vpnmain.cgi: Add field for roadwarrior endpoint

This is the IP address or FQDN which will be written into
Apple Configuration profiles as public peer address.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 460fe62cac8072085beb19a900d98250de2c243b..6f03e30a6f7c4b421bd235e4a9feac000547dab6 100644 (file)
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -889,6 +889,8 @@ WARNING: untranslated string: guardian logtarget_file = unknown string
 WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: netbios nameserver daemon = NetBIOS Nameserver Daemon
 WARNING: untranslated string: no entries = No entries at the moment.
 WARNING: untranslated string: optional = Optional

diff --git a/doc/language_issues.en b/doc/language_issues.en
index f093781c6e5cced6f025bd322c67c20304a1e9e1..33c4a1cfb7d8689adc1a2e2a02905085ef3f8ea2 100644 (file)
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1144,9 +1144,11 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: iptmangles = IPTable Mangles

diff --git a/doc/language_issues.es b/doc/language_issues.es
index 5282a66d4b895334d95276176b39861ea3514013..efd020c648e6f64f48fffa06136f1d2399446c76 100644 (file)
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1227,9 +1227,11 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit

diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index aa35ebd708adfb0a5bf1848e0def4132f777fde2..63dbc78fc5f724b0a95532b381284e54da1454b1 100644 (file)
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -924,6 +924,8 @@ WARNING: untranslated string: guardian logtarget_file = unknown string
 WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: pakfire ago = ago.
 WARNING: untranslated string: route config changed = unknown string
 WARNING: untranslated string: routing config added = unknown string

diff --git a/doc/language_issues.it b/doc/language_issues.it
index d26afef65c9bb98de671db2463ec4dfdca137d18..51c5286455be86010748112c717141bb315ab0a4 100644 (file)
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1066,8 +1066,10 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit

diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 75523b52f5402157e67a81fd1b076fb67d5417fc..3e737f8803027500f0a40d7c72922da388bc944b 100644 (file)
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1075,8 +1075,10 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit

diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 1afab9f14aa86391dd99417bc4219014157469ba..b9429d4f4b132f1965679036e7419a8682cb5756 100644 (file)
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1232,9 +1232,11 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit

diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index ed0e78f0baec286fbd47ea4ff75e1a9b1d8ed09c..d2cf8bc76282f2f19b4a50332a3e580983ee9861 100644 (file)
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1230,9 +1230,11 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit

diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index c8aadd6f1736bbb0f2f0b0f88a3c3ad3e328c0bd..a574c9aafc21986d9fe523a809a8a0e96190c461 100644 (file)
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1002,8 +1002,10 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit

diff --git a/doc/language_missings b/doc/language_missings
index 70efc4ad7507e73fed76f53d614dd3565b3a0d39..f34b9d634dc732344db1626891b6fb508d195dd5 100644 (file)
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -40,6 +40,8 @@
 < g.dtm
 < g.lite
 < insert removable device
+< ipsec invalid ip address or fqdn for rw endpoint
+< ipsec roadwarrior endpoint
 < netbios nameserver daemon
 < no entries
 < notes
@@ -541,10 +543,12 @@
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
 < ipsec network
 < ipsec no connections
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -925,6 +929,8 @@
 < download apple profile
 < g.dtm
 < g.lite
+< ipsec invalid ip address or fqdn for rw endpoint
+< ipsec roadwarrior endpoint
 < upload fcdsl.o
 < zoneconf val vlan tag range error
 ############################################################################
@@ -1139,8 +1145,10 @@
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -1550,8 +1558,10 @@
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -2284,10 +2294,12 @@
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
 < ipsec network
 < ipsec no connections
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -3179,10 +3191,12 @@
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
 < ipsec network
 < ipsec no connections
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -3641,8 +3655,10 @@
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 601fc74927b535774912dc7b73d229780d8d36e9..8c6fc193ad3cafeefe912c7dfa885b47213f6537 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -26,6 +26,7 @@ use File::Copy;
 use File::Temp qw/ tempfile tempdir /;
 use strict;
 use Sort::Naturally;
+use Sys::Hostname;
 # enable only the following on debugging purpose
 #use warnings;
 #use CGI::Carp 'fatalsToBrowser';
@@ -112,6 +113,7 @@ $cgiparams{'ROOTCERT_EMAIL'} = '';
 $cgiparams{'ROOTCERT_OU'} = '';
 $cgiparams{'ROOTCERT_CITY'} = '';
 $cgiparams{'ROOTCERT_STATE'} = '';
+$cgiparams{'RW_ENDPOINT'} = '';
 $cgiparams{'RW_NET'} = '';
 $cgiparams{'DPD_DELAY'} = '30';
 $cgiparams{'DPD_TIMEOUT'} = '120';
@@ -507,12 +509,18 @@ if ($ENV{"REMOTE_ADDR"} eq "") {
 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
        &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings);
 
+       if ($cgiparams{'RW_ENDPOINT'} ne '' && !&General::validip($cgiparams{'RW_ENDPOINT'}) && !&General::validfqdn($cgiparams{'RW_ENDPOINT'})) {
+               $errormessage = $Lang::tr{'ipsec invalid ip address or fqdn for rw endpoint'};
+               goto SAVE_ERROR;
+       }
+
        if ( $cgiparams{'RW_NET'} ne '' and !&General::validipandmask($cgiparams{'RW_NET'}) ) {
                $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'};
                goto SAVE_ERROR;
        }
 
        $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
+       $vpnsettings{'RW_ENDPOINT'} = $cgiparams{'RW_ENDPOINT'};
        $vpnsettings{'RW_NET'} = $cgiparams{'RW_NET'};
        &General::writehash("${General::swroot}/vpn/settings", \%vpnsettings);
        &writeipsecfiles();
@@ -1182,6 +1190,10 @@ END
 
 # Export Apple profile to browser
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download apple profile'}) {
+       # Read global configuration
+       &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings);
+
+       # Read connections
        &General::readhasharray("${General::swroot}/vpn/config", \%confighash);
        my $key = $cgiparams{'KEY'};
 
@@ -1209,6 +1221,9 @@ END
        print "Content-Disposition: attachment; filename=" . $confighash{$key}[1] . ".mobileconfig\n";
        print "\n"; # end headers
 
+       # Use our own FQDN if nothing else is configured
+       my $endpoint = ($vpnsettings{'RW_ENDPOINT'} ne "") ? $vpnsettings{'RW_ENDPOINT'} : &hostname();
+
        print "<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n";
        print "<plist version=\"1.0\">\n";
        print " <dict>\n";
@@ -1240,7 +1255,7 @@ END
        print "                         <key>IKEv2</key>\n";
        print "                         <dict>\n";
        print "                                 <key>RemoteAddress</key>\n";
-       print "                                 <string>18.206.152.26</string>\n";
+       print "                                 <string>$endpoint</string>\n";
 
        # Left ID
        if ($confighash{$key}[9]) {
@@ -3081,6 +3096,10 @@ EOF
                                <input type='checkbox' name='ENABLED' $checked{'ENABLED'} />
                        </td>
                </tr>
+               <tr>
+                       <td class='base' nowrap='nowrap' width="60%">$Lang::tr{'ipsec roadwarrior endpoint'}:</td>
+                       <td width="40%"><input type='text' name='RW_ENDPOINT' value='$cgiparams{'RW_ENDPOINT'}' /></td>
+               </tr>
                <tr>
                        <td class='base' nowrap='nowrap' width="60%">$Lang::tr{'host to net vpn'}:</td>
                        <td width="40%"><input type='text' name='RW_NET' value='$cgiparams{'RW_NET'}' /></td>

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index b7cbea6324371ef036842a79e5e2144078496099..87ffd269a72e2c9822094e0387e697ba8d1382ac 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1550,10 +1550,12 @@
 'ipsec interface mode gre' => 'GRE',
 'ipsec interface mode none' => '- None (Default) -',
 'ipsec interface mode vti' => 'VTI',
+'ipsec invalid ip address or fqdn for rw endpoint' => 'Invalid IP address or FQDN for Host-to-Net Endpoint',
 'ipsec mode transport' => 'Transport',
 'ipsec mode tunnel' => 'Tunnel',
 'ipsec network' => 'IPsec network',
 'ipsec no connections' => 'No active IPsec connections',
+'ipsec roadwarrior endpoint' => 'Host-to-Net Endpoint',
 'ipsec routing table entries' => 'IPsec Routing Table Entries',
 'ipsec settings' => 'IPsec Settings',
 'iptable rules' => 'IPTable rules',