$radiusservers[0]['key']);
if ($auth_val == 2) {
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
- $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user']);
+ $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user'], $_POST['auth_pass']);
if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) {
$auth_val = RADIUS_ACCOUNTING_START($_POST['auth_user'],
$sessionid,
return FALSE ;
}
-function portal_allow($clientip,$clientmac,$clientuser) {
+function portal_allow($clientip,$clientmac,$clientuser,$password = "") {
global $orig_host, $orig_request, $g, $config;
fwrite($fd, join(",", $cpent) . "\n");
}
/* write in this new entry */
- fwrite($fd, time().",{$ruleno},{$clientip},{$clientmac},{$clientuser},{$sessionid}\n") ;
+ /* encode password in Base64 just in case it contains commas */
+ $bpassword = base64_encode($password);
+ fwrite($fd, time().",{$ruleno},{$clientip},{$clientmac},{$clientuser},{$sessionid},{$bpassword}\n") ;
fclose($fd);
}
// See RFC2866 for this.
}
-function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip) {
+function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$interimupdate=false) {
$sharedsecret=$radiuskey ;
# $debug = 1 ;
exec("/sbin/ipfw show {$ruleno}", $ipfw) ;
preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[0], $matches) ;
- $output_pkts = $matches[2] ;
- $output_bytes = $matches[3] ;
+ $input_pkts = $matches[2] ;
+ $input_bytes = $matches[3] ;
unset($matches) ;
preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[1], $matches) ;
- $input_pkts = $matches[2] ;
- $input_bytes = $matches[3] ;
+ $output_pkts = $matches[2] ;
+ $output_bytes = $matches[3] ;
$fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ;
if(!$fd)
6; //Framed-IP-Address
+ if ($interimupdate)
+ $acctstatustype = 3;
+ else
+ $acctstatustype = 2;
+
// v v v v v v v v v 1 1 1 1 1 1 1 v
// Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 E
$data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC",
32,2+strlen($nasHostname[0]),$nasHostname[0], // nasIdentifier
5,6,0,0,0,0, // nasPort
61,6,0,0,0,15, // nasPortType = Ethernet
- 40,6,0,0,0,2, // Acct Status Type = Stop
+ 40,6,0,0,0,$acctstatustype, // Acct Status Type
45,6,0,0,0,1, // Acct RADIUS Authenticated
44,2+strlen($sessionid),$sessionid, // Acct Session ID
49,6,1, // Acct Terminate = User Request
32,2+strlen($nasHostname[0]),$nasHostname[0], // nasIdentifier
5,6,0,0,0,0, // nasPort
61,6,0,0,0,15, // nasPortType = Ethernet
- 40,6,0,0,0,2, // Acct Status Type = Stop
+ 40,6,0,0,0,$acctstatustype, // Acct Status Type
45,6,0,0,0,1, // Acct RADIUS Authenticated
44,2+strlen($sessionid),$sessionid, // Acct Session ID
49,6,1, // Acct Terminate = User Request
/* include all configuration functions */
require_once("functions.inc");
+require_once("radius_authentication.inc");
require_once("radius_accounting.inc") ;
function captiveportal_configure() {
} else {
killbypid("{$g['varrun_path']}/mini_httpd.cp.pid");
+ killbypid("{$g['varrun_path']}/mini_httpd.cps.pid");
killbypid("{$g['varrun_path']}/minicron.pid");
captiveportal_radius_stop_all();
}
/* remove clients that have been around for longer than the specified amount of time */
-/* db file structure: timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid */
+/* db file structure: timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password */
+/* (password is in Base64 and only saved when reauthentication is enabled) */
function captiveportal_prune_old() {
global $g, $config;
else
$idletimeout = 0;
- if (!$timeout && !$idletimeout)
+ if (!$timeout && !$idletimeout && !isset($config['captiveportal']['reauthenticate']))
return;
captiveportal_lock();
captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT");
unset($cpdb[$i]);
}
+
+ /* do periodic RADIUS reauthentication? */
+ if (!$timedout && isset($config['captiveportal']['reauthenticate']) &&
+ ($radiusservers !== false)) {
+
+ if (isset($config['captiveportal']['radacct_enable'])) {
+ if ($config['captiveportal']['reauthenticateacct'] == "stopstart") {
+ /* stop and restart accounting */
+ RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
+ $cpdb[$i][4], // username
+ $cpdb[$i][5], // sessionid
+ $cpdb[$i][0], // start time
+ $radiusservers[0]['ipaddr'],
+ $radiusservers[0]['acctport'],
+ $radiusservers[0]['key'],
+ $cpdb[$i][2]); //clientip
+ exec("/sbin/ipfw zero {$cpdb[$i][1]}");
+ RADIUS_ACCOUNTING_START($cpdb[$i][4],
+ $cpdb[$i][5],
+ $radiusservers[0]['ipaddr'],
+ $radiusservers[0]['acctport'],
+ $radiusservers[0]['key'],
+ $cpdb[$i][2]);
+ } else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") {
+ RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
+ $cpdb[$i][4], // username
+ $cpdb[$i][5], // sessionid
+ $cpdb[$i][0], // start time
+ $radiusservers[0]['ipaddr'],
+ $radiusservers[0]['acctport'],
+ $radiusservers[0]['key'],
+ $cpdb[$i][2], //clientip
+ true);
+ }
+ }
+
+ /* check this user against RADIUS again */
+ $auth_val = RADIUS_AUTHENTICATION($cpdb[$i][4],
+ base64_decode($cpdb[$i][6]),
+ $radiusservers[0]['ipaddr'],
+ $radiusservers[0]['port'],
+ $radiusservers[0]['key']);
+
+ if ($auth_val == 3) {
+ captiveportal_disconnect($cpdb[$i], $radiusservers);
+ captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT");
+ unset($cpdb[$i]);
+ }
+ }
}
/* write database */
}
}
+function system_polling_configure() {
+ global $config, $g;
+
+ if (isset($config['system']['polling'])) {
+ mwexec("/sbin/sysctl kern.polling.enable=1");
+ } else {
+ mwexec("/sbin/sysctl kern.polling.enable=0");
+ }
+}
+
?>
}
$racoonconf = "path pre_shared_key \"{$g['varetc_path']}/psk.txt\";\n\n";
-
+ $racoonconf .= "path certificate \"{$g['varetc_path']}\";\n\n";
+
+ /* generate CA certificates files */
+ $cacertnum = 0;
+ if (is_array($ipseccfg['cacert']) && count($ipseccfg['cacert']))
+ foreach ($ipseccfg['cacert'] as $cacert) {
+ ++$cacertnum;
+ if (isset($cacert['cert'])) {
+ $cert = base64_decode($cacert['cert']);
+ $x509cert = openssl_x509_parse(openssl_x509_read($cert));
+ if(is_array($x509cert) && isset($x509cert['hash'])) {
+ $fd1 = fopen("{$g['varetc_path']}/{$x509cert['hash']}.0", "w");
+ if (!$fd1) {
+ printf("Error: cannot open {$x509cert['hash']}.0 in vpn.\n");
+ return 1;
+ }
+ chmod("{$g['varetc_path']}/{$x509cert['hash']}.0", 0600);
+ fwrite($fd1, $cert);
+ fclose($fd1);
+ }
+ }
+ }
+
+ $tunnelnumber = 0;
if (is_array($ipseccfg['tunnel']) && count($ipseccfg['tunnel']))
foreach ($ipseccfg['tunnel'] as $tunnel) {
+
+ ++$tunnelnumber;
if (isset($tunnel['disabled']))
continue;
$myidentt = "user_fqdn";
$myident = $tunnel['p1']['myident']['ufqdn'];
}
-
+
+ if (isset($tunnel['p1']['authentication_method'])) {
+ $authmethod = $tunnel['p1']['authentication_method'];
+ } else {$authmethod = 'pre_shared_key';}
+
+ $certline = '';
+
+ if ($authmethod == 'rsasig') {
+ if ($tunnel['p1']['cert'] && $tunnel['p1']['private-key']) {
+ $cert = base64_decode($tunnel['p1']['cert']);
+ $private_key = base64_decode($tunnel['p1']['private-key']);
+ } else {
+ /* null certificate/key */
+ $cert = '';
+ $private_key = '';
+ }
+
+ if ($tunnel['p1']['peercert'])
+ $peercert = base64_decode($tunnel['p1']['peercert']);
+ else
+ $peercert = '';
+
+ $fd1 = fopen("{$g['varetc_path']}/server{$tunnelnumber}-signed.pem", "w");
+ if (!$fd1) {
+ printf("Error: cannot open server{$tunnelnumber}-signed.pem in vpn.\n");
+ return 1;
+ }
+ chmod("{$g['varetc_path']}/server{$tunnelnumber}-signed.pem", 0600);
+ fwrite($fd1, $cert);
+ fclose($fd1);
+
+ $fd1 = fopen("{$g['varetc_path']}/server{$tunnelnumber}-key.pem", "w");
+ if (!$fd1) {
+ printf("Error: cannot open server{$tunnelnumber}-key.pem in vpn.\n");
+ return 1;
+ }
+ chmod("{$g['varetc_path']}/server{$tunnelnumber}-key.pem", 0600);
+ fwrite($fd1, $private_key);
+ fclose($fd1);
+
+ $certline = "certificate_type x509 \"server{$tunnelnumber}-signed.pem\" \"server{$tunnelnumber}-key.pem\";";
+
+ if ($peercert!=''){
+ $fd1 = fopen("{$g['varetc_path']}/peer{$tunnelnumber}-signed.pem", "w");
+ if (!$fd1) {
+ printf("Error: cannot open server{$tunnelnumber}-signed.pem in vpn.\n");
+ return 1;
+ }
+ chmod("{$g['varetc_path']}/peer{$tunnelnumber}-signed.pem", 0600);
+ fwrite($fd1, $peercert);
+ fclose($fd1);
+ $certline .= <<<EOD
+
+ peers_certfile "peer{$tunnelnumber}-signed.pem";
+EOD;
+ }
+ }
$racoonconf .= <<<EOD
remote {$tunnel['remote-gateway']} \{
exchange_mode {$tunnel['p1']['mode']};
my_identifier {$myidentt} "{$myident}";
+ {$certline}
peers_identifier address {$tunnel['remote-gateway']};
initial_contact on;
support_proxy on;
proposal \{
encryption_algorithm {$tunnel['p1']['encryption-algorithm']};
hash_algorithm {$tunnel['p1']['hash-algorithm']};
- authentication_method pre_shared_key;
+ authentication_method {$authmethod};
dh_group {$tunnel['p1']['dhgroup']};
EOD;
$myidentt = "user_fqdn";
$myident = $tunnel['p1']['myident']['ufqdn'];
}
-
+
+ if (isset($tunnel['p1']['authentication_method'])) {
+ $authmethod = $tunnel['p1']['authentication_method'];
+ } else {$authmethod = 'pre_shared_key';}
+
+ $certline = '';
+ if ($authmethod == 'rsasig') {
+ if ($tunnel['p1']['cert'] && $tunnel['p1']['private-key']) {
+ $cert = base64_decode($tunnel['p1']['cert']);
+ $private_key = base64_decode($tunnel['p1']['private-key']);
+ } else {
+ /* null certificate/key */
+ $cert = '';
+ $private_key = '';
+ }
+
+ if ($tunnel['p1']['peercert'])
+ $peercert = base64_decode($tunnel['p1']['peercert']);
+ else
+ $peercert = '';
+
+ $fd1 = fopen("{$g['varetc_path']}/server-mobile{$tunnelnumber}-signed.pem", "w");
+ if (!$fd1) {
+ printf("Error: cannot open server-mobile{$tunnelnumber}-signed.pem in vpn.\n");
+ return 1;
+ }
+ chmod("{$g['varetc_path']}/server-mobile{$tunnelnumber}-signed.pem", 0600);
+ fwrite($fd1, $cert);
+ fclose($fd1);
+
+ $fd1 = fopen("{$g['varetc_path']}/server-mobile{$tunnelnumber}-key.pem", "w");
+ if (!$fd1) {
+ printf("Error: cannot open server-mobile{$tunnelnumber}-key.pem in vpn.\n");
+ return 1;
+ }
+ chmod("{$g['varetc_path']}/server-mobile{$tunnelnumber}-key.pem", 0600);
+ fwrite($fd1, $private_key);
+ fclose($fd1);
+
+ $certline = "certificate_type x509 \"server-mobile{$tunnelnumber}-signed.pem\" \"server-mobile{$tunnelnumber}-key.pem\";";
+ }
$racoonconf .= <<<EOD
remote anonymous \{
exchange_mode {$tunnel['p1']['mode']};
my_identifier {$myidentt} "{$myident}";
+ {$certline}
initial_contact on;
passive on;
generate_policy on;
proposal \{
encryption_algorithm {$tunnel['p1']['encryption-algorithm']};
hash_algorithm {$tunnel['p1']['hash-algorithm']};
- authentication_method pre_shared_key;
+ authentication_method {$authmethod};
dh_group {$tunnel['p1']['dhgroup']};
EOD;
/* tags that are always to be handled as lists */
$listtags = explode(" ", "rule user key dnsserver winsserver " .
"encryption-algorithm-option hash-algorithm-option hosts tunnel onetoone " .
- "staticmap route alias pipe queue shellcmd earlyshellcmd mobilekey " .
+ "staticmap route alias pipe queue shellcmd cacert earlyshellcmd mobilekey " .
"servernat proxyarpnet passthrumac allowedip wolentry vlan");
function startElement($parser, $name, $attrs) {
/* establish ipfilter ruleset */
filter_configure();
+ /* set up device polling */
+ system_polling_configure();
+
/* configure loopback interface */
interfaces_loopback_configure();
/* run any shell commands specified in config.xml */
system_do_shell_commands();
+ /* enable HD standby */
+ system_set_harddisk_standby();
+
/* done */
unlink("{$g['varrun_path']}/booting");
?>
$args .= "&proto=" . rawurlencode($sa['proto']);
$args .= "&spi=" . rawurlencode("0x" . $sa['spi']);
?>
- <a href="diag_ipsec_sad.php?act=del&<?=$args;?>" onclick="return confirm('Do you really want to delete this security association?')"><img src="x.gif" width="17" height="17" border="0"></a>
+ <a href="diag_ipsec_sad.php?act=del&<?=$args;?>" onclick="return confirm('Do you really want to delete this security association?')"><img src="x.gif" title="delete SA" width="17" height="17" border="0"></a>
</td>
</tr>
$args .= "&dst=" . rawurlencode($sp['dst']);
$args .= "&dir=" . rawurlencode($sp['dir']);
?>
- <a href="diag_ipsec_spd.php?act=del&<?=$args;?>" onclick="return confirm('Do you really want to delete this security policy?')"><img src="x.gif" width="17" height="17" border="0"></a>
+ <a href="diag_ipsec_spd.php?act=del&<?=$args;?>" onclick="return confirm('Do you really want to delete this security policy?')"><img src="x.gif" title="delete SP" width="17" height="17" border="0"></a>
</td>
</tr>
$pgtitle = array("Diagnostics", "Logs");
require("guiconfig.inc");
+$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPv6 IGMP any");
+
$nentries = $config['syslog']['nentries'];
+$resolve = $config['syslog']['resolve'];
+
if (!$nentries)
$nentries = 50;
exec("/usr/sbin/clog -i -s 262144 /var/log/filter.log");
}
+
+if (isset($_GET['act']) && preg_match("/^[pb]+$/", $_GET['act'])) {
+ $action = $_GET['act'];
+ $ifstring .= "&act=$action";
+ $srcstring .= "&act=$action";
+ $dststring .= "&act=$action";
+ $prstring .= "&act=$action";
+}
+
+if (isset($_GET['if']) && ($_GET['if'] != "")) {
+ $iface = $_GET['if'];
+ $actstring .= "&if=$iface";
+ $srcstring .= "&if=$iface";
+ $dststring .= "&if=$iface";
+ $prstring .= "&if=$iface";
+}
+
+if (isset($_GET['pr']) && in_array($_GET['pr'], $protocols)) {
+ $proto = $_GET['pr'];
+ $actstring .= "&pr=$proto";
+ $ifstring .= "&pr=$proto";
+ $srcstring .= "&pr=$proto";
+ $dststring .= "&pr=$proto";
+}
+
+if (isset($_GET['sp']) && (is_numeric($_GET['sp']))) {
+ $srcport = $_GET['sp'];
+ $actstring .= "&sp=$srcport";
+ $ifstring .= "&sp=$srcport";
+ $dststring .= "&sp=$srcport";
+ $prstring .= "&sp=$srcport";
+}
+
+if (isset($_GET['dp']) && (is_numeric($_GET['dp']))) {
+ $dstport = $_GET['dp'];
+ $actstring .= "&dp=$dstport";
+ $ifstring .= "&dp=$dstport";
+ $srcstring .= "&dp=$dstport";
+ $prstring .= "&dp=$dstport";
+}
+
+
function dump_clog($logfile, $tail, $withorig = true) {
global $g, $config;
}
function conv_clog($logfile, $tail) {
- global $g, $config;
+ global $g, $config, $iface, $action, $proto, $srcport, $dstport;
/* make interface/port table */
$iftable = array();
exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr);
$filterlog = array();
-
+
foreach ($logarr as $logent) {
$logent = preg_split("/\s+/", $logent, 6);
$ipfa = explode(" ", $logent[5]);
$flent['count'] = substr($ipfa[$i], 0, -1);
$i++;
}
- if ($iftable[$ipfa[$i]])
+ if (!isset($iface) || ($iftable[$ipfa[$i]] && strstr($iface, $iftable[$ipfa[$i]])))
$flent['interface'] = $iftable[$ipfa[$i]];
- else
+ else if (!isset($iface) || strstr($iface, $ipfa[$i]))
$flent['interface'] = $ipfa[$i];
+ else continue;
$i += 2;
- $flent['act'] = $ipfa[$i];
+ if (!isset($action) || strstr($action, $ipfa[$i]))
+ $flent['act'] = $ipfa[$i];
+ else continue;
$i++;
- $flent['src'] = format_ipf_ip($ipfa[$i]);
+ list($flent['src'], $flent['srcport']) = format_ipf_ip($ipfa[$i],$srcport);
+ if (!isset($flent['src'])) continue;
$i += 2;
- $flent['dst'] = format_ipf_ip($ipfa[$i]);
+ list($flent['dst'], $flent['dstport']) = format_ipf_ip($ipfa[$i],$dstport);
+ if (!isset($flent['dst'])) continue;
$i += 2;
- $flent['proto'] = strtoupper($ipfa[$i]);
-
+ $protocol = strtoupper($ipfa[$i]);
+ if (!isset($proto) || ($proto == $protocol))
+ $flent['proto'] = $protocol;
+ else continue;
+ if (isset($resolve)) {
+ $flent['dst'] = gethostbyaddr($flent['dst']);
+ $flent['src'] = gethostbyaddr($flent['src']);
+ }
+ if ($protocol == "ICMP") {
+ $i += 5;
+ $flent['dst'] = $flent['dst'] . ", type " . $ipfa[$i];
+ }
$filterlog[] = $flent;
}
return $filterlog;
}
-function format_ipf_ip($ipfip) {
+function format_ipf_ip($ipfip,$uport) {
list($ip,$port) = explode(",", $ipfip);
if (!$port)
- return $ip;
-
- return $ip . ", port " . $port;
-}
+ return array($ip, "");
+
+ if ($uport == "" || ($uport == $port))
+ return array($ip . ", port " . $port, $port);
+ return;
+}
?>
+
<?php include("fbegin.inc"); ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<ul id="tabnav">
<li class="tabinact1"><a href="diag_logs.php">System</a></li>
- <li class="tabact">Firewall</li>
+ <li class="tabact"><a href="diag_logs_filter.php" style="color:black" title="reset filter and reload firewall logs page">Firewall</a></li>
<li class="tabinact"><a href="diag_logs_dhcp.php">DHCP</a></li>
<li class="tabinact"><a href="diag_logs_portal.php">Captive portal</a></li>
<li class="tabinact"><a href="diag_logs_vpn.php">PPTP VPN</a></li>
Last <?=$nentries;?> firewall log entries</td>
</tr>
<tr>
- <td width="10%" class="listhdrr">Act</td>
+ <td width="10%" class="listhdrr"><a href="?<?=substr($actstring, 1);?>" style="color:black" title="reset action and reload firewall logs page">Act</a></td>
<td width="20%" class="listhdrr">Time</td>
- <td width="10%" class="listhdrr">If</td>
- <td width="20%" class="listhdrr">Source</td>
- <td width="20%" class="listhdrr">Destination</td>
- <td width="10%" class="listhdrr">Proto</td>
- </tr><?php foreach ($filterlog as $filterent): ?>
+ <td width="10%" class="listhdrr"><a href="?<?=substr($ifstring, 1);?>" style="color:black" title="reset interface and reload firewall logs page">If</a></td>
+ <td width="20%" class="listhdrr"><a href="?<?=substr($srcstring, 1);?>" style="color:black" title="reset source port entry and reload firewall logs page">Source</a></td>
+ <td width="20%" class="listhdrr"><a href="?<?=substr($dststring, 1);?>" style="color:black" title="reset destination port entry and reload firewall logs page">Destination</a></td>
+ <td width="10%" class="listhdrr"><a href="?<?=substr($prstring, 1);?>" style="color:black" title="reset protocol entry and reload firewall logs page">Proto</a></td>
+ </tr>
+ <?php
+ $actstring .= '">';
+ $ifstring .= '" style="color:black" title="click to select interface">';
+ $srcstring .= '" style="color:black" title="click to select source port">';
+ $dststring .= '" style="color:black" title="click to select destination port">';
+ $prstring .= '" style="color:black" title="click to select protocol">';
+ ?>
+ <?php foreach ($filterlog as $filterent): ?>
<tr>
<td class="listlr" nowrap>
<?php if (strstr(strtolower($filterent['act']), "p"))
else
$img = "block.gif";
?>
- <img src="<?=$img;?>" width="11" height="11" align="absmiddle">
+ <a href="?act=<?=$filterent['act'];?><?=$actstring;?><img src="<?=$img;?>" width="11" height="11" align="absmiddle" border="0" title="click to select action"></a>
<?php if ($filterent['count']) echo $filterent['count'];?></td>
<td class="listr" nowrap><?=htmlspecialchars($filterent['time']);?></td>
- <td class="listr" nowrap><?=htmlspecialchars($filterent['interface']);?></td>
- <td class="listr" nowrap><?=htmlspecialchars($filterent['src']);?></td>
- <td class="listr" nowrap><?=htmlspecialchars($filterent['dst']);?></td>
- <td class="listr" nowrap><?=htmlspecialchars($filterent['proto']);?></td>
+ <td class="listr" nowrap>
+ <a href="?if=<?=$filterent['interface'];?><?=$ifstring;?><?=htmlspecialchars($filterent['interface']);?></a></td>
+ <td class="listr" nowrap>
+ <a href="?sp=<?=htmlspecialchars($filterent['srcport']);?><?=$srcstring;?><?=htmlspecialchars($filterent['src']);?></a></td>
+ <td class="listr" nowrap>
+ <a href="?dp=<?=htmlspecialchars($filterent['dstport']);?><?=$dststring;?><?=htmlspecialchars($filterent['dst']);?></a></td>
+ <td class="listr" nowrap>
+ <a href="?pr=<?=htmlspecialchars($filterent['proto']);?><?=$prstring;?><?=htmlspecialchars($filterent['proto']);?></a></td>
</tr><?php endforeach; ?>
</table>
+ <br><table width="100%" border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td width="100%"><strong><span class="red">Note:</span></strong><br>
+ There are many possibilities to filter this log.
+ Just click on the accept (<img src="pass.gif">) or
+ deny symbol (<img src="block.gif">) to filter for
+ accepted or denied IP packets. Do the same for the desired
+ interface, source/destination port or protocol. To deselect
+ a selected filter entry, click on the column description above.
+ To reset all filter entries and reload the firewall logs page,
+ click on the "Firewall" tab below "Diagnostics: Logs".
+ </td>
+ </tr>
+ </table>
<?php else: ?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
$pconfig['enable'] = isset($config['syslog']['enable']);
$pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']);
$pconfig['rawfilter'] = isset($config['syslog']['rawfilter']);
+$pconfig['resolve'] = isset($config['syslog']['resolve']);
if (!$pconfig['nentries'])
$pconfig['nentries'] = 50;
$oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']);
$config['syslog']['nologdefaultblock'] = $_POST['logdefaultblock'] ? false : true;
$config['syslog']['rawfilter'] = $_POST['rawfilter'] ? true : false;
+ $config['syslog']['resolve'] = $_POST['resolve'] ? true : false;
write_config();
<strong>Show raw filter logs</strong><br>
Hint: If this is checked, filter logs are shown as generated by the packet filter, without any formatting. This will reveal more detailed information. </td>
</tr>
+ <tr>
+ <td valign="top" class="vtable"> </td>
+ <td class="vtable"> <input name="resolve" type="checkbox" id="resolve" value="yes" <?php if ($pconfig['resolve']) echo "checked"; ?>>
+ <strong>Resolve IP addresses to hostnames</strong><br>
+ Hint: If this is checked, IP addresses in firewall logs are resolved to real hostnames where possible.<br>
+ Warning: This can cause a huge delay in loading the firewall log page!</td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vtable"> </td>
<td width="78%" class="vtable"> <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
<td class="listbg">
<?=htmlspecialchars($alias['descr']);?>
</td>
- <td valign="middle" nowrap class="list"> <a href="firewall_aliases_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="firewall_aliases.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this alias? All elements that still use it will become invalid (e.g. filter rules)!')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="firewall_aliases_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit alias" width="17" height="17" border="0"></a>
+ <a href="firewall_aliases.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this alias? All elements that still use it will become invalid (e.g. filter rules)!')"><img src="x.gif" title="delete alias" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="3"></td>
- <td class="list"> <a href="firewall_aliases_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="firewall_aliases_edit.php"><img src="plus.gif" title="add alias" width="17" height="17" border="0"></a></td>
</tr>
</table>
</form>
<td class="listbg">
<?=htmlspecialchars($natent['descr']);?>
</td>
- <td valign="middle" class="list" nowrap> <a href="firewall_nat_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="firewall_nat.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this rule?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" class="list" nowrap> <a href="firewall_nat_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit rule" width="17" height="17" border="0"></a>
+ <a href="firewall_nat.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this rule?')"><img src="x.gif" title="delete rule" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="6"></td>
- <td class="list"> <a href="firewall_nat_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="firewall_nat_edit.php"><img src="plus.gif" title="add rule" width="17" height="17" border="0"></a></td>
</tr>
</table><br>
<span class="vexpl"><span class="red"><strong>Note:<br>
<td class="listbg">
<?=htmlspecialchars($natent['descr']);?>
</td>
- <td class="list" nowrap> <a href="firewall_nat_1to1_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="firewall_nat_1to1.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this mapping?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td class="list" nowrap> <a href="firewall_nat_1to1_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit mapping" width="17" height="17" border="0"></a>
+ <a href="firewall_nat_1to1.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this mapping?')"><img src="x.gif" title="delete mapping" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="4"></td>
- <td class="list"> <a href="firewall_nat_1to1_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="firewall_nat_1to1_edit.php"><img src="plus.gif" title="add mapping" width="17" height="17" border="0"></a></td>
</tr>
</table><br>
<span class="vexpl"><span class="red"><strong>Note:<br>
<td class="listbg">
<?=htmlspecialchars($natent['descr']);?>
</td>
- <td class="list" nowrap> <a href="firewall_nat_out_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="firewall_nat_out.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this mapping?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td class="list" nowrap> <a href="firewall_nat_out_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit mapping" width="17" height="17" border="0"></a>
+ <a href="firewall_nat_out.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this mapping?')"><img src="x.gif" title="delete mapping" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="5"></td>
- <td class="list"> <a href="firewall_nat_out_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="firewall_nat_out_edit.php"><img src="plus.gif" title="add mapping" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
<td class="listbg">
<?=htmlspecialchars($natent['descr']);?>
</td>
- <td class="list" nowrap> <a href="firewall_nat_server_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="firewall_nat_server.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td class="list" nowrap> <a href="firewall_nat_server_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit entry" width="17" height="17" border="0"></a>
+ <a href="firewall_nat_server.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="x.gif" title="delete entry" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="2"></td>
- <td class="list"> <a href="firewall_nat_server_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="firewall_nat_server_edit.php"><img src="plus.gif" title="add entry" width="17" height="17" border="0"></a></td>
</tr>
</table><br>
<span class="vexpl"><span class="red"><strong>Note:<br>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="6"></td>
- <td class="list"> <a href="firewall_shaper_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="firewall_shaper_edit.php"><img src="plus.gif" title="add rule" width="17" height="17" border="0"></a></td>
</tr>
</table>
<td class="listbg">
<?=htmlspecialchars($pipe['descr']);?>
</td>
- <td valign="middle" nowrap class="list"> <a href="firewall_shaper_pipes_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="firewall_shaper_pipes.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this pipe?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="firewall_shaper_pipes_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit pipe" width="17" height="17" border="0"></a>
+ <a href="firewall_shaper_pipes.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this pipe?')"><img src="x.gif" title="delete pipe" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="7"></td>
- <td class="list"> <a href="firewall_shaper_pipes_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="firewall_shaper_pipes_edit.php"><img src="plus.gif" title="add pipe" width="17" height="17" border="0"></a></td>
</tr>
</table><br>
<strong><span class="red">Note:</span></strong> a pipe can
<td class="listbg">
<?=htmlspecialchars($queue['descr']);?>
</td>
- <td valign="middle" nowrap class="list"> <a href="firewall_shaper_queues_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="firewall_shaper_queues.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this queue?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="firewall_shaper_queues_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit queue" width="17" height="17" border="0"></a>
+ <a href="firewall_shaper_queues.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this queue?')"><img src="x.gif" title="delete queue" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="5"></td>
- <td class="list"> <a href="firewall_shaper_queues_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="firewall_shaper_queues_edit.php"><img src="plus.gif" title="add queue" width="17" height="17" border="0"></a></td>
</tr>
</table><br>
<strong><span class="red">Note:</span></strong> a queue can
$p2_ealgos = array('des' => 'DES', '3des' => '3DES', 'blowfish' => 'Blowfish',
'cast128' => 'CAST128', 'rijndael' => 'Rijndael (AES)');
$p1_halgos = array('sha1' => 'SHA1', 'md5' => 'MD5');
+$p1_authentication_methods = array('pre_shared_key' => 'Pre-shared key', 'rsasig' => 'RSA signature');
$p2_halgos = array('hmac_sha1' => 'SHA1', 'hmac_md5' => 'MD5');
$p2_protos = array('esp' => 'ESP', 'ah' => 'AH');
$p2_pfskeygroups = array('0' => 'off', '1' => '1', '2' => '2', '5' => '5');
usort($config['wol']['wolentry'], "wolcmp");
}
+function ipsec_ca_sort() {
+ global $g, $config;
+
+ function ipseccacmp($a, $b) {
+ return strcmp($a['ident'], $b['ident']);
+ }
+
+ usort($config['ipsec']['cacert'], "ipseccacmp");
+}
+
?>
<td class="listbg">
<?=htmlspecialchars($vlan['descr']);?>
</td>
- <td valign="middle" nowrap class="list"> <a href="interfaces_vlan_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="interfaces_vlan.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this VLAN?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="interfaces_vlan_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit VLAN" width="17" height="17" border="0"></a>
+ <a href="interfaces_vlan.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this VLAN?')"><img src="x.gif" title="delete VLAN" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="3"> </td>
- <td class="list"> <a href="interfaces_vlan_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="interfaces_vlan_edit.php"><img src="plus.gif" title="add VLAN" width="17" height="17" border="0"></a></td>
</tr>
<tr>
<td colspan="3" class="list"><span class="vexpl"><span class="red"><strong>
<br>
Peter Allgeyer (<a href="mailto:allgeyer@web.de">allgeyer@web.de</a>)<br>
<em><font color="#666666">"reject" type filter rules; dial-on-demand; WAN connect/disconnect; auto-add proxy ARP </font></em><br>
+ <em><font color="#666666">firewall log filtering</font></em><br>
<br>
Thierry Lechat (<a href="mailto:dev@lechat.org">dev@lechat.org</a>)<br>
<em><font color="#666666">SVG-based traffic grapher</font></em><br>
<em><font color="#666666">Captive portal local user database</font></em><br>
<br>
Matt Juszczak (<a href="mailto:matt@atopia.net">matt@atopia.net</a>)<br>
- <em><font color="#666666">Captive portal logging</font></em></p>
+ <em><font color="#666666">Captive portal logging</font></em><br>
+ <br>
+ Enrique Maldonado (<a href="mailto:enrique@directemar.cl">enrique@directemar.cl</a>)<br>
+ <em><font color="#666666">IPsec certificate support</font></em></p>
<hr size="1">
<p>m0n0wall is based upon/includes various free software packages,
listed below.<br>
$pconfig['enable'] = isset($config['captiveportal']['enable']);
$pconfig['auth_method'] = $config['captiveportal']['auth_method'];
$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']);
+$pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']);
+$pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct'];
$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']);
$pconfig['httpsname'] = $config['captiveportal']['httpsname'];
$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']);
$config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
$config['captiveportal']['auth_method'] = $_POST['auth_method'];
$config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
+ $config['captiveportal']['reauthenticate'] = $_POST['reauthenticate'] ? true : false;
+ $config['captiveportal']['reauthenticateacct'] = $_POST['reauthenticateacct'];
$config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false;
$config['captiveportal']['httpsname'] = $_POST['httpsname'];
$config['captiveportal']['certificate'] = base64_encode($_POST['cert']);
document.iform.radiuskey.disabled = endis;
document.iform.radacct_enable.disabled = endis;
document.iform.radiusacctport.disabled = endis;
+ document.iform.reauthenticate.disabled = endis;
+ document.iform.reauthenticateacct.disabled = endis;
document.iform.auth_method[0].disabled = endis;
document.iform.auth_method[1].disabled = endis;
document.iform.auth_method[2].disabled = endis;
</tr>
<tr>
<td>Accounting: </td>
- <td><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" <?php if($pconfig['radacct_enable']) echo "checked"; ?>></td>
+ <td><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" <?php if($pconfig['radacct_enable']) echo "checked"; ?>>
+ send RADIUS accounting packets</td>
</tr>
<tr>
<td>Accounting port: </td>
<td><input name="radiusacctport" type="text" class="formfld" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"></td>
- </tr></table>
+ </tr>
+ <tr>
+ <td valign="top">Reauthentication: </td>
+ <td><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
+ reauthenticate connected users every minute<br><br>
+ <input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked"; ?>> no accounting updates<br>
+ <input name="reauthenticateacct" type="radio" value="stopstart" <?php if($pconfig['reauthenticateacct'] == "stopstart") echo "checked"; ?>> stop/start accounting<br>
+ <input name="reauthenticateacct" type="radio" value="interimupdate" <?php if($pconfig['reauthenticateacct'] == "interimupdate") echo "checked"; ?>> interim update</td>
+ </tr>
+ </table>
<br>
When using RADIUS authentication, enter the IP address and port of the RADIUS server which users of the captive portal have to authenticate against. Leave port number blank to use the default port (1812). Leave the RADIUS shared secret blank to not use a RADIUS shared secret. RADIUS accounting packets will also be sent to the RADIUS server if accounting is enabled (default port is 1813).
+ <br><br>If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.
</tr>
<tr>
<td valign="top" class="vncell">HTTPS login</td>
<td class="listbg">
<?=htmlspecialchars($ip['descr']);?>
</td>
- <td valign="middle" nowrap class="list"> <a href="services_captiveportal_ip_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="services_captiveportal_ip.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this address?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="services_captiveportal_ip_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit address" width="17" height="17" border="0"></a>
+ <a href="services_captiveportal_ip.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this address?')"><img src="x.gif" title="delete address" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="2"> </td>
- <td class="list"> <a href="services_captiveportal_ip_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="services_captiveportal_ip_edit.php"><img src="plus.gif" title="add address" width="17" height="17" border="0"></a></td>
</tr>
<tr>
<td colspan="2" class="list"><p class="vexpl"><span class="red"><strong>
<td class="listbg">
<?=htmlspecialchars($mac['descr']);?>
</td>
- <td valign="middle" nowrap class="list"> <a href="services_captiveportal_mac_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="services_captiveportal_mac.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this host?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="services_captiveportal_mac_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit host" width="17" height="17" border="0"></a>
+ <a href="services_captiveportal_mac.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this host?')"><img src="x.gif" title="delete host" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="2"> </td>
- <td class="list"> <a href="services_captiveportal_mac_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="services_captiveportal_mac_edit.php"><img src="plus.gif" title="add host" width="17" height="17" border="0"></a></td>
</tr>
<tr>
<td colspan="2" class="list"><span class="vexpl"><span class="red"><strong>
<td class="listbg">
<?=$user['expirationdate']; ?>
</td>
- <td valign="middle" nowrap class="list"> <a href="services_captiveportal_users.php?act=edit&username=<?=$username; ?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="services_captiveportal_users.php?act=delete&username=<?=$username; ?>" onclick="return confirm('Do you really want to delete this User?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="services_captiveportal_users.php?act=edit&username=<?=$username; ?>"><img src="e.gif" title="edit user" width="17" height="17" border="0"></a>
+ <a href="services_captiveportal_users.php?act=delete&username=<?=$username; ?>" onclick="return confirm('Do you really want to delete this User?')"><img src="x.gif" title="delete user" width="17" height="17" border="0"></a></td>
</tr>
<?php
}
} ?>
<tr>
<td class="list" colspan="3"></td>
- <td class="list"> <a href="services_captiveportal_users.php?act=new"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="services_captiveportal_users.php?act=new"><img src="plus.gif" title="add user" width="17" height="17" border="0"></a></td>
</tr>
</table>
<?php } ?>
<td class="listbg">
<?=htmlspecialchars($mapent['descr']);?>
</td>
- <td valign="middle" nowrap class="list"> <a href="services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="services_dhcp.php?if=<?=$if;?>&act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this mapping?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>"><img src="e.gif" title="edit mapping" width="17" height="17" border="0"></a>
+ <a href="services_dhcp.php?if=<?=$if;?>&act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this mapping?')"><img src="x.gif" title="delete mapping" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="3"></td>
- <td class="list"> <a href="services_dhcp_edit.php?if=<?=$if;?>"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="services_dhcp_edit.php?if=<?=$if;?>"><img src="plus.gif" title="add mapping" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
<td class="listbg">
<?=htmlspecialchars($hostent['descr']);?>
</td>
- <td valign="middle" nowrap class="list"> <a href="services_dnsmasq_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="services_dnsmasq.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this host?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="services_dnsmasq_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit host" width="17" height="17" border="0"></a>
+ <a href="services_dnsmasq.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this host?')"><img src="x.gif" title="delete host" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="4"></td>
- <td class="list"> <a href="services_dnsmasq_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="services_dnsmasq_edit.php"><img src="plus.gif" title="add host" width="17" height="17" border="0"></a></td>
</tr>
</table>
</form>
<td class="listbg">
<?=htmlspecialchars($arpent['descr']);?>
</td>
- <td valign="middle" nowrap class="list"> <a href="services_proxyarp_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="services_proxyarp.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this network?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="services_proxyarp_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit network" width="17" height="17" border="0"></a>
+ <a href="services_proxyarp.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this network?')"><img src="x.gif" title="delete network" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="3"></td>
- <td class="list"> <a href="services_proxyarp_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="services_proxyarp_edit.php"><img src="plus.gif" title="add network" width="17" height="17" border="0"></a></td>
</tr>
</table>
</form>
<td class="listbg">
<?=htmlspecialchars($wolent['descr']);?>
</td>
- <td valign="middle" nowrap class="list"> <a href="services_wol_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="services_wol.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="services_wol_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit entry" width="17" height="17" border="0"></a>
+ <a href="services_wol.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="x.gif" title="delete entry" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="3"></td>
- <td class="list"> <a href="services_wol_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="services_wol_edit.php"><img src="plus.gif" title="add entry" width="17" height="17" border="0"></a></td>
</tr>
</table>
</form>
if ($line) {
$cpent = explode(",", $line);
if ($_GET['showact'])
- $cpent[4] = captiveportal_get_last_activity($cpent[1]);
+ $cpent[7] = captiveportal_get_last_activity($cpent[1]);
$cpdb[] = $cpent;
}
}
$order = 2;
else if ($_GET['order'] == "mac")
$order = 3;
- else if ($_GET['order'] == "lastact")
+ else if ($_GET['order'] == "user")
$order = 4;
+ else if ($_GET['order'] == "lastact")
+ $order = 7;
else
$order = 0;
usort($cpdb, "clientcmp");
<tr>
<td class="listhdrr"><a href="?order=ip&showact=<?=$_GET['showact'];?>">IP address</a></td>
<td class="listhdrr"><a href="?order=mac&showact=<?=$_GET['showact'];?>">MAC address</a></td>
- <?php if ($_GET['showact']): ?>
<td class="listhdrr"><a href="?order=start&showact=<?=$_GET['showact'];?>">Session start</a></td>
- <td class="listhdr"><a href="?order=lastact&showact=<?=$_GET['showact'];?>">Last activity</a></td>
- <?php else: ?>
- <td class="listhdr"><a href="?order=start&showact=<?=$_GET['showact'];?>">Session start</a></td>
+ <?php if ($_GET['showact']): ?>
+ <td class="listhdrr"><a href="?order=lastact&showact=<?=$_GET['showact'];?>">Last activity</a></td>
<?php endif; ?>
+ <td class="listhdr"><a href="?order=user&showact=<?=$_GET['showact'];?>">Username</a></td>
<td class="list"></td>
</tr>
<?php foreach ($cpdb as $cpent): ?>
<td class="listr"><?=$cpent[3];?> </td>
<td class="listr"><?=htmlspecialchars(date("m/d/Y H:i:s", $cpent[0]));?></td>
<?php if ($_GET['showact']): ?>
- <td class="listr"><?php if ($cpent[4]) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[4]));?></td>
+ <td class="listr"><?php if ($cpent[7]) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[7]));?></td>
<?php endif; ?>
+ <td class="listr"><?=$cpent[4];?> </td>
<td valign="middle" class="list" nowrap>
- <a href="?order=<?=$_GET['order'];?>&showact=<?=$_GET['showact'];?>&act=del&id=<?=$cpent[1];?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <a href="?order=<?=$_GET['order'];?>&showact=<?=$_GET['showact'];?>&act=del&id=<?=$cpent[1];?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="x.gif" title="disconnect client" width="17" height="17" border="0"></a></td>
</tr>
<?php endforeach; ?>
</table>
$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
$pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
$pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']);
+$pconfig['polling_enable'] = isset($config['system']['polling']);
if ($_POST) {
$config['filter']['tcpidletimeout'] = $_POST['tcpidletimeout'];
$oldpreferoldsa = $config['ipsec']['preferoldsa'];
$config['ipsec']['preferoldsa'] = $_POST['preferoldsa_enable'] ? true : false;
+ $config['system']['polling'] = $_POST['polling_enable'] ? true : false;
write_config();
$retval |= interfaces_optional_configure();
if ($config['ipsec']['preferoldsa'] != $oldpreferoldsa)
$retval |= vpn_ipsec_configure();
+ $retval |= system_polling_configure();
config_unlock();
}
$savemsg = get_std_save_message($retval);
By default, if several SAs match, the newest one is preferred if it's at least 30 seconds old.
Select this option to always prefer old SAs over new ones.
</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Device polling</td>
+ <td width="78%" class="vtable">
+ <input name="polling_enable" type="checkbox" id="polling_enable" value="yes" <?php if ($pconfig['polling_enable']) echo "checked"; ?>>
+ <strong>Use device polling</strong><br>
+ Device polling is a technique that lets the system periodically poll network devices for new
+ data instead of relying on interrupts. This can reduce CPU load and therefore increase
+ throughput, at the expense of a slightly higher forwarding delay (the devices are polled 1000 times
+ per second). Not all NICs support polling; see the m0n0wall homepage for a list of supported cards.
+ </td>
</tr>
<tr>
<td width="22%" valign="top"> </td>
<td class="listbg">
<?=htmlspecialchars($route['descr']);?>
</td>
- <td valign="middle" nowrap class="list"> <a href="system_routes_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="system_routes.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this route?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="system_routes_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit route" width="17" height="17" border="0"></a>
+ <a href="system_routes.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this route?')"><img src="x.gif" title="delete route" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="4"></td>
- <td class="list"> <a href="system_routes_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="system_routes_edit.php"><img src="plus.gif" title="add route" width="17" height="17" border="0"></a></td>
</tr>
</table>
</form>
<li class="tabact">Tunnels</li>
<li class="tabinact"><a href="vpn_ipsec_mobile.php">Mobile clients</a></li>
<li class="tabinact"><a href="vpn_ipsec_keys.php">Pre-shared keys</a></li>
+ <li class="tabinact"><a href="vpn_ipsec_ca.php">CAs</a></li>
</ul>
</td></tr>
<tr>
<td class="listbg"><?=$spans;?>
<?=htmlspecialchars($ipsecent['descr']);?>
<?=$spane;?></td>
- <td valign="middle" nowrap class="list"> <a href="vpn_ipsec_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="vpn_ipsec.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this tunnel?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="vpn_ipsec_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit tunnel" width="17" height="17" border="0"></a>
+ <a href="vpn_ipsec.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this tunnel?')"><img src="x.gif" title="delete tunnel" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="6"></td>
- <td class="list"> <a href="vpn_ipsec_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="vpn_ipsec_edit.php"><img src="plus.gif" title="add tunnel" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ vpn_ipsec_ca.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$pgtitle = array("VPN", "IPsec");
+require("guiconfig.inc");
+
+if (!is_array($config['ipsec']['cacert'])) {
+ $config['ipsec']['cacert'] = array();
+}
+ipsec_ca_sort();
+$a_secret = &$config['ipsec']['cacert'];
+
+if ($_GET['act'] == "del") {
+ if ($a_secret[$_GET['id']]) {
+ unset($a_secret[$_GET['id']]);
+ write_config();
+ touch($d_ipsecconfdirty_path);
+ header("Location: vpn_ipsec_ca.php");
+ exit;
+ }
+}
+
+?>
+<?php include("fbegin.inc"); ?>
+<form action="vpn_ipsec.php" method="post">
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_ipsecconfdirty_path)): ?><p>
+<?php print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
+<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
+<?php endif; ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="vpn_ipsec.php">Tunnels</a></li>
+ <li class="tabinact"><a href="vpn_ipsec_mobile.php">Mobile clients</a></li>
+ <li class="tabinact"><a href="vpn_ipsec_keys.php">Pre-shared keys</a></li>
+ <li class="tabact">CAs</li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="80%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="listhdrr">Identifier</td>
+ <td class="list"></td>
+ </tr>
+ <?php $i = 0; foreach ($a_secret as $secretent): ?>
+ <tr>
+ <td class="listlr">
+ <?=htmlspecialchars($secretent['ident']);?>
+ </td>
+ <td class="list" nowrap> <a href="vpn_ipsec_ca_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit certificate" width="17" height="17" border="0"></a>
+ <a href="vpn_ipsec_ca.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this certificate?')"><img src="x.gif" title="delete certificate" width="17" height="17" border="0"></a></td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list"></td>
+ <td class="list"> <a href="vpn_ipsec_ca_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+</form>
+<?php include("fend.inc"); ?>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ vpn_ipsec_ca_edit.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$pgtitle = array("VPN", "IPsec", "Edit CA certificate");
+require("guiconfig.inc");
+
+if (!is_array($config['ipsec']['cacert'])) {
+ $config['ipsec']['cacert'] = array();
+}
+ipsec_ca_sort();
+$a_secret = &$config['ipsec']['cacert'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if (isset($id) && $a_secret[$id]) {
+ $pconfig['ident'] = $a_secret[$id]['ident'];
+ $pconfig['cert'] = base64_decode($a_secret[$id]['cert']);
+}
+
+if ($_POST) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "ident cert");
+ $reqdfieldsn = explode(",", "Identifier,CA Certificate");
+ if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))
+ $input_errors[] = "This certificate does not appear to be valid.";
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident']))
+ $input_errors[] = "The identifier contains invalid characters.";
+
+ if (!$input_errors && !(isset($id) && $a_secret[$id])) {
+ /* make sure there are no dupes */
+ foreach ($a_secret as $secretent) {
+ if ($secretent['ident'] == $_POST['ident']) {
+ $input_errors[] = "Another entry with the same identifier already exists.";
+ break;
+ }
+ }
+ }
+
+ if (!$input_errors) {
+
+ if (isset($id) && $a_secret[$id])
+ $secretent = $a_secret[$id];
+
+ $secretent['ident'] = $_POST['ident'];
+ $secretent['cert'] = base64_encode($_POST['cert']);
+
+ if (isset($id) && $a_secret[$id])
+ $a_secret[$id] = $secretent;
+ else
+ $a_secret[] = $secretent;
+
+ write_config();
+ touch($d_ipsecconfdirty_path);
+
+ header("Location: vpn_ipsec_ca.php");
+ exit;
+ }
+}
+?>
+<?php include("fbegin.inc"); ?>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+ <form action="vpn_ipsec_ca_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td valign="top" class="vncellreq">Identifier</td>
+ <td class="vtable">
+ <input name="ident" type="text" class="formfld" id="ident" size="30" value="<?=$pconfig['ident'];?>">
+ <br>
+This can be any text to describe the certificate authority.
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Certificate</td>
+ <td width="78%" class="vtable">
+ <textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
+ <br>
+ Paste a CA certificate in X.509 PEM format here.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id) && $a_secret[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+</form>
+<?php include("fend.inc"); ?>
$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
$pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
$pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
+ $pconfig['p1authentication_method'] = $a_ipsec[$id]['p1']['authentication_method'];
$pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
+ $pconfig['p1cert'] = base64_decode($a_ipsec[$id]['p1']['cert']);
+ $pconfig['p1peercert'] = base64_decode($a_ipsec[$id]['p1']['peercert']);
+ $pconfig['p1privatekey'] = base64_decode($a_ipsec[$id]['p1']['private-key']);
$pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
$pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
$pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
$pconfig['localnet'] = "lan";
$pconfig['p1mode'] = "aggressive";
$pconfig['p1myidentt'] = "myaddress";
+ $pconfig['p1authentication_method'] = "pre_shared_key";
$pconfig['p1ealgo'] = "3des";
$pconfig['p1halgo'] = "sha1";
$pconfig['p1dhgroup'] = "2";
$pconfig = $_POST;
/* input validation */
- $reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
- $reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
+ if ($_POST['p1authentication_method'] == "pre_shared_key") {
+ $reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
+ $reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
+ }
+ else {
+ $reqdfields = explode(" ", "localnet remotenet remotebits remotegw p2ealgos p2halgos");
+ $reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,P2 Encryption Algorithms,P2 Hash Algorithms");
+ if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") || !strstr($_POST['p1cert'], "END CERTIFICATE"))
+ $input_errors[] = "This certificate does not appear to be valid.";
+ if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY"))
+ $input_errors[] = "This key does not appear to be valid.";
+ if ($_POST['p1peercert']!="" && (!strstr($_POST['p1peercert'], "BEGIN CERTIFICATE") || !strstr($_POST['p1peercert'], "END CERTIFICATE")))
+ $input_errors[] = "This peer certificate does not appear to be valid.";
+ }
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
$ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
+ $ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']);
+ $ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']);
+ $ipsecent['p1']['peercert'] = base64_encode($_POST['p1peercert']);
+ $ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method'];
$ipsecent['p2']['protocol'] = $_POST['p2proto'];
$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
break;
}
}
+function methodsel_change() {
+ switch (document.iform.p1authentication_method.selectedIndex) {
+ case 1: /* rsa */
+ document.iform.p1pskey.disabled = 1;
+ document.iform.p1privatekey.disabled = 0;
+ document.iform.p1cert.disabled = 0;
+ document.iform.p1peercert.disabled = 0;
+ break;
+ default: /* pre-shared */
+ document.iform.p1pskey.disabled = 0;
+ document.iform.p1privatekey.disabled = 1;
+ document.iform.p1cert.disabled = 1;
+ document.iform.p1peercert.disabled = 1;
+ break;
+ }
+}
//-->
</script>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
seconds</td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Authentication method</td>
+ <td width="78%" class="vtable">
+ <select name="p1authentication_method" class="formfld" onChange="methodsel_change()">
+ <?php foreach ($p1_authentication_methods as $method => $methodname): ?>
+ <option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>>
+ <?=htmlspecialchars($methodname);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br> <span class="vexpl">Must match the setting
+ chosen on the remote side.</span></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
<td width="78%" class="vtable">
<?=$mandfldhtml;?><input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
</td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Certificate</td>
+ <td width="78%" class="vtable">
+ <textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea>
+ <br>
+ Paste a certificate in X.509 PEM format here.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Key</td>
+ <td width="78%" class="vtable">
+ <textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea>
+ <br>
+ Paste an RSA private key in PEM format here.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Peer certificate</td>
+ <td width="78%" class="vtable">
+ <textarea name="p1peercert" cols="65" rows="7" id="p1peercert" class="formpre"><?=htmlspecialchars($pconfig['p1peercert']);?></textarea>
+ <br>
+ Paste the peer X.509 certificate in PEM format here.<br>
+ Leave this blank if you want to use a CA certificate for identity validation.</td>
+ </tr>
<tr>
<td colspan="2" class="list" height="12"></td>
</tr>
<script language="JavaScript">
<!--
typesel_change();
+methodsel_change();
//-->
</script>
<?php include("fend.inc"); ?>
<li class="tabinact1"><a href="vpn_ipsec.php">Tunnels</a></li>
<li class="tabinact"><a href="vpn_ipsec_mobile.php">Mobile clients</a></li>
<li class="tabact">Pre-shared keys</li>
+ <li class="tabinact"><a href="vpn_ipsec_ca.php">CAs</a></li>
</ul>
</td></tr>
<tr>
<td class="listr">
<?=htmlspecialchars($secretent['pre-shared-key']);?>
</td>
- <td class="list" nowrap> <a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="vpn_ipsec_keys.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this pre-shared key?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td class="list" nowrap> <a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit key" width="17" height="17" border="0"></a>
+ <a href="vpn_ipsec_keys.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this pre-shared key?')"><img src="x.gif" title="delete key" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="2"></td>
- <td class="list"> <a href="vpn_ipsec_keys_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="vpn_ipsec_keys_edit.php"><img src="plus.gif" title="add key" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
$pconfig['p1ealgo'] = "3des";
$pconfig['p1halgo'] = "sha1";
$pconfig['p1dhgroup'] = "2";
+ $pconfig['p1authentication_method'] = "pre_shared_key";
$pconfig['p2proto'] = "esp";
$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael");
$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
$pconfig['p1halgo'] = $a_ipsec['p1']['hash-algorithm'];
$pconfig['p1dhgroup'] = $a_ipsec['p1']['dhgroup'];
$pconfig['p1lifetime'] = $a_ipsec['p1']['lifetime'];
+ $pconfig['p1authentication_method'] = $a_ipsec['p1']['authentication_method'];
+ $pconfig['p1cert'] = base64_decode($a_ipsec['p1']['cert']);
+ $pconfig['p1privatekey'] = base64_decode($a_ipsec['p1']['private-key']);
$pconfig['p2proto'] = $a_ipsec['p2']['protocol'];
$pconfig['p2ealgos'] = $a_ipsec['p2']['encryption-algorithm-option'];
$pconfig['p2halgos'] = $a_ipsec['p2']['hash-algorithm-option'];
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+ if ($_POST['p1authentication_method']== "rsasig") {
+ if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") || !strstr($_POST['p1cert'], "END CERTIFICATE"))
+ $input_errors[] = "This certificate does not appear to be valid.";
+ if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY"))
+ $input_errors[] = "This key does not appear to be valid.";
+ }
+
if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
$input_errors[] = "The P1 lifetime must be an integer.";
}
$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
+ $ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']);
+ $ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']);
+ $ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method'];
$ipsecent['p2']['protocol'] = $_POST['p2proto'];
$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
}
?>
<?php include("fbegin.inc"); ?>
+<script language="JavaScript">
+<!--
+function methodsel_change() {
+ switch (document.iform.p1authentication_method.selectedIndex) {
+ case 1: /* rsa */
+ document.iform.p1privatekey.disabled = 0;
+ document.iform.p1cert.disabled = 0;
+ break;
+ default: /* pre-shared */
+ document.iform.p1privatekey.disabled = 1;
+ document.iform.p1cert.disabled = 1;
+ break;
+ }
+}
+//-->
+</script>
<form action="vpn_ipsec.php" method="post">
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if (file_exists($d_ipsecconfdirty_path)): ?><p>
<li class="tabinact1"><a href="vpn_ipsec.php">Tunnels</a></li>
<li class="tabact">Mobile clients</li>
<li class="tabinact"><a href="vpn_ipsec_keys.php">Pre-shared keys</a></li>
+ <li class="tabinact"><a href="vpn_ipsec_ca.php">CAs</a></li>
</ul>
</td></tr>
<tr>
<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
seconds</td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Authentication method</td>
+ <td width="78%" class="vtable">
+ <select name="p1authentication_method" class="formfld" onChange="methodsel_change()">
+ <?php foreach ($p1_authentication_methods as $method => $methodname): ?>
+ <option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>>
+ <?=htmlspecialchars($methodname);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br> <span class="vexpl">Must match the setting
+ chosen on the remote side. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Certificate</td>
+ <td width="78%" class="vtable">
+ <textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea>
+ <br>
+ Paste a certificate in X.509 PEM format here.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Key</td>
+ <td width="78%" class="vtable">
+ <textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea>
+ <br>
+ Paste an RSA private key in PEM format here.</td>
+ </tr>
<tr>
<td colspan="2" class="list" height="12"></td>
</tr>
</tr>
</table>
</form>
+<script language="JavaScript">
+<!--
+methodsel_change();
+//-->
+</script>
<?php include("fend.inc"); ?>
<td class="listbg"><?=$spans;?>
<?= $client['descr'];?>
<?=$spane;?></td>
- <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_cli_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="vpn_openvpn_cli.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client configuration?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_cli_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit client configuration" width="17" height="17" border="0"></a>
+ <a href="vpn_openvpn_cli.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client configuration?')"><img src="x.gif" title="delete client configuration" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="4"> </td>
- <td class="list"> <a href="vpn_openvpn_cli_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="vpn_openvpn_cli_edit.php"><img src="plus.gif" title="add client configuration" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
<td class="listr">
<?=htmlspecialchars($secretent['ip']);?>
</td>
- <td class="list" nowrap> <a href="vpn_pptp_users_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
- <a href="vpn_pptp_users.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this user?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ <td class="list" nowrap> <a href="vpn_pptp_users_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit user" width="17" height="17" border="0"></a>
+ <a href="vpn_pptp_users.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this user?')"><img src="x.gif" title="delete user" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td class="list" colspan="2"></td>
- <td class="list"> <a href="vpn_pptp_users_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="vpn_pptp_users_edit.php"><img src="plus.gif" title="add user" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
projects / m0n0chwall.git / commitdiff