From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 05/16] vpnmain.cgi: Add field for roadwarrior endpoint Date: Thu, 28 May 2020 17:58:39 +0000 Message-ID: <20200528175850.12638-6-michael.tremer@ipfire.org> In-Reply-To: <20200528175850.12638-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2615150252609585992==" List-Id: --===============2615150252609585992== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is the IP address or FQDN which will be written into Apple Configuration profiles as public peer address. Signed-off-by: Michael Tremer --- doc/language_issues.de | 2 ++ doc/language_issues.en | 2 ++ doc/language_issues.es | 2 ++ doc/language_issues.fr | 2 ++ doc/language_issues.it | 2 ++ doc/language_issues.nl | 2 ++ doc/language_issues.pl | 2 ++ doc/language_issues.ru | 2 ++ doc/language_issues.tr | 2 ++ doc/language_missings | 16 ++++++++++++++++ html/cgi-bin/vpnmain.cgi | 21 ++++++++++++++++++++- langs/en/cgi-bin/en.pl | 2 ++ 12 files changed, 56 insertions(+), 1 deletion(-) diff --git a/doc/language_issues.de b/doc/language_issues.de index d53bfa601..4c4a37742 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -800,6 +800,8 @@ WARNING: untranslated string: guardian logtarget_file =3D= unknown string WARNING: untranslated string: guardian logtarget_syslog =3D unknown string WARNING: untranslated string: guardian no entries =3D unknown string WARNING: untranslated string: guardian service =3D unknown string +WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoi= nt =3D Invalid IP address or FQDN for Host-to-Net Endpoint +WARNING: untranslated string: ipsec roadwarrior endpoint =3D Host-to-Net End= point WARNING: untranslated string: no entries =3D No entries at the moment. WARNING: untranslated string: pakfire invalid tree =3D Invalid repository se= lected WARNING: untranslated string: route config changed =3D unknown string diff --git a/doc/language_issues.en b/doc/language_issues.en index dc40a08bb..9bef2930c 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1169,9 +1169,11 @@ WARNING: untranslated string: ipsec connection =3D IPs= ec Connection WARNING: untranslated string: ipsec interface mode gre =3D GRE WARNING: untranslated string: ipsec interface mode none =3D - None (Default)= - WARNING: untranslated string: ipsec interface mode vti =3D VTI +WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoi= nt =3D Invalid IP address or FQDN for Host-to-Net Endpoint WARNING: untranslated string: ipsec mode transport =3D Transport WARNING: untranslated string: ipsec mode tunnel =3D Tunnel WARNING: untranslated string: ipsec network =3D IPsec network +WARNING: untranslated string: ipsec roadwarrior endpoint =3D Host-to-Net End= point WARNING: untranslated string: ipsec routing table entries =3D IPsec Routing = Table Entries WARNING: untranslated string: ipsec settings =3D IPsec Settings WARNING: untranslated string: iptmangles =3D IPTable Mangles diff --git a/doc/language_issues.es b/doc/language_issues.es index 933e99eca..57a20d214 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1150,9 +1150,11 @@ WARNING: untranslated string: ipsec connection =3D IPs= ec Connection WARNING: untranslated string: ipsec interface mode gre =3D GRE WARNING: untranslated string: ipsec interface mode none =3D - None (Default)= - WARNING: untranslated string: ipsec interface mode vti =3D VTI +WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoi= nt =3D Invalid IP address or FQDN for Host-to-Net Endpoint WARNING: untranslated string: ipsec mode transport =3D Transport WARNING: untranslated string: ipsec mode tunnel =3D Tunnel WARNING: untranslated string: ipsec network =3D IPsec network +WARNING: untranslated string: ipsec roadwarrior endpoint =3D Host-to-Net End= point WARNING: untranslated string: ipsec routing table entries =3D IPsec Routing = Table Entries WARNING: untranslated string: ipsec settings =3D IPsec Settings WARNING: untranslated string: itlb multihit =3D iTLB MultiHit diff --git a/doc/language_issues.fr b/doc/language_issues.fr index fd9f8296c..3fe75fd07 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -839,6 +839,8 @@ WARNING: untranslated string: guardian logtarget_file =3D= unknown string WARNING: untranslated string: guardian logtarget_syslog =3D unknown string WARNING: untranslated string: guardian no entries =3D unknown string WARNING: untranslated string: guardian service =3D unknown string +WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoi= nt =3D Invalid IP address or FQDN for Host-to-Net Endpoint +WARNING: untranslated string: ipsec roadwarrior endpoint =3D Host-to-Net End= point WARNING: untranslated string: pakfire ago =3D ago. WARNING: untranslated string: route config changed =3D unknown string WARNING: untranslated string: routing config added =3D unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index e77b1ef3f..53cd94b90 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -986,8 +986,10 @@ WARNING: untranslated string: ipsec connection =3D IPsec= Connection WARNING: untranslated string: ipsec interface mode gre =3D GRE WARNING: untranslated string: ipsec interface mode none =3D - None (Default)= - WARNING: untranslated string: ipsec interface mode vti =3D VTI +WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoi= nt =3D Invalid IP address or FQDN for Host-to-Net Endpoint WARNING: untranslated string: ipsec mode transport =3D Transport WARNING: untranslated string: ipsec mode tunnel =3D Tunnel +WARNING: untranslated string: ipsec roadwarrior endpoint =3D Host-to-Net End= point WARNING: untranslated string: ipsec routing table entries =3D IPsec Routing = Table Entries WARNING: untranslated string: ipsec settings =3D IPsec Settings WARNING: untranslated string: itlb multihit =3D iTLB MultiHit diff --git a/doc/language_issues.nl b/doc/language_issues.nl index ca6dec27e..85a9cd587 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -995,8 +995,10 @@ WARNING: untranslated string: ipsec connection =3D IPsec= Connection WARNING: untranslated string: ipsec interface mode gre =3D GRE WARNING: untranslated string: ipsec interface mode none =3D - None (Default)= - WARNING: untranslated string: ipsec interface mode vti =3D VTI +WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoi= nt =3D Invalid IP address or FQDN for Host-to-Net Endpoint WARNING: untranslated string: ipsec mode transport =3D Transport WARNING: untranslated string: ipsec mode tunnel =3D Tunnel +WARNING: untranslated string: ipsec roadwarrior endpoint =3D Host-to-Net End= point WARNING: untranslated string: ipsec routing table entries =3D IPsec Routing = Table Entries WARNING: untranslated string: ipsec settings =3D IPsec Settings WARNING: untranslated string: itlb multihit =3D iTLB MultiHit diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 933e99eca..57a20d214 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1150,9 +1150,11 @@ WARNING: untranslated string: ipsec connection =3D IPs= ec Connection WARNING: untranslated string: ipsec interface mode gre =3D GRE WARNING: untranslated string: ipsec interface mode none =3D - None (Default)= - WARNING: untranslated string: ipsec interface mode vti =3D VTI +WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoi= nt =3D Invalid IP address or FQDN for Host-to-Net Endpoint WARNING: untranslated string: ipsec mode transport =3D Transport WARNING: untranslated string: ipsec mode tunnel =3D Tunnel WARNING: untranslated string: ipsec network =3D IPsec network +WARNING: untranslated string: ipsec roadwarrior endpoint =3D Host-to-Net End= point WARNING: untranslated string: ipsec routing table entries =3D IPsec Routing = Table Entries WARNING: untranslated string: ipsec settings =3D IPsec Settings WARNING: untranslated string: itlb multihit =3D iTLB MultiHit diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 1fed38304..6ed13933a 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1152,9 +1152,11 @@ WARNING: untranslated string: ipsec connection =3D IPs= ec Connection WARNING: untranslated string: ipsec interface mode gre =3D GRE WARNING: untranslated string: ipsec interface mode none =3D - None (Default)= - WARNING: untranslated string: ipsec interface mode vti =3D VTI +WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoi= nt =3D Invalid IP address or FQDN for Host-to-Net Endpoint WARNING: untranslated string: ipsec mode transport =3D Transport WARNING: untranslated string: ipsec mode tunnel =3D Tunnel WARNING: untranslated string: ipsec network =3D IPsec network +WARNING: untranslated string: ipsec roadwarrior endpoint =3D Host-to-Net End= point WARNING: untranslated string: ipsec routing table entries =3D IPsec Routing = Table Entries WARNING: untranslated string: ipsec settings =3D IPsec Settings WARNING: untranslated string: itlb multihit =3D iTLB MultiHit diff --git a/doc/language_issues.tr b/doc/language_issues.tr index c716af76d..8821371f7 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -912,8 +912,10 @@ WARNING: untranslated string: ipsec connection =3D IPsec= Connection WARNING: untranslated string: ipsec interface mode gre =3D GRE WARNING: untranslated string: ipsec interface mode none =3D - None (Default)= - WARNING: untranslated string: ipsec interface mode vti =3D VTI +WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoi= nt =3D Invalid IP address or FQDN for Host-to-Net Endpoint WARNING: untranslated string: ipsec mode transport =3D Transport WARNING: untranslated string: ipsec mode tunnel =3D Tunnel +WARNING: untranslated string: ipsec roadwarrior endpoint =3D Host-to-Net End= point WARNING: untranslated string: ipsec routing table entries =3D IPsec Routing = Table Entries WARNING: untranslated string: ipsec settings =3D IPsec Settings WARNING: untranslated string: itlb multihit =3D iTLB MultiHit diff --git a/doc/language_missings b/doc/language_missings index cff74f9b0..3034db5ba 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -37,6 +37,8 @@ < g.dtm < g.lite < insert removable device +< ipsec invalid ip address or fqdn for rw endpoint +< ipsec roadwarrior endpoint < no entries < notes < okay @@ -568,10 +570,12 @@ < ipsec interface mode gre < ipsec interface mode none < ipsec interface mode vti +< ipsec invalid ip address or fqdn for rw endpoint < ipsec mode transport < ipsec mode tunnel < ipsec network < ipsec no connections +< ipsec roadwarrior endpoint < ipsec routing table entries < ipsec settings < itlb multihit @@ -923,6 +927,8 @@ < download apple profile < g.dtm < g.lite +< ipsec invalid ip address or fqdn for rw endpoint +< ipsec roadwarrior endpoint < upload fcdsl.o ############################################################################ # Checking cgi-bin translations for language: it # @@ -1135,8 +1141,10 @@ < ipsec interface mode gre < ipsec interface mode none < ipsec interface mode vti +< ipsec invalid ip address or fqdn for rw endpoint < ipsec mode transport < ipsec mode tunnel +< ipsec roadwarrior endpoint < ipsec routing table entries < ipsec settings < itlb multihit @@ -1509,8 +1517,10 @@ < ipsec interface mode gre < ipsec interface mode none < ipsec interface mode vti +< ipsec invalid ip address or fqdn for rw endpoint < ipsec mode transport < ipsec mode tunnel +< ipsec roadwarrior endpoint < ipsec routing table entries < ipsec settings < itlb multihit @@ -2204,10 +2214,12 @@ < ipsec interface mode gre < ipsec interface mode none < ipsec interface mode vti +< ipsec invalid ip address or fqdn for rw endpoint < ipsec mode transport < ipsec mode tunnel < ipsec network < ipsec no connections +< ipsec roadwarrior endpoint < ipsec routing table entries < ipsec settings < itlb multihit @@ -3060,10 +3072,12 @@ < ipsec interface mode gre < ipsec interface mode none < ipsec interface mode vti +< ipsec invalid ip address or fqdn for rw endpoint < ipsec mode transport < ipsec mode tunnel < ipsec network < ipsec no connections +< ipsec roadwarrior endpoint < ipsec routing table entries < ipsec settings < itlb multihit @@ -3472,8 +3486,10 @@ < ipsec interface mode gre < ipsec interface mode none < ipsec interface mode vti +< ipsec invalid ip address or fqdn for rw endpoint < ipsec mode transport < ipsec mode tunnel +< ipsec roadwarrior endpoint < ipsec routing table entries < ipsec settings < itlb multihit diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index c004b6087..61efcc72c 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -26,6 +26,7 @@ use File::Copy; use File::Temp qw/ tempfile tempdir /; use strict; use Sort::Naturally; +use Sys::Hostname; # enable only the following on debugging purpose #use warnings; #use CGI::Carp 'fatalsToBrowser'; @@ -112,6 +113,7 @@ $cgiparams{'ROOTCERT_EMAIL'} =3D ''; $cgiparams{'ROOTCERT_OU'} =3D ''; $cgiparams{'ROOTCERT_CITY'} =3D ''; $cgiparams{'ROOTCERT_STATE'} =3D ''; +$cgiparams{'RW_ENDPOINT'} =3D ''; $cgiparams{'RW_NET'} =3D ''; $cgiparams{'DPD_DELAY'} =3D '30'; $cgiparams{'DPD_TIMEOUT'} =3D '120'; @@ -507,12 +509,18 @@ if ($ENV{"REMOTE_ADDR"} eq "") { if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' &&= $cgiparams{'KEY'} eq '') { &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings); =20 + if ($cgiparams{'RW_ENDPOINT'} ne '' && !&General::validip($cgiparams{'RW_EN= DPOINT'}) && !&General::validfqdn($cgiparams{'RW_ENDPOINT'})) { + $errormessage =3D $Lang::tr{'ipsec invalid ip address or fqdn for rw endpo= int'}; + goto SAVE_ERROR; + } + if ( $cgiparams{'RW_NET'} ne '' and !&General::validipandmask($cgiparams{'R= W_NET'}) ) { $errormessage =3D $Lang::tr{'urlfilter invalid ip or mask error'}; goto SAVE_ERROR; } =20 $vpnsettings{'ENABLED'} =3D $cgiparams{'ENABLED'}; + $vpnsettings{'RW_ENDPOINT'} =3D $cgiparams{'RW_ENDPOINT'}; $vpnsettings{'RW_NET'} =3D $cgiparams{'RW_NET'}; &General::writehash("${General::swroot}/vpn/settings", \%vpnsettings); &writeipsecfiles(); @@ -1182,6 +1190,10 @@ END =20 # Export Apple profile to browser } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download apple profile'}) { + # Read global configuration + &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings); + + # Read connections &General::readhasharray("${General::swroot}/vpn/config", \%confighash); my $key =3D $cgiparams{'KEY'}; =20 @@ -1209,6 +1221,9 @@ END print "Content-Disposition: attachment; filename=3D" . $confighash{$key}[1]= . ".mobileconfig\n"; print "\n"; # end headers =20 + # Use our own FQDN if nothing else is configured + my $endpoint =3D ($vpnsettings{'RW_ENDPOINT'} ne "") ? $vpnsettings{'RW_END= POINT'} : &hostname(); + print "\n"; print "\n"; print " \n"; @@ -1240,7 +1255,7 @@ END print " IKEv2\n"; print " \n"; print " RemoteAddress\n"; - print " 18.206.152.26\n"; + print " $endpoint\n"; =20 # Left ID if ($confighash{$key}[9]) { @@ -3081,6 +3096,10 @@ EOF + + $Lang::tr{'ipsec roadw= arrior endpoint'}: + + $Lang::tr{'host to net= vpn'}: diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index aaf1d4978..54e8c404a 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1550,10 +1550,12 @@ 'ipsec interface mode gre' =3D> 'GRE', 'ipsec interface mode none' =3D> '- None (Default) -', 'ipsec interface mode vti' =3D> 'VTI', +'ipsec invalid ip address or fqdn for rw endpoint' =3D> 'Invalid IP address = or FQDN for Host-to-Net Endpoint', 'ipsec mode transport' =3D> 'Transport', 'ipsec mode tunnel' =3D> 'Tunnel', 'ipsec network' =3D> 'IPsec network', 'ipsec no connections' =3D> 'No active IPsec connections', +'ipsec roadwarrior endpoint' =3D> 'Host-to-Net Endpoint', 'ipsec routing table entries' =3D> 'IPsec Routing Table Entries', 'ipsec settings' =3D> 'IPsec Settings', 'iptable rules' =3D> 'IPTable rules', --=20 2.20.1 --===============2615150252609585992==--