[05/16] vpnmain.cgi: Add field for roadwarrior endpoint

Message ID 20200528175850.12638-6-michael.tremer@ipfire.org
State New
Headers show
Series
  • [01/16] IPsec: Use sane defaults for certificate lifetimes
Related show

Commit Message

Michael Tremer May 28, 2020, 5:58 p.m. UTC
This is the IP address or FQDN which will be written into
Apple Configuration profiles as public peer address.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 doc/language_issues.de   |  2 ++
 doc/language_issues.en   |  2 ++
 doc/language_issues.es   |  2 ++
 doc/language_issues.fr   |  2 ++
 doc/language_issues.it   |  2 ++
 doc/language_issues.nl   |  2 ++
 doc/language_issues.pl   |  2 ++
 doc/language_issues.ru   |  2 ++
 doc/language_issues.tr   |  2 ++
 doc/language_missings    | 16 ++++++++++++++++
 html/cgi-bin/vpnmain.cgi | 21 ++++++++++++++++++++-
 langs/en/cgi-bin/en.pl   |  2 ++
 12 files changed, 56 insertions(+), 1 deletion(-)

Patch

diff --git a/doc/language_issues.de b/doc/language_issues.de
index d53bfa601..4c4a37742 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -800,6 +800,8 @@  WARNING: untranslated string: guardian logtarget_file = unknown string
 WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: no entries = No entries at the moment.
 WARNING: untranslated string: pakfire invalid tree = Invalid repository selected
 WARNING: untranslated string: route config changed = unknown string
diff --git a/doc/language_issues.en b/doc/language_issues.en
index dc40a08bb..9bef2930c 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1169,9 +1169,11 @@  WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: iptmangles = IPTable Mangles
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 933e99eca..57a20d214 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1150,9 +1150,11 @@  WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index fd9f8296c..3fe75fd07 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -839,6 +839,8 @@  WARNING: untranslated string: guardian logtarget_file = unknown string
 WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: pakfire ago = ago.
 WARNING: untranslated string: route config changed = unknown string
 WARNING: untranslated string: routing config added = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index e77b1ef3f..53cd94b90 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -986,8 +986,10 @@  WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index ca6dec27e..85a9cd587 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -995,8 +995,10 @@  WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 933e99eca..57a20d214 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1150,9 +1150,11 @@  WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 1fed38304..6ed13933a 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1152,9 +1152,11 @@  WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
 WARNING: untranslated string: ipsec network = IPsec network
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index c716af76d..8821371f7 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -912,8 +912,10 @@  WARNING: untranslated string: ipsec connection = IPsec Connection
 WARNING: untranslated string: ipsec interface mode gre = GRE
 WARNING: untranslated string: ipsec interface mode none = - None (Default) -
 WARNING: untranslated string: ipsec interface mode vti = VTI
+WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
 WARNING: untranslated string: ipsec mode transport = Transport
 WARNING: untranslated string: ipsec mode tunnel = Tunnel
+WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
 WARNING: untranslated string: ipsec routing table entries = IPsec Routing Table Entries
 WARNING: untranslated string: ipsec settings = IPsec Settings
 WARNING: untranslated string: itlb multihit = iTLB MultiHit
diff --git a/doc/language_missings b/doc/language_missings
index cff74f9b0..3034db5ba 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -37,6 +37,8 @@ 
 < g.dtm
 < g.lite
 < insert removable device
+< ipsec invalid ip address or fqdn for rw endpoint
+< ipsec roadwarrior endpoint
 < no entries
 < notes
 < okay
@@ -568,10 +570,12 @@ 
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
 < ipsec network
 < ipsec no connections
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -923,6 +927,8 @@ 
 < download apple profile
 < g.dtm
 < g.lite
+< ipsec invalid ip address or fqdn for rw endpoint
+< ipsec roadwarrior endpoint
 < upload fcdsl.o
 ############################################################################
 # Checking cgi-bin translations for language: it                           #
@@ -1135,8 +1141,10 @@ 
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -1509,8 +1517,10 @@ 
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -2204,10 +2214,12 @@ 
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
 < ipsec network
 < ipsec no connections
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -3060,10 +3072,12 @@ 
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
 < ipsec network
 < ipsec no connections
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
@@ -3472,8 +3486,10 @@ 
 < ipsec interface mode gre
 < ipsec interface mode none
 < ipsec interface mode vti
+< ipsec invalid ip address or fqdn for rw endpoint
 < ipsec mode transport
 < ipsec mode tunnel
+< ipsec roadwarrior endpoint
 < ipsec routing table entries
 < ipsec settings
 < itlb multihit
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index c004b6087..61efcc72c 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -26,6 +26,7 @@  use File::Copy;
 use File::Temp qw/ tempfile tempdir /;
 use strict;
 use Sort::Naturally;
+use Sys::Hostname;
 # enable only the following on debugging purpose
 #use warnings;
 #use CGI::Carp 'fatalsToBrowser';
@@ -112,6 +113,7 @@  $cgiparams{'ROOTCERT_EMAIL'} = '';
 $cgiparams{'ROOTCERT_OU'} = '';
 $cgiparams{'ROOTCERT_CITY'} = '';
 $cgiparams{'ROOTCERT_STATE'} = '';
+$cgiparams{'RW_ENDPOINT'} = '';
 $cgiparams{'RW_NET'} = '';
 $cgiparams{'DPD_DELAY'} = '30';
 $cgiparams{'DPD_TIMEOUT'} = '120';
@@ -507,12 +509,18 @@  if ($ENV{"REMOTE_ADDR"} eq "") {
 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
 	&General::readhash("${General::swroot}/vpn/settings", \%vpnsettings);
 
+	if ($cgiparams{'RW_ENDPOINT'} ne '' && !&General::validip($cgiparams{'RW_ENDPOINT'}) && !&General::validfqdn($cgiparams{'RW_ENDPOINT'})) {
+		$errormessage = $Lang::tr{'ipsec invalid ip address or fqdn for rw endpoint'};
+		goto SAVE_ERROR;
+	}
+
 	if ( $cgiparams{'RW_NET'} ne '' and !&General::validipandmask($cgiparams{'RW_NET'}) ) {
 		$errormessage = $Lang::tr{'urlfilter invalid ip or mask error'};
 		goto SAVE_ERROR;
 	}
 
 	$vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
+	$vpnsettings{'RW_ENDPOINT'} = $cgiparams{'RW_ENDPOINT'};
 	$vpnsettings{'RW_NET'} = $cgiparams{'RW_NET'};
 	&General::writehash("${General::swroot}/vpn/settings", \%vpnsettings);
 	&writeipsecfiles();
@@ -1182,6 +1190,10 @@  END
 
 # Export Apple profile to browser
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download apple profile'}) {
+	# Read global configuration
+	&General::readhash("${General::swroot}/vpn/settings", \%vpnsettings);
+
+	# Read connections
 	&General::readhasharray("${General::swroot}/vpn/config", \%confighash);
 	my $key = $cgiparams{'KEY'};
 
@@ -1209,6 +1221,9 @@  END
 	print "Content-Disposition: attachment; filename=" . $confighash{$key}[1] . ".mobileconfig\n";
 	print "\n"; # end headers
 
+	# Use our own FQDN if nothing else is configured
+	my $endpoint = ($vpnsettings{'RW_ENDPOINT'} ne "") ? $vpnsettings{'RW_ENDPOINT'} : &hostname();
+
 	print "<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n";
 	print "<plist version=\"1.0\">\n";
 	print "	<dict>\n";
@@ -1240,7 +1255,7 @@  END
 	print "				<key>IKEv2</key>\n";
 	print "				<dict>\n";
 	print "					<key>RemoteAddress</key>\n";
-	print "					<string>18.206.152.26</string>\n";
+	print "					<string>$endpoint</string>\n";
 
 	# Left ID
 	if ($confighash{$key}[9]) {
@@ -3081,6 +3096,10 @@  EOF
 				<input type='checkbox' name='ENABLED' $checked{'ENABLED'} />
 			</td>
 		</tr>
+		<tr>
+			<td class='base' nowrap='nowrap' width="60%">$Lang::tr{'ipsec roadwarrior endpoint'}:</td>
+			<td width="40%"><input type='text' name='RW_ENDPOINT' value='$cgiparams{'RW_ENDPOINT'}' /></td>
+		</tr>
 		<tr>
 			<td class='base' nowrap='nowrap' width="60%">$Lang::tr{'host to net vpn'}:</td>
 			<td width="40%"><input type='text' name='RW_NET' value='$cgiparams{'RW_NET'}' /></td>
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index aaf1d4978..54e8c404a 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1550,10 +1550,12 @@ 
 'ipsec interface mode gre' => 'GRE',
 'ipsec interface mode none' => '- None (Default) -',
 'ipsec interface mode vti' => 'VTI',
+'ipsec invalid ip address or fqdn for rw endpoint' => 'Invalid IP address or FQDN for Host-to-Net Endpoint',
 'ipsec mode transport' => 'Transport',
 'ipsec mode tunnel' => 'Tunnel',
 'ipsec network' => 'IPsec network',
 'ipsec no connections' => 'No active IPsec connections',
+'ipsec roadwarrior endpoint' => 'Host-to-Net Endpoint',
 'ipsec routing table entries' => 'IPsec Routing Table Entries',
 'ipsec settings' => 'IPsec Settings',
 'iptable rules' => 'IPTable rules',