Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
fe7af093
Commit
fe7af093
authored
Jul 10, 2015
by
Ad Schellevis
Committed by
Franco Fichtner
Jul 20, 2015
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
(legacy) cleanups and movements related to ipsec.inc
parent
793a6870
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
105 additions
and
106 deletions
+105
-106
ipsec.inc
src/etc/inc/ipsec.inc
+0
-106
diag_ipsec.php
src/www/diag_ipsec.php
+36
-0
vpn_ipsec_phase1.php
src/www/vpn_ipsec_phase1.php
+64
-0
vpn_ipsec_phase2.php
src/www/vpn_ipsec_phase2.php
+5
-0
No files found.
src/etc/inc/ipsec.inc
View file @
fe7af093
...
@@ -36,23 +36,6 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE
...
@@ -36,23 +36,6 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE
"imc"
=>
"Integrity checker"
,
"imv"
=>
"Integrity Verifier"
,
"pts"
=>
"Platform Trust Service"
,
"imc"
=>
"Integrity checker"
,
"imv"
=>
"Integrity Verifier"
,
"pts"
=>
"Platform Trust Service"
,
"tls"
=>
"TLS handler"
,
"esp"
=>
"IPsec traffic"
,
"lib"
=>
"StrongSWAN Lib"
);
"tls"
=>
"TLS handler"
,
"esp"
=>
"IPsec traffic"
,
"lib"
=>
"StrongSWAN Lib"
);
$my_identifier_list
=
array
(
'myaddress'
=>
array
(
'desc'
=>
gettext
(
'My IP address'
),
'mobile'
=>
true
),
'address'
=>
array
(
'desc'
=>
gettext
(
'IP address'
),
'mobile'
=>
true
),
'fqdn'
=>
array
(
'desc'
=>
gettext
(
'Distinguished name'
),
'mobile'
=>
true
),
'user_fqdn'
=>
array
(
'desc'
=>
gettext
(
'User distinguished name'
),
'mobile'
=>
true
),
'asn1dn'
=>
array
(
'desc'
=>
gettext
(
'ASN.1 distinguished Name'
),
'mobile'
=>
true
),
'keyid tag'
=>
array
(
'desc'
=>
gettext
(
'KeyID tag'
),
'mobile'
=>
true
),
'dyn_dns'
=>
array
(
'desc'
=>
gettext
(
'Dynamic DNS'
),
'mobile'
=>
true
));
$peer_identifier_list
=
array
(
'peeraddress'
=>
array
(
'desc'
=>
gettext
(
'Peer IP address'
),
'mobile'
=>
false
),
'address'
=>
array
(
'desc'
=>
gettext
(
'IP address'
),
'mobile'
=>
false
),
'fqdn'
=>
array
(
'desc'
=>
gettext
(
'Distinguished name'
),
'mobile'
=>
true
),
'user_fqdn'
=>
array
(
'desc'
=>
gettext
(
'User distinguished name'
),
'mobile'
=>
true
),
'asn1dn'
=>
array
(
'desc'
=>
gettext
(
'ASN.1 distinguished Name'
),
'mobile'
=>
true
),
'keyid tag'
=>
array
(
'desc'
=>
gettext
(
'KeyID tag'
),
'mobile'
=>
true
));
$p1_ealgos
=
array
(
$p1_ealgos
=
array
(
'aes'
=>
array
(
'name'
=>
'AES'
,
'keysel'
=>
array
(
'lo'
=>
128
,
'hi'
=>
256
,
'step'
=>
64
)
),
'aes'
=>
array
(
'name'
=>
'AES'
,
'keysel'
=>
array
(
'lo'
=>
128
,
'hi'
=>
256
,
'step'
=>
64
)
),
'aes128gcm'
=>
array
(
'name'
=>
'AES128-GCM'
,
'keysel'
=>
array
(
'lo'
=>
64
,
'hi'
=>
128
,
'step'
=>
32
)
),
'aes128gcm'
=>
array
(
'name'
=>
'AES128-GCM'
,
'keysel'
=>
array
(
'lo'
=>
64
,
'hi'
=>
128
,
'step'
=>
32
)
),
...
@@ -82,20 +65,6 @@ $p1_halgos = array(
...
@@ -82,20 +65,6 @@ $p1_halgos = array(
'aesxcbc'
=>
'AES-XCBC'
'aesxcbc'
=>
'AES-XCBC'
);
);
$p1_dhgroups
=
array
(
1
=>
'1 (768 bit)'
,
2
=>
'2 (1024 bit)'
,
5
=>
'5 (1536 bit)'
,
14
=>
'14 (2048 bit)'
,
15
=>
'15 (3072 bit)'
,
16
=>
'16 (4096 bit)'
,
17
=>
'17 (6144 bit)'
,
18
=>
'18 (8192 bit)'
,
22
=>
'22 (1024(sub 160) bit)'
,
23
=>
'23 (2048(sub 224) bit)'
,
24
=>
'24 (2048(sub 256) bit)'
);
$p2_halgos
=
array
(
$p2_halgos
=
array
(
'hmac_md5'
=>
'MD5'
,
'hmac_md5'
=>
'MD5'
,
'hmac_sha1'
=>
'SHA1'
,
'hmac_sha1'
=>
'SHA1'
,
...
@@ -105,18 +74,6 @@ $p2_halgos = array(
...
@@ -105,18 +74,6 @@ $p2_halgos = array(
'aesxcbc'
=>
'AES-XCBC'
'aesxcbc'
=>
'AES-XCBC'
);
);
$p1_authentication_methods
=
array
(
'hybrid_rsa_server'
=>
array
(
'name'
=>
'Hybrid RSA + Xauth'
,
'mobile'
=>
true
),
'xauth_rsa_server'
=>
array
(
'name'
=>
'Mutual RSA + Xauth'
,
'mobile'
=>
true
),
'xauth_psk_server'
=>
array
(
'name'
=>
'Mutual PSK + Xauth'
,
'mobile'
=>
true
),
'eap-tls'
=>
array
(
'name'
=>
'EAP-TLS'
,
'mobile'
=>
true
),
'rsasig'
=>
array
(
'name'
=>
'Mutual RSA'
,
'mobile'
=>
false
),
'pre_shared_key'
=>
array
(
'name'
=>
'Mutual PSK'
,
'mobile'
=>
false
)
);
$p2_modes
=
array
(
'tunnel'
=>
'Tunnel IPv4'
,
'tunnel6'
=>
'Tunnel IPv6'
,
'transport'
=>
'Transport'
);
$p2_protos
=
array
(
$p2_protos
=
array
(
'esp'
=>
'ESP'
,
'esp'
=>
'ESP'
,
...
@@ -134,29 +91,6 @@ $p2_pfskeygroups = array(
...
@@ -134,29 +91,6 @@ $p2_pfskeygroups = array(
18
=>
'18 (8192 bit)'
18
=>
'18 (8192 bit)'
);
);
/*
* ikeid management functions
*/
function
ipsec_ikeid_used
(
$ikeid
)
{
global
$config
;
foreach
(
$config
[
'ipsec'
][
'phase1'
]
as
$ph1ent
)
if
(
$ikeid
==
$ph1ent
[
'ikeid'
]
)
return
true
;
return
false
;
}
function
ipsec_ikeid_next
()
{
$ikeid
=
1
;
while
(
ipsec_ikeid_used
(
$ikeid
))
$ikeid
++
;
return
$ikeid
;
}
/*
/*
* Return phase1 local address
* Return phase1 local address
*/
*/
...
@@ -505,32 +439,6 @@ function ipsec_get_number_of_phase2($ikeid) {
...
@@ -505,32 +439,6 @@ function ipsec_get_number_of_phase2($ikeid) {
return
$nbph2
;
return
$nbph2
;
}
}
function
ipsec_get_descr
(
$ikeid
)
{
global
$config
;
if
(
!
isset
(
$config
[
'ipsec'
][
'phase1'
])
||
!
is_array
(
$config
[
'ipsec'
][
'phase1'
]))
return
""
;
$descr
=
''
;
$a_phase1
=
$config
[
'ipsec'
][
'phase1'
];
foreach
(
$a_phase1
as
$p1
)
{
if
(
$p1
[
'ikeid'
]
==
$ikeid
)
{
$descr
=
$p1
[
'descr'
];
break
;
}
}
unset
(
$a_phase1
);
return
$descr
;
}
function
ipsec_fixup_ip
(
$ipaddr
)
{
if
(
is_ipaddrv6
(
$ipaddr
)
||
is_subnetv6
(
$ipaddr
))
return
Net_IPv6
::
compress
(
Net_IPv6
::
uncompress
(
$ipaddr
));
else
return
$ipaddr
;
}
function
ipsec_find_id
(
&
$ph1ent
,
$side
=
"local"
,
$rgmap
=
array
())
{
function
ipsec_find_id
(
&
$ph1ent
,
$side
=
"local"
,
$rgmap
=
array
())
{
if
(
$side
==
"local"
)
{
if
(
$side
==
"local"
)
{
...
@@ -586,19 +494,5 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
...
@@ -586,19 +494,5 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
return
array
(
$thisid_type
,
$thisid_data
);
return
array
(
$thisid_type
,
$thisid_data
);
}
}
function
ipsec_fixup_network
(
$network
)
{
if
(
substr
(
$network
,
-
3
)
==
'|/0'
)
$result
=
substr
(
$network
,
0
,
-
3
);
else
{
$tmp
=
explode
(
'|'
,
$network
);
if
(
isset
(
$tmp
[
1
]))
$result
=
$tmp
[
1
];
else
$result
=
$tmp
[
0
];
unset
(
$tmp
);
}
return
$result
;
}
?>
?>
src/www/diag_ipsec.php
View file @
fe7af093
...
@@ -38,6 +38,42 @@ require_once("guiconfig.inc");
...
@@ -38,6 +38,42 @@ require_once("guiconfig.inc");
include
(
"head.inc"
);
include
(
"head.inc"
);
require_once
(
"ipsec.inc"
);
require_once
(
"ipsec.inc"
);
function
ipsec_get_descr
(
$ikeid
)
{
global
$config
;
if
(
!
isset
(
$config
[
'ipsec'
][
'phase1'
])
||
!
is_array
(
$config
[
'ipsec'
][
'phase1'
]))
return
""
;
$descr
=
''
;
$a_phase1
=
$config
[
'ipsec'
][
'phase1'
];
foreach
(
$a_phase1
as
$p1
)
{
if
(
$p1
[
'ikeid'
]
==
$ikeid
)
{
$descr
=
$p1
[
'descr'
];
break
;
}
}
unset
(
$a_phase1
);
return
$descr
;
}
function
ipsec_fixup_network
(
$network
)
{
if
(
substr
(
$network
,
-
3
)
==
'|/0'
)
$result
=
substr
(
$network
,
0
,
-
3
);
else
{
$tmp
=
explode
(
'|'
,
$network
);
if
(
isset
(
$tmp
[
1
]))
$result
=
$tmp
[
1
];
else
$result
=
$tmp
[
0
];
unset
(
$tmp
);
}
return
$result
;
}
if
(
$_GET
[
'act'
]
==
'connect'
)
{
if
(
$_GET
[
'act'
]
==
'connect'
)
{
if
(
ctype_digit
(
$_GET
[
'ikeid'
]))
{
if
(
ctype_digit
(
$_GET
[
'ikeid'
]))
{
mwexec
(
"/usr/local/sbin/ipsec down con"
.
escapeshellarg
(
$_GET
[
'ikeid'
]));
mwexec
(
"/usr/local/sbin/ipsec down con"
.
escapeshellarg
(
$_GET
[
'ikeid'
]));
...
...
src/www/vpn_ipsec_phase1.php
View file @
fe7af093
...
@@ -34,6 +34,70 @@ require_once("guiconfig.inc");
...
@@ -34,6 +34,70 @@ require_once("guiconfig.inc");
require_once
(
"ipsec.inc"
);
require_once
(
"ipsec.inc"
);
require_once
(
"vpn.inc"
);
require_once
(
"vpn.inc"
);
$my_identifier_list
=
array
(
'myaddress'
=>
array
(
'desc'
=>
gettext
(
'My IP address'
),
'mobile'
=>
true
),
'address'
=>
array
(
'desc'
=>
gettext
(
'IP address'
),
'mobile'
=>
true
),
'fqdn'
=>
array
(
'desc'
=>
gettext
(
'Distinguished name'
),
'mobile'
=>
true
),
'user_fqdn'
=>
array
(
'desc'
=>
gettext
(
'User distinguished name'
),
'mobile'
=>
true
),
'asn1dn'
=>
array
(
'desc'
=>
gettext
(
'ASN.1 distinguished Name'
),
'mobile'
=>
true
),
'keyid tag'
=>
array
(
'desc'
=>
gettext
(
'KeyID tag'
),
'mobile'
=>
true
),
'dyn_dns'
=>
array
(
'desc'
=>
gettext
(
'Dynamic DNS'
),
'mobile'
=>
true
));
$peer_identifier_list
=
array
(
'peeraddress'
=>
array
(
'desc'
=>
gettext
(
'Peer IP address'
),
'mobile'
=>
false
),
'address'
=>
array
(
'desc'
=>
gettext
(
'IP address'
),
'mobile'
=>
false
),
'fqdn'
=>
array
(
'desc'
=>
gettext
(
'Distinguished name'
),
'mobile'
=>
true
),
'user_fqdn'
=>
array
(
'desc'
=>
gettext
(
'User distinguished name'
),
'mobile'
=>
true
),
'asn1dn'
=>
array
(
'desc'
=>
gettext
(
'ASN.1 distinguished Name'
),
'mobile'
=>
true
),
'keyid tag'
=>
array
(
'desc'
=>
gettext
(
'KeyID tag'
),
'mobile'
=>
true
));
$p1_dhgroups
=
array
(
1
=>
'1 (768 bit)'
,
2
=>
'2 (1024 bit)'
,
5
=>
'5 (1536 bit)'
,
14
=>
'14 (2048 bit)'
,
15
=>
'15 (3072 bit)'
,
16
=>
'16 (4096 bit)'
,
17
=>
'17 (6144 bit)'
,
18
=>
'18 (8192 bit)'
,
22
=>
'22 (1024(sub 160) bit)'
,
23
=>
'23 (2048(sub 224) bit)'
,
24
=>
'24 (2048(sub 256) bit)'
);
$p1_authentication_methods
=
array
(
'hybrid_rsa_server'
=>
array
(
'name'
=>
'Hybrid RSA + Xauth'
,
'mobile'
=>
true
),
'xauth_rsa_server'
=>
array
(
'name'
=>
'Mutual RSA + Xauth'
,
'mobile'
=>
true
),
'xauth_psk_server'
=>
array
(
'name'
=>
'Mutual PSK + Xauth'
,
'mobile'
=>
true
),
'eap-tls'
=>
array
(
'name'
=>
'EAP-TLS'
,
'mobile'
=>
true
),
'rsasig'
=>
array
(
'name'
=>
'Mutual RSA'
,
'mobile'
=>
false
),
'pre_shared_key'
=>
array
(
'name'
=>
'Mutual PSK'
,
'mobile'
=>
false
)
);
/*
* ikeid management functions
*/
function
ipsec_ikeid_used
(
$ikeid
)
{
global
$config
;
foreach
(
$config
[
'ipsec'
][
'phase1'
]
as
$ph1ent
)
if
(
$ikeid
==
$ph1ent
[
'ikeid'
]
)
return
true
;
return
false
;
}
function
ipsec_ikeid_next
()
{
$ikeid
=
1
;
while
(
ipsec_ikeid_used
(
$ikeid
))
$ikeid
++
;
return
$ikeid
;
}
if
(
!
is_array
(
$config
[
'ipsec'
]))
{
if
(
!
is_array
(
$config
[
'ipsec'
]))
{
$config
[
'ipsec'
]
=
array
();
$config
[
'ipsec'
]
=
array
();
}
}
...
...
src/www/vpn_ipsec_phase2.php
View file @
fe7af093
...
@@ -32,6 +32,11 @@ require_once("guiconfig.inc");
...
@@ -32,6 +32,11 @@ require_once("guiconfig.inc");
require_once
(
"ipsec.inc"
);
require_once
(
"ipsec.inc"
);
require_once
(
"vpn.inc"
);
require_once
(
"vpn.inc"
);
$p2_modes
=
array
(
'tunnel'
=>
'Tunnel IPv4'
,
'tunnel6'
=>
'Tunnel IPv6'
,
'transport'
=>
'Transport'
);
if
(
!
is_array
(
$config
[
'ipsec'
]))
{
if
(
!
is_array
(
$config
[
'ipsec'
]))
{
$config
[
'ipsec'
]
=
array
();
$config
[
'ipsec'
]
=
array
();
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment