From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/2] File modified : html/cgi-bin/vpnmain.cgi
Date: Tue, 10 Jul 2018 18:42:38 +0100
Message-ID: <4f2dd787847ba9181f7e7a68933b5bb733091230.camel@ipfire.org>
In-Reply-To: <20180709200731.28762-1-blais.julien.30@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8259904627500694343=="
List-Id: <development.lists.ipfire.org>

--===============8259904627500694343==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello Julien?!,

thanks for submitting this patch.

Could you go into more detail about what this patch is doing and why you need
it?

Best,
-Michael

On Mon, 2018-07-09 at 22:07 +0200, jbsky wrote:
> Added xauthrsasig option instead of cert in /var/ipfire/vpn/config.
> By replacing cert with xauth in the 5th place option, the vpn connection is
> configured to support xauthrsasig, ikev1 is also to be changed manually in =
the
> file.
> ---
>  html/cgi-bin/vpnmain.cgi | 15 ++++++++++-----
>  1 file changed, 10 insertions(+), 5 deletions(-)
>=20
> diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
> index 378acb326..a5c50dbda 100644
> --- a/html/cgi-bin/vpnmain.cgi
> +++ b/html/cgi-bin/vpnmain.cgi
> @@ -304,7 +304,7 @@ sub writeipsecfiles {
>  		}
> =20
>  		# Local Cert and Remote Cert (unless auth is DN dn-auth)
> -		if ($lconfighash{$key}[4] eq 'cert') {
> +		if (($lconfighash{$key}[4] eq 'cert')||($lconfighash{$key}[4]
> eq 'xauthrsasig')) {
>  			print CONF
> "\tleftcert=3D${General::swroot}/certs/hostcert.pem\n";
>  			print CONF
> "\trightcert=3D${General::swroot}/certs/$lconfighash{$key}[1]cert.pem\n" if
> ($lconfighash{$key}[2] ne '%auth-dn');
>  		}
> @@ -408,7 +408,12 @@ sub writeipsecfiles {
>  				print SECRETS $psk_line;
>  			}
>  			print CONF "\tauthby=3Dsecret\n";
> -		} else {
> +		}
> +		elsif ($lconfighash{$key}[4] eq 'xauthrsasig') {
> +			print CONF "\tauthby=3Dxauthrsasig\n";
> +			print CONF "\txauth=3Dserver\n";
> +		}=20
> +		else {
>  			print CONF "\tauthby=3Drsasig\n";
>  			print CONF "\tleftrsasigkey=3D%cert\n";
>  			print CONF "\trightrsasigkey=3D%cert\n";
> @@ -2841,7 +2846,7 @@ END
>  	print "<td align=3D'center' nowrap=3D'nowrap' $col>" .
> $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"=
} .
> ") $confighash{$key}[29]</td>";
>  	if ($confighash{$key}[2] eq '%auth-dn') {
>  		print "<td align=3D'left' nowrap=3D'nowrap'
> $col>$confighash{$key}[9]</td>";
> -	} elsif ($confighash{$key}[4] eq 'cert') {
> +	} elsif (($confighash{$key}[4] eq 'cert')||($confighash{$key}[4] eq
> 'xauthrsasig')) {
>  		print "<td align=3D'left' nowrap=3D'nowrap'
> $col>$confighash{$key}[2]</td>";
>  	} else {
>  		print "<td align=3D'left' $col>&nbsp;</td>";
> @@ -2893,7 +2898,7 @@ END
>  	} else {
>  		print "<td width=3D'2%' $col>&nbsp;</td>";
>  	}
> -	if ($confighash{$key}[4] eq 'cert' && -f
> "${General::swroot}/certs/$confighash{$key}[1].p12") {
> +	if ((($confighash{$key}[4] eq 'cert')||($confighash{$key}[4] eq
> 'xauthrsasig')) && -f "${General::swroot}/certs/$confighash{$key}[1].p12") {
>  		print <<END
>  		<td align=3D'center' $col>
>  		<form method=3D'post' action=3D'$ENV{'SCRIPT_NAME'}'>
> @@ -2904,7 +2909,7 @@ END
>  	</td>
>  END
>  ;
> -	} elsif (($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne
> '%auth-dn')) {
> +	} elsif ((($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2]
> ne '%auth-dn'))||(($confighash{$key}[4] eq 'xauthrsasig') &&
> ($confighash{$key}[2] ne '%auth-dn'))) {
>  		print <<END
>  		<td align=3D'center' $col>
>  		<form method=3D'post' action=3D'$ENV{'SCRIPT_NAME'}'>

--===============8259904627500694343==--