* * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgment: * "This product includes software developed by the pfSense Project * for use in the pfSense software distribution. (http://www.pfsense.org/). * * 4. The names "pfSense" and "pfSense Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * coreteam@pfsense.org. * * 5. Products derived from this software may not be called "pfSense" * nor may "pfSense" appear in their names without prior written * permission of the Electric Sheep Fencing, LLC. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * * "This product includes software developed by the pfSense Project * for use in the pfSense software distribution (http://www.pfsense.org/). * * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * * ==================================================================== * */ ##|+PRIV ##|*IDENT=page-vpn-ipsec ##|*NAME=VPN: IPsec page ##|*DESCR=Allow access to the 'VPN: IPsec' page. ##|*MATCH=vpn_ipsec.php* ##|-PRIV require("guiconfig.inc"); require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); require_once("ipsec.inc"); require_once("vpn.inc"); if (!is_array($config['ipsec']['phase1'])) { $config['ipsec']['phase1'] = array(); } if (!is_array($config['ipsec']['phase2'])) { $config['ipsec']['phase2'] = array(); } $a_phase1 = &$config['ipsec']['phase1']; $a_phase2 = &$config['ipsec']['phase2']; $pconfig['enable'] = isset($config['ipsec']['enable']); if ($_POST) { if ($_POST['apply']) { $retval = 0; $retval = vpn_ipsec_configure(); /* reload the filter in the background */ filter_configure(); $savemsg = get_std_save_message($retval); if ($retval >= 0) { if (is_subsystem_dirty('ipsec')) { clear_subsystem_dirty('ipsec'); } } } else if ($_POST['submit'] == 'Save') { $pconfig = $_POST; $config['ipsec']['enable'] = $_POST['enable'] ? true : false; write_config(); $retval = vpn_ipsec_configure(); } else if (isset($_POST['del'])) { /* delete selected p1 entries */ if (is_array($_POST['p1entry']) && count($_POST['p1entry'])) { foreach ($_POST['p1entry'] as $p1entrydel) { unset($a_phase1[$p1entrydel]); } if (write_config()) { mark_subsystem_dirty('ipsec'); } } } else if (isset($_POST['delp2'])) { /* delete selected p2 entries */ if (is_array($_POST['p2entry']) && count($_POST['p2entry'])) { foreach ($_POST['p2entry'] as $p2entrydel) { unset($a_phase2[$p2entrydel]); } if (write_config()) { mark_subsystem_dirty('ipsec'); } } } else { /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */ // TODO: this. is. nasty. unset($delbtn, $delbtnp2, $movebtn, $movebtnp2, $togglebtn, $togglebtnp2); foreach ($_POST as $pn => $pd) { if (preg_match("/del_(\d+)/", $pn, $matches)) { $delbtn = $matches[1]; } else if (preg_match("/delp2_(\d+)/", $pn, $matches)) { $delbtnp2 = $matches[1]; } else if (preg_match("/move_(\d+)/", $pn, $matches)) { $movebtn = $matches[1]; } else if (preg_match("/movep2_(\d+)/", $pn, $matches)) { $movebtnp2 = $matches[1]; } else if (preg_match("/toggle_(\d+)/", $pn, $matches)) { $togglebtn = $matches[1]; } else if (preg_match("/togglep2_(\d+)/", $pn, $matches)) { $togglebtnp2 = $matches[1]; } } $save = 1; /* move selected p1 entries before this */ if (isset($movebtn) && is_array($_POST['p1entry']) && count($_POST['p1entry'])) { $a_phase1_new = array(); /* copy all p1 entries < $movebtn and not selected */ for ($i = 0; $i < $movebtn; $i++) { if (!in_array($i, $_POST['p1entry'])) { $a_phase1_new[] = $a_phase1[$i]; } } /* copy all selected p1 entries */ for ($i = 0; $i < count($a_phase1); $i++) { if ($i == $movebtn) { continue; } if (in_array($i, $_POST['p1entry'])) { $a_phase1_new[] = $a_phase1[$i]; } } /* copy $movebtn p1 entry */ if ($movebtn < count($a_phase1)) { $a_phase1_new[] = $a_phase1[$movebtn]; } /* copy all p1 entries > $movebtn and not selected */ for ($i = $movebtn+1; $i < count($a_phase1); $i++) { if (!in_array($i, $_POST['p1entry'])) { $a_phase1_new[] = $a_phase1[$i]; } } if (count($a_phase1_new) > 0) { $a_phase1 = $a_phase1_new; } } else if (isset($movebtnp2) && is_array($_POST['p2entry']) && count($_POST['p2entry'])) { /* move selected p2 entries before this */ $a_phase2_new = array(); /* copy all p2 entries < $movebtnp2 and not selected */ for ($i = 0; $i < $movebtnp2; $i++) { if (!in_array($i, $_POST['p2entry'])) { $a_phase2_new[] = $a_phase2[$i]; } } /* copy all selected p2 entries */ for ($i = 0; $i < count($a_phase2); $i++) { if ($i == $movebtnp2) { continue; } if (in_array($i, $_POST['p2entry'])) { $a_phase2_new[] = $a_phase2[$i]; } } /* copy $movebtnp2 p2 entry */ if ($movebtnp2 < count($a_phase2)) { $a_phase2_new[] = $a_phase2[$movebtnp2]; } /* copy all p2 entries > $movebtnp2 and not selected */ for ($i = $movebtnp2+1; $i < count($a_phase2); $i++) { if (!in_array($i, $_POST['p2entry'])) { $a_phase2_new[] = $a_phase2[$i]; } } if (count($a_phase2_new) > 0) { $a_phase2 = $a_phase2_new; } } else if (isset($togglebtn)) { if (isset($a_phase1[$togglebtn]['disabled'])) { unset($a_phase1[$togglebtn]['disabled']); } else { $a_phase1[$togglebtn]['disabled'] = true; } } else if (isset($togglebtnp2)) { if (isset($a_phase2[$togglebtnp2]['disabled'])) { unset($a_phase2[$togglebtnp2]['disabled']); } else { $a_phase2[$togglebtnp2]['disabled'] = true; } } else if (isset($delbtn)) { /* remove static route if interface is not WAN */ if ($a_phase1[$delbtn]['interface'] <> "wan") { mwexec("/sbin/route delete -host {$a_phase1[$delbtn]['remote-gateway']}"); } /* remove all phase2 entries that match the ikeid */ $ikeid = $a_phase1[$delbtn]['ikeid']; foreach ($a_phase2 as $p2index => $ph2tmp) { if ($ph2tmp['ikeid'] == $ikeid) { unset($a_phase2[$p2index]); } } unset($a_phase1[$delbtn]); } else if (isset($delbtnp2)) { unset($a_phase2[$delbtnp2]); } else { $save = 0; } if ($save === 1) { if (write_config()) { mark_subsystem_dirty('ipsec'); } } } } $pgtitle = array(gettext("VPN"), gettext("IPsec")); $shortcut_section = "ipsec"; include("head.inc"); $tab_array = array(); $tab_array[] = array(gettext("Tunnels"), true, "vpn_ipsec.php"); $tab_array[] = array(gettext("Mobile clients"), false, "vpn_ipsec_mobile.php"); $tab_array[] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php"); $tab_array[] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php"); display_top_tabs($tab_array); ?> " . gettext("You must apply the changes in order for them to take effect.")); } ?>
/>  

" />

   
$carpip) $iflabels[$cif] = $carpip." (".get_vip_descr($carpip).")"; $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif) $iflabels[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; $grouplist = return_gateway_groups_array(); foreach ($grouplist as $name => $group) { if($group[0]['vip'] != "") $vipif = $group[0]['vip']; else $vipif = $group[0]['int']; $iflabels[$name] = "GW Group {$name}"; } $if = htmlspecialchars($iflabels[$ph1ent['interface']]); } else $if = "WAN"; if (!isset($ph1ent['mobile'])) echo $if."
".$ph1ent['remote-gateway']; else echo $if."
" . gettext("Mobile Client") . ""; ?>
"> "> ">
> -
> $ph2ent): ?>
   
$ph2ea) { if ($k) echo ", "; echo $p2_ealgos[$ph2ea['name']]['name']; if ($ph2ea['keylen']) { if ($ph2ea['keylen']=="auto") echo " (" . gettext("auto") . ")"; else echo " ({$ph2ea['keylen']} " . gettext("bits") . ")"; } } ?> $ph2ha) { if ($k) echo ", "; echo $p2_halgos[$ph2ha]; } } ?> "> ">
" alt="move"> " alt="move"> "> " alt="delete"> " onclick="return confirm('')">

.
.
.