/usr/local/www/vpn_ipsec_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_edit.php @ e2aa3617

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2			<?php
3			/*
4			vpn_ipsec_edit.php
5	e2411886	Scott Ullrich	part of m0n0wall (http://m0n0.ch/wall)
6
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8	cfc707f7	Scott Ullrich	All rights reserved.
9	e2411886	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	e2411886	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	e2411886	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	e2411886	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	d797cd0c	Scott Ullrich	$pgtitle = "VPN: IPsec: Edit tunnel";
33	5b237745	Scott Ullrich	require("guiconfig.inc");
34
35			if (!is_array($config['ipsec']['tunnel'])) {
36			$config['ipsec']['tunnel'] = array();
37			}
38			$a_ipsec = &$config['ipsec']['tunnel'];
39
40			$specialsrcdst = explode(" ", "lan");
41
42			$id = $_GET['id'];
43			if (isset($_POST['id']))
44			$id = $_POST['id'];
45	e2411886	Scott Ullrich
46	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id]) {
47			$pconfig['disabled'] = isset($a_ipsec[$id]['disabled']);
48	e2411886	Scott Ullrich	//$pconfig['auto'] = isset($a_ipsec[$id]['auto']);
49	c8e8de6f	Scott Ullrich
50	5b237745	Scott Ullrich	if (!isset($a_ipsec[$id]['local-subnet']))
51			$pconfig['localnet'] = "lan";
52			else
53	94420171	Scott Ullrich	address_to_pconfig_vpn($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']);
54	e2411886	Scott Ullrich
55	5b237745	Scott Ullrich	if ($a_ipsec[$id]['interface'])
56			$pconfig['interface'] = $a_ipsec[$id]['interface'];
57			else
58			$pconfig['interface'] = "wan";
59	e2411886	Scott Ullrich
60	5b237745	Scott Ullrich	list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']);
61			$pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway'];
62			$pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode'];
63	e2411886	Scott Ullrich
64	5b237745	Scott Ullrich	if (isset($a_ipsec[$id]['p1']['myident']['myaddress']))
65			$pconfig['p1myidentt'] = 'myaddress';
66			else if (isset($a_ipsec[$id]['p1']['myident']['address'])) {
67			$pconfig['p1myidentt'] = 'address';
68			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['address'];
69			} else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) {
70			$pconfig['p1myidentt'] = 'fqdn';
71			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn'];
72			} else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) {
73			$pconfig['p1myidentt'] = 'user_fqdn';
74			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
75			}
76	e2411886	Scott Ullrich
77	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
78			$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
79			$pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
80			$pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
81	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = $a_ipsec[$id]['p1']['authentication_method'];
82	5b237745	Scott Ullrich	$pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
83	e2411886	Scott Ullrich	$pconfig['p1cert'] = base64_decode($a_ipsec[$id]['p1']['cert']);
84			$pconfig['p1peercert'] = base64_decode($a_ipsec[$id]['p1']['peercert']);
85			$pconfig['p1privatekey'] = base64_decode($a_ipsec[$id]['p1']['private-key']);
86	5b237745	Scott Ullrich	$pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
87			$pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
88			$pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
89			$pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup'];
90			$pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime'];
91			$pconfig['descr'] = $a_ipsec[$id]['descr'];
92	e2411886	Scott Ullrich
93	5b237745	Scott Ullrich	} else {
94			/* defaults */
95			$pconfig['interface'] = "wan";
96			$pconfig['localnet'] = "lan";
97			$pconfig['p1mode'] = "aggressive";
98			$pconfig['p1myidentt'] = "myaddress";
99	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = "pre_shared_key";
100	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = "3des";
101			$pconfig['p1halgo'] = "sha1";
102			$pconfig['p1dhgroup'] = "2";
103			$pconfig['p2proto'] = "esp";
104			$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael");
105			$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
106			$pconfig['p2pfsgroup'] = "0";
107	e2411886	Scott Ullrich	$pconfig['remotebits'] = 32;
108	5b237745	Scott Ullrich	}
109
110			if ($_POST) {
111			if (is_specialnet($_POST['localnettype'])) {
112			$_POST['localnet'] = $_POST['localnettype'];
113			$_POST['localnetmask'] = 0;
114			} else if ($_POST['localnettype'] == "single") {
115			$_POST['localnetmask'] = 32;
116			}
117	e2411886	Scott Ullrich
118	5b237745	Scott Ullrich	unset($input_errors);
119			$pconfig = $_POST;
120
121			/* input validation */
122	e2411886	Scott Ullrich	if ($_POST['p1authentication_method'] == "pre_shared_key") {
123			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
124			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
125			}
126			else {
127			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p2ealgos p2halgos");
128			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,P2 Encryption Algorithms,P2 Hash Algorithms");
129			if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1cert'], "END CERTIFICATE"))
130			$input_errors[] = "This certificate does not appear to be valid.";
131			if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY"))
132			$input_errors[] = "This key does not appear to be valid.";
133			if ($_POST['p1peercert']!="" && (!strstr($_POST['p1peercert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1peercert'], "END CERTIFICATE")))
134			$input_errors[] = "This peer certificate does not appear to be valid.";
135			}
136
137	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
138	e2411886	Scott Ullrich
139	5b237745	Scott Ullrich	if (!is_specialnet($_POST['localnettype'])) {
140			if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) {
141			$input_errors[] = "A valid local network IP address must be specified.";
142			}
143			if (($_POST['localnetmask'] && !is_numeric($_POST['localnetmask']))) {
144			$input_errors[] = "A valid local network bit count must be specified.";
145			}
146			}
147			if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
148			$input_errors[] = "The P1 lifetime must be an integer.";
149			}
150			if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
151			$input_errors[] = "The P2 lifetime must be an integer.";
152			}
153	e2411886	Scott Ullrich	if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) \|\| ($_POST['remotebits'] < 0) \|\| ($_POST['remotebits'] > 32))) {
154	5b237745	Scott Ullrich	$input_errors[] = "The remote network bits are invalid.";
155			}
156			if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet']))) {
157			$input_errors[] = "A valid remote network address must be specified.";
158			}
159			if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) {
160			$input_errors[] = "A valid remote gateway address must be specified.";
161			}
162			if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) {
163			$input_errors[] = "A valid IP address for 'My identifier' must be specified.";
164			}
165			if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
166			$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
167			}
168			if ($_POST['p1myidentt'] == "user_fqdn") {
169			$ufqdn = explode("@",$_POST['p1myident']);
170	e2411886	Scott Ullrich	if (!is_domain($ufqdn[1]))
171	5b237745	Scott Ullrich	$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
172			}
173	e2411886	Scott Ullrich
174	5b237745	Scott Ullrich	if ($_POST['p1myidentt'] == "myaddress")
175			$_POST['p1myident'] = "";
176
177			if (!$input_errors) {
178			$ipsecent['disabled'] = $_POST['disabled'] ? true : false;
179	e2411886	Scott Ullrich	//$ipsecent['auto'] = $_POST['auto'] ? true : false;
180	5b237745	Scott Ullrich	$ipsecent['interface'] = $pconfig['interface'];
181			pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
182			$ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
183			$ipsecent['remote-gateway'] = $_POST['remotegw'];
184			$ipsecent['p1']['mode'] = $_POST['p1mode'];
185	e2411886	Scott Ullrich
186	5b237745	Scott Ullrich	$ipsecent['p1']['myident'] = array();
187			switch ($_POST['p1myidentt']) {
188			case 'myaddress':
189			$ipsecent['p1']['myident']['myaddress'] = true;
190			break;
191			case 'address':
192			$ipsecent['p1']['myident']['address'] = $_POST['p1myident'];
193			break;
194			case 'fqdn':
195			$ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
196			break;
197			case 'user_fqdn':
198			$ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
199			break;
200			}
201	e2411886	Scott Ullrich
202	5b237745	Scott Ullrich	$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
203			$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
204			$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
205			$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
206			$ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
207	e2411886	Scott Ullrich	$ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']);
208			$ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']);
209			$ipsecent['p1']['peercert'] = base64_encode($_POST['p1peercert']);
210			$ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method'];
211	5b237745	Scott Ullrich	$ipsecent['p2']['protocol'] = $_POST['p2proto'];
212			$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
213			$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
214			$ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
215			$ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
216			$ipsecent['descr'] = $_POST['descr'];
217	e2411886	Scott Ullrich
218	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id])
219			$a_ipsec[$id] = $ipsecent;
220			else
221			$a_ipsec[] = $ipsecent;
222	e2411886	Scott Ullrich
223	5b237745	Scott Ullrich	write_config();
224			touch($d_ipsecconfdirty_path);
225	e2411886	Scott Ullrich
226	5b237745	Scott Ullrich	header("Location: vpn_ipsec.php");
227			exit;
228			}
229			}
230	4df96eff	Scott Ullrich
231			include("head.inc");
232
233	5b237745	Scott Ullrich	?>
234	422f27c0	Scott Ullrich
235			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
236	e2411886	Scott Ullrich	<?php include("fbegin.inc"); ?>
237	4b8fffef	Scott Ullrich	<p class="pgtitle"><?php echo $pgtitle; ?></p>
238	5b237745	Scott Ullrich	<script language="JavaScript">
239			<!--
240			function typesel_change() {
241			switch (document.iform.localnettype.selectedIndex) {
242			case 0: /* single */
243			document.iform.localnet.disabled = 0;
244			document.iform.localnetmask.value = "";
245			document.iform.localnetmask.disabled = 1;
246			break;
247			case 1: /* network */
248			document.iform.localnet.disabled = 0;
249			document.iform.localnetmask.disabled = 0;
250			break;
251			default:
252			document.iform.localnet.value = "";
253			document.iform.localnet.disabled = 1;
254			document.iform.localnetmask.value = "";
255			document.iform.localnetmask.disabled = 1;
256			break;
257			}
258			}
259	e2411886	Scott Ullrich	function methodsel_change() {
260			switch (document.iform.p1authentication_method.selectedIndex) {
261			case 1: /* rsa */
262			document.iform.p1pskey.disabled = 1;
263			document.iform.p1privatekey.disabled = 0;
264			document.iform.p1cert.disabled = 0;
265			document.iform.p1peercert.disabled = 0;
266			break;
267			default: /* pre-shared */
268			document.iform.p1pskey.disabled = 0;
269			document.iform.p1privatekey.disabled = 1;
270			document.iform.p1cert.disabled = 1;
271			document.iform.p1peercert.disabled = 1;
272			break;
273			}
274			}
275	5b237745	Scott Ullrich	//-->
276			</script>
277			<?php if ($input_errors) print_input_errors($input_errors); ?>
278			<form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
279			<table width="100%" border="0" cellpadding="6" cellspacing="0">
280	e2411886	Scott Ullrich	<tr>
281	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Mode</td>
282			<td width="78%" class="vtable"> Tunnel</td>
283			</tr>
284	e2411886	Scott Ullrich	<tr>
285	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Disabled</td>
286	e2411886	Scott Ullrich	<td width="78%" class="vtable">
287	5b237745	Scott Ullrich	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
288			<strong>Disable this tunnel</strong><br>
289			<span class="vexpl">Set this option to disable this tunnel without
290			removing it from the list.</span></td>
291			</tr>
292	e2411886	Scott Ullrich	<!-- <tr>
293	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Auto-establish</td>
294	e2411886	Scott Ullrich	<td width="78%" class="vtable">
295	5b237745	Scott Ullrich	<input name="auto" type="checkbox" id="auto" value="yes" <?php if ($pconfig['auto']) echo "checked"; ?>>
296			<strong>Automatically establish this tunnel</strong><br>
297			<span class="vexpl">Set this option to automatically re-establish this tunnel after reboots/reconfigures. If this is not set, the tunnel is established on demand.</span></td>
298	e2411886	Scott Ullrich	</tr> -->
299			<tr>
300	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
301	e2411886	Scott Ullrich	<td width="78%" class="vtable"><select name="interface" class="formfld">
302	5b237745	Scott Ullrich	<?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
303			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
304			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
305			}
306			foreach ($interfaces as $iface => $ifacename): ?>
307	e2411886	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
308	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
309			</option>
310			<?php endforeach; ?>
311			</select> <br>
312			<span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td>
313			</tr>
314	e2411886	Scott Ullrich	<tr>
315	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local subnet</td>
316	e2411886	Scott Ullrich	<td width="78%" class="vtable">
317	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
318	e2411886	Scott Ullrich	<tr>
319	5b237745	Scott Ullrich	<td>Type:  </td>
320	e2411886	Scott Ullrich	<td></td>
321	5b237745	Scott Ullrich	<td><select name="localnettype" class="formfld" onChange="typesel_change()">
322			<?php $sel = is_specialnet($pconfig['localnet']); ?>
323	e2411886	Scott Ullrich	<option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
324	5b237745	Scott Ullrich	Single host</option>
325	e2411886	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
326	5b237745	Scott Ullrich	Network</option>
327	e2411886	Scott Ullrich	<option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
328	5b237745	Scott Ullrich	LAN subnet</option>
329			</select></td>
330			</tr>
331	e2411886	Scott Ullrich	<tr>
332	5b237745	Scott Ullrich	<td>Address:  </td>
333	e2411886	Scott Ullrich	<td><?=$mandfldhtmlspc;?></td>
334	5b237745	Scott Ullrich	<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
335	e2411886	Scott Ullrich	/
336	5b237745	Scott Ullrich	<select name="localnetmask" class="formfld" id="localnetmask">
337	e2411886	Scott Ullrich	<?php for ($i = 31; $i >= 0; $i--): ?>
338	5b237745	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
339			<?=$i;?>
340			</option>
341			<?php endfor; ?>
342			</select> </td>
343			</tr>
344			</table></td>
345			</tr>
346	e2411886	Scott Ullrich	<tr>
347	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote subnet</td>
348	e2411886	Scott Ullrich	<td width="78%" class="vtable">
349			<?=$mandfldhtml;?><input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
350			/
351	5b237745	Scott Ullrich	<select name="remotebits" class="formfld" id="remotebits">
352	e2411886	Scott Ullrich	<?php for ($i = 32; $i >= 0; $i--): ?>
353			<option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
354	5b237745	Scott Ullrich	<?=$i;?>
355			</option>
356			<?php endfor; ?>
357			</select></td>
358			</tr>
359	e2411886	Scott Ullrich	<tr>
360	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote gateway</td>
361	e2411886	Scott Ullrich	<td width="78%" class="vtable">
362			<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
363	5b237745	Scott Ullrich	<br>
364			Enter the public IP address of the remote gateway</td>
365			</tr>
366	e2411886	Scott Ullrich	<tr>
367	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
368	e2411886	Scott Ullrich	<td width="78%" class="vtable">
369			<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
370			<br> <span class="vexpl">You may enter a description here
371	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
372			</tr>
373	e2411886	Scott Ullrich	<tr>
374	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
375			</tr>
376	e2411886	Scott Ullrich	<tr>
377			<td colspan="2" valign="top" class="listtopic">Phase 1 proposal
378	5b237745	Scott Ullrich	(Authentication)</td>
379			</tr>
380	e2411886	Scott Ullrich	<tr>
381	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
382			<td width="78%" class="vtable">
383	e2411886	Scott Ullrich	<select name="p1mode" class="formfld">
384	5b237745	Scott Ullrich	<?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
385	e2411886	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
386	5b237745	Scott Ullrich	<?=htmlspecialchars($mode);?>
387			</option>
388			<?php endforeach; ?>
389	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">Aggressive is faster, but
390	5b237745	Scott Ullrich	less secure.</span></td>
391			</tr>
392	e2411886	Scott Ullrich	<tr>
393	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">My identifier</td>
394			<td width="78%" class="vtable">
395	e2411886	Scott Ullrich	<select name="p1myidentt" class="formfld">
396	5b237745	Scott Ullrich	<?php foreach ($my_identifier_list as $mode => $modename): ?>
397	e2411886	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
398	5b237745	Scott Ullrich	<?=htmlspecialchars($modename);?>
399			</option>
400			<?php endforeach; ?>
401	e2411886	Scott Ullrich	</select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
402	5b237745	Scott Ullrich	</td>
403			</tr>
404	e2411886	Scott Ullrich	<tr>
405	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
406			<td width="78%" class="vtable">
407	e2411886	Scott Ullrich	<select name="p1ealgo" class="formfld">
408	5b237745	Scott Ullrich	<?php foreach ($p1_ealgos as $algo => $algoname): ?>
409	e2411886	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
410	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
411			</option>
412			<?php endforeach; ?>
413	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
414	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
415			</tr>
416	e2411886	Scott Ullrich	<tr>
417	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
418			<td width="78%" class="vtable">
419	e2411886	Scott Ullrich	<select name="p1halgo" class="formfld">
420	5b237745	Scott Ullrich	<?php foreach ($p1_halgos as $algo => $algoname): ?>
421	e2411886	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
422	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
423			</option>
424			<?php endforeach; ?>
425	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
426	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
427			</tr>
428	e2411886	Scott Ullrich	<tr>
429	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">DH key group</td>
430			<td width="78%" class="vtable">
431	e2411886	Scott Ullrich	<select name="p1dhgroup" class="formfld">
432	5b237745	Scott Ullrich	<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
433	e2411886	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
434	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroup);?>
435			</option>
436			<?php endforeach; ?>
437	e2411886	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
438	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em><br>
439			Must match the setting chosen on the remote side. </span></td>
440			</tr>
441	e2411886	Scott Ullrich	<tr>
442	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
443	e2411886	Scott Ullrich	<td width="78%" class="vtable">
444	5b237745	Scott Ullrich	<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
445			seconds</td>
446			</tr>
447	e2411886	Scott Ullrich	<tr>
448			<td width="22%" valign="top" class="vncellreq">Authentication method</td>
449	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
450	e2411886	Scott Ullrich	<select name="p1authentication_method" class="formfld" onChange="methodsel_change()">
451			<?php foreach ($p1_authentication_methods as $method => $methodname): ?>
452			<option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>>
453			<?=htmlspecialchars($methodname);?>
454			</option>
455			<?php endforeach; ?>
456			</select> <br> <span class="vexpl">Must match the setting
457			chosen on the remote side.</span></td>
458			</tr>
459			<tr>
460			<td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
461			<td width="78%" class="vtable">
462			<?=$mandfldhtml;?><input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
463	5b237745	Scott Ullrich	</td>
464			</tr>
465	e2411886	Scott Ullrich	<tr>
466			<td width="22%" valign="top" class="vncellreq">Certificate</td>
467			<td width="78%" class="vtable">
468			<textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea>
469			<br>
470			Paste a certificate in X.509 PEM format here.</td>
471			</tr>
472			<tr>
473			<td width="22%" valign="top" class="vncellreq">Key</td>
474			<td width="78%" class="vtable">
475			<textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea>
476			<br>
477			Paste an RSA private key in PEM format here.</td>
478			</tr>
479			<tr>
480			<td width="22%" valign="top" class="vncell">Peer certificate</td>
481			<td width="78%" class="vtable">
482			<textarea name="p1peercert" cols="65" rows="7" id="p1peercert" class="formpre"><?=htmlspecialchars($pconfig['p1peercert']);?></textarea>
483			<br>
484			Paste the peer X.509 certificate in PEM format here.<br>
485			Leave this blank if you want to use a CA certificate for identity validation.</td>
486			</tr>
487			<tr>
488	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
489			</tr>
490	e2411886	Scott Ullrich	<tr>
491			<td colspan="2" valign="top" class="listtopic">Phase 2 proposal
492	5b237745	Scott Ullrich	(SA/Key Exchange)</td>
493			</tr>
494	e2411886	Scott Ullrich	<tr>
495	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
496			<td width="78%" class="vtable">
497	e2411886	Scott Ullrich	<select name="p2proto" class="formfld">
498	5b237745	Scott Ullrich	<?php foreach ($p2_protos as $proto => $protoname): ?>
499	e2411886	Scott Ullrich	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
500	5b237745	Scott Ullrich	<?=htmlspecialchars($protoname);?>
501			</option>
502			<?php endforeach; ?>
503	e2411886	Scott Ullrich	</select> <br> <span class="vexpl">ESP is encryption, AH is
504	5b237745	Scott Ullrich	authentication only </span></td>
505			</tr>
506	e2411886	Scott Ullrich	<tr>
507	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
508	e2411886	Scott Ullrich	<td width="78%" class="vtable">
509	5b237745	Scott Ullrich	<?php foreach ($p2_ealgos as $algo => $algoname): ?>
510	e2411886	Scott Ullrich	<input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
511	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
512	e2411886	Scott Ullrich	<br>
513	5b237745	Scott Ullrich	<?php endforeach; ?>
514			<br>
515	e2411886	Scott Ullrich	Hint: use 3DES for best compatibility or if you have a hardware
516			crypto accelerator card. Blowfish is usually the fastest in
517	5b237745	Scott Ullrich	software encryption. </td>
518			</tr>
519	e2411886	Scott Ullrich	<tr>
520	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
521	e2411886	Scott Ullrich	<td width="78%" class="vtable">
522	5b237745	Scott Ullrich	<?php foreach ($p2_halgos as $algo => $algoname): ?>
523	e2411886	Scott Ullrich	<input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
524	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
525	e2411886	Scott Ullrich	<br>
526	5b237745	Scott Ullrich	<?php endforeach; ?>
527			</td>
528			</tr>
529	e2411886	Scott Ullrich	<tr>
530	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">PFS key group</td>
531			<td width="78%" class="vtable">
532	e2411886	Scott Ullrich	<select name="p2pfsgroup" class="formfld">
533	5b237745	Scott Ullrich	<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
534	e2411886	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
535	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroupname);?>
536			</option>
537			<?php endforeach; ?>
538	e2411886	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
539	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em></span></td>
540			</tr>
541	e2411886	Scott Ullrich	<tr>
542	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
543	e2411886	Scott Ullrich	<td width="78%" class="vtable">
544	5b237745	Scott Ullrich	<input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
545			seconds</td>
546			</tr>
547	e2411886	Scott Ullrich	<tr>
548	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
549	e2411886	Scott Ullrich	<td width="78%">
550			<input name="Submit" type="submit" class="formbtn" value="Save">
551	5b237745	Scott Ullrich	<?php if (isset($id) && $a_ipsec[$id]): ?>
552	e2411886	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
553	5b237745	Scott Ullrich	<?php endif; ?>
554			</td>
555			</tr>
556			</table>
557			</form>
558			<script language="JavaScript">
559			<!--
560			typesel_change();
561	e2411886	Scott Ullrich	methodsel_change();
562	5b237745	Scott Ullrich	//-->
563			</script>
564			<?php include("fend.inc"); ?>
565	94420171	Scott Ullrich
566
567			<?php
568
569			function address_to_pconfig_vpn($adr, &$padr, &$pmask) {
570
571			if ($adr['network'])
572			$padr = $adr['network'];
573			else if ($adr['address']) {
574			list($padr, $pmask) = explode("/", $adr['address']);
575			if (is_null($pmask))
576			$pmask = 32;
577			}
578			}
579
580			?>

Project

General

Profile

pfSense