/usr/local/www/vpn_ipsec_phase2.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase2.php @ e12c63db

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase2.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase2
34			##\|*NAME=VPN: IPsec: Edit Phase 2 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
36			##\|MATCH=vpn_ipsec_phase2.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44	3462a529	Matthew Grooms	if (!is_array($config['ipsec']['client']))
45			$config['ipsec']['client'] = array();
46
47			$a_client = &$config['ipsec']['client'];
48
49	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase2']))
50			$config['ipsec']['phase2'] = array();
51
52			$a_phase2 = &$config['ipsec']['phase2'];
53
54			$p2index = $_GET['p2index'];
55			if (isset($_POST['p2index']))
56			$p2index = $_POST['p2index'];
57
58			if (isset($_GET['dup']))
59			$p2index = $_GET['dup'];
60
61			if (isset($p2index) && $a_phase2[$p2index])
62			{
63			$pconfig['ikeid'] = $a_phase2[$p2index]['ikeid'];
64			$pconfig['disabled'] = isset($a_phase2[$p2index]['disabled']);
65	4b96b367	mgrooms	$pconfig['mode'] = $a_phase2[$p2index]['mode'];
66	a93e56c5	Matthew Grooms	$pconfig['descr'] = $a_phase2[$p2index]['descr'];
67	e92fb875	Seth Mos	$old_ph2ent = $a_phase2[$p2index];
68	a93e56c5	Matthew Grooms
69			idinfo_to_pconfig("local",$a_phase2[$p2index]['localid'],$pconfig);
70			idinfo_to_pconfig("remote",$a_phase2[$p2index]['remoteid'],$pconfig);
71
72			$pconfig['proto'] = $a_phase2[$p2index]['protocol'];
73			ealgos_to_pconfig($a_phase2[$p2index]['encryption-algorithm-option'],$pconfig);
74			$pconfig['halgos'] = $a_phase2[$p2index]['hash-algorithm-option'];
75			$pconfig['pfsgroup'] = $a_phase2[$p2index]['pfsgroup'];
76			$pconfig['lifetime'] = $a_phase2[$p2index]['lifetime'];
77	87e07f52	mgrooms	$pconfig['pinghost'] = $a_phase2[$p2index]['pinghost'];
78	3462a529	Matthew Grooms
79			if (isset($a_phase2[$p2index]['mobile']))
80			$pconfig['mobile'] = true;
81	a93e56c5	Matthew Grooms	}
82			else
83			{
84			$pconfig['ikeid'] = $_GET['ikeid'];
85
86			/* defaults */
87			$pconfig['localid_type'] = "lan";
88			$pconfig['remoteid_type'] = "network";
89			$pconfig['proto'] = "esp";
90			$pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes");
91			$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
92			$pconfig['pfsgroup'] = "0";
93			$pconfig['lifetime'] = "3600";
94	3462a529	Matthew Grooms
95			/* mobile client */
96			if($_GET['mobile'])
97			$pconfig['mobile']=true;
98	a93e56c5	Matthew Grooms	}
99
100			if (isset($_GET['dup']))
101			unset($p2index);
102
103			if ($_POST) {
104
105			unset($input_errors);
106			$pconfig = $_POST;
107
108			if (!isset( $_POST['ikeid']))
109	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid ikeid must be specified.");
110	a93e56c5	Matthew Grooms
111			/* input validation */
112	3462a529	Matthew Grooms	$reqdfields = explode(" ", "localid_type halgos");
113	123929e0	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Local network type"),gettext("P2 Hash Algorithms"));
114	3462a529	Matthew Grooms	if (!isset($pconfig['mobile'])){
115			$reqdfields[] = "remoteid_type";
116	123929e0	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote network type");
117	3462a529	Matthew Grooms	}
118	a93e56c5	Matthew Grooms
119			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
120
121	3795d067	Seth Mos	if(($pconfig['mode'] == "tunnel") \|\| ($pconfig['mode'] == "tunnel6"))
122	4b96b367	mgrooms	{
123			switch ($pconfig['localid_type']) {
124			case "network":
125	184d50b5	Ermal Lu?i	if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) \|\| !is_numeric($pconfig['localid_netbits']))
126	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network bit count must be specified.");
127	4b96b367	mgrooms	case "address":
128			if (!$pconfig['localid_address'] \|\| !is_ipaddr($pconfig['localid_address']))
129	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network IP address must be specified.");
130	4b96b367	mgrooms	break;
131			}
132	a93e56c5	Matthew Grooms
133	a5a483e0	jim-p	/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
134			if (is_array($config['interfaces'][$pconfig['localid_type']])) {
135			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
136			$address = get_interface_ip($pconfig['localid_type']);
137			$netbits = get_interface_subnet($pconfig['localid_type']);
138
139			if (empty($address) \|\| empty($netbits))
140			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
141			}
142
143	4b96b367	mgrooms	switch ($pconfig['remoteid_type']) {
144			case "network":
145	184d50b5	Ermal Lu?i	if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) \|\| !is_numeric($pconfig['remoteid_netbits']))
146	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network bit count must be specified.");
147	4b96b367	mgrooms	case "address":
148			if (!$pconfig['remoteid_address'] \|\| !is_ipaddr($pconfig['remoteid_address']))
149	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network IP address must be specified.");
150	4b96b367	mgrooms	break;
151			}
152	a93e56c5	Matthew Grooms	}
153	538b6eb3	Evgeny Yurchenko	/* Validate enabled phase2's are not duplicates */
154	061f28bf	Evgeny Yurchenko	if (isset($pconfig['mobile'])){
155	538b6eb3	Evgeny Yurchenko	/* User is adding phase 2 for mobile phase1 */
156	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
157	061f28bf	Evgeny Yurchenko	if (isset($name['mobile'])){
158			/* check duplicate localids only for mobile clents */
159	3da5c50d	Evgeny Yurchenko	$localid_data = ipsec_idinfo_to_cidr($name['localid']);
160			$entered = array();
161			$entered['type'] = $pconfig['localid_type'];
162			if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
163			if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
164			$entered_localid_data = ipsec_idinfo_to_cidr($entered);
165	b717f1bc	Evgeny Yurchenko	if ($localid_data == $entered_localid_data){
166			if (!isset($pconfig['p2index'])){
167			/* adding new p2 entry */
168			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
169			break;
170			}else if ($pconfig['p2index'] != $key){
171			/* editing p2 and entered p2 networks match with different p2 for given p1 */
172			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
173			break;
174	061f28bf	Evgeny Yurchenko	}
175			}
176			}
177			}
178	538b6eb3	Evgeny Yurchenko	}else{
179			/* User is adding phase 2 for site-to-site phase1 */
180			$input_error = 0;
181	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
182	538b6eb3	Evgeny Yurchenko	if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){
183			/* check duplicate subnets only for given phase1 */
184	3da5c50d	Evgeny Yurchenko	$localid_data = ipsec_idinfo_to_cidr($name['localid']);
185			$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid']);
186			$entered_local = array();
187			$entered_local['type'] = $pconfig['localid_type'];
188			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
189			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
190			$entered_localid_data = ipsec_idinfo_to_cidr($entered_local);
191			$entered_remote = array();
192			$entered_remote['type'] = $pconfig['remoteid_type'];
193			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
194			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
195			$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote);
196			if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
197	b717f1bc	Evgeny Yurchenko	if (!isset($pconfig['p2index'])){
198			/* adding new p2 entry */
199			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
200			break;
201			}else if ($pconfig['p2index'] != $key){
202			/* editing p2 and entered p2 networks match with different p2 for given p1 */
203			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
204			break;
205	538b6eb3	Evgeny Yurchenko	}
206			}
207			}
208			}
209			}
210
211	3462a529	Matthew Grooms	$ealgos = pconfig_to_ealgos($pconfig);
212
213	a93e56c5	Matthew Grooms	if (!count($ealgos)) {
214	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("At least one encryption algorithm must be selected.");
215	a93e56c5	Matthew Grooms	}
216			if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
217	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("The P2 lifetime must be an integer.");
218	a93e56c5	Matthew Grooms	}
219
220			if (!$input_errors) {
221	3462a529	Matthew Grooms
222			$ph2ent['ikeid'] = $pconfig['ikeid'];
223	4b96b367	mgrooms	$ph2ent['mode'] = $pconfig['mode'];
224	3462a529	Matthew Grooms	$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
225
226	3795d067	Seth Mos	if(($ph2ent['mode'] == "tunnel") \|\| ($ph2ent['mode'] == "tunnel6")){
227	4b96b367	mgrooms	$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
228			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
229			}
230	3462a529	Matthew Grooms
231			$ph2ent['protocol'] = $pconfig['proto'];
232	a93e56c5	Matthew Grooms	$ph2ent['encryption-algorithm-option'] = $ealgos;
233	3462a529	Matthew Grooms	$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
234			$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
235			$ph2ent['lifetime'] = $pconfig['lifetime'];
236	87e07f52	mgrooms	$ph2ent['pinghost'] = $pconfig['pinghost'];
237	3462a529	Matthew Grooms	$ph2ent['descr'] = $pconfig['descr'];
238
239			if (isset($pconfig['mobile']))
240			$ph2ent['mobile'] = true;
241	a93e56c5	Matthew Grooms
242			if (isset($p2index) && $a_phase2[$p2index])
243			$a_phase2[$p2index] = $ph2ent;
244			else
245			$a_phase2[] = $ph2ent;
246
247	e92fb875	Seth Mos
248			/* now we need to find all phase2 entries for this host */
249			if(is_array($ph2ent)) {
250			ipsec_lookup_phase1($ph2ent, $ph1ent);
251			$old_ph1ent = $ph1ent;
252	563b47bf	smos	$old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']);
253	e92fb875	Seth Mos	reload_tunnel_spd_policy ($ph1ent, $ph2ent, $old_ph1ent, $old_ph2ent);
254			}
255
256	a93e56c5	Matthew Grooms	write_config();
257	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
258	a93e56c5	Matthew Grooms
259			header("Location: vpn_ipsec.php");
260			exit;
261			}
262			}
263
264	3462a529	Matthew Grooms	if ($pconfig['mobile'])
265	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
266	3462a529	Matthew Grooms	else
267	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
268	6deedfde	jim-p	$statusurl = "diag_ipsec.php";
269			$logurl = "diag_logs_ipsec.php";
270
271	3462a529	Matthew Grooms
272	a93e56c5	Matthew Grooms	include("head.inc");
273
274			?>
275
276			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
277			<?php include("fbegin.inc"); ?>
278			<script language="JavaScript">
279			<!--
280	4b96b367	mgrooms
281			function change_mode() {
282			index = document.iform.mode.selectedIndex;
283			value = document.iform.mode.options[index].value;
284	3795d067	Seth Mos	if ((value == 'tunnel') \|\| (value == 'tunnel6')) {
285	4b96b367	mgrooms	document.getElementById('opt_localid').style.display = '';
286	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
287	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = '';
288	71880c96	pierrepomes	<?php endif; ?>
289	4b96b367	mgrooms	} else {
290			document.getElementById('opt_localid').style.display = 'none';
291	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
292	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = 'none';
293	71880c96	pierrepomes	<?php endif; ?>
294	4b96b367	mgrooms	}
295			}
296
297	a93e56c5	Matthew Grooms	function typesel_change_local(bits) {
298
299	3795d067	Seth Mos	if (typeof(bits)=="undefined") {
300			if (value == 'tunnel') {
301			bits = 24;
302			}
303			if (value == 'tunnel6') {
304			bits = 64;
305			}
306			}
307	a93e56c5	Matthew Grooms
308			switch (document.iform.localid_type.selectedIndex) {
309			case 0: /* single */
310			document.iform.localid_address.disabled = 0;
311			document.iform.localid_netbits.value = 0;
312			document.iform.localid_netbits.disabled = 1;
313			break;
314			case 1: /* network */
315			document.iform.localid_address.disabled = 0;
316			document.iform.localid_netbits.value = bits;
317			document.iform.localid_netbits.disabled = 0;
318			break;
319	63017a73	Ermal Lu?i	case 3: /* none */
320			document.iform.localid_address.disabled = 1;
321			document.iform.localid_netbits.disabled = 1;
322			break;
323	a93e56c5	Matthew Grooms	default:
324			document.iform.localid_address.value = "";
325			document.iform.localid_address.disabled = 1;
326			document.iform.localid_netbits.value = 0;
327			document.iform.localid_netbits.disabled = 1;
328			break;
329			}
330			}
331	3462a529	Matthew Grooms
332	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
333	3462a529	Matthew Grooms
334	a93e56c5	Matthew Grooms	function typesel_change_remote(bits) {
335
336	3795d067	Seth Mos	if (typeof(bits)=="undefined") {
337			if (value == 'tunnel') {
338			bits = 24;
339			}
340			if (value == 'tunnel6') {
341			bits = 64;
342			}
343			}
344	a93e56c5	Matthew Grooms
345			switch (document.iform.remoteid_type.selectedIndex) {
346			case 0: /* single */
347			document.iform.remoteid_address.disabled = 0;
348			document.iform.remoteid_netbits.value = 0;
349			document.iform.remoteid_netbits.disabled = 1;
350			break;
351			case 1: /* network */
352			document.iform.remoteid_address.disabled = 0;
353			document.iform.remoteid_netbits.value = bits;
354			document.iform.remoteid_netbits.disabled = 0;
355			break;
356			default:
357			document.iform.remoteid_address.value = "";
358			document.iform.remoteid_address.disabled = 1;
359			document.iform.remoteid_netbits.value = 0;
360			document.iform.remoteid_netbits.disabled = 1;
361			break;
362			}
363			}
364	3462a529	Matthew Grooms
365			<?php endif; ?>
366
367	4b96b367	mgrooms	function change_protocol() {
368	87e07f52	mgrooms	index = document.iform.proto.selectedIndex;
369			value = document.iform.proto.options[index].value;
370			if (value == 'esp')
371			document.getElementById('opt_enc').style.display = '';
372			else
373			document.getElementById('opt_enc').style.display = 'none';
374			}
375
376	a93e56c5	Matthew Grooms	//-->
377			</script>
378	5a3b0d3b	mgrooms
379			<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
380
381			<?php
382			if ($input_errors)
383			print_input_errors($input_errors);
384			?>
385
386			<table width="100%" border="0" cellpadding="0" cellspacing="0">
387			<tr class="tabnavtbl">
388			<td id="tabnav">
389			<?php
390			$tab_array = array();
391	123929e0	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
392			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
393			$tab_array[2] = array(gettext("Pre-shared keys"), false, "vpn_ipsec_keys.php");
394	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
395			?>
396			</td>
397			</tr>
398			<tr>
399			<td id="mainarea">
400			<div class="tabcont">
401			<table width="100%" border="0" cellpadding="6" cellspacing="0">
402			<tr>
403	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
404	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
405			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
406	123929e0	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase2 entry"); ?></strong>
407	5a3b0d3b	mgrooms	<br>
408	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
409			"removing it from the list"); ?>.
410	5a3b0d3b	mgrooms	</span>
411			</td>
412			</tr>
413			<tr>
414	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
415	4b96b367	mgrooms	<td width="78%" class="vtable">
416			<select name="mode" class="formselect" onChange="change_mode()">
417			<?php
418			foreach($p2_modes as $name => $value):
419			$selected = "";
420			if ($name == $pconfig['mode'])
421			$selected = "selected";
422			?>
423			<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
424			<?php endforeach; ?>
425			</select>
426			</td>
427			</tr>
428			<tr id="opt_localid">
429	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
430	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
431			<table border="0" cellspacing="0" cellpadding="0">
432			<tr>
433	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
434	5a3b0d3b	mgrooms	<td></td>
435			<td>
436			<select name="localid_type" class="formselect" onChange="typesel_change_local()">
437	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected";?>><?=gettext("Address"); ?></option>
438			<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected";?>><?=gettext("Network"); ?></option>
439	d48dbceb	Erik Fonnesbeck	<?php
440			$iflist = get_configured_interface_with_descr();
441			foreach ($iflist as $ifname => $ifdescr):
442			?>
443			<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
444			<?php endforeach; ?>
445	123929e0	Carlos Eduardo Ramos	<option value="none" <?php if ($pconfig['localid_type'] == "none" ) echo "selected";?>><?=gettext("None"); ?></option>
446	5a3b0d3b	mgrooms	</select>
447			</td>
448			</tr>
449			<tr>
450	11c160b0	Rafael Lucas	<td><?=gettext("Address:");?>  </td>
451	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
452			<td>
453	c271c485	Seth Mos	<input name="localid_address" type="text" class="formfld unknown" id="localid_address" size="28" value="<?=htmlspecialchars($pconfig['localid_address']);?>">
454	5a3b0d3b	mgrooms	/
455			<select name="localid_netbits" class="formselect" id="localid_netbits">
456	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--): ?>
457	5a3b0d3b	mgrooms	<option value="<?=$i;?>" <?php if ($i == $pconfig['localid_netbits']) echo "selected"; ?>>
458			<?=$i;?>
459			</option>
460			<?php endfor; ?>
461			</select>
462			</td>
463			</tr>
464			</table>
465			</td>
466			</tr>
467
468			<?php if (!isset($pconfig['mobile'])): ?>
469
470	4b96b367	mgrooms	<tr id="opt_remoteid">
471	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
472	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
473			<table border="0" cellspacing="0" cellpadding="0">
474			<tr>
475	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
476	5a3b0d3b	mgrooms	<td></td>
477			<td>
478			<select name="remoteid_type" class="formselect" onChange="typesel_change_remote()">
479	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected"; ?>><?=gettext("Address"); ?></option>
480			<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected"; ?>><?=gettext("Network"); ?></option>
481	5a3b0d3b	mgrooms	</select>
482			</td>
483			</tr>
484			<tr>
485	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Address"); ?>:  </td>
486	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
487			<td>
488	c271c485	Seth Mos	<input name="remoteid_address" type="text" class="formfld unknown" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>">
489	5a3b0d3b	mgrooms	/
490			<select name="remoteid_netbits" class="formselect" id="remoteid_netbits">
491	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--) {
492	184d50b5	Ermal Lu?i
493			echo "<option value=\"{$i}\"";
494			if ($i == $pconfig['remoteid_netbits']) echo " selected";
495			echo ">{$i}</option>\n";
496			} ?>
497	5a3b0d3b	mgrooms	</select>
498			</td>
499			</tr>
500			</table>
501	a93e56c5	Matthew Grooms	</td>
502	5a3b0d3b	mgrooms	</tr>
503
504	3462a529	Matthew Grooms	<?php endif; ?>
505	5a3b0d3b	mgrooms
506			<tr>
507	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
508	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
509			<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
510			<br>
511			<span class="vexpl">
512	123929e0	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
513			"for your reference (not parsed)"); ?>.
514	5a3b0d3b	mgrooms	</span>
515			</td>
516			</tr>
517			<tr>
518			<td colspan="2" class="list" height="12"></td>
519			</tr>
520			<tr>
521			<td colspan="2" valign="top" class="listtopic">
522	123929e0	Carlos Eduardo Ramos	<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
523	5a3b0d3b	mgrooms	</td>
524			</tr>
525			<tr>
526	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
527	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
528	4b96b367	mgrooms	<select name="proto" class="formselect" onChange="change_protocol()">
529	5a3b0d3b	mgrooms	<?php foreach ($p2_protos as $proto => $protoname): ?>
530			<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected"; ?>>
531			<?=htmlspecialchars($protoname);?>
532			</option>
533			<?php endforeach; ?>
534			</select>
535			<br>
536			<span class="vexpl">
537	123929e0	Carlos Eduardo Ramos	<?=gettext("ESP is encryption, AH is authentication only"); ?>
538	5a3b0d3b	mgrooms	</span>
539			</td>
540			</tr>
541	87e07f52	mgrooms	<tr id="opt_enc">
542	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
543	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
544			<table border="0" cellspacing="0" cellpadding="0">
545			<?php
546			foreach ($p2_ealgos as $algo => $algodata):
547			$checked = '';
548			if (in_array($algo,$pconfig['ealgos']))
549			$checked = " checked";
550			?>
551			<tr>
552			<td>
553			<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?>>
554			</td>
555			<td>
556			<?=htmlspecialchars($algodata['name']);?>
557			</td>
558			<td>
559			<?php if(is_array($algodata['keysel'])): ?>
560
561			<select name="keylen_<?=$algo;?>" class="formselect">
562	123929e0	Carlos Eduardo Ramos	<option value="auto"><?=gettext("auto"); ?></option>
563	5a3b0d3b	mgrooms	<?php
564			$key_hi = $algodata['keysel']['hi'];
565			$key_lo = $algodata['keysel']['lo'];
566			$key_step = $algodata['keysel']['step'];
567			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
568			$selected = '';
569			// if ($checked && in_array("keylen_".$algo,$pconfig))
570			if ($keylen == $pconfig["keylen_".$algo])
571			$selected = " selected";
572			?>
573	123929e0	Carlos Eduardo Ramos	<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
574	5a3b0d3b	mgrooms	<?php endfor; ?>
575			</select>
576			<?php endif; ?>
577			</td>
578			</tr>
579
580			<?php endforeach; ?>
581
582			</table>
583			<br>
584	123929e0	Carlos Eduardo Ramos	<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
585			"crypto accelerator card. Blowfish is usually the fastest in " .
586			"software encryption"); ?>.
587	5a3b0d3b	mgrooms	</td>
588			</tr>
589			<tr>
590	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
591	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
592			<?php foreach ($p2_halgos as $algo => $algoname): ?>
593			<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked"; ?>>
594			<?=htmlspecialchars($algoname);?>
595			<br>
596			<?php endforeach; ?>
597			</td>
598			</tr>
599			<tr>
600	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
601	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
602			<?php if (!isset($pconfig['mobile']) \|\| !isset($a_client['pfs_group'])): ?>
603			<select name="pfsgroup" class="formselect">
604			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
605			<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected"; ?>>
606			<?=htmlspecialchars($keygroupname);?>
607			</option>
608			<?php endforeach; ?>
609			</select>
610			<br>
611			<span class="vexpl">
612			<em>
613	123929e0	Carlos Eduardo Ramos	<?=gettext("1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit"); ?>
614	5a3b0d3b	mgrooms	</em>
615			</span>
616
617			<?php else: ?>
618
619			<select class="formselect" disabled>
620			<option selected><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
621			</select>
622	dd5bf424	Scott Ullrich	<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>">
623	5a3b0d3b	mgrooms	<br>
624	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
625	5a3b0d3b	mgrooms	<?php endif; ?>
626			</td>
627			</tr>
628			<tr>
629	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
630	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
631	dd5bf424	Scott Ullrich	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>">
632	123929e0	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
633	5a3b0d3b	mgrooms	</td>
634			</tr>
635	87e07f52	mgrooms	<tr>
636			<td colspan="2" class="list" height="12"></td>
637			</tr>
638			<tr>
639	123929e0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
640	87e07f52	mgrooms	</tr>
641			<tr>
642	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
643	87e07f52	mgrooms	<td width="78%" class="vtable">
644	c271c485	Seth Mos	<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="28" value="<?=htmlspecialchars($pconfig['pinghost']);?>">
645	123929e0	Carlos Eduardo Ramos	<?=gettext("IP address"); ?>
646	87e07f52	mgrooms	</td>
647			</tr>
648	5a3b0d3b	mgrooms	<tr>
649			<td width="22%" valign="top"> </td>
650			<td width="78%">
651			<?php if (isset($p2index) && $a_phase2[$p2index]): ?>
652			<input name="p2index" type="hidden" value="<?=$p2index;?>">
653			<?php endif; ?>
654			<?php if ($pconfig['mobile']): ?>
655			<input name="mobile" type="hidden" value="true">
656			<input name="remoteid_type" type="hidden" value="mobile">
657			<?php endif; ?>
658	123929e0	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
659	dd5bf424	Scott Ullrich	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>">
660	5a3b0d3b	mgrooms	</td>
661			</tr>
662			</table>
663			</div>
664			</td>
665			</tr>
666			</table>
667	a93e56c5	Matthew Grooms	</form>
668			<script lannguage="JavaScript">
669			<!--
670	dd5bf424	Scott Ullrich	change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
671			change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
672			typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
673	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
674	dd5bf424	Scott Ullrich	typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
675	71880c96	pierrepomes	<?php endif; ?>
676	a93e56c5	Matthew Grooms	//-->
677			</script>
678			<?php include("fend.inc"); ?>
679	3462a529	Matthew Grooms	</body>
680			</html>
681	a93e56c5	Matthew Grooms
682			<?php
683
684	3462a529	Matthew Grooms	/* local utility functions */
685
686	a93e56c5	Matthew Grooms	function pconfig_to_ealgos(& $pconfig) {
687
688			global $p2_ealgos;
689
690			$ealgos = array();
691			foreach ($p2_ealgos as $algo_name => $algo_data) {
692			if (in_array($algo_name,$pconfig['ealgos'])) {
693			$ealg = array();
694			$ealg['name'] = $algo_name;
695			if (is_array($algo_data['keysel']))
696			$ealg['keylen'] = $_POST["keylen_".$algo_name];
697			$ealgos[] = $ealg;
698			}
699			}
700
701			return $ealgos;
702			}
703
704			function ealgos_to_pconfig(& $ealgos,& $pconfig) {
705
706			$pconfig['ealgos'] = array();
707			foreach ($ealgos as $algo_data) {
708			$pconfig['ealgos'][] = $algo_data['name'];
709			if (isset($algo_data['keylen']))
710			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
711			}
712
713			return $ealgos;
714			}
715
716			function pconfig_to_idinfo($prefix,& $pconfig) {
717
718			$type = $pconfig[$prefix."id_type"];
719			$address = $pconfig[$prefix."id_address"];
720			$netbits = $pconfig[$prefix."id_netbits"];
721
722			switch( $type )
723			{
724			case "address":
725			return array('type' => $type, 'address' => $address);
726			case "network":
727			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
728			default:
729			return array('type' => $type );
730			}
731			}
732
733			function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
734
735			switch( $idinfo['type'] )
736			{
737			case "address":
738			$pconfig[$prefix."id_type"] = $idinfo['type'];
739			$pconfig[$prefix."id_address"] = $idinfo['address'];
740			break;
741			case "network":
742			$pconfig[$prefix."id_type"] = $idinfo['type'];
743			$pconfig[$prefix."id_address"] = $idinfo['address'];
744			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
745			break;
746			default:
747			$pconfig[$prefix."id_type"] = $idinfo['type'];
748			break;
749			}
750			}
751
752			?>

Project

General

Profile

pfSense