diff options
author | Ermal <eri@pfsense.org> | 2012-10-04 18:37:24 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-10-04 18:37:46 +0000 |
commit | 3c107b76f40a3208bba287f2c19c27e3cc79c669 (patch) | |
tree | 75a29332293688e07e8cbd04603b8c5f2b259429 /usr | |
parent | 6f663992845110fae5777a6a6b2547e567563a8c (diff) | |
download | pfsense-3c107b76f40a3208bba287f2c19c27e3cc79c669.zip pfsense-3c107b76f40a3208bba287f2c19c27e3cc79c669.tar.gz |
Add a NAT entry for configuring NAT on ipsec phase2. It will add nat rules on enc interface
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 7c475c8..caf4619 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -66,6 +66,8 @@ if (isset($p2index) && $a_phase2[$p2index]) $pconfig['descr'] = $a_phase2[$p2index]['descr']; $old_ph2ent = $a_phase2[$p2index]; + if (!empty($a_phase2[$p2index]['natlocalid'])) + idinfo_to_pconfig("natlocal",$a_phase2[$p2index]['natlocalid'],$pconfig); idinfo_to_pconfig("local",$a_phase2[$p2index]['localid'],$pconfig); idinfo_to_pconfig("remote",$a_phase2[$p2index]['remoteid'],$pconfig); @@ -129,6 +131,15 @@ if ($_POST) { $input_errors[] = gettext("A valid local network IP address must be specified."); break; } + switch ($pconfig['natlocalid_type']) { + case "network": + if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) || !is_numeric($pconfig['natlocalid_netbits'])) + $input_errors[] = gettext("A valid nat local network bit count must be specified."); + case "address": + if (!$pconfig['natlocalid_address'] || !is_ipaddr($pconfig['natlocalid_address'])) + $input_errors[] = gettext("A valid nat local network IP address must be specified."); + break; + } /* Check if the localid_type is an interface, to confirm if it has a valid subnet. */ if (is_array($config['interfaces'][$pconfig['localid_type']])) { @@ -139,6 +150,14 @@ if ($_POST) { if (empty($address) || empty($netbits)) $input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet."); } + if (is_array($config['interfaces'][$pconfig['natlocalid_type']])) { + // Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201. + $address = get_interface_ip($pconfig['natlocalid_type']); + $netbits = get_interface_subnet($pconfig['natlocalid_type']); + + if (empty($address) || empty($netbits)) + $input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet."); + } switch ($pconfig['remoteid_type']) { case "network": @@ -227,6 +246,8 @@ if ($_POST) { $ph2ent['disabled'] = $pconfig['disabled'] ? true : false; if(($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")){ + if (!empty($pconfig['natlocalid_type'])) + $ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal",$pconfig); $ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig); $ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig); } @@ -297,6 +318,47 @@ function change_mode() { } } +function typesel_change_natlocal(bits) { + var value = document.iform.mode.options[index].value; + if (typeof(bits) === "undefined") { + if (value === "tunnel") { + bits = 24; + } + else if (value === "tunnel6") { + bits = 64; + } + } + var address_is_blank = !/\S/.test(document.iform.natlocalid_address.value); + switch (document.iform.natlocalid_type.selectedIndex) { + case 0: /* single */ + document.iform.natlocalid_address.disabled = 0; + if (address_is_blank) { + document.iform.natlocalid_netbits.value = 0; + } + document.iform.natlocalid_netbits.disabled = 1; + break; + case 1: /* network */ + document.iform.natlocalid_address.disabled = 0; + if (address_is_blank) { + document.iform.natlocalid_netbits.value = bits; + } + document.iform.natlocalid_netbits.disabled = 0; + break; + case 3: /* none */ + document.iform.natlocalid_address.disabled = 1; + document.iform.natlocalid_netbits.disabled = 1; + break; + default: + document.iform.natlocalid_address.value = ""; + document.iform.natlocalid_address.disabled = 1; + if (address_is_blank) { + document.iform.natlocalid_netbits.value = 0; + } + document.iform.natlocalid_netbits.disabled = 1; + break; + } +} + function typesel_change_local(bits) { var value = document.iform.mode.options[index].value; if (typeof(bits) === "undefined") { @@ -476,6 +538,42 @@ function change_protocol() { </select> </td> </tr> + <tr> <td colspan="3"> + <br/> + <?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?> + </td></tr> + <tr> + <td><?=gettext("Type"); ?>: </td> + <td></td> + <td> + <select name="natlocalid_type" class="formselect" onChange="typesel_change_natlocal()"> + <option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected";?>><?=gettext("Address"); ?></option> + <option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected";?>><?=gettext("Network"); ?></option> + <?php + $iflist = get_configured_interface_with_descr(); + foreach ($iflist as $ifname => $ifdescr): + ?> + <option value="<?=$ifname; ?>" <?php if ($pconfig['natlocalid_type'] == $ifname ) echo "selected";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option> + <?php endforeach; ?> + <option value="none" <?php if ($pconfig['natlocalid_type'] == "none" ) echo "selected";?>><?=gettext("None"); ?></option> + </select> + </td> + </tr> + <tr> + <td><?=gettext("Address:");?> </td> + <td><?=$mandfldhtmlspc;?></td> + <td> + <input name="natlocalid_address" type="text" class="formfld unknown ipv4v6" id="natlocalid_address" size="28" value="<?=htmlspecialchars($pconfig['natlocalid_address']);?>"> + / + <select name="natlocalid_netbits" class="formselect ipv4v6" id="natlocalid_netbits"> + <?php for ($i = 128; $i >= 0; $i--): ?> + <option value="<?=$i;?>" <?php if (isset($pconfig['natlocalid_netbits']) && $i == $pconfig['natlocalid_netbits']) echo "selected"; ?>> + <?=$i;?> + </option> + <?php endfor; ?> + </select> + </td> + </tr> </table> </td> </tr> @@ -679,6 +777,7 @@ function change_protocol() { change_mode('<?=htmlspecialchars($pconfig['mode'])?>'); change_protocol('<?=htmlspecialchars($pconfig['proto'])?>'); typesel_change_local(<?=htmlspecialchars($pconfig['localid_netbits'])?>); +typesel_change_natlocal(<?=htmlspecialchars($pconfig['natlocalid_netbits'])?>); <?php if (!isset($pconfig['mobile'])): ?> typesel_change_remote(<?=htmlspecialchars($pconfig['remoteid_netbits'])?>); <?php endif; ?> |