$Lang::tr{'enabled'} |
|
- $Lang::tr{'local subnet'} |
-
-
- |
+ |
+ $Lang::tr{'local ip address'}: |
+
+ |
$Lang::tr{'remote host/ip'}: $blob |
|
+
+
+ $Lang::tr{'local subnet'} |
+
+
+ |
$Lang::tr{'remote subnet'} $blob |
-
+
|
@@ -2032,6 +2182,51 @@ END
print "";
&Header::closebox();
+ if ($cgiparams{'TYPE'} eq 'net') {
+ &Header::openbox('100%', 'left', $Lang::tr{'ipsec settings'});
+ print <
+
+
+ $Lang::tr{'mode'}: |
+
+
+ |
+ |
+
+
+
+ $Lang::tr{'interface mode'}: |
+
+
+ |
+
+ $Lang::tr{'ip address'}/$Lang::tr{'subnet mask'}: |
+
+
+ |
+
+
+
+ $Lang::tr{'mtu'}: |
+
+
+ |
+ |
+
+
+
+EOF
+ &Header::closebox();
+ }
+
if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
&Header::openbox('100%', 'left', $Lang::tr{'authentication'});
print <
@@ -2434,6 +2666,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$Lang::tr{'encryption'} |
|
|
@@ -2482,8 +2716,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
-
-
+
+
@@ -2492,8 +2726,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
-
-
+
+
|
@@ -2510,6 +2744,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$Lang::tr{'grouptype'} |
|
|
@@ -2599,6 +2831,14 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
IKE+ESP: $Lang::tr{'use only proposed settings'}
+
+
+
+ |
@@ -2607,9 +2847,21 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$Lang::tr{'pfs yes no'}
|
+
+
+ |
-
+ |
|
-
+ |
|
-EOF
-;
-
- print <
- $Lang::tr{'required field'} |
-
+ | $Lang::tr{'required field'} |
+
|
@@ -2659,22 +2907,6 @@ EOF
my @status = `/usr/local/bin/ipsecctrl I 2>/dev/null`;
- # suggest a default name for this side
- if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
- if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
- my $ipaddr = ;
- close IPADDR;
- chomp ($ipaddr);
- $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
- if ($cgiparams{'VPN_IP'} eq '') {
- $cgiparams{'VPN_IP'} = $ipaddr;
- }
- }
- }
- # no IP found, use %defaultroute
- $cgiparams{'VPN_IP'} ='%defaultroute' if ($cgiparams{'VPN_IP'} eq '');
-
- $cgiparams{'VPN_DELAYED_START'} = 0 if (! defined ($cgiparams{'VPN_DELAYED_START'}));
$checked{'ENABLED'} = $cgiparams{'ENABLED'} eq 'on' ? "checked='checked'" : '';
&Header::showhttpheaders();
@@ -2702,35 +2934,21 @@ EOF
print <
-
-
-
END
;
@@ -2773,13 +2991,22 @@ END
}
print "$confighash{$key}[25] | ";
my $col1="bgcolor='${Header::colourred}'";
- # get real state
my $active = "$Lang::tr{'capsclosed'}";
+ if ($confighash{$key}[33] eq "add") {
+ $col1="bgcolor='${Header::colourorange}'";
+ $active = "$Lang::tr{'vpn wait'}";
+ }
foreach my $line (@status) {
if (($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) ||
($line =~ /$confighash{$key}[1]\{.*INSTALLED/)) {
$col1="bgcolor='${Header::colourgreen}'";
$active = "$Lang::tr{'capsopen'}";
+ } elsif ($line =~ /$confighash{$key}[1]\[.*CONNECTING/) {
+ $col1="bgcolor='${Header::colourorange}'";
+ $active = "$Lang::tr{'vpn connecting'}";
+ } elsif ($line =~ /$confighash{$key}[1]\{.*ROUTED/) {
+ $col1="bgcolor='${Header::colourorange}'";
+ $active = "$Lang::tr{'vpn on-demand'}";
}
}
# move to blue if really down
@@ -3091,6 +3318,8 @@ sub make_algos($$$$$) {
if ($grp =~ m/^e(.*)$/) {
push(@algo, "ecp$1");
+ } elsif ($grp =~ m/curve25519/) {
+ push(@algo, "$grp");
} else {
push(@algo, "modp$grp");
}
@@ -3106,6 +3335,8 @@ sub make_algos($$$$$) {
# noop
} elsif ($grp =~ m/^e(.*)$/) {
push(@algo, "ecp$1");
+ } elsif ($grp =~ m/curve25519/) {
+ push(@algo, "$grp");
} else {
push(@algo, "modp$grp");
}
@@ -3119,13 +3350,19 @@ sub make_algos($$$$$) {
return &array_unique(\@algos);
}
-sub make_subnets($) {
+sub make_subnets($$) {
+ my $direction = shift;
my $subnets = shift;
my @nets = split(/\|/, $subnets);
my @cidr_nets = ();
foreach my $net (@nets) {
my $cidr_net = &General::ipcidr($net);
+
+ # Skip 0.0.0.0/0 for remote because this renders the
+ # while system inaccessible
+ next if (($direction eq "right") && ($cidr_net eq "0.0.0.0/0"));
+
push(@cidr_nets, $cidr_net);
}