/usr/local/www/vpn_ipsec_phase2.php - Annoter - UnivNautes - Redmine Entr’ouvert

univnautes / usr / local / www / vpn_ipsec_phase2.php @ c650b2f7

1	a93e56c5	Matthew Grooms	<?php
2			/*
3			vpn_ipsec_phase2.php
4			part of m0n0wall (http://m0n0.ch/wall)
5
6			Copyright (C) 2008 Shrew Soft Inc
7			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	6b07c15a	Matthew Grooms	##\|+PRIV
33			##\|*IDENT=page-vpn-ipsec-editphase2
34			##\|*NAME=VPN: IPsec: Edit Phase 2 page
35			##\|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
36			##\|MATCH=vpn_ipsec_phase2.php
37			##\|-PRIV
38
39	0f84b741	Scott Ullrich	require("functions.inc");
40	a93e56c5	Matthew Grooms	require("guiconfig.inc");
41	483e6de8	Scott Ullrich	require_once("ipsec.inc");
42			require_once("vpn.inc");
43	a93e56c5	Matthew Grooms
44	3462a529	Matthew Grooms	if (!is_array($config['ipsec']['client']))
45			$config['ipsec']['client'] = array();
46
47			$a_client = &$config['ipsec']['client'];
48
49	a93e56c5	Matthew Grooms	if (!is_array($config['ipsec']['phase2']))
50			$config['ipsec']['phase2'] = array();
51
52			$a_phase2 = &$config['ipsec']['phase2'];
53
54	9b915686	Ermal	if (!empty($_GET['p2index']))
55			$uindex = $_GET['p2index'];
56			if (!empty($_POST['uniqid']))
57			$uindex = $_POST['uniqid'];
58
59			if (!empty($_GET['dup']))
60			$uindex = $_GET['dup'];
61
62			$ph2found = false;
63			if (isset($uindex)) {
64			foreach ($a_phase2 as $p2index => $ph2) {
65			if ($ph2['uniqid'] == $uindex) {
66			$ph2found = true;
67			break;
68			}
69			}
70			}
71	a93e56c5	Matthew Grooms
72	9b915686	Ermal	if ($ph2found === true)
73	a93e56c5	Matthew Grooms	{
74	9b915686	Ermal	$pconfig['ikeid'] = $ph2['ikeid'];
75			$pconfig['disabled'] = isset($ph2['disabled']);
76			$pconfig['mode'] = $ph2['mode'];
77			$pconfig['descr'] = $ph2['descr'];
78			$pconfig['uniqid'] = $ph2['uniqid'];
79
80			if (!empty($ph2['natlocalid']))
81			idinfo_to_pconfig("natlocal",$ph2['natlocalid'],$pconfig);
82			idinfo_to_pconfig("local",$ph2['localid'],$pconfig);
83			idinfo_to_pconfig("remote",$ph2['remoteid'],$pconfig);
84
85			$pconfig['proto'] = $ph2['protocol'];
86			ealgos_to_pconfig($ph2['encryption-algorithm-option'],$pconfig);
87			$pconfig['halgos'] = $ph2['hash-algorithm-option'];
88			$pconfig['pfsgroup'] = $ph2['pfsgroup'];
89			$pconfig['lifetime'] = $ph2['lifetime'];
90			$pconfig['pinghost'] = $ph2['pinghost'];
91
92			if (isset($ph2['mobile']))
93	3462a529	Matthew Grooms	$pconfig['mobile'] = true;
94	a93e56c5	Matthew Grooms	}
95			else
96			{
97			$pconfig['ikeid'] = $_GET['ikeid'];
98
99			/* defaults */
100			$pconfig['localid_type'] = "lan";
101			$pconfig['remoteid_type'] = "network";
102			$pconfig['proto'] = "esp";
103			$pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes");
104			$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
105			$pconfig['pfsgroup'] = "0";
106			$pconfig['lifetime'] = "3600";
107	9b915686	Ermal	$pconfig['uniqid'] = uniqid();
108	3462a529	Matthew Grooms
109	9b915686	Ermal	/* mobile client */
110			if($_GET['mobile'])
111			$pconfig['mobile']=true;
112	a93e56c5	Matthew Grooms	}
113
114	9b915686	Ermal	unset($ph2);
115			if (!empty($_GET['dup'])) {
116			unset($uindex);
117	a93e56c5	Matthew Grooms	unset($p2index);
118	9b915686	Ermal	$pconfig['uniqid'] = uniqid();
119			}
120	a93e56c5	Matthew Grooms
121			if ($_POST) {
122
123			unset($input_errors);
124			$pconfig = $_POST;
125
126			if (!isset( $_POST['ikeid']))
127	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid ikeid must be specified.");
128	a93e56c5	Matthew Grooms
129			/* input validation */
130	c650b2f7	Ermal	$reqdfields = explode(" ", "localid_type uniqid");
131			$reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier"));
132	3462a529	Matthew Grooms	if (!isset($pconfig['mobile'])){
133			$reqdfields[] = "remoteid_type";
134	123929e0	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Remote network type");
135	3462a529	Matthew Grooms	}
136	a93e56c5	Matthew Grooms
137	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
138	a93e56c5	Matthew Grooms
139	3795d067	Seth Mos	if(($pconfig['mode'] == "tunnel") \|\| ($pconfig['mode'] == "tunnel6"))
140	4b96b367	mgrooms	{
141			switch ($pconfig['localid_type']) {
142			case "network":
143	184d50b5	Ermal Lu?i	if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) \|\| !is_numeric($pconfig['localid_netbits']))
144	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network bit count must be specified.");
145	4b96b367	mgrooms	case "address":
146			if (!$pconfig['localid_address'] \|\| !is_ipaddr($pconfig['localid_address']))
147	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid local network IP address must be specified.");
148	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel"))
149			$input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6");
150			elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6"))
151			$input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4");
152	4b96b367	mgrooms	break;
153			}
154	a5a483e0	jim-p	/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
155			if (is_array($config['interfaces'][$pconfig['localid_type']])) {
156			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
157			$address = get_interface_ip($pconfig['localid_type']);
158			$netbits = get_interface_subnet($pconfig['localid_type']);
159
160			if (empty($address) \|\| empty($netbits))
161			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
162			}
163	3c107b76	Ermal
164	72dd4f07	Ermal	if (!empty($pconfig['natlocalid_address'])) {
165	261e72f0	Ermal	switch ($pconfig['natlocalid_type']) {
166			case "network":
167			if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) \|\| !is_numeric($pconfig['natlocalid_netbits']))
168	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network bit count must be specified.");
169	8d1a9e58	Ermal	if ($pconfig['localid_type'] == "address")
170			$input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
171	261e72f0	Ermal	case "address":
172			if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address']))
173	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IP address must be specified.");
174	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel"))
175	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6");
176	e4ffca08	Renato Botelho	elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6"))
177	324e112d	Chris Buechler	$input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4");
178	261e72f0	Ermal	break;
179			}
180
181			if (is_array($config['interfaces'][$pconfig['natlocalid_type']])) {
182			// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
183			$address = get_interface_ip($pconfig['natlocalid_type']);
184			$netbits = get_interface_subnet($pconfig['natlocalid_type']);
185
186			if (empty($address) \|\| empty($netbits))
187			$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['natlocalid_type']) . " " . gettext("has no subnet.");
188			}
189	3c107b76	Ermal	}
190	a5a483e0	jim-p
191	4b96b367	mgrooms	switch ($pconfig['remoteid_type']) {
192			case "network":
193	184d50b5	Ermal Lu?i	if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) \|\| !is_numeric($pconfig['remoteid_netbits']))
194	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network bit count must be specified.");
195	4b96b367	mgrooms	case "address":
196			if (!$pconfig['remoteid_address'] \|\| !is_ipaddr($pconfig['remoteid_address']))
197	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid remote network IP address must be specified.");
198	e4ffca08	Renato Botelho	elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel"))
199			$input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6");
200			elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6"))
201			$input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4");
202	4b96b367	mgrooms	break;
203			}
204	a93e56c5	Matthew Grooms	}
205	538b6eb3	Evgeny Yurchenko	/* Validate enabled phase2's are not duplicates */
206	061f28bf	Evgeny Yurchenko	if (isset($pconfig['mobile'])){
207	538b6eb3	Evgeny Yurchenko	/* User is adding phase 2 for mobile phase1 */
208	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
209	9b915686	Ermal	if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) {
210	061f28bf	Evgeny Yurchenko	/* check duplicate localids only for mobile clents */
211	d83045b5	Ermal	$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
212	3da5c50d	Evgeny Yurchenko	$entered = array();
213			$entered['type'] = $pconfig['localid_type'];
214			if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
215			if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
216	d83045b5	Ermal	$entered_localid_data = ipsec_idinfo_to_cidr($entered, false, $pconfig['mode']);
217	b717f1bc	Evgeny Yurchenko	if ($localid_data == $entered_localid_data){
218	9b915686	Ermal	/* adding new p2 entry */
219			$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
220			break;
221	061f28bf	Evgeny Yurchenko	}
222			}
223			}
224	538b6eb3	Evgeny Yurchenko	}else{
225			/* User is adding phase 2 for site-to-site phase1 */
226			$input_error = 0;
227	b717f1bc	Evgeny Yurchenko	foreach($a_phase2 as $key => $name){
228	9b915686	Ermal	if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid'] && $pconfig['uniqid'] != $name['uniqid']) {
229	538b6eb3	Evgeny Yurchenko	/* check duplicate subnets only for given phase1 */
230	d83045b5	Ermal	$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
231			$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid'], false, $name['mode']);
232	3da5c50d	Evgeny Yurchenko	$entered_local = array();
233			$entered_local['type'] = $pconfig['localid_type'];
234			if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
235			if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
236	d83045b5	Ermal	$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
237	3da5c50d	Evgeny Yurchenko	$entered_remote = array();
238			$entered_remote['type'] = $pconfig['remoteid_type'];
239			if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
240			if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
241	d83045b5	Ermal	$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
242	3da5c50d	Evgeny Yurchenko	if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
243	9b915686	Ermal	/* adding new p2 entry */
244			$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
245			break;
246	538b6eb3	Evgeny Yurchenko	}
247			}
248			}
249			}
250	3462a529	Matthew Grooms
251	b20a5cdb	Pierre POMES	/* For ESP protocol, handle encryption algorithms */
252			if ( $pconfig['proto'] == "esp") {
253			$ealgos = pconfig_to_ealgos($pconfig);
254
255			if (!count($ealgos)) {
256			$input_errors[] = gettext("At least one encryption algorithm must be selected.");
257	c650b2f7	Ermal	} else {
258			if (empty($pconfig['halgo'])) {
259			foreach ($ealgos as $ealgo) {
260			if (!strpos($ealgo['name'], "gcm")) {
261			$input_errors[] = gettext("At least one hashing algorithm needs to be selected.");
262			break;
263			}
264			}
265			}
266	b20a5cdb	Pierre POMES	}
267	c650b2f7	Ermal
268	a93e56c5	Matthew Grooms	}
269			if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
270	123929e0	Carlos Eduardo Ramos	$input_errors[] = gettext("The P2 lifetime must be an integer.");
271	a93e56c5	Matthew Grooms	}
272
273			if (!$input_errors) {
274	3462a529	Matthew Grooms
275	9b915686	Ermal	$ph2ent = array();
276	3462a529	Matthew Grooms	$ph2ent['ikeid'] = $pconfig['ikeid'];
277	9b915686	Ermal	$ph2ent['uniqid'] = $pconfig['uniqid'];
278	4b96b367	mgrooms	$ph2ent['mode'] = $pconfig['mode'];
279	3462a529	Matthew Grooms	$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
280
281	3795d067	Seth Mos	if(($ph2ent['mode'] == "tunnel") \|\| ($ph2ent['mode'] == "tunnel6")){
282	72dd4f07	Ermal	if (!empty($pconfig['natlocalid_address']))
283	3c107b76	Ermal	$ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal",$pconfig);
284	4b96b367	mgrooms	$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
285			$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
286			}
287	3462a529	Matthew Grooms
288			$ph2ent['protocol'] = $pconfig['proto'];
289	a93e56c5	Matthew Grooms	$ph2ent['encryption-algorithm-option'] = $ealgos;
290	c650b2f7	Ermal	if (!empty($pconfig['halgos']))
291			$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
292			else
293			unset($ph2ent['hash-algorithm-option']);
294	3462a529	Matthew Grooms	$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
295			$ph2ent['lifetime'] = $pconfig['lifetime'];
296	87e07f52	mgrooms	$ph2ent['pinghost'] = $pconfig['pinghost'];
297	3462a529	Matthew Grooms	$ph2ent['descr'] = $pconfig['descr'];
298
299			if (isset($pconfig['mobile']))
300			$ph2ent['mobile'] = true;
301	a93e56c5	Matthew Grooms
302	9b915686	Ermal	if ($ph2found === true && $a_phase2[$p2index])
303	a93e56c5	Matthew Grooms	$a_phase2[$p2index] = $ph2ent;
304			else
305			$a_phase2[] = $ph2ent;
306
307	e92fb875	Seth Mos
308	a93e56c5	Matthew Grooms	write_config();
309	a368a026	Ermal Lu?i	mark_subsystem_dirty('ipsec');
310	a93e56c5	Matthew Grooms
311			header("Location: vpn_ipsec.php");
312			exit;
313			}
314			}
315
316	3462a529	Matthew Grooms	if ($pconfig['mobile'])
317	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
318	3462a529	Matthew Grooms	else
319	123929e0	Carlos Eduardo Ramos	$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
320	b32dd0a6	jim-p	$shortcut_section = "ipsec";
321	6deedfde	jim-p
322	3462a529	Matthew Grooms
323	a93e56c5	Matthew Grooms	include("head.inc");
324
325			?>
326
327			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
328			<?php include("fbegin.inc"); ?>
329	3a50eb39	Colin Fleming	<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
330	91f026b0	ayvis	<script type="text/javascript">
331	3a50eb39	Colin Fleming	//<![CDATA[
332	4b96b367	mgrooms
333			function change_mode() {
334			index = document.iform.mode.selectedIndex;
335			value = document.iform.mode.options[index].value;
336	3795d067	Seth Mos	if ((value == 'tunnel') \|\| (value == 'tunnel6')) {
337	4b96b367	mgrooms	document.getElementById('opt_localid').style.display = '';
338	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
339	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = '';
340	71880c96	pierrepomes	<?php endif; ?>
341	4b96b367	mgrooms	} else {
342			document.getElementById('opt_localid').style.display = 'none';
343	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
344	4b96b367	mgrooms	document.getElementById('opt_remoteid').style.display = 'none';
345	71880c96	pierrepomes	<?php endif; ?>
346	4b96b367	mgrooms	}
347			}
348
349	3c107b76	Ermal	function typesel_change_natlocal(bits) {
350			var value = document.iform.mode.options[index].value;
351			if (typeof(bits) === "undefined") {
352			if (value === "tunnel") {
353			bits = 24;
354			}
355			else if (value === "tunnel6") {
356			bits = 64;
357			}
358			}
359			var address_is_blank = !/\S/.test(document.iform.natlocalid_address.value);
360			switch (document.iform.natlocalid_type.selectedIndex) {
361			case 0: /* single */
362			document.iform.natlocalid_address.disabled = 0;
363			if (address_is_blank) {
364			document.iform.natlocalid_netbits.value = 0;
365			}
366			document.iform.natlocalid_netbits.disabled = 1;
367			break;
368			case 1: /* network */
369			document.iform.natlocalid_address.disabled = 0;
370			if (address_is_blank) {
371			document.iform.natlocalid_netbits.value = bits;
372			}
373			document.iform.natlocalid_netbits.disabled = 0;
374			break;
375			case 3: /* none */
376			document.iform.natlocalid_address.disabled = 1;
377			document.iform.natlocalid_netbits.disabled = 1;
378			break;
379			default:
380			document.iform.natlocalid_address.value = "";
381			document.iform.natlocalid_address.disabled = 1;
382			if (address_is_blank) {
383			document.iform.natlocalid_netbits.value = 0;
384			}
385			document.iform.natlocalid_netbits.disabled = 1;
386			break;
387			}
388			}
389
390	a93e56c5	Matthew Grooms	function typesel_change_local(bits) {
391	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
392			if (typeof(bits) === "undefined") {
393			if (value === "tunnel") {
394			bits = 24;
395			}
396			else if (value === "tunnel6") {
397			bits = 64;
398			}
399			}
400			var address_is_blank = !/\S/.test(document.iform.localid_address.value);
401	a93e56c5	Matthew Grooms	switch (document.iform.localid_type.selectedIndex) {
402			case 0: /* single */
403			document.iform.localid_address.disabled = 0;
404	c2feff64	Darren Embry	if (address_is_blank) {
405			document.iform.localid_netbits.value = 0;
406			}
407	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
408			break;
409			case 1: /* network */
410			document.iform.localid_address.disabled = 0;
411	c2feff64	Darren Embry	if (address_is_blank) {
412			document.iform.localid_netbits.value = bits;
413			}
414	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 0;
415			break;
416	63017a73	Ermal Lu?i	case 3: /* none */
417			document.iform.localid_address.disabled = 1;
418			document.iform.localid_netbits.disabled = 1;
419			break;
420	a93e56c5	Matthew Grooms	default:
421			document.iform.localid_address.value = "";
422			document.iform.localid_address.disabled = 1;
423	c2feff64	Darren Embry	if (address_is_blank) {
424			document.iform.localid_netbits.value = 0;
425			}
426	a93e56c5	Matthew Grooms	document.iform.localid_netbits.disabled = 1;
427			break;
428			}
429			}
430	3462a529	Matthew Grooms
431	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
432	3462a529	Matthew Grooms
433	a93e56c5	Matthew Grooms	function typesel_change_remote(bits) {
434	c2feff64	Darren Embry	var value = document.iform.mode.options[index].value;
435			if (typeof(bits) === "undefined") {
436			if (value === "tunnel") {
437			bits = 24;
438			}
439			else if (value === "tunnel6") {
440			bits = 64;
441			}
442			}
443			var address_is_blank = !/\S/.test(document.iform.remoteid_address.value);
444	a93e56c5	Matthew Grooms	switch (document.iform.remoteid_type.selectedIndex) {
445			case 0: /* single */
446			document.iform.remoteid_address.disabled = 0;
447	c2feff64	Darren Embry	if (address_is_blank) {
448			document.iform.remoteid_netbits.value = 0;
449			}
450	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
451			break;
452			case 1: /* network */
453			document.iform.remoteid_address.disabled = 0;
454	c2feff64	Darren Embry	if (address_is_blank) {
455			document.iform.remoteid_netbits.value = bits;
456			}
457	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 0;
458			break;
459			default:
460			document.iform.remoteid_address.value = "";
461			document.iform.remoteid_address.disabled = 1;
462	c2feff64	Darren Embry	if (address_is_blank) {
463			document.iform.remoteid_netbits.value = 0;
464			}
465	a93e56c5	Matthew Grooms	document.iform.remoteid_netbits.disabled = 1;
466			break;
467			}
468			}
469	3462a529	Matthew Grooms
470			<?php endif; ?>
471
472	4b96b367	mgrooms	function change_protocol() {
473	87e07f52	mgrooms	index = document.iform.proto.selectedIndex;
474			value = document.iform.proto.options[index].value;
475			if (value == 'esp')
476			document.getElementById('opt_enc').style.display = '';
477			else
478			document.getElementById('opt_enc').style.display = 'none';
479			}
480
481	3a50eb39	Colin Fleming	//]]>
482	a93e56c5	Matthew Grooms	</script>
483	5a3b0d3b	mgrooms
484			<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
485
486			<?php
487			if ($input_errors)
488			print_input_errors($input_errors);
489			?>
490
491	3a50eb39	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-2">
492	5a3b0d3b	mgrooms	<tr class="tabnavtbl">
493			<td id="tabnav">
494			<?php
495			$tab_array = array();
496	123929e0	Carlos Eduardo Ramos	$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
497			$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
498	2a2b247b	jim-p	$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
499	71172088	jim-p	$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
500	5a3b0d3b	mgrooms	display_top_tabs($tab_array);
501			?>
502			</td>
503			</tr>
504			<tr>
505			<td id="mainarea">
506			<div class="tabcont">
507	3a50eb39	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
508	5a3b0d3b	mgrooms	<tr>
509	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
510	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
511	3a50eb39	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
512	123929e0	Carlos Eduardo Ramos	<strong><?=gettext("Disable this phase2 entry"); ?></strong>
513	8cd558b6	ayvis	<br />
514	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
515			"removing it from the list"); ?>.
516	5a3b0d3b	mgrooms	</span>
517			</td>
518			</tr>
519			<tr>
520	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
521	4b96b367	mgrooms	<td width="78%" class="vtable">
522	3a50eb39	Colin Fleming	<select name="mode" class="formselect" onchange="change_mode()">
523	4b96b367	mgrooms	<?php
524			foreach($p2_modes as $name => $value):
525			$selected = "";
526			if ($name == $pconfig['mode'])
527	3a50eb39	Colin Fleming	$selected = "selected=\"selected\"";
528	4b96b367	mgrooms	?>
529			<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
530			<?php endforeach; ?>
531			</select>
532			</td>
533			</tr>
534			<tr id="opt_localid">
535	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
536	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
537	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="local network">
538	5a3b0d3b	mgrooms	<tr>
539	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
540	5a3b0d3b	mgrooms	<td></td>
541			<td>
542	3a50eb39	Colin Fleming	<select name="localid_type" class="formselect" onchange="typesel_change_local()">
543			<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected=\"selected\"";?>><?=gettext("Address"); ?></option>
544			<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected=\"selected\"";?>><?=gettext("Network"); ?></option>
545	d48dbceb	Erik Fonnesbeck	<?php
546			$iflist = get_configured_interface_with_descr();
547			foreach ($iflist as $ifname => $ifdescr):
548			?>
549	3a50eb39	Colin Fleming	<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected=\"selected\"";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
550	d48dbceb	Erik Fonnesbeck	<?php endforeach; ?>
551	5a3b0d3b	mgrooms	</select>
552			</td>
553			</tr>
554			<tr>
555	11c160b0	Rafael Lucas	<td><?=gettext("Address:");?>  </td>
556	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
557			<td>
558	3a50eb39	Colin Fleming	<input name="localid_address" type="text" class="formfld unknown ipv4v6" id="localid_address" size="28" value="<?=htmlspecialchars($pconfig['localid_address']);?>" />
559	5a3b0d3b	mgrooms	/
560	6255beda	Darren Embry	<select name="localid_netbits" class="formselect ipv4v6" id="localid_netbits">
561	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--): ?>
562	3a50eb39	Colin Fleming	<option value="<?=$i;?>" <?php if (isset($pconfig['localid_netbits']) && $i == $pconfig['localid_netbits']) echo "selected=\"selected\""; ?>>
563	5a3b0d3b	mgrooms	<?=$i;?>
564			</option>
565			<?php endfor; ?>
566			</select>
567			</td>
568			</tr>
569	3c107b76	Ermal	<tr> <td colspan="3">
570	8cd558b6	ayvis	<br />
571	3c107b76	Ermal	<?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?>
572			</td></tr>
573			<tr>
574			<td><?=gettext("Type"); ?>:  </td>
575			<td></td>
576			<td>
577	3a50eb39	Colin Fleming	<select name="natlocalid_type" class="formselect" onchange="typesel_change_natlocal()">
578			<option value="address" <?php if ($pconfig['natlocalid_type'] == "address") echo "selected=\"selected\"";?>><?=gettext("Address"); ?></option>
579			<option value="network" <?php if ($pconfig['natlocalid_type'] == "network") echo "selected=\"selected\"";?>><?=gettext("Network"); ?></option>
580	3c107b76	Ermal	<?php
581			$iflist = get_configured_interface_with_descr();
582			foreach ($iflist as $ifname => $ifdescr):
583			?>
584	3a50eb39	Colin Fleming	<option value="<?=$ifname; ?>" <?php if ($pconfig['natlocalid_type'] == $ifname ) echo "selected=\"selected\"";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
585	3c107b76	Ermal	<?php endforeach; ?>
586	3a50eb39	Colin Fleming	<option value="none" <?php if (empty($pconfig['natlocalid_type']) \|\| $pconfig['natlocalid_type'] == "none" ) echo "selected=\"selected\"";?>><?=gettext("None"); ?></option>
587	3c107b76	Ermal	</select>
588			</td>
589			</tr>
590			<tr>
591			<td><?=gettext("Address:");?>  </td>
592			<td><?=$mandfldhtmlspc;?></td>
593			<td>
594	3a50eb39	Colin Fleming	<input name="natlocalid_address" type="text" class="formfld unknown ipv4v6" id="natlocalid_address" size="28" value="<?=htmlspecialchars($pconfig['natlocalid_address']);?>" />
595	3c107b76	Ermal	/
596			<select name="natlocalid_netbits" class="formselect ipv4v6" id="natlocalid_netbits">
597			<?php for ($i = 128; $i >= 0; $i--): ?>
598	3a50eb39	Colin Fleming	<option value="<?=$i;?>" <?php if (isset($pconfig['natlocalid_netbits']) && $i == $pconfig['natlocalid_netbits']) echo "selected=\"selected\""; ?>>
599	3c107b76	Ermal	<?=$i;?>
600			</option>
601			<?php endfor; ?>
602			</select>
603			</td>
604			</tr>
605	5a3b0d3b	mgrooms	</table>
606			</td>
607			</tr>
608
609			<?php if (!isset($pconfig['mobile'])): ?>
610
611	4b96b367	mgrooms	<tr id="opt_remoteid">
612	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
613	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
614	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="remote network">
615	5a3b0d3b	mgrooms	<tr>
616	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Type"); ?>:  </td>
617	5a3b0d3b	mgrooms	<td></td>
618			<td>
619	3a50eb39	Colin Fleming	<select name="remoteid_type" class="formselect" onchange="typesel_change_remote()">
620			<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected=\"selected\""; ?>><?=gettext("Address"); ?></option>
621			<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
622	5a3b0d3b	mgrooms	</select>
623			</td>
624			</tr>
625			<tr>
626	123929e0	Carlos Eduardo Ramos	<td><?=gettext("Address"); ?>:  </td>
627	5a3b0d3b	mgrooms	<td><?=$mandfldhtmlspc;?></td>
628			<td>
629	3a50eb39	Colin Fleming	<input name="remoteid_address" type="text" class="formfld unknown ipv4v6" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>" />
630	5a3b0d3b	mgrooms	/
631	6255beda	Darren Embry	<select name="remoteid_netbits" class="formselect ipv4v6" id="remoteid_netbits">
632	3795d067	Seth Mos	<?php for ($i = 128; $i >= 0; $i--) {
633	184d50b5	Ermal Lu?i
634			echo "<option value=\"{$i}\"";
635	3a50eb39	Colin Fleming	if (isset($pconfig['remoteid_netbits']) && $i == $pconfig['remoteid_netbits']) echo " selected=\"selected\"";
636	184d50b5	Ermal Lu?i	echo ">{$i}</option>\n";
637			} ?>
638	5a3b0d3b	mgrooms	</select>
639			</td>
640			</tr>
641			</table>
642	a93e56c5	Matthew Grooms	</td>
643	5a3b0d3b	mgrooms	</tr>
644
645	3462a529	Matthew Grooms	<?php endif; ?>
646	5a3b0d3b	mgrooms
647			<tr>
648	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
649	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
650	3a50eb39	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
651	8cd558b6	ayvis	<br />
652	5a3b0d3b	mgrooms	<span class="vexpl">
653	123929e0	Carlos Eduardo Ramos	<?=gettext("You may enter a description here " .
654			"for your reference (not parsed)"); ?>.
655	5a3b0d3b	mgrooms	</span>
656			</td>
657			</tr>
658			<tr>
659			<td colspan="2" class="list" height="12"></td>
660			</tr>
661			<tr>
662			<td colspan="2" valign="top" class="listtopic">
663	123929e0	Carlos Eduardo Ramos	<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
664	5a3b0d3b	mgrooms	</td>
665			</tr>
666			<tr>
667	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
668	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
669	3a50eb39	Colin Fleming	<select name="proto" class="formselect" onchange="change_protocol()">
670	5a3b0d3b	mgrooms	<?php foreach ($p2_protos as $proto => $protoname): ?>
671	3a50eb39	Colin Fleming	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected=\"selected\""; ?>>
672	5a3b0d3b	mgrooms	<?=htmlspecialchars($protoname);?>
673			</option>
674			<?php endforeach; ?>
675			</select>
676	8cd558b6	ayvis	<br />
677	5a3b0d3b	mgrooms	<span class="vexpl">
678	123929e0	Carlos Eduardo Ramos	<?=gettext("ESP is encryption, AH is authentication only"); ?>
679	5a3b0d3b	mgrooms	</span>
680			</td>
681			</tr>
682	87e07f52	mgrooms	<tr id="opt_enc">
683	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
684	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
685	3a50eb39	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="encryption">
686	5a3b0d3b	mgrooms	<?php
687			foreach ($p2_ealgos as $algo => $algodata):
688			$checked = '';
689	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos']) && in_array($algo,$pconfig['ealgos']))
690	3a50eb39	Colin Fleming	$checked = " checked=\"checked\"";
691	5a3b0d3b	mgrooms	?>
692			<tr>
693			<td>
694	3a50eb39	Colin Fleming	<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?> />
695	5a3b0d3b	mgrooms	</td>
696			<td>
697			<?=htmlspecialchars($algodata['name']);?>
698			</td>
699			<td>
700			<?php if(is_array($algodata['keysel'])): ?>
701
702			<select name="keylen_<?=$algo;?>" class="formselect">
703	123929e0	Carlos Eduardo Ramos	<option value="auto"><?=gettext("auto"); ?></option>
704	5a3b0d3b	mgrooms	<?php
705			$key_hi = $algodata['keysel']['hi'];
706			$key_lo = $algodata['keysel']['lo'];
707			$key_step = $algodata['keysel']['step'];
708			for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
709	3a50eb39	Colin Fleming	$selected = "";
710	5a3b0d3b	mgrooms	// if ($checked && in_array("keylen_".$algo,$pconfig))
711			if ($keylen == $pconfig["keylen_".$algo])
712	3a50eb39	Colin Fleming	$selected = " selected=\"selected\"";
713	5a3b0d3b	mgrooms	?>
714	123929e0	Carlos Eduardo Ramos	<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
715	5a3b0d3b	mgrooms	<?php endfor; ?>
716			</select>
717			<?php endif; ?>
718			</td>
719			</tr>
720
721			<?php endforeach; ?>
722
723			</table>
724	8cd558b6	ayvis	<br />
725	123929e0	Carlos Eduardo Ramos	<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
726			"crypto accelerator card. Blowfish is usually the fastest in " .
727			"software encryption"); ?>.
728	5a3b0d3b	mgrooms	</td>
729			</tr>
730			<tr>
731	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
732	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
733			<?php foreach ($p2_halgos as $algo => $algoname): ?>
734	3a50eb39	Colin Fleming	<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked=\"checked\""; ?> />
735	5a3b0d3b	mgrooms	<?=htmlspecialchars($algoname);?>
736	8cd558b6	ayvis	<br />
737	5a3b0d3b	mgrooms	<?php endforeach; ?>
738			</td>
739			</tr>
740			<tr>
741	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
742	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
743			<?php if (!isset($pconfig['mobile']) \|\| !isset($a_client['pfs_group'])): ?>
744			<select name="pfsgroup" class="formselect">
745			<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
746	3a50eb39	Colin Fleming	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected=\"selected\""; ?>>
747	5a3b0d3b	mgrooms	<?=htmlspecialchars($keygroupname);?>
748			</option>
749			<?php endforeach; ?>
750			</select>
751	8cd558b6	ayvis	<br />
752	5a3b0d3b	mgrooms	<?php else: ?>
753
754	3a50eb39	Colin Fleming	<select class="formselect" disabled="disabled">
755			<option selected="selected"><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
756	5a3b0d3b	mgrooms	</select>
757	3a50eb39	Colin Fleming	<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>" />
758	8cd558b6	ayvis	<br />
759	123929e0	Carlos Eduardo Ramos	<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
760	5a3b0d3b	mgrooms	<?php endif; ?>
761			</td>
762			</tr>
763			<tr>
764	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
765	5a3b0d3b	mgrooms	<td width="78%" class="vtable">
766	3a50eb39	Colin Fleming	<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />
767	123929e0	Carlos Eduardo Ramos	<?=gettext("seconds"); ?>
768	5a3b0d3b	mgrooms	</td>
769			</tr>
770	87e07f52	mgrooms	<tr>
771			<td colspan="2" class="list" height="12"></td>
772			</tr>
773			<tr>
774	123929e0	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
775	87e07f52	mgrooms	</tr>
776			<tr>
777	123929e0	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
778	87e07f52	mgrooms	<td width="78%" class="vtable">
779	3a50eb39	Colin Fleming	<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="28" value="<?=htmlspecialchars($pconfig['pinghost']);?>" />
780	123929e0	Carlos Eduardo Ramos	<?=gettext("IP address"); ?>
781	87e07f52	mgrooms	</td>
782			</tr>
783	5a3b0d3b	mgrooms	<tr>
784			<td width="22%" valign="top"> </td>
785			<td width="78%">
786			<?php if ($pconfig['mobile']): ?>
787	3a50eb39	Colin Fleming	<input name="mobile" type="hidden" value="true" />
788			<input name="remoteid_type" type="hidden" value="mobile" />
789	5a3b0d3b	mgrooms	<?php endif; ?>
790	3a50eb39	Colin Fleming	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
791			<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" />
792	9b915686	Ermal	<input name="uniqid" type="hidden" value="<?=htmlspecialchars($pconfig['uniqid']);?>" />
793	5a3b0d3b	mgrooms	</td>
794			</tr>
795			</table>
796			</div>
797			</td>
798			</tr>
799			</table>
800	a93e56c5	Matthew Grooms	</form>
801	3a50eb39	Colin Fleming	<script type="text/javascript">
802			//<![CDATA[
803	dd5bf424	Scott Ullrich	change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
804			change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
805			typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
806	3c107b76	Ermal	typesel_change_natlocal(<?=htmlspecialchars($pconfig['natlocalid_netbits'])?>);
807	71880c96	pierrepomes	<?php if (!isset($pconfig['mobile'])): ?>
808	dd5bf424	Scott Ullrich	typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
809	71880c96	pierrepomes	<?php endif; ?>
810	3a50eb39	Colin Fleming	//]]>
811	a93e56c5	Matthew Grooms	</script>
812			<?php include("fend.inc"); ?>
813	3462a529	Matthew Grooms	</body>
814			</html>
815	a93e56c5	Matthew Grooms
816			<?php
817
818	3462a529	Matthew Grooms	/* local utility functions */
819
820	a93e56c5	Matthew Grooms	function pconfig_to_ealgos(& $pconfig) {
821			global $p2_ealgos;
822
823			$ealgos = array();
824	b20a5cdb	Pierre POMES	if (is_array($pconfig['ealgos'])) {
825			foreach ($p2_ealgos as $algo_name => $algo_data) {
826			if (in_array($algo_name,$pconfig['ealgos'])) {
827			$ealg = array();
828			$ealg['name'] = $algo_name;
829			if (is_array($algo_data['keysel']))
830			$ealg['keylen'] = $_POST["keylen_".$algo_name];
831			$ealgos[] = $ealg;
832			}
833	a93e56c5	Matthew Grooms	}
834			}
835
836			return $ealgos;
837			}
838
839			function ealgos_to_pconfig(& $ealgos,& $pconfig) {
840
841			$pconfig['ealgos'] = array();
842			foreach ($ealgos as $algo_data) {
843			$pconfig['ealgos'][] = $algo_data['name'];
844			if (isset($algo_data['keylen']))
845			$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
846			}
847
848			return $ealgos;
849			}
850
851			function pconfig_to_idinfo($prefix,& $pconfig) {
852
853			$type = $pconfig[$prefix."id_type"];
854			$address = $pconfig[$prefix."id_address"];
855			$netbits = $pconfig[$prefix."id_netbits"];
856
857			switch( $type )
858			{
859			case "address":
860			return array('type' => $type, 'address' => $address);
861			case "network":
862			return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
863			default:
864			return array('type' => $type );
865			}
866			}
867
868			function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
869
870			switch( $idinfo['type'] )
871			{
872			case "address":
873			$pconfig[$prefix."id_type"] = $idinfo['type'];
874			$pconfig[$prefix."id_address"] = $idinfo['address'];
875			break;
876			case "network":
877			$pconfig[$prefix."id_type"] = $idinfo['type'];
878			$pconfig[$prefix."id_address"] = $idinfo['address'];
879			$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
880			break;
881			default:
882			$pconfig[$prefix."id_type"] = $idinfo['type'];
883			break;
884			}
885			}
886
887			?>

Projet

Général

Profil

UnivNautes

univnautes / usr / local / www / vpn_ipsec_phase2.php @ c650b2f7