From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 10/16] IPsec: Allow sending DNS server addresses to RW clients
Date: Thu, 28 May 2020 17:58:44 +0000
Message-ID: <20200528175850.12638-11-michael.tremer@ipfire.org>
In-Reply-To: <20200528175850.12638-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4319087927309096147=="
List-Id: <development.lists.ipfire.org>

--===============4319087927309096147==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 doc/language_issues.de   |  2 +-
 doc/language_issues.en   |  2 ++
 doc/language_issues.es   |  2 ++
 doc/language_issues.fr   |  2 +-
 doc/language_issues.it   |  2 +-
 doc/language_issues.nl   |  2 ++
 doc/language_issues.pl   |  2 ++
 doc/language_issues.ru   |  2 ++
 doc/language_issues.tr   |  2 +-
 doc/language_missings    |  8 ++++++
 html/cgi-bin/vpnmain.cgi | 54 ++++++++++++++++++++++++++++++++++------
 langs/en/cgi-bin/en.pl   |  1 +
 12 files changed, 69 insertions(+), 12 deletions(-)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 4c4a37742..ab074d94d 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -219,7 +219,6 @@ WARNING: translation string unused: dns new 1
 WARNING: translation string unused: dns saved
 WARNING: translation string unused: dns saved txt
 WARNING: translation string unused: dns server
-WARNING: translation string unused: dns servers
 WARNING: translation string unused: dnssec information
 WARNING: translation string unused: do not log this port list
 WARNING: translation string unused: domain not set
@@ -800,6 +799,7 @@ WARNING: untranslated string: guardian logtarget_file =3D=
 unknown string
 WARNING: untranslated string: guardian logtarget_syslog =3D unknown string
 WARNING: untranslated string: guardian no entries =3D unknown string
 WARNING: untranslated string: guardian service =3D unknown string
+WARNING: untranslated string: ipsec dns server address is invalid =3D Invali=
d DNS server IP address(es)
 WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoi=
nt =3D Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec roadwarrior endpoint =3D Host-to-Net End=
point
 WARNING: untranslated string: no entries =3D No entries at the moment.
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 9bef2930c..c05fc0800 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -624,6 +624,7 @@ WARNING: untranslated string: dns no address given =3D No=
 IP Address given.
 WARNING: untranslated string: dns no tls hostname given =3D No TLS hostname =
given.
 WARNING: untranslated string: dns proxy server =3D DNS Proxy Server
 WARNING: untranslated string: dns recursor mode =3D Recursor Mode
+WARNING: untranslated string: dns servers =3D DNS Servers
 WARNING: untranslated string: dns title =3D Domain Name System
 WARNING: untranslated string: dns tls hostname =3D TLS Hostname
 WARNING: untranslated string: dns use isp assigned nameservers =3D Use ISP-a=
ssigned DNS servers
@@ -1166,6 +1167,7 @@ WARNING: untranslated string: ipfires hostname =3D IPFi=
re's Hostname
 WARNING: untranslated string: ipinfo =3D IP info
 WARNING: untranslated string: ipsec =3D IPsec
 WARNING: untranslated string: ipsec connection =3D IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid =3D Invali=
d DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre =3D GRE
 WARNING: untranslated string: ipsec interface mode none =3D - None (Default)=
 -
 WARNING: untranslated string: ipsec interface mode vti =3D VTI
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 57a20d214..376af0dc4 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -833,6 +833,7 @@ WARNING: untranslated string: dns mode for qname minimisa=
tion =3D QNAME Minimisati
 WARNING: untranslated string: dns no address given =3D No IP Address given.
 WARNING: untranslated string: dns no tls hostname given =3D No TLS hostname =
given.
 WARNING: untranslated string: dns recursor mode =3D Recursor Mode
+WARNING: untranslated string: dns servers =3D DNS Servers
 WARNING: untranslated string: dns tls hostname =3D TLS Hostname
 WARNING: untranslated string: dns use isp assigned nameservers =3D Use ISP-a=
ssigned DNS servers
 WARNING: untranslated string: dns use protocol for dns queries =3D Protocol =
for DNS queries
@@ -1147,6 +1148,7 @@ WARNING: untranslated string: invalid ip or hostname =
=3D Invalid IP Address or Hos
 WARNING: untranslated string: invalid logserver protocol =3D Invalid syslogd=
 server protocol
 WARNING: untranslated string: ipsec =3D IPsec
 WARNING: untranslated string: ipsec connection =3D IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid =3D Invali=
d DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre =3D GRE
 WARNING: untranslated string: ipsec interface mode none =3D - None (Default)=
 -
 WARNING: untranslated string: ipsec interface mode vti =3D VTI
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 3fe75fd07..c52ef3972 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -246,7 +246,6 @@ WARNING: translation string unused: dns new 1
 WARNING: translation string unused: dns saved
 WARNING: translation string unused: dns saved txt
 WARNING: translation string unused: dns server
-WARNING: translation string unused: dns servers
 WARNING: translation string unused: dnssec information
 WARNING: translation string unused: do not log this port list
 WARNING: translation string unused: domain not set
@@ -839,6 +838,7 @@ WARNING: untranslated string: guardian logtarget_file =3D=
 unknown string
 WARNING: untranslated string: guardian logtarget_syslog =3D unknown string
 WARNING: untranslated string: guardian no entries =3D unknown string
 WARNING: untranslated string: guardian service =3D unknown string
+WARNING: untranslated string: ipsec dns server address is invalid =3D Invali=
d DNS server IP address(es)
 WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoi=
nt =3D Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec roadwarrior endpoint =3D Host-to-Net End=
point
 WARNING: untranslated string: pakfire ago =3D ago.
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 53cd94b90..be1f9c351 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -220,7 +220,6 @@ WARNING: translation string unused: dns new 1
 WARNING: translation string unused: dns saved
 WARNING: translation string unused: dns saved txt
 WARNING: translation string unused: dns server
-WARNING: translation string unused: dns servers
 WARNING: translation string unused: dnsforward forward_server
 WARNING: translation string unused: dnssec information
 WARNING: translation string unused: do not log this port list
@@ -983,6 +982,7 @@ WARNING: untranslated string: invalid input for valid til=
l days =3D Invalid input
 WARNING: untranslated string: invalid ip or hostname =3D Invalid IP Address =
or Hostname
 WARNING: untranslated string: invalid logserver protocol =3D Invalid syslogd=
 server protocol
 WARNING: untranslated string: ipsec connection =3D IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid =3D Invali=
d DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre =3D GRE
 WARNING: untranslated string: ipsec interface mode none =3D - None (Default)=
 -
 WARNING: untranslated string: ipsec interface mode vti =3D VTI
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 85a9cd587..21e1e8daa 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -856,6 +856,7 @@ WARNING: untranslated string: dns mode for qname minimisa=
tion =3D QNAME Minimisati
 WARNING: untranslated string: dns no address given =3D No IP Address given.
 WARNING: untranslated string: dns no tls hostname given =3D No TLS hostname =
given.
 WARNING: untranslated string: dns recursor mode =3D Recursor Mode
+WARNING: untranslated string: dns servers =3D DNS Servers
 WARNING: untranslated string: dns tls hostname =3D TLS Hostname
 WARNING: untranslated string: dns use isp assigned nameservers =3D Use ISP-a=
ssigned DNS servers
 WARNING: untranslated string: dns use protocol for dns queries =3D Protocol =
for DNS queries
@@ -992,6 +993,7 @@ WARNING: untranslated string: invalid input for valid til=
l days =3D Invalid input
 WARNING: untranslated string: invalid ip or hostname =3D Invalid IP Address =
or Hostname
 WARNING: untranslated string: invalid logserver protocol =3D Invalid syslogd=
 server protocol
 WARNING: untranslated string: ipsec connection =3D IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid =3D Invali=
d DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre =3D GRE
 WARNING: untranslated string: ipsec interface mode none =3D - None (Default)=
 -
 WARNING: untranslated string: ipsec interface mode vti =3D VTI
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 57a20d214..376af0dc4 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -833,6 +833,7 @@ WARNING: untranslated string: dns mode for qname minimisa=
tion =3D QNAME Minimisati
 WARNING: untranslated string: dns no address given =3D No IP Address given.
 WARNING: untranslated string: dns no tls hostname given =3D No TLS hostname =
given.
 WARNING: untranslated string: dns recursor mode =3D Recursor Mode
+WARNING: untranslated string: dns servers =3D DNS Servers
 WARNING: untranslated string: dns tls hostname =3D TLS Hostname
 WARNING: untranslated string: dns use isp assigned nameservers =3D Use ISP-a=
ssigned DNS servers
 WARNING: untranslated string: dns use protocol for dns queries =3D Protocol =
for DNS queries
@@ -1147,6 +1148,7 @@ WARNING: untranslated string: invalid ip or hostname =
=3D Invalid IP Address or Hos
 WARNING: untranslated string: invalid logserver protocol =3D Invalid syslogd=
 server protocol
 WARNING: untranslated string: ipsec =3D IPsec
 WARNING: untranslated string: ipsec connection =3D IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid =3D Invali=
d DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre =3D GRE
 WARNING: untranslated string: ipsec interface mode none =3D - None (Default)=
 -
 WARNING: untranslated string: ipsec interface mode vti =3D VTI
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 6ed13933a..dc8d83beb 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -837,6 +837,7 @@ WARNING: untranslated string: dns mode for qname minimisa=
tion =3D QNAME Minimisati
 WARNING: untranslated string: dns no address given =3D No IP Address given.
 WARNING: untranslated string: dns no tls hostname given =3D No TLS hostname =
given.
 WARNING: untranslated string: dns recursor mode =3D Recursor Mode
+WARNING: untranslated string: dns servers =3D DNS Servers
 WARNING: untranslated string: dns tls hostname =3D TLS Hostname
 WARNING: untranslated string: dns use isp assigned nameservers =3D Use ISP-a=
ssigned DNS servers
 WARNING: untranslated string: dns use protocol for dns queries =3D Protocol =
for DNS queries
@@ -1149,6 +1150,7 @@ WARNING: untranslated string: invalid ip or hostname =
=3D Invalid IP Address or Hos
 WARNING: untranslated string: invalid logserver protocol =3D Invalid syslogd=
 server protocol
 WARNING: untranslated string: ipsec =3D IPsec
 WARNING: untranslated string: ipsec connection =3D IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid =3D Invali=
d DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre =3D GRE
 WARNING: untranslated string: ipsec interface mode none =3D - None (Default)=
 -
 WARNING: untranslated string: ipsec interface mode vti =3D VTI
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 8821371f7..dd4d24ae3 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -242,7 +242,6 @@ WARNING: translation string unused: dns new 1
 WARNING: translation string unused: dns saved
 WARNING: translation string unused: dns saved txt
 WARNING: translation string unused: dns server
-WARNING: translation string unused: dns servers
 WARNING: translation string unused: dnsforward forward_server
 WARNING: translation string unused: dnssec information
 WARNING: translation string unused: do not log this port list
@@ -909,6 +908,7 @@ WARNING: untranslated string: invalid input for local ip =
address =3D Invalid input
 WARNING: untranslated string: invalid input for mode =3D Invalid input for m=
ode
 WARNING: untranslated string: invalid ip or hostname =3D Invalid IP Address =
or Hostname
 WARNING: untranslated string: ipsec connection =3D IPsec Connection
+WARNING: untranslated string: ipsec dns server address is invalid =3D Invali=
d DNS server IP address(es)
 WARNING: untranslated string: ipsec interface mode gre =3D GRE
 WARNING: untranslated string: ipsec interface mode none =3D - None (Default)=
 -
 WARNING: untranslated string: ipsec interface mode vti =3D VTI
diff --git a/doc/language_missings b/doc/language_missings
index 3034db5ba..fe0713fdf 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -37,6 +37,7 @@
 < g.dtm
 < g.lite
 < insert removable device
+< ipsec dns server address is invalid
 < ipsec invalid ip address or fqdn for rw endpoint
 < ipsec roadwarrior endpoint
 < no entries
@@ -567,6 +568,7 @@
 < invalid logserver protocol
 < ipsec
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -927,6 +929,7 @@
 < download apple profile
 < g.dtm
 < g.lite
+< ipsec dns server address is invalid
 < ipsec invalid ip address or fqdn for rw endpoint
 < ipsec roadwarrior endpoint
 < upload fcdsl.o
@@ -1138,6 +1141,7 @@
 < invalid ip or hostname
 < invalid logserver protocol
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -1514,6 +1518,7 @@
 < invalid ip or hostname
 < invalid logserver protocol
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -2211,6 +2216,7 @@
 < invalid logserver protocol
 < ipsec
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -3069,6 +3075,7 @@
 < invalid logserver protocol
 < ipsec
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
@@ -3483,6 +3490,7 @@
 < invalid input for mode
 < invalid ip or hostname
 < ipsec connection
+< ipsec dns server address is invalid
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 0d141cb88..93120ea44 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -124,6 +124,7 @@ $cgiparams{'MODE'} =3D "tunnel";
 $cgiparams{'INTERFACE_MODE'} =3D "";
 $cgiparams{'INTERFACE_ADDRESS'} =3D "";
 $cgiparams{'INTERFACE_MTU'} =3D 1500;
+$cgiparams{'DNS_SERVERS'} =3D "";
 &Header::getcgihash(\%cgiparams, {'wantfile' =3D> 1, 'filevar' =3D> 'FH'});
=20
 my %APPLE_CIPHERS =3D (
@@ -511,6 +512,13 @@ sub writeipsecfiles {
 		# Fragmentation
 		print CONF "\tfragmentation=3Dyes\n";
=20
+		# DNS Servers for RW
+		if ($lconfighash{$key}[3] eq 'host') {
+			my @servers =3D split(/\|/, $lconfighash{$key}[39]);
+
+			print CONF "\trightdns=3D" . join(",", @servers) . "\n";
+		}
+
 		print CONF "\n";
 	} #foreach key
=20
@@ -1612,6 +1620,7 @@ END
 		$cgiparams{'INTERFACE_MODE'}		=3D $confighash{$cgiparams{'KEY'}}[36];
 		$cgiparams{'INTERFACE_ADDRESS'}		=3D $confighash{$cgiparams{'KEY'}}[37];
 		$cgiparams{'INTERFACE_MTU'}		=3D $confighash{$cgiparams{'KEY'}}[38];
+		$cgiparams{'DNS_SERVERS'}		=3D $confighash{$cgiparams{'KEY'}}[39];
=20
 		if (!$cgiparams{'DPD_DELAY'}) {
 			$cgiparams{'DPD_DELAY'} =3D 30;
@@ -1745,6 +1754,16 @@ END
 			}
 		}
=20
+		if ($cgiparams{'TYPE'} eq 'host') {
+			my @servers =3D split(",", $cgiparams{'DNS_SERVERS'});
+			foreach my $server (@servers) {
+				unless (&Network::check_ip_address($server)) {
+					$errormessage =3D $Lang::tr{'ipsec dns server address is invalid'};
+					goto VPNCONF_ERROR;
+				}
+			}
+		}
+
 		if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
 			$errormessage =3D $Lang::tr{'invalid input'};
 			goto VPNCONF_ERROR;
@@ -2147,7 +2166,7 @@ END
 	my $key =3D $cgiparams{'KEY'};
 	if (! $key) {
 		$key =3D &General::findhasharraykey (\%confighash);
-		foreach my $i (0 .. 38) { $confighash{$key}[$i] =3D "";}
+		foreach my $i (0 .. 39) { $confighash{$key}[$i] =3D "";}
 	}
 	$confighash{$key}[0] =3D $cgiparams{'ENABLED'};
 	$confighash{$key}[1] =3D $cgiparams{'NAME'};
@@ -2198,6 +2217,7 @@ END
 	$confighash{$key}[36] =3D $cgiparams{'INTERFACE_MODE'};
 	$confighash{$key}[37] =3D $cgiparams{'INTERFACE_ADDRESS'};
 	$confighash{$key}[38] =3D $cgiparams{'INTERFACE_MTU'};
+	$confighash{$key}[39] =3D join("|", split(",", $cgiparams{'DNS_SERVERS'}));
=20
 	# free unused fields!
 	$confighash{$key}[15] =3D 'off';
@@ -2280,6 +2300,7 @@ END
 	$cgiparams{'INTERFACE_MODE'}        	=3D "";
 	$cgiparams{'INTERFACE_ADDRESS'}        	=3D "";
 	$cgiparams{'INTERFACE_MTU'}        	=3D 1500;
+	$cgiparams{'DNS_SERVERS'}        	=3D "";
 }
=20
 VPNCONF_ERROR:
@@ -2376,11 +2397,8 @@ END
 EOF
 	}
=20
-	my $disabled;
-	my $blob;
-	if ($cgiparams{'TYPE'} eq 'host') {
-		$disabled =3D "disabled=3D'disabled'";
-	} elsif ($cgiparams{'TYPE'} eq 'net') {
+	my $blob =3D "";
+	if ($cgiparams{'TYPE'} eq 'net') {
 		$blob =3D "<img src=3D'/blob.gif' alt=3D'*' />";
 	};
=20
@@ -2390,6 +2408,9 @@ EOF
 	my @remote_subnets =3D split(/\|/, $cgiparams{'REMOTE_SUBNET'});
 	my $remote_subnets =3D join(",", @remote_subnets);
=20
+	my @dns_servers =3D split(/\|/, $cgiparams{'DNS_SERVERS'});
+	my $dns_servers =3D join(",", @dns_servers);
+
 	print <<END;
 	<tr>
 		<td width=3D'20%'>$Lang::tr{'enabled'}</td>
@@ -2425,10 +2446,26 @@ END
 		<td width=3D'30%'>
 			<input type=3D'text' name=3D'LOCAL_SUBNET' value=3D'$local_subnets' size=
=3D"25" />
 		</td>
-		<td class=3D'boldbase' nowrap=3D'nowrap' width=3D'20%'>$Lang::tr{'remote s=
ubnet'}&nbsp;$blob</td>
+END
+
+	if ($cgiparams{'TYPE'} eq "net") {
+		print <<END;
+		<td class=3D'boldbase' nowrap=3D'nowrap' width=3D'20%'>$Lang::tr{'remote s=
ubnet'}&nbsp;<img src=3D'/blob.gif' alt=3D'*' /></td>
+		<td width=3D'30%'>
+			<input type=3D'text' name=3D'REMOTE_SUBNET' value=3D'$remote_subnets' siz=
e=3D"25" />
+		</td>
+END
+
+	} elsif ($cgiparams{'TYPE'} eq "host") {
+		print <<END;
+		<td class=3D'boldbase' nowrap=3D'nowrap' width=3D'20%'>$Lang::tr{'dns serv=
ers'}:</td>
 		<td width=3D'30%'>
-			<input $disabled type=3D'text' name=3D'REMOTE_SUBNET' value=3D'$remote_su=
bnets' size=3D"25" />
+			<input type=3D'text' name=3D'DNS_SERVERS' value=3D'$dns_servers' size=3D"=
25" />
 		</td>
+END
+	}
+
+	print <<END;
 	</tr>
 	<tr>
 		<td class=3D'boldbase' width=3D'20%'>$Lang::tr{'vpn local id'}:</td>
@@ -2764,6 +2801,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		$cgiparams{'INTERFACE_MODE'}		=3D $confighash{$cgiparams{'KEY'}}[36];
 		$cgiparams{'INTERFACE_ADDRESS'}		=3D $confighash{$cgiparams{'KEY'}}[37];
 		$cgiparams{'INTERFACE_MTU'}		=3D $confighash{$cgiparams{'KEY'}}[38];
+		$cgiparams{'DNS_SERVERS'}		=3D $confighash{$cgiparams{'KEY'}}[39];
=20
 		if (!$cgiparams{'DPD_DELAY'}) {
 			$cgiparams{'DPD_DELAY'} =3D 30;
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 54e8c404a..adc04f6b3 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1547,6 +1547,7 @@
 'ipinfo' =3D> 'IP info',
 'ipsec' =3D> 'IPsec',
 'ipsec connection' =3D> 'IPsec Connection',
+'ipsec dns server address is invalid' =3D> 'Invalid DNS server IP address(es=
)',
 'ipsec interface mode gre' =3D> 'GRE',
 'ipsec interface mode none' =3D> '- None (Default) -',
 'ipsec interface mode vti' =3D> 'VTI',
--=20
2.20.1


--===============4319087927309096147==--