git.openwrt.org Git - project/luci.git/blob

   1 'use strict';
   2 'require view';
   3 'require form';
   4 'require tools.widgets as widgets';
   5
   6 return view.extend({
   7         render: function () {
   8                 var m, s, o;
   9
  10                 m = new form.Map('ipsec', _('strongSwan Configuration'),
  11                         _('Configure strongSwan for secure VPN connections.'));
  12
  13                 // strongSwan General Settings
  14                 s = m.section(form.TypedSection, 'ipsec',
  15                         _('strongSwan General Settings'));
  16                 s.anonymous = true;
  17
  18                 o = s.option(widgets.ZoneSelect, 'zone', _('Zone'),
  19                         _('Firewall zone that has to match the defined firewall zone'));
  20                 o.default = 'lan';
  21                 o.multiple = true;
  22
  23                 o = s.option(widgets.NetworkSelect, 'listen', _('Listen Interfaces'),
  24                         _('Interfaces that accept VPN traffic'));
  25                 o.datatype = 'interface';
  26                 o.placeholder = _('Select an interface or leave empty for all interfaces');
  27                 o.default = 'wan';
  28                 o.multiple = true;
  29
  30                 o = s.option(form.Value, 'debug', _('Debug Level'),
  31                         _('Logs written to /var/log/charon.log'));
  32                 o.default = '0';
  33                 o.datatype = 'uinteger';
  34
  35                 // Remote Configuration
  36                 s = m.section(form.TypedSection, 'remote', _('Remote Configuration'));
  37                 s.anonymous = false;
  38
  39                 o = s.option(form.Flag, 'enabled', _('Enabled'),
  40                         _('Configuration is enabled or not'));
  41
  42                 o = s.option(form.Value, 'gateway', _('Gateway (Remote Endpoint)'),
  43                         _('Public IP address or FQDN name of the tunnel remote endpoint'));
  44                 o.datatype = 'or(hostname,ipaddr)';
  45
  46                 o = s.option(form.Value, 'local_gateway', _('Local Gateway'),
  47                         _('IP address or FQDN of the tunnel local endpoint'));
  48                 o.datatype = 'or(hostname,ipaddr)';
  49
  50                 o = s.option(form.Value, 'local_sourceip', _('Local Source IP'),
  51                         _('Virtual IP(s) to request in IKEv2 configuration payloads requests'));
  52                 o.datatype = 'ipaddr';
  53
  54                 o = s.option(form.Value, 'local_ip', _('Local IP'),
  55                         _('Local address(es) to use in IKE negotiation'));
  56                 o.datatype = 'ipaddr';
  57
  58                 o = s.option(form.Value, 'local_identifier', _('Local Identifier'),
  59                         _('Local identifier for IKE (phase 1)'));
  60                 o.datatype = 'string';
  61                 o.placeholder = 'C=US, O=Acme Corporation, CN=headquarters';
  62
  63                 o = s.option(form.Value, 'remote_identifier', _('Remote Identifier'),
  64                         _('Remote identifier for IKE (phase 1)'));
  65                 o.datatype = 'string';
  66                 o.placeholder = 'C=US, O=Acme Corporation, CN=soho';
  67
  68                 o = s.option(form.ListValue, 'authentication_method',
  69                         _('Authentication Method'), _('IKE authentication (phase 1).'));
  70                 o.value('psk', 'Pre-shared Key');
  71                 o.value('pubkey', 'Public Key');
  72                 o.required = true;
  73
  74                 o = s.option(form.Value, 'pre_shared_key', _('Pre-Shared Key'),
  75                         _('The pre-shared key for the tunnel if authentication is psk'));
  76                 o.datatype = 'string';
  77                 o.password = true;
  78                 o.depends('authentication_method', 'psk');
  79
  80                 o = s.option(form.Flag, 'mobike', _('MOBIKE'),
  81                         _('MOBIKE (IKEv2 Mobility and Multihoming Protocol)'));
  82                 o.default = '1';
  83
  84                 o = s.option(form.ListValue, 'fragmentation', _('IKE Fragmentation'),
  85                         _('Use IKE fragmentation (yes, no, force, accept)'));
  86                 o.value('yes');
  87                 o.value('no');
  88                 o.value('force');
  89                 o.value('accept');
  90                 o.default = 'yes';
  91
  92                 o = s.option(form.ListValue, 'crypto_proposal', _('Crypto Proposal'),
  93                         _('List of IKE (phase 1) proposals to use for authentication'));
  94                 o.value('encryption_algorithm');
  95                 o.value('hash_algorithm');
  96                 o.value('dh_group');
  97                 o.value('prf_algorithm');
  98
  99                 o = s.option(form.Value, 'tunnel', _('Tunnel'),
 100                         _('Name of ESP/AH (phase 2) section'));
 101                 o.required = true;
 102
 103                 o = s.option(form.Value, 'authentication_method',
 104                         _('Authentication Method'), _('IKE authentication (phase 1)'));
 105                 o.datatype = 'string';
 106
 107                 s = m.section(form.TypedSection, 'ipsec',
 108                         _('strongSwan General Settings'));
 109                 s.anonymous = true;
 110
 111                 o = s.option(form.ListValue, 'encryption_algorithm',
 112                         _('Encryption Algorithm'), _('Encryption method (aes128, aes192, aes256, 3des)'));
 113                 o.value('aes128');
 114                 o.value('aes192');
 115                 o.value('aes256');
 116                 o.value('3des');
 117                 o.required = true;
 118
 119                 o = s.option(form.ListValue, 'hash_algorithm', _('Hash Algorithm'),
 120                         _('Hash algorithm (md5, sha1, sha2, ...)'));
 121                 o.value('md5');
 122                 o.value('sha1');
 123                 o.value('sha2');
 124                 o.value('sha256');
 125                 o.value('sha384');
 126                 o.value('sha512');
 127                 o.value('sha3_256');
 128                 o.value('sha3_384');
 129                 o.value('sha3_512');
 130                 o.value('blake2s256');
 131                 o.value('blake2b512');
 132                 o.value('blake2s256');
 133                 o.value('blake2b512');
 134                 o.value('whirlpool');
 135                 o.value('tiger');
 136                 o.required = true;
 137
 138                 o = s.option(form.ListValue, 'dh_group', _('Diffie-Hellman Group'),
 139                         _('Diffie-Hellman exponentiation (modp768, modp1024, ...)'));
 140                 o.value('modp768');
 141                 o.value('modp1024');
 142                 o.value('modp1536');
 143                 o.value('modp2048');
 144                 o.value('modp3072');
 145                 o.value('modp4096');
 146                 o.required = true;
 147
 148                 o = s.option(form.ListValue, 'prf_algorithm', _('PRF Algorithm'),
 149                         _('Pseudo-Random Functions to use with IKE'));
 150                 o.value('prf_hmac_md5');
 151                 o.value('prfmd5');
 152                 o.value('prfsha1');
 153                 o.value('prfsha256');
 154                 o.value('pfsha384');
 155                 o.value('prfsha512');
 156
 157                 // Tunnel Configuration
 158                 s = m.section(form.TypedSection, 'tunnel', _('Tunnel Configuration'));
 159                 s.anonymous = false;
 160
 161                 o = s.option(form.Value, 'local_subnet', _('Local Subnet'),
 162                         _('Local network(s)'));
 163                 o.placeholder = '192.168.1.1/24';
 164                 o.required = true;
 165
 166                 o = s.option(form.Value, 'remote_subnet', _('Remote Subnet'),
 167                         _('Remote network(s)'));
 168                 o.placeholder = '192.168.2.1/24';
 169                 o.required = true;
 170
 171                 o = s.option(form.Value, 'local_nat', _('Local NAT'),
 172                         _('NAT range for tunnels with overlapping IP addresses'));
 173                 o.datatype = 'subnet';
 174
 175                 o = s.option(form.ListValue, 'crypto_proposal',
 176                         _('Crypto Proposal (Phase 2)'), _('List of ESP (phase two) proposals'));
 177                 o.value('encryption_algorithm');
 178                 o.value('hash_algorithm');
 179                 o.value('dh_group');
 180                 o.value('prf_algorithm');
 181                 o.required = true;
 182
 183                 o = s.option(form.ListValue, 'startaction', _('Start Action'),
 184                         _('Action on initial configuration load'));
 185                 o.value('none');
 186                 o.value('start');
 187                 o.value('route');
 188                 o.default = 'route';
 189
 190                 o = s.option(form.Value, 'updown', _('Up/Down Script Path'),
 191                         _('Path to script to run on CHILD_SA up/down events'));
 192                 o.datatype = 'filepath';
 193
 194                 return m.render();
 195         }
 196 });