lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 09:04:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

VPN / IPSec / Tunnel settings - work in progress for https://github.com/opnsense/core/issues/5279

Browse Source 
o add boilerplate for phase2 search action
o change disable to enable status and hook standard toggle widget
o uniform formatters
This commit is contained in:
Ad Schellevis 2021-10-25 19:27:33 +02:00
parent f0ae569477
commit c29aa1e3c1
2 changed files with 112 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/TunnelController.php
View File

@ -86,6 +86,31 @@ class TunnelController extends ApiControllerBase
*/
public function searchPhase1Action()
{
$ph1type = ['ikev1' => 'IKE', 'ikev2' => 'IKEv2', 'ike' => 'auto'];
$ph1algos = [
'aes' => 'AES',
'aes128gcm16' => '128 bit AES-GCM with 128 bit ICV',
'aes192gcm16' => '192 bit AES-GCM with 128 bit ICV',
'aes256gcm16' => '256 bit AES-GCM with 128 bit ICV',
'camellia' => 'Camellia',
'blowfish' => 'Blowfish',
'3des' => '3DES',
'cast128' => 'CAST128',
'des' => 'DES'
];
$ph1authmethos = [
'hybrid_rsa_server' => 'Hybrid RSA + Xauth',
'xauth_rsa_server' => 'Mutual RSA + Xauth',
'xauth_psk_server' => 'Mutual PSK + Xauth',
'eap-tls' => 'EAP-TLS',
'psk_eap-tls' => 'RSA (local) + EAP-TLS (remote)',
'eap-mschapv2' => 'EAP-MSCHAPV2',
'rsa_eap-mschapv2' => 'Mutual RSA + EAP-MSCHAPV2',
'eap-radius' => 'EAP-RADIUS',
'rsasig' => 'Mutual RSA',
'pubkey' => 'Mutual Public Key',
'pre_shared_key' => 'Mutual PSK'
];
$items = [];
$this->sessionClose();
$config = Config::getInstance()->object();
@ -109,31 +134,6 @@ class TunnelController extends ApiControllerBase
}
foreach ($config->ipsec->phase1 as $p1) {
$interface = (string)$p1->interface;
$ph1type = ['ikev1' => 'IKE', 'ikev2' => 'IKEv2', 'ike' => 'auto'];
$ph1algos = [
'aes' => 'AES',
'aes128gcm16' => '128 bit AES-GCM with 128 bit ICV',
'aes192gcm16' => '192 bit AES-GCM with 128 bit ICV',
'aes256gcm16' => '256 bit AES-GCM with 128 bit ICV',
'camellia' => 'Camellia',
'blowfish' => 'Blowfish',
'3des' => '3DES',
'cast128' => 'CAST128',
'des' => 'DES'
];
$ph1authmethos = [
'hybrid_rsa_server' => 'Hybrid RSA + Xauth',
'xauth_rsa_server' => 'Mutual RSA + Xauth',
'xauth_psk_server' => 'Mutual PSK + Xauth',
'eap-tls' => 'EAP-TLS',
'psk_eap-tls' => 'RSA (local) + EAP-TLS (remote)',
'eap-mschapv2' => 'EAP-MSCHAPV2',
'rsa_eap-mschapv2' => 'Mutual RSA + EAP-MSCHAPV2',
'eap-radius' => 'EAP-RADIUS',
'rsasig' => 'Mutual RSA',
'pubkey' => 'Mutual Public Key',
'pre_shared_key' => 'Mutual PSK'
];
$ph1proposal = $ph1algos[(string)$p1->{"encryption-algorithm"}->name];
if ((string)$p1->{"encryption-algorithm"}->keylen == 'auto') {
$ph1proposal .= " {$p1->{"encryption-algorithm"}->keylen} (auto)";
@ -146,7 +146,7 @@ class TunnelController extends ApiControllerBase
}
$item = [
"id" => $idx,
"disabled" => !empty((string)$p1->disabled),
"enabled" => empty((string)$p1->disabled) ? "1" : "0",
"protocol" => $p1->protocol == "inet" ? "IPv4" : "IPv6",
"iketype" => $ph1type[(string)$p1->iketype],
"interface" => !empty($ifs[$interface]) ? $ifs[$interface] : $interface,
@ -164,4 +164,55 @@ class TunnelController extends ApiControllerBase
}
return $this->search($items);
}
/***
* search phase 2 entries in legacy config returning a standard structure as we use in the mvc variant
*/
public function searchPhase2Action()
{
$items = [];
$this->sessionClose();
$config = Config::getInstance()->object();
if (!empty($config->ipsec->phase2)) {
$idx = 0;
$ifs = [];
if ($config->interfaces->count() > 0) {
foreach ($config->interfaces->children() as $key => $node) {
$ifs[(string)$node->if] = !empty((string)$node->descr) ? (string)$node->descr : $key;
}
}
foreach ($config->ipsec->phase2 as $p2) {
$p2mode = array_search(
(string)$p2->mode, [
"IPv4 tunnel" => "tunnel",
"IPv6 tunnel" => "tunnel6",
"transport" => "transport",
"Route-based" => "route-based"
]
);
if (in_array((string)$p2->mode, ['tunnel', 'tunnel6'])) {
$local_subnet = (string)$p2->localid;
$remote_subnet = (string)$p2->remoteid;
} elseif ((string)$p2->mode == "route-based") {
$local_subnet = (string)$p2->tunnel_local;
$remote_subnet = (string)$p2->tunnel_remote;
} else {
$local_subnet = "";
$remote_subnet = "";
}
$item = [
"id" => $idx,
"enabled" => empty((string)$p2->disabled) ? "1" : "0",
"protocol" => $p2->protocol == "esp" ? "ESP" : "AH",
"mode" => $p2mode,
"local_subnet" => $local_subnet,
"remote_subnet" => $remote_subnet,
"description" => (string)$p2->descr
];
$items[] = $item;
$idx++;
}
}
return $this->search($items);
}
}

51
src/opnsense/mvc/app/views/OPNsense/IPsec/tunnels.volt
View File

@ -1,23 +1,40 @@
<script>
$(function () {
const $grid = $('#grid-phase1').UIBootgrid({
const formatters = {
"commands": function (column, row) {
return '<button type="button" class="btn btn-xs btn-default command-edit bootgrid-tooltip" data-row-id="' + row.id + '"><span class="fa fa-fw fa-pencil"></span></button> ' +
'<button type="button" class="btn btn-xs btn-default command-copy bootgrid-tooltip" data-row-id="' + row.id + '"><span class="fa fa-fw fa-clone"></span></button>' +
'<button type="button" class="btn btn-xs btn-default command-delete bootgrid-tooltip" data-row-id="' + row.id + '"><span class="fa fa-fw fa-trash-o"></span></button>';
},
"gateway": function (column, row) {
if (row.mobile) {
return '<strong>{{ lang._('Mobile Client') }}</strong>';
} else {
return row.remote_gateway ;
}
},
"mode_type": function (column, row) {
return row.protocol + " " + row.mode;
},
"rowtoggle": function (column, row) {
if (parseInt(row[column.id], 2) === 1) {
return '<span style="cursor: pointer;" class="fa fa-fw fa-check-square-o command-toggle bootgrid-tooltip" data-value="1" data-row-id="' + row.uuid + '"></span>';
} else {
return '<span style="cursor: pointer;" class="fa fa-fw fa-square-o command-toggle bootgrid-tooltip" data-value="0" data-row-id="' + row.uuid + '"></span>';
}
}
};
const $grid_phase1 = $('#grid-phase1').UIBootgrid({
search: '/api/ipsec/tunnel/search_phase1',
options: {
formatters: {
"commands": function (column, row) {
return '<button type="button" class="btn btn-xs btn-default command-edit bootgrid-tooltip" data-row-id="' + row.id + '"><span class="fa fa-fw fa-pencil"></span></button> ' +
'<button type="button" class="btn btn-xs btn-default command-copy bootgrid-tooltip" data-row-id="' + row.id + '"><span class="fa fa-fw fa-clone"></span></button>' +
'<button type="button" class="btn btn-xs btn-default command-delete bootgrid-tooltip" data-row-id="' + row.id + '"><span class="fa fa-fw fa-trash-o"></span></button>';
},
"gateway": function (column, row) {
if (row.mobile) {
return '<strong>{{ lang._('Mobile Client') }}</strong>';
} else {
return row.remote_gateway ;
}
}
}
formatters: formatters
}
});
const $grid_phase2 = $('#grid-phase2').UIBootgrid({
search: '/api/ipsec/tunnel/search_phase2',
options: {
formatters: formatters
}
});
});
@ -29,6 +46,7 @@
<thead>
<tr>
<th data-column-id="id" data-type="numeric" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="type" data-type="string" data-width="7em">{{ lang._('Type') }}</th>
<th data-column-id="remote_gateway" data-formatter="gateway" data-width="20em" data-type="string">{{ lang._('Remote Gateway') }}</th>
<th data-column-id="mode" data-width="10em" data-type="string">{{ lang._('Mode') }}</th>
@ -60,7 +78,8 @@
<thead>
<tr>
<th data-column-id="id" data-type="numeric" data-identifier="true" data-visible="false">ID</th>
<th data-column-id="type" data-type="string">{{ lang._('Type') }}</th>
<th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="type" data-type="string" data-formatter="mode_type">{{ lang._('Type') }}</th>
<th data-column-id="local_subnet" data-width="20em" data-type="string">{{ lang._('Local Subnet') }}</th>
<th data-column-id="remote_subnet" data-width="20em" data-type="string">{{ lang._('Remote Subnet') }}</th>
<th data-column-id="proposal" data-type="string">{{ lang._('Phase 2 Proposal') }}</th>