summaryrefslogtreecommitdiffstats
path: root/usr/local/www
diff options
context:
space:
mode:
authorMatthew Grooms <mgrooms@pfsense.org>2008-07-13 23:28:45 +0000
committerMatthew Grooms <mgrooms@pfsense.org>2008-07-13 23:28:45 +0000
commit3462a52903223da3bf931ab0dda9267242c4bb6c (patch)
treec48c6e58b55e61d592bea303dbbb9a9bdf4c4f05 /usr/local/www
parent916c50019bb2bf3116f023fd5933f236598c5fd7 (diff)
downloadpfsense-3462a52903223da3bf931ab0dda9267242c4bb6c.zip
pfsense-3462a52903223da3bf931ab0dda9267242c4bb6c.tar.gz
Introduce a new and improved version of IPsec mobile client support. The
mobile client tab is now used to configure user authentication (Xauth) and client configuration (mode-cfg) options. User authentication is currently limited to system password file entries. This will be extended to support external RADIUS and LDAP account DBs in a follow up comiit.
Diffstat (limited to 'usr/local/www')
-rwxr-xr-xusr/local/www/guiconfig.inc2
-rwxr-xr-xusr/local/www/vpn_ipsec.php19
-rwxr-xr-xusr/local/www/vpn_ipsec_ca.php2
-rwxr-xr-xusr/local/www/vpn_ipsec_mobile.php808
-rw-r--r--usr/local/www/vpn_ipsec_phase1.php268
-rw-r--r--usr/local/www/vpn_ipsec_phase2.php107
6 files changed, 759 insertions, 447 deletions
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc
index 9fecc45..acb3c1f 100755
--- a/usr/local/www/guiconfig.inc
+++ b/usr/local/www/guiconfig.inc
@@ -228,7 +228,7 @@ function print_info_box_np($msg, $name="apply",$value="Apply changes") {
echo " </td>\n";
echo " <td width='70%'><font color='white'><b>{$msg}</b></font>\n";
echo " </td>";
- if(stristr($msg, "apply") == true || stristr($msg, "save")) {
+ if(stristr($msg, "apply") == true || stristr($msg, "save") || stristr($msg, "create")) {
echo " <td>";
echo " <input name=\"{$name}\" type=\"submit\" class=\"formbtn\" id=\"${name}\" value=\"{$value}\">\n";
echo " </td>";
diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php
index 94f4c37..d6761be 100755
--- a/usr/local/www/vpn_ipsec.php
+++ b/usr/local/www/vpn_ipsec.php
@@ -139,7 +139,7 @@ include("head.inc");
<?php
$tab_array = array();
$tab_array[0] = array("Tunnels", true, "vpn_ipsec.php");
-// $tab_array[1] = array("Mobile clients", false, "vpn_ipsec_mobile.php");
+ $tab_array[1] = array("Mobile clients", false, "vpn_ipsec_mobile.php");
$tab_array[2] = array("CAs", false, "vpn_ipsec_ca.php");
display_top_tabs($tab_array);
?>
@@ -179,6 +179,7 @@ include("head.inc");
</table>
</td>
</tr>
+
<?php
$i = 0;
foreach ($a_phase1 as $ph1ent) {
@@ -205,7 +206,10 @@ include("head.inc");
else
$if = "WAN";
- echo $if . "<br>" . $ph1ent['remote-gateway'];
+ if (!isset($ph1ent['mobile']))
+ echo $if."<br>".$ph1ent['remote-gateway'];
+ else
+ echo $if."<br><strong>Mobile Client</strong>";
?>
<?=$spane;?>
</td>
@@ -275,7 +279,7 @@ include("head.inc");
<td class="listhdrr">P2 Transforms</td>
<td class="listhdrr">P2 Auth Methods</td>
<td class ="list">
- <a href="vpn_ipsec_phase2.php?ikeid=<?=$ph1ent['ikeid'];?>">
+ <a href="vpn_ipsec_phase2.php?ikeid=<?=$ph1ent['ikeid'];?><?php if (isset($ph1ent['mobile'])) echo "&mobile=true";?>">
<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add phase2 entry" width="17" height="17" border="0">
</a>
</td>
@@ -296,19 +300,20 @@ include("head.inc");
$spans = $spane = "";
?>
<tr valign="top">
+
<td nowrap class="listr" ondblclick="document.location='vpn_ipsec_phase2.php?id=<?=$i;?>'">
<?=$spans;?>
- <?php echo ipsec_idinfo_to_text($ph2ent['localid']); ?>
+ <?=ipsec_idinfo_to_text($ph2ent['localid']); ?>
<?=$spane;?>
</td>
<td nowrap class="listr" ondblclick="document.location='vpn_ipsec_phase2.php?id=<?=$i;?>'">
<?=$spans;?>
- <?php echo ipsec_idinfo_to_text($ph2ent['remoteid']); ?>
+ <?=ipsec_idinfo_to_text($ph2ent['remoteid']); ?>
<?=$spane;?>
</td>
<td nowrap class="listr" ondblclick="document.location='vpn_ipsec_phase2.php?id=<?=$i;?>'">
<?=$spans;?>
- <?php echo $p2_protos[$ph2ent['protocol']]; ?>
+ <?php echo $p2_protos[$ph2ent['protocol']]; ?>
<?=$spane;?>
</td>
<td nowrap class="listr" ondblclick="document.location='vpn_ipsec_phase2.php?id=<?=$i;?>'">
@@ -350,6 +355,7 @@ include("head.inc");
</a>
</td>
</tr>
+
<?php
$j++;
}
@@ -361,6 +367,7 @@ include("head.inc");
$i++;
}
?>
+
<tr>
<td class="list" colspan="5"></td>
<td class="list">
diff --git a/usr/local/www/vpn_ipsec_ca.php b/usr/local/www/vpn_ipsec_ca.php
index b94c66d..25d0f4e 100755
--- a/usr/local/www/vpn_ipsec_ca.php
+++ b/usr/local/www/vpn_ipsec_ca.php
@@ -65,7 +65,7 @@ include("head.inc");
<?php
$tab_array = array();
$tab_array[0] = array("Tunnels", false, "vpn_ipsec.php");
-// $tab_array[1] = array("Mobile clients", false, "vpn_ipsec_mobile.php");
+ $tab_array[1] = array("Mobile clients", false, "vpn_ipsec_mobile.php");
$tab_array[2] = array("CAs", true, "vpn_ipsec_ca.php");
display_top_tabs($tab_array);
?>
diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php
index 5a88b66..5d78b73 100755
--- a/usr/local/www/vpn_ipsec_mobile.php
+++ b/usr/local/www/vpn_ipsec_mobile.php
@@ -1,9 +1,8 @@
<?php
/*
vpn_ipsec_mobile.php
- part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008 Shrew Soft Inc
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -30,129 +29,170 @@
require("guiconfig.inc");
-if (!is_array($config['ipsec']['mobileclients'])) {
- $config['ipsec']['mobileclients'] = array();
+if (!is_array($config['ipsec']['phase1']))
+ $config['ipsec']['phase1'] = array();
+
+$a_phase1 = &$config['ipsec']['phase1'];
+
+$a_client = &$config['ipsec']['client'];
+
+if (!is_array($config['ipsec']['client']))
+ $config['ipsec']['client'] = array();
+
+$a_client = &$config['ipsec']['client'];
+
+if (count($a_client)) {
+
+ $pconfig['enable'] = $a_client['enable'];
+
+ $pconfig['user_source'] = $a_client['user_source'];
+ $pconfig['group_source'] = $a_client['group_source'];
+
+ $pconfig['pool_address'] = $a_client['pool_address'];
+ $pconfig['pool_netbits'] = $a_client['pool_netbits'];
+ $pconfig['net_list'] = $a_client['net_list'];
+ $pconfig['dns_domain'] = $a_client['dns_domain'];
+ $pconfig['dns_server1'] = $a_client['dns_server1'];
+ $pconfig['dns_server2'] = $a_client['dns_server2'];
+ $pconfig['dns_server3'] = $a_client['dns_server3'];
+ $pconfig['dns_server4'] = $a_client['dns_server4'];
+ $pconfig['wins_server1'] = $a_client['wins_server1'];
+ $pconfig['wins_server2'] = $a_client['wins_server2'];
+ $pconfig['pfs_group'] = $a_client['pfs_group'];
+ $pconfig['login_banner'] = $a_client['login_banner'];
+
+ if (isset($pconfig['enable']))
+ $pconfig['enable'] = true;
+
+ if ($pconfig['pool_address']&&$pconfig['pool_netbits'])
+ $pconfig['pool_enable'] = true;
+ else
+ $pconfig['pool_netbits'] = 24;
+
+ if (isset($pconfig['net_list']))
+ $pconfig['net_list_enable'] = true;
+
+ if ($pconfig['dns_domain'])
+ $pconfig['dns_domain_enable'] = true;
+
+ if ($pconfig['dns_server1']||$pconfig['dns_server2']||$pconfig['dns_server3']||$pconfig['dns_server4'])
+ $pconfig['dns_server_enable'] = true;
+
+ if ($pconfig['wins_server1']||$pconfig['wins_server2'])
+ $pconfig['wins_server_enable'] = true;
+
+ if (isset($pconfig['pfs_group']))
+ $pconfig['pfs_group_enable'] = true;
+
+ if ($pconfig['login_banner'])
+ $pconfig['login_banner_enable'] = true;
}
-$a_ipsec = &$config['ipsec']['mobileclients'];
-
-if (count($a_ipsec) == 0) {
- /* defaults */
- $pconfig['p1mode'] = "aggressive";
- $pconfig['p1myidentt'] = "myaddress";
- $pconfig['p1ealgo'] = "3des";
- $pconfig['p1halgo'] = "sha1";
- $pconfig['p1dhgroup'] = "2";
- $pconfig['p1authentication_method'] = "pre_shared_key";
- $pconfig['p2proto'] = "esp";
- $pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael");
- $pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
- $pconfig['p2pfsgroup'] = "0";
-} else {
- $pconfig['enable'] = isset($a_ipsec['enable']);
- $pconfig['natt'] = isset($a_ipsec['natt']);
- $pconfig['p1mode'] = $a_ipsec['p1']['mode'];
-
- if (isset($a_ipsec['p1']['myident']['myaddress']))
- $pconfig['p1myidentt'] = 'myaddress';
- else if (isset($a_ipsec['p1']['myident']['address'])) {
- $pconfig['p1myidentt'] = 'address';
- $pconfig['p1myident'] = $a_ipsec['p1']['myident']['address'];
- } else if (isset($a_ipsec['p1']['myident']['fqdn'])) {
- $pconfig['p1myidentt'] = 'fqdn';
- $pconfig['p1myident'] = $a_ipsec['p1']['myident']['fqdn'];
- } else if (isset($a_ipsec['p1']['myident']['ufqdn'])) {
- $pconfig['p1myidentt'] = 'user_fqdn';
- $pconfig['p1myident'] = $a_ipsec['p1']['myident']['ufqdn'];
- }
-
- $pconfig['p1ealgo'] = $a_ipsec['p1']['encryption-algorithm'];
- $pconfig['p1halgo'] = $a_ipsec['p1']['hash-algorithm'];
- $pconfig['p1dhgroup'] = $a_ipsec['p1']['dhgroup'];
- $pconfig['p1lifetime'] = $a_ipsec['p1']['lifetime'];
- $pconfig['p1authentication_method'] = $a_ipsec['p1']['authentication_method'];
- $pconfig['p1cert'] = base64_decode($a_ipsec['p1']['cert']);
- $pconfig['p1privatekey'] = base64_decode($a_ipsec['p1']['private-key']);
- $pconfig['p2proto'] = $a_ipsec['p2']['protocol'];
- $pconfig['p2ealgos'] = $a_ipsec['p2']['encryption-algorithm-option'];
- $pconfig['p2halgos'] = $a_ipsec['p2']['hash-algorithm-option'];
- $pconfig['p2pfsgroup'] = $a_ipsec['p2']['pfsgroup'];
- $pconfig['p2lifetime'] = $a_ipsec['p2']['lifetime'];
+
+if ($_POST['create']) {
+ header("Location: vpn_ipsec_phase1.php?mobile=true");
+}
+
+if ($_POST['apply']) {
+ $retval = 0;
+ $retval = vpn_ipsec_configure();
+ $savemsg = get_std_save_message($retval);
+ if ($retval == 0)
+ if (file_exists($d_ipsecconfdirty_path))
+ unlink($d_ipsecconfdirty_path);
}
-if ($_POST) {
+if ($_POST['submit']) {
+
unset($input_errors);
$pconfig = $_POST;
- /* input validation */
- $reqdfields = explode(" ", "p2ealgos p2halgos");
- $reqdfieldsn = explode(",", "P2 Encryption Algorithms,P2 Hash Algorithms");
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- if ($_POST['p1authentication_method']== "rsasig") {
- if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") || !strstr($_POST['p1cert'], "END CERTIFICATE"))
- $input_errors[] = "This certificate does not appear to be valid.";
- if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY"))
- $input_errors[] = "This key does not appear to be valid.";
- }
+ /* input consolidation */
+
- if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
- $input_errors[] = "The P1 lifetime must be an integer.";
- }
- if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
- $input_errors[] = "The P2 lifetime must be an integer.";
- }
- if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) {
- $input_errors[] = "A valid IP address for 'My identifier' must be specified.";
- }
- if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
- $input_errors[] = "A valid domain name for 'My identifier' must be specified.";
+
+ /* input validation */
+
+ $reqdfields = explode(" ", "user_source group_source");
+ $reqdfieldsn = explode(",", "User Authentication Source,Group Authentication Source");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if ($pconfig['pool_enable'])
+ if (!is_ipaddr($pconfig['pool_address']))
+ $input_errors[] = "A valid IP address for 'Virtual Address Pool Network' must be specified.";
+
+ if ($pconfig['dns_domain_enable'])
+ if (!is_domain($pconfig['dns_domain']))
+ $input_errors[] = "A valid value for 'DNS Default Domain' must be specified.";
+
+ if ($pconfig['dns_server_enable']) {
+ if (!$pconfig['dns_server1'] && !$pconfig['dns_server2'] &&
+ !$pconfig['dns_server3'] && !$pconfig['dns_server4'] )
+ $input_errors[] = "At least one DNS server must be specified to enable the DNS Server option.";
+ if ($pconfig['dns_server1'] && !is_ipaddr($pconfig['dns_server1']))
+ $input_errors[] = "A valid IP address for 'DNS Server #1' must be specified.";
+ if ($pconfig['dns_server2'] && !is_ipaddr($pconfig['dns_server2']))
+ $input_errors[] = "A valid IP address for 'DNS Server #2' must be specified.";
+ if ($pconfig['dns_server3'] && !is_ipaddr($pconfig['dns_server3']))
+ $input_errors[] = "A valid IP address for 'DNS Server #3' must be specified.";
+ if ($pconfig['dns_server4'] && !is_ipaddr($pconfig['dns_server4']))
+ $input_errors[] = "A valid IP address for 'DNS Server #4' must be specified.";
}
- if ($_POST['p1myidentt'] == "user_fqdn") {
- $ufqdn = explode("@",$_POST['p1myident']);
- if (!is_domain($ufqdn[1]))
- $input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
+
+ if ($pconfig['wins_server_enable']) {
+ if (!$pconfig['wins_server1'] && !$pconfig['wins_server2'])
+ $input_errors[] = "At least one WINS server must be specified to enable the DNS Server option.";
+ if ($pconfig['wins_server1'] && !is_ipaddr($pconfig['wins_server1']))
+ $input_errors[] = "A valid IP address for 'WINS Server #1' must be specified.";
+ if ($pconfig['wins_server2'] && !is_ipaddr($pconfig['wins_server2']))
+ $input_errors[] = "A valid IP address for 'WINS Server #2' must be specified.";
}
-
- if ($_POST['p1myidentt'] == "myaddress")
- $_POST['p1myident'] = "";
+
+ if ($pconfig['login_banner_enable'])
+ if (!strlen($pconfig['login_banner']))
+ $input_errors[] = "A valid value for 'Login Banner' must be specified.";
if (!$input_errors) {
- $ipsecent = array();
- $ipsecent['enable'] = $_POST['enable'] ? true : false;
- $ipsecent['p1']['mode'] = $_POST['p1mode'];
- $ipsecent['natt'] = $_POST['natt'] ? true : false;
+ $client = array();
- $ipsecent['p1']['myident'] = array();
- switch ($_POST['p1myidentt']) {
- case 'myaddress':
- $ipsecent['p1']['myident']['myaddress'] = true;
- break;
- case 'address':
- $ipsecent['p1']['myident']['address'] = $_POST['p1myident'];
- break;
- case 'fqdn':
- $ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
- break;
- case 'user_fqdn':
- $ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
- break;
+ if ($pconfig['enable'])
+ $client['enable'] = true;
+
+ $client['user_source'] = $pconfig['user_source'];
+ $client['group_source'] = $pconfig['group_source'];
+
+ if ($pconfig['pool_enable']) {
+ $client['pool_address'] = $pconfig['pool_address'];
+ $client['pool_netbits'] = $pconfig['pool_netbits'];
}
-
- $ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
- $ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
- $ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
- $ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
- $ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']);
- $ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']);
- $ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method'];
- $ipsecent['p2']['protocol'] = $_POST['p2proto'];
- $ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
- $ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
- $ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
- $ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
-
- $a_ipsec = $ipsecent;
+
+ if ($pconfig['net_list_enable'])
+ $client['net_list'] = true;
+
+ if ($pconfig['dns_domain_enable'])
+ $client['dns_domain'] = $pconfig['dns_domain'];
+
+ if ($pconfig['dns_server_enable']) {
+ $client['dns_server1'] = $pconfig['dns_server1'];
+ $client['dns_server2'] = $pconfig['dns_server2'];
+ $client['dns_server3'] = $pconfig['dns_server3'];
+ $client['dns_server4'] = $pconfig['dns_server4'];
+ }
+
+ if ($pconfig['wins_server_enable']) {
+ $client['wins_server1'] = $pconfig['wins_server1'];
+ $client['wins_server2'] = $pconfig['wins_server2'];
+ }
+
+ if ($pconfig['pfs_group_enable'])
+ $client['pfs_group'] = $pconfig['pfs_group'];
+
+ if ($pconfig['login_banner_enable'])
+ $client['login_banner'] = $pconfig['login_banner'];
+
+// $echo "login banner = {$pconfig['login_banner']}";
+
+ $a_client = $client;
write_config();
touch($d_ipsecconfdirty_path);
@@ -164,235 +204,357 @@ if ($_POST) {
$pgtitle = array("VPN","IPsec","Mobile");
include("head.inc");
-
?>
+
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
+
<script language="JavaScript">
<!--
-function methodsel_change() {
- switch (document.iform.p1authentication_method.selectedIndex) {
- case 1: /* rsa */
- document.iform.p1privatekey.disabled = 0;
- document.iform.p1cert.disabled = 0;
- break;
- default: /* pre-shared */
- document.iform.p1privatekey.disabled = 1;
- document.iform.p1cert.disabled = 1;
- break;
+
+function pool_change() {
+
+ if (document.iform.pool_enable.checked) {
+ document.iform.pool_address.disabled = 0;
+ document.iform.pool_netbits.disabled = 0;
+ } else {
+ document.iform.pool_address.disabled = 1;
+ document.iform.pool_netbits.disabled = 1;
+ }
+}
+
+function dns_domain_change() {
+
+ if (document.iform.dns_domain_enable.checked)
+ document.iform.dns_domain.disabled = 0;
+ else
+ document.iform.dns_domain.disabled = 1;
+}
+
+function dns_server_change() {
+
+ if (document.iform.dns_server_enable.checked) {
+ document.iform.dns_server1.disabled = 0;
+ document.iform.dns_server2.disabled = 0;
+ document.iform.dns_server3.disabled = 0;
+ document.iform.dns_server4.disabled = 0;
+ } else {
+ document.iform.dns_server1.disabled = 1;
+ document.iform.dns_server2.disabled = 1;
+ document.iform.dns_server3.disabled = 1;
+ document.iform.dns_server4.disabled = 1;
+ }
+}
+
+function wins_server_change() {
+
+ if (document.iform.wins_server_enable.checked) {
+ document.iform.wins_server1.disabled = 0;
+ document.iform.wins_server2.disabled = 0;
+ } else {
+ document.iform.wins_server1.disabled = 1;
+ document.iform.wins_server2.disabled = 1;
}
}
+
+function pfs_group_change() {
+
+ if (document.iform.pfs_group_enable.checked)
+ document.iform.pfs_group.disabled = 0;
+ else
+ document.iform.pfs_group.disabled = 1;
+}
+
+function login_banner_change() {
+
+ if (document.iform.login_banner_enable.checked)
+ document.iform.login_banner.disabled = 0;
+ else
+ document.iform.login_banner.disabled = 1;
+}
+
//-->
</script>
-<form action="vpn_ipsec.php" method="post">
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if (file_exists($d_ipsecconfdirty_path)): ?><p>
-<?php print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
-<?php endif; ?>
-</form>
+
<form action="vpn_ipsec_mobile.php" method="post" name="iform" id="iform">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td class="tabnavtbl">
<?php
- $tab_array = array();
- $tab_array[0] = array("Tunnels", false, "vpn_ipsec.php");
- $tab_array[1] = array("Mobile clients", true, "vpn_ipsec_mobile.php");
- $tab_array[2] = array("CAs", false, "vpn_ipsec_ca.php");
- display_top_tabs($tab_array);
+ if ($savemsg)
+ print_info_box($savemsg);
+ if (file_exists($d_ipsecconfdirty_path))
+ print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect.");
+ foreach ($a_phase1 as $ph1ent)
+ if (isset($ph1ent['mobile']))
+ $ph1found = true;
+ if ($pconfig['enable'] && !$ph1found)
+ print_info_box_np("Support for IPsec Mobile clients is enabled but a Phase1 definition was not found.<br>Please click Create to define one.","create","Create Phase1");
?>
- </td></tr>
- <tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?>>
- <strong>Allow mobile clients</strong></td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="natt" type="checkbox" id="natt" value="yes" <?php if ($pconfig['natt']) echo "checked"; ?>>
- <strong>Enable NAT Traversal (NAT-T)</strong><br>
- <span class="vexpl">Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed,
- which can help with clients that are behind restrictive firewalls.</span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Phase 1 proposal
- (Authentication)</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
- <td width="78%" class="vtable">
- <select name="p1mode" class="formselect">
- <?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
- <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
- <?=htmlspecialchars($mode);?>
- </option>
- <?php endforeach; ?>
- </select> <br> <span class="vexpl">Aggressive is faster, but
- less secure.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">My identifier</td>
- <td width="78%" class="vtable">
- <select name="p1myidentt" class="formselect">
- <?php foreach ($my_identifier_list as $mode => $modename): ?>
- <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
- <?=htmlspecialchars($modename);?>
- </option>
- <?php endforeach; ?>
- </select> <input name="p1myident" type="text" class="formfld unknown" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
- <td width="78%" class="vtable">
- <select name="p1ealgo" class="formselect">
- <?php foreach ($p1_ealgos as $algo => $algoname): ?>
- <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
- <?=htmlspecialchars($algoname);?>
- </option>
- <?php endforeach; ?>
- </select> <br> <span class="vexpl">Must match the setting
- chosen on the remote side. </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
- <td width="78%" class="vtable">
- <select name="p1halgo" class="formselect">
- <?php foreach ($p1_halgos as $algo => $algoname): ?>
- <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
- <?=htmlspecialchars($algoname);?>
- </option>
- <?php endforeach; ?>
- </select> <br> <span class="vexpl">Must match the setting
- chosen on the remote side. </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">DH key group</td>
- <td width="78%" class="vtable">
- <select name="p1dhgroup" class="formselect">
- <?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
- <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
- <?=htmlspecialchars($keygroup);?>
- </option>
- <?php endforeach; ?>
- </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
- bit, 5 = 1536 bit</em><br>
- Must match the setting chosen on the remote side. </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">Lifetime</td>
- <td width="78%" class="vtable">
- <input name="p1lifetime" type="text" class="formfld unknown" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
- seconds</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Authentication method</td>
- <td width="78%" class="vtable">
- <select name="p1authentication_method" class="formselect" onChange="methodsel_change()">
- <?php foreach ($p1_authentication_methods as $method => $methodname): ?>
- <option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>>
- <?=htmlspecialchars($methodname);?>
- </option>
- <?php endforeach; ?>
- </select> <br> <span class="vexpl">Must match the setting
- chosen on the remote side. </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Certificate</td>
- <td width="78%" class="vtable">
- <textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea>
- <br>
- Paste a certificate in X.509 PEM format here.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Key</td>
- <td width="78%" class="vtable">
- <textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea>
- <br>
- Paste an RSA private key in PEM format here.</td>
- </tr>
- <tr>
- <td colspan="2" class="list" height="12"></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Phase 2 proposal
- (SA/Key Exchange)</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Protocol</td>
- <td width="78%" class="vtable">
- <select name="p2proto" class="formselect">
- <?php foreach ($p2_protos as $proto => $protoname): ?>
- <option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
- <?=htmlspecialchars($protoname);?>
- </option>
- <?php endforeach; ?>
- </select> <br> <span class="vexpl">ESP is encryption, AH is
- authentication only </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
- <td width="78%" class="vtable">
- <?php foreach ($p2_ealgos as $algo => $algoname): ?>
- <input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
- <?=htmlspecialchars($algoname);?>
- <br>
- <?php endforeach; ?>
- <br>
- Hint: use 3DES for best compatibility or if you have a hardware
- crypto accelerator card. Blowfish is usually the fastest in
- software encryption. </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
- <td width="78%" class="vtable">
- <?php foreach ($p2_halgos as $algo => $algoname): ?>
- <input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
- <?=htmlspecialchars($algoname);?>
- <br>
- <?php endforeach; ?>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">PFS key group</td>
- <td width="78%" class="vtable">
- <select name="p2pfsgroup" class="formselect">
- <?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
- <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
- <?=htmlspecialchars($keygroupname);?>
- </option>
- <?php endforeach; ?>
- </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
- bit, 5 = 1536 bit</em></span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">Lifetime</td>
- <td width="78%" class="vtable">
- <input name="p2lifetime" type="text" class="formfld unknown" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
- seconds</td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
- </td>
- </tr>
- </table>
- </div>
- </td>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <?php
+ $tab_array = array();
+ $tab_array[0] = array("Tunnels", false, "vpn_ipsec.php");
+ $tab_array[1] = array("Mobile clients", true, "vpn_ipsec_mobile.php");
+ $tab_array[2] = array("CAs", false, "vpn_ipsec_ca.php");
+ display_top_tabs($tab_array);
+ ?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">IKE Extensions</td>
+ <td width="78%" class="vtable">
+ <?php set_checked($pconfig['enable'],$chk); ?>
+ <input name="enable" type="checkbox" id="enable" value="yes" <?=$chk;?>>
+ <strong>Enable Support of Mobile Clients</strong>
+ <br>
+ </td>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">
+ Extended Authentication (Xauth)
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">User Authentication</td>
+ <td width="78%" class="vtable">
+ Source:&nbsp;&nbsp;
+ <select name="user_source" class="formselect" id="user_source">
+ <option value="system">system</option>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Group Authentication</td>
+ <td width="78%" class="vtable">
+ Source:&nbsp;&nbsp;
+ <select name="group_source" class="formselect" id="group_source">
+ <option value="system">system</option>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">
+ Client Configuration (mode-cfg)
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Virtual Address Pool</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellspacing="2" cellpadding="0">
+ <tr>
+ <td>
+ <?php set_checked($pconfig['pool_enable'],$chk); ?>
+ <input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?> onClick="pool_change()">
+ Provide a vitual IP address to clients<br>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Network:&nbsp;
+ <input name="pool_address" type="text" class="formfld unknown" id="pool_address" size="20" value="<?=$pconfig['pool_address'];?>">
+ /
+ <select name="pool_netbits" class="formselect" id="pool_netbits">
+ <?php for ($i = 32; $i >= 0; $i--): ?>
+ <option value="<?=$i;?>" <?php if ($i == $pconfig['pool_netbits']) echo "selected"; ?>>
+ <?=$i;?>
+ </option>
+ <?php endfor; ?>
+ </select>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Network List</td>
+ <td width="78%" class="vtable">
+ <?php set_checked($pconfig['net_list_enable'],$chk); ?>
+ <input name="net_list_enable" type="checkbox" id="net_list_enable" value="yes" <?=$chk;?>>
+ Provide a list of accessable networks to clients<br>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">DNS Default Domain</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellspacing="2" cellpadding="0">
+ <tr>
+ <td>
+ <?php set_checked($pconfig['dns_domain_enable'],$chk); ?>
+ <input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onClick="dns_domain_change()">
+ Provide a default domain name to clients<br>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <input name="dns_domain" type="text" class="formfld unknown" id="dns_domain" size="30" value="<?=htmlspecialchars($pconfig['dns_domain']);?>">
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">DNS Servers</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellspacing="2" cellpadding="0">
+ <tr>
+ <td>
+ <?php set_checked($pconfig['dns_server_enable'],$chk); ?>
+ <input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onClick="dns_server_change()">
+ Provide a DNS server list to clients<br>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Server #1:&nbsp;
+ <input name="dns_server1" type="text" class="formfld unknown" id="dns_server1" size="20" value="<?=$pconfig['dns_server1'];?>">
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Server #2:&nbsp;
+ <input name="dns_server2" type="text" class="formfld unknown" id="dns_server2" size="20" value="<?=$pconfig['dns_server2'];?>">
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Server #3:&nbsp;
+ <input name="dns_server3" type="text" class="formfld unknown" id="dns_server3" size="20" value="<?=$pconfig['dns_server3'];?>">
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Server #4:&nbsp;
+ <input name="dns_server4" type="text" class="formfld unknown" id="dns_server4" size="20" value="<?=$pconfig['dns_server4'];?>">
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">WINS Servers</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellspacing="2" cellpadding="0">
+ <tr>
+ <td>
+ <?php set_checked($pconfig['wins_server_enable'],$chk); ?>
+ <input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onClick="wins_server_change()">
+ Provide a WINS server list to clients<br>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Server #1:&nbsp;
+ <input name="wins_server1" type="text" class="formfld unknown" id="wins_server1" size="20" value="<?=$pconfig['wins_server1'];?>">
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Server #2:&nbsp;
+ <input name="wins_server2" type="text" class="formfld unknown" id="wins_server2" size="20" value="<?=$pconfig['wins_server2'];?>">
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Phase2 PFS Group</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellspacing="2" cellpadding="0">
+ <tr>
+ <td>
+ <?php set_checked($pconfig['pfs_group_enable'],$chk); ?>
+ <input name="pfs_group_enable" type="checkbox" id="pfs_group_enable" value="yes" <?=$chk;?> onClick="pfs_group_change()">
+ Provide the Phase2 PFS group to clients ( overrides all mobile phase2 settings )<br>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Group:&nbsp;&nbsp;
+ <select name="pfs_group" class="formselect" id="pfs_group">
+ <?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
+ <option value="<?=$keygroup;?>" <?php if ($pconfig['pfs_group'] == $keygroup) echo "selected"; ?>>
+ <?=htmlspecialchars($keygroupname);?>
+ </option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Login Banner</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellspacing="2" cellpadding="0">
+ <tr>
+ <td>
+ <?php set_checked($pconfig['login_banner_enable'],$chk); ?>
+ <input name="login_banner_enable" type="checkbox" id="login_banner_enable" value="yes" <?=$chk;?> onClick="login_banner_change()">
+ Provide a login banner to clients<br>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <?php $banner = htmlspecialchars($pconfig['login_banner']); ?>
+ <textarea name="login_banner" cols="65" rows="7" id="login_banner" class="formpre"><?=$banner;?></textarea>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="submit" type="submit" class="formbtn" value="Save">
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
</tr>
</table>
</form>
<script language="JavaScript">
-<!--
-methodsel_change();
+pool_change();
+dns_domain_change();
+dns_server_change();
+wins_server_change();
+pfs_group_change();
+login_banner_change();
//-->
</script>
<?php include("fend.inc"); ?>
</body>
</html>
+
+<?php
+
+/* local utility functions */
+
+function set_checked($var,& $chk) {
+ if($var)
+ $chk = '"checked"';
+ else
+ $chk = '';
+}
+
+?>
+
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index 0a21362..0378105 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -58,7 +58,12 @@ if (isset($p1index) && $a_phase1[$p1index])
$pconfig['interface'] = "wan";
list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
- $pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
+
+ if (isset($a_phase1[$p1index]['mobile']))
+ $pconfig['mobile'] = 'true';
+ else
+ $pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
+
$pconfig['mode'] = $a_phase1[$p1index]['mode'];
$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
$pconfig['myid_data'] = $a_phase1[$p1index]['myid_data'];
@@ -76,9 +81,13 @@ if (isset($p1index) && $a_phase1[$p1index])
$pconfig['descr'] = $a_phase1[$p1index]['descr'];
$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
- $pconfig['dpd_enable'] = $a_phase1[$p1index]['dpd_enable'];
- $pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay'];
- $pconfig['dpd_maxfail'] = $a_phase1[$p1index]['dpd_maxfail'];
+
+ if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) {
+ $pconfig['dpd_enable'] = true;
+ $pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay'];
+ $pconfig['dpd_maxfail'] = $a_phase1[$p1index]['dpd_maxfail'];
+ }
+
$pconfig['pinghost'] = $a_phase1[$p1index]['pinghost'];
}
else
@@ -96,9 +105,11 @@ else
$pconfig['dhgroup'] = "2";
$pconfig['lifetime'] = "28800";
$pconfig['nat_traversal'] = "on";
- $pconfig['dpd_enable'] = 1;
- $pconfig['dpd_delay'] = 10;
- $pconfig['dpd_maxfail'] = 5;
+ $pconfig['dpd_enable'] = true;
+
+ /* mobile client */
+ if($_GET['mobile'])
+ $pconfig['mobile']=true;
}
if (isset($_GET['dup']))
@@ -109,29 +120,33 @@ if ($_POST) {
$pconfig = $_POST;
/* input validation */
- if ($_POST['authentication_method'] == "pre_shared_key") {
- $reqdfields = explode(" ", "remotegw pskey");
- $reqdfieldsn = explode(",", "Remote gateway,Pre-Shared Key");
+
+ $method = $pconfig['authentication_method'];
+ if (($method == "pre_shared_key")||($method == "xauth_psk_server")) {
+ $reqdfields = explode(" ", "pskey");
+ $reqdfieldsn = explode(",", "Pre-Shared Key");
} else {
- $reqdfields = explode(" ", "remotegw");
- $reqdfieldsn = explode(",", "Remote gateway");
- if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))
+ if (!strstr($pconfig['cert'], "BEGIN CERTIFICATE") || !strstr($pconfig['cert'], "END CERTIFICATE"))
$input_errors[] = "This certificate does not appear to be valid.";
- if (!strstr($_POST['privatekey'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['privatekey'], "END RSA PRIVATE KEY"))
+ if (!strstr($pconfig['privatekey'], "BEGIN RSA PRIVATE KEY") || !strstr($pconfig['privatekey'], "END RSA PRIVATE KEY"))
$input_errors[] = "This key does not appear to be valid.";
- if ($_POST['peercert']!="" && (!strstr($_POST['peercert'], "BEGIN CERTIFICATE") || !strstr($_POST['peercert'], "END CERTIFICATE")))
+ if ($pconfig['peercert']!="" && (!strstr($pconfig['peercert'], "BEGIN CERTIFICATE") || !strstr($pconfig['peercert'], "END CERTIFICATE")))
$input_errors[] = "This peer certificate does not appear to be valid.";
}
+ if (!$pconfig['mobile']) {
+ $reqdfields[] = "remotegw";
+ $reqdfieldsn[] = "Remote gateway";
+ }
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+ do_input_validation($pconfig, $reqdfields, $reqdfieldsn, &$input_errors);
- if (($_POST['lifetime'] && !is_numeric($_POST['lifetime'])))
+ if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
$input_errors[] = "The P1 lifetime must be an integer.";
- if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']) && !is_domain($_POST['remotegw'])))
+ if (($pconfig['remotegw'] && !is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw'])))
$input_errors[] = "A valid remote gateway address or host name must be specified.";
- if (($_POST['remotegw'] && is_ipaddr($_POST['remotegw']) && !isset($_POST['disabled']) )) {
+ if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
$t = 0;
foreach ($a_phase1 as $ph1tmp) {
if ($p1index <> $t) {
@@ -146,123 +161,134 @@ if ($_POST) {
/* My identity */
- if ($_POST['myid_type'] == "myaddress")
- $_POST['myid_data'] = "";
+ if ($pconfig['myid_type'] == "myaddress")
+ $pconfig['myid_data'] = "";
- if ($_POST['myid_type'] == "address" and $_POST['myid_data'] == "")
+ if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
$input_errors[] = gettext("Please enter an address for 'My Identifier'");
- if ($_POST['myid_type'] == "keyid tag" and $_POST['myid_data'] == "")
+ if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
- if ($_POST['myid_type'] == "fqdn" and $_POST['myid_data'] == "")
+ if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
- if ($_POST['myid_type'] == "user_fqdn" and $_POST['myid_data'] == "")
+ if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
- if ($_POST['myid_type'] == "dyn_dns" and $_POST['myid_data'] == "")
+ if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
- if ((($_POST['myid_type'] == "address") && !is_ipaddr($_POST['myid_data'])))
+ if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
$input_errors[] = "A valid IP address for 'My identifier' must be specified.";
- if ((($_POST['myid_type'] == "fqdn") && !is_domain($_POST['myid_data'])))
+ if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
- if ($_POST['myid_type'] == "fqdn")
- if (is_domain($_POST['myid_data']) == false)
+ if ($pconfig['myid_type'] == "fqdn")
+ if (is_domain($pconfig['myid_data']) == false)
$input_errors[] = "A valid FQDN for 'My identifier' must be specified.";
- if ($_POST['myid_type'] == "user_fqdn") {
- $user_fqdn = explode("@",$_POST['myid_data']);
+ if ($pconfig['myid_type'] == "user_fqdn") {
+ $user_fqdn = explode("@",$pconfig['myid_data']);
if (is_domain($user_fqdn[1]) == false)
$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
}
- if ($_POST['myid_type'] == "dyn_dns")
- if (is_domain($_POST['myid_data']) == false)
+ if ($pconfig['myid_type'] == "dyn_dns")
+ if (is_domain($pconfig['myid_data']) == false)
$input_errors[] = "A valid Dynamic DNS address for 'My identifier' must be specified.";
/* Peer identity */
- if ($_POST['peerid_type'] == "address" and $_POST['peerid_data'] == "")
+ if ($pconfig['myid_type'] == "peeraddress")
+ $pconfig['peerid_data'] = "";
+
+ if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
- if ($_POST['peerid_type'] == "keyid tag" and $_POST['peerid_data'] == "")
+ if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
- if ($_POST['peerid_type'] == "fqdn" and $_POST['peerid_data'] == "")
+ if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
- if ($_POST['peerid_type'] == "user_fqdn" and $_POST['peerid_data'] == "")
+ if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
- if ((($_POST['peerid_type'] == "address") && !is_ipaddr($_POST['peerid_data'])))
+ if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
$input_errors[] = "A valid IP address for 'Peer identifier' must be specified.";
- if ((($_POST['peerid_type'] == "fqdn") && !is_domain($_POST['peerid_data'])))
+ if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
$input_errors[] = "A valid domain name for 'Peer identifier' must be specified.";
- if ($_POST['peerid_type'] == "fqdn")
- if (is_domain($_POST['peerid_data']) == false)
+ if ($pconfig['peerid_type'] == "fqdn")
+ if (is_domain($pconfig['peerid_data']) == false)
$input_errors[] = "A valid FQDN for 'Peer identifier' must be specified.";
- if ($_POST['peerid_type'] == "user_fqdn") {
- $user_fqdn = explode("@",$_POST['peerid_data']);
+ if ($pconfig['peerid_type'] == "user_fqdn") {
+ $user_fqdn = explode("@",$pconfig['peerid_data']);
if (is_domain($user_fqdn[1]) == false)
$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.";
}
- if ($_POST['dpd_enable']) {
- if (!is_numeric($_POST['dpd_delay']))
+ if ($pconfig['dpd_enable']) {
+ if (!is_numeric($pconfig['dpd_delay']))
$input_errors[] = "A numeric value must be specified for DPD delay.";
- if (!is_numeric($_POST['dpd_maxfail']))
+ if (!is_numeric($pconfig['dpd_maxfail']))
$input_errors[] = "A numeric value must be specified for DPD retries.";
}
/* build our encryption algorithms array */
$pconfig['ealgo'] = array();
$pconfig['ealgo']['name'] = $_POST['ealgo'];
- if($_POST['ealgo_keylen'])
+ if($pconfig['ealgo_keylen'])
$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
if (!$input_errors) {
- $ph1ent['ikeid'] = $_POST['ikeid'];
- $ph1ent['disabled'] = $_POST['disabled'] ? true : false;
+ $ph1ent['ikeid'] = $pconfig['ikeid'];
+ $ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
$ph1ent['interface'] = $pconfig['interface'];
/* if the remote gateway changed and the interface is not WAN then remove route */
/* the vpn_ipsec_configure() handles adding the route */
- if ($_POST['interface'] <> "wan") {
- if($ph1ent['remote-gateway'] <> $_POST['remotegw']) {
+ if ($pconfig['interface'] <> "wan") {
+ if($ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
mwexec("/sbin/route delete -host {$ph1ent['remote-gateway']}");
}
}
- $ph1ent['remote-gateway'] = $_POST['remotegw'];
- $ph1ent['mode'] = $_POST['mode'];
- $ph1ent['myid_type'] = $_POST['myid_type'];
- $ph1ent['myid_data'] = $_POST['myid_data'];
- $ph1ent['peerid_type'] = $_POST['peerid_type'];
- $ph1ent['peerid_data'] = $_POST['peerid_data'];
+ if ($pconfig['mobile'])
+ $ph1ent['mobile'] = true;
+ else
+ $ph1ent['remote-gateway'] = $pconfig['remotegw'];
+
+ $ph1ent['mode'] = $pconfig['mode'];
+
+ $ph1ent['myid_type'] = $pconfig['myid_type'];
+ $ph1ent['myid_data'] = $pconfig['myid_data'];
+ $ph1ent['peerid_type'] = $pconfig['peerid_type'];
+ $ph1ent['peerid_data'] = $pconfig['peerid_data'];
$ph1ent['encryption-algorithm'] = $pconfig['ealgo'];
- $ph1ent['hash-algorithm'] = $_POST['halgo'];
- $ph1ent['dhgroup'] = $_POST['dhgroup'];
- $ph1ent['lifetime'] = $_POST['lifetime'];
- $ph1ent['pre-shared-key'] = $_POST['pskey'];
- $ph1ent['private-key'] = base64_encode($_POST['privatekey']);
- $ph1ent['cert'] = base64_encode($_POST['cert']);
- $ph1ent['peercert'] = base64_encode($_POST['peercert']);
- $ph1ent['authentication_method'] = $_POST['authentication_method'];
-
- $ph1ent['descr'] = $_POST['descr'];
- $ph1ent['nat_traversal'] = $_POST['nat_traversal'];
- $ph1ent['dpd_enable'] = $_POST['dpd_enable'];
- $ph1ent['dpd_delay'] = $_POST['dpd_delay'];
- $ph1ent['dpd_maxfail'] = $_POST['dpd_maxfail'];
- $ph1ent['pinghost'] = $_POST['pinghost'];
+ $ph1ent['hash-algorithm'] = $pconfig['halgo'];
+ $ph1ent['dhgroup'] = $pconfig['dhgroup'];
+ $ph1ent['lifetime'] = $pconfig['lifetime'];
+ $ph1ent['pre-shared-key'] = $pconfig['pskey'];
+ $ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
+ $ph1ent['cert'] = base64_encode($pconfig['cert']);
+ $ph1ent['peercert'] = base64_encode($pconfig['peercert']);
+ $ph1ent['authentication_method'] = $pconfig['authentication_method'];
+
+ $ph1ent['descr'] = $pconfig['descr'];
+ $ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
+
+ if (isset($pconfig['dpd_enable'])) {
+ $ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
+ $ph1ent['dpd_maxfail'] = $pconfig['dpd_maxfail'];
+ }
+
+ $ph1ent['pinghost'] = $pconfig['pinghost'];
/* generate unique phase1 ikeid */
if ($ph1ent['ikeid'] == 0) {
@@ -290,7 +316,11 @@ if ($_POST) {
}
}
-$pgtitle = array("VPN","IPsec","Edit Phase 1");
+if ($pconfig['mobile'])
+ $pgtitle = array("VPN","IPsec","Edit Phase 1", "Mobile Client");
+else
+ $pgtitle = array("VPN","IPsec","Edit Phase 1");
+
include("head.inc");
?>
@@ -299,15 +329,44 @@ include("head.inc");
<?php include("fbegin.inc"); ?>
<script language="JavaScript">
<!--
+
+function myidsel_change() {
+ index = document.iform.myid_type.selectedIndex;
+ value = document.iform.myid_type.options[index].value;
+ if (value == 'myaddress')
+ document.iform.myid_data.style.visibility = 'hidden';
+ else
+ document.iform.myid_data.style.visibility = 'visible';
+}
+
+function peeridsel_change() {
+ index = document.iform.peerid_type.selectedIndex;
+ value = document.iform.peerid_type.options[index].value;
+ if (value == 'peeraddress')
+ document.iform.peerid_data.style.visibility = 'hidden';
+ else
+ document.iform.peerid_data.style.visibility = 'visible';
+}
+
function methodsel_change() {
- switch (document.iform.authentication_method.selectedIndex) {
- case 1: /* rsa */
+ index = document.iform.authentication_method.selectedIndex;
+ value = document.iform.authentication_method.options[index].value;
+
+ switch (value) {
+ case 'hybrid_rsa_server':
+ document.iform.pskey.disabled = 1;
+ document.iform.privatekey.disabled = 0;
+ document.iform.cert.disabled = 0;
+ document.iform.peercert.disabled = 1;
+ break;
+ case 'xauth_rsa_server':
+ case 'rsasig':
document.iform.pskey.disabled = 1;
document.iform.privatekey.disabled = 0;
document.iform.cert.disabled = 0;
document.iform.peercert.disabled = 0;
break;
- default: /* pre-shared */
+ default: /* psk modes*/
document.iform.pskey.disabled = 0;
document.iform.privatekey.disabled = 1;
document.iform.cert.disabled = 1;
@@ -349,6 +408,7 @@ function ealgosel_change(bits) {
if( bits )
document.iform.ealgo_keylen.value = bits;
}
+
function dpdchkbox_change() {
if( document.iform.dpd_enable.checked ) {
document.iform.dpd_delay.disabled = 0;
@@ -357,7 +417,14 @@ function dpdchkbox_change() {
document.iform.dpd_delay.disabled = 1;
document.iform.dpd_maxfail.disabled = 1;
}
+
+ if (!document.iform.dpd_delay.value)
+ document.iform.dpd_delay.value = "10";
+
+ if (!document.iform.dpd_maxfail.value)
+ document.iform.dpd_maxfail.value = "5";
}
+
//-->
</script>
<?php if ($input_errors) print_input_errors($input_errors); ?>
@@ -394,6 +461,7 @@ function dpdchkbox_change() {
<span class="vexpl">Select the interface for the local endpoint of this phase1 entry.</span>
</td>
</tr>
+ <?php if (!$pconfig['mobile']): ?>
<tr>
<td width="22%" valign="top" class="vncellreq">Remote gateway</td>
<td width="78%" class="vtable">
@@ -402,6 +470,7 @@ function dpdchkbox_change() {
Enter the public IP address or host name of the remote gateway
</td>
</tr>
+ <?php endif; ?>
<tr>
<td width="22%" valign="top" class="vncell">Description</td>
<td width="78%" class="vtable">
@@ -436,10 +505,10 @@ function dpdchkbox_change() {
<tr>
<td width="22%" valign="top" class="vncellreq">My identifier</td>
<td width="78%" class="vtable">
- <select name="myid_type" class="formselect">
- <?php foreach ($my_identifier_list as $mode => $modename): ?>
- <option value="<?=$mode;?>" <?php if ($mode == $pconfig['myid_type']) echo "selected"; ?>>
- <?=htmlspecialchars($modename);?>
+ <select name="myid_type" class="formselect" onChange="myidsel_change()">
+ <?php foreach ($my_identifier_list as $id_type => $id_params): ?>
+ <option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['myid_type']) echo "selected"; ?>>
+ <?=htmlspecialchars($id_params['desc']);?>
</option>
<?php endforeach; ?>
</select>
@@ -449,10 +518,14 @@ function dpdchkbox_change() {
<tr>
<td width="22%" valign="top" class="vncellreq">Peer identifier</td>
<td width="78%" class="vtable">
- <select name="peerid_type" class="formselect">
- <?php foreach ($peer_identifier_list as $mode => $modename): ?>
- <option value="<?=$mode;?>" <?php if ($mode == $pconfig['peerid_type']) echo "selected"; ?>>
- <?=htmlspecialchars($modename);?>
+ <select name="peerid_type" class="formselect" onChange="peeridsel_change()">
+ <?php
+ foreach ($peer_identifier_list as $id_type => $id_params):
+ if ($pconfig['mobile'] && !$id_params['mobile'])
+ continue;
+ ?>
+ <option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected"; ?>>
+ <?=htmlspecialchars($id_params['desc']);?>
</option>
<?php endforeach; ?>
</select>
@@ -523,9 +596,13 @@ function dpdchkbox_change() {
<td width="22%" valign="top" class="vncellreq">Authentication method</td>
<td width="78%" class="vtable">
<select name="authentication_method" class="formselect" onChange="methodsel_change()">
- <?php foreach ($p1_authentication_methods as $method => $methodname): ?>
- <option value="<?=$method;?>" <?php if ($method == $pconfig['authentication_method']) echo "selected"; ?>>
- <?=htmlspecialchars($methodname);?>
+ <?php
+ foreach ($p1_authentication_methods as $method_type => $method_params):
+ if (!$pconfig['mobile'] && $method_params['mobile'])
+ continue;
+ ?>
+ <option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected"; ?>>
+ <?=htmlspecialchars($method_params['name']);?>
</option>
<?php endforeach; ?>
</select>
@@ -587,10 +664,10 @@ function dpdchkbox_change() {
<tr>
<td width="22%" valign="top" class="vncell">Dead Peer Detection</td>
<td width="78%" class="vtable">
- <input name="dpd_enable" type="checkbox" id="dpd_enable" value="yes" <?php if ($pconfig['dpd_enable']) echo "checked"; ?> onClick="dpdchkbox_change()">
+ <input name="dpd_enable" type="checkbox" id="dpd_enable" value="yes" <?php if (isset($pconfig['dpd_enable'])) echo "checked"; ?> onClick="dpdchkbox_change()">
Enable DPD<br>
<br>
- <input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=$pconfig['dpd_delay'];?>">
+ <input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=$pconfig['dpd_delay'];?>">
seconds<br>
<span class="vexpl">Delay between requesting peer acknowledgement.</span><br>
<br>
@@ -609,11 +686,14 @@ function dpdchkbox_change() {
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
- <input name="ikeid" type="hidden" value="<?=$pconfig['ikeid'];?>">
<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
<input name="p1index" type="hidden" value="<?=$p1index;?>">
<?php endif; ?>
+ <?php if ($pconfig['mobile']): ?>
+ <input name="mobile" type="hidden" value="true">
+ <?php endif; ?>
+ <input name="ikeid" type="hidden" value="<?=$pconfig['ikeid'];?>">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
</td>
</tr>
</table>
@@ -627,9 +707,13 @@ function dpdchkbox_change() {
if (is_numeric($pconfig['ealgo']['keylen']))
$keyset = $pconfig['ealgo']['keylen'];
?>
+myidsel_change();
+peeridsel_change();
methodsel_change();
ealgosel_change(<?=$keyset;?>);
dpdchkbox_change();
//-->
</script>
<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php
index 7a3c5ce..f32c567 100644
--- a/usr/local/www/vpn_ipsec_phase2.php
+++ b/usr/local/www/vpn_ipsec_phase2.php
@@ -31,6 +31,11 @@
require("guiconfig.inc");
+if (!is_array($config['ipsec']['client']))
+ $config['ipsec']['client'] = array();
+
+$a_client = &$config['ipsec']['client'];
+
if (!is_array($config['ipsec']['phase2']))
$config['ipsec']['phase2'] = array();
@@ -60,6 +65,9 @@ if (isset($p2index) && $a_phase2[$p2index])
$pconfig['halgos'] = $a_phase2[$p2index]['hash-algorithm-option'];
$pconfig['pfsgroup'] = $a_phase2[$p2index]['pfsgroup'];
$pconfig['lifetime'] = $a_phase2[$p2index]['lifetime'];
+
+ if (isset($a_phase2[$p2index]['mobile']))
+ $pconfig['mobile'] = true;
}
else
{
@@ -73,6 +81,10 @@ else
$pconfig['halgos'] = explode(",", "hmac_sha1,hmac_md5");
$pconfig['pfsgroup'] = "0";
$pconfig['lifetime'] = "3600";
+
+ /* mobile client */
+ if($_GET['mobile'])
+ $pconfig['mobile']=true;
}
if (isset($_GET['dup']))
@@ -83,41 +95,43 @@ if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
- $ealgos = pconfig_to_ealgos($pconfig);
- $localid = pconfig_to_idinfo("local",$pconfig);
- $remoteid = pconfig_to_idinfo("remote",$pconfig);
-
if (!isset( $_POST['ikeid']))
$input_errors[] = "A valid ikeid must be specified.";
/* input validation */
- $reqdfields = explode(" ", "localid_type remoteid_type halgos");
- $reqdfieldsn = explode(",", "Local network type,Remote network type,P2 Hash Algorithms");
+ $reqdfields = explode(" ", "localid_type halgos");
+ $reqdfieldsn = explode(",", "Local network type,P2 Hash Algorithms");
+ if (!isset($pconfig['mobile'])){
+ $reqdfields[] = "remoteid_type";
+ $reqdfieldsn[] = "Remote network type";
+ }
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
- switch ($_POST['localid_type']) {
+ switch ($pconfig['localid_type']) {
case "network":
- if (!$_POST['localid_netbits'] || !is_numeric($_POST['localid_netbits']))
+ if (!$pconfig['localid_netbits'] || !is_numeric($pconfig['localid_netbits']))
$input_errors[] = "A valid local network bit count must be specified..";
case "address":
- if (!$_POST['localid_address'] || !is_ipaddr($_POST['localid_address']))
+ if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address']))
$input_errors[] = "A valid local network IP address must be specified.";
break;
}
- switch ($_POST['remoteid_type']) {
+ switch ($pconfig['remoteid_type']) {
case "network":
- if (!$_POST['remoteid_netbits'] || !is_numeric($_POST['remoteid_netbits']))
+ if (!$pconfig['remoteid_netbits'] || !is_numeric($pconfig['remoteid_netbits']))
$input_errors[] = "A valid remote network bit count must be specified..";
case "address":
- if (!$_POST['remoteid_address'] || !is_ipaddr($_POST['remoteid_address']))
+ if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address']))
$input_errors[] = "A valid remote network IP address must be specified.";
break;
}
/* TODO : Validate enabled phase2's are not duplicates */
+ $ealgos = pconfig_to_ealgos($pconfig);
+
if (!count($ealgos)) {
$input_errors[] = "At least one encryption algorithm must be selected.";
}
@@ -126,16 +140,22 @@ if ($_POST) {
}
if (!$input_errors) {
- $ph2ent['ikeid'] = $_POST['ikeid'];
- $ph2ent['disabled'] = $_POST['disabled'] ? true : false;
- $ph2ent['localid'] = $localid;
- $ph2ent['remoteid'] = $remoteid;
- $ph2ent['protocol'] = $_POST['proto'];
+
+ $ph2ent['ikeid'] = $pconfig['ikeid'];
+ $ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
+
+ $ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
+ $ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
+
+ $ph2ent['protocol'] = $pconfig['proto'];
$ph2ent['encryption-algorithm-option'] = $ealgos;
- $ph2ent['hash-algorithm-option'] = $_POST['halgos'];
- $ph2ent['pfsgroup'] = $_POST['pfsgroup'];
- $ph2ent['lifetime'] = $_POST['lifetime'];
- $ph2ent['descr'] = $_POST['descr'];
+ $ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
+ $ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
+ $ph2ent['lifetime'] = $pconfig['lifetime'];
+ $ph2ent['descr'] = $pconfig['descr'];
+
+ if (isset($pconfig['mobile']))
+ $ph2ent['mobile'] = true;
if (isset($p2index) && $a_phase2[$p2index])
$a_phase2[$p2index] = $ph2ent;
@@ -150,7 +170,11 @@ if ($_POST) {
}
}
-$pgtitle = array("VPN","IPsec","Edit Phase 2");
+if ($pconfig['mobile'])
+ $pgtitle = array("VPN","IPsec","Edit Phase 2", "Mobile Client");
+else
+ $pgtitle = array("VPN","IPsec","Edit Phase 2");
+
include("head.inc");
?>
@@ -183,6 +207,17 @@ function typesel_change_local(bits) {
break;
}
}
+
+<?php if (isset($pconfig['mobile'])): ?>
+
+function typesel_change_remote(bits) {
+
+ document.iform.remoteid_address.disabled = 1;
+ document.iform.remoteid_netbits.disabled = 1;
+}
+
+<?php else: ?>
+
function typesel_change_remote(bits) {
if (!bits)
@@ -207,6 +242,9 @@ function typesel_change_remote(bits) {
break;
}
}
+
+<?php endif; ?>
+
//-->
</script>
@@ -260,6 +298,8 @@ function typesel_change_remote(bits) {
</table>
</td>
</tr>
+ <?php if (!isset($pconfig['mobile'])): ?>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Remote Network</td>
<td width="78%" class="vtable">
<table border="0" cellspacing="0" cellpadding="0">
@@ -291,6 +331,7 @@ function typesel_change_remote(bits) {
</table>
</td>
</tr>
+ <?php endif; ?>
<tr>
<td width="22%" valign="top" class="vncell">Description</td>
<td width="78%" class="vtable">
@@ -380,6 +421,7 @@ function typesel_change_remote(bits) {
<tr>
<td width="22%" valign="top" class="vncellreq">PFS key group</td>
<td width="78%" class="vtable">
+ <?php if (!isset($pconfig['mobile']) || !isset($a_client['pfs_group'])): ?>
<select name="pfsgroup" class="formselect">
<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['pfsgroup']) echo "selected"; ?>>
@@ -389,6 +431,14 @@ function typesel_change_remote(bits) {
</select>
<br>
<span class="vexpl"><em>1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit</em></span>
+ <?php else: ?>
+ <select class="formselect" disabled>
+ <option selected><?=$p2_pfskeygroups[$a_client['pfs_group']];?></option>
+ </select>
+ <input name="pfsgroup" type="hidden" value="<?=$pconfig['pfsgroup'];?>">
+ <br>
+ <span class="vexpl"><em>Set globally in mobile client options</em></span>
+ <?php endif; ?>
</td>
</tr>
<tr>
@@ -401,11 +451,15 @@ function typesel_change_remote(bits) {
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
- <input name="ikeid" type="hidden" value="<?=$pconfig['ikeid'];?>">
<?php if (isset($p2index) && $a_phase2[$p2index]): ?>
<input name="p2index" type="hidden" value="<?=$p2index;?>">
<?php endif; ?>
+ <?php if ($pconfig['mobile']): ?>
+ <input name="mobile" type="hidden" value="true">
+ <input name="remoteid_type" type="hidden" value="mobile">
+ <?php endif; ?>
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="ikeid" type="hidden" value="<?=$pconfig['ikeid'];?>">
</td>
</tr>
</table>
@@ -417,9 +471,13 @@ typesel_change_remote(<?=$pconfig['remoteid_netbits']?>);
//-->
</script>
<?php include("fend.inc"); ?>
+</body>
+</html>
<?php
+/* local utility functions */
+
function pconfig_to_ealgos(& $pconfig) {
global $p2_ealgos;
@@ -487,3 +545,4 @@ function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
}
?>
+
OpenPOWER on IntegriCloud