/usr/local/www/vpn_ipsec_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_edit.php @ 5424dedc

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2			<?php
3			/*
4			vpn_ipsec_edit.php
5	cfc707f7	Scott Ullrich	Copyright (C) 2004 Scott Ullrich
6			All rights reserved.
7	5dd55fa3	Scott Ullrich
8	cfc707f7	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	40dd6441	Scott Ullrich
12	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	5dd55fa3	Scott Ullrich
15	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	5dd55fa3	Scott Ullrich
18	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	5dd55fa3	Scott Ullrich
22	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33
34			require("guiconfig.inc");
35
36			if (!is_array($config['ipsec']['tunnel'])) {
37			$config['ipsec']['tunnel'] = array();
38			}
39			$a_ipsec = &$config['ipsec']['tunnel'];
40
41			$specialsrcdst = explode(" ", "lan");
42
43			$id = $_GET['id'];
44			if (isset($_POST['id']))
45			$id = $_POST['id'];
46	5dd55fa3	Scott Ullrich
47	5b237745	Scott Ullrich	function is_specialnet($net) {
48			global $specialsrcdst;
49	5dd55fa3	Scott Ullrich
50	5b237745	Scott Ullrich	if (in_array($net, $specialsrcdst))
51			return true;
52			else
53			return false;
54			}
55
56			function address_to_pconfig($adr, &$padr, &$pmask) {
57	5dd55fa3	Scott Ullrich
58	5b237745	Scott Ullrich	if ($adr['network'])
59			$padr = $adr['network'];
60			else if ($adr['address']) {
61			list($padr, $pmask) = explode("/", $adr['address']);
62			if (is_null($pmask))
63			$pmask = 32;
64			}
65			}
66
67			function pconfig_to_address(&$adr, $padr, $pmask) {
68	5dd55fa3	Scott Ullrich
69	5b237745	Scott Ullrich	$adr = array();
70	5dd55fa3	Scott Ullrich
71	5b237745	Scott Ullrich	if (is_specialnet($padr))
72			$adr['network'] = $padr;
73			else {
74			$adr['address'] = $padr;
75			if ($pmask != 32)
76			$adr['address'] .= "/" . $pmask;
77			}
78			}
79
80			if (isset($id) && $a_ipsec[$id]) {
81			$pconfig['disabled'] = isset($a_ipsec[$id]['disabled']);
82			$pconfig['auto'] = isset($a_ipsec[$id]['auto']);
83	5dd55fa3	Scott Ullrich	$pconfig['creategif'] = $a_filter[$id]['creategif'];
84	c8e8de6f	Scott Ullrich
85	5b237745	Scott Ullrich	if (!isset($a_ipsec[$id]['local-subnet']))
86			$pconfig['localnet'] = "lan";
87			else
88			address_to_pconfig($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']);
89	5dd55fa3	Scott Ullrich
90	5b237745	Scott Ullrich	if ($a_ipsec[$id]['interface'])
91			$pconfig['interface'] = $a_ipsec[$id]['interface'];
92			else
93			$pconfig['interface'] = "wan";
94	5dd55fa3	Scott Ullrich
95	5b237745	Scott Ullrich	list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']);
96			$pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway'];
97			$pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode'];
98	5dd55fa3	Scott Ullrich
99	5b237745	Scott Ullrich	if (isset($a_ipsec[$id]['p1']['myident']['myaddress']))
100			$pconfig['p1myidentt'] = 'myaddress';
101			else if (isset($a_ipsec[$id]['p1']['myident']['address'])) {
102			$pconfig['p1myidentt'] = 'address';
103			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['address'];
104			} else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) {
105			$pconfig['p1myidentt'] = 'fqdn';
106			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn'];
107			} else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) {
108			$pconfig['p1myidentt'] = 'user_fqdn';
109			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
110			}
111	5dd55fa3	Scott Ullrich
112	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
113			$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
114			$pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
115			$pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
116			$pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
117			$pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
118			$pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
119			$pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
120			$pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup'];
121			$pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime'];
122			$pconfig['descr'] = $a_ipsec[$id]['descr'];
123	5dd55fa3	Scott Ullrich
124	5b237745	Scott Ullrich	} else {
125			/* defaults */
126			$pconfig['interface'] = "wan";
127			$pconfig['localnet'] = "lan";
128			$pconfig['p1mode'] = "aggressive";
129			$pconfig['p1myidentt'] = "myaddress";
130			$pconfig['p1ealgo'] = "3des";
131			$pconfig['p1halgo'] = "sha1";
132			$pconfig['p1dhgroup'] = "2";
133			$pconfig['p2proto'] = "esp";
134			$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael");
135			$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
136			$pconfig['p2pfsgroup'] = "0";
137			}
138
139			if ($_POST) {
140			if (is_specialnet($_POST['localnettype'])) {
141			$_POST['localnet'] = $_POST['localnettype'];
142			$_POST['localnetmask'] = 0;
143			} else if ($_POST['localnettype'] == "single") {
144			$_POST['localnetmask'] = 32;
145			}
146	5dd55fa3	Scott Ullrich
147	5b237745	Scott Ullrich	unset($input_errors);
148			$pconfig = $_POST;
149
150			/* input validation */
151			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
152			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
153	5dd55fa3	Scott Ullrich
154	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
155	5dd55fa3	Scott Ullrich
156	5b237745	Scott Ullrich	if (!is_specialnet($_POST['localnettype'])) {
157			if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) {
158			$input_errors[] = "A valid local network IP address must be specified.";
159			}
160			if (($_POST['localnetmask'] && !is_numeric($_POST['localnetmask']))) {
161			$input_errors[] = "A valid local network bit count must be specified.";
162			}
163			}
164			if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
165			$input_errors[] = "The P1 lifetime must be an integer.";
166			}
167			if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
168			$input_errors[] = "The P2 lifetime must be an integer.";
169			}
170			if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) \|\| ($_POST['remotebits'] <= 0) \|\| ($_POST['remotebits'] > 32))) {
171			$input_errors[] = "The remote network bits are invalid.";
172			}
173			if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet']))) {
174			$input_errors[] = "A valid remote network address must be specified.";
175			}
176			if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) {
177			$input_errors[] = "A valid remote gateway address must be specified.";
178			}
179			if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) {
180			$input_errors[] = "A valid IP address for 'My identifier' must be specified.";
181			}
182			if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
183			$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
184			}
185			if ($_POST['p1myidentt'] == "user_fqdn") {
186			$ufqdn = explode("@",$_POST['p1myident']);
187	5dd55fa3	Scott Ullrich	if (!is_domain($ufqdn[1]))
188	5b237745	Scott Ullrich	$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
189			}
190	5dd55fa3	Scott Ullrich
191	5b237745	Scott Ullrich	if ($_POST['p1myidentt'] == "myaddress")
192			$_POST['p1myident'] = "";
193
194			if (!$input_errors) {
195			$ipsecent['disabled'] = $_POST['disabled'] ? true : false;
196			$ipsecent['auto'] = $_POST['auto'] ? true : false;
197			$ipsecent['interface'] = $pconfig['interface'];
198			pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
199			$ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
200			$ipsecent['remote-gateway'] = $_POST['remotegw'];
201			$ipsecent['p1']['mode'] = $_POST['p1mode'];
202	5dd55fa3	Scott Ullrich
203	5b237745	Scott Ullrich	$ipsecent['p1']['myident'] = array();
204			switch ($_POST['p1myidentt']) {
205			case 'myaddress':
206			$ipsecent['p1']['myident']['myaddress'] = true;
207			break;
208			case 'address':
209			$ipsecent['p1']['myident']['address'] = $_POST['p1myident'];
210			break;
211			case 'fqdn':
212			$ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
213			break;
214			case 'user_fqdn':
215			$ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
216			break;
217			}
218	5dd55fa3	Scott Ullrich
219	5b237745	Scott Ullrich	$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
220			$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
221			$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
222			$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
223			$ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
224			$ipsecent['p2']['protocol'] = $_POST['p2proto'];
225			$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
226			$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
227			$ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
228			$ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
229			$ipsecent['descr'] = $_POST['descr'];
230	5dd55fa3	Scott Ullrich
231	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id])
232			$a_ipsec[$id] = $ipsecent;
233			else
234			$a_ipsec[] = $ipsecent;
235	5dd55fa3	Scott Ullrich
236	5b237745	Scott Ullrich	write_config();
237			touch($d_ipsecconfdirty_path);
238	5dd55fa3	Scott Ullrich
239	5b237745	Scott Ullrich	header("Location: vpn_ipsec.php");
240			exit;
241			}
242			}
243			?>
244			<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
245			<html>
246			<head>
247			<title><?=gentitle("VPN: IPsec: Edit tunnel");?></title>
248			<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
249			<link href="gui.css" rel="stylesheet" type="text/css">
250			<script language="JavaScript">
251			<!--
252			function typesel_change() {
253			switch (document.iform.localnettype.selectedIndex) {
254			case 0: /* single */
255			document.iform.localnet.disabled = 0;
256			document.iform.localnetmask.value = "";
257			document.iform.localnetmask.disabled = 1;
258			break;
259			case 1: /* network */
260			document.iform.localnet.disabled = 0;
261			document.iform.localnetmask.disabled = 0;
262			break;
263			default:
264			document.iform.localnet.value = "";
265			document.iform.localnet.disabled = 1;
266			document.iform.localnetmask.value = "";
267			document.iform.localnetmask.disabled = 1;
268			break;
269			}
270			}
271			//-->
272			</script>
273			</head>
274
275			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
276			<?php include("fbegin.inc"); ?>
277			<p class="pgtitle">VPN: IPsec: Edit tunnel</p>
278			<?php if ($input_errors) print_input_errors($input_errors); ?>
279			<form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
280			<table width="100%" border="0" cellpadding="6" cellspacing="0">
281	5dd55fa3	Scott Ullrich	<tr>
282	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Mode</td>
283			<td width="78%" class="vtable"> Tunnel</td>
284			</tr>
285	5dd55fa3	Scott Ullrich	<tr>
286	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Disabled</td>
287	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
288	5b237745	Scott Ullrich	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
289			<strong>Disable this tunnel</strong><br>
290			<span class="vexpl">Set this option to disable this tunnel without
291			removing it from the list.</span></td>
292			</tr>
293	5dd55fa3	Scott Ullrich	<tr>
294	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Auto-establish</td>
295	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
296	5b237745	Scott Ullrich	<input name="auto" type="checkbox" id="auto" value="yes" <?php if ($pconfig['auto']) echo "checked"; ?>>
297			<strong>Automatically establish this tunnel</strong><br>
298			<span class="vexpl">Set this option to automatically re-establish this tunnel after reboots/reconfigures. If this is not set, the tunnel is established on demand.</span></td>
299			</tr>
300	5dd55fa3	Scott Ullrich	<tr>
301	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
302			<td width="78%" class="vtable"> <select name="interface" class="formfld">
303			<?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
304			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
305			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
306			}
307			foreach ($interfaces as $iface => $ifacename): ?>
308	5dd55fa3	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
309	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
310			</option>
311			<?php endforeach; ?>
312			</select> <br>
313			<span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td>
314			</tr>
315	5dd55fa3	Scott Ullrich	<tr>
316	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local subnet</td>
317	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
318	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
319	5dd55fa3	Scott Ullrich	<tr>
320	5b237745	Scott Ullrich	<td>Type:  </td>
321			<td><select name="localnettype" class="formfld" onChange="typesel_change()">
322			<?php $sel = is_specialnet($pconfig['localnet']); ?>
323	5dd55fa3	Scott Ullrich	<option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
324	5b237745	Scott Ullrich	Single host</option>
325	5dd55fa3	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
326	5b237745	Scott Ullrich	Network</option>
327	5dd55fa3	Scott Ullrich	<option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
328	5b237745	Scott Ullrich	LAN subnet</option>
329			</select></td>
330			</tr>
331	5dd55fa3	Scott Ullrich	<tr>
332	5b237745	Scott Ullrich	<td>Address:  </td>
333			<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
334	5dd55fa3	Scott Ullrich	/
335	5b237745	Scott Ullrich	<select name="localnetmask" class="formfld" id="localnetmask">
336	40dd6441	Scott Ullrich	<?php for ($i = 32; $i >= 0; $i--): ?>
337	5b237745	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
338			<?=$i;?>
339			</option>
340			<?php endfor; ?>
341			</select> </td>
342			</tr>
343			</table></td>
344			</tr>
345	5dd55fa3	Scott Ullrich	<tr>
346	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote subnet</td>
347	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
348	5b237745	Scott Ullrich	<input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
349	5dd55fa3	Scott Ullrich	/
350	5b237745	Scott Ullrich	<select name="remotebits" class="formfld" id="remotebits">
351			<?php for ($i = 32; $i > 0; $i--): ?>
352	5dd55fa3	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
353	5b237745	Scott Ullrich	<?=$i;?>
354			</option>
355			<?php endfor; ?>
356			</select></td>
357			</tr>
358	5dd55fa3	Scott Ullrich	<tr>
359	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote gateway</td>
360	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
361			<input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
362	5b237745	Scott Ullrich	<br>
363			Enter the public IP address of the remote gateway</td>
364			</tr>
365	5dd55fa3	Scott Ullrich	<tr>
366	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
367	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
368			<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
369			<br> <span class="vexpl">You may enter a description here
370	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
371			</tr>
372	5dd55fa3	Scott Ullrich	<tr>
373	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
374			</tr>
375	5dd55fa3	Scott Ullrich	<tr>
376			<td colspan="2" valign="top" class="listtopic">Phase 1 proposal
377	5b237745	Scott Ullrich	(Authentication)</td>
378			</tr>
379	5dd55fa3	Scott Ullrich	<tr>
380	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
381			<td width="78%" class="vtable">
382			<select name="p1mode" class="formfld">
383			<?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
384	5dd55fa3	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
385	5b237745	Scott Ullrich	<?=htmlspecialchars($mode);?>
386			</option>
387			<?php endforeach; ?>
388	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl">Aggressive is faster, but
389	5b237745	Scott Ullrich	less secure.</span></td>
390			</tr>
391	5dd55fa3	Scott Ullrich	<tr>
392	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">My identifier</td>
393			<td width="78%" class="vtable">
394			<select name="p1myidentt" class="formfld">
395			<?php foreach ($my_identifier_list as $mode => $modename): ?>
396	5dd55fa3	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
397	5b237745	Scott Ullrich	<?=htmlspecialchars($modename);?>
398			</option>
399			<?php endforeach; ?>
400	5dd55fa3	Scott Ullrich	</select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
401	5b237745	Scott Ullrich	</td>
402			</tr>
403	5dd55fa3	Scott Ullrich	<tr>
404	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
405			<td width="78%" class="vtable">
406			<select name="p1ealgo" class="formfld">
407			<?php foreach ($p1_ealgos as $algo => $algoname): ?>
408	5dd55fa3	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
409	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
410			</option>
411			<?php endforeach; ?>
412	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
413	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
414			</tr>
415	5dd55fa3	Scott Ullrich	<tr>
416	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
417			<td width="78%" class="vtable">
418			<select name="p1halgo" class="formfld">
419			<?php foreach ($p1_halgos as $algo => $algoname): ?>
420	5dd55fa3	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
421	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
422			</option>
423			<?php endforeach; ?>
424	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
425	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
426			</tr>
427	5dd55fa3	Scott Ullrich	<tr>
428	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">DH key group</td>
429			<td width="78%" class="vtable">
430			<select name="p1dhgroup" class="formfld">
431			<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
432	5dd55fa3	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
433	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroup);?>
434			</option>
435			<?php endforeach; ?>
436	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
437	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em><br>
438			Must match the setting chosen on the remote side. </span></td>
439			</tr>
440	5dd55fa3	Scott Ullrich	<tr>
441	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
442	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
443	5b237745	Scott Ullrich	<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
444			seconds</td>
445			</tr>
446	5dd55fa3	Scott Ullrich	<tr>
447	a615fd33	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
448	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
449			<input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
450	a615fd33	Scott Ullrich	<br>ASCII characters only!
451	5b237745	Scott Ullrich	</td>
452			</tr>
453	5dd55fa3	Scott Ullrich	<tr>
454	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
455			</tr>
456	5dd55fa3	Scott Ullrich	<tr>
457			<td colspan="2" valign="top" class="listtopic">Phase 2 proposal
458	5b237745	Scott Ullrich	(SA/Key Exchange)</td>
459			</tr>
460	5dd55fa3	Scott Ullrich	<tr>
461	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
462			<td width="78%" class="vtable">
463			<select name="p2proto" class="formfld">
464			<?php foreach ($p2_protos as $proto => $protoname): ?>
465	5dd55fa3	Scott Ullrich	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
466	5b237745	Scott Ullrich	<?=htmlspecialchars($protoname);?>
467			</option>
468			<?php endforeach; ?>
469	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl">ESP is encryption, AH is
470	5b237745	Scott Ullrich	authentication only </span></td>
471			</tr>
472	5dd55fa3	Scott Ullrich	<tr>
473	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
474	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
475	5b237745	Scott Ullrich	<?php foreach ($p2_ealgos as $algo => $algoname): ?>
476	5dd55fa3	Scott Ullrich	<input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
477	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
478	5dd55fa3	Scott Ullrich	<br>
479	5b237745	Scott Ullrich	<?php endforeach; ?>
480			<br>
481	5dd55fa3	Scott Ullrich	Hint: use 3DES for best compatibility or if you have a hardware
482			crypto accelerator card. Blowfish is usually the fastest in
483	5b237745	Scott Ullrich	software encryption. </td>
484			</tr>
485	5dd55fa3	Scott Ullrich	<tr>
486	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
487	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
488	5b237745	Scott Ullrich	<?php foreach ($p2_halgos as $algo => $algoname): ?>
489	5dd55fa3	Scott Ullrich	<input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
490	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
491	5dd55fa3	Scott Ullrich	<br>
492	5b237745	Scott Ullrich	<?php endforeach; ?>
493			</td>
494			</tr>
495	5dd55fa3	Scott Ullrich	<tr>
496	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">PFS key group</td>
497			<td width="78%" class="vtable">
498			<select name="p2pfsgroup" class="formfld">
499			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
500	5dd55fa3	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
501	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroupname);?>
502			</option>
503			<?php endforeach; ?>
504	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
505	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em></span></td>
506			</tr>
507	5dd55fa3	Scott Ullrich	<tr>
508	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
509	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
510	5b237745	Scott Ullrich	<input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
511			seconds</td>
512			</tr>
513	5dd55fa3	Scott Ullrich
514
515			<tr>
516			<td colspan="2" class="list" height="12"></td>
517			</tr>
518			<tr>
519			<td colspan="2" valign="top" class="listtopic">Misc</td>
520			</tr>
521			<tr>
522			<td width="22%" valign="top" class="vncell">Multi-Tunnel routing</td>
523			<td width="78%" class="vtable">
524			<input name="creategif" type="checkbox" id="creategif" size="40" value="<? if($pconfig['creategif']) echo " CHECKED"; ?>"><b> Turn on multi-subnet routing.</b>
525			<br> <span class="vexpl">If you would like to route multiple subnets across this VPN, check this.</span></td>
526			</tr>
527
528			<tr>
529	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
530	5dd55fa3	Scott Ullrich	<td width="78%">
531			<input name="Submit" type="submit" class="formbtn" value="Save">
532	5b237745	Scott Ullrich	<?php if (isset($id) && $a_ipsec[$id]): ?>
533	5dd55fa3	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
534	5b237745	Scott Ullrich	<?php endif; ?>
535			</td>
536			</tr>
537			</table>
538			</form>
539			<script language="JavaScript">
540			<!--
541			typesel_change();
542			//-->
543			</script>
544			<?php include("fend.inc"); ?>
545			</body>
546			</html>

Project

General

Profile

pfSense