summaryrefslogtreecommitdiffstats
path: root/usr/local
diff options
context:
space:
mode:
authorPhil Davis <phil.davis@inf.org>2015-05-23 14:49:03 +0545
committerPhil Davis <phil.davis@inf.org>2015-05-23 14:49:03 +0545
commita1d55e814bea04d37eb92799ad55363b474085ec (patch)
treed229470312c992f35e96179af87b55a445c6af59 /usr/local
parent88cbd0049b78bd731648be68c13e08161e5e943c (diff)
downloadpfsense-a1d55e814bea04d37eb92799ad55363b474085ec.zip
pfsense-a1d55e814bea04d37eb92799ad55363b474085ec.tar.gz
Code style VPN IPsec
Diffstat (limited to 'usr/local')
-rw-r--r--usr/local/www/vpn_ipsec.php143
-rw-r--r--usr/local/www/vpn_ipsec_keys.php211
-rw-r--r--usr/local/www/vpn_ipsec_keys_edit.php145
-rw-r--r--usr/local/www/vpn_ipsec_mobile.php218
-rw-r--r--usr/local/www/vpn_ipsec_phase1.php442
-rw-r--r--usr/local/www/vpn_ipsec_phase2.php270
-rw-r--r--usr/local/www/vpn_ipsec_settings.php111
7 files changed, 890 insertions, 650 deletions
diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php
index 6ca6d32..fd400b0 100644
--- a/usr/local/www/vpn_ipsec.php
+++ b/usr/local/www/vpn_ipsec.php
@@ -45,11 +45,13 @@ require_once("shaper.inc");
require_once("ipsec.inc");
require_once("vpn.inc");
-if (!is_array($config['ipsec']['phase1']))
+if (!is_array($config['ipsec']['phase1'])) {
$config['ipsec']['phase1'] = array();
+}
-if (!is_array($config['ipsec']['phase2']))
+if (!is_array($config['ipsec']['phase2'])) {
$config['ipsec']['phase2'] = array();
+}
$a_phase1 = &$config['ipsec']['phase1'];
$a_phase2 = &$config['ipsec']['phase2'];
@@ -64,8 +66,9 @@ if ($_POST) {
filter_configure();
$savemsg = get_std_save_message($retval);
if ($retval >= 0) {
- if (is_subsystem_dirty('ipsec'))
+ if (is_subsystem_dirty('ipsec')) {
clear_subsystem_dirty('ipsec');
+ }
}
} else if ($_POST['submit']) {
$pconfig = $_POST;
@@ -81,8 +84,9 @@ if ($_POST) {
foreach ($_POST['p1entry'] as $p1entrydel) {
unset($a_phase1[$p1entrydel]);
}
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('ipsec');
+ }
}
} else if (isset($_POST['delp2_x'])) {
/* delete selected p2 entries */
@@ -90,8 +94,9 @@ if ($_POST) {
foreach ($_POST['p2entry'] as $p2entrydel) {
unset($a_phase2[$p2entrydel]);
}
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('ipsec');
+ }
}
} else {
/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
@@ -120,29 +125,35 @@ if ($_POST) {
/* copy all p1 entries < $movebtn and not selected */
for ($i = 0; $i < $movebtn; $i++) {
- if (!in_array($i, $_POST['p1entry']))
+ if (!in_array($i, $_POST['p1entry'])) {
$a_phase1_new[] = $a_phase1[$i];
+ }
}
/* copy all selected p1 entries */
for ($i = 0; $i < count($a_phase1); $i++) {
- if ($i == $movebtn)
+ if ($i == $movebtn) {
continue;
- if (in_array($i, $_POST['p1entry']))
+ }
+ if (in_array($i, $_POST['p1entry'])) {
$a_phase1_new[] = $a_phase1[$i];
+ }
}
/* copy $movebtn p1 entry */
- if ($movebtn < count($a_phase1))
+ if ($movebtn < count($a_phase1)) {
$a_phase1_new[] = $a_phase1[$movebtn];
+ }
/* copy all p1 entries > $movebtn and not selected */
for ($i = $movebtn+1; $i < count($a_phase1); $i++) {
- if (!in_array($i, $_POST['p1entry']))
+ if (!in_array($i, $_POST['p1entry'])) {
$a_phase1_new[] = $a_phase1[$i];
+ }
}
- if (count($a_phase1_new) > 0)
+ if (count($a_phase1_new) > 0) {
$a_phase1 = $a_phase1_new;
+ }
} else if (isset($movebtnp2) && is_array($_POST['p2entry']) && count($_POST['p2entry'])) {
/* move selected p2 entries before this */
@@ -150,65 +161,74 @@ if ($_POST) {
/* copy all p2 entries < $movebtnp2 and not selected */
for ($i = 0; $i < $movebtnp2; $i++) {
- if (!in_array($i, $_POST['p2entry']))
+ if (!in_array($i, $_POST['p2entry'])) {
$a_phase2_new[] = $a_phase2[$i];
+ }
}
/* copy all selected p2 entries */
for ($i = 0; $i < count($a_phase2); $i++) {
- if ($i == $movebtnp2)
+ if ($i == $movebtnp2) {
continue;
- if (in_array($i, $_POST['p2entry']))
+ }
+ if (in_array($i, $_POST['p2entry'])) {
$a_phase2_new[] = $a_phase2[$i];
+ }
}
/* copy $movebtnp2 p2 entry */
- if ($movebtnp2 < count($a_phase2))
+ if ($movebtnp2 < count($a_phase2)) {
$a_phase2_new[] = $a_phase2[$movebtnp2];
+ }
/* copy all p2 entries > $movebtnp2 and not selected */
for ($i = $movebtnp2+1; $i < count($a_phase2); $i++) {
- if (!in_array($i, $_POST['p2entry']))
+ if (!in_array($i, $_POST['p2entry'])) {
$a_phase2_new[] = $a_phase2[$i];
+ }
}
- if (count($a_phase2_new) > 0)
+ if (count($a_phase2_new) > 0) {
$a_phase2 = $a_phase2_new;
+ }
} else if (isset($togglebtn)) {
- if (isset($a_phase1[$togglebtn]['disabled']))
+ if (isset($a_phase1[$togglebtn]['disabled'])) {
unset($a_phase1[$togglebtn]['disabled']);
- else
+ } else {
$a_phase1[$togglebtn]['disabled'] = true;
-
+ }
} else if (isset($togglebtnp2)) {
- if (isset($a_phase2[$togglebtnp2]['disabled']))
+ if (isset($a_phase2[$togglebtnp2]['disabled'])) {
unset($a_phase2[$togglebtnp2]['disabled']);
- else
+ } else {
$a_phase2[$togglebtnp2]['disabled'] = true;
-
+ }
} else if (isset($delbtn)) {
/* remove static route if interface is not WAN */
- if ($a_phase1[$delbtn]['interface'] <> "wan")
+ if ($a_phase1[$delbtn]['interface'] <> "wan") {
mwexec("/sbin/route delete -host {$a_phase1[$delbtn]['remote-gateway']}");
+ }
/* remove all phase2 entries that match the ikeid */
$ikeid = $a_phase1[$delbtn]['ikeid'];
- foreach ($a_phase2 as $p2index => $ph2tmp)
+ foreach ($a_phase2 as $p2index => $ph2tmp) {
if ($ph2tmp['ikeid'] == $ikeid) {
unset($a_phase2[$p2index]);
}
-
+ }
unset($a_phase1[$delbtn]);
} else if (isset($delbtnp2)) {
unset($a_phase2[$delbtnp2]);
- } else
+ } else {
$save = 0;
+ }
if ($save === 1) {
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('ipsec');
+ }
}
}
}
@@ -225,10 +245,12 @@ include("head.inc");
<form action="vpn_ipsec.php" method="post">
<script type="text/javascript" src="/javascript/row_toggle.js"></script>
<?php
- if ($savemsg)
+ if ($savemsg) {
print_info_box($savemsg);
- if ($pconfig['enable'] && is_subsystem_dirty('ipsec'))
+ }
+ if ($pconfig['enable'] && is_subsystem_dirty('ipsec')) {
print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec">
<tr>
@@ -303,10 +325,11 @@ include("head.inc");
<td class="listlr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>">
<?=$spans;?>
<?php
- if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1")
+ if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1") {
echo "V1";
- else
+ } else {
echo "V2";
+ }
?>
<?=$spane;?>
</td>
@@ -317,38 +340,43 @@ include("head.inc");
$iflabels = get_configured_interface_with_descr();
$carplist = get_configured_carp_interface_list();
- foreach ($carplist as $cif => $carpip)
+ foreach ($carplist as $cif => $carpip) {
$iflabels[$cif] = $carpip." (".get_vip_descr($carpip).")";
+ }
$aliaslist = get_configured_ip_aliases_list();
- foreach ($aliaslist as $aliasip => $aliasif)
+ foreach ($aliaslist as $aliasip => $aliasif) {
$iflabels[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
+ }
$grouplist = return_gateway_groups_array();
foreach ($grouplist as $name => $group) {
- if($group[0]['vip'] <> "")
+ if ($group[0]['vip'] <> "") {
$vipif = $group[0]['vip'];
- else
+ } else {
$vipif = $group[0]['int'];
+ }
$iflabels[$name] = "GW Group {$name}";
}
$if = htmlspecialchars($iflabels[$ph1ent['interface']]);
- }
- else
+ } else {
$if = "WAN";
+ }
- if (!isset($ph1ent['mobile']))
+ if (!isset($ph1ent['mobile'])) {
echo $if."<br />".$ph1ent['remote-gateway'];
- else
+ } else {
echo $if."<br /><strong>" . gettext("Mobile Client") . "</strong>";
+ }
?>
<?=$spane;?>
</td>
<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>">
<?=$spans;?>
<?php
- if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1")
+ if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1") {
echo "{$ph1ent['mode']}";
+ }
?>
<?=$spane;?>
</td>
@@ -357,10 +385,11 @@ include("head.inc");
<?=$p1_ealgos[$ph1ent['encryption-algorithm']['name']]['name'];?>
<?php
if ($ph1ent['encryption-algorithm']['keylen']) {
- if ($ph1ent['encryption-algorithm']['keylen']=="auto")
+ if ($ph1ent['encryption-algorithm']['keylen']=="auto") {
echo " (" . gettext("auto") . ")";
- else
+ } else {
echo " ({$ph1ent['encryption-algorithm']['keylen']} " . gettext("bits") . ")";
+ }
}
?>
<?=$spane;?>
@@ -417,18 +446,20 @@ include("head.inc");
<td class="listt">&nbsp;</td>
<td class="listrborder" colspan="6">
<?php
- if (isset($_POST["tdph2-{$i}-visible"]))
+ if (isset($_POST["tdph2-{$i}-visible"])) {
$tdph2_visible = htmlspecialchars($_POST["tdph2-{$i}-visible"]);
- else
+ } else {
$tdph2_visible = 0;
+ }
?>
<input type="hidden" name="tdph2-<?=$i;?>-visible" id="tdph2-<?=$i;?>-visible" value="<?=$tdph2_visible?>" />
<div id="shph2but-<?=$i?>" <?php echo ($tdph2_visible == '1' ? 'style="display:none"' : '');?>>
<?php
$phase2count=0;
foreach ($a_phase2 as $ph2ent) {
- if ($ph2ent['ikeid'] != $ph1ent['ikeid'])
+ if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
continue;
+ }
$phase2count++;
}
$fr_prefix = "frp2{$i}";
@@ -438,7 +469,7 @@ include("head.inc");
</div>
<div id="tdph2-<?=$i?>" <?php echo ($tdph2_visible != '1' ? 'style="display:none"' : '');?>>
<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0" summary="phase-2 entries">
- <tr id="<?=$fr_header;?>">
+ <tr id="<?=$fr_header;?>">
<td>&nbsp;</td>
<td>&nbsp;</td>
<td class="listhdrr"><?=gettext("Mode"); ?></td>
@@ -452,8 +483,9 @@ include("head.inc");
<?php
$j = 0;
foreach ($a_phase2 as $ph2index => $ph2ent):
- if ($ph2ent['ikeid'] != $ph1ent['ikeid'])
+ if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
continue;
+ }
$fr_c = $fr_prefix . "c" . $j;
$fr_d = $fr_prefix . "d" . $j;
@@ -468,7 +500,7 @@ include("head.inc");
?>
<tr valign="top" id="<?=$fr_prefix . $j;?>" ondblclick="document.location='vpn_ipsec_phase2.php?p2index=<?=$ph2ent['uniqid'];?>'">
<td class="listt" align="center" valign="middle">
- <input type="checkbox" id="<?=$fr_c;?>" name="p2entry[]" value="<?=$ph2index;?>" onclick="fr_bgcolor('<?=$j;?>', '<?=$fr_prefix;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" />
+ <input type="checkbox" id="<?=$fr_c;?>" name="p2entry[]" value="<?=$ph2index;?>" onclick="fr_bgcolor('<?=$j;?>', '<?=$fr_prefix;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" />
</td>
<td class="listt" align="center" valign="middle">
<input name="togglep2_<?=$ph2index;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn?>.gif"
@@ -481,7 +513,7 @@ include("head.inc");
<?=$spane;?>
</td>
<?php
- if(($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == "tunnel6")):
+ if (($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == "tunnel6")):
?>
<td class="listr nowrap" id="<?=$fr_d;?>" onclick="fr_toggle('<?=$j;?>', '<?=$fr_prefix;?>')">
<?=$spans;?>
@@ -507,14 +539,16 @@ include("head.inc");
<?=$spans;?>
<?php
foreach ($ph2ent['encryption-algorithm-option'] as $k => $ph2ea) {
- if ($k)
+ if ($k) {
echo ", ";
+ }
echo $p2_ealgos[$ph2ea['name']]['name'];
if ($ph2ea['keylen']) {
- if ($ph2ea['keylen']=="auto")
+ if ($ph2ea['keylen']=="auto") {
echo " (" . gettext("auto") . ")";
- else
+ } else {
echo " ({$ph2ea['keylen']} " . gettext("bits") . ")";
+ }
}
}
?>
@@ -525,8 +559,9 @@ include("head.inc");
<?php
if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) {
foreach ($ph2ent['hash-algorithm-option'] as $k => $ph2ha) {
- if ($k)
+ if ($k) {
echo ", ";
+ }
echo $p2_halgos[$ph2ha];
}
}
diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php
index ebddcc9..8c30d6b 100644
--- a/usr/local/www/vpn_ipsec_keys.php
+++ b/usr/local/www/vpn_ipsec_keys.php
@@ -3,21 +3,21 @@
vpn_ipsec_keys.php
part of m0n0wall (http://m0n0.ch/wall)
part of pfSense
-
+
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
Copyright (C) 2013-2015 Electric Sheep Fencing, LP
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -61,8 +61,9 @@ if (isset($_POST['apply'])) {
/* reload the filter in the background */
filter_configure();
$savemsg = get_std_save_message($retval);
- if (is_subsystem_dirty('ipsec'))
+ if (is_subsystem_dirty('ipsec')) {
clear_subsystem_dirty('ipsec');
+ }
}
if ($_GET['act'] == "del") {
@@ -85,16 +86,17 @@ include("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<form action="vpn_ipsec_keys.php" method="post">
-<?php
-if ($savemsg)
+<?php
+if ($savemsg) {
print_info_box($savemsg);
-if (is_subsystem_dirty('ipsec'))
+}
+if (is_subsystem_dirty('ipsec')) {
print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));
-
+}
?>
</form>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec keys">
- <tr><td class="tabnavtbl">
+ <tr><td class="tabnavtbl">
<?php
$tab_array = array();
$tab_array[0] = array(gettext("Tunnels"), false, "vpn_ipsec.php");
@@ -103,92 +105,113 @@ if (is_subsystem_dirty('ipsec'))
$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
display_top_tabs($tab_array);
?>
- </td></tr>
- <tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
- <tr>
- <td class="listhdrr"><?=gettext("Identifier"); ?></td>
- <td class="listhdrr"><?=gettext("Type"); ?></td>
- <td class="listhdr"><?=gettext("Pre-Shared Key"); ?></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1" summary="add key">
- <tr>
- <td width="20" height="17"></td>
- <td><a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add key"); ?>" width="17" height="17" border="0" alt="add" /></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $i = 0; foreach ($userkeys as $secretent): ?>
- <tr>
- <td class="listlr gray">
- <?php
- if ($secretent['ident'] == 'allusers')
- echo gettext("ANY USER");
- else
- echo htmlspecialchars($secretent['ident']);
- ?>
- </td>
- <td class="listlr gray">
- <?php
- if (empty($secretent['type']))
- echo 'PSK';
- else
- echo htmlspecialchars($secretent['type']);
- ?>
- </td>
- <td class="listr gray">
- <?=htmlspecialchars($secretent['pre-shared-key']);?>
- </td>
- <td class="list nowrap">
- <form action="system_usermanager.php" method="post" name="form_edit_key">
- <input type="hidden" name="act" value="edit" />
- <input type="hidden" name="userid" value="<?=$secretent['id'];?>" />
- <input type="image" name="edituser[]" width="17" height="17" border="0"
- src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
- title="<?=gettext("edit");?>" />
- </form>
- &nbsp;</td>
+ </td></tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
+ <tr>
+ <td class="listhdrr"><?=gettext("Identifier"); ?></td>
+ <td class="listhdrr"><?=gettext("Type"); ?></td>
+ <td class="listhdr"><?=gettext("Pre-Shared Key"); ?></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1" summary="add key">
+ <tr>
+ <td width="20" height="17"></td>
+ <td>
+ <a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add key"); ?>" width="17" height="17" border="0" alt="add" /></a>
+ </td>
+ </tr>
+ </table>
+ </td>
</tr>
- <?php $i++; endforeach; ?>
-
- <?php $i = 0; foreach ($a_secret as $secretent): ?>
- <tr>
- <td class="listlr">
- <?=htmlspecialchars($secretent['ident']);?>
- </td>
- <td class="listlr">
- <?php
- if (empty($secretent['type']))
- echo 'PSK';
- else
- echo htmlspecialchars($secretent['type']);
- ?>
- </td>
- <td class="listr">
- <?=htmlspecialchars($secretent['pre-shared-key']);?>
- </td>
- <td class="list nowrap"><a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit key"); ?>" width="17" height="17" border="0" alt="edit" /></a>
- &nbsp;<a href="vpn_ipsec_keys.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Pre-Shared Key?"); ?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete key"); ?>" width="17" height="17" border="0" alt="delete" /></a></td>
+<?php
+ $i = 0;
+ foreach ($userkeys as $secretent):
+?>
+ <tr>
+ <td class="listlr gray">
+ <?php
+ if ($secretent['ident'] == 'allusers') {
+ echo gettext("ANY USER");
+ } else {
+ echo htmlspecialchars($secretent['ident']);
+ }
+ ?>
+ </td>
+ <td class="listlr gray">
+ <?php
+ if (empty($secretent['type'])) {
+ echo 'PSK';
+ } else {
+ echo htmlspecialchars($secretent['type']);
+ }
+ ?>
+ </td>
+ <td class="listr gray">
+ <?=htmlspecialchars($secretent['pre-shared-key']);?>
+ </td>
+ <td class="list nowrap">
+ <form action="system_usermanager.php" method="post" name="form_edit_key">
+ <input type="hidden" name="act" value="edit" />
+ <input type="hidden" name="userid" value="<?=$secretent['id'];?>" />
+ <input type="image" name="edituser[]" width="17" height="17" border="0"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ title="<?=gettext("edit");?>" />
+ </form>
+ &nbsp;
+ </td>
+ </tr>
+<?php
+ $i++;
+ endforeach;
+?>
+
+<?php
+ $i = 0;
+ foreach ($a_secret as $secretent):
+?>
+ <tr>
+ <td class="listlr">
+ <?=htmlspecialchars($secretent['ident']);?>
+ </td>
+ <td class="listlr">
+ <?php
+ if (empty($secretent['type'])) {
+ echo 'PSK';
+ } else {
+ echo htmlspecialchars($secretent['type']);
+ }
+ ?>
+ </td>
+ <td class="listr">
+ <?=htmlspecialchars($secretent['pre-shared-key']);?>
+ </td>
+ <td class="list nowrap"><a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit key"); ?>" width="17" height="17" border="0" alt="edit" /></a>
+ &nbsp;<a href="vpn_ipsec_keys.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Pre-Shared Key?"); ?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete key"); ?>" width="17" height="17" border="0" alt="delete" /></a>
+ </td>
+ </tr>
+<?php
+ $i++;
+ endforeach;
+?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1" summary="add key">
+ <tr>
+ <td width="20" height="17"></td>
+ <td>
+ <a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add key"); ?>" width="17" height="17" border="0" alt="add" /></a>
+ </td>
+ </tr>
+ </table>
+ </td>
</tr>
- <?php $i++; endforeach; ?>
- <tr>
- <td class="list" colspan="3"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1" summary="add key">
- <tr>
- <td width="20" height="17"></td>
- <td><a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add key"); ?>" width="17" height="17" border="0" alt="add" /></a></td>
- </tr>
</table>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
+ </div>
+ </td>
+ </tr>
<tr>
<td colspan="4">
<p>
diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php
index 82ab80c..6419a6b 100644
--- a/usr/local/www/vpn_ipsec_keys_edit.php
+++ b/usr/local/www/vpn_ipsec_keys_edit.php
@@ -3,21 +3,21 @@
vpn_ipsec_keys_edit.php
part of m0n0wall (http://m0n0.ch/wall)
part of pfSense
-
+
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
Copyright (C) 2013-2015 Electric Sheep Fencing, LP
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -48,10 +48,12 @@ if (!is_array($config['ipsec']['mobilekey'])) {
ipsec_mobilekey_sort();
$a_secret = &$config['ipsec']['mobilekey'];
-if (is_numericint($_GET['id']))
+if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
-if (isset($_POST['id']) && is_numericint($_POST['id']))
+}
+if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
+}
if (isset($id) && $a_secret[$id]) {
$pconfig['ident'] = $a_secret[$id]['ident'];
@@ -64,25 +66,28 @@ if ($_POST) {
foreach ($config['system']['user'] as $uid => $user) {
$userids[$user['name']] = $uid;
}
-
+
unset($input_errors);
$pconfig = $_POST;
/* input validation */
$reqdfields = explode(" ", "ident psk");
- $reqdfieldsn = array(gettext("Identifier"),gettext("Pre-Shared Key"));
-
+ $reqdfieldsn = array(gettext("Identifier"), gettext("Pre-Shared Key"));
+
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
-
- if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident']))
+
+ if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident'])) {
$input_errors[] = gettext("The identifier contains invalid characters.");
+ }
- if (array_key_exists($_POST['ident'], $userids))
+ if (array_key_exists($_POST['ident'], $userids)) {
$input_errors[] = gettext("A user with this name already exists. Add the key to the user instead.");
+ }
unset($userids);
-
- if (isset($_POST['psk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['psk']))
+
+ if (isset($_POST['psk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['psk'])) {
$input_errors[] = gettext("Pre-Shared Key contains invalid characters.");
+ }
if (!$input_errors && !(isset($id) && $a_secret[$id])) {
/* make sure there are no dupes */
@@ -95,15 +100,16 @@ if ($_POST) {
}
if (!$input_errors) {
-
- if (isset($id) && $a_secret[$id])
+
+ if (isset($id) && $a_secret[$id]) {
$secretent = $a_secret[$id];
-
+ }
+
$secretent['ident'] = $_POST['ident'];
$secretent['type'] = $_POST['type'];
$secretent['pre-shared-key'] = $_POST['psk'];
$text = "";
-
+
if (isset($id) && $a_secret[$id]) {
$a_secret[$id] = $secretent;
$text = gettext("Edited");
@@ -111,10 +117,10 @@ if ($_POST) {
$a_secret[] = $secretent;
$text = gettext("Added");
}
-
+
write_config("{$text} IPsec Pre-Shared Keys");
mark_subsystem_dirty('ipsec');
-
+
header("Location: vpn_ipsec_keys.php");
exit;
}
@@ -130,62 +136,63 @@ include("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<?php if ($input_errors) print_input_errors($input_errors); ?>
- <form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform">
- <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="vpn ipsec keys edit">
+<form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="vpn ipsec keys edit">
<tr>
<td colspan="2" valign="top" class="listtopic">Edit pre-shared secret</td>
</tr>
- <tr>
- <td valign="top" class="vncellreq"><?=gettext("Identifier"); ?></td>
- <td class="vtable">
- <?=$mandfldhtml;?><input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=htmlspecialchars($pconfig['ident']);?>" />
- <br />
-<?=gettext("This can be either an IP address, fully qualified domain name or an e-mail address"); ?>.
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Secret type"); ?></td>
- <td width="78%" class="vtable">
- <select name="type" class="formselect">
- <?php
- foreach ($ipsec_preshared_key_type as $value => $descr) {
- echo "<option value='{$value}' ";
- if ($pconfig['type'] == $value)
- echo "selected=\"selected\"";
- echo ">{$descr}</option>";
- }
- ?>
- </select>
- </td>
+ <tr>
+ <td valign="top" class="vncellreq"><?=gettext("Identifier"); ?></td>
+ <td class="vtable">
+ <?=$mandfldhtml;?><input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=htmlspecialchars($pconfig['ident']);?>" />
+ <br />
+ <?=gettext("This can be either an IP address, fully qualified domain name or an e-mail address"); ?>.
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Secret type"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="type" class="formselect">
+ <?php
+ foreach ($ipsec_preshared_key_type as $value => $descr) {
+ echo "<option value='{$value}' ";
+ if ($pconfig['type'] == $value) {
+ echo "selected=\"selected\"";
+ }
+ echo ">{$descr}</option>";
+ }
+ ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
+ <td width="78%" class="vtable">
+ <?=$mandfldhtml;?><input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>" />
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
+ <?php if (isset($id) && $a_secret[$id]): ?>
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
+ <?php endif; ?>
+ </td>
</tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
- <td width="78%" class="vtable">
- <?=$mandfldhtml;?><input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>" />
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
- <?php if (isset($id) && $a_secret[$id]): ?>
- <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
- <?php endif; ?>
- </td>
- </tr>
<tr>
<td colspan="4">
- <p>
- <span class="vexpl">
- <span class="red">
- <strong><?=gettext("Note"); ?>:<br /></strong>
- </span>
- <?=gettext("PSK for any user can be set by using an identifier of any/ANY");?>
- </span>
- </p>
+ <p>
+ <span class="vexpl">
+ <span class="red">
+ <strong><?=gettext("Note"); ?>:<br /></strong>
+ </span>
+ <?=gettext("PSK for any user can be set by using an identifier of any/ANY");?>
+ </span>
+ </p>
</td>
</tr>
- </table>
+ </table>
</form>
<?php include("fend.inc"); ?>
</body>
diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php
index 8fed8e9..86c63f5 100644
--- a/usr/local/www/vpn_ipsec_mobile.php
+++ b/usr/local/www/vpn_ipsec_mobile.php
@@ -1,21 +1,21 @@
<?php
/*
vpn_ipsec_mobile.php
-
+
Copyright (C) 2008 Shrew Soft Inc
Copyright (C) 2013-2015 Electric Sheep Fencing, LP
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -41,13 +41,15 @@ require_once("ipsec.inc");
require_once("vpn.inc");
require_once("filter.inc");
-if (!is_array($config['ipsec']['phase1']))
+if (!is_array($config['ipsec']['phase1'])) {
$config['ipsec']['phase1'] = array();
+}
$a_phase1 = &$config['ipsec']['phase1'];
-if (!is_array($config['ipsec']['client']))
+if (!is_array($config['ipsec']['client'])) {
$config['ipsec']['client'] = array();
+}
$a_client = &$config['ipsec']['client'];
@@ -73,37 +75,47 @@ if (count($a_client)) {
$pconfig['pfs_group'] = $a_client['pfs_group'];
$pconfig['login_banner'] = $a_client['login_banner'];
- if (isset($pconfig['enable']))
+ if (isset($pconfig['enable'])) {
$pconfig['enable'] = true;
+ }
- if ($pconfig['pool_address']&&$pconfig['pool_netbits'])
+ if ($pconfig['pool_address']&&$pconfig['pool_netbits']) {
$pconfig['pool_enable'] = true;
- else
+ } else {
$pconfig['pool_netbits'] = 24;
+ }
- if (isset($pconfig['net_list']))
+ if (isset($pconfig['net_list'])) {
$pconfig['net_list_enable'] = true;
+ }
- if (isset($pconfig['save_passwd']))
+ if (isset($pconfig['save_passwd'])) {
$pconfig['save_passwd_enable'] = true;
+ }
- if ($pconfig['dns_domain'])
+ if ($pconfig['dns_domain']) {
$pconfig['dns_domain_enable'] = true;
+ }
- if ($pconfig['dns_split'])
+ if ($pconfig['dns_split']) {
$pconfig['dns_split_enable'] = true;
+ }
- if ($pconfig['dns_server1']||$pconfig['dns_server2']||$pconfig['dns_server3']||$pconfig['dns_server4'])
+ if ($pconfig['dns_server1']||$pconfig['dns_server2']||$pconfig['dns_server3']||$pconfig['dns_server4']) {
$pconfig['dns_server_enable'] = true;
+ }
- if ($pconfig['wins_server1']||$pconfig['wins_server2'])
+ if ($pconfig['wins_server1']||$pconfig['wins_server2']) {
$pconfig['wins_server_enable'] = true;
+ }
- if (isset($pconfig['pfs_group']))
+ if (isset($pconfig['pfs_group'])) {
$pconfig['pfs_group_enable'] = true;
+ }
- if ($pconfig['login_banner'])
+ if ($pconfig['login_banner']) {
$pconfig['login_banner_enable'] = true;
+ }
}
if ($_POST['create']) {
@@ -115,9 +127,11 @@ if ($_POST['apply']) {
/* NOTE: #4353 Always restart ipsec when mobile clients settings change */
$retval = vpn_ipsec_configure(true);
$savemsg = get_std_save_message($retval);
- if ($retval >= 0)
- if (is_subsystem_dirty('ipsec'))
+ if ($retval >= 0) {
+ if (is_subsystem_dirty('ipsec')) {
clear_subsystem_dirty('ipsec');
+ }
+ }
}
if ($_POST['submit']) {
@@ -127,28 +141,28 @@ if ($_POST['submit']) {
/* input consolidation */
-
-
/* input validation */
$reqdfields = explode(" ", "user_source group_source");
- $reqdfieldsn = array(gettext("User Authentication Source"),gettext("Group Authentication Source"));
+ $reqdfieldsn = array(gettext("User Authentication Source"), gettext("Group Authentication Source"));
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
- if ($pconfig['pool_enable'])
- if (!is_ipaddr($pconfig['pool_address']))
+ if ($pconfig['pool_enable']) {
+ if (!is_ipaddr($pconfig['pool_address'])) {
$input_errors[] = gettext("A valid IP address for 'Virtual Address Pool Network' must be specified.");
-
- if ($pconfig['dns_domain_enable'])
- if (!is_domain($pconfig['dns_domain']))
+ }
+ }
+ if ($pconfig['dns_domain_enable']) {
+ if (!is_domain($pconfig['dns_domain'])) {
$input_errors[] = gettext("A valid value for 'DNS Default Domain' must be specified.");
-
+ }
+ }
if ($pconfig['dns_split_enable']) {
if (!empty($pconfig['dns_split'])) {
/* Replace multiple spaces by single */
$pconfig['dns_split'] = preg_replace('/\s+/', ' ', trim($pconfig['dns_split']));
- $domain_array=explode(' ', $pconfig['dns_split']);
+ $domain_array = explode(' ', $pconfig['dns_split']);
foreach ($domain_array as $curdomain) {
if (!is_domain($curdomain)) {
$input_errors[] = gettext("A valid split DNS domain list must be specified.");
@@ -160,39 +174,51 @@ if ($_POST['submit']) {
if ($pconfig['dns_server_enable']) {
if (!$pconfig['dns_server1'] && !$pconfig['dns_server2'] &&
- !$pconfig['dns_server3'] && !$pconfig['dns_server4'] )
+ !$pconfig['dns_server3'] && !$pconfig['dns_server4'] ) {
$input_errors[] = gettext("At least one DNS server must be specified to enable the DNS Server option.");
- if ($pconfig['dns_server1'] && !is_ipaddr($pconfig['dns_server1']))
+ }
+ if ($pconfig['dns_server1'] && !is_ipaddr($pconfig['dns_server1'])) {
$input_errors[] = gettext("A valid IP address for 'DNS Server #1' must be specified.");
- if ($pconfig['dns_server2'] && !is_ipaddr($pconfig['dns_server2']))
+ }
+ if ($pconfig['dns_server2'] && !is_ipaddr($pconfig['dns_server2'])) {
$input_errors[] = gettext("A valid IP address for 'DNS Server #2' must be specified.");
- if ($pconfig['dns_server3'] && !is_ipaddr($pconfig['dns_server3']))
+ }
+ if ($pconfig['dns_server3'] && !is_ipaddr($pconfig['dns_server3'])) {
$input_errors[] = gettext("A valid IP address for 'DNS Server #3' must be specified.");
- if ($pconfig['dns_server4'] && !is_ipaddr($pconfig['dns_server4']))
+ }
+ if ($pconfig['dns_server4'] && !is_ipaddr($pconfig['dns_server4'])) {
$input_errors[] = gettext("A valid IP address for 'DNS Server #4' must be specified.");
+ }
}
if ($pconfig['wins_server_enable']) {
- if (!$pconfig['wins_server1'] && !$pconfig['wins_server2'])
+ if (!$pconfig['wins_server1'] && !$pconfig['wins_server2']) {
$input_errors[] = gettext("At least one WINS server must be specified to enable the DNS Server option.");
- if ($pconfig['wins_server1'] && !is_ipaddr($pconfig['wins_server1']))
+ }
+ if ($pconfig['wins_server1'] && !is_ipaddr($pconfig['wins_server1'])) {
$input_errors[] = gettext("A valid IP address for 'WINS Server #1' must be specified.");
- if ($pconfig['wins_server2'] && !is_ipaddr($pconfig['wins_server2']))
+ }
+ if ($pconfig['wins_server2'] && !is_ipaddr($pconfig['wins_server2'])) {
$input_errors[] = gettext("A valid IP address for 'WINS Server #2' must be specified.");
+ }
}
- if ($pconfig['login_banner_enable'])
- if (!strlen($pconfig['login_banner']))
+ if ($pconfig['login_banner_enable']) {
+ if (!strlen($pconfig['login_banner'])) {
$input_errors[] = gettext("A valid value for 'Login Banner' must be specified.");
+ }
+ }
if (!$input_errors) {
$client = array();
-
- if ($pconfig['enable'])
+
+ if ($pconfig['enable']) {
$client['enable'] = true;
+ }
- if (!empty($pconfig['user_source']))
+ if (!empty($pconfig['user_source'])) {
$client['user_source'] = implode(",", $pconfig['user_source']);
+ }
$client['group_source'] = $pconfig['group_source'];
if ($pconfig['pool_enable']) {
@@ -200,17 +226,21 @@ if ($_POST['submit']) {
$client['pool_netbits'] = $pconfig['pool_netbits'];
}
- if ($pconfig['net_list_enable'])
+ if ($pconfig['net_list_enable']) {
$client['net_list'] = true;
+ }
- if ($pconfig['save_passwd_enable'])
+ if ($pconfig['save_passwd_enable']) {
$client['save_passwd'] = true;
+ }
- if ($pconfig['dns_domain_enable'])
+ if ($pconfig['dns_domain_enable']) {
$client['dns_domain'] = $pconfig['dns_domain'];
+ }
- if ($pconfig['dns_split_enable'])
+ if ($pconfig['dns_split_enable']) {
$client['dns_split'] = $pconfig['dns_split'];
+ }
if ($pconfig['dns_server_enable']) {
$client['dns_server1'] = $pconfig['dns_server1'];
@@ -224,23 +254,25 @@ if ($_POST['submit']) {
$client['wins_server2'] = $pconfig['wins_server2'];
}
- if ($pconfig['pfs_group_enable'])
+ if ($pconfig['pfs_group_enable']) {
$client['pfs_group'] = $pconfig['pfs_group'];
+ }
- if ($pconfig['login_banner_enable'])
+ if ($pconfig['login_banner_enable']) {
$client['login_banner'] = $pconfig['login_banner'];
+ }
$a_client = $client;
-
+
write_config();
mark_subsystem_dirty('ipsec');
-
+
header("Location: vpn_ipsec_mobile.php");
exit;
}
}
-$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Mobile"));
+$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Mobile"));
$shortcut_section = "ipsec";
include("head.inc");
@@ -265,18 +297,20 @@ function pool_change() {
function dns_domain_change() {
- if (document.iform.dns_domain_enable.checked)
+ if (document.iform.dns_domain_enable.checked) {
document.iform.dns_domain.disabled = 0;
- else
+ } else {
document.iform.dns_domain.disabled = 1;
+ }
}
function dns_split_change() {
- if (document.iform.dns_split_enable.checked)
+ if (document.iform.dns_split_enable.checked) {
document.iform.dns_split.disabled = 0;
- else
+ } else {
document.iform.dns_split.disabled = 1;
+ }
}
function dns_server_change() {
@@ -307,18 +341,20 @@ function wins_server_change() {
function pfs_group_change() {
- if (document.iform.pfs_group_enable.checked)
+ if (document.iform.pfs_group_enable.checked) {
document.iform.pfs_group.disabled = 0;
- else
+ } else {
document.iform.pfs_group.disabled = 1;
+ }
}
function login_banner_change() {
- if (document.iform.login_banner_enable.checked)
+ if (document.iform.login_banner_enable.checked) {
document.iform.login_banner.disabled = 0;
- else
+ } else {
document.iform.login_banner.disabled = 1;
+ }
}
//]]>
@@ -327,17 +363,23 @@ function login_banner_change() {
<form action="vpn_ipsec_mobile.php" method="post" name="iform" id="iform">
<?php
- if ($savemsg)
+ if ($savemsg) {
print_info_box($savemsg);
- if (isset($config['ipsec']['enable']) && is_subsystem_dirty('ipsec'))
+ }
+ if (isset($config['ipsec']['enable']) && is_subsystem_dirty('ipsec')) {
print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));
- foreach ($a_phase1 as $ph1ent)
- if (isset($ph1ent['mobile']))
+ }
+ foreach ($a_phase1 as $ph1ent) {
+ if (isset($ph1ent['mobile'])) {
$ph1found = true;
- if ($pconfig['enable'] && !$ph1found)
+ }
+ }
+ if ($pconfig['enable'] && !$ph1found) {
print_info_box_np(gettext("Support for IPsec Mobile clients is enabled but a Phase1 definition was not found") . ".<br />" . gettext("Please click Create to define one."),gettext("create"),gettext("Create Phase1"));
- if ($input_errors)
+ }
+ if ($input_errors) {
print_input_errors($input_errors);
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec mobile">
@@ -353,7 +395,7 @@ function login_banner_change() {
?>
</td>
</tr>
- <tr>
+ <tr>
<td id="mainarea">
<div class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
@@ -363,7 +405,7 @@ function login_banner_change() {
<table border="0" cellspacing="2" cellpadding="0" summary="ike extensions">
<tr>
<td>
- <?php set_checked($pconfig['enable'],$chk); ?>
+ <?php set_checked($pconfig['enable'], $chk); ?>
<input name="enable" type="checkbox" id="enable" value="yes" <?=$chk;?> />
</td>
<td>
@@ -391,8 +433,9 @@ function login_banner_change() {
$auth_servers = auth_get_authserver_list();
foreach ($auth_servers as $auth_server) {
$selected = "";
- if (in_array($auth_server['name'], $authmodes))
+ if (in_array($auth_server['name'], $authmodes)) {
$selected = "selected=\"selected\"";
+ }
echo "<option value='{$auth_server['name']}' {$selected}>{$auth_server['name']}</option>\n";
}
?>
@@ -412,18 +455,18 @@ function login_banner_change() {
<tr>
<td colspan="2" class="list" height="12"></td>
</tr>
- <tr>
+ <tr>
<td colspan="2" valign="top" class="listtopic">
<?=gettext("Client Configuration (mode-cfg)"); ?>
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Virtual Address Pool"); ?></td>
<td width="78%" class="vtable">
<table border="0" cellspacing="2" cellpadding="0" summary="enable pool">
<tr>
<td>
- <?php set_checked($pconfig['pool_enable'],$chk); ?>
+ <?php set_checked($pconfig['pool_enable'], $chk); ?>
<input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?> onclick="pool_change()" />
</td>
<td>
@@ -455,7 +498,7 @@ function login_banner_change() {
<table border="0" cellspacing="2" cellpadding="0" summary="network list">
<tr>
<td>
- <?php set_checked($pconfig['net_list_enable'],$chk); ?>
+ <?php set_checked($pconfig['net_list_enable'], $chk); ?>
<input name="net_list_enable" type="checkbox" id="net_list_enable" value="yes" <?=$chk;?> />
</td>
<td>
@@ -471,7 +514,7 @@ function login_banner_change() {
<table border="0" cellspacing="2" cellpadding="0" summary="password">
<tr>
<td>
- <?php set_checked($pconfig['save_passwd_enable'],$chk); ?>
+ <?php set_checked($pconfig['save_passwd_enable'], $chk); ?>
<input name="save_passwd_enable" type="checkbox" id="save_passwd_enable" value="yes" <?=$chk;?> />
</td>
<td>
@@ -482,13 +525,13 @@ function login_banner_change() {
</table>
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("DNS Default Domain"); ?></td>
<td width="78%" class="vtable">
<table border="0" cellspacing="2" cellpadding="0" summary="enable dns default domain">
<tr>
<td>
- <?php set_checked($pconfig['dns_domain_enable'],$chk); ?>
+ <?php set_checked($pconfig['dns_domain_enable'], $chk); ?>
<input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onclick="dns_domain_change()" />
</td>
<td>
@@ -511,7 +554,7 @@ function login_banner_change() {
<table border="0" cellspacing="2" cellpadding="0" summary="enable split dns">
<tr>
<td>
- <?php set_checked($pconfig['dns_split_enable'],$chk); ?>
+ <?php set_checked($pconfig['dns_split_enable'], $chk); ?>
<input name="dns_split_enable" type="checkbox" id="dns_split_enable" value="yes" <?=$chk;?> onclick="dns_split_change()" />
</td>
<td>
@@ -529,13 +572,13 @@ function login_banner_change() {
</table>
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("DNS Servers"); ?></td>
<td width="78%" class="vtable">
<table border="0" cellspacing="2" cellpadding="0" summary="enable dns servers">
<tr>
<td>
- <?php set_checked($pconfig['dns_server_enable'],$chk); ?>
+ <?php set_checked($pconfig['dns_server_enable'], $chk); ?>
<input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onclick="dns_server_change()" />
</td>
<td>
@@ -571,13 +614,13 @@ function login_banner_change() {
</table>
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("WINS Servers"); ?></td>
<td width="78%" class="vtable">
<table border="0" cellspacing="2" cellpadding="0" summary="enable wins servers">
<tr>
<td>
- <?php set_checked($pconfig['wins_server_enable'],$chk); ?>
+ <?php set_checked($pconfig['wins_server_enable'], $chk); ?>
<input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onclick="wins_server_change()" />
</td>
<td>
@@ -607,7 +650,7 @@ function login_banner_change() {
<table border="0" cellspacing="2" cellpadding="0" summary="enable pfs group">
<tr>
<td>
- <?php set_checked($pconfig['pfs_group_enable'],$chk); ?>
+ <?php set_checked($pconfig['pfs_group_enable'], $chk); ?>
<input name="pfs_group_enable" type="checkbox" id="pfs_group_enable" value="yes" <?=$chk;?> onclick="pfs_group_change()" />
</td>
<td>
@@ -631,13 +674,13 @@ function login_banner_change() {
</table>
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Login Banner"); ?></td>
<td width="78%" class="vtable">
<table border="0" cellspacing="2" cellpadding="0" summary="enable login banner">
<tr>
<td>
- <?php set_checked($pconfig['login_banner_enable'],$chk); ?>
+ <?php set_checked($pconfig['login_banner_enable'], $chk); ?>
<input name="login_banner_enable" type="checkbox" id="login_banner_enable" value="yes" <?=$chk;?> onclick="login_banner_change()" />
</td>
<td>
@@ -687,10 +730,11 @@ login_banner_change();
/* local utility functions */
function set_checked($var,& $chk) {
- if($var)
+ if ($var) {
$chk = "checked=\"checked\"";
- else
+ } else {
$chk = "";
+ }
}
?>
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index 8128217..79cf671 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -44,48 +44,57 @@ require_once("ipsec.inc");
require_once("vpn.inc");
require_once("filter.inc");
-if (!is_array($config['ipsec']['phase1']))
+if (!is_array($config['ipsec']['phase1'])) {
$config['ipsec']['phase1'] = array();
+}
-if (!is_array($config['ipsec']['phase2']))
+if (!is_array($config['ipsec']['phase2'])) {
$config['ipsec']['phase2'] = array();
+}
$a_phase1 = &$config['ipsec']['phase1'];
$a_phase2 = &$config['ipsec']['phase2'];
-if (is_numericint($_GET['p1index']))
+if (is_numericint($_GET['p1index'])) {
$p1index = $_GET['p1index'];
-if (isset($_POST['p1index']) && is_numericint($_POST['p1index']))
+}
+if (isset($_POST['p1index']) && is_numericint($_POST['p1index'])) {
$p1index = $_POST['p1index'];
+}
-if (isset($_GET['dup']) && is_numericint($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
$p1index = $_GET['dup'];
+}
if (isset($p1index) && $a_phase1[$p1index]) {
// don't copy the ikeid on dup
- if (!isset($_GET['dup']) || !is_numericint($_GET['dup']))
+ if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) {
$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
+ }
$old_ph1ent = $a_phase1[$p1index];
$pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']);
- if ($a_phase1[$p1index]['interface'])
+ if ($a_phase1[$p1index]['interface']) {
$pconfig['interface'] = $a_phase1[$p1index]['interface'];
- else
+ } else {
$pconfig['interface'] = "wan";
+ }
- list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
+ list($pconfig['remotenet'], $pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
- if (isset($a_phase1[$p1index]['mobile']))
+ if (isset($a_phase1[$p1index]['mobile'])) {
$pconfig['mobile'] = 'true';
- else
+ } else {
$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
+ }
- if (empty($a_phase1[$p1index]['iketype']))
+ if (empty($a_phase1[$p1index]['iketype'])) {
$pconfig['iketype'] = "ikev1";
- else
+ } else {
$pconfig['iketype'] = $a_phase1[$p1index]['iketype'];
+ }
$pconfig['mode'] = $a_phase1[$p1index]['mode'];
$pconfig['protocol'] = $a_phase1[$p1index]['protocol'];
$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
@@ -99,7 +108,7 @@ if (isset($p1index) && $a_phase1[$p1index]) {
$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
if (($pconfig['authentication_method'] == "pre_shared_key") ||
- ($pconfig['authentication_method'] == "xauth_psk_server")) {
+ ($pconfig['authentication_method'] == "xauth_psk_server")) {
$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
} else {
$pconfig['certref'] = $a_phase1[$p1index]['certref'];
@@ -108,14 +117,17 @@ if (isset($p1index) && $a_phase1[$p1index]) {
$pconfig['descr'] = $a_phase1[$p1index]['descr'];
$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
- $pconfig['mobike'] = $a_phase1[$p1index]['mobike'];
+ $pconfig['mobike'] = $a_phase1[$p1index]['mobike'];
- if (isset($a_phase1[$p1index]['reauth_enable']))
+ if (isset($a_phase1[$p1index]['reauth_enable'])) {
$pconfig['reauth_enable'] = true;
- if (isset($a_phase1[$p1index]['rekey_enable']))
+ }
+ if (isset($a_phase1[$p1index]['rekey_enable'])) {
$pconfig['rekey_enable'] = true;
- if (isset($a_phase1[$p1index]['responderonly']))
+ }
+ if (isset($a_phase1[$p1index]['responderonly'])) {
$pconfig['responderonly'] = true;
+ }
if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) {
$pconfig['dpd_enable'] = true;
@@ -125,31 +137,33 @@ if (isset($p1index) && $a_phase1[$p1index]) {
} else {
/* defaults */
$pconfig['interface'] = "wan";
- if($config['interfaces']['lan'])
+ if ($config['interfaces']['lan']) {
$pconfig['localnet'] = "lan";
+ }
$pconfig['mode'] = "main";
$pconfig['protocol'] = "inet";
$pconfig['myid_type'] = "myaddress";
$pconfig['peerid_type'] = "peeraddress";
$pconfig['authentication_method'] = "pre_shared_key";
- $pconfig['ealgo'] = array( name => "aes" );
+ $pconfig['ealgo'] = array(name => "aes");
$pconfig['halgo'] = "sha1";
$pconfig['dhgroup'] = "2";
$pconfig['lifetime'] = "28800";
$pconfig['nat_traversal'] = 'on';
- $pconfig['mobike'] = 'off';
+ $pconfig['mobike'] = 'off';
$pconfig['dpd_enable'] = true;
$pconfig['iketype'] = "ikev1";
/* mobile client */
- if($_GET['mobile']) {
- $pconfig['mobile']=true;
- $pconfig['mode'] = "aggressive";
+ if ($_GET['mobile']) {
+ $pconfig['mobile'] = true;
+ $pconfig['mode'] = "aggressive";
}
}
-if (isset($_GET['dup']) && is_numericint($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
unset($p1index);
+}
if ($_POST) {
unset($input_errors);
@@ -158,8 +172,8 @@ if ($_POST) {
/* input validation */
$method = $pconfig['authentication_method'];
- // Unset ca and cert if not required to avaoid storing in config
- if ($method == "pre_shared_key" || $method == "xauth_psk_server"){
+ // Unset ca and cert if not required to avoid storing in config
+ if ($method == "pre_shared_key" || $method == "xauth_psk_server") {
unset($pconfig['caref']);
unset($pconfig['certref']);
}
@@ -168,22 +182,26 @@ if ($_POST) {
// For RSA methods, require the CA/Cert.
switch ($method) {
case 'eap-mschapv2':
- if ($pconfig['iketype'] != 'ikev2')
+ if ($pconfig['iketype'] != 'ikev2') {
$input_errors[] = gettext("EAP-MSChapv2 can only be used with IKEv2 type VPNs.");
+ }
break;
case "eap-tls":
- if ($pconfig['iketype'] != 'ikev2')
+ if ($pconfig['iketype'] != 'ikev2') {
$input_errors[] = gettext("EAP-TLS can only be used with IKEv2 type VPNs.");
+ }
break;
case "eap-radius":
- if ($pconfig['iketype'] != 'ikev2')
+ if ($pconfig['iketype'] != 'ikev2') {
$input_errors[] = gettext("EAP-RADIUS can only be used with IKEv2 type VPNs.");
+ }
break;
case "pre_shared_key":
// If this is a mobile PSK tunnel the user PSKs go on
// the PSK tab, not here, so skip the check.
- if ($pconfig['mobile'])
+ if ($pconfig['mobile']) {
break;
+ }
case "xauth_psk_server":
$reqdfields = explode(" ", "pskey");
$reqdfieldsn = array(gettext("Pre-Shared Key"));
@@ -193,7 +211,7 @@ if ($_POST) {
case "xauth_rsa_server":
case "rsasig":
$reqdfields = explode(" ", "caref certref");
- $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
+ $reqdfieldsn = array(gettext("Certificate Authority"), gettext("Certificate"));
break;
}
if (!$pconfig['mobile']) {
@@ -208,19 +226,21 @@ if ($_POST) {
$input_errors[] = gettext("Pre-Shared Key contains invalid characters.");
}
- if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
+ if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime']))) {
$input_errors[] = gettext("The P1 lifetime must be an integer.");
+ }
if ($pconfig['remotegw']) {
- if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw']))
+ if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw'])) {
$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
- elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet"))
+ } elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet")) {
$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6");
- elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6"))
+ } elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6")) {
$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4");
+ }
}
- if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
+ if ($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled'])) {
$t = 0;
foreach ($a_phase1 as $ph1tmp) {
if ($p1index <> $t) {
@@ -235,7 +255,7 @@ if ($_POST) {
if (is_array($a_phase2) && (count($a_phase2))) {
foreach ($a_phase2 as $phase2) {
- if($phase2['ikeid'] == $pconfig['ikeid']) {
+ if ($phase2['ikeid'] == $pconfig['ikeid']) {
if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) {
$input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4.");
break;
@@ -250,125 +270,155 @@ if ($_POST) {
/* My identity */
- if ($pconfig['myid_type'] == "myaddress")
+ if ($pconfig['myid_type'] == "myaddress") {
$pconfig['myid_data'] = "";
+ }
- if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
+ if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "") {
$input_errors[] = gettext("Please enter an address for 'My Identifier'");
+ }
- if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
+ if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "") {
$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
+ }
- if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
+ if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "") {
$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
+ }
- if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
+ if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "") {
$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
+ }
- if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
+ if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "") {
$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
+ }
- if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
+ if (($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])) {
$input_errors[] = gettext("A valid IP address for 'My identifier' must be specified.");
+ }
- if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
+ if (($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])) {
$input_errors[] = gettext("A valid domain name for 'My identifier' must be specified.");
+ }
- if ($pconfig['myid_type'] == "fqdn")
- if (is_domain($pconfig['myid_data']) == false)
+ if ($pconfig['myid_type'] == "fqdn") {
+ if (is_domain($pconfig['myid_data']) == false) {
$input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified.");
+ }
+ }
if ($pconfig['myid_type'] == "user_fqdn") {
- $user_fqdn = explode("@",$pconfig['myid_data']);
- if (is_domain($user_fqdn[1]) == false)
+ $user_fqdn = explode("@", $pconfig['myid_data']);
+ if (is_domain($user_fqdn[1]) == false) {
$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.");
+ }
}
- if ($pconfig['myid_type'] == "dyn_dns")
- if (is_domain($pconfig['myid_data']) == false)
+ if ($pconfig['myid_type'] == "dyn_dns") {
+ if (is_domain($pconfig['myid_data']) == false) {
$input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified.");
+ }
+ }
/* Peer identity */
- if ($pconfig['myid_type'] == "peeraddress")
+ if ($pconfig['myid_type'] == "peeraddress") {
$pconfig['peerid_data'] = "";
+ }
// Only enforce peer ID if we are not dealing with a pure-psk mobile config.
if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) {
- if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
+ if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "") {
$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
+ }
- if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
+ if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "") {
$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
+ }
- if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
+ if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "") {
$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
+ }
- if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
+ if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "") {
$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
+ }
- if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
+ if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data']))) {
$input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified.");
+ }
- if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
+ if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data']))) {
$input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified.");
+ }
- if ($pconfig['peerid_type'] == "fqdn")
- if (is_domain($pconfig['peerid_data']) == false)
+ if ($pconfig['peerid_type'] == "fqdn") {
+ if (is_domain($pconfig['peerid_data']) == false) {
$input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified.");
+ }
+ }
if ($pconfig['peerid_type'] == "user_fqdn") {
- $user_fqdn = explode("@",$pconfig['peerid_data']);
- if (is_domain($user_fqdn[1]) == false)
+ $user_fqdn = explode("@", $pconfig['peerid_data']);
+ if (is_domain($user_fqdn[1]) == false) {
$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.");
+ }
}
}
if ($pconfig['dpd_enable']) {
- if (!is_numeric($pconfig['dpd_delay']))
+ if (!is_numeric($pconfig['dpd_delay'])) {
$input_errors[] = gettext("A numeric value must be specified for DPD delay.");
+ }
- if (!is_numeric($pconfig['dpd_maxfail']))
+ if (!is_numeric($pconfig['dpd_maxfail'])) {
$input_errors[] = gettext("A numeric value must be specified for DPD retries.");
+ }
}
- if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2" && $pconfig['iketype'] != "auto")
+ if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2" && $pconfig['iketype'] != "auto") {
$input_errors[] = gettext("Valid arguments for IKE type is v1 or v2 or auto");
-
- if (!empty($_POST['ealgo']) && isset($config['system']['crypto_hardware'])) {
- if ($config['system']['crypto_hardware'] == "glxsb") {
- if ($_POST['ealgo'] == "aes" && $_POST['ealgo_keylen'] != "128")
- $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled.");
- }
- }
+ }
+
+ if (!empty($_POST['ealgo']) && isset($config['system']['crypto_hardware'])) {
+ if ($config['system']['crypto_hardware'] == "glxsb") {
+ if ($_POST['ealgo'] == "aes" && $_POST['ealgo_keylen'] != "128") {
+ $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled.");
+ }
+ }
+ }
/* build our encryption algorithms array */
$pconfig['ealgo'] = array();
$pconfig['ealgo']['name'] = $_POST['ealgo'];
- if($pconfig['ealgo_keylen'])
+ if ($pconfig['ealgo_keylen']) {
$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
+ }
if (!$input_errors) {
$ph1ent['ikeid'] = $pconfig['ikeid'];
$ph1ent['iketype'] = $pconfig['iketype'];
- if ($pconfig['iketype'] != 'ikev1')
+ if ($pconfig['iketype'] != 'ikev1') {
unset($ph1ent['mode']);
- else
+ } else {
$ph1ent['mode'] = $pconfig['mode'];
+ }
$ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
$ph1ent['interface'] = $pconfig['interface'];
/* if the remote gateway changed and the interface is not WAN then remove route */
/* the vpn_ipsec_configure() handles adding the route */
if ($pconfig['interface'] <> "wan") {
- if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
+ if ($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
}
}
- if ($pconfig['mobile'])
+ if ($pconfig['mobile']) {
$ph1ent['mobile'] = true;
- else
+ } else {
$ph1ent['remote-gateway'] = $pconfig['remotegw'];
+ }
$ph1ent['protocol'] = $pconfig['protocol'];
@@ -388,21 +438,24 @@ if ($_POST) {
$ph1ent['authentication_method'] = $pconfig['authentication_method'];
$ph1ent['descr'] = $pconfig['descr'];
$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
- $ph1ent['mobike'] = $pconfig['mobike'];
+ $ph1ent['mobike'] = $pconfig['mobike'];
- if (isset($pconfig['reauth_enable']))
+ if (isset($pconfig['reauth_enable'])) {
$ph1ent['reauth_enable'] = true;
- else
+ } else {
unset($ph1ent['reauth_enable']);
- if (isset($pconfig['rekey_enable']))
+ }
+ if (isset($pconfig['rekey_enable'])) {
$ph1ent['rekey_enable'] = true;
- else
+ } else {
unset($ph1ent['rekey_enable']);
+ }
- if (isset($pconfig['responderonly']))
+ if (isset($pconfig['responderonly'])) {
$ph1ent['responderonly'] = true;
- else
+ } else {
unset($ph1ent['responderonly']);
+ }
if (isset($pconfig['dpd_enable'])) {
$ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
@@ -410,13 +463,15 @@ if ($_POST) {
}
/* generate unique phase1 ikeid */
- if ($ph1ent['ikeid'] == 0)
+ if ($ph1ent['ikeid'] == 0) {
$ph1ent['ikeid'] = ipsec_ikeid_next();
+ }
- if (isset($p1index) && $a_phase1[$p1index])
+ if (isset($p1index) && $a_phase1[$p1index]) {
$a_phase1[$p1index] = $ph1ent;
- else
+ } else {
$a_phase1[] = $ph1ent;
+ }
write_config();
mark_subsystem_dirty('ipsec');
@@ -426,10 +481,11 @@ if ($_POST) {
}
}
-if ($pconfig['mobile'])
- $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client"));
-else
- $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"));
+if ($pconfig['mobile']) {
+ $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 1"), gettext("Mobile Client"));
+} else {
+ $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 1"));
+}
$shortcut_section = "ipsec";
@@ -445,35 +501,37 @@ include("head.inc");
function myidsel_change() {
index = document.iform.myid_type.selectedIndex;
value = document.iform.myid_type.options[index].value;
- if (value == 'myaddress')
- document.getElementById('myid_data').style.visibility = 'hidden';
- else
- document.getElementById('myid_data').style.visibility = 'visible';
+ if (value == 'myaddress') {
+ document.getElementById('myid_data').style.visibility = 'hidden';
+ } else {
+ document.getElementById('myid_data').style.visibility = 'visible';
+ }
}
function iketype_change() {
index = document.iform.iketype.selectedIndex;
value = document.iform.iketype.options[index].value;
if (value == 'ikev2') {
- document.getElementById('negmode').style.display= 'none';
- document.getElementById('mobike').style.display= '';
- document.getElementById('natt').style.display= 'none';
- document.getElementById('disablereauth').style.display= '';
- } else {
- document.getElementById('negmode').style.display = '';
- document.getElementById('mobike').style.display = 'none';
- document.getElementById('natt').style.display= '';
- document.getElementById('disablereauth').style.display= 'none';
- }
+ document.getElementById('negmode').style.display= 'none';
+ document.getElementById('mobike').style.display= '';
+ document.getElementById('natt').style.display= 'none';
+ document.getElementById('disablereauth').style.display= '';
+ } else {
+ document.getElementById('negmode').style.display = '';
+ document.getElementById('mobike').style.display = 'none';
+ document.getElementById('natt').style.display= '';
+ document.getElementById('disablereauth').style.display= 'none';
+ }
}
function peeridsel_change() {
index = document.iform.peerid_type.selectedIndex;
value = document.iform.peerid_type.options[index].value;
- if (value == 'peeraddress')
- document.getElementById('peerid_data').style.visibility = 'hidden';
- else
- document.getElementById('peerid_data').style.visibility = 'visible';
+ if (value == 'peeraddress') {
+ document.getElementById('peerid_data').style.visibility = 'hidden';
+ } else {
+ document.getElementById('peerid_data').style.visibility = 'visible';
+ }
}
function methodsel_change() {
@@ -481,51 +539,51 @@ function methodsel_change() {
value = document.iform.authentication_method.options[index].value;
switch (value) {
- case 'eap-mschapv2':
- case 'eap-tls':
- case 'eap-radius':
- document.getElementById('opt_psk').style.display = 'none';
- document.getElementById('opt_peerid').style.display = '';
- document.getElementById('opt_cert').style.display = '';
- document.getElementById('opt_ca').style.display = '';
- document.getElementById('opt_cert').disabled = false;
- document.getElementById('opt_ca').disabled = false;
- break;
- case 'hybrid_rsa_server':
- document.getElementById('opt_psk').style.display = 'none';
- document.getElementById('opt_peerid').style.display = '';
- document.getElementById('opt_cert').style.display = '';
- document.getElementById('opt_ca').style.display = '';
- document.getElementById('opt_cert').disabled = false;
- document.getElementById('opt_ca').disabled = false;
- break;
- case 'xauth_rsa_server':
- case 'rsasig':
- document.getElementById('opt_psk').style.display = 'none';
- document.getElementById('opt_peerid').style.display = '';
- document.getElementById('opt_cert').style.display = '';
- document.getElementById('opt_ca').style.display = '';
- document.getElementById('opt_cert').disabled = false;
- document.getElementById('opt_ca').disabled = false;
- break;
+ case 'eap-mschapv2':
+ case 'eap-tls':
+ case 'eap-radius':
+ document.getElementById('opt_psk').style.display = 'none';
+ document.getElementById('opt_peerid').style.display = '';
+ document.getElementById('opt_cert').style.display = '';
+ document.getElementById('opt_ca').style.display = '';
+ document.getElementById('opt_cert').disabled = false;
+ document.getElementById('opt_ca').disabled = false;
+ break;
+ case 'hybrid_rsa_server':
+ document.getElementById('opt_psk').style.display = 'none';
+ document.getElementById('opt_peerid').style.display = '';
+ document.getElementById('opt_cert').style.display = '';
+ document.getElementById('opt_ca').style.display = '';
+ document.getElementById('opt_cert').disabled = false;
+ document.getElementById('opt_ca').disabled = false;
+ break;
+ case 'xauth_rsa_server':
+ case 'rsasig':
+ document.getElementById('opt_psk').style.display = 'none';
+ document.getElementById('opt_peerid').style.display = '';
+ document.getElementById('opt_cert').style.display = '';
+ document.getElementById('opt_ca').style.display = '';
+ document.getElementById('opt_cert').disabled = false;
+ document.getElementById('opt_ca').disabled = false;
+ break;
<?php if ($pconfig['mobile']) { ?>
- case 'pre_shared_key':
- document.getElementById('opt_psk').style.display = 'none';
- document.getElementById('opt_peerid').style.display = 'none';
- document.getElementById('opt_cert').style.display = 'none';
- document.getElementById('opt_ca').style.display = 'none';
- document.getElementById('opt_cert').disabled = true;
- document.getElementById('opt_ca').disabled = true;
- break;
+ case 'pre_shared_key':
+ document.getElementById('opt_psk').style.display = 'none';
+ document.getElementById('opt_peerid').style.display = 'none';
+ document.getElementById('opt_cert').style.display = 'none';
+ document.getElementById('opt_ca').style.display = 'none';
+ document.getElementById('opt_cert').disabled = true;
+ document.getElementById('opt_ca').disabled = true;
+ break;
<?php } ?>
- default: /* psk modes*/
- document.getElementById('opt_psk').style.display = '';
- document.getElementById('opt_peerid').style.display = '';
- document.getElementById('opt_cert').style.display = 'none';
- document.getElementById('opt_ca').style.display = 'none';
- document.getElementById('opt_cert').disabled = true;
- document.getElementById('opt_ca').disabled = true;
- break;
+ default: /* psk modes*/
+ document.getElementById('opt_psk').style.display = '';
+ document.getElementById('opt_peerid').style.display = '';
+ document.getElementById('opt_cert').style.display = 'none';
+ document.getElementById('opt_ca').style.display = 'none';
+ document.getElementById('opt_cert').disabled = true;
+ document.getElementById('opt_ca').disabled = true;
+ break;
}
}
@@ -539,14 +597,15 @@ foreach ($p1_ealgos as $algo => $algodata) {
echo " case {$i}:\n";
echo " document.iform.ealgo_keylen.style.visibility = 'visible';\n";
echo " document.iform.ealgo_keylen.options.length = 0;\n";
- // echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
+ // echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
$key_hi = $algodata['keysel']['hi'];
$key_lo = $algodata['keysel']['lo'];
$key_step = $algodata['keysel']['step'];
- for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step)
+ for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step) {
echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n";
+ }
echo " break;\n";
} else {
echo " case {$i}:\n";
@@ -559,21 +618,25 @@ foreach ($p1_ealgos as $algo => $algodata) {
?>
}
- if( bits )
+ if (bits) {
document.iform.ealgo_keylen.value = bits;
+ }
}
function dpdchkbox_change() {
- if( document.iform.dpd_enable.checked )
+ if (document.iform.dpd_enable.checked) {
document.getElementById('opt_dpd').style.display = '';
- else
+ } else {
document.getElementById('opt_dpd').style.display = 'none';
+ }
- if (!document.iform.dpd_delay.value)
+ if (!document.iform.dpd_delay.value) {
document.iform.dpd_delay.value = "10";
+ }
- if (!document.iform.dpd_maxfail.value)
+ if (!document.iform.dpd_maxfail.value) {
document.iform.dpd_maxfail.value = "5";
+ }
}
//]]>
@@ -582,8 +645,9 @@ function dpdchkbox_change() {
<form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform">
<?php
- if ($input_errors)
+ if ($input_errors) {
print_input_errors($input_errors);
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-1">
@@ -612,8 +676,7 @@ function dpdchkbox_change() {
<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
<strong><?=gettext("Disable this phase1 entry"); ?></strong><br />
<span class="vexpl">
- <?=gettext("Set this option to disable this phase1 without " .
- "removing it from the list"); ?>.
+ <?=gettext("Set this option to disable this phase1 without removing it from the list"); ?>.
</span>
</td>
</tr>
@@ -629,7 +692,9 @@ function dpdchkbox_change() {
<?=htmlspecialchars($name);?>
</option>
<?php endforeach; ?>
- </select> <br /> <span class="vexpl"><?=gettext("Select the Internet Key Exchange protocol version to be used, IKEv1 or IKEv2"); ?>.</span>
+ </select>
+ <br />
+ <span class="vexpl"><?=gettext("Select the Internet Key Exchange protocol version to be used, IKEv1 or IKEv2"); ?>.</span>
</td>
</tr>
<tr>
@@ -644,7 +709,9 @@ function dpdchkbox_change() {
<?=htmlspecialchars($name);?>
</option>
<?php endforeach; ?>
- </select> <br /> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
+ </select>
+ <br />
+ <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
</td>
</tr>
<tr>
@@ -655,19 +722,22 @@ function dpdchkbox_change() {
$interfaces = get_configured_interface_with_descr();
$carplist = get_configured_carp_interface_list();
- foreach ($carplist as $cif => $carpip)
+ foreach ($carplist as $cif => $carpip) {
$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
+ }
$aliaslist = get_configured_ip_aliases_list();
- foreach ($aliaslist as $aliasip => $aliasif)
+ foreach ($aliaslist as $aliasip => $aliasif) {
$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
+ }
$grouplist = return_gateway_groups_array();
foreach ($grouplist as $name => $group) {
- if($group[0]['vip'] <> "")
+ if ($group[0]['vip'] <> "") {
$vipif = $group[0]['vip'];
- else
+ } else {
$vipif = $group[0]['int'];
+ }
$interfaces[$name] = "GW Group {$name}";
}
@@ -703,8 +773,7 @@ function dpdchkbox_change() {
<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
<br />
<span class="vexpl">
- <?=gettext("You may enter a description here " .
- "for your reference (not parsed)"); ?>.
+ <?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
</span>
</td>
</tr>
@@ -722,8 +791,9 @@ function dpdchkbox_change() {
<select name="authentication_method" class="formselect" onchange="methodsel_change()">
<?php
foreach ($p1_authentication_methods as $method_type => $method_params):
- if (!$pconfig['mobile'] && $method_params['mobile'])
+ if (!$pconfig['mobile'] && $method_params['mobile']) {
continue;
+ }
?>
<option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected=\"selected\""; ?>>
<?=htmlspecialchars($method_params['name']);?>
@@ -770,8 +840,9 @@ function dpdchkbox_change() {
<select name="peerid_type" class="formselect" onchange="peeridsel_change()">
<?php
foreach ($peer_identifier_list as $id_type => $id_params):
- if ($pconfig['mobile'] && !$id_params['mobile'])
+ if ($pconfig['mobile'] && !$id_params['mobile']) {
continue;
+ }
?>
<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected=\"selected\""; ?>>
<?=htmlspecialchars($id_params['desc']);?>
@@ -802,8 +873,9 @@ function dpdchkbox_change() {
<?php
foreach ($config['cert'] as $cert):
$selected = "";
- if ($pconfig['certref'] == $cert['refid'])
+ if ($pconfig['certref'] == $cert['refid']) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option>
<?php endforeach; ?>
@@ -821,8 +893,9 @@ function dpdchkbox_change() {
<?php
foreach ($config['ca'] as $ca):
$selected = "";
- if ($pconfig['caref'] == $ca['refid'])
+ if ($pconfig['caref'] == $ca['refid']) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
<?php endforeach; ?>
@@ -845,8 +918,9 @@ function dpdchkbox_change() {
<?php
foreach ($p1_ealgos as $algo => $algodata):
$selected = "";
- if ($algo == $pconfig['ealgo']['name'])
+ if ($algo == $pconfig['ealgo']['name']) {
$selected = " selected=\"selected\"";
+ }
?>
<option value="<?=$algo;?>"<?=$selected?>>
<?=htmlspecialchars($algodata['name']);?>
@@ -936,10 +1010,10 @@ function dpdchkbox_change() {
"which can help with clients that are behind restrictive firewalls"); ?>.
</span>
</td>
- </tr>
- <tr id='mobike'>
- <td width="22%" valign="top" class="vncell"><?=gettext("MOBIKE"); ?></td>
- <td width="78%" class="vtable">
+ </tr>
+ <tr id='mobike'>
+ <td width="22%" valign="top" class="vncell"><?=gettext("MOBIKE"); ?></td>
+ <td width="78%" class="vtable">
<select name="mobike" class="formselect">
<option value="on" <?php if ($pconfig['mobike'] == 'on') echo "selected=\"selected\""; ?>><?=gettext("Enable"); ?></option>
<option value="off" <?php if ($pconfig['mobike'] != 'on') echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
@@ -997,9 +1071,11 @@ function dpdchkbox_change() {
<?php
/* determine if we should init the key length */
$keyset = '';
- if (isset($pconfig['ealgo']['keylen']))
- if (is_numeric($pconfig['ealgo']['keylen']))
+ if (isset($pconfig['ealgo']['keylen'])) {
+ if (is_numeric($pconfig['ealgo']['keylen'])) {
$keyset = $pconfig['ealgo']['keylen'];
+ }
+ }
?>
myidsel_change();
peeridsel_change();
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php
index e42cc0b..b4c456a 100644
--- a/usr/local/www/vpn_ipsec_phase2.php
+++ b/usr/local/www/vpn_ipsec_phase2.php
@@ -42,27 +42,33 @@ require("guiconfig.inc");
require_once("ipsec.inc");
require_once("vpn.inc");
-if (!is_array($config['ipsec']['client']))
+if (!is_array($config['ipsec']['client'])) {
$config['ipsec']['client'] = array();
+}
$a_client = &$config['ipsec']['client'];
-if (!is_array($config['ipsec']['phase1']))
+if (!is_array($config['ipsec']['phase1'])) {
$config['ipsec']['phase1'] = array();
+}
-if (!is_array($config['ipsec']['phase2']))
+if (!is_array($config['ipsec']['phase2'])) {
$config['ipsec']['phase2'] = array();
+}
$a_phase1 = &$config['ipsec']['phase1'];
$a_phase2 = &$config['ipsec']['phase2'];
-if (!empty($_GET['p2index']))
+if (!empty($_GET['p2index'])) {
$uindex = $_GET['p2index'];
-if (!empty($_POST['uniqid']))
+}
+if (!empty($_POST['uniqid'])) {
$uindex = $_POST['uniqid'];
+}
-if (!empty($_GET['dup']))
+if (!empty($_GET['dup'])) {
$uindex = $_GET['dup'];
+}
$ph2found = false;
if (isset($uindex)) {
@@ -74,32 +80,31 @@ if (isset($uindex)) {
}
}
-if ($ph2found === true)
-{
+if ($ph2found === true) {
$pconfig['ikeid'] = $ph2['ikeid'];
$pconfig['disabled'] = isset($ph2['disabled']);
$pconfig['mode'] = $ph2['mode'];
$pconfig['descr'] = $ph2['descr'];
$pconfig['uniqid'] = $ph2['uniqid'];
- if (!empty($ph2['natlocalid']))
- idinfo_to_pconfig("natlocal",$ph2['natlocalid'],$pconfig);
- idinfo_to_pconfig("local",$ph2['localid'],$pconfig);
- idinfo_to_pconfig("remote",$ph2['remoteid'],$pconfig);
+ if (!empty($ph2['natlocalid'])) {
+ idinfo_to_pconfig("natlocal", $ph2['natlocalid'], $pconfig);
+ }
+ idinfo_to_pconfig("local", $ph2['localid'], $pconfig);
+ idinfo_to_pconfig("remote", $ph2['remoteid'], $pconfig);
$pconfig['proto'] = $ph2['protocol'];
- ealgos_to_pconfig($ph2['encryption-algorithm-option'],$pconfig);
+ ealgos_to_pconfig($ph2['encryption-algorithm-option'], $pconfig);
$pconfig['halgos'] = $ph2['hash-algorithm-option'];
$pconfig['pfsgroup'] = $ph2['pfsgroup'];
$pconfig['lifetime'] = $ph2['lifetime'];
$pconfig['pinghost'] = $ph2['pinghost'];
$pconfig['reqid'] = $ph2['reqid'];
- if (isset($ph2['mobile']))
+ if (isset($ph2['mobile'])) {
$pconfig['mobile'] = true;
-}
-else
-{
+ }
+} else {
$pconfig['ikeid'] = $_GET['ikeid'];
/* defaults */
@@ -113,8 +118,9 @@ else
$pconfig['uniqid'] = uniqid();
/* mobile client */
- if($_GET['mobile'])
+ if ($_GET['mobile']) {
$pconfig['mobile']=true;
+ }
}
unset($ph2);
@@ -130,32 +136,34 @@ if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
- if (!isset( $_POST['ikeid']))
+ if (!isset($_POST['ikeid'])) {
$input_errors[] = gettext("A valid ikeid must be specified.");
+ }
/* input validation */
$reqdfields = explode(" ", "localid_type uniqid");
$reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier"));
- if (!isset($pconfig['mobile'])){
+ if (!isset($pconfig['mobile'])) {
$reqdfields[] = "remoteid_type";
$reqdfieldsn[] = gettext("Remote network type");
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
-
- if(($pconfig['mode'] == "tunnel") || ($pconfig['mode'] == "tunnel6"))
- {
+
+ if (($pconfig['mode'] == "tunnel") || ($pconfig['mode'] == "tunnel6")) {
switch ($pconfig['localid_type']) {
case "network":
- if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) || !is_numeric($pconfig['localid_netbits']))
+ if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) || !is_numeric($pconfig['localid_netbits'])) {
$input_errors[] = gettext("A valid local network bit count must be specified.");
+ }
case "address":
- if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address']))
+ if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) {
$input_errors[] = gettext("A valid local network IP address must be specified.");
- elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel"))
+ } elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel")) {
$input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6");
- elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6"))
+ } elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6")) {
$input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4");
+ }
break;
}
/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
@@ -164,24 +172,28 @@ if ($_POST) {
$address = get_interface_ip($pconfig['localid_type']);
$netbits = get_interface_subnet($pconfig['localid_type']);
- if (empty($address) || empty($netbits))
+ if (empty($address) || empty($netbits)) {
$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
+ }
}
if (!empty($pconfig['natlocalid_address'])) {
switch ($pconfig['natlocalid_type']) {
case "network":
- if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) || !is_numeric($pconfig['natlocalid_netbits']))
+ if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) || !is_numeric($pconfig['natlocalid_netbits'])) {
$input_errors[] = gettext("A valid NAT local network bit count must be specified.");
- if ($pconfig['localid_type'] == "address")
- $input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
+ }
+ if ($pconfig['localid_type'] == "address") {
+ $input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
+ }
case "address":
- if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address']))
+ if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address'])) {
$input_errors[] = gettext("A valid NAT local network IP address must be specified.");
- elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel"))
+ } elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel")) {
$input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6");
- elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6"))
+ } elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6")) {
$input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4");
+ }
break;
}
@@ -190,29 +202,32 @@ if ($_POST) {
$address = get_interface_ip($pconfig['natlocalid_type']);
$netbits = get_interface_subnet($pconfig['natlocalid_type']);
- if (empty($address) || empty($netbits))
+ if (empty($address) || empty($netbits)) {
$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['natlocalid_type']) . " " . gettext("has no subnet.");
+ }
}
}
switch ($pconfig['remoteid_type']) {
case "network":
- if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits']))
+ if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits'])) {
$input_errors[] = gettext("A valid remote network bit count must be specified.");
+ }
case "address":
- if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address']))
+ if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address'])) {
$input_errors[] = gettext("A valid remote network IP address must be specified.");
- elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel"))
+ } elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel")) {
$input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6");
- elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6"))
+ } elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6")) {
$input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4");
+ }
break;
}
}
/* Validate enabled phase2's are not duplicates */
- if (isset($pconfig['mobile'])){
+ if (isset($pconfig['mobile'])) {
/* User is adding phase 2 for mobile phase1 */
- foreach($a_phase2 as $key => $name){
+ foreach ($a_phase2 as $key => $name) {
if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) {
/* check duplicate localids only for mobile clents */
$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
@@ -221,32 +236,40 @@ if ($_POST) {
if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
$entered_localid_data = ipsec_idinfo_to_cidr($entered, false, $pconfig['mode']);
- if ($localid_data == $entered_localid_data){
+ if ($localid_data == $entered_localid_data) {
/* adding new p2 entry */
$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
break;
}
}
}
- }else{
+ } else {
/* User is adding phase 2 for site-to-site phase1 */
$input_error = 0;
- foreach($a_phase2 as $key => $name){
+ foreach ($a_phase2 as $key => $name) {
if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid'] && $pconfig['uniqid'] != $name['uniqid']) {
/* check duplicate subnets only for given phase1 */
$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid'], false, $name['mode']);
$entered_local = array();
$entered_local['type'] = $pconfig['localid_type'];
- if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
- if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
+ if (isset($pconfig['localid_address'])) {
+ $entered_local['address'] = $pconfig['localid_address'];
+ }
+ if (isset($pconfig['localid_netbits'])) {
+ $entered_local['netbits'] = $pconfig['localid_netbits'];
+ }
$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
$entered_remote = array();
$entered_remote['type'] = $pconfig['remoteid_type'];
- if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
- if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
+ if (isset($pconfig['remoteid_address'])) {
+ $entered_remote['address'] = $pconfig['remoteid_address'];
+ }
+ if (isset($pconfig['remoteid_netbits'])) {
+ $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
+ }
$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
- if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
+ if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
/* adding new p2 entry */
$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
break;
@@ -254,21 +277,29 @@ if ($_POST) {
}
}
foreach ($a_phase1 as $phase1) {
- if($phase1['ikeid'] == $pconfig['ikeid']) {
+ if ($phase1['ikeid'] == $pconfig['ikeid']) {
/* This is the P1 for this entry, validate its remote-gateway and local interface isn't within tunnel */
$entered_local = array();
$entered_local['type'] = $pconfig['localid_type'];
- if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
- if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
+ if (isset($pconfig['localid_address'])) {
+ $entered_local['address'] = $pconfig['localid_address'];
+ }
+ if (isset($pconfig['localid_netbits'])) {
+ $entered_local['netbits'] = $pconfig['localid_netbits'];
+ }
$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
list($entered_local_network, $entered_local_mask) = explode('/', $entered_localid_data);
$entered_remote = array();
$entered_remote['type'] = $pconfig['remoteid_type'];
- if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
- if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
+ if (isset($pconfig['remoteid_address'])) {
+ $entered_remote['address'] = $pconfig['remoteid_address'];
+ }
+ if (isset($pconfig['remoteid_netbits'])) {
+ $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
+ }
$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
list($entered_remote_network, $entered_remote_mask) = explode('/', $entered_remoteid_data);
- if ($phase1['protocol'] == "inet6") {
+ if ($phase1['protocol'] == "inet6") {
$if = get_failover_interface($phase1['interface'], "inet6");
$interfaceip = get_interface_ipv6($if);
} else {
@@ -278,23 +309,23 @@ if ($_POST) {
/* skip validation for hostnames, they're subject to change anyway */
if (is_ipaddr($phase1['remote-gateway'])) {
if ($pconfig['mode'] == "tunnel") {
- if(check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) {
+ if (check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) {
$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
break;
}
} else if ($pconfig['mode'] == "tunnel6") {
- if(check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) {
+ if (check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) {
$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
break;
- }
- }
+ }
+ }
}
}
}
- }
+ }
/* For ESP protocol, handle encryption algorithms */
- if ( $pconfig['proto'] == "esp") {
+ if ($pconfig['proto'] == "esp") {
$ealgos = pconfig_to_ealgos($pconfig);
if (!count($ealgos)) {
@@ -303,8 +334,9 @@ if ($_POST) {
foreach ($ealgos as $ealgo) {
if (isset($config['system']['crypto_hardware'])) {
if ($config['system']['crypto_hardware'] == "glxsb") {
- if ($ealgo['name'] == "aes" && $ealgo['keylen'] != "128")
- $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled.");
+ if ($ealgo['name'] == "aes" && $ealgo['keylen'] != "128") {
+ $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled.");
+ }
}
}
if (empty($pconfig['halgos'])) {
@@ -315,7 +347,6 @@ if ($_POST) {
}
}
}
-
}
if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
$input_errors[] = gettext("The P2 lifetime must be an integer.");
@@ -328,37 +359,41 @@ if ($_POST) {
$ph2ent['uniqid'] = $pconfig['uniqid'];
$ph2ent['mode'] = $pconfig['mode'];
$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
- if (!isset($pconfig['reqid']))
+ if (!isset($pconfig['reqid'])) {
$ph2ent['reqid'] = ipsec_new_reqid();
- else
+ } else {
$ph2ent['reqid'] = $pconfig['reqid'];
+ }
- if(($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")){
- if (!empty($pconfig['natlocalid_address']))
- $ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal",$pconfig);
- $ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
- $ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
+ if (($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")) {
+ if (!empty($pconfig['natlocalid_address'])) {
+ $ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal", $pconfig);
+ }
+ $ph2ent['localid'] = pconfig_to_idinfo("local", $pconfig);
+ $ph2ent['remoteid'] = pconfig_to_idinfo("remote", $pconfig);
}
$ph2ent['protocol'] = $pconfig['proto'];
$ph2ent['encryption-algorithm-option'] = $ealgos;
- if (!empty($pconfig['halgos']))
+ if (!empty($pconfig['halgos'])) {
$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
- else
+ } else {
unset($ph2ent['hash-algorithm-option']);
+ }
$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
$ph2ent['lifetime'] = $pconfig['lifetime'];
$ph2ent['pinghost'] = $pconfig['pinghost'];
$ph2ent['descr'] = $pconfig['descr'];
- if (isset($pconfig['mobile']))
+ if (isset($pconfig['mobile'])) {
$ph2ent['mobile'] = true;
+ }
- if ($ph2found === true && $a_phase2[$p2index])
+ if ($ph2found === true && $a_phase2[$p2index]) {
$a_phase2[$p2index] = $ph2ent;
- else
+ } else {
$a_phase2[] = $ph2ent;
-
+ }
write_config();
mark_subsystem_dirty('ipsec');
@@ -368,13 +403,13 @@ if ($_POST) {
}
}
-if ($pconfig['mobile'])
- $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
-else
- $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
+if ($pconfig['mobile']) {
+ $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 2"), gettext("Mobile Client"));
+} else {
+ $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 2"));
+}
$shortcut_section = "ipsec";
-
include("head.inc");
?>
@@ -406,8 +441,7 @@ function typesel_change_natlocal(bits) {
if (typeof(bits) === "undefined") {
if (value === "tunnel") {
bits = 24;
- }
- else if (value === "tunnel6") {
+ } else if (value === "tunnel6") {
bits = 64;
}
}
@@ -447,8 +481,7 @@ function typesel_change_local(bits) {
if (typeof(bits) === "undefined") {
if (value === "tunnel") {
bits = 24;
- }
- else if (value === "tunnel6") {
+ } else if (value === "tunnel6") {
bits = 64;
}
}
@@ -539,8 +572,9 @@ function change_protocol() {
<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
<?php
- if ($input_errors)
+ if ($input_errors) {
print_input_errors($input_errors);
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-2">
@@ -566,8 +600,8 @@ function change_protocol() {
<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
<strong><?=gettext("Disable this phase2 entry"); ?></strong>
<br />
- <span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
- "removing it from the list"); ?>.
+ <span class="vexpl">
+ <?=gettext("Set this option to disable this phase2 entry without removing it from the list"); ?>.
</span>
</td>
</tr>
@@ -576,10 +610,11 @@ function change_protocol() {
<td width="78%" class="vtable">
<select name="mode" class="formselect" onchange="change_mode()">
<?php
- foreach($p2_modes as $name => $value):
+ foreach ($p2_modes as $name => $value):
$selected = "";
- if ($name == $pconfig['mode'])
+ if ($name == $pconfig['mode']) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
<?php endforeach; ?>
@@ -621,10 +656,12 @@ function change_protocol() {
</select>
</td>
</tr>
- <tr> <td colspan="3">
- <br />
- <?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?>
- </td></tr>
+ <tr>
+ <td colspan="3">
+ <br />
+ <?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?>
+ </td>
+ </tr>
<tr>
<td><?=gettext("Type"); ?>:&nbsp;&nbsp;</td>
<td></td>
@@ -662,7 +699,7 @@ function change_protocol() {
</tr>
<?php if (!isset($pconfig['mobile'])): ?>
-
+
<tr id="opt_remoteid">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
<td width="78%" class="vtable">
@@ -684,8 +721,8 @@ function change_protocol() {
<input name="remoteid_address" type="text" class="formfld unknown ipv4v6" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>" />
/
<select name="remoteid_netbits" class="formselect ipv4v6" id="remoteid_netbits">
- <?php for ($i = 128; $i >= 0; $i--) {
-
+ <?php for ($i = 128; $i >= 0; $i--) {
+
echo "<option value=\"{$i}\"";
if (isset($pconfig['remoteid_netbits']) && $i == $pconfig['remoteid_netbits']) echo " selected=\"selected\"";
echo ">{$i}</option>\n";
@@ -696,17 +733,16 @@ function change_protocol() {
</table>
</td>
</tr>
-
+
<?php endif; ?>
-
+
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
<td width="78%" class="vtable">
<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
<br />
<span class="vexpl">
- <?=gettext("You may enter a description here " .
- "for your reference (not parsed)"); ?>.
+ <?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
</span>
</td>
</tr>
@@ -741,8 +777,9 @@ function change_protocol() {
<?php
foreach ($p2_ealgos as $algo => $algodata):
$checked = '';
- if (is_array($pconfig['ealgos']) && in_array($algo,$pconfig['ealgos']))
+ if (is_array($pconfig['ealgos']) && in_array($algo, $pconfig['ealgos'])) {
$checked = " checked=\"checked\"";
+ }
?>
<tr>
<td>
@@ -752,7 +789,7 @@ function change_protocol() {
<?=htmlspecialchars($algodata['name']);?>
</td>
<td>
- <?php if(is_array($algodata['keysel'])): ?>
+ <?php if (is_array($algodata['keysel'])): ?>
&nbsp;&nbsp;
<select name="keylen_<?=$algo;?>" class="formselect">
<option value="auto"><?=gettext("auto"); ?></option>
@@ -762,9 +799,10 @@ function change_protocol() {
$key_step = $algodata['keysel']['step'];
for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
$selected = "";
- // if ($checked && in_array("keylen_".$algo,$pconfig))
- if ($keylen == $pconfig["keylen_".$algo])
+ // if ($checked && in_array("keylen_".$algo, $pconfig))
+ if ($keylen == $pconfig["keylen_".$algo]) {
$selected = " selected=\"selected\"";
+ }
?>
<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
<?php endfor; ?>
@@ -772,12 +810,12 @@ function change_protocol() {
<?php endif; ?>
</td>
</tr>
-
+
<?php endforeach; ?>
-
+
</table>
<br />
- <?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
+ <?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
"crypto accelerator card. Blowfish is usually the fastest in " .
"software encryption"); ?>.
</td>
@@ -881,11 +919,12 @@ function pconfig_to_ealgos(& $pconfig) {
$ealgos = array();
if (is_array($pconfig['ealgos'])) {
foreach ($p2_ealgos as $algo_name => $algo_data) {
- if (in_array($algo_name,$pconfig['ealgos'])) {
+ if (in_array($algo_name, $pconfig['ealgos'])) {
$ealg = array();
$ealg['name'] = $algo_name;
- if (is_array($algo_data['keysel']))
+ if (is_array($algo_data['keysel'])) {
$ealg['keylen'] = $_POST["keylen_".$algo_name];
+ }
$ealgos[] = $ealg;
}
}
@@ -899,8 +938,9 @@ function ealgos_to_pconfig(& $ealgos,& $pconfig) {
$pconfig['ealgos'] = array();
foreach ($ealgos as $algo_data) {
$pconfig['ealgos'][] = $algo_data['name'];
- if (isset($algo_data['keylen']))
+ if (isset($algo_data['keylen'])) {
$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
+ }
}
return $ealgos;
@@ -912,8 +952,7 @@ function pconfig_to_idinfo($prefix,& $pconfig) {
$address = $pconfig[$prefix."id_address"];
$netbits = $pconfig[$prefix."id_netbits"];
- switch( $type )
- {
+ switch ($type) {
case "address":
return array('type' => $type, 'address' => $address);
case "network":
@@ -925,8 +964,7 @@ function pconfig_to_idinfo($prefix,& $pconfig) {
function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
- switch( $idinfo['type'] )
- {
+ switch ($idinfo['type']) {
case "address":
$pconfig[$prefix."id_type"] = $idinfo['type'];
$pconfig[$prefix."id_address"] = $idinfo['address'];
diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php
index 023d202..024fe2c 100644
--- a/usr/local/www/vpn_ipsec_settings.php
+++ b/usr/local/www/vpn_ipsec_settings.php
@@ -42,8 +42,9 @@ require_once("ipsec.inc");
require_once("vpn.inc");
foreach ($ipsec_loglevels as $lkey => $ldescr) {
- if (!empty($config['ipsec']["ipsec_{$lkey}"]))
+ if (!empty($config['ipsec']["ipsec_{$lkey}"])) {
$pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"];
+ }
}
$pconfig['unityplugin'] = isset($config['ipsec']['unityplugin']);
$pconfig['makebeforebreak'] = isset($config['ipsec']['makebeforebreak']);
@@ -59,7 +60,7 @@ if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
-
+
if (!in_array($pconfig['ipsec_dmn'], array('0', '1', '2', '3', '4', '5'), true)) {
$input_errors[] = "A valid value must be specified for Daemon debug.";
}
@@ -112,79 +113,86 @@ if ($_POST) {
if (!is_numericint($pconfig['maxmss']) && $pconfig['maxmss'] <> '') {
$input_errors[] = "An integer must be specified for Maximum MSS.";
}
- if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535)
- $input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS";
+ if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535) {
+ $input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS";
+ }
}
-
+
if (!$input_errors) {
if (is_array($config['ipsec'])) {
foreach ($ipsec_loglevels as $lkey => $ldescr) {
if (empty($_POST["ipsec_{$lkey}"])) {
- if (isset($config['ipsec']["ipsec_{$lkey}"]))
+ if (isset($config['ipsec']["ipsec_{$lkey}"])) {
unset($config['ipsec']["ipsec_{$lkey}"]);
- } else
+ }
+ } else {
$config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"];
+ }
}
}
$needsrestart = false;
- if($_POST['compression'] == "yes") {
- if (!isset($config['ipsec']['compression']))
+ if ($_POST['compression'] == "yes") {
+ if (!isset($config['ipsec']['compression'])) {
$needsrestart = true;
+ }
$config['ipsec']['compression'] = true;
} elseif (isset($config['ipsec']['compression'])) {
$needsrestart = true;
unset($config['ipsec']['compression']);
}
-
- if($_POST['enableinterfacesuse'] == "yes") {
- if (!isset($config['ipsec']['enableinterfacesuse']))
+
+ if ($_POST['enableinterfacesuse'] == "yes") {
+ if (!isset($config['ipsec']['enableinterfacesuse'])) {
$needsrestart = true;
+ }
$config['ipsec']['enableinterfacesuse'] = true;
} elseif (isset($config['ipsec']['enableinterfacesuse'])) {
$needsrestart = true;
unset($config['ipsec']['enableinterfacesuse']);
}
- if($_POST['unityplugin'] == "yes") {
- if (!isset($config['ipsec']['unityplugin']))
+ if ($_POST['unityplugin'] == "yes") {
+ if (!isset($config['ipsec']['unityplugin'])) {
$needsrestart = true;
+ }
$config['ipsec']['unityplugin'] = true;
} elseif (isset($config['ipsec']['unityplugin'])) {
$needsrestart = true;
unset($config['ipsec']['unityplugin']);
}
- if($_POST['makebeforebreak'] == "yes") {
+ if ($_POST['makebeforebreak'] == "yes") {
$config['ipsec']['makebeforebreak'] = true;
} elseif (isset($config['ipsec']['makebeforebreak'])) {
unset($config['ipsec']['makebeforebreak']);
}
- if($_POST['noshuntlaninterfaces'] == "yes") {
+ if ($_POST['noshuntlaninterfaces'] == "yes") {
$config['ipsec']['noshuntlaninterfaces'] = true;
} elseif (isset($config['ipsec']['noshuntlaninterfaces'])) {
unset($config['ipsec']['noshuntlaninterfaces']);
}
- if($_POST['acceptunencryptedmainmode'] == "yes") {
- if (!isset($config['ipsec']['acceptunencryptedmainmode']))
+ if ($_POST['acceptunencryptedmainmode'] == "yes") {
+ if (!isset($config['ipsec']['acceptunencryptedmainmode'])) {
$needsrestart = true;
+ }
$config['ipsec']['acceptunencryptedmainmode'] = true;
} elseif (isset($config['ipsec']['acceptunencryptedmainmode'])) {
$needsrestart = true;
unset($config['ipsec']['acceptunencryptedmainmode']);
}
- if(!empty($_POST['uniqueids'])) {
+ if (!empty($_POST['uniqueids'])) {
$config['ipsec']['uniqueids'] = $_POST['uniqueids'];
} else {
unset($config['ipsec']['uniqueids']);
}
- if($_POST['maxmss_enable'] == "yes") {
+ if ($_POST['maxmss_enable'] == "yes") {
$config['system']['maxmss_enable'] = true;
$config['system']['maxmss'] = $_POST['maxmss'];
} else {
@@ -196,10 +204,11 @@ if ($_POST) {
$retval = 0;
$retval = filter_configure();
- if(stristr($retval, "error") <> true)
+ if (stristr($retval, "error") <> true) {
$savemsg = get_std_save_message(gettext($retval));
- else
+ } else {
$savemsg = gettext($retval);
+ }
vpn_ipsec_configure($needsrestart);
vpn_ipsec_configure_loglevels();
@@ -209,7 +218,7 @@ if ($_POST) {
}
}
-$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Settings"));
+$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Settings"));
$shortcut_section = "ipsec";
include("head.inc");
@@ -222,10 +231,11 @@ include("head.inc");
//<![CDATA[
function maxmss_checked(obj) {
- if (obj.checked)
+ if (obj.checked) {
jQuery('#maxmss').attr('disabled',false);
- else
+ } else {
jQuery('#maxmss').attr('disabled','true');
+ }
}
//]]>
@@ -234,10 +244,12 @@ function maxmss_checked(obj) {
<form action="vpn_ipsec_settings.php" method="post" name="iform" id="iform">
<?php
- if ($savemsg)
+ if ($savemsg) {
print_info_box($savemsg);
- if ($input_errors)
+ }
+ if ($input_errors) {
print_input_errors($input_errors);
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec settings">
@@ -266,23 +278,26 @@ function maxmss_checked(obj) {
<strong><?=gettext("Start IPsec in debug mode based on sections selected"); ?></strong>
<br />
<table summary="ipsec debug">
- <?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?>
- <tr>
- <td width="22%" valign="top" class="vncell"><?=$ldescr;?></td>
- <td width="78%" valign="top" class="vncell">
- <?php echo "<select name=\"ipsec_{$lkey}\" id=\"ipsec_{$lkey}\">\n";
- foreach (array("Silent", "Audit", "Control", "Diag", "Raw", "Highest") as $lidx => $lvalue) {
- echo "<option value=\"{$lidx}\" ";
- if ($pconfig["ipsec_{$lkey}"] == $lidx)
- echo "selected=\"selected\"";
- echo ">{$lvalue}</option>\n";
- }
- ?>
- </select>
- </td>
- </tr>
- <?php endforeach; ?>
- <tr style="display:none;"><td></td></tr>
+ <?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?=$ldescr;?></td>
+ <td width="78%" valign="top" class="vncell">
+ <?php
+ echo "<select name=\"ipsec_{$lkey}\" id=\"ipsec_{$lkey}\">\n";
+ foreach (array("Silent", "Audit", "Control", "Diag", "Raw", "Highest") as $lidx => $lvalue) {
+ echo "<option value=\"{$lidx}\" ";
+ if ($pconfig["ipsec_{$lkey}"] == $lidx)
+ echo "selected=\"selected\"";
+ echo ">{$lvalue}</option>\n";
+ }
+ ?>
+ </select>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ <tr style="display:none;">
+ <td></td>
+ </tr>
</table>
<br /><?=gettext("Launches IPsec in debug mode so that more verbose logs " .
"will be generated to aid in troubleshooting."); ?>
@@ -292,15 +307,17 @@ function maxmss_checked(obj) {
<td width="22%" valign="top" class="vncell"><?=gettext("Unique IDs"); ?></td>
<td width="78%" class="vtable">
<strong><?=gettext("Configure Unique IDs as: "); ?></strong>
- <?php echo "<select name=\"uniqueids\" id=\"uniqueids\">\n";
+ <?php
+ echo "<select name=\"uniqueids\" id=\"uniqueids\">\n";
foreach ($ipsec_idhandling as $value => $lvalue) {
echo "<option value=\"{$value}\" ";
- if ($pconfig['uniqueids'] == $value)
+ if ($pconfig['uniqueids'] == $value) {
echo "selected=\"selected\"";
+ }
echo ">{$lvalue}</option>\n";
}
?>
- </select>
+ </select>
<br />
<?=gettext("whether a particular participant ID should be kept unique, with any new IKE_SA using an ID " .
"deemed to replace all old ones using that ID. Participant IDs normally are unique, so a new " .
OpenPOWER on IntegriCloud