/usr/local/www/vpn_ipsec_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_edit.php @ be50139e

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2			<?php
3	b46bfcf5	Bill Marquette	/* $Id$ */
4	5b237745	Scott Ullrich	/*
5			vpn_ipsec_edit.php
6	cfc707f7	Scott Ullrich	Copyright (C) 2004 Scott Ullrich
7			All rights reserved.
8	5dd55fa3	Scott Ullrich
9	cfc707f7	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
10	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
11			All rights reserved.
12	40dd6441	Scott Ullrich
13	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
14			modification, are permitted provided that the following conditions are met:
15	5dd55fa3	Scott Ullrich
16	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
17			this list of conditions and the following disclaimer.
18	5dd55fa3	Scott Ullrich
19	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
20			notice, this list of conditions and the following disclaimer in the
21			documentation and/or other materials provided with the distribution.
22	5dd55fa3	Scott Ullrich
23	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
25			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
27			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32			POSSIBILITY OF SUCH DAMAGE.
33			*/
34
35			require("guiconfig.inc");
36
37			if (!is_array($config['ipsec']['tunnel'])) {
38			$config['ipsec']['tunnel'] = array();
39			}
40			$a_ipsec = &$config['ipsec']['tunnel'];
41
42			$specialsrcdst = explode(" ", "lan");
43
44			$id = $_GET['id'];
45			if (isset($_POST['id']))
46			$id = $_POST['id'];
47	5dd55fa3	Scott Ullrich
48	5b237745	Scott Ullrich	function is_specialnet($net) {
49			global $specialsrcdst;
50	5dd55fa3	Scott Ullrich
51	5b237745	Scott Ullrich	if (in_array($net, $specialsrcdst))
52			return true;
53			else
54			return false;
55			}
56
57			function address_to_pconfig($adr, &$padr, &$pmask) {
58	5dd55fa3	Scott Ullrich
59	5b237745	Scott Ullrich	if ($adr['network'])
60			$padr = $adr['network'];
61			else if ($adr['address']) {
62			list($padr, $pmask) = explode("/", $adr['address']);
63			if (is_null($pmask))
64			$pmask = 32;
65			}
66			}
67
68			function pconfig_to_address(&$adr, $padr, $pmask) {
69	5dd55fa3	Scott Ullrich
70	5b237745	Scott Ullrich	$adr = array();
71	5dd55fa3	Scott Ullrich
72	5b237745	Scott Ullrich	if (is_specialnet($padr))
73			$adr['network'] = $padr;
74			else {
75			$adr['address'] = $padr;
76			if ($pmask != 32)
77			$adr['address'] .= "/" . $pmask;
78			}
79			}
80
81			if (isset($id) && $a_ipsec[$id]) {
82			$pconfig['disabled'] = isset($a_ipsec[$id]['disabled']);
83			$pconfig['auto'] = isset($a_ipsec[$id]['auto']);
84	5dd55fa3	Scott Ullrich	$pconfig['creategif'] = $a_filter[$id]['creategif'];
85	c8e8de6f	Scott Ullrich
86	5b237745	Scott Ullrich	if (!isset($a_ipsec[$id]['local-subnet']))
87			$pconfig['localnet'] = "lan";
88			else
89			address_to_pconfig($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']);
90	5dd55fa3	Scott Ullrich
91	5b237745	Scott Ullrich	if ($a_ipsec[$id]['interface'])
92			$pconfig['interface'] = $a_ipsec[$id]['interface'];
93			else
94			$pconfig['interface'] = "wan";
95	5dd55fa3	Scott Ullrich
96	5b237745	Scott Ullrich	list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']);
97			$pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway'];
98			$pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode'];
99	5dd55fa3	Scott Ullrich
100	5b237745	Scott Ullrich	if (isset($a_ipsec[$id]['p1']['myident']['myaddress']))
101			$pconfig['p1myidentt'] = 'myaddress';
102			else if (isset($a_ipsec[$id]['p1']['myident']['address'])) {
103			$pconfig['p1myidentt'] = 'address';
104			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['address'];
105			} else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) {
106			$pconfig['p1myidentt'] = 'fqdn';
107			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn'];
108			} else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) {
109			$pconfig['p1myidentt'] = 'user_fqdn';
110			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
111			}
112	5dd55fa3	Scott Ullrich
113	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
114			$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
115			$pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
116			$pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
117			$pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
118			$pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
119			$pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
120			$pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
121			$pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup'];
122			$pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime'];
123			$pconfig['descr'] = $a_ipsec[$id]['descr'];
124	5dd55fa3	Scott Ullrich
125	5b237745	Scott Ullrich	} else {
126			/* defaults */
127			$pconfig['interface'] = "wan";
128			$pconfig['localnet'] = "lan";
129			$pconfig['p1mode'] = "aggressive";
130			$pconfig['p1myidentt'] = "myaddress";
131			$pconfig['p1ealgo'] = "3des";
132			$pconfig['p1halgo'] = "sha1";
133			$pconfig['p1dhgroup'] = "2";
134			$pconfig['p2proto'] = "esp";
135			$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael");
136			$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
137			$pconfig['p2pfsgroup'] = "0";
138			}
139
140			if ($_POST) {
141			if (is_specialnet($_POST['localnettype'])) {
142			$_POST['localnet'] = $_POST['localnettype'];
143			$_POST['localnetmask'] = 0;
144			} else if ($_POST['localnettype'] == "single") {
145			$_POST['localnetmask'] = 32;
146			}
147	5dd55fa3	Scott Ullrich
148	5b237745	Scott Ullrich	unset($input_errors);
149			$pconfig = $_POST;
150
151			/* input validation */
152			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
153			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
154	5dd55fa3	Scott Ullrich
155	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
156	5dd55fa3	Scott Ullrich
157	5b237745	Scott Ullrich	if (!is_specialnet($_POST['localnettype'])) {
158			if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) {
159			$input_errors[] = "A valid local network IP address must be specified.";
160			}
161			if (($_POST['localnetmask'] && !is_numeric($_POST['localnetmask']))) {
162			$input_errors[] = "A valid local network bit count must be specified.";
163			}
164			}
165			if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
166			$input_errors[] = "The P1 lifetime must be an integer.";
167			}
168			if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
169			$input_errors[] = "The P2 lifetime must be an integer.";
170			}
171			if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) \|\| ($_POST['remotebits'] <= 0) \|\| ($_POST['remotebits'] > 32))) {
172			$input_errors[] = "The remote network bits are invalid.";
173			}
174			if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet']))) {
175			$input_errors[] = "A valid remote network address must be specified.";
176			}
177			if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) {
178			$input_errors[] = "A valid remote gateway address must be specified.";
179			}
180			if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) {
181			$input_errors[] = "A valid IP address for 'My identifier' must be specified.";
182			}
183			if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
184			$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
185			}
186			if ($_POST['p1myidentt'] == "user_fqdn") {
187			$ufqdn = explode("@",$_POST['p1myident']);
188	5dd55fa3	Scott Ullrich	if (!is_domain($ufqdn[1]))
189	5b237745	Scott Ullrich	$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
190			}
191	5dd55fa3	Scott Ullrich
192	5b237745	Scott Ullrich	if ($_POST['p1myidentt'] == "myaddress")
193			$_POST['p1myident'] = "";
194
195			if (!$input_errors) {
196			$ipsecent['disabled'] = $_POST['disabled'] ? true : false;
197			$ipsecent['auto'] = $_POST['auto'] ? true : false;
198			$ipsecent['interface'] = $pconfig['interface'];
199			pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
200			$ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
201			$ipsecent['remote-gateway'] = $_POST['remotegw'];
202			$ipsecent['p1']['mode'] = $_POST['p1mode'];
203	5dd55fa3	Scott Ullrich
204	5b237745	Scott Ullrich	$ipsecent['p1']['myident'] = array();
205			switch ($_POST['p1myidentt']) {
206			case 'myaddress':
207			$ipsecent['p1']['myident']['myaddress'] = true;
208			break;
209			case 'address':
210			$ipsecent['p1']['myident']['address'] = $_POST['p1myident'];
211			break;
212			case 'fqdn':
213			$ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
214			break;
215			case 'user_fqdn':
216			$ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
217			break;
218			}
219	5dd55fa3	Scott Ullrich
220	5b237745	Scott Ullrich	$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
221			$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
222			$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
223			$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
224			$ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
225			$ipsecent['p2']['protocol'] = $_POST['p2proto'];
226			$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
227			$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
228			$ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
229			$ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
230			$ipsecent['descr'] = $_POST['descr'];
231	5dd55fa3	Scott Ullrich
232	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id])
233			$a_ipsec[$id] = $ipsecent;
234			else
235			$a_ipsec[] = $ipsecent;
236	5dd55fa3	Scott Ullrich
237	5b237745	Scott Ullrich	write_config();
238			touch($d_ipsecconfdirty_path);
239	5dd55fa3	Scott Ullrich
240	5b237745	Scott Ullrich	header("Location: vpn_ipsec.php");
241			exit;
242			}
243			}
244			?>
245			<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
246			<html>
247			<head>
248			<title><?=gentitle("VPN: IPsec: Edit tunnel");?></title>
249			<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
250			<link href="gui.css" rel="stylesheet" type="text/css">
251			<script language="JavaScript">
252			<!--
253			function typesel_change() {
254			switch (document.iform.localnettype.selectedIndex) {
255			case 0: /* single */
256			document.iform.localnet.disabled = 0;
257			document.iform.localnetmask.value = "";
258			document.iform.localnetmask.disabled = 1;
259			break;
260			case 1: /* network */
261			document.iform.localnet.disabled = 0;
262			document.iform.localnetmask.disabled = 0;
263			break;
264			default:
265			document.iform.localnet.value = "";
266			document.iform.localnet.disabled = 1;
267			document.iform.localnetmask.value = "";
268			document.iform.localnetmask.disabled = 1;
269			break;
270			}
271			}
272			//-->
273			</script>
274			</head>
275
276			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
277			<?php include("fbegin.inc"); ?>
278			<p class="pgtitle">VPN: IPsec: Edit tunnel</p>
279			<?php if ($input_errors) print_input_errors($input_errors); ?>
280			<form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
281			<table width="100%" border="0" cellpadding="6" cellspacing="0">
282	5dd55fa3	Scott Ullrich	<tr>
283	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Mode</td>
284			<td width="78%" class="vtable"> Tunnel</td>
285			</tr>
286	5dd55fa3	Scott Ullrich	<tr>
287	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Disabled</td>
288	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
289	5b237745	Scott Ullrich	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
290			<strong>Disable this tunnel</strong><br>
291			<span class="vexpl">Set this option to disable this tunnel without
292			removing it from the list.</span></td>
293			</tr>
294	5dd55fa3	Scott Ullrich	<tr>
295	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Auto-establish</td>
296	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
297	5b237745	Scott Ullrich	<input name="auto" type="checkbox" id="auto" value="yes" <?php if ($pconfig['auto']) echo "checked"; ?>>
298			<strong>Automatically establish this tunnel</strong><br>
299			<span class="vexpl">Set this option to automatically re-establish this tunnel after reboots/reconfigures. If this is not set, the tunnel is established on demand.</span></td>
300			</tr>
301	5dd55fa3	Scott Ullrich	<tr>
302	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
303			<td width="78%" class="vtable"> <select name="interface" class="formfld">
304			<?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
305			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
306			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
307			}
308			foreach ($interfaces as $iface => $ifacename): ?>
309	5dd55fa3	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
310	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
311			</option>
312			<?php endforeach; ?>
313			</select> <br>
314			<span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td>
315			</tr>
316	5dd55fa3	Scott Ullrich	<tr>
317	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local subnet</td>
318	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
319	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
320	5dd55fa3	Scott Ullrich	<tr>
321	5b237745	Scott Ullrich	<td>Type:  </td>
322			<td><select name="localnettype" class="formfld" onChange="typesel_change()">
323			<?php $sel = is_specialnet($pconfig['localnet']); ?>
324	5dd55fa3	Scott Ullrich	<option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
325	5b237745	Scott Ullrich	Single host</option>
326	5dd55fa3	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
327	5b237745	Scott Ullrich	Network</option>
328	5dd55fa3	Scott Ullrich	<option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
329	5b237745	Scott Ullrich	LAN subnet</option>
330			</select></td>
331			</tr>
332	5dd55fa3	Scott Ullrich	<tr>
333	5b237745	Scott Ullrich	<td>Address:  </td>
334			<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
335	5dd55fa3	Scott Ullrich	/
336	5b237745	Scott Ullrich	<select name="localnetmask" class="formfld" id="localnetmask">
337	40dd6441	Scott Ullrich	<?php for ($i = 32; $i >= 0; $i--): ?>
338	5b237745	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
339			<?=$i;?>
340			</option>
341			<?php endfor; ?>
342			</select> </td>
343			</tr>
344			</table></td>
345			</tr>
346	5dd55fa3	Scott Ullrich	<tr>
347	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote subnet</td>
348	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
349	5b237745	Scott Ullrich	<input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
350	5dd55fa3	Scott Ullrich	/
351	5b237745	Scott Ullrich	<select name="remotebits" class="formfld" id="remotebits">
352			<?php for ($i = 32; $i > 0; $i--): ?>
353	5dd55fa3	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
354	5b237745	Scott Ullrich	<?=$i;?>
355			</option>
356			<?php endfor; ?>
357			</select></td>
358			</tr>
359	5dd55fa3	Scott Ullrich	<tr>
360	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote gateway</td>
361	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
362			<input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
363	5b237745	Scott Ullrich	<br>
364			Enter the public IP address of the remote gateway</td>
365			</tr>
366	5dd55fa3	Scott Ullrich	<tr>
367	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
368	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
369			<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
370			<br> <span class="vexpl">You may enter a description here
371	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
372			</tr>
373	5dd55fa3	Scott Ullrich	<tr>
374	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
375			</tr>
376	5dd55fa3	Scott Ullrich	<tr>
377			<td colspan="2" valign="top" class="listtopic">Phase 1 proposal
378	5b237745	Scott Ullrich	(Authentication)</td>
379			</tr>
380	5dd55fa3	Scott Ullrich	<tr>
381	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
382			<td width="78%" class="vtable">
383			<select name="p1mode" class="formfld">
384			<?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
385	5dd55fa3	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
386	5b237745	Scott Ullrich	<?=htmlspecialchars($mode);?>
387			</option>
388			<?php endforeach; ?>
389	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl">Aggressive is faster, but
390	5b237745	Scott Ullrich	less secure.</span></td>
391			</tr>
392	5dd55fa3	Scott Ullrich	<tr>
393	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">My identifier</td>
394			<td width="78%" class="vtable">
395			<select name="p1myidentt" class="formfld">
396			<?php foreach ($my_identifier_list as $mode => $modename): ?>
397	5dd55fa3	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
398	5b237745	Scott Ullrich	<?=htmlspecialchars($modename);?>
399			</option>
400			<?php endforeach; ?>
401	5dd55fa3	Scott Ullrich	</select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
402	5b237745	Scott Ullrich	</td>
403			</tr>
404	5dd55fa3	Scott Ullrich	<tr>
405	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
406			<td width="78%" class="vtable">
407			<select name="p1ealgo" class="formfld">
408			<?php foreach ($p1_ealgos as $algo => $algoname): ?>
409	5dd55fa3	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
410	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
411			</option>
412			<?php endforeach; ?>
413	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
414	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
415			</tr>
416	5dd55fa3	Scott Ullrich	<tr>
417	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
418			<td width="78%" class="vtable">
419			<select name="p1halgo" class="formfld">
420			<?php foreach ($p1_halgos as $algo => $algoname): ?>
421	5dd55fa3	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
422	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
423			</option>
424			<?php endforeach; ?>
425	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
426	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
427			</tr>
428	5dd55fa3	Scott Ullrich	<tr>
429	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">DH key group</td>
430			<td width="78%" class="vtable">
431			<select name="p1dhgroup" class="formfld">
432			<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
433	5dd55fa3	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
434	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroup);?>
435			</option>
436			<?php endforeach; ?>
437	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
438	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em><br>
439			Must match the setting chosen on the remote side. </span></td>
440			</tr>
441	5dd55fa3	Scott Ullrich	<tr>
442	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
443	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
444	5b237745	Scott Ullrich	<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
445			seconds</td>
446			</tr>
447	5dd55fa3	Scott Ullrich	<tr>
448	a615fd33	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
449	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
450			<input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
451	a615fd33	Scott Ullrich	<br>ASCII characters only!
452	5b237745	Scott Ullrich	</td>
453			</tr>
454	5dd55fa3	Scott Ullrich	<tr>
455	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
456			</tr>
457	5dd55fa3	Scott Ullrich	<tr>
458			<td colspan="2" valign="top" class="listtopic">Phase 2 proposal
459	5b237745	Scott Ullrich	(SA/Key Exchange)</td>
460			</tr>
461	5dd55fa3	Scott Ullrich	<tr>
462	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
463			<td width="78%" class="vtable">
464			<select name="p2proto" class="formfld">
465			<?php foreach ($p2_protos as $proto => $protoname): ?>
466	5dd55fa3	Scott Ullrich	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
467	5b237745	Scott Ullrich	<?=htmlspecialchars($protoname);?>
468			</option>
469			<?php endforeach; ?>
470	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl">ESP is encryption, AH is
471	5b237745	Scott Ullrich	authentication only </span></td>
472			</tr>
473	5dd55fa3	Scott Ullrich	<tr>
474	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
475	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
476	5b237745	Scott Ullrich	<?php foreach ($p2_ealgos as $algo => $algoname): ?>
477	5dd55fa3	Scott Ullrich	<input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
478	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
479	5dd55fa3	Scott Ullrich	<br>
480	5b237745	Scott Ullrich	<?php endforeach; ?>
481			<br>
482	5dd55fa3	Scott Ullrich	Hint: use 3DES for best compatibility or if you have a hardware
483			crypto accelerator card. Blowfish is usually the fastest in
484	5b237745	Scott Ullrich	software encryption. </td>
485			</tr>
486	5dd55fa3	Scott Ullrich	<tr>
487	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
488	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
489	5b237745	Scott Ullrich	<?php foreach ($p2_halgos as $algo => $algoname): ?>
490	5dd55fa3	Scott Ullrich	<input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
491	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
492	5dd55fa3	Scott Ullrich	<br>
493	5b237745	Scott Ullrich	<?php endforeach; ?>
494			</td>
495			</tr>
496	5dd55fa3	Scott Ullrich	<tr>
497	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">PFS key group</td>
498			<td width="78%" class="vtable">
499			<select name="p2pfsgroup" class="formfld">
500			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
501	5dd55fa3	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
502	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroupname);?>
503			</option>
504			<?php endforeach; ?>
505	5dd55fa3	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
506	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em></span></td>
507			</tr>
508	5dd55fa3	Scott Ullrich	<tr>
509	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
510	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
511	5b237745	Scott Ullrich	<input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
512			seconds</td>
513			</tr>
514	5dd55fa3	Scott Ullrich
515
516			<tr>
517			<td colspan="2" class="list" height="12"></td>
518			</tr>
519			<tr>
520			<td colspan="2" valign="top" class="listtopic">Misc</td>
521			</tr>
522			<tr>
523			<td width="22%" valign="top" class="vncell">Multi-Tunnel routing</td>
524			<td width="78%" class="vtable">
525			<input name="creategif" type="checkbox" id="creategif" size="40" value="<? if($pconfig['creategif']) echo " CHECKED"; ?>"><b> Turn on multi-subnet routing.</b>
526			<br> <span class="vexpl">If you would like to route multiple subnets across this VPN, check this.</span></td>
527			</tr>
528
529			<tr>
530	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
531	5dd55fa3	Scott Ullrich	<td width="78%">
532	fc01e414	Scott Ullrich	<input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
533	5b237745	Scott Ullrich	<?php if (isset($id) && $a_ipsec[$id]): ?>
534	5dd55fa3	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
535	5b237745	Scott Ullrich	<?php endif; ?>
536			</td>
537			</tr>
538			</table>
539			</form>
540			<script language="JavaScript">
541			<!--
542			typesel_change();
543			//-->
544			</script>
545			<?php include("fend.inc"); ?>
546			</body>
547			</html>

Project

General

Profile

pfSense