Project

General

Profile

Download (13.4 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
	vpn_ipsec.php
4
	part of m0n0wall (http://m0n0.ch/wall)
5

    
6
	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
7
	Copyright (C) 2008 Shrew Soft Inc
8
	All rights reserved.
9

    
10
	Redistribution and use in source and binary forms, with or without
11
	modification, are permitted provided that the following conditions are met:
12

    
13
	1. Redistributions of source code must retain the above copyright notice,
14
	   this list of conditions and the following disclaimer.
15

    
16
	2. Redistributions in binary form must reproduce the above copyright
17
	   notice, this list of conditions and the following disclaimer in the
18
	   documentation and/or other materials provided with the distribution.
19

    
20
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29
	POSSIBILITY OF SUCH DAMAGE.
30
*/
31

    
32
##|+PRIV
33
##|*IDENT=page-vpn-ipsec
34
##|*NAME=VPN: IPsec page
35
##|*DESCR=Allow access to the 'VPN: IPsec' page.
36
##|*MATCH=vpn_ipsec.php*
37
##|-PRIV
38

    
39

    
40
require("guiconfig.inc");
41

    
42
if (!is_array($config['ipsec']['phase1']))
43
	$config['ipsec']['phase1'] = array();
44

    
45
if (!is_array($config['ipsec']['phase2']))
46
	$config['ipsec']['phase2'] = array();
47

    
48
$a_phase1 = &$config['ipsec']['phase1'];
49
$a_phase2 = &$config['ipsec']['phase2'];
50

    
51
$wancfg = &$config['interfaces']['wan'];
52

    
53
$pconfig['enable'] = isset($config['ipsec']['enable']);
54

    
55
if ($_POST) {
56

    
57
	if ($_POST['apply']) {
58
		$retval = 0;
59
		$retval = vpn_ipsec_refresh_policies();
60
		$retval = vpn_ipsec_configure();
61
		/* reload the filter in the background */
62
		filter_configure();
63
		$savemsg = get_std_save_message($retval);
64
		if ($retval == 0) {
65
			if (is_subsystem_dirty('ipsec'))
66
				clear_subsystem_dirty('ipsec');
67
		}
68
	} else if ($_POST['submit']) {
69
		$pconfig = $_POST;
70

    
71
		$config['ipsec']['enable'] = $_POST['enable'] ? true : false;
72
		
73
		write_config();
74
	}
75
}
76

    
77
if ($_GET['act'] == "delph1")
78
{
79
	if ($a_phase1[$_GET['p1index']]) {
80
		/* remove static route if interface is not WAN */
81
		if ($a_phase1[$_GET['p1index']]['interface'] <> "wan")
82
			mwexec("/sbin/route delete -host {$$a_phase1[$_GET['p1index']]['remote-gateway']}");
83

    
84
		/* remove all phase2 entries that match the ikeid */
85
		$ikeid = $a_phase1[$_GET['p1index']]['ikeid'];
86
		foreach ($a_phase2 as $p2index => $ph2tmp)
87
			if ($ph2tmp['ikeid'] == $ikeid)
88
				unset($a_phase2[$p2index]);
89

    
90
		/* remove the phase1 entry */
91
		unset($a_phase1[$_GET['p1index']]);
92
		vpn_ipsec_refresh_policies();
93
		vpn_ipsec_configure();
94
		write_config();
95
		filter_configure();
96
		header("Location: vpn_ipsec.php");
97
		exit;
98
	}
99
}
100

    
101
if ($_GET['act'] == "delph2")
102
{
103
	if ($a_phase2[$_GET['p2index']]) {
104
		/* remove the phase2 entry */
105
		unset($a_phase2[$_GET['p2index']]);
106
		vpn_ipsec_refresh_policies();
107
		vpn_ipsec_configure();
108
		filter_configure();
109
		write_config();
110
		header("Location: vpn_ipsec.php");
111
		exit;
112
	}
113
}
114

    
115
$pgtitle = array("VPN","IPsec");
116
include("head.inc");
117

    
118
?>
119

    
120

    
121
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
122
<?php include("fbegin.inc"); ?>
123
<form action="vpn_ipsec.php" method="post">
124
<?php
125
	if ($savemsg)
126
		print_info_box($savemsg);
127
	if ($pconfig['enable'] && is_subsystem_dirty('ipsec'))
128
		print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect.");
129
?>
130
<table width="100%" border="0" cellpadding="0" cellspacing="0">
131
	<tr>
132
		<td class="tabnavtbl">
133
			<?php
134
				$tab_array = array();
135
				$tab_array[0] = array("Tunnels", true, "vpn_ipsec.php");
136
				$tab_array[1] = array("Mobile clients", false, "vpn_ipsec_mobile.php");
137
				display_top_tabs($tab_array);
138
			?>
139
		</td>
140
	</tr>
141
	<tr>
142
		<td>
143
			<div id="mainarea">
144
				<table border='1'>
145
				<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
146
					<tr>
147
						<td class="vtable">
148
							<table border="0" cellspacing="2" cellpadding="0">
149
								<tr>
150
									<td>
151
										<input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked";?>>
152
									</td>
153
									<td>
154
										<strong>Enable IPsec</strong>
155
									</td>
156
								</tr>
157
							</table>
158
						</td>
159
					</tr>
160
					<tr>
161
						<td>
162
							<input name="submit" type="submit" class="formbtn" value="Save">
163
						</td>
164
					</tr>
165
				</table>
166
				<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
167
					<?php
168
						$i = 0;
169
						foreach ($a_phase1 as $ph1ent) {
170
							if (isset( $ph1ent['disabled'])) {
171
								$spans = "<span class=\"gray\">";
172
								$spane = "</span>";
173
							}
174
							else
175
								$spans = $spane = "";
176
						
177
						show_ipsec_header($ph1ent);
178
						$counter++; // used to deterimine if we need to output header manually (no records exist)
179
					?>					
180
					<tr valign="top" ondblclick="document.location='vpn_ipsec_phase1.php?p1index=<?=$i;?>'">
181
						<td class="listlr">
182
							<?=$spans;?>
183
							<?php
184
								if ($ph1ent['interface']) {
185
									$iflabels = get_configured_interface_with_descr();
186
									$carpips = find_number_of_needed_carp_interfaces();
187
									for( $j=0; $j<$carpips; $j++ ) {
188
										$carpip = find_interface_ip("carp" . $j);
189
										$iflabels['carp' . $j] = "CARP{$j} ({$carpip})"; 
190
									}
191
									$if = htmlspecialchars($iflabels[$ph1ent['interface']]);
192
								}
193
								else
194
									$if = "WAN";
195

    
196
								if (!isset($ph1ent['mobile']))
197
									echo $if."<br>".$ph1ent['remote-gateway'];
198
								else
199
									echo $if."<br><strong>Mobile Client</strong>";
200
							?>
201
							<?=$spane;?>
202
						</td>
203
						<td class="listr">
204
							<?=$spans;?>
205
							<?=$ph1ent['mode'];?>
206
							<?=$spane;?>
207
						</td>
208
						<td class="listr">
209
							<?=$spans;?>
210
							<?=$p1_ealgos[$ph1ent['encryption-algorithm']['name']]['name'];?>
211
							<?php
212
								if ($ph1ent['encryption-algorithm']['keylen']) {
213
									if ($ph1ent['encryption-algorithm']['keylen']=="auto")
214
										echo " (auto)";
215
									else
216
										echo " ({$ph1ent['encryption-algorithm']['keylen']} bits)";
217
								}
218
							?>
219
							<?=$spane;?>
220
						</td>
221
						<td class="listr">
222
							<?=$spans;?>
223
							<?=$p1_halgos[$ph1ent['hash-algorithm']];?>
224
							<?=$spane;?>
225
						</td>
226
						<td class="listbg">
227
							<?=$spans;?>
228
							<?=htmlspecialchars($ph1ent['descr']);?>&nbsp;
229
							<?=$spane;?>
230
						</td>
231
						<td valign="middle" nowrap class="list">
232
							<table border="0" cellspacing="0" cellpadding="1">
233
								<tr>
234
									<td>
235
										<a href="vpn_ipsec_phase1.php?p1index=<?=$i;?>">
236
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit phase1 entry" width="17" height="17" border="0">
237
										</a>
238
									</td>
239
									<td>
240
										<a href="vpn_ipsec.php?act=delph1&p1index=<?=$i;?>" onclick="return confirm('Do you really want to delete this phase1 and all associated phase2 entries?')">
241
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete phase1 entry" width="17" height="17" border="0">
242
										</a>
243
									</td>
244
								</tr>
245
								<?php if (!isset($ph1ent['mobile'])): ?>
246
								<tr>
247
									<td>
248
									</td>
249
									<td>
250
										<a href="vpn_ipsec_phase1.php?dup=<?=$i;?>">
251
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="copy phase1 entry" width="17" height="17" border="0">
252
										</a>
253
									</td>
254
								</tr>
255
								<?php endif; ?>
256
							</table>
257
						</td>
258
					</tr>
259
					<tr>
260
						<td class="listrborder" colspan="5">
261
							<div id="shph2but-<?=$i?>">
262
								<?php
263
									$phase2count=0;
264
									foreach ($a_phase2 as $ph2ent) {
265
										if ($ph2ent['ikeid'] != $ph1ent['ikeid']) 
266
											continue;
267
										if (isset( $ph2ent['disabled']) || isset($ph1ent['disabled'])) 
268
											continue;
269
										$phase2count++;
270
									}
271
								?>								
272
								<input  type="button" onClick="show_phase2('tdph2-<?=$i?>','shph2but-<?=$i?>')" value="+"></input> - Show <?=$phase2count?> Phase-2 entries</a>
273
							</div>
274
							<table class="tabcont" width="100%" height="100%" border="0" cellspacing="0" cellpadding="0" id="tdph2-<?=$i?>" style="display:none">
275
								<tr>
276
									<td class="listhdrr">Mode</td>
277
									<?php if($ph2ent['mode'] == "tunnel"): ?>
278
									<td class="listhdrr">Local Subnet</td>
279
									<td class="listhdrr">Remote Subnet</td>
280
									<?php endif; ?>
281
									<td class="listhdrr">P2 Protocol</td>
282
									<td class="listhdrr">P2 Transforms</td>
283
									<td class="listhdrr">P2 Auth Methods</td>
284
									<td class ="list">
285
										<a href="vpn_ipsec_phase2.php?ikeid=<?=$ph1ent['ikeid'];?><?php if (isset($ph1ent['mobile'])) echo "&mobile=true";?>">
286
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add phase2 entry" width="17" height="17" border="0">
287
										</a>
288
									</td>
289
								</tr>
290
								<?php
291
									$j = 0;
292
									foreach ($a_phase2 as $ph2ent) {
293
										if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
294
											$j++;
295
											continue;
296
										}
297

    
298
										if (isset( $ph2ent['disabled']) || isset($ph1ent['disabled'])) {
299
											$spans = "<span class=\"gray\">";
300
											$spane = "</span>";
301
										}
302
										else
303
											$spans = $spane = "";
304
								?>
305
								<tr valign="top" ondblclick="document.location='vpn_ipsec_phase2.php?p2index=<?=$i;?>'">
306

    
307
									<td nowrap class="listlr">
308
										<?=$spans;?>
309
											<?=$ph2ent['mode'];?>
310
										<?=$spane;?>
311
									</td>
312
									<?php if($ph2ent['mode'] == "tunnel"): ?>
313
									<td nowrap class="listr">
314
										<?=$spans;?>
315
											<?=ipsec_idinfo_to_text($ph2ent['localid']); ?>
316
										<?=$spane;?>
317
									</td>
318
									<td nowrap class="listr">
319
										<?=$spans;?>
320
											<?=ipsec_idinfo_to_text($ph2ent['remoteid']); ?>
321
										<?=$spane;?>
322
									</td>
323
									<?php endif; ?>
324
									<td nowrap class="listr">
325
										<?=$spans;?>
326
											<?php echo $p2_protos[$ph2ent['protocol']];	?>
327
										<?=$spane;?>
328
									</td>
329
									<td class="listr">
330
										<?=$spans;?>
331
										<?php
332
											$k = 0;
333
											foreach ($ph2ent['encryption-algorithm-option'] as $ph2ea) {
334
												if ($k++)
335
													echo ", ";
336
												echo $p2_ealgos[$ph2ea['name']]['name'];
337
												if ($ph2ea['keylen']) {
338
													if ($ph2ea['keylen']=="auto")
339
														echo " (auto)";
340
													else
341
														echo " ({$ph2ea['keylen']} bits)";
342
												}
343
											}
344
										?>
345
										<?=$spane;?>
346
									</td>
347
									<td nowrap class="listr">
348
										<?=$spans;?>
349
										<?php
350
											$k = 0;
351
											foreach ($ph2ent['hash-algorithm-option'] as $ph2ha) {
352
												if ($k++)
353
													echo ", ";
354
												echo $p2_halgos[$ph2ha];
355
											}
356
										?>
357
										<?=$spane;?>
358
									</td>
359
									<td nowrap class="list">
360
										<a href="vpn_ipsec_phase2.php?p2index=<?=$j;?>">
361
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit phase2 entry" width="17" height="17" border="0">
362
										</a>
363
										<a href="vpn_ipsec.php?act=delph2&p2index=<?=$j;?>" onclick="return confirm('Do you really want to delete this phase2 entry?')">
364
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete phase2 entry" width="17" height="17" border="0">
365
										</a>
366
									</td>
367
								</tr>
368

    
369
								<?php
370
										$j++;
371
									}
372
								?>
373
							</table>
374
						</td>
375
					</tr>
376
					<tr>
377
						<td>
378
							&nbsp;
379
						</td>
380
					</tr>
381
					<?php
382
							$i++;
383
						}
384
					if(!$counter)
385
						show_ipsec_header();
386
					?>
387
					<tr>
388
						<td class="list" colspan="5"></td>
389
						<td class="list">
390
							<table border="0" cellspacing="0" cellpadding="1">
391
								<tr>
392
									<td width="17"></td>
393
									<td>
394
										<a href="vpn_ipsec_phase1.php">
395
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add phase1 entry" width="17" height="17" border="0">
396
										</a>
397
									</td>
398
								</tr>
399
							</table>
400
						<td>
401
					</tr>
402
					<tr>
403
						<td colspan="4">
404
							<p>
405
								<span class="vexpl">
406
									<span class="red">
407
										<strong>Note:<br></strong>
408
									</span>
409
									You can check your IPsec status at <a href="diag_ipsec.php">Status:IPsec</a>.
410
								</span>
411
							</p>
412
						</td>
413
					</tr>
414
				</table>
415
			</div>
416
		</td>
417
	</tr>
418
</table>
419
</form>
420
<?php include("fend.inc"); ?>
421
<script type="text/javascript">
422
function show_phase2(id, buttonid) {
423
	document.getElementById(buttonid).innerHTML='';
424
	aodiv = document.getElementById(id);
425
	aodiv.style.display = "block";
426
}
427
</script>
428
</body>
429
</html>
430

    
431
<?php
432

    
433
function show_ipsec_header() {
434
	if (isset($ph1ent['mobile'])) $mobile = "&mobile=true";
435
	echo <<<EOF
436
	<tr>
437
		<td class="listhdrr">Remote Gateway</td>
438
		<td class="listhdrr">Mode</td>
439
		<td class="listhdrr">P1 Protocol</td>
440
		<td class="listhdrr">P1 Transforms</td>
441
		<td class="listhdrr">P1 Description</td>
442
		<td class ="list">
443
			<a href="vpn_ipsec_phase2.php?ikeid={$ph1ent['ikeid']}{$mobile}">
444
				<img src="./themes/{$g['theme']}/images/icons/icon_plus.gif" title="add phase2 entry" width="17" height="17" border="0">
445
			</a>
446
		</td>
447
	</tr>
448

    
449
EOF;
450
	
451
}
452

    
453
?>
(200-200/217)