From patchwork Tue Jul 10 06:07:31 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Blais <blais.julien.30@gmail.com>
X-Patchwork-Id: 1862
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (unknown [172.28.1.200])
	by web02.i.ipfire.org (Postfix) with ESMTP id 79A176095F
	for <patchwork@web02.i.ipfire.org>;
	Mon,  9 Jul 2018 22:07:57 +0200 (CEST)
Received: from mail01.i.ipfire.org (localhost [127.0.0.1])
	by mail01.ipfire.org (Postfix) with ESMTP id CD2D1107B211;
	Mon,  9 Jul 2018 21:07:56 +0100 (BST)
Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com
	[74.125.82.48])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 1023A107B20A
	for <development@lists.ipfire.org>;
	Mon,  9 Jul 2018 21:07:55 +0100 (BST)
Received: by mail-wm0-f48.google.com with SMTP id v128-v6so4773790wme.5
	for <development@lists.ipfire.org>;
	Mon, 09 Jul 2018 13:07:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=Tn7nwRwgQE5vxvii+1GZl28EHsFRMsrB1EGFDC9lySo=;
	b=fQX+rF+W99hXXBehUzH+O6vezGbW94yyP7wX14pHfDnicUWCUUjebgd2CyhStwnl2O
	lnw/kkipVra/FMyp4HwYymYsCvuheumf9ToURXq0N5hmx5u26jBEkLujTpY5vFk3FmzE
	Eks7DW9F5mgavkkQbrUWKC5ZGylGUhnNqp11vW5PKeVgFiKWXsZfyZzXrdo1WYmy3CHj
	8PchjgDuuXFjwCaOZBLSD63EIeEonwA72tuUsTyT2JefsO9kHYRwA8uwFDMzXo+/f3gq
	LfWNRMF8IFCJZt/294Dj414bN3Gj7SZzmk0t0NSYzLYuTAD+8eOAJoCiVmQusua+tKv7
	7kGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=Tn7nwRwgQE5vxvii+1GZl28EHsFRMsrB1EGFDC9lySo=;
	b=se3s5s/7c+Y/2txhkPQUSH6NR7MeAa8J7iIy1gsgip93Of1tVyYDArAFEyylgaLOeR
	tADfk8co97LO0rLv9zsm+KZNQTtbaxdEpoMbXu6OWps9CPtfZK7AMjbQpcMHBEYWTQin
	2Ibzfnx5W0OpfKeUXzymEpMlu7VoFdwqxF+L5Q63LU4qnvHVBU84EQnxHjsCsYffostl
	LeMSZA5ZlZwV0Yai5iudWL2I9rn3I60n3lE6cEQzo/K0eamndHtl4qNwTFLl6wVYjdLx
	rRxkWsqxKNUZXzKNVIltQCNiLWWju9W0IT0DbF5W8a75wH4UfXUFzjifVPodTWduULaN
	L9pA==
X-Gm-Message-State: APt69E13aaXNLdFiAhlcqnh1thsmiSPqAP8BNBjzOD475g8KDImbdGPw
	RVb2fe/cpis0130ow7GbD/pCZA==
X-Google-Smtp-Source: 
 AAOMgpeqi7Tu+FTj0kIdCOWFTfYDAUmixXiUc2skmITPJXHkuVCn5vlOe37eadTUA7+opgkQk2lBhA==
X-Received: by 2002:a1c:f308:: with SMTP id
	q8-v6mr12408134wmq.6.1531166874188;
	Mon, 09 Jul 2018 13:07:54 -0700 (PDT)
Received: from ipfire.dom.jbsky.fr ([62.147.231.53])
	by smtp.gmail.com with ESMTPSA id
	73-v6sm1337996wmu.37.2018.07.09.13.07.53
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Mon, 09 Jul 2018 13:07:53 -0700 (PDT)
From: jbsky <blais.julien.30@gmail.com>
To: development@lists.ipfire.org
Subject: [PATCH 1/2] File modified : html/cgi-bin/vpnmain.cgi
Date: Mon,  9 Jul 2018 22:07:31 +0200
Message-Id: <20180709200731.28762-1-blais.julien.30@gmail.com>
X-Mailer: git-send-email 2.12.2
Authentication-Results: mail01.ipfire.org; dkim=pass header.d=gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass smtp.mailfrom=blaisjulien30@gmail.com
X-Spamd-Result: default: False [-5.49 / 11.00]; TO_DN_SOME(0.00)[];
	FREEMAIL_FROM(0.00)[gmail.com];
	DMARC_POLICY_ALLOW(-0.25)[gmail.com,none]; TAGGED_RCPT(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org];
	RCPT_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[];
	R_DKIM_ALLOW(-0.20)[gmail.com]; MIME_GOOD(-0.10)[text/plain];
	IP_SCORE(-1.73)[ipnet: 74.125.0.0/16(-4.95), asn: 15169(-3.63),
	country: US(-0.10)]; BAYES_HAM(-3.00)[100.00%];
	RWL_MAILSPIKE_GOOD(0.00)[48.82.125.74.rep.mailspike.net : 127.0.0.18];
	MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[];
	ASN(0.00)[asn:15169, ipnet:74.125.0.0/16, country:US];
	TO_MATCH_ENVRCPT_SOME(0.00)[]; FREEMAIL_CC(0.00)[gmail.com];
	FREEMAIL_ENVFROM(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[];
	ARC_NA(0.00)[]; RCVD_TLS_LAST(0.00)[];
	RCVD_IN_DNSWL_NONE(0.00)[48.82.125.74.list.dnswl.org : 127.0.5.0];
	R_SPF_ALLOW(-0.20)[+ip4:74.125.0.0/16];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com];
	RCVD_COUNT_THREE(0.00)[3]
X-Spam-Status: No, score=-5.49
X-Rspamd-Server: mail01.i.ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
	<mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <https://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
	<mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Added xauthrsasig option instead of cert in /var/ipfire/vpn/config.
By replacing cert with xauth in the 5th place option, the vpn connection is configured to support xauthrsasig, ikev1 is also to be changed manually in the file.
---
 html/cgi-bin/vpnmain.cgi | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 378acb326..a5c50dbda 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -304,7 +304,7 @@ sub writeipsecfiles {
 		}
 
 		# Local Cert and Remote Cert (unless auth is DN dn-auth)
-		if ($lconfighash{$key}[4] eq 'cert') {
+		if (($lconfighash{$key}[4] eq 'cert')||($lconfighash{$key}[4] eq 'xauthrsasig')) {
 			print CONF "\tleftcert=${General::swroot}/certs/hostcert.pem\n";
 			print CONF "\trightcert=${General::swroot}/certs/$lconfighash{$key}[1]cert.pem\n" if ($lconfighash{$key}[2] ne '%auth-dn');
 		}
@@ -408,7 +408,12 @@ sub writeipsecfiles {
 				print SECRETS $psk_line;
 			}
 			print CONF "\tauthby=secret\n";
-		} else {
+		}
+		elsif ($lconfighash{$key}[4] eq 'xauthrsasig') {
+			print CONF "\tauthby=xauthrsasig\n";
+			print CONF "\txauth=server\n";
+		} 
+		else {
 			print CONF "\tauthby=rsasig\n";
 			print CONF "\tleftrsasigkey=%cert\n";
 			print CONF "\trightrsasigkey=%cert\n";
@@ -2841,7 +2846,7 @@ END
 	print "<td align='center' nowrap='nowrap' $col>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ") $confighash{$key}[29]</td>";
 	if ($confighash{$key}[2] eq '%auth-dn') {
 		print "<td align='left' nowrap='nowrap' $col>$confighash{$key}[9]</td>";
-	} elsif ($confighash{$key}[4] eq 'cert') {
+	} elsif (($confighash{$key}[4] eq 'cert')||($confighash{$key}[4] eq 'xauthrsasig')) {
 		print "<td align='left' nowrap='nowrap' $col>$confighash{$key}[2]</td>";
 	} else {
 		print "<td align='left' $col>&nbsp;</td>";
@@ -2893,7 +2898,7 @@ END
 	} else {
 		print "<td width='2%' $col>&nbsp;</td>";
 	}
-	if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/certs/$confighash{$key}[1].p12") {
+	if ((($confighash{$key}[4] eq 'cert')||($confighash{$key}[4] eq 'xauthrsasig')) && -f "${General::swroot}/certs/$confighash{$key}[1].p12") {
 		print <<END
 		<td align='center' $col>
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
@@ -2904,7 +2909,7 @@ END
 	</td>
 END
 ;
-	} elsif (($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%auth-dn')) {
+	} elsif ((($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%auth-dn'))||(($confighash{$key}[4] eq 'xauthrsasig') && ($confighash{$key}[2] ne '%auth-dn'))) {
 		print <<END
 		<td align='center' $col>
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>