/usr/local/www/vpn_ipsec_phase2.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase2.php @ ed2d1343

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase2.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
7	29aef6c4	Jim Thompson	Copyright (C) 2008 Shrew Soft Inc
8	ed2d1343	Renato Botelho	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
9	a93e56c5	Matthew Grooms	All rights reserved.
10
11			Redistribution and use in source and binary forms, with or without
12			modification, are permitted provided that the following conditions are met:
13
14			1. Redistributions of source code must retain the above copyright notice,
15			this list of conditions and the following disclaimer.
16
17			2. Redistributions in binary form must reproduce the above copyright
18			notice, this list of conditions and the following disclaimer in the
19			documentation and/or other materials provided with the distribution.
20
21			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
22			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
23			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
25			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30			POSSIBILITY OF SUCH DAMAGE.
31			*/
32
33	6b07c15a	Matthew Grooms	##\|+PRIV
34			##\|*IDENT=page-vpn-ipsec-editphase2
35			##\|*NAME=VPN: IPsec: Edit Phase 2 page
36			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
37			##\|MATCH=vpn_ipsec_phase2.php
38			##\|-PRIV
39
40	0f84b741	Scott Ullrich	require("functions.inc");
41	a93e56c5	Matthew Grooms	require("guiconfig.inc");
42	483e6de8	Scott Ullrich	require_once("ipsec.inc");
43			require_once("vpn.inc");
44	a93e56c5	Matthew Grooms
45	3462a529	Matthew Grooms	if (!is_array($config['ipsec']['client']))
46			$config['ipsec']['client'] = array();
47
48			$a_client = &$config['ipsec']['client'];
49
50	6c3be365	Chris Buechler	if (!is_array($config['ipsec']['phase1']))
51			$config['ipsec']['phase1'] = array();
52
53	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase2']))
54			$config['ipsec']['phase2'] = array();
55
56	6c3be365	Chris Buechler	$a_phase1 = &$config['ipsec']['phase1'];
57	a93e56c5	Matthew Grooms	$a_phase2 = &$config['ipsec']['phase2'];
58
59	9b915686	Ermal	if (!empty($_GET['p2index']))
60			$uindex = $_GET['p2index'];
61			if (!empty($_POST['uniqid']))
62			$uindex = $_POST['uniqid'];
63
64			if (!empty($_GET['dup']))
65			$uindex = $_GET['dup'];
66
67			$ph2found = false;
68			if (isset($uindex)) {
69			foreach ($a_phase2 as $p2index => $ph2) {
70			if ($ph2['uniqid'] == $uindex) {
71			$ph2found = true;
72			break;
73			}
74			}
75			}
76	a93e56c5	Matthew Grooms
77	9b915686	Ermal	if ($ph2found === true)
78	a93e56c5	Matthew Grooms	{
79	9b915686	Ermal	$pconfig['ikeid'] = $ph2['ikeid'];
80			$pconfig['disabled'] = isset($ph2['disabled']);
81			$pconfig['mode'] = $ph2['mode'];
82			$pconfig['descr'] = $ph2['descr'];
83			$pconfig['uniqid'] = $ph2['uniqid'];
84
85			if (!empty($ph2['natlocalid']))
86			idinfo_to_pconfig("natlocal",$ph2['natlocalid'],$pconfig);
87			idinfo_to_pconfig("local",$ph2['localid'],$pconfig);
88			idinfo_to_pconfig("remote",$ph2['remoteid'],$pconfig);
89
90			$pconfig['proto'] = $ph2['protocol'];
91			ealgos_to_pconfig($ph2['encryption-algorithm-option'],$pconfig);
92			$pconfig['halgos'] = $ph2['hash-algorithm-option'];
93			$pconfig['pfsgroup'] = $ph2['pfsgroup'];
94			$pconfig['lifetime'] = $ph2['lifetime'];
95			$pconfig['pinghost'] = $ph2['pinghost'];
96
97			if (isset($ph2['mobile']))
98	3462a529	Matthew Grooms	$pconfig['mobile'] = true;
99	a93e56c5	Matthew Grooms	}
100			else
101			{
102			$pconfig['ikeid'] = $_GET['ikeid'];
103
104			/* defaults */
105			$pconfig['localid_type'] = "lan";
106			$pconfig['remoteid_type'] = "network";
107			$pconfig['proto'] = "esp";
108			$pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes");
109			$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
110			$pconfig['pfsgroup'] = "0";
111			$pconfig['lifetime'] = "3600";
112	9b915686	Ermal	$pconfig['uniqid'] = uniqid();
113	3462a529	Matthew Grooms
114	9b915686	Ermal	/* mobile client */
115			if($_GET['mobile'])
116			$pconfig['mobile']=true;
117	a93e56c5	Matthew Grooms	}
118
119	9b915686	Ermal	unset($ph2);
120			if (!empty($_GET['dup'])) {
121			unset($uindex);
122	a93e56c5	Matthew Grooms	unset($p2index);
123	9b915686	Ermal	$pconfig['uniqid'] = uniqid();
124			}
125	a93e56c5	Matthew Grooms
126			if ($_POST) {
127
128			unset($input_errors);
129			$pconfig = $_POST;
130
131			if (!isset( $_POST['ikeid']))
132	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid ikeid must be specified.");
133	a93e56c5	Matthew Grooms
134			/* input validation */
135	c650b2f7	Ermal	$reqdfields = explode(" ", "localid_type uniqid");
136			$reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier"));
137	3462a529	Matthew Grooms	if (!isset($pconfig['mobile'])){
138			$reqdfields[] = "remoteid_type";
139	123929e0	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote network type");
140	3462a529	Matthew Grooms	}
141	a93e56c5	Matthew Grooms
142	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
143	a93e56c5	Matthew Grooms
144	3795d067	Seth Mos	if(($pconfig['mode'] == "tunnel") \|\| ($pconfig['mode'] == "tunnel6"))
145	4b96b367	mgrooms	{
146			switch ($pconfig['localid_type']) {
147			case "network":
148	184d50b5	Ermal Lu?i	if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) \|\| !is_numeric($pconfig['localid_netbits']))
149	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network bit count must be specified.");
150	4b96b367	mgrooms	case "address":
151			if (!$pconfig['localid_address'] \|\| !is_ipaddr($pconfig['localid_address']))
152	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network IP address must be specified.");
153	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel"))
154			$input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6");
155			elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6"))
156			$input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4");
157	4b96b367	mgrooms	break;
158			}
159	a5a483e0	jim-p	/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
160			if (is_array($config['interfaces'][$pconfig['localid_type']])) {
161			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
162			$address = get_interface_ip($pconfig['localid_type']);
163			$netbits = get_interface_subnet($pconfig['localid_type']);
164
165			if (empty($address) \|\| empty($netbits))
166			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
167			}
168	3c107b76	Ermal
169	72dd4f07	Ermal	if (!empty($pconfig['natlocalid_address'])) {
170	261e72f0	Ermal	switch ($pconfig['natlocalid_type']) {
171			case "network":
172			if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) \|\| !is_numeric($pconfig['natlocalid_netbits']))
173	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network bit count must be specified.");
174	8d1a9e58	Ermal	if ($pconfig['localid_type'] == "address")
175			$input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
176	261e72f0	Ermal	case "address":
177			if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address']))
178	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IP address must be specified.");
179	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel"))
180	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6");
181	e4ffca08	Renato Botelho	elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6"))
182	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4");
183	261e72f0	Ermal	break;
184			}
185
186			if (is_array($config['interfaces'][$pconfig['natlocalid_type']])) {
187			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
188			$address = get_interface_ip($pconfig['natlocalid_type']);
189			$netbits = get_interface_subnet($pconfig['natlocalid_type']);
190
191			if (empty($address) \|\| empty($netbits))
192			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['natlocalid_type']) . " " . gettext("has no subnet.");
193			}
194	3c107b76	Ermal	}
195	a5a483e0	jim-p
196	4b96b367	mgrooms	switch ($pconfig['remoteid_type']) {
197			case "network":
198	184d50b5	Ermal Lu?i	if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) \|\| !is_numeric($pconfig['remoteid_netbits']))
199	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network bit count must be specified.");
200	4b96b367	mgrooms	case "address":
201			if (!$pconfig['remoteid_address'] \|\| !is_ipaddr($pconfig['remoteid_address']))
202	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network IP address must be specified.");
203	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel"))
204			$input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6");
205			elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6"))
206			$input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4");
207	4b96b367	mgrooms	break;
208			}
209	a93e56c5	Matthew Grooms	}
210	538b6eb3	Evgeny Yurchenko	/* Validate enabled phase2's are not duplicates */
211	061f28bf	Evgeny Yurchenko	if (isset($pconfig['mobile'])){
212	538b6eb3	Evgeny Yurchenko	/* User is adding phase 2 for mobile phase1 */
213	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
214	9b915686	Ermal	if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) {
215	061f28bf	Evgeny Yurchenko	/* check duplicate localids only for mobile clents */
216	d83045b5	Ermal	$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
217	3da5c50d	Evgeny Yurchenko	$entered = array();
218			$entered['type'] = $pconfig['localid_type'];
219			if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
220			if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
221	d83045b5	Ermal	$entered_localid_data = ipsec_idinfo_to_cidr($entered, false, $pconfig['mode']);
222	b717f1bc	Evgeny Yurchenko	if ($localid_data == $entered_localid_data){
223	9b915686	Ermal	/* adding new p2 entry */
224			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
225			break;
226	061f28bf	Evgeny Yurchenko	}
227			}
228			}
229	538b6eb3	Evgeny Yurchenko	}else{
230			/* User is adding phase 2 for site-to-site phase1 */
231			$input_error = 0;
232	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
233	9b915686	Ermal	if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid'] && $pconfig['uniqid'] != $name['uniqid']) {
234	538b6eb3	Evgeny Yurchenko	/* check duplicate subnets only for given phase1 */
235	d83045b5	Ermal	$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
236			$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid'], false, $name['mode']);
237	3da5c50d	Evgeny Yurchenko	$entered_local = array();
238			$entered_local['type'] = $pconfig['localid_type'];
239			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
240			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
241	d83045b5	Ermal	$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
242	3da5c50d	Evgeny Yurchenko	$entered_remote = array();
243			$entered_remote['type'] = $pconfig['remoteid_type'];
244			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
245			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
246	d83045b5	Ermal	$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
247	3da5c50d	Evgeny Yurchenko	if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
248	9b915686	Ermal	/* adding new p2 entry */
249			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
250			break;
251	538b6eb3	Evgeny Yurchenko	}
252			}
253			}
254	708af634	Chris Buechler	foreach ($a_phase1 as $phase1) {
255			if($phase1['ikeid'] == $pconfig['ikeid']) {
256			/* This is the P1 for this entry, validate its remote-gateway and local interface isn't within tunnel */
257			$entered_local = array();
258			$entered_local['type'] = $pconfig['localid_type'];
259			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
260			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
261			$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
262			list($entered_local_network, $entered_local_mask) = split("/", $entered_localid_data);
263			$entered_remote = array();
264			$entered_remote['type'] = $pconfig['remoteid_type'];
265			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
266			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
267			$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
268			list($entered_remote_network, $entered_remote_mask) = split("/", $entered_remoteid_data);
269			if ($phase1['protocol'] == "inet6") {
270			$if = get_failover_interface($phase1['interface'], "inet6");
271			$interfaceip = get_interface_ipv6($if);
272			} else {
273			$if = get_failover_interface($phase1['interface']);
274			$interfaceip = get_interface_ip($if);
275			}
276			/* skip validation for hostnames, they're subject to change anyway */
277			if (is_ipaddr($phase1['remote-gateway'])) {
278			if ($pconfig['mode'] == "tunnel") {
279			if(check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) {
280			$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
281			break;
282			}
283			} else if ($pconfig['mode'] == "tunnel6") {
284			if(check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) {
285			$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
286			break;
287			}
288			}
289	6c3be365	Chris Buechler	}
290			}
291			}
292	538b6eb3	Evgeny Yurchenko	}
293	3462a529	Matthew Grooms
294	b20a5cdb	Pierre POMES	/* For ESP protocol, handle encryption algorithms */
295			if ( $pconfig['proto'] == "esp") {
296			$ealgos = pconfig_to_ealgos($pconfig);
297
298			if (!count($ealgos)) {
299			$input_errors[] = gettext("At least one encryption algorithm must be selected.");
300	c650b2f7	Ermal	} else {
301	f950a062	Ermal	if (empty($pconfig['halgos'])) {
302	c650b2f7	Ermal	foreach ($ealgos as $ealgo) {
303			if (!strpos($ealgo['name'], "gcm")) {
304			$input_errors[] = gettext("At least one hashing algorithm needs to be selected.");
305			break;
306			}
307			}
308			}
309	b20a5cdb	Pierre POMES	}
310	c650b2f7	Ermal
311	a93e56c5	Matthew Grooms	}
312			if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
313	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("The P2 lifetime must be an integer.");
314	a93e56c5	Matthew Grooms	}
315
316			if (!$input_errors) {
317	3462a529	Matthew Grooms
318	9b915686	Ermal	$ph2ent = array();
319	3462a529	Matthew Grooms	$ph2ent['ikeid'] = $pconfig['ikeid'];
320	9b915686	Ermal	$ph2ent['uniqid'] = $pconfig['uniqid'];
321	4b96b367	mgrooms	$ph2ent['mode'] = $pconfig['mode'];
322	3462a529	Matthew Grooms	$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
323
324	3795d067	Seth Mos	if(($ph2ent['mode'] == "tunnel") \|\| ($ph2ent['mode'] == "tunnel6")){
325	72dd4f07	Ermal	if (!empty($pconfig['natlocalid_address']))
326	3c107b76	Ermal	$ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal",$pconfig);
327	4b96b367	mgrooms	$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
328			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
329			}
330	3462a529	Matthew Grooms
331			$ph2ent['protocol'] = $pconfig['proto'];
332	a93e56c5	Matthew Grooms	$ph2ent['encryption-algorithm-option'] = $ealgos;
333	c650b2f7	Ermal	if (!empty($pconfig['halgos']))
334			$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
335			else
336			unset($ph2ent['hash-algorithm-option']);
337	3462a529	Matthew Grooms	$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
338			$ph2ent['lifetime'] = $pconfig['lifetime'];
339	87e07f52	mgrooms	$ph2ent['pinghost'] = $pconfig['pinghost'];
340	3462a529	Matthew Grooms	$ph2ent['descr'] = $pconfig['descr'];
341
342			if (isset($pconfig['mobile']))
343			$ph2ent['mobile'] = true;
344	a93e56c5	Matthew Grooms
345	9b915686	Ermal	if ($ph2found === true && $a_phase2[$p2index])
346	a93e56c5	Matthew Grooms	$a_phase2[$p2index] = $ph2ent;
347			else
348			$a_phase2[] = $ph2ent;
349
350	e92fb875	Seth Mos
351	a93e56c5	Matthew Grooms	write_config();
352	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
353	a93e56c5	Matthew Grooms
354			header("Location: vpn_ipsec.php");
355			exit;
356			}
357			}
358
359	3462a529	Matthew Grooms	if ($pconfig['mobile'])
360	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
361	3462a529	Matthew Grooms	else
362	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
363	b32dd0a6	jim-p	$shortcut_section = "ipsec";
364	6deedfde	jim-p
365	3462a529	Matthew Grooms
366	a93e56c5	Matthew Grooms	include("head.inc");
367
368			?>
369
370			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
371			<?php include("fbegin.inc"); ?>
372	3a50eb39	Colin Fleming	<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
373	91f026b0	ayvis	<script type="text/javascript">
374	3a50eb39	Colin Fleming	//<![CDATA[
375	4b96b367	mgrooms
376			function change_mode() {
377			index = document.iform.mode.selectedIndex;
378			value = document.iform.mode.options[index].value;
379	3795d067	Seth Mos	if ((value == 'tunnel') \|\| (value == 'tunnel6')) {
380	4b96b367	mgrooms	document.getElementById('opt_localid').style.display = '';
381	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
382	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = '';
383	71880c96	pierrepomes	<?php endif; ?>
384	4b96b367	mgrooms	} else {
385			document.getElementById('opt_localid').style.display = 'none';
386	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
387	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = 'none';
388	71880c96	pierrepomes	<?php endif; ?>
389	4b96b367	mgrooms	}
390			}
391
392	3c107b76	Ermal	function typesel_change_natlocal(bits) {
393			var value = document.iform.mode.options[index].value;
394			if (typeof(bits) === "undefined") {
395			if (value === "tunnel") {
396			bits = 24;
397			}
398			else if (value === "tunnel6") {
399			bits = 64;
400			}
401			}
402			var address_is_blank = !/\S/.test(document.iform.natlocalid_address.value);
403			switch (document.iform.natlocalid_type.selectedIndex) {
404			case 0: /* single */
405			document.iform.natlocalid_address.disabled = 0;
406			if (address_is_blank) {
407			document.iform.natlocalid_netbits.value = 0;
408			}
409			document.iform.natlocalid_netbits.disabled = 1;
410			break;
411			case 1: /* network */
412			document.iform.natlocalid_address.disabled = 0;
413			if (address_is_blank) {
414			document.iform.natlocalid_netbits.value = bits;
415			}
416			document.iform.natlocalid_netbits.disabled = 0;
417			break;
418			case 3: /* none */
419			document.iform.natlocalid_address.disabled = 1;
420			document.iform.natlocalid_netbits.disabled = 1;
421			break;
422			default:
423			document.iform.natlocalid_address.value = "";
424			document.iform.natlocalid_address.disabled = 1;
425			if (address_is_blank) {
426			document.iform.natlocalid_netbits.value = 0;
427			}
428			document.iform.natlocalid_netbits.disabled = 1;
429			break;
430			}
431			}
432
433	a93e56c5	Matthew Grooms	function typesel_change_local(bits) {
434	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
435			if (typeof(bits) === "undefined") {
436			if (value === "tunnel") {
437			bits = 24;
438			}
439			else if (value === "tunnel6") {
440			bits = 64;
441			}
442			}
443			var address_is_blank = !/\S/.test(document.iform.localid_address.value);
444	a93e56c5	Matthew Grooms	switch (document.iform.localid_type.selectedIndex) {
445			case 0: /* single */
446			document.iform.localid_address.disabled = 0;
447	c2feff64	Darren Embry	if (address_is_blank) {
448			document.iform.localid_netbits.value = 0;
449			}
450	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
451			break;
452			case 1: /* network */
453			document.iform.localid_address.disabled = 0;
454	c2feff64	Darren Embry	if (address_is_blank) {
455			document.iform.localid_netbits.value = bits;
456			}
457	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 0;
458			break;
459	63017a73	Ermal Lu?i	case 3: /* none */
460			document.iform.localid_address.disabled = 1;
461			document.iform.localid_netbits.disabled = 1;
462			break;
463	a93e56c5	Matthew Grooms	default:
464			document.iform.localid_address.value = "";
465			document.iform.localid_address.disabled = 1;
466	c2feff64	Darren Embry	if (address_is_blank) {
467			document.iform.localid_netbits.value = 0;
468			}
469	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
470			break;
471			}
472			}
473	3462a529	Matthew Grooms
474	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
475	3462a529	Matthew Grooms
476	a93e56c5	Matthew Grooms	function typesel_change_remote(bits) {
477	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
478			if (typeof(bits) === "undefined") {
479			if (value === "tunnel") {
480			bits = 24;
481			}
482			else if (value === "tunnel6") {
483			bits = 64;
484			}
485			}
486			var address_is_blank = !/\S/.test(document.iform.remoteid_address.value);
487	a93e56c5	Matthew Grooms	switch (document.iform.remoteid_type.selectedIndex) {
488			case 0: /* single */
489			document.iform.remoteid_address.disabled = 0;
490	c2feff64	Darren Embry	if (address_is_blank) {
491			document.iform.remoteid_netbits.value = 0;
492			}
493	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
494			break;
495			case 1: /* network */
496			document.iform.remoteid_address.disabled = 0;
497	c2feff64	Darren Embry	if (address_is_blank) {
498			document.iform.remoteid_netbits.value = bits;
499			}
500	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 0;
501			break;
502			default:
503			document.iform.remoteid_address.value = "";
504			document.iform.remoteid_address.disabled = 1;
505	c2feff64	Darren Embry	if (address_is_blank) {
506			document.iform.remoteid_netbits.value = 0;
507			}
508	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
509			break;
510			}
511			}
512	3462a529	Matthew Grooms
513			<?php endif; ?>
514
515	4b96b367	mgrooms	function change_protocol() {
516	87e07f52	mgrooms	index = document.iform.proto.selectedIndex;
517			value = document.iform.proto.options[index].value;
518			if (value == 'esp')
519			document.getElementById('opt_enc').style.display = '';
520			else
521			document.getElementById('opt_enc').style.display = 'none';
522			}
523
524	3a50eb39	Colin Fleming	//]]>
525	a93e56c5	Matthew Grooms	</script>
526	5a3b0d3b	mgrooms
527			<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
528
529			<?php
530			if ($input_errors)
531			print_input_errors($input_errors);
532			?>
533
534	3a50eb39	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-2">
535	5a3b0d3b	mgrooms	<tr class="tabnavtbl">
536			<td id="tabnav">
537			<?php
538			$tab_array = array();
539	123929e0	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
540			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
541	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
542	71172088	jim-p	$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
543	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
544			?>
545			</td>
546			</tr>
547			<tr>
548			<td id="mainarea">
549			<div class="tabcont">
550	3a50eb39	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
551	5a3b0d3b	mgrooms	<tr>
552	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
553	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
554	3a50eb39	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
555	123929e0	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase2 entry"); ?></strong>
556	8cd558b6	ayvis	<br />
557	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
558			"removing it from the list"); ?>.
559	5a3b0d3b	mgrooms	</span>
560			</td>
561			</tr>
562			<tr>
563	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
564	4b96b367	mgrooms	<td width="78%" class="vtable">
565	3a50eb39	Colin Fleming	<select name="mode" class="formselect" onchange="change_mode()">
566	4b96b367	mgrooms	<?php
567			foreach($p2_modes as $name => $value):
568			$selected = "";
569			if ($name == $pconfig['mode'])
570	3a50eb39	Colin Fleming	$selected = "selected=\"selected\"";
571	4b96b367	mgrooms	?>
572			<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
573			<?php endforeach; ?>
574			</select>
575			</td>
576			</tr>
577			<tr id="opt_localid">
578	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
579	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
580	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="local network">
581	5a3b0d3b	mgrooms	<tr>
582	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
583	5a3b0d3b	mgrooms	<td></td>
584			<td>
585	3a50eb39	Colin Fleming	<select name="localid_type" class="formselect" onchange="typesel_change_local()">
586			<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected=\"selected\"";?>><?=gettext("Address"); ?></option>
587			<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected=\"selected\"";?>><?=gettext("Network"); ?></option>
588	d48dbceb	Erik Fonnesbeck	<?php
589			$iflist = get_configured_interface_with_descr();
590			foreach ($iflist as $ifname => $ifdescr):
591			?>
592	3a50eb39	Colin Fleming	<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected=\"selected\"";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
593	d48dbceb	Erik Fonnesbeck	<?php endforeach; ?>
594	5a3b0d3b	mgrooms	</select>
595			</td>
596			</tr>
597			<tr>
598	11c160b0	Rafael Lucas	<td><?=gettext("Address:");?>  </td>
599	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
600			<td>
601	3a50eb39	Colin Fleming	<input name="localid_address" type="text" class="formfld unknown ipv4v6" id="localid_address" size="28" value="<?=htmlspecialchars($pconfig['localid_address']);?>" />
602	5a3b0d3b	mgrooms	/
603	6255beda	Darren Embry	<select name="localid_netbits" class="formselect ipv4v6" id="localid_netbits">
604	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--): ?>
605	3a50eb39	Colin Fleming	<option value="<?=$i;?>" <?php if (isset($pconfig['localid_netbits']) && $i == $pconfig['localid_netbits']) echo "selected=\"selected\""; ?>>
606	5a3b0d3b	mgrooms	<?=$i;?>
607			</option>
608			<?php endfor; ?>
609			</select>
610			</td>
611			</tr>
612	3c107b76	Ermal	<tr> <td colspan="3">
613	8cd558b6	ayvis	<br />
614	3c107b76	Ermal	<?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?>
615			</td></tr>
616			<tr>
617			<td><?=gettext("Type"); ?>:  </td>
618			<td></td>
619			<td>
620	3a50eb39	Colin Fleming	<select name="natlocalid_type" class="formselect" onchange="typesel_change_natlocal()">
621			<option value="address" <?php if ($pconfig['natlocalid_type'] == "address") echo "selected=\"selected\"";?>><?=gettext("Address"); ?></option>
622			<option value="network" <?php if ($pconfig['natlocalid_type'] == "network") echo "selected=\"selected\"";?>><?=gettext("Network"); ?></option>
623	3c107b76	Ermal	<?php
624			$iflist = get_configured_interface_with_descr();
625			foreach ($iflist as $ifname => $ifdescr):
626			?>
627	3a50eb39	Colin Fleming	<option value="<?=$ifname; ?>" <?php if ($pconfig['natlocalid_type'] == $ifname ) echo "selected=\"selected\"";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
628	3c107b76	Ermal	<?php endforeach; ?>
629	3a50eb39	Colin Fleming	<option value="none" <?php if (empty($pconfig['natlocalid_type']) \|\| $pconfig['natlocalid_type'] == "none" ) echo "selected=\"selected\"";?>><?=gettext("None"); ?></option>
630	3c107b76	Ermal	</select>
631			</td>
632			</tr>
633			<tr>
634			<td><?=gettext("Address:");?>  </td>
635			<td><?=$mandfldhtmlspc;?></td>
636			<td>
637	3a50eb39	Colin Fleming	<input name="natlocalid_address" type="text" class="formfld unknown ipv4v6" id="natlocalid_address" size="28" value="<?=htmlspecialchars($pconfig['natlocalid_address']);?>" />
638	3c107b76	Ermal	/
639			<select name="natlocalid_netbits" class="formselect ipv4v6" id="natlocalid_netbits">
640			<?php for ($i = 128; $i >= 0; $i--): ?>
641	3a50eb39	Colin Fleming	<option value="<?=$i;?>" <?php if (isset($pconfig['natlocalid_netbits']) && $i == $pconfig['natlocalid_netbits']) echo "selected=\"selected\""; ?>>
642	3c107b76	Ermal	<?=$i;?>
643			</option>
644			<?php endfor; ?>
645			</select>
646			</td>
647			</tr>
648	5a3b0d3b	mgrooms	</table>
649			</td>
650			</tr>
651
652			<?php if (!isset($pconfig['mobile'])): ?>
653
654	4b96b367	mgrooms	<tr id="opt_remoteid">
655	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
656	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
657	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="remote network">
658	5a3b0d3b	mgrooms	<tr>
659	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
660	5a3b0d3b	mgrooms	<td></td>
661			<td>
662	3a50eb39	Colin Fleming	<select name="remoteid_type" class="formselect" onchange="typesel_change_remote()">
663			<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected=\"selected\""; ?>><?=gettext("Address"); ?></option>
664			<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
665	5a3b0d3b	mgrooms	</select>
666			</td>
667			</tr>
668			<tr>
669	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Address"); ?>:  </td>
670	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
671			<td>
672	3a50eb39	Colin Fleming	<input name="remoteid_address" type="text" class="formfld unknown ipv4v6" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>" />
673	5a3b0d3b	mgrooms	/
674	6255beda	Darren Embry	<select name="remoteid_netbits" class="formselect ipv4v6" id="remoteid_netbits">
675	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--) {
676	184d50b5	Ermal Lu?i
677			echo "<option value=\"{$i}\"";
678	3a50eb39	Colin Fleming	if (isset($pconfig['remoteid_netbits']) && $i == $pconfig['remoteid_netbits']) echo " selected=\"selected\"";
679	184d50b5	Ermal Lu?i	echo ">{$i}</option>\n";
680			} ?>
681	5a3b0d3b	mgrooms	</select>
682			</td>
683			</tr>
684			</table>
685	a93e56c5	Matthew Grooms	</td>
686	5a3b0d3b	mgrooms	</tr>
687
688	3462a529	Matthew Grooms	<?php endif; ?>
689	5a3b0d3b	mgrooms
690			<tr>
691	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
692	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
693	3a50eb39	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
694	8cd558b6	ayvis	<br />
695	5a3b0d3b	mgrooms	<span class="vexpl">
696	123929e0	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
697			"for your reference (not parsed)"); ?>.
698	5a3b0d3b	mgrooms	</span>
699			</td>
700			</tr>
701			<tr>
702			<td colspan="2" class="list" height="12"></td>
703			</tr>
704			<tr>
705			<td colspan="2" valign="top" class="listtopic">
706	123929e0	Carlos Eduardo Ramos	<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
707	5a3b0d3b	mgrooms	</td>
708			</tr>
709			<tr>
710	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
711	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
712	3a50eb39	Colin Fleming	<select name="proto" class="formselect" onchange="change_protocol()">
713	5a3b0d3b	mgrooms	<?php foreach ($p2_protos as $proto => $protoname): ?>
714	3a50eb39	Colin Fleming	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected=\"selected\""; ?>>
715	5a3b0d3b	mgrooms	<?=htmlspecialchars($protoname);?>
716			</option>
717			<?php endforeach; ?>
718			</select>
719	8cd558b6	ayvis	<br />
720	5a3b0d3b	mgrooms	<span class="vexpl">
721	123929e0	Carlos Eduardo Ramos	<?=gettext("ESP is encryption, AH is authentication only"); ?>
722	5a3b0d3b	mgrooms	</span>
723			</td>
724			</tr>
725	87e07f52	mgrooms	<tr id="opt_enc">
726	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
727	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
728	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="encryption">
729	5a3b0d3b	mgrooms	<?php
730			foreach ($p2_ealgos as $algo => $algodata):
731			$checked = '';
732	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos']) && in_array($algo,$pconfig['ealgos']))
733	3a50eb39	Colin Fleming	$checked = " checked=\"checked\"";
734	5a3b0d3b	mgrooms	?>
735			<tr>
736			<td>
737	3a50eb39	Colin Fleming	<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?> />
738	5a3b0d3b	mgrooms	</td>
739			<td>
740			<?=htmlspecialchars($algodata['name']);?>
741			</td>
742			<td>
743			<?php if(is_array($algodata['keysel'])): ?>
744
745			<select name="keylen_<?=$algo;?>" class="formselect">
746	123929e0	Carlos Eduardo Ramos	<option value="auto"><?=gettext("auto"); ?></option>
747	5a3b0d3b	mgrooms	<?php
748			$key_hi = $algodata['keysel']['hi'];
749			$key_lo = $algodata['keysel']['lo'];
750			$key_step = $algodata['keysel']['step'];
751			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
752	3a50eb39	Colin Fleming	$selected = "";
753	5a3b0d3b	mgrooms	// if ($checked && in_array("keylen_".$algo,$pconfig))
754			if ($keylen == $pconfig["keylen_".$algo])
755	3a50eb39	Colin Fleming	$selected = " selected=\"selected\"";
756	5a3b0d3b	mgrooms	?>
757	123929e0	Carlos Eduardo Ramos	<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
758	5a3b0d3b	mgrooms	<?php endfor; ?>
759			</select>
760			<?php endif; ?>
761			</td>
762			</tr>
763
764			<?php endforeach; ?>
765
766			</table>
767	8cd558b6	ayvis	<br />
768	123929e0	Carlos Eduardo Ramos	<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
769			"crypto accelerator card. Blowfish is usually the fastest in " .
770			"software encryption"); ?>.
771	5a3b0d3b	mgrooms	</td>
772			</tr>
773			<tr>
774	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
775	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
776			<?php foreach ($p2_halgos as $algo => $algoname): ?>
777	3a50eb39	Colin Fleming	<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked=\"checked\""; ?> />
778	5a3b0d3b	mgrooms	<?=htmlspecialchars($algoname);?>
779	8cd558b6	ayvis	<br />
780	5a3b0d3b	mgrooms	<?php endforeach; ?>
781			</td>
782			</tr>
783			<tr>
784	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
785	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
786			<?php if (!isset($pconfig['mobile']) \|\| !isset($a_client['pfs_group'])): ?>
787			<select name="pfsgroup" class="formselect">
788			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
789	3a50eb39	Colin Fleming	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected=\"selected\""; ?>>
790	5a3b0d3b	mgrooms	<?=htmlspecialchars($keygroupname);?>
791			</option>
792			<?php endforeach; ?>
793			</select>
794	8cd558b6	ayvis	<br />
795	5a3b0d3b	mgrooms	<?php else: ?>
796
797	3a50eb39	Colin Fleming	<select class="formselect" disabled="disabled">
798			<option selected="selected"><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
799	5a3b0d3b	mgrooms	</select>
800	3a50eb39	Colin Fleming	<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>" />
801	8cd558b6	ayvis	<br />
802	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
803	5a3b0d3b	mgrooms	<?php endif; ?>
804			</td>
805			</tr>
806			<tr>
807	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
808	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
809	3a50eb39	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />
810	123929e0	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
811	5a3b0d3b	mgrooms	</td>
812			</tr>
813	87e07f52	mgrooms	<tr>
814			<td colspan="2" class="list" height="12"></td>
815			</tr>
816			<tr>
817	123929e0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
818	87e07f52	mgrooms	</tr>
819			<tr>
820	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
821	87e07f52	mgrooms	<td width="78%" class="vtable">
822	3a50eb39	Colin Fleming	<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="28" value="<?=htmlspecialchars($pconfig['pinghost']);?>" />
823	123929e0	Carlos Eduardo Ramos	<?=gettext("IP address"); ?>
824	87e07f52	mgrooms	</td>
825			</tr>
826	5a3b0d3b	mgrooms	<tr>
827			<td width="22%" valign="top"> </td>
828			<td width="78%">
829			<?php if ($pconfig['mobile']): ?>
830	3a50eb39	Colin Fleming	<input name="mobile" type="hidden" value="true" />
831			<input name="remoteid_type" type="hidden" value="mobile" />
832	5a3b0d3b	mgrooms	<?php endif; ?>
833	3a50eb39	Colin Fleming	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
834			<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" />
835	9b915686	Ermal	<input name="uniqid" type="hidden" value="<?=htmlspecialchars($pconfig['uniqid']);?>" />
836	5a3b0d3b	mgrooms	</td>
837			</tr>
838			</table>
839			</div>
840			</td>
841			</tr>
842			</table>
843	a93e56c5	Matthew Grooms	</form>
844	3a50eb39	Colin Fleming	<script type="text/javascript">
845			//<![CDATA[
846	dd5bf424	Scott Ullrich	change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
847			change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
848			typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
849	3c107b76	Ermal	typesel_change_natlocal(<?=htmlspecialchars($pconfig['natlocalid_netbits'])?>);
850	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
851	dd5bf424	Scott Ullrich	typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
852	71880c96	pierrepomes	<?php endif; ?>
853	3a50eb39	Colin Fleming	//]]>
854	a93e56c5	Matthew Grooms	</script>
855			<?php include("fend.inc"); ?>
856	3462a529	Matthew Grooms	</body>
857			</html>
858	a93e56c5	Matthew Grooms
859			<?php
860
861	3462a529	Matthew Grooms	/* local utility functions */
862
863	a93e56c5	Matthew Grooms	function pconfig_to_ealgos(& $pconfig) {
864			global $p2_ealgos;
865
866			$ealgos = array();
867	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos'])) {
868			foreach ($p2_ealgos as $algo_name => $algo_data) {
869			if (in_array($algo_name,$pconfig['ealgos'])) {
870			$ealg = array();
871			$ealg['name'] = $algo_name;
872			if (is_array($algo_data['keysel']))
873			$ealg['keylen'] = $_POST["keylen_".$algo_name];
874			$ealgos[] = $ealg;
875			}
876	a93e56c5	Matthew Grooms	}
877			}
878
879			return $ealgos;
880			}
881
882			function ealgos_to_pconfig(& $ealgos,& $pconfig) {
883
884			$pconfig['ealgos'] = array();
885			foreach ($ealgos as $algo_data) {
886			$pconfig['ealgos'][] = $algo_data['name'];
887			if (isset($algo_data['keylen']))
888			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
889			}
890
891			return $ealgos;
892			}
893
894			function pconfig_to_idinfo($prefix,& $pconfig) {
895
896			$type = $pconfig[$prefix."id_type"];
897			$address = $pconfig[$prefix."id_address"];
898			$netbits = $pconfig[$prefix."id_netbits"];
899
900			switch( $type )
901			{
902			case "address":
903			return array('type' => $type, 'address' => $address);
904			case "network":
905			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
906			default:
907			return array('type' => $type );
908			}
909			}
910
911			function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
912
913			switch( $idinfo['type'] )
914			{
915			case "address":
916			$pconfig[$prefix."id_type"] = $idinfo['type'];
917			$pconfig[$prefix."id_address"] = $idinfo['address'];
918			break;
919			case "network":
920			$pconfig[$prefix."id_type"] = $idinfo['type'];
921			$pconfig[$prefix."id_address"] = $idinfo['address'];
922			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
923			break;
924			default:
925			$pconfig[$prefix."id_type"] = $idinfo['type'];
926			break;
927			}
928			}
929
930			?>

Project

General

Profile

pfSense