/usr/local/www/vpn_ipsec_phase2.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase2.php @ ae5c8d0e

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase2.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase2
34			##\|*NAME=VPN: IPsec: Edit Phase 2 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
36			##\|MATCH=vpn_ipsec_phase2.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44	3462a529	Matthew Grooms	if (!is_array($config['ipsec']['client']))
45			$config['ipsec']['client'] = array();
46
47			$a_client = &$config['ipsec']['client'];
48
49	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase2']))
50			$config['ipsec']['phase2'] = array();
51
52			$a_phase2 = &$config['ipsec']['phase2'];
53
54			$p2index = $_GET['p2index'];
55			if (isset($_POST['p2index']))
56			$p2index = $_POST['p2index'];
57
58			if (isset($_GET['dup']))
59			$p2index = $_GET['dup'];
60
61			if (isset($p2index) && $a_phase2[$p2index])
62			{
63			$pconfig['ikeid'] = $a_phase2[$p2index]['ikeid'];
64			$pconfig['disabled'] = isset($a_phase2[$p2index]['disabled']);
65	4b96b367	mgrooms	$pconfig['mode'] = $a_phase2[$p2index]['mode'];
66	a93e56c5	Matthew Grooms	$pconfig['descr'] = $a_phase2[$p2index]['descr'];
67	e92fb875	Seth Mos	$old_ph2ent = $a_phase2[$p2index];
68	a93e56c5	Matthew Grooms
69			idinfo_to_pconfig("local",$a_phase2[$p2index]['localid'],$pconfig);
70			idinfo_to_pconfig("remote",$a_phase2[$p2index]['remoteid'],$pconfig);
71
72			$pconfig['proto'] = $a_phase2[$p2index]['protocol'];
73			ealgos_to_pconfig($a_phase2[$p2index]['encryption-algorithm-option'],$pconfig);
74			$pconfig['halgos'] = $a_phase2[$p2index]['hash-algorithm-option'];
75			$pconfig['pfsgroup'] = $a_phase2[$p2index]['pfsgroup'];
76			$pconfig['lifetime'] = $a_phase2[$p2index]['lifetime'];
77	87e07f52	mgrooms	$pconfig['pinghost'] = $a_phase2[$p2index]['pinghost'];
78	3462a529	Matthew Grooms
79			if (isset($a_phase2[$p2index]['mobile']))
80			$pconfig['mobile'] = true;
81	a93e56c5	Matthew Grooms	}
82			else
83			{
84			$pconfig['ikeid'] = $_GET['ikeid'];
85
86			/* defaults */
87			$pconfig['localid_type'] = "lan";
88			$pconfig['remoteid_type'] = "network";
89			$pconfig['proto'] = "esp";
90			$pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes");
91			$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
92			$pconfig['pfsgroup'] = "0";
93			$pconfig['lifetime'] = "3600";
94	3462a529	Matthew Grooms
95			/* mobile client */
96			if($_GET['mobile'])
97			$pconfig['mobile']=true;
98	a93e56c5	Matthew Grooms	}
99
100			if (isset($_GET['dup']))
101			unset($p2index);
102
103			if ($_POST) {
104
105			unset($input_errors);
106			$pconfig = $_POST;
107
108			if (!isset( $_POST['ikeid']))
109	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid ikeid must be specified.");
110	a93e56c5	Matthew Grooms
111			/* input validation */
112	3462a529	Matthew Grooms	$reqdfields = explode(" ", "localid_type halgos");
113	123929e0	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Local network type"),gettext("P2 Hash Algorithms"));
114	3462a529	Matthew Grooms	if (!isset($pconfig['mobile'])){
115			$reqdfields[] = "remoteid_type";
116	123929e0	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote network type");
117	3462a529	Matthew Grooms	}
118	a93e56c5	Matthew Grooms
119			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
120
121	3795d067	Seth Mos	if(($pconfig['mode'] == "tunnel") \|\| ($pconfig['mode'] == "tunnel6"))
122	4b96b367	mgrooms	{
123			switch ($pconfig['localid_type']) {
124			case "network":
125	184d50b5	Ermal Lu?i	if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) \|\| !is_numeric($pconfig['localid_netbits']))
126	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network bit count must be specified.");
127	4b96b367	mgrooms	case "address":
128			if (!$pconfig['localid_address'] \|\| !is_ipaddr($pconfig['localid_address']))
129	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network IP address must be specified.");
130	4b96b367	mgrooms	break;
131			}
132	a93e56c5	Matthew Grooms
133	a5a483e0	jim-p	/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
134			if (is_array($config['interfaces'][$pconfig['localid_type']])) {
135			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
136			$address = get_interface_ip($pconfig['localid_type']);
137			$netbits = get_interface_subnet($pconfig['localid_type']);
138
139			if (empty($address) \|\| empty($netbits))
140			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
141			}
142
143	4b96b367	mgrooms	switch ($pconfig['remoteid_type']) {
144			case "network":
145	184d50b5	Ermal Lu?i	if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) \|\| !is_numeric($pconfig['remoteid_netbits']))
146	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network bit count must be specified.");
147	4b96b367	mgrooms	case "address":
148			if (!$pconfig['remoteid_address'] \|\| !is_ipaddr($pconfig['remoteid_address']))
149	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network IP address must be specified.");
150	4b96b367	mgrooms	break;
151			}
152	a93e56c5	Matthew Grooms	}
153	538b6eb3	Evgeny Yurchenko	/* Validate enabled phase2's are not duplicates */
154	061f28bf	Evgeny Yurchenko	if (isset($pconfig['mobile'])){
155	538b6eb3	Evgeny Yurchenko	/* User is adding phase 2 for mobile phase1 */
156	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
157	061f28bf	Evgeny Yurchenko	if (isset($name['mobile'])){
158			/* check duplicate localids only for mobile clents */
159	3da5c50d	Evgeny Yurchenko	$localid_data = ipsec_idinfo_to_cidr($name['localid']);
160			$entered = array();
161			$entered['type'] = $pconfig['localid_type'];
162			if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
163			if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
164			$entered_localid_data = ipsec_idinfo_to_cidr($entered);
165	b717f1bc	Evgeny Yurchenko	if ($localid_data == $entered_localid_data){
166			if (!isset($pconfig['p2index'])){
167			/* adding new p2 entry */
168			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
169			break;
170			}else if ($pconfig['p2index'] != $key){
171			/* editing p2 and entered p2 networks match with different p2 for given p1 */
172			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
173			break;
174	061f28bf	Evgeny Yurchenko	}
175			}
176			}
177			}
178	538b6eb3	Evgeny Yurchenko	}else{
179			/* User is adding phase 2 for site-to-site phase1 */
180			$input_error = 0;
181	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
182	538b6eb3	Evgeny Yurchenko	if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){
183			/* check duplicate subnets only for given phase1 */
184	3da5c50d	Evgeny Yurchenko	$localid_data = ipsec_idinfo_to_cidr($name['localid']);
185			$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid']);
186			$entered_local = array();
187			$entered_local['type'] = $pconfig['localid_type'];
188			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
189			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
190			$entered_localid_data = ipsec_idinfo_to_cidr($entered_local);
191			$entered_remote = array();
192			$entered_remote['type'] = $pconfig['remoteid_type'];
193			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
194			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
195			$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote);
196			if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
197	b717f1bc	Evgeny Yurchenko	if (!isset($pconfig['p2index'])){
198			/* adding new p2 entry */
199			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
200			break;
201			}else if ($pconfig['p2index'] != $key){
202			/* editing p2 and entered p2 networks match with different p2 for given p1 */
203			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
204			break;
205	538b6eb3	Evgeny Yurchenko	}
206			}
207			}
208			}
209			}
210	3462a529	Matthew Grooms
211	b20a5cdb	Pierre POMES	/* For ESP protocol, handle encryption algorithms */
212			if ( $pconfig['proto'] == "esp") {
213			$ealgos = pconfig_to_ealgos($pconfig);
214
215			if (!count($ealgos)) {
216			$input_errors[] = gettext("At least one encryption algorithm must be selected.");
217			}
218	a93e56c5	Matthew Grooms	}
219			if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
220	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("The P2 lifetime must be an integer.");
221	a93e56c5	Matthew Grooms	}
222
223			if (!$input_errors) {
224	3462a529	Matthew Grooms
225			$ph2ent['ikeid'] = $pconfig['ikeid'];
226	4b96b367	mgrooms	$ph2ent['mode'] = $pconfig['mode'];
227	3462a529	Matthew Grooms	$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
228
229	3795d067	Seth Mos	if(($ph2ent['mode'] == "tunnel") \|\| ($ph2ent['mode'] == "tunnel6")){
230	4b96b367	mgrooms	$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
231			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
232			}
233	3462a529	Matthew Grooms
234			$ph2ent['protocol'] = $pconfig['proto'];
235	a93e56c5	Matthew Grooms	$ph2ent['encryption-algorithm-option'] = $ealgos;
236	3462a529	Matthew Grooms	$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
237			$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
238			$ph2ent['lifetime'] = $pconfig['lifetime'];
239	87e07f52	mgrooms	$ph2ent['pinghost'] = $pconfig['pinghost'];
240	3462a529	Matthew Grooms	$ph2ent['descr'] = $pconfig['descr'];
241
242			if (isset($pconfig['mobile']))
243			$ph2ent['mobile'] = true;
244	a93e56c5	Matthew Grooms
245			if (isset($p2index) && $a_phase2[$p2index])
246			$a_phase2[$p2index] = $ph2ent;
247			else
248			$a_phase2[] = $ph2ent;
249
250	e92fb875	Seth Mos
251			/* now we need to find all phase2 entries for this host */
252			if(is_array($ph2ent)) {
253			ipsec_lookup_phase1($ph2ent, $ph1ent);
254			$old_ph1ent = $ph1ent;
255	563b47bf	smos	$old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']);
256	e92fb875	Seth Mos	reload_tunnel_spd_policy ($ph1ent, $ph2ent, $old_ph1ent, $old_ph2ent);
257			}
258
259	a93e56c5	Matthew Grooms	write_config();
260	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
261	a93e56c5	Matthew Grooms
262			header("Location: vpn_ipsec.php");
263			exit;
264			}
265			}
266
267	3462a529	Matthew Grooms	if ($pconfig['mobile'])
268	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
269	3462a529	Matthew Grooms	else
270	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
271	6deedfde	jim-p	$statusurl = "diag_ipsec.php";
272			$logurl = "diag_logs_ipsec.php";
273
274	3462a529	Matthew Grooms
275	a93e56c5	Matthew Grooms	include("head.inc");
276
277			?>
278
279			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
280	6255beda	Darren Embry	<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
281	a93e56c5	Matthew Grooms	<?php include("fbegin.inc"); ?>
282			<script language="JavaScript">
283			<!--
284	4b96b367	mgrooms
285			function change_mode() {
286			index = document.iform.mode.selectedIndex;
287			value = document.iform.mode.options[index].value;
288	3795d067	Seth Mos	if ((value == 'tunnel') \|\| (value == 'tunnel6')) {
289	4b96b367	mgrooms	document.getElementById('opt_localid').style.display = '';
290	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
291	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = '';
292	71880c96	pierrepomes	<?php endif; ?>
293	4b96b367	mgrooms	} else {
294			document.getElementById('opt_localid').style.display = 'none';
295	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
296	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = 'none';
297	71880c96	pierrepomes	<?php endif; ?>
298	4b96b367	mgrooms	}
299			}
300
301	a93e56c5	Matthew Grooms	function typesel_change_local(bits) {
302	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
303			if (typeof(bits) === "undefined") {
304			if (value === "tunnel") {
305			bits = 24;
306			}
307			else if (value === "tunnel6") {
308			bits = 64;
309			}
310			}
311			var address_is_blank = !/\S/.test(document.iform.localid_address.value);
312	a93e56c5	Matthew Grooms	switch (document.iform.localid_type.selectedIndex) {
313			case 0: /* single */
314			document.iform.localid_address.disabled = 0;
315	c2feff64	Darren Embry	if (address_is_blank) {
316			document.iform.localid_netbits.value = 0;
317			}
318	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
319			break;
320			case 1: /* network */
321			document.iform.localid_address.disabled = 0;
322	c2feff64	Darren Embry	if (address_is_blank) {
323			document.iform.localid_netbits.value = bits;
324			}
325	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 0;
326			break;
327	63017a73	Ermal Lu?i	case 3: /* none */
328			document.iform.localid_address.disabled = 1;
329			document.iform.localid_netbits.disabled = 1;
330			break;
331	a93e56c5	Matthew Grooms	default:
332			document.iform.localid_address.value = "";
333			document.iform.localid_address.disabled = 1;
334	c2feff64	Darren Embry	if (address_is_blank) {
335			document.iform.localid_netbits.value = 0;
336			}
337	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
338			break;
339			}
340			}
341	3462a529	Matthew Grooms
342	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
343	3462a529	Matthew Grooms
344	a93e56c5	Matthew Grooms	function typesel_change_remote(bits) {
345	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
346			if (typeof(bits) === "undefined") {
347			if (value === "tunnel") {
348			bits = 24;
349			}
350			else if (value === "tunnel6") {
351			bits = 64;
352			}
353			}
354			var address_is_blank = !/\S/.test(document.iform.remoteid_address.value);
355	a93e56c5	Matthew Grooms	switch (document.iform.remoteid_type.selectedIndex) {
356			case 0: /* single */
357			document.iform.remoteid_address.disabled = 0;
358	c2feff64	Darren Embry	if (address_is_blank) {
359			document.iform.remoteid_netbits.value = 0;
360			}
361	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
362			break;
363			case 1: /* network */
364			document.iform.remoteid_address.disabled = 0;
365	c2feff64	Darren Embry	if (address_is_blank) {
366			document.iform.remoteid_netbits.value = bits;
367			}
368	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 0;
369			break;
370			default:
371			document.iform.remoteid_address.value = "";
372			document.iform.remoteid_address.disabled = 1;
373	c2feff64	Darren Embry	if (address_is_blank) {
374			document.iform.remoteid_netbits.value = 0;
375			}
376	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
377			break;
378			}
379			}
380	3462a529	Matthew Grooms
381			<?php endif; ?>
382
383	4b96b367	mgrooms	function change_protocol() {
384	87e07f52	mgrooms	index = document.iform.proto.selectedIndex;
385			value = document.iform.proto.options[index].value;
386			if (value == 'esp')
387			document.getElementById('opt_enc').style.display = '';
388			else
389			document.getElementById('opt_enc').style.display = 'none';
390			}
391
392	a93e56c5	Matthew Grooms	//-->
393			</script>
394	5a3b0d3b	mgrooms
395			<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
396
397			<?php
398			if ($input_errors)
399			print_input_errors($input_errors);
400			?>
401
402			<table width="100%" border="0" cellpadding="0" cellspacing="0">
403			<tr class="tabnavtbl">
404			<td id="tabnav">
405			<?php
406			$tab_array = array();
407	123929e0	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
408			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
409			$tab_array[2] = array(gettext("Pre-shared keys"), false, "vpn_ipsec_keys.php");
410	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
411			?>
412			</td>
413			</tr>
414			<tr>
415			<td id="mainarea">
416			<div class="tabcont">
417			<table width="100%" border="0" cellpadding="6" cellspacing="0">
418			<tr>
419	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
420	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
421			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
422	123929e0	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase2 entry"); ?></strong>
423	5a3b0d3b	mgrooms	<br>
424	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
425			"removing it from the list"); ?>.
426	5a3b0d3b	mgrooms	</span>
427			</td>
428			</tr>
429			<tr>
430	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
431	4b96b367	mgrooms	<td width="78%" class="vtable">
432			<select name="mode" class="formselect" onChange="change_mode()">
433			<?php
434			foreach($p2_modes as $name => $value):
435			$selected = "";
436			if ($name == $pconfig['mode'])
437			$selected = "selected";
438			?>
439			<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
440			<?php endforeach; ?>
441			</select>
442			</td>
443			</tr>
444			<tr id="opt_localid">
445	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
446	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
447			<table border="0" cellspacing="0" cellpadding="0">
448			<tr>
449	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
450	5a3b0d3b	mgrooms	<td></td>
451			<td>
452			<select name="localid_type" class="formselect" onChange="typesel_change_local()">
453	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected";?>><?=gettext("Address"); ?></option>
454			<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected";?>><?=gettext("Network"); ?></option>
455	d48dbceb	Erik Fonnesbeck	<?php
456			$iflist = get_configured_interface_with_descr();
457			foreach ($iflist as $ifname => $ifdescr):
458			?>
459			<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
460			<?php endforeach; ?>
461	123929e0	Carlos Eduardo Ramos	<option value="none" <?php if ($pconfig['localid_type'] == "none" ) echo "selected";?>><?=gettext("None"); ?></option>
462	5a3b0d3b	mgrooms	</select>
463			</td>
464			</tr>
465			<tr>
466	11c160b0	Rafael Lucas	<td><?=gettext("Address:");?>  </td>
467	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
468			<td>
469	6255beda	Darren Embry	<input name="localid_address" type="text" class="formfld unknown ipv4v6" id="localid_address" size="28" value="<?=htmlspecialchars($pconfig['localid_address']);?>">
470	5a3b0d3b	mgrooms	/
471	6255beda	Darren Embry	<select name="localid_netbits" class="formselect ipv4v6" id="localid_netbits">
472	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--): ?>
473	6255beda	Darren Embry	<option value="<?=$i;?>" <?php if (isset($pconfig['localid_netbits']) && $i == $pconfig['localid_netbits']) echo "selected"; ?>>
474	5a3b0d3b	mgrooms	<?=$i;?>
475			</option>
476			<?php endfor; ?>
477			</select>
478			</td>
479			</tr>
480			</table>
481			</td>
482			</tr>
483
484			<?php if (!isset($pconfig['mobile'])): ?>
485
486	4b96b367	mgrooms	<tr id="opt_remoteid">
487	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
488	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
489			<table border="0" cellspacing="0" cellpadding="0">
490			<tr>
491	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
492	5a3b0d3b	mgrooms	<td></td>
493			<td>
494			<select name="remoteid_type" class="formselect" onChange="typesel_change_remote()">
495	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected"; ?>><?=gettext("Address"); ?></option>
496			<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected"; ?>><?=gettext("Network"); ?></option>
497	5a3b0d3b	mgrooms	</select>
498			</td>
499			</tr>
500			<tr>
501	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Address"); ?>:  </td>
502	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
503			<td>
504	6255beda	Darren Embry	<input name="remoteid_address" type="text" class="formfld unknown ipv4v6" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>">
505	5a3b0d3b	mgrooms	/
506	6255beda	Darren Embry	<select name="remoteid_netbits" class="formselect ipv4v6" id="remoteid_netbits">
507	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--) {
508	184d50b5	Ermal Lu?i
509			echo "<option value=\"{$i}\"";
510	6255beda	Darren Embry	if (isset($pconfig['remoteid_netbits']) && $i == $pconfig['remoteid_netbits']) echo " selected";
511	184d50b5	Ermal Lu?i	echo ">{$i}</option>\n";
512			} ?>
513	5a3b0d3b	mgrooms	</select>
514			</td>
515			</tr>
516			</table>
517	a93e56c5	Matthew Grooms	</td>
518	5a3b0d3b	mgrooms	</tr>
519
520	3462a529	Matthew Grooms	<?php endif; ?>
521	5a3b0d3b	mgrooms
522			<tr>
523	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
524	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
525			<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
526			<br>
527			<span class="vexpl">
528	123929e0	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
529			"for your reference (not parsed)"); ?>.
530	5a3b0d3b	mgrooms	</span>
531			</td>
532			</tr>
533			<tr>
534			<td colspan="2" class="list" height="12"></td>
535			</tr>
536			<tr>
537			<td colspan="2" valign="top" class="listtopic">
538	123929e0	Carlos Eduardo Ramos	<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
539	5a3b0d3b	mgrooms	</td>
540			</tr>
541			<tr>
542	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
543	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
544	4b96b367	mgrooms	<select name="proto" class="formselect" onChange="change_protocol()">
545	5a3b0d3b	mgrooms	<?php foreach ($p2_protos as $proto => $protoname): ?>
546			<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected"; ?>>
547			<?=htmlspecialchars($protoname);?>
548			</option>
549			<?php endforeach; ?>
550			</select>
551			<br>
552			<span class="vexpl">
553	123929e0	Carlos Eduardo Ramos	<?=gettext("ESP is encryption, AH is authentication only"); ?>
554	5a3b0d3b	mgrooms	</span>
555			</td>
556			</tr>
557	87e07f52	mgrooms	<tr id="opt_enc">
558	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
559	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
560			<table border="0" cellspacing="0" cellpadding="0">
561			<?php
562			foreach ($p2_ealgos as $algo => $algodata):
563			$checked = '';
564	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos']) && in_array($algo,$pconfig['ealgos']))
565	5a3b0d3b	mgrooms	$checked = " checked";
566			?>
567			<tr>
568			<td>
569			<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?>>
570			</td>
571			<td>
572			<?=htmlspecialchars($algodata['name']);?>
573			</td>
574			<td>
575			<?php if(is_array($algodata['keysel'])): ?>
576
577			<select name="keylen_<?=$algo;?>" class="formselect">
578	123929e0	Carlos Eduardo Ramos	<option value="auto"><?=gettext("auto"); ?></option>
579	5a3b0d3b	mgrooms	<?php
580			$key_hi = $algodata['keysel']['hi'];
581			$key_lo = $algodata['keysel']['lo'];
582			$key_step = $algodata['keysel']['step'];
583			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
584			$selected = '';
585			// if ($checked && in_array("keylen_".$algo,$pconfig))
586			if ($keylen == $pconfig["keylen_".$algo])
587			$selected = " selected";
588			?>
589	123929e0	Carlos Eduardo Ramos	<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
590	5a3b0d3b	mgrooms	<?php endfor; ?>
591			</select>
592			<?php endif; ?>
593			</td>
594			</tr>
595
596			<?php endforeach; ?>
597
598			</table>
599			<br>
600	123929e0	Carlos Eduardo Ramos	<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
601			"crypto accelerator card. Blowfish is usually the fastest in " .
602			"software encryption"); ?>.
603	5a3b0d3b	mgrooms	</td>
604			</tr>
605			<tr>
606	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
607	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
608			<?php foreach ($p2_halgos as $algo => $algoname): ?>
609			<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked"; ?>>
610			<?=htmlspecialchars($algoname);?>
611			<br>
612			<?php endforeach; ?>
613			</td>
614			</tr>
615			<tr>
616	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
617	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
618			<?php if (!isset($pconfig['mobile']) \|\| !isset($a_client['pfs_group'])): ?>
619			<select name="pfsgroup" class="formselect">
620			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
621			<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected"; ?>>
622			<?=htmlspecialchars($keygroupname);?>
623			</option>
624			<?php endforeach; ?>
625			</select>
626			<br>
627			<span class="vexpl">
628			<em>
629	123929e0	Carlos Eduardo Ramos	<?=gettext("1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit"); ?>
630	5a3b0d3b	mgrooms	</em>
631			</span>
632
633			<?php else: ?>
634
635			<select class="formselect" disabled>
636			<option selected><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
637			</select>
638	dd5bf424	Scott Ullrich	<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>">
639	5a3b0d3b	mgrooms	<br>
640	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
641	5a3b0d3b	mgrooms	<?php endif; ?>
642			</td>
643			</tr>
644			<tr>
645	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
646	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
647	dd5bf424	Scott Ullrich	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>">
648	123929e0	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
649	5a3b0d3b	mgrooms	</td>
650			</tr>
651	87e07f52	mgrooms	<tr>
652			<td colspan="2" class="list" height="12"></td>
653			</tr>
654			<tr>
655	123929e0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
656	87e07f52	mgrooms	</tr>
657			<tr>
658	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
659	87e07f52	mgrooms	<td width="78%" class="vtable">
660	c271c485	Seth Mos	<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="28" value="<?=htmlspecialchars($pconfig['pinghost']);?>">
661	123929e0	Carlos Eduardo Ramos	<?=gettext("IP address"); ?>
662	87e07f52	mgrooms	</td>
663			</tr>
664	5a3b0d3b	mgrooms	<tr>
665			<td width="22%" valign="top"> </td>
666			<td width="78%">
667			<?php if (isset($p2index) && $a_phase2[$p2index]): ?>
668			<input name="p2index" type="hidden" value="<?=$p2index;?>">
669			<?php endif; ?>
670			<?php if ($pconfig['mobile']): ?>
671			<input name="mobile" type="hidden" value="true">
672			<input name="remoteid_type" type="hidden" value="mobile">
673			<?php endif; ?>
674	123929e0	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
675	dd5bf424	Scott Ullrich	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>">
676	5a3b0d3b	mgrooms	</td>
677			</tr>
678			</table>
679			</div>
680			</td>
681			</tr>
682			</table>
683	a93e56c5	Matthew Grooms	</form>
684			<script lannguage="JavaScript">
685			<!--
686	dd5bf424	Scott Ullrich	change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
687			change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
688			typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
689	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
690	dd5bf424	Scott Ullrich	typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
691	71880c96	pierrepomes	<?php endif; ?>
692	a93e56c5	Matthew Grooms	//-->
693			</script>
694			<?php include("fend.inc"); ?>
695	3462a529	Matthew Grooms	</body>
696			</html>
697	a93e56c5	Matthew Grooms
698			<?php
699
700	3462a529	Matthew Grooms	/* local utility functions */
701
702	a93e56c5	Matthew Grooms	function pconfig_to_ealgos(& $pconfig) {
703
704			global $p2_ealgos;
705
706			$ealgos = array();
707	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos'])) {
708			foreach ($p2_ealgos as $algo_name => $algo_data) {
709			if (in_array($algo_name,$pconfig['ealgos'])) {
710			$ealg = array();
711			$ealg['name'] = $algo_name;
712			if (is_array($algo_data['keysel']))
713			$ealg['keylen'] = $_POST["keylen_".$algo_name];
714			$ealgos[] = $ealg;
715			}
716	a93e56c5	Matthew Grooms	}
717			}
718
719			return $ealgos;
720			}
721
722			function ealgos_to_pconfig(& $ealgos,& $pconfig) {
723
724			$pconfig['ealgos'] = array();
725			foreach ($ealgos as $algo_data) {
726			$pconfig['ealgos'][] = $algo_data['name'];
727			if (isset($algo_data['keylen']))
728			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
729			}
730
731			return $ealgos;
732			}
733
734			function pconfig_to_idinfo($prefix,& $pconfig) {
735
736			$type = $pconfig[$prefix."id_type"];
737			$address = $pconfig[$prefix."id_address"];
738			$netbits = $pconfig[$prefix."id_netbits"];
739
740			switch( $type )
741			{
742			case "address":
743			return array('type' => $type, 'address' => $address);
744			case "network":
745			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
746			default:
747			return array('type' => $type );
748			}
749			}
750
751			function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
752
753			switch( $idinfo['type'] )
754			{
755			case "address":
756			$pconfig[$prefix."id_type"] = $idinfo['type'];
757			$pconfig[$prefix."id_address"] = $idinfo['address'];
758			break;
759			case "network":
760			$pconfig[$prefix."id_type"] = $idinfo['type'];
761			$pconfig[$prefix."id_address"] = $idinfo['address'];
762			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
763			break;
764			default:
765			$pconfig[$prefix."id_type"] = $idinfo['type'];
766			break;
767			}
768			}
769
770			?>

Project

General

Profile

pfSense