/usr/local/www/vpn_ipsec_phase1.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase1.php @ 962f215d

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase1.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8	fa4e059e	Ermal	Copyright (C) 2014 Ermal LUÇI
9	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
10	a93e56c5	Matthew Grooms	All rights reserved.
11
12			Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14
15			1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17
18			2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21
22			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33
34	6b07c15a	Matthew Grooms	##\|+PRIV
35			##\|*IDENT=page-vpn-ipsec-editphase1
36			##\|*NAME=VPN: IPsec: Edit Phase 1 page
37			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 1' page.
38			##\|MATCH=vpn_ipsec_phase1.php
39			##\|-PRIV
40
41	0f84b741	Scott Ullrich	require("functions.inc");
42	a93e56c5	Matthew Grooms	require("guiconfig.inc");
43	483e6de8	Scott Ullrich	require_once("ipsec.inc");
44			require_once("vpn.inc");
45	caaaf9ce	Renato Botelho	require_once("filter.inc");
46	a93e56c5	Matthew Grooms
47			if (!is_array($config['ipsec']['phase1']))
48			$config['ipsec']['phase1'] = array();
49
50	647c7c48	Seth Mos	if (!is_array($config['ipsec']['phase2']))
51			$config['ipsec']['phase2'] = array();
52
53	a93e56c5	Matthew Grooms	$a_phase1 = &$config['ipsec']['phase1'];
54	647c7c48	Seth Mos	$a_phase2 = &$config['ipsec']['phase2'];
55	a93e56c5	Matthew Grooms
56	e41ec584	Renato Botelho	if (is_numericint($_GET['p1index']))
57			$p1index = $_GET['p1index'];
58	9caf5eca	Renato Botelho	if (isset($_POST['p1index']) && is_numericint($_POST['p1index']))
59	a93e56c5	Matthew Grooms	$p1index = $_POST['p1index'];
60
61	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
62	a93e56c5	Matthew Grooms	$p1index = $_GET['dup'];
63
64	fad728ab	sullrich	if (isset($p1index) && $a_phase1[$p1index]) {
65	99bbd213	Matthew Grooms	// don't copy the ikeid on dup
66	e41ec584	Renato Botelho	if (!isset($_GET['dup']) \|\| !is_numericint($_GET['dup']))
67	99bbd213	Matthew Grooms	$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
68	7fc26246	Seth Mos
69	647c7c48	Seth Mos	$old_ph1ent = $a_phase1[$p1index];
70	99bbd213	Matthew Grooms
71	a93e56c5	Matthew Grooms	$pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']);
72
73			if ($a_phase1[$p1index]['interface'])
74			$pconfig['interface'] = $a_phase1[$p1index]['interface'];
75			else
76			$pconfig['interface'] = "wan";
77
78			list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
79	3462a529	Matthew Grooms
80			if (isset($a_phase1[$p1index]['mobile']))
81			$pconfig['mobile'] = 'true';
82			else
83			$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
84
85	fa4e059e	Ermal	if (empty($a_phase1[$p1index]['iketype']))
86			$pconfig['iketype'] = "ikev1";
87			else
88			$pconfig['iketype'] = $a_phase1[$p1index]['iketype'];
89	a93e56c5	Matthew Grooms	$pconfig['mode'] = $a_phase1[$p1index]['mode'];
90	e79b24ab	Seth Mos	$pconfig['protocol'] = $a_phase1[$p1index]['protocol'];
91	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
92			$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data'];
93			$pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type'];
94			$pconfig['peerid_data'] = $a_phase1[$p1index]['peerid_data'];
95			$pconfig['ealgo'] = $a_phase1[$p1index]['encryption-algorithm'];
96			$pconfig['halgo'] = $a_phase1[$p1index]['hash-algorithm'];
97			$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup'];
98			$pconfig['lifetime'] = $a_phase1[$p1index]['lifetime'];
99			$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
100	4e2af464	Matthew Grooms
101	ab2ccd9f	Renato Botelho	if (($pconfig['authentication_method'] == "pre_shared_key") \|\|
102	4e2af464	Matthew Grooms	($pconfig['authentication_method'] == "xauth_psk_server")) {
103			$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
104			} else {
105	73fbece8	mgrooms	$pconfig['certref'] = $a_phase1[$p1index]['certref'];
106	a22d475f	jim-p	$pconfig['caref'] = $a_phase1[$p1index]['caref'];
107	4e2af464	Matthew Grooms	}
108	a93e56c5	Matthew Grooms
109			$pconfig['descr'] = $a_phase1[$p1index]['descr'];
110			$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
111	065e78b3	Chris Buechler	$pconfig['mobike'] = $a_phase1[$p1index]['mobike'];
112	3462a529	Matthew Grooms
113	ce21dfca	Ermal	if (isset($a_phase1[$p1index]['reauth_enable']))
114	0e7aad67	Ermal	$pconfig['reauth_enable'] = true;
115	ce21dfca	Ermal	if (isset($a_phase1[$p1index]['rekey_enable']))
116	0e7aad67	Ermal	$pconfig['rekey_enable'] = true;
117	87808568	Ermal LUÇI	if (isset($a_phase1[$p1index]['responderonly']))
118			$pconfig['responderonly'] = true;
119	0e7aad67	Ermal
120	3462a529	Matthew Grooms	if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) {
121			$pconfig['dpd_enable'] = true;
122			$pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay'];
123			$pconfig['dpd_maxfail'] = $a_phase1[$p1index]['dpd_maxfail'];
124			}
125	fad728ab	sullrich	} else {
126	a93e56c5	Matthew Grooms	/* defaults */
127			$pconfig['interface'] = "wan";
128	ab2ccd9f	Renato Botelho	if($config['interfaces']['lan'])
129	a93e56c5	Matthew Grooms	$pconfig['localnet'] = "lan";
130	460719c8	Chris Buechler	$pconfig['mode'] = "main";
131	e79b24ab	Seth Mos	$pconfig['protocol'] = "inet";
132	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = "myaddress";
133			$pconfig['peerid_type'] = "peeraddress";
134			$pconfig['authentication_method'] = "pre_shared_key";
135	c5ddb6ad	Chris Buechler	$pconfig['ealgo'] = array( name => "aes" );
136	a93e56c5	Matthew Grooms	$pconfig['halgo'] = "sha1";
137			$pconfig['dhgroup'] = "2";
138			$pconfig['lifetime'] = "28800";
139	86ef7a0a	Ermal	$pconfig['nat_traversal'] = 'on';
140	065e78b3	Chris Buechler	$pconfig['mobike'] = 'off';
141	3462a529	Matthew Grooms	$pconfig['dpd_enable'] = true;
142	20452c68	Ermal	$pconfig['iketype'] = "ikev1";
143	3462a529	Matthew Grooms
144			/* mobile client */
145	460719c8	Chris Buechler	if($_GET['mobile']) {
146	3462a529	Matthew Grooms	$pconfig['mobile']=true;
147	460719c8	Chris Buechler	$pconfig['mode'] = "aggressive";
148			}
149	a93e56c5	Matthew Grooms	}
150
151	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
152	a93e56c5	Matthew Grooms	unset($p1index);
153
154			if ($_POST) {
155			unset($input_errors);
156			$pconfig = $_POST;
157
158			/* input validation */
159	3462a529	Matthew Grooms
160			$method = $pconfig['authentication_method'];
161	f27526cd	Evgeny Yurchenko	// Unset ca and cert if not required to avaoid storing in config
162	c7a7a4ee	Ermal Luçi	if ($method == "pre_shared_key" \|\| $method == "xauth_psk_server"){
163	ab2ccd9f	Renato Botelho	unset($pconfig['caref']);
164			unset($pconfig['certref']);
165	f27526cd	Evgeny Yurchenko	}
166	99642234	jim-p
167	1f65618b	jim-p	// Only require PSK here for normal PSK tunnels (not mobile) or xauth.
168	0a7c9c8e	jim-p	// For RSA methods, require the CA/Cert.
169	99642234	jim-p	switch ($method) {
170	10e2acb5	Ermal LUÇI	case 'eap-mschapv2':
171			if ($pconfig['iketype'] != 'ikev2')
172			$input_errors[] = gettext("EAP-MSChapv2 can only be used with IKEv2 type VPNs.");
173			break;
174	fa4e059e	Ermal	case "eap-tls":
175			if ($pconfig['iketype'] != 'ikev2')
176			$input_errors[] = gettext("EAP-TLS can only be used with IKEv2 type VPNs.");
177			break;
178	cb377516	Ingo Bauersachs	case "eap-radius":
179			if ($pconfig['iketype'] != 'ikev2')
180			$input_errors[] = gettext("EAP-RADIUS can only be used with IKEv2 type VPNs.");
181			break;
182	99642234	jim-p	case "pre_shared_key":
183	ab2ccd9f	Renato Botelho	// If this is a mobile PSK tunnel the user PSKs go on
184	0a7c9c8e	jim-p	// the PSK tab, not here, so skip the check.
185	99642234	jim-p	if ($pconfig['mobile'])
186			break;
187			case "xauth_psk_server":
188			$reqdfields = explode(" ", "pskey");
189			$reqdfieldsn = array(gettext("Pre-Shared Key"));
190	69b79ff0	Renato Botelho	$validate_pskey = true;
191	99642234	jim-p	break;
192			case "hybrid_rsa_server":
193			case "xauth_rsa_server":
194			case "rsasig":
195			$reqdfields = explode(" ", "caref certref");
196			$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
197			break;
198	a93e56c5	Matthew Grooms	}
199	3462a529	Matthew Grooms	if (!$pconfig['mobile']) {
200			$reqdfields[] = "remotegw";
201	2fbb33f1	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote gateway");
202	3462a529	Matthew Grooms	}
203	a93e56c5	Matthew Grooms
204	1e9b4611	Renato Botelho	do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
205	a93e56c5	Matthew Grooms
206	69b79ff0	Renato Botelho	if (isset($validate_pskey) && isset($pconfig['pskey']) && !preg_match('/^[[:ascii:]]*$/', $pconfig['pskey'])) {
207			unset($validate_pskey);
208			$input_errors[] = gettext("Pre-Shared Key contains invalid characters.");
209			}
210
211	3462a529	Matthew Grooms	if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
212	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("The P1 lifetime must be an integer.");
213	a93e56c5	Matthew Grooms
214	e4ffca08	Renato Botelho	if ($pconfig['remotegw']) {
215			if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw']))
216			$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
217			elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet"))
218			$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6");
219			elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6"))
220			$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4");
221			}
222	a93e56c5	Matthew Grooms
223	3462a529	Matthew Grooms	if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
224	a93e56c5	Matthew Grooms	$t = 0;
225			foreach ($a_phase1 as $ph1tmp) {
226			if ($p1index <> $t) {
227			$tremotegw = $pconfig['remotegw'];
228			if (($ph1tmp['remote-gateway'] == $tremotegw) && !isset($ph1tmp['disabled'])) {
229	ddc55e12	Erik Fonnesbeck	$input_errors[] = sprintf(gettext('The remote gateway "%1$s" is already used by phase1 "%2$s".'), $tremotegw, $ph1tmp['descr']);
230	a93e56c5	Matthew Grooms	}
231			}
232			$t++;
233			}
234			}
235
236	e4ffca08	Renato Botelho	if (is_array($a_phase2) && (count($a_phase2))) {
237			foreach ($a_phase2 as $phase2) {
238			if($phase2['ikeid'] == $pconfig['ikeid']) {
239			if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) {
240			$input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4.");
241			break;
242			}
243			if (($pconfig['protocol'] == "inet6") && ($phase2['mode'] == "tunnel")) {
244			$input_errors[] = gettext("There is a Phase 2 using IPv4, you cannot use IPv6.");
245			break;
246			}
247			}
248			}
249			}
250
251	a93e56c5	Matthew Grooms	/* My identity */
252
253	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "myaddress")
254			$pconfig['myid_data'] = "";
255	a93e56c5	Matthew Grooms
256	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
257	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter an address for 'My Identifier'");
258
259	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
260	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
261
262	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
263	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
264
265	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
266	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
267
268	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
269	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
270
271	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
272	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'My identifier' must be specified.");
273	a93e56c5	Matthew Grooms
274	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
275	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'My identifier' must be specified.");
276	a93e56c5	Matthew Grooms
277	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn")
278			if (is_domain($pconfig['myid_data']) == false)
279	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified.");
280	a93e56c5	Matthew Grooms
281	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn") {
282			$user_fqdn = explode("@",$pconfig['myid_data']);
283	a93e56c5	Matthew Grooms	if (is_domain($user_fqdn[1]) == false)
284	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.");
285	a93e56c5	Matthew Grooms	}
286
287	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns")
288			if (is_domain($pconfig['myid_data']) == false)
289	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified.");
290	a93e56c5	Matthew Grooms
291			/* Peer identity */
292
293	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "peeraddress")
294			$pconfig['peerid_data'] = "";
295
296	1f65618b	jim-p	// Only enforce peer ID if we are not dealing with a pure-psk mobile config.
297			if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) {
298			if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
299			$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
300	a93e56c5	Matthew Grooms
301	1f65618b	jim-p	if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
302			$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
303	a93e56c5	Matthew Grooms
304	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
305			$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
306	a93e56c5	Matthew Grooms
307	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
308			$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
309	a93e56c5	Matthew Grooms
310	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
311	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified.");
312	a93e56c5	Matthew Grooms
313	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
314	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified.");
315	a93e56c5	Matthew Grooms
316	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn")
317			if (is_domain($pconfig['peerid_data']) == false)
318	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified.");
319	a93e56c5	Matthew Grooms
320	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn") {
321			$user_fqdn = explode("@",$pconfig['peerid_data']);
322			if (is_domain($user_fqdn[1]) == false)
323	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.");
324	1f65618b	jim-p	}
325	a93e56c5	Matthew Grooms	}
326
327	3462a529	Matthew Grooms	if ($pconfig['dpd_enable']) {
328			if (!is_numeric($pconfig['dpd_delay']))
329	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD delay.");
330	a93e56c5	Matthew Grooms
331	3462a529	Matthew Grooms	if (!is_numeric($pconfig['dpd_maxfail']))
332	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD retries.");
333	a93e56c5	Matthew Grooms	}
334
335	ddabd9d6	Ermal	if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2" && $pconfig['iketype'] != "auto")
336			$input_errors[] = gettext("Valid arguments for IKE type is v1 or v2 or auto");
337	69aeef21	Chris Buechler
338			if (!empty($_POST['ealgo']) && isset($config['system']['crypto_hardware'])) {
339			if ($config['system']['crypto_hardware'] == "glxsb") {
340			if ($_POST['ealgo'] == "aes" && $_POST['ealgo_keylen'] != "128")
341			$input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled.");
342			}
343			}
344	20452c68	Ermal
345	a93e56c5	Matthew Grooms	/* build our encryption algorithms array */
346			$pconfig['ealgo'] = array();
347			$pconfig['ealgo']['name'] = $_POST['ealgo'];
348	3462a529	Matthew Grooms	if($pconfig['ealgo_keylen'])
349	a93e56c5	Matthew Grooms	$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
350
351			if (!$input_errors) {
352	3462a529	Matthew Grooms	$ph1ent['ikeid'] = $pconfig['ikeid'];
353	20452c68	Ermal	$ph1ent['iketype'] = $pconfig['iketype'];
354	8e87f714	Ermal LUÇI	if ($pconfig['iketype'] != 'ikev1')
355			unset($ph1ent['mode']);
356			else
357			$ph1ent['mode'] = $pconfig['mode'];
358	3462a529	Matthew Grooms	$ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
359	a93e56c5	Matthew Grooms	$ph1ent['interface'] = $pconfig['interface'];
360			/* if the remote gateway changed and the interface is not WAN then remove route */
361			/* the vpn_ipsec_configure() handles adding the route */
362	3462a529	Matthew Grooms	if ($pconfig['interface'] <> "wan") {
363	7fc26246	Seth Mos	if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
364	3acab378	smos	mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
365	a93e56c5	Matthew Grooms	}
366			}
367
368	3462a529	Matthew Grooms	if ($pconfig['mobile'])
369			$ph1ent['mobile'] = true;
370			else
371			$ph1ent['remote-gateway'] = $pconfig['remotegw'];
372
373	e79b24ab	Seth Mos	$ph1ent['protocol'] = $pconfig['protocol'];
374	3462a529	Matthew Grooms
375			$ph1ent['myid_type'] = $pconfig['myid_type'];
376			$ph1ent['myid_data'] = $pconfig['myid_data'];
377			$ph1ent['peerid_type'] = $pconfig['peerid_type'];
378			$ph1ent['peerid_data'] = $pconfig['peerid_data'];
379	a93e56c5	Matthew Grooms
380			$ph1ent['encryption-algorithm'] = $pconfig['ealgo'];
381	3462a529	Matthew Grooms	$ph1ent['hash-algorithm'] = $pconfig['halgo'];
382			$ph1ent['dhgroup'] = $pconfig['dhgroup'];
383			$ph1ent['lifetime'] = $pconfig['lifetime'];
384			$ph1ent['pre-shared-key'] = $pconfig['pskey'];
385			$ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
386	73fbece8	mgrooms	$ph1ent['certref'] = $pconfig['certref'];
387	a22d475f	jim-p	$ph1ent['caref'] = $pconfig['caref'];
388	3462a529	Matthew Grooms	$ph1ent['authentication_method'] = $pconfig['authentication_method'];
389			$ph1ent['descr'] = $pconfig['descr'];
390			$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
391	065e78b3	Chris Buechler	$ph1ent['mobike'] = $pconfig['mobike'];
392	3462a529	Matthew Grooms
393	0e7aad67	Ermal	if (isset($pconfig['reauth_enable']))
394			$ph1ent['reauth_enable'] = true;
395	a6a42b6d	Ermal LUÇI	else
396			unset($ph1ent['reauth_enable']);
397	0e7aad67	Ermal	if (isset($pconfig['rekey_enable']))
398			$ph1ent['rekey_enable'] = true;
399	a6a42b6d	Ermal LUÇI	else
400			unset($ph1ent['rekey_enable']);
401	0e7aad67	Ermal
402	87808568	Ermal LUÇI	if (isset($pconfig['responderonly']))
403			$ph1ent['responderonly'] = true;
404			else
405			unset($ph1ent['responderonly']);
406
407	3462a529	Matthew Grooms	if (isset($pconfig['dpd_enable'])) {
408			$ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
409			$ph1ent['dpd_maxfail'] = $pconfig['dpd_maxfail'];
410			}
411
412	a93e56c5	Matthew Grooms	/* generate unique phase1 ikeid */
413	d799787e	Matthew Grooms	if ($ph1ent['ikeid'] == 0)
414			$ph1ent['ikeid'] = ipsec_ikeid_next();
415	a93e56c5	Matthew Grooms
416			if (isset($p1index) && $a_phase1[$p1index])
417			$a_phase1[$p1index] = $ph1ent;
418			else
419			$a_phase1[] = $ph1ent;
420
421			write_config();
422	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
423	a93e56c5	Matthew Grooms
424			header("Location: vpn_ipsec.php");
425			exit;
426			}
427			}
428
429	3462a529	Matthew Grooms	if ($pconfig['mobile'])
430	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client"));
431	3462a529	Matthew Grooms	else
432	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"));
433	b32dd0a6	jim-p	$shortcut_section = "ipsec";
434	6deedfde	jim-p
435	3462a529	Matthew Grooms
436	a93e56c5	Matthew Grooms	include("head.inc");
437
438			?>
439
440			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
441			<?php include("fbegin.inc"); ?>
442	91f026b0	ayvis	<script type="text/javascript">
443	a0fca224	Colin Fleming	//<![CDATA[
444	3462a529	Matthew Grooms
445			function myidsel_change() {
446			index = document.iform.myid_type.selectedIndex;
447			value = document.iform.myid_type.options[index].value;
448			if (value == 'myaddress')
449	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'hidden';
450	3462a529	Matthew Grooms	else
451	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'visible';
452	3462a529	Matthew Grooms	}
453
454	0771969b	Ermal LUÇI	function iketype_change() {
455			index = document.iform.iketype.selectedIndex;
456			value = document.iform.iketype.options[index].value;
457	065e78b3	Chris Buechler	if (value == 'ikev2') {
458	0771969b	Ermal LUÇI	document.getElementById('negmode').style.display= 'none';
459	065e78b3	Chris Buechler	document.getElementById('mobike').style.display= '';
460			document.getElementById('natt').style.display= 'none';
461			document.getElementById('disablereauth').style.display= '';
462			} else {
463	0771969b	Ermal LUÇI	document.getElementById('negmode').style.display = '';
464	065e78b3	Chris Buechler	document.getElementById('mobike').style.display = 'none';
465			document.getElementById('natt').style.display= '';
466			document.getElementById('disablereauth').style.display= 'none';
467			}
468	0771969b	Ermal LUÇI	}
469
470	3462a529	Matthew Grooms	function peeridsel_change() {
471			index = document.iform.peerid_type.selectedIndex;
472			value = document.iform.peerid_type.options[index].value;
473			if (value == 'peeraddress')
474	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'hidden';
475	3462a529	Matthew Grooms	else
476	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'visible';
477	3462a529	Matthew Grooms	}
478
479	a93e56c5	Matthew Grooms	function methodsel_change() {
480	3462a529	Matthew Grooms	index = document.iform.authentication_method.selectedIndex;
481			value = document.iform.authentication_method.options[index].value;
482
483			switch (value) {
484	10e2acb5	Ermal LUÇI	case 'eap-mschapv2':
485	fa4e059e	Ermal	case 'eap-tls':
486	cb377516	Ingo Bauersachs	case 'eap-radius':
487	fa4e059e	Ermal	document.getElementById('opt_psk').style.display = 'none';
488			document.getElementById('opt_peerid').style.display = '';
489			document.getElementById('opt_cert').style.display = '';
490			document.getElementById('opt_ca').style.display = '';
491			document.getElementById('opt_cert').disabled = false;
492			document.getElementById('opt_ca').disabled = false;
493			break;
494			case 'hybrid_rsa_server':
495			document.getElementById('opt_psk').style.display = 'none';
496			document.getElementById('opt_peerid').style.display = '';
497			document.getElementById('opt_cert').style.display = '';
498			document.getElementById('opt_ca').style.display = '';
499			document.getElementById('opt_cert').disabled = false;
500			document.getElementById('opt_ca').disabled = false;
501			break;
502			case 'xauth_rsa_server':
503			case 'rsasig':
504			document.getElementById('opt_psk').style.display = 'none';
505			document.getElementById('opt_peerid').style.display = '';
506			document.getElementById('opt_cert').style.display = '';
507			document.getElementById('opt_ca').style.display = '';
508			document.getElementById('opt_cert').disabled = false;
509			document.getElementById('opt_ca').disabled = false;
510			break;
511	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
512	fa4e059e	Ermal	case 'pre_shared_key':
513			document.getElementById('opt_psk').style.display = 'none';
514			document.getElementById('opt_peerid').style.display = 'none';
515			document.getElementById('opt_cert').style.display = 'none';
516			document.getElementById('opt_ca').style.display = 'none';
517			document.getElementById('opt_cert').disabled = true;
518			document.getElementById('opt_ca').disabled = true;
519			break;
520	1f65618b	jim-p	<?php } ?>
521	fa4e059e	Ermal	default: /* psk modes*/
522			document.getElementById('opt_psk').style.display = '';
523			document.getElementById('opt_peerid').style.display = '';
524			document.getElementById('opt_cert').style.display = 'none';
525			document.getElementById('opt_ca').style.display = 'none';
526			document.getElementById('opt_cert').disabled = true;
527			document.getElementById('opt_ca').disabled = true;
528			break;
529	a93e56c5	Matthew Grooms	}
530			}
531
532			/* PHP generated java script for variable length keys */
533			function ealgosel_change(bits) {
534			switch (document.iform.ealgo.selectedIndex) {
535			<?php
536	ab2ccd9f	Renato Botelho	$i = 0;
537			foreach ($p1_ealgos as $algo => $algodata) {
538			if (is_array($algodata['keysel'])) {
539			echo " case {$i}:\n";
540			echo " document.iform.ealgo_keylen.style.visibility = 'visible';\n";
541			echo " document.iform.ealgo_keylen.options.length = 0;\n";
542			// echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
543
544			$key_hi = $algodata['keysel']['hi'];
545			$key_lo = $algodata['keysel']['lo'];
546			$key_step = $algodata['keysel']['step'];
547
548			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step)
549			echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n";
550			echo " break;\n";
551			} else {
552			echo " case {$i}:\n";
553			echo " document.iform.ealgo_keylen.style.visibility = 'hidden';\n";
554			echo " document.iform.ealgo_keylen.options.length = 0;\n";
555			echo " break;\n";
556			}
557			$i++;
558			}
559	a93e56c5	Matthew Grooms	?>
560			}
561
562			if( bits )
563			document.iform.ealgo_keylen.value = bits;
564			}
565	3462a529	Matthew Grooms
566	a93e56c5	Matthew Grooms	function dpdchkbox_change() {
567	5a3b0d3b	mgrooms	if( document.iform.dpd_enable.checked )
568			document.getElementById('opt_dpd').style.display = '';
569			else
570			document.getElementById('opt_dpd').style.display = 'none';
571	3462a529	Matthew Grooms
572			if (!document.iform.dpd_delay.value)
573			document.iform.dpd_delay.value = "10";
574
575			if (!document.iform.dpd_maxfail.value)
576			document.iform.dpd_maxfail.value = "5";
577	a93e56c5	Matthew Grooms	}
578	3462a529	Matthew Grooms
579	a0fca224	Colin Fleming	//]]>
580	a93e56c5	Matthew Grooms	</script>
581	5a3b0d3b	mgrooms
582			<form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform">
583
584			<?php
585			if ($input_errors)
586			print_input_errors($input_errors);
587			?>
588
589	a0fca224	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-1">
590	5a3b0d3b	mgrooms	<tr class="tabnavtbl">
591			<td id="tabnav">
592			<?php
593			$tab_array = array();
594	2fbb33f1	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
595			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
596	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
597	71172088	jim-p	$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
598	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
599			?>
600			</td>
601			</tr>
602			<tr>
603			<td id="mainarea">
604			<div class="tabcont">
605	a0fca224	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
606	5a3b0d3b	mgrooms	<tr>
607	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
608	5a3b0d3b	mgrooms	</tr>
609			<tr>
610	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
611	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
612	a0fca224	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
613	8cd558b6	ayvis	<strong><?=gettext("Disable this phase1 entry"); ?></strong><br />
614	5a3b0d3b	mgrooms	<span class="vexpl">
615	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this phase1 without " .
616			"removing it from the list"); ?>.
617	5a3b0d3b	mgrooms	</span>
618			</td>
619			</tr>
620	20452c68	Ermal	<tr>
621			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key Exchange version"); ?></td>
622			<td width="78%" class="vtable">
623	0771969b	Ermal LUÇI	<select name="iketype" class="formselect" onchange='iketype_change()'>
624	20452c68	Ermal	<?php
625	ddabd9d6	Ermal	$keyexchange = array("ikev1" => "V1", "ikev2" => "V2", "auto" => "Auto");
626	20452c68	Ermal	foreach ($keyexchange as $kidx => $name):
627			?>
628	a0fca224	Colin Fleming	<option value="<?=$kidx;?>" <?php if ($kidx == $pconfig['iketype']) echo "selected=\"selected\""; ?>>
629	20452c68	Ermal	<?=htmlspecialchars($name);?>
630			</option>
631			<?php endforeach; ?>
632	24aa9e40	Chris Buechler	</select> <br /> <span class="vexpl"><?=gettext("Select the Internet Key Exchange protocol version to be used, IKEv1 or IKEv2"); ?>.</span>
633	20452c68	Ermal	</td>
634			</tr>
635	e79b24ab	Seth Mos	<tr>
636			<td width="22%" valign="top" class="vncellreq"><?=gettext("Internet Protocol"); ?></td>
637			<td width="78%" class="vtable">
638			<select name="protocol" class="formselect">
639			<?php
640			$protocols = array("inet" => "IPv4", "inet6" => "IPv6");
641			foreach ($protocols as $protocol => $name):
642			?>
643	a0fca224	Colin Fleming	<option value="<?=$protocol;?>" <?php if ($protocol == $pconfig['protocol']) echo "selected=\"selected\""; ?>>
644	e79b24ab	Seth Mos	<?=htmlspecialchars($name);?>
645			</option>
646			<?php endforeach; ?>
647	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
648	e79b24ab	Seth Mos	</td>
649			</tr>
650	5a3b0d3b	mgrooms	<tr>
651	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
652	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
653			<select name="interface" class="formselect">
654	ab2ccd9f	Renato Botelho	<?php
655	5a3b0d3b	mgrooms	$interfaces = get_configured_interface_with_descr();
656	6dbffeda	smos
657	abcb2bed	Ermal Lu?i	$carplist = get_configured_carp_interface_list();
658			foreach ($carplist as $cif => $carpip)
659	dd62256f	Pierre POMES	$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
660	6dbffeda	smos
661	25f6730a	Pierre POMES	$aliaslist = get_configured_ip_aliases_list();
662			foreach ($aliaslist as $aliasip => $aliasif)
663	96b4c29a	Pierre POMES	$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
664	6dbffeda	smos
665			$grouplist = return_gateway_groups_array();
666			foreach ($grouplist as $name => $group) {
667			if($group[0]['vip'] <> "")
668			$vipif = $group[0]['vip'];
669			else
670			$vipif = $group[0]['int'];
671			$interfaces[$name] = "GW Group {$name}";
672			}
673
674
675	5a3b0d3b	mgrooms	foreach ($interfaces as $iface => $ifacename):
676			?>
677	a0fca224	Colin Fleming	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
678	5a3b0d3b	mgrooms	<?=htmlspecialchars($ifacename);?>
679			</option>
680			<?php endforeach; ?>
681			</select>
682	8cd558b6	ayvis	<br />
683	2fbb33f1	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Select the interface for the local endpoint of this phase1 entry"); ?>.</span>
684	5a3b0d3b	mgrooms	</td>
685			</tr>
686
687			<?php if (!$pconfig['mobile']): ?>
688
689			<tr>
690	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote gateway"); ?></td>
691	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
692	a0fca224	Colin Fleming	<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="28" value="<?=htmlspecialchars($pconfig['remotegw']);?>" />
693	8cd558b6	ayvis	<br />
694	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Enter the public IP address or host name of the remote gateway"); ?>
695	5a3b0d3b	mgrooms	</td>
696			</tr>
697
698			<?php endif; ?>
699
700			<tr>
701	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
702	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
703	a0fca224	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
704	8cd558b6	ayvis	<br />
705	5a3b0d3b	mgrooms	<span class="vexpl">
706	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
707			"for your reference (not parsed)"); ?>.
708	5a3b0d3b	mgrooms	</span>
709			</td>
710			</tr>
711			<tr>
712			<td colspan="2" class="list" height="12"></td>
713			</tr>
714			<tr>
715			<td colspan="2" valign="top" class="listtopic">
716	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Phase 1 proposal (Authentication)"); ?>
717	5a3b0d3b	mgrooms	</td>
718			</tr>
719	71d61aa5	jim-p	<tr>
720	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication method"); ?></td>
721	71d61aa5	jim-p	<td width="78%" class="vtable">
722	a0fca224	Colin Fleming	<select name="authentication_method" class="formselect" onchange="methodsel_change()">
723	71d61aa5	jim-p	<?php
724			foreach ($p1_authentication_methods as $method_type => $method_params):
725			if (!$pconfig['mobile'] && $method_params['mobile'])
726			continue;
727			?>
728	a0fca224	Colin Fleming	<option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected=\"selected\""; ?>>
729	71d61aa5	jim-p	<?=htmlspecialchars($method_params['name']);?>
730			</option>
731			<?php endforeach; ?>
732			</select>
733	8cd558b6	ayvis	<br />
734	71d61aa5	jim-p	<span class="vexpl">
735	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
736	71d61aa5	jim-p	</span>
737			</td>
738			</tr>
739	0771969b	Ermal LUÇI	<tr id='negmode' >
740	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Negotiation mode"); ?></td>
741	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
742			<select name="mode" class="formselect">
743			<?php
744	fc835b04	Ermal	$modes = array("main" => "Main", "aggressive" => "Aggressive");
745	0dc05b20	Ermal	foreach ($modes as $mode => $mdescr):
746	5a3b0d3b	mgrooms	?>
747	a0fca224	Colin Fleming	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['mode']) echo "selected=\"selected\""; ?>>
748	0dc05b20	Ermal	<?=htmlspecialchars($mdescr);?>
749	5a3b0d3b	mgrooms	</option>
750			<?php endforeach; ?>
751	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Aggressive is more flexible, but less secure"); ?>.</span>
752	5a3b0d3b	mgrooms	</td>
753			</tr>
754			<tr>
755	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My identifier"); ?></td>
756	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
757	a0fca224	Colin Fleming	<select name="myid_type" class="formselect" onchange="myidsel_change()">
758	5a3b0d3b	mgrooms	<?php foreach ($my_identifier_list as $id_type => $id_params): ?>
759	a0fca224	Colin Fleming	<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['myid_type']) echo "selected=\"selected\""; ?>>
760	5a3b0d3b	mgrooms	<?=htmlspecialchars($id_params['desc']);?>
761			</option>
762			<?php endforeach; ?>
763			</select>
764	a0fca224	Colin Fleming	<input name="myid_data" type="text" class="formfld unknown" id="myid_data" size="30" value="<?=htmlspecialchars($pconfig['myid_data']);?>" />
765	5a3b0d3b	mgrooms	</td>
766			</tr>
767	1f65618b	jim-p	<tr id="opt_peerid">
768	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer identifier"); ?></td>
769	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
770	a0fca224	Colin Fleming	<select name="peerid_type" class="formselect" onchange="peeridsel_change()">
771	5a3b0d3b	mgrooms	<?php
772			foreach ($peer_identifier_list as $id_type => $id_params):
773			if ($pconfig['mobile'] && !$id_params['mobile'])
774			continue;
775			?>
776	a0fca224	Colin Fleming	<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected=\"selected\""; ?>>
777	5a3b0d3b	mgrooms	<?=htmlspecialchars($id_params['desc']);?>
778			</option>
779			<?php endforeach; ?>
780			</select>
781	a0fca224	Colin Fleming	<input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=htmlspecialchars($pconfig['peerid_data']);?>" />
782	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
783	8cd558b6	ayvis	<br /><br /><?=gettext("NOTE: This is known as the \"group\" setting on some VPN client implementations"); ?>.
784	1f65618b	jim-p	<?php } ?>
785	5a3b0d3b	mgrooms	</td>
786			</tr>
787	71d61aa5	jim-p	<tr id="opt_psk">
788	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
789	71d61aa5	jim-p	<td width="78%" class="vtable">
790			<?=$mandfldhtml;?>
791	a0fca224	Colin Fleming	<input name="pskey" type="text" class="formfld unknown" id="pskey" size="40" value="<?=htmlspecialchars($pconfig['pskey']);?>" />
792	71d61aa5	jim-p	<span class="vexpl">
793	8cd558b6	ayvis	<br />
794	2a2b247b	jim-p	<?=gettext("Input your Pre-Shared Key string"); ?>.
795	71d61aa5	jim-p	</span>
796			</td>
797			</tr>
798	fa4e059e	Ermal	<tr id="opt_cert">
799			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td>
800			<td width="78%" class="vtable">
801			<select name="certref" class="formselect">
802			<?php
803			foreach ($config['cert'] as $cert):
804			$selected = "";
805			if ($pconfig['certref'] == $cert['refid'])
806			$selected = "selected=\"selected\"";
807			?>
808			<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option>
809			<?php endforeach; ?>
810			</select>
811			<br />
812			<span class="vexpl">
813			<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>.
814			</span>
815			</td>
816			</tr>
817			<tr id="opt_ca">
818			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
819			<td width="78%" class="vtable">
820			<select name="caref" class="formselect">
821			<?php
822			foreach ($config['ca'] as $ca):
823			$selected = "";
824			if ($pconfig['caref'] == $ca['refid'])
825			$selected = "selected=\"selected\"";
826			?>
827			<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
828			<?php endforeach; ?>
829			</select>
830			<br />
831			<span class="vexpl">
832			<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
833			</span>
834			</td>
835			</tr>
836			<tr>
837			<td colspan="2" valign="top" class="listtopic">
838			<?=gettext("Phase 1 proposal (Algorithms)"); ?>
839			</td>
840			</tr>
841	5a3b0d3b	mgrooms	<tr>
842	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
843	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
844	a0fca224	Colin Fleming	<select name="ealgo" class="formselect" onchange="ealgosel_change()">
845	5a3b0d3b	mgrooms	<?php
846			foreach ($p1_ealgos as $algo => $algodata):
847	a0fca224	Colin Fleming	$selected = "";
848	5a3b0d3b	mgrooms	if ($algo == $pconfig['ealgo']['name'])
849	a0fca224	Colin Fleming	$selected = " selected=\"selected\"";
850	5a3b0d3b	mgrooms	?>
851			<option value="<?=$algo;?>"<?=$selected?>>
852			<?=htmlspecialchars($algodata['name']);?>
853			</option>
854			<?php endforeach; ?>
855			</select>
856			<select name="ealgo_keylen" width="30" class="formselect">
857			</select>
858			</td>
859			</tr>
860			<tr>
861	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithm"); ?></td>
862	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
863			<select name="halgo" class="formselect">
864			<?php foreach ($p1_halgos as $algo => $algoname): ?>
865	a0fca224	Colin Fleming	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['halgo']) echo "selected=\"selected\""; ?>>
866	5a3b0d3b	mgrooms	<?=htmlspecialchars($algoname);?>
867			</option>
868			<?php endforeach; ?>
869			</select>
870	8cd558b6	ayvis	<br />
871	5a3b0d3b	mgrooms	<span class="vexpl">
872	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
873	5a3b0d3b	mgrooms	</span>
874			</td>
875			</tr>
876			<tr>
877	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH key group"); ?></td>
878	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
879			<select name="dhgroup" class="formselect">
880	665340db	jim-p	<?php foreach ($p1_dhgroups as $keygroup => $keygroupname): ?>
881	a0fca224	Colin Fleming	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['dhgroup']) echo "selected=\"selected\""; ?>>
882	665340db	jim-p	<?=htmlspecialchars($keygroupname);?>
883	5a3b0d3b	mgrooms	</option>
884			<?php endforeach; ?>
885			</select>
886	8cd558b6	ayvis	<br />
887	5a3b0d3b	mgrooms	<span class="vexpl">
888	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
889	5a3b0d3b	mgrooms	</span>
890			</td>
891			</tr>
892			<tr>
893	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
894	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
895	a0fca224	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />
896	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
897	5a3b0d3b	mgrooms	</td>
898			</tr>
899			<tr>
900			<td colspan="2" class="list" height="12"></td>
901			</tr>
902			<tr>
903	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
904	5a3b0d3b	mgrooms	</tr>
905	0e7aad67	Ermal	<tr>
906	3b9ef0ef	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Disable Rekey");?></td>
907	0e7aad67	Ermal	<td width="78%" class="vtable">
908			<input name="rekey_enable" type="checkbox" id="rekey_enable" value="yes" <?php if (isset($pconfig['rekey_enable'])) echo "checked=\"checked\""; ?> />
909			<?=gettext("Whether a connection should be renegotiated when it is about to expire."); ?><br />
910			</td>
911			</tr>
912	065e78b3	Chris Buechler	<tr id='disablereauth'>
913	3b9ef0ef	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Disable Reauth");?></td>
914	0e7aad67	Ermal	<td width="78%" class="vtable">
915			<input name="reauth_enable" type="checkbox" id="reauth_enable" value="yes" <?php if (isset($pconfig['reauth_enable'])) echo "checked=\"checked\""; ?> />
916	76266acd	Ermal	<?=gettext("Whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done."); ?><br />
917	0e7aad67	Ermal	</td>
918			</tr>
919	87808568	Ermal LUÇI	<tr>
920	d7f4c1a4	Chris Buechler	<td width="22%" valign="top" class="vncell"><?=gettext("Responder Only");?></td>
921	87808568	Ermal LUÇI	<td width="78%" class="vtable">
922			<input name="responderonly" type="checkbox" id="responderonly" value="yes" <?php if (isset($pconfig['responderonly'])) echo "checked=\"checked\""; ?> />
923	d7f4c1a4	Chris Buechler	<?=gettext("Enable this option to never initiate this connection from this side, only respond to incoming requests."); ?><br />
924	87808568	Ermal LUÇI	</td>
925			</tr>
926	065e78b3	Chris Buechler	<tr id='natt'>
927	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT Traversal"); ?></td>
928	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
929			<select name="nat_traversal" class="formselect">
930	0810a719	Ermal	<option value="on" <?php if ($pconfig['nat_traversal'] != 'on') echo "selected=\"selected\""; ?>><?=gettext("Auto"); ?></option>
931			<option value="force" <?php if ($pconfig['nat_traversal'] == 'force') echo "selected=\"selected\""; ?>><?=gettext("Force"); ?></option>
932	5a3b0d3b	mgrooms	</select>
933	8cd558b6	ayvis	<br />
934	5a3b0d3b	mgrooms	<span class="vexpl">
935	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed, " .
936			"which can help with clients that are behind restrictive firewalls"); ?>.
937	5a3b0d3b	mgrooms	</span>
938			</td>
939	065e78b3	Chris Buechler	</tr>
940			<tr id='mobike'>
941			<td width="22%" valign="top" class="vncell"><?=gettext("MOBIKE"); ?></td>
942			<td width="78%" class="vtable">
943			<select name="mobike" class="formselect">
944			<option value="on" <?php if ($pconfig['mobike'] == 'on') echo "selected=\"selected\""; ?>><?=gettext("Enable"); ?></option>
945			<option value="off" <?php if ($pconfig['mobike'] != 'on') echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
946			</select>
947			<br />
948			<span class="vexpl">
949			<?=gettext("Set this option to control the use of MOBIKE"); ?>.
950			</span>
951			</td>
952	5a3b0d3b	mgrooms	</tr>
953			<tr>
954	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dead Peer Detection"); ?></td>
955	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
956	a0fca224	Colin Fleming	<input name="dpd_enable" type="checkbox" id="dpd_enable" value="yes" <?php if (isset($pconfig['dpd_enable'])) echo "checked=\"checked\""; ?> onclick="dpdchkbox_change()" />
957	8cd558b6	ayvis	<?=gettext("Enable DPD"); ?><br />
958	5a3b0d3b	mgrooms	<div id="opt_dpd">
959	8cd558b6	ayvis	<br />
960	a0fca224	Colin Fleming	<input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=htmlspecialchars($pconfig['dpd_delay']);?>" />
961	8cd558b6	ayvis	<?=gettext("seconds"); ?><br />
962	5a3b0d3b	mgrooms	<span class="vexpl">
963	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Delay between requesting peer acknowledgement"); ?>.
964	8cd558b6	ayvis	</span><br />
965			<br />
966	a0fca224	Colin Fleming	<input name="dpd_maxfail" type="text" class="formfld unknown" id="dpd_maxfail" size="5" value="<?=htmlspecialchars($pconfig['dpd_maxfail']);?>" />
967	8cd558b6	ayvis	<?=gettext("retries"); ?><br />
968	5a3b0d3b	mgrooms	<span class="vexpl">
969	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Number of consecutive failures allowed before disconnect"); ?>.
970	5a3b0d3b	mgrooms	</span>
971	8cd558b6	ayvis	<br />
972	5a3b0d3b	mgrooms	</div>
973			</td>
974			</tr>
975			<tr>
976			<td width="22%" valign="top"> </td>
977			<td width="78%">
978			<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
979	a0fca224	Colin Fleming	<input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>" />
980	5a3b0d3b	mgrooms	<?php endif; ?>
981			<?php if ($pconfig['mobile']): ?>
982	a0fca224	Colin Fleming	<input name="mobile" type="hidden" value="true" />
983	5a3b0d3b	mgrooms	<?php endif; ?>
984	a0fca224	Colin Fleming	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" />
985			<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
986	5a3b0d3b	mgrooms	</td>
987			</tr>
988			</table>
989			</div>
990			</td>
991			</tr>
992			</table>
993	a93e56c5	Matthew Grooms	</form>
994	5a3b0d3b	mgrooms
995	a0fca224	Colin Fleming	<script type="text/javascript">
996			//<![CDATA[
997	a93e56c5	Matthew Grooms	<?php
998			/* determine if we should init the key length */
999			$keyset = '';
1000			if (isset($pconfig['ealgo']['keylen']))
1001			if (is_numeric($pconfig['ealgo']['keylen']))
1002			$keyset = $pconfig['ealgo']['keylen'];
1003			?>
1004	3462a529	Matthew Grooms	myidsel_change();
1005			peeridsel_change();
1006	0771969b	Ermal LUÇI	iketype_change();
1007	a93e56c5	Matthew Grooms	methodsel_change();
1008			ealgosel_change(<?=$keyset;?>);
1009			dpdchkbox_change();
1010	a0fca224	Colin Fleming	//]]>
1011	a93e56c5	Matthew Grooms	</script>
1012			<?php include("fend.inc"); ?>
1013	3462a529	Matthew Grooms	</body>
1014			</html>

Project

General

Profile

pfSense