From 63249c6777d8b425e4ae9215e2d85f4928198b91 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat, 15 May 2010 13:30:19 +0200
Subject: [PATCH] Removed unsupported ipsec debug options and modp768.

---
 config/rootfiles/core/38/update.sh |  3 +++
 html/cgi-bin/services.cgi          |  0
 html/cgi-bin/vpnmain.cgi           | 23 ++++++++++++-----------
 3 files changed, 15 insertions(+), 11 deletions(-)
 mode change 100755 => 100644 html/cgi-bin/services.cgi

diff --git a/config/rootfiles/core/38/update.sh b/config/rootfiles/core/38/update.sh
index cc424b52c4..3c10b716e9 100644
--- a/config/rootfiles/core/38/update.sh
+++ b/config/rootfiles/core/38/update.sh
@@ -179,10 +179,13 @@ fi
 mv /var/ipfire/vpn/ipsec.conf /var/ipfire/vpn/ipsec.conf.org
 cat /var/ipfire/vpn/ipsec.conf.org | \
 grep -v "disablearrivalcheck=" | \
+grep -v "klipsdebug=" | \
 grep -v "leftfirewall=" | \
 grep -v "charonstart=" | \
 grep -v "aggrmode=" > /var/ipfire/vpn/ipsec.conf
 sed -i "s|ipsec[0-9]=||g" /var/ipfire/vpn/ipsec.conf
+sed -i "s|nat_t ||g" /var/ipfire/vpn/ipsec.conf
+sed -i "s|klips ||g" /var/ipfire/vpn/ipsec.conf
 sed -i "s|^conn [A-Za-z].*$|&\n\tleftfirewall=yes|g" /var/ipfire/vpn/ipsec.conf
 sed -i "s|^config setup$|&\n\tcharonstart=no|g" /var/ipfire/vpn/ipsec.conf
 chown nobody:nobody /var/ipfire/vpn/ipsec.conf
diff --git a/html/cgi-bin/services.cgi b/html/cgi-bin/services.cgi
old mode 100755
new mode 100644
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 9cf336c672..28ac30e8ec 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -257,9 +257,9 @@ sub writeipsecfiles {
     my $plutodebug = '';			# build debug list
     map ($plutodebug .= $lvpnsettings{$_} eq 'on' ? lc (substr($_,4)).' ' : '',
 	('DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
-	 'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
+	 'DBG_DNS'));
     $plutodebug = 'none' if $plutodebug eq '';  # if nothing selected, use 'none'.
-    print CONF "\tklipsdebug=\"none\"\n";
+    #print CONF "\tklipsdebug=\"none\"\n";
     print CONF "\tplutodebug=\"$plutodebug\"\n";
     # deprecated in ipsec.conf version 2
     #print CONF "\tplutoload=%search\n";
@@ -452,7 +452,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 
     map ($vpnsettings{$_} = $cgiparams{$_},
 	('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
-	 'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
+	 'DBG_DNS'));
 
     $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
     $vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'};
@@ -2117,7 +2117,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	    goto ADVANCED_ERROR;
 	}
 	foreach my $val (@temp) {
-	    if ($val !~ /^(768|1024|1536|2048|3072|4096|6144|8192)$/) {
+	    if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) {
 		$errormessage = $Lang::tr{'invalid input'};
 		goto ADVANCED_ERROR;
 	    }
@@ -2153,7 +2153,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	    }
 	}
 	if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
-	    $cgiparams{'ESP_GROUPTYPE'} !~  /^modp(768|1024|1536|2048|3072|4096)$/) {
+	    $cgiparams{'ESP_GROUPTYPE'} !~  /^modp(1024|1536|2048|3072|4096)$/) {
 	    $errormessage = $Lang::tr{'invalid input'};
 	    goto ADVANCED_ERROR;
 	}
@@ -2238,6 +2238,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
     $checked{'IKE_GROUPTYPE'}{'8192'} = '';
     @temp = split('\|', $cgiparams{'IKE_GROUPTYPE'});
     foreach my $key (@temp) {$checked{'IKE_GROUPTYPE'}{$key} = "selected='selected'"; }
+
+    # 768 is not supported by strongswan
+    $checked{'IKE_GROUPTYPE'}{'768'} = '';
+
+
     $checked{'ESP_ENCRYPTION'}{'aes256'} = '';
     $checked{'ESP_ENCRYPTION'}{'aes128'} = '';
     $checked{'ESP_ENCRYPTION'}{'3des'} = '';
@@ -2303,7 +2308,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		<option value='2048' $checked{'IKE_GROUPTYPE'}{'2048'}>MODP-2048</option>
 		<option value='1536' $checked{'IKE_GROUPTYPE'}{'1536'}>MODP-1536</option>
 		<option value='1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024</option>
-		<option value='768'  $checked{'IKE_GROUPTYPE'}{'768'}>MODP-768</option>
 		</select></td>
 	</tr><tr>
 	    <td class='boldbase' align='right' valign='top'>$Lang::tr{'ike lifetime'}</td><td class='boldbase' valign='top'>
@@ -2396,7 +2400,7 @@ EOF
     $checked{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'} eq 'on' ? "checked='checked'" : '' ;
     map ($checked{$_} = $cgiparams{$_} eq 'on' ? "checked='checked'" : '',
 	('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
-	 'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
+	 'DBG_DNS'));
 
 
     &Header::showhttpheaders();
@@ -2440,10 +2444,7 @@ crypt:<input type='checkbox' name='DBG_CRYPT' $checked{'DBG_CRYPT'} />,&nbsp;
 parsing:<input type='checkbox' name='DBG_PARSING' $checked{'DBG_PARSING'} />,&nbsp;
 emitting:<input type='checkbox' name='DBG_EMITTING' $checked{'DBG_EMITTING'} />,&nbsp;
 control:<input type='checkbox' name='DBG_CONTROL' $checked{'DBG_CONTROL'} />,&nbsp;
-klips:<input type='checkbox' name='DBG_KLIPS' $checked{'DBG_KLIPS'} />,&nbsp;
-dns:<input type='checkbox' name='DBG_DNS' $checked{'DBG_DNS'} />,&nbsp;
-nat_t:<input type='checkbox' name='DBG_NAT_T' $checked{'DBG_NAT_T'} /></p>
-
+dns:<input type='checkbox' name='DBG_DNS' $checked{'DBG_DNS'} />&nbsp;
 <hr />
 <table width='100%'>
 <tr>
-- 
2.39.2