.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgment:
* "This product includes software developed by the pfSense Project
* for use in the pfSense® software distribution. (http://www.pfsense.org/).
*
* 4. The names "pfSense" and "pfSense Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* coreteam@pfsense.org.
*
* 5. Products derived from this software may not be called "pfSense"
* nor may "pfSense" appear in their names without prior written
* permission of the Electric Sheep Fencing, LLC.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
*
* "This product includes software developed by the pfSense Project
* for use in the pfSense software distribution (http://www.pfsense.org/).
*
* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
##|+PRIV
##|*IDENT=page-vpn-ipsec
##|*NAME=VPN: IPsec
##|*DESCR=Allow access to the 'VPN: IPsec' page.
##|*MATCH=vpn_ipsec.php*
##|-PRIV
require_once("guiconfig.inc");
require_once("functions.inc");
require_once("filter.inc");
require_once("shaper.inc");
require_once("ipsec.inc");
require_once("vpn.inc");
if (!is_array($config['ipsec']['phase1'])) {
$config['ipsec']['phase1'] = array();
}
if (!is_array($config['ipsec']['phase2'])) {
$config['ipsec']['phase2'] = array();
}
$a_phase1 = &$config['ipsec']['phase1'];
$a_phase2 = &$config['ipsec']['phase2'];
if ($_POST) {
if ($_POST['apply']) {
$retval = vpn_ipsec_configure();
/* reload the filter in the background */
filter_configure();
$savemsg = get_std_save_message($retval);
if ($retval >= 0) {
if (is_subsystem_dirty('ipsec')) {
clear_subsystem_dirty('ipsec');
}
}
} else if (isset($_POST['del'])) {
/* delete selected p1 entries */
if (is_array($_POST['p1entry']) && count($_POST['p1entry'])) {
foreach ($_POST['p1entry'] as $p1entrydel) {
unset($a_phase1[$p1entrydel]);
}
if (write_config()) {
mark_subsystem_dirty('ipsec');
}
}
} else if (isset($_POST['delp2'])) {
/* delete selected p2 entries */
if (is_array($_POST['p2entry']) && count($_POST['p2entry'])) {
foreach ($_POST['p2entry'] as $p2entrydel) {
unset($a_phase2[$p2entrydel]);
}
if (write_config()) {
mark_subsystem_dirty('ipsec');
}
}
} else {
/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
// TODO: this. is. nasty.
unset($delbtn, $delbtnp2, $movebtn, $movebtnp2, $togglebtn, $togglebtnp2);
foreach ($_POST as $pn => $pd) {
if (preg_match("/del_(\d+)/", $pn, $matches)) {
$delbtn = $matches[1];
} else if (preg_match("/delp2_(\d+)/", $pn, $matches)) {
$delbtnp2 = $matches[1];
} else if (preg_match("/move_(\d+)/", $pn, $matches)) {
$movebtn = $matches[1];
} else if (preg_match("/movep2_(\d+)/", $pn, $matches)) {
$movebtnp2 = $matches[1];
} else if (preg_match("/toggle_(\d+)/", $pn, $matches)) {
$togglebtn = $matches[1];
} else if (preg_match("/togglep2_(\d+)/", $pn, $matches)) {
$togglebtnp2 = $matches[1];
}
}
$save = 1;
/* move selected p1 entries before this */
if (isset($movebtn) && is_array($_POST['p1entry']) && count($_POST['p1entry'])) {
$a_phase1_new = array();
/* copy all p1 entries < $movebtn and not selected */
for ($i = 0; $i < $movebtn; $i++) {
if (!in_array($i, $_POST['p1entry'])) {
$a_phase1_new[] = $a_phase1[$i];
}
}
/* copy all selected p1 entries */
for ($i = 0; $i < count($a_phase1); $i++) {
if ($i == $movebtn) {
continue;
}
if (in_array($i, $_POST['p1entry'])) {
$a_phase1_new[] = $a_phase1[$i];
}
}
/* copy $movebtn p1 entry */
if ($movebtn < count($a_phase1)) {
$a_phase1_new[] = $a_phase1[$movebtn];
}
/* copy all p1 entries > $movebtn and not selected */
for ($i = $movebtn+1; $i < count($a_phase1); $i++) {
if (!in_array($i, $_POST['p1entry'])) {
$a_phase1_new[] = $a_phase1[$i];
}
}
if (count($a_phase1_new) > 0) {
$a_phase1 = $a_phase1_new;
}
} else if (isset($movebtnp2) && is_array($_POST['p2entry']) && count($_POST['p2entry'])) {
/* move selected p2 entries before this */
$a_phase2_new = array();
/* copy all p2 entries < $movebtnp2 and not selected */
for ($i = 0; $i < $movebtnp2; $i++) {
if (!in_array($i, $_POST['p2entry'])) {
$a_phase2_new[] = $a_phase2[$i];
}
}
/* copy all selected p2 entries */
for ($i = 0; $i < count($a_phase2); $i++) {
if ($i == $movebtnp2) {
continue;
}
if (in_array($i, $_POST['p2entry'])) {
$a_phase2_new[] = $a_phase2[$i];
}
}
/* copy $movebtnp2 p2 entry */
if ($movebtnp2 < count($a_phase2)) {
$a_phase2_new[] = $a_phase2[$movebtnp2];
}
/* copy all p2 entries > $movebtnp2 and not selected */
for ($i = $movebtnp2+1; $i < count($a_phase2); $i++) {
if (!in_array($i, $_POST['p2entry'])) {
$a_phase2_new[] = $a_phase2[$i];
}
}
if (count($a_phase2_new) > 0) {
$a_phase2 = $a_phase2_new;
}
} else if (isset($togglebtn)) {
if (isset($a_phase1[$togglebtn]['disabled'])) {
unset($a_phase1[$togglebtn]['disabled']);
} else {
$a_phase1[$togglebtn]['disabled'] = true;
}
} else if (isset($togglebtnp2)) {
if (isset($a_phase2[$togglebtnp2]['disabled'])) {
unset($a_phase2[$togglebtnp2]['disabled']);
} else {
$a_phase2[$togglebtnp2]['disabled'] = true;
}
} else if (isset($delbtn)) {
/* remove static route if interface is not WAN */
if ($a_phase1[$delbtn]['interface'] <> "wan") {
mwexec("/sbin/route delete -host {$a_phase1[$delbtn]['remote-gateway']}");
}
/* remove all phase2 entries that match the ikeid */
$ikeid = $a_phase1[$delbtn]['ikeid'];
foreach ($a_phase2 as $p2index => $ph2tmp) {
if ($ph2tmp['ikeid'] == $ikeid) {
unset($a_phase2[$p2index]);
}
}
unset($a_phase1[$delbtn]);
} else if (isset($delbtnp2)) {
unset($a_phase2[$delbtnp2]);
} else {
$save = 0;
}
if ($save === 1) {
if (write_config()) {
mark_subsystem_dirty('ipsec');
}
}
}
}
$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Tunnels"));
$shortcut_section = "ipsec";
include("head.inc");
$tab_array = array();
$tab_array[] = array(gettext("Tunnels"), true, "vpn_ipsec.php");
$tab_array[] = array(gettext("Mobile Clients"), false, "vpn_ipsec_mobile.php");
$tab_array[] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php");
$tab_array[] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
display_top_tabs($tab_array);
if ($savemsg) {
print_info_box($savemsg, 'success');
}
if (is_subsystem_dirty('ipsec')) {
print_apply_box(gettext("The IPsec tunnel configuration has been changed.") . " " . gettext("The changes must be applied for them to take effect."));
}
?>