1 |
cf7d1057
|
Scott Ullrich
|
<?php
|
2 |
|
|
/* $Id$ */
|
3 |
|
|
/*
|
4 |
|
|
diag_ipsec.php
|
5 |
13d193c2
|
Scott Ullrich
|
Copyright (C) 2004-2009 Scott Ullrich
|
6 |
a93e56c5
|
Matthew Grooms
|
Copyright (C) 2008 Shrew Soft Inc <mgrooms@shrew.net>.
|
7 |
cf7d1057
|
Scott Ullrich
|
All rights reserved.
|
8 |
|
|
|
9 |
|
|
Parts of this code was originally based on vpn_ipsec_sad.php
|
10 |
|
|
Copyright (C) 2003-2004 Manuel Kasper
|
11 |
|
|
|
12 |
|
|
Redistribution and use in source and binary forms, with or without
|
13 |
|
|
modification, are permitted provided that the following conditions are met:
|
14 |
|
|
|
15 |
|
|
1. Redistributions of source code must retain the above copyright notice,
|
16 |
|
|
this list of conditions and the following disclaimer.
|
17 |
|
|
|
18 |
|
|
2. Redistributions in binary form must reproduce the above copyright
|
19 |
|
|
notice, this list of conditions and the following disclaimer in the
|
20 |
|
|
documentation and/or other materials provided with the distribution.
|
21 |
|
|
|
22 |
|
|
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
23 |
|
|
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
24 |
|
|
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
25 |
|
|
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
26 |
|
|
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
27 |
|
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
28 |
|
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
29 |
|
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
30 |
|
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
31 |
|
|
POSSIBILITY OF SUCH DAMAGE.
|
32 |
|
|
*/
|
33 |
|
|
|
34 |
13d193c2
|
Scott Ullrich
|
/*
|
35 |
|
|
pfSense_MODULE: ipsec
|
36 |
|
|
*/
|
37 |
|
|
|
38 |
6b07c15a
|
Matthew Grooms
|
##|+PRIV
|
39 |
|
|
##|*IDENT=page-status-ipsec
|
40 |
|
|
##|*NAME=Status: IPsec page
|
41 |
|
|
##|*DESCR=Allow access to the 'Status: IPsec' page.
|
42 |
|
|
##|*MATCH=diag_ipsec.php*
|
43 |
|
|
##|-PRIV
|
44 |
|
|
|
45 |
|
|
|
46 |
a93e56c5
|
Matthew Grooms
|
global $g;
|
47 |
|
|
|
48 |
f8ec8de4
|
Renato Botelho
|
$pgtitle = array(gettext("Status"),gettext("IPsec"));
|
49 |
b32dd0a6
|
jim-p
|
$shortcut_section = "ipsec";
|
50 |
cf7d1057
|
Scott Ullrich
|
|
51 |
|
|
require("guiconfig.inc");
|
52 |
|
|
include("head.inc");
|
53 |
483e6de8
|
Scott Ullrich
|
require("ipsec.inc");
|
54 |
a93e56c5
|
Matthew Grooms
|
|
55 |
17402c63
|
Ermal
|
if ($_GET['act'] == 'connect') {
|
56 |
|
|
if (ctype_digit($_GET['ikeid'])) {
|
57 |
|
|
mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
|
58 |
|
|
mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid']));
|
59 |
6e8b0ec3
|
jim-p
|
}
|
60 |
17402c63
|
Ermal
|
} else if ($_GET['act'] == 'ikedisconnect') {
|
61 |
|
|
if (ctype_digit($_GET['ikeid'])) {
|
62 |
|
|
mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
|
63 |
614be051
|
bcyrill
|
}
|
64 |
17402c63
|
Ermal
|
} else if ($_GET['act'] == 'disconnect') {
|
65 |
6e0b68bf
|
jim-p
|
if (!empty($_GET['user'])) {
|
66 |
|
|
ipsec_disconnect_mobile($_GET['user']);
|
67 |
|
|
sleep(1);
|
68 |
|
|
$savemsg = gettext("Disconnected user") . " " . $_GET['user'];
|
69 |
|
|
}
|
70 |
|
|
}
|
71 |
|
|
|
72 |
a93e56c5
|
Matthew Grooms
|
if (!is_array($config['ipsec']['phase2']))
|
73 |
|
|
$config['ipsec']['phase2'] = array();
|
74 |
|
|
|
75 |
|
|
$a_phase2 = &$config['ipsec']['phase2'];
|
76 |
|
|
|
77 |
df0878b0
|
Ermal
|
$status = ipsec_smp_dump_status();
|
78 |
a93e56c5
|
Matthew Grooms
|
|
79 |
cf7d1057
|
Scott Ullrich
|
?>
|
80 |
|
|
|
81 |
6e0b68bf
|
jim-p
|
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?php echo $jsevents["body"]["onload"]; ?>">
|
82 |
cf7d1057
|
Scott Ullrich
|
<?php include("fbegin.inc"); ?>
|
83 |
|
|
<div id="inputerrors"></div>
|
84 |
a8590dd6
|
Colin Fleming
|
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="status ipsec">
|
85 |
cf7d1057
|
Scott Ullrich
|
<tr>
|
86 |
a93e56c5
|
Matthew Grooms
|
<td>
|
87 |
|
|
<?php
|
88 |
|
|
$tab_array = array();
|
89 |
f8ec8de4
|
Renato Botelho
|
$tab_array[0] = array(gettext("Overview"), true, "diag_ipsec.php");
|
90 |
|
|
$tab_array[1] = array(gettext("SAD"), false, "diag_ipsec_sad.php");
|
91 |
|
|
$tab_array[2] = array(gettext("SPD"), false, "diag_ipsec_spd.php");
|
92 |
|
|
$tab_array[3] = array(gettext("Logs"), false, "diag_logs_ipsec.php");
|
93 |
a93e56c5
|
Matthew Grooms
|
display_top_tabs($tab_array);
|
94 |
|
|
?>
|
95 |
331aa57b
|
Scott Ullrich
|
</td>
|
96 |
cf7d1057
|
Scott Ullrich
|
</tr>
|
97 |
a93e56c5
|
Matthew Grooms
|
<tr>
|
98 |
6e0b68bf
|
jim-p
|
<td>
|
99 |
c7fbdd6c
|
Ermal
|
<div id="mainarea">
|
100 |
a8590dd6
|
Colin Fleming
|
<table width="100%" border="0" cellpadding="6" cellspacing="0" class="tabcont sortable" summary="status">
|
101 |
c7fbdd6c
|
Ermal
|
<thead>
|
102 |
|
|
<tr>
|
103 |
a8590dd6
|
Colin Fleming
|
<th class="listhdrr nowrap"><?php echo gettext("Description");?></th>
|
104 |
|
|
<th class="listhdrr nowrap"><?php echo gettext("Local ID");?></th>
|
105 |
|
|
<th class="listhdrr nowrap"><?php echo gettext("Local IP");?></th>
|
106 |
|
|
<th class="listhdrr nowrap"><?php echo gettext("Remote ID");?></th>
|
107 |
|
|
<th class="listhdrr nowrap"><?php echo gettext("Remote IP");?></th>
|
108 |
|
|
<th class="listhdrr nowrap"><?php echo gettext("Role");?></th>
|
109 |
|
|
<th class="listhdrr nowrap"><?php echo gettext("Status");?></th>
|
110 |
17402c63
|
Ermal
|
<td class="list nowrap"></td>
|
111 |
c7fbdd6c
|
Ermal
|
</tr>
|
112 |
|
|
</thead>
|
113 |
|
|
<tbody>
|
114 |
|
|
<?php
|
115 |
|
|
if (is_array($status['query']) && is_array($status['query']['ikesalist']) && is_array($status['query']['ikesalist']['ikesa'])) {
|
116 |
|
|
foreach ($status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa) {
|
117 |
17402c63
|
Ermal
|
if (ipsec_phase1_status($status['query']['ikesalist']['ikesa'], $ikesa['id'])) {
|
118 |
|
|
$icon = "pass";
|
119 |
|
|
} elseif(!isset($config['ipsec']['enable'])) {
|
120 |
|
|
$icon = "block";
|
121 |
|
|
} else {
|
122 |
|
|
$icon = "reject";
|
123 |
|
|
}
|
124 |
c7fbdd6c
|
Ermal
|
?>
|
125 |
|
|
<tr>
|
126 |
|
|
<td class="listlr">
|
127 |
17402c63
|
Ermal
|
<?php echo "({$ikesa['id']}) " . htmlspecialchars(ipsec_get_descr($ikesa['id']));?>
|
128 |
c7fbdd6c
|
Ermal
|
</td>
|
129 |
|
|
<td class="listr">
|
130 |
|
|
<?php if (!is_array($ikesa['local']))
|
131 |
|
|
echo "Unknown";
|
132 |
|
|
else {
|
133 |
|
|
if (!empty($ikesa['local']['identification']))
|
134 |
17402c63
|
Ermal
|
echo htmlspecialchars($ikesa['local']['identification']);
|
135 |
c7fbdd6c
|
Ermal
|
else
|
136 |
|
|
echo 'Unknown';
|
137 |
|
|
}
|
138 |
|
|
?>
|
139 |
|
|
</td>
|
140 |
|
|
<td class="listr">
|
141 |
|
|
<?php if (!is_array($ikesa['local']))
|
142 |
|
|
echo "Unknown";
|
143 |
|
|
else {
|
144 |
|
|
if (!empty($ikesa['local']['address']))
|
145 |
|
|
echo htmlspecialchars($ikesa['local']['address']) . ':' . htmlspecialchars($ikesa['local']['port']);
|
146 |
|
|
else
|
147 |
|
|
echo 'Unknown';
|
148 |
17402c63
|
Ermal
|
if ($ikesa['local']['nat'] != 'false')
|
149 |
c7fbdd6c
|
Ermal
|
echo " NAT-T";
|
150 |
|
|
}
|
151 |
|
|
?>
|
152 |
|
|
</td>
|
153 |
|
|
<td class="listr">
|
154 |
|
|
<?php if (!is_array($ikesa['remote']))
|
155 |
|
|
echo "Unknown";
|
156 |
|
|
else {
|
157 |
|
|
if (!empty($ikesa['remote']['identification']))
|
158 |
17402c63
|
Ermal
|
echo htmlspecialchars($ikesa['remote']['identification']);
|
159 |
c7fbdd6c
|
Ermal
|
else
|
160 |
|
|
echo 'Unknown';
|
161 |
|
|
}
|
162 |
|
|
?>
|
163 |
|
|
</td>
|
164 |
|
|
<td class="listr">
|
165 |
|
|
<?php if (!is_array($ikesa['remote']))
|
166 |
|
|
echo "Unknown";
|
167 |
|
|
else {
|
168 |
|
|
if (!empty($ikesa['remote']['address']))
|
169 |
|
|
echo htmlspecialchars($ikesa['remote']['address']) . ':' . htmlspecialchars($ikesa['remote']['port']);
|
170 |
|
|
else
|
171 |
|
|
echo 'Unknown';
|
172 |
17402c63
|
Ermal
|
if ($ikesa['remote']['nat'] != 'false')
|
173 |
c7fbdd6c
|
Ermal
|
echo " NAT-T";
|
174 |
|
|
}
|
175 |
|
|
?>
|
176 |
|
|
</td>
|
177 |
|
|
<td class="listr">
|
178 |
|
|
<?php echo htmlspecialchars($ikesa['role']);?>
|
179 |
|
|
</td>
|
180 |
|
|
<td class="listr">
|
181 |
17402c63
|
Ermal
|
<center>
|
182 |
|
|
<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_<?php echo $icon; ?>.gif" title="<?php echo $ikesa['status']; ?>" alt=""/>
|
183 |
|
|
<br/><?php echo htmlspecialchars($ikesa['status']);?>
|
184 |
|
|
</center>
|
185 |
c7fbdd6c
|
Ermal
|
</td>
|
186 |
17402c63
|
Ermal
|
<td >
|
187 |
|
|
<?php if ($icon != "pass"): ?>
|
188 |
|
|
<center>
|
189 |
|
|
<a href="diag_ipsec.php?act=connect&ikeid=<?php echo $ikesa['id']; ?>">
|
190 |
|
|
<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_start.gif" alt="Connect VPN" title="Connect VPN" border="0"/>
|
191 |
|
|
</a>
|
192 |
|
|
</center>
|
193 |
|
|
<?php else: ?>
|
194 |
|
|
<center>
|
195 |
|
|
<a href="diag_ipsec.php?act=ikedisconnect&ikeid=<?php echo $ikesa['id']; ?>">
|
196 |
|
|
<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_stop.gif" alt="Disconnect VPN" title="Disconnect VPN" border="0"/>
|
197 |
|
|
</a>
|
198 |
|
|
</center>
|
199 |
|
|
<?php endif; ?>
|
200 |
c7fbdd6c
|
Ermal
|
</td>
|
201 |
a8590dd6
|
Colin Fleming
|
<td valign="middle" class="list nowrap">
|
202 |
|
|
<table border="0" cellspacing="0" cellpadding="1" summary="">
|
203 |
c7fbdd6c
|
Ermal
|
</table>
|
204 |
|
|
</td>
|
205 |
|
|
</tr>
|
206 |
|
|
<?php if (is_array($ikesa['childsalist'])): ?>
|
207 |
|
|
<tr>
|
208 |
|
|
<td class="listrborder" colspan="7">
|
209 |
|
|
<div id="btnchildsa-<?=$ikeid;?>">
|
210 |
a8590dd6
|
Colin Fleming
|
<input type="button" onclick="show_childsa('childsa-<?=$ikeid;?>','btnchildsa-<?=$ikeid;?>');" value="+" /> - Show child SA entries
|
211 |
c7fbdd6c
|
Ermal
|
</div>
|
212 |
a8590dd6
|
Colin Fleming
|
<table class="tabcont" width="100%" height="100%" border="0" cellspacing="0" cellpadding="0" id="childsa-<?=$ikeid;?>" style="display:none" summary="">
|
213 |
c7fbdd6c
|
Ermal
|
<thead>
|
214 |
a93e56c5
|
Matthew Grooms
|
<tr>
|
215 |
a8590dd6
|
Colin Fleming
|
<th class="listhdrr nowrap"><?php echo gettext("Local subnets");?></th>
|
216 |
|
|
<th class="listhdrr nowrap"><?php echo gettext("Local SPI");?></th>
|
217 |
|
|
<th class="listhdrr nowrap"><?php echo gettext("Remote SPI");?></th>
|
218 |
|
|
<th class="listhdrr nowrap"><?php echo gettext("Remote subnets");?></th>
|
219 |
a93e56c5
|
Matthew Grooms
|
</tr>
|
220 |
c7fbdd6c
|
Ermal
|
</thead>
|
221 |
|
|
<tbody>
|
222 |
|
|
<?php
|
223 |
|
|
if (is_array($ikesa['childsalist']['childsa'])) {
|
224 |
|
|
foreach ($ikesa['childsalist']['childsa'] as $childsa) {
|
225 |
|
|
?>
|
226 |
|
|
<tr valign="top">
|
227 |
a8590dd6
|
Colin Fleming
|
<td class="listlr nowrap">
|
228 |
c7fbdd6c
|
Ermal
|
<?php if (is_array($childsa['local']) && is_array($childsa['local']['networks']) && is_array($childsa['local']['networks']['network'])) {
|
229 |
|
|
foreach ($childsa['local']['networks']['network'] as $lnets) {
|
230 |
8cd558b6
|
ayvis
|
echo htmlspecialchars($lnets) . "<br />";
|
231 |
c7fbdd6c
|
Ermal
|
}
|
232 |
|
|
} else
|
233 |
|
|
echo "Unknown";
|
234 |
|
|
?>
|
235 |
a93e56c5
|
Matthew Grooms
|
</td>
|
236 |
a8590dd6
|
Colin Fleming
|
<td class="listr nowrap">
|
237 |
c7fbdd6c
|
Ermal
|
<?php if (is_array($childsa['local']))
|
238 |
|
|
echo htmlspecialchars($childsa['local']['spi']);
|
239 |
|
|
?>
|
240 |
a93e56c5
|
Matthew Grooms
|
</td>
|
241 |
a8590dd6
|
Colin Fleming
|
<td class="listr nowrap">
|
242 |
c7fbdd6c
|
Ermal
|
<?php if (is_array($childsa['remote']))
|
243 |
|
|
echo htmlspecialchars($childsa['remote']['spi']);
|
244 |
|
|
?>
|
245 |
a93e56c5
|
Matthew Grooms
|
</td>
|
246 |
6186c00a
|
Renato Botelho
|
<td class="listr nowrap">
|
247 |
c7fbdd6c
|
Ermal
|
<?php if (is_array($childsa['remote']) && is_array($childsa['remote']['networks']) && is_array($childsa['remote']['networks']['network'])) {
|
248 |
|
|
foreach ($childsa['remote']['networks']['network'] as $rnets) {
|
249 |
8cd558b6
|
ayvis
|
echo htmlspecialchars($rnets) . "<br />";
|
250 |
c7fbdd6c
|
Ermal
|
}
|
251 |
|
|
} else
|
252 |
|
|
echo "Unknown";
|
253 |
|
|
?>
|
254 |
a93e56c5
|
Matthew Grooms
|
</td>
|
255 |
a8590dd6
|
Colin Fleming
|
<td class="list nowrap">
|
256 |
c7fbdd6c
|
Ermal
|
|
257 |
6e8b0ec3
|
jim-p
|
</td>
|
258 |
a93e56c5
|
Matthew Grooms
|
</tr>
|
259 |
c7fbdd6c
|
Ermal
|
<?php } } ?>
|
260 |
a8590dd6
|
Colin Fleming
|
<tr style="display:none;"><td></td></tr>
|
261 |
c7fbdd6c
|
Ermal
|
</tbody>
|
262 |
a93e56c5
|
Matthew Grooms
|
</table>
|
263 |
c7fbdd6c
|
Ermal
|
</td>
|
264 |
|
|
</tr>
|
265 |
|
|
<?php endif;
|
266 |
|
|
}
|
267 |
|
|
}
|
268 |
|
|
?>
|
269 |
a8590dd6
|
Colin Fleming
|
<tr style="display:none;"><td></td></tr>
|
270 |
c7fbdd6c
|
Ermal
|
</tbody>
|
271 |
|
|
</table>
|
272 |
|
|
</div>
|
273 |
|
|
</td>
|
274 |
a93e56c5
|
Matthew Grooms
|
</tr>
|
275 |
cf7d1057
|
Scott Ullrich
|
</table>
|
276 |
0f78d3ad
|
Scott Ullrich
|
|
277 |
a8590dd6
|
Colin Fleming
|
<p class="vexpl">
|
278 |
0f78d3ad
|
Scott Ullrich
|
<span class="red">
|
279 |
6e0b68bf
|
jim-p
|
<strong><?php echo gettext("Note:");?><br /></strong>
|
280 |
0f78d3ad
|
Scott Ullrich
|
</span>
|
281 |
6e0b68bf
|
jim-p
|
<?php echo gettext("You can configure IPsec");?>
|
282 |
0f78d3ad
|
Scott Ullrich
|
<a href="vpn_ipsec.php">here</a>.
|
283 |
a8590dd6
|
Colin Fleming
|
</p>
|
284 |
c7fbdd6c
|
Ermal
|
<?php unset($status); include("fend.inc"); ?>
|
285 |
|
|
<script type="text/javascript">
|
286 |
a8590dd6
|
Colin Fleming
|
//<![CDATA[
|
287 |
c7fbdd6c
|
Ermal
|
function show_childsa(id, buttonid) {
|
288 |
|
|
document.getElementById(buttonid).innerHTML='';
|
289 |
|
|
aodiv = document.getElementById(id);
|
290 |
|
|
aodiv.style.display = "block";
|
291 |
|
|
}
|
292 |
a8590dd6
|
Colin Fleming
|
//]]>
|
293 |
c7fbdd6c
|
Ermal
|
</script>
|
294 |
cf7d1057
|
Scott Ullrich
|
</body>
|
295 |
|
|
</html>
|