IpsecXWRT: vpn-strongswan.sh

File vpn-strongswan.sh, 10.0 kB (added by thomas, 5 months ago)

strongSwan xwrt config page

Line 
1 #!/usr/bin/webif-page "-U /tmp -u 4098"
2 <?
3 # add haserl args in double quotes it has very ugly
4 # command line parsing code!
5
6 . /usr/lib/webif/webif.sh
7
8 config_cb() {
9     local cfg_type="$1"
10     local cfg_name="$2"
11
12     case "$cfg_type" in
13         strongswan)
14             append strongswanconfigs "$cfg_name" "$N"
15         ;;
16     esac
17 }
18
19 FORM_start_connection=${FORM_start_connection:-$FORM_sswan_name}
20 FORM_stop_connection=${FORM_stop_connection:-$FORM_sswan_name}
21
22 #FIXME: uci_load bug
23 #uci_load will pass the same config twice when there is a section to be added by using uci_add before a uci_commit happens
24 #we will use uniq so we don't try to parse the same config section twice.
25 strongswanconfigs=$(echo "$strongswanconfigs" |uniq)
26
27 strongswancfg_number=$(echo "$strongswanconfigs" |wc -l)
28 let "strongswancfg_number+=1"
29
30 # Add strongSwan Section
31 if ! empty "$FORM_add_strongswancfg_number"; then
32     [ -e /etc/config/strongswan ] || touch /etc/config/strongswan
33     uci_add strongswan strongswan
34     uci_set strongswan "$CONFIG_SECTION" "name" ""
35     uci_set strongswan "$CONFIG_SECTION" "mode" "client"
36     uci_set strongswan "$CONFIG_SECTION" "auto" "manual"
37     uci_set strongswan "$CONFIG_SECTION" "local_id" "root@localhost"
38     uci_set strongswan "$CONFIG_SECTION" "local_addr" "0.0.0.0"
39     uci_set strongswan "$CONFIG_SECTION" "local_net" "0.0.0.0/24"
40     uci_set strongswan "$CONFIG_SECTION" "remote_id" "root@foreignhost"
41     uci_set strongswan "$CONFIG_SECTION" "remote_addr" "0.0.0.0"
42     uci_set strongswan "$CONFIG_SECTION" "remote_net" "0.0.0.0/24"
43     uci_set strongswan "$CONFIG_SECTION" "psk" ""
44     uci_set strongswan "$CONFIG_SECTION" "advanced_option" "1"
45     uci_set strongswan "$CONFIG_SECTION" "ike_proposal" ""
46     uci_set strongswan "$CONFIG_SECTION" "ike_rekey" ""
47     uci_set strongswan "$CONFIG_SECTION" "esp_proposal" ""
48     uci_set strongswan "$CONFIG_SECTION" "esp_rekey" ""
49     uci_load
50 fi
51
52 # Remove strongSwan Section
53 if ! empty "$FORM_remove_strongswancfg"; then
54     uci_remove strongswan "$FORM_remove_strongswancfg"
55 fi
56
57 uci_load "strongswan"
58
59 header "VPN" "strongSwan #2" "@TR<<strongSwan>>" ' onload="modechange()" ' "$SCRIPT_NAME"
60
61 #if ! empty "$FORM_install_package"; then
62 #   echo "@TR<<vpn_strongswan_Installing_package#Installing strongswan package ...>><pre>"
63 #   install_package "strongswan-ikev2"
64 #   echo "</pre>"
65 #fi
66
67 #install_package_button=""
68 #! is_package_installed "strongswan-ikev2" &&
69 #   install_package_button="string|<div class=warning>@TR<<vpn_strongswan_warn#VPN will not work until you install strongSwan:>> </div>
70 #       submit|install_package| @TR<<vpn_strongswan_install_package#Install strongSwan Package>> |"
71
72 for config in $strongswanconfigs; do
73     if empty "$FORM_submit"; then
74         # general settings
75         config_get FORM_sswan_name $config "name"
76         config_get FORM_sswan_mode $config "mode"
77         config_get FORM_sswan_auto $config "auto"
78         config_get FORM_sswan_local_id $config "local_id"
79         config_get FORM_sswan_local_addr $config "local_addr"
80         config_get FORM_sswan_local_net $config "local_net"
81         config_get FORM_sswan_remote_id $config "remote_id"
82         config_get FORM_sswan_remote_addr $config "remote_addr"
83         config_get FORM_sswan_remote_net $config "remote_net"
84         config_get FORM_sswan_ike_proposal $config "ike_proposal"
85         config_get FORM_sswan_ike_rekey $config "ike_rekey"
86         config_get FORM_sswan_esp_proposal $config "esp_proposal"
87         config_get FORM_sswan_esp_rekey $config "esp_rekey"
88         config_get FORM_sswan_psk $config "psk"
89     else
90         eval FORM_sswan_name="\$FORM_sswan_name_$config"
91         eval FORM_sswan_mode="\$FORM_sswan_mode_$config"
92         eval FORM_sswan_auto="\$FORM_sswan_auto_$config"
93         eval FORM_sswan_local_id="\$FORM_sswan_local_id_$config"
94         eval FORM_sswan_local_addr="\$FORM_sswan_local_addr_$config"
95         eval FORM_sswan_local_net="\$FORM_sswan_local_net_$config"
96         eval FORM_sswan_remote_id="\$FORM_sswan_remote_id_$config"
97         eval FORM_sswan_remote_addr="\$FORM_sswan_remote_addr_$config"
98         eval FORM_sswan_remote_net="\$FORM_sswan_remote_net_$config"
99         eval FORM_sswan_ike_proposal="\$FORM_sswan_ike_proposal_$config"
100         eval FORM_sswan_ike_rekey="\$FORM_sswan_ike_rekey_$config"
101         eval FORM_sswan_esp_proposal="\$FORM_sswan_esp_proposal_$config"
102         eval FORM_sswan_esp_rekey="\$FORM_sswan_esp_rekey_$config"
103         eval FORM_sswan_psk="\$FORM_sswan_psk_$config"
104
105         uci_set strongswan "$config" "name" "$FORM_sswan_name"
106         uci_set strongswan "$config" "mode" "$FORM_sswan_mode"
107         uci_set strongswan "$config" "auto" "$FORM_sswan_auto"
108         uci_set strongswan "$config" "local_id"  "$FORM_sswan_local_id"
109         uci_set strongswan "$config" "local_addr" "$FORM_sswan_local_addr"
110         uci_set strongswan "$config" "local_net" "$FORM_sswan_local_net"
111         uci_set strongswan "$config" "remote_id" "$FORM_sswan_remote_id"
112         uci_set strongswan "$config" "remote_addr" "$FORM_sswan_remote_addr"
113         uci_set strongswan "$config" "remote_net" "$FORM_sswan_remote_net"
114         uci_set strongswan "$config" "ike_proposal" "$FORM_sswan_ike_proposal"
115         uci_set strongswan "$config" "ike_rekey" "$FORM_sswan_ike_rekey"
116         uci_set strongswan "$config" "esp_proposal" "$FORM_sswan_esp_proposal"
117         uci_set strongswan "$config" "esp_rekey" "$FORM_sswan_esp_rekey"
118         uci_set strongswan "$config" "psk" "$FORM_sswan_psk"
119     fi
120     sswan_form="start_form|@TR<<strongSwan Config>>
121     field|@TR<<Connection name>>|name_$config|
122     text|sswan_name_$config|$FORM_sswan_name
123     field|@TR<<Connection mode>>|mode_$config|
124     select|sswan_mode_$config|$FORM_sswan_mode
125     option|client|@TR<<Client>>
126     option|server|@TR<<Server>>
127     field|@TR<<Local id>>|local_id_$config|
128     text|sswan_local_id_$config|$FORM_sswan_local_id|
129     field|@TR<<Local ip address>>|local_addr_$config|
130     text|sswan_local_addr_$config|$FORM_sswan_local_addr
131     field|@TR<<Local network>>|local_net_$config|
132     text|sswan_local_net_$config|$FORM_sswan_local_net
133     field|@TR<<Remote id>>|remote_id_$config|
134     text|sswan_remote_id_$config|$FORM_sswan_remote_id
135     field|@TR<<Remote ip address>>|remote_addr_$config|
136     text|sswan_remote_addr_$config|$FORM_sswan_remote_addr
137     field|@TR<<Remote network>>|remote_net_$config|
138     text|sswan_remote_net_$config|$FORM_sswan_remote_net
139     field|@TR<<Pre shared key>>|psk_$config|
140     text|sswan_psk_$config|$FORM_sswan_psk
141     field|@TR<<Advanced options>>|advanced_option_$config|
142     checkbox|sswan_advanced_$config|$FORM_sswan_advanced_$config|1
143     end_form
144     
145     start_form|@TR<<>>|auto_$config|hidden
146     field|@TR<<Start mode>>||auto_$config|
147         select|sswan_auto_$config|$FORM_sswan_auto|
148         option|1|@TR<<Autoconnect at startup>>
149         option|0|@TR<<Manual connection>>
150         end_form
151                             
152     start_form|@TR<<Advanced options>>|advanced_$config|hidden
153     field|@TR<<IKE Proposal>>|ike_proposal_$config
154     select|sswan_ike_proposal_$config|$FORM_sswan_ike_proposal
155     option|aes256-sha1-modp2048|AES 256 modp 2048
156     option|aes128-sha1-modp2048|AES 128 modp 2048
157     field|@TR<<IKE rekey time (hours)>>|ike_rekey_$config
158     text|sswan_ike_rekey_$config|$FORM_sswan_ike_rekey
159     field|@TR<<ESP proposal>>|esp_proposal_$config
160     select|sswan_esp_proposal_$config|$FORM_sswan_esp_proposal
161     option|aes256-sha1-modp2048|@TR<<AES 256 modp 2048>>
162     option|aes128-sha1-modp2048|@TR<<AES 128 modp 2048>>
163     field|@TR<<ESP rekey time (hours)>>|esp_rekey_$config
164     text|sswan_esp_rekey_$config|$FORM_sswan_esp_rekey
165     end_form
166     start_form
167     submit|start_button|@TR<<start $FORM_sswan_name>>
168     submit|stop_button|@TR<<stop $FORM_sswan_name>>
169     end_form
170     
171     field|
172     string|<a href="status-strongswan.sh">@TR<<Go to strongSwan status>></a><br /><br />
173     
174     field|
175     string|<a href=\"$SCRIPT_NAME?remove_strongswancfg=$config\">@TR<<Remove strongSwan Config>></a>"
176     append SSWAN "$sswan_form" "$N"
177 done
178
179 add_sswancfg="field|
180 string|<a href=\"$SCRIPT_NAME?add_strongswancfg_number=$strongswancfg_number\">@TR<<Add strongSwan Config>></a>"
181 append SSWAN "$add_sswancfg" "$N"
182
183        
184 cat <<EOF
185 <script type="text/javascript" src="/webif.js "></script>
186 <script type="text/javascript">
187 <!--
188 function modechange(elem)
189 {
190     if (elem != undefined)
191     {
192         var config = get_config(elem.name);
193         modechange2(config);
194     }
195     else
196     {
197         configs = new Array('$(echo $strongswanconfigs|sed "s/ /','/g")');
198         for (var i = 0; i < configs.length; ++i)
199         {
200             modechange2(configs[i]);
201         }
202     }
203     hide('save');
204     show('save');
205 }
206
207 function modechange2(config)
208 {
209     set_visible('name_' + config, 1);
210     //one of them has to be 1
211     var s = 0; //server
212     var c = 0; //client
213     s = isset('sswan_mode_$config','server');
214     c = isset('sswan_mode_$config','client');
215     set_visible('auto_' + config, c);
216     set_visible('local_id_' + config, (c | s));
217     set_visible('local_addr_' + config, (c | s));   
218     set_visible('local_net_' + config, (c | s));   
219     set_visible('remote_id_' + config, (c | s));   
220     set_visible('remote_addr_' + config, c);   
221     set_visible('remote_net_' + config, c);
222     set_visible('psk_' + config, (c | s));
223     set_visible('advanced_option_' + config, (c | s));
224     set_visible('sswan_advanced_' + config, (c | s));
225     set_visible('advanced_' + config, (c | s));
226
227     v = (checked('sswan_advanced_' + config + '_1'));
228     set_visible('advanced_' + config, v);
229
230     set_visible('ike_proposal_' + config, v);
231     set_visible('ike_rekey_' + config, v);
232     set_visible('esp_proposal_' + config, v);
233     set_visible('esp_rekey_' + config, v);
234 }
235
236 function get_config(name)
237 {
238     var a = name.split("_");
239     return a[a.length - 1];
240    
241 }
242 -->
243 </script>
244 EOF
245
246 display_form <<EOF
247 onchange|modechange
248 $install_package_button
249 $SSWAN
250
251 EOF
252
253 ! empty $FORM_start_button || ! empty $FORM_stop_button && ! empty FORM_sswan_name && {
254     ! empty $FORM_start_button && {
255         sanitized=$(echo "$FORM_start_button" | awk -f "/usr/lib/webif/sanitize.awk")
256         ! empty "$sanitized" && {
257             conn_name=$(echo "$sanitized" | cut -c6-)
258             conn_command="eval echo up $conn_name > /var/run/charon.fifo"
259         }
260     }
261    
262     ! empty $FORM_stop_button && {
263         sanitized=$(echo "$FORM_stop_button" | awk -f "/usr/lib/webif/sanitize.awk")
264         ! empty "$sanitized" && {
265             conn_name=$(echo "$sanitized" | cut -c5-)
266             conn_command="eval echo down $conn_name > /var/run/charon.fifo"
267         }
268     }
269
270     echo "<br /><br />@TR<<Please wait for strongSwan status...<br /><br />"
271     $conn_command
272     echo "<br /><br /><span style="color:red">@TR<<Status:>>"
273     cat /var/run/charon.fifo
274     echo "<br /></span>"
275 }
276
277 footer ?>
278 <!--
279 ##WEBIF:name:VPN:1:strongSwan
280 -->