X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=f5ec50079a64dd9ff0f0577a3ed6e2e1cb437624;hb=7e7788ea0bf73e122b71f56e972565d910a1e302;hp=43d574ce5c95c0b9207aa7525956853ce93e2c0a;hpb=cbb3a8f91e2e7aa220b5bc9e9773fa4547f0ce85;p=people%2Fteissler%2Fipfire-2.x.git

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 43d574ce5..f5ec50079 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -69,6 +69,8 @@ if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
 	$orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
 }
 
+my $col="";
+
 $cgiparams{'ENABLED'} = 'off';
 $cgiparams{'EDIT_ADVANCED'} = 'off';
 $cgiparams{'ACTION'} = '';
@@ -385,18 +387,27 @@ sub writeipsecfiles {
 	print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on');
 
 	# Dead Peer Detection
-	print CONF "\tdpdaction=$lconfighash{$key}[27]\n";
-
-	my $dpddelay = $lconfighash{$key}[30];
-	if (!$dpddelay) {
-		$dpddelay = 30;
-	}
-	print CONF "\tdpddelay=$dpddelay\n";
-	my $dpdtimeout = $lconfighash{$key}[31];
-	if (!$dpdtimeout) {
-		$dpdtimeout = 120;
+	my $dpdaction = $lconfighash{$key}[27];
+	print CONF "\tdpdaction=$dpdaction\n";
+
+	# If the dead peer detection is disabled and IKEv2 is used,
+	# dpddelay must be set to zero, too.
+	if ($dpdaction eq "none") {
+		if ($lconfighash{$key}[29] eq "ikev2") {
+			print CONF "\tdpddelay=0\n";
+		}
+	} else {
+		my $dpddelay = $lconfighash{$key}[30];
+		if (!$dpddelay) {
+			$dpddelay = 30;
+		}
+		print CONF "\tdpddelay=$dpddelay\n";
+		my $dpdtimeout = $lconfighash{$key}[31];
+		if (!$dpdtimeout) {
+			$dpdtimeout = 120;
+		}
+		print CONF "\tdpdtimeout=$dpdtimeout\n";
 	}
-	print CONF "\tdpdtimeout=$dpdtimeout\n";
 
 	# Build Authentication details:  LEFTid RIGHTid : PSK psk
 	my $psk_line;
@@ -500,7 +511,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 ###
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) {
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
     &Header::openbigbox('100%', 'left', '', '');
     &Header::openbox('100%', 'left', $Lang::tr{'are you sure'});
     print <<END
@@ -596,7 +607,7 @@ END
 
     if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
 	&Header::showhttpheaders();
-	&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+	&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', '');
 	&Header::openbox('100%', 'left', "$Lang::tr{'ca certificate'}:");
 	my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
@@ -672,7 +683,7 @@ END
 	}
 	if ($assignedcerts) {
 	    &Header::showhttpheaders();
-	    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+	    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	    &Header::openbigbox('100%', 'left', '', '');
 	    &Header::openbox('100%', 'left', $Lang::tr{'are you sure'});
 	    print <<END
@@ -717,7 +728,7 @@ END
 	$cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
     my $output;
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
     &Header::openbigbox('100%', 'left', '', '');
     if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
 	&Header::openbox('100%', 'left', "$Lang::tr{'root certificate'}:");
@@ -1043,7 +1054,7 @@ END
 
     ROOTCERT_ERROR:
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
     &Header::openbigbox('100%', 'left', '', $errormessage);
     if ($errormessage) {
         &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
@@ -1088,7 +1099,7 @@ END
         <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: 
         $Lang::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'}
     </td></tr>
-    <tr><td colspan='2'><hr /></td></tr>
+    <tr><td colspan='2'><hr></td></tr>
     <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:</td>
         <td nowrap='nowrap'><input type='file' name='FH' size='32' /></td></tr>
     <tr><td class='base'>$Lang::tr{'pkcs12 file password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
@@ -1130,7 +1141,7 @@ END
 
     if ( -f "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
 	&Header::showhttpheaders();
-	&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+	&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', '');
 	&Header::openbox('100%', 'left', "$Lang::tr{'cert'}:");
 	my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
@@ -1214,13 +1225,13 @@ END
     } else {
 	$errormessage = $Lang::tr{'invalid key'};
     }
-
+	&General::firewall_reload();
 ###
 ### Choose between adding a host-net or net-net connection
 ###
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
 	&Header::showhttpheaders();
-	&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+	&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', '');
 	&Header::openbox('100%', 'left', $Lang::tr{'connection type'});
 	print <<END
@@ -1396,14 +1407,13 @@ END
 	    goto VPNCONF_ERROR;
 	}
 
-#temporary disabled (BUG 10294)
-#	if ($cgiparams{'TYPE'} eq 'net'){
-#		$errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'});
-#		if ($errormessage ne ''){
-#			goto VPNCONF_ERROR;
-#		}
-#		
-#	}
+	if ($cgiparams{'TYPE'} eq 'net'){
+		$warnmessage=&General::checksubnets('',$cgiparams{'REMOTE_SUBNET'},'ipsec');
+		if ($warnmessage ne ''){
+			$warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
+		}
+	}
+
 	if ($cgiparams{'AUTH'} eq 'psk') {
 	    if (! length($cgiparams{'PSK'}) ) {
 		$errormessage = $Lang::tr{'pre-shared key is too short'};
@@ -1845,9 +1855,9 @@ END
 
 	# choose appropriate dpd action	
 	if ($cgiparams{'TYPE'} eq 'host') {
-	    $cgiparams{'DPD_ACTION'} = 'clear';
+		$cgiparams{'DPD_ACTION'} = 'clear';
 	} else {
-	    $cgiparams{'DPD_ACTION'} = 'restart';
+		$cgiparams{'DPD_ACTION'} = 'restart';
 	}
 
 	if (!$cgiparams{'DPD_DELAY'}) {
@@ -1899,12 +1909,8 @@ END
     $checked{'AUTH'}{'auth-dn'} = '';
     $checked{'AUTH'}{$cgiparams{'AUTH'}} = "checked='checked'";
 
-    $selected{'IKE_VERSION'}{'ikev1'} = '';
-    $selected{'IKE_VERSION'}{'ikev2'} = '';
-    $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'";
-
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
     &Header::openbigbox('100%', 'left', '', $errormessage);
     if ($errormessage) {
 	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
@@ -1923,6 +1929,7 @@ END
     print "<form method='post' enctype='multipart/form-data' action='$ENV{'SCRIPT_NAME'}'>";
     print<<END
 	<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />
+	<input type='hidden' name='IKE_VERSION' value='$cgiparams{'IKE_VERSION'}' />
 	<input type='hidden' name='IKE_ENCRYPTION' value='$cgiparams{'IKE_ENCRYPTION'}' />
 	<input type='hidden' name='IKE_INTEGRITY' value='$cgiparams{'IKE_INTEGRITY'}' />
 	<input type='hidden' name='IKE_GROUPTYPE' value='$cgiparams{'IKE_GROUPTYPE'}' />
@@ -1942,19 +1949,23 @@ END
     ;
     if ($cgiparams{'KEY'}) {
 	print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
+	print "<input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />";
 	print "<input type='hidden' name='AUTH' value='$cgiparams{'AUTH'}' />";
     }
 
-    &Header::openbox('100%', 'left', "$Lang::tr{'connection'}:");
+    &Header::openbox('100%', 'left', "$Lang::tr{'connection'}: $cgiparams{'NAME'}");
     print "<table width='100%'>";
-    print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>";
-    if ($cgiparams{'KEY'}) {
-	print "<td width='25%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' /><b>$cgiparams{'NAME'}</b></td>";
-    } else {
-	print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' size='30' /></td>";
+    if (!$cgiparams{'KEY'}) {
+    	print <<EOF;
+    		<tr>
+    			<td width='20%'>$Lang::tr{'name'}:</td>
+    			<td width='30%'>
+    				<input type='text' name='NAME' value='$cgiparams{'NAME'}' size='25' />
+    			</td>
+    			<td colspan="2"></td>
+    		</tr>
+EOF
     }
-    print "<td>$Lang::tr{'enabled'}</td><td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td></tr>";
-    print '</tr><td><br /></td><tr>';
 
     my $disabled;
     my $blob;
@@ -1965,38 +1976,41 @@ END
 
     print <<END
 	<tr>
-	    <td class='boldbase'>$Lang::tr{'remote host/ip'}:&nbsp;$blob</td>
-	    <td>
-	        <input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size='30' />
+		<td width='20%'>$Lang::tr{'enabled'}</td>
+		<td width='30%'>
+			<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} />
+		</td>
+	    <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'local subnet'}</td>
+	    <td width='30%'>
+	        <input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size="25" />
+	    </td>
+	</tr>
+	<tr>
+	    <td class='boldbase' width='20%'>$Lang::tr{'remote host/ip'}:&nbsp;$blob</td>
+	    <td width='30%'>
+	        <input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size="25" />
 	    </td>
-	    <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
-	    <td>
-	        <input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' />
+	    <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'}</td>
+	    <td width='30%'>
+	        <input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size="25" />
 	    </td>
 	</tr>
 	<tr>
-	    <td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
-	    <td colspan='3'>
-	        <input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' />
+	    <td class='boldbase' width='20%'>$Lang::tr{'vpn local id'}:</td>
+	    <td width='30%'>
+	    	<input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' size="25" />
+	    </td>
+	    <td class='boldbase' width='20%'>$Lang::tr{'vpn remote id'}:</td>
+	    <td width='30%'>
+	    	<input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' size="25" />
 	    </td>
 	</tr>
+	<tr><td colspan="4"><br /></td></tr>
 	<tr>
-	    <td class='boldbase'>$Lang::tr{'vpn local id'}:<br />($Lang::tr{'eg'} <tt>&#64;xy.example.com</tt>)</td>
-	    <td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td>
-	    <td class='boldbase'>$Lang::tr{'vpn remote id'}:</td>
-	    <td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
-	</tr><tr>
-	</tr><td><br /></td><tr>
-	    <td>$Lang::tr{'vpn keyexchange'}:</td>
-	    <td><select name='IKE_VERSION'>
-    		<option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option>
-    		<option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option>
-    		</select>
+	    <td class='boldbase' width='20%'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+	    <td colspan='3'>
+	    	<input type='text' name='REMARK' value='$cgiparams{'REMARK'}' maxlength='50' size="73" />
 	    </td>
-	    <td colspan="2"></td>
-	</tr><tr>
-	    <td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' alt='*' /></td>
-	    <td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
 	</tr>
 END
     ;
@@ -2216,6 +2230,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	    goto ADVANCED_ERROR;
 	}
 
+	$confighash{$cgiparams{'KEY'}}[29] = $cgiparams{'IKE_VERSION'};
 	$confighash{$cgiparams{'KEY'}}[18] = $cgiparams{'IKE_ENCRYPTION'};
 	$confighash{$cgiparams{'KEY'}}[19] = $cgiparams{'IKE_INTEGRITY'};
 	$confighash{$cgiparams{'KEY'}}[20] = $cgiparams{'IKE_GROUPTYPE'};
@@ -2229,6 +2244,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	$confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'};
 	$confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'};
 	$confighash{$cgiparams{'KEY'}}[14] = $cgiparams{'VHOST'};
+	$confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'DPD_ACTION'};
 	$confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'};
 	$confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'};
 	&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
@@ -2239,6 +2255,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	}
 	goto ADVANCED_END;
     } else {
+    $cgiparams{'IKE_VERSION'}    = $confighash{$cgiparams{'KEY'}}[29];
 	$cgiparams{'IKE_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[18];
 	$cgiparams{'IKE_INTEGRITY'}  = $confighash{$cgiparams{'KEY'}}[19];
 	$cgiparams{'IKE_GROUPTYPE'}  = $confighash{$cgiparams{'KEY'}}[20];
@@ -2251,6 +2268,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	$cgiparams{'ONLY_PROPOSED'}  = $confighash{$cgiparams{'KEY'}}[24];
 	$cgiparams{'PFS'}  	     = $confighash{$cgiparams{'KEY'}}[28];
 	$cgiparams{'VHOST'}          = $confighash{$cgiparams{'KEY'}}[14];
+	$cgiparams{'DPD_ACTION'}     = $confighash{$cgiparams{'KEY'}}[27];
 	$cgiparams{'DPD_TIMEOUT'}    = $confighash{$cgiparams{'KEY'}}[30];
 	$cgiparams{'DPD_DELAY'}      = $confighash{$cgiparams{'KEY'}}[31];
 
@@ -2323,13 +2341,18 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
     $checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ;
     $checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ? "checked='checked'" : '' ;
 
+    $selected{'IKE_VERSION'}{'ikev1'} = '';
+    $selected{'IKE_VERSION'}{'ikev2'} = '';
+    $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'";
+
     $selected{'DPD_ACTION'}{'clear'} = '';
     $selected{'DPD_ACTION'}{'hold'} = '';
     $selected{'DPD_ACTION'}{'restart'} = '';
+    $selected{'DPD_ACTION'}{'none'} = '';
     $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
 
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
     &Header::openbigbox('100%', 'left', '', $errormessage);
 
     if ($errormessage) {
@@ -2361,6 +2384,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		</tr>
 	</thead>
 	<tbody>
+		<tr>
+			<td>$Lang::tr{'vpn keyexchange'}:</td>
+			<td>
+				<select name='IKE_VERSION'>
+					<option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option>
+					<option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option>
+				</select>
+			</td>
+			<td></td>
+		</tr>
 		<tr>
 			<td class='boldbase' width="15%">$Lang::tr{'encryption'}</td>
 			<td class='boldbase'>
@@ -2458,6 +2491,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		<td width="15%">$Lang::tr{'dpd action'}:</td>
 		<td>
 			<select name='DPD_ACTION'>
+				<option value='none' $selected{'DPD_ACTION'}{'none'}>- $Lang::tr{'disabled'} -</option>
 				<option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
 				<option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
 				<option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
@@ -2485,7 +2519,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		<td>
 			<label>
 				<input type='checkbox' name='ONLY_PROPOSED' $checked{'ONLY_PROPOSED'} />
-				IKE+ESP: $Lang::tr{'use only proposed settings'}</td>
+				IKE+ESP: $Lang::tr{'use only proposed settings'}
 			</label>
 		</td>
 	</tr>
@@ -2567,7 +2601,7 @@ EOF
     $checked{'ENABLED'} = $cgiparams{'ENABLED'} eq 'on' ? "checked='checked'" : '';
 
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
     &Header::openbigbox('100%', 'left', '', $errormessage);
 
     if ($errormessage) {
@@ -2577,6 +2611,16 @@ EOF
 	&Header::closebox();
     }
 
+	if ($warnmessage) {
+		&Header::openbox('100%', 'left', $Lang::tr{'warning messages'});
+		print "$warnmessage<br>";
+		print "$Lang::tr{'fwdfw warn1'}<br>";
+		&Header::closebox();
+		print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
+		&Header::closepage();
+		exit 0;
+	}
+
     &Header::openbox('100%', 'left', $Lang::tr{'global settings'});
     print <<END
     <form method='post' action='$ENV{'SCRIPT_NAME'}'>
@@ -2597,17 +2641,18 @@ print <<END
 	<td  class='base' nowrap='nowrap'>$Lang::tr{'host to net vpn'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
 	<td ><input type='text' name='RW_NET' value='$cgiparams{'RW_NET'}' /></td>
     </tr>
- </table>
+</table>
+<br>
 <hr />
 <table width='100%'>
 <tr>
     <td class='base' valign='top'><img src='/blob.gif' alt='*' /></td>
-    <td width='70%' class='base' valign='top'>$Lang::tr{'this field may be blank'}</td>
+    <td width='70%' class='base' valign='top'>$Lang::tr{'this field may be blank'}</td><td width='30%' align='right' class='base'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
 </tr>
 <tr>
     <td class='base' valign='top' nowrap='nowrap'><img src='/blob.gif' alt='*' /><img src='/blob.gif' alt='*' />&nbsp;</td>
     <td class='base'>	<font class='base'>$Lang::tr{'vpn delayed start help'}</font></td>
-    <td width='30%' align='center' class='base'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+    <td></td>
 </tr>
 </table>
 END
@@ -2617,14 +2662,14 @@ END
 
     &Header::openbox('100%', 'left', $Lang::tr{'connection status and controlc'});
     print <<END
-    <table width='100%' border='0' cellspacing='1' cellpadding='0'>
+    <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
     <tr>
-	<td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
-	<td width='22%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></td>
-	<td width='23%' class='boldbase' align='center'><b>$Lang::tr{'common name'}</b></td>
-	<td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
-	<td width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></td>
-	<td class='boldbase' align='center' colspan='6'><b>$Lang::tr{'action'}</b></td>
+	<th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
+	<th width='22%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
+	<th width='23%' class='boldbase' align='center'><b>$Lang::tr{'common name'}</b></th>
+	<th width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
+	<th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
+	<th class='boldbase' align='center' colspan='6'><b>$Lang::tr{'action'}</b></th>
     </tr>
 END
     ;
@@ -2634,36 +2679,41 @@ END
 	if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
 
 	if ($id % 2) {
-	    print "<tr bgcolor='$color{'color20'}'>\n";
+		print "<tr>";
+		$col="bgcolor='$color{'color20'}'";
 	} else {
-	    print "<tr bgcolor='$color{'color22'}'>\n";
+		print "<tr>";
+		$col="bgcolor='$color{'color22'}'";
 	}
-	print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>";
-	print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ") $confighash{$key}[29]</td>";
+	print "<td align='center' nowrap='nowrap' $col>$confighash{$key}[1]</td>";
+	print "<td align='center' nowrap='nowrap' $col>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ") $confighash{$key}[29]</td>";
 	if ($confighash{$key}[2] eq '%auth-dn') {
-	    print "<td align='left' nowrap='nowrap'>$confighash{$key}[9]</td>";
+	    print "<td align='left' nowrap='nowrap' $col>$confighash{$key}[9]</td>";
 	} elsif ($confighash{$key}[4] eq 'cert') {
-	    print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
+	    print "<td align='left' nowrap='nowrap' $col>$confighash{$key}[2]</td>";
 	} else {
-	    print "<td align='left'>&nbsp;</td>";
+	    print "<td align='left' $col>&nbsp;</td>";
 	}
-	print "<td align='center'>$confighash{$key}[25]</td>";
+	print "<td align='center' $col>$confighash{$key}[25]</td>";
+	my $col1="bgcolor='${Header::colourred}'";
 	# get real state
-	my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
+	my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
 	foreach my $line (@status) {
 	    if (($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) ||
 	       ($line =~ /$confighash{$key}[1]\{.*INSTALLED/))
 	    {
-		$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
+		$col1="bgcolor='${Header::colourgreen}'";
+		$active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
 	    }
 	}
 	# move to blueif really down
-	if ($confighash{$key}[0] eq 'off' && $active =~ /${Header::colourred}/ ) {
-	    $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
+	if ($confighash{$key}[0] eq 'off' && $col1 =~ /${Header::colourred}/ ) {
+		$col1="bgcolor='${Header::colourblue}'";
+	    $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
 	}
 	print <<END
-	<td align='center'>$active</td>
-	<td align='center'>
+	<td align='center' $col1>$active</td>
+	<td align='center' $col>
 	    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 	    <input type='image'  name='$Lang::tr{'restart'}' src='/images/reload.gif' alt='$Lang::tr{'restart'}' title='$Lang::tr{'restart'}' />
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'restart'}' />
@@ -2674,7 +2724,7 @@ END
 	;
 	if (($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%auth-dn')) {
 	    print <<END
-	    <td align='center'>
+	    <td align='center' $col>
 	    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 		<input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' />
 		<input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
@@ -2683,11 +2733,11 @@ END
 	    </td>
 END
 	; } else {
-	    print "<td width='2%'>&nbsp;</td>";
+	    print "<td width='2%' $col>&nbsp;</td>";
 	}
 	if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/certs/$confighash{$key}[1].p12") { 
 	    print <<END
-	    <td align='center'>
+	    <td align='center' $col>
 	    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 		<input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/floppy.gif' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' />
 		<input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
@@ -2697,7 +2747,7 @@ END
 END
 	; } elsif (($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%auth-dn')) {
 	    print <<END
-	    <td align='center'>
+	    <td align='center' $col>
 	    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 		<input type='image' name='$Lang::tr{'download certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' />
 		<input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
@@ -2706,10 +2756,10 @@ END
 	</td>
 END
 	; } else {
-	    print "<td width='2%'>&nbsp;</td>";
+	    print "<td width='2%' $col>&nbsp;</td>";
 	}
 	print <<END
-	<td align='center'>
+	<td align='center' $col>
 	    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 	    <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$Lang::tr{'toggle enable disable'}' title='$Lang::tr{'toggle enable disable'}' />
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
@@ -2717,14 +2767,14 @@ END
 	    </form>
 	</td>
 
-	<td align='center'>
+	<td align='center' $col>
 	    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
 	    <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
 	    <input type='hidden' name='KEY' value='$key' />
 	    </form>
 	</td>
-	<td align='center' >
+	<td align='center' $col>
 	    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
 	    <input type='image'  name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' />
@@ -2769,7 +2819,7 @@ END
 
     print <<END
     <table width='100%'>
-    <tr><td align='center' colspan='9'>
+    <tr><td align='right' colspan='9'>
 	<form method='post' action='$ENV{'SCRIPT_NAME'}'>
 	<input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
 	</form>
@@ -2779,45 +2829,46 @@ END
     ;
     &Header::closebox();
 
-    &Header::openbox('100%', 'left', "$Lang::tr{'certificate authorities'}:");
+    &Header::openbox('100%', 'left', "$Lang::tr{'certificate authorities'}");
     print <<EOF
-    <table width='100%' border='0' cellspacing='1' cellpadding='0'>
+    <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
     <tr>
-	<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
-	<td width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></td>
-	<td width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
+	<th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
+	<th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th>
+	<th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th>
     </tr>
 EOF
     ;
+    my $col1="bgcolor='$color{'color22'}'";
+	my $col2="bgcolor='$color{'color20'}'";
     if (-f "${General::swroot}/ca/cacert.pem") {
 	my $casubject = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/ca/cacert.pem"));
-
 	print <<END
-	<tr bgcolor='$color{'color22'}'>
-	<td class='base'>$Lang::tr{'root certificate'}</td>
-	<td class='base'>$casubject</td>
-	<td width='3%' align='center'>
+	<tr>
+	<td class='base' $col1>$Lang::tr{'root certificate'}</td>
+	<td class='base' $col1>$casubject</td>
+	<td width='3%' align='center' $col1>
 	    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
 	    <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' />
 	    </form>
 	</td>
-	<td width='3%' align='center'>
+	<td width='3%' align='center' $col1>
 	    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 	    <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' />
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
 	    </form>
 	</td>
-	<td width='4%'>&nbsp;</td></tr>
+	<td width='4%' $col1>&nbsp;</td></tr>
 END
 	;
     } else {
 	# display rootcert generation buttons
 	print <<END
-	<tr bgcolor='$color{'color22'}'>
-	<td class='base'>$Lang::tr{'root certificate'}:</td>
-	<td class='base'>$Lang::tr{'not present'}</td>
-	<td colspan='3'>&nbsp;</td></tr>
+	<tr>
+	<td class='base' $col1>$Lang::tr{'root certificate'}:</td>
+	<td class='base' $col1>$Lang::tr{'not present'}</td>
+	<td colspan='3' $col1>&nbsp;</td></tr>
 END
 	;
     }
@@ -2826,61 +2877,63 @@ END
 	my $hostsubject = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/certs/hostcert.pem"));
 
 	print <<END
-	<tr bgcolor='$color{'color20'}'>
-	<td class='base'>$Lang::tr{'host certificate'}</td>
-	<td class='base'>$hostsubject</td>
-	<td width='3%' align='center'>
+	<tr>
+	<td class='base' $col2>$Lang::tr{'host certificate'}</td>
+	<td class='base' $col2>$hostsubject</td>
+	<td width='3%' align='center' $col2>
 	    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
 	    <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' />
 	    </form>
 	</td>
-	<td width='3%' align='center'>
+	<td width='3%' align='center' $col2>
 	    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-	    <input type='image' name='$Lang::tr{'download host certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download host certificate'}' title='$Lang::tr{'download host certificate'}' />
-	    <input type='hidden' name='ACTION' value='$Lang::tr{'download host certificate'}' />
+	    <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/floppy.gif' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" />
+	    <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
 	    </form>
 	</td>
-	<td width='4%'>&nbsp;</td></tr>
+	<td width='4%' $col2>&nbsp;</td></tr>
 END
 	;
     } else {
 	# Nothing
 	print <<END
-	<tr bgcolor='$color{'color20'}'>
-	<td width='25%' class='base'>$Lang::tr{'host certificate'}:</td>
-	<td class='base'>$Lang::tr{'not present'}</td>
-	<td colspan='3'>&nbsp;</td></tr>
+	<tr>
+	<td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td>
+	<td class='base' $col2>$Lang::tr{'not present'}</td>
+	<td colspan='3' $col2>&nbsp;</td></tr>
 END
 	;
     }
  
-    my $rowcolor = 0;
-    if (keys %cahash > 0) {
-   foreach my $key (keys %cahash) {
-       if ($rowcolor++ % 2) {
-      print "<tr bgcolor='$color{'color20'}'>\n";
-       } else {
-      print "<tr bgcolor='$color{'color22'}'>\n";
-       }
-	    print "<td class='base'>$cahash{$key}[0]</td>\n";
-	    print "<td class='base'>$cahash{$key}[1]</td>\n";
+	my $rowcolor = 0;
+	if (keys %cahash > 0) {
+		foreach my $key (keys %cahash) {
+			if ($rowcolor++ % 2) {
+				print "<tr>";
+				$col="bgcolor='$color{'color20'}'";
+			} else {
+				print "<tr>";
+				$col="bgcolor='$color{'color22'}'";
+			}
+	    print "<td class='base' $col>$cahash{$key}[0]</td>\n";
+	    print "<td class='base' $col>$cahash{$key}[1]</td>\n";
 	    print <<END
-	    <td align='center'>
+	    <td align='center' $col>
 		<form method='post' name='cafrm${key}a' action='$ENV{'SCRIPT_NAME'}'>
 		<input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' />
 		<input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
 		<input type='hidden' name='KEY' value='$key' />
 		</form>
 	    </td>
-	    <td align='center'>
+	    <td align='center' $col>
 		<form method='post' name='cafrm${key}b' action='$ENV{'SCRIPT_NAME'}'>
 		<input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' />
 		<input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
 		<input type='hidden' name='KEY' value='$key' />
 		</form>
 	    </td>
-	    <td align='center'>
+	    <td align='center' $col>
 		<form method='post' name='cafrm${key}c' action='$ENV{'SCRIPT_NAME'}'>
 		<input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
 		<input type='image'  name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' />
@@ -2909,6 +2962,7 @@ END
     }
     my $createCA = -f "${General::swroot}/ca/cacert.pem" ? '' : "<tr><td colspan='3'></td><td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td></tr>";
     print <<END
+    <br>
     <hr />
     <form method='post' enctype='multipart/form-data' action='$ENV{'SCRIPT_NAME'}'>
     <table width='100%' border='0' cellspacing='1' cellpadding='0'>
@@ -2921,7 +2975,7 @@ END
     </tr>
     <tr>
 	<td colspan='3'>$Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}:</td>
-	<td><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' /></td>
+	<td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' /></td>
     </tr>
     </table>
     </form>