/usr/local/www/vpn_ipsec_phase2.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase2.php @ a9a5b957

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase2.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase2
34			##\|*NAME=VPN: IPsec: Edit Phase 2 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
36			##\|MATCH=vpn_ipsec_phase2.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44	3462a529	Matthew Grooms	if (!is_array($config['ipsec']['client']))
45			$config['ipsec']['client'] = array();
46
47			$a_client = &$config['ipsec']['client'];
48
49	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase2']))
50			$config['ipsec']['phase2'] = array();
51
52			$a_phase2 = &$config['ipsec']['phase2'];
53
54			$p2index = $_GET['p2index'];
55			if (isset($_POST['p2index']))
56			$p2index = $_POST['p2index'];
57
58			if (isset($_GET['dup']))
59			$p2index = $_GET['dup'];
60
61			if (isset($p2index) && $a_phase2[$p2index])
62			{
63			$pconfig['ikeid'] = $a_phase2[$p2index]['ikeid'];
64			$pconfig['disabled'] = isset($a_phase2[$p2index]['disabled']);
65	4b96b367	mgrooms	$pconfig['mode'] = $a_phase2[$p2index]['mode'];
66	a93e56c5	Matthew Grooms	$pconfig['descr'] = $a_phase2[$p2index]['descr'];
67	e92fb875	Seth Mos	$old_ph2ent = $a_phase2[$p2index];
68	a93e56c5	Matthew Grooms
69			idinfo_to_pconfig("local",$a_phase2[$p2index]['localid'],$pconfig);
70			idinfo_to_pconfig("remote",$a_phase2[$p2index]['remoteid'],$pconfig);
71
72			$pconfig['proto'] = $a_phase2[$p2index]['protocol'];
73			ealgos_to_pconfig($a_phase2[$p2index]['encryption-algorithm-option'],$pconfig);
74			$pconfig['halgos'] = $a_phase2[$p2index]['hash-algorithm-option'];
75			$pconfig['pfsgroup'] = $a_phase2[$p2index]['pfsgroup'];
76			$pconfig['lifetime'] = $a_phase2[$p2index]['lifetime'];
77	87e07f52	mgrooms	$pconfig['pinghost'] = $a_phase2[$p2index]['pinghost'];
78	3462a529	Matthew Grooms
79			if (isset($a_phase2[$p2index]['mobile']))
80			$pconfig['mobile'] = true;
81	a93e56c5	Matthew Grooms	}
82			else
83			{
84			$pconfig['ikeid'] = $_GET['ikeid'];
85
86			/* defaults */
87			$pconfig['localid_type'] = "lan";
88			$pconfig['remoteid_type'] = "network";
89			$pconfig['proto'] = "esp";
90			$pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes");
91			$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
92			$pconfig['pfsgroup'] = "0";
93			$pconfig['lifetime'] = "3600";
94	3462a529	Matthew Grooms
95			/* mobile client */
96			if($_GET['mobile'])
97			$pconfig['mobile']=true;
98	a93e56c5	Matthew Grooms	}
99
100			if (isset($_GET['dup']))
101			unset($p2index);
102
103			if ($_POST) {
104
105			unset($input_errors);
106			$pconfig = $_POST;
107
108			if (!isset( $_POST['ikeid']))
109	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid ikeid must be specified.");
110	a93e56c5	Matthew Grooms
111			/* input validation */
112	3462a529	Matthew Grooms	$reqdfields = explode(" ", "localid_type halgos");
113	123929e0	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Local network type"),gettext("P2 Hash Algorithms"));
114	3462a529	Matthew Grooms	if (!isset($pconfig['mobile'])){
115			$reqdfields[] = "remoteid_type";
116	123929e0	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote network type");
117	3462a529	Matthew Grooms	}
118	a93e56c5	Matthew Grooms
119			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
120
121	3795d067	Seth Mos	if(($pconfig['mode'] == "tunnel") \|\| ($pconfig['mode'] == "tunnel6"))
122	4b96b367	mgrooms	{
123			switch ($pconfig['localid_type']) {
124			case "network":
125	184d50b5	Ermal Lu?i	if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) \|\| !is_numeric($pconfig['localid_netbits']))
126	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network bit count must be specified.");
127	4b96b367	mgrooms	case "address":
128			if (!$pconfig['localid_address'] \|\| !is_ipaddr($pconfig['localid_address']))
129	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network IP address must be specified.");
130	4b96b367	mgrooms	break;
131			}
132	a93e56c5	Matthew Grooms
133	4b96b367	mgrooms	switch ($pconfig['remoteid_type']) {
134			case "network":
135	184d50b5	Ermal Lu?i	if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) \|\| !is_numeric($pconfig['remoteid_netbits']))
136	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network bit count must be specified.");
137	4b96b367	mgrooms	case "address":
138			if (!$pconfig['remoteid_address'] \|\| !is_ipaddr($pconfig['remoteid_address']))
139	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network IP address must be specified.");
140	4b96b367	mgrooms	break;
141			}
142	a93e56c5	Matthew Grooms	}
143	538b6eb3	Evgeny Yurchenko	/* Validate enabled phase2's are not duplicates */
144	061f28bf	Evgeny Yurchenko	if (isset($pconfig['mobile'])){
145	538b6eb3	Evgeny Yurchenko	/* User is adding phase 2 for mobile phase1 */
146	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
147	061f28bf	Evgeny Yurchenko	if (isset($name['mobile'])){
148			/* check duplicate localids only for mobile clents */
149	3da5c50d	Evgeny Yurchenko	$localid_data = ipsec_idinfo_to_cidr($name['localid']);
150			$entered = array();
151			$entered['type'] = $pconfig['localid_type'];
152			if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
153			if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
154			$entered_localid_data = ipsec_idinfo_to_cidr($entered);
155	b717f1bc	Evgeny Yurchenko	if ($localid_data == $entered_localid_data){
156			if (!isset($pconfig['p2index'])){
157			/* adding new p2 entry */
158			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
159			break;
160			}else if ($pconfig['p2index'] != $key){
161			/* editing p2 and entered p2 networks match with different p2 for given p1 */
162			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
163			break;
164	061f28bf	Evgeny Yurchenko	}
165			}
166			}
167			}
168	538b6eb3	Evgeny Yurchenko	}else{
169			/* User is adding phase 2 for site-to-site phase1 */
170			$input_error = 0;
171	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
172	538b6eb3	Evgeny Yurchenko	if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){
173			/* check duplicate subnets only for given phase1 */
174	3da5c50d	Evgeny Yurchenko	$localid_data = ipsec_idinfo_to_cidr($name['localid']);
175			$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid']);
176			$entered_local = array();
177			$entered_local['type'] = $pconfig['localid_type'];
178			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
179			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
180			$entered_localid_data = ipsec_idinfo_to_cidr($entered_local);
181			$entered_remote = array();
182			$entered_remote['type'] = $pconfig['remoteid_type'];
183			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
184			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
185			$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote);
186			if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
187	b717f1bc	Evgeny Yurchenko	if (!isset($pconfig['p2index'])){
188			/* adding new p2 entry */
189			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
190			break;
191			}else if ($pconfig['p2index'] != $key){
192			/* editing p2 and entered p2 networks match with different p2 for given p1 */
193			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
194			break;
195	538b6eb3	Evgeny Yurchenko	}
196			}
197			}
198			}
199			}
200
201	3462a529	Matthew Grooms	$ealgos = pconfig_to_ealgos($pconfig);
202
203	a93e56c5	Matthew Grooms	if (!count($ealgos)) {
204	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("At least one encryption algorithm must be selected.");
205	a93e56c5	Matthew Grooms	}
206			if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
207	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("The P2 lifetime must be an integer.");
208	a93e56c5	Matthew Grooms	}
209
210			if (!$input_errors) {
211	3462a529	Matthew Grooms
212			$ph2ent['ikeid'] = $pconfig['ikeid'];
213	4b96b367	mgrooms	$ph2ent['mode'] = $pconfig['mode'];
214	3462a529	Matthew Grooms	$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
215
216	3795d067	Seth Mos	if(($ph2ent['mode'] == "tunnel") \|\| ($ph2ent['mode'] == "tunnel6")){
217	4b96b367	mgrooms	$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
218			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
219			}
220	3462a529	Matthew Grooms
221			$ph2ent['protocol'] = $pconfig['proto'];
222	a93e56c5	Matthew Grooms	$ph2ent['encryption-algorithm-option'] = $ealgos;
223	3462a529	Matthew Grooms	$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
224			$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
225			$ph2ent['lifetime'] = $pconfig['lifetime'];
226	87e07f52	mgrooms	$ph2ent['pinghost'] = $pconfig['pinghost'];
227	3462a529	Matthew Grooms	$ph2ent['descr'] = $pconfig['descr'];
228
229			if (isset($pconfig['mobile']))
230			$ph2ent['mobile'] = true;
231	a93e56c5	Matthew Grooms
232			if (isset($p2index) && $a_phase2[$p2index])
233			$a_phase2[$p2index] = $ph2ent;
234			else
235			$a_phase2[] = $ph2ent;
236
237	e92fb875	Seth Mos
238			/* now we need to find all phase2 entries for this host */
239			if(is_array($ph2ent)) {
240			ipsec_lookup_phase1($ph2ent, $ph1ent);
241			$old_ph1ent = $ph1ent;
242	563b47bf	smos	$old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']);
243	e92fb875	Seth Mos	reload_tunnel_spd_policy ($ph1ent, $ph2ent, $old_ph1ent, $old_ph2ent);
244			}
245
246	a93e56c5	Matthew Grooms	write_config();
247	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
248	a93e56c5	Matthew Grooms
249			header("Location: vpn_ipsec.php");
250			exit;
251			}
252			}
253
254	3462a529	Matthew Grooms	if ($pconfig['mobile'])
255	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
256	3462a529	Matthew Grooms	else
257	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
258	6deedfde	jim-p	$statusurl = "diag_ipsec.php";
259			$logurl = "diag_logs_ipsec.php";
260
261	3462a529	Matthew Grooms
262	a93e56c5	Matthew Grooms	include("head.inc");
263
264			?>
265
266			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
267			<?php include("fbegin.inc"); ?>
268			<script language="JavaScript">
269			<!--
270	4b96b367	mgrooms
271			function change_mode() {
272			index = document.iform.mode.selectedIndex;
273			value = document.iform.mode.options[index].value;
274	3795d067	Seth Mos	if ((value == 'tunnel') \|\| (value == 'tunnel6')) {
275	4b96b367	mgrooms	document.getElementById('opt_localid').style.display = '';
276	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
277	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = '';
278	71880c96	pierrepomes	<?php endif; ?>
279	4b96b367	mgrooms	} else {
280			document.getElementById('opt_localid').style.display = 'none';
281	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
282	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = 'none';
283	71880c96	pierrepomes	<?php endif; ?>
284	4b96b367	mgrooms	}
285			}
286
287	a93e56c5	Matthew Grooms	function typesel_change_local(bits) {
288
289	3795d067	Seth Mos	if (typeof(bits)=="undefined") {
290			if (value == 'tunnel') {
291			bits = 24;
292			}
293			if (value == 'tunnel6') {
294			bits = 64;
295			}
296			}
297	a93e56c5	Matthew Grooms
298			switch (document.iform.localid_type.selectedIndex) {
299			case 0: /* single */
300			document.iform.localid_address.disabled = 0;
301			document.iform.localid_netbits.value = 0;
302			document.iform.localid_netbits.disabled = 1;
303			break;
304			case 1: /* network */
305			document.iform.localid_address.disabled = 0;
306			document.iform.localid_netbits.value = bits;
307			document.iform.localid_netbits.disabled = 0;
308			break;
309	63017a73	Ermal Lu?i	case 3: /* none */
310			document.iform.localid_address.disabled = 1;
311			document.iform.localid_netbits.disabled = 1;
312			break;
313	a93e56c5	Matthew Grooms	default:
314			document.iform.localid_address.value = "";
315			document.iform.localid_address.disabled = 1;
316			document.iform.localid_netbits.value = 0;
317			document.iform.localid_netbits.disabled = 1;
318			break;
319			}
320			}
321	3462a529	Matthew Grooms
322	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
323	3462a529	Matthew Grooms
324	a93e56c5	Matthew Grooms	function typesel_change_remote(bits) {
325
326	3795d067	Seth Mos	if (typeof(bits)=="undefined") {
327			if (value == 'tunnel') {
328			bits = 24;
329			}
330			if (value == 'tunnel6') {
331			bits = 64;
332			}
333			}
334	a93e56c5	Matthew Grooms
335			switch (document.iform.remoteid_type.selectedIndex) {
336			case 0: /* single */
337			document.iform.remoteid_address.disabled = 0;
338			document.iform.remoteid_netbits.value = 0;
339			document.iform.remoteid_netbits.disabled = 1;
340			break;
341			case 1: /* network */
342			document.iform.remoteid_address.disabled = 0;
343			document.iform.remoteid_netbits.value = bits;
344			document.iform.remoteid_netbits.disabled = 0;
345			break;
346			default:
347			document.iform.remoteid_address.value = "";
348			document.iform.remoteid_address.disabled = 1;
349			document.iform.remoteid_netbits.value = 0;
350			document.iform.remoteid_netbits.disabled = 1;
351			break;
352			}
353			}
354	3462a529	Matthew Grooms
355			<?php endif; ?>
356
357	4b96b367	mgrooms	function change_protocol() {
358	87e07f52	mgrooms	index = document.iform.proto.selectedIndex;
359			value = document.iform.proto.options[index].value;
360			if (value == 'esp')
361			document.getElementById('opt_enc').style.display = '';
362			else
363			document.getElementById('opt_enc').style.display = 'none';
364			}
365
366	a93e56c5	Matthew Grooms	//-->
367			</script>
368	5a3b0d3b	mgrooms
369			<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
370
371			<?php
372			if ($input_errors)
373			print_input_errors($input_errors);
374			?>
375
376			<table width="100%" border="0" cellpadding="0" cellspacing="0">
377			<tr class="tabnavtbl">
378			<td id="tabnav">
379			<?php
380			$tab_array = array();
381	123929e0	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
382			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
383			$tab_array[2] = array(gettext("Pre-shared keys"), false, "vpn_ipsec_keys.php");
384	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
385			?>
386			</td>
387			</tr>
388			<tr>
389			<td id="mainarea">
390			<div class="tabcont">
391			<table width="100%" border="0" cellpadding="6" cellspacing="0">
392			<tr>
393	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
394	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
395			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
396	123929e0	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase2 entry"); ?></strong>
397	5a3b0d3b	mgrooms	<br>
398	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
399			"removing it from the list"); ?>.
400	5a3b0d3b	mgrooms	</span>
401			</td>
402			</tr>
403			<tr>
404	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
405	4b96b367	mgrooms	<td width="78%" class="vtable">
406			<select name="mode" class="formselect" onChange="change_mode()">
407			<?php
408			foreach($p2_modes as $name => $value):
409			$selected = "";
410			if ($name == $pconfig['mode'])
411			$selected = "selected";
412			?>
413			<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
414			<?php endforeach; ?>
415			</select>
416			</td>
417			</tr>
418			<tr id="opt_localid">
419	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
420	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
421			<table border="0" cellspacing="0" cellpadding="0">
422			<tr>
423	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
424	5a3b0d3b	mgrooms	<td></td>
425			<td>
426			<select name="localid_type" class="formselect" onChange="typesel_change_local()">
427	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected";?>><?=gettext("Address"); ?></option>
428			<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected";?>><?=gettext("Network"); ?></option>
429	d48dbceb	Erik Fonnesbeck	<?php
430			$iflist = get_configured_interface_with_descr();
431			foreach ($iflist as $ifname => $ifdescr):
432			?>
433			<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
434			<?php endforeach; ?>
435	123929e0	Carlos Eduardo Ramos	<option value="none" <?php if ($pconfig['localid_type'] == "none" ) echo "selected";?>><?=gettext("None"); ?></option>
436	5a3b0d3b	mgrooms	</select>
437			</td>
438			</tr>
439			<tr>
440	11c160b0	Rafael Lucas	<td><?=gettext("Address:");?>  </td>
441	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
442			<td>
443	c271c485	Seth Mos	<input name="localid_address" type="text" class="formfld unknown" id="localid_address" size="28" value="<?=htmlspecialchars($pconfig['localid_address']);?>">
444	5a3b0d3b	mgrooms	/
445			<select name="localid_netbits" class="formselect" id="localid_netbits">
446	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--): ?>
447	5a3b0d3b	mgrooms	<option value="<?=$i;?>" <?php if ($i == $pconfig['localid_netbits']) echo "selected"; ?>>
448			<?=$i;?>
449			</option>
450			<?php endfor; ?>
451			</select>
452			</td>
453			</tr>
454			</table>
455			</td>
456			</tr>
457
458			<?php if (!isset($pconfig['mobile'])): ?>
459
460	4b96b367	mgrooms	<tr id="opt_remoteid">
461	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
462	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
463			<table border="0" cellspacing="0" cellpadding="0">
464			<tr>
465	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
466	5a3b0d3b	mgrooms	<td></td>
467			<td>
468			<select name="remoteid_type" class="formselect" onChange="typesel_change_remote()">
469	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected"; ?>><?=gettext("Address"); ?></option>
470			<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected"; ?>><?=gettext("Network"); ?></option>
471	5a3b0d3b	mgrooms	</select>
472			</td>
473			</tr>
474			<tr>
475	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Address"); ?>:  </td>
476	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
477			<td>
478	c271c485	Seth Mos	<input name="remoteid_address" type="text" class="formfld unknown" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>">
479	5a3b0d3b	mgrooms	/
480			<select name="remoteid_netbits" class="formselect" id="remoteid_netbits">
481	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--) {
482	184d50b5	Ermal Lu?i
483			echo "<option value=\"{$i}\"";
484			if ($i == $pconfig['remoteid_netbits']) echo " selected";
485			echo ">{$i}</option>\n";
486			} ?>
487	5a3b0d3b	mgrooms	</select>
488			</td>
489			</tr>
490			</table>
491	a93e56c5	Matthew Grooms	</td>
492	5a3b0d3b	mgrooms	</tr>
493
494	3462a529	Matthew Grooms	<?php endif; ?>
495	5a3b0d3b	mgrooms
496			<tr>
497	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
498	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
499			<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
500			<br>
501			<span class="vexpl">
502	123929e0	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
503			"for your reference (not parsed)"); ?>.
504	5a3b0d3b	mgrooms	</span>
505			</td>
506			</tr>
507			<tr>
508			<td colspan="2" class="list" height="12"></td>
509			</tr>
510			<tr>
511			<td colspan="2" valign="top" class="listtopic">
512	123929e0	Carlos Eduardo Ramos	<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
513	5a3b0d3b	mgrooms	</td>
514			</tr>
515			<tr>
516	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
517	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
518	4b96b367	mgrooms	<select name="proto" class="formselect" onChange="change_protocol()">
519	5a3b0d3b	mgrooms	<?php foreach ($p2_protos as $proto => $protoname): ?>
520			<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected"; ?>>
521			<?=htmlspecialchars($protoname);?>
522			</option>
523			<?php endforeach; ?>
524			</select>
525			<br>
526			<span class="vexpl">
527	123929e0	Carlos Eduardo Ramos	<?=gettext("ESP is encryption, AH is authentication only"); ?>
528	5a3b0d3b	mgrooms	</span>
529			</td>
530			</tr>
531	87e07f52	mgrooms	<tr id="opt_enc">
532	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
533	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
534			<table border="0" cellspacing="0" cellpadding="0">
535			<?php
536			foreach ($p2_ealgos as $algo => $algodata):
537			$checked = '';
538			if (in_array($algo,$pconfig['ealgos']))
539			$checked = " checked";
540			?>
541			<tr>
542			<td>
543			<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?>>
544			</td>
545			<td>
546			<?=htmlspecialchars($algodata['name']);?>
547			</td>
548			<td>
549			<?php if(is_array($algodata['keysel'])): ?>
550
551			<select name="keylen_<?=$algo;?>" class="formselect">
552	123929e0	Carlos Eduardo Ramos	<option value="auto"><?=gettext("auto"); ?></option>
553	5a3b0d3b	mgrooms	<?php
554			$key_hi = $algodata['keysel']['hi'];
555			$key_lo = $algodata['keysel']['lo'];
556			$key_step = $algodata['keysel']['step'];
557			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
558			$selected = '';
559			// if ($checked && in_array("keylen_".$algo,$pconfig))
560			if ($keylen == $pconfig["keylen_".$algo])
561			$selected = " selected";
562			?>
563	123929e0	Carlos Eduardo Ramos	<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
564	5a3b0d3b	mgrooms	<?php endfor; ?>
565			</select>
566			<?php endif; ?>
567			</td>
568			</tr>
569
570			<?php endforeach; ?>
571
572			</table>
573			<br>
574	123929e0	Carlos Eduardo Ramos	<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
575			"crypto accelerator card. Blowfish is usually the fastest in " .
576			"software encryption"); ?>.
577	5a3b0d3b	mgrooms	</td>
578			</tr>
579			<tr>
580	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
581	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
582			<?php foreach ($p2_halgos as $algo => $algoname): ?>
583			<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked"; ?>>
584			<?=htmlspecialchars($algoname);?>
585			<br>
586			<?php endforeach; ?>
587			</td>
588			</tr>
589			<tr>
590	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
591	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
592			<?php if (!isset($pconfig['mobile']) \|\| !isset($a_client['pfs_group'])): ?>
593			<select name="pfsgroup" class="formselect">
594			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
595			<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected"; ?>>
596			<?=htmlspecialchars($keygroupname);?>
597			</option>
598			<?php endforeach; ?>
599			</select>
600			<br>
601			<span class="vexpl">
602			<em>
603	123929e0	Carlos Eduardo Ramos	<?=gettext("1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit"); ?>
604	5a3b0d3b	mgrooms	</em>
605			</span>
606
607			<?php else: ?>
608
609			<select class="formselect" disabled>
610			<option selected><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
611			</select>
612	dd5bf424	Scott Ullrich	<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>">
613	5a3b0d3b	mgrooms	<br>
614	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
615	5a3b0d3b	mgrooms	<?php endif; ?>
616			</td>
617			</tr>
618			<tr>
619	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
620	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
621	dd5bf424	Scott Ullrich	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>">
622	123929e0	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
623	5a3b0d3b	mgrooms	</td>
624			</tr>
625	87e07f52	mgrooms	<tr>
626			<td colspan="2" class="list" height="12"></td>
627			</tr>
628			<tr>
629	123929e0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
630	87e07f52	mgrooms	</tr>
631			<tr>
632	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
633	87e07f52	mgrooms	<td width="78%" class="vtable">
634	c271c485	Seth Mos	<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="28" value="<?=htmlspecialchars($pconfig['pinghost']);?>">
635	123929e0	Carlos Eduardo Ramos	<?=gettext("IP address"); ?>
636	87e07f52	mgrooms	</td>
637			</tr>
638	5a3b0d3b	mgrooms	<tr>
639			<td width="22%" valign="top"> </td>
640			<td width="78%">
641			<?php if (isset($p2index) && $a_phase2[$p2index]): ?>
642			<input name="p2index" type="hidden" value="<?=$p2index;?>">
643			<?php endif; ?>
644			<?php if ($pconfig['mobile']): ?>
645			<input name="mobile" type="hidden" value="true">
646			<input name="remoteid_type" type="hidden" value="mobile">
647			<?php endif; ?>
648	123929e0	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
649	dd5bf424	Scott Ullrich	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>">
650	5a3b0d3b	mgrooms	</td>
651			</tr>
652			</table>
653			</div>
654			</td>
655			</tr>
656			</table>
657	a93e56c5	Matthew Grooms	</form>
658			<script lannguage="JavaScript">
659			<!--
660	dd5bf424	Scott Ullrich	change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
661			change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
662			typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
663	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
664	dd5bf424	Scott Ullrich	typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
665	71880c96	pierrepomes	<?php endif; ?>
666	a93e56c5	Matthew Grooms	//-->
667			</script>
668			<?php include("fend.inc"); ?>
669	3462a529	Matthew Grooms	</body>
670			</html>
671	a93e56c5	Matthew Grooms
672			<?php
673
674	3462a529	Matthew Grooms	/* local utility functions */
675
676	a93e56c5	Matthew Grooms	function pconfig_to_ealgos(& $pconfig) {
677
678			global $p2_ealgos;
679
680			$ealgos = array();
681			foreach ($p2_ealgos as $algo_name => $algo_data) {
682			if (in_array($algo_name,$pconfig['ealgos'])) {
683			$ealg = array();
684			$ealg['name'] = $algo_name;
685			if (is_array($algo_data['keysel']))
686			$ealg['keylen'] = $_POST["keylen_".$algo_name];
687			$ealgos[] = $ealg;
688			}
689			}
690
691			return $ealgos;
692			}
693
694			function ealgos_to_pconfig(& $ealgos,& $pconfig) {
695
696			$pconfig['ealgos'] = array();
697			foreach ($ealgos as $algo_data) {
698			$pconfig['ealgos'][] = $algo_data['name'];
699			if (isset($algo_data['keylen']))
700			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
701			}
702
703			return $ealgos;
704			}
705
706			function pconfig_to_idinfo($prefix,& $pconfig) {
707
708			$type = $pconfig[$prefix."id_type"];
709			$address = $pconfig[$prefix."id_address"];
710			$netbits = $pconfig[$prefix."id_netbits"];
711
712			switch( $type )
713			{
714			case "address":
715			return array('type' => $type, 'address' => $address);
716			case "network":
717			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
718			default:
719			return array('type' => $type );
720			}
721			}
722
723			function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
724
725			switch( $idinfo['type'] )
726			{
727			case "address":
728			$pconfig[$prefix."id_type"] = $idinfo['type'];
729			$pconfig[$prefix."id_address"] = $idinfo['address'];
730			break;
731			case "network":
732			$pconfig[$prefix."id_type"] = $idinfo['type'];
733			$pconfig[$prefix."id_address"] = $idinfo['address'];
734			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
735			break;
736			default:
737			$pconfig[$prefix."id_type"] = $idinfo['type'];
738			break;
739			}
740			}
741
742			?>

Project

General

Profile

pfSense