diff --git a/src/www/vpn_ipsec.php b/src/www/vpn_ipsec.php index 501c26bbb..b92b36a79 100644 --- a/src/www/vpn_ipsec.php +++ b/src/www/vpn_ipsec.php @@ -26,7 +26,6 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require_once("guiconfig.inc"); require_once("filter.inc"); require_once("vpn.inc"); @@ -34,201 +33,198 @@ require_once("services.inc"); require_once("pfsense-utils.inc"); require_once("interfaces.inc"); -if (!is_array($config['ipsec'])) { +if (!isset($config['ipsec'])) { $config['ipsec'] = array(); } - -if (!is_array($config['ipsec']['phase1'])) { +if (!isset($config['ipsec']['phase1'])) { $config['ipsec']['phase1'] = array(); } - -if (!is_array($config['ipsec']['phase2'])) { +if (!isset($config['ipsec']['phase2'])) { $config['ipsec']['phase2'] = array(); } -$a_phase1 = &$config['ipsec']['phase1']; -$a_phase2 = &$config['ipsec']['phase2']; - -$pconfig['enable'] = isset($config['ipsec']['enable']); - -if ($_POST) { - if ($_POST['apply']) { - $retval = 0; - $retval = vpn_ipsec_configure(); - /* reload the filter in the background */ - filter_configure(); - $savemsg = get_std_save_message($retval); - if ($retval >= 0) { - if (is_subsystem_dirty('ipsec')) { - clear_subsystem_dirty('ipsec'); - } - } - } elseif ($_POST['submit']) { - $pconfig = $_POST; - - $config['ipsec']['enable'] = $_POST['enable'] ? true : false; - - write_config(); - - $retval = vpn_ipsec_configure(); - } elseif (isset($_POST['del_x'])) { - /* delete selected p1 entries */ - if (is_array($_POST['p1entry']) && count($_POST['p1entry'])) { - foreach ($_POST['p1entry'] as $p1entrydel) { - unset($a_phase1[$p1entrydel]); - } - if (write_config()) { - mark_subsystem_dirty('ipsec'); - } - } - } elseif (isset($_POST['delp2_x'])) { - /* delete selected p2 entries */ - if (is_array($_POST['p2entry']) && count($_POST['p2entry'])) { - foreach ($_POST['p2entry'] as $p2entrydel) { - unset($a_phase2[$p2entrydel]); - } - if (write_config()) { - mark_subsystem_dirty('ipsec'); - } - } - } else { - /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */ - unset($delbtn, $delbtnp2, $movebtn, $movebtnp2, $togglebtn, $togglebtnp2); - foreach ($_POST as $pn => $pd) { - if (preg_match("/del_(\d+)_x/", $pn, $matches)) { - $delbtn = $matches[1]; - } elseif (preg_match("/delp2_(\d+)_x/", $pn, $matches)) { - $delbtnp2 = $matches[1]; - } elseif (preg_match("/move_(\d+)_x/", $pn, $matches)) { - $movebtn = $matches[1]; - } elseif (preg_match("/movep2_(\d+)_x/", $pn, $matches)) { - $movebtnp2 = $matches[1]; - } elseif (preg_match("/toggle_(\d+)_x/", $pn, $matches)) { - $togglebtn = $matches[1]; - } elseif (preg_match("/togglep2_(\d+)_x/", $pn, $matches)) { - $togglebtnp2 = $matches[1]; - } - } - - $save = 1; - - /* move selected p1 entries before this */ - if (isset($movebtn) && is_array($_POST['p1entry']) && count($_POST['p1entry'])) { - $a_phase1_new = array(); - - /* copy all p1 entries < $movebtn and not selected */ - for ($i = 0; $i < $movebtn; $i++) { - if (!in_array($i, $_POST['p1entry'])) { - $a_phase1_new[] = $a_phase1[$i]; - } - } - - /* copy all selected p1 entries */ - for ($i = 0; $i < count($a_phase1); $i++) { - if ($i == $movebtn) { - continue; - } - if (in_array($i, $_POST['p1entry'])) { - $a_phase1_new[] = $a_phase1[$i]; - } - } - - /* copy $movebtn p1 entry */ - if ($movebtn < count($a_phase1)) { - $a_phase1_new[] = $a_phase1[$movebtn]; - } - - /* copy all p1 entries > $movebtn and not selected */ - for ($i = $movebtn+1; $i < count($a_phase1); $i++) { - if (!in_array($i, $_POST['p1entry'])) { - $a_phase1_new[] = $a_phase1[$i]; - } - } - if (count($a_phase1_new) > 0) { - $a_phase1 = $a_phase1_new; - } - - } elseif (isset($movebtnp2) && is_array($_POST['p2entry']) && count($_POST['p2entry'])) { - /* move selected p2 entries before this */ - $a_phase2_new = array(); - - /* copy all p2 entries < $movebtnp2 and not selected */ - for ($i = 0; $i < $movebtnp2; $i++) { - if (!in_array($i, $_POST['p2entry'])) { - $a_phase2_new[] = $a_phase2[$i]; - } - } - - /* copy all selected p2 entries */ - for ($i = 0; $i < count($a_phase2); $i++) { - if ($i == $movebtnp2) { - continue; - } - if (in_array($i, $_POST['p2entry'])) { - $a_phase2_new[] = $a_phase2[$i]; - } - } - - /* copy $movebtnp2 p2 entry */ - if ($movebtnp2 < count($a_phase2)) { - $a_phase2_new[] = $a_phase2[$movebtnp2]; - } - - /* copy all p2 entries > $movebtnp2 and not selected */ - for ($i = $movebtnp2+1; $i < count($a_phase2); $i++) { - if (!in_array($i, $_POST['p2entry'])) { - $a_phase2_new[] = $a_phase2[$i]; - } - } - if (count($a_phase2_new) > 0) { - $a_phase2 = $a_phase2_new; - } - - } elseif (isset($togglebtn)) { - if (isset($a_phase1[$togglebtn]['disabled'])) { - unset($a_phase1[$togglebtn]['disabled']); - } else { - $a_phase1[$togglebtn]['disabled'] = true; - } - - } elseif (isset($togglebtnp2)) { - if (isset($a_phase2[$togglebtnp2]['disabled'])) { - unset($a_phase2[$togglebtnp2]['disabled']); - } else { - $a_phase2[$togglebtnp2]['disabled'] = true; - } - - } elseif (isset($delbtn)) { - /* remove static route if interface is not WAN */ - if ($a_phase1[$delbtn]['interface'] <> "wan") { - mwexec("/sbin/route delete -host {$a_phase1[$delbtn]['remote-gateway']}"); - } - - /* remove all phase2 entries that match the ikeid */ - $ikeid = $a_phase1[$delbtn]['ikeid']; - foreach ($a_phase2 as $p2index => $ph2tmp) { - if ($ph2tmp['ikeid'] == $ikeid) { - unset($a_phase2[$p2index]); - } - } - - unset($a_phase1[$delbtn]); - - } elseif (isset($delbtnp2)) { - unset($a_phase2[$delbtnp2]); - - } else { - $save = 0; - } - - if ($save === 1) { - if (write_config()) { - mark_subsystem_dirty('ipsec'); - } +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + $a_phase1 = &$config['ipsec']['phase1']; + $a_phase2 = &$config['ipsec']['phase2']; + if (isset($_POST['apply'])) { + $retval = vpn_ipsec_configure(); + /* reload the filter in the background */ + filter_configure(); + $savemsg = get_std_save_message($retval); + if ($retval >= 0) { + if (is_subsystem_dirty('ipsec')) { + clear_subsystem_dirty('ipsec'); + } + } + } elseif (isset($_POST['submit'])) { + $config['ipsec']['enable'] = !empty($_POST['enable']) ? true : false; + write_config(); + vpn_ipsec_configure(); + } elseif (isset($_POST['del_x'])) { + /* delete selected p1 entries */ + if (isset($_POST['p1entry']) && count($_POST['p1entry'])) { + foreach ($_POST['p1entry'] as $p1entrydel) { + unset($config['ipsec']['phase1'][$p1entrydel]); + } + if (write_config()) { + mark_subsystem_dirty('ipsec'); + } + } + } elseif (isset($_POST['delp2_x'])) { + /* delete selected p2 entries */ + if (isset($_POST['p2entry']) && count($_POST['p2entry'])) { + foreach ($_POST['p2entry'] as $p2entrydel) { + unset($config['ipsec']['phase2'][$p2entrydel]); + } + if (write_config()) { + mark_subsystem_dirty('ipsec'); + } + } + } else { + // move, delete, toggle items by id. + // + /* yuck - IE won't send value attributes for image buttons, + while Mozilla does - so we use .x/.y to find move button clicks instead... */ + unset($delbtn, $delbtnp2, $movebtn, $movebtnp2, $togglebtn, $togglebtnp2); + foreach ($_POST as $pn => $pd) { + if (preg_match("/del_(\d+)_x/", $pn, $matches)) { + $delbtn = $matches[1]; + } elseif (preg_match("/delp2_(\d+)_x/", $pn, $matches)) { + $delbtnp2 = $matches[1]; + } elseif (preg_match("/move_(\d+)_x/", $pn, $matches)) { + $movebtn = $matches[1]; + } elseif (preg_match("/movep2_(\d+)_x/", $pn, $matches)) { + $movebtnp2 = $matches[1]; + } elseif (preg_match("/toggle_(\d+)_x/", $pn, $matches)) { + $togglebtn = $matches[1]; + } elseif (preg_match("/togglep2_(\d+)_x/", $pn, $matches)) { + $togglebtnp2 = $matches[1]; } } + $save = 1; + + /* move selected p1 entries before this */ + if (isset($movebtn) && isset($_POST['p1entry']) && count($_POST['p1entry'])) { + $a_phase1_new = array(); + + /* copy all p1 entries < $movebtn and not selected */ + for ($i = 0; $i < $movebtn; $i++) { + if (!in_array($i, $_POST['p1entry'])) { + $a_phase1_new[] = $a_phase1[$i]; + } + } + + /* copy all selected p1 entries */ + for ($i = 0; $i < count($a_phase1); $i++) { + if ($i == $movebtn) { + continue; + } + if (in_array($i, $_POST['p1entry'])) { + $a_phase1_new[] = $a_phase1[$i]; + } + } + + /* copy $movebtn p1 entry */ + if ($movebtn < count($a_phase1)) { + $a_phase1_new[] = $a_phase1[$movebtn]; + } + + /* copy all p1 entries > $movebtn and not selected */ + for ($i = $movebtn+1; $i < count($a_phase1); $i++) { + if (!in_array($i, $_POST['p1entry'])) { + $a_phase1_new[] = $a_phase1[$i]; + } + } + if (count($a_phase1_new) > 0) { + $a_phase1 = $a_phase1_new; + } + + } elseif (isset($movebtnp2) && isset($_POST['p2entry']) && count($_POST['p2entry'])) { + /* move selected p2 entries before this */ + $a_phase2_new = array(); + + /* copy all p2 entries < $movebtnp2 and not selected */ + for ($i = 0; $i < $movebtnp2; $i++) { + if (!in_array($i, $_POST['p2entry'])) { + $a_phase2_new[] = $a_phase2[$i]; + } + } + + /* copy all selected p2 entries */ + for ($i = 0; $i < count($a_phase2); $i++) { + if ($i == $movebtnp2) { + continue; + } + if (in_array($i, $_POST['p2entry'])) { + $a_phase2_new[] = $a_phase2[$i]; + } + } + + /* copy $movebtnp2 p2 entry */ + if ($movebtnp2 < count($a_phase2)) { + $a_phase2_new[] = $a_phase2[$movebtnp2]; + } + + /* copy all p2 entries > $movebtnp2 and not selected */ + for ($i = $movebtnp2+1; $i < count($a_phase2); $i++) { + if (!in_array($i, $_POST['p2entry'])) { + $a_phase2_new[] = $a_phase2[$i]; + } + } + if (count($a_phase2_new) > 0) { + $a_phase2 = $a_phase2_new; + } + + } elseif (isset($togglebtn)) { + if (isset($a_phase1[$togglebtn]['disabled'])) { + unset($a_phase1[$togglebtn]['disabled']); + } else { + $a_phase1[$togglebtn]['disabled'] = true; + } + + } elseif (isset($togglebtnp2)) { + if (isset($a_phase2[$togglebtnp2]['disabled'])) { + unset($a_phase2[$togglebtnp2]['disabled']); + } else { + $a_phase2[$togglebtnp2]['disabled'] = true; + } + + } elseif (isset($delbtn)) { + /* remove static route if interface is not WAN */ + if ($a_phase1[$delbtn]['interface'] <> "wan") { + mwexec("/sbin/route delete -host {$a_phase1[$delbtn]['remote-gateway']}"); + } + + /* remove all phase2 entries that match the ikeid */ + $ikeid = $a_phase1[$delbtn]['ikeid']; + foreach ($a_phase2 as $p2index => $ph2tmp) { + if ($ph2tmp['ikeid'] == $ikeid) { + unset($a_phase2[$p2index]); + } + } + + unset($a_phase1[$delbtn]); + + } elseif (isset($delbtnp2)) { + unset($a_phase2[$delbtnp2]); + + } else { + $save = 0; + } + + if ($save === 1) { + if (write_config()) { + mark_subsystem_dirty('ipsec'); + } + } + } } +// form data +$pconfig = $config['ipsec']; +$pconfig['enable'] = isset($config['ipsec']['enable']); +legacy_html_escape_form_data($pconfig); + $pgtitle = array(gettext("VPN"),gettext("IPsec")); $shortcut_section = "ipsec"; @@ -238,540 +234,8 @@ include("head.inc"); - - -
-
-
-
- " . gettext("You must apply the changes in order for them to take effect.")); - } - ?> - -
- - - -
- -
- - - - - - - - - - - - - -"; - $spane = ""; - $iconfn = "default"; - } -?> - - - - - - - - - - - - - - - - - - - - - - - - -
   -
- - - - - - - - - - $carpip) { - $iflabels[$cif] = $carpip." (".get_vip_descr($carpip).")"; - } - - $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) { - $iflabels[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; - } - - $grouplist = return_gateway_groups_array(); - foreach ($grouplist as $name => $group) { - if ($group[0]['vip'] <> "") { - $vipif = $group[0]['vip']; - } else { - $vipif = $group[0]['int']; - } - $iflabels[$name] = "GW Group {$name}"; - } - $if = htmlspecialchars($iflabels[$ph1ent['interface']]); -} else { - $if = "WAN"; -} - -if (!isset($ph1ent['mobile'])) { - echo $if."
".$ph1ent['remote-gateway']; -} else { - echo $if."
" . gettext("Mobile Client") . ""; -} -?> - - 		- - - - - - - - - - - - - - -   - - - - - - - - - - - -
- - - " class="btn btn-default btn-xs" alt="edit"> - - -
- - - - - " class="btn btn-default btn-xs" alt="add"> - - - -
-
   - - -
> - - - -
-
> - - - - - - - - - - - - - $ph2ent) : - if ($ph2ent['ikeid'] != $ph1ent['ikeid']) { - continue; - } - - $fr_c = $fr_prefix . "c" . $j; - $fr_d = $fr_prefix . "d" . $j; - - $iconfn = "success"; - $spans = $spane = ""; - if (isset($ph2ent['disabled'])) { - $spans = ""; - $spane = ""; - $iconfn = "default"; - } -?> - - - - - - - - "; -endif; -?> - - - - - - - - - - -
   
- - - " - type="image" style="height:11;width:11;border:0" value="" /> - - - - - - - - - - - - - -   - - - - - - $ph2ea) { - if ($k) { - echo ", "; - } - echo $p2_ealgos[$ph2ea['name']]['name']; - if ($ph2ea['keylen']) { - if ($ph2ea['keylen']=="auto") { - echo " (" . gettext("auto") . ")"; - } else { - echo " ({$ph2ea['keylen']} " . gettext("bits") . ")"; - } - } -} -?> - - - - $ph2ha) { - if ($k) { - echo ", "; - } - echo $p2_halgos[$ph2ha]; - } -} -?> - - - - " alt="edit" class="btn btn-default btn-xs"> - - - - " alt="add" class="btn btn-default btn-xs"> - - -
- - " alt="move" class="btn btn-default btn-xs glyphicon glyphicon-arrow-down hide"> - - - - " class="btn btn-default btn-xs"> - " alt="add" class="glyphicon glyphicon-plus"> - - - " alt="delete" class="btn btn-default btn-xs glyphicon glyphicon-remove hide"> - - - -
-
-
- - - - - - - - -
- - " alt="move" class="btn btn-default btn-xs glyphicon glyphicon-arrow-down hide"> - - - - - " alt="add" class="btn btn-default btn-xs"> - - -
- - " alt="delete" class="btn btn-default btn-xs glyphicon glyphicon-remove hide"> - - - -
-
-

- - - :
 - - .
- .
- . - -

-
-
- - - - - - -
- - - - - - -
- /> - - - - " /> -
-
-
-
-
-
-
+ +
+
+
+
+ " . gettext("You must apply the changes in order for them to take effect.")); + } + ?> +
+ + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
   +
+ + + + + + + $carpip) { + $iflabels[$cif] = $carpip." (".get_vip_descr($carpip).")"; + } + + $aliaslist = get_configured_ip_aliases_list(); + foreach ($aliaslist as $aliasip => $aliasif) { + $iflabels[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + } + + $grouplist = return_gateway_groups_array(); + foreach ($grouplist as $name => $group) { + if ($group[0]['vip'] <> "") { + $vipif = $group[0]['vip']; + } else { + $vipif = $group[0]['int']; + } + $iflabels[$name] = "GW Group {$name}"; + } + $if = $iflabels[$ph1ent['interface']]; + } else { + $if = "WAN"; + } +?> + + " . gettext("Mobile Client") . ""; + ?> + + + + + + +   + + + " class="btn btn-default btn-xs" alt="edit"> + +
+ + + " class="btn btn-default btn-xs" alt="add"> + + + +
+ +
+ - +
+ +
+ + " alt="add" class="btn btn-default btn-xs"> + + + +
+ :
 + .
+ .
+ . +
+ /> + +
+ " /> +
+
+
+
+
+
+
+