Bug #8543
closed
IKE Phase 1 configuration not working
100%
Description
issue:
strongSwan uses only AES 128, because keylen is empty in the pfsense config file.
<phase1>
.....
<encryption>
<item>
<encryption-algorithm>
<name>aes</name>
<keylen></keylen>
</encryption-algorithm>
<hash-algorithm>sha256</hash-algorithm>
<dhgroup>14</dhgroup>
</item>
</encryption>A bug in /usr/local/www/vpn_ipsec_phase1.php causes an unselectable Phase 1 'key length' for all algorithms and prevents adding more Phase 1 Proposals.
line 1199:
// algorithm
$('[id^=ealgo_algo]select').change(function () {
id = getStringInt(this.id);
ealgosel_change(id, <?=$keyset?>);
});uses $keyset - which is not defined anywhere in this php file or any included file!. This leads in to the browser javascript call
ealgosel_change(0, );which causes a syntax error in the bowser javascript engine (missing the second parameter) - script processing is stopped and later parts are not executed.
solution:
change this part to
// algorithm
$('[id^=ealgo_algo]select').change(function () {
id = getStringInt(this.id);
ealgosel_change(id, 0);
});or set $keyset to 0 anywhere else in this php file, before it is used here.
IKE (strongSwan) itself and the GUI config dialog are working very well after this change.
Files
Updated by Jim Pingle over 6 years ago
- Status changed from New to Feedback
- Assignee changed from Jim Thompson to Jim Pingle
- Priority changed from Urgent to Normal
I can't replicate this problem here. I see what you mean about that variable not being populated, but the page still functions, keylen is stored, and the strongSwan configuration is correct.
I have tested this in the most recent versions of Firefox and Chrome and both function as expected.
What browser are you using?
Updated by Thomas Eckardt over 6 years ago
I used chrome Version 57.0.2987.133 (64-bit) and MS-IE 11.431.162990 (32 and 64 bit) on Windows 10.
This depends on the JavaScript engine - if it does not stop on syntax errors, the page will work like expected. But if it stops, keylen will be empty and "Add Algorithm" will fail, because the JavaScript code "ealgosel_change(0,);" and the JavaScript code after this line is not executed.
"ealgosel_change(0,);" it self fills the "select" options for keylen -> empty select -> empty keylen -> empty keylen in config -> empty keylen in strongSwan.conf -> AES 128
some lines below in the php file
foreach($pconfig['encryption']['item'] as $key => $p1enc) {
$keylen = $p1enc['encryption-algorithm']['keylen'];
if (!is_numericint($keylen)) {
$keylen = "''";
}
echo "ealgosel_change({$key}, {$keylen});";
}
the JavaScript code "ealgosel_change(0,'');" is produced in case of an empty keylen.
If executed, this line would set the page parameters like expected. My browser JavaScript sessions are stopped before, yours are executing this line.
Simply change the code like suggested - => 0 - and the issue is gone for all browsers.
Thomas
Updated by Jim Pingle over 6 years ago
- Status changed from Feedback to Confirmed
OK, I can replicate it in IE and confirm the fix. Pushing momentarily.
Updated by Jim Pingle over 6 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 50 to 100
Applied in changeset ac976b7e061f19d108a6f60a57ce6866dd0a9499.