Révision fa4e059e
Ajouté par Ermal il y a plus de 9 ans
usr/local/www/vpn_ipsec_phase1.php | ||
---|---|---|
5 | 5 |
|
6 | 6 |
Copyright (C) 2008 Shrew Soft Inc |
7 | 7 |
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. |
8 |
Copyright (C) 2014 Ermal LUÇI |
|
8 | 9 |
All rights reserved. |
9 | 10 |
|
10 | 11 |
Redistribution and use in source and binary forms, with or without |
... | ... | |
79 | 80 |
else |
80 | 81 |
$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway']; |
81 | 82 |
|
82 |
$pconfig['iketype'] = $a_phase1[$p1index]['iketype']; |
|
83 |
if (empty($a_phase1[$p1index]['iketype'])) |
|
84 |
$pconfig['iketype'] = "ikev1"; |
|
85 |
else |
|
86 |
$pconfig['iketype'] = $a_phase1[$p1index]['iketype']; |
|
83 | 87 |
$pconfig['mode'] = $a_phase1[$p1index]['mode']; |
84 | 88 |
$pconfig['protocol'] = $a_phase1[$p1index]['protocol']; |
85 | 89 |
$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type']; |
... | ... | |
150 | 154 |
// Only require PSK here for normal PSK tunnels (not mobile) or xauth. |
151 | 155 |
// For RSA methods, require the CA/Cert. |
152 | 156 |
switch ($method) { |
157 |
case "eap-tls": |
|
158 |
if ($pconfig['iketype'] != 'ikev2') |
|
159 |
$input_errors[] = gettext("EAP-TLS can only be used with IKEv2 type VPNs."); |
|
160 |
break; |
|
153 | 161 |
case "pre_shared_key": |
154 | 162 |
// If this is a mobile PSK tunnel the user PSKs go on |
155 | 163 |
// the PSK tab, not here, so skip the check. |
... | ... | |
405 | 413 |
value = document.iform.authentication_method.options[index].value; |
406 | 414 |
|
407 | 415 |
switch (value) { |
408 |
case 'hybrid_rsa_server': |
|
409 |
document.getElementById('opt_psk').style.display = 'none'; |
|
410 |
document.getElementById('opt_peerid').style.display = ''; |
|
411 |
document.getElementById('opt_cert').style.display = ''; |
|
412 |
document.getElementById('opt_ca').style.display = ''; |
|
413 |
document.getElementById('opt_cert').disabled = false; |
|
414 |
document.getElementById('opt_ca').disabled = false; |
|
415 |
break; |
|
416 |
case 'xauth_rsa_server': |
|
417 |
case 'rsasig': |
|
418 |
document.getElementById('opt_psk').style.display = 'none'; |
|
419 |
document.getElementById('opt_peerid').style.display = ''; |
|
420 |
document.getElementById('opt_cert').style.display = ''; |
|
421 |
document.getElementById('opt_ca').style.display = ''; |
|
422 |
document.getElementById('opt_cert').disabled = false; |
|
423 |
document.getElementById('opt_ca').disabled = false; |
|
424 |
break; |
|
416 |
case 'eap-tls': |
|
417 |
document.getElementById('opt_psk').style.display = 'none'; |
|
418 |
document.getElementById('opt_peerid').style.display = ''; |
|
419 |
document.getElementById('opt_cert').style.display = ''; |
|
420 |
document.getElementById('opt_ca').style.display = ''; |
|
421 |
document.getElementById('opt_cert').disabled = false; |
|
422 |
document.getElementById('opt_ca').disabled = false; |
|
423 |
break; |
|
424 |
case 'hybrid_rsa_server': |
|
425 |
document.getElementById('opt_psk').style.display = 'none'; |
|
426 |
document.getElementById('opt_peerid').style.display = ''; |
|
427 |
document.getElementById('opt_cert').style.display = ''; |
|
428 |
document.getElementById('opt_ca').style.display = ''; |
|
429 |
document.getElementById('opt_cert').disabled = false; |
|
430 |
document.getElementById('opt_ca').disabled = false; |
|
431 |
break; |
|
432 |
case 'xauth_rsa_server': |
|
433 |
case 'rsasig': |
|
434 |
document.getElementById('opt_psk').style.display = 'none'; |
|
435 |
document.getElementById('opt_peerid').style.display = ''; |
|
436 |
document.getElementById('opt_cert').style.display = ''; |
|
437 |
document.getElementById('opt_ca').style.display = ''; |
|
438 |
document.getElementById('opt_cert').disabled = false; |
|
439 |
document.getElementById('opt_ca').disabled = false; |
|
440 |
break; |
|
425 | 441 |
<?php if ($pconfig['mobile']) { ?> |
426 |
case 'pre_shared_key':
|
|
427 |
document.getElementById('opt_psk').style.display = 'none';
|
|
428 |
document.getElementById('opt_peerid').style.display = 'none';
|
|
429 |
document.getElementById('opt_cert').style.display = 'none';
|
|
430 |
document.getElementById('opt_ca').style.display = 'none';
|
|
431 |
document.getElementById('opt_cert').disabled = true;
|
|
432 |
document.getElementById('opt_ca').disabled = true;
|
|
433 |
break;
|
|
442 |
case 'pre_shared_key': |
|
443 |
document.getElementById('opt_psk').style.display = 'none'; |
|
444 |
document.getElementById('opt_peerid').style.display = 'none'; |
|
445 |
document.getElementById('opt_cert').style.display = 'none'; |
|
446 |
document.getElementById('opt_ca').style.display = 'none'; |
|
447 |
document.getElementById('opt_cert').disabled = true; |
|
448 |
document.getElementById('opt_ca').disabled = true; |
|
449 |
break; |
|
434 | 450 |
<?php } ?> |
435 |
default: /* psk modes*/
|
|
436 |
document.getElementById('opt_psk').style.display = '';
|
|
437 |
document.getElementById('opt_peerid').style.display = '';
|
|
438 |
document.getElementById('opt_cert').style.display = 'none';
|
|
439 |
document.getElementById('opt_ca').style.display = 'none';
|
|
440 |
document.getElementById('opt_cert').disabled = true;
|
|
441 |
document.getElementById('opt_ca').disabled = true;
|
|
442 |
break;
|
|
451 |
default: /* psk modes*/ |
|
452 |
document.getElementById('opt_psk').style.display = ''; |
|
453 |
document.getElementById('opt_peerid').style.display = ''; |
|
454 |
document.getElementById('opt_cert').style.display = 'none'; |
|
455 |
document.getElementById('opt_ca').style.display = 'none'; |
|
456 |
document.getElementById('opt_cert').disabled = true; |
|
457 |
document.getElementById('opt_ca').disabled = true; |
|
458 |
break; |
|
443 | 459 |
} |
444 | 460 |
} |
445 | 461 |
|
... | ... | |
709 | 725 |
</span> |
710 | 726 |
</td> |
711 | 727 |
</tr> |
728 |
<tr id="opt_cert"> |
|
729 |
<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td> |
|
730 |
<td width="78%" class="vtable"> |
|
731 |
<select name="certref" class="formselect"> |
|
732 |
<?php |
|
733 |
foreach ($config['cert'] as $cert): |
|
734 |
$selected = ""; |
|
735 |
if ($pconfig['certref'] == $cert['refid']) |
|
736 |
$selected = "selected=\"selected\""; |
|
737 |
?> |
|
738 |
<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option> |
|
739 |
<?php endforeach; ?> |
|
740 |
</select> |
|
741 |
<br /> |
|
742 |
<span class="vexpl"> |
|
743 |
<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>. |
|
744 |
</span> |
|
745 |
</td> |
|
746 |
</tr> |
|
747 |
<tr id="opt_ca"> |
|
748 |
<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td> |
|
749 |
<td width="78%" class="vtable"> |
|
750 |
<select name="caref" class="formselect"> |
|
751 |
<?php |
|
752 |
foreach ($config['ca'] as $ca): |
|
753 |
$selected = ""; |
|
754 |
if ($pconfig['caref'] == $ca['refid']) |
|
755 |
$selected = "selected=\"selected\""; |
|
756 |
?> |
|
757 |
<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> |
|
758 |
<?php endforeach; ?> |
|
759 |
</select> |
|
760 |
<br /> |
|
761 |
<span class="vexpl"> |
|
762 |
<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>. |
|
763 |
</span> |
|
764 |
</td> |
|
765 |
</tr> |
|
766 |
<tr> |
|
767 |
<td colspan="2" valign="top" class="listtopic"> |
|
768 |
<?=gettext("Phase 1 proposal (Algorithms)"); ?> |
|
769 |
</td> |
|
770 |
</tr> |
|
712 | 771 |
<tr> |
713 | 772 |
<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td> |
714 | 773 |
<td width="78%" class="vtable"> |
... | ... | |
767 | 826 |
<?=gettext("seconds"); ?> |
768 | 827 |
</td> |
769 | 828 |
</tr> |
770 |
<tr id="opt_cert"> |
|
771 |
<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate"); ?></td> |
|
772 |
<td width="78%" class="vtable"> |
|
773 |
<select name="certref" class="formselect"> |
|
774 |
<?php |
|
775 |
foreach ($config['cert'] as $cert): |
|
776 |
$selected = ""; |
|
777 |
if ($pconfig['certref'] == $cert['refid']) |
|
778 |
$selected = "selected=\"selected\""; |
|
779 |
?> |
|
780 |
<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option> |
|
781 |
<?php endforeach; ?> |
|
782 |
</select> |
|
783 |
<br /> |
|
784 |
<span class="vexpl"> |
|
785 |
<?=gettext("Select a certificate previously configured in the Certificate Manager"); ?>. |
|
786 |
</span> |
|
787 |
</td> |
|
788 |
</tr> |
|
789 |
<tr id="opt_ca"> |
|
790 |
<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td> |
|
791 |
<td width="78%" class="vtable"> |
|
792 |
<select name="caref" class="formselect"> |
|
793 |
<?php |
|
794 |
foreach ($config['ca'] as $ca): |
|
795 |
$selected = ""; |
|
796 |
if ($pconfig['caref'] == $ca['refid']) |
|
797 |
$selected = "selected=\"selected\""; |
|
798 |
?> |
|
799 |
<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> |
|
800 |
<?php endforeach; ?> |
|
801 |
</select> |
|
802 |
<br /> |
|
803 |
<span class="vexpl"> |
|
804 |
<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>. |
|
805 |
</span> |
|
806 |
</td> |
|
807 |
</tr> |
|
808 | 829 |
<tr> |
809 | 830 |
<td colspan="2" class="list" height="12"></td> |
810 | 831 |
</tr> |
Formats disponibles : Unified diff
Provide a first implementation of EAP-TLS authentication with IKEv2. It is a start and might not work on all cases