/usr/local/www/vpn_ipsec_phase1.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase1.php @ f579c0fb

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase1.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8	fa4e059e	Ermal	Copyright (C) 2014 Ermal LUÇI
9	6317d31d	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
10	a93e56c5	Matthew Grooms	All rights reserved.
11
12			Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14
15			1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17
18			2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21
22			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33
34	6b07c15a	Matthew Grooms	##\|+PRIV
35			##\|*IDENT=page-vpn-ipsec-editphase1
36			##\|*NAME=VPN: IPsec: Edit Phase 1 page
37			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 1' page.
38			##\|MATCH=vpn_ipsec_phase1.php
39			##\|-PRIV
40
41	0f84b741	Scott Ullrich	require("functions.inc");
42	a93e56c5	Matthew Grooms	require("guiconfig.inc");
43	483e6de8	Scott Ullrich	require_once("ipsec.inc");
44			require_once("vpn.inc");
45	a93e56c5	Matthew Grooms
46			if (!is_array($config['ipsec']['phase1']))
47			$config['ipsec']['phase1'] = array();
48
49	647c7c48	Seth Mos	if (!is_array($config['ipsec']['phase2']))
50			$config['ipsec']['phase2'] = array();
51
52	a93e56c5	Matthew Grooms	$a_phase1 = &$config['ipsec']['phase1'];
53	647c7c48	Seth Mos	$a_phase2 = &$config['ipsec']['phase2'];
54	a93e56c5	Matthew Grooms
55	e41ec584	Renato Botelho	if (is_numericint($_GET['p1index']))
56			$p1index = $_GET['p1index'];
57	9caf5eca	Renato Botelho	if (isset($_POST['p1index']) && is_numericint($_POST['p1index']))
58	a93e56c5	Matthew Grooms	$p1index = $_POST['p1index'];
59
60	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
61	a93e56c5	Matthew Grooms	$p1index = $_GET['dup'];
62
63	fad728ab	sullrich	if (isset($p1index) && $a_phase1[$p1index]) {
64	99bbd213	Matthew Grooms	// don't copy the ikeid on dup
65	e41ec584	Renato Botelho	if (!isset($_GET['dup']) \|\| !is_numericint($_GET['dup']))
66	99bbd213	Matthew Grooms	$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
67	7fc26246	Seth Mos
68	647c7c48	Seth Mos	$old_ph1ent = $a_phase1[$p1index];
69	99bbd213	Matthew Grooms
70	a93e56c5	Matthew Grooms	$pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']);
71
72			if ($a_phase1[$p1index]['interface'])
73			$pconfig['interface'] = $a_phase1[$p1index]['interface'];
74			else
75			$pconfig['interface'] = "wan";
76
77			list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
78	3462a529	Matthew Grooms
79			if (isset($a_phase1[$p1index]['mobile']))
80			$pconfig['mobile'] = 'true';
81			else
82			$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
83
84	fa4e059e	Ermal	if (empty($a_phase1[$p1index]['iketype']))
85			$pconfig['iketype'] = "ikev1";
86			else
87			$pconfig['iketype'] = $a_phase1[$p1index]['iketype'];
88	a93e56c5	Matthew Grooms	$pconfig['mode'] = $a_phase1[$p1index]['mode'];
89	e79b24ab	Seth Mos	$pconfig['protocol'] = $a_phase1[$p1index]['protocol'];
90	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
91			$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data'];
92			$pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type'];
93			$pconfig['peerid_data'] = $a_phase1[$p1index]['peerid_data'];
94			$pconfig['ealgo'] = $a_phase1[$p1index]['encryption-algorithm'];
95			$pconfig['halgo'] = $a_phase1[$p1index]['hash-algorithm'];
96			$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup'];
97			$pconfig['lifetime'] = $a_phase1[$p1index]['lifetime'];
98			$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
99	4e2af464	Matthew Grooms
100	ab2ccd9f	Renato Botelho	if (($pconfig['authentication_method'] == "pre_shared_key") \|\|
101	4e2af464	Matthew Grooms	($pconfig['authentication_method'] == "xauth_psk_server")) {
102			$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
103			} else {
104	73fbece8	mgrooms	$pconfig['certref'] = $a_phase1[$p1index]['certref'];
105	a22d475f	jim-p	$pconfig['caref'] = $a_phase1[$p1index]['caref'];
106	4e2af464	Matthew Grooms	}
107	a93e56c5	Matthew Grooms
108			$pconfig['descr'] = $a_phase1[$p1index]['descr'];
109			$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
110	3462a529	Matthew Grooms
111	ce21dfca	Ermal	if (isset($a_phase1[$p1index]['reauth_enable']))
112	0e7aad67	Ermal	$pconfig['reauth_enable'] = true;
113	ce21dfca	Ermal	if (isset($a_phase1[$p1index]['rekey_enable']))
114	0e7aad67	Ermal	$pconfig['rekey_enable'] = true;
115
116	3462a529	Matthew Grooms	if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) {
117			$pconfig['dpd_enable'] = true;
118			$pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay'];
119			$pconfig['dpd_maxfail'] = $a_phase1[$p1index]['dpd_maxfail'];
120			}
121	fad728ab	sullrich	} else {
122	a93e56c5	Matthew Grooms	/* defaults */
123			$pconfig['interface'] = "wan";
124	ab2ccd9f	Renato Botelho	if($config['interfaces']['lan'])
125	a93e56c5	Matthew Grooms	$pconfig['localnet'] = "lan";
126	c1826169	Chris Buechler	$pconfig['mode'] = "main";
127	e79b24ab	Seth Mos	$pconfig['protocol'] = "inet";
128	a93e56c5	Matthew Grooms	$pconfig['myid_type'] = "myaddress";
129			$pconfig['peerid_type'] = "peeraddress";
130			$pconfig['authentication_method'] = "pre_shared_key";
131	6f7960c3	Chris Buechler	$pconfig['ealgo'] = array( name => "aes" );
132	a93e56c5	Matthew Grooms	$pconfig['halgo'] = "sha1";
133			$pconfig['dhgroup'] = "2";
134			$pconfig['lifetime'] = "28800";
135	86ef7a0a	Ermal	$pconfig['nat_traversal'] = 'on';
136	3462a529	Matthew Grooms	$pconfig['dpd_enable'] = true;
137	20452c68	Ermal	$pconfig['iketype'] = "ikev1";
138	3462a529	Matthew Grooms
139			/* mobile client */
140	c1826169	Chris Buechler	if($_GET['mobile']) {
141	3462a529	Matthew Grooms	$pconfig['mobile']=true;
142	c1826169	Chris Buechler	$pconfig['mode'] = "aggressive";
143			}
144	a93e56c5	Matthew Grooms	}
145
146	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
147	a93e56c5	Matthew Grooms	unset($p1index);
148
149			if ($_POST) {
150			unset($input_errors);
151			$pconfig = $_POST;
152
153			/* input validation */
154	3462a529	Matthew Grooms
155			$method = $pconfig['authentication_method'];
156	f27526cd	Evgeny Yurchenko	// Unset ca and cert if not required to avaoid storing in config
157	c7a7a4ee	Ermal Luçi	if ($method == "pre_shared_key" \|\| $method == "xauth_psk_server"){
158	ab2ccd9f	Renato Botelho	unset($pconfig['caref']);
159			unset($pconfig['certref']);
160	f27526cd	Evgeny Yurchenko	}
161	99642234	jim-p
162	1f65618b	jim-p	// Only require PSK here for normal PSK tunnels (not mobile) or xauth.
163	0a7c9c8e	jim-p	// For RSA methods, require the CA/Cert.
164	99642234	jim-p	switch ($method) {
165	f579c0fb	Ermal LUÇI	case 'eap-mschapv2':
166			if ($pconfig['iketype'] != 'ikev2')
167			$input_errors[] = gettext("EAP-MSChapv2 can only be used with IKEv2 type VPNs.");
168			break;
169	fa4e059e	Ermal	case "eap-tls":
170			if ($pconfig['iketype'] != 'ikev2')
171			$input_errors[] = gettext("EAP-TLS can only be used with IKEv2 type VPNs.");
172			break;
173	99642234	jim-p	case "pre_shared_key":
174	ab2ccd9f	Renato Botelho	// If this is a mobile PSK tunnel the user PSKs go on
175	0a7c9c8e	jim-p	// the PSK tab, not here, so skip the check.
176	99642234	jim-p	if ($pconfig['mobile'])
177			break;
178			case "xauth_psk_server":
179			$reqdfields = explode(" ", "pskey");
180			$reqdfieldsn = array(gettext("Pre-Shared Key"));
181	69b79ff0	Renato Botelho	$validate_pskey = true;
182	99642234	jim-p	break;
183			case "hybrid_rsa_server":
184			case "xauth_rsa_server":
185			case "rsasig":
186			$reqdfields = explode(" ", "caref certref");
187			$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
188			break;
189	a93e56c5	Matthew Grooms	}
190	3462a529	Matthew Grooms	if (!$pconfig['mobile']) {
191			$reqdfields[] = "remotegw";
192	2fbb33f1	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote gateway");
193	3462a529	Matthew Grooms	}
194	a93e56c5	Matthew Grooms
195	1e9b4611	Renato Botelho	do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
196	a93e56c5	Matthew Grooms
197	69b79ff0	Renato Botelho	if (isset($validate_pskey) && isset($pconfig['pskey']) && !preg_match('/^[[:ascii:]]*$/', $pconfig['pskey'])) {
198			unset($validate_pskey);
199			$input_errors[] = gettext("Pre-Shared Key contains invalid characters.");
200			}
201
202	3462a529	Matthew Grooms	if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
203	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("The P1 lifetime must be an integer.");
204	a93e56c5	Matthew Grooms
205	e4ffca08	Renato Botelho	if ($pconfig['remotegw']) {
206			if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw']))
207			$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
208			elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet"))
209			$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6");
210			elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6"))
211			$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4");
212			}
213	a93e56c5	Matthew Grooms
214	3462a529	Matthew Grooms	if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
215	a93e56c5	Matthew Grooms	$t = 0;
216			foreach ($a_phase1 as $ph1tmp) {
217			if ($p1index <> $t) {
218			$tremotegw = $pconfig['remotegw'];
219			if (($ph1tmp['remote-gateway'] == $tremotegw) && !isset($ph1tmp['disabled'])) {
220	ddc55e12	Erik Fonnesbeck	$input_errors[] = sprintf(gettext('The remote gateway "%1$s" is already used by phase1 "%2$s".'), $tremotegw, $ph1tmp['descr']);
221	a93e56c5	Matthew Grooms	}
222			}
223			$t++;
224			}
225			}
226
227	e4ffca08	Renato Botelho	if (is_array($a_phase2) && (count($a_phase2))) {
228			foreach ($a_phase2 as $phase2) {
229			if($phase2['ikeid'] == $pconfig['ikeid']) {
230			if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) {
231			$input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4.");
232			break;
233			}
234			if (($pconfig['protocol'] == "inet6") && ($phase2['mode'] == "tunnel")) {
235			$input_errors[] = gettext("There is a Phase 2 using IPv4, you cannot use IPv6.");
236			break;
237			}
238			}
239			}
240			}
241
242	a93e56c5	Matthew Grooms	/* My identity */
243
244	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "myaddress")
245			$pconfig['myid_data'] = "";
246	a93e56c5	Matthew Grooms
247	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
248	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter an address for 'My Identifier'");
249
250	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
251	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
252
253	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
254	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
255
256	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
257	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
258
259	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
260	a93e56c5	Matthew Grooms	$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
261
262	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
263	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'My identifier' must be specified.");
264	a93e56c5	Matthew Grooms
265	3462a529	Matthew Grooms	if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
266	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'My identifier' must be specified.");
267	a93e56c5	Matthew Grooms
268	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "fqdn")
269			if (is_domain($pconfig['myid_data']) == false)
270	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified.");
271	a93e56c5	Matthew Grooms
272	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "user_fqdn") {
273			$user_fqdn = explode("@",$pconfig['myid_data']);
274	a93e56c5	Matthew Grooms	if (is_domain($user_fqdn[1]) == false)
275	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.");
276	a93e56c5	Matthew Grooms	}
277
278	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "dyn_dns")
279			if (is_domain($pconfig['myid_data']) == false)
280	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified.");
281	a93e56c5	Matthew Grooms
282			/* Peer identity */
283
284	3462a529	Matthew Grooms	if ($pconfig['myid_type'] == "peeraddress")
285			$pconfig['peerid_data'] = "";
286
287	1f65618b	jim-p	// Only enforce peer ID if we are not dealing with a pure-psk mobile config.
288			if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) {
289			if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
290			$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
291	a93e56c5	Matthew Grooms
292	1f65618b	jim-p	if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
293			$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
294	a93e56c5	Matthew Grooms
295	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
296			$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
297	a93e56c5	Matthew Grooms
298	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
299			$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
300	a93e56c5	Matthew Grooms
301	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
302	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified.");
303	a93e56c5	Matthew Grooms
304	1f65618b	jim-p	if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
305	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified.");
306	a93e56c5	Matthew Grooms
307	1f65618b	jim-p	if ($pconfig['peerid_type'] == "fqdn")
308			if (is_domain($pconfig['peerid_data']) == false)
309	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified.");
310	a93e56c5	Matthew Grooms
311	1f65618b	jim-p	if ($pconfig['peerid_type'] == "user_fqdn") {
312			$user_fqdn = explode("@",$pconfig['peerid_data']);
313			if (is_domain($user_fqdn[1]) == false)
314	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.");
315	1f65618b	jim-p	}
316	a93e56c5	Matthew Grooms	}
317
318	3462a529	Matthew Grooms	if ($pconfig['dpd_enable']) {
319			if (!is_numeric($pconfig['dpd_delay']))
320	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD delay.");
321	a93e56c5	Matthew Grooms
322	3462a529	Matthew Grooms	if (!is_numeric($pconfig['dpd_maxfail']))
323	2fbb33f1	Carlos Eduardo Ramos	$input_errors[] = gettext("A numeric value must be specified for DPD retries.");
324	a93e56c5	Matthew Grooms	}
325
326	ddabd9d6	Ermal	if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2" && $pconfig['iketype'] != "auto")
327			$input_errors[] = gettext("Valid arguments for IKE type is v1 or v2 or auto");
328	20452c68	Ermal
329	a93e56c5	Matthew Grooms	/* build our encryption algorithms array */
330			$pconfig['ealgo'] = array();
331			$pconfig['ealgo']['name'] = $_POST['ealgo'];
332	3462a529	Matthew Grooms	if($pconfig['ealgo_keylen'])
333	a93e56c5	Matthew Grooms	$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
334
335			if (!$input_errors) {
336	3462a529	Matthew Grooms	$ph1ent['ikeid'] = $pconfig['ikeid'];
337	20452c68	Ermal	$ph1ent['iketype'] = $pconfig['iketype'];
338	8e87f714	Ermal LUÇI	if ($pconfig['iketype'] != 'ikev1')
339			unset($ph1ent['mode']);
340			else
341			$ph1ent['mode'] = $pconfig['mode'];
342	3462a529	Matthew Grooms	$ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
343	a93e56c5	Matthew Grooms	$ph1ent['interface'] = $pconfig['interface'];
344			/* if the remote gateway changed and the interface is not WAN then remove route */
345			/* the vpn_ipsec_configure() handles adding the route */
346	3462a529	Matthew Grooms	if ($pconfig['interface'] <> "wan") {
347	7fc26246	Seth Mos	if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
348	3acab378	smos	mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
349	a93e56c5	Matthew Grooms	}
350			}
351
352	3462a529	Matthew Grooms	if ($pconfig['mobile'])
353			$ph1ent['mobile'] = true;
354			else
355			$ph1ent['remote-gateway'] = $pconfig['remotegw'];
356
357	e79b24ab	Seth Mos	$ph1ent['protocol'] = $pconfig['protocol'];
358	3462a529	Matthew Grooms
359			$ph1ent['myid_type'] = $pconfig['myid_type'];
360			$ph1ent['myid_data'] = $pconfig['myid_data'];
361			$ph1ent['peerid_type'] = $pconfig['peerid_type'];
362			$ph1ent['peerid_data'] = $pconfig['peerid_data'];
363	a93e56c5	Matthew Grooms
364			$ph1ent['encryption-algorithm'] = $pconfig['ealgo'];
365	3462a529	Matthew Grooms	$ph1ent['hash-algorithm'] = $pconfig['halgo'];
366			$ph1ent['dhgroup'] = $pconfig['dhgroup'];
367			$ph1ent['lifetime'] = $pconfig['lifetime'];
368			$ph1ent['pre-shared-key'] = $pconfig['pskey'];
369			$ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
370	73fbece8	mgrooms	$ph1ent['certref'] = $pconfig['certref'];
371	a22d475f	jim-p	$ph1ent['caref'] = $pconfig['caref'];
372	3462a529	Matthew Grooms	$ph1ent['authentication_method'] = $pconfig['authentication_method'];
373			$ph1ent['descr'] = $pconfig['descr'];
374			$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
375
376	0e7aad67	Ermal	if (isset($pconfig['reauth_enable']))
377			$ph1ent['reauth_enable'] = true;
378	3a56c146	Ermal LUÇI	else
379			unset($ph1ent['reauth_enable']);
380	0e7aad67	Ermal	if (isset($pconfig['rekey_enable']))
381			$ph1ent['rekey_enable'] = true;
382	3a56c146	Ermal LUÇI	else
383			unset($ph1ent['rekey_enable']);
384	0e7aad67	Ermal
385	3462a529	Matthew Grooms	if (isset($pconfig['dpd_enable'])) {
386			$ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
387			$ph1ent['dpd_maxfail'] = $pconfig['dpd_maxfail'];
388			}
389
390	a93e56c5	Matthew Grooms	/* generate unique phase1 ikeid */
391	d799787e	Matthew Grooms	if ($ph1ent['ikeid'] == 0)
392			$ph1ent['ikeid'] = ipsec_ikeid_next();
393	a93e56c5	Matthew Grooms
394			if (isset($p1index) && $a_phase1[$p1index])
395			$a_phase1[$p1index] = $ph1ent;
396			else
397			$a_phase1[] = $ph1ent;
398
399			write_config();
400	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
401	a93e56c5	Matthew Grooms
402			header("Location: vpn_ipsec.php");
403			exit;
404			}
405			}
406
407	3462a529	Matthew Grooms	if ($pconfig['mobile'])
408	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client"));
409	3462a529	Matthew Grooms	else
410	2fbb33f1	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"));
411	b32dd0a6	jim-p	$shortcut_section = "ipsec";
412	6deedfde	jim-p
413	3462a529	Matthew Grooms
414	a93e56c5	Matthew Grooms	include("head.inc");
415
416			?>
417
418			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
419			<?php include("fbegin.inc"); ?>
420	91f026b0	ayvis	<script type="text/javascript">
421	a0fca224	Colin Fleming	//<![CDATA[
422	3462a529	Matthew Grooms
423			function myidsel_change() {
424			index = document.iform.myid_type.selectedIndex;
425			value = document.iform.myid_type.options[index].value;
426			if (value == 'myaddress')
427	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'hidden';
428	3462a529	Matthew Grooms	else
429	5a3b0d3b	mgrooms	document.getElementById('myid_data').style.visibility = 'visible';
430	3462a529	Matthew Grooms	}
431
432	0771969b	Ermal LUÇI	function iketype_change() {
433			index = document.iform.iketype.selectedIndex;
434			value = document.iform.iketype.options[index].value;
435			if (value == 'ikev2')
436			document.getElementById('negmode').style.display= 'none';
437			else
438			document.getElementById('negmode').style.display = '';
439			}
440
441	3462a529	Matthew Grooms	function peeridsel_change() {
442			index = document.iform.peerid_type.selectedIndex;
443			value = document.iform.peerid_type.options[index].value;
444			if (value == 'peeraddress')
445	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'hidden';
446	3462a529	Matthew Grooms	else
447	5a3b0d3b	mgrooms	document.getElementById('peerid_data').style.visibility = 'visible';
448	3462a529	Matthew Grooms	}
449
450	a93e56c5	Matthew Grooms	function methodsel_change() {
451	3462a529	Matthew Grooms	index = document.iform.authentication_method.selectedIndex;
452			value = document.iform.authentication_method.options[index].value;
453
454			switch (value) {
455	f579c0fb	Ermal LUÇI	case 'eap-mschapv2':
456	fa4e059e	Ermal	case 'eap-tls':
457			document.getElementById('opt_psk').style.display = 'none';
458			document.getElementById('opt_peerid').style.display = '';
459			document.getElementById('opt_cert').style.display = '';
460			document.getElementById('opt_ca').style.display = '';
461			document.getElementById('opt_cert').disabled = false;
462			document.getElementById('opt_ca').disabled = false;
463			break;
464			case 'hybrid_rsa_server':
465			document.getElementById('opt_psk').style.display = 'none';
466			document.getElementById('opt_peerid').style.display = '';
467			document.getElementById('opt_cert').style.display = '';
468			document.getElementById('opt_ca').style.display = '';
469			document.getElementById('opt_cert').disabled = false;
470			document.getElementById('opt_ca').disabled = false;
471			break;
472			case 'xauth_rsa_server':
473			case 'rsasig':
474			document.getElementById('opt_psk').style.display = 'none';
475			document.getElementById('opt_peerid').style.display = '';
476			document.getElementById('opt_cert').style.display = '';
477			document.getElementById('opt_ca').style.display = '';
478			document.getElementById('opt_cert').disabled = false;
479			document.getElementById('opt_ca').disabled = false;
480			break;
481	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
482	fa4e059e	Ermal	case 'pre_shared_key':
483			document.getElementById('opt_psk').style.display = 'none';
484			document.getElementById('opt_peerid').style.display = 'none';
485			document.getElementById('opt_cert').style.display = 'none';
486			document.getElementById('opt_ca').style.display = 'none';
487			document.getElementById('opt_cert').disabled = true;
488			document.getElementById('opt_ca').disabled = true;
489			break;
490	1f65618b	jim-p	<?php } ?>
491	fa4e059e	Ermal	default: /* psk modes*/
492			document.getElementById('opt_psk').style.display = '';
493			document.getElementById('opt_peerid').style.display = '';
494			document.getElementById('opt_cert').style.display = 'none';
495			document.getElementById('opt_ca').style.display = 'none';
496			document.getElementById('opt_cert').disabled = true;
497			document.getElementById('opt_ca').disabled = true;
498			break;
499	a93e56c5	Matthew Grooms	}
500			}
501
502			/* PHP generated java script for variable length keys */
503			function ealgosel_change(bits) {
504			switch (document.iform.ealgo.selectedIndex) {
505			<?php
506	ab2ccd9f	Renato Botelho	$i = 0;
507			foreach ($p1_ealgos as $algo => $algodata) {
508			if (is_array($algodata['keysel'])) {
509			echo " case {$i}:\n";
510			echo " document.iform.ealgo_keylen.style.visibility = 'visible';\n";
511			echo " document.iform.ealgo_keylen.options.length = 0;\n";
512			// echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
513
514			$key_hi = $algodata['keysel']['hi'];
515			$key_lo = $algodata['keysel']['lo'];
516			$key_step = $algodata['keysel']['step'];
517
518			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step)
519			echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n";
520			echo " break;\n";
521			} else {
522			echo " case {$i}:\n";
523			echo " document.iform.ealgo_keylen.style.visibility = 'hidden';\n";
524			echo " document.iform.ealgo_keylen.options.length = 0;\n";
525			echo " break;\n";
526			}
527			$i++;
528			}
529	a93e56c5	Matthew Grooms	?>
530			}
531
532			if( bits )
533			document.iform.ealgo_keylen.value = bits;
534			}
535	3462a529	Matthew Grooms
536	a93e56c5	Matthew Grooms	function dpdchkbox_change() {
537	5a3b0d3b	mgrooms	if( document.iform.dpd_enable.checked )
538			document.getElementById('opt_dpd').style.display = '';
539			else
540			document.getElementById('opt_dpd').style.display = 'none';
541	3462a529	Matthew Grooms
542			if (!document.iform.dpd_delay.value)
543			document.iform.dpd_delay.value = "10";
544
545			if (!document.iform.dpd_maxfail.value)
546			document.iform.dpd_maxfail.value = "5";
547	a93e56c5	Matthew Grooms	}
548	3462a529	Matthew Grooms
549	a0fca224	Colin Fleming	//]]>
550	a93e56c5	Matthew Grooms	</script>
551	5a3b0d3b	mgrooms
552			<form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform">
553
554			<?php
555			if ($input_errors)
556			print_input_errors($input_errors);
557			?>
558
559	a0fca224	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-1">
560	5a3b0d3b	mgrooms	<tr class="tabnavtbl">
561			<td id="tabnav">
562			<?php
563			$tab_array = array();
564	2fbb33f1	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
565			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
566	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
567	71172088	jim-p	$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
568	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
569			?>
570			</td>
571			</tr>
572			<tr>
573			<td id="mainarea">
574			<div class="tabcont">
575	a0fca224	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
576	5a3b0d3b	mgrooms	<tr>
577	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
578	5a3b0d3b	mgrooms	</tr>
579			<tr>
580	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
581	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
582	a0fca224	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
583	8cd558b6	ayvis	<strong><?=gettext("Disable this phase1 entry"); ?></strong><br />
584	5a3b0d3b	mgrooms	<span class="vexpl">
585	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to disable this phase1 without " .
586			"removing it from the list"); ?>.
587	5a3b0d3b	mgrooms	</span>
588			</td>
589			</tr>
590	20452c68	Ermal	<tr>
591			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key Exchange version"); ?></td>
592			<td width="78%" class="vtable">
593	0771969b	Ermal LUÇI	<select name="iketype" class="formselect" onchange='iketype_change()'>
594	20452c68	Ermal	<?php
595	ddabd9d6	Ermal	$keyexchange = array("ikev1" => "V1", "ikev2" => "V2", "auto" => "Auto");
596	20452c68	Ermal	foreach ($keyexchange as $kidx => $name):
597			?>
598	a0fca224	Colin Fleming	<option value="<?=$kidx;?>" <?php if ($kidx == $pconfig['iketype']) echo "selected=\"selected\""; ?>>
599	20452c68	Ermal	<?=htmlspecialchars($name);?>
600			</option>
601			<?php endforeach; ?>
602	24aa9e40	Chris Buechler	</select> <br /> <span class="vexpl"><?=gettext("Select the Internet Key Exchange protocol version to be used, IKEv1 or IKEv2"); ?>.</span>
603	20452c68	Ermal	</td>
604			</tr>
605	e79b24ab	Seth Mos	<tr>
606			<td width="22%" valign="top" class="vncellreq"><?=gettext("Internet Protocol"); ?></td>
607			<td width="78%" class="vtable">
608			<select name="protocol" class="formselect">
609			<?php
610			$protocols = array("inet" => "IPv4", "inet6" => "IPv6");
611			foreach ($protocols as $protocol => $name):
612			?>
613	a0fca224	Colin Fleming	<option value="<?=$protocol;?>" <?php if ($protocol == $pconfig['protocol']) echo "selected=\"selected\""; ?>>
614	e79b24ab	Seth Mos	<?=htmlspecialchars($name);?>
615			</option>
616			<?php endforeach; ?>
617	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
618	e79b24ab	Seth Mos	</td>
619			</tr>
620	5a3b0d3b	mgrooms	<tr>
621	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
622	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
623			<select name="interface" class="formselect">
624	ab2ccd9f	Renato Botelho	<?php
625	5a3b0d3b	mgrooms	$interfaces = get_configured_interface_with_descr();
626	6dbffeda	smos
627	abcb2bed	Ermal Lu?i	$carplist = get_configured_carp_interface_list();
628			foreach ($carplist as $cif => $carpip)
629	dd62256f	Pierre POMES	$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
630	6dbffeda	smos
631	25f6730a	Pierre POMES	$aliaslist = get_configured_ip_aliases_list();
632			foreach ($aliaslist as $aliasip => $aliasif)
633	96b4c29a	Pierre POMES	$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
634	6dbffeda	smos
635			$grouplist = return_gateway_groups_array();
636			foreach ($grouplist as $name => $group) {
637			if($group[0]['vip'] <> "")
638			$vipif = $group[0]['vip'];
639			else
640			$vipif = $group[0]['int'];
641			$interfaces[$name] = "GW Group {$name}";
642			}
643
644
645	5a3b0d3b	mgrooms	foreach ($interfaces as $iface => $ifacename):
646			?>
647	a0fca224	Colin Fleming	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
648	5a3b0d3b	mgrooms	<?=htmlspecialchars($ifacename);?>
649			</option>
650			<?php endforeach; ?>
651			</select>
652	8cd558b6	ayvis	<br />
653	2fbb33f1	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Select the interface for the local endpoint of this phase1 entry"); ?>.</span>
654	5a3b0d3b	mgrooms	</td>
655			</tr>
656
657			<?php if (!$pconfig['mobile']): ?>
658
659			<tr>
660	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote gateway"); ?></td>
661	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
662	a0fca224	Colin Fleming	<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="28" value="<?=htmlspecialchars($pconfig['remotegw']);?>" />
663	8cd558b6	ayvis	<br />
664	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Enter the public IP address or host name of the remote gateway"); ?>
665	5a3b0d3b	mgrooms	</td>
666			</tr>
667
668			<?php endif; ?>
669
670			<tr>
671	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
672	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
673	a0fca224	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
674	8cd558b6	ayvis	<br />
675	5a3b0d3b	mgrooms	<span class="vexpl">
676	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
677			"for your reference (not parsed)"); ?>.
678	5a3b0d3b	mgrooms	</span>
679			</td>
680			</tr>
681			<tr>
682			<td colspan="2" class="list" height="12"></td>
683			</tr>
684			<tr>
685			<td colspan="2" valign="top" class="listtopic">
686	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Phase 1 proposal (Authentication)"); ?>
687	5a3b0d3b	mgrooms	</td>
688			</tr>
689	71d61aa5	jim-p	<tr>
690	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication method"); ?></td>
691	71d61aa5	jim-p	<td width="78%" class="vtable">
692	a0fca224	Colin Fleming	<select name="authentication_method" class="formselect" onchange="methodsel_change()">
693	71d61aa5	jim-p	<?php
694			foreach ($p1_authentication_methods as $method_type => $method_params):
695			if (!$pconfig['mobile'] && $method_params['mobile'])
696			continue;
697			?>
698	a0fca224	Colin Fleming	<option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected=\"selected\""; ?>>
699	71d61aa5	jim-p	<?=htmlspecialchars($method_params['name']);?>
700			</option>
701			<?php endforeach; ?>
702			</select>
703	8cd558b6	ayvis	<br />
704	71d61aa5	jim-p	<span class="vexpl">
705	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
706	71d61aa5	jim-p	</span>
707			</td>
708			</tr>
709	0771969b	Ermal LUÇI	<tr id='negmode' >
710	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Negotiation mode"); ?></td>
711	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
712			<select name="mode" class="formselect">
713			<?php
714	fc835b04	Ermal	$modes = array("main" => "Main", "aggressive" => "Aggressive");
715	0dc05b20	Ermal	foreach ($modes as $mode => $mdescr):
716	5a3b0d3b	mgrooms	?>
717	a0fca224	Colin Fleming	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['mode']) echo "selected=\"selected\""; ?>>
718	0dc05b20	Ermal	<?=htmlspecialchars($mdescr);?>
719	5a3b0d3b	mgrooms	</option>
720			<?php endforeach; ?>
721	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Aggressive is more flexible, but less secure"); ?>.</span>
722	5a3b0d3b	mgrooms	</td>
723			</tr>
724			<tr>
725	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("My identifier"); ?></td>
726	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
727	a0fca224	Colin Fleming	<select name="myid_type" class="formselect" onchange="myidsel_change()">
728	5a3b0d3b	mgrooms	<?php foreach ($my_identifier_list as $id_type => $id_params): ?>
729	a0fca224	Colin Fleming	<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['myid_type']) echo "selected=\"selected\""; ?>>
730	5a3b0d3b	mgrooms	<?=htmlspecialchars($id_params['desc']);?>
731			</option>
732			<?php endforeach; ?>
733			</select>
734	a0fca224	Colin Fleming	<input name="myid_data" type="text" class="formfld unknown" id="myid_data" size="30" value="<?=htmlspecialchars($pconfig['myid_data']);?>" />
735	5a3b0d3b	mgrooms	</td>
736			</tr>
737	1f65618b	jim-p	<tr id="opt_peerid">
738	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer identifier"); ?></td>
739	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
740	a0fca224	Colin Fleming	<select name="peerid_type" class="formselect" onchange="peeridsel_change()">
741	5a3b0d3b	mgrooms	<?php
742			foreach ($peer_identifier_list as $id_type => $id_params):
743			if ($pconfig['mobile'] && !$id_params['mobile'])
744			continue;
745			?>
746	a0fca224	Colin Fleming	<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected=\"selected\""; ?>>
747	5a3b0d3b	mgrooms	<?=htmlspecialchars($id_params['desc']);?>
748			</option>
749			<?php endforeach; ?>
750			</select>
751	a0fca224	Colin Fleming	<input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=htmlspecialchars($pconfig['peerid_data']);?>" />
752	1f65618b	jim-p	<?php if ($pconfig['mobile']) { ?>
753	8cd558b6	ayvis	<br /><br /><?=gettext("NOTE: This is known as the \"group\" setting on some VPN client implementations"); ?>.
754	1f65618b	jim-p	<?php } ?>
755	5a3b0d3b	mgrooms	</td>
756			</tr>
757	71d61aa5	jim-p	<tr id="opt_psk">
758	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
759	71d61aa5	jim-p	<td width="78%" class="vtable">
760			<?=$mandfldhtml;?>
761	a0fca224	Colin Fleming	<input name="pskey" type="text" class="formfld unknown" id="pskey" size="40" value="<?=htmlspecialchars($pconfig['pskey']);?>" />
762	71d61aa5	jim-p	<span class="vexpl">
763	8cd558b6	ayvis	<br />
764	2a2b247b	jim-p	<?=gettext("Input your Pre-Shared Key string"); ?>.
765	71d61aa5	jim-p	</span>
766			</td>
767			</tr>
768	fa4e059e	Ermal	<tr id="opt_cert">
769			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td>
770			<td width="78%" class="vtable">
771			<select name="certref" class="formselect">
772			<?php
773			foreach ($config['cert'] as $cert):
774			$selected = "";
775			if ($pconfig['certref'] == $cert['refid'])
776			$selected = "selected=\"selected\"";
777			?>
778			<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option>
779			<?php endforeach; ?>
780			</select>
781			<br />
782			<span class="vexpl">
783			<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>.
784			</span>
785			</td>
786			</tr>
787			<tr id="opt_ca">
788			<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
789			<td width="78%" class="vtable">
790			<select name="caref" class="formselect">
791			<?php
792			foreach ($config['ca'] as $ca):
793			$selected = "";
794			if ($pconfig['caref'] == $ca['refid'])
795			$selected = "selected=\"selected\"";
796			?>
797			<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
798			<?php endforeach; ?>
799			</select>
800			<br />
801			<span class="vexpl">
802			<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
803			</span>
804			</td>
805			</tr>
806			<tr>
807			<td colspan="2" valign="top" class="listtopic">
808			<?=gettext("Phase 1 proposal (Algorithms)"); ?>
809			</td>
810			</tr>
811	5a3b0d3b	mgrooms	<tr>
812	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
813	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
814	a0fca224	Colin Fleming	<select name="ealgo" class="formselect" onchange="ealgosel_change()">
815	5a3b0d3b	mgrooms	<?php
816			foreach ($p1_ealgos as $algo => $algodata):
817	a0fca224	Colin Fleming	$selected = "";
818	5a3b0d3b	mgrooms	if ($algo == $pconfig['ealgo']['name'])
819	a0fca224	Colin Fleming	$selected = " selected=\"selected\"";
820	5a3b0d3b	mgrooms	?>
821			<option value="<?=$algo;?>"<?=$selected?>>
822			<?=htmlspecialchars($algodata['name']);?>
823			</option>
824			<?php endforeach; ?>
825			</select>
826			<select name="ealgo_keylen" width="30" class="formselect">
827			</select>
828			</td>
829			</tr>
830			<tr>
831	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithm"); ?></td>
832	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
833			<select name="halgo" class="formselect">
834			<?php foreach ($p1_halgos as $algo => $algoname): ?>
835	a0fca224	Colin Fleming	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['halgo']) echo "selected=\"selected\""; ?>>
836	5a3b0d3b	mgrooms	<?=htmlspecialchars($algoname);?>
837			</option>
838			<?php endforeach; ?>
839			</select>
840	8cd558b6	ayvis	<br />
841	5a3b0d3b	mgrooms	<span class="vexpl">
842	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
843	5a3b0d3b	mgrooms	</span>
844			</td>
845			</tr>
846			<tr>
847	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("DH key group"); ?></td>
848	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
849			<select name="dhgroup" class="formselect">
850	665340db	jim-p	<?php foreach ($p1_dhgroups as $keygroup => $keygroupname): ?>
851	a0fca224	Colin Fleming	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['dhgroup']) echo "selected=\"selected\""; ?>>
852	665340db	jim-p	<?=htmlspecialchars($keygroupname);?>
853	5a3b0d3b	mgrooms	</option>
854			<?php endforeach; ?>
855			</select>
856	8cd558b6	ayvis	<br />
857	5a3b0d3b	mgrooms	<span class="vexpl">
858	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Must match the setting chosen on the remote side"); ?>.
859	5a3b0d3b	mgrooms	</span>
860			</td>
861			</tr>
862			<tr>
863	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
864	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
865	a0fca224	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />
866	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
867	5a3b0d3b	mgrooms	</td>
868			</tr>
869			<tr>
870			<td colspan="2" class="list" height="12"></td>
871			</tr>
872			<tr>
873	2fbb33f1	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
874	5a3b0d3b	mgrooms	</tr>
875	0e7aad67	Ermal	<tr>
876	3b9ef0ef	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Disable Rekey");?></td>
877	0e7aad67	Ermal	<td width="78%" class="vtable">
878			<input name="rekey_enable" type="checkbox" id="rekey_enable" value="yes" <?php if (isset($pconfig['rekey_enable'])) echo "checked=\"checked\""; ?> />
879			<?=gettext("Whether a connection should be renegotiated when it is about to expire."); ?><br />
880			</td>
881			</tr>
882			<tr>
883	3b9ef0ef	Ermal	<td width="22%" valign="top" class="vncell"><?=gettext("Disable Reauth");?></td>
884	0e7aad67	Ermal	<td width="78%" class="vtable">
885			<input name="reauth_enable" type="checkbox" id="reauth_enable" value="yes" <?php if (isset($pconfig['reauth_enable'])) echo "checked=\"checked\""; ?> />
886	76266acd	Ermal	<?=gettext("Whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done."); ?><br />
887	0e7aad67	Ermal	</td>
888			</tr>
889	5a3b0d3b	mgrooms	<tr>
890	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT Traversal"); ?></td>
891	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
892			<select name="nat_traversal" class="formselect">
893	0810a719	Ermal	<option value="on" <?php if ($pconfig['nat_traversal'] != 'on') echo "selected=\"selected\""; ?>><?=gettext("Auto"); ?></option>
894			<option value="force" <?php if ($pconfig['nat_traversal'] == 'force') echo "selected=\"selected\""; ?>><?=gettext("Force"); ?></option>
895	5a3b0d3b	mgrooms	</select>
896	8cd558b6	ayvis	<br />
897	5a3b0d3b	mgrooms	<span class="vexpl">
898	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed, " .
899			"which can help with clients that are behind restrictive firewalls"); ?>.
900	5a3b0d3b	mgrooms	</span>
901			</td>
902			</tr>
903			<tr>
904	2fbb33f1	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Dead Peer Detection"); ?></td>
905	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
906	a0fca224	Colin Fleming	<input name="dpd_enable" type="checkbox" id="dpd_enable" value="yes" <?php if (isset($pconfig['dpd_enable'])) echo "checked=\"checked\""; ?> onclick="dpdchkbox_change()" />
907	8cd558b6	ayvis	<?=gettext("Enable DPD"); ?><br />
908	5a3b0d3b	mgrooms	<div id="opt_dpd">
909	8cd558b6	ayvis	<br />
910	a0fca224	Colin Fleming	<input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=htmlspecialchars($pconfig['dpd_delay']);?>" />
911	8cd558b6	ayvis	<?=gettext("seconds"); ?><br />
912	5a3b0d3b	mgrooms	<span class="vexpl">
913	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Delay between requesting peer acknowledgement"); ?>.
914	8cd558b6	ayvis	</span><br />
915			<br />
916	a0fca224	Colin Fleming	<input name="dpd_maxfail" type="text" class="formfld unknown" id="dpd_maxfail" size="5" value="<?=htmlspecialchars($pconfig['dpd_maxfail']);?>" />
917	8cd558b6	ayvis	<?=gettext("retries"); ?><br />
918	5a3b0d3b	mgrooms	<span class="vexpl">
919	2fbb33f1	Carlos Eduardo Ramos	<?=gettext("Number of consecutive failures allowed before disconnect"); ?>.
920	5a3b0d3b	mgrooms	</span>
921	8cd558b6	ayvis	<br />
922	5a3b0d3b	mgrooms	</div>
923			</td>
924			</tr>
925			<tr>
926			<td width="22%" valign="top"> </td>
927			<td width="78%">
928			<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
929	a0fca224	Colin Fleming	<input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>" />
930	5a3b0d3b	mgrooms	<?php endif; ?>
931			<?php if ($pconfig['mobile']): ?>
932	a0fca224	Colin Fleming	<input name="mobile" type="hidden" value="true" />
933	5a3b0d3b	mgrooms	<?php endif; ?>
934	a0fca224	Colin Fleming	<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" />
935			<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
936	5a3b0d3b	mgrooms	</td>
937			</tr>
938			</table>
939			</div>
940			</td>
941			</tr>
942			</table>
943	a93e56c5	Matthew Grooms	</form>
944	5a3b0d3b	mgrooms
945	a0fca224	Colin Fleming	<script type="text/javascript">
946			//<![CDATA[
947	a93e56c5	Matthew Grooms	<?php
948			/* determine if we should init the key length */
949			$keyset = '';
950			if (isset($pconfig['ealgo']['keylen']))
951			if (is_numeric($pconfig['ealgo']['keylen']))
952			$keyset = $pconfig['ealgo']['keylen'];
953			?>
954	3462a529	Matthew Grooms	myidsel_change();
955			peeridsel_change();
956	0771969b	Ermal LUÇI	iketype_change();
957	a93e56c5	Matthew Grooms	methodsel_change();
958			ealgosel_change(<?=$keyset;?>);
959			dpdchkbox_change();
960	a0fca224	Colin Fleming	//]]>
961	a93e56c5	Matthew Grooms	</script>
962			<?php include("fend.inc"); ?>
963	3462a529	Matthew Grooms	</body>
964			</html>

Project

General

Profile

pfSense