diff options
author | jim-p <jimp@pfsense.org> | 2012-05-25 16:36:03 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-05-25 16:36:03 -0400 |
commit | bf3da811d3b8f664f6c60fd35f6954cab396225b (patch) | |
tree | dccf519bb9bc8080de162e00430176573361d41c /etc/inc/ipsec.inc | |
parent | 55cfe813d2c0421f7a72138b1266bf5d02137b12 (diff) | |
download | pfsense-bf3da811d3b8f664f6c60fd35f6954cab396225b.zip pfsense-bf3da811d3b8f664f6c60fd35f6954cab396225b.tar.gz |
List logged-in IPsec xauth users and provide a mechanism to disconnect them. Implements #1986
Conflicts:
usr/local/www/diag_ipsec.php
Diffstat (limited to 'etc/inc/ipsec.inc')
-rw-r--r-- | etc/inc/ipsec.inc | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 0bc15c4..fb65efb 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -466,6 +466,37 @@ function ipsec_dump_sad() return $sad; } +/* + * Return dump of mobile user list + */ +function ipsec_dump_mobile() { + $command = "/usr/local/sbin/racoonctl show-users"; + $fd = @popen($command, "r"); + $mobile = array(); + if ($fd) { + while (!feof($fd)) { + $user = array(); + $line = chop(fgets($fd)); + if (!$line) + continue; + if ($line == "User|Source|Destination|CreatedOn|SPI") + continue; + + // jim|192.168.20.243:4500|192.168.20.5:24146|2012-05-25 09:54:39|989d10e1e2d4eca4:7243830d5fd2afe7 + $linea = explode("|", trim($line)); + $user['username'] = $linea[0]; + $user['local'] = $linea[1]; + $user['remote'] = $linea[2]; + $user['logintime'] = $linea[3]; + $user['spi'] = $linea[4]; + $mobile[] = $user; + } + pclose($fd); + } + + return $mobile; +} + function ipsec_mobilekey_sort() { global $config; @@ -493,4 +524,10 @@ function ipsec_get_number_of_phase2($ikeid) { return $nbph2; } +function ipsec_disconnect_mobile($username) { + if (empty($username)) + return false; + exec("/usr/local/sbin/racoonctl logout-user " . escapeshellarg($username)); +} + ?> |