Project

General

Profile

Download (16 KB) Statistics
| Branch: | Tag: | Revision:

univnautes / usr / local / www / diag_ipsec.php @ a1b66bec

1
<?php
2
/* $Id$ */
3
/*
4
	diag_ipsec.php
5
	Copyright (C) 2004-2009 Scott Ullrich
6
	Copyright (C) 2008 Shrew Soft Inc <mgrooms@shrew.net>.
7
	All rights reserved.
8

    
9
	Parts of this code was originally based on vpn_ipsec_sad.php
10
	Copyright (C) 2003-2004 Manuel Kasper
11

    
12
	Redistribution and use in source and binary forms, with or without
13
	modification, are permitted provided that the following conditions are met:
14

    
15
	1. Redistributions of source code must retain the above copyright notice,
16
	   this list of conditions and the following disclaimer.
17

    
18
	2. Redistributions in binary form must reproduce the above copyright
19
	   notice, this list of conditions and the following disclaimer in the
20
	   documentation and/or other materials provided with the distribution.
21

    
22
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31
	POSSIBILITY OF SUCH DAMAGE.
32
*/
33

    
34
/*
35
	pfSense_MODULE:	ipsec
36
*/
37

    
38
##|+PRIV
39
##|*IDENT=page-status-ipsec
40
##|*NAME=Status: IPsec page
41
##|*DESCR=Allow access to the 'Status: IPsec' page.
42
##|*MATCH=diag_ipsec.php*
43
##|-PRIV
44

    
45

    
46
global $g;
47

    
48
$pgtitle = array(gettext("Status"),gettext("IPsec"));
49
$shortcut_section = "ipsec";
50

    
51
require("guiconfig.inc");
52
include("head.inc");
53
require("ipsec.inc");
54

    
55
if ($_GET['act'] == 'connect') {
56
	if (ctype_digit($_GET['ikeid'])) {
57
		mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
58
		mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid']));
59
	}
60
} else if ($_GET['act'] == 'ikedisconnect') {
61
	if (ctype_digit($_GET['ikeid'])) {
62
		if (!empty($_GET['ikesaid']) && ctype_digit($_GET['ikesaid']))
63
			mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']) . "[" . escapeshellarg($_GET['ikesaid']) . "]");
64
		else
65
			mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
66
	}
67
} else if ($_GET['act'] == 'childdisconnect') {
68
	if (ctype_digit($_GET['ikeid'])) {
69
		if (!empty($_GET['ikesaid']) && ctype_digit($_GET['ikesaid']))
70
			mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']) . "{" . escapeshellarg($_GET['ikesaid']) . "}");
71
	}
72
}
73

    
74
if (!is_array($config['ipsec']['phase1']))
75
    $config['ipsec']['phase1'] = array();
76

    
77
$a_phase1 = &$config['ipsec']['phase1'];
78

    
79
$status = ipsec_smp_dump_status();
80

    
81
?>
82

    
83
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?php echo $jsevents["body"]["onload"]; ?>">
84
<?php include("fbegin.inc"); ?>
85
<div id="inputerrors"></div>
86
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="status ipsec">
87
	<tr>
88
		<td>
89
<?php
90
			$tab_array = array();
91
			$tab_array[0] = array(gettext("Overview"), true, "diag_ipsec.php");
92
			$tab_array[1] = array(gettext("Leases"), false, "diag_ipsec_leases.php");
93
			$tab_array[2] = array(gettext("SAD"), false, "diag_ipsec_sad.php");
94
			$tab_array[3] = array(gettext("SPD"), false, "diag_ipsec_spd.php");
95
			$tab_array[4] = array(gettext("Logs"), false, "diag_logs_ipsec.php");
96
			display_top_tabs($tab_array);
97
?>
98
		</td>
99
	</tr>
100
	<tr>
101
		<td>
102
		<div id="mainarea">
103
		<table width="100%" border="0" cellpadding="6" cellspacing="0" class="tabcont sortable" summary="status">
104
		<thead>
105
			<tr>
106
				<th class="listhdrr nowrap"><?php echo gettext("Description");?></th>
107
				<th class="listhdrr nowrap"><?php echo gettext("Local ID");?></th>
108
				<th class="listhdrr nowrap"><?php echo gettext("Local IP");?></th>
109
				<th class="listhdrr nowrap"><?php echo gettext("Remote ID");?></th>
110
				<th class="listhdrr nowrap"><?php echo gettext("Remote IP");?></th>
111
				<th class="listhdrr nowrap"><?php echo gettext("Role");?></th>
112
				<th class="listhdrr nowrap"><?php echo gettext("Reauth");?></th>
113
				<th class="listhdrr nowrap"><?php echo gettext("Algo");?></th>
114
				<th class="listhdrr nowrap"><?php echo gettext("Status");?></th>
115
				<th class="list nowrap"></th>
116
			</tr>
117
		</thead>
118
		<tbody>
119
<?php
120
	$ipsecconnected = array();
121
	if (is_array($status['query']) && is_array($status['query']['ikesalist']) && is_array($status['query']['ikesalist']['ikesa'])):
122
		foreach ($status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa):
123
			$con_id = substr($ikesa['peerconfig'], 3);
124
			$ipsecconnected[$con_id] = $con_id;
125

    
126
			if (ipsec_phase1_status($status['query']['ikesalist']['ikesa'], $ikesa['id']))
127
				$icon = "pass";
128
			elseif (!isset($config['ipsec']['enable']))
129
				$icon = "block";
130
			else
131
				$icon = "reject";
132
?>
133
			<tr>
134
				<td class="listlr">
135
<?php
136
					echo htmlspecialchars(ipsec_get_descr($con_id));
137
?>
138
				</td>
139
				<td class="listr">
140
<?php
141
				if (!is_array($ikesa['local']))
142
					echo gettext("Unknown");
143
				else {
144
					if (!empty($ikesa['local']['identification'])) {
145
						if ($ikesa['local']['identification'] == '%any')
146
							echo gettext('Any identifier');
147
						else
148
							echo htmlspecialchars($ikesa['local']['identification']);
149
					} else
150
						echo gettext("Unknown");
151
				}
152
?>
153
				</td>
154
				<td class="listr">
155
<?php
156
				if (!is_array($ikesa['local']))
157
					echo gettext("Unknown");
158
				else {
159
					if (!empty($ikesa['local']['address']))
160
						echo htmlspecialchars($ikesa['local']['address']) . '<br/>' .
161
							gettext('Port: ') . htmlspecialchars($ikesa['local']['port']);
162
					else
163
						echo gettext("Unknown");
164
					if ($ikesa['local']['port'] == '4500')
165
						echo " NAT-T";
166
				}
167
?>
168
				</td>
169
				<td class="listr">
170
<?php
171
				if (!is_array($ikesa['remote']))
172
					echo gettext("Unknown");
173
				else {
174
					$identity = "";
175
					if (!empty($ikesa['remote']['identification'])) {
176
						if ($ikesa['remote']['identification'] == '%any')
177
							$identity = 'Any identifier';
178
						else
179
							$identity = htmlspecialchars($ikesa['remote']['identification']);
180
					}
181

    
182
					if (is_array($ikesa['remote']['auth']) && !empty($ikesa['remote']['auth'][0]['identity'])) {
183
						echo htmlspecialchars($ikesa['remote']['auth'][0]['identity']);
184
						echo "<br/>{$identity}";
185
					} else {
186
						if (empty($identity))
187
							echo gettext("Unknown");
188
						else
189
							echo $identity;
190
					}
191
				}
192
?>
193
				</td>
194
				<td class="listr">
195
<?php
196
				if (!is_array($ikesa['remote']))
197
					echo gettext("Unknown");
198
				else {
199
					if (!empty($ikesa['remote']['address']))
200
						echo htmlspecialchars($ikesa['remote']['address']) . '<br/>' .
201
							gettext('Port: ') . htmlspecialchars($ikesa['remote']['port']);
202
					else
203
						echo gettext("Unknown");
204
					if ($ikesa['remote']['port'] == '4500')
205
						echo " NAT-T";
206
				}
207
?>
208
				</td>
209
				<td class="listr">
210
					IKEv<?php echo htmlspecialchars($ikesa['version']);?>
211
					<br/>
212
<?php
213
					echo htmlspecialchars($ikesa['role']);
214
?>
215
				</td>
216
				<td class="listr">
217
<?php
218
					echo htmlspecialchars($ikesa['reauth']);
219
?>
220
				</td>
221
				<td class="listr">
222
<?php
223
					echo htmlspecialchars($ikesa['encalg']);
224
					echo "<br/>";
225
					echo htmlspecialchars($ikesa['intalg']);
226
					echo "<br/>";
227
					echo htmlspecialchars($ikesa['prfalg']);
228
					echo "<br/>";
229
					echo htmlspecialchars($ikesa['dhgroup']);
230
?>
231
				</td>
232
				<td class="listr">
233
					<center>
234
						<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_<?php echo $icon; ?>.gif" title="<?php echo $ikesa['status']; ?>" alt=""/>
235
						<br/><?php echo htmlspecialchars($ikesa['status']);?>
236
						<br/><?php echo htmlspecialchars($ikesa['established']);?>
237
					</center>
238
				</td>
239
				<td >
240
<?php
241
				if ($icon != "pass"):
242
?>
243
					<center>
244
						<a href="diag_ipsec.php?act=connect&amp;ikeid=<?php echo $con_id; ?>">
245
						<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_start.gif" alt=<?php echo gettext("Connect VPN");?> title=<?php echo gettext("Connect VPN");?> border="0"/>
246
						</a>
247
					</center>
248
<?php
249
				else:
250
?>
251
					<center>
252
						<a href="diag_ipsec.php?act=ikedisconnect&amp;ikeid=<?php echo $con_id; ?>">
253
						<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_stop.gif" alt=<?php echo gettext("Disconnect VPN");?> title=<?php echo gettext("Disconnect VPN");?> border="0"/>
254
						</a>
255
						<a href="diag_ipsec.php?act=ikedisconnect&amp;ikeid=<?php echo $con_id; ?>&amp;ikesaid=<?php echo $ikesa['id']; ?>">
256
						<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" alt=<?php echo gettext("Disconnect VPN Connection");?> title=<?php echo gettext("Disconnect VPN Connection");?> border="0"/>
257
						</a>
258
					</center>
259
<?php
260
				endif;
261
?>
262
				</td>
263
				<td valign="middle" class="list nowrap">
264
					<table border="0" cellspacing="0" cellpadding="1" summary="">
265
					</table>
266
				</td>
267
			</tr>
268
<?php
269
			if (is_array($ikesa['childsalist'])):
270
?>
271
			<tr>
272
				<td class="listrborder" colspan="9">
273
				<div id="btnchildsa-<?=$ikeid;?>">
274
					<input  type="button" onclick="show_childsa('childsa-<?=$ikeid;?>','btnchildsa-<?=$ikeid;?>');" value="+" /> - Show child SA entries
275
				</div>
276
				<table class="tabcont" width="100%" height="100%" border="0" cellspacing="0" cellpadding="0" id="childsa-<?=$ikeid;?>" style="display:none" summary="">
277
					<thead>
278
						<tr>
279
							<th class="listhdrr nowrap"><?php echo gettext("Local subnets");?></th>
280
							<th class="listhdrr nowrap"><?php echo gettext("Local SPI(s)");?></th>
281
							<th class="listhdrr nowrap"><?php echo gettext("Remote subnets");?></th>
282
							<th class="listhdrr nowrap"><?php echo gettext("Times");?></th>
283
							<th class="listhdrr nowrap"><?php echo gettext("Algo");?></th>
284
							<th class="listhdrr nowrap"><?php echo gettext("Stats");?></th>
285
						</tr>
286
					</thead>
287
					<tbody>
288
<?php
289
				if (is_array($ikesa['childsalist']['childsa'])):
290
					foreach ($ikesa['childsalist']['childsa'] as $childsa):
291
?>
292
						<tr valign="top">
293
							<td class="listlr nowrap">
294
<?php
295
							if (is_array($childsa['local']) &&
296
							    is_array($childsa['local']['networks']) &&
297
							    is_array($childsa['local']['networks']['network']))
298
								foreach ($childsa['local']['networks']['network'] as $lnets)
299
									echo htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />";
300
							else
301
								echo gettext("Unknown");
302
?>
303
							</td>
304
							<td class="listr nowrap">
305
<?php
306
							if (is_array($childsa['local']))
307
								echo gettext("Local: ") . htmlspecialchars($childsa['local']['spi']);
308
							if (is_array($childsa['remote']))
309
								echo "<br/>" . gettext("Remote: ") . htmlspecialchars($childsa['remote']['spi']);
310
?>
311
							</td>
312
							<td class="listr nowrap">
313
<?php
314
							if (is_array($childsa['remote']) &&
315
							    is_array($childsa['remote']['networks']) &&
316
							    is_array($childsa['remote']['networks']['network']))
317
								foreach ($childsa['remote']['networks']['network'] as $rnets)
318
									echo htmlspecialchars(ipsec_fixup_network($rnets)) . "<br />";
319
							else
320
								echo gettext("Unknown");
321
?>
322
							</td>
323
							<td class="listr nowrap">
324
<?php
325
								echo gettext("Rekey: ") . htmlspecialchars($childsa['rekey']);
326
								echo "<br/>" . gettext("Life: ") . htmlspecialchars($childsa['lifetime']);
327
								echo "<br/>" . gettext("Install: ") .htmlspecialchars($childsa['installtime']);
328

    
329
?>
330
							</td>
331
							<td class="listr nowrap">
332
<?php
333
								echo htmlspecialchars($childsa['encalg']);
334
								echo "<br/>";
335
								echo htmlspecialchars($childsa['intalg']);
336
								echo "<br/>";
337
								if (!empty($childsa['prfalg'])) {
338
									echo htmlspecialchars($childsa['prfalg']);
339
									echo "<br/>";
340
								}
341
								if (!empty($childsa['dhgroup'])) {
342
									echo htmlspecialchars($childsa['dhgroup']);
343
									echo "<br/>";
344
								}
345
								if (!empty($childsa['esn'])) {
346
									echo htmlspecialchars($childsa['esn']);
347
									echo "<br/>";
348
								}
349
								echo gettext("IPComp: ") . htmlspecialchars($childsa['ipcomp']);
350
?>
351
							</td>
352
							<td class="listr nowrap">
353
<?php
354
								echo gettext("Bytes-In: ") . htmlspecialchars($childsa['bytesin']);
355
								echo "<br/>";
356
								echo gettext("Packets-In: ") . htmlspecialchars($childsa['packetsin']);
357
								echo "<br/>";
358
								echo gettext("Bytes-Out: ") . htmlspecialchars($childsa['bytesout']);
359
								echo "<br/>";
360
								echo gettext("Packets-Out: ") . htmlspecialchars($childsa['packetsout']);
361
?>
362
							</td>
363
							<td>
364
								<center>
365
									<a href="diag_ipsec.php?act=childdisconnect&amp;ikeid=<?php echo $con_id; ?>&amp;ikesaid=<?php echo $childsa['reqid']; ?>">
366
									<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" alt=<?php echo gettext("Disconnect Child SA");?> title=<?php echo gettext("Disconnect Child SA");?> border="0"/>
367
									</a>
368
								</center>
369
							</td>
370
							<td class="list nowrap">
371
								&nbsp;
372
							</td>
373
						</tr>
374
<?php
375
					endforeach;
376
				endif;
377
?>
378
						<tr style="display:none;"><td></td></tr>
379
					</tbody>
380
				</table>
381
				</td>
382
			</tr>
383
<?php
384
			endif;
385

    
386
			unset($con_id);
387
		endforeach;
388
	endif;
389

    
390
	$rgmap = array();
391
	foreach ($a_phase1 as $ph1ent):
392
		if (isset($ph1ent['disabled']))
393
			continue;
394
		$rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway'];
395
		if ($ipsecconnected[$ph1ent['ikeid']])
396
			continue;
397
?>
398
			<tr>
399
				<td class="listlr">
400
<?php
401
					echo htmlspecialchars($ph1ent['descr']);
402
?>
403
				</td>
404
				<td class="listr">
405
<?php
406
				list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
407
				if (empty($myid_data))
408
					echo gettext("Unknown");
409
				else
410
					echo htmlspecialchars($myid_data);
411
?>
412
				</td>
413
				<td class="listr">
414
<?php
415
				$ph1src = ipsec_get_phase1_src($ph1ent);
416
				if (empty($ph1src))
417
					echo gettext("Unknown");
418
				else
419
					echo htmlspecialchars($ph1src);
420
?>
421
				</td>
422
				<td class="listr">
423
<?php
424
				list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
425
				if (empty($peerid_data))
426
					echo gettext("Unknown");
427
				else
428
					echo htmlspecialchars($peerid_data);
429
?>
430
				</td>
431
				<td class="listr">
432
<?php
433
				$ph1src = ipsec_get_phase1_dst($ph1ent);
434
				if (empty($ph1src))
435
					echo gettext("Unknown");
436
				else
437
					echo htmlspecialchars($ph1src);
438
?>
439
				</td>
440
				<td class="listr" >
441
				</td>
442
				<td class="listr" >
443
				</td>
444
				<td class="listr" >
445
				</td>
446
<?php
447
			if (isset($ph1ent['mobile'])):
448
?>
449
				<td class="listr">
450
					<center>
451
						<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_pass.gif" title=<?php echo gettext("Awaiting connections");?> alt=""/>
452
						<br/><?php echo gettext("Awaiting connections");?>
453
					</center>
454
				</td>
455
				<td valign="middle" class="list nowrap">
456
					<table border="0" cellspacing="0" cellpadding="1" summary="">
457
					</table>
458
				</td>
459
<?php
460
			else:
461
?>
462
				<td class="listr">
463
					<center>
464
						<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_reject.gif" title=<?php echo gettext("Disconnected");?> alt=""/>
465
						<br/><?php echo gettext("Disconnected");?>
466
					</center>
467
				</td>
468
				<td >
469
					<center>
470
						<a href="diag_ipsec.php?act=connect&amp;ikeid=<?php echo $ph1ent['ikeid']; ?>">
471
						<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_start.gif" alt=<?php echo gettext("Connect VPN");?> title=<?php echo gettext("Connect VPN");?> border="0"/>
472
						</a>
473
					</center>
474
				</td>
475
<?php
476
			endif;
477
?>
478
				<td valign="middle" class="list nowrap">
479
					<table border="0" cellspacing="0" cellpadding="1" summary="">
480
					</table>
481
				</td>
482
			</tr>
483
<?php
484
	endforeach;
485
	unset($ipsecconnected, $phase1, $rgmap);
486
?>
487
			<tr style="display:none;"><td></td></tr>
488
		</tbody>
489
		</table>
490
	</div>
491
	</td>
492
	</tr>
493
</table>
494

    
495
<p class="vexpl">
496
	<span class="red">
497
		<strong><?php echo gettext("Note:");?><br /></strong>
498
	</span>
499
	<?php echo gettext("You can configure IPsec");?>
500
	<a href="vpn_ipsec.php">here</a>.
501
</p>
502
<?php unset($status); include("fend.inc"); ?>
503
<script type="text/javascript">
504
//<![CDATA[
505
function show_childsa(id, buttonid) {
506
	document.getElementById(buttonid).innerHTML='';
507
	aodiv = document.getElementById(id);
508
	aodiv.style.display = "block";
509
}
510
//]]>
511
</script>
512
</body>
513
</html>
(14-14/256)