diff options
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/diag_ipsec.php | 191 |
1 files changed, 191 insertions, 0 deletions
diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php new file mode 100644 index 0000000..80e80a5 --- /dev/null +++ b/usr/local/www/diag_ipsec.php @@ -0,0 +1,191 @@ +<?php +/* $Id$ */ +/* + diag_ipsec.php + Copyright (C) 2007 Scott Ullrich + All rights reserved. + + Parts of this code was originally based on vpn_ipsec_sad.php + Copyright (C) 2003-2004 Manuel Kasper + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = "Diagnostics: IPSec"; + +require("guiconfig.inc"); +include("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<div id="inputerrors"></div> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[0] = array("Overview", true, "diag_ipsec_sad.php"); + $tab_array[1] = array("SAD", false, "diag_ipsec_sad.php"); + $tab_array[2] = array("SPD", false, "diag_ipsec_spd.php"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td> +<?php + +/* query SAD */ +$fd = @popen("/sbin/setkey -D", "r"); +$sad = array(); +if ($fd) { + while (!feof($fd)) { + $line = chop(fgets($fd)); + if (!$line) + continue; + if ($line == "No SAD entries.") + break; + if ($line[0] != "\t") { + if (is_array($cursa)) + $sad[] = $cursa; + $cursa = array(); + list($cursa['src'],$cursa['dst']) = explode(" ", $line); + $i = 0; + } else { + $linea = explode(" ", trim($line)); + if ($i == 1) { + $cursa['proto'] = $linea[0]; + $cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1); + } else if ($i == 2) { + $cursa['ealgo'] = $linea[1]; + } else if ($i == 3) { + $cursa['aalgo'] = $linea[1]; + } + } + $i++; + } + if (is_array($cursa) && count($cursa)) + $sad[] = $cursa; + pclose($fd); +} +?> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> +<?php if (count($sad)): ?> + <tr> + <td nowrap class="listhdrr">Source</td> + <td nowrap class="listhdrr">Destination</a></td> + <td nowrap class="listhdrr">Status</td> + </tr> +<?php +foreach ($config['ipsec']['tunnel'] as $ipsec): ?> + <tr> + <td class="listlr"><?=htmlspecialchars(get_ipsec_tunnel_src($ipsec));?></td> + <td class="listr"><?=htmlspecialchars($ipsec['remote-gateway']);?></td> + <td class="listr"><?php echo output_ipsec_tunnel_status($ipsec); ?></td> + </tr> +<?php endforeach; ?> +<?php else: ?> + <tr> + <td> + <p> + <strong>No IPsec security associations.</strong> + </p> + </td> + </tr> +<?php endif; ?> + <tr> + <td colspan="4"> + <p> + <span class="vexpl"> + <span class="red"> + <strong> + Note:<br /> + </strong> + </span> + You can configure your IPSEC + <a href="vpn_ipsec.php">here</a>. + </span> + </p> + </td> + </tr> +</table> +</div> + +</td></tr> + +</table> + +<?php include("fend.inc"); ?> +</body> +</html> + +<?php + +function get_ipsec_tunnel_src($tunnel) { + global $g, $config, $sad; + $if = "WAN"; + if ($tunnel['interface']) { + $iflabels = array('lan' => 'LAN', 'wan' => 'WAN'); + $carpips = find_number_of_needed_carp_interfaces(); + for($j=0; $j<$carpips; $j++) { + $interfaceip = find_interface_ip("carp" . $j); + $iflabels['carp' . $j] = $interfaceip; + } + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { + $realinterface = convert_friendly_interface_to_real_interface_name('opt' . $j); + $iflabels['opt' . $j] = find_interface_ip($realinterface); + } + $interfaceip = $iflabels[$tunnel['interface']]; + } else { + $realinterface = convert_friendly_interface_to_real_interface_name($if); + $interfaceip = find_interface_ip($realinterface); + } + return $interfaceip; +} + +function output_ipsec_tunnel_status($tunnel) { + global $g, $config, $sad; + $if = "WAN"; + $interfaceip = get_ipsec_tunnel_src($tunnel); + echo $interfaceip; + $foundsrc = false; + $founddst = false; + foreach($sad as $sa) { + if($sa['src'] == $interfaceip) + $foundsrc = true; + if($sa['dst'] == $tunnel['remote-gateway']) + $founddst = true; + } + if($foundsrc && $founddst) { + /* tunnel is up */ + $iconfn = "pass"; + } else { + /* tunnel is down */ + $iconfn = "reject"; + } + echo "<img src ='/themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'>"; +} + +?>
\ No newline at end of file |