Example #1
0
        }
    } else {
        if ($_GET['act'] == 'childdisconnect') {
            if (ctype_digit($_GET['ikeid'])) {
                if (!empty($_GET['ikesaid']) && ctype_digit($_GET['ikesaid'])) {
                    mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']) . "{" . escapeshellarg($_GET['ikesaid']) . "}");
                }
            }
        }
    }
}
if (!is_array($config['ipsec']['phase1'])) {
    $config['ipsec']['phase1'] = array();
}
$a_phase1 =& $config['ipsec']['phase1'];
$status = ipsec_list_sa();
$tab_array = array();
$tab_array[] = array(gettext("Overview"), true, "status_ipsec.php");
$tab_array[] = array(gettext("Leases"), false, "status_ipsec_leases.php");
$tab_array[] = array(gettext("SADs"), false, "status_ipsec_sad.php");
$tab_array[] = array(gettext("SPDs"), false, "status_ipsec_spd.php");
display_top_tabs($tab_array);
?>

<div class="panel panel-default">
	<div class="panel-heading"><h2 class="panel-title"><?php 
echo gettext("IPsec Status");
?>
</h2></div>
	<div class="panel-body table responsive">
		<table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable>
Example #2
0
function print_ipsec_body()
{
    global $config;
    $a_phase1 =& $config['ipsec']['phase1'];
    $status = ipsec_list_sa();
    $ipsecconnected = array();
    if (is_array($status)) {
        foreach ($status as $ikeid => $ikesa) {
            $con_id = substr($ikeid, 3);
            if ($ikesa['version'] == 1) {
                $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
                $ipsecconnected[$ph1idx] = $ph1idx;
            } else {
                $ipsecconnected[$con_id] = $ph1idx = $con_id;
            }
            print "<tr>\n";
            print "<td>\n";
            print htmlspecialchars(ipsec_get_descr($ph1idx));
            print "</td>\n";
            print "<td>\n";
            if (!empty($ikesa['local-id'])) {
                if ($ikesa['local-id'] == '%any') {
                    print gettext('Any identifier');
                } else {
                    print htmlspecialchars($ikesa['local-id']);
                }
            } else {
                print gettext("Unknown");
            }
            print "</td>\n";
            print "<td>\n";
            if (!empty($ikesa['local-host'])) {
                print htmlspecialchars($ikesa['local-host']);
            } else {
                print gettext("Unknown");
            }
            /*
             * XXX: local-nat-t was defined by pfSense
             * When strongswan team accepted the change, they changed it to
             * nat-local. Keep both for a while and remove local-nat-t in
             * the future
             */
            if (isset($ikesa['local-nat-t']) || isset($ikesa['nat-local'])) {
                print " NAT-T";
            }
            print "</td>\n";
            print "<td>\n";
            $identity = "";
            if (!empty($ikesa['remote-id'])) {
                if ($ikesa['remote-id'] == '%any') {
                    $identity = htmlspecialchars(gettext('Any identifier'));
                } else {
                    $identity = htmlspecialchars($ikesa['remote-id']);
                }
            }
            if (!empty($ikesa['remote-xauth-id'])) {
                echo htmlspecialchars($ikesa['remote-xauth-id']);
                echo "<br/>{$identity}";
            } elseif (!empty($ikesa['remote-eap-id'])) {
                echo htmlspecialchars($ikesa['remote-eap-id']);
                echo "<br/>{$identity}";
            } else {
                if (empty($identity)) {
                    print gettext("Unknown");
                } else {
                    print $identity;
                }
            }
            print "</td>\n";
            print "<td>\n";
            if (!empty($ikesa['remote-host'])) {
                print htmlspecialchars($ikesa['remote-host']);
            } else {
                print gettext("Unknown");
            }
            /*
             * XXX: remote-nat-t was defined by pfSense
             * When strongswan team accepted the change, they changed it to
             * nat-remote. Keep both for a while and remove remote-nat-t in
             * the future
             */
            if (isset($ikesa['remote-nat-t']) || isset($ikesa['nat-remote'])) {
                print " NAT-T";
            }
            print "</td>\n";
            print "<td>\n";
            print "IKEv" . htmlspecialchars($ikesa['version']);
            print "<br/>\n";
            if ($ikesa['initiator'] == 'yes') {
                print "initiator";
            } else {
                print "responder";
            }
            print "</td>\n";
            print "<td>\n";
            print htmlspecialchars($ikesa['reauth-time']) . gettext(" seconds (") . convert_seconds_to_hms($ikesa['reauth-time']) . ")";
            print "</td>\n";
            print "<td>\n";
            print htmlspecialchars($ikesa['encr-alg']);
            print "<br/>";
            print htmlspecialchars($ikesa['integ-alg']);
            print "<br/>";
            print htmlspecialchars($ikesa['prf-alg']);
            print "<br/>\n";
            print htmlspecialchars($ikesa['dh-group']);
            print "</td>\n";
            print "<td>\n";
            if ($ikesa['state'] == 'ESTABLISHED') {
                print '<span class="text-success">';
            } else {
                print '<span>';
            }
            print ucfirst(htmlspecialchars($ikesa['state']));
            if ($ikesa['state'] == 'ESTABLISHED') {
                print "<br/>" . htmlspecialchars($ikesa['established']) . gettext(" seconds (") . convert_seconds_to_hms($ikesa['established']) . gettext(") ago");
            }
            print "</span>";
            print "</td>\n";
            print "<td>\n";
            if ($ikesa['state'] != 'ESTABLISHED') {
                print '<a href="status_ipsec.php?act=connect&amp;ikeid=' . $con_id . '" class="btn btn-xs btn-success" data-toggle="tooltip" title="' . gettext("Connect VPN") . '" >';
                print '<i class="fa fa-sign-in icon-embed-btn"></i>';
                print gettext("Connect VPN");
                print "</a>\n";
            } else {
                print '<a href="status_ipsec.php?act=ikedisconnect&amp;ikeid=' . $con_id . '" class="btn btn-xs btn-danger" data-toggle="tooltip" title="' . gettext("Disconnect VPN") . '">';
                print '<i class="fa fa-trash icon-embed-btn"></i>';
                print gettext("Disconnect");
                print "</a><br />\n";
            }
            print "</td>\n";
            print "</tr>\n";
            print "<tr>\n";
            print "<td colspan = 10>\n";
            if (is_array($ikesa['child-sas']) && count($ikesa['child-sas']) > 0) {
                print '<div>';
                print '<a type="button" id="btnchildsa-' . $ikeid . '" class="btn btn-sm btn-info">';
                print '<i class="fa fa-plus-circle icon-embed-btn"></i>';
                print gettext('Show child SA entries');
                print "</a>\n";
                print "\t</div>\n";
                print '<table class="table table-hover table-condensed" id="childsa-' . $ikeid . '" style="display:none">';
                print "<thead>\n";
                print '<tr class="bg-info">';
                print '<th><?=gettext("Local subnets")?></th>';
                print '<th><?=gettext("Local SPI(s)")?></th>';
                print '<th><?=gettext("Remote subnets")?></th>';
                print '<th><?=gettext("Times")?></th>';
                print '<th><?=gettext("Algo")?></th>';
                print '<th><?=gettext("Stats")?></th>';
                print '<th><!-- Buttons --></th>';
                print "</tr\n";
                print "</thead>\n";
                print "<tbody>\n";
                foreach ($ikesa['child-sas'] as $childid => $childsa) {
                    print "<tr>";
                    print "<td>\n";
                    if (is_array($childsa['local-ts'])) {
                        foreach ($childsa['local-ts'] as $lnets) {
                            print htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />";
                        }
                    } else {
                        print gettext("Unknown");
                    }
                    print "</td>\n";
                    print "<td>\n";
                    if (isset($childsa['spi-in'])) {
                        print gettext("Local: ") . htmlspecialchars($childsa['spi-in']);
                    }
                    if (isset($childsa['spi-out'])) {
                        print '<br/>' . gettext('Remote: ') . htmlspecialchars($childsa['spi-out']);
                    }
                    print "</td>\n";
                    print "<td>\n";
                    if (is_array($childsa['remote-ts'])) {
                        foreach ($childsa['remote-ts'] as $rnets) {
                            print htmlspecialchars(ipsec_fixup_network($rnets)) . '<br />';
                        }
                    } else {
                        print gettext("Unknown");
                    }
                    print "</td>\n";
                    print "<td>\n";
                    print gettext("Rekey: ") . htmlspecialchars($childsa['rekey-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['rekey-time']) . ")";
                    print '<br/>' . gettext('Life: ') . htmlspecialchars($childsa['life-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['life-time']) . ")";
                    print '<br/>' . gettext('Install: ') . htmlspecialchars($childsa['install-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['install-time']) . ")";
                    print "</td>\n";
                    print "<td>\n";
                    print htmlspecialchars($childsa['encr-alg']) . '<br/>';
                    print htmlspecialchars($childsa['integ-alg']) . '<br/>';
                    if (!empty($childsa['prf-alg'])) {
                        print htmlspecialchars($childsa['prf-alg']) . '<br/>';
                    }
                    if (!empty($childsa['dh-group'])) {
                        print htmlspecialchars($childsa['dh-group']) . '<br/>';
                    }
                    if (!empty($childsa['esn'])) {
                        print htmlspecialchars($childsa['esn']) . '<br/>';
                    }
                    print gettext("IPComp: ");
                    if (!empty($childsa['cpi-in']) || !empty($childsa['cpi-out'])) {
                        print htmlspecialchars($childsa['cpi-in']) . " " . htmlspecialchars($childsa['cpi-out']);
                    } else {
                        print gettext('none');
                    }
                    print "</td>\n";
                    print "<td>\n";
                    print gettext("Bytes-In: ") . htmlspecialchars(number_format($childsa['bytes-in'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-in'])) . ')<br/>';
                    print gettext("Packets-In: ") . htmlspecialchars(number_format($childsa['packets-in'])) . '<br/>';
                    print gettext("Bytes-Out: ") . htmlspecialchars(number_format($childsa['bytes-out'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-out'])) . ')<br/>';
                    print gettext("Packets-Out: ") . htmlspecialchars(number_format($childsa['packets-out'])) . '<br/>';
                    print "</td>\n";
                    print "<td>\n";
                    print '<a href="status_ipsec.php?act=childdisconnect&amp;ikeid=' . $con_id . '&amp;ikesaid=' . $childsa['uniqueid'] . '" class="btn btn-xs btn-warning" data-toggle="tooltip" title="' . gettext('Disconnect Child SA') . '">';
                    print '<i class="fa fa-trash icon-embed-btn"></i>';
                    print gettext("Disconnect");
                    print "</a>\n";
                    print "</td>\n";
                    print "</tr>\n";
                }
                print "</tbody>\n";
                print "\t</table>\n";
                print "</td>\n";
                print "</tr>\n";
            }
            unset($con_id);
        }
    }
    $rgmap = array();
    if (is_array($a_phase1)) {
        foreach ($a_phase1 as $ph1ent) {
            if (isset($ph1ent['disabled'])) {
                continue;
            }
            $rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway'];
            if ($ipsecconnected[$ph1ent['ikeid']]) {
                continue;
            }
            print "<tr>\n";
            print "<td>\n";
            print htmlspecialchars($ph1ent['descr']);
            print "</td>\n";
            print "<td>\n";
            list($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
            if (empty($myid_data)) {
                print gettext("Unknown");
            } else {
                print htmlspecialchars($myid_data);
            }
            print "</td>\n";
            print "<td>\n";
            $ph1src = ipsec_get_phase1_src($ph1ent);
            if (empty($ph1src)) {
                print gettext("Unknown");
            } else {
                print htmlspecialchars($ph1src);
            }
            print "</td>\n";
            print "<td>\n";
            list($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
            if (empty($peerid_data)) {
                print gettext("Unknown");
            } else {
                print htmlspecialchars($peerid_data);
            }
            print "\t\t\t</td>\n";
            print "\t\t\t<td>\n";
            $ph1src = ipsec_get_phase1_dst($ph1ent);
            if (empty($ph1src)) {
                print gettext("Unknown");
            } else {
                print htmlspecialchars($ph1src);
            }
            print "</td>\n";
            print "<td>\n";
            print "</td>\n";
            print "<td>\n";
            print "</td>\n";
            print "<td>\n";
            print "</td>\n";
            if (isset($ph1ent['mobile'])) {
                print "<td>\n";
                print gettext("Awaiting connections");
                print "</td>\n";
                print "<td>\n";
                print "</td>\n";
                print "</td>\n";
            } else {
                print "<td>\n";
                print gettext("Disconnected");
                print "</td>\n";
                print "<td>\n";
                print '<a href="status_ipsec.php?act=connect&amp;ikeid=' . $ph1ent['ikeid'] . '" class="btn btn-xs btn-success">';
                print '<i class="fa fa-sign-in icon-embed-btn"></i>';
                print gettext("Connect VPN");
                print "</a>\n";
                print "</td>\n";
            }
            print "</tr>\n";
        }
    }
    unset($ipsecconnected, $phase1, $rgmap);
}