summaryrefslogtreecommitdiffstats
path: root/usr
diff options
context:
space:
mode:
Diffstat (limited to 'usr')
-rwxr-xr-xusr/local/www/vpn_ipsec.php120
-rwxr-xr-xusr/local/www/vpn_ipsec_ca.php93
-rwxr-xr-xusr/local/www/vpn_ipsec_ca_edit.php127
-rwxr-xr-xusr/local/www/vpn_ipsec_edit.php372
-rwxr-xr-xusr/local/www/vpn_ipsec_keys.php55
-rwxr-xr-xusr/local/www/vpn_ipsec_keys_edit.php22
-rwxr-xr-xusr/local/www/vpn_ipsec_mobile.php118
-rwxr-xr-xusr/local/www/vpn_openvpn.php106
-rwxr-xr-xusr/local/www/vpn_openvpn_cli.php44
-rwxr-xr-xusr/local/www/vpn_openvpn_cli_edit.php16
-rwxr-xr-xusr/local/www/vpn_pptp.php212
-rwxr-xr-xusr/local/www/vpn_pptp_users.php54
-rwxr-xr-xusr/local/www/vpn_pptp_users_edit.php24
13 files changed, 743 insertions, 620 deletions
diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php
index 4cfbfaa..9a52898 100755
--- a/usr/local/www/vpn_ipsec.php
+++ b/usr/local/www/vpn_ipsec.php
@@ -1,25 +1,22 @@
#!/usr/local/bin/php
<?php
-/* $Id$ */
/*
vpn_ipsec.php
- Copyright (C) 2004 Scott Ullrich
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
All rights reserved.
-
- originally part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -32,16 +29,16 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "IPsec");
require("guiconfig.inc");
if (!is_array($config['ipsec']['tunnel'])) {
$config['ipsec']['tunnel'] = array();
}
$a_ipsec = &$config['ipsec']['tunnel'];
+$wancfg = &$config['interfaces']['wan'];
$pconfig['enable'] = isset($config['ipsec']['enable']);
-$pconfig['preferredoldsa'] = isset($config['ipsec']['preferredoldsa']);
-$pconfig['ipcomp'] = isset($config['ipsec']['ipcomp']);
if ($_POST) {
@@ -56,15 +53,11 @@ if ($_POST) {
}
} else if ($_POST['submit']) {
$pconfig = $_POST;
-
+
$config['ipsec']['enable'] = $_POST['enable'] ? true : false;
- $config['ipsec']['preferredoldsa'] = $_POST['preferredoldsa'] ? true : false;
- $config['ipsec']['ipcomp'] = $_POST['ipcomp'] ? true : false;
- if($_POST['interface'] <> "")
- $config['ipsec']['interface'] = $_POST['interface'];
-
+
write_config();
-
+
$retval = 0;
if (!file_exists($d_sysrebootreqd_path)) {
config_lock();
@@ -89,17 +82,7 @@ if ($_GET['act'] == "del") {
}
}
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title><?=gentitle("VPN: IPsec");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: IPsec</p>
<form action="vpn_ipsec.php" method="post">
<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_ipsecconfdirty_path)): ?><p>
@@ -107,35 +90,24 @@ if ($_GET['act'] == "del") {
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
+ <tr><td class="tabnavtbl">
<ul id="tabnav">
<li class="tabact">Tunnels</li>
<li class="tabinact"><a href="vpn_ipsec_mobile.php">Mobile clients</a></li>
<li class="tabinact"><a href="vpn_ipsec_keys.php">Pre-shared keys</a></li>
+ <li class="tabinact"><a href="vpn_ipsec_ca.php">CAs</a></li>
</ul>
</td></tr>
- <tr>
+ <tr>
<td class="tabcont">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td class="vtable"><p><span class="vexpl"> </span>
- <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked";?>>
- <strong>Enable IPsec<br>
- </strong></p>
- </td>
- <td class="vtable"><p><span class="vexpl"> </span>
- <input name="preferredoldsa" type="checkbox" id="preferredoldsa" value="yes" <?php if ($pconfig['preferredoldsa'] == "yes") echo "checked";?>>
- <strong>Prefer newer SA's.<br>
- </strong></p>
- </td>
- <td class="vtable"><p><span class="vexpl"> </span>
- <input name="ipcomp" type="checkbox" id="ipcomp" value="yes" <?php if ($pconfig['ipcomp'] == "yes") echo "checked";?>>
- <strong>Enable VPN IP Compression<br>
- </strong></p>
- </td>
- </tr>
- <tr>
- <td> <input name="submit" type="submit" class="formbtn" value="Save">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="vtable">
+ <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked";?>>
+ <strong>Enable IPsec</strong></td>
+ </tr>
+ <tr>
+ <td> <input name="submit" type="submit" class="formbtn" value="Save">
</td>
</tr>
</table>
@@ -160,7 +132,7 @@ if ($_GET['act'] == "del") {
}
?>
<tr valign="top">
- <td nowrap class="listlr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>';"><?=$spans;?>
+ <td nowrap class="listlr"><?=$spans;?>
<?php if ($ipsecent['local-subnet']['network'])
echo strtoupper($ipsecent['local-subnet']['network']);
else
@@ -169,7 +141,7 @@ if ($_GET['act'] == "del") {
<br>
<?=$ipsecent['remote-subnet'];?>
<?=$spane;?></td>
- <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>';"><?=$spans;?>
+ <td class="listr"><?=$spans;?>
<?php if ($ipsecent['interface']) {
$iflabels = array('lan' => 'LAN', 'wan' => 'WAN');
for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++)
@@ -177,47 +149,33 @@ if ($_GET['act'] == "del") {
$if = htmlspecialchars($iflabels[$ipsecent['interface']]);
} else
$if = "WAN";
-
+
echo $if . "<br>" . $ipsecent['remote-gateway'];
?>
<?=$spane;?></td>
- <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>';"><?=$spans;?>
+ <td class="listr"><?=$spans;?>
<?=$ipsecent['p1']['mode'];?>
<?=$spane;?></td>
- <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>';"><?=$spans;?>
+ <td class="listr"><?=$spans;?>
<?=$p1_ealgos[$ipsecent['p1']['encryption-algorithm']];?>
<?=$spane;?></td>
- <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>';"><?=$spans;?>
+ <td class="listr"><?=$spans;?>
<?=$p1_halgos[$ipsecent['p1']['hash-algorithm']];?>
<?=$spane;?></td>
- <td class="listbg" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>';"><?=$spans;?>
- <font color="#FFFFFF"><?=htmlspecialchars($ipsecent['descr']);?>&nbsp;
+ <td class="listbg"><?=$spans;?>
+ <?=htmlspecialchars($ipsecent['descr']);?>&nbsp;
<?=$spane;?></td>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="vpn_ipsec_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a></td>
- <td valign="middle"><a href="vpn_ipsec.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this tunnel?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $i++; endforeach; ?>
- <tr>
+ <td valign="middle" nowrap class="list"> <a href="vpn_ipsec_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit tunnel" width="17" height="17" border="0"></a>
+ &nbsp;<a href="vpn_ipsec.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this tunnel?')"><img src="x.gif" title="delete tunnel" width="17" height="17" border="0"></a></td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
<td class="list" colspan="6"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="vpn_ipsec_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
+ <td class="list"> <a href="vpn_ipsec_edit.php"><img src="plus.gif" title="add tunnel" width="17" height="17" border="0"></a></td>
+ </tr>
</table>
- </td>
+ </td>
</tr>
</table>
</form>
<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/vpn_ipsec_ca.php b/usr/local/www/vpn_ipsec_ca.php
new file mode 100755
index 0000000..bb54ac7
--- /dev/null
+++ b/usr/local/www/vpn_ipsec_ca.php
@@ -0,0 +1,93 @@
+#!/usr/local/bin/php
+<?php
+/*
+ vpn_ipsec_ca.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$pgtitle = array("VPN", "IPsec");
+require("guiconfig.inc");
+
+if (!is_array($config['ipsec']['cacert'])) {
+ $config['ipsec']['cacert'] = array();
+}
+ipsec_ca_sort();
+$a_secret = &$config['ipsec']['cacert'];
+
+if ($_GET['act'] == "del") {
+ if ($a_secret[$_GET['id']]) {
+ unset($a_secret[$_GET['id']]);
+ write_config();
+ touch($d_ipsecconfdirty_path);
+ header("Location: vpn_ipsec_ca.php");
+ exit;
+ }
+}
+
+?>
+<?php include("fbegin.inc"); ?>
+<form action="vpn_ipsec.php" method="post">
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_ipsecconfdirty_path)): ?><p>
+<?php print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
+<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
+<?php endif; ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="vpn_ipsec.php">Tunnels</a></li>
+ <li class="tabinact"><a href="vpn_ipsec_mobile.php">Mobile clients</a></li>
+ <li class="tabinact"><a href="vpn_ipsec_keys.php">Pre-shared keys</a></li>
+ <li class="tabact">CAs</li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="80%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="listhdrr">Identifier</td>
+ <td class="list"></td>
+ </tr>
+ <?php $i = 0; foreach ($a_secret as $secretent): ?>
+ <tr>
+ <td class="listlr">
+ <?=htmlspecialchars($secretent['ident']);?>
+ </td>
+ <td class="list" nowrap> <a href="vpn_ipsec_ca_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit certificate" width="17" height="17" border="0"></a>
+ &nbsp;<a href="vpn_ipsec_ca.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this certificate?')"><img src="x.gif" title="delete certificate" width="17" height="17" border="0"></a></td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list"></td>
+ <td class="list"> <a href="vpn_ipsec_ca_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+</form>
+<?php include("fend.inc"); ?>
diff --git a/usr/local/www/vpn_ipsec_ca_edit.php b/usr/local/www/vpn_ipsec_ca_edit.php
new file mode 100755
index 0000000..687d340
--- /dev/null
+++ b/usr/local/www/vpn_ipsec_ca_edit.php
@@ -0,0 +1,127 @@
+#!/usr/local/bin/php
+<?php
+/*
+ vpn_ipsec_ca_edit.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$pgtitle = array("VPN", "IPsec", "Edit CA certificate");
+require("guiconfig.inc");
+
+if (!is_array($config['ipsec']['cacert'])) {
+ $config['ipsec']['cacert'] = array();
+}
+ipsec_ca_sort();
+$a_secret = &$config['ipsec']['cacert'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if (isset($id) && $a_secret[$id]) {
+ $pconfig['ident'] = $a_secret[$id]['ident'];
+ $pconfig['cert'] = base64_decode($a_secret[$id]['cert']);
+}
+
+if ($_POST) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "ident cert");
+ $reqdfieldsn = explode(",", "Identifier,CA Certificate");
+ if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))
+ $input_errors[] = "This certificate does not appear to be valid.";
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident']))
+ $input_errors[] = "The identifier contains invalid characters.";
+
+ if (!$input_errors && !(isset($id) && $a_secret[$id])) {
+ /* make sure there are no dupes */
+ foreach ($a_secret as $secretent) {
+ if ($secretent['ident'] == $_POST['ident']) {
+ $input_errors[] = "Another entry with the same identifier already exists.";
+ break;
+ }
+ }
+ }
+
+ if (!$input_errors) {
+
+ if (isset($id) && $a_secret[$id])
+ $secretent = $a_secret[$id];
+
+ $secretent['ident'] = $_POST['ident'];
+ $secretent['cert'] = base64_encode($_POST['cert']);
+
+ if (isset($id) && $a_secret[$id])
+ $a_secret[$id] = $secretent;
+ else
+ $a_secret[] = $secretent;
+
+ write_config();
+ touch($d_ipsecconfdirty_path);
+
+ header("Location: vpn_ipsec_ca.php");
+ exit;
+ }
+}
+?>
+<?php include("fbegin.inc"); ?>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+ <form action="vpn_ipsec_ca_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td valign="top" class="vncellreq">Identifier</td>
+ <td class="vtable">
+ <input name="ident" type="text" class="formfld" id="ident" size="30" value="<?=$pconfig['ident'];?>">
+ <br>
+This can be any text to describe the certificate authority.
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Certificate</td>
+ <td width="78%" class="vtable">
+ <textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
+ <br>
+ Paste a CA certificate in X.509 PEM format here.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id) && $a_secret[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+</form>
+<?php include("fend.inc"); ?>
diff --git a/usr/local/www/vpn_ipsec_edit.php b/usr/local/www/vpn_ipsec_edit.php
index b40b228..3bd98bd 100755
--- a/usr/local/www/vpn_ipsec_edit.php
+++ b/usr/local/www/vpn_ipsec_edit.php
@@ -1,25 +1,22 @@
#!/usr/local/bin/php
<?php
-/* $Id$ */
/*
vpn_ipsec_edit.php
- Copyright (C) 2004 Scott Ullrich
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
All rights reserved.
-
- originally part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -32,6 +29,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "IPsec", "Edit tunnel");
require("guiconfig.inc");
if (!is_array($config['ipsec']['tunnel'])) {
@@ -44,26 +42,58 @@ $specialsrcdst = explode(" ", "lan");
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
+
+function is_specialnet($net) {
+ global $specialsrcdst;
+
+ if (in_array($net, $specialsrcdst))
+ return true;
+ else
+ return false;
+}
+
+function address_to_pconfig($adr, &$padr, &$pmask) {
+
+ if ($adr['network'])
+ $padr = $adr['network'];
+ else if ($adr['address']) {
+ list($padr, $pmask) = explode("/", $adr['address']);
+ if (is_null($pmask))
+ $pmask = 32;
+ }
+}
+
+function pconfig_to_address(&$adr, $padr, $pmask) {
+
+ $adr = array();
+
+ if (is_specialnet($padr))
+ $adr['network'] = $padr;
+ else {
+ $adr['address'] = $padr;
+ if ($pmask != 32)
+ $adr['address'] .= "/" . $pmask;
+ }
+}
if (isset($id) && $a_ipsec[$id]) {
$pconfig['disabled'] = isset($a_ipsec[$id]['disabled']);
- $pconfig['auto'] = isset($a_ipsec[$id]['auto']);
- $pconfig['creategif'] = $a_filter[$id]['creategif'];
+ //$pconfig['auto'] = isset($a_ipsec[$id]['auto']);
if (!isset($a_ipsec[$id]['local-subnet']))
$pconfig['localnet'] = "lan";
else
- address_to_pconfig($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask'], $none, $none, $none);
-
+ address_to_pconfig($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']);
+
if ($a_ipsec[$id]['interface'])
$pconfig['interface'] = $a_ipsec[$id]['interface'];
else
$pconfig['interface'] = "wan";
-
+
list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']);
$pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway'];
$pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode'];
-
+
if (isset($a_ipsec[$id]['p1']['myident']['myaddress']))
$pconfig['p1myidentt'] = 'myaddress';
else if (isset($a_ipsec[$id]['p1']['myident']['address'])) {
@@ -76,25 +106,30 @@ if (isset($id) && $a_ipsec[$id]) {
$pconfig['p1myidentt'] = 'user_fqdn';
$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
}
-
+
$pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
$pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
$pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
+ $pconfig['p1authentication_method'] = $a_ipsec[$id]['p1']['authentication_method'];
$pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
+ $pconfig['p1cert'] = base64_decode($a_ipsec[$id]['p1']['cert']);
+ $pconfig['p1peercert'] = base64_decode($a_ipsec[$id]['p1']['peercert']);
+ $pconfig['p1privatekey'] = base64_decode($a_ipsec[$id]['p1']['private-key']);
$pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
$pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
$pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
$pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup'];
$pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime'];
$pconfig['descr'] = $a_ipsec[$id]['descr'];
-
+
} else {
/* defaults */
$pconfig['interface'] = "wan";
$pconfig['localnet'] = "lan";
$pconfig['p1mode'] = "aggressive";
$pconfig['p1myidentt'] = "myaddress";
+ $pconfig['p1authentication_method'] = "pre_shared_key";
$pconfig['p1ealgo'] = "3des";
$pconfig['p1halgo'] = "sha1";
$pconfig['p1dhgroup'] = "2";
@@ -102,6 +137,7 @@ if (isset($id) && $a_ipsec[$id]) {
$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael");
$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
$pconfig['p2pfsgroup'] = "0";
+ $pconfig['remotebits'] = 32;
}
if ($_POST) {
@@ -111,16 +147,28 @@ if ($_POST) {
} else if ($_POST['localnettype'] == "single") {
$_POST['localnetmask'] = 32;
}
-
+
unset($input_errors);
$pconfig = $_POST;
/* input validation */
- $reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
- $reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
-
+ if ($_POST['p1authentication_method'] == "pre_shared_key") {
+ $reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
+ $reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
+ }
+ else {
+ $reqdfields = explode(" ", "localnet remotenet remotebits remotegw p2ealgos p2halgos");
+ $reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,P2 Encryption Algorithms,P2 Hash Algorithms");
+ if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") || !strstr($_POST['p1cert'], "END CERTIFICATE"))
+ $input_errors[] = "This certificate does not appear to be valid.";
+ if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY"))
+ $input_errors[] = "This key does not appear to be valid.";
+ if ($_POST['p1peercert']!="" && (!strstr($_POST['p1peercert'], "BEGIN CERTIFICATE") || !strstr($_POST['p1peercert'], "END CERTIFICATE")))
+ $input_errors[] = "This peer certificate does not appear to be valid.";
+ }
+
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
+
if (!is_specialnet($_POST['localnettype'])) {
if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) {
$input_errors[] = "A valid local network IP address must be specified.";
@@ -135,7 +183,7 @@ if ($_POST) {
if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
$input_errors[] = "The P2 lifetime must be an integer.";
}
- if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) || ($_POST['remotebits'] <= 0) || ($_POST['remotebits'] > 32))) {
+ if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) || ($_POST['remotebits'] < 0) || ($_POST['remotebits'] > 32))) {
$input_errors[] = "The remote network bits are invalid.";
}
if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet']))) {
@@ -152,23 +200,22 @@ if ($_POST) {
}
if ($_POST['p1myidentt'] == "user_fqdn") {
$ufqdn = explode("@",$_POST['p1myident']);
- if (!is_domain($ufqdn[1]))
+ if (!is_domain($ufqdn[1]))
$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
}
-
+
if ($_POST['p1myidentt'] == "myaddress")
$_POST['p1myident'] = "";
if (!$input_errors) {
$ipsecent['disabled'] = $_POST['disabled'] ? true : false;
- $ipsecent['creategif'] = $_POST['creategif'] ? true : false;
- $ipsecent['auto'] = $_POST['auto'] ? true : false;
+ //$ipsecent['auto'] = $_POST['auto'] ? true : false;
$ipsecent['interface'] = $pconfig['interface'];
pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
$ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
$ipsecent['remote-gateway'] = $_POST['remotegw'];
$ipsecent['p1']['mode'] = $_POST['p1mode'];
-
+
$ipsecent['p1']['myident'] = array();
switch ($_POST['p1myidentt']) {
case 'myaddress':
@@ -184,38 +231,37 @@ if ($_POST) {
$ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
break;
}
-
+
$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
$ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
+ $ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']);
+ $ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']);
+ $ipsecent['p1']['peercert'] = base64_encode($_POST['p1peercert']);
+ $ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method'];
$ipsecent['p2']['protocol'] = $_POST['p2proto'];
$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
$ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
$ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
$ipsecent['descr'] = $_POST['descr'];
-
+
if (isset($id) && $a_ipsec[$id])
$a_ipsec[$id] = $ipsecent;
else
$a_ipsec[] = $ipsecent;
-
+
write_config();
touch($d_ipsecconfdirty_path);
-
+
header("Location: vpn_ipsec.php");
exit;
}
}
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title><?=gentitle("VPN: IPsec: Edit tunnel");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
+<?php include("fbegin.inc"); ?>
<script language="JavaScript">
<!--
function typesel_change() {
@@ -237,72 +283,85 @@ function typesel_change() {
break;
}
}
+function methodsel_change() {
+ switch (document.iform.p1authentication_method.selectedIndex) {
+ case 1: /* rsa */
+ document.iform.p1pskey.disabled = 1;
+ document.iform.p1privatekey.disabled = 0;
+ document.iform.p1cert.disabled = 0;
+ document.iform.p1peercert.disabled = 0;
+ break;
+ default: /* pre-shared */
+ document.iform.p1pskey.disabled = 0;
+ document.iform.p1privatekey.disabled = 1;
+ document.iform.p1cert.disabled = 1;
+ document.iform.p1peercert.disabled = 1;
+ break;
+ }
+}
//-->
</script>
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: IPsec: Edit tunnel</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Mode</td>
<td width="78%" class="vtable"> Tunnel</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Disabled</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
<strong>Disable this tunnel</strong><br>
<span class="vexpl">Set this option to disable this tunnel without
removing it from the list.</span></td>
</tr>
- <tr>
+ <!-- <tr>
<td width="22%" valign="top" class="vncellreq">Auto-establish</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="auto" type="checkbox" id="auto" value="yes" <?php if ($pconfig['auto']) echo "checked"; ?>>
<strong>Automatically establish this tunnel</strong><br>
<span class="vexpl">Set this option to automatically re-establish this tunnel after reboots/reconfigures. If this is not set, the tunnel is established on demand.</span></td>
- </tr>
- <tr>
+ </tr> -->
+ <tr>
<td width="22%" valign="top" class="vncellreq">Interface</td>
- <td width="78%" class="vtable"> <select name="interface" class="formfld">
+ <td width="78%" class="vtable"><select name="interface" class="formfld">
<?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
}
foreach ($interfaces as $iface => $ifacename): ?>
- <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
+ <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
<?=htmlspecialchars($ifacename);?>
</option>
<?php endforeach; ?>
</select> <br>
<span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Local subnet</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<table border="0" cellspacing="0" cellpadding="0">
- <tr>
+ <tr>
<td>Type:&nbsp;&nbsp;</td>
+ <td></td>
<td><select name="localnettype" class="formfld" onChange="typesel_change()">
<?php $sel = is_specialnet($pconfig['localnet']); ?>
- <option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
+ <option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
Single host</option>
- <option value="network" <?php if (!$sel) echo "selected"; ?>>
+ <option value="network" <?php if (!$sel) echo "selected"; ?>>
Network</option>
- <option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
+ <option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
LAN subnet</option>
</select></td>
</tr>
- <tr>
+ <tr>
<td>Address:&nbsp;&nbsp;</td>
+ <td><?=$mandfldhtmlspc;?></td>
<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
- /
+ /
<select name="localnetmask" class="formfld" id="localnetmask">
- <?php for ($i = 32; $i >= 0; $i--): ?>
+ <?php for ($i = 31; $i >= 0; $i--): ?>
<option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
<?=$i;?>
</option>
@@ -311,195 +370,213 @@ function typesel_change() {
</tr>
</table></td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Remote subnet</td>
- <td width="78%" class="vtable">
- <input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
- /
+ <td width="78%" class="vtable">
+ <?=$mandfldhtml;?><input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
+ /
<select name="remotebits" class="formfld" id="remotebits">
- <?php for ($i = 32; $i > 0; $i--): ?>
- <option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
+ <?php for ($i = 32; $i >= 0; $i--): ?>
+ <option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
<?=$i;?>
</option>
<?php endfor; ?>
</select></td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Remote gateway</td>
- <td width="78%" class="vtable">
- <input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
+ <td width="78%" class="vtable">
+ <?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
<br>
Enter the public IP address of the remote gateway</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell">Description</td>
- <td width="78%" class="vtable">
- <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
- <br> <span class="vexpl">You may enter a description here
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
+ <br> <span class="vexpl">You may enter a description here
for your reference (not parsed).</span></td>
</tr>
- <tr>
+ <tr>
<td colspan="2" class="list" height="12"></td>
</tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Phase 1 proposal
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Phase 1 proposal
(Authentication)</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
<td width="78%" class="vtable">
-<select name="p1mode" class="formfld">
+ <select name="p1mode" class="formfld">
<?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
- <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
+ <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
<?=htmlspecialchars($mode);?>
</option>
<?php endforeach; ?>
- </select> <br> <span class="vexpl">Aggressive is faster, but
+ </select> <br> <span class="vexpl">Aggressive is faster, but
less secure.</span></td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">My identifier</td>
<td width="78%" class="vtable">
-<select name="p1myidentt" class="formfld">
+ <select name="p1myidentt" class="formfld">
<?php foreach ($my_identifier_list as $mode => $modename): ?>
- <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
+ <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
<?=htmlspecialchars($modename);?>
</option>
<?php endforeach; ?>
- </select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
+ </select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
<td width="78%" class="vtable">
-<select name="p1ealgo" class="formfld">
+ <select name="p1ealgo" class="formfld">
<?php foreach ($p1_ealgos as $algo => $algoname): ?>
- <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
+ <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
<?=htmlspecialchars($algoname);?>
</option>
<?php endforeach; ?>
- </select> <br> <span class="vexpl">Must match the setting
+ </select> <br> <span class="vexpl">Must match the setting
chosen on the remote side. </span></td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
<td width="78%" class="vtable">
-<select name="p1halgo" class="formfld">
+ <select name="p1halgo" class="formfld">
<?php foreach ($p1_halgos as $algo => $algoname): ?>
- <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
+ <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
<?=htmlspecialchars($algoname);?>
</option>
<?php endforeach; ?>
- </select> <br> <span class="vexpl">Must match the setting
+ </select> <br> <span class="vexpl">Must match the setting
chosen on the remote side. </span></td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">DH key group</td>
<td width="78%" class="vtable">
-<select name="p1dhgroup" class="formfld">
+ <select name="p1dhgroup" class="formfld">
<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
- <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
+ <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
<?=htmlspecialchars($keygroup);?>
</option>
<?php endforeach; ?>
- </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
+ </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
bit, 5 = 1536 bit</em><br>
Must match the setting chosen on the remote side. </span></td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell">Lifetime</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
seconds</td>
</tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Authentication method</td>
<td width="78%" class="vtable">
- <input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
- <br>ASCII characters only!
+ <select name="p1authentication_method" class="formfld" onChange="methodsel_change()">
+ <?php foreach ($p1_authentication_methods as $method => $methodname): ?>
+ <option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>>
+ <?=htmlspecialchars($methodname);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br> <span class="vexpl">Must match the setting
+ chosen on the remote side.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
+ <td width="78%" class="vtable">
+ <?=$mandfldhtml;?><input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
</td>
</tr>
- <tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Certificate</td>
+ <td width="78%" class="vtable">
+ <textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea>
+ <br>
+ Paste a certificate in X.509 PEM format here.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Key</td>
+ <td width="78%" class="vtable">
+ <textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea>
+ <br>
+ Paste an RSA private key in PEM format here.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Peer certificate</td>
+ <td width="78%" class="vtable">
+ <textarea name="p1peercert" cols="65" rows="7" id="p1peercert" class="formpre"><?=htmlspecialchars($pconfig['p1peercert']);?></textarea>
+ <br>
+ Paste the peer X.509 certificate in PEM format here.<br>
+ Leave this blank if you want to use a CA certificate for identity validation.</td>
+ </tr>
+ <tr>
<td colspan="2" class="list" height="12"></td>
</tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Phase 2 proposal
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Phase 2 proposal
(SA/Key Exchange)</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Protocol</td>
<td width="78%" class="vtable">
-<select name="p2proto" class="formfld">
+ <select name="p2proto" class="formfld">
<?php foreach ($p2_protos as $proto => $protoname): ?>
- <option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
+ <option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
<?=htmlspecialchars($protoname);?>
</option>
<?php endforeach; ?>
- </select> <br> <span class="vexpl">ESP is encryption, AH is
+ </select> <br> <span class="vexpl">ESP is encryption, AH is
authentication only </span></td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<?php foreach ($p2_ealgos as $algo => $algoname): ?>
- <input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
+ <input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
<?=htmlspecialchars($algoname);?>
- <br>
+ <br>
<?php endforeach; ?>
<br>
- Hint: use 3DES for best compatibility or if you have a hardware
- crypto accelerator card. Blowfish is usually the fastest in
+ Hint: use 3DES for best compatibility or if you have a hardware
+ crypto accelerator card. Blowfish is usually the fastest in
software encryption. </td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<?php foreach ($p2_halgos as $algo => $algoname): ?>
- <input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
+ <input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
<?=htmlspecialchars($algoname);?>
- <br>
+ <br>
<?php endforeach; ?>
</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">PFS key group</td>
<td width="78%" class="vtable">
-<select name="p2pfsgroup" class="formfld">
+ <select name="p2pfsgroup" class="formfld">
<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
- <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
+ <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
<?=htmlspecialchars($keygroupname);?>
</option>
<?php endforeach; ?>
- </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
+ </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
bit, 5 = 1536 bit</em></span></td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell">Lifetime</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
seconds</td>
</tr>
-
-
- <tr>
- <td colspan="2" class="list" height="12"></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Misc</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">Multi-Tunnel routing</td>
- <td width="78%" class="vtable">
- <input name="creategif" type="checkbox" id="creategif" size="40" value="<? if($pconfig['creategif']) echo " CHECKED"; ?>"><b> Turn on multi-subnet routing.</b>
- <br> <span class="vexpl">If you would like to route multiple subnets across this VPN, check this.</span></td>
- </tr>
-
- <tr>
+ <tr>
<td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
<?php if (isset($id) && $a_ipsec[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
+ <input name="id" type="hidden" value="<?=$id;?>">
<?php endif; ?>
</td>
</tr>
@@ -508,8 +585,7 @@ function typesel_change() {
<script language="JavaScript">
<!--
typesel_change();
+methodsel_change();
//-->
</script>
<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php
index 2cbad6a..676e569 100755
--- a/usr/local/www/vpn_ipsec_keys.php
+++ b/usr/local/www/vpn_ipsec_keys.php
@@ -1,11 +1,10 @@
#!/usr/local/bin/php
<?php
-/* $Id$ */
/*
vpn_ipsec_keys.php
part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -30,6 +29,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "IPsec");
require("guiconfig.inc");
if (!is_array($config['ipsec']['mobilekey'])) {
@@ -49,17 +49,7 @@ if ($_GET['act'] == "del") {
}
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title><?=gentitle("VPN: IPsec");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: IPsec</p>
<form action="vpn_ipsec.php" method="post">
<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_ipsecconfdirty_path)): ?><p>
@@ -67,11 +57,12 @@ if ($_GET['act'] == "del") {
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
+ <tr><td class="tabnavtbl">
<ul id="tabnav">
- <li class="tabinact"><a href="vpn_ipsec.php">Tunnels</a></li>
+ <li class="tabinact1"><a href="vpn_ipsec.php">Tunnels</a></li>
<li class="tabinact"><a href="vpn_ipsec_mobile.php">Mobile clients</a></li>
<li class="tabact">Pre-shared keys</li>
+ <li class="tabinact"><a href="vpn_ipsec_ca.php">CAs</a></li>
</ul>
</td></tr>
<tr>
@@ -84,37 +75,23 @@ if ($_GET['act'] == "del") {
</tr>
<?php $i = 0; foreach ($a_secret as $secretent): ?>
<tr>
- <td class="listlr" ondblclick="document.location='vpn_ipsec_keys_edit.php?id=<?=$i;?>';">
+ <td class="listlr">
<?=htmlspecialchars($secretent['ident']);?>
</td>
- <td class="listr" ondblclick="document.location='vpn_ipsec_keys_edit.php?id=<?=$i;?>';">
+ <td class="listr">
<?=htmlspecialchars($secretent['pre-shared-key']);?>
</td>
- <td class="list" nowrap>
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a></td>
- <td valign="middle"><a href="vpn_ipsec_keys.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this pre-shared key?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $i++; endforeach; ?>
+ <td class="list" nowrap> <a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit key" width="17" height="17" border="0"></a>
+ &nbsp;<a href="vpn_ipsec_keys.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this pre-shared key?')"><img src="x.gif" title="delete key" width="17" height="17" border="0"></a></td>
+ </tr>
+ <?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="2"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="vpn_ipsec_keys_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
+ <td class="list"> <a href="vpn_ipsec_keys_edit.php"><img src="plus.gif" title="add key" width="17" height="17" border="0"></a></td>
+ </tr>
</table>
- </td>
- </tr>
- </table>
+ </td>
+ </tr>
+ </table>
</form>
<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php
index aa31481..3491585 100755
--- a/usr/local/www/vpn_ipsec_keys_edit.php
+++ b/usr/local/www/vpn_ipsec_keys_edit.php
@@ -1,11 +1,10 @@
#!/usr/local/bin/php
<?php
-/* $Id$ */
/*
vpn_ipsec_keys_edit.php
part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -30,6 +29,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "IPsec", "Edit pre-shared key");
require("guiconfig.inc");
if (!is_array($config['ipsec']['mobilekey'])) {
@@ -92,24 +92,14 @@ if ($_POST) {
}
}
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title><?=gentitle("VPN: IPsec: Edit pre-shared key");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: IPsec: Edit pre-shared key</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td valign="top" class="vncellreq">Identifier</td>
<td class="vtable">
- <input name="ident" type="text" class="formfld" id="ident" size="30" value="<?=$pconfig['ident'];?>">
+ <?=$mandfldhtml;?><input name="ident" type="text" class="formfld" id="ident" size="30" value="<?=$pconfig['ident'];?>">
<br>
This can be either an IP address, fully qualified domain name or an e-mail address.
</td>
@@ -117,13 +107,13 @@ This can be either an IP address, fully qualified domain name or an e-mail addre
<tr>
<td width="22%" valign="top" class="vncellreq">Pre-shared key</td>
<td width="78%" class="vtable">
- <input name="psk" type="text" class="formfld" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>">
+ <?=$mandfldhtml;?><input name="psk" type="text" class="formfld" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>">
</td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="cancel" onclick="history.back()">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
<?php if (isset($id) && $a_secret[$id]): ?>
<input name="id" type="hidden" value="<?=$id;?>">
<?php endif; ?>
@@ -132,5 +122,3 @@ This can be either an IP address, fully qualified domain name or an e-mail addre
</table>
</form>
<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php
index 9a99d5e..0a10977 100755
--- a/usr/local/www/vpn_ipsec_mobile.php
+++ b/usr/local/www/vpn_ipsec_mobile.php
@@ -1,11 +1,10 @@
#!/usr/local/bin/php
<?php
-/* $Id$ */
/*
vpn_ipsec_mobile.php
part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -30,6 +29,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "IPsec");
require("guiconfig.inc");
if (!is_array($config['ipsec']['mobileclients'])) {
@@ -44,6 +44,7 @@ if (count($a_ipsec) == 0) {
$pconfig['p1ealgo'] = "3des";
$pconfig['p1halgo'] = "sha1";
$pconfig['p1dhgroup'] = "2";
+ $pconfig['p1authentication_method'] = "pre_shared_key";
$pconfig['p2proto'] = "esp";
$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael");
$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
@@ -69,6 +70,9 @@ if (count($a_ipsec) == 0) {
$pconfig['p1halgo'] = $a_ipsec['p1']['hash-algorithm'];
$pconfig['p1dhgroup'] = $a_ipsec['p1']['dhgroup'];
$pconfig['p1lifetime'] = $a_ipsec['p1']['lifetime'];
+ $pconfig['p1authentication_method'] = $a_ipsec['p1']['authentication_method'];
+ $pconfig['p1cert'] = base64_decode($a_ipsec['p1']['cert']);
+ $pconfig['p1privatekey'] = base64_decode($a_ipsec['p1']['private-key']);
$pconfig['p2proto'] = $a_ipsec['p2']['protocol'];
$pconfig['p2ealgos'] = $a_ipsec['p2']['encryption-algorithm-option'];
$pconfig['p2halgos'] = $a_ipsec['p2']['hash-algorithm-option'];
@@ -86,6 +90,13 @@ if ($_POST) {
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+ if ($_POST['p1authentication_method']== "rsasig") {
+ if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") || !strstr($_POST['p1cert'], "END CERTIFICATE"))
+ $input_errors[] = "This certificate does not appear to be valid.";
+ if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY"))
+ $input_errors[] = "This key does not appear to be valid.";
+ }
+
if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
$input_errors[] = "The P1 lifetime must be an integer.";
}
@@ -132,6 +143,9 @@ if ($_POST) {
$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
+ $ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']);
+ $ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']);
+ $ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method'];
$ipsecent['p2']['protocol'] = $_POST['p2proto'];
$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
@@ -148,17 +162,23 @@ if ($_POST) {
}
}
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title><?=gentitle("VPN: IPsec");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: IPsec</p>
+<script language="JavaScript">
+<!--
+function methodsel_change() {
+ switch (document.iform.p1authentication_method.selectedIndex) {
+ case 1: /* rsa */
+ document.iform.p1privatekey.disabled = 0;
+ document.iform.p1cert.disabled = 0;
+ break;
+ default: /* pre-shared */
+ document.iform.p1privatekey.disabled = 1;
+ document.iform.p1cert.disabled = 1;
+ break;
+ }
+}
+//-->
+</script>
<form action="vpn_ipsec.php" method="post">
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if (file_exists($d_ipsecconfdirty_path)): ?><p>
@@ -168,11 +188,12 @@ if ($_POST) {
</form>
<form action="vpn_ipsec_mobile.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
+ <tr><td class="tabnavtbl">
<ul id="tabnav">
- <li class="tabinact"><a href="vpn_ipsec.php">Tunnels</a></li>
+ <li class="tabinact1"><a href="vpn_ipsec.php">Tunnels</a></li>
<li class="tabact">Mobile clients</li>
<li class="tabinact"><a href="vpn_ipsec_keys.php">Pre-shared keys</a></li>
+ <li class="tabinact"><a href="vpn_ipsec_ca.php">CAs</a></li>
</ul>
</td></tr>
<tr>
@@ -190,8 +211,8 @@ if ($_POST) {
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
- <td width="78%" bgcolor="#FFFFFF" class="vtable">
-<select name="p1mode" class="formfld">
+ <td width="78%" class="vtable">
+ <select name="p1mode" class="formfld">
<?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
<?=htmlspecialchars($mode);?>
@@ -202,8 +223,8 @@ if ($_POST) {
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">My identifier</td>
- <td width="78%" bgcolor="#FFFFFF" class="vtable">
-<select name="p1myidentt" class="formfld">
+ <td width="78%" class="vtable">
+ <select name="p1myidentt" class="formfld">
<?php foreach ($my_identifier_list as $mode => $modename): ?>
<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
<?=htmlspecialchars($modename);?>
@@ -214,8 +235,8 @@ if ($_POST) {
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
- <td width="78%" bgcolor="#FFFFFF" class="vtable">
-<select name="p1ealgo" class="formfld">
+ <td width="78%" class="vtable">
+ <select name="p1ealgo" class="formfld">
<?php foreach ($p1_ealgos as $algo => $algoname): ?>
<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
<?=htmlspecialchars($algoname);?>
@@ -226,8 +247,8 @@ if ($_POST) {
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
- <td width="78%" bgcolor="#FFFFFF" class="vtable">
-<select name="p1halgo" class="formfld">
+ <td width="78%" class="vtable">
+ <select name="p1halgo" class="formfld">
<?php foreach ($p1_halgos as $algo => $algoname): ?>
<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
<?=htmlspecialchars($algoname);?>
@@ -238,8 +259,8 @@ if ($_POST) {
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">DH key group</td>
- <td width="78%" bgcolor="#FFFFFF" class="vtable">
-<select name="p1dhgroup" class="formfld">
+ <td width="78%" class="vtable">
+ <select name="p1dhgroup" class="formfld">
<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
<?=htmlspecialchars($keygroup);?>
@@ -251,11 +272,37 @@ if ($_POST) {
</tr>
<tr>
<td width="22%" valign="top" class="vncell">Lifetime</td>
- <td width="78%" bgcolor="#FFFFFF" class="vtable">
+ <td width="78%" class="vtable">
<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
seconds</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncellreq">Authentication method</td>
+ <td width="78%" class="vtable">
+ <select name="p1authentication_method" class="formfld" onChange="methodsel_change()">
+ <?php foreach ($p1_authentication_methods as $method => $methodname): ?>
+ <option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>>
+ <?=htmlspecialchars($methodname);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br> <span class="vexpl">Must match the setting
+ chosen on the remote side. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Certificate</td>
+ <td width="78%" class="vtable">
+ <textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea>
+ <br>
+ Paste a certificate in X.509 PEM format here.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Key</td>
+ <td width="78%" class="vtable">
+ <textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea>
+ <br>
+ Paste an RSA private key in PEM format here.</td>
+ </tr>
+ <tr>
<td colspan="2" class="list" height="12"></td>
</tr>
<tr>
@@ -264,8 +311,8 @@ if ($_POST) {
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Protocol</td>
- <td width="78%" bgcolor="#FFFFFF" class="vtable">
-<select name="p2proto" class="formfld">
+ <td width="78%" class="vtable">
+ <select name="p2proto" class="formfld">
<?php foreach ($p2_protos as $proto => $protoname): ?>
<option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
<?=htmlspecialchars($protoname);?>
@@ -276,7 +323,7 @@ if ($_POST) {
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
- <td width="78%" bgcolor="#FFFFFF" class="vtable">
+ <td width="78%" class="vtable">
<?php foreach ($p2_ealgos as $algo => $algoname): ?>
<input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
<?=htmlspecialchars($algoname);?>
@@ -289,7 +336,7 @@ if ($_POST) {
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
- <td width="78%" bgcolor="#FFFFFF" class="vtable">
+ <td width="78%" class="vtable">
<?php foreach ($p2_halgos as $algo => $algoname): ?>
<input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
<?=htmlspecialchars($algoname);?>
@@ -299,8 +346,8 @@ if ($_POST) {
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">PFS key group</td>
- <td width="78%" bgcolor="#FFFFFF" class="vtable">
-<select name="p2pfsgroup" class="formfld">
+ <td width="78%" class="vtable">
+ <select name="p2pfsgroup" class="formfld">
<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
<?=htmlspecialchars($keygroupname);?>
@@ -311,7 +358,7 @@ if ($_POST) {
</tr>
<tr>
<td width="22%" valign="top" class="vncell">Lifetime</td>
- <td width="78%" bgcolor="#FFFFFF" class="vtable">
+ <td width="78%" class="vtable">
<input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
seconds</td>
</tr>
@@ -326,6 +373,9 @@ if ($_POST) {
</tr>
</table>
</form>
+<script language="JavaScript">
+<!--
+methodsel_change();
+//-->
+</script>
<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/vpn_openvpn.php b/usr/local/www/vpn_openvpn.php
index f3b27e5..46f8953 100755
--- a/usr/local/www/vpn_openvpn.php
+++ b/usr/local/www/vpn_openvpn.php
@@ -1,22 +1,21 @@
#!/usr/local/bin/php
-<?php
-/* $Id$ */
+<?php
/*
vpn_openvpn.php
Copyright (C) 2004 Peter Curran (peter@closeconsultants.com).
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -29,6 +28,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "OpenVPN");
require("guiconfig.inc");
require_once("openvpn.inc");
@@ -59,44 +59,44 @@ if ($_POST) {
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
}
-
+
/* need a test here to make sure prefix and max_clients are coherent */
-
+
/* Sort out the cert+key files */
if (is_null($_POST['ca_cert']))
$input_errors[] = "You must provide a CA certificate file";
elseif (!strstr($_POST['ca_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['ca_cert'], "END CERTIFICATE"))
$input_errors[] = "The CA certificate does not appear to be valid.";
-
+
if (is_null($_POST['srv_cert']))
$input_errors[] = "You must provide a server certificate file";
elseif (!strstr($_POST['srv_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['srv_cert'], "END CERTIFICATE"))
$input_errors[] = "The server certificate does not appear to be valid.";
-
+
if (is_null($_POST['srv_key']))
$input_errors[] = "You must provide a server key file";
elseif (!strstr($_POST['srv_key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['srv_key'], "END RSA PRIVATE KEY"))
$input_errors[] = "The server key does not appear to be valid.";
-
+
if (is_null($_POST['dh_param']))
$input_errors[] = "You must provide a DH parameters file";
elseif (!strstr($_POST['dh_param'], "BEGIN DH PARAMETERS") || !strstr($_POST['dh_param'], "END DH PARAMETERS"))
$input_errors[] = "The DH parameters do not appear to be valid.";
-
+
if (!$input_errors) {
$server =& $config['ovpn']['server'];
$server['enable'] = $_POST['enable'] ? true : false;
-
+
/* Make sure that the tunnel interface type has not changed */
- if ($server['tun_iface'] != $_POST['tun_iface']){
+ if ($server['tun_iface'] != $_POST['tun_iface']){
$server['tun_iface'] = $_POST['tun_iface'];
touch($d_sysrebootreqd_path);
}
-
+
$server['bind_iface'] = $_POST['bind_iface'];
$server['port'] = $_POST['port'];
$server['proto'] = $_POST['proto'];
-
+
/* Make sure the IP address and/or prefix have not changed */
if ($server['ipblock'] != $_POST['ipblock']){
$server['ipblock'] = $_POST['ipblock'];
@@ -106,7 +106,7 @@ if ($_POST) {
$server['prefix'] = $_POST['prefix'];
touch($d_sysrebootreqd_path);
}
-
+
$server['maxcli'] = $_POST['maxcli'];
$server['crypto'] = $_POST['crypto'];
$server['cli2cli'] = $_POST['cli2cli'] ? true : false;
@@ -126,8 +126,8 @@ if ($_POST) {
$server['ca_cert'] = base64_encode($_POST['ca_cert']);
$server['srv_cert'] = base64_encode($_POST['srv_cert']);
$server['srv_key'] = base64_encode($_POST['srv_key']);
- $server['dh_param'] = base64_encode($_POST['dh_param']);
-
+ $server['dh_param'] = base64_encode($_POST['dh_param']);
+
write_config();
$retval = 0;
@@ -148,24 +148,14 @@ if ($_POST) {
$pconfig = $config['ovpn']['server'];
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title><?=gentitle("VPN: OpenVPN");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: OpenVPN</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if (file_exists($d_sysrebootreqd_path)) print_info_box(get_std_save_message(0)); ?>
<form action="vpn_openvpn.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
- <ul id="tabnav">
+ <ul id="tabnav">
<li class="tabact">Server</li>
<li class="tabinact"><a href="vpn_openvpn_cli.php">Client</a></li>
</ul>
@@ -182,7 +172,7 @@ $pconfig = $config['ovpn']['server'];
<input name="enable" type="checkbox" value="yes" <?php if (isset($pconfig['enable'])) echo "checked"; ?>>
<strong>Enable OpenVPN server </strong></td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncellreq">Tunnel type</td>
<td width="78%" class="vtable">
@@ -192,7 +182,7 @@ $pconfig = $config['ovpn']['server'];
TAP
</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">OpenVPN protocol/port</td>
<td width="78%" class="vtable">
@@ -200,16 +190,16 @@ $pconfig = $config['ovpn']['server'];
UDP&nbsp;
<input type="radio" name="proto" class="formfld" value="TCP" <?php if ($pconfig['proto'] == 'TCP') echo "checked"; ?>>
TCP<br><br>
- Port:
+ Port:
<input name="port" type="text" class="formfld" size="5" maxlength="5" value="<?= $pconfig['port']; ?>"><br>
Enter the port number to use for the server (default is 5000).</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncellreq">Interface binding</td>
<td width="78%" class="vtable">
<select name="bind_iface" class="formfld">
- <?php
+ <?php
$interfaces = ovpn_real_interface_list();
foreach ($interfaces as $key => $iface):
?>
@@ -220,12 +210,12 @@ $pconfig = $config['ovpn']['server'];
<span class="vexpl"><br>
Choose an interface for the OpenVPN server to listen on.</span></td>
</tr>
-
- <tr>
+
+ <tr>
<td width="22%" valign="top" class="vncellreq">IP address block</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="ipblock" type="text" class="formfld" size="20" value="<?=htmlspecialchars($pconfig['ipblock']);?>">
- /
+ /
<select name="prefix" class="formfld">
<?php for ($i = 29; $i > 19; $i--): ?>
<option value="<?=$i;?>" <?php if ($i == $pconfig['prefix']) echo "selected"; ?>>
@@ -236,42 +226,42 @@ $pconfig = $config['ovpn']['server'];
<br>
Enter the IP address block for the OpenVPN server and clients to use.<br>
<br>
- Maximum number of simultaneous clients:
+ Maximum number of simultaneous clients:
<input name="maxcli" type="text" class="formfld" size="3" maxlength="3" value="<?=htmlspecialchars($pconfig['maxcli']);?>">
</td>
</tr>
-
- <tr>
+
+ <tr>
<td width="22%" valign="top" class="vncellreq">CA certificate</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<textarea name="ca_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['ca_cert']));?></textarea>
<br>
- Paste a CA certificate in X.509 PEM format here. <a target="_new" href='vpn_openvpn_create_certs.php'>Create</a> all certificates.</td>
+ Paste a CA certificate in X.509 PEM format here.</td>
</tr>
-
- <tr>
+
+ <tr>
<td width="22%" valign="top" class="vncellreq">Server certificate</td>
<td width="78%" class="vtable">
<textarea name="srv_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['srv_cert']));?></textarea>
<br>
Paste a server certificate in X.509 PEM format here.</td>
</tr>
-
- <tr>
+
+ <tr>
<td width="22%" valign="top" class="vncellreq">Server key</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<textarea name="srv_key" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['srv_key']));?></textarea>
<br>Paste the server RSA private key here.</td>
</tr>
-
- <tr>
+
+ <tr>
<td width="22%" valign="top" class="vncellreq">DH parameters</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<textarea name="dh_param" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['dh_param']));?></textarea>
- <br>
+ <br>
Paste the Diffie-Hellman parameters in PEM format here.</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">Crypto</td>
<td width="78%" class="vtable">
@@ -289,7 +279,7 @@ $pconfig = $config['ovpn']['server'];
<br>
Select a data channel encryption cipher.</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">Internal routing mode</td>
<td width="78%" class="vtable">
@@ -297,7 +287,7 @@ $pconfig = $config['ovpn']['server'];
<strong>Enable client-to-client routing</strong><br>
If this option is on, clients are allowed to talk to each other.</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">Client authentication</td>
<td width="78%" class="vtable">
@@ -305,7 +295,7 @@ $pconfig = $config['ovpn']['server'];
<strong>Permit duplicate client certificates</strong><br>
If this option is on, clients with duplicate certificates will not be disconnected.</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">Client-push options</td>
<td width="78%" class="vtable">
@@ -363,5 +353,3 @@ $pconfig = $config['ovpn']['server'];
</table>
</form>
<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/vpn_openvpn_cli.php b/usr/local/www/vpn_openvpn_cli.php
index e272b91..2290067 100755
--- a/usr/local/www/vpn_openvpn_cli.php
+++ b/usr/local/www/vpn_openvpn_cli.php
@@ -1,6 +1,5 @@
#!/usr/local/bin/php
<?php
-/* $Id$ */
/*
vpn_openvpn_cli.php
@@ -29,6 +28,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "OpenVPN");
require("guiconfig.inc");
require_once("openvpn.inc");
@@ -68,17 +68,7 @@ if ($_GET['act'] == "del") {
}
}
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title><?=gentitle("VPN: OpenVPN");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: OpenVPN</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if (file_exists($d_sysrebootreqd_path) && !file_exists($d_ovpnclidirty_path)) print_info_box(get_std_save_message(0)); ?>
<form action="vpn_openvpn_cli.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
@@ -90,7 +80,7 @@ if ($_GET['act'] == "del") {
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<ul id="tabnav">
- <li class="tabinact"><a href="vpn_openvpn.php">Server</a></li>
+ <li class="tabinact1"><a href="vpn_openvpn.php">Server</a></li>
<li class="tabact">Client</li>
</ul>
</td></tr>
@@ -119,37 +109,25 @@ if ($_GET['act'] == "del") {
?>
<tr>
- <td class="listlr" ondblclick="document.location='vpn_openvpn_cli_edit.php?id=<?=$i;?>';"><?=$spans;?>
+ <td class="listlr"><?=$spans;?>
<?= $client['if'].":".$client['cport'];?>
<?=$spane;?></td>
- <td class="listr" ondblclick="document.location='vpn_openvpn_cli_edit.php?id=<?=$i;?>';"><?=$spans;?>
+ <td class="listr"><?=$spans;?>
<?= $client['saddr'].":".$client['sport'];?>
<?=$spane;?></td>
- <td align="middle" class="listr" ondblclick="document.location='vpn_openvpn_cli_edit.php?id=<?=$i;?>';"><?=$spans;?>
+ <td align="middle" class="listr"><?=$spans;?>
<?= $client['ver'];?>
<?=$spane;?></td>
- <td class="listbg" ondblclick="document.location='vpn_openvpn_cli_edit.php?id=<?=$i;?>';"><?=$spans;?>
- <font color="white"><?= $client['descr'];?></font>
+ <td class="listbg"><?=$spans;?>
+ <?= $client['descr'];?>
<?=$spane;?></td>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="vpn_openvpn_cli_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a></td>
- <td valign="middle"><a href="vpn_openvpn_cli.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client configuration?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
+ <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_cli_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit client configuration" width="17" height="17" border="0"></a>
+ &nbsp;<a href="vpn_openvpn_cli.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client configuration?')"><img src="x.gif" title="delete client configuration" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="4">&nbsp;</td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="vpn_openvpn_cli_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
+ <td class="list"> <a href="vpn_openvpn_cli_edit.php"><img src="plus.gif" title="add client configuration" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
@@ -157,5 +135,3 @@ if ($_GET['act'] == "del") {
</table>
</form>
<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/vpn_openvpn_cli_edit.php b/usr/local/www/vpn_openvpn_cli_edit.php
index 7b3e48c..a13b534 100755
--- a/usr/local/www/vpn_openvpn_cli_edit.php
+++ b/usr/local/www/vpn_openvpn_cli_edit.php
@@ -1,6 +1,5 @@
#!/usr/local/bin/php
<?php
-/* $Id$ */
/*
vpn_openvpn_cli_edit.php
@@ -29,6 +28,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "OpenVPN", "Edit client");
require("guiconfig.inc");
require_once("openvpn.inc");
@@ -188,17 +188,7 @@ if (isset($_POST['pull'])) {
}
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title><?=gentitle("VPN: OpenVPN: Edit client");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: OpenVPN: Edit client</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<form action="vpn_openvpn_cli_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
@@ -340,7 +330,7 @@ if (isset($_POST['pull'])) {
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
<?php if (isset($id)): ?>
<input name="id" type="hidden" value="<?=$id;?>">
<?php endif; ?>
@@ -350,5 +340,3 @@ if (isset($_POST['pull'])) {
</form>
<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php
index acf3fd7..43a19e5 100755
--- a/usr/local/www/vpn_pptp.php
+++ b/usr/local/www/vpn_pptp.php
@@ -1,23 +1,22 @@
#!/usr/local/bin/php
<?php
-/* $Id$ */
/*
vpn_pptp.php
part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -30,6 +29,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "PPTP");
require("guiconfig.inc");
if (!is_array($config['pptpd']['radius'])) {
@@ -56,15 +56,15 @@ if ($_POST) {
if ($_POST['mode'] == "server") {
$reqdfields = explode(" ", "localip remoteip");
$reqdfieldsn = explode(",", "Server address,Remote start address");
-
+
if ($_POST['radiusenable']) {
$reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret"));
- $reqdfieldsn = array_merge($reqdfieldsn,
+ $reqdfieldsn = array_merge($reqdfieldsn,
explode(",", "RADIUS server address,RADIUS shared secret"));
}
-
+
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
+
if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) {
$input_errors[] = "A valid server address must be specified.";
}
@@ -74,26 +74,26 @@ if ($_POST) {
if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) {
$input_errors[] = "A valid RADIUS server address must be specified.";
}
-
- if (!$input_errors) {
+
+ if (!$input_errors) {
$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $g['pptp_subnet']);
$subnet_start = ip2long($_POST['remoteip']);
$subnet_end = ip2long($_POST['remoteip']) + $g['n_pptp_units'] - 1;
-
- if ((ip2long($_POST['localip']) >= $subnet_start) &&
+
+ if ((ip2long($_POST['localip']) >= $subnet_start) &&
(ip2long($_POST['localip']) <= $subnet_end)) {
- $input_errors[] = "The specified server address lies in the remote subnet.";
+ $input_errors[] = "The specified server address lies in the remote subnet.";
}
if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) {
- $input_errors[] = "The specified server address is equal to the LAN interface address.";
+ $input_errors[] = "The specified server address is equal to the LAN interface address.";
}
}
} else if ($_POST['mode'] == "redir") {
$reqdfields = explode(" ", "redir");
$reqdfieldsn = explode(",", "PPTP redirection target address");
-
+
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
+
if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) {
$input_errors[] = "A valid target address must be specified.";
}
@@ -109,25 +109,9 @@ if ($_POST) {
$pptpcfg['radius']['accounting'] = $_POST['radacct_enable'] ? true : false;
$pptpcfg['radius']['server'] = $_POST['radiusserver'];
$pptpcfg['radius']['secret'] = $_POST['radiussecret'];
-
- if (($pconfig['mode'] == "server")) {
- /*
- * traverse ruleset. if no PPTP rule is found
- * install one.
- */
- $found_pptp_rule = 0;
- foreach($config['filter']['rule'] as $rule) {
- $pos = strpos($rule['descr'], "PPTP");
- if ( $pos <> false ) $found_pptp_rule = 1;
- }
- if($found_pptp_rule == 0) {
- /* no PPTP rule found. craete one. */
- add_default_pptp_rule();
- }
- }
-
+
write_config();
-
+
$retval = 0;
if (!file_exists($d_sysrebootreqd_path)) {
config_lock();
@@ -135,15 +119,10 @@ if ($_POST) {
config_unlock();
}
$savemsg = get_std_save_message($retval);
- if($found_pptp_rule ==0) $savemsg .= "<br>A default PPTP rule has been added to the firewall rules section.";
}
}
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html><head>
-<title><?=gentitle("VPN: PPTP");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
+<?php include("fbegin.inc"); ?>
<script language="JavaScript">
<!--
function get_radio_value(obj)
@@ -161,7 +140,7 @@ function enable_change(enable_over) {
document.iform.localip.disabled = 0;
document.iform.req128.disabled = 0;
document.iform.radiusenable.disabled = 0;
-
+
if (document.iform.radiusenable.checked || enable_over) {
document.iform.radacct_enable.disabled = 0;
document.iform.radiusserver.disabled = 0;
@@ -188,126 +167,124 @@ function enable_change(enable_over) {
}
//-->
</script>
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: PPTP</p>
<form action="vpn_pptp.php" method="post" name="iform" id="iform">
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if ($savemsg) print_info_box($savemsg); ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
+ <tr><td class="tabnavtbl">
<ul id="tabnav">
<li class="tabact">Configuration</li>
<li class="tabinact"><a href="vpn_pptp_users.php">Users</a></li>
</ul>
</td></tr>
- <tr>
+ <tr>
<td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
+ <tr>
<td width="22%" valign="top" class="vtable">&nbsp;</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="mode" type="radio" onclick="enable_change(false)" value="off"
<?php if (($pconfig['mode'] != "server") && ($pconfig['mode'] != "redir")) echo "checked";?>>
Off</td>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vtable">&nbsp;</td>
<td width="78%" class="vtable">
<input type="radio" name="mode" value="redir" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "redir") echo "checked"; ?>>
Redirect incoming PPTP connections to:</td>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">PPTP redirection</td>
- <td width="78%" class="vtable">
- <input name="redir" type="text" class="formfld" id="redir" size="20" value="<?=htmlspecialchars($pconfig['redir']);?>">
+ <td width="78%" class="vtable">
+ <?=$mandfldhtml;?><input name="redir" type="text" class="formfld" id="redir" size="20" value="<?=htmlspecialchars($pconfig['redir']);?>">
<br>
- Enter the IP address of a host which will accept incoming
+ Enter the IP address of a host which will accept incoming
PPTP connections.</td>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vtable">&nbsp;</td>
<td width="78%" class="vtable">
<input type="radio" name="mode" value="server" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "server") echo "checked"; ?>>
Enable PPTP server</td>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Max. concurrent
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Max. concurrent
connections</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<?=$g['n_pptp_units'];?>
</td>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Server address</td>
- <td width="78%" class="vtable">
- <input name="localip" type="text" class="formfld" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
+ <td width="78%" class="vtable">
+ <?=$mandfldhtml;?><input name="localip" type="text" class="formfld" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
<br>
- Enter the IP address the PPTP server should use on its side
+ Enter the IP address the PPTP server should use on its side
for all clients.</td>
</tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Remote address
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Remote address
range</td>
- <td width="78%" class="vtable">
- <input name="remoteip" type="text" class="formfld" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>">
- /
+ <td width="78%" class="vtable">
+ <?=$mandfldhtml;?><input name="remoteip" type="text" class="formfld" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>">
+ /
<?=$g['pptp_subnet'];?>
<br>
Specify the starting address for the client IP address subnet.<br>
- The PPTP server will assign
+ The PPTP server will assign
<?=$g['n_pptp_units'];?>
addresses, starting at the address entered above, to clients.</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell">RADIUS</td>
- <td width="78%" class="vtable">
- <p>
- <input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable'] == "yes") echo "checked"; ?>>
+ <td width="78%" class="vtable">
+ <input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable']) echo "checked"; ?>>
<strong>Use a RADIUS server for authentication<br>
- </strong>When set, all users will be authenticated using
- the RADIUS server specified below. The local user database
+ </strong>When set, all users will be authenticated using
+ the RADIUS server specified below. The local user database
will not be used.<br>
<br>
- <input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable'] == "yes") echo "checked"; ?>>
+ <input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable']) echo "checked"; ?>>
<strong>Enable RADIUS accounting <br>
- </strong>Send accounting packets to the RADIUS server. </p></td>
+ </strong>Sends accounting packets to the RADIUS server.</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell">RADIUS server </td>
<td width="78%" class="vtable">
- <p>
<input name="radiusserver" type="text" class="formfld" id="radiusserver" size="20" value="<?=htmlspecialchars($pconfig['radiusserver']);?>">
<br>
- Enter the IP address of the RADIUS server.</p></td>
+ Enter the IP address of the RADIUS server.</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell">RADIUS shared secret</td>
<td width="78%" valign="top" class="vtable">
- <p>
<input name="radiussecret" type="password" class="formfld" id="radiussecret" size="20" value="<?=htmlspecialchars($pconfig['radiussecret']);?>">
<br>
- Enter the shared secret that will be used to authenticate
- to the RADIUS server.</p></td>
+ Enter the shared secret that will be used to authenticate
+ to the RADIUS server.</td>
</tr>
- <tr>
+ <tr>
<td height="16" colspan="2" valign="top"></td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="middle">&nbsp;</td>
- <td width="78%" class="vtable">
- <input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128'] == "yes") echo "checked"; ?>>
+ <td width="78%" class="vtable">
+ <input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128']) echo "checked"; ?>>
<strong>Require 128-bit encryption</strong><br>
- When set, 128-bit encryption will be required. Otherwise
- 40-bit and 56-bit encryption will also be accepted. Note that
- encryption will always be forced on PPTP connections (
+ When set, 128-bit encryption will be accepted. Otherwise,
+ 40-bit and 56-bit encryption will be accepted, too. Note that
+ encryption will always be forced on PPTP connections (i.e.
unencrypted connections will not be accepted).</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)">
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)">
</td>
</tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
+ </strong></span>don't forget to add a firewall rule to permit
+ traffic from PPTP clients!</span></td>
+ </tr>
</table>
- </td>
+ </td>
</tr>
</table>
</form>
@@ -317,42 +294,3 @@ enable_change(false);
//-->
</script>
<?php include("fend.inc"); ?>
-</body>
-</html>
-
-<?php
-
-function add_default_pptp_rule() {
- global $config;
-
- $specialsrcdst = explode(" ", "any lan pptp");
- if (!is_array($config['filter']['rule'])) $config['filter']['rule'] = array();
- filter_rules_sort();
- $a_filter = &$config['filter']['rule'];
- $filterent = array();
- $filterent['type'] = "pass";
- $filterent['interface'] = "pptp";
-
- unset($filterent['max-src-nodes']);
- unset($filterent['max-src-states']);
- unset($filterent['protocol']);
- unset($filterent['icmptype']);
-
- pconfig_to_address($filterent['source'], "any",
- $_POST['srcmask'], $_POST['srcnot'],
- $_POST['srcbeginport'], $_POST['srcendport']);
-
- pconfig_to_address($filterent['destination'], "any",
- $_POST['dstmask'], $_POST['dstnot'],
- $_POST['dstbeginport'], $_POST['dstendport']);
-
- $filterent['disabled'] = false;
- $filterent['log'] = false;
- $filterent['frags'] = false;
- $filterent['descr'] = "Default PPTP -> any";
- $a_filter[] = $filterent;
- write_config();
-
-}
-
-?> \ No newline at end of file
diff --git a/usr/local/www/vpn_pptp_users.php b/usr/local/www/vpn_pptp_users.php
index 3bf2973..2e4c47a 100755
--- a/usr/local/www/vpn_pptp_users.php
+++ b/usr/local/www/vpn_pptp_users.php
@@ -1,11 +1,10 @@
#!/usr/local/bin/php
<?php
-/* $Id$ */
/*
vpn_pptp_users.php
part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -30,6 +29,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "PPTP");
require("guiconfig.inc");
if (!is_array($config['pptpd']['user'])) {
@@ -67,17 +67,7 @@ if ($_GET['act'] == "del") {
}
}
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title><?=gentitle("VPN: PPTP: Users");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: PPTP: Users</p>
<form action="vpn_pptp_users.php" method="post">
<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (isset($config['pptpd']['radius']['enable']))
@@ -87,9 +77,9 @@ if ($_GET['act'] == "del") {
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
+ <tr><td class="tabnavtbl">
<ul id="tabnav">
- <li class="tabinact"><a href="vpn_pptp.php">Configuration</a></li>
+ <li class="tabinact1"><a href="vpn_pptp.php">Configuration</a></li>
<li class="tabact">Users</li>
</ul>
</td></tr>
@@ -103,37 +93,23 @@ if ($_GET['act'] == "del") {
</tr>
<?php $i = 0; foreach ($a_secret as $secretent): ?>
<tr>
- <td class="listlr" ondblclick="document.location='vpn_pptp_users_edit.php?id=<?=$i;?>';">
+ <td class="listlr">
<?=htmlspecialchars($secretent['name']);?>
</td>
- <td class="listr" ondblclick="document.location='vpn_pptp_users_edit.php?id=<?=$i;?>';">
+ <td class="listr">
<?=htmlspecialchars($secretent['ip']);?>&nbsp;
</td>
- <td class="list" nowrap>
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="vpn_pptp_users_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a></td>
- <td valign="middle"><a href="vpn_pptp_users.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this user?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $i++; endforeach; ?>
+ <td class="list" nowrap> <a href="vpn_pptp_users_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit user" width="17" height="17" border="0"></a>
+ &nbsp;<a href="vpn_pptp_users.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this user?')"><img src="x.gif" title="delete user" width="17" height="17" border="0"></a></td>
+ </tr>
+ <?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="2"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="vpn_pptp_users_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
+ <td class="list"> <a href="vpn_pptp_users_edit.php"><img src="plus.gif" title="add user" width="17" height="17" border="0"></a></td>
+ </tr>
</table>
- </td>
- </tr>
- </table>
+ </td>
+ </tr>
+</table>
</form>
<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php
index e3cfa04..bbeddc1 100755
--- a/usr/local/www/vpn_pptp_users_edit.php
+++ b/usr/local/www/vpn_pptp_users_edit.php
@@ -1,11 +1,10 @@
#!/usr/local/bin/php
<?php
-/* $Id$ */
/*
vpn_pptp_users_edit.php
part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -30,6 +29,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "PPTP", "Edit user");
require("guiconfig.inc");
if (!is_array($config['pptpd']['user'])) {
@@ -110,30 +110,20 @@ if ($_POST) {
}
}
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title><?=gentitle("VPN: PPTP: Users: Edit");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: PPTP: Users: Edit</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<form action="vpn_pptp_users_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vncellreq">Username</td>
<td width="78%" class="vtable">
-<input name="username" type="text" class="formfld" id="username" size="20" value="<?=htmlspecialchars($pconfig['username']);?>">
+ <?=$mandfldhtml;?><input name="username" type="text" class="formfld" id="username" size="20" value="<?=htmlspecialchars($pconfig['username']);?>">
</td>
<tr>
<td width="22%" valign="top" class="vncellreq">Password</td>
<td width="78%" class="vtable">
- <input name="password" type="password" class="formfld" id="password" size="20">
- <br> <input name="password2" type="password" class="formfld" id="password2" size="20">
+ <?=$mandfldhtml;?><input name="password" type="password" class="formfld" id="password" size="20">
+ <br><?=$mandfldhtml;?><input name="password2" type="password" class="formfld" id="password2" size="20">
&nbsp;(confirmation)<?php if (isset($id) && $a_secret[$id]): ?><br>
<span class="vexpl">If you want to change the users' password,
enter it here twice.</span><?php endif; ?></td>
@@ -147,7 +137,7 @@ if ($_POST) {
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" value="Cancel" onclick="history.back()">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
<?php if (isset($id) && $a_secret[$id]): ?>
<input name="id" type="hidden" value="<?=$id;?>">
<?php endif; ?>
@@ -156,5 +146,3 @@ if ($_POST) {
</table>
</form>
<?php include("fend.inc"); ?>
-</body>
-</html>
OpenPOWER on IntegriCloud