From patchwork Tue Jul 10 06:07:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Blais X-Patchwork-Id: 1862 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id 79A176095F for ; Mon, 9 Jul 2018 22:07:57 +0200 (CEST) Received: from mail01.i.ipfire.org (localhost [127.0.0.1]) by mail01.ipfire.org (Postfix) with ESMTP id CD2D1107B211; Mon, 9 Jul 2018 21:07:56 +0100 (BST) Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com [74.125.82.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 1023A107B20A for ; Mon, 9 Jul 2018 21:07:55 +0100 (BST) Received: by mail-wm0-f48.google.com with SMTP id v128-v6so4773790wme.5 for ; Mon, 09 Jul 2018 13:07:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=Tn7nwRwgQE5vxvii+1GZl28EHsFRMsrB1EGFDC9lySo=; b=fQX+rF+W99hXXBehUzH+O6vezGbW94yyP7wX14pHfDnicUWCUUjebgd2CyhStwnl2O lnw/kkipVra/FMyp4HwYymYsCvuheumf9ToURXq0N5hmx5u26jBEkLujTpY5vFk3FmzE Eks7DW9F5mgavkkQbrUWKC5ZGylGUhnNqp11vW5PKeVgFiKWXsZfyZzXrdo1WYmy3CHj 8PchjgDuuXFjwCaOZBLSD63EIeEonwA72tuUsTyT2JefsO9kHYRwA8uwFDMzXo+/f3gq LfWNRMF8IFCJZt/294Dj414bN3Gj7SZzmk0t0NSYzLYuTAD+8eOAJoCiVmQusua+tKv7 7kGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Tn7nwRwgQE5vxvii+1GZl28EHsFRMsrB1EGFDC9lySo=; b=se3s5s/7c+Y/2txhkPQUSH6NR7MeAa8J7iIy1gsgip93Of1tVyYDArAFEyylgaLOeR tADfk8co97LO0rLv9zsm+KZNQTtbaxdEpoMbXu6OWps9CPtfZK7AMjbQpcMHBEYWTQin 2Ibzfnx5W0OpfKeUXzymEpMlu7VoFdwqxF+L5Q63LU4qnvHVBU84EQnxHjsCsYffostl LeMSZA5ZlZwV0Yai5iudWL2I9rn3I60n3lE6cEQzo/K0eamndHtl4qNwTFLl6wVYjdLx rRxkWsqxKNUZXzKNVIltQCNiLWWju9W0IT0DbF5W8a75wH4UfXUFzjifVPodTWduULaN L9pA== X-Gm-Message-State: APt69E13aaXNLdFiAhlcqnh1thsmiSPqAP8BNBjzOD475g8KDImbdGPw RVb2fe/cpis0130ow7GbD/pCZA== X-Google-Smtp-Source: AAOMgpeqi7Tu+FTj0kIdCOWFTfYDAUmixXiUc2skmITPJXHkuVCn5vlOe37eadTUA7+opgkQk2lBhA== X-Received: by 2002:a1c:f308:: with SMTP id q8-v6mr12408134wmq.6.1531166874188; Mon, 09 Jul 2018 13:07:54 -0700 (PDT) Received: from ipfire.dom.jbsky.fr ([62.147.231.53]) by smtp.gmail.com with ESMTPSA id 73-v6sm1337996wmu.37.2018.07.09.13.07.53 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 09 Jul 2018 13:07:53 -0700 (PDT) From: jbsky To: development@lists.ipfire.org Subject: [PATCH 1/2] File modified : html/cgi-bin/vpnmain.cgi Date: Mon, 9 Jul 2018 22:07:31 +0200 Message-Id: <20180709200731.28762-1-blais.julien.30@gmail.com> X-Mailer: git-send-email 2.12.2 Authentication-Results: mail01.ipfire.org; dkim=pass header.d=gmail.com; dmarc=pass (policy=none) header.from=gmail.com; spf=pass smtp.mailfrom=blaisjulien30@gmail.com X-Spamd-Result: default: False [-5.49 / 11.00]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; DMARC_POLICY_ALLOW(-0.25)[gmail.com,none]; TAGGED_RCPT(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; RCPT_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-1.73)[ipnet: 74.125.0.0/16(-4.95), asn: 15169(-3.63), country: US(-0.10)]; BAYES_HAM(-3.00)[100.00%]; RWL_MAILSPIKE_GOOD(0.00)[48.82.125.74.rep.mailspike.net : 127.0.0.18]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:74.125.0.0/16, country:US]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FREEMAIL_CC(0.00)[gmail.com]; FREEMAIL_ENVFROM(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[48.82.125.74.list.dnswl.org : 127.0.5.0]; R_SPF_ALLOW(-0.20)[+ip4:74.125.0.0/16]; RCVD_VIA_SMTP_AUTH(0.00)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCVD_COUNT_THREE(0.00)[3] X-Spam-Status: No, score=-5.49 X-Rspamd-Server: mail01.i.ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Added xauthrsasig option instead of cert in /var/ipfire/vpn/config. By replacing cert with xauth in the 5th place option, the vpn connection is configured to support xauthrsasig, ikev1 is also to be changed manually in the file. --- html/cgi-bin/vpnmain.cgi | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 378acb326..a5c50dbda 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -304,7 +304,7 @@ sub writeipsecfiles { } # Local Cert and Remote Cert (unless auth is DN dn-auth) - if ($lconfighash{$key}[4] eq 'cert') { + if (($lconfighash{$key}[4] eq 'cert')||($lconfighash{$key}[4] eq 'xauthrsasig')) { print CONF "\tleftcert=${General::swroot}/certs/hostcert.pem\n"; print CONF "\trightcert=${General::swroot}/certs/$lconfighash{$key}[1]cert.pem\n" if ($lconfighash{$key}[2] ne '%auth-dn'); } @@ -408,7 +408,12 @@ sub writeipsecfiles { print SECRETS $psk_line; } print CONF "\tauthby=secret\n"; - } else { + } + elsif ($lconfighash{$key}[4] eq 'xauthrsasig') { + print CONF "\tauthby=xauthrsasig\n"; + print CONF "\txauth=server\n"; + } + else { print CONF "\tauthby=rsasig\n"; print CONF "\tleftrsasigkey=%cert\n"; print CONF "\trightrsasigkey=%cert\n"; @@ -2841,7 +2846,7 @@ END print "" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ") $confighash{$key}[29]"; if ($confighash{$key}[2] eq '%auth-dn') { print "$confighash{$key}[9]"; - } elsif ($confighash{$key}[4] eq 'cert') { + } elsif (($confighash{$key}[4] eq 'cert')||($confighash{$key}[4] eq 'xauthrsasig')) { print "$confighash{$key}[2]"; } else { print " "; @@ -2893,7 +2898,7 @@ END } else { print " "; } - if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/certs/$confighash{$key}[1].p12") { + if ((($confighash{$key}[4] eq 'cert')||($confighash{$key}[4] eq 'xauthrsasig')) && -f "${General::swroot}/certs/$confighash{$key}[1].p12") { print <
@@ -2904,7 +2909,7 @@ END END ; - } elsif (($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%auth-dn')) { + } elsif ((($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%auth-dn'))||(($confighash{$key}[4] eq 'xauthrsasig') && ($confighash{$key}[2] ne '%auth-dn'))) { print < From patchwork Tue Jul 10 06:07:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Blais X-Patchwork-Id: 1863 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id B40AF6095F for ; Mon, 9 Jul 2018 22:08:05 +0200 (CEST) Received: from mail01.i.ipfire.org (localhost [127.0.0.1]) by mail01.ipfire.org (Postfix) with ESMTP id 7B4CC10AC46D; Mon, 9 Jul 2018 21:08:05 +0100 (BST) Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com [74.125.82.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id A92FD107B20A for ; Mon, 9 Jul 2018 21:08:03 +0100 (BST) Received: by mail-wm0-f48.google.com with SMTP id v128-v6so4774138wme.5 for ; Mon, 09 Jul 2018 13:08:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=ttkXa1bQub760QBUCz8qWTKxY2ec8ItwG4w5ZBVUqVQ=; b=IdvIH2CeJXQJcusoN86q9/SnedFcbRgCT5sOyl4cKKP8ErKARSz9Wj7HXV2t9FiWt2 TPM+z9tHxu8ZqId54GR6btEs5ckfTRmRb4Ctr3LoBrhLRF4lPskeNdjHEUDnR96OUEUG OZNI0m2GRd4fa1/nboTFiGeEaGwlCRZab6KdFQ7Gpo5WhKz7dTkeXFIBBAlESAxIoaW2 wRSp+mzZQjQmQin7LHKClyE0zfwUh/4pXH8ly6CNm+8qmltk4XvTX+CmHj4VcEo4lILa FdKxRWtrbg7FohnUUASCzF4Rs9dmV78bGeSBAPf/Hg/HrTi59nCIHyIH+BYeLs4O4tnK QnUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=ttkXa1bQub760QBUCz8qWTKxY2ec8ItwG4w5ZBVUqVQ=; b=gt8ZqbM4+kj5X5+S5cZSrcb57P6wdwZabOXsnfbkThK3NuTAU4u8qprB6X7wXX2wkS AOAS7QsxqSqzIGR1Ec4cxeF0I6gB1BuPTfwFVluHu07ev/36AkKJFreqTTsI0qeiFilS ztGdz+mZ/G1n9MO0g4CXZ8Ds+4CDxKFuKkLAWjN+LOEN89d7iLK99s1gXk2qZEzbPeDy VyqTBV/Hk1ydzWUKFd30NHQBIuaqWwdS82x8xuSkkb3dNALLhvM5N4QdjBUSDd+8zr/9 MioZdGFiFsmae2wp+t/b6h9pQfOpnlH3b3hZ+6nr8hn/Q+uEttrDh5at2VYKIceHd9Cz VTOQ== X-Gm-Message-State: APt69E17W4SxjYcHd/hdJRP0FGLpvf7hWeiJHbGenTAAeCM6AAw1Pw4x upnMEyd6u3T6FaPAK0d+zw/1ZA== X-Google-Smtp-Source: AAOMgpd+BLC05zkgOHl7JCpHWWcRlsj4aD7/5+FJRIFvLVftP1/6XISXUeikcYJ9mOaXMYvvkKWUDw== X-Received: by 2002:a1c:e146:: with SMTP id y67-v6mr12186593wmg.108.1531166883100; Mon, 09 Jul 2018 13:08:03 -0700 (PDT) Received: from ipfire.dom.jbsky.fr ([62.147.231.53]) by smtp.gmail.com with ESMTPSA id c10-v6sm15386311wrs.6.2018.07.09.13.08.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 09 Jul 2018 13:08:02 -0700 (PDT) From: jbsky To: development@lists.ipfire.org Subject: [PATCH 2/2] Modified file : html/cgi-bin/connections.cgi Date: Mon, 9 Jul 2018 22:07:40 +0200 Message-Id: <20180709200740.28846-1-blais.julien.30@gmail.com> X-Mailer: git-send-email 2.12.2 Authentication-Results: mail01.ipfire.org; dkim=pass header.d=gmail.com; dmarc=pass (policy=none) header.from=gmail.com; spf=pass smtp.mailfrom=blaisjulien30@gmail.com X-Spamd-Result: default: False [-5.49 / 11.00]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; IP_SCORE(-1.73)[ipnet: 74.125.0.0/16(-4.95), asn: 15169(-3.63), country: US(-0.10)]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RWL_MAILSPIKE_GOOD(0.00)[48.82.125.74.rep.mailspike.net : 127.0.0.18]; DKIM_TRACE(0.00)[gmail.com:+]; TAGGED_RCPT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; RCPT_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; MID_RHS_MATCH_FROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; TAGGED_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:74.125.0.0/16, country:US]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FREEMAIL_CC(0.00)[gmail.com]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; BAYES_HAM(-3.00)[100.00%]; R_SPF_ALLOW(-0.20)[+ip4:74.125.0.0/16]; RCVD_COUNT_THREE(0.00)[3]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[48.82.125.74.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.25)[gmail.com,none] X-Spam-Status: No, score=-5.49 X-Rspamd-Server: mail01.i.ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Add IPSec network in vpn color code. --- html/cgi-bin/connections.cgi | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index e9e9e335c..0e3680d20 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -256,6 +256,15 @@ if (-e "${General::swroot}/ovpn/ccd.conf") { } } +#Add IPSec net + +my %ipsecsettings=(); +&General::readhash("${General::swroot}/vpn/settings", \%ipsecsettings); +my ($network, $mask) = split("/", $ipsecsettings{'RW_NET'}); +push(@network, $network); +push(@masklen, $mask); +push(@colour, ${Header::colourvpn + open(IPSEC, "${General::swroot}/vpn/config"); my @ipsec = ; close(IPSEC);