1 |
a93e56c5
|
Matthew Grooms
|
<?php
|
2 |
|
|
/*
|
3 |
|
|
vpn_ipsec_phase2.php
|
4 |
|
|
part of m0n0wall (http://m0n0.ch/wall)
|
5 |
|
|
|
6 |
|
|
Copyright (C) 2008 Shrew Soft Inc
|
7 |
|
|
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
|
8 |
|
|
All rights reserved.
|
9 |
|
|
|
10 |
|
|
Redistribution and use in source and binary forms, with or without
|
11 |
|
|
modification, are permitted provided that the following conditions are met:
|
12 |
|
|
|
13 |
|
|
1. Redistributions of source code must retain the above copyright notice,
|
14 |
|
|
this list of conditions and the following disclaimer.
|
15 |
|
|
|
16 |
|
|
2. Redistributions in binary form must reproduce the above copyright
|
17 |
|
|
notice, this list of conditions and the following disclaimer in the
|
18 |
|
|
documentation and/or other materials provided with the distribution.
|
19 |
|
|
|
20 |
|
|
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
21 |
|
|
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
22 |
|
|
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
23 |
|
|
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
24 |
|
|
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
25 |
|
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
26 |
|
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
27 |
|
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
28 |
|
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
29 |
|
|
POSSIBILITY OF SUCH DAMAGE.
|
30 |
|
|
*/
|
31 |
|
|
|
32 |
6b07c15a
|
Matthew Grooms
|
##|+PRIV
|
33 |
|
|
##|*IDENT=page-vpn-ipsec-editphase2
|
34 |
|
|
##|*NAME=VPN: IPsec: Edit Phase 2 page
|
35 |
|
|
##|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
|
36 |
|
|
##|*MATCH=vpn_ipsec_phase2.php*
|
37 |
|
|
##|-PRIV
|
38 |
|
|
|
39 |
0f84b741
|
Scott Ullrich
|
require("functions.inc");
|
40 |
a93e56c5
|
Matthew Grooms
|
require("guiconfig.inc");
|
41 |
483e6de8
|
Scott Ullrich
|
require_once("ipsec.inc");
|
42 |
|
|
require_once("vpn.inc");
|
43 |
a93e56c5
|
Matthew Grooms
|
|
44 |
3462a529
|
Matthew Grooms
|
if (!is_array($config['ipsec']['client']))
|
45 |
|
|
$config['ipsec']['client'] = array();
|
46 |
|
|
|
47 |
|
|
$a_client = &$config['ipsec']['client'];
|
48 |
|
|
|
49 |
a93e56c5
|
Matthew Grooms
|
if (!is_array($config['ipsec']['phase2']))
|
50 |
|
|
$config['ipsec']['phase2'] = array();
|
51 |
|
|
|
52 |
|
|
$a_phase2 = &$config['ipsec']['phase2'];
|
53 |
|
|
|
54 |
9b915686
|
Ermal
|
if (!empty($_GET['p2index']))
|
55 |
|
|
$uindex = $_GET['p2index'];
|
56 |
|
|
if (!empty($_POST['uniqid']))
|
57 |
|
|
$uindex = $_POST['uniqid'];
|
58 |
|
|
|
59 |
|
|
if (!empty($_GET['dup']))
|
60 |
|
|
$uindex = $_GET['dup'];
|
61 |
|
|
|
62 |
|
|
$ph2found = false;
|
63 |
|
|
if (isset($uindex)) {
|
64 |
|
|
foreach ($a_phase2 as $p2index => $ph2) {
|
65 |
|
|
if ($ph2['uniqid'] == $uindex) {
|
66 |
|
|
$ph2found = true;
|
67 |
|
|
break;
|
68 |
|
|
}
|
69 |
|
|
}
|
70 |
|
|
}
|
71 |
a93e56c5
|
Matthew Grooms
|
|
72 |
9b915686
|
Ermal
|
if ($ph2found === true)
|
73 |
a93e56c5
|
Matthew Grooms
|
{
|
74 |
9b915686
|
Ermal
|
$pconfig['ikeid'] = $ph2['ikeid'];
|
75 |
|
|
$pconfig['disabled'] = isset($ph2['disabled']);
|
76 |
|
|
$pconfig['mode'] = $ph2['mode'];
|
77 |
|
|
$pconfig['descr'] = $ph2['descr'];
|
78 |
|
|
$pconfig['uniqid'] = $ph2['uniqid'];
|
79 |
|
|
|
80 |
|
|
if (!empty($ph2['natlocalid']))
|
81 |
|
|
idinfo_to_pconfig("natlocal",$ph2['natlocalid'],$pconfig);
|
82 |
|
|
idinfo_to_pconfig("local",$ph2['localid'],$pconfig);
|
83 |
|
|
idinfo_to_pconfig("remote",$ph2['remoteid'],$pconfig);
|
84 |
|
|
|
85 |
|
|
$pconfig['proto'] = $ph2['protocol'];
|
86 |
|
|
ealgos_to_pconfig($ph2['encryption-algorithm-option'],$pconfig);
|
87 |
|
|
$pconfig['halgos'] = $ph2['hash-algorithm-option'];
|
88 |
|
|
$pconfig['pfsgroup'] = $ph2['pfsgroup'];
|
89 |
|
|
$pconfig['lifetime'] = $ph2['lifetime'];
|
90 |
|
|
$pconfig['pinghost'] = $ph2['pinghost'];
|
91 |
|
|
|
92 |
|
|
if (isset($ph2['mobile']))
|
93 |
3462a529
|
Matthew Grooms
|
$pconfig['mobile'] = true;
|
94 |
a93e56c5
|
Matthew Grooms
|
}
|
95 |
|
|
else
|
96 |
|
|
{
|
97 |
|
|
$pconfig['ikeid'] = $_GET['ikeid'];
|
98 |
|
|
|
99 |
|
|
/* defaults */
|
100 |
|
|
$pconfig['localid_type'] = "lan";
|
101 |
|
|
$pconfig['remoteid_type'] = "network";
|
102 |
|
|
$pconfig['proto'] = "esp";
|
103 |
|
|
$pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes");
|
104 |
|
|
$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
|
105 |
|
|
$pconfig['pfsgroup'] = "0";
|
106 |
|
|
$pconfig['lifetime'] = "3600";
|
107 |
9b915686
|
Ermal
|
$pconfig['uniqid'] = uniqid();
|
108 |
3462a529
|
Matthew Grooms
|
|
109 |
9b915686
|
Ermal
|
/* mobile client */
|
110 |
|
|
if($_GET['mobile'])
|
111 |
|
|
$pconfig['mobile']=true;
|
112 |
a93e56c5
|
Matthew Grooms
|
}
|
113 |
|
|
|
114 |
9b915686
|
Ermal
|
unset($ph2);
|
115 |
|
|
if (!empty($_GET['dup'])) {
|
116 |
|
|
unset($uindex);
|
117 |
a93e56c5
|
Matthew Grooms
|
unset($p2index);
|
118 |
9b915686
|
Ermal
|
$pconfig['uniqid'] = uniqid();
|
119 |
|
|
}
|
120 |
a93e56c5
|
Matthew Grooms
|
|
121 |
|
|
if ($_POST) {
|
122 |
|
|
|
123 |
|
|
unset($input_errors);
|
124 |
|
|
$pconfig = $_POST;
|
125 |
|
|
|
126 |
|
|
if (!isset( $_POST['ikeid']))
|
127 |
123929e0
|
Carlos Eduardo Ramos
|
$input_errors[] = gettext("A valid ikeid must be specified.");
|
128 |
a93e56c5
|
Matthew Grooms
|
|
129 |
|
|
/* input validation */
|
130 |
c650b2f7
|
Ermal
|
$reqdfields = explode(" ", "localid_type uniqid");
|
131 |
|
|
$reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier"));
|
132 |
3462a529
|
Matthew Grooms
|
if (!isset($pconfig['mobile'])){
|
133 |
|
|
$reqdfields[] = "remoteid_type";
|
134 |
123929e0
|
Carlos Eduardo Ramos
|
$reqdfieldsn[] = gettext("Remote network type");
|
135 |
3462a529
|
Matthew Grooms
|
}
|
136 |
a93e56c5
|
Matthew Grooms
|
|
137 |
1e9b4611
|
Renato Botelho
|
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
|
138 |
a93e56c5
|
Matthew Grooms
|
|
139 |
3795d067
|
Seth Mos
|
if(($pconfig['mode'] == "tunnel") || ($pconfig['mode'] == "tunnel6"))
|
140 |
4b96b367
|
mgrooms
|
{
|
141 |
|
|
switch ($pconfig['localid_type']) {
|
142 |
|
|
case "network":
|
143 |
184d50b5
|
Ermal Lu?i
|
if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) || !is_numeric($pconfig['localid_netbits']))
|
144 |
123929e0
|
Carlos Eduardo Ramos
|
$input_errors[] = gettext("A valid local network bit count must be specified.");
|
145 |
4b96b367
|
mgrooms
|
case "address":
|
146 |
|
|
if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address']))
|
147 |
123929e0
|
Carlos Eduardo Ramos
|
$input_errors[] = gettext("A valid local network IP address must be specified.");
|
148 |
e4ffca08
|
Renato Botelho
|
elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel"))
|
149 |
|
|
$input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6");
|
150 |
|
|
elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6"))
|
151 |
|
|
$input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4");
|
152 |
4b96b367
|
mgrooms
|
break;
|
153 |
|
|
}
|
154 |
a5a483e0
|
jim-p
|
/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
|
155 |
|
|
if (is_array($config['interfaces'][$pconfig['localid_type']])) {
|
156 |
|
|
// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
|
157 |
|
|
$address = get_interface_ip($pconfig['localid_type']);
|
158 |
|
|
$netbits = get_interface_subnet($pconfig['localid_type']);
|
159 |
|
|
|
160 |
|
|
if (empty($address) || empty($netbits))
|
161 |
|
|
$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
|
162 |
|
|
}
|
163 |
3c107b76
|
Ermal
|
|
164 |
72dd4f07
|
Ermal
|
if (!empty($pconfig['natlocalid_address'])) {
|
165 |
261e72f0
|
Ermal
|
switch ($pconfig['natlocalid_type']) {
|
166 |
|
|
case "network":
|
167 |
|
|
if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) || !is_numeric($pconfig['natlocalid_netbits']))
|
168 |
324e112d
|
Chris Buechler
|
$input_errors[] = gettext("A valid NAT local network bit count must be specified.");
|
169 |
8d1a9e58
|
Ermal
|
if ($pconfig['localid_type'] == "address")
|
170 |
|
|
$input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
|
171 |
261e72f0
|
Ermal
|
case "address":
|
172 |
|
|
if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address']))
|
173 |
324e112d
|
Chris Buechler
|
$input_errors[] = gettext("A valid NAT local network IP address must be specified.");
|
174 |
e4ffca08
|
Renato Botelho
|
elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel"))
|
175 |
324e112d
|
Chris Buechler
|
$input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6");
|
176 |
e4ffca08
|
Renato Botelho
|
elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6"))
|
177 |
324e112d
|
Chris Buechler
|
$input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4");
|
178 |
261e72f0
|
Ermal
|
break;
|
179 |
|
|
}
|
180 |
|
|
|
181 |
|
|
if (is_array($config['interfaces'][$pconfig['natlocalid_type']])) {
|
182 |
|
|
// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
|
183 |
|
|
$address = get_interface_ip($pconfig['natlocalid_type']);
|
184 |
|
|
$netbits = get_interface_subnet($pconfig['natlocalid_type']);
|
185 |
|
|
|
186 |
|
|
if (empty($address) || empty($netbits))
|
187 |
|
|
$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['natlocalid_type']) . " " . gettext("has no subnet.");
|
188 |
|
|
}
|
189 |
3c107b76
|
Ermal
|
}
|
190 |
a5a483e0
|
jim-p
|
|
191 |
4b96b367
|
mgrooms
|
switch ($pconfig['remoteid_type']) {
|
192 |
|
|
case "network":
|
193 |
184d50b5
|
Ermal Lu?i
|
if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits']))
|
194 |
123929e0
|
Carlos Eduardo Ramos
|
$input_errors[] = gettext("A valid remote network bit count must be specified.");
|
195 |
4b96b367
|
mgrooms
|
case "address":
|
196 |
|
|
if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address']))
|
197 |
123929e0
|
Carlos Eduardo Ramos
|
$input_errors[] = gettext("A valid remote network IP address must be specified.");
|
198 |
e4ffca08
|
Renato Botelho
|
elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel"))
|
199 |
|
|
$input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6");
|
200 |
|
|
elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6"))
|
201 |
|
|
$input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4");
|
202 |
4b96b367
|
mgrooms
|
break;
|
203 |
|
|
}
|
204 |
a93e56c5
|
Matthew Grooms
|
}
|
205 |
538b6eb3
|
Evgeny Yurchenko
|
/* Validate enabled phase2's are not duplicates */
|
206 |
061f28bf
|
Evgeny Yurchenko
|
if (isset($pconfig['mobile'])){
|
207 |
538b6eb3
|
Evgeny Yurchenko
|
/* User is adding phase 2 for mobile phase1 */
|
208 |
b717f1bc
|
Evgeny Yurchenko
|
foreach($a_phase2 as $key => $name){
|
209 |
9b915686
|
Ermal
|
if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) {
|
210 |
061f28bf
|
Evgeny Yurchenko
|
/* check duplicate localids only for mobile clents */
|
211 |
d83045b5
|
Ermal
|
$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
|
212 |
3da5c50d
|
Evgeny Yurchenko
|
$entered = array();
|
213 |
|
|
$entered['type'] = $pconfig['localid_type'];
|
214 |
|
|
if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
|
215 |
|
|
if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
|
216 |
d83045b5
|
Ermal
|
$entered_localid_data = ipsec_idinfo_to_cidr($entered, false, $pconfig['mode']);
|
217 |
b717f1bc
|
Evgeny Yurchenko
|
if ($localid_data == $entered_localid_data){
|
218 |
9b915686
|
Ermal
|
/* adding new p2 entry */
|
219 |
|
|
$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
|
220 |
|
|
break;
|
221 |
061f28bf
|
Evgeny Yurchenko
|
}
|
222 |
|
|
}
|
223 |
|
|
}
|
224 |
538b6eb3
|
Evgeny Yurchenko
|
}else{
|
225 |
|
|
/* User is adding phase 2 for site-to-site phase1 */
|
226 |
|
|
$input_error = 0;
|
227 |
b717f1bc
|
Evgeny Yurchenko
|
foreach($a_phase2 as $key => $name){
|
228 |
9b915686
|
Ermal
|
if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid'] && $pconfig['uniqid'] != $name['uniqid']) {
|
229 |
538b6eb3
|
Evgeny Yurchenko
|
/* check duplicate subnets only for given phase1 */
|
230 |
d83045b5
|
Ermal
|
$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
|
231 |
|
|
$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid'], false, $name['mode']);
|
232 |
3da5c50d
|
Evgeny Yurchenko
|
$entered_local = array();
|
233 |
|
|
$entered_local['type'] = $pconfig['localid_type'];
|
234 |
|
|
if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
|
235 |
|
|
if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
|
236 |
d83045b5
|
Ermal
|
$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
|
237 |
3da5c50d
|
Evgeny Yurchenko
|
$entered_remote = array();
|
238 |
|
|
$entered_remote['type'] = $pconfig['remoteid_type'];
|
239 |
|
|
if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
|
240 |
|
|
if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
|
241 |
d83045b5
|
Ermal
|
$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
|
242 |
3da5c50d
|
Evgeny Yurchenko
|
if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
|
243 |
9b915686
|
Ermal
|
/* adding new p2 entry */
|
244 |
|
|
$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
|
245 |
|
|
break;
|
246 |
538b6eb3
|
Evgeny Yurchenko
|
}
|
247 |
|
|
}
|
248 |
|
|
}
|
249 |
|
|
}
|
250 |
3462a529
|
Matthew Grooms
|
|
251 |
b20a5cdb
|
Pierre POMES
|
/* For ESP protocol, handle encryption algorithms */
|
252 |
|
|
if ( $pconfig['proto'] == "esp") {
|
253 |
|
|
$ealgos = pconfig_to_ealgos($pconfig);
|
254 |
|
|
|
255 |
|
|
if (!count($ealgos)) {
|
256 |
|
|
$input_errors[] = gettext("At least one encryption algorithm must be selected.");
|
257 |
c650b2f7
|
Ermal
|
} else {
|
258 |
|
|
if (empty($pconfig['halgo'])) {
|
259 |
|
|
foreach ($ealgos as $ealgo) {
|
260 |
|
|
if (!strpos($ealgo['name'], "gcm")) {
|
261 |
|
|
$input_errors[] = gettext("At least one hashing algorithm needs to be selected.");
|
262 |
|
|
break;
|
263 |
|
|
}
|
264 |
|
|
}
|
265 |
|
|
}
|
266 |
b20a5cdb
|
Pierre POMES
|
}
|
267 |
c650b2f7
|
Ermal
|
|
268 |
a93e56c5
|
Matthew Grooms
|
}
|
269 |
|
|
if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
|
270 |
123929e0
|
Carlos Eduardo Ramos
|
$input_errors[] = gettext("The P2 lifetime must be an integer.");
|
271 |
a93e56c5
|
Matthew Grooms
|
}
|
272 |
|
|
|
273 |
|
|
if (!$input_errors) {
|
274 |
3462a529
|
Matthew Grooms
|
|
275 |
9b915686
|
Ermal
|
$ph2ent = array();
|
276 |
3462a529
|
Matthew Grooms
|
$ph2ent['ikeid'] = $pconfig['ikeid'];
|
277 |
9b915686
|
Ermal
|
$ph2ent['uniqid'] = $pconfig['uniqid'];
|
278 |
4b96b367
|
mgrooms
|
$ph2ent['mode'] = $pconfig['mode'];
|
279 |
3462a529
|
Matthew Grooms
|
$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
|
280 |
|
|
|
281 |
3795d067
|
Seth Mos
|
if(($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")){
|
282 |
72dd4f07
|
Ermal
|
if (!empty($pconfig['natlocalid_address']))
|
283 |
3c107b76
|
Ermal
|
$ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal",$pconfig);
|
284 |
4b96b367
|
mgrooms
|
$ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
|
285 |
|
|
$ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
|
286 |
|
|
}
|
287 |
3462a529
|
Matthew Grooms
|
|
288 |
|
|
$ph2ent['protocol'] = $pconfig['proto'];
|
289 |
a93e56c5
|
Matthew Grooms
|
$ph2ent['encryption-algorithm-option'] = $ealgos;
|
290 |
c650b2f7
|
Ermal
|
if (!empty($pconfig['halgos']))
|
291 |
|
|
$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
|
292 |
|
|
else
|
293 |
|
|
unset($ph2ent['hash-algorithm-option']);
|
294 |
3462a529
|
Matthew Grooms
|
$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
|
295 |
|
|
$ph2ent['lifetime'] = $pconfig['lifetime'];
|
296 |
87e07f52
|
mgrooms
|
$ph2ent['pinghost'] = $pconfig['pinghost'];
|
297 |
3462a529
|
Matthew Grooms
|
$ph2ent['descr'] = $pconfig['descr'];
|
298 |
|
|
|
299 |
|
|
if (isset($pconfig['mobile']))
|
300 |
|
|
$ph2ent['mobile'] = true;
|
301 |
a93e56c5
|
Matthew Grooms
|
|
302 |
9b915686
|
Ermal
|
if ($ph2found === true && $a_phase2[$p2index])
|
303 |
a93e56c5
|
Matthew Grooms
|
$a_phase2[$p2index] = $ph2ent;
|
304 |
|
|
else
|
305 |
|
|
$a_phase2[] = $ph2ent;
|
306 |
|
|
|
307 |
e92fb875
|
Seth Mos
|
|
308 |
a93e56c5
|
Matthew Grooms
|
write_config();
|
309 |
a368a026
|
Ermal Lu?i
|
mark_subsystem_dirty('ipsec');
|
310 |
a93e56c5
|
Matthew Grooms
|
|
311 |
|
|
header("Location: vpn_ipsec.php");
|
312 |
|
|
exit;
|
313 |
|
|
}
|
314 |
|
|
}
|
315 |
|
|
|
316 |
3462a529
|
Matthew Grooms
|
if ($pconfig['mobile'])
|
317 |
123929e0
|
Carlos Eduardo Ramos
|
$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
|
318 |
3462a529
|
Matthew Grooms
|
else
|
319 |
123929e0
|
Carlos Eduardo Ramos
|
$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
|
320 |
b32dd0a6
|
jim-p
|
$shortcut_section = "ipsec";
|
321 |
6deedfde
|
jim-p
|
|
322 |
3462a529
|
Matthew Grooms
|
|
323 |
a93e56c5
|
Matthew Grooms
|
include("head.inc");
|
324 |
|
|
|
325 |
|
|
?>
|
326 |
|
|
|
327 |
|
|
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
|
328 |
|
|
<?php include("fbegin.inc"); ?>
|
329 |
3a50eb39
|
Colin Fleming
|
<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
|
330 |
91f026b0
|
ayvis
|
<script type="text/javascript">
|
331 |
3a50eb39
|
Colin Fleming
|
//<![CDATA[
|
332 |
4b96b367
|
mgrooms
|
|
333 |
|
|
function change_mode() {
|
334 |
|
|
index = document.iform.mode.selectedIndex;
|
335 |
|
|
value = document.iform.mode.options[index].value;
|
336 |
3795d067
|
Seth Mos
|
if ((value == 'tunnel') || (value == 'tunnel6')) {
|
337 |
4b96b367
|
mgrooms
|
document.getElementById('opt_localid').style.display = '';
|
338 |
71880c96
|
pierrepomes
|
<?php if (!isset($pconfig['mobile'])): ?>
|
339 |
4b96b367
|
mgrooms
|
document.getElementById('opt_remoteid').style.display = '';
|
340 |
71880c96
|
pierrepomes
|
<?php endif; ?>
|
341 |
4b96b367
|
mgrooms
|
} else {
|
342 |
|
|
document.getElementById('opt_localid').style.display = 'none';
|
343 |
71880c96
|
pierrepomes
|
<?php if (!isset($pconfig['mobile'])): ?>
|
344 |
4b96b367
|
mgrooms
|
document.getElementById('opt_remoteid').style.display = 'none';
|
345 |
71880c96
|
pierrepomes
|
<?php endif; ?>
|
346 |
4b96b367
|
mgrooms
|
}
|
347 |
|
|
}
|
348 |
|
|
|
349 |
3c107b76
|
Ermal
|
function typesel_change_natlocal(bits) {
|
350 |
|
|
var value = document.iform.mode.options[index].value;
|
351 |
|
|
if (typeof(bits) === "undefined") {
|
352 |
|
|
if (value === "tunnel") {
|
353 |
|
|
bits = 24;
|
354 |
|
|
}
|
355 |
|
|
else if (value === "tunnel6") {
|
356 |
|
|
bits = 64;
|
357 |
|
|
}
|
358 |
|
|
}
|
359 |
|
|
var address_is_blank = !/\S/.test(document.iform.natlocalid_address.value);
|
360 |
|
|
switch (document.iform.natlocalid_type.selectedIndex) {
|
361 |
|
|
case 0: /* single */
|
362 |
|
|
document.iform.natlocalid_address.disabled = 0;
|
363 |
|
|
if (address_is_blank) {
|
364 |
|
|
document.iform.natlocalid_netbits.value = 0;
|
365 |
|
|
}
|
366 |
|
|
document.iform.natlocalid_netbits.disabled = 1;
|
367 |
|
|
break;
|
368 |
|
|
case 1: /* network */
|
369 |
|
|
document.iform.natlocalid_address.disabled = 0;
|
370 |
|
|
if (address_is_blank) {
|
371 |
|
|
document.iform.natlocalid_netbits.value = bits;
|
372 |
|
|
}
|
373 |
|
|
document.iform.natlocalid_netbits.disabled = 0;
|
374 |
|
|
break;
|
375 |
|
|
case 3: /* none */
|
376 |
|
|
document.iform.natlocalid_address.disabled = 1;
|
377 |
|
|
document.iform.natlocalid_netbits.disabled = 1;
|
378 |
|
|
break;
|
379 |
|
|
default:
|
380 |
|
|
document.iform.natlocalid_address.value = "";
|
381 |
|
|
document.iform.natlocalid_address.disabled = 1;
|
382 |
|
|
if (address_is_blank) {
|
383 |
|
|
document.iform.natlocalid_netbits.value = 0;
|
384 |
|
|
}
|
385 |
|
|
document.iform.natlocalid_netbits.disabled = 1;
|
386 |
|
|
break;
|
387 |
|
|
}
|
388 |
|
|
}
|
389 |
|
|
|
390 |
a93e56c5
|
Matthew Grooms
|
function typesel_change_local(bits) {
|
391 |
c2feff64
|
Darren Embry
|
var value = document.iform.mode.options[index].value;
|
392 |
|
|
if (typeof(bits) === "undefined") {
|
393 |
|
|
if (value === "tunnel") {
|
394 |
|
|
bits = 24;
|
395 |
|
|
}
|
396 |
|
|
else if (value === "tunnel6") {
|
397 |
|
|
bits = 64;
|
398 |
|
|
}
|
399 |
|
|
}
|
400 |
|
|
var address_is_blank = !/\S/.test(document.iform.localid_address.value);
|
401 |
a93e56c5
|
Matthew Grooms
|
switch (document.iform.localid_type.selectedIndex) {
|
402 |
|
|
case 0: /* single */
|
403 |
|
|
document.iform.localid_address.disabled = 0;
|
404 |
c2feff64
|
Darren Embry
|
if (address_is_blank) {
|
405 |
|
|
document.iform.localid_netbits.value = 0;
|
406 |
|
|
}
|
407 |
a93e56c5
|
Matthew Grooms
|
document.iform.localid_netbits.disabled = 1;
|
408 |
|
|
break;
|
409 |
|
|
case 1: /* network */
|
410 |
|
|
document.iform.localid_address.disabled = 0;
|
411 |
c2feff64
|
Darren Embry
|
if (address_is_blank) {
|
412 |
|
|
document.iform.localid_netbits.value = bits;
|
413 |
|
|
}
|
414 |
a93e56c5
|
Matthew Grooms
|
document.iform.localid_netbits.disabled = 0;
|
415 |
|
|
break;
|
416 |
63017a73
|
Ermal Lu?i
|
case 3: /* none */
|
417 |
|
|
document.iform.localid_address.disabled = 1;
|
418 |
|
|
document.iform.localid_netbits.disabled = 1;
|
419 |
|
|
break;
|
420 |
a93e56c5
|
Matthew Grooms
|
default:
|
421 |
|
|
document.iform.localid_address.value = "";
|
422 |
|
|
document.iform.localid_address.disabled = 1;
|
423 |
c2feff64
|
Darren Embry
|
if (address_is_blank) {
|
424 |
|
|
document.iform.localid_netbits.value = 0;
|
425 |
|
|
}
|
426 |
a93e56c5
|
Matthew Grooms
|
document.iform.localid_netbits.disabled = 1;
|
427 |
|
|
break;
|
428 |
|
|
}
|
429 |
|
|
}
|
430 |
3462a529
|
Matthew Grooms
|
|
431 |
71880c96
|
pierrepomes
|
<?php if (!isset($pconfig['mobile'])): ?>
|
432 |
3462a529
|
Matthew Grooms
|
|
433 |
a93e56c5
|
Matthew Grooms
|
function typesel_change_remote(bits) {
|
434 |
c2feff64
|
Darren Embry
|
var value = document.iform.mode.options[index].value;
|
435 |
|
|
if (typeof(bits) === "undefined") {
|
436 |
|
|
if (value === "tunnel") {
|
437 |
|
|
bits = 24;
|
438 |
|
|
}
|
439 |
|
|
else if (value === "tunnel6") {
|
440 |
|
|
bits = 64;
|
441 |
|
|
}
|
442 |
|
|
}
|
443 |
|
|
var address_is_blank = !/\S/.test(document.iform.remoteid_address.value);
|
444 |
a93e56c5
|
Matthew Grooms
|
switch (document.iform.remoteid_type.selectedIndex) {
|
445 |
|
|
case 0: /* single */
|
446 |
|
|
document.iform.remoteid_address.disabled = 0;
|
447 |
c2feff64
|
Darren Embry
|
if (address_is_blank) {
|
448 |
|
|
document.iform.remoteid_netbits.value = 0;
|
449 |
|
|
}
|
450 |
a93e56c5
|
Matthew Grooms
|
document.iform.remoteid_netbits.disabled = 1;
|
451 |
|
|
break;
|
452 |
|
|
case 1: /* network */
|
453 |
|
|
document.iform.remoteid_address.disabled = 0;
|
454 |
c2feff64
|
Darren Embry
|
if (address_is_blank) {
|
455 |
|
|
document.iform.remoteid_netbits.value = bits;
|
456 |
|
|
}
|
457 |
a93e56c5
|
Matthew Grooms
|
document.iform.remoteid_netbits.disabled = 0;
|
458 |
|
|
break;
|
459 |
|
|
default:
|
460 |
|
|
document.iform.remoteid_address.value = "";
|
461 |
|
|
document.iform.remoteid_address.disabled = 1;
|
462 |
c2feff64
|
Darren Embry
|
if (address_is_blank) {
|
463 |
|
|
document.iform.remoteid_netbits.value = 0;
|
464 |
|
|
}
|
465 |
a93e56c5
|
Matthew Grooms
|
document.iform.remoteid_netbits.disabled = 1;
|
466 |
|
|
break;
|
467 |
|
|
}
|
468 |
|
|
}
|
469 |
3462a529
|
Matthew Grooms
|
|
470 |
|
|
<?php endif; ?>
|
471 |
|
|
|
472 |
4b96b367
|
mgrooms
|
function change_protocol() {
|
473 |
87e07f52
|
mgrooms
|
index = document.iform.proto.selectedIndex;
|
474 |
|
|
value = document.iform.proto.options[index].value;
|
475 |
|
|
if (value == 'esp')
|
476 |
|
|
document.getElementById('opt_enc').style.display = '';
|
477 |
|
|
else
|
478 |
|
|
document.getElementById('opt_enc').style.display = 'none';
|
479 |
|
|
}
|
480 |
|
|
|
481 |
3a50eb39
|
Colin Fleming
|
//]]>
|
482 |
a93e56c5
|
Matthew Grooms
|
</script>
|
483 |
5a3b0d3b
|
mgrooms
|
|
484 |
|
|
<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
|
485 |
|
|
|
486 |
|
|
<?php
|
487 |
|
|
if ($input_errors)
|
488 |
|
|
print_input_errors($input_errors);
|
489 |
|
|
?>
|
490 |
|
|
|
491 |
3a50eb39
|
Colin Fleming
|
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-2">
|
492 |
5a3b0d3b
|
mgrooms
|
<tr class="tabnavtbl">
|
493 |
|
|
<td id="tabnav">
|
494 |
|
|
<?php
|
495 |
|
|
$tab_array = array();
|
496 |
123929e0
|
Carlos Eduardo Ramos
|
$tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
|
497 |
|
|
$tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php");
|
498 |
2a2b247b
|
jim-p
|
$tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
|
499 |
71172088
|
jim-p
|
$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
|
500 |
5a3b0d3b
|
mgrooms
|
display_top_tabs($tab_array);
|
501 |
|
|
?>
|
502 |
|
|
</td>
|
503 |
|
|
</tr>
|
504 |
|
|
<tr>
|
505 |
|
|
<td id="mainarea">
|
506 |
|
|
<div class="tabcont">
|
507 |
3a50eb39
|
Colin Fleming
|
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
|
508 |
5a3b0d3b
|
mgrooms
|
<tr>
|
509 |
123929e0
|
Carlos Eduardo Ramos
|
<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
|
510 |
5a3b0d3b
|
mgrooms
|
<td width="78%" class="vtable">
|
511 |
3a50eb39
|
Colin Fleming
|
<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
|
512 |
123929e0
|
Carlos Eduardo Ramos
|
<strong><?=gettext("Disable this phase2 entry"); ?></strong>
|
513 |
8cd558b6
|
ayvis
|
<br />
|
514 |
123929e0
|
Carlos Eduardo Ramos
|
<span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
|
515 |
|
|
"removing it from the list"); ?>.
|
516 |
5a3b0d3b
|
mgrooms
|
</span>
|
517 |
|
|
</td>
|
518 |
|
|
</tr>
|
519 |
|
|
<tr>
|
520 |
123929e0
|
Carlos Eduardo Ramos
|
<td width="22%" valign="top" class="vncellreq"><?=gettext("Mode"); ?></td>
|
521 |
4b96b367
|
mgrooms
|
<td width="78%" class="vtable">
|
522 |
3a50eb39
|
Colin Fleming
|
<select name="mode" class="formselect" onchange="change_mode()">
|
523 |
4b96b367
|
mgrooms
|
<?php
|
524 |
|
|
foreach($p2_modes as $name => $value):
|
525 |
|
|
$selected = "";
|
526 |
|
|
if ($name == $pconfig['mode'])
|
527 |
3a50eb39
|
Colin Fleming
|
$selected = "selected=\"selected\"";
|
528 |
4b96b367
|
mgrooms
|
?>
|
529 |
|
|
<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
|
530 |
|
|
<?php endforeach; ?>
|
531 |
|
|
</select>
|
532 |
|
|
</td>
|
533 |
|
|
</tr>
|
534 |
|
|
<tr id="opt_localid">
|
535 |
123929e0
|
Carlos Eduardo Ramos
|
<td width="22%" valign="top" class="vncellreq"><?=gettext("Local Network"); ?></td>
|
536 |
5a3b0d3b
|
mgrooms
|
<td width="78%" class="vtable">
|
537 |
3a50eb39
|
Colin Fleming
|
<table border="0" cellspacing="0" cellpadding="0" summary="local network">
|
538 |
5a3b0d3b
|
mgrooms
|
<tr>
|
539 |
123929e0
|
Carlos Eduardo Ramos
|
<td><?=gettext("Type"); ?>: </td>
|
540 |
5a3b0d3b
|
mgrooms
|
<td></td>
|
541 |
|
|
<td>
|
542 |
3a50eb39
|
Colin Fleming
|
<select name="localid_type" class="formselect" onchange="typesel_change_local()">
|
543 |
|
|
<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected=\"selected\"";?>><?=gettext("Address"); ?></option>
|
544 |
|
|
<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected=\"selected\"";?>><?=gettext("Network"); ?></option>
|
545 |
d48dbceb
|
Erik Fonnesbeck
|
<?php
|
546 |
|
|
$iflist = get_configured_interface_with_descr();
|
547 |
|
|
foreach ($iflist as $ifname => $ifdescr):
|
548 |
|
|
?>
|
549 |
3a50eb39
|
Colin Fleming
|
<option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected=\"selected\"";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
|
550 |
d48dbceb
|
Erik Fonnesbeck
|
<?php endforeach; ?>
|
551 |
5a3b0d3b
|
mgrooms
|
</select>
|
552 |
|
|
</td>
|
553 |
|
|
</tr>
|
554 |
|
|
<tr>
|
555 |
11c160b0
|
Rafael Lucas
|
<td><?=gettext("Address:");?> </td>
|
556 |
5a3b0d3b
|
mgrooms
|
<td><?=$mandfldhtmlspc;?></td>
|
557 |
|
|
<td>
|
558 |
3a50eb39
|
Colin Fleming
|
<input name="localid_address" type="text" class="formfld unknown ipv4v6" id="localid_address" size="28" value="<?=htmlspecialchars($pconfig['localid_address']);?>" />
|
559 |
5a3b0d3b
|
mgrooms
|
/
|
560 |
6255beda
|
Darren Embry
|
<select name="localid_netbits" class="formselect ipv4v6" id="localid_netbits">
|
561 |
3795d067
|
Seth Mos
|
<?php for ($i = 128; $i >= 0; $i--): ?>
|
562 |
3a50eb39
|
Colin Fleming
|
<option value="<?=$i;?>" <?php if (isset($pconfig['localid_netbits']) && $i == $pconfig['localid_netbits']) echo "selected=\"selected\""; ?>>
|
563 |
5a3b0d3b
|
mgrooms
|
<?=$i;?>
|
564 |
|
|
</option>
|
565 |
|
|
<?php endfor; ?>
|
566 |
|
|
</select>
|
567 |
|
|
</td>
|
568 |
|
|
</tr>
|
569 |
3c107b76
|
Ermal
|
<tr> <td colspan="3">
|
570 |
8cd558b6
|
ayvis
|
<br />
|
571 |
3c107b76
|
Ermal
|
<?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?>
|
572 |
|
|
</td></tr>
|
573 |
|
|
<tr>
|
574 |
|
|
<td><?=gettext("Type"); ?>: </td>
|
575 |
|
|
<td></td>
|
576 |
|
|
<td>
|
577 |
3a50eb39
|
Colin Fleming
|
<select name="natlocalid_type" class="formselect" onchange="typesel_change_natlocal()">
|
578 |
|
|
<option value="address" <?php if ($pconfig['natlocalid_type'] == "address") echo "selected=\"selected\"";?>><?=gettext("Address"); ?></option>
|
579 |
|
|
<option value="network" <?php if ($pconfig['natlocalid_type'] == "network") echo "selected=\"selected\"";?>><?=gettext("Network"); ?></option>
|
580 |
3c107b76
|
Ermal
|
<?php
|
581 |
|
|
$iflist = get_configured_interface_with_descr();
|
582 |
|
|
foreach ($iflist as $ifname => $ifdescr):
|
583 |
|
|
?>
|
584 |
3a50eb39
|
Colin Fleming
|
<option value="<?=$ifname; ?>" <?php if ($pconfig['natlocalid_type'] == $ifname ) echo "selected=\"selected\"";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option>
|
585 |
3c107b76
|
Ermal
|
<?php endforeach; ?>
|
586 |
3a50eb39
|
Colin Fleming
|
<option value="none" <?php if (empty($pconfig['natlocalid_type']) || $pconfig['natlocalid_type'] == "none" ) echo "selected=\"selected\"";?>><?=gettext("None"); ?></option>
|
587 |
3c107b76
|
Ermal
|
</select>
|
588 |
|
|
</td>
|
589 |
|
|
</tr>
|
590 |
|
|
<tr>
|
591 |
|
|
<td><?=gettext("Address:");?> </td>
|
592 |
|
|
<td><?=$mandfldhtmlspc;?></td>
|
593 |
|
|
<td>
|
594 |
3a50eb39
|
Colin Fleming
|
<input name="natlocalid_address" type="text" class="formfld unknown ipv4v6" id="natlocalid_address" size="28" value="<?=htmlspecialchars($pconfig['natlocalid_address']);?>" />
|
595 |
3c107b76
|
Ermal
|
/
|
596 |
|
|
<select name="natlocalid_netbits" class="formselect ipv4v6" id="natlocalid_netbits">
|
597 |
|
|
<?php for ($i = 128; $i >= 0; $i--): ?>
|
598 |
3a50eb39
|
Colin Fleming
|
<option value="<?=$i;?>" <?php if (isset($pconfig['natlocalid_netbits']) && $i == $pconfig['natlocalid_netbits']) echo "selected=\"selected\""; ?>>
|
599 |
3c107b76
|
Ermal
|
<?=$i;?>
|
600 |
|
|
</option>
|
601 |
|
|
<?php endfor; ?>
|
602 |
|
|
</select>
|
603 |
|
|
</td>
|
604 |
|
|
</tr>
|
605 |
5a3b0d3b
|
mgrooms
|
</table>
|
606 |
|
|
</td>
|
607 |
|
|
</tr>
|
608 |
|
|
|
609 |
|
|
<?php if (!isset($pconfig['mobile'])): ?>
|
610 |
|
|
|
611 |
4b96b367
|
mgrooms
|
<tr id="opt_remoteid">
|
612 |
123929e0
|
Carlos Eduardo Ramos
|
<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
|
613 |
5a3b0d3b
|
mgrooms
|
<td width="78%" class="vtable">
|
614 |
3a50eb39
|
Colin Fleming
|
<table border="0" cellspacing="0" cellpadding="0" summary="remote network">
|
615 |
5a3b0d3b
|
mgrooms
|
<tr>
|
616 |
123929e0
|
Carlos Eduardo Ramos
|
<td><?=gettext("Type"); ?>: </td>
|
617 |
5a3b0d3b
|
mgrooms
|
<td></td>
|
618 |
|
|
<td>
|
619 |
3a50eb39
|
Colin Fleming
|
<select name="remoteid_type" class="formselect" onchange="typesel_change_remote()">
|
620 |
|
|
<option value="address" <?php if ($pconfig['remoteid_type'] == "address") echo "selected=\"selected\""; ?>><?=gettext("Address"); ?></option>
|
621 |
|
|
<option value="network" <?php if ($pconfig['remoteid_type'] == "network") echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
|
622 |
5a3b0d3b
|
mgrooms
|
</select>
|
623 |
|
|
</td>
|
624 |
|
|
</tr>
|
625 |
|
|
<tr>
|
626 |
123929e0
|
Carlos Eduardo Ramos
|
<td><?=gettext("Address"); ?>: </td>
|
627 |
5a3b0d3b
|
mgrooms
|
<td><?=$mandfldhtmlspc;?></td>
|
628 |
|
|
<td>
|
629 |
3a50eb39
|
Colin Fleming
|
<input name="remoteid_address" type="text" class="formfld unknown ipv4v6" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>" />
|
630 |
5a3b0d3b
|
mgrooms
|
/
|
631 |
6255beda
|
Darren Embry
|
<select name="remoteid_netbits" class="formselect ipv4v6" id="remoteid_netbits">
|
632 |
3795d067
|
Seth Mos
|
<?php for ($i = 128; $i >= 0; $i--) {
|
633 |
184d50b5
|
Ermal Lu?i
|
|
634 |
|
|
echo "<option value=\"{$i}\"";
|
635 |
3a50eb39
|
Colin Fleming
|
if (isset($pconfig['remoteid_netbits']) && $i == $pconfig['remoteid_netbits']) echo " selected=\"selected\"";
|
636 |
184d50b5
|
Ermal Lu?i
|
echo ">{$i}</option>\n";
|
637 |
|
|
} ?>
|
638 |
5a3b0d3b
|
mgrooms
|
</select>
|
639 |
|
|
</td>
|
640 |
|
|
</tr>
|
641 |
|
|
</table>
|
642 |
a93e56c5
|
Matthew Grooms
|
</td>
|
643 |
5a3b0d3b
|
mgrooms
|
</tr>
|
644 |
|
|
|
645 |
3462a529
|
Matthew Grooms
|
<?php endif; ?>
|
646 |
5a3b0d3b
|
mgrooms
|
|
647 |
|
|
<tr>
|
648 |
123929e0
|
Carlos Eduardo Ramos
|
<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
|
649 |
5a3b0d3b
|
mgrooms
|
<td width="78%" class="vtable">
|
650 |
3a50eb39
|
Colin Fleming
|
<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
|
651 |
8cd558b6
|
ayvis
|
<br />
|
652 |
5a3b0d3b
|
mgrooms
|
<span class="vexpl">
|
653 |
123929e0
|
Carlos Eduardo Ramos
|
<?=gettext("You may enter a description here " .
|
654 |
|
|
"for your reference (not parsed)"); ?>.
|
655 |
5a3b0d3b
|
mgrooms
|
</span>
|
656 |
|
|
</td>
|
657 |
|
|
</tr>
|
658 |
|
|
<tr>
|
659 |
|
|
<td colspan="2" class="list" height="12"></td>
|
660 |
|
|
</tr>
|
661 |
|
|
<tr>
|
662 |
|
|
<td colspan="2" valign="top" class="listtopic">
|
663 |
123929e0
|
Carlos Eduardo Ramos
|
<?=gettext("Phase 2 proposal (SA/Key Exchange)"); ?>
|
664 |
5a3b0d3b
|
mgrooms
|
</td>
|
665 |
|
|
</tr>
|
666 |
|
|
<tr>
|
667 |
123929e0
|
Carlos Eduardo Ramos
|
<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
|
668 |
5a3b0d3b
|
mgrooms
|
<td width="78%" class="vtable">
|
669 |
3a50eb39
|
Colin Fleming
|
<select name="proto" class="formselect" onchange="change_protocol()">
|
670 |
5a3b0d3b
|
mgrooms
|
<?php foreach ($p2_protos as $proto => $protoname): ?>
|
671 |
3a50eb39
|
Colin Fleming
|
<option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected=\"selected\""; ?>>
|
672 |
5a3b0d3b
|
mgrooms
|
<?=htmlspecialchars($protoname);?>
|
673 |
|
|
</option>
|
674 |
|
|
<?php endforeach; ?>
|
675 |
|
|
</select>
|
676 |
8cd558b6
|
ayvis
|
<br />
|
677 |
5a3b0d3b
|
mgrooms
|
<span class="vexpl">
|
678 |
123929e0
|
Carlos Eduardo Ramos
|
<?=gettext("ESP is encryption, AH is authentication only"); ?>
|
679 |
5a3b0d3b
|
mgrooms
|
</span>
|
680 |
|
|
</td>
|
681 |
|
|
</tr>
|
682 |
87e07f52
|
mgrooms
|
<tr id="opt_enc">
|
683 |
123929e0
|
Carlos Eduardo Ramos
|
<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithms"); ?></td>
|
684 |
5a3b0d3b
|
mgrooms
|
<td width="78%" class="vtable">
|
685 |
3a50eb39
|
Colin Fleming
|
<table border="0" cellspacing="0" cellpadding="0" summary="encryption">
|
686 |
5a3b0d3b
|
mgrooms
|
<?php
|
687 |
|
|
foreach ($p2_ealgos as $algo => $algodata):
|
688 |
|
|
$checked = '';
|
689 |
b20a5cdb
|
Pierre POMES
|
if (is_array($pconfig['ealgos']) && in_array($algo,$pconfig['ealgos']))
|
690 |
3a50eb39
|
Colin Fleming
|
$checked = " checked=\"checked\"";
|
691 |
5a3b0d3b
|
mgrooms
|
?>
|
692 |
|
|
<tr>
|
693 |
|
|
<td>
|
694 |
3a50eb39
|
Colin Fleming
|
<input type="checkbox" name="ealgos[]" value="<?=$algo;?>"<?=$checked?> />
|
695 |
5a3b0d3b
|
mgrooms
|
</td>
|
696 |
|
|
<td>
|
697 |
|
|
<?=htmlspecialchars($algodata['name']);?>
|
698 |
|
|
</td>
|
699 |
|
|
<td>
|
700 |
|
|
<?php if(is_array($algodata['keysel'])): ?>
|
701 |
|
|
|
702 |
|
|
<select name="keylen_<?=$algo;?>" class="formselect">
|
703 |
123929e0
|
Carlos Eduardo Ramos
|
<option value="auto"><?=gettext("auto"); ?></option>
|
704 |
5a3b0d3b
|
mgrooms
|
<?php
|
705 |
|
|
$key_hi = $algodata['keysel']['hi'];
|
706 |
|
|
$key_lo = $algodata['keysel']['lo'];
|
707 |
|
|
$key_step = $algodata['keysel']['step'];
|
708 |
|
|
for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
|
709 |
3a50eb39
|
Colin Fleming
|
$selected = "";
|
710 |
5a3b0d3b
|
mgrooms
|
// if ($checked && in_array("keylen_".$algo,$pconfig))
|
711 |
|
|
if ($keylen == $pconfig["keylen_".$algo])
|
712 |
3a50eb39
|
Colin Fleming
|
$selected = " selected=\"selected\"";
|
713 |
5a3b0d3b
|
mgrooms
|
?>
|
714 |
123929e0
|
Carlos Eduardo Ramos
|
<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
|
715 |
5a3b0d3b
|
mgrooms
|
<?php endfor; ?>
|
716 |
|
|
</select>
|
717 |
|
|
<?php endif; ?>
|
718 |
|
|
</td>
|
719 |
|
|
</tr>
|
720 |
|
|
|
721 |
|
|
<?php endforeach; ?>
|
722 |
|
|
|
723 |
|
|
</table>
|
724 |
8cd558b6
|
ayvis
|
<br />
|
725 |
123929e0
|
Carlos Eduardo Ramos
|
<?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
|
726 |
|
|
"crypto accelerator card. Blowfish is usually the fastest in " .
|
727 |
|
|
"software encryption"); ?>.
|
728 |
5a3b0d3b
|
mgrooms
|
</td>
|
729 |
|
|
</tr>
|
730 |
|
|
<tr>
|
731 |
123929e0
|
Carlos Eduardo Ramos
|
<td width="22%" valign="top" class="vncellreq"><?=gettext("Hash algorithms"); ?></td>
|
732 |
5a3b0d3b
|
mgrooms
|
<td width="78%" class="vtable">
|
733 |
|
|
<?php foreach ($p2_halgos as $algo => $algoname): ?>
|
734 |
3a50eb39
|
Colin Fleming
|
<input type="checkbox" name="halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['halgos'])) echo "checked=\"checked\""; ?> />
|
735 |
5a3b0d3b
|
mgrooms
|
<?=htmlspecialchars($algoname);?>
|
736 |
8cd558b6
|
ayvis
|
<br />
|
737 |
5a3b0d3b
|
mgrooms
|
<?php endforeach; ?>
|
738 |
|
|
</td>
|
739 |
|
|
</tr>
|
740 |
|
|
<tr>
|
741 |
123929e0
|
Carlos Eduardo Ramos
|
<td width="22%" valign="top" class="vncellreq"><?=gettext("PFS key group"); ?></td>
|
742 |
5a3b0d3b
|
mgrooms
|
<td width="78%" class="vtable">
|
743 |
|
|
<?php if (!isset($pconfig['mobile']) || !isset($a_client['pfs_group'])): ?>
|
744 |
|
|
<select name="pfsgroup" class="formselect">
|
745 |
|
|
<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
|
746 |
3a50eb39
|
Colin Fleming
|
<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected=\"selected\""; ?>>
|
747 |
5a3b0d3b
|
mgrooms
|
<?=htmlspecialchars($keygroupname);?>
|
748 |
|
|
</option>
|
749 |
|
|
<?php endforeach; ?>
|
750 |
|
|
</select>
|
751 |
8cd558b6
|
ayvis
|
<br />
|
752 |
5a3b0d3b
|
mgrooms
|
<?php else: ?>
|
753 |
|
|
|
754 |
3a50eb39
|
Colin Fleming
|
<select class="formselect" disabled="disabled">
|
755 |
|
|
<option selected="selected"><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
|
756 |
5a3b0d3b
|
mgrooms
|
</select>
|
757 |
3a50eb39
|
Colin Fleming
|
<input name="pfsgroup" type="hidden" value="<?=htmlspecialchars($pconfig['pfsgroup']);?>" />
|
758 |
8cd558b6
|
ayvis
|
<br />
|
759 |
123929e0
|
Carlos Eduardo Ramos
|
<span class="vexpl"><em><?=gettext("Set globally in mobile client options"); ?></em></span>
|
760 |
5a3b0d3b
|
mgrooms
|
<?php endif; ?>
|
761 |
|
|
</td>
|
762 |
|
|
</tr>
|
763 |
|
|
<tr>
|
764 |
123929e0
|
Carlos Eduardo Ramos
|
<td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td>
|
765 |
5a3b0d3b
|
mgrooms
|
<td width="78%" class="vtable">
|
766 |
3a50eb39
|
Colin Fleming
|
<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />
|
767 |
123929e0
|
Carlos Eduardo Ramos
|
<?=gettext("seconds"); ?>
|
768 |
5a3b0d3b
|
mgrooms
|
</td>
|
769 |
|
|
</tr>
|
770 |
87e07f52
|
mgrooms
|
<tr>
|
771 |
|
|
<td colspan="2" class="list" height="12"></td>
|
772 |
|
|
</tr>
|
773 |
|
|
<tr>
|
774 |
123929e0
|
Carlos Eduardo Ramos
|
<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td>
|
775 |
87e07f52
|
mgrooms
|
</tr>
|
776 |
|
|
<tr>
|
777 |
123929e0
|
Carlos Eduardo Ramos
|
<td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td>
|
778 |
87e07f52
|
mgrooms
|
<td width="78%" class="vtable">
|
779 |
3a50eb39
|
Colin Fleming
|
<input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="28" value="<?=htmlspecialchars($pconfig['pinghost']);?>" />
|
780 |
123929e0
|
Carlos Eduardo Ramos
|
<?=gettext("IP address"); ?>
|
781 |
87e07f52
|
mgrooms
|
</td>
|
782 |
|
|
</tr>
|
783 |
5a3b0d3b
|
mgrooms
|
<tr>
|
784 |
|
|
<td width="22%" valign="top"> </td>
|
785 |
|
|
<td width="78%">
|
786 |
|
|
<?php if ($pconfig['mobile']): ?>
|
787 |
3a50eb39
|
Colin Fleming
|
<input name="mobile" type="hidden" value="true" />
|
788 |
|
|
<input name="remoteid_type" type="hidden" value="mobile" />
|
789 |
5a3b0d3b
|
mgrooms
|
<?php endif; ?>
|
790 |
3a50eb39
|
Colin Fleming
|
<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
|
791 |
|
|
<input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" />
|
792 |
9b915686
|
Ermal
|
<input name="uniqid" type="hidden" value="<?=htmlspecialchars($pconfig['uniqid']);?>" />
|
793 |
5a3b0d3b
|
mgrooms
|
</td>
|
794 |
|
|
</tr>
|
795 |
|
|
</table>
|
796 |
|
|
</div>
|
797 |
|
|
</td>
|
798 |
|
|
</tr>
|
799 |
|
|
</table>
|
800 |
a93e56c5
|
Matthew Grooms
|
</form>
|
801 |
3a50eb39
|
Colin Fleming
|
<script type="text/javascript">
|
802 |
|
|
//<![CDATA[
|
803 |
dd5bf424
|
Scott Ullrich
|
change_mode('<?=htmlspecialchars($pconfig['mode'])?>');
|
804 |
|
|
change_protocol('<?=htmlspecialchars($pconfig['proto'])?>');
|
805 |
|
|
typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>);
|
806 |
3c107b76
|
Ermal
|
typesel_change_natlocal(<?=htmlspecialchars($pconfig['natlocalid_netbits'])?>);
|
807 |
71880c96
|
pierrepomes
|
<?php if (!isset($pconfig['mobile'])): ?>
|
808 |
dd5bf424
|
Scott Ullrich
|
typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>);
|
809 |
71880c96
|
pierrepomes
|
<?php endif; ?>
|
810 |
3a50eb39
|
Colin Fleming
|
//]]>
|
811 |
a93e56c5
|
Matthew Grooms
|
</script>
|
812 |
|
|
<?php include("fend.inc"); ?>
|
813 |
3462a529
|
Matthew Grooms
|
</body>
|
814 |
|
|
</html>
|
815 |
a93e56c5
|
Matthew Grooms
|
|
816 |
|
|
<?php
|
817 |
|
|
|
818 |
3462a529
|
Matthew Grooms
|
/* local utility functions */
|
819 |
|
|
|
820 |
a93e56c5
|
Matthew Grooms
|
function pconfig_to_ealgos(& $pconfig) {
|
821 |
|
|
global $p2_ealgos;
|
822 |
|
|
|
823 |
|
|
$ealgos = array();
|
824 |
b20a5cdb
|
Pierre POMES
|
if (is_array($pconfig['ealgos'])) {
|
825 |
|
|
foreach ($p2_ealgos as $algo_name => $algo_data) {
|
826 |
|
|
if (in_array($algo_name,$pconfig['ealgos'])) {
|
827 |
|
|
$ealg = array();
|
828 |
|
|
$ealg['name'] = $algo_name;
|
829 |
|
|
if (is_array($algo_data['keysel']))
|
830 |
|
|
$ealg['keylen'] = $_POST["keylen_".$algo_name];
|
831 |
|
|
$ealgos[] = $ealg;
|
832 |
|
|
}
|
833 |
a93e56c5
|
Matthew Grooms
|
}
|
834 |
|
|
}
|
835 |
|
|
|
836 |
|
|
return $ealgos;
|
837 |
|
|
}
|
838 |
|
|
|
839 |
|
|
function ealgos_to_pconfig(& $ealgos,& $pconfig) {
|
840 |
|
|
|
841 |
|
|
$pconfig['ealgos'] = array();
|
842 |
|
|
foreach ($ealgos as $algo_data) {
|
843 |
|
|
$pconfig['ealgos'][] = $algo_data['name'];
|
844 |
|
|
if (isset($algo_data['keylen']))
|
845 |
|
|
$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
|
846 |
|
|
}
|
847 |
|
|
|
848 |
|
|
return $ealgos;
|
849 |
|
|
}
|
850 |
|
|
|
851 |
|
|
function pconfig_to_idinfo($prefix,& $pconfig) {
|
852 |
|
|
|
853 |
|
|
$type = $pconfig[$prefix."id_type"];
|
854 |
|
|
$address = $pconfig[$prefix."id_address"];
|
855 |
|
|
$netbits = $pconfig[$prefix."id_netbits"];
|
856 |
|
|
|
857 |
|
|
switch( $type )
|
858 |
|
|
{
|
859 |
|
|
case "address":
|
860 |
|
|
return array('type' => $type, 'address' => $address);
|
861 |
|
|
case "network":
|
862 |
|
|
return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
|
863 |
|
|
default:
|
864 |
|
|
return array('type' => $type );
|
865 |
|
|
}
|
866 |
|
|
}
|
867 |
|
|
|
868 |
|
|
function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
|
869 |
|
|
|
870 |
|
|
switch( $idinfo['type'] )
|
871 |
|
|
{
|
872 |
|
|
case "address":
|
873 |
|
|
$pconfig[$prefix."id_type"] = $idinfo['type'];
|
874 |
|
|
$pconfig[$prefix."id_address"] = $idinfo['address'];
|
875 |
|
|
break;
|
876 |
|
|
case "network":
|
877 |
|
|
$pconfig[$prefix."id_type"] = $idinfo['type'];
|
878 |
|
|
$pconfig[$prefix."id_address"] = $idinfo['address'];
|
879 |
|
|
$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
|
880 |
|
|
break;
|
881 |
|
|
default:
|
882 |
|
|
$pconfig[$prefix."id_type"] = $idinfo['type'];
|
883 |
|
|
break;
|
884 |
|
|
}
|
885 |
|
|
}
|
886 |
|
|
|
887 |
|
|
?>
|