This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via dcb406cc675c42f9add4a41c8a1e07eea7c3ab08 (commit) from ef784313d101fee621e3273cf14eb59cf43bbb10 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit dcb406cc675c42f9add4a41c8a1e07eea7c3ab08 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 15 10:11:58 2017 +0000
IPsec: Allow to create on-demand connections
This will create IPsec VPN connections with auto=route set instead of auto=start which will cause the connection being created, but not brought up yet.
As soon as the first packet is received, the connection will be established and data will be passed through it.
This allows IPFire to handle more VPN connections on weaker systems and avoids negotiating many connections which are rarely used.
Suggested-by: Tom Rymes tomvend@rymes.com Signed-off-by: Michael Tremer michael.tremer@ipfire.org Fixes: #10733
-----------------------------------------------------------------------
Summary of changes: doc/language_issues.es | 3 +++ doc/language_issues.fr | 3 +++ doc/language_issues.it | 3 +++ doc/language_issues.nl | 3 +++ doc/language_issues.pl | 3 +++ doc/language_issues.ru | 3 +++ doc/language_issues.tr | 3 +++ doc/language_missings | 12 ++++++++++++ html/cgi-bin/vpnmain.cgi | 43 +++++++++++++++++++++++++++++++------------ langs/de/cgi-bin/de.pl | 3 +++ langs/en/cgi-bin/en.pl | 3 +++ 11 files changed, 70 insertions(+), 12 deletions(-)
Difference in files: diff --git a/doc/language_issues.es b/doc/language_issues.es index 60ba499..36d4a82 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1144,6 +1144,9 @@ WARNING: untranslated string: vendor WARNING: untranslated string: visit us at WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 863b529..b21c338 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -1161,6 +1161,9 @@ WARNING: untranslated string: vendor WARNING: untranslated string: visit us at WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.it b/doc/language_issues.it index 6efef40..e723028 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -819,6 +819,9 @@ WARNING: untranslated string: unblock WARNING: untranslated string: unblock all WARNING: untranslated string: uncheck all WARNING: untranslated string: vpn force mobike +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.nl b/doc/language_issues.nl index c9b10dc..22a8934 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -867,6 +867,9 @@ WARNING: untranslated string: uncheck all WARNING: untranslated string: upload dh key WARNING: untranslated string: vendor WARNING: untranslated string: vpn force mobike +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 60ba499..36d4a82 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1144,6 +1144,9 @@ WARNING: untranslated string: vendor WARNING: untranslated string: visit us at WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 255df2f..fc727d6 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1139,6 +1139,9 @@ WARNING: untranslated string: vendor WARNING: untranslated string: visit us at WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 8cf2dfe..59c9046 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -752,4 +752,7 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_missings b/doc/language_missings index 32e1e48..49def61 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -561,6 +561,9 @@ < vendor < visit us at < vpn keyexchange +< vpn start action +< vpn start action route +< vpn start action start < vpn statistic n2n < vpn statistic rw < wlanap access point @@ -1175,6 +1178,9 @@ < vendor < visit us at < vpn keyexchange +< vpn start action +< vpn start action route +< vpn start action start < vpn statistic n2n < vpn statistic rw < wlanap country @@ -1754,6 +1760,9 @@ < vendor < visit us at < vpn keyexchange +< vpn start action +< vpn start action route +< vpn start action start < vpn statistic n2n < vpn statistic rw < wlanap country @@ -2338,6 +2347,9 @@ < vendor < visit us at < vpn keyexchange +< vpn start action +< vpn start action route +< vpn start action start < vpn statistic n2n < vpn statistic rw < week-graph diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index f1cffb8..b6469c0 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -108,6 +108,7 @@ $cgiparams{'RW_NET'} = ''; $cgiparams{'DPD_DELAY'} = '30'; $cgiparams{'DPD_TIMEOUT'} = '120'; $cgiparams{'FORCE_MOBIKE'} = 'off'; +$cgiparams{'START_ACTION'} = 'start'; &Header::getcgihash(%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
### @@ -401,12 +402,17 @@ sub writeipsecfiles { print CONF "\trightrsasigkey=%cert\n"; }
+ my $start_action = $lconfighash{$key}[33]; + if (!$start_action) { + $start_action = "start"; + } + # Automatically start only if a net-to-net connection if ($lconfighash{$key}[3] eq 'host') { print CONF "\tauto=add\n"; print CONF "\trightsourceip=$lvpnsettings{'RW_NET'}\n"; } else { - print CONF "\tauto=start\n"; + print CONF "\tauto=$start_action\n"; }
# Fragmentation @@ -1778,7 +1784,7 @@ END my $key = $cgiparams{'KEY'}; if (! $key) { $key = &General::findhasharraykey (%confighash); - foreach my $i (0 .. 32) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 33) { $confighash{$key}[$i] = "";} } $confighash{$key}[0] = $cgiparams{'ENABLED'}; $confighash{$key}[1] = $cgiparams{'NAME'}; @@ -2256,6 +2262,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'}; $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'}; $confighash{$cgiparams{'KEY'}}[32] = $cgiparams{'FORCE_MOBIKE'}; + $confighash{$cgiparams{'KEY'}}[33] = $cgiparams{'START_ACTION'}; &General::writehasharray("${General::swroot}/vpn/config", %confighash); &writeipsecfiles(); if (&vpnenabled) { @@ -2283,6 +2290,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30]; $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31]; $cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32]; + $cgiparams{'START_ACTION'} = $confighash{$cgiparams{'KEY'}}[33];
if (!$cgiparams{'DPD_DELAY'}) { $cgiparams{'DPD_DELAY'} = 30; @@ -2291,6 +2299,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || if (!$cgiparams{'DPD_TIMEOUT'}) { $cgiparams{'DPD_TIMEOUT'} = 120; } + + if (!$cgiparams{'START_ACTION'}) { + $cgiparams{'START_ACTION'} = "start"; + } }
ADVANCED_ERROR: @@ -2387,6 +2399,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $selected{'DPD_ACTION'}{'none'} = ''; $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
+ $selected{'START_ACTION'}{'route'} = ''; + $selected{'START_ACTION'}{'start'} = ''; + $selected{'START_ACTION'}{$cgiparams{'START_ACTION'}} = "selected='selected'"; + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'ipsec'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -2406,7 +2422,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || }
&Header::openbox('100%', 'left', "$Lang::tr{'advanced'}:"); - print <<EOF + print <<EOF; <form method='post' enctype='multipart/form-data' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='ADVANCED' value='yes' /> <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' /> @@ -2599,9 +2615,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || IKE+ESP: $Lang::tr{'use only proposed settings'} </label> </td> + <td> + <label>$Lang::tr{'vpn start action'}</label> + <select name="START_ACTION"> + <option value="route" $selected{'START_ACTION'}{'route'}>$Lang::tr{'vpn start action route'}</option> + <option value="start" $selected{'START_ACTION'}{'start'}>$Lang::tr{'vpn start action start'}</option> + </select> + </td> </tr> <tr> - <td> + <td colspan="2"> <label> <input type='checkbox' name='PFS' $checked{'PFS'} /> $Lang::tr{'pfs yes no'} @@ -2609,7 +2632,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || </td> </tr> <tr> - <td> + <td colspan="2"> <label> <input type='checkbox' name='COMPRESSION' $checked{'COMPRESSION'} /> $Lang::tr{'vpn payload compression'} @@ -2617,20 +2640,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || </td> </tr> <tr> - <td> + <td colspan="2"> <label> <input type='checkbox' name='FORCE_MOBIKE' $checked{'FORCE_MOBIKE'} /> $Lang::tr{'vpn force mobike'} </label> </td> </tr> -EOF -; - - print <<EOF; <tr> - <td align='left' colspan='1'><img src='/blob.gif' align='top' alt='*' /> $Lang::tr{'required field'}</td> - <td align='right' colspan='2'> + <td align='left'><img src='/blob.gif' align='top' alt='*' /> $Lang::tr{'required field'}</td> + <td align='right'> <input type='submit' name='ACTION' value='$Lang::tr{'save'}' /> <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /> </td> diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 54f3ae1..867bff7 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -2618,6 +2618,9 @@ 'vpn payload compression' => 'Datennutzlast-Kompression aushandeln', 'vpn red name' => 'Öffentliche IP oder FQDN für das rote Interface oder <%defaultroute>', 'vpn remote id' => 'Remote ID', +'vpn start action' => 'Startaktion', +'vpn start action route' => 'On Demand', +'vpn start action start' => 'Immer An', 'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik', 'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik', 'vpn subjectaltname' => 'Subjekt Alternativer Name', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a04d994..5333c13 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2663,6 +2663,9 @@ 'vpn payload compression' => 'Negotiate payload compression', 'vpn red name' => 'Public IP or FQDN for RED interface or <%defaultroute>', 'vpn remote id' => 'Remote ID', +'vpn start action' => 'Start Action', +'vpn start action route' => 'On Demand', +'vpn start action start' => 'Always On', 'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics', 'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics', 'vpn subjectaltname' => 'Subject Alt Name',
hooks/post-receive -- IPFire 2.x development tree