1
|
<?php
|
2
|
/*
|
3
|
$Id$
|
4
|
Copyright 2007 Scott Dale
|
5
|
Part of pfSense widgets (https://www.pfsense.org)
|
6
|
originally based on m0n0wall (http://m0n0.ch/wall)
|
7
|
|
8
|
Copyright (C) 2004-2005 T. Lechat <dev@lechat.org>, Manuel Kasper <mk@neon1.net>
|
9
|
and Jonathan Watt <jwatt@jwatt.org>.
|
10
|
All rights reserved.
|
11
|
|
12
|
Redistribution and use in source and binary forms, with or without
|
13
|
modification, are permitted provided that the following conditions are met:
|
14
|
|
15
|
1. Redistributions of source code must retain the above copyright notice,
|
16
|
this list of conditions and the following disclaimer.
|
17
|
|
18
|
2. Redistributions in binary form must reproduce the above copyright
|
19
|
notice, this list of conditions and the following disclaimer in the
|
20
|
documentation and/or other materials provided with the distribution.
|
21
|
|
22
|
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
23
|
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
24
|
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
25
|
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
26
|
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
27
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
28
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
29
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
30
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
31
|
POSSIBILITY OF SUCH DAMAGE.
|
32
|
*/
|
33
|
|
34
|
$nocsrf = true;
|
35
|
|
36
|
require_once("guiconfig.inc");
|
37
|
require_once("functions.inc");
|
38
|
require_once("ipsec.inc");
|
39
|
|
40
|
if (isset($config['ipsec']['phase1'])){?>
|
41
|
<div> </div>
|
42
|
<?php
|
43
|
$tab_array = array();
|
44
|
$tab_array[0] = array("Overview", true, "ipsec-Overview");
|
45
|
$tab_array[1] = array("Tunnels", false, "ipsec-tunnel");
|
46
|
$tab_array[2] = array("Mobile", false, "ipsec-mobile");
|
47
|
display_widget_tabs($tab_array);
|
48
|
|
49
|
$spd = ipsec_dump_spd();
|
50
|
$sad = ipsec_dump_sad();
|
51
|
$mobile = ipsec_dump_mobile();
|
52
|
|
53
|
$activecounter = 0;
|
54
|
$inactivecounter = 0;
|
55
|
|
56
|
$ipsec_detail_array = array();
|
57
|
foreach ($config['ipsec']['phase2'] as $ph2ent){
|
58
|
if ($ph2ent['remoteid']['type'] == "mobile")
|
59
|
continue;
|
60
|
ipsec_lookup_phase1($ph2ent,$ph1ent);
|
61
|
$ipsecstatus = false;
|
62
|
|
63
|
$tun_disabled = "false";
|
64
|
$foundsrc = false;
|
65
|
$founddst = false;
|
66
|
|
67
|
if (isset($ph1ent['disabled']) || isset($ph2ent['disabled'])) {
|
68
|
$tun_disabled = "true";
|
69
|
continue;
|
70
|
}
|
71
|
|
72
|
if(ipsec_phase2_status($spd,$sad,$ph1ent,$ph2ent)) {
|
73
|
/* tunnel is up */
|
74
|
$iconfn = "true";
|
75
|
$activecounter++;
|
76
|
} else {
|
77
|
/* tunnel is down */
|
78
|
$iconfn = "false";
|
79
|
$inactivecounter++;
|
80
|
}
|
81
|
|
82
|
$ipsec_detail_array[] = array('src' => $ph1ent['interface'],
|
83
|
'dest' => $ph1ent['remote-gateway'],
|
84
|
'remote-subnet' => ipsec_idinfo_to_text($ph2ent['remoteid']),
|
85
|
'descr' => $ph2ent['descr'],
|
86
|
'status' => $iconfn,
|
87
|
'disabled' => $tun_disabled);
|
88
|
}
|
89
|
}
|
90
|
|
91
|
if (isset($config['ipsec']['phase2'])){ ?>
|
92
|
|
93
|
<div id="ipsec-Overview" style="display:block;background-color:#EEEEEE;">
|
94
|
<div>
|
95
|
<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="heading">
|
96
|
<tr>
|
97
|
<td class="listhdrr nowrap">Active Tunnels</td>
|
98
|
<td class="listhdrr nowrap">Inactive Tunnels</td>
|
99
|
<td class="listhdrr nowrap">Mobile Users</td>
|
100
|
</tr>
|
101
|
<tr>
|
102
|
<td class="listlr"><?php echo $activecounter; ?></td>
|
103
|
<td class="listr"><?php echo $inactivecounter; ?></td>
|
104
|
<td class="listr"><?php if (is_array($mobile['pool'])) echo htmlspecialchars($mobile['pool'][0]['usage']); else echo 0; ?></td>
|
105
|
</tr>
|
106
|
</table>
|
107
|
</div>
|
108
|
</div>
|
109
|
|
110
|
<div id="ipsec-tunnel" style="display:none;background-color:#EEEEEE;">
|
111
|
<div style="padding: 10px">
|
112
|
<div style="display:table-row;">
|
113
|
<div class="widgetsubheader" style="display:table-cell;width:40px">Source</div>
|
114
|
<div class="widgetsubheader" style="display:table-cell;width:100px">Destination</div>
|
115
|
<div class="widgetsubheader" style="display:table-cell;width:90px">Description</div>
|
116
|
<div class="widgetsubheader" style="display:table-cell;width:30px">Status</div>
|
117
|
</div>
|
118
|
<div style="max-height:105px;overflow:auto;">
|
119
|
<?php
|
120
|
foreach ($ipsec_detail_array as $ipsec) :
|
121
|
|
122
|
if ($ipsec['disabled'] == "true"){
|
123
|
$spans = "<span class=\"gray\">";
|
124
|
$spane = "</span>";
|
125
|
}
|
126
|
else {
|
127
|
$spans = $spane = "";
|
128
|
}
|
129
|
|
130
|
?>
|
131
|
|
132
|
<div style="display:table-row;">
|
133
|
<div class="listlr" style="display:table-cell;width:39px">
|
134
|
<?php echo $spans;?>
|
135
|
<?php echo htmlspecialchars($ipsec['src']);?>
|
136
|
<?php echo $spane;?>
|
137
|
</div>
|
138
|
<div class="listr" style="display:table-cell;width:100px"><?php echo $spans;?>
|
139
|
<?php echo $ipsec['remote-subnet'];?>
|
140
|
<br />
|
141
|
(<?php echo htmlspecialchars($ipsec['dest']);?>)<?php echo $spane;?>
|
142
|
</div>
|
143
|
<div class="listr" style="display:table-cell;width:90px"><?php echo $spans;?><?php echo htmlspecialchars($ipsec['descr']);?><?php echo $spane;?></div>
|
144
|
<div class="listr" style="display:table-cell;width:37px" align="center"><?php echo $spans;?>
|
145
|
<?php
|
146
|
|
147
|
if($ipsec['status'] == "true") {
|
148
|
/* tunnel is up */
|
149
|
$iconfn = "interface_up";
|
150
|
} else {
|
151
|
/* tunnel is down */
|
152
|
$iconfn = "interface_down";
|
153
|
}
|
154
|
|
155
|
echo "<img src ='/themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' alt='Tunnel status' width='11' height='11' />";
|
156
|
|
157
|
?><?php echo $spane;?></div>
|
158
|
</div>
|
159
|
<?php endforeach; ?>
|
160
|
</div>
|
161
|
</div>
|
162
|
</div>
|
163
|
<div id="ipsec-mobile" style="display:none;background-color:#EEEEEE;">
|
164
|
<div style="padding: 10px">
|
165
|
<div style="display:table-row;">
|
166
|
<div class="widgetsubheader" style="display:table-cell;width:140px">User</div>
|
167
|
<div class="widgetsubheader" style="display:table-cell;width:130px">IP</div>
|
168
|
<div class="widgetsubheader" style="display:table-cell;width:30px">Status;</div>
|
169
|
</div>
|
170
|
<div style="max-height:105px;overflow:auto;">
|
171
|
<?php
|
172
|
if (is_array($mobile['pool'])):
|
173
|
foreach ($mobile['pool'] as $pool):
|
174
|
if (is_array($pool['lease'])):
|
175
|
foreach ($pool['lease'] as $muser) : ?>
|
176
|
<div style="display:table-row;">
|
177
|
<div class="listlr" style="display:table-cell;width:139px">
|
178
|
<?php echo htmlspecialchars($muser['id']);?><br />
|
179
|
</div>
|
180
|
<div class="listr" style="display:table-cell;width:130px">
|
181
|
<?php echo htmlspecialchars($muser['host']);?><br />
|
182
|
</div>
|
183
|
<div class="listr" style="display:table-cell;width:30px">
|
184
|
<?php echo htmlspecialchars($muser['status']);?><br/>
|
185
|
</div>
|
186
|
</div>
|
187
|
<?php
|
188
|
endforeach;
|
189
|
endif;
|
190
|
endforeach;
|
191
|
endif;
|
192
|
?>
|
193
|
</div>
|
194
|
</div>
|
195
|
</div>
|
196
|
<?php //end ipsec tunnel
|
197
|
}//end if tunnels are configured, else show code below
|
198
|
else { ?>
|
199
|
<div style="display:block">
|
200
|
<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="note">
|
201
|
<tr>
|
202
|
<td colspan="4">
|
203
|
<span class="vexpl">
|
204
|
<span class="red">
|
205
|
<strong>
|
206
|
Note: There are no configured IPsec Tunnels<br />
|
207
|
</strong>
|
208
|
</span>
|
209
|
You can configure your IPsec
|
210
|
<a href="vpn_ipsec.php">here</a>.
|
211
|
</span>
|
212
|
</td>
|
213
|
</tr>
|
214
|
</table>
|
215
|
</div>
|
216
|
<?php } ?>
|