diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-25 08:08:24 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-25 14:49:54 -0300 |
commit | 46bc6e545a17e77202aaf01ec0cd8d5a46567525 (patch) | |
tree | 32d18dda436ec739c67c489ceb771e8629cd926f /usr/local/www/diag_ipsec.php | |
parent | 4d9801c2dbd2b3e54a39578ee62b93af66607227 (diff) | |
download | pfsense-46bc6e545a17e77202aaf01ec0cd8d5a46567525.zip pfsense-46bc6e545a17e77202aaf01ec0cd8d5a46567525.tar.gz |
Move main pfSense content to src/
Diffstat (limited to 'usr/local/www/diag_ipsec.php')
-rw-r--r-- | usr/local/www/diag_ipsec.php | 555 |
1 files changed, 0 insertions, 555 deletions
diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php deleted file mode 100644 index 96c6835..0000000 --- a/usr/local/www/diag_ipsec.php +++ /dev/null @@ -1,555 +0,0 @@ -<?php -/* $Id$ */ -/* - diag_ipsec.php - Copyright (C) 2004-2009 Scott Ullrich - Copyright (C) 2008 Shrew Soft Inc <mgrooms@shrew.net>. - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Parts of this code was originally based on vpn_ipsec_sad.php - Copyright (C) 2003-2004 Manuel Kasper - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - pfSense_MODULE: ipsec -*/ - -##|+PRIV -##|*IDENT=page-status-ipsec -##|*NAME=Status: IPsec page -##|*DESCR=Allow access to the 'Status: IPsec' page. -##|*MATCH=diag_ipsec.php* -##|-PRIV - - -global $g; - -$pgtitle = array(gettext("Status"), gettext("IPsec")); -$shortcut_section = "ipsec"; - -require("guiconfig.inc"); -include("head.inc"); -require("ipsec.inc"); - -if ($_GET['act'] == 'connect') { - if (ctype_digit($_GET['ikeid'])) { - $ph1ent = ipsec_get_phase1($_GET['ikeid']); - if (!empty($ph1ent)) { - if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == 'ikev1') { - $ph2entries = ipsec_get_number_of_phase2($_GET['ikeid']); - for ($i = 0; $i < $ph2entries; $i++) { - $connid = escapeshellarg("con{$_GET['ikeid']}00{$i}"); - mwexec("/usr/local/sbin/ipsec down {$connid}"); - mwexec("/usr/local/sbin/ipsec up {$connid}"); - } - } else { - mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid'])); - mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid'])); - } - } - } -} else if ($_GET['act'] == 'ikedisconnect') { - if (ctype_digit($_GET['ikeid'])) { - if (!empty($_GET['ikesaid']) && ctype_digit($_GET['ikesaid'])) { - mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']) . "[" . escapeshellarg($_GET['ikesaid']) . "]"); - } else { - mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid'])); - } - } -} else if ($_GET['act'] == 'childdisconnect') { - if (ctype_digit($_GET['ikeid'])) { - if (!empty($_GET['ikesaid']) && ctype_digit($_GET['ikesaid'])) { - mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']) . "{" . escapeshellarg($_GET['ikesaid']) . "}"); - } - } -} - -if (!is_array($config['ipsec']['phase1'])) { - $config['ipsec']['phase1'] = array(); -} - -$a_phase1 = &$config['ipsec']['phase1']; - -$status = ipsec_smp_dump_status(); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?php echo $jsevents["body"]["onload"]; ?>"> -<?php include("fbegin.inc"); ?> -<div id="inputerrors"></div> -<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="status ipsec"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Overview"), true, "diag_ipsec.php"); - $tab_array[1] = array(gettext("Leases"), false, "diag_ipsec_leases.php"); - $tab_array[2] = array(gettext("SAD"), false, "diag_ipsec_sad.php"); - $tab_array[3] = array(gettext("SPD"), false, "diag_ipsec_spd.php"); - $tab_array[4] = array(gettext("Logs"), false, "diag_logs_ipsec.php"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" class="tabcont sortable" summary="status"> - <thead> - <tr> - <th class="listhdrr nowrap"><?php echo gettext("Description");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Local ID");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Local IP");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Remote ID");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Remote IP");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Role");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Reauth");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Algo");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Status");?></th> - <th class="list nowrap"></th> - </tr> - </thead> - <tbody> -<?php - $ipsecconnected = array(); - if (is_array($status['query']) && is_array($status['query']['ikesalist']) && is_array($status['query']['ikesalist']['ikesa'])): - foreach ($status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa): - $con_id = substr($ikesa['peerconfig'], 3); - if ($ikesa['version'] == 1) { - $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00')); - $ipsecconnected[$ph1idx] = $ph1idx; - } else { - $ipsecconnected[$con_id] = $ph1idx = $con_id; - } - - if (ipsec_phase1_status($status['query']['ikesalist']['ikesa'], $ikesa['id'])) { - $icon = "pass"; - } elseif (!isset($config['ipsec']['enable'])) { - $icon = "block"; - } else { - $icon = "reject"; - } -?> - <tr> - <td class="listlr"> -<?php - echo htmlspecialchars(ipsec_get_descr($ph1idx)); -?> - </td> - <td class="listr"> -<?php - if (!is_array($ikesa['local'])) { - echo gettext("Unknown"); - } else { - if (!empty($ikesa['local']['identification'])) { - if ($ikesa['local']['identification'] == '%any') { - echo gettext('Any identifier'); - } else { - echo htmlspecialchars($ikesa['local']['identification']); - } - } else { - echo gettext("Unknown"); - } - } -?> - </td> - <td class="listr"> -<?php - if (!is_array($ikesa['local'])) { - echo gettext("Unknown"); - } else { - if (!empty($ikesa['local']['address'])) { - echo htmlspecialchars($ikesa['local']['address']) . '<br/>' . - gettext('Port: ') . htmlspecialchars($ikesa['local']['port']); - } else { - echo gettext("Unknown"); - } - if ($ikesa['local']['port'] == '4500') { - echo " NAT-T"; - } - } -?> - </td> - <td class="listr"> -<?php - if (!is_array($ikesa['remote'])) { - echo gettext("Unknown"); - } else { - $identity = ""; - if (!empty($ikesa['remote']['identification'])) { - if ($ikesa['remote']['identification'] == '%any') { - $identity = 'Any identifier'; - } else { - $identity = htmlspecialchars($ikesa['remote']['identification']); - } - } - - if (is_array($ikesa['remote']['auth']) && !empty($ikesa['remote']['auth'][0]['identity'])) { - echo htmlspecialchars($ikesa['remote']['auth'][0]['identity']); - echo "<br/>{$identity}"; - } else { - if (empty($identity)) { - echo gettext("Unknown"); - } else { - echo $identity; - } - } - } -?> - </td> - <td class="listr"> -<?php - if (!is_array($ikesa['remote'])) { - echo gettext("Unknown"); - } else { - if (!empty($ikesa['remote']['address'])) { - echo htmlspecialchars($ikesa['remote']['address']) . '<br/>' . - gettext('Port: ') . htmlspecialchars($ikesa['remote']['port']); - } else { - echo gettext("Unknown"); - } - if ($ikesa['remote']['port'] == '4500') { - echo " NAT-T"; - } - } -?> - </td> - <td class="listr"> - IKEv<?php echo htmlspecialchars($ikesa['version']);?> - <br/> -<?php - echo htmlspecialchars($ikesa['role']); -?> - </td> - <td class="listr"> -<?php - echo htmlspecialchars($ikesa['reauth']); -?> - </td> - <td class="listr"> -<?php - echo htmlspecialchars($ikesa['encalg']); - echo "<br/>"; - echo htmlspecialchars($ikesa['intalg']); - echo "<br/>"; - echo htmlspecialchars($ikesa['prfalg']); - echo "<br/>"; - echo htmlspecialchars($ikesa['dhgroup']); -?> - </td> - <td class="listr"> - <center> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_<?php echo $icon; ?>.gif" title="<?php echo $ikesa['status']; ?>" alt=""/> - <br/><?php echo htmlspecialchars($ikesa['status']);?> - <br/><?php echo htmlspecialchars($ikesa['established']);?> - </center> - </td> - <td > -<?php - if ($icon != "pass"): -?> - <center> - <a href="diag_ipsec.php?act=connect&ikeid=<?php echo $con_id; ?>"> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_start.gif" alt=<?php echo gettext("Connect VPN");?> title=<?php echo gettext("Connect VPN");?> border="0"/> - </a> - </center> -<?php - else: -?> - <center> - <a href="diag_ipsec.php?act=ikedisconnect&ikeid=<?php echo $con_id; ?>"> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_stop.gif" alt=<?php echo gettext("Disconnect VPN");?> title=<?php echo gettext("Disconnect VPN");?> border="0"/> - </a> - <a href="diag_ipsec.php?act=ikedisconnect&ikeid=<?php echo $con_id; ?>&ikesaid=<?php echo $ikesa['id']; ?>"> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" alt=<?php echo gettext("Disconnect VPN Connection");?> title=<?php echo gettext("Disconnect VPN Connection");?> border="0"/> - </a> - </center> -<?php - endif; -?> - </td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary=""> - </table> - </td> - </tr> -<?php - if (is_array($ikesa['childsalist'])): -?> - <tr> - <td class="listrborder" colspan="9"> - <div id="btnchildsa-<?=$ikeid;?>"> - <input type="button" onclick="show_childsa('childsa-<?=$ikeid;?>', 'btnchildsa-<?=$ikeid;?>');" value="+" /> - Show child SA entries - </div> - <table class="tabcont" width="100%" height="100%" border="0" cellspacing="0" cellpadding="0" id="childsa-<?=$ikeid;?>" style="display:none" summary=""> - <thead> - <tr> - <th class="listhdrr nowrap"><?php echo gettext("Local subnets");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Local SPI(s)");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Remote subnets");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Times");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Algo");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Stats");?></th> - </tr> - </thead> - <tbody> -<?php - if (is_array($ikesa['childsalist']['childsa'])): - foreach ($ikesa['childsalist']['childsa'] as $childsa): -?> - <tr valign="top"> - <td class="listlr nowrap"> -<?php - if (is_array($childsa['local']) && - is_array($childsa['local']['networks']) && - is_array($childsa['local']['networks']['network'])) { - foreach ($childsa['local']['networks']['network'] as $lnets) { - echo htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />"; - } - } else { - echo gettext("Unknown"); - } -?> - </td> - <td class="listr nowrap"> -<?php - if (is_array($childsa['local'])) { - echo gettext("Local: ") . htmlspecialchars($childsa['local']['spi']); - } - if (is_array($childsa['remote'])) { - echo "<br/>" . gettext("Remote: ") . htmlspecialchars($childsa['remote']['spi']); - } -?> - </td> - <td class="listr nowrap"> -<?php - if (is_array($childsa['remote']) && - is_array($childsa['remote']['networks']) && - is_array($childsa['remote']['networks']['network'])) { - foreach ($childsa['remote']['networks']['network'] as $rnets) { - echo htmlspecialchars(ipsec_fixup_network($rnets)) . "<br />"; - } - } else { - echo gettext("Unknown"); - } -?> - </td> - <td class="listr nowrap"> -<?php - echo gettext("Rekey: ") . htmlspecialchars($childsa['rekey']); - echo "<br/>" . gettext("Life: ") . htmlspecialchars($childsa['lifetime']); - echo "<br/>" . gettext("Install: ") .htmlspecialchars($childsa['installtime']); - -?> - </td> - <td class="listr nowrap"> -<?php - echo htmlspecialchars($childsa['encalg']); - echo "<br/>"; - echo htmlspecialchars($childsa['intalg']); - echo "<br/>"; - if (!empty($childsa['prfalg'])) { - echo htmlspecialchars($childsa['prfalg']); - echo "<br/>"; - } - if (!empty($childsa['dhgroup'])) { - echo htmlspecialchars($childsa['dhgroup']); - echo "<br/>"; - } - if (!empty($childsa['esn'])) { - echo htmlspecialchars($childsa['esn']); - echo "<br/>"; - } - echo gettext("IPComp: ") . htmlspecialchars($childsa['ipcomp']); -?> - </td> - <td class="listr nowrap"> -<?php - echo gettext("Bytes-In: ") . htmlspecialchars($childsa['bytesin']); - echo "<br/>"; - echo gettext("Packets-In: ") . htmlspecialchars($childsa['packetsin']); - echo "<br/>"; - echo gettext("Bytes-Out: ") . htmlspecialchars($childsa['bytesout']); - echo "<br/>"; - echo gettext("Packets-Out: ") . htmlspecialchars($childsa['packetsout']); -?> - </td> - <td> - <center> - <a href="diag_ipsec.php?act=childdisconnect&ikeid=<?php echo $con_id; ?>&ikesaid=<?php echo $childsa['reqid']; ?>"> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" alt=<?php echo gettext("Disconnect Child SA");?> title=<?php echo gettext("Disconnect Child SA");?> border="0"/> - </a> - </center> - </td> - <td class="list nowrap"> - - </td> - </tr> -<?php - endforeach; - endif; -?> - <tr style="display:none;"><td></td></tr> - </tbody> - </table> - </td> - </tr> -<?php - endif; - - unset($con_id); - endforeach; - endif; - - $rgmap = array(); - foreach ($a_phase1 as $ph1ent): - if (isset($ph1ent['disabled'])) { - continue; - } - $rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway']; - if ($ipsecconnected[$ph1ent['ikeid']]) { - continue; - } -?> - <tr> - <td class="listlr"> -<?php - echo htmlspecialchars($ph1ent['descr']); -?> - </td> - <td class="listr"> -<?php - list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); - if (empty($myid_data)) { - echo gettext("Unknown"); - } else { - echo htmlspecialchars($myid_data); - } -?> - </td> - <td class="listr"> -<?php - $ph1src = ipsec_get_phase1_src($ph1ent); - if (empty($ph1src)) { - echo gettext("Unknown"); - } else { - echo htmlspecialchars($ph1src); - } -?> - </td> - <td class="listr"> -<?php - list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); - if (empty($peerid_data)) { - echo gettext("Unknown"); - } else { - echo htmlspecialchars($peerid_data); - } -?> - </td> - <td class="listr"> -<?php - $ph1src = ipsec_get_phase1_dst($ph1ent); - if (empty($ph1src)) { - echo gettext("Unknown"); - } else { - echo htmlspecialchars($ph1src); - } -?> - </td> - <td class="listr" > - </td> - <td class="listr" > - </td> - <td class="listr" > - </td> -<?php - if (isset($ph1ent['mobile'])): -?> - <td class="listr"> - <center> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_pass.gif" title=<?php echo gettext("Awaiting connections");?> alt=""/> - <br/><?php echo gettext("Awaiting connections");?> - </center> - </td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary=""> - </table> - </td> -<?php - else: -?> - <td class="listr"> - <center> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_reject.gif" title=<?php echo gettext("Disconnected");?> alt=""/> - <br/><?php echo gettext("Disconnected");?> - </center> - </td> - <td > - <center> - <a href="diag_ipsec.php?act=connect&ikeid=<?php echo $ph1ent['ikeid']; ?>"> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_start.gif" alt=<?php echo gettext("Connect VPN");?> title=<?php echo gettext("Connect VPN");?> border="0"/> - </a> - </center> - </td> -<?php - endif; -?> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary=""> - </table> - </td> - </tr> -<?php - endforeach; - unset($ipsecconnected, $phase1, $rgmap); -?> - <tr style="display:none;"><td></td></tr> - </tbody> - </table> - </div> - </td> - </tr> -</table> - -<p class="vexpl"> - <span class="red"> - <strong><?php echo gettext("Note:");?><br /></strong> - </span> - <?php echo gettext("You can configure IPsec");?> - <a href="vpn_ipsec.php">here</a>. -</p> -<?php unset($status); include("fend.inc"); ?> -<script type="text/javascript"> -//<![CDATA[ -function show_childsa(id, buttonid) { - document.getElementById(buttonid).innerHTML=''; - aodiv = document.getElementById(id); - aodiv.style.display = "block"; -} -//]]> -</script> -</body> -</html> |