/usr/local/www/vpn_ipsec_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_edit.php @ d87fc50b

1	5b237745	Scott Ullrich	<?php
2			/*
3			vpn_ipsec_edit.php
4	e2411886	Scott Ullrich	part of m0n0wall (http://m0n0.ch/wall)
5	6b11069e	Scott Ullrich
6	e2411886	Scott Ullrich	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
7	cfc707f7	Scott Ullrich	All rights reserved.
8	6b11069e	Scott Ullrich
9	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11	6b11069e	Scott Ullrich
12	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14	6b11069e	Scott Ullrich
15	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18	6b11069e	Scott Ullrich
19	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30
31			require("guiconfig.inc");
32
33			if (!is_array($config['ipsec']['tunnel'])) {
34			$config['ipsec']['tunnel'] = array();
35			}
36			$a_ipsec = &$config['ipsec']['tunnel'];
37
38			$specialsrcdst = explode(" ", "lan");
39
40			$id = $_GET['id'];
41			if (isset($_POST['id']))
42			$id = $_POST['id'];
43	6b11069e	Scott Ullrich
44	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id]) {
45			$pconfig['disabled'] = isset($a_ipsec[$id]['disabled']);
46	9f8018c2	Scott Ullrich	$pconfig['auto'] = isset($a_ipsec[$id]['auto']);
47	c8e8de6f	Scott Ullrich
48	5b237745	Scott Ullrich	if (!isset($a_ipsec[$id]['local-subnet']))
49			$pconfig['localnet'] = "lan";
50			else
51	94420171	Scott Ullrich	address_to_pconfig_vpn($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']);
52	6b11069e	Scott Ullrich
53	5b237745	Scott Ullrich	if ($a_ipsec[$id]['interface'])
54			$pconfig['interface'] = $a_ipsec[$id]['interface'];
55			else
56			$pconfig['interface'] = "wan";
57	6b11069e	Scott Ullrich
58	5b237745	Scott Ullrich	list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']);
59			$pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway'];
60			$pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode'];
61	6b11069e	Scott Ullrich
62	5b237745	Scott Ullrich	if (isset($a_ipsec[$id]['p1']['myident']['myaddress']))
63			$pconfig['p1myidentt'] = 'myaddress';
64			else if (isset($a_ipsec[$id]['p1']['myident']['address'])) {
65			$pconfig['p1myidentt'] = 'address';
66			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['address'];
67			} else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) {
68			$pconfig['p1myidentt'] = 'fqdn';
69			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn'];
70			} else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) {
71			$pconfig['p1myidentt'] = 'user_fqdn';
72			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
73	52e5d56a	Scott Ullrich	} else if (isset($a_ipsec[$id]['p1']['myident']['dyn_dns'])) {
74			$pconfig['p1myidentt'] = 'dyn_dns';
75			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['dyn_dns'];
76			}
77	6b11069e	Scott Ullrich
78	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
79			$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
80			$pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
81			$pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
82	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = $a_ipsec[$id]['p1']['authentication_method'];
83	5b237745	Scott Ullrich	$pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
84	e2411886	Scott Ullrich	$pconfig['p1cert'] = base64_decode($a_ipsec[$id]['p1']['cert']);
85			$pconfig['p1peercert'] = base64_decode($a_ipsec[$id]['p1']['peercert']);
86			$pconfig['p1privatekey'] = base64_decode($a_ipsec[$id]['p1']['private-key']);
87	5b237745	Scott Ullrich	$pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
88			$pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
89			$pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
90			$pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup'];
91			$pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime'];
92			$pconfig['descr'] = $a_ipsec[$id]['descr'];
93	c1f5a46b	Scott Ullrich	$pconfig['pinghost'] = $a_ipsec[$id]['pinghost'];
94	6b11069e	Scott Ullrich
95	5b237745	Scott Ullrich	} else {
96			/* defaults */
97			$pconfig['interface'] = "wan";
98			$pconfig['localnet'] = "lan";
99			$pconfig['p1mode'] = "aggressive";
100			$pconfig['p1myidentt'] = "myaddress";
101	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = "pre_shared_key";
102	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = "3des";
103			$pconfig['p1halgo'] = "sha1";
104			$pconfig['p1dhgroup'] = "2";
105			$pconfig['p2proto'] = "esp";
106	9aa4a9b1	Scott Ullrich	$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael,rijndael 256");
107	5b237745	Scott Ullrich	$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
108			$pconfig['p2pfsgroup'] = "0";
109	e2411886	Scott Ullrich	$pconfig['remotebits'] = 32;
110	5b237745	Scott Ullrich	}
111
112			if ($_POST) {
113			if (is_specialnet($_POST['localnettype'])) {
114			$_POST['localnet'] = $_POST['localnettype'];
115			$_POST['localnetmask'] = 0;
116			} else if ($_POST['localnettype'] == "single") {
117			$_POST['localnetmask'] = 32;
118			}
119	6b11069e	Scott Ullrich
120	5b237745	Scott Ullrich	unset($input_errors);
121			$pconfig = $_POST;
122
123			/* input validation */
124	e2411886	Scott Ullrich	if ($_POST['p1authentication_method'] == "pre_shared_key") {
125			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
126			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
127			}
128			else {
129			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p2ealgos p2halgos");
130	6b11069e	Scott Ullrich	$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,P2 Encryption Algorithms,P2 Hash Algorithms");
131	e2411886	Scott Ullrich	if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1cert'], "END CERTIFICATE"))
132			$input_errors[] = "This certificate does not appear to be valid.";
133			if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY"))
134	6b11069e	Scott Ullrich	$input_errors[] = "This key does not appear to be valid.";
135	e2411886	Scott Ullrich	if ($_POST['p1peercert']!="" && (!strstr($_POST['p1peercert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1peercert'], "END CERTIFICATE")))
136	6b11069e	Scott Ullrich	$input_errors[] = "This peer certificate does not appear to be valid.";
137	e2411886	Scott Ullrich	}
138	6b11069e	Scott Ullrich
139	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
140	6b11069e	Scott Ullrich
141	5b237745	Scott Ullrich	if (!is_specialnet($_POST['localnettype'])) {
142			if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) {
143			$input_errors[] = "A valid local network IP address must be specified.";
144			}
145			if (($_POST['localnetmask'] && !is_numeric($_POST['localnetmask']))) {
146			$input_errors[] = "A valid local network bit count must be specified.";
147			}
148			}
149			if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
150			$input_errors[] = "The P1 lifetime must be an integer.";
151			}
152			if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
153			$input_errors[] = "The P2 lifetime must be an integer.";
154			}
155	e2411886	Scott Ullrich	if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) \|\| ($_POST['remotebits'] < 0) \|\| ($_POST['remotebits'] > 32))) {
156	48cd5211	Scott Ullrich	if(!$_POST['remotebits'] == "0.0.0.0")
157	9f414c69	Scott Ullrich	$input_errors[] = "The remote network bits are invalid.";
158	5b237745	Scott Ullrich	}
159	b03bca86	Scott Ullrich	if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet'])) or $_POST['remotenet'] == "0.0.0.0") {
160	6aadbe0a	Scott Ullrich	/* allow 0.0.0.0 remote net usage */
161	6b11069e	Scott Ullrich	if($_POST['remotenet'] <> "0.0.0.0")
162	5b237745	Scott Ullrich	$input_errors[] = "A valid remote network address must be specified.";
163			}
164			if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) {
165	6b11069e	Scott Ullrich	if(is_domain($_POST['remotegw']) == false)
166	e9e89a71	Scott Ullrich	$input_errors[] = "A valid remote gateway address must be specified.";
167	5b237745	Scott Ullrich	}
168			if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) {
169			$input_errors[] = "A valid IP address for 'My identifier' must be specified.";
170			}
171			if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
172			$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
173			}
174			if ($_POST['p1myidentt'] == "user_fqdn") {
175			$ufqdn = explode("@",$_POST['p1myident']);
176	6b11069e	Scott Ullrich	if (is_domain($ufqdn[1]) == false)
177	5b237745	Scott Ullrich	$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
178	6b11069e	Scott Ullrich	}
179	52e5d56a	Scott Ullrich	if ($_POST['p1myidentt'] == "dyn_dns") {
180	6b11069e	Scott Ullrich	if (is_domain($_POST['p1myidentt']) == false)
181	696ca934	Scott Ullrich	$input_errors[] = "A valid Dynamic DNS address for 'My identifier' must be specified.";
182	5b237745	Scott Ullrich	}
183	6b11069e	Scott Ullrich
184			if($_POST['p1myidentt'] == "fqdn" and $_POST['p1myident'] == "")
185			$input_errors[] = gettext("Please enter a domain name for 'My Identifier'");
186
187			if($_POST['p1myidentt'] == "dyn_dns" and $_POST['p1myident'] == "")
188			$input_errors[] = gettext("Please enter a domain name for 'My Identifier'");
189
190			if($_POST['p1myidentt'] == "address" and $_POST['p1myident'] == "")
191			$input_errors[] = gettext("Please enter a domain name for 'My Identifier'");
192
193			if($_POST['p1myidentt'] == "user_fqdn" and $_POST['p1myident'] == "")
194			$input_errors[] = gettext("Please enter a domain name for 'My Identifier'");
195
196	5b237745	Scott Ullrich	if ($_POST['p1myidentt'] == "myaddress")
197			$_POST['p1myident'] = "";
198
199			if (!$input_errors) {
200			$ipsecent['disabled'] = $_POST['disabled'] ? true : false;
201	c25a575f	Scott Ullrich	//$ipsecent['auto'] = $_POST['auto'] ? true : false;
202	5b237745	Scott Ullrich	$ipsecent['interface'] = $pconfig['interface'];
203			pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
204			$ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
205			$ipsecent['remote-gateway'] = $_POST['remotegw'];
206			$ipsecent['p1']['mode'] = $_POST['p1mode'];
207	6b11069e	Scott Ullrich
208	5b237745	Scott Ullrich	$ipsecent['p1']['myident'] = array();
209			switch ($_POST['p1myidentt']) {
210			case 'myaddress':
211			$ipsecent['p1']['myident']['myaddress'] = true;
212			break;
213			case 'address':
214			$ipsecent['p1']['myident']['address'] = $_POST['p1myident'];
215			break;
216			case 'fqdn':
217			$ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
218			break;
219			case 'user_fqdn':
220			$ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
221			break;
222	52e5d56a	Scott Ullrich	case 'dyn_dns':
223			$ipsecent['p1']['myident']['dyn_dns'] = $_POST['p1myident'];
224			break;
225	5b237745	Scott Ullrich	}
226	6b11069e	Scott Ullrich
227	5b237745	Scott Ullrich	$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
228			$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
229			$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
230			$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
231			$ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
232	e2411886	Scott Ullrich	$ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']);
233			$ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']);
234			$ipsecent['p1']['peercert'] = base64_encode($_POST['p1peercert']);
235			$ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method'];
236	5b237745	Scott Ullrich	$ipsecent['p2']['protocol'] = $_POST['p2proto'];
237			$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
238			$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
239			$ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
240			$ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
241			$ipsecent['descr'] = $_POST['descr'];
242	c1f5a46b	Scott Ullrich	$ipsecent['pinghost'] = $_POST['pinghost'];
243	6b11069e	Scott Ullrich
244	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id])
245			$a_ipsec[$id] = $ipsecent;
246			else
247			$a_ipsec[] = $ipsecent;
248	6b11069e	Scott Ullrich
249	5b237745	Scott Ullrich	write_config();
250			touch($d_ipsecconfdirty_path);
251	6b11069e	Scott Ullrich
252	5b237745	Scott Ullrich	header("Location: vpn_ipsec.php");
253			exit;
254			}
255			}
256	4df96eff	Scott Ullrich
257	b128368a	Bill Marquette	$pgtitle = "VPN: IPsec: Edit tunnel";
258	4df96eff	Scott Ullrich	include("head.inc");
259
260	5b237745	Scott Ullrich	?>
261	422f27c0	Scott Ullrich
262			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
263	e2411886	Scott Ullrich	<?php include("fbegin.inc"); ?>
264	b128368a	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
265	5b237745	Scott Ullrich	<script language="JavaScript">
266			<!--
267			function typesel_change() {
268			switch (document.iform.localnettype.selectedIndex) {
269			case 0: /* single */
270			document.iform.localnet.disabled = 0;
271			document.iform.localnetmask.value = "";
272			document.iform.localnetmask.disabled = 1;
273			break;
274			case 1: /* network */
275			document.iform.localnet.disabled = 0;
276			document.iform.localnetmask.disabled = 0;
277			break;
278			default:
279			document.iform.localnet.value = "";
280			document.iform.localnet.disabled = 1;
281			document.iform.localnetmask.value = "";
282			document.iform.localnetmask.disabled = 1;
283			break;
284			}
285			}
286	e2411886	Scott Ullrich	function methodsel_change() {
287			switch (document.iform.p1authentication_method.selectedIndex) {
288			case 1: /* rsa */
289			document.iform.p1pskey.disabled = 1;
290			document.iform.p1privatekey.disabled = 0;
291			document.iform.p1cert.disabled = 0;
292			document.iform.p1peercert.disabled = 0;
293			break;
294			default: /* pre-shared */
295			document.iform.p1pskey.disabled = 0;
296			document.iform.p1privatekey.disabled = 1;
297			document.iform.p1cert.disabled = 1;
298			document.iform.p1peercert.disabled = 1;
299			break;
300			}
301			}
302	5b237745	Scott Ullrich	//-->
303			</script>
304			<?php if ($input_errors) print_input_errors($input_errors); ?>
305			<form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
306			<table width="100%" border="0" cellpadding="6" cellspacing="0">
307	6b11069e	Scott Ullrich	<tr>
308	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Mode</td>
309			<td width="78%" class="vtable"> Tunnel</td>
310			</tr>
311	6b11069e	Scott Ullrich	<tr>
312	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Disabled</td>
313	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
314	5b237745	Scott Ullrich	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
315			<strong>Disable this tunnel</strong><br>
316			<span class="vexpl">Set this option to disable this tunnel without
317			removing it from the list.</span></td>
318			</tr>
319	87e72a58	Scott Ullrich	<tr>
320	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
321	e2411886	Scott Ullrich	<td width="78%" class="vtable"><select name="interface" class="formfld">
322	87e72a58	Scott Ullrich	<?php
323			$interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
324	5b237745	Scott Ullrich	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
325			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
326			}
327	87e72a58	Scott Ullrich	$carpips = find_number_of_needed_carp_interfaces();
328			for($i=0; $i<$carpips; $i++) {
329			$carpip = find_interface_ip("carp" . $i);
330	ad8af804	Scott Ullrich	$interfaces['carp' . $i] = "CARP{$i} ({$carpip})";
331	87e72a58	Scott Ullrich	}
332	5b237745	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
333	6b11069e	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
334	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
335			</option>
336			<?php endforeach; ?>
337			</select> <br>
338			<span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td>
339			</tr>
340	6b11069e	Scott Ullrich	<tr>
341	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local subnet</td>
342	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
343	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
344	6b11069e	Scott Ullrich	<tr>
345	5b237745	Scott Ullrich	<td>Type:  </td>
346	e2411886	Scott Ullrich	<td></td>
347	5b237745	Scott Ullrich	<td><select name="localnettype" class="formfld" onChange="typesel_change()">
348			<?php $sel = is_specialnet($pconfig['localnet']); ?>
349	6b11069e	Scott Ullrich	<option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
350	5b237745	Scott Ullrich	Single host</option>
351	6b11069e	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
352	5b237745	Scott Ullrich	Network</option>
353	6b11069e	Scott Ullrich	<option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
354	5b237745	Scott Ullrich	LAN subnet</option>
355			</select></td>
356			</tr>
357	6b11069e	Scott Ullrich	<tr>
358	5b237745	Scott Ullrich	<td>Address:  </td>
359	e2411886	Scott Ullrich	<td><?=$mandfldhtmlspc;?></td>
360	5b237745	Scott Ullrich	<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
361	6b11069e	Scott Ullrich	/
362	5b237745	Scott Ullrich	<select name="localnetmask" class="formfld" id="localnetmask">
363	e2411886	Scott Ullrich	<?php for ($i = 31; $i >= 0; $i--): ?>
364	5b237745	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
365			<?=$i;?>
366			</option>
367			<?php endfor; ?>
368			</select> </td>
369			</tr>
370			</table></td>
371			</tr>
372	6b11069e	Scott Ullrich	<tr>
373	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote subnet</td>
374	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
375	e2411886	Scott Ullrich	<?=$mandfldhtml;?><input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
376	6b11069e	Scott Ullrich	/
377	5b237745	Scott Ullrich	<select name="remotebits" class="formfld" id="remotebits">
378	e2411886	Scott Ullrich	<?php for ($i = 32; $i >= 0; $i--): ?>
379	6b11069e	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
380	5b237745	Scott Ullrich	<?=$i;?>
381			</option>
382			<?php endfor; ?>
383			</select></td>
384			</tr>
385	6b11069e	Scott Ullrich	<tr>
386	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote gateway</td>
387	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
388			<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
389	5b237745	Scott Ullrich	<br>
390			Enter the public IP address of the remote gateway</td>
391			</tr>
392	6b11069e	Scott Ullrich	<tr>
393	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
394	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
395			<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
396			<br> <span class="vexpl">You may enter a description here
397	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
398			</tr>
399	6b11069e	Scott Ullrich	<tr>
400	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
401			</tr>
402	6b11069e	Scott Ullrich	<tr>
403			<td colspan="2" valign="top" class="listtopic">Phase 1 proposal
404	5b237745	Scott Ullrich	(Authentication)</td>
405			</tr>
406	6b11069e	Scott Ullrich	<tr>
407	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
408			<td width="78%" class="vtable">
409	e2411886	Scott Ullrich	<select name="p1mode" class="formfld">
410	5b237745	Scott Ullrich	<?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
411	6b11069e	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
412	5b237745	Scott Ullrich	<?=htmlspecialchars($mode);?>
413			</option>
414			<?php endforeach; ?>
415	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">Aggressive is faster, but
416	5b237745	Scott Ullrich	less secure.</span></td>
417			</tr>
418	6b11069e	Scott Ullrich	<tr>
419	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">My identifier</td>
420			<td width="78%" class="vtable">
421	e2411886	Scott Ullrich	<select name="p1myidentt" class="formfld">
422	5b237745	Scott Ullrich	<?php foreach ($my_identifier_list as $mode => $modename): ?>
423	6b11069e	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
424	5b237745	Scott Ullrich	<?=htmlspecialchars($modename);?>
425			</option>
426			<?php endforeach; ?>
427	6b11069e	Scott Ullrich	</select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
428	5b237745	Scott Ullrich	</td>
429			</tr>
430	6b11069e	Scott Ullrich	<tr>
431	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
432			<td width="78%" class="vtable">
433	e2411886	Scott Ullrich	<select name="p1ealgo" class="formfld">
434	5b237745	Scott Ullrich	<?php foreach ($p1_ealgos as $algo => $algoname): ?>
435	6b11069e	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
436	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
437			</option>
438			<?php endforeach; ?>
439	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
440	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
441			</tr>
442	6b11069e	Scott Ullrich	<tr>
443	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
444			<td width="78%" class="vtable">
445	e2411886	Scott Ullrich	<select name="p1halgo" class="formfld">
446	5b237745	Scott Ullrich	<?php foreach ($p1_halgos as $algo => $algoname): ?>
447	6b11069e	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
448	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
449			</option>
450			<?php endforeach; ?>
451	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
452	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
453			</tr>
454	6b11069e	Scott Ullrich	<tr>
455	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">DH key group</td>
456			<td width="78%" class="vtable">
457	e2411886	Scott Ullrich	<select name="p1dhgroup" class="formfld">
458	5b237745	Scott Ullrich	<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
459	6b11069e	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
460	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroup);?>
461			</option>
462			<?php endforeach; ?>
463	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
464	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em><br>
465			Must match the setting chosen on the remote side. </span></td>
466			</tr>
467	6b11069e	Scott Ullrich	<tr>
468	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
469	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
470	5b237745	Scott Ullrich	<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
471			seconds</td>
472			</tr>
473	6b11069e	Scott Ullrich	<tr>
474	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Authentication method</td>
475	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
476	e2411886	Scott Ullrich	<select name="p1authentication_method" class="formfld" onChange="methodsel_change()">
477			<?php foreach ($p1_authentication_methods as $method => $methodname): ?>
478	6b11069e	Scott Ullrich	<option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>>
479	e2411886	Scott Ullrich	<?=htmlspecialchars($methodname);?>
480			</option>
481			<?php endforeach; ?>
482	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
483	e2411886	Scott Ullrich	chosen on the remote side.</span></td>
484			</tr>
485	6b11069e	Scott Ullrich	<tr>
486	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
487	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
488			<?=$mandfldhtml;?><input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
489	5b237745	Scott Ullrich	</td>
490			</tr>
491	6b11069e	Scott Ullrich	<tr>
492	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Certificate</td>
493	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
494	e2411886	Scott Ullrich	<textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea>
495	6b11069e	Scott Ullrich	<br>
496	e2411886	Scott Ullrich	Paste a certificate in X.509 PEM format here.</td>
497			</tr>
498	6b11069e	Scott Ullrich	<tr>
499	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Key</td>
500	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
501	e2411886	Scott Ullrich	<textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea>
502	6b11069e	Scott Ullrich	<br>
503	e2411886	Scott Ullrich	Paste an RSA private key in PEM format here.</td>
504			</tr>
505	6b11069e	Scott Ullrich	<tr>
506	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncell">Peer certificate</td>
507	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
508	e2411886	Scott Ullrich	<textarea name="p1peercert" cols="65" rows="7" id="p1peercert" class="formpre"><?=htmlspecialchars($pconfig['p1peercert']);?></textarea>
509	6b11069e	Scott Ullrich	<br>
510	e2411886	Scott Ullrich	Paste the peer X.509 certificate in PEM format here.<br>
511			Leave this blank if you want to use a CA certificate for identity validation.</td>
512			</tr>
513	6b11069e	Scott Ullrich	<tr>
514	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
515			</tr>
516	6b11069e	Scott Ullrich	<tr>
517			<td colspan="2" valign="top" class="listtopic">Phase 2 proposal
518	5b237745	Scott Ullrich	(SA/Key Exchange)</td>
519			</tr>
520	6b11069e	Scott Ullrich	<tr>
521	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
522			<td width="78%" class="vtable">
523	e2411886	Scott Ullrich	<select name="p2proto" class="formfld">
524	5b237745	Scott Ullrich	<?php foreach ($p2_protos as $proto => $protoname): ?>
525	6b11069e	Scott Ullrich	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
526	5b237745	Scott Ullrich	<?=htmlspecialchars($protoname);?>
527			</option>
528			<?php endforeach; ?>
529	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">ESP is encryption, AH is
530	5b237745	Scott Ullrich	authentication only </span></td>
531			</tr>
532	6b11069e	Scott Ullrich	<tr>
533	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
534	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
535	5b237745	Scott Ullrich	<?php foreach ($p2_ealgos as $algo => $algoname): ?>
536	6b11069e	Scott Ullrich	<input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
537	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
538	6b11069e	Scott Ullrich	<br>
539	5b237745	Scott Ullrich	<?php endforeach; ?>
540			<br>
541	6b11069e	Scott Ullrich	Hint: use 3DES for best compatibility or if you have a hardware
542			crypto accelerator card. Blowfish is usually the fastest in
543	5b237745	Scott Ullrich	software encryption. </td>
544			</tr>
545	6b11069e	Scott Ullrich	<tr>
546	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
547	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
548	5b237745	Scott Ullrich	<?php foreach ($p2_halgos as $algo => $algoname): ?>
549	6b11069e	Scott Ullrich	<input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
550	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
551	6b11069e	Scott Ullrich	<br>
552	5b237745	Scott Ullrich	<?php endforeach; ?>
553			</td>
554			</tr>
555	6b11069e	Scott Ullrich	<tr>
556	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">PFS key group</td>
557			<td width="78%" class="vtable">
558	e2411886	Scott Ullrich	<select name="p2pfsgroup" class="formfld">
559	5b237745	Scott Ullrich	<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
560	6b11069e	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
561	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroupname);?>
562			</option>
563			<?php endforeach; ?>
564	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
565	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em></span></td>
566			</tr>
567	6b11069e	Scott Ullrich	<tr>
568	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
569	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
570	5b237745	Scott Ullrich	<input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
571			seconds</td>
572			</tr>
573	6b11069e	Scott Ullrich	<tr>
574	c1f5a46b	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
575			</tr>
576	6b11069e	Scott Ullrich	<tr>
577	c1f5a46b	Scott Ullrich	<td colspan="2" valign="top" class="listtopic">Keep alive</td>
578			</tr>
579	6b11069e	Scott Ullrich	<tr>
580	c1f5a46b	Scott Ullrich	<td width="22%" valign="top" class="vncell">Automatically ping host</td>
581	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
582	5b6582a2	Seth Mos	<input name="pinghost" type="text" class="formfld" id="pinghost" size="20" value="<?=$pconfig['pinghost'];?>"> IP address</td>
583	6b11069e	Scott Ullrich	</tr>
584			<tr>
585	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
586	6b11069e	Scott Ullrich	<td width="78%">
587			<input name="Submit" type="submit" class="formbtn" value="Save">
588	5b237745	Scott Ullrich	<?php if (isset($id) && $a_ipsec[$id]): ?>
589	6b11069e	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
590	5b237745	Scott Ullrich	<?php endif; ?>
591			</td>
592			</tr>
593			</table>
594			</form>
595			<script language="JavaScript">
596			<!--
597			typesel_change();
598	e2411886	Scott Ullrich	methodsel_change();
599	5b237745	Scott Ullrich	//-->
600			</script>
601			<?php include("fend.inc"); ?>
602	94420171	Scott Ullrich
603
604			<?php
605
606			function address_to_pconfig_vpn($adr, &$padr, &$pmask) {
607
608			if ($adr['network'])
609			$padr = $adr['network'];
610			else if ($adr['address']) {
611			list($padr, $pmask) = explode("/", $adr['address']);
612			if (is_null($pmask))
613			$pmask = 32;
614			}
615			}
616
617	b128368a	Bill Marquette	?>

Project

General

Profile

pfSense