/usr/local/www/vpn_ipsec_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_edit.php @ b3e7dc67

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2			<?php
3			/*
4			vpn_ipsec_edit.php
5	e2411886	Scott Ullrich	part of m0n0wall (http://m0n0.ch/wall)
6
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8	cfc707f7	Scott Ullrich	All rights reserved.
9	e2411886	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	e2411886	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	e2411886	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	e2411886	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32			require("guiconfig.inc");
33
34			if (!is_array($config['ipsec']['tunnel'])) {
35			$config['ipsec']['tunnel'] = array();
36			}
37			$a_ipsec = &$config['ipsec']['tunnel'];
38
39			$specialsrcdst = explode(" ", "lan");
40
41			$id = $_GET['id'];
42			if (isset($_POST['id']))
43			$id = $_POST['id'];
44	e2411886	Scott Ullrich
45	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id]) {
46			$pconfig['disabled'] = isset($a_ipsec[$id]['disabled']);
47	9f8018c2	Scott Ullrich	$pconfig['auto'] = isset($a_ipsec[$id]['auto']);
48	c8e8de6f	Scott Ullrich
49	5b237745	Scott Ullrich	if (!isset($a_ipsec[$id]['local-subnet']))
50			$pconfig['localnet'] = "lan";
51			else
52	94420171	Scott Ullrich	address_to_pconfig_vpn($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']);
53	e2411886	Scott Ullrich
54	5b237745	Scott Ullrich	if ($a_ipsec[$id]['interface'])
55			$pconfig['interface'] = $a_ipsec[$id]['interface'];
56			else
57			$pconfig['interface'] = "wan";
58	e2411886	Scott Ullrich
59	5b237745	Scott Ullrich	list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']);
60			$pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway'];
61			$pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode'];
62	e2411886	Scott Ullrich
63	5b237745	Scott Ullrich	if (isset($a_ipsec[$id]['p1']['myident']['myaddress']))
64			$pconfig['p1myidentt'] = 'myaddress';
65			else if (isset($a_ipsec[$id]['p1']['myident']['address'])) {
66			$pconfig['p1myidentt'] = 'address';
67			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['address'];
68			} else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) {
69			$pconfig['p1myidentt'] = 'fqdn';
70			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn'];
71			} else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) {
72			$pconfig['p1myidentt'] = 'user_fqdn';
73			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
74	52e5d56a	Scott Ullrich	} else if (isset($a_ipsec[$id]['p1']['myident']['dyn_dns'])) {
75			$pconfig['p1myidentt'] = 'dyn_dns';
76			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['dyn_dns'];
77			}
78	e2411886	Scott Ullrich
79	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
80			$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
81			$pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
82			$pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
83	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = $a_ipsec[$id]['p1']['authentication_method'];
84	5b237745	Scott Ullrich	$pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
85	e2411886	Scott Ullrich	$pconfig['p1cert'] = base64_decode($a_ipsec[$id]['p1']['cert']);
86			$pconfig['p1peercert'] = base64_decode($a_ipsec[$id]['p1']['peercert']);
87			$pconfig['p1privatekey'] = base64_decode($a_ipsec[$id]['p1']['private-key']);
88	5b237745	Scott Ullrich	$pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
89			$pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
90			$pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
91			$pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup'];
92			$pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime'];
93			$pconfig['descr'] = $a_ipsec[$id]['descr'];
94	e2411886	Scott Ullrich
95	5b237745	Scott Ullrich	} else {
96			/* defaults */
97			$pconfig['interface'] = "wan";
98			$pconfig['localnet'] = "lan";
99			$pconfig['p1mode'] = "aggressive";
100			$pconfig['p1myidentt'] = "myaddress";
101	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = "pre_shared_key";
102	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = "3des";
103			$pconfig['p1halgo'] = "sha1";
104			$pconfig['p1dhgroup'] = "2";
105			$pconfig['p2proto'] = "esp";
106			$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael");
107			$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
108			$pconfig['p2pfsgroup'] = "0";
109	e2411886	Scott Ullrich	$pconfig['remotebits'] = 32;
110	5b237745	Scott Ullrich	}
111
112			if ($_POST) {
113			if (is_specialnet($_POST['localnettype'])) {
114			$_POST['localnet'] = $_POST['localnettype'];
115			$_POST['localnetmask'] = 0;
116			} else if ($_POST['localnettype'] == "single") {
117			$_POST['localnetmask'] = 32;
118			}
119	e2411886	Scott Ullrich
120	5b237745	Scott Ullrich	unset($input_errors);
121			$pconfig = $_POST;
122
123			/* input validation */
124	e2411886	Scott Ullrich	if ($_POST['p1authentication_method'] == "pre_shared_key") {
125			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
126			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
127			}
128			else {
129			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p2ealgos p2halgos");
130			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,P2 Encryption Algorithms,P2 Hash Algorithms");
131			if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1cert'], "END CERTIFICATE"))
132			$input_errors[] = "This certificate does not appear to be valid.";
133			if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY"))
134			$input_errors[] = "This key does not appear to be valid.";
135			if ($_POST['p1peercert']!="" && (!strstr($_POST['p1peercert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1peercert'], "END CERTIFICATE")))
136			$input_errors[] = "This peer certificate does not appear to be valid.";
137			}
138
139	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
140	e2411886	Scott Ullrich
141	5b237745	Scott Ullrich	if (!is_specialnet($_POST['localnettype'])) {
142			if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) {
143			$input_errors[] = "A valid local network IP address must be specified.";
144			}
145			if (($_POST['localnetmask'] && !is_numeric($_POST['localnetmask']))) {
146			$input_errors[] = "A valid local network bit count must be specified.";
147			}
148			}
149			if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
150			$input_errors[] = "The P1 lifetime must be an integer.";
151			}
152			if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
153			$input_errors[] = "The P2 lifetime must be an integer.";
154			}
155	e2411886	Scott Ullrich	if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) \|\| ($_POST['remotebits'] < 0) \|\| ($_POST['remotebits'] > 32))) {
156	48cd5211	Scott Ullrich	if(!$_POST['remotebits'] == "0.0.0.0")
157	9f414c69	Scott Ullrich	$input_errors[] = "The remote network bits are invalid.";
158	5b237745	Scott Ullrich	}
159	b03bca86	Scott Ullrich	if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet'])) or $_POST['remotenet'] == "0.0.0.0") {
160	6aadbe0a	Scott Ullrich	/* allow 0.0.0.0 remote net usage */
161			if($_POST['remotenet'] <> "0.0.0.0")
162	5b237745	Scott Ullrich	$input_errors[] = "A valid remote network address must be specified.";
163			}
164			if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) {
165	696ca934	Scott Ullrich	if(is_domain($_POST['remotegw']) == false)
166	e9e89a71	Scott Ullrich	$input_errors[] = "A valid remote gateway address must be specified.";
167	5b237745	Scott Ullrich	}
168			if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) {
169			$input_errors[] = "A valid IP address for 'My identifier' must be specified.";
170			}
171			if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
172			$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
173			}
174			if ($_POST['p1myidentt'] == "user_fqdn") {
175			$ufqdn = explode("@",$_POST['p1myident']);
176	696ca934	Scott Ullrich	if (is_domain($ufqdn[1]) == false)
177	5b237745	Scott Ullrich	$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
178	52e5d56a	Scott Ullrich	}
179			if ($_POST['p1myidentt'] == "dyn_dns") {
180			$dyn_dns = explode("@",$_POST['p1myident']);
181	696ca934	Scott Ullrich	if (is_domain($dyn_dns[1]) == false)
182			$input_errors[] = "A valid Dynamic DNS address for 'My identifier' must be specified.";
183	5b237745	Scott Ullrich	}
184	e2411886	Scott Ullrich
185	5b237745	Scott Ullrich	if ($_POST['p1myidentt'] == "myaddress")
186			$_POST['p1myident'] = "";
187
188			if (!$input_errors) {
189			$ipsecent['disabled'] = $_POST['disabled'] ? true : false;
190	9f8018c2	Scott Ullrich	$ipsecent['auto'] = $_POST['auto'] ? true : false;
191	5b237745	Scott Ullrich	$ipsecent['interface'] = $pconfig['interface'];
192			pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
193			$ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
194			$ipsecent['remote-gateway'] = $_POST['remotegw'];
195			$ipsecent['p1']['mode'] = $_POST['p1mode'];
196	e2411886	Scott Ullrich
197	5b237745	Scott Ullrich	$ipsecent['p1']['myident'] = array();
198			switch ($_POST['p1myidentt']) {
199			case 'myaddress':
200			$ipsecent['p1']['myident']['myaddress'] = true;
201			break;
202			case 'address':
203			$ipsecent['p1']['myident']['address'] = $_POST['p1myident'];
204			break;
205			case 'fqdn':
206			$ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
207			break;
208			case 'user_fqdn':
209			$ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
210			break;
211	52e5d56a	Scott Ullrich	case 'dyn_dns':
212			$ipsecent['p1']['myident']['dyn_dns'] = $_POST['p1myident'];
213			break;
214	5b237745	Scott Ullrich	}
215	e2411886	Scott Ullrich
216	5b237745	Scott Ullrich	$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
217			$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
218			$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
219			$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
220			$ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
221	e2411886	Scott Ullrich	$ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']);
222			$ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']);
223			$ipsecent['p1']['peercert'] = base64_encode($_POST['p1peercert']);
224			$ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method'];
225	5b237745	Scott Ullrich	$ipsecent['p2']['protocol'] = $_POST['p2proto'];
226			$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
227			$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
228			$ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
229			$ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
230			$ipsecent['descr'] = $_POST['descr'];
231	e2411886	Scott Ullrich
232	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id])
233			$a_ipsec[$id] = $ipsecent;
234			else
235			$a_ipsec[] = $ipsecent;
236	e2411886	Scott Ullrich
237	5b237745	Scott Ullrich	write_config();
238			touch($d_ipsecconfdirty_path);
239	e2411886	Scott Ullrich
240	5b237745	Scott Ullrich	header("Location: vpn_ipsec.php");
241			exit;
242			}
243			}
244	4df96eff	Scott Ullrich
245	b128368a	Bill Marquette	$pgtitle = "VPN: IPsec: Edit tunnel";
246	4df96eff	Scott Ullrich	include("head.inc");
247
248	5b237745	Scott Ullrich	?>
249	422f27c0	Scott Ullrich
250			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
251	e2411886	Scott Ullrich	<?php include("fbegin.inc"); ?>
252	b128368a	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
253	5b237745	Scott Ullrich	<script language="JavaScript">
254			<!--
255			function typesel_change() {
256			switch (document.iform.localnettype.selectedIndex) {
257			case 0: /* single */
258			document.iform.localnet.disabled = 0;
259			document.iform.localnetmask.value = "";
260			document.iform.localnetmask.disabled = 1;
261			break;
262			case 1: /* network */
263			document.iform.localnet.disabled = 0;
264			document.iform.localnetmask.disabled = 0;
265			break;
266			default:
267			document.iform.localnet.value = "";
268			document.iform.localnet.disabled = 1;
269			document.iform.localnetmask.value = "";
270			document.iform.localnetmask.disabled = 1;
271			break;
272			}
273			}
274	e2411886	Scott Ullrich	function methodsel_change() {
275			switch (document.iform.p1authentication_method.selectedIndex) {
276			case 1: /* rsa */
277			document.iform.p1pskey.disabled = 1;
278			document.iform.p1privatekey.disabled = 0;
279			document.iform.p1cert.disabled = 0;
280			document.iform.p1peercert.disabled = 0;
281			break;
282			default: /* pre-shared */
283			document.iform.p1pskey.disabled = 0;
284			document.iform.p1privatekey.disabled = 1;
285			document.iform.p1cert.disabled = 1;
286			document.iform.p1peercert.disabled = 1;
287			break;
288			}
289			}
290	5b237745	Scott Ullrich	//-->
291			</script>
292			<?php if ($input_errors) print_input_errors($input_errors); ?>
293			<form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
294	ef97ce1b	Bill Marquette	<?display_topbar()?>
295	5b237745	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
296	e2411886	Scott Ullrich	<tr>
297	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Mode</td>
298			<td width="78%" class="vtable"> Tunnel</td>
299			</tr>
300	e2411886	Scott Ullrich	<tr>
301	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Disabled</td>
302	e2411886	Scott Ullrich	<td width="78%" class="vtable">
303	5b237745	Scott Ullrich	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
304			<strong>Disable this tunnel</strong><br>
305			<span class="vexpl">Set this option to disable this tunnel without
306			removing it from the list.</span></td>
307			</tr>
308	9f8018c2	Scott Ullrich	<tr>
309	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Auto-establish</td>
310	e2411886	Scott Ullrich	<td width="78%" class="vtable">
311	5b237745	Scott Ullrich	<input name="auto" type="checkbox" id="auto" value="yes" <?php if ($pconfig['auto']) echo "checked"; ?>>
312			<strong>Automatically establish this tunnel</strong><br>
313			<span class="vexpl">Set this option to automatically re-establish this tunnel after reboots/reconfigures. If this is not set, the tunnel is established on demand.</span></td>
314	9f8018c2	Scott Ullrich	</tr>
315	e2411886	Scott Ullrich	<tr>
316	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
317	e2411886	Scott Ullrich	<td width="78%" class="vtable"><select name="interface" class="formfld">
318	5b237745	Scott Ullrich	<?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
319			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
320			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
321			}
322			foreach ($interfaces as $iface => $ifacename): ?>
323	e2411886	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
324	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
325			</option>
326			<?php endforeach; ?>
327			</select> <br>
328			<span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td>
329			</tr>
330	e2411886	Scott Ullrich	<tr>
331	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local subnet</td>
332	e2411886	Scott Ullrich	<td width="78%" class="vtable">
333	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
334	e2411886	Scott Ullrich	<tr>
335	5b237745	Scott Ullrich	<td>Type:  </td>
336	e2411886	Scott Ullrich	<td></td>
337	5b237745	Scott Ullrich	<td><select name="localnettype" class="formfld" onChange="typesel_change()">
338			<?php $sel = is_specialnet($pconfig['localnet']); ?>
339	e2411886	Scott Ullrich	<option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
340	5b237745	Scott Ullrich	Single host</option>
341	e2411886	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
342	5b237745	Scott Ullrich	Network</option>
343	e2411886	Scott Ullrich	<option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
344	5b237745	Scott Ullrich	LAN subnet</option>
345			</select></td>
346			</tr>
347	e2411886	Scott Ullrich	<tr>
348	5b237745	Scott Ullrich	<td>Address:  </td>
349	e2411886	Scott Ullrich	<td><?=$mandfldhtmlspc;?></td>
350	5b237745	Scott Ullrich	<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
351	e2411886	Scott Ullrich	/
352	5b237745	Scott Ullrich	<select name="localnetmask" class="formfld" id="localnetmask">
353	e2411886	Scott Ullrich	<?php for ($i = 31; $i >= 0; $i--): ?>
354	5b237745	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
355			<?=$i;?>
356			</option>
357			<?php endfor; ?>
358			</select> </td>
359			</tr>
360			</table></td>
361			</tr>
362	e2411886	Scott Ullrich	<tr>
363	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote subnet</td>
364	e2411886	Scott Ullrich	<td width="78%" class="vtable">
365			<?=$mandfldhtml;?><input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
366			/
367	5b237745	Scott Ullrich	<select name="remotebits" class="formfld" id="remotebits">
368	e2411886	Scott Ullrich	<?php for ($i = 32; $i >= 0; $i--): ?>
369			<option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
370	5b237745	Scott Ullrich	<?=$i;?>
371			</option>
372			<?php endfor; ?>
373			</select></td>
374			</tr>
375	e2411886	Scott Ullrich	<tr>
376	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote gateway</td>
377	e2411886	Scott Ullrich	<td width="78%" class="vtable">
378			<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
379	5b237745	Scott Ullrich	<br>
380			Enter the public IP address of the remote gateway</td>
381			</tr>
382	e2411886	Scott Ullrich	<tr>
383	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
384	e2411886	Scott Ullrich	<td width="78%" class="vtable">
385			<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
386			<br> <span class="vexpl">You may enter a description here
387	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
388			</tr>
389	e2411886	Scott Ullrich	<tr>
390	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
391			</tr>
392	e2411886	Scott Ullrich	<tr>
393			<td colspan="2" valign="top" class="listtopic">Phase 1 proposal
394	5b237745	Scott Ullrich	(Authentication)</td>
395			</tr>
396	e2411886	Scott Ullrich	<tr>
397	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
398			<td width="78%" class="vtable">
399	e2411886	Scott Ullrich	<select name="p1mode" class="formfld">
400	5b237745	Scott Ullrich	<?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
401	e2411886	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
402	5b237745	Scott Ullrich	<?=htmlspecialchars($mode);?>
403			</option>
404			<?php endforeach; ?>
405	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">Aggressive is faster, but
406	5b237745	Scott Ullrich	less secure.</span></td>
407			</tr>
408	e2411886	Scott Ullrich	<tr>
409	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">My identifier</td>
410			<td width="78%" class="vtable">
411	e2411886	Scott Ullrich	<select name="p1myidentt" class="formfld">
412	5b237745	Scott Ullrich	<?php foreach ($my_identifier_list as $mode => $modename): ?>
413	e2411886	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
414	5b237745	Scott Ullrich	<?=htmlspecialchars($modename);?>
415			</option>
416			<?php endforeach; ?>
417	e2411886	Scott Ullrich	</select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
418	5b237745	Scott Ullrich	</td>
419			</tr>
420	e2411886	Scott Ullrich	<tr>
421	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
422			<td width="78%" class="vtable">
423	e2411886	Scott Ullrich	<select name="p1ealgo" class="formfld">
424	5b237745	Scott Ullrich	<?php foreach ($p1_ealgos as $algo => $algoname): ?>
425	e2411886	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
426	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
427			</option>
428			<?php endforeach; ?>
429	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
430	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
431			</tr>
432	e2411886	Scott Ullrich	<tr>
433	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
434			<td width="78%" class="vtable">
435	e2411886	Scott Ullrich	<select name="p1halgo" class="formfld">
436	5b237745	Scott Ullrich	<?php foreach ($p1_halgos as $algo => $algoname): ?>
437	e2411886	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
438	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
439			</option>
440			<?php endforeach; ?>
441	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
442	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
443			</tr>
444	e2411886	Scott Ullrich	<tr>
445	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">DH key group</td>
446			<td width="78%" class="vtable">
447	e2411886	Scott Ullrich	<select name="p1dhgroup" class="formfld">
448	5b237745	Scott Ullrich	<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
449	e2411886	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
450	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroup);?>
451			</option>
452			<?php endforeach; ?>
453	e2411886	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
454	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em><br>
455			Must match the setting chosen on the remote side. </span></td>
456			</tr>
457	e2411886	Scott Ullrich	<tr>
458	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
459	e2411886	Scott Ullrich	<td width="78%" class="vtable">
460	5b237745	Scott Ullrich	<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
461			seconds</td>
462			</tr>
463	e2411886	Scott Ullrich	<tr>
464			<td width="22%" valign="top" class="vncellreq">Authentication method</td>
465	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
466	e2411886	Scott Ullrich	<select name="p1authentication_method" class="formfld" onChange="methodsel_change()">
467			<?php foreach ($p1_authentication_methods as $method => $methodname): ?>
468			<option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>>
469			<?=htmlspecialchars($methodname);?>
470			</option>
471			<?php endforeach; ?>
472			</select> <br> <span class="vexpl">Must match the setting
473			chosen on the remote side.</span></td>
474			</tr>
475			<tr>
476			<td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
477			<td width="78%" class="vtable">
478			<?=$mandfldhtml;?><input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
479	5b237745	Scott Ullrich	</td>
480			</tr>
481	e2411886	Scott Ullrich	<tr>
482			<td width="22%" valign="top" class="vncellreq">Certificate</td>
483			<td width="78%" class="vtable">
484			<textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea>
485			<br>
486			Paste a certificate in X.509 PEM format here.</td>
487			</tr>
488			<tr>
489			<td width="22%" valign="top" class="vncellreq">Key</td>
490			<td width="78%" class="vtable">
491			<textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea>
492			<br>
493			Paste an RSA private key in PEM format here.</td>
494			</tr>
495			<tr>
496			<td width="22%" valign="top" class="vncell">Peer certificate</td>
497			<td width="78%" class="vtable">
498			<textarea name="p1peercert" cols="65" rows="7" id="p1peercert" class="formpre"><?=htmlspecialchars($pconfig['p1peercert']);?></textarea>
499			<br>
500			Paste the peer X.509 certificate in PEM format here.<br>
501			Leave this blank if you want to use a CA certificate for identity validation.</td>
502			</tr>
503			<tr>
504	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
505			</tr>
506	e2411886	Scott Ullrich	<tr>
507			<td colspan="2" valign="top" class="listtopic">Phase 2 proposal
508	5b237745	Scott Ullrich	(SA/Key Exchange)</td>
509			</tr>
510	e2411886	Scott Ullrich	<tr>
511	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
512			<td width="78%" class="vtable">
513	e2411886	Scott Ullrich	<select name="p2proto" class="formfld">
514	5b237745	Scott Ullrich	<?php foreach ($p2_protos as $proto => $protoname): ?>
515	e2411886	Scott Ullrich	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
516	5b237745	Scott Ullrich	<?=htmlspecialchars($protoname);?>
517			</option>
518			<?php endforeach; ?>
519	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">ESP is encryption, AH is
520	5b237745	Scott Ullrich	authentication only </span></td>
521			</tr>
522	e2411886	Scott Ullrich	<tr>
523	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
524	e2411886	Scott Ullrich	<td width="78%" class="vtable">
525	5b237745	Scott Ullrich	<?php foreach ($p2_ealgos as $algo => $algoname): ?>
526	e2411886	Scott Ullrich	<input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
527	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
528	e2411886	Scott Ullrich	<br>
529	5b237745	Scott Ullrich	<?php endforeach; ?>
530			<br>
531	e2411886	Scott Ullrich	Hint: use 3DES for best compatibility or if you have a hardware
532			crypto accelerator card. Blowfish is usually the fastest in
533	5b237745	Scott Ullrich	software encryption. </td>
534			</tr>
535	e2411886	Scott Ullrich	<tr>
536	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
537	e2411886	Scott Ullrich	<td width="78%" class="vtable">
538	5b237745	Scott Ullrich	<?php foreach ($p2_halgos as $algo => $algoname): ?>
539	e2411886	Scott Ullrich	<input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
540	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
541	e2411886	Scott Ullrich	<br>
542	5b237745	Scott Ullrich	<?php endforeach; ?>
543			</td>
544			</tr>
545	e2411886	Scott Ullrich	<tr>
546	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">PFS key group</td>
547			<td width="78%" class="vtable">
548	e2411886	Scott Ullrich	<select name="p2pfsgroup" class="formfld">
549	5b237745	Scott Ullrich	<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
550	e2411886	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
551	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroupname);?>
552			</option>
553			<?php endforeach; ?>
554	e2411886	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
555	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em></span></td>
556			</tr>
557	e2411886	Scott Ullrich	<tr>
558	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
559	e2411886	Scott Ullrich	<td width="78%" class="vtable">
560	5b237745	Scott Ullrich	<input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
561			seconds</td>
562			</tr>
563	e2411886	Scott Ullrich	<tr>
564	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
565	e2411886	Scott Ullrich	<td width="78%">
566			<input name="Submit" type="submit" class="formbtn" value="Save">
567	5b237745	Scott Ullrich	<?php if (isset($id) && $a_ipsec[$id]): ?>
568	e2411886	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
569	5b237745	Scott Ullrich	<?php endif; ?>
570			</td>
571			</tr>
572			</table>
573			</form>
574			<script language="JavaScript">
575			<!--
576			typesel_change();
577	e2411886	Scott Ullrich	methodsel_change();
578	5b237745	Scott Ullrich	//-->
579			</script>
580			<?php include("fend.inc"); ?>
581	94420171	Scott Ullrich
582
583			<?php
584
585			function address_to_pconfig_vpn($adr, &$padr, &$pmask) {
586
587			if ($adr['network'])
588			$padr = $adr['network'];
589			else if ($adr['address']) {
590			list($padr, $pmask) = explode("/", $adr['address']);
591			if (is_null($pmask))
592			$pmask = 32;
593			}
594			}
595
596	b128368a	Bill Marquette	?>

Project

General

Profile

pfSense