$cgiparams{'DPD_DELAY'} = '30';
$cgiparams{'DPD_TIMEOUT'} = '120';
$cgiparams{'FORCE_MOBIKE'} = 'off';
+$cgiparams{'START_ACTION'} = 'start';
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
###
print CONF "conn $lconfighash{$key}[1]\n";
print CONF "\tleft=$localside\n";
- my $cidr_net=&General::ipcidr($lconfighash{$key}[8]);
- print CONF "\tleftsubnet=$cidr_net\n";
+ print CONF "\tleftsubnet=" . &make_subnets($lconfighash{$key}[8]) . "\n";
print CONF "\tleftfirewall=yes\n";
print CONF "\tlefthostaccess=yes\n";
print CONF "\tright=$lconfighash{$key}[10]\n";
if ($lconfighash{$key}[3] eq 'net') {
- my $cidr_net=&General::ipcidr($lconfighash{$key}[11]);
- print CONF "\trightsubnet=$cidr_net\n";
+ print CONF "\trightsubnet=" . &make_subnets($lconfighash{$key}[11]) . "\n";
}
# Local Cert and Remote Cert (unless auth is DN dn-auth)
print CONF "\trightrsasigkey=%cert\n";
}
+ my $start_action = $lconfighash{$key}[33];
+ if (!$start_action) {
+ $start_action = "start";
+ }
+
# Automatically start only if a net-to-net connection
if ($lconfighash{$key}[3] eq 'host') {
print CONF "\tauto=add\n";
print CONF "\trightsourceip=$lvpnsettings{'RW_NET'}\n";
} else {
- print CONF "\tauto=start\n";
+ print CONF "\tauto=$start_action\n";
}
# Fragmentation
$cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
#$cgiparams{'free'} = $confighash{$cgiparams{'KEY'}}[6];
$cgiparams{'LOCAL_ID'} = $confighash{$cgiparams{'KEY'}}[7];
- $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
+ my @local_subnets = split(",", $confighash{$cgiparams{'KEY'}}[8]);
+ $cgiparams{'LOCAL_SUBNET'} = join(/\|/, @local_subnets);
$cgiparams{'REMOTE_ID'} = $confighash{$cgiparams{'KEY'}}[9];
$cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
- $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
+ my @remote_subnets = split(",", $confighash{$cgiparams{'KEY'}}[11]);
+ $cgiparams{'REMOTE_SUBNET'} = join(/\|/, @remote_subnets);
$cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
$cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27];
$cgiparams{'IKE_VERSION'} = $confighash{$cgiparams{'KEY'}}[29];
}
}
- unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
- $errormessage = $Lang::tr{'local subnet is invalid'};
- goto VPNCONF_ERROR;
+ my @local_subnets = split(",", $cgiparams{'LOCAL_SUBNET'});
+ foreach my $subnet (@local_subnets) {
+ unless (&Network::check_subnet($subnet)) {
+ $errormessage = $Lang::tr{'local subnet is invalid'};
+ goto VPNCONF_ERROR;
+ }
}
# Allow only one roadwarrior/psk without remote IP-address
}
}
}
- if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
- $errormessage = $Lang::tr{'remote subnet is invalid'};
- goto VPNCONF_ERROR;
+
+ if ($cgiparams{'TYPE'} eq 'net') {
+ my @remote_subnets = split(",", $cgiparams{'REMOTE_SUBNET'});
+ foreach my $subnet (@remote_subnets) {
+ unless (&Network::check_subnet($subnet)) {
+ $errormessage = $Lang::tr{'remote subnet is invalid'};
+ goto VPNCONF_ERROR;
+ }
+ }
}
if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
my $key = $cgiparams{'KEY'};
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 32) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 33) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
$confighash{$key}[4] = 'cert';
}
if ($cgiparams{'TYPE'} eq 'net') {
- $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
+ my @remote_subnets = split(",", $cgiparams{'REMOTE_SUBNET'});
+ $confighash{$key}[11] = join('|', @remote_subnets);
}
$confighash{$key}[7] = $cgiparams{'LOCAL_ID'};
- $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
+ my @local_subnets = split(",", $cgiparams{'LOCAL_SUBNET'});
+ $confighash{$key}[8] = join('|', @local_subnets);
$confighash{$key}[9] = $cgiparams{'REMOTE_ID'};
$confighash{$key}[10] = $cgiparams{'REMOTE'};
$confighash{$key}[25] = $cgiparams{'REMARK'};
$blob = "<img src='/blob.gif' alt='*' />";
};
+ my @local_subnets = split(/\|/, $cgiparams{'LOCAL_SUBNET'});
+ my $local_subnets = join(",", @local_subnets);
+
+ my @remote_subnets = split(/\|/, $cgiparams{'REMOTE_SUBNET'});
+ my $remote_subnets = join(",", @remote_subnets);
+
print <<END
<tr>
<td width='20%'>$Lang::tr{'enabled'}</td>
</td>
<td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'local subnet'} <img src='/blob.gif' alt='*' /></td>
<td width='30%'>
- <input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size="25" />
+ <input type='text' name='LOCAL_SUBNET' value='$local_subnets' />
</td>
</tr>
<tr>
</td>
<td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'} $blob</td>
<td width='30%'>
- <input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size="25" />
+ <input $disabled type='text' name='REMOTE_SUBNET' value='$remote_subnets' />
</td>
</tr>
<tr>
<td class='base'>$Lang::tr{'users department'}:</td>
<td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' size='32' $cakeydisabled /></td></tr>
<tr><td> </td>
- <td class='base'>$Lang::tr{'organization name'}:</td>
+ <td class='base'>$Lang::tr{'organization name'}: <img src='/blob.gif' alt='*' /></td>
<td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' size='32' $cakeydisabled /></td></tr>
<tr><td> </td>
<td class='base'>$Lang::tr{'city'}:</td>
$confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'};
$confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'};
$confighash{$cgiparams{'KEY'}}[32] = $cgiparams{'FORCE_MOBIKE'};
+ $confighash{$cgiparams{'KEY'}}[33] = $cgiparams{'START_ACTION'};
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
if (&vpnenabled) {
$cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
$cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
$cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32];
+ $cgiparams{'START_ACTION'} = $confighash{$cgiparams{'KEY'}}[33];
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;
if (!$cgiparams{'DPD_TIMEOUT'}) {
$cgiparams{'DPD_TIMEOUT'} = 120;
}
+
+ if (!$cgiparams{'START_ACTION'}) {
+ $cgiparams{'START_ACTION'} = "start";
+ }
}
ADVANCED_ERROR:
$selected{'DPD_ACTION'}{'none'} = '';
$selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
+ $selected{'START_ACTION'}{'route'} = '';
+ $selected{'START_ACTION'}{'start'} = '';
+ $selected{'START_ACTION'}{$cgiparams{'START_ACTION'}} = "selected='selected'";
+
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'ipsec'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
}
&Header::openbox('100%', 'left', "$Lang::tr{'advanced'}:");
- print <<EOF
+ print <<EOF;
<form method='post' enctype='multipart/form-data' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ADVANCED' value='yes' />
<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
IKE+ESP: $Lang::tr{'use only proposed settings'}
</label>
</td>
+ <td>
+ <label>$Lang::tr{'vpn start action'}</label>
+ <select name="START_ACTION">
+ <option value="route" $selected{'START_ACTION'}{'route'}>$Lang::tr{'vpn start action route'}</option>
+ <option value="start" $selected{'START_ACTION'}{'start'}>$Lang::tr{'vpn start action start'}</option>
+ </select>
+ </td>
</tr>
<tr>
- <td>
+ <td colspan="2">
<label>
<input type='checkbox' name='PFS' $checked{'PFS'} />
$Lang::tr{'pfs yes no'}
</td>
</tr>
<tr>
- <td>
+ <td colspan="2">
<label>
<input type='checkbox' name='COMPRESSION' $checked{'COMPRESSION'} />
$Lang::tr{'vpn payload compression'}
</td>
</tr>
<tr>
- <td>
+ <td colspan="2">
<label>
<input type='checkbox' name='FORCE_MOBIKE' $checked{'FORCE_MOBIKE'} />
$Lang::tr{'vpn force mobike'}
</label>
</td>
</tr>
-EOF
-;
-
- print <<EOF;
<tr>
- <td align='left' colspan='1'><img src='/blob.gif' align='top' alt='*' /> $Lang::tr{'required field'}</td>
- <td align='right' colspan='2'>
+ <td align='left'><img src='/blob.gif' align='top' alt='*' /> $Lang::tr{'required field'}</td>
+ <td align='right'>
<input type='submit' name='ACTION' value='$Lang::tr{'save'}' />
<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' />
</td>
return &array_unique(\@algos);
}
+
+sub make_subnets($) {
+ my $subnets = shift;
+
+ my @nets = split(/\|/, $subnets);
+ my @cidr_nets = ();
+ foreach my $net (@nets) {
+ my $cidr_net = &General::ipcidr($net);
+ push(@cidr_nets, $cidr_net);
+ }
+
+ return join(",", @cidr_nets);
+}