/usr/local/www/vpn_ipsec_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_edit.php @ 587ea349

1	5b237745	Scott Ullrich	<?php
2			/*
3			vpn_ipsec_edit.php
4	e2411886	Scott Ullrich	part of m0n0wall (http://m0n0.ch/wall)
5	6b11069e	Scott Ullrich
6	e2411886	Scott Ullrich	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
7	cfc707f7	Scott Ullrich	All rights reserved.
8	6b11069e	Scott Ullrich
9	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11	6b11069e	Scott Ullrich
12	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14	6b11069e	Scott Ullrich
15	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18	6b11069e	Scott Ullrich
19	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30
31			require("guiconfig.inc");
32
33			if (!is_array($config['ipsec']['tunnel'])) {
34			$config['ipsec']['tunnel'] = array();
35			}
36			$a_ipsec = &$config['ipsec']['tunnel'];
37
38			$specialsrcdst = explode(" ", "lan");
39
40			$id = $_GET['id'];
41			if (isset($_POST['id']))
42			$id = $_POST['id'];
43	6b11069e	Scott Ullrich
44	05c90549	Seth Mos	if (isset($_GET['dup'])) {
45			$id = $_GET['dup'];
46			}
47
48	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id]) {
49			$pconfig['disabled'] = isset($a_ipsec[$id]['disabled']);
50	9f8018c2	Scott Ullrich	$pconfig['auto'] = isset($a_ipsec[$id]['auto']);
51	c8e8de6f	Scott Ullrich
52	5b237745	Scott Ullrich	if (!isset($a_ipsec[$id]['local-subnet']))
53			$pconfig['localnet'] = "lan";
54			else
55	94420171	Scott Ullrich	address_to_pconfig_vpn($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']);
56	6b11069e	Scott Ullrich
57	5b237745	Scott Ullrich	if ($a_ipsec[$id]['interface'])
58			$pconfig['interface'] = $a_ipsec[$id]['interface'];
59			else
60			$pconfig['interface'] = "wan";
61	6b11069e	Scott Ullrich
62	5b237745	Scott Ullrich	list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']);
63			$pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway'];
64			$pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode'];
65	6b11069e	Scott Ullrich
66	5b237745	Scott Ullrich	if (isset($a_ipsec[$id]['p1']['myident']['myaddress']))
67			$pconfig['p1myidentt'] = 'myaddress';
68			else if (isset($a_ipsec[$id]['p1']['myident']['address'])) {
69			$pconfig['p1myidentt'] = 'address';
70			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['address'];
71			} else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) {
72			$pconfig['p1myidentt'] = 'fqdn';
73			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn'];
74			} else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) {
75			$pconfig['p1myidentt'] = 'user_fqdn';
76			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
77	52e5d56a	Scott Ullrich	} else if (isset($a_ipsec[$id]['p1']['myident']['dyn_dns'])) {
78			$pconfig['p1myidentt'] = 'dyn_dns';
79			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['dyn_dns'];
80			}
81	6b11069e	Scott Ullrich
82	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
83			$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
84			$pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
85			$pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
86	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = $a_ipsec[$id]['p1']['authentication_method'];
87	5b237745	Scott Ullrich	$pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
88	e2411886	Scott Ullrich	$pconfig['p1cert'] = base64_decode($a_ipsec[$id]['p1']['cert']);
89			$pconfig['p1peercert'] = base64_decode($a_ipsec[$id]['p1']['peercert']);
90			$pconfig['p1privatekey'] = base64_decode($a_ipsec[$id]['p1']['private-key']);
91	5b237745	Scott Ullrich	$pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
92			$pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
93			$pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
94			$pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup'];
95			$pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime'];
96			$pconfig['descr'] = $a_ipsec[$id]['descr'];
97	c1f5a46b	Scott Ullrich	$pconfig['pinghost'] = $a_ipsec[$id]['pinghost'];
98	6b11069e	Scott Ullrich
99	5b237745	Scott Ullrich	} else {
100			/* defaults */
101			$pconfig['interface'] = "wan";
102			$pconfig['localnet'] = "lan";
103			$pconfig['p1mode'] = "aggressive";
104			$pconfig['p1myidentt'] = "myaddress";
105	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = "pre_shared_key";
106	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = "3des";
107			$pconfig['p1halgo'] = "sha1";
108			$pconfig['p1dhgroup'] = "2";
109			$pconfig['p2proto'] = "esp";
110	9aa4a9b1	Scott Ullrich	$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael,rijndael 256");
111	5b237745	Scott Ullrich	$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
112			$pconfig['p2pfsgroup'] = "0";
113	e2411886	Scott Ullrich	$pconfig['remotebits'] = 32;
114	5b237745	Scott Ullrich	}
115
116	05c90549	Seth Mos	if (isset($_GET['dup']))
117			unset($id);
118
119	5b237745	Scott Ullrich	if ($_POST) {
120			if (is_specialnet($_POST['localnettype'])) {
121			$_POST['localnet'] = $_POST['localnettype'];
122			$_POST['localnetmask'] = 0;
123			} else if ($_POST['localnettype'] == "single") {
124			$_POST['localnetmask'] = 32;
125			}
126	6b11069e	Scott Ullrich
127	5b237745	Scott Ullrich	unset($input_errors);
128			$pconfig = $_POST;
129
130			/* input validation */
131	e2411886	Scott Ullrich	if ($_POST['p1authentication_method'] == "pre_shared_key") {
132			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
133			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
134			}
135			else {
136			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p2ealgos p2halgos");
137	6b11069e	Scott Ullrich	$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,P2 Encryption Algorithms,P2 Hash Algorithms");
138	e2411886	Scott Ullrich	if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1cert'], "END CERTIFICATE"))
139			$input_errors[] = "This certificate does not appear to be valid.";
140			if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY"))
141	6b11069e	Scott Ullrich	$input_errors[] = "This key does not appear to be valid.";
142	e2411886	Scott Ullrich	if ($_POST['p1peercert']!="" && (!strstr($_POST['p1peercert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1peercert'], "END CERTIFICATE")))
143	6b11069e	Scott Ullrich	$input_errors[] = "This peer certificate does not appear to be valid.";
144	e2411886	Scott Ullrich	}
145	6b11069e	Scott Ullrich
146	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
147	6b11069e	Scott Ullrich
148	5b237745	Scott Ullrich	if (!is_specialnet($_POST['localnettype'])) {
149			if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) {
150			$input_errors[] = "A valid local network IP address must be specified.";
151			}
152			if (($_POST['localnetmask'] && !is_numeric($_POST['localnetmask']))) {
153			$input_errors[] = "A valid local network bit count must be specified.";
154			}
155			}
156			if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
157			$input_errors[] = "The P1 lifetime must be an integer.";
158			}
159			if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
160			$input_errors[] = "The P2 lifetime must be an integer.";
161			}
162	e2411886	Scott Ullrich	if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) \|\| ($_POST['remotebits'] < 0) \|\| ($_POST['remotebits'] > 32))) {
163	48cd5211	Scott Ullrich	if(!$_POST['remotebits'] == "0.0.0.0")
164	9f414c69	Scott Ullrich	$input_errors[] = "The remote network bits are invalid.";
165	5b237745	Scott Ullrich	}
166	b03bca86	Scott Ullrich	if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet'])) or $_POST['remotenet'] == "0.0.0.0") {
167	6aadbe0a	Scott Ullrich	/* allow 0.0.0.0 remote net usage */
168	6b11069e	Scott Ullrich	if($_POST['remotenet'] <> "0.0.0.0")
169	5b237745	Scott Ullrich	$input_errors[] = "A valid remote network address must be specified.";
170			}
171			if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) {
172	6b11069e	Scott Ullrich	if(is_domain($_POST['remotegw']) == false)
173	e9e89a71	Scott Ullrich	$input_errors[] = "A valid remote gateway address must be specified.";
174	5b237745	Scott Ullrich	}
175			if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) {
176			$input_errors[] = "A valid IP address for 'My identifier' must be specified.";
177			}
178			if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
179			$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
180			}
181			if ($_POST['p1myidentt'] == "user_fqdn") {
182			$ufqdn = explode("@",$_POST['p1myident']);
183	6b11069e	Scott Ullrich	if (is_domain($ufqdn[1]) == false)
184	5b237745	Scott Ullrich	$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
185	6b11069e	Scott Ullrich	}
186	52e5d56a	Scott Ullrich	if ($_POST['p1myidentt'] == "dyn_dns") {
187	6b11069e	Scott Ullrich	if (is_domain($_POST['p1myidentt']) == false)
188	696ca934	Scott Ullrich	$input_errors[] = "A valid Dynamic DNS address for 'My identifier' must be specified.";
189	5b237745	Scott Ullrich	}
190	6b11069e	Scott Ullrich
191			if($_POST['p1myidentt'] == "fqdn" and $_POST['p1myident'] == "")
192			$input_errors[] = gettext("Please enter a domain name for 'My Identifier'");
193
194			if($_POST['p1myidentt'] == "dyn_dns" and $_POST['p1myident'] == "")
195			$input_errors[] = gettext("Please enter a domain name for 'My Identifier'");
196
197			if($_POST['p1myidentt'] == "address" and $_POST['p1myident'] == "")
198			$input_errors[] = gettext("Please enter a domain name for 'My Identifier'");
199
200			if($_POST['p1myidentt'] == "user_fqdn" and $_POST['p1myident'] == "")
201			$input_errors[] = gettext("Please enter a domain name for 'My Identifier'");
202
203	5b237745	Scott Ullrich	if ($_POST['p1myidentt'] == "myaddress")
204			$_POST['p1myident'] = "";
205
206			if (!$input_errors) {
207			$ipsecent['disabled'] = $_POST['disabled'] ? true : false;
208	c25a575f	Scott Ullrich	//$ipsecent['auto'] = $_POST['auto'] ? true : false;
209	5b237745	Scott Ullrich	$ipsecent['interface'] = $pconfig['interface'];
210			pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
211			$ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
212			$ipsecent['remote-gateway'] = $_POST['remotegw'];
213			$ipsecent['p1']['mode'] = $_POST['p1mode'];
214	6b11069e	Scott Ullrich
215	5b237745	Scott Ullrich	$ipsecent['p1']['myident'] = array();
216			switch ($_POST['p1myidentt']) {
217			case 'myaddress':
218			$ipsecent['p1']['myident']['myaddress'] = true;
219			break;
220			case 'address':
221			$ipsecent['p1']['myident']['address'] = $_POST['p1myident'];
222			break;
223			case 'fqdn':
224			$ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
225			break;
226			case 'user_fqdn':
227			$ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
228			break;
229	52e5d56a	Scott Ullrich	case 'dyn_dns':
230			$ipsecent['p1']['myident']['dyn_dns'] = $_POST['p1myident'];
231			break;
232	5b237745	Scott Ullrich	}
233	6b11069e	Scott Ullrich
234	5b237745	Scott Ullrich	$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
235			$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
236			$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
237			$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
238			$ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
239	e2411886	Scott Ullrich	$ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']);
240			$ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']);
241			$ipsecent['p1']['peercert'] = base64_encode($_POST['p1peercert']);
242			$ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method'];
243	5b237745	Scott Ullrich	$ipsecent['p2']['protocol'] = $_POST['p2proto'];
244			$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
245			$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
246			$ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
247			$ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
248			$ipsecent['descr'] = $_POST['descr'];
249	c1f5a46b	Scott Ullrich	$ipsecent['pinghost'] = $_POST['pinghost'];
250	6b11069e	Scott Ullrich
251	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id])
252			$a_ipsec[$id] = $ipsecent;
253			else
254			$a_ipsec[] = $ipsecent;
255	6b11069e	Scott Ullrich
256	5b237745	Scott Ullrich	write_config();
257			touch($d_ipsecconfdirty_path);
258	6b11069e	Scott Ullrich
259	5b237745	Scott Ullrich	header("Location: vpn_ipsec.php");
260			exit;
261			}
262			}
263	4df96eff	Scott Ullrich
264	b128368a	Bill Marquette	$pgtitle = "VPN: IPsec: Edit tunnel";
265	4df96eff	Scott Ullrich	include("head.inc");
266
267	5b237745	Scott Ullrich	?>
268	422f27c0	Scott Ullrich
269			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
270	e2411886	Scott Ullrich	<?php include("fbegin.inc"); ?>
271	b128368a	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
272	5b237745	Scott Ullrich	<script language="JavaScript">
273			<!--
274			function typesel_change() {
275			switch (document.iform.localnettype.selectedIndex) {
276			case 0: /* single */
277			document.iform.localnet.disabled = 0;
278			document.iform.localnetmask.value = "";
279			document.iform.localnetmask.disabled = 1;
280			break;
281			case 1: /* network */
282			document.iform.localnet.disabled = 0;
283			document.iform.localnetmask.disabled = 0;
284			break;
285			default:
286			document.iform.localnet.value = "";
287			document.iform.localnet.disabled = 1;
288			document.iform.localnetmask.value = "";
289			document.iform.localnetmask.disabled = 1;
290			break;
291			}
292			}
293	e2411886	Scott Ullrich	function methodsel_change() {
294			switch (document.iform.p1authentication_method.selectedIndex) {
295			case 1: /* rsa */
296			document.iform.p1pskey.disabled = 1;
297			document.iform.p1privatekey.disabled = 0;
298			document.iform.p1cert.disabled = 0;
299			document.iform.p1peercert.disabled = 0;
300			break;
301			default: /* pre-shared */
302			document.iform.p1pskey.disabled = 0;
303			document.iform.p1privatekey.disabled = 1;
304			document.iform.p1cert.disabled = 1;
305			document.iform.p1peercert.disabled = 1;
306			break;
307			}
308			}
309	5b237745	Scott Ullrich	//-->
310			</script>
311			<?php if ($input_errors) print_input_errors($input_errors); ?>
312			<form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
313			<table width="100%" border="0" cellpadding="6" cellspacing="0">
314	6b11069e	Scott Ullrich	<tr>
315	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Mode</td>
316			<td width="78%" class="vtable"> Tunnel</td>
317			</tr>
318	6b11069e	Scott Ullrich	<tr>
319	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Disabled</td>
320	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
321	5b237745	Scott Ullrich	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
322			<strong>Disable this tunnel</strong><br>
323			<span class="vexpl">Set this option to disable this tunnel without
324			removing it from the list.</span></td>
325			</tr>
326	87e72a58	Scott Ullrich	<tr>
327	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
328	e2411886	Scott Ullrich	<td width="78%" class="vtable"><select name="interface" class="formfld">
329	87e72a58	Scott Ullrich	<?php
330			$interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
331	5b237745	Scott Ullrich	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
332			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
333			}
334	87e72a58	Scott Ullrich	$carpips = find_number_of_needed_carp_interfaces();
335			for($i=0; $i<$carpips; $i++) {
336			$carpip = find_interface_ip("carp" . $i);
337	ad8af804	Scott Ullrich	$interfaces['carp' . $i] = "CARP{$i} ({$carpip})";
338	87e72a58	Scott Ullrich	}
339	5b237745	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
340	6b11069e	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
341	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
342			</option>
343			<?php endforeach; ?>
344			</select> <br>
345			<span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td>
346			</tr>
347	6b11069e	Scott Ullrich	<tr>
348	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local subnet</td>
349	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
350	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
351	6b11069e	Scott Ullrich	<tr>
352	5b237745	Scott Ullrich	<td>Type:  </td>
353	e2411886	Scott Ullrich	<td></td>
354	5b237745	Scott Ullrich	<td><select name="localnettype" class="formfld" onChange="typesel_change()">
355			<?php $sel = is_specialnet($pconfig['localnet']); ?>
356	6b11069e	Scott Ullrich	<option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
357	5b237745	Scott Ullrich	Single host</option>
358	6b11069e	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
359	5b237745	Scott Ullrich	Network</option>
360	6b11069e	Scott Ullrich	<option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
361	5b237745	Scott Ullrich	LAN subnet</option>
362			</select></td>
363			</tr>
364	6b11069e	Scott Ullrich	<tr>
365	5b237745	Scott Ullrich	<td>Address:  </td>
366	e2411886	Scott Ullrich	<td><?=$mandfldhtmlspc;?></td>
367	5b237745	Scott Ullrich	<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
368	6b11069e	Scott Ullrich	/
369	5b237745	Scott Ullrich	<select name="localnetmask" class="formfld" id="localnetmask">
370	e2411886	Scott Ullrich	<?php for ($i = 31; $i >= 0; $i--): ?>
371	5b237745	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
372			<?=$i;?>
373			</option>
374			<?php endfor; ?>
375			</select> </td>
376			</tr>
377			</table></td>
378			</tr>
379	6b11069e	Scott Ullrich	<tr>
380	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote subnet</td>
381	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
382	e2411886	Scott Ullrich	<?=$mandfldhtml;?><input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
383	6b11069e	Scott Ullrich	/
384	5b237745	Scott Ullrich	<select name="remotebits" class="formfld" id="remotebits">
385	e2411886	Scott Ullrich	<?php for ($i = 32; $i >= 0; $i--): ?>
386	6b11069e	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
387	5b237745	Scott Ullrich	<?=$i;?>
388			</option>
389			<?php endfor; ?>
390			</select></td>
391			</tr>
392	6b11069e	Scott Ullrich	<tr>
393	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote gateway</td>
394	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
395			<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
396	5b237745	Scott Ullrich	<br>
397			Enter the public IP address of the remote gateway</td>
398			</tr>
399	6b11069e	Scott Ullrich	<tr>
400	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
401	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
402			<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
403			<br> <span class="vexpl">You may enter a description here
404	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
405			</tr>
406	6b11069e	Scott Ullrich	<tr>
407	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
408			</tr>
409	6b11069e	Scott Ullrich	<tr>
410			<td colspan="2" valign="top" class="listtopic">Phase 1 proposal
411	5b237745	Scott Ullrich	(Authentication)</td>
412			</tr>
413	6b11069e	Scott Ullrich	<tr>
414	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
415			<td width="78%" class="vtable">
416	e2411886	Scott Ullrich	<select name="p1mode" class="formfld">
417	5b237745	Scott Ullrich	<?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
418	6b11069e	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
419	5b237745	Scott Ullrich	<?=htmlspecialchars($mode);?>
420			</option>
421			<?php endforeach; ?>
422	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">Aggressive is faster, but
423	5b237745	Scott Ullrich	less secure.</span></td>
424			</tr>
425	6b11069e	Scott Ullrich	<tr>
426	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">My identifier</td>
427			<td width="78%" class="vtable">
428	e2411886	Scott Ullrich	<select name="p1myidentt" class="formfld">
429	5b237745	Scott Ullrich	<?php foreach ($my_identifier_list as $mode => $modename): ?>
430	6b11069e	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
431	5b237745	Scott Ullrich	<?=htmlspecialchars($modename);?>
432			</option>
433			<?php endforeach; ?>
434	6b11069e	Scott Ullrich	</select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
435	5b237745	Scott Ullrich	</td>
436			</tr>
437	6b11069e	Scott Ullrich	<tr>
438	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
439			<td width="78%" class="vtable">
440	e2411886	Scott Ullrich	<select name="p1ealgo" class="formfld">
441	5b237745	Scott Ullrich	<?php foreach ($p1_ealgos as $algo => $algoname): ?>
442	6b11069e	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
443	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
444			</option>
445			<?php endforeach; ?>
446	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
447	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
448			</tr>
449	6b11069e	Scott Ullrich	<tr>
450	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
451			<td width="78%" class="vtable">
452	e2411886	Scott Ullrich	<select name="p1halgo" class="formfld">
453	5b237745	Scott Ullrich	<?php foreach ($p1_halgos as $algo => $algoname): ?>
454	6b11069e	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
455	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
456			</option>
457			<?php endforeach; ?>
458	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
459	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
460			</tr>
461	6b11069e	Scott Ullrich	<tr>
462	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">DH key group</td>
463			<td width="78%" class="vtable">
464	e2411886	Scott Ullrich	<select name="p1dhgroup" class="formfld">
465	5b237745	Scott Ullrich	<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
466	6b11069e	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
467	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroup);?>
468			</option>
469			<?php endforeach; ?>
470	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
471	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em><br>
472			Must match the setting chosen on the remote side. </span></td>
473			</tr>
474	6b11069e	Scott Ullrich	<tr>
475	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
476	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
477	5b237745	Scott Ullrich	<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
478			seconds</td>
479			</tr>
480	6b11069e	Scott Ullrich	<tr>
481	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Authentication method</td>
482	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
483	e2411886	Scott Ullrich	<select name="p1authentication_method" class="formfld" onChange="methodsel_change()">
484			<?php foreach ($p1_authentication_methods as $method => $methodname): ?>
485	6b11069e	Scott Ullrich	<option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>>
486	e2411886	Scott Ullrich	<?=htmlspecialchars($methodname);?>
487			</option>
488			<?php endforeach; ?>
489	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
490	e2411886	Scott Ullrich	chosen on the remote side.</span></td>
491			</tr>
492	6b11069e	Scott Ullrich	<tr>
493	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
494	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
495			<?=$mandfldhtml;?><input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
496	5b237745	Scott Ullrich	</td>
497			</tr>
498	6b11069e	Scott Ullrich	<tr>
499	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Certificate</td>
500	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
501	e2411886	Scott Ullrich	<textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea>
502	6b11069e	Scott Ullrich	<br>
503	e2411886	Scott Ullrich	Paste a certificate in X.509 PEM format here.</td>
504			</tr>
505	6b11069e	Scott Ullrich	<tr>
506	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Key</td>
507	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
508	e2411886	Scott Ullrich	<textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea>
509	6b11069e	Scott Ullrich	<br>
510	e2411886	Scott Ullrich	Paste an RSA private key in PEM format here.</td>
511			</tr>
512	6b11069e	Scott Ullrich	<tr>
513	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncell">Peer certificate</td>
514	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
515	e2411886	Scott Ullrich	<textarea name="p1peercert" cols="65" rows="7" id="p1peercert" class="formpre"><?=htmlspecialchars($pconfig['p1peercert']);?></textarea>
516	6b11069e	Scott Ullrich	<br>
517	e2411886	Scott Ullrich	Paste the peer X.509 certificate in PEM format here.<br>
518			Leave this blank if you want to use a CA certificate for identity validation.</td>
519			</tr>
520	6b11069e	Scott Ullrich	<tr>
521	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
522			</tr>
523	6b11069e	Scott Ullrich	<tr>
524			<td colspan="2" valign="top" class="listtopic">Phase 2 proposal
525	5b237745	Scott Ullrich	(SA/Key Exchange)</td>
526			</tr>
527	6b11069e	Scott Ullrich	<tr>
528	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
529			<td width="78%" class="vtable">
530	e2411886	Scott Ullrich	<select name="p2proto" class="formfld">
531	5b237745	Scott Ullrich	<?php foreach ($p2_protos as $proto => $protoname): ?>
532	6b11069e	Scott Ullrich	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
533	5b237745	Scott Ullrich	<?=htmlspecialchars($protoname);?>
534			</option>
535			<?php endforeach; ?>
536	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">ESP is encryption, AH is
537	5b237745	Scott Ullrich	authentication only </span></td>
538			</tr>
539	6b11069e	Scott Ullrich	<tr>
540	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
541	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
542	5b237745	Scott Ullrich	<?php foreach ($p2_ealgos as $algo => $algoname): ?>
543	6b11069e	Scott Ullrich	<input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
544	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
545	6b11069e	Scott Ullrich	<br>
546	5b237745	Scott Ullrich	<?php endforeach; ?>
547			<br>
548	6b11069e	Scott Ullrich	Hint: use 3DES for best compatibility or if you have a hardware
549			crypto accelerator card. Blowfish is usually the fastest in
550	5b237745	Scott Ullrich	software encryption. </td>
551			</tr>
552	6b11069e	Scott Ullrich	<tr>
553	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
554	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
555	5b237745	Scott Ullrich	<?php foreach ($p2_halgos as $algo => $algoname): ?>
556	6b11069e	Scott Ullrich	<input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
557	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
558	6b11069e	Scott Ullrich	<br>
559	5b237745	Scott Ullrich	<?php endforeach; ?>
560			</td>
561			</tr>
562	6b11069e	Scott Ullrich	<tr>
563	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">PFS key group</td>
564			<td width="78%" class="vtable">
565	e2411886	Scott Ullrich	<select name="p2pfsgroup" class="formfld">
566	5b237745	Scott Ullrich	<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
567	6b11069e	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
568	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroupname);?>
569			</option>
570			<?php endforeach; ?>
571	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
572	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em></span></td>
573			</tr>
574	6b11069e	Scott Ullrich	<tr>
575	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
576	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
577	5b237745	Scott Ullrich	<input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
578			seconds</td>
579			</tr>
580	6b11069e	Scott Ullrich	<tr>
581	c1f5a46b	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
582			</tr>
583	6b11069e	Scott Ullrich	<tr>
584	c1f5a46b	Scott Ullrich	<td colspan="2" valign="top" class="listtopic">Keep alive</td>
585			</tr>
586	6b11069e	Scott Ullrich	<tr>
587	c1f5a46b	Scott Ullrich	<td width="22%" valign="top" class="vncell">Automatically ping host</td>
588	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
589	5b6582a2	Seth Mos	<input name="pinghost" type="text" class="formfld" id="pinghost" size="20" value="<?=$pconfig['pinghost'];?>"> IP address</td>
590	6b11069e	Scott Ullrich	</tr>
591			<tr>
592	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
593	6b11069e	Scott Ullrich	<td width="78%">
594			<input name="Submit" type="submit" class="formbtn" value="Save">
595	5b237745	Scott Ullrich	<?php if (isset($id) && $a_ipsec[$id]): ?>
596	6b11069e	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
597	5b237745	Scott Ullrich	<?php endif; ?>
598			</td>
599			</tr>
600			</table>
601			</form>
602			<script language="JavaScript">
603			<!--
604			typesel_change();
605	e2411886	Scott Ullrich	methodsel_change();
606	5b237745	Scott Ullrich	//-->
607			</script>
608			<?php include("fend.inc"); ?>
609	94420171	Scott Ullrich
610
611			<?php
612
613			function address_to_pconfig_vpn($adr, &$padr, &$pmask) {
614
615			if ($adr['network'])
616			$padr = $adr['network'];
617			else if ($adr['address']) {
618			list($padr, $pmask) = explode("/", $adr['address']);
619			if (is_null($pmask))
620			$pmask = 32;
621			}
622			}
623
624	b128368a	Bill Marquette	?>

Project

General

Profile

pfSense