/src/usr/local/www/status_ipsec.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/status_ipsec.php @ 8f585441

1	cf7d1057	Scott Ullrich	<?php
2			/*
3	c5d81585	Renato Botelho	* status_ipsec.php
4	86b2861c	Matt Smith	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	8f585441	Luiz Souza	* Copyright (c) 2014-2021 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* All rights reserved.
10	fd9ebcd5	Stephen Beaver	*
11	c5d81585	Renato Botelho	* originally based on m0n0wall (http://m0n0.ch/wall)
12			* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
13			* All rights reserved.
14	fd9ebcd5	Stephen Beaver	*
15	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
16			* you may not use this file except in compliance with the License.
17			* You may obtain a copy of the License at
18	fd9ebcd5	Stephen Beaver	*
19	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
20	fd9ebcd5	Stephen Beaver	*
21	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
22			* distributed under the License is distributed on an "AS IS" BASIS,
23			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24			* See the License for the specific language governing permissions and
25			* limitations under the License.
26	fd9ebcd5	Stephen Beaver	*/
27	cf7d1057	Scott Ullrich
28	6b07c15a	Matthew Grooms	##\|+PRIV
29			##\|*IDENT=page-status-ipsec
30	5230f468	jim-p	##\|*NAME=Status: IPsec
31	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'Status: IPsec' page.
32	1af5edbf	Stephen Beaver	##\|MATCH=status_ipsec.php
33	6b07c15a	Matthew Grooms	##\|-PRIV
34
35	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
36	4260c32a	Stephen Beaver	require_once("ipsec.inc");
37	6b07c15a	Matthew Grooms
38	a93e56c5	Matthew Grooms	global $g;
39
40	c6c398c6	jim-p	init_config_arr(array('ipsec', 'phase1'));
41	4b5f2ab3	Phil Davis
42	4260c32a	Stephen Beaver	// If this is just an AJAX call to update the table body, just generate the body and quit
43			if ($_REQUEST['ajax']) {
44			print_ipsec_body();
45			exit;
46			}
47	a93e56c5	Matthew Grooms
48	c6220dcf	jim-p	if (($_POST['act'] == 'connect') \|\| ($_POST['act'] == 'childconnect')) {
49	64d53c69	Steve Beaver	if (ctype_digit($_POST['ikeid'])) {
50			$ph1ent = ipsec_get_phase1($_POST['ikeid']);
51	483c3b5b	Ermal LUÇI	if (!empty($ph1ent)) {
52	c6220dcf	jim-p	if (empty($ph1ent['iketype']) \|\| ($ph1ent['iketype'] == 'ikev1') \|\| isset($ph1ent['splitconn'])) {
53	64d53c69	Steve Beaver	$ph2entries = ipsec_get_number_of_phase2($_POST['ikeid']);
54	483c3b5b	Ermal LUÇI	for ($i = 0; $i < $ph2entries; $i++) {
55	64d53c69	Steve Beaver	$connid = escapeshellarg("con{$_POST['ikeid']}00{$i}");
56	c6220dcf	jim-p	if ($_POST['act'] != 'childconnect') {
57			mwexec_bg("/usr/local/sbin/swanctl --terminate --child {$connid}");
58			}
59			mwexec_bg("/usr/local/sbin/swanctl --initiate --child {$connid}");
60	483c3b5b	Ermal LUÇI	}
61			} else {
62	c6220dcf	jim-p	if ($_POST['act'] != 'childconnect') {
63			mwexec_bg("/usr/local/sbin/swanctl --terminate --ike con" . escapeshellarg($_POST['ikeid'] . '000'));
64			}
65			mwexec_bg("/usr/local/sbin/swanctl --initiate --child con" . escapeshellarg($_POST['ikeid'] . '000'));
66	483c3b5b	Ermal LUÇI	}
67			}
68	6e8b0ec3	jim-p	}
69	64d53c69	Steve Beaver	} else if ($_POST['act'] == 'ikedisconnect') {
70	130f3c92	Stephen Jones
71	3c5f4441	Stephen Jones	if (!empty($_POST['ikesaid']) && ctype_digit($_POST['ikesaid'])) {
72	c6220dcf	jim-p	mwexec_bg("/usr/local/sbin/swanctl --terminate --ike " . escapeshellarg($_POST['ikeid']) . " --ike-id " .escapeshellarg($_POST['ikesaid']));
73	3c5f4441	Stephen Jones	} else {
74	c6220dcf	jim-p	mwexec_bg("/usr/local/sbin/swanctl --terminate --ike " . escapeshellarg($_POST['ikeid']));
75	614be051	bcyrill	}
76	64d53c69	Steve Beaver	} else if ($_POST['act'] == 'childdisconnect') {
77	130f3c92	Stephen Jones	//pull out number from id
78	64d53c69	Steve Beaver	if (!empty($_POST['ikesaid']) && ctype_digit($_POST['ikesaid'])) {
79	c6220dcf	jim-p	mwexec_bg("/usr/local/sbin/swanctl --terminate --child " . escapeshellarg($_POST['ikeid']) . " --child-id " . escapeshellarg($_POST['ikesaid']));
80	5f601060	Phil Davis	}
81	6e0b68bf	jim-p	}
82
83	4260c32a	Stephen Beaver	// Table body is composed here so that it can be more easily updated via AJAX
84			function print_ipsec_body() {
85			global $config;
86			$a_phase1 = &$config['ipsec']['phase1'];
87			$status = ipsec_list_sa();
88			$ipsecconnected = array();
89			if (is_array($status)) {
90			foreach ($status as $ikeid => $ikesa) {
91	130f3c92	Stephen Jones	//check which array format
92			if(isset($ikesa['con-id'])){
93			$con_id = substr($ikesa['con-id'],3);
94			}else{
95			$con_id = filter_var($ikeid, FILTER_SANITIZE_NUMBER_INT);
96			}
97	4260c32a	Stephen Beaver	if ($ikesa['version'] == 1) {
98			$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
99			$ipsecconnected[$ph1idx] = $ph1idx;
100			} else {
101	109a304e	Graham Collinson	if (!ipsec_ikeid_used($con_id)) {
102			// probably a v2 with split connection then
103			$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
104			$ipsecconnected[$ph1idx] = $ph1idx;
105			} else {
106			$ipsecconnected[$con_id] = $ph1idx = $con_id;
107			}
108	4260c32a	Stephen Beaver	}
109	3795cc0a	sbeaver
110	4260c32a	Stephen Beaver	print("<tr>\n");
111	3c5f4441	Stephen Jones
112			print("<td>\n");
113			print(htmlspecialchars($ikesa['con-id'])) . ":\n";
114			print('#' . htmlspecialchars($ikesa['uniqueid']));
115			print("</td>\n");
116
117	4260c32a	Stephen Beaver	print("<td>\n");
118	80392e01	Stephen Jones	if (is_array($a_phase1) && htmlspecialchars(ipsec_get_descr($ph1idx)) == "") {
119	29c1ecb8	Stephen Jones	foreach ($a_phase1 as $ph1) {
120	80392e01	Stephen Jones	if($con_id == $ph1['ikeid'] && isset($ph1['mobile']) ){
121			print(htmlspecialchars($ph1['descr']));
122	29c1ecb8	Stephen Jones	break;
123			}
124			}
125			}
126	4260c32a	Stephen Beaver	print(htmlspecialchars(ipsec_get_descr($ph1idx)));
127			print("</td>\n");
128	3c5f4441	Stephen Jones
129	4260c32a	Stephen Beaver	print("<td>\n");
130	0da0d43e	Phil Davis
131	8af4e81e	jim-p	print("<b>ID:</b> ");
132	4260c32a	Stephen Beaver	if (!empty($ikesa['local-id'])) {
133			if ($ikesa['local-id'] == '%any') {
134			print(gettext('Any identifier'));
135			} else {
136			print(htmlspecialchars($ikesa['local-id']));
137			}
138	5f601060	Phil Davis	} else {
139	4260c32a	Stephen Beaver	print(gettext("Unknown"));
140	5f601060	Phil Davis	}
141	86b2861c	Matt Smith
142	8af4e81e	jim-p	print("<br/>");
143			print("<b>Host:</b> ");
144	4260c32a	Stephen Beaver
145			if (!empty($ikesa['local-host'])) {
146	8af4e81e	jim-p	$lhost = $ikesa['local-host'];
147			if (!empty($ikesa['local-port'])) {
148			if (is_ipaddrv6($ikesa['local-host'])) {
149			$lhost = "[{$lhost}]";
150			}
151			$lhost .= ":{$ikesa['local-port']}";
152			}
153			print(htmlspecialchars($lhost));
154
155	86b2861c	Matt Smith	} else {
156	4260c32a	Stephen Beaver	print(gettext("Unknown"));
157	86b2861c	Matt Smith	}
158	4260c32a	Stephen Beaver
159	8af4e81e	jim-p	print("<br/>");
160			print("<b>SPI:</b> " . htmlspecialchars( ($ikesa['initiator'] == 'yes') ? $ikesa['initiator-spi'] : $ikesa['responder-spi'] ));
161
162	4260c32a	Stephen Beaver	/*
163			* XXX: local-nat-t was defined by pfSense
164			* When strongswan team accepted the change, they changed it to
165			* nat-local. Keep both for a while and remove local-nat-t in
166			* the future
167			*/
168			if (isset($ikesa['local-nat-t']) \|\| isset($ikesa['nat-local'])) {
169	e96b20f6	Jose Luis Duran	print(" NAT-T");
170	4260c32a	Stephen Beaver	}
171
172			print("</td>\n");
173			print("<td>\n");
174
175	8af4e81e	jim-p	print("<b>ID:</b> ");
176
177	4260c32a	Stephen Beaver	$identity = "";
178			if (!empty($ikesa['remote-id'])) {
179			if ($ikesa['remote-id'] == '%any') {
180			$identity = htmlspecialchars(gettext('Any identifier'));
181			} else {
182			$identity = htmlspecialchars($ikesa['remote-id']);
183			}
184			}
185
186			if (!empty($ikesa['remote-xauth-id'])) {
187			echo htmlspecialchars($ikesa['remote-xauth-id']);
188			echo "<br/>{$identity}";
189			} elseif (!empty($ikesa['remote-eap-id'])) {
190			echo htmlspecialchars($ikesa['remote-eap-id']);
191			echo "<br/>{$identity}";
192			} else {
193			if (empty($identity)) {
194			print(gettext("Unknown"));
195			} else {
196			print($identity);
197			}
198			}
199
200	8af4e81e	jim-p	print("<br/>");
201			print("<b>Host:</b> ");
202	4260c32a	Stephen Beaver
203			if (!empty($ikesa['remote-host'])) {
204	8af4e81e	jim-p	$rhost = $ikesa['remote-host'];
205			if (!empty($ikesa['remote-port'])) {
206			if (is_ipaddrv6($ikesa['remote-host'])) {
207			$rhost = "[{$rhost}]";
208			}
209			$rhost .= ":{$ikesa['remote-port']}";
210			}
211			print(htmlspecialchars($rhost));
212	4260c32a	Stephen Beaver	} else {
213	3795cc0a	sbeaver	print(gettext("Unknown"));
214	4260c32a	Stephen Beaver	}
215			/*
216			* XXX: remote-nat-t was defined by pfSense
217			* When strongswan team accepted the change, they changed it to
218			* nat-remote. Keep both for a while and remove remote-nat-t in
219			* the future
220			*/
221			if (isset($ikesa['remote-nat-t']) \|\| isset($ikesa['nat-remote'])) {
222			print(" NAT-T");
223			}
224
225	8af4e81e	jim-p	print("<br/>");
226			print("<b>SPI:</b> " . htmlspecialchars( ($ikesa['initiator'] == 'yes') ? $ikesa['responder-spi'] : $ikesa['initiator-spi'] ));
227
228	4260c32a	Stephen Beaver	print("</td>\n");
229			print("<td>\n");
230			print("IKEv" . htmlspecialchars($ikesa['version']));
231			print("<br/>\n");
232
233			if ($ikesa['initiator'] == 'yes') {
234			print("initiator");
235			} else {
236			print("responder");
237			}
238
239			print("</td>\n");
240			print("<td>\n");
241	9701089e	jim-p	if ($ikesa['version'] == 2) {
242			print("<b>" . gettext("Rekey:") . "</b> ");
243			if (!empty($ikesa['rekey-time'])) {
244			print(htmlspecialchars($ikesa['rekey-time']) . gettext("s (") . convert_seconds_to_dhms($ikesa['rekey-time']) . ")");
245			} else {
246			print(gettext("Disabled"));
247			}
248	8af4e81e	jim-p	print("<br/>");
249			}
250	9701089e	jim-p	print("<b>" . gettext("Reauth:") . "</b> ");
251			if (!empty($ikesa['reauth-time'])) {
252			print(htmlspecialchars($ikesa['reauth-time']) . gettext("s (") . convert_seconds_to_dhms($ikesa['reauth-time']) . ")");
253			} else {
254			print(gettext("Disabled"));
255	8af4e81e	jim-p	}
256	4260c32a	Stephen Beaver	print("</td>\n");
257			print("<td>\n");
258			print(htmlspecialchars($ikesa['encr-alg']));
259	8af4e81e	jim-p	if (!empty($ikesa['encr-keysize'])) {
260			print(" (" . htmlspecialchars($ikesa['encr-keysize']) . ")");
261			}
262	4260c32a	Stephen Beaver	print("<br/>");
263			print(htmlspecialchars($ikesa['integ-alg']));
264			print("<br/>");
265			print(htmlspecialchars($ikesa['prf-alg']));
266			print("<br/>\n");
267			print(htmlspecialchars($ikesa['dh-group']));
268			print("</td>\n");
269			print("<td>\n");
270
271			if ($ikesa['state'] == 'ESTABLISHED') {
272			print('<span class="text-success">');
273			} else {
274			print('<span>');
275			}
276
277			print(ucfirst(htmlspecialchars($ikesa['state'])));
278	9e820b59	Phil Davis
279			if ($ikesa['state'] == 'ESTABLISHED') {
280	7f0d6ccf	Phil Davis	print("<br/>");
281			printf(gettext('%1$s seconds (%2$s) ago'), htmlspecialchars($ikesa['established']), convert_seconds_to_dhms($ikesa['established']));
282	9e820b59	Phil Davis	}
283
284	3c5f4441	Stephen Jones	print("</span><br /><br />");
285	4260c32a	Stephen Beaver
286			if ($ikesa['state'] != 'ESTABLISHED') {
287
288	1144e24c	Steve Beaver	print('<a href="status_ipsec.php?act=connect&ikeid=' . $con_id . '&ikesaid=' .$ikesa['uniqueid'] . '" class="btn btn-xs btn-success" data-toggle="tooltip" title="' . gettext("Connect VPN"). '" usepost>');
289	9e820b59	Phil Davis	print('<i class="fa fa-sign-in icon-embed-btn"></i>');
290			print(gettext("Connect VPN"));
291			print("</a>\n");
292	4260c32a	Stephen Beaver
293	86b2861c	Matt Smith	} else {
294	4260c32a	Stephen Beaver
295	3c5f4441	Stephen Jones	print('<a href="status_ipsec.php?act=ikedisconnect&ikeid=' . $ikesa['con-id']. '&ikesaid=' .$ikesa['uniqueid'] . '"class="btn btn-xs btn-danger" data-toggle="tooltip" title="' . gettext("Disconnect VPN") . '" usepost>');
296	4260c32a	Stephen Beaver	print('<i class="fa fa-trash icon-embed-btn"></i>');
297			print(gettext("Disconnect"));
298			print("</a><br />\n");
299
300			}
301	c6220dcf	jim-p	if (empty($ikesa['child-sas'])) {
302			print('<br/><a href="status_ipsec.php?act=childconnect&ikeid=' . substr($con_id, 0, -3) . '" class="btn btn-xs btn-success" data-toggle="tooltip" title="' . gettext("Connect Children"). '" usepost>');
303			print('<i class="fa fa-sign-in icon-embed-btn"></i>');
304			print(gettext("Connect Children"));
305			print("</a>\n");
306			}
307	4260c32a	Stephen Beaver
308			print("</td>\n");
309			print("</tr>\n");
310			print("<tr>\n");
311			print("<td colspan = 10>\n");
312
313			if (is_array($ikesa['child-sas']) && (count($ikesa['child-sas']) > 0)) {
314	130f3c92	Stephen Jones	$child_key = "";
315			foreach ($ikesa['child-sas'] as $key => $val){
316			$child_key = $key;
317			break;
318			}
319	4260c32a	Stephen Beaver
320	067551a4	Stephen Beaver	print('<div>');
321	130f3c92	Stephen Jones	print('<a type="button" id="btnchildsa-'. $child_key . '" class="btn btn-sm btn-info">');
322	4260c32a	Stephen Beaver	print('<i class="fa fa-plus-circle icon-embed-btn"></i>');
323	c6220dcf	jim-p	print(sprintf(gettext('Show child SA entries (%d)'), count($ikesa['child-sas'])));
324	4260c32a	Stephen Beaver	print("</a>\n");
325			print(" </div>\n");
326
327	130f3c92	Stephen Jones	print('<table class="table table-hover table-condensed" id="childsa-'.$child_key . '" style="display:none">');
328	4260c32a	Stephen Beaver	print("<thead>\n");
329			print('<tr class="bg-info">');
330	3c5f4441	Stephen Jones	print('<th>' . gettext("IPsec ID") . '</th>');
331			print('<th>' . gettext("Local subnets") . '</th>');
332			print('<th>' . gettext("Local SPI(s)") . '</th>');
333			print('<th>' . gettext("Remote subnets") . '</th>');
334			print('<th>' . gettext("Times") . '</th>');
335			print('<th>' . gettext("Algo") . '</th>');
336			print('<th>' . gettext("Stats") . '</th>');
337	4260c32a	Stephen Beaver	print('<th><!-- Buttons --></th>');
338			print("</tr\n");
339			print("</thead>\n");
340			print("<tbody>\n");
341
342			foreach ($ikesa['child-sas'] as $childid => $childsa) {
343			print("<tr>");
344			print("<td>\n");
345	3c5f4441	Stephen Jones	print($childsa['name'] . ":<br />");
346			print("#" . $childsa['uniqueid']);
347			print("</td>\n");
348			print("<td>\n");
349	4260c32a	Stephen Beaver
350			if (is_array($childsa['local-ts'])) {
351			foreach ($childsa['local-ts'] as $lnets) {
352			print(htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />");
353			}
354			} else {
355			print(gettext("Unknown"));
356			}
357
358			print("</td>\n");
359			print("<td>\n");
360
361			if (isset($childsa['spi-in'])) {
362	8af4e81e	jim-p	print("<b>" . gettext("Local:") . "</b> " . htmlspecialchars($childsa['spi-in']));
363	4260c32a	Stephen Beaver	}
364
365			if (isset($childsa['spi-out'])) {
366	8af4e81e	jim-p	print("<br/>");
367			print("<b>" . gettext('Remote:') . "</b> " . htmlspecialchars($childsa['spi-out']));
368	4260c32a	Stephen Beaver	}
369
370			print("</td>\n");
371			print("<td>\n");
372
373			if (is_array($childsa['remote-ts'])) {
374			foreach ($childsa['remote-ts'] as $rnets) {
375			print(htmlspecialchars(ipsec_fixup_network($rnets)) . '<br />');
376			}
377			} else {
378			print(gettext("Unknown"));
379			}
380
381			print("</td>\n");
382			print("<td>\n");
383
384	8af4e81e	jim-p	printf(gettext('%3$sRekey: %4$s%1$s seconds (%2$s)'), htmlspecialchars($childsa['rekey-time']), convert_seconds_to_dhms($childsa['rekey-time']), "<b>", "</b>");
385	7f0d6ccf	Phil Davis	print('<br/>');
386	8af4e81e	jim-p	printf(gettext('%3$sLife: %4$s%1$s seconds (%2$s)'), htmlspecialchars($childsa['life-time']), convert_seconds_to_dhms($childsa['life-time']), "<b>", "</b>");
387	7f0d6ccf	Phil Davis	print('<br/>');
388	8af4e81e	jim-p	printf(gettext('%3$sInstall: %4$s%1$s seconds (%2$s)'), htmlspecialchars($childsa['install-time']), convert_seconds_to_dhms($childsa['install-time']), "<b>", "</b>");
389	4260c32a	Stephen Beaver
390
391			print("</td>\n");
392			print("<td>\n");
393
394	8af4e81e	jim-p	print(htmlspecialchars($childsa['encr-alg']));
395			if (!empty($childsa['encr-keysize'])) {
396			print(" (" . htmlspecialchars($childsa['encr-keysize']) . ")");
397			}
398			print('<br/>');
399
400	4260c32a	Stephen Beaver	print(htmlspecialchars($childsa['integ-alg']) . '<br/>');
401
402			if (!empty($childsa['prf-alg'])) {
403			print(htmlspecialchars($childsa['prf-alg']) . '<br/>');
404			}
405
406			if (!empty($childsa['dh-group'])) {
407			print(htmlspecialchars($childsa['dh-group']) . '<br/>');
408			}
409
410			if (!empty($childsa['esn'])) {
411			print(htmlspecialchars($childsa['esn']) . '<br/>');
412			}
413
414			print(gettext("IPComp: "));
415			if (!empty($childsa['cpi-in']) \|\| !empty($childsa['cpi-out'])) {
416			print(htmlspecialchars($childsa['cpi-in']) . " " . htmlspecialchars($childsa['cpi-out']));
417			} else {
418			print(gettext('none'));
419			}
420
421			print("</td>\n");
422			print("<td>\n");
423
424	8af4e81e	jim-p	print("<b>" . gettext("Bytes-In:") . "</b> " . htmlspecialchars(number_format($childsa['bytes-in'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-in'])) . ')<br/>');
425			print("<b>" . gettext("Packets-In:") . "</b> " . htmlspecialchars(number_format($childsa['packets-in'])) . '<br/>');
426			print("<b>" . gettext("Bytes-Out:") . "</b> " . htmlspecialchars(number_format($childsa['bytes-out'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-out'])) . ')<br/>');
427			print("<b>" . gettext("Packets-Out:") . "</b> " . htmlspecialchars(number_format($childsa['packets-out'])) . '<br/>');
428	4260c32a	Stephen Beaver
429			print("</td>\n");
430			print("<td>\n");
431	130f3c92	Stephen Jones	print('<a href="status_ipsec.php?act=childdisconnect&ikeid=' . $childsa['name'] . '&ikesaid=' . $childsa['uniqueid'] . '" class="btn btn-xs btn-warning" data-toggle="tooltip" title="' . gettext('Disconnect Child SA') . '" usepost>');
432	4260c32a	Stephen Beaver	print('<i class="fa fa-trash icon-embed-btn"></i>');
433			print(gettext("Disconnect"));
434			print("</a>\n");
435			print("</td>\n");
436			print("</tr>\n");
437
438			}
439
440			print("</tbody>\n");
441			print(" </table>\n");
442			print("</td>\n");
443	9723b525	Stephen Beaver	print("</tr>\n");
444	4260c32a	Stephen Beaver
445	3795cc0a	sbeaver	}
446	4260c32a	Stephen Beaver
447			unset($con_id);
448	86b2861c	Matt Smith	}
449	4260c32a	Stephen Beaver
450			}
451
452			$rgmap = array();
453	4b5f2ab3	Phil Davis	if (is_array($a_phase1)) {
454			foreach ($a_phase1 as $ph1ent) {
455			if (isset($ph1ent['disabled'])) {
456			continue;
457			}
458	4260c32a	Stephen Beaver
459	4b5f2ab3	Phil Davis	$rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway'];
460	4260c32a	Stephen Beaver
461	4b5f2ab3	Phil Davis	if ($ipsecconnected[$ph1ent['ikeid']]) {
462			continue;
463			}
464	4260c32a	Stephen Beaver
465	4b5f2ab3	Phil Davis	print("<tr>\n");
466	437263f2	Stephen Jones	print("<td></td>\n");
467	360e7711	Stephen Jones	print("<td>\n");
468	4b5f2ab3	Phil Davis	print(htmlspecialchars($ph1ent['descr']));
469			print("</td>\n");
470			print("<td>\n");
471	8af4e81e	jim-p	print("<b>ID:</b> \n");
472	4b5f2ab3	Phil Davis	list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
473	4260c32a	Stephen Beaver
474	4b5f2ab3	Phil Davis	if (empty($myid_data)) {
475			print(gettext("Unknown"));
476			} else {
477			print(htmlspecialchars($myid_data));
478			}
479	4260c32a	Stephen Beaver
480	8af4e81e	jim-p	print("<br/>\n");
481			print("<b>Host:</b> \n");
482	4b5f2ab3	Phil Davis	$ph1src = ipsec_get_phase1_src($ph1ent);
483	4260c32a	Stephen Beaver
484	4b5f2ab3	Phil Davis	if (empty($ph1src)) {
485			print(gettext("Unknown"));
486			} else {
487	c6220dcf	jim-p	print(htmlspecialchars(str_replace(',', ', ', $ph1src)));
488	4b5f2ab3	Phil Davis	}
489	4260c32a	Stephen Beaver
490	4b5f2ab3	Phil Davis	print("</td>\n");
491			print("<td>\n");
492	0da0d43e	Phil Davis
493	8af4e81e	jim-p	print("<b>ID:</b> \n");
494
495	4b5f2ab3	Phil Davis	list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
496	3795cc0a	sbeaver
497	4b5f2ab3	Phil Davis	if (empty($peerid_data)) {
498			print(gettext("Unknown"));
499			} else {
500			print(htmlspecialchars($peerid_data));
501			}
502	8af4e81e	jim-p
503			print("<br/>\n");
504			print("<b>Host:</b> \n");
505
506	4b5f2ab3	Phil Davis	$ph1src = ipsec_get_phase1_dst($ph1ent);
507	0da0d43e	Phil Davis
508	4b5f2ab3	Phil Davis	if (empty($ph1src)) {
509			print(gettext("Unknown"));
510			} else {
511			print(htmlspecialchars($ph1src));
512			}
513	0da0d43e	Phil Davis
514	4260c32a	Stephen Beaver	print("</td>\n");
515			print("<td>\n");
516			print("</td>\n");
517			print("<td>\n");
518			print("</td>\n");
519			print("<td>\n");
520			print("</td>\n");
521	3795cc0a	sbeaver
522	4b5f2ab3	Phil Davis	if (isset($ph1ent['mobile'])) {
523
524			print("<td>\n");
525			print(gettext("Awaiting connections"));
526			print("</td>\n");
527			print("<td>\n");
528			print("</td>\n");
529			print("</td>\n");
530			} else {
531
532			print("<td>\n");
533			print(gettext("Disconnected"));
534	c6220dcf	jim-p	print("<br/>\n");
535	64d53c69	Steve Beaver	print('<a href="status_ipsec.php?act=connect&ikeid=' . $ph1ent['ikeid'] . '" class="btn btn-xs btn-success" usepost>');
536	4b5f2ab3	Phil Davis	print('<i class="fa fa-sign-in icon-embed-btn"></i>');
537			print(gettext("Connect VPN"));
538			print("</a>\n");
539			print("</td>\n");
540
541			}
542			print("</tr>\n");
543	4260c32a	Stephen Beaver	}
544	97242546	Matt Smith	}
545
546	4260c32a	Stephen Beaver	unset($ipsecconnected, $phase1, $rgmap);
547	86b2861c	Matt Smith	}
548	3795cc0a	sbeaver
549	4260c32a	Stephen Beaver	$pgtitle = array(gettext("Status"), gettext("IPsec"), gettext("Overview"));
550	edcd7535	Phil Davis	$pglinks = array("", "@self", "@self");
551	4260c32a	Stephen Beaver	$shortcut_section = "ipsec";
552	0da0d43e	Phil Davis
553	4260c32a	Stephen Beaver	include("head.inc");
554	0da0d43e	Phil Davis
555	4260c32a	Stephen Beaver	$tab_array = array();
556			$tab_array[] = array(gettext("Overview"), true, "status_ipsec.php");
557			$tab_array[] = array(gettext("Leases"), false, "status_ipsec_leases.php");
558			$tab_array[] = array(gettext("SADs"), false, "status_ipsec_sad.php");
559			$tab_array[] = array(gettext("SPDs"), false, "status_ipsec_spd.php");
560			display_top_tabs($tab_array);
561	3795cc0a	sbeaver	?>
562	0da0d43e	Phil Davis
563	4260c32a	Stephen Beaver	<div class="panel panel-default">
564			<div class="panel-heading"><h2 class="panel-title"><?=gettext("IPsec Status");?></h2></div>
565			<div class="panel-body table-responsive">
566			<table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable>
567			<thead>
568			<tr>
569	3c5f4441	Stephen Jones	<th><?=gettext("IPsec ID")?></th>
570	4260c32a	Stephen Beaver	<th><?=gettext("Description")?></th>
571	8af4e81e	jim-p	<th><?=gettext("Local")?></th>
572			<th><?=gettext("Remote")?></th>
573	4260c32a	Stephen Beaver	<th><?=gettext("Role")?></th>
574	8af4e81e	jim-p	<th><?=gettext("Timers")?></th>
575	4260c32a	Stephen Beaver	<th><?=gettext("Algo")?></th>
576			<th><?=gettext("Status")?></th>
577			<th></th>
578			</tr>
579			</thead>
580			<tbody id="ipsec-body">
581			<tr>
582	fc48da17	NOYB	<td colspan="10">
583	499adf73	Phil Davis	<?=print_info_box(gettext("Collecting IPsec status information."), "warning", "")?>
584	3795cc0a	sbeaver	</td>
585			</tr>
586			</tbody>
587	c7fbdd6c	Ermal	</table>
588			</div>
589	3795cc0a	sbeaver	</div>
590
591			<?php
592			unset($status);
593	4260c32a	Stephen Beaver
594	d2c1089f	Phil Davis	if (ipsec_enabled()) {
595	4260c32a	Stephen Beaver	print('<div class="infoblock">');
596	d2c1089f	Phil Davis	} else {
597	4260c32a	Stephen Beaver	print('<div class="infoblock blockopen">');
598	d2c1089f	Phil Davis	}
599	4260c32a	Stephen Beaver
600	530c7ccf	NOYB	print_info_box(sprintf(gettext('IPsec can be configured %1$shere%2$s.'), '<a href="vpn_ipsec.php">', '</a>'), 'info', false);
601	d2c1089f	Phil Davis	?>
602			</div>
603	4260c32a	Stephen Beaver
604			<script type="text/javascript">
605			//<![CDATA[
606
607			events.push(function() {
608	067551a4	Stephen Beaver	ajax_lock = false; // Mutex so we don't make a call until the previous call is finished
609			sa_open = new Array(); // Array in which to keep the child SA show/hide state
610	29c1ecb8	Stephen Jones	tryCount = 3;
611	4260c32a	Stephen Beaver	// Fetch the tbody contents from the server
612			function update_table() {
613			if (ajax_lock) {
614			return;
615			}
616
617			ajax_lock = true;
618
619			ajaxRequest = $.ajax(
620			{
621			url: "/status_ipsec.php",
622			type: "post",
623			data: {
624			ajax: "ajax"
625	1144e24c	Steve Beaver	},
626			error: function(xhr, textStatus, errorThrown){
627			//alert("error.... retrying");
628	29c1ecb8	Stephen Jones	if (tryCount > 0){
629			tryCount --;
630	1144e24c	Steve Beaver	ajax_lock = false;
631			update_table();
632			}
633			return;
634	4260c32a	Stephen Beaver	}
635			}
636			);
637
638			// Deal with the results of the above ajax call
639			ajaxRequest.done(function (response, textStatus, jqXHR) {
640	29c1ecb8	Stephen Jones	if(textStatus === "success"){
641			tryCount =3;
642			}
643	fc48da17	NOYB	if (!response) {
644	2807660f	Stephen Jones	response = '<tr><td colspan="10"><?=print_info_box(addslashes(gettext("No IPsec status information available.")), "warning", "")?></td></tr>';
645	fc48da17	NOYB	}
646
647	4260c32a	Stephen Beaver	$('#ipsec-body').html(response);
648			ajax_lock = false;
649
650	067551a4	Stephen Beaver	// Update "Show child SA" handlers
651			$('[id^=btnchildsa-]').click(function () {
652	3c5f4441	Stephen Jones	show_childsa($(this).prop("id").replace( 'btnchildsa-', ''));
653	067551a4	Stephen Beaver	});
654
655			// Check the sa_open array for child SAs that have been opened
656	3c5f4441	Stephen Jones	$('[id^=childsa-]').each(function(idx) {
657			sa_idx = $(this).prop("id").replace( 'childsa-', '');
658	4260c32a	Stephen Beaver
659			if (sa_open[sa_idx]) {
660	067551a4	Stephen Beaver	show_childsa(sa_idx);
661	4260c32a	Stephen Beaver	}
662			});
663
664	64d53c69	Steve Beaver	// re-attached the GET to POST handler
665			interceptGET();
666
667	4260c32a	Stephen Beaver	// and do it again
668			setTimeout(update_table, 5000);
669			});
670			}
671
672	067551a4	Stephen Beaver	function show_childsa(said) {
673			sa_open[said] = true;
674	3c5f4441	Stephen Jones	$('#childsa-' + said).show();
675	c6220dcf	jim-p	$('#btnchildsa-' + said).hide();
676	067551a4	Stephen Beaver	}
677
678	4260c32a	Stephen Beaver	// Populate the tbody on page load
679			update_table();
680			});
681			//]]>
682			</script>
683
684	d2c1089f	Phil Davis	<?php
685	3795cc0a	sbeaver	include("foot.inc"); ?>

Project

General

Profile

pfSense