From: Arne Fitzenreiter Date: Tue, 26 Jul 2011 06:12:05 +0000 (+0200) Subject: Merge branch 'master' into next X-Git-Tag: v2.9-core53~67 X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=8c4f3d176b15855e3da914569f669bfd70ff9253;hp=67a1b5b843fab82cd0f185a11aeced596fb3c507 Merge branch 'master' into next Conflicts: config/kernel/kernel.config.i586-ipfire-pae config/rootfiles/core/45/meta config/rootfiles/core/46/meta config/rootfiles/core/47/meta config/rootfiles/core/48/meta config/rootfiles/core/52/meta config/rootfiles/oldcore/44/meta config/rootfiles/oldcore/45/meta config/rootfiles/oldcore/46/meta config/rootfiles/oldcore/47/meta doc/language_missings langs/pl/cgi-bin/pl.pl make.sh --- diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 8855e3206e..105feaa0ac 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -3,19 +3,18 @@ net.ipv4.ip_dynaddr = 1 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 -net.ipv4.tcp_sack = 0 -net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_fin_timeout = 30 -net.ipv4.tcp_window_scaling = 0 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 3 +net.ipv4.conf.default.arp_filter = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.default.log_martians = 1 +net.ipv4.conf.all.arp_filter = 1 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae index 17498b7f7c..4b23df337a 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -96,7 +96,6 @@ CONFIG_RCU_FANOUT=32 # CONFIG_IKCONFIG is not set CONFIG_LOG_BUF_SHIFT=17 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y -# CONFIG_GROUP_SCHED is not set # CONFIG_CGROUPS is not set CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y @@ -203,8 +202,9 @@ CONFIG_HIGH_RES_TIMERS=y CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_SMP=y CONFIG_SPARSE_IRQ=y +CONFIG_NUMA_IRQ_DESC=y CONFIG_X86_MPPARSE=y -# CONFIG_X86_BIGSMP is not set +CONFIG_X86_BIGSMP=y CONFIG_X86_EXTENDED_PLATFORM=y # CONFIG_X86_ELAN is not set # CONFIG_X86_MRST is not set @@ -280,10 +280,10 @@ CONFIG_HPET_EMULATE_RTC=y CONFIG_DMI=y # CONFIG_IOMMU_HELPER is not set CONFIG_IOMMU_API=y -CONFIG_NR_CPUS=8 -CONFIG_IRQ_TIME_ACCOUNTING=y +CONFIG_NR_CPUS=256 CONFIG_SCHED_SMT=y CONFIG_SCHED_MC=y +CONFIG_IRQ_TIME_ACCOUNTING=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set @@ -314,19 +314,29 @@ CONFIG_PAGE_OFFSET=0xC0000000 CONFIG_HIGHMEM=y CONFIG_X86_PAE=y CONFIG_ARCH_PHYS_ADDR_T_64BIT=y -CONFIG_ARCH_FLATMEM_ENABLE=y +CONFIG_NUMA=y +CONFIG_NODES_SHIFT=3 +CONFIG_HAVE_ARCH_BOOTMEM=y +CONFIG_ARCH_HAVE_MEMORY_PRESENT=y +CONFIG_NEED_NODE_MEMMAP_SIZE=y +CONFIG_HAVE_ARCH_ALLOC_REMAP=y +CONFIG_ARCH_DISCONTIGMEM_ENABLE=y +CONFIG_ARCH_DISCONTIGMEM_DEFAULT=y CONFIG_ARCH_SPARSEMEM_ENABLE=y CONFIG_ARCH_SELECT_MEMORY_MODEL=y CONFIG_ILLEGAL_POINTER_VALUE=0 CONFIG_SELECT_MEMORY_MODEL=y -CONFIG_FLATMEM_MANUAL=y -# CONFIG_DISCONTIGMEM_MANUAL is not set +# CONFIG_FLATMEM_MANUAL is not set +CONFIG_DISCONTIGMEM_MANUAL=y # CONFIG_SPARSEMEM_MANUAL is not set -CONFIG_FLATMEM=y +CONFIG_DISCONTIGMEM=y CONFIG_FLAT_NODE_MEM_MAP=y +CONFIG_NEED_MULTIPLE_NODES=y +CONFIG_HAVE_MEMORY_PRESENT=y CONFIG_SPARSEMEM_STATIC=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_MIGRATION=y CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_ZONE_DMA_FLAG=1 CONFIG_BOUNCE=y @@ -363,6 +373,7 @@ CONFIG_HOTPLUG_CPU=y CONFIG_COMPAT_VDSO=y # CONFIG_CMDLINE_BOOL is not set CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +# CONFIG_HAVE_ARCH_EARLY_PFN_TO_NID is not set # # Power management and ACPI options @@ -392,6 +403,7 @@ CONFIG_ACPI_PROCESSOR=m CONFIG_ACPI_HOTPLUG_CPU=y CONFIG_ACPI_PROCESSOR_AGGREGATOR=m CONFIG_ACPI_THERMAL=m +# CONFIG_ACPI_NUMA is not set CONFIG_ACPI_CUSTOM_DSDT_FILE="" # CONFIG_ACPI_CUSTOM_DSDT is not set CONFIG_ACPI_BLACKLIST_YEAR=0 diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2 index 970598e38e..2eab3b5e72 100644 --- a/config/rootfiles/common/apache2 +++ b/config/rootfiles/common/apache2 @@ -1404,6 +1404,7 @@ srv/web/ipfire/cgi-bin/pppsetup.cgi srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/qos.cgi srv/web/ipfire/cgi-bin/remote.cgi +srv/web/ipfire/cgi-bin/routing.cgi srv/web/ipfire/cgi-bin/services.cgi srv/web/ipfire/cgi-bin/speed.cgi srv/web/ipfire/cgi-bin/system.cgi diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs index 6e5d7caec1..adab51bc1e 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -18,6 +18,7 @@ usr/local/bin/outgoingfwctrl usr/local/bin/pakfire usr/local/bin/qosctrl usr/local/bin/rebuildhosts +usr/local/bin/rebuildroutes usr/local/bin/redctrl #usr/local/bin/sambactrl usr/local/bin/setaliases diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan index df093b0751..6e97b170fd 100644 --- a/config/rootfiles/common/strongswan +++ b/config/rootfiles/common/strongswan @@ -40,6 +40,9 @@ usr/libexec/ipsec/plugins/libstrongswan-aes.so #usr/libexec/ipsec/plugins/libstrongswan-attr.a #usr/libexec/ipsec/plugins/libstrongswan-attr.la usr/libexec/ipsec/plugins/libstrongswan-attr.so +#usr/libexec/ipsec/plugins/libstrongswan-constraints.a +#usr/libexec/ipsec/plugins/libstrongswan-constraints.la +usr/libexec/ipsec/plugins/libstrongswan-constraints.so #usr/libexec/ipsec/plugins/libstrongswan-curl.a #usr/libexec/ipsec/plugins/libstrongswan-curl.la usr/libexec/ipsec/plugins/libstrongswan-curl.so @@ -118,14 +121,11 @@ usr/sbin/ipsec #usr/share/man/man3/anyaddr.3 #usr/share/man/man3/atoaddr.3 #usr/share/man/man3/atoasr.3 -#usr/share/man/man3/atosa.3 #usr/share/man/man3/atoul.3 #usr/share/man/man3/goodmask.3 #usr/share/man/man3/initaddr.3 #usr/share/man/man3/initsubnet.3 -#usr/share/man/man3/keyblobtoid.3 #usr/share/man/man3/portof.3 -#usr/share/man/man3/prng.3 #usr/share/man/man3/rangetosubnet.3 #usr/share/man/man3/sameaddr.3 #usr/share/man/man3/subnetof.3 @@ -136,13 +136,11 @@ usr/sbin/ipsec #usr/share/man/man5/ipsec.conf.5 #usr/share/man/man5/ipsec.secrets.5 #usr/share/man/man5/strongswan.conf.5 -#usr/share/man/man8/_copyright.8 #usr/share/man/man8/_updown.8 #usr/share/man/man8/_updown_espmark.8 #usr/share/man/man8/ipsec.8 #usr/share/man/man8/openac.8 #usr/share/man/man8/pluto.8 #usr/share/man/man8/scepclient.8 -#usr/share/man/man8/starter.8 etc/ipsec.user.conf etc/ipsec.user.secrets diff --git a/config/rootfiles/core/next/exclude b/config/rootfiles/core/next/exclude new file mode 100644 index 0000000000..c2bceb8667 --- /dev/null +++ b/config/rootfiles/core/next/exclude @@ -0,0 +1,6 @@ +etc/udev/rules.d/30-persistent-network.rules +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +var/updatecache diff --git a/config/rootfiles/core/next/filelists/crda b/config/rootfiles/core/next/filelists/crda new file mode 120000 index 0000000000..d68c46e55b --- /dev/null +++ b/config/rootfiles/core/next/filelists/crda @@ -0,0 +1 @@ +../../../common/crda \ No newline at end of file diff --git a/config/rootfiles/core/next/filelists/dracut b/config/rootfiles/core/next/filelists/dracut new file mode 120000 index 0000000000..160869946d --- /dev/null +++ b/config/rootfiles/core/next/filelists/dracut @@ -0,0 +1 @@ +../../../common/dracut \ No newline at end of file diff --git a/config/rootfiles/core/next/filelists/files b/config/rootfiles/core/next/filelists/files new file mode 100644 index 0000000000..30727a506e --- /dev/null +++ b/config/rootfiles/core/next/filelists/files @@ -0,0 +1,13 @@ +etc/sysctl.conf +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/extrahd.cgi +srv/web/ipfire/cgi-bin/index.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi +var/ipfire/langs/de.pl +var/ipfire/langs/en.pl +var/ipfire/langs/es.pl +var/ipfire/langs/fr.pl +var/ipfire/langs/pl.pl +usr/local/bin/ipsecctrl +usr/local/bin/vpn-watch diff --git a/config/rootfiles/core/next/filelists/gmp b/config/rootfiles/core/next/filelists/gmp new file mode 120000 index 0000000000..8662a8982f --- /dev/null +++ b/config/rootfiles/core/next/filelists/gmp @@ -0,0 +1 @@ +../../../common/gmp \ No newline at end of file diff --git a/config/rootfiles/core/next/filelists/grub b/config/rootfiles/core/next/filelists/grub new file mode 120000 index 0000000000..050745c10d --- /dev/null +++ b/config/rootfiles/core/next/filelists/grub @@ -0,0 +1 @@ +../../../common/grub \ No newline at end of file diff --git a/config/rootfiles/core/next/filelists/iw b/config/rootfiles/core/next/filelists/iw new file mode 120000 index 0000000000..7c58a2089a --- /dev/null +++ b/config/rootfiles/core/next/filelists/iw @@ -0,0 +1 @@ +../../../common/iw \ No newline at end of file diff --git a/config/rootfiles/core/next/filelists/linux b/config/rootfiles/core/next/filelists/linux new file mode 120000 index 0000000000..c469fe1886 --- /dev/null +++ b/config/rootfiles/core/next/filelists/linux @@ -0,0 +1 @@ +../../../common/linux \ No newline at end of file diff --git a/config/rootfiles/core/next/filelists/linux-firmware b/config/rootfiles/core/next/filelists/linux-firmware new file mode 120000 index 0000000000..4bf91bca9f --- /dev/null +++ b/config/rootfiles/core/next/filelists/linux-firmware @@ -0,0 +1 @@ +../../../common/linux-firmware \ No newline at end of file diff --git a/config/rootfiles/core/next/filelists/strongswan b/config/rootfiles/core/next/filelists/strongswan new file mode 120000 index 0000000000..90c727e265 --- /dev/null +++ b/config/rootfiles/core/next/filelists/strongswan @@ -0,0 +1 @@ +../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/next/filelists/wireless-regdb b/config/rootfiles/core/next/filelists/wireless-regdb new file mode 120000 index 0000000000..c9205b3cf2 --- /dev/null +++ b/config/rootfiles/core/next/filelists/wireless-regdb @@ -0,0 +1 @@ +../../../common/wireless-regdb \ No newline at end of file diff --git a/config/rootfiles/core/next/filelists/zd1211-firmware b/config/rootfiles/core/next/filelists/zd1211-firmware new file mode 120000 index 0000000000..33985ced88 --- /dev/null +++ b/config/rootfiles/core/next/filelists/zd1211-firmware @@ -0,0 +1 @@ +../../../common/zd1211-firmware \ No newline at end of file diff --git a/config/rootfiles/core/next/meta b/config/rootfiles/core/next/meta new file mode 100644 index 0000000000..d547fa86fa --- /dev/null +++ b/config/rootfiles/core/next/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/next/update.sh b/config/rootfiles/core/next/update.sh new file mode 100644 index 0000000000..38a1f7821a --- /dev/null +++ b/config/rootfiles/core/next/update.sh @@ -0,0 +1,167 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2011 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 +# +KVER="xxxKVERxxx" +MOUNT=`grep "kernel" /boot/grub/grub.conf | tail -n 1` +# Nur den letzten Parameter verwenden +echo $MOUNT > /dev/null +MOUNT=$_ +if [ ! $MOUNT == "rw" ]; then + MOUNT="ro" +fi + + +# +# check if we the backup file already exist +if [ -e /var/ipfire/backup/core-upgrade_$KVER.tar.bz2 ]; then + echo Moving backup to backup-old ... + mv -f /var/ipfire/backup/core-upgrade_$KVER.tar.bz2 \ + /var/ipfire/backup/core-upgrade_$KVER-old.tar.bz2 +fi +echo First we made a backup of all files that was inside of the +echo update archive. This may take a while ... +# Add some files that are not in the package to backup +echo lib/modules >> /opt/pakfire/tmp/ROOTFILES +echo boot >> /opt/pakfire/tmp/ROOTFILES + +# Backup the files +tar cjvf /var/ipfire/backup/core-upgrade_$KVER.tar.bz2 \ + -C / -T /opt/pakfire/tmp/ROOTFILES --exclude='#*' > /dev/null 2>&1 + +echo +echo Update Kernel to $KVER ... +# Remove old kernel, configs, initrd, modules ... +# +rm -rf /boot/System.map-* +rm -rf /boot/config-* +rm -rf /boot/ipfirerd-* +rm -rf /boot/vmlinuz-* +rm -rf /lib/modules/*-ipfire +# +# Backup grub.conf +# +cp -vf /boot/grub/grub.conf /boot/grub/grub.conf.org + +# +# Stop services to save memory +# +/etc/init.d/snort stop +/etc/init.d/squid stop +/etc/init.d/ipsec stop + +# +# Unpack the updated files +# +echo +echo Unpack the updated files ... +# +tar xvf /opt/pakfire/tmp/files --preserve --numeric-owner -C / \ + --no-overwrite-dir + +# +# Enable ralink rt73 hardware encryption again +rm -f /etc/modprobe.d/ralink_wireless + +# +# Start services +# +/etc/init.d/squid start +/etc/init.d/snort start +if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then + /etc/init.d/ipsec start +fi + +# +# Modify grub.conf +# +echo +echo Update grub configuration ... +ROOT=`mount | grep " / " | cut -d" " -f1` +if [ ! -z $ROOT ]; then + ROOTUUID=`blkid -c /dev/null -sUUID $ROOT | cut -d'"' -f2` +fi +if [ ! -z $ROOTUUID ]; then + sed -i "s|ROOT|UUID=$ROOTUUID|g" /boot/grub/grub.conf +else + sed -i "s|ROOT|$ROOT|g" /boot/grub/grub.conf +fi +sed -i "s|KVER|$KVER|g" /boot/grub/grub.conf +sed -i "s|MOUNT|$MOUNT|g" /boot/grub/grub.conf + +if [ "$(grep "^serial" /boot/grub/grub.conf.org)" == "" ]; then + echo "grub use default console ..." +else + echo "grub use serial console ..." + sed -i -e "s|splashimage|#splashimage|g" /boot/grub/grub.conf + sed -i -e "s|#serial|serial|g" /boot/grub/grub.conf + sed -i -e "s|#terminal|terminal|g" /boot/grub/grub.conf + sed -i -e "s| panic=10 | console=ttyS0,38400n8 panic=10 |g" /boot/grub/grub.conf +fi +# +# ReInstall grub +# +grub-install --no-floppy ${ROOT::`expr length $ROOT`-1} --recheck +# +# Rebuild Language +# +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" +# +# Delete old lm-sensor modullist to force search at next boot +# +rm -rf /etc/sysconfig/lm_sensors +## +## Change version of Pakfire.conf +## +#OLDVERSION=`grep "version = " /opt/pakfire/etc/pakfire.conf | cut -d'"' -f2` +#NEWVERSION="2.9" +#sed -i "s|$OLDVERSION|$NEWVERSION|g" /opt/pakfire/etc/pakfire.conf +## +## After pakfire has ended run it again and update the lists and do upgrade +## +#echo '#!/bin/bash' > /tmp/pak_update +#echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update +#echo ' sleep 1' >> /tmp/pak_update +#echo 'done' >> /tmp/pak_update +#echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update +#echo ' sleep 1' >> /tmp/pak_update +#echo 'done' >> /tmp/pak_update +#echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update +#echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +#echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +#echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +#echo '/usr/bin/logger -p syslog.emerg -t core-upgrade-44 "Upgrade finished. If you use a customized grub.cfg"' >> /tmp/pak_update +#echo '/usr/bin/logger -p syslog.emerg -t core-upgrade-44 "Check it before reboot !!!"' >> /tmp/pak_update +#echo '/usr/bin/logger -p syslog.emerg -t core-upgrade-44 " *** Please reboot... *** "' >> /tmp/pak_update +#echo 'touch /var/run/need_reboot ' >> /tmp/pak_update +# +#chmod +x /tmp/pak_update +#/tmp/pak_update & +#echo +#echo Please wait until pakfire has ended... +#echo +/usr/bin/logger -p syslog.emerg -t core-upgrade-next "Upgrade finished. If you use a customized grub.cfg" +/usr/bin/logger -p syslog.emerg -t core-upgrade-next "Check it before reboot !!!" +/usr/bin/logger -p syslog.emerg -t core-upgrade-next " *** Please reboot... *** " diff --git a/config/rootfiles/packages/qemu b/config/rootfiles/packages/qemu index d061319fdd..f04fdfbed7 100644 --- a/config/rootfiles/packages/qemu +++ b/config/rootfiles/packages/qemu @@ -14,6 +14,7 @@ usr/bin/qemu-nbd usr/share/qemu usr/share/qemu/bamboo.dtb usr/share/qemu/bios.bin +usr/share/qemu/extboot.bin usr/share/qemu/gpxe-eepro100-80861209.rom usr/share/qemu/keymaps usr/share/qemu/keymaps/ar @@ -64,6 +65,7 @@ usr/share/qemu/pxe-pcnet.bin usr/share/qemu/pxe-rtl8139.bin usr/share/qemu/pxe-virtio.bin usr/share/qemu/s390-zipl.rom +usr/share/qemu/vapic.bin usr/share/qemu/vgabios-cirrus.bin usr/share/qemu/vgabios-qxl.bin usr/share/qemu/vgabios-stdvga.bin diff --git a/doc/language_issues.de b/doc/language_issues.de index d59f1f3ddc..52324ceba5 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -144,6 +144,8 @@ WARNING: translation string unused: error external access WARNING: translation string unused: expected WARNING: translation string unused: exportkey WARNING: translation string unused: external access rule changed +WARNING: translation string unused: extrahd unable to read +WARNING: translation string unused: extrahd unable to write WARNING: translation string unused: filename WARNING: translation string unused: firewall graphs WARNING: translation string unused: firewall log viewer @@ -462,3 +464,7 @@ WARNING: untranslated string: bytes WARNING: untranslated string: new WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: qos add subclass +WARNING: untranslated string: route config changed +WARNING: untranslated string: routing config added +WARNING: untranslated string: routing config changed +WARNING: untranslated string: routing table diff --git a/doc/language_issues.en b/doc/language_issues.en index 3df8ad2725..14e47d9956 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -168,6 +168,8 @@ WARNING: translation string unused: error external access WARNING: translation string unused: expected WARNING: translation string unused: exportkey WARNING: translation string unused: external access rule changed +WARNING: translation string unused: extrahd unable to read +WARNING: translation string unused: extrahd unable to write WARNING: translation string unused: filename WARNING: translation string unused: firewall graphs WARNING: translation string unused: firewall log viewer @@ -494,3 +496,7 @@ WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes WARNING: untranslated string: new WARNING: untranslated string: outgoing firewall reserved groupname +WARNING: untranslated string: route config changed +WARNING: untranslated string: routing config added +WARNING: untranslated string: routing config changed +WARNING: untranslated string: routing table diff --git a/doc/language_issues.es b/doc/language_issues.es index ae69c6faba..456eb1f28c 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -168,6 +168,8 @@ WARNING: translation string unused: error external access WARNING: translation string unused: expected WARNING: translation string unused: exportkey WARNING: translation string unused: external access rule changed +WARNING: translation string unused: extrahd unable to read +WARNING: translation string unused: extrahd unable to write WARNING: translation string unused: filename WARNING: translation string unused: firewall graphs WARNING: translation string unused: firewall log viewer @@ -530,4 +532,9 @@ WARNING: untranslated string: outgoing firewall p2p description 3 WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing firewall view group WARNING: untranslated string: pakfire ago +WARNING: untranslated string: route config changed +WARNING: untranslated string: routing config added +WARNING: untranslated string: routing config changed +WARNING: untranslated string: routing table WARNING: untranslated string: system information +WARNING: untranslated string: vpn keyexchange diff --git a/doc/language_issues.fr b/doc/language_issues.fr index cb58f42022..784bf382c2 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -168,7 +168,8 @@ WARNING: translation string unused: error external access WARNING: translation string unused: expected WARNING: translation string unused: exportkey WARNING: translation string unused: external access rule changed -WARNING: translation string unused: extrahd founded drives +WARNING: translation string unused: extrahd unable to read +WARNING: translation string unused: extrahd unable to write WARNING: translation string unused: filename WARNING: translation string unused: firewall graphs WARNING: translation string unused: firewall log viewer @@ -496,7 +497,6 @@ WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes WARNING: untranslated string: dns address deleted txt -WARNING: untranslated string: extrahd detected drives WARNING: untranslated string: fireinfo ipfire version WARNING: untranslated string: fireinfo is disabled WARNING: untranslated string: fireinfo is enabled @@ -520,11 +520,16 @@ WARNING: untranslated string: ntp common settings WARNING: untranslated string: ntp sync WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: pakfire ago +WARNING: untranslated string: route config changed +WARNING: untranslated string: routing config added +WARNING: untranslated string: routing config changed +WARNING: untranslated string: routing table WARNING: untranslated string: snort working WARNING: untranslated string: system information WARNING: untranslated string: upload new ruleset WARNING: untranslated string: urlfilter file ext block WARNING: untranslated string: urlfilter mode block +WARNING: untranslated string: vpn keyexchange WARNING: untranslated string: wlanap access point WARNING: untranslated string: wlanap channel WARNING: untranslated string: wlanap debugging diff --git a/doc/language_issues.pl b/doc/language_issues.pl index ae69c6faba..456eb1f28c 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -168,6 +168,8 @@ WARNING: translation string unused: error external access WARNING: translation string unused: expected WARNING: translation string unused: exportkey WARNING: translation string unused: external access rule changed +WARNING: translation string unused: extrahd unable to read +WARNING: translation string unused: extrahd unable to write WARNING: translation string unused: filename WARNING: translation string unused: firewall graphs WARNING: translation string unused: firewall log viewer @@ -530,4 +532,9 @@ WARNING: untranslated string: outgoing firewall p2p description 3 WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing firewall view group WARNING: untranslated string: pakfire ago +WARNING: untranslated string: route config changed +WARNING: untranslated string: routing config added +WARNING: untranslated string: routing config changed +WARNING: untranslated string: routing table WARNING: untranslated string: system information +WARNING: untranslated string: vpn keyexchange diff --git a/doc/language_missings b/doc/language_missings index 0ddcb9582a..3de5aec9e0 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -11,7 +11,6 @@ # Checking cgi-bin translations for language: fr # ############################################################################ < dns address deleted txt -< extrahd detected drives < fireinfo ipfire version < fireinfo is disabled < fireinfo is enabled @@ -37,6 +36,7 @@ < upload new ruleset < urlfilter file ext block < urlfilter mode block +< vpn keyexchange < wlanap access point < wlanap channel < wlanap debugging @@ -98,10 +98,21 @@ < outgoing firewall view group < Set time on boot < system information +< vpn keyexchange ############################################################################ # Checking install/setup translations for language: pl # ############################################################################ ############################################################################ # Checking cgi-bin translations for language: pl # ############################################################################ +< extrahd because there is already a device mounted +< extrahd cant umount +< extrahd install or load driver +< extrahd maybe the device is in use +< extrahd to +< extrahd to root +< extrahd unable to read +< extrahd unable to write +< extrahd you cant mount < minute +< vpn keyexchange diff --git a/html/cgi-bin/extrahd.cgi b/html/cgi-bin/extrahd.cgi index 3bb6afd8de..86b0de5c37 100644 --- a/html/cgi-bin/extrahd.cgi +++ b/html/cgi-bin/extrahd.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2010 IPFire Team # +# Copyright (C) 2011 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -79,11 +79,11 @@ if ($extrahdsettings{'ACTION'} eq $Lang::tr{'add'}) @deviceline = split( /\;/, $deviceentry ); if ( "$extrahdsettings{'PATH'}" eq "$deviceline[2]" ) { $ok = "false"; - $errormessage = "You can't mount $extrahdsettings{'DEVICE'} to $extrahdsettings{'PATH'}, because there is already a device mounted."; + $errormessage = "$Lang::tr{'extrahd you cant mount'} $extrahdsettings{'DEVICE'} $Lang::tr{'extrahd to'} $extrahdsettings{'PATH'}$Lang::tr{'extrahd because there is already a device mounted'}."; } if ( "$extrahdsettings{'PATH'}" eq "/" ) { $ok = "false"; - $errormessage = "You can't mount $extrahdsettings{'DEVICE'} to root /."; + $errormessage = "$Lang::tr{'extrahd you cant mount'} $extrahdsettings{'DEVICE'} $Lang::tr{'extrahd to root'}."; } } @@ -113,7 +113,7 @@ elsif ($extrahdsettings{'ACTION'} eq $Lang::tr{'delete'}) } close FILE; } else { - $errormessage = "Can't umount $extrahdsettings{'PATH'}. Maybe the device is in use?"; + $errormessage = "$Lang::tr{'extrahd cant umount'} $extrahdsettings{'PATH'}$Lang::tr{'extrahd maybe the device is in use'}?"; } } @@ -143,10 +143,10 @@ END $color=$Header::colourgreen; } print <  - $deviceline[0] - $deviceline[1] - $deviceline[2] +   + $deviceline[0] + $deviceline[1] + $deviceline[2]
@@ -154,7 +154,7 @@ END -
+ END ; } @@ -179,21 +179,26 @@ END foreach $scanentry (sort @scans) { @scanline = split( /\;/, $scanentry ); - print <  - /dev/$scanline[0] - $scanline[1] + # remove wrong entries like usb controller name + if ($scanline[1] ne "\n") + { + print <  + /dev/$scanline[0] + $scanline[1] END ; + + } foreach $partitionentry (sort @partitions) { @partitionline = split( /\;/, $partitionentry ); if ( "$partitionline[0]" eq "$scanline[0]" ) { $size = int($partitionline[1] / 1024); print <$Lang::tr{'size'} $size MB -   -   + $Lang::tr{'size'} $size MB +   +   END ; } @@ -206,24 +211,27 @@ END $size = int($partitionline[1] / 1024); print < - UUID=$partitionline[2] + UUID=$partitionline[2] /dev/$partitionline[0] - $Lang::tr{'size'} $size MB + $Lang::tr{'size'} $size MB - + + - + +END +; END ; @@ -232,7 +240,9 @@ END } print <If your device isn't listed here, you need to install or load the driver.
If you can see your device but no partitions you have to create them first. +   +   + $Lang::tr{'extrahd install or load driver'} END ; diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index 0dcadb0b22..b325250a58 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -369,7 +369,9 @@ END $active = "
$Lang::tr{'capsclosed'}
"; } else { foreach my $line (@status) { - if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) { + if (($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) || + ($line =~/$confighash{$key}[1]\{.*INSTALLED/ )) + { $active = "
$Lang::tr{'capsopen'}
"; } } diff --git a/html/cgi-bin/outgoinggrp.cgi b/html/cgi-bin/outgoinggrp.cgi index e757ca08af..1c3d6952cd 100644 --- a/html/cgi-bin/outgoinggrp.cgi +++ b/html/cgi-bin/outgoinggrp.cgi @@ -87,6 +87,8 @@ if ($outgrpsettings{'ACTION'} eq 'newipgroup') if ( -e "$configpath/macgroups/$outgrpsettings{'ipgroup'}" ){ $errormessage = "$Lang::tr{'outgoing firewall group error'}"; + } elsif ( $outgrpsettings{'ipgroup'} =~ /\W/ ){ + $errormessage = $Lang::tr{'name must only contain characters'}." - ".$outgrpsettings{'ipgroup'}; } elsif ( $outgrpsettings{'ipgroup'} eq "all" || $outgrpsettings{'ipgroup'} eq "red" || $outgrpsettings{'ipgroup'} eq "blue" || $outgrpsettings{'ipgroup'} eq "green" || $outgrpsettings{'ipgroup'} eq "orange" || $outgrpsettings{'ipgroup'} eq "ip" || $outgrpsettings{'ipgroup'} eq "mac" || $outgrpsettings{'ipgroup'} eq "ovpn" || $outgrpsettings{'ipgroup'} eq "ipsec" ) { @@ -112,6 +114,8 @@ if ($outgrpsettings{'ACTION'} eq 'newmacgroup') if ( -e "$configpath/ipgroups/$outgrpsettings{'macgroup'}" ){ $errormessage = "$Lang::tr{'outgoing firewall group error'}"; + } elsif ( $outgrpsettings{'macgroup'} =~ /\W/ ){ + $errormessage = $Lang::tr{'name must only contain characters'}." - ".$outgrpsettings{'macgroup'}; } elsif ( $outgrpsettings{'macgroup'} eq "all" || $outgrpsettings{'macgroup'} eq "red" || $outgrpsettings{'macgroup'} eq "blue" || $outgrpsettings{'macgroup'} eq "green" || $outgrpsettings{'macgroup'} eq "orange" || $outgrpsettings{'macgroup'} eq "ip" || $outgrpsettings{'macgroup'} eq "mac" || $outgrpsettings{'macgroup'} eq "ovpn" || $outgrpsettings{'macgroup'} eq "ipsec" ) { diff --git a/html/cgi-bin/routing.cgi b/html/cgi-bin/routing.cgi new file mode 100644 index 0000000000..86e04293a4 --- /dev/null +++ b/html/cgi-bin/routing.cgi @@ -0,0 +1,446 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2011 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +use strict; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +#workaround to suppress a warning when a variable is used only once +my @dummy = ( ${Header::colouryellow} ); +undef (@dummy); + +# Files used +my $setting = "${General::swroot}/main/settings"; +our $datafile = "${General::swroot}/main/routing"; #(our: used in subroutine) + +my %color = (); +my %mainsettings = (); +&General::readhash("${General::swroot}/main/settings", \%mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); + +our %settings = (); + +$settings{'EN'} = ''; # reuse for dummy field in position zero +$settings{'IP'} = ''; +$settings{'GATEWAY'} = ''; +$settings{'REMARK'} = ''; +my @nosaved=('EN','IP','GATEWAY','REMARK'); # List here ALL setting2 fields. Mandatory + +$settings{'ACTION'} = ''; # add/edit/remove +$settings{'KEY1'} = ''; # point record for ACTION + +#Define each field that can be used to sort columns +my $sortstring='^IP|^GATEWAY|^REMARK'; +$settings{'SORT_GATEWAYLIST'} = 'GATEWAY'; +my $errormessage = ''; +my $warnmessage = ''; + +&Header::showhttpheaders(); + +#Get GUI values +&Header::getcgihash(\%settings); + +############### +# DEBUG DEBUG +#&Header::openbox('100%', 'left', 'DEBUG'); +#my $debugCount = 0; +#foreach my $line (sort keys %settings) { +#print "$line = $settings{$line}
\n"; +# $debugCount++; +#} +#print " Count: $debugCount\n"; +#&Header::closebox(); +# DEBUG DEBUG +############### + +# Load multiline data +our @current = (); +if (open(FILE, "$datafile")) { + @current = ; + close (FILE); +} + +## Settings1 Box not used... +&General::readhash("${General::swroot}/main/settings", \%settings); + + +## Now manipulate the multi-line list with Settings2 +# Basic actions are: +# toggle the check box +# add/update a new line +# begin editing a line +# remove a line + + +# Toggle enable/disable field. Field is in second position +if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { + #move out new line + chomp(@current[$settings{'KEY1'}]); + my @temp = split(/\,/,@current[$settings{'KEY1'}]); + + $temp[0] = $temp[0] ne '' ? '' : 'on'; # Toggle the field + @current[$settings{'KEY1'}] = join (',',@temp)."\n"; + $settings{'KEY1'} = ''; # End edit mode + + &General::log($Lang::tr{'routing config changed'}); + + #Save current + open(FILE, ">$datafile") or die 'routing datafile error'; + print FILE @current; + close(FILE); + + # Rebuild configuration file + &BuildConfiguration; +} + +if ($settings{'ACTION'} eq $Lang::tr{'add'}) { + +# Validate inputs + if (( !&General::validip($settings{'IP'})) and ( !&General::validipandmask($settings{'IP'}))){ + $errormessage = $Lang::tr{'invalid ip'}." / ".$Lang::tr{'invalid netmask'}; + } + + if ($settings{'IP'} =~ /0.0.0.0/){ + $errormessage = $Lang::tr{'invalid ip'}." - 0.0.0.0"; + } + + if( !&General::validip($settings{'GATEWAY'}) ) { + $errormessage = $Lang::tr{'invalid ip'}. " - ".$Lang::tr{'gateway ip'}; + } + + unless ($errormessage) { + if ($settings{'KEY1'} eq '') { #add or edit ? + unshift (@current, "$settings{'EN'},$settings{'IP'},$settings{'GATEWAY'},$settings{'REMARK'}\n"); + &General::log($Lang::tr{'routing config added'}); + } else { + @current[$settings{'KEY1'}] = "$settings{'EN'},$settings{'IP'},$settings{'GATEWAY'},$settings{'REMARK'}\n"; + $settings{'KEY1'} = ''; # End edit mode + &General::log($Lang::tr{'routing config changed'}); + } + + # Write changes to config file. + &SortDataFile; # sort newly added/modified entry + &BuildConfiguration; # then re-build routing + + #map ($settings{$_}='' ,@nosaved); # Clear fields + } +} + +if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { + #move out new line + my $line = @current[$settings{'KEY1'}]; # KEY1 is the index in current + chomp($line); + my @temp = split(/\,/, $line); + $settings{'EN'}=$temp[0]; # Prepare the screen for editing + $settings{'IP'}=$temp[1]; + $settings{'GATEWAY'}=$temp[2]; + $settings{'REMARK'}=$temp[3]; + &BuildConfiguration; +} + +if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { + splice (@current,$settings{'KEY1'},1); # Delete line + open(FILE, ">$datafile") or die 'route datafile error'; + print FILE @current; + close(FILE); + $settings{'KEY1'} = ''; # End remove mode + &General::log($Lang::tr{'route config changed'}); + + &BuildConfiguration; # then re-build conf which use new data +} + +## Check if sorting is asked +# If same column clicked, reverse the sort. +if ($ENV{'QUERY_STRING'} =~ /$sortstring/ ) { + my $newsort=$ENV{'QUERY_STRING'}; + my $actual=$settings{'SORT_GATEWAYLIST'}; + #Reverse actual sort ? + if ($actual =~ $newsort) { + my $Rev=''; + if ($actual !~ 'Rev') { + $Rev='Rev'; + } + $newsort.=$Rev; + } + $settings{'SORT_GATEWAYLIST'}=$newsort; + map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved + &General::writehash($setting, \%settings); + &SortDataFile; + $settings{'ACTION'} = 'SORT'; # Create an 'ACTION' + map ($settings{$_} = '' ,@nosaved,'KEY1'); # and reinit vars to empty +} + +if ($settings{'ACTION'} eq '' ) { # First launch from GUI + # Place here default value when nothing is initialized + $settings{'EN'} = 'on'; + $settings{'GATEWAY'} = ''; + $settings{'IP'} = ''; +} + +&Header::openpage($Lang::tr{'routing table entries'}, 1, ''); +&Header::openbigbox('100%', 'left', '', $errormessage); +my %checked=(); # Checkbox manipulations + +if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "$errormessage "; + &Header::closebox(); +} + +# + +$checked{'EN'}{'on'} = ($settings{'EN'} eq '' ) ? '' : "checked='checked'"; + +my $buttontext = $Lang::tr{'add'}; +if ($settings{'KEY1'} ne '') { + $buttontext = $Lang::tr{'update'}; + &Header::openbox('100%', 'left', $Lang::tr{'Edit an existing route'}); +} else { + &Header::openbox('100%', 'left', $Lang::tr{'Add a route'}); +} + +#Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order' +print < + + + + + + + + + + + + + + + +
$Lang::tr{'host ip'} / $Lang::tr{'network'}: 
$Lang::tr{'gateway'}: $Lang::tr{'enabled'}
$Lang::tr{'remark'}: 
+
+ + + + +
+ +END +; +&Header::closebox(); + +&Header::openbox('100%', 'left', $Lang::tr{'routing table'}); +print < + + + + + + + +END +; + +# +# Print each line of @current list +# + +my $key = 0; +foreach my $line (@current) { + chomp($line); # remove newline + my @temp=split(/\,/,$line); + $temp[2] ='' unless defined $temp[2]; # not always populated + $temp[3] ='' unless defined $temp[2]; # not always populated + + #Choose icon for checkbox + my $gif = ''; + my $gdesc = ''; + if ($temp[0] ne '' ) { + $gif = 'on.gif'; + $gdesc = $Lang::tr{'click to disable'}; + } else { + $gif = 'off.gif'; + $gdesc = $Lang::tr{'click to enable'}; + } + + #Colorize each line + if ($settings{'KEY1'} eq $key) { + print ""; + } elsif ($key % 2) { + print ""; + } else { + print ""; + } + print <$temp[1] + + + + + + + + +END +; + $key++; +} +print "
$Lang::tr{'host ip'} / $Lang::tr{'network'}$Lang::tr{'gateway'}$Lang::tr{'remark'}$Lang::tr{'action'}
$temp[2]$temp[3] +
+ + + +
+		 +
+ + + +
+		 +
+ + + +
+
"; + +# If table contains entries, print 'Key to action icons' +if ($key) { +print < + +  $Lang::tr{'legend'}:  + $Lang::tr{ + $Lang::tr{'click to disable'} +    + $Lang::tr{ + $Lang::tr{'click to enable'} +    + $Lang::tr{ + $Lang::tr{'edit'} +    + $Lang::tr{ + $Lang::tr{'remove'} + + +END +; +} + +&Header::closebox(); + +my $output = `/sbin/ip route show table static`; +$output = &Header::cleanhtml($output,"y"); + +if ( $output != "" ) { + &Header::openbox('100%', 'left', $Lang::tr{'routing table entries'}); + print "
$output
\n"; + &Header::closebox(); +} + +&Header::closebigbox(); +&Header::closepage(); + +## Ouf it's the end ! + +# Sort the "current" array according to choices +sub SortDataFile +{ + our %entries = (); + + # Sort pair of record received in $a $b special vars. + # When IP is specified use numeric sort else alpha. + # If sortname ends with 'Rev', do reverse sort. + # + sub fixedleasesort { + my $qs=''; # The sort field specified minus 'Rev' + if (rindex ($settings{'SORT_GATEWAYLIST'},'Rev') != -1) { + $qs=substr ($settings{'SORT_GATEWAYLIST'},0,length($settings{'SORT_GATEWAYLIST'})-3); + if ($qs eq 'IP') { + my @a = split(/\./,$entries{$a}->{$qs}); + my @b = split(/\./,$entries{$b}->{$qs}); + ($b[0]<=>$a[0]) || + ($b[1]<=>$a[1]) || + ($b[2]<=>$a[2]) || + ($b[3]<=>$a[3]); + } else { + $entries{$b}->{$qs} cmp $entries{$a}->{$qs}; + } + } else { #not reverse + $qs=$settings{'SORT_GATEWAYLIST'}; + if ($qs eq 'IP') { + my @a = split(/\./,$entries{$a}->{$qs}); + my @b = split(/\./,$entries{$b}->{$qs}); + ($a[0]<=>$b[0]) || + ($a[1]<=>$b[1]) || + ($a[2]<=>$b[2]) || + ($a[3]<=>$b[3]); + } else { + $entries{$a}->{$qs} cmp $entries{$b}->{$qs}; + } + } + } + + #Use an associative array (%entries) + my $key = 0; + foreach my $line (@current) { + chomp( $line); #remove newline because can be on field 5 or 6 (addition of REMARK) + my @temp = ( '','','', ''); + @temp = split (',',$line); + + # Build a pair 'Field Name',value for each of the data dataline. + # Each SORTABLE field must have is pair. + # Other data fields (non sortable) can be grouped in one + + my @record = ('KEY',$key++,'EN',$temp[0],'IP',$temp[1],'GATEWAY',$temp[2],'REMARK',$temp[3]); + my $record = {}; # create a reference to empty hash + %{$record} = @record; # populate that hash with @record + $entries{$record->{KEY}} = $record; # add this to a hash of hashes + } + + open(FILE, ">$datafile") or die 'routing datafile error'; + + # Each field value is printed , with the newline ! Don't forget separator and order of them. + foreach my $entry (sort fixedleasesort keys %entries) { + print FILE "$entries{$entry}->{EN},$entries{$entry}->{IP},$entries{$entry}->{GATEWAY},$entries{$entry}->{REMARK}\n"; + } + + close(FILE); + # Reload sorted @current + open (FILE, "$datafile"); + @current = ; + close (FILE); +} + +# +# Build the configuration file +# +sub BuildConfiguration { + system '/usr/local/bin/rebuildroutes'; +} \ No newline at end of file diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 76b408d10f..177cdf4c27 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -395,8 +395,11 @@ sub writeipsecfiles { print CONF "\tpfsgroup=$lconfighash{$key}[23]\n"; } - # IKE V1 - print CONF "\tkeyexchange=ikev1\n"; + # IKE V1 or V2 + if (! $lconfighash{$key}[29]) { + $lconfighash{$key}[29] = "ikev1"; + } + print CONF "\tkeyexchange=$lconfighash{$key}[29]\n"; # Lifetimes print CONF "\tikelifetime=$lconfighash{$key}[16]h\n" if ($lconfighash{$key}[16]); @@ -1288,6 +1291,7 @@ END $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; $cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27]; + $cgiparams{'IKE_VERSION'} = $confighash{$cgiparams{'KEY'}}[29]; $cgiparams{'IKE_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[18]; $cgiparams{'IKE_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[19]; $cgiparams{'IKE_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[20]; @@ -1790,6 +1794,7 @@ END $confighash{$key}[25] = $cgiparams{'REMARK'}; $confighash{$key}[26] = $cgiparams{'INTERFACE'}; $confighash{$key}[27] = $cgiparams{'DPD_ACTION'}; + $confighash{$key}[29] = $cgiparams{'IKE_VERSION'}; #dont forget advanced value $confighash{$key}[18] = $cgiparams{'IKE_ENCRYPTION'}; @@ -1845,6 +1850,11 @@ END $cgiparams{'DPD_ACTION'} = 'restart'; } + # Default IKE Version to V1 + if (! $cgiparams{'IKE_VERSION'}) { + $cgiparams{'IKE_VERSION'} = 'ikev1'; + } + # Default is yes for 'pfs' $cgiparams{'PFS'} = 'on'; @@ -1895,6 +1905,10 @@ END $selected{'DPD_ACTION'}{'restart'} = ''; $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'"; + $selected{'IKE_VERSION'}{'ikev1'} = ''; + $selected{'IKE_VERSION'}{'ikev2'} = ''; + $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'"; + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -1974,6 +1988,12 @@ END
+ $Lang::tr{'vpn keyexchange'}: + + $Lang::tr{'dpd action'}: