/usr/local/www/vpn_ipsec_phase1.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase1.php @ a18b04d8

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase1.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase1
34			##\|*NAME=VPN: IPsec: Edit Phase 1 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 1' page.
36			##\|MATCH=vpn_ipsec_phase1.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44			if (!is_array($config['ipsec']['phase1']))
45			$config['ipsec']['phase1'] = array();
46
47	647c7c48	Seth Mos	if (!is_array($config['ipsec']['phase2']))
48			$config['ipsec']['phase2'] = array();
49
50	a93e56c5	Matthew Grooms	$a_phase1 = &$config['ipsec']['phase1'];
51	647c7c48	Seth Mos	$a_phase2 = &$config['ipsec']['phase2'];
52	a93e56c5	Matthew Grooms
53			$p1index = $_GET['p1index'];
54			if (isset($_POST['p1index']))
55			$p1index = $_POST['p1index'];
56
57			if (isset($_GET['dup'])) {
58			$p1index = $_GET['dup'];
59			}
60
61	fad728ab	sullrich	if (isset($p1index) && $a_phase1[$p1index]) {
62	99bbd213	Matthew Grooms	// don't copy the ikeid on dup
63			if (!isset($_GET['dup']))
64			$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
65	7fc26246	Seth Mos
66	647c7c48	Seth Mos	$old_ph1ent = $a_phase1[$p1index];
67	99bbd213	Matthew Grooms
68	a93e56c5	Matthew Grooms	$pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']);
69
70			if ($a_phase1[$p1index]['interface'])
71			$pconfig['interface'] = $a_phase1[$p1index]['interface'];
72			else
73			$pconfig['interface'] = "wan";
74
75			list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
76	3462a529	Matthew Grooms
77			if (isset($a_phase1[$p1index]['mobile']))
78			$pconfig['mobile'] = 'true';
79			else
80			$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
81
82	a93e56c5	Matthew Grooms	$pconfig['mode'] = $a_phase1[$p1index]['mode'];
83	e79b24ab	Seth Mos	$pconfig['protocol'] = $a_phase1[$p1index]['protocol'];
84	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
85			$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data'];
86			$pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type'];
87			$pconfig['peerid_data'] = $a_phase1[$p1index]['peerid_data'];
88			$pconfig['ealgo'] = $a_phase1[$p1index]['encryption-algorithm'];
89			$pconfig['halgo'] = $a_phase1[$p1index]['hash-algorithm'];
90			$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup'];
91			$pconfig['lifetime'] = $a_phase1[$p1index]['lifetime'];
92			$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
93	5cd9e96a	jim-p	$pconfig['generate_policy'] = $a_phase1[$p1index]['generate_policy'];
94	812dd35d	jim-p	$pconfig['proposal_check'] = $a_phase1[$p1index]['proposal_check'];
95	4e2af464	Matthew Grooms
96	ab2ccd9f	Renato Botelho	if (($pconfig['authentication_method'] == "pre_shared_key") \|\|
97	4e2af464	Matthew Grooms	($pconfig['authentication_method'] == "xauth_psk_server")) {
98			$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
99			} else {
100	73fbece8	mgrooms	$pconfig['certref'] = $a_phase1[$p1index]['certref'];
101	a22d475f	jim-p	$pconfig['caref'] = $a_phase1[$p1index]['caref'];
102	4e2af464	Matthew Grooms	}
103	a93e56c5	Matthew Grooms
104			$pconfig['descr'] = $a_phase1[$p1index]['descr'];
105			$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
106	3462a529	Matthew Grooms
107			if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) {
108			$pconfig['dpd_enable'] = true;
109			$pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay'];
110			$pconfig['dpd_maxfail'] = $a_phase1[$p1index]['dpd_maxfail'];
111			}
112	fad728ab	sullrich	} else {
113	a93e56c5	Matthew Grooms	/* defaults */
114			$pconfig['interface'] = "wan";
115	ab2ccd9f	Renato Botelho	if($config['interfaces']['lan'])
116	a93e56c5	Matthew Grooms	$pconfig['localnet'] = "lan";
117			$pconfig['mode'] = "aggressive";
118	e79b24ab	Seth Mos	$pconfig['protocol'] = "inet";
119	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = "myaddress";
120			$pconfig['peerid_type'] = "peeraddress";
121			$pconfig['authentication_method'] = "pre_shared_key";
122			$pconfig['ealgo'] = array( name => "3des" );
123			$pconfig['halgo'] = "sha1";
124			$pconfig['dhgroup'] = "2";
125			$pconfig['lifetime'] = "28800";
126			$pconfig['nat_traversal'] = "on";
127	3462a529	Matthew Grooms	$pconfig['dpd_enable'] = true;
128
129			/* mobile client */
130			if($_GET['mobile'])
131			$pconfig['mobile']=true;
132	a93e56c5	Matthew Grooms	}
133
134			if (isset($_GET['dup']))
135			unset($p1index);
136
137			if ($_POST) {
138			unset($input_errors);
139			$pconfig = $_POST;
140
141			/* input validation */
142	3462a529	Matthew Grooms
143			$method = $pconfig['authentication_method'];
144	f27526cd	Evgeny Yurchenko	// Unset ca and cert if not required to avaoid storing in config
145	c7a7a4ee	Ermal Luçi	if ($method == "pre_shared_key" \|\| $method == "xauth_psk_server"){
146	ab2ccd9f	Renato Botelho	unset($pconfig['caref']);
147			unset($pconfig['certref']);
148	f27526cd	Evgeny Yurchenko	}
149	99642234	jim-p
150	1f65618b	jim-p	// Only require PSK here for normal PSK tunnels (not mobile) or xauth.
151	0a7c9c8e	jim-p	// For RSA methods, require the CA/Cert.
152	99642234	jim-p	switch ($method) {
153			case "pre_shared_key":
154	ab2ccd9f	Renato Botelho	// If this is a mobile PSK tunnel the user PSKs go on
155	0a7c9c8e	jim-p	// the PSK tab, not here, so skip the check.
156	99642234	jim-p	if ($pconfig['mobile'])
157			break;
158			case "xauth_psk_server":
159			$reqdfields = explode(" ", "pskey");
160			$reqdfieldsn = array(gettext("Pre-Shared Key"));
161			break;
162			case "hybrid_rsa_server":
163			case "xauth_rsa_server":
164			case "rsasig":
165			$reqdfields = explode(" ", "caref certref");
166			$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
167			break;
168	a93e56c5	Matthew Grooms	}
169	3462a529	Matthew Grooms	if (!$pconfig['mobile']) {
170			$reqdfields[] = "remotegw";
171	2fbb33f1	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote gateway");
172	3462a529	Matthew Grooms	}
173	a93e56c5	Matthew Grooms
174	3462a529	Matthew Grooms	do_input_validation($pconfig, $reqdfields, $reqdfieldsn, &$input_errors);
175	a93e56c5	Matthew Grooms
176	3462a529	Matthew Grooms	if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
177	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("The P1 lifetime must be an integer.");
178	a93e56c5	Matthew Grooms
179	e4ffca08	Renato Botelho	if ($pconfig['remotegw']) {
180			if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw']))
181			$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
182			elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet"))
183			$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6");
184			elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6"))
185			$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4");
186			}
187	a93e56c5	Matthew Grooms
188	3462a529	Matthew Grooms	if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
189	a93e56c5	Matthew Grooms	$t = 0;
190			foreach ($a_phase1 as $ph1tmp) {
191			if ($p1index <> $t) {
192			$tremotegw = $pconfig['remotegw'];
193			if (($ph1tmp['remote-gateway'] == $tremotegw) && !isset($ph1tmp['disabled'])) {
194	ddc55e12	Erik Fonnesbeck	$input_errors[] = sprintf(gettext('The remote gateway "%1$s" is already used by phase1 "%2$s".'), $tremotegw, $ph1tmp['descr']);
195	a93e56c5	Matthew Grooms	}
196			}
197			$t++;
198			}
199			}
200
201	e4ffca08	Renato Botelho	if (is_array($a_phase2) && (count($a_phase2))) {
202			foreach ($a_phase2 as $phase2) {
203			if($phase2['ikeid'] == $pconfig['ikeid']) {
204			if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) {
205			$input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4.");
206			break;
207			}
208			if (($pconfig['protocol'] == "inet6") && ($phase2['mode'] == "tunnel")) {
209			$input_errors[] = gettext("There is a Phase 2 using IPv4, you cannot use IPv6.");
210			break;
211			}
212			}
213			}
214			}
215
216	a93e56c5	Matthew Grooms	/* My identity */
217
218	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "myaddress")
219			$pconfig['myid_data'] = "";
220	a93e56c5	Matthew Grooms
221	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
222	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter an address for 'My Identifier'");
223
224	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
225	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
226
227	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
228	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
229
230	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
231	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
232
233	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
234	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
235
236	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
237	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'My identifier' must be specified.");
238	a93e56c5	Matthew Grooms
239	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
240	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'My identifier' must be specified.");
241	a93e56c5	Matthew Grooms
242	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn")
243			if (is_domain($pconfig['myid_data']) == false)
244	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified.");
245	a93e56c5	Matthew Grooms
246	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn") {
247			$user_fqdn = explode("@",$pconfig['myid_data']);
248	a93e56c5	Matthew Grooms	if (is_domain($user_fqdn[1]) == false)
249	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.");
250	a93e56c5	Matthew Grooms	}
251
252	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns")
253			if (is_domain($pconfig['myid_data']) == false)
254	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified.");
255	a93e56c5	Matthew Grooms
256			/* Peer identity */
257
258	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "peeraddress")
259			$pconfig['peerid_data'] = "";
260
261	1f65618b	jim-p	// Only enforce peer ID if we are not dealing with a pure-psk mobile config.
262			if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) {
263			if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
264			$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
265	a93e56c5	Matthew Grooms
266	1f65618b	jim-p	if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
267			$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
268	a93e56c5	Matthew Grooms
269	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
270			$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
271	a93e56c5	Matthew Grooms
272	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
273			$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
274	a93e56c5	Matthew Grooms
275	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
276	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified.");
277	a93e56c5	Matthew Grooms
278	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
279	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified.");
280	a93e56c5	Matthew Grooms
281	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn")
282			if (is_domain($pconfig['peerid_data']) == false)
283	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified.");
284	a93e56c5	Matthew Grooms
285	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn") {
286			$user_fqdn = explode("@",$pconfig['peerid_data']);
287			if (is_domain($user_fqdn[1]) == false)
288	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.");
289	1f65618b	jim-p	}
290	a93e56c5	Matthew Grooms	}
291
292	3462a529	Matthew Grooms	if ($pconfig['dpd_enable']) {
293			if (!is_numeric($pconfig['dpd_delay']))
294	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD delay.");
295	a93e56c5	Matthew Grooms
296	3462a529	Matthew Grooms	if (!is_numeric($pconfig['dpd_maxfail']))
297	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD retries.");
298	a93e56c5	Matthew Grooms	}
299
300			/* build our encryption algorithms array */
301			$pconfig['ealgo'] = array();
302			$pconfig['ealgo']['name'] = $_POST['ealgo'];
303	3462a529	Matthew Grooms	if($pconfig['ealgo_keylen'])
304	a93e56c5	Matthew Grooms	$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
305
306			if (!$input_errors) {
307	3462a529	Matthew Grooms	$ph1ent['ikeid'] = $pconfig['ikeid'];
308			$ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
309	a93e56c5	Matthew Grooms	$ph1ent['interface'] = $pconfig['interface'];
310			/* if the remote gateway changed and the interface is not WAN then remove route */
311			/* the vpn_ipsec_configure() handles adding the route */
312	3462a529	Matthew Grooms	if ($pconfig['interface'] <> "wan") {
313	7fc26246	Seth Mos	if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
314	3acab378	smos	mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
315	a93e56c5	Matthew Grooms	}
316			}
317
318	3462a529	Matthew Grooms	if ($pconfig['mobile'])
319			$ph1ent['mobile'] = true;
320			else
321			$ph1ent['remote-gateway'] = $pconfig['remotegw'];
322
323			$ph1ent['mode'] = $pconfig['mode'];
324	e79b24ab	Seth Mos	$ph1ent['protocol'] = $pconfig['protocol'];
325	3462a529	Matthew Grooms
326			$ph1ent['myid_type'] = $pconfig['myid_type'];
327			$ph1ent['myid_data'] = $pconfig['myid_data'];
328			$ph1ent['peerid_type'] = $pconfig['peerid_type'];
329			$ph1ent['peerid_data'] = $pconfig['peerid_data'];
330	a93e56c5	Matthew Grooms
331			$ph1ent['encryption-algorithm'] = $pconfig['ealgo'];
332	3462a529	Matthew Grooms	$ph1ent['hash-algorithm'] = $pconfig['halgo'];
333			$ph1ent['dhgroup'] = $pconfig['dhgroup'];
334			$ph1ent['lifetime'] = $pconfig['lifetime'];
335			$ph1ent['pre-shared-key'] = $pconfig['pskey'];
336			$ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
337	73fbece8	mgrooms	$ph1ent['certref'] = $pconfig['certref'];
338	a22d475f	jim-p	$ph1ent['caref'] = $pconfig['caref'];
339	3462a529	Matthew Grooms	$ph1ent['authentication_method'] = $pconfig['authentication_method'];
340	5cd9e96a	jim-p	$ph1ent['generate_policy'] = $pconfig['generate_policy'];
341	812dd35d	jim-p	$ph1ent['proposal_check'] = $pconfig['proposal_check'];
342	3462a529	Matthew Grooms	$ph1ent['descr'] = $pconfig['descr'];
343			$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
344
345			if (isset($pconfig['dpd_enable'])) {
346			$ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
347			$ph1ent['dpd_maxfail'] = $pconfig['dpd_maxfail'];
348			}
349
350	a93e56c5	Matthew Grooms	/* generate unique phase1 ikeid */
351	d799787e	Matthew Grooms	if ($ph1ent['ikeid'] == 0)
352			$ph1ent['ikeid'] = ipsec_ikeid_next();
353	a93e56c5	Matthew Grooms
354			if (isset($p1index) && $a_phase1[$p1index])
355			$a_phase1[$p1index] = $ph1ent;
356			else
357			$a_phase1[] = $ph1ent;
358
359	647c7c48	Seth Mos	/* now we need to find all phase2 entries for this host */
360			if (is_array($a_phase2) && (count($a_phase2))) {
361			foreach ($a_phase2 as $phase2) {
362			if($phase2['ikeid'] == $ph1ent['ikeid']) {
363	7fc26246	Seth Mos	log_error("Reload {$ph1ent['descr']} tunnel(s)");
364	647c7c48	Seth Mos	$old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']);
365			$old_phase2 = $phase2;
366			reload_tunnel_spd_policy ($ph1ent, $phase2, $old_ph1ent, $old_phase2);
367			}
368			}
369			}
370	a93e56c5	Matthew Grooms	write_config();
371	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
372	a93e56c5	Matthew Grooms
373			header("Location: vpn_ipsec.php");
374			exit;
375			}
376			}
377
378	3462a529	Matthew Grooms	if ($pconfig['mobile'])
379	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client"));
380	3462a529	Matthew Grooms	else
381	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"));
382	b32dd0a6	jim-p	$shortcut_section = "ipsec";
383	6deedfde	jim-p
384	3462a529	Matthew Grooms
385	a93e56c5	Matthew Grooms	include("head.inc");
386
387			?>
388
389			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
390			<?php include("fbegin.inc"); ?>
391			<script language="JavaScript">
392			<!--
393	3462a529	Matthew Grooms
394			function myidsel_change() {
395			index = document.iform.myid_type.selectedIndex;
396			value = document.iform.myid_type.options[index].value;
397			if (value == 'myaddress')
398	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'hidden';
399	3462a529	Matthew Grooms	else
400	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'visible';
401	3462a529	Matthew Grooms	}
402
403			function peeridsel_change() {
404			index = document.iform.peerid_type.selectedIndex;
405			value = document.iform.peerid_type.options[index].value;
406			if (value == 'peeraddress')
407	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'hidden';
408	3462a529	Matthew Grooms	else
409	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'visible';
410	3462a529	Matthew Grooms	}
411
412	a93e56c5	Matthew Grooms	function methodsel_change() {
413	3462a529	Matthew Grooms	index = document.iform.authentication_method.selectedIndex;
414			value = document.iform.authentication_method.options[index].value;
415
416			switch (value) {
417			case 'hybrid_rsa_server':
418	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = 'none';
419	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
420	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = '';
421	a22d475f	jim-p	document.getElementById('opt_ca').style.display = '';
422	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = false;
423			document.getElementById('opt_ca').disabled = false;
424	3462a529	Matthew Grooms	break;
425			case 'xauth_rsa_server':
426			case 'rsasig':
427	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = 'none';
428	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
429	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = '';
430	a22d475f	jim-p	document.getElementById('opt_ca').style.display = '';
431	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = false;
432			document.getElementById('opt_ca').disabled = false;
433	a93e56c5	Matthew Grooms	break;
434	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
435			case 'pre_shared_key':
436			document.getElementById('opt_psk').style.display = 'none';
437			document.getElementById('opt_peerid').style.display = 'none';
438			document.getElementById('opt_cert').style.display = 'none';
439	a22d475f	jim-p	document.getElementById('opt_ca').style.display = 'none';
440	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = true;
441			document.getElementById('opt_ca').disabled = true;
442	1f65618b	jim-p	break;
443			<?php } ?>
444	3462a529	Matthew Grooms	default: /* psk modes*/
445	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = '';
446	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
447	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = 'none';
448	a22d475f	jim-p	document.getElementById('opt_ca').style.display = 'none';
449	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = true;
450			document.getElementById('opt_ca').disabled = true;
451	a93e56c5	Matthew Grooms	break;
452			}
453			}
454
455			/* PHP generated java script for variable length keys */
456			function ealgosel_change(bits) {
457			switch (document.iform.ealgo.selectedIndex) {
458			<?php
459	ab2ccd9f	Renato Botelho	$i = 0;
460			foreach ($p1_ealgos as $algo => $algodata) {
461			if (is_array($algodata['keysel'])) {
462			echo " case {$i}:\n";
463			echo " document.iform.ealgo_keylen.style.visibility = 'visible';\n";
464			echo " document.iform.ealgo_keylen.options.length = 0;\n";
465			// echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
466
467			$key_hi = $algodata['keysel']['hi'];
468			$key_lo = $algodata['keysel']['lo'];
469			$key_step = $algodata['keysel']['step'];
470
471			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step)
472			echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n";
473			echo " break;\n";
474			} else {
475			echo " case {$i}:\n";
476			echo " document.iform.ealgo_keylen.style.visibility = 'hidden';\n";
477			echo " document.iform.ealgo_keylen.options.length = 0;\n";
478			echo " break;\n";
479			}
480			$i++;
481			}
482	a93e56c5	Matthew Grooms	?>
483			}
484
485			if( bits )
486			document.iform.ealgo_keylen.value = bits;
487			}
488	3462a529	Matthew Grooms
489	a93e56c5	Matthew Grooms	function dpdchkbox_change() {
490	5a3b0d3b	mgrooms	if( document.iform.dpd_enable.checked )
491			document.getElementById('opt_dpd').style.display = '';
492			else
493			document.getElementById('opt_dpd').style.display = 'none';
494	3462a529	Matthew Grooms
495			if (!document.iform.dpd_delay.value)
496			document.iform.dpd_delay.value = "10";
497
498			if (!document.iform.dpd_maxfail.value)
499			document.iform.dpd_maxfail.value = "5";
500	a93e56c5	Matthew Grooms	}
501	3462a529	Matthew Grooms
502	a93e56c5	Matthew Grooms	//-->
503			</script>
504	5a3b0d3b	mgrooms
505			<form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform">
506
507			<?php
508			if ($input_errors)
509			print_input_errors($input_errors);
510			?>
511
512			<table width="100%" border="0" cellpadding="0" cellspacing="0">
513			<tr class="tabnavtbl">
514			<td id="tabnav">
515			<?php
516			$tab_array = array();
517	2fbb33f1	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
518			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
519	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
520	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
521			?>
522			</td>
523			</tr>
524			<tr>
525			<td id="mainarea">
526			<div class="tabcont">
527			<table width="100%" border="0" cellpadding="6" cellspacing="0">
528			<tr>
529	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
530	5a3b0d3b	mgrooms	</tr>
531			<tr>
532	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
533	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
534			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
535	2fbb33f1	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase1 entry"); ?></strong><br>
536	5a3b0d3b	mgrooms	<span class="vexpl">
537	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this phase1 without " .
538			"removing it from the list"); ?>.
539	5a3b0d3b	mgrooms	</span>
540			</td>
541			</tr>
542	e79b24ab	Seth Mos	<tr>
543			<td width="22%" valign="top" class="vncellreq"><?=gettext("Internet Protocol"); ?></td>
544			<td width="78%" class="vtable">
545			<select name="protocol" class="formselect">
546			<?php
547			$protocols = array("inet" => "IPv4", "inet6" => "IPv6");
548			foreach ($protocols as $protocol => $name):
549			?>
550			<option value="<?=$protocol;?>" <?php if ($protocol == $pconfig['protocol']) echo "selected"; ?>>
551			<?=htmlspecialchars($name);?>
552			</option>
553			<?php endforeach; ?>
554			</select> <br> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
555			</td>
556			</tr>
557	5a3b0d3b	mgrooms	<tr>
558	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
559	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
560			<select name="interface" class="formselect">
561	ab2ccd9f	Renato Botelho	<?php
562	5a3b0d3b	mgrooms	$interfaces = get_configured_interface_with_descr();
563	6dbffeda	smos
564	abcb2bed	Ermal Lu?i	$carplist = get_configured_carp_interface_list();
565			foreach ($carplist as $cif => $carpip)
566	dd62256f	Pierre POMES	$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
567	6dbffeda	smos
568	25f6730a	Pierre POMES	$aliaslist = get_configured_ip_aliases_list();
569			foreach ($aliaslist as $aliasip => $aliasif)
570	96b4c29a	Pierre POMES	$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
571	6dbffeda	smos
572			$grouplist = return_gateway_groups_array();
573			foreach ($grouplist as $name => $group) {
574			if($group[0]['vip'] <> "")
575			$vipif = $group[0]['vip'];
576			else
577			$vipif = $group[0]['int'];
578			$interfaces[$name] = "GW Group {$name}";
579			}
580
581
582	5a3b0d3b	mgrooms	foreach ($interfaces as $iface => $ifacename):
583			?>
584			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
585			<?=htmlspecialchars($ifacename);?>
586			</option>
587			<?php endforeach; ?>
588			</select>
589			<br>
590	2fbb33f1	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Select the interface for the local endpoint of this phase1 entry"); ?>.</span>
591	5a3b0d3b	mgrooms	</td>
592			</tr>
593
594			<?php if (!$pconfig['mobile']): ?>
595
596			<tr>
597	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote gateway"); ?></td>
598	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
599	c271c485	Seth Mos	<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="28" value="<?=htmlspecialchars($pconfig['remotegw']);?>">
600	5a3b0d3b	mgrooms	<br>
601	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Enter the public IP address or host name of the remote gateway"); ?>
602	5a3b0d3b	mgrooms	</td>
603			</tr>
604
605			<?php endif; ?>
606
607			<tr>
608	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
609	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
610			<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
611			<br>
612			<span class="vexpl">
613	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
614			"for your reference (not parsed)"); ?>.
615	5a3b0d3b	mgrooms	</span>
616			</td>
617			</tr>
618			<tr>
619			<td colspan="2" class="list" height="12"></td>
620			</tr>
621			<tr>
622			<td colspan="2" valign="top" class="listtopic">
623	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Phase 1 proposal (Authentication)"); ?>
624	5a3b0d3b	mgrooms	</td>
625			</tr>
626	71d61aa5	jim-p	<tr>
627	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication method"); ?></td>
628	71d61aa5	jim-p	<td width="78%" class="vtable">
629			<select name="authentication_method" class="formselect" onChange="methodsel_change()">
630			<?php
631			foreach ($p1_authentication_methods as $method_type => $method_params):
632			if (!$pconfig['mobile'] && $method_params['mobile'])
633			continue;
634			?>
635			<option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected"; ?>>
636			<?=htmlspecialchars($method_params['name']);?>
637			</option>
638			<?php endforeach; ?>
639			</select>
640			<br>
641			<span class="vexpl">
642	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
643	71d61aa5	jim-p	</span>
644			</td>
645			</tr>
646	5a3b0d3b	mgrooms	<tr>
647	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Negotiation mode"); ?></td>
648	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
649			<select name="mode" class="formselect">
650			<?php
651	d5d15542	jim-p	$modes = array("main","aggressive","base");
652	5a3b0d3b	mgrooms	foreach ($modes as $mode):
653			?>
654			<option value="<?=$mode;?>" <?php if ($mode == $pconfig['mode']) echo "selected"; ?>>
655			<?=htmlspecialchars($mode);?>
656			</option>
657			<?php endforeach; ?>
658	2fbb33f1	Carlos Eduardo Ramos	</select> <br> <span class="vexpl"><?=gettext("Aggressive is more flexible, but less secure"); ?>.</span>
659	5a3b0d3b	mgrooms	</td>
660			</tr>
661			<tr>
662	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My identifier"); ?></td>
663	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
664			<select name="myid_type" class="formselect" onChange="myidsel_change()">
665			<?php foreach ($my_identifier_list as $id_type => $id_params): ?>
666			<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['myid_type']) echo "selected"; ?>>
667			<?=htmlspecialchars($id_params['desc']);?>
668			</option>
669			<?php endforeach; ?>
670			</select>
671	dd5bf424	Scott Ullrich	<input name="myid_data" type="text" class="formfld unknown" id="myid_data" size="30" value="<?=htmlspecialchars($pconfig['myid_data']);?>">
672	5a3b0d3b	mgrooms	</td>
673			</tr>
674	1f65618b	jim-p	<tr id="opt_peerid">
675	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer identifier"); ?></td>
676	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
677			<select name="peerid_type" class="formselect" onChange="peeridsel_change()">
678			<?php
679			foreach ($peer_identifier_list as $id_type => $id_params):
680			if ($pconfig['mobile'] && !$id_params['mobile'])
681			continue;
682			?>
683			<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected"; ?>>
684			<?=htmlspecialchars($id_params['desc']);?>
685			</option>
686			<?php endforeach; ?>
687			</select>
688	dd5bf424	Scott Ullrich	<input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=htmlspecialchars($pconfig['peerid_data']);?>">
689	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
690	2fbb33f1	Carlos Eduardo Ramos	<br/><br/><?=gettext("NOTE: This is known as the \"group\" setting on some VPN client implementations"); ?>.
691	1f65618b	jim-p	<?php } ?>
692	5a3b0d3b	mgrooms	</td>
693			</tr>
694	71d61aa5	jim-p	<tr id="opt_psk">
695	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
696	71d61aa5	jim-p	<td width="78%" class="vtable">
697			<?=$mandfldhtml;?>
698			<input name="pskey" type="text" class="formfld unknown" id="pskey" size="40" value="<?=htmlspecialchars($pconfig['pskey']);?>">
699			<span class="vexpl">
700			<br>
701	2a2b247b	jim-p	<?=gettext("Input your Pre-Shared Key string"); ?>.
702	71d61aa5	jim-p	</span>
703			</td>
704			</tr>
705	5cd9e96a	jim-p	<tr id="generate_policy">
706			<td width="22%" valign="top" class="vncellreq"><?=gettext("Policy Generation"); ?></td>
707			<td width="78%" class="vtable">
708			<select name="generate_policy" class="formselect">
709			<option value="" <?php if (empty($pconfig['generate_policy'])) echo "selected"; ?>>Default</option>
710			<option value="on" <?php if ($pconfig['generate_policy'] == "on") echo "selected"; ?>>On</option>
711			<option value="off" <?php if ($pconfig['generate_policy'] == "off") echo "selected"; ?>>Off</option>
712			<option value="require" <?php if ($pconfig['generate_policy'] == "require") echo "selected"; ?>>Require</option>
713			<option value="unique" <?php if ($pconfig['generate_policy'] == "unique") echo "selected"; ?>>Unique</option>
714			</select>
715			<br>
716			<span class="vexpl">
717			<?=gettext("When working as a responder (as with mobile clients), this controls how policies are generated based on SA proposals."); ?>
718			</span>
719			</td>
720			</tr>
721	812dd35d	jim-p	<tr id="proposal_check">
722			<td width="22%" valign="top" class="vncellreq"><?=gettext("Proposal Checking"); ?></td>
723			<td width="78%" class="vtable">
724			<select name="proposal_check" class="formselect">
725			<option value="" <?php if (empty($pconfig['proposal_check'])) echo "selected"; ?>>Default</option>
726			<option value="obey" <?php if ($pconfig['proposal_check'] == "obey") echo "selected"; ?>>Obey</option>
727			<option value="strict" <?php if ($pconfig['proposal_check'] == "strict") echo "selected"; ?>>Strict</option>
728			<option value="claim" <?php if ($pconfig['proposal_check'] == "claim") echo "selected"; ?>>Claim</option>
729			<option value="exact" <?php if ($pconfig['proposal_check'] == "exact") echo "selected"; ?>>Exact</option>
730			</select>
731			<br>
732			<span class="vexpl">
733			<?=gettext("Specifies the action of lifetime length, key length, and PFS of the phase 2 selection on the responder side, and the action of lifetime check in phase 1."); ?>
734			</span>
735			</td>
736			</tr>
737	5a3b0d3b	mgrooms	<tr>
738	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
739	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
740			<select name="ealgo" class="formselect" onChange="ealgosel_change()">
741			<?php
742			foreach ($p1_ealgos as $algo => $algodata):
743			$selected = '';
744			if ($algo == $pconfig['ealgo']['name'])
745			$selected = ' selected';
746			?>
747			<option value="<?=$algo;?>"<?=$selected?>>
748			<?=htmlspecialchars($algodata['name']);?>
749			</option>
750			<?php endforeach; ?>
751			</select>
752			<select name="ealgo_keylen" width="30" class="formselect">
753			</select>
754			</td>
755			</tr>
756			<tr>
757	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithm"); ?></td>
758	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
759			<select name="halgo" class="formselect">
760			<?php foreach ($p1_halgos as $algo => $algoname): ?>
761			<option value="<?=$algo;?>" <?php if ($algo == $pconfig['halgo']) echo "selected"; ?>>
762			<?=htmlspecialchars($algoname);?>
763			</option>
764			<?php endforeach; ?>
765			</select>
766			<br>
767			<span class="vexpl">
768	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
769	5a3b0d3b	mgrooms	</span>
770			</td>
771			</tr>
772			<tr>
773	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH key group"); ?></td>
774	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
775			<select name="dhgroup" class="formselect">
776	665340db	jim-p	<?php foreach ($p1_dhgroups as $keygroup => $keygroupname): ?>
777	5a3b0d3b	mgrooms	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['dhgroup']) echo "selected"; ?>>
778	665340db	jim-p	<?=htmlspecialchars($keygroupname);?>
779	5a3b0d3b	mgrooms	</option>
780			<?php endforeach; ?>
781			</select>
782			<br>
783			<span class="vexpl">
784	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
785	5a3b0d3b	mgrooms	</span>
786			</td>
787			</tr>
788			<tr>
789	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
790	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
791	dd5bf424	Scott Ullrich	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>">
792	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
793	5a3b0d3b	mgrooms	</td>
794			</tr>
795	73fbece8	mgrooms	<tr id="opt_cert">
796	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td>
797	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
798	73fbece8	mgrooms	<select name='certref' class="formselect">
799			<?php
800	b4e6524c	jim-p	foreach ($config['cert'] as $cert):
801	73fbece8	mgrooms	$selected = "";
802			if ($pconfig['certref'] == $cert['refid'])
803			$selected = "selected";
804			?>
805	f2a86ca9	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option>
806	73fbece8	mgrooms	<?php endforeach; ?>
807			</select>
808	5a3b0d3b	mgrooms	<br>
809	73fbece8	mgrooms	<span class="vexpl">
810	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>.
811	73fbece8	mgrooms	</span>
812	5a3b0d3b	mgrooms	</td>
813			</tr>
814	a22d475f	jim-p	<tr id="opt_ca">
815			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
816			<td width="78%" class="vtable">
817			<select name='caref' class="formselect">
818			<?php
819	b4e6524c	jim-p	foreach ($config['ca'] as $ca):
820	a22d475f	jim-p	$selected = "";
821			if ($pconfig['caref'] == $ca['refid'])
822			$selected = "selected";
823			?>
824	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
825	a22d475f	jim-p	<?php endforeach; ?>
826			</select>
827			<br>
828			<span class="vexpl">
829			<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
830			</span>
831			</td>
832			</tr>
833	5a3b0d3b	mgrooms	<tr>
834			<td colspan="2" class="list" height="12"></td>
835			</tr>
836			<tr>
837	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
838	5a3b0d3b	mgrooms	</tr>
839			<tr>
840	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT Traversal"); ?></td>
841	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
842			<select name="nat_traversal" class="formselect">
843	2fbb33f1	Carlos Eduardo Ramos	<option value="off" <?php if ($pconfig['nat_traversal'] == "off") echo "selected"; ?>><?=gettext("Disable"); ?></option>
844			<option value="on" <?php if ($pconfig['nat_traversal'] == "on") echo "selected"; ?>><?=gettext("Enable"); ?></option>
845			<option value="force" <?php if ($pconfig['nat_traversal'] == "force") echo "selected"; ?>><?=gettext("Force"); ?></option>
846	5a3b0d3b	mgrooms	</select>
847			<br/>
848			<span class="vexpl">
849	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed, " .
850			"which can help with clients that are behind restrictive firewalls"); ?>.
851	5a3b0d3b	mgrooms	</span>
852			</td>
853			</tr>
854			<tr>
855	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dead Peer Detection"); ?></td>
856	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
857			<input name="dpd_enable" type="checkbox" id="dpd_enable" value="yes" <?php if (isset($pconfig['dpd_enable'])) echo "checked"; ?> onClick="dpdchkbox_change()">
858	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Enable DPD"); ?><br>
859	5a3b0d3b	mgrooms	<div id="opt_dpd">
860			<br>
861	dd5bf424	Scott Ullrich	<input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=htmlspecialchars($pconfig['dpd_delay']);?>">
862	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("seconds"); ?><br>
863	5a3b0d3b	mgrooms	<span class="vexpl">
864	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Delay between requesting peer acknowledgement"); ?>.
865	5a3b0d3b	mgrooms	</span><br>
866			<br>
867	dd5bf424	Scott Ullrich	<input name="dpd_maxfail" type="text" class="formfld unknown" id="dpd_maxfail" size="5" value="<?=htmlspecialchars($pconfig['dpd_maxfail']);?>">
868	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("retries"); ?><br>
869	5a3b0d3b	mgrooms	<span class="vexpl">
870	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Number of consecutive failures allowed before disconnect"); ?>.
871	5a3b0d3b	mgrooms	</span>
872			<br>
873			</div>
874			</td>
875			</tr>
876			<tr>
877			<td width="22%" valign="top"> </td>
878			<td width="78%">
879			<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
880			<input name="p1index" type="hidden" value="<?=$p1index;?>">
881			<?php endif; ?>
882			<?php if ($pconfig['mobile']): ?>
883			<input name="mobile" type="hidden" value="true">
884			<?php endif; ?>
885	dd5bf424	Scott Ullrich	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>">
886	2fbb33f1	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
887	5a3b0d3b	mgrooms	</td>
888			</tr>
889			</table>
890			</div>
891			</td>
892			</tr>
893			</table>
894	a93e56c5	Matthew Grooms	</form>
895	5a3b0d3b	mgrooms
896	a93e56c5	Matthew Grooms	<script lannguage="JavaScript">
897			<!--
898			<?php
899			/* determine if we should init the key length */
900			$keyset = '';
901			if (isset($pconfig['ealgo']['keylen']))
902			if (is_numeric($pconfig['ealgo']['keylen']))
903			$keyset = $pconfig['ealgo']['keylen'];
904			?>
905	3462a529	Matthew Grooms	myidsel_change();
906			peeridsel_change();
907	a93e56c5	Matthew Grooms	methodsel_change();
908			ealgosel_change(<?=$keyset;?>);
909			dpdchkbox_change();
910			//-->
911			</script>
912			<?php include("fend.inc"); ?>
913	3462a529	Matthew Grooms	</body>
914			</html>

Project

General

Profile

pfSense