mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
IPsec: Allow to create on-demand connections
This will create IPsec VPN connections with auto=route set instead of auto=start which will cause the connection being created, but not brought up yet. As soon as the first packet is received, the connection will be established and data will be passed through it. This allows IPFire to handle more VPN connections on weaker systems and avoids negotiating many connections which are rarely used. Suggested-by: Tom Rymes <tomvend@rymes.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Fixes: #10733
This commit is contained in:
Michael Tremer
@@ -1144,6 +1144,9 @@ WARNING: untranslated string: vendor
|
||||
WARNING: untranslated string: visit us at
|
||||
WARNING: untranslated string: vpn force mobike
|
||||
WARNING: untranslated string: vpn keyexchange
|
||||
WARNING: untranslated string: vpn start action
|
||||
WARNING: untranslated string: vpn start action route
|
||||
WARNING: untranslated string: vpn start action start
|
||||
WARNING: untranslated string: vpn statistic n2n
|
||||
WARNING: untranslated string: vpn statistic rw
|
||||
WARNING: untranslated string: vpn statistics n2n
|
||||
|
||||
@@ -1161,6 +1161,9 @@ WARNING: untranslated string: vendor
|
||||
WARNING: untranslated string: visit us at
|
||||
WARNING: untranslated string: vpn force mobike
|
||||
WARNING: untranslated string: vpn keyexchange
|
||||
WARNING: untranslated string: vpn start action
|
||||
WARNING: untranslated string: vpn start action route
|
||||
WARNING: untranslated string: vpn start action start
|
||||
WARNING: untranslated string: vpn statistic n2n
|
||||
WARNING: untranslated string: vpn statistic rw
|
||||
WARNING: untranslated string: vpn statistics n2n
|
||||
|
||||
@@ -819,6 +819,9 @@ WARNING: untranslated string: unblock
|
||||
WARNING: untranslated string: unblock all
|
||||
WARNING: untranslated string: uncheck all
|
||||
WARNING: untranslated string: vpn force mobike
|
||||
WARNING: untranslated string: vpn start action
|
||||
WARNING: untranslated string: vpn start action route
|
||||
WARNING: untranslated string: vpn start action start
|
||||
WARNING: untranslated string: vpn statistic n2n
|
||||
WARNING: untranslated string: vpn statistic rw
|
||||
WARNING: untranslated string: vpn statistics n2n
|
||||
|
||||
@@ -867,6 +867,9 @@ WARNING: untranslated string: uncheck all
|
||||
WARNING: untranslated string: upload dh key
|
||||
WARNING: untranslated string: vendor
|
||||
WARNING: untranslated string: vpn force mobike
|
||||
WARNING: untranslated string: vpn start action
|
||||
WARNING: untranslated string: vpn start action route
|
||||
WARNING: untranslated string: vpn start action start
|
||||
WARNING: untranslated string: vpn statistic n2n
|
||||
WARNING: untranslated string: vpn statistic rw
|
||||
WARNING: untranslated string: vpn statistics n2n
|
||||
|
||||
@@ -1144,6 +1144,9 @@ WARNING: untranslated string: vendor
|
||||
WARNING: untranslated string: visit us at
|
||||
WARNING: untranslated string: vpn force mobike
|
||||
WARNING: untranslated string: vpn keyexchange
|
||||
WARNING: untranslated string: vpn start action
|
||||
WARNING: untranslated string: vpn start action route
|
||||
WARNING: untranslated string: vpn start action start
|
||||
WARNING: untranslated string: vpn statistic n2n
|
||||
WARNING: untranslated string: vpn statistic rw
|
||||
WARNING: untranslated string: vpn statistics n2n
|
||||
|
||||
@@ -1139,6 +1139,9 @@ WARNING: untranslated string: vendor
|
||||
WARNING: untranslated string: visit us at
|
||||
WARNING: untranslated string: vpn force mobike
|
||||
WARNING: untranslated string: vpn keyexchange
|
||||
WARNING: untranslated string: vpn start action
|
||||
WARNING: untranslated string: vpn start action route
|
||||
WARNING: untranslated string: vpn start action start
|
||||
WARNING: untranslated string: vpn statistic n2n
|
||||
WARNING: untranslated string: vpn statistic rw
|
||||
WARNING: untranslated string: vpn statistics n2n
|
||||
|
||||
@@ -752,4 +752,7 @@ WARNING: untranslated string: route config changed
|
||||
WARNING: untranslated string: routing config added
|
||||
WARNING: untranslated string: routing config changed
|
||||
WARNING: untranslated string: routing table
|
||||
WARNING: untranslated string: vpn start action
|
||||
WARNING: untranslated string: vpn start action route
|
||||
WARNING: untranslated string: vpn start action start
|
||||
WARNING: untranslated string: vpn statistics n2n
|
||||
|
||||
@@ -561,6 +561,9 @@
|
||||
< vendor
|
||||
< visit us at
|
||||
< vpn keyexchange
|
||||
< vpn start action
|
||||
< vpn start action route
|
||||
< vpn start action start
|
||||
< vpn statistic n2n
|
||||
< vpn statistic rw
|
||||
< wlanap access point
|
||||
@@ -1175,6 +1178,9 @@
|
||||
< vendor
|
||||
< visit us at
|
||||
< vpn keyexchange
|
||||
< vpn start action
|
||||
< vpn start action route
|
||||
< vpn start action start
|
||||
< vpn statistic n2n
|
||||
< vpn statistic rw
|
||||
< wlanap country
|
||||
@@ -1754,6 +1760,9 @@
|
||||
< vendor
|
||||
< visit us at
|
||||
< vpn keyexchange
|
||||
< vpn start action
|
||||
< vpn start action route
|
||||
< vpn start action start
|
||||
< vpn statistic n2n
|
||||
< vpn statistic rw
|
||||
< wlanap country
|
||||
@@ -2338,6 +2347,9 @@
|
||||
< vendor
|
||||
< visit us at
|
||||
< vpn keyexchange
|
||||
< vpn start action
|
||||
< vpn start action route
|
||||
< vpn start action start
|
||||
< vpn statistic n2n
|
||||
< vpn statistic rw
|
||||
< week-graph
|
||||
|
||||
@@ -108,6 +108,7 @@ $cgiparams{'RW_NET'} = '';
|
||||
$cgiparams{'DPD_DELAY'} = '30';
|
||||
$cgiparams{'DPD_TIMEOUT'} = '120';
|
||||
$cgiparams{'FORCE_MOBIKE'} = 'off';
|
||||
$cgiparams{'START_ACTION'} = 'start';
|
||||
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
|
||||
|
||||
###
|
||||
@@ -401,12 +402,17 @@ sub writeipsecfiles {
|
||||
print CONF "\trightrsasigkey=%cert\n";
|
||||
}
|
||||
|
||||
my $start_action = $lconfighash{$key}[33];
|
||||
if (!$start_action) {
|
||||
$start_action = "start";
|
||||
}
|
||||
|
||||
# Automatically start only if a net-to-net connection
|
||||
if ($lconfighash{$key}[3] eq 'host') {
|
||||
print CONF "\tauto=add\n";
|
||||
print CONF "\trightsourceip=$lvpnsettings{'RW_NET'}\n";
|
||||
} else {
|
||||
print CONF "\tauto=start\n";
|
||||
print CONF "\tauto=$start_action\n";
|
||||
}
|
||||
|
||||
# Fragmentation
|
||||
@@ -1778,7 +1784,7 @@ END
|
||||
my $key = $cgiparams{'KEY'};
|
||||
if (! $key) {
|
||||
$key = &General::findhasharraykey (\%confighash);
|
||||
foreach my $i (0 .. 32) { $confighash{$key}[$i] = "";}
|
||||
foreach my $i (0 .. 33) { $confighash{$key}[$i] = "";}
|
||||
}
|
||||
$confighash{$key}[0] = $cgiparams{'ENABLED'};
|
||||
$confighash{$key}[1] = $cgiparams{'NAME'};
|
||||
@@ -2256,6 +2262,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
|
||||
$confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'};
|
||||
$confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'};
|
||||
$confighash{$cgiparams{'KEY'}}[32] = $cgiparams{'FORCE_MOBIKE'};
|
||||
$confighash{$cgiparams{'KEY'}}[33] = $cgiparams{'START_ACTION'};
|
||||
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
|
||||
&writeipsecfiles();
|
||||
if (&vpnenabled) {
|
||||
@@ -2283,6 +2290,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
|
||||
$cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
|
||||
$cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
|
||||
$cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32];
|
||||
$cgiparams{'START_ACTION'} = $confighash{$cgiparams{'KEY'}}[33];
|
||||
|
||||
if (!$cgiparams{'DPD_DELAY'}) {
|
||||
$cgiparams{'DPD_DELAY'} = 30;
|
||||
@@ -2291,6 +2299,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
|
||||
if (!$cgiparams{'DPD_TIMEOUT'}) {
|
||||
$cgiparams{'DPD_TIMEOUT'} = 120;
|
||||
}
|
||||
|
||||
if (!$cgiparams{'START_ACTION'}) {
|
||||
$cgiparams{'START_ACTION'} = "start";
|
||||
}
|
||||
}
|
||||
|
||||
ADVANCED_ERROR:
|
||||
@@ -2387,6 +2399,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
|
||||
$selected{'DPD_ACTION'}{'none'} = '';
|
||||
$selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
|
||||
|
||||
$selected{'START_ACTION'}{'route'} = '';
|
||||
$selected{'START_ACTION'}{'start'} = '';
|
||||
$selected{'START_ACTION'}{$cgiparams{'START_ACTION'}} = "selected='selected'";
|
||||
|
||||
&Header::showhttpheaders();
|
||||
&Header::openpage($Lang::tr{'ipsec'}, 1, '');
|
||||
&Header::openbigbox('100%', 'left', '', $errormessage);
|
||||
@@ -2406,7 +2422,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
|
||||
}
|
||||
|
||||
&Header::openbox('100%', 'left', "$Lang::tr{'advanced'}:");
|
||||
print <<EOF
|
||||
print <<EOF;
|
||||
<form method='post' enctype='multipart/form-data' action='$ENV{'SCRIPT_NAME'}'>
|
||||
<input type='hidden' name='ADVANCED' value='yes' />
|
||||
<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
|
||||
@@ -2599,9 +2615,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
|
||||
IKE+ESP: $Lang::tr{'use only proposed settings'}
|
||||
</label>
|
||||
</td>
|
||||
<td>
|
||||
<label>$Lang::tr{'vpn start action'}</label>
|
||||
<select name="START_ACTION">
|
||||
<option value="route" $selected{'START_ACTION'}{'route'}>$Lang::tr{'vpn start action route'}</option>
|
||||
<option value="start" $selected{'START_ACTION'}{'start'}>$Lang::tr{'vpn start action start'}</option>
|
||||
</select>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<td colspan="2">
|
||||
<label>
|
||||
<input type='checkbox' name='PFS' $checked{'PFS'} />
|
||||
$Lang::tr{'pfs yes no'}
|
||||
@@ -2609,7 +2632,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<td colspan="2">
|
||||
<label>
|
||||
<input type='checkbox' name='COMPRESSION' $checked{'COMPRESSION'} />
|
||||
$Lang::tr{'vpn payload compression'}
|
||||
@@ -2617,20 +2640,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<td colspan="2">
|
||||
<label>
|
||||
<input type='checkbox' name='FORCE_MOBIKE' $checked{'FORCE_MOBIKE'} />
|
||||
$Lang::tr{'vpn force mobike'}
|
||||
</label>
|
||||
</td>
|
||||
</tr>
|
||||
EOF
|
||||
;
|
||||
|
||||
print <<EOF;
|
||||
<tr>
|
||||
<td align='left' colspan='1'><img src='/blob.gif' align='top' alt='*' /> $Lang::tr{'required field'}</td>
|
||||
<td align='right' colspan='2'>
|
||||
<td align='left'><img src='/blob.gif' align='top' alt='*' /> $Lang::tr{'required field'}</td>
|
||||
<td align='right'>
|
||||
<input type='submit' name='ACTION' value='$Lang::tr{'save'}' />
|
||||
<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' />
|
||||
</td>
|
||||
|
||||
@@ -2618,6 +2618,9 @@
|
||||
'vpn payload compression' => 'Datennutzlast-Kompression aushandeln',
|
||||
'vpn red name' => 'Öffentliche IP oder FQDN für das rote Interface oder <%defaultroute>',
|
||||
'vpn remote id' => 'Remote ID',
|
||||
'vpn start action' => 'Startaktion',
|
||||
'vpn start action route' => 'On Demand',
|
||||
'vpn start action start' => 'Immer An',
|
||||
'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
|
||||
'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
|
||||
'vpn subjectaltname' => 'Subjekt Alternativer Name',
|
||||
|
||||
@@ -2663,6 +2663,9 @@
|
||||
'vpn payload compression' => 'Negotiate payload compression',
|
||||
'vpn red name' => 'Public IP or FQDN for RED interface or <%defaultroute>',
|
||||
'vpn remote id' => 'Remote ID',
|
||||
'vpn start action' => 'Start Action',
|
||||
'vpn start action route' => 'On Demand',
|
||||
'vpn start action start' => 'Always On',
|
||||
'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
|
||||
'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
|
||||
'vpn subjectaltname' => 'Subject Alt Name',
|
||||
|
||||
Reference in New Issue
Block a user