}
} else {
if ($_GET['act'] == 'childdisconnect') {
if (ctype_digit($_GET['ikeid'])) {
if (!empty($_GET['ikesaid']) && ctype_digit($_GET['ikesaid'])) {
mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']) . "{" . escapeshellarg($_GET['ikesaid']) . "}");
}
}
}
}
}
if (!is_array($config['ipsec']['phase1'])) {
$config['ipsec']['phase1'] = array();
}
$a_phase1 =& $config['ipsec']['phase1'];
$status = ipsec_list_sa();
$tab_array = array();
$tab_array[] = array(gettext("Overview"), true, "status_ipsec.php");
$tab_array[] = array(gettext("Leases"), false, "status_ipsec_leases.php");
$tab_array[] = array(gettext("SADs"), false, "status_ipsec_sad.php");
$tab_array[] = array(gettext("SPDs"), false, "status_ipsec_spd.php");
display_top_tabs($tab_array);
?>
<div class="panel panel-default">
<div class="panel-heading"><h2 class="panel-title"><?php
echo gettext("IPsec Status");
?>
</h2></div>
<div class="panel-body table responsive">
<table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable>
function print_ipsec_body()
{
global $config;
$a_phase1 =& $config['ipsec']['phase1'];
$status = ipsec_list_sa();
$ipsecconnected = array();
if (is_array($status)) {
foreach ($status as $ikeid => $ikesa) {
$con_id = substr($ikeid, 3);
if ($ikesa['version'] == 1) {
$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
$ipsecconnected[$ph1idx] = $ph1idx;
} else {
$ipsecconnected[$con_id] = $ph1idx = $con_id;
}
print "<tr>\n";
print "<td>\n";
print htmlspecialchars(ipsec_get_descr($ph1idx));
print "</td>\n";
print "<td>\n";
if (!empty($ikesa['local-id'])) {
if ($ikesa['local-id'] == '%any') {
print gettext('Any identifier');
} else {
print htmlspecialchars($ikesa['local-id']);
}
} else {
print gettext("Unknown");
}
print "</td>\n";
print "<td>\n";
if (!empty($ikesa['local-host'])) {
print htmlspecialchars($ikesa['local-host']);
} else {
print gettext("Unknown");
}
/*
* XXX: local-nat-t was defined by pfSense
* When strongswan team accepted the change, they changed it to
* nat-local. Keep both for a while and remove local-nat-t in
* the future
*/
if (isset($ikesa['local-nat-t']) || isset($ikesa['nat-local'])) {
print " NAT-T";
}
print "</td>\n";
print "<td>\n";
$identity = "";
if (!empty($ikesa['remote-id'])) {
if ($ikesa['remote-id'] == '%any') {
$identity = htmlspecialchars(gettext('Any identifier'));
} else {
$identity = htmlspecialchars($ikesa['remote-id']);
}
}
if (!empty($ikesa['remote-xauth-id'])) {
echo htmlspecialchars($ikesa['remote-xauth-id']);
echo "<br/>{$identity}";
} elseif (!empty($ikesa['remote-eap-id'])) {
echo htmlspecialchars($ikesa['remote-eap-id']);
echo "<br/>{$identity}";
} else {
if (empty($identity)) {
print gettext("Unknown");
} else {
print $identity;
}
}
print "</td>\n";
print "<td>\n";
if (!empty($ikesa['remote-host'])) {
print htmlspecialchars($ikesa['remote-host']);
} else {
print gettext("Unknown");
}
/*
* XXX: remote-nat-t was defined by pfSense
* When strongswan team accepted the change, they changed it to
* nat-remote. Keep both for a while and remove remote-nat-t in
* the future
*/
if (isset($ikesa['remote-nat-t']) || isset($ikesa['nat-remote'])) {
print " NAT-T";
}
print "</td>\n";
print "<td>\n";
print "IKEv" . htmlspecialchars($ikesa['version']);
print "<br/>\n";
if ($ikesa['initiator'] == 'yes') {
print "initiator";
} else {
print "responder";
}
print "</td>\n";
print "<td>\n";
print htmlspecialchars($ikesa['reauth-time']) . gettext(" seconds (") . convert_seconds_to_hms($ikesa['reauth-time']) . ")";
print "</td>\n";
print "<td>\n";
print htmlspecialchars($ikesa['encr-alg']);
print "<br/>";
print htmlspecialchars($ikesa['integ-alg']);
print "<br/>";
print htmlspecialchars($ikesa['prf-alg']);
print "<br/>\n";
print htmlspecialchars($ikesa['dh-group']);
print "</td>\n";
print "<td>\n";
if ($ikesa['state'] == 'ESTABLISHED') {
print '<span class="text-success">';
} else {
print '<span>';
}
print ucfirst(htmlspecialchars($ikesa['state']));
if ($ikesa['state'] == 'ESTABLISHED') {
print "<br/>" . htmlspecialchars($ikesa['established']) . gettext(" seconds (") . convert_seconds_to_hms($ikesa['established']) . gettext(") ago");
}
print "</span>";
print "</td>\n";
print "<td>\n";
if ($ikesa['state'] != 'ESTABLISHED') {
print '<a href="status_ipsec.php?act=connect&ikeid=' . $con_id . '" class="btn btn-xs btn-success" data-toggle="tooltip" title="' . gettext("Connect VPN") . '" >';
print '<i class="fa fa-sign-in icon-embed-btn"></i>';
print gettext("Connect VPN");
print "</a>\n";
} else {
print '<a href="status_ipsec.php?act=ikedisconnect&ikeid=' . $con_id . '" class="btn btn-xs btn-danger" data-toggle="tooltip" title="' . gettext("Disconnect VPN") . '">';
print '<i class="fa fa-trash icon-embed-btn"></i>';
print gettext("Disconnect");
print "</a><br />\n";
}
print "</td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td colspan = 10>\n";
if (is_array($ikesa['child-sas']) && count($ikesa['child-sas']) > 0) {
print '<div>';
print '<a type="button" id="btnchildsa-' . $ikeid . '" class="btn btn-sm btn-info">';
print '<i class="fa fa-plus-circle icon-embed-btn"></i>';
print gettext('Show child SA entries');
print "</a>\n";
print "\t</div>\n";
print '<table class="table table-hover table-condensed" id="childsa-' . $ikeid . '" style="display:none">';
print "<thead>\n";
print '<tr class="bg-info">';
print '<th><?=gettext("Local subnets")?></th>';
print '<th><?=gettext("Local SPI(s)")?></th>';
print '<th><?=gettext("Remote subnets")?></th>';
print '<th><?=gettext("Times")?></th>';
print '<th><?=gettext("Algo")?></th>';
print '<th><?=gettext("Stats")?></th>';
print '<th><!-- Buttons --></th>';
print "</tr\n";
print "</thead>\n";
print "<tbody>\n";
foreach ($ikesa['child-sas'] as $childid => $childsa) {
print "<tr>";
print "<td>\n";
if (is_array($childsa['local-ts'])) {
foreach ($childsa['local-ts'] as $lnets) {
print htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />";
}
} else {
print gettext("Unknown");
}
print "</td>\n";
print "<td>\n";
if (isset($childsa['spi-in'])) {
print gettext("Local: ") . htmlspecialchars($childsa['spi-in']);
}
if (isset($childsa['spi-out'])) {
print '<br/>' . gettext('Remote: ') . htmlspecialchars($childsa['spi-out']);
}
print "</td>\n";
print "<td>\n";
if (is_array($childsa['remote-ts'])) {
foreach ($childsa['remote-ts'] as $rnets) {
print htmlspecialchars(ipsec_fixup_network($rnets)) . '<br />';
}
} else {
print gettext("Unknown");
}
print "</td>\n";
print "<td>\n";
print gettext("Rekey: ") . htmlspecialchars($childsa['rekey-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['rekey-time']) . ")";
print '<br/>' . gettext('Life: ') . htmlspecialchars($childsa['life-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['life-time']) . ")";
print '<br/>' . gettext('Install: ') . htmlspecialchars($childsa['install-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['install-time']) . ")";
print "</td>\n";
print "<td>\n";
print htmlspecialchars($childsa['encr-alg']) . '<br/>';
print htmlspecialchars($childsa['integ-alg']) . '<br/>';
if (!empty($childsa['prf-alg'])) {
print htmlspecialchars($childsa['prf-alg']) . '<br/>';
}
if (!empty($childsa['dh-group'])) {
print htmlspecialchars($childsa['dh-group']) . '<br/>';
}
if (!empty($childsa['esn'])) {
print htmlspecialchars($childsa['esn']) . '<br/>';
}
print gettext("IPComp: ");
if (!empty($childsa['cpi-in']) || !empty($childsa['cpi-out'])) {
print htmlspecialchars($childsa['cpi-in']) . " " . htmlspecialchars($childsa['cpi-out']);
} else {
print gettext('none');
}
print "</td>\n";
print "<td>\n";
print gettext("Bytes-In: ") . htmlspecialchars(number_format($childsa['bytes-in'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-in'])) . ')<br/>';
print gettext("Packets-In: ") . htmlspecialchars(number_format($childsa['packets-in'])) . '<br/>';
print gettext("Bytes-Out: ") . htmlspecialchars(number_format($childsa['bytes-out'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-out'])) . ')<br/>';
print gettext("Packets-Out: ") . htmlspecialchars(number_format($childsa['packets-out'])) . '<br/>';
print "</td>\n";
print "<td>\n";
print '<a href="status_ipsec.php?act=childdisconnect&ikeid=' . $con_id . '&ikesaid=' . $childsa['uniqueid'] . '" class="btn btn-xs btn-warning" data-toggle="tooltip" title="' . gettext('Disconnect Child SA') . '">';
print '<i class="fa fa-trash icon-embed-btn"></i>';
print gettext("Disconnect");
print "</a>\n";
print "</td>\n";
print "</tr>\n";
}
print "</tbody>\n";
print "\t</table>\n";
print "</td>\n";
print "</tr>\n";
}
unset($con_id);
}
}
$rgmap = array();
if (is_array($a_phase1)) {
foreach ($a_phase1 as $ph1ent) {
if (isset($ph1ent['disabled'])) {
continue;
}
$rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway'];
if ($ipsecconnected[$ph1ent['ikeid']]) {
continue;
}
print "<tr>\n";
print "<td>\n";
print htmlspecialchars($ph1ent['descr']);
print "</td>\n";
print "<td>\n";
list($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
if (empty($myid_data)) {
print gettext("Unknown");
} else {
print htmlspecialchars($myid_data);
}
print "</td>\n";
print "<td>\n";
$ph1src = ipsec_get_phase1_src($ph1ent);
if (empty($ph1src)) {
print gettext("Unknown");
} else {
print htmlspecialchars($ph1src);
}
print "</td>\n";
print "<td>\n";
list($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
if (empty($peerid_data)) {
print gettext("Unknown");
} else {
print htmlspecialchars($peerid_data);
}
print "\t\t\t</td>\n";
print "\t\t\t<td>\n";
$ph1src = ipsec_get_phase1_dst($ph1ent);
if (empty($ph1src)) {
print gettext("Unknown");
} else {
print htmlspecialchars($ph1src);
}
print "</td>\n";
print "<td>\n";
print "</td>\n";
print "<td>\n";
print "</td>\n";
print "<td>\n";
print "</td>\n";
if (isset($ph1ent['mobile'])) {
print "<td>\n";
print gettext("Awaiting connections");
print "</td>\n";
print "<td>\n";
print "</td>\n";
print "</td>\n";
} else {
print "<td>\n";
print gettext("Disconnected");
print "</td>\n";
print "<td>\n";
print '<a href="status_ipsec.php?act=connect&ikeid=' . $ph1ent['ikeid'] . '" class="btn btn-xs btn-success">';
print '<i class="fa fa-sign-in icon-embed-btn"></i>';
print gettext("Connect VPN");
print "</a>\n";
print "</td>\n";
}
print "</tr>\n";
}
}
unset($ipsecconnected, $phase1, $rgmap);
}