IPsec: Allow sending DNS server addresses to RW clients

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 6f03e30a6f7c4b421bd235e4a9feac000547dab6..ae8e3127656356beaa8fc79d830127ab5bd29ac3 100644 (file)
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -889,6 +889,7 @@ WARNING: untranslated string: guardian logtarget_file = unknown string
 WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: netbios nameserver daemon = NetBIOS Nameserver Daemon

diff --git a/doc/language_issues.en b/doc/language_issues.en
index 33c4a1cfb7d8689adc1a2e2a02905085ef3f8ea2..aa5c66dd285b7e9a752c1faa60d13cfb77d41942 100644 (file)
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1141,6 +1141,7 @@ WARNING: untranslated string: ipfires hostname = IPFire's Hostname
 WARNING: untranslated string: ipinfo = IP info
 WARNING: untranslated string: ipsec = IPsec
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI

diff --git a/doc/language_issues.es b/doc/language_issues.es
index efd020c648e6f64f48fffa06136f1d2399446c76..f66c5cae99664cda5b2cfb9652a053c7fe5fafa3 100644 (file)
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1224,6 +1224,7 @@ WARNING: untranslated string: ip basic info = Basic IP information
 WARNING: untranslated string: ip info for = IP information for
 WARNING: untranslated string: ipsec = IPsec
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI

diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 63dbc78fc5f724b0a95532b381284e54da1454b1..12c715c627680bd954e4102dff1dc0435d6771ab 100644 (file)
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -924,6 +924,7 @@ WARNING: untranslated string: guardian logtarget_file = unknown string
 WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: pakfire ago = ago.

diff --git a/doc/language_issues.it b/doc/language_issues.it
index 51c5286455be86010748112c717141bb315ab0a4..726a0a989f6e5646e684ad66f5d790eb8348da48 100644 (file)
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1063,6 +1063,7 @@ WARNING: untranslated string: invalid logserver protocol = Invalid syslogd serve
 WARNING: untranslated string: ip basic info = Basic IP information
 WARNING: untranslated string: ip info for = IP information for
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI

diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 3e737f8803027500f0a40d7c72922da388bc944b..e87e2c755c19235c20f9b66a1cc198f14b49d1d5 100644 (file)
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1072,6 +1072,7 @@ WARNING: untranslated string: invalid logserver protocol = Invalid syslogd serve
 WARNING: untranslated string: ip basic info = Basic IP information
 WARNING: untranslated string: ip info for = IP information for
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI

diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index b9429d4f4b132f1965679036e7419a8682cb5756..80bca4f01ebd43f5100fd7db66b8a36669468f33 100644 (file)
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1229,6 +1229,7 @@ WARNING: untranslated string: ip basic info = Basic IP information
 WARNING: untranslated string: ip info for = IP information for
 WARNING: untranslated string: ipsec = IPsec
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI

diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index d2cf8bc76282f2f19b4a50332a3e580983ee9861..6778a8399b370864e24cf8a7a910d205c9e3bb0b 100644 (file)
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1227,6 +1227,7 @@ WARNING: untranslated string: ip basic info = Basic IP information
 WARNING: untranslated string: ip info for = IP information for
 WARNING: untranslated string: ipsec = IPsec
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI

diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index a574c9aafc21986d9fe523a809a8a0e96190c461..aa7337a66488548e129af5e8ae80261fb5f0e512 100644 (file)
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -999,6 +999,7 @@ WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hos
 WARNING: untranslated string: ip basic info = Basic IP information
 WARNING: untranslated string: ip info for = IP information for
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI

diff --git a/doc/language_missings b/doc/language_missings
index f34b9d634dc732344db1626891b6fb508d195dd5..25265a94333cc119588761afb5568ddea1ac530b 100644 (file)
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -40,6 +40,7 @@
 < g.dtm
 < g.lite
 < insert removable device
+< ipsec dns server address is invalid
 < ipsec invalid ip address or fqdn for rw endpoint
 < ipsec roadwarrior endpoint
 < netbios nameserver daemon
@@ -540,6 +541,7 @@
 < ip info for
 < ipsec
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -929,6 +931,7 @@
 < download apple profile
 < g.dtm
 < g.lite
+< ipsec dns server address is invalid
 < ipsec invalid ip address or fqdn for rw endpoint
 < ipsec roadwarrior endpoint
 < upload fcdsl.o
@@ -1142,6 +1145,7 @@
 < ip basic info
 < ip info for
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -1555,6 +1559,7 @@
 < ip basic info
 < ip info for
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -2291,6 +2296,7 @@
 < ip info for
 < ipsec
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -3188,6 +3194,7 @@
 < ip info for
 < ipsec
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -3652,6 +3659,7 @@
 < ip basic info
 < ip info for
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 2b523bbc4d7641b1b6e4793a39210f5838737317..55b2506b4b54048cc46d664667f5db1105b6c8eb 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -124,6 +124,7 @@ $cgiparams{'MODE'} = "tunnel";
 $cgiparams{'INTERFACE_MODE'} = "";
 $cgiparams{'INTERFACE_ADDRESS'} = "";
 $cgiparams{'INTERFACE_MTU'} = 1500;
+$cgiparams{'DNS_SERVERS'} = "";
 &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
 
 my %APPLE_CIPHERS = (
@@ -511,6 +512,13 @@ sub writeipsecfiles {
                # Fragmentation
                print CONF "\tfragmentation=yes\n";
 
+               # DNS Servers for RW
+               if ($lconfighash{$key}[3] eq 'host') {
+                       my @servers = split(/\|/, $lconfighash{$key}[39]);
+
+                       print CONF "\trightdns=" . join(",", @servers) . "\n";
+               }
+
                print CONF "\n";
        } #foreach key
 
@@ -1612,6 +1620,7 @@ END
                $cgiparams{'INTERFACE_MODE'}            = $confighash{$cgiparams{'KEY'}}[36];
                $cgiparams{'INTERFACE_ADDRESS'}         = $confighash{$cgiparams{'KEY'}}[37];
                $cgiparams{'INTERFACE_MTU'}             = $confighash{$cgiparams{'KEY'}}[38];
+               $cgiparams{'DNS_SERVERS'}               = $confighash{$cgiparams{'KEY'}}[39];
 
                if (!$cgiparams{'DPD_DELAY'}) {
                        $cgiparams{'DPD_DELAY'} = 30;
@@ -1745,6 +1754,16 @@ END
                        }
                }
 
+               if ($cgiparams{'TYPE'} eq 'host') {
+                       my @servers = split(",", $cgiparams{'DNS_SERVERS'});
+                       foreach my $server (@servers) {
+                               unless (&Network::check_ip_address($server)) {
+                                       $errormessage = $Lang::tr{'ipsec dns server address is invalid'};
+                                       goto VPNCONF_ERROR;
+                               }
+                       }
+               }
+
                if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
                        $errormessage = $Lang::tr{'invalid input'};
                        goto VPNCONF_ERROR;
@@ -2147,7 +2166,7 @@ END
        my $key = $cgiparams{'KEY'};
        if (! $key) {
                $key = &General::findhasharraykey (\%confighash);
-               foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";}
+               foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";}
        }
        $confighash{$key}[0] = $cgiparams{'ENABLED'};
        $confighash{$key}[1] = $cgiparams{'NAME'};
@@ -2198,6 +2217,7 @@ END
        $confighash{$key}[36] = $cgiparams{'INTERFACE_MODE'};
        $confighash{$key}[37] = $cgiparams{'INTERFACE_ADDRESS'};
        $confighash{$key}[38] = $cgiparams{'INTERFACE_MTU'};
+       $confighash{$key}[39] = join("|", split(",", $cgiparams{'DNS_SERVERS'}));
 
        # free unused fields!
        $confighash{$key}[15] = 'off';
@@ -2280,6 +2300,7 @@ END
        $cgiparams{'INTERFACE_MODE'}            = "";
        $cgiparams{'INTERFACE_ADDRESS'}         = "";
        $cgiparams{'INTERFACE_MTU'}             = 1500;
+       $cgiparams{'DNS_SERVERS'}               = "";
 }
 
 VPNCONF_ERROR:
@@ -2376,11 +2397,8 @@ END
 EOF
        }
 
-       my $disabled;
-       my $blob;
-       if ($cgiparams{'TYPE'} eq 'host') {
-               $disabled = "disabled='disabled'";
-       } elsif ($cgiparams{'TYPE'} eq 'net') {
+       my $blob = "";
+       if ($cgiparams{'TYPE'} eq 'net') {
                $blob = "<img src='/blob.gif' alt='*' />";
        };
 
@@ -2390,6 +2408,9 @@ EOF
        my @remote_subnets = split(/\|/, $cgiparams{'REMOTE_SUBNET'});
        my $remote_subnets = join(",", @remote_subnets);
 
+       my @dns_servers = split(/\|/, $cgiparams{'DNS_SERVERS'});
+       my $dns_servers = join(",", @dns_servers);
+
        print <<END;
        <tr>
                <td width='20%'>$Lang::tr{'enabled'}</td>
@@ -2425,10 +2446,26 @@ END
                <td width='30%'>
                        <input type='text' name='LOCAL_SUBNET' value='$local_subnets' size="25" />
                </td>
-               <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'}&nbsp;$blob</td>
+END
+
+       if ($cgiparams{'TYPE'} eq "net") {
+               print <<END;
+               <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+               <td width='30%'>
+                       <input type='text' name='REMOTE_SUBNET' value='$remote_subnets' size="25" />
+               </td>
+END
+
+       } elsif ($cgiparams{'TYPE'} eq "host") {
+               print <<END;
+               <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'dns servers'}:</td>
                <td width='30%'>
-                       <input $disabled type='text' name='REMOTE_SUBNET' value='$remote_subnets' size="25" />
+                       <input type='text' name='DNS_SERVERS' value='$dns_servers' size="25" />
                </td>
+END
+       }
+
+       print <<END;
        </tr>
        <tr>
                <td class='boldbase' width='20%'>$Lang::tr{'vpn local id'}:</td>
@@ -2764,6 +2801,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
                $cgiparams{'INTERFACE_MODE'}            = $confighash{$cgiparams{'KEY'}}[36];
                $cgiparams{'INTERFACE_ADDRESS'}         = $confighash{$cgiparams{'KEY'}}[37];
                $cgiparams{'INTERFACE_MTU'}             = $confighash{$cgiparams{'KEY'}}[38];
+               $cgiparams{'DNS_SERVERS'}               = $confighash{$cgiparams{'KEY'}}[39];
 
                if (!$cgiparams{'DPD_DELAY'}) {
                        $cgiparams{'DPD_DELAY'} = 30;

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 87ffd269a72e2c9822094e0387e697ba8d1382ac..d867057727abffd9809835e68343a7963cbd6276 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1547,6 +1547,7 @@
 'ipinfo' => 'IP info',
 'ipsec' => 'IPsec',
 'ipsec connection' => 'IPsec Connection',
+'ipsec dns server address is invalid' => 'Invalid DNS server IP address(es)',
 'ipsec interface mode gre' => 'GRE',
 'ipsec interface mode none' => '- None (Default) -',
 'ipsec interface mode vti' => 'VTI',