- This adds the base64 encoded PSK into the config file and when the ipsec.secrets file is created the PSK is base64 decoded to write it to the file. The ipsec.secrets file surrounds the PSK with single quotation marks so that character is not allowed to be used in the PSK but anything else can be. - Tested out on my vm system and shown to be working. New PSK with various characters characters including commas was base64 encoded before putting into the config file and therefore was accepted by the code. If a single quotation mark was used in the PSK then the error message about invalid characters was shown.
Fixes: Bug13029 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- html/cgi-bin/vpnmain.cgi | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) mode change 100644 => 100755 html/cgi-bin/vpnmain.cgi
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi old mode 100644 new mode 100755 index 25e0f0a53..bde5e11bc --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -481,7 +481,8 @@ sub writeipsecfiles { if ($lconfighash{$key}[4] eq 'psk') { $psk_line = ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside) . " " ; $psk_line .= $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfighash{$key}[10]; #remoteid or remote address? - $psk_line .= " : PSK '$lconfighash{$key}[5]'\n"; + my $decoded_psk = MIME::Base64::decode_base64($lconfighash{$key}[5]); + $psk_line .= " : PSK '$decoded_psk'\n"; # if the line contains %any, it is less specific than two IP or ID, so move it at end of file. if ($psk_line =~ /%any/) { $last_secrets .= $psk_line; @@ -2260,7 +2261,7 @@ END $confighash{$key}[3] = $cgiparams{'TYPE'}; if ($cgiparams{'AUTH'} eq 'psk') { $confighash{$key}[4] = 'psk'; - $confighash{$key}[5] = $cgiparams{'PSK'}; + $confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, ""); } else { $confighash{$key}[4] = 'cert'; }
- As all characters, except for the single quotation mark, are now allowed in the PSK with the base64 encoding implemented then the error message in the English Lang file has been changed to explicitly mention the single quotation mark rather than characters as a generic message.
Fixes: Bug13029 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- doc/language_issues.de | 2 +- doc/language_issues.en | 6 ++++-- doc/language_issues.es | 2 +- doc/language_issues.fr | 2 +- doc/language_issues.it | 4 ++-- doc/language_issues.nl | 4 +++- doc/language_issues.pl | 4 +++- doc/language_issues.ru | 4 +++- doc/language_issues.tr | 4 ++-- doc/language_missings | 8 ++++++++ langs/en/cgi-bin/en.pl | 2 +- 11 files changed, 29 insertions(+), 13 deletions(-)
diff --git a/doc/language_issues.de b/doc/language_issues.de index 79b21fe24..757b566e6 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -517,7 +517,6 @@ WARNING: translation string unused: network time WARNING: translation string unused: network traffic graphs WARNING: translation string unused: network updated WARNING: translation string unused: networks settings -WARNING: translation string unused: never WARNING: translation string unused: new optionsfw must boot WARNING: translation string unused: no alcatelusb firmware WARNING: translation string unused: no cfg upload @@ -942,6 +941,7 @@ WARNING: untranslated string: netbios nameserver daemon = NetBIOS Nameserver Dae WARNING: untranslated string: no entries = No entries at the moment. WARNING: untranslated string: optional = Optional WARNING: untranslated string: pakfire invalid tree = Invalid repository selected +WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. diff --git a/doc/language_issues.en b/doc/language_issues.en index 2541ccf88..a20121638 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -680,7 +680,7 @@ WARNING: untranslated string: drop action = Default behaviour of (forward) firew WARNING: untranslated string: drop action1 = Default behaviour of (outgoing) firewall in mode "Blocked" WARNING: untranslated string: drop action2 = Default behaviour of (input) firewall WARNING: untranslated string: drop forward = Log dropped forward packets -WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.) +WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/blocklists/do-not-route-or-peer/" target="_blank">Spamhaus DROP</a>, etc.) WARNING: untranslated string: drop input = Log dropped input packets WARNING: untranslated string: drop newnotsyn = Log dropped new not SYN packets WARNING: untranslated string: drop outgoing = Log dropped outgoing packets @@ -1116,7 +1116,7 @@ WARNING: untranslated string: intrusion detection = Intrusion Prevention WARNING: untranslated string: intrusion detection system = Intrusion Prevention System WARNING: untranslated string: intrusion detection system rules = Ruleset WARNING: untranslated string: invalid broadcast ip = Invalid broadcast IP -WARNING: untranslated string: invalid characters found in pre-shared key = Invalid characters found in pre-shared key. +WARNING: untranslated string: invalid characters found in pre-shared key = Invalid single quotation mark found in pre-shared key. WARNING: untranslated string: invalid default lease time = Invalid default lease time. WARNING: untranslated string: invalid domain name = Invalid domain name. WARNING: untranslated string: invalid end address = Invalid end address. @@ -1382,6 +1382,7 @@ WARNING: untranslated string: network time from = Obtain time from a network tim WARNING: untranslated string: network traffic graphs external = Net-Traffic graphs (external) WARNING: untranslated string: network traffic graphs internal = Net-Traffic graphs (internal) WARNING: untranslated string: network traffic graphs others = Network (others) +WARNING: untranslated string: never = Never WARNING: untranslated string: new optionsfw later = Some options need a reboot to take effect WARNING: untranslated string: newer = Newer WARNING: untranslated string: next = next @@ -1584,6 +1585,7 @@ WARNING: untranslated string: red1 = RED WARNING: untranslated string: references = References WARNING: untranslated string: refresh = Refresh WARNING: untranslated string: refresh index page while connected = Refresh index.cgi page while connected +WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. diff --git a/doc/language_issues.es b/doc/language_issues.es index 4949d9335..b124927aa 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -566,7 +566,6 @@ WARNING: translation string unused: network time WARNING: translation string unused: network traffic graphs WARNING: translation string unused: network updated WARNING: translation string unused: networks settings -WARNING: translation string unused: never WARNING: translation string unused: new optionsfw must boot WARNING: translation string unused: no alcatelusb firmware WARNING: translation string unused: no cfg upload @@ -1003,6 +1002,7 @@ WARNING: untranslated string: no data = unknown string WARNING: untranslated string: openvpn cert expires soon = Expires Soon WARNING: untranslated string: openvpn cert has expired = Expired WARNING: untranslated string: pakfire ago = ago. +WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. diff --git a/doc/language_issues.fr b/doc/language_issues.fr index fb29de25c..9a290fb58 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -545,7 +545,6 @@ WARNING: translation string unused: network time WARNING: translation string unused: network traffic graphs WARNING: translation string unused: network updated WARNING: translation string unused: networks settings -WARNING: translation string unused: never WARNING: translation string unused: new optionsfw must boot WARNING: translation string unused: no alcatelusb firmware WARNING: translation string unused: no cfg upload @@ -947,6 +946,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: ids provider eol = (EOL) WARNING: untranslated string: pakfire ago = ago. +WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: system time = System Time (as of last page load) diff --git a/doc/language_issues.it b/doc/language_issues.it index 680cc5f4e..b85041c74 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -504,7 +504,6 @@ WARNING: translation string unused: network time WARNING: translation string unused: network traffic graphs WARNING: translation string unused: network updated WARNING: translation string unused: networks settings -WARNING: translation string unused: never WARNING: translation string unused: new optionsfw must boot WARNING: translation string unused: no alcatelusb firmware WARNING: translation string unused: no cfg upload @@ -972,7 +971,7 @@ WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is WARNING: untranslated string: dnsforward forward_servers = Nameservers WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: download apple profile = Download Apple Configuration Profile -WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.) +WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/blocklists/do-not-route-or-peer/" target="_blank">Spamhaus DROP</a>, etc.) WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians WARNING: untranslated string: duration = Duration WARNING: untranslated string: eight hours = 8 Hours @@ -1221,6 +1220,7 @@ WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received +WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. diff --git a/doc/language_issues.nl b/doc/language_issues.nl index de9dc112a..adf28c036 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -976,7 +976,7 @@ WARNING: untranslated string: dnssec validating = DNSSEC Validating WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: download apple profile = Download Apple Configuration Profile WARNING: untranslated string: download tls-auth key = Download tls-auth key -WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.) +WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/blocklists/do-not-route-or-peer/" target="_blank">Spamhaus DROP</a>, etc.) WARNING: untranslated string: drop outgoing = Log dropped outgoing packets WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians WARNING: untranslated string: duration = Duration @@ -1201,6 +1201,7 @@ WARNING: untranslated string: monitor interface = Monitor Interface WARNING: untranslated string: mtu = MTU WARNING: untranslated string: nameserver = Nameserver WARNING: untranslated string: netbios nameserver daemon = NetBIOS Nameserver Daemon +WARNING: untranslated string: never = Never WARNING: untranslated string: no data = unknown string WARNING: untranslated string: no entries = No entries at the moment. WARNING: untranslated string: none = none @@ -1243,6 +1244,7 @@ WARNING: untranslated string: ptr = PTR WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received +WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. diff --git a/doc/language_issues.pl b/doc/language_issues.pl index d52c29f6b..d15f00f91 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -963,7 +963,7 @@ WARNING: untranslated string: drop action = Default behaviour of (forward) firew WARNING: untranslated string: drop action1 = Default behaviour of (outgoing) firewall in mode "Blocked" WARNING: untranslated string: drop action2 = Default behaviour of (input) firewall WARNING: untranslated string: drop forward = Log dropped forward packets -WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.) +WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/blocklists/do-not-route-or-peer/" target="_blank">Spamhaus DROP</a>, etc.) WARNING: untranslated string: drop outgoing = Log dropped outgoing packets WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians WARNING: untranslated string: duration = Duration @@ -1355,6 +1355,7 @@ WARNING: untranslated string: most preferred = most preferred WARNING: untranslated string: mtu = MTU WARNING: untranslated string: nameserver = Nameserver WARNING: untranslated string: netbios nameserver daemon = NetBIOS Nameserver Daemon +WARNING: untranslated string: never = Never WARNING: untranslated string: no data = unknown string WARNING: untranslated string: no entries = No entries at the moment. WARNING: untranslated string: none = none @@ -1424,6 +1425,7 @@ WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received WARNING: untranslated string: red1 = RED +WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 3436c4a6e..d052eefac 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -960,7 +960,7 @@ WARNING: untranslated string: drop action = Default behaviour of (forward) firew WARNING: untranslated string: drop action1 = Default behaviour of (outgoing) firewall in mode "Blocked" WARNING: untranslated string: drop action2 = Default behaviour of (input) firewall WARNING: untranslated string: drop forward = Log dropped forward packets -WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.) +WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/blocklists/do-not-route-or-peer/" target="_blank">Spamhaus DROP</a>, etc.) WARNING: untranslated string: drop outgoing = Log dropped outgoing packets WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians WARNING: untranslated string: duration = Duration @@ -1353,6 +1353,7 @@ WARNING: untranslated string: most preferred = most preferred WARNING: untranslated string: mtu = MTU WARNING: untranslated string: nameserver = Nameserver WARNING: untranslated string: netbios nameserver daemon = NetBIOS Nameserver Daemon +WARNING: untranslated string: never = Never WARNING: untranslated string: no data = unknown string WARNING: untranslated string: no entries = No entries at the moment. WARNING: untranslated string: none = none @@ -1419,6 +1420,7 @@ WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received WARNING: untranslated string: red1 = RED +WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. diff --git a/doc/language_issues.tr b/doc/language_issues.tr index ca57075b1..6e077d586 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -533,7 +533,6 @@ WARNING: translation string unused: network time WARNING: translation string unused: network traffic graphs WARNING: translation string unused: network updated WARNING: translation string unused: networks settings -WARNING: translation string unused: never WARNING: translation string unused: new optionsfw must boot WARNING: translation string unused: no alcatelusb firmware WARNING: translation string unused: no cfg upload @@ -952,7 +951,7 @@ WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is WARNING: untranslated string: dnsforward forward_servers = Nameservers WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: download apple profile = Download Apple Configuration Profile -WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.) +WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/blocklists/do-not-route-or-peer/" target="_blank">Spamhaus DROP</a>, etc.) WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians WARNING: untranslated string: duration = Duration WARNING: untranslated string: email recipient invalid = Invalid email recipient @@ -1131,6 +1130,7 @@ WARNING: untranslated string: ptr = PTR WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received +WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. diff --git a/doc/language_missings b/doc/language_missings index a214b8f9a..4c657f099 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -81,6 +81,7 @@ < quick control < random number generator daemon < regenerate host certificate +< reg_file_data_sampling < reiserfs warning1 < reiserfs warning2 < required @@ -134,6 +135,7 @@ < openvpn cert expires soon < openvpn cert has expired < regenerate host certificate +< reg_file_data_sampling < reiserfs warning1 < reiserfs warning2 < service boot setting unavailable @@ -156,6 +158,7 @@ < hostile networks total < ids provider eol < ids unsupported provider +< reg_file_data_sampling < system time < timeformat < upload fcdsl.o @@ -548,6 +551,7 @@ < rebooting ipfire fsck < received < regenerate host certificate +< reg_file_data_sampling < reiserfs warning1 < reiserfs warning2 < release @@ -1098,6 +1102,7 @@ < rebooting ipfire fsck < received < regenerate host certificate +< reg_file_data_sampling < reiserfs warning1 < reiserfs warning2 < required @@ -1988,6 +1993,7 @@ < received < red1 < regenerate host certificate +< reg_file_data_sampling < reiserfs warning1 < reiserfs warning2 < release @@ -2989,6 +2995,7 @@ < received < red1 < regenerate host certificate +< reg_file_data_sampling < reiserfs warning1 < reiserfs warning2 < release @@ -3470,6 +3477,7 @@ < rebooting ipfire fsck < received < regenerate host certificate +< reg_file_data_sampling < reiserfs warning1 < reiserfs warning2 < release diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a9fb3a6f7..40753cf62 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1515,7 +1515,7 @@ 'intrusion prevention system' => 'Intrusion Prevention System', 'invalid broadcast ip' => 'Invalid broadcast IP', 'invalid cache size' => 'Invalid cache size.', -'invalid characters found in pre-shared key' => 'Invalid characters found in pre-shared key.', +'invalid characters found in pre-shared key' => 'Invalid single quotation mark found in pre-shared key.', 'invalid date entered' => 'Invalid date entered.', 'invalid default lease time' => 'Invalid default lease time.', 'invalid domain name' => 'Invalid domain name.',
- An additional key was defined for a PSK being base64 encoded. All existing PSK's that are not base64 encoded will have that key empty. This enables base64 encoded PSK's and non base64 encoded PSK'sd to be differentiated. - If the PSK connection is disabled and then enabled with a non base64 encoded PSK the PSK will be left as it is. If the edit page is selected and Save pressed, even if nothing has been modified, then the PSK will be converted to a base64 encoded PSK. - The old style and new style PSK was tested out on my vm system and worked without any issue. - Using an old non base64 encoded PSK the IPSec connection worked without any problems. If the PSK was tehn converted to basse64 encoding by saving from the Edit page without changing anything, then the client IPSec connection was successfully made without any indication of a change. The conversion from non base64 to base64 encoded PSK occurred seamlessly without any hiccup.
Fixes: Bug13029 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- html/cgi-bin/vpnmain.cgi | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index bde5e11bc..c6eb6d7b7 100755 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -94,6 +94,7 @@ $cgiparams{'LOCAL_ID'} = ''; $cgiparams{'REMOTE_ID'} = ''; $cgiparams{'REMARK'} = ''; $cgiparams{'PSK'} = ''; +$cgiparams{'BASE_64'} = ''; $cgiparams{'CERT_NAME'} = ''; $cgiparams{'CERT_EMAIL'} = ''; $cgiparams{'CERT_OU'} = ''; @@ -481,8 +482,12 @@ sub writeipsecfiles { if ($lconfighash{$key}[4] eq 'psk') { $psk_line = ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside) . " " ; $psk_line .= $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfighash{$key}[10]; #remoteid or remote address? - my $decoded_psk = MIME::Base64::decode_base64($lconfighash{$key}[5]); - $psk_line .= " : PSK '$decoded_psk'\n"; + if ($lconfighash{$key}[40] eq 'YES') { + my $decoded_psk = MIME::Base64::decode_base64($lconfighash{$key}[5]); + $psk_line .= " : PSK '$decoded_psk'\n"; + } else { + $psk_line .= " : PSK '$lconfighash{$key}[5]'\n"; + } # if the line contains %any, it is less specific than two IP or ID, so move it at end of file. if ($psk_line =~ /%any/) { $last_secrets .= $psk_line; @@ -1703,6 +1708,7 @@ END $cgiparams{'INTERFACE_ADDRESS'} = $confighash{$cgiparams{'KEY'}}[37]; $cgiparams{'INTERFACE_MTU'} = $confighash{$cgiparams{'KEY'}}[38]; $cgiparams{'DNS_SERVERS'} = $confighash{$cgiparams{'KEY'}}[39]; + $cgiparams{'BASE_64'} = $confighash{$cgiparams{'KEY'}}[40];
if (!$cgiparams{'DPD_DELAY'}) { $cgiparams{'DPD_DELAY'} = 30; @@ -1884,6 +1890,7 @@ END }
if ($cgiparams{'AUTH'} eq 'psk') { + $cgiparams{'BASE_64'} = 'YES'; if (! length($cgiparams{'PSK'}) ) { $errormessage = $Lang::tr{'pre-shared key is too short'}; goto VPNCONF_ERROR; @@ -2261,7 +2268,13 @@ END $confighash{$key}[3] = $cgiparams{'TYPE'}; if ($cgiparams{'AUTH'} eq 'psk') { $confighash{$key}[4] = 'psk'; - $confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, ""); + if ($cgiparams{'BASE_64'} eq 'YES') { + $confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, ""); + $confighash{$key}[40] = 'YES'; + } else { + $confighash{$key}[5] = $cgiparams{'PSK'}; + $confighash{$key}[40] = ''; + } } else { $confighash{$key}[4] = 'cert'; }