Skip to content

O
OpnSense
Commit ad97f9d2 authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

ipsec: merge GUI refactors from master

parent 717ad906
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 2792 additions and 3480 deletions
src/etc/inc/ipsec.inc
View file @ ad97f9d2
......@@ -55,15 +55,6 @@ $p2_ealgos = array(
'cast128' => array( 'name' => 'CAST128' ),
'des' => array( 'name' => 'DES' ));
$p1_halgos = array(
'md5' => 'MD5',
'sha1' => 'SHA1',
'sha256' => 'SHA256',
'sha384' => 'SHA384',
'sha512' => 'SHA512',
'aesxcbc' => 'AES-XCBC'
);
$p2_halgos = array(
'hmac_md5' => 'MD5',
'hmac_sha1' => 'SHA1',
......@@ -268,6 +259,7 @@ function ipsec_smp_dump_status() {
@fwrite($fd, $query);
$response = "";
$sread = "";
while (!strstr($sread, "</message>")) {
$sread = fgets($fd);
$response .= $sread;
......@@ -301,14 +293,14 @@ function ipsec_dump_spd()
if ($line == "No SPD entries.")
break;
if ($line[0] != "\t") {
if (is_array($cursp))
if (isset($cursp))
$spd[] = $cursp;
$cursp = array();
$linea = explode(" ", $line);
$cursp['srcid'] = substr($linea[0], 0, strpos($linea[0], "["));
$cursp['dstid'] = substr($linea[1], 0, strpos($linea[1], "["));
$i = 0;
} else if (is_array($cursp)) {
} else if (isset($cursp)) {
$linea = explode(" ", trim($line));
switch($i)
{
......@@ -328,7 +320,7 @@ function ipsec_dump_spd()
}
$i++;
}
if (is_array($cursp) && count($cursp))
if (isset($cursp) && count($cursp))
$spd[] = $cursp;
pclose($fd);
}
......@@ -443,16 +435,21 @@ function ipsec_get_number_of_phase2($ikeid) {
function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
$id_data = null;
if ($side == "local") {
$id_type = $ph1ent['myid_type'];
$id_data = $ph1ent['myid_data'];
if (isset($ph1ent['myid_data'])) {
$id_data = $ph1ent['myid_data'];
}
$addr = ipsec_get_phase1_src($ph1ent);
if (!$addr)
return array();
} elseif ($side == "peer") {
$id_type = $ph1ent['peerid_type'];
$id_data = $ph1ent['peerid_data'];
if (isset($ph1ent['peerid_data'])) {
$id_data = $ph1ent['peerid_data'];
}
if (isset($ph1ent['mobile']))
$addr = "%any";
......
src/www/diag_ipsec.php
View file @ ad97f9d2
This diff is collapsed.
src/www/diag_ipsec_leases.php
View file @ ad97f9d2
......@@ -36,7 +36,7 @@ $pgtitle = array(gettext("Status"),gettext("IPsec"),gettext("Leases"));
$shortcut_section = "ipsec";
include("head.inc");
$mobile = ipsec_dump_mobile();
$mobile = array(); // TODO: temporary disabled ( https://github.com/opnsense/core/issues/139 ) ipsec_dump_mobile();
?>
<body>
......
src/www/diag_ipsec_sad.php
View file @ ad97f9d2
......@@ -38,73 +38,58 @@ $shortcut_section = "ipsec";
include("head.inc");
$sad = ipsec_dump_sad();
legacy_html_escape_form_data($sad);
?>
<body>
<?php include("fbegin.inc"); ?>
<section class="page-content-main">
<div class="container-fluid">
<div class="row">
<?php if (isset($input_errors) && count($input_errors) > 0) print_input_errors($input_errors); ?>
<section class="col-xs-12">
<section class="col-xs-12">
<? $active_tab = "/diag_ipsec_sad.php"; include('diag_ipsec_tabs.inc'); ?>
<div class="tab-content content-box col-xs-12">
<div class="table-responsive">
<table class="table table-striped table-sort">
<table class="table table-striped">
<?php if (count($sad)): ?>
<tr>
<td class="listhdrr nowrap"><?=gettext("Source");?></td>
<td class="listhdrr nowrap"><?=gettext("Destination");?></td>
<td class="listhdrr nowrap"><?=gettext("Protocol");?></td>
<td class="listhdrr nowrap"><?=gettext("SPI");?></td>
<td class="listhdrr nowrap"><?=gettext("Enc. alg.");?></td>
<td class="listhdr nowrap"><?=gettext("Auth. alg.");?></td>
<td class="listhdr nowrap"><?=gettext("Data");?></td>
<td class="list nowrap"></td>
<td><?=gettext("Source");?></td>
<td><?=gettext("Destination");?></td>
<td><?=gettext("Protocol");?></td>
<td><?=gettext("SPI");?></td>
<td><?=gettext("Enc. alg.");?></td>
<td><?=gettext("Auth. alg.");?></td>
<td><?=gettext("Data");?></td>
</tr>
<?php foreach ($sad as $sa): ?>
<tr>
<td class="listlr"><?=htmlspecialchars($sa['src']);?></td>
<td class="listr"><?=htmlspecialchars($sa['dst']);?></td>
<td class="listr"><?=htmlspecialchars(strtoupper($sa['proto']));?></td>
<td class="listr"><?=htmlspecialchars($sa['spi']);?></td>
<td class="listr"><?=htmlspecialchars($sa['ealgo']);?></td>
<td class="listr"><?=htmlspecialchars($sa['aalgo']);?></td>
<td class="listr"><?=htmlspecialchars($sa['data']);?></td>
<td class="list nowrap">
</td>
<td><?=$sa['src'];?></td>
<td><?=$sa['dst'];?></td>
<td><?=strtoupper($sa['proto']);?></td>
<td><?=$sa['spi'];?></td>
<td><?=$sa['ealgo'];?></td>
<td><?=$sa['aalgo'];?></td>
<td><?=$sa['data'];?></td>
</tr>
<?php endforeach; ?>
<?php else: ?>
<tr>
<td>
<td colspan="7">
<p><strong><?=gettext("No IPsec security associations.");?></strong></p>
</td>
</tr>
<?php endif; ?>
<tr>
<td colspan="7">
<span class="text-danger"><strong><?=gettext("Note:");?><br /></strong></span>
<?=gettext("You can configure your IPsec");?> <a href="vpn_ipsec.php"><?=gettext("here.");?></a>
</td>
</tr>
</table>
<div class="container-fluid">
<p class="vexpl">
<span class="text-danger"><strong><?=gettext("Note:");?><br /></strong></span>
<?=gettext("You can configure your IPsec");?> <a href="vpn_ipsec.php"><?=gettext("here.");?></a>
</p>
</div>
</div>
</div>
</div>
</div>
</section>
</section>
</div>
</div>
</section>
......
src/www/diag_ipsec_spd.php
View file @ ad97f9d2
......@@ -37,86 +37,67 @@ $shortcut_section = "ipsec";
include("head.inc");
$spd = ipsec_dump_spd();
legacy_html_escape_form_data($spd);
?>
<body>
<?php include("fbegin.inc"); ?>
<section class="page-content-main">
<div class="container-fluid">
<div class="row">
<?php if (isset($input_errors) && count($input_errors) > 0) print_input_errors($input_errors); ?>
<section class="col-xs-12">
<? $active_tab = "/diag_ipsec_spd.php"; include('diag_ipsec_tabs.inc'); ?>
<section class="col-xs-12">
<? $active_tab = "/diag_ipsec_spd.php"; include('diag_ipsec_tabs.inc'); ?>
<div class="tab-content content-box col-xs-12">
<div class="table-responsive">
<table class="table table-striped table-sort __nomb">
<div class="table-responsive">
<table class="table table-striped">
<?php if (count($spd)): ?>
<tr>
<td class="listhdrr nowrap"><?= gettext("Source"); ?></td>
<td class="listhdrr nowrap"><?= gettext("Destination"); ?></td>
<td class="listhdrr nowrap"><?= gettext("Direction"); ?></td>
<td class="listhdrr nowrap"><?= gettext("Protocol"); ?></td>
<td class="listhdrr nowrap"><?= gettext("Tunnel endpoints"); ?></td>
<td class="list nowrap"></td>
<td><?= gettext("Source"); ?></td>
<td><?= gettext("Destination"); ?></td>
<td><?= gettext("Direction"); ?></td>
<td><?= gettext("Protocol"); ?></td>
<td><?= gettext("Tunnel endpoints"); ?></td>
</tr>
<?php foreach ($spd as $sp): ?>
<tr>
<td class="listlr" valign="top"><?=htmlspecialchars($sp['srcid']);?></td>
<td class="listr" valign="top"><?=htmlspecialchars($sp['dstid']);?></td>
<td class="listr" valign="top"> <span class="glyphicon glyphicon-arrow-<?php if($sp['dir'] == "in" ) echo "right"; else echo "left";?> aria-hidden="true"></span>
</td>
<td class="listr" valign="top"><?=htmlspecialchars(strtoupper($sp['proto']));?></td>
<td class="listr" valign="top"><?=htmlspecialchars($sp['src']);?> -> <?=htmlspecialchars($sp['dst']);?></td>
<td class="list nowrap">
<?php
$args = "srcid=".rawurlencode($sp['srcid']);
$args .= "&amp;dstid=".rawurlencode($sp['dstid']);
$args .= "&amp;dir=".rawurlencode($sp['dir']);
?>
<td class="listlr" valign="top"><?=$sp['srcid'];?></td>
<td class="listr" valign="top"><?=$sp['dstid'];?></td>
<td class="listr" valign="top">
<span class="glyphicon glyphicon-arrow-<?= $sp['dir'] == "in" ? "right" : "left";?>" aria-hidden="true"></span>
</td>
<td class="listr" valign="top"><?=strtoupper($sp['proto']);?></td>
<td class="listr" valign="top"><?=$sp['src'];?> -> <?=$sp['dst'];?></td>
</tr>
<?php endforeach; ?>
</table>
<br />
<table class="tabcont" border="0" cellspacing="0" cellpadding="6" summary="policies">
<tr>
<td width="16"> <span class="glyphicon glyphicon-arrow-right" aria-hidden="true" alt="in"></span></td>
<td><?= gettext("incoming (as seen by firewall)"); ?></td>
</tr>
<tr>
<td colspan="5" height="4"></td>
</tr>
<tr>
<td><span class="glyphicon glyphicon-arrow-left" aria-hidden="true" alt="out"></span></td>
<td><?= gettext("outgoing (as seen by firewall)"); ?></td>
<td colspan="2">
<span class="text-danger"><strong><?= gettext("Note:"); ?><br /></strong></span>
<?= gettext("You can configure your IPsec"); ?> <a href="vpn_ipsec.php"><?= gettext("here."); ?></a>
</td>
<td colspan="3">
<span class="glyphicon glyphicon-arrow-right" aria-hidden="true" alt="in"></span>
<?= gettext("incoming (as seen by firewall)"); ?> <br/>
<span class="glyphicon glyphicon-arrow-left" aria-hidden="true" alt="out"></span>
<?= gettext("outgoing (as seen by firewall)"); ?>
</td>
</tr>
<?php else: ?>
<tr>
<td>
<td colspan="5">
<p><strong><?= gettext("No IPsec security policies."); ?></strong></p>
</td>
</tr>
<tr>
<td colspan="5">
<span class="text-danger"><strong><?= gettext("Note:"); ?><br /></strong></span>
<?= gettext("You can configure your IPsec"); ?> <a href="vpn_ipsec.php"><?= gettext("here."); ?></a>
</td>
</tr>
<?php endif; ?>
</table>
</div>
<div class="container-fluid">
<p class="vexpl">
<span class="text-danger"><strong><?= gettext("Note:"); ?><br /></strong></span>
<?= gettext("You can configure your IPsec"); ?> <a href="vpn_ipsec.php"><?= gettext("here."); ?></a>
</p>
</div>
</div>
</section>
</div>
</section>
</div>
</div>
</section>
......
src/www/vpn_ipsec.php
View file @ ad97f9d2
This diff is collapsed.
src/www/vpn_ipsec_keys.php
View file @ ad97f9d2
This diff is collapsed.
src/www/vpn_ipsec_keys_edit.php
View file @ ad97f9d2
......@@ -31,80 +31,82 @@ require_once("guiconfig.inc");
require_once("vpn.inc");
require_once("services.inc");
if (!is_array($config['ipsec'])) {
if (!isset($config['ipsec'])) {
$config['ipsec'] = array();
}
if (!is_array($config['ipsec']['mobilekey'])) {
if (!isset($config['ipsec']['mobilekey'])) {
$config['ipsec']['mobilekey'] = array();
} else {
ipsec_mobilekey_sort();
}
ipsec_mobilekey_sort();
$a_secret = &$config['ipsec']['mobilekey'];
if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
}
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
}
if (isset($id) && $a_secret[$id]) {
$pconfig['ident'] = $a_secret[$id]['ident'];
$pconfig['psk'] = $a_secret[$id]['pre-shared-key'];
}
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array();
if(isset($_GET['id']) && is_numericint($_GET['id']) && isset($config['ipsec']['mobilekey'][$_GET['id']])) {
// fetch record
$id = $_GET['id'];
$pconfig['ident'] = $config['ipsec']['mobilekey'][$id]['ident'];
$pconfig['psk'] = $config['ipsec']['mobilekey'][$id]['pre-shared-key'];
} else {
// init new
$pconfig['ident'] = '';
$pconfig['psk'] = '';
}
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$input_errors = array();
$pconfig = $_POST;
// fetch record number if valid
if (isset($_POST['id']) && is_numericint($_POST['id']) && isset($config['ipsec']['mobilekey'][$_POST['id']]) ) {
$id = $_POST['id'];
} else {
$id = null;
}
if ($_POST) {
/* input validation */
$userids = array();
foreach ($config['system']['user'] as $uid => $user) {
$userids[$user['name']] = $uid;
}
if (isset($pconfig['ident']) && array_key_exists($pconfig['ident'], $userids)) {
$input_errors[] = gettext("A user with this name already exists. Add the key to the user instead.");
}
unset($userids);
unset($input_errors);
$pconfig = $_POST;
/* input validation */
$reqdfields = explode(" ", "ident psk");
$reqdfieldsn = array(gettext("Identifier"),gettext("Pre-Shared Key"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident'])) {
if (empty($pconfig['ident']) || preg_match("/[^a-zA-Z0-9@\.\-]/", $pconfig['ident'])) {
$input_errors[] = gettext("The identifier contains invalid characters.");
}
if (array_key_exists($_POST['ident'], $userids)) {
$input_errors[] = gettext("A user with this name already exists. Add the key to the user instead.");
}
unset($userids);
if (!$input_errors && !(isset($id) && $a_secret[$id])) {
/* make sure there are no dupes */
foreach ($a_secret as $secretent) {
if ($secretent['ident'] == $_POST['ident']) {
$input_errors[] = gettext("Another entry with the same identifier already exists.");
break;
}
/* make sure there are no dupes on new entries */
$recidx = 0 ;
foreach ($config['ipsec']['mobilekey'] as $secretent) {
if ($secretent['ident'] == $pconfig['ident'] && ($recidx != $id || $id === null)) {
$input_errors[] = gettext("Another entry with the same identifier already exists.");
break;
}
$recidx++;
}
if (!$input_errors) {
if (isset($id) && $a_secret[$id]) {
$secretent = $a_secret[$id];
}
$secretent['ident'] = $_POST['ident'];
$secretent['pre-shared-key'] = $_POST['psk'];
$text = "";
if (count($input_errors) == 0) {
$secretent = array();
$secretent['ident'] = $pconfig['ident'];
$secretent['pre-shared-key'] = $pconfig['psk'];
if (isset($id) && $a_secret[$id]) {
$a_secret[$id] = $secretent;
$text = gettext("Edited");
if ($id !== null) {
// edit existing key
$config['ipsec']['mobilekey'][$id] = $secretent;
$config_write_text = gettext("Edited");
} else {
$a_secret[] = $secretent;
$text = gettext("Added");
$config_write_text = gettext("Added");
$config['ipsec']['mobilekey'][] = $secretent;
}
write_config("{$text} IPsec Pre-Shared Keys");
write_config("{$config_write_text} IPsec Pre-Shared Keys");
mark_subsystem_dirty('ipsec');
header("Location: vpn_ipsec_keys.php");
......@@ -112,9 +114,12 @@ if ($_POST) {
}
}
$pgtitle = gettext("VPN: IPsec: Edit Pre-Shared Key");
$shortcut_section = "ipsec";
legacy_html_escape_form_data($pconfig);
include("head.inc");
?>
......@@ -123,62 +128,58 @@ include("head.inc");
<?php include("fbegin.inc"); ?>
<section class="page-content-main">
<div class="container-fluid">
<div class="row">
<?php if (isset($input_errors) && count($input_errors) > 0) {
print_input_errors($input_errors);
} ?>
<section class="col-xs-12">
<div class="content-box">
<form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform">
<div class="table-responsive">
<table class="table table-striped table-sort">
<tr>
<td valign="top" class="vncellreq"><?=gettext("Identifier"); ?></td>
<td class="vtable">
<input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=htmlspecialchars($pconfig['ident']);?>" />
<br />
<?=gettext("This can be either an IP address, fully qualified domain name or an e-mail address"); ?>.
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
<td width="78%" class="vtable">
<input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>" />
</td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
<?php if (isset($id) && $a_secret[$id]) :
<?php if (isset($input_errors) && count($input_errors) > 0) {
print_input_errors($input_errors);
}
?>
<section class="col-xs-12">
<div class="content-box">
<form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform">
<div class="table-responsive">
<table class="table table-striped">
<tr>
<td><a id="help_for_ident" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Identifier"); ?></td>
<td>
<input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=$pconfig['ident'];?>" />
<div class="hidden" for="help_for_ident">
<?=gettext("This can be either an IP address, fully qualified domain name or an e-mail address"); ?>.
</div>
</td>
</tr>
<tr>
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Pre-Shared Key"); ?></td>
<td>
<input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=$pconfig['psk'];?>" />
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
<?php if (isset($id) && isset($config['ipsec']['mobilekey'][$id])) :
?>
<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php
<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php
endif; ?>
</td>
</tr>
</table>
</div>
<div class="col-xs-12">
<span class="vexpl">
<span class="text-danger">
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<span class="text-danger">
<strong><?=gettext("Note"); ?>:<br /></strong>
</span>
<?=gettext("PSK for any user can be set by using an identifier of any/ANY");?>
</span>
</div>
</form>
</div>
</section>
</div>
</td>
</tr>
</table>
</div>
</form>
</div>
</section>
</div>
</div>
</section>
......
src/www/vpn_ipsec_mobile.php
View file @ ad97f9d2
This diff is collapsed.
src/www/vpn_ipsec_phase1.php
View file @ ad97f9d2
This diff is collapsed.
src/www/vpn_ipsec_phase2.php
View file @ ad97f9d2
This diff is collapsed.
src/www/vpn_ipsec_settings.php
View file @ ad97f9d2
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023