#!/usr/bin/perl
-#
-# This file is part of the IPCop Firewall.
-#
-# IPCop is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# IPCop is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with IPCop; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# Copyright (C) 2003-05-25 Mark Wormgoor <mark@wormgoor.com>
-#
-# $Id: vpnmain.cgi,v 1.10.2.104 2006/11/30 12:43:10 franck78 Exp $
-#
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2011 IPFire Team info@ipfire.org #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
use Net::DNS;
use File::Copy;
my $warnmessage = '';
my $errormessage = '';
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+
+my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}");
+my $blue_cidr = "# Blue not defined";
+if ($netsettings{'BLUE_DEV'}) {
+ $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}");
+}
+my $orange_cidr = "# Orange not defined";
+if ($netsettings{'ORANGE_DEV'}) {
+ $orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
+}
+
$cgiparams{'ENABLED'} = 'off';
-$cgiparams{'ENABLED_GREEN'} = 'off';
-$cgiparams{'ENABLED_ORANGE'} = 'off';
-$cgiparams{'ENABLED_BLUE'} = 'off';
$cgiparams{'EDIT_ADVANCED'} = 'off';
$cgiparams{'ACTION'} = '';
$cgiparams{'CA_NAME'} = '';
### Just return true is one interface is vpn enabled
###
sub vpnenabled {
- return ($vpnsettings{'ENABLED'} eq 'on' ||
- $vpnsettings{'ENABLED_GREEN'} eq 'on' ||
- $vpnsettings{'ENABLED_ORANGE'} eq 'on' ||
- $vpnsettings{'ENABLED_BLUE'} eq 'on');
+ return ($vpnsettings{'ENABLED'} eq 'on');
}
###
### old version: maintain serial number to one, without explication.
### the side is always defined as 'left'.
### configihash[14]: 'VHOST' is allowed
###
-###Type=Net : GUI can choose to be left or right. This serve nothing in the conf!
-### interface is fixed to RED only. No special reason for this also.
-###
sub writeipsecfiles {
my %lconfighash = ();
print CONF "version 2\n\n";
print CONF "config setup\n";
#create an ipsec Interface for each 'enabled' ones
+ #loop trought configuration and add physical interfaces to the list
my $interfaces = "\tinterfaces=\"";
- $interfaces .= "%defaultroute " if ($lvpnsettings{'ENABLED'} eq 'on');
- $interfaces .= "ipsec1=$netsettings{'GREEN_DEV'} " if ($lvpnsettings{'ENABLED_GREEN'} eq 'on');
- $interfaces .= "ipsec2=$netsettings{'BLUE_DEV'} " if ($lvpnsettings{'ENABLED_BLUE'} eq 'on');
- $interfaces .= "ipsec3=$netsettings{'ORANGE_DEV'} " if ($lvpnsettings{'ENABLED_ORANGE'} eq 'on');
+ foreach my $key (keys %lconfighash) {
+ next if ($lconfighash{$key}[0] ne 'on');
+ $interfaces .= "%defaultroute " if ($interfaces !~ /defaultroute/ && $lconfighash{$key}[26] eq 'RED');
+ $interfaces .= "$netsettings{'GREEN_DEV'} " if ($interfaces !~ /ipsec1/ && $lconfighash{$key}[26] eq 'GREEN');
+ $interfaces .= "$netsettings{'BLUE_DEV'} " if ($interfaces !~ /ipsec2/ && $lconfighash{$key}[26] eq 'BLUE');
+ $interfaces .= "$netsettings{'ORANGE_DEV'} " if ($interfaces !~ /ipsec3/ && $lconfighash{$key}[26] eq 'ORANGE');
+ }
print CONF $interfaces . "\"\n";
my $plutodebug = ''; # build debug list
map ($plutodebug .= $lvpnsettings{$_} eq 'on' ? lc (substr($_,4)).' ' : '',
('DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
- 'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
+ 'DBG_DNS'));
$plutodebug = 'none' if $plutodebug eq ''; # if nothing selected, use 'none'.
- print CONF "\tklipsdebug=\"none\"\n";
+ #print CONF "\tklipsdebug=\"none\"\n";
print CONF "\tplutodebug=\"$plutodebug\"\n";
# deprecated in ipsec.conf version 2
#print CONF "\tplutoload=%search\n";
#print CONF "\tplutostart=%search\n";
- print CONF "\tplutoload=%search\n";
- print CONF "\tplutostart=%search\n";
print CONF "\tuniqueids=yes\n";
print CONF "\tnat_traversal=yes\n";
print CONF "\toverridemtu=$lvpnsettings{'VPN_OVERRIDE_MTU'}\n" if ($lvpnsettings{'VPN_OVERRIDE_MTU'} ne '');
print CONF "\tvirtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16";
- print CONF ",%v4:!$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+ print CONF ",%v4:!$green_cidr";
if (length($netsettings{'ORANGE_DEV'}) > 2) {
- print CONF ",%v4:!$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
+ print CONF ",%v4:!$orange_cidr";
}
if (length($netsettings{'BLUE_DEV'}) > 2) {
- print CONF ",%v4:!$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+ print CONF ",%v4:!$blue_cidr";
}
foreach my $key (keys %lconfighash) {
if ($lconfighash{$key}[3] eq 'net') {
print CONF "\n\n";
print CONF "conn %default\n";
print CONF "\tkeyingtries=0\n";
- print CONF "\tdisablearrivalcheck=no\n";
+ #strongswan doesn't know this
+ #print CONF "\tdisablearrivalcheck=no\n";
+ print CONF "\n";
+
+ # Add user includes to config file
+ print CONF "include /etc/ipsec.user.conf\n";
print CONF "\n";
+ print SECRETS "include /etc/ipsec.user.secrets\n";
+
if (-f "${General::swroot}/certs/hostkey.pem") {
print SECRETS ": RSA ${General::swroot}/certs/hostkey.pem\n"
}
#remote peer is not set? => use '%any'
$lconfighash{$key}[10] = '%any' if ($lconfighash{$key}[10] eq '');
- my ($L,$R); #Local & Remote sides
-
- print CONF "conn $lconfighash{$key}[1]\n";
- #always choose LEFT localside for roadwarrior
- if ($lconfighash{$key}[3] eq 'host' || $lconfighash{$key}[6] eq 'left') {
- $L = 'left';
- $R = 'right';
- } else {
- $R = 'left';
- $L = 'right';
- }
- print CONF "\t${L}=";
+ my $localside;
if ($lconfighash{$key}[26] eq 'BLUE') {
- print CONF "$netsettings{'BLUE_ADDRESS'}\n";
- } elsif ($lconfighash{$key}[26] eq 'ORANGE') {
- print CONF "$netsettings{'ORANGE_ADDRESS'}\n";
+ $localside = $netsettings{'BLUE_ADDRESS'};
} elsif ($lconfighash{$key}[26] eq 'GREEN') {
- print CONF "$netsettings{'GREEN_ADDRESS'}\n";
- } elsif ($lconfighash{$key}[26] eq 'RED') {
- print CONF "$lvpnsettings{'VPN_IP'}\n";
- print CONF "\t${L}nexthop=%defaultroute\n" if ($lvpnsettings{'VPN_IP'} ne '%defaultroute');
+ $localside = $netsettings{'GREEN_ADDRESS'};
+ } elsif ($lconfighash{$key}[26] eq 'ORANGE') {
+ $localside = $netsettings{'ORANGE_ADDRESS'};
+ } else { # it is RED
+ $localside = $lvpnsettings{'VPN_IP'};
}
- print CONF "\t${L}subnet=$lconfighash{$key}[8]\n";
- print CONF "\t${R}=$lconfighash{$key}[10]\n";
+ print CONF "conn $lconfighash{$key}[1]\n";
+ print CONF "\tleft=$localside\n";
+ print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute');
+ my $cidr_net=&General::ipcidr($lconfighash{$key}[8]);
+ print CONF "\tleftsubnet=$cidr_net\n";
+ print CONF "\tleftfirewall=yes\n";
+ print CONF "\tlefthostaccess=yes\n";
+
+ print CONF "\tright=$lconfighash{$key}[10]\n";
if ($lconfighash{$key}[3] eq 'net') {
- print CONF "\t${R}subnet=$lconfighash{$key}[11]\n";
- print CONF "\t${R}nexthop=%defaultroute\n";
- } elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed?
+ my $cidr_net=&General::ipcidr($lconfighash{$key}[11]);
+ print CONF "\trightsubnet=$cidr_net\n";
+ print CONF "\trightnexthop=%defaultroute\n";
+ } elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors?
print CONF "\trightsubnet=vhost:%no,%priv\n";
}
# Local Cert and Remote Cert (unless auth is DN dn-auth)
if ($lconfighash{$key}[4] eq 'cert') {
- print CONF "\t${L}cert=${General::swroot}/certs/hostcert.pem\n";
- print CONF "\t${R}cert=${General::swroot}/certs/$lconfighash{$key}[1]cert.pem\n" if ($lconfighash{$key}[2] ne '%auth-dn');
+ print CONF "\tleftcert=${General::swroot}/certs/hostcert.pem\n";
+ print CONF "\trightcert=${General::swroot}/certs/$lconfighash{$key}[1]cert.pem\n" if ($lconfighash{$key}[2] ne '%auth-dn');
}
# Local and Remote IDs
- print CONF "\t${L}id=\"$lconfighash{$key}[7]\"\n" if ($lconfighash{$key}[7]);
- print CONF "\t${R}id=\"$lconfighash{$key}[9]\"\n" if ($lconfighash{$key}[9]);
+ print CONF "\tleftid=\"$lconfighash{$key}[7]\"\n" if ($lconfighash{$key}[7]);
+ print CONF "\trightid=\"$lconfighash{$key}[9]\"\n" if ($lconfighash{$key}[9]);
# Algorithms
if ($lconfighash{$key}[18] && $lconfighash{$key}[19] && $lconfighash{$key}[20]) {
print CONF "\tpfsgroup=$lconfighash{$key}[23]\n";
}
+ # IKE V1 or V2
+ if (! $lconfighash{$key}[29]) {
+ $lconfighash{$key}[29] = "ikev1";
+ }
+ print CONF "\tkeyexchange=$lconfighash{$key}[29]\n";
+
# Lifetimes
print CONF "\tikelifetime=$lconfighash{$key}[16]h\n" if ($lconfighash{$key}[16]);
print CONF "\tkeylife=$lconfighash{$key}[17]h\n" if ($lconfighash{$key}[17]);
- # Aggresive mode
- print CONF "\taggrmode=yes\n" if ($lconfighash{$key}[12] eq 'on');
-
# Compression
print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on');
# Build Authentication details: LEFTid RIGHTid : PSK psk
my $psk_line;
if ($lconfighash{$key}[4] eq 'psk') {
- my $localside;
- if ($lconfighash{$key}[26] eq 'BLUE') {
- $localside = $netsettings{'BLUE_ADDRESS'};
- } elsif ($lconfighash{$key}[26] eq 'GREEN') {
- $localside = $netsettings{'GREEN_ADDRESS'};
- } elsif ($lconfighash{$key}[26] eq 'ORANGE') {
- $localside = $netsettings{'ORANGE_ADDRESS'};
- } else { # it is RED
- $localside = $lvpnsettings{'VPN_IP'};
- }
$psk_line = ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside) . " " ;
$psk_line .= $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfighash{$key}[10]; #remoteid or remote address?
$psk_line .= " : PSK '$lconfighash{$key}[5]'\n";
}
map ($vpnsettings{$_} = $cgiparams{$_},
- ('ENABLED','ENABLED_GREEN','ENABLED_ORANGE','ENABLED_BLUE','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
- 'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
+ ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
+ 'DBG_DNS'));
$vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
$vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'};
$cahash{$key}[0] = $cgiparams{'CA_NAME'};
$cahash{$key}[1] = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem"));
&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
+
system('/usr/local/bin/ipsecctrl', 'R');
sleep $sleepDelay;
# Create empty CRL cannot be done because we don't have
# the private key for this CAROOT
- # Ipcop can only import certificates
+ # IPFire can only import certificates
&General::log("ipsec", "p12 import completed!");
&cleanssldatabase();
<table width='100%' border='0' cellspacing='1' cellpadding='0'>
<tr><td width='40%' class='base'>$Lang::tr{'organization name'}:</td>
<td width='60%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td></tr>
- <tr><td class='base'>$Lang::tr{'ipcops hostname'}:</td>
+ <tr><td class='base'>$Lang::tr{'ipfires hostname'}:</td>
<td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td></tr>
<tr><td class='base'>$Lang::tr{'your e-mail'}: <img src='/blob.gif' alt='*' /></td>
<td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td></tr>
&writeipsecfiles();
system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
} else {
+ system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
$confighash{$cgiparams{'KEY'}}[0] = 'off';
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
- system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
}
sleep $sleepDelay;
} else {
$cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
$cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
$cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
- $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
+ #$cgiparams{'free'} = $confighash{$cgiparams{'KEY'}}[6];
$cgiparams{'LOCAL_ID'} = $confighash{$cgiparams{'KEY'}}[7];
$cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
$cgiparams{'REMOTE_ID'} = $confighash{$cgiparams{'KEY'}}[9];
$cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
$cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
$cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27];
+ $cgiparams{'IKE_VERSION'} = $confighash{$cgiparams{'KEY'}}[29];
$cgiparams{'IKE_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[18];
$cgiparams{'IKE_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[19];
$cgiparams{'IKE_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[20];
$cgiparams{'ESP_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[22];
$cgiparams{'ESP_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[23];
$cgiparams{'ESP_KEYLIFE'} = $confighash{$cgiparams{'KEY'}}[17];
- $cgiparams{'AGGRMODE'} = $confighash{$cgiparams{'KEY'}}[12];
$cgiparams{'COMPRESSION'} = $confighash{$cgiparams{'KEY'}}[13];
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
goto VPNCONF_ERROR;
}
- if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
- $errormessage = $Lang::tr{'ipcop side is invalid'};
- goto VPNCONF_ERROR;
- }
-
# Check if there is no other entry with this name
if (! $cgiparams{'KEY'}) { #only for add
foreach my $key (keys %confighash) {
# Allow nothing or a string (DN,FDQN,) beginning with @
# with no comma but slashes between RID eg @O=FR/C=Paris/OU=myhome/CN=franck
- if ( ($cgiparams{'LOCAL_ID'} !~ /^(|[\w.-]*@[\w. =*\/-]+|\d\.\d\.\d\.\d)$/) ||
- ($cgiparams{'REMOTE_ID'} !~ /^(|[\w.-]*@[\w. =*\/-]+|\d\.\d\.\d\.\d)$/) ||
+ if ( ($cgiparams{'LOCAL_ID'} !~ /^(|[\w.-]*@[\w. =*\/-]+|\d+\.\d+\.\d+\.\d+)$/) ||
+ ($cgiparams{'REMOTE_ID'} !~ /^(|[\w.-]*@[\w. =*\/-]+|\d+\.\d+\.\d+\.\d+)$/) ||
(($cgiparams{'REMOTE_ID'} eq $cgiparams{'LOCAL_ID'}) && ($cgiparams{'LOCAL_ID'} ne ''))
) {
$errormessage = $Lang::tr{'invalid local-remote id'} . '<br />' .
'DER_ASN1_DN: @c=FR/ou=Paris/ou=Home/cn=*<br />' .
- 'FQDN: @ipcop.org<br />' .
- 'USER_FQDN: franck@ipcop.org<br />' .
- 'IPV4_ADDR: @123.123.123.123';
+ 'FQDN: @ipfire.org<br />' .
+ 'USER_FQDN: info@ipfire.org<br />' .
+ 'IPV4_ADDR: 123.123.123.123';
goto VPNCONF_ERROR;
}
# If Auth is DN, verify existance of Remote ID.
$confighash{$key}[4] = 'cert';
}
if ($cgiparams{'TYPE'} eq 'net') {
- $confighash{$key}[6] = $cgiparams{'SIDE'};
$confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
}
$confighash{$key}[7] = $cgiparams{'LOCAL_ID'};
$confighash{$key}[25] = $cgiparams{'REMARK'};
$confighash{$key}[26] = $cgiparams{'INTERFACE'};
$confighash{$key}[27] = $cgiparams{'DPD_ACTION'};
+ $confighash{$key}[29] = $cgiparams{'IKE_VERSION'};
#dont forget advanced value
$confighash{$key}[18] = $cgiparams{'IKE_ENCRYPTION'};
$confighash{$key}[22] = $cgiparams{'ESP_INTEGRITY'};
$confighash{$key}[23] = $cgiparams{'ESP_GROUPTYPE'};
$confighash{$key}[17] = $cgiparams{'ESP_KEYLIFE'};
- $confighash{$key}[12] = $cgiparams{'AGGRMODE'};
+ $confighash{$key}[12] = 'off'; # $cgiparams{'AGGRMODE'};
$confighash{$key}[13] = $cgiparams{'COMPRESSION'};
$confighash{$key}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$key}[28] = $cgiparams{'PFS'};
$confighash{$key}[14] = $cgiparams{'VHOST'};
#free unused fields!
+ $confighash{$key}[6] = 'off';
$confighash{$key}[15] = 'off';
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
goto VPNCONF_END;
} else { # add new connection
$cgiparams{'ENABLED'} = 'on';
- $cgiparams{'SIDE'} = 'left';
if ( ! -f "${General::swroot}/private/cakey.pem" ) {
$cgiparams{'AUTH'} = 'psk';
} elsif ( ! -f "${General::swroot}/ca/cacert.pem") {
$cgiparams{'DPD_ACTION'} = 'restart';
}
+ # Default IKE Version to V1
+ if (! $cgiparams{'IKE_VERSION'}) {
+ $cgiparams{'IKE_VERSION'} = 'ikev1';
+ }
+
# Default is yes for 'pfs'
$cgiparams{'PFS'} = 'on';
$cgiparams{'ESP_INTEGRITY'} = 'sha1|md5'; #[22];
$cgiparams{'ESP_GROUPTYPE'} = ''; #[23];
$cgiparams{'ESP_KEYLIFE'} = '8'; #[17];
- $cgiparams{'AGGRMODE'} = 'off'; #[12];
$cgiparams{'COMPRESSION'} = 'off'; #[13];
$cgiparams{'ONLY_PROPOSED'} = 'off'; #[24];
$cgiparams{'PFS'} = 'on'; #[28];
$checked{'ENABLED'}{'off'} = '';
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
- $checked{'ENABLED_GREEN'}{'off'} = '';
- $checked{'ENABLED_GREEN'}{'on'} = '';
- $checked{'ENABLED_GREEN'}{$cgiparams{'ENABLED_GREEN'}} = "checked='checked'";
- $checked{'ENABLED_ORANGE'}{'off'} = '';
- $checked{'ENABLED_ORANGE'}{'on'} = '';
- $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = "checked='checked'";
- $checked{'ENABLED_BLUE'}{'off'} = '';
- $checked{'ENABLED_BLUE'}{'on'} = '';
- $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = "checked='checked'";
$checked{'EDIT_ADVANCED'}{'off'} = '';
$checked{'EDIT_ADVANCED'}{'on'} = '';
$checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = "checked='checked'";
- $selected{'SIDE'}{'left'} = '';
- $selected{'SIDE'}{'right'} = '';
- $selected{'SIDE'}{$cgiparams{'SIDE'}} = "selected='selected'";
-
$checked{'AUTH'}{'psk'} = '';
$checked{'AUTH'}{'certreq'} = '';
$checked{'AUTH'}{'certgen'} = '';
$selected{'DPD_ACTION'}{'restart'} = '';
$selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
+ $selected{'IKE_VERSION'}{'ikev1'} = '';
+ $selected{'IKE_VERSION'}{'ikev2'} = '';
+ $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'";
+
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
<input type='hidden' name='ESP_INTEGRITY' value='$cgiparams{'ESP_INTEGRITY'}' />
<input type='hidden' name='ESP_GROUPTYPE' value='$cgiparams{'ESP_GROUPTYPE'}' />
<input type='hidden' name='ESP_KEYLIFE' value='$cgiparams{'ESP_KEYLIFE'}' />
- <input type='hidden' name='AGGRMODE' value='$cgiparams{'AGGRMODE'}' />
<input type='hidden' name='COMPRESSION' value='$cgiparams{'COMPRESSION'}' />
<input type='hidden' name='ONLY_PROPOSED' value='$cgiparams{'ONLY_PROPOSED'}' />
<input type='hidden' name='PFS' value='$cgiparams{'PFS'}' />
print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' size='30' /></td>";
}
print "<td>$Lang::tr{'enabled'}</td><td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td></tr>";
+ print '</tr><td><br /></td><tr>';
+ my $disabled;
+ my $blob;
if ($cgiparams{'TYPE'} eq 'host') {
-
- print "<tr><td>$Lang::tr{'interface'}</td>";
- print "<td><select name='INTERFACE'>";
- print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
- print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>" if ($netsettings{'BLUE_DEV'} ne '');
- print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
-# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
- print "</select></td></tr>";
- print <<END
- <tr><td class='boldbase'>$Lang::tr{'local subnet'}</td>
- <td><input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' /></td>
- <td colspan='2'> </td>
- </tr><tr>
- <td class='boldbase'>$Lang::tr{'remote host/ip'}: <img src='/blob.gif' alt='*' /></td>
+ $disabled = "disabled='disabled'";
+ $blob = "<img src='/blob.gif' alt='*' />";
+ };
+
+ print "<tr><td>$Lang::tr{'host ip'}:</td>";
+ print "<td><select name='INTERFACE'>";
+ print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED ($vpnsettings{'VPN_IP'})</option>";
+ print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN ($netsettings{'GREEN_ADDRESS'})</option>";
+ print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE ($netsettings{'BLUE_ADDRESS'})</option>" if ($netsettings{'BLUE_DEV'} ne '');
+ print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE ($netsettings{'ORANGE_ADDRESS'})</option>" if ($netsettings{'ORANGE_DEV'} ne '');
+ print "</select></td>";
+ print <<END
+ <td class='boldbase'>$Lang::tr{'remote host/ip'}: $blob</td>
<td><input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size='30' /></td>
- <td colspan='2'> </td>
- </tr>
-END
- ;
- } else {
- print <<END
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ipcop side'}
- <input type='hidden' name='INTERFACE' value='RED' /></td>
- <td><select name='SIDE'><option value='left' $selected{'SIDE'}{'left'}>left</option>
- <option value='right' $selected{'SIDE'}{'right'}>right</option></select></td>
- <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
- <td><input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size ='30' /></td>
</tr><tr>
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
<td><input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' /></td>
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
- <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' /></td>
- </tr>
-END
- ;
- }
- print <<END
- <tr>
- <td>$Lang::tr{'dpd action'}:</td>
- <td><select name='DPD_ACTION'>
- <option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
- <option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
- <option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
- </select> <a href='http://www.openswan.com/docs/local/README.DPD'>?</a>
- </td>
- </tr><tr>
+ <td><input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' /></td>
+ </tr><tr>
+ <td class='boldbase'>$Lang::tr{'vpn local id'}:<br />($Lang::tr{'eg'} <tt>@xy.example.com</tt>)</td>
+ <td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td>
+ <td class='boldbase'>$Lang::tr{'vpn remote id'}:</td>
+ <td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
+ </tr><tr>
+ </tr><td><br /></td><tr>
+ <td>$Lang::tr{'vpn keyexchange'}:</td>
+ <td><select name='IKE_VERSION'>
+ <option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option>
+ <option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option>
+ </select></a>
+ </td>
+ <td>$Lang::tr{'dpd action'}:</td>
+ <td><select name='DPD_ACTION'>
+ <option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
+ <option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
+ <option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
+ </select> <a href='http://www.openswan.com/docs/local/README.DPD'>?</a>
+ </td>
+ </tr><tr>
<!--http://www.openswan.com/docs/local/README.DPD
http://bugs.xelerance.com/view.php?id=156
restart = clear + reinitiate connection
-->
- <td><b>$Lang::tr{'options'}</b></td>
- </tr><tr>
- <td class='boldbase'>$Lang::tr{'vpn local id'}: <img src='/blob.gif' alt='*' />
- <br />($Lang::tr{'eg'} <tt>@xy.example.com</tt>)</td>
- <td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td>
- <td class='boldbase'>$Lang::tr{'vpn remote id'}: <img src='/blob.gif' alt='*' /></td>
- <td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
- </tr><tr>
- <td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></td>
- <td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
- </tr>
+ <td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></td>
+ <td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
+ </tr>
END
;
if (!$cgiparams{'KEY'}) {
print <<END
<table width='100%' cellpadding='0' cellspacing='5' border='0'>
<tr><td class='base' width='50%'>$Lang::tr{'use a pre-shared key'}</td>
- <td class='base' width='50%'><input type='text' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td>
+ <td class='base' width='50%'><input type='password' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td>
</tr>
</table>
END
<table width='100%' cellpadding='0' cellspacing='5' border='0'>
<tr><td width='5%'><input type='radio' name='AUTH' value='psk' $checked{'AUTH'}{'psk'} $pskdisabled/></td>
<td class='base' width='55%'>$Lang::tr{'use a pre-shared key'}</td>
- <td class='base' width='40%'><input type='text' name='PSK' size='30' value='$cgiparams{'PSK'}' $pskdisabled/></td></tr>
+ <td class='base' width='40%'><input type='password' name='PSK' size='30' value='$cgiparams{'PSK'}' $pskdisabled/></td></tr>
<tr><td colspan='3' bgcolor='#000000'></td></tr>
<tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td>
<td class='base'><hr />$Lang::tr{'upload a certificate request'}</td>
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes128|3des|twofish256|twofish128|serpent256|serpent128|blowfish256|blowfish128|cast128)$/) {
+ if ($val !~ /^(aes256|aes128|3des)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(768|1024|1536|2048|3072|4096|6144|8192)$/) {
+ if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes128|3des|twofish256|twofish128|serpent256|serpent128|blowfish256|blowfish128)$/) {
+ if ($val !~ /^(aes256|aes128|3des)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
}
}
if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
- $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(768|1024|1536|2048|3072|4096)$/) {
+ $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
}
if (
- ($cgiparams{'AGGRMODE'} !~ /^(|on|off)$/) ||
($cgiparams{'COMPRESSION'} !~ /^(|on|off)$/) ||
($cgiparams{'ONLY_PROPOSED'} !~ /^(|on|off)$/) ||
($cgiparams{'PFS'} !~ /^(|on|off)$/) ||
$confighash{$cgiparams{'KEY'}}[22] = $cgiparams{'ESP_INTEGRITY'};
$confighash{$cgiparams{'KEY'}}[23] = $cgiparams{'ESP_GROUPTYPE'};
$confighash{$cgiparams{'KEY'}}[17] = $cgiparams{'ESP_KEYLIFE'};
- $confighash{$cgiparams{'KEY'}}[12] = $cgiparams{'AGGRMODE'};
+ $confighash{$cgiparams{'KEY'}}[12] = 'off'; #$cgiparams{'AGGRMODE'};
$confighash{$cgiparams{'KEY'}}[13] = $cgiparams{'COMPRESSION'};
$confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'};
$cgiparams{'ESP_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[22];
$cgiparams{'ESP_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[23];
$cgiparams{'ESP_KEYLIFE'} = $confighash{$cgiparams{'KEY'}}[17];
- $cgiparams{'AGGRMODE'} = $confighash{$cgiparams{'KEY'}}[12];
$cgiparams{'COMPRESSION'} = $confighash{$cgiparams{'KEY'}}[13];
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
$checked{'IKE_ENCRYPTION'}{'aes256'} = '';
$checked{'IKE_ENCRYPTION'}{'aes128'} = '';
$checked{'IKE_ENCRYPTION'}{'3des'} = '';
- $checked{'IKE_ENCRYPTION'}{'twofish256'} = '';
- $checked{'IKE_ENCRYPTION'}{'twofish128'} = '';
- $checked{'IKE_ENCRYPTION'}{'serpent256'} = '';
- $checked{'IKE_ENCRYPTION'}{'serpent128'} = '';
- $checked{'IKE_ENCRYPTION'}{'blowfish256'} = '';
- $checked{'IKE_ENCRYPTION'}{'blowfish128'} = '';
- $checked{'IKE_ENCRYPTION'}{'cast128'} = '';
my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'});
foreach my $key (@temp) {$checked{'IKE_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'IKE_INTEGRITY'}{'sha2_512'} = '';
$checked{'IKE_GROUPTYPE'}{'8192'} = '';
@temp = split('\|', $cgiparams{'IKE_GROUPTYPE'});
foreach my $key (@temp) {$checked{'IKE_GROUPTYPE'}{$key} = "selected='selected'"; }
+
+ # 768 is not supported by strongswan
+ $checked{'IKE_GROUPTYPE'}{'768'} = '';
+
+
$checked{'ESP_ENCRYPTION'}{'aes256'} = '';
$checked{'ESP_ENCRYPTION'}{'aes128'} = '';
$checked{'ESP_ENCRYPTION'}{'3des'} = '';
- $checked{'ESP_ENCRYPTION'}{'twofish256'} = '';
- $checked{'ESP_ENCRYPTION'}{'twofish128'} = '';
- $checked{'ESP_ENCRYPTION'}{'serpent256'} = '';
- $checked{'ESP_ENCRYPTION'}{'serpent128'} = '';
- $checked{'ESP_ENCRYPTION'}{'blowfish256'} = '';
- $checked{'ESP_ENCRYPTION'}{'blowfish128'} = '';
@temp = split('\|', $cgiparams{'ESP_ENCRYPTION'});
foreach my $key (@temp) {$checked{'ESP_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'ESP_INTEGRITY'}{'sha2_512'} = '';
$checked{'ESP_INTEGRITY'}{'md5'} = '';
@temp = split('\|', $cgiparams{'ESP_INTEGRITY'});
foreach my $key (@temp) {$checked{'ESP_INTEGRITY'}{$key} = "selected='selected'"; }
- $checked{'ESP_GROUPTYPE'}{'modp768'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp1024'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp1536'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp2048'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp3072'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp4096'} = '';
$checked{'ESP_GROUPTYPE'}{$cgiparams{'ESP_GROUPTYPE'}} = "selected='selected'";
- $checked{'AGGRMODE'} = $cgiparams{'AGGRMODE'} eq 'on' ? "checked='checked'" : '' ;
$checked{'COMPRESSION'} = $cgiparams{'COMPRESSION'} eq 'on' ? "checked='checked'" : '' ;
$checked{'ONLY_PROPOSED'} = $cgiparams{'ONLY_PROPOSED'} eq 'on' ? "checked='checked'" : '' ;
$checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ;
<option value='aes256' $checked{'IKE_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
<option value='aes128' $checked{'IKE_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
<option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>3DES</option>
- <option value='twofish256' $checked{'IKE_ENCRYPTION'}{'twofish256'}>Twofish (256 bit)</option>
- <option value='twofish128' $checked{'IKE_ENCRYPTION'}{'twofish128'}>Twofish (128 bit)</option>
- <option value='serpent256' $checked{'IKE_ENCRYPTION'}{'serpent256'}>Serpent (256 bit)</option>
- <option value='serpent128' $checked{'IKE_ENCRYPTION'}{'serpent128'}>Serpent (128 bit)</option>
- <option value='blowfish256' $checked{'IKE_ENCRYPTION'}{'blowfish256'}>Blowfish (256 bit)</option>
- <option value='blowfish128' $checked{'IKE_ENCRYPTION'}{'blowfish128'}>Blowfish (128 bit)</option>
- <option value='cast128' $checked{'IKE_ENCRYPTION'}{'cast128'}>Cast (128 bit)</option>
</select></td>
<td class='boldbase' align='right' valign='top'>$Lang::tr{'ike integrity'}</td><td class='boldbase' valign='top'>
<select name='IKE_INTEGRITY' multiple='multiple' size='4'>
- <option value='sha2_512' $checked{'IKE_INTEGRITY'}{'sha2_512'}>SHA2 (512)</option>
- <option value='sha2_256' $checked{'IKE_INTEGRITY'}{'sha2_256'}>SHA2 (256)</option>
<option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA</option>
<option value='md5' $checked{'IKE_INTEGRITY'}{'md5'}>MD5</option>
</select></td>
<option value='2048' $checked{'IKE_GROUPTYPE'}{'2048'}>MODP-2048</option>
<option value='1536' $checked{'IKE_GROUPTYPE'}{'1536'}>MODP-1536</option>
<option value='1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024</option>
- <option value='768' $checked{'IKE_GROUPTYPE'}{'768'}>MODP-768</option>
</select></td>
</tr><tr>
<td class='boldbase' align='right' valign='top'>$Lang::tr{'ike lifetime'}</td><td class='boldbase' valign='top'>
<option value='aes256' $checked{'ESP_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
<option value='aes128' $checked{'ESP_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
<option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>3DES</option>
- <option value='twofish256' $checked{'ESP_ENCRYPTION'}{'twofish256'}>Twofish (256 bit)</option>
- <option value='twofish128' $checked{'ESP_ENCRYPTION'}{'twofish128'}>Twofish (128 bit)</option>
- <option value='serpent256' $checked{'ESP_ENCRYPTION'}{'serpent256'}>Serpent (256 bit)</option>
- <option value='serpent128' $checked{'ESP_ENCRYPTION'}{'serpent128'}>Serpent (128 bit)</option>
- <option value='blowfish256' $checked{'ESP_ENCRYPTION'}{'blowfish256'}>Blowfish (256 bit)</option>
- <option value='blowfish128' $checked{'ESP_ENCRYPTION'}{'blowfish128'}>Blowfish (128 bit)</option></select></td>
<td class='boldbase' align='right' valign='top'>$Lang::tr{'esp integrity'}</td><td class='boldbase' valign='top'>
<select name='ESP_INTEGRITY' multiple='multiple' size='4'>
- <option value='sha2_512' $checked{'ESP_INTEGRITY'}{'sha2_512'}>SHA2 (512)</option>
- <option value='sha2_256' $checked{'ESP_INTEGRITY'}{'sha2_256'}>SHA2 (256)</option>
<option value='sha1' $checked{'ESP_INTEGRITY'}{'sha1'}>SHA1</option>
<option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option></select></td>
<td class='boldbase' align='right' valign='top'>$Lang::tr{'esp grouptype'}</td><td class='boldbase' valign='top'>
<select name='ESP_GROUPTYPE'>
- <option value=''>$Lang::tr{'phase1 group'}</option>
- <option value='modp4096' $checked{'ESP_GROUPTYPE'}{'modp4096'}>MODP-4096</option>
- <option value='modp3072' $checked{'ESP_GROUPTYPE'}{'modp3072'}>MODP-3072</option>
- <option value='modp2048' $checked{'ESP_GROUPTYPE'}{'modp2048'}>MODP-2048</option>
- <option value='modp1536' $checked{'ESP_GROUPTYPE'}{'modp1536'}>MODP-1536</option>
- <option value='modp1024' $checked{'ESP_GROUPTYPE'}{'modp1024'}>MODP-1024</option>
- <option value='modp768' $checked{'ESP_GROUPTYPE'}{'modp768'}>MODP-768</option></select></td>
+ <option value=''>$Lang::tr{'phase1 group'}</option></select></td>
</tr><tr>
<td class='boldbase' align='right' valign='top'>$Lang::tr{'esp keylife'}</td><td class='boldbase' valign='top'>
<input type='text' name='ESP_KEYLIFE' value='$cgiparams{'ESP_KEYLIFE'}' size='5' /> $Lang::tr{'hours'}</td>
</tr><tr>
<td colspan='5'><input type='checkbox' name='ONLY_PROPOSED' $checked{'ONLY_PROPOSED'} />
IKE+ESP: $Lang::tr{'use only proposed settings'}</td>
- </tr><tr>
- <td colspan='5'><input type='checkbox' name='AGGRMODE' $checked{'AGGRMODE'} />
- $Lang::tr{'vpn aggrmode'}</td>
</tr><tr>
<td colspan='5'><input type='checkbox' name='PFS' $checked{'PFS'} />
$Lang::tr{'pfs yes no'}</td>
&General::readhasharray("${General::swroot}/vpn/config", \%confighash);
$cgiparams{'CA_NAME'} = '';
- my @status = `/usr/sbin/ipsec auto --status`;
+ my @status = `/usr/local/bin/ipsecctrl I 2>/dev/null`;
# suggest a default name for this side
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
$cgiparams{'VPN_DELAYED_START'} = 0 if (! defined ($cgiparams{'VPN_DELAYED_START'}));
$checked{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'} eq 'on' ? "checked='checked'" : '' ;
map ($checked{$_} = $cgiparams{$_} eq 'on' ? "checked='checked'" : '',
- ('ENABLED','ENABLED_GREEN','ENABLED_ORANGE','ENABLED_BLUE','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
- 'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
+ ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
+ 'DBG_DNS'));
&Header::showhttpheaders();
}
&Header::openbox('100%', 'left', $Lang::tr{'global settings'});
- my $checkbox="";
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<tr>
- <td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'local vpn hostname/ip'}:</td>
+ <td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'vpn red name'}:</td>
<td width='20%'><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' /></td>
<td width='20%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'} /></td>
- <td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'vpn on green'}:</td>
- <td width='20%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED_GREEN' $checked{'ENABLED_GREEN'} /></td>
</tr>
END
;
- if ($netsettings{'ORANGE_DEV'} ne '') {
- $checkbox=<<END
- <td class='base' nowrap='nowrap'>$Lang::tr{'vpn on orange'}:</td>
- <td class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'} /></td>
-END
- ;}
-
print <<END
<tr>
<td class='base' nowrap='nowrap'>$Lang::tr{'override mtu'}: <img src='/blob.gif' alt='*' /></td>
<td ><input type='text' name='VPN_OVERRIDE_MTU' value='$cgiparams{'VPN_OVERRIDE_MTU'}' /></td>
- <td></td>
- $checkbox
</tr>
END
;
- if ($netsettings{'BLUE_DEV'} ne '') {
- $checkbox=<<END
- <td class='base' nowrap='nowrap'>$Lang::tr{'vpn on blue'}:</td>
- <td class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'} /></td>
-END
- ;}
print <<END
<tr>
<td class='base' nowrap='nowrap'>$Lang::tr{'vpn delayed start'}: <img src='/blob.gif' alt='*' /><img src='/blob.gif' alt='*' /></td>
<td ><input type='text' name='VPN_DELAYED_START' value='$cgiparams{'VPN_DELAYED_START'}' /></td>
- <td></td>
- $checkbox
</tr>
</table>
<p>$Lang::tr{'vpn watch'}:<input type='checkbox' name='VPN_WATCH' $checked{'VPN_WATCH'} /></p>
parsing:<input type='checkbox' name='DBG_PARSING' $checked{'DBG_PARSING'} />,
emitting:<input type='checkbox' name='DBG_EMITTING' $checked{'DBG_EMITTING'} />,
control:<input type='checkbox' name='DBG_CONTROL' $checked{'DBG_CONTROL'} />,
-klips:<input type='checkbox' name='DBG_KLIPS' $checked{'DBG_KLIPS'} />,
-dns:<input type='checkbox' name='DBG_DNS' $checked{'DBG_DNS'} />,
-nat_t:<input type='checkbox' name='DBG_NAT_T' $checked{'DBG_NAT_T'} /></p>
-
+dns:<input type='checkbox' name='DBG_DNS' $checked{'DBG_DNS'} />
<hr />
<table width='100%'>
<tr>
;
print "</form>";
&Header::closebox();
- undef ($checkbox);
&Header::openbox('100%', 'left', $Lang::tr{'connection status and controlc'});
print <<END
if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
if ($id % 2) {
- print "<tr bgcolor='${Header::table1colour}'>\n";
+ print "<tr bgcolor='$color{'color20'}'>\n";
} else {
- print "<tr bgcolor='${Header::table2colour}'>\n";
+ print "<tr bgcolor='$color{'color22'}'>\n";
}
print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>";
print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
print "<td align='left'> </td>";
}
print "<td align='center'>$confighash{$key}[25]</td>";
+ # get real state
my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
- if ($confighash{$key}[0] eq 'off') {
- $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
- } else {
- foreach my $line (@status) {
- if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) {
- $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
- }
+ foreach my $line (@status) {
+ if (($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) ||
+ ($line =~ / $confighash{$key}[1]\{.*INSTALLED/))
+ {
+ $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
}
}
+ # move to blueif really down
+ if ($confighash{$key}[0] eq 'off' && $active =~ /${Header::colourred}/ ) {
+ $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
+ }
print <<END
<td align='center'>$active</td>
<td align='center'>
my $casubject = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/ca/cacert.pem"));
print <<END
- <tr bgcolor='${Header::table2colour}'>
+ <tr bgcolor='$color{'color22'}'>
<td class='base'>$Lang::tr{'root certificate'}</td>
<td class='base'>$casubject</td>
<td width='3%' align='center'>
} else {
# display rootcert generation buttons
print <<END
- <tr bgcolor='${Header::table2colour}'>
+ <tr bgcolor='$color{'color22'}'>
<td class='base'>$Lang::tr{'root certificate'}:</td>
<td class='base'>$Lang::tr{'not present'}</td>
<td colspan='3'> </td></tr>
my $hostsubject = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/certs/hostcert.pem"));
print <<END
- <tr bgcolor='${Header::table1colour}'>
+ <tr bgcolor='$color{'color20'}'>
<td class='base'>$Lang::tr{'host certificate'}</td>
<td class='base'>$hostsubject</td>
<td width='3%' align='center'>
} else {
# Nothing
print <<END
- <tr bgcolor='${Header::table1colour}'>
+ <tr bgcolor='$color{'color20'}'>
<td width='25%' class='base'>$Lang::tr{'host certificate'}:</td>
<td class='base'>$Lang::tr{'not present'}</td>
<td colspan='3'> </td></tr>
END
;
}
-
+
+ my $rowcolor = 0;
if (keys %cahash > 0) {
- foreach my $key (keys %cahash) {
- if (($key + 1) % 2) {
- print "<tr bgcolor='${Header::table1colour}'>\n";
- } else {
- print "<tr bgcolor='${Header::table2colour}'>\n";
- }
+ foreach my $key (keys %cahash) {
+ if ($rowcolor++ % 2) {
+ print "<tr bgcolor='$color{'color20'}'>\n";
+ } else {
+ print "<tr bgcolor='$color{'color22'}'>\n";
+ }
print "<td class='base'>$cahash{$key}[0]</td>\n";
print "<td class='base'>$cahash{$key}[1]</td>\n";
print <<END
END
;
&Header::closebox();
-
- print "$Lang::tr{'this feature has been sponsored by'} : ";
- print "<a href='http://www.seminolegas.com/' target='_blank'>Seminole Canada Gas Company</a>.\n";
-
&Header::closebigbox();
&Header::closepage();