echo htmlspecialchars($childsa['local']['spi']); } ?> </td> <td class="listr nowrap"> <?php if (is_array($childsa['remote'])) { echo htmlspecialchars($childsa['remote']['spi']); } ?> </td> <td class="listr nowrap"> <?php if (is_array($childsa['remote']) && is_array($childsa['remote']['networks']) && is_array($childsa['remote']['networks']['network'])) { foreach ($childsa['remote']['networks']['network'] as $rnets) { echo htmlspecialchars(ipsec_fixup_network($rnets)) . "<br />"; } } else { echo "Unknown"; } ?> </td> <td class="listr nowrap"> <?php echo htmlspecialchars($childsa['rekey']); ?> </td> <td class="listr nowrap"> <?php echo htmlspecialchars($childsa['encalg']); echo "<br/>";
</td> <td> <?php if (isset($childsa['spi-in'])) { print gettext("Local: ") . htmlspecialchars($childsa['spi-in']); } if (isset($childsa['spi-out'])) { print '<br/>' . gettext('Remote: ') . htmlspecialchars($childsa['spi-out']); } ?> </td> <td> <?php if (is_array($childsa['remote-ts'])) { foreach ($childsa['remote-ts'] as $rnets) { print htmlspecialchars(ipsec_fixup_network($rnets)) . '<br />'; } } else { print gettext("Unknown"); } ?> </td> <td> <?php print gettext("Rekey: ") . htmlspecialchars($childsa['rekey-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['rekey-time']) . ")"; print '<br/>' . gettext('Life: ') . htmlspecialchars($childsa['life-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['life-time']) . ")"; print '<br/>' . gettext('Install: ') . htmlspecialchars($childsa['install-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['install-time']) . ")"; ?> </td> <td> <?php
function print_ipsec_body() { global $config; $a_phase1 =& $config['ipsec']['phase1']; $status = ipsec_list_sa(); $ipsecconnected = array(); if (is_array($status)) { foreach ($status as $ikeid => $ikesa) { $con_id = substr($ikeid, 3); if ($ikesa['version'] == 1) { $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00')); $ipsecconnected[$ph1idx] = $ph1idx; } else { $ipsecconnected[$con_id] = $ph1idx = $con_id; } print "<tr>\n"; print "<td>\n"; print htmlspecialchars(ipsec_get_descr($ph1idx)); print "</td>\n"; print "<td>\n"; if (!empty($ikesa['local-id'])) { if ($ikesa['local-id'] == '%any') { print gettext('Any identifier'); } else { print htmlspecialchars($ikesa['local-id']); } } else { print gettext("Unknown"); } print "</td>\n"; print "<td>\n"; if (!empty($ikesa['local-host'])) { print htmlspecialchars($ikesa['local-host']); } else { print gettext("Unknown"); } /* * XXX: local-nat-t was defined by pfSense * When strongswan team accepted the change, they changed it to * nat-local. Keep both for a while and remove local-nat-t in * the future */ if (isset($ikesa['local-nat-t']) || isset($ikesa['nat-local'])) { print " NAT-T"; } print "</td>\n"; print "<td>\n"; $identity = ""; if (!empty($ikesa['remote-id'])) { if ($ikesa['remote-id'] == '%any') { $identity = htmlspecialchars(gettext('Any identifier')); } else { $identity = htmlspecialchars($ikesa['remote-id']); } } if (!empty($ikesa['remote-xauth-id'])) { echo htmlspecialchars($ikesa['remote-xauth-id']); echo "<br/>{$identity}"; } elseif (!empty($ikesa['remote-eap-id'])) { echo htmlspecialchars($ikesa['remote-eap-id']); echo "<br/>{$identity}"; } else { if (empty($identity)) { print gettext("Unknown"); } else { print $identity; } } print "</td>\n"; print "<td>\n"; if (!empty($ikesa['remote-host'])) { print htmlspecialchars($ikesa['remote-host']); } else { print gettext("Unknown"); } /* * XXX: remote-nat-t was defined by pfSense * When strongswan team accepted the change, they changed it to * nat-remote. Keep both for a while and remove remote-nat-t in * the future */ if (isset($ikesa['remote-nat-t']) || isset($ikesa['nat-remote'])) { print " NAT-T"; } print "</td>\n"; print "<td>\n"; print "IKEv" . htmlspecialchars($ikesa['version']); print "<br/>\n"; if ($ikesa['initiator'] == 'yes') { print "initiator"; } else { print "responder"; } print "</td>\n"; print "<td>\n"; print htmlspecialchars($ikesa['reauth-time']) . gettext(" seconds (") . convert_seconds_to_hms($ikesa['reauth-time']) . ")"; print "</td>\n"; print "<td>\n"; print htmlspecialchars($ikesa['encr-alg']); print "<br/>"; print htmlspecialchars($ikesa['integ-alg']); print "<br/>"; print htmlspecialchars($ikesa['prf-alg']); print "<br/>\n"; print htmlspecialchars($ikesa['dh-group']); print "</td>\n"; print "<td>\n"; if ($ikesa['state'] == 'ESTABLISHED') { print '<span class="text-success">'; } else { print '<span>'; } print ucfirst(htmlspecialchars($ikesa['state'])); if ($ikesa['state'] == 'ESTABLISHED') { print "<br/>" . htmlspecialchars($ikesa['established']) . gettext(" seconds (") . convert_seconds_to_hms($ikesa['established']) . gettext(") ago"); } print "</span>"; print "</td>\n"; print "<td>\n"; if ($ikesa['state'] != 'ESTABLISHED') { print '<a href="status_ipsec.php?act=connect&ikeid=' . $con_id . '" class="btn btn-xs btn-success" data-toggle="tooltip" title="' . gettext("Connect VPN") . '" >'; print '<i class="fa fa-sign-in icon-embed-btn"></i>'; print gettext("Connect VPN"); print "</a>\n"; } else { print '<a href="status_ipsec.php?act=ikedisconnect&ikeid=' . $con_id . '" class="btn btn-xs btn-danger" data-toggle="tooltip" title="' . gettext("Disconnect VPN") . '">'; print '<i class="fa fa-trash icon-embed-btn"></i>'; print gettext("Disconnect"); print "</a><br />\n"; } print "</td>\n"; print "</tr>\n"; print "<tr>\n"; print "<td colspan = 10>\n"; if (is_array($ikesa['child-sas']) && count($ikesa['child-sas']) > 0) { print '<div>'; print '<a type="button" id="btnchildsa-' . $ikeid . '" class="btn btn-sm btn-info">'; print '<i class="fa fa-plus-circle icon-embed-btn"></i>'; print gettext('Show child SA entries'); print "</a>\n"; print "\t</div>\n"; print '<table class="table table-hover table-condensed" id="childsa-' . $ikeid . '" style="display:none">'; print "<thead>\n"; print '<tr class="bg-info">'; print '<th><?=gettext("Local subnets")?></th>'; print '<th><?=gettext("Local SPI(s)")?></th>'; print '<th><?=gettext("Remote subnets")?></th>'; print '<th><?=gettext("Times")?></th>'; print '<th><?=gettext("Algo")?></th>'; print '<th><?=gettext("Stats")?></th>'; print '<th><!-- Buttons --></th>'; print "</tr\n"; print "</thead>\n"; print "<tbody>\n"; foreach ($ikesa['child-sas'] as $childid => $childsa) { print "<tr>"; print "<td>\n"; if (is_array($childsa['local-ts'])) { foreach ($childsa['local-ts'] as $lnets) { print htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />"; } } else { print gettext("Unknown"); } print "</td>\n"; print "<td>\n"; if (isset($childsa['spi-in'])) { print gettext("Local: ") . htmlspecialchars($childsa['spi-in']); } if (isset($childsa['spi-out'])) { print '<br/>' . gettext('Remote: ') . htmlspecialchars($childsa['spi-out']); } print "</td>\n"; print "<td>\n"; if (is_array($childsa['remote-ts'])) { foreach ($childsa['remote-ts'] as $rnets) { print htmlspecialchars(ipsec_fixup_network($rnets)) . '<br />'; } } else { print gettext("Unknown"); } print "</td>\n"; print "<td>\n"; print gettext("Rekey: ") . htmlspecialchars($childsa['rekey-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['rekey-time']) . ")"; print '<br/>' . gettext('Life: ') . htmlspecialchars($childsa['life-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['life-time']) . ")"; print '<br/>' . gettext('Install: ') . htmlspecialchars($childsa['install-time']) . gettext(" seconds (") . convert_seconds_to_hms($childsa['install-time']) . ")"; print "</td>\n"; print "<td>\n"; print htmlspecialchars($childsa['encr-alg']) . '<br/>'; print htmlspecialchars($childsa['integ-alg']) . '<br/>'; if (!empty($childsa['prf-alg'])) { print htmlspecialchars($childsa['prf-alg']) . '<br/>'; } if (!empty($childsa['dh-group'])) { print htmlspecialchars($childsa['dh-group']) . '<br/>'; } if (!empty($childsa['esn'])) { print htmlspecialchars($childsa['esn']) . '<br/>'; } print gettext("IPComp: "); if (!empty($childsa['cpi-in']) || !empty($childsa['cpi-out'])) { print htmlspecialchars($childsa['cpi-in']) . " " . htmlspecialchars($childsa['cpi-out']); } else { print gettext('none'); } print "</td>\n"; print "<td>\n"; print gettext("Bytes-In: ") . htmlspecialchars(number_format($childsa['bytes-in'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-in'])) . ')<br/>'; print gettext("Packets-In: ") . htmlspecialchars(number_format($childsa['packets-in'])) . '<br/>'; print gettext("Bytes-Out: ") . htmlspecialchars(number_format($childsa['bytes-out'])) . ' (' . htmlspecialchars(format_bytes($childsa['bytes-out'])) . ')<br/>'; print gettext("Packets-Out: ") . htmlspecialchars(number_format($childsa['packets-out'])) . '<br/>'; print "</td>\n"; print "<td>\n"; print '<a href="status_ipsec.php?act=childdisconnect&ikeid=' . $con_id . '&ikesaid=' . $childsa['uniqueid'] . '" class="btn btn-xs btn-warning" data-toggle="tooltip" title="' . gettext('Disconnect Child SA') . '">'; print '<i class="fa fa-trash icon-embed-btn"></i>'; print gettext("Disconnect"); print "</a>\n"; print "</td>\n"; print "</tr>\n"; } print "</tbody>\n"; print "\t</table>\n"; print "</td>\n"; print "</tr>\n"; } unset($con_id); } } $rgmap = array(); if (is_array($a_phase1)) { foreach ($a_phase1 as $ph1ent) { if (isset($ph1ent['disabled'])) { continue; } $rgmap[$ph1ent['remote-gateway']] = $ph1ent['remote-gateway']; if ($ipsecconnected[$ph1ent['ikeid']]) { continue; } print "<tr>\n"; print "<td>\n"; print htmlspecialchars($ph1ent['descr']); print "</td>\n"; print "<td>\n"; list($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); if (empty($myid_data)) { print gettext("Unknown"); } else { print htmlspecialchars($myid_data); } print "</td>\n"; print "<td>\n"; $ph1src = ipsec_get_phase1_src($ph1ent); if (empty($ph1src)) { print gettext("Unknown"); } else { print htmlspecialchars($ph1src); } print "</td>\n"; print "<td>\n"; list($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); if (empty($peerid_data)) { print gettext("Unknown"); } else { print htmlspecialchars($peerid_data); } print "\t\t\t</td>\n"; print "\t\t\t<td>\n"; $ph1src = ipsec_get_phase1_dst($ph1ent); if (empty($ph1src)) { print gettext("Unknown"); } else { print htmlspecialchars($ph1src); } print "</td>\n"; print "<td>\n"; print "</td>\n"; print "<td>\n"; print "</td>\n"; print "<td>\n"; print "</td>\n"; if (isset($ph1ent['mobile'])) { print "<td>\n"; print gettext("Awaiting connections"); print "</td>\n"; print "<td>\n"; print "</td>\n"; print "</td>\n"; } else { print "<td>\n"; print gettext("Disconnected"); print "</td>\n"; print "<td>\n"; print '<a href="status_ipsec.php?act=connect&ikeid=' . $ph1ent['ikeid'] . '" class="btn btn-xs btn-success">'; print '<i class="fa fa-sign-in icon-embed-btn"></i>'; print gettext("Connect VPN"); print "</a>\n"; print "</td>\n"; } print "</tr>\n"; } } unset($ipsecconnected, $phase1, $rgmap); }