This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 96eddd7ef1606a0785c99be3141738184067da83 (commit) via 4b4b895946d5366ebf091e7d6c3237512cc44063 (commit) via 0d181206ca614936a3f8715e78baaf4850c6127b (commit) via e2e4ed017c1e4eea4ebc14ec6196a6891ae550a7 (commit) from 38ad04851347da66b36d2120254d7c93bf03f26f (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 96eddd7ef1606a0785c99be3141738184067da83 Merge: 4b4b895 38ad048 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jun 26 15:17:30 2011 +0200
Merge branch 'next' of ssh://arne_f@git.ipfire.org/pub/git/ipfire-2.x into next
commit 4b4b895946d5366ebf091e7d6c3237512cc44063 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jun 26 15:16:32 2011 +0200
ipsec: change status display in cgi's for charon.
commit 0d181206ca614936a3f8715e78baaf4850c6127b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jun 26 15:15:12 2011 +0200
ipsec: change ipsecctrl for status and reload of charon.
commit e2e4ed017c1e4eea4ebc14ec6196a6891ae550a7 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jun 26 11:13:58 2011 +0200
ipsec: add ikev1/v2 selectbox to switch from pluto to charon.
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/next/filelists/files | 4 ++++ html/cgi-bin/index.cgi | 4 +++- html/cgi-bin/vpnmain.cgi | 28 +++++++++++++++++++++++++--- src/misc-progs/ipsecctrl.c | 2 ++ src/scripts/vpn-watch | 1 + 5 files changed, 35 insertions(+), 4 deletions(-)
Difference in files: diff --git a/config/rootfiles/core/next/filelists/files b/config/rootfiles/core/next/filelists/files index 89c4631..18df107 100644 --- a/config/rootfiles/core/next/filelists/files +++ b/config/rootfiles/core/next/filelists/files @@ -1,7 +1,11 @@ etc/system-release etc/issue srv/web/ipfire/cgi-bin/extrahd.cgi +srv/web/ipfire/cgi-bin/index.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi var/ipfire/langs/de.pl var/ipfire/langs/en.pl var/ipfire/langs/es.pl var/ipfire/langs/fr.pl +usr/local/bin/ipsecctrl +usr/local/bin/vpn-watch diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index 0dcadb0..32ae7ff 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -369,7 +369,9 @@ END $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; } else { foreach my $line (@status) { - if ($line =~ /"$confighash{$key}[1]".*IPsec SA established/) { + if (($line =~ /"$confighash{$key}[1]".*IPsec SA established/) || + ($line =~/ $confighash{$key}[1][.*ESTABLISHED/ )) + { $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>"; } } diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 76b408d..c412480 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -395,8 +395,11 @@ sub writeipsecfiles { print CONF "\tpfsgroup=$lconfighash{$key}[23]\n"; }
- # IKE V1 - print CONF "\tkeyexchange=ikev1\n"; + # IKE V1 or V2 + if (! $lconfighash{$key}[29]) { + $lconfighash{$key}[29] = "ikev1"; + } + print CONF "\tkeyexchange=$lconfighash{$key}[29]\n";
# Lifetimes print CONF "\tikelifetime=$lconfighash{$key}[16]h\n" if ($lconfighash{$key}[16]); @@ -1288,6 +1291,7 @@ END $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; $cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27]; + $cgiparams{'IKE_VERSION'} = $confighash{$cgiparams{'KEY'}}[29]; $cgiparams{'IKE_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[18]; $cgiparams{'IKE_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[19]; $cgiparams{'IKE_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[20]; @@ -1790,6 +1794,7 @@ END $confighash{$key}[25] = $cgiparams{'REMARK'}; $confighash{$key}[26] = $cgiparams{'INTERFACE'}; $confighash{$key}[27] = $cgiparams{'DPD_ACTION'}; + $confighash{$key}[29] = $cgiparams{'IKE_VERSION'};
#dont forget advanced value $confighash{$key}[18] = $cgiparams{'IKE_ENCRYPTION'}; @@ -1845,6 +1850,11 @@ END $cgiparams{'DPD_ACTION'} = 'restart'; }
+ # Default IKE Version to V1 + if (! $cgiparams{'IKE_VERSION'}) { + $cgiparams{'IKE_VERSION'} = 'ikev1'; + } + # Default is yes for 'pfs' $cgiparams{'PFS'} = 'on'; @@ -1895,6 +1905,10 @@ END $selected{'DPD_ACTION'}{'restart'} = ''; $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
+ $selected{'IKE_VERSION'}{'ikev1'} = ''; + $selected{'IKE_VERSION'}{'ikev2'} = ''; + $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'"; + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -1974,6 +1988,12 @@ END <td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td> </tr><tr> </tr><td><br /></td><tr> + <td>$Lang::tr{'ike version'}:</td> + <td><select name='IKE_VERSION'> + <option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option> + <option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option> + </select></a> + </td> <td>$Lang::tr{'dpd action'}:</td> <td><select name='DPD_ACTION'> <option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option> @@ -2519,7 +2539,9 @@ END # get real state my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; foreach my $line (@status) { - if ($line =~ /"$confighash{$key}[1]".*IPsec SA established/) { + if ($line =~ /"$confighash{$key}[1]".*IPsec SA established/) || + ($line =~ / $confighash{$key}[1][.*ESTABLISHED/)) + { $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>"; } } diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c index 51f6b5a..ae38996 100644 --- a/src/misc-progs/ipsecctrl.c +++ b/src/misc-progs/ipsecctrl.c @@ -178,11 +178,13 @@ int main(int argc, char *argv[]) {
if (strcmp(argv[1], "I") == 0) { safe_system("/usr/sbin/ipsec whack --status"); + safe_system("/usr/sbin/ipsec stroke status"); exit(0); }
if (strcmp(argv[1], "R") == 0) { safe_system("/usr/sbin/ipsec whack --rereadall >/dev/null"); + safe_system("/usr/sbin/ipsec stroke rereadall >/dev/null"); exit(0); }
diff --git a/src/scripts/vpn-watch b/src/scripts/vpn-watch index af646ad..2bd5168 100755 --- a/src/scripts/vpn-watch +++ b/src/scripts/vpn-watch @@ -43,6 +43,7 @@ my $status = `ipsec whack --status`; foreach (@vpnsettings){ my @settings = split(/,/,$_);
+ if ($settings[30] eq 'ikev2'){next;} if ($settings[27] ne 'RED'){next;} if ($settings[4] ne 'net'){next;} if ($settings[1] ne 'on'){next;}chomp($settings[29]);
hooks/post-receive -- IPFire 2.x development tree