Project

General

Profile

Download (14.5 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
	vpn_ipsec.php
4
	part of m0n0wall (http://m0n0.ch/wall)
5

    
6
	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
7
	Copyright (C) 2008 Shrew Soft Inc
8
	All rights reserved.
9

    
10
	Redistribution and use in source and binary forms, with or without
11
	modification, are permitted provided that the following conditions are met:
12

    
13
	1. Redistributions of source code must retain the above copyright notice,
14
	   this list of conditions and the following disclaimer.
15

    
16
	2. Redistributions in binary form must reproduce the above copyright
17
	   notice, this list of conditions and the following disclaimer in the
18
	   documentation and/or other materials provided with the distribution.
19

    
20
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29
	POSSIBILITY OF SUCH DAMAGE.
30
*/
31

    
32
##|+PRIV
33
##|*IDENT=page-vpn-ipsec
34
##|*NAME=VPN: IPsec page
35
##|*DESCR=Allow access to the 'VPN: IPsec' page.
36
##|*MATCH=vpn_ipsec.php*
37
##|-PRIV
38

    
39
require("guiconfig.inc");
40
require_once("functions.inc");
41
require_once("filter.inc");
42
require_once("shaper.inc");
43
require_once("ipsec.inc");
44
require_once("vpn.inc");
45

    
46
if (!is_array($config['ipsec']['phase1']))
47
	$config['ipsec']['phase1'] = array();
48

    
49
if (!is_array($config['ipsec']['phase2']))
50
	$config['ipsec']['phase2'] = array();
51

    
52
$a_phase1 = &$config['ipsec']['phase1'];
53
$a_phase2 = &$config['ipsec']['phase2'];
54

    
55
$pconfig['enable'] = isset($config['ipsec']['enable']);
56

    
57
if ($_POST) {
58

    
59
	if ($_POST['apply']) {
60
		$retval = 0;
61
		$retval = vpn_ipsec_refresh_policies();
62
		$retval = vpn_ipsec_configure();
63
		/* reload the filter in the background */
64
		filter_configure();
65
		$savemsg = get_std_save_message($retval);
66
		if ($retval == 0) {
67
			if (is_subsystem_dirty('ipsec'))
68
				clear_subsystem_dirty('ipsec');
69
		}
70
	} else if ($_POST['submit']) {
71
		$pconfig = $_POST;
72

    
73
		$config['ipsec']['enable'] = $_POST['enable'] ? true : false;
74

    
75
		write_config();
76

    
77
		$retval = vpn_ipsec_configure();
78
	}
79
}
80

    
81
if ($_GET['act'] == "delph1")
82
{
83
	if ($a_phase1[$_GET['p1index']]) {
84
		/* remove static route if interface is not WAN */
85
		if ($a_phase1[$_GET['p1index']]['interface'] <> "wan")
86
			mwexec("/sbin/route delete -host {$a_phase1[$_GET['p1index']]['remote-gateway']}");
87

    
88
		/* remove all phase2 entries that match the ikeid */
89
		$ikeid = $a_phase1[$_GET['p1index']]['ikeid'];
90
		foreach ($a_phase2 as $p2index => $ph2tmp)
91
			if ($ph2tmp['ikeid'] == $ikeid)
92
				unset($a_phase2[$p2index]);
93

    
94
		/* remove the phase1 entry */
95
		unset($a_phase1[$_GET['p1index']]);
96
		vpn_ipsec_refresh_policies();
97
		vpn_ipsec_configure();
98
		write_config();
99
		filter_configure();
100
		header("Location: vpn_ipsec.php");
101
		exit;
102
	}
103
}
104

    
105
if ($_GET['act'] == "delph2")
106
{
107
	if ($a_phase2[$_GET['p2index']]) {
108
		/* remove the phase2 entry */
109
		unset($a_phase2[$_GET['p2index']]);
110
		vpn_ipsec_refresh_policies();
111
		vpn_ipsec_configure();
112
		filter_configure();
113
		write_config();
114
		header("Location: vpn_ipsec.php");
115
		exit;
116
	}
117
}
118

    
119
$pgtitle = array(gettext("VPN"),gettext("IPsec"));
120
$statusurl = "diag_ipsec.php";
121
$logurl = "diag_logs_ipsec.php";
122

    
123
include("head.inc");
124

    
125
?>
126

    
127
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
128
<?php include("fbegin.inc"); ?>
129
<form action="vpn_ipsec.php" method="post">
130
<?php
131
	if ($savemsg)
132
		print_info_box($savemsg);
133
	if ($pconfig['enable'] && is_subsystem_dirty('ipsec'))
134
		print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br>" . gettext("You must apply the changes in order for them to take effect."));
135
?>
136
<table width="100%" border="0" cellpadding="0" cellspacing="0">
137
	<tr>
138
		<td class="tabnavtbl">
139
			<?php
140
				$tab_array = array();
141
				$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
142
				$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
143
				$tab_array[2] = array(gettext("Pre-shared keys"), false, "vpn_ipsec_keys.php");
144
				display_top_tabs($tab_array);
145
			?>
146
		</td>
147
	</tr>
148
	<tr>
149
		<td>
150
			<div id="mainarea">
151
				<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
152
					<tr>
153
						<td class="vtable">
154
							<table border="0" cellspacing="2" cellpadding="0">
155
								<tr>
156
									<td>
157
										<input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked";?>>
158
									</td>
159
									<td>
160
										<strong><?=gettext("Enable IPsec"); ?></strong>
161
									</td>
162
								</tr>
163
							</table>
164
						</td>
165
					</tr>
166
					<tr>
167
						<td>
168
							<input name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
169
						</td>
170
					</tr>
171
				</table>
172
				<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
173
					<?php
174
						$i = 0;
175
						foreach ($a_phase1 as $ph1ent) {
176
							if (isset( $ph1ent['disabled'])) {
177
								$spans = "<span class=\"gray\">";
178
								$spane = "</span>";
179
							}
180
							else
181
								$spans = $spane = "";
182
						
183
						show_ipsec_header($ph1ent);
184
						$counter++; // used to determine if we need to output header manually (no records exist)
185
					?>					
186
					<tr valign="top" ondblclick="document.location='vpn_ipsec_phase1.php?p1index=<?=$i;?>'">
187
						<td class="listlr">
188
							<?=$spans;?>
189
							<?php
190
								if ($ph1ent['interface']) {
191
									$iflabels = get_configured_interface_with_descr();
192
									$carplist = get_configured_carp_interface_list();
193
									foreach ($carplist as $cif => $carpip)
194
										$iflabels[$cif] = $carpip." (".get_vip_descr($carpip).")";
195
									$aliaslist = get_configured_ip_aliases_list();
196
									foreach ($aliaslist as $aliasip => $aliasif)
197
										$iflabels[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
198
									$if = htmlspecialchars($iflabels[$ph1ent['interface']]);
199
								}
200
								else
201
									$if = "WAN";
202

    
203
								if (!isset($ph1ent['mobile']))
204
									echo $if."<br>".$ph1ent['remote-gateway'];
205
								else
206
									echo $if."<br><strong>" . gettext("Mobile Client") . "</strong>";
207
							?>
208
							<?=$spane;?>
209
						</td>
210
						<td class="listr">
211
							<?=$spans;?>
212
							<?=$ph1ent['mode'];?>
213
							<?=$spane;?>
214
						</td>
215
						<td class="listr">
216
							<?=$spans;?>
217
							<?=$p1_ealgos[$ph1ent['encryption-algorithm']['name']]['name'];?>
218
							<?php
219
								if ($ph1ent['encryption-algorithm']['keylen']) {
220
									if ($ph1ent['encryption-algorithm']['keylen']=="auto")
221
										echo " (" . gettext("auto") . ")";
222
									else
223
										echo " ({$ph1ent['encryption-algorithm']['keylen']} " . gettext("bits") . ")";
224
								}
225
							?>
226
							<?=$spane;?>
227
						</td>
228
						<td class="listr">
229
							<?=$spans;?>
230
							<?=$p1_halgos[$ph1ent['hash-algorithm']];?>
231
							<?=$spane;?>
232
						</td>
233
						<td class="listbg">
234
							<?=$spans;?>
235
							<?=htmlspecialchars($ph1ent['descr']);?>&nbsp;
236
							<?=$spane;?>
237
						</td>
238
						<td valign="middle" nowrap class="list">
239
							<table border="0" cellspacing="0" cellpadding="1">
240
								<tr>
241
									<td>
242
										<a href="vpn_ipsec_phase1.php?p1index=<?=$i;?>">
243
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit phase1 entry"); ?>" width="17" height="17" border="0">
244
										</a>
245
									</td>
246
									<td>
247
										<a href="vpn_ipsec.php?act=delph1&p1index=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this phase1 and all associated phase2 entries?"); ?>')">
248
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete phase1 entry"); ?>" width="17" height="17" border="0">
249
										</a>
250
									</td>
251
								</tr>
252
								<?php if (!isset($ph1ent['mobile'])): ?>
253
								<tr>
254
									<td>
255
									</td>
256
									<td>
257
										<a href="vpn_ipsec_phase1.php?dup=<?=$i;?>">
258
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("copy phase1 entry"); ?>" width="17" height="17" border="0">
259
										</a>
260
									</td>
261
								</tr>
262
								<?php endif; ?>
263
							</table>
264
						</td>
265
					</tr>
266
					<tr>
267
						<td class="listrborder" colspan="5">
268
							<div id="shph2but-<?=$i?>">
269
								<?php
270
									$phase2count=0;
271
									foreach ($a_phase2 as $ph2ent) {
272
										if ($ph2ent['ikeid'] != $ph1ent['ikeid']) 
273
											continue;
274
										if (isset( $ph2ent['disabled']) || isset($ph1ent['disabled'])) 
275
											continue;
276
										$phase2count++;
277
									}
278
								?>								
279
								<input  type="button" onClick="show_phase2('tdph2-<?=$i?>','shph2but-<?=$i?>')" value="+"></input> - <?php printf(gettext("Show %s Phase-2 entries"), $phase2count); ?></a>
280
							</div>
281
							<table class="tabcont" width="100%" height="100%" border="0" cellspacing="0" cellpadding="0" id="tdph2-<?=$i?>" style="display:none">
282
								<tr>
283
									<td class="listhdrr"><?=gettext("Mode"); ?></td>
284
									<?php if(($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == "tunnel6")): ?>
285
									<td class="listhdrr"><?=gettext("Local Subnet"); ?></td>
286
									<td class="listhdrr"><?=gettext("Remote Subnet"); ?></td>
287
									<?php endif; ?>
288
									<td class="listhdrr"><?=gettext("P2 Protocol"); ?></td>
289
									<td class="listhdrr"><?=gettext("P2 Transforms"); ?></td>
290
									<td class="listhdrr"><?=gettext("P2 Auth Methods"); ?></td>
291
									<td class ="list">
292
										<a href="vpn_ipsec_phase2.php?ikeid=<?=$ph1ent['ikeid'];?><?php if (isset($ph1ent['mobile'])) echo "&mobile=true";?>">
293
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add phase2 entry"); ?>" width="17" height="17" border="0">
294
										</a>
295
									</td>
296
								</tr>
297
								<?php
298
									$j = 0;
299
									foreach ($a_phase2 as $ph2ent) {
300
										if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
301
											$j++;
302
											continue;
303
										}
304

    
305
										if (isset( $ph2ent['disabled']) || isset($ph1ent['disabled'])) {
306
											$spans = "<span class=\"gray\">";
307
											$spane = "</span>";
308
										}
309
										else
310
											$spans = $spane = "";
311
								?>
312
								<tr valign="top" ondblclick="document.location='vpn_ipsec_phase2.php?p2index=<?=$j;?>'">
313

    
314
									<td nowrap class="listlr">
315
										<?=$spans;?>
316
											<?=$ph2ent['mode'];?>
317
										<?=$spane;?>
318
									</td>
319
									<?php 
320
										if(($ph2ent['mode'] <> "tunnel") and ($ph2ent['mode'] <> "tunnel6")) {
321
											echo "<td nowrap class=\"listr\">&nbsp;</td><td nowrap class=\"listr\">&nbsp;</td>";
322
										} 
323
									?>
324
									<?php if(($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == "tunnel6")): ?>
325
									<td nowrap class="listr">
326
										<?=$spans;?>
327
											<?=ipsec_idinfo_to_text($ph2ent['localid']); ?>
328
										<?=$spane;?>
329
									</td>
330
									<td nowrap class="listr">
331
										<?=$spans;?>
332
											<?=ipsec_idinfo_to_text($ph2ent['remoteid']); ?>
333
										<?=$spane;?>
334
									</td>
335
									<?php endif; ?>
336
									<td nowrap class="listr">
337
										<?=$spans;?>
338
											<?php echo $p2_protos[$ph2ent['protocol']];	?>
339
										<?=$spane;?>
340
									</td>
341
									<td class="listr">
342
										<?=$spans;?>
343
										<?php
344
											$k = 0;
345
											foreach ($ph2ent['encryption-algorithm-option'] as $ph2ea) {
346
												if ($k++)
347
													echo ", ";
348
												echo $p2_ealgos[$ph2ea['name']]['name'];
349
												if ($ph2ea['keylen']) {
350
													if ($ph2ea['keylen']=="auto")
351
														echo " (" . gettext("auto") . ")";
352
													else
353
														echo " ({$ph2ea['keylen']} " . gettext("bits") . ")";
354
												}
355
											}
356
										?>
357
										<?=$spane;?>
358
									</td>
359
									<td nowrap class="listr">
360
										<?=$spans;?>
361
										<?php
362
											$k = 0;
363
											foreach ($ph2ent['hash-algorithm-option'] as $ph2ha) {
364
												if ($k++)
365
													echo ", ";
366
												echo $p2_halgos[$ph2ha];
367
											}
368
										?>
369
										<?=$spane;?>
370
									</td>
371
									<td nowrap class="list">
372
										<a href="vpn_ipsec_phase2.php?p2index=<?=$j;?>">
373
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit phase2 entry"); ?>" width="17" height="17" border="0">
374
										</a>
375
										<a href="vpn_ipsec.php?act=delph2&p2index=<?=$j;?>" onclick="return confirm('<?=gettext("Do you really want to delete this phase2 entry?"); ?>')">
376
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete phase2 entry"); ?>" width="17" height="17" border="0">
377
										</a>
378
									</td>
379
								</tr>
380

    
381
								<?php
382
										$j++;
383
									}
384
								?>
385
							</table>
386
						</td>
387
					</tr>
388
					<tr>
389
						<td>
390
							&nbsp;
391
						</td>
392
					</tr>
393
					<?php
394
							$i++;
395
						}
396
					if(!$counter)
397
						show_ipsec_header($ph1ent);
398
					?>
399
					<tr>
400
						<td class="list" colspan="5"></td>
401
						<td class="list">
402
							<table border="0" cellspacing="0" cellpadding="1">
403
								<tr>
404
									<td width="17"></td>
405
									<td>
406
										<a href="vpn_ipsec_phase1.php">
407
											<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add phase1 entry"); ?>" width="17" height="17" border="0">
408
										</a>
409
									</td>
410
								</tr>
411
							</table>
412
						<td>
413
					</tr>
414
					<tr>
415
						<td colspan="4">
416
							<p>
417
								<span class="vexpl">
418
									<span class="red">
419
										<strong><?=gettext("Note"); ?>:<br></strong>
420
									</span>
421
									<?=gettext("You can check your IPsec status at"); ?> <a href="diag_ipsec.php"><?=gettext("Status:IPsec"); ?></a>.
422
								</span>
423
							</p>
424
						</td>
425
					</tr>
426
				</table>
427
			</div>
428
		</td>
429
	</tr>
430
</table>
431
</form>
432
<?php include("fend.inc"); ?>
433
<script type="text/javascript">
434
function show_phase2(id, buttonid) {
435
	document.getElementById(buttonid).innerHTML='';
436
	aodiv = document.getElementById(id);
437
	aodiv.style.display = "block";
438
}
439
</script>
440
</body>
441
</html>
442

    
443
<?php
444

    
445
function show_ipsec_header($ph1ent) {
446
	global $g;
447
	if (isset($ph1ent['mobile'])) 
448
		$mobile = "&mobile=true";
449
	?>
450
	<tr>
451
		<td class="listhdrr"><?=gettext("Remote Gateway"); ?></td>
452
		<td class="listhdrr"><?=gettext("Mode"); ?></td>
453
		<td class="listhdrr"><?=gettext("P1 Protocol"); ?></td>
454
		<td class="listhdrr"><?=gettext("P1 Transforms"); ?></td>
455
		<td class="listhdrr"><?=gettext("P1 Description"); ?></td>
456
		<td class ="list">
457
		</td>
458
	</tr>
459

    
460
<?php
461
	
462
}
463

    
464
?>
(213-213/231)