X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=43d574ce5c95c0b9207aa7525956853ce93e2c0a;hp=2d9058d0523dad099fbd079565a4d06799f2ff9b;hb=cbb3a8f91e2e7aa220b5bc9e9773fa4547f0ce85;hpb=568438067cfef263b683f97b9350776f62396e04
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 2d9058d05..43d574ce5 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -104,7 +104,8 @@ $cgiparams{'ROOTCERT_OU'} = '';
$cgiparams{'ROOTCERT_CITY'} = '';
$cgiparams{'ROOTCERT_STATE'} = '';
$cgiparams{'RW_NET'} = '';
-
+$cgiparams{'DPD_DELAY'} = '30';
+$cgiparams{'DPD_TIMEOUT'} = '120';
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
###
@@ -384,10 +385,19 @@ sub writeipsecfiles {
print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on');
# Dead Peer Detection
- print CONF "\tdpddelay=30\n";
- print CONF "\tdpdtimeout=120\n";
print CONF "\tdpdaction=$lconfighash{$key}[27]\n";
+ my $dpddelay = $lconfighash{$key}[30];
+ if (!$dpddelay) {
+ $dpddelay = 30;
+ }
+ print CONF "\tdpddelay=$dpddelay\n";
+ my $dpdtimeout = $lconfighash{$key}[31];
+ if (!$dpdtimeout) {
+ $dpdtimeout = 120;
+ }
+ print CONF "\tdpdtimeout=$dpdtimeout\n";
+
# Build Authentication details: LEFTid RIGHTid : PSK psk
my $psk_line;
if ($lconfighash{$key}[4] eq 'psk') {
@@ -1274,6 +1284,16 @@ END
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
$cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14];
+ $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
+ $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
+
+ if (!$cgiparams{'DPD_DELAY'}) {
+ $cgiparams{'DPD_DELAY'} = 30;
+ }
+
+ if (!$cgiparams{'DPD_TIMEOUT'}) {
+ $cgiparams{'DPD_TIMEOUT'} = 120;
+ }
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
@@ -1748,7 +1768,7 @@ END
my $key = $cgiparams{'KEY'};
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 28) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
@@ -1788,6 +1808,8 @@ END
$confighash{$key}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$key}[28] = $cgiparams{'PFS'};
$confighash{$key}[14] = $cgiparams{'VHOST'};
+ $confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'};
+ $confighash{$key}[31] = $cgiparams{'DPD_DELAY'};
#free unused fields!
$confighash{$key}[6] = 'off';
@@ -1828,6 +1850,14 @@ END
$cgiparams{'DPD_ACTION'} = 'restart';
}
+ if (!$cgiparams{'DPD_DELAY'}) {
+ $cgiparams{'DPD_DELAY'} = 30;
+ }
+
+ if (!$cgiparams{'DPD_TIMEOUT'}) {
+ $cgiparams{'DPD_TIMEOUT'} = 120;
+ }
+
# Default IKE Version to v2
if (!$cgiparams{'IKE_VERSION'}) {
$cgiparams{'IKE_VERSION'} = 'ikev2';
@@ -1869,11 +1899,6 @@ END
$checked{'AUTH'}{'auth-dn'} = '';
$checked{'AUTH'}{$cgiparams{'AUTH'}} = "checked='checked'";
- $selected{'DPD_ACTION'}{'clear'} = '';
- $selected{'DPD_ACTION'}{'hold'} = '';
- $selected{'DPD_ACTION'}{'restart'} = '';
- $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
-
$selected{'IKE_VERSION'}{'ikev1'} = '';
$selected{'IKE_VERSION'}{'ikev2'} = '';
$selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'";
@@ -1910,6 +1935,9 @@ END
+
+
+
END
;
if ($cgiparams{'KEY'}) {
@@ -1965,13 +1993,7 @@ END
-
$Lang::tr{'dpd action'}: |
-
- |
+ |
$Lang::tr{'remark title'} |
|
@@ -2101,7 +2123,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes192|aes128|3des)$/) {
+ if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2123,7 +2145,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(e521|e384|e256|e224|e192|1024|1536|2048|3072|4096|6144|8192)$/) {
+ if ($val !~ /^(e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|1024|1536|2048|2048s256|2048s224|2048s160|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2142,7 +2164,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes256|aes192|aes128|3des)$/) {
+ if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2159,8 +2181,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
}
}
if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
- $cgiparams{'ESP_GROUPTYPE'} !~ /^ecp(192|224|256|384|512)$/ &&
- $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096|6144|8192)$/) {
+ $cgiparams{'ESP_GROUPTYPE'} !~ /^ecp(192|224|256|384|512)(bp)?$/ &&
+ $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|2048s(256|224|160)|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2184,6 +2206,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
+ if ($cgiparams{'DPD_DELAY'} !~ /^\d+$/) {
+ $errormessage = $Lang::tr{'invalid input for dpd delay'};
+ goto ADVANCED_ERROR;
+ }
+
+ if ($cgiparams{'DPD_TIMEOUT'} !~ /^\d+$/) {
+ $errormessage = $Lang::tr{'invalid input for dpd timeout'};
+ goto ADVANCED_ERROR;
+ }
+
$confighash{$cgiparams{'KEY'}}[18] = $cgiparams{'IKE_ENCRYPTION'};
$confighash{$cgiparams{'KEY'}}[19] = $cgiparams{'IKE_INTEGRITY'};
$confighash{$cgiparams{'KEY'}}[20] = $cgiparams{'IKE_GROUPTYPE'};
@@ -2197,6 +2229,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'};
$confighash{$cgiparams{'KEY'}}[14] = $cgiparams{'VHOST'};
+ $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'};
+ $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'};
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
if (&vpnenabled) {
@@ -2217,6 +2251,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
$cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14];
+ $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
+ $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
+
+ if (!$cgiparams{'DPD_DELAY'}) {
+ $cgiparams{'DPD_DELAY'} = 30;
+ }
+
+ if (!$cgiparams{'DPD_TIMEOUT'}) {
+ $cgiparams{'DPD_TIMEOUT'} = 120;
+ }
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net' || $confighash{$cgiparams{'KEY'}}[10]) {
$cgiparams{'VHOST'} = 'off';
@@ -2228,6 +2272,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'IKE_ENCRYPTION'}{'aes192'} = '';
$checked{'IKE_ENCRYPTION'}{'aes128'} = '';
$checked{'IKE_ENCRYPTION'}{'3des'} = '';
+ $checked{'IKE_ENCRYPTION'}{'camellia256'} = '';
+ $checked{'IKE_ENCRYPTION'}{'camellia192'} = '';
+ $checked{'IKE_ENCRYPTION'}{'camellia128'} = '';
my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'});
foreach my $key (@temp) {$checked{'IKE_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'IKE_INTEGRITY'}{'sha2_512'} = '';
@@ -2256,6 +2303,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'ESP_ENCRYPTION'}{'aes192'} = '';
$checked{'ESP_ENCRYPTION'}{'aes128'} = '';
$checked{'ESP_ENCRYPTION'}{'3des'} = '';
+ $checked{'ESP_ENCRYPTION'}{'camellia256'} = '';
+ $checked{'ESP_ENCRYPTION'}{'camellia192'} = '';
+ $checked{'ESP_ENCRYPTION'}{'camellia128'} = '';
@temp = split('\|', $cgiparams{'ESP_ENCRYPTION'});
foreach my $key (@temp) {$checked{'ESP_ENCRYPTION'}{$key} = "selected='selected'"; }
$checked{'ESP_INTEGRITY'}{'sha2_512'} = '';
@@ -2273,6 +2323,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ;
$checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ? "checked='checked'" : '' ;
+ $selected{'DPD_ACTION'}{'clear'} = '';
+ $selected{'DPD_ACTION'}{'hold'} = '';
+ $selected{'DPD_ACTION'}{'restart'} = '';
+ $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
+
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -2298,96 +2353,180 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
+
+
+
+ $Lang::tr{'dead peer detection'}
+
+
+
+
+
+ ";
+ print <
+
+
+
+ |
+
+
+EOF
+
&Header::closebox();
&Header::closebigbox();
&Header::closepage();