summaryrefslogtreecommitdiffstats
path: root/usr/local/www/widgets
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local/www/widgets')
-rw-r--r--usr/local/www/widgets/include/ipsec.inc81
-rw-r--r--usr/local/www/widgets/widgets/ipsec.widget.php26
2 files changed, 13 insertions, 94 deletions
diff --git a/usr/local/www/widgets/include/ipsec.inc b/usr/local/www/widgets/include/ipsec.inc
deleted file mode 100644
index 5484d63..0000000
--- a/usr/local/www/widgets/include/ipsec.inc
+++ /dev/null
@@ -1,81 +0,0 @@
-<?php
-//set variable for custom title
-$ipsec_title = "IPsec";
-
-function get_ipsec_tunnel_sad() {
- /* query SAD */
- $fd = @popen("/usr/local/sbin/setkey -D", "r");
- $sad = array();
- if ($fd) {
- while (!feof($fd)) {
- $line = chop(fgets($fd));
- if (!$line)
- continue;
- if ($line == "No SAD entries.")
- break;
- if ($line[0] != "\t") {
- if (is_array($cursa))
- $sad[] = $cursa;
- $cursa = array();
- list($cursa['src'],$cursa['dst']) = explode(" ", $line);
- $i = 0;
- } else {
- $linea = explode(" ", trim($line));
- if ($i == 1) {
- $cursa['proto'] = $linea[0];
- $cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1);
- } else if ($i == 2) {
- $cursa['ealgo'] = $linea[1];
- } else if ($i == 3) {
- $cursa['aalgo'] = $linea[1];
- }
- }
- $i++;
- }
- if (is_array($cursa) && count($cursa))
- $sad[] = $cursa;
- pclose($fd);
- }
- return($sad);
-}
-
-function get_ipsec_tunnel_src($tunnel) {
- global $g, $config, $sad;
- $if = "WAN";
- if ($tunnel['interface']) {
- $if = $tunnel['interface'];
- $realinterface = convert_friendly_interface_to_real_interface_name($if);
- $interfaceip = find_interface_ip($realinterface);
- }
- return $interfaceip;
-}
-
-function output_ipsec_tunnel_status($tunnel) {
- global $g, $config, $sad;
- $if = "WAN";
- $interfaceip = get_ipsec_tunnel_src($tunnel);
- $foundsrc = false;
- $founddst = false;
-
- if(!is_array($sad)) {
- /* we have no sad array, bail */
- return(false);
- }
- foreach($sad as $sa) {
- if($sa['src'] == $interfaceip)
- $foundsrc = true;
- if($sa['dst'] == $tunnel['remote-gateway'])
- $founddst = true;
- }
- if($foundsrc && $founddst) {
- /* tunnel is up */
- $iconfn = "pass";
- return(true);
- } else {
- /* tunnel is down */
- $iconfn = "reject";
- return(false);
- }
-}
-
-?>
diff --git a/usr/local/www/widgets/widgets/ipsec.widget.php b/usr/local/www/widgets/widgets/ipsec.widget.php
index dd033c0..1a63029 100644
--- a/usr/local/www/widgets/widgets/ipsec.widget.php
+++ b/usr/local/www/widgets/widgets/ipsec.widget.php
@@ -33,9 +33,8 @@
require_once("guiconfig.inc");
require_once("pfsense-utils.inc");
require_once("functions.inc");
-require_once("/usr/local/www/widgets/include/ipsec.inc");
- if (isset($config['ipsec']['tunnel'])){?>
+ if (isset($config['ipsec']['phase1'])){?>
<div>&nbsp;</div>
<?php
$tab_array = array();
@@ -43,26 +42,27 @@ require_once("/usr/local/www/widgets/include/ipsec.inc");
$tab_array[1] = array("Tunnel Status", false, "ipsec-tunnel");
display_widget_tabs($tab_array);
- $sad = array();
- $sad = get_ipsec_tunnel_sad();
+ $spd = ipsec_dump_spd();
+ $sad = ipsec_dump_sad();
$activecounter = 0;
$inactivecounter = 0;
$ipsec_detail_array = array();
- foreach ($config['ipsec']['tunnel'] as $tunnel){
+ foreach ($config['ipsec']['phase2'] as $ph2ent){
+ ipsec_lookup_phase1($ph2ent,$ph1ent);
$ipsecstatus = false;
$tun_disabled = "false";
$foundsrc = false;
$founddst = false;
- if (isset($tunnel['disabled'])) {
+ if (isset($ph1ent['disabled']) || isset($ph2ent['disabled'])) {
$tun_disabled = "true";
continue;
- }
+ }
- if(output_ipsec_tunnel_status($tunnel)) {
+ if(ipsec_phase2_status($spd,$sad,$ph1ent,$ph2ent)) {
/* tunnel is up */
$iconfn = "true";
$activecounter++;
@@ -72,16 +72,16 @@ require_once("/usr/local/www/widgets/include/ipsec.inc");
$inactivecounter++;
}
- $ipsec_detail_array[] = array('src' => $tunnel['interface'],
- 'dest' => $tunnel['remote-gateway'],
- 'remote-subnet' => $tunnel['remote-subnet'],
- 'descr' => $tunnel['descr'],
+ $ipsec_detail_array[] = array('src' => $ph1ent['interface'],
+ 'dest' => $ph1ent['remote-gateway'],
+ 'remote-subnet' => ipsec_idinfo_to_text($ph2ent['remoteid']),
+ 'descr' => $ph2ent['descr'],
'status' => $iconfn,
'disabled' => $tun_disabled);
}
}
- if (isset($config['ipsec']['tunnel'])){ ?>
+ if (isset($config['ipsec']['phase2'])){ ?>
<div id="ipsec-Overview" style="display:block;background-color:#EEEEEE;">
<div>
OpenPOWER on IntegriCloud