diff options
author | jim-p <jimp@pfsense.org> | 2014-04-25 12:13:12 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2014-04-25 12:13:12 -0400 |
commit | 711720886ed7883b9be22962723c157c65567313 (patch) | |
tree | 10c9e6bc5b36249d5efe2b961d02b1b24e029b87 /usr/local/www/vpn_ipsec_settings.php | |
parent | 05e3936a27bcc2bfc106e15de95df8e0b7831552 (diff) | |
download | pfsense-711720886ed7883b9be22962723c157c65567313.zip pfsense-711720886ed7883b9be22962723c157c65567313.tar.gz |
Move the IPsec settings from System > Advanced, Misc tab to "Advanced Settings" tab under VPN > IPsec.
Diffstat (limited to 'usr/local/www/vpn_ipsec_settings.php')
-rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 252 |
1 files changed, 252 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php new file mode 100644 index 0000000..b4a5201 --- /dev/null +++ b/usr/local/www/vpn_ipsec_settings.php @@ -0,0 +1,252 @@ +<?php +/* + vpn_ipsec_settings.php + + Copyright (C) 2014 Electric Sheep Fencing, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +##|+PRIV +##|*IDENT=page-vpn-ipsec-settings +##|*NAME=VPN: IPsec: Settings page +##|*DESCR=Allow access to the 'VPN: IPsec: Settings' page. +##|*MATCH=vpn_ipsec_settings.php* +##|-PRIV + +require("functions.inc"); +require("guiconfig.inc"); +require_once("filter.inc"); +require_once("shaper.inc"); +require_once("ipsec.inc"); +require_once("vpn.inc"); + +$pconfig['noinstalllanspd'] = $config['system']['noinstalllanspd']; +$pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']); +foreach ($ipsec_loglevels as $lkey => $ldescr) { + if (!empty($config['ipsec']["ipsec_{$lkey}"])) + $pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"]; +} +$pconfig['failoverforcereload'] = isset($config['ipsec']['failoverforcereload']); +$pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); +$pconfig['maxmss'] = $config['system']['maxmss']; + +if ($_POST['submit']) { + + unset($input_errors); + $pconfig = $_POST; + + if (!$input_errors) { + + if($_POST['noinstalllanspd'] == "yes") { + if (!isset($pconfig['noinstalllanspd'])) + $config['system']['noinstalllanspd'] = true; + } else { + if (isset($config['system']['noinstalllanspd'])) + unset($config['system']['noinstalllanspd']); + } + + if($_POST['preferoldsa_enable'] == "yes") + $config['ipsec']['preferoldsa'] = true; + elseif (isset($config['ipsec']['preferoldsa'])) + unset($config['ipsec']['preferoldsa']); + + if (is_array($config['ipsec'])) { + foreach ($ipsec_loglevels as $lkey => $ldescr) { + if (empty($_POST["ipsec_{$lkey}"])) { + if (isset($config['ipsec']["ipsec_{$lkey}"])) + unset($config['ipsec']["ipsec_{$lkey}"]); + } else + $config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"]; + } + } + + if($_POST['failoverforcereload'] == "yes") + $config['ipsec']['failoverforcereload'] = true; + elseif (isset($config['ipsec']['failoverforcereload'])) + unset($config['ipsec']['failoverforcereload']); + + if($_POST['maxmss_enable'] == "yes") { + $config['system']['maxmss_enable'] = true; + $config['system']['maxmss'] = $_POST['maxmss']; + } else { + unset($config['system']['maxmss_enable']); + unset($config['system']['maxmss']); + } + + write_config(); + + $retval = 0; + $retval = filter_configure(); + if(stristr($retval, "error") <> true) + $savemsg = get_std_save_message(gettext($retval)); + else + $savemsg = gettext($retval); + + vpn_ipsec_configure_preferoldsa(); + vpn_ipsec_configure(); + vpn_ipsec_configure_loglevels(); + +// header("Location: vpn_ipsec_settings.php"); +// return; + } +} + +$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Settings")); +$shortcut_section = "ipsec"; + +include("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> + +<script type="text/javascript"> +<!-- + +function maxmss_checked(obj) { + if (obj.checked) + jQuery('#maxmss').attr('disabled',false); + else + jQuery('#maxmss').attr('disabled','true'); +} + +//--> +</script> + +<form action="vpn_ipsec_settings.php" method="post" name="iform" id="iform"> + +<?php + if ($savemsg) + print_info_box($savemsg); + if ($input_errors) + print_input_errors($input_errors); +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabnavtbl"> + <?php + $tab_array = array(); + $tab_array[0] = array(gettext("Tunnels"), false, "vpn_ipsec.php"); + $tab_array[1] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php"); + $tab_array[2] = array(gettext("Pre-Shared Key"), false, "vpn_ipsec_keys.php"); + $tab_array[3] = array(gettext("Advanced Settings"), true, "vpn_ipsec_settings.php"); + display_top_tabs($tab_array); + ?> + </td> + </tr> + <tr> + <td id="mainarea"> + <div class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("IPSec Advanced Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("LAN security associsations"); ?></td> + <td width="78%" class="vtable"> + <input name="noinstalllanspd" type="checkbox" id="noinstalllanspd" value="yes" <?php if ($pconfig['noinstalllanspd']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Do not install LAN SPD"); ?></strong> + <br /> + <?=gettext("By default, if IPSec is enabled negating SPD are inserted to provide protection. " . + "This behaviour can be changed by enabling this setting which will prevent installing these SPDs."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Security Associations"); ?></td> + <td width="78%" class="vtable"> + <input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Prefer older IPsec SAs"); ?></strong> + <br /> + <?=gettext("By default, if several SAs match, the newest one is " . + "preferred if it's at least 30 seconds old. Select this " . + "option to always prefer old SAs over new ones."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Debug"); ?></td> + <td width="78%" class="vtable"> + <strong><?=gettext("Start IPSec in debug mode based on sections selected"); ?></strong> + <br /> + <table> + <?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=$ldescr;?></td> + <td width="78%" valign="top" class="vncell"> + <?php echo "<select name=\"ipsec_{$lkey}\" id=\"ipsec_{$lkey}\">\n"; + foreach (array("Silent", "Audit", "Control", "Diag", "Raw", "Highest") as $lidx => $lvalue) { + echo "<option value=\"{$lidx}\" "; + if ($pconfig["ipsec_{$lkey}"] == $lidx) + echo "selected=\"selected\""; + echo ">{$lvalue}</option>\n"; + } + ?> + </select> + </td> + </tr> + <?php endforeach; ?> + </table> + <br /><?=gettext("Launches IPSec in debug mode so that more verbose logs " . + "will be generated to aid in troubleshooting."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Reload on Failover"); ?></td> + <td width="78%" class="vtable"> + <input name="failoverforcereload" type="checkbox" id="failoverforcereload" value="yes" <?php if ($pconfig['failoverforcereload']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Force IPsec Reload on Failover"); ?></strong> + <br /> + <?=gettext("In some circumstances using a gateway group as the interface for " . + "an IPsec tunnel does not function properly, and IPsec must be forcefully reloaded " . + "when a failover occurs. Because this will disrupt all IPsec tunnels, this behavior" . + " is disabled by default. Check this box to force IPsec to fully reload on failover."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Maximum MSS"); ?></td> + <td width="78%" class="vtable"> + <input name="maxmss_enable" type="checkbox" id="maxmss_enable" value="yes" <?php if ($pconfig['maxmss_enable'] == true) echo "checked=\"checked\""; ?> onclick="maxmss_checked(this)" /> + <strong><?=gettext("Enable MSS clamping on VPN traffic"); ?></strong> + <br /> + <input name="maxmss" id="maxmss" value="<?php if ($pconfig['maxmss'] <> "") echo $pconfig['maxmss']; else "1400"; ?>" class="formfld unknown" <?php if ($pconfig['maxmss_enable'] == false) echo "disabled=\"disabled\""; ?> /> + <br /> + <?=gettext("Enable MSS clamping on TCP flows over VPN. " . + "This helps overcome problems with PMTUD on IPsec VPN links. If left blank, the default value is 1400 bytes. "); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> |