$cgiparams{'EDIT_ADVANCED'} = 'off';
$cgiparams{'ACTION'} = '';
$cgiparams{'CA_NAME'} = '';
-$cgiparams{'DBG_CRYPT'} = '';
-$cgiparams{'DBG_PARSING'} = '';
-$cgiparams{'DBG_EMITTING'} = '';
-$cgiparams{'DBG_CONTROL'} = '';
-$cgiparams{'DBG_KLIPS'} = '';
-$cgiparams{'DBG_DNS'} = '';
-$cgiparams{'DBG_NAT_T'} = '';
$cgiparams{'KEY'} = '';
$cgiparams{'TYPE'} = '';
$cgiparams{'ADVANCED'} = '';
-$cgiparams{'INTERFACE'} = '';
$cgiparams{'NAME'} = '';
$cgiparams{'LOCAL_SUBNET'} = '';
$cgiparams{'REMOTE_SUBNET'} = '';
flock SECRETS, 2;
print CONF "version 2\n\n";
print CONF "config setup\n";
- #create an ipsec Interface for each 'enabled' ones
- #loop trought configuration and add physical interfaces to the list
- my $interfaces = "\tinterfaces=\"";
- foreach my $key (keys %lconfighash) {
- next if ($lconfighash{$key}[0] ne 'on');
- $interfaces .= "%defaultroute " if ($interfaces !~ /defaultroute/ && $lconfighash{$key}[26] eq 'RED');
- $interfaces .= "$netsettings{'GREEN_DEV'} " if ($interfaces !~ /ipsec1/ && $lconfighash{$key}[26] eq 'GREEN');
- $interfaces .= "$netsettings{'BLUE_DEV'} " if ($interfaces !~ /ipsec2/ && $lconfighash{$key}[26] eq 'BLUE');
- $interfaces .= "$netsettings{'ORANGE_DEV'} " if ($interfaces !~ /ipsec3/ && $lconfighash{$key}[26] eq 'ORANGE');
- }
- print CONF $interfaces . "\"\n";
-
- my $plutodebug = ''; # build debug list
- map ($plutodebug .= $lvpnsettings{$_} eq 'on' ? lc (substr($_,4)).' ' : '',
- ('DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
- 'DBG_DNS'));
- $plutodebug = 'none' if $plutodebug eq ''; # if nothing selected, use 'none'.
- #print CONF "\tklipsdebug=\"none\"\n";
- print CONF "\tplutodebug=\"$plutodebug\"\n";
- # deprecated in ipsec.conf version 2
- #print CONF "\tplutoload=%search\n";
- #print CONF "\tplutostart=%search\n";
- print CONF "\tuniqueids=yes\n";
- print CONF "\tnat_traversal=yes\n";
- print CONF "\toverridemtu=$lvpnsettings{'VPN_OVERRIDE_MTU'}\n" if ($lvpnsettings{'VPN_OVERRIDE_MTU'} ne '');
- print CONF "\tvirtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16";
- print CONF ",%v4:!$green_cidr";
- if (length($netsettings{'ORANGE_DEV'}) > 2) {
- print CONF ",%v4:!$orange_cidr";
- }
- if (length($netsettings{'BLUE_DEV'}) > 2) {
- print CONF ",%v4:!$blue_cidr";
- }
- foreach my $key (keys %lconfighash) {
- if ($lconfighash{$key}[3] eq 'net') {
- print CONF ",%v4:!$lconfighash{$key}[11]";
- }
- }
- print CONF "\n\n";
+ print CONF "\tcharondebug=\"dmn 0, mgr 0, ike 0, chd 0, job 0, cfg 0, knl 0, net 0, asn 0, enc 0, lib 0, esp 0, tls 0, tnc 0, imc 0, imv 0, pts 0\"\n";
+ print CONF "\n";
print CONF "conn %default\n";
- print CONF "\tkeyingtries=0\n";
- #strongswan doesn't know this
- #print CONF "\tdisablearrivalcheck=no\n";
+ print CONF "\tkeyingtries=%forever\n";
print CONF "\n";
# Add user includes to config file
print CONF "conn $lconfighash{$key}[1]\n";
print CONF "\tleft=$localside\n";
- print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute');
my $cidr_net=&General::ipcidr($lconfighash{$key}[8]);
print CONF "\tleftsubnet=$cidr_net\n";
print CONF "\tleftfirewall=yes\n";
if ($lconfighash{$key}[3] eq 'net') {
my $cidr_net=&General::ipcidr($lconfighash{$key}[11]);
print CONF "\trightsubnet=$cidr_net\n";
- print CONF "\trightnexthop=%defaultroute\n";
} elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors?
print CONF "\trightsubnet=vhost:%no,%priv\n";
}
print CONF "\tleftid=\"$lconfighash{$key}[7]\"\n" if ($lconfighash{$key}[7]);
print CONF "\trightid=\"$lconfighash{$key}[9]\"\n" if ($lconfighash{$key}[9]);
+ # Is PFS enabled?
+ my $pfs = $lconfighash{$key}[28] eq 'on' ? 'on' : 'off';
+
# Algorithms
if ($lconfighash{$key}[18] && $lconfighash{$key}[19] && $lconfighash{$key}[20]) {
print CONF "\tike=";
print CONF "\tesp=";
my @encs = split('\|', $lconfighash{$key}[21]);
my @ints = split('\|', $lconfighash{$key}[22]);
+ my @groups = split('\|', $lconfighash{$key}[20]);
my $comma = 0;
foreach my $i (@encs) {
foreach my $j (@ints) {
- if ($comma != 0) { print CONF ","; } else { $comma = 1; }
- print CONF "$i-$j";
+ my $modp = "";
+ if ($pfs eq "on") {
+ foreach my $k (@groups) {
+ if ($comma != 0) { print CONF ","; } else { $comma = 1; }
+ if ($pfs eq "on") {
+ $modp = "-modp$k";
+ } else {
+ $modp = "";
+ }
+ print CONF "$i-$j$modp";
+ }
+ } else {
+ if ($comma != 0) { print CONF ","; } else { $comma = 1; }
+ print CONF "$i-$j";
+ }
}
}
if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms?
print CONF "\n";
}
}
- if ($lconfighash{$key}[23]) {
- print CONF "\tpfsgroup=$lconfighash{$key}[23]\n";
- }
# IKE V1 or V2
if (! $lconfighash{$key}[29]) {
print CONF "\tdpdtimeout=120\n";
print CONF "\tdpdaction=$lconfighash{$key}[27]\n";
- # Disable pfs ?
- print CONF "\tpfs=". ($lconfighash{$key}[28] eq 'on' ? "yes\n" : "no\n");
-
# Build Authentication details: LEFTid RIGHTid : PSK psk
my $psk_line;
if ($lconfighash{$key}[4] eq 'psk') {
close(SECRETS);
}
+# Hook to regenerate the configuration files.
+if ($ENV{"REMOTE_ADDR"} eq "") {
+ writeipsecfiles;
+ exit(0);
+}
+
###
### Save main settings
###
goto SAVE_ERROR;
}
- unless ($cgiparams{'VPN_OVERRIDE_MTU'} =~ /^(|[0-9]{1,5})$/ ) { #allow 0-99999
- $errormessage = $Lang::tr{'vpn mtu invalid'};
- goto SAVE_ERROR;
- }
-
- unless ($cgiparams{'VPN_WATCH'} =~ /^(|off|on)$/ ) {
- $errormessage = $Lang::tr{'invalid input'};
- goto SAVE_ERROR;
- }
-
if ( $cgiparams{'RW_NET'} ne '' and !&General::validipandmask($cgiparams{'RW_NET'}) ) {
$errormessage = $Lang::tr{'urlfilter invalid ip or mask error'};
goto SAVE_ERROR;
}
- map ($vpnsettings{$_} = $cgiparams{$_},
- ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
- 'DBG_DNS'));
-
+ $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
$vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
$vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'};
- $vpnsettings{'VPN_OVERRIDE_MTU'} = $cgiparams{'VPN_OVERRIDE_MTU'};
- $vpnsettings{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'};
$vpnsettings{'RW_NET'} = $cgiparams{'RW_NET'};
&General::writehash("${General::swroot}/vpn/settings", \%vpnsettings);
&writeipsecfiles();
$cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
$cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
$cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
- $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
$cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27];
$cgiparams{'IKE_VERSION'} = $confighash{$cgiparams{'KEY'}}[29];
$cgiparams{'IKE_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[18];
goto VPNCONF_ERROR;
}
+
+ if ($cgiparams{'TYPE'} eq 'net'){
+ $errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'});
+ if ($errormessage ne ''){
+ goto VPNCONF_ERROR;
+ }
+
+ }
if ($cgiparams{'AUTH'} eq 'psk') {
if (! length($cgiparams{'PSK'}) ) {
$errormessage = $Lang::tr{'pre-shared key is too short'};
$confighash{$key}[9] = $cgiparams{'REMOTE_ID'};
$confighash{$key}[10] = $cgiparams{'REMOTE'};
$confighash{$key}[25] = $cgiparams{'REMARK'};
- $confighash{$key}[26] = $cgiparams{'INTERFACE'};
+ $confighash{$key}[26] = ""; # Formerly INTERFACE
$confighash{$key}[27] = $cgiparams{'DPD_ACTION'};
$confighash{$key}[29] = $cgiparams{'IKE_VERSION'};
$cgiparams{'DPD_ACTION'} = 'restart';
}
- # Default IKE Version to V1
- if (! $cgiparams{'IKE_VERSION'}) {
- $cgiparams{'IKE_VERSION'} = 'ikev1';
+ # Default IKE Version to v2
+ if (!$cgiparams{'IKE_VERSION'}) {
+ $cgiparams{'IKE_VERSION'} = 'ikev2';
}
- # Default is yes for 'pfs'
- $cgiparams{'PFS'} = 'on';
-
# ID are empty
$cgiparams{'LOCAL_ID'} = '';
$cgiparams{'REMOTE_ID'} = '';
#use default advanced value
- $cgiparams{'IKE_ENCRYPTION'} = 'aes128|3des'; #[18];
- $cgiparams{'IKE_INTEGRITY'} = 'sha|md5'; #[19];
- $cgiparams{'IKE_GROUPTYPE'} = '1536|1024'; #[20];
+ $cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[18];
+ $cgiparams{'IKE_INTEGRITY'} = 'sha2_256|sha|md5'; #[19];
+ $cgiparams{'IKE_GROUPTYPE'} = '8192|6144|4096|3072|2048|1536|1024'; #[20];
$cgiparams{'IKE_LIFETIME'} = '1'; #[16];
- $cgiparams{'ESP_ENCRYPTION'} = 'aes128|3des'; #[21];
- $cgiparams{'ESP_INTEGRITY'} = 'sha1|md5'; #[22];
+ $cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[21];
+ $cgiparams{'ESP_INTEGRITY'} = 'sha2_256|sha1|md5'; #[22];
$cgiparams{'ESP_GROUPTYPE'} = ''; #[23];
$cgiparams{'ESP_KEYLIFE'} = '8'; #[17];
- $cgiparams{'COMPRESSION'} = 'off'; #[13];
+ $cgiparams{'COMPRESSION'} = 'on'; #[13];
$cgiparams{'ONLY_PROPOSED'} = 'off'; #[24];
$cgiparams{'PFS'} = 'on'; #[28];
$cgiparams{'VHOST'} = 'on'; #[14];
$checked{'AUTH'}{'auth-dn'} = '';
$checked{'AUTH'}{$cgiparams{'AUTH'}} = "checked='checked'";
- $selected{'INTERFACE'}{'RED'} = '';
- $selected{'INTERFACE'}{'ORANGE'} = '';
- $selected{'INTERFACE'}{'GREEN'} = '';
- $selected{'INTERFACE'}{'BLUE'} = '';
- $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = "selected='selected'";
-
$selected{'DPD_ACTION'}{'clear'} = '';
$selected{'DPD_ACTION'}{'hold'} = '';
$selected{'DPD_ACTION'}{'restart'} = '';
$blob = "<img src='/blob.gif' alt='*' />";
};
- print "<tr><td>$Lang::tr{'host ip'}:</td>";
- print "<td><select name='INTERFACE'>";
- print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED ($vpnsettings{'VPN_IP'})</option>";
- print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN ($netsettings{'GREEN_ADDRESS'})</option>";
- print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE ($netsettings{'BLUE_ADDRESS'})</option>" if ($netsettings{'BLUE_DEV'} ne '');
- print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE ($netsettings{'ORANGE_ADDRESS'})</option>" if ($netsettings{'ORANGE_DEV'} ne '');
- print "</select></td>";
print <<END
+ <tr>
<td class='boldbase'>$Lang::tr{'remote host/ip'}: $blob</td>
- <td><input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size='30' /></td>
- </tr><tr>
- <td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
- <td><input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' /></td>
+ <td>
+ <input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size='30' />
+ </td>
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
- <td><input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' /></td>
- </tr><tr>
+ <td>
+ <input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' />
+ </td>
+ </tr>
+ <tr>
+ <td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
+ <td colspan='3'>
+ <input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' />
+ </td>
+ </tr>
+ <tr>
<td class='boldbase'>$Lang::tr{'vpn local id'}:<br />($Lang::tr{'eg'} <tt>@xy.example.com</tt>)</td>
<td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td>
<td class='boldbase'>$Lang::tr{'vpn remote id'}:</td>
</tr><td><br /></td><tr>
<td>$Lang::tr{'vpn keyexchange'}:</td>
<td><select name='IKE_VERSION'>
- <option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option>
<option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option>
- </select></a>
+ <option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option>
+ </select>
</td>
<td>$Lang::tr{'dpd action'}:</td>
<td><select name='DPD_ACTION'>
<option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
<option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
<option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
- </select> <a href='http://www.openswan.com/docs/local/README.DPD'>?</a>
+ </select>
</td>
</tr><tr>
-<!--http://www.openswan.com/docs/local/README.DPD
- http://bugs.xelerance.com/view.php?id=156
- restart = clear + reinitiate connection
--->
<td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></td>
<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
</tr>
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(sha2_512|sha2_256|sha|md5)$/) {
+ if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha|md5|aesxcbc)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes128|3des)$/) {
+ if ($val !~ /^(aes256|aes192|aes128|3des)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(sha2_512|sha2_256|sha1|md5)$/) {
+ if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha1|md5|aesxcbc)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
}
if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
- $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096)$/) {
+ $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
ADVANCED_ERROR:
$checked{'IKE_ENCRYPTION'}{'aes256'} = '';
+ $checked{'IKE_ENCRYPTION'}{'aes192'} = '';
$checked{'IKE_ENCRYPTION'}{'aes128'} = '';
$checked{'IKE_ENCRYPTION'}{'3des'} = '';
my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'});
foreach my $key (@temp) {$checked{'IKE_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'IKE_INTEGRITY'}{'sha2_512'} = '';
+ $checked{'IKE_INTEGRITY'}{'sha2_384'} = '';
$checked{'IKE_INTEGRITY'}{'sha2_256'} = '';
$checked{'IKE_INTEGRITY'}{'sha'} = '';
$checked{'IKE_INTEGRITY'}{'md5'} = '';
+ $checked{'IKE_INTEGRITY'}{'aesxcbc'} = '';
@temp = split('\|', $cgiparams{'IKE_INTEGRITY'});
foreach my $key (@temp) {$checked{'IKE_INTEGRITY'}{$key} = "selected='selected'"; }
$checked{'IKE_GROUPTYPE'}{'768'} = '';
# 768 is not supported by strongswan
$checked{'IKE_GROUPTYPE'}{'768'} = '';
-
$checked{'ESP_ENCRYPTION'}{'aes256'} = '';
+ $checked{'ESP_ENCRYPTION'}{'aes192'} = '';
$checked{'ESP_ENCRYPTION'}{'aes128'} = '';
$checked{'ESP_ENCRYPTION'}{'3des'} = '';
@temp = split('\|', $cgiparams{'ESP_ENCRYPTION'});
foreach my $key (@temp) {$checked{'ESP_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'ESP_INTEGRITY'}{'sha2_512'} = '';
+ $checked{'ESP_INTEGRITY'}{'sha2_384'} = '';
$checked{'ESP_INTEGRITY'}{'sha2_256'} = '';
$checked{'ESP_INTEGRITY'}{'sha1'} = '';
$checked{'ESP_INTEGRITY'}{'md5'} = '';
+ $checked{'ESP_INTEGRITY'}{'aesxcbc'} = '';
@temp = split('\|', $cgiparams{'ESP_INTEGRITY'});
foreach my $key (@temp) {$checked{'ESP_INTEGRITY'}{$key} = "selected='selected'"; }
$checked{'ESP_GROUPTYPE'}{$cgiparams{'ESP_GROUPTYPE'}} = "selected='selected'";
<tr><td class='boldbase' align='right' valign='top'>$Lang::tr{'ike encryption'}</td><td class='boldbase' valign='top'>
<select name='IKE_ENCRYPTION' multiple='multiple' size='4'>
<option value='aes256' $checked{'IKE_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
+ <option value='aes192' $checked{'IKE_ENCRYPTION'}{'aes192'}>AES (192 bit)</option>
<option value='aes128' $checked{'IKE_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
<option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>3DES</option>
</select></td>
<td class='boldbase' align='right' valign='top'>$Lang::tr{'ike integrity'}</td><td class='boldbase' valign='top'>
<select name='IKE_INTEGRITY' multiple='multiple' size='4'>
- <option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA</option>
+ <option value='sha2_512' $checked{'IKE_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
+ <option value='sha2_384' $checked{'IKE_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
+ <option value='sha2_256' $checked{'IKE_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
+ <option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA1</option>
<option value='md5' $checked{'IKE_INTEGRITY'}{'md5'}>MD5</option>
+ <option value='aesxcbc' $checked{'IKE_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
</select></td>
<td class='boldbase' align='right' valign='top'>$Lang::tr{'ike grouptype'}</td><td class='boldbase' valign='top'>
<td class='boldbase' align='right' valign='top'>$Lang::tr{'esp encryption'}</td><td class='boldbase' valign='top'>
<select name='ESP_ENCRYPTION' multiple='multiple' size='4'>
<option value='aes256' $checked{'ESP_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
+ <option value='aes192' $checked{'ESP_ENCRYPTION'}{'aes192'}>AES (192 bit)</option>
<option value='aes128' $checked{'ESP_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
<option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>3DES</option>
<td class='boldbase' align='right' valign='top'>$Lang::tr{'esp integrity'}</td><td class='boldbase' valign='top'>
<select name='ESP_INTEGRITY' multiple='multiple' size='4'>
+ <option value='sha2_512' $checked{'ESP_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
+ <option value='sha2_384' $checked{'ESP_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
+ <option value='sha2_256' $checked{'ESP_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
<option value='sha1' $checked{'ESP_INTEGRITY'}{'sha1'}>SHA1</option>
- <option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option></select></td>
+ <option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option>
+ <option value='aesxcbc' $checked{'ESP_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
+ </select></td>
<td class='boldbase' align='right' valign='top'>$Lang::tr{'esp grouptype'}</td><td class='boldbase' valign='top'>
<select name='ESP_GROUPTYPE'>
$cgiparams{'VPN_IP'} ='%defaultroute' if ($cgiparams{'VPN_IP'} eq '');
$cgiparams{'VPN_DELAYED_START'} = 0 if (! defined ($cgiparams{'VPN_DELAYED_START'}));
- $checked{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'} eq 'on' ? "checked='checked'" : '' ;
- map ($checked{$_} = $cgiparams{$_} eq 'on' ? "checked='checked'" : '',
- ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
- 'DBG_DNS'));
-
+ $checked{'ENABLED'} = $cgiparams{'ENABLED'} eq 'on' ? "checked='checked'" : '';
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
<td width='20%'><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' /></td>
<td width='20%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'} /></td>
</tr>
-END
- ;
- print <<END
- <tr>
- <td class='base' nowrap='nowrap'>$Lang::tr{'override mtu'}: <img src='/blob.gif' alt='*' /></td>
- <td ><input type='text' name='VPN_OVERRIDE_MTU' value='$cgiparams{'VPN_OVERRIDE_MTU'}' /></td>
- </tr>
END
;
print <<END
<td ><input type='text' name='RW_NET' value='$cgiparams{'RW_NET'}' /></td>
</tr>
</table>
-<p>$Lang::tr{'vpn watch'}:<input type='checkbox' name='VPN_WATCH' $checked{'VPN_WATCH'} /></p>
-<p>PLUTO DEBUG =
-crypt:<input type='checkbox' name='DBG_CRYPT' $checked{'DBG_CRYPT'} />,
-parsing:<input type='checkbox' name='DBG_PARSING' $checked{'DBG_PARSING'} />,
-emitting:<input type='checkbox' name='DBG_EMITTING' $checked{'DBG_EMITTING'} />,
-control:<input type='checkbox' name='DBG_CONTROL' $checked{'DBG_CONTROL'} />,
-dns:<input type='checkbox' name='DBG_DNS' $checked{'DBG_DNS'} />
<hr />
<table width='100%'>
<tr>
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
-VERSION="2.11" # Version number
+VERSION="2.13" # Version number
- CORE="64" # Core Level (Filename)
- PAKFIRE_CORE="64" # Core Level (PAKFIRE)
+ CORE="65" # Core Level (Filename)
+ PAKFIRE_CORE="65" # Core Level (PAKFIRE)
GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
MACHINE=`uname -m`
GIT_TAG=$(git tag | tail -1) # Git Tag
GIT_LASTCOMMIT=$(git log | head -n1 | cut -d" " -f2 |head -c8) # Last commit
-TOOLCHAINVER=3
+TOOLCHAINVER=6
BUILDMACHINE=$MACHINE
if [ "$MACHINE" = "x86_64" ]; then
BUILDMACHINE="i686";
- linux32="linux32";
fi
mount --bind $BASEDIR/log $BASEDIR/build/usr/src/log
mount --bind $BASEDIR/src $BASEDIR/build/usr/src/src
- # This is a temporary hack!!!
- if [ ! -f /tools/bin/hostname ]; then
- cp -f /bin/hostname /tools/bin/hostname 2>/dev/null
- fi
-
# Run LFS static binary creation scripts one by one
export CCACHE_DIR=$BASEDIR/ccache
export CCACHE_COMPRESS=1
- export CCACHE_HASHDIR=1
+ export CCACHE_COMPILERCHECK="none"
# Remove pre-install list of installed files in case user erase some files before rebuild
rm -f $BASEDIR/build/usr/src/lsalr 2>/dev/null
local error=false
case "${MACHINE}:$(uname -m)" in
# x86
- i586:i586|i586:i686)
+ i586:i586|i586:i686|i586:x86_64)
# These are working.
;;
i586:*)
;;
# ARM
- armv5tel:armv5tel|armv5tel:armv5tejl|armv5tel:armv7l)
+ armv5tel:armv5tel|armv5tel:armv5tejl|armv5tel:armv6l|armv5tel:armv7l)
# These are working.
;;
armv5tel:*)
${error} && \
exiterror "Cannot build ${MACHINE} toolchain on $(uname -m). Please use the download if any."
- if [ "$(uname -r | grep ipfire)" ]; then
- exiterror "Cannot build toolchain on ipfire. Please use the download."
+ local gcc=$(type -p gcc)
+ if [ -z "${gcc}" ]; then
+ exiterror "Could not find GCC. You will need a working build enviroment in order to build the toolchain."
fi
LOGFILE="$BASEDIR/log/_build.toolchain.log"
export LOGFILE
- NATIVEGCC=`gcc --version | grep GCC | awk {'print $3'}`
- export NATIVEGCC GCCmajor=${NATIVEGCC:0:1} GCCminor=${NATIVEGCC:2:1} GCCrelease=${NATIVEGCC:4:1}
- ORG_PATH=$PATH
- lfsmake1 ccache PASS=1
- lfsmake1 make PASS=1
- lfsmake1 binutils PASS=1
- lfsmake1 gcc PASS=1
- export PATH=$BASEDIR/build/usr/local/bin:$BASEDIR/build/tools/bin:$PATH
- if [ "${MACHINE_TYPE}" = "arm" ]; then
- lfsmake1 linux TOOLS=1 HEADERS=1
- else
- lfsmake1 linux-libc-header
- fi
+
+ local ORG_PATH=$PATH
+ export PATH="/tools/ccache/bin:/tools/bin:$PATH"
+ lfsmake1 ccache PASS=1
+ lfsmake1 binutils PASS=1
+ lfsmake1 gcc PASS=1
+ lfsmake1 linux TOOLS=1 KCFG="-headers"
lfsmake1 glibc
- lfsmake1 cleanup-toolchain PASS=1
- lfsmake1 fake-environ
+ lfsmake1 cleanup-toolchain PASS=1
+ lfsmake1 binutils PASS=2
+ lfsmake1 gcc PASS=2
+ lfsmake1 ccache PASS=2
lfsmake1 tcl
lfsmake1 expect
lfsmake1 dejagnu
- lfsmake1 gcc PASS=2
- lfsmake1 binutils PASS=2
- lfsmake1 ccache PASS=2
lfsmake1 ncurses
lfsmake1 bash
lfsmake1 bzip2
lfsmake1 grep
lfsmake1 gzip
lfsmake1 m4
- lfsmake1 make PASS=2
+ lfsmake1 make
lfsmake1 patch
lfsmake1 perl
lfsmake1 sed
lfsmake1 tar
lfsmake1 texinfo
- lfsmake1 util-linux
- lfsmake1 strip
- lfsmake1 cleanup-toolchain PASS=2
+ lfsmake1 xz
+ lfsmake1 fake-environ
+ lfsmake1 cleanup-toolchain PASS=2
export PATH=$ORG_PATH
}
LOGFILE="$BASEDIR/log/_build.base.log"
export LOGFILE
lfsmake2 stage2
- if [ "${MACHINE_TYPE}" = "arm" ]; then
- lfsmake2 linux HEADERS=1
- else
- lfsmake2 linux-libc-header
- fi
+ lfsmake2 linux KCFG="-headers"
lfsmake2 man-pages
lfsmake2 glibc
lfsmake2 tzdata
- lfsmake2 cleanup-toolchain PASS=3
+ lfsmake2 cleanup-toolchain PASS=3
+ lfsmake2 zlib
lfsmake2 binutils
+ lfsmake2 gmp
+ lfsmake2 gmp-compat
+ lfsmake2 mpfr
+ lfsmake2 file
lfsmake2 gcc
+ lfsmake2 sed
lfsmake2 berkeley
lfsmake2 coreutils
lfsmake2 iana-etc
lfsmake2 bison
lfsmake2 ncurses
lfsmake2 procps
- lfsmake2 sed
lfsmake2 libtool
lfsmake2 perl
lfsmake2 readline
- lfsmake2 zlib
+ lfsmake2 readline-compat
+ lfsmake2 pcre
+ lfsmake2 pcre-compat
lfsmake2 autoconf
lfsmake2 automake
lfsmake2 bash
lfsmake2 diffutils
lfsmake2 e2fsprogs
lfsmake2 ed
- lfsmake2 file
lfsmake2 findutils
lfsmake2 flex
lfsmake2 gawk
lfsmake2 iproute2
lfsmake2 kbd
lfsmake2 less
- lfsmake2 libaal
lfsmake2 make
lfsmake2 man
lfsmake2 mktemp
lfsmake2 net-tools
lfsmake2 patch
lfsmake2 psmisc
- lfsmake2 reiser4progs
lfsmake2 shadow
lfsmake2 sysklogd
lfsmake2 sysvinit
lfsmake2 udev
lfsmake2 util-linux
lfsmake2 vim
+ lfsmake2 xz
lfsmake2 grub
}
ipfiremake pptp
ipfiremake unzip
ipfiremake which
- ipfiremake xz
ipfiremake linux-firmware
+ ipfiremake dvb-firmwares
ipfiremake zd1211-firmware
- ipfiremake fw_ath9k_htc
+ ipfiremake rpi-firmware
ipfiremake u-boot
- # The xen and PAE kernels are only available for x86
if [ "${MACHINE_TYPE}" != "arm" ]; then
- ipfiremake linux KCFG="-xen"
- ipfiremake kqemu KCFG="-xen"
+
+ # x86-xen (Legacy XEN) kernel build
+ ipfiremake linux2 KCFG="-xen"
ipfiremake v4l-dvb KCFG="-xen"
- ipfiremake madwifi KCFG="-xen"
ipfiremake mISDN KCFG="-xen"
- ipfiremake dahdi KCFG="-xen" KMOD=1
ipfiremake cryptodev KCFG="-xen"
ipfiremake compat-wireless KCFG="-xen"
ipfiremake r8169 KCFG="-xen"
ipfiremake e1000 KCFG="-xen"
ipfiremake e1000e KCFG="-xen"
ipfiremake igb KCFG="-xen"
+
+ # x86-pae (Native and new XEN) kernel build
ipfiremake linux KCFG="-pae"
- ipfiremake kqemu KCFG="-pae"
ipfiremake kvm-kmod KCFG="-pae"
ipfiremake v4l-dvb KCFG="-pae"
- ipfiremake madwifi KCFG="-pae"
- ipfiremake alsa KCFG="-pae" KMOD=1
ipfiremake mISDN KCFG="-pae"
- ipfiremake dahdi KCFG="-pae" KMOD=1
ipfiremake cryptodev KCFG="-pae"
ipfiremake compat-wireless KCFG="-pae"
-# ipfiremake r8169 KCFG="-pae"
-# ipfiremake r8168 KCFG="-pae"
-# ipfiremake r8101 KCFG="-pae"
- ipfiremake e1000 KCFG="-pae"
+ ipfiremake r8169 KCFG="-pae"
+ ipfiremake r8168 KCFG="-pae"
+ ipfiremake r8101 KCFG="-pae"
ipfiremake e1000e KCFG="-pae"
ipfiremake igb KCFG="-pae"
+
+ # x86 kernel build
ipfiremake linux KCFG=""
- ipfiremake v4l-dvb KCFG=""
- ipfiremake kqemu KCFG=""
ipfiremake kvm-kmod KCFG=""
- ipfiremake madwifi KCFG=""
- ipfiremake alsa KCFG="" KMOD=1
+ ipfiremake v4l-dvb KCFG=""
ipfiremake mISDN KCFG=""
- ipfiremake dahdi KCFG="" KMOD=1
ipfiremake cryptodev KCFG=""
ipfiremake compat-wireless KCFG=""
-# ipfiremake r8169 KCFG=""
-# ipfiremake r8168 KCFG=""
-# ipfiremake r8101 KCFG=""
- ipfiremake e1000 KCFG=""
+ ipfiremake r8169 KCFG=""
+ ipfiremake r8168 KCFG=""
+ ipfiremake r8101 KCFG=""
ipfiremake e1000e KCFG=""
ipfiremake igb KCFG=""
+
else
- # arm-versatile kernel build
- ipfiremake linux KCFG="-versatile"
- ipfiremake v4l-dvb KCFG="-versatile"
- ipfiremake kqemu KCFG="-versatile"
- ipfiremake kvm-kmod KCFG="-versatile"
- ipfiremake madwifi KCFG="-versatile"
- ipfiremake mISDN KCFG="-versatile"
- ipfiremake dahdi KCFG="-versatile" KMOD=1
- ipfiremake cryptodev KCFG="-versatile"
- ipfiremake compat-wireless KCFG="-versatile"
-# ipfiremake r8169 KCFG="-versatile"
-# ipfiremake r8168 KCFG="-versatile"
-# ipfiremake r8101 KCFG="-versatile"
- ipfiremake e1000 KCFG="-versatile"
- ipfiremake e1000e KCFG="-versatile"
- ipfiremake igb KCFG="-versatile"
- # arm-kirkwood kernel build
+ # arm-rpi (Raspberry Pi) kernel build
+ ipfiremake linux KCFG="-rpi"
+ ipfiremake v4l-dvb KCFG="-rpi"
+ ipfiremake mISDN KCFG="-rpi" NOPCI=1
+ ipfiremake cryptodev KCFG="-rpi"
+ ipfiremake compat-wireless KCFG="-rpi"
+
+ # arm-omap (Panda Board) kernel build
+ ipfiremake linux KCFG="-omap"
+ ipfiremake v4l-dvb KCFG="-omap"
+ ipfiremake mISDN KCFG="-omap" NOPCI=1
+ ipfiremake cryptodev KCFG="-omap"
+ ipfiremake compat-wireless KCFG="-omap"
+
+ # arm-kirkwood (Dreamplug, ICY-Box ...) kernel build
ipfiremake linux KCFG="-kirkwood"
ipfiremake v4l-dvb KCFG="-kirkwood"
- ipfiremake kqemu KCFG="-kirkwood"
- ipfiremake kvm-kmod KCFG="-kirkwood"
- ipfiremake madwifi KCFG="-kirkwood"
ipfiremake mISDN KCFG="-kirkwood"
- ipfiremake dahdi KCFG="-kirkwood" KMOD=1
ipfiremake cryptodev KCFG="-kirkwood"
ipfiremake compat-wireless KCFG="-kirkwood"
-# ipfiremake r8169 KCFG="-kirkwood"
-# ipfiremake r8168 KCFG="-kirkwood"
-# ipfiremake r8101 KCFG="-kirkwood"
- ipfiremake e1000 KCFG="-kirkwood"
+ ipfiremake r8169 KCFG="-kirkwood"
+ ipfiremake r8168 KCFG="-kirkwood"
+ ipfiremake r8101 KCFG="-kirkwood"
ipfiremake e1000e KCFG="-kirkwood"
ipfiremake igb KCFG="-kirkwood"
+
fi
ipfiremake pkg-config
ipfiremake linux-atm
ipfiremake dracut
ipfiremake expat
ipfiremake gdbm
- ipfiremake gmp
ipfiremake pam
ipfiremake openssl
ipfiremake curl
ipfiremake iptables
ipfiremake libupnp
ipfiremake ipaddr
- ipfiremake iptstate
ipfiremake iputils
ipfiremake l7-protocols
ipfiremake mISDNuser
ipfiremake capi4k-utils
ipfiremake hwdata
- ipfiremake kudzu
ipfiremake logrotate
ipfiremake logwatch
ipfiremake misc-progs
ipfiremake python-mechanize
ipfiremake python-feedparser
ipfiremake python-rssdler
+ ipfiremake libffi
ipfiremake glib
ipfiremake GeoIP
ipfiremake fwhits
ipfiremake noip_updater
ipfiremake ntp
ipfiremake openssh
+ ipfiremake fontconfig
+ ipfiremake dejavu-fonts-ttf
+ ipfiremake freefont
+ ipfiremake pixman
+ ipfiremake cairo
+ ipfiremake pango
ipfiremake rrdtool
ipfiremake setserial
ipfiremake setup
ipfiremake traceroute
ipfiremake vlan
ipfiremake wireless
- ipfiremake libsafe
ipfiremake pakfire
ipfiremake spandsp
ipfiremake lzo
ipfiremake wget
ipfiremake bridge-utils
ipfiremake screen
- ipfiremake hddtemp
ipfiremake smartmontools
ipfiremake htop
ipfiremake postfix
ipfiremake cmake
ipfiremake gnump3d
ipfiremake libsigc++
- ipfiremake applejuice
ipfiremake libtorrent
ipfiremake rtorrent
- ipfiremake ipfireseeder
ipfiremake rsync
ipfiremake tcpwrapper
ipfiremake libevent
ipfiremake vsftpd
ipfiremake strongswan
ipfiremake lsof
- ipfiremake centerim
ipfiremake br2684ctl
ipfiremake pcmciautils
ipfiremake lm_sensors
ipfiremake fbset
ipfiremake sdl
ipfiremake qemu
- ipfiremake qemu-kqemu
ipfiremake sane
ipfiremake netpbm
ipfiremake phpSANE
ipfiremake nagios
ipfiremake nagios_nrpe
ipfiremake ebtables
- ipfiremake fontconfig
- ipfiremake freefont
ipfiremake directfb
ipfiremake dfb++
ipfiremake faad2
ipfiremake ffmpeg
- ipfiremake videolan
ipfiremake vdr
ipfiremake w_scan
ipfiremake icecast
ipfiremake iw
ipfiremake wpa_supplicant
ipfiremake hostapd
+ ipfiremake pycurl
ipfiremake urlgrabber
ipfiremake syslinux
ipfiremake tftpd
ipfiremake netcat
ipfiremake 7zip
ipfiremake lynis
- ipfiremake splix
ipfiremake streamripper
ipfiremake sshfs
ipfiremake taglib
ipfiremake nut
ipfiremake watchdog
ipfiremake libpri
- ipfiremake dahdi
ipfiremake asterisk
ipfiremake lcr
ipfiremake usb_modeswitch
ipfiremake python-progressbar
ipfiremake python-xattr
ipfiremake intltool
- ipfiremake pakfire3-deps
ipfiremake transmission
ipfiremake dpfhack
ipfiremake lcd4linux
ipfiremake mtr
ipfiremake tcpick
ipfiremake minidlna
+ ipfiremake acpid
ipfiremake fping
ipfiremake telnet
+ ipfiremake libgpg-error
+ ipfiremake libassuan
+ ipfiremake gpgme
+ ipfiremake pygpgme
+ ipfiremake pakfire3
+ ipfiremake stress
+ ipfiremake libstatgrab
+ ipfiremake sarg
echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild
cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild
echo >> $BASEDIR/build/var/ipfire/firebuild
echo >> $BASEDIR/build/var/ipfire/firebuild
cat /proc/cpuinfo >> $BASEDIR/build/var/ipfire/firebuild
echo $PAKFIRE_CORE > $BASEDIR/build/opt/pakfire/db/core/mine
- if [ "$GIT_BRANCH" = "master" -o "$GIT_BRANCH" = "next" ]; then
- echo "$NAME $VERSION ($MACHINE) - Development Build: $GIT_LASTCOMMIT" > $BASEDIR/build/etc/system-release
- else
- echo "$NAME $VERSION ($MACHINE) - $GIT_BRANCH" > $BASEDIR/build/etc/system-release
- fi
+ case "$GIT_BRANCH" in
+ core*)
+ echo "$NAME $VERSION ($MACHINE) - $GIT_BRANCH" > $BASEDIR/build/etc/system-release
+ ;;
+ *)
+ echo "$NAME $VERSION ($MACHINE) - Development Build: $GIT_BRANCH/$GIT_LASTCOMMIT" > $BASEDIR/build/etc/system-release
+ ;;
+ esac
}
buildinstaller() {
ipfiremake mbr
ipfiremake memtest
ipfiremake installer
- cp -f $BASEDIR/doc/COPYING $BASEDIR/build/install/initrd/
installmake strip
ipfiremake initrd
}
if [ $BUILD_IMAGES == 1 ] && ([ -e /dev/loop/0 ] || [ -e /dev/loop0 ]) && [ "${MACHINE_TYPE}" != "arm" ]; then
cp -f $BASEDIR/packages/linux-xen-*.ipfire $LFS/install/packages/
cp -f $BASEDIR/packages/meta-linux-xen $LFS/install/packages/
+ cp -f $BASEDIR/packages/linux-pae-*.ipfire $LFS/install/packages/
+ cp -f $BASEDIR/packages/meta-linux-pae $LFS/install/packages/
ipfiremake xen-image
rm -rf $LFS/install/packages/linux-xen-*.ipfire
rm -rf $LFS/install/packages/meta-linux-xen
ipfiremake core-updates
local i
- for i in $(find $BASEDIR/config/rootfiles/packages{${machine},} -maxdepth 1 -type f); do
+ for i in $(find $BASEDIR/config/rootfiles/packages{/${MACHINE},} -maxdepth 1 -type f); do
i=$(basename ${i})
if [ -e $BASEDIR/lfs/$i ]; then
ipfiredist $i
echo "`date -u '+%b %e %T'`: Create toolchain tar.gz for $MACHINE" | tee -a $LOGFILE
test -d $BASEDIR/cache/toolchains || mkdir -p $BASEDIR/cache/toolchains
cd $BASEDIR && tar -zc --exclude='log/_build.*.log' -f cache/toolchains/$SNAME-$VERSION-toolchain-$TOOLCHAINVER-$MACHINE.tar.gz \
- build/{bin,etc,usr/bin,usr/local} \
- build/tools/{bin,etc,*-linux-gnu*,include,lib,libexec,sbin,share,var} \
- log >> $LOGFILE
+ build/tools build/bin/sh log >> $LOGFILE
md5sum cache/toolchains/$SNAME-$VERSION-toolchain-$TOOLCHAINVER-$MACHINE.tar.gz \
> cache/toolchains/$SNAME-$VERSION-toolchain-$TOOLCHAINVER-$MACHINE.md5
stdumount