$section->addInput(new Form_Select('mode', 'Negotiation mode', $pconfig['mode'], array("main" => gettext("Main"), "aggressive" => gettext("Aggressive"))))->setHelp('Aggressive is more flexible, but less secure.'); $group = new Form_Group('My identifier'); $group->add(new Form_Select('myid_type', null, $pconfig['myid_type'], build_myid_list())); $group->add(new Form_Input('myid_data', null, 'text', $pconfig['myid_data'])); $section->add($group); $group = new Form_Group('Peer identifier'); $group->addClass('peeridgroup'); $group->add(new Form_Select('peerid_type', null, $pconfig['peerid_type'], build_peerid_list())); $group->add(new Form_Input('peerid_data', null, 'text', $pconfig['peerid_data'])); if ($pconfig['mobile']) { $group->setHelp('This is known as the "group" setting on some VPN client implementations'); } $section->add($group); $section->addInput(new Form_Input('pskey', 'Pre-Shared Key', 'text', $pconfig['pskey']))->setHelp('Enter the Pre-Shared Key string.'); $section->addInput(new Form_Select('certref', 'My Certificate', $pconfig['certref'], build_cert_list()))->setHelp('Select a certificate previously configured in the Certificate Manager.'); $section->addInput(new Form_Select('caref', 'Peer Certificate Authority', $pconfig['caref'], build_ca_list()))->setHelp('Select a certificate authority previously configured in the Certificate Manager.'); $form->add($section); $section = new Form_Section('Phase 1 Proposal (Algorithms)'); $group = new Form_Group('Encryption Algorithm'); $group->add(new Form_Select('ealgo', null, $pconfig['ealgo']['name'], build_eal_list())); $group->add(new Form_Select('ealgo_keylen', null, $pconfig['ealgo_keylen'], array())); $section->add($group); $section->addInput(new Form_Select('halgo', 'Hash Algorithm', $pconfig['halgo'], $p1_halgos))->setHelp('Must match the setting chosen on the remote side.'); $section->addInput(new Form_Select('dhgroup', 'DH Group', $pconfig['dhgroup'], $p1_dhgroups))->setHelp('Must match the setting chosen on the remote side.'); $section->addInput(new Form_Input('lifetime', 'Lifetime (Seconds)', 'number', $pconfig['lifetime'])); $form->add($section); $section = new Form_Section('Advanced Options'); $section->addInput(new Form_Checkbox('rekey_enable', 'Disable rekey', 'Disables renegotiation when a connection is about to expire.', $pconfig['rekey_enable'])); $section->addInput(new Form_Checkbox('reauth_enable', 'Disable Reauth', 'Whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done.', $pconfig['reauth_enable'])); $section->addInput(new Form_Checkbox('responderonly', 'Responder Only', 'Enable this option to never initiate this connection from this side, only respond to incoming requests.', $pconfig['responderonly'])); $section->addInput(new Form_Select('nat_traversal', 'NAT Traversal', $pconfig['nat_traversal'], array('on' => gettext('Auto'), 'force' => gettext('Force'))))->setHelp('Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed, ' . 'which can help with clients that are behind restrictive firewalls.');
if ($savemsg) { print_info_box($savemsg, 'success'); } $tab_array = array(); $tab_array[] = array(gettext("CAs"), false, "system_camanager.php"); $tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php"); $tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php"); display_top_tabs($tab_array); if ($act == "new" || $act == gettext("Save") || $input_errors) { if (!isset($id)) { $form = new Form(); $section = new Form_Section('Create new revocation list'); $section->addInput(new Form_Select('method', 'Method', $pconfig['method'], build_method_list())); } $section->addInput(new Form_Input('descr', 'Descriptive name', 'text', $pconfig['descr'])); $section->addInput(new Form_Select('caref', 'Certificate Authority', $pconfig['caref'], build_ca_list())); $form->add($section); $section = new Form_Section('Existing Certificate Revocation List'); $section->addClass('existing'); $section->addInput(new Form_Textarea('crltext', 'CRL data', $pconfig['crltext']))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.'); $form->add($section); $section = new Form_Section('Internal Certificate Revocation List'); $section->addClass('internal'); $section->addInput(new Form_Input('lifetime', 'Lifetime (Days)', 'number', $pconfig['lifetime'], [max => '9999'])); $section->addInput(new Form_Input('serial', 'Serial', 'number', $pconfig['serial'], [min => '0', max => '9999'])); $form->add($section); if (isset($id) && $thiscrl) { $section->addInput(new Form_Input('id', null, 'hidden', $id)); } print $form; } elseif ($act == "editimported") {