diff options
Diffstat (limited to 'usr')
| -rwxr-xr-x | usr/local/www/vpn_ipsec.php | 120 | ||||
| -rwxr-xr-x | usr/local/www/vpn_ipsec_ca.php | 93 | ||||
| -rwxr-xr-x | usr/local/www/vpn_ipsec_ca_edit.php | 127 | ||||
| -rwxr-xr-x | usr/local/www/vpn_ipsec_edit.php | 372 | ||||
| -rwxr-xr-x | usr/local/www/vpn_ipsec_keys.php | 55 | ||||
| -rwxr-xr-x | usr/local/www/vpn_ipsec_keys_edit.php | 22 | ||||
| -rwxr-xr-x | usr/local/www/vpn_ipsec_mobile.php | 118 | ||||
| -rwxr-xr-x | usr/local/www/vpn_openvpn.php | 106 | ||||
| -rwxr-xr-x | usr/local/www/vpn_openvpn_cli.php | 44 | ||||
| -rwxr-xr-x | usr/local/www/vpn_openvpn_cli_edit.php | 16 | ||||
| -rwxr-xr-x | usr/local/www/vpn_pptp.php | 212 | ||||
| -rwxr-xr-x | usr/local/www/vpn_pptp_users.php | 54 | ||||
| -rwxr-xr-x | usr/local/www/vpn_pptp_users_edit.php | 24 |
13 files changed, 743 insertions, 620 deletions
diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 4cfbfaa..9a52898 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -1,25 +1,22 @@ #!/usr/local/bin/php <?php -/* $Id$ */ /* vpn_ipsec.php - Copyright (C) 2004 Scott Ullrich + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. All rights reserved. - - originally part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -32,16 +29,16 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "IPsec"); require("guiconfig.inc"); if (!is_array($config['ipsec']['tunnel'])) { $config['ipsec']['tunnel'] = array(); } $a_ipsec = &$config['ipsec']['tunnel']; +$wancfg = &$config['interfaces']['wan']; $pconfig['enable'] = isset($config['ipsec']['enable']); -$pconfig['preferredoldsa'] = isset($config['ipsec']['preferredoldsa']); -$pconfig['ipcomp'] = isset($config['ipsec']['ipcomp']); if ($_POST) { @@ -56,15 +53,11 @@ if ($_POST) { } } else if ($_POST['submit']) { $pconfig = $_POST; - + $config['ipsec']['enable'] = $_POST['enable'] ? true : false; - $config['ipsec']['preferredoldsa'] = $_POST['preferredoldsa'] ? true : false; - $config['ipsec']['ipcomp'] = $_POST['ipcomp'] ? true : false; - if($_POST['interface'] <> "") - $config['ipsec']['interface'] = $_POST['interface']; - + write_config(); - + $retval = 0; if (!file_exists($d_sysrebootreqd_path)) { config_lock(); @@ -89,17 +82,7 @@ if ($_GET['act'] == "del") { } } ?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> -<head> -<title><?=gentitle("VPN: IPsec");?></title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<link href="gui.css" rel="stylesheet" type="text/css"> -</head> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle">VPN: IPsec</p> <form action="vpn_ipsec.php" method="post"> <?php if ($savemsg) print_info_box($savemsg); ?> <?php if (file_exists($d_ipsecconfdirty_path)): ?><p> @@ -107,35 +90,24 @@ if ($_GET['act'] == "del") { <input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> + <tr><td class="tabnavtbl"> <ul id="tabnav"> <li class="tabact">Tunnels</li> <li class="tabinact"><a href="vpn_ipsec_mobile.php">Mobile clients</a></li> <li class="tabinact"><a href="vpn_ipsec_keys.php">Pre-shared keys</a></li> + <li class="tabinact"><a href="vpn_ipsec_ca.php">CAs</a></li> </ul> </td></tr> - <tr> + <tr> <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="vtable"><p><span class="vexpl"> </span> - <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked";?>> - <strong>Enable IPsec<br> - </strong></p> - </td> - <td class="vtable"><p><span class="vexpl"> </span> - <input name="preferredoldsa" type="checkbox" id="preferredoldsa" value="yes" <?php if ($pconfig['preferredoldsa'] == "yes") echo "checked";?>> - <strong>Prefer newer SA's.<br> - </strong></p> - </td> - <td class="vtable"><p><span class="vexpl"> </span> - <input name="ipcomp" type="checkbox" id="ipcomp" value="yes" <?php if ($pconfig['ipcomp'] == "yes") echo "checked";?>> - <strong>Enable VPN IP Compression<br> - </strong></p> - </td> - </tr> - <tr> - <td> <input name="submit" type="submit" class="formbtn" value="Save"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td class="vtable"> + <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked";?>> + <strong>Enable IPsec</strong></td> + </tr> + <tr> + <td> <input name="submit" type="submit" class="formbtn" value="Save"> </td> </tr> </table> @@ -160,7 +132,7 @@ if ($_GET['act'] == "del") { } ?> <tr valign="top"> - <td nowrap class="listlr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>';"><?=$spans;?> + <td nowrap class="listlr"><?=$spans;?> <?php if ($ipsecent['local-subnet']['network']) echo strtoupper($ipsecent['local-subnet']['network']); else @@ -169,7 +141,7 @@ if ($_GET['act'] == "del") { <br> <?=$ipsecent['remote-subnet'];?> <?=$spane;?></td> - <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>';"><?=$spans;?> + <td class="listr"><?=$spans;?> <?php if ($ipsecent['interface']) { $iflabels = array('lan' => 'LAN', 'wan' => 'WAN'); for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) @@ -177,47 +149,33 @@ if ($_GET['act'] == "del") { $if = htmlspecialchars($iflabels[$ipsecent['interface']]); } else $if = "WAN"; - + echo $if . "<br>" . $ipsecent['remote-gateway']; ?> <?=$spane;?></td> - <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>';"><?=$spans;?> + <td class="listr"><?=$spans;?> <?=$ipsecent['p1']['mode'];?> <?=$spane;?></td> - <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>';"><?=$spans;?> + <td class="listr"><?=$spans;?> <?=$p1_ealgos[$ipsecent['p1']['encryption-algorithm']];?> <?=$spane;?></td> - <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>';"><?=$spans;?> + <td class="listr"><?=$spans;?> <?=$p1_halgos[$ipsecent['p1']['hash-algorithm']];?> <?=$spane;?></td> - <td class="listbg" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>';"><?=$spans;?> - <font color="#FFFFFF"><?=htmlspecialchars($ipsecent['descr']);?> + <td class="listbg"><?=$spans;?> + <?=htmlspecialchars($ipsecent['descr']);?> <?=$spane;?></td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="vpn_ipsec_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="vpn_ipsec.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this tunnel?')"><img src="x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> - <tr> + <td valign="middle" nowrap class="list"> <a href="vpn_ipsec_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit tunnel" width="17" height="17" border="0"></a> + <a href="vpn_ipsec.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this tunnel?')"><img src="x.gif" title="delete tunnel" width="17" height="17" border="0"></a></td> + </tr> + <?php $i++; endforeach; ?> + <tr> <td class="list" colspan="6"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="vpn_ipsec_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> + <td class="list"> <a href="vpn_ipsec_edit.php"><img src="plus.gif" title="add tunnel" width="17" height="17" border="0"></a></td> + </tr> </table> - </td> + </td> </tr> </table> </form> <?php include("fend.inc"); ?> -</body> -</html> diff --git a/usr/local/www/vpn_ipsec_ca.php b/usr/local/www/vpn_ipsec_ca.php new file mode 100755 index 0000000..bb54ac7 --- /dev/null +++ b/usr/local/www/vpn_ipsec_ca.php @@ -0,0 +1,93 @@ +#!/usr/local/bin/php +<?php +/* + vpn_ipsec_ca.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("VPN", "IPsec"); +require("guiconfig.inc"); + +if (!is_array($config['ipsec']['cacert'])) { + $config['ipsec']['cacert'] = array(); +} +ipsec_ca_sort(); +$a_secret = &$config['ipsec']['cacert']; + +if ($_GET['act'] == "del") { + if ($a_secret[$_GET['id']]) { + unset($a_secret[$_GET['id']]); + write_config(); + touch($d_ipsecconfdirty_path); + header("Location: vpn_ipsec_ca.php"); + exit; + } +} + +?> +<?php include("fbegin.inc"); ?> +<form action="vpn_ipsec.php" method="post"> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (file_exists($d_ipsecconfdirty_path)): ?><p> +<?php print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br> +<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p> +<?php endif; ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <ul id="tabnav"> + <li class="tabinact"><a href="vpn_ipsec.php">Tunnels</a></li> + <li class="tabinact"><a href="vpn_ipsec_mobile.php">Mobile clients</a></li> + <li class="tabinact"><a href="vpn_ipsec_keys.php">Pre-shared keys</a></li> + <li class="tabact">CAs</li> + </ul> + </td></tr> + <tr> + <td class="tabcont"> + <table width="80%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Identifier</td> + <td class="list"></td> + </tr> + <?php $i = 0; foreach ($a_secret as $secretent): ?> + <tr> + <td class="listlr"> + <?=htmlspecialchars($secretent['ident']);?> + </td> + <td class="list" nowrap> <a href="vpn_ipsec_ca_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit certificate" width="17" height="17" border="0"></a> + <a href="vpn_ipsec_ca.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this certificate?')"><img src="x.gif" title="delete certificate" width="17" height="17" border="0"></a></td> + </tr> + <?php $i++; endforeach; ?> + <tr> + <td class="list"></td> + <td class="list"> <a href="vpn_ipsec_ca_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + </table> +</form> +<?php include("fend.inc"); ?> diff --git a/usr/local/www/vpn_ipsec_ca_edit.php b/usr/local/www/vpn_ipsec_ca_edit.php new file mode 100755 index 0000000..687d340 --- /dev/null +++ b/usr/local/www/vpn_ipsec_ca_edit.php @@ -0,0 +1,127 @@ +#!/usr/local/bin/php +<?php +/* + vpn_ipsec_ca_edit.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("VPN", "IPsec", "Edit CA certificate"); +require("guiconfig.inc"); + +if (!is_array($config['ipsec']['cacert'])) { + $config['ipsec']['cacert'] = array(); +} +ipsec_ca_sort(); +$a_secret = &$config['ipsec']['cacert']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_secret[$id]) { + $pconfig['ident'] = $a_secret[$id]['ident']; + $pconfig['cert'] = base64_decode($a_secret[$id]['cert']); +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "ident cert"); + $reqdfieldsn = explode(",", "Identifier,CA Certificate"); + if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")) + $input_errors[] = "This certificate does not appear to be valid."; + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident'])) + $input_errors[] = "The identifier contains invalid characters."; + + if (!$input_errors && !(isset($id) && $a_secret[$id])) { + /* make sure there are no dupes */ + foreach ($a_secret as $secretent) { + if ($secretent['ident'] == $_POST['ident']) { + $input_errors[] = "Another entry with the same identifier already exists."; + break; + } + } + } + + if (!$input_errors) { + + if (isset($id) && $a_secret[$id]) + $secretent = $a_secret[$id]; + + $secretent['ident'] = $_POST['ident']; + $secretent['cert'] = base64_encode($_POST['cert']); + + if (isset($id) && $a_secret[$id]) + $a_secret[$id] = $secretent; + else + $a_secret[] = $secretent; + + write_config(); + touch($d_ipsecconfdirty_path); + + header("Location: vpn_ipsec_ca.php"); + exit; + } +} +?> +<?php include("fbegin.inc"); ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> + <form action="vpn_ipsec_ca_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td valign="top" class="vncellreq">Identifier</td> + <td class="vtable"> + <input name="ident" type="text" class="formfld" id="ident" size="30" value="<?=$pconfig['ident'];?>"> + <br> +This can be any text to describe the certificate authority. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Certificate</td> + <td width="78%" class="vtable"> + <textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea> + <br> + Paste a CA certificate in X.509 PEM format here.</td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <?php if (isset($id) && $a_secret[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + </table> +</form> +<?php include("fend.inc"); ?> diff --git a/usr/local/www/vpn_ipsec_edit.php b/usr/local/www/vpn_ipsec_edit.php index b40b228..3bd98bd 100755 --- a/usr/local/www/vpn_ipsec_edit.php +++ b/usr/local/www/vpn_ipsec_edit.php @@ -1,25 +1,22 @@ #!/usr/local/bin/php <?php -/* $Id$ */ /* vpn_ipsec_edit.php - Copyright (C) 2004 Scott Ullrich + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. All rights reserved. - - originally part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -32,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "IPsec", "Edit tunnel"); require("guiconfig.inc"); if (!is_array($config['ipsec']['tunnel'])) { @@ -44,26 +42,58 @@ $specialsrcdst = explode(" ", "lan"); $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; + +function is_specialnet($net) { + global $specialsrcdst; + + if (in_array($net, $specialsrcdst)) + return true; + else + return false; +} + +function address_to_pconfig($adr, &$padr, &$pmask) { + + if ($adr['network']) + $padr = $adr['network']; + else if ($adr['address']) { + list($padr, $pmask) = explode("/", $adr['address']); + if (is_null($pmask)) + $pmask = 32; + } +} + +function pconfig_to_address(&$adr, $padr, $pmask) { + + $adr = array(); + + if (is_specialnet($padr)) + $adr['network'] = $padr; + else { + $adr['address'] = $padr; + if ($pmask != 32) + $adr['address'] .= "/" . $pmask; + } +} if (isset($id) && $a_ipsec[$id]) { $pconfig['disabled'] = isset($a_ipsec[$id]['disabled']); - $pconfig['auto'] = isset($a_ipsec[$id]['auto']); - $pconfig['creategif'] = $a_filter[$id]['creategif']; + //$pconfig['auto'] = isset($a_ipsec[$id]['auto']); if (!isset($a_ipsec[$id]['local-subnet'])) $pconfig['localnet'] = "lan"; else - address_to_pconfig($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask'], $none, $none, $none); - + address_to_pconfig($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']); + if ($a_ipsec[$id]['interface']) $pconfig['interface'] = $a_ipsec[$id]['interface']; else $pconfig['interface'] = "wan"; - + list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']); $pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway']; $pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode']; - + if (isset($a_ipsec[$id]['p1']['myident']['myaddress'])) $pconfig['p1myidentt'] = 'myaddress'; else if (isset($a_ipsec[$id]['p1']['myident']['address'])) { @@ -76,25 +106,30 @@ if (isset($id) && $a_ipsec[$id]) { $pconfig['p1myidentt'] = 'user_fqdn'; $pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn']; } - + $pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm']; $pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm']; $pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup']; $pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime']; + $pconfig['p1authentication_method'] = $a_ipsec[$id]['p1']['authentication_method']; $pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key']; + $pconfig['p1cert'] = base64_decode($a_ipsec[$id]['p1']['cert']); + $pconfig['p1peercert'] = base64_decode($a_ipsec[$id]['p1']['peercert']); + $pconfig['p1privatekey'] = base64_decode($a_ipsec[$id]['p1']['private-key']); $pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol']; $pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option']; $pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option']; $pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup']; $pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime']; $pconfig['descr'] = $a_ipsec[$id]['descr']; - + } else { /* defaults */ $pconfig['interface'] = "wan"; $pconfig['localnet'] = "lan"; $pconfig['p1mode'] = "aggressive"; $pconfig['p1myidentt'] = "myaddress"; + $pconfig['p1authentication_method'] = "pre_shared_key"; $pconfig['p1ealgo'] = "3des"; $pconfig['p1halgo'] = "sha1"; $pconfig['p1dhgroup'] = "2"; @@ -102,6 +137,7 @@ if (isset($id) && $a_ipsec[$id]) { $pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael"); $pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5"); $pconfig['p2pfsgroup'] = "0"; + $pconfig['remotebits'] = 32; } if ($_POST) { @@ -111,16 +147,28 @@ if ($_POST) { } else if ($_POST['localnettype'] == "single") { $_POST['localnetmask'] = 32; } - + unset($input_errors); $pconfig = $_POST; /* input validation */ - $reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos"); - $reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms"); - + if ($_POST['p1authentication_method'] == "pre_shared_key") { + $reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos"); + $reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms"); + } + else { + $reqdfields = explode(" ", "localnet remotenet remotebits remotegw p2ealgos p2halgos"); + $reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,P2 Encryption Algorithms,P2 Hash Algorithms"); + if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") || !strstr($_POST['p1cert'], "END CERTIFICATE")) + $input_errors[] = "This certificate does not appear to be valid."; + if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY")) + $input_errors[] = "This key does not appear to be valid."; + if ($_POST['p1peercert']!="" && (!strstr($_POST['p1peercert'], "BEGIN CERTIFICATE") || !strstr($_POST['p1peercert'], "END CERTIFICATE"))) + $input_errors[] = "This peer certificate does not appear to be valid."; + } + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - + if (!is_specialnet($_POST['localnettype'])) { if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) { $input_errors[] = "A valid local network IP address must be specified."; @@ -135,7 +183,7 @@ if ($_POST) { if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) { $input_errors[] = "The P2 lifetime must be an integer."; } - if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) || ($_POST['remotebits'] <= 0) || ($_POST['remotebits'] > 32))) { + if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) || ($_POST['remotebits'] < 0) || ($_POST['remotebits'] > 32))) { $input_errors[] = "The remote network bits are invalid."; } if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet']))) { @@ -152,23 +200,22 @@ if ($_POST) { } if ($_POST['p1myidentt'] == "user_fqdn") { $ufqdn = explode("@",$_POST['p1myident']); - if (!is_domain($ufqdn[1])) + if (!is_domain($ufqdn[1])) $input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified."; } - + if ($_POST['p1myidentt'] == "myaddress") $_POST['p1myident'] = ""; if (!$input_errors) { $ipsecent['disabled'] = $_POST['disabled'] ? true : false; - $ipsecent['creategif'] = $_POST['creategif'] ? true : false; - $ipsecent['auto'] = $_POST['auto'] ? true : false; + //$ipsecent['auto'] = $_POST['auto'] ? true : false; $ipsecent['interface'] = $pconfig['interface']; pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']); $ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits']; $ipsecent['remote-gateway'] = $_POST['remotegw']; $ipsecent['p1']['mode'] = $_POST['p1mode']; - + $ipsecent['p1']['myident'] = array(); switch ($_POST['p1myidentt']) { case 'myaddress': @@ -184,38 +231,37 @@ if ($_POST) { $ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident']; break; } - + $ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo']; $ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo']; $ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup']; $ipsecent['p1']['lifetime'] = $_POST['p1lifetime']; $ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey']; + $ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']); + $ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']); + $ipsecent['p1']['peercert'] = base64_encode($_POST['p1peercert']); + $ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method']; $ipsecent['p2']['protocol'] = $_POST['p2proto']; $ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos']; $ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos']; $ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup']; $ipsecent['p2']['lifetime'] = $_POST['p2lifetime']; $ipsecent['descr'] = $_POST['descr']; - + if (isset($id) && $a_ipsec[$id]) $a_ipsec[$id] = $ipsecent; else $a_ipsec[] = $ipsecent; - + write_config(); touch($d_ipsecconfdirty_path); - + header("Location: vpn_ipsec.php"); exit; } } ?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> -<head> -<title><?=gentitle("VPN: IPsec: Edit tunnel");?></title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<link href="gui.css" rel="stylesheet" type="text/css"> +<?php include("fbegin.inc"); ?> <script language="JavaScript"> <!-- function typesel_change() { @@ -237,72 +283,85 @@ function typesel_change() { break; } } +function methodsel_change() { + switch (document.iform.p1authentication_method.selectedIndex) { + case 1: /* rsa */ + document.iform.p1pskey.disabled = 1; + document.iform.p1privatekey.disabled = 0; + document.iform.p1cert.disabled = 0; + document.iform.p1peercert.disabled = 0; + break; + default: /* pre-shared */ + document.iform.p1pskey.disabled = 0; + document.iform.p1privatekey.disabled = 1; + document.iform.p1cert.disabled = 1; + document.iform.p1peercert.disabled = 1; + break; + } +} //--> </script> -</head> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">VPN: IPsec: Edit tunnel</p> <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Mode</td> <td width="78%" class="vtable"> Tunnel</td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Disabled</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>> <strong>Disable this tunnel</strong><br> <span class="vexpl">Set this option to disable this tunnel without removing it from the list.</span></td> </tr> - <tr> + <!-- <tr> <td width="22%" valign="top" class="vncellreq">Auto-establish</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="auto" type="checkbox" id="auto" value="yes" <?php if ($pconfig['auto']) echo "checked"; ?>> <strong>Automatically establish this tunnel</strong><br> <span class="vexpl">Set this option to automatically re-establish this tunnel after reboots/reconfigures. If this is not set, the tunnel is established on demand.</span></td> - </tr> - <tr> + </tr> --> + <tr> <td width="22%" valign="top" class="vncellreq">Interface</td> - <td width="78%" class="vtable"> <select name="interface" class="formfld"> + <td width="78%" class="vtable"><select name="interface" class="formfld"> <?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; } foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> + <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> <?=htmlspecialchars($ifacename);?> </option> <?php endforeach; ?> </select> <br> <span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Local subnet</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0"> - <tr> + <tr> <td>Type: </td> + <td></td> <td><select name="localnettype" class="formfld" onChange="typesel_change()"> <?php $sel = is_specialnet($pconfig['localnet']); ?> - <option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>> + <option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>> Single host</option> - <option value="network" <?php if (!$sel) echo "selected"; ?>> + <option value="network" <?php if (!$sel) echo "selected"; ?>> Network</option> - <option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>> + <option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>> LAN subnet</option> </select></td> </tr> - <tr> + <tr> <td>Address: </td> + <td><?=$mandfldhtmlspc;?></td> <td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>"> - / + / <select name="localnetmask" class="formfld" id="localnetmask"> - <?php for ($i = 32; $i >= 0; $i--): ?> + <?php for ($i = 31; $i >= 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>> <?=$i;?> </option> @@ -311,195 +370,213 @@ function typesel_change() { </tr> </table></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Remote subnet</td> - <td width="78%" class="vtable"> - <input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>"> - / + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>"> + / <select name="remotebits" class="formfld" id="remotebits"> - <?php for ($i = 32; $i > 0; $i--): ?> - <option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>> + <?php for ($i = 32; $i >= 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>> <?=$i;?> </option> <?php endfor; ?> </select></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Remote gateway</td> - <td width="78%" class="vtable"> - <input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>"> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>"> <br> Enter the public IP address of the remote gateway</td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl">You may enter a description here + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> + <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td> </tr> - <tr> + <tr> <td colspan="2" class="list" height="12"></td> </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Phase 1 proposal + <tr> + <td colspan="2" valign="top" class="listtopic">Phase 1 proposal (Authentication)</td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Negotiation mode</td> <td width="78%" class="vtable"> -<select name="p1mode" class="formfld"> + <select name="p1mode" class="formfld"> <?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?> - <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>> + <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>> <?=htmlspecialchars($mode);?> </option> <?php endforeach; ?> - </select> <br> <span class="vexpl">Aggressive is faster, but + </select> <br> <span class="vexpl">Aggressive is faster, but less secure.</span></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">My identifier</td> <td width="78%" class="vtable"> -<select name="p1myidentt" class="formfld"> + <select name="p1myidentt" class="formfld"> <?php foreach ($my_identifier_list as $mode => $modename): ?> - <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>> + <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>> <?=htmlspecialchars($modename);?> </option> <?php endforeach; ?> - </select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>"> + </select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>"> </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Encryption algorithm</td> <td width="78%" class="vtable"> -<select name="p1ealgo" class="formfld"> + <select name="p1ealgo" class="formfld"> <?php foreach ($p1_ealgos as $algo => $algoname): ?> - <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>> + <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>> <?=htmlspecialchars($algoname);?> </option> <?php endforeach; ?> - </select> <br> <span class="vexpl">Must match the setting + </select> <br> <span class="vexpl">Must match the setting chosen on the remote side. </span></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Hash algorithm</td> <td width="78%" class="vtable"> -<select name="p1halgo" class="formfld"> + <select name="p1halgo" class="formfld"> <?php foreach ($p1_halgos as $algo => $algoname): ?> - <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>> + <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>> <?=htmlspecialchars($algoname);?> </option> <?php endforeach; ?> - </select> <br> <span class="vexpl">Must match the setting + </select> <br> <span class="vexpl">Must match the setting chosen on the remote side. </span></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">DH key group</td> <td width="78%" class="vtable"> -<select name="p1dhgroup" class="formfld"> + <select name="p1dhgroup" class="formfld"> <?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?> - <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>> + <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>> <?=htmlspecialchars($keygroup);?> </option> <?php endforeach; ?> - </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024 + </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit</em><br> Must match the setting chosen on the remote side. </span></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell">Lifetime</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>"> seconds</td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td> + <tr> + <td width="22%" valign="top" class="vncellreq">Authentication method</td> <td width="78%" class="vtable"> - <input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>"> - <br>ASCII characters only! + <select name="p1authentication_method" class="formfld" onChange="methodsel_change()"> + <?php foreach ($p1_authentication_methods as $method => $methodname): ?> + <option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>> + <?=htmlspecialchars($methodname);?> + </option> + <?php endforeach; ?> + </select> <br> <span class="vexpl">Must match the setting + chosen on the remote side.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>"> </td> </tr> - <tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Certificate</td> + <td width="78%" class="vtable"> + <textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea> + <br> + Paste a certificate in X.509 PEM format here.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Key</td> + <td width="78%" class="vtable"> + <textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea> + <br> + Paste an RSA private key in PEM format here.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Peer certificate</td> + <td width="78%" class="vtable"> + <textarea name="p1peercert" cols="65" rows="7" id="p1peercert" class="formpre"><?=htmlspecialchars($pconfig['p1peercert']);?></textarea> + <br> + Paste the peer X.509 certificate in PEM format here.<br> + Leave this blank if you want to use a CA certificate for identity validation.</td> + </tr> + <tr> <td colspan="2" class="list" height="12"></td> </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Phase 2 proposal + <tr> + <td colspan="2" valign="top" class="listtopic">Phase 2 proposal (SA/Key Exchange)</td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Protocol</td> <td width="78%" class="vtable"> -<select name="p2proto" class="formfld"> + <select name="p2proto" class="formfld"> <?php foreach ($p2_protos as $proto => $protoname): ?> - <option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>> + <option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>> <?=htmlspecialchars($protoname);?> </option> <?php endforeach; ?> - </select> <br> <span class="vexpl">ESP is encryption, AH is + </select> <br> <span class="vexpl">ESP is encryption, AH is authentication only </span></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Encryption algorithms</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <?php foreach ($p2_ealgos as $algo => $algoname): ?> - <input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>> + <input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>> <?=htmlspecialchars($algoname);?> - <br> + <br> <?php endforeach; ?> <br> - Hint: use 3DES for best compatibility or if you have a hardware - crypto accelerator card. Blowfish is usually the fastest in + Hint: use 3DES for best compatibility or if you have a hardware + crypto accelerator card. Blowfish is usually the fastest in software encryption. </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Hash algorithms</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <?php foreach ($p2_halgos as $algo => $algoname): ?> - <input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>> + <input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>> <?=htmlspecialchars($algoname);?> - <br> + <br> <?php endforeach; ?> </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">PFS key group</td> <td width="78%" class="vtable"> -<select name="p2pfsgroup" class="formfld"> + <select name="p2pfsgroup" class="formfld"> <?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?> - <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>> + <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>> <?=htmlspecialchars($keygroupname);?> </option> <?php endforeach; ?> - </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024 + </select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024 bit, 5 = 1536 bit</em></span></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell">Lifetime</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>"> seconds</td> </tr> - - - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Misc</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Multi-Tunnel routing</td> - <td width="78%" class="vtable"> - <input name="creategif" type="checkbox" id="creategif" size="40" value="<? if($pconfig['creategif']) echo " CHECKED"; ?>"><b> Turn on multi-subnet routing.</b> - <br> <span class="vexpl">If you would like to route multiple subnets across this VPN, check this.</span></td> - </tr> - - <tr> + <tr> <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <?php if (isset($id) && $a_ipsec[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?> </td> </tr> @@ -508,8 +585,7 @@ function typesel_change() { <script language="JavaScript"> <!-- typesel_change(); +methodsel_change(); //--> </script> <?php include("fend.inc"); ?> -</body> -</html> diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php index 2cbad6a..676e569 100755 --- a/usr/local/www/vpn_ipsec_keys.php +++ b/usr/local/www/vpn_ipsec_keys.php @@ -1,11 +1,10 @@ #!/usr/local/bin/php <?php -/* $Id$ */ /* vpn_ipsec_keys.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -30,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "IPsec"); require("guiconfig.inc"); if (!is_array($config['ipsec']['mobilekey'])) { @@ -49,17 +49,7 @@ if ($_GET['act'] == "del") { } ?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> -<head> -<title><?=gentitle("VPN: IPsec");?></title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<link href="gui.css" rel="stylesheet" type="text/css"> -</head> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle">VPN: IPsec</p> <form action="vpn_ipsec.php" method="post"> <?php if ($savemsg) print_info_box($savemsg); ?> <?php if (file_exists($d_ipsecconfdirty_path)): ?><p> @@ -67,11 +57,12 @@ if ($_GET['act'] == "del") { <input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> + <tr><td class="tabnavtbl"> <ul id="tabnav"> - <li class="tabinact"><a href="vpn_ipsec.php">Tunnels</a></li> + <li class="tabinact1"><a href="vpn_ipsec.php">Tunnels</a></li> <li class="tabinact"><a href="vpn_ipsec_mobile.php">Mobile clients</a></li> <li class="tabact">Pre-shared keys</li> + <li class="tabinact"><a href="vpn_ipsec_ca.php">CAs</a></li> </ul> </td></tr> <tr> @@ -84,37 +75,23 @@ if ($_GET['act'] == "del") { </tr> <?php $i = 0; foreach ($a_secret as $secretent): ?> <tr> - <td class="listlr" ondblclick="document.location='vpn_ipsec_keys_edit.php?id=<?=$i;?>';"> + <td class="listlr"> <?=htmlspecialchars($secretent['ident']);?> </td> - <td class="listr" ondblclick="document.location='vpn_ipsec_keys_edit.php?id=<?=$i;?>';"> + <td class="listr"> <?=htmlspecialchars($secretent['pre-shared-key']);?> </td> - <td class="list" nowrap> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="vpn_ipsec_keys.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this pre-shared key?')"><img src="x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> + <td class="list" nowrap> <a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit key" width="17" height="17" border="0"></a> + <a href="vpn_ipsec_keys.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this pre-shared key?')"><img src="x.gif" title="delete key" width="17" height="17" border="0"></a></td> + </tr> + <?php $i++; endforeach; ?> <tr> <td class="list" colspan="2"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="vpn_ipsec_keys_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> + <td class="list"> <a href="vpn_ipsec_keys_edit.php"><img src="plus.gif" title="add key" width="17" height="17" border="0"></a></td> + </tr> </table> - </td> - </tr> - </table> + </td> + </tr> + </table> </form> <?php include("fend.inc"); ?> -</body> -</html> diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php index aa31481..3491585 100755 --- a/usr/local/www/vpn_ipsec_keys_edit.php +++ b/usr/local/www/vpn_ipsec_keys_edit.php @@ -1,11 +1,10 @@ #!/usr/local/bin/php <?php -/* $Id$ */ /* vpn_ipsec_keys_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -30,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "IPsec", "Edit pre-shared key"); require("guiconfig.inc"); if (!is_array($config['ipsec']['mobilekey'])) { @@ -92,24 +92,14 @@ if ($_POST) { } } ?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> -<head> -<title><?=gentitle("VPN: IPsec: Edit pre-shared key");?></title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<link href="gui.css" rel="stylesheet" type="text/css"> -</head> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle">VPN: IPsec: Edit pre-shared key</p> <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td valign="top" class="vncellreq">Identifier</td> <td class="vtable"> - <input name="ident" type="text" class="formfld" id="ident" size="30" value="<?=$pconfig['ident'];?>"> + <?=$mandfldhtml;?><input name="ident" type="text" class="formfld" id="ident" size="30" value="<?=$pconfig['ident'];?>"> <br> This can be either an IP address, fully qualified domain name or an e-mail address. </td> @@ -117,13 +107,13 @@ This can be either an IP address, fully qualified domain name or an e-mail addre <tr> <td width="22%" valign="top" class="vncellreq">Pre-shared key</td> <td width="78%" class="vtable"> - <input name="psk" type="text" class="formfld" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>"> + <?=$mandfldhtml;?><input name="psk" type="text" class="formfld" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>"> </td> </tr> <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="cancel" onclick="history.back()"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <?php if (isset($id) && $a_secret[$id]): ?> <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?> @@ -132,5 +122,3 @@ This can be either an IP address, fully qualified domain name or an e-mail addre </table> </form> <?php include("fend.inc"); ?> -</body> -</html> diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php index 9a99d5e..0a10977 100755 --- a/usr/local/www/vpn_ipsec_mobile.php +++ b/usr/local/www/vpn_ipsec_mobile.php @@ -1,11 +1,10 @@ #!/usr/local/bin/php <?php -/* $Id$ */ /* vpn_ipsec_mobile.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -30,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "IPsec"); require("guiconfig.inc"); if (!is_array($config['ipsec']['mobileclients'])) { @@ -44,6 +44,7 @@ if (count($a_ipsec) == 0) { $pconfig['p1ealgo'] = "3des"; $pconfig['p1halgo'] = "sha1"; $pconfig['p1dhgroup'] = "2"; + $pconfig['p1authentication_method'] = "pre_shared_key"; $pconfig['p2proto'] = "esp"; $pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael"); $pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5"); @@ -69,6 +70,9 @@ if (count($a_ipsec) == 0) { $pconfig['p1halgo'] = $a_ipsec['p1']['hash-algorithm']; $pconfig['p1dhgroup'] = $a_ipsec['p1']['dhgroup']; $pconfig['p1lifetime'] = $a_ipsec['p1']['lifetime']; + $pconfig['p1authentication_method'] = $a_ipsec['p1']['authentication_method']; + $pconfig['p1cert'] = base64_decode($a_ipsec['p1']['cert']); + $pconfig['p1privatekey'] = base64_decode($a_ipsec['p1']['private-key']); $pconfig['p2proto'] = $a_ipsec['p2']['protocol']; $pconfig['p2ealgos'] = $a_ipsec['p2']['encryption-algorithm-option']; $pconfig['p2halgos'] = $a_ipsec['p2']['hash-algorithm-option']; @@ -86,6 +90,13 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($_POST['p1authentication_method']== "rsasig") { + if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") || !strstr($_POST['p1cert'], "END CERTIFICATE")) + $input_errors[] = "This certificate does not appear to be valid."; + if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY")) + $input_errors[] = "This key does not appear to be valid."; + } + if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) { $input_errors[] = "The P1 lifetime must be an integer."; } @@ -132,6 +143,9 @@ if ($_POST) { $ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo']; $ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup']; $ipsecent['p1']['lifetime'] = $_POST['p1lifetime']; + $ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']); + $ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']); + $ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method']; $ipsecent['p2']['protocol'] = $_POST['p2proto']; $ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos']; $ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos']; @@ -148,17 +162,23 @@ if ($_POST) { } } ?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> -<head> -<title><?=gentitle("VPN: IPsec");?></title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<link href="gui.css" rel="stylesheet" type="text/css"> -</head> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle">VPN: IPsec</p> +<script language="JavaScript"> +<!-- +function methodsel_change() { + switch (document.iform.p1authentication_method.selectedIndex) { + case 1: /* rsa */ + document.iform.p1privatekey.disabled = 0; + document.iform.p1cert.disabled = 0; + break; + default: /* pre-shared */ + document.iform.p1privatekey.disabled = 1; + document.iform.p1cert.disabled = 1; + break; + } +} +//--> +</script> <form action="vpn_ipsec.php" method="post"> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if (file_exists($d_ipsecconfdirty_path)): ?><p> @@ -168,11 +188,12 @@ if ($_POST) { </form> <form action="vpn_ipsec_mobile.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> + <tr><td class="tabnavtbl"> <ul id="tabnav"> - <li class="tabinact"><a href="vpn_ipsec.php">Tunnels</a></li> + <li class="tabinact1"><a href="vpn_ipsec.php">Tunnels</a></li> <li class="tabact">Mobile clients</li> <li class="tabinact"><a href="vpn_ipsec_keys.php">Pre-shared keys</a></li> + <li class="tabinact"><a href="vpn_ipsec_ca.php">CAs</a></li> </ul> </td></tr> <tr> @@ -190,8 +211,8 @@ if ($_POST) { </tr> <tr> <td width="22%" valign="top" class="vncellreq">Negotiation mode</td> - <td width="78%" bgcolor="#FFFFFF" class="vtable"> -<select name="p1mode" class="formfld"> + <td width="78%" class="vtable"> + <select name="p1mode" class="formfld"> <?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?> <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>> <?=htmlspecialchars($mode);?> @@ -202,8 +223,8 @@ if ($_POST) { </tr> <tr> <td width="22%" valign="top" class="vncellreq">My identifier</td> - <td width="78%" bgcolor="#FFFFFF" class="vtable"> -<select name="p1myidentt" class="formfld"> + <td width="78%" class="vtable"> + <select name="p1myidentt" class="formfld"> <?php foreach ($my_identifier_list as $mode => $modename): ?> <option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>> <?=htmlspecialchars($modename);?> @@ -214,8 +235,8 @@ if ($_POST) { </tr> <tr> <td width="22%" valign="top" class="vncellreq">Encryption algorithm</td> - <td width="78%" bgcolor="#FFFFFF" class="vtable"> -<select name="p1ealgo" class="formfld"> + <td width="78%" class="vtable"> + <select name="p1ealgo" class="formfld"> <?php foreach ($p1_ealgos as $algo => $algoname): ?> <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>> <?=htmlspecialchars($algoname);?> @@ -226,8 +247,8 @@ if ($_POST) { </tr> <tr> <td width="22%" valign="top" class="vncellreq">Hash algorithm</td> - <td width="78%" bgcolor="#FFFFFF" class="vtable"> -<select name="p1halgo" class="formfld"> + <td width="78%" class="vtable"> + <select name="p1halgo" class="formfld"> <?php foreach ($p1_halgos as $algo => $algoname): ?> <option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>> <?=htmlspecialchars($algoname);?> @@ -238,8 +259,8 @@ if ($_POST) { </tr> <tr> <td width="22%" valign="top" class="vncellreq">DH key group</td> - <td width="78%" bgcolor="#FFFFFF" class="vtable"> -<select name="p1dhgroup" class="formfld"> + <td width="78%" class="vtable"> + <select name="p1dhgroup" class="formfld"> <?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?> <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>> <?=htmlspecialchars($keygroup);?> @@ -251,11 +272,37 @@ if ($_POST) { </tr> <tr> <td width="22%" valign="top" class="vncell">Lifetime</td> - <td width="78%" bgcolor="#FFFFFF" class="vtable"> + <td width="78%" class="vtable"> <input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>"> seconds</td> </tr> <tr> + <td width="22%" valign="top" class="vncellreq">Authentication method</td> + <td width="78%" class="vtable"> + <select name="p1authentication_method" class="formfld" onChange="methodsel_change()"> + <?php foreach ($p1_authentication_methods as $method => $methodname): ?> + <option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>> + <?=htmlspecialchars($methodname);?> + </option> + <?php endforeach; ?> + </select> <br> <span class="vexpl">Must match the setting + chosen on the remote side. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Certificate</td> + <td width="78%" class="vtable"> + <textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea> + <br> + Paste a certificate in X.509 PEM format here.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Key</td> + <td width="78%" class="vtable"> + <textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea> + <br> + Paste an RSA private key in PEM format here.</td> + </tr> + <tr> <td colspan="2" class="list" height="12"></td> </tr> <tr> @@ -264,8 +311,8 @@ if ($_POST) { </tr> <tr> <td width="22%" valign="top" class="vncellreq">Protocol</td> - <td width="78%" bgcolor="#FFFFFF" class="vtable"> -<select name="p2proto" class="formfld"> + <td width="78%" class="vtable"> + <select name="p2proto" class="formfld"> <?php foreach ($p2_protos as $proto => $protoname): ?> <option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>> <?=htmlspecialchars($protoname);?> @@ -276,7 +323,7 @@ if ($_POST) { </tr> <tr> <td width="22%" valign="top" class="vncellreq">Encryption algorithms</td> - <td width="78%" bgcolor="#FFFFFF" class="vtable"> + <td width="78%" class="vtable"> <?php foreach ($p2_ealgos as $algo => $algoname): ?> <input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>> <?=htmlspecialchars($algoname);?> @@ -289,7 +336,7 @@ if ($_POST) { </tr> <tr> <td width="22%" valign="top" class="vncellreq">Hash algorithms</td> - <td width="78%" bgcolor="#FFFFFF" class="vtable"> + <td width="78%" class="vtable"> <?php foreach ($p2_halgos as $algo => $algoname): ?> <input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>> <?=htmlspecialchars($algoname);?> @@ -299,8 +346,8 @@ if ($_POST) { </tr> <tr> <td width="22%" valign="top" class="vncellreq">PFS key group</td> - <td width="78%" bgcolor="#FFFFFF" class="vtable"> -<select name="p2pfsgroup" class="formfld"> + <td width="78%" class="vtable"> + <select name="p2pfsgroup" class="formfld"> <?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?> <option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>> <?=htmlspecialchars($keygroupname);?> @@ -311,7 +358,7 @@ if ($_POST) { </tr> <tr> <td width="22%" valign="top" class="vncell">Lifetime</td> - <td width="78%" bgcolor="#FFFFFF" class="vtable"> + <td width="78%" class="vtable"> <input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>"> seconds</td> </tr> @@ -326,6 +373,9 @@ if ($_POST) { </tr> </table> </form> +<script language="JavaScript"> +<!-- +methodsel_change(); +//--> +</script> <?php include("fend.inc"); ?> -</body> -</html> diff --git a/usr/local/www/vpn_openvpn.php b/usr/local/www/vpn_openvpn.php index f3b27e5..46f8953 100755 --- a/usr/local/www/vpn_openvpn.php +++ b/usr/local/www/vpn_openvpn.php @@ -1,22 +1,21 @@ #!/usr/local/bin/php -<?php -/* $Id$ */ +<?php /* vpn_openvpn.php Copyright (C) 2004 Peter Curran (peter@closeconsultants.com). All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -29,6 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -59,44 +59,44 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); } - + /* need a test here to make sure prefix and max_clients are coherent */ - + /* Sort out the cert+key files */ if (is_null($_POST['ca_cert'])) $input_errors[] = "You must provide a CA certificate file"; elseif (!strstr($_POST['ca_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['ca_cert'], "END CERTIFICATE")) $input_errors[] = "The CA certificate does not appear to be valid."; - + if (is_null($_POST['srv_cert'])) $input_errors[] = "You must provide a server certificate file"; elseif (!strstr($_POST['srv_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['srv_cert'], "END CERTIFICATE")) $input_errors[] = "The server certificate does not appear to be valid."; - + if (is_null($_POST['srv_key'])) $input_errors[] = "You must provide a server key file"; elseif (!strstr($_POST['srv_key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['srv_key'], "END RSA PRIVATE KEY")) $input_errors[] = "The server key does not appear to be valid."; - + if (is_null($_POST['dh_param'])) $input_errors[] = "You must provide a DH parameters file"; elseif (!strstr($_POST['dh_param'], "BEGIN DH PARAMETERS") || !strstr($_POST['dh_param'], "END DH PARAMETERS")) $input_errors[] = "The DH parameters do not appear to be valid."; - + if (!$input_errors) { $server =& $config['ovpn']['server']; $server['enable'] = $_POST['enable'] ? true : false; - + /* Make sure that the tunnel interface type has not changed */ - if ($server['tun_iface'] != $_POST['tun_iface']){ + if ($server['tun_iface'] != $_POST['tun_iface']){ $server['tun_iface'] = $_POST['tun_iface']; touch($d_sysrebootreqd_path); } - + $server['bind_iface'] = $_POST['bind_iface']; $server['port'] = $_POST['port']; $server['proto'] = $_POST['proto']; - + /* Make sure the IP address and/or prefix have not changed */ if ($server['ipblock'] != $_POST['ipblock']){ $server['ipblock'] = $_POST['ipblock']; @@ -106,7 +106,7 @@ if ($_POST) { $server['prefix'] = $_POST['prefix']; touch($d_sysrebootreqd_path); } - + $server['maxcli'] = $_POST['maxcli']; $server['crypto'] = $_POST['crypto']; $server['cli2cli'] = $_POST['cli2cli'] ? true : false; @@ -126,8 +126,8 @@ if ($_POST) { $server['ca_cert'] = base64_encode($_POST['ca_cert']); $server['srv_cert'] = base64_encode($_POST['srv_cert']); $server['srv_key'] = base64_encode($_POST['srv_key']); - $server['dh_param'] = base64_encode($_POST['dh_param']); - + $server['dh_param'] = base64_encode($_POST['dh_param']); + write_config(); $retval = 0; @@ -148,24 +148,14 @@ if ($_POST) { $pconfig = $config['ovpn']['server']; ?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> -<head> -<title><?=gentitle("VPN: OpenVPN");?></title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<link href="gui.css" rel="stylesheet" type="text/css"> -</head> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle">VPN: OpenVPN</p> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if (file_exists($d_sysrebootreqd_path)) print_info_box(get_std_save_message(0)); ?> <form action="vpn_openvpn.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> - <ul id="tabnav"> + <ul id="tabnav"> <li class="tabact">Server</li> <li class="tabinact"><a href="vpn_openvpn_cli.php">Client</a></li> </ul> @@ -182,7 +172,7 @@ $pconfig = $config['ovpn']['server']; <input name="enable" type="checkbox" value="yes" <?php if (isset($pconfig['enable'])) echo "checked"; ?>> <strong>Enable OpenVPN server </strong></td> </tr> - + <tr> <td width="22%" valign="top" class="vncellreq">Tunnel type</td> <td width="78%" class="vtable"> @@ -192,7 +182,7 @@ $pconfig = $config['ovpn']['server']; TAP </td> </tr> - + <tr> <td width="22%" valign="top" class="vncell">OpenVPN protocol/port</td> <td width="78%" class="vtable"> @@ -200,16 +190,16 @@ $pconfig = $config['ovpn']['server']; UDP <input type="radio" name="proto" class="formfld" value="TCP" <?php if ($pconfig['proto'] == 'TCP') echo "checked"; ?>> TCP<br><br> - Port: + Port: <input name="port" type="text" class="formfld" size="5" maxlength="5" value="<?= $pconfig['port']; ?>"><br> Enter the port number to use for the server (default is 5000).</td> </tr> - + <tr> <td width="22%" valign="top" class="vncellreq">Interface binding</td> <td width="78%" class="vtable"> <select name="bind_iface" class="formfld"> - <?php + <?php $interfaces = ovpn_real_interface_list(); foreach ($interfaces as $key => $iface): ?> @@ -220,12 +210,12 @@ $pconfig = $config['ovpn']['server']; <span class="vexpl"><br> Choose an interface for the OpenVPN server to listen on.</span></td> </tr> - - <tr> + + <tr> <td width="22%" valign="top" class="vncellreq">IP address block</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="ipblock" type="text" class="formfld" size="20" value="<?=htmlspecialchars($pconfig['ipblock']);?>"> - / + / <select name="prefix" class="formfld"> <?php for ($i = 29; $i > 19; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['prefix']) echo "selected"; ?>> @@ -236,42 +226,42 @@ $pconfig = $config['ovpn']['server']; <br> Enter the IP address block for the OpenVPN server and clients to use.<br> <br> - Maximum number of simultaneous clients: + Maximum number of simultaneous clients: <input name="maxcli" type="text" class="formfld" size="3" maxlength="3" value="<?=htmlspecialchars($pconfig['maxcli']);?>"> </td> </tr> - - <tr> + + <tr> <td width="22%" valign="top" class="vncellreq">CA certificate</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <textarea name="ca_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['ca_cert']));?></textarea> <br> - Paste a CA certificate in X.509 PEM format here. <a target="_new" href='vpn_openvpn_create_certs.php'>Create</a> all certificates.</td> + Paste a CA certificate in X.509 PEM format here.</td> </tr> - - <tr> + + <tr> <td width="22%" valign="top" class="vncellreq">Server certificate</td> <td width="78%" class="vtable"> <textarea name="srv_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['srv_cert']));?></textarea> <br> Paste a server certificate in X.509 PEM format here.</td> </tr> - - <tr> + + <tr> <td width="22%" valign="top" class="vncellreq">Server key</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <textarea name="srv_key" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['srv_key']));?></textarea> <br>Paste the server RSA private key here.</td> </tr> - - <tr> + + <tr> <td width="22%" valign="top" class="vncellreq">DH parameters</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <textarea name="dh_param" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['dh_param']));?></textarea> - <br> + <br> Paste the Diffie-Hellman parameters in PEM format here.</td> </tr> - + <tr> <td width="22%" valign="top" class="vncell">Crypto</td> <td width="78%" class="vtable"> @@ -289,7 +279,7 @@ $pconfig = $config['ovpn']['server']; <br> Select a data channel encryption cipher.</td> </tr> - + <tr> <td width="22%" valign="top" class="vncell">Internal routing mode</td> <td width="78%" class="vtable"> @@ -297,7 +287,7 @@ $pconfig = $config['ovpn']['server']; <strong>Enable client-to-client routing</strong><br> If this option is on, clients are allowed to talk to each other.</td> </tr> - + <tr> <td width="22%" valign="top" class="vncell">Client authentication</td> <td width="78%" class="vtable"> @@ -305,7 +295,7 @@ $pconfig = $config['ovpn']['server']; <strong>Permit duplicate client certificates</strong><br> If this option is on, clients with duplicate certificates will not be disconnected.</td> </tr> - + <tr> <td width="22%" valign="top" class="vncell">Client-push options</td> <td width="78%" class="vtable"> @@ -363,5 +353,3 @@ $pconfig = $config['ovpn']['server']; </table> </form> <?php include("fend.inc"); ?> -</body> -</html> diff --git a/usr/local/www/vpn_openvpn_cli.php b/usr/local/www/vpn_openvpn_cli.php index e272b91..2290067 100755 --- a/usr/local/www/vpn_openvpn_cli.php +++ b/usr/local/www/vpn_openvpn_cli.php @@ -1,6 +1,5 @@ #!/usr/local/bin/php <?php -/* $Id$ */ /* vpn_openvpn_cli.php @@ -29,6 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -68,17 +68,7 @@ if ($_GET['act'] == "del") { } } ?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> -<head> -<title><?=gentitle("VPN: OpenVPN");?></title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<link href="gui.css" rel="stylesheet" type="text/css"> -</head> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle">VPN: OpenVPN</p> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if (file_exists($d_sysrebootreqd_path) && !file_exists($d_ovpnclidirty_path)) print_info_box(get_std_save_message(0)); ?> <form action="vpn_openvpn_cli.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> @@ -90,7 +80,7 @@ if ($_GET['act'] == "del") { <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <ul id="tabnav"> - <li class="tabinact"><a href="vpn_openvpn.php">Server</a></li> + <li class="tabinact1"><a href="vpn_openvpn.php">Server</a></li> <li class="tabact">Client</li> </ul> </td></tr> @@ -119,37 +109,25 @@ if ($_GET['act'] == "del") { ?> <tr> - <td class="listlr" ondblclick="document.location='vpn_openvpn_cli_edit.php?id=<?=$i;?>';"><?=$spans;?> + <td class="listlr"><?=$spans;?> <?= $client['if'].":".$client['cport'];?> <?=$spane;?></td> - <td class="listr" ondblclick="document.location='vpn_openvpn_cli_edit.php?id=<?=$i;?>';"><?=$spans;?> + <td class="listr"><?=$spans;?> <?= $client['saddr'].":".$client['sport'];?> <?=$spane;?></td> - <td align="middle" class="listr" ondblclick="document.location='vpn_openvpn_cli_edit.php?id=<?=$i;?>';"><?=$spans;?> + <td align="middle" class="listr"><?=$spans;?> <?= $client['ver'];?> <?=$spane;?></td> - <td class="listbg" ondblclick="document.location='vpn_openvpn_cli_edit.php?id=<?=$i;?>';"><?=$spans;?> - <font color="white"><?= $client['descr'];?></font> + <td class="listbg"><?=$spans;?> + <?= $client['descr'];?> <?=$spane;?></td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="vpn_openvpn_cli_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="vpn_openvpn_cli.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client configuration?')"><img src="x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> + <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_cli_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit client configuration" width="17" height="17" border="0"></a> + <a href="vpn_openvpn_cli.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client configuration?')"><img src="x.gif" title="delete client configuration" width="17" height="17" border="0"></a></td> </tr> <?php $i++; endforeach; ?> <tr> <td class="list" colspan="4"> </td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="vpn_openvpn_cli_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> + <td class="list"> <a href="vpn_openvpn_cli_edit.php"><img src="plus.gif" title="add client configuration" width="17" height="17" border="0"></a></td> </tr> </table> </td> @@ -157,5 +135,3 @@ if ($_GET['act'] == "del") { </table> </form> <?php include("fend.inc"); ?> -</body> -</html> diff --git a/usr/local/www/vpn_openvpn_cli_edit.php b/usr/local/www/vpn_openvpn_cli_edit.php index 7b3e48c..a13b534 100755 --- a/usr/local/www/vpn_openvpn_cli_edit.php +++ b/usr/local/www/vpn_openvpn_cli_edit.php @@ -1,6 +1,5 @@ #!/usr/local/bin/php <?php -/* $Id$ */ /* vpn_openvpn_cli_edit.php @@ -29,6 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN", "Edit client"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -188,17 +188,7 @@ if (isset($_POST['pull'])) { } ?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> -<head> -<title><?=gentitle("VPN: OpenVPN: Edit client");?></title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<link href="gui.css" rel="stylesheet" type="text/css"> -</head> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle">VPN: OpenVPN: Edit client</p> <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="vpn_openvpn_cli_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> @@ -340,7 +330,7 @@ if (isset($_POST['pull'])) { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <?php if (isset($id)): ?> <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?> @@ -350,5 +340,3 @@ if (isset($_POST['pull'])) { </form> <?php include("fend.inc"); ?> -</body> -</html> diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php index acf3fd7..43a19e5 100755 --- a/usr/local/www/vpn_pptp.php +++ b/usr/local/www/vpn_pptp.php @@ -1,23 +1,22 @@ #!/usr/local/bin/php <?php -/* $Id$ */ /* vpn_pptp.php part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -30,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "PPTP"); require("guiconfig.inc"); if (!is_array($config['pptpd']['radius'])) { @@ -56,15 +56,15 @@ if ($_POST) { if ($_POST['mode'] == "server") { $reqdfields = explode(" ", "localip remoteip"); $reqdfieldsn = explode(",", "Server address,Remote start address"); - + if ($_POST['radiusenable']) { $reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret")); - $reqdfieldsn = array_merge($reqdfieldsn, + $reqdfieldsn = array_merge($reqdfieldsn, explode(",", "RADIUS server address,RADIUS shared secret")); } - + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - + if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) { $input_errors[] = "A valid server address must be specified."; } @@ -74,26 +74,26 @@ if ($_POST) { if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) { $input_errors[] = "A valid RADIUS server address must be specified."; } - - if (!$input_errors) { + + if (!$input_errors) { $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $g['pptp_subnet']); $subnet_start = ip2long($_POST['remoteip']); $subnet_end = ip2long($_POST['remoteip']) + $g['n_pptp_units'] - 1; - - if ((ip2long($_POST['localip']) >= $subnet_start) && + + if ((ip2long($_POST['localip']) >= $subnet_start) && (ip2long($_POST['localip']) <= $subnet_end)) { - $input_errors[] = "The specified server address lies in the remote subnet."; + $input_errors[] = "The specified server address lies in the remote subnet."; } if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) { - $input_errors[] = "The specified server address is equal to the LAN interface address."; + $input_errors[] = "The specified server address is equal to the LAN interface address."; } } } else if ($_POST['mode'] == "redir") { $reqdfields = explode(" ", "redir"); $reqdfieldsn = explode(",", "PPTP redirection target address"); - + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - + if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) { $input_errors[] = "A valid target address must be specified."; } @@ -109,25 +109,9 @@ if ($_POST) { $pptpcfg['radius']['accounting'] = $_POST['radacct_enable'] ? true : false; $pptpcfg['radius']['server'] = $_POST['radiusserver']; $pptpcfg['radius']['secret'] = $_POST['radiussecret']; - - if (($pconfig['mode'] == "server")) { - /* - * traverse ruleset. if no PPTP rule is found - * install one. - */ - $found_pptp_rule = 0; - foreach($config['filter']['rule'] as $rule) { - $pos = strpos($rule['descr'], "PPTP"); - if ( $pos <> false ) $found_pptp_rule = 1; - } - if($found_pptp_rule == 0) { - /* no PPTP rule found. craete one. */ - add_default_pptp_rule(); - } - } - + write_config(); - + $retval = 0; if (!file_exists($d_sysrebootreqd_path)) { config_lock(); @@ -135,15 +119,10 @@ if ($_POST) { config_unlock(); } $savemsg = get_std_save_message($retval); - if($found_pptp_rule ==0) $savemsg .= "<br>A default PPTP rule has been added to the firewall rules section."; } } ?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head> -<title><?=gentitle("VPN: PPTP");?></title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<link href="gui.css" rel="stylesheet" type="text/css"> +<?php include("fbegin.inc"); ?> <script language="JavaScript"> <!-- function get_radio_value(obj) @@ -161,7 +140,7 @@ function enable_change(enable_over) { document.iform.localip.disabled = 0; document.iform.req128.disabled = 0; document.iform.radiusenable.disabled = 0; - + if (document.iform.radiusenable.checked || enable_over) { document.iform.radacct_enable.disabled = 0; document.iform.radiusserver.disabled = 0; @@ -188,126 +167,124 @@ function enable_change(enable_over) { } //--> </script> -</head> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">VPN: PPTP</p> <form action="vpn_pptp.php" method="post" name="iform" id="iform"> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> + <tr><td class="tabnavtbl"> <ul id="tabnav"> <li class="tabact">Configuration</li> <li class="tabinact"><a href="vpn_pptp_users.php">Users</a></li> </ul> </td></tr> - <tr> + <tr> <td class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> + <tr> <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="mode" type="radio" onclick="enable_change(false)" value="off" <?php if (($pconfig['mode'] != "server") && ($pconfig['mode'] != "redir")) echo "checked";?>> Off</td> - <tr> + <tr> <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> <input type="radio" name="mode" value="redir" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "redir") echo "checked"; ?>> Redirect incoming PPTP connections to:</td> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">PPTP redirection</td> - <td width="78%" class="vtable"> - <input name="redir" type="text" class="formfld" id="redir" size="20" value="<?=htmlspecialchars($pconfig['redir']);?>"> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="redir" type="text" class="formfld" id="redir" size="20" value="<?=htmlspecialchars($pconfig['redir']);?>"> <br> - Enter the IP address of a host which will accept incoming + Enter the IP address of a host which will accept incoming PPTP connections.</td> - <tr> + <tr> <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> <input type="radio" name="mode" value="server" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "server") echo "checked"; ?>> Enable PPTP server</td> - <tr> - <td width="22%" valign="top" class="vncellreq">Max. concurrent + <tr> + <td width="22%" valign="top" class="vncellreq">Max. concurrent connections</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <?=$g['n_pptp_units'];?> </td> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Server address</td> - <td width="78%" class="vtable"> - <input name="localip" type="text" class="formfld" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>"> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="localip" type="text" class="formfld" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>"> <br> - Enter the IP address the PPTP server should use on its side + Enter the IP address the PPTP server should use on its side for all clients.</td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Remote address + <tr> + <td width="22%" valign="top" class="vncellreq">Remote address range</td> - <td width="78%" class="vtable"> - <input name="remoteip" type="text" class="formfld" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>"> - / + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="remoteip" type="text" class="formfld" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>"> + / <?=$g['pptp_subnet'];?> <br> Specify the starting address for the client IP address subnet.<br> - The PPTP server will assign + The PPTP server will assign <?=$g['n_pptp_units'];?> addresses, starting at the address entered above, to clients.</td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell">RADIUS</td> - <td width="78%" class="vtable"> - <p> - <input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable'] == "yes") echo "checked"; ?>> + <td width="78%" class="vtable"> + <input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable']) echo "checked"; ?>> <strong>Use a RADIUS server for authentication<br> - </strong>When set, all users will be authenticated using - the RADIUS server specified below. The local user database + </strong>When set, all users will be authenticated using + the RADIUS server specified below. The local user database will not be used.<br> <br> - <input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable'] == "yes") echo "checked"; ?>> + <input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable']) echo "checked"; ?>> <strong>Enable RADIUS accounting <br> - </strong>Send accounting packets to the RADIUS server. </p></td> + </strong>Sends accounting packets to the RADIUS server.</td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell">RADIUS server </td> <td width="78%" class="vtable"> - <p> <input name="radiusserver" type="text" class="formfld" id="radiusserver" size="20" value="<?=htmlspecialchars($pconfig['radiusserver']);?>"> <br> - Enter the IP address of the RADIUS server.</p></td> + Enter the IP address of the RADIUS server.</td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell">RADIUS shared secret</td> <td width="78%" valign="top" class="vtable"> - <p> <input name="radiussecret" type="password" class="formfld" id="radiussecret" size="20" value="<?=htmlspecialchars($pconfig['radiussecret']);?>"> <br> - Enter the shared secret that will be used to authenticate - to the RADIUS server.</p></td> + Enter the shared secret that will be used to authenticate + to the RADIUS server.</td> </tr> - <tr> + <tr> <td height="16" colspan="2" valign="top"></td> </tr> - <tr> + <tr> <td width="22%" valign="middle"> </td> - <td width="78%" class="vtable"> - <input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128'] == "yes") echo "checked"; ?>> + <td width="78%" class="vtable"> + <input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128']) echo "checked"; ?>> <strong>Require 128-bit encryption</strong><br> - When set, 128-bit encryption will be required. Otherwise - 40-bit and 56-bit encryption will also be accepted. Note that - encryption will always be forced on PPTP connections ( + When set, 128-bit encryption will be accepted. Otherwise, + 40-bit and 56-bit encryption will be accepted, too. Note that + encryption will always be forced on PPTP connections (i.e. unencrypted connections will not be accepted).</td> </tr> - <tr> + <tr> <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)"> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)"> </td> </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br> + </strong></span>don't forget to add a firewall rule to permit + traffic from PPTP clients!</span></td> + </tr> </table> - </td> + </td> </tr> </table> </form> @@ -317,42 +294,3 @@ enable_change(false); //--> </script> <?php include("fend.inc"); ?> -</body> -</html> - -<?php - -function add_default_pptp_rule() { - global $config; - - $specialsrcdst = explode(" ", "any lan pptp"); - if (!is_array($config['filter']['rule'])) $config['filter']['rule'] = array(); - filter_rules_sort(); - $a_filter = &$config['filter']['rule']; - $filterent = array(); - $filterent['type'] = "pass"; - $filterent['interface'] = "pptp"; - - unset($filterent['max-src-nodes']); - unset($filterent['max-src-states']); - unset($filterent['protocol']); - unset($filterent['icmptype']); - - pconfig_to_address($filterent['source'], "any", - $_POST['srcmask'], $_POST['srcnot'], - $_POST['srcbeginport'], $_POST['srcendport']); - - pconfig_to_address($filterent['destination'], "any", - $_POST['dstmask'], $_POST['dstnot'], - $_POST['dstbeginport'], $_POST['dstendport']); - - $filterent['disabled'] = false; - $filterent['log'] = false; - $filterent['frags'] = false; - $filterent['descr'] = "Default PPTP -> any"; - $a_filter[] = $filterent; - write_config(); - -} - -?>
\ No newline at end of file diff --git a/usr/local/www/vpn_pptp_users.php b/usr/local/www/vpn_pptp_users.php index 3bf2973..2e4c47a 100755 --- a/usr/local/www/vpn_pptp_users.php +++ b/usr/local/www/vpn_pptp_users.php @@ -1,11 +1,10 @@ #!/usr/local/bin/php <?php -/* $Id$ */ /* vpn_pptp_users.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -30,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "PPTP"); require("guiconfig.inc"); if (!is_array($config['pptpd']['user'])) { @@ -67,17 +67,7 @@ if ($_GET['act'] == "del") { } } ?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> -<head> -<title><?=gentitle("VPN: PPTP: Users");?></title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<link href="gui.css" rel="stylesheet" type="text/css"> -</head> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle">VPN: PPTP: Users</p> <form action="vpn_pptp_users.php" method="post"> <?php if ($savemsg) print_info_box($savemsg); ?> <?php if (isset($config['pptpd']['radius']['enable'])) @@ -87,9 +77,9 @@ if ($_GET['act'] == "del") { <input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> + <tr><td class="tabnavtbl"> <ul id="tabnav"> - <li class="tabinact"><a href="vpn_pptp.php">Configuration</a></li> + <li class="tabinact1"><a href="vpn_pptp.php">Configuration</a></li> <li class="tabact">Users</li> </ul> </td></tr> @@ -103,37 +93,23 @@ if ($_GET['act'] == "del") { </tr> <?php $i = 0; foreach ($a_secret as $secretent): ?> <tr> - <td class="listlr" ondblclick="document.location='vpn_pptp_users_edit.php?id=<?=$i;?>';"> + <td class="listlr"> <?=htmlspecialchars($secretent['name']);?> </td> - <td class="listr" ondblclick="document.location='vpn_pptp_users_edit.php?id=<?=$i;?>';"> + <td class="listr"> <?=htmlspecialchars($secretent['ip']);?> </td> - <td class="list" nowrap> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="vpn_pptp_users_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="vpn_pptp_users.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this user?')"><img src="x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> + <td class="list" nowrap> <a href="vpn_pptp_users_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit user" width="17" height="17" border="0"></a> + <a href="vpn_pptp_users.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this user?')"><img src="x.gif" title="delete user" width="17" height="17" border="0"></a></td> + </tr> + <?php $i++; endforeach; ?> <tr> <td class="list" colspan="2"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="vpn_pptp_users_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> + <td class="list"> <a href="vpn_pptp_users_edit.php"><img src="plus.gif" title="add user" width="17" height="17" border="0"></a></td> + </tr> </table> - </td> - </tr> - </table> + </td> + </tr> +</table> </form> <?php include("fend.inc"); ?> -</body> -</html> diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php index e3cfa04..bbeddc1 100755 --- a/usr/local/www/vpn_pptp_users_edit.php +++ b/usr/local/www/vpn_pptp_users_edit.php @@ -1,11 +1,10 @@ #!/usr/local/bin/php <?php -/* $Id$ */ /* vpn_pptp_users_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -30,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "PPTP", "Edit user"); require("guiconfig.inc"); if (!is_array($config['pptpd']['user'])) { @@ -110,30 +110,20 @@ if ($_POST) { } } ?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> -<head> -<title><?=gentitle("VPN: PPTP: Users: Edit");?></title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<link href="gui.css" rel="stylesheet" type="text/css"> -</head> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle">VPN: PPTP: Users: Edit</p> <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="vpn_pptp_users_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td width="22%" valign="top" class="vncellreq">Username</td> <td width="78%" class="vtable"> -<input name="username" type="text" class="formfld" id="username" size="20" value="<?=htmlspecialchars($pconfig['username']);?>"> + <?=$mandfldhtml;?><input name="username" type="text" class="formfld" id="username" size="20" value="<?=htmlspecialchars($pconfig['username']);?>"> </td> <tr> <td width="22%" valign="top" class="vncellreq">Password</td> <td width="78%" class="vtable"> - <input name="password" type="password" class="formfld" id="password" size="20"> - <br> <input name="password2" type="password" class="formfld" id="password2" size="20"> + <?=$mandfldhtml;?><input name="password" type="password" class="formfld" id="password" size="20"> + <br><?=$mandfldhtml;?><input name="password2" type="password" class="formfld" id="password2" size="20"> (confirmation)<?php if (isset($id) && $a_secret[$id]): ?><br> <span class="vexpl">If you want to change the users' password, enter it here twice.</span><?php endif; ?></td> @@ -147,7 +137,7 @@ if ($_POST) { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" value="Cancel" onclick="history.back()"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <?php if (isset($id) && $a_secret[$id]): ?> <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?> @@ -156,5 +146,3 @@ if ($_POST) { </table> </form> <?php include("fend.inc"); ?> -</body> -</html> |
