X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=1fa40a827db718884883b6054fd2ef81394d7e7f;hb=ec238128df8a41644501c9620c03103e93c89afd;hp=f303cfbc2cb0ead196690353b841788b1efe57e9;hpb=a2ee81406ff7e6847ad17670c7b11766da6c5ce3;p=people%2Fpmueller%2Fipfire-2.x.git

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index f303cfbc2c..1fa40a827d 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2010  IPFire Team  info@ipfire.org                       #
+# Copyright (C) 2007-2011  IPFire Team  info@ipfire.org                       #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -58,6 +58,17 @@ my %mainsettings = ();
 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
 
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+
+my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}");
+my $blue_cidr = "# Blue not defined";
+if ($netsettings{'BLUE_DEV'}) {
+	$blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}");
+}
+my $orange_cidr = "# Orange not defined";
+if ($netsettings{'ORANGE_DEV'}) {
+	$orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
+}
+
 $cgiparams{'ENABLED'} = 'off';
 $cgiparams{'EDIT_ADVANCED'} = 'off';
 $cgiparams{'ACTION'} = '';
@@ -264,18 +275,16 @@ sub writeipsecfiles {
     # deprecated in ipsec.conf version 2
     #print CONF "\tplutoload=%search\n";
     #print CONF "\tplutostart=%search\n";
-    #Disable IKEv2 deamon
-    print CONF "\tcharonstart=no\n";
     print CONF "\tuniqueids=yes\n";
     print CONF "\tnat_traversal=yes\n";
     print CONF "\toverridemtu=$lvpnsettings{'VPN_OVERRIDE_MTU'}\n" if ($lvpnsettings{'VPN_OVERRIDE_MTU'} ne '');
     print CONF "\tvirtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16";
-    print CONF ",%v4:!$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+    print CONF ",%v4:!$green_cidr";
     if (length($netsettings{'ORANGE_DEV'}) > 2) {
-	print CONF ",%v4:!$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
+	print CONF ",%v4:!$orange_cidr";
     }
     if (length($netsettings{'BLUE_DEV'}) > 2) {
-	print CONF ",%v4:!$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+	print CONF ",%v4:!$blue_cidr";
     }
     foreach my $key (keys %lconfighash) {
 	if ($lconfighash{$key}[3] eq 'net') {
@@ -320,13 +329,15 @@ sub writeipsecfiles {
 	print CONF "conn $lconfighash{$key}[1]\n";
 	print CONF "\tleft=$localside\n";
 	print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute');
-	print CONF "\tleftsubnet=$lconfighash{$key}[8]\n";
+	my $cidr_net=&General::ipcidr($lconfighash{$key}[8]);
+	print CONF "\tleftsubnet=$cidr_net\n";
 	print CONF "\tleftfirewall=yes\n";
 	print CONF "\tlefthostaccess=yes\n";
 
 	print CONF "\tright=$lconfighash{$key}[10]\n";
 	if ($lconfighash{$key}[3] eq 'net') {
-	    print CONF "\trightsubnet=$lconfighash{$key}[11]\n";
+	    my $cidr_net=&General::ipcidr($lconfighash{$key}[11]);
+	    print CONF "\trightsubnet=$cidr_net\n";
 	    print CONF "\trightnexthop=%defaultroute\n";
 	} elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors?
 	    print CONF "\trightsubnet=vhost:%no,%priv\n";
@@ -384,6 +395,12 @@ sub writeipsecfiles {
 	    print CONF "\tpfsgroup=$lconfighash{$key}[23]\n";
 	}
 
+	# IKE V1 or V2
+	if (! $lconfighash{$key}[29]) {
+	   $lconfighash{$key}[29] = "ikev1";
+	}
+	print CONF "\tkeyexchange=$lconfighash{$key}[29]\n";
+
 	# Lifetimes
 	print CONF "\tikelifetime=$lconfighash{$key}[16]h\n" if ($lconfighash{$key}[16]);
 	print CONF "\tkeylife=$lconfighash{$key}[17]h\n" if ($lconfighash{$key}[17]);
@@ -1274,6 +1291,7 @@ END
 	$cgiparams{'REMARK'}		= $confighash{$cgiparams{'KEY'}}[25];
 	$cgiparams{'INTERFACE'}		= $confighash{$cgiparams{'KEY'}}[26];
 	$cgiparams{'DPD_ACTION'}	= $confighash{$cgiparams{'KEY'}}[27];
+	$cgiparams{'IKE_VERSION'}	= $confighash{$cgiparams{'KEY'}}[29];
 	$cgiparams{'IKE_ENCRYPTION'} 	= $confighash{$cgiparams{'KEY'}}[18];
 	$cgiparams{'IKE_INTEGRITY'}  	= $confighash{$cgiparams{'KEY'}}[19];
 	$cgiparams{'IKE_GROUPTYPE'}  	= $confighash{$cgiparams{'KEY'}}[20];
@@ -1369,15 +1387,15 @@ END
 
 	# Allow nothing or a string (DN,FDQN,) beginning with @
 	# with no comma but slashes between RID eg @O=FR/C=Paris/OU=myhome/CN=franck
-	if ( ($cgiparams{'LOCAL_ID'} !~ /^(|[\w.-]*@[\w. =*\/-]+|\d\.\d\.\d\.\d)$/) ||
-	    ($cgiparams{'REMOTE_ID'} !~ /^(|[\w.-]*@[\w. =*\/-]+|\d\.\d\.\d\.\d)$/) ||
+	if ( ($cgiparams{'LOCAL_ID'} !~ /^(|[\w.-]*@[\w. =*\/-]+|\d+\.\d+\.\d+\.\d+)$/) ||
+	    ($cgiparams{'REMOTE_ID'} !~ /^(|[\w.-]*@[\w. =*\/-]+|\d+\.\d+\.\d+\.\d+)$/) ||
 	    (($cgiparams{'REMOTE_ID'} eq $cgiparams{'LOCAL_ID'}) && ($cgiparams{'LOCAL_ID'} ne ''))
 	   ) {
 	    $errormessage = $Lang::tr{'invalid local-remote id'} . '<br />' .
 	    'DER_ASN1_DN: @c=FR/ou=Paris/ou=Home/cn=*<br />' .
 	    'FQDN: @ipfire.org<br />' .
 	    'USER_FQDN: info@ipfire.org<br />' .
-	    'IPV4_ADDR: @123.123.123.123';
+	    'IPV4_ADDR: 123.123.123.123';
 	    goto VPNCONF_ERROR;
 	}
 	# If Auth is DN, verify existance of Remote ID.
@@ -1776,6 +1794,7 @@ END
 	$confighash{$key}[25] = $cgiparams{'REMARK'};
 	$confighash{$key}[26] = $cgiparams{'INTERFACE'};
 	$confighash{$key}[27] = $cgiparams{'DPD_ACTION'};
+	$confighash{$key}[29] = $cgiparams{'IKE_VERSION'};
 
 	#dont forget advanced value
 	$confighash{$key}[18] = $cgiparams{'IKE_ENCRYPTION'};
@@ -1831,6 +1850,11 @@ END
 	    $cgiparams{'DPD_ACTION'} = 'restart';
 	}
 
+	# Default IKE Version to V1
+	if (! $cgiparams{'IKE_VERSION'}) {
+	    $cgiparams{'IKE_VERSION'} = 'ikev1';
+	}
+
 	# Default is yes for 'pfs'
 	$cgiparams{'PFS'}     = 'on';
 	
@@ -1881,6 +1905,10 @@ END
     $selected{'DPD_ACTION'}{'restart'} = '';
     $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
 
+    $selected{'IKE_VERSION'}{'ikev1'} = '';
+    $selected{'IKE_VERSION'}{'ikev2'} = '';
+    $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'";
+
     &Header::showhttpheaders();
     &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
     &Header::openbigbox('100%', 'left', '', $errormessage);
@@ -1960,6 +1988,12 @@ END
 	    <td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
 	</tr><tr>
 	</tr><td><br /></td><tr>
+	    <td>$Lang::tr{'vpn keyexchange'}:</td>
+	    <td><select name='IKE_VERSION'>
+    		<option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option>
+    		<option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option>
+    		</select></a>
+	    </td>
 	    <td>$Lang::tr{'dpd action'}:</td>
 	    <td><select name='DPD_ACTION'>
     		<option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
@@ -2386,7 +2420,7 @@ EOF
     &General::readhasharray("${General::swroot}/vpn/config", \%confighash);
     $cgiparams{'CA_NAME'} = '';
 
-    my @status = `/usr/local/bin/ipsecctrl I`;
+    my @status = `/usr/local/bin/ipsecctrl I 2>/dev/null`;
 
     # suggest a default name for this side
     if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
@@ -2493,7 +2527,7 @@ END
 	    print "<tr bgcolor='$color{'color22'}'>\n";
 	}
 	print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>";
-	print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
+	print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ") $confighash{$key}[29]</td>";
 	if ($confighash{$key}[2] eq '%auth-dn') {
 	    print "<td align='left' nowrap='nowrap'>$confighash{$key}[9]</td>";
 	} elsif ($confighash{$key}[4] eq 'cert') {
@@ -2505,7 +2539,9 @@ END
 	# get real state
 	my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
 	foreach my $line (@status) {
-	    if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) {
+	    if (($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) ||
+	       ($line =~ / $confighash{$key}[1]\{.*INSTALLED/))
+	    {
 		$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
 	    }
 	}