. * * Parts of this code originally based on vpn_ipsec_sad.php from m0n0wall, * Copyright (c) 2003-2004 Manuel Kasper (BSD 2 clause) * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgment: * "This product includes software developed by the pfSense Project * for use in the pfSense software distribution. (http://www.pfsense.org/). * * 4. The names "pfSense" and "pfSense Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * coreteam@pfsense.org. * * 5. Products derived from this software may not be called "pfSense" * nor may "pfSense" appear in their names without prior written * permission of the Electric Sheep Fencing, LLC. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * * "This product includes software developed by the pfSense Project * for use in the pfSense software distribution (http://www.pfsense.org/). * * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * * ==================================================================== * */ /* pfSense_MODULE: ipsec */ ##|+PRIV ##|*IDENT=page-status-ipsec ##|*NAME=Status: IPsec page ##|*DESCR=Allow access to the 'Status: IPsec' page. ##|*MATCH=diag_ipsec.php* ##|-PRIV global $g; $pgtitle = array(gettext("Status"), gettext("IPsec")); $shortcut_section = "ipsec"; require("guiconfig.inc"); include("head.inc"); require_once("ipsec.inc"); if ($_GET['act'] == 'connect') { if (ctype_digit($_GET['ikeid'])) { $ph1ent = ipsec_get_phase1($_GET['ikeid']); if (!empty($ph1ent)) { if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == 'ikev1') { $ph2entries = ipsec_get_number_of_phase2($_GET['ikeid']); for ($i = 0; $i < $ph2entries; $i++) { $connid = escapeshellarg("con{$_GET['ikeid']}00{$i}"); mwexec("/usr/local/sbin/ipsec down {$connid}"); mwexec("/usr/local/sbin/ipsec up {$connid}"); } } else { mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid'])); mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid'])); } } } } else if ($_GET['act'] == 'ikedisconnect') { if (ctype_digit($_GET['ikeid'])) { if (!empty($_GET['ikesaid']) && ctype_digit($_GET['ikesaid'])) { mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']) . "[" . escapeshellarg($_GET['ikesaid']) . "]"); } else { mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid'])); } } } else if ($_GET['act'] == 'childdisconnect') { if (ctype_digit($_GET['ikeid'])) { if (!empty($_GET['ikesaid']) && ctype_digit($_GET['ikesaid'])) { mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']) . "{" . escapeshellarg($_GET['ikesaid']) . "}"); } } } if (!is_array($config['ipsec']['phase1'])) { $config['ipsec']['phase1'] = array(); } $a_phase1 = &$config['ipsec']['phase1']; $status = ipsec_list_sa(); $tab_array = array(); $tab_array[] = array(gettext("Overview"), true, "diag_ipsec.php"); $tab_array[] = array(gettext("Leases"), false, "diag_ipsec_leases.php"); $tab_array[] = array(gettext("SAD"), false, "diag_ipsec_sad.php"); $tab_array[] = array(gettext("SPD"), false, "diag_ipsec_spd.php"); $tab_array[] = array(gettext("Logs"), false, "diag_logs.php?logfile=ipsec"); display_top_tabs($tab_array); ?>
=gettext("Description")?> | =gettext("Local ID")?> | =gettext("Local IP")?> | =gettext("Remote ID")?> | =gettext("Remote IP")?> | =gettext("Role")?> | =gettext("Reauth")?> | =gettext("Algo")?> | =gettext("Status")?> | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
=htmlspecialchars(ipsec_get_descr($ph1idx))?> |
{$identity}";
} elseif (!empty($ikesa['remote-eap-id'])) {
echo htmlspecialchars($ikesa['remote-eap-id']);
echo " {$identity}"; } else { if (empty($identity)) { print(gettext("Unknown")); } else { print($identity); } } ?> |
IKEv=htmlspecialchars($ikesa['version'])?>
|
=htmlspecialchars($ikesa['reauth-time']) . gettext(" seconds (") . convert_seconds_to_hms($ikesa['reauth-time']) . ")";?> |
=htmlspecialchars($ikesa['encr-alg'])?>
=htmlspecialchars($ikesa['integ-alg'])?> =htmlspecialchars($ikesa['prf-alg'])?> =htmlspecialchars($ikesa['dh-group'])?> |
');
} else {
print('');
}
?>
=ucfirst(htmlspecialchars($ikesa['state']))?>
=htmlspecialchars($ikesa['established']) . gettext(" seconds (" . convert_seconds_to_hms($ikesa['established']) . ") ago")?> |
=gettext("Connect VPN")?>
=gettext("Disconnect")?>
=gettext("Disconnect")?> |
||||||
0)) { ?> | ||||||||||||
=gettext("Awaiting connections")?> | =gettext("Disconnected")?> | =gettext("Connect VPN")?> |