/usr/local/www/vpn_ipsec_phase2.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase2.php @ 5b42a459

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase2.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase2
34			##\|*NAME=VPN: IPsec: Edit Phase 2 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
36			##\|MATCH=vpn_ipsec_phase2.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44	3462a529	Matthew Grooms	if (!is_array($config['ipsec']['client']))
45			$config['ipsec']['client'] = array();
46
47			$a_client = &$config['ipsec']['client'];
48
49	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase2']))
50			$config['ipsec']['phase2'] = array();
51
52			$a_phase2 = &$config['ipsec']['phase2'];
53
54			$p2index = $_GET['p2index'];
55			if (isset($_POST['p2index']))
56			$p2index = $_POST['p2index'];
57
58			if (isset($_GET['dup']))
59			$p2index = $_GET['dup'];
60
61			if (isset($p2index) && $a_phase2[$p2index])
62			{
63			$pconfig['ikeid'] = $a_phase2[$p2index]['ikeid'];
64			$pconfig['disabled'] = isset($a_phase2[$p2index]['disabled']);
65	4b96b367	mgrooms	$pconfig['mode'] = $a_phase2[$p2index]['mode'];
66	a93e56c5	Matthew Grooms	$pconfig['descr'] = $a_phase2[$p2index]['descr'];
67	e92fb875	Seth Mos	$old_ph2ent = $a_phase2[$p2index];
68	a93e56c5	Matthew Grooms
69			idinfo_to_pconfig("local",$a_phase2[$p2index]['localid'],$pconfig);
70			idinfo_to_pconfig("remote",$a_phase2[$p2index]['remoteid'],$pconfig);
71
72			$pconfig['proto'] = $a_phase2[$p2index]['protocol'];
73			ealgos_to_pconfig($a_phase2[$p2index]['encryption-algorithm-option'],$pconfig);
74			$pconfig['halgos'] = $a_phase2[$p2index]['hash-algorithm-option'];
75			$pconfig['pfsgroup'] = $a_phase2[$p2index]['pfsgroup'];
76			$pconfig['lifetime'] = $a_phase2[$p2index]['lifetime'];
77	87e07f52	mgrooms	$pconfig['pinghost'] = $a_phase2[$p2index]['pinghost'];
78	3462a529	Matthew Grooms
79			if (isset($a_phase2[$p2index]['mobile']))
80			$pconfig['mobile'] = true;
81	a93e56c5	Matthew Grooms	}
82			else
83			{
84			$pconfig['ikeid'] = $_GET['ikeid'];
85
86			/* defaults */
87			$pconfig['localid_type'] = "lan";
88			$pconfig['remoteid_type'] = "network";
89			$pconfig['proto'] = "esp";
90			$pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes");
91			$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
92			$pconfig['pfsgroup'] = "0";
93			$pconfig['lifetime'] = "3600";
94	3462a529	Matthew Grooms
95			/* mobile client */
96			if($_GET['mobile'])
97			$pconfig['mobile']=true;
98	a93e56c5	Matthew Grooms	}
99
100			if (isset($_GET['dup']))
101			unset($p2index);
102
103			if ($_POST) {
104
105			unset($input_errors);
106			$pconfig = $_POST;
107
108			if (!isset( $_POST['ikeid']))
109	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid ikeid must be specified.");
110	a93e56c5	Matthew Grooms
111			/* input validation */
112	3462a529	Matthew Grooms	$reqdfields = explode(" ", "localid_type halgos");
113	123929e0	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Local network type"),gettext("P2 Hash Algorithms"));
114	3462a529	Matthew Grooms	if (!isset($pconfig['mobile'])){
115			$reqdfields[] = "remoteid_type";
116	123929e0	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote network type");
117	3462a529	Matthew Grooms	}
118	a93e56c5	Matthew Grooms
119			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
120
121	3795d067	Seth Mos	if(($pconfig['mode'] == "tunnel") \|\| ($pconfig['mode'] == "tunnel6"))
122	4b96b367	mgrooms	{
123			switch ($pconfig['localid_type']) {
124			case "network":
125	184d50b5	Ermal Lu?i	if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) \|\| !is_numeric($pconfig['localid_netbits']))
126	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network bit count must be specified.");
127	4b96b367	mgrooms	case "address":
128			if (!$pconfig['localid_address'] \|\| !is_ipaddr($pconfig['localid_address']))
129	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network IP address must be specified.");
130	4b96b367	mgrooms	break;
131			}
132	a93e56c5	Matthew Grooms
133	a5a483e0	jim-p	/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
134			if (is_array($config['interfaces'][$pconfig['localid_type']])) {
135			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
136			$address = get_interface_ip($pconfig['localid_type']);
137			$netbits = get_interface_subnet($pconfig['localid_type']);
138
139			if (empty($address) \|\| empty($netbits))
140			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
141			}
142
143	4b96b367	mgrooms	switch ($pconfig['remoteid_type']) {
144			case "network":
145	184d50b5	Ermal Lu?i	if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) \|\| !is_numeric($pconfig['remoteid_netbits']))
146	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network bit count must be specified.");
147	4b96b367	mgrooms	case "address":
148			if (!$pconfig['remoteid_address'] \|\| !is_ipaddr($pconfig['remoteid_address']))
149	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network IP address must be specified.");
150	4b96b367	mgrooms	break;
151			}
152	a93e56c5	Matthew Grooms	}
153	538b6eb3	Evgeny Yurchenko	/* Validate enabled phase2's are not duplicates */
154	061f28bf	Evgeny Yurchenko	if (isset($pconfig['mobile'])){
155	538b6eb3	Evgeny Yurchenko	/* User is adding phase 2 for mobile phase1 */
156	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
157	061f28bf	Evgeny Yurchenko	if (isset($name['mobile'])){
158			/* check duplicate localids only for mobile clents */
159	3da5c50d	Evgeny Yurchenko	$localid_data = ipsec_idinfo_to_cidr($name['localid']);
160			$entered = array();
161			$entered['type'] = $pconfig['localid_type'];
162			if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
163			if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
164			$entered_localid_data = ipsec_idinfo_to_cidr($entered);
165	b717f1bc	Evgeny Yurchenko	if ($localid_data == $entered_localid_data){
166			if (!isset($pconfig['p2index'])){
167			/* adding new p2 entry */
168			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
169			break;
170			}else if ($pconfig['p2index'] != $key){
171			/* editing p2 and entered p2 networks match with different p2 for given p1 */
172			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
173			break;
174	061f28bf	Evgeny Yurchenko	}
175			}
176			}
177			}
178	538b6eb3	Evgeny Yurchenko	}else{
179			/* User is adding phase 2 for site-to-site phase1 */
180			$input_error = 0;
181	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
182	538b6eb3	Evgeny Yurchenko	if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){
183			/* check duplicate subnets only for given phase1 */
184	3da5c50d	Evgeny Yurchenko	$localid_data = ipsec_idinfo_to_cidr($name['localid']);
185			$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid']);
186			$entered_local = array();
187			$entered_local['type'] = $pconfig['localid_type'];
188			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
189			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
190			$entered_localid_data = ipsec_idinfo_to_cidr($entered_local);
191			$entered_remote = array();
192			$entered_remote['type'] = $pconfig['remoteid_type'];
193			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
194			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
195			$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote);
196			if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
197	b717f1bc	Evgeny Yurchenko	if (!isset($pconfig['p2index'])){
198			/* adding new p2 entry */
199			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
200			break;
201			}else if ($pconfig['p2index'] != $key){
202			/* editing p2 and entered p2 networks match with different p2 for given p1 */
203			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
204			break;
205	538b6eb3	Evgeny Yurchenko	}
206			}
207			}
208			}
209			}
210	3462a529	Matthew Grooms
211	b20a5cdb	Pierre POMES	/* For ESP protocol, handle encryption algorithms */
212			if ( $pconfig['proto'] == "esp") {
213			$ealgos = pconfig_to_ealgos($pconfig);
214
215			if (!count($ealgos)) {
216			$input_errors[] = gettext("At least one encryption algorithm must be selected.");
217			}
218	a93e56c5	Matthew Grooms	}
219			if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
220	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("The P2 lifetime must be an integer.");
221	a93e56c5	Matthew Grooms	}
222
223			if (!$input_errors) {
224	3462a529	Matthew Grooms
225			$ph2ent['ikeid'] = $pconfig['ikeid'];
226	4b96b367	mgrooms	$ph2ent['mode'] = $pconfig['mode'];
227	3462a529	Matthew Grooms	$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
228
229	3795d067	Seth Mos	if(($ph2ent['mode'] == "tunnel") \|\| ($ph2ent['mode'] == "tunnel6")){
230	4b96b367	mgrooms	$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
231			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
232			}
233	3462a529	Matthew Grooms
234			$ph2ent['protocol'] = $pconfig['proto'];
235	a93e56c5	Matthew Grooms	$ph2ent['encryption-algorithm-option'] = $ealgos;
236	3462a529	Matthew Grooms	$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
237			$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
238			$ph2ent['lifetime'] = $pconfig['lifetime'];
239	87e07f52	mgrooms	$ph2ent['pinghost'] = $pconfig['pinghost'];
240	3462a529	Matthew Grooms	$ph2ent['descr'] = $pconfig['descr'];
241
242			if (isset($pconfig['mobile']))
243			$ph2ent['mobile'] = true;
244	a93e56c5	Matthew Grooms
245			if (isset($p2index) && $a_phase2[$p2index])
246			$a_phase2[$p2index] = $ph2ent;
247			else
248			$a_phase2[] = $ph2ent;
249
250	e92fb875	Seth Mos
251			/* now we need to find all phase2 entries for this host */
252			if(is_array($ph2ent)) {
253			ipsec_lookup_phase1($ph2ent, $ph1ent);
254			$old_ph1ent = $ph1ent;
255	563b47bf	smos	$old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']);
256	e92fb875	Seth Mos	reload_tunnel_spd_policy ($ph1ent, $ph2ent, $old_ph1ent, $old_ph2ent);
257			}
258
259	a93e56c5	Matthew Grooms	write_config();
260	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
261	a93e56c5	Matthew Grooms
262			header("Location: vpn_ipsec.php");
263			exit;
264			}
265			}
266
267	3462a529	Matthew Grooms	if ($pconfig['mobile'])
268	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
269	3462a529	Matthew Grooms	else
270	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
271	b32dd0a6	jim-p	$shortcut_section = "ipsec";
272	6deedfde	jim-p
273	3462a529	Matthew Grooms
274	a93e56c5	Matthew Grooms	include("head.inc");
275
276			?>
277
278			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
279	6255beda	Darren Embry	<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
280	a93e56c5	Matthew Grooms	<?php include("fbegin.inc"); ?>
281			<script language="JavaScript">
282			<!--
283	4b96b367	mgrooms
284			function change_mode() {
285			index = document.iform.mode.selectedIndex;
286			value = document.iform.mode.options[index].value;
287	3795d067	Seth Mos	if ((value == 'tunnel') \|\| (value == 'tunnel6')) {
288	4b96b367	mgrooms	document.getElementById('opt_localid').style.display = '';
289	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
290	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = '';
291	71880c96	pierrepomes	<?php endif; ?>
292	4b96b367	mgrooms	} else {
293			document.getElementById('opt_localid').style.display = 'none';
294	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
295	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = 'none';
296	71880c96	pierrepomes	<?php endif; ?>
297	4b96b367	mgrooms	}
298			}
299
300	a93e56c5	Matthew Grooms	function typesel_change_local(bits) {
301	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
302			if (typeof(bits) === "undefined") {
303			if (value === "tunnel") {
304			bits = 24;
305			}
306			else if (value === "tunnel6") {
307			bits = 64;
308			}
309			}
310			var address_is_blank = !/\S/.test(document.iform.localid_address.value);
311	a93e56c5	Matthew Grooms	switch (document.iform.localid_type.selectedIndex) {
312			case 0: /* single */
313			document.iform.localid_address.disabled = 0;
314	c2feff64	Darren Embry	if (address_is_blank) {
315			document.iform.localid_netbits.value = 0;
316			}
317	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
318			break;
319			case 1: /* network */
320			document.iform.localid_address.disabled = 0;
321	c2feff64	Darren Embry	if (address_is_blank) {
322			document.iform.localid_netbits.value = bits;
323			}
324	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 0;
325			break;
326	63017a73	Ermal Lu?i	case 3: /* none */
327			document.iform.localid_address.disabled = 1;
328			document.iform.localid_netbits.disabled = 1;
329			break;
330	a93e56c5	Matthew Grooms	default:
331			document.iform.localid_address.value = "";
332			document.iform.localid_address.disabled = 1;
333	c2feff64	Darren Embry	if (address_is_blank) {
334			document.iform.localid_netbits.value = 0;
335			}
336	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
337			break;
338			}
339			}
340	3462a529	Matthew Grooms
341	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
342	3462a529	Matthew Grooms
343	a93e56c5	Matthew Grooms	function typesel_change_remote(bits) {
344	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
345			if (typeof(bits) === "undefined") {
346			if (value === "tunnel") {
347			bits = 24;
348			}
349			else if (value === "tunnel6") {
350			bits = 64;
351			}
352			}
353			var address_is_blank = !/\S/.test(document.iform.remoteid_address.value);
354	a93e56c5	Matthew Grooms	switch (document.iform.remoteid_type.selectedIndex) {
355			case 0: /* single */
356			document.iform.remoteid_address.disabled = 0;
357	c2feff64	Darren Embry	if (address_is_blank) {
358			document.iform.remoteid_netbits.value = 0;
359			}
360	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
361			break;
362			case 1: /* network */
363			document.iform.remoteid_address.disabled = 0;
364	c2feff64	Darren Embry	if (address_is_blank) {
365			document.iform.remoteid_netbits.value = bits;
366			}
367	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 0;
368			break;
369			default:
370			document.iform.remoteid_address.value = "";
371			document.iform.remoteid_address.disabled = 1;
372	c2feff64	Darren Embry	if (address_is_blank) {
373			document.iform.remoteid_netbits.value = 0;
374			}
375	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
376			break;
377			}
378			}
379	3462a529	Matthew Grooms
380			<?php endif; ?>
381
382	4b96b367	mgrooms	function change_protocol() {
383	87e07f52	mgrooms	index = document.iform.proto.selectedIndex;
384			value = document.iform.proto.options[index].value;
385			if (value == 'esp')
386			document.getElementById('opt_enc').style.display = '';
387			else
388			document.getElementById('opt_enc').style.display = 'none';
389			}
390
391	a93e56c5	Matthew Grooms	//-->
392			</script>
393	5a3b0d3b	mgrooms
394			<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
395
396			<?php
397			if ($input_errors)
398			print_input_errors($input_errors);
399			?>
400
401			<table width="100%" border="0" cellpadding="0" cellspacing="0">
402			<tr class="tabnavtbl">
403			<td id="tabnav">
404			<?php
405			$tab_array = array();
406	123929e0	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
407			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
408			$tab_array[2] = array(gettext("Pre-shared keys"), false, "vpn_ipsec_keys.php");
409	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
410			?>
411			</td>
412			</tr>
413			<tr>
414			<td id="mainarea">
415			<div class="tabcont">
416			<table width="100%" border="0" cellpadding="6" cellspacing="0">
417			<tr>
418	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
419	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
420			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
421	123929e0	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase2 entry"); ?></strong>
422	5a3b0d3b	mgrooms	<br>
423	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
424			"removing it from the list"); ?>.
425	5a3b0d3b	mgrooms	</span>
426			</td>
427			</tr>
428			<tr>
429	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
430	4b96b367	mgrooms	<td width="78%" class="vtable">
431			<select name="mode" class="formselect" onChange="change_mode()">
432			<?php
433			foreach($p2_modes as $name => $value):
434			$selected = "";
435			if ($name == $pconfig['mode'])
436			$selected = "selected";
437			?>
438			<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
439			<?php endforeach; ?>
440			</select>
441			</td>
442			</tr>
443			<tr id="opt_localid">
444	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
445	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
446			<table border="0" cellspacing="0" cellpadding="0">
447			<tr>
448	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
449	5a3b0d3b	mgrooms	<td></td>
450			<td>
451			<select name="localid_type" class="formselect" onChange="typesel_change_local()">
452	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected";?>><?=gettext("Address"); ?></option>
453			<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected";?>><?=gettext("Network"); ?></option>
454	d48dbceb	Erik Fonnesbeck	<?php
455			$iflist = get_configured_interface_with_descr();
456			foreach ($iflist as $ifname => $ifdescr):
457			?>
458			<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
459			<?php endforeach; ?>
460	123929e0	Carlos Eduardo Ramos	<option value="none" <?php if ($pconfig['localid_type'] == "none" ) echo "selected";?>><?=gettext("None"); ?></option>
461	5a3b0d3b	mgrooms	</select>
462			</td>
463			</tr>
464			<tr>
465	11c160b0	Rafael Lucas	<td><?=gettext("Address:");?>  </td>
466	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
467			<td>
468	6255beda	Darren Embry	<input name="localid_address" type="text" class="formfld unknown ipv4v6" id="localid_address" size="28" value="<?=htmlspecialchars($pconfig['localid_address']);?>">
469	5a3b0d3b	mgrooms	/
470	6255beda	Darren Embry	<select name="localid_netbits" class="formselect ipv4v6" id="localid_netbits">
471	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--): ?>
472	6255beda	Darren Embry	<option value="<?=$i;?>" <?php if (isset($pconfig['localid_netbits']) && $i == $pconfig['localid_netbits']) echo "selected"; ?>>
473	5a3b0d3b	mgrooms	<?=$i;?>
474			</option>
475			<?php endfor; ?>
476			</select>
477			</td>
478			</tr>
479			</table>
480			</td>
481			</tr>
482
483			<?php if (!isset($pconfig['mobile'])): ?>
484
485	4b96b367	mgrooms	<tr id="opt_remoteid">
486	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
487	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
488			<table border="0" cellspacing="0" cellpadding="0">
489			<tr>
490	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
491	5a3b0d3b	mgrooms	<td></td>
492			<td>
493			<select name="remoteid_type" class="formselect" onChange="typesel_change_remote()">
494	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected"; ?>><?=gettext("Address"); ?></option>
495			<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected"; ?>><?=gettext("Network"); ?></option>
496	5a3b0d3b	mgrooms	</select>
497			</td>
498			</tr>
499			<tr>
500	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Address"); ?>:  </td>
501	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
502			<td>
503	6255beda	Darren Embry	<input name="remoteid_address" type="text" class="formfld unknown ipv4v6" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>">
504	5a3b0d3b	mgrooms	/
505	6255beda	Darren Embry	<select name="remoteid_netbits" class="formselect ipv4v6" id="remoteid_netbits">
506	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--) {
507	184d50b5	Ermal Lu?i
508			echo "<option value=\"{$i}\"";
509	6255beda	Darren Embry	if (isset($pconfig['remoteid_netbits']) && $i == $pconfig['remoteid_netbits']) echo " selected";
510	184d50b5	Ermal Lu?i	echo ">{$i}</option>\n";
511			} ?>
512	5a3b0d3b	mgrooms	</select>
513			</td>
514			</tr>
515			</table>
516	a93e56c5	Matthew Grooms	</td>
517	5a3b0d3b	mgrooms	</tr>
518
519	3462a529	Matthew Grooms	<?php endif; ?>
520	5a3b0d3b	mgrooms
521			<tr>
522	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
523	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
524			<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
525			<br>
526			<span class="vexpl">
527	123929e0	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
528			"for your reference (not parsed)"); ?>.
529	5a3b0d3b	mgrooms	</span>
530			</td>
531			</tr>
532			<tr>
533			<td colspan="2" class="list" height="12"></td>
534			</tr>
535			<tr>
536			<td colspan="2" valign="top" class="listtopic">
537	123929e0	Carlos Eduardo Ramos	<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
538	5a3b0d3b	mgrooms	</td>
539			</tr>
540			<tr>
541	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
542	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
543	4b96b367	mgrooms	<select name="proto" class="formselect" onChange="change_protocol()">
544	5a3b0d3b	mgrooms	<?php foreach ($p2_protos as $proto => $protoname): ?>
545			<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected"; ?>>
546			<?=htmlspecialchars($protoname);?>
547			</option>
548			<?php endforeach; ?>
549			</select>
550			<br>
551			<span class="vexpl">
552	123929e0	Carlos Eduardo Ramos	<?=gettext("ESP is encryption, AH is authentication only"); ?>
553	5a3b0d3b	mgrooms	</span>
554			</td>
555			</tr>
556	87e07f52	mgrooms	<tr id="opt_enc">
557	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
558	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
559			<table border="0" cellspacing="0" cellpadding="0">
560			<?php
561			foreach ($p2_ealgos as $algo => $algodata):
562			$checked = '';
563	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos']) && in_array($algo,$pconfig['ealgos']))
564	5a3b0d3b	mgrooms	$checked = " checked";
565			?>
566			<tr>
567			<td>
568			<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?>>
569			</td>
570			<td>
571			<?=htmlspecialchars($algodata['name']);?>
572			</td>
573			<td>
574			<?php if(is_array($algodata['keysel'])): ?>
575
576			<select name="keylen_<?=$algo;?>" class="formselect">
577	123929e0	Carlos Eduardo Ramos	<option value="auto"><?=gettext("auto"); ?></option>
578	5a3b0d3b	mgrooms	<?php
579			$key_hi = $algodata['keysel']['hi'];
580			$key_lo = $algodata['keysel']['lo'];
581			$key_step = $algodata['keysel']['step'];
582			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
583			$selected = '';
584			// if ($checked && in_array("keylen_".$algo,$pconfig))
585			if ($keylen == $pconfig["keylen_".$algo])
586			$selected = " selected";
587			?>
588	123929e0	Carlos Eduardo Ramos	<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
589	5a3b0d3b	mgrooms	<?php endfor; ?>
590			</select>
591			<?php endif; ?>
592			</td>
593			</tr>
594
595			<?php endforeach; ?>
596
597			</table>
598			<br>
599	123929e0	Carlos Eduardo Ramos	<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
600			"crypto accelerator card. Blowfish is usually the fastest in " .
601			"software encryption"); ?>.
602	5a3b0d3b	mgrooms	</td>
603			</tr>
604			<tr>
605	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
606	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
607			<?php foreach ($p2_halgos as $algo => $algoname): ?>
608			<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked"; ?>>
609			<?=htmlspecialchars($algoname);?>
610			<br>
611			<?php endforeach; ?>
612			</td>
613			</tr>
614			<tr>
615	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
616	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
617			<?php if (!isset($pconfig['mobile']) \|\| !isset($a_client['pfs_group'])): ?>
618			<select name="pfsgroup" class="formselect">
619			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
620			<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected"; ?>>
621			<?=htmlspecialchars($keygroupname);?>
622			</option>
623			<?php endforeach; ?>
624			</select>
625			<br>
626			<?php else: ?>
627
628			<select class="formselect" disabled>
629			<option selected><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
630			</select>
631	dd5bf424	Scott Ullrich	<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>">
632	5a3b0d3b	mgrooms	<br>
633	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
634	5a3b0d3b	mgrooms	<?php endif; ?>
635			</td>
636			</tr>
637			<tr>
638	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
639	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
640	dd5bf424	Scott Ullrich	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>">
641	123929e0	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
642	5a3b0d3b	mgrooms	</td>
643			</tr>
644	87e07f52	mgrooms	<tr>
645			<td colspan="2" class="list" height="12"></td>
646			</tr>
647			<tr>
648	123929e0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
649	87e07f52	mgrooms	</tr>
650			<tr>
651	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
652	87e07f52	mgrooms	<td width="78%" class="vtable">
653	c271c485	Seth Mos	<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="28" value="<?=htmlspecialchars($pconfig['pinghost']);?>">
654	123929e0	Carlos Eduardo Ramos	<?=gettext("IP address"); ?>
655	87e07f52	mgrooms	</td>
656			</tr>
657	5a3b0d3b	mgrooms	<tr>
658			<td width="22%" valign="top"> </td>
659			<td width="78%">
660			<?php if (isset($p2index) && $a_phase2[$p2index]): ?>
661			<input name="p2index" type="hidden" value="<?=$p2index;?>">
662			<?php endif; ?>
663			<?php if ($pconfig['mobile']): ?>
664			<input name="mobile" type="hidden" value="true">
665			<input name="remoteid_type" type="hidden" value="mobile">
666			<?php endif; ?>
667	123929e0	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
668	dd5bf424	Scott Ullrich	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>">
669	5a3b0d3b	mgrooms	</td>
670			</tr>
671			</table>
672			</div>
673			</td>
674			</tr>
675			</table>
676	a93e56c5	Matthew Grooms	</form>
677			<script lannguage="JavaScript">
678			<!--
679	dd5bf424	Scott Ullrich	change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
680			change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
681			typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
682	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
683	dd5bf424	Scott Ullrich	typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
684	71880c96	pierrepomes	<?php endif; ?>
685	a93e56c5	Matthew Grooms	//-->
686			</script>
687			<?php include("fend.inc"); ?>
688	3462a529	Matthew Grooms	</body>
689			</html>
690	a93e56c5	Matthew Grooms
691			<?php
692
693	3462a529	Matthew Grooms	/* local utility functions */
694
695	a93e56c5	Matthew Grooms	function pconfig_to_ealgos(& $pconfig) {
696
697			global $p2_ealgos;
698
699			$ealgos = array();
700	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos'])) {
701			foreach ($p2_ealgos as $algo_name => $algo_data) {
702			if (in_array($algo_name,$pconfig['ealgos'])) {
703			$ealg = array();
704			$ealg['name'] = $algo_name;
705			if (is_array($algo_data['keysel']))
706			$ealg['keylen'] = $_POST["keylen_".$algo_name];
707			$ealgos[] = $ealg;
708			}
709	a93e56c5	Matthew Grooms	}
710			}
711
712			return $ealgos;
713			}
714
715			function ealgos_to_pconfig(& $ealgos,& $pconfig) {
716
717			$pconfig['ealgos'] = array();
718			foreach ($ealgos as $algo_data) {
719			$pconfig['ealgos'][] = $algo_data['name'];
720			if (isset($algo_data['keylen']))
721			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
722			}
723
724			return $ealgos;
725			}
726
727			function pconfig_to_idinfo($prefix,& $pconfig) {
728
729			$type = $pconfig[$prefix."id_type"];
730			$address = $pconfig[$prefix."id_address"];
731			$netbits = $pconfig[$prefix."id_netbits"];
732
733			switch( $type )
734			{
735			case "address":
736			return array('type' => $type, 'address' => $address);
737			case "network":
738			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
739			default:
740			return array('type' => $type );
741			}
742			}
743
744			function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
745
746			switch( $idinfo['type'] )
747			{
748			case "address":
749			$pconfig[$prefix."id_type"] = $idinfo['type'];
750			$pconfig[$prefix."id_address"] = $idinfo['address'];
751			break;
752			case "network":
753			$pconfig[$prefix."id_type"] = $idinfo['type'];
754			$pconfig[$prefix."id_address"] = $idinfo['address'];
755			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
756			break;
757			default:
758			$pconfig[$prefix."id_type"] = $idinfo['type'];
759			break;
760			}
761			}
762
763			?>

Project

General

Profile

pfSense