/usr/local/www/vpn_ipsec_phase1.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase1.php @ cd132e86

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase1.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase1
34			##\|*NAME=VPN: IPsec: Edit Phase 1 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 1' page.
36			##\|MATCH=vpn_ipsec_phase1.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44			if (!is_array($config['ipsec']['phase1']))
45			$config['ipsec']['phase1'] = array();
46
47	647c7c48	Seth Mos	if (!is_array($config['ipsec']['phase2']))
48			$config['ipsec']['phase2'] = array();
49
50	a93e56c5	Matthew Grooms	$a_phase1 = &$config['ipsec']['phase1'];
51	647c7c48	Seth Mos	$a_phase2 = &$config['ipsec']['phase2'];
52	a93e56c5	Matthew Grooms
53			$p1index = $_GET['p1index'];
54			if (isset($_POST['p1index']))
55			$p1index = $_POST['p1index'];
56
57			if (isset($_GET['dup'])) {
58			$p1index = $_GET['dup'];
59			}
60
61	fad728ab	sullrich	if (isset($p1index) && $a_phase1[$p1index]) {
62	99bbd213	Matthew Grooms	// don't copy the ikeid on dup
63			if (!isset($_GET['dup']))
64			$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
65	7fc26246	Seth Mos
66	647c7c48	Seth Mos	$old_ph1ent = $a_phase1[$p1index];
67	99bbd213	Matthew Grooms
68	a93e56c5	Matthew Grooms	$pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']);
69
70			if ($a_phase1[$p1index]['interface'])
71			$pconfig['interface'] = $a_phase1[$p1index]['interface'];
72			else
73			$pconfig['interface'] = "wan";
74
75			list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
76	3462a529	Matthew Grooms
77			if (isset($a_phase1[$p1index]['mobile']))
78			$pconfig['mobile'] = 'true';
79			else
80			$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
81
82	a93e56c5	Matthew Grooms	$pconfig['mode'] = $a_phase1[$p1index]['mode'];
83	e79b24ab	Seth Mos	$pconfig['protocol'] = $a_phase1[$p1index]['protocol'];
84	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
85			$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data'];
86			$pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type'];
87			$pconfig['peerid_data'] = $a_phase1[$p1index]['peerid_data'];
88			$pconfig['ealgo'] = $a_phase1[$p1index]['encryption-algorithm'];
89			$pconfig['halgo'] = $a_phase1[$p1index]['hash-algorithm'];
90			$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup'];
91			$pconfig['lifetime'] = $a_phase1[$p1index]['lifetime'];
92			$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
93	5cd9e96a	jim-p	$pconfig['generate_policy'] = $a_phase1[$p1index]['generate_policy'];
94	812dd35d	jim-p	$pconfig['proposal_check'] = $a_phase1[$p1index]['proposal_check'];
95	4e2af464	Matthew Grooms
96	fad728ab	sullrich	if (($pconfig['authentication_method'] == "pre_shared_key") \|\|
97	4e2af464	Matthew Grooms	($pconfig['authentication_method'] == "xauth_psk_server")) {
98			$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
99			} else {
100	73fbece8	mgrooms	$pconfig['certref'] = $a_phase1[$p1index]['certref'];
101	a22d475f	jim-p	$pconfig['caref'] = $a_phase1[$p1index]['caref'];
102	4e2af464	Matthew Grooms	}
103	a93e56c5	Matthew Grooms
104			$pconfig['descr'] = $a_phase1[$p1index]['descr'];
105			$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
106	3462a529	Matthew Grooms
107			if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) {
108			$pconfig['dpd_enable'] = true;
109			$pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay'];
110			$pconfig['dpd_maxfail'] = $a_phase1[$p1index]['dpd_maxfail'];
111			}
112	fad728ab	sullrich	} else {
113	a93e56c5	Matthew Grooms	/* defaults */
114			$pconfig['interface'] = "wan";
115			if($config['interfaces']['lan'])
116			$pconfig['localnet'] = "lan";
117			$pconfig['mode'] = "aggressive";
118	e79b24ab	Seth Mos	$pconfig['protocol'] = "inet";
119	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = "myaddress";
120			$pconfig['peerid_type'] = "peeraddress";
121			$pconfig['authentication_method'] = "pre_shared_key";
122			$pconfig['ealgo'] = array( name => "3des" );
123			$pconfig['halgo'] = "sha1";
124			$pconfig['dhgroup'] = "2";
125			$pconfig['lifetime'] = "28800";
126			$pconfig['nat_traversal'] = "on";
127	3462a529	Matthew Grooms	$pconfig['dpd_enable'] = true;
128
129			/* mobile client */
130			if($_GET['mobile'])
131			$pconfig['mobile']=true;
132	a93e56c5	Matthew Grooms	}
133
134			if (isset($_GET['dup']))
135			unset($p1index);
136
137			if ($_POST) {
138			unset($input_errors);
139			$pconfig = $_POST;
140
141			/* input validation */
142	3462a529	Matthew Grooms
143			$method = $pconfig['authentication_method'];
144	f27526cd	Evgeny Yurchenko	// Unset ca and cert if not required to avaoid storing in config
145			if ($method == "pre_shared_key" \|\| method == "xauth_psk_server"){
146			unset($pconfig['caref']);
147			unset($pconfig['certref']);
148			}
149	99642234	jim-p
150	1f65618b	jim-p	// Only require PSK here for normal PSK tunnels (not mobile) or xauth.
151	0a7c9c8e	jim-p	// For RSA methods, require the CA/Cert.
152	99642234	jim-p	switch ($method) {
153			case "pre_shared_key":
154	0a7c9c8e	jim-p	// If this is a mobile PSK tunnel the user PSKs go on
155			// the PSK tab, not here, so skip the check.
156	99642234	jim-p	if ($pconfig['mobile'])
157			break;
158			case "xauth_psk_server":
159			$reqdfields = explode(" ", "pskey");
160			$reqdfieldsn = array(gettext("Pre-Shared Key"));
161			break;
162			case "hybrid_rsa_server":
163			case "xauth_rsa_server":
164			case "rsasig":
165			$reqdfields = explode(" ", "caref certref");
166			$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
167			break;
168	a93e56c5	Matthew Grooms	}
169	3462a529	Matthew Grooms	if (!$pconfig['mobile']) {
170			$reqdfields[] = "remotegw";
171	2fbb33f1	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote gateway");
172	3462a529	Matthew Grooms	}
173	a93e56c5	Matthew Grooms
174	3462a529	Matthew Grooms	do_input_validation($pconfig, $reqdfields, $reqdfieldsn, &$input_errors);
175	a93e56c5	Matthew Grooms
176	3462a529	Matthew Grooms	if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
177	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("The P1 lifetime must be an integer.");
178	a93e56c5	Matthew Grooms
179	3462a529	Matthew Grooms	if (($pconfig['remotegw'] && !is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw'])))
180	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
181	a93e56c5	Matthew Grooms
182	3462a529	Matthew Grooms	if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
183	a93e56c5	Matthew Grooms	$t = 0;
184			foreach ($a_phase1 as $ph1tmp) {
185			if ($p1index <> $t) {
186			$tremotegw = $pconfig['remotegw'];
187			if (($ph1tmp['remote-gateway'] == $tremotegw) && !isset($ph1tmp['disabled'])) {
188	ddc55e12	Erik Fonnesbeck	$input_errors[] = sprintf(gettext('The remote gateway "%1$s" is already used by phase1 "%2$s".'), $tremotegw, $ph1tmp['descr']);
189	a93e56c5	Matthew Grooms	}
190			}
191			$t++;
192			}
193			}
194
195			/* My identity */
196
197	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "myaddress")
198			$pconfig['myid_data'] = "";
199	a93e56c5	Matthew Grooms
200	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
201	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter an address for 'My Identifier'");
202
203	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
204	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
205
206	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
207	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
208
209	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
210	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
211
212	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
213	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
214
215	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
216	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'My identifier' must be specified.");
217	a93e56c5	Matthew Grooms
218	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
219	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'My identifier' must be specified.");
220	a93e56c5	Matthew Grooms
221	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn")
222			if (is_domain($pconfig['myid_data']) == false)
223	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified.");
224	a93e56c5	Matthew Grooms
225	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn") {
226			$user_fqdn = explode("@",$pconfig['myid_data']);
227	a93e56c5	Matthew Grooms	if (is_domain($user_fqdn[1]) == false)
228	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.");
229	a93e56c5	Matthew Grooms	}
230
231	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns")
232			if (is_domain($pconfig['myid_data']) == false)
233	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified.");
234	a93e56c5	Matthew Grooms
235			/* Peer identity */
236
237	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "peeraddress")
238			$pconfig['peerid_data'] = "";
239
240	1f65618b	jim-p	// Only enforce peer ID if we are not dealing with a pure-psk mobile config.
241			if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) {
242			if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
243			$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
244	a93e56c5	Matthew Grooms
245	1f65618b	jim-p	if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
246			$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
247	a93e56c5	Matthew Grooms
248	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
249			$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
250	a93e56c5	Matthew Grooms
251	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
252			$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
253	a93e56c5	Matthew Grooms
254	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
255	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified.");
256	a93e56c5	Matthew Grooms
257	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
258	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified.");
259	a93e56c5	Matthew Grooms
260	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn")
261			if (is_domain($pconfig['peerid_data']) == false)
262	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified.");
263	a93e56c5	Matthew Grooms
264	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn") {
265			$user_fqdn = explode("@",$pconfig['peerid_data']);
266			if (is_domain($user_fqdn[1]) == false)
267	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.");
268	1f65618b	jim-p	}
269	a93e56c5	Matthew Grooms	}
270
271	3462a529	Matthew Grooms	if ($pconfig['dpd_enable']) {
272			if (!is_numeric($pconfig['dpd_delay']))
273	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD delay.");
274	a93e56c5	Matthew Grooms
275	3462a529	Matthew Grooms	if (!is_numeric($pconfig['dpd_maxfail']))
276	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD retries.");
277	a93e56c5	Matthew Grooms	}
278
279			/* build our encryption algorithms array */
280			$pconfig['ealgo'] = array();
281			$pconfig['ealgo']['name'] = $_POST['ealgo'];
282	3462a529	Matthew Grooms	if($pconfig['ealgo_keylen'])
283	a93e56c5	Matthew Grooms	$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
284
285			if (!$input_errors) {
286	3462a529	Matthew Grooms	$ph1ent['ikeid'] = $pconfig['ikeid'];
287			$ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
288	a93e56c5	Matthew Grooms	$ph1ent['interface'] = $pconfig['interface'];
289			/* if the remote gateway changed and the interface is not WAN then remove route */
290			/* the vpn_ipsec_configure() handles adding the route */
291	3462a529	Matthew Grooms	if ($pconfig['interface'] <> "wan") {
292	7fc26246	Seth Mos	if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
293	3acab378	smos	mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
294	a93e56c5	Matthew Grooms	}
295			}
296
297	3462a529	Matthew Grooms	if ($pconfig['mobile'])
298			$ph1ent['mobile'] = true;
299			else
300			$ph1ent['remote-gateway'] = $pconfig['remotegw'];
301
302			$ph1ent['mode'] = $pconfig['mode'];
303	e79b24ab	Seth Mos	$ph1ent['protocol'] = $pconfig['protocol'];
304	3462a529	Matthew Grooms
305			$ph1ent['myid_type'] = $pconfig['myid_type'];
306			$ph1ent['myid_data'] = $pconfig['myid_data'];
307			$ph1ent['peerid_type'] = $pconfig['peerid_type'];
308			$ph1ent['peerid_data'] = $pconfig['peerid_data'];
309	a93e56c5	Matthew Grooms
310			$ph1ent['encryption-algorithm'] = $pconfig['ealgo'];
311	3462a529	Matthew Grooms	$ph1ent['hash-algorithm'] = $pconfig['halgo'];
312			$ph1ent['dhgroup'] = $pconfig['dhgroup'];
313			$ph1ent['lifetime'] = $pconfig['lifetime'];
314			$ph1ent['pre-shared-key'] = $pconfig['pskey'];
315			$ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
316	73fbece8	mgrooms	$ph1ent['certref'] = $pconfig['certref'];
317	a22d475f	jim-p	$ph1ent['caref'] = $pconfig['caref'];
318	3462a529	Matthew Grooms	$ph1ent['authentication_method'] = $pconfig['authentication_method'];
319	5cd9e96a	jim-p	$ph1ent['generate_policy'] = $pconfig['generate_policy'];
320	812dd35d	jim-p	$ph1ent['proposal_check'] = $pconfig['proposal_check'];
321	3462a529	Matthew Grooms	$ph1ent['descr'] = $pconfig['descr'];
322			$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
323
324			if (isset($pconfig['dpd_enable'])) {
325			$ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
326			$ph1ent['dpd_maxfail'] = $pconfig['dpd_maxfail'];
327			}
328
329	a93e56c5	Matthew Grooms	/* generate unique phase1 ikeid */
330	d799787e	Matthew Grooms	if ($ph1ent['ikeid'] == 0)
331			$ph1ent['ikeid'] = ipsec_ikeid_next();
332	a93e56c5	Matthew Grooms
333			if (isset($p1index) && $a_phase1[$p1index])
334			$a_phase1[$p1index] = $ph1ent;
335			else
336			$a_phase1[] = $ph1ent;
337
338	647c7c48	Seth Mos	/* now we need to find all phase2 entries for this host */
339			if (is_array($a_phase2) && (count($a_phase2))) {
340			foreach ($a_phase2 as $phase2) {
341			if($phase2['ikeid'] == $ph1ent['ikeid']) {
342	7fc26246	Seth Mos	log_error("Reload {$ph1ent['descr']} tunnel(s)");
343	647c7c48	Seth Mos	$old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']);
344			$old_phase2 = $phase2;
345			reload_tunnel_spd_policy ($ph1ent, $phase2, $old_ph1ent, $old_phase2);
346			}
347			}
348			}
349	a93e56c5	Matthew Grooms	write_config();
350	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
351	a93e56c5	Matthew Grooms
352			header("Location: vpn_ipsec.php");
353			exit;
354			}
355			}
356
357	3462a529	Matthew Grooms	if ($pconfig['mobile'])
358	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client"));
359	3462a529	Matthew Grooms	else
360	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"));
361	6deedfde	jim-p	$statusurl = "diag_ipsec.php";
362			$logurl = "diag_logs_ipsec.php";
363
364	3462a529	Matthew Grooms
365	a93e56c5	Matthew Grooms	include("head.inc");
366
367			?>
368
369			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
370			<?php include("fbegin.inc"); ?>
371			<script language="JavaScript">
372			<!--
373	3462a529	Matthew Grooms
374			function myidsel_change() {
375			index = document.iform.myid_type.selectedIndex;
376			value = document.iform.myid_type.options[index].value;
377			if (value == 'myaddress')
378	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'hidden';
379	3462a529	Matthew Grooms	else
380	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'visible';
381	3462a529	Matthew Grooms	}
382
383			function peeridsel_change() {
384			index = document.iform.peerid_type.selectedIndex;
385			value = document.iform.peerid_type.options[index].value;
386			if (value == 'peeraddress')
387	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'hidden';
388	3462a529	Matthew Grooms	else
389	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'visible';
390	3462a529	Matthew Grooms	}
391
392	a93e56c5	Matthew Grooms	function methodsel_change() {
393	3462a529	Matthew Grooms	index = document.iform.authentication_method.selectedIndex;
394			value = document.iform.authentication_method.options[index].value;
395
396			switch (value) {
397			case 'hybrid_rsa_server':
398	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = 'none';
399	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
400	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = '';
401	a22d475f	jim-p	document.getElementById('opt_ca').style.display = '';
402	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = false;
403			document.getElementById('opt_ca').disabled = false;
404	3462a529	Matthew Grooms	break;
405			case 'xauth_rsa_server':
406			case 'rsasig':
407	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = 'none';
408	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
409	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = '';
410	a22d475f	jim-p	document.getElementById('opt_ca').style.display = '';
411	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = false;
412			document.getElementById('opt_ca').disabled = false;
413	a93e56c5	Matthew Grooms	break;
414	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
415			case 'pre_shared_key':
416			document.getElementById('opt_psk').style.display = 'none';
417			document.getElementById('opt_peerid').style.display = 'none';
418			document.getElementById('opt_cert').style.display = 'none';
419	a22d475f	jim-p	document.getElementById('opt_ca').style.display = 'none';
420	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = true;
421			document.getElementById('opt_ca').disabled = true;
422	1f65618b	jim-p	break;
423			<?php } ?>
424	3462a529	Matthew Grooms	default: /* psk modes*/
425	5a3b0d3b	mgrooms	document.getElementById('opt_psk').style.display = '';
426	1f65618b	jim-p	document.getElementById('opt_peerid').style.display = '';
427	73fbece8	mgrooms	document.getElementById('opt_cert').style.display = 'none';
428	a22d475f	jim-p	document.getElementById('opt_ca').style.display = 'none';
429	a2eec62a	jim-p	document.getElementById('opt_cert').disabled = true;
430			document.getElementById('opt_ca').disabled = true;
431	a93e56c5	Matthew Grooms	break;
432			}
433			}
434
435			/* PHP generated java script for variable length keys */
436			function ealgosel_change(bits) {
437			switch (document.iform.ealgo.selectedIndex) {
438			<?php
439			$i = 0;
440			foreach ($p1_ealgos as $algo => $algodata) {
441			if (is_array($algodata['keysel'])) {
442			echo " case {$i}:\n";
443			echo " document.iform.ealgo_keylen.style.visibility = 'visible';\n";
444			echo " document.iform.ealgo_keylen.options.length = 0;\n";
445			// echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
446
447			$key_hi = $algodata['keysel']['hi'];
448			$key_lo = $algodata['keysel']['lo'];
449			$key_step = $algodata['keysel']['step'];
450
451			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step)
452			echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n";
453			echo " break;\n";
454			} else {
455			echo " case {$i}:\n";
456			echo " document.iform.ealgo_keylen.style.visibility = 'hidden';\n";
457			echo " document.iform.ealgo_keylen.options.length = 0;\n";
458			echo " break;\n";
459			}
460			$i++;
461			}
462			?>
463			}
464
465			if( bits )
466			document.iform.ealgo_keylen.value = bits;
467			}
468	3462a529	Matthew Grooms
469	a93e56c5	Matthew Grooms	function dpdchkbox_change() {
470	5a3b0d3b	mgrooms	if( document.iform.dpd_enable.checked )
471			document.getElementById('opt_dpd').style.display = '';
472			else
473			document.getElementById('opt_dpd').style.display = 'none';
474	3462a529	Matthew Grooms
475			if (!document.iform.dpd_delay.value)
476			document.iform.dpd_delay.value = "10";
477
478			if (!document.iform.dpd_maxfail.value)
479			document.iform.dpd_maxfail.value = "5";
480	a93e56c5	Matthew Grooms	}
481	3462a529	Matthew Grooms
482	a93e56c5	Matthew Grooms	//-->
483			</script>
484	5a3b0d3b	mgrooms
485			<form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform">
486
487			<?php
488			if ($input_errors)
489			print_input_errors($input_errors);
490			?>
491
492			<table width="100%" border="0" cellpadding="0" cellspacing="0">
493			<tr class="tabnavtbl">
494			<td id="tabnav">
495			<?php
496			$tab_array = array();
497	2fbb33f1	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
498			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
499			$tab_array[2] = array(gettext("Pre-shared keys"), false, "vpn_ipsec_keys.php");
500	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
501			?>
502			</td>
503			</tr>
504			<tr>
505			<td id="mainarea">
506			<div class="tabcont">
507			<table width="100%" border="0" cellpadding="6" cellspacing="0">
508			<tr>
509	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
510	5a3b0d3b	mgrooms	</tr>
511			<tr>
512	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
513	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
514			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
515	2fbb33f1	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase1 entry"); ?></strong><br>
516	5a3b0d3b	mgrooms	<span class="vexpl">
517	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this phase1 without " .
518			"removing it from the list"); ?>.
519	5a3b0d3b	mgrooms	</span>
520			</td>
521			</tr>
522	e79b24ab	Seth Mos	<tr>
523			<td width="22%" valign="top" class="vncellreq"><?=gettext("Internet Protocol"); ?></td>
524			<td width="78%" class="vtable">
525			<select name="protocol" class="formselect">
526			<?php
527			$protocols = array("inet" => "IPv4", "inet6" => "IPv6");
528			foreach ($protocols as $protocol => $name):
529			?>
530			<option value="<?=$protocol;?>" <?php if ($protocol == $pconfig['protocol']) echo "selected"; ?>>
531			<?=htmlspecialchars($name);?>
532			</option>
533			<?php endforeach; ?>
534			</select> <br> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
535			</td>
536			</tr>
537	5a3b0d3b	mgrooms	<tr>
538	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
539	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
540			<select name="interface" class="formselect">
541			<?php
542			$interfaces = get_configured_interface_with_descr();
543	abcb2bed	Ermal Lu?i	$carplist = get_configured_carp_interface_list();
544			foreach ($carplist as $cif => $carpip)
545	dd62256f	Pierre POMES	$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
546	25f6730a	Pierre POMES	$aliaslist = get_configured_ip_aliases_list();
547			foreach ($aliaslist as $aliasip => $aliasif)
548	96b4c29a	Pierre POMES	$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
549	5a3b0d3b	mgrooms	foreach ($interfaces as $iface => $ifacename):
550			?>
551			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
552			<?=htmlspecialchars($ifacename);?>
553			</option>
554			<?php endforeach; ?>
555			</select>
556			<br>
557	2fbb33f1	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Select the interface for the local endpoint of this phase1 entry"); ?>.</span>
558	5a3b0d3b	mgrooms	</td>
559			</tr>
560
561			<?php if (!$pconfig['mobile']): ?>
562
563			<tr>
564	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote gateway"); ?></td>
565	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
566	c271c485	Seth Mos	<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="28" value="<?=htmlspecialchars($pconfig['remotegw']);?>">
567	5a3b0d3b	mgrooms	<br>
568	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Enter the public IP address or host name of the remote gateway"); ?>
569	5a3b0d3b	mgrooms	</td>
570			</tr>
571
572			<?php endif; ?>
573
574			<tr>
575	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
576	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
577			<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
578			<br>
579			<span class="vexpl">
580	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
581			"for your reference (not parsed)"); ?>.
582	5a3b0d3b	mgrooms	</span>
583			</td>
584			</tr>
585			<tr>
586			<td colspan="2" class="list" height="12"></td>
587			</tr>
588			<tr>
589			<td colspan="2" valign="top" class="listtopic">
590	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Phase 1 proposal (Authentication)"); ?>
591	5a3b0d3b	mgrooms	</td>
592			</tr>
593	71d61aa5	jim-p	<tr>
594	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication method"); ?></td>
595	71d61aa5	jim-p	<td width="78%" class="vtable">
596			<select name="authentication_method" class="formselect" onChange="methodsel_change()">
597			<?php
598			foreach ($p1_authentication_methods as $method_type => $method_params):
599			if (!$pconfig['mobile'] && $method_params['mobile'])
600			continue;
601			?>
602			<option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected"; ?>>
603			<?=htmlspecialchars($method_params['name']);?>
604			</option>
605			<?php endforeach; ?>
606			</select>
607			<br>
608			<span class="vexpl">
609	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
610	71d61aa5	jim-p	</span>
611			</td>
612			</tr>
613	5a3b0d3b	mgrooms	<tr>
614	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Negotiation mode"); ?></td>
615	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
616			<select name="mode" class="formselect">
617			<?php
618	19bd7032	Vinicius Coque	$modes = array("main","aggressive");
619	5a3b0d3b	mgrooms	foreach ($modes as $mode):
620			?>
621			<option value="<?=$mode;?>" <?php if ($mode == $pconfig['mode']) echo "selected"; ?>>
622			<?=htmlspecialchars($mode);?>
623			</option>
624			<?php endforeach; ?>
625	2fbb33f1	Carlos Eduardo Ramos	</select> <br> <span class="vexpl"><?=gettext("Aggressive is more flexible, but less secure"); ?>.</span>
626	5a3b0d3b	mgrooms	</td>
627			</tr>
628			<tr>
629	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My identifier"); ?></td>
630	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
631			<select name="myid_type" class="formselect" onChange="myidsel_change()">
632			<?php foreach ($my_identifier_list as $id_type => $id_params): ?>
633			<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['myid_type']) echo "selected"; ?>>
634			<?=htmlspecialchars($id_params['desc']);?>
635			</option>
636			<?php endforeach; ?>
637			</select>
638	dd5bf424	Scott Ullrich	<input name="myid_data" type="text" class="formfld unknown" id="myid_data" size="30" value="<?=htmlspecialchars($pconfig['myid_data']);?>">
639	5a3b0d3b	mgrooms	</td>
640			</tr>
641	1f65618b	jim-p	<tr id="opt_peerid">
642	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer identifier"); ?></td>
643	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
644			<select name="peerid_type" class="formselect" onChange="peeridsel_change()">
645			<?php
646			foreach ($peer_identifier_list as $id_type => $id_params):
647			if ($pconfig['mobile'] && !$id_params['mobile'])
648			continue;
649			?>
650			<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected"; ?>>
651			<?=htmlspecialchars($id_params['desc']);?>
652			</option>
653			<?php endforeach; ?>
654			</select>
655	dd5bf424	Scott Ullrich	<input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=htmlspecialchars($pconfig['peerid_data']);?>">
656	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
657	2fbb33f1	Carlos Eduardo Ramos	<br/><br/><?=gettext("NOTE: This is known as the \"group\" setting on some VPN client implementations"); ?>.
658	1f65618b	jim-p	<?php } ?>
659	5a3b0d3b	mgrooms	</td>
660			</tr>
661	71d61aa5	jim-p	<tr id="opt_psk">
662	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
663	71d61aa5	jim-p	<td width="78%" class="vtable">
664			<?=$mandfldhtml;?>
665			<input name="pskey" type="text" class="formfld unknown" id="pskey" size="40" value="<?=htmlspecialchars($pconfig['pskey']);?>">
666			<span class="vexpl">
667			<br>
668	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Input your pre-shared key string"); ?>.
669	71d61aa5	jim-p	</span>
670			</td>
671			</tr>
672	5cd9e96a	jim-p	<tr id="generate_policy">
673			<td width="22%" valign="top" class="vncellreq"><?=gettext("Policy Generation"); ?></td>
674			<td width="78%" class="vtable">
675			<select name="generate_policy" class="formselect">
676			<option value="" <?php if (empty($pconfig['generate_policy'])) echo "selected"; ?>>Default</option>
677			<option value="on" <?php if ($pconfig['generate_policy'] == "on") echo "selected"; ?>>On</option>
678			<option value="off" <?php if ($pconfig['generate_policy'] == "off") echo "selected"; ?>>Off</option>
679			<option value="require" <?php if ($pconfig['generate_policy'] == "require") echo "selected"; ?>>Require</option>
680			<option value="unique" <?php if ($pconfig['generate_policy'] == "unique") echo "selected"; ?>>Unique</option>
681			</select>
682			<br>
683			<span class="vexpl">
684			<?=gettext("When working as a responder (as with mobile clients), this controls how policies are generated based on SA proposals."); ?>
685			</span>
686			</td>
687			</tr>
688	812dd35d	jim-p	<tr id="proposal_check">
689			<td width="22%" valign="top" class="vncellreq"><?=gettext("Proposal Checking"); ?></td>
690			<td width="78%" class="vtable">
691			<select name="proposal_check" class="formselect">
692			<option value="" <?php if (empty($pconfig['proposal_check'])) echo "selected"; ?>>Default</option>
693			<option value="obey" <?php if ($pconfig['proposal_check'] == "obey") echo "selected"; ?>>Obey</option>
694			<option value="strict" <?php if ($pconfig['proposal_check'] == "strict") echo "selected"; ?>>Strict</option>
695			<option value="claim" <?php if ($pconfig['proposal_check'] == "claim") echo "selected"; ?>>Claim</option>
696			<option value="exact" <?php if ($pconfig['proposal_check'] == "exact") echo "selected"; ?>>Exact</option>
697			</select>
698			<br>
699			<span class="vexpl">
700			<?=gettext("Specifies the action of lifetime length, key length, and PFS of the phase 2 selection on the responder side, and the action of lifetime check in phase 1."); ?>
701			</span>
702			</td>
703			</tr>
704	5a3b0d3b	mgrooms	<tr>
705	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
706	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
707			<select name="ealgo" class="formselect" onChange="ealgosel_change()">
708			<?php
709			foreach ($p1_ealgos as $algo => $algodata):
710			$selected = '';
711			if ($algo == $pconfig['ealgo']['name'])
712			$selected = ' selected';
713			?>
714			<option value="<?=$algo;?>"<?=$selected?>>
715			<?=htmlspecialchars($algodata['name']);?>
716			</option>
717			<?php endforeach; ?>
718			</select>
719			<select name="ealgo_keylen" width="30" class="formselect">
720			</select>
721			</td>
722			</tr>
723			<tr>
724	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithm"); ?></td>
725	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
726			<select name="halgo" class="formselect">
727			<?php foreach ($p1_halgos as $algo => $algoname): ?>
728			<option value="<?=$algo;?>" <?php if ($algo == $pconfig['halgo']) echo "selected"; ?>>
729			<?=htmlspecialchars($algoname);?>
730			</option>
731			<?php endforeach; ?>
732			</select>
733			<br>
734			<span class="vexpl">
735	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
736	5a3b0d3b	mgrooms	</span>
737			</td>
738			</tr>
739			<tr>
740	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH key group"); ?></td>
741	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
742			<select name="dhgroup" class="formselect">
743			<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
744			<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['dhgroup']) echo "selected"; ?>>
745			<?=htmlspecialchars($keygroup);?>
746			</option>
747			<?php endforeach; ?>
748			</select>
749			<br>
750			<span class="vexpl">
751	2fbb33f1	Carlos Eduardo Ramos	<em><?=gettext("1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit"); ?></em>
752	5a3b0d3b	mgrooms	<br>
753	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
754	5a3b0d3b	mgrooms	</span>
755			</td>
756			</tr>
757			<tr>
758	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
759	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
760	dd5bf424	Scott Ullrich	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>">
761	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
762	5a3b0d3b	mgrooms	</td>
763			</tr>
764	73fbece8	mgrooms	<tr id="opt_cert">
765	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td>
766	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
767	73fbece8	mgrooms	<select name='certref' class="formselect">
768			<?php
769	b4e6524c	jim-p	foreach ($config['cert'] as $cert):
770	73fbece8	mgrooms	$selected = "";
771			if ($pconfig['certref'] == $cert['refid'])
772			$selected = "selected";
773			?>
774	f2a86ca9	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option>
775	73fbece8	mgrooms	<?php endforeach; ?>
776			</select>
777	5a3b0d3b	mgrooms	<br>
778	73fbece8	mgrooms	<span class="vexpl">
779	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>.
780	73fbece8	mgrooms	</span>
781	5a3b0d3b	mgrooms	</td>
782			</tr>
783	a22d475f	jim-p	<tr id="opt_ca">
784			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
785			<td width="78%" class="vtable">
786			<select name='caref' class="formselect">
787			<?php
788	b4e6524c	jim-p	foreach ($config['ca'] as $ca):
789	a22d475f	jim-p	$selected = "";
790			if ($pconfig['caref'] == $ca['refid'])
791			$selected = "selected";
792			?>
793	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
794	a22d475f	jim-p	<?php endforeach; ?>
795			</select>
796			<br>
797			<span class="vexpl">
798			<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
799			</span>
800			</td>
801			</tr>
802	5a3b0d3b	mgrooms	<tr>
803			<td colspan="2" class="list" height="12"></td>
804			</tr>
805			<tr>
806	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
807	5a3b0d3b	mgrooms	</tr>
808			<tr>
809	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT Traversal"); ?></td>
810	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
811			<select name="nat_traversal" class="formselect">
812	2fbb33f1	Carlos Eduardo Ramos	<option value="off" <?php if ($pconfig['nat_traversal'] == "off") echo "selected"; ?>><?=gettext("Disable"); ?></option>
813			<option value="on" <?php if ($pconfig['nat_traversal'] == "on") echo "selected"; ?>><?=gettext("Enable"); ?></option>
814			<option value="force" <?php if ($pconfig['nat_traversal'] == "force") echo "selected"; ?>><?=gettext("Force"); ?></option>
815	5a3b0d3b	mgrooms	</select>
816			<br/>
817			<span class="vexpl">
818	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed, " .
819			"which can help with clients that are behind restrictive firewalls"); ?>.
820	5a3b0d3b	mgrooms	</span>
821			</td>
822			</tr>
823			<tr>
824	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dead Peer Detection"); ?></td>
825	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
826			<input name="dpd_enable" type="checkbox" id="dpd_enable" value="yes" <?php if (isset($pconfig['dpd_enable'])) echo "checked"; ?> onClick="dpdchkbox_change()">
827	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Enable DPD"); ?><br>
828	5a3b0d3b	mgrooms	<div id="opt_dpd">
829			<br>
830	dd5bf424	Scott Ullrich	<input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=htmlspecialchars($pconfig['dpd_delay']);?>">
831	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("seconds"); ?><br>
832	5a3b0d3b	mgrooms	<span class="vexpl">
833	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Delay between requesting peer acknowledgement"); ?>.
834	5a3b0d3b	mgrooms	</span><br>
835			<br>
836	dd5bf424	Scott Ullrich	<input name="dpd_maxfail" type="text" class="formfld unknown" id="dpd_maxfail" size="5" value="<?=htmlspecialchars($pconfig['dpd_maxfail']);?>">
837	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("retries"); ?><br>
838	5a3b0d3b	mgrooms	<span class="vexpl">
839	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Number of consecutive failures allowed before disconnect"); ?>.
840	5a3b0d3b	mgrooms	</span>
841			<br>
842			</div>
843			</td>
844			</tr>
845			<tr>
846			<td width="22%" valign="top"> </td>
847			<td width="78%">
848			<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
849			<input name="p1index" type="hidden" value="<?=$p1index;?>">
850			<?php endif; ?>
851			<?php if ($pconfig['mobile']): ?>
852			<input name="mobile" type="hidden" value="true">
853			<?php endif; ?>
854	dd5bf424	Scott Ullrich	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>">
855	2fbb33f1	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
856	5a3b0d3b	mgrooms	</td>
857			</tr>
858			</table>
859			</div>
860			</td>
861			</tr>
862			</table>
863	a93e56c5	Matthew Grooms	</form>
864	5a3b0d3b	mgrooms
865	a93e56c5	Matthew Grooms	<script lannguage="JavaScript">
866			<!--
867			<?php
868			/* determine if we should init the key length */
869			$keyset = '';
870			if (isset($pconfig['ealgo']['keylen']))
871			if (is_numeric($pconfig['ealgo']['keylen']))
872			$keyset = $pconfig['ealgo']['keylen'];
873			?>
874	3462a529	Matthew Grooms	myidsel_change();
875			peeridsel_change();
876	a93e56c5	Matthew Grooms	methodsel_change();
877			ealgosel_change(<?=$keyset;?>);
878			dpdchkbox_change();
879			//-->
880			</script>
881			<?php include("fend.inc"); ?>
882	3462a529	Matthew Grooms	</body>
883			</html>

Project

General

Profile

pfSense