vpn-strongswan.sh

strongSwan xwrt config page - Martin Willi, 07.08.2008 11:01

       #!/usr/bin/webif-page "-U /tmp -u 4098"
       <?
       # add haserl args in double quotes it has very ugly
       # command line parsing code!
       . /usr/lib/webif/webif.sh
       config_cb() {
       	local cfg_type="$1"
       	local cfg_name="$2"
       	case "$cfg_type" in
       		strongswan)
       			append strongswanconfigs "$cfg_name" "$N"
       		;;
       	esac
+      }
       FORM_start_connection=${FORM_start_connection:-$FORM_sswan_name}
       FORM_stop_connection=${FORM_stop_connection:-$FORM_sswan_name}
       #FIXME: uci_load bug
       #uci_load will pass the same config twice when there is a section to be added by using uci_add before a uci_commit happens
       #we will use uniq so we don't try to parse the same config section twice.
       strongswanconfigs=$(echo "$strongswanconfigs" |uniq)
       strongswancfg_number=$(echo "$strongswanconfigs" |wc -l)
       let "strongswancfg_number+=1"
       # Add strongSwan Section
       if ! empty "$FORM_add_strongswancfg_number"; then
       	[ -e /etc/config/strongswan ] || touch /etc/config/strongswan
       	uci_add strongswan strongswan
       	uci_set strongswan "$CONFIG_SECTION" "name" ""
       	uci_set strongswan "$CONFIG_SECTION" "mode" "client"
       	uci_set strongswan "$CONFIG_SECTION" "auto" "manual"
       	uci_set strongswan "$CONFIG_SECTION" "local_id" "root@localhost"
       	uci_set strongswan "$CONFIG_SECTION" "local_addr" "0.0.0.0"
       	uci_set strongswan "$CONFIG_SECTION" "local_net" "0.0.0.0/24"
       	uci_set strongswan "$CONFIG_SECTION" "remote_id" "root@foreignhost"
       	uci_set strongswan "$CONFIG_SECTION" "remote_addr" "0.0.0.0"
       	uci_set strongswan "$CONFIG_SECTION" "remote_net" "0.0.0.0/24"
       	uci_set strongswan "$CONFIG_SECTION" "psk" ""
       	uci_set strongswan "$CONFIG_SECTION" "advanced_option" "1"
       	uci_set strongswan "$CONFIG_SECTION" "ike_proposal" ""
       	uci_set strongswan "$CONFIG_SECTION" "ike_rekey" ""
       	uci_set strongswan "$CONFIG_SECTION" "esp_proposal" ""
       	uci_set strongswan "$CONFIG_SECTION" "esp_rekey" ""
       	uci_load
       fi
       # Remove strongSwan Section
       if ! empty "$FORM_remove_strongswancfg"; then
       	uci_remove strongswan "$FORM_remove_strongswancfg"
       fi
       uci_load "strongswan"
       header "VPN" "strongSwan #2" "@TR<<strongSwan>>" ' onload="modechange()" ' "$SCRIPT_NAME"
       #if ! empty "$FORM_install_package"; then
       #	echo "@TR<<vpn_strongswan_Installing_package#Installing strongswan package ...>><pre>"
       #	install_package "strongswan-ikev2"
       #	echo "</pre>"
       #fi
       #install_package_button=""
       #! is_package_installed "strongswan-ikev2" &&
       #	install_package_button="string|<div class=warning>@TR<<vpn_strongswan_warn#VPN will not work until you install strongSwan:>> </div>
       #		submit|install_package| @TR<<vpn_strongswan_install_package#Install strongSwan Package>> |"
       for config in $strongswanconfigs; do
       	if empty "$FORM_submit"; then
       		# general settings
       		config_get FORM_sswan_name $config "name"
       		config_get FORM_sswan_mode $config "mode"
       		config_get FORM_sswan_auto $config "auto"
       		config_get FORM_sswan_local_id $config "local_id"
       		config_get FORM_sswan_local_addr $config "local_addr"
       		config_get FORM_sswan_local_net $config "local_net"
       		config_get FORM_sswan_remote_id $config "remote_id"
       		config_get FORM_sswan_remote_addr $config "remote_addr"
       		config_get FORM_sswan_remote_net $config "remote_net"
       		config_get FORM_sswan_ike_proposal $config "ike_proposal"
       		config_get FORM_sswan_ike_rekey $config "ike_rekey"
       		config_get FORM_sswan_esp_proposal $config "esp_proposal"
       		config_get FORM_sswan_esp_rekey $config "esp_rekey"
       		config_get FORM_sswan_psk $config "psk"
       	else
       		eval FORM_sswan_name="\$FORM_sswan_name_$config"
       		eval FORM_sswan_mode="\$FORM_sswan_mode_$config"
       		eval FORM_sswan_auto="\$FORM_sswan_auto_$config"
       		eval FORM_sswan_local_id="\$FORM_sswan_local_id_$config"
       		eval FORM_sswan_local_addr="\$FORM_sswan_local_addr_$config"
       		eval FORM_sswan_local_net="\$FORM_sswan_local_net_$config"
       		eval FORM_sswan_remote_id="\$FORM_sswan_remote_id_$config"
       		eval FORM_sswan_remote_addr="\$FORM_sswan_remote_addr_$config"
       		eval FORM_sswan_remote_net="\$FORM_sswan_remote_net_$config"
       		eval FORM_sswan_ike_proposal="\$FORM_sswan_ike_proposal_$config"
       		eval FORM_sswan_ike_rekey="\$FORM_sswan_ike_rekey_$config"
       		eval FORM_sswan_esp_proposal="\$FORM_sswan_esp_proposal_$config"
       		eval FORM_sswan_esp_rekey="\$FORM_sswan_esp_rekey_$config"
       		eval FORM_sswan_psk="\$FORM_sswan_psk_$config"
       		uci_set strongswan "$config" "name" "$FORM_sswan_name"
       		uci_set strongswan "$config" "mode" "$FORM_sswan_mode"
       		uci_set strongswan "$config" "auto" "$FORM_sswan_auto"
       		uci_set strongswan "$config" "local_id"  "$FORM_sswan_local_id"
       		uci_set strongswan "$config" "local_addr" "$FORM_sswan_local_addr"
       		uci_set strongswan "$config" "local_net" "$FORM_sswan_local_net"
       		uci_set strongswan "$config" "remote_id" "$FORM_sswan_remote_id"
       		uci_set strongswan "$config" "remote_addr" "$FORM_sswan_remote_addr"
       		uci_set strongswan "$config" "remote_net" "$FORM_sswan_remote_net"
       		uci_set strongswan "$config" "ike_proposal" "$FORM_sswan_ike_proposal"
       		uci_set strongswan "$config" "ike_rekey" "$FORM_sswan_ike_rekey"
       		uci_set strongswan "$config" "esp_proposal" "$FORM_sswan_esp_proposal"
       		uci_set strongswan "$config" "esp_rekey" "$FORM_sswan_esp_rekey"
       		uci_set strongswan "$config" "psk" "$FORM_sswan_psk"
       	fi
       	sswan_form="start_form|@TR<<strongSwan Config>>
       	field|@TR<<Connection name>>|name_$config|
       	text|sswan_name_$config|$FORM_sswan_name
       	field|@TR<<Connection mode>>|mode_$config|
       	select|sswan_mode_$config|$FORM_sswan_mode
       	option|client|@TR<<Client>>
       	option|server|@TR<<Server>>
       	field|@TR<<Local id>>|local_id_$config|
       	text|sswan_local_id_$config|$FORM_sswan_local_id|
       	field|@TR<<Local ip address>>|local_addr_$config|
       	text|sswan_local_addr_$config|$FORM_sswan_local_addr
       	field|@TR<<Local network>>|local_net_$config|
       	text|sswan_local_net_$config|$FORM_sswan_local_net
       	field|@TR<<Remote id>>|remote_id_$config|
       	text|sswan_remote_id_$config|$FORM_sswan_remote_id
       	field|@TR<<Remote ip address>>|remote_addr_$config|
       	text|sswan_remote_addr_$config|$FORM_sswan_remote_addr
       	field|@TR<<Remote network>>|remote_net_$config|
       	text|sswan_remote_net_$config|$FORM_sswan_remote_net
       	field|@TR<<Pre shared key>>|psk_$config|
       	text|sswan_psk_$config|$FORM_sswan_psk
       	field|@TR<<Advanced options>>|advanced_option_$config|
       	checkbox|sswan_advanced_$config|$FORM_sswan_advanced_$config|1
       	end_form
       	start_form|@TR<<>>|auto_$config|hidden
       	field|@TR<<Start mode>>||auto_$config|
               select|sswan_auto_$config|$FORM_sswan_auto|
               option|1|@TR<<Autoconnect at startup>>
               option|0|@TR<<Manual connection>>
               end_form
       	start_form|@TR<<Advanced options>>|advanced_$config|hidden
       	field|@TR<<IKE Proposal>>|ike_proposal_$config
       	select|sswan_ike_proposal_$config|$FORM_sswan_ike_proposal
       	option|aes256-sha1-modp2048|AES 256 modp 2048
       	option|aes128-sha1-modp2048|AES 128 modp 2048
       	field|@TR<<IKE rekey time (hours)>>|ike_rekey_$config
       	text|sswan_ike_rekey_$config|$FORM_sswan_ike_rekey
       	field|@TR<<ESP proposal>>|esp_proposal_$config
       	select|sswan_esp_proposal_$config|$FORM_sswan_esp_proposal
       	option|aes256-sha1-modp2048|@TR<<AES 256 modp 2048>>
       	option|aes128-sha1-modp2048|@TR<<AES 128 modp 2048>>
       	field|@TR<<ESP rekey time (hours)>>|esp_rekey_$config
       	text|sswan_esp_rekey_$config|$FORM_sswan_esp_rekey
       	end_form
       	start_form
       	submit|start_button|@TR<<start $FORM_sswan_name>>
       	submit|stop_button|@TR<<stop $FORM_sswan_name>>
       	end_form
       	field|
       	string|<a href="status-strongswan.sh">@TR<<Go to strongSwan status>></a><br /><br />
       	field|
       	string|<a href=\"$SCRIPT_NAME?remove_strongswancfg=$config\">@TR<<Remove strongSwan Config>></a>"
       	append SSWAN "$sswan_form" "$N"
       done
       add_sswancfg="field|
       string|<a href=\"$SCRIPT_NAME?add_strongswancfg_number=$strongswancfg_number\">@TR<<Add strongSwan Config>></a>"
       append SSWAN "$add_sswancfg" "$N"
       cat <<EOF
       <script type="text/javascript" src="/webif.js "></script>
       <script type="text/javascript">
       <!--
       function modechange(elem)
+      {
       	if (elem != undefined)
+      	{
       		var config = get_config(elem.name);
       		modechange2(config);
+      	}
       	else
+      	{
       		configs = new Array('$(echo $strongswanconfigs|sed "s/ /','/g")');
       		for (var i = 0; i < configs.length; ++i)
+      		{
       			modechange2(configs[i]);
+      		}
+      	}
       	hide('save');
       	show('save');
+      }
       function modechange2(config)
+      {
       	set_visible('name_' + config, 1);
       	//one of them has to be 1
       	var s = 0; //server
       	var c = 0; //client
       	s = isset('sswan_mode_$config','server');
       	c = isset('sswan_mode_$config','client');
       	set_visible('auto_' + config, c);
       	set_visible('local_id_' + config, (c | s));
       	set_visible('local_addr_' + config, (c | s));
       	set_visible('local_net_' + config, (c | s));
       	set_visible('remote_id_' + config, (c | s));
       	set_visible('remote_addr_' + config, c);
       	set_visible('remote_net_' + config, c);
       	set_visible('psk_' + config, (c | s));
       	set_visible('advanced_option_' + config, (c | s));
       	set_visible('sswan_advanced_' + config, (c | s));
       	set_visible('advanced_' + config, (c | s));
       	v = (checked('sswan_advanced_' + config + '_1'));
       	set_visible('advanced_' + config, v);
       	set_visible('ike_proposal_' + config, v);
       	set_visible('ike_rekey_' + config, v);
       	set_visible('esp_proposal_' + config, v);
       	set_visible('esp_rekey_' + config, v);
+      }
       function get_config(name)
+      {
       	var a = name.split("_");
       	return a[a.length - 1];
+      }
       -->
       </script>
       EOF
       display_form <<EOF
       onchange|modechange
       $install_package_button
       $SSWAN
       EOF
       ! empty $FORM_start_button || ! empty $FORM_stop_button && ! empty FORM_sswan_name && {
       	! empty $FORM_start_button && {
       		sanitized=$(echo "$FORM_start_button" | awk -f "/usr/lib/webif/sanitize.awk")
       		! empty "$sanitized" && {
       			conn_name=$(echo "$sanitized" | cut -c6-)
       			conn_command="eval echo up $conn_name > /var/run/charon.fifo"
+      		}
+      	}
       	! empty $FORM_stop_button && {
       		sanitized=$(echo "$FORM_stop_button" | awk -f "/usr/lib/webif/sanitize.awk")
       		! empty "$sanitized" && {
       			conn_name=$(echo "$sanitized" | cut -c5-)
       			conn_command="eval echo down $conn_name > /var/run/charon.fifo"
+      		}
+      	}
       	echo "<br /><br />@TR<<Please wait for strongSwan status...<br /><br />"
       	$conn_command
       	echo "<br /><br /><span style="color:red">@TR<<Status:>>"
       	cat /var/run/charon.fifo
       	echo "<br /></span>"
+      }
       footer ?>
       <!--
       ##WEBIF:name:VPN:1:strongSwan
       -->