$cgiparams{'INTERFACE_MODE'} = "";
$cgiparams{'INTERFACE_ADDRESS'} = "";
$cgiparams{'INTERFACE_MTU'} = 1500;
+$cgiparams{'DNS_SERVERS'} = "";
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
my %APPLE_CIPHERS = (
print CONF "\tleftfirewall=yes\n";
print CONF "\tlefthostaccess=yes\n";
+
+ # Always send the host certificate
+ if ($lconfighash{$key}[3] eq 'host') {
+ print CONF "\tleftsendcert=always\n";
+ }
+
print CONF "\tright=$lconfighash{$key}[10]\n";
if ($lconfighash{$key}[3] eq 'net') {
# Fragmentation
print CONF "\tfragmentation=yes\n";
+ # DNS Servers for RW
+ if ($lconfighash{$key}[3] eq 'host') {
+ my @servers = split(/\|/, $lconfighash{$key}[39]);
+
+ print CONF "\trightdns=" . join(",", @servers) . "\n";
+ }
+
print CONF "\n";
} #foreach key
my $uuid1 = $uuid->create_str();
my $uuid2 = $uuid->create_str();
+ my $ca = "";
+ my $ca_uuid = $uuid->create_str();
+
my $cert = "";
my $cert_uuid = $uuid->create_str();
- # Read and encode certificate
+ # Read and encode the CA & certificate
if ($confighash{$key}[4] eq "cert") {
+ my $ca_path = "${General::swroot}/ca/cacert.pem";
my $cert_path = "${General::swroot}/certs/$confighash{$key}[1].p12";
+ # Read the CA and encode it into Base64
+ open(CA, "<${ca_path}");
+ local($/) = undef; # slurp
+ $ca = MIME::Base64::encode_base64(<CA>);
+ close(CA);
+
# Read certificate and encode it into Base64
open(CERT, "<${cert_path}");
local($/) = undef; # slurp
# Left ID
if ($confighash{$key}[9]) {
+ my $leftid = $confighash{$key}[9];
+
+ # Strip leading @ from FQDNs
+ if ($leftid =~ m/^@(.*)$/) {
+ $leftid = $1;
+ }
+
print " <key>LocalIdentifier</key>\n";
- print " <string>$confighash{$key}[9]</string>\n";
+ print " <string>$leftid</string>\n";
}
# Right ID
if ($confighash{$key}[7]) {
+ my $rightid = $confighash{$key}[7];
+
+ # Strip leading @ from FQDNs
+ if ($rightid =~ m/^@(.*)$/) {
+ $rightid = $1;
+ }
+
print " <key>RemoteIdentifier</key>\n";
- print " <string>$confighash{$key}[7]</string>\n";
+ print " <string>$rightid</string>\n";
}
if ($confighash{$key}[4] eq "cert") {
print " <key>ExtendedAuthEnabled</key>\n";
print " <integer>0</integer>\n";
+
+ # These are not needed, but we provide some default to stop iPhone asking for credentials
+ print " <key>AuthName</key>\n";
+ print " <string>$confighash{$key}[1]</string>\n";
+ print " <key>AuthPassword</key>\n";
+ print " <string></string>\n";
print " </dict>\n";
print " </dict>\n";
print " <dict>\n";
print " <key>PayloadIdentifier</key>\n";
print " <string>org.example.vpn1.client</string>\n";
+ print " <key>PayloadDisplayName</key>\n";
+ print " <string>$confighash{$key}[1]</string>\n";
print " <key>PayloadUUID</key>\n";
print " <string>${cert_uuid}</string>\n";
print " <key>PayloadType</key>\n";
print " </data>\n";
print " </dict>\n";
+
+ print " <dict>\n";
+ print " <key>PayloadIdentifier</key>\n";
+ print " <string>org.example.ca</string>\n";
+ print " <key>PayloadUUID</key>\n";
+ print " <string>${ca_uuid}</string>\n";
+ print " <key>PayloadType</key>\n";
+ print " <string>com.apple.security.root</string>\n";
+ print " <key>PayloadVersion</key>\n";
+ print " <integer>1</integer>\n";
+ print " <key>PayloadContent</key>\n";
+ print " <data>\n";
+
+ foreach (split /\n/,${ca}) {
+ print " $_\n";
+ }
+
+ print " </data>\n";
+ print " </dict>\n";
}
print " </array>\n";
$cgiparams{'INTERFACE_MODE'} = $confighash{$cgiparams{'KEY'}}[36];
$cgiparams{'INTERFACE_ADDRESS'} = $confighash{$cgiparams{'KEY'}}[37];
$cgiparams{'INTERFACE_MTU'} = $confighash{$cgiparams{'KEY'}}[38];
+ $cgiparams{'DNS_SERVERS'} = $confighash{$cgiparams{'KEY'}}[39];
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;
}
}
+ if ($cgiparams{'TYPE'} eq 'host') {
+ my @servers = split(",", $cgiparams{'DNS_SERVERS'});
+ foreach my $server (@servers) {
+ unless (&Network::check_ip_address($server)) {
+ $errormessage = $Lang::tr{'ipsec dns server address is invalid'};
+ goto VPNCONF_ERROR;
+ }
+ }
+ }
+
if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto VPNCONF_ERROR;
my $key = $cgiparams{'KEY'};
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
$confighash{$key}[36] = $cgiparams{'INTERFACE_MODE'};
$confighash{$key}[37] = $cgiparams{'INTERFACE_ADDRESS'};
$confighash{$key}[38] = $cgiparams{'INTERFACE_MTU'};
+ $confighash{$key}[39] = join("|", split(",", $cgiparams{'DNS_SERVERS'}));
# free unused fields!
$confighash{$key}[15] = 'off';
$cgiparams{'INTERFACE_MODE'} = "";
$cgiparams{'INTERFACE_ADDRESS'} = "";
$cgiparams{'INTERFACE_MTU'} = 1500;
+ $cgiparams{'DNS_SERVERS'} = "";
}
VPNCONF_ERROR:
EOF
}
- my $disabled;
- my $blob;
- if ($cgiparams{'TYPE'} eq 'host') {
- $disabled = "disabled='disabled'";
- } elsif ($cgiparams{'TYPE'} eq 'net') {
+ my $blob = "";
+ if ($cgiparams{'TYPE'} eq 'net') {
$blob = "<img src='/blob.gif' alt='*' />";
};
my @remote_subnets = split(/\|/, $cgiparams{'REMOTE_SUBNET'});
my $remote_subnets = join(",", @remote_subnets);
+ my @dns_servers = split(/\|/, $cgiparams{'DNS_SERVERS'});
+ my $dns_servers = join(",", @dns_servers);
+
print <<END;
<tr>
<td width='20%'>$Lang::tr{'enabled'}</td>
<td width='30%'>
<input type='text' name='LOCAL_SUBNET' value='$local_subnets' size="25" />
</td>
- <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'} $blob</td>
+END
+
+ if ($cgiparams{'TYPE'} eq "net") {
+ print <<END;
+ <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'} <img src='/blob.gif' alt='*' /></td>
<td width='30%'>
- <input $disabled type='text' name='REMOTE_SUBNET' value='$remote_subnets' size="25" />
+ <input type='text' name='REMOTE_SUBNET' value='$remote_subnets' size="25" />
</td>
+END
+
+ } elsif ($cgiparams{'TYPE'} eq "host") {
+ print <<END;
+ <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'dns servers'}:</td>
+ <td width='30%'>
+ <input type='text' name='DNS_SERVERS' value='$dns_servers' size="25" />
+ </td>
+END
+ }
+
+ print <<END;
</tr>
<tr>
<td class='boldbase' width='20%'>$Lang::tr{'vpn local id'}:</td>
$cgiparams{'INTERFACE_MODE'} = $confighash{$cgiparams{'KEY'}}[36];
$cgiparams{'INTERFACE_ADDRESS'} = $confighash{$cgiparams{'KEY'}}[37];
$cgiparams{'INTERFACE_MTU'} = $confighash{$cgiparams{'KEY'}}[38];
+ $cgiparams{'DNS_SERVERS'} = $confighash{$cgiparams{'KEY'}}[39];
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;