From b79545f73a63d90f71b5969ef3082a22572962cc Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 10 Jul 2015 14:52:05 +0000
Subject: [PATCH] (legacy) cleanups and movements related to ipsec.inc

---
 src/etc/inc/ipsec.inc        | 106 -----------------------------------
 src/www/diag_ipsec.php       |  36 ++++++++++++
 src/www/vpn_ipsec_phase1.php |  64 +++++++++++++++++++++
 src/www/vpn_ipsec_phase2.php |   5 ++
 4 files changed, 105 insertions(+), 106 deletions(-)

diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc
index 397034583..a0ff3b15b 100644
--- a/src/etc/inc/ipsec.inc
+++ b/src/etc/inc/ipsec.inc
@@ -36,23 +36,6 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE
 	"imc" => "Integrity checker", "imv" => "Integrity Verifier", "pts" => "Platform Trust Service",
 	"tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSWAN Lib");
 
-$my_identifier_list = array(
-	'myaddress' => array( 'desc' => gettext('My IP address'), 'mobile' => true ),
-	'address' => array( 'desc' => gettext('IP address'), 'mobile' => true ),
-	'fqdn' => array( 'desc' => gettext('Distinguished name'), 'mobile' => true ),
-	'user_fqdn' => array( 'desc' => gettext('User distinguished name'), 'mobile' => true ),
-	'asn1dn' => array( 'desc' => gettext('ASN.1 distinguished Name'), 'mobile' => true ),
-	'keyid tag' => array( 'desc' => gettext('KeyID tag'), 'mobile' => true ),
-	'dyn_dns' => array( 'desc' => gettext('Dynamic DNS'), 'mobile' => true ));
-
-$peer_identifier_list = array(
-	'peeraddress' => array( 'desc' => gettext('Peer IP address'), 'mobile' => false ),
-	'address' => array( 'desc' => gettext('IP address'), 'mobile' => false ),
-	'fqdn' => array( 'desc' => gettext('Distinguished name'), 'mobile' => true ),
-	'user_fqdn' => array( 'desc' => gettext('User distinguished name'), 'mobile' => true ),
-	'asn1dn' => array( 'desc' => gettext('ASN.1 distinguished Name'), 'mobile' => true ),
-	'keyid tag' => array( 'desc' =>gettext('KeyID tag'), 'mobile' => true ));
-
 $p1_ealgos = array(
 	'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
 	'aes128gcm' => array( 'name' => 'AES128-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
@@ -82,20 +65,6 @@ $p1_halgos = array(
 	'aesxcbc' => 'AES-XCBC'
 );
 
-$p1_dhgroups = array(
-	1  => '1 (768 bit)',
-	2  => '2 (1024 bit)',
-	5  => '5 (1536 bit)',
-	14 => '14 (2048 bit)',
-	15 => '15 (3072 bit)',
-	16 => '16 (4096 bit)',
-	17 => '17 (6144 bit)',
-	18 => '18 (8192 bit)',
-	22 => '22 (1024(sub 160) bit)',
-	23 => '23 (2048(sub 224) bit)',
-	24 => '24 (2048(sub 256) bit)'
-);
-
 $p2_halgos = array(
 	'hmac_md5' => 'MD5',
 	'hmac_sha1' => 'SHA1',
@@ -105,18 +74,6 @@ $p2_halgos = array(
 	'aesxcbc' => 'AES-XCBC'
 );
 
-$p1_authentication_methods = array(
-	'hybrid_rsa_server' => array( 'name' => 'Hybrid RSA + Xauth', 'mobile' => true ),
-	'xauth_rsa_server' => array( 'name' => 'Mutual RSA + Xauth', 'mobile' => true ),
-	'xauth_psk_server' => array( 'name' => 'Mutual PSK + Xauth', 'mobile' => true ),
-	'eap-tls' => array( 'name' => 'EAP-TLS', 'mobile' => true),
-	'rsasig' => array( 'name' => 'Mutual RSA', 'mobile' => false ),
-	'pre_shared_key' => array( 'name' => 'Mutual PSK', 'mobile' => false ) );
-
-$p2_modes = array(
-	'tunnel' => 'Tunnel IPv4',
-	'tunnel6' => 'Tunnel IPv6',
-	'transport' => 'Transport');
 
 $p2_protos = array(
 	'esp' => 'ESP',
@@ -134,29 +91,6 @@ $p2_pfskeygroups = array(
 	18 => '18 (8192 bit)'
 );
 
-/*
- * ikeid management functions
- */
-
-function ipsec_ikeid_used($ikeid) {
-	global $config;
-
-	foreach ($config['ipsec']['phase1'] as $ph1ent)
-		if( $ikeid == $ph1ent['ikeid'] )
-			return true;
-
-	return false;
-}
-
-function ipsec_ikeid_next() {
-
-	$ikeid = 1;
-	while(ipsec_ikeid_used($ikeid))
-		$ikeid++;
-
-	return $ikeid;
-}
-
 /*
  * Return phase1 local address
  */
@@ -505,32 +439,6 @@ function ipsec_get_number_of_phase2($ikeid) {
 	return $nbph2;
 }
 
-function ipsec_get_descr($ikeid) {
-	global $config;
-
-	if (!isset($config['ipsec']['phase1']) ||
-	    !is_array($config['ipsec']['phase1']))
-		return "";
-
-	$descr = '';
-	$a_phase1 = $config['ipsec']['phase1'];
-	foreach ($a_phase1 as $p1) {
-		if ($p1['ikeid'] == $ikeid) {
-			$descr = $p1['descr'];
-			break;
-		}
-	}
-	unset($a_phase1);
-
-	return $descr;
-}
-
-function ipsec_fixup_ip($ipaddr) {
-	if (is_ipaddrv6($ipaddr) || is_subnetv6($ipaddr))
-		return Net_IPv6::compress(Net_IPv6::uncompress($ipaddr));
-	else
-		return $ipaddr;
-}
 
 function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
 	if ($side == "local") {
@@ -586,19 +494,5 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
 	return array($thisid_type, $thisid_data);
 }
 
-function ipsec_fixup_network($network) {
-	if (substr($network, -3) == '|/0')
-		$result = substr($network, 0, -3);
-	else {
-		$tmp = explode('|', $network);
-		if (isset($tmp[1]))
-			$result = $tmp[1];
-		else
-			$result = $tmp[0];
-		unset($tmp);
-	}
-
-	return $result;
-}
 
 ?>
diff --git a/src/www/diag_ipsec.php b/src/www/diag_ipsec.php
index 4b39a25da..fdb0f3f6a 100644
--- a/src/www/diag_ipsec.php
+++ b/src/www/diag_ipsec.php
@@ -38,6 +38,42 @@ require_once("guiconfig.inc");
 include("head.inc");
 require_once("ipsec.inc");
 
+function ipsec_get_descr($ikeid) {
+	global $config;
+
+	if (!isset($config['ipsec']['phase1']) ||
+	    !is_array($config['ipsec']['phase1']))
+		return "";
+
+	$descr = '';
+	$a_phase1 = $config['ipsec']['phase1'];
+	foreach ($a_phase1 as $p1) {
+		if ($p1['ikeid'] == $ikeid) {
+			$descr = $p1['descr'];
+			break;
+		}
+	}
+	unset($a_phase1);
+
+	return $descr;
+}
+
+function ipsec_fixup_network($network) {
+	if (substr($network, -3) == '|/0')
+		$result = substr($network, 0, -3);
+	else {
+		$tmp = explode('|', $network);
+		if (isset($tmp[1]))
+			$result = $tmp[1];
+		else
+			$result = $tmp[0];
+		unset($tmp);
+	}
+
+	return $result;
+}
+
+
 if ($_GET['act'] == 'connect') {
 	if (ctype_digit($_GET['ikeid'])) {
 		mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
diff --git a/src/www/vpn_ipsec_phase1.php b/src/www/vpn_ipsec_phase1.php
index c01ac6fe3..740c5a3cf 100644
--- a/src/www/vpn_ipsec_phase1.php
+++ b/src/www/vpn_ipsec_phase1.php
@@ -34,6 +34,70 @@ require_once("guiconfig.inc");
 require_once("ipsec.inc");
 require_once("vpn.inc");
 
+$my_identifier_list = array(
+	'myaddress' => array( 'desc' => gettext('My IP address'), 'mobile' => true ),
+	'address' => array( 'desc' => gettext('IP address'), 'mobile' => true ),
+	'fqdn' => array( 'desc' => gettext('Distinguished name'), 'mobile' => true ),
+	'user_fqdn' => array( 'desc' => gettext('User distinguished name'), 'mobile' => true ),
+	'asn1dn' => array( 'desc' => gettext('ASN.1 distinguished Name'), 'mobile' => true ),
+	'keyid tag' => array( 'desc' => gettext('KeyID tag'), 'mobile' => true ),
+	'dyn_dns' => array( 'desc' => gettext('Dynamic DNS'), 'mobile' => true ));
+
+$peer_identifier_list = array(
+	'peeraddress' => array( 'desc' => gettext('Peer IP address'), 'mobile' => false ),
+	'address' => array( 'desc' => gettext('IP address'), 'mobile' => false ),
+	'fqdn' => array( 'desc' => gettext('Distinguished name'), 'mobile' => true ),
+	'user_fqdn' => array( 'desc' => gettext('User distinguished name'), 'mobile' => true ),
+	'asn1dn' => array( 'desc' => gettext('ASN.1 distinguished Name'), 'mobile' => true ),
+	'keyid tag' => array( 'desc' =>gettext('KeyID tag'), 'mobile' => true ));
+
+$p1_dhgroups = array(
+	1  => '1 (768 bit)',
+	2  => '2 (1024 bit)',
+	5  => '5 (1536 bit)',
+	14 => '14 (2048 bit)',
+	15 => '15 (3072 bit)',
+	16 => '16 (4096 bit)',
+	17 => '17 (6144 bit)',
+	18 => '18 (8192 bit)',
+	22 => '22 (1024(sub 160) bit)',
+	23 => '23 (2048(sub 224) bit)',
+	24 => '24 (2048(sub 256) bit)'
+);
+
+$p1_authentication_methods = array(
+	'hybrid_rsa_server' => array( 'name' => 'Hybrid RSA + Xauth', 'mobile' => true ),
+	'xauth_rsa_server' => array( 'name' => 'Mutual RSA + Xauth', 'mobile' => true ),
+	'xauth_psk_server' => array( 'name' => 'Mutual PSK + Xauth', 'mobile' => true ),
+	'eap-tls' => array( 'name' => 'EAP-TLS', 'mobile' => true),
+	'rsasig' => array( 'name' => 'Mutual RSA', 'mobile' => false ),
+	'pre_shared_key' => array( 'name' => 'Mutual PSK', 'mobile' => false ) );
+
+/*
+ * ikeid management functions
+ */
+
+function ipsec_ikeid_used($ikeid) {
+	global $config;
+
+	foreach ($config['ipsec']['phase1'] as $ph1ent)
+		if( $ikeid == $ph1ent['ikeid'] )
+			return true;
+
+	return false;
+}
+
+function ipsec_ikeid_next() {
+
+	$ikeid = 1;
+	while(ipsec_ikeid_used($ikeid))
+		$ikeid++;
+
+	return $ikeid;
+}
+
+
+
 if (!is_array($config['ipsec'])) {
         $config['ipsec'] = array();
 }
diff --git a/src/www/vpn_ipsec_phase2.php b/src/www/vpn_ipsec_phase2.php
index 6396c1c49..d7bf22ee3 100644
--- a/src/www/vpn_ipsec_phase2.php
+++ b/src/www/vpn_ipsec_phase2.php
@@ -32,6 +32,11 @@ require_once("guiconfig.inc");
 require_once("ipsec.inc");
 require_once("vpn.inc");
 
+$p2_modes = array(
+	'tunnel' => 'Tunnel IPv4',
+	'tunnel6' => 'Tunnel IPv6',
+	'transport' => 'Transport');
+
 if (!is_array($config['ipsec'])) {
         $config['ipsec'] = array();
 }