[git.ipfire.org] IPFire 2.x development tree branch, next, updated. dcb406cc675c42f9add4a41c8a1e07eea7c3ab08

[git@ipfire.org]

[-- Attachment #1: Type: text/plain, Size: 13946 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  dcb406cc675c42f9add4a41c8a1e07eea7c3ab08 (commit)
      from  ef784313d101fee621e3273cf14eb59cf43bbb10 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit dcb406cc675c42f9add4a41c8a1e07eea7c3ab08
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Feb 15 10:11:58 2017 +0000

    IPsec: Allow to create on-demand connections
    
    This will create IPsec VPN connections with auto=route set
    instead of auto=start which will cause the connection being
    created, but not brought up yet.
    
    As soon as the first packet is received, the connection will
    be established and data will be passed through it.
    
    This allows IPFire to handle more VPN connections on weaker
    systems and avoids negotiating many connections which are
    rarely used.
    
    Suggested-by: Tom Rymes <tomvend(a)rymes.com>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
    Fixes: #10733

-----------------------------------------------------------------------

Summary of changes:
 doc/language_issues.es   |  3 +++
 doc/language_issues.fr   |  3 +++
 doc/language_issues.it   |  3 +++
 doc/language_issues.nl   |  3 +++
 doc/language_issues.pl   |  3 +++
 doc/language_issues.ru   |  3 +++
 doc/language_issues.tr   |  3 +++
 doc/language_missings    | 12 ++++++++++++
 html/cgi-bin/vpnmain.cgi | 43 +++++++++++++++++++++++++++++++------------
 langs/de/cgi-bin/de.pl   |  3 +++
 langs/en/cgi-bin/en.pl   |  3 +++
 11 files changed, 70 insertions(+), 12 deletions(-)

Difference in files:
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 60ba499..36d4a82 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1144,6 +1144,9 @@ WARNING: untranslated string: vendor
 WARNING: untranslated string: visit us at
 WARNING: untranslated string: vpn force mobike
 WARNING: untranslated string: vpn keyexchange
+WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action route
+WARNING: untranslated string: vpn start action start
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
 WARNING: untranslated string: vpn statistics n2n
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 863b529..b21c338 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -1161,6 +1161,9 @@ WARNING: untranslated string: vendor
 WARNING: untranslated string: visit us at
 WARNING: untranslated string: vpn force mobike
 WARNING: untranslated string: vpn keyexchange
+WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action route
+WARNING: untranslated string: vpn start action start
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
 WARNING: untranslated string: vpn statistics n2n
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 6efef40..e723028 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -819,6 +819,9 @@ WARNING: untranslated string: unblock
 WARNING: untranslated string: unblock all
 WARNING: untranslated string: uncheck all
 WARNING: untranslated string: vpn force mobike
+WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action route
+WARNING: untranslated string: vpn start action start
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
 WARNING: untranslated string: vpn statistics n2n
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index c9b10dc..22a8934 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -867,6 +867,9 @@ WARNING: untranslated string: uncheck all
 WARNING: untranslated string: upload dh key
 WARNING: untranslated string: vendor
 WARNING: untranslated string: vpn force mobike
+WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action route
+WARNING: untranslated string: vpn start action start
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
 WARNING: untranslated string: vpn statistics n2n
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 60ba499..36d4a82 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1144,6 +1144,9 @@ WARNING: untranslated string: vendor
 WARNING: untranslated string: visit us at
 WARNING: untranslated string: vpn force mobike
 WARNING: untranslated string: vpn keyexchange
+WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action route
+WARNING: untranslated string: vpn start action start
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
 WARNING: untranslated string: vpn statistics n2n
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 255df2f..fc727d6 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1139,6 +1139,9 @@ WARNING: untranslated string: vendor
 WARNING: untranslated string: visit us at
 WARNING: untranslated string: vpn force mobike
 WARNING: untranslated string: vpn keyexchange
+WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action route
+WARNING: untranslated string: vpn start action start
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
 WARNING: untranslated string: vpn statistics n2n
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 8cf2dfe..59c9046 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -752,4 +752,7 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action route
+WARNING: untranslated string: vpn start action start
 WARNING: untranslated string: vpn statistics n2n
diff --git a/doc/language_missings b/doc/language_missings
index 32e1e48..49def61 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -561,6 +561,9 @@
 < vendor
 < visit us at
 < vpn keyexchange
+< vpn start action
+< vpn start action route
+< vpn start action start
 < vpn statistic n2n
 < vpn statistic rw
 < wlanap access point
@@ -1175,6 +1178,9 @@
 < vendor
 < visit us at
 < vpn keyexchange
+< vpn start action
+< vpn start action route
+< vpn start action start
 < vpn statistic n2n
 < vpn statistic rw
 < wlanap country
@@ -1754,6 +1760,9 @@
 < vendor
 < visit us at
 < vpn keyexchange
+< vpn start action
+< vpn start action route
+< vpn start action start
 < vpn statistic n2n
 < vpn statistic rw
 < wlanap country
@@ -2338,6 +2347,9 @@
 < vendor
 < visit us at
 < vpn keyexchange
+< vpn start action
+< vpn start action route
+< vpn start action start
 < vpn statistic n2n
 < vpn statistic rw
 < week-graph
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index f1cffb8..b6469c0 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -108,6 +108,7 @@ $cgiparams{'RW_NET'} = '';
 $cgiparams{'DPD_DELAY'} = '30';
 $cgiparams{'DPD_TIMEOUT'} = '120';
 $cgiparams{'FORCE_MOBIKE'} = 'off';
+$cgiparams{'START_ACTION'} = 'start';
 &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
 
 ###
@@ -401,12 +402,17 @@ sub writeipsecfiles {
 			print CONF "\trightrsasigkey=%cert\n";
 		}
 
+		my $start_action = $lconfighash{$key}[33];
+		if (!$start_action) {
+			$start_action = "start";
+		}
+
 		# Automatically start only if a net-to-net connection
 		if ($lconfighash{$key}[3] eq 'host') {
 			print CONF "\tauto=add\n";
 			print CONF "\trightsourceip=$lvpnsettings{'RW_NET'}\n";
 		} else {
-			print CONF "\tauto=start\n";
+			print CONF "\tauto=$start_action\n";
 		}
 
 		# Fragmentation
@@ -1778,7 +1784,7 @@ END
 	my $key = $cgiparams{'KEY'};
 	if (! $key) {
 		$key = &General::findhasharraykey (\%confighash);
-		foreach my $i (0 .. 32) { $confighash{$key}[$i] = "";}
+		foreach my $i (0 .. 33) { $confighash{$key}[$i] = "";}
 	}
 	$confighash{$key}[0] = $cgiparams{'ENABLED'};
 	$confighash{$key}[1] = $cgiparams{'NAME'};
@@ -2256,6 +2262,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		$confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'};
 		$confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'};
 		$confighash{$cgiparams{'KEY'}}[32] = $cgiparams{'FORCE_MOBIKE'};
+		$confighash{$cgiparams{'KEY'}}[33] = $cgiparams{'START_ACTION'};
 		&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 		&writeipsecfiles();
 		if (&vpnenabled) {
@@ -2283,6 +2290,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		$cgiparams{'DPD_TIMEOUT'}		= $confighash{$cgiparams{'KEY'}}[30];
 		$cgiparams{'DPD_DELAY'}			= $confighash{$cgiparams{'KEY'}}[31];
 		$cgiparams{'FORCE_MOBIKE'}		= $confighash{$cgiparams{'KEY'}}[32];
+		$cgiparams{'START_ACTION'}		= $confighash{$cgiparams{'KEY'}}[33];
 
 		if (!$cgiparams{'DPD_DELAY'}) {
 			$cgiparams{'DPD_DELAY'} = 30;
@@ -2291,6 +2299,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		if (!$cgiparams{'DPD_TIMEOUT'}) {
 			$cgiparams{'DPD_TIMEOUT'} = 120;
 		}
+
+		if (!$cgiparams{'START_ACTION'}) {
+			$cgiparams{'START_ACTION'} = "start";
+		}
 	}
 
 	ADVANCED_ERROR:
@@ -2387,6 +2399,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	$selected{'DPD_ACTION'}{'none'} = '';
 	$selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
 
+	$selected{'START_ACTION'}{'route'} = '';
+	$selected{'START_ACTION'}{'start'} = '';
+	$selected{'START_ACTION'}{$cgiparams{'START_ACTION'}} = "selected='selected'";
+
 	&Header::showhttpheaders();
 	&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -2406,7 +2422,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	}
 
 	&Header::openbox('100%', 'left', "$Lang::tr{'advanced'}:");
-	print <<EOF
+	print <<EOF;
 	<form method='post' enctype='multipart/form-data' action='$ENV{'SCRIPT_NAME'}'>
 	<input type='hidden' name='ADVANCED' value='yes' />
 	<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
@@ -2599,9 +2615,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 				IKE+ESP: $Lang::tr{'use only proposed settings'}
 			</label>
 		</td>
+		<td>
+			<label>$Lang::tr{'vpn start action'}</label>
+			<select name="START_ACTION">
+				<option value="route" $selected{'START_ACTION'}{'route'}>$Lang::tr{'vpn start action route'}</option>
+				<option value="start" $selected{'START_ACTION'}{'start'}>$Lang::tr{'vpn start action start'}</option>
+			</select>
+		</td>
 	</tr>
 	<tr>
-		<td>
+		<td colspan="2">
 			<label>
 				<input type='checkbox' name='PFS' $checked{'PFS'} />
 				$Lang::tr{'pfs yes no'}
@@ -2609,7 +2632,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		</td>
 	</tr>
 	<tr>
-		<td>
+		<td colspan="2">
 			<label>
 				<input type='checkbox' name='COMPRESSION' $checked{'COMPRESSION'} />
 				$Lang::tr{'vpn payload compression'}
@@ -2617,20 +2640,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		</td>
 	</tr>
 	<tr>
-		<td>
+		<td colspan="2">
 			<label>
 				<input type='checkbox' name='FORCE_MOBIKE' $checked{'FORCE_MOBIKE'} />
 				$Lang::tr{'vpn force mobike'}
 			</label>
 		</td>
 	</tr>
-EOF
-;
-
-	print <<EOF;
 	<tr>
-		<td align='left' colspan='1'><img src='/blob.gif' align='top' alt='*' />&nbsp;$Lang::tr{'required field'}</td>
-		<td align='right' colspan='2'>
+		<td align='left'><img src='/blob.gif' align='top' alt='*' />&nbsp;$Lang::tr{'required field'}</td>
+		<td align='right'>
 			<input type='submit' name='ACTION' value='$Lang::tr{'save'}' />
 			<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' />
 		</td>
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 54f3ae1..867bff7 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -2618,6 +2618,9 @@
 'vpn payload compression' => 'Datennutzlast-Kompression aushandeln',
 'vpn red name' => 'Öffentliche IP oder FQDN für das rote Interface oder <%defaultroute>',
 'vpn remote id' => 'Remote ID',
+'vpn start action' => 'Startaktion',
+'vpn start action route' => 'On Demand',
+'vpn start action start' => 'Immer An',
 'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
 'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
 'vpn subjectaltname' => 'Subjekt Alternativer Name',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index a04d994..5333c13 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2663,6 +2663,9 @@
 'vpn payload compression' => 'Negotiate payload compression',
 'vpn red name' => 'Public IP or FQDN for RED interface or <%defaultroute>',
 'vpn remote id' => 'Remote ID',
+'vpn start action' => 'Start Action',
+'vpn start action route' => 'On Demand',
+'vpn start action start' => 'Always On',
 'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
 'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
 'vpn subjectaltname' => 'Subject Alt Name',


hooks/post-receive
--
IPFire 2.x development tree