From cae1f4a7a82f47703afb0cc25ff71f7585b28c2b Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 28 Nov 2018 14:21:33 +0000 Subject: [PATCH] IPsec: Add dropdown to select tunnel interface mode Signed-off-by: Michael Tremer --- doc/language_issues.de | 5 +++++ doc/language_issues.en | 5 +++++ doc/language_issues.es | 5 +++++ doc/language_issues.fr | 5 +++++ doc/language_issues.it | 5 +++++ doc/language_issues.nl | 5 +++++ doc/language_issues.pl | 5 +++++ doc/language_issues.ru | 5 +++++ doc/language_issues.tr | 5 +++++ doc/language_missings | 40 ++++++++++++++++++++++++++++++++++++++++ html/cgi-bin/vpnmain.cgi | 30 +++++++++++++++++++++++++++++- langs/en/cgi-bin/en.pl | 5 +++++ 12 files changed, 119 insertions(+), 1 deletion(-) diff --git a/doc/language_issues.de b/doc/language_issues.de index 6d793fd1a1..42a913d062 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -775,7 +775,12 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: guardian watch snort alertfile = unknown string WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string WARNING: untranslated string: info messages = unknown string +WARNING: untranslated string: interface mode = Interface +WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode WARNING: untranslated string: invalid input for mode = Invalid input for mode +WARNING: untranslated string: ipsec interface mode gre = GRE +WARNING: untranslated string: ipsec interface mode none = - None (Default) - +WARNING: untranslated string: ipsec interface mode vti = VTI WARNING: untranslated string: ipsec mode transport = Transport WARNING: untranslated string: ipsec mode tunnel = Tunnel WARNING: untranslated string: no data = unknown string diff --git a/doc/language_issues.en b/doc/language_issues.en index eead5113d1..362a33cc01 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1052,6 +1052,7 @@ WARNING: untranslated string: install = Install WARNING: untranslated string: instant update = Instant Update WARNING: untranslated string: integrity = Integrity: WARNING: untranslated string: interface = Interface +WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: interfaces = Interfaces WARNING: untranslated string: internet = INTERNET WARNING: untranslated string: intrusion detection = Intrusion Detection @@ -1080,6 +1081,7 @@ WARNING: untranslated string: invalid input for esp keylife = Invalid input for WARNING: untranslated string: invalid input for hostname = Invalid input for hostname. WARNING: untranslated string: invalid input for ike lifetime = Invalid input for IKE lifetime WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout +WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode WARNING: untranslated string: invalid input for keepalive 1 = Invalid input for Keepalive ping WARNING: untranslated string: invalid input for keepalive 1:2 = Invalid input for Keepalive use at least a ratio of 1:2 WARNING: untranslated string: invalid input for keepalive 2 = Invalid input for Keepalive ping-restart @@ -1128,6 +1130,9 @@ WARNING: untranslated string: ipfire side is invalid = IPFire side is invalid. WARNING: untranslated string: ipfires hostname = IPFire's Hostname WARNING: untranslated string: ipinfo = IP info WARNING: untranslated string: ipsec = IPsec +WARNING: untranslated string: ipsec interface mode gre = GRE +WARNING: untranslated string: ipsec interface mode none = - None (Default) - +WARNING: untranslated string: ipsec interface mode vti = VTI WARNING: untranslated string: ipsec mode transport = Transport WARNING: untranslated string: ipsec mode tunnel = Tunnel WARNING: untranslated string: ipsec network = IPsec network diff --git a/doc/language_issues.es b/doc/language_issues.es index 1545fa5308..d1bcd4bfd5 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1050,14 +1050,19 @@ WARNING: untranslated string: incoming firewall access = Incoming Firewall Acces WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: integrity = Integrity: +WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout +WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days). WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol WARNING: untranslated string: ipsec = IPsec +WARNING: untranslated string: ipsec interface mode gre = GRE +WARNING: untranslated string: ipsec interface mode none = - None (Default) - +WARNING: untranslated string: ipsec interface mode vti = VTI WARNING: untranslated string: ipsec mode transport = Transport WARNING: untranslated string: ipsec mode tunnel = Tunnel WARNING: untranslated string: ipsec network = IPsec network diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 45bb87da79..bac356f4c5 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -810,8 +810,13 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: guardian watch snort alertfile = unknown string WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string WARNING: untranslated string: info messages = unknown string +WARNING: untranslated string: interface mode = Interface +WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname +WARNING: untranslated string: ipsec interface mode gre = GRE +WARNING: untranslated string: ipsec interface mode none = - None (Default) - +WARNING: untranslated string: ipsec interface mode vti = VTI WARNING: untranslated string: ipsec mode transport = Transport WARNING: untranslated string: ipsec mode tunnel = Tunnel WARNING: untranslated string: no data = unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index ed32fdb040..5e15535951 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -884,11 +884,16 @@ WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unk WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead WARNING: untranslated string: info messages = unknown string +WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout +WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days). WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol +WARNING: untranslated string: ipsec interface mode gre = GRE +WARNING: untranslated string: ipsec interface mode none = - None (Default) - +WARNING: untranslated string: ipsec interface mode vti = VTI WARNING: untranslated string: ipsec mode transport = Transport WARNING: untranslated string: ipsec mode tunnel = Tunnel WARNING: untranslated string: log server protocol = protocol: diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 13bd9408d0..6837903b96 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -898,11 +898,16 @@ WARNING: untranslated string: imsi = IMSI WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead WARNING: untranslated string: info messages = unknown string +WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout +WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days). WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol +WARNING: untranslated string: ipsec interface mode gre = GRE +WARNING: untranslated string: ipsec interface mode none = - None (Default) - +WARNING: untranslated string: ipsec interface mode vti = VTI WARNING: untranslated string: ipsec mode transport = Transport WARNING: untranslated string: ipsec mode tunnel = Tunnel WARNING: untranslated string: log server protocol = protocol: diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 1545fa5308..d1bcd4bfd5 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1050,14 +1050,19 @@ WARNING: untranslated string: incoming firewall access = Incoming Firewall Acces WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: integrity = Integrity: +WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout +WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days). WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol WARNING: untranslated string: ipsec = IPsec +WARNING: untranslated string: ipsec interface mode gre = GRE +WARNING: untranslated string: ipsec interface mode none = - None (Default) - +WARNING: untranslated string: ipsec interface mode vti = VTI WARNING: untranslated string: ipsec mode transport = Transport WARNING: untranslated string: ipsec mode tunnel = Tunnel WARNING: untranslated string: ipsec network = IPsec network diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 526c137548..2e641cce25 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1052,14 +1052,19 @@ WARNING: untranslated string: incoming overhead in bytes per second = Incoming O WARNING: untranslated string: incoming traffic in bytes per second = Incoming Traffic WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: integrity = Integrity: +WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout +WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days). WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol WARNING: untranslated string: ipsec = IPsec +WARNING: untranslated string: ipsec interface mode gre = GRE +WARNING: untranslated string: ipsec interface mode none = - None (Default) - +WARNING: untranslated string: ipsec interface mode vti = VTI WARNING: untranslated string: ipsec mode transport = Transport WARNING: untranslated string: ipsec mode tunnel = Tunnel WARNING: untranslated string: ipsec network = IPsec network diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 41546bb322..57e582d4e6 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -813,8 +813,13 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: guardian watch snort alertfile = unknown string WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string WARNING: untranslated string: info messages = unknown string +WARNING: untranslated string: interface mode = Interface +WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname +WARNING: untranslated string: ipsec interface mode gre = GRE +WARNING: untranslated string: ipsec interface mode none = - None (Default) - +WARNING: untranslated string: ipsec interface mode vti = VTI WARNING: untranslated string: ipsec mode transport = Transport WARNING: untranslated string: ipsec mode tunnel = Tunnel WARNING: untranslated string: no data = unknown string diff --git a/doc/language_missings b/doc/language_missings index 8c9c68e977..edb0b3fd42 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -39,7 +39,12 @@ < g.lite < guardian < insert removable device +< interface mode +< invalid input for interface mode < invalid input for mode +< ipsec interface mode gre +< ipsec interface mode none +< ipsec interface mode vti < ipsec mode transport < ipsec mode tunnel < none @@ -495,14 +500,19 @@ < incoming firewall access < incoming overhead in bytes per second < integrity +< interface mode < invalid input for dpd delay < invalid input for dpd timeout < invalid input for inactivity timeout +< invalid input for interface mode < invalid input for mode < invalid input for valid till days < invalid ip or hostname < invalid logserver protocol < ipsec +< ipsec interface mode gre +< ipsec interface mode none +< ipsec interface mode vti < ipsec mode transport < ipsec mode tunnel < ipsec network @@ -792,8 +802,13 @@ ############################################################################ < cryptographic settings < dnsforward forward_servers +< interface mode +< invalid input for interface mode < invalid input for mode < invalid ip or hostname +< ipsec interface mode gre +< ipsec interface mode none +< ipsec interface mode vti < ipsec mode transport < ipsec mode tunnel ############################################################################ @@ -931,11 +946,16 @@ < guardian < incoming compression in bytes per second < incoming overhead in bytes per second +< interface mode < invalid input for inactivity timeout +< invalid input for interface mode < invalid input for mode < invalid input for valid till days < invalid ip or hostname < invalid logserver protocol +< ipsec interface mode gre +< ipsec interface mode none +< ipsec interface mode vti < ipsec mode transport < ipsec mode tunnel < log server protocol @@ -1171,11 +1191,16 @@ < imsi < incoming compression in bytes per second < incoming overhead in bytes per second +< interface mode < invalid input for inactivity timeout +< invalid input for interface mode < invalid input for mode < invalid input for valid till days < invalid ip or hostname < invalid logserver protocol +< ipsec interface mode gre +< ipsec interface mode none +< ipsec interface mode vti < ipsec mode transport < ipsec mode tunnel < log server protocol @@ -1730,14 +1755,19 @@ < incoming firewall access < incoming overhead in bytes per second < integrity +< interface mode < invalid input for dpd delay < invalid input for dpd timeout < invalid input for inactivity timeout +< invalid input for interface mode < invalid input for mode < invalid input for valid till days < invalid ip or hostname < invalid logserver protocol < ipsec +< ipsec interface mode gre +< ipsec interface mode none +< ipsec interface mode vti < ipsec mode transport < ipsec mode tunnel < ipsec network @@ -2453,14 +2483,19 @@ < incoming overhead in bytes per second < incoming traffic in bytes per second < integrity +< interface mode < invalid input for dpd delay < invalid input for dpd timeout < invalid input for inactivity timeout +< invalid input for interface mode < invalid input for mode < invalid input for valid till days < invalid ip or hostname < invalid logserver protocol < ipsec +< ipsec interface mode gre +< ipsec interface mode none +< ipsec interface mode vti < ipsec mode transport < ipsec mode tunnel < ipsec network @@ -2737,8 +2772,13 @@ < crypto warning < dnsforward forward_servers < fwdfw all subnets +< interface mode +< invalid input for interface mode < invalid input for mode < invalid ip or hostname +< ipsec interface mode gre +< ipsec interface mode none +< ipsec interface mode vti < ipsec mode transport < ipsec mode tunnel < ovpn error dh diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 27729d3f55..a1f095bdcb 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -112,6 +112,7 @@ $cgiparams{'FORCE_MOBIKE'} = 'off'; $cgiparams{'START_ACTION'} = 'start'; $cgiparams{'INACTIVITY_TIMEOUT'} = 900; $cgiparams{'MODE'} = "tunnel"; +$cgiparams{'INTERFACE_MODE'} = ""; &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); ### @@ -1325,6 +1326,7 @@ END $cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32]; $cgiparams{'INACTIVITY_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[34]; $cgiparams{'MODE'} = $confighash{$cgiparams{'KEY'}}[35]; + $cgiparams{'INTERFACE_MODE'} = $confighash{$cgiparams{'KEY'}}[36]; if (!$cgiparams{'DPD_DELAY'}) { $cgiparams{'DPD_DELAY'} = 30; @@ -1824,7 +1826,7 @@ END my $key = $cgiparams{'KEY'}; if (! $key) { $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 35) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 36) { $confighash{$key}[$i] = "";} } $confighash{$key}[0] = $cgiparams{'ENABLED'}; $confighash{$key}[1] = $cgiparams{'NAME'}; @@ -1870,6 +1872,7 @@ END $confighash{$key}[32] = $cgiparams{'FORCE_MOBIKE'}; $confighash{$key}[34] = $cgiparams{'INACTIVITY_TIMEOUT'}; $confighash{$key}[35] = $cgiparams{'MODE'}; + $confighash{$key}[36] = $cgiparams{'INTERFACE_MODE'}; # free unused fields! $confighash{$key}[6] = 'off'; @@ -1945,6 +1948,7 @@ END $cgiparams{'PFS'} = 'on'; #[28]; $cgiparams{'INACTIVITY_TIMEOUT'} = 900; $cgiparams{'MODE'} = "tunnel"; + $cgiparams{'INTERFACE_MODE'} = ""; } VPNCONF_ERROR: @@ -2002,6 +2006,7 @@ VPNCONF_ERROR: + END ; if ($cgiparams{'KEY'}) { @@ -2301,6 +2306,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } + if ($cgiparams{'INTERFACE_MODE'} !~ /^(|gre|vti)$/) { + $errormessage = $Lang::tr{'invalid input for interface mode'}; + goto ADVANCED_ERROR; + } + $confighash{$cgiparams{'KEY'}}[29] = $cgiparams{'IKE_VERSION'}; $confighash{$cgiparams{'KEY'}}[18] = $cgiparams{'IKE_ENCRYPTION'}; $confighash{$cgiparams{'KEY'}}[19] = $cgiparams{'IKE_INTEGRITY'}; @@ -2321,6 +2331,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $confighash{$cgiparams{'KEY'}}[33] = $cgiparams{'START_ACTION'}; $confighash{$cgiparams{'KEY'}}[34] = $cgiparams{'INACTIVITY_TIMEOUT'}; $confighash{$cgiparams{'KEY'}}[35] = $cgiparams{'MODE'}; + $confighash{$cgiparams{'KEY'}}[36] = $cgiparams{'INTERFACE_MODE'}; &General::writehasharray("${General::swroot}/vpn/config", \%confighash); &writeipsecfiles(); if (&vpnenabled) { @@ -2351,6 +2362,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $cgiparams{'START_ACTION'} = $confighash{$cgiparams{'KEY'}}[33]; $cgiparams{'INACTIVITY_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[34]; $cgiparams{'MODE'} = $confighash{$cgiparams{'KEY'}}[35]; + $cgiparams{'INTERFACE_MODE'} = $confighash{$cgiparams{'KEY'}}[36]; if (!$cgiparams{'DPD_DELAY'}) { $cgiparams{'DPD_DELAY'} = 30; @@ -2483,6 +2495,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $selected{'MODE'}{'transport'} = ''; $selected{'MODE'}{$cgiparams{'MODE'}} = "selected='selected'"; + $selected{'INTERFACE_MODE'}{''} = ''; + $selected{'INTERFACE_MODE'}{'gre'} = ''; + $selected{'INTERFACE_MODE'}{'vti'} = ''; + $selected{'INTERFACE_MODE'}{$cgiparams{'INTERFACE_MODE'}} = "selected='selected'"; + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'ipsec'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -2518,6 +2535,17 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || + + + $Lang::tr{'interface mode'}: + + + + diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 93b857808e..1211625c90 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1393,6 +1393,7 @@ 'instant update' => 'Instant Update', 'integrity' => 'Integrity:', 'interface' => 'Interface', +'interface mode' => 'Interface', 'interfaces' => 'Interfaces', 'internet' => 'INTERNET', 'intrusion detection' => 'Intrusion Detection', @@ -1426,6 +1427,7 @@ 'invalid input for hostname' => 'Invalid input for hostname.', 'invalid input for ike lifetime' => 'Invalid input for IKE lifetime', 'invalid input for inactivity timeout' => 'Invalid input for Inactivity Timeout', +'invalid input for interface mode' => 'Invalid input for interface mode', 'invalid input for keepalive 1' => 'Invalid input for Keepalive ping', 'invalid input for keepalive 1:2' => 'Invalid input for Keepalive use at least a ratio of 1:2', 'invalid input for keepalive 2' => 'Invalid input for Keepalive ping-restart', @@ -1483,6 +1485,9 @@ 'ipfires hostname' => 'IPFire\'s Hostname', 'ipinfo' => 'IP info', 'ipsec' => 'IPsec', +'ipsec interface mode gre' => 'GRE', +'ipsec interface mode none' => '- None (Default) -', +'ipsec interface mode vti' => 'VTI', 'ipsec mode transport' => 'Transport', 'ipsec mode tunnel' => 'Tunnel', 'ipsec network' => 'IPsec network', -- 2.39.2