This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 4b02b4045b619b207235b34882a000ef088f0df1 (commit) from 1f15cc0993aebc53870c685836db2eaeafdc767a (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 4b02b4045b619b207235b34882a000ef088f0df1 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jun 2 20:24:04 2015 +0200
ipsec: Allow selection of ESP group type
If a connection is edited, the IKE group types will be used instead.
Fixes #10860
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Tested-by: Wolfgang Apolinarski wolfgang.apolinarski@web.de
-----------------------------------------------------------------------
Summary of changes: doc/language_issues.de | 1 + doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + html/cgi-bin/vpnmain.cgi | 73 ++++++++++++++++++++++++++++++++++++++++++------ langs/en/cgi-bin/en.pl | 1 + 10 files changed, 74 insertions(+), 8 deletions(-)
Difference in files: diff --git a/doc/language_issues.de b/doc/language_issues.de index 90accb3..0d86987 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -644,6 +644,7 @@ WARNING: untranslated string: fwhost cust geoipgrp WARNING: untranslated string: fwhost err hostip WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: no data +WARNING: untranslated string: none WARNING: untranslated string: qos add subclass WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added diff --git a/doc/language_issues.es b/doc/language_issues.es index 9910db6..2a50200 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -917,6 +917,7 @@ WARNING: untranslated string: most preferred WARNING: untranslated string: nameserver WARNING: untranslated string: no data WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: none WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: openvpn default diff --git a/doc/language_issues.fr b/doc/language_issues.fr index ef01a1e..aa4951d 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -932,6 +932,7 @@ WARNING: untranslated string: most preferred WARNING: untranslated string: nameserver WARNING: untranslated string: no data WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: none WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: ntp common settings diff --git a/doc/language_issues.it b/doc/language_issues.it index 522fee3..1669e79 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -705,6 +705,7 @@ WARNING: untranslated string: masquerading disabled WARNING: untranslated string: masquerading enabled WARNING: untranslated string: messages WARNING: untranslated string: no data +WARNING: untranslated string: none WARNING: untranslated string: outgoing compression in bytes per second WARNING: untranslated string: outgoing overhead in bytes per second WARNING: untranslated string: ovpn add conf diff --git a/doc/language_issues.nl b/doc/language_issues.nl index e7d8e08..11d7657 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -737,6 +737,7 @@ WARNING: untranslated string: modem status WARNING: untranslated string: monitor interface WARNING: untranslated string: nameserver WARNING: untranslated string: no data +WARNING: untranslated string: none WARNING: untranslated string: not a valid dh key WARNING: untranslated string: outgoing compression in bytes per second WARNING: untranslated string: outgoing overhead in bytes per second diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 9910db6..2a50200 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -917,6 +917,7 @@ WARNING: untranslated string: most preferred WARNING: untranslated string: nameserver WARNING: untranslated string: no data WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: none WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: openvpn default diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 95caaa5..d2215b6 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -917,6 +917,7 @@ WARNING: untranslated string: most preferred WARNING: untranslated string: nameserver WARNING: untranslated string: no data WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: none WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: openvpn default diff --git a/doc/language_issues.tr b/doc/language_issues.tr index d57c721..a9d6332 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -684,6 +684,7 @@ WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming overhead in bytes per second WARNING: untranslated string: invalid input for valid till days WARNING: untranslated string: no data +WARNING: untranslated string: none WARNING: untranslated string: outgoing compression in bytes per second WARNING: untranslated string: outgoing overhead in bytes per second WARNING: untranslated string: ovpn add conf diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 218dafa..8c44b7e 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -329,7 +329,13 @@ sub writeipsecfiles { if ($lconfighash{$key}[21] && $lconfighash{$key}[22]) { my @encs = split('|', $lconfighash{$key}[21]); my @ints = split('|', $lconfighash{$key}[22]); - my @groups = split('|', $lconfighash{$key}[20]); + my @groups = split('|', $lconfighash{$key}[23]); + + # Use IKE grouptype if no ESP group type has been selected + # (for backwards compatibility) + if ($lconfighash{$key}[23] eq "") { + @groups = split('|', $lconfighash{$key}[20]); + }
my @algos = &make_algos("esp", @encs, @ints, @groups, ($pfs eq "on")); print CONF "\tesp=" . join(",", @algos); @@ -1270,6 +1276,9 @@ END $cgiparams{'ESP_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[21]; $cgiparams{'ESP_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[22]; $cgiparams{'ESP_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[23]; + if ($cgiparams{'ESP_GROUPTYPE'} eq "") { + $cgiparams{'ESP_GROUPTYPE'} = $cgiparams{'IKE_GROUPTYPE'}; + } $cgiparams{'ESP_KEYLIFE'} = $confighash{$cgiparams{'KEY'}}[17]; $cgiparams{'COMPRESSION'} = $confighash{$cgiparams{'KEY'}}[13]; $cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24]; @@ -1865,7 +1874,7 @@ END $cgiparams{'IKE_LIFETIME'} = '3'; #[16]; $cgiparams{'ESP_ENCRYPTION'} = 'aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21]; $cgiparams{'ESP_INTEGRITY'} = 'sha2_512|sha2_256|sha1'; #[22]; - $cgiparams{'ESP_GROUPTYPE'} = ''; #[23]; + $cgiparams{'ESP_GROUPTYPE'} = '4096|3072|2048|1536|1024'; #[23]; $cgiparams{'ESP_KEYLIFE'} = '1'; #[17]; $cgiparams{'COMPRESSION'} = 'on'; #[13]; $cgiparams{'ONLY_PROPOSED'} = 'off'; #[24]; @@ -2175,13 +2184,17 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } } - if ($cgiparams{'ESP_GROUPTYPE'} ne '' && - $cgiparams{'ESP_GROUPTYPE'} !~ /^ecp(192|224|256|384|512)(bp)?$/ && - $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|2048s(256|224|160)|3072|4096|6144|8192)$/) { + @temp = split('|', $cgiparams{'ESP_GROUPTYPE'}); + if ($#temp < 0) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } - + foreach my $val (@temp) { + if ($val !~ /^(e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|1024|1536|2048|2048s256|2048s224|2048s160|3072|4096|6144|8192|none)$/) { + $errormessage = $Lang::tr{'invalid input'}; + goto ADVANCED_ERROR; + } + } if ($cgiparams{'ESP_KEYLIFE'} !~ /^\d+$/) { $errormessage = $Lang::tr{'invalid input for esp keylife'}; goto ADVANCED_ERROR; @@ -2244,6 +2257,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $cgiparams{'ESP_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[21]; $cgiparams{'ESP_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[22]; $cgiparams{'ESP_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[23]; + if ($cgiparams{'ESP_GROUPTYPE'} eq "") { + $cgiparams{'ESP_GROUPTYPE'} = $cgiparams{'IKE_GROUPTYPE'}; + } $cgiparams{'ESP_KEYLIFE'} = $confighash{$cgiparams{'KEY'}}[17]; $cgiparams{'COMPRESSION'} = $confighash{$cgiparams{'KEY'}}[13]; $cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24]; @@ -2333,7 +2349,17 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'ESP_INTEGRITY'}{'aesxcbc'} = ''; @temp = split('|', $cgiparams{'ESP_INTEGRITY'}); foreach my $key (@temp) {$checked{'ESP_INTEGRITY'}{$key} = "selected='selected'"; } - $checked{'ESP_GROUPTYPE'}{$cgiparams{'ESP_GROUPTYPE'}} = "selected='selected'"; + $checked{'ESP_GROUPTYPE'}{'768'} = ''; + $checked{'ESP_GROUPTYPE'}{'1024'} = ''; + $checked{'ESP_GROUPTYPE'}{'1536'} = ''; + $checked{'ESP_GROUPTYPE'}{'2048'} = ''; + $checked{'ESP_GROUPTYPE'}{'3072'} = ''; + $checked{'ESP_GROUPTYPE'}{'4096'} = ''; + $checked{'ESP_GROUPTYPE'}{'6144'} = ''; + $checked{'ESP_GROUPTYPE'}{'8192'} = ''; + $checked{'ESP_GROUPTYPE'}{'none'} = ''; + @temp = split('|', $cgiparams{'ESP_GROUPTYPE'}); + foreach my $key (@temp) {$checked{'ESP_GROUPTYPE'}{$key} = "selected='selected'"; }
$checked{'COMPRESSION'} = $cgiparams{'COMPRESSION'} eq 'on' ? "checked='checked'" : '' ; $checked{'ONLY_PROPOSED'} = $cgiparams{'ONLY_PROPOSED'} eq 'on' ? "checked='checked'" : '' ; @@ -2494,7 +2520,30 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || <option value='1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024</option> </select> </td> - <td></td> + <td class='boldbase'> + <select name='ESP_GROUPTYPE' multiple='multiple' size='6' style='width: 100%'> + <option value='e521' $checked{'ESP_GROUPTYPE'}{'e521'}>ECP-521 (NIST)</option> + <option value='e512bp' $checked{'ESP_GROUPTYPE'}{'e512bp'}>ECP-512 (Brainpool)</option> + <option value='e384' $checked{'ESP_GROUPTYPE'}{'e384'}>ECP-384 (NIST)</option> + <option value='e384bp' $checked{'ESP_GROUPTYPE'}{'e384bp'}>ECP-384 (Brainpool)</option> + <option value='e256' $checked{'ESP_GROUPTYPE'}{'e256'}>ECP-256 (NIST)</option> + <option value='e256bp' $checked{'ESP_GROUPTYPE'}{'e256bp'}>ECP-256 (Brainpool)</option> + <option value='e224' $checked{'ESP_GROUPTYPE'}{'e224'}>ECP-224 (NIST)</option> + <option value='e224bp' $checked{'ESP_GROUPTYPE'}{'e224bp'}>ECP-224 (Brainpool)</option> + <option value='e192' $checked{'ESP_GROUPTYPE'}{'e192'}>ECP-192 (NIST)</option> + <option value='8192' $checked{'ESP_GROUPTYPE'}{'8192'}>MODP-8192</option> + <option value='6144' $checked{'ESP_GROUPTYPE'}{'6144'}>MODP-6144</option> + <option value='4096' $checked{'ESP_GROUPTYPE'}{'4096'}>MODP-4096</option> + <option value='3072' $checked{'ESP_GROUPTYPE'}{'3072'}>MODP-3072</option> + <option value='2048s256' $checked{'ESP_GROUPTYPE'}{'2048s256'}>MODP-2048/256</option> + <option value='2048s224' $checked{'ESP_GROUPTYPE'}{'2048s224'}>MODP-2048/224</option> + <option value='2048s160' $checked{'ESP_GROUPTYPE'}{'2048s160'}>MODP-2048/160</option> + <option value='2048' $checked{'ESP_GROUPTYPE'}{'2048'}>MODP-2048</option> + <option value='1536' $checked{'ESP_GROUPTYPE'}{'1536'}>MODP-1536</option> + <option value='1024' $checked{'ESP_GROUPTYPE'}{'1024'}>MODP-1024</option> + <option value='none' $checked{'ESP_GROUPTYPE'}{'none'}>- $Lang::tr{'none'} -</option> + </select> + </td> </tr> </tbody> </table> @@ -3039,6 +3088,14 @@ sub make_algos($$$$$) { if (!$is_aead) { push(@algo, $int); } + + if ($grp eq "none") { + # noop + } elsif ($grp =~ m/^e(.*)$/) { + push(@algo, "ecp$1"); + } else { + push(@algo, "modp$grp"); + } }
push(@algos, join("-", @algo)); diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 7964644..af7fda9 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1645,6 +1645,7 @@ 'no modem selected' => 'No modem selected', 'no set selected' => 'No set was selected', 'no time limit' => 'unlimited time', +'none' => 'none', 'none found' => 'none found', 'nonetworkname' => 'No Network Name entered', 'noservicename' => 'No Service Name entered',
hooks/post-receive -- IPFire 2.x development tree