X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=1d75356406ffc81e741979a711d1ba87c026aaa8;hp=83d2414b4974eb5192a33b2002de85b73072d5f1;hb=3bcb59ab211cec80576e8e0c1202364e3001defc;hpb=afd5d8f76e725ac910c238e94f2282f78bce5da7 diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 83d2414b49..1d75356406 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -69,6 +69,8 @@ if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) { $orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"); } +my $col=""; + $cgiparams{'ENABLED'} = 'off'; $cgiparams{'EDIT_ADVANCED'} = 'off'; $cgiparams{'ACTION'} = ''; @@ -308,67 +310,33 @@ sub writeipsecfiles { # Algorithms if ($lconfighash{$key}[18] && $lconfighash{$key}[19] && $lconfighash{$key}[20]) { - print CONF "\tike="; - my @encs = split('\|', $lconfighash{$key}[18]); - my @ints = split('\|', $lconfighash{$key}[19]); - my @groups = split('\|', $lconfighash{$key}[20]); - my $comma = 0; - foreach my $i (@encs) { - foreach my $j (@ints) { - foreach my $k (@groups) { - if ($comma != 0) { print CONF ","; } else { $comma = 1; } - - my @l = split("", $k); - if ($l[0] eq "e") { - shift @l; - print CONF "$i-$j-ecp".join("", @l); - } else { - print CONF "$i-$j-modp$k"; - } - } - } - } - if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms? - print CONF "!\n"; - } else { - print CONF "\n"; - } + my @encs = split('\|', $lconfighash{$key}[18]); + my @ints = split('\|', $lconfighash{$key}[19]); + my @groups = split('\|', $lconfighash{$key}[20]); + + my @algos = &make_algos("ike", \@encs, \@ints, \@groups, 1); + print CONF "\tike=" . join(",", @algos); + + if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms? + print CONF "!\n"; + } else { + print CONF "\n"; + } } + if ($lconfighash{$key}[21] && $lconfighash{$key}[22]) { - print CONF "\tesp="; - my @encs = split('\|', $lconfighash{$key}[21]); - my @ints = split('\|', $lconfighash{$key}[22]); - my @groups = split('\|', $lconfighash{$key}[20]); - my $comma = 0; - foreach my $i (@encs) { - foreach my $j (@ints) { - my $modp = ""; - if ($pfs eq "on") { - foreach my $k (@groups) { - if ($comma != 0) { print CONF ","; } else { $comma = 1; } - if ($pfs eq "on") { - my @l = split("", $k); - if ($l[0] eq "e") { - $modp = ""; - } else { - $modp = "-modp$k"; - } - } else { - $modp = ""; - } - print CONF "$i-$j$modp"; - } - } else { - if ($comma != 0) { print CONF ","; } else { $comma = 1; } - print CONF "$i-$j"; - } + my @encs = split('\|', $lconfighash{$key}[21]); + my @ints = split('\|', $lconfighash{$key}[22]); + my @groups = split('\|', $lconfighash{$key}[20]); + + my @algos = &make_algos("esp", \@encs, \@ints, \@groups, ($pfs eq "on")); + print CONF "\tesp=" . join(",", @algos); + + if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms? + print CONF "!\n"; + } else { + print CONF "\n"; } - } - if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms? - print CONF "!\n"; - } else { - print CONF "\n"; - } } # IKE V1 or V2 @@ -395,12 +363,12 @@ sub writeipsecfiles { print CONF "\tdpddelay=0\n"; } } else { - my $dpddelay = $lconfighash{$key}[30]; + my $dpddelay = $lconfighash{$key}[31]; if (!$dpddelay) { $dpddelay = 30; } print CONF "\tdpddelay=$dpddelay\n"; - my $dpdtimeout = $lconfighash{$key}[31]; + my $dpdtimeout = $lconfighash{$key}[30]; if (!$dpdtimeout) { $dpdtimeout = 120; } @@ -433,6 +401,10 @@ sub writeipsecfiles { } else { print CONF "\tauto=start\n"; } + + # Fragmentation + print CONF "\tfragmentation=yes\n"; + print CONF "\n"; }#foreach key print SECRETS $last_secrets if ($last_secrets); @@ -509,7 +481,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ipsec'}, 1, ''); &Header::openbigbox('100%', 'left', '', ''); &Header::openbox('100%', 'left', $Lang::tr{'are you sure'}); print <$Lang::tr{'capswarning'}: $Lang::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'} -
+
$Lang::tr{'upload p12 file'}: $Lang::tr{'pkcs12 file password'}: * @@ -1139,7 +1111,7 @@ END if ( -f "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ipsec'}, 1, ''); &Header::openbigbox('100%', 'left', '', ''); &Header::openbox('100%', 'left', "$Lang::tr{'cert'}:"); my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`; @@ -1223,13 +1195,13 @@ END } else { $errormessage = $Lang::tr{'invalid key'}; } - + &General::firewall_reload(); ### ### Choose between adding a host-net or net-net connection ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ipsec'}, 1, ''); &Header::openbigbox('100%', 'left', '', ''); &Header::openbox('100%', 'left', $Lang::tr{'connection type'}); print <".$warnmessage; + } + } + if ($cgiparams{'AUTH'} eq 'psk') { if (! length($cgiparams{'PSK'}) ) { $errormessage = $Lang::tr{'pre-shared key is too short'}; @@ -1442,7 +1413,7 @@ END # Sign the certificate request &General::log("ipsec", "Signing your cert $cgiparams{'NAME'}..."); - my $opt = " ca -days 999999"; + my $opt = " ca -md sha256 -days 999999"; $opt .= " -batch -notext"; $opt .= " -in $filename"; $opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem"; @@ -1672,12 +1643,12 @@ END (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./; (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./; - # Create the Host certificate request + # Create the Client certificate request &General::log("ipsec", "Creating a cert..."); if (open(STDIN, "-|")) { my $opt = " req -nodes -rand /proc/interrupts:/proc/net/rt_cache"; - $opt .= " -newkey rsa:1024"; + $opt .= " -newkey rsa:2048"; $opt .= " -keyout ${General::swroot}/certs/$cgiparams{'NAME'}key.pem"; $opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}req.pem"; @@ -1699,7 +1670,7 @@ END exit (0); } - # Sign the host certificate request + # Sign the client certificate request &General::log("ipsec", "Signing the cert $cgiparams{'NAME'}..."); #No easy way for specifying the contain of subjectAltName without writing a config file... @@ -1708,13 +1679,14 @@ END basicConstraints=CA:FALSE nsComment="OpenSSL Generated Certificate" subjectKeyIdentifier=hash + extendedKeyUsage=clientAuth authorityKeyIdentifier=keyid,issuer:always END ; print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'}); close ($fh); - my $opt = " ca -days 999999 -batch -notext"; + my $opt = " ca -md sha256 -days 999999 -batch -notext"; $opt .= " -in ${General::swroot}/certs/$cgiparams{'NAME'}req.pem"; $opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem"; $opt .= " -extfile $v3extname"; @@ -1877,12 +1849,12 @@ END $cgiparams{'REMOTE_ID'} = ''; #use default advanced value - $cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[18]; - $cgiparams{'IKE_INTEGRITY'} = 'sha2_256|sha|md5'; #[19]; + $cgiparams{'IKE_ENCRYPTION'} = 'aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18]; + $cgiparams{'IKE_INTEGRITY'} = 'sha2_512|sha2_256|sha'; #[19]; $cgiparams{'IKE_GROUPTYPE'} = '4096|3072|2048|1536|1024'; #[20]; $cgiparams{'IKE_LIFETIME'} = '3'; #[16]; - $cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[21]; - $cgiparams{'ESP_INTEGRITY'} = 'sha2_256|sha1|md5'; #[22]; + $cgiparams{'ESP_ENCRYPTION'} = 'aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21]; + $cgiparams{'ESP_INTEGRITY'} = 'sha2_512|sha2_256|sha1'; #[22]; $cgiparams{'ESP_GROUPTYPE'} = ''; #[23]; $cgiparams{'ESP_KEYLIFE'} = '1'; #[17]; $cgiparams{'COMPRESSION'} = 'on'; #[13]; @@ -1908,12 +1880,8 @@ END $checked{'AUTH'}{'auth-dn'} = ''; $checked{'AUTH'}{$cgiparams{'AUTH'}} = "checked='checked'"; - $selected{'IKE_VERSION'}{'ikev1'} = ''; - $selected{'IKE_VERSION'}{'ikev2'} = ''; - $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'"; - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ipsec'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); if ($errormessage) { &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); @@ -1932,6 +1900,7 @@ END print "
"; print< + @@ -1951,19 +1920,23 @@ END ; if ($cgiparams{'KEY'}) { print ""; + print ""; print ""; } - &Header::openbox('100%', 'left', "$Lang::tr{'connection'}:"); + &Header::openbox('100%', 'left', "$Lang::tr{'connection'}: $cgiparams{'NAME'}"); print ""; - print ""; - if ($cgiparams{'KEY'}) { - print ""; - } else { - print ""; + if (!$cgiparams{'KEY'}) { + print < + + + + +EOF } - print ""; - print ''; my $disabled; my $blob; @@ -1974,38 +1947,41 @@ END print < - - + + + + + + + - - + - - + + + + - - - - - - - - + - - - - END ; @@ -2132,7 +2108,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) { + if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|camellia(256|192|128))$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2143,7 +2119,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha|md5|aesxcbc)$/) { + if ($val !~ /^(sha2_(512|384|256)|sha|md5|aesxcbc)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2173,7 +2149,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) { + if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|camellia(256|192|128))$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2184,7 +2160,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha1|md5|aesxcbc)$/) { + if ($val !~ /^(sha2_(512|384|256)|sha1|md5|aesxcbc)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2225,6 +2201,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } + $confighash{$cgiparams{'KEY'}}[29] = $cgiparams{'IKE_VERSION'}; $confighash{$cgiparams{'KEY'}}[18] = $cgiparams{'IKE_ENCRYPTION'}; $confighash{$cgiparams{'KEY'}}[19] = $cgiparams{'IKE_INTEGRITY'}; $confighash{$cgiparams{'KEY'}}[20] = $cgiparams{'IKE_GROUPTYPE'}; @@ -2249,6 +2226,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || } goto ADVANCED_END; } else { + $cgiparams{'IKE_VERSION'} = $confighash{$cgiparams{'KEY'}}[29]; $cgiparams{'IKE_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[18]; $cgiparams{'IKE_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[19]; $cgiparams{'IKE_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[20]; @@ -2282,6 +2260,15 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'IKE_ENCRYPTION'}{'aes256'} = ''; $checked{'IKE_ENCRYPTION'}{'aes192'} = ''; $checked{'IKE_ENCRYPTION'}{'aes128'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes256gcm128'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes192gcm128'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes128gcm128'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes256gcm96'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes192gcm96'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes128gcm96'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes256gcm64'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes192gcm64'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes128gcm64'} = ''; $checked{'IKE_ENCRYPTION'}{'3des'} = ''; $checked{'IKE_ENCRYPTION'}{'camellia256'} = ''; $checked{'IKE_ENCRYPTION'}{'camellia192'} = ''; @@ -2313,6 +2300,15 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'ESP_ENCRYPTION'}{'aes256'} = ''; $checked{'ESP_ENCRYPTION'}{'aes192'} = ''; $checked{'ESP_ENCRYPTION'}{'aes128'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes256gcm128'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes192gcm128'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes128gcm128'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes256gcm96'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes192gcm96'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes128gcm96'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes256gcm64'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes192gcm64'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes128gcm64'} = ''; $checked{'ESP_ENCRYPTION'}{'3des'} = ''; $checked{'ESP_ENCRYPTION'}{'camellia256'} = ''; $checked{'ESP_ENCRYPTION'}{'camellia192'} = ''; @@ -2334,6 +2330,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ; $checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ? "checked='checked'" : '' ; + $selected{'IKE_VERSION'}{'ikev1'} = ''; + $selected{'IKE_VERSION'}{'ikev2'} = ''; + $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'"; + $selected{'DPD_ACTION'}{'clear'} = ''; $selected{'DPD_ACTION'}{'hold'} = ''; $selected{'DPD_ACTION'}{'restart'} = ''; @@ -2341,7 +2341,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'"; &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ipsec'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); if ($errormessage) { @@ -2373,28 +2373,56 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || + + + + + @@ -2406,9 +2434,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || + - @@ -2436,14 +2464,14 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || + IKE+ESP: $Lang::tr{'use only proposed settings'} @@ -2580,7 +2608,7 @@ EOF $checked{'ENABLED'} = $cgiparams{'ENABLED'} eq 'on' ? "checked='checked'" : ''; &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ipsec'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); if ($errormessage) { @@ -2590,6 +2618,16 @@ EOF &Header::closebox(); } + if ($warnmessage) { + &Header::openbox('100%', 'left', $Lang::tr{'warning messages'}); + print "$warnmessage
"; + print "$Lang::tr{'fwdfw warn1'}
"; + &Header::closebox(); + print"
"; + &Header::closepage(); + exit 0; + } + &Header::openbox('100%', 'left', $Lang::tr{'global settings'}); print < @@ -2610,17 +2648,18 @@ print <$Lang::tr{'host to net vpn'}: *
-
$Lang::tr{'name'}:$cgiparams{'NAME'}$Lang::tr{'name'}: + +
$Lang::tr{'enabled'}

$Lang::tr{'remote host/ip'}: $blob - + $Lang::tr{'enabled'} + + $Lang::tr{'local subnet'} + +
$Lang::tr{'remote host/ip'}: $blob + $Lang::tr{'remote subnet'} - + $Lang::tr{'remote subnet'} +
$Lang::tr{'local subnet'} - + $Lang::tr{'vpn local id'}: + + $Lang::tr{'vpn remote id'}: +

$Lang::tr{'vpn local id'}:
($Lang::tr{'eg'} @xy.example.com)		$Lang::tr{'vpn remote id'}:

$Lang::tr{'vpn keyexchange'}: + $Lang::tr{'remark title'} * +
$Lang::tr{'remark title'} *
$Lang::tr{'vpn keyexchange'}: + +
$Lang::tr{'encryption'}
@@ -2416,9 +2444,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || + -
+ +
- + - +
*$Lang::tr{'this field may be blank'}$Lang::tr{'this field may be blank'}
**  $Lang::tr{'vpn delayed start help'}
END @@ -2630,14 +2669,14 @@ END &Header::openbox('100%', 'left', $Lang::tr{'connection status and controlc'}); print < + - - - - - - + + + + + + END ; @@ -2647,36 +2686,41 @@ END if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } if ($id % 2) { - print "\n"; + print ""; + $col="bgcolor='$color{'color20'}'"; } else { - print "\n"; + print ""; + $col="bgcolor='$color{'color22'}'"; } - print ""; - print ""; + print ""; + print ""; if ($confighash{$key}[2] eq '%auth-dn') { - print ""; + print ""; } elsif ($confighash{$key}[4] eq 'cert') { - print ""; + print ""; } else { - print ""; + print ""; } - print ""; + print ""; + my $col1="bgcolor='${Header::colourred}'"; # get real state - my $active = "
$Lang::tr{'name'}$Lang::tr{'type'}$Lang::tr{'common name'}$Lang::tr{'remark'}$Lang::tr{'status'}$Lang::tr{'action'}$Lang::tr{'name'}$Lang::tr{'type'}$Lang::tr{'common name'}$Lang::tr{'remark'}$Lang::tr{'status'}$Lang::tr{'action'}
$confighash{$key}[1]" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ") $confighash{$key}[29]$confighash{$key}[1]" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ") $confighash{$key}[29]$confighash{$key}[9]$confighash{$key}[9]$confighash{$key}[2]$confighash{$key}[2]  $confighash{$key}[25]$confighash{$key}[25]
$Lang::tr{'capsclosed'}
"; + my $active = "$Lang::tr{'capsclosed'}"; foreach my $line (@status) { if (($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) || ($line =~ /$confighash{$key}[1]\{.*INSTALLED/)) { - $active = "
$Lang::tr{'capsopen'}
"; + $col1="bgcolor='${Header::colourgreen}'"; + $active = "$Lang::tr{'capsopen'}"; } } # move to blueif really down - if ($confighash{$key}[0] eq 'off' && $active =~ /${Header::colourred}/ ) { - $active = "
$Lang::tr{'capsclosed'}
"; + if ($confighash{$key}[0] eq 'off' && $col1 =~ /${Header::colourred}/ ) { + $col1="bgcolor='${Header::colourblue}'"; + $active = "$Lang::tr{'capsclosed'}"; } print <$active - + $active +
@@ -2687,7 +2731,7 @@ END ; if (($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%auth-dn')) { print < + @@ -2696,11 +2740,11 @@ END END ; } else { - print " "; + print " "; } if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/certs/$confighash{$key}[1].p12") { print < + @@ -2710,7 +2754,7 @@ END END ; } elsif (($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%auth-dn')) { print < + @@ -2719,10 +2763,10 @@ END END ; } else { - print " "; + print " "; } print < + @@ -2730,14 +2774,14 @@ END - +
- +
@@ -2782,7 +2826,7 @@ END print < - + @@ -2792,45 +2836,46 @@ END ; &Header::closebox(); - &Header::openbox('100%', 'left', "$Lang::tr{'certificate authorities'}:"); + &Header::openbox('100%', 'left', "$Lang::tr{'certificate authorities'}"); print < + - - - + + + EOF ; + my $col1="bgcolor='$color{'color22'}'"; + my $col2="bgcolor='$color{'color20'}'"; if (-f "${General::swroot}/ca/cacert.pem") { my $casubject = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/ca/cacert.pem")); - print < - - - + + + - - + END ; } else { # display rootcert generation buttons print < - - - + + + + END ; } @@ -2839,61 +2884,63 @@ END my $hostsubject = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/certs/hostcert.pem")); print < - - - + + + - - + END ; } else { # Nothing print < - - - + + + + END ; } - my $rowcolor = 0; - if (keys %cahash > 0) { - foreach my $key (keys %cahash) { - if ($rowcolor++ % 2) { - print "\n"; - } else { - print "\n"; - } - print "\n"; - print "\n"; + my $rowcolor = 0; + if (keys %cahash > 0) { + foreach my $key (keys %cahash) { + if ($rowcolor++ % 2) { + print ""; + $col="bgcolor='$color{'color20'}'"; + } else { + print ""; + $col="bgcolor='$color{'color22'}'"; + } + print "\n"; + print "\n"; print < + - - "; print <
$Lang::tr{'name'}$Lang::tr{'subject'}$Lang::tr{'action'}$Lang::tr{'name'}$Lang::tr{'subject'}$Lang::tr{'action'}
$Lang::tr{'root certificate'}$casubject +
$Lang::tr{'root certificate'}$casubject
+
 
 
$Lang::tr{'root certificate'}:$Lang::tr{'not present'} 
$Lang::tr{'root certificate'}:$Lang::tr{'not present'} 
$Lang::tr{'host certificate'}$hostsubject +
$Lang::tr{'host certificate'}$hostsubject
+
- - + +
 
 
$Lang::tr{'host certificate'}:$Lang::tr{'not present'} 
$Lang::tr{'host certificate'}:$Lang::tr{'not present'} 
$cahash{$key}[0]$cahash{$key}[1]
$cahash{$key}[0]$cahash{$key}[1]
+
+
@@ -2922,6 +2969,7 @@ END } my $createCA = -f "${General::swroot}/ca/cacert.pem" ? '' : "
@@ -2934,7 +2982,7 @@ END - +
$Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}:
@@ -2943,3 +2991,56 @@ END &Header::closebox(); &Header::closebigbox(); &Header::closepage(); + +sub array_unique($) { + my $array = shift; + my @unique = (); + + my %seen = (); + foreach my $e (@$array) { + next if $seen{$e}++; + push(@unique, $e); + } + + return @unique; +} + +sub make_algos($$$$$) { + my ($mode, $encs, $ints, $grps, $pfs) = @_; + my @algos = (); + + foreach my $enc (@$encs) { + foreach my $int (@$ints) { + foreach my $grp (@$grps) { + my @algo = ($enc); + + if ($mode eq "ike") { + push(@algo, $int); + + if ($grp =~ m/^e(\d+)/) { + push(@algo, "ecp$1"); + } else { + push(@algo, "modp$grp"); + } + + } elsif ($mode eq "esp" && $pfs) { + my $is_aead = ($enc =~ m/[cg]cm/); + + if (!$is_aead) { + push(@algo, $int); + } + + if ($grp =~ m/^e(\d+)/) { + push(@algo, "ecp$1"); + } else { + push(@algo, "modp$grp"); + } + } + + push(@algos, join("-", @algo)); + } + } + } + + return &array_unique(\@algos); +}