diff options
-rw-r--r-- | etc/inc/ipsec.inc | 8 | ||||
-rw-r--r-- | usr/local/www/diag_ipsec.php | 55 | ||||
-rw-r--r-- | usr/local/www/diag_ipsec_spd.php | 13 |
3 files changed, 41 insertions, 35 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 60b7f3e..dd2f033 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -346,9 +346,9 @@ function ipsec_lookup_phase1(& $ph2ent,& $ph1ent) { function ipsec_phase1_status($ipsec_status, $ikeid) { foreach ($ipsec_status as $ike) { - if ($ike['peerconfig'] != "con{$ikeid}") + if ($ike['id'] != $ikeid) continue; - if ($ike['status'] == "established") + if ($ike['status'] == 'established') return true; break; } @@ -676,10 +676,6 @@ function ipsec_get_descr($ikeid) { return $descr; } -function ipsec_get_descr_by_peerconfig($peerconfig) { - return ipsec_get_descr(substr($peerconfig, strrpos($peerconfig, '-') + 1)); -} - function ipsec_disconnect_mobile($username) { if (empty($username)) return false; diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php index ad6c463..33b0c85 100644 --- a/usr/local/www/diag_ipsec.php +++ b/usr/local/www/diag_ipsec.php @@ -52,16 +52,16 @@ require("guiconfig.inc"); include("head.inc"); require("ipsec.inc"); -if ($_GET['act'] == "connect") { - if (is_ipaddrv4($_GET['remoteid']) && is_ipaddrv4($_GET['source'])) { - exec("/sbin/ping -S " . escapeshellarg($_GET['source']) . " -c 1 " . escapeshellarg($_GET['remoteid'])); +if ($_GET['act'] == 'connect') { + if (ctype_digit($_GET['ikeid'])) { + mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid'])); + mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid'])); } - else if (is_ipaddrv6($_GET['remoteid']) && is_ipaddrv6($_GET['source'])) { - exec("/sbin/ping6 -S " . escapeshellarg($_GET['source']) . " -c 1 " . escapeshellarg($_GET['remoteid'])); +} else if ($_GET['act'] == 'ikedisconnect') { + if (ctype_digit($_GET['ikeid'])) { + mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid'])); } -} - -if ($_GET['act'] == "disconnect") { +} else if ($_GET['act'] == 'disconnect') { if (!empty($_GET['user'])) { ipsec_disconnect_mobile($_GET['user']); sleep(1); @@ -107,23 +107,31 @@ $status = ipsec_smp_dump_status(); <th class="listhdrr nowrap"><?php echo gettext("Remote IP");?></th> <th class="listhdrr nowrap"><?php echo gettext("Role");?></th> <th class="listhdrr nowrap"><?php echo gettext("Status");?></th> + <td class="list nowrap"></td> </tr> </thead> <tbody> <?php if (is_array($status['query']) && is_array($status['query']['ikesalist']) && is_array($status['query']['ikesalist']['ikesa'])) { foreach ($status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa) { + if (ipsec_phase1_status($status['query']['ikesalist']['ikesa'], $ikesa['id'])) { + $icon = "pass"; + } elseif(!isset($config['ipsec']['enable'])) { + $icon = "block"; + } else { + $icon = "reject"; + } ?> <tr> <td class="listlr"> - <?php echo htmlspecialchars(ipsec_get_descr_by_peerconfig($ikesa['peerconfig']));?> + <?php echo "({$ikesa['id']}) " . htmlspecialchars(ipsec_get_descr($ikesa['id']));?> </td> <td class="listr"> <?php if (!is_array($ikesa['local'])) echo "Unknown"; else { if (!empty($ikesa['local']['identification'])) - echo htmlspecialchars($ikesa['local']['identification']) . '<br />' . htmlspecialchars($ikesa['local']['spi']); + echo htmlspecialchars($ikesa['local']['identification']); else echo 'Unknown'; } @@ -137,7 +145,7 @@ $status = ipsec_smp_dump_status(); echo htmlspecialchars($ikesa['local']['address']) . ':' . htmlspecialchars($ikesa['local']['port']); else echo 'Unknown'; - if ($ikesa['local']['nat']) + if ($ikesa['local']['nat'] != 'false') echo " NAT-T"; } ?> @@ -147,7 +155,7 @@ $status = ipsec_smp_dump_status(); echo "Unknown"; else { if (!empty($ikesa['remote']['identification'])) - echo htmlspecialchars($ikesa['remote']['identification']) . '<br />' . htmlspecialchars($ikesa['remote']['spi']); + echo htmlspecialchars($ikesa['remote']['identification']); else echo 'Unknown'; } @@ -161,7 +169,7 @@ $status = ipsec_smp_dump_status(); echo htmlspecialchars($ikesa['remote']['address']) . ':' . htmlspecialchars($ikesa['remote']['port']); else echo 'Unknown'; - if ($ikesa['remote']['nat']) + if ($ikesa['remote']['nat'] != 'false') echo " NAT-T"; } ?> @@ -170,10 +178,25 @@ $status = ipsec_smp_dump_status(); <?php echo htmlspecialchars($ikesa['role']);?> </td> <td class="listr"> - <?php echo htmlspecialchars($ikesa['status']);?> + <center> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_<?php echo $icon; ?>.gif" title="<?php echo $ikesa['status']; ?>" alt=""/> + <br/><?php echo htmlspecialchars($ikesa['status']);?> + </center> </td> - <td class="listbg"> - <?php ?> + <td > + <?php if ($icon != "pass"): ?> + <center> + <a href="diag_ipsec.php?act=connect&ikeid=<?php echo $ikesa['id']; ?>"> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_start.gif" alt="Connect VPN" title="Connect VPN" border="0"/> + </a> + </center> + <?php else: ?> + <center> + <a href="diag_ipsec.php?act=ikedisconnect&ikeid=<?php echo $ikesa['id']; ?>"> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_stop.gif" alt="Disconnect VPN" title="Disconnect VPN" border="0"/> + </a> + </center> + <?php endif; ?> </td> <td valign="middle" class="list nowrap"> <table border="0" cellspacing="0" cellpadding="1" summary=""> diff --git a/usr/local/www/diag_ipsec_spd.php b/usr/local/www/diag_ipsec_spd.php index 0a01565..3c854af 100644 --- a/usr/local/www/diag_ipsec_spd.php +++ b/usr/local/www/diag_ipsec_spd.php @@ -50,16 +50,6 @@ $pgtitle = array(gettext("Status"),gettext("IPsec"),gettext("SPD")); $shortcut_section = "ipsec"; include("head.inc"); -/* delete any SP? */ -if ($_GET['act'] == "del") { - $fd = @popen("/sbin/setkey -c > /dev/null 2>&1", "w"); - if ($fd) { - fwrite($fd, "spddelete {$_GET['srcid']} {$_GET['dstid']} any -P {$_GET['dir']} ;\n"); - pclose($fd); - sleep(1); - } -} - $spd = ipsec_dump_spd(); ?> @@ -106,9 +96,6 @@ $spd = ipsec_dump_spd(); $args .= "&dstid=".rawurlencode($sp['dstid']); $args .= "&dir=".rawurlencode($sp['dir']); ?> - <a href="diag_ipsec_spd.php?act=del&<?=$args;?>" onclick="return confirm('<?= gettext("Do you really want to delete this security policy?"); ?>')"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /> - </a> </td> </tr> <?php endforeach; ?> |