X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=48353ed52dce1a9c5b9672fa8a1f798943a06d56;hp=c9c73274e7a395a620bb75e4e7e71d118dadc165;hb=6c49789edb5d4c24d679fc5e47aed4ac5470b1bf;hpb=0c74362ec6004a33b44e502ff936757b2f688c3b
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index c9c73274e7..48353ed52d 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -248,9 +248,9 @@ sub writeipsecfiles {
foreach my $key (keys %lconfighash) {
next if ($lconfighash{$key}[0] ne 'on');
$interfaces .= "%defaultroute " if ($interfaces !~ /defaultroute/ && $lconfighash{$key}[26] eq 'RED');
- $interfaces .= "ipsec1=$netsettings{'GREEN_DEV'} " if ($interfaces !~ /ipsec1/ && $lconfighash{$key}[26] eq 'GREEN');
- $interfaces .= "ipsec2=$netsettings{'BLUE_DEV'} " if ($interfaces !~ /ipsec2/ && $lconfighash{$key}[26] eq 'BLUE');
- $interfaces .= "ipsec3=$netsettings{'ORANGE_DEV'} " if ($interfaces !~ /ipsec3/ && $lconfighash{$key}[26] eq 'ORANGE');
+ #$interfaces .= "ipsec1=$netsettings{'GREEN_DEV'} " if ($interfaces !~ /ipsec1/ && $lconfighash{$key}[26] eq 'GREEN');
+ #$interfaces .= "ipsec2=$netsettings{'BLUE_DEV'} " if ($interfaces !~ /ipsec2/ && $lconfighash{$key}[26] eq 'BLUE');
+ #$interfaces .= "ipsec3=$netsettings{'ORANGE_DEV'} " if ($interfaces !~ /ipsec3/ && $lconfighash{$key}[26] eq 'ORANGE');
}
print CONF $interfaces . "\"\n";
@@ -264,6 +264,8 @@ sub writeipsecfiles {
# deprecated in ipsec.conf version 2
#print CONF "\tplutoload=%search\n";
#print CONF "\tplutostart=%search\n";
+ #Disable IKEv2 deamon
+ print CONF "\tcharonstart=no\n";
print CONF "\tuniqueids=yes\n";
print CONF "\tnat_traversal=yes\n";
print CONF "\toverridemtu=$lvpnsettings{'VPN_OVERRIDE_MTU'}\n" if ($lvpnsettings{'VPN_OVERRIDE_MTU'} ne '');
@@ -283,7 +285,8 @@ sub writeipsecfiles {
print CONF "\n\n";
print CONF "conn %default\n";
print CONF "\tkeyingtries=0\n";
- print CONF "\tdisablearrivalcheck=no\n";
+ #strongswan doesn't know this
+ #print CONF "\tdisablearrivalcheck=no\n";
print CONF "\n";
if (-f "${General::swroot}/certs/hostkey.pem") {
@@ -312,6 +315,7 @@ sub writeipsecfiles {
print CONF "\tleft=$localside\n";
print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute');
print CONF "\tleftsubnet=$lconfighash{$key}[8]\n";
+ print CONF "\tleftfirewall=yes\n";
print CONF "\tright=$lconfighash{$key}[10]\n";
if ($lconfighash{$key}[3] eq 'net') {
@@ -1948,10 +1952,9 @@ END
| $Lang::tr{'remote subnet'} |
|
- $Lang::tr{'vpn local id'}: 
-
($Lang::tr{'eg'} @xy.example.com) |
+ $Lang::tr{'vpn local id'}:
($Lang::tr{'eg'} @xy.example.com) |
|
- $Lang::tr{'vpn remote id'}: |
+ $Lang::tr{'vpn remote id'}: |
|
|
@@ -2097,7 +2100,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes128|3des|twofish256|twofish128|serpent256|serpent128|blowfish256|blowfish128|cast128)$/) {
+ if ($val !~ /^(aes256|aes128|3des)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2138,7 +2141,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes128|3des|twofish256|twofish128|serpent256|serpent128|blowfish256|blowfish128)$/) {
+ if ($val !~ /^(aes256|aes128|3des)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2224,13 +2227,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'IKE_ENCRYPTION'}{'aes256'} = '';
$checked{'IKE_ENCRYPTION'}{'aes128'} = '';
$checked{'IKE_ENCRYPTION'}{'3des'} = '';
- $checked{'IKE_ENCRYPTION'}{'twofish256'} = '';
- $checked{'IKE_ENCRYPTION'}{'twofish128'} = '';
- $checked{'IKE_ENCRYPTION'}{'serpent256'} = '';
- $checked{'IKE_ENCRYPTION'}{'serpent128'} = '';
- $checked{'IKE_ENCRYPTION'}{'blowfish256'} = '';
- $checked{'IKE_ENCRYPTION'}{'blowfish128'} = '';
- $checked{'IKE_ENCRYPTION'}{'cast128'} = '';
my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'});
foreach my $key (@temp) {$checked{'IKE_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'IKE_INTEGRITY'}{'sha2_512'} = '';
@@ -2252,12 +2248,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'ESP_ENCRYPTION'}{'aes256'} = '';
$checked{'ESP_ENCRYPTION'}{'aes128'} = '';
$checked{'ESP_ENCRYPTION'}{'3des'} = '';
- $checked{'ESP_ENCRYPTION'}{'twofish256'} = '';
- $checked{'ESP_ENCRYPTION'}{'twofish128'} = '';
- $checked{'ESP_ENCRYPTION'}{'serpent256'} = '';
- $checked{'ESP_ENCRYPTION'}{'serpent128'} = '';
- $checked{'ESP_ENCRYPTION'}{'blowfish256'} = '';
- $checked{'ESP_ENCRYPTION'}{'blowfish128'} = '';
@temp = split('\|', $cgiparams{'ESP_ENCRYPTION'});
foreach my $key (@temp) {$checked{'ESP_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'ESP_INTEGRITY'}{'sha2_512'} = '';
@@ -2266,12 +2256,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'ESP_INTEGRITY'}{'md5'} = '';
@temp = split('\|', $cgiparams{'ESP_INTEGRITY'});
foreach my $key (@temp) {$checked{'ESP_INTEGRITY'}{$key} = "selected='selected'"; }
- $checked{'ESP_GROUPTYPE'}{'modp768'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp1024'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp1536'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp2048'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp3072'} = '';
- $checked{'ESP_GROUPTYPE'}{'modp4096'} = '';
$checked{'ESP_GROUPTYPE'}{$cgiparams{'ESP_GROUPTYPE'}} = "selected='selected'";
$checked{'AGGRMODE'} = $cgiparams{'AGGRMODE'} eq 'on' ? "checked='checked'" : '' ;
@@ -2310,13 +2294,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
-
-
-
-
-
-
-
| $Lang::tr{'ike integrity'} |
@@ -2348,12 +2325,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
-
-
-
-
-
- |
$Lang::tr{'esp integrity'} |
|