From 17402c638d800441a16db7b5f5c2b8a373b9abca Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Mon, 18 Aug 2014 22:33:38 +0200
Subject: Correct the ipsec status pages to show proper information as needed.

---
 usr/local/www/diag_ipsec.php     | 55 ++++++++++++++++++++++++++++------------
 usr/local/www/diag_ipsec_spd.php | 13 ----------
 2 files changed, 39 insertions(+), 29 deletions(-)

(limited to 'usr/local')

diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php
index ad6c463..33b0c85 100644
--- a/usr/local/www/diag_ipsec.php
+++ b/usr/local/www/diag_ipsec.php
@@ -52,16 +52,16 @@ require("guiconfig.inc");
 include("head.inc");
 require("ipsec.inc");
 
-if ($_GET['act'] == "connect") {
-	if (is_ipaddrv4($_GET['remoteid']) && is_ipaddrv4($_GET['source'])) {
-		exec("/sbin/ping -S " . escapeshellarg($_GET['source']) . " -c 1 " . escapeshellarg($_GET['remoteid']));
+if ($_GET['act'] == 'connect') {
+	if (ctype_digit($_GET['ikeid'])) {
+		mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
+		mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid']));
 	}
-	else if (is_ipaddrv6($_GET['remoteid']) && is_ipaddrv6($_GET['source'])) {
-		exec("/sbin/ping6 -S " . escapeshellarg($_GET['source']) . " -c 1 " . escapeshellarg($_GET['remoteid']));
+} else if ($_GET['act'] == 'ikedisconnect') {
+	if (ctype_digit($_GET['ikeid'])) {
+		mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
 	}
-}
-
-if ($_GET['act'] == "disconnect") {
+} else if ($_GET['act'] == 'disconnect') {
 	if (!empty($_GET['user'])) {
 		ipsec_disconnect_mobile($_GET['user']);
 		sleep(1);
@@ -107,23 +107,31 @@ $status = ipsec_smp_dump_status();
 				<th class="listhdrr nowrap"><?php echo gettext("Remote IP");?></th>
 				<th class="listhdrr nowrap"><?php echo gettext("Role");?></th>
 				<th class="listhdrr nowrap"><?php echo gettext("Status");?></th>
+				<td class="list nowrap"></td>
 		</tr>
 		</thead>
 		<tbody>
 <?php
 	if (is_array($status['query']) && is_array($status['query']['ikesalist']) && is_array($status['query']['ikesalist']['ikesa'])) {
 		foreach ($status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa) {
+			if (ipsec_phase1_status($status['query']['ikesalist']['ikesa'], $ikesa['id'])) {
+				$icon = "pass";
+			} elseif(!isset($config['ipsec']['enable'])) {
+				$icon = "block";
+			} else {
+				$icon = "reject";
+			}
 ?>
 			<tr>
 				<td class="listlr">
-					<?php echo htmlspecialchars(ipsec_get_descr_by_peerconfig($ikesa['peerconfig']));?>
+					<?php echo "({$ikesa['id']}) " . htmlspecialchars(ipsec_get_descr($ikesa['id']));?>
 				</td>
 				<td class="listr">
 			<?php   if (!is_array($ikesa['local']))
 					echo "Unknown";
 				else {
 					if (!empty($ikesa['local']['identification']))
-						echo htmlspecialchars($ikesa['local']['identification']) . '<br />' . htmlspecialchars($ikesa['local']['spi']);
+						echo htmlspecialchars($ikesa['local']['identification']);
 					else
 						echo 'Unknown';
 				}
@@ -137,7 +145,7 @@ $status = ipsec_smp_dump_status();
 						echo htmlspecialchars($ikesa['local']['address']) . ':' . htmlspecialchars($ikesa['local']['port']);
 					else
 						echo 'Unknown';
-					if ($ikesa['local']['nat'])
+					if ($ikesa['local']['nat'] != 'false')
 						echo " NAT-T";
 				}
 			?>
@@ -147,7 +155,7 @@ $status = ipsec_smp_dump_status();
 					echo "Unknown";
 				else {
 					if (!empty($ikesa['remote']['identification']))
-						echo htmlspecialchars($ikesa['remote']['identification']) . '<br />' . htmlspecialchars($ikesa['remote']['spi']);
+						echo htmlspecialchars($ikesa['remote']['identification']);
 					else
 						echo 'Unknown';
 				}
@@ -161,7 +169,7 @@ $status = ipsec_smp_dump_status();
 						echo htmlspecialchars($ikesa['remote']['address']) . ':' . htmlspecialchars($ikesa['remote']['port']);
 					else
 						echo 'Unknown';
-					if ($ikesa['remote']['nat'])
+					if ($ikesa['remote']['nat'] != 'false')
 						echo " NAT-T";
 				}
 			?>
@@ -170,10 +178,25 @@ $status = ipsec_smp_dump_status();
 					<?php echo htmlspecialchars($ikesa['role']);?>
 				</td>
 				<td class="listr">
-					<?php echo htmlspecialchars($ikesa['status']);?>
+					<center>
+						<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_<?php echo $icon; ?>.gif" title="<?php echo $ikesa['status']; ?>" alt=""/>
+						<br/><?php echo htmlspecialchars($ikesa['status']);?>
+					</center>
 				</td>
-				<td class="listbg">
-					<?php ?> &nbsp;
+				<td >
+				<?php if ($icon != "pass"): ?>
+					<center>
+						<a href="diag_ipsec.php?act=connect&amp;ikeid=<?php echo $ikesa['id']; ?>">
+						<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_start.gif" alt="Connect VPN" title="Connect VPN" border="0"/>
+						</a>
+					</center>
+				<?php else: ?>
+					<center>
+						<a href="diag_ipsec.php?act=ikedisconnect&amp;ikeid=<?php echo $ikesa['id']; ?>">
+						<img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_stop.gif" alt="Disconnect VPN" title="Disconnect VPN" border="0"/>
+						</a>
+					</center>
+				<?php endif; ?>
 				</td>
 				<td valign="middle" class="list nowrap">
 					<table border="0" cellspacing="0" cellpadding="1" summary="">
diff --git a/usr/local/www/diag_ipsec_spd.php b/usr/local/www/diag_ipsec_spd.php
index 0a01565..3c854af 100644
--- a/usr/local/www/diag_ipsec_spd.php
+++ b/usr/local/www/diag_ipsec_spd.php
@@ -50,16 +50,6 @@ $pgtitle = array(gettext("Status"),gettext("IPsec"),gettext("SPD"));
 $shortcut_section = "ipsec";
 include("head.inc");
 
-/* delete any SP? */
-if ($_GET['act'] == "del") {
-	$fd = @popen("/sbin/setkey -c > /dev/null 2>&1", "w");
-	if ($fd) {
-		fwrite($fd, "spddelete {$_GET['srcid']} {$_GET['dstid']} any -P {$_GET['dir']} ;\n");
-		pclose($fd);
-		sleep(1);
-	}
-}
-
 $spd = ipsec_dump_spd();
 ?>
 
@@ -106,9 +96,6 @@ $spd = ipsec_dump_spd();
 									$args .= "&amp;dstid=".rawurlencode($sp['dstid']);
 									$args .= "&amp;dir=".rawurlencode($sp['dir']);
 								?>
-								<a href="diag_ipsec_spd.php?act=del&amp;<?=$args;?>" onclick="return confirm('<?= gettext("Do you really want to delete this security policy?"); ?>')">
-									<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" />
-								</a>
 							</td>
 						</tr>
 						<?php endforeach; ?>
-- 
cgit v1.1