From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun, 26 Jun 2011 09:13:58 +0000 (+0200)
Subject: ipsec: add ikev1/v2 selectbox to switch from pluto to charon.
X-Git-Tag: v2.9-core53~88^2~4
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=e2e4ed017c1e4eea4ebc14ec6196a6891ae550a7

ipsec: add ikev1/v2 selectbox to switch from pluto to charon.
---

diff --git a/config/rootfiles/core/next/filelists/files b/config/rootfiles/core/next/filelists/files
index 89c4631f9e..e3580d4c6d 100644
--- a/config/rootfiles/core/next/filelists/files
+++ b/config/rootfiles/core/next/filelists/files
@@ -1,7 +1,9 @@
 etc/system-release
 etc/issue
 srv/web/ipfire/cgi-bin/extrahd.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
 var/ipfire/langs/de.pl
 var/ipfire/langs/en.pl
 var/ipfire/langs/es.pl
 var/ipfire/langs/fr.pl
+usr/local/bin/vpn-watch
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 76b408d10f..39bbbec380 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -395,8 +395,11 @@ sub writeipsecfiles {
 	    print CONF "\tpfsgroup=$lconfighash{$key}[23]\n";
 	}
 
-	# IKE V1
-	print CONF "\tkeyexchange=ikev1\n";
+	# IKE V1 or V2
+	if (! $lconfighash{$key}[29]) {
+	   $lconfighash{$key}[29] = "ikev1";
+	}
+	print CONF "\tkeyexchange=$lconfighash{$key}[29]\n";
 
 	# Lifetimes
 	print CONF "\tikelifetime=$lconfighash{$key}[16]h\n" if ($lconfighash{$key}[16]);
@@ -1288,6 +1291,7 @@ END
 	$cgiparams{'REMARK'}		= $confighash{$cgiparams{'KEY'}}[25];
 	$cgiparams{'INTERFACE'}		= $confighash{$cgiparams{'KEY'}}[26];
 	$cgiparams{'DPD_ACTION'}	= $confighash{$cgiparams{'KEY'}}[27];
+	$cgiparams{'IKE_VERSION'}	= $confighash{$cgiparams{'KEY'}}[29];
 	$cgiparams{'IKE_ENCRYPTION'} 	= $confighash{$cgiparams{'KEY'}}[18];
 	$cgiparams{'IKE_INTEGRITY'}  	= $confighash{$cgiparams{'KEY'}}[19];
 	$cgiparams{'IKE_GROUPTYPE'}  	= $confighash{$cgiparams{'KEY'}}[20];
@@ -1790,6 +1794,7 @@ END
 	$confighash{$key}[25] = $cgiparams{'REMARK'};
 	$confighash{$key}[26] = $cgiparams{'INTERFACE'};
 	$confighash{$key}[27] = $cgiparams{'DPD_ACTION'};
+	$confighash{$key}[29] = $cgiparams{'IKE_VERSION'};
 
 	#dont forget advanced value
 	$confighash{$key}[18] = $cgiparams{'IKE_ENCRYPTION'};
@@ -1845,6 +1850,11 @@ END
 	    $cgiparams{'DPD_ACTION'} = 'restart';
 	}
 
+	# Default IKE Version to V1
+	if (! $cgiparams{'IKE_VERSION'}) {
+	    $cgiparams{'IKE_VERSION'} = 'ikev1';
+	}
+
 	# Default is yes for 'pfs'
 	$cgiparams{'PFS'}     = 'on';
 	
@@ -1895,6 +1905,10 @@ END
     $selected{'DPD_ACTION'}{'restart'} = '';
     $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
 
+    $selected{'IKE_VERSION'}{'ikev1'} = '';
+    $selected{'IKE_VERSION'}{'ikev2'} = '';
+    $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'";
+
     &Header::showhttpheaders();
     &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
     &Header::openbigbox('100%', 'left', '', $errormessage);
@@ -1974,6 +1988,12 @@ END
 	    <td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
 	</tr><tr>
 	</tr><td><br /></td><tr>
+	    <td>$Lang::tr{'ike version'}:</td>
+	    <td><select name='IKE_VERSION'>
+    		<option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option>
+    		<option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option>
+    		</select></a>
+	    </td>
 	    <td>$Lang::tr{'dpd action'}:</td>
 	    <td><select name='DPD_ACTION'>
     		<option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
diff --git a/src/scripts/vpn-watch b/src/scripts/vpn-watch
index af646adce8..2bd516840a 100755
--- a/src/scripts/vpn-watch
+++ b/src/scripts/vpn-watch
@@ -43,6 +43,7 @@ my $status = `ipsec whack --status`;
 foreach (@vpnsettings){
  my @settings = split(/,/,$_);
 
+  if ($settings[30] eq 'ikev2'){next;}
   if ($settings[27] ne 'RED'){next;}
   if ($settings[4] ne 'net'){next;}  
   if ($settings[1] ne 'on'){next;}chomp($settings[29]);