(BSD 2 clause) * Copyright (c) 2007 Jonathan Watt (BSD 2 clause) * Copyright (c) 2007 Scott Dale (BSD 2 clause) * * Some or all of this file is based on the m0n0wall project which is * Copyright (c) 2004 Manuel Kasper (BSD 2 clause) * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgment: * "This product includes software developed by the pfSense Project * for use in the pfSense software distribution. (http://www.pfsense.org/). * * 4. The names "pfSense" and "pfSense Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * coreteam@pfsense.org. * * 5. Products derived from this software may not be called "pfSense" * nor may "pfSense" appear in their names without prior written * permission of the Electric Sheep Fencing, LLC. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * * "This product includes software developed by the pfSense Project * for use in the pfSense software distribution (http://www.pfsense.org/). * * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * * ==================================================================== * */ $nocsrf = true; require_once("guiconfig.inc"); require_once("functions.inc"); require_once("ipsec.inc"); // Compose the table contents and pass it back to the ajax caller if ($_REQUEST && $_REQUEST['ajax']) { if (isset($config['ipsec']['phase1'])) { $spd = ipsec_dump_spd(); $sad = ipsec_dump_sad(); $mobile = ipsec_dump_mobile(); $ipsec_status = ipsec_list_sa(); $activecounter = 0; $inactivecounter = 0; $ipsec_detail_array = array(); $ikenum = array(); if (isset($config['ipsec']['phase2'])) { foreach ($config['ipsec']['phase2'] as $ph2ent) { if (!ipsec_lookup_phase1($ph2ent,$ph1ent)) { continue; } if ($ph2ent['remoteid']['type'] == "mobile" || isset($ph1ent['mobile'])) { continue; } if (isset($ph1ent['disabled']) || isset($ph2ent['disabled'])) { continue; } if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == 'ikev1') { if (!isset($ikenum[$ph1ent['ikeid']])) { $ikenum[$ph1ent['ikeid']] = 0; } else { $ikenum[$ph1ent['ikeid']]++; } $ikeid = "con{$ph1ent['ikeid']}00" . $ikenum[$ph1ent['ikeid']]; } else { if (isset($ikenum[$ph1ent['ikeid']])) { continue; } $ikeid = "con{$ph1ent['ikeid']}"; $ikenum[$ph1ent['ikeid']] = true; } $found = false; foreach ($ipsec_status as $id => $ikesa) { if (isset($ikesa['child-sas'])) { foreach ($ikesa['child-sas'] as $childid => $childsa) { if ($ikeid == $childid) { $found = true; break; } } } else if ($ikeid == $id) { $found = true; } if ($found === true) { if ($ikesa['state'] == 'ESTABLISHED') { /* tunnel is up */ $iconfn = "true"; $activecounter++; } else { /* tunnel is down */ $iconfn = "false"; $inactivecounter++; } break; } } if ($found === false) { /* tunnel is down */ $iconfn = "false"; $inactivecounter++; } $ipsec_detail_array[] = array('src' => convert_friendly_interface_to_friendly_descr($ph1ent['interface']), 'dest' => $ph1ent['remote-gateway'], 'remote-subnet' => ipsec_idinfo_to_text($ph2ent['remoteid']), 'descr' => $ph2ent['descr'], 'status' => $iconfn); } } unset($ikenum); } // Only generate the data for the tab that is currently being viewed switch ($_REQUEST['tab']) { case "Overview" : print(" \n"); print( "" . $activecounter . "\n"); print( "" . $inactivecounter . "\n"); print( "" . (is_array($mobile['pool']) ? htmlspecialchars($mobile['pool'][0]['usage']) : '0') . "\n"); print( "\n"); break; case "tunnel" : foreach ($ipsec_detail_array as $ipsec) { print(" \n"); print( "" . htmlspecialchars($ipsec['src']) . "\n"); print( "" . $ipsec['remote-subnet'] . "
(" . htmlspecialchars($ipsec['dest']) . ")\n"); print( "" . htmlspecialchars($ipsec['descr']) . "\n"); if ($ipsec['status'] == "true") { print('' . "\n"); } else { print('' . "\n"); } print( "\n"); } break; case "mobile" : if (!is_array($mobile['pool'])) { break; } foreach ($mobile['pool'] as $pool) { if (!is_array($pool['lease'])) { continue; } foreach ($pool['lease'] as $muser) { print(" \n"); print( "" . htmlspecialchars($muser['id']) . "\n"); print( "" . htmlspecialchars($muser['host']) . "\n"); print( "" . htmlspecialchars($muser['status']) . "\n"); print(" \n"); } } break; } exit; } if (isset($config['ipsec']['phase1'])) { $tab_array = array(); $tab_array[] = array(gettext("Overview"), true, "ipsec-Overview"); $tab_array[] = array(gettext("Tunnels"), false, "ipsec-tunnel"); $tab_array[] = array(gettext("Mobile"), false, "ipsec-mobile"); display_widget_tabs($tab_array); } $mobile = ipsec_dump_mobile(); if (isset($config['ipsec']['phase2'])): ?>
