X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=b9a73e5f24c286460f292ddc5fb4084e86f3c5fb;hb=4e156911cc45c2788bfa7e04561e2a7e550c68b8;hp=2e3ef9a5705c38e5a34b937e7a89b21823c61104;hpb=05f4061d10a1bacb9a3c60205d8d88b84f216d29;p=people%2Fteissler%2Fipfire-2.x.git
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 2e3ef9a57..b9a73e5f2 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -23,7 +23,7 @@ use Net::DNS;
use File::Copy;
use File::Temp qw/ tempfile tempdir /;
use strict;
-
+use Sort::Naturally;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
@@ -61,11 +61,11 @@ my %mainsettings = ();
my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}");
my $blue_cidr = "# Blue not defined";
-if ($netsettings{'BLUE_DEV'}) {
+if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
$blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}");
}
my $orange_cidr = "# Orange not defined";
-if ($netsettings{'ORANGE_DEV'}) {
+if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
$orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
}
@@ -104,7 +104,8 @@ $cgiparams{'ROOTCERT_OU'} = '';
$cgiparams{'ROOTCERT_CITY'} = '';
$cgiparams{'ROOTCERT_STATE'} = '';
$cgiparams{'RW_NET'} = '';
-
+$cgiparams{'DPD_DELAY'} = '30';
+$cgiparams{'DPD_TIMEOUT'} = '120';
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
###
@@ -384,8 +385,8 @@ sub writeipsecfiles {
print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on');
# Dead Peer Detection
- print CONF "\tdpddelay=30\n";
- print CONF "\tdpdtimeout=120\n";
+ print CONF "\tdpddelay=$lconfighash{$key}[30]\n";
+ print CONF "\tdpdtimeout=$lconfighash{$key}[31]\n";
print CONF "\tdpdaction=$lconfighash{$key}[27]\n";
# Build Authentication details: LEFTid RIGHTid : PSK psk
@@ -1274,6 +1275,8 @@ END
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
$cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14];
+ $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
+ $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
@@ -1748,7 +1751,7 @@ END
my $key = $cgiparams{'KEY'};
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 28) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
@@ -1788,6 +1791,8 @@ END
$confighash{$key}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$key}[28] = $cgiparams{'PFS'};
$confighash{$key}[14] = $cgiparams{'VHOST'};
+ $confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'};
+ $confighash{$key}[31] = $cgiparams{'DPD_DELAY'};
#free unused fields!
$confighash{$key}[6] = 'off';
@@ -1840,7 +1845,7 @@ END
#use default advanced value
$cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[18];
$cgiparams{'IKE_INTEGRITY'} = 'sha2_256|sha|md5'; #[19];
- $cgiparams{'IKE_GROUPTYPE'} = '8192|6144|4096|3072|2048|1536|1024'; #[20];
+ $cgiparams{'IKE_GROUPTYPE'} = '4096|3072|2048|1536|1024'; #[20];
$cgiparams{'IKE_LIFETIME'} = '3'; #[16];
$cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[21];
$cgiparams{'ESP_INTEGRITY'} = 'sha2_256|sha1|md5'; #[22];
@@ -2101,7 +2106,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes192|aes128|3des)$/) {
+ if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2123,7 +2128,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(e521|e384|e256|e224|e192|1024|1536|2048|3072|4096|6144|8192)$/) {
+ if ($val !~ /^(e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|1024|1536|2048|2048s256|2048s224|2048s160|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2142,7 +2147,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes192|aes128|3des)$/) {
+ if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2159,8 +2164,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
}
}
if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
- $cgiparams{'ESP_GROUPTYPE'} !~ /^ecp(192|224|256|384|512)$/ &&
- $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096|6144|8192)$/) {
+ $cgiparams{'ESP_GROUPTYPE'} !~ /^ecp(192|224|256|384|512)(bp)?$/ &&
+ $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|2048s(256|224|160)|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2197,6 +2202,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'};
$confighash{$cgiparams{'KEY'}}[14] = $cgiparams{'VHOST'};
+ $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'};
+ $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'};
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
if (&vpnenabled) {
@@ -2217,6 +2224,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
$cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14];
+ $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
+ $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net' || $confighash{$cgiparams{'KEY'}}[10]) {
$cgiparams{'VHOST'} = 'off';
@@ -2228,6 +2237,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'IKE_ENCRYPTION'}{'aes192'} = '';
$checked{'IKE_ENCRYPTION'}{'aes128'} = '';
$checked{'IKE_ENCRYPTION'}{'3des'} = '';
+ $checked{'IKE_ENCRYPTION'}{'camellia256'} = '';
+ $checked{'IKE_ENCRYPTION'}{'camellia192'} = '';
+ $checked{'IKE_ENCRYPTION'}{'camellia128'} = '';
my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'});
foreach my $key (@temp) {$checked{'IKE_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'IKE_INTEGRITY'}{'sha2_512'} = '';
@@ -2256,6 +2268,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'ESP_ENCRYPTION'}{'aes192'} = '';
$checked{'ESP_ENCRYPTION'}{'aes128'} = '';
$checked{'ESP_ENCRYPTION'}{'3des'} = '';
+ $checked{'ESP_ENCRYPTION'}{'camellia256'} = '';
+ $checked{'ESP_ENCRYPTION'}{'camellia192'} = '';
+ $checked{'ESP_ENCRYPTION'}{'camellia128'} = '';
@temp = split('\|', $cgiparams{'ESP_ENCRYPTION'});
foreach my $key (@temp) {$checked{'ESP_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'ESP_INTEGRITY'}{'sha2_512'} = '';
@@ -2298,96 +2313,171 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
+
+
+
+ ";
+ print <
+
+
+
+ |
+
+
+EOF
+
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
@@ -2491,7 +2581,7 @@ END
;
my $id = 0;
my $gif;
- foreach my $key (keys %confighash) {
+ foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
if ($id % 2) {