/usr/local/www/vpn_ipsec_settings.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_settings.php @ d26955ff

1	71172088	jim-p	<?php
2			/*
3			vpn_ipsec_settings.php
4
5	ed2d1343	Renato Botelho	Copyright (C) 2015 Electric Sheep Fencing, LLC
6	71172088	jim-p	All rights reserved.
7
8			Redistribution and use in source and binary forms, with or without
9			modification, are permitted provided that the following conditions are met:
10
11			1. Redistributions of source code must retain the above copyright notice,
12			this list of conditions and the following disclaimer.
13
14			2. Redistributions in binary form must reproduce the above copyright
15			notice, this list of conditions and the following disclaimer in the
16			documentation and/or other materials provided with the distribution.
17
18			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27			POSSIBILITY OF SUCH DAMAGE.
28			*/
29
30			##\|+PRIV
31			##\|*IDENT=page-vpn-ipsec-settings
32			##\|*NAME=VPN: IPsec: Settings page
33			##\|*DESCR=Allow access to the 'VPN: IPsec: Settings' page.
34			##\|MATCH=vpn_ipsec_settings.php
35			##\|-PRIV
36
37			require("functions.inc");
38			require("guiconfig.inc");
39			require_once("filter.inc");
40			require_once("shaper.inc");
41			require_once("ipsec.inc");
42			require_once("vpn.inc");
43
44			foreach ($ipsec_loglevels as $lkey => $ldescr) {
45	a1d55e81	Phil Davis	if (!empty($config['ipsec']["ipsec_{$lkey}"])) {
46	71172088	jim-p	$pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"];
47	a1d55e81	Phil Davis	}
48	71172088	jim-p	}
49	4a076e36	Ermal LUÇI	$pconfig['unityplugin'] = isset($config['ipsec']['unityplugin']);
50	0608bd3c	Ermal LUÇI	$pconfig['makebeforebreak'] = isset($config['ipsec']['makebeforebreak']);
51	0a9e6c85	Chris Buechler	$pconfig['noshuntlaninterfaces'] = isset($config['ipsec']['noshuntlaninterfaces']);
52	e57a3e40	Chris Buechler	$pconfig['compression'] = isset($config['ipsec']['compression']);
53	24acc8f4	Chris Buechler	$pconfig['enableinterfacesuse'] = isset($config['ipsec']['enableinterfacesuse']);
54	737b18f2	Ermal	$pconfig['acceptunencryptedmainmode'] = isset($config['ipsec']['acceptunencryptedmainmode']);
55	71172088	jim-p	$pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']);
56			$pconfig['maxmss'] = $config['system']['maxmss'];
57	0ca36ca3	benny	$pconfig['uniqueids'] = $config['ipsec']['uniqueids'];
58	71172088	jim-p
59	6ae8b844	Ermal	if ($_POST) {
60	71172088	jim-p
61			unset($input_errors);
62			$pconfig = $_POST;
63	a1d55e81	Phil Davis
64	a96dc32e	Chris Buechler	if (!in_array($pconfig['ipsec_dmn'], array('0', '1', '2', '3', '4', '5'), true)) {
65			$input_errors[] = "A valid value must be specified for Daemon debug.";
66			}
67			if (!in_array($pconfig['ipsec_mgr'], array('0', '1', '2', '3', '4', '5'), true)) {
68			$input_errors[] = "A valid value must be specified for SA Manager debug.";
69			}
70			if (!in_array($pconfig['ipsec_ike'], array('0', '1', '2', '3', '4', '5'), true)) {
71			$input_errors[] = "A valid value must be specified for IKE SA debug.";
72			}
73			if (!in_array($pconfig['ipsec_chd'], array('0', '1', '2', '3', '4', '5'), true)) {
74			$input_errors[] = "A valid value must be specified for IKE Child SA debug.";
75			}
76			if (!in_array($pconfig['ipsec_job'], array('0', '1', '2', '3', '4', '5'), true)) {
77			$input_errors[] = "A valid value must be specified for Job Processing debug.";
78			}
79			if (!in_array($pconfig['ipsec_cfg'], array('0', '1', '2', '3', '4', '5'), true)) {
80			$input_errors[] = "A valid value must be specified for Configuration backend debug.";
81			}
82			if (!in_array($pconfig['ipsec_knl'], array('0', '1', '2', '3', '4', '5'), true)) {
83			$input_errors[] = "A valid value must be specified for Kernel Interface debug.";
84			}
85			if (!in_array($pconfig['ipsec_net'], array('0', '1', '2', '3', '4', '5'), true)) {
86			$input_errors[] = "A valid value must be specified for Networking debug.";
87			}
88			if (!in_array($pconfig['ipsec_asn'], array('0', '1', '2', '3', '4', '5'), true)) {
89			$input_errors[] = "A valid value must be specified for ASN Encoding debug.";
90			}
91			if (!in_array($pconfig['ipsec_enc'], array('0', '1', '2', '3', '4', '5'), true)) {
92			$input_errors[] = "A valid value must be specified for Message encoding debug.";
93			}
94			if (!in_array($pconfig['ipsec_imc'], array('0', '1', '2', '3', '4', '5'), true)) {
95			$input_errors[] = "A valid value must be specified for Integrity checker debug.";
96			}
97			if (!in_array($pconfig['ipsec_imv'], array('0', '1', '2', '3', '4', '5'), true)) {
98			$input_errors[] = "A valid value must be specified for Integrity Verifier debug.";
99			}
100			if (!in_array($pconfig['ipsec_pts'], array('0', '1', '2', '3', '4', '5'), true)) {
101			$input_errors[] = "A valid value must be specified for Platform Trust Service debug.";
102			}
103			if (!in_array($pconfig['ipsec_tls'], array('0', '1', '2', '3', '4', '5'), true)) {
104			$input_errors[] = "A valid value must be specified for TLS Handler debug.";
105			}
106			if (!in_array($pconfig['ipsec_esp'], array('0', '1', '2', '3', '4', '5'), true)) {
107			$input_errors[] = "A valid value must be specified for IPsec Traffic debug.";
108			}
109			if (!in_array($pconfig['ipsec_lib'], array('0', '1', '2', '3', '4', '5'), true)) {
110			$input_errors[] = "A valid value must be specified for StrongSwan Lib debug.";
111			}
112			if (isset($pconfig['maxmss'])) {
113			if (!is_numericint($pconfig['maxmss']) && $pconfig['maxmss'] <> '') {
114			$input_errors[] = "An integer must be specified for Maximum MSS.";
115			}
116	a1d55e81	Phil Davis	if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 \|\| $pconfig['maxmss'] > 65535) {
117			$input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS";
118			}
119	a96dc32e	Chris Buechler	}
120	a1d55e81	Phil Davis
121	71172088	jim-p	if (!$input_errors) {
122
123			if (is_array($config['ipsec'])) {
124			foreach ($ipsec_loglevels as $lkey => $ldescr) {
125			if (empty($_POST["ipsec_{$lkey}"])) {
126	a1d55e81	Phil Davis	if (isset($config['ipsec']["ipsec_{$lkey}"])) {
127	71172088	jim-p	unset($config['ipsec']["ipsec_{$lkey}"]);
128	a1d55e81	Phil Davis	}
129			} else {
130	71172088	jim-p	$config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"];
131	a1d55e81	Phil Davis	}
132	71172088	jim-p	}
133			}
134
135	420fce04	Ermal LUÇI	$needsrestart = false;
136
137	a1d55e81	Phil Davis	if ($_POST['compression'] == "yes") {
138			if (!isset($config['ipsec']['compression'])) {
139	420fce04	Ermal LUÇI	$needsrestart = true;
140	a1d55e81	Phil Davis	}
141	e57a3e40	Chris Buechler	$config['ipsec']['compression'] = true;
142	420fce04	Ermal LUÇI	} elseif (isset($config['ipsec']['compression'])) {
143			$needsrestart = true;
144	e57a3e40	Chris Buechler	unset($config['ipsec']['compression']);
145	420fce04	Ermal LUÇI	}
146	a1d55e81	Phil Davis
147			if ($_POST['enableinterfacesuse'] == "yes") {
148			if (!isset($config['ipsec']['enableinterfacesuse'])) {
149	24acc8f4	Chris Buechler	$needsrestart = true;
150	a1d55e81	Phil Davis	}
151	24acc8f4	Chris Buechler	$config['ipsec']['enableinterfacesuse'] = true;
152			} elseif (isset($config['ipsec']['enableinterfacesuse'])) {
153			$needsrestart = true;
154			unset($config['ipsec']['enableinterfacesuse']);
155			}
156	71172088	jim-p
157	a1d55e81	Phil Davis	if ($_POST['unityplugin'] == "yes") {
158			if (!isset($config['ipsec']['unityplugin'])) {
159	420fce04	Ermal LUÇI	$needsrestart = true;
160	a1d55e81	Phil Davis	}
161	4a076e36	Ermal LUÇI	$config['ipsec']['unityplugin'] = true;
162	420fce04	Ermal LUÇI	} elseif (isset($config['ipsec']['unityplugin'])) {
163			$needsrestart = true;
164	4a076e36	Ermal LUÇI	unset($config['ipsec']['unityplugin']);
165	420fce04	Ermal LUÇI	}
166	4a076e36	Ermal LUÇI
167	a1d55e81	Phil Davis	if ($_POST['makebeforebreak'] == "yes") {
168	0608bd3c	Ermal LUÇI	$config['ipsec']['makebeforebreak'] = true;
169			} elseif (isset($config['ipsec']['makebeforebreak'])) {
170			unset($config['ipsec']['makebeforebreak']);
171			}
172
173	a1d55e81	Phil Davis	if ($_POST['noshuntlaninterfaces'] == "yes") {
174	0a9e6c85	Chris Buechler	unset($config['ipsec']['noshuntlaninterfaces']);
175	71f29f44	Ermal LUÇI	} else {
176			$config['ipsec']['noshuntlaninterfaces'] = true;
177	0887e836	Ermal LUÇI	}
178
179	a1d55e81	Phil Davis	if ($_POST['acceptunencryptedmainmode'] == "yes") {
180			if (!isset($config['ipsec']['acceptunencryptedmainmode'])) {
181	420fce04	Ermal LUÇI	$needsrestart = true;
182	a1d55e81	Phil Davis	}
183	737b18f2	Ermal	$config['ipsec']['acceptunencryptedmainmode'] = true;
184	420fce04	Ermal LUÇI	} elseif (isset($config['ipsec']['acceptunencryptedmainmode'])) {
185			$needsrestart = true;
186	737b18f2	Ermal	unset($config['ipsec']['acceptunencryptedmainmode']);
187	420fce04	Ermal LUÇI	}
188	737b18f2	Ermal
189	a1d55e81	Phil Davis	if (!empty($_POST['uniqueids'])) {
190	86e1846f	Ermal LUÇI	$config['ipsec']['uniqueids'] = $_POST['uniqueids'];
191			} else {
192			unset($config['ipsec']['uniqueids']);
193			}
194
195	a1d55e81	Phil Davis	if ($_POST['maxmss_enable'] == "yes") {
196	71172088	jim-p	$config['system']['maxmss_enable'] = true;
197			$config['system']['maxmss'] = $_POST['maxmss'];
198			} else {
199			unset($config['system']['maxmss_enable']);
200			unset($config['system']['maxmss']);
201			}
202
203			write_config();
204
205			$retval = 0;
206			$retval = filter_configure();
207	a1d55e81	Phil Davis	if (stristr($retval, "error") <> true) {
208	71172088	jim-p	$savemsg = get_std_save_message(gettext($retval));
209	a1d55e81	Phil Davis	} else {
210	71172088	jim-p	$savemsg = gettext($retval);
211	a1d55e81	Phil Davis	}
212	71172088	jim-p
213	420fce04	Ermal LUÇI	vpn_ipsec_configure($needsrestart);
214	71172088	jim-p	vpn_ipsec_configure_loglevels();
215	67d96856	Ermal LUÇI
216			header("Location: vpn_ipsec_settings.php");
217			return;
218	d26955ff	Ermal LUÇI	}
219
220			// The logic value sent by $POST is opposite to the way it is stored in the config.
221			// Reset the $pconfig value so it reflects the opposite of what was $POSTed.
222			if ($_POST['noshuntlaninterfaces'] == "yes") {
223			$pconfig['noshuntlaninterfaces'] = false;
224			} else {
225			$pconfig['noshuntlaninterfaces'] = true;
226			}
227	71172088	jim-p	}
228
229	a1d55e81	Phil Davis	$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Settings"));
230	71172088	jim-p	$shortcut_section = "ipsec";
231
232			include("head.inc");
233			?>
234
235			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
236			<?php include("fbegin.inc"); ?>
237
238			<script type="text/javascript">
239	391453a1	Colin Fleming	//<![CDATA[
240	71172088	jim-p
241			function maxmss_checked(obj) {
242	a1d55e81	Phil Davis	if (obj.checked) {
243	71172088	jim-p	jQuery('#maxmss').attr('disabled',false);
244	a1d55e81	Phil Davis	} else {
245	71172088	jim-p	jQuery('#maxmss').attr('disabled','true');
246	a1d55e81	Phil Davis	}
247	71172088	jim-p	}
248
249	391453a1	Colin Fleming	//]]>
250	71172088	jim-p	</script>
251
252			<form action="vpn_ipsec_settings.php" method="post" name="iform" id="iform">
253
254			<?php
255	a1d55e81	Phil Davis	if ($savemsg) {
256	71172088	jim-p	print_info_box($savemsg);
257	a1d55e81	Phil Davis	}
258			if ($input_errors) {
259	71172088	jim-p	print_input_errors($input_errors);
260	a1d55e81	Phil Davis	}
261	71172088	jim-p	?>
262
263	391453a1	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec settings">
264	71172088	jim-p	<tr>
265			<td class="tabnavtbl">
266			<?php
267			$tab_array = array();
268			$tab_array[0] = array(gettext("Tunnels"), false, "vpn_ipsec.php");
269			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
270			$tab_array[2] = array(gettext("Pre-Shared Key"), false, "vpn_ipsec_keys.php");
271			$tab_array[3] = array(gettext("Advanced Settings"), true, "vpn_ipsec_settings.php");
272			display_top_tabs($tab_array);
273			?>
274			</td>
275			</tr>
276			<tr>
277			<td id="mainarea">
278			<div class="tabcont">
279	391453a1	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
280	71172088	jim-p	<tr>
281	3c4fc30b	Chris Buechler	<td colspan="2" valign="top" class="listtopic"><?=gettext("IPsec Advanced Settings"); ?></td>
282	71172088	jim-p	</tr>
283			<tr>
284			<td width="22%" valign="top" class="vncell"><?=gettext("IPsec Debug"); ?></td>
285			<td width="78%" class="vtable">
286	3c4fc30b	Chris Buechler	<strong><?=gettext("Start IPsec in debug mode based on sections selected"); ?></strong>
287	71172088	jim-p	<br />
288	391453a1	Colin Fleming	<table summary="ipsec debug">
289	a1d55e81	Phil Davis	<?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?>
290			<tr>
291			<td width="22%" valign="top" class="vncell"><?=$ldescr;?></td>
292			<td width="78%" valign="top" class="vncell">
293			<?php
294			echo "<select name=\"ipsec_{$lkey}\" id=\"ipsec_{$lkey}\">\n";
295			foreach (array("Silent", "Audit", "Control", "Diag", "Raw", "Highest") as $lidx => $lvalue) {
296			echo "<option value=\"{$lidx}\" ";
297			if ($pconfig["ipsec_{$lkey}"] == $lidx)
298			echo "selected=\"selected\"";
299			echo ">{$lvalue}</option>\n";
300			}
301			?>
302			</select>
303			</td>
304			</tr>
305			<?php endforeach; ?>
306			<tr style="display:none;">
307			<td></td>
308			</tr>
309	71172088	jim-p	</table>
310	3c4fc30b	Chris Buechler	<br /><?=gettext("Launches IPsec in debug mode so that more verbose logs " .
311	71172088	jim-p	"will be generated to aid in troubleshooting."); ?>
312			</td>
313			</tr>
314	86e1846f	Ermal LUÇI	<tr>
315			<td width="22%" valign="top" class="vncell"><?=gettext("Unique IDs"); ?></td>
316			<td width="78%" class="vtable">
317	b8c3654c	Chris Buechler	<strong><?=gettext("Configure Unique IDs as: "); ?></strong>
318	a1d55e81	Phil Davis	<?php
319			echo "<select name=\"uniqueids\" id=\"uniqueids\">\n";
320	86e1846f	Ermal LUÇI	foreach ($ipsec_idhandling as $value => $lvalue) {
321			echo "<option value=\"{$value}\" ";
322	a1d55e81	Phil Davis	if ($pconfig['uniqueids'] == $value) {
323	86e1846f	Ermal LUÇI	echo "selected=\"selected\"";
324	a1d55e81	Phil Davis	}
325	86e1846f	Ermal LUÇI	echo ">{$lvalue}</option>\n";
326			}
327			?>
328	a1d55e81	Phil Davis	</select>
329	86e1846f	Ermal LUÇI	<br />
330			<?=gettext("whether a particular participant ID should be kept unique, with any new IKE_SA using an ID " .
331			"deemed to replace all old ones using that ID. Participant IDs normally are unique, so a new " .
332			"IKE_SA using the same ID is almost invariably intended to replace an old one. " .
333			"The difference between <b>no</b> and <b>never</b> is that the old IKE_SAs will be replaced when receiving an " .
334			"INITIAL_CONTACT notify if the option is no but will ignore these notifies if <b>never</b> is configured. " .
335			"The daemon also accepts the value <b>keep</b> to reject " .
336	b8c3654c	Chris Buechler	"new IKE_SA setups and keep the duplicate established earlier. Defaults to Yes."); ?>
337	86e1846f	Ermal LUÇI	</td>
338			</tr>
339	71172088	jim-p	<tr>
340	40cc36d1	Ermal LUÇI	<td width="22%" valign="top" class="vncell"><?=gettext("IP Compression"); ?></td>
341	71172088	jim-p	<td width="78%" class="vtable">
342	e57a3e40	Chris Buechler	<input name="compression" type="checkbox" id="compression" value="yes" <?php if ($pconfig['compression']) echo "checked=\"checked\""; ?> />
343	40cc36d1	Ermal LUÇI	<strong><?=gettext("Enable IPCompression"); ?></strong>
344	71172088	jim-p	<br />
345	3add5b2d	Chris Buechler	<?=gettext("IPComp compression of content is proposed on the connection."); ?>
346	71172088	jim-p	</td>
347			</tr>
348	24acc8f4	Chris Buechler	<tr>
349			<td width="22%" valign="top" class="vncell"><?=gettext("Strict interface binding"); ?></td>
350			<td width="78%" class="vtable">
351			<input name="enableinterfacesuse" type="checkbox" id="enableinterfacesuse" value="yes" <?php if ($pconfig['enableinterfacesuse']) echo "checked=\"checked\""; ?> />
352			<strong><?=gettext("Enable strict interface binding"); ?></strong>
353			<br />
354			<?=gettext("Enable strongSwan's interfaces_use option to bind specific interfaces only. This option is known to break IPsec with dynamic IP interfaces. This is not recommended at this time."); ?>
355			</td>
356			</tr>
357	737b18f2	Ermal	<tr>
358			<td width="22%" valign="top" class="vncell"><?=gettext("Unencrypted payloads in IKEv1 Main Mode"); ?></td>
359			<td width="78%" class="vtable">
360			<input name="acceptunencryptedmainmode" type="checkbox" id="acceptunencryptedmainmode" value="yes" <?php if ($pconfig['acceptunencryptedmainmode']) echo "checked=\"checked\""; ?> />
361			<strong><?=gettext("Accept unencrypted ID and HASH payloads in IKEv1 Main Mode"); ?></strong>
362			<br />
363			<?=gettext("Some implementations send the third Main Mode message unencrypted, probably to find the PSKs for the specified ID for authentication." .
364			"This is very similar to Aggressive Mode, and has the same security implications: " .
365			"A passive attacker can sniff the negotiated Identity, and start brute forcing the PSK using the HASH payload." .
366			" It is recommended to keep this option to no, unless you know exactly what the implications are and require compatibility to such devices (for example, some SonicWall boxes).");?>
367			</td>
368			</tr>
369	71172088	jim-p	<tr>
370			<td width="22%" valign="top" class="vncell"><?=gettext("Maximum MSS"); ?></td>
371			<td width="78%" class="vtable">
372			<input name="maxmss_enable" type="checkbox" id="maxmss_enable" value="yes" <?php if ($pconfig['maxmss_enable'] == true) echo "checked=\"checked\""; ?> onclick="maxmss_checked(this)" />
373			<strong><?=gettext("Enable MSS clamping on VPN traffic"); ?></strong>
374			<br />
375			<input name="maxmss" id="maxmss" value="<?php if ($pconfig['maxmss'] <> "") echo $pconfig['maxmss']; else "1400"; ?>" class="formfld unknown" <?php if ($pconfig['maxmss_enable'] == false) echo "disabled=\"disabled\""; ?> />
376			<br />
377			<?=gettext("Enable MSS clamping on TCP flows over VPN. " .
378			"This helps overcome problems with PMTUD on IPsec VPN links. If left blank, the default value is 1400 bytes. "); ?>
379			</td>
380			</tr>
381	4a076e36	Ermal LUÇI	<tr>
382			<td width="22%" valign="top" class="vncell"><?=gettext("Disable Cisco Extensions"); ?></td>
383			<td width="78%" class="vtable">
384			<input name="unityplugin" type="checkbox" id="unityplugin" value="yes" <?php if ($pconfig['unityplugin'] == true) echo "checked=\"checked\""; ?> />
385			<strong><?=gettext("Disable Unity Plugin"); ?></strong>
386			<br />
387			<?=gettext("Disable Unity Plugin which provides Cisco Extension support as Split-Include, Split-Exclude, Split-Dns, ..."); ?>
388			</td>
389			</tr>
390	0608bd3c	Ermal LUÇI	<tr>
391			<td width="22%" valign="top" class="vncell"><?=gettext("Make before Break"); ?></td>
392			<td width="78%" class="vtable">
393			<input name="makebeforebreak" type="checkbox" id="makebeforebreak" value="yes" <?php if ($pconfig['makebeforebreak'] == true) echo "checked=\"checked\""; ?> />
394			<strong><?=gettext("Initiate IKEv2 reauthentication with a make-before-break"); ?></strong>
395			<br />
396			<?=gettext("instead of a break-before-make scheme. Make-before-break uses overlapping IKE and CHILD_SA during reauthentication " .
397			"by first recreating all new SAs before deleting the old ones. This behavior can be beneficial to avoid connectivity gaps " .
398			"during reauthentication, but requires support for overlapping SAs by the peer.");?>
399			</td>
400			</tr>
401	0887e836	Ermal LUÇI	<tr>
402	0a9e6c85	Chris Buechler	<td width="22%" valign="top" class="vncell"><?=gettext("Auto-exclude LAN address"); ?></td>
403	0887e836	Ermal LUÇI	<td width="78%" class="vtable">
404	43f83ab4	Chris Buechler	<input name="noshuntlaninterfaces" type="checkbox" id="noshuntlaninterfaces" value="yes" <?php if ($pconfig['noshuntlaninterfaces'] != true) echo "checked=\"checked\""; ?> />
405	0a9e6c85	Chris Buechler	<strong><?=gettext("Enable bypass for LAN interface IP"); ?></strong>
406	0887e836	Ermal LUÇI	<br />
407	0a9e6c85	Chris Buechler	<?=gettext("Exclude traffic from LAN subnet to LAN IP address from IPsec."); ?>
408	0887e836	Ermal LUÇI	</td>
409			</tr>
410	71172088	jim-p	<tr>
411			<td width="22%" valign="top"> </td>
412			<td width="78%">
413	391453a1	Colin Fleming	<input name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
414	71172088	jim-p	</td>
415			</tr>
416			</table>
417			</div>
418			</td>
419			</tr>
420			</table>
421			</form>
422			<?php include("fend.inc"); ?>
423			</body>
424			</html>

Project

General

Profile

pfSense