diff options
author | mgrooms <mgrooms@shrew.net> | 2009-03-15 06:14:54 +0000 |
---|---|---|
committer | mgrooms <mgrooms@shrew.net> | 2009-03-15 06:18:35 +0000 |
commit | 4b96b3675a8ee4fd0d276ad0a7c3b8b93bd14cac (patch) | |
tree | 958b9cad6a732f92151e4d2fb4238125af08150c /usr | |
parent | 030f0cb794e2cc477432aa108eceb3dd2a01a4b0 (diff) | |
download | pfsense-4b96b3675a8ee4fd0d276ad0a7c3b8b93bd14cac.zip pfsense-4b96b3675a8ee4fd0d276ad0a7c3b8b93bd14cac.tar.gz |
Modify IPsec code to allow for transport mode. All existing configurations are
marked as tunnel for backwards compatibility. There are problems with the spd
read code which Will likely choke on transport entries. We can fix this later.
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/vpn_ipsec.php | 10 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 85 |
2 files changed, 69 insertions, 26 deletions
diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index c309986..d43f457 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -285,8 +285,11 @@ include("head.inc"); </div> <table class="tabcont" width="100%" height="100%" border="0" cellspacing="0" cellpadding="0" id="tdph2-<?=$i?>" style="display:none"> <tr> + <td class="listhdrr">Mode</td> + <?php if($ph2ent['mode'] == "tunnel"): ?> <td class="listhdrr">Local Subnet</td> <td class="listhdrr">Remote Subnet</td> + <?php endif; ?> <td class="listhdrr">P2 Protocol</td> <td class="listhdrr">P2 Transforms</td> <td class="listhdrr">P2 Auth Methods</td> @@ -315,6 +318,12 @@ include("head.inc"); <td nowrap class="listlr"> <?=$spans;?> + <?=$ph2ent['mode'];?> + <?=$spane;?> + </td> + <?php if($ph2ent['mode'] == "tunnel"): ?> + <td nowrap class="listr"> + <?=$spans;?> <?=ipsec_idinfo_to_text($ph2ent['localid']); ?> <?=$spane;?> </td> @@ -323,6 +332,7 @@ include("head.inc"); <?=ipsec_idinfo_to_text($ph2ent['remoteid']); ?> <?=$spane;?> </td> + <?php endif; ?> <td nowrap class="listr"> <?=$spans;?> <?php echo $p2_protos[$ph2ent['protocol']]; ?> diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index bd922b4..1056497 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -63,6 +63,7 @@ if (isset($p2index) && $a_phase2[$p2index]) { $pconfig['ikeid'] = $a_phase2[$p2index]['ikeid']; $pconfig['disabled'] = isset($a_phase2[$p2index]['disabled']); + $pconfig['mode'] = $a_phase2[$p2index]['mode']; $pconfig['descr'] = $a_phase2[$p2index]['descr']; $old_ph2ent = $a_phase2[$p2index]; @@ -118,24 +119,27 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - switch ($pconfig['localid_type']) { - case "network": - if (!$pconfig['localid_netbits'] || !is_numeric($pconfig['localid_netbits'])) - $input_errors[] = "A valid local network bit count must be specified.."; - case "address": - if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) - $input_errors[] = "A valid local network IP address must be specified."; - break; - } + if($pconfig['mode'] == "tunnel") + { + switch ($pconfig['localid_type']) { + case "network": + if (!$pconfig['localid_netbits'] || !is_numeric($pconfig['localid_netbits'])) + $input_errors[] = "A valid local network bit count must be specified.."; + case "address": + if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) + $input_errors[] = "A valid local network IP address must be specified."; + break; + } - switch ($pconfig['remoteid_type']) { - case "network": - if (!$pconfig['remoteid_netbits'] || !is_numeric($pconfig['remoteid_netbits'])) - $input_errors[] = "A valid remote network bit count must be specified.."; - case "address": - if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address'])) - $input_errors[] = "A valid remote network IP address must be specified."; - break; + switch ($pconfig['remoteid_type']) { + case "network": + if (!$pconfig['remoteid_netbits'] || !is_numeric($pconfig['remoteid_netbits'])) + $input_errors[] = "A valid remote network bit count must be specified.."; + case "address": + if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address'])) + $input_errors[] = "A valid remote network IP address must be specified."; + break; + } } /* TODO : Validate enabled phase2's are not duplicates */ @@ -152,10 +156,13 @@ if ($_POST) { if (!$input_errors) { $ph2ent['ikeid'] = $pconfig['ikeid']; + $ph2ent['mode'] = $pconfig['mode']; $ph2ent['disabled'] = $pconfig['disabled'] ? true : false; - $ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig); - $ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig); + if($ph2ent['mode'] == "tunnel") { + $ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig); + $ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig); + } $ph2ent['protocol'] = $pconfig['proto']; $ph2ent['encryption-algorithm-option'] = $ealgos; @@ -202,6 +209,19 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <script language="JavaScript"> <!-- + +function change_mode() { + index = document.iform.mode.selectedIndex; + value = document.iform.mode.options[index].value; + if (value == 'tunnel') { + document.getElementById('opt_localid').style.display = ''; + document.getElementById('opt_remoteid').style.display = ''; + } else { + document.getElementById('opt_localid').style.display = 'none'; + document.getElementById('opt_remoteid').style.display = 'none'; + } +} + function typesel_change_local(bits) { if (!bits) @@ -264,7 +284,7 @@ function typesel_change_remote(bits) { <?php endif; ?> -function protocol_change() { +function change_protocol() { index = document.iform.proto.selectedIndex; value = document.iform.proto.options[index].value; if (value == 'esp') @@ -299,10 +319,6 @@ function protocol_change() { <div class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td width="22%" valign="top" class="vncellreq">Mode</td> - <td width="78%" class="vtable"> Tunnel</td> - </tr> - <tr> <td width="22%" valign="top" class="vncellreq">Disabled</td> <td width="78%" class="vtable"> <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>> @@ -314,6 +330,21 @@ function protocol_change() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncellreq">Mode</td> + <td width="78%" class="vtable"> + <select name="mode" class="formselect" onChange="change_mode()"> + <?php + foreach($p2_modes as $name => $value): + $selected = ""; + if ($name == $pconfig['mode']) + $selected = "selected"; + ?> + <option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <tr id="opt_localid"> <td width="22%" valign="top" class="vncellreq">Local Network</td> <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0"> @@ -349,7 +380,7 @@ function protocol_change() { <?php if (!isset($pconfig['mobile'])): ?> - <tr> + <tr id="opt_remoteid"> <td width="22%" valign="top" class="vncellreq">Remote Network</td> <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0"> @@ -406,7 +437,7 @@ function protocol_change() { <tr> <td width="22%" valign="top" class="vncellreq">Protocol</td> <td width="78%" class="vtable"> - <select name="proto" class="formselect" onChange="protocol_change()"> + <select name="proto" class="formselect" onChange="change_protocol()"> <?php foreach ($p2_protos as $proto => $protoname): ?> <option value="<?=$proto;?>" <?php if ($proto == $pconfig['proto']) echo "selected"; ?>> <?=htmlspecialchars($protoname);?> @@ -548,6 +579,8 @@ function protocol_change() { </form> <script lannguage="JavaScript"> <!-- +change_mode('<?=$pconfig['mode']?>'); +change_protocol('<?=$pconfig['proto']?>'); typesel_change_local(<?=$pconfig['localid_netbits']?>); typesel_change_remote(<?=$pconfig['remoteid_netbits']?>); //--> |