This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via 63249c6777d8b425e4ae9215e2d85f4928198b91 (commit)
from e3c5d22a6f1c8b4e1443550f0480a0208bb3ed42 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 63249c6777d8b425e4ae9215e2d85f4928198b91
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat May 15 13:30:19 2010 +0200
Removed unsupported ipsec debug options and modp768.
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/38/update.sh | 3 +++
html/cgi-bin/vpnmain.cgi | 23 ++++++++++++-----------
2 files changed, 15 insertions(+), 11 deletions(-)
mode change 100755 => 100644 html/cgi-bin/services.cgi
Difference in files:
diff --git a/config/rootfiles/core/38/update.sh b/config/rootfiles/core/38/update.sh
index cc424b5..3c10b71 100644
--- a/config/rootfiles/core/38/update.sh
+++ b/config/rootfiles/core/38/update.sh
@@ -179,10 +179,13 @@ fi
mv /var/ipfire/vpn/ipsec.conf /var/ipfire/vpn/ipsec.conf.org
cat /var/ipfire/vpn/ipsec.conf.org | \
grep -v "disablearrivalcheck=" | \
+grep -v "klipsdebug=" | \
grep -v "leftfirewall=" | \
grep -v "charonstart=" | \
grep -v "aggrmode=" > /var/ipfire/vpn/ipsec.conf
sed -i "s|ipsec[0-9]=||g" /var/ipfire/vpn/ipsec.conf
+sed -i "s|nat_t ||g" /var/ipfire/vpn/ipsec.conf
+sed -i "s|klips ||g" /var/ipfire/vpn/ipsec.conf
sed -i "s|^conn [A-Za-z].*$|&\n\tleftfirewall=yes|g" /var/ipfire/vpn/ipsec.conf
sed -i "s|^config setup$|&\n\tcharonstart=no|g" /var/ipfire/vpn/ipsec.conf
chown nobody:nobody /var/ipfire/vpn/ipsec.conf
diff --git a/html/cgi-bin/services.cgi b/html/cgi-bin/services.cgi
old mode 100755
new mode 100644
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 9cf336c..28ac30e 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -257,9 +257,9 @@ sub writeipsecfiles {
my $plutodebug = ''; # build debug list
map ($plutodebug .= $lvpnsettings{$_} eq 'on' ? lc (substr($_,4)).' ' : '',
('DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
- 'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
+ 'DBG_DNS'));
$plutodebug = 'none' if $plutodebug eq ''; # if nothing selected, use 'none'.
- print CONF "\tklipsdebug=\"none\"\n";
+ #print CONF "\tklipsdebug=\"none\"\n";
print CONF "\tplutodebug=\"$plutodebug\"\n";
# deprecated in ipsec.conf version 2
#print CONF "\tplutoload=%search\n";
@@ -452,7 +452,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
map ($vpnsettings{$_} = $cgiparams{$_},
('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
- 'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
+ 'DBG_DNS'));
$vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
$vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'};
@@ -2117,7 +2117,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(768|1024|1536|2048|3072|4096|6144|8192)$/) {
+ if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2153,7 +2153,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
}
}
if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
- $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(768|1024|1536|2048|3072|4096)$/) {
+ $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2238,6 +2238,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'IKE_GROUPTYPE'}{'8192'} = '';
@temp = split('\|', $cgiparams{'IKE_GROUPTYPE'});
foreach my $key (@temp) {$checked{'IKE_GROUPTYPE'}{$key} = "selected='selected'"; }
+
+ # 768 is not supported by strongswan
+ $checked{'IKE_GROUPTYPE'}{'768'} = '';
+
+
$checked{'ESP_ENCRYPTION'}{'aes256'} = '';
$checked{'ESP_ENCRYPTION'}{'aes128'} = '';
$checked{'ESP_ENCRYPTION'}{'3des'} = '';
@@ -2303,7 +2308,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<option value='2048' $checked{'IKE_GROUPTYPE'}{'2048'}>MODP-2048</option>
<option value='1536' $checked{'IKE_GROUPTYPE'}{'1536'}>MODP-1536</option>
<option value='1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024</option>
- <option value='768' $checked{'IKE_GROUPTYPE'}{'768'}>MODP-768</option>
</select></td>
</tr><tr>
<td class='boldbase' align='right' valign='top'>$Lang::tr{'ike lifetime'}</td><td class='boldbase' valign='top'>
@@ -2396,7 +2400,7 @@ EOF
$checked{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'} eq 'on' ? "checked='checked'" : '' ;
map ($checked{$_} = $cgiparams{$_} eq 'on' ? "checked='checked'" : '',
('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
- 'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
+ 'DBG_DNS'));
&Header::showhttpheaders();
@@ -2440,10 +2444,7 @@ crypt:<input type='checkbox' name='DBG_CRYPT' $checked{'DBG_CRYPT'} />,
parsing:<input type='checkbox' name='DBG_PARSING' $checked{'DBG_PARSING'} />,
emitting:<input type='checkbox' name='DBG_EMITTING' $checked{'DBG_EMITTING'} />,
control:<input type='checkbox' name='DBG_CONTROL' $checked{'DBG_CONTROL'} />,
-klips:<input type='checkbox' name='DBG_KLIPS' $checked{'DBG_KLIPS'} />,
-dns:<input type='checkbox' name='DBG_DNS' $checked{'DBG_DNS'} />,
-nat_t:<input type='checkbox' name='DBG_NAT_T' $checked{'DBG_NAT_T'} /></p>
-
+dns:<input type='checkbox' name='DBG_DNS' $checked{'DBG_DNS'} />
<hr />
<table width='100%'>
<tr>
hooks/post-receive
--
IPFire 2.x development tree