X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=5fb60558fb09f44242c19089c6fda487b7c94874;hb=45762fc662cd8e869af561d6856a909a7dfe6082;hp=6abfa8fac229118839bde0b12c5b11089b281642;hpb=4e17adadcd3c3942e7c2222485fbf88608a4477f;p=ipfire-2.x.git
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 6abfa8fac2..5fb60558fb 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1,4 +1,23 @@
#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2010 IPFire Team info@ipfire.org #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see
$Lang::tr{'use a pre-shared key'} | -|||||
$Lang::tr{'upload a certificate request'} |
@@ -2078,7 +2105,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes128|3des|twofish256|twofish128|serpent256|serpent128|blowfish256|blowfish128|cast128)$/) {
+ if ($val !~ /^(aes256|aes128|3des)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2100,7 +2127,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(768|1024|1536|2048|3072|4096|6144|8192)$/) {
+ if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2119,7 +2146,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes128|3des|twofish256|twofish128|serpent256|serpent128|blowfish256|blowfish128)$/) {
+ if ($val !~ /^(aes256|aes128|3des)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2136,7 +2163,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
}
}
if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
- $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(768|1024|1536|2048|3072|4096)$/) {
+ $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2151,7 +2178,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
}
if (
- ($cgiparams{'AGGRMODE'} !~ /^(|on|off)$/) ||
($cgiparams{'COMPRESSION'} !~ /^(|on|off)$/) ||
($cgiparams{'ONLY_PROPOSED'} !~ /^(|on|off)$/) ||
($cgiparams{'PFS'} !~ /^(|on|off)$/) ||
@@ -2169,7 +2195,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$confighash{$cgiparams{'KEY'}}[22] = $cgiparams{'ESP_INTEGRITY'};
$confighash{$cgiparams{'KEY'}}[23] = $cgiparams{'ESP_GROUPTYPE'};
$confighash{$cgiparams{'KEY'}}[17] = $cgiparams{'ESP_KEYLIFE'};
- $confighash{$cgiparams{'KEY'}}[12] = $cgiparams{'AGGRMODE'};
+ $confighash{$cgiparams{'KEY'}}[12] = 'off'; #$cgiparams{'AGGRMODE'};
$confighash{$cgiparams{'KEY'}}[13] = $cgiparams{'COMPRESSION'};
$confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'};
@@ -2190,7 +2216,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$cgiparams{'ESP_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[22];
$cgiparams{'ESP_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[23];
$cgiparams{'ESP_KEYLIFE'} = $confighash{$cgiparams{'KEY'}}[17];
- $cgiparams{'AGGRMODE'} = $confighash{$cgiparams{'KEY'}}[12];
$cgiparams{'COMPRESSION'} = $confighash{$cgiparams{'KEY'}}[13];
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
@@ -2205,13 +2230,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'IKE_ENCRYPTION'}{'aes256'} = '';
$checked{'IKE_ENCRYPTION'}{'aes128'} = '';
$checked{'IKE_ENCRYPTION'}{'3des'} = '';
- $checked{'IKE_ENCRYPTION'}{'twofish256'} = '';
- $checked{'IKE_ENCRYPTION'}{'twofish128'} = '';
- $checked{'IKE_ENCRYPTION'}{'serpent256'} = '';
- $checked{'IKE_ENCRYPTION'}{'serpent128'} = '';
- $checked{'IKE_ENCRYPTION'}{'blowfish256'} = '';
- $checked{'IKE_ENCRYPTION'}{'blowfish128'} = '';
- $checked{'IKE_ENCRYPTION'}{'cast128'} = '';
my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'});
foreach my $key (@temp) {$checked{'IKE_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'IKE_INTEGRITY'}{'sha2_512'} = '';
@@ -2230,15 +2248,14 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'IKE_GROUPTYPE'}{'8192'} = '';
@temp = split('\|', $cgiparams{'IKE_GROUPTYPE'});
foreach my $key (@temp) {$checked{'IKE_GROUPTYPE'}{$key} = "selected='selected'"; }
+
+ # 768 is not supported by strongswan
+ $checked{'IKE_GROUPTYPE'}{'768'} = '';
+
+
$checked{'ESP_ENCRYPTION'}{'aes256'} = '';
$checked{'ESP_ENCRYPTION'}{'aes128'} = '';
$checked{'ESP_ENCRYPTION'}{'3des'} = '';
- $checked{'ESP_ENCRYPTION'}{'twofish256'} = '';
- $checked{'ESP_ENCRYPTION'}{'twofish128'} = '';
- $checked{'ESP_ENCRYPTION'}{'serpent256'} = '';
- $checked{'ESP_ENCRYPTION'}{'serpent128'} = '';
- $checked{'ESP_ENCRYPTION'}{'blowfish256'} = '';
- $checked{'ESP_ENCRYPTION'}{'blowfish128'} = '';
@temp = split('\|', $cgiparams{'ESP_ENCRYPTION'});
foreach my $key (@temp) {$checked{'ESP_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'ESP_INTEGRITY'}{'sha2_512'} = '';
@@ -2247,15 +2264,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'ESP_INTEGRITY'}{'md5'} = '';
@temp = split('\|', $cgiparams{'ESP_INTEGRITY'});
foreach my $key (@temp) {$checked{'ESP_INTEGRITY'}{$key} = "selected='selected'"; }
- $checked{'ESP_GROUPTYPE'}{'modp768'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp1024'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp1536'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp2048'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp3072'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp4096'} = '';
$checked{'ESP_GROUPTYPE'}{$cgiparams{'ESP_GROUPTYPE'}} = "selected='selected'";
- $checked{'AGGRMODE'} = $cgiparams{'AGGRMODE'} eq 'on' ? "checked='checked'" : '' ;
$checked{'COMPRESSION'} = $cgiparams{'COMPRESSION'} eq 'on' ? "checked='checked'" : '' ;
$checked{'ONLY_PROPOSED'} = $cgiparams{'ONLY_PROPOSED'} eq 'on' ? "checked='checked'" : '' ;
$checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ;
@@ -2291,19 +2301,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
-
-
-
-
-
-
-
$Lang::tr{'ike integrity'} | @@ -2317,7 +2318,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || - | |||
$Lang::tr{'ike lifetime'} | @@ -2331,29 +2331,15 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || - - - - - - | $Lang::tr{'esp integrity'} | $Lang::tr{'esp grouptype'} | + | |
$Lang::tr{'esp keylife'} | $Lang::tr{'hours'} | @@ -2362,9 +2348,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||||||
IKE+ESP: $Lang::tr{'use only proposed settings'} | -|||||
- $Lang::tr{'vpn aggrmode'} | |||||
$Lang::tr{'pfs yes no'} | @@ -2406,7 +2389,7 @@ EOF &General::readhasharray("${General::swroot}/vpn/config", \%confighash); $cgiparams{'CA_NAME'} = ''; - my @status = `/usr/sbin/ipsec auto --status`; + my @status = `/usr/local/bin/ipsecctrl I`; # suggest a default name for this side if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") { @@ -2427,7 +2410,7 @@ EOF $checked{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'} eq 'on' ? "checked='checked'" : '' ; map ($checked{$_} = $cgiparams{$_} eq 'on' ? "checked='checked'" : '', ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL', - 'DBG_KLIPS','DBG_DNS','DBG_NAT_T')); + 'DBG_DNS')); &Header::showhttpheaders(); @@ -2471,10 +2454,7 @@ crypt:, parsing:, emitting:, control:, -klips:, -dns:, -nat_t: - +dns: