/src/usr/local/www/status_ipsec.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/status_ipsec.php @ 748372bc

1	cf7d1057	Scott Ullrich	<?php
2			/*
3	c5d81585	Renato Botelho	* status_ipsec.php
4	86b2861c	Matt Smith	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	b8f91b7c	Luiz Souza	* Copyright (c) 2004-2018 Rubicon Communications, LLC (Netgate)
7	c5d81585	Renato Botelho	* All rights reserved.
8	fd9ebcd5	Stephen Beaver	*
9	c5d81585	Renato Botelho	* originally based on m0n0wall (http://m0n0.ch/wall)
10			* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
11			* All rights reserved.
12	fd9ebcd5	Stephen Beaver	*
13	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
14			* you may not use this file except in compliance with the License.
15			* You may obtain a copy of the License at
16	fd9ebcd5	Stephen Beaver	*
17	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
18	fd9ebcd5	Stephen Beaver	*
19	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
20			* distributed under the License is distributed on an "AS IS" BASIS,
21			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22			* See the License for the specific language governing permissions and
23			* limitations under the License.
24	fd9ebcd5	Stephen Beaver	*/
25	cf7d1057	Scott Ullrich
26	6b07c15a	Matthew Grooms	##\|+PRIV
27			##\|*IDENT=page-status-ipsec
28	5230f468	jim-p	##\|*NAME=Status: IPsec
29	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'Status: IPsec' page.
30	1af5edbf	Stephen Beaver	##\|MATCH=status_ipsec.php
31	6b07c15a	Matthew Grooms	##\|-PRIV
32
33	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
34	4260c32a	Stephen Beaver	require_once("ipsec.inc");
35	6b07c15a	Matthew Grooms
36	a93e56c5	Matthew Grooms	global $g;
37
38	e3df164a	Stephen Jones	if(!is_array($config['ipsec'])){
39			$config['ipsec'] = array();
40			}
41
42	4b5f2ab3	Phil Davis	if (!is_array($config['ipsec']['phase1'])) {
43			$config['ipsec']['phase1'] = array();
44			}
45
46	4260c32a	Stephen Beaver	// If this is just an AJAX call to update the table body, just generate the body and quit
47			if ($_REQUEST['ajax']) {
48			print_ipsec_body();
49			exit;
50			}
51	a93e56c5	Matthew Grooms
52	64d53c69	Steve Beaver	if ($_POST['act'] == 'connect') {
53			if (ctype_digit($_POST['ikeid'])) {
54			$ph1ent = ipsec_get_phase1($_POST['ikeid']);
55	483c3b5b	Ermal LUÇI	if (!empty($ph1ent)) {
56	9d51fcde	Chris Buechler	if (empty($ph1ent['iketype']) \|\| $ph1ent['iketype'] == 'ikev1' \|\| isset($ph1ent['splitconn'])) {
57	64d53c69	Steve Beaver	$ph2entries = ipsec_get_number_of_phase2($_POST['ikeid']);
58	483c3b5b	Ermal LUÇI	for ($i = 0; $i < $ph2entries; $i++) {
59	64d53c69	Steve Beaver	$connid = escapeshellarg("con{$_POST['ikeid']}00{$i}");
60	c5d8cbe0	Chris Buechler	mwexec_bg("/usr/local/sbin/ipsec down {$connid}");
61	b866103e	Chris Buechler	mwexec_bg("/usr/local/sbin/ipsec up {$connid}");
62	483c3b5b	Ermal LUÇI	}
63			} else {
64	62caa87a	jim-p	mwexec_bg("/usr/local/sbin/ipsec down con" . escapeshellarg($_POST['ikeid'] . '000'));
65			mwexec_bg("/usr/local/sbin/ipsec up con" . escapeshellarg($_POST['ikeid'] . '000'));
66	483c3b5b	Ermal LUÇI	}
67			}
68	6e8b0ec3	jim-p	}
69	64d53c69	Steve Beaver	} else if ($_POST['act'] == 'ikedisconnect') {
70	130f3c92	Stephen Jones
71	3c5f4441	Stephen Jones	if (!empty($_POST['ikesaid']) && ctype_digit($_POST['ikesaid'])) {
72			mwexec_bg("/usr/local/sbin/ipsec down " ."'" . escapeshellarg($_POST['ikeid']) . "[" . escapeshellarg($_POST['ikesaid']) . "]" . "'");
73			} else {
74			mwexec_bg("/usr/local/sbin/ipsec down " . escapeshellarg($_POST['ikeid']));
75	614be051	bcyrill	}
76	64d53c69	Steve Beaver	} else if ($_POST['act'] == 'childdisconnect') {
77	130f3c92	Stephen Jones	//pull out number from id
78	64d53c69	Steve Beaver	if (!empty($_POST['ikesaid']) && ctype_digit($_POST['ikesaid'])) {
79	3c5f4441	Stephen Jones	mwexec_bg("/usr/local/sbin/ipsec down " . escapeshellarg($_POST['ikeid']) . "{" . escapeshellarg($_POST['ikesaid']) . "}");
80	5f601060	Phil Davis	}
81	6e0b68bf	jim-p	}
82
83	4260c32a	Stephen Beaver	// Table body is composed here so that it can be more easily updated via AJAX
84			function print_ipsec_body() {
85			global $config;
86			$a_phase1 = &$config['ipsec']['phase1'];
87			$status = ipsec_list_sa();
88			$ipsecconnected = array();
89			if (is_array($status)) {
90			foreach ($status as $ikeid => $ikesa) {
91	130f3c92	Stephen Jones	//check which array format
92			if(isset($ikesa['con-id'])){
93			$con_id = substr($ikesa['con-id'],3);
94			}else{
95			$con_id = filter_var($ikeid, FILTER_SANITIZE_NUMBER_INT);
96			}
97	4260c32a	Stephen Beaver	if ($ikesa['version'] == 1) {
98			$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
99			$ipsecconnected[$ph1idx] = $ph1idx;
100			} else {
101	109a304e	Graham Collinson	if (!ipsec_ikeid_used($con_id)) {
102			// probably a v2 with split connection then
103			$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
104			$ipsecconnected[$ph1idx] = $ph1idx;
105			} else {
106			$ipsecconnected[$con_id] = $ph1idx = $con_id;
107			}
108	4260c32a	Stephen Beaver	}
109	3795cc0a	sbeaver
110	4260c32a	Stephen Beaver	print("<tr>\n");
111	3c5f4441	Stephen Jones
112			print("<td>\n");
113			print(htmlspecialchars($ikesa['con-id'])) . ":\n";
114			print('#' . htmlspecialchars($ikesa['uniqueid']));
115			print("</td>\n");
116
117	4260c32a	Stephen Beaver	print("<td>\n");
118	80392e01	Stephen Jones	if (is_array($a_phase1) && htmlspecialchars(ipsec_get_descr($ph1idx)) == "") {
119	29c1ecb8	Stephen Jones	foreach ($a_phase1 as $ph1) {
120	80392e01	Stephen Jones	if($con_id == $ph1['ikeid'] && isset($ph1['mobile']) ){
121			print(htmlspecialchars($ph1['descr']));
122	29c1ecb8	Stephen Jones	break;
123			}
124			}
125			}
126	4260c32a	Stephen Beaver	print(htmlspecialchars(ipsec_get_descr($ph1idx)));
127			print("</td>\n");
128	3c5f4441	Stephen Jones
129	4260c32a	Stephen Beaver	print("<td>\n");
130	0da0d43e	Phil Davis
131	4260c32a	Stephen Beaver	if (!empty($ikesa['local-id'])) {
132			if ($ikesa['local-id'] == '%any') {
133			print(gettext('Any identifier'));
134			} else {
135			print(htmlspecialchars($ikesa['local-id']));
136			}
137	5f601060	Phil Davis	} else {
138	4260c32a	Stephen Beaver	print(gettext("Unknown"));
139	5f601060	Phil Davis	}
140	86b2861c	Matt Smith
141	4260c32a	Stephen Beaver	print("</td>\n");
142			print("<td>\n");
143
144			if (!empty($ikesa['local-host'])) {
145			print(htmlspecialchars($ikesa['local-host']));
146	86b2861c	Matt Smith	} else {
147	4260c32a	Stephen Beaver	print(gettext("Unknown"));
148	86b2861c	Matt Smith	}
149	4260c32a	Stephen Beaver
150			/*
151			* XXX: local-nat-t was defined by pfSense
152			* When strongswan team accepted the change, they changed it to
153			* nat-local. Keep both for a while and remove local-nat-t in
154			* the future
155			*/
156			if (isset($ikesa['local-nat-t']) \|\| isset($ikesa['nat-local'])) {
157	e96b20f6	Jose Luis Duran	print(" NAT-T");
158	4260c32a	Stephen Beaver	}
159
160			print("</td>\n");
161			print("<td>\n");
162
163			$identity = "";
164			if (!empty($ikesa['remote-id'])) {
165			if ($ikesa['remote-id'] == '%any') {
166			$identity = htmlspecialchars(gettext('Any identifier'));
167			} else {
168			$identity = htmlspecialchars($ikesa['remote-id']);
169			}
170			}
171
172			if (!empty($ikesa['remote-xauth-id'])) {
173			echo htmlspecialchars($ikesa['remote-xauth-id']);
174			echo "<br/>{$identity}";
175			} elseif (!empty($ikesa['remote-eap-id'])) {
176			echo htmlspecialchars($ikesa['remote-eap-id']);
177			echo "<br/>{$identity}";
178			} else {
179			if (empty($identity)) {
180			print(gettext("Unknown"));
181			} else {
182			print($identity);
183			}
184			}
185
186			print("</td>\n");
187			print("<td>\n");
188
189			if (!empty($ikesa['remote-host'])) {
190			print(htmlspecialchars($ikesa['remote-host']));
191			} else {
192	3795cc0a	sbeaver	print(gettext("Unknown"));
193	4260c32a	Stephen Beaver	}
194			/*
195			* XXX: remote-nat-t was defined by pfSense
196			* When strongswan team accepted the change, they changed it to
197			* nat-remote. Keep both for a while and remove remote-nat-t in
198			* the future
199			*/
200			if (isset($ikesa['remote-nat-t']) \|\| isset($ikesa['nat-remote'])) {
201			print(" NAT-T");
202			}
203
204			print("</td>\n");
205			print("<td>\n");
206			print("IKEv" . htmlspecialchars($ikesa['version']));
207			print("<br/>\n");
208
209			if ($ikesa['initiator'] == 'yes') {
210			print("initiator");
211			} else {
212			print("responder");
213			}
214
215			print("</td>\n");
216			print("<td>\n");
217	c57e936a	stilez	print(htmlspecialchars($ikesa['reauth-time']) . gettext(" seconds (") . convert_seconds_to_dhms($ikesa['reauth-time']) . ")");
218	4260c32a	Stephen Beaver	print("</td>\n");
219			print("<td>\n");
220			print(htmlspecialchars($ikesa['encr-alg']));
221			print("<br/>");
222			print(htmlspecialchars($ikesa['integ-alg']));
223			print("<br/>");
224			print(htmlspecialchars($ikesa['prf-alg']));
225			print("<br/>\n");
226			print(htmlspecialchars($ikesa['dh-group']));
227			print("</td>\n");
228			print("<td>\n");
229
230			if ($ikesa['state'] == 'ESTABLISHED') {
231			print('<span class="text-success">');
232			} else {
233			print('<span>');
234			}
235
236			print(ucfirst(htmlspecialchars($ikesa['state'])));
237	9e820b59	Phil Davis
238			if ($ikesa['state'] == 'ESTABLISHED') {
239	7f0d6ccf	Phil Davis	print("<br/>");
240			printf(gettext('%1$s seconds (%2$s) ago'), htmlspecialchars($ikesa['established']), convert_seconds_to_dhms($ikesa['established']));
241	9e820b59	Phil Davis	}
242
243	3c5f4441	Stephen Jones	print("</span><br /><br />");
244	4260c32a	Stephen Beaver
245			if ($ikesa['state'] != 'ESTABLISHED') {
246
247	1144e24c	Steve Beaver	print('<a href="status_ipsec.php?act=connect&ikeid=' . $con_id . '&ikesaid=' .$ikesa['uniqueid'] . '" class="btn btn-xs btn-success" data-toggle="tooltip" title="' . gettext("Connect VPN"). '" usepost>');
248	9e820b59	Phil Davis	print('<i class="fa fa-sign-in icon-embed-btn"></i>');
249			print(gettext("Connect VPN"));
250			print("</a>\n");
251	4260c32a	Stephen Beaver
252	86b2861c	Matt Smith	} else {
253	4260c32a	Stephen Beaver
254	3c5f4441	Stephen Jones	print('<a href="status_ipsec.php?act=ikedisconnect&ikeid=' . $ikesa['con-id']. '&ikesaid=' .$ikesa['uniqueid'] . '"class="btn btn-xs btn-danger" data-toggle="tooltip" title="' . gettext("Disconnect VPN") . '" usepost>');
255	4260c32a	Stephen Beaver	print('<i class="fa fa-trash icon-embed-btn"></i>');
256			print(gettext("Disconnect"));
257			print("</a><br />\n");
258
259			}
260
261			print("</td>\n");
262			print("</tr>\n");
263			print("<tr>\n");
264			print("<td colspan = 10>\n");
265
266			if (is_array($ikesa['child-sas']) && (count($ikesa['child-sas']) > 0)) {
267	130f3c92	Stephen Jones	$child_key = "";
268			foreach ($ikesa['child-sas'] as $key => $val){
269			$child_key = $key;
270			break;
271			}
272	4260c32a	Stephen Beaver
273	067551a4	Stephen Beaver	print('<div>');
274	130f3c92	Stephen Jones	print('<a type="button" id="btnchildsa-'. $child_key . '" class="btn btn-sm btn-info">');
275	4260c32a	Stephen Beaver	print('<i class="fa fa-plus-circle icon-embed-btn"></i>');
276			print(gettext('Show child SA entries'));
277			print("</a>\n");
278			print(" </div>\n");
279
280	130f3c92	Stephen Jones	print('<table class="table table-hover table-condensed" id="childsa-'.$child_key . '" style="display:none">');
281	4260c32a	Stephen Beaver	print("<thead>\n");
282			print('<tr class="bg-info">');
283	3c5f4441	Stephen Jones	print('<th>' . gettext("IPsec ID") . '</th>');
284			print('<th>' . gettext("Local subnets") . '</th>');
285			print('<th>' . gettext("Local SPI(s)") . '</th>');
286			print('<th>' . gettext("Remote subnets") . '</th>');
287			print('<th>' . gettext("Times") . '</th>');
288			print('<th>' . gettext("Algo") . '</th>');
289			print('<th>' . gettext("Stats") . '</th>');
290	4260c32a	Stephen Beaver	print('<th><!-- Buttons --></th>');
291			print("</tr\n");
292			print("</thead>\n");
293			print("<tbody>\n");
294
295			foreach ($ikesa['child-sas'] as $childid => $childsa) {
296			print("<tr>");
297			print("<td>\n");
298	3c5f4441	Stephen Jones	print($childsa['name'] . ":<br />");
299			print("#" . $childsa['uniqueid']);
300			print("</td>\n");
301			print("<td>\n");
302	4260c32a	Stephen Beaver
303			if (is_array($childsa['local-ts'])) {
304			foreach ($childsa['local-ts'] as $lnets) {
305			print(htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />");
306			}
307			} else {
308			print(gettext("Unknown"));
309			}
310
311			print("</td>\n");
312			print("<td>\n");
313
314			if (isset($childsa['spi-in'])) {
315			print(gettext("Local: ") . htmlspecialchars($childsa['spi-in']));
316			}
317
318			if (isset($childsa['spi-out'])) {
319			print('<br/>' . gettext('Remote: ') . htmlspecialchars($childsa['spi-out']));
320			}
321
322			print("</td>\n");
323			print("<td>\n");
324
325			if (is_array($childsa['remote-ts'])) {
326			foreach ($childsa['remote-ts'] as $rnets) {
327			print(htmlspecialchars(ipsec_fixup_network($rnets)) . '<br />');
328			}
329			} else {
330			print(gettext("Unknown"));
331			}
332
333			print("</td>\n");
334			print("<td>\n");
335
336	7f0d6ccf	Phil Davis	printf(gettext('Rekey: %1$s seconds (%2$s)'), htmlspecialchars($childsa['rekey-time']), convert_seconds_to_dhms($childsa['rekey-time']));
337			print('<br/>');
338			printf(gettext('Life: %1$s seconds (%2$s)'), htmlspecialchars($childsa['life-time']), convert_seconds_to_dhms($childsa['life-time']));
339			print('<br/>');
340			printf(gettext('Install: %1$s seconds (%2$s)'), htmlspecialchars($childsa['install-time']), convert_seconds_to_dhms($childsa['install-time']));
341	4260c32a	Stephen Beaver
342
343			print("</td>\n");
344			print("<td>\n");
345
346			print(htmlspecialchars($childsa['encr-alg']) . '<br/>');
347			print(htmlspecialchars($childsa['integ-alg']) . '<br/>');
348
349			if (!empty($childsa['prf-alg'])) {
350			print(htmlspecialchars($childsa['prf-alg']) . '<br/>');
351			}
352
353			if (!empty($childsa['dh-group'])) {
354			print(htmlspecialchars($childsa['dh-group']) . '<br/>');
355			}
356
357			if (!empty($childsa['esn'])) {
358			print(htmlspecialchars($childsa['esn']) . '<br/>');
359			}
360
361			print(gettext("IPComp: "));
362			if (!empty($childsa['cpi-in']) \|\| !empty($childsa['cpi-out'])) {
363			print(htmlspecialchars($childsa['cpi-in']) . " " . htmlspecialchars($childsa['cpi-out']));
364			} else {
365			print(gettext('none'));
366			}
367
368			print("</td>\n");
369			print("<td>\n");
370
371			print(gettext("Bytes-In: ") . htmlspecialchars(number_format($childsa['bytes-in'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-in'])) . ')<br/>');
372			print(gettext("Packets-In: ") . htmlspecialchars(number_format($childsa['packets-in'])) . '<br/>');
373			print(gettext("Bytes-Out: ") . htmlspecialchars(number_format($childsa['bytes-out'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-out'])) . ')<br/>');
374			print(gettext("Packets-Out: ") . htmlspecialchars(number_format($childsa['packets-out'])) . '<br/>');
375
376			print("</td>\n");
377			print("<td>\n");
378	130f3c92	Stephen Jones	print('<a href="status_ipsec.php?act=childdisconnect&ikeid=' . $childsa['name'] . '&ikesaid=' . $childsa['uniqueid'] . '" class="btn btn-xs btn-warning" data-toggle="tooltip" title="' . gettext('Disconnect Child SA') . '" usepost>');
379	4260c32a	Stephen Beaver	print('<i class="fa fa-trash icon-embed-btn"></i>');
380			print(gettext("Disconnect"));
381			print("</a>\n");
382			print("</td>\n");
383			print("</tr>\n");
384
385			}
386
387			print("</tbody>\n");
388			print(" </table>\n");
389			print("</td>\n");
390	9723b525	Stephen Beaver	print("</tr>\n");
391	4260c32a	Stephen Beaver
392	3795cc0a	sbeaver	}
393	4260c32a	Stephen Beaver
394			unset($con_id);
395	86b2861c	Matt Smith	}
396	4260c32a	Stephen Beaver
397			}
398
399			$rgmap = array();
400	4b5f2ab3	Phil Davis	if (is_array($a_phase1)) {
401			foreach ($a_phase1 as $ph1ent) {
402			if (isset($ph1ent['disabled'])) {
403			continue;
404			}
405	4260c32a	Stephen Beaver
406	4b5f2ab3	Phil Davis	$rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway'];
407	4260c32a	Stephen Beaver
408	4b5f2ab3	Phil Davis	if ($ipsecconnected[$ph1ent['ikeid']]) {
409			continue;
410			}
411	4260c32a	Stephen Beaver
412	4b5f2ab3	Phil Davis	print("<tr>\n");
413	437263f2	Stephen Jones	print("<td></td>\n");
414	360e7711	Stephen Jones	print("<td>\n");
415	4b5f2ab3	Phil Davis	print(htmlspecialchars($ph1ent['descr']));
416			print("</td>\n");
417			print("<td>\n");
418			list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
419	4260c32a	Stephen Beaver
420	4b5f2ab3	Phil Davis	if (empty($myid_data)) {
421			print(gettext("Unknown"));
422			} else {
423			print(htmlspecialchars($myid_data));
424			}
425	4260c32a	Stephen Beaver
426	4b5f2ab3	Phil Davis	print("</td>\n");
427			print("<td>\n");
428			$ph1src = ipsec_get_phase1_src($ph1ent);
429	4260c32a	Stephen Beaver
430	4b5f2ab3	Phil Davis	if (empty($ph1src)) {
431			print(gettext("Unknown"));
432			} else {
433			print(htmlspecialchars($ph1src));
434			}
435	4260c32a	Stephen Beaver
436	4b5f2ab3	Phil Davis	print("</td>\n");
437			print("<td>\n");
438	0da0d43e	Phil Davis
439	4b5f2ab3	Phil Davis	list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
440	3795cc0a	sbeaver
441	4b5f2ab3	Phil Davis	if (empty($peerid_data)) {
442			print(gettext("Unknown"));
443			} else {
444			print(htmlspecialchars($peerid_data));
445			}
446			print(" </td>\n");
447			print(" <td>\n");
448			$ph1src = ipsec_get_phase1_dst($ph1ent);
449	0da0d43e	Phil Davis
450	4b5f2ab3	Phil Davis	if (empty($ph1src)) {
451			print(gettext("Unknown"));
452			} else {
453			print(htmlspecialchars($ph1src));
454			}
455	0da0d43e	Phil Davis
456	4260c32a	Stephen Beaver	print("</td>\n");
457			print("<td>\n");
458			print("</td>\n");
459			print("<td>\n");
460			print("</td>\n");
461			print("<td>\n");
462			print("</td>\n");
463	3795cc0a	sbeaver
464	4b5f2ab3	Phil Davis	if (isset($ph1ent['mobile'])) {
465
466			print("<td>\n");
467			print(gettext("Awaiting connections"));
468			print("</td>\n");
469			print("<td>\n");
470			print("</td>\n");
471			print("</td>\n");
472			} else {
473
474			print("<td>\n");
475			print(gettext("Disconnected"));
476			print("</td>\n");
477			print("<td>\n");
478	64d53c69	Steve Beaver	print('<a href="status_ipsec.php?act=connect&ikeid=' . $ph1ent['ikeid'] . '" class="btn btn-xs btn-success" usepost>');
479	4b5f2ab3	Phil Davis	print('<i class="fa fa-sign-in icon-embed-btn"></i>');
480			print(gettext("Connect VPN"));
481			print("</a>\n");
482			print("</td>\n");
483
484			}
485			print("</tr>\n");
486	4260c32a	Stephen Beaver	}
487	97242546	Matt Smith	}
488
489	4260c32a	Stephen Beaver	unset($ipsecconnected, $phase1, $rgmap);
490	86b2861c	Matt Smith	}
491	3795cc0a	sbeaver
492	4260c32a	Stephen Beaver	$pgtitle = array(gettext("Status"), gettext("IPsec"), gettext("Overview"));
493	edcd7535	Phil Davis	$pglinks = array("", "@self", "@self");
494	4260c32a	Stephen Beaver	$shortcut_section = "ipsec";
495	0da0d43e	Phil Davis
496	4260c32a	Stephen Beaver	include("head.inc");
497	0da0d43e	Phil Davis
498	4260c32a	Stephen Beaver	$tab_array = array();
499			$tab_array[] = array(gettext("Overview"), true, "status_ipsec.php");
500			$tab_array[] = array(gettext("Leases"), false, "status_ipsec_leases.php");
501			$tab_array[] = array(gettext("SADs"), false, "status_ipsec_sad.php");
502			$tab_array[] = array(gettext("SPDs"), false, "status_ipsec_spd.php");
503			display_top_tabs($tab_array);
504	3795cc0a	sbeaver	?>
505	0da0d43e	Phil Davis
506	4260c32a	Stephen Beaver	<div class="panel panel-default">
507			<div class="panel-heading"><h2 class="panel-title"><?=gettext("IPsec Status");?></h2></div>
508			<div class="panel-body table-responsive">
509			<table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable>
510			<thead>
511			<tr>
512	3c5f4441	Stephen Jones	<th><?=gettext("IPsec ID")?></th>
513	4260c32a	Stephen Beaver	<th><?=gettext("Description")?></th>
514			<th><?=gettext("Local ID")?></th>
515			<th><?=gettext("Local IP")?></th>
516			<th><?=gettext("Remote ID")?></th>
517			<th><?=gettext("Remote IP")?></th>
518			<th><?=gettext("Role")?></th>
519			<th><?=gettext("Reauth")?></th>
520			<th><?=gettext("Algo")?></th>
521			<th><?=gettext("Status")?></th>
522			<th></th>
523			</tr>
524			</thead>
525			<tbody id="ipsec-body">
526			<tr>
527	fc48da17	NOYB	<td colspan="10">
528	499adf73	Phil Davis	<?=print_info_box(gettext("Collecting IPsec status information."), "warning", "")?>
529	3795cc0a	sbeaver	</td>
530			</tr>
531			</tbody>
532	c7fbdd6c	Ermal	</table>
533			</div>
534	3795cc0a	sbeaver	</div>
535
536			<?php
537			unset($status);
538	4260c32a	Stephen Beaver
539	d2c1089f	Phil Davis	if (ipsec_enabled()) {
540	4260c32a	Stephen Beaver	print('<div class="infoblock">');
541	d2c1089f	Phil Davis	} else {
542	4260c32a	Stephen Beaver	print('<div class="infoblock blockopen">');
543	d2c1089f	Phil Davis	}
544	4260c32a	Stephen Beaver
545	530c7ccf	NOYB	print_info_box(sprintf(gettext('IPsec can be configured %1$shere%2$s.'), '<a href="vpn_ipsec.php">', '</a>'), 'info', false);
546	d2c1089f	Phil Davis	?>
547			</div>
548	4260c32a	Stephen Beaver
549			<script type="text/javascript">
550			//<![CDATA[
551
552			events.push(function() {
553	067551a4	Stephen Beaver	ajax_lock = false; // Mutex so we don't make a call until the previous call is finished
554			sa_open = new Array(); // Array in which to keep the child SA show/hide state
555	29c1ecb8	Stephen Jones	tryCount = 3;
556	4260c32a	Stephen Beaver	// Fetch the tbody contents from the server
557			function update_table() {
558			if (ajax_lock) {
559			return;
560			}
561
562			ajax_lock = true;
563
564			ajaxRequest = $.ajax(
565			{
566			url: "/status_ipsec.php",
567			type: "post",
568			data: {
569			ajax: "ajax"
570	1144e24c	Steve Beaver	},
571			error: function(xhr, textStatus, errorThrown){
572			//alert("error.... retrying");
573	29c1ecb8	Stephen Jones	if (tryCount > 0){
574			tryCount --;
575	1144e24c	Steve Beaver	ajax_lock = false;
576			update_table();
577			}
578			return;
579	4260c32a	Stephen Beaver	}
580			}
581			);
582
583			// Deal with the results of the above ajax call
584			ajaxRequest.done(function (response, textStatus, jqXHR) {
585	29c1ecb8	Stephen Jones	if(textStatus === "success"){
586			tryCount =3;
587			}
588	fc48da17	NOYB	if (!response) {
589	2807660f	Stephen Jones	response = '<tr><td colspan="10"><?=print_info_box(addslashes(gettext("No IPsec status information available.")), "warning", "")?></td></tr>';
590	fc48da17	NOYB	}
591
592	4260c32a	Stephen Beaver	$('#ipsec-body').html(response);
593			ajax_lock = false;
594
595	067551a4	Stephen Beaver	// Update "Show child SA" handlers
596			$('[id^=btnchildsa-]').click(function () {
597	3c5f4441	Stephen Jones	show_childsa($(this).prop("id").replace( 'btnchildsa-', ''));
598	067551a4	Stephen Beaver	});
599
600			// Check the sa_open array for child SAs that have been opened
601	3c5f4441	Stephen Jones	$('[id^=childsa-]').each(function(idx) {
602			sa_idx = $(this).prop("id").replace( 'childsa-', '');
603	4260c32a	Stephen Beaver
604			if (sa_open[sa_idx]) {
605	067551a4	Stephen Beaver	show_childsa(sa_idx);
606	4260c32a	Stephen Beaver	}
607			});
608
609	64d53c69	Steve Beaver	// re-attached the GET to POST handler
610			interceptGET();
611
612	4260c32a	Stephen Beaver	// and do it again
613			setTimeout(update_table, 5000);
614			});
615			}
616
617	067551a4	Stephen Beaver	function show_childsa(said) {
618			sa_open[said] = true;
619	3c5f4441	Stephen Jones	$('#childsa-' + said).show();
620	067551a4	Stephen Beaver	$('#btnchildsa-con' + said).hide();
621			}
622
623	4260c32a	Stephen Beaver	// Populate the tbody on page load
624			update_table();
625			});
626			//]]>
627			</script>
628
629	d2c1089f	Phil Davis	<?php
630	3795cc0a	sbeaver	include("foot.inc"); ?>

Project

General

Profile

pfSense