diff options
| author | Renato Botelho <renato@netgate.com> | 2017-07-31 16:33:33 -0300 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2017-07-31 16:33:33 -0300 |
| commit | 3919438729fb2451e14b1940a09b88c8bd785efb (patch) | |
| tree | 5c473ac157db2c20c4d954cdba0ac911d4e707e8 /src/usr/local | |
| parent | 16dec2f300369c67746c500fd9bb805c11c7cb18 (diff) | |
| parent | 376e6f6719e6463913045b233ca90d69254057ff (diff) | |
| download | pfsense-3919438729fb2451e14b1940a09b88c8bd785efb.zip pfsense-3919438729fb2451e14b1940a09b88c8bd785efb.tar.gz | |
Merge pull request #3770 from hamnur/master
Diffstat (limited to 'src/usr/local')
| -rw-r--r-- | src/usr/local/www/vpn_ipsec_phase1.php | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php index 44b6a30..b460991 100644 --- a/src/usr/local/www/vpn_ipsec_phase1.php +++ b/src/usr/local/www/vpn_ipsec_phase1.php @@ -112,9 +112,15 @@ if (isset($p1index) && $a_phase1[$p1index]) { if (isset($a_phase1[$p1index]['reauth_enable'])) { $pconfig['reauth_enable'] = true; } + if (isset($a_phase1[$p1index]['rekey_enable'])) { $pconfig['rekey_enable'] = true; } + + if ($a_phase1[$p1index]['margintime']) { + $pconfig['margintime'] = $a_phase1[$p1index]['margintime']; + } + if (isset($a_phase1[$p1index]['responderonly'])) { $pconfig['responderonly'] = true; } @@ -151,6 +157,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['halgo'] = "sha1"; $pconfig['dhgroup'] = "2"; $pconfig['lifetime'] = "28800"; + $pconfig['rekey_enable'] = true; $pconfig['nat_traversal'] = 'on'; $pconfig['mobike'] = 'off'; $pconfig['dpd_enable'] = true; @@ -238,6 +245,14 @@ if ($_POST['save']) { $input_errors[] = gettext("The P1 lifetime must be an integer."); } + if (!isset($pconfig['rekey_enable']) && $pconfig['margintime']) { + if(!is_numericint($pconfig['margintime'])){ + $input_errors[] = gettext("The margintime must be an integer."); + } else if(intval($pconfig['margintime']) >= intval($pconfig['lifetime'])){ + $input_errors[] = gettext("The margintime must be smaller than the P1 lifetime."); + } + } + if ($pconfig['remotegw']) { if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw'])) { $input_errors[] = gettext("A valid remote gateway address or host name must be specified."); @@ -466,12 +481,19 @@ if ($_POST['save']) { } else { unset($ph1ent['reauth_enable']); } + if (isset($pconfig['rekey_enable'])) { $ph1ent['rekey_enable'] = true; } else { unset($ph1ent['rekey_enable']); } + if (!isset($pconfig['rekey_enable'])) { + $ph1ent['margintime'] = $pconfig['margintime']; + } else { + unset($ph1ent['margintime']); + } + if (isset($pconfig['responderonly'])) { $ph1ent['responderonly'] = true; } else { @@ -830,6 +852,13 @@ $section->addInput(new Form_Checkbox( $pconfig['rekey_enable'] )); +$section->addInput(new Form_Input( + 'margintime', + 'Margintime (Seconds)', + 'number', + $pconfig['margintime'] +))->setHelp('How long before connection expiry or keying-channel expiry should attempt to negotiate a replacement begin.'); + $section->addInput(new Form_Checkbox( 'reauth_enable', 'Disable Reauth', @@ -1067,6 +1096,12 @@ events.push(function() { } } + function rekeychkbox_change() { + hide = $('#rekey_enable').prop('checked'); + + hideInput('margintime', hide); + } + function dpdchkbox_change() { hide = !$('#dpd_enable').prop('checked'); @@ -1090,6 +1125,11 @@ events.push(function() { // ---------- Monitor elements for change and call the appropriate display functions ---------- + // Enable Rekey + $('#rekey_enable').click(function () { + rekeychkbox_change(); + }); + // Enable DPD $('#dpd_enable').click(function () { dpdchkbox_change(); @@ -1131,6 +1171,7 @@ events.push(function() { iketype_change(); methodsel_change(); ealgosel_change(<?=$keyset?>); + rekeychkbox_change(); dpdchkbox_change(); // ---------- On initial page load ------------------------------------------------------------ |
