diff options
| author | Ermal <eri@pfsense.org> | 2014-09-12 19:31:55 +0200 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2014-09-12 19:31:55 +0200 |
| commit | 0e7aad671ebefb8151e96ec38ececc072106bdbe (patch) | |
| tree | 1568ba72792c9bf28834f6c7d540349e447535cf /usr/local | |
| parent | ac19d32a1cc974409b40e14a2a8c0d271b383178 (diff) | |
| download | pfsense-0e7aad671ebefb8151e96ec38ececc072106bdbe.zip pfsense-0e7aad671ebefb8151e96ec38ececc072106bdbe.tar.gz | |
Provide Advanced Options for controlling rekey and reauth, might be usable with iOS devices
Diffstat (limited to 'usr/local')
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 9f22a68..ed941d6 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -107,6 +107,11 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['descr'] = $a_phase1[$p1index]['descr']; $pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal']; + if (isset($a_phase1[$p1index]['reauth_enable'])) + $pconfig['reauth_enable'] = true; + if (isset($a_phase1[$p1index]['rekey_enable'])) + $pconfig['rekey_enable'] = true; + if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) { $pconfig['dpd_enable'] = true; $pconfig['dpd_delay'] = $a_phase1[$p1index]['dpd_delay']; @@ -128,6 +133,8 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['lifetime'] = "28800"; $pconfig['nat_traversal'] = "on"; $pconfig['dpd_enable'] = true; + $pconfig['rekey_enable'] = true; + $pconfig['reauth_enable'] = true; $pconfig['iketype'] = "ikev1"; /* mobile client */ @@ -352,6 +359,11 @@ if ($_POST) { $ph1ent['descr'] = $pconfig['descr']; $ph1ent['nat_traversal'] = $pconfig['nat_traversal']; + if (isset($pconfig['reauth_enable'])) + $ph1ent['reauth_enable'] = true; + if (isset($pconfig['rekey_enable'])) + $ph1ent['rekey_enable'] = true; + if (isset($pconfig['dpd_enable'])) { $ph1ent['dpd_delay'] = $pconfig['dpd_delay']; $ph1ent['dpd_maxfail'] = $pconfig['dpd_maxfail']; @@ -833,6 +845,20 @@ function dpdchkbox_change() { <td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced Options"); ?></td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Rekey");?></td> + <td width="78%" class="vtable"> + <input name="rekey_enable" type="checkbox" id="rekey_enable" value="yes" <?php if (isset($pconfig['rekey_enable'])) echo "checked=\"checked\""; ?> /> + <?=gettext("Whether a connection should be renegotiated when it is about to expire."); ?><br /> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Reauth");?></td> + <td width="78%" class="vtable"> + <input name="reauth_enable" type="checkbox" id="reauth_enable" value="yes" <?php if (isset($pconfig['reauth_enable'])) echo "checked=\"checked\""; ?> /> + <?=gettext("whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always don.."); ?><br /> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("NAT Traversal"); ?></td> <td width="78%" class="vtable"> <select name="nat_traversal" class="formselect"> |
