Some peers that are behind a NAT router that fails
to properly forward IKE packets on UDP port 500 cannot
establish an IPsec connection. MOBIKE tries to solve that
by sending these packets to UDP port 4500 instead.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
etc/rc.d/init.d/sshd
srv/web/ipfire/cgi-bin/logs.cgi/log.dat
srv/web/ipfire/cgi-bin/mail.cgi
etc/rc.d/init.d/sshd
srv/web/ipfire/cgi-bin/logs.cgi/log.dat
srv/web/ipfire/cgi-bin/mail.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
var/ipfire/langs
var/ipfire/menu.d/40-services.menu
var/ipfire/network-functions.pl
var/ipfire/langs
var/ipfire/menu.d/40-services.menu
var/ipfire/network-functions.pl
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: show tls-auth key
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: show tls-auth key
+WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn statistics n2n
WARNING: untranslated string: vpn statistics n2n
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
+WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
+WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: samba join domain
WARNING: untranslated string: search
WARNING: untranslated string: uncheck all
WARNING: untranslated string: samba join domain
WARNING: untranslated string: search
WARNING: untranslated string: uncheck all
+WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
WARNING: untranslated string: uncheck all
WARNING: untranslated string: upload dh key
WARNING: untranslated string: vendor
WARNING: untranslated string: uncheck all
WARNING: untranslated string: upload dh key
WARNING: untranslated string: vendor
+WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
+WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: vendor
WARNING: untranslated string: visit us at
+WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: routing table
WARNING: untranslated string: search
WARNING: untranslated string: uncheck all
WARNING: untranslated string: routing table
WARNING: untranslated string: search
WARNING: untranslated string: uncheck all
+WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
$cgiparams{'RW_NET'} = '';
$cgiparams{'DPD_DELAY'} = '30';
$cgiparams{'DPD_TIMEOUT'} = '120';
$cgiparams{'RW_NET'} = '';
$cgiparams{'DPD_DELAY'} = '30';
$cgiparams{'DPD_TIMEOUT'} = '120';
+$cgiparams{'FORCE_MOBIKE'} = 'off';
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
###
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
###
# Compression
print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on');
# Compression
print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on');
+ # Force MOBIKE?
+ if (($lconfighash{$key}[29] eq "ikev2") && ($lconfighash{$key}[32] eq 'on')) {
+ print CONF "\tmobike=yes\n";
+ }
+
# Dead Peer Detection
my $dpdaction = $lconfighash{$key}[27];
print CONF "\tdpdaction=$dpdaction\n";
# Dead Peer Detection
my $dpdaction = $lconfighash{$key}[27];
print CONF "\tdpdaction=$dpdaction\n";
$cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14];
$cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
$cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
$cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14];
$cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
$cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
+ $cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32];
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;
my $key = $cgiparams{'KEY'};
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
my $key = $cgiparams{'KEY'};
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 32) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
$confighash{$key}[14] = $cgiparams{'VHOST'};
$confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'};
$confighash{$key}[31] = $cgiparams{'DPD_DELAY'};
$confighash{$key}[14] = $cgiparams{'VHOST'};
$confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'};
$confighash{$key}[31] = $cgiparams{'DPD_DELAY'};
+ $confighash{$key}[32] = $cgiparams{'FORCE_MOBIKE'};
#free unused fields!
$confighash{$key}[6] = 'off';
#free unused fields!
$confighash{$key}[6] = 'off';
$cgiparams{'DPD_TIMEOUT'} = 120;
}
$cgiparams{'DPD_TIMEOUT'} = 120;
}
+ if (!$cgiparams{'FORCE_MOBIKE'}) {
+ $cgiparams{'FORCE_MOBIKE'} = 'no';
+ }
+
# Default IKE Version to v2
if (!$cgiparams{'IKE_VERSION'}) {
$cgiparams{'IKE_VERSION'} = 'ikev2';
# Default IKE Version to v2
if (!$cgiparams{'IKE_VERSION'}) {
$cgiparams{'IKE_VERSION'} = 'ikev2';
<input type='hidden' name='DPD_ACTION' value='$cgiparams{'DPD_ACTION'}' />
<input type='hidden' name='DPD_DELAY' value='$cgiparams{'DPD_DELAY'}' />
<input type='hidden' name='DPD_TIMEOUT' value='$cgiparams{'DPD_TIMEOUT'}' />
<input type='hidden' name='DPD_ACTION' value='$cgiparams{'DPD_ACTION'}' />
<input type='hidden' name='DPD_DELAY' value='$cgiparams{'DPD_DELAY'}' />
<input type='hidden' name='DPD_TIMEOUT' value='$cgiparams{'DPD_TIMEOUT'}' />
+ <input type='hidden' name='FORCE_MOBIKE' value='$cgiparams{'FORCE_MOBIKE'}' />
END
;
if ($cgiparams{'KEY'}) {
END
;
if ($cgiparams{'KEY'}) {
if (
($cgiparams{'COMPRESSION'} !~ /^(|on|off)$/) ||
if (
($cgiparams{'COMPRESSION'} !~ /^(|on|off)$/) ||
+ ($cgiparams{'FORCE_MOBIKE'} !~ /^(|on|off)$/) ||
($cgiparams{'ONLY_PROPOSED'} !~ /^(|on|off)$/) ||
($cgiparams{'PFS'} !~ /^(|on|off)$/) ||
($cgiparams{'VHOST'} !~ /^(|on|off)$/)
($cgiparams{'ONLY_PROPOSED'} !~ /^(|on|off)$/) ||
($cgiparams{'PFS'} !~ /^(|on|off)$/) ||
($cgiparams{'VHOST'} !~ /^(|on|off)$/)
$confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'DPD_ACTION'};
$confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'};
$confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'};
$confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'DPD_ACTION'};
$confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'};
$confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'};
+ $confighash{$cgiparams{'KEY'}}[32] = $cgiparams{'FORCE_MOBIKE'};
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
if (&vpnenabled) {
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
if (&vpnenabled) {
$cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27];
$cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
$cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
$cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27];
$cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
$cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
+ $cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32];
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;
foreach my $key (@temp) {$checked{'ESP_GROUPTYPE'}{$key} = "selected='selected'"; }
$checked{'COMPRESSION'} = $cgiparams{'COMPRESSION'} eq 'on' ? "checked='checked'" : '' ;
foreach my $key (@temp) {$checked{'ESP_GROUPTYPE'}{$key} = "selected='selected'"; }
$checked{'COMPRESSION'} = $cgiparams{'COMPRESSION'} eq 'on' ? "checked='checked'" : '' ;
+ $checked{'FORCE_MOBIKE'} = $cgiparams{'FORCE_MOBIKE'} eq 'on' ? "checked='checked'" : '' ;
$checked{'ONLY_PROPOSED'} = $cgiparams{'ONLY_PROPOSED'} eq 'on' ? "checked='checked'" : '' ;
$checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ;
$checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ? "checked='checked'" : '' ;
$checked{'ONLY_PROPOSED'} = $cgiparams{'ONLY_PROPOSED'} eq 'on' ? "checked='checked'" : '' ;
$checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ;
$checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ? "checked='checked'" : '' ;
+ <tr>
+ <td>
+ <label>
+ <input type='checkbox' name='FORCE_MOBIKE' $checked{'FORCE_MOBIKE'} />
+ $Lang::tr{'vpn force mobike'}
+ </label>
+ </td>
+ </tr>
EOF
;
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
EOF
;
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
'vpn configuration main' => 'VPN Configuration',
'vpn delayed start' => 'Delay before launching VPN (seconds)',
'vpn delayed start help' => 'If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.',
'vpn configuration main' => 'VPN Configuration',
'vpn delayed start' => 'Delay before launching VPN (seconds)',
'vpn delayed start help' => 'If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.',
+'vpn force mobike' => 'Force using MOBIKE (only IKEv2)',
'vpn incompatible use of defaultroute' => 'hostname=%defaultroute not allowed',
'vpn keyexchange' => 'Keyexchange',
'vpn local id' => 'Local ID',
'vpn incompatible use of defaultroute' => 'hostname=%defaultroute not allowed',
'vpn keyexchange' => 'Keyexchange',
'vpn local id' => 'Local ID',