summaryrefslogtreecommitdiffstats
path: root/usr/local/www/vpn_ipsec.php
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local/www/vpn_ipsec.php')
-rwxr-xr-xusr/local/www/vpn_ipsec.php435
1 files changed, 302 insertions, 133 deletions
diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php
index 4946d73..94f4c37 100755
--- a/usr/local/www/vpn_ipsec.php
+++ b/usr/local/www/vpn_ipsec.php
@@ -4,6 +4,7 @@
part of m0n0wall (http://m0n0.ch/wall)
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008 Shrew Soft Inc
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -30,14 +31,18 @@
require("guiconfig.inc");
-if (!is_array($config['ipsec']['tunnel'])) {
- $config['ipsec']['tunnel'] = array();
-}
-$a_ipsec = &$config['ipsec']['tunnel'];
+if (!is_array($config['ipsec']['phase1']))
+ $config['ipsec']['phase1'] = array();
+
+if (!is_array($config['ipsec']['phase2']))
+ $config['ipsec']['phase2'] = array();
+
+$a_phase1 = &$config['ipsec']['phase1'];
+$a_phase2 = &$config['ipsec']['phase2'];
+
$wancfg = &$config['interfaces']['wan'];
$pconfig['enable'] = isset($config['ipsec']['enable']);
-$pconfig['ipcomp'] = isset($config['ipsec']['ipcomp']);
if ($_POST) {
@@ -53,7 +58,6 @@ if ($_POST) {
$pconfig = $_POST;
$config['ipsec']['enable'] = $_POST['enable'] ? true : false;
- $config['ipsec']['ipcomp'] = $_POST['ipcomp'] ? true : false;
write_config();
@@ -72,13 +76,41 @@ if ($_POST) {
}
}
-if ($_GET['act'] == "del") {
- if ($a_ipsec[$_GET['id']]) {
+if ($_GET['act'] == "delph1")
+{
+ if ($a_phase1[$_GET['p1index']]) {
/* remove static route if interface is not WAN */
- if($a_ipsec[$_GET['id']]['interface'] <> "wan") {
- mwexec("/sbin/route delete -host {$$a_ipsec[$_GET['id']]['remote-gateway']}");
+ if ($a_phase1[$_GET['p1index']]['interface'] <> "wan") {
+ mwexec("/sbin/route delete -host {$$a_phase1[$_GET['p1index']]['remote-gateway']}");
+ }
+
+ /* remove all phase2 entries that match the ikeid */
+ $ikeid = $a_phase1[$_GET['p1index']]['ikeid'];
+ $p2index = 0;
+ foreach ($a_phase2 as $ph2tmp) {
+ if ($ph2tmp['ikeid'] == $ikeid) {
+ /* remove the phase2 entry */
+ unset($a_phase2[$p2index]);
+ continue;
+ }
+ /* only skip if we remove an entry */
+ $p2index++;
}
- unset($a_ipsec[$_GET['id']]);
+
+ /* remove the phase1 entry */
+ unset($a_phase1[$_GET['p1index']]);
+ filter_configure();
+ write_config();
+ header("Location: vpn_ipsec.php");
+ exit;
+ }
+}
+
+if ($_GET['act'] == "delph2")
+{
+ if ($a_phase2[$_GET['p2index']]) {
+ /* remove the phase2 entry */
+ unset($a_phase2[$_GET['p2index']]);
filter_configure();
write_config();
header("Location: vpn_ipsec.php");
@@ -95,133 +127,270 @@ include("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<form action="vpn_ipsec.php" method="post">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php if (file_exists($d_ipsecconfdirty_path)): ?><p>
-<?php if ($pconfig['enable'])
- print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
-<?php endif; ?>
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td class="tabnavtbl">
<?php
- $tab_array = array();
- $tab_array[0] = array("Tunnels", true, "vpn_ipsec.php");
- $tab_array[1] = array("Mobile clients", false, "vpn_ipsec_mobile.php");
- $tab_array[2] = array("Pre-shared keys", false, "vpn_ipsec_keys.php");
- $tab_array[3] = array("CAs", false, "vpn_ipsec_ca.php");
- display_top_tabs($tab_array);
+ if ($savemsg)
+ print_info_box($savemsg);
+ if ($pconfig['enable'] && file_exists($d_ipsecconfdirty_path))
+ print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect.");
?>
- </td></tr>
- <tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td class="vtable">
- <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked";?>>
- <strong>Enable IPsec</strong></td>
- </tr>
- <tr>
- <td> <input name="submit" type="submit" class="formbtn" value="Save">
- </td>
- </tr>
- </table>
- <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td nowrap class="listhdrr">Local net<br>
- Remote net</td>
- <td class="listhdrr">Interface<br>Remote gw</td>
- <td class="listhdrr">P1 mode</td>
- <td class="listhdrr">P1 Enc. Algo</td>
- <td class="listhdrr">P1 Hash Algo</td>
- <td class="listhdr">Description</td>
- <td class="list" >
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td width="17" heigth="17"></td>
- <td><a href="vpn_ipsec_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add tunnel" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $i = 0; foreach ($a_ipsec as $ipsecent):
- if (isset($ipsecent['disabled'])) {
- $spans = "<span class=\"gray\">";
- $spane = "</span>";
- } else {
- $spans = $spane = "";
- }
- ?>
- <tr valign="top">
- <td nowrap class="listlr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>'"><?=$spans;?>
- <?php if ($ipsecent['local-subnet']['network'])
- echo strtoupper($ipsecent['local-subnet']['network']);
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <?php
+ $tab_array = array();
+ $tab_array[0] = array("Tunnels", true, "vpn_ipsec.php");
+// $tab_array[1] = array("Mobile clients", false, "vpn_ipsec_mobile.php");
+ $tab_array[2] = array("CAs", false, "vpn_ipsec_ca.php");
+ display_top_tabs($tab_array);
+ ?>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="vtable">
+ <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked";?>>
+ <strong>Enable IPsec</strong>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <input name="submit" type="submit" class="formbtn" value="Save">
+ </td>
+ </tr>
+ </table>
+ <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="listhdrr">Interface<br>Remote gw</td>
+ <td class="listhdrr">P1 mode</td>
+ <td class="listhdrr">P1 Enc. Algo</td>
+ <td class="listhdrr">P1 Hash Algo</td>
+ <td class="listhdr">Description</td>
+ <td class="list" >
+ <table border="0" cellspacing="0" cellpadding="o">
+ <tr>
+ <td width="17" heigth="17"></td>
+ <td>
+ <a href="vpn_ipsec_phase1.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add phase1 entry" width="17" height="17" border="0"></a>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php
+ $i = 0;
+ foreach ($a_phase1 as $ph1ent) {
+ if (isset( $ph1ent['disabled'])) {
+ $spans = "<span class=\"gray\">";
+ $spane = "</span>";
+ }
else
- echo $ipsecent['local-subnet']['address'];
+ $spans = $spane = "";
?>
- <br>
- <?=$ipsecent['remote-subnet'];?>
- <?=$spane;?></td>
- <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>'"><?=$spans;?>
- <?php if ($ipsecent['interface']) {
- $iflabels = get_configured_interface_with_descr();
- $carpips = find_number_of_needed_carp_interfaces();
- for($j=0; $j<$carpips; $j++) {
- $carpip = find_interface_ip("carp" . $j);
- $iflabels['carp' . $j] = "CARP{$j} ({$carpip})";
- }
- $if = htmlspecialchars($iflabels[$ipsecent['interface']]);
- } else
- $if = "WAN";
-
- echo $if . "<br>" . $ipsecent['remote-gateway'];
+ <tr valign="top">
+ <td class="listlr" ondblclick="document.location='vpn_ipsec_phase1.php?id=<?=$i;?>'">
+ <?=$spans;?>
+ <?php
+ if ($ph1ent['interface']) {
+ $iflabels = get_configured_interface_with_descr();
+ $carpips = find_number_of_needed_carp_interfaces();
+ for( $j=0; $j<$carpips; $j++ ) {
+ $carpip = find_interface_ip("carp" . $j);
+ $iflabels['carp' . $j] = "CARP{$j} ({$carpip})";
+ }
+ $if = htmlspecialchars($iflabels[$ph1ent['interface']]);
+ }
+ else
+ $if = "WAN";
+
+ echo $if . "<br>" . $ph1ent['remote-gateway'];
+ ?>
+ <?=$spane;?>
+ </td>
+ <td class="listr" ondblclick="document.location='vpn_ipsec_phase1.php?id=<?=$i;?>'">
+ <?=$spans;?>
+ <?=$ph1ent['mode'];?>
+ <?=$spane;?>
+ </td>
+ <td class="listr" ondblclick="document.location='vpn_ipsec_phase1.php?id=<?=$i;?>'">
+ <?=$spans;?>
+ <?=$p1_ealgos[$ph1ent['encryption-algorithm']['name']]['name'];?>
+ <?php
+ if ($ph1ent['encryption-algorithm']['keylen']) {
+ if ($ph1ent['encryption-algorithm']['keylen']=="auto")
+ echo " (auto)";
+ else
+ echo " ({$ph1ent['encryption-algorithm']['keylen']} bits)";
+ }
+ ?>
+ <?=$spane;?>
+ </td>
+ <td class="listr" ondblclick="document.location='vpn_ipsec_phase1.php?id=<?=$i;?>'">
+ <?=$spans;?>
+ <?=$p1_halgos[$ph1ent['hash-algorithm']];?>
+ <?=$spane;?>
+ </td>
+ <td class="listtopic" ondblclick="document.location='vpn_ipsec_phase1.php?id=<?=$i;?>'">
+ <?=$spans;?>
+ <font color="#FFFFFF">
+ <?=htmlspecialchars($ph1ent['descr']);?>&nbsp;
+ </font>
+ <?=$spane;?>
+ </td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td>
+ <a href="vpn_ipsec_phase1.php?p1index=<?=$i;?>">
+ <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit phase1 entry" width="17" height="17" border="0">
+ </a>
+ </td>
+ <td>
+ <a href="vpn_ipsec.php?act=delph1&p1index=<?=$i;?>" onclick="return confirm('Do you really want to delete this phase1 and all associated phase2 entries?')">
+ <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete phase1 entry" width="17" height="17" border="0">
+ </a>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ </td>
+ <td>
+ <a href="vpn_ipsec_phase1.php?dup=<?=$i;?>">
+ <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="copy phase1 entry" width="17" height="17" border="0">
+ </a>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td class="listbg" colspan="5">
+ <table width="100%" height="100%"border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td class="listhdrr">Local Network</td>
+ <td class="listhdrr">Remote Network</td>
+ <td class="listhdrr">P2 Protocol</td>
+ <td class="listhdrr">P2 Transforms</td>
+ <td class="listhdrr">P2 Auth Methods</td>
+ <td class ="list">
+ <a href="vpn_ipsec_phase2.php?ikeid=<?=$ph1ent['ikeid'];?>">
+ <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add phase2 entry" width="17" height="17" border="0">
+ </a>
+ </td>
+ </tr>
+ <?php
+ $j = 0;
+ foreach ($a_phase2 as $ph2ent) {
+ if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
+ $j++;
+ continue;
+ }
+
+ if (isset( $ph2ent['disabled']) || isset($ph1ent['disabled'])) {
+ $spans = "<span class=\"gray\">";
+ $spane = "</span>";
+ }
+ else
+ $spans = $spane = "";
+ ?>
+ <tr valign="top">
+ <td nowrap class="listr" ondblclick="document.location='vpn_ipsec_phase2.php?id=<?=$i;?>'">
+ <?=$spans;?>
+ <?php echo ipsec_idinfo_to_text($ph2ent['localid']); ?>
+ <?=$spane;?>
+ </td>
+ <td nowrap class="listr" ondblclick="document.location='vpn_ipsec_phase2.php?id=<?=$i;?>'">
+ <?=$spans;?>
+ <?php echo ipsec_idinfo_to_text($ph2ent['remoteid']); ?>
+ <?=$spane;?>
+ </td>
+ <td nowrap class="listr" ondblclick="document.location='vpn_ipsec_phase2.php?id=<?=$i;?>'">
+ <?=$spans;?>
+ <?php echo $p2_protos[$ph2ent['protocol']]; ?>
+ <?=$spane;?>
+ </td>
+ <td nowrap class="listr" ondblclick="document.location='vpn_ipsec_phase2.php?id=<?=$i;?>'">
+ <?=$spans;?>
+ <?php
+ $k = 0;
+ foreach ($ph2ent['encryption-algorithm-option'] as $ph2ea) {
+ if ($k++)
+ echo ", ";
+ echo $p2_ealgos[$ph2ea['name']]['name'];
+ if ($ph2ea['keylen']) {
+ if ($ph2ea['keylen']=="auto")
+ echo " (auto)";
+ else
+ echo " ({$ph2ea['keylen']} bits)";
+ }
+ }
+ ?>
+ <?=$spane;?>
+ </td>
+ <td nowrap class="listr" ondblclick="document.location='vpn_ipsec_phase2.php?id=<?=$i;?>'">
+ <?=$spans;?>
+ <?php
+ $k = 0;
+ foreach ($ph2ent['hash-algorithm-option'] as $ph2ha) {
+ if ($k++)
+ echo ", ";
+ echo $p2_halgos[$ph2ha];
+ }
+ ?>
+ <?=$spane;?>
+ </td>
+ <td nowrap class="list">
+ <a href="vpn_ipsec_phase2.php?p2index=<?=$j;?>">
+ <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit phase2 entry" width="17" height="17" border="0">
+ </a>
+ <a href="vpn_ipsec.php?act=delph2&p2index=<?=$j;?>" onclick="return confirm('Do you really want to delete this phase2 entry?')">
+ <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete phase2 entry" width="17" height="17" border="0">
+ </a>
+ </td>
+ </tr>
+ <?php
+ $j++;
+ }
+ ?>
+ </table>
+ </td>
+ </tr>
+ <?php
+ $i++;
+ }
?>
- <?=$spane;?></td>
- <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>'"><?=$spans;?>
- <?=$ipsecent['p1']['mode'];?>
- <?=$spane;?></td>
- <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>'"><?=$spans;?>
- <?=$p1_ealgos[$ipsecent['p1']['encryption-algorithm']];?>
- <?=$spane;?></td>
- <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>'"><?=$spans;?>
- <?=$p1_halgos[$ipsecent['p1']['hash-algorithm']];?>
- <?=$spane;?></td>
- <td class="listbg" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>'"><?=$spans;?><font color="#FFFFFF">
- <?=htmlspecialchars($ipsecent['descr']);?>&nbsp;
- <?=$spane;?></td>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><a href="vpn_ipsec_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit tunnel" width="17" height="17" border="0"></a></td>
- <td><a href="vpn_ipsec.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this tunnel?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete tunnel" width="17" height="17" border="0"></a></td>
- </tr>
- <tr>
- <td></td>
- <td><a href="vpn_ipsec_edit.php?dup=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add a new rule based on this one" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $i++; endforeach; ?>
- <tr>
- <td class="list" colspan="6"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td width="17"></td>
- <td><a href="vpn_ipsec_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add tunnel" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- <td>
- </tr>
- <tr>
- <td colspan="4">
- <p><span class="vexpl"><span class="red"><strong>Note:<br>
- </strong></span>You can check your IPsec status at <a href="diag_ipsec_sad.php">Status:IPsec</a>.</span></p>
- </td>
- </tr>
- </table>
- </div>
- </td>
+ <tr>
+ <td class="list" colspan="5"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td width="17"></td>
+ <td>
+ <a href="vpn_ipsec_phase1.php">
+ <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add phase1 entry" width="17" height="17" border="0">
+ </a>
+ </td>
+ </tr>
+ </table>
+ <td>
+ </tr>
+ <tr>
+ <td colspan="4">
+ <p>
+ <span class="vexpl">
+ <span class="red">
+ <strong>Note:<br></strong>
+ </span>
+ You can check your IPsec status at <a href="diag_ipsec.php">Status:IPsec</a>.
+ </span>
+ </p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
</tr>
</table>
</form>
OpenPOWER on IntegriCloud