diff options
author | Stephen Beaver <sbeaver@netgate.com> | 2016-04-04 14:40:12 -0400 |
---|---|---|
committer | Stephen Beaver <sbeaver@netgate.com> | 2016-04-04 14:46:23 -0400 |
commit | 9573afa82f3cd2a6e76da3a32eb625aec559e876 (patch) | |
tree | 01915188b4b598028e87fe4e3f07a284058781e8 | |
parent | fee8ef4f55ed86935d82246ee1f28eb6a6e018f8 (diff) | |
download | pfsense-9573afa82f3cd2a6e76da3a32eb625aec559e876.zip pfsense-9573afa82f3cd2a6e76da3a32eb625aec559e876.tar.gz |
Fixed #6049
(cherry picked from commit 4260c32a42c6d0201737730a373e795703ca1141)
-rw-r--r-- | src/usr/local/www/status_ipsec.php | 822 |
1 files changed, 442 insertions, 380 deletions
diff --git a/src/usr/local/www/status_ipsec.php b/src/usr/local/www/status_ipsec.php index 21a6fa9..fe49d74 100644 --- a/src/usr/local/www/status_ipsec.php +++ b/src/usr/local/www/status_ipsec.php @@ -64,15 +64,16 @@ ##|*MATCH=status_ipsec.php* ##|-PRIV +require("guiconfig.inc"); +require_once("ipsec.inc"); global $g; -$pgtitle = array(gettext("Status"), gettext("IPsec"), gettext("Overview")); -$shortcut_section = "ipsec"; - -require("guiconfig.inc"); -include("head.inc"); -require_once("ipsec.inc"); +// If this is just an AJAX call to update the table body, just generate the body and quit +if ($_REQUEST['ajax']) { + print_ipsec_body(); + exit; +} if ($_GET['act'] == 'connect') { if (ctype_digit($_GET['ikeid'])) { @@ -111,430 +112,491 @@ if (!is_array($config['ipsec']['phase1'])) { $config['ipsec']['phase1'] = array(); } -$a_phase1 = &$config['ipsec']['phase1']; +// Table body is composed here so that it can be more easily updated via AJAX +function print_ipsec_body() { + global $config; -$status = ipsec_list_sa(); + $a_phase1 = &$config['ipsec']['phase1']; + $status = ipsec_list_sa(); + $ipsecconnected = array(); -$tab_array = array(); -$tab_array[] = array(gettext("Overview"), true, "status_ipsec.php"); -$tab_array[] = array(gettext("Leases"), false, "status_ipsec_leases.php"); -$tab_array[] = array(gettext("SADs"), false, "status_ipsec_sad.php"); -$tab_array[] = array(gettext("SPDs"), false, "status_ipsec_spd.php"); -display_top_tabs($tab_array); -?> + if (is_array($status)) { + foreach ($status as $ikeid => $ikesa) { + $con_id = substr($ikeid, 3); -<div class="panel panel-default"> - <div class="panel-heading"><h2 class="panel-title"><?=gettext("IPsec Status");?></h2></div> - <div class="panel-body table-responsive"> - <table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable> - <thead> - <tr> - <th><?=gettext("Description")?></th> - <th><?=gettext("Local ID")?></th> - <th><?=gettext("Local IP")?></th> - <th><?=gettext("Remote ID")?></th> - <th><?=gettext("Remote IP")?></th> - <th><?=gettext("Role")?></th> - <th><?=gettext("Reauth")?></th> - <th><?=gettext("Algo")?></th> - <th><?=gettext("Status")?></th> - <th></th> - </tr> - </thead> - <tbody> -<?php -$ipsecconnected = array(); + if ($ikesa['version'] == 1) { + $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00')); + $ipsecconnected[$ph1idx] = $ph1idx; + } else { + $ipsecconnected[$con_id] = $ph1idx = $con_id; + } -if (is_array($status)) { - foreach ($status as $ikeid => $ikesa) { - $con_id = substr($ikeid, 3); + print("<tr>\n"); + print("<td>\n"); + print(htmlspecialchars(ipsec_get_descr($ph1idx))); + print("</td>\n"); + print("<td>\n"); - if ($ikesa['version'] == 1) { - $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00')); - $ipsecconnected[$ph1idx] = $ph1idx; - } else { - $ipsecconnected[$con_id] = $ph1idx = $con_id; - } -?> - <tr> - <td> - <?=htmlspecialchars(ipsec_get_descr($ph1idx))?> - </td> - <td> -<?php - if (!empty($ikesa['local-id'])) { - if ($ikesa['local-id'] == '%any') { - print(gettext('Any identifier')); + if (!empty($ikesa['local-id'])) { + if ($ikesa['local-id'] == '%any') { + print(gettext('Any identifier')); + } else { + print(htmlspecialchars($ikesa['local-id'])); + } } else { - print(htmlspecialchars($ikesa['local-id'])); + print(gettext("Unknown")); } - } else { - print(gettext("Unknown")); - } -?> - </td> - <td> -<?php - if (!empty($ikesa['local-host'])) { - print(htmlspecialchars($ikesa['local-host'])); - } else { - print(gettext("Unknown")); - } - /* - * XXX: local-nat-t was defined by pfSense - * When strongswan team accepted the change, they changed it to - * nat-local. Keep both for a while and remove local-nat-t in - * the future - */ - if (isset($ikesa['local-nat-t']) || isset($ikesa['nat-local'])) { - print(" NAT-T"); - } -?> - </td> - <td> -<?php - $identity = ""; - if (!empty($ikesa['remote-id'])) { - if ($ikesa['remote-id'] == '%any') { - $identity = htmlspecialchars(gettext('Any identifier')); + print("</td>\n"); + print("<td>\n"); + + if (!empty($ikesa['local-host'])) { + print(htmlspecialchars($ikesa['local-host'])); } else { - $identity = htmlspecialchars($ikesa['remote-id']); + print(gettext("Unknown")); } - } - if (!empty($ikesa['remote-xauth-id'])) { - echo htmlspecialchars($ikesa['remote-xauth-id']); - echo "<br/>{$identity}"; - } elseif (!empty($ikesa['remote-eap-id'])) { - echo htmlspecialchars($ikesa['remote-eap-id']); - echo "<br/>{$identity}"; - } else { - if (empty($identity)) { + + /* + * XXX: local-nat-t was defined by pfSense + * When strongswan team accepted the change, they changed it to + * nat-local. Keep both for a while and remove local-nat-t in + * the future + */ + if (isset($ikesa['local-nat-t']) || isset($ikesa['nat-local'])) { + print("NAT-T"); + } + + print("</td>\n"); + print("<td>\n"); + + $identity = ""; + if (!empty($ikesa['remote-id'])) { + if ($ikesa['remote-id'] == '%any') { + $identity = htmlspecialchars(gettext('Any identifier')); + } else { + $identity = htmlspecialchars($ikesa['remote-id']); + } + } + + if (!empty($ikesa['remote-xauth-id'])) { + echo htmlspecialchars($ikesa['remote-xauth-id']); + echo "<br/>{$identity}"; + } elseif (!empty($ikesa['remote-eap-id'])) { + echo htmlspecialchars($ikesa['remote-eap-id']); + echo "<br/>{$identity}"; + } else { + if (empty($identity)) { + print(gettext("Unknown")); + } else { + print($identity); + } + } + + print("</td>\n"); + print("<td>\n"); + + if (!empty($ikesa['remote-host'])) { + print(htmlspecialchars($ikesa['remote-host'])); + } else { print(gettext("Unknown")); + } + /* + * XXX: remote-nat-t was defined by pfSense + * When strongswan team accepted the change, they changed it to + * nat-remote. Keep both for a while and remove remote-nat-t in + * the future + */ + if (isset($ikesa['remote-nat-t']) || isset($ikesa['nat-remote'])) { + print(" NAT-T"); + } + + print("</td>\n"); + print("<td>\n"); + print("IKEv" . htmlspecialchars($ikesa['version'])); + print("<br/>\n"); + + if ($ikesa['initiator'] == 'yes') { + print("initiator"); + } else { + print("responder"); + } + + print("</td>\n"); + print("<td>\n"); + print(htmlspecialchars($ikesa['reauth-time']) . gettext(" seconds (") . convert_seconds_to_hms($ikesa['reauth-time']) . ")"); + print("</td>\n"); + print("<td>\n"); + print(htmlspecialchars($ikesa['encr-alg'])); + print("<br/>"); + print(htmlspecialchars($ikesa['integ-alg'])); + print("<br/>"); + print(htmlspecialchars($ikesa['prf-alg'])); + print("<br/>\n"); + print(htmlspecialchars($ikesa['dh-group'])); + print("</td>\n"); + print("<td>\n"); + + if ($ikesa['state'] == 'ESTABLISHED') { + print('<span class="text-success">'); + } else { + print('<span>'); + } + + print(ucfirst(htmlspecialchars($ikesa['state']))); + print("<br/>" . htmlspecialchars($ikesa['established']) . gettext(" seconds (" . convert_seconds_to_hms($ikesa['established']) . ") ago")); + print("</span>"); + print("</td>\n"); + print("<td>\n"); + + if ($ikesa['state'] != 'ESTABLISHED') { + + print('<a href="status_ipsec.php?act=connect&ikeid=' . $con_id . '" class="btn btn-xs btn-success" data-toggle="tooltip" title="' . gettext("Connect VPN"). '" >'); + print('<i class="fa fa-sign-in icon-embed-btn"></i>'); + print(gettext("Connect VPN")); + print("</a>\n"); + } else { - print($identity); + + print('<a href="status_ipsec.php?act=ikedisconnect&ikeid=' . $con_id . '" class="btn btn-xs btn-danger" data-toggle="tooltip" title="' . gettext("Disconnect VPN") . '">'); + print('<i class="fa fa-trash icon-embed-btn"></i>'); + print(gettext("Disconnect")); + print("</a><br />\n"); + + } + + print("</td>\n"); + print("</tr>\n"); + print("<tr>\n"); + print("<td colspan = 10>\n"); + + if (is_array($ikesa['child-sas']) && (count($ikesa['child-sas']) > 0)) { + + print('<div id="btnchildsa-' . $ikeid . '">'); + print('<a type="button" onclick="show_childsa(\'childsa-' . $ikeid . '\',\'btnchildsa-' . $ikeid. '\');" class="btn btn-sm btn-info">'); + print('<i class="fa fa-plus-circle icon-embed-btn"></i>'); + print(gettext('Show child SA entries')); + print("</a>\n"); + print(" </div>\n"); + + print('<table class="table table-hover table-condensed" id="childsa-' . $ikeid . '" style="display:none">'); + print("<thead>\n"); + print('<tr class="bg-info">'); + print('<th><?=gettext("Local subnets")?></th>'); + print('<th><?=gettext("Local SPI(s)")?></th>'); + print('<th><?=gettext("Remote subnets")?></th>'); + print('<th><?=gettext("Times")?></th>'); + print('<th><?=gettext("Algo")?></th>'); + print('<th><?=gettext("Stats")?></th>'); + print('<th><!-- Buttons --></th>'); + print("</tr\n"); + print("</thead>\n"); + print("<tbody>\n"); + + foreach ($ikesa['child-sas'] as $childid => $childsa) { + print("<tr>"); + print("<td>\n"); + + if (is_array($childsa['local-ts'])) { + foreach ($childsa['local-ts'] as $lnets) { + print(htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />"); + } + } else { + print(gettext("Unknown")); + } + + print("</td>\n"); + print("<td>\n"); + + if (isset($childsa['spi-in'])) { + print(gettext("Local: ") . htmlspecialchars($childsa['spi-in'])); + } + + if (isset($childsa['spi-out'])) { + print('<br/>' . gettext('Remote: ') . htmlspecialchars($childsa['spi-out'])); + } + + print("</td>\n"); + print("<td>\n"); + + if (is_array($childsa['remote-ts'])) { + foreach ($childsa['remote-ts'] as $rnets) { + print(htmlspecialchars(ipsec_fixup_network($rnets)) . '<br />'); + } + } else { + print(gettext("Unknown")); + } + + print("</td>\n"); + print("<td>\n"); + + print(gettext("Rekey: ") . htmlspecialchars($childsa['rekey-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['rekey-time']) . ")"); + print('<br/>' . gettext('Life: ') . htmlspecialchars($childsa['life-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['life-time']) . ")"); + print('<br/>' . gettext('Install: ') .htmlspecialchars($childsa['install-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['install-time']) . ")"); + + + print("</td>\n"); + print("<td>\n"); + + print(htmlspecialchars($childsa['encr-alg']) . '<br/>'); + print(htmlspecialchars($childsa['integ-alg']) . '<br/>'); + + if (!empty($childsa['prf-alg'])) { + print(htmlspecialchars($childsa['prf-alg']) . '<br/>'); + } + + if (!empty($childsa['dh-group'])) { + print(htmlspecialchars($childsa['dh-group']) . '<br/>'); + } + + if (!empty($childsa['esn'])) { + print(htmlspecialchars($childsa['esn']) . '<br/>'); + } + + print(gettext("IPComp: ")); + if (!empty($childsa['cpi-in']) || !empty($childsa['cpi-out'])) { + print(htmlspecialchars($childsa['cpi-in']) . " " . htmlspecialchars($childsa['cpi-out'])); + } else { + print(gettext('none')); + } + + print("</td>\n"); + print("<td>\n"); + + print(gettext("Bytes-In: ") . htmlspecialchars(number_format($childsa['bytes-in'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-in'])) . ')<br/>'); + print(gettext("Packets-In: ") . htmlspecialchars(number_format($childsa['packets-in'])) . '<br/>'); + print(gettext("Bytes-Out: ") . htmlspecialchars(number_format($childsa['bytes-out'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-out'])) . ')<br/>'); + print(gettext("Packets-Out: ") . htmlspecialchars(number_format($childsa['packets-out'])) . '<br/>'); + + print("</td>\n"); + print("<td>\n"); + print('<a href="status_ipsec.php?act=childdisconnect&ikeid=' . $con_id . '&ikesaid=' . $childsa['uniqueid'] . '" class="btn btn-xs btn-warning" data-toggle="tooltip" title="' . gettext('Disconnect Child SA') . '">'); + print('<i class="fa fa-trash icon-embed-btn"></i>'); + print(gettext("Disconnect")); + print("</a>\n"); + print("</td>\n"); + print("</tr>\n"); + + } + + print("</tbody>\n"); + print(" </table>\n"); + print("</td>\n"); + print(" /tr>\n"); + } + + unset($con_id); } -?> - </td> - <td> -<?php - if (!empty($ikesa['remote-host'])) { - print(htmlspecialchars($ikesa['remote-host'])); - } else { - print(gettext("Unknown")); + + } + + $rgmap = array(); + foreach ($a_phase1 as $ph1ent) { + if (isset($ph1ent['disabled'])) { + continue; } - /* - * XXX: remote-nat-t was defined by pfSense - * When strongswan team accepted the change, they changed it to - * nat-remote. Keep both for a while and remove remote-nat-t in - * the future - */ - if (isset($ikesa['remote-nat-t']) || isset($ikesa['nat-remote'])) { - print(" NAT-T"); + + $rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway']; + + if ($ipsecconnected[$ph1ent['ikeid']]) { + continue; } -?> - </td> - <td> - IKEv<?=htmlspecialchars($ikesa['version'])?> - <br/> -<?php - if ($ikesa['initiator'] == 'yes') { - print("initiator"); + + print("<tr>\n"); + print("<td>\n"); + + print(htmlspecialchars($ph1ent['descr'])); + print("</td>\n"); + print("<td>\n"); + list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); + + if (empty($myid_data)) { + print(gettext("Unknown")); } else { - print("responder"); + print(htmlspecialchars($myid_data)); } -?> - </td> - <td> - <?=htmlspecialchars($ikesa['reauth-time']) . gettext(" seconds (") . convert_seconds_to_hms($ikesa['reauth-time']) . ")";?> - </td> - <td> - <?=htmlspecialchars($ikesa['encr-alg'])?> - <br/> - <?=htmlspecialchars($ikesa['integ-alg'])?> - <br/> - <?=htmlspecialchars($ikesa['prf-alg'])?> - <br/> - <?=htmlspecialchars($ikesa['dh-group'])?> - </td> - <td> -<?php - if ($ikesa['state'] == 'ESTABLISHED') { - print('<span class="text-success">'); + + print("</td>\n"); + print("<td>\n"); + $ph1src = ipsec_get_phase1_src($ph1ent); + + if (empty($ph1src)) { + print(gettext("Unknown")); } else { - print('<span>'); + print(htmlspecialchars($ph1src)); } -?> - <?=ucfirst(htmlspecialchars($ikesa['state']))?> - <br/><?=htmlspecialchars($ikesa['established']) . gettext(" seconds (" . convert_seconds_to_hms($ikesa['established']) . ") ago")?> - </span> - </td> - <td > -<?php - if ($ikesa['state'] != 'ESTABLISHED') { -?> - <a href="status_ipsec.php?act=connect&ikeid=<?=$con_id; ?>" class="btn btn-xs btn-success" data-toggle="tooltip" title="<?=gettext("Connect VPN");?>" > - <i class="fa fa-sign-in icon-embed-btn"></i> - <?=gettext("Connect VPN")?> - </a> -<?php + + print("</td>\n"); + print("<td>\n"); + + list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); + + if (empty($peerid_data)) { + print(gettext("Unknown")); } else { -?> - <a href="status_ipsec.php?act=ikedisconnect&ikeid=<?=$con_id; ?>" class="btn btn-xs btn-danger" data-toggle="tooltip" title="<?=gettext("Disconnect VPN");?>"> - <i class="fa fa-trash icon-embed-btn"></i> - <?=gettext("Disconnect")?> - </a><br /> -<?php + print(htmlspecialchars($peerid_data)); } -?> - </td> - </tr> - <tr> - <td colspan = 10> -<?php - if (is_array($ikesa['child-sas']) && (count($ikesa['child-sas']) > 0)) { -?> - <div id="btnchildsa-<?=$ikeid?>"> - <a type="button" onclick="show_childsa('childsa-<?=$ikeid?>','btnchildsa-<?=$ikeid?>');" class="btn btn-sm btn-info" /> - <i class="fa fa-plus-circle icon-embed-btn"></i> - <?=gettext('Show child SA entries')?> - </a> - </div> - - <table class="table table-hover table-condensed" id="childsa-<?=$ikeid?>" style="display:none"> - <thead> - <tr class="bg-info"> - <th><?=gettext("Local subnets")?></th> - <th><?=gettext("Local SPI(s)")?></th> - <th><?=gettext("Remote subnets")?></th> - <th><?=gettext("Times")?></th> - <th><?=gettext("Algo")?></th> - <th><?=gettext("Stats")?></th> - <th><!-- Buttons --></th> - </tr> - </thead> - <tbody> -<?php - foreach ($ikesa['child-sas'] as $childid => $childsa) { -?> - <tr> - <td> -<?php - if (is_array($childsa['local-ts'])) { - foreach ($childsa['local-ts'] as $lnets) { - print(htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />"); - } - } else { - print(gettext("Unknown")); - } -?> - </td> - <td> -<?php - if (isset($childsa['spi-in'])) { - print(gettext("Local: ") . htmlspecialchars($childsa['spi-in'])); - } + print(" </td>\n"); + print(" <td>\n"); + $ph1src = ipsec_get_phase1_dst($ph1ent); - if (isset($childsa['spi-out'])) { - print('<br/>' . gettext('Remote: ') . htmlspecialchars($childsa['spi-out'])); - } -?> - </td> - <td> -<?php - if (is_array($childsa['remote-ts'])) { - foreach ($childsa['remote-ts'] as $rnets) { - print(htmlspecialchars(ipsec_fixup_network($rnets)) . '<br />'); - } - } else { - print(gettext("Unknown")); - } -?> - </td> - <td> -<?php - print(gettext("Rekey: ") . htmlspecialchars($childsa['rekey-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['rekey-time']) . ")"); - print('<br/>' . gettext('Life: ') . htmlspecialchars($childsa['life-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['life-time']) . ")"); - print('<br/>' . gettext('Install: ') .htmlspecialchars($childsa['install-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['install-time']) . ")"); + if (empty($ph1src)) { + print(gettext("Unknown")); + } else { + print(htmlspecialchars($ph1src)); + } -?> - </td> - <td> -<?php - print(htmlspecialchars($childsa['encr-alg']) . '<br/>'); - print(htmlspecialchars($childsa['integ-alg']) . '<br/>'); + print("</td>\n"); + print("<td>\n"); + print("</td>\n"); + print("<td>\n"); + print("</td>\n"); + print("<td>\n"); + print("</td>\n"); - if (!empty($childsa['prf-alg'])) { - print(htmlspecialchars($childsa['prf-alg']) . '<br/>'); - } - if (!empty($childsa['dh-group'])) { - print(htmlspecialchars($childsa['dh-group']) . '<br/>'); - } - if (!empty($childsa['esn'])) { - print(htmlspecialchars($childsa['esn']) . '<br/>'); - } + if (isset($ph1ent['mobile'])) { - print(gettext("IPComp: ")); - if (!empty($childsa['cpi-in']) || !empty($childsa['cpi-out'])) { - print(htmlspecialchars($childsa['cpi-in']) . " " . htmlspecialchars($childsa['cpi-out'])); - } else { - print(gettext('none')); - } -?> - </td> - <td> -<?php - print(gettext("Bytes-In: ") . htmlspecialchars(number_format($childsa['bytes-in'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-in'])) . ')<br/>'); - print(gettext("Packets-In: ") . htmlspecialchars(number_format($childsa['packets-in'])) . '<br/>'); - print(gettext("Bytes-Out: ") . htmlspecialchars(number_format($childsa['bytes-out'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-out'])) . ')<br/>'); - print(gettext("Packets-Out: ") . htmlspecialchars(number_format($childsa['packets-out'])) . '<br/>'); -?> - </td> - <td> - <a href="status_ipsec.php?act=childdisconnect&ikeid=<?=$con_id; ?>&ikesaid=<?=$childsa['uniqueid']; ?>" class="btn btn-xs btn-warning" data-toggle="tooltip" title="<?=gettext('Disconnect Child SA')?>"> - <i class="fa fa-trash icon-embed-btn"></i> - <?=gettext("Disconnect")?> - </a> - </td> - </tr> -<?php - } -?> + print("<td>\n"); + print(gettext("Awaiting connections")); + print("</td>\n"); + print("<td>\n"); + print("</td>\n"); + print("</td>\n"); + } else { - </tbody> - </table> - </td> - </tr> -<?php - } + print("<td>\n"); + print(gettext("Disconnected")); + print("</td>\n"); + print("<td>\n"); + print('<a href="status_ipsec.php?act=connect&ikeid=' . $ph1ent['ikeid'] . '" class="btn btn-xs btn-success">'); + print('<i class="fa fa-sign-in icon-embed-btn"></i>'); + print(gettext("Connect VPN")); + print("</a>\n"); + print("</td>\n"); - unset($con_id); + } + print("</tr>\n"); } + unset($ipsecconnected, $phase1, $rgmap); } -$rgmap = array(); -foreach ($a_phase1 as $ph1ent) { - if (isset($ph1ent['disabled'])) { - continue; - } +$pgtitle = array(gettext("Status"), gettext("IPsec"), gettext("Overview")); +$shortcut_section = "ipsec"; - $rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway']; +include("head.inc"); - if ($ipsecconnected[$ph1ent['ikeid']]) { - continue; - } -?> - <tr> - <td> -<?php - print(htmlspecialchars($ph1ent['descr'])); -?> - </td> - <td> -<?php - list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); - if (empty($myid_data)) { - print(gettext("Unknown")); - } else { - print(htmlspecialchars($myid_data)); - } +$tab_array = array(); +$tab_array[] = array(gettext("Overview"), true, "status_ipsec.php"); +$tab_array[] = array(gettext("Leases"), false, "status_ipsec_leases.php"); +$tab_array[] = array(gettext("SADs"), false, "status_ipsec_sad.php"); +$tab_array[] = array(gettext("SPDs"), false, "status_ipsec_spd.php"); +display_top_tabs($tab_array); ?> - </td> - <td> -<?php - $ph1src = ipsec_get_phase1_src($ph1ent); - if (empty($ph1src)) { - print(gettext("Unknown")); - } else { - print(htmlspecialchars($ph1src)); - } -?> - </td> - <td> -<?php - list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); - if (empty($peerid_data)) { - print(gettext("Unknown")); - } else { - print(htmlspecialchars($peerid_data)); - } -?> - </td> - <td> -<?php - $ph1src = ipsec_get_phase1_dst($ph1ent); - if (empty($ph1src)) { - print(gettext("Unknown")); - } else { - print(htmlspecialchars($ph1src)); - } -?> - </td> - <td> - </td> - <td> - </td> - <td> - </td> -<?php - if (isset($ph1ent['mobile'])) { -?> - <td> - <?=gettext("Awaiting connections")?> - </td> - <td> - </td> -<?php - } else { -?> - <td> - <?=gettext("Disconnected")?> - </td> - <td > - <a href="status_ipsec.php?act=connect&ikeid=<?=$ph1ent['ikeid']; ?>" class="btn btn-xs btn-success"> - <i class="fa fa-sign-in icon-embed-btn"></i> - <?=gettext("Connect VPN")?> - </a> +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=gettext("IPsec Status");?></h2></div> + <div class="panel-body table-responsive"> + <table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable> + <thead> + <tr> + <th><?=gettext("Description")?></th> + <th><?=gettext("Local ID")?></th> + <th><?=gettext("Local IP")?></th> + <th><?=gettext("Remote ID")?></th> + <th><?=gettext("Remote IP")?></th> + <th><?=gettext("Role")?></th> + <th><?=gettext("Reauth")?></th> + <th><?=gettext("Algo")?></th> + <th><?=gettext("Status")?></th> + <th></th> + </tr> + </thead> + <tbody id="ipsec-body"> + <tr> + <td colspan="9"> + <?=print_info_box(gettext("Collecting IPSec status information"), warning, "")?> </td> -<?php - } -?> </tr> -<?php -} -unset($ipsecconnected, $phase1, $rgmap); -?> </tbody> </table> </div> </div> -<script type="text/javascript"> -//<![CDATA[ -function show_childsa(id, buttonid) { - document.getElementById(buttonid).innerHTML=''; - aodiv = document.getElementById(id); - aodiv.style.display = "table"; -} -//]]> -</script> - <?php unset($status); + if (ipsec_enabled()) { -?> -<div class="infoblock"> -<?php + print('<div class="infoblock">'); } else { -?> -<div class="infoblock blockopen"> -<?php + print('<div class="infoblock blockopen">'); } + print_info_box(sprintf(gettext('IPsec can be configured %1$shere%2$s.'), '<a href="vpn_ipsec.php">', '</a>'), 'info', false); ?> </div> + +<script type="text/javascript"> +//<![CDATA[ + +// Array in which to keep hte SA show/hide state +sa_open = new Array(); + +function show_childsa(id, buttonid) { + $('#' + id).show(); + $('#' + buttonid).hide(); + + // Record the ID of the SA we have revealed so that it can automatically be shown on AJAX reload + idnum = id.replace( /^\D+/g, ''); + sa_open[idnum] = true; +} + +events.push(function() { + ajax_lock = false; // Mutex so we don't make a call until the previous call is finished + sa_open = []; + + // Fetch the tbody contents from the server + function update_table() { + if (ajax_lock) { + return; + } + + ajax_lock = true; + + ajaxRequest = $.ajax( + { + url: "/status_ipsec.php", + type: "post", + data: { + ajax: "ajax" + } + } + ); + + // Deal with the results of the above ajax call + ajaxRequest.done(function (response, textStatus, jqXHR) { + $('#ipsec-body').html(response); + ajax_lock = false; + + // Check the sa_open array for SAs we have chosen to show + $('[id^=childsa-con]').each(function(idx) { + sa_idx = idx + 1; + + if (sa_open[sa_idx]) { + show_childsa("childsa-con" + sa_idx, "btnchildsa-con" + sa_idx); + } + }); + + // and do it again + setTimeout(update_table, 5000); + }); + } + + // Populate the tbody on page load + update_table(); +}); +//]]> +</script> + <?php include("foot.inc"); ?> |