diff options
Diffstat (limited to 'usr/local/www/widgets')
-rw-r--r-- | usr/local/www/widgets/include/ipsec.inc | 81 | ||||
-rw-r--r-- | usr/local/www/widgets/widgets/ipsec.widget.php | 26 |
2 files changed, 13 insertions, 94 deletions
diff --git a/usr/local/www/widgets/include/ipsec.inc b/usr/local/www/widgets/include/ipsec.inc deleted file mode 100644 index 5484d63..0000000 --- a/usr/local/www/widgets/include/ipsec.inc +++ /dev/null @@ -1,81 +0,0 @@ -<?php -//set variable for custom title -$ipsec_title = "IPsec"; - -function get_ipsec_tunnel_sad() { - /* query SAD */ - $fd = @popen("/usr/local/sbin/setkey -D", "r"); - $sad = array(); - if ($fd) { - while (!feof($fd)) { - $line = chop(fgets($fd)); - if (!$line) - continue; - if ($line == "No SAD entries.") - break; - if ($line[0] != "\t") { - if (is_array($cursa)) - $sad[] = $cursa; - $cursa = array(); - list($cursa['src'],$cursa['dst']) = explode(" ", $line); - $i = 0; - } else { - $linea = explode(" ", trim($line)); - if ($i == 1) { - $cursa['proto'] = $linea[0]; - $cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1); - } else if ($i == 2) { - $cursa['ealgo'] = $linea[1]; - } else if ($i == 3) { - $cursa['aalgo'] = $linea[1]; - } - } - $i++; - } - if (is_array($cursa) && count($cursa)) - $sad[] = $cursa; - pclose($fd); - } - return($sad); -} - -function get_ipsec_tunnel_src($tunnel) { - global $g, $config, $sad; - $if = "WAN"; - if ($tunnel['interface']) { - $if = $tunnel['interface']; - $realinterface = convert_friendly_interface_to_real_interface_name($if); - $interfaceip = find_interface_ip($realinterface); - } - return $interfaceip; -} - -function output_ipsec_tunnel_status($tunnel) { - global $g, $config, $sad; - $if = "WAN"; - $interfaceip = get_ipsec_tunnel_src($tunnel); - $foundsrc = false; - $founddst = false; - - if(!is_array($sad)) { - /* we have no sad array, bail */ - return(false); - } - foreach($sad as $sa) { - if($sa['src'] == $interfaceip) - $foundsrc = true; - if($sa['dst'] == $tunnel['remote-gateway']) - $founddst = true; - } - if($foundsrc && $founddst) { - /* tunnel is up */ - $iconfn = "pass"; - return(true); - } else { - /* tunnel is down */ - $iconfn = "reject"; - return(false); - } -} - -?> diff --git a/usr/local/www/widgets/widgets/ipsec.widget.php b/usr/local/www/widgets/widgets/ipsec.widget.php index dd033c0..1a63029 100644 --- a/usr/local/www/widgets/widgets/ipsec.widget.php +++ b/usr/local/www/widgets/widgets/ipsec.widget.php @@ -33,9 +33,8 @@ require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("functions.inc"); -require_once("/usr/local/www/widgets/include/ipsec.inc"); - if (isset($config['ipsec']['tunnel'])){?> + if (isset($config['ipsec']['phase1'])){?> <div> </div> <?php $tab_array = array(); @@ -43,26 +42,27 @@ require_once("/usr/local/www/widgets/include/ipsec.inc"); $tab_array[1] = array("Tunnel Status", false, "ipsec-tunnel"); display_widget_tabs($tab_array); - $sad = array(); - $sad = get_ipsec_tunnel_sad(); + $spd = ipsec_dump_spd(); + $sad = ipsec_dump_sad(); $activecounter = 0; $inactivecounter = 0; $ipsec_detail_array = array(); - foreach ($config['ipsec']['tunnel'] as $tunnel){ + foreach ($config['ipsec']['phase2'] as $ph2ent){ + ipsec_lookup_phase1($ph2ent,$ph1ent); $ipsecstatus = false; $tun_disabled = "false"; $foundsrc = false; $founddst = false; - if (isset($tunnel['disabled'])) { + if (isset($ph1ent['disabled']) || isset($ph2ent['disabled'])) { $tun_disabled = "true"; continue; - } + } - if(output_ipsec_tunnel_status($tunnel)) { + if(ipsec_phase2_status($spd,$sad,$ph1ent,$ph2ent)) { /* tunnel is up */ $iconfn = "true"; $activecounter++; @@ -72,16 +72,16 @@ require_once("/usr/local/www/widgets/include/ipsec.inc"); $inactivecounter++; } - $ipsec_detail_array[] = array('src' => $tunnel['interface'], - 'dest' => $tunnel['remote-gateway'], - 'remote-subnet' => $tunnel['remote-subnet'], - 'descr' => $tunnel['descr'], + $ipsec_detail_array[] = array('src' => $ph1ent['interface'], + 'dest' => $ph1ent['remote-gateway'], + 'remote-subnet' => ipsec_idinfo_to_text($ph2ent['remoteid']), + 'descr' => $ph2ent['descr'], 'status' => $iconfn, 'disabled' => $tun_disabled); } } - if (isset($config['ipsec']['tunnel'])){ ?> + if (isset($config['ipsec']['phase2'])){ ?> <div id="ipsec-Overview" style="display:block;background-color:#EEEEEE;"> <div> |