This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, fifteen has been updated via f5e106c42ab1fcb54f2d4c2605dfbe213b5b792a (commit) via af8750fdc2c974899c35114a7340f51a09516bd9 (commit) via d2d87f2ca06349f63d025e12dafda1b910956e40 (commit) via 4ad0b5b680e7d72f391434a9bad0a2dfc61fee92 (commit) via afd5d8f76e725ac910c238e94f2282f78bce5da7 (commit) via cbb3a8f91e2e7aa220b5bc9e9773fa4547f0ce85 (commit) via 4e156911cc45c2788bfa7e04561e2a7e550c68b8 (commit) from 277060a472c826541885b40392e0d5a96ba1cf97 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit f5e106c42ab1fcb54f2d4c2605dfbe213b5b792a Merge: 277060a af8750f Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 17:55:57 2014 +0100
Merge remote-tracking branch 'ms/ipsec-dpd' into fifteen
commit af8750fdc2c974899c35114a7340f51a09516bd9 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 17:54:10 2014 +0100
Update translations.
commit d2d87f2ca06349f63d025e12dafda1b910956e40 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 17:50:44 2014 +0100
IPsec: Make connection configuration more pleasant for the eye.
commit 4ad0b5b680e7d72f391434a9bad0a2dfc61fee92 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 17:08:35 2014 +0100
IPsec: Move IKE protocol option to advanced settings page.
commit afd5d8f76e725ac910c238e94f2282f78bce5da7 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 17:00:30 2014 +0100
IPsec: Allow to disable DPD.
commit cbb3a8f91e2e7aa220b5bc9e9773fa4547f0ce85 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 01:37:00 2014 +0100
IPsec: Fix and enhance DPD configuration.
Also the action option has now moved to the advanced settings page and the design has been improved.
commit 4e156911cc45c2788bfa7e04561e2a7e550c68b8 Author: Alexander Marx alexander.marx@ipfire.org Date: Tue Jan 7 00:38:36 2014 +0100
IPsec: Add DPD configuration options to advanced settings.
-----------------------------------------------------------------------
Summary of changes: doc/language_issues.de | 3 +- doc/language_issues.en | 2 +- doc/language_issues.es | 7 ++ doc/language_issues.fr | 7 ++ doc/language_issues.nl | 7 ++ doc/language_issues.pl | 7 ++ doc/language_issues.ru | 7 ++ doc/language_issues.tr | 7 ++ doc/language_missings | 16 ++++ html/cgi-bin/vpnmain.cgi | 231 +++++++++++++++++++++++++++++++++++------------ langs/de/cgi-bin/de.pl | 4 + langs/en/cgi-bin/en.pl | 7 +- 12 files changed, 242 insertions(+), 63 deletions(-)
Difference in files: diff --git a/doc/language_issues.de b/doc/language_issues.de index bcc0214..02c9990 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -150,6 +150,7 @@ WARNING: translation string unused: eciadsl upload WARNING: translation string unused: edit network WARNING: translation string unused: edit service WARNING: translation string unused: editor +WARNING: translation string unused: eg WARNING: translation string unused: email server can not be empty WARNING: translation string unused: enable javascript WARNING: translation string unused: enabled on @@ -198,7 +199,6 @@ WARNING: translation string unused: from warn email bad WARNING: translation string unused: fwdfw MODE1 WARNING: translation string unused: fwdfw MODE2 WARNING: translation string unused: fwdfw err prot_port1 -WARNING: translation string unused: fwdfw err tgt_port WARNING: translation string unused: fwdfw final_rule WARNING: translation string unused: fwdfw from WARNING: translation string unused: fwdfw ipsec network @@ -572,6 +572,7 @@ WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: bytes WARNING: untranslated string: community rules +WARNING: untranslated string: dead peer detection WARNING: untranslated string: emerging rules WARNING: untranslated string: fwhost err hostip WARNING: untranslated string: new diff --git a/doc/language_issues.en b/doc/language_issues.en index 1eccc80..b6b506f 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -173,6 +173,7 @@ WARNING: translation string unused: eciadsl upload WARNING: translation string unused: edit network WARNING: translation string unused: edit service WARNING: translation string unused: editor +WARNING: translation string unused: eg WARNING: translation string unused: email server can not be empty WARNING: translation string unused: enable javascript WARNING: translation string unused: enabled on @@ -221,7 +222,6 @@ WARNING: translation string unused: from warn email bad WARNING: translation string unused: fwdfw MODE1 WARNING: translation string unused: fwdfw MODE2 WARNING: translation string unused: fwdfw err prot_port1 -WARNING: translation string unused: fwdfw err tgt_port WARNING: translation string unused: fwdfw final_rule WARNING: translation string unused: fwdfw from WARNING: translation string unused: fwdfw ipsec network diff --git a/doc/language_issues.es b/doc/language_issues.es index 6b6424a..d32c90a 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -167,6 +167,7 @@ WARNING: translation string unused: eciadsl upload WARNING: translation string unused: edit network WARNING: translation string unused: edit service WARNING: translation string unused: editor +WARNING: translation string unused: eg WARNING: translation string unused: email server can not be empty WARNING: translation string unused: enable javascript WARNING: translation string unused: enabled on @@ -595,6 +596,7 @@ WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet WARNING: untranslated string: ccd used +WARNING: untranslated string: dead peer detection WARNING: untranslated string: default ip WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: dnat address @@ -605,6 +607,8 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: dpd delay +WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action WARNING: untranslated string: drop action1 WARNING: untranslated string: drop action2 @@ -664,6 +668,7 @@ WARNING: untranslated string: fwdfw err src_addr WARNING: untranslated string: fwdfw err tgt_addr WARNING: untranslated string: fwdfw err tgt_grp WARNING: untranslated string: fwdfw err tgt_mac +WARNING: untranslated string: fwdfw err tgt_port WARNING: untranslated string: fwdfw err time WARNING: untranslated string: fwdfw external port nat WARNING: untranslated string: fwdfw hint ip1 @@ -774,6 +779,8 @@ WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: grouptype WARNING: untranslated string: integrity +WARNING: untranslated string: invalid input for dpd delay +WARNING: untranslated string: invalid input for dpd timeout WARNING: untranslated string: least preferred WARNING: untranslated string: lifetime WARNING: untranslated string: minute diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 2f7f60d..344c234 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -167,6 +167,7 @@ WARNING: translation string unused: eciadsl upload WARNING: translation string unused: edit network WARNING: translation string unused: edit service WARNING: translation string unused: editor +WARNING: translation string unused: eg WARNING: translation string unused: email server can not be empty WARNING: translation string unused: enable javascript WARNING: translation string unused: enabled on @@ -597,6 +598,7 @@ WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet WARNING: untranslated string: ccd used +WARNING: untranslated string: dead peer detection WARNING: untranslated string: default ip WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: dnat address @@ -608,6 +610,8 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: dpd delay +WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action WARNING: untranslated string: drop action1 WARNING: untranslated string: drop action2 @@ -667,6 +671,7 @@ WARNING: untranslated string: fwdfw err src_addr WARNING: untranslated string: fwdfw err tgt_addr WARNING: untranslated string: fwdfw err tgt_grp WARNING: untranslated string: fwdfw err tgt_mac +WARNING: untranslated string: fwdfw err tgt_port WARNING: untranslated string: fwdfw err time WARNING: untranslated string: fwdfw external port nat WARNING: untranslated string: fwdfw hint ip1 @@ -777,6 +782,8 @@ WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: grouptype WARNING: untranslated string: integrity +WARNING: untranslated string: invalid input for dpd delay +WARNING: untranslated string: invalid input for dpd timeout WARNING: untranslated string: least preferred WARNING: untranslated string: lifetime WARNING: untranslated string: minute diff --git a/doc/language_issues.nl b/doc/language_issues.nl index d543069..44d92e5 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -169,6 +169,7 @@ WARNING: translation string unused: eciadsl upload WARNING: translation string unused: edit network WARNING: translation string unused: edit service WARNING: translation string unused: editor +WARNING: translation string unused: eg WARNING: translation string unused: email server can not be empty WARNING: translation string unused: enable javascript WARNING: translation string unused: enabled on @@ -563,6 +564,7 @@ WARNING: untranslated string: advproxy errmsg proxy ports equal WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: bytes WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: dead peer detection WARNING: untranslated string: default ip WARNING: untranslated string: dnat address WARNING: untranslated string: dnsforward @@ -572,6 +574,8 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: dpd delay +WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action WARNING: untranslated string: drop action1 WARNING: untranslated string: drop action2 @@ -613,6 +617,7 @@ WARNING: untranslated string: fwdfw err src_addr WARNING: untranslated string: fwdfw err tgt_addr WARNING: untranslated string: fwdfw err tgt_grp WARNING: untranslated string: fwdfw err tgt_mac +WARNING: untranslated string: fwdfw err tgt_port WARNING: untranslated string: fwdfw err time WARNING: untranslated string: fwdfw external port nat WARNING: untranslated string: fwdfw hint ip1 @@ -723,6 +728,8 @@ WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: grouptype WARNING: untranslated string: integrity +WARNING: untranslated string: invalid input for dpd delay +WARNING: untranslated string: invalid input for dpd timeout WARNING: untranslated string: least preferred WARNING: untranslated string: lifetime WARNING: untranslated string: most preferred diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 6b6424a..d32c90a 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -167,6 +167,7 @@ WARNING: translation string unused: eciadsl upload WARNING: translation string unused: edit network WARNING: translation string unused: edit service WARNING: translation string unused: editor +WARNING: translation string unused: eg WARNING: translation string unused: email server can not be empty WARNING: translation string unused: enable javascript WARNING: translation string unused: enabled on @@ -595,6 +596,7 @@ WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet WARNING: untranslated string: ccd used +WARNING: untranslated string: dead peer detection WARNING: untranslated string: default ip WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: dnat address @@ -605,6 +607,8 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: dpd delay +WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action WARNING: untranslated string: drop action1 WARNING: untranslated string: drop action2 @@ -664,6 +668,7 @@ WARNING: untranslated string: fwdfw err src_addr WARNING: untranslated string: fwdfw err tgt_addr WARNING: untranslated string: fwdfw err tgt_grp WARNING: untranslated string: fwdfw err tgt_mac +WARNING: untranslated string: fwdfw err tgt_port WARNING: untranslated string: fwdfw err time WARNING: untranslated string: fwdfw external port nat WARNING: untranslated string: fwdfw hint ip1 @@ -774,6 +779,8 @@ WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: grouptype WARNING: untranslated string: integrity +WARNING: untranslated string: invalid input for dpd delay +WARNING: untranslated string: invalid input for dpd timeout WARNING: untranslated string: least preferred WARNING: untranslated string: lifetime WARNING: untranslated string: minute diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 5a1296b..09c6930 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -166,6 +166,7 @@ WARNING: translation string unused: eciadsl upload WARNING: translation string unused: edit network WARNING: translation string unused: edit service WARNING: translation string unused: editor +WARNING: translation string unused: eg WARNING: translation string unused: email server can not be empty WARNING: translation string unused: enable javascript WARNING: translation string unused: enabled on @@ -590,6 +591,7 @@ WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet WARNING: untranslated string: ccd used WARNING: untranslated string: community rules +WARNING: untranslated string: dead peer detection WARNING: untranslated string: default ip WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: disk access per @@ -601,6 +603,8 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: dpd delay +WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action WARNING: untranslated string: drop action1 WARNING: untranslated string: drop action2 @@ -650,6 +654,7 @@ WARNING: untranslated string: fwdfw err src_addr WARNING: untranslated string: fwdfw err tgt_addr WARNING: untranslated string: fwdfw err tgt_grp WARNING: untranslated string: fwdfw err tgt_mac +WARNING: untranslated string: fwdfw err tgt_port WARNING: untranslated string: fwdfw err time WARNING: untranslated string: fwdfw external port nat WARNING: untranslated string: fwdfw hint ip1 @@ -761,6 +766,8 @@ WARNING: untranslated string: fwhost welcome WARNING: untranslated string: grouptype WARNING: untranslated string: incoming traffic in bytes per second WARNING: untranslated string: integrity +WARNING: untranslated string: invalid input for dpd delay +WARNING: untranslated string: invalid input for dpd timeout WARNING: untranslated string: least preferred WARNING: untranslated string: lifetime WARNING: untranslated string: minute diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 299c74d..07ee128 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -174,6 +174,7 @@ WARNING: translation string unused: eciadsl upload WARNING: translation string unused: edit network WARNING: translation string unused: edit service WARNING: translation string unused: editor +WARNING: translation string unused: eg WARNING: translation string unused: email server can not be empty WARNING: translation string unused: enable javascript WARNING: translation string unused: enabled on @@ -576,8 +577,11 @@ WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy errmsg proxy ports equal WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: bytes +WARNING: untranslated string: dead peer detection WARNING: untranslated string: default ip WARNING: untranslated string: dnat address +WARNING: untranslated string: dpd delay +WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action WARNING: untranslated string: drop action1 WARNING: untranslated string: drop action2 @@ -619,6 +623,7 @@ WARNING: untranslated string: fwdfw err src_addr WARNING: untranslated string: fwdfw err tgt_addr WARNING: untranslated string: fwdfw err tgt_grp WARNING: untranslated string: fwdfw err tgt_mac +WARNING: untranslated string: fwdfw err tgt_port WARNING: untranslated string: fwdfw err time WARNING: untranslated string: fwdfw external port nat WARNING: untranslated string: fwdfw hint ip1 @@ -729,6 +734,8 @@ WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: grouptype WARNING: untranslated string: integrity +WARNING: untranslated string: invalid input for dpd delay +WARNING: untranslated string: invalid input for dpd timeout WARNING: untranslated string: least preferred WARNING: untranslated string: lifetime WARNING: untranslated string: most preferred diff --git a/doc/language_missings b/doc/language_missings index 86f45b0..952e1e5 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -70,6 +70,8 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone +< dpd delay +< dpd timeout < drop action < drop action1 < drop action2 @@ -268,6 +270,8 @@ < fw settings ruletable < grouptype < integrity +< invalid input for dpd delay +< invalid input for dpd timeout < least preferred < lifetime < minute @@ -488,6 +492,8 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone +< dpd delay +< dpd timeout < drop action < drop action1 < drop action2 @@ -686,6 +692,8 @@ < fw settings ruletable < grouptype < integrity +< invalid input for dpd delay +< invalid input for dpd timeout < least preferred < lifetime < minute @@ -898,6 +906,8 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone +< dpd delay +< dpd timeout < drop action < drop action1 < drop action2 @@ -1088,6 +1098,8 @@ < fw settings ruletable < grouptype < integrity +< invalid input for dpd delay +< invalid input for dpd timeout < least preferred < lifetime < minute @@ -1287,6 +1299,8 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone +< dpd delay +< dpd timeout < drop action < drop action1 < drop action2 @@ -1481,6 +1495,8 @@ < hour-graph < incoming traffic in bytes per second < integrity +< invalid input for dpd delay +< invalid input for dpd timeout < least preferred < lifetime < minute diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 64bf17e..af68d50 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -104,7 +104,8 @@ $cgiparams{'ROOTCERT_OU'} = ''; $cgiparams{'ROOTCERT_CITY'} = ''; $cgiparams{'ROOTCERT_STATE'} = ''; $cgiparams{'RW_NET'} = ''; - +$cgiparams{'DPD_DELAY'} = '30'; +$cgiparams{'DPD_TIMEOUT'} = '120'; &Header::getcgihash(%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
### @@ -384,9 +385,27 @@ sub writeipsecfiles { print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on');
# Dead Peer Detection - print CONF "\tdpddelay=30\n"; - print CONF "\tdpdtimeout=120\n"; - print CONF "\tdpdaction=$lconfighash{$key}[27]\n"; + my $dpdaction = $lconfighash{$key}[27]; + print CONF "\tdpdaction=$dpdaction\n"; + + # If the dead peer detection is disabled and IKEv2 is used, + # dpddelay must be set to zero, too. + if ($dpdaction eq "none") { + if ($lconfighash{$key}[29] eq "ikev2") { + print CONF "\tdpddelay=0\n"; + } + } else { + my $dpddelay = $lconfighash{$key}[30]; + if (!$dpddelay) { + $dpddelay = 30; + } + print CONF "\tdpddelay=$dpddelay\n"; + my $dpdtimeout = $lconfighash{$key}[31]; + if (!$dpdtimeout) { + $dpdtimeout = 120; + } + print CONF "\tdpdtimeout=$dpdtimeout\n"; + }
# Build Authentication details: LEFTid RIGHTid : PSK psk my $psk_line; @@ -1274,6 +1293,16 @@ END $cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28]; $cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14]; + $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30]; + $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31]; + + if (!$cgiparams{'DPD_DELAY'}) { + $cgiparams{'DPD_DELAY'} = 30; + } + + if (!$cgiparams{'DPD_TIMEOUT'}) { + $cgiparams{'DPD_TIMEOUT'} = 120; + }
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); @@ -1748,7 +1777,7 @@ END my $key = $cgiparams{'KEY'}; if (! $key) { $key = &General::findhasharraykey (%confighash); - foreach my $i (0 .. 28) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} } $confighash{$key}[0] = $cgiparams{'ENABLED'}; $confighash{$key}[1] = $cgiparams{'NAME'}; @@ -1788,6 +1817,8 @@ END $confighash{$key}[24] = $cgiparams{'ONLY_PROPOSED'}; $confighash{$key}[28] = $cgiparams{'PFS'}; $confighash{$key}[14] = $cgiparams{'VHOST'}; + $confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'}; + $confighash{$key}[31] = $cgiparams{'DPD_DELAY'};
#free unused fields! $confighash{$key}[6] = 'off'; @@ -1823,9 +1854,17 @@ END
# choose appropriate dpd action if ($cgiparams{'TYPE'} eq 'host') { - $cgiparams{'DPD_ACTION'} = 'clear'; + $cgiparams{'DPD_ACTION'} = 'clear'; } else { - $cgiparams{'DPD_ACTION'} = 'restart'; + $cgiparams{'DPD_ACTION'} = 'restart'; + } + + if (!$cgiparams{'DPD_DELAY'}) { + $cgiparams{'DPD_DELAY'} = 30; + } + + if (!$cgiparams{'DPD_TIMEOUT'}) { + $cgiparams{'DPD_TIMEOUT'} = 120; }
# Default IKE Version to v2 @@ -1869,15 +1908,6 @@ END $checked{'AUTH'}{'auth-dn'} = ''; $checked{'AUTH'}{$cgiparams{'AUTH'}} = "checked='checked'";
- $selected{'DPD_ACTION'}{'clear'} = ''; - $selected{'DPD_ACTION'}{'hold'} = ''; - $selected{'DPD_ACTION'}{'restart'} = ''; - $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'"; - - $selected{'IKE_VERSION'}{'ikev1'} = ''; - $selected{'IKE_VERSION'}{'ikev2'} = ''; - $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'"; - &Header::showhttpheaders(); &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -1898,6 +1928,7 @@ END print "<form method='post' enctype='multipart/form-data' action='$ENV{'SCRIPT_NAME'}'>"; print<<END <input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' /> + <input type='hidden' name='IKE_VERSION' value='$cgiparams{'IKE_VERSION'}' /> <input type='hidden' name='IKE_ENCRYPTION' value='$cgiparams{'IKE_ENCRYPTION'}' /> <input type='hidden' name='IKE_INTEGRITY' value='$cgiparams{'IKE_INTEGRITY'}' /> <input type='hidden' name='IKE_GROUPTYPE' value='$cgiparams{'IKE_GROUPTYPE'}' /> @@ -1910,23 +1941,30 @@ END <input type='hidden' name='ONLY_PROPOSED' value='$cgiparams{'ONLY_PROPOSED'}' /> <input type='hidden' name='PFS' value='$cgiparams{'PFS'}' /> <input type='hidden' name='VHOST' value='$cgiparams{'VHOST'}' /> + <input type='hidden' name='DPD_ACTION' value='$cgiparams{'DPD_ACTION'}' /> + <input type='hidden' name='DPD_DELAY' value='$cgiparams{'DPD_DELAY'}' /> + <input type='hidden' name='DPD_TIMEOUT' value='$cgiparams{'DPD_TIMEOUT'}' /> END ; if ($cgiparams{'KEY'}) { print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />"; + print "<input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />"; print "<input type='hidden' name='AUTH' value='$cgiparams{'AUTH'}' />"; }
- &Header::openbox('100%', 'left', "$Lang::tr{'connection'}:"); + &Header::openbox('100%', 'left', "$Lang::tr{'connection'}: $cgiparams{'NAME'}"); print "<table width='100%'>"; - print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>"; - if ($cgiparams{'KEY'}) { - print "<td width='25%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' /><b>$cgiparams{'NAME'}</b></td>"; - } else { - print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' size='30' /></td>"; + if (!$cgiparams{'KEY'}) { + print <<EOF; + <tr> + <td width='20%'>$Lang::tr{'name'}:</td> + <td width='30%'> + <input type='text' name='NAME' value='$cgiparams{'NAME'}' size='25' /> + </td> + <td colspan="2"></td> + </tr> +EOF } - print "<td>$Lang::tr{'enabled'}</td><td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td></tr>"; - print '</tr><td><br /></td><tr>';
my $disabled; my $blob; @@ -1937,44 +1975,41 @@ END
print <<END <tr> - <td class='boldbase'>$Lang::tr{'remote host/ip'}: $blob</td> - <td> - <input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size='30' /> - </td> - <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td> - <td> - <input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' /> + <td width='20%'>$Lang::tr{'enabled'}</td> + <td width='30%'> + <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /> + </td> + <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'local subnet'}</td> + <td width='30%'> + <input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size="25" /> </td> </tr> <tr> - <td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td> - <td colspan='3'> - <input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' /> + <td class='boldbase' width='20%'>$Lang::tr{'remote host/ip'}: $blob</td> + <td width='30%'> + <input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size="25" /> + </td> + <td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'}</td> + <td width='30%'> + <input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size="25" /> </td> </tr> <tr> - <td class='boldbase'>$Lang::tr{'vpn local id'}:<br />($Lang::tr{'eg'} <tt>@xy.example.com</tt>)</td> - <td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td> - <td class='boldbase'>$Lang::tr{'vpn remote id'}:</td> - <td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td> - </tr><tr> - </tr><td><br /></td><tr> - <td>$Lang::tr{'vpn keyexchange'}:</td> - <td><select name='IKE_VERSION'> - <option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option> - <option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option> - </select> + <td class='boldbase' width='20%'>$Lang::tr{'vpn local id'}:</td> + <td width='30%'> + <input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' size="25" /> </td> - <td>$Lang::tr{'dpd action'}:</td> - <td><select name='DPD_ACTION'> - <option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option> - <option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option> - <option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option> - </select> + <td class='boldbase' width='20%'>$Lang::tr{'vpn remote id'}:</td> + <td width='30%'> + <input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' size="25" /> + </td> + </tr> + <tr><td colspan="4"><br /></td></tr> + <tr> + <td class='boldbase' width='20%'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></td> + <td colspan='3'> + <input type='text' name='REMARK' value='$cgiparams{'REMARK'}' maxlength='50' size="73" /> </td> - </tr><tr> - <td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></td> - <td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td> </tr> END ; @@ -2184,6 +2219,17 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; }
+ if ($cgiparams{'DPD_DELAY'} !~ /^\d+$/) { + $errormessage = $Lang::tr{'invalid input for dpd delay'}; + goto ADVANCED_ERROR; + } + + if ($cgiparams{'DPD_TIMEOUT'} !~ /^\d+$/) { + $errormessage = $Lang::tr{'invalid input for dpd timeout'}; + goto ADVANCED_ERROR; + } + + $confighash{$cgiparams{'KEY'}}[29] = $cgiparams{'IKE_VERSION'}; $confighash{$cgiparams{'KEY'}}[18] = $cgiparams{'IKE_ENCRYPTION'}; $confighash{$cgiparams{'KEY'}}[19] = $cgiparams{'IKE_INTEGRITY'}; $confighash{$cgiparams{'KEY'}}[20] = $cgiparams{'IKE_GROUPTYPE'}; @@ -2197,6 +2243,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'}; $confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'}; $confighash{$cgiparams{'KEY'}}[14] = $cgiparams{'VHOST'}; + $confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'DPD_ACTION'}; + $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'}; + $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'}; &General::writehasharray("${General::swroot}/vpn/config", %confighash); &writeipsecfiles(); if (&vpnenabled) { @@ -2205,6 +2254,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || } goto ADVANCED_END; } else { + $cgiparams{'IKE_VERSION'} = $confighash{$cgiparams{'KEY'}}[29]; $cgiparams{'IKE_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[18]; $cgiparams{'IKE_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[19]; $cgiparams{'IKE_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[20]; @@ -2217,6 +2267,17 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28]; $cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14]; + $cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27]; + $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30]; + $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31]; + + if (!$cgiparams{'DPD_DELAY'}) { + $cgiparams{'DPD_DELAY'} = 30; + } + + if (!$cgiparams{'DPD_TIMEOUT'}) { + $cgiparams{'DPD_TIMEOUT'} = 120; + }
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net' || $confighash{$cgiparams{'KEY'}}[10]) { $cgiparams{'VHOST'} = 'off'; @@ -2279,6 +2340,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ; $checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ? "checked='checked'" : '' ;
+ $selected{'IKE_VERSION'}{'ikev1'} = ''; + $selected{'IKE_VERSION'}{'ikev2'} = ''; + $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'"; + + $selected{'DPD_ACTION'}{'clear'} = ''; + $selected{'DPD_ACTION'}{'hold'} = ''; + $selected{'DPD_ACTION'}{'restart'} = ''; + $selected{'DPD_ACTION'}{'none'} = ''; + $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'"; + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -2306,14 +2377,24 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || <table width='100%'> <thead> <tr> - <th></th> + <th width="15%"></th> <th>IKE</th> <th>ESP</th> </tr> </thead> <tbody> <tr> - <td class='boldbase'>$Lang::tr{'encryption'}</td> + <td>$Lang::tr{'vpn keyexchange'}:</td> + <td> + <select name='IKE_VERSION'> + <option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option> + <option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option> + </select> + </td> + <td></td> + </tr> + <tr> + <td class='boldbase' width="15%">$Lang::tr{'encryption'}</td> <td class='boldbase'> <select name='IKE_ENCRYPTION' multiple='multiple' size='6' style='width: 100%'> <option value='aes256' $checked{'IKE_ENCRYPTION'}{'aes256'}>AES (256 bit)</option> @@ -2339,7 +2420,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || </tr>
<tr> - <td class='boldbase'>$Lang::tr{'integrity'}</td> + <td class='boldbase' width="15%">$Lang::tr{'integrity'}</td> <td class='boldbase'> <select name='IKE_INTEGRITY' multiple='multiple' size='6' style='width: 100%'> <option value='sha2_512' $checked{'IKE_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option> @@ -2362,7 +2443,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || </td> </tr> <tr> - <td class='boldbase'>$Lang::tr{'lifetime'}</td> + <td class='boldbase' width="15%">$Lang::tr{'lifetime'}</td> <td class='boldbase'> <input type='text' name='IKE_LIFETIME' value='$cgiparams{'IKE_LIFETIME'}' size='5' /> $Lang::tr{'hours'} </td> @@ -2371,7 +2452,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || </td> </tr> <tr> - <td class='boldbase'>$Lang::tr{'grouptype'}</td> + <td class='boldbase' width="15%">$Lang::tr{'grouptype'}</td> <td class='boldbase'> <select name='IKE_GROUPTYPE' multiple='multiple' size='6' style='width: 100%'> <option value='e521' $checked{'IKE_GROUPTYPE'}{'e521'}>ECP-521 (NIST)</option> @@ -2400,6 +2481,36 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || </tbody> </table>
+ <br><br> + + <h2>$Lang::tr{'dead peer detection'}</h2> + + <table width="100%"> + <tr> + <td width="15%">$Lang::tr{'dpd action'}:</td> + <td> + <select name='DPD_ACTION'> + <option value='none' $selected{'DPD_ACTION'}{'none'}>- $Lang::tr{'disabled'} -</option> + <option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option> + <option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option> + <option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option> + </select> + </td> + </tr> + <tr> + <td width="15%">$Lang::tr{'dpd timeout'}:</td> + <td> + <input type='text' name='DPD_TIMEOUT' size='5' value='$cgiparams{'DPD_TIMEOUT'}' /> + </td> + </tr> + <tr> + <td width="15%">$Lang::tr{'dpd delay'}:</td> + <td> + <input type='text' name='DPD_DELAY' size='5' value='$cgiparams{'DPD_DELAY'}' /> + </td> + </tr> + </table> + <hr>
<table width="100%"> @@ -2441,7 +2552,7 @@ EOF
print <<EOF; <tr> - <td align='right'> + <td align='right' colspan='2'> <input type='submit' name='ACTION' value='$Lang::tr{'save'}' /> <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /> </td> diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 01cd3f6..568f057 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -749,6 +749,8 @@ 'download pkcs12 file' => 'PKCS12-Datei herunterladen', 'download root certificate' => 'Root-Zertifikat herunterladen', 'dpd action' => 'Aktion für Dead Peer Detection', +'dpd delay' => 'Verzögerung', +'dpd timeout' => 'Zeitüberschreitung', 'driver' => 'Treiber', 'drop action' => 'Standardverhalten der (Forward) Firewall in Modus "Blocked"', 'drop action1' => 'Standardverhalten der (Outgoing) Firewall in Modus "Blocked"', @@ -1209,6 +1211,8 @@ 'invalid input for dhcp dns' => 'Ungültige Eingabe für DHCP DNS', 'invalid input for dhcp domain' => 'Ungültige Eingabe für DHCP Domain', 'invalid input for dhcp wins' => 'Ungültige Eingabe für DHCP WINS', +'invalid input for dpd delay' => 'Ungültige Eingabe für DPD-Verzögerung', +'invalid input for dpd timeout' => 'Ungültige Eingabe für DPD-Zeitüberschreitung', 'invalid input for e-mail address' => 'Ungültige Eingabe für die E-mail Adresse', 'invalid input for esp keylife' => 'Ungültige Eingabe für ESP Schlüssel-Lebensdauer', 'invalid input for hostname' => 'Ungültige Eingabe für Hostname', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index dc38129..451ea79 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -634,6 +634,7 @@ 'ddns noip prefix' => 'To use no-ip in group mode, prefix hostname with <b>%</b>', 'deactivate' => 'deactivate', 'deactivate user' => 'deactivate user', +'dead peer detection' => 'Dead Peer Detection', 'debugme' => 'Not yet implemented', 'december' => 'December', 'deep scan directories' => 'Scan recursive', @@ -772,7 +773,9 @@ 'download new ruleset' => 'Download new ruleset', 'download pkcs12 file' => 'Download PKCS12 file', 'download root certificate' => 'Download root certificate', -'dpd action' => 'Dead Peer Detection action', +'dpd action' => 'Action', +'dpd delay' => 'Delay', +'dpd timeout' => 'Timeout', 'driver' => 'Driver', 'drop action' => 'Default behaviour of (forward) firewall in mode "Blocked"', 'drop action1' => 'Default behaviour of (outgoing) firewall in mode "Blocked"', @@ -1237,6 +1240,8 @@ 'invalid input for dhcp dns' => 'Invalid input for DHCP DNS', 'invalid input for dhcp domain' => 'Invalid input for DHCP domain', 'invalid input for dhcp wins' => 'Invalid input for DHCP WINS', +'invalid input for dpd delay' => 'Invalid input for DPD delay', +'invalid input for dpd timeout' => 'Invalid input for DPD timeout', 'invalid input for e-mail address' => 'Invalid input for e-mail address.', 'invalid input for esp keylife' => 'Invalid input for ESP Keylife', 'invalid input for hostname' => 'Invalid input for hostname.',
hooks/post-receive -- IPFire 2.x development tree