diff options
author | Matthew Grooms <mgrooms@pfsense.org> | 2008-07-13 23:28:45 +0000 |
---|---|---|
committer | Matthew Grooms <mgrooms@pfsense.org> | 2008-07-13 23:28:45 +0000 |
commit | 3462a52903223da3bf931ab0dda9267242c4bb6c (patch) | |
tree | c48c6e58b55e61d592bea303dbbb9a9bdf4c4f05 /usr/local/www/vpn_ipsec_phase2.php | |
parent | 916c50019bb2bf3116f023fd5933f236598c5fd7 (diff) | |
download | pfsense-3462a52903223da3bf931ab0dda9267242c4bb6c.zip pfsense-3462a52903223da3bf931ab0dda9267242c4bb6c.tar.gz |
Introduce a new and improved version of IPsec mobile client support. The
mobile client tab is now used to configure user authentication (Xauth) and
client configuration (mode-cfg) options. User authentication is currently
limited to system password file entries. This will be extended to support
external RADIUS and LDAP account DBs in a follow up comiit.
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase2.php')
-rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 107 |
1 files changed, 83 insertions, 24 deletions
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 7a3c5ce..f32c567 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -31,6 +31,11 @@ require("guiconfig.inc"); +if (!is_array($config['ipsec']['client'])) + $config['ipsec']['client'] = array(); + +$a_client = &$config['ipsec']['client']; + if (!is_array($config['ipsec']['phase2'])) $config['ipsec']['phase2'] = array(); @@ -60,6 +65,9 @@ if (isset($p2index) && $a_phase2[$p2index]) $pconfig['halgos'] = $a_phase2[$p2index]['hash-algorithm-option']; $pconfig['pfsgroup'] = $a_phase2[$p2index]['pfsgroup']; $pconfig['lifetime'] = $a_phase2[$p2index]['lifetime']; + + if (isset($a_phase2[$p2index]['mobile'])) + $pconfig['mobile'] = true; } else { @@ -73,6 +81,10 @@ else $pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5"); $pconfig['pfsgroup'] = "0"; $pconfig['lifetime'] = "3600"; + + /* mobile client */ + if($_GET['mobile']) + $pconfig['mobile']=true; } if (isset($_GET['dup'])) @@ -83,41 +95,43 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - $ealgos = pconfig_to_ealgos($pconfig); - $localid = pconfig_to_idinfo("local",$pconfig); - $remoteid = pconfig_to_idinfo("remote",$pconfig); - if (!isset( $_POST['ikeid'])) $input_errors[] = "A valid ikeid must be specified."; /* input validation */ - $reqdfields = explode(" ", "localid_type remoteid_type halgos"); - $reqdfieldsn = explode(",", "Local network type,Remote network type,P2 Hash Algorithms"); + $reqdfields = explode(" ", "localid_type halgos"); + $reqdfieldsn = explode(",", "Local network type,P2 Hash Algorithms"); + if (!isset($pconfig['mobile'])){ + $reqdfields[] = "remoteid_type"; + $reqdfieldsn[] = "Remote network type"; + } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - switch ($_POST['localid_type']) { + switch ($pconfig['localid_type']) { case "network": - if (!$_POST['localid_netbits'] || !is_numeric($_POST['localid_netbits'])) + if (!$pconfig['localid_netbits'] || !is_numeric($pconfig['localid_netbits'])) $input_errors[] = "A valid local network bit count must be specified.."; case "address": - if (!$_POST['localid_address'] || !is_ipaddr($_POST['localid_address'])) + if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) $input_errors[] = "A valid local network IP address must be specified."; break; } - switch ($_POST['remoteid_type']) { + switch ($pconfig['remoteid_type']) { case "network": - if (!$_POST['remoteid_netbits'] || !is_numeric($_POST['remoteid_netbits'])) + if (!$pconfig['remoteid_netbits'] || !is_numeric($pconfig['remoteid_netbits'])) $input_errors[] = "A valid remote network bit count must be specified.."; case "address": - if (!$_POST['remoteid_address'] || !is_ipaddr($_POST['remoteid_address'])) + if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address'])) $input_errors[] = "A valid remote network IP address must be specified."; break; } /* TODO : Validate enabled phase2's are not duplicates */ + $ealgos = pconfig_to_ealgos($pconfig); + if (!count($ealgos)) { $input_errors[] = "At least one encryption algorithm must be selected."; } @@ -126,16 +140,22 @@ if ($_POST) { } if (!$input_errors) { - $ph2ent['ikeid'] = $_POST['ikeid']; - $ph2ent['disabled'] = $_POST['disabled'] ? true : false; - $ph2ent['localid'] = $localid; - $ph2ent['remoteid'] = $remoteid; - $ph2ent['protocol'] = $_POST['proto']; + + $ph2ent['ikeid'] = $pconfig['ikeid']; + $ph2ent['disabled'] = $pconfig['disabled'] ? true : false; + + $ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig); + $ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig); + + $ph2ent['protocol'] = $pconfig['proto']; $ph2ent['encryption-algorithm-option'] = $ealgos; - $ph2ent['hash-algorithm-option'] = $_POST['halgos']; - $ph2ent['pfsgroup'] = $_POST['pfsgroup']; - $ph2ent['lifetime'] = $_POST['lifetime']; - $ph2ent['descr'] = $_POST['descr']; + $ph2ent['hash-algorithm-option'] = $pconfig['halgos']; + $ph2ent['pfsgroup'] = $pconfig['pfsgroup']; + $ph2ent['lifetime'] = $pconfig['lifetime']; + $ph2ent['descr'] = $pconfig['descr']; + + if (isset($pconfig['mobile'])) + $ph2ent['mobile'] = true; if (isset($p2index) && $a_phase2[$p2index]) $a_phase2[$p2index] = $ph2ent; @@ -150,7 +170,11 @@ if ($_POST) { } } -$pgtitle = array("VPN","IPsec","Edit Phase 2"); +if ($pconfig['mobile']) + $pgtitle = array("VPN","IPsec","Edit Phase 2", "Mobile Client"); +else + $pgtitle = array("VPN","IPsec","Edit Phase 2"); + include("head.inc"); ?> @@ -183,6 +207,17 @@ function typesel_change_local(bits) { break; } } + +<?php if (isset($pconfig['mobile'])): ?> + +function typesel_change_remote(bits) { + + document.iform.remoteid_address.disabled = 1; + document.iform.remoteid_netbits.disabled = 1; +} + +<?php else: ?> + function typesel_change_remote(bits) { if (!bits) @@ -207,6 +242,9 @@ function typesel_change_remote(bits) { break; } } + +<?php endif; ?> + //--> </script> @@ -260,6 +298,8 @@ function typesel_change_remote(bits) { </table> </td> </tr> + <?php if (!isset($pconfig['mobile'])): ?> + <tr> <td width="22%" valign="top" class="vncellreq">Remote Network</td> <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0"> @@ -291,6 +331,7 @@ function typesel_change_remote(bits) { </table> </td> </tr> + <?php endif; ?> <tr> <td width="22%" valign="top" class="vncell">Description</td> <td width="78%" class="vtable"> @@ -380,6 +421,7 @@ function typesel_change_remote(bits) { <tr> <td width="22%" valign="top" class="vncellreq">PFS key group</td> <td width="78%" class="vtable"> + <?php if (!isset($pconfig['mobile']) || !isset($a_client['pfs_group'])): ?> <select name="pfsgroup" class="formselect"> <?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?> <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected"; ?>> @@ -389,6 +431,14 @@ function typesel_change_remote(bits) { </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit</em></span> + <?php else: ?> + <select class="formselect" disabled> + <option selected><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option> + </select> + <input name="pfsgroup" type="hidden" value="<?=$pconfig['pfsgroup'];?>"> + <br> + <span class="vexpl"><em>Set globally in mobile client options</em></span> + <?php endif; ?> </td> </tr> <tr> @@ -401,11 +451,15 @@ function typesel_change_remote(bits) { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input name="ikeid" type="hidden" value="<?=$pconfig['ikeid'];?>"> <?php if (isset($p2index) && $a_phase2[$p2index]): ?> <input name="p2index" type="hidden" value="<?=$p2index;?>"> <?php endif; ?> + <?php if ($pconfig['mobile']): ?> + <input name="mobile" type="hidden" value="true"> + <input name="remoteid_type" type="hidden" value="mobile"> + <?php endif; ?> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <input name="ikeid" type="hidden" value="<?=$pconfig['ikeid'];?>"> </td> </tr> </table> @@ -417,9 +471,13 @@ typesel_change_remote(<?=$pconfig['remoteid_netbits']?>); //--> </script> <?php include("fend.inc"); ?> +</body> +</html> <?php +/* local utility functions */ + function pconfig_to_ealgos(& $pconfig) { global $p2_ealgos; @@ -487,3 +545,4 @@ function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) { } ?> + |