. * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ ##|+PRIV ##|*IDENT=page-vpn-ipsec ##|*NAME=VPN: IPsec ##|*DESCR=Allow access to the 'VPN: IPsec' page. ##|*MATCH=vpn_ipsec.php* ##|-PRIV require_once("guiconfig.inc"); require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); require_once("ipsec.inc"); require_once("vpn.inc"); if (!is_array($config['ipsec']['phase1'])) { $config['ipsec']['phase1'] = array(); } if (!is_array($config['ipsec']['phase2'])) { $config['ipsec']['phase2'] = array(); } $a_phase1 = &$config['ipsec']['phase1']; $a_phase2 = &$config['ipsec']['phase2']; if ($_POST['apply']) { $ipsec_dynamic_hosts = vpn_ipsec_configure(); /* reload the filter in the background */ $retval = 0; $retval |= filter_configure(); if ($ipsec_dynamic_hosts >= 0) { if (is_subsystem_dirty('ipsec')) { clear_subsystem_dirty('ipsec'); } } } else if (isset($_POST['del'])) { /* delete selected p1 entries */ if (is_array($_POST['p1entry']) && count($_POST['p1entry'])) { foreach ($_POST['p1entry'] as $p1entrydel) { unset($a_phase1[$p1entrydel]); } if (write_config(gettext("Deleted selected IPsec Phase 1 entries."))) { mark_subsystem_dirty('ipsec'); } } } else if (isset($_POST['delp2'])) { /* delete selected p2 entries */ if (is_array($_POST['p2entry']) && count($_POST['p2entry'])) { foreach ($_POST['p2entry'] as $p2entrydel) { unset($a_phase2[$p2entrydel]); } if (write_config(gettext("Deleted selected IPsec Phase 2 entries."))) { mark_subsystem_dirty('ipsec'); } } } else { /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */ // TODO: this. is. nasty. unset($delbtn, $delbtnp2, $movebtn, $movebtnp2, $togglebtn, $togglebtnp2); foreach ($_POST as $pn => $pd) { if (preg_match("/del_(\d+)/", $pn, $matches)) { $delbtn = $matches[1]; } else if (preg_match("/delp2_(\d+)/", $pn, $matches)) { $delbtnp2 = $matches[1]; } else if (preg_match("/move_(\d+)/", $pn, $matches)) { $movebtn = $matches[1]; } else if (preg_match("/movep2_(\d+)/", $pn, $matches)) { $movebtnp2 = $matches[1]; } else if (preg_match("/toggle_(\d+)/", $pn, $matches)) { $togglebtn = $matches[1]; } else if (preg_match("/togglep2_(\d+)/", $pn, $matches)) { $togglebtnp2 = $matches[1]; } } $save = 1; /* move selected p1 entries before this */ if (isset($movebtn) && is_array($_POST['p1entry']) && count($_POST['p1entry'])) { $a_phase1_new = array(); /* copy all p1 entries < $movebtn and not selected */ for ($i = 0; $i < $movebtn; $i++) { if (!in_array($i, $_POST['p1entry'])) { $a_phase1_new[] = $a_phase1[$i]; } } /* copy all selected p1 entries */ for ($i = 0; $i < count($a_phase1); $i++) { if ($i == $movebtn) { continue; } if (in_array($i, $_POST['p1entry'])) { $a_phase1_new[] = $a_phase1[$i]; } } /* copy $movebtn p1 entry */ if ($movebtn < count($a_phase1)) { $a_phase1_new[] = $a_phase1[$movebtn]; } /* copy all p1 entries > $movebtn and not selected */ for ($i = $movebtn+1; $i < count($a_phase1); $i++) { if (!in_array($i, $_POST['p1entry'])) { $a_phase1_new[] = $a_phase1[$i]; } } if (count($a_phase1_new) > 0) { $a_phase1 = $a_phase1_new; } } else if (isset($movebtnp2) && is_array($_POST['p2entry']) && count($_POST['p2entry'])) { /* move selected p2 entries before this */ $a_phase2_new = array(); /* copy all p2 entries < $movebtnp2 and not selected */ for ($i = 0; $i < $movebtnp2; $i++) { if (!in_array($i, $_POST['p2entry'])) { $a_phase2_new[] = $a_phase2[$i]; } } /* copy all selected p2 entries */ for ($i = 0; $i < count($a_phase2); $i++) { if ($i == $movebtnp2) { continue; } if (in_array($i, $_POST['p2entry'])) { $a_phase2_new[] = $a_phase2[$i]; } } /* copy $movebtnp2 p2 entry */ if ($movebtnp2 < count($a_phase2)) { $a_phase2_new[] = $a_phase2[$movebtnp2]; } /* copy all p2 entries > $movebtnp2 and not selected */ for ($i = $movebtnp2+1; $i < count($a_phase2); $i++) { if (!in_array($i, $_POST['p2entry'])) { $a_phase2_new[] = $a_phase2[$i]; } } if (count($a_phase2_new) > 0) { $a_phase2 = $a_phase2_new; } } else if (isset($togglebtn)) { if (isset($a_phase1[$togglebtn]['disabled'])) { unset($a_phase1[$togglebtn]['disabled']); } else { $a_phase1[$togglebtn]['disabled'] = true; } } else if (isset($togglebtnp2)) { if (isset($a_phase2[$togglebtnp2]['disabled'])) { unset($a_phase2[$togglebtnp2]['disabled']); } else { $a_phase2[$togglebtnp2]['disabled'] = true; } } else if (isset($delbtn)) { /* remove static route if interface is not WAN */ if ($a_phase1[$delbtn]['interface'] <> "wan") { mwexec("/sbin/route delete -host {$a_phase1[$delbtn]['remote-gateway']}"); } /* remove all phase2 entries that match the ikeid */ $ikeid = $a_phase1[$delbtn]['ikeid']; foreach ($a_phase2 as $p2index => $ph2tmp) { if ($ph2tmp['ikeid'] == $ikeid) { unset($a_phase2[$p2index]); } } unset($a_phase1[$delbtn]); } else if (isset($delbtnp2)) { unset($a_phase2[$delbtnp2]); } else { $save = 0; } if ($save === 1) { if (write_config(gettext("Saved configuration changes for IPsec tunnels."))) { mark_subsystem_dirty('ipsec'); } } } $pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Tunnels")); $pglinks = array("", "@self", "@self"); $shortcut_section = "ipsec"; include("head.inc"); $tab_array = array(); $tab_array[] = array(gettext("Tunnels"), true, "vpn_ipsec.php"); $tab_array[] = array(gettext("Mobile Clients"), false, "vpn_ipsec_mobile.php"); $tab_array[] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php"); $tab_array[] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php"); display_top_tabs($tab_array); if ($_POST['apply']) { print_apply_result_box($retval); } if (is_subsystem_dirty('ipsec')) { print_apply_box(gettext("The IPsec tunnel configuration has been changed.") . "
" . gettext("The changes must be applied for them to take effect.")); } ?>

$address) { $iflabels[$vip] = $address; if (get_vip_descr($address)) { $iflabels[$vip] .= " (". get_vip_descr($address) .")"; } } $grouplist = return_gateway_groups_array(); foreach ($grouplist as $name => $group) { if ($group[0]['vip'] != "") { $vipif = $group[0]['vip']; } else { $vipif = $group[0]['int']; } $iflabels[$name] = "GW Group {$name}"; } $i = 0; foreach ($a_phase1 as $ph1ent): $iconfn = "pass"; $entryStatus = (isset($ph1ent['disabled']) ? 'disabled' : 'enabled'); if ($entryStatus == 'disabled') { $iconfn .= "_d"; } ?>
   
"> ".$ph1ent['remote-gateway']; } else { echo $if."
" . gettext("Mobile Client") . ""; } ?> 		"> ">
>
> $ph2ent): ?>
   
$ph2ea) { if ($k) { echo ", "; } echo $p2_ealgos[$ph2ea['name']]['name']; if ($ph2ea['keylen']) { if ($ph2ea['keylen'] == "auto") { echo " (" . gettext("auto") . ")"; } else { echo " ({$ph2ea['keylen']} " . gettext("bits") . ")"; } } } ?> $ph2ha) { if ($k) { echo ", "; } echo $p2_halgos[$ph2ha]; } } ?> "> ">
">
', gettext("Status:IPsec"), '') . '
' . sprintf(gettext('IPsec debug mode can be enabled at %1$s%2$s%3$s.'), '', gettext("VPN:IPsec:Advanced Settings"), '') . '
' . sprintf(gettext('IPsec can be set to prefer older SAs at %1$s%2$s%3$s.'), '', gettext("VPN:IPsec:Advanced Settings"), ''), 'info', false); ?>