/usr/local/www/vpn_ipsec_phase2.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase2.php @ e41d7a1c

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase2.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
7	29aef6c4	Jim Thompson	Copyright (C) 2008 Shrew Soft Inc
8	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
9	a93e56c5	Matthew Grooms	All rights reserved.
10
11			Redistribution and use in source and binary forms, with or without
12			modification, are permitted provided that the following conditions are met:
13
14			1. Redistributions of source code must retain the above copyright notice,
15			this list of conditions and the following disclaimer.
16
17			2. Redistributions in binary form must reproduce the above copyright
18			notice, this list of conditions and the following disclaimer in the
19			documentation and/or other materials provided with the distribution.
20
21			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
22			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
23			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
25			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30			POSSIBILITY OF SUCH DAMAGE.
31			*/
32
33	6b07c15a	Matthew Grooms	##\|+PRIV
34			##\|*IDENT=page-vpn-ipsec-editphase2
35			##\|*NAME=VPN: IPsec: Edit Phase 2 page
36			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
37			##\|MATCH=vpn_ipsec_phase2.php
38			##\|-PRIV
39
40	0f84b741	Scott Ullrich	require("functions.inc");
41	a93e56c5	Matthew Grooms	require("guiconfig.inc");
42	483e6de8	Scott Ullrich	require_once("ipsec.inc");
43			require_once("vpn.inc");
44	a93e56c5	Matthew Grooms
45	3462a529	Matthew Grooms	if (!is_array($config['ipsec']['client']))
46			$config['ipsec']['client'] = array();
47
48			$a_client = &$config['ipsec']['client'];
49
50	6c3be365	Chris Buechler	if (!is_array($config['ipsec']['phase1']))
51			$config['ipsec']['phase1'] = array();
52
53	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase2']))
54			$config['ipsec']['phase2'] = array();
55
56	6c3be365	Chris Buechler	$a_phase1 = &$config['ipsec']['phase1'];
57	a93e56c5	Matthew Grooms	$a_phase2 = &$config['ipsec']['phase2'];
58
59	9b915686	Ermal	if (!empty($_GET['p2index']))
60			$uindex = $_GET['p2index'];
61			if (!empty($_POST['uniqid']))
62			$uindex = $_POST['uniqid'];
63
64			if (!empty($_GET['dup']))
65			$uindex = $_GET['dup'];
66
67			$ph2found = false;
68			if (isset($uindex)) {
69			foreach ($a_phase2 as $p2index => $ph2) {
70			if ($ph2['uniqid'] == $uindex) {
71			$ph2found = true;
72			break;
73			}
74			}
75			}
76	a93e56c5	Matthew Grooms
77	9b915686	Ermal	if ($ph2found === true)
78	a93e56c5	Matthew Grooms	{
79	9b915686	Ermal	$pconfig['ikeid'] = $ph2['ikeid'];
80			$pconfig['disabled'] = isset($ph2['disabled']);
81			$pconfig['mode'] = $ph2['mode'];
82			$pconfig['descr'] = $ph2['descr'];
83			$pconfig['uniqid'] = $ph2['uniqid'];
84
85			if (!empty($ph2['natlocalid']))
86			idinfo_to_pconfig("natlocal",$ph2['natlocalid'],$pconfig);
87			idinfo_to_pconfig("local",$ph2['localid'],$pconfig);
88			idinfo_to_pconfig("remote",$ph2['remoteid'],$pconfig);
89
90			$pconfig['proto'] = $ph2['protocol'];
91			ealgos_to_pconfig($ph2['encryption-algorithm-option'],$pconfig);
92			$pconfig['halgos'] = $ph2['hash-algorithm-option'];
93			$pconfig['pfsgroup'] = $ph2['pfsgroup'];
94			$pconfig['lifetime'] = $ph2['lifetime'];
95			$pconfig['pinghost'] = $ph2['pinghost'];
96	1fe208ec	Ermal LUÇI	$pconfig['reqid'] = $ph2['reqid'];
97	9b915686	Ermal
98			if (isset($ph2['mobile']))
99	3462a529	Matthew Grooms	$pconfig['mobile'] = true;
100	a93e56c5	Matthew Grooms	}
101			else
102			{
103			$pconfig['ikeid'] = $_GET['ikeid'];
104
105			/* defaults */
106			$pconfig['localid_type'] = "lan";
107			$pconfig['remoteid_type'] = "network";
108			$pconfig['proto'] = "esp";
109	c39feb71	Chris Buechler	$pconfig['ealgos'] = explode(",", "aes");
110			$pconfig['halgos'] = explode(",", "hmac_sha1");
111	a93e56c5	Matthew Grooms	$pconfig['pfsgroup'] = "0";
112			$pconfig['lifetime'] = "3600";
113	9b915686	Ermal	$pconfig['uniqid'] = uniqid();
114	3462a529	Matthew Grooms
115	9b915686	Ermal	/* mobile client */
116			if($_GET['mobile'])
117			$pconfig['mobile']=true;
118	a93e56c5	Matthew Grooms	}
119
120	9b915686	Ermal	unset($ph2);
121			if (!empty($_GET['dup'])) {
122			unset($uindex);
123	a93e56c5	Matthew Grooms	unset($p2index);
124	9b915686	Ermal	$pconfig['uniqid'] = uniqid();
125	fa776555	Ermal LUÇI	$pconfig['reqid'] = ipsec_new_reqid();
126	9b915686	Ermal	}
127	a93e56c5	Matthew Grooms
128			if ($_POST) {
129
130			unset($input_errors);
131			$pconfig = $_POST;
132
133			if (!isset( $_POST['ikeid']))
134	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid ikeid must be specified.");
135	a93e56c5	Matthew Grooms
136			/* input validation */
137	c650b2f7	Ermal	$reqdfields = explode(" ", "localid_type uniqid");
138			$reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier"));
139	3462a529	Matthew Grooms	if (!isset($pconfig['mobile'])){
140			$reqdfields[] = "remoteid_type";
141	123929e0	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote network type");
142	3462a529	Matthew Grooms	}
143	a93e56c5	Matthew Grooms
144	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
145	69aeef21	Chris Buechler
146	3795d067	Seth Mos	if(($pconfig['mode'] == "tunnel") \|\| ($pconfig['mode'] == "tunnel6"))
147	4b96b367	mgrooms	{
148			switch ($pconfig['localid_type']) {
149			case "network":
150	184d50b5	Ermal Lu?i	if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) \|\| !is_numeric($pconfig['localid_netbits']))
151	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network bit count must be specified.");
152	4b96b367	mgrooms	case "address":
153			if (!$pconfig['localid_address'] \|\| !is_ipaddr($pconfig['localid_address']))
154	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network IP address must be specified.");
155	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel"))
156			$input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6");
157			elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6"))
158			$input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4");
159	4b96b367	mgrooms	break;
160			}
161	a5a483e0	jim-p	/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
162			if (is_array($config['interfaces'][$pconfig['localid_type']])) {
163			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
164			$address = get_interface_ip($pconfig['localid_type']);
165			$netbits = get_interface_subnet($pconfig['localid_type']);
166
167			if (empty($address) \|\| empty($netbits))
168			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
169			}
170	3c107b76	Ermal
171	72dd4f07	Ermal	if (!empty($pconfig['natlocalid_address'])) {
172	261e72f0	Ermal	switch ($pconfig['natlocalid_type']) {
173			case "network":
174			if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) \|\| !is_numeric($pconfig['natlocalid_netbits']))
175	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network bit count must be specified.");
176	8d1a9e58	Ermal	if ($pconfig['localid_type'] == "address")
177			$input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
178	261e72f0	Ermal	case "address":
179			if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address']))
180	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IP address must be specified.");
181	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel"))
182	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6");
183	e4ffca08	Renato Botelho	elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6"))
184	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4");
185	261e72f0	Ermal	break;
186			}
187
188			if (is_array($config['interfaces'][$pconfig['natlocalid_type']])) {
189			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
190			$address = get_interface_ip($pconfig['natlocalid_type']);
191			$netbits = get_interface_subnet($pconfig['natlocalid_type']);
192
193			if (empty($address) \|\| empty($netbits))
194			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['natlocalid_type']) . " " . gettext("has no subnet.");
195			}
196	3c107b76	Ermal	}
197	a5a483e0	jim-p
198	4b96b367	mgrooms	switch ($pconfig['remoteid_type']) {
199			case "network":
200	184d50b5	Ermal Lu?i	if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) \|\| !is_numeric($pconfig['remoteid_netbits']))
201	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network bit count must be specified.");
202	4b96b367	mgrooms	case "address":
203			if (!$pconfig['remoteid_address'] \|\| !is_ipaddr($pconfig['remoteid_address']))
204	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network IP address must be specified.");
205	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel"))
206			$input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6");
207			elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6"))
208			$input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4");
209	4b96b367	mgrooms	break;
210			}
211	a93e56c5	Matthew Grooms	}
212	538b6eb3	Evgeny Yurchenko	/* Validate enabled phase2's are not duplicates */
213	061f28bf	Evgeny Yurchenko	if (isset($pconfig['mobile'])){
214	538b6eb3	Evgeny Yurchenko	/* User is adding phase 2 for mobile phase1 */
215	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
216	9b915686	Ermal	if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) {
217	061f28bf	Evgeny Yurchenko	/* check duplicate localids only for mobile clents */
218	d83045b5	Ermal	$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
219	3da5c50d	Evgeny Yurchenko	$entered = array();
220			$entered['type'] = $pconfig['localid_type'];
221			if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
222			if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
223	d83045b5	Ermal	$entered_localid_data = ipsec_idinfo_to_cidr($entered, false, $pconfig['mode']);
224	b717f1bc	Evgeny Yurchenko	if ($localid_data == $entered_localid_data){
225	9b915686	Ermal	/* adding new p2 entry */
226			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
227			break;
228	061f28bf	Evgeny Yurchenko	}
229			}
230			}
231	538b6eb3	Evgeny Yurchenko	}else{
232			/* User is adding phase 2 for site-to-site phase1 */
233			$input_error = 0;
234	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
235	9b915686	Ermal	if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid'] && $pconfig['uniqid'] != $name['uniqid']) {
236	538b6eb3	Evgeny Yurchenko	/* check duplicate subnets only for given phase1 */
237	d83045b5	Ermal	$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
238			$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid'], false, $name['mode']);
239	3da5c50d	Evgeny Yurchenko	$entered_local = array();
240			$entered_local['type'] = $pconfig['localid_type'];
241			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
242			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
243	d83045b5	Ermal	$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
244	3da5c50d	Evgeny Yurchenko	$entered_remote = array();
245			$entered_remote['type'] = $pconfig['remoteid_type'];
246			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
247			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
248	d83045b5	Ermal	$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
249	3da5c50d	Evgeny Yurchenko	if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
250	9b915686	Ermal	/* adding new p2 entry */
251			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
252			break;
253	538b6eb3	Evgeny Yurchenko	}
254			}
255			}
256	708af634	Chris Buechler	foreach ($a_phase1 as $phase1) {
257			if($phase1['ikeid'] == $pconfig['ikeid']) {
258			/* This is the P1 for this entry, validate its remote-gateway and local interface isn't within tunnel */
259			$entered_local = array();
260			$entered_local['type'] = $pconfig['localid_type'];
261			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
262			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
263			$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
264	ba0bc258	Ermal LUÇI	list($entered_local_network, $entered_local_mask) = explode('/', $entered_localid_data);
265	708af634	Chris Buechler	$entered_remote = array();
266			$entered_remote['type'] = $pconfig['remoteid_type'];
267			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
268			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
269			$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
270	ba0bc258	Ermal LUÇI	list($entered_remote_network, $entered_remote_mask) = explode('/', $entered_remoteid_data);
271	708af634	Chris Buechler	if ($phase1['protocol'] == "inet6") {
272			$if = get_failover_interface($phase1['interface'], "inet6");
273			$interfaceip = get_interface_ipv6($if);
274			} else {
275			$if = get_failover_interface($phase1['interface']);
276			$interfaceip = get_interface_ip($if);
277			}
278			/* skip validation for hostnames, they're subject to change anyway */
279			if (is_ipaddr($phase1['remote-gateway'])) {
280			if ($pconfig['mode'] == "tunnel") {
281			if(check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) {
282			$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
283			break;
284			}
285			} else if ($pconfig['mode'] == "tunnel6") {
286			if(check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) {
287			$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
288			break;
289			}
290			}
291	6c3be365	Chris Buechler	}
292			}
293			}
294	538b6eb3	Evgeny Yurchenko	}
295	3462a529	Matthew Grooms
296	b20a5cdb	Pierre POMES	/* For ESP protocol, handle encryption algorithms */
297			if ( $pconfig['proto'] == "esp") {
298			$ealgos = pconfig_to_ealgos($pconfig);
299
300			if (!count($ealgos)) {
301			$input_errors[] = gettext("At least one encryption algorithm must be selected.");
302	c650b2f7	Ermal	} else {
303	69aeef21	Chris Buechler	foreach ($ealgos as $ealgo) {
304			if (isset($config['system']['crypto_hardware'])) {
305			if ($config['system']['crypto_hardware'] == "glxsb") {
306			if ($ealgo['name'] == "aes" && $ealgo['keylen'] != "128")
307			$input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled.");
308			}
309			}
310			if (empty($pconfig['halgos'])) {
311	c650b2f7	Ermal	if (!strpos($ealgo['name'], "gcm")) {
312			$input_errors[] = gettext("At least one hashing algorithm needs to be selected.");
313			break;
314			}
315			}
316			}
317	b20a5cdb	Pierre POMES	}
318	c650b2f7	Ermal
319	a93e56c5	Matthew Grooms	}
320			if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
321	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("The P2 lifetime must be an integer.");
322	a93e56c5	Matthew Grooms	}
323
324			if (!$input_errors) {
325	3462a529	Matthew Grooms
326	9b915686	Ermal	$ph2ent = array();
327	3462a529	Matthew Grooms	$ph2ent['ikeid'] = $pconfig['ikeid'];
328	9b915686	Ermal	$ph2ent['uniqid'] = $pconfig['uniqid'];
329	4b96b367	mgrooms	$ph2ent['mode'] = $pconfig['mode'];
330	3462a529	Matthew Grooms	$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
331	1fe208ec	Ermal LUÇI	if (!isset($pconfig['reqid']))
332			$ph2ent['reqid'] = ipsec_new_reqid();
333			else
334			$ph2ent['reqid'] = $pconfig['reqid'];
335	3462a529	Matthew Grooms
336	3795d067	Seth Mos	if(($ph2ent['mode'] == "tunnel") \|\| ($ph2ent['mode'] == "tunnel6")){
337	72dd4f07	Ermal	if (!empty($pconfig['natlocalid_address']))
338	3c107b76	Ermal	$ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal",$pconfig);
339	4b96b367	mgrooms	$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
340			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
341			}
342	3462a529	Matthew Grooms
343			$ph2ent['protocol'] = $pconfig['proto'];
344	a93e56c5	Matthew Grooms	$ph2ent['encryption-algorithm-option'] = $ealgos;
345	c650b2f7	Ermal	if (!empty($pconfig['halgos']))
346			$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
347			else
348			unset($ph2ent['hash-algorithm-option']);
349	3462a529	Matthew Grooms	$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
350			$ph2ent['lifetime'] = $pconfig['lifetime'];
351	87e07f52	mgrooms	$ph2ent['pinghost'] = $pconfig['pinghost'];
352	3462a529	Matthew Grooms	$ph2ent['descr'] = $pconfig['descr'];
353
354			if (isset($pconfig['mobile']))
355			$ph2ent['mobile'] = true;
356	a93e56c5	Matthew Grooms
357	9b915686	Ermal	if ($ph2found === true && $a_phase2[$p2index])
358	a93e56c5	Matthew Grooms	$a_phase2[$p2index] = $ph2ent;
359			else
360			$a_phase2[] = $ph2ent;
361
362	e92fb875	Seth Mos
363	a93e56c5	Matthew Grooms	write_config();
364	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
365	a93e56c5	Matthew Grooms
366			header("Location: vpn_ipsec.php");
367			exit;
368			}
369			}
370
371	3462a529	Matthew Grooms	if ($pconfig['mobile'])
372	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
373	3462a529	Matthew Grooms	else
374	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
375	b32dd0a6	jim-p	$shortcut_section = "ipsec";
376	6deedfde	jim-p
377	3462a529	Matthew Grooms
378	a93e56c5	Matthew Grooms	include("head.inc");
379
380			?>
381
382			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
383			<?php include("fbegin.inc"); ?>
384	3a50eb39	Colin Fleming	<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
385	91f026b0	ayvis	<script type="text/javascript">
386	3a50eb39	Colin Fleming	//<![CDATA[
387	4b96b367	mgrooms
388			function change_mode() {
389			index = document.iform.mode.selectedIndex;
390			value = document.iform.mode.options[index].value;
391	3795d067	Seth Mos	if ((value == 'tunnel') \|\| (value == 'tunnel6')) {
392	4b96b367	mgrooms	document.getElementById('opt_localid').style.display = '';
393	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
394	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = '';
395	71880c96	pierrepomes	<?php endif; ?>
396	4b96b367	mgrooms	} else {
397			document.getElementById('opt_localid').style.display = 'none';
398	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
399	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = 'none';
400	71880c96	pierrepomes	<?php endif; ?>
401	4b96b367	mgrooms	}
402			}
403
404	3c107b76	Ermal	function typesel_change_natlocal(bits) {
405			var value = document.iform.mode.options[index].value;
406			if (typeof(bits) === "undefined") {
407			if (value === "tunnel") {
408			bits = 24;
409			}
410			else if (value === "tunnel6") {
411			bits = 64;
412			}
413			}
414			var address_is_blank = !/\S/.test(document.iform.natlocalid_address.value);
415			switch (document.iform.natlocalid_type.selectedIndex) {
416			case 0: /* single */
417			document.iform.natlocalid_address.disabled = 0;
418			if (address_is_blank) {
419			document.iform.natlocalid_netbits.value = 0;
420			}
421			document.iform.natlocalid_netbits.disabled = 1;
422			break;
423			case 1: /* network */
424			document.iform.natlocalid_address.disabled = 0;
425			if (address_is_blank) {
426			document.iform.natlocalid_netbits.value = bits;
427			}
428			document.iform.natlocalid_netbits.disabled = 0;
429			break;
430			case 3: /* none */
431			document.iform.natlocalid_address.disabled = 1;
432			document.iform.natlocalid_netbits.disabled = 1;
433			break;
434			default:
435			document.iform.natlocalid_address.value = "";
436			document.iform.natlocalid_address.disabled = 1;
437			if (address_is_blank) {
438			document.iform.natlocalid_netbits.value = 0;
439			}
440			document.iform.natlocalid_netbits.disabled = 1;
441			break;
442			}
443			}
444
445	a93e56c5	Matthew Grooms	function typesel_change_local(bits) {
446	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
447			if (typeof(bits) === "undefined") {
448			if (value === "tunnel") {
449			bits = 24;
450			}
451			else if (value === "tunnel6") {
452			bits = 64;
453			}
454			}
455			var address_is_blank = !/\S/.test(document.iform.localid_address.value);
456	a93e56c5	Matthew Grooms	switch (document.iform.localid_type.selectedIndex) {
457			case 0: /* single */
458			document.iform.localid_address.disabled = 0;
459	c2feff64	Darren Embry	if (address_is_blank) {
460			document.iform.localid_netbits.value = 0;
461			}
462	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
463			break;
464			case 1: /* network */
465			document.iform.localid_address.disabled = 0;
466	c2feff64	Darren Embry	if (address_is_blank) {
467			document.iform.localid_netbits.value = bits;
468			}
469	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 0;
470			break;
471	63017a73	Ermal Lu?i	case 3: /* none */
472			document.iform.localid_address.disabled = 1;
473			document.iform.localid_netbits.disabled = 1;
474			break;
475	a93e56c5	Matthew Grooms	default:
476			document.iform.localid_address.value = "";
477			document.iform.localid_address.disabled = 1;
478	c2feff64	Darren Embry	if (address_is_blank) {
479			document.iform.localid_netbits.value = 0;
480			}
481	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
482			break;
483			}
484			}
485	3462a529	Matthew Grooms
486	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
487	3462a529	Matthew Grooms
488	a93e56c5	Matthew Grooms	function typesel_change_remote(bits) {
489	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
490			if (typeof(bits) === "undefined") {
491			if (value === "tunnel") {
492			bits = 24;
493			}
494			else if (value === "tunnel6") {
495			bits = 64;
496			}
497			}
498			var address_is_blank = !/\S/.test(document.iform.remoteid_address.value);
499	a93e56c5	Matthew Grooms	switch (document.iform.remoteid_type.selectedIndex) {
500			case 0: /* single */
501			document.iform.remoteid_address.disabled = 0;
502	c2feff64	Darren Embry	if (address_is_blank) {
503			document.iform.remoteid_netbits.value = 0;
504			}
505	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
506			break;
507			case 1: /* network */
508			document.iform.remoteid_address.disabled = 0;
509	c2feff64	Darren Embry	if (address_is_blank) {
510			document.iform.remoteid_netbits.value = bits;
511			}
512	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 0;
513			break;
514			default:
515			document.iform.remoteid_address.value = "";
516			document.iform.remoteid_address.disabled = 1;
517	c2feff64	Darren Embry	if (address_is_blank) {
518			document.iform.remoteid_netbits.value = 0;
519			}
520	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
521			break;
522			}
523			}
524	3462a529	Matthew Grooms
525			<?php endif; ?>
526
527	4b96b367	mgrooms	function change_protocol() {
528	87e07f52	mgrooms	index = document.iform.proto.selectedIndex;
529			value = document.iform.proto.options[index].value;
530			if (value == 'esp')
531			document.getElementById('opt_enc').style.display = '';
532			else
533			document.getElementById('opt_enc').style.display = 'none';
534			}
535
536	3a50eb39	Colin Fleming	//]]>
537	a93e56c5	Matthew Grooms	</script>
538	5a3b0d3b	mgrooms
539			<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
540
541			<?php
542			if ($input_errors)
543			print_input_errors($input_errors);
544			?>
545
546	3a50eb39	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-2">
547	5a3b0d3b	mgrooms	<tr class="tabnavtbl">
548			<td id="tabnav">
549			<?php
550			$tab_array = array();
551	123929e0	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
552			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
553	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
554	71172088	jim-p	$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
555	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
556			?>
557			</td>
558			</tr>
559			<tr>
560			<td id="mainarea">
561			<div class="tabcont">
562	3a50eb39	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
563	5a3b0d3b	mgrooms	<tr>
564	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
565	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
566	3a50eb39	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
567	123929e0	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase2 entry"); ?></strong>
568	8cd558b6	ayvis	<br />
569	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
570			"removing it from the list"); ?>.
571	5a3b0d3b	mgrooms	</span>
572			</td>
573			</tr>
574			<tr>
575	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
576	4b96b367	mgrooms	<td width="78%" class="vtable">
577	3a50eb39	Colin Fleming	<select name="mode" class="formselect" onchange="change_mode()">
578	4b96b367	mgrooms	<?php
579			foreach($p2_modes as $name => $value):
580			$selected = "";
581			if ($name == $pconfig['mode'])
582	3a50eb39	Colin Fleming	$selected = "selected=\"selected\"";
583	4b96b367	mgrooms	?>
584			<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
585			<?php endforeach; ?>
586			</select>
587			</td>
588			</tr>
589			<tr id="opt_localid">
590	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
591	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
592	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="local network">
593	5a3b0d3b	mgrooms	<tr>
594	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
595	5a3b0d3b	mgrooms	<td></td>
596			<td>
597	3a50eb39	Colin Fleming	<select name="localid_type" class="formselect" onchange="typesel_change_local()">
598			<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected=\"selected\"";?>><?=gettext("Address"); ?></option>
599			<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected=\"selected\"";?>><?=gettext("Network"); ?></option>
600	d48dbceb	Erik Fonnesbeck	<?php
601			$iflist = get_configured_interface_with_descr();
602			foreach ($iflist as $ifname => $ifdescr):
603			?>
604	3a50eb39	Colin Fleming	<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected=\"selected\"";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
605	d48dbceb	Erik Fonnesbeck	<?php endforeach; ?>
606	5a3b0d3b	mgrooms	</select>
607			</td>
608			</tr>
609			<tr>
610	11c160b0	Rafael Lucas	<td><?=gettext("Address:");?>  </td>
611	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
612			<td>
613	3a50eb39	Colin Fleming	<input name="localid_address" type="text" class="formfld unknown ipv4v6" id="localid_address" size="28" value="<?=htmlspecialchars($pconfig['localid_address']);?>" />
614	5a3b0d3b	mgrooms	/
615	6255beda	Darren Embry	<select name="localid_netbits" class="formselect ipv4v6" id="localid_netbits">
616	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--): ?>
617	3a50eb39	Colin Fleming	<option value="<?=$i;?>" <?php if (isset($pconfig['localid_netbits']) && $i == $pconfig['localid_netbits']) echo "selected=\"selected\""; ?>>
618	5a3b0d3b	mgrooms	<?=$i;?>
619			</option>
620			<?php endfor; ?>
621			</select>
622			</td>
623			</tr>
624	3c107b76	Ermal	<tr> <td colspan="3">
625	8cd558b6	ayvis	<br />
626	3c107b76	Ermal	<?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?>
627			</td></tr>
628			<tr>
629			<td><?=gettext("Type"); ?>:  </td>
630			<td></td>
631			<td>
632	3a50eb39	Colin Fleming	<select name="natlocalid_type" class="formselect" onchange="typesel_change_natlocal()">
633			<option value="address" <?php if ($pconfig['natlocalid_type'] == "address") echo "selected=\"selected\"";?>><?=gettext("Address"); ?></option>
634			<option value="network" <?php if ($pconfig['natlocalid_type'] == "network") echo "selected=\"selected\"";?>><?=gettext("Network"); ?></option>
635	3c107b76	Ermal	<?php
636			$iflist = get_configured_interface_with_descr();
637			foreach ($iflist as $ifname => $ifdescr):
638			?>
639	3a50eb39	Colin Fleming	<option value="<?=$ifname; ?>" <?php if ($pconfig['natlocalid_type'] == $ifname ) echo "selected=\"selected\"";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
640	3c107b76	Ermal	<?php endforeach; ?>
641	3a50eb39	Colin Fleming	<option value="none" <?php if (empty($pconfig['natlocalid_type']) \|\| $pconfig['natlocalid_type'] == "none" ) echo "selected=\"selected\"";?>><?=gettext("None"); ?></option>
642	3c107b76	Ermal	</select>
643			</td>
644			</tr>
645			<tr>
646			<td><?=gettext("Address:");?>  </td>
647			<td><?=$mandfldhtmlspc;?></td>
648			<td>
649	3a50eb39	Colin Fleming	<input name="natlocalid_address" type="text" class="formfld unknown ipv4v6" id="natlocalid_address" size="28" value="<?=htmlspecialchars($pconfig['natlocalid_address']);?>" />
650	3c107b76	Ermal	/
651			<select name="natlocalid_netbits" class="formselect ipv4v6" id="natlocalid_netbits">
652			<?php for ($i = 128; $i >= 0; $i--): ?>
653	3a50eb39	Colin Fleming	<option value="<?=$i;?>" <?php if (isset($pconfig['natlocalid_netbits']) && $i == $pconfig['natlocalid_netbits']) echo "selected=\"selected\""; ?>>
654	3c107b76	Ermal	<?=$i;?>
655			</option>
656			<?php endfor; ?>
657			</select>
658			</td>
659			</tr>
660	5a3b0d3b	mgrooms	</table>
661			</td>
662			</tr>
663
664			<?php if (!isset($pconfig['mobile'])): ?>
665
666	4b96b367	mgrooms	<tr id="opt_remoteid">
667	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
668	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
669	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="remote network">
670	5a3b0d3b	mgrooms	<tr>
671	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
672	5a3b0d3b	mgrooms	<td></td>
673			<td>
674	3a50eb39	Colin Fleming	<select name="remoteid_type" class="formselect" onchange="typesel_change_remote()">
675			<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected=\"selected\""; ?>><?=gettext("Address"); ?></option>
676			<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
677	5a3b0d3b	mgrooms	</select>
678			</td>
679			</tr>
680			<tr>
681	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Address"); ?>:  </td>
682	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
683			<td>
684	3a50eb39	Colin Fleming	<input name="remoteid_address" type="text" class="formfld unknown ipv4v6" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>" />
685	5a3b0d3b	mgrooms	/
686	6255beda	Darren Embry	<select name="remoteid_netbits" class="formselect ipv4v6" id="remoteid_netbits">
687	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--) {
688	184d50b5	Ermal Lu?i
689			echo "<option value=\"{$i}\"";
690	3a50eb39	Colin Fleming	if (isset($pconfig['remoteid_netbits']) && $i == $pconfig['remoteid_netbits']) echo " selected=\"selected\"";
691	184d50b5	Ermal Lu?i	echo ">{$i}</option>\n";
692			} ?>
693	5a3b0d3b	mgrooms	</select>
694			</td>
695			</tr>
696			</table>
697	a93e56c5	Matthew Grooms	</td>
698	5a3b0d3b	mgrooms	</tr>
699
700	3462a529	Matthew Grooms	<?php endif; ?>
701	5a3b0d3b	mgrooms
702			<tr>
703	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
704	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
705	3a50eb39	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
706	8cd558b6	ayvis	<br />
707	5a3b0d3b	mgrooms	<span class="vexpl">
708	123929e0	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
709			"for your reference (not parsed)"); ?>.
710	5a3b0d3b	mgrooms	</span>
711			</td>
712			</tr>
713			<tr>
714			<td colspan="2" class="list" height="12"></td>
715			</tr>
716			<tr>
717			<td colspan="2" valign="top" class="listtopic">
718	123929e0	Carlos Eduardo Ramos	<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
719	5a3b0d3b	mgrooms	</td>
720			</tr>
721			<tr>
722	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
723	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
724	3a50eb39	Colin Fleming	<select name="proto" class="formselect" onchange="change_protocol()">
725	5a3b0d3b	mgrooms	<?php foreach ($p2_protos as $proto => $protoname): ?>
726	3a50eb39	Colin Fleming	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected=\"selected\""; ?>>
727	5a3b0d3b	mgrooms	<?=htmlspecialchars($protoname);?>
728			</option>
729			<?php endforeach; ?>
730			</select>
731	8cd558b6	ayvis	<br />
732	5a3b0d3b	mgrooms	<span class="vexpl">
733	123929e0	Carlos Eduardo Ramos	<?=gettext("ESP is encryption, AH is authentication only"); ?>
734	5a3b0d3b	mgrooms	</span>
735			</td>
736			</tr>
737	87e07f52	mgrooms	<tr id="opt_enc">
738	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
739	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
740	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="encryption">
741	5a3b0d3b	mgrooms	<?php
742			foreach ($p2_ealgos as $algo => $algodata):
743			$checked = '';
744	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos']) && in_array($algo,$pconfig['ealgos']))
745	3a50eb39	Colin Fleming	$checked = " checked=\"checked\"";
746	5a3b0d3b	mgrooms	?>
747			<tr>
748			<td>
749	3a50eb39	Colin Fleming	<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?> />
750	5a3b0d3b	mgrooms	</td>
751			<td>
752			<?=htmlspecialchars($algodata['name']);?>
753			</td>
754			<td>
755			<?php if(is_array($algodata['keysel'])): ?>
756
757			<select name="keylen_<?=$algo;?>" class="formselect">
758	123929e0	Carlos Eduardo Ramos	<option value="auto"><?=gettext("auto"); ?></option>
759	5a3b0d3b	mgrooms	<?php
760			$key_hi = $algodata['keysel']['hi'];
761			$key_lo = $algodata['keysel']['lo'];
762			$key_step = $algodata['keysel']['step'];
763			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
764	3a50eb39	Colin Fleming	$selected = "";
765	5a3b0d3b	mgrooms	// if ($checked && in_array("keylen_".$algo,$pconfig))
766			if ($keylen == $pconfig["keylen_".$algo])
767	3a50eb39	Colin Fleming	$selected = " selected=\"selected\"";
768	5a3b0d3b	mgrooms	?>
769	123929e0	Carlos Eduardo Ramos	<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
770	5a3b0d3b	mgrooms	<?php endfor; ?>
771			</select>
772			<?php endif; ?>
773			</td>
774			</tr>
775
776			<?php endforeach; ?>
777
778			</table>
779	8cd558b6	ayvis	<br />
780	123929e0	Carlos Eduardo Ramos	<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
781			"crypto accelerator card. Blowfish is usually the fastest in " .
782			"software encryption"); ?>.
783	5a3b0d3b	mgrooms	</td>
784			</tr>
785			<tr>
786	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
787	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
788			<?php foreach ($p2_halgos as $algo => $algoname): ?>
789	3a50eb39	Colin Fleming	<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked=\"checked\""; ?> />
790	5a3b0d3b	mgrooms	<?=htmlspecialchars($algoname);?>
791	8cd558b6	ayvis	<br />
792	5a3b0d3b	mgrooms	<?php endforeach; ?>
793			</td>
794			</tr>
795			<tr>
796	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
797	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
798			<?php if (!isset($pconfig['mobile']) \|\| !isset($a_client['pfs_group'])): ?>
799			<select name="pfsgroup" class="formselect">
800			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
801	3a50eb39	Colin Fleming	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected=\"selected\""; ?>>
802	5a3b0d3b	mgrooms	<?=htmlspecialchars($keygroupname);?>
803			</option>
804			<?php endforeach; ?>
805			</select>
806	8cd558b6	ayvis	<br />
807	5a3b0d3b	mgrooms	<?php else: ?>
808
809	3a50eb39	Colin Fleming	<select class="formselect" disabled="disabled">
810			<option selected="selected"><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
811	5a3b0d3b	mgrooms	</select>
812	3a50eb39	Colin Fleming	<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>" />
813	8cd558b6	ayvis	<br />
814	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
815	5a3b0d3b	mgrooms	<?php endif; ?>
816			</td>
817			</tr>
818			<tr>
819	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
820	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
821	3a50eb39	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />
822	123929e0	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
823	5a3b0d3b	mgrooms	</td>
824			</tr>
825	87e07f52	mgrooms	<tr>
826			<td colspan="2" class="list" height="12"></td>
827			</tr>
828			<tr>
829	123929e0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
830	87e07f52	mgrooms	</tr>
831			<tr>
832	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
833	87e07f52	mgrooms	<td width="78%" class="vtable">
834	3a50eb39	Colin Fleming	<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="28" value="<?=htmlspecialchars($pconfig['pinghost']);?>" />
835	123929e0	Carlos Eduardo Ramos	<?=gettext("IP address"); ?>
836	87e07f52	mgrooms	</td>
837			</tr>
838	5a3b0d3b	mgrooms	<tr>
839			<td width="22%" valign="top"> </td>
840			<td width="78%">
841			<?php if ($pconfig['mobile']): ?>
842	3a50eb39	Colin Fleming	<input name="mobile" type="hidden" value="true" />
843			<input name="remoteid_type" type="hidden" value="mobile" />
844	5a3b0d3b	mgrooms	<?php endif; ?>
845	3a50eb39	Colin Fleming	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
846			<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" />
847	1fe208ec	Ermal LUÇI	<?php if (!empty($pconfig['reqid'])): ?>
848			<input name="reqid" type="hidden" value="<?=htmlspecialchars($pconfig['reqid']);?>" />
849			<?php endif; ?>
850	9b915686	Ermal	<input name="uniqid" type="hidden" value="<?=htmlspecialchars($pconfig['uniqid']);?>" />
851	5a3b0d3b	mgrooms	</td>
852			</tr>
853			</table>
854			</div>
855			</td>
856			</tr>
857			</table>
858	a93e56c5	Matthew Grooms	</form>
859	3a50eb39	Colin Fleming	<script type="text/javascript">
860			//<![CDATA[
861	dd5bf424	Scott Ullrich	change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
862			change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
863			typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
864	3c107b76	Ermal	typesel_change_natlocal(<?=htmlspecialchars($pconfig['natlocalid_netbits'])?>);
865	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
866	dd5bf424	Scott Ullrich	typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
867	71880c96	pierrepomes	<?php endif; ?>
868	3a50eb39	Colin Fleming	//]]>
869	a93e56c5	Matthew Grooms	</script>
870			<?php include("fend.inc"); ?>
871	3462a529	Matthew Grooms	</body>
872			</html>
873	a93e56c5	Matthew Grooms
874			<?php
875
876	3462a529	Matthew Grooms	/* local utility functions */
877
878	a93e56c5	Matthew Grooms	function pconfig_to_ealgos(& $pconfig) {
879			global $p2_ealgos;
880
881			$ealgos = array();
882	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos'])) {
883			foreach ($p2_ealgos as $algo_name => $algo_data) {
884			if (in_array($algo_name,$pconfig['ealgos'])) {
885			$ealg = array();
886			$ealg['name'] = $algo_name;
887			if (is_array($algo_data['keysel']))
888			$ealg['keylen'] = $_POST["keylen_".$algo_name];
889			$ealgos[] = $ealg;
890			}
891	a93e56c5	Matthew Grooms	}
892			}
893
894			return $ealgos;
895			}
896
897			function ealgos_to_pconfig(& $ealgos,& $pconfig) {
898
899			$pconfig['ealgos'] = array();
900			foreach ($ealgos as $algo_data) {
901			$pconfig['ealgos'][] = $algo_data['name'];
902			if (isset($algo_data['keylen']))
903			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
904			}
905
906			return $ealgos;
907			}
908
909			function pconfig_to_idinfo($prefix,& $pconfig) {
910
911			$type = $pconfig[$prefix."id_type"];
912			$address = $pconfig[$prefix."id_address"];
913			$netbits = $pconfig[$prefix."id_netbits"];
914
915			switch( $type )
916			{
917			case "address":
918			return array('type' => $type, 'address' => $address);
919			case "network":
920			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
921			default:
922			return array('type' => $type );
923			}
924			}
925
926			function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
927
928			switch( $idinfo['type'] )
929			{
930			case "address":
931			$pconfig[$prefix."id_type"] = $idinfo['type'];
932			$pconfig[$prefix."id_address"] = $idinfo['address'];
933			break;
934			case "network":
935			$pconfig[$prefix."id_type"] = $idinfo['type'];
936			$pconfig[$prefix."id_address"] = $idinfo['address'];
937			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
938			break;
939			default:
940			$pconfig[$prefix."id_type"] = $idinfo['type'];
941			break;
942			}
943			}
944
945			?>

Project

General

Profile

pfSense