webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Removed unsupported ipsec debug options and modp768.

Browse Source
This commit is contained in:
Arne Fitzenreiter
2010-05-15 13:30:19 +02:00
parent e3c5d22a6f
commit 63249c6777
3 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/rootfiles/core/38/update.sh
View File

@@ -179,10 +179,13 @@ fi
mv /var/ipfire/vpn/ipsec.conf /var/ipfire/vpn/ipsec.conf.org
cat /var/ipfire/vpn/ipsec.conf.org | \
grep -v "disablearrivalcheck=" | \
grep -v "klipsdebug=" | \
grep -v "leftfirewall=" | \
grep -v "charonstart=" | \
grep -v "aggrmode=" > /var/ipfire/vpn/ipsec.conf
sed -i "s|ipsec[0-9]=||g" /var/ipfire/vpn/ipsec.conf
sed -i "s|nat_t ||g" /var/ipfire/vpn/ipsec.conf
sed -i "s|klips ||g" /var/ipfire/vpn/ipsec.conf
sed -i "s|^conn [A-Za-z].*$|&\n\tleftfirewall=yes|g" /var/ipfire/vpn/ipsec.conf
sed -i "s|^config setup$|&\n\tcharonstart=no|g" /var/ipfire/vpn/ipsec.conf
chown nobody:nobody /var/ipfire/vpn/ipsec.conf

0
html/cgi-bin/services.cgi Executable file → Normal file
View File

23
html/cgi-bin/vpnmain.cgi
View File

@@ -257,9 +257,9 @@ sub writeipsecfiles {
my $plutodebug = ''; # build debug list
map ($plutodebug .= $lvpnsettings{$_} eq 'on' ? lc (substr($_,4)).' ' : '',
('DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
'DBG_DNS'));
$plutodebug = 'none' if $plutodebug eq ''; # if nothing selected, use 'none'.
print CONF "\tklipsdebug=\"none\"\n";
#print CONF "\tklipsdebug=\"none\"\n";
print CONF "\tplutodebug=\"$plutodebug\"\n";
# deprecated in ipsec.conf version 2
#print CONF "\tplutoload=%search\n";
@@ -452,7 +452,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
map ($vpnsettings{$_} = $cgiparams{$_},
('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
'DBG_DNS'));
$vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
$vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'};
@@ -2117,7 +2117,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
if ($val !~ /^(768|1024|1536|2048|3072|4096|6144|8192)$/) {
if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2153,7 +2153,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
}
}
if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
$cgiparams{'ESP_GROUPTYPE'} !~ /^modp(768|1024|1536|2048|3072|4096)$/) {
$cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2238,6 +2238,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$checked{'IKE_GROUPTYPE'}{'8192'} = '';
@temp = split('\|', $cgiparams{'IKE_GROUPTYPE'});
foreach my $key (@temp) {$checked{'IKE_GROUPTYPE'}{$key} = "selected='selected'"; }
# 768 is not supported by strongswan
$checked{'IKE_GROUPTYPE'}{'768'} = '';
$checked{'ESP_ENCRYPTION'}{'aes256'} = '';
$checked{'ESP_ENCRYPTION'}{'aes128'} = '';
$checked{'ESP_ENCRYPTION'}{'3des'} = '';
@@ -2303,7 +2308,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<option value='2048' $checked{'IKE_GROUPTYPE'}{'2048'}>MODP-2048</option>
<option value='1536' $checked{'IKE_GROUPTYPE'}{'1536'}>MODP-1536</option>
<option value='1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024</option>
<option value='768' $checked{'IKE_GROUPTYPE'}{'768'}>MODP-768</option>
</select></td>
</tr><tr>
<td class='boldbase' align='right' valign='top'>$Lang::tr{'ike lifetime'}</td><td class='boldbase' valign='top'>
@@ -2396,7 +2400,7 @@ EOF
$checked{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'} eq 'on' ? "checked='checked'" : '' ;
map ($checked{$_} = $cgiparams{$_} eq 'on' ? "checked='checked'" : '',
('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
'DBG_DNS'));
&Header::showhttpheaders();
@@ -2440,10 +2444,7 @@ crypt:<input type='checkbox' name='DBG_CRYPT' $checked{'DBG_CRYPT'} />,&nbsp;
parsing:<input type='checkbox' name='DBG_PARSING' $checked{'DBG_PARSING'} />,&nbsp;
emitting:<input type='checkbox' name='DBG_EMITTING' $checked{'DBG_EMITTING'} />,&nbsp;
control:<input type='checkbox' name='DBG_CONTROL' $checked{'DBG_CONTROL'} />,&nbsp;
klips:<input type='checkbox' name='DBG_KLIPS' $checked{'DBG_KLIPS'} />,&nbsp;
dns:<input type='checkbox' name='DBG_DNS' $checked{'DBG_DNS'} />,&nbsp;
nat_t:<input type='checkbox' name='DBG_NAT_T' $checked{'DBG_NAT_T'} /></p>
dns:<input type='checkbox' name='DBG_DNS' $checked{'DBG_DNS'} />&nbsp;
<hr />
<table width='100%'>
<tr>