summaryrefslogtreecommitdiffstats
path: root/usr/local/www/vpn_ipsec_edit.php
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2004-11-07 03:06:49 +0000
committerScott Ullrich <sullrich@pfsense.org>2004-11-07 03:06:49 +0000
commit5b237745003431d487de361ca0980a467ee2f5d5 (patch)
tree0a29f0237f9e8e536112f9fc816e7a52bbc19691 /usr/local/www/vpn_ipsec_edit.php
downloadpfsense-5b237745003431d487de361ca0980a467ee2f5d5.zip
pfsense-5b237745003431d487de361ca0980a467ee2f5d5.tar.gz
Initial revision
Diffstat (limited to 'usr/local/www/vpn_ipsec_edit.php')
-rwxr-xr-xusr/local/www/vpn_ipsec_edit.php527
1 files changed, 527 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_edit.php b/usr/local/www/vpn_ipsec_edit.php
new file mode 100755
index 0000000..f0fafde
--- /dev/null
+++ b/usr/local/www/vpn_ipsec_edit.php
@@ -0,0 +1,527 @@
+#!/usr/local/bin/php
+<?php
+/*
+ vpn_ipsec_edit.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['ipsec']['tunnel'])) {
+ $config['ipsec']['tunnel'] = array();
+}
+$a_ipsec = &$config['ipsec']['tunnel'];
+
+$specialsrcdst = explode(" ", "lan");
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+function is_specialnet($net) {
+ global $specialsrcdst;
+
+ if (in_array($net, $specialsrcdst))
+ return true;
+ else
+ return false;
+}
+
+function address_to_pconfig($adr, &$padr, &$pmask) {
+
+ if ($adr['network'])
+ $padr = $adr['network'];
+ else if ($adr['address']) {
+ list($padr, $pmask) = explode("/", $adr['address']);
+ if (is_null($pmask))
+ $pmask = 32;
+ }
+}
+
+function pconfig_to_address(&$adr, $padr, $pmask) {
+
+ $adr = array();
+
+ if (is_specialnet($padr))
+ $adr['network'] = $padr;
+ else {
+ $adr['address'] = $padr;
+ if ($pmask != 32)
+ $adr['address'] .= "/" . $pmask;
+ }
+}
+
+if (isset($id) && $a_ipsec[$id]) {
+ $pconfig['disabled'] = isset($a_ipsec[$id]['disabled']);
+ $pconfig['auto'] = isset($a_ipsec[$id]['auto']);
+
+ if (!isset($a_ipsec[$id]['local-subnet']))
+ $pconfig['localnet'] = "lan";
+ else
+ address_to_pconfig($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']);
+
+ if ($a_ipsec[$id]['interface'])
+ $pconfig['interface'] = $a_ipsec[$id]['interface'];
+ else
+ $pconfig['interface'] = "wan";
+
+ list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']);
+ $pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway'];
+ $pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode'];
+
+ if (isset($a_ipsec[$id]['p1']['myident']['myaddress']))
+ $pconfig['p1myidentt'] = 'myaddress';
+ else if (isset($a_ipsec[$id]['p1']['myident']['address'])) {
+ $pconfig['p1myidentt'] = 'address';
+ $pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['address'];
+ } else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) {
+ $pconfig['p1myidentt'] = 'fqdn';
+ $pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn'];
+ } else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) {
+ $pconfig['p1myidentt'] = 'user_fqdn';
+ $pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
+ }
+
+ $pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
+ $pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
+ $pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
+ $pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
+ $pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
+ $pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
+ $pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
+ $pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
+ $pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup'];
+ $pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime'];
+ $pconfig['descr'] = $a_ipsec[$id]['descr'];
+
+} else {
+ /* defaults */
+ $pconfig['interface'] = "wan";
+ $pconfig['localnet'] = "lan";
+ $pconfig['p1mode'] = "aggressive";
+ $pconfig['p1myidentt'] = "myaddress";
+ $pconfig['p1ealgo'] = "3des";
+ $pconfig['p1halgo'] = "sha1";
+ $pconfig['p1dhgroup'] = "2";
+ $pconfig['p2proto'] = "esp";
+ $pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael");
+ $pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
+ $pconfig['p2pfsgroup'] = "0";
+}
+
+if ($_POST) {
+ if (is_specialnet($_POST['localnettype'])) {
+ $_POST['localnet'] = $_POST['localnettype'];
+ $_POST['localnetmask'] = 0;
+ } else if ($_POST['localnettype'] == "single") {
+ $_POST['localnetmask'] = 32;
+ }
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
+ $reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if (!is_specialnet($_POST['localnettype'])) {
+ if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) {
+ $input_errors[] = "A valid local network IP address must be specified.";
+ }
+ if (($_POST['localnetmask'] && !is_numeric($_POST['localnetmask']))) {
+ $input_errors[] = "A valid local network bit count must be specified.";
+ }
+ }
+ if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
+ $input_errors[] = "The P1 lifetime must be an integer.";
+ }
+ if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
+ $input_errors[] = "The P2 lifetime must be an integer.";
+ }
+ if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) || ($_POST['remotebits'] <= 0) || ($_POST['remotebits'] > 32))) {
+ $input_errors[] = "The remote network bits are invalid.";
+ }
+ if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet']))) {
+ $input_errors[] = "A valid remote network address must be specified.";
+ }
+ if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) {
+ $input_errors[] = "A valid remote gateway address must be specified.";
+ }
+ if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) {
+ $input_errors[] = "A valid IP address for 'My identifier' must be specified.";
+ }
+ if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
+ $input_errors[] = "A valid domain name for 'My identifier' must be specified.";
+ }
+ if ($_POST['p1myidentt'] == "user_fqdn") {
+ $ufqdn = explode("@",$_POST['p1myident']);
+ if (!is_domain($ufqdn[1]))
+ $input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
+ }
+
+ if ($_POST['p1myidentt'] == "myaddress")
+ $_POST['p1myident'] = "";
+
+ if (!$input_errors) {
+ $ipsecent['disabled'] = $_POST['disabled'] ? true : false;
+ $ipsecent['auto'] = $_POST['auto'] ? true : false;
+ $ipsecent['interface'] = $pconfig['interface'];
+ pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
+ $ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
+ $ipsecent['remote-gateway'] = $_POST['remotegw'];
+ $ipsecent['p1']['mode'] = $_POST['p1mode'];
+
+ $ipsecent['p1']['myident'] = array();
+ switch ($_POST['p1myidentt']) {
+ case 'myaddress':
+ $ipsecent['p1']['myident']['myaddress'] = true;
+ break;
+ case 'address':
+ $ipsecent['p1']['myident']['address'] = $_POST['p1myident'];
+ break;
+ case 'fqdn':
+ $ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
+ break;
+ case 'user_fqdn':
+ $ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
+ break;
+ }
+
+ $ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
+ $ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
+ $ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
+ $ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
+ $ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
+ $ipsecent['p2']['protocol'] = $_POST['p2proto'];
+ $ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
+ $ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
+ $ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
+ $ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
+ $ipsecent['descr'] = $_POST['descr'];
+
+ if (isset($id) && $a_ipsec[$id])
+ $a_ipsec[$id] = $ipsecent;
+ else
+ $a_ipsec[] = $ipsecent;
+
+ write_config();
+ touch($d_ipsecconfdirty_path);
+
+ header("Location: vpn_ipsec.php");
+ exit;
+ }
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title><?=gentitle("VPN: IPsec: Edit tunnel");?></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+<script language="JavaScript">
+<!--
+function typesel_change() {
+ switch (document.iform.localnettype.selectedIndex) {
+ case 0: /* single */
+ document.iform.localnet.disabled = 0;
+ document.iform.localnetmask.value = "";
+ document.iform.localnetmask.disabled = 1;
+ break;
+ case 1: /* network */
+ document.iform.localnet.disabled = 0;
+ document.iform.localnetmask.disabled = 0;
+ break;
+ default:
+ document.iform.localnet.value = "";
+ document.iform.localnet.disabled = 1;
+ document.iform.localnetmask.value = "";
+ document.iform.localnetmask.disabled = 1;
+ break;
+ }
+}
+//-->
+</script>
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">VPN: IPsec: Edit tunnel</p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+ <form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Mode</td>
+ <td width="78%" class="vtable"> Tunnel</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Disabled</td>
+ <td width="78%" class="vtable">
+ <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
+ <strong>Disable this tunnel</strong><br>
+ <span class="vexpl">Set this option to disable this tunnel without
+ removing it from the list.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Auto-establish</td>
+ <td width="78%" class="vtable">
+ <input name="auto" type="checkbox" id="auto" value="yes" <?php if ($pconfig['auto']) echo "checked"; ?>>
+ <strong>Automatically establish this tunnel</strong><br>
+ <span class="vexpl">Set this option to automatically re-establish this tunnel after reboots/reconfigures. If this is not set, the tunnel is established on demand.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Interface</td>
+ <td width="78%" class="vtable"> <select name="interface" class="formfld">
+ <?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br>
+ <span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Local subnet</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td>Type:&nbsp;&nbsp;</td>
+ <td><select name="localnettype" class="formfld" onChange="typesel_change()">
+ <?php $sel = is_specialnet($pconfig['localnet']); ?>
+ <option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
+ Single host</option>
+ <option value="network" <?php if (!$sel) echo "selected"; ?>>
+ Network</option>
+ <option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
+ LAN subnet</option>
+ </select></td>
+ </tr>
+ <tr>
+ <td>Address:&nbsp;&nbsp;</td>
+ <td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
+ /
+ <select name="localnetmask" class="formfld" id="localnetmask">
+ <?php for ($i = 31; $i >= 0; $i--): ?>
+ <option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
+ <?=$i;?>
+ </option>
+ <?php endfor; ?>
+ </select> </td>
+ </tr>
+ </table></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Remote subnet</td>
+ <td width="78%" class="vtable">
+ <input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
+ /
+ <select name="remotebits" class="formfld" id="remotebits">
+ <?php for ($i = 32; $i > 0; $i--): ?>
+ <option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
+ <?=$i;?>
+ </option>
+ <?php endfor; ?>
+ </select></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Remote gateway</td>
+ <td width="78%" class="vtable">
+ <input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
+ <br>
+ Enter the public IP address of the remote gateway</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Description</td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
+ <br> <span class="vexpl">You may enter a description here
+ for your reference (not parsed).</span></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Phase 1 proposal
+ (Authentication)</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
+ <td width="78%" class="vtable">
+<select name="p1mode" class="formfld">
+ <?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
+ <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
+ <?=htmlspecialchars($mode);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br> <span class="vexpl">Aggressive is faster, but
+ less secure.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">My identifier</td>
+ <td width="78%" class="vtable">
+<select name="p1myidentt" class="formfld">
+ <?php foreach ($my_identifier_list as $mode => $modename): ?>
+ <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
+ <?=htmlspecialchars($modename);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
+ <td width="78%" class="vtable">
+<select name="p1ealgo" class="formfld">
+ <?php foreach ($p1_ealgos as $algo => $algoname): ?>
+ <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
+ <?=htmlspecialchars($algoname);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br> <span class="vexpl">Must match the setting
+ chosen on the remote side. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
+ <td width="78%" class="vtable">
+<select name="p1halgo" class="formfld">
+ <?php foreach ($p1_halgos as $algo => $algoname): ?>
+ <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
+ <?=htmlspecialchars($algoname);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br> <span class="vexpl">Must match the setting
+ chosen on the remote side. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">DH key group</td>
+ <td width="78%" class="vtable">
+<select name="p1dhgroup" class="formfld">
+ <?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
+ <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
+ <?=htmlspecialchars($keygroup);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
+ bit, 5 = 1536 bit</em><br>
+ Must match the setting chosen on the remote side. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Lifetime</td>
+ <td width="78%" class="vtable">
+ <input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
+ seconds</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
+ <td width="78%" class="vtable">
+ <input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Phase 2 proposal
+ (SA/Key Exchange)</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Protocol</td>
+ <td width="78%" class="vtable">
+<select name="p2proto" class="formfld">
+ <?php foreach ($p2_protos as $proto => $protoname): ?>
+ <option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
+ <?=htmlspecialchars($protoname);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br> <span class="vexpl">ESP is encryption, AH is
+ authentication only </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
+ <td width="78%" class="vtable">
+ <?php foreach ($p2_ealgos as $algo => $algoname): ?>
+ <input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
+ <?=htmlspecialchars($algoname);?>
+ <br>
+ <?php endforeach; ?>
+ <br>
+ Hint: use 3DES for best compatibility or if you have a hardware
+ crypto accelerator card. Blowfish is usually the fastest in
+ software encryption. </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
+ <td width="78%" class="vtable">
+ <?php foreach ($p2_halgos as $algo => $algoname): ?>
+ <input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
+ <?=htmlspecialchars($algoname);?>
+ <br>
+ <?php endforeach; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">PFS key group</td>
+ <td width="78%" class="vtable">
+<select name="p2pfsgroup" class="formfld">
+ <?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
+ <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
+ <?=htmlspecialchars($keygroupname);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
+ bit, 5 = 1536 bit</em></span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Lifetime</td>
+ <td width="78%" class="vtable">
+ <input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
+ seconds</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id) && $a_ipsec[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+</form>
+<script language="JavaScript">
+<!--
+typesel_change();
+//-->
+</script>
+<?php include("fend.inc"); ?>
+</body>
+</html>
OpenPOWER on IntegriCloud