function output_ipsec_tunnel_status($tunnel)
{
global $g, $config, $sad;
$if = "WAN";
$interfaceip = get_ipsec_tunnel_src($tunnel);
$foundsrc = false;
$founddst = false;
if (!is_ipaddr($tunnel['remote-gateway'])) {
$tunnel['remote-gateway'] = resolve_retry($tunnel['remote-gateway']);
}
foreach ($sad as $sa) {
if ($sa['src'] == $interfaceip) {
$foundsrc = true;
}
if ($sa['dst'] == $tunnel['remote-gateway']) {
$founddst = true;
}
}
if ($foundsrc && $founddst) {
/* tunnel is up */
$iconfn = "pass";
} else {
/* tunnel is down */
$iconfn = "reject";
}
echo "<img src ='/themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'>";
}
if (!$input_errors) {
$ipsecent['disabled'] = $_POST['disabled'] ? true : false;
//$ipsecent['auto'] = $_POST['auto'] ? true : false;
$ipsecent['interface'] = $pconfig['interface'];
$ipsecent['natt'] = $_POST['natt'] ? true : false;
pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
$ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
/* if the old endpoint is different from the new one we make sure to purge
* the old policy and add a new one. If the old endpoint IP is empty we
* only add new SPD entries. */
if (!is_ipaddr($oldipsecent['remote-gateway'])) {
$oldipsecent['remote-gateway'] = resolve_retry($oldipsecent['remote-gateway']);
}
if ($ipsecent['remote-gateway'] != $_POST['remotegw']) {
if (!is_ipaddr($ipsecent['remote-gateway'])) {
$ipsecent['remote-gateway'] = resolve_retry($ipsecent['remote-gateway']);
}
/* if the remote gateway changed and the interface is not WAN then remove route */
/* the vpn_ipsec_configure() handles adding the route */
if ($_POST['interface'] != "wan") {
mwexec("/sbin/route delete -host {$ipsecent['remote-gateway']}");
}
}
$ipsecent['remote-gateway'] = $_POST['remotegw'];
$ipsecent['dpddelay'] = $_POST['dpddelay'];
$ipsecent['p1']['mode'] = $_POST['p1mode'];
$ipsecent['p1']['myident'] = array();
switch ($_POST['p1myidentt']) {
case 'myaddress':
$ipsecent['p1']['myident']['myaddress'] = true;
break;
}
/* generate unique phase1 ikeid */
if ($ph1ent['ikeid'] == 0) {
$ph1ent['ikeid'] = ipsec_ikeid_next();
}
if (isset($p1index) && $a_phase1[$p1index]) {
$a_phase1[$p1index] = $ph1ent;
} else {
$a_phase1[] = $ph1ent;
}
/* now we need to find all phase2 entries for this host */
if (is_array($a_phase2) && count($a_phase2)) {
foreach ($a_phase2 as $phase2) {
if ($phase2['ikeid'] == $ph1ent['ikeid']) {
log_error("Reload {$ph1ent['descr']} tunnel(s)");
$old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']);
$old_phase2 = $phase2;
reload_tunnel_spd_policy($ph1ent, $phase2, $old_ph1ent, $old_phase2);
}
}
}
write_config();
mark_subsystem_dirty('ipsec');
header("Location: vpn_ipsec.php");
exit;
}
}
if ($pconfig['mobile']) {
$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 1"), gettext("Mobile Client"));
} else {
$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Edit Phase 1"));
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
require "guiconfig.inc";
$ipsec_logfile = "{$g['varlog_path']}/ipsec.log";
/* Create array with all IPSEC tunnel descriptions */
$search = array();
$replace = array();
if (is_array($config['ipsec']['tunnel'])) {
foreach ($config['ipsec']['tunnel'] as $tunnel) {
if (!is_ipaddr($tunnel['remote-gateway'])) {
$tunnel['remote-gateway'] = resolve_retry($tunnel['remote-gateway']);
}
$gateway = "{$tunnel['remote-gateway']}";
$search[] = "/(racoon: )([A-Z:].*?)({$gateway}\\[[0-9].+\\]|{$gateway})(.*)/i";
$replace[] = "\$1<strong>[{$tunnel['descr']}]</strong>: \$2\$3\$4";
}
}
/* collect all our own ip addresses */
exec("/sbin/ifconfig|/usr/bin/awk '/inet / {print \$2}'", $ip_address_list);
foreach ($ip_address_list as $address) {
$search[] = "/(racoon: )([A-Z:].*?)({$address}\\[[0-9].+\\])(.*isakmp.*)/i";
$replace[] = "\$1<strong>[Self]</strong>: \$2\$3\$4";
}
$nentries = $config['syslog']['nentries'];
if (!$nentries) {
$nentries = 50;
/* reload the filter in the background */
filter_configure();
$savemsg = get_std_save_message($retval);
if ($retval == 0) {
if (file_exists($d_ipsecconfdirty_path)) {
unlink($d_ipsecconfdirty_path);
}
}
}
}
}
if ($_GET['act'] == "del") {
if ($a_ipsec[$_GET['id']]) {
/* remove static route if interface is not WAN */
if ($a_ipsec[$_GET['id']]['interface'] != "wan") {
$oldgw = resolve_retry($a_ipsec[$_GET['id']]['remote-gateway']);
mwexec("/sbin/route delete -host {$oldgw}");
}
unset($a_ipsec[$_GET['id']]);
vpn_ipsec_configure();
filter_configure();
write_config();
header("Location: vpn_ipsec.php");
exit;
}
}
$pgtitle = "VPN: IPsec";
include "head.inc";
?>
