[PATCH 05/16] vpnmain.cgi: Add field for roadwarrior endpoint

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 05/16] vpnmain.cgi: Add field for roadwarrior endpoint
Date: Thu, 28 May 2020 17:58:39 +0000	[thread overview]
Message-ID: <20200528175850.12638-6-michael.tremer@ipfire.org> (raw)
In-Reply-To: <20200528175850.12638-1-michael.tremer@ipfire.org>

[-- Attachment #1: Type: text/plain, Size: 16549 bytes --]

This is the IP address or FQDN which will be written into
Apple Configuration profiles as public peer address.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 doc/language_issues.de   |  2 ++
 doc/language_issues.en   |  2 ++
 doc/language_issues.es   |  2 ++
 doc/language_issues.fr   |  2 ++
 doc/language_issues.it   |  2 ++
 doc/language_issues.nl   |  2 ++
 doc/language_issues.pl   |  2 ++
 doc/language_issues.ru   |  2 ++
 doc/language_issues.tr   |  2 ++
 doc/language_missings    | 16 ++++++++++++++++
 html/cgi-bin/vpnmain.cgi | 21 ++++++++++++++++++++-
 langs/en/cgi-bin/en.pl   |  2 ++
 12 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index d53bfa601..4c4a37742 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -800,6 +800,8 @@ WARNING: untranslated string: guardian logtarget_file = unknown string
 WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: no entries = No entries at the moment.
 WARNING: untranslated string: pakfire invalid tree = Invalid repository selected
 WARNING: untranslated string: route config changed = unknown string
diff --git a/doc/language_issues.en b/doc/language_issues.en
index dc40a08bb..9bef2930c 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1169,9 +1169,11 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: iptmangles = IPTable Mangles
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 933e99eca..57a20d214 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1150,9 +1150,11 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index fd9f8296c..3fe75fd07 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -839,6 +839,8 @@ WARNING: untranslated string: guardian logtarget_file = unknown string
 WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: pakfire ago = ago.
 WARNING: untranslated string: route config changed = unknown string
 WARNING: untranslated string: routing config added = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index e77b1ef3f..53cd94b90 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -986,8 +986,10 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index ca6dec27e..85a9cd587 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -995,8 +995,10 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 933e99eca..57a20d214 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1150,9 +1150,11 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 1fed38304..6ed13933a 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1152,9 +1152,11 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index c716af76d..8821371f7 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -912,8 +912,10 @@ WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit
diff --git a/doc/language_missings b/doc/language_missings
index cff74f9b0..3034db5ba 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -37,6 +37,8 @@
 < g.dtm
 < g.lite
 < insert removable device
+< ipsec invalid ip address or fqdn for rw endpoint
+< ipsec roadwarrior endpoint
 < no entries
 < notes
 < okay
@@ -568,10 +570,12 @@
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
 < ipsec network
 < ipsec no connections
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -923,6 +927,8 @@
 < download apple profile
 < g.dtm
 < g.lite
+< ipsec invalid ip address or fqdn for rw endpoint
+< ipsec roadwarrior endpoint
 < upload fcdsl.o
 ############################################################################
 # Checking cgi-bin translations for language: it                           #
@@ -1135,8 +1141,10 @@
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -1509,8 +1517,10 @@
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -2204,10 +2214,12 @@
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
 < ipsec network
 < ipsec no connections
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -3060,10 +3072,12 @@
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
 < ipsec network
 < ipsec no connections
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -3472,8 +3486,10 @@
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index c004b6087..61efcc72c 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -26,6 +26,7 @@ use File::Copy;
 use File::Temp qw/ tempfile tempdir /;
 use strict;
 use Sort::Naturally;
+use Sys::Hostname;
 # enable only the following on debugging purpose
 #use warnings;
 #use CGI::Carp 'fatalsToBrowser';
@@ -112,6 +113,7 @@ $cgiparams{'ROOTCERT_EMAIL'} = '';
 $cgiparams{'ROOTCERT_OU'} = '';
 $cgiparams{'ROOTCERT_CITY'} = '';
 $cgiparams{'ROOTCERT_STATE'} = '';
+$cgiparams{'RW_ENDPOINT'} = '';
 $cgiparams{'RW_NET'} = '';
 $cgiparams{'DPD_DELAY'} = '30';
 $cgiparams{'DPD_TIMEOUT'} = '120';
@@ -507,12 +509,18 @@ if ($ENV{"REMOTE_ADDR"} eq "") {
 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
 	&General::readhash("${General::swroot}/vpn/settings", \%vpnsettings);
 
+	if ($cgiparams{'RW_ENDPOINT'} ne '' && !&General::validip($cgiparams{'RW_ENDPOINT'}) && !&General::validfqdn($cgiparams{'RW_ENDPOINT'})) {
+		$errormessage = $Lang::tr{'ipsec invalid ip address or fqdn for rw endpoint'};
+		goto SAVE_ERROR;
+	}
+
 	if ( $cgiparams{'RW_NET'} ne '' and !&General::validipandmask($cgiparams{'RW_NET'}) ) {
 		$errormessage = $Lang::tr{'urlfilter invalid ip or mask error'};
 		goto SAVE_ERROR;
 	}
 
 	$vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
+	$vpnsettings{'RW_ENDPOINT'} = $cgiparams{'RW_ENDPOINT'};
 	$vpnsettings{'RW_NET'} = $cgiparams{'RW_NET'};
 	&General::writehash("${General::swroot}/vpn/settings", \%vpnsettings);
 	&writeipsecfiles();
@@ -1182,6 +1190,10 @@ END
 
 # Export Apple profile to browser
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download apple profile'}) {
+	# Read global configuration
+	&General::readhash("${General::swroot}/vpn/settings", \%vpnsettings);
+
+	# Read connections
 	&General::readhasharray("${General::swroot}/vpn/config", \%confighash);
 	my $key = $cgiparams{'KEY'};
 
@@ -1209,6 +1221,9 @@ END
 	print "Content-Disposition: attachment; filename=" . $confighash{$key}[1] . ".mobileconfig\n";
 	print "\n"; # end headers
 
+	# Use our own FQDN if nothing else is configured
+	my $endpoint = ($vpnsettings{'RW_ENDPOINT'} ne "") ? $vpnsettings{'RW_ENDPOINT'} : &hostname();
+
 	print "<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n";
 	print "<plist version=\"1.0\">\n";
 	print "	<dict>\n";
@@ -1240,7 +1255,7 @@ END
 	print "				<key>IKEv2</key>\n";
 	print "				<dict>\n";
 	print "					<key>RemoteAddress</key>\n";
-	print "					<string>18.206.152.26</string>\n";
+	print "					<string>$endpoint</string>\n";
 
 	# Left ID
 	if ($confighash{$key}[9]) {
@@ -3081,6 +3096,10 @@ EOF
 				<input type='checkbox' name='ENABLED' $checked{'ENABLED'} />
 			</td>
 		</tr>
+		<tr>
+			<td class='base' nowrap='nowrap' width="60%">$Lang::tr{'ipsec roadwarrior endpoint'}:</td>
+			<td width="40%"><input type='text' name='RW_ENDPOINT' value='$cgiparams{'RW_ENDPOINT'}' /></td>
+		</tr>
 		<tr>
 			<td class='base' nowrap='nowrap' width="60%">$Lang::tr{'host to net vpn'}:</td>
 			<td width="40%"><input type='text' name='RW_NET' value='$cgiparams{'RW_NET'}' /></td>
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index aaf1d4978..54e8c404a 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1550,10 +1550,12 @@
 'ipsec interface mode gre' => 'GRE',
 'ipsec interface mode none' => '- None (Default) -',
 'ipsec interface mode vti' => 'VTI',
+'ipsec invalid ip address or fqdn for rw endpoint' => 'Invalid IP address or FQDN for Host-to-Net Endpoint',
 'ipsec mode transport' => 'Transport',
 'ipsec mode tunnel' => 'Tunnel',
 'ipsec network' => 'IPsec network',
 'ipsec no connections' => 'No active IPsec connections',
+'ipsec roadwarrior endpoint' => 'Host-to-Net Endpoint',
 'ipsec routing table entries' => 'IPsec Routing Table Entries',
 'ipsec settings' => 'IPsec Settings',
 'iptable rules' => 'IPTable rules',
-- 
2.20.1

next prev parent reply	other threads:[~2020-05-28 17:58 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-28 17:58 Easy IPsec connections for macOS & iOS Michael Tremer
2020-05-28 17:58 ` [PATCH 01/16] IPsec: Use sane defaults for certificate lifetimes Michael Tremer
2020-05-28 17:58 ` [PATCH 02/16] IPsec: Add prototype to export Apple Configuration profiles Michael Tremer
2020-05-28 17:58 ` [PATCH 03/16] perl: Package Data::UUID Michael Tremer
2020-05-28 17:58 ` [PATCH 04/16] vpnmain.cgi: Generate random UUIDs Michael Tremer
2020-05-28 17:58 ` Michael Tremer [this message]
2020-05-28 17:58 ` [PATCH 06/16] vpnmain.cgi: Fix indentation on Apple profiles Michael Tremer
2020-05-28 17:58 ` [PATCH 07/16] IPsec: Apple: Enable PFS on client when enabled Michael Tremer
2020-05-28 17:58 ` [PATCH 08/16] IPsec: Apple: Add desired cipher suites to profiles Michael Tremer
2020-05-28 17:58 ` [PATCH 09/16] IPsec: Apple: Stop prompting for credentials Michael Tremer
2020-05-28 17:58 ` [PATCH 10/16] IPsec: Allow sending DNS server addresses to RW clients Michael Tremer
2020-05-28 17:58 ` [PATCH 11/16] IPsec: Always send our host certificate to all " Michael Tremer
2020-05-28 17:58 ` [PATCH 12/16] IPsec: Set display name for VPN connections Michael Tremer
2020-05-28 17:58 ` [PATCH 13/16] IPsec: Ensure that iOS VPNs are always connected Michael Tremer
2020-05-28 17:58 ` [PATCH 14/16] IPsec: Strip @ from IDs in Apple profile Michael Tremer
2020-05-28 17:58 ` [PATCH 15/16] Revert "IPsec: Apple: Stop prompting for credentials" Michael Tremer
2020-05-28 17:58 ` [PATCH 16/16] IPsec: Add CA certificate in Apple profile Michael Tremer
2020-05-28 18:30 ` Easy IPsec connections for macOS & iOS Tom Rymes
2020-05-28 18:58   ` Michael Tremer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200528175850.12638-6-michael.tremer@ipfire.org \
    --to=michael.tremer@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox