[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 6ab7955c31ab01cf8fcac874fd5553bc9da89049
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 6ab7955c31ab01cf8fcac874fd5553bc9da89049 (commit) via 6cdde6c0bb08508cbbbc9fe430421098e1e1999f (commit) via 26dfc86a7be473138c60e1a869e51b30db346a0f (commit) via 0d33245b56127b333fd4cc63f9abbc09cab42116 (commit) from 83803caf386c3a7fd55215ecad348131be56bba6 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 6ab7955c31ab01cf8fcac874fd5553bc9da89049 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 20 18:47:51 2013 +0200
Add IPsec ECP changes to core update 72.
commit 6cdde6c0bb08508cbbbc9fe430421098e1e1999f Merge: 26dfc86 83803ca Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 20 18:47:36 2013 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit 26dfc86a7be473138c60e1a869e51b30db346a0f Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 20 12:49:46 2013 +0200
ipsec: Add ECP cryptography.
Allow selecting ECDH for IPsec VPN connections.
commit 0d33245b56127b333fd4cc63f9abbc09cab42116 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jul 18 21:22:10 2013 +0200
strongswan: Update rootfile.
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/strongswan | 1 + config/rootfiles/core/72/filelists/files | 1 + html/cgi-bin/vpnmain.cgi | 28 +++++++++++++++++++++++----- 3 files changed, 25 insertions(+), 5 deletions(-)
Difference in files: diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan index c94ce6f..627b8d2 100644 --- a/config/rootfiles/common/strongswan +++ b/config/rootfiles/common/strongswan @@ -73,6 +73,7 @@ usr/lib/ipsec/plugins/libstrongswan-socket-default.so usr/lib/ipsec/plugins/libstrongswan-stroke.so usr/lib/ipsec/plugins/libstrongswan-updown.so usr/lib/ipsec/plugins/libstrongswan-x509.so +usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so usr/lib/ipsec/plugins/libstrongswan-xauth-generic.so usr/lib/ipsec/plugins/libstrongswan-xcbc.so #usr/libexec/ipsec diff --git a/config/rootfiles/core/72/filelists/files b/config/rootfiles/core/72/filelists/files index efa4759..7ab00d4 100644 --- a/config/rootfiles/core/72/filelists/files +++ b/config/rootfiles/core/72/filelists/files @@ -1,3 +1,4 @@ etc/system-release etc/issue +srv/web/ipfire/cgi-bin/vpnmain.cgi usr/local/bin/openvpnctrl diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 26f1793..2e3ef9a 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -316,9 +316,16 @@ sub writeipsecfiles { foreach my $j (@ints) { foreach my $k (@groups) { if ($comma != 0) { print CONF ","; } else { $comma = 1; } - print CONF "$i-$j-modp$k"; - } + + my @l = split("", $k); + if ($l[0] eq "e") { + shift @l; + print CONF "$i-$j-ecp".join("", @l); + } else { + print CONF "$i-$j-modp$k"; + } } + } } if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms? print CONF "!\n"; @@ -339,7 +346,12 @@ sub writeipsecfiles { foreach my $k (@groups) { if ($comma != 0) { print CONF ","; } else { $comma = 1; } if ($pfs eq "on") { - $modp = "-modp$k"; + my @l = split("", $k); + if ($l[0] eq "e") { + $modp = ""; + } else { + $modp = "-modp$k"; + } } else { $modp = ""; } @@ -411,7 +423,7 @@ sub writeipsecfiles {
# Hook to regenerate the configuration files. if ($ENV{"REMOTE_ADDR"} eq "") { - writeipsecfiles; + writeipsecfiles(); exit(0); }
@@ -2111,7 +2123,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) { + if ($val !~ /^(e521|e384|e256|e224|e192|1024|1536|2048|3072|4096|6144|8192)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2147,6 +2159,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || } } if ($cgiparams{'ESP_GROUPTYPE'} ne '' && + $cgiparams{'ESP_GROUPTYPE'} !~ /^ecp(192|224|256|384|512)$/ && $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096|6144|8192)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; @@ -2305,6 +2318,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || <td class='boldbase' align='right' valign='top'>$Lang::tr{'ike grouptype'}</td><td class='boldbase' valign='top'> <select name='IKE_GROUPTYPE' multiple='multiple' size='4'> + <option value='e521' $checked{'IKE_GROUPTYPE'}{'e521'}>ECP-521</option> + <option value='e384' $checked{'IKE_GROUPTYPE'}{'e384'}>ECP-384</option> + <option value='e256' $checked{'IKE_GROUPTYPE'}{'e256'}>ECP-256</option> + <option value='e224' $checked{'IKE_GROUPTYPE'}{'e224'}>ECP-224</option> + <option value='e192' $checked{'IKE_GROUPTYPE'}{'e192'}>ECP-192</option> <option value='8192' $checked{'IKE_GROUPTYPE'}{'8192'}>MODP-8192</option> <option value='6144' $checked{'IKE_GROUPTYPE'}{'6144'}>MODP-6144</option> <option value='4096' $checked{'IKE_GROUPTYPE'}{'4096'}>MODP-4096</option>
hooks/post-receive -- IPFire 2.x development tree
-
git@ipfire.org