summaryrefslogtreecommitdiffstats
path: root/usr/local
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local')
-rw-r--r--usr/local/www/services_dhcp.php3
-rw-r--r--usr/local/www/vpn_ipsec.php143
-rw-r--r--usr/local/www/vpn_ipsec_keys.php211
-rw-r--r--usr/local/www/vpn_ipsec_keys_edit.php145
-rw-r--r--usr/local/www/vpn_ipsec_mobile.php218
-rw-r--r--usr/local/www/vpn_ipsec_phase1.php442
-rw-r--r--usr/local/www/vpn_ipsec_phase2.php270
-rw-r--r--usr/local/www/vpn_ipsec_settings.php111
-rw-r--r--usr/local/www/vpn_openvpn_client.php304
-rw-r--r--usr/local/www/vpn_openvpn_csc.php204
-rw-r--r--usr/local/www/vpn_openvpn_server.php532
11 files changed, 1521 insertions, 1062 deletions
diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php
index 653d777..7b9cc20 100644
--- a/usr/local/www/services_dhcp.php
+++ b/usr/local/www/services_dhcp.php
@@ -562,10 +562,11 @@ if ((isset($_POST['submit']) || isset($_POST['apply'])) && (!$input_errors)) {
}
} else if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) {
$retvaldns = services_unbound_configure();
- if ($retvaldns == 0)
+ if ($retvaldns == 0) {
clear_subsystem_dirty('unbound');
clear_subsystem_dirty('hosts');
clear_subsystem_dirty('staticmaps');
+ }
} else {
$retvaldhcp = services_dhcpd_configure();
if ($retvaldhcp == 0) {
diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php
index 6ca6d32..fd400b0 100644
--- a/usr/local/www/vpn_ipsec.php
+++ b/usr/local/www/vpn_ipsec.php
@@ -45,11 +45,13 @@ require_once("shaper.inc");
require_once("ipsec.inc");
require_once("vpn.inc");
-if (!is_array($config['ipsec']['phase1']))
+if (!is_array($config['ipsec']['phase1'])) {
$config['ipsec']['phase1'] = array();
+}
-if (!is_array($config['ipsec']['phase2']))
+if (!is_array($config['ipsec']['phase2'])) {
$config['ipsec']['phase2'] = array();
+}
$a_phase1 = &$config['ipsec']['phase1'];
$a_phase2 = &$config['ipsec']['phase2'];
@@ -64,8 +66,9 @@ if ($_POST) {
filter_configure();
$savemsg = get_std_save_message($retval);
if ($retval >= 0) {
- if (is_subsystem_dirty('ipsec'))
+ if (is_subsystem_dirty('ipsec')) {
clear_subsystem_dirty('ipsec');
+ }
}
} else if ($_POST['submit']) {
$pconfig = $_POST;
@@ -81,8 +84,9 @@ if ($_POST) {
foreach ($_POST['p1entry'] as $p1entrydel) {
unset($a_phase1[$p1entrydel]);
}
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('ipsec');
+ }
}
} else if (isset($_POST['delp2_x'])) {
/* delete selected p2 entries */
@@ -90,8 +94,9 @@ if ($_POST) {
foreach ($_POST['p2entry'] as $p2entrydel) {
unset($a_phase2[$p2entrydel]);
}
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('ipsec');
+ }
}
} else {
/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
@@ -120,29 +125,35 @@ if ($_POST) {
/* copy all p1 entries < $movebtn and not selected */
for ($i = 0; $i < $movebtn; $i++) {
- if (!in_array($i, $_POST['p1entry']))
+ if (!in_array($i, $_POST['p1entry'])) {
$a_phase1_new[] = $a_phase1[$i];
+ }
}
/* copy all selected p1 entries */
for ($i = 0; $i < count($a_phase1); $i++) {
- if ($i == $movebtn)
+ if ($i == $movebtn) {
continue;
- if (in_array($i, $_POST['p1entry']))
+ }
+ if (in_array($i, $_POST['p1entry'])) {
$a_phase1_new[] = $a_phase1[$i];
+ }
}
/* copy $movebtn p1 entry */
- if ($movebtn < count($a_phase1))
+ if ($movebtn < count($a_phase1)) {
$a_phase1_new[] = $a_phase1[$movebtn];
+ }
/* copy all p1 entries > $movebtn and not selected */
for ($i = $movebtn+1; $i < count($a_phase1); $i++) {
- if (!in_array($i, $_POST['p1entry']))
+ if (!in_array($i, $_POST['p1entry'])) {
$a_phase1_new[] = $a_phase1[$i];
+ }
}
- if (count($a_phase1_new) > 0)
+ if (count($a_phase1_new) > 0) {
$a_phase1 = $a_phase1_new;
+ }
} else if (isset($movebtnp2) && is_array($_POST['p2entry']) && count($_POST['p2entry'])) {
/* move selected p2 entries before this */
@@ -150,65 +161,74 @@ if ($_POST) {
/* copy all p2 entries < $movebtnp2 and not selected */
for ($i = 0; $i < $movebtnp2; $i++) {
- if (!in_array($i, $_POST['p2entry']))
+ if (!in_array($i, $_POST['p2entry'])) {
$a_phase2_new[] = $a_phase2[$i];
+ }
}
/* copy all selected p2 entries */
for ($i = 0; $i < count($a_phase2); $i++) {
- if ($i == $movebtnp2)
+ if ($i == $movebtnp2) {
continue;
- if (in_array($i, $_POST['p2entry']))
+ }
+ if (in_array($i, $_POST['p2entry'])) {
$a_phase2_new[] = $a_phase2[$i];
+ }
}
/* copy $movebtnp2 p2 entry */
- if ($movebtnp2 < count($a_phase2))
+ if ($movebtnp2 < count($a_phase2)) {
$a_phase2_new[] = $a_phase2[$movebtnp2];
+ }
/* copy all p2 entries > $movebtnp2 and not selected */
for ($i = $movebtnp2+1; $i < count($a_phase2); $i++) {
- if (!in_array($i, $_POST['p2entry']))
+ if (!in_array($i, $_POST['p2entry'])) {
$a_phase2_new[] = $a_phase2[$i];
+ }
}
- if (count($a_phase2_new) > 0)
+ if (count($a_phase2_new) > 0) {
$a_phase2 = $a_phase2_new;
+ }
} else if (isset($togglebtn)) {
- if (isset($a_phase1[$togglebtn]['disabled']))
+ if (isset($a_phase1[$togglebtn]['disabled'])) {
unset($a_phase1[$togglebtn]['disabled']);
- else
+ } else {
$a_phase1[$togglebtn]['disabled'] = true;
-
+ }
} else if (isset($togglebtnp2)) {
- if (isset($a_phase2[$togglebtnp2]['disabled']))
+ if (isset($a_phase2[$togglebtnp2]['disabled'])) {
unset($a_phase2[$togglebtnp2]['disabled']);
- else
+ } else {
$a_phase2[$togglebtnp2]['disabled'] = true;
-
+ }
} else if (isset($delbtn)) {
/* remove static route if interface is not WAN */
- if ($a_phase1[$delbtn]['interface'] <> "wan")
+ if ($a_phase1[$delbtn]['interface'] <> "wan") {
mwexec("/sbin/route delete -host {$a_phase1[$delbtn]['remote-gateway']}");
+ }
/* remove all phase2 entries that match the ikeid */
$ikeid = $a_phase1[$delbtn]['ikeid'];
- foreach ($a_phase2 as $p2index => $ph2tmp)
+ foreach ($a_phase2 as $p2index => $ph2tmp) {
if ($ph2tmp['ikeid'] == $ikeid) {
unset($a_phase2[$p2index]);
}
-
+ }
unset($a_phase1[$delbtn]);
} else if (isset($delbtnp2)) {
unset($a_phase2[$delbtnp2]);
- } else
+ } else {
$save = 0;
+ }
if ($save === 1) {
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('ipsec');
+ }
}
}
}
@@ -225,10 +245,12 @@ include("head.inc");
<form action="vpn_ipsec.php" method="post">
<script type="text/javascript" src="/javascript/row_toggle.js"></script>
<?php
- if ($savemsg)
+ if ($savemsg) {
print_info_box($savemsg);
- if ($pconfig['enable'] && is_subsystem_dirty('ipsec'))
+ }
+ if ($pconfig['enable'] && is_subsystem_dirty('ipsec')) {
print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec">
<tr>
@@ -303,10 +325,11 @@ include("head.inc");
<td class="listlr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>">
<?=$spans;?>
<?php
- if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1")
+ if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1") {
echo "V1";
- else
+ } else {
echo "V2";
+ }
?>
<?=$spane;?>
</td>
@@ -317,38 +340,43 @@ include("head.inc");
$iflabels = get_configured_interface_with_descr();
$carplist = get_configured_carp_interface_list();
- foreach ($carplist as $cif => $carpip)
+ foreach ($carplist as $cif => $carpip) {
$iflabels[$cif] = $carpip." (".get_vip_descr($carpip).")";
+ }
$aliaslist = get_configured_ip_aliases_list();
- foreach ($aliaslist as $aliasip => $aliasif)
+ foreach ($aliaslist as $aliasip => $aliasif) {
$iflabels[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
+ }
$grouplist = return_gateway_groups_array();
foreach ($grouplist as $name => $group) {
- if($group[0]['vip'] <> "")
+ if ($group[0]['vip'] <> "") {
$vipif = $group[0]['vip'];
- else
+ } else {
$vipif = $group[0]['int'];
+ }
$iflabels[$name] = "GW Group {$name}";
}
$if = htmlspecialchars($iflabels[$ph1ent['interface']]);
- }
- else
+ } else {
$if = "WAN";
+ }
- if (!isset($ph1ent['mobile']))
+ if (!isset($ph1ent['mobile'])) {
echo $if."<br />".$ph1ent['remote-gateway'];
- else
+ } else {
echo $if."<br /><strong>" . gettext("Mobile Client") . "</strong>";
+ }
?>
<?=$spane;?>
</td>
<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>">
<?=$spans;?>
<?php
- if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1")
+ if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1") {
echo "{$ph1ent['mode']}";
+ }
?>
<?=$spane;?>
</td>
@@ -357,10 +385,11 @@ include("head.inc");
<?=$p1_ealgos[$ph1ent['encryption-algorithm']['name']]['name'];?>
<?php
if ($ph1ent['encryption-algorithm']['keylen']) {
- if ($ph1ent['encryption-algorithm']['keylen']=="auto")
+ if ($ph1ent['encryption-algorithm']['keylen']=="auto") {
echo " (" . gettext("auto") . ")";
- else
+ } else {
echo " ({$ph1ent['encryption-algorithm']['keylen']} " . gettext("bits") . ")";
+ }
}
?>
<?=$spane;?>
@@ -417,18 +446,20 @@ include("head.inc");
<td class="listt">&nbsp;</td>
<td class="listrborder" colspan="6">
<?php
- if (isset($_POST["tdph2-{$i}-visible"]))
+ if (isset($_POST["tdph2-{$i}-visible"])) {
$tdph2_visible = htmlspecialchars($_POST["tdph2-{$i}-visible"]);
- else
+ } else {
$tdph2_visible = 0;
+ }
?>
<input type="hidden" name="tdph2-<?=$i;?>-visible" id="tdph2-<?=$i;?>-visible" value="<?=$tdph2_visible?>" />
<div id="shph2but-<?=$i?>" <?php echo ($tdph2_visible == '1' ? 'style="display:none"' : '');?>>
<?php
$phase2count=0;
foreach ($a_phase2 as $ph2ent) {
- if ($ph2ent['ikeid'] != $ph1ent['ikeid'])
+ if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
continue;
+ }
$phase2count++;
}
$fr_prefix = "frp2{$i}";
@@ -438,7 +469,7 @@ include("head.inc");
</div>
<div id="tdph2-<?=$i?>" <?php echo ($tdph2_visible != '1' ? 'style="display:none"' : '');?>>
<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0" summary="phase-2 entries">
- <tr id="<?=$fr_header;?>">
+ <tr id="<?=$fr_header;?>">
<td>&nbsp;</td>
<td>&nbsp;</td>
<td class="listhdrr"><?=gettext("Mode"); ?></td>
@@ -452,8 +483,9 @@ include("head.inc");
<?php
$j = 0;
foreach ($a_phase2 as $ph2index => $ph2ent):
- if ($ph2ent['ikeid'] != $ph1ent['ikeid'])
+ if ($ph2ent['ikeid'] != $ph1ent['ikeid']) {
continue;
+ }
$fr_c = $fr_prefix . "c" . $j;
$fr_d = $fr_prefix . "d" . $j;
@@ -468,7 +500,7 @@ include("head.inc");
?>
<tr valign="top" id="<?=$fr_prefix . $j;?>" ondblclick="document.location='vpn_ipsec_phase2.php?p2index=<?=$ph2ent['uniqid'];?>'">
<td class="listt" align="center" valign="middle">
- <input type="checkbox" id="<?=$fr_c;?>" name="p2entry[]" value="<?=$ph2index;?>" onclick="fr_bgcolor('<?=$j;?>', '<?=$fr_prefix;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" />
+ <input type="checkbox" id="<?=$fr_c;?>" name="p2entry[]" value="<?=$ph2index;?>" onclick="fr_bgcolor('<?=$j;?>', '<?=$fr_prefix;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" />
</td>
<td class="listt" align="center" valign="middle">
<input name="togglep2_<?=$ph2index;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn?>.gif"
@@ -481,7 +513,7 @@ include("head.inc");
<?=$spane;?>
</td>
<?php
- if(($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == "tunnel6")):
+ if (($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == "tunnel6")):
?>
<td class="listr nowrap" id="<?=$fr_d;?>" onclick="fr_toggle('<?=$j;?>', '<?=$fr_prefix;?>')">
<?=$spans;?>
@@ -507,14 +539,16 @@ include("head.inc");
<?=$spans;?>
<?php
foreach ($ph2ent['encryption-algorithm-option'] as $k => $ph2ea) {
- if ($k)
+ if ($k) {
echo ", ";
+ }
echo $p2_ealgos[$ph2ea['name']]['name'];
if ($ph2ea['keylen']) {
- if ($ph2ea['keylen']=="auto")
+ if ($ph2ea['keylen']=="auto") {
echo " (" . gettext("auto") . ")";
- else
+ } else {
echo " ({$ph2ea['keylen']} " . gettext("bits") . ")";
+ }
}
}
?>
@@ -525,8 +559,9 @@ include("head.inc");
<?php
if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) {
foreach ($ph2ent['hash-algorithm-option'] as $k => $ph2ha) {
- if ($k)
+ if ($k) {
echo ", ";
+ }
echo $p2_halgos[$ph2ha];
}
}
diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php
index ebddcc9..8c30d6b 100644
--- a/usr/local/www/vpn_ipsec_keys.php
+++ b/usr/local/www/vpn_ipsec_keys.php
@@ -3,21 +3,21 @@
vpn_ipsec_keys.php
part of m0n0wall (http://m0n0.ch/wall)
part of pfSense
-
+
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
Copyright (C) 2013-2015 Electric Sheep Fencing, LP
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -61,8 +61,9 @@ if (isset($_POST['apply'])) {
/* reload the filter in the background */
filter_configure();
$savemsg = get_std_save_message($retval);
- if (is_subsystem_dirty('ipsec'))
+ if (is_subsystem_dirty('ipsec')) {
clear_subsystem_dirty('ipsec');
+ }
}
if ($_GET['act'] == "del") {
@@ -85,16 +86,17 @@ include("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<form action="vpn_ipsec_keys.php" method="post">
-<?php
-if ($savemsg)
+<?php
+if ($savemsg) {
print_info_box($savemsg);
-if (is_subsystem_dirty('ipsec'))
+}
+if (is_subsystem_dirty('ipsec')) {
print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));
-
+}
?>
</form>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec keys">
- <tr><td class="tabnavtbl">
+ <tr><td class="tabnavtbl">
<?php
$tab_array = array();
$tab_array[0] = array(gettext("Tunnels"), false, "vpn_ipsec.php");
@@ -103,92 +105,113 @@ if (is_subsystem_dirty('ipsec'))
$tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
display_top_tabs($tab_array);
?>
- </td></tr>
- <tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
- <tr>
- <td class="listhdrr"><?=gettext("Identifier"); ?></td>
- <td class="listhdrr"><?=gettext("Type"); ?></td>
- <td class="listhdr"><?=gettext("Pre-Shared Key"); ?></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1" summary="add key">
- <tr>
- <td width="20" height="17"></td>
- <td><a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add key"); ?>" width="17" height="17" border="0" alt="add" /></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $i = 0; foreach ($userkeys as $secretent): ?>
- <tr>
- <td class="listlr gray">
- <?php
- if ($secretent['ident'] == 'allusers')
- echo gettext("ANY USER");
- else
- echo htmlspecialchars($secretent['ident']);
- ?>
- </td>
- <td class="listlr gray">
- <?php
- if (empty($secretent['type']))
- echo 'PSK';
- else
- echo htmlspecialchars($secretent['type']);
- ?>
- </td>
- <td class="listr gray">
- <?=htmlspecialchars($secretent['pre-shared-key']);?>
- </td>
- <td class="list nowrap">
- <form action="system_usermanager.php" method="post" name="form_edit_key">
- <input type="hidden" name="act" value="edit" />
- <input type="hidden" name="userid" value="<?=$secretent['id'];?>" />
- <input type="image" name="edituser[]" width="17" height="17" border="0"
- src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
- title="<?=gettext("edit");?>" />
- </form>
- &nbsp;</td>
+ </td></tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
+ <tr>
+ <td class="listhdrr"><?=gettext("Identifier"); ?></td>
+ <td class="listhdrr"><?=gettext("Type"); ?></td>
+ <td class="listhdr"><?=gettext("Pre-Shared Key"); ?></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1" summary="add key">
+ <tr>
+ <td width="20" height="17"></td>
+ <td>
+ <a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add key"); ?>" width="17" height="17" border="0" alt="add" /></a>
+ </td>
+ </tr>
+ </table>
+ </td>
</tr>
- <?php $i++; endforeach; ?>
-
- <?php $i = 0; foreach ($a_secret as $secretent): ?>
- <tr>
- <td class="listlr">
- <?=htmlspecialchars($secretent['ident']);?>
- </td>
- <td class="listlr">
- <?php
- if (empty($secretent['type']))
- echo 'PSK';
- else
- echo htmlspecialchars($secretent['type']);
- ?>
- </td>
- <td class="listr">
- <?=htmlspecialchars($secretent['pre-shared-key']);?>
- </td>
- <td class="list nowrap"><a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit key"); ?>" width="17" height="17" border="0" alt="edit" /></a>
- &nbsp;<a href="vpn_ipsec_keys.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Pre-Shared Key?"); ?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete key"); ?>" width="17" height="17" border="0" alt="delete" /></a></td>
+<?php
+ $i = 0;
+ foreach ($userkeys as $secretent):
+?>
+ <tr>
+ <td class="listlr gray">
+ <?php
+ if ($secretent['ident'] == 'allusers') {
+ echo gettext("ANY USER");
+ } else {
+ echo htmlspecialchars($secretent['ident']);
+ }
+ ?>
+ </td>
+ <td class="listlr gray">
+ <?php
+ if (empty($secretent['type'])) {
+ echo 'PSK';
+ } else {
+ echo htmlspecialchars($secretent['type']);
+ }
+ ?>
+ </td>
+ <td class="listr gray">
+ <?=htmlspecialchars($secretent['pre-shared-key']);?>
+ </td>
+ <td class="list nowrap">
+ <form action="system_usermanager.php" method="post" name="form_edit_key">
+ <input type="hidden" name="act" value="edit" />
+ <input type="hidden" name="userid" value="<?=$secretent['id'];?>" />
+ <input type="image" name="edituser[]" width="17" height="17" border="0"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ title="<?=gettext("edit");?>" />
+ </form>
+ &nbsp;
+ </td>
+ </tr>
+<?php
+ $i++;
+ endforeach;
+?>
+
+<?php
+ $i = 0;
+ foreach ($a_secret as $secretent):
+?>
+ <tr>
+ <td class="listlr">
+ <?=htmlspecialchars($secretent['ident']);?>
+ </td>
+ <td class="listlr">
+ <?php
+ if (empty($secretent['type'])) {
+ echo 'PSK';
+ } else {
+ echo htmlspecialchars($secretent['type']);
+ }
+ ?>
+ </td>
+ <td class="listr">
+ <?=htmlspecialchars($secretent['pre-shared-key']);?>
+ </td>
+ <td class="list nowrap"><a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit key"); ?>" width="17" height="17" border="0" alt="edit" /></a>
+ &nbsp;<a href="vpn_ipsec_keys.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Pre-Shared Key?"); ?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete key"); ?>" width="17" height="17" border="0" alt="delete" /></a>
+ </td>
+ </tr>
+<?php
+ $i++;
+ endforeach;
+?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1" summary="add key">
+ <tr>
+ <td width="20" height="17"></td>
+ <td>
+ <a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add key"); ?>" width="17" height="17" border="0" alt="add" /></a>
+ </td>
+ </tr>
+ </table>
+ </td>
</tr>
- <?php $i++; endforeach; ?>
- <tr>
- <td class="list" colspan="3"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1" summary="add key">
- <tr>
- <td width="20" height="17"></td>
- <td><a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add key"); ?>" width="17" height="17" border="0" alt="add" /></a></td>
- </tr>
</table>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
+ </div>
+ </td>
+ </tr>
<tr>
<td colspan="4">
<p>
diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php
index 82ab80c..6419a6b 100644
--- a/usr/local/www/vpn_ipsec_keys_edit.php
+++ b/usr/local/www/vpn_ipsec_keys_edit.php
@@ -3,21 +3,21 @@
vpn_ipsec_keys_edit.php
part of m0n0wall (http://m0n0.ch/wall)
part of pfSense
-
+
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
Copyright (C) 2013-2015 Electric Sheep Fencing, LP
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -48,10 +48,12 @@ if (!is_array($config['ipsec']['mobilekey'])) {
ipsec_mobilekey_sort();
$a_secret = &$config['ipsec']['mobilekey'];
-if (is_numericint($_GET['id']))
+if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
-if (isset($_POST['id']) && is_numericint($_POST['id']))
+}
+if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
+}
if (isset($id) && $a_secret[$id]) {
$pconfig['ident'] = $a_secret[$id]['ident'];
@@ -64,25 +66,28 @@ if ($_POST) {
foreach ($config['system']['user'] as $uid => $user) {
$userids[$user['name']] = $uid;
}
-
+
unset($input_errors);
$pconfig = $_POST;
/* input validation */
$reqdfields = explode(" ", "ident psk");
- $reqdfieldsn = array(gettext("Identifier"),gettext("Pre-Shared Key"));
-
+ $reqdfieldsn = array(gettext("Identifier"), gettext("Pre-Shared Key"));
+
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
-
- if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident']))
+
+ if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident'])) {
$input_errors[] = gettext("The identifier contains invalid characters.");
+ }
- if (array_key_exists($_POST['ident'], $userids))
+ if (array_key_exists($_POST['ident'], $userids)) {
$input_errors[] = gettext("A user with this name already exists. Add the key to the user instead.");
+ }
unset($userids);
-
- if (isset($_POST['psk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['psk']))
+
+ if (isset($_POST['psk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['psk'])) {
$input_errors[] = gettext("Pre-Shared Key contains invalid characters.");
+ }
if (!$input_errors && !(isset($id) && $a_secret[$id])) {
/* make sure there are no dupes */
@@ -95,15 +100,16 @@ if ($_POST) {
}
if (!$input_errors) {
-
- if (isset($id) && $a_secret[$id])
+
+ if (isset($id) && $a_secret[$id]) {
$secretent = $a_secret[$id];
-
+ }
+
$secretent['ident'] = $_POST['ident'];
$secretent['type'] = $_POST['type'];
$secretent['pre-shared-key'] = $_POST['psk'];
$text = "";
-
+
if (isset($id) && $a_secret[$id]) {
$a_secret[$id] = $secretent;
$text = gettext("Edited");
@@ -111,10 +117,10 @@ if ($_POST) {
$a_secret[] = $secretent;
$text = gettext("Added");
}
-
+
write_config("{$text} IPsec Pre-Shared Keys");
mark_subsystem_dirty('ipsec');
-
+
header("Location: vpn_ipsec_keys.php");
exit;
}
@@ -130,62 +136,63 @@ include("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<?php if ($input_errors) print_input_errors($input_errors); ?>
- <form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform">
- <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="vpn ipsec keys edit">
+<form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="vpn ipsec keys edit">
<tr>
<td colspan="2" valign="top" class="listtopic">Edit pre-shared secret</td>
</tr>
- <tr>
- <td valign="top" class="vncellreq"><?=gettext("Identifier"); ?></td>
- <td class="vtable">
- <?=$mandfldhtml;?><input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=htmlspecialchars($pconfig['ident']);?>" />
- <br />
-<?=gettext("This can be either an IP address, fully qualified domain name or an e-mail address"); ?>.
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Secret type"); ?></td>
- <td width="78%" class="vtable">
- <select name="type" class="formselect">
- <?php
- foreach ($ipsec_preshared_key_type as $value => $descr) {
- echo "<option value='{$value}' ";
- if ($pconfig['type'] == $value)
- echo "selected=\"selected\"";
- echo ">{$descr}</option>";
- }
- ?>
- </select>
- </td>
+ <tr>
+ <td valign="top" class="vncellreq"><?=gettext("Identifier"); ?></td>
+ <td class="vtable">
+ <?=$mandfldhtml;?><input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=htmlspecialchars($pconfig['ident']);?>" />
+ <br />
+ <?=gettext("This can be either an IP address, fully qualified domain name or an e-mail address"); ?>.
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Secret type"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="type" class="formselect">
+ <?php
+ foreach ($ipsec_preshared_key_type as $value => $descr) {
+ echo "<option value='{$value}' ";
+ if ($pconfig['type'] == $value) {
+ echo "selected=\"selected\"";
+ }
+ echo ">{$descr}</option>";
+ }
+ ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
+ <td width="78%" class="vtable">
+ <?=$mandfldhtml;?><input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>" />
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
+ <?php if (isset($id) && $a_secret[$id]): ?>
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
+ <?php endif; ?>
+ </td>
</tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
- <td width="78%" class="vtable">
- <?=$mandfldhtml;?><input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>" />
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
- <?php if (isset($id) && $a_secret[$id]): ?>
- <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
- <?php endif; ?>
- </td>
- </tr>
<tr>
<td colspan="4">
- <p>
- <span class="vexpl">
- <span class="red">
- <strong><?=gettext("Note"); ?>:<br /></strong>
- </span>
- <?=gettext("PSK for any user can be set by using an identifier of any/ANY");?>
- </span>
- </p>
+ <p>
+ <span class="vexpl">
+ <span class="red">
+ <strong><?=gettext("Note"); ?>:<br /></strong>
+ </span>
+ <?=gettext("PSK for any user can be set by using an identifier of any/ANY");?>
+ </span>
+ </p>
</td>
</tr>
- </table>
+ </table>
</form>
<?php include("fend.inc"); ?>
</body>
diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php
index 8fed8e9..86c63f5 100644
--- a/usr/local/www/vpn_ipsec_mobile.php
+++ b/usr/local/www/vpn_ipsec_mobile.php
@@ -1,21 +1,21 @@
<?php
/*
vpn_ipsec_mobile.php
-
+
Copyright (C) 2008 Shrew Soft Inc
Copyright (C) 2013-2015 Electric Sheep Fencing, LP
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -41,13 +41,15 @@ require_once("ipsec.inc");
require_once("vpn.inc");
require_once("filter.inc");
-if (!is_array($config['ipsec']['phase1']))
+if (!is_array($config['ipsec']['phase1'])) {
$config['ipsec']['phase1'] = array();
+}
$a_phase1 = &$config['ipsec']['phase1'];
-if (!is_array($config['ipsec']['client']))
+if (!is_array($config['ipsec']['client'])) {
$config['ipsec']['client'] = array();
+}
$a_client = &$config['ipsec']['client'];
@@ -73,37 +75,47 @@ if (count($a_client)) {
$pconfig['pfs_group'] = $a_client['pfs_group'];
$pconfig['login_banner'] = $a_client['login_banner'];
- if (isset($pconfig['enable']))
+ if (isset($pconfig['enable'])) {
$pconfig['enable'] = true;
+ }
- if ($pconfig['pool_address']&&$pconfig['pool_netbits'])
+ if ($pconfig['pool_address']&&$pconfig['pool_netbits']) {
$pconfig['pool_enable'] = true;
- else
+ } else {
$pconfig['pool_netbits'] = 24;
+ }
- if (isset($pconfig['net_list']))
+ if (isset($pconfig['net_list'])) {
$pconfig['net_list_enable'] = true;
+ }
- if (isset($pconfig['save_passwd']))
+ if (isset($pconfig['save_passwd'])) {
$pconfig['save_passwd_enable'] = true;
+ }
- if ($pconfig['dns_domain'])
+ if ($pconfig['dns_domain']) {
$pconfig['dns_domain_enable'] = true;
+ }
- if ($pconfig['dns_split'])
+ if ($pconfig['dns_split']) {
$pconfig['dns_split_enable'] = true;
+ }
- if ($pconfig['dns_server1']||$pconfig['dns_server2']||$pconfig['dns_server3']||$pconfig['dns_server4'])
+ if ($pconfig['dns_server1']||$pconfig['dns_server2']||$pconfig['dns_server3']||$pconfig['dns_server4']) {
$pconfig['dns_server_enable'] = true;
+ }
- if ($pconfig['wins_server1']||$pconfig['wins_server2'])
+ if ($pconfig['wins_server1']||$pconfig['wins_server2']) {
$pconfig['wins_server_enable'] = true;
+ }
- if (isset($pconfig['pfs_group']))
+ if (isset($pconfig['pfs_group'])) {
$pconfig['pfs_group_enable'] = true;
+ }
- if ($pconfig['login_banner'])
+ if ($pconfig['login_banner']) {
$pconfig['login_banner_enable'] = true;
+ }
}
if ($_POST['create']) {
@@ -115,9 +127,11 @@ if ($_POST['apply']) {
/* NOTE: #4353 Always restart ipsec when mobile clients settings change */
$retval = vpn_ipsec_configure(true);
$savemsg = get_std_save_message($retval);
- if ($retval >= 0)
- if (is_subsystem_dirty('ipsec'))
+ if ($retval >= 0) {
+ if (is_subsystem_dirty('ipsec')) {
clear_subsystem_dirty('ipsec');
+ }
+ }
}
if ($_POST['submit']) {
@@ -127,28 +141,28 @@ if ($_POST['submit']) {
/* input consolidation */
-
-
/* input validation */
$reqdfields = explode(" ", "user_source group_source");
- $reqdfieldsn = array(gettext("User Authentication Source"),gettext("Group Authentication Source"));
+ $reqdfieldsn = array(gettext("User Authentication Source"), gettext("Group Authentication Source"));
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
- if ($pconfig['pool_enable'])
- if (!is_ipaddr($pconfig['pool_address']))
+ if ($pconfig['pool_enable']) {
+ if (!is_ipaddr($pconfig['pool_address'])) {
$input_errors[] = gettext("A valid IP address for 'Virtual Address Pool Network' must be specified.");
-
- if ($pconfig['dns_domain_enable'])
- if (!is_domain($pconfig['dns_domain']))
+ }
+ }
+ if ($pconfig['dns_domain_enable']) {
+ if (!is_domain($pconfig['dns_domain'])) {
$input_errors[] = gettext("A valid value for 'DNS Default Domain' must be specified.");
-
+ }
+ }
if ($pconfig['dns_split_enable']) {
if (!empty($pconfig['dns_split'])) {
/* Replace multiple spaces by single */
$pconfig['dns_split'] = preg_replace('/\s+/', ' ', trim($pconfig['dns_split']));
- $domain_array=explode(' ', $pconfig['dns_split']);
+ $domain_array = explode(' ', $pconfig['dns_split']);
foreach ($domain_array as $curdomain) {
if (!is_domain($curdomain)) {
$input_errors[] = gettext("A valid split DNS domain list must be specified.");
@@ -160,39 +174,51 @@ if ($_POST['submit']) {
if ($pconfig['dns_server_enable']) {
if (!$pconfig['dns_server1'] && !$pconfig['dns_server2'] &&
- !$pconfig['dns_server3'] && !$pconfig['dns_server4'] )
+ !$pconfig['dns_server3'] && !$pconfig['dns_server4'] ) {
$input_errors[] = gettext("At least one DNS server must be specified to enable the DNS Server option.");
- if ($pconfig['dns_server1'] && !is_ipaddr($pconfig['dns_server1']))
+ }
+ if ($pconfig['dns_server1'] && !is_ipaddr($pconfig['dns_server1'])) {
$input_errors[] = gettext("A valid IP address for 'DNS Server #1' must be specified.");
- if ($pconfig['dns_server2'] && !is_ipaddr($pconfig['dns_server2']))
+ }
+ if ($pconfig['dns_server2'] && !is_ipaddr($pconfig['dns_server2'])) {
$input_errors[] = gettext("A valid IP address for 'DNS Server #2' must be specified.");
- if ($pconfig['dns_server3'] && !is_ipaddr($pconfig['dns_server3']))
+ }
+ if ($pconfig['dns_server3'] && !is_ipaddr($pconfig['dns_server3'])) {
$input_errors[] = gettext("A valid IP address for 'DNS Server #3' must be specified.");
- if ($pconfig['dns_server4'] && !is_ipaddr($pconfig['dns_server4']))
+ }
+ if ($pconfig['dns_server4'] && !is_ipaddr($pconfig['dns_server4'])) {
$input_errors[] = gettext("A valid IP address for 'DNS Server #4' must be specified.");
+ }
}
if ($pconfig['wins_server_enable']) {
- if (!$pconfig['wins_server1'] && !$pconfig['wins_server2'])
+ if (!$pconfig['wins_server1'] && !$pconfig['wins_server2']) {
$input_errors[] = gettext("At least one WINS server must be specified to enable the DNS Server option.");
- if ($pconfig['wins_server1'] && !is_ipaddr($pconfig['wins_server1']))
+ }
+ if ($pconfig['wins_server1'] && !is_ipaddr($pconfig['wins_server1'])) {
$input_errors[] = gettext("A valid IP address for 'WINS Server #1' must be specified.");
- if ($pconfig['wins_server2'] && !is_ipaddr($pconfig['wins_server2']))
+ }
+ if ($pconfig['wins_server2'] && !is_ipaddr($pconfig['wins_server2'])) {
$input_errors[] = gettext("A valid IP address for 'WINS Server #2' must be specified.");
+ }
}
- if ($pconfig['login_banner_enable'])
- if (!strlen($pconfig['login_banner']))
+ if ($pconfig['login_banner_enable']) {
+ if (!strlen($pconfig['login_banner'])) {
$input_errors[] = gettext("A valid value for 'Login Banner' must be specified.");
+ }
+ }
if (!$input_errors) {
$client = array();
-
- if ($pconfig['enable'])
+
+ if ($pconfig['enable']) {
$client['enable'] = true;
+ }
- if (!empty($pconfig['user_source']))
+ if (!empty($pconfig['user_source'])) {
$client['user_source'] = implode(",", $pconfig['user_source']);
+ }
$client['group_source'] = $pconfig['group_source'];
if ($pconfig['pool_enable']) {
@@ -200,17 +226,21 @@ if ($_POST['submit']) {
$client['pool_netbits'] = $pconfig['pool_netbits'];
}
- if ($pconfig['net_list_enable'])
+ if ($pconfig['net_list_enable']) {
$client['net_list'] = true;
+ }
- if ($pconfig['save_passwd_enable'])
+ if ($pconfig['save_passwd_enable']) {
$client['save_passwd'] = true;
+ }
- if ($pconfig['dns_domain_enable'])
+ if ($pconfig['dns_domain_enable']) {
$client['dns_domain'] = $pconfig['dns_domain'];
+ }
- if ($pconfig['dns_split_enable'])
+ if ($pconfig['dns_split_enable']) {
$client['dns_split'] = $pconfig['dns_split'];
+ }
if ($pconfig['dns_server_enable']) {
$client['dns_server1'] = $pconfig['dns_server1'];
@@ -224,23 +254,25 @@ if ($_POST['submit']) {
$client['wins_server2'] = $pconfig['wins_server2'];
}
- if ($pconfig['pfs_group_enable'])
+ if ($pconfig['pfs_group_enable']) {
$client['pfs_group'] = $pconfig['pfs_group'];
+ }
- if ($pconfig['login_banner_enable'])
+ if ($pconfig['login_banner_enable']) {
$client['login_banner'] = $pconfig['login_banner'];
+ }
$a_client = $client;
-
+
write_config();
mark_subsystem_dirty('ipsec');
-
+
header("Location: vpn_ipsec_mobile.php");
exit;
}
}
-$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Mobile"));
+$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Mobile"));
$shortcut_section = "ipsec";
include("head.inc");
@@ -265,18 +297,20 @@ function pool_change() {
function dns_domain_change() {
- if (document.iform.dns_domain_enable.checked)
+ if (document.iform.dns_domain_enable.checked) {
document.iform.dns_domain.disabled = 0;
- else
+ } else {
document.iform.dns_domain.disabled = 1;
+ }
}
function dns_split_change() {
- if (document.iform.dns_split_enable.checked)
+ if (document.iform.dns_split_enable.checked) {
document.iform.dns_split.disabled = 0;
- else
+ } else {
document.iform.dns_split.disabled = 1;
+ }
}
function dns_server_change() {
@@ -307,18 +341,20 @@ function wins_server_change() {
function pfs_group_change() {
- if (document.iform.pfs_group_enable.checked)
+ if (document.iform.pfs_group_enable.checked) {
document.iform.pfs_group.disabled = 0;
- else
+ } else {
document.iform.pfs_group.disabled = 1;
+ }
}
function login_banner_change() {
- if (document.iform.login_banner_enable.checked)
+ if (document.iform.login_banner_enable.checked) {
document.iform.login_banner.disabled = 0;
- else
+ } else {
document.iform.login_banner.disabled = 1;
+ }
}
//]]>
@@ -327,17 +363,23 @@ function login_banner_change() {
<form action="vpn_ipsec_mobile.php" method="post" name="iform" id="iform">
<?php
- if ($savemsg)
+ if ($savemsg) {
print_info_box($savemsg);
- if (isset($config['ipsec']['enable']) && is_subsystem_dirty('ipsec'))
+ }
+ if (isset($config['ipsec']['enable']) && is_subsystem_dirty('ipsec')) {
print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));
- foreach ($a_phase1 as $ph1ent)
- if (isset($ph1ent['mobile']))
+ }
+ foreach ($a_phase1 as $ph1ent) {
+ if (isset($ph1ent['mobile'])) {
$ph1found = true;
- if ($pconfig['enable'] && !$ph1found)
+ }
+ }
+ if ($pconfig['enable'] && !$ph1found) {
print_info_box_np(gettext("Support for IPsec Mobile clients is enabled but a Phase1 definition was not found") . ".<br />" . gettext("Please click Create to define one."),gettext("create"),gettext("Create Phase1"));
- if ($input_errors)
+ }
+ if ($input_errors) {
print_input_errors($input_errors);
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec mobile">
@@ -353,7 +395,7 @@ function login_banner_change() {
?>
</td>
</tr>
- <tr>
+ <tr>
<td id="mainarea">
<div class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
@@ -363,7 +405,7 @@ function login_banner_change() {
<table border="0" cellspacing="2" cellpadding="0" summary="ike extensions">
<tr>
<td>
- <?php set_checked($pconfig['enable'],$chk); ?>
+ <?php set_checked($pconfig['enable'], $chk); ?>
<input name="enable" type="checkbox" id="enable" value="yes" <?=$chk;?> />
</td>
<td>
@@ -391,8 +433,9 @@ function login_banner_change() {
$auth_servers = auth_get_authserver_list();
foreach ($auth_servers as $auth_server) {
$selected = "";
- if (in_array($auth_server['name'], $authmodes))
+ if (in_array($auth_server['name'], $authmodes)) {
$selected = "selected=\"selected\"";
+ }
echo "<option value='{$auth_server['name']}' {$selected}>{$auth_server['name']}</option>\n";
}
?>
@@ -412,18 +455,18 @@ function login_banner_change() {
<tr>
<td colspan="2" class="list" height="12"></td>
</tr>
- <tr>
+ <tr>
<td colspan="2" valign="top" class="listtopic">
<?=gettext("Client Configuration (mode-cfg)"); ?>
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Virtual Address Pool"); ?></td>
<td width="78%" class="vtable">
<table border="0" cellspacing="2" cellpadding="0" summary="enable pool">
<tr>
<td>
- <?php set_checked($pconfig['pool_enable'],$chk); ?>
+ <?php set_checked($pconfig['pool_enable'], $chk); ?>
<input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?> onclick="pool_change()" />
</td>
<td>
@@ -455,7 +498,7 @@ function login_banner_change() {
<table border="0" cellspacing="2" cellpadding="0" summary="network list">
<tr>
<td>
- <?php set_checked($pconfig['net_list_enable'],$chk); ?>
+ <?php set_checked($pconfig['net_list_enable'], $chk); ?>
<input name="net_list_enable" type="checkbox" id="net_list_enable" value="yes" <?=$chk;?> />
</td>
<td>
@@ -471,7 +514,7 @@ function login_banner_change() {
<table border="0" cellspacing="2" cellpadding="0" summary="password">
<tr>
<td>
- <?php set_checked($pconfig['save_passwd_enable'],$chk); ?>
+ <?php set_checked($pconfig['save_passwd_enable'], $chk); ?>
<input name="save_passwd_enable" type="checkbox" id="save_passwd_enable" value="yes" <?=$chk;?> />
</td>
<td>
@@ -482,13 +525,13 @@ function login_banner_change() {
</table>
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("DNS Default Domain"); ?></td>
<td width="78%" class="vtable">
<table border="0" cellspacing="2" cellpadding="0" summary="enable dns default domain">
<tr>
<td>
- <?php set_checked($pconfig['dns_domain_enable'],$chk); ?>
+ <?php set_checked($pconfig['dns_domain_enable'], $chk); ?>
<input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onclick="dns_domain_change()" />
</td>
<td>
@@ -511,7 +554,7 @@ function login_banner_change() {
<table border="0" cellspacing="2" cellpadding="0" summary="enable split dns">
<tr>
<td>
- <?php set_checked($pconfig['dns_split_enable'],$chk); ?>
+ <?php set_checked($pconfig['dns_split_enable'], $chk); ?>
<input name="dns_split_enable" type="checkbox" id="dns_split_enable" value="yes" <?=$chk;?> onclick="dns_split_change()" />
</td>
<td>
@@ -529,13 +572,13 @@ function login_banner_change() {
</table>
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("DNS Servers"); ?></td>
<td width="78%" class="vtable">
<table border="0" cellspacing="2" cellpadding="0" summary="enable dns servers">
<tr>
<td>
- <?php set_checked($pconfig['dns_server_enable'],$chk); ?>
+ <?php set_checked($pconfig['dns_server_enable'], $chk); ?>
<input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onclick="dns_server_change()" />
</td>
<td>
@@ -571,13 +614,13 @@ function login_banner_change() {
</table>
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("WINS Servers"); ?></td>
<td width="78%" class="vtable">
<table border="0" cellspacing="2" cellpadding="0" summary="enable wins servers">
<tr>
<td>
- <?php set_checked($pconfig['wins_server_enable'],$chk); ?>
+ <?php set_checked($pconfig['wins_server_enable'], $chk); ?>
<input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onclick="wins_server_change()" />
</td>
<td>
@@ -607,7 +650,7 @@ function login_banner_change() {
<table border="0" cellspacing="2" cellpadding="0" summary="enable pfs group">
<tr>
<td>
- <?php set_checked($pconfig['pfs_group_enable'],$chk); ?>
+ <?php set_checked($pconfig['pfs_group_enable'], $chk); ?>
<input name="pfs_group_enable" type="checkbox" id="pfs_group_enable" value="yes" <?=$chk;?> onclick="pfs_group_change()" />
</td>
<td>
@@ -631,13 +674,13 @@ function login_banner_change() {
</table>
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Login Banner"); ?></td>
<td width="78%" class="vtable">
<table border="0" cellspacing="2" cellpadding="0" summary="enable login banner">
<tr>
<td>
- <?php set_checked($pconfig['login_banner_enable'],$chk); ?>
+ <?php set_checked($pconfig['login_banner_enable'], $chk); ?>
<input name="login_banner_enable" type="checkbox" id="login_banner_enable" value="yes" <?=$chk;?> onclick="login_banner_change()" />
</td>
<td>
@@ -687,10 +730,11 @@ login_banner_change();
/* local utility functions */
function set_checked($var,& $chk) {
- if($var)
+ if ($var) {
$chk = "checked=\"checked\"";
- else
+ } else {
$chk = "";
+ }
}
?>
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index 8128217..79cf671 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -44,48 +44,57 @@ require_once("ipsec.inc");
require_once("vpn.inc");
require_once("filter.inc");
-if (!is_array($config['ipsec']['phase1']))
+if (!is_array($config['ipsec']['phase1'])) {
$config['ipsec']['phase1'] = array();
+}
-if (!is_array($config['ipsec']['phase2']))
+if (!is_array($config['ipsec']['phase2'])) {
$config['ipsec']['phase2'] = array();
+}
$a_phase1 = &$config['ipsec']['phase1'];
$a_phase2 = &$config['ipsec']['phase2'];
-if (is_numericint($_GET['p1index']))
+if (is_numericint($_GET['p1index'])) {
$p1index = $_GET['p1index'];
-if (isset($_POST['p1index']) && is_numericint($_POST['p1index']))
+}
+if (isset($_POST['p1index']) && is_numericint($_POST['p1index'])) {
$p1index = $_POST['p1index'];
+}
-if (isset($_GET['dup']) && is_numericint($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
$p1index = $_GET['dup'];
+}
if (isset($p1index) && $a_phase1[$p1index]) {
// don't copy the ikeid on dup
- if (!isset($_GET['dup']) || !is_numericint($_GET['dup']))
+ if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) {
$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
+ }
$old_ph1ent = $a_phase1[$p1index];
$pconfig['disabled'] = isset($a_phase1[$p1index]['disabled']);
- if ($a_phase1[$p1index]['interface'])
+ if ($a_phase1[$p1index]['interface']) {
$pconfig['interface'] = $a_phase1[$p1index]['interface'];
- else
+ } else {
$pconfig['interface'] = "wan";
+ }
- list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
+ list($pconfig['remotenet'], $pconfig['remotebits']) = explode("/", $a_phase1[$p1index]['remote-subnet']);
- if (isset($a_phase1[$p1index]['mobile']))
+ if (isset($a_phase1[$p1index]['mobile'])) {
$pconfig['mobile'] = 'true';
- else
+ } else {
$pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway'];
+ }
- if (empty($a_phase1[$p1index]['iketype']))
+ if (empty($a_phase1[$p1index]['iketype'])) {
$pconfig['iketype'] = "ikev1";
- else
+ } else {
$pconfig['iketype'] = $a_phase1[$p1index]['iketype'];
+ }
$pconfig['mode'] = $a_phase1[$p1index]['mode'];
$pconfig['protocol'] = $a_phase1[$p1index]['protocol'];
$pconfig['myid_type'] = $a_phase1[$p1index]['myid_type'];
@@ -99,7 +108,7 @@ if (isset($p1index) && $a_phase1[$p1index]) {
$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
if (($pconfig['authentication_method'] == "pre_shared_key") ||
- ($pconfig['authentication_method'] == "xauth_psk_server")) {
+ ($pconfig['authentication_method'] == "xauth_psk_server")) {
$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
} else {
$pconfig['certref'] = $a_phase1[$p1index]['certref'];
@@ -108,14 +117,17 @@ if (isset($p1index) && $a_phase1[$p1index]) {
$pconfig['descr'] = $a_phase1[$p1index]['descr'];
$pconfig['nat_traversal'] = $a_phase1[$p1index]['nat_traversal'];
- $pconfig['mobike'] = $a_phase1[$p1index]['mobike'];
+ $pconfig['mobike'] = $a_phase1[$p1index]['mobike'];
- if (isset($a_phase1[$p1index]['reauth_enable']))
+ if (isset($a_phase1[$p1index]['reauth_enable'])) {
$pconfig['reauth_enable'] = true;
- if (isset($a_phase1[$p1index]['rekey_enable']))
+ }
+ if (isset($a_phase1[$p1index]['rekey_enable'])) {
$pconfig['rekey_enable'] = true;
- if (isset($a_phase1[$p1index]['responderonly']))
+ }
+ if (isset($a_phase1[$p1index]['responderonly'])) {
$pconfig['responderonly'] = true;
+ }
if ($a_phase1[$p1index]['dpd_delay'] && $a_phase1[$p1index]['dpd_maxfail']) {
$pconfig['dpd_enable'] = true;
@@ -125,31 +137,33 @@ if (isset($p1index) && $a_phase1[$p1index]) {
} else {
/* defaults */
$pconfig['interface'] = "wan";
- if($config['interfaces']['lan'])
+ if ($config['interfaces']['lan']) {
$pconfig['localnet'] = "lan";
+ }
$pconfig['mode'] = "main";
$pconfig['protocol'] = "inet";
$pconfig['myid_type'] = "myaddress";
$pconfig['peerid_type'] = "peeraddress";
$pconfig['authentication_method'] = "pre_shared_key";
- $pconfig['ealgo'] = array( name => "aes" );
+ $pconfig['ealgo'] = array(name => "aes");
$pconfig['halgo'] = "sha1";
$pconfig['dhgroup'] = "2";
$pconfig['lifetime'] = "28800";
$pconfig['nat_traversal'] = 'on';
- $pconfig['mobike'] = 'off';
+ $pconfig['mobike'] = 'off';
$pconfig['dpd_enable'] = true;
$pconfig['iketype'] = "ikev1";
/* mobile client */
- if($_GET['mobile']) {
- $pconfig['mobile']=true;
- $pconfig['mode'] = "aggressive";
+ if ($_GET['mobile']) {
+ $pconfig['mobile'] = true;
+ $pconfig['mode'] = "aggressive";
}
}
-if (isset($_GET['dup']) && is_numericint($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
unset($p1index);
+}
if ($_POST) {
unset($input_errors);
@@ -158,8 +172,8 @@ if ($_POST) {
/* input validation */
$method = $pconfig['authentication_method'];
- // Unset ca and cert if not required to avaoid storing in config
- if ($method == "pre_shared_key" || $method == "xauth_psk_server"){
+ // Unset ca and cert if not required to avoid storing in config
+ if ($method == "pre_shared_key" || $method == "xauth_psk_server") {
unset($pconfig['caref']);
unset($pconfig['certref']);
}
@@ -168,22 +182,26 @@ if ($_POST) {
// For RSA methods, require the CA/Cert.
switch ($method) {
case 'eap-mschapv2':
- if ($pconfig['iketype'] != 'ikev2')
+ if ($pconfig['iketype'] != 'ikev2') {
$input_errors[] = gettext("EAP-MSChapv2 can only be used with IKEv2 type VPNs.");
+ }
break;
case "eap-tls":
- if ($pconfig['iketype'] != 'ikev2')
+ if ($pconfig['iketype'] != 'ikev2') {
$input_errors[] = gettext("EAP-TLS can only be used with IKEv2 type VPNs.");
+ }
break;
case "eap-radius":
- if ($pconfig['iketype'] != 'ikev2')
+ if ($pconfig['iketype'] != 'ikev2') {
$input_errors[] = gettext("EAP-RADIUS can only be used with IKEv2 type VPNs.");
+ }
break;
case "pre_shared_key":
// If this is a mobile PSK tunnel the user PSKs go on
// the PSK tab, not here, so skip the check.
- if ($pconfig['mobile'])
+ if ($pconfig['mobile']) {
break;
+ }
case "xauth_psk_server":
$reqdfields = explode(" ", "pskey");
$reqdfieldsn = array(gettext("Pre-Shared Key"));
@@ -193,7 +211,7 @@ if ($_POST) {
case "xauth_rsa_server":
case "rsasig":
$reqdfields = explode(" ", "caref certref");
- $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
+ $reqdfieldsn = array(gettext("Certificate Authority"), gettext("Certificate"));
break;
}
if (!$pconfig['mobile']) {
@@ -208,19 +226,21 @@ if ($_POST) {
$input_errors[] = gettext("Pre-Shared Key contains invalid characters.");
}
- if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime'])))
+ if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime']))) {
$input_errors[] = gettext("The P1 lifetime must be an integer.");
+ }
if ($pconfig['remotegw']) {
- if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw']))
+ if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw'])) {
$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
- elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet"))
+ } elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet")) {
$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6");
- elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6"))
+ } elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6")) {
$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4");
+ }
}
- if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) {
+ if ($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled'])) {
$t = 0;
foreach ($a_phase1 as $ph1tmp) {
if ($p1index <> $t) {
@@ -235,7 +255,7 @@ if ($_POST) {
if (is_array($a_phase2) && (count($a_phase2))) {
foreach ($a_phase2 as $phase2) {
- if($phase2['ikeid'] == $pconfig['ikeid']) {
+ if ($phase2['ikeid'] == $pconfig['ikeid']) {
if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) {
$input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4.");
break;
@@ -250,125 +270,155 @@ if ($_POST) {
/* My identity */
- if ($pconfig['myid_type'] == "myaddress")
+ if ($pconfig['myid_type'] == "myaddress") {
$pconfig['myid_data'] = "";
+ }
- if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "")
+ if ($pconfig['myid_type'] == "address" and $pconfig['myid_data'] == "") {
$input_errors[] = gettext("Please enter an address for 'My Identifier'");
+ }
- if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "")
+ if ($pconfig['myid_type'] == "keyid tag" and $pconfig['myid_data'] == "") {
$input_errors[] = gettext("Please enter a keyid tag for 'My Identifier'");
+ }
- if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "")
+ if ($pconfig['myid_type'] == "fqdn" and $pconfig['myid_data'] == "") {
$input_errors[] = gettext("Please enter a fully qualified domain name for 'My Identifier'");
+ }
- if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "")
+ if ($pconfig['myid_type'] == "user_fqdn" and $pconfig['myid_data'] == "") {
$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'My Identifier'");
+ }
- if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "")
+ if ($pconfig['myid_type'] == "dyn_dns" and $pconfig['myid_data'] == "") {
$input_errors[] = gettext("Please enter a dynamic domain name for 'My Identifier'");
+ }
- if ((($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])))
+ if (($pconfig['myid_type'] == "address") && !is_ipaddr($pconfig['myid_data'])) {
$input_errors[] = gettext("A valid IP address for 'My identifier' must be specified.");
+ }
- if ((($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])))
+ if (($pconfig['myid_type'] == "fqdn") && !is_domain($pconfig['myid_data'])) {
$input_errors[] = gettext("A valid domain name for 'My identifier' must be specified.");
+ }
- if ($pconfig['myid_type'] == "fqdn")
- if (is_domain($pconfig['myid_data']) == false)
+ if ($pconfig['myid_type'] == "fqdn") {
+ if (is_domain($pconfig['myid_data']) == false) {
$input_errors[] = gettext("A valid FQDN for 'My identifier' must be specified.");
+ }
+ }
if ($pconfig['myid_type'] == "user_fqdn") {
- $user_fqdn = explode("@",$pconfig['myid_data']);
- if (is_domain($user_fqdn[1]) == false)
+ $user_fqdn = explode("@", $pconfig['myid_data']);
+ if (is_domain($user_fqdn[1]) == false) {
$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.");
+ }
}
- if ($pconfig['myid_type'] == "dyn_dns")
- if (is_domain($pconfig['myid_data']) == false)
+ if ($pconfig['myid_type'] == "dyn_dns") {
+ if (is_domain($pconfig['myid_data']) == false) {
$input_errors[] = gettext("A valid Dynamic DNS address for 'My identifier' must be specified.");
+ }
+ }
/* Peer identity */
- if ($pconfig['myid_type'] == "peeraddress")
+ if ($pconfig['myid_type'] == "peeraddress") {
$pconfig['peerid_data'] = "";
+ }
// Only enforce peer ID if we are not dealing with a pure-psk mobile config.
if (!(($pconfig['authentication_method'] == "pre_shared_key") && ($pconfig['mobile']))) {
- if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "")
+ if ($pconfig['peerid_type'] == "address" and $pconfig['peerid_data'] == "") {
$input_errors[] = gettext("Please enter an address for 'Peer Identifier'");
+ }
- if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "")
+ if ($pconfig['peerid_type'] == "keyid tag" and $pconfig['peerid_data'] == "") {
$input_errors[] = gettext("Please enter a keyid tag for 'Peer Identifier'");
+ }
- if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "")
+ if ($pconfig['peerid_type'] == "fqdn" and $pconfig['peerid_data'] == "") {
$input_errors[] = gettext("Please enter a fully qualified domain name for 'Peer Identifier'");
+ }
- if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "")
+ if ($pconfig['peerid_type'] == "user_fqdn" and $pconfig['peerid_data'] == "") {
$input_errors[] = gettext("Please enter a user and fully qualified domain name for 'Peer Identifier'");
+ }
- if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data'])))
+ if ((($pconfig['peerid_type'] == "address") && !is_ipaddr($pconfig['peerid_data']))) {
$input_errors[] = gettext("A valid IP address for 'Peer identifier' must be specified.");
+ }
- if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data'])))
+ if ((($pconfig['peerid_type'] == "fqdn") && !is_domain($pconfig['peerid_data']))) {
$input_errors[] = gettext("A valid domain name for 'Peer identifier' must be specified.");
+ }
- if ($pconfig['peerid_type'] == "fqdn")
- if (is_domain($pconfig['peerid_data']) == false)
+ if ($pconfig['peerid_type'] == "fqdn") {
+ if (is_domain($pconfig['peerid_data']) == false) {
$input_errors[] = gettext("A valid FQDN for 'Peer identifier' must be specified.");
+ }
+ }
if ($pconfig['peerid_type'] == "user_fqdn") {
- $user_fqdn = explode("@",$pconfig['peerid_data']);
- if (is_domain($user_fqdn[1]) == false)
+ $user_fqdn = explode("@", $pconfig['peerid_data']);
+ if (is_domain($user_fqdn[1]) == false) {
$input_errors[] = gettext("A valid User FQDN in the form of user@my.domain.com for 'Peer identifier' must be specified.");
+ }
}
}
if ($pconfig['dpd_enable']) {
- if (!is_numeric($pconfig['dpd_delay']))
+ if (!is_numeric($pconfig['dpd_delay'])) {
$input_errors[] = gettext("A numeric value must be specified for DPD delay.");
+ }
- if (!is_numeric($pconfig['dpd_maxfail']))
+ if (!is_numeric($pconfig['dpd_maxfail'])) {
$input_errors[] = gettext("A numeric value must be specified for DPD retries.");
+ }
}
- if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2" && $pconfig['iketype'] != "auto")
+ if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2" && $pconfig['iketype'] != "auto") {
$input_errors[] = gettext("Valid arguments for IKE type is v1 or v2 or auto");
-
- if (!empty($_POST['ealgo']) && isset($config['system']['crypto_hardware'])) {
- if ($config['system']['crypto_hardware'] == "glxsb") {
- if ($_POST['ealgo'] == "aes" && $_POST['ealgo_keylen'] != "128")
- $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled.");
- }
- }
+ }
+
+ if (!empty($_POST['ealgo']) && isset($config['system']['crypto_hardware'])) {
+ if ($config['system']['crypto_hardware'] == "glxsb") {
+ if ($_POST['ealgo'] == "aes" && $_POST['ealgo_keylen'] != "128") {
+ $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled.");
+ }
+ }
+ }
/* build our encryption algorithms array */
$pconfig['ealgo'] = array();
$pconfig['ealgo']['name'] = $_POST['ealgo'];
- if($pconfig['ealgo_keylen'])
+ if ($pconfig['ealgo_keylen']) {
$pconfig['ealgo']['keylen'] = $_POST['ealgo_keylen'];
+ }
if (!$input_errors) {
$ph1ent['ikeid'] = $pconfig['ikeid'];
$ph1ent['iketype'] = $pconfig['iketype'];
- if ($pconfig['iketype'] != 'ikev1')
+ if ($pconfig['iketype'] != 'ikev1') {
unset($ph1ent['mode']);
- else
+ } else {
$ph1ent['mode'] = $pconfig['mode'];
+ }
$ph1ent['disabled'] = $pconfig['disabled'] ? true : false;
$ph1ent['interface'] = $pconfig['interface'];
/* if the remote gateway changed and the interface is not WAN then remove route */
/* the vpn_ipsec_configure() handles adding the route */
if ($pconfig['interface'] <> "wan") {
- if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
+ if ($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) {
mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
}
}
- if ($pconfig['mobile'])
+ if ($pconfig['mobile']) {
$ph1ent['mobile'] = true;
- else
+ } else {
$ph1ent['remote-gateway'] = $pconfig['remotegw'];
+ }
$ph1ent['protocol'] = $pconfig['protocol'];
@@ -388,21 +438,24 @@ if ($_POST) {
$ph1ent['authentication_method'] = $pconfig['authentication_method'];
$ph1ent['descr'] = $pconfig['descr'];
$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
- $ph1ent['mobike'] = $pconfig['mobike'];
+ $ph1ent['mobike'] = $pconfig['mobike'];
- if (isset($pconfig['reauth_enable']))
+ if (isset($pconfig['reauth_enable'])) {
$ph1ent['reauth_enable'] = true;
- else
+ } else {
unset($ph1ent['reauth_enable']);
- if (isset($pconfig['rekey_enable']))
+ }
+ if (isset($pconfig['rekey_enable'])) {
$ph1ent['rekey_enable'] = true;
- else
+ } else {
unset($ph1ent['rekey_enable']);
+ }
- if (isset($pconfig['responderonly']))
+ if (isset($pconfig['responderonly'])) {
$ph1ent['responderonly'] = true;
- else
+ } else {
unset($ph1ent['responderonly']);
+ }
if (isset($pconfig['dpd_enable'])) {
$ph1ent['dpd_delay'] = $pconfig['dpd_delay'];
@@ -410,13 +463,15 @@ if ($_POST) {
}
/* generate unique phase1 ikeid */
- if ($ph1ent['ikeid'] == 0)
+ if ($ph1ent['ikeid'] == 0) {
$ph1ent['ikeid'] = ipsec_ikeid_next();
+ }
- if (isset($p1index) && $a_phase1[$p1index])
+ if (isset($p1index) && $a_phase1[$p1index]) {
$a_phase1[$p1index] = $ph1ent;
- else
+ } else {
$a_phase1[] = $ph1ent;
+ }
write_config();
mark_subsystem_dirty('ipsec');
@@ -426,10 +481,11 @@ if ($_POST) {
}
}
-if ($pconfig['mobile'])
- $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"), gettext("Mobile Client"));
-else
- $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 1"));
+if ($pconfig['mobile']) {
+ $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 1"), gettext("Mobile Client"));
+} else {
+ $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 1"));
+}
$shortcut_section = "ipsec";
@@ -445,35 +501,37 @@ include("head.inc");
function myidsel_change() {
index = document.iform.myid_type.selectedIndex;
value = document.iform.myid_type.options[index].value;
- if (value == 'myaddress')
- document.getElementById('myid_data').style.visibility = 'hidden';
- else
- document.getElementById('myid_data').style.visibility = 'visible';
+ if (value == 'myaddress') {
+ document.getElementById('myid_data').style.visibility = 'hidden';
+ } else {
+ document.getElementById('myid_data').style.visibility = 'visible';
+ }
}
function iketype_change() {
index = document.iform.iketype.selectedIndex;
value = document.iform.iketype.options[index].value;
if (value == 'ikev2') {
- document.getElementById('negmode').style.display= 'none';
- document.getElementById('mobike').style.display= '';
- document.getElementById('natt').style.display= 'none';
- document.getElementById('disablereauth').style.display= '';
- } else {
- document.getElementById('negmode').style.display = '';
- document.getElementById('mobike').style.display = 'none';
- document.getElementById('natt').style.display= '';
- document.getElementById('disablereauth').style.display= 'none';
- }
+ document.getElementById('negmode').style.display= 'none';
+ document.getElementById('mobike').style.display= '';
+ document.getElementById('natt').style.display= 'none';
+ document.getElementById('disablereauth').style.display= '';
+ } else {
+ document.getElementById('negmode').style.display = '';
+ document.getElementById('mobike').style.display = 'none';
+ document.getElementById('natt').style.display= '';
+ document.getElementById('disablereauth').style.display= 'none';
+ }
}
function peeridsel_change() {
index = document.iform.peerid_type.selectedIndex;
value = document.iform.peerid_type.options[index].value;
- if (value == 'peeraddress')
- document.getElementById('peerid_data').style.visibility = 'hidden';
- else
- document.getElementById('peerid_data').style.visibility = 'visible';
+ if (value == 'peeraddress') {
+ document.getElementById('peerid_data').style.visibility = 'hidden';
+ } else {
+ document.getElementById('peerid_data').style.visibility = 'visible';
+ }
}
function methodsel_change() {
@@ -481,51 +539,51 @@ function methodsel_change() {
value = document.iform.authentication_method.options[index].value;
switch (value) {
- case 'eap-mschapv2':
- case 'eap-tls':
- case 'eap-radius':
- document.getElementById('opt_psk').style.display = 'none';
- document.getElementById('opt_peerid').style.display = '';
- document.getElementById('opt_cert').style.display = '';
- document.getElementById('opt_ca').style.display = '';
- document.getElementById('opt_cert').disabled = false;
- document.getElementById('opt_ca').disabled = false;
- break;
- case 'hybrid_rsa_server':
- document.getElementById('opt_psk').style.display = 'none';
- document.getElementById('opt_peerid').style.display = '';
- document.getElementById('opt_cert').style.display = '';
- document.getElementById('opt_ca').style.display = '';
- document.getElementById('opt_cert').disabled = false;
- document.getElementById('opt_ca').disabled = false;
- break;
- case 'xauth_rsa_server':
- case 'rsasig':
- document.getElementById('opt_psk').style.display = 'none';
- document.getElementById('opt_peerid').style.display = '';
- document.getElementById('opt_cert').style.display = '';
- document.getElementById('opt_ca').style.display = '';
- document.getElementById('opt_cert').disabled = false;
- document.getElementById('opt_ca').disabled = false;
- break;
+ case 'eap-mschapv2':
+ case 'eap-tls':
+ case 'eap-radius':
+ document.getElementById('opt_psk').style.display = 'none';
+ document.getElementById('opt_peerid').style.display = '';
+ document.getElementById('opt_cert').style.display = '';
+ document.getElementById('opt_ca').style.display = '';
+ document.getElementById('opt_cert').disabled = false;
+ document.getElementById('opt_ca').disabled = false;
+ break;
+ case 'hybrid_rsa_server':
+ document.getElementById('opt_psk').style.display = 'none';
+ document.getElementById('opt_peerid').style.display = '';
+ document.getElementById('opt_cert').style.display = '';
+ document.getElementById('opt_ca').style.display = '';
+ document.getElementById('opt_cert').disabled = false;
+ document.getElementById('opt_ca').disabled = false;
+ break;
+ case 'xauth_rsa_server':
+ case 'rsasig':
+ document.getElementById('opt_psk').style.display = 'none';
+ document.getElementById('opt_peerid').style.display = '';
+ document.getElementById('opt_cert').style.display = '';
+ document.getElementById('opt_ca').style.display = '';
+ document.getElementById('opt_cert').disabled = false;
+ document.getElementById('opt_ca').disabled = false;
+ break;
<?php if ($pconfig['mobile']) { ?>
- case 'pre_shared_key':
- document.getElementById('opt_psk').style.display = 'none';
- document.getElementById('opt_peerid').style.display = 'none';
- document.getElementById('opt_cert').style.display = 'none';
- document.getElementById('opt_ca').style.display = 'none';
- document.getElementById('opt_cert').disabled = true;
- document.getElementById('opt_ca').disabled = true;
- break;
+ case 'pre_shared_key':
+ document.getElementById('opt_psk').style.display = 'none';
+ document.getElementById('opt_peerid').style.display = 'none';
+ document.getElementById('opt_cert').style.display = 'none';
+ document.getElementById('opt_ca').style.display = 'none';
+ document.getElementById('opt_cert').disabled = true;
+ document.getElementById('opt_ca').disabled = true;
+ break;
<?php } ?>
- default: /* psk modes*/
- document.getElementById('opt_psk').style.display = '';
- document.getElementById('opt_peerid').style.display = '';
- document.getElementById('opt_cert').style.display = 'none';
- document.getElementById('opt_ca').style.display = 'none';
- document.getElementById('opt_cert').disabled = true;
- document.getElementById('opt_ca').disabled = true;
- break;
+ default: /* psk modes*/
+ document.getElementById('opt_psk').style.display = '';
+ document.getElementById('opt_peerid').style.display = '';
+ document.getElementById('opt_cert').style.display = 'none';
+ document.getElementById('opt_ca').style.display = 'none';
+ document.getElementById('opt_cert').disabled = true;
+ document.getElementById('opt_ca').disabled = true;
+ break;
}
}
@@ -539,14 +597,15 @@ foreach ($p1_ealgos as $algo => $algodata) {
echo " case {$i}:\n";
echo " document.iform.ealgo_keylen.style.visibility = 'visible';\n";
echo " document.iform.ealgo_keylen.options.length = 0;\n";
- // echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
+ // echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( 'auto', 'auto' );\n";
$key_hi = $algodata['keysel']['hi'];
$key_lo = $algodata['keysel']['lo'];
$key_step = $algodata['keysel']['step'];
- for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step)
+ for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step) {
echo " document.iform.ealgo_keylen.options[document.iform.ealgo_keylen.options.length] = new Option( '{$keylen} bits', '{$keylen}' );\n";
+ }
echo " break;\n";
} else {
echo " case {$i}:\n";
@@ -559,21 +618,25 @@ foreach ($p1_ealgos as $algo => $algodata) {
?>
}
- if( bits )
+ if (bits) {
document.iform.ealgo_keylen.value = bits;
+ }
}
function dpdchkbox_change() {
- if( document.iform.dpd_enable.checked )
+ if (document.iform.dpd_enable.checked) {
document.getElementById('opt_dpd').style.display = '';
- else
+ } else {
document.getElementById('opt_dpd').style.display = 'none';
+ }
- if (!document.iform.dpd_delay.value)
+ if (!document.iform.dpd_delay.value) {
document.iform.dpd_delay.value = "10";
+ }
- if (!document.iform.dpd_maxfail.value)
+ if (!document.iform.dpd_maxfail.value) {
document.iform.dpd_maxfail.value = "5";
+ }
}
//]]>
@@ -582,8 +645,9 @@ function dpdchkbox_change() {
<form action="vpn_ipsec_phase1.php" method="post" name="iform" id="iform">
<?php
- if ($input_errors)
+ if ($input_errors) {
print_input_errors($input_errors);
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-1">
@@ -612,8 +676,7 @@ function dpdchkbox_change() {
<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
<strong><?=gettext("Disable this phase1 entry"); ?></strong><br />
<span class="vexpl">
- <?=gettext("Set this option to disable this phase1 without " .
- "removing it from the list"); ?>.
+ <?=gettext("Set this option to disable this phase1 without removing it from the list"); ?>.
</span>
</td>
</tr>
@@ -629,7 +692,9 @@ function dpdchkbox_change() {
<?=htmlspecialchars($name);?>
</option>
<?php endforeach; ?>
- </select> <br /> <span class="vexpl"><?=gettext("Select the Internet Key Exchange protocol version to be used, IKEv1 or IKEv2"); ?>.</span>
+ </select>
+ <br />
+ <span class="vexpl"><?=gettext("Select the Internet Key Exchange protocol version to be used, IKEv1 or IKEv2"); ?>.</span>
</td>
</tr>
<tr>
@@ -644,7 +709,9 @@ function dpdchkbox_change() {
<?=htmlspecialchars($name);?>
</option>
<?php endforeach; ?>
- </select> <br /> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
+ </select>
+ <br />
+ <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span>
</td>
</tr>
<tr>
@@ -655,19 +722,22 @@ function dpdchkbox_change() {
$interfaces = get_configured_interface_with_descr();
$carplist = get_configured_carp_interface_list();
- foreach ($carplist as $cif => $carpip)
+ foreach ($carplist as $cif => $carpip) {
$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
+ }
$aliaslist = get_configured_ip_aliases_list();
- foreach ($aliaslist as $aliasip => $aliasif)
+ foreach ($aliaslist as $aliasip => $aliasif) {
$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
+ }
$grouplist = return_gateway_groups_array();
foreach ($grouplist as $name => $group) {
- if($group[0]['vip'] <> "")
+ if ($group[0]['vip'] <> "") {
$vipif = $group[0]['vip'];
- else
+ } else {
$vipif = $group[0]['int'];
+ }
$interfaces[$name] = "GW Group {$name}";
}
@@ -703,8 +773,7 @@ function dpdchkbox_change() {
<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
<br />
<span class="vexpl">
- <?=gettext("You may enter a description here " .
- "for your reference (not parsed)"); ?>.
+ <?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
</span>
</td>
</tr>
@@ -722,8 +791,9 @@ function dpdchkbox_change() {
<select name="authentication_method" class="formselect" onchange="methodsel_change()">
<?php
foreach ($p1_authentication_methods as $method_type => $method_params):
- if (!$pconfig['mobile'] && $method_params['mobile'])
+ if (!$pconfig['mobile'] && $method_params['mobile']) {
continue;
+ }
?>
<option value="<?=$method_type;?>" <?php if ($method_type == $pconfig['authentication_method']) echo "selected=\"selected\""; ?>>
<?=htmlspecialchars($method_params['name']);?>
@@ -770,8 +840,9 @@ function dpdchkbox_change() {
<select name="peerid_type" class="formselect" onchange="peeridsel_change()">
<?php
foreach ($peer_identifier_list as $id_type => $id_params):
- if ($pconfig['mobile'] && !$id_params['mobile'])
+ if ($pconfig['mobile'] && !$id_params['mobile']) {
continue;
+ }
?>
<option value="<?=$id_type;?>" <?php if ($id_type == $pconfig['peerid_type']) echo "selected=\"selected\""; ?>>
<?=htmlspecialchars($id_params['desc']);?>
@@ -802,8 +873,9 @@ function dpdchkbox_change() {
<?php
foreach ($config['cert'] as $cert):
$selected = "";
- if ($pconfig['certref'] == $cert['refid'])
+ if ($pconfig['certref'] == $cert['refid']) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'];?></option>
<?php endforeach; ?>
@@ -821,8 +893,9 @@ function dpdchkbox_change() {
<?php
foreach ($config['ca'] as $ca):
$selected = "";
- if ($pconfig['caref'] == $ca['refid'])
+ if ($pconfig['caref'] == $ca['refid']) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
<?php endforeach; ?>
@@ -845,8 +918,9 @@ function dpdchkbox_change() {
<?php
foreach ($p1_ealgos as $algo => $algodata):
$selected = "";
- if ($algo == $pconfig['ealgo']['name'])
+ if ($algo == $pconfig['ealgo']['name']) {
$selected = " selected=\"selected\"";
+ }
?>
<option value="<?=$algo;?>"<?=$selected?>>
<?=htmlspecialchars($algodata['name']);?>
@@ -936,10 +1010,10 @@ function dpdchkbox_change() {
"which can help with clients that are behind restrictive firewalls"); ?>.
</span>
</td>
- </tr>
- <tr id='mobike'>
- <td width="22%" valign="top" class="vncell"><?=gettext("MOBIKE"); ?></td>
- <td width="78%" class="vtable">
+ </tr>
+ <tr id='mobike'>
+ <td width="22%" valign="top" class="vncell"><?=gettext("MOBIKE"); ?></td>
+ <td width="78%" class="vtable">
<select name="mobike" class="formselect">
<option value="on" <?php if ($pconfig['mobike'] == 'on') echo "selected=\"selected\""; ?>><?=gettext("Enable"); ?></option>
<option value="off" <?php if ($pconfig['mobike'] != 'on') echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
@@ -997,9 +1071,11 @@ function dpdchkbox_change() {
<?php
/* determine if we should init the key length */
$keyset = '';
- if (isset($pconfig['ealgo']['keylen']))
- if (is_numeric($pconfig['ealgo']['keylen']))
+ if (isset($pconfig['ealgo']['keylen'])) {
+ if (is_numeric($pconfig['ealgo']['keylen'])) {
$keyset = $pconfig['ealgo']['keylen'];
+ }
+ }
?>
myidsel_change();
peeridsel_change();
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php
index e42cc0b..b4c456a 100644
--- a/usr/local/www/vpn_ipsec_phase2.php
+++ b/usr/local/www/vpn_ipsec_phase2.php
@@ -42,27 +42,33 @@ require("guiconfig.inc");
require_once("ipsec.inc");
require_once("vpn.inc");
-if (!is_array($config['ipsec']['client']))
+if (!is_array($config['ipsec']['client'])) {
$config['ipsec']['client'] = array();
+}
$a_client = &$config['ipsec']['client'];
-if (!is_array($config['ipsec']['phase1']))
+if (!is_array($config['ipsec']['phase1'])) {
$config['ipsec']['phase1'] = array();
+}
-if (!is_array($config['ipsec']['phase2']))
+if (!is_array($config['ipsec']['phase2'])) {
$config['ipsec']['phase2'] = array();
+}
$a_phase1 = &$config['ipsec']['phase1'];
$a_phase2 = &$config['ipsec']['phase2'];
-if (!empty($_GET['p2index']))
+if (!empty($_GET['p2index'])) {
$uindex = $_GET['p2index'];
-if (!empty($_POST['uniqid']))
+}
+if (!empty($_POST['uniqid'])) {
$uindex = $_POST['uniqid'];
+}
-if (!empty($_GET['dup']))
+if (!empty($_GET['dup'])) {
$uindex = $_GET['dup'];
+}
$ph2found = false;
if (isset($uindex)) {
@@ -74,32 +80,31 @@ if (isset($uindex)) {
}
}
-if ($ph2found === true)
-{
+if ($ph2found === true) {
$pconfig['ikeid'] = $ph2['ikeid'];
$pconfig['disabled'] = isset($ph2['disabled']);
$pconfig['mode'] = $ph2['mode'];
$pconfig['descr'] = $ph2['descr'];
$pconfig['uniqid'] = $ph2['uniqid'];
- if (!empty($ph2['natlocalid']))
- idinfo_to_pconfig("natlocal",$ph2['natlocalid'],$pconfig);
- idinfo_to_pconfig("local",$ph2['localid'],$pconfig);
- idinfo_to_pconfig("remote",$ph2['remoteid'],$pconfig);
+ if (!empty($ph2['natlocalid'])) {
+ idinfo_to_pconfig("natlocal", $ph2['natlocalid'], $pconfig);
+ }
+ idinfo_to_pconfig("local", $ph2['localid'], $pconfig);
+ idinfo_to_pconfig("remote", $ph2['remoteid'], $pconfig);
$pconfig['proto'] = $ph2['protocol'];
- ealgos_to_pconfig($ph2['encryption-algorithm-option'],$pconfig);
+ ealgos_to_pconfig($ph2['encryption-algorithm-option'], $pconfig);
$pconfig['halgos'] = $ph2['hash-algorithm-option'];
$pconfig['pfsgroup'] = $ph2['pfsgroup'];
$pconfig['lifetime'] = $ph2['lifetime'];
$pconfig['pinghost'] = $ph2['pinghost'];
$pconfig['reqid'] = $ph2['reqid'];
- if (isset($ph2['mobile']))
+ if (isset($ph2['mobile'])) {
$pconfig['mobile'] = true;
-}
-else
-{
+ }
+} else {
$pconfig['ikeid'] = $_GET['ikeid'];
/* defaults */
@@ -113,8 +118,9 @@ else
$pconfig['uniqid'] = uniqid();
/* mobile client */
- if($_GET['mobile'])
+ if ($_GET['mobile']) {
$pconfig['mobile']=true;
+ }
}
unset($ph2);
@@ -130,32 +136,34 @@ if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
- if (!isset( $_POST['ikeid']))
+ if (!isset($_POST['ikeid'])) {
$input_errors[] = gettext("A valid ikeid must be specified.");
+ }
/* input validation */
$reqdfields = explode(" ", "localid_type uniqid");
$reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier"));
- if (!isset($pconfig['mobile'])){
+ if (!isset($pconfig['mobile'])) {
$reqdfields[] = "remoteid_type";
$reqdfieldsn[] = gettext("Remote network type");
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
-
- if(($pconfig['mode'] == "tunnel") || ($pconfig['mode'] == "tunnel6"))
- {
+
+ if (($pconfig['mode'] == "tunnel") || ($pconfig['mode'] == "tunnel6")) {
switch ($pconfig['localid_type']) {
case "network":
- if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) || !is_numeric($pconfig['localid_netbits']))
+ if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) || !is_numeric($pconfig['localid_netbits'])) {
$input_errors[] = gettext("A valid local network bit count must be specified.");
+ }
case "address":
- if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address']))
+ if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) {
$input_errors[] = gettext("A valid local network IP address must be specified.");
- elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel"))
+ } elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel")) {
$input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6");
- elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6"))
+ } elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6")) {
$input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4");
+ }
break;
}
/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
@@ -164,24 +172,28 @@ if ($_POST) {
$address = get_interface_ip($pconfig['localid_type']);
$netbits = get_interface_subnet($pconfig['localid_type']);
- if (empty($address) || empty($netbits))
+ if (empty($address) || empty($netbits)) {
$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
+ }
}
if (!empty($pconfig['natlocalid_address'])) {
switch ($pconfig['natlocalid_type']) {
case "network":
- if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) || !is_numeric($pconfig['natlocalid_netbits']))
+ if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) || !is_numeric($pconfig['natlocalid_netbits'])) {
$input_errors[] = gettext("A valid NAT local network bit count must be specified.");
- if ($pconfig['localid_type'] == "address")
- $input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
+ }
+ if ($pconfig['localid_type'] == "address") {
+ $input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
+ }
case "address":
- if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address']))
+ if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address'])) {
$input_errors[] = gettext("A valid NAT local network IP address must be specified.");
- elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel"))
+ } elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel")) {
$input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6");
- elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6"))
+ } elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6")) {
$input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4");
+ }
break;
}
@@ -190,29 +202,32 @@ if ($_POST) {
$address = get_interface_ip($pconfig['natlocalid_type']);
$netbits = get_interface_subnet($pconfig['natlocalid_type']);
- if (empty($address) || empty($netbits))
+ if (empty($address) || empty($netbits)) {
$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['natlocalid_type']) . " " . gettext("has no subnet.");
+ }
}
}
switch ($pconfig['remoteid_type']) {
case "network":
- if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits']))
+ if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits'])) {
$input_errors[] = gettext("A valid remote network bit count must be specified.");
+ }
case "address":
- if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address']))
+ if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address'])) {
$input_errors[] = gettext("A valid remote network IP address must be specified.");
- elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel"))
+ } elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel")) {
$input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6");
- elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6"))
+ } elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6")) {
$input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4");
+ }
break;
}
}
/* Validate enabled phase2's are not duplicates */
- if (isset($pconfig['mobile'])){
+ if (isset($pconfig['mobile'])) {
/* User is adding phase 2 for mobile phase1 */
- foreach($a_phase2 as $key => $name){
+ foreach ($a_phase2 as $key => $name) {
if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) {
/* check duplicate localids only for mobile clents */
$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
@@ -221,32 +236,40 @@ if ($_POST) {
if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
$entered_localid_data = ipsec_idinfo_to_cidr($entered, false, $pconfig['mode']);
- if ($localid_data == $entered_localid_data){
+ if ($localid_data == $entered_localid_data) {
/* adding new p2 entry */
$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
break;
}
}
}
- }else{
+ } else {
/* User is adding phase 2 for site-to-site phase1 */
$input_error = 0;
- foreach($a_phase2 as $key => $name){
+ foreach ($a_phase2 as $key => $name) {
if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid'] && $pconfig['uniqid'] != $name['uniqid']) {
/* check duplicate subnets only for given phase1 */
$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
$remoteid_data = ipsec_idinfo_to_cidr($name['remoteid'], false, $name['mode']);
$entered_local = array();
$entered_local['type'] = $pconfig['localid_type'];
- if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
- if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
+ if (isset($pconfig['localid_address'])) {
+ $entered_local['address'] = $pconfig['localid_address'];
+ }
+ if (isset($pconfig['localid_netbits'])) {
+ $entered_local['netbits'] = $pconfig['localid_netbits'];
+ }
$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
$entered_remote = array();
$entered_remote['type'] = $pconfig['remoteid_type'];
- if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
- if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
+ if (isset($pconfig['remoteid_address'])) {
+ $entered_remote['address'] = $pconfig['remoteid_address'];
+ }
+ if (isset($pconfig['remoteid_netbits'])) {
+ $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
+ }
$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
- if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
+ if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) {
/* adding new p2 entry */
$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
break;
@@ -254,21 +277,29 @@ if ($_POST) {
}
}
foreach ($a_phase1 as $phase1) {
- if($phase1['ikeid'] == $pconfig['ikeid']) {
+ if ($phase1['ikeid'] == $pconfig['ikeid']) {
/* This is the P1 for this entry, validate its remote-gateway and local interface isn't within tunnel */
$entered_local = array();
$entered_local['type'] = $pconfig['localid_type'];
- if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address'];
- if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits'];
+ if (isset($pconfig['localid_address'])) {
+ $entered_local['address'] = $pconfig['localid_address'];
+ }
+ if (isset($pconfig['localid_netbits'])) {
+ $entered_local['netbits'] = $pconfig['localid_netbits'];
+ }
$entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']);
list($entered_local_network, $entered_local_mask) = explode('/', $entered_localid_data);
$entered_remote = array();
$entered_remote['type'] = $pconfig['remoteid_type'];
- if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address'];
- if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
+ if (isset($pconfig['remoteid_address'])) {
+ $entered_remote['address'] = $pconfig['remoteid_address'];
+ }
+ if (isset($pconfig['remoteid_netbits'])) {
+ $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
+ }
$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
list($entered_remote_network, $entered_remote_mask) = explode('/', $entered_remoteid_data);
- if ($phase1['protocol'] == "inet6") {
+ if ($phase1['protocol'] == "inet6") {
$if = get_failover_interface($phase1['interface'], "inet6");
$interfaceip = get_interface_ipv6($if);
} else {
@@ -278,23 +309,23 @@ if ($_POST) {
/* skip validation for hostnames, they're subject to change anyway */
if (is_ipaddr($phase1['remote-gateway'])) {
if ($pconfig['mode'] == "tunnel") {
- if(check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) {
+ if (check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) {
$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
break;
}
} else if ($pconfig['mode'] == "tunnel6") {
- if(check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) {
+ if (check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) {
$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
break;
- }
- }
+ }
+ }
}
}
}
- }
+ }
/* For ESP protocol, handle encryption algorithms */
- if ( $pconfig['proto'] == "esp") {
+ if ($pconfig['proto'] == "esp") {
$ealgos = pconfig_to_ealgos($pconfig);
if (!count($ealgos)) {
@@ -303,8 +334,9 @@ if ($_POST) {
foreach ($ealgos as $ealgo) {
if (isset($config['system']['crypto_hardware'])) {
if ($config['system']['crypto_hardware'] == "glxsb") {
- if ($ealgo['name'] == "aes" && $ealgo['keylen'] != "128")
- $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled.");
+ if ($ealgo['name'] == "aes" && $ealgo['keylen'] != "128") {
+ $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled.");
+ }
}
}
if (empty($pconfig['halgos'])) {
@@ -315,7 +347,6 @@ if ($_POST) {
}
}
}
-
}
if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) {
$input_errors[] = gettext("The P2 lifetime must be an integer.");
@@ -328,37 +359,41 @@ if ($_POST) {
$ph2ent['uniqid'] = $pconfig['uniqid'];
$ph2ent['mode'] = $pconfig['mode'];
$ph2ent['disabled'] = $pconfig['disabled'] ? true : false;
- if (!isset($pconfig['reqid']))
+ if (!isset($pconfig['reqid'])) {
$ph2ent['reqid'] = ipsec_new_reqid();
- else
+ } else {
$ph2ent['reqid'] = $pconfig['reqid'];
+ }
- if(($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")){
- if (!empty($pconfig['natlocalid_address']))
- $ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal",$pconfig);
- $ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig);
- $ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig);
+ if (($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")) {
+ if (!empty($pconfig['natlocalid_address'])) {
+ $ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal", $pconfig);
+ }
+ $ph2ent['localid'] = pconfig_to_idinfo("local", $pconfig);
+ $ph2ent['remoteid'] = pconfig_to_idinfo("remote", $pconfig);
}
$ph2ent['protocol'] = $pconfig['proto'];
$ph2ent['encryption-algorithm-option'] = $ealgos;
- if (!empty($pconfig['halgos']))
+ if (!empty($pconfig['halgos'])) {
$ph2ent['hash-algorithm-option'] = $pconfig['halgos'];
- else
+ } else {
unset($ph2ent['hash-algorithm-option']);
+ }
$ph2ent['pfsgroup'] = $pconfig['pfsgroup'];
$ph2ent['lifetime'] = $pconfig['lifetime'];
$ph2ent['pinghost'] = $pconfig['pinghost'];
$ph2ent['descr'] = $pconfig['descr'];
- if (isset($pconfig['mobile']))
+ if (isset($pconfig['mobile'])) {
$ph2ent['mobile'] = true;
+ }
- if ($ph2found === true && $a_phase2[$p2index])
+ if ($ph2found === true && $a_phase2[$p2index]) {
$a_phase2[$p2index] = $ph2ent;
- else
+ } else {
$a_phase2[] = $ph2ent;
-
+ }
write_config();
mark_subsystem_dirty('ipsec');
@@ -368,13 +403,13 @@ if ($_POST) {
}
}
-if ($pconfig['mobile'])
- $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"), gettext("Mobile Client"));
-else
- $pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Edit Phase 2"));
+if ($pconfig['mobile']) {
+ $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 2"), gettext("Mobile Client"));
+} else {
+ $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 2"));
+}
$shortcut_section = "ipsec";
-
include("head.inc");
?>
@@ -406,8 +441,7 @@ function typesel_change_natlocal(bits) {
if (typeof(bits) === "undefined") {
if (value === "tunnel") {
bits = 24;
- }
- else if (value === "tunnel6") {
+ } else if (value === "tunnel6") {
bits = 64;
}
}
@@ -447,8 +481,7 @@ function typesel_change_local(bits) {
if (typeof(bits) === "undefined") {
if (value === "tunnel") {
bits = 24;
- }
- else if (value === "tunnel6") {
+ } else if (value === "tunnel6") {
bits = 64;
}
}
@@ -539,8 +572,9 @@ function change_protocol() {
<form action="vpn_ipsec_phase2.php" method="post" name="iform" id="iform">
<?php
- if ($input_errors)
+ if ($input_errors) {
print_input_errors($input_errors);
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec phase-2">
@@ -566,8 +600,8 @@ function change_protocol() {
<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
<strong><?=gettext("Disable this phase2 entry"); ?></strong>
<br />
- <span class="vexpl"><?=gettext("Set this option to disable this phase2 entry without " .
- "removing it from the list"); ?>.
+ <span class="vexpl">
+ <?=gettext("Set this option to disable this phase2 entry without removing it from the list"); ?>.
</span>
</td>
</tr>
@@ -576,10 +610,11 @@ function change_protocol() {
<td width="78%" class="vtable">
<select name="mode" class="formselect" onchange="change_mode()">
<?php
- foreach($p2_modes as $name => $value):
+ foreach ($p2_modes as $name => $value):
$selected = "";
- if ($name == $pconfig['mode'])
+ if ($name == $pconfig['mode']) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$name;?>" <?=$selected;?>><?=$value;?></option>
<?php endforeach; ?>
@@ -621,10 +656,12 @@ function change_protocol() {
</select>
</td>
</tr>
- <tr> <td colspan="3">
- <br />
- <?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?>
- </td></tr>
+ <tr>
+ <td colspan="3">
+ <br />
+ <?php echo gettext("In case you need NAT/BINAT on this network specify the address to be translated"); ?>
+ </td>
+ </tr>
<tr>
<td><?=gettext("Type"); ?>:&nbsp;&nbsp;</td>
<td></td>
@@ -662,7 +699,7 @@ function change_protocol() {
</tr>
<?php if (!isset($pconfig['mobile'])): ?>
-
+
<tr id="opt_remoteid">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Remote Network"); ?></td>
<td width="78%" class="vtable">
@@ -684,8 +721,8 @@ function change_protocol() {
<input name="remoteid_address" type="text" class="formfld unknown ipv4v6" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>" />
/
<select name="remoteid_netbits" class="formselect ipv4v6" id="remoteid_netbits">
- <?php for ($i = 128; $i >= 0; $i--) {
-
+ <?php for ($i = 128; $i >= 0; $i--) {
+
echo "<option value=\"{$i}\"";
if (isset($pconfig['remoteid_netbits']) && $i == $pconfig['remoteid_netbits']) echo " selected=\"selected\"";
echo ">{$i}</option>\n";
@@ -696,17 +733,16 @@ function change_protocol() {
</table>
</td>
</tr>
-
+
<?php endif; ?>
-
+
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
<td width="78%" class="vtable">
<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
<br />
<span class="vexpl">
- <?=gettext("You may enter a description here " .
- "for your reference (not parsed)"); ?>.
+ <?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
</span>
</td>
</tr>
@@ -741,8 +777,9 @@ function change_protocol() {
<?php
foreach ($p2_ealgos as $algo => $algodata):
$checked = '';
- if (is_array($pconfig['ealgos']) && in_array($algo,$pconfig['ealgos']))
+ if (is_array($pconfig['ealgos']) && in_array($algo, $pconfig['ealgos'])) {
$checked = " checked=\"checked\"";
+ }
?>
<tr>
<td>
@@ -752,7 +789,7 @@ function change_protocol() {
<?=htmlspecialchars($algodata['name']);?>
</td>
<td>
- <?php if(is_array($algodata['keysel'])): ?>
+ <?php if (is_array($algodata['keysel'])): ?>
&nbsp;&nbsp;
<select name="keylen_<?=$algo;?>" class="formselect">
<option value="auto"><?=gettext("auto"); ?></option>
@@ -762,9 +799,10 @@ function change_protocol() {
$key_step = $algodata['keysel']['step'];
for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step):
$selected = "";
- // if ($checked && in_array("keylen_".$algo,$pconfig))
- if ($keylen == $pconfig["keylen_".$algo])
+ // if ($checked && in_array("keylen_".$algo, $pconfig))
+ if ($keylen == $pconfig["keylen_".$algo]) {
$selected = " selected=\"selected\"";
+ }
?>
<option value="<?=$keylen;?>"<?=$selected;?>><?=$keylen;?> <?=gettext("bits"); ?></option>
<?php endfor; ?>
@@ -772,12 +810,12 @@ function change_protocol() {
<?php endif; ?>
</td>
</tr>
-
+
<?php endforeach; ?>
-
+
</table>
<br />
- <?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
+ <?=gettext("Hint: use 3DES for best compatibility or if you have a hardware " .
"crypto accelerator card. Blowfish is usually the fastest in " .
"software encryption"); ?>.
</td>
@@ -881,11 +919,12 @@ function pconfig_to_ealgos(& $pconfig) {
$ealgos = array();
if (is_array($pconfig['ealgos'])) {
foreach ($p2_ealgos as $algo_name => $algo_data) {
- if (in_array($algo_name,$pconfig['ealgos'])) {
+ if (in_array($algo_name, $pconfig['ealgos'])) {
$ealg = array();
$ealg['name'] = $algo_name;
- if (is_array($algo_data['keysel']))
+ if (is_array($algo_data['keysel'])) {
$ealg['keylen'] = $_POST["keylen_".$algo_name];
+ }
$ealgos[] = $ealg;
}
}
@@ -899,8 +938,9 @@ function ealgos_to_pconfig(& $ealgos,& $pconfig) {
$pconfig['ealgos'] = array();
foreach ($ealgos as $algo_data) {
$pconfig['ealgos'][] = $algo_data['name'];
- if (isset($algo_data['keylen']))
+ if (isset($algo_data['keylen'])) {
$pconfig["keylen_".$algo_data['name']] = $algo_data['keylen'];
+ }
}
return $ealgos;
@@ -912,8 +952,7 @@ function pconfig_to_idinfo($prefix,& $pconfig) {
$address = $pconfig[$prefix."id_address"];
$netbits = $pconfig[$prefix."id_netbits"];
- switch( $type )
- {
+ switch ($type) {
case "address":
return array('type' => $type, 'address' => $address);
case "network":
@@ -925,8 +964,7 @@ function pconfig_to_idinfo($prefix,& $pconfig) {
function idinfo_to_pconfig($prefix,& $idinfo,& $pconfig) {
- switch( $idinfo['type'] )
- {
+ switch ($idinfo['type']) {
case "address":
$pconfig[$prefix."id_type"] = $idinfo['type'];
$pconfig[$prefix."id_address"] = $idinfo['address'];
diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php
index 023d202..024fe2c 100644
--- a/usr/local/www/vpn_ipsec_settings.php
+++ b/usr/local/www/vpn_ipsec_settings.php
@@ -42,8 +42,9 @@ require_once("ipsec.inc");
require_once("vpn.inc");
foreach ($ipsec_loglevels as $lkey => $ldescr) {
- if (!empty($config['ipsec']["ipsec_{$lkey}"]))
+ if (!empty($config['ipsec']["ipsec_{$lkey}"])) {
$pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"];
+ }
}
$pconfig['unityplugin'] = isset($config['ipsec']['unityplugin']);
$pconfig['makebeforebreak'] = isset($config['ipsec']['makebeforebreak']);
@@ -59,7 +60,7 @@ if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
-
+
if (!in_array($pconfig['ipsec_dmn'], array('0', '1', '2', '3', '4', '5'), true)) {
$input_errors[] = "A valid value must be specified for Daemon debug.";
}
@@ -112,79 +113,86 @@ if ($_POST) {
if (!is_numericint($pconfig['maxmss']) && $pconfig['maxmss'] <> '') {
$input_errors[] = "An integer must be specified for Maximum MSS.";
}
- if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535)
- $input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS";
+ if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535) {
+ $input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS";
+ }
}
-
+
if (!$input_errors) {
if (is_array($config['ipsec'])) {
foreach ($ipsec_loglevels as $lkey => $ldescr) {
if (empty($_POST["ipsec_{$lkey}"])) {
- if (isset($config['ipsec']["ipsec_{$lkey}"]))
+ if (isset($config['ipsec']["ipsec_{$lkey}"])) {
unset($config['ipsec']["ipsec_{$lkey}"]);
- } else
+ }
+ } else {
$config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"];
+ }
}
}
$needsrestart = false;
- if($_POST['compression'] == "yes") {
- if (!isset($config['ipsec']['compression']))
+ if ($_POST['compression'] == "yes") {
+ if (!isset($config['ipsec']['compression'])) {
$needsrestart = true;
+ }
$config['ipsec']['compression'] = true;
} elseif (isset($config['ipsec']['compression'])) {
$needsrestart = true;
unset($config['ipsec']['compression']);
}
-
- if($_POST['enableinterfacesuse'] == "yes") {
- if (!isset($config['ipsec']['enableinterfacesuse']))
+
+ if ($_POST['enableinterfacesuse'] == "yes") {
+ if (!isset($config['ipsec']['enableinterfacesuse'])) {
$needsrestart = true;
+ }
$config['ipsec']['enableinterfacesuse'] = true;
} elseif (isset($config['ipsec']['enableinterfacesuse'])) {
$needsrestart = true;
unset($config['ipsec']['enableinterfacesuse']);
}
- if($_POST['unityplugin'] == "yes") {
- if (!isset($config['ipsec']['unityplugin']))
+ if ($_POST['unityplugin'] == "yes") {
+ if (!isset($config['ipsec']['unityplugin'])) {
$needsrestart = true;
+ }
$config['ipsec']['unityplugin'] = true;
} elseif (isset($config['ipsec']['unityplugin'])) {
$needsrestart = true;
unset($config['ipsec']['unityplugin']);
}
- if($_POST['makebeforebreak'] == "yes") {
+ if ($_POST['makebeforebreak'] == "yes") {
$config['ipsec']['makebeforebreak'] = true;
} elseif (isset($config['ipsec']['makebeforebreak'])) {
unset($config['ipsec']['makebeforebreak']);
}
- if($_POST['noshuntlaninterfaces'] == "yes") {
+ if ($_POST['noshuntlaninterfaces'] == "yes") {
$config['ipsec']['noshuntlaninterfaces'] = true;
} elseif (isset($config['ipsec']['noshuntlaninterfaces'])) {
unset($config['ipsec']['noshuntlaninterfaces']);
}
- if($_POST['acceptunencryptedmainmode'] == "yes") {
- if (!isset($config['ipsec']['acceptunencryptedmainmode']))
+ if ($_POST['acceptunencryptedmainmode'] == "yes") {
+ if (!isset($config['ipsec']['acceptunencryptedmainmode'])) {
$needsrestart = true;
+ }
$config['ipsec']['acceptunencryptedmainmode'] = true;
} elseif (isset($config['ipsec']['acceptunencryptedmainmode'])) {
$needsrestart = true;
unset($config['ipsec']['acceptunencryptedmainmode']);
}
- if(!empty($_POST['uniqueids'])) {
+ if (!empty($_POST['uniqueids'])) {
$config['ipsec']['uniqueids'] = $_POST['uniqueids'];
} else {
unset($config['ipsec']['uniqueids']);
}
- if($_POST['maxmss_enable'] == "yes") {
+ if ($_POST['maxmss_enable'] == "yes") {
$config['system']['maxmss_enable'] = true;
$config['system']['maxmss'] = $_POST['maxmss'];
} else {
@@ -196,10 +204,11 @@ if ($_POST) {
$retval = 0;
$retval = filter_configure();
- if(stristr($retval, "error") <> true)
+ if (stristr($retval, "error") <> true) {
$savemsg = get_std_save_message(gettext($retval));
- else
+ } else {
$savemsg = gettext($retval);
+ }
vpn_ipsec_configure($needsrestart);
vpn_ipsec_configure_loglevels();
@@ -209,7 +218,7 @@ if ($_POST) {
}
}
-$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Settings"));
+$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Settings"));
$shortcut_section = "ipsec";
include("head.inc");
@@ -222,10 +231,11 @@ include("head.inc");
//<![CDATA[
function maxmss_checked(obj) {
- if (obj.checked)
+ if (obj.checked) {
jQuery('#maxmss').attr('disabled',false);
- else
+ } else {
jQuery('#maxmss').attr('disabled','true');
+ }
}
//]]>
@@ -234,10 +244,12 @@ function maxmss_checked(obj) {
<form action="vpn_ipsec_settings.php" method="post" name="iform" id="iform">
<?php
- if ($savemsg)
+ if ($savemsg) {
print_info_box($savemsg);
- if ($input_errors)
+ }
+ if ($input_errors) {
print_input_errors($input_errors);
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec settings">
@@ -266,23 +278,26 @@ function maxmss_checked(obj) {
<strong><?=gettext("Start IPsec in debug mode based on sections selected"); ?></strong>
<br />
<table summary="ipsec debug">
- <?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?>
- <tr>
- <td width="22%" valign="top" class="vncell"><?=$ldescr;?></td>
- <td width="78%" valign="top" class="vncell">
- <?php echo "<select name=\"ipsec_{$lkey}\" id=\"ipsec_{$lkey}\">\n";
- foreach (array("Silent", "Audit", "Control", "Diag", "Raw", "Highest") as $lidx => $lvalue) {
- echo "<option value=\"{$lidx}\" ";
- if ($pconfig["ipsec_{$lkey}"] == $lidx)
- echo "selected=\"selected\"";
- echo ">{$lvalue}</option>\n";
- }
- ?>
- </select>
- </td>
- </tr>
- <?php endforeach; ?>
- <tr style="display:none;"><td></td></tr>
+ <?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?=$ldescr;?></td>
+ <td width="78%" valign="top" class="vncell">
+ <?php
+ echo "<select name=\"ipsec_{$lkey}\" id=\"ipsec_{$lkey}\">\n";
+ foreach (array("Silent", "Audit", "Control", "Diag", "Raw", "Highest") as $lidx => $lvalue) {
+ echo "<option value=\"{$lidx}\" ";
+ if ($pconfig["ipsec_{$lkey}"] == $lidx)
+ echo "selected=\"selected\"";
+ echo ">{$lvalue}</option>\n";
+ }
+ ?>
+ </select>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ <tr style="display:none;">
+ <td></td>
+ </tr>
</table>
<br /><?=gettext("Launches IPsec in debug mode so that more verbose logs " .
"will be generated to aid in troubleshooting."); ?>
@@ -292,15 +307,17 @@ function maxmss_checked(obj) {
<td width="22%" valign="top" class="vncell"><?=gettext("Unique IDs"); ?></td>
<td width="78%" class="vtable">
<strong><?=gettext("Configure Unique IDs as: "); ?></strong>
- <?php echo "<select name=\"uniqueids\" id=\"uniqueids\">\n";
+ <?php
+ echo "<select name=\"uniqueids\" id=\"uniqueids\">\n";
foreach ($ipsec_idhandling as $value => $lvalue) {
echo "<option value=\"{$value}\" ";
- if ($pconfig['uniqueids'] == $value)
+ if ($pconfig['uniqueids'] == $value) {
echo "selected=\"selected\"";
+ }
echo ">{$lvalue}</option>\n";
}
?>
- </select>
+ </select>
<br />
<?=gettext("whether a particular participant ID should be kept unique, with any new IKE_SA using an ID " .
"deemed to replace all old ones using that ID. Participant IDs normally are unique, so a new " .
diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php
index 4ee0278..b0b2e4e 100644
--- a/usr/local/www/vpn_openvpn_client.php
+++ b/usr/local/www/vpn_openvpn_client.php
@@ -42,39 +42,47 @@ require_once("pkg-utils.inc");
$pgtitle = array(gettext("OpenVPN"), gettext("Client"));
$shortcut_section = "openvpn";
-if (!is_array($config['openvpn']['openvpn-client']))
+if (!is_array($config['openvpn']['openvpn-client'])) {
$config['openvpn']['openvpn-client'] = array();
+}
$a_client = &$config['openvpn']['openvpn-client'];
-if (!is_array($config['ca']))
+if (!is_array($config['ca'])) {
$config['ca'] = array();
+}
$a_ca =& $config['ca'];
-if (!is_array($config['cert']))
+if (!is_array($config['cert'])) {
$config['cert'] = array();
+}
$a_cert =& $config['cert'];
-if (!is_array($config['crl']))
+if (!is_array($config['crl'])) {
$config['crl'] = array();
+}
$a_crl =& $config['crl'];
-if (is_numericint($_GET['id']))
+if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
-if (isset($_POST['id']) && is_numericint($_POST['id']))
+}
+if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
+}
$act = $_GET['act'];
-if (isset($_POST['act']))
+if (isset($_POST['act'])) {
$act = $_POST['act'];
+}
-if (isset($id) && $a_client[$id])
+if (isset($id) && $a_client[$id]) {
$vpnid = $a_client[$id]['vpnid'];
-else
+} else {
$vpnid = 0;
+}
if ($_GET['act'] == "del") {
@@ -82,14 +90,15 @@ if ($_GET['act'] == "del") {
pfSenseHeader("vpn_openvpn_client.php");
exit;
}
- if (!empty($a_client[$id]))
+ if (!empty($a_client[$id])) {
openvpn_delete('client', $a_client[$id]);
+ }
unset($a_client[$id]);
write_config();
$savemsg = gettext("Client successfully deleted")."<br />";
}
-if($_GET['act']=="new"){
+if ($_GET['act'] == "new") {
$pconfig['autokey_enable'] = "yes";
$pconfig['tlsauth_enable'] = "yes";
$pconfig['autotls_enable'] = "yes";
@@ -101,13 +110,14 @@ if($_GET['act']=="new"){
}
global $simplefields;
-$simplefields = array('auth_user','auth_pass');
+$simplefields = array('auth_user', 'auth_pass');
-if($_GET['act']=="edit"){
+if ($_GET['act'] == "edit") {
if (isset($id) && $a_client[$id]) {
- foreach($simplefields as $stat)
+ foreach ($simplefields as $stat) {
$pconfig[$stat] = $a_client[$id][$stat];
+ }
$pconfig['disable'] = isset($a_client[$id]['disable']);
$pconfig['mode'] = $a_client[$id]['mode'];
@@ -137,8 +147,9 @@ if($_GET['act']=="edit"){
$pconfig['tlsauth_enable'] = "yes";
$pconfig['tls'] = base64_decode($a_client[$id]['tls']);
}
- } else
+ } else {
$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
+ }
$pconfig['crypto'] = $a_client[$id]['crypto'];
// OpenVPN Defaults to SHA1 if unset
$pconfig['digest'] = !empty($a_client[$id]['digest']) ? $a_client[$id]['digest'] : "SHA1";
@@ -155,14 +166,15 @@ if($_GET['act']=="edit"){
// just in case the modes switch
$pconfig['autokey_enable'] = "yes";
$pconfig['autotls_enable'] = "yes";
-
+
$pconfig['no_tun_ipv6'] = $a_client[$id]['no_tun_ipv6'];
$pconfig['route_no_pull'] = $a_client[$id]['route_no_pull'];
$pconfig['route_no_exec'] = $a_client[$id]['route_no_exec'];
- if (isset($a_client[$id]['verbosity_level']))
+ if (isset($a_client[$id]['verbosity_level'])) {
$pconfig['verbosity_level'] = $a_client[$id]['verbosity_level'];
- else
+ } else {
$pconfig['verbosity_level'] = 1; // Default verbosity is 1
+ }
}
}
@@ -171,12 +183,13 @@ if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
- if (isset($id) && $a_client[$id])
+ if (isset($id) && $a_client[$id]) {
$vpnid = $a_client[$id]['vpnid'];
- else
+ } else {
$vpnid = 0;
+ }
- list($iv_iface, $iv_ip) = explode ("|",$pconfig['interface']);
+ list($iv_iface, $iv_ip) = explode ("|", $pconfig['interface']);
if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) {
$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
} elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) {
@@ -187,71 +200,91 @@ if ($_POST) {
$input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
}
- if ($pconfig['mode'] != "p2p_shared_key")
+ if ($pconfig['mode'] != "p2p_shared_key") {
$tls_mode = true;
- else
+ } else {
$tls_mode = false;
+ }
/* input validation */
if ($pconfig['local_port']) {
- if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
+ if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) {
$input_errors[] = $result;
+ }
$portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid);
- if (($portused != $vpnid) && ($portused != 0))
+ if (($portused != $vpnid) && ($portused != 0)) {
$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
+ }
}
- if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address'))
+ if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address')) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port'))
+ if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port')) {
$input_errors[] = $result;
+ }
if ($pconfig['proxy_addr']) {
- if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address'))
+ if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address')) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port'))
+ if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port')) {
$input_errors[] = $result;
+ }
if ($pconfig['proxy_authtype'] != "none") {
- if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd']))
+ if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd'])) {
$input_errors[] = gettext("User name and password are required for proxy with authentication.");
+ }
}
}
- if($pconfig['tunnel_network'])
- if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4"))
+ if ($pconfig['tunnel_network']) {
+ if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) {
$input_errors[] = $result;
+ }
+ }
- if($pconfig['tunnel_networkv6'])
- if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6"))
+ if ($pconfig['tunnel_networkv6']) {
+ if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) {
$input_errors[] = $result;
+ }
+ }
- if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4"))
+ if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6"))
+ if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) {
$input_errors[] = $result;
+ }
- if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) || ($pconfig['use_shaper'] <= 0)))
+ if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) || ($pconfig['use_shaper'] <= 0))) {
$input_errors[] = gettext("The bandwidth limit must be a positive numeric value.");
+ }
- if ($pconfig['autokey_enable'])
+ if ($pconfig['autokey_enable']) {
$pconfig['shared_key'] = openvpn_create_key();
+ }
- if (!$tls_mode && !$pconfig['autokey_enable'])
+ if (!$tls_mode && !$pconfig['autokey_enable']) {
if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
- !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
+ !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) {
$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
+ }
+ }
- if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
+ if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) {
if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
- !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
+ !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) {
$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
+ }
+ }
/* If we are not in shared key mode, then we need the CA/Cert. */
if ($pconfig['mode'] != "p2p_shared_key") {
@@ -273,19 +306,22 @@ if ($_POST) {
$client = array();
- foreach($simplefields as $stat)
+ foreach ($simplefields as $stat) {
update_if_changed($stat, $client[$stat], $_POST[$stat]);
+ }
- if ($vpnid)
+ if ($vpnid) {
$client['vpnid'] = $vpnid;
- else
+ } else {
$client['vpnid'] = openvpn_vpnid_next();
+ }
- if ($_POST['disable'] == "yes")
+ if ($_POST['disable'] == "yes") {
$client['disable'] = true;
+ }
$client['protocol'] = $pconfig['protocol'];
$client['dev_mode'] = $pconfig['dev_mode'];
- list($client['interface'], $client['ipaddr']) = explode ("|",$pconfig['interface']);
+ list($client['interface'], $client['ipaddr']) = explode ("|", $pconfig['interface']);
$client['local_port'] = $pconfig['local_port'];
$client['server_addr'] = $pconfig['server_addr'];
$client['server_port'] = $pconfig['server_port'];
@@ -303,8 +339,9 @@ if ($_POST) {
$client['caref'] = $pconfig['caref'];
$client['certref'] = $pconfig['certref'];
if ($pconfig['tlsauth_enable']) {
- if ($pconfig['autotls_enable'])
+ if ($pconfig['autotls_enable']) {
$pconfig['tls'] = openvpn_create_key();
+ }
$client['tls'] = base64_encode($pconfig['tls']);
}
} else {
@@ -327,10 +364,11 @@ if ($_POST) {
$client['route_no_exec'] = $pconfig['route_no_exec'];
$client['verbosity_level'] = $pconfig['verbosity_level'];
- if (isset($id) && $a_client[$id])
+ if (isset($id) && $a_client[$id]) {
$a_client[$id] = $client;
- else
+ } else {
$a_client[] = $client;
+ }
openvpn_resync('client', $client);
write_config();
@@ -352,7 +390,7 @@ include("head.inc");
function mode_change() {
index = document.iform.mode.selectedIndex;
value = document.iform.mode.options[index].value;
- switch(value) {
+ switch (value) {
case "p2p_tls":
document.getElementById("tls").style.display="";
document.getElementById("tls_ca").style.display="";
@@ -375,7 +413,7 @@ function mode_change() {
function dev_mode_change() {
index = document.iform.dev_mode.selectedIndex;
value = document.iform.dev_mode.options[index].value;
- switch(value) {
+ switch (value) {
case "tun":
document.getElementById("chkboxNoTunIPv6").style.display="";
break;
@@ -386,10 +424,11 @@ function dev_mode_change() {
}
function autokey_change() {
- if (document.iform.autokey_enable.checked)
+ if (document.iform.autokey_enable.checked) {
document.getElementById("autokey_opts").style.display="none";
- else
+ } else {
document.getElementById("autokey_opts").style.display="";
+ }
}
function useproxy_changed() {
@@ -404,10 +443,11 @@ function useproxy_changed() {
function tlsauth_change() {
<?php if (!$pconfig['tls']): ?>
- if (document.iform.tlsauth_enable.checked)
+ if (document.iform.tlsauth_enable.checked) {
document.getElementById("tlsauth_opts").style.display="";
- else
+ } else {
document.getElementById("tlsauth_opts").style.display="none";
+ }
<?php endif; ?>
autotls_change();
@@ -421,22 +461,26 @@ function autotls_change() {
autocheck = false;
<?php endif; ?>
- if (document.iform.tlsauth_enable.checked && !autocheck)
+ if (document.iform.tlsauth_enable.checked && !autocheck) {
document.getElementById("autotls_opts").style.display="";
- else
+ } else {
document.getElementById("autotls_opts").style.display="none";
+ }
}
//]]>
</script>
<?php
-if (!$savemsg)
+if (!$savemsg) {
$savemsg = "";
+}
-if ($input_errors)
+if ($input_errors) {
print_input_errors($input_errors);
-if ($savemsg)
+}
+if ($savemsg) {
print_info_box($savemsg);
+}
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn client">
<tr>
@@ -455,7 +499,7 @@ if ($savemsg)
<tr>
<td class="tabcont">
- <?php if($act=="new" || $act=="edit"): ?>
+ <?php if ($act=="new" || $act=="edit"): ?>
<form action="vpn_openvpn_client.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="general information">
@@ -468,7 +512,7 @@ if ($savemsg)
<table border="0" cellpadding="0" cellspacing="0" summary="enable disable client">
<tr>
<td>
- <?php set_checked($pconfig['disable'],$chk); ?>
+ <?php set_checked($pconfig['disable'], $chk); ?>
<input name="disable" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -489,8 +533,9 @@ if ($savemsg)
<?php
foreach ($openvpn_client_modes as $name => $desc):
$selected = "";
- if ($pconfig['mode'] == $name)
+ if ($pconfig['mode'] == $name) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
<?php endforeach; ?>
@@ -499,33 +544,35 @@ if ($savemsg)
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<select name='protocol' class="formselect">
<?php
foreach ($openvpn_prots as $prot):
$selected = "";
- if ($pconfig['protocol'] == $prot)
+ if ($pconfig['protocol'] == $prot) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
<?php endforeach; ?>
</select>
- </td>
+ </td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<select name='dev_mode' class="formselect" onchange="dev_mode_change()">
<?php
foreach ($openvpn_dev_mode as $mode):
$selected = "";
- if ($pconfig['dev_mode'] == $mode)
+ if ($pconfig['dev_mode'] == $mode) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option>
<?php endforeach; ?>
</select>
- </td>
+ </td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
@@ -534,27 +581,32 @@ if ($savemsg)
<?php
$interfaces = get_configured_interface_with_descr();
$carplist = get_configured_carp_interface_list();
- foreach ($carplist as $cif => $carpip)
+ foreach ($carplist as $cif => $carpip) {
$interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
+ }
$aliaslist = get_configured_ip_aliases_list();
- foreach ($aliaslist as $aliasip => $aliasif)
+ foreach ($aliaslist as $aliasip => $aliasif) {
$interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
+ }
$grouplist = return_gateway_groups_array();
foreach ($grouplist as $name => $group) {
- if($group['ipprotocol'] != inet)
+ if ($group['ipprotocol'] != inet) {
continue;
- if($group[0]['vip'] <> "")
+ }
+ if ($group[0]['vip'] <> "") {
$vipif = $group[0]['vip'];
- else
+ } else {
$vipif = $group[0]['int'];
+ }
$interfaces[$name] = "GW Group {$name}";
}
$interfaces['lo0'] = "Localhost";
$interfaces['any'] = "any";
foreach ($interfaces as $iface => $ifacename):
$selected = "";
- if ($iface == $pconfig['interface'])
+ if ($iface == $pconfig['interface']) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$iface;?>" <?=$selected;?>>
<?=htmlspecialchars($ifacename);?>
@@ -645,7 +697,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="server host name resolution">
<tr>
<td>
- <?php set_checked($pconfig['resolve_retry'],$chk); ?>
+ <?php set_checked($pconfig['resolve_retry'], $chk); ?>
<input name="resolve_retry" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -682,22 +734,22 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="user name password">
<tr>
<td align="right" width="25%">
- <span class="vexpl">
- &nbsp;<?=gettext("Username"); ?> :&nbsp;
- </span>
+ <span class="vexpl">
+ &nbsp;<?=gettext("Username"); ?> :&nbsp;
+ </span>
</td>
<td>
- <input name="auth_user" id="auth_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['auth_user']);?>" />
+ <input name="auth_user" id="auth_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['auth_user']);?>" />
</td>
</tr>
<tr>
<td align="right" width="25%">
- <span class="vexpl">
- &nbsp;<?=gettext("Password"); ?> :&nbsp;
- </span>
+ <span class="vexpl">
+ &nbsp;<?=gettext("Password"); ?> :&nbsp;
+ </span>
</td>
<td>
- <input name="auth_pass" id="auth_pass" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['auth_pass']);?>" />
+ <input name="auth_pass" id="auth_pass" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['auth_pass']);?>" />
</td>
</tr>
</table>
@@ -712,7 +764,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="tls authentication">
<tr>
<td>
- <?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
+ <?php set_checked($pconfig['tlsauth_enable'], $chk); ?>
<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onclick="tlsauth_change()" />
</td>
<td>
@@ -726,7 +778,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" id="tlsauth_opts" summary="tls authentication options">
<tr>
<td>
- <?php set_checked($pconfig['autotls_enable'],$chk); ?>
+ <?php set_checked($pconfig['autotls_enable'], $chk); ?>
<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autotls_change()" />
</td>
<td>
@@ -750,14 +802,15 @@ if ($savemsg)
</tr>
<tr id="tls_ca">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<?php if (count($a_ca)): ?>
<select name='caref' class="formselect">
<?php
foreach ($a_ca as $ca):
$selected = "";
- if ($pconfig['caref'] == $ca['refid'])
+ if ($pconfig['caref'] == $ca['refid']) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
<?php endforeach; ?>
@@ -769,7 +822,7 @@ if ($savemsg)
</tr>
<tr id="tls_cert">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<select name='certref' class="formselect">
<?php
foreach ($a_cert as $cert):
@@ -778,22 +831,26 @@ if ($savemsg)
$inuse = "";
$revoked = "";
$ca = lookup_ca($cert['caref']);
- if ($ca)
+ if ($ca) {
$caname = " (CA: {$ca['descr']})";
- if ($pconfig['certref'] == $cert['refid'])
+ }
+ if ($pconfig['certref'] == $cert['refid']) {
$selected = "selected=\"selected\"";
- if (cert_in_use($cert['refid']))
+ }
+ if (cert_in_use($cert['refid'])) {
$inuse = " *In Use";
- if (is_cert_revoked($cert))
+ }
+ if (is_cert_revoked($cert)) {
$revoked = " *Revoked";
+ }
?>
<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
<?php endforeach; ?>
<option value="" <?PHP if (empty($pconfig['certref'])) echo "selected=\"selected\""; ?>>None (Username and Password required)</option>
</select>
- <?php if (!count($a_cert)): ?>
- <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System &gt; Cert Manager</a> if one is required for this connection.
- <?php endif; ?>
+ <?php if (!count($a_cert)): ?>
+ <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System &gt; Cert Manager</a> if one is required for this connection.
+ <?php endif; ?>
</td>
</tr>
<tr id="psk">
@@ -803,7 +860,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="shared key">
<tr>
<td>
- <?php set_checked($pconfig['autokey_enable'],$chk); ?>
+ <?php set_checked($pconfig['autokey_enable'], $chk); ?>
<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autokey_change()" />
</td>
<td>
@@ -832,9 +889,10 @@ if ($savemsg)
<?php
$cipherlist = openvpn_get_cipherlist();
foreach ($cipherlist as $name => $desc):
- $selected = "";
- if ($name == $pconfig['crypto'])
- $selected = " selected=\"selected\"";
+ $selected = "";
+ if ($name == $pconfig['crypto']) {
+ $selected = " selected=\"selected\"";
+ }
?>
<option value="<?=$name;?>"<?=$selected?>>
<?=htmlspecialchars($desc);?>
@@ -851,8 +909,9 @@ if ($savemsg)
$digestlist = openvpn_get_digestlist();
foreach ($digestlist as $name => $desc):
$selected = "";
- if ($name == $pconfig['digest'])
+ if ($name == $pconfig['digest']) {
$selected = " selected=\"selected\"";
+ }
?>
<option value="<?=$name;?>"<?=$selected?>>
<?=htmlspecialchars($desc);?>
@@ -870,8 +929,9 @@ if ($savemsg)
$engines = openvpn_get_engines();
foreach ($engines as $name => $desc):
$selected = "";
- if ($name == $pconfig['engine'])
+ if ($name == $pconfig['engine']) {
$selected = " selected=\"selected\"";
+ }
?>
<option value="<?=$name;?>"<?=$selected?>>
<?=htmlspecialchars($desc);?>
@@ -959,11 +1019,12 @@ if ($savemsg)
<select name="compression" class="formselect">
<?php
foreach ($openvpn_compression_modes as $cmode => $cmodedesc):
- $selected = "";
- if ($cmode == $pconfig['compression'])
- $selected = " selected=\"selected\"";
+ $selected = "";
+ if ($cmode == $pconfig['compression']) {
+ $selected = " selected=\"selected\"";
+ }
?>
- <option value="<?= $cmode ?>" <?= $selected ?>><?= $cmodedesc ?></option>
+ <option value="<?= $cmode ?>" <?= $selected ?>><?= $cmodedesc ?></option>
<?php endforeach; ?>
</select>
<br />
@@ -976,7 +1037,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="type-of-service">
<tr>
<td>
- <?php set_checked($pconfig['passtos'],$chk); ?>
+ <?php set_checked($pconfig['passtos'], $chk); ?>
<input name="passtos" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -995,7 +1056,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6">
<tr>
<td>
- <?php set_checked($pconfig['no_tun_ipv6'],$chk); ?>
+ <?php set_checked($pconfig['no_tun_ipv6'], $chk); ?>
<input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -1014,7 +1075,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="dont-pull-routes">
<tr>
<td>
- <?php set_checked($pconfig['route_no_pull'],$chk); ?>
+ <?php set_checked($pconfig['route_no_pull'], $chk); ?>
<input name="route_no_pull" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -1033,7 +1094,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="dont-exec-routes">
<tr>
<td>
- <?php set_checked($pconfig['route_no_exec'],$chk); ?>
+ <?php set_checked($pconfig['route_no_exec'], $chk); ?>
<input name="route_no_exec" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -1070,14 +1131,15 @@ if ($savemsg)
</tr>
<tr id="comboboxVerbosityLevel">
- <td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td>
- <td width="78%" class="vtable">
+ <td width="22%" valign="top" class="vncell"><?=gettext("Verbosity level");?></td>
+ <td width="78%" class="vtable">
<select name="verbosity_level" class="formselect">
<?php
foreach ($openvpn_verbosity_level as $verb_value => $verb_desc):
$selected = "";
- if ($pconfig['verbosity_level'] == $verb_value)
+ if ($pconfig['verbosity_level'] == $verb_value) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option>
<?php endforeach; ?>
@@ -1088,7 +1150,7 @@ if ($savemsg)
<strong>default</strong>-<strong>4</strong> -- <?=gettext("Normal usage range"); ?>. <br />
<strong>5</strong> -- <?=gettext("Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"); ?>. <br />
<strong>6</strong>-<strong>11</strong> -- <?=gettext("Debug info range"); ?>.
- </td>
+ </td>
</tr>
</table>
@@ -1139,10 +1201,11 @@ if ($savemsg)
<tbody>
<?php
$i = 0;
- foreach($a_client as $client):
+ foreach ($a_client as $client):
$disabled = "NO";
- if (isset($client['disable']))
+ if (isset($client['disable'])) {
$disabled = "YES";
+ }
$server = "{$client['server_addr']}:{$client['server_port']}";
?>
<tr ondblclick="document.location='vpn_openvpn_client.php?act=edit&amp;id=<?=$i;?>'">
@@ -1197,11 +1260,12 @@ useproxy_changed();
/* local utility functions */
-function set_checked($var,& $chk) {
- if($var)
+function set_checked($var, & $chk) {
+ if ($var) {
$chk = "checked=\"checked\"";
- else
+ } else {
$chk = "";
+ }
}
?>
diff --git a/usr/local/www/vpn_openvpn_csc.php b/usr/local/www/vpn_openvpn_csc.php
index 0241d12..0211c2c 100644
--- a/usr/local/www/vpn_openvpn_csc.php
+++ b/usr/local/www/vpn_openvpn_csc.php
@@ -1,21 +1,21 @@
-<?php
+<?php
/*
vpn_openvpn_csc.php
Copyright (C) 2008 Shrew Soft Inc.
Copyright (C) 2013-2015 Electric Sheep Fencing, LP
- All rights reserved.
+ All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -42,19 +42,23 @@ require_once("pkg-utils.inc");
$pgtitle = array(gettext("OpenVPN"), gettext("Client Specific Override"));
$shortcut_section = "openvpn";
-if (!is_array($config['openvpn']['openvpn-csc']))
+if (!is_array($config['openvpn']['openvpn-csc'])) {
$config['openvpn']['openvpn-csc'] = array();
+}
$a_csc = &$config['openvpn']['openvpn-csc'];
-if (is_numericint($_GET['id']))
+if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
-if (isset($_POST['id']) && is_numericint($_POST['id']))
+}
+if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
+}
$act = $_GET['act'];
-if (isset($_POST['act']))
+if (isset($_POST['act'])) {
$act = $_POST['act'];
+}
if ($_GET['act'] == "del") {
@@ -69,7 +73,7 @@ if ($_GET['act'] == "del") {
$savemsg = gettext("Client Specific Override successfully deleted")."<br />";
}
-if($_GET['act']=="edit"){
+if ($_GET['act'] == "edit") {
if (isset($id) && $a_csc[$id]) {
$pconfig['custom_options'] = $a_csc[$id]['custom_options'];
@@ -88,24 +92,27 @@ if($_GET['act']=="edit"){
$pconfig['push_reset'] = $a_csc[$id]['push_reset'];
$pconfig['dns_domain'] = $a_csc[$id]['dns_domain'];
- if ($pconfig['dns_domain'])
+ if ($pconfig['dns_domain']) {
$pconfig['dns_domain_enable'] = true;
+ }
$pconfig['dns_server1'] = $a_csc[$id]['dns_server1'];
$pconfig['dns_server2'] = $a_csc[$id]['dns_server2'];
$pconfig['dns_server3'] = $a_csc[$id]['dns_server3'];
$pconfig['dns_server4'] = $a_csc[$id]['dns_server4'];
if ($pconfig['dns_server1'] ||
- $pconfig['dns_server2'] ||
- $pconfig['dns_server3'] ||
- $pconfig['dns_server4'])
+ $pconfig['dns_server2'] ||
+ $pconfig['dns_server3'] ||
+ $pconfig['dns_server4']) {
$pconfig['dns_server_enable'] = true;
+ }
$pconfig['ntp_server1'] = $a_csc[$id]['ntp_server1'];
$pconfig['ntp_server2'] = $a_csc[$id]['ntp_server2'];
if ($pconfig['ntp_server1'] ||
- $pconfig['ntp_server2'])
+ $pconfig['ntp_server2']) {
$pconfig['ntp_server_enable'] = true;
+ }
$pconfig['netbios_enable'] = $a_csc[$id]['netbios_enable'];
$pconfig['netbios_ntype'] = $a_csc[$id]['netbios_ntype'];
@@ -114,12 +121,14 @@ if($_GET['act']=="edit"){
$pconfig['wins_server1'] = $a_csc[$id]['wins_server1'];
$pconfig['wins_server2'] = $a_csc[$id]['wins_server2'];
if ($pconfig['wins_server1'] ||
- $pconfig['wins_server2'])
+ $pconfig['wins_server2']) {
$pconfig['wins_server_enable'] = true;
+ }
$pconfig['nbdd_server1'] = $a_csc[$id]['nbdd_server1'];
- if ($pconfig['nbdd_server1'])
+ if ($pconfig['nbdd_server1']) {
$pconfig['nbdd_server_enable'] = true;
+ }
}
}
@@ -129,67 +138,85 @@ if ($_POST) {
$pconfig = $_POST;
/* input validation */
- if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network'))
+ if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network')) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4"))
+ if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4")) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6"))
+ if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6")) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4"))
+ if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6"))
+ if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) {
$input_errors[] = $result;
+ }
if ($pconfig['dns_server_enable']) {
- if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1'])))
+ if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) {
$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
- if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2'])))
+ }
+ if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) {
$input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
- if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3'])))
+ }
+ if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) {
$input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
- if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4'])))
+ }
+ if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) {
$input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
+ }
}
if ($pconfig['ntp_server_enable']) {
- if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1'])))
+ if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) {
$input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
- if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2'])))
+ }
+ if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) {
$input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
- if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3'])))
+ }
+ if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) {
$input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address");
- if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4'])))
+ }
+ if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) {
$input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address");
+ }
}
if ($pconfig['netbios_enable']) {
if ($pconfig['wins_server_enable']) {
- if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1'])))
+ if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) {
$input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
- if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2'])))
+ }
+ if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) {
$input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
+ }
}
- if ($pconfig['nbdd_server_enable'])
- if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1'])))
+ if ($pconfig['nbdd_server_enable']) {
+ if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) {
$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
+ }
+ }
}
$reqdfields[] = 'common_name';
$reqdfieldsn[] = 'Common name';
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if (!$input_errors) {
$csc = array();
$csc['custom_options'] = $pconfig['custom_options'];
- if ($_POST['disable'] == "yes")
+ if ($_POST['disable'] == "yes") {
$csc['disable'] = true;
+ }
$csc['common_name'] = $pconfig['common_name'];
$csc['block'] = $pconfig['block'];
$csc['description'] = $pconfig['description'];
@@ -203,8 +230,9 @@ if ($_POST) {
$csc['push_reset'] = $pconfig['push_reset'];
- if ($pconfig['dns_domain_enable'])
+ if ($pconfig['dns_domain_enable']) {
$csc['dns_domain'] = $pconfig['dns_domain'];
+ }
if ($pconfig['dns_server_enable']) {
$csc['dns_server1'] = $pconfig['dns_server1'];
@@ -229,21 +257,24 @@ if ($_POST) {
$csc['wins_server2'] = $pconfig['wins_server2'];
}
- if ($pconfig['dns_server_enable'])
+ if ($pconfig['dns_server_enable']) {
$csc['nbdd_server1'] = $pconfig['nbdd_server1'];
+ }
}
-
+
if (isset($id) && $a_csc[$id]) {
$old_csc_cn = $a_csc[$id]['common_name'];
$a_csc[$id] = $csc;
- } else
+ } else {
$a_csc[] = $csc;
+ }
- if (!empty($old_csc_cn))
+ if (!empty($old_csc_cn)) {
openvpn_cleanup_csc($old_csc_cn);
+ }
openvpn_resync_csc($csc);
write_config();
-
+
header("Location: vpn_openvpn_csc.php");
exit;
}
@@ -260,34 +291,38 @@ include("head.inc");
function dns_domain_change() {
- if (document.iform.dns_domain_enable.checked)
+ if (document.iform.dns_domain_enable.checked) {
document.getElementById("dns_domain_data").style.display="";
- else
+ } else {
document.getElementById("dns_domain_data").style.display="none";
+ }
}
function dns_server_change() {
- if (document.iform.dns_server_enable.checked)
+ if (document.iform.dns_server_enable.checked) {
document.getElementById("dns_server_data").style.display="";
- else
+ } else {
document.getElementById("dns_server_data").style.display="none";
+ }
}
function wins_server_change() {
- if (document.iform.wins_server_enable.checked)
+ if (document.iform.wins_server_enable.checked) {
document.getElementById("wins_server_data").style.display="";
- else
+ } else {
document.getElementById("wins_server_data").style.display="none";
+ }
}
function ntp_server_change() {
- if (document.iform.ntp_server_enable.checked)
+ if (document.iform.ntp_server_enable.checked) {
document.getElementById("ntp_server_data").style.display="";
- else
+ } else {
document.getElementById("ntp_server_data").style.display="none";
+ }
}
function netbios_change() {
@@ -304,15 +339,17 @@ function netbios_change() {
//]]>
</script>
<?php
- if ($input_errors)
+ if ($input_errors) {
print_input_errors($input_errors);
- if ($savemsg)
+ }
+ if ($savemsg) {
print_info_box($savemsg);
+ }
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn csc">
- <tr>
+ <tr>
<td class="tabnavtbl">
- <?php
+ <?php
$tab_array = array();
$tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php");
$tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php");
@@ -322,24 +359,24 @@ function netbios_change() {
display_top_tabs($tab_array);
?>
</td>
- </tr>
+ </tr>
<tr>
<td class="tabcont">
- <?php if($act=="new" || $act=="edit"): ?>
+ <?php if ($act=="new" || $act=="edit"): ?>
<form action="vpn_openvpn_csc.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="general information">
<tr>
<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
<td width="78%" class="vtable">
<table border="0" cellpadding="0" cellspacing="0" summary="enable disable">
<tr>
<td>
- <?php set_checked($pconfig['disable'],$chk); ?>
+ <?php set_checked($pconfig['disable'], $chk); ?>
<input name="disable" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -353,17 +390,17 @@ function netbios_change() {
<?=gettext("Set this option to disable this client-specific override without removing it from the list"); ?>.
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Common name"); ?></td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="common_name" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['common_name']);?>" />
<br />
<?=gettext("Enter the client's X.509 common name here"); ?>.
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>" />
<br />
<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
@@ -375,7 +412,7 @@ function netbios_change() {
<table border="0" cellpadding="2" cellspacing="0" summary="connection blocking">
<tr>
<td>
- <?php set_checked($pconfig['block'],$chk); ?>
+ <?php set_checked($pconfig['block'], $chk); ?>
<input name="block" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -468,7 +505,7 @@ function netbios_change() {
<table border="0" cellpadding="2" cellspacing="0" summary="redirect gateway">
<tr>
<td>
- <?php set_checked($pconfig['gwredir'],$chk); ?>
+ <?php set_checked($pconfig['gwredir'], $chk); ?>
<input name="gwredir" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -492,7 +529,7 @@ function netbios_change() {
<table border="0" cellpadding="2" cellspacing="0" summary="server definitions">
<tr>
<td>
- <?php set_checked($pconfig['push_reset'],$chk); ?>
+ <?php set_checked($pconfig['push_reset'], $chk); ?>
<input name="push_reset" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -510,12 +547,12 @@ function netbios_change() {
<table border="0" cellpadding="2" cellspacing="0" summary="dns default domain">
<tr>
<td>
- <?php set_checked($pconfig['dns_domain_enable'],$chk); ?>
+ <?php set_checked($pconfig['dns_domain_enable'], $chk); ?>
<input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onclick="dns_domain_change()" />
</td>
<td>
<span class="vexpl">
- <?=gettext("Provide a default domain name to clients"); ?><br />
+ <?=gettext("Provide a default domain name to clients"); ?><br />
</span>
</td>
</tr>
@@ -535,7 +572,7 @@ function netbios_change() {
<table border="0" cellpadding="2" cellspacing="0" summary="dns servers">
<tr>
<td>
- <?php set_checked($pconfig['dns_server_enable'],$chk); ?>
+ <?php set_checked($pconfig['dns_server_enable'], $chk); ?>
<input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onclick="dns_server_change()" />
</td>
<td>
@@ -587,7 +624,7 @@ function netbios_change() {
<table border="0" cellpadding="2" cellspacing="0" summary="ntp servers">
<tr>
<td>
- <?php set_checked($pconfig['ntp_server_enable'],$chk); ?>
+ <?php set_checked($pconfig['ntp_server_enable'], $chk); ?>
<input name="ntp_server_enable" type="checkbox" id="ntp_server_enable" value="yes" <?=$chk;?> onclick="ntp_server_change()" />
</td>
<td>
@@ -623,7 +660,7 @@ function netbios_change() {
<table border="0" cellpadding="2" cellspacing="0" summary="netbios options">
<tr>
<td>
- <?php set_checked($pconfig['netbios_enable'],$chk); ?>
+ <?php set_checked($pconfig['netbios_enable'], $chk); ?>
<input name="netbios_enable" type="checkbox" id="netbios_enable" value="yes" <?=$chk;?> onclick="netbios_change()" />
</td>
<td>
@@ -646,8 +683,9 @@ function netbios_change() {
<?php
foreach ($netbios_nodetypes as $type => $name):
$selected = "";
- if ($pconfig['netbios_ntype'] == $type)
+ if ($pconfig['netbios_ntype'] == $type) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$type;?>" <?=$selected;?>><?=$name;?></option>
<?php endforeach; ?>
@@ -683,7 +721,7 @@ function netbios_change() {
<table border="0" cellpadding="2" cellspacing="0" summary="wins servers">
<tr>
<td>
- <?php set_checked($pconfig['wins_server_enable'],$chk); ?>
+ <?php set_checked($pconfig['wins_server_enable'], $chk); ?>
<input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onclick="wins_server_change()" />
</td>
<td>
@@ -729,8 +767,8 @@ function netbios_change() {
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
+ <td width="78%">
+ <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
<input name="act" type="hidden" value="<?=$act;?>" />
<?php if (isset($id) && $a_csc[$id]): ?>
<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
@@ -751,10 +789,11 @@ function netbios_change() {
</tr>
<?php
$i = 0;
- foreach($a_csc as $csc):
+ foreach ($a_csc as $csc):
$disabled = "NO";
- if (isset($csc['disable']))
+ if (isset($csc['disable'])) {
$disabled = "YES";
+ }
?>
<tr ondblclick="document.location='vpn_openvpn_csc.php?act=edit&amp;id=<?=$i;?>'">
<td class="listlr">
@@ -777,7 +816,7 @@ function netbios_change() {
</td>
</tr>
<?php
- $i++;
+ $i++;
endforeach;
?>
<tr>
@@ -818,11 +857,12 @@ netbios_change();
/* local utility functions */
-function set_checked($var,& $chk) {
- if($var)
- $chk = "checked=\"checked\"";
- else
- $chk = "";
+function set_checked($var, & $chk) {
+ if ($var) {
+ $chk = "checked=\"checked\"";
+ } else {
+ $chk = "";
+ }
}
?>
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index 9ea7f6d..9b70468 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -1,21 +1,21 @@
-<?php
+<?php
/*
vpn_openvpn_server.php
Copyright (C) 2008 Shrew Soft Inc.
Copyright (C) 2013-2015 Electric Sheep Fencing, LP
- All rights reserved.
+ All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -39,43 +39,53 @@ require("guiconfig.inc");
require_once("openvpn.inc");
require_once("pkg-utils.inc");
-if (!is_array($config['openvpn']['openvpn-server']))
+if (!is_array($config['openvpn']['openvpn-server'])) {
$config['openvpn']['openvpn-server'] = array();
+}
$a_server = &$config['openvpn']['openvpn-server'];
-if (!is_array($config['ca']))
+if (!is_array($config['ca'])) {
$config['ca'] = array();
+}
$a_ca =& $config['ca'];
-if (!is_array($config['cert']))
+if (!is_array($config['cert'])) {
$config['cert'] = array();
+}
$a_cert =& $config['cert'];
-if (!is_array($config['crl']))
+if (!is_array($config['crl'])) {
$config['crl'] = array();
+}
$a_crl =& $config['crl'];
-foreach ($a_crl as $cid => $acrl)
- if (!isset($acrl['refid']))
+foreach ($a_crl as $cid => $acrl) {
+ if (!isset($acrl['refid'])) {
unset ($a_crl[$cid]);
+ }
+}
-if (is_numericint($_GET['id']))
+if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
-if (isset($_POST['id']) && is_numericint($_POST['id']))
+}
+if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
+}
$act = $_GET['act'];
-if (isset($_POST['act']))
+if (isset($_POST['act'])) {
$act = $_POST['act'];
+}
-if (isset($id) && $a_server[$id])
+if (isset($id) && $a_server[$id]) {
$vpnid = $a_server[$id]['vpnid'];
-else
+} else {
$vpnid = 0;
+}
if ($_GET['act'] == "del") {
@@ -83,14 +93,15 @@ if ($_GET['act'] == "del") {
pfSenseHeader("vpn_openvpn_server.php");
exit;
}
- if (!empty($a_server[$id]))
+ if (!empty($a_server[$id])) {
openvpn_delete('server', $a_server[$id]);
+ }
unset($a_server[$id]);
write_config();
$savemsg = gettext("Server successfully deleted")."<br />";
}
-if($_GET['act']=="new") {
+if ($_GET['act'] == "new") {
$pconfig['autokey_enable'] = "yes";
$pconfig['tlsauth_enable'] = "yes";
$pconfig['autotls_enable'] = "yes";
@@ -105,7 +116,7 @@ if($_GET['act']=="new") {
$pconfig['digest'] = "SHA1";
}
-if($_GET['act']=="edit") {
+if ($_GET['act'] == "edit") {
if (isset($id) && $a_server[$id]) {
$pconfig['disable'] = isset($a_server[$id]['disable']);
@@ -130,14 +141,17 @@ if($_GET['act']=="edit") {
$pconfig['crlref'] = $a_server[$id]['crlref'];
$pconfig['certref'] = $a_server[$id]['certref'];
$pconfig['dh_length'] = $a_server[$id]['dh_length'];
- if (isset($a_server[$id]['cert_depth']))
+ if (isset($a_server[$id]['cert_depth'])) {
$pconfig['cert_depth'] = $a_server[$id]['cert_depth'];
- else
+ } else {
$pconfig['cert_depth'] = 1;
- if ($pconfig['mode'] == "server_tls_user")
+ }
+ if ($pconfig['mode'] == "server_tls_user") {
$pconfig['strictusercn'] = $a_server[$id]['strictusercn'];
- } else
+ }
+ } else {
$pconfig['shared_key'] = base64_decode($a_server[$id]['shared_key']);
+ }
$pconfig['crypto'] = $a_server[$id]['crypto'];
// OpenVPN Defaults to SHA1 if unset
$pconfig['digest'] = !empty($a_server[$id]['digest']) ? $a_server[$id]['digest'] : "SHA1";
@@ -166,24 +180,27 @@ if($_GET['act']=="edit") {
$pconfig['serverbridge_dhcp_end'] = $a_server[$id]['serverbridge_dhcp_end'];
$pconfig['dns_domain'] = $a_server[$id]['dns_domain'];
- if ($pconfig['dns_domain'])
+ if ($pconfig['dns_domain']) {
$pconfig['dns_domain_enable'] = true;
+ }
$pconfig['dns_server1'] = $a_server[$id]['dns_server1'];
$pconfig['dns_server2'] = $a_server[$id]['dns_server2'];
$pconfig['dns_server3'] = $a_server[$id]['dns_server3'];
$pconfig['dns_server4'] = $a_server[$id]['dns_server4'];
if ($pconfig['dns_server1'] ||
- $pconfig['dns_server2'] ||
- $pconfig['dns_server3'] ||
- $pconfig['dns_server4'])
+ $pconfig['dns_server2'] ||
+ $pconfig['dns_server3'] ||
+ $pconfig['dns_server4']) {
$pconfig['dns_server_enable'] = true;
+ }
$pconfig['ntp_server1'] = $a_server[$id]['ntp_server1'];
$pconfig['ntp_server2'] = $a_server[$id]['ntp_server2'];
if ($pconfig['ntp_server1'] ||
- $pconfig['ntp_server2'])
+ $pconfig['ntp_server2']) {
$pconfig['ntp_server_enable'] = true;
+ }
$pconfig['netbios_enable'] = $a_server[$id]['netbios_enable'];
$pconfig['netbios_ntype'] = $a_server[$id]['netbios_ntype'];
@@ -192,29 +209,33 @@ if($_GET['act']=="edit") {
$pconfig['wins_server1'] = $a_server[$id]['wins_server1'];
$pconfig['wins_server2'] = $a_server[$id]['wins_server2'];
if ($pconfig['wins_server1'] ||
- $pconfig['wins_server2'])
+ $pconfig['wins_server2']) {
$pconfig['wins_server_enable'] = true;
+ }
$pconfig['client_mgmt_port'] = $a_server[$id]['client_mgmt_port'];
- if ($pconfig['client_mgmt_port'])
+ if ($pconfig['client_mgmt_port']) {
$pconfig['client_mgmt_port_enable'] = true;
+ }
$pconfig['nbdd_server1'] = $a_server[$id]['nbdd_server1'];
- if ($pconfig['nbdd_server1'])
+ if ($pconfig['nbdd_server1']) {
$pconfig['nbdd_server_enable'] = true;
+ }
// just in case the modes switch
$pconfig['autokey_enable'] = "yes";
$pconfig['autotls_enable'] = "yes";
$pconfig['duplicate_cn'] = isset($a_server[$id]['duplicate_cn']);
-
+
$pconfig['no_tun_ipv6'] = $a_server[$id]['no_tun_ipv6'];
- if (isset($a_server[$id]['verbosity_level']))
+ if (isset($a_server[$id]['verbosity_level'])) {
$pconfig['verbosity_level'] = $a_server[$id]['verbosity_level'];
- else
+ } else {
$pconfig['verbosity_level'] = 1; // Default verbosity is 1
-
+ }
+
$pconfig['push_register_dns'] = $a_server[$id]['push_register_dns'];
}
}
@@ -223,12 +244,13 @@ if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
- if (isset($id) && $a_server[$id])
+ if (isset($id) && $a_server[$id]) {
$vpnid = $a_server[$id]['vpnid'];
- else
+ } else {
$vpnid = 0;
+ }
- list($iv_iface, $iv_ip) = explode ("|",$pconfig['interface']);
+ list($iv_iface, $iv_ip) = explode ("|", $pconfig['interface']);
if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) {
$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
} elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) {
@@ -239,99 +261,128 @@ if ($_POST) {
$input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
}
- if ($pconfig['mode'] != "p2p_shared_key")
+ if ($pconfig['mode'] != "p2p_shared_key") {
$tls_mode = true;
- else
+ } else {
$tls_mode = false;
+ }
- if (empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user")))
+ if (empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user"))) {
$input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth.");
+ }
/* input validation */
- if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
+ if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4"))
+ if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6"))
+ if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4"))
+ if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6"))
+ if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4"))
+ if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4")) {
$input_errors[] = $result;
+ }
- if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6"))
+ if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6")) {
$input_errors[] = $result;
+ }
$portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid);
- if (($portused != $vpnid) && ($portused != 0))
+ if (($portused != $vpnid) && ($portused != 0)) {
$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
+ }
- if ($pconfig['autokey_enable'])
+ if ($pconfig['autokey_enable']) {
$pconfig['shared_key'] = openvpn_create_key();
+ }
- if (!$tls_mode && !$pconfig['autokey_enable'])
+ if (!$tls_mode && !$pconfig['autokey_enable']) {
if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
- !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
+ !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) {
$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
+ }
+ }
- if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
+ if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) {
if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
- !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
+ !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) {
$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
+ }
+ }
if ($pconfig['dns_server_enable']) {
- if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1'])))
+ if (!empty($pconfig['dns_server1']) && !is_ipaddr(trim($pconfig['dns_server1']))) {
$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
- if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2'])))
+ }
+ if (!empty($pconfig['dns_server2']) && !is_ipaddr(trim($pconfig['dns_server2']))) {
$input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
- if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3'])))
+ }
+ if (!empty($pconfig['dns_server3']) && !is_ipaddr(trim($pconfig['dns_server3']))) {
$input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
- if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4'])))
+ }
+ if (!empty($pconfig['dns_server4']) && !is_ipaddr(trim($pconfig['dns_server4']))) {
$input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
+ }
}
if ($pconfig['ntp_server_enable']) {
- if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1'])))
+ if (!empty($pconfig['ntp_server1']) && !is_ipaddr(trim($pconfig['ntp_server1']))) {
$input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
- if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2'])))
+ }
+ if (!empty($pconfig['ntp_server2']) && !is_ipaddr(trim($pconfig['ntp_server2']))) {
$input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
- if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3'])))
+ }
+ if (!empty($pconfig['ntp_server3']) && !is_ipaddr(trim($pconfig['ntp_server3']))) {
$input_errors[] = gettext("The field 'NTP Server #3' must contain a valid IP address");
- if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4'])))
+ }
+ if (!empty($pconfig['ntp_server4']) && !is_ipaddr(trim($pconfig['ntp_server4']))) {
$input_errors[] = gettext("The field 'NTP Server #4' must contain a valid IP address");
+ }
}
if ($pconfig['netbios_enable']) {
if ($pconfig['wins_server_enable']) {
- if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1'])))
+ if (!empty($pconfig['wins_server1']) && !is_ipaddr(trim($pconfig['wins_server1']))) {
$input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
- if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2'])))
+ }
+ if (!empty($pconfig['wins_server2']) && !is_ipaddr(trim($pconfig['wins_server2']))) {
$input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
+ }
}
- if ($pconfig['nbdd_server_enable'])
- if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1'])))
+ if ($pconfig['nbdd_server_enable']) {
+ if (!empty($pconfig['nbdd_server1']) && !is_ipaddr(trim($pconfig['nbdd_server1']))) {
$input_errors[] = gettext("The field 'NetBIOS Data Distribution Server #1' must contain a valid IP address");
+ }
+ }
}
if ($pconfig['client_mgmt_port_enable']) {
- if ($result = openvpn_validate_port($pconfig['client_mgmt_port'], 'Client management port'))
+ if ($result = openvpn_validate_port($pconfig['client_mgmt_port'], 'Client management port')) {
$input_errors[] = $result;
+ }
}
- if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients']))
+ if ($pconfig['maxclients'] && !is_numeric($pconfig['maxclients'])) {
$input_errors[] = gettext("The field 'Concurrent connections' must be numeric.");
+ }
/* If we are not in shared key mode, then we need the CA/Cert. */
if ($pconfig['mode'] != "p2p_shared_key") {
$reqdfields = explode(" ", "caref certref");
- $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
+ $reqdfieldsn = array(gettext("Certificate Authority"), gettext("Certificate"));
} elseif (!$pconfig['autokey_enable']) {
/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
$reqdfields = array('shared_key');
@@ -342,48 +393,58 @@ if ($_POST) {
$reqdfields[] = 'tunnel_network';
$reqdfieldsn[] = gettext('Tunnel network');
} else {
- if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network'])
+ if ($pconfig['serverbridge_dhcp'] && $pconfig['tunnel_network']) {
$input_errors[] = gettext("Using a tunnel network and server bridge settings together is not allowed.");
- if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end'])
- || (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end']))
+ }
+ if (($pconfig['serverbridge_dhcp_start'] && !$pconfig['serverbridge_dhcp_end']) ||
+ (!$pconfig['serverbridge_dhcp_start'] && $pconfig['serverbridge_dhcp_end'])) {
$input_errors[] = gettext("Server Bridge DHCP Start and End must both be empty, or defined.");
- if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_start'])))
+ }
+ if (($pconfig['serverbridge_dhcp_start'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_start']))) {
$input_errors[] = gettext("Server Bridge DHCP Start must be an IPv4 address.");
- if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_end'])))
+ }
+ if (($pconfig['serverbridge_dhcp_end'] && !is_ipaddrv4($pconfig['serverbridge_dhcp_end']))) {
$input_errors[] = gettext("Server Bridge DHCP End must be an IPv4 address.");
- if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end']))
+ }
+ if (ip2ulong($pconfig['serverbridge_dhcp_start']) > ip2ulong($pconfig['serverbridge_dhcp_end'])) {
$input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end).");
+ }
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
-
+
if (!$input_errors) {
$server = array();
- if ($id && $pconfig['dev_mode'] <> $a_server[$id]['dev_mode'])
+ if ($id && $pconfig['dev_mode'] <> $a_server[$id]['dev_mode']) {
openvpn_delete('server', $a_server[$id]);// delete(rename) old interface so a new TUN or TAP interface can be created.
+ }
- if ($vpnid)
+ if ($vpnid) {
$server['vpnid'] = $vpnid;
- else
+ } else {
$server['vpnid'] = openvpn_vpnid_next();
+ }
- if ($_POST['disable'] == "yes")
+ if ($_POST['disable'] == "yes") {
$server['disable'] = true;
+ }
$server['mode'] = $pconfig['mode'];
- if (!empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user")))
+ if (!empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user"))) {
$server['authmode'] = implode(",", $pconfig['authmode']);
+ }
$server['protocol'] = $pconfig['protocol'];
$server['dev_mode'] = $pconfig['dev_mode'];
- list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']);
+ list($server['interface'], $server['ipaddr']) = explode ("|", $pconfig['interface']);
$server['local_port'] = $pconfig['local_port'];
$server['description'] = $pconfig['description'];
$server['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
if ($tls_mode) {
if ($pconfig['tlsauth_enable']) {
- if ($pconfig['autotls_enable'])
+ if ($pconfig['autotls_enable']) {
$pconfig['tls'] = openvpn_create_key();
+ }
$server['tls'] = base64_encode($pconfig['tls']);
}
$server['caref'] = $pconfig['caref'];
@@ -391,8 +452,9 @@ if ($_POST) {
$server['certref'] = $pconfig['certref'];
$server['dh_length'] = $pconfig['dh_length'];
$server['cert_depth'] = $pconfig['cert_depth'];
- if ($pconfig['mode'] == "server_tls_user")
+ if ($pconfig['mode'] == "server_tls_user") {
$server['strictusercn'] = $pconfig['strictusercn'];
+ }
} else {
$server['shared_key'] = base64_encode($pconfig['shared_key']);
}
@@ -421,8 +483,9 @@ if ($_POST) {
$server['serverbridge_dhcp_start'] = $pconfig['serverbridge_dhcp_start'];
$server['serverbridge_dhcp_end'] = $pconfig['serverbridge_dhcp_end'];
- if ($pconfig['dns_domain_enable'])
+ if ($pconfig['dns_domain_enable']) {
$server['dns_domain'] = $pconfig['dns_domain'];
+ }
if ($pconfig['dns_server_enable']) {
$server['dns_server1'] = $pconfig['dns_server1'];
@@ -431,8 +494,9 @@ if ($_POST) {
$server['dns_server4'] = $pconfig['dns_server4'];
}
- if ($pconfig['push_register_dns'])
+ if ($pconfig['push_register_dns']) {
$server['push_register_dns'] = $pconfig['push_register_dns'];
+ }
if ($pconfig['ntp_server_enable']) {
$server['ntp_server1'] = $pconfig['ntp_server1'];
@@ -442,7 +506,7 @@ if ($_POST) {
$server['netbios_enable'] = $pconfig['netbios_enable'];
$server['netbios_ntype'] = $pconfig['netbios_ntype'];
$server['netbios_scope'] = $pconfig['netbios_scope'];
-
+
$server['no_tun_ipv6'] = $pconfig['no_tun_ipv6'];
$server['verbosity_level'] = $pconfig['verbosity_level'];
@@ -453,29 +517,34 @@ if ($_POST) {
$server['wins_server2'] = $pconfig['wins_server2'];
}
- if ($pconfig['dns_server_enable'])
+ if ($pconfig['dns_server_enable']) {
$server['nbdd_server1'] = $pconfig['nbdd_server1'];
+ }
}
- if ($pconfig['client_mgmt_port_enable'])
+ if ($pconfig['client_mgmt_port_enable']) {
$server['client_mgmt_port'] = $pconfig['client_mgmt_port'];
+ }
- if ($_POST['duplicate_cn'] == "yes")
+ if ($_POST['duplicate_cn'] == "yes") {
$server['duplicate_cn'] = true;
+ }
- if (isset($id) && $a_server[$id])
+ if (isset($id) && $a_server[$id]) {
$a_server[$id] = $server;
- else
+ } else {
$a_server[] = $server;
+ }
openvpn_resync('server', $server);
write_config();
-
+
header("Location: vpn_openvpn_server.php");
exit;
}
- if (!empty($pconfig['authmode']))
+ if (!empty($pconfig['authmode'])) {
$pconfig['authmode'] = implode(",", $pconfig['authmode']);
+ }
}
$pgtitle = array(gettext("OpenVPN"), gettext("Server"));
$shortcut_section = "openvpn";
@@ -492,7 +561,7 @@ include("head.inc");
function mode_change() {
index = document.iform.mode.selectedIndex;
value = document.iform.mode.options[index].value;
- switch(value) {
+ switch (value) {
case "p2p_tls":
case "server_tls":
case "server_user":
@@ -526,7 +595,7 @@ function mode_change() {
document.getElementById("psk").style.display="";
break;
}
- switch(value) {
+ switch (value) {
case "p2p_shared_key":
document.getElementById("client_opts").style.display="none";
document.getElementById("remote_optsv4").style.display="";
@@ -575,19 +644,21 @@ function mode_change() {
function autokey_change() {
- if ((document.iform.autokey_enable != null) && (document.iform.autokey_enable.checked))
+ if ((document.iform.autokey_enable != null) && (document.iform.autokey_enable.checked)) {
document.getElementById("autokey_opts").style.display="none";
- else
+ } else {
document.getElementById("autokey_opts").style.display="";
+ }
}
function tlsauth_change() {
<?php if (!$pconfig['tls']): ?>
- if (document.iform.tlsauth_enable.checked)
+ if (document.iform.tlsauth_enable.checked) {
document.getElementById("tlsauth_opts").style.display="";
- else
+ } else {
document.getElementById("tlsauth_opts").style.display="none";
+ }
<?php endif; ?>
autotls_change();
@@ -601,10 +672,11 @@ function autotls_change() {
autocheck = false;
<?php endif; ?>
- if (document.iform.tlsauth_enable.checked && !autocheck)
+ if (document.iform.tlsauth_enable.checked && !autocheck) {
document.getElementById("autotls_opts").style.display="";
- else
+ } else {
document.getElementById("autotls_opts").style.display="none";
+ }
}
function gwredir_change() {
@@ -620,42 +692,47 @@ function gwredir_change() {
function dns_domain_change() {
- if (document.iform.dns_domain_enable.checked)
+ if (document.iform.dns_domain_enable.checked) {
document.getElementById("dns_domain_data").style.display="";
- else
+ } else {
document.getElementById("dns_domain_data").style.display="none";
+ }
}
function dns_server_change() {
- if (document.iform.dns_server_enable.checked)
+ if (document.iform.dns_server_enable.checked) {
document.getElementById("dns_server_data").style.display="";
- else
+ } else {
document.getElementById("dns_server_data").style.display="none";
+ }
}
function wins_server_change() {
- if (document.iform.wins_server_enable.checked)
+ if (document.iform.wins_server_enable.checked) {
document.getElementById("wins_server_data").style.display="";
- else
+ } else {
document.getElementById("wins_server_data").style.display="none";
+ }
}
function client_mgmt_port_change() {
- if (document.iform.client_mgmt_port_enable.checked)
+ if (document.iform.client_mgmt_port_enable.checked) {
document.getElementById("client_mgmt_port_data").style.display="";
- else
+ } else {
document.getElementById("client_mgmt_port_data").style.display="none";
+ }
}
function ntp_server_change() {
- if (document.iform.ntp_server_enable.checked)
+ if (document.iform.ntp_server_enable.checked) {
document.getElementById("ntp_server_data").style.display="";
- else
+ } else {
document.getElementById("ntp_server_data").style.display="none";
+ }
}
function netbios_change() {
@@ -674,7 +751,7 @@ function tuntap_change() {
mindex = document.iform.mode.selectedIndex;
mvalue = document.iform.mode.options[mindex].value;
- switch(mvalue) {
+ switch( mvalue) {
case "p2p_tls":
case "p2p_shared_key":
p2p = true;
@@ -686,7 +763,7 @@ function tuntap_change() {
index = document.iform.dev_mode.selectedIndex;
value = document.iform.dev_mode.options[index].value;
- switch(value) {
+ switch (value) {
case "tun":
document.getElementById("chkboxNoTunIPv6").style.display="";
document.getElementById("ipv4_tunnel_network").className="vncellreq";
@@ -728,18 +805,21 @@ function tuntap_change() {
//]]>
</script>
<?php
-if (!$savemsg)
+if (!$savemsg) {
$savemsg = "";
+}
-if ($input_errors)
+if ($input_errors) {
print_input_errors($input_errors);
-if ($savemsg)
+}
+if ($savemsg) {
print_info_box_np($savemsg);
+}
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn server">
<tr>
<td class="tabnavtbl">
- <?php
+ <?php
$tab_array = array();
$tab_array[] = array(gettext("Server"), true, "vpn_openvpn_server.php");
$tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php");
@@ -749,11 +829,11 @@ if ($savemsg)
display_top_tabs($tab_array);
?>
</td>
- </tr>
+ </tr>
<tr>
<td class="tabcont">
- <?php if($act=="new" || $act=="edit"): ?>
+ <?php if ($act=="new" || $act=="edit"): ?>
<form action="vpn_openvpn_server.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="general information">
@@ -766,7 +846,7 @@ if ($savemsg)
<table border="0" cellpadding="0" cellspacing="0" summary="enable disable server">
<tr>
<td>
- <?php set_checked($pconfig['disable'],$chk); ?>
+ <?php set_checked($pconfig['disable'], $chk); ?>
<input name="disable" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -782,13 +862,14 @@ if ($savemsg)
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<select name='mode' id='mode' class="formselect" onchange='mode_change(); tuntap_change()'>
<?php
foreach ($openvpn_server_modes as $name => $desc):
$selected = "";
- if ($pconfig['mode'] == $name)
+ if ($pconfig['mode'] == $name) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
<?php endforeach; ?>
@@ -803,13 +884,15 @@ if ($savemsg)
$authmodes = explode(",", $pconfig['authmode']);
$auth_servers = auth_get_authserver_list();
// If no authmodes set then default to selecting the first entry in auth_servers
- if (empty($authmodes[0]) && !empty(key($auth_servers)))
+ if (empty($authmodes[0]) && !empty(key($auth_servers))) {
$authmodes[0] = key($auth_servers);
+ }
foreach ($auth_servers as $auth_server_key => $auth_server):
$selected = "";
- if (in_array($auth_server_key, $authmodes))
+ if (in_array($auth_server_key, $authmodes)) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$auth_server_key;?>" <?=$selected;?>><?=$auth_server['name'];?></option>
<?php endforeach; ?>
@@ -818,13 +901,14 @@ if ($savemsg)
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<select name='protocol' class="formselect">
<?php
foreach ($openvpn_prots as $prot):
$selected = "";
- if ($pconfig['protocol'] == $prot)
+ if ($pconfig['protocol'] == $prot) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
<?php endforeach; ?>
@@ -839,11 +923,13 @@ if ($savemsg)
foreach ($openvpn_dev_mode as $device):
$selected = "";
if (! empty($pconfig['dev_mode'])) {
- if ($pconfig['dev_mode'] == $device)
+ if ($pconfig['dev_mode'] == $device) {
$selected = "selected=\"selected\"";
+ }
} else {
- if ($device == "tun")
+ if ($device == "tun") {
$selected = "selected=\"selected\"";
+ }
}
?>
<option value="<?=$device;?>" <?=$selected;?>><?=$device;?></option>
@@ -858,27 +944,32 @@ if ($savemsg)
<?php
$interfaces = get_configured_interface_with_descr();
$carplist = get_configured_carp_interface_list();
- foreach ($carplist as $cif => $carpip)
+ foreach ($carplist as $cif => $carpip) {
$interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
+ }
$aliaslist = get_configured_ip_aliases_list();
- foreach ($aliaslist as $aliasip => $aliasif)
+ foreach ($aliaslist as $aliasip => $aliasif) {
$interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
+ }
$grouplist = return_gateway_groups_array();
foreach ($grouplist as $name => $group) {
- if($group['ipprotocol'] != inet)
+ if ($group['ipprotocol'] != inet) {
continue;
- if($group[0]['vip'] <> "")
+ }
+ if ($group[0]['vip'] <> "") {
$vipif = $group[0]['vip'];
- else
+ } else {
$vipif = $group[0]['int'];
+ }
$interfaces[$name] = "GW Group {$name}";
}
$interfaces['lo0'] = "Localhost";
$interfaces['any'] = "any";
foreach ($interfaces as $iface => $ifacename):
$selected = "";
- if ($iface == $pconfig['interface'])
+ if ($iface == $pconfig['interface']) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$iface;?>" <?=$selected;?>>
<?=htmlspecialchars($ifacename);?>
@@ -893,9 +984,9 @@ if ($savemsg)
<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>" />
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>" />
<br />
<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
@@ -913,7 +1004,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="tls authentication">
<tr>
<td>
- <?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
+ <?php set_checked($pconfig['tlsauth_enable'], $chk); ?>
<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onclick="tlsauth_change()" />
</td>
<td>
@@ -927,7 +1018,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" id="tlsauth_opts" summary="tls authentication options">
<tr>
<td>
- <?php set_checked($pconfig['autotls_enable'],$chk); ?>
+ <?php set_checked($pconfig['autotls_enable'], $chk); ?>
<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autotls_change()" />
</td>
<td>
@@ -951,26 +1042,27 @@ if ($savemsg)
</tr>
<tr id="tls_ca">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<?php if (count($a_ca)): ?>
<select name='caref' class="formselect">
<?php
foreach ($a_ca as $ca):
$selected = "";
- if ($pconfig['caref'] == $ca['refid'])
+ if ($pconfig['caref'] == $ca['refid']) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
<?php endforeach; ?>
</select>
<?php else: ?>
- <b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System &gt; Cert Manager</a>.
+ <b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System &gt; Cert Manager</a>.
<?php endif; ?>
- </td>
+ </td>
</tr>
<tr id="tls_crl">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Revocation List"); ?></td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<?php if (count($a_crl)): ?>
<select name='crlref' class="formselect">
<option value="">None</option>
@@ -981,21 +1073,22 @@ if ($savemsg)
$ca = lookup_ca($crl['caref']);
if ($ca) {
$caname = " (CA: {$ca['descr']})";
- if ($pconfig['crlref'] == $crl['refid'])
+ if ($pconfig['crlref'] == $crl['refid']) {
$selected = "selected=\"selected\"";
+ }
}
?>
<option value="<?=$crl['refid'];?>" <?=$selected;?>><?=$crl['descr'] . $caname;?></option>
<?php endforeach; ?>
</select>
<?php else: ?>
- <b>No Certificate Revocation Lists (CRLs) defined.</b> <br />Create one under <a href="system_crlmanager.php">System &gt; Cert Manager</a>.
+ <b>No Certificate Revocation Lists (CRLs) defined.</b> <br />Create one under <a href="system_crlmanager.php">System &gt; Cert Manager</a>.
<?php endif; ?>
- </td>
+ </td>
</tr>
<tr id="tls_cert">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Certificate"); ?></td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<?php if (count($a_cert)): ?>
<select name='certref' class="formselect">
<?php
@@ -1005,20 +1098,24 @@ if ($savemsg)
$inuse = "";
$revoked = "";
$ca = lookup_ca($cert['caref']);
- if ($ca)
+ if ($ca) {
$caname = " (CA: {$ca['descr']})";
- if ($pconfig['certref'] == $cert['refid'])
+ }
+ if ($pconfig['certref'] == $cert['refid']) {
$selected = "selected=\"selected\"";
- if (cert_in_use($cert['refid']))
+ }
+ if (cert_in_use($cert['refid'])) {
$inuse = " *In Use";
- if (is_cert_revoked($cert))
- $revoked = " *Revoked";
+ }
+ if (is_cert_revoked($cert)) {
+ $revoked = " *Revoked";
+ }
?>
<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
<?php endforeach; ?>
</select>
<?php else: ?>
- <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System &gt; Cert Manager</a>.
+ <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System &gt; Cert Manager</a>.
<?php endif; ?>
</td>
</tr>
@@ -1029,8 +1126,9 @@ if ($savemsg)
<?php
foreach ($openvpn_dh_lengths as $length):
$selected = "";
- if ($length == $pconfig['dh_length'])
+ if ($length == $pconfig['dh_length']) {
$selected = " selected=\"selected\"";
+ }
?>
<option<?=$selected?>><?=$length;?></option>
<?php endforeach; ?>
@@ -1047,7 +1145,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="shared key">
<tr>
<td>
- <?php set_checked($pconfig['autokey_enable'],$chk); ?>
+ <?php set_checked($pconfig['autokey_enable'], $chk); ?>
<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onclick="autokey_change()" />
</td>
<td>
@@ -1077,8 +1175,9 @@ if ($savemsg)
$cipherlist = openvpn_get_cipherlist();
foreach ($cipherlist as $name => $desc):
$selected = "";
- if ($name == $pconfig['crypto'])
+ if ($name == $pconfig['crypto']) {
$selected = " selected=\"selected\"";
+ }
?>
<option value="<?=$name;?>"<?=$selected?>>
<?=htmlspecialchars($desc);?>
@@ -1095,8 +1194,9 @@ if ($savemsg)
$digestlist = openvpn_get_digestlist();
foreach ($digestlist as $name => $desc):
$selected = "";
- if ($name == $pconfig['digest'])
+ if ($name == $pconfig['digest']) {
$selected = " selected=\"selected\"";
+ }
?>
<option value="<?=$name;?>"<?=$selected?>>
<?=htmlspecialchars($desc);?>
@@ -1114,8 +1214,9 @@ if ($savemsg)
$engines = openvpn_get_engines();
foreach ($engines as $name => $desc):
$selected = "";
- if ($name == $pconfig['engine'])
+ if ($name == $pconfig['engine']) {
$selected = " selected=\"selected\"";
+ }
?>
<option value="<?=$name;?>"<?=$selected?>>
<?=htmlspecialchars($desc);?>
@@ -1128,24 +1229,29 @@ if ($savemsg)
<td width="22%" valign="top" class="vncell"><?=gettext("Certificate Depth"); ?></td>
<td width="78%" class="vtable">
<table border="0" cellpadding="2" cellspacing="0" summary="certificate depth">
- <tr><td>
- <select name="cert_depth" class="formselect">
- <option value="">Do Not Check</option>
- <?php
- foreach ($openvpn_cert_depths as $depth => $depthdesc):
- $selected = "";
- if ($depth == $pconfig['cert_depth'])
- $selected = " selected=\"selected\"";
- ?>
- <option value="<?= $depth ?>" <?= $selected ?>><?= $depthdesc ?></option>
- <?php endforeach; ?>
- </select>
- </td></tr>
- <tr><td>
- <span class="vexpl">
- <?=gettext("When a certificate-based client logs in, do not accept certificates below this depth. Useful for denying certificates made with intermediate CAs generated from the same CA as the server."); ?>
- </span>
- </td></tr>
+ <tr>
+ <td>
+ <select name="cert_depth" class="formselect">
+ <option value="">Do Not Check</option>
+ <?php
+ foreach ($openvpn_cert_depths as $depth => $depthdesc):
+ $selected = "";
+ if ($depth == $pconfig['cert_depth']) {
+ $selected = " selected=\"selected\"";
+ }
+ ?>
+ <option value="<?= $depth ?>" <?= $selected ?>><?= $depthdesc ?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <span class="vexpl">
+ <?=gettext("When a certificate-based client logs in, do not accept certificates below this depth. Useful for denying certificates made with intermediate CAs generated from the same CA as the server."); ?>
+ </span>
+ </td>
+ </tr>
</table>
</td>
</tr>
@@ -1155,7 +1261,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="strict user/cn matching">
<tr>
<td>
- <?php set_checked($pconfig['strictusercn'],$chk); ?>
+ <?php set_checked($pconfig['strictusercn'], $chk); ?>
<input name="strictusercn" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -1207,7 +1313,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="bridge dhcp">
<tr>
<td>
- <?php set_checked($pconfig['serverbridge_dhcp'],$chk); ?>
+ <?php set_checked($pconfig['serverbridge_dhcp'], $chk); ?>
<input name="serverbridge_dhcp" type="checkbox" value="yes" <?=$chk;?> onchange="tuntap_change()" />
</td>
<td>
@@ -1227,15 +1333,18 @@ if ($savemsg)
$serverbridge_interface['none'] = "none";
$serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr());
$carplist = get_configured_carp_interface_list();
- foreach ($carplist as $cif => $carpip)
+ foreach ($carplist as $cif => $carpip) {
$serverbridge_interface[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
+ }
$aliaslist = get_configured_ip_aliases_list();
- foreach ($aliaslist as $aliasip => $aliasif)
+ foreach ($aliaslist as $aliasip => $aliasif) {
$serverbridge_interface[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
+ }
foreach ($serverbridge_interface as $iface => $ifacename):
$selected = "";
- if ($iface == $pconfig['serverbridge_interface'])
+ if ($iface == $pconfig['serverbridge_interface']) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$iface;?>" <?=$selected;?>>
<?=htmlspecialchars($ifacename);?>
@@ -1276,7 +1385,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="redirect gateway">
<tr>
<td>
- <?php set_checked($pconfig['gwredir'],$chk); ?>
+ <?php set_checked($pconfig['gwredir'], $chk); ?>
<input name="gwredir" type="checkbox" value="yes" <?=$chk;?> onclick="gwredir_change()" />
</td>
<td>
@@ -1357,8 +1466,9 @@ if ($savemsg)
<?php
foreach ($openvpn_compression_modes as $cmode => $cmodedesc):
$selected = "";
- if ($cmode == $pconfig['compression'])
+ if ($cmode == $pconfig['compression']) {
$selected = " selected=\"selected\"";
+ }
?>
<option value="<?= $cmode ?>" <?= $selected ?>><?= $cmodedesc ?></option>
<?php endforeach; ?>
@@ -1373,7 +1483,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="type-of-service">
<tr>
<td>
- <?php set_checked($pconfig['passtos'],$chk); ?>
+ <?php set_checked($pconfig['passtos'], $chk); ?>
<input name="passtos" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -1391,7 +1501,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="inter-client communication">
<tr>
<td>
- <?php set_checked($pconfig['client2client'],$chk); ?>
+ <?php set_checked($pconfig['client2client'], $chk); ?>
<input name="client2client" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -1409,7 +1519,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="duplicate connection">
<tr>
<td>
- <?php set_checked($pconfig['duplicate_cn'],$chk); ?>
+ <?php set_checked($pconfig['duplicate_cn'], $chk); ?>
<input name="duplicate_cn" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -1428,7 +1538,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="disable-ipv6-srv">
<tr>
<td>
- <?php set_checked($pconfig['no_tun_ipv6'],$chk); ?>
+ <?php set_checked($pconfig['no_tun_ipv6'], $chk); ?>
<input name="no_tun_ipv6" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -1456,7 +1566,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="dynamic ip">
<tr>
<td>
- <?php set_checked($pconfig['dynamic_ip'],$chk); ?>
+ <?php set_checked($pconfig['dynamic_ip'], $chk); ?>
<input name="dynamic_ip" type="checkbox" id="dynamic_ip" value="yes" <?=$chk;?> />
</td>
<td>
@@ -1474,7 +1584,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="address pool">
<tr>
<td>
- <?php set_checked($pconfig['pool_enable'],$chk); ?>
+ <?php set_checked($pconfig['pool_enable'], $chk); ?>
<input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?> />
</td>
<td>
@@ -1492,7 +1602,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="topology">
<tr>
<td>
- <?php set_checked($pconfig['topology_subnet'],$chk); ?>
+ <?php set_checked($pconfig['topology_subnet'], $chk); ?>
<input name="topology_subnet" type="checkbox" id="topology_subnet" value="yes" <?=$chk;?> />
</td>
<td>
@@ -1517,12 +1627,12 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="dns default domain">
<tr>
<td>
- <?php set_checked($pconfig['dns_domain_enable'],$chk); ?>
+ <?php set_checked($pconfig['dns_domain_enable'], $chk); ?>
<input name="dns_domain_enable" type="checkbox" id="dns_domain_enable" value="yes" <?=$chk;?> onclick="dns_domain_change()" />
</td>
<td>
<span class="vexpl">
- <?=gettext("Provide a default domain name to clients"); ?><br />
+ <?=gettext("Provide a default domain name to clients"); ?><br />
</span>
</td>
</tr>
@@ -1542,7 +1652,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="dns servers">
<tr>
<td>
- <?php set_checked($pconfig['dns_server_enable'],$chk); ?>
+ <?php set_checked($pconfig['dns_server_enable'], $chk); ?>
<input name="dns_server_enable" type="checkbox" id="dns_server_enable" value="yes" <?=$chk;?> onclick="dns_server_change()" />
</td>
<td>
@@ -1595,7 +1705,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="push register dns">
<tr>
<td>
- <?php set_checked($pconfig['push_register_dns'],$chk); ?>
+ <?php set_checked($pconfig['push_register_dns'], $chk); ?>
<input name="push_register_dns" type="checkbox" value="yes" <?=$chk;?> />
</td>
<td>
@@ -1614,7 +1724,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="ntp servers">
<tr>
<td>
- <?php set_checked($pconfig['ntp_server_enable'],$chk); ?>
+ <?php set_checked($pconfig['ntp_server_enable'], $chk); ?>
<input name="ntp_server_enable" type="checkbox" id="ntp_server_enable" value="yes" <?=$chk;?> onclick="ntp_server_change()" />
</td>
<td>
@@ -1650,7 +1760,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="netboios options">
<tr>
<td>
- <?php set_checked($pconfig['netbios_enable'],$chk); ?>
+ <?php set_checked($pconfig['netbios_enable'], $chk); ?>
<input name="netbios_enable" type="checkbox" id="netbios_enable" value="yes" <?=$chk;?> onclick="netbios_change()" />
</td>
<td>
@@ -1673,8 +1783,9 @@ if ($savemsg)
<?php
foreach ($netbios_nodetypes as $type => $name):
$selected = "";
- if ($pconfig['netbios_ntype'] == $type)
+ if ($pconfig['netbios_ntype'] == $type) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$type;?>" <?=$selected;?>><?=$name;?></option>
<?php endforeach; ?>
@@ -1710,7 +1821,7 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="wins servers">
<tr>
<td>
- <?php set_checked($pconfig['wins_server_enable'],$chk); ?>
+ <?php set_checked($pconfig['wins_server_enable'], $chk); ?>
<input name="wins_server_enable" type="checkbox" id="wins_server_enable" value="yes" <?=$chk;?> onclick="wins_server_change()" />
</td>
<td>
@@ -1746,12 +1857,12 @@ if ($savemsg)
<table border="0" cellpadding="2" cellspacing="0" summary="client management port">
<tr>
<td>
- <?php set_checked($pconfig['client_mgmt_port_enable'],$chk); ?>
+ <?php set_checked($pconfig['client_mgmt_port_enable'], $chk); ?>
<input name="client_mgmt_port_enable" type="checkbox" id="client_mgmt_port_enable" value="yes" <?=$chk;?> onclick="client_mgmt_port_change()" />
</td>
<td>
<span class="vexpl">
- <?=gettext("Use a different management port on clients. The default port is 166. Specify a different port if the client machines need to select from multiple OpenVPN links."); ?><br />
+ <?=gettext("Use a different management port on clients. The default port is 166. Specify a different port if the client machines need to select from multiple OpenVPN links."); ?><br />
</span>
</td>
</tr>
@@ -1796,8 +1907,9 @@ if ($savemsg)
<?php
foreach ($openvpn_verbosity_level as $verb_value => $verb_desc):
$selected = "";
- if ($pconfig['verbosity_level'] == $verb_value)
+ if ($pconfig['verbosity_level'] == $verb_value) {
$selected = "selected=\"selected\"";
+ }
?>
<option value="<?=$verb_value;?>" <?=$selected;?>><?=$verb_desc;?></option>
<?php endforeach; ?>
@@ -1817,8 +1929,8 @@ if ($savemsg)
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="icons">
<tr>
<td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
+ <td width="78%">
+ <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
<input name="act" type="hidden" value="<?=$act;?>" />
<?php if (isset($id) && $a_server[$id]): ?>
<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
@@ -1852,10 +1964,11 @@ if ($savemsg)
<tbody>
<?php
$i = 0;
- foreach($a_server as $server):
+ foreach ($a_server as $server):
$disabled = "NO";
- if (isset($server['disable']))
+ if (isset($server['disable'])) {
$disabled = "YES";
+ }
?>
<tr>
<td class="listlr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&amp;id=<?=$i;?>'">
@@ -1882,7 +1995,7 @@ if ($savemsg)
</td>
</tr>
<?php
- $i++;
+ $i++;
endforeach;
?>
<tr style="display:none;"><td></td></tr>
@@ -1919,10 +2032,11 @@ tuntap_change();
/* local utility functions */
function set_checked($var,& $chk) {
- if($var)
+ if ($var) {
$chk = "checked=\"checked\"";
- else
+ } else {
$chk = "";
+ }
}
?>
OpenPOWER on IntegriCloud