Revision 8e461d38
Added by christian christian over 7 years ago
| src/etc/inc/ipsec.inc | ||
|---|---|---|
| 71 | 71 |
"lib" => gettext("StrongSwan Lib")
|
| 72 | 72 |
); |
| 73 | 73 |
|
| 74 |
global $ipsec_identifier_list; |
|
| 75 |
$ipsec_identifier_list = array( |
|
| 76 |
// 'ipv4' => array('desc' => gettext('IPv4 address'), 'mobile' => true),
|
|
| 77 |
// 'ipv6' => array('desc' => gettext('IPv6 address'), 'mobile' => true),
|
|
| 78 |
// 'rfc822' => array('desc' => gettext('RFC822'), 'mobile' => true),
|
|
| 79 |
'none' => array('desc' => '', 'mobile' => true),
|
|
| 80 |
'email' => array('desc' => gettext('E-mail address'), 'mobile' => true),
|
|
| 81 |
'userfqdn' => array('desc' => gettext('User Fully Qualified Domain Name'), 'mobile' => true)
|
|
| 82 |
// 'fqdn' => array('desc' => gettext('Fully Qualified Domain Name'), 'mobile' => true),
|
|
| 83 |
// 'dns' => array('desc' => gettext('DNS'), 'mobile' => true),
|
|
| 84 |
// 'asn1dn' => array('desc' => gettext('ASN.1 Distinguished Name'), 'mobile' => true),
|
|
| 85 |
// 'asn1gn' => array('desc' => gettext('ASN.1 GN'), 'mobile' => true),
|
|
| 86 |
// 'keyid' => array('desc' => gettext('KeyID'), 'mobile' => true)
|
|
| 87 |
); |
|
| 88 |
|
|
| 74 | 89 |
global $my_identifier_list; |
| 75 | 90 |
$my_identifier_list = array( |
| 76 | 91 |
'myaddress' => array('desc' => gettext('My IP address'), 'mobile' => true),
|
| src/etc/inc/vpn.inc | ||
|---|---|---|
| 1438 | 1438 |
continue; |
| 1439 | 1439 |
} |
| 1440 | 1440 |
|
| 1441 |
if (!isset($mkent['pool_address']) || !isset($mkent['pool_netbits'])) {
|
|
| 1441 |
if (!isset($mkent['ident_type']) || !isset($mkent['pool_address']) || !isset($mkent['pool_netbits'])) {
|
|
| 1442 |
continue; |
|
| 1443 |
} |
|
| 1444 |
|
|
| 1445 |
if (strlen($mkent['pool_address'] < 1) || !is_ipaddr($mkent['pool_address'])) {
|
|
| 1442 | 1446 |
continue; |
| 1443 | 1447 |
} |
| 1444 | 1448 |
|
| ... | ... | |
| 1446 | 1450 |
$ipsecfin .= "\talso = con-mobile\n"; |
| 1447 | 1451 |
$ipsecfin .= "\teap_identity = %identity\n"; |
| 1448 | 1452 |
$ipsecfin .= "\trightsourceip = {$mkent['pool_address']}/{$mkent['pool_netbits']}\n";
|
| 1449 |
$ipsecfin .= "\trightid = {$mkent['ident_type']}:{$mkent['ident']}\n";
|
|
| 1453 |
|
|
| 1454 |
if ($mkent['ident_type'] == "none") {
|
|
| 1455 |
$ipsecfin .= "\trightid = \"{$mkent['ident']}\"\n";
|
|
| 1456 |
} |
|
| 1457 |
else {
|
|
| 1458 |
$ipsecfin .= "\trightid = {$mkent['ident_type']}:{$mkent['ident']}\n";
|
|
| 1459 |
} |
|
| 1450 | 1460 |
|
| 1451 | 1461 |
// optional: define left|rightid more granular |
| 1452 | 1462 |
// supported: ipv4, ipv6, rfc822, email, userfqdn, fqdn, dns, asn1dn, asn1gn, keyid |
| src/usr/local/www/vpn_ipsec_keys_edit.php | ||
|---|---|---|
| 49 | 49 |
$pconfig['ident'] = $a_secret[$id]['ident']; |
| 50 | 50 |
$pconfig['type'] = $a_secret[$id]['type']; |
| 51 | 51 |
$pconfig['psk'] = $a_secret[$id]['pre-shared-key']; |
| 52 |
$pconfig['ident_type'] = $a_secret[$id]['ident_type']; |
|
| 53 |
$pconfig['pool_address'] = $a_secret[$id]['pool_address']; |
|
| 54 |
$pconfig['pool_netbits'] = $a_secret[$id]['pool_netbits']; |
|
| 52 | 55 |
} |
| 53 | 56 |
|
| 54 | 57 |
if ($_POST['save']) {
|
| ... | ... | |
| 79 | 82 |
$input_errors[] = gettext("Pre-Shared Key contains invalid characters.");
|
| 80 | 83 |
} |
| 81 | 84 |
|
| 85 |
if (isset($_POST['pool_address']) && strlen($_POST['pool_address'] > 1) && !is_ipaddr($_POST['pool_address'])) {
|
|
| 86 |
$input_errors[] = gettext("A valid IP address for 'Virtual Address Pool Network' must be specified.");
|
|
| 87 |
} |
|
| 88 |
|
|
| 82 | 89 |
if (!$input_errors && !(isset($id) && $a_secret[$id])) {
|
| 83 | 90 |
/* make sure there are no dupes */ |
| 84 | 91 |
foreach ($a_secret as $secretent) {
|
| ... | ... | |
| 98 | 105 |
$secretent['ident'] = $_POST['ident']; |
| 99 | 106 |
$secretent['type'] = $_POST['type']; |
| 100 | 107 |
$secretent['pre-shared-key'] = $_POST['psk']; |
| 108 |
$secretent['ident_type'] = $_POST['ident_type']; |
|
| 109 |
$secretent['pool_address'] = $_POST['pool_address']; |
|
| 110 |
$secretent['pool_netbits'] = $_POST['pool_netbits']; |
|
| 101 | 111 |
$text = ""; |
| 102 | 112 |
|
| 103 | 113 |
if (isset($id) && $a_secret[$id]) {
|
| ... | ... | |
| 116 | 126 |
} |
| 117 | 127 |
} |
| 118 | 128 |
|
| 129 |
function build_ipsecid_list() {
|
|
| 130 |
global $ipsec_identifier_list; |
|
| 131 |
|
|
| 132 |
$list = array(); |
|
| 133 |
|
|
| 134 |
foreach ($ipsec_identifier_list as $id_type => $id_params) {
|
|
| 135 |
$list[$id_type] = htmlspecialchars($id_params['desc']); |
|
| 136 |
} |
|
| 137 |
|
|
| 138 |
return($list); |
|
| 139 |
} |
|
| 140 |
|
|
| 119 | 141 |
$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Pre-Shared Keys"), gettext("Edit"));
|
| 120 | 142 |
$pglinks = array("", "vpn_ipsec.php", "vpn_ipsec_keys.php", "@self");
|
| 121 | 143 |
$shortcut_section = "ipsec"; |
| ... | ... | |
| 150 | 172 |
$pconfig['psk'] |
| 151 | 173 |
)); |
| 152 | 174 |
|
| 175 |
$section->addInput(new Form_Select( |
|
| 176 |
'ident_type', |
|
| 177 |
'*Identifier type', |
|
| 178 |
$pconfig['ident_type'], |
|
| 179 |
build_ipsecid_list() |
|
| 180 |
))->setWidth(4)->setHelp('Optional: specify identifier type for strongswan');
|
|
| 181 |
|
|
| 182 |
$section->addInput(new Form_IpAddress( |
|
| 183 |
'pool_address', |
|
| 184 |
'*IPv4 address', |
|
| 185 |
$pconfig['pool_address'] |
|
| 186 |
))->setWidth(4)->setHelp('Optional: Network configuration for Virtual Address Pool')->addMask(pool_netbits, $pconfig['pool_netbits'], 32, 0);
|
|
| 187 |
|
|
| 153 | 188 |
if (isset($id) && $a_secret[$id]) {
|
| 154 | 189 |
$form->addGlobal(new Form_Input( |
| 155 | 190 |
'id', |
Also available in: Unified diff
extended GUI to manage new feature