lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 10:04:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipsec, add phase2 dh groups for https://github.com/opnsense/core/issues/2335

Browse Source
This commit is contained in:
Ad Schellevis 2018-04-07 14:43:14 +02:00
parent 3c3628ca99
commit 28d0816229
4 changed files with 55 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/etc/inc/plugins.inc.d/ipsec.inc
View File

@ -99,18 +99,6 @@ $p2_protos = array(
'ah' => 'AH'
);
$p2_pfskeygroups = array(
0 => 'off',
1 => '1 (768 bit)',
2 => '2 (1024 bit)',
5 => '5 (1536 bit)',
14 => '14 (2048 bit)',
15 => '15 (3072 bit)',
16 => '16 (4096 bit)',
17 => '17 (6144 bit)',
18 => '18 (8192 bit)'
);
function ipsec_configure()
{
return array(

39
src/www/vpn_ipsec.php
View File

@ -186,6 +186,22 @@ legacy_html_escape_form_data($a_phase2);
$service_hook = 'ipsec';
include("head.inc");
$dhgroups = array(
1 => '1 (768 bits)',
2 => '2 (1024 bits)',
5 => '5 (1536 bits)',
14 => '14 (2048 bits)',
15 => '15 (3072 bits)',
16 => '16 (4096 bits)',
17 => '17 (6144 bits)',
18 => '18 (8192 bits)',
19 => '19 (256 bit elliptic curve)',
20 => '20 (384 bit elliptic curve)',
21 => '21 (521 bit elliptic curve)',
22 => '22 (1024(sub 160) bits)',
23 => '23 (2048(sub 224) bits)',
24 => '24 (2048(sub 256) bits)'
);
?>
<body>
@ -399,26 +415,7 @@ $( document ).ready(function() {
}?> +
<?=strtoupper($ph1ent['hash-algorithm']);?> +
<?php
$p1_dhgroups = array(
1 => '1 (768&nbsp;bits)',
2 => '2 (1024&nbsp;bits)',
5 => '5 (1536&nbsp;bits)',
14 => '14 (2048&nbsp;bits)',
15 => '15 (3072&nbsp;bits)',
16 => '16 (4096&nbsp;bits)',
17 => '17 (6144&nbsp;bits)',
18 => '18 (8192&nbsp;bits)',
19 => '19 (256&nbsp;bit&nbsp;elliptic&nbsp;curve)',
20 => '20 (384&nbsp;bit&nbsp;elliptic&nbsp;curve)',
21 => '21 (521&nbsp;bit&nbsp;elliptic&nbsp;curve)',
22 => '22 (1024(sub 160)&nbsp;bits)',
23 => '23 (2048(sub 224)&nbsp;bits)',
24 => '24 (2048(sub 256)&nbsp;bits)'
);
?>
<?=gettext("DH Group"); ?>&nbsp;<?=$p1_dhgroups[$ph1ent['dhgroup']];?>
<?=gettext("DH Group"); ?>&nbsp;<?=$dhgroups[$ph1ent['dhgroup']];?>
</td>
<td class="hidden-xs">
<?= html_safe($p1_authentication_methods[$ph1ent['authentication_method']]['name']) ?>
@ -548,7 +545,7 @@ $( document ).ready(function() {
</td>
<?php
if (isset($ph2ent['pfsgroup'])): ?>
<td class="hidden-xs"><?=gettext("Group"); ?> <?=$p2_pfskeygroups[$ph2ent['pfsgroup']];?> </td>
<td class="hidden-xs"><?=gettext("Group"); ?> <?=$dhgroups[$ph2ent['pfsgroup']];?> </td>
<?php
else: ?>
<td class="hidden-xs"><?=gettext("off"); ?></td>

20
src/www/vpn_ipsec_mobile.php
View File

@ -504,8 +504,24 @@ endfor; ?>
<input name="pfs_group_enable" type="checkbox" id="pfs_group_enable" value="yes" <?= !empty($pconfig['pfs_group']) ? "checked=\"checked\"" : "";?> onclick="pfs_group_change()" />
<select name="pfs_group" class="form-control" id="pfs_group">
<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname) :
?>
<?php
$p2_dhgroups = array(
1 => '1 (768 bit)',
2 => '2 (1024 bit)',
5 => '5 (1536 bit)',
14 => '14 (2048 bit)',
15 => '15 (3072 bit)',
16 => '16 (4096 bit)',
17 => '17 (6144 bit)',
18 => '18 (8192 bit)',
19 => '19 (256 bit elliptic curve)',
20 => '20 (384 bit elliptic curve)',
21 => '21 (521 bit elliptic curve)',
22 => '22 (1024(sub 160) bit)',
23 => '23 (2048(sub 224) bit)',
24 => '24 (2048(sub 256) bit)'
);
foreach ($p2_dhgroups as $keygroup => $keygroupname) :?>
<option value="<?=$keygroup;
?>" <?= $pconfig['pfs_group'] == $keygroup ? "selected=\"selected\"" : "" ; ?>>
<?=$keygroupname;?>

21
src/www/vpn_ipsec_phase2.php
View File

@ -145,7 +145,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
// initialize form data
$pconfig = array();
$phase2_fields = "ikeid,mode,descr,uniqid,proto,hash-algorithm-option,pfsgroup,pfsgroup,lifetime,pinghost,protocol,spd";
$phase2_fields = "ikeid,mode,descr,uniqid,proto,hash-algorithm-option,pfsgroup,lifetime,pinghost,protocol,spd";
if ($p2index !== null) {
// 1-on-1 copy
foreach (explode(",", $phase2_fields) as $fieldname) {
@ -673,7 +673,24 @@ endif; ?>
if (!isset($pconfig['mobile']) || !isset($config['ipsec']['client']['pfs_group'])) :?>
<select name="pfsgroup">
<?php
foreach ($p2_pfskeygroups as $keygroup => $keygroupname) :?>
$p2_dhgroups = array(
1 => '1 (768 bit)',
2 => '2 (1024 bit)',
5 => '5 (1536 bit)',
14 => '14 (2048 bit)',
15 => '15 (3072 bit)',
16 => '16 (4096 bit)',
17 => '17 (6144 bit)',
18 => '18 (8192 bit)',
19 => '19 (256 bit elliptic curve)',
20 => '20 (384 bit elliptic curve)',
21 => '21 (521 bit elliptic curve)',
22 => '22 (1024(sub 160) bit)',
23 => '23 (2048(sub 224) bit)',
24 => '24 (2048(sub 256) bit)'
);
foreach ($p2_dhgroups as $keygroup => $keygroupname) :?>
<option value="<?=$keygroup;?>" <?= $keygroup == $pconfig['pfsgroup'] ? "selected=\"selected\"" : "";?>>
<?=$keygroupname;?>
</option>