/usr/local/www/vpn_ipsec_phase2.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_phase2.php @ f579c0fb

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase2.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
7	29aef6c4	Jim Thompson	Copyright (C) 2008 Shrew Soft Inc
8	6317d31d	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
9	a93e56c5	Matthew Grooms	All rights reserved.
10
11			Redistribution and use in source and binary forms, with or without
12			modification, are permitted provided that the following conditions are met:
13
14			1. Redistributions of source code must retain the above copyright notice,
15			this list of conditions and the following disclaimer.
16
17			2. Redistributions in binary form must reproduce the above copyright
18			notice, this list of conditions and the following disclaimer in the
19			documentation and/or other materials provided with the distribution.
20
21			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
22			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
23			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
25			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30			POSSIBILITY OF SUCH DAMAGE.
31			*/
32
33	6b07c15a	Matthew Grooms	##\|+PRIV
34			##\|*IDENT=page-vpn-ipsec-editphase2
35			##\|*NAME=VPN: IPsec: Edit Phase 2 page
36			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
37			##\|MATCH=vpn_ipsec_phase2.php
38			##\|-PRIV
39
40	0f84b741	Scott Ullrich	require("functions.inc");
41	a93e56c5	Matthew Grooms	require("guiconfig.inc");
42	483e6de8	Scott Ullrich	require_once("ipsec.inc");
43			require_once("vpn.inc");
44	a93e56c5	Matthew Grooms
45	3462a529	Matthew Grooms	if (!is_array($config['ipsec']['client']))
46			$config['ipsec']['client'] = array();
47
48			$a_client = &$config['ipsec']['client'];
49
50	6c3be365	Chris Buechler	if (!is_array($config['ipsec']['phase1']))
51			$config['ipsec']['phase1'] = array();
52
53	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase2']))
54			$config['ipsec']['phase2'] = array();
55
56	6c3be365	Chris Buechler	$a_phase1 = &$config['ipsec']['phase1'];
57	a93e56c5	Matthew Grooms	$a_phase2 = &$config['ipsec']['phase2'];
58
59	9b915686	Ermal	if (!empty($_GET['p2index']))
60			$uindex = $_GET['p2index'];
61			if (!empty($_POST['uniqid']))
62			$uindex = $_POST['uniqid'];
63
64			if (!empty($_GET['dup']))
65			$uindex = $_GET['dup'];
66
67			$ph2found = false;
68			if (isset($uindex)) {
69			foreach ($a_phase2 as $p2index => $ph2) {
70			if ($ph2['uniqid'] == $uindex) {
71			$ph2found = true;
72			break;
73			}
74			}
75			}
76	a93e56c5	Matthew Grooms
77	9b915686	Ermal	if ($ph2found === true)
78	a93e56c5	Matthew Grooms	{
79	9b915686	Ermal	$pconfig['ikeid'] = $ph2['ikeid'];
80			$pconfig['disabled'] = isset($ph2['disabled']);
81			$pconfig['mode'] = $ph2['mode'];
82			$pconfig['descr'] = $ph2['descr'];
83			$pconfig['uniqid'] = $ph2['uniqid'];
84
85			if (!empty($ph2['natlocalid']))
86			idinfo_to_pconfig("natlocal",$ph2['natlocalid'],$pconfig);
87			idinfo_to_pconfig("local",$ph2['localid'],$pconfig);
88			idinfo_to_pconfig("remote",$ph2['remoteid'],$pconfig);
89
90			$pconfig['proto'] = $ph2['protocol'];
91			ealgos_to_pconfig($ph2['encryption-algorithm-option'],$pconfig);
92			$pconfig['halgos'] = $ph2['hash-algorithm-option'];
93			$pconfig['pfsgroup'] = $ph2['pfsgroup'];
94			$pconfig['lifetime'] = $ph2['lifetime'];
95			$pconfig['pinghost'] = $ph2['pinghost'];
96	b4013725	Ermal LUÇI	$pconfig['reqid'] = $ph2['reqid'];
97	9b915686	Ermal
98			if (isset($ph2['mobile']))
99	3462a529	Matthew Grooms	$pconfig['mobile'] = true;
100	a93e56c5	Matthew Grooms	}
101			else
102			{
103			$pconfig['ikeid'] = $_GET['ikeid'];
104
105			/* defaults */
106			$pconfig['localid_type'] = "lan";
107			$pconfig['remoteid_type'] = "network";
108			$pconfig['proto'] = "esp";
109	ed5c6e89	Chris Buechler	$pconfig['ealgos'] = explode(",", "aes");
110			$pconfig['halgos'] = explode(",", "hmac_sha1");
111	a93e56c5	Matthew Grooms	$pconfig['pfsgroup'] = "0";
112			$pconfig['lifetime'] = "3600";
113	9b915686	Ermal	$pconfig['uniqid'] = uniqid();
114	3462a529	Matthew Grooms
115	9b915686	Ermal	/* mobile client */
116			if($_GET['mobile'])
117			$pconfig['mobile']=true;
118	a93e56c5	Matthew Grooms	}
119
120	9b915686	Ermal	unset($ph2);
121			if (!empty($_GET['dup'])) {
122			unset($uindex);
123	a93e56c5	Matthew Grooms	unset($p2index);
124	9b915686	Ermal	$pconfig['uniqid'] = uniqid();
125			}
126	a93e56c5	Matthew Grooms
127			if ($_POST) {
128
129			unset($input_errors);
130			$pconfig = $_POST;
131
132			if (!isset( $_POST['ikeid']))
133	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid ikeid must be specified.");
134	a93e56c5	Matthew Grooms
135			/* input validation */
136	c650b2f7	Ermal	$reqdfields = explode(" ", "localid_type uniqid");
137			$reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier"));
138	3462a529	Matthew Grooms	if (!isset($pconfig['mobile'])){
139			$reqdfields[] = "remoteid_type";
140	123929e0	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote network type");
141	3462a529	Matthew Grooms	}
142	a93e56c5	Matthew Grooms
143	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
144	a93e56c5	Matthew Grooms
145	3795d067	Seth Mos	if(($pconfig['mode'] == "tunnel") \|\| ($pconfig['mode'] == "tunnel6"))
146	4b96b367	mgrooms	{
147			switch ($pconfig['localid_type']) {
148			case "network":
149	184d50b5	Ermal Lu?i	if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) \|\| !is_numeric($pconfig['localid_netbits']))
150	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network bit count must be specified.");
151	4b96b367	mgrooms	case "address":
152			if (!$pconfig['localid_address'] \|\| !is_ipaddr($pconfig['localid_address']))
153	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network IP address must be specified.");
154	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel"))
155			$input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6");
156			elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6"))
157			$input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4");
158	4b96b367	mgrooms	break;
159			}
160	a5a483e0	jim-p	/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
161			if (is_array($config['interfaces'][$pconfig['localid_type']])) {
162			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
163			$address = get_interface_ip($pconfig['localid_type']);
164			$netbits = get_interface_subnet($pconfig['localid_type']);
165
166			if (empty($address) \|\| empty($netbits))
167			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
168			}
169	3c107b76	Ermal
170	72dd4f07	Ermal	if (!empty($pconfig['natlocalid_address'])) {
171	261e72f0	Ermal	switch ($pconfig['natlocalid_type']) {
172			case "network":
173			if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) \|\| !is_numeric($pconfig['natlocalid_netbits']))
174	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network bit count must be specified.");
175	8d1a9e58	Ermal	if ($pconfig['localid_type'] == "address")
176			$input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
177	261e72f0	Ermal	case "address":
178			if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address']))
179	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IP address must be specified.");
180	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel"))
181	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6");
182	e4ffca08	Renato Botelho	elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6"))
183	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4");
184	261e72f0	Ermal	break;
185			}
186
187			if (is_array($config['interfaces'][$pconfig['natlocalid_type']])) {
188			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
189			$address = get_interface_ip($pconfig['natlocalid_type']);
190			$netbits = get_interface_subnet($pconfig['natlocalid_type']);
191
192			if (empty($address) \|\| empty($netbits))
193			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['natlocalid_type']) . " " . gettext("has no subnet.");
194			}
195	3c107b76	Ermal	}
196	a5a483e0	jim-p
197	4b96b367	mgrooms	switch ($pconfig['remoteid_type']) {
198			case "network":
199	184d50b5	Ermal Lu?i	if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) \|\| !is_numeric($pconfig['remoteid_netbits']))
200	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network bit count must be specified.");
201	4b96b367	mgrooms	case "address":
202			if (!$pconfig['remoteid_address'] \|\| !is_ipaddr($pconfig['remoteid_address']))
203	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network IP address must be specified.");
204	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel"))
205			$input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6");
206			elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6"))
207			$input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4");
208	4b96b367	mgrooms	break;
209			}
210	a93e56c5	Matthew Grooms	}
211	538b6eb3	Evgeny Yurchenko	/* Validate enabled phase2's are not duplicates */
212	061f28bf	Evgeny Yurchenko	if (isset($pconfig['mobile'])){
213	538b6eb3	Evgeny Yurchenko	/* User is adding phase 2 for mobile phase1 */
214	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
215	9b915686	Ermal	if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) {
216	061f28bf	Evgeny Yurchenko	/* check duplicate localids only for mobile clents */
217	d83045b5	Ermal	$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
218	3da5c50d	Evgeny Yurchenko	$entered = array();
219			$entered['type'] = $pconfig['localid_type'];
220			if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
221			if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
222	d83045b5	Ermal	$entered_localid_data = ipsec_idinfo_to_cidr($entered, false, $pconfig['mode']);
223	b717f1bc	Evgeny Yurchenko	if ($localid_data == $entered_localid_data){
224	9b915686	Ermal	/* adding new p2 entry */
225			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
226			break;
227	061f28bf	Evgeny Yurchenko	}
228			}
229			}
230	538b6eb3	Evgeny Yurchenko	}else{
231			/* User is adding phase 2 for site-to-site phase1 */
232			$input_error = 0;
233	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
234	9b915686	Ermal	if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid'] && $pconfig['uniqid'] != $name['uniqid']) {
235	538b6eb3	Evgeny Yurchenko	/* check duplicate subnets only for given phase1 */
236	d83045b5	Ermal	$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
237			$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid'], false, $name['mode']);
238	3da5c50d	Evgeny Yurchenko	$entered_local = array();
239			$entered_local['type'] = $pconfig['localid_type'];
240			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
241			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
242	d83045b5	Ermal	$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
243	3da5c50d	Evgeny Yurchenko	$entered_remote = array();
244			$entered_remote['type'] = $pconfig['remoteid_type'];
245			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
246			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
247	d83045b5	Ermal	$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
248	3da5c50d	Evgeny Yurchenko	if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
249	9b915686	Ermal	/* adding new p2 entry */
250			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
251			break;
252	538b6eb3	Evgeny Yurchenko	}
253			}
254			}
255	708af634	Chris Buechler	foreach ($a_phase1 as $phase1) {
256			if($phase1['ikeid'] == $pconfig['ikeid']) {
257			/* This is the P1 for this entry, validate its remote-gateway and local interface isn't within tunnel */
258			$entered_local = array();
259			$entered_local['type'] = $pconfig['localid_type'];
260			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
261			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
262			$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
263	f3ab0e74	Ermal LUÇI	list($entered_local_network, $entered_local_mask) = explode('/', $entered_localid_data);
264	708af634	Chris Buechler	$entered_remote = array();
265			$entered_remote['type'] = $pconfig['remoteid_type'];
266			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
267			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
268			$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
269	f3ab0e74	Ermal LUÇI	list($entered_remote_network, $entered_remote_mask) = explode('/', $entered_remoteid_data);
270	708af634	Chris Buechler	if ($phase1['protocol'] == "inet6") {
271			$if = get_failover_interface($phase1['interface'], "inet6");
272			$interfaceip = get_interface_ipv6($if);
273			} else {
274			$if = get_failover_interface($phase1['interface']);
275			$interfaceip = get_interface_ip($if);
276			}
277			/* skip validation for hostnames, they're subject to change anyway */
278			if (is_ipaddr($phase1['remote-gateway'])) {
279			if ($pconfig['mode'] == "tunnel") {
280			if(check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) {
281			$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
282			break;
283			}
284			} else if ($pconfig['mode'] == "tunnel6") {
285			if(check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) {
286			$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
287			break;
288			}
289			}
290	6c3be365	Chris Buechler	}
291			}
292			}
293	538b6eb3	Evgeny Yurchenko	}
294	3462a529	Matthew Grooms
295	b20a5cdb	Pierre POMES	/* For ESP protocol, handle encryption algorithms */
296			if ( $pconfig['proto'] == "esp") {
297			$ealgos = pconfig_to_ealgos($pconfig);
298
299			if (!count($ealgos)) {
300			$input_errors[] = gettext("At least one encryption algorithm must be selected.");
301	c650b2f7	Ermal	} else {
302	f950a062	Ermal	if (empty($pconfig['halgos'])) {
303	c650b2f7	Ermal	foreach ($ealgos as $ealgo) {
304			if (!strpos($ealgo['name'], "gcm")) {
305			$input_errors[] = gettext("At least one hashing algorithm needs to be selected.");
306			break;
307			}
308			}
309			}
310	b20a5cdb	Pierre POMES	}
311	c650b2f7	Ermal
312	a93e56c5	Matthew Grooms	}
313			if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
314	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("The P2 lifetime must be an integer.");
315	a93e56c5	Matthew Grooms	}
316
317			if (!$input_errors) {
318	3462a529	Matthew Grooms
319	9b915686	Ermal	$ph2ent = array();
320	3462a529	Matthew Grooms	$ph2ent['ikeid'] = $pconfig['ikeid'];
321	9b915686	Ermal	$ph2ent['uniqid'] = $pconfig['uniqid'];
322	4b96b367	mgrooms	$ph2ent['mode'] = $pconfig['mode'];
323	3462a529	Matthew Grooms	$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
324	b4013725	Ermal LUÇI	if (!isset($pconfig['reqid']))
325			$ph2ent['reqid'] = ipsec_new_reqid();
326			else
327			$ph2ent['reqid'] = $pconfig['reqid'];
328	3462a529	Matthew Grooms
329	3795d067	Seth Mos	if(($ph2ent['mode'] == "tunnel") \|\| ($ph2ent['mode'] == "tunnel6")){
330	72dd4f07	Ermal	if (!empty($pconfig['natlocalid_address']))
331	3c107b76	Ermal	$ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal",$pconfig);
332	4b96b367	mgrooms	$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
333			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
334			}
335	3462a529	Matthew Grooms
336			$ph2ent['protocol'] = $pconfig['proto'];
337	a93e56c5	Matthew Grooms	$ph2ent['encryption-algorithm-option'] = $ealgos;
338	c650b2f7	Ermal	if (!empty($pconfig['halgos']))
339			$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
340			else
341			unset($ph2ent['hash-algorithm-option']);
342	3462a529	Matthew Grooms	$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
343			$ph2ent['lifetime'] = $pconfig['lifetime'];
344	87e07f52	mgrooms	$ph2ent['pinghost'] = $pconfig['pinghost'];
345	3462a529	Matthew Grooms	$ph2ent['descr'] = $pconfig['descr'];
346
347			if (isset($pconfig['mobile']))
348			$ph2ent['mobile'] = true;
349	a93e56c5	Matthew Grooms
350	9b915686	Ermal	if ($ph2found === true && $a_phase2[$p2index])
351	a93e56c5	Matthew Grooms	$a_phase2[$p2index] = $ph2ent;
352			else
353			$a_phase2[] = $ph2ent;
354
355	e92fb875	Seth Mos
356	a93e56c5	Matthew Grooms	write_config();
357	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
358	a93e56c5	Matthew Grooms
359			header("Location: vpn_ipsec.php");
360			exit;
361			}
362			}
363
364	3462a529	Matthew Grooms	if ($pconfig['mobile'])
365	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
366	3462a529	Matthew Grooms	else
367	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
368	b32dd0a6	jim-p	$shortcut_section = "ipsec";
369	6deedfde	jim-p
370	3462a529	Matthew Grooms
371	a93e56c5	Matthew Grooms	include("head.inc");
372
373			?>
374
375			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
376			<?php include("fbegin.inc"); ?>
377	3a50eb39	Colin Fleming	<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
378	91f026b0	ayvis	<script type="text/javascript">
379	3a50eb39	Colin Fleming	//<![CDATA[
380	4b96b367	mgrooms
381			function change_mode() {
382			index = document.iform.mode.selectedIndex;
383			value = document.iform.mode.options[index].value;
384	3795d067	Seth Mos	if ((value == 'tunnel') \|\| (value == 'tunnel6')) {
385	4b96b367	mgrooms	document.getElementById('opt_localid').style.display = '';
386	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
387	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = '';
388	71880c96	pierrepomes	<?php endif; ?>
389	4b96b367	mgrooms	} else {
390			document.getElementById('opt_localid').style.display = 'none';
391	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
392	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = 'none';
393	71880c96	pierrepomes	<?php endif; ?>
394	4b96b367	mgrooms	}
395			}
396
397	3c107b76	Ermal	function typesel_change_natlocal(bits) {
398			var value = document.iform.mode.options[index].value;
399			if (typeof(bits) === "undefined") {
400			if (value === "tunnel") {
401			bits = 24;
402			}
403			else if (value === "tunnel6") {
404			bits = 64;
405			}
406			}
407			var address_is_blank = !/\S/.test(document.iform.natlocalid_address.value);
408			switch (document.iform.natlocalid_type.selectedIndex) {
409			case 0: /* single */
410			document.iform.natlocalid_address.disabled = 0;
411			if (address_is_blank) {
412			document.iform.natlocalid_netbits.value = 0;
413			}
414			document.iform.natlocalid_netbits.disabled = 1;
415			break;
416			case 1: /* network */
417			document.iform.natlocalid_address.disabled = 0;
418			if (address_is_blank) {
419			document.iform.natlocalid_netbits.value = bits;
420			}
421			document.iform.natlocalid_netbits.disabled = 0;
422			break;
423			case 3: /* none */
424			document.iform.natlocalid_address.disabled = 1;
425			document.iform.natlocalid_netbits.disabled = 1;
426			break;
427			default:
428			document.iform.natlocalid_address.value = "";
429			document.iform.natlocalid_address.disabled = 1;
430			if (address_is_blank) {
431			document.iform.natlocalid_netbits.value = 0;
432			}
433			document.iform.natlocalid_netbits.disabled = 1;
434			break;
435			}
436			}
437
438	a93e56c5	Matthew Grooms	function typesel_change_local(bits) {
439	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
440			if (typeof(bits) === "undefined") {
441			if (value === "tunnel") {
442			bits = 24;
443			}
444			else if (value === "tunnel6") {
445			bits = 64;
446			}
447			}
448			var address_is_blank = !/\S/.test(document.iform.localid_address.value);
449	a93e56c5	Matthew Grooms	switch (document.iform.localid_type.selectedIndex) {
450			case 0: /* single */
451			document.iform.localid_address.disabled = 0;
452	c2feff64	Darren Embry	if (address_is_blank) {
453			document.iform.localid_netbits.value = 0;
454			}
455	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
456			break;
457			case 1: /* network */
458			document.iform.localid_address.disabled = 0;
459	c2feff64	Darren Embry	if (address_is_blank) {
460			document.iform.localid_netbits.value = bits;
461			}
462	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 0;
463			break;
464	63017a73	Ermal Lu?i	case 3: /* none */
465			document.iform.localid_address.disabled = 1;
466			document.iform.localid_netbits.disabled = 1;
467			break;
468	a93e56c5	Matthew Grooms	default:
469			document.iform.localid_address.value = "";
470			document.iform.localid_address.disabled = 1;
471	c2feff64	Darren Embry	if (address_is_blank) {
472			document.iform.localid_netbits.value = 0;
473			}
474	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
475			break;
476			}
477			}
478	3462a529	Matthew Grooms
479	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
480	3462a529	Matthew Grooms
481	a93e56c5	Matthew Grooms	function typesel_change_remote(bits) {
482	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
483			if (typeof(bits) === "undefined") {
484			if (value === "tunnel") {
485			bits = 24;
486			}
487			else if (value === "tunnel6") {
488			bits = 64;
489			}
490			}
491			var address_is_blank = !/\S/.test(document.iform.remoteid_address.value);
492	a93e56c5	Matthew Grooms	switch (document.iform.remoteid_type.selectedIndex) {
493			case 0: /* single */
494			document.iform.remoteid_address.disabled = 0;
495	c2feff64	Darren Embry	if (address_is_blank) {
496			document.iform.remoteid_netbits.value = 0;
497			}
498	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
499			break;
500			case 1: /* network */
501			document.iform.remoteid_address.disabled = 0;
502	c2feff64	Darren Embry	if (address_is_blank) {
503			document.iform.remoteid_netbits.value = bits;
504			}
505	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 0;
506			break;
507			default:
508			document.iform.remoteid_address.value = "";
509			document.iform.remoteid_address.disabled = 1;
510	c2feff64	Darren Embry	if (address_is_blank) {
511			document.iform.remoteid_netbits.value = 0;
512			}
513	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
514			break;
515			}
516			}
517	3462a529	Matthew Grooms
518			<?php endif; ?>
519
520	4b96b367	mgrooms	function change_protocol() {
521	87e07f52	mgrooms	index = document.iform.proto.selectedIndex;
522			value = document.iform.proto.options[index].value;
523			if (value == 'esp')
524			document.getElementById('opt_enc').style.display = '';
525			else
526			document.getElementById('opt_enc').style.display = 'none';
527			}
528
529	3a50eb39	Colin Fleming	//]]>
530	a93e56c5	Matthew Grooms	</script>
531	5a3b0d3b	mgrooms
532			<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
533
534			<?php
535			if ($input_errors)
536			print_input_errors($input_errors);
537			?>
538
539	3a50eb39	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-2">
540	5a3b0d3b	mgrooms	<tr class="tabnavtbl">
541			<td id="tabnav">
542			<?php
543			$tab_array = array();
544	123929e0	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
545			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
546	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
547	71172088	jim-p	$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
548	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
549			?>
550			</td>
551			</tr>
552			<tr>
553			<td id="mainarea">
554			<div class="tabcont">
555	3a50eb39	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
556	5a3b0d3b	mgrooms	<tr>
557	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
558	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
559	3a50eb39	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
560	123929e0	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase2 entry"); ?></strong>
561	8cd558b6	ayvis	<br />
562	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
563			"removing it from the list"); ?>.
564	5a3b0d3b	mgrooms	</span>
565			</td>
566			</tr>
567			<tr>
568	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
569	4b96b367	mgrooms	<td width="78%" class="vtable">
570	3a50eb39	Colin Fleming	<select name="mode" class="formselect" onchange="change_mode()">
571	4b96b367	mgrooms	<?php
572			foreach($p2_modes as $name => $value):
573			$selected = "";
574			if ($name == $pconfig['mode'])
575	3a50eb39	Colin Fleming	$selected = "selected=\"selected\"";
576	4b96b367	mgrooms	?>
577			<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
578			<?php endforeach; ?>
579			</select>
580			</td>
581			</tr>
582			<tr id="opt_localid">
583	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
584	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
585	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="local network">
586	5a3b0d3b	mgrooms	<tr>
587	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
588	5a3b0d3b	mgrooms	<td></td>
589			<td>
590	3a50eb39	Colin Fleming	<select name="localid_type" class="formselect" onchange="typesel_change_local()">
591			<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected=\"selected\"";?>><?=gettext("Address"); ?></option>
592			<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected=\"selected\"";?>><?=gettext("Network"); ?></option>
593	d48dbceb	Erik Fonnesbeck	<?php
594			$iflist = get_configured_interface_with_descr();
595			foreach ($iflist as $ifname => $ifdescr):
596			?>
597	3a50eb39	Colin Fleming	<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected=\"selected\"";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
598	d48dbceb	Erik Fonnesbeck	<?php endforeach; ?>
599	5a3b0d3b	mgrooms	</select>
600			</td>
601			</tr>
602			<tr>
603	11c160b0	Rafael Lucas	<td><?=gettext("Address:");?>  </td>
604	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
605			<td>
606	3a50eb39	Colin Fleming	<input name="localid_address" type="text" class="formfld unknown ipv4v6" id="localid_address" size="28" value="<?=htmlspecialchars($pconfig['localid_address']);?>" />
607	5a3b0d3b	mgrooms	/
608	6255beda	Darren Embry	<select name="localid_netbits" class="formselect ipv4v6" id="localid_netbits">
609	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--): ?>
610	3a50eb39	Colin Fleming	<option value="<?=$i;?>" <?php if (isset($pconfig['localid_netbits']) && $i == $pconfig['localid_netbits']) echo "selected=\"selected\""; ?>>
611	5a3b0d3b	mgrooms	<?=$i;?>
612			</option>
613			<?php endfor; ?>
614			</select>
615			</td>
616			</tr>
617	3c107b76	Ermal	<tr> <td colspan="3">
618	8cd558b6	ayvis	<br />
619	3c107b76	Ermal	<?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?>
620			</td></tr>
621			<tr>
622			<td><?=gettext("Type"); ?>:  </td>
623			<td></td>
624			<td>
625	3a50eb39	Colin Fleming	<select name="natlocalid_type" class="formselect" onchange="typesel_change_natlocal()">
626			<option value="address" <?php if ($pconfig['natlocalid_type'] == "address") echo "selected=\"selected\"";?>><?=gettext("Address"); ?></option>
627			<option value="network" <?php if ($pconfig['natlocalid_type'] == "network") echo "selected=\"selected\"";?>><?=gettext("Network"); ?></option>
628	3c107b76	Ermal	<?php
629			$iflist = get_configured_interface_with_descr();
630			foreach ($iflist as $ifname => $ifdescr):
631			?>
632	3a50eb39	Colin Fleming	<option value="<?=$ifname; ?>" <?php if ($pconfig['natlocalid_type'] == $ifname ) echo "selected=\"selected\"";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
633	3c107b76	Ermal	<?php endforeach; ?>
634	3a50eb39	Colin Fleming	<option value="none" <?php if (empty($pconfig['natlocalid_type']) \|\| $pconfig['natlocalid_type'] == "none" ) echo "selected=\"selected\"";?>><?=gettext("None"); ?></option>
635	3c107b76	Ermal	</select>
636			</td>
637			</tr>
638			<tr>
639			<td><?=gettext("Address:");?>  </td>
640			<td><?=$mandfldhtmlspc;?></td>
641			<td>
642	3a50eb39	Colin Fleming	<input name="natlocalid_address" type="text" class="formfld unknown ipv4v6" id="natlocalid_address" size="28" value="<?=htmlspecialchars($pconfig['natlocalid_address']);?>" />
643	3c107b76	Ermal	/
644			<select name="natlocalid_netbits" class="formselect ipv4v6" id="natlocalid_netbits">
645			<?php for ($i = 128; $i >= 0; $i--): ?>
646	3a50eb39	Colin Fleming	<option value="<?=$i;?>" <?php if (isset($pconfig['natlocalid_netbits']) && $i == $pconfig['natlocalid_netbits']) echo "selected=\"selected\""; ?>>
647	3c107b76	Ermal	<?=$i;?>
648			</option>
649			<?php endfor; ?>
650			</select>
651			</td>
652			</tr>
653	5a3b0d3b	mgrooms	</table>
654			</td>
655			</tr>
656
657			<?php if (!isset($pconfig['mobile'])): ?>
658
659	4b96b367	mgrooms	<tr id="opt_remoteid">
660	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
661	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
662	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="remote network">
663	5a3b0d3b	mgrooms	<tr>
664	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
665	5a3b0d3b	mgrooms	<td></td>
666			<td>
667	3a50eb39	Colin Fleming	<select name="remoteid_type" class="formselect" onchange="typesel_change_remote()">
668			<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected=\"selected\""; ?>><?=gettext("Address"); ?></option>
669			<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
670	5a3b0d3b	mgrooms	</select>
671			</td>
672			</tr>
673			<tr>
674	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Address"); ?>:  </td>
675	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
676			<td>
677	3a50eb39	Colin Fleming	<input name="remoteid_address" type="text" class="formfld unknown ipv4v6" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>" />
678	5a3b0d3b	mgrooms	/
679	6255beda	Darren Embry	<select name="remoteid_netbits" class="formselect ipv4v6" id="remoteid_netbits">
680	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--) {
681	184d50b5	Ermal Lu?i
682			echo "<option value=\"{$i}\"";
683	3a50eb39	Colin Fleming	if (isset($pconfig['remoteid_netbits']) && $i == $pconfig['remoteid_netbits']) echo " selected=\"selected\"";
684	184d50b5	Ermal Lu?i	echo ">{$i}</option>\n";
685			} ?>
686	5a3b0d3b	mgrooms	</select>
687			</td>
688			</tr>
689			</table>
690	a93e56c5	Matthew Grooms	</td>
691	5a3b0d3b	mgrooms	</tr>
692
693	3462a529	Matthew Grooms	<?php endif; ?>
694	5a3b0d3b	mgrooms
695			<tr>
696	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
697	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
698	3a50eb39	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
699	8cd558b6	ayvis	<br />
700	5a3b0d3b	mgrooms	<span class="vexpl">
701	123929e0	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
702			"for your reference (not parsed)"); ?>.
703	5a3b0d3b	mgrooms	</span>
704			</td>
705			</tr>
706			<tr>
707			<td colspan="2" class="list" height="12"></td>
708			</tr>
709			<tr>
710			<td colspan="2" valign="top" class="listtopic">
711	123929e0	Carlos Eduardo Ramos	<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
712	5a3b0d3b	mgrooms	</td>
713			</tr>
714			<tr>
715	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
716	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
717	3a50eb39	Colin Fleming	<select name="proto" class="formselect" onchange="change_protocol()">
718	5a3b0d3b	mgrooms	<?php foreach ($p2_protos as $proto => $protoname): ?>
719	3a50eb39	Colin Fleming	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected=\"selected\""; ?>>
720	5a3b0d3b	mgrooms	<?=htmlspecialchars($protoname);?>
721			</option>
722			<?php endforeach; ?>
723			</select>
724	8cd558b6	ayvis	<br />
725	5a3b0d3b	mgrooms	<span class="vexpl">
726	123929e0	Carlos Eduardo Ramos	<?=gettext("ESP is encryption, AH is authentication only"); ?>
727	5a3b0d3b	mgrooms	</span>
728			</td>
729			</tr>
730	87e07f52	mgrooms	<tr id="opt_enc">
731	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
732	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
733	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="encryption">
734	5a3b0d3b	mgrooms	<?php
735			foreach ($p2_ealgos as $algo => $algodata):
736			$checked = '';
737	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos']) && in_array($algo,$pconfig['ealgos']))
738	3a50eb39	Colin Fleming	$checked = " checked=\"checked\"";
739	5a3b0d3b	mgrooms	?>
740			<tr>
741			<td>
742	3a50eb39	Colin Fleming	<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?> />
743	5a3b0d3b	mgrooms	</td>
744			<td>
745			<?=htmlspecialchars($algodata['name']);?>
746			</td>
747			<td>
748			<?php if(is_array($algodata['keysel'])): ?>
749
750			<select name="keylen_<?=$algo;?>" class="formselect">
751	123929e0	Carlos Eduardo Ramos	<option value="auto"><?=gettext("auto"); ?></option>
752	5a3b0d3b	mgrooms	<?php
753			$key_hi = $algodata['keysel']['hi'];
754			$key_lo = $algodata['keysel']['lo'];
755			$key_step = $algodata['keysel']['step'];
756			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
757	3a50eb39	Colin Fleming	$selected = "";
758	5a3b0d3b	mgrooms	// if ($checked && in_array("keylen_".$algo,$pconfig))
759			if ($keylen == $pconfig["keylen_".$algo])
760	3a50eb39	Colin Fleming	$selected = " selected=\"selected\"";
761	5a3b0d3b	mgrooms	?>
762	123929e0	Carlos Eduardo Ramos	<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
763	5a3b0d3b	mgrooms	<?php endfor; ?>
764			</select>
765			<?php endif; ?>
766			</td>
767			</tr>
768
769			<?php endforeach; ?>
770
771			</table>
772	8cd558b6	ayvis	<br />
773	123929e0	Carlos Eduardo Ramos	<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
774			"crypto accelerator card. Blowfish is usually the fastest in " .
775			"software encryption"); ?>.
776	5a3b0d3b	mgrooms	</td>
777			</tr>
778			<tr>
779	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
780	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
781			<?php foreach ($p2_halgos as $algo => $algoname): ?>
782	3a50eb39	Colin Fleming	<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked=\"checked\""; ?> />
783	5a3b0d3b	mgrooms	<?=htmlspecialchars($algoname);?>
784	8cd558b6	ayvis	<br />
785	5a3b0d3b	mgrooms	<?php endforeach; ?>
786			</td>
787			</tr>
788			<tr>
789	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
790	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
791			<?php if (!isset($pconfig['mobile']) \|\| !isset($a_client['pfs_group'])): ?>
792			<select name="pfsgroup" class="formselect">
793			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
794	3a50eb39	Colin Fleming	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected=\"selected\""; ?>>
795	5a3b0d3b	mgrooms	<?=htmlspecialchars($keygroupname);?>
796			</option>
797			<?php endforeach; ?>
798			</select>
799	8cd558b6	ayvis	<br />
800	5a3b0d3b	mgrooms	<?php else: ?>
801
802	3a50eb39	Colin Fleming	<select class="formselect" disabled="disabled">
803			<option selected="selected"><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
804	5a3b0d3b	mgrooms	</select>
805	3a50eb39	Colin Fleming	<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>" />
806	8cd558b6	ayvis	<br />
807	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
808	5a3b0d3b	mgrooms	<?php endif; ?>
809			</td>
810			</tr>
811			<tr>
812	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
813	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
814	3a50eb39	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />
815	123929e0	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
816	5a3b0d3b	mgrooms	</td>
817			</tr>
818	87e07f52	mgrooms	<tr>
819			<td colspan="2" class="list" height="12"></td>
820			</tr>
821			<tr>
822	123929e0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
823	87e07f52	mgrooms	</tr>
824			<tr>
825	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
826	87e07f52	mgrooms	<td width="78%" class="vtable">
827	3a50eb39	Colin Fleming	<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="28" value="<?=htmlspecialchars($pconfig['pinghost']);?>" />
828	123929e0	Carlos Eduardo Ramos	<?=gettext("IP address"); ?>
829	87e07f52	mgrooms	</td>
830			</tr>
831	5a3b0d3b	mgrooms	<tr>
832			<td width="22%" valign="top"> </td>
833			<td width="78%">
834			<?php if ($pconfig['mobile']): ?>
835	3a50eb39	Colin Fleming	<input name="mobile" type="hidden" value="true" />
836			<input name="remoteid_type" type="hidden" value="mobile" />
837	5a3b0d3b	mgrooms	<?php endif; ?>
838	3a50eb39	Colin Fleming	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
839			<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" />
840	b4013725	Ermal LUÇI	<?php if (!empty($pconfig['reqid'])): ?>
841			<input name="reqid" type="hidden" value="<?=htmlspecialchars($pconfig['reqid']);?>" />
842			<?php endif; ?>
843	9b915686	Ermal	<input name="uniqid" type="hidden" value="<?=htmlspecialchars($pconfig['uniqid']);?>" />
844	5a3b0d3b	mgrooms	</td>
845			</tr>
846			</table>
847			</div>
848			</td>
849			</tr>
850			</table>
851	a93e56c5	Matthew Grooms	</form>
852	3a50eb39	Colin Fleming	<script type="text/javascript">
853			//<![CDATA[
854	dd5bf424	Scott Ullrich	change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
855			change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
856			typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
857	3c107b76	Ermal	typesel_change_natlocal(<?=htmlspecialchars($pconfig['natlocalid_netbits'])?>);
858	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
859	dd5bf424	Scott Ullrich	typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
860	71880c96	pierrepomes	<?php endif; ?>
861	3a50eb39	Colin Fleming	//]]>
862	a93e56c5	Matthew Grooms	</script>
863			<?php include("fend.inc"); ?>
864	3462a529	Matthew Grooms	</body>
865			</html>
866	a93e56c5	Matthew Grooms
867			<?php
868
869	3462a529	Matthew Grooms	/* local utility functions */
870
871	a93e56c5	Matthew Grooms	function pconfig_to_ealgos(& $pconfig) {
872			global $p2_ealgos;
873
874			$ealgos = array();
875	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos'])) {
876			foreach ($p2_ealgos as $algo_name => $algo_data) {
877			if (in_array($algo_name,$pconfig['ealgos'])) {
878			$ealg = array();
879			$ealg['name'] = $algo_name;
880			if (is_array($algo_data['keysel']))
881			$ealg['keylen'] = $_POST["keylen_".$algo_name];
882			$ealgos[] = $ealg;
883			}
884	a93e56c5	Matthew Grooms	}
885			}
886
887			return $ealgos;
888			}
889
890			function ealgos_to_pconfig(& $ealgos,& $pconfig) {
891
892			$pconfig['ealgos'] = array();
893			foreach ($ealgos as $algo_data) {
894			$pconfig['ealgos'][] = $algo_data['name'];
895			if (isset($algo_data['keylen']))
896			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
897			}
898
899			return $ealgos;
900			}
901
902			function pconfig_to_idinfo($prefix,& $pconfig) {
903
904			$type = $pconfig[$prefix."id_type"];
905			$address = $pconfig[$prefix."id_address"];
906			$netbits = $pconfig[$prefix."id_netbits"];
907
908			switch( $type )
909			{
910			case "address":
911			return array('type' => $type, 'address' => $address);
912			case "network":
913			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
914			default:
915			return array('type' => $type );
916			}
917			}
918
919			function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
920
921			switch( $idinfo['type'] )
922			{
923			case "address":
924			$pconfig[$prefix."id_type"] = $idinfo['type'];
925			$pconfig[$prefix."id_address"] = $idinfo['address'];
926			break;
927			case "network":
928			$pconfig[$prefix."id_type"] = $idinfo['type'];
929			$pconfig[$prefix."id_address"] = $idinfo['address'];
930			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
931			break;
932			default:
933			$pconfig[$prefix."id_type"] = $idinfo['type'];
934			break;
935			}
936			}
937
938			?>

Project

General

Profile

pfSense