Project

General

Profile

Actions

Bug #8543

closed

IKE Phase 1 configuration not working

Added by Thomas Eckardt almost 6 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
05/28/2018
Due date:
% Done:

100%

Estimated time:
0.50 h
Plus Target Version:
Release Notes:
Affected Version:
2.4.3_1
Affected Architecture:
All

Description

issue:

strongSwan uses only AES 128, because keylen is empty in the pfsense config file.

<phase1> 
.....
<encryption>
<item>
<encryption-algorithm>
<name>aes</name>
<keylen></keylen>
</encryption-algorithm>
<hash-algorithm>sha256</hash-algorithm>
<dhgroup>14</dhgroup>
</item>
</encryption>

A bug in /usr/local/www/vpn_ipsec_phase1.php causes an unselectable Phase 1 'key length' for all algorithms and prevents adding more Phase 1 Proposals.

line 1199:

// algorithm 
$('[id^=ealgo_algo]select').change(function () {
id = getStringInt(this.id);
ealgosel_change(id, <?=$keyset?>);
});

uses $keyset - which is not defined anywhere in this php file or any included file!. This leads in to the browser javascript call

ealgosel_change(0, );

which causes a syntax error in the bowser javascript engine (missing the second parameter) - script processing is stopped and later parts are not executed.

solution:

change this part to

// algorithm 
$('[id^=ealgo_algo]select').change(function () {
id = getStringInt(this.id);
ealgosel_change(id, 0);
});

or set $keyset to 0 anywhere else in this php file, before it is used here.

IKE (strongSwan) itself and the GUI config dialog are working very well after this change.


Files

vpn_ipsec_phase1.php (34.8 KB) vpn_ipsec_phase1.php the changed working file Thomas Eckardt, 05/28/2018 11:55 PM
Actions

Also available in: Atom PDF