Removed unsupported ipsec debug options and modp768.
authorArne Fitzenreiter <arne_f@ipfire.org>
Sat, 15 May 2010 11:30:19 +0000 (13:30 +0200)
committerArne Fitzenreiter <arne_f@ipfire.org>
Sat, 15 May 2010 11:30:19 +0000 (13:30 +0200)
config/rootfiles/core/38/update.sh
html/cgi-bin/services.cgi [changed mode: 0755->0644]
html/cgi-bin/vpnmain.cgi

index cc424b52c470cb564440b5836fe0bb00a02b0fd8..3c10b716e941c8bd8e037d865e9423f5775ee56e 100644 (file)
@@ -179,10 +179,13 @@ fi
 mv /var/ipfire/vpn/ipsec.conf /var/ipfire/vpn/ipsec.conf.org
 cat /var/ipfire/vpn/ipsec.conf.org | \
 grep -v "disablearrivalcheck=" | \
+grep -v "klipsdebug=" | \
 grep -v "leftfirewall=" | \
 grep -v "charonstart=" | \
 grep -v "aggrmode=" > /var/ipfire/vpn/ipsec.conf
 sed -i "s|ipsec[0-9]=||g" /var/ipfire/vpn/ipsec.conf
+sed -i "s|nat_t ||g" /var/ipfire/vpn/ipsec.conf
+sed -i "s|klips ||g" /var/ipfire/vpn/ipsec.conf
 sed -i "s|^conn [A-Za-z].*$|&\n\tleftfirewall=yes|g" /var/ipfire/vpn/ipsec.conf
 sed -i "s|^config setup$|&\n\tcharonstart=no|g" /var/ipfire/vpn/ipsec.conf
 chown nobody:nobody /var/ipfire/vpn/ipsec.conf
old mode 100755 (executable)
new mode 100644 (file)
index 9cf336c6723f422aa6846285294b06fb16774cf8..28ac30e8ec51234283aee472a8ae681856dd0b70 100644 (file)
@@ -257,9 +257,9 @@ sub writeipsecfiles {
     my $plutodebug = '';                       # build debug list
     map ($plutodebug .= $lvpnsettings{$_} eq 'on' ? lc (substr($_,4)).' ' : '',
        ('DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
-        'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
+        'DBG_DNS'));
     $plutodebug = 'none' if $plutodebug eq '';  # if nothing selected, use 'none'.
-    print CONF "\tklipsdebug=\"none\"\n";
+    #print CONF "\tklipsdebug=\"none\"\n";
     print CONF "\tplutodebug=\"$plutodebug\"\n";
     # deprecated in ipsec.conf version 2
     #print CONF "\tplutoload=%search\n";
@@ -452,7 +452,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 
     map ($vpnsettings{$_} = $cgiparams{$_},
        ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
-        'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
+        'DBG_DNS'));
 
     $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
     $vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'};
@@ -2117,7 +2117,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
            goto ADVANCED_ERROR;
        }
        foreach my $val (@temp) {
-           if ($val !~ /^(768|1024|1536|2048|3072|4096|6144|8192)$/) {
+           if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) {
                $errormessage = $Lang::tr{'invalid input'};
                goto ADVANCED_ERROR;
            }
@@ -2153,7 +2153,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
            }
        }
        if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
-           $cgiparams{'ESP_GROUPTYPE'} !~  /^modp(768|1024|1536|2048|3072|4096)$/) {
+           $cgiparams{'ESP_GROUPTYPE'} !~  /^modp(1024|1536|2048|3072|4096)$/) {
            $errormessage = $Lang::tr{'invalid input'};
            goto ADVANCED_ERROR;
        }
@@ -2238,6 +2238,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
     $checked{'IKE_GROUPTYPE'}{'8192'} = '';
     @temp = split('\|', $cgiparams{'IKE_GROUPTYPE'});
     foreach my $key (@temp) {$checked{'IKE_GROUPTYPE'}{$key} = "selected='selected'"; }
+
+    # 768 is not supported by strongswan
+    $checked{'IKE_GROUPTYPE'}{'768'} = '';
+
+
     $checked{'ESP_ENCRYPTION'}{'aes256'} = '';
     $checked{'ESP_ENCRYPTION'}{'aes128'} = '';
     $checked{'ESP_ENCRYPTION'}{'3des'} = '';
@@ -2303,7 +2308,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
                <option value='2048' $checked{'IKE_GROUPTYPE'}{'2048'}>MODP-2048</option>
                <option value='1536' $checked{'IKE_GROUPTYPE'}{'1536'}>MODP-1536</option>
                <option value='1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024</option>
-               <option value='768'  $checked{'IKE_GROUPTYPE'}{'768'}>MODP-768</option>
                </select></td>
        </tr><tr>
            <td class='boldbase' align='right' valign='top'>$Lang::tr{'ike lifetime'}</td><td class='boldbase' valign='top'>
@@ -2396,7 +2400,7 @@ EOF
     $checked{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'} eq 'on' ? "checked='checked'" : '' ;
     map ($checked{$_} = $cgiparams{$_} eq 'on' ? "checked='checked'" : '',
        ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
-        'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
+        'DBG_DNS'));
 
 
     &Header::showhttpheaders();
@@ -2440,10 +2444,7 @@ crypt:<input type='checkbox' name='DBG_CRYPT' $checked{'DBG_CRYPT'} />,&nbsp;
 parsing:<input type='checkbox' name='DBG_PARSING' $checked{'DBG_PARSING'} />,&nbsp;
 emitting:<input type='checkbox' name='DBG_EMITTING' $checked{'DBG_EMITTING'} />,&nbsp;
 control:<input type='checkbox' name='DBG_CONTROL' $checked{'DBG_CONTROL'} />,&nbsp;
-klips:<input type='checkbox' name='DBG_KLIPS' $checked{'DBG_KLIPS'} />,&nbsp;
-dns:<input type='checkbox' name='DBG_DNS' $checked{'DBG_DNS'} />,&nbsp;
-nat_t:<input type='checkbox' name='DBG_NAT_T' $checked{'DBG_NAT_T'} /></p>
-
+dns:<input type='checkbox' name='DBG_DNS' $checked{'DBG_DNS'} />&nbsp;
 <hr />
 <table width='100%'>
 <tr>