X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=3785b90a5d6954003584c6f2dcff8171d356dac4;hp=2181a4bf93d01fcac46acac0fa90a07d0cbc9f2a;hb=57ba1e9023b0f1f3499cc888f66827a81574bb41;hpb=cb5e9c6c64d5281eba5c790f14c2e5f3066becbf diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 2181a4bf93..3785b90a5d 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -1,4 +1,23 @@ #!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2011 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### use Net::DNS; use File::Copy; @@ -39,6 +58,17 @@ my %mainsettings = (); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); + +my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"); +my $blue_cidr = "# Blue not defined"; +if ($netsettings{'BLUE_DEV'}) { + $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"); +} +my $orange_cidr = "# Orange not defined"; +if ($netsettings{'ORANGE_DEV'}) { + $orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"); +} + $cgiparams{'ENABLED'} = 'off'; $cgiparams{'EDIT_ADVANCED'} = 'off'; $cgiparams{'ACTION'} = ''; @@ -229,18 +259,18 @@ sub writeipsecfiles { foreach my $key (keys %lconfighash) { next if ($lconfighash{$key}[0] ne 'on'); $interfaces .= "%defaultroute " if ($interfaces !~ /defaultroute/ && $lconfighash{$key}[26] eq 'RED'); - $interfaces .= "ipsec1=$netsettings{'GREEN_DEV'} " if ($interfaces !~ /ipsec1/ && $lconfighash{$key}[26] eq 'GREEN'); - $interfaces .= "ipsec2=$netsettings{'BLUE_DEV'} " if ($interfaces !~ /ipsec2/ && $lconfighash{$key}[26] eq 'BLUE'); - $interfaces .= "ipsec3=$netsettings{'ORANGE_DEV'} " if ($interfaces !~ /ipsec3/ && $lconfighash{$key}[26] eq 'ORANGE'); + $interfaces .= "$netsettings{'GREEN_DEV'} " if ($interfaces !~ /ipsec1/ && $lconfighash{$key}[26] eq 'GREEN'); + $interfaces .= "$netsettings{'BLUE_DEV'} " if ($interfaces !~ /ipsec2/ && $lconfighash{$key}[26] eq 'BLUE'); + $interfaces .= "$netsettings{'ORANGE_DEV'} " if ($interfaces !~ /ipsec3/ && $lconfighash{$key}[26] eq 'ORANGE'); } print CONF $interfaces . "\"\n"; my $plutodebug = ''; # build debug list map ($plutodebug .= $lvpnsettings{$_} eq 'on' ? lc (substr($_,4)).' ' : '', ('DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL', - 'DBG_KLIPS','DBG_DNS','DBG_NAT_T')); + 'DBG_DNS')); $plutodebug = 'none' if $plutodebug eq ''; # if nothing selected, use 'none'. - print CONF "\tklipsdebug=\"none\"\n"; + #print CONF "\tklipsdebug=\"none\"\n"; print CONF "\tplutodebug=\"$plutodebug\"\n"; # deprecated in ipsec.conf version 2 #print CONF "\tplutoload=%search\n"; @@ -249,12 +279,12 @@ sub writeipsecfiles { print CONF "\tnat_traversal=yes\n"; print CONF "\toverridemtu=$lvpnsettings{'VPN_OVERRIDE_MTU'}\n" if ($lvpnsettings{'VPN_OVERRIDE_MTU'} ne ''); print CONF "\tvirtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16"; - print CONF ",%v4:!$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"; + print CONF ",%v4:!$green_cidr"; if (length($netsettings{'ORANGE_DEV'}) > 2) { - print CONF ",%v4:!$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"; + print CONF ",%v4:!$orange_cidr"; } if (length($netsettings{'BLUE_DEV'}) > 2) { - print CONF ",%v4:!$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"; + print CONF ",%v4:!$blue_cidr"; } foreach my $key (keys %lconfighash) { if ($lconfighash{$key}[3] eq 'net') { @@ -264,9 +294,16 @@ sub writeipsecfiles { print CONF "\n\n"; print CONF "conn %default\n"; print CONF "\tkeyingtries=0\n"; - print CONF "\tdisablearrivalcheck=no\n"; + #strongswan doesn't know this + #print CONF "\tdisablearrivalcheck=no\n"; + print CONF "\n"; + + # Add user includes to config file + print CONF "include /etc/ipsec.user.conf\n"; print CONF "\n"; + print SECRETS "include /etc/ipsec.user.secrets\n"; + if (-f "${General::swroot}/certs/hostkey.pem") { print SECRETS ": RSA ${General::swroot}/certs/hostkey.pem\n" } @@ -292,11 +329,15 @@ sub writeipsecfiles { print CONF "conn $lconfighash{$key}[1]\n"; print CONF "\tleft=$localside\n"; print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute'); - print CONF "\tleftsubnet=$lconfighash{$key}[8]\n"; + my $cidr_net=&General::ipcidr($lconfighash{$key}[8]); + print CONF "\tleftsubnet=$cidr_net\n"; + print CONF "\tleftfirewall=yes\n"; + print CONF "\tlefthostaccess=yes\n"; print CONF "\tright=$lconfighash{$key}[10]\n"; if ($lconfighash{$key}[3] eq 'net') { - print CONF "\trightsubnet=$lconfighash{$key}[11]\n"; + my $cidr_net=&General::ipcidr($lconfighash{$key}[11]); + print CONF "\trightsubnet=$cidr_net\n"; print CONF "\trightnexthop=%defaultroute\n"; } elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors? print CONF "\trightsubnet=vhost:%no,%priv\n"; @@ -354,13 +395,16 @@ sub writeipsecfiles { print CONF "\tpfsgroup=$lconfighash{$key}[23]\n"; } + # IKE V1 or V2 + if (! $lconfighash{$key}[29]) { + $lconfighash{$key}[29] = "ikev1"; + } + print CONF "\tkeyexchange=$lconfighash{$key}[29]\n"; + # Lifetimes print CONF "\tikelifetime=$lconfighash{$key}[16]h\n" if ($lconfighash{$key}[16]); print CONF "\tkeylife=$lconfighash{$key}[17]h\n" if ($lconfighash{$key}[17]); - # Aggresive mode - print CONF "\taggrmode=yes\n" if ($lconfighash{$key}[12] eq 'on'); - # Compression print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on'); @@ -432,7 +476,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg map ($vpnsettings{$_} = $cgiparams{$_}, ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL', - 'DBG_KLIPS','DBG_DNS','DBG_NAT_T')); + 'DBG_DNS')); $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'}; $vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'}; @@ -558,6 +602,7 @@ END $cahash{$key}[0] = $cgiparams{'CA_NAME'}; $cahash{$key}[1] = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem")); &General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash); + system('/usr/local/bin/ipsecctrl', 'R'); sleep $sleepDelay; @@ -1246,6 +1291,7 @@ END $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; $cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27]; + $cgiparams{'IKE_VERSION'} = $confighash{$cgiparams{'KEY'}}[29]; $cgiparams{'IKE_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[18]; $cgiparams{'IKE_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[19]; $cgiparams{'IKE_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[20]; @@ -1254,7 +1300,6 @@ END $cgiparams{'ESP_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[22]; $cgiparams{'ESP_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[23]; $cgiparams{'ESP_KEYLIFE'} = $confighash{$cgiparams{'KEY'}}[17]; - $cgiparams{'AGGRMODE'} = $confighash{$cgiparams{'KEY'}}[12]; $cgiparams{'COMPRESSION'} = $confighash{$cgiparams{'KEY'}}[13]; $cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28]; @@ -1342,15 +1387,15 @@ END # Allow nothing or a string (DN,FDQN,) beginning with @ # with no comma but slashes between RID eg @O=FR/C=Paris/OU=myhome/CN=franck - if ( ($cgiparams{'LOCAL_ID'} !~ /^(|[\w.-]*@[\w. =*\/-]+|\d\.\d\.\d\.\d)$/) || - ($cgiparams{'REMOTE_ID'} !~ /^(|[\w.-]*@[\w. =*\/-]+|\d\.\d\.\d\.\d)$/) || + if ( ($cgiparams{'LOCAL_ID'} !~ /^(|[\w.-]*@[\w. =*\/-]+|\d+\.\d+\.\d+\.\d+)$/) || + ($cgiparams{'REMOTE_ID'} !~ /^(|[\w.-]*@[\w. =*\/-]+|\d+\.\d+\.\d+\.\d+)$/) || (($cgiparams{'REMOTE_ID'} eq $cgiparams{'LOCAL_ID'}) && ($cgiparams{'LOCAL_ID'} ne '')) ) { $errormessage = $Lang::tr{'invalid local-remote id'} . '
' . 'DER_ASN1_DN: @c=FR/ou=Paris/ou=Home/cn=*
' . 'FQDN: @ipfire.org
' . 'USER_FQDN: info@ipfire.org
' . - 'IPV4_ADDR: @123.123.123.123'; + 'IPV4_ADDR: 123.123.123.123'; goto VPNCONF_ERROR; } # If Auth is DN, verify existance of Remote ID. @@ -1749,6 +1794,7 @@ END $confighash{$key}[25] = $cgiparams{'REMARK'}; $confighash{$key}[26] = $cgiparams{'INTERFACE'}; $confighash{$key}[27] = $cgiparams{'DPD_ACTION'}; + $confighash{$key}[29] = $cgiparams{'IKE_VERSION'}; #dont forget advanced value $confighash{$key}[18] = $cgiparams{'IKE_ENCRYPTION'}; @@ -1759,7 +1805,7 @@ END $confighash{$key}[22] = $cgiparams{'ESP_INTEGRITY'}; $confighash{$key}[23] = $cgiparams{'ESP_GROUPTYPE'}; $confighash{$key}[17] = $cgiparams{'ESP_KEYLIFE'}; - $confighash{$key}[12] = $cgiparams{'AGGRMODE'}; + $confighash{$key}[12] = 'off'; # $cgiparams{'AGGRMODE'}; $confighash{$key}[13] = $cgiparams{'COMPRESSION'}; $confighash{$key}[24] = $cgiparams{'ONLY_PROPOSED'}; $confighash{$key}[28] = $cgiparams{'PFS'}; @@ -1804,6 +1850,11 @@ END $cgiparams{'DPD_ACTION'} = 'restart'; } + # Default IKE Version to V1 + if (! $cgiparams{'IKE_VERSION'}) { + $cgiparams{'IKE_VERSION'} = 'ikev1'; + } + # Default is yes for 'pfs' $cgiparams{'PFS'} = 'on'; @@ -1820,7 +1871,6 @@ END $cgiparams{'ESP_INTEGRITY'} = 'sha1|md5'; #[22]; $cgiparams{'ESP_GROUPTYPE'} = ''; #[23]; $cgiparams{'ESP_KEYLIFE'} = '8'; #[17]; - $cgiparams{'AGGRMODE'} = 'off'; #[12]; $cgiparams{'COMPRESSION'} = 'off'; #[13]; $cgiparams{'ONLY_PROPOSED'} = 'off'; #[24]; $cgiparams{'PFS'} = 'on'; #[28]; @@ -1855,6 +1905,10 @@ END $selected{'DPD_ACTION'}{'restart'} = ''; $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'"; + $selected{'IKE_VERSION'}{'ikev1'} = ''; + $selected{'IKE_VERSION'}{'ikev2'} = ''; + $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'"; + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -1883,7 +1937,6 @@ END - @@ -1929,13 +1982,18 @@ END $Lang::tr{'remote subnet'} - $Lang::tr{'vpn local id'}: * -
($Lang::tr{'eg'} @xy.example.com) + $Lang::tr{'vpn local id'}:
($Lang::tr{'eg'} @xy.example.com) - $Lang::tr{'vpn remote id'}: * + $Lang::tr{'vpn remote id'}:
+ $Lang::tr{'vpn keyexchange'}: + + $Lang::tr{'dpd action'}: + END @@ -1982,7 +2040,7 @@ END - + @@ -2078,7 +2136,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(aes256|aes128|3des|twofish256|twofish128|serpent256|serpent128|blowfish256|blowfish128|cast128)$/) { + if ($val !~ /^(aes256|aes128|3des)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2100,7 +2158,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(768|1024|1536|2048|3072|4096|6144|8192)$/) { + if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2119,7 +2177,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(aes256|aes128|3des|twofish256|twofish128|serpent256|serpent128|blowfish256|blowfish128)$/) { + if ($val !~ /^(aes256|aes128|3des)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2136,7 +2194,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || } } if ($cgiparams{'ESP_GROUPTYPE'} ne '' && - $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(768|1024|1536|2048|3072|4096)$/) { + $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2151,7 +2209,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || } if ( - ($cgiparams{'AGGRMODE'} !~ /^(|on|off)$/) || ($cgiparams{'COMPRESSION'} !~ /^(|on|off)$/) || ($cgiparams{'ONLY_PROPOSED'} !~ /^(|on|off)$/) || ($cgiparams{'PFS'} !~ /^(|on|off)$/) || @@ -2169,7 +2226,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $confighash{$cgiparams{'KEY'}}[22] = $cgiparams{'ESP_INTEGRITY'}; $confighash{$cgiparams{'KEY'}}[23] = $cgiparams{'ESP_GROUPTYPE'}; $confighash{$cgiparams{'KEY'}}[17] = $cgiparams{'ESP_KEYLIFE'}; - $confighash{$cgiparams{'KEY'}}[12] = $cgiparams{'AGGRMODE'}; + $confighash{$cgiparams{'KEY'}}[12] = 'off'; #$cgiparams{'AGGRMODE'}; $confighash{$cgiparams{'KEY'}}[13] = $cgiparams{'COMPRESSION'}; $confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'}; $confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'}; @@ -2190,7 +2247,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $cgiparams{'ESP_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[22]; $cgiparams{'ESP_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[23]; $cgiparams{'ESP_KEYLIFE'} = $confighash{$cgiparams{'KEY'}}[17]; - $cgiparams{'AGGRMODE'} = $confighash{$cgiparams{'KEY'}}[12]; $cgiparams{'COMPRESSION'} = $confighash{$cgiparams{'KEY'}}[13]; $cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28]; @@ -2205,13 +2261,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'IKE_ENCRYPTION'}{'aes256'} = ''; $checked{'IKE_ENCRYPTION'}{'aes128'} = ''; $checked{'IKE_ENCRYPTION'}{'3des'} = ''; - $checked{'IKE_ENCRYPTION'}{'twofish256'} = ''; - $checked{'IKE_ENCRYPTION'}{'twofish128'} = ''; - $checked{'IKE_ENCRYPTION'}{'serpent256'} = ''; - $checked{'IKE_ENCRYPTION'}{'serpent128'} = ''; - $checked{'IKE_ENCRYPTION'}{'blowfish256'} = ''; - $checked{'IKE_ENCRYPTION'}{'blowfish128'} = ''; - $checked{'IKE_ENCRYPTION'}{'cast128'} = ''; my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'}); foreach my $key (@temp) {$checked{'IKE_ENCRYPTION'}{$key} = "selected='selected'"; } $checked{'IKE_INTEGRITY'}{'sha2_512'} = ''; @@ -2230,15 +2279,14 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'IKE_GROUPTYPE'}{'8192'} = ''; @temp = split('\|', $cgiparams{'IKE_GROUPTYPE'}); foreach my $key (@temp) {$checked{'IKE_GROUPTYPE'}{$key} = "selected='selected'"; } + + # 768 is not supported by strongswan + $checked{'IKE_GROUPTYPE'}{'768'} = ''; + + $checked{'ESP_ENCRYPTION'}{'aes256'} = ''; $checked{'ESP_ENCRYPTION'}{'aes128'} = ''; $checked{'ESP_ENCRYPTION'}{'3des'} = ''; - $checked{'ESP_ENCRYPTION'}{'twofish256'} = ''; - $checked{'ESP_ENCRYPTION'}{'twofish128'} = ''; - $checked{'ESP_ENCRYPTION'}{'serpent256'} = ''; - $checked{'ESP_ENCRYPTION'}{'serpent128'} = ''; - $checked{'ESP_ENCRYPTION'}{'blowfish256'} = ''; - $checked{'ESP_ENCRYPTION'}{'blowfish128'} = ''; @temp = split('\|', $cgiparams{'ESP_ENCRYPTION'}); foreach my $key (@temp) {$checked{'ESP_ENCRYPTION'}{$key} = "selected='selected'"; } $checked{'ESP_INTEGRITY'}{'sha2_512'} = ''; @@ -2247,15 +2295,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'ESP_INTEGRITY'}{'md5'} = ''; @temp = split('\|', $cgiparams{'ESP_INTEGRITY'}); foreach my $key (@temp) {$checked{'ESP_INTEGRITY'}{$key} = "selected='selected'"; } - $checked{'ESP_GROUPTYPE'}{'modp768'} = ''; - $checked{'ESP_GROUPTYPE'}{'modp1024'} = ''; - $checked{'ESP_GROUPTYPE'}{'modp1536'} = ''; - $checked{'ESP_GROUPTYPE'}{'modp2048'} = ''; - $checked{'ESP_GROUPTYPE'}{'modp3072'} = ''; - $checked{'ESP_GROUPTYPE'}{'modp4096'} = ''; $checked{'ESP_GROUPTYPE'}{$cgiparams{'ESP_GROUPTYPE'}} = "selected='selected'"; - $checked{'AGGRMODE'} = $cgiparams{'AGGRMODE'} eq 'on' ? "checked='checked'" : '' ; $checked{'COMPRESSION'} = $cgiparams{'COMPRESSION'} eq 'on' ? "checked='checked'" : '' ; $checked{'ONLY_PROPOSED'} = $cgiparams{'ONLY_PROPOSED'} eq 'on' ? "checked='checked'" : '' ; $checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ; @@ -2291,13 +2332,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || - - - - - - - + @@ -2358,9 +2379,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || - - @@ -2402,7 +2420,7 @@ EOF &General::readhasharray("${General::swroot}/vpn/config", \%confighash); $cgiparams{'CA_NAME'} = ''; - my @status = `/usr/sbin/ipsec auto --status`; + my @status = `/usr/local/bin/ipsecctrl I 2>/dev/null`; # suggest a default name for this side if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") { @@ -2423,7 +2441,7 @@ EOF $checked{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'} eq 'on' ? "checked='checked'" : '' ; map ($checked{$_} = $cgiparams{$_} eq 'on' ? "checked='checked'" : '', ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL', - 'DBG_KLIPS','DBG_DNS','DBG_NAT_T')); + 'DBG_DNS')); &Header::showhttpheaders(); @@ -2467,10 +2485,7 @@ crypt:,  parsing:,  emitting:,  control:,  -klips:,  -dns:,  -nat_t:

- +dns: 
$Lang::tr{'use a pre-shared key'}
$Lang::tr{'upload a certificate request'}		 $Lang::tr{'ike integrity'} @@ -2315,7 +2349,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || -
$Lang::tr{'ike lifetime'} @@ -2329,12 +2362,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || - - - - - - $Lang::tr{'esp integrity'} $Lang::tr{'esp grouptype'}
$Lang::tr{'esp keylife'} $Lang::tr{'hours'}
IKE+ESP: $Lang::tr{'use only proposed settings'}
- $Lang::tr{'vpn aggrmode'}
$Lang::tr{'pfs yes no'}
@@ -2524,7 +2539,9 @@ END # get real state my $active = "
$Lang::tr{'capsclosed'}
"; foreach my $line (@status) { - if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) { + if (($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) || + ($line =~ / $confighash{$key}[1]\{.*INSTALLED/)) + { $active = "
$Lang::tr{'capsopen'}
"; } }