This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, fifteen has been updated
via f5e106c42ab1fcb54f2d4c2605dfbe213b5b792a (commit)
via af8750fdc2c974899c35114a7340f51a09516bd9 (commit)
via d2d87f2ca06349f63d025e12dafda1b910956e40 (commit)
via 4ad0b5b680e7d72f391434a9bad0a2dfc61fee92 (commit)
via afd5d8f76e725ac910c238e94f2282f78bce5da7 (commit)
via cbb3a8f91e2e7aa220b5bc9e9773fa4547f0ce85 (commit)
via 4e156911cc45c2788bfa7e04561e2a7e550c68b8 (commit)
from 277060a472c826541885b40392e0d5a96ba1cf97 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f5e106c42ab1fcb54f2d4c2605dfbe213b5b792a
Merge: 277060a af8750f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jan 7 17:55:57 2014 +0100
Merge remote-tracking branch 'ms/ipsec-dpd' into fifteen
commit af8750fdc2c974899c35114a7340f51a09516bd9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jan 7 17:54:10 2014 +0100
Update translations.
commit d2d87f2ca06349f63d025e12dafda1b910956e40
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jan 7 17:50:44 2014 +0100
IPsec: Make connection configuration more pleasant for the eye.
commit 4ad0b5b680e7d72f391434a9bad0a2dfc61fee92
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jan 7 17:08:35 2014 +0100
IPsec: Move IKE protocol option to advanced settings page.
commit afd5d8f76e725ac910c238e94f2282f78bce5da7
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jan 7 17:00:30 2014 +0100
IPsec: Allow to disable DPD.
commit cbb3a8f91e2e7aa220b5bc9e9773fa4547f0ce85
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jan 7 01:37:00 2014 +0100
IPsec: Fix and enhance DPD configuration.
Also the action option has now moved to the advanced settings
page and the design has been improved.
commit 4e156911cc45c2788bfa7e04561e2a7e550c68b8
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Tue Jan 7 00:38:36 2014 +0100
IPsec: Add DPD configuration options to advanced settings.
-----------------------------------------------------------------------
Summary of changes:
doc/language_issues.de | 3 +-
doc/language_issues.en | 2 +-
doc/language_issues.es | 7 ++
doc/language_issues.fr | 7 ++
doc/language_issues.nl | 7 ++
doc/language_issues.pl | 7 ++
doc/language_issues.ru | 7 ++
doc/language_issues.tr | 7 ++
doc/language_missings | 16 ++++
html/cgi-bin/vpnmain.cgi | 231 +++++++++++++++++++++++++++++++++++------------
langs/de/cgi-bin/de.pl | 4 +
langs/en/cgi-bin/en.pl | 7 +-
12 files changed, 242 insertions(+), 63 deletions(-)
Difference in files:
diff --git a/doc/language_issues.de b/doc/language_issues.de
index bcc0214..02c9990 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -150,6 +150,7 @@ WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: edit network
WARNING: translation string unused: edit service
WARNING: translation string unused: editor
+WARNING: translation string unused: eg
WARNING: translation string unused: email server can not be empty
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enabled on
@@ -198,7 +199,6 @@ WARNING: translation string unused: from warn email bad
WARNING: translation string unused: fwdfw MODE1
WARNING: translation string unused: fwdfw MODE2
WARNING: translation string unused: fwdfw err prot_port1
-WARNING: translation string unused: fwdfw err tgt_port
WARNING: translation string unused: fwdfw final_rule
WARNING: translation string unused: fwdfw from
WARNING: translation string unused: fwdfw ipsec network
@@ -572,6 +572,7 @@ WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: bytes
WARNING: untranslated string: community rules
+WARNING: untranslated string: dead peer detection
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: new
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 1eccc80..b6b506f 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -173,6 +173,7 @@ WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: edit network
WARNING: translation string unused: edit service
WARNING: translation string unused: editor
+WARNING: translation string unused: eg
WARNING: translation string unused: email server can not be empty
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enabled on
@@ -221,7 +222,6 @@ WARNING: translation string unused: from warn email bad
WARNING: translation string unused: fwdfw MODE1
WARNING: translation string unused: fwdfw MODE2
WARNING: translation string unused: fwdfw err prot_port1
-WARNING: translation string unused: fwdfw err tgt_port
WARNING: translation string unused: fwdfw final_rule
WARNING: translation string unused: fwdfw from
WARNING: translation string unused: fwdfw ipsec network
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 6b6424a..d32c90a 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -167,6 +167,7 @@ WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: edit network
WARNING: translation string unused: edit service
WARNING: translation string unused: editor
+WARNING: translation string unused: eg
WARNING: translation string unused: email server can not be empty
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enabled on
@@ -595,6 +596,7 @@ WARNING: untranslated string: ccd none
WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
+WARNING: untranslated string: dead peer detection
WARNING: untranslated string: default ip
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: dnat address
@@ -605,6 +607,8 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: dpd delay
+WARNING: untranslated string: dpd timeout
WARNING: untranslated string: drop action
WARNING: untranslated string: drop action1
WARNING: untranslated string: drop action2
@@ -664,6 +668,7 @@ WARNING: untranslated string: fwdfw err src_addr
WARNING: untranslated string: fwdfw err tgt_addr
WARNING: untranslated string: fwdfw err tgt_grp
WARNING: untranslated string: fwdfw err tgt_mac
+WARNING: untranslated string: fwdfw err tgt_port
WARNING: untranslated string: fwdfw err time
WARNING: untranslated string: fwdfw external port nat
WARNING: untranslated string: fwdfw hint ip1
@@ -774,6 +779,8 @@ WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: grouptype
WARNING: untranslated string: integrity
+WARNING: untranslated string: invalid input for dpd delay
+WARNING: untranslated string: invalid input for dpd timeout
WARNING: untranslated string: least preferred
WARNING: untranslated string: lifetime
WARNING: untranslated string: minute
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 2f7f60d..344c234 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -167,6 +167,7 @@ WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: edit network
WARNING: translation string unused: edit service
WARNING: translation string unused: editor
+WARNING: translation string unused: eg
WARNING: translation string unused: email server can not be empty
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enabled on
@@ -597,6 +598,7 @@ WARNING: untranslated string: ccd none
WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
+WARNING: untranslated string: dead peer detection
WARNING: untranslated string: default ip
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: dnat address
@@ -608,6 +610,8 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: dpd delay
+WARNING: untranslated string: dpd timeout
WARNING: untranslated string: drop action
WARNING: untranslated string: drop action1
WARNING: untranslated string: drop action2
@@ -667,6 +671,7 @@ WARNING: untranslated string: fwdfw err src_addr
WARNING: untranslated string: fwdfw err tgt_addr
WARNING: untranslated string: fwdfw err tgt_grp
WARNING: untranslated string: fwdfw err tgt_mac
+WARNING: untranslated string: fwdfw err tgt_port
WARNING: untranslated string: fwdfw err time
WARNING: untranslated string: fwdfw external port nat
WARNING: untranslated string: fwdfw hint ip1
@@ -777,6 +782,8 @@ WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: grouptype
WARNING: untranslated string: integrity
+WARNING: untranslated string: invalid input for dpd delay
+WARNING: untranslated string: invalid input for dpd timeout
WARNING: untranslated string: least preferred
WARNING: untranslated string: lifetime
WARNING: untranslated string: minute
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index d543069..44d92e5 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -169,6 +169,7 @@ WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: edit network
WARNING: translation string unused: edit service
WARNING: translation string unused: editor
+WARNING: translation string unused: eg
WARNING: translation string unused: email server can not be empty
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enabled on
@@ -563,6 +564,7 @@ WARNING: untranslated string: advproxy errmsg proxy ports equal
WARNING: untranslated string: advproxy proxy port transparent
WARNING: untranslated string: bytes
WARNING: untranslated string: ccd iroute2
+WARNING: untranslated string: dead peer detection
WARNING: untranslated string: default ip
WARNING: untranslated string: dnat address
WARNING: untranslated string: dnsforward
@@ -572,6 +574,8 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: dpd delay
+WARNING: untranslated string: dpd timeout
WARNING: untranslated string: drop action
WARNING: untranslated string: drop action1
WARNING: untranslated string: drop action2
@@ -613,6 +617,7 @@ WARNING: untranslated string: fwdfw err src_addr
WARNING: untranslated string: fwdfw err tgt_addr
WARNING: untranslated string: fwdfw err tgt_grp
WARNING: untranslated string: fwdfw err tgt_mac
+WARNING: untranslated string: fwdfw err tgt_port
WARNING: untranslated string: fwdfw err time
WARNING: untranslated string: fwdfw external port nat
WARNING: untranslated string: fwdfw hint ip1
@@ -723,6 +728,8 @@ WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: grouptype
WARNING: untranslated string: integrity
+WARNING: untranslated string: invalid input for dpd delay
+WARNING: untranslated string: invalid input for dpd timeout
WARNING: untranslated string: least preferred
WARNING: untranslated string: lifetime
WARNING: untranslated string: most preferred
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 6b6424a..d32c90a 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -167,6 +167,7 @@ WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: edit network
WARNING: translation string unused: edit service
WARNING: translation string unused: editor
+WARNING: translation string unused: eg
WARNING: translation string unused: email server can not be empty
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enabled on
@@ -595,6 +596,7 @@ WARNING: untranslated string: ccd none
WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
+WARNING: untranslated string: dead peer detection
WARNING: untranslated string: default ip
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: dnat address
@@ -605,6 +607,8 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: dpd delay
+WARNING: untranslated string: dpd timeout
WARNING: untranslated string: drop action
WARNING: untranslated string: drop action1
WARNING: untranslated string: drop action2
@@ -664,6 +668,7 @@ WARNING: untranslated string: fwdfw err src_addr
WARNING: untranslated string: fwdfw err tgt_addr
WARNING: untranslated string: fwdfw err tgt_grp
WARNING: untranslated string: fwdfw err tgt_mac
+WARNING: untranslated string: fwdfw err tgt_port
WARNING: untranslated string: fwdfw err time
WARNING: untranslated string: fwdfw external port nat
WARNING: untranslated string: fwdfw hint ip1
@@ -774,6 +779,8 @@ WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: grouptype
WARNING: untranslated string: integrity
+WARNING: untranslated string: invalid input for dpd delay
+WARNING: untranslated string: invalid input for dpd timeout
WARNING: untranslated string: least preferred
WARNING: untranslated string: lifetime
WARNING: untranslated string: minute
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 5a1296b..09c6930 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -166,6 +166,7 @@ WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: edit network
WARNING: translation string unused: edit service
WARNING: translation string unused: editor
+WARNING: translation string unused: eg
WARNING: translation string unused: email server can not be empty
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enabled on
@@ -590,6 +591,7 @@ WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
WARNING: untranslated string: community rules
+WARNING: untranslated string: dead peer detection
WARNING: untranslated string: default ip
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: disk access per
@@ -601,6 +603,8 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: dpd delay
+WARNING: untranslated string: dpd timeout
WARNING: untranslated string: drop action
WARNING: untranslated string: drop action1
WARNING: untranslated string: drop action2
@@ -650,6 +654,7 @@ WARNING: untranslated string: fwdfw err src_addr
WARNING: untranslated string: fwdfw err tgt_addr
WARNING: untranslated string: fwdfw err tgt_grp
WARNING: untranslated string: fwdfw err tgt_mac
+WARNING: untranslated string: fwdfw err tgt_port
WARNING: untranslated string: fwdfw err time
WARNING: untranslated string: fwdfw external port nat
WARNING: untranslated string: fwdfw hint ip1
@@ -761,6 +766,8 @@ WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: grouptype
WARNING: untranslated string: incoming traffic in bytes per second
WARNING: untranslated string: integrity
+WARNING: untranslated string: invalid input for dpd delay
+WARNING: untranslated string: invalid input for dpd timeout
WARNING: untranslated string: least preferred
WARNING: untranslated string: lifetime
WARNING: untranslated string: minute
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 299c74d..07ee128 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -174,6 +174,7 @@ WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: edit network
WARNING: translation string unused: edit service
WARNING: translation string unused: editor
+WARNING: translation string unused: eg
WARNING: translation string unused: email server can not be empty
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enabled on
@@ -576,8 +577,11 @@ WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: advproxy errmsg proxy ports equal
WARNING: untranslated string: advproxy proxy port transparent
WARNING: untranslated string: bytes
+WARNING: untranslated string: dead peer detection
WARNING: untranslated string: default ip
WARNING: untranslated string: dnat address
+WARNING: untranslated string: dpd delay
+WARNING: untranslated string: dpd timeout
WARNING: untranslated string: drop action
WARNING: untranslated string: drop action1
WARNING: untranslated string: drop action2
@@ -619,6 +623,7 @@ WARNING: untranslated string: fwdfw err src_addr
WARNING: untranslated string: fwdfw err tgt_addr
WARNING: untranslated string: fwdfw err tgt_grp
WARNING: untranslated string: fwdfw err tgt_mac
+WARNING: untranslated string: fwdfw err tgt_port
WARNING: untranslated string: fwdfw err time
WARNING: untranslated string: fwdfw external port nat
WARNING: untranslated string: fwdfw hint ip1
@@ -729,6 +734,8 @@ WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: grouptype
WARNING: untranslated string: integrity
+WARNING: untranslated string: invalid input for dpd delay
+WARNING: untranslated string: invalid input for dpd timeout
WARNING: untranslated string: least preferred
WARNING: untranslated string: lifetime
WARNING: untranslated string: most preferred
diff --git a/doc/language_missings b/doc/language_missings
index 86f45b0..952e1e5 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -70,6 +70,8 @@
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dpd delay
+< dpd timeout
< drop action
< drop action1
< drop action2
@@ -268,6 +270,8 @@
< fw settings ruletable
< grouptype
< integrity
+< invalid input for dpd delay
+< invalid input for dpd timeout
< least preferred
< lifetime
< minute
@@ -488,6 +492,8 @@
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dpd delay
+< dpd timeout
< drop action
< drop action1
< drop action2
@@ -686,6 +692,8 @@
< fw settings ruletable
< grouptype
< integrity
+< invalid input for dpd delay
+< invalid input for dpd timeout
< least preferred
< lifetime
< minute
@@ -898,6 +906,8 @@
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dpd delay
+< dpd timeout
< drop action
< drop action1
< drop action2
@@ -1088,6 +1098,8 @@
< fw settings ruletable
< grouptype
< integrity
+< invalid input for dpd delay
+< invalid input for dpd timeout
< least preferred
< lifetime
< minute
@@ -1287,6 +1299,8 @@
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dpd delay
+< dpd timeout
< drop action
< drop action1
< drop action2
@@ -1481,6 +1495,8 @@
< hour-graph
< incoming traffic in bytes per second
< integrity
+< invalid input for dpd delay
+< invalid input for dpd timeout
< least preferred
< lifetime
< minute
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 64bf17e..af68d50 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -104,7 +104,8 @@ $cgiparams{'ROOTCERT_OU'} = '';
$cgiparams{'ROOTCERT_CITY'} = '';
$cgiparams{'ROOTCERT_STATE'} = '';
$cgiparams{'RW_NET'} = '';
-
+$cgiparams{'DPD_DELAY'} = '30';
+$cgiparams{'DPD_TIMEOUT'} = '120';
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
###
@@ -384,9 +385,27 @@ sub writeipsecfiles {
print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on');
# Dead Peer Detection
- print CONF "\tdpddelay=30\n";
- print CONF "\tdpdtimeout=120\n";
- print CONF "\tdpdaction=$lconfighash{$key}[27]\n";
+ my $dpdaction = $lconfighash{$key}[27];
+ print CONF "\tdpdaction=$dpdaction\n";
+
+ # If the dead peer detection is disabled and IKEv2 is used,
+ # dpddelay must be set to zero, too.
+ if ($dpdaction eq "none") {
+ if ($lconfighash{$key}[29] eq "ikev2") {
+ print CONF "\tdpddelay=0\n";
+ }
+ } else {
+ my $dpddelay = $lconfighash{$key}[30];
+ if (!$dpddelay) {
+ $dpddelay = 30;
+ }
+ print CONF "\tdpddelay=$dpddelay\n";
+ my $dpdtimeout = $lconfighash{$key}[31];
+ if (!$dpdtimeout) {
+ $dpdtimeout = 120;
+ }
+ print CONF "\tdpdtimeout=$dpdtimeout\n";
+ }
# Build Authentication details: LEFTid RIGHTid : PSK psk
my $psk_line;
@@ -1274,6 +1293,16 @@ END
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
$cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14];
+ $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
+ $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
+
+ if (!$cgiparams{'DPD_DELAY'}) {
+ $cgiparams{'DPD_DELAY'} = 30;
+ }
+
+ if (!$cgiparams{'DPD_TIMEOUT'}) {
+ $cgiparams{'DPD_TIMEOUT'} = 120;
+ }
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
@@ -1748,7 +1777,7 @@ END
my $key = $cgiparams{'KEY'};
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 28) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
@@ -1788,6 +1817,8 @@ END
$confighash{$key}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$key}[28] = $cgiparams{'PFS'};
$confighash{$key}[14] = $cgiparams{'VHOST'};
+ $confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'};
+ $confighash{$key}[31] = $cgiparams{'DPD_DELAY'};
#free unused fields!
$confighash{$key}[6] = 'off';
@@ -1823,9 +1854,17 @@ END
# choose appropriate dpd action
if ($cgiparams{'TYPE'} eq 'host') {
- $cgiparams{'DPD_ACTION'} = 'clear';
+ $cgiparams{'DPD_ACTION'} = 'clear';
} else {
- $cgiparams{'DPD_ACTION'} = 'restart';
+ $cgiparams{'DPD_ACTION'} = 'restart';
+ }
+
+ if (!$cgiparams{'DPD_DELAY'}) {
+ $cgiparams{'DPD_DELAY'} = 30;
+ }
+
+ if (!$cgiparams{'DPD_TIMEOUT'}) {
+ $cgiparams{'DPD_TIMEOUT'} = 120;
}
# Default IKE Version to v2
@@ -1869,15 +1908,6 @@ END
$checked{'AUTH'}{'auth-dn'} = '';
$checked{'AUTH'}{$cgiparams{'AUTH'}} = "checked='checked'";
- $selected{'DPD_ACTION'}{'clear'} = '';
- $selected{'DPD_ACTION'}{'hold'} = '';
- $selected{'DPD_ACTION'}{'restart'} = '';
- $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
-
- $selected{'IKE_VERSION'}{'ikev1'} = '';
- $selected{'IKE_VERSION'}{'ikev2'} = '';
- $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'";
-
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -1898,6 +1928,7 @@ END
print "<form method='post' enctype='multipart/form-data' action='$ENV{'SCRIPT_NAME'}'>";
print<<END
<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />
+ <input type='hidden' name='IKE_VERSION' value='$cgiparams{'IKE_VERSION'}' />
<input type='hidden' name='IKE_ENCRYPTION' value='$cgiparams{'IKE_ENCRYPTION'}' />
<input type='hidden' name='IKE_INTEGRITY' value='$cgiparams{'IKE_INTEGRITY'}' />
<input type='hidden' name='IKE_GROUPTYPE' value='$cgiparams{'IKE_GROUPTYPE'}' />
@@ -1910,23 +1941,30 @@ END
<input type='hidden' name='ONLY_PROPOSED' value='$cgiparams{'ONLY_PROPOSED'}' />
<input type='hidden' name='PFS' value='$cgiparams{'PFS'}' />
<input type='hidden' name='VHOST' value='$cgiparams{'VHOST'}' />
+ <input type='hidden' name='DPD_ACTION' value='$cgiparams{'DPD_ACTION'}' />
+ <input type='hidden' name='DPD_DELAY' value='$cgiparams{'DPD_DELAY'}' />
+ <input type='hidden' name='DPD_TIMEOUT' value='$cgiparams{'DPD_TIMEOUT'}' />
END
;
if ($cgiparams{'KEY'}) {
print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
+ print "<input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />";
print "<input type='hidden' name='AUTH' value='$cgiparams{'AUTH'}' />";
}
- &Header::openbox('100%', 'left', "$Lang::tr{'connection'}:");
+ &Header::openbox('100%', 'left', "$Lang::tr{'connection'}: $cgiparams{'NAME'}");
print "<table width='100%'>";
- print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>";
- if ($cgiparams{'KEY'}) {
- print "<td width='25%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' /><b>$cgiparams{'NAME'}</b></td>";
- } else {
- print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' size='30' /></td>";
+ if (!$cgiparams{'KEY'}) {
+ print <<EOF;
+ <tr>
+ <td width='20%'>$Lang::tr{'name'}:</td>
+ <td width='30%'>
+ <input type='text' name='NAME' value='$cgiparams{'NAME'}' size='25' />
+ </td>
+ <td colspan="2"></td>
+ </tr>
+EOF
}
- print "<td>$Lang::tr{'enabled'}</td><td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td></tr>";
- print '</tr><td><br /></td><tr>';
my $disabled;
my $blob;
@@ -1937,44 +1975,41 @@ END
print <<END
<tr>
- <td class='boldbase'>$Lang::tr{'remote host/ip'}: $blob</td>
- <td>
- <input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size='30' />
- </td>
- <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
- <td>
- <input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' />
+ <td width='20%'>$Lang::tr{'enabled'}</td>
+ <td width='30%'>
+ <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} />
+ </td>
+ <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'local subnet'}</td>
+ <td width='30%'>
+ <input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size="25" />
</td>
</tr>
<tr>
- <td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
- <td colspan='3'>
- <input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' />
+ <td class='boldbase' width='20%'>$Lang::tr{'remote host/ip'}: $blob</td>
+ <td width='30%'>
+ <input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size="25" />
+ </td>
+ <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'}</td>
+ <td width='30%'>
+ <input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size="25" />
</td>
</tr>
<tr>
- <td class='boldbase'>$Lang::tr{'vpn local id'}:<br />($Lang::tr{'eg'} <tt>@xy.example.com</tt>)</td>
- <td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td>
- <td class='boldbase'>$Lang::tr{'vpn remote id'}:</td>
- <td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
- </tr><tr>
- </tr><td><br /></td><tr>
- <td>$Lang::tr{'vpn keyexchange'}:</td>
- <td><select name='IKE_VERSION'>
- <option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option>
- <option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option>
- </select>
+ <td class='boldbase' width='20%'>$Lang::tr{'vpn local id'}:</td>
+ <td width='30%'>
+ <input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' size="25" />
</td>
- <td>$Lang::tr{'dpd action'}:</td>
- <td><select name='DPD_ACTION'>
- <option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
- <option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
- <option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
- </select>
+ <td class='boldbase' width='20%'>$Lang::tr{'vpn remote id'}:</td>
+ <td width='30%'>
+ <input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' size="25" />
+ </td>
+ </tr>
+ <tr><td colspan="4"><br /></td></tr>
+ <tr>
+ <td class='boldbase' width='20%'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></td>
+ <td colspan='3'>
+ <input type='text' name='REMARK' value='$cgiparams{'REMARK'}' maxlength='50' size="73" />
</td>
- </tr><tr>
- <td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></td>
- <td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
</tr>
END
;
@@ -2184,6 +2219,17 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
+ if ($cgiparams{'DPD_DELAY'} !~ /^\d+$/) {
+ $errormessage = $Lang::tr{'invalid input for dpd delay'};
+ goto ADVANCED_ERROR;
+ }
+
+ if ($cgiparams{'DPD_TIMEOUT'} !~ /^\d+$/) {
+ $errormessage = $Lang::tr{'invalid input for dpd timeout'};
+ goto ADVANCED_ERROR;
+ }
+
+ $confighash{$cgiparams{'KEY'}}[29] = $cgiparams{'IKE_VERSION'};
$confighash{$cgiparams{'KEY'}}[18] = $cgiparams{'IKE_ENCRYPTION'};
$confighash{$cgiparams{'KEY'}}[19] = $cgiparams{'IKE_INTEGRITY'};
$confighash{$cgiparams{'KEY'}}[20] = $cgiparams{'IKE_GROUPTYPE'};
@@ -2197,6 +2243,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'};
$confighash{$cgiparams{'KEY'}}[14] = $cgiparams{'VHOST'};
+ $confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'DPD_ACTION'};
+ $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'};
+ $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'};
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
if (&vpnenabled) {
@@ -2205,6 +2254,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
}
goto ADVANCED_END;
} else {
+ $cgiparams{'IKE_VERSION'} = $confighash{$cgiparams{'KEY'}}[29];
$cgiparams{'IKE_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[18];
$cgiparams{'IKE_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[19];
$cgiparams{'IKE_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[20];
@@ -2217,6 +2267,17 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
$cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14];
+ $cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27];
+ $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
+ $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
+
+ if (!$cgiparams{'DPD_DELAY'}) {
+ $cgiparams{'DPD_DELAY'} = 30;
+ }
+
+ if (!$cgiparams{'DPD_TIMEOUT'}) {
+ $cgiparams{'DPD_TIMEOUT'} = 120;
+ }
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net' || $confighash{$cgiparams{'KEY'}}[10]) {
$cgiparams{'VHOST'} = 'off';
@@ -2279,6 +2340,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ;
$checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ? "checked='checked'" : '' ;
+ $selected{'IKE_VERSION'}{'ikev1'} = '';
+ $selected{'IKE_VERSION'}{'ikev2'} = '';
+ $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'";
+
+ $selected{'DPD_ACTION'}{'clear'} = '';
+ $selected{'DPD_ACTION'}{'hold'} = '';
+ $selected{'DPD_ACTION'}{'restart'} = '';
+ $selected{'DPD_ACTION'}{'none'} = '';
+ $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
+
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -2306,14 +2377,24 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<table width='100%'>
<thead>
<tr>
- <th></th>
+ <th width="15%"></th>
<th>IKE</th>
<th>ESP</th>
</tr>
</thead>
<tbody>
<tr>
- <td class='boldbase'>$Lang::tr{'encryption'}</td>
+ <td>$Lang::tr{'vpn keyexchange'}:</td>
+ <td>
+ <select name='IKE_VERSION'>
+ <option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option>
+ <option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option>
+ </select>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td class='boldbase' width="15%">$Lang::tr{'encryption'}</td>
<td class='boldbase'>
<select name='IKE_ENCRYPTION' multiple='multiple' size='6' style='width: 100%'>
<option value='aes256' $checked{'IKE_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
@@ -2339,7 +2420,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
</tr>
<tr>
- <td class='boldbase'>$Lang::tr{'integrity'}</td>
+ <td class='boldbase' width="15%">$Lang::tr{'integrity'}</td>
<td class='boldbase'>
<select name='IKE_INTEGRITY' multiple='multiple' size='6' style='width: 100%'>
<option value='sha2_512' $checked{'IKE_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
@@ -2362,7 +2443,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
</td>
</tr>
<tr>
- <td class='boldbase'>$Lang::tr{'lifetime'}</td>
+ <td class='boldbase' width="15%">$Lang::tr{'lifetime'}</td>
<td class='boldbase'>
<input type='text' name='IKE_LIFETIME' value='$cgiparams{'IKE_LIFETIME'}' size='5' /> $Lang::tr{'hours'}
</td>
@@ -2371,7 +2452,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
</td>
</tr>
<tr>
- <td class='boldbase'>$Lang::tr{'grouptype'}</td>
+ <td class='boldbase' width="15%">$Lang::tr{'grouptype'}</td>
<td class='boldbase'>
<select name='IKE_GROUPTYPE' multiple='multiple' size='6' style='width: 100%'>
<option value='e521' $checked{'IKE_GROUPTYPE'}{'e521'}>ECP-521 (NIST)</option>
@@ -2400,6 +2481,36 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
</tbody>
</table>
+ <br><br>
+
+ <h2>$Lang::tr{'dead peer detection'}</h2>
+
+ <table width="100%">
+ <tr>
+ <td width="15%">$Lang::tr{'dpd action'}:</td>
+ <td>
+ <select name='DPD_ACTION'>
+ <option value='none' $selected{'DPD_ACTION'}{'none'}>- $Lang::tr{'disabled'} -</option>
+ <option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
+ <option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
+ <option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td width="15%">$Lang::tr{'dpd timeout'}:</td>
+ <td>
+ <input type='text' name='DPD_TIMEOUT' size='5' value='$cgiparams{'DPD_TIMEOUT'}' />
+ </td>
+ </tr>
+ <tr>
+ <td width="15%">$Lang::tr{'dpd delay'}:</td>
+ <td>
+ <input type='text' name='DPD_DELAY' size='5' value='$cgiparams{'DPD_DELAY'}' />
+ </td>
+ </tr>
+ </table>
+
<hr>
<table width="100%">
@@ -2441,7 +2552,7 @@ EOF
print <<EOF;
<tr>
- <td align='right'>
+ <td align='right' colspan='2'>
<input type='submit' name='ACTION' value='$Lang::tr{'save'}' />
<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' />
</td>
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 01cd3f6..568f057 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -749,6 +749,8 @@
'download pkcs12 file' => 'PKCS12-Datei herunterladen',
'download root certificate' => 'Root-Zertifikat herunterladen',
'dpd action' => 'Aktion für Dead Peer Detection',
+'dpd delay' => 'Verzögerung',
+'dpd timeout' => 'Zeitüberschreitung',
'driver' => 'Treiber',
'drop action' => 'Standardverhalten der (Forward) Firewall in Modus "Blocked"',
'drop action1' => 'Standardverhalten der (Outgoing) Firewall in Modus "Blocked"',
@@ -1209,6 +1211,8 @@
'invalid input for dhcp dns' => 'Ungültige Eingabe für DHCP DNS',
'invalid input for dhcp domain' => 'Ungültige Eingabe für DHCP Domain',
'invalid input for dhcp wins' => 'Ungültige Eingabe für DHCP WINS',
+'invalid input for dpd delay' => 'Ungültige Eingabe für DPD-Verzögerung',
+'invalid input for dpd timeout' => 'Ungültige Eingabe für DPD-Zeitüberschreitung',
'invalid input for e-mail address' => 'Ungültige Eingabe für die E-mail Adresse',
'invalid input for esp keylife' => 'Ungültige Eingabe für ESP Schlüssel-Lebensdauer',
'invalid input for hostname' => 'Ungültige Eingabe für Hostname',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index dc38129..451ea79 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -634,6 +634,7 @@
'ddns noip prefix' => 'To use no-ip in group mode, prefix hostname with <b>%</b>',
'deactivate' => 'deactivate',
'deactivate user' => 'deactivate user',
+'dead peer detection' => 'Dead Peer Detection',
'debugme' => 'Not yet implemented',
'december' => 'December',
'deep scan directories' => 'Scan recursive',
@@ -772,7 +773,9 @@
'download new ruleset' => 'Download new ruleset',
'download pkcs12 file' => 'Download PKCS12 file',
'download root certificate' => 'Download root certificate',
-'dpd action' => 'Dead Peer Detection action',
+'dpd action' => 'Action',
+'dpd delay' => 'Delay',
+'dpd timeout' => 'Timeout',
'driver' => 'Driver',
'drop action' => 'Default behaviour of (forward) firewall in mode "Blocked"',
'drop action1' => 'Default behaviour of (outgoing) firewall in mode "Blocked"',
@@ -1237,6 +1240,8 @@
'invalid input for dhcp dns' => 'Invalid input for DHCP DNS',
'invalid input for dhcp domain' => 'Invalid input for DHCP domain',
'invalid input for dhcp wins' => 'Invalid input for DHCP WINS',
+'invalid input for dpd delay' => 'Invalid input for DPD delay',
+'invalid input for dpd timeout' => 'Invalid input for DPD timeout',
'invalid input for e-mail address' => 'Invalid input for e-mail address.',
'invalid input for esp keylife' => 'Invalid input for ESP Keylife',
'invalid input for hostname' => 'Invalid input for hostname.',
hooks/post-receive
--
IPFire 2.x development tree