/usr/local/www/vpn_ipsec.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec.php @ ee91ae30

1	5b237745	Scott Ullrich	<?php
2			/*
3			vpn_ipsec.php
4	e2411886	Scott Ullrich	part of m0n0wall (http://m0n0.ch/wall)
5	574a2b47	Scott Ullrich
6	e2411886	Scott Ullrich	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
7	a93e56c5	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc
8	cfc707f7	Scott Ullrich	All rights reserved.
9	574a2b47	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	574a2b47	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	574a2b47	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	574a2b47	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec
34			##\|*NAME=VPN: IPsec page
35			##\|*DESCR=Allow access to the 'VPN: IPsec' page.
36			##\|MATCH=vpn_ipsec.php
37			##\|-PRIV
38
39	5b237745	Scott Ullrich	require("guiconfig.inc");
40	7a927e67	Scott Ullrich	require_once("functions.inc");
41			require_once("filter.inc");
42			require_once("shaper.inc");
43	483e6de8	Scott Ullrich	require_once("ipsec.inc");
44			require_once("vpn.inc");
45	5b237745	Scott Ullrich
46	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase1']))
47			$config['ipsec']['phase1'] = array();
48
49			if (!is_array($config['ipsec']['phase2']))
50			$config['ipsec']['phase2'] = array();
51
52			$a_phase1 = &$config['ipsec']['phase1'];
53			$a_phase2 = &$config['ipsec']['phase2'];
54
55	e2411886	Scott Ullrich	$wancfg = &$config['interfaces']['wan'];
56	5b237745	Scott Ullrich
57			$pconfig['enable'] = isset($config['ipsec']['enable']);
58
59			if ($_POST) {
60
61			if ($_POST['apply']) {
62			$retval = 0;
63	647c7c48	Seth Mos	$retval = vpn_ipsec_refresh_policies();
64	3851094f	Scott Ullrich	$retval = vpn_ipsec_configure();
65	04b46591	Ermal Lu?i	/* reload the filter in the background */
66			filter_configure();
67	5b237745	Scott Ullrich	$savemsg = get_std_save_message($retval);
68			if ($retval == 0) {
69	a368a026	Ermal Lu?i	if (is_subsystem_dirty('ipsec'))
70			clear_subsystem_dirty('ipsec');
71	5b237745	Scott Ullrich	}
72			} else if ($_POST['submit']) {
73			$pconfig = $_POST;
74	574a2b47	Scott Ullrich
75	5b237745	Scott Ullrich	$config['ipsec']['enable'] = $_POST['enable'] ? true : false;
76	c20acc35	Scott Ullrich
77	42f4bbd9	Ermal	$retval = vpn_ipsec_configure();
78	5b237745	Scott Ullrich	write_config();
79			}
80			}
81
82	a93e56c5	Matthew Grooms	if ($_GET['act'] == "delph1")
83			{
84			if ($a_phase1[$_GET['p1index']]) {
85	6de5d673	Seth Mos	/* remove static route if interface is not WAN */
86	99bbd213	Matthew Grooms	if ($a_phase1[$_GET['p1index']]['interface'] <> "wan")
87	fbc8af8f	sullrich	mwexec("/sbin/route delete -host {$a_phase1[$_GET['p1index']]['remote-gateway']}");
88	a93e56c5	Matthew Grooms
89			/* remove all phase2 entries that match the ikeid */
90			$ikeid = $a_phase1[$_GET['p1index']]['ikeid'];
91	99bbd213	Matthew Grooms	foreach ($a_phase2 as $p2index => $ph2tmp)
92			if ($ph2tmp['ikeid'] == $ikeid)
93	a93e56c5	Matthew Grooms	unset($a_phase2[$p2index]);
94
95			/* remove the phase1 entry */
96			unset($a_phase1[$_GET['p1index']]);
97	647c7c48	Seth Mos	vpn_ipsec_refresh_policies();
98			vpn_ipsec_configure();
99	a93e56c5	Matthew Grooms	write_config();
100	72bd8df5	Ermal Lu?i	filter_configure();
101	a93e56c5	Matthew Grooms	header("Location: vpn_ipsec.php");
102			exit;
103			}
104			}
105
106			if ($_GET['act'] == "delph2")
107			{
108			if ($a_phase2[$_GET['p2index']]) {
109			/* remove the phase2 entry */
110			unset($a_phase2[$_GET['p2index']]);
111	647c7c48	Seth Mos	vpn_ipsec_refresh_policies();
112			vpn_ipsec_configure();
113	3fdb04a6	Scott Ullrich	filter_configure();
114	5b237745	Scott Ullrich	write_config();
115			header("Location: vpn_ipsec.php");
116			exit;
117			}
118			}
119	4df96eff	Scott Ullrich
120	d88c6a9f	Scott Ullrich	$pgtitle = array("VPN","IPsec");
121	6deedfde	jim-p	$statusurl = "diag_ipsec.php";
122			$logurl = "diag_logs_ipsec.php";
123
124	4df96eff	Scott Ullrich	include("head.inc");
125
126	53d4b84d	Scott Ullrich	?>
127	422f27c0	Scott Ullrich
128			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
129	5b237745	Scott Ullrich	<?php include("fbegin.inc"); ?>
130			<form action="vpn_ipsec.php" method="post">
131	323d040b	Scott Ullrich	<?php
132	a93e56c5	Matthew Grooms	if ($savemsg)
133			print_info_box($savemsg);
134	a368a026	Ermal Lu?i	if ($pconfig['enable'] && is_subsystem_dirty('ipsec'))
135	a93e56c5	Matthew Grooms	print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect.");
136	574a2b47	Scott Ullrich	?>
137	a93e56c5	Matthew Grooms	<table width="100%" border="0" cellpadding="0" cellspacing="0">
138			<tr>
139			<td class="tabnavtbl">
140			<?php
141			$tab_array = array();
142			$tab_array[0] = array("Tunnels", true, "vpn_ipsec.php");
143	3462a529	Matthew Grooms	$tab_array[1] = array("Mobile clients", false, "vpn_ipsec_mobile.php");
144	6894b25a	jim-p	$tab_array[2] = array("Pre-shared keys", false, "vpn_ipsec_keys.php");
145	a93e56c5	Matthew Grooms	display_top_tabs($tab_array);
146			?>
147			</td>
148			</tr>
149			<tr>
150			<td>
151			<div id="mainarea">
152			<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
153			<tr>
154			<td class="vtable">
155	667725ce	Matthew Grooms	<table border="0" cellspacing="2" cellpadding="0">
156			<tr>
157			<td>
158			<input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked";?>>
159			</td>
160			<td>
161			<strong>Enable IPsec</strong>
162			</td>
163			</tr>
164			</table>
165	a93e56c5	Matthew Grooms	</td>
166			</tr>
167			<tr>
168			<td>
169			<input name="submit" type="submit" class="formbtn" value="Save">
170			</td>
171			</tr>
172			</table>
173			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
174	5bba8dfb	Scott Ullrich	<?php
175			$i = 0;
176			foreach ($a_phase1 as $ph1ent) {
177			if (isset( $ph1ent['disabled'])) {
178			$spans = "<span class=\"gray\">";
179			$spane = "</span>";
180			}
181			else
182			$spans = $spane = "";
183	96162327	Scott Ullrich
184			show_ipsec_header($ph1ent);
185	4494cf6a	Chris Buechler	$counter++; // used to determine if we need to output header manually (no records exist)
186	96162327	Scott Ullrich	?>
187	a0d4c5da	Matthew Grooms	<tr valign="top" ondblclick="document.location='vpn_ipsec_phase1.php?p1index=<?=$i;?>'">
188			<td class="listlr">
189	a93e56c5	Matthew Grooms	<?=$spans;?>
190			<?php
191			if ($ph1ent['interface']) {
192			$iflabels = get_configured_interface_with_descr();
193	abcb2bed	Ermal Lu?i	$carplist = get_configured_carp_interface_list();
194			foreach ($carplist as $cif => $carpip)
195			$iflabels[$cif] = strtoupper($cif) . " ({$carpip})";
196	a93e56c5	Matthew Grooms	$if = htmlspecialchars($iflabels[$ph1ent['interface']]);
197			}
198			else
199			$if = "WAN";
200
201	3462a529	Matthew Grooms	if (!isset($ph1ent['mobile']))
202			echo $if."<br>".$ph1ent['remote-gateway'];
203			else
204			echo $if."<br><strong>Mobile Client</strong>";
205	a93e56c5	Matthew Grooms	?>
206			<?=$spane;?>
207			</td>
208	a0d4c5da	Matthew Grooms	<td class="listr">
209	a93e56c5	Matthew Grooms	<?=$spans;?>
210			<?=$ph1ent['mode'];?>
211			<?=$spane;?>
212			</td>
213	a0d4c5da	Matthew Grooms	<td class="listr">
214	a93e56c5	Matthew Grooms	<?=$spans;?>
215			<?=$p1_ealgos[$ph1ent['encryption-algorithm']['name']]['name'];?>
216			<?php
217			if ($ph1ent['encryption-algorithm']['keylen']) {
218			if ($ph1ent['encryption-algorithm']['keylen']=="auto")
219			echo " (auto)";
220			else
221			echo " ({$ph1ent['encryption-algorithm']['keylen']} bits)";
222			}
223			?>
224			<?=$spane;?>
225			</td>
226	a0d4c5da	Matthew Grooms	<td class="listr">
227	a93e56c5	Matthew Grooms	<?=$spans;?>
228			<?=$p1_halgos[$ph1ent['hash-algorithm']];?>
229			<?=$spane;?>
230			</td>
231	b9056c39	Scott Ullrich	<td class="listbg">
232	a93e56c5	Matthew Grooms	<?=$spans;?>
233	b9056c39	Scott Ullrich	<?=htmlspecialchars($ph1ent['descr']);?>
234	a93e56c5	Matthew Grooms	<?=$spane;?>
235			</td>
236			<td valign="middle" nowrap class="list">
237			<table border="0" cellspacing="0" cellpadding="1">
238			<tr>
239			<td>
240			<a href="vpn_ipsec_phase1.php?p1index=<?=$i;?>">
241			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit phase1 entry" width="17" height="17" border="0">
242			</a>
243			</td>
244			<td>
245			<a href="vpn_ipsec.php?act=delph1&p1index=<?=$i;?>" onclick="return confirm('Do you really want to delete this phase1 and all associated phase2 entries?')">
246			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete phase1 entry" width="17" height="17" border="0">
247			</a>
248			</td>
249			</tr>
250	fce61eda	Matthew Grooms	<?php if (!isset($ph1ent['mobile'])): ?>
251	a93e56c5	Matthew Grooms	<tr>
252			<td>
253			</td>
254			<td>
255			<a href="vpn_ipsec_phase1.php?dup=<?=$i;?>">
256			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="copy phase1 entry" width="17" height="17" border="0">
257			</a>
258			</td>
259			</tr>
260	fce61eda	Matthew Grooms	<?php endif; ?>
261	a93e56c5	Matthew Grooms	</table>
262			</td>
263			</tr>
264			<tr>
265	abd378bf	Scott Ullrich	<td class="listrborder" colspan="5">
266	0a95b653	Scott Ullrich	<div id="shph2but-<?=$i?>">
267	e1b74950	Scott Ullrich	<?php
268			$phase2count=0;
269	b2a189a8	Scott Ullrich	foreach ($a_phase2 as $ph2ent) {
270	c82c89ac	Scott Ullrich	if ($ph2ent['ikeid'] != $ph1ent['ikeid'])
271	b2a189a8	Scott Ullrich	continue;
272			if (isset( $ph2ent['disabled']) \|\| isset($ph1ent['disabled']))
273			continue;
274	e1b74950	Scott Ullrich	$phase2count++;
275	b2a189a8	Scott Ullrich	}
276	e1b74950	Scott Ullrich	?>
277			<input type="button" onClick="show_phase2('tdph2-<?=$i?>','shph2but-<?=$i?>')" value="+"></input> - Show <?=$phase2count?> Phase-2 entries</a>
278	0a95b653	Scott Ullrich	</div>
279			<table class="tabcont" width="100%" height="100%" border="0" cellspacing="0" cellpadding="0" id="tdph2-<?=$i?>" style="display:none">
280	a93e56c5	Matthew Grooms	<tr>
281	4b96b367	mgrooms	<td class="listhdrr">Mode</td>
282			<?php if($ph2ent['mode'] == "tunnel"): ?>
283	fabd8cdb	Seth Mos	<td class="listhdrr">Local Subnet</td>
284			<td class="listhdrr">Remote Subnet</td>
285	4b96b367	mgrooms	<?php endif; ?>
286	fabd8cdb	Seth Mos	<td class="listhdrr">P2 Protocol</td>
287			<td class="listhdrr">P2 Transforms</td>
288			<td class="listhdrr">P2 Auth Methods</td>
289	a93e56c5	Matthew Grooms	<td class ="list">
290	3462a529	Matthew Grooms	<a href="vpn_ipsec_phase2.php?ikeid=<?=$ph1ent['ikeid'];?><?php if (isset($ph1ent['mobile'])) echo "&mobile=true";?>">
291	a93e56c5	Matthew Grooms	<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add phase2 entry" width="17" height="17" border="0">
292			</a>
293			</td>
294			</tr>
295			<?php
296			$j = 0;
297			foreach ($a_phase2 as $ph2ent) {
298			if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
299			$j++;
300			continue;
301			}
302
303			if (isset( $ph2ent['disabled']) \|\| isset($ph1ent['disabled'])) {
304			$spans = "<span class=\"gray\">";
305			$spane = "</span>";
306			}
307			else
308			$spans = $spane = "";
309			?>
310	4da0e32a	Seth Mos	<tr valign="top" ondblclick="document.location='vpn_ipsec_phase2.php?p2index=<?=$j;?>'">
311	3462a529	Matthew Grooms
312	a0d4c5da	Matthew Grooms	<td nowrap class="listlr">
313	4b96b367	mgrooms	<?=$spans;?>
314			<?=$ph2ent['mode'];?>
315			<?=$spane;?>
316			</td>
317	c443bb14	Scott Ullrich	<?php
318			if($ph2ent['mode'] <> "tunnel") {
319			echo "<td nowrap class=\"listr\"> </td><td nowrap class=\"listr\"> </td>";
320			}
321			?>
322	4b96b367	mgrooms	<?php if($ph2ent['mode'] == "tunnel"): ?>
323			<td nowrap class="listr">
324	a93e56c5	Matthew Grooms	<?=$spans;?>
325	3462a529	Matthew Grooms	<?=ipsec_idinfo_to_text($ph2ent['localid']); ?>
326	a93e56c5	Matthew Grooms	<?=$spane;?>
327			</td>
328	a0d4c5da	Matthew Grooms	<td nowrap class="listr">
329	a93e56c5	Matthew Grooms	<?=$spans;?>
330	3462a529	Matthew Grooms	<?=ipsec_idinfo_to_text($ph2ent['remoteid']); ?>
331	a93e56c5	Matthew Grooms	<?=$spane;?>
332			</td>
333	4b96b367	mgrooms	<?php endif; ?>
334	a0d4c5da	Matthew Grooms	<td nowrap class="listr">
335	a93e56c5	Matthew Grooms	<?=$spans;?>
336	3462a529	Matthew Grooms	<?php echo $p2_protos[$ph2ent['protocol']]; ?>
337	a93e56c5	Matthew Grooms	<?=$spane;?>
338			</td>
339	a0d4c5da	Matthew Grooms	<td class="listr">
340	a93e56c5	Matthew Grooms	<?=$spans;?>
341			<?php
342			$k = 0;
343			foreach ($ph2ent['encryption-algorithm-option'] as $ph2ea) {
344			if ($k++)
345			echo ", ";
346			echo $p2_ealgos[$ph2ea['name']]['name'];
347			if ($ph2ea['keylen']) {
348			if ($ph2ea['keylen']=="auto")
349			echo " (auto)";
350			else
351			echo " ({$ph2ea['keylen']} bits)";
352			}
353			}
354			?>
355			<?=$spane;?>
356			</td>
357	a0d4c5da	Matthew Grooms	<td nowrap class="listr">
358	a93e56c5	Matthew Grooms	<?=$spans;?>
359			<?php
360			$k = 0;
361			foreach ($ph2ent['hash-algorithm-option'] as $ph2ha) {
362			if ($k++)
363			echo ", ";
364			echo $p2_halgos[$ph2ha];
365			}
366			?>
367			<?=$spane;?>
368			</td>
369			<td nowrap class="list">
370			<a href="vpn_ipsec_phase2.php?p2index=<?=$j;?>">
371			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit phase2 entry" width="17" height="17" border="0">
372			</a>
373			<a href="vpn_ipsec.php?act=delph2&p2index=<?=$j;?>" onclick="return confirm('Do you really want to delete this phase2 entry?')">
374			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete phase2 entry" width="17" height="17" border="0">
375			</a>
376			</td>
377			</tr>
378	3462a529	Matthew Grooms
379	a93e56c5	Matthew Grooms	<?php
380			$j++;
381			}
382			?>
383			</table>
384			</td>
385			</tr>
386	0a95b653	Scott Ullrich	<tr>
387			<td>
388
389			</td>
390			</tr>
391	a93e56c5	Matthew Grooms	<?php
392			$i++;
393			}
394	96162327	Scott Ullrich	if(!$counter)
395	83221d3b	sullrich	show_ipsec_header($ph1ent);
396	5b237745	Scott Ullrich	?>
397	a93e56c5	Matthew Grooms	<tr>
398			<td class="list" colspan="5"></td>
399			<td class="list">
400			<table border="0" cellspacing="0" cellpadding="1">
401			<tr>
402			<td width="17"></td>
403			<td>
404			<a href="vpn_ipsec_phase1.php">
405			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add phase1 entry" width="17" height="17" border="0">
406			</a>
407			</td>
408			</tr>
409			</table>
410			<td>
411			</tr>
412			<tr>
413			<td colspan="4">
414			<p>
415			<span class="vexpl">
416			<span class="red">
417			<strong>Note:<br></strong>
418			</span>
419			You can check your IPsec status at <a href="diag_ipsec.php">Status:IPsec</a>.
420			</span>
421			</p>
422			</td>
423			</tr>
424			</table>
425			</div>
426			</td>
427	5b237745	Scott Ullrich	</tr>
428			</table>
429			</form>
430			<?php include("fend.inc"); ?>
431	0a95b653	Scott Ullrich	<script type="text/javascript">
432			function show_phase2(id, buttonid) {
433			document.getElementById(buttonid).innerHTML='';
434			aodiv = document.getElementById(id);
435			aodiv.style.display = "block";
436			}
437			</script>
438	323d040b	Scott Ullrich	</body>
439			</html>
440	96162327	Scott Ullrich
441			<?php
442
443	afcda0d0	sullrich	function show_ipsec_header($ph1ent) {
444			global $g;
445	83221d3b	sullrich	if (isset($ph1ent['mobile']))
446			$mobile = "&mobile=true";
447	96162327	Scott Ullrich	echo <<<EOF
448			<tr>
449	fabd8cdb	Seth Mos	<td class="listhdrr">Remote Gateway</td>
450			<td class="listhdrr">Mode</td>
451			<td class="listhdrr">P1 Protocol</td>
452			<td class="listhdrr">P1 Transforms</td>
453	87e07f52	mgrooms	<td class="listhdrr">P1 Description</td>
454	96162327	Scott Ullrich	<td class ="list">
455			</td>
456			</tr>
457
458			EOF;
459
460			}
461
462	04831121	Bill Marquette	?>

Project

General

Profile

pfSense