diff options
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase1.php')
-rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 63 |
1 files changed, 24 insertions, 39 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 343d1a1..d7906d4 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -79,6 +79,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { else $pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway']; + $pconfig['iketype'] = $a_phase1[$p1index]['iketype']; $pconfig['mode'] = $a_phase1[$p1index]['mode']; $pconfig['protocol'] = $a_phase1[$p1index]['protocol']; $pconfig['myid_type'] = $a_phase1[$p1index]['myid_type']; @@ -90,8 +91,6 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup']; $pconfig['lifetime'] = $a_phase1[$p1index]['lifetime']; $pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method']; - $pconfig['generate_policy'] = $a_phase1[$p1index]['generate_policy']; - $pconfig['proposal_check'] = $a_phase1[$p1index]['proposal_check']; if (($pconfig['authentication_method'] == "pre_shared_key") || ($pconfig['authentication_method'] == "xauth_psk_server")) { @@ -125,6 +124,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['lifetime'] = "28800"; $pconfig['nat_traversal'] = "on"; $pconfig['dpd_enable'] = true; + $pconfig['iketype'] = "ikev1"; /* mobile client */ if($_GET['mobile']) @@ -297,6 +297,9 @@ if ($_POST) { $input_errors[] = gettext("A numeric value must be specified for DPD retries."); } + if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2") + $input_errors[] = gettext("Valid arguments for IKE type is v1 or v2"); + /* build our encryption algorithms array */ $pconfig['ealgo'] = array(); $pconfig['ealgo']['name'] = $_POST['ealgo']; @@ -305,6 +308,7 @@ if ($_POST) { if (!$input_errors) { $ph1ent['ikeid'] = $pconfig['ikeid']; + $ph1ent['iketype'] = $pconfig['iketype']; $ph1ent['disabled'] = $pconfig['disabled'] ? true : false; $ph1ent['interface'] = $pconfig['interface']; /* if the remote gateway changed and the interface is not WAN then remove route */ @@ -337,8 +341,6 @@ if ($_POST) { $ph1ent['certref'] = $pconfig['certref']; $ph1ent['caref'] = $pconfig['caref']; $ph1ent['authentication_method'] = $pconfig['authentication_method']; - $ph1ent['generate_policy'] = $pconfig['generate_policy']; - $ph1ent['proposal_check'] = $pconfig['proposal_check']; $ph1ent['descr'] = $pconfig['descr']; $ph1ent['nat_traversal'] = $pconfig['nat_traversal']; @@ -530,6 +532,21 @@ function dpdchkbox_change() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Key Exchange version"); ?></td> + <td width="78%" class="vtable"> + <select name="iketype" class="formselect"> + <?php + $keyexchange = array("ikev1" => "V1", "ikev2" => "V2"); + foreach ($keyexchange as $kidx => $name): + ?> + <option value="<?=$kidx;?>" <?php if ($kidx == $pconfig['iketype']) echo "selected"; ?>> + <?=htmlspecialchars($name);?> + </option> + <?php endforeach; ?> + </select> <br /> <span class="vexpl"><?=gettext("Select the KeyExchange Protocol version to be used. Usually known as IKEv1 or IKEv2."); ?>.</span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Internet Protocol"); ?></td> <td width="78%" class="vtable"> <select name="protocol" class="formselect"> @@ -638,11 +655,11 @@ function dpdchkbox_change() { <td width="78%" class="vtable"> <select name="mode" class="formselect"> <?php - $modes = array("main","aggressive","base"); - foreach ($modes as $mode): + $modes = array("main" => "Main", "aggressive" => "Aggressive"); + foreach ($modes as $mode => $mdescr): ?> <option value="<?=$mode;?>" <?php if ($mode == $pconfig['mode']) echo "selected"; ?>> - <?=htmlspecialchars($mode);?> + <?=htmlspecialchars($mdescr);?> </option> <?php endforeach; ?> </select> <br /> <span class="vexpl"><?=gettext("Aggressive is more flexible, but less secure"); ?>.</span> @@ -692,38 +709,6 @@ function dpdchkbox_change() { </span> </td> </tr> - <tr id="generate_policy"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Policy Generation"); ?></td> - <td width="78%" class="vtable"> - <select name="generate_policy" class="formselect"> - <option value="" <?php if (empty($pconfig['generate_policy'])) echo "selected"; ?>>Default</option> - <option value="on" <?php if ($pconfig['generate_policy'] == "on") echo "selected"; ?>>On</option> - <option value="off" <?php if ($pconfig['generate_policy'] == "off") echo "selected"; ?>>Off</option> - <option value="require" <?php if ($pconfig['generate_policy'] == "require") echo "selected"; ?>>Require</option> - <option value="unique" <?php if ($pconfig['generate_policy'] == "unique") echo "selected"; ?>>Unique</option> - </select> - <br /> - <span class="vexpl"> - <?=gettext("When working as a responder (as with mobile clients), this controls how policies are generated based on SA proposals."); ?> - </span> - </td> - </tr> - <tr id="proposal_check"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Proposal Checking"); ?></td> - <td width="78%" class="vtable"> - <select name="proposal_check" class="formselect"> - <option value="" <?php if (empty($pconfig['proposal_check'])) echo "selected"; ?>>Default</option> - <option value="obey" <?php if ($pconfig['proposal_check'] == "obey") echo "selected"; ?>>Obey</option> - <option value="strict" <?php if ($pconfig['proposal_check'] == "strict") echo "selected"; ?>>Strict</option> - <option value="claim" <?php if ($pconfig['proposal_check'] == "claim") echo "selected"; ?>>Claim</option> - <option value="exact" <?php if ($pconfig['proposal_check'] == "exact") echo "selected"; ?>>Exact</option> - </select> - <br /> - <span class="vexpl"> - <?=gettext("Specifies the action of lifetime length, key length, and PFS of the phase 2 selection on the responder side, and the action of lifetime check in phase 1."); ?> - </span> - </td> - </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td> <td width="78%" class="vtable"> |