From dcb406cc675c42f9add4a41c8a1e07eea7c3ab08 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 15 Feb 2017 10:11:58 +0000 Subject: [PATCH] IPsec: Allow to create on-demand connections This will create IPsec VPN connections with auto=route set instead of auto=start which will cause the connection being created, but not brought up yet. As soon as the first packet is received, the connection will be established and data will be passed through it. This allows IPFire to handle more VPN connections on weaker systems and avoids negotiating many connections which are rarely used. Suggested-by: Tom Rymes Signed-off-by: Michael Tremer Fixes: #10733 --- doc/language_issues.es | 3 +++ doc/language_issues.fr | 3 +++ doc/language_issues.it | 3 +++ doc/language_issues.nl | 3 +++ doc/language_issues.pl | 3 +++ doc/language_issues.ru | 3 +++ doc/language_issues.tr | 3 +++ doc/language_missings | 12 +++++++++++ html/cgi-bin/vpnmain.cgi | 43 +++++++++++++++++++++++++++++----------- langs/de/cgi-bin/de.pl | 3 +++ langs/en/cgi-bin/en.pl | 3 +++ 11 files changed, 70 insertions(+), 12 deletions(-) diff --git a/doc/language_issues.es b/doc/language_issues.es index 60ba499c9..36d4a8211 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1144,6 +1144,9 @@ WARNING: untranslated string: vendor WARNING: untranslated string: visit us at WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 863b5291a..b21c33851 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -1161,6 +1161,9 @@ WARNING: untranslated string: vendor WARNING: untranslated string: visit us at WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.it b/doc/language_issues.it index 6efef40f4..e7230280f 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -819,6 +819,9 @@ WARNING: untranslated string: unblock WARNING: untranslated string: unblock all WARNING: untranslated string: uncheck all WARNING: untranslated string: vpn force mobike +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.nl b/doc/language_issues.nl index c9b10dcd6..22a893437 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -867,6 +867,9 @@ WARNING: untranslated string: uncheck all WARNING: untranslated string: upload dh key WARNING: untranslated string: vendor WARNING: untranslated string: vpn force mobike +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 60ba499c9..36d4a8211 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1144,6 +1144,9 @@ WARNING: untranslated string: vendor WARNING: untranslated string: visit us at WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 255df2f68..fc727d607 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1139,6 +1139,9 @@ WARNING: untranslated string: vendor WARNING: untranslated string: visit us at WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 8cf2dfe11..59c904657 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -752,4 +752,7 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: vpn start action +WARNING: untranslated string: vpn start action route +WARNING: untranslated string: vpn start action start WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_missings b/doc/language_missings index 32e1e48ec..49def615f 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -561,6 +561,9 @@ < vendor < visit us at < vpn keyexchange +< vpn start action +< vpn start action route +< vpn start action start < vpn statistic n2n < vpn statistic rw < wlanap access point @@ -1175,6 +1178,9 @@ < vendor < visit us at < vpn keyexchange +< vpn start action +< vpn start action route +< vpn start action start < vpn statistic n2n < vpn statistic rw < wlanap country @@ -1754,6 +1760,9 @@ < vendor < visit us at < vpn keyexchange +< vpn start action +< vpn start action route +< vpn start action start < vpn statistic n2n < vpn statistic rw < wlanap country @@ -2338,6 +2347,9 @@ < vendor < visit us at < vpn keyexchange +< vpn start action +< vpn start action route +< vpn start action start < vpn statistic n2n < vpn statistic rw < week-graph diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index f1cffb884..b6469c03c 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -108,6 +108,7 @@ $cgiparams{'RW_NET'} = ''; $cgiparams{'DPD_DELAY'} = '30'; $cgiparams{'DPD_TIMEOUT'} = '120'; $cgiparams{'FORCE_MOBIKE'} = 'off'; +$cgiparams{'START_ACTION'} = 'start'; &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); ### @@ -401,12 +402,17 @@ sub writeipsecfiles { print CONF "\trightrsasigkey=%cert\n"; } + my $start_action = $lconfighash{$key}[33]; + if (!$start_action) { + $start_action = "start"; + } + # Automatically start only if a net-to-net connection if ($lconfighash{$key}[3] eq 'host') { print CONF "\tauto=add\n"; print CONF "\trightsourceip=$lvpnsettings{'RW_NET'}\n"; } else { - print CONF "\tauto=start\n"; + print CONF "\tauto=$start_action\n"; } # Fragmentation @@ -1778,7 +1784,7 @@ END my $key = $cgiparams{'KEY'}; if (! $key) { $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 32) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 33) { $confighash{$key}[$i] = "";} } $confighash{$key}[0] = $cgiparams{'ENABLED'}; $confighash{$key}[1] = $cgiparams{'NAME'}; @@ -2256,6 +2262,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'}; $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'}; $confighash{$cgiparams{'KEY'}}[32] = $cgiparams{'FORCE_MOBIKE'}; + $confighash{$cgiparams{'KEY'}}[33] = $cgiparams{'START_ACTION'}; &General::writehasharray("${General::swroot}/vpn/config", \%confighash); &writeipsecfiles(); if (&vpnenabled) { @@ -2283,6 +2290,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30]; $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31]; $cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32]; + $cgiparams{'START_ACTION'} = $confighash{$cgiparams{'KEY'}}[33]; if (!$cgiparams{'DPD_DELAY'}) { $cgiparams{'DPD_DELAY'} = 30; @@ -2291,6 +2299,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || if (!$cgiparams{'DPD_TIMEOUT'}) { $cgiparams{'DPD_TIMEOUT'} = 120; } + + if (!$cgiparams{'START_ACTION'}) { + $cgiparams{'START_ACTION'} = "start"; + } } ADVANCED_ERROR: @@ -2387,6 +2399,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $selected{'DPD_ACTION'}{'none'} = ''; $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'"; + $selected{'START_ACTION'}{'route'} = ''; + $selected{'START_ACTION'}{'start'} = ''; + $selected{'START_ACTION'}{$cgiparams{'START_ACTION'}} = "selected='selected'"; + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'ipsec'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -2406,7 +2422,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || } &Header::openbox('100%', 'left', "$Lang::tr{'advanced'}:"); - print < @@ -2599,9 +2615,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || IKE+ESP: $Lang::tr{'use only proposed settings'} + + + + - +