###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2011 IPFire Team info@ipfire.org #
+# Copyright (C) 2007-2013 IPFire Team info@ipfire.org #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
use File::Copy;
use File::Temp qw/ tempfile tempdir /;
use strict;
-
+use Sort::Naturally;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}");
my $blue_cidr = "# Blue not defined";
-if ($netsettings{'BLUE_DEV'}) {
+if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
$blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}");
}
my $orange_cidr = "# Orange not defined";
-if ($netsettings{'ORANGE_DEV'}) {
+if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
$orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
}
$cgiparams{'ROOTCERT_CITY'} = '';
$cgiparams{'ROOTCERT_STATE'} = '';
$cgiparams{'RW_NET'} = '';
-
+$cgiparams{'DPD_DELAY'} = '30';
+$cgiparams{'DPD_TIMEOUT'} = '120';
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
###
foreach my $j (@ints) {
foreach my $k (@groups) {
if ($comma != 0) { print CONF ","; } else { $comma = 1; }
- print CONF "$i-$j-modp$k";
- }
+
+ my @l = split("", $k);
+ if ($l[0] eq "e") {
+ shift @l;
+ print CONF "$i-$j-ecp".join("", @l);
+ } else {
+ print CONF "$i-$j-modp$k";
+ }
}
+ }
}
if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms?
print CONF "!\n";
foreach my $k (@groups) {
if ($comma != 0) { print CONF ","; } else { $comma = 1; }
if ($pfs eq "on") {
- $modp = "-modp$k";
+ my @l = split("", $k);
+ if ($l[0] eq "e") {
+ $modp = "";
+ } else {
+ $modp = "-modp$k";
+ }
} else {
$modp = "";
}
print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on');
# Dead Peer Detection
- print CONF "\tdpddelay=30\n";
- print CONF "\tdpdtimeout=120\n";
+ print CONF "\tdpddelay=$lconfighash{$key}[30]\n";
+ print CONF "\tdpdtimeout=$lconfighash{$key}[31]\n";
print CONF "\tdpdaction=$lconfighash{$key}[27]\n";
# Build Authentication details: LEFTid RIGHTid : PSK psk
# Hook to regenerate the configuration files.
if ($ENV{"REMOTE_ADDR"} eq "") {
- writeipsecfiles;
+ writeipsecfiles();
exit(0);
}
goto SAVE_ERROR;
}
+ $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
$vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
$vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'};
$vpnsettings{'RW_NET'} = $cgiparams{'RW_NET'};
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
$cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14];
+ $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
+ $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
goto VPNCONF_ERROR;
}
+#temporary disabled (BUG 10294)
+# if ($cgiparams{'TYPE'} eq 'net'){
+# $errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'});
+# if ($errormessage ne ''){
+# goto VPNCONF_ERROR;
+# }
+#
+# }
if ($cgiparams{'AUTH'} eq 'psk') {
if (! length($cgiparams{'PSK'}) ) {
$errormessage = $Lang::tr{'pre-shared key is too short'};
my $key = $cgiparams{'KEY'};
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 28) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
$confighash{$key}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$key}[28] = $cgiparams{'PFS'};
$confighash{$key}[14] = $cgiparams{'VHOST'};
+ $confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'};
+ $confighash{$key}[31] = $cgiparams{'DPD_DELAY'};
#free unused fields!
$confighash{$key}[6] = 'off';
$cgiparams{'REMOTE_ID'} = '';
#use default advanced value
- $cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes128|3des'; #[18];
- $cgiparams{'IKE_INTEGRITY'} = 'sha|md5'; #[19];
- $cgiparams{'IKE_GROUPTYPE'} = '2048'; #[20];
- $cgiparams{'IKE_LIFETIME'} = '1'; #[16];
- $cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes128|3des'; #[21];
- $cgiparams{'ESP_INTEGRITY'} = 'sha1|md5'; #[22];
+ $cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[18];
+ $cgiparams{'IKE_INTEGRITY'} = 'sha2_256|sha|md5'; #[19];
+ $cgiparams{'IKE_GROUPTYPE'} = '4096|3072|2048|1536|1024'; #[20];
+ $cgiparams{'IKE_LIFETIME'} = '3'; #[16];
+ $cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[21];
+ $cgiparams{'ESP_INTEGRITY'} = 'sha2_256|sha1|md5'; #[22];
$cgiparams{'ESP_GROUPTYPE'} = ''; #[23];
- $cgiparams{'ESP_KEYLIFE'} = '8'; #[17];
+ $cgiparams{'ESP_KEYLIFE'} = '1'; #[17];
$cgiparams{'COMPRESSION'} = 'on'; #[13];
$cgiparams{'ONLY_PROPOSED'} = 'off'; #[24];
$cgiparams{'PFS'} = 'on'; #[28];
;
&Header::closebox();
} elsif (! $cgiparams{'KEY'}) {
- my $pskdisabled = ($vpnsettings{'VPN_IP'} eq '%defaultroute') ? "disabled='disabled'" : '' ;
- $cgiparams{'PSK'} = $Lang::tr{'vpn incompatible use of defaultroute'} if ($pskdisabled);
my $cakeydisabled = ( ! -f "${General::swroot}/private/cakey.pem" ) ? "disabled='disabled'" : '';
$cgiparams{'CERT_NAME'} = $Lang::tr{'vpn no full pki'} if ($cakeydisabled);
my $cacrtdisabled = ( ! -f "${General::swroot}/ca/cacert.pem" ) ? "disabled='disabled'" : '';
&Header::openbox('100%', 'left', $Lang::tr{'authentication'});
print <<END
<table width='100%' cellpadding='0' cellspacing='5' border='0'>
- <tr><td width='5%'><input type='radio' name='AUTH' value='psk' $checked{'AUTH'}{'psk'} $pskdisabled/></td>
+ <tr><td width='5%'><input type='radio' name='AUTH' value='psk' $checked{'AUTH'}{'psk'} /></td>
<td class='base' width='55%'>$Lang::tr{'use a pre-shared key'}</td>
- <td class='base' width='40%'><input type='password' name='PSK' size='30' value='$cgiparams{'PSK'}' $pskdisabled/></td></tr>
+ <td class='base' width='40%'><input type='password' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td></tr>
<tr><td colspan='3' bgcolor='#000000'></td></tr>
<tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td>
<td class='base'><hr />$Lang::tr{'upload a certificate request'}</td>
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes128|3des)$/) {
+ if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(sha2_512|sha2_256|sha|md5)$/) {
+ if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha|md5|aesxcbc)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) {
+ if ($val !~ /^(e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|1024|1536|2048|2048s256|2048s224|2048s160|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes128|3des)$/) {
+ if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(sha2_512|sha2_256|sha1|md5)$/) {
+ if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha1|md5|aesxcbc)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
}
if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
- $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096)$/) {
+ $cgiparams{'ESP_GROUPTYPE'} !~ /^ecp(192|224|256|384|512)(bp)?$/ &&
+ $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|2048s(256|224|160)|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
$confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'};
$confighash{$cgiparams{'KEY'}}[14] = $cgiparams{'VHOST'};
+ $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'};
+ $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'};
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
if (&vpnenabled) {
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
$cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14];
+ $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
+ $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net' || $confighash{$cgiparams{'KEY'}}[10]) {
$cgiparams{'VHOST'} = 'off';
ADVANCED_ERROR:
$checked{'IKE_ENCRYPTION'}{'aes256'} = '';
+ $checked{'IKE_ENCRYPTION'}{'aes192'} = '';
$checked{'IKE_ENCRYPTION'}{'aes128'} = '';
$checked{'IKE_ENCRYPTION'}{'3des'} = '';
+ $checked{'IKE_ENCRYPTION'}{'camellia256'} = '';
+ $checked{'IKE_ENCRYPTION'}{'camellia192'} = '';
+ $checked{'IKE_ENCRYPTION'}{'camellia128'} = '';
my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'});
foreach my $key (@temp) {$checked{'IKE_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'IKE_INTEGRITY'}{'sha2_512'} = '';
+ $checked{'IKE_INTEGRITY'}{'sha2_384'} = '';
$checked{'IKE_INTEGRITY'}{'sha2_256'} = '';
$checked{'IKE_INTEGRITY'}{'sha'} = '';
$checked{'IKE_INTEGRITY'}{'md5'} = '';
+ $checked{'IKE_INTEGRITY'}{'aesxcbc'} = '';
@temp = split('\|', $cgiparams{'IKE_INTEGRITY'});
foreach my $key (@temp) {$checked{'IKE_INTEGRITY'}{$key} = "selected='selected'"; }
$checked{'IKE_GROUPTYPE'}{'768'} = '';
# 768 is not supported by strongswan
$checked{'IKE_GROUPTYPE'}{'768'} = '';
-
$checked{'ESP_ENCRYPTION'}{'aes256'} = '';
+ $checked{'ESP_ENCRYPTION'}{'aes192'} = '';
$checked{'ESP_ENCRYPTION'}{'aes128'} = '';
$checked{'ESP_ENCRYPTION'}{'3des'} = '';
+ $checked{'ESP_ENCRYPTION'}{'camellia256'} = '';
+ $checked{'ESP_ENCRYPTION'}{'camellia192'} = '';
+ $checked{'ESP_ENCRYPTION'}{'camellia128'} = '';
@temp = split('\|', $cgiparams{'ESP_ENCRYPTION'});
foreach my $key (@temp) {$checked{'ESP_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'ESP_INTEGRITY'}{'sha2_512'} = '';
+ $checked{'ESP_INTEGRITY'}{'sha2_384'} = '';
$checked{'ESP_INTEGRITY'}{'sha2_256'} = '';
$checked{'ESP_INTEGRITY'}{'sha1'} = '';
$checked{'ESP_INTEGRITY'}{'md5'} = '';
+ $checked{'ESP_INTEGRITY'}{'aesxcbc'} = '';
@temp = split('\|', $cgiparams{'ESP_INTEGRITY'});
foreach my $key (@temp) {$checked{'ESP_INTEGRITY'}{$key} = "selected='selected'"; }
$checked{'ESP_GROUPTYPE'}{$cgiparams{'ESP_GROUPTYPE'}} = "selected='selected'";
<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
<table width='100%'>
- <tr><td class='boldbase' align='right' valign='top'>$Lang::tr{'ike encryption'}</td><td class='boldbase' valign='top'>
- <select name='IKE_ENCRYPTION' multiple='multiple' size='4'>
- <option value='aes256' $checked{'IKE_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
- <option value='aes128' $checked{'IKE_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
- <option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>3DES</option>
- </select></td>
-
- <td class='boldbase' align='right' valign='top'>$Lang::tr{'ike integrity'}</td><td class='boldbase' valign='top'>
- <select name='IKE_INTEGRITY' multiple='multiple' size='4'>
- <option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA</option>
- <option value='md5' $checked{'IKE_INTEGRITY'}{'md5'}>MD5</option>
- </select></td>
-
- <td class='boldbase' align='right' valign='top'>$Lang::tr{'ike grouptype'}</td><td class='boldbase' valign='top'>
- <select name='IKE_GROUPTYPE' multiple='multiple' size='4'>
- <option value='8192' $checked{'IKE_GROUPTYPE'}{'8192'}>MODP-8192</option>
- <option value='6144' $checked{'IKE_GROUPTYPE'}{'6144'}>MODP-6144</option>
- <option value='4096' $checked{'IKE_GROUPTYPE'}{'4096'}>MODP-4096</option>
- <option value='3072' $checked{'IKE_GROUPTYPE'}{'3072'}>MODP-3072</option>
- <option value='2048' $checked{'IKE_GROUPTYPE'}{'2048'}>MODP-2048</option>
- <option value='1536' $checked{'IKE_GROUPTYPE'}{'1536'}>MODP-1536</option>
- <option value='1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024</option>
- </select></td>
- </tr><tr>
- <td class='boldbase' align='right' valign='top'>$Lang::tr{'ike lifetime'}</td><td class='boldbase' valign='top'>
- <input type='text' name='IKE_LIFETIME' value='$cgiparams{'IKE_LIFETIME'}' size='5' /> $Lang::tr{'hours'}</td>
+ <thead>
+ <tr>
+ <th></th>
+ <th>IKE</th>
+ <th>ESP</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td class='boldbase'>$Lang::tr{'encryption'}</td>
+ <td class='boldbase'>
+ <select name='IKE_ENCRYPTION' multiple='multiple' size='6' style='width: 100%'>
+ <option value='aes256' $checked{'IKE_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
+ <option value='aes192' $checked{'IKE_ENCRYPTION'}{'aes192'}>AES (192 bit)</option>
+ <option value='aes128' $checked{'IKE_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
+ <option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>3DES</option>
+ <option value='camellia256' $checked{'IKE_ENCRYPTION'}{'camellia256'}>Camellia (256 bit)</option>
+ <option value='camellia192' $checked{'IKE_ENCRYPTION'}{'camellia192'}>Camellia (192 bit)</option>
+ <option value='camellia128' $checked{'IKE_ENCRYPTION'}{'camellia128'}>Camellia (128 bit)</option>
+ </select>
+ </td>
+ <td class='boldbase'>
+ <select name='ESP_ENCRYPTION' multiple='multiple' size='6' style='width: 100%'>
+ <option value='aes256' $checked{'ESP_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
+ <option value='aes192' $checked{'ESP_ENCRYPTION'}{'aes192'}>AES (192 bit)</option>
+ <option value='aes128' $checked{'ESP_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
+ <option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>3DES</option>
+ <option value='camellia256' $checked{'ESP_ENCRYPTION'}{'camellia256'}>Camellia (256 bit)</option>
+ <option value='camellia192' $checked{'ESP_ENCRYPTION'}{'camellia192'}>Camellia (192 bit)</option>
+ <option value='camellia128' $checked{'ESP_ENCRYPTION'}{'camellia128'}>Camellia (128 bit)</option>
+ </select>
+ </td>
+ </tr>
- </tr><tr>
- <td colspan='1'><hr /></td>
- </tr><tr>
- <td class='boldbase' align='right' valign='top'>$Lang::tr{'esp encryption'}</td><td class='boldbase' valign='top'>
- <select name='ESP_ENCRYPTION' multiple='multiple' size='4'>
- <option value='aes256' $checked{'ESP_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
- <option value='aes128' $checked{'ESP_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
- <option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>3DES</option>
-
- <td class='boldbase' align='right' valign='top'>$Lang::tr{'esp integrity'}</td><td class='boldbase' valign='top'>
- <select name='ESP_INTEGRITY' multiple='multiple' size='4'>
- <option value='sha1' $checked{'ESP_INTEGRITY'}{'sha1'}>SHA1</option>
- <option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option></select></td>
-
- <td class='boldbase' align='right' valign='top'>$Lang::tr{'esp grouptype'}</td><td class='boldbase' valign='top'>
- <select name='ESP_GROUPTYPE'>
- <option value=''>$Lang::tr{'phase1 group'}</option></select></td>
- </tr><tr>
- <td class='boldbase' align='right' valign='top'>$Lang::tr{'esp keylife'}</td><td class='boldbase' valign='top'>
- <input type='text' name='ESP_KEYLIFE' value='$cgiparams{'ESP_KEYLIFE'}' size='5' /> $Lang::tr{'hours'}</td>
- </tr><tr>
- <td colspan='1'><hr /></td>
- </tr><tr>
- <td colspan='5'><input type='checkbox' name='ONLY_PROPOSED' $checked{'ONLY_PROPOSED'} />
- IKE+ESP: $Lang::tr{'use only proposed settings'}</td>
- </tr><tr>
- <td colspan='5'><input type='checkbox' name='PFS' $checked{'PFS'} />
- $Lang::tr{'pfs yes no'}</td>
- <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
- </tr><tr>
- <td colspan='5'><input type='checkbox' name='COMPRESSION' $checked{'COMPRESSION'} />
- $Lang::tr{'vpn payload compression'}</td>
- <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td>
+ <tr>
+ <td class='boldbase'>$Lang::tr{'integrity'}</td>
+ <td class='boldbase'>
+ <select name='IKE_INTEGRITY' multiple='multiple' size='6' style='width: 100%'>
+ <option value='sha2_512' $checked{'IKE_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
+ <option value='sha2_384' $checked{'IKE_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
+ <option value='sha2_256' $checked{'IKE_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
+ <option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA1</option>
+ <option value='md5' $checked{'IKE_INTEGRITY'}{'md5'}>MD5</option>
+ <option value='aesxcbc' $checked{'IKE_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
+ </select>
+ </td>
+ <td class='boldbase'>
+ <select name='ESP_INTEGRITY' multiple='multiple' size='6' style='width: 100%'>
+ <option value='sha2_512' $checked{'ESP_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
+ <option value='sha2_384' $checked{'ESP_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
+ <option value='sha2_256' $checked{'ESP_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
+ <option value='sha1' $checked{'ESP_INTEGRITY'}{'sha1'}>SHA1</option>
+ <option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option>
+ <option value='aesxcbc' $checked{'ESP_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class='boldbase'>$Lang::tr{'lifetime'}</td>
+ <td class='boldbase'>
+ <input type='text' name='IKE_LIFETIME' value='$cgiparams{'IKE_LIFETIME'}' size='5' /> $Lang::tr{'hours'}
+ </td>
+ <td class='boldbase'>
+ <input type='text' name='ESP_KEYLIFE' value='$cgiparams{'ESP_KEYLIFE'}' size='5' /> $Lang::tr{'hours'}
+ </td>
+ </tr>
+ <tr>
+ <td class='boldbase'>$Lang::tr{'grouptype'}</td>
+ <td class='boldbase'>
+ <select name='IKE_GROUPTYPE' multiple='multiple' size='6' style='width: 100%'>
+ <option value='e521' $checked{'IKE_GROUPTYPE'}{'e521'}>ECP-521 (NIST)</option>
+ <option value='e384' $checked{'IKE_GROUPTYPE'}{'e384'}>ECP-384 (NIST)</option>
+ <option value='e256' $checked{'IKE_GROUPTYPE'}{'e256'}>ECP-256 (NIST)</option>
+ <option value='e224' $checked{'IKE_GROUPTYPE'}{'e224'}>ECP-224 (NIST)</option>
+ <option value='e192' $checked{'IKE_GROUPTYPE'}{'e192'}>ECP-192 (NIST)</option>
+ <option value='e512bp' $checked{'IKE_GROUPTYPE'}{'e512bp'}>ECP-512 (Brainpool)</option>
+ <option value='e384bp' $checked{'IKE_GROUPTYPE'}{'e384bp'}>ECP-384 (Brainpool)</option>
+ <option value='e256bp' $checked{'IKE_GROUPTYPE'}{'e256bp'}>ECP-256 (Brainpool)</option>
+ <option value='e224bp' $checked{'IKE_GROUPTYPE'}{'e224bp'}>ECP-224 (Brainpool)</option>
+ <option value='8192' $checked{'IKE_GROUPTYPE'}{'8192'}>MODP-8192</option>
+ <option value='6144' $checked{'IKE_GROUPTYPE'}{'6144'}>MODP-6144</option>
+ <option value='4096' $checked{'IKE_GROUPTYPE'}{'4096'}>MODP-4096</option>
+ <option value='3072' $checked{'IKE_GROUPTYPE'}{'3072'}>MODP-3072</option>
+ <option value='2048s256' $checked{'IKE_GROUPTYPE'}{'2048s256'}>MODP-2048/256</option>
+ <option value='2048s224' $checked{'IKE_GROUPTYPE'}{'2048s224'}>MODP-2048/224</option>
+ <option value='2048s160' $checked{'IKE_GROUPTYPE'}{'2048s160'}>MODP-2048/160</option>
+ <option value='2048' $checked{'IKE_GROUPTYPE'}{'2048'}>MODP-2048</option>
+ <option value='1536' $checked{'IKE_GROUPTYPE'}{'1536'}>MODP-1536</option>
+ <option value='1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024</option>
+ </select>
+ </td>
+ <td></td>
+ </tr>
+ </tbody>
+ </table>
+
+ <hr>
+
+ <table width="100%">
+ <tr>
+ <td colspan='2'>
+ <label>
+ <input type='checkbox' name='ONLY_PROPOSED' $checked{'ONLY_PROPOSED'} />
+ IKE+ESP: $Lang::tr{'use only proposed settings'}</td>
+ </label>
+ </td>
+ </tr>
+ <tr>
+ <td colspan='2'>
+ <label>
+ <input type='checkbox' name='PFS' $checked{'PFS'} />
+ $Lang::tr{'pfs yes no'}
+ </label>
+ </td>
+ </tr>
+ <tr>
+ <td colspan='2'>
+ <label>
+ <input type='checkbox' name='COMPRESSION' $checked{'COMPRESSION'} />
+ $Lang::tr{'vpn payload compression'}
+ </label>
+ </td>
+ </tr>
+ <tr>
+ <td width='20%'>
+ <label>
+ $Lang::tr{'dpd timeout'}
+ </label>
+ </td>
+ <td>
+ <input type='text' name='DPD_TIMEOUT' size='5' value='$cgiparams{'DPD_TIMEOUT'}' />
+ </td>
+ </tr>
+ <tr>
+ <td width='20%'>
+ <label>
+ $Lang::tr{'dpd delay'}
+ </label>
+ </td>
+ <td>
+ <input type='text' name='DPD_DELAY' size='5' value='$cgiparams{'DPD_DELAY'}' />
+ </td>
</tr>
EOF
;
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
print "<tr><td><input type='hidden' name='VHOST' value='off' /></td></tr>";
} elsif ($confighash{$cgiparams{'KEY'}}[10]) {
- print "<tr><td colspan='5'><input type='checkbox' name='VHOST' $checked{'VHOST'} disabled='disabled' />";
- print " $Lang::tr{'vpn vhost'}</td></tr>";
+ print "<tr><td><label><input type='checkbox' name='VHOST' $checked{'VHOST'} disabled='disabled' />";
+ print " $Lang::tr{'vpn vhost'}</label></td></tr>";
} else {
- print "<tr><td colspan='5'><input type='checkbox' name='VHOST' $checked{'VHOST'} />";
- print " $Lang::tr{'vpn vhost'}</td></tr>";
+ print "<tr><td><label><input type='checkbox' name='VHOST' $checked{'VHOST'} />";
+ print " $Lang::tr{'vpn vhost'}</label></td></tr>";
}
- print "</table></form>";
+ print <<EOF;
+ <tr>
+ <td align='right' colspan='2'>
+ <input type='submit' name='ACTION' value='$Lang::tr{'save'}' />
+ <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' />
+ </td>
+ </tr>
+ </table></form>
+EOF
+
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
;
my $id = 0;
my $gif;
- foreach my $key (keys %confighash) {
+ foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
if ($id % 2) {
projects / people / teissler / ipfire-2.x.git / blobdiff