/usr/local/www/vpn_ipsec_phase2.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase2.php @ f49c41c5

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase2.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase2
34			##\|*NAME=VPN: IPsec: Edit Phase 2 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
36			##\|MATCH=vpn_ipsec_phase2.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44	3462a529	Matthew Grooms	if (!is_array($config['ipsec']['client']))
45			$config['ipsec']['client'] = array();
46
47			$a_client = &$config['ipsec']['client'];
48
49	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase2']))
50			$config['ipsec']['phase2'] = array();
51
52			$a_phase2 = &$config['ipsec']['phase2'];
53
54			$p2index = $_GET['p2index'];
55			if (isset($_POST['p2index']))
56			$p2index = $_POST['p2index'];
57
58			if (isset($_GET['dup']))
59			$p2index = $_GET['dup'];
60
61			if (isset($p2index) && $a_phase2[$p2index])
62			{
63			$pconfig['ikeid'] = $a_phase2[$p2index]['ikeid'];
64			$pconfig['disabled'] = isset($a_phase2[$p2index]['disabled']);
65	4b96b367	mgrooms	$pconfig['mode'] = $a_phase2[$p2index]['mode'];
66	a93e56c5	Matthew Grooms	$pconfig['descr'] = $a_phase2[$p2index]['descr'];
67	e92fb875	Seth Mos	$old_ph2ent = $a_phase2[$p2index];
68	a93e56c5	Matthew Grooms
69			idinfo_to_pconfig("local",$a_phase2[$p2index]['localid'],$pconfig);
70			idinfo_to_pconfig("remote",$a_phase2[$p2index]['remoteid'],$pconfig);
71
72			$pconfig['proto'] = $a_phase2[$p2index]['protocol'];
73			ealgos_to_pconfig($a_phase2[$p2index]['encryption-algorithm-option'],$pconfig);
74			$pconfig['halgos'] = $a_phase2[$p2index]['hash-algorithm-option'];
75			$pconfig['pfsgroup'] = $a_phase2[$p2index]['pfsgroup'];
76			$pconfig['lifetime'] = $a_phase2[$p2index]['lifetime'];
77	87e07f52	mgrooms	$pconfig['pinghost'] = $a_phase2[$p2index]['pinghost'];
78	3462a529	Matthew Grooms
79			if (isset($a_phase2[$p2index]['mobile']))
80			$pconfig['mobile'] = true;
81	a93e56c5	Matthew Grooms	}
82			else
83			{
84			$pconfig['ikeid'] = $_GET['ikeid'];
85
86			/* defaults */
87			$pconfig['localid_type'] = "lan";
88			$pconfig['remoteid_type'] = "network";
89			$pconfig['proto'] = "esp";
90			$pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes");
91			$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
92			$pconfig['pfsgroup'] = "0";
93			$pconfig['lifetime'] = "3600";
94	3462a529	Matthew Grooms
95			/* mobile client */
96			if($_GET['mobile'])
97			$pconfig['mobile']=true;
98	a93e56c5	Matthew Grooms	}
99
100			if (isset($_GET['dup']))
101			unset($p2index);
102
103			if ($_POST) {
104
105			unset($input_errors);
106			$pconfig = $_POST;
107
108			if (!isset( $_POST['ikeid']))
109	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid ikeid must be specified.");
110	a93e56c5	Matthew Grooms
111			/* input validation */
112	3462a529	Matthew Grooms	$reqdfields = explode(" ", "localid_type halgos");
113	123929e0	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Local network type"),gettext("P2 Hash Algorithms"));
114	3462a529	Matthew Grooms	if (!isset($pconfig['mobile'])){
115			$reqdfields[] = "remoteid_type";
116	123929e0	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote network type");
117	3462a529	Matthew Grooms	}
118	a93e56c5	Matthew Grooms
119			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
120
121	4b96b367	mgrooms	if($pconfig['mode'] == "tunnel")
122			{
123			switch ($pconfig['localid_type']) {
124			case "network":
125	184d50b5	Ermal Lu?i	if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) \|\| !is_numeric($pconfig['localid_netbits']))
126	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network bit count must be specified.");
127	4b96b367	mgrooms	case "address":
128			if (!$pconfig['localid_address'] \|\| !is_ipaddr($pconfig['localid_address']))
129	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network IP address must be specified.");
130	4b96b367	mgrooms	break;
131			}
132	a93e56c5	Matthew Grooms
133	4b96b367	mgrooms	switch ($pconfig['remoteid_type']) {
134			case "network":
135	184d50b5	Ermal Lu?i	if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) \|\| !is_numeric($pconfig['remoteid_netbits']))
136	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network bit count must be specified.");
137	4b96b367	mgrooms	case "address":
138			if (!$pconfig['remoteid_address'] \|\| !is_ipaddr($pconfig['remoteid_address']))
139	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network IP address must be specified.");
140	4b96b367	mgrooms	break;
141			}
142	a93e56c5	Matthew Grooms	}
143	538b6eb3	Evgeny Yurchenko	/* Validate enabled phase2's are not duplicates */
144	061f28bf	Evgeny Yurchenko	if (isset($pconfig['mobile'])){
145	538b6eb3	Evgeny Yurchenko	/* User is adding phase 2 for mobile phase1 */
146	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
147	061f28bf	Evgeny Yurchenko	if (isset($name['mobile'])){
148			/* check duplicate localids only for mobile clents */
149	3da5c50d	Evgeny Yurchenko	$localid_data = ipsec_idinfo_to_cidr($name['localid']);
150			$entered = array();
151			$entered['type'] = $pconfig['localid_type'];
152			if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
153			if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
154			$entered_localid_data = ipsec_idinfo_to_cidr($entered);
155	b717f1bc	Evgeny Yurchenko	if ($localid_data == $entered_localid_data){
156			if (!isset($pconfig['p2index'])){
157			/* adding new p2 entry */
158			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
159			break;
160			}else if ($pconfig['p2index'] != $key){
161			/* editing p2 and entered p2 networks match with different p2 for given p1 */
162			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
163			break;
164			}
165	061f28bf	Evgeny Yurchenko	}
166			}
167			}
168	538b6eb3	Evgeny Yurchenko	}else{
169			/* User is adding phase 2 for site-to-site phase1 */
170			$input_error = 0;
171	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
172	538b6eb3	Evgeny Yurchenko	if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){
173			/* check duplicate subnets only for given phase1 */
174	3da5c50d	Evgeny Yurchenko	$localid_data = ipsec_idinfo_to_cidr($name['localid']);
175			$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid']);
176			$entered_local = array();
177			$entered_local['type'] = $pconfig['localid_type'];
178			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
179			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
180			$entered_localid_data = ipsec_idinfo_to_cidr($entered_local);
181			$entered_remote = array();
182			$entered_remote['type'] = $pconfig['remoteid_type'];
183			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
184			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
185			$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote);
186			if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
187	b717f1bc	Evgeny Yurchenko	if (!isset($pconfig['p2index'])){
188			/* adding new p2 entry */
189			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
190			break;
191			}else if ($pconfig['p2index'] != $key){
192			/* editing p2 and entered p2 networks match with different p2 for given p1 */
193			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
194			break;
195			}
196	538b6eb3	Evgeny Yurchenko	}
197			}
198			}
199			}
200
201	3462a529	Matthew Grooms	$ealgos = pconfig_to_ealgos($pconfig);
202
203	a93e56c5	Matthew Grooms	if (!count($ealgos)) {
204	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("At least one encryption algorithm must be selected.");
205	a93e56c5	Matthew Grooms	}
206			if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
207	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("The P2 lifetime must be an integer.");
208	a93e56c5	Matthew Grooms	}
209
210			if (!$input_errors) {
211	3462a529	Matthew Grooms
212			$ph2ent['ikeid'] = $pconfig['ikeid'];
213	4b96b367	mgrooms	$ph2ent['mode'] = $pconfig['mode'];
214	3462a529	Matthew Grooms	$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
215
216	4b96b367	mgrooms	if($ph2ent['mode'] == "tunnel") {
217			$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
218			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
219			}
220	3462a529	Matthew Grooms
221			$ph2ent['protocol'] = $pconfig['proto'];
222	a93e56c5	Matthew Grooms	$ph2ent['encryption-algorithm-option'] = $ealgos;
223	3462a529	Matthew Grooms	$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
224			$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
225			$ph2ent['lifetime'] = $pconfig['lifetime'];
226	87e07f52	mgrooms	$ph2ent['pinghost'] = $pconfig['pinghost'];
227	3462a529	Matthew Grooms	$ph2ent['descr'] = $pconfig['descr'];
228
229			if (isset($pconfig['mobile']))
230			$ph2ent['mobile'] = true;
231	a93e56c5	Matthew Grooms
232			if (isset($p2index) && $a_phase2[$p2index])
233			$a_phase2[$p2index] = $ph2ent;
234			else
235			$a_phase2[] = $ph2ent;
236
237	e92fb875	Seth Mos
238			/* now we need to find all phase2 entries for this host */
239			if(is_array($ph2ent)) {
240			ipsec_lookup_phase1($ph2ent, $ph1ent);
241			$old_ph1ent = $ph1ent;
242	563b47bf	smos	$old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']);
243	e92fb875	Seth Mos	reload_tunnel_spd_policy ($ph1ent, $ph2ent, $old_ph1ent, $old_ph2ent);
244			}
245
246	a93e56c5	Matthew Grooms	write_config();
247	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
248	a93e56c5	Matthew Grooms
249			header("Location: vpn_ipsec.php");
250			exit;
251			}
252			}
253
254	3462a529	Matthew Grooms	if ($pconfig['mobile'])
255	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
256	3462a529	Matthew Grooms	else
257	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
258	6deedfde	jim-p	$statusurl = "diag_ipsec.php";
259			$logurl = "diag_logs_ipsec.php";
260
261	3462a529	Matthew Grooms
262	a93e56c5	Matthew Grooms	include("head.inc");
263
264			?>
265
266			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
267			<?php include("fbegin.inc"); ?>
268			<script language="JavaScript">
269			<!--
270	4b96b367	mgrooms
271			function change_mode() {
272			index = document.iform.mode.selectedIndex;
273			value = document.iform.mode.options[index].value;
274			if (value == 'tunnel') {
275			document.getElementById('opt_localid').style.display = '';
276	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
277	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = '';
278	71880c96	pierrepomes	<?php endif; ?>
279	4b96b367	mgrooms	} else {
280			document.getElementById('opt_localid').style.display = 'none';
281	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
282	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = 'none';
283	71880c96	pierrepomes	<?php endif; ?>
284	4b96b367	mgrooms	}
285			}
286
287	a93e56c5	Matthew Grooms	function typesel_change_local(bits) {
288
289	744187e8	pierrepomes	if (typeof(bits)=="undefined")
290	a93e56c5	Matthew Grooms	bits = 24;
291
292			switch (document.iform.localid_type.selectedIndex) {
293			case 0: /* single */
294			document.iform.localid_address.disabled = 0;
295			document.iform.localid_netbits.value = 0;
296			document.iform.localid_netbits.disabled = 1;
297			break;
298			case 1: /* network */
299			document.iform.localid_address.disabled = 0;
300			document.iform.localid_netbits.value = bits;
301			document.iform.localid_netbits.disabled = 0;
302			break;
303	63017a73	Ermal Lu?i	case 3: /* none */
304			document.iform.localid_address.disabled = 1;
305			document.iform.localid_netbits.disabled = 1;
306			break;
307	a93e56c5	Matthew Grooms	default:
308			document.iform.localid_address.value = "";
309			document.iform.localid_address.disabled = 1;
310			document.iform.localid_netbits.value = 0;
311			document.iform.localid_netbits.disabled = 1;
312			break;
313			}
314			}
315	3462a529	Matthew Grooms
316	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
317	3462a529	Matthew Grooms
318	a93e56c5	Matthew Grooms	function typesel_change_remote(bits) {
319
320	744187e8	pierrepomes	if (typeof(bits)=="undefined")
321	a93e56c5	Matthew Grooms	bits = 24;
322
323			switch (document.iform.remoteid_type.selectedIndex) {
324			case 0: /* single */
325			document.iform.remoteid_address.disabled = 0;
326			document.iform.remoteid_netbits.value = 0;
327			document.iform.remoteid_netbits.disabled = 1;
328			break;
329			case 1: /* network */
330			document.iform.remoteid_address.disabled = 0;
331			document.iform.remoteid_netbits.value = bits;
332			document.iform.remoteid_netbits.disabled = 0;
333			break;
334			default:
335			document.iform.remoteid_address.value = "";
336			document.iform.remoteid_address.disabled = 1;
337			document.iform.remoteid_netbits.value = 0;
338			document.iform.remoteid_netbits.disabled = 1;
339			break;
340			}
341			}
342	3462a529	Matthew Grooms
343			<?php endif; ?>
344
345	4b96b367	mgrooms	function change_protocol() {
346	87e07f52	mgrooms	index = document.iform.proto.selectedIndex;
347			value = document.iform.proto.options[index].value;
348			if (value == 'esp')
349			document.getElementById('opt_enc').style.display = '';
350			else
351			document.getElementById('opt_enc').style.display = 'none';
352			}
353
354	a93e56c5	Matthew Grooms	//-->
355			</script>
356	5a3b0d3b	mgrooms
357			<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
358
359			<?php
360			if ($input_errors)
361			print_input_errors($input_errors);
362			?>
363
364			<table width="100%" border="0" cellpadding="0" cellspacing="0">
365			<tr class="tabnavtbl">
366			<td id="tabnav">
367			<?php
368			$tab_array = array();
369	123929e0	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
370			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
371			$tab_array[2] = array(gettext("Pre-shared keys"), false, "vpn_ipsec_keys.php");
372	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
373			?>
374			</td>
375			</tr>
376			<tr>
377			<td id="mainarea">
378			<div class="tabcont">
379			<table width="100%" border="0" cellpadding="6" cellspacing="0">
380			<tr>
381	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
382	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
383			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
384	123929e0	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase2 entry"); ?></strong>
385	5a3b0d3b	mgrooms	<br>
386	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
387			"removing it from the list"); ?>.
388	5a3b0d3b	mgrooms	</span>
389			</td>
390			</tr>
391			<tr>
392	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
393	4b96b367	mgrooms	<td width="78%" class="vtable">
394			<select name="mode" class="formselect" onChange="change_mode()">
395			<?php
396			foreach($p2_modes as $name => $value):
397			$selected = "";
398			if ($name == $pconfig['mode'])
399			$selected = "selected";
400			?>
401			<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
402			<?php endforeach; ?>
403			</select>
404			</td>
405			</tr>
406			<tr id="opt_localid">
407	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
408	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
409			<table border="0" cellspacing="0" cellpadding="0">
410			<tr>
411	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
412	5a3b0d3b	mgrooms	<td></td>
413			<td>
414			<select name="localid_type" class="formselect" onChange="typesel_change_local()">
415	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected";?>><?=gettext("Address"); ?></option>
416			<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected";?>><?=gettext("Network"); ?></option>
417	d48dbceb	Erik Fonnesbeck	<?php
418			$iflist = get_configured_interface_with_descr();
419			foreach ($iflist as $ifname => $ifdescr):
420			?>
421			<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
422			<?php endforeach; ?>
423	123929e0	Carlos Eduardo Ramos	<option value="none" <?php if ($pconfig['localid_type'] == "none" ) echo "selected";?>><?=gettext("None"); ?></option>
424	5a3b0d3b	mgrooms	</select>
425			</td>
426			</tr>
427			<tr>
428	11c160b0	Rafael Lucas	<td><?=gettext("Address:");?>  </td>
429	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
430			<td>
431	dd5bf424	Scott Ullrich	<input name="localid_address" type="text" class="formfld unknown" id="localid_address" size="20" value="<?=htmlspecialchars($pconfig['localid_address']);?>">
432	5a3b0d3b	mgrooms	/
433			<select name="localid_netbits" class="formselect" id="localid_netbits">
434			<?php for ($i = 32; $i >= 0; $i--): ?>
435			<option value="<?=$i;?>" <?php if ($i == $pconfig['localid_netbits']) echo "selected"; ?>>
436			<?=$i;?>
437			</option>
438			<?php endfor; ?>
439			</select>
440			</td>
441			</tr>
442			</table>
443			</td>
444			</tr>
445
446			<?php if (!isset($pconfig['mobile'])): ?>
447
448	4b96b367	mgrooms	<tr id="opt_remoteid">
449	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
450	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
451			<table border="0" cellspacing="0" cellpadding="0">
452			<tr>
453	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
454	5a3b0d3b	mgrooms	<td></td>
455			<td>
456			<select name="remoteid_type" class="formselect" onChange="typesel_change_remote()">
457	123929e0	Carlos Eduardo Ramos	<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected"; ?>><?=gettext("Address"); ?></option>
458			<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected"; ?>><?=gettext("Network"); ?></option>
459	5a3b0d3b	mgrooms	</select>
460			</td>
461			</tr>
462			<tr>
463	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Address"); ?>:  </td>
464	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
465			<td>
466	dd5bf424	Scott Ullrich	<input name="remoteid_address" type="text" class="formfld unknown" id="remoteid_address" size="20" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>">
467	5a3b0d3b	mgrooms	/
468			<select name="remoteid_netbits" class="formselect" id="remoteid_netbits">
469	184d50b5	Ermal Lu?i	<?php for ($i = 32; $i >= 0; $i--) {
470
471			echo "<option value=\"{$i}\"";
472			if ($i == $pconfig['remoteid_netbits']) echo " selected";
473			echo ">{$i}</option>\n";
474			} ?>
475	5a3b0d3b	mgrooms	</select>
476			</td>
477			</tr>
478			</table>
479	a93e56c5	Matthew Grooms	</td>
480	5a3b0d3b	mgrooms	</tr>
481
482	3462a529	Matthew Grooms	<?php endif; ?>
483	5a3b0d3b	mgrooms
484			<tr>
485	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
486	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
487			<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
488			<br>
489			<span class="vexpl">
490	123929e0	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
491			"for your reference (not parsed)"); ?>.
492	5a3b0d3b	mgrooms	</span>
493			</td>
494			</tr>
495			<tr>
496			<td colspan="2" class="list" height="12"></td>
497			</tr>
498			<tr>
499			<td colspan="2" valign="top" class="listtopic">
500	123929e0	Carlos Eduardo Ramos	<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
501	5a3b0d3b	mgrooms	</td>
502			</tr>
503			<tr>
504	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
505	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
506	4b96b367	mgrooms	<select name="proto" class="formselect" onChange="change_protocol()">
507	5a3b0d3b	mgrooms	<?php foreach ($p2_protos as $proto => $protoname): ?>
508			<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected"; ?>>
509			<?=htmlspecialchars($protoname);?>
510			</option>
511			<?php endforeach; ?>
512			</select>
513			<br>
514			<span class="vexpl">
515	123929e0	Carlos Eduardo Ramos	<?=gettext("ESP is encryption, AH is authentication only"); ?>
516	5a3b0d3b	mgrooms	</span>
517			</td>
518			</tr>
519	87e07f52	mgrooms	<tr id="opt_enc">
520	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
521	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
522			<table border="0" cellspacing="0" cellpadding="0">
523			<?php
524			foreach ($p2_ealgos as $algo => $algodata):
525			$checked = '';
526			if (in_array($algo,$pconfig['ealgos']))
527			$checked = " checked";
528			?>
529			<tr>
530			<td>
531			<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?>>
532			</td>
533			<td>
534			<?=htmlspecialchars($algodata['name']);?>
535			</td>
536			<td>
537			<?php if(is_array($algodata['keysel'])): ?>
538
539			<select name="keylen_<?=$algo;?>" class="formselect">
540	123929e0	Carlos Eduardo Ramos	<option value="auto"><?=gettext("auto"); ?></option>
541	5a3b0d3b	mgrooms	<?php
542			$key_hi = $algodata['keysel']['hi'];
543			$key_lo = $algodata['keysel']['lo'];
544			$key_step = $algodata['keysel']['step'];
545			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
546			$selected = '';
547			// if ($checked && in_array("keylen_".$algo,$pconfig))
548			if ($keylen == $pconfig["keylen_".$algo])
549			$selected = " selected";
550			?>
551	123929e0	Carlos Eduardo Ramos	<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
552	5a3b0d3b	mgrooms	<?php endfor; ?>
553			</select>
554			<?php endif; ?>
555			</td>
556			</tr>
557
558			<?php endforeach; ?>
559
560			</table>
561			<br>
562	123929e0	Carlos Eduardo Ramos	<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
563			"crypto accelerator card. Blowfish is usually the fastest in " .
564			"software encryption"); ?>.
565	5a3b0d3b	mgrooms	</td>
566			</tr>
567			<tr>
568	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
569	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
570			<?php foreach ($p2_halgos as $algo => $algoname): ?>
571			<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked"; ?>>
572			<?=htmlspecialchars($algoname);?>
573			<br>
574			<?php endforeach; ?>
575			</td>
576			</tr>
577			<tr>
578	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
579	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
580			<?php if (!isset($pconfig['mobile']) \|\| !isset($a_client['pfs_group'])): ?>
581			<select name="pfsgroup" class="formselect">
582			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
583			<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected"; ?>>
584			<?=htmlspecialchars($keygroupname);?>
585			</option>
586			<?php endforeach; ?>
587			</select>
588			<br>
589			<span class="vexpl">
590			<em>
591	123929e0	Carlos Eduardo Ramos	<?=gettext("1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit"); ?>
592	5a3b0d3b	mgrooms	</em>
593			</span>
594
595			<?php else: ?>
596
597			<select class="formselect" disabled>
598			<option selected><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
599			</select>
600	dd5bf424	Scott Ullrich	<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>">
601	5a3b0d3b	mgrooms	<br>
602	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
603	5a3b0d3b	mgrooms	<?php endif; ?>
604			</td>
605			</tr>
606			<tr>
607	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
608	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
609	dd5bf424	Scott Ullrich	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>">
610	123929e0	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
611	5a3b0d3b	mgrooms	</td>
612			</tr>
613	87e07f52	mgrooms	<tr>
614			<td colspan="2" class="list" height="12"></td>
615			</tr>
616			<tr>
617	123929e0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
618	87e07f52	mgrooms	</tr>
619			<tr>
620	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
621	87e07f52	mgrooms	<td width="78%" class="vtable">
622	dd5bf424	Scott Ullrich	<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="20" value="<?=htmlspecialchars($pconfig['pinghost']);?>">
623	123929e0	Carlos Eduardo Ramos	<?=gettext("IP address"); ?>
624	87e07f52	mgrooms	</td>
625			</tr>
626	5a3b0d3b	mgrooms	<tr>
627			<td width="22%" valign="top"> </td>
628			<td width="78%">
629			<?php if (isset($p2index) && $a_phase2[$p2index]): ?>
630			<input name="p2index" type="hidden" value="<?=$p2index;?>">
631			<?php endif; ?>
632			<?php if ($pconfig['mobile']): ?>
633			<input name="mobile" type="hidden" value="true">
634			<input name="remoteid_type" type="hidden" value="mobile">
635			<?php endif; ?>
636	123929e0	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
637	dd5bf424	Scott Ullrich	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>">
638	5a3b0d3b	mgrooms	</td>
639			</tr>
640			</table>
641			</div>
642			</td>
643			</tr>
644			</table>
645	a93e56c5	Matthew Grooms	</form>
646			<script lannguage="JavaScript">
647			<!--
648	dd5bf424	Scott Ullrich	change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
649			change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
650			typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
651	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
652	dd5bf424	Scott Ullrich	typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
653	71880c96	pierrepomes	<?php endif; ?>
654	a93e56c5	Matthew Grooms	//-->
655			</script>
656			<?php include("fend.inc"); ?>
657	3462a529	Matthew Grooms	</body>
658			</html>
659	a93e56c5	Matthew Grooms
660			<?php
661
662	3462a529	Matthew Grooms	/* local utility functions */
663
664	a93e56c5	Matthew Grooms	function pconfig_to_ealgos(& $pconfig) {
665
666			global $p2_ealgos;
667
668			$ealgos = array();
669			foreach ($p2_ealgos as $algo_name => $algo_data) {
670			if (in_array($algo_name,$pconfig['ealgos'])) {
671			$ealg = array();
672			$ealg['name'] = $algo_name;
673			if (is_array($algo_data['keysel']))
674			$ealg['keylen'] = $_POST["keylen_".$algo_name];
675			$ealgos[] = $ealg;
676			}
677			}
678
679			return $ealgos;
680			}
681
682			function ealgos_to_pconfig(& $ealgos,& $pconfig) {
683
684			$pconfig['ealgos'] = array();
685			foreach ($ealgos as $algo_data) {
686			$pconfig['ealgos'][] = $algo_data['name'];
687			if (isset($algo_data['keylen']))
688			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
689			}
690
691			return $ealgos;
692			}
693
694			function pconfig_to_idinfo($prefix,& $pconfig) {
695
696			$type = $pconfig[$prefix."id_type"];
697			$address = $pconfig[$prefix."id_address"];
698			$netbits = $pconfig[$prefix."id_netbits"];
699
700			switch( $type )
701			{
702			case "address":
703			return array('type' => $type, 'address' => $address);
704			case "network":
705			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
706			default:
707			return array('type' => $type );
708			}
709			}
710
711			function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
712
713			switch( $idinfo['type'] )
714			{
715			case "address":
716			$pconfig[$prefix."id_type"] = $idinfo['type'];
717			$pconfig[$prefix."id_address"] = $idinfo['address'];
718			break;
719			case "network":
720			$pconfig[$prefix."id_type"] = $idinfo['type'];
721			$pconfig[$prefix."id_address"] = $idinfo['address'];
722			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
723			break;
724			default:
725			$pconfig[$prefix."id_type"] = $idinfo['type'];
726			break;
727			}
728			}
729
730			?>

Project

General

Profile

pfSense