From 746413170688bc0e05d689fe539bea716752f34f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 28 Nov 2018 14:38:11 +0000
Subject: [PATCH 1/1] IPsec: Add option to configure IP address for tunnel
 interface

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 doc/language_issues.de   |  2 ++
 doc/language_issues.en   |  2 ++
 doc/language_issues.es   |  2 ++
 doc/language_issues.fr   |  2 ++
 doc/language_issues.it   |  2 ++
 doc/language_issues.nl   |  2 ++
 doc/language_issues.pl   |  2 ++
 doc/language_issues.ru   |  2 ++
 doc/language_issues.tr   |  2 ++
 doc/language_missings    | 16 ++++++++++++++++
 html/cgi-bin/vpnmain.cgi | 18 ++++++++++++++++++
 langs/en/cgi-bin/en.pl   |  2 ++
 12 files changed, 54 insertions(+)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 42a913d062..9168a898bf 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -776,6 +776,7 @@ WARNING: untranslated string: guardian watch snort alertfile = unknown string
 WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
 WARNING: untranslated string: info messages = unknown string
 WARNING: untranslated string: interface mode = Interface
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
 WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
 WARNING: untranslated string: invalid input for mode = Invalid input for mode
 WARNING: untranslated string: ipsec interface mode gre = GRE
@@ -791,5 +792,6 @@ WARNING: untranslated string: routing config added = unknown string
 WARNING: untranslated string: routing config changed = unknown string
 WARNING: untranslated string: routing table = unknown string
 WARNING: untranslated string: show tls-auth key = Show tls-auth key
+WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: vpn force mobike = Force using MOBIKE (only IKEv2)
 WARNING: untranslated string: vpn statistics n2n = unknown string
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 362a33cc01..1e78ec5c2e 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1081,6 +1081,7 @@ WARNING: untranslated string: invalid input for esp keylife = Invalid input for
 WARNING: untranslated string: invalid input for hostname = Invalid input for hostname.
 WARNING: untranslated string: invalid input for ike lifetime = Invalid input for IKE lifetime
 WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
 WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
 WARNING: untranslated string: invalid input for keepalive 1 = Invalid input for Keepalive ping
 WARNING: untranslated string: invalid input for keepalive 1:2 = Invalid input for Keepalive use at least a ratio of 1:2
@@ -1640,6 +1641,7 @@ WARNING: untranslated string: stop = Stop
 WARNING: untranslated string: stop ovpn server = Stop OpenVPN Server
 WARNING: untranslated string: stopped = STOPPED
 WARNING: untranslated string: subject = Subject
+WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: subscripted user rules = Sourcefire VRT rules with subscription
 WARNING: untranslated string: summaries kept = Keep summaries for
 WARNING: untranslated string: sunday = Sunday
diff --git a/doc/language_issues.es b/doc/language_issues.es
index d1bcd4bfd5..2264ef3227 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1054,6 +1054,7 @@ WARNING: untranslated string: interface mode = Interface
 WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay
 WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
 WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
 WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
 WARNING: untranslated string: invalid input for mode = Invalid input for mode
 WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
@@ -1174,6 +1175,7 @@ WARNING: untranslated string: ssh login time = Logged in since
 WARNING: untranslated string: ssh no active logins = No active logins
 WARNING: untranslated string: ssh username = Username
 WARNING: untranslated string: static routes = Static Routes
+WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: support donation = Support the IPFire project with your donation
 WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
 WARNING: untranslated string: system information = System Information
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index bac356f4c5..b37f5eb626 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -811,6 +811,7 @@ WARNING: untranslated string: guardian watch snort alertfile = unknown string
 WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
 WARNING: untranslated string: info messages = unknown string
 WARNING: untranslated string: interface mode = Interface
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
 WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
 WARNING: untranslated string: invalid input for mode = Invalid input for mode
 WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
@@ -825,4 +826,5 @@ WARNING: untranslated string: route config changed = unknown string
 WARNING: untranslated string: routing config added = unknown string
 WARNING: untranslated string: routing config changed = unknown string
 WARNING: untranslated string: routing table = unknown string
+WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: vpn statistics n2n = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 5e15535951..f2c4765da1 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -886,6 +886,7 @@ WARNING: untranslated string: incoming overhead in bytes per second = Incoming O
 WARNING: untranslated string: info messages = unknown string
 WARNING: untranslated string: interface mode = Interface
 WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
 WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
 WARNING: untranslated string: invalid input for mode = Invalid input for mode
 WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
@@ -932,6 +933,7 @@ WARNING: untranslated string: ssh active sessions = Active logins
 WARNING: untranslated string: ssh login time = Logged in since
 WARNING: untranslated string: ssh no active logins = No active logins
 WARNING: untranslated string: ssh username = Username
+WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
 WARNING: untranslated string: thirty minutes = 30 Minutes
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 6837903b96..6fd6bd9592 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -900,6 +900,7 @@ WARNING: untranslated string: incoming overhead in bytes per second = Incoming O
 WARNING: untranslated string: info messages = unknown string
 WARNING: untranslated string: interface mode = Interface
 WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
 WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
 WARNING: untranslated string: invalid input for mode = Invalid input for mode
 WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
@@ -975,6 +976,7 @@ WARNING: untranslated string: ssh active sessions = Active logins
 WARNING: untranslated string: ssh login time = Logged in since
 WARNING: untranslated string: ssh no active logins = No active logins
 WARNING: untranslated string: ssh username = Username
+WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: ta key = TLS-Authentification-Key
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index d1bcd4bfd5..2264ef3227 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1054,6 +1054,7 @@ WARNING: untranslated string: interface mode = Interface
 WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay
 WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
 WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
 WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
 WARNING: untranslated string: invalid input for mode = Invalid input for mode
 WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
@@ -1174,6 +1175,7 @@ WARNING: untranslated string: ssh login time = Logged in since
 WARNING: untranslated string: ssh no active logins = No active logins
 WARNING: untranslated string: ssh username = Username
 WARNING: untranslated string: static routes = Static Routes
+WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: support donation = Support the IPFire project with your donation
 WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
 WARNING: untranslated string: system information = System Information
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 2e641cce25..771395391e 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1056,6 +1056,7 @@ WARNING: untranslated string: interface mode = Interface
 WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay
 WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
 WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
 WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
 WARNING: untranslated string: invalid input for mode = Invalid input for mode
 WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
@@ -1170,6 +1171,7 @@ WARNING: untranslated string: ssh login time = Logged in since
 WARNING: untranslated string: ssh no active logins = No active logins
 WARNING: untranslated string: ssh username = Username
 WARNING: untranslated string: static routes = Static Routes
+WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: support donation = Support the IPFire project with your donation
 WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
 WARNING: untranslated string: ta key = TLS-Authentification-Key
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 57e582d4e6..0d5095d6f8 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -814,6 +814,7 @@ WARNING: untranslated string: guardian watch snort alertfile = unknown string
 WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
 WARNING: untranslated string: info messages = unknown string
 WARNING: untranslated string: interface mode = Interface
+WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
 WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
 WARNING: untranslated string: invalid input for mode = Invalid input for mode
 WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
@@ -834,6 +835,7 @@ WARNING: untranslated string: ssh active sessions = Active logins
 WARNING: untranslated string: ssh login time = Logged in since
 WARNING: untranslated string: ssh no active logins = No active logins
 WARNING: untranslated string: ssh username = Username
+WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: vpn start action add = Wait for connection initiation
 WARNING: untranslated string: vpn statistics n2n = unknown string
 WARNING: untranslated string: vpn wait = WAITING
diff --git a/doc/language_missings b/doc/language_missings
index edb0b3fd42..54b8e6770d 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -40,6 +40,7 @@
 < guardian
 < insert removable device
 < interface mode
+< invalid input for interface address
 < invalid input for interface mode
 < invalid input for mode
 < ipsec interface mode gre
@@ -55,6 +56,7 @@
 < show areas
 < show lines
 < show tls-auth key
+< subnet mask
 < teovpn_fragment
 < tor bridge enabled
 < tor errmsg invalid node id
@@ -504,6 +506,7 @@
 < invalid input for dpd delay
 < invalid input for dpd timeout
 < invalid input for inactivity timeout
+< invalid input for interface address
 < invalid input for interface mode
 < invalid input for mode
 < invalid input for valid till days
@@ -650,6 +653,7 @@
 < ssh no active logins
 < ssh username
 < static routes
+< subnet mask
 < support donation
 < system has hwrng
 < system has rdrand
@@ -803,6 +807,7 @@
 < cryptographic settings
 < dnsforward forward_servers
 < interface mode
+< invalid input for interface address
 < invalid input for interface mode
 < invalid input for mode
 < invalid ip or hostname
@@ -811,6 +816,7 @@
 < ipsec interface mode vti
 < ipsec mode transport
 < ipsec mode tunnel
+< subnet mask
 ############################################################################
 # Checking cgi-bin translations for language: it                           #
 ############################################################################
@@ -948,6 +954,7 @@
 < incoming overhead in bytes per second
 < interface mode
 < invalid input for inactivity timeout
+< invalid input for interface address
 < invalid input for interface mode
 < invalid input for mode
 < invalid input for valid till days
@@ -991,6 +998,7 @@
 < ssh login time
 < ssh no active logins
 < ssh username
+< subnet mask
 < tcp more reliable
 < ten minutes
 < thirty minutes
@@ -1193,6 +1201,7 @@
 < incoming overhead in bytes per second
 < interface mode
 < invalid input for inactivity timeout
+< invalid input for interface address
 < invalid input for interface mode
 < invalid input for mode
 < invalid input for valid till days
@@ -1268,6 +1277,7 @@
 < ssh login time
 < ssh no active logins
 < ssh username
+< subnet mask
 < ta key
 < tcp more reliable
 < ten minutes
@@ -1759,6 +1769,7 @@
 < invalid input for dpd delay
 < invalid input for dpd timeout
 < invalid input for inactivity timeout
+< invalid input for interface address
 < invalid input for interface mode
 < invalid input for mode
 < invalid input for valid till days
@@ -1890,6 +1901,7 @@
 < ssh no active logins
 < ssh username
 < static routes
+< subnet mask
 < support donation
 < system has hwrng
 < system has rdrand
@@ -2487,6 +2499,7 @@
 < invalid input for dpd delay
 < invalid input for dpd timeout
 < invalid input for inactivity timeout
+< invalid input for interface address
 < invalid input for interface mode
 < invalid input for mode
 < invalid input for valid till days
@@ -2616,6 +2629,7 @@
 < ssh no active logins
 < ssh username
 < static routes
+< subnet mask
 < support donation
 < system has hwrng
 < system has rdrand
@@ -2773,6 +2787,7 @@
 < dnsforward forward_servers
 < fwdfw all subnets
 < interface mode
+< invalid input for interface address
 < invalid input for interface mode
 < invalid input for mode
 < invalid ip or hostname
@@ -2788,6 +2803,7 @@
 < ssh login time
 < ssh no active logins
 < ssh username
+< subnet mask
 < vpn start action add
 < vpn wait
 < wlanap neighbor scan
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 4891b040a5..02284ddf35 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -113,6 +113,7 @@ $cgiparams{'START_ACTION'} = 'route';
 $cgiparams{'INACTIVITY_TIMEOUT'} = 1800;
 $cgiparams{'MODE'} = "tunnel";
 $cgiparams{'INTERFACE_MODE'} = "";
+$cgiparams{'INTERFACE_ADDRESS'} = "";
 &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
 
 ###
@@ -1327,6 +1328,7 @@ END
 		$cgiparams{'INACTIVITY_TIMEOUT'}	= $confighash{$cgiparams{'KEY'}}[34];
 		$cgiparams{'MODE'}			= $confighash{$cgiparams{'KEY'}}[35];
 		$cgiparams{'INTERFACE_MODE'}		= $confighash{$cgiparams{'KEY'}}[36];
+		$cgiparams{'INTERFACE_ADDRESS'}		= $confighash{$cgiparams{'KEY'}}[37];
 
 		if (!$cgiparams{'DPD_DELAY'}) {
 			$cgiparams{'DPD_DELAY'} = 30;
@@ -1873,6 +1875,7 @@ END
 	$confighash{$key}[34] = $cgiparams{'INACTIVITY_TIMEOUT'};
 	$confighash{$key}[35] = $cgiparams{'MODE'};
 	$confighash{$key}[36] = $cgiparams{'INTERFACE_MODE'};
+	$confighash{$key}[37] = $cgiparams{'INTERFACE_ADDRESS'};
 
 	# free unused fields!
 	$confighash{$key}[6] = 'off';
@@ -1949,6 +1952,7 @@ END
 	$cgiparams{'INACTIVITY_TIMEOUT'}        = 900;
 	$cgiparams{'MODE'}        		= "tunnel";
 	$cgiparams{'INTERFACE_MODE'}        	= "";
+	$cgiparams{'INTERFACE_ADDRESS'}        	= "";
 }
 
 VPNCONF_ERROR:
@@ -2007,6 +2011,7 @@ VPNCONF_ERROR:
 	<input type='hidden' name='INACTIVITY_TIMEOUT' value='$cgiparams{'INACTIVITY_TIMEOUT'}' />
 	<input type='hidden' name='MODE' value='$cgiparams{'MODE'}' />
 	<input type='hidden' name='INTERFACE_MODE' value='$cgiparams{'INTERFACE_MODE'}' />
+	<input type='hidden' name='INTERFACE_ADDRESS' value='$cgiparams{'INTERFACE_ADDRESS'}' />
 END
 ;
 	if ($cgiparams{'KEY'}) {
@@ -2311,6 +2316,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			goto ADVANCED_ERROR;
 		}
 
+		if (($cgiparams{'INTERFACE_MODE'} ne "") && !&Network::check_subnet($cgiparams{'INTERFACE_ADDRESS'})) {
+			$errormessage = $Lang::tr{'invalid input for interface address'};
+			goto ADVANCED_ERROR;
+		}
+
 		$confighash{$cgiparams{'KEY'}}[29] = $cgiparams{'IKE_VERSION'};
 		$confighash{$cgiparams{'KEY'}}[18] = $cgiparams{'IKE_ENCRYPTION'};
 		$confighash{$cgiparams{'KEY'}}[19] = $cgiparams{'IKE_INTEGRITY'};
@@ -2332,6 +2342,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		$confighash{$cgiparams{'KEY'}}[34] = $cgiparams{'INACTIVITY_TIMEOUT'};
 		$confighash{$cgiparams{'KEY'}}[35] = $cgiparams{'MODE'};
 		$confighash{$cgiparams{'KEY'}}[36] = $cgiparams{'INTERFACE_MODE'};
+		$confighash{$cgiparams{'KEY'}}[37] = $cgiparams{'INTERFACE_ADDRESS'};
 		&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 		&writeipsecfiles();
 		if (&vpnenabled) {
@@ -2363,6 +2374,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		$cgiparams{'INACTIVITY_TIMEOUT'}	= $confighash{$cgiparams{'KEY'}}[34];
 		$cgiparams{'MODE'}			= $confighash{$cgiparams{'KEY'}}[35];
 		$cgiparams{'INTERFACE_MODE'}		= $confighash{$cgiparams{'KEY'}}[36];
+		$cgiparams{'INTERFACE_ADDRESS'}		= $confighash{$cgiparams{'KEY'}}[37];
 
 		if (!$cgiparams{'DPD_DELAY'}) {
 			$cgiparams{'DPD_DELAY'} = 30;
@@ -2534,17 +2546,23 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 						<option value='transport' $selected{'MODE'}{'transport'}>$Lang::tr{'ipsec mode transport'}</option>
 					</select>
 				</td>
+				<td></td>
 			</tr>
 
 			<tr>
 				<td width="15%">$Lang::tr{'interface mode'}:</td>
 				<td>
+					<label></label>
 					<select name='INTERFACE_MODE'>
 						<option value='' $selected{'INTERFACE_MODE'}{''}>$Lang::tr{'ipsec interface mode none'}</option>
 						<option value='gre' $selected{'INTERFACE_MODE'}{'gre'}>$Lang::tr{'ipsec interface mode gre'}</option>
 						<option value='vti' $selected{'INTERFACE_MODE'}{'vti'}>$Lang::tr{'ipsec interface mode vti'}</option>
 					</select>
 				</td>
+				<td>
+					<label>$Lang::tr{'ip address'}/$Lang::tr{'subnet mask'}</label>
+					<input type="text" name="INTERFACE_ADDRESS" value="$cgiparams{'INTERFACE_ADDRESS'}">
+				</td>
 			</tr>
 		</tbody>
 	</table>
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 1211625c90..6683cb399d 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1427,6 +1427,7 @@
 'invalid input for hostname' => 'Invalid input for hostname.',
 'invalid input for ike lifetime' => 'Invalid input for IKE lifetime',
 'invalid input for inactivity timeout' => 'Invalid input for Inactivity Timeout',
+'invalid input for interface address' => 'Invalid input for interface address',
 'invalid input for interface mode' => 'Invalid input for interface mode',
 'invalid input for keepalive 1' => 'Invalid input for Keepalive ping',
 'invalid input for keepalive 1:2' => 'Invalid input for Keepalive use at least a ratio of 1:2',
@@ -2248,6 +2249,7 @@
 'subject warn' => 'Warning - warnlevel reached',
 'subnet' => 'Subnet',
 'subnet is invalid' => 'Netmask is invalid',
+'subnet mask' => 'Subnet Mask',
 'subscripted user rules' => 'Sourcefire VRT rules with subscription',
 'successfully refreshed updates list' => 'Successfully refreshed updates list.',
 'summaries kept' => 'Keep summaries for',
-- 
2.39.2