diff options
author | jim-p <jimp@pfsense.org> | 2014-04-25 12:13:12 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2014-04-25 12:13:12 -0400 |
commit | 711720886ed7883b9be22962723c157c65567313 (patch) | |
tree | 10c9e6bc5b36249d5efe2b961d02b1b24e029b87 | |
parent | 05e3936a27bcc2bfc106e15de95df8e0b7831552 (diff) | |
download | pfsense-711720886ed7883b9be22962723c157c65567313.zip pfsense-711720886ed7883b9be22962723c157c65567313.tar.gz |
Move the IPsec settings from System > Advanced, Misc tab to "Advanced Settings" tab under VPN > IPsec.
-rw-r--r-- | usr/local/www/system_advanced_misc.php | 124 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec.php | 1 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_keys.php | 1 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_mobile.php | 1 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 1 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 1 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 252 |
7 files changed, 259 insertions, 122 deletions
diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index 5f220a0..d583efd 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -47,7 +47,6 @@ require("guiconfig.inc"); require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); -require_once("ipsec.inc"); require_once("vpn.inc"); require_once("vslb.inc"); @@ -59,14 +58,6 @@ $pconfig['harddiskstandby'] = $config['system']['harddiskstandby']; $pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']); $pconfig['srctrack'] = $config['system']['srctrack']; $pconfig['gw_switch_default'] = isset($config['system']['gw_switch_default']); -$pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']); -foreach ($ipsec_loglevels as $lkey => $ldescr) { - if (!empty($config['ipsec']["ipsec_{$lkey}"])) - $pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"]; -} -$pconfig['failoverforcereload'] = isset($config['ipsec']['failoverforcereload']); -$pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); -$pconfig['maxmss'] = $config['system']['maxmss']; $pconfig['powerd_enable'] = isset($config['system']['powerd_enable']); $pconfig['crypto_hardware'] = $config['system']['crypto_hardware']; $pconfig['thermal_hardware'] = $config['system']['thermal_hardware']; @@ -76,7 +67,6 @@ $pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']); $pconfig['use_mfs_tmpvar'] = isset($config['system']['use_mfs_tmpvar']); $pconfig['use_mfs_tmp_size'] = $config['system']['use_mfs_tmp_size']; $pconfig['use_mfs_var_size'] = $config['system']['use_mfs_var_size']; -$pconfig['noinstalllanspd'] = $config['system']['noinstalllanspd']; $pconfig['pkg_nochecksig'] = isset($config['system']['pkg_nochecksig']); $pconfig['powerd_ac_mode'] = "hadp"; @@ -160,46 +150,11 @@ if ($_POST) { else unset($config['system']['gw_switch_default']); - if($_POST['preferoldsa_enable'] == "yes") - $config['ipsec']['preferoldsa'] = true; - elseif (isset($config['ipsec']['preferoldsa'])) - unset($config['ipsec']['preferoldsa']); - - if($_POST['failoverforcereload'] == "yes") - $config['ipsec']['failoverforcereload'] = true; - elseif (isset($config['ipsec']['failoverforcereload'])) - unset($config['ipsec']['failoverforcereload']); - - if (is_array($config['ipsec'])) { - foreach ($ipsec_loglevels as $lkey => $ldescr) { - if (empty($_POST["ipsec_{$lkey}"])) { - if (isset($config['ipsec']["ipsec_{$lkey}"])) - unset($config['ipsec']["ipsec_{$lkey}"]); - } else - $config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"]; - } - } - if($_POST['noinstalllanspd'] == "yes") { - if (!isset($pconfig['noinstalllanspd'])) - $config['system']['noinstalllanspd'] = true; - } else { - if (isset($config['system']['noinstalllanspd'])) - unset($config['system']['noinstalllanspd']); - } - if($_POST['pkg_nochecksig'] == "yes") $config['system']['pkg_nochecksig'] = true; elseif (isset($config['system']['pkg_nochecksig'])) unset($config['system']['pkg_nochecksig']); - if($_POST['maxmss_enable'] == "yes") { - $config['system']['maxmss_enable'] = true; - $config['system']['maxmss'] = $_POST['maxmss']; - } else { - unset($config['system']['maxmss_enable']); - unset($config['system']['maxmss']); - } - if($_POST['powerd_enable'] == "yes") $config['system']['powerd_enable'] = true; else @@ -263,9 +218,6 @@ if ($_POST) { activate_powerd(); load_crypto(); load_thermal_hardware(); - vpn_ipsec_configure_preferoldsa(); - vpn_ipsec_configure(); - vpn_ipsec_configure_loglevels(); if ($need_relayd_restart) relayd_configure(); } @@ -292,12 +244,6 @@ function sticky_checked(obj) { else jQuery('#srctrack').attr('disabled','true'); } -function maxmss_checked(obj) { - if (obj.checked) - jQuery('#maxmss').attr('disabled',false); - else - jQuery('#maxmss').attr('disabled','true'); -} function tmpvar_checked(obj) { if (obj.checked) { jQuery('#use_mfs_tmp_size').attr('disabled',false); @@ -511,75 +457,9 @@ function tmpvar_checked(obj) { <td colspan="2" valign="top" class="listtopic"><?=gettext("IP Security"); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("LAN security associsations"); ?></td> + <td width="22%" valign="top" class="vncell"> </td> <td width="78%" class="vtable"> - <input name="noinstalllanspd" type="checkbox" id="noinstalllanspd" value="yes" <?php if ($pconfig['noinstalllanspd']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Do not install LAN SPD"); ?></strong> - <br /> - <?=gettext("By default, if IPSec is enabled negating SPD are inserted to provide protection. " . - "This behaviour can be changed by enabling this setting which will prevent installing these SPDs."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Security Associations"); ?></td> - <td width="78%" class="vtable"> - <input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Prefer older IPsec SAs"); ?></strong> - <br /> - <?=gettext("By default, if several SAs match, the newest one is " . - "preferred if it's at least 30 seconds old. Select this " . - "option to always prefer old SAs over new ones."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Debug"); ?></td> - <td width="78%" class="vtable"> - <strong><?=gettext("Start IPSec in debug mode based on sections selected"); ?></strong> - <br /> - <table> - <?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=$ldescr;?></td> - <td width="78%" valign="top" class="vncell"> - <?php echo "<select name=\"ipsec_{$lkey}\" id=\"ipsec_{$lkey}\">\n"; - foreach (array("Silent", "Audit", "Control", "Diag", "Raw", "Highest") as $lidx => $lvalue) { - echo "<option value=\"{$lidx}\" "; - if ($pconfig["ipsec_{$lkey}"] == $lidx) - echo "selected=\"selected\""; - echo ">{$lvalue}</option>\n"; - } - ?> - </select> - </td> - </tr> - <?php endforeach; ?> - </table> - <br /><?=gettext("Launches IPSec in debug mode so that more verbose logs " . - "will be generated to aid in troubleshooting."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Reload on Failover"); ?></td> - <td width="78%" class="vtable"> - <input name="failoverforcereload" type="checkbox" id="failoverforcereload" value="yes" <?php if ($pconfig['failoverforcereload']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Force IPsec Reload on Failover"); ?></strong> - <br /> - <?=gettext("In some circumstances using a gateway group as the interface for " . - "an IPsec tunnel does not function properly, and IPsec must be forcefully reloaded " . - "when a failover occurs. Because this will disrupt all IPsec tunnels, this behavior" . - " is disabled by default. Check this box to force IPsec to fully reload on failover."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Maximum MSS"); ?></td> - <td width="78%" class="vtable"> - <input name="maxmss_enable" type="checkbox" id="maxmss_enable" value="yes" <?php if ($pconfig['maxmss_enable'] == true) echo "checked=\"checked\""; ?> onclick="maxmss_checked(this)" /> - <strong><?=gettext("Enable MSS clamping on VPN traffic"); ?></strong> - <br /> - <input name="maxmss" id="maxmss" value="<?php if ($pconfig['maxmss'] <> "") echo $pconfig['maxmss']; else "1400"; ?>" class="formfld unknown" <?php if ($pconfig['maxmss_enable'] == false) echo "disabled=\"disabled\""; ?> /> - <br /> - <?=gettext("Enable MSS clamping on TCP flows over VPN. " . - "This helps overcome problems with PMTUD on IPsec VPN links. If left blank, the default value is 1400 bytes. "); ?> + <?=gettext("These settings have moved to <a href=\"vpn_ipsec_settings.php\">VPN > IPsec on the Advanced Settings tab</a>."); ?> </td> </tr> <tr> diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index def7469..1d801aa 100644 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -138,6 +138,7 @@ include("head.inc"); $tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php"); $tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php"); $tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php"); + $tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php"); display_top_tabs($tab_array); ?> </td> diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php index 1f019fb..986a2a4 100644 --- a/usr/local/www/vpn_ipsec_keys.php +++ b/usr/local/www/vpn_ipsec_keys.php @@ -92,6 +92,7 @@ if (is_subsystem_dirty('ipsec')) $tab_array[0] = array(gettext("Tunnels"), false, "vpn_ipsec.php"); $tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php"); $tab_array[2] = array(gettext("Pre-Shared Keys"), true, "vpn_ipsec_keys.php"); + $tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php index 752d205..af281d9 100644 --- a/usr/local/www/vpn_ipsec_mobile.php +++ b/usr/local/www/vpn_ipsec_mobile.php @@ -345,6 +345,7 @@ function login_banner_change() { $tab_array[0] = array(gettext("Tunnels"), false, "vpn_ipsec.php"); $tab_array[1] = array(gettext("Mobile clients"), true, "vpn_ipsec_mobile.php"); $tab_array[2] = array(gettext("Pre-Shared Key"), false, "vpn_ipsec_keys.php"); + $tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php"); display_top_tabs($tab_array); ?> </td> diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index af00b38..f807e9e 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -506,6 +506,7 @@ function dpdchkbox_change() { $tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php"); $tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php"); $tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php"); + $tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php"); display_top_tabs($tab_array); ?> </td> diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 263f7a1..c18ae0c 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -495,6 +495,7 @@ function change_protocol() { $tab_array[0] = array(gettext("Tunnels"), true, "vpn_ipsec.php"); $tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php"); $tab_array[2] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php"); + $tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php"); display_top_tabs($tab_array); ?> </td> diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php new file mode 100644 index 0000000..b4a5201 --- /dev/null +++ b/usr/local/www/vpn_ipsec_settings.php @@ -0,0 +1,252 @@ +<?php +/* + vpn_ipsec_settings.php + + Copyright (C) 2014 Electric Sheep Fencing, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +##|+PRIV +##|*IDENT=page-vpn-ipsec-settings +##|*NAME=VPN: IPsec: Settings page +##|*DESCR=Allow access to the 'VPN: IPsec: Settings' page. +##|*MATCH=vpn_ipsec_settings.php* +##|-PRIV + +require("functions.inc"); +require("guiconfig.inc"); +require_once("filter.inc"); +require_once("shaper.inc"); +require_once("ipsec.inc"); +require_once("vpn.inc"); + +$pconfig['noinstalllanspd'] = $config['system']['noinstalllanspd']; +$pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']); +foreach ($ipsec_loglevels as $lkey => $ldescr) { + if (!empty($config['ipsec']["ipsec_{$lkey}"])) + $pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"]; +} +$pconfig['failoverforcereload'] = isset($config['ipsec']['failoverforcereload']); +$pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); +$pconfig['maxmss'] = $config['system']['maxmss']; + +if ($_POST['submit']) { + + unset($input_errors); + $pconfig = $_POST; + + if (!$input_errors) { + + if($_POST['noinstalllanspd'] == "yes") { + if (!isset($pconfig['noinstalllanspd'])) + $config['system']['noinstalllanspd'] = true; + } else { + if (isset($config['system']['noinstalllanspd'])) + unset($config['system']['noinstalllanspd']); + } + + if($_POST['preferoldsa_enable'] == "yes") + $config['ipsec']['preferoldsa'] = true; + elseif (isset($config['ipsec']['preferoldsa'])) + unset($config['ipsec']['preferoldsa']); + + if (is_array($config['ipsec'])) { + foreach ($ipsec_loglevels as $lkey => $ldescr) { + if (empty($_POST["ipsec_{$lkey}"])) { + if (isset($config['ipsec']["ipsec_{$lkey}"])) + unset($config['ipsec']["ipsec_{$lkey}"]); + } else + $config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"]; + } + } + + if($_POST['failoverforcereload'] == "yes") + $config['ipsec']['failoverforcereload'] = true; + elseif (isset($config['ipsec']['failoverforcereload'])) + unset($config['ipsec']['failoverforcereload']); + + if($_POST['maxmss_enable'] == "yes") { + $config['system']['maxmss_enable'] = true; + $config['system']['maxmss'] = $_POST['maxmss']; + } else { + unset($config['system']['maxmss_enable']); + unset($config['system']['maxmss']); + } + + write_config(); + + $retval = 0; + $retval = filter_configure(); + if(stristr($retval, "error") <> true) + $savemsg = get_std_save_message(gettext($retval)); + else + $savemsg = gettext($retval); + + vpn_ipsec_configure_preferoldsa(); + vpn_ipsec_configure(); + vpn_ipsec_configure_loglevels(); + +// header("Location: vpn_ipsec_settings.php"); +// return; + } +} + +$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Settings")); +$shortcut_section = "ipsec"; + +include("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> + +<script type="text/javascript"> +<!-- + +function maxmss_checked(obj) { + if (obj.checked) + jQuery('#maxmss').attr('disabled',false); + else + jQuery('#maxmss').attr('disabled','true'); +} + +//--> +</script> + +<form action="vpn_ipsec_settings.php" method="post" name="iform" id="iform"> + +<?php + if ($savemsg) + print_info_box($savemsg); + if ($input_errors) + print_input_errors($input_errors); +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabnavtbl"> + <?php + $tab_array = array(); + $tab_array[0] = array(gettext("Tunnels"), false, "vpn_ipsec.php"); + $tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php"); + $tab_array[2] = array(gettext("Pre-Shared Key"), false, "vpn_ipsec_keys.php"); + $tab_array[3] = array(gettext("Advanced Settings"), true, "vpn_ipsec_settings.php"); + display_top_tabs($tab_array); + ?> + </td> + </tr> + <tr> + <td id="mainarea"> + <div class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("IPSec Advanced Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("LAN security associsations"); ?></td> + <td width="78%" class="vtable"> + <input name="noinstalllanspd" type="checkbox" id="noinstalllanspd" value="yes" <?php if ($pconfig['noinstalllanspd']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Do not install LAN SPD"); ?></strong> + <br /> + <?=gettext("By default, if IPSec is enabled negating SPD are inserted to provide protection. " . + "This behaviour can be changed by enabling this setting which will prevent installing these SPDs."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Security Associations"); ?></td> + <td width="78%" class="vtable"> + <input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Prefer older IPsec SAs"); ?></strong> + <br /> + <?=gettext("By default, if several SAs match, the newest one is " . + "preferred if it's at least 30 seconds old. Select this " . + "option to always prefer old SAs over new ones."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Debug"); ?></td> + <td width="78%" class="vtable"> + <strong><?=gettext("Start IPSec in debug mode based on sections selected"); ?></strong> + <br /> + <table> + <?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=$ldescr;?></td> + <td width="78%" valign="top" class="vncell"> + <?php echo "<select name=\"ipsec_{$lkey}\" id=\"ipsec_{$lkey}\">\n"; + foreach (array("Silent", "Audit", "Control", "Diag", "Raw", "Highest") as $lidx => $lvalue) { + echo "<option value=\"{$lidx}\" "; + if ($pconfig["ipsec_{$lkey}"] == $lidx) + echo "selected=\"selected\""; + echo ">{$lvalue}</option>\n"; + } + ?> + </select> + </td> + </tr> + <?php endforeach; ?> + </table> + <br /><?=gettext("Launches IPSec in debug mode so that more verbose logs " . + "will be generated to aid in troubleshooting."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Reload on Failover"); ?></td> + <td width="78%" class="vtable"> + <input name="failoverforcereload" type="checkbox" id="failoverforcereload" value="yes" <?php if ($pconfig['failoverforcereload']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Force IPsec Reload on Failover"); ?></strong> + <br /> + <?=gettext("In some circumstances using a gateway group as the interface for " . + "an IPsec tunnel does not function properly, and IPsec must be forcefully reloaded " . + "when a failover occurs. Because this will disrupt all IPsec tunnels, this behavior" . + " is disabled by default. Check this box to force IPsec to fully reload on failover."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Maximum MSS"); ?></td> + <td width="78%" class="vtable"> + <input name="maxmss_enable" type="checkbox" id="maxmss_enable" value="yes" <?php if ($pconfig['maxmss_enable'] == true) echo "checked=\"checked\""; ?> onclick="maxmss_checked(this)" /> + <strong><?=gettext("Enable MSS clamping on VPN traffic"); ?></strong> + <br /> + <input name="maxmss" id="maxmss" value="<?php if ($pconfig['maxmss'] <> "") echo $pconfig['maxmss']; else "1400"; ?>" class="formfld unknown" <?php if ($pconfig['maxmss_enable'] == false) echo "disabled=\"disabled\""; ?> /> + <br /> + <?=gettext("Enable MSS clamping on TCP flows over VPN. " . + "This helps overcome problems with PMTUD on IPsec VPN links. If left blank, the default value is 1400 bytes. "); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> |