/src/usr/local/www/status_ipsec.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/status_ipsec.php @ 7ba6c13b

1	cf7d1057	Scott Ullrich	<?php
2			/*
3	c5d81585	Renato Botelho	* status_ipsec.php
4	86b2861c	Matt Smith	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	4a762cf0	Steve Beaver	* Copyright (c) 2004-2019 Rubicon Communications, LLC (Netgate)
7	c5d81585	Renato Botelho	* All rights reserved.
8	fd9ebcd5	Stephen Beaver	*
9	c5d81585	Renato Botelho	* originally based on m0n0wall (http://m0n0.ch/wall)
10			* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
11			* All rights reserved.
12	fd9ebcd5	Stephen Beaver	*
13	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
14			* you may not use this file except in compliance with the License.
15			* You may obtain a copy of the License at
16	fd9ebcd5	Stephen Beaver	*
17	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
18	fd9ebcd5	Stephen Beaver	*
19	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
20			* distributed under the License is distributed on an "AS IS" BASIS,
21			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22			* See the License for the specific language governing permissions and
23			* limitations under the License.
24	fd9ebcd5	Stephen Beaver	*/
25	cf7d1057	Scott Ullrich
26	6b07c15a	Matthew Grooms	##\|+PRIV
27			##\|*IDENT=page-status-ipsec
28	5230f468	jim-p	##\|*NAME=Status: IPsec
29	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'Status: IPsec' page.
30	1af5edbf	Stephen Beaver	##\|MATCH=status_ipsec.php
31	6b07c15a	Matthew Grooms	##\|-PRIV
32
33	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
34	4260c32a	Stephen Beaver	require_once("ipsec.inc");
35	6b07c15a	Matthew Grooms
36	a93e56c5	Matthew Grooms	global $g;
37
38	ea0dd417	jim-p	init_config_arr(array('ipsec', 'phase1'));
39	4b5f2ab3	Phil Davis
40	4260c32a	Stephen Beaver	// If this is just an AJAX call to update the table body, just generate the body and quit
41			if ($_REQUEST['ajax']) {
42			print_ipsec_body();
43			exit;
44			}
45	a93e56c5	Matthew Grooms
46	7ba6c13b	jim-p	if (($_POST['act'] == 'connect') \|\| ($_POST['act'] == 'childconnect')) {
47	64d53c69	Steve Beaver	if (ctype_digit($_POST['ikeid'])) {
48			$ph1ent = ipsec_get_phase1($_POST['ikeid']);
49	483c3b5b	Ermal LUÇI	if (!empty($ph1ent)) {
50	7ba6c13b	jim-p	if (empty($ph1ent['iketype']) \|\| ($ph1ent['iketype'] == 'ikev1') \|\| isset($ph1ent['splitconn'])) {
51	64d53c69	Steve Beaver	$ph2entries = ipsec_get_number_of_phase2($_POST['ikeid']);
52	483c3b5b	Ermal LUÇI	for ($i = 0; $i < $ph2entries; $i++) {
53	64d53c69	Steve Beaver	$connid = escapeshellarg("con{$_POST['ikeid']}00{$i}");
54	7ba6c13b	jim-p	if ($_POST['act'] != 'childconnect') {
55			mwexec_bg("/usr/local/sbin/ipsec down {$connid}");
56			}
57	b866103e	Chris Buechler	mwexec_bg("/usr/local/sbin/ipsec up {$connid}");
58	483c3b5b	Ermal LUÇI	}
59			} else {
60	7ba6c13b	jim-p	if ($_POST['act'] != 'childconnect') {
61			mwexec_bg("/usr/local/sbin/ipsec down con" . escapeshellarg($_POST['ikeid'] . '000'));
62			}
63	62caa87a	jim-p	mwexec_bg("/usr/local/sbin/ipsec up con" . escapeshellarg($_POST['ikeid'] . '000'));
64	483c3b5b	Ermal LUÇI	}
65			}
66	6e8b0ec3	jim-p	}
67	64d53c69	Steve Beaver	} else if ($_POST['act'] == 'ikedisconnect') {
68	130f3c92	Stephen Jones
69	3c5f4441	Stephen Jones	if (!empty($_POST['ikesaid']) && ctype_digit($_POST['ikesaid'])) {
70			mwexec_bg("/usr/local/sbin/ipsec down " ."'" . escapeshellarg($_POST['ikeid']) . "[" . escapeshellarg($_POST['ikesaid']) . "]" . "'");
71			} else {
72			mwexec_bg("/usr/local/sbin/ipsec down " . escapeshellarg($_POST['ikeid']));
73	614be051	bcyrill	}
74	64d53c69	Steve Beaver	} else if ($_POST['act'] == 'childdisconnect') {
75	130f3c92	Stephen Jones	//pull out number from id
76	64d53c69	Steve Beaver	if (!empty($_POST['ikesaid']) && ctype_digit($_POST['ikesaid'])) {
77	3c5f4441	Stephen Jones	mwexec_bg("/usr/local/sbin/ipsec down " . escapeshellarg($_POST['ikeid']) . "{" . escapeshellarg($_POST['ikesaid']) . "}");
78	5f601060	Phil Davis	}
79	6e0b68bf	jim-p	}
80
81	4260c32a	Stephen Beaver	// Table body is composed here so that it can be more easily updated via AJAX
82			function print_ipsec_body() {
83			global $config;
84			$a_phase1 = &$config['ipsec']['phase1'];
85			$status = ipsec_list_sa();
86			$ipsecconnected = array();
87			if (is_array($status)) {
88			foreach ($status as $ikeid => $ikesa) {
89	130f3c92	Stephen Jones	//check which array format
90			if(isset($ikesa['con-id'])){
91			$con_id = substr($ikesa['con-id'],3);
92			}else{
93			$con_id = filter_var($ikeid, FILTER_SANITIZE_NUMBER_INT);
94			}
95	4260c32a	Stephen Beaver	if ($ikesa['version'] == 1) {
96			$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
97			$ipsecconnected[$ph1idx] = $ph1idx;
98			} else {
99	109a304e	Graham Collinson	if (!ipsec_ikeid_used($con_id)) {
100			// probably a v2 with split connection then
101			$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
102			$ipsecconnected[$ph1idx] = $ph1idx;
103			} else {
104			$ipsecconnected[$con_id] = $ph1idx = $con_id;
105			}
106	4260c32a	Stephen Beaver	}
107	3795cc0a	sbeaver
108	4260c32a	Stephen Beaver	print("<tr>\n");
109	3c5f4441	Stephen Jones
110			print("<td>\n");
111			print(htmlspecialchars($ikesa['con-id'])) . ":\n";
112			print('#' . htmlspecialchars($ikesa['uniqueid']));
113			print("</td>\n");
114
115	4260c32a	Stephen Beaver	print("<td>\n");
116	80392e01	Stephen Jones	if (is_array($a_phase1) && htmlspecialchars(ipsec_get_descr($ph1idx)) == "") {
117	29c1ecb8	Stephen Jones	foreach ($a_phase1 as $ph1) {
118	80392e01	Stephen Jones	if($con_id == $ph1['ikeid'] && isset($ph1['mobile']) ){
119			print(htmlspecialchars($ph1['descr']));
120	29c1ecb8	Stephen Jones	break;
121			}
122			}
123			}
124	4260c32a	Stephen Beaver	print(htmlspecialchars(ipsec_get_descr($ph1idx)));
125			print("</td>\n");
126	3c5f4441	Stephen Jones
127	4260c32a	Stephen Beaver	print("<td>\n");
128	0da0d43e	Phil Davis
129	4260c32a	Stephen Beaver	if (!empty($ikesa['local-id'])) {
130			if ($ikesa['local-id'] == '%any') {
131			print(gettext('Any identifier'));
132			} else {
133			print(htmlspecialchars($ikesa['local-id']));
134			}
135	5f601060	Phil Davis	} else {
136	4260c32a	Stephen Beaver	print(gettext("Unknown"));
137	5f601060	Phil Davis	}
138	86b2861c	Matt Smith
139	4260c32a	Stephen Beaver	print("</td>\n");
140			print("<td>\n");
141
142			if (!empty($ikesa['local-host'])) {
143			print(htmlspecialchars($ikesa['local-host']));
144	86b2861c	Matt Smith	} else {
145	4260c32a	Stephen Beaver	print(gettext("Unknown"));
146	86b2861c	Matt Smith	}
147	4260c32a	Stephen Beaver
148			/*
149			* XXX: local-nat-t was defined by pfSense
150			* When strongswan team accepted the change, they changed it to
151			* nat-local. Keep both for a while and remove local-nat-t in
152			* the future
153			*/
154			if (isset($ikesa['local-nat-t']) \|\| isset($ikesa['nat-local'])) {
155	e96b20f6	Jose Luis Duran	print(" NAT-T");
156	4260c32a	Stephen Beaver	}
157
158			print("</td>\n");
159			print("<td>\n");
160
161			$identity = "";
162			if (!empty($ikesa['remote-id'])) {
163			if ($ikesa['remote-id'] == '%any') {
164			$identity = htmlspecialchars(gettext('Any identifier'));
165			} else {
166			$identity = htmlspecialchars($ikesa['remote-id']);
167			}
168			}
169
170			if (!empty($ikesa['remote-xauth-id'])) {
171			echo htmlspecialchars($ikesa['remote-xauth-id']);
172			echo "<br/>{$identity}";
173			} elseif (!empty($ikesa['remote-eap-id'])) {
174			echo htmlspecialchars($ikesa['remote-eap-id']);
175			echo "<br/>{$identity}";
176			} else {
177			if (empty($identity)) {
178			print(gettext("Unknown"));
179			} else {
180			print($identity);
181			}
182			}
183
184			print("</td>\n");
185			print("<td>\n");
186
187			if (!empty($ikesa['remote-host'])) {
188			print(htmlspecialchars($ikesa['remote-host']));
189			} else {
190	3795cc0a	sbeaver	print(gettext("Unknown"));
191	4260c32a	Stephen Beaver	}
192			/*
193			* XXX: remote-nat-t was defined by pfSense
194			* When strongswan team accepted the change, they changed it to
195			* nat-remote. Keep both for a while and remove remote-nat-t in
196			* the future
197			*/
198			if (isset($ikesa['remote-nat-t']) \|\| isset($ikesa['nat-remote'])) {
199			print(" NAT-T");
200			}
201
202			print("</td>\n");
203			print("<td>\n");
204			print("IKEv" . htmlspecialchars($ikesa['version']));
205			print("<br/>\n");
206
207			if ($ikesa['initiator'] == 'yes') {
208			print("initiator");
209			} else {
210			print("responder");
211			}
212
213			print("</td>\n");
214			print("<td>\n");
215	c57e936a	stilez	print(htmlspecialchars($ikesa['reauth-time']) . gettext(" seconds (") . convert_seconds_to_dhms($ikesa['reauth-time']) . ")");
216	4260c32a	Stephen Beaver	print("</td>\n");
217			print("<td>\n");
218			print(htmlspecialchars($ikesa['encr-alg']));
219			print("<br/>");
220			print(htmlspecialchars($ikesa['integ-alg']));
221			print("<br/>");
222			print(htmlspecialchars($ikesa['prf-alg']));
223			print("<br/>\n");
224			print(htmlspecialchars($ikesa['dh-group']));
225			print("</td>\n");
226			print("<td>\n");
227
228			if ($ikesa['state'] == 'ESTABLISHED') {
229			print('<span class="text-success">');
230			} else {
231			print('<span>');
232			}
233
234			print(ucfirst(htmlspecialchars($ikesa['state'])));
235	9e820b59	Phil Davis
236			if ($ikesa['state'] == 'ESTABLISHED') {
237	7f0d6ccf	Phil Davis	print("<br/>");
238			printf(gettext('%1$s seconds (%2$s) ago'), htmlspecialchars($ikesa['established']), convert_seconds_to_dhms($ikesa['established']));
239	9e820b59	Phil Davis	}
240
241	3c5f4441	Stephen Jones	print("</span><br /><br />");
242	4260c32a	Stephen Beaver
243			if ($ikesa['state'] != 'ESTABLISHED') {
244
245	1144e24c	Steve Beaver	print('<a href="status_ipsec.php?act=connect&ikeid=' . $con_id . '&ikesaid=' .$ikesa['uniqueid'] . '" class="btn btn-xs btn-success" data-toggle="tooltip" title="' . gettext("Connect VPN"). '" usepost>');
246	9e820b59	Phil Davis	print('<i class="fa fa-sign-in icon-embed-btn"></i>');
247			print(gettext("Connect VPN"));
248			print("</a>\n");
249	4260c32a	Stephen Beaver
250	86b2861c	Matt Smith	} else {
251	4260c32a	Stephen Beaver
252	3c5f4441	Stephen Jones	print('<a href="status_ipsec.php?act=ikedisconnect&ikeid=' . $ikesa['con-id']. '&ikesaid=' .$ikesa['uniqueid'] . '"class="btn btn-xs btn-danger" data-toggle="tooltip" title="' . gettext("Disconnect VPN") . '" usepost>');
253	4260c32a	Stephen Beaver	print('<i class="fa fa-trash icon-embed-btn"></i>');
254			print(gettext("Disconnect"));
255			print("</a><br />\n");
256
257			}
258	7ba6c13b	jim-p	if (empty($ikesa['child-sas'])) {
259			print('<br/><a href="status_ipsec.php?act=childconnect&ikeid=' . substr($con_id, 0, -3) . '" class="btn btn-xs btn-success" data-toggle="tooltip" title="' . gettext("Connect Children"). '" usepost>');
260			print('<i class="fa fa-sign-in icon-embed-btn"></i>');
261			print(gettext("Connect Children"));
262			print("</a>\n");
263			}
264	4260c32a	Stephen Beaver
265			print("</td>\n");
266			print("</tr>\n");
267			print("<tr>\n");
268			print("<td colspan = 10>\n");
269
270			if (is_array($ikesa['child-sas']) && (count($ikesa['child-sas']) > 0)) {
271	130f3c92	Stephen Jones	$child_key = "";
272			foreach ($ikesa['child-sas'] as $key => $val){
273			$child_key = $key;
274			break;
275			}
276	4260c32a	Stephen Beaver
277	067551a4	Stephen Beaver	print('<div>');
278	130f3c92	Stephen Jones	print('<a type="button" id="btnchildsa-'. $child_key . '" class="btn btn-sm btn-info">');
279	4260c32a	Stephen Beaver	print('<i class="fa fa-plus-circle icon-embed-btn"></i>');
280	7ba6c13b	jim-p	print(sprintf(gettext('Show child SA entries (%d)'), count($ikesa['child-sas'])));
281	4260c32a	Stephen Beaver	print("</a>\n");
282			print(" </div>\n");
283
284	130f3c92	Stephen Jones	print('<table class="table table-hover table-condensed" id="childsa-'.$child_key . '" style="display:none">');
285	4260c32a	Stephen Beaver	print("<thead>\n");
286			print('<tr class="bg-info">');
287	3c5f4441	Stephen Jones	print('<th>' . gettext("IPsec ID") . '</th>');
288			print('<th>' . gettext("Local subnets") . '</th>');
289			print('<th>' . gettext("Local SPI(s)") . '</th>');
290			print('<th>' . gettext("Remote subnets") . '</th>');
291			print('<th>' . gettext("Times") . '</th>');
292			print('<th>' . gettext("Algo") . '</th>');
293			print('<th>' . gettext("Stats") . '</th>');
294	4260c32a	Stephen Beaver	print('<th><!-- Buttons --></th>');
295			print("</tr\n");
296			print("</thead>\n");
297			print("<tbody>\n");
298
299			foreach ($ikesa['child-sas'] as $childid => $childsa) {
300			print("<tr>");
301			print("<td>\n");
302	3c5f4441	Stephen Jones	print($childsa['name'] . ":<br />");
303			print("#" . $childsa['uniqueid']);
304			print("</td>\n");
305			print("<td>\n");
306	4260c32a	Stephen Beaver
307			if (is_array($childsa['local-ts'])) {
308			foreach ($childsa['local-ts'] as $lnets) {
309			print(htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />");
310			}
311			} else {
312			print(gettext("Unknown"));
313			}
314
315			print("</td>\n");
316			print("<td>\n");
317
318			if (isset($childsa['spi-in'])) {
319			print(gettext("Local: ") . htmlspecialchars($childsa['spi-in']));
320			}
321
322			if (isset($childsa['spi-out'])) {
323			print('<br/>' . gettext('Remote: ') . htmlspecialchars($childsa['spi-out']));
324			}
325
326			print("</td>\n");
327			print("<td>\n");
328
329			if (is_array($childsa['remote-ts'])) {
330			foreach ($childsa['remote-ts'] as $rnets) {
331			print(htmlspecialchars(ipsec_fixup_network($rnets)) . '<br />');
332			}
333			} else {
334			print(gettext("Unknown"));
335			}
336
337			print("</td>\n");
338			print("<td>\n");
339
340	7f0d6ccf	Phil Davis	printf(gettext('Rekey: %1$s seconds (%2$s)'), htmlspecialchars($childsa['rekey-time']), convert_seconds_to_dhms($childsa['rekey-time']));
341			print('<br/>');
342			printf(gettext('Life: %1$s seconds (%2$s)'), htmlspecialchars($childsa['life-time']), convert_seconds_to_dhms($childsa['life-time']));
343			print('<br/>');
344			printf(gettext('Install: %1$s seconds (%2$s)'), htmlspecialchars($childsa['install-time']), convert_seconds_to_dhms($childsa['install-time']));
345	4260c32a	Stephen Beaver
346
347			print("</td>\n");
348			print("<td>\n");
349
350			print(htmlspecialchars($childsa['encr-alg']) . '<br/>');
351			print(htmlspecialchars($childsa['integ-alg']) . '<br/>');
352
353			if (!empty($childsa['prf-alg'])) {
354			print(htmlspecialchars($childsa['prf-alg']) . '<br/>');
355			}
356
357			if (!empty($childsa['dh-group'])) {
358			print(htmlspecialchars($childsa['dh-group']) . '<br/>');
359			}
360
361			if (!empty($childsa['esn'])) {
362			print(htmlspecialchars($childsa['esn']) . '<br/>');
363			}
364
365			print(gettext("IPComp: "));
366			if (!empty($childsa['cpi-in']) \|\| !empty($childsa['cpi-out'])) {
367			print(htmlspecialchars($childsa['cpi-in']) . " " . htmlspecialchars($childsa['cpi-out']));
368			} else {
369			print(gettext('none'));
370			}
371
372			print("</td>\n");
373			print("<td>\n");
374
375			print(gettext("Bytes-In: ") . htmlspecialchars(number_format($childsa['bytes-in'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-in'])) . ')<br/>');
376			print(gettext("Packets-In: ") . htmlspecialchars(number_format($childsa['packets-in'])) . '<br/>');
377			print(gettext("Bytes-Out: ") . htmlspecialchars(number_format($childsa['bytes-out'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-out'])) . ')<br/>');
378			print(gettext("Packets-Out: ") . htmlspecialchars(number_format($childsa['packets-out'])) . '<br/>');
379
380			print("</td>\n");
381			print("<td>\n");
382	130f3c92	Stephen Jones	print('<a href="status_ipsec.php?act=childdisconnect&ikeid=' . $childsa['name'] . '&ikesaid=' . $childsa['uniqueid'] . '" class="btn btn-xs btn-warning" data-toggle="tooltip" title="' . gettext('Disconnect Child SA') . '" usepost>');
383	4260c32a	Stephen Beaver	print('<i class="fa fa-trash icon-embed-btn"></i>');
384			print(gettext("Disconnect"));
385			print("</a>\n");
386			print("</td>\n");
387			print("</tr>\n");
388
389			}
390
391			print("</tbody>\n");
392			print(" </table>\n");
393			print("</td>\n");
394	9723b525	Stephen Beaver	print("</tr>\n");
395	4260c32a	Stephen Beaver
396	3795cc0a	sbeaver	}
397	4260c32a	Stephen Beaver
398			unset($con_id);
399	86b2861c	Matt Smith	}
400	4260c32a	Stephen Beaver
401			}
402
403			$rgmap = array();
404	4b5f2ab3	Phil Davis	if (is_array($a_phase1)) {
405			foreach ($a_phase1 as $ph1ent) {
406			if (isset($ph1ent['disabled'])) {
407			continue;
408			}
409	4260c32a	Stephen Beaver
410	4b5f2ab3	Phil Davis	$rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway'];
411	4260c32a	Stephen Beaver
412	4b5f2ab3	Phil Davis	if ($ipsecconnected[$ph1ent['ikeid']]) {
413			continue;
414			}
415	4260c32a	Stephen Beaver
416	4b5f2ab3	Phil Davis	print("<tr>\n");
417	437263f2	Stephen Jones	print("<td></td>\n");
418	360e7711	Stephen Jones	print("<td>\n");
419	4b5f2ab3	Phil Davis	print(htmlspecialchars($ph1ent['descr']));
420			print("</td>\n");
421			print("<td>\n");
422			list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
423	4260c32a	Stephen Beaver
424	4b5f2ab3	Phil Davis	if (empty($myid_data)) {
425			print(gettext("Unknown"));
426			} else {
427			print(htmlspecialchars($myid_data));
428			}
429	4260c32a	Stephen Beaver
430	4b5f2ab3	Phil Davis	print("</td>\n");
431			print("<td>\n");
432			$ph1src = ipsec_get_phase1_src($ph1ent);
433	4260c32a	Stephen Beaver
434	4b5f2ab3	Phil Davis	if (empty($ph1src)) {
435			print(gettext("Unknown"));
436			} else {
437	7ba6c13b	jim-p	print(htmlspecialchars(str_replace(',', ', ', $ph1src)));
438	4b5f2ab3	Phil Davis	}
439	4260c32a	Stephen Beaver
440	4b5f2ab3	Phil Davis	print("</td>\n");
441			print("<td>\n");
442	0da0d43e	Phil Davis
443	4b5f2ab3	Phil Davis	list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
444	3795cc0a	sbeaver
445	4b5f2ab3	Phil Davis	if (empty($peerid_data)) {
446			print(gettext("Unknown"));
447			} else {
448			print(htmlspecialchars($peerid_data));
449			}
450			print(" </td>\n");
451			print(" <td>\n");
452			$ph1src = ipsec_get_phase1_dst($ph1ent);
453	0da0d43e	Phil Davis
454	4b5f2ab3	Phil Davis	if (empty($ph1src)) {
455			print(gettext("Unknown"));
456			} else {
457			print(htmlspecialchars($ph1src));
458			}
459	0da0d43e	Phil Davis
460	4260c32a	Stephen Beaver	print("</td>\n");
461			print("<td>\n");
462			print("</td>\n");
463			print("<td>\n");
464			print("</td>\n");
465			print("<td>\n");
466			print("</td>\n");
467	3795cc0a	sbeaver
468	4b5f2ab3	Phil Davis	if (isset($ph1ent['mobile'])) {
469
470			print("<td>\n");
471			print(gettext("Awaiting connections"));
472			print("</td>\n");
473			print("<td>\n");
474			print("</td>\n");
475			print("</td>\n");
476			} else {
477
478			print("<td>\n");
479			print(gettext("Disconnected"));
480	7ba6c13b	jim-p	print("<br/>\n");
481	64d53c69	Steve Beaver	print('<a href="status_ipsec.php?act=connect&ikeid=' . $ph1ent['ikeid'] . '" class="btn btn-xs btn-success" usepost>');
482	4b5f2ab3	Phil Davis	print('<i class="fa fa-sign-in icon-embed-btn"></i>');
483			print(gettext("Connect VPN"));
484			print("</a>\n");
485			print("</td>\n");
486
487			}
488			print("</tr>\n");
489	4260c32a	Stephen Beaver	}
490	97242546	Matt Smith	}
491
492	4260c32a	Stephen Beaver	unset($ipsecconnected, $phase1, $rgmap);
493	86b2861c	Matt Smith	}
494	3795cc0a	sbeaver
495	4260c32a	Stephen Beaver	$pgtitle = array(gettext("Status"), gettext("IPsec"), gettext("Overview"));
496	edcd7535	Phil Davis	$pglinks = array("", "@self", "@self");
497	4260c32a	Stephen Beaver	$shortcut_section = "ipsec";
498	0da0d43e	Phil Davis
499	4260c32a	Stephen Beaver	include("head.inc");
500	0da0d43e	Phil Davis
501	4260c32a	Stephen Beaver	$tab_array = array();
502			$tab_array[] = array(gettext("Overview"), true, "status_ipsec.php");
503			$tab_array[] = array(gettext("Leases"), false, "status_ipsec_leases.php");
504			$tab_array[] = array(gettext("SADs"), false, "status_ipsec_sad.php");
505			$tab_array[] = array(gettext("SPDs"), false, "status_ipsec_spd.php");
506			display_top_tabs($tab_array);
507	3795cc0a	sbeaver	?>
508	0da0d43e	Phil Davis
509	4260c32a	Stephen Beaver	<div class="panel panel-default">
510			<div class="panel-heading"><h2 class="panel-title"><?=gettext("IPsec Status");?></h2></div>
511			<div class="panel-body table-responsive">
512			<table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable>
513			<thead>
514			<tr>
515	3c5f4441	Stephen Jones	<th><?=gettext("IPsec ID")?></th>
516	4260c32a	Stephen Beaver	<th><?=gettext("Description")?></th>
517			<th><?=gettext("Local ID")?></th>
518			<th><?=gettext("Local IP")?></th>
519			<th><?=gettext("Remote ID")?></th>
520			<th><?=gettext("Remote IP")?></th>
521			<th><?=gettext("Role")?></th>
522			<th><?=gettext("Reauth")?></th>
523			<th><?=gettext("Algo")?></th>
524			<th><?=gettext("Status")?></th>
525			<th></th>
526			</tr>
527			</thead>
528			<tbody id="ipsec-body">
529			<tr>
530	fc48da17	NOYB	<td colspan="10">
531	499adf73	Phil Davis	<?=print_info_box(gettext("Collecting IPsec status information."), "warning", "")?>
532	3795cc0a	sbeaver	</td>
533			</tr>
534			</tbody>
535	c7fbdd6c	Ermal	</table>
536			</div>
537	3795cc0a	sbeaver	</div>
538
539			<?php
540			unset($status);
541	4260c32a	Stephen Beaver
542	d2c1089f	Phil Davis	if (ipsec_enabled()) {
543	4260c32a	Stephen Beaver	print('<div class="infoblock">');
544	d2c1089f	Phil Davis	} else {
545	4260c32a	Stephen Beaver	print('<div class="infoblock blockopen">');
546	d2c1089f	Phil Davis	}
547	4260c32a	Stephen Beaver
548	530c7ccf	NOYB	print_info_box(sprintf(gettext('IPsec can be configured %1$shere%2$s.'), '<a href="vpn_ipsec.php">', '</a>'), 'info', false);
549	d2c1089f	Phil Davis	?>
550			</div>
551	4260c32a	Stephen Beaver
552			<script type="text/javascript">
553			//<![CDATA[
554
555			events.push(function() {
556	067551a4	Stephen Beaver	ajax_lock = false; // Mutex so we don't make a call until the previous call is finished
557			sa_open = new Array(); // Array in which to keep the child SA show/hide state
558	29c1ecb8	Stephen Jones	tryCount = 3;
559	4260c32a	Stephen Beaver	// Fetch the tbody contents from the server
560			function update_table() {
561			if (ajax_lock) {
562			return;
563			}
564
565			ajax_lock = true;
566
567			ajaxRequest = $.ajax(
568			{
569			url: "/status_ipsec.php",
570			type: "post",
571			data: {
572			ajax: "ajax"
573	1144e24c	Steve Beaver	},
574			error: function(xhr, textStatus, errorThrown){
575			//alert("error.... retrying");
576	29c1ecb8	Stephen Jones	if (tryCount > 0){
577			tryCount --;
578	1144e24c	Steve Beaver	ajax_lock = false;
579			update_table();
580			}
581			return;
582	4260c32a	Stephen Beaver	}
583			}
584			);
585
586			// Deal with the results of the above ajax call
587			ajaxRequest.done(function (response, textStatus, jqXHR) {
588	29c1ecb8	Stephen Jones	if(textStatus === "success"){
589			tryCount =3;
590			}
591	fc48da17	NOYB	if (!response) {
592	2807660f	Stephen Jones	response = '<tr><td colspan="10"><?=print_info_box(addslashes(gettext("No IPsec status information available.")), "warning", "")?></td></tr>';
593	fc48da17	NOYB	}
594
595	4260c32a	Stephen Beaver	$('#ipsec-body').html(response);
596			ajax_lock = false;
597
598	067551a4	Stephen Beaver	// Update "Show child SA" handlers
599			$('[id^=btnchildsa-]').click(function () {
600	3c5f4441	Stephen Jones	show_childsa($(this).prop("id").replace( 'btnchildsa-', ''));
601	067551a4	Stephen Beaver	});
602
603			// Check the sa_open array for child SAs that have been opened
604	3c5f4441	Stephen Jones	$('[id^=childsa-]').each(function(idx) {
605			sa_idx = $(this).prop("id").replace( 'childsa-', '');
606	4260c32a	Stephen Beaver
607			if (sa_open[sa_idx]) {
608	067551a4	Stephen Beaver	show_childsa(sa_idx);
609	4260c32a	Stephen Beaver	}
610			});
611
612	64d53c69	Steve Beaver	// re-attached the GET to POST handler
613			interceptGET();
614
615	4260c32a	Stephen Beaver	// and do it again
616			setTimeout(update_table, 5000);
617			});
618			}
619
620	067551a4	Stephen Beaver	function show_childsa(said) {
621			sa_open[said] = true;
622	3c5f4441	Stephen Jones	$('#childsa-' + said).show();
623	7ba6c13b	jim-p	$('#btnchildsa-' + said).hide();
624	067551a4	Stephen Beaver	}
625
626	4260c32a	Stephen Beaver	// Populate the tbody on page load
627			update_table();
628			});
629			//]]>
630			</script>
631
632	d2c1089f	Phil Davis	<?php
633	3795cc0a	sbeaver	include("foot.inc"); ?>

Project

General

Profile

pfSense