From 216bd9b389b984dd991d1a9011901e68ef5f0a6b Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 10 Dec 2018 16:44:06 +0000
Subject: [PATCH] vpnmain.cgi: Move advanced IPsec settings to connection page

This is required to make the initial setup easier for GRE/VTI connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 doc/language_issues.de   |   2 +-
 doc/language_issues.en   |   2 +-
 doc/language_issues.es   |   2 +-
 doc/language_issues.fr   |   2 +-
 doc/language_issues.it   |   2 +-
 doc/language_issues.nl   |   2 +-
 doc/language_issues.pl   |   2 +-
 doc/language_issues.ru   |   2 +-
 doc/language_issues.tr   |   2 +-
 doc/language_missings    |   8 +++
 html/cgi-bin/vpnmain.cgi | 150 +++++++++++++++++++--------------------
 langs/en/cgi-bin/en.pl   |   1 +
 12 files changed, 92 insertions(+), 85 deletions(-)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index c72cc40b91..f39adbec1c 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -732,7 +732,6 @@ WARNING: untranslated string: Scan for Songs = unknown string
 WARNING: untranslated string: addons = Addons
 WARNING: untranslated string: bytes = unknown string
 WARNING: untranslated string: community rules = Snort/VRT GPLv2 Community Rules
-WARNING: untranslated string: cryptographic settings = Cryptographic Settings
 WARNING: untranslated string: dead peer detection = Dead Peer Detection
 WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
 WARNING: untranslated string: fwhost cust geoipgrp = unknown string
@@ -785,6 +784,7 @@ WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: mtu = MTU
 WARNING: untranslated string: no data = unknown string
 WARNING: untranslated string: none = none
diff --git a/doc/language_issues.en b/doc/language_issues.en
index efc4fce1f3..ce1e12d3be 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -505,7 +505,6 @@ WARNING: untranslated string: crl = Certificate Revocation List
 WARNING: untranslated string: cron server = CRON Server
 WARNING: untranslated string: crypto error = Cryptographic error
 WARNING: untranslated string: crypto warning = Cryptographic warning
-WARNING: untranslated string: cryptographic settings = Cryptographic Settings
 WARNING: untranslated string: current = Current
 WARNING: untranslated string: current aliases = Current aliases
 WARNING: untranslated string: current class = Current class
@@ -1138,6 +1137,7 @@ WARNING: untranslated string: ipsec interface mode vti = VTI
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: iptmangles = IPTable Mangles
 WARNING: untranslated string: iptnats = IPTable Network Address Translation
 WARNING: untranslated string: ipts = iptables
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 6994a9e92e..d1c3887c31 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -758,7 +758,6 @@ WARNING: untranslated string: country codes and flags = Country Codes and Flags:
 WARNING: untranslated string: countrycode = Code
 WARNING: untranslated string: crypto error = Cryptographic error
 WARNING: untranslated string: crypto warning = Cryptographic warning
-WARNING: untranslated string: cryptographic settings = Cryptographic Settings
 WARNING: untranslated string: dead peer detection = Dead Peer Detection
 WARNING: untranslated string: default = Default
 WARNING: untranslated string: deprecated fs warn = Deprecated filesystem! Newer kernel drop the support. Backup and reformat!
@@ -1068,6 +1067,7 @@ WARNING: untranslated string: ipsec interface mode vti = VTI
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: last = Last
 WARNING: untranslated string: least preferred = least preferred
 WARNING: untranslated string: lifetime = Lifetime:
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 42ef8d5c75..8b31f61efe 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -769,7 +769,6 @@ WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Captive clients = unknown string
 WARNING: untranslated string: Scan for Songs = unknown string
 WARNING: untranslated string: bytes = unknown string
-WARNING: untranslated string: cryptographic settings = Cryptographic Settings
 WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: fwhost cust geoipgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
@@ -821,6 +820,7 @@ WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: mtu = MTU
 WARNING: untranslated string: no data = unknown string
 WARNING: untranslated string: pakfire ago = ago.
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 04676a9854..ca7a07d64f 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -788,7 +788,6 @@ WARNING: untranslated string: bytes = unknown string
 WARNING: untranslated string: check all = Check all
 WARNING: untranslated string: crypto error = Cryptographic error
 WARNING: untranslated string: crypto warning = Cryptographic warning
-WARNING: untranslated string: cryptographic settings = Cryptographic Settings
 WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
 WARNING: untranslated string: dhcp dns key name = Key Name:
 WARNING: untranslated string: dhcp dns update = DNS Update
@@ -898,6 +897,7 @@ WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: log server protocol = protocol:
 WARNING: untranslated string: masquerade blue = Masquerade BLUE
 WARNING: untranslated string: masquerade green = Masquerade GREEN
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 22b5f84330..cc966b6502 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -785,7 +785,6 @@ WARNING: untranslated string: capabilities = Capabilities
 WARNING: untranslated string: check all = Check all
 WARNING: untranslated string: crypto error = Cryptographic error
 WARNING: untranslated string: crypto warning = Cryptographic warning
-WARNING: untranslated string: cryptographic settings = Cryptographic Settings
 WARNING: untranslated string: default = Default
 WARNING: untranslated string: dh = Diffie-Hellman parameters
 WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters move failed.
@@ -912,6 +911,7 @@ WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: log server protocol = protocol:
 WARNING: untranslated string: masquerade blue = Masquerade BLUE
 WARNING: untranslated string: masquerade green = Masquerade GREEN
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 6994a9e92e..d1c3887c31 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -758,7 +758,6 @@ WARNING: untranslated string: country codes and flags = Country Codes and Flags:
 WARNING: untranslated string: countrycode = Code
 WARNING: untranslated string: crypto error = Cryptographic error
 WARNING: untranslated string: crypto warning = Cryptographic warning
-WARNING: untranslated string: cryptographic settings = Cryptographic Settings
 WARNING: untranslated string: dead peer detection = Dead Peer Detection
 WARNING: untranslated string: default = Default
 WARNING: untranslated string: deprecated fs warn = Deprecated filesystem! Newer kernel drop the support. Backup and reformat!
@@ -1068,6 +1067,7 @@ WARNING: untranslated string: ipsec interface mode vti = VTI
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: last = Last
 WARNING: untranslated string: least preferred = least preferred
 WARNING: untranslated string: lifetime = Lifetime:
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 869ccd786f..3e38020703 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -761,7 +761,6 @@ WARNING: untranslated string: country codes and flags = Country Codes and Flags:
 WARNING: untranslated string: countrycode = Code
 WARNING: untranslated string: crypto error = Cryptographic error
 WARNING: untranslated string: crypto warning = Cryptographic warning
-WARNING: untranslated string: cryptographic settings = Cryptographic Settings
 WARNING: untranslated string: dead peer detection = Dead Peer Detection
 WARNING: untranslated string: default = Default
 WARNING: untranslated string: deprecated fs warn = Deprecated filesystem! Newer kernel drop the support. Backup and reformat!
@@ -1070,6 +1069,7 @@ WARNING: untranslated string: ipsec interface mode vti = VTI
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: last = Last
 WARNING: untranslated string: least preferred = least preferred
 WARNING: untranslated string: lifetime = Lifetime:
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index c455234411..67b43043d6 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -771,7 +771,6 @@ WARNING: untranslated string: Scan for Songs = unknown string
 WARNING: untranslated string: bytes = unknown string
 WARNING: untranslated string: crypto error = Cryptographic error
 WARNING: untranslated string: crypto warning = Cryptographic warning
-WARNING: untranslated string: cryptographic settings = Cryptographic Settings
 WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: fwdfw all subnets = All subnets
 WARNING: untranslated string: fwhost cust geoipgrp = unknown string
@@ -824,6 +823,7 @@ WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: mtu = MTU
 WARNING: untranslated string: no data = unknown string
 WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br>
diff --git a/doc/language_missings b/doc/language_missings
index a770c13b28..0b067578ba 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -49,6 +49,7 @@
 < ipsec interface mode vti
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec settings
 < mtu
 < none
 < notes
@@ -523,6 +524,7 @@
 < ipsec mode tunnel
 < ipsec network
 < ipsec no connections
+< ipsec settings
 < last
 < least preferred
 < lifetime
@@ -821,6 +823,7 @@
 < ipsec interface mode vti
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec settings
 < mtu
 < subnet mask
 ############################################################################
@@ -972,6 +975,7 @@
 < ipsec interface mode vti
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec settings
 < log server protocol
 < masquerade blue
 < masquerade green
@@ -1221,6 +1225,7 @@
 < ipsec interface mode vti
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec settings
 < log server protocol
 < masquerade blue
 < masquerade green
@@ -1794,6 +1799,7 @@
 < ipsec mode tunnel
 < ipsec network
 < ipsec no connections
+< ipsec settings
 < last
 < least preferred
 < lifetime
@@ -2526,6 +2532,7 @@
 < ipsec mode tunnel
 < ipsec network
 < ipsec no connections
+< ipsec settings
 < last
 < least preferred
 < lifetime
@@ -2811,6 +2818,7 @@
 < ipsec interface mode vti
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec settings
 < mtu
 < ovpn error dh
 < ovpn error md5
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index f6791c70b2..0488f70c58 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1447,6 +1447,26 @@ END
 					goto VPNCONF_ERROR;
 				}
 			}
+
+			if ($cgiparams{'MODE'} !~ /^(tunnel|transport)$/) {
+				$errormessage = $Lang::tr{'invalid input for mode'};
+				goto VPNCONF_ERROR;
+			}
+
+			if ($cgiparams{'INTERFACE_MODE'} !~ /^(|gre|vti)$/) {
+				$errormessage = $Lang::tr{'invalid input for interface mode'};
+				goto VPNCONF_ERROR;
+			}
+
+			if (($cgiparams{'INTERFACE_MODE'} ne "") && !&Network::check_subnet($cgiparams{'INTERFACE_ADDRESS'})) {
+				$errormessage = $Lang::tr{'invalid input for interface address'};
+				goto VPNCONF_ERROR;
+			}
+
+			if ($cgiparams{'INTERFACE_MTU'} !~ /^\d+$/) {
+				$errormessage = $Lang::tr{'invalid input for interface mtu'};
+				goto VPNCONF_ERROR;
+			}
 		}
 
 		if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
@@ -1997,6 +2017,15 @@ VPNCONF_ERROR:
 	$checked{'AUTH'}{'auth-dn'} = '';
 	$checked{'AUTH'}{$cgiparams{'AUTH'}} = "checked='checked'";
 
+	$selected{'MODE'}{'tunnel'} = '';
+	$selected{'MODE'}{'transport'} = '';
+	$selected{'MODE'}{$cgiparams{'MODE'}} = "selected='selected'";
+
+	$selected{'INTERFACE_MODE'}{''} = '';
+	$selected{'INTERFACE_MODE'}{'gre'} = '';
+	$selected{'INTERFACE_MODE'}{'vti'} = '';
+	$selected{'INTERFACE_MODE'}{$cgiparams{'INTERFACE_MODE'}} = "selected='selected'";
+
 	&Header::showhttpheaders();
 	&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -2034,10 +2063,6 @@ VPNCONF_ERROR:
 	<input type='hidden' name='DPD_TIMEOUT' value='$cgiparams{'DPD_TIMEOUT'}' />
 	<input type='hidden' name='FORCE_MOBIKE' value='$cgiparams{'FORCE_MOBIKE'}' />
 	<input type='hidden' name='INACTIVITY_TIMEOUT' value='$cgiparams{'INACTIVITY_TIMEOUT'}' />
-	<input type='hidden' name='MODE' value='$cgiparams{'MODE'}' />
-	<input type='hidden' name='INTERFACE_MODE' value='$cgiparams{'INTERFACE_MODE'}' />
-	<input type='hidden' name='INTERFACE_ADDRESS' value='$cgiparams{'INTERFACE_ADDRESS'}' />
-	<input type='hidden' name='INTERFACE_MTU' value='$cgiparams{'INTERFACE_MTU'}' />
 END
 ;
 	if ($cgiparams{'KEY'}) {
@@ -2120,6 +2145,51 @@ END
 	print "</table>";
 	&Header::closebox();
 
+	if ($cgiparams{'TYPE'} eq 'net') {
+		&Header::openbox('100%', 'left', $Lang::tr{'ipsec settings'});
+		print <<EOF;
+		<table width='100%'>
+			<tbody>
+				<tr>
+					<td class='boldbase' width='20%'>$Lang::tr{'mode'}:</td>
+					<td width='30%'>
+						<select name='MODE'>
+							<option value='tunnel' $selected{'MODE'}{'tunnel'}>$Lang::tr{'ipsec mode tunnel'}</option>
+							<option value='transport' $selected{'MODE'}{'transport'}>$Lang::tr{'ipsec mode transport'}</option>
+						</select>
+					</td>
+					<td colspan='2'></td>
+				</tr>
+
+				<tr>
+					<td class='boldbase' width='20%'>$Lang::tr{'interface mode'}:</td>
+					<td width='30%'>
+						<select name='INTERFACE_MODE'>
+							<option value='' $selected{'INTERFACE_MODE'}{''}>$Lang::tr{'ipsec interface mode none'}</option>
+							<option value='gre' $selected{'INTERFACE_MODE'}{'gre'}>$Lang::tr{'ipsec interface mode gre'}</option>
+							<option value='vti' $selected{'INTERFACE_MODE'}{'vti'}>$Lang::tr{'ipsec interface mode vti'}</option>
+						</select>
+					</td>
+
+					<td class='boldbase' width='20%'>$Lang::tr{'ip address'}/$Lang::tr{'subnet mask'}:</td>
+					<td width='30%'>
+						<input type="text" name="INTERFACE_ADDRESS" value="$cgiparams{'INTERFACE_ADDRESS'}">
+					</td>
+				</tr>
+
+				<tr>
+					<td class='boldbase' width='20%'>$Lang::tr{'mtu'}:</td>
+					<td width='30%'>
+						<input type="number" name="INTERFACE_MTU" value="$cgiparams{'INTERFACE_MTU'}" min="576" max="9000">
+					</td>
+					<td colspan='2'></td>
+				</tr>
+			</tbody>
+		</table>
+EOF
+		&Header::closebox();
+	}
+
 	if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
 		&Header::openbox('100%', 'left', $Lang::tr{'authentication'});
 		print <<END
@@ -2332,26 +2402,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			goto ADVANCED_ERROR;
 		}
 
-		if ($cgiparams{'MODE'} !~ /^(tunnel|transport)$/) {
-			$errormessage = $Lang::tr{'invalid input for mode'};
-			goto ADVANCED_ERROR;
-		}
-
-		if ($cgiparams{'INTERFACE_MODE'} !~ /^(|gre|vti)$/) {
-			$errormessage = $Lang::tr{'invalid input for interface mode'};
-			goto ADVANCED_ERROR;
-		}
-
-		if (($cgiparams{'INTERFACE_MODE'} ne "") && !&Network::check_subnet($cgiparams{'INTERFACE_ADDRESS'})) {
-			$errormessage = $Lang::tr{'invalid input for interface address'};
-			goto ADVANCED_ERROR;
-		}
-
-		if ($cgiparams{'INTERFACE_MTU'} !~ /^\d+$/) {
-			$errormessage = $Lang::tr{'invalid input for interface mtu'};
-			goto ADVANCED_ERROR;
-		}
-
 		$confighash{$cgiparams{'KEY'}}[29] = $cgiparams{'IKE_VERSION'};
 		$confighash{$cgiparams{'KEY'}}[18] = $cgiparams{'IKE_ENCRYPTION'};
 		$confighash{$cgiparams{'KEY'}}[19] = $cgiparams{'IKE_INTEGRITY'};
@@ -2371,10 +2421,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		$confighash{$cgiparams{'KEY'}}[32] = $cgiparams{'FORCE_MOBIKE'};
 		$confighash{$cgiparams{'KEY'}}[33] = $cgiparams{'START_ACTION'};
 		$confighash{$cgiparams{'KEY'}}[34] = $cgiparams{'INACTIVITY_TIMEOUT'};
-		$confighash{$cgiparams{'KEY'}}[35] = $cgiparams{'MODE'};
-		$confighash{$cgiparams{'KEY'}}[36] = $cgiparams{'INTERFACE_MODE'};
-		$confighash{$cgiparams{'KEY'}}[37] = $cgiparams{'INTERFACE_ADDRESS'};
-		$confighash{$cgiparams{'KEY'}}[38] = $cgiparams{'INTERFACE_MTU'};
 		&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 		&writeipsecfiles();
 		if (&vpnenabled) {
@@ -2536,15 +2582,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	}
 	$selected{'INACTIVITY_TIMEOUT'}{$cgiparams{'INACTIVITY_TIMEOUT'}} = "selected";
 
-	$selected{'MODE'}{'tunnel'} = '';
-	$selected{'MODE'}{'transport'} = '';
-	$selected{'MODE'}{$cgiparams{'MODE'}} = "selected='selected'";
-
-	$selected{'INTERFACE_MODE'}{''} = '';
-	$selected{'INTERFACE_MODE'}{'gre'} = '';
-	$selected{'INTERFACE_MODE'}{'vti'} = '';
-	$selected{'INTERFACE_MODE'}{$cgiparams{'INTERFACE_MODE'}} = "selected='selected'";
-
 	&Header::showhttpheaders();
 	&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -2569,45 +2606,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	<input type='hidden' name='ADVANCED' value='yes' />
 	<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
 
-	<table width="100%">
-		<tbody>
-			<tr>
-				<td width="15%">$Lang::tr{'mode'}:</td>
-				<td>
-					<select name='MODE'>
-						<option value='tunnel' $selected{'MODE'}{'tunnel'}>$Lang::tr{'ipsec mode tunnel'}</option>
-						<option value='transport' $selected{'MODE'}{'transport'}>$Lang::tr{'ipsec mode transport'}</option>
-					</select>
-				</td>
-				<td></td>
-			</tr>
-
-			<tr>
-				<td width="15%">$Lang::tr{'interface mode'}:</td>
-				<td>
-					<label></label>
-					<select name='INTERFACE_MODE'>
-						<option value='' $selected{'INTERFACE_MODE'}{''}>$Lang::tr{'ipsec interface mode none'}</option>
-						<option value='gre' $selected{'INTERFACE_MODE'}{'gre'}>$Lang::tr{'ipsec interface mode gre'}</option>
-						<option value='vti' $selected{'INTERFACE_MODE'}{'vti'}>$Lang::tr{'ipsec interface mode vti'}</option>
-					</select>
-				</td>
-				<td>
-					<label>$Lang::tr{'ip address'}/$Lang::tr{'subnet mask'}</label>
-					<input type="text" name="INTERFACE_ADDRESS" value="$cgiparams{'INTERFACE_ADDRESS'}">
-				</td>
-				<td>
-					<label>$Lang::tr{'mtu'}</label>
-					<input type="number" name="INTERFACE_MTU" value="$cgiparams{'INTERFACE_MTU'}" min="576" max="9000">
-				</td>
-			</tr>
-		</tbody>
-	</table>
-
-	<br><br>
-
-	<h2>$Lang::tr{'cryptographic settings'}</h2>
-
 	<table width='100%'>
 	<thead>
 		<tr>
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index d289aa783b..1125199771 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1494,6 +1494,7 @@
 'ipsec mode tunnel' => 'Tunnel',
 'ipsec network' => 'IPsec network',
 'ipsec no connections' => 'No active IPsec connections',
+'ipsec settings' => 'IPsec Settings',
 'iptable rules' => 'IPTable rules',
 'iptmangles' => 'IPTable Mangles',
 'iptnats' => 'IPTable Network Address Translation',
-- 
2.39.2