/usr/local/www/vpn_ipsec_phase2.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase2.php @ 87808568

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase2.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
7	29aef6c4	Jim Thompson	Copyright (C) 2008 Shrew Soft Inc
8	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
9	a93e56c5	Matthew Grooms	All rights reserved.
10
11			Redistribution and use in source and binary forms, with or without
12			modification, are permitted provided that the following conditions are met:
13
14			1. Redistributions of source code must retain the above copyright notice,
15			this list of conditions and the following disclaimer.
16
17			2. Redistributions in binary form must reproduce the above copyright
18			notice, this list of conditions and the following disclaimer in the
19			documentation and/or other materials provided with the distribution.
20
21			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
22			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
23			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
25			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30			POSSIBILITY OF SUCH DAMAGE.
31			*/
32
33	6b07c15a	Matthew Grooms	##\|+PRIV
34			##\|*IDENT=page-vpn-ipsec-editphase2
35			##\|*NAME=VPN: IPsec: Edit Phase 2 page
36			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
37			##\|MATCH=vpn_ipsec_phase2.php
38			##\|-PRIV
39
40	0f84b741	Scott Ullrich	require("functions.inc");
41	a93e56c5	Matthew Grooms	require("guiconfig.inc");
42	483e6de8	Scott Ullrich	require_once("ipsec.inc");
43			require_once("vpn.inc");
44	a93e56c5	Matthew Grooms
45	3462a529	Matthew Grooms	if (!is_array($config['ipsec']['client']))
46			$config['ipsec']['client'] = array();
47
48			$a_client = &$config['ipsec']['client'];
49
50	6c3be365	Chris Buechler	if (!is_array($config['ipsec']['phase1']))
51			$config['ipsec']['phase1'] = array();
52
53	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase2']))
54			$config['ipsec']['phase2'] = array();
55
56	6c3be365	Chris Buechler	$a_phase1 = &$config['ipsec']['phase1'];
57	a93e56c5	Matthew Grooms	$a_phase2 = &$config['ipsec']['phase2'];
58
59	9b915686	Ermal	if (!empty($_GET['p2index']))
60			$uindex = $_GET['p2index'];
61			if (!empty($_POST['uniqid']))
62			$uindex = $_POST['uniqid'];
63
64			if (!empty($_GET['dup']))
65			$uindex = $_GET['dup'];
66
67			$ph2found = false;
68			if (isset($uindex)) {
69			foreach ($a_phase2 as $p2index => $ph2) {
70			if ($ph2['uniqid'] == $uindex) {
71			$ph2found = true;
72			break;
73			}
74			}
75			}
76	a93e56c5	Matthew Grooms
77	9b915686	Ermal	if ($ph2found === true)
78	a93e56c5	Matthew Grooms	{
79	9b915686	Ermal	$pconfig['ikeid'] = $ph2['ikeid'];
80			$pconfig['disabled'] = isset($ph2['disabled']);
81			$pconfig['mode'] = $ph2['mode'];
82			$pconfig['descr'] = $ph2['descr'];
83			$pconfig['uniqid'] = $ph2['uniqid'];
84
85			if (!empty($ph2['natlocalid']))
86			idinfo_to_pconfig("natlocal",$ph2['natlocalid'],$pconfig);
87			idinfo_to_pconfig("local",$ph2['localid'],$pconfig);
88			idinfo_to_pconfig("remote",$ph2['remoteid'],$pconfig);
89
90			$pconfig['proto'] = $ph2['protocol'];
91			ealgos_to_pconfig($ph2['encryption-algorithm-option'],$pconfig);
92			$pconfig['halgos'] = $ph2['hash-algorithm-option'];
93			$pconfig['pfsgroup'] = $ph2['pfsgroup'];
94			$pconfig['lifetime'] = $ph2['lifetime'];
95			$pconfig['pinghost'] = $ph2['pinghost'];
96	1fe208ec	Ermal LUÇI	$pconfig['reqid'] = $ph2['reqid'];
97	9b915686	Ermal
98			if (isset($ph2['mobile']))
99	3462a529	Matthew Grooms	$pconfig['mobile'] = true;
100	a93e56c5	Matthew Grooms	}
101			else
102			{
103			$pconfig['ikeid'] = $_GET['ikeid'];
104
105			/* defaults */
106			$pconfig['localid_type'] = "lan";
107			$pconfig['remoteid_type'] = "network";
108			$pconfig['proto'] = "esp";
109	c39feb71	Chris Buechler	$pconfig['ealgos'] = explode(",", "aes");
110			$pconfig['halgos'] = explode(",", "hmac_sha1");
111	a93e56c5	Matthew Grooms	$pconfig['pfsgroup'] = "0";
112			$pconfig['lifetime'] = "3600";
113	9b915686	Ermal	$pconfig['uniqid'] = uniqid();
114	3462a529	Matthew Grooms
115	9b915686	Ermal	/* mobile client */
116			if($_GET['mobile'])
117			$pconfig['mobile']=true;
118	a93e56c5	Matthew Grooms	}
119
120	9b915686	Ermal	unset($ph2);
121			if (!empty($_GET['dup'])) {
122			unset($uindex);
123	a93e56c5	Matthew Grooms	unset($p2index);
124	9b915686	Ermal	$pconfig['uniqid'] = uniqid();
125	fa776555	Ermal LUÇI	$pconfig['reqid'] = ipsec_new_reqid();
126	9b915686	Ermal	}
127	a93e56c5	Matthew Grooms
128			if ($_POST) {
129
130			unset($input_errors);
131			$pconfig = $_POST;
132
133			if (!isset( $_POST['ikeid']))
134	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid ikeid must be specified.");
135	a93e56c5	Matthew Grooms
136			/* input validation */
137	c650b2f7	Ermal	$reqdfields = explode(" ", "localid_type uniqid");
138			$reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier"));
139	3462a529	Matthew Grooms	if (!isset($pconfig['mobile'])){
140			$reqdfields[] = "remoteid_type";
141	123929e0	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote network type");
142	3462a529	Matthew Grooms	}
143	a93e56c5	Matthew Grooms
144	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
145	a93e56c5	Matthew Grooms
146	3795d067	Seth Mos	if(($pconfig['mode'] == "tunnel") \|\| ($pconfig['mode'] == "tunnel6"))
147	4b96b367	mgrooms	{
148			switch ($pconfig['localid_type']) {
149			case "network":
150	184d50b5	Ermal Lu?i	if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) \|\| !is_numeric($pconfig['localid_netbits']))
151	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network bit count must be specified.");
152	4b96b367	mgrooms	case "address":
153			if (!$pconfig['localid_address'] \|\| !is_ipaddr($pconfig['localid_address']))
154	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network IP address must be specified.");
155	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel"))
156			$input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6");
157			elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6"))
158			$input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4");
159	4b96b367	mgrooms	break;
160			}
161	a5a483e0	jim-p	/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
162			if (is_array($config['interfaces'][$pconfig['localid_type']])) {
163			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
164			$address = get_interface_ip($pconfig['localid_type']);
165			$netbits = get_interface_subnet($pconfig['localid_type']);
166
167			if (empty($address) \|\| empty($netbits))
168			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
169			}
170	3c107b76	Ermal
171	72dd4f07	Ermal	if (!empty($pconfig['natlocalid_address'])) {
172	261e72f0	Ermal	switch ($pconfig['natlocalid_type']) {
173			case "network":
174			if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) \|\| !is_numeric($pconfig['natlocalid_netbits']))
175	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network bit count must be specified.");
176	8d1a9e58	Ermal	if ($pconfig['localid_type'] == "address")
177			$input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
178	261e72f0	Ermal	case "address":
179			if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address']))
180	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IP address must be specified.");
181	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel"))
182	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6");
183	e4ffca08	Renato Botelho	elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6"))
184	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4");
185	261e72f0	Ermal	break;
186			}
187
188			if (is_array($config['interfaces'][$pconfig['natlocalid_type']])) {
189			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
190			$address = get_interface_ip($pconfig['natlocalid_type']);
191			$netbits = get_interface_subnet($pconfig['natlocalid_type']);
192
193			if (empty($address) \|\| empty($netbits))
194			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['natlocalid_type']) . " " . gettext("has no subnet.");
195			}
196	3c107b76	Ermal	}
197	a5a483e0	jim-p
198	4b96b367	mgrooms	switch ($pconfig['remoteid_type']) {
199			case "network":
200	184d50b5	Ermal Lu?i	if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) \|\| !is_numeric($pconfig['remoteid_netbits']))
201	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network bit count must be specified.");
202	4b96b367	mgrooms	case "address":
203			if (!$pconfig['remoteid_address'] \|\| !is_ipaddr($pconfig['remoteid_address']))
204	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network IP address must be specified.");
205	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel"))
206			$input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6");
207			elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6"))
208			$input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4");
209	4b96b367	mgrooms	break;
210			}
211	a93e56c5	Matthew Grooms	}
212	538b6eb3	Evgeny Yurchenko	/* Validate enabled phase2's are not duplicates */
213	061f28bf	Evgeny Yurchenko	if (isset($pconfig['mobile'])){
214	538b6eb3	Evgeny Yurchenko	/* User is adding phase 2 for mobile phase1 */
215	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
216	9b915686	Ermal	if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) {
217	061f28bf	Evgeny Yurchenko	/* check duplicate localids only for mobile clents */
218	d83045b5	Ermal	$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
219	3da5c50d	Evgeny Yurchenko	$entered = array();
220			$entered['type'] = $pconfig['localid_type'];
221			if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
222			if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
223	d83045b5	Ermal	$entered_localid_data = ipsec_idinfo_to_cidr($entered, false, $pconfig['mode']);
224	b717f1bc	Evgeny Yurchenko	if ($localid_data == $entered_localid_data){
225	9b915686	Ermal	/* adding new p2 entry */
226			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
227			break;
228	061f28bf	Evgeny Yurchenko	}
229			}
230			}
231	538b6eb3	Evgeny Yurchenko	}else{
232			/* User is adding phase 2 for site-to-site phase1 */
233			$input_error = 0;
234	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
235	9b915686	Ermal	if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid'] && $pconfig['uniqid'] != $name['uniqid']) {
236	538b6eb3	Evgeny Yurchenko	/* check duplicate subnets only for given phase1 */
237	d83045b5	Ermal	$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
238			$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid'], false, $name['mode']);
239	3da5c50d	Evgeny Yurchenko	$entered_local = array();
240			$entered_local['type'] = $pconfig['localid_type'];
241			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
242			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
243	d83045b5	Ermal	$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
244	3da5c50d	Evgeny Yurchenko	$entered_remote = array();
245			$entered_remote['type'] = $pconfig['remoteid_type'];
246			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
247			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
248	d83045b5	Ermal	$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
249	3da5c50d	Evgeny Yurchenko	if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
250	9b915686	Ermal	/* adding new p2 entry */
251			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
252			break;
253	538b6eb3	Evgeny Yurchenko	}
254			}
255			}
256	708af634	Chris Buechler	foreach ($a_phase1 as $phase1) {
257			if($phase1['ikeid'] == $pconfig['ikeid']) {
258			/* This is the P1 for this entry, validate its remote-gateway and local interface isn't within tunnel */
259			$entered_local = array();
260			$entered_local['type'] = $pconfig['localid_type'];
261			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
262			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
263			$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
264	ba0bc258	Ermal LUÇI	list($entered_local_network, $entered_local_mask) = explode('/', $entered_localid_data);
265	708af634	Chris Buechler	$entered_remote = array();
266			$entered_remote['type'] = $pconfig['remoteid_type'];
267			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
268			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
269			$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
270	ba0bc258	Ermal LUÇI	list($entered_remote_network, $entered_remote_mask) = explode('/', $entered_remoteid_data);
271	708af634	Chris Buechler	if ($phase1['protocol'] == "inet6") {
272			$if = get_failover_interface($phase1['interface'], "inet6");
273			$interfaceip = get_interface_ipv6($if);
274			} else {
275			$if = get_failover_interface($phase1['interface']);
276			$interfaceip = get_interface_ip($if);
277			}
278			/* skip validation for hostnames, they're subject to change anyway */
279			if (is_ipaddr($phase1['remote-gateway'])) {
280			if ($pconfig['mode'] == "tunnel") {
281			if(check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) {
282			$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
283			break;
284			}
285			} else if ($pconfig['mode'] == "tunnel6") {
286			if(check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) {
287			$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
288			break;
289			}
290			}
291	6c3be365	Chris Buechler	}
292			}
293			}
294	538b6eb3	Evgeny Yurchenko	}
295	3462a529	Matthew Grooms
296	b20a5cdb	Pierre POMES	/* For ESP protocol, handle encryption algorithms */
297			if ( $pconfig['proto'] == "esp") {
298			$ealgos = pconfig_to_ealgos($pconfig);
299
300			if (!count($ealgos)) {
301			$input_errors[] = gettext("At least one encryption algorithm must be selected.");
302	c650b2f7	Ermal	} else {
303	f950a062	Ermal	if (empty($pconfig['halgos'])) {
304	c650b2f7	Ermal	foreach ($ealgos as $ealgo) {
305			if (!strpos($ealgo['name'], "gcm")) {
306			$input_errors[] = gettext("At least one hashing algorithm needs to be selected.");
307			break;
308			}
309			}
310			}
311	b20a5cdb	Pierre POMES	}
312	c650b2f7	Ermal
313	a93e56c5	Matthew Grooms	}
314			if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
315	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("The P2 lifetime must be an integer.");
316	a93e56c5	Matthew Grooms	}
317
318			if (!$input_errors) {
319	3462a529	Matthew Grooms
320	9b915686	Ermal	$ph2ent = array();
321	3462a529	Matthew Grooms	$ph2ent['ikeid'] = $pconfig['ikeid'];
322	9b915686	Ermal	$ph2ent['uniqid'] = $pconfig['uniqid'];
323	4b96b367	mgrooms	$ph2ent['mode'] = $pconfig['mode'];
324	3462a529	Matthew Grooms	$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
325	1fe208ec	Ermal LUÇI	if (!isset($pconfig['reqid']))
326			$ph2ent['reqid'] = ipsec_new_reqid();
327			else
328			$ph2ent['reqid'] = $pconfig['reqid'];
329	3462a529	Matthew Grooms
330	3795d067	Seth Mos	if(($ph2ent['mode'] == "tunnel") \|\| ($ph2ent['mode'] == "tunnel6")){
331	72dd4f07	Ermal	if (!empty($pconfig['natlocalid_address']))
332	3c107b76	Ermal	$ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal",$pconfig);
333	4b96b367	mgrooms	$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
334			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
335			}
336	3462a529	Matthew Grooms
337			$ph2ent['protocol'] = $pconfig['proto'];
338	a93e56c5	Matthew Grooms	$ph2ent['encryption-algorithm-option'] = $ealgos;
339	c650b2f7	Ermal	if (!empty($pconfig['halgos']))
340			$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
341			else
342			unset($ph2ent['hash-algorithm-option']);
343	3462a529	Matthew Grooms	$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
344			$ph2ent['lifetime'] = $pconfig['lifetime'];
345	87e07f52	mgrooms	$ph2ent['pinghost'] = $pconfig['pinghost'];
346	3462a529	Matthew Grooms	$ph2ent['descr'] = $pconfig['descr'];
347
348			if (isset($pconfig['mobile']))
349			$ph2ent['mobile'] = true;
350	a93e56c5	Matthew Grooms
351	9b915686	Ermal	if ($ph2found === true && $a_phase2[$p2index])
352	a93e56c5	Matthew Grooms	$a_phase2[$p2index] = $ph2ent;
353			else
354			$a_phase2[] = $ph2ent;
355
356	e92fb875	Seth Mos
357	a93e56c5	Matthew Grooms	write_config();
358	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
359	a93e56c5	Matthew Grooms
360			header("Location: vpn_ipsec.php");
361			exit;
362			}
363			}
364
365	3462a529	Matthew Grooms	if ($pconfig['mobile'])
366	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
367	3462a529	Matthew Grooms	else
368	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
369	b32dd0a6	jim-p	$shortcut_section = "ipsec";
370	6deedfde	jim-p
371	3462a529	Matthew Grooms
372	a93e56c5	Matthew Grooms	include("head.inc");
373
374			?>
375
376			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
377			<?php include("fbegin.inc"); ?>
378	3a50eb39	Colin Fleming	<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
379	91f026b0	ayvis	<script type="text/javascript">
380	3a50eb39	Colin Fleming	//<![CDATA[
381	4b96b367	mgrooms
382			function change_mode() {
383			index = document.iform.mode.selectedIndex;
384			value = document.iform.mode.options[index].value;
385	3795d067	Seth Mos	if ((value == 'tunnel') \|\| (value == 'tunnel6')) {
386	4b96b367	mgrooms	document.getElementById('opt_localid').style.display = '';
387	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
388	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = '';
389	71880c96	pierrepomes	<?php endif; ?>
390	4b96b367	mgrooms	} else {
391			document.getElementById('opt_localid').style.display = 'none';
392	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
393	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = 'none';
394	71880c96	pierrepomes	<?php endif; ?>
395	4b96b367	mgrooms	}
396			}
397
398	3c107b76	Ermal	function typesel_change_natlocal(bits) {
399			var value = document.iform.mode.options[index].value;
400			if (typeof(bits) === "undefined") {
401			if (value === "tunnel") {
402			bits = 24;
403			}
404			else if (value === "tunnel6") {
405			bits = 64;
406			}
407			}
408			var address_is_blank = !/\S/.test(document.iform.natlocalid_address.value);
409			switch (document.iform.natlocalid_type.selectedIndex) {
410			case 0: /* single */
411			document.iform.natlocalid_address.disabled = 0;
412			if (address_is_blank) {
413			document.iform.natlocalid_netbits.value = 0;
414			}
415			document.iform.natlocalid_netbits.disabled = 1;
416			break;
417			case 1: /* network */
418			document.iform.natlocalid_address.disabled = 0;
419			if (address_is_blank) {
420			document.iform.natlocalid_netbits.value = bits;
421			}
422			document.iform.natlocalid_netbits.disabled = 0;
423			break;
424			case 3: /* none */
425			document.iform.natlocalid_address.disabled = 1;
426			document.iform.natlocalid_netbits.disabled = 1;
427			break;
428			default:
429			document.iform.natlocalid_address.value = "";
430			document.iform.natlocalid_address.disabled = 1;
431			if (address_is_blank) {
432			document.iform.natlocalid_netbits.value = 0;
433			}
434			document.iform.natlocalid_netbits.disabled = 1;
435			break;
436			}
437			}
438
439	a93e56c5	Matthew Grooms	function typesel_change_local(bits) {
440	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
441			if (typeof(bits) === "undefined") {
442			if (value === "tunnel") {
443			bits = 24;
444			}
445			else if (value === "tunnel6") {
446			bits = 64;
447			}
448			}
449			var address_is_blank = !/\S/.test(document.iform.localid_address.value);
450	a93e56c5	Matthew Grooms	switch (document.iform.localid_type.selectedIndex) {
451			case 0: /* single */
452			document.iform.localid_address.disabled = 0;
453	c2feff64	Darren Embry	if (address_is_blank) {
454			document.iform.localid_netbits.value = 0;
455			}
456	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
457			break;
458			case 1: /* network */
459			document.iform.localid_address.disabled = 0;
460	c2feff64	Darren Embry	if (address_is_blank) {
461			document.iform.localid_netbits.value = bits;
462			}
463	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 0;
464			break;
465	63017a73	Ermal Lu?i	case 3: /* none */
466			document.iform.localid_address.disabled = 1;
467			document.iform.localid_netbits.disabled = 1;
468			break;
469	a93e56c5	Matthew Grooms	default:
470			document.iform.localid_address.value = "";
471			document.iform.localid_address.disabled = 1;
472	c2feff64	Darren Embry	if (address_is_blank) {
473			document.iform.localid_netbits.value = 0;
474			}
475	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
476			break;
477			}
478			}
479	3462a529	Matthew Grooms
480	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
481	3462a529	Matthew Grooms
482	a93e56c5	Matthew Grooms	function typesel_change_remote(bits) {
483	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
484			if (typeof(bits) === "undefined") {
485			if (value === "tunnel") {
486			bits = 24;
487			}
488			else if (value === "tunnel6") {
489			bits = 64;
490			}
491			}
492			var address_is_blank = !/\S/.test(document.iform.remoteid_address.value);
493	a93e56c5	Matthew Grooms	switch (document.iform.remoteid_type.selectedIndex) {
494			case 0: /* single */
495			document.iform.remoteid_address.disabled = 0;
496	c2feff64	Darren Embry	if (address_is_blank) {
497			document.iform.remoteid_netbits.value = 0;
498			}
499	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
500			break;
501			case 1: /* network */
502			document.iform.remoteid_address.disabled = 0;
503	c2feff64	Darren Embry	if (address_is_blank) {
504			document.iform.remoteid_netbits.value = bits;
505			}
506	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 0;
507			break;
508			default:
509			document.iform.remoteid_address.value = "";
510			document.iform.remoteid_address.disabled = 1;
511	c2feff64	Darren Embry	if (address_is_blank) {
512			document.iform.remoteid_netbits.value = 0;
513			}
514	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
515			break;
516			}
517			}
518	3462a529	Matthew Grooms
519			<?php endif; ?>
520
521	4b96b367	mgrooms	function change_protocol() {
522	87e07f52	mgrooms	index = document.iform.proto.selectedIndex;
523			value = document.iform.proto.options[index].value;
524			if (value == 'esp')
525			document.getElementById('opt_enc').style.display = '';
526			else
527			document.getElementById('opt_enc').style.display = 'none';
528			}
529
530	3a50eb39	Colin Fleming	//]]>
531	a93e56c5	Matthew Grooms	</script>
532	5a3b0d3b	mgrooms
533			<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
534
535			<?php
536			if ($input_errors)
537			print_input_errors($input_errors);
538			?>
539
540	3a50eb39	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-2">
541	5a3b0d3b	mgrooms	<tr class="tabnavtbl">
542			<td id="tabnav">
543			<?php
544			$tab_array = array();
545	123929e0	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
546			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
547	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
548	71172088	jim-p	$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
549	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
550			?>
551			</td>
552			</tr>
553			<tr>
554			<td id="mainarea">
555			<div class="tabcont">
556	3a50eb39	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
557	5a3b0d3b	mgrooms	<tr>
558	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
559	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
560	3a50eb39	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
561	123929e0	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase2 entry"); ?></strong>
562	8cd558b6	ayvis	<br />
563	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
564			"removing it from the list"); ?>.
565	5a3b0d3b	mgrooms	</span>
566			</td>
567			</tr>
568			<tr>
569	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
570	4b96b367	mgrooms	<td width="78%" class="vtable">
571	3a50eb39	Colin Fleming	<select name="mode" class="formselect" onchange="change_mode()">
572	4b96b367	mgrooms	<?php
573			foreach($p2_modes as $name => $value):
574			$selected = "";
575			if ($name == $pconfig['mode'])
576	3a50eb39	Colin Fleming	$selected = "selected=\"selected\"";
577	4b96b367	mgrooms	?>
578			<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
579			<?php endforeach; ?>
580			</select>
581			</td>
582			</tr>
583			<tr id="opt_localid">
584	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
585	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
586	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="local network">
587	5a3b0d3b	mgrooms	<tr>
588	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
589	5a3b0d3b	mgrooms	<td></td>
590			<td>
591	3a50eb39	Colin Fleming	<select name="localid_type" class="formselect" onchange="typesel_change_local()">
592			<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected=\"selected\"";?>><?=gettext("Address"); ?></option>
593			<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected=\"selected\"";?>><?=gettext("Network"); ?></option>
594	d48dbceb	Erik Fonnesbeck	<?php
595			$iflist = get_configured_interface_with_descr();
596			foreach ($iflist as $ifname => $ifdescr):
597			?>
598	3a50eb39	Colin Fleming	<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected=\"selected\"";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
599	d48dbceb	Erik Fonnesbeck	<?php endforeach; ?>
600	5a3b0d3b	mgrooms	</select>
601			</td>
602			</tr>
603			<tr>
604	11c160b0	Rafael Lucas	<td><?=gettext("Address:");?>  </td>
605	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
606			<td>
607	3a50eb39	Colin Fleming	<input name="localid_address" type="text" class="formfld unknown ipv4v6" id="localid_address" size="28" value="<?=htmlspecialchars($pconfig['localid_address']);?>" />
608	5a3b0d3b	mgrooms	/
609	6255beda	Darren Embry	<select name="localid_netbits" class="formselect ipv4v6" id="localid_netbits">
610	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--): ?>
611	3a50eb39	Colin Fleming	<option value="<?=$i;?>" <?php if (isset($pconfig['localid_netbits']) && $i == $pconfig['localid_netbits']) echo "selected=\"selected\""; ?>>
612	5a3b0d3b	mgrooms	<?=$i;?>
613			</option>
614			<?php endfor; ?>
615			</select>
616			</td>
617			</tr>
618	3c107b76	Ermal	<tr> <td colspan="3">
619	8cd558b6	ayvis	<br />
620	3c107b76	Ermal	<?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?>
621			</td></tr>
622			<tr>
623			<td><?=gettext("Type"); ?>:  </td>
624			<td></td>
625			<td>
626	3a50eb39	Colin Fleming	<select name="natlocalid_type" class="formselect" onchange="typesel_change_natlocal()">
627			<option value="address" <?php if ($pconfig['natlocalid_type'] == "address") echo "selected=\"selected\"";?>><?=gettext("Address"); ?></option>
628			<option value="network" <?php if ($pconfig['natlocalid_type'] == "network") echo "selected=\"selected\"";?>><?=gettext("Network"); ?></option>
629	3c107b76	Ermal	<?php
630			$iflist = get_configured_interface_with_descr();
631			foreach ($iflist as $ifname => $ifdescr):
632			?>
633	3a50eb39	Colin Fleming	<option value="<?=$ifname; ?>" <?php if ($pconfig['natlocalid_type'] == $ifname ) echo "selected=\"selected\"";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
634	3c107b76	Ermal	<?php endforeach; ?>
635	3a50eb39	Colin Fleming	<option value="none" <?php if (empty($pconfig['natlocalid_type']) \|\| $pconfig['natlocalid_type'] == "none" ) echo "selected=\"selected\"";?>><?=gettext("None"); ?></option>
636	3c107b76	Ermal	</select>
637			</td>
638			</tr>
639			<tr>
640			<td><?=gettext("Address:");?>  </td>
641			<td><?=$mandfldhtmlspc;?></td>
642			<td>
643	3a50eb39	Colin Fleming	<input name="natlocalid_address" type="text" class="formfld unknown ipv4v6" id="natlocalid_address" size="28" value="<?=htmlspecialchars($pconfig['natlocalid_address']);?>" />
644	3c107b76	Ermal	/
645			<select name="natlocalid_netbits" class="formselect ipv4v6" id="natlocalid_netbits">
646			<?php for ($i = 128; $i >= 0; $i--): ?>
647	3a50eb39	Colin Fleming	<option value="<?=$i;?>" <?php if (isset($pconfig['natlocalid_netbits']) && $i == $pconfig['natlocalid_netbits']) echo "selected=\"selected\""; ?>>
648	3c107b76	Ermal	<?=$i;?>
649			</option>
650			<?php endfor; ?>
651			</select>
652			</td>
653			</tr>
654	5a3b0d3b	mgrooms	</table>
655			</td>
656			</tr>
657
658			<?php if (!isset($pconfig['mobile'])): ?>
659
660	4b96b367	mgrooms	<tr id="opt_remoteid">
661	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
662	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
663	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="remote network">
664	5a3b0d3b	mgrooms	<tr>
665	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
666	5a3b0d3b	mgrooms	<td></td>
667			<td>
668	3a50eb39	Colin Fleming	<select name="remoteid_type" class="formselect" onchange="typesel_change_remote()">
669			<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected=\"selected\""; ?>><?=gettext("Address"); ?></option>
670			<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
671	5a3b0d3b	mgrooms	</select>
672			</td>
673			</tr>
674			<tr>
675	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Address"); ?>:  </td>
676	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
677			<td>
678	3a50eb39	Colin Fleming	<input name="remoteid_address" type="text" class="formfld unknown ipv4v6" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>" />
679	5a3b0d3b	mgrooms	/
680	6255beda	Darren Embry	<select name="remoteid_netbits" class="formselect ipv4v6" id="remoteid_netbits">
681	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--) {
682	184d50b5	Ermal Lu?i
683			echo "<option value=\"{$i}\"";
684	3a50eb39	Colin Fleming	if (isset($pconfig['remoteid_netbits']) && $i == $pconfig['remoteid_netbits']) echo " selected=\"selected\"";
685	184d50b5	Ermal Lu?i	echo ">{$i}</option>\n";
686			} ?>
687	5a3b0d3b	mgrooms	</select>
688			</td>
689			</tr>
690			</table>
691	a93e56c5	Matthew Grooms	</td>
692	5a3b0d3b	mgrooms	</tr>
693
694	3462a529	Matthew Grooms	<?php endif; ?>
695	5a3b0d3b	mgrooms
696			<tr>
697	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
698	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
699	3a50eb39	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
700	8cd558b6	ayvis	<br />
701	5a3b0d3b	mgrooms	<span class="vexpl">
702	123929e0	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
703			"for your reference (not parsed)"); ?>.
704	5a3b0d3b	mgrooms	</span>
705			</td>
706			</tr>
707			<tr>
708			<td colspan="2" class="list" height="12"></td>
709			</tr>
710			<tr>
711			<td colspan="2" valign="top" class="listtopic">
712	123929e0	Carlos Eduardo Ramos	<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
713	5a3b0d3b	mgrooms	</td>
714			</tr>
715			<tr>
716	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
717	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
718	3a50eb39	Colin Fleming	<select name="proto" class="formselect" onchange="change_protocol()">
719	5a3b0d3b	mgrooms	<?php foreach ($p2_protos as $proto => $protoname): ?>
720	3a50eb39	Colin Fleming	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected=\"selected\""; ?>>
721	5a3b0d3b	mgrooms	<?=htmlspecialchars($protoname);?>
722			</option>
723			<?php endforeach; ?>
724			</select>
725	8cd558b6	ayvis	<br />
726	5a3b0d3b	mgrooms	<span class="vexpl">
727	123929e0	Carlos Eduardo Ramos	<?=gettext("ESP is encryption, AH is authentication only"); ?>
728	5a3b0d3b	mgrooms	</span>
729			</td>
730			</tr>
731	87e07f52	mgrooms	<tr id="opt_enc">
732	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
733	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
734	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="encryption">
735	5a3b0d3b	mgrooms	<?php
736			foreach ($p2_ealgos as $algo => $algodata):
737			$checked = '';
738	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos']) && in_array($algo,$pconfig['ealgos']))
739	3a50eb39	Colin Fleming	$checked = " checked=\"checked\"";
740	5a3b0d3b	mgrooms	?>
741			<tr>
742			<td>
743	3a50eb39	Colin Fleming	<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?> />
744	5a3b0d3b	mgrooms	</td>
745			<td>
746			<?=htmlspecialchars($algodata['name']);?>
747			</td>
748			<td>
749			<?php if(is_array($algodata['keysel'])): ?>
750
751			<select name="keylen_<?=$algo;?>" class="formselect">
752	123929e0	Carlos Eduardo Ramos	<option value="auto"><?=gettext("auto"); ?></option>
753	5a3b0d3b	mgrooms	<?php
754			$key_hi = $algodata['keysel']['hi'];
755			$key_lo = $algodata['keysel']['lo'];
756			$key_step = $algodata['keysel']['step'];
757			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
758	3a50eb39	Colin Fleming	$selected = "";
759	5a3b0d3b	mgrooms	// if ($checked && in_array("keylen_".$algo,$pconfig))
760			if ($keylen == $pconfig["keylen_".$algo])
761	3a50eb39	Colin Fleming	$selected = " selected=\"selected\"";
762	5a3b0d3b	mgrooms	?>
763	123929e0	Carlos Eduardo Ramos	<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
764	5a3b0d3b	mgrooms	<?php endfor; ?>
765			</select>
766			<?php endif; ?>
767			</td>
768			</tr>
769
770			<?php endforeach; ?>
771
772			</table>
773	8cd558b6	ayvis	<br />
774	123929e0	Carlos Eduardo Ramos	<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
775			"crypto accelerator card. Blowfish is usually the fastest in " .
776			"software encryption"); ?>.
777	5a3b0d3b	mgrooms	</td>
778			</tr>
779			<tr>
780	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
781	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
782			<?php foreach ($p2_halgos as $algo => $algoname): ?>
783	3a50eb39	Colin Fleming	<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked=\"checked\""; ?> />
784	5a3b0d3b	mgrooms	<?=htmlspecialchars($algoname);?>
785	8cd558b6	ayvis	<br />
786	5a3b0d3b	mgrooms	<?php endforeach; ?>
787			</td>
788			</tr>
789			<tr>
790	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
791	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
792			<?php if (!isset($pconfig['mobile']) \|\| !isset($a_client['pfs_group'])): ?>
793			<select name="pfsgroup" class="formselect">
794			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
795	3a50eb39	Colin Fleming	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected=\"selected\""; ?>>
796	5a3b0d3b	mgrooms	<?=htmlspecialchars($keygroupname);?>
797			</option>
798			<?php endforeach; ?>
799			</select>
800	8cd558b6	ayvis	<br />
801	5a3b0d3b	mgrooms	<?php else: ?>
802
803	3a50eb39	Colin Fleming	<select class="formselect" disabled="disabled">
804			<option selected="selected"><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
805	5a3b0d3b	mgrooms	</select>
806	3a50eb39	Colin Fleming	<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>" />
807	8cd558b6	ayvis	<br />
808	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
809	5a3b0d3b	mgrooms	<?php endif; ?>
810			</td>
811			</tr>
812			<tr>
813	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
814	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
815	3a50eb39	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />
816	123929e0	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
817	5a3b0d3b	mgrooms	</td>
818			</tr>
819	87e07f52	mgrooms	<tr>
820			<td colspan="2" class="list" height="12"></td>
821			</tr>
822			<tr>
823	123929e0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
824	87e07f52	mgrooms	</tr>
825			<tr>
826	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
827	87e07f52	mgrooms	<td width="78%" class="vtable">
828	3a50eb39	Colin Fleming	<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="28" value="<?=htmlspecialchars($pconfig['pinghost']);?>" />
829	123929e0	Carlos Eduardo Ramos	<?=gettext("IP address"); ?>
830	87e07f52	mgrooms	</td>
831			</tr>
832	5a3b0d3b	mgrooms	<tr>
833			<td width="22%" valign="top"> </td>
834			<td width="78%">
835			<?php if ($pconfig['mobile']): ?>
836	3a50eb39	Colin Fleming	<input name="mobile" type="hidden" value="true" />
837			<input name="remoteid_type" type="hidden" value="mobile" />
838	5a3b0d3b	mgrooms	<?php endif; ?>
839	3a50eb39	Colin Fleming	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
840			<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" />
841	1fe208ec	Ermal LUÇI	<?php if (!empty($pconfig['reqid'])): ?>
842			<input name="reqid" type="hidden" value="<?=htmlspecialchars($pconfig['reqid']);?>" />
843			<?php endif; ?>
844	9b915686	Ermal	<input name="uniqid" type="hidden" value="<?=htmlspecialchars($pconfig['uniqid']);?>" />
845	5a3b0d3b	mgrooms	</td>
846			</tr>
847			</table>
848			</div>
849			</td>
850			</tr>
851			</table>
852	a93e56c5	Matthew Grooms	</form>
853	3a50eb39	Colin Fleming	<script type="text/javascript">
854			//<![CDATA[
855	dd5bf424	Scott Ullrich	change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
856			change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
857			typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
858	3c107b76	Ermal	typesel_change_natlocal(<?=htmlspecialchars($pconfig['natlocalid_netbits'])?>);
859	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
860	dd5bf424	Scott Ullrich	typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
861	71880c96	pierrepomes	<?php endif; ?>
862	3a50eb39	Colin Fleming	//]]>
863	a93e56c5	Matthew Grooms	</script>
864			<?php include("fend.inc"); ?>
865	3462a529	Matthew Grooms	</body>
866			</html>
867	a93e56c5	Matthew Grooms
868			<?php
869
870	3462a529	Matthew Grooms	/* local utility functions */
871
872	a93e56c5	Matthew Grooms	function pconfig_to_ealgos(& $pconfig) {
873			global $p2_ealgos;
874
875			$ealgos = array();
876	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos'])) {
877			foreach ($p2_ealgos as $algo_name => $algo_data) {
878			if (in_array($algo_name,$pconfig['ealgos'])) {
879			$ealg = array();
880			$ealg['name'] = $algo_name;
881			if (is_array($algo_data['keysel']))
882			$ealg['keylen'] = $_POST["keylen_".$algo_name];
883			$ealgos[] = $ealg;
884			}
885	a93e56c5	Matthew Grooms	}
886			}
887
888			return $ealgos;
889			}
890
891			function ealgos_to_pconfig(& $ealgos,& $pconfig) {
892
893			$pconfig['ealgos'] = array();
894			foreach ($ealgos as $algo_data) {
895			$pconfig['ealgos'][] = $algo_data['name'];
896			if (isset($algo_data['keylen']))
897			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
898			}
899
900			return $ealgos;
901			}
902
903			function pconfig_to_idinfo($prefix,& $pconfig) {
904
905			$type = $pconfig[$prefix."id_type"];
906			$address = $pconfig[$prefix."id_address"];
907			$netbits = $pconfig[$prefix."id_netbits"];
908
909			switch( $type )
910			{
911			case "address":
912			return array('type' => $type, 'address' => $address);
913			case "network":
914			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
915			default:
916			return array('type' => $type );
917			}
918			}
919
920			function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
921
922			switch( $idinfo['type'] )
923			{
924			case "address":
925			$pconfig[$prefix."id_type"] = $idinfo['type'];
926			$pconfig[$prefix."id_address"] = $idinfo['address'];
927			break;
928			case "network":
929			$pconfig[$prefix."id_type"] = $idinfo['type'];
930			$pconfig[$prefix."id_address"] = $idinfo['address'];
931			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
932			break;
933			default:
934			$pconfig[$prefix."id_type"] = $idinfo['type'];
935			break;
936			}
937			}
938
939			?>

Project

General

Profile

pfSense