checkbox" id="reauth_enable" value="yes" <?php if (isset($pconfig['reauth_enable'])) echo "checked=\"checked\""; ?> />
911	76266acd	Ermal	<?=gettext("Whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done."); ?><br />
912	0e7aad67	Ermal	</td>
913			</tr>
914	87808568	Ermal LUÇI	<tr>
915	d7f4c1a4	Chris Buechler	<td width="22%" valign="top" class="vncell"><?=gettext("Responder Only");?></td>
916	87808568	Ermal LUÇI	<td width="78%" class="vtable">
917			<input name="responderonly" type="checkbox" id="responderonly" value="yes" <?php if (isset($pconfig['responderonly'])) echo "checked=\"checked\""; ?> />
918	d7f4c1a4	Chris Buechler	<?=gettext("Enable this option to never initiate this connection from this side, only respond to incoming requests."); ?><br />
919	87808568	Ermal LUÇI	</td>
920			</tr>
921	065e78b3	Chris Buechler	<tr id='natt'>
922	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT Traversal"); ?></td>
923	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
924			<select name="nat_traversal" class="formselect">
925	0810a719	Ermal	<option value="on" <?php if ($pconfig['nat_traversal'] != 'on') echo "selected=\"selected\""; ?>><?=gettext("Auto"); ?></option>
926			<option value="force" <?php if ($pconfig['nat_traversal'] == 'force') echo "selected=\"selected\""; ?>><?=gettext("Force"); ?></option>
927	5a3b0d3b	mgrooms	</select>
928	8cd558b6	ayvis	<br />
929	5a3b0d3b	mgrooms	<span class="vexpl">
930	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed, " .
931			"which can help with clients that are behind restrictive firewalls"); ?>.
932	5a3b0d3b	mgrooms	</span>
933			</td>
934	065e78b3	Chris Buechler	</tr>
935			<tr id='mobike'>
936			<td width="22%" valign="top" class="vncell"><?=gettext("MOBIKE"); ?></td>
937			<td width="78%" class="vtable">
938			<select name="mobike" class="formselect">
939			<option value="on" <?php if ($pconfig['mobike'] == 'on') echo "selected=\"selected\""; ?>><?=gettext("Enable"); ?></option>
940			<option value="off" <?php if ($pconfig['mobike'] != 'on') echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
941			</select>
942			<br />
943			<span class="vexpl">
944			<?=gettext("Set this option to control the use of MOBIKE"); ?>.
945			</span>
946			</td>
947	5a3b0d3b	mgrooms	</tr>
948			<tr>
949	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dead Peer Detection"); ?></td>
950	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
951	a0fca224	Colin Fleming	<input name="dpd_enable" type="checkbox" id="dpd_enable" value="yes" <?php if (isset($pconfig['dpd_enable'])) echo "checked=\"checked\""; ?> onclick="dpdchkbox_change()" />
952	8cd558b6	ayvis	<?=gettext("Enable DPD"); ?><br />
953	5a3b0d3b	mgrooms	<div id="opt_dpd">
954	8cd558b6	ayvis	<br />
955	a0fca224	Colin Fleming	<input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=htmlspecialchars($pconfig['dpd_delay']);?>" />
956	8cd558b6	ayvis	<?=gettext("seconds"); ?><br />
957	5a3b0d3b	mgrooms	<span class="vexpl">
958	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Delay between requesting peer acknowledgement"); ?>.
959	8cd558b6	ayvis	</span><br />
960			<br />
961	a0fca224	Colin Fleming	<input name="dpd_maxfail" type="text" class="formfld unknown" id="dpd_maxfail" size="5" value="<?=htmlspecialchars($pconfig['dpd_maxfail']);?>" />
962	8cd558b6	ayvis	<?=gettext("retries"); ?><br />
963	5a3b0d3b	mgrooms	<span class="vexpl">
964	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Number of consecutive failures allowed before disconnect"); ?>.
965	5a3b0d3b	mgrooms	</span>
966	8cd558b6	ayvis	<br />
967	5a3b0d3b	mgrooms	</div>
968			</td>
969			</tr>
970			<tr>
971			<td width="22%" valign="top"> </td>
972			<td width="78%">
973			<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
974	a0fca224	Colin Fleming	<input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>" />
975	5a3b0d3b	mgrooms	<?php endif; ?>
976			<?php if ($pconfig['mobile']): ?>
977	a0fca224	Colin Fleming	<input name="mobile" type="hidden" value="true" />
978	5a3b0d3b	mgrooms	<?php endif; ?>
979	a0fca224	Colin Fleming	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" />
980			<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
981	5a3b0d3b	mgrooms	</td>
982			</tr>
983			</table>
984			</div>
985			</td>
986			</tr>
987			</table>
988	a93e56c5	Matthew Grooms	</form>
989	5a3b0d3b	mgrooms
990	a0fca224	Colin Fleming	<script type="text/javascript">
991			//<![CDATA[
992	a93e56c5	Matthew Grooms	<?php
993			/* determine if we should init the key length */
994			$keyset = '';
995			if (isset($pconfig['ealgo']['keylen']))
996			if (is_numeric($pconfig['ealgo']['keylen']))
997			$keyset = $pconfig['ealgo']['keylen'];
998			?>
999	3462a529	Matthew Grooms	myidsel_change();
1000			peeridsel_change();
1001	0771969b	Ermal LUÇI	iketype_change();
1002	a93e56c5	Matthew Grooms	methodsel_change();
1003			ealgosel_change(<?=$keyset;?>);
1004			dpdchkbox_change();
1005	a0fca224	Colin Fleming	//]]>
1006	a93e56c5	Matthew Grooms	</script>
1007			<?php include("fend.inc"); ?>
1008	3462a529	Matthew Grooms	</body>
1009			</html>

Project

General

Profile

pfSense