From c29aa1e3c19370e8009c34705b933ae23ba2898a Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 25 Oct 2021 19:27:33 +0200
Subject: [PATCH] VPN / IPSec / Tunnel settings - work in progress for
 https://github.com/opnsense/core/issues/5279

o add boilerplate for phase2 search action
o change disable to enable status and hook standard toggle widget
o uniform formatters
---
 .../OPNsense/IPsec/Api/TunnelController.php   | 103 +++++++++++++-----
 .../mvc/app/views/OPNsense/IPsec/tunnels.volt |  51 ++++++---
 2 files changed, 112 insertions(+), 42 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/TunnelController.php b/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/TunnelController.php
index dd11a22ab..18442d9b3 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/TunnelController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/TunnelController.php
@@ -86,6 +86,31 @@ class TunnelController extends ApiControllerBase
      */
     public function searchPhase1Action()
     {
+        $ph1type = ['ikev1' => 'IKE', 'ikev2' => 'IKEv2', 'ike' => 'auto'];
+        $ph1algos = [
+              'aes' => 'AES',
+              'aes128gcm16' => '128 bit AES-GCM with 128 bit ICV',
+              'aes192gcm16' => '192 bit AES-GCM with 128 bit ICV',
+              'aes256gcm16' => '256 bit AES-GCM with 128 bit ICV',
+              'camellia' => 'Camellia',
+              'blowfish' => 'Blowfish',
+              '3des' => '3DES',
+              'cast128' => 'CAST128',
+              'des' => 'DES'
+        ];
+        $ph1authmethos = [
+            'hybrid_rsa_server' => 'Hybrid RSA + Xauth',
+            'xauth_rsa_server' => 'Mutual RSA + Xauth',
+            'xauth_psk_server' => 'Mutual PSK + Xauth',
+            'eap-tls' => 'EAP-TLS',
+            'psk_eap-tls' => 'RSA (local) + EAP-TLS (remote)',
+            'eap-mschapv2' => 'EAP-MSCHAPV2',
+            'rsa_eap-mschapv2' => 'Mutual RSA + EAP-MSCHAPV2',
+            'eap-radius' => 'EAP-RADIUS',
+            'rsasig' => 'Mutual RSA',
+            'pubkey' => 'Mutual Public Key',
+            'pre_shared_key' => 'Mutual PSK'
+        ];
         $items = [];
         $this->sessionClose();
         $config = Config::getInstance()->object();
@@ -109,31 +134,6 @@ class TunnelController extends ApiControllerBase
             }
             foreach ($config->ipsec->phase1 as $p1) {
                 $interface = (string)$p1->interface;
-                $ph1type = ['ikev1' => 'IKE', 'ikev2' => 'IKEv2', 'ike' => 'auto'];
-                $ph1algos = [
-                      'aes' => 'AES',
-                      'aes128gcm16' => '128 bit AES-GCM with 128 bit ICV',
-                      'aes192gcm16' => '192 bit AES-GCM with 128 bit ICV',
-                      'aes256gcm16' => '256 bit AES-GCM with 128 bit ICV',
-                      'camellia' => 'Camellia',
-                      'blowfish' => 'Blowfish',
-                      '3des' => '3DES',
-                      'cast128' => 'CAST128',
-                      'des' => 'DES'
-                ];
-                $ph1authmethos = [
-                    'hybrid_rsa_server' => 'Hybrid RSA + Xauth',
-                    'xauth_rsa_server' => 'Mutual RSA + Xauth',
-                    'xauth_psk_server' => 'Mutual PSK + Xauth',
-                    'eap-tls' => 'EAP-TLS',
-                    'psk_eap-tls' => 'RSA (local) + EAP-TLS (remote)',
-                    'eap-mschapv2' => 'EAP-MSCHAPV2',
-                    'rsa_eap-mschapv2' => 'Mutual RSA + EAP-MSCHAPV2',
-                    'eap-radius' => 'EAP-RADIUS',
-                    'rsasig' => 'Mutual RSA',
-                    'pubkey' => 'Mutual Public Key',
-                    'pre_shared_key' => 'Mutual PSK'
-                ];
                 $ph1proposal = $ph1algos[(string)$p1->{"encryption-algorithm"}->name];
                 if ((string)$p1->{"encryption-algorithm"}->keylen == 'auto') {
                     $ph1proposal .= " {$p1->{"encryption-algorithm"}->keylen} (auto)";
@@ -146,7 +146,7 @@ class TunnelController extends ApiControllerBase
                 }
                 $item = [
                     "id" => $idx,
-                    "disabled" => !empty((string)$p1->disabled),
+                    "enabled" => empty((string)$p1->disabled) ? "1" : "0",
                     "protocol" => $p1->protocol == "inet" ? "IPv4" : "IPv6",
                     "iketype" => $ph1type[(string)$p1->iketype],
                     "interface" => !empty($ifs[$interface]) ? $ifs[$interface] : $interface,
@@ -164,4 +164,55 @@ class TunnelController extends ApiControllerBase
         }
         return $this->search($items);
     }
+
+    /***
+     * search phase 2 entries in legacy config returning a standard structure as we use in the mvc variant
+     */
+    public function searchPhase2Action()
+    {
+        $items = [];
+        $this->sessionClose();
+        $config = Config::getInstance()->object();
+        if (!empty($config->ipsec->phase2)) {
+            $idx = 0;
+            $ifs = [];
+            if ($config->interfaces->count() > 0) {
+                foreach ($config->interfaces->children() as $key => $node) {
+                    $ifs[(string)$node->if] = !empty((string)$node->descr) ? (string)$node->descr : $key;
+                }
+            }
+            foreach ($config->ipsec->phase2 as $p2) {
+                $p2mode = array_search(
+                    (string)$p2->mode, [
+                      "IPv4 tunnel" => "tunnel",
+                      "IPv6 tunnel" => "tunnel6",
+                      "transport" => "transport",
+                      "Route-based" => "route-based"
+                    ]
+                );
+                if (in_array((string)$p2->mode, ['tunnel', 'tunnel6'])) {
+                    $local_subnet = (string)$p2->localid;
+                    $remote_subnet = (string)$p2->remoteid;
+                } elseif ((string)$p2->mode == "route-based") {
+                    $local_subnet = (string)$p2->tunnel_local;
+                    $remote_subnet = (string)$p2->tunnel_remote;
+                } else {
+                    $local_subnet = "";
+                    $remote_subnet = "";
+                }
+                $item = [
+                    "id" => $idx,
+                    "enabled" => empty((string)$p2->disabled) ? "1" : "0",
+                    "protocol" => $p2->protocol == "esp" ? "ESP" : "AH",
+                    "mode" => $p2mode,
+                    "local_subnet" => $local_subnet,
+                    "remote_subnet" => $remote_subnet,
+                    "description" => (string)$p2->descr
+                ];
+                $items[] = $item;
+                $idx++;
+            }
+        }
+        return $this->search($items);
+    }
 }
diff --git a/src/opnsense/mvc/app/views/OPNsense/IPsec/tunnels.volt b/src/opnsense/mvc/app/views/OPNsense/IPsec/tunnels.volt
index feaaf580c..ac72db36b 100644
--- a/src/opnsense/mvc/app/views/OPNsense/IPsec/tunnels.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/IPsec/tunnels.volt
@@ -1,23 +1,40 @@
 
 <script>
   $(function () {
-      const $grid = $('#grid-phase1').UIBootgrid({
+      const formatters = {
+          "commands": function (column, row) {
+            return '<button type="button" class="btn btn-xs btn-default command-edit bootgrid-tooltip" data-row-id="' + row.id + '"><span class="fa fa-fw fa-pencil"></span></button> ' +
+                '<button type="button" class="btn btn-xs btn-default command-copy bootgrid-tooltip" data-row-id="' + row.id + '"><span class="fa fa-fw fa-clone"></span></button>' +
+                '<button type="button" class="btn btn-xs btn-default command-delete bootgrid-tooltip" data-row-id="' + row.id + '"><span class="fa fa-fw fa-trash-o"></span></button>';
+          },
+          "gateway": function (column, row) {
+              if (row.mobile) {
+                  return '<strong>{{ lang._('Mobile Client') }}</strong>';
+              } else {
+                  return row.remote_gateway ;
+              }
+          },
+          "mode_type": function (column, row) {
+              return row.protocol + " " + row.mode;
+          },
+          "rowtoggle": function (column, row) {
+              if (parseInt(row[column.id], 2) === 1) {
+                  return '<span style="cursor: pointer;" class="fa fa-fw fa-check-square-o command-toggle bootgrid-tooltip" data-value="1" data-row-id="' + row.uuid + '"></span>';
+              } else {
+                  return '<span style="cursor: pointer;" class="fa fa-fw fa-square-o command-toggle bootgrid-tooltip" data-value="0" data-row-id="' + row.uuid + '"></span>';
+              }
+          }
+      };
+      const $grid_phase1 = $('#grid-phase1').UIBootgrid({
           search: '/api/ipsec/tunnel/search_phase1',
           options: {
-              formatters: {
-                  "commands": function (column, row) {
-                    return '<button type="button" class="btn btn-xs btn-default command-edit bootgrid-tooltip" data-row-id="' + row.id + '"><span class="fa fa-fw fa-pencil"></span></button> ' +
-                        '<button type="button" class="btn btn-xs btn-default command-copy bootgrid-tooltip" data-row-id="' + row.id + '"><span class="fa fa-fw fa-clone"></span></button>' +
-                        '<button type="button" class="btn btn-xs btn-default command-delete bootgrid-tooltip" data-row-id="' + row.id + '"><span class="fa fa-fw fa-trash-o"></span></button>';
-                  },
-                  "gateway": function (column, row) {
-                      if (row.mobile) {
-                          return '<strong>{{ lang._('Mobile Client') }}</strong>';
-                      } else {
-                          return row.remote_gateway ;
-                      }
-                  }
-              }
+              formatters: formatters
+          }
+      });
+      const $grid_phase2 = $('#grid-phase2').UIBootgrid({
+          search: '/api/ipsec/tunnel/search_phase2',
+          options: {
+              formatters: formatters
           }
       });
   });
@@ -29,6 +46,7 @@
         <thead>
           <tr>
               <th data-column-id="id" data-type="numeric" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
+              <th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
               <th data-column-id="type" data-type="string" data-width="7em">{{ lang._('Type') }}</th>
               <th data-column-id="remote_gateway" data-formatter="gateway" data-width="20em" data-type="string">{{ lang._('Remote Gateway') }}</th>
               <th data-column-id="mode" data-width="10em" data-type="string">{{ lang._('Mode') }}</th>
@@ -60,7 +78,8 @@
         <thead>
           <tr>
               <th data-column-id="id" data-type="numeric" data-identifier="true" data-visible="false">ID</th>
-              <th data-column-id="type" data-type="string">{{ lang._('Type') }}</th>
+              <th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
+              <th data-column-id="type" data-type="string" data-formatter="mode_type">{{ lang._('Type') }}</th>
               <th data-column-id="local_subnet" data-width="20em" data-type="string">{{ lang._('Local Subnet') }}</th>
               <th data-column-id="remote_subnet" data-width="20em" data-type="string">{{ lang._('Remote Subnet') }}</th>
               <th data-column-id="proposal" data-type="string">{{ lang._('Phase 2 Proposal') }}</th>