/usr/local/www/vpn_ipsec_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_edit.php @ 6e52f644

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2			<?php
3			/*
4			vpn_ipsec_edit.php
5	e2411886	Scott Ullrich	part of m0n0wall (http://m0n0.ch/wall)
6
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8	cfc707f7	Scott Ullrich	All rights reserved.
9	e2411886	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	e2411886	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	e2411886	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	e2411886	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32			require("guiconfig.inc");
33
34			if (!is_array($config['ipsec']['tunnel'])) {
35			$config['ipsec']['tunnel'] = array();
36			}
37			$a_ipsec = &$config['ipsec']['tunnel'];
38
39			$specialsrcdst = explode(" ", "lan");
40
41			$id = $_GET['id'];
42			if (isset($_POST['id']))
43			$id = $_POST['id'];
44	e2411886	Scott Ullrich
45	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id]) {
46			$pconfig['disabled'] = isset($a_ipsec[$id]['disabled']);
47	9f8018c2	Scott Ullrich	$pconfig['auto'] = isset($a_ipsec[$id]['auto']);
48	c8e8de6f	Scott Ullrich
49	5b237745	Scott Ullrich	if (!isset($a_ipsec[$id]['local-subnet']))
50			$pconfig['localnet'] = "lan";
51			else
52	94420171	Scott Ullrich	address_to_pconfig_vpn($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']);
53	e2411886	Scott Ullrich
54	5b237745	Scott Ullrich	if ($a_ipsec[$id]['interface'])
55			$pconfig['interface'] = $a_ipsec[$id]['interface'];
56			else
57			$pconfig['interface'] = "wan";
58	e2411886	Scott Ullrich
59	5b237745	Scott Ullrich	list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']);
60			$pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway'];
61			$pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode'];
62	e2411886	Scott Ullrich
63	5b237745	Scott Ullrich	if (isset($a_ipsec[$id]['p1']['myident']['myaddress']))
64			$pconfig['p1myidentt'] = 'myaddress';
65			else if (isset($a_ipsec[$id]['p1']['myident']['address'])) {
66			$pconfig['p1myidentt'] = 'address';
67			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['address'];
68			} else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) {
69			$pconfig['p1myidentt'] = 'fqdn';
70			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn'];
71			} else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) {
72			$pconfig['p1myidentt'] = 'user_fqdn';
73			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
74	52e5d56a	Scott Ullrich	} else if (isset($a_ipsec[$id]['p1']['myident']['dyn_dns'])) {
75			$pconfig['p1myidentt'] = 'dyn_dns';
76			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['dyn_dns'];
77			}
78	e2411886	Scott Ullrich
79	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
80			$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
81			$pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
82			$pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
83	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = $a_ipsec[$id]['p1']['authentication_method'];
84	5b237745	Scott Ullrich	$pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
85	e2411886	Scott Ullrich	$pconfig['p1cert'] = base64_decode($a_ipsec[$id]['p1']['cert']);
86			$pconfig['p1peercert'] = base64_decode($a_ipsec[$id]['p1']['peercert']);
87			$pconfig['p1privatekey'] = base64_decode($a_ipsec[$id]['p1']['private-key']);
88	5b237745	Scott Ullrich	$pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
89			$pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
90			$pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
91			$pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup'];
92			$pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime'];
93			$pconfig['descr'] = $a_ipsec[$id]['descr'];
94	e2411886	Scott Ullrich
95	5b237745	Scott Ullrich	} else {
96			/* defaults */
97			$pconfig['interface'] = "wan";
98			$pconfig['localnet'] = "lan";
99			$pconfig['p1mode'] = "aggressive";
100			$pconfig['p1myidentt'] = "myaddress";
101	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = "pre_shared_key";
102	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = "3des";
103			$pconfig['p1halgo'] = "sha1";
104			$pconfig['p1dhgroup'] = "2";
105			$pconfig['p2proto'] = "esp";
106			$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael");
107			$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
108			$pconfig['p2pfsgroup'] = "0";
109	e2411886	Scott Ullrich	$pconfig['remotebits'] = 32;
110	5b237745	Scott Ullrich	}
111
112			if ($_POST) {
113			if (is_specialnet($_POST['localnettype'])) {
114			$_POST['localnet'] = $_POST['localnettype'];
115			$_POST['localnetmask'] = 0;
116			} else if ($_POST['localnettype'] == "single") {
117			$_POST['localnetmask'] = 32;
118			}
119	e2411886	Scott Ullrich
120	5b237745	Scott Ullrich	unset($input_errors);
121			$pconfig = $_POST;
122
123			/* input validation */
124	e2411886	Scott Ullrich	if ($_POST['p1authentication_method'] == "pre_shared_key") {
125			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
126			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
127			}
128			else {
129			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p2ealgos p2halgos");
130			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,P2 Encryption Algorithms,P2 Hash Algorithms");
131			if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1cert'], "END CERTIFICATE"))
132			$input_errors[] = "This certificate does not appear to be valid.";
133			if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY"))
134			$input_errors[] = "This key does not appear to be valid.";
135			if ($_POST['p1peercert']!="" && (!strstr($_POST['p1peercert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1peercert'], "END CERTIFICATE")))
136			$input_errors[] = "This peer certificate does not appear to be valid.";
137			}
138
139	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
140	e2411886	Scott Ullrich
141	5b237745	Scott Ullrich	if (!is_specialnet($_POST['localnettype'])) {
142			if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) {
143			$input_errors[] = "A valid local network IP address must be specified.";
144			}
145			if (($_POST['localnetmask'] && !is_numeric($_POST['localnetmask']))) {
146			$input_errors[] = "A valid local network bit count must be specified.";
147			}
148			}
149			if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
150			$input_errors[] = "The P1 lifetime must be an integer.";
151			}
152			if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
153			$input_errors[] = "The P2 lifetime must be an integer.";
154			}
155	e2411886	Scott Ullrich	if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) \|\| ($_POST['remotebits'] < 0) \|\| ($_POST['remotebits'] > 32))) {
156	9f414c69	Scott Ullrich	if(!$_POST['remotenet'] == "0.0.0.0")
157			$input_errors[] = "The remote network bits are invalid.";
158	5b237745	Scott Ullrich	}
159	b03bca86	Scott Ullrich	if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet'])) or $_POST['remotenet'] == "0.0.0.0") {
160	5b237745	Scott Ullrich	$input_errors[] = "A valid remote network address must be specified.";
161			}
162			if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) {
163	696ca934	Scott Ullrich	if(is_domain($_POST['remotegw']) == false)
164	e9e89a71	Scott Ullrich	$input_errors[] = "A valid remote gateway address must be specified.";
165	5b237745	Scott Ullrich	}
166			if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) {
167			$input_errors[] = "A valid IP address for 'My identifier' must be specified.";
168			}
169			if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
170			$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
171			}
172			if ($_POST['p1myidentt'] == "user_fqdn") {
173			$ufqdn = explode("@",$_POST['p1myident']);
174	696ca934	Scott Ullrich	if (is_domain($ufqdn[1]) == false)
175	5b237745	Scott Ullrich	$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
176	52e5d56a	Scott Ullrich	}
177			if ($_POST['p1myidentt'] == "dyn_dns") {
178			$dyn_dns = explode("@",$_POST['p1myident']);
179	696ca934	Scott Ullrich	if (is_domain($dyn_dns[1]) == false)
180			$input_errors[] = "A valid Dynamic DNS address for 'My identifier' must be specified.";
181	5b237745	Scott Ullrich	}
182	e2411886	Scott Ullrich
183	5b237745	Scott Ullrich	if ($_POST['p1myidentt'] == "myaddress")
184			$_POST['p1myident'] = "";
185
186			if (!$input_errors) {
187			$ipsecent['disabled'] = $_POST['disabled'] ? true : false;
188	9f8018c2	Scott Ullrich	$ipsecent['auto'] = $_POST['auto'] ? true : false;
189	5b237745	Scott Ullrich	$ipsecent['interface'] = $pconfig['interface'];
190			pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
191			$ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
192			$ipsecent['remote-gateway'] = $_POST['remotegw'];
193			$ipsecent['p1']['mode'] = $_POST['p1mode'];
194	e2411886	Scott Ullrich
195	5b237745	Scott Ullrich	$ipsecent['p1']['myident'] = array();
196			switch ($_POST['p1myidentt']) {
197			case 'myaddress':
198			$ipsecent['p1']['myident']['myaddress'] = true;
199			break;
200			case 'address':
201			$ipsecent['p1']['myident']['address'] = $_POST['p1myident'];
202			break;
203			case 'fqdn':
204			$ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
205			break;
206			case 'user_fqdn':
207			$ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
208			break;
209	52e5d56a	Scott Ullrich	case 'dyn_dns':
210			$ipsecent['p1']['myident']['dyn_dns'] = $_POST['p1myident'];
211			break;
212	5b237745	Scott Ullrich	}
213	e2411886	Scott Ullrich
214	5b237745	Scott Ullrich	$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
215			$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
216			$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
217			$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
218			$ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
219	e2411886	Scott Ullrich	$ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']);
220			$ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']);
221			$ipsecent['p1']['peercert'] = base64_encode($_POST['p1peercert']);
222			$ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method'];
223	5b237745	Scott Ullrich	$ipsecent['p2']['protocol'] = $_POST['p2proto'];
224			$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
225			$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
226			$ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
227			$ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
228			$ipsecent['descr'] = $_POST['descr'];
229	e2411886	Scott Ullrich
230	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id])
231			$a_ipsec[$id] = $ipsecent;
232			else
233			$a_ipsec[] = $ipsecent;
234	e2411886	Scott Ullrich
235	5b237745	Scott Ullrich	write_config();
236			touch($d_ipsecconfdirty_path);
237	e2411886	Scott Ullrich
238	5b237745	Scott Ullrich	header("Location: vpn_ipsec.php");
239			exit;
240			}
241			}
242	4df96eff	Scott Ullrich
243	b128368a	Bill Marquette	$pgtitle = "VPN: IPsec: Edit tunnel";
244	4df96eff	Scott Ullrich	include("head.inc");
245
246	5b237745	Scott Ullrich	?>
247	422f27c0	Scott Ullrich
248			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
249	e2411886	Scott Ullrich	<?php include("fbegin.inc"); ?>
250	b128368a	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
251	5b237745	Scott Ullrich	<script language="JavaScript">
252			<!--
253			function typesel_change() {
254			switch (document.iform.localnettype.selectedIndex) {
255			case 0: /* single */
256			document.iform.localnet.disabled = 0;
257			document.iform.localnetmask.value = "";
258			document.iform.localnetmask.disabled = 1;
259			break;
260			case 1: /* network */
261			document.iform.localnet.disabled = 0;
262			document.iform.localnetmask.disabled = 0;
263			break;
264			default:
265			document.iform.localnet.value = "";
266			document.iform.localnet.disabled = 1;
267			document.iform.localnetmask.value = "";
268			document.iform.localnetmask.disabled = 1;
269			break;
270			}
271			}
272	e2411886	Scott Ullrich	function methodsel_change() {
273			switch (document.iform.p1authentication_method.selectedIndex) {
274			case 1: /* rsa */
275			document.iform.p1pskey.disabled = 1;
276			document.iform.p1privatekey.disabled = 0;
277			document.iform.p1cert.disabled = 0;
278			document.iform.p1peercert.disabled = 0;
279			break;
280			default: /* pre-shared */
281			document.iform.p1pskey.disabled = 0;
282			document.iform.p1privatekey.disabled = 1;
283			document.iform.p1cert.disabled = 1;
284			document.iform.p1peercert.disabled = 1;
285			break;
286			}
287			}
288	5b237745	Scott Ullrich	//-->
289			</script>
290			<?php if ($input_errors) print_input_errors($input_errors); ?>
291			<form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
292	ef97ce1b	Bill Marquette	<?display_topbar()?>
293	5b237745	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
294	e2411886	Scott Ullrich	<tr>
295	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Mode</td>
296			<td width="78%" class="vtable"> Tunnel</td>
297			</tr>
298	e2411886	Scott Ullrich	<tr>
299	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Disabled</td>
300	e2411886	Scott Ullrich	<td width="78%" class="vtable">
301	5b237745	Scott Ullrich	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
302			<strong>Disable this tunnel</strong><br>
303			<span class="vexpl">Set this option to disable this tunnel without
304			removing it from the list.</span></td>
305			</tr>
306	9f8018c2	Scott Ullrich	<tr>
307	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Auto-establish</td>
308	e2411886	Scott Ullrich	<td width="78%" class="vtable">
309	5b237745	Scott Ullrich	<input name="auto" type="checkbox" id="auto" value="yes" <?php if ($pconfig['auto']) echo "checked"; ?>>
310			<strong>Automatically establish this tunnel</strong><br>
311			<span class="vexpl">Set this option to automatically re-establish this tunnel after reboots/reconfigures. If this is not set, the tunnel is established on demand.</span></td>
312	9f8018c2	Scott Ullrich	</tr>
313	e2411886	Scott Ullrich	<tr>
314	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
315	e2411886	Scott Ullrich	<td width="78%" class="vtable"><select name="interface" class="formfld">
316	5b237745	Scott Ullrich	<?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
317			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
318			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
319			}
320			foreach ($interfaces as $iface => $ifacename): ?>
321	e2411886	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
322	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
323			</option>
324			<?php endforeach; ?>
325			</select> <br>
326			<span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td>
327			</tr>
328	e2411886	Scott Ullrich	<tr>
329	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local subnet</td>
330	e2411886	Scott Ullrich	<td width="78%" class="vtable">
331	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
332	e2411886	Scott Ullrich	<tr>
333	5b237745	Scott Ullrich	<td>Type:  </td>
334	e2411886	Scott Ullrich	<td></td>
335	5b237745	Scott Ullrich	<td><select name="localnettype" class="formfld" onChange="typesel_change()">
336			<?php $sel = is_specialnet($pconfig['localnet']); ?>
337	e2411886	Scott Ullrich	<option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
338	5b237745	Scott Ullrich	Single host</option>
339	e2411886	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
340	5b237745	Scott Ullrich	Network</option>
341	e2411886	Scott Ullrich	<option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
342	5b237745	Scott Ullrich	LAN subnet</option>
343			</select></td>
344			</tr>
345	e2411886	Scott Ullrich	<tr>
346	5b237745	Scott Ullrich	<td>Address:  </td>
347	e2411886	Scott Ullrich	<td><?=$mandfldhtmlspc;?></td>
348	5b237745	Scott Ullrich	<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
349	e2411886	Scott Ullrich	/
350	5b237745	Scott Ullrich	<select name="localnetmask" class="formfld" id="localnetmask">
351	e2411886	Scott Ullrich	<?php for ($i = 31; $i >= 0; $i--): ?>
352	5b237745	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
353			<?=$i;?>
354			</option>
355			<?php endfor; ?>
356			</select> </td>
357			</tr>
358			</table></td>
359			</tr>
360	e2411886	Scott Ullrich	<tr>
361	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote subnet</td>
362	e2411886	Scott Ullrich	<td width="78%" class="vtable">
363			<?=$mandfldhtml;?><input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
364			/
365	5b237745	Scott Ullrich	<select name="remotebits" class="formfld" id="remotebits">
366	e2411886	Scott Ullrich	<?php for ($i = 32; $i >= 0; $i--): ?>
367			<option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
368	5b237745	Scott Ullrich	<?=$i;?>
369			</option>
370			<?php endfor; ?>
371			</select></td>
372			</tr>
373	e2411886	Scott Ullrich	<tr>
374	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote gateway</td>
375	e2411886	Scott Ullrich	<td width="78%" class="vtable">
376			<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
377	5b237745	Scott Ullrich	<br>
378			Enter the public IP address of the remote gateway</td>
379			</tr>
380	e2411886	Scott Ullrich	<tr>
381	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
382	e2411886	Scott Ullrich	<td width="78%" class="vtable">
383			<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
384			<br> <span class="vexpl">You may enter a description here
385	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
386			</tr>
387	e2411886	Scott Ullrich	<tr>
388	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
389			</tr>
390	e2411886	Scott Ullrich	<tr>
391			<td colspan="2" valign="top" class="listtopic">Phase 1 proposal
392	5b237745	Scott Ullrich	(Authentication)</td>
393			</tr>
394	e2411886	Scott Ullrich	<tr>
395	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
396			<td width="78%" class="vtable">
397	e2411886	Scott Ullrich	<select name="p1mode" class="formfld">
398	5b237745	Scott Ullrich	<?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
399	e2411886	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
400	5b237745	Scott Ullrich	<?=htmlspecialchars($mode);?>
401			</option>
402			<?php endforeach; ?>
403	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">Aggressive is faster, but
404	5b237745	Scott Ullrich	less secure.</span></td>
405			</tr>
406	e2411886	Scott Ullrich	<tr>
407	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">My identifier</td>
408			<td width="78%" class="vtable">
409	e2411886	Scott Ullrich	<select name="p1myidentt" class="formfld">
410	5b237745	Scott Ullrich	<?php foreach ($my_identifier_list as $mode => $modename): ?>
411	e2411886	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
412	5b237745	Scott Ullrich	<?=htmlspecialchars($modename);?>
413			</option>
414			<?php endforeach; ?>
415	e2411886	Scott Ullrich	</select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
416	5b237745	Scott Ullrich	</td>
417			</tr>
418	e2411886	Scott Ullrich	<tr>
419	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
420			<td width="78%" class="vtable">
421	e2411886	Scott Ullrich	<select name="p1ealgo" class="formfld">
422	5b237745	Scott Ullrich	<?php foreach ($p1_ealgos as $algo => $algoname): ?>
423	e2411886	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
424	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
425			</option>
426			<?php endforeach; ?>
427	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
428	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
429			</tr>
430	e2411886	Scott Ullrich	<tr>
431	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
432			<td width="78%" class="vtable">
433	e2411886	Scott Ullrich	<select name="p1halgo" class="formfld">
434	5b237745	Scott Ullrich	<?php foreach ($p1_halgos as $algo => $algoname): ?>
435	e2411886	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
436	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
437			</option>
438			<?php endforeach; ?>
439	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
440	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
441			</tr>
442	e2411886	Scott Ullrich	<tr>
443	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">DH key group</td>
444			<td width="78%" class="vtable">
445	e2411886	Scott Ullrich	<select name="p1dhgroup" class="formfld">
446	5b237745	Scott Ullrich	<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
447	e2411886	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
448	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroup);?>
449			</option>
450			<?php endforeach; ?>
451	e2411886	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
452	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em><br>
453			Must match the setting chosen on the remote side. </span></td>
454			</tr>
455	e2411886	Scott Ullrich	<tr>
456	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
457	e2411886	Scott Ullrich	<td width="78%" class="vtable">
458	5b237745	Scott Ullrich	<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
459			seconds</td>
460			</tr>
461	e2411886	Scott Ullrich	<tr>
462			<td width="22%" valign="top" class="vncellreq">Authentication method</td>
463	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
464	e2411886	Scott Ullrich	<select name="p1authentication_method" class="formfld" onChange="methodsel_change()">
465			<?php foreach ($p1_authentication_methods as $method => $methodname): ?>
466			<option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>>
467			<?=htmlspecialchars($methodname);?>
468			</option>
469			<?php endforeach; ?>
470			</select> <br> <span class="vexpl">Must match the setting
471			chosen on the remote side.</span></td>
472			</tr>
473			<tr>
474			<td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
475			<td width="78%" class="vtable">
476			<?=$mandfldhtml;?><input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
477	5b237745	Scott Ullrich	</td>
478			</tr>
479	e2411886	Scott Ullrich	<tr>
480			<td width="22%" valign="top" class="vncellreq">Certificate</td>
481			<td width="78%" class="vtable">
482			<textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea>
483			<br>
484			Paste a certificate in X.509 PEM format here.</td>
485			</tr>
486			<tr>
487			<td width="22%" valign="top" class="vncellreq">Key</td>
488			<td width="78%" class="vtable">
489			<textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea>
490			<br>
491			Paste an RSA private key in PEM format here.</td>
492			</tr>
493			<tr>
494			<td width="22%" valign="top" class="vncell">Peer certificate</td>
495			<td width="78%" class="vtable">
496			<textarea name="p1peercert" cols="65" rows="7" id="p1peercert" class="formpre"><?=htmlspecialchars($pconfig['p1peercert']);?></textarea>
497			<br>
498			Paste the peer X.509 certificate in PEM format here.<br>
499			Leave this blank if you want to use a CA certificate for identity validation.</td>
500			</tr>
501			<tr>
502	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
503			</tr>
504	e2411886	Scott Ullrich	<tr>
505			<td colspan="2" valign="top" class="listtopic">Phase 2 proposal
506	5b237745	Scott Ullrich	(SA/Key Exchange)</td>
507			</tr>
508	e2411886	Scott Ullrich	<tr>
509	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
510			<td width="78%" class="vtable">
511	e2411886	Scott Ullrich	<select name="p2proto" class="formfld">
512	5b237745	Scott Ullrich	<?php foreach ($p2_protos as $proto => $protoname): ?>
513	e2411886	Scott Ullrich	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
514	5b237745	Scott Ullrich	<?=htmlspecialchars($protoname);?>
515			</option>
516			<?php endforeach; ?>
517	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">ESP is encryption, AH is
518	5b237745	Scott Ullrich	authentication only </span></td>
519			</tr>
520	e2411886	Scott Ullrich	<tr>
521	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
522	e2411886	Scott Ullrich	<td width="78%" class="vtable">
523	5b237745	Scott Ullrich	<?php foreach ($p2_ealgos as $algo => $algoname): ?>
524	e2411886	Scott Ullrich	<input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
525	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
526	e2411886	Scott Ullrich	<br>
527	5b237745	Scott Ullrich	<?php endforeach; ?>
528			<br>
529	e2411886	Scott Ullrich	Hint: use 3DES for best compatibility or if you have a hardware
530			crypto accelerator card. Blowfish is usually the fastest in
531	5b237745	Scott Ullrich	software encryption. </td>
532			</tr>
533	e2411886	Scott Ullrich	<tr>
534	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
535	e2411886	Scott Ullrich	<td width="78%" class="vtable">
536	5b237745	Scott Ullrich	<?php foreach ($p2_halgos as $algo => $algoname): ?>
537	e2411886	Scott Ullrich	<input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
538	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
539	e2411886	Scott Ullrich	<br>
540	5b237745	Scott Ullrich	<?php endforeach; ?>
541			</td>
542			</tr>
543	e2411886	Scott Ullrich	<tr>
544	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">PFS key group</td>
545			<td width="78%" class="vtable">
546	e2411886	Scott Ullrich	<select name="p2pfsgroup" class="formfld">
547	5b237745	Scott Ullrich	<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
548	e2411886	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
549	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroupname);?>
550			</option>
551			<?php endforeach; ?>
552	e2411886	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
553	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em></span></td>
554			</tr>
555	e2411886	Scott Ullrich	<tr>
556	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
557	e2411886	Scott Ullrich	<td width="78%" class="vtable">
558	5b237745	Scott Ullrich	<input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
559			seconds</td>
560			</tr>
561	e2411886	Scott Ullrich	<tr>
562	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
563	e2411886	Scott Ullrich	<td width="78%">
564			<input name="Submit" type="submit" class="formbtn" value="Save">
565	5b237745	Scott Ullrich	<?php if (isset($id) && $a_ipsec[$id]): ?>
566	e2411886	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
567	5b237745	Scott Ullrich	<?php endif; ?>
568			</td>
569			</tr>
570			</table>
571			</form>
572			<script language="JavaScript">
573			<!--
574			typesel_change();
575	e2411886	Scott Ullrich	methodsel_change();
576	5b237745	Scott Ullrich	//-->
577			</script>
578			<?php include("fend.inc"); ?>
579	94420171	Scott Ullrich
580
581			<?php
582
583			function address_to_pconfig_vpn($adr, &$padr, &$pmask) {
584
585			if ($adr['network'])
586			$padr = $adr['network'];
587			else if ($adr['address']) {
588			list($padr, $pmask) = explode("/", $adr['address']);
589			if (is_null($pmask))
590			$pmask = 32;
591			}
592			}
593
594	b128368a	Bill Marquette	?>

Project

General

Profile

pfSense