Révision fa4e059e
Ajouté par Ermal il y a plus de 9 ans
| usr/local/www/vpn_ipsec_phase1.php | ||
|---|---|---|
| 5 | 5 |
|
| 6 | 6 |
Copyright (C) 2008 Shrew Soft Inc |
| 7 | 7 |
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. |
| 8 |
Copyright (C) 2014 Ermal LUÇI |
|
| 8 | 9 |
All rights reserved. |
| 9 | 10 |
|
| 10 | 11 |
Redistribution and use in source and binary forms, with or without |
| ... | ... | |
| 79 | 80 |
else |
| 80 | 81 |
$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway']; |
| 81 | 82 |
|
| 82 |
$pconfig['iketype'] = $a_phase1[$p1index]['iketype']; |
|
| 83 |
if (empty($a_phase1[$p1index]['iketype'])) |
|
| 84 |
$pconfig['iketype'] = "ikev1"; |
|
| 85 |
else |
|
| 86 |
$pconfig['iketype'] = $a_phase1[$p1index]['iketype']; |
|
| 83 | 87 |
$pconfig['mode'] = $a_phase1[$p1index]['mode']; |
| 84 | 88 |
$pconfig['protocol'] = $a_phase1[$p1index]['protocol']; |
| 85 | 89 |
$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type']; |
| ... | ... | |
| 150 | 154 |
// Only require PSK here for normal PSK tunnels (not mobile) or xauth. |
| 151 | 155 |
// For RSA methods, require the CA/Cert. |
| 152 | 156 |
switch ($method) {
|
| 157 |
case "eap-tls": |
|
| 158 |
if ($pconfig['iketype'] != 'ikev2') |
|
| 159 |
$input_errors[] = gettext("EAP-TLS can only be used with IKEv2 type VPNs.");
|
|
| 160 |
break; |
|
| 153 | 161 |
case "pre_shared_key": |
| 154 | 162 |
// If this is a mobile PSK tunnel the user PSKs go on |
| 155 | 163 |
// the PSK tab, not here, so skip the check. |
| ... | ... | |
| 405 | 413 |
value = document.iform.authentication_method.options[index].value; |
| 406 | 414 |
|
| 407 | 415 |
switch (value) {
|
| 408 |
case 'hybrid_rsa_server': |
|
| 409 |
document.getElementById('opt_psk').style.display = 'none';
|
|
| 410 |
document.getElementById('opt_peerid').style.display = '';
|
|
| 411 |
document.getElementById('opt_cert').style.display = '';
|
|
| 412 |
document.getElementById('opt_ca').style.display = '';
|
|
| 413 |
document.getElementById('opt_cert').disabled = false;
|
|
| 414 |
document.getElementById('opt_ca').disabled = false;
|
|
| 415 |
break; |
|
| 416 |
case 'xauth_rsa_server': |
|
| 417 |
case 'rsasig': |
|
| 418 |
document.getElementById('opt_psk').style.display = 'none';
|
|
| 419 |
document.getElementById('opt_peerid').style.display = '';
|
|
| 420 |
document.getElementById('opt_cert').style.display = '';
|
|
| 421 |
document.getElementById('opt_ca').style.display = '';
|
|
| 422 |
document.getElementById('opt_cert').disabled = false;
|
|
| 423 |
document.getElementById('opt_ca').disabled = false;
|
|
| 424 |
break; |
|
| 416 |
case 'eap-tls': |
|
| 417 |
document.getElementById('opt_psk').style.display = 'none';
|
|
| 418 |
document.getElementById('opt_peerid').style.display = '';
|
|
| 419 |
document.getElementById('opt_cert').style.display = '';
|
|
| 420 |
document.getElementById('opt_ca').style.display = '';
|
|
| 421 |
document.getElementById('opt_cert').disabled = false;
|
|
| 422 |
document.getElementById('opt_ca').disabled = false;
|
|
| 423 |
break; |
|
| 424 |
case 'hybrid_rsa_server': |
|
| 425 |
document.getElementById('opt_psk').style.display = 'none';
|
|
| 426 |
document.getElementById('opt_peerid').style.display = '';
|
|
| 427 |
document.getElementById('opt_cert').style.display = '';
|
|
| 428 |
document.getElementById('opt_ca').style.display = '';
|
|
| 429 |
document.getElementById('opt_cert').disabled = false;
|
|
| 430 |
document.getElementById('opt_ca').disabled = false;
|
|
| 431 |
break; |
|
| 432 |
case 'xauth_rsa_server': |
|
| 433 |
case 'rsasig': |
|
| 434 |
document.getElementById('opt_psk').style.display = 'none';
|
|
| 435 |
document.getElementById('opt_peerid').style.display = '';
|
|
| 436 |
document.getElementById('opt_cert').style.display = '';
|
|
| 437 |
document.getElementById('opt_ca').style.display = '';
|
|
| 438 |
document.getElementById('opt_cert').disabled = false;
|
|
| 439 |
document.getElementById('opt_ca').disabled = false;
|
|
| 440 |
break; |
|
| 425 | 441 |
<?php if ($pconfig['mobile']) { ?>
|
| 426 |
case 'pre_shared_key':
|
|
| 427 |
document.getElementById('opt_psk').style.display = 'none';
|
|
| 428 |
document.getElementById('opt_peerid').style.display = 'none';
|
|
| 429 |
document.getElementById('opt_cert').style.display = 'none';
|
|
| 430 |
document.getElementById('opt_ca').style.display = 'none';
|
|
| 431 |
document.getElementById('opt_cert').disabled = true;
|
|
| 432 |
document.getElementById('opt_ca').disabled = true;
|
|
| 433 |
break;
|
|
| 442 |
case 'pre_shared_key': |
|
| 443 |
document.getElementById('opt_psk').style.display = 'none';
|
|
| 444 |
document.getElementById('opt_peerid').style.display = 'none';
|
|
| 445 |
document.getElementById('opt_cert').style.display = 'none';
|
|
| 446 |
document.getElementById('opt_ca').style.display = 'none';
|
|
| 447 |
document.getElementById('opt_cert').disabled = true;
|
|
| 448 |
document.getElementById('opt_ca').disabled = true;
|
|
| 449 |
break; |
|
| 434 | 450 |
<?php } ?> |
| 435 |
default: /* psk modes*/
|
|
| 436 |
document.getElementById('opt_psk').style.display = '';
|
|
| 437 |
document.getElementById('opt_peerid').style.display = '';
|
|
| 438 |
document.getElementById('opt_cert').style.display = 'none';
|
|
| 439 |
document.getElementById('opt_ca').style.display = 'none';
|
|
| 440 |
document.getElementById('opt_cert').disabled = true;
|
|
| 441 |
document.getElementById('opt_ca').disabled = true;
|
|
| 442 |
break;
|
|
| 451 |
default: /* psk modes*/ |
|
| 452 |
document.getElementById('opt_psk').style.display = '';
|
|
| 453 |
document.getElementById('opt_peerid').style.display = '';
|
|
| 454 |
document.getElementById('opt_cert').style.display = 'none';
|
|
| 455 |
document.getElementById('opt_ca').style.display = 'none';
|
|
| 456 |
document.getElementById('opt_cert').disabled = true;
|
|
| 457 |
document.getElementById('opt_ca').disabled = true;
|
|
| 458 |
break; |
|
| 443 | 459 |
} |
| 444 | 460 |
} |
| 445 | 461 |
|
| ... | ... | |
| 709 | 725 |
</span> |
| 710 | 726 |
</td> |
| 711 | 727 |
</tr> |
| 728 |
<tr id="opt_cert"> |
|
| 729 |
<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td>
|
|
| 730 |
<td width="78%" class="vtable"> |
|
| 731 |
<select name="certref" class="formselect"> |
|
| 732 |
<?php |
|
| 733 |
foreach ($config['cert'] as $cert): |
|
| 734 |
$selected = ""; |
|
| 735 |
if ($pconfig['certref'] == $cert['refid']) |
|
| 736 |
$selected = "selected=\"selected\""; |
|
| 737 |
?> |
|
| 738 |
<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option> |
|
| 739 |
<?php endforeach; ?> |
|
| 740 |
</select> |
|
| 741 |
<br /> |
|
| 742 |
<span class="vexpl"> |
|
| 743 |
<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>.
|
|
| 744 |
</span> |
|
| 745 |
</td> |
|
| 746 |
</tr> |
|
| 747 |
<tr id="opt_ca"> |
|
| 748 |
<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
|
|
| 749 |
<td width="78%" class="vtable"> |
|
| 750 |
<select name="caref" class="formselect"> |
|
| 751 |
<?php |
|
| 752 |
foreach ($config['ca'] as $ca): |
|
| 753 |
$selected = ""; |
|
| 754 |
if ($pconfig['caref'] == $ca['refid']) |
|
| 755 |
$selected = "selected=\"selected\""; |
|
| 756 |
?> |
|
| 757 |
<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> |
|
| 758 |
<?php endforeach; ?> |
|
| 759 |
</select> |
|
| 760 |
<br /> |
|
| 761 |
<span class="vexpl"> |
|
| 762 |
<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
|
|
| 763 |
</span> |
|
| 764 |
</td> |
|
| 765 |
</tr> |
|
| 766 |
<tr> |
|
| 767 |
<td colspan="2" valign="top" class="listtopic"> |
|
| 768 |
<?=gettext("Phase 1 proposal (Algorithms)"); ?>
|
|
| 769 |
</td> |
|
| 770 |
</tr> |
|
| 712 | 771 |
<tr> |
| 713 | 772 |
<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
|
| 714 | 773 |
<td width="78%" class="vtable"> |
| ... | ... | |
| 767 | 826 |
<?=gettext("seconds"); ?>
|
| 768 | 827 |
</td> |
| 769 | 828 |
</tr> |
| 770 |
<tr id="opt_cert"> |
|
| 771 |
<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td>
|
|
| 772 |
<td width="78%" class="vtable"> |
|
| 773 |
<select name="certref" class="formselect"> |
|
| 774 |
<?php |
|
| 775 |
foreach ($config['cert'] as $cert): |
|
| 776 |
$selected = ""; |
|
| 777 |
if ($pconfig['certref'] == $cert['refid']) |
|
| 778 |
$selected = "selected=\"selected\""; |
|
| 779 |
?> |
|
| 780 |
<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option> |
|
| 781 |
<?php endforeach; ?> |
|
| 782 |
</select> |
|
| 783 |
<br /> |
|
| 784 |
<span class="vexpl"> |
|
| 785 |
<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>.
|
|
| 786 |
</span> |
|
| 787 |
</td> |
|
| 788 |
</tr> |
|
| 789 |
<tr id="opt_ca"> |
|
| 790 |
<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
|
|
| 791 |
<td width="78%" class="vtable"> |
|
| 792 |
<select name="caref" class="formselect"> |
|
| 793 |
<?php |
|
| 794 |
foreach ($config['ca'] as $ca): |
|
| 795 |
$selected = ""; |
|
| 796 |
if ($pconfig['caref'] == $ca['refid']) |
|
| 797 |
$selected = "selected=\"selected\""; |
|
| 798 |
?> |
|
| 799 |
<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> |
|
| 800 |
<?php endforeach; ?> |
|
| 801 |
</select> |
|
| 802 |
<br /> |
|
| 803 |
<span class="vexpl"> |
|
| 804 |
<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
|
|
| 805 |
</span> |
|
| 806 |
</td> |
|
| 807 |
</tr> |
|
| 808 | 829 |
<tr> |
| 809 | 830 |
<td colspan="2" class="list" height="12"></td> |
| 810 | 831 |
</tr> |
Formats disponibles : Unified diff
Provide a first implementation of EAP-TLS authentication with IKEv2. It is a start and might not work on all cases