diff options
-rw-r--r-- | etc/inc/vpn.inc | 2 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 29 |
2 files changed, 28 insertions, 3 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 827adbd..1c204f0 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -535,7 +535,7 @@ function vpn_ipsec_configure($ipchg = false) chmod($keypath, 0600); - $ca = lookup_ca($cert['caref']); + $ca = lookup_ca($ph1ent['caref']); if ($ca) { $cafile = "ca-".$ikeid.".crt"; $capath = $g['varetc_path']."/".$cafile; diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 529cf73..7c3300c 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -96,6 +96,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key']; } else { $pconfig['certref'] = $a_phase1[$p1index]['certref']; + $pconfig['caref'] = $a_phase1[$p1index]['caref']; } $pconfig['descr'] = $a_phase1[$p1index]['descr']; @@ -142,8 +143,8 @@ if ($_POST) { $reqdfields = explode(" ", "pskey"); $reqdfieldsn = array(gettext("Pre-Shared Key")); } else { - $reqdfields = explode(" ", "certref"); - $reqdfieldsn = array(gettext("My Certificate")); + $reqdfields = explode(" ", "caref certref"); + $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate")); } if (!$pconfig['mobile']) { $reqdfields[] = "remotegw"; @@ -292,6 +293,7 @@ if ($_POST) { $ph1ent['pre-shared-key'] = $pconfig['pskey']; $ph1ent['private-key'] = base64_encode($pconfig['privatekey']); $ph1ent['certref'] = $pconfig['certref']; + $ph1ent['caref'] = $pconfig['caref']; $ph1ent['authentication_method'] = $pconfig['authentication_method']; $ph1ent['proposal_check'] = $pconfig['proposal_check']; $ph1ent['descr'] = $pconfig['descr']; @@ -374,24 +376,28 @@ function methodsel_change() { document.getElementById('opt_psk').style.display = 'none'; document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = ''; + document.getElementById('opt_ca').style.display = ''; break; case 'xauth_rsa_server': case 'rsasig': document.getElementById('opt_psk').style.display = 'none'; document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = ''; + document.getElementById('opt_ca').style.display = ''; break; <?php if ($pconfig['mobile']) { ?> case 'pre_shared_key': document.getElementById('opt_psk').style.display = 'none'; document.getElementById('opt_peerid').style.display = 'none'; document.getElementById('opt_cert').style.display = 'none'; + document.getElementById('opt_ca').style.display = 'none'; break; <?php } ?> default: /* psk modes*/ document.getElementById('opt_psk').style.display = ''; document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = 'none'; + document.getElementById('opt_ca').style.display = 'none'; break; } } @@ -710,6 +716,25 @@ function dpdchkbox_change() { </span> </td> </tr> + <tr id="opt_ca"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td> + <td width="78%" class="vtable"> + <select name='caref' class="formselect"> + <?php + foreach ($config['system']['ca'] as $ca): + $selected = ""; + if ($pconfig['caref'] == $ca['refid']) + $selected = "selected"; + ?> + <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['name'];?></option> + <?php endforeach; ?> + </select> + <br> + <span class="vexpl"> + <?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>. + </span> + </td> + </tr> <tr> <td colspan="2" class="list" height="12"></td> </tr> |