Esempio n. 1
0
    if (isset($config['ipsec']['client']['net_list'])) {
        $pconfig['net_list'] = true;
    }
    if (isset($config['ipsec']['client']['save_passwd'])) {
        $pconfig['save_passwd'] = true;
    }
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $input_errors = array();
    $pconfig = $_POST;
    if (isset($_POST['create'])) {
        // create new phase1 entry
        header("Location: vpn_ipsec_phase1.php?mobile=true");
    } elseif (isset($_POST['apply'])) {
        // apply changes
        $retval = 0;
        $retval = vpn_ipsec_configure();
        $savemsg = get_std_save_message();
        if ($retval >= 0) {
            if (is_subsystem_dirty('ipsec')) {
                clear_subsystem_dirty('ipsec');
            }
        }
    } elseif (isset($_POST['submit'])) {
        // save form changes
        // input preparations
        if (!empty($pconfig['user_source'])) {
            $pconfig['user_source'] = implode(",", $pconfig['user_source']);
        }
        /* input validation */
        $reqdfields = explode(" ", "user_source group_source");
        $reqdfieldsn = array(gettext("User Authentication Source"), gettext("Group Authentication Source"));
Esempio n. 2
0
        $config['system']['maxmss_enable'] = true;
        if (!empty($pconfig['maxmss']) && is_numericint($pconfig['maxmss'])) {
            $config['system']['maxmss'] = $pconfig['maxmss'];
        }
    } else {
        if (isset($config['system']['maxmss_enable'])) {
            unset($config['system']['maxmss_enable']);
        }
        if (isset($config['system']['maxmss'])) {
            unset($config['system']['maxmss']);
        }
    }
    write_config();
    $savemsg = get_std_save_message();
    filter_configure();
    vpn_ipsec_configure();
}
$pgtitle = array(gettext('VPN'), gettext('IPsec'), gettext('Advanced Settings'));
$shortcut_section = 'ipsec';
include "head.inc";
?>

<body>
<?php 
include "fbegin.inc";
?>

<script type="text/javascript">
//<![CDATA[
$( document ).ready(function() {
    maxmss_checked()
Esempio n. 3
0
            if (isset($config['system']['maxmss_enable'])) {
                unset($config['system']['maxmss_enable']);
            }
            if (isset($config['system']['maxmss'])) {
                unset($config['system']['maxmss']);
            }
        }
        write_config();
        $retval = 0;
        $retval = filter_configure();
        if (stristr($retval, "error") != true) {
            $savemsg = get_std_save_message(gettext($retval));
        } else {
            $savemsg = gettext($retval);
        }
        vpn_ipsec_configure($needsrestart);
        header("Location: vpn_ipsec_settings.php");
        return;
    }
    // The logic value sent by $POST for autoexcludelanaddress is opposite to
    // the way it is stored in the config as noshuntlaninterfaces.
    // Reset the $pconfig value so it reflects the opposite of what was $POSTed.
    // This helps a redrawn UI page after Save to correctly display the most recently entered setting.
    if ($_POST['autoexcludelanaddress'] == "yes") {
        $pconfig['noshuntlaninterfaces'] = false;
    } else {
        $pconfig['noshuntlaninterfaces'] = true;
    }
}
$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Settings"));
$shortcut_section = "ipsec";
Esempio n. 4
0
        $pconfig['wins_server_enable'] = true;
    }
    if (isset($pconfig['pfs_group'])) {
        $pconfig['pfs_group_enable'] = true;
    }
    if ($pconfig['login_banner']) {
        $pconfig['login_banner_enable'] = true;
    }
}
if ($_POST['create']) {
    header("Location: vpn_ipsec_phase1.php?mobile=true");
}
if ($_POST['apply']) {
    $retval = 0;
    /* NOTE: #4353 Always restart ipsec when mobile clients settings change */
    $retval = vpn_ipsec_configure(true);
    $savemsg = get_std_save_message($retval);
    if ($retval >= 0) {
        if (is_subsystem_dirty('ipsec')) {
            clear_subsystem_dirty('ipsec');
        }
    }
}
if ($_POST['save']) {
    unset($input_errors);
    $pconfig = $_POST;
    foreach ($a_phase1 as $ph1ent) {
        if (isset($ph1ent['mobile'])) {
            $mobileph1 = $ph1ent;
        }
    }
Esempio n. 5
0
function restore_config_section_xmlrpc($raw_params)
{
    global $config, $xmlrpc_g;
    $old_config = $config;
    $old_ipsec_enabled = ipsec_enabled();
    if (xmlrpc_loop_detect()) {
        log_error("Disallowing CARP sync loop");
        return;
    }
    $params = xmlrpc_params_to_php($raw_params);
    if (!xmlrpc_auth($params)) {
        xmlrpc_authfail();
        return $xmlrpc_g['return']['authfail'];
    }
    /*
     * Make sure it doesn't end up with both dnsmasq and unbound enabled
     * simultaneously in secondary
     * */
    if (isset($params[0]['unbound']['enable']) && isset($config['dnsmasq']['enable'])) {
        unset($config['dnsmasq']['enable']);
        services_dnsmasq_configure();
    } else {
        if (isset($params[0]['dnsmasq']['enable']) && isset($config['unbound']['enable'])) {
            unset($config['unbound']['enable']);
            services_unbound_configure();
        }
    }
    // Some sections should just be copied and not merged or we end
    //   up unable to sync the deletion of the last item in a section
    $sync_full = array('dnsmasq', 'unbound', 'ipsec', 'aliases', 'wol', 'load_balancer', 'openvpn', 'cert', 'ca', 'crl', 'schedules', 'filter', 'nat', 'dhcpd', 'dhcpv6');
    $sync_full_done = array();
    foreach ($sync_full as $syncfull) {
        if (isset($params[0][$syncfull])) {
            $config[$syncfull] = $params[0][$syncfull];
            unset($params[0][$syncfull]);
            $sync_full_done[] = $syncfull;
        }
    }
    $vipbackup = array();
    $oldvips = array();
    if (isset($params[0]['virtualip'])) {
        if (is_array($config['virtualip']['vip'])) {
            foreach ($config['virtualip']['vip'] as $vipindex => $vip) {
                if ($vip['mode'] == "carp") {
                    $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}";
                    $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['interface'] = $vip['interface'];
                    $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['subnet'] = $vip['subnet'];
                } else {
                    if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strpos($vip['interface'], "lo0"))) {
                        $oldvips[$vip['subnet']]['content'] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}";
                        $oldvips[$vip['subnet']]['interface'] = $vip['interface'];
                        $oldvips[$vip['subnet']]['subnet'] = $vip['subnet'];
                    } else {
                        if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strpos($vip['interface'], "lo0")) {
                            $vipbackup[] = $vip;
                        }
                    }
                }
            }
        }
    }
    // For vip section, first keep items sent from the master
    $config = array_merge_recursive_unique($config, $params[0]);
    /* Then add ipalias and proxyarp types already defined on the backup */
    if (is_array($vipbackup) && !empty($vipbackup)) {
        if (!is_array($config['virtualip'])) {
            $config['virtualip'] = array();
        }
        if (!is_array($config['virtualip']['vip'])) {
            $config['virtualip']['vip'] = array();
        }
        foreach ($vipbackup as $vip) {
            array_unshift($config['virtualip']['vip'], $vip);
        }
    }
    /* Log what happened */
    $mergedkeys = implode(",", array_merge(array_keys($params[0]), $sync_full_done));
    write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys));
    /*
     * The real work on handling the vips specially
     * This is a copy of intefaces_vips_configure with addition of not reloading existing/not changed carps
     */
    if (isset($params[0]['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
        $carp_setuped = false;
        $anyproxyarp = false;
        foreach ($config['virtualip']['vip'] as $vip) {
            if ($vip['mode'] == "carp" && isset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"])) {
                if ($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") {
                    if (does_vip_exist($vip)) {
                        unset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]);
                        continue;
                        // Skip reconfiguring this vips since nothing has changed.
                    }
                }
            } else {
                if ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) {
                    if ($oldvips[$vip['subnet']]['content'] == "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}") {
                        if (does_vip_exist($vip)) {
                            unset($oldvips[$vip['subnet']]);
                            continue;
                            // Skip reconfiguring this vips since nothing has changed.
                        }
                    }
                    unset($oldvips[$vip['subnet']]);
                }
            }
            switch ($vip['mode']) {
                case "proxyarp":
                    $anyproxyarp = true;
                    break;
                case "ipalias":
                    interface_ipalias_configure($vip);
                    break;
                case "carp":
                    if ($carp_setuped == false) {
                        $carp_setuped = true;
                    }
                    interface_carp_configure($vip);
                    break;
            }
        }
        /* Cleanup remaining old carps */
        foreach ($oldvips as $oldvipar) {
            $oldvipif = get_real_interface($oldvipar['interface']);
            if (!empty($oldvipif)) {
                if (is_ipaddrv6($oldvipar['subnet'])) {
                    mwexec("/sbin/ifconfig " . escapeshellarg($oldvipif) . " inet6 " . escapeshellarg($oldvipar['subnet']) . " delete");
                } else {
                    pfSense_interface_deladdress($oldvipif, $oldvipar['subnet']);
                }
            }
        }
        if ($carp_setuped == true) {
            interfaces_sync_setup();
        }
        if ($anyproxyarp == true) {
            interface_proxyarp_configure();
        }
    }
    if ($old_ipsec_enabled !== ipsec_enabled()) {
        vpn_ipsec_configure();
    }
    unset($old_config);
    return $xmlrpc_g['return']['true'];
}
Esempio n. 6
0
 /**
  * Restore defined config section into local config
  *
  * @param string $username
  * @param string $password
  * @param array $sections
  *
  * @return bool
  */
 public function restore_config_section($username, $password, $sections)
 {
     $this->auth($username, $password);
     global $config;
     $old_config = $config;
     $old_ipsec_enabled = ipsec_enabled();
     if ($this->loop_detected) {
         log_error("Disallowing CARP sync loop");
         return true;
     }
     /*
      * Some sections should just be copied and not merged or we end
      * up unable to sync the deletion of the last item in a section
      */
     $sync_full_sections = array('aliases', 'ca', 'cert', 'crl', 'dhcpd', 'dhcpv6', 'dnsmasq', 'filter', 'ipsec', 'load_balancer', 'nat', 'openvpn', 'schedules', 'unbound', 'wol');
     $syncd_full_sections = array();
     foreach ($sync_full_sections as $section) {
         if (!isset($sections[$section])) {
             continue;
         }
         $config[$section] = $sections[$section];
         unset($sections[$section]);
         $syncd_full_sections[] = $section;
     }
     $vipbackup = array();
     $oldvips = array();
     if (isset($sections['virtualip']) && is_array($config['virtualip']['vip'])) {
         foreach ($config['virtualip']['vip'] as $vip) {
             if ($vip['mode'] == "carp") {
                 $key = $vip['interface'] . "_vip" . $vip['vhid'];
                 $oldvips[$key]['content'] = $vip['password'] . $vip['advskew'] . $vip['subnet'] . $vip['subnet_bits'] . $vip['advbase'];
                 $oldvips[$key]['interface'] = $vip['interface'];
                 $oldvips[$key]['subnet'] = $vip['subnet'];
             } else {
                 if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strstr($vip['interface'], "lo0"))) {
                     $oldvips[$vip['subnet']]['content'] = $vip['interface'] . $vip['subnet'] . $vip['subnet_bits'];
                     $oldvips[$vip['subnet']]['interface'] = $vip['interface'];
                     $oldvips[$vip['subnet']]['subnet'] = $vip['subnet'];
                 } else {
                     if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strstr($vip['interface'], "lo0")) {
                         $vipbackup[] = $vip;
                     }
                 }
             }
         }
     }
     /* For vip section, first keep items sent from the master */
     $config = array_merge_recursive_unique($config, $sections);
     /*
      * Then add ipalias and proxyarp types already defined
      * on the backup
      */
     if (is_array($vipbackup) && !empty($vipbackup)) {
         if (!is_array($config['virtualip'])) {
             $config['virtualip'] = array();
         }
         if (!is_array($config['virtualip']['vip'])) {
             $config['virtualip']['vip'] = array();
         }
         foreach ($vipbackup as $vip) {
             array_unshift($config['virtualip']['vip'], $vip);
         }
     }
     /* Log what happened */
     $mergedkeys = implode(",", array_merge(array_keys($sections), $syncd_full_sections));
     write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys));
     /*
      * The real work on handling the vips specially
      * This is a copy of intefaces_vips_configure with addition of
      * not reloading existing/not changed carps
      */
     if (isset($sections['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
         $carp_setuped = false;
         $anyproxyarp = false;
         foreach ($config['virtualip']['vip'] as $vip) {
             $key = "{$vip['interface']}_vip{$vip['vhid']}";
             if ($vip['mode'] == "carp" && isset($oldvips[$key])) {
                 if ($oldvips[$key]['content'] == $vip['password'] . $vip['advskew'] . $vip['subnet'] . $vip['subnet_bits'] . $vip['advbase'] && does_vip_exist($vip)) {
                     unset($oldvips[$key]);
                     /*
                      * Skip reconfiguring this vips
                      * since nothing has changed.
                      */
                     continue;
                 }
             } elseif ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) {
                 $key = $vip['subnet'];
                 if ($oldvips[$key]['content'] == $vip['interface'] . $vip['subnet'] . $vip['subnet_bits'] && does_vip_exist($vip)) {
                     unset($oldvips[$key]);
                     /*
                      * Skip reconfiguring this vips
                      * since nothing has changed.
                      */
                     continue;
                 }
                 unset($oldvips[$key]);
             }
             switch ($vip['mode']) {
                 case "proxyarp":
                     $anyproxyarp = true;
                     break;
                 case "ipalias":
                     interface_ipalias_configure($vip);
                     break;
                 case "carp":
                     $carp_setuped = true;
                     interface_carp_configure($vip);
                     break;
             }
         }
         /* Cleanup remaining old carps */
         foreach ($oldvips as $oldvipar) {
             $oldvipif = get_real_interface($oldvipar['interface']);
             if (empty($oldvipif)) {
                 continue;
             }
             if (is_ipaddrv6($oldvipar['subnet'])) {
                 mwexec("/sbin/ifconfig " . escapeshellarg($oldvipif) . " inet6 " . escapeshellarg($oldvipar['subnet']) . " delete");
             } else {
                 pfSense_interface_deladdress($oldvipif, $oldvipar['subnet']);
             }
         }
         if ($carp_setuped == true) {
             interfaces_sync_setup();
         }
         if ($anyproxyarp == true) {
             interface_proxyarp_configure();
         }
     }
     if ($old_ipsec_enabled !== ipsec_enabled()) {
         vpn_ipsec_configure();
     }
     unset($old_config);
     return true;
 }