[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfire-scm
Subject: [IPFire-SCM] [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 96eddd7ef1606a0785c
From: git () ipfire ! org (Arne Fitzenreiter)
Date: 2011-06-26 13:17:51
Message-ID: 20110626131752.E8F362034E () argus ! ipfire ! org
[Download RAW message or body]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 96eddd7ef1606a0785c99be3141738184067da83 (commit)
via 4b4b895946d5366ebf091e7d6c3237512cc44063 (commit)
via 0d181206ca614936a3f8715e78baaf4850c6127b (commit)
via e2e4ed017c1e4eea4ebc14ec6196a6891ae550a7 (commit)
from 38ad04851347da66b36d2120254d7c93bf03f26f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 96eddd7ef1606a0785c99be3141738184067da83
Merge: 4b4b895 38ad048
Author: Arne Fitzenreiter <arne_f at ipfire.org>
Date: Sun Jun 26 15:17:30 2011 +0200
Merge branch 'next' of ssh://arne_f at git.ipfire.org/pub/git/ipfire-2.x into \
next
commit 4b4b895946d5366ebf091e7d6c3237512cc44063
Author: Arne Fitzenreiter <arne_f at ipfire.org>
Date: Sun Jun 26 15:16:32 2011 +0200
ipsec: change status display in cgi's for charon.
commit 0d181206ca614936a3f8715e78baaf4850c6127b
Author: Arne Fitzenreiter <arne_f at ipfire.org>
Date: Sun Jun 26 15:15:12 2011 +0200
ipsec: change ipsecctrl for status and reload of charon.
commit e2e4ed017c1e4eea4ebc14ec6196a6891ae550a7
Author: Arne Fitzenreiter <arne_f at ipfire.org>
Date: Sun Jun 26 11:13:58 2011 +0200
ipsec: add ikev1/v2 selectbox to switch from pluto to charon.
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/next/filelists/files | 4 ++++
html/cgi-bin/index.cgi | 4 +++-
html/cgi-bin/vpnmain.cgi | 28 +++++++++++++++++++++++++---
src/misc-progs/ipsecctrl.c | 2 ++
src/scripts/vpn-watch | 1 +
5 files changed, 35 insertions(+), 4 deletions(-)
Difference in files:
diff --git a/config/rootfiles/core/next/filelists/files \
b/config/rootfiles/core/next/filelists/files index 89c4631..18df107 100644
--- a/config/rootfiles/core/next/filelists/files
+++ b/config/rootfiles/core/next/filelists/files
@@ -1,7 +1,11 @@
etc/system-release
etc/issue
srv/web/ipfire/cgi-bin/extrahd.cgi
+srv/web/ipfire/cgi-bin/index.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
var/ipfire/langs/de.pl
var/ipfire/langs/en.pl
var/ipfire/langs/es.pl
var/ipfire/langs/fr.pl
+usr/local/bin/ipsecctrl
+usr/local/bin/vpn-watch
diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi
index 0dcadb0..32ae7ff 100644
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -369,7 +369,9 @@ END
$active = "<table cellpadding='2' cellspacing='0' \
bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font \
color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; } else {
foreach my $line (@status) {
- if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) {
+ if (($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) ||
+ ($line =~/ $confighash{$key}[1]\[.*ESTABLISHED/ ))
+ {
$active = "<table cellpadding='2' cellspacing='0' \
bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font \
color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>"; }
}
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 76b408d..c412480 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -395,8 +395,11 @@ sub writeipsecfiles {
print CONF "\tpfsgroup=$lconfighash{$key}[23]\n";
}
- # IKE V1
- print CONF "\tkeyexchange=ikev1\n";
+ # IKE V1 or V2
+ if (! $lconfighash{$key}[29]) {
+ $lconfighash{$key}[29] = "ikev1";
+ }
+ print CONF "\tkeyexchange=$lconfighash{$key}[29]\n";
# Lifetimes
print CONF "\tikelifetime=$lconfighash{$key}[16]h\n" if ($lconfighash{$key}[16]);
@@ -1288,6 +1291,7 @@ END
$cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
$cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
$cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27];
+ $cgiparams{'IKE_VERSION'} = $confighash{$cgiparams{'KEY'}}[29];
$cgiparams{'IKE_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[18];
$cgiparams{'IKE_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[19];
$cgiparams{'IKE_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[20];
@@ -1790,6 +1794,7 @@ END
$confighash{$key}[25] = $cgiparams{'REMARK'};
$confighash{$key}[26] = $cgiparams{'INTERFACE'};
$confighash{$key}[27] = $cgiparams{'DPD_ACTION'};
+ $confighash{$key}[29] = $cgiparams{'IKE_VERSION'};
#dont forget advanced value
$confighash{$key}[18] = $cgiparams{'IKE_ENCRYPTION'};
@@ -1845,6 +1850,11 @@ END
$cgiparams{'DPD_ACTION'} = 'restart';
}
+ # Default IKE Version to V1
+ if (! $cgiparams{'IKE_VERSION'}) {
+ $cgiparams{'IKE_VERSION'} = 'ikev1';
+ }
+
# Default is yes for 'pfs'
$cgiparams{'PFS'} = 'on';
@@ -1895,6 +1905,10 @@ END
$selected{'DPD_ACTION'}{'restart'} = '';
$selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
+ $selected{'IKE_VERSION'}{'ikev1'} = '';
+ $selected{'IKE_VERSION'}{'ikev2'} = '';
+ $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'";
+
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -1974,6 +1988,12 @@ END
<td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
</tr><tr>
</tr><td><br /></td><tr>
+ <td>$Lang::tr{'ike version'}:</td>
+ <td><select name='IKE_VERSION'>
+ <option value='ikev1' $selected{'IKE_VERSION'}{'ikev1'}>IKEv1</option>
+ <option value='ikev2' $selected{'IKE_VERSION'}{'ikev2'}>IKEv2</option>
+ </select></a>
+ </td>
<td>$Lang::tr{'dpd action'}:</td>
<td><select name='DPD_ACTION'>
<option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
@@ -2519,7 +2539,9 @@ END
# get real state
my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' \
width='100%'><tr><td align='center'><b><font \
color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; foreach my \
$line (@status) {
- if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) {
+ if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) ||
+ ($line =~ / $confighash{$key}[1]\[.*ESTABLISHED/))
+ {
$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' \
width='100%'><tr><td align='center'><b><font \
color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>"; }
}
diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index 51f6b5a..ae38996 100644
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -178,11 +178,13 @@ int main(int argc, char *argv[]) {
if (strcmp(argv[1], "I") == 0) {
safe_system("/usr/sbin/ipsec whack --status");
+ safe_system("/usr/sbin/ipsec stroke status");
exit(0);
}
if (strcmp(argv[1], "R") == 0) {
safe_system("/usr/sbin/ipsec whack --rereadall >/dev/null");
+ safe_system("/usr/sbin/ipsec stroke rereadall >/dev/null");
exit(0);
}
diff --git a/src/scripts/vpn-watch b/src/scripts/vpn-watch
index af646ad..2bd5168 100755
--- a/src/scripts/vpn-watch
+++ b/src/scripts/vpn-watch
@@ -43,6 +43,7 @@ my $status = `ipsec whack --status`;
foreach (@vpnsettings){
my @settings = split(/,/,$_);
+ if ($settings[30] eq 'ikev2'){next;}
if ($settings[27] ne 'RED'){next;}
if ($settings[4] ne 'net'){next;}
if ($settings[1] ne 'on'){next;}chomp($settings[29]);
hooks/post-receive
--
IPFire 2.x development tree
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic