From dccd7e874bf53efd9642756a3ed60abc95df43bb Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 5 Mar 2020 15:20:49 +0000
Subject: [PATCH] IPsec: Allow sending DNS server addresses to RW clients

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 doc/language_issues.de   |  1 +
 doc/language_issues.en   |  1 +
 doc/language_issues.es   |  1 +
 doc/language_issues.fr   |  1 +
 doc/language_issues.it   |  1 +
 doc/language_issues.nl   |  1 +
 doc/language_issues.pl   |  1 +
 doc/language_issues.ru   |  1 +
 doc/language_issues.tr   |  1 +
 doc/language_missings    |  8 ++++++
 html/cgi-bin/vpnmain.cgi | 54 ++++++++++++++++++++++++++++++++++------
 langs/en/cgi-bin/en.pl   |  1 +
 12 files changed, 64 insertions(+), 8 deletions(-)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 6f03e30a6f..ae8e312765 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -889,6 +889,7 @@ WARNING: untranslated string: guardian logtarget_file = unknown string
 WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: netbios nameserver daemon = NetBIOS Nameserver Daemon
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 33c4a1cfb7..aa5c66dd28 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1141,6 +1141,7 @@ WARNING: untranslated string: ipfires hostname = IPFire's Hostname
 WARNING: untranslated string: ipinfo = IP info
 WARNING: untranslated string: ipsec = IPsec
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
diff --git a/doc/language_issues.es b/doc/language_issues.es
index efd020c648..f66c5cae99 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1224,6 +1224,7 @@ WARNING: untranslated string: ip basic info = Basic IP information
 WARNING: untranslated string: ip info for = IP information for
 WARNING: untranslated string: ipsec = IPsec
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 63dbc78fc5..12c715c627 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -924,6 +924,7 @@ WARNING: untranslated string: guardian logtarget_file = unknown string
 WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: pakfire ago = ago.
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 51c5286455..726a0a989f 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1063,6 +1063,7 @@ WARNING: untranslated string: invalid logserver protocol = Invalid syslogd serve
 WARNING: untranslated string: ip basic info = Basic IP information
 WARNING: untranslated string: ip info for = IP information for
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 3e737f8803..e87e2c755c 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1072,6 +1072,7 @@ WARNING: untranslated string: invalid logserver protocol = Invalid syslogd serve
 WARNING: untranslated string: ip basic info = Basic IP information
 WARNING: untranslated string: ip info for = IP information for
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index b9429d4f4b..80bca4f01e 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1229,6 +1229,7 @@ WARNING: untranslated string: ip basic info = Basic IP information
 WARNING: untranslated string: ip info for = IP information for
 WARNING: untranslated string: ipsec = IPsec
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index d2cf8bc762..6778a8399b 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1227,6 +1227,7 @@ WARNING: untranslated string: ip basic info = Basic IP information
 WARNING: untranslated string: ip info for = IP information for
 WARNING: untranslated string: ipsec = IPsec
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index a574c9aafc..aa7337a664 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -999,6 +999,7 @@ WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hos
 WARNING: untranslated string: ip basic info = Basic IP information
 WARNING: untranslated string: ip info for = IP information for
 WARNING: untranslated string: ipsec connection = IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
diff --git a/doc/language_missings b/doc/language_missings
index f34b9d634d..25265a9433 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -40,6 +40,7 @@
 < g.dtm
 < g.lite
 < insert removable device
+< ipsec dns server address is invalid
 < ipsec invalid ip address or fqdn for rw endpoint
 < ipsec roadwarrior endpoint
 < netbios nameserver daemon
@@ -540,6 +541,7 @@
 < ip info for
 < ipsec
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -929,6 +931,7 @@
 < download apple profile
 < g.dtm
 < g.lite
+< ipsec dns server address is invalid
 < ipsec invalid ip address or fqdn for rw endpoint
 < ipsec roadwarrior endpoint
 < upload fcdsl.o
@@ -1142,6 +1145,7 @@
 < ip basic info
 < ip info for
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -1555,6 +1559,7 @@
 < ip basic info
 < ip info for
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -2291,6 +2296,7 @@
 < ip info for
 < ipsec
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -3188,6 +3194,7 @@
 < ip info for
 < ipsec
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -3652,6 +3659,7 @@
 < ip basic info
 < ip info for
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 2b523bbc4d..55b2506b4b 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -124,6 +124,7 @@ $cgiparams{'MODE'} = "tunnel";
 $cgiparams{'INTERFACE_MODE'} = "";
 $cgiparams{'INTERFACE_ADDRESS'} = "";
 $cgiparams{'INTERFACE_MTU'} = 1500;
+$cgiparams{'DNS_SERVERS'} = "";
 &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
 
 my %APPLE_CIPHERS = (
@@ -511,6 +512,13 @@ sub writeipsecfiles {
 		# Fragmentation
 		print CONF "\tfragmentation=yes\n";
 
+		# DNS Servers for RW
+		if ($lconfighash{$key}[3] eq 'host') {
+			my @servers = split(/\|/, $lconfighash{$key}[39]);
+
+			print CONF "\trightdns=" . join(",", @servers) . "\n";
+		}
+
 		print CONF "\n";
 	} #foreach key
 
@@ -1612,6 +1620,7 @@ END
 		$cgiparams{'INTERFACE_MODE'}		= $confighash{$cgiparams{'KEY'}}[36];
 		$cgiparams{'INTERFACE_ADDRESS'}		= $confighash{$cgiparams{'KEY'}}[37];
 		$cgiparams{'INTERFACE_MTU'}		= $confighash{$cgiparams{'KEY'}}[38];
+		$cgiparams{'DNS_SERVERS'}		= $confighash{$cgiparams{'KEY'}}[39];
 
 		if (!$cgiparams{'DPD_DELAY'}) {
 			$cgiparams{'DPD_DELAY'} = 30;
@@ -1745,6 +1754,16 @@ END
 			}
 		}
 
+		if ($cgiparams{'TYPE'} eq 'host') {
+			my @servers = split(",", $cgiparams{'DNS_SERVERS'});
+			foreach my $server (@servers) {
+				unless (&Network::check_ip_address($server)) {
+					$errormessage = $Lang::tr{'ipsec dns server address is invalid'};
+					goto VPNCONF_ERROR;
+				}
+			}
+		}
+
 		if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
 			$errormessage = $Lang::tr{'invalid input'};
 			goto VPNCONF_ERROR;
@@ -2147,7 +2166,7 @@ END
 	my $key = $cgiparams{'KEY'};
 	if (! $key) {
 		$key = &General::findhasharraykey (\%confighash);
-		foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";}
+		foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";}
 	}
 	$confighash{$key}[0] = $cgiparams{'ENABLED'};
 	$confighash{$key}[1] = $cgiparams{'NAME'};
@@ -2198,6 +2217,7 @@ END
 	$confighash{$key}[36] = $cgiparams{'INTERFACE_MODE'};
 	$confighash{$key}[37] = $cgiparams{'INTERFACE_ADDRESS'};
 	$confighash{$key}[38] = $cgiparams{'INTERFACE_MTU'};
+	$confighash{$key}[39] = join("|", split(",", $cgiparams{'DNS_SERVERS'}));
 
 	# free unused fields!
 	$confighash{$key}[15] = 'off';
@@ -2280,6 +2300,7 @@ END
 	$cgiparams{'INTERFACE_MODE'}        	= "";
 	$cgiparams{'INTERFACE_ADDRESS'}        	= "";
 	$cgiparams{'INTERFACE_MTU'}        	= 1500;
+	$cgiparams{'DNS_SERVERS'}        	= "";
 }
 
 VPNCONF_ERROR:
@@ -2376,11 +2397,8 @@ END
 EOF
 	}
 
-	my $disabled;
-	my $blob;
-	if ($cgiparams{'TYPE'} eq 'host') {
-		$disabled = "disabled='disabled'";
-	} elsif ($cgiparams{'TYPE'} eq 'net') {
+	my $blob = "";
+	if ($cgiparams{'TYPE'} eq 'net') {
 		$blob = "<img src='/blob.gif' alt='*' />";
 	};
 
@@ -2390,6 +2408,9 @@ EOF
 	my @remote_subnets = split(/\|/, $cgiparams{'REMOTE_SUBNET'});
 	my $remote_subnets = join(",", @remote_subnets);
 
+	my @dns_servers = split(/\|/, $cgiparams{'DNS_SERVERS'});
+	my $dns_servers = join(",", @dns_servers);
+
 	print <<END;
 	<tr>
 		<td width='20%'>$Lang::tr{'enabled'}</td>
@@ -2425,10 +2446,26 @@ END
 		<td width='30%'>
 			<input type='text' name='LOCAL_SUBNET' value='$local_subnets' size="25" />
 		</td>
-		<td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'}&nbsp;$blob</td>
+END
+
+	if ($cgiparams{'TYPE'} eq "net") {
+		print <<END;
+		<td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+		<td width='30%'>
+			<input type='text' name='REMOTE_SUBNET' value='$remote_subnets' size="25" />
+		</td>
+END
+
+	} elsif ($cgiparams{'TYPE'} eq "host") {
+		print <<END;
+		<td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'dns servers'}:</td>
 		<td width='30%'>
-			<input $disabled type='text' name='REMOTE_SUBNET' value='$remote_subnets' size="25" />
+			<input type='text' name='DNS_SERVERS' value='$dns_servers' size="25" />
 		</td>
+END
+	}
+
+	print <<END;
 	</tr>
 	<tr>
 		<td class='boldbase' width='20%'>$Lang::tr{'vpn local id'}:</td>
@@ -2764,6 +2801,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		$cgiparams{'INTERFACE_MODE'}		= $confighash{$cgiparams{'KEY'}}[36];
 		$cgiparams{'INTERFACE_ADDRESS'}		= $confighash{$cgiparams{'KEY'}}[37];
 		$cgiparams{'INTERFACE_MTU'}		= $confighash{$cgiparams{'KEY'}}[38];
+		$cgiparams{'DNS_SERVERS'}		= $confighash{$cgiparams{'KEY'}}[39];
 
 		if (!$cgiparams{'DPD_DELAY'}) {
 			$cgiparams{'DPD_DELAY'} = 30;
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 87ffd269a7..d867057727 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1547,6 +1547,7 @@
 'ipinfo' => 'IP info',
 'ipsec' => 'IPsec',
 'ipsec connection' => 'IPsec Connection',
+'ipsec dns server address is invalid' => 'Invalid DNS server IP address(es)',
 'ipsec interface mode gre' => 'GRE',
 'ipsec interface mode none' => '- None (Default) -',
 'ipsec interface mode vti' => 'VTI',
-- 
2.39.2