From mboxrd@z Thu Jan  1 00:00:00 1970
From: jbsky <blais.julien.30@gmail.com>
To: development@lists.ipfire.org
Subject: [PATCH 1/2] File modified : html/cgi-bin/vpnmain.cgi
Date: Mon, 09 Jul 2018 22:07:31 +0200
Message-ID: <20180709200731.28762-1-blais.julien.30@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5870813055750220724=="
List-Id: <development.lists.ipfire.org>

--===============5870813055750220724==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Added xauthrsasig option instead of cert in /var/ipfire/vpn/config.
By replacing cert with xauth in the 5th place option, the vpn connection is c=
onfigured to support xauthrsasig, ikev1 is also to be changed manually in the=
 file.
---
 html/cgi-bin/vpnmain.cgi | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 378acb326..a5c50dbda 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -304,7 +304,7 @@ sub writeipsecfiles {
 		}
=20
 		# Local Cert and Remote Cert (unless auth is DN dn-auth)
-		if ($lconfighash{$key}[4] eq 'cert') {
+		if (($lconfighash{$key}[4] eq 'cert')||($lconfighash{$key}[4] eq 'xauthrsa=
sig')) {
 			print CONF "\tleftcert=3D${General::swroot}/certs/hostcert.pem\n";
 			print CONF "\trightcert=3D${General::swroot}/certs/$lconfighash{$key}[1]c=
ert.pem\n" if ($lconfighash{$key}[2] ne '%auth-dn');
 		}
@@ -408,7 +408,12 @@ sub writeipsecfiles {
 				print SECRETS $psk_line;
 			}
 			print CONF "\tauthby=3Dsecret\n";
-		} else {
+		}
+		elsif ($lconfighash{$key}[4] eq 'xauthrsasig') {
+			print CONF "\tauthby=3Dxauthrsasig\n";
+			print CONF "\txauth=3Dserver\n";
+		}=20
+		else {
 			print CONF "\tauthby=3Drsasig\n";
 			print CONF "\tleftrsasigkey=3D%cert\n";
 			print CONF "\trightrsasigkey=3D%cert\n";
@@ -2841,7 +2846,7 @@ END
 	print "<td align=3D'center' nowrap=3D'nowrap' $col>" . $Lang::tr{"$configha=
sh{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ") $confighash{$ke=
y}[29]</td>";
 	if ($confighash{$key}[2] eq '%auth-dn') {
 		print "<td align=3D'left' nowrap=3D'nowrap' $col>$confighash{$key}[9]</td>=
";
-	} elsif ($confighash{$key}[4] eq 'cert') {
+	} elsif (($confighash{$key}[4] eq 'cert')||($confighash{$key}[4] eq 'xauthr=
sasig')) {
 		print "<td align=3D'left' nowrap=3D'nowrap' $col>$confighash{$key}[2]</td>=
";
 	} else {
 		print "<td align=3D'left' $col>&nbsp;</td>";
@@ -2893,7 +2898,7 @@ END
 	} else {
 		print "<td width=3D'2%' $col>&nbsp;</td>";
 	}
-	if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/certs/$configh=
ash{$key}[1].p12") {
+	if ((($confighash{$key}[4] eq 'cert')||($confighash{$key}[4] eq 'xauthrsasi=
g')) && -f "${General::swroot}/certs/$confighash{$key}[1].p12") {
 		print <<END
 		<td align=3D'center' $col>
 		<form method=3D'post' action=3D'$ENV{'SCRIPT_NAME'}'>
@@ -2904,7 +2909,7 @@ END
 	</td>
 END
 ;
-	} elsif (($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%aut=
h-dn')) {
+	} elsif ((($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%au=
th-dn'))||(($confighash{$key}[4] eq 'xauthrsasig') && ($confighash{$key}[2] n=
e '%auth-dn'))) {
 		print <<END
 		<td align=3D'center' $col>
 		<form method=3D'post' action=3D'$ENV{'SCRIPT_NAME'}'>
--=20
2.12.2


--===============5870813055750220724==--