(ipsec) cleanup unused ciphers, add null cipher for testing purposes, fix some...

(ipsec) cleanup unused ciphers, add null cipher for testing purposes, fix some php warnings on empty arrays

src/etc/inc/ipsec.inc

@@ -39,9 +39,6 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE
 
 $p1_ealgos = array(
     'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
-    'aes128gcm' => array( 'name' => 'AES128-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
-    'aes192gcm' => array( 'name' => 'AES192-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
-    'aes256gcm' => array( 'name' => 'AES256-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
     'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
     '3des' => array( 'name' => '3DES' ),
     'cast128' => array( 'name' => 'CAST128' ),
@@ -50,13 +47,11 @@ $p1_ealgos = array(
 
 $p2_ealgos = array(
     'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
-    'aes128gcm' => array( 'name' => 'AES128-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
-    'aes192gcm' => array( 'name' => 'AES192-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
-    'aes256gcm' => array( 'name' => 'AES256-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
     'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
     '3des' => array( 'name' => '3DES' ),
     'cast128' => array( 'name' => 'CAST128' ),
-    'des' => array( 'name' => 'DES' )
+    'des' => array( 'name' => 'DES' ),
+    'null' => array( 'name' => gettext("NULL (no encryption)"))
 );
 
 $p2_halgos = array(
@@ -1200,7 +1195,7 @@ EOD;
                             $tmpconf .= "\tesp = " . join(',', $ealgoESPsp2arr[$idx]) . "!\n";
                         }
                         if (!empty($ealgoAHsp2arr[$idx])) {
-                            $connEntry .= "\tah = " . join(',', $ealgoAHsp2arr[$idx]) . "!\n";
+                            $tmpconf .= "\tah = " . join(',', $ealgoAHsp2arr[$idx]) . "!\n";
                         }
                         $ipsecconf .= $tmpconf;
                     }

src/www/vpn_ipsec.php

@@ -536,6 +536,7 @@ $( document ).ready(function() {
                                 endif;?>
                                 <td class="hidden-xs">
 <?php
+                                if (!empty($ph2ent['encryption-algorithm-option'])) {
                                   foreach ($ph2ent['encryption-algorithm-option'] as $k => $ph2ea) {
                                       if ($k > 0) {
                                           echo ", ";
@@ -548,6 +549,7 @@ $( document ).ready(function() {
                                               echo " ({$ph2ea['keylen']} " . gettext("bits") . ")";
                                           }
                                       }
+                                  }
                                 }?>
                                 </td>
                                 <td class="hidden-xs">

src/www/vpn_ipsec_phase2.php

@@ -189,7 +189,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         }
         idinfo_to_pconfig("local", $config['ipsec']['phase2'][$p2index]['localid'], $pconfig);
         idinfo_to_pconfig("remote", $config['ipsec']['phase2'][$p2index]['remoteid'], $pconfig);
+        if (!empty($config['ipsec']['phase2'][$p2index]['encryption-algorithm-option'])) {
             ealgos_to_pconfig($config['ipsec']['phase2'][$p2index]['encryption-algorithm-option'], $pconfig);
+        } else {
+            $pconfig['ealgos'] = array();
+        }
+
         if (isset($config['ipsec']['phase2'][$p2index]['mobile'])) {
             $pconfig['mobile'] = true;
         }