From 234e7e27ea7da8693510fca3be96cb1f2b956834 Mon Sep 17 00:00:00 2001
From: vnxme <46669194+vnxme@users.noreply.github.com>
Date: Fri, 21 Feb 2020 15:06:14 +0300
Subject: [PATCH 1/3] IPsec: add virtual IPv6 pool for mobile clients
This commit deals with ipsec.conf file drafting. In terms of mobile clients option 'rightsourceip' now may be:
1) empty if no pools are configured;
2) %pool_address%/%pool_netbits% for an IPv4 only option;
3) %pool_address_v6%/%pool_netbits_v6% for an IPv6 only option;
4) %pool_address%/%pool_netbits%,%pool_address_v6%/%pool_netbits_v6% for a dual stack option.
---
src/etc/inc/plugins.inc.d/ipsec.inc | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
index cf139cb1b..3f6e6ed56 100644
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -1349,8 +1349,15 @@ function ipsec_configure_do($verbose = false, $interface = '')
}
$rightsourceip = null;
- if (!empty($a_client['pool_address']) && isset($ph1ent['mobile'])) {
- $rightsourceip = "\trightsourceip = {$a_client['pool_address']}/{$a_client['pool_netbits']}\n";
+ if (isset($ph1ent['mobile']) && (!empty($a_client['pool_address']) || !empty($a_client['pool_address_v6']))) {
+ $rightsourceip = "\trightsourceip = ";
+ if (!empty($a_client['pool_address'])) {
+ $rightsourceip .= "{$a_client['pool_address']}/{$a_client['pool_netbits']}";
+ }
+ if (!empty($a_client['pool_address_v6'])) {
+ $rightsourceip .= (!empty($a_client['pool_address']) ? "," : "")."{$a_client['pool_address_v6']}/{$a_client['pool_netbits_v6']}";
+ }
+ $rightsourceip .= "\n";
}
$authentication = "";
From c967707cbcaac3102a4d9e9974f22844fab36f8f Mon Sep 17 00:00:00 2001
From: vnxme <46669194+vnxme@users.noreply.github.com>
Date: Fri, 21 Feb 2020 15:23:36 +0300
Subject: [PATCH 2/3] IPsec: add virtual IPv6 pool for mobile clients
This commit deals with mobile IPsec web UI. The changes include:
- define and copy fileds related to IPv6 configuration (match changes made in ipsec.inc) - L39 and L144;
- set the default value for IPv6 netbits to 64 - L51;
- adjust PHP form validation to match IPv6 controls - L104-105;
- adjust JS magic to match IPv6 controls - L197 and L216-226;
- adjust text related to IPv4 pool configuration (added 'IPv4' word to make it look consistent) - L406-425 and L101;
- create a new row with a check box, an input box and a drop-down box for IPv6 pool configuration - L426-445.
---
src/www/vpn_ipsec_mobile.php | 81 ++++++++++++++++++++++++++----------
1 file changed, 59 insertions(+), 22 deletions(-)
diff --git a/src/www/vpn_ipsec_mobile.php b/src/www/vpn_ipsec_mobile.php
index e25a6ffa0..8b584cdc7 100644
--- a/src/www/vpn_ipsec_mobile.php
+++ b/src/www/vpn_ipsec_mobile.php
@@ -36,7 +36,7 @@ config_read_array('ipsec', 'client');
config_read_array('ipsec', 'phase1');
// define formfields
-$form_fields = "user_source,local_group,pool_address,pool_netbits,net_list
+$form_fields = "user_source,local_group,pool_address,pool_netbits,pool_address_v6,pool_netbits_v6,net_list
,save_passwd,dns_domain,dns_split,dns_server1,dns_server2,dns_server3
,dns_server4,wins_server1,wins_server2,pfs_group,login_banner";
@@ -48,6 +48,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array();
// defaults
$pconfig['pool_netbits'] = 24;
+ $pconfig['pool_netbits_v6'] = 64;
// copy / initialize $pconfig attributes
foreach (explode(",", $form_fields) as $fieldname) {
@@ -97,7 +98,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if (!empty($pconfig['pool_address']) && !is_ipaddr($pconfig['pool_address'])) {
- $input_errors[] = gettext("A valid IP address for 'Virtual Address Pool Network' must be specified.");
+ $input_errors[] = gettext("A valid IPv4 address for 'Virtual IPv4 Address Pool Network' must be specified.");
+ }
+
+ if (!empty($pconfig['pool_address_v6']) && !is_ipaddr($pconfig['pool_address_v6'])) {
+ $input_errors[] = gettext("A valid IPv6 address for 'Virtual IPv6 Address Pool Network' must be specified.");
}
if (!empty($pconfig['dns_domain']) && !is_domain($pconfig['dns_domain'])) {
@@ -136,7 +141,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (count($input_errors) == 0) {
$client = array();
- $copy_fields = "user_source,local_group,pool_address,pool_netbits,dns_domain,dns_server1
+ $copy_fields = "user_source,local_group,pool_address,pool_netbits,pool_address_v6,pool_netbits_v6,dns_domain,dns_server1
,dns_server2,dns_server3,dns_server4,wins_server1,wins_server2
,dns_split,pfs_group,login_banner";
foreach (explode(",", $copy_fields) as $fieldname) {
@@ -189,6 +194,7 @@ include("head.inc");
// $auth_server) : ?>
| |
- | |
-
- onclick="pool_change()" />
-
-
-
-
-
- |
-
+ |
+
+ onclick="pool_change()" />
+
+
+
+
+
+ |
+
+
+ | |
+
+ onclick="pool_v6_change()" />
+
+
+
+
+
+ |
+
| |
From f9be0bb5fa126c0015038c043e8dbe02fe68fdab Mon Sep 17 00:00:00 2001
From: Ad Schellevis
Date: Fri, 21 Feb 2020 18:24:43 +0100
Subject: [PATCH 3/3] stylesweep https://github.com/opnsense/core/pull/3949
---
src/etc/inc/plugins.inc.d/ipsec.inc | 6 ++-
src/www/vpn_ipsec_mobile.php | 74 ++++++++++++++---------------
2 files changed, 40 insertions(+), 40 deletions(-)
diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
index 3f6e6ed56..5bcdcbd9b 100644
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -1349,13 +1349,15 @@ function ipsec_configure_do($verbose = false, $interface = '')
}
$rightsourceip = null;
- if (isset($ph1ent['mobile']) && (!empty($a_client['pool_address']) || !empty($a_client['pool_address_v6']))) {
+ if (isset($ph1ent['mobile']) &&
+ (!empty($a_client['pool_address']) || !empty($a_client['pool_address_v6']))) {
$rightsourceip = "\trightsourceip = ";
if (!empty($a_client['pool_address'])) {
$rightsourceip .= "{$a_client['pool_address']}/{$a_client['pool_netbits']}";
}
if (!empty($a_client['pool_address_v6'])) {
- $rightsourceip .= (!empty($a_client['pool_address']) ? "," : "")."{$a_client['pool_address_v6']}/{$a_client['pool_netbits_v6']}";
+ $rightsourceip .= (!empty($a_client['pool_address']) ? "," : "");
+ $rightsourceip .= "{$a_client['pool_address_v6']}/{$a_client['pool_netbits_v6']}";
}
$rightsourceip .= "\n";
}
diff --git a/src/www/vpn_ipsec_mobile.php b/src/www/vpn_ipsec_mobile.php
index 8b584cdc7..2dea8d0f9 100644
--- a/src/www/vpn_ipsec_mobile.php
+++ b/src/www/vpn_ipsec_mobile.php
@@ -404,45 +404,43 @@ foreach ($auth_servers as $auth_key => $auth_server) : ?>
| |
|
- | |
-
- onclick="pool_change()" />
-
-
-
-
-
- |
-
+ |
+
+ onclick="pool_change()" />
+
+
+
+
+
+ |
+
- | |
-
- onclick="pool_v6_change()" />
-
-
-
-
-
- |
-
+ |
+
+ onclick="pool_v6_change()" />
+
+
+
+
+
+ |
+
| |
|