git.openwrt.org Git - project/luci.git/blob

   1 'use strict';
   2 'require view';
   3 'require form';
   4 'require tools.widgets as widgets';
   5
   6 return view.extend({
   7     render: function() {
   8         var m, s, o;
   9
  10         m = new form.Map('ipsec',
  11         _('strongSwan Configuration'),
  12         _("Configure strongSwan for secure VPN connections."));
  13
  14         // strongSwan General Settings
  15         s = m.section(form.TypedSection, 'ipsec', _('strongSwan General Settings'));
  16         s.anonymous = true;
  17
  18         o = s.option(widgets.ZoneSelect, 'zone', _('Zone'), _('Firewall zone that has to match the defined firewall zone'));
  19         o.default = 'lan';
  20         o.multiple = true;
  21
  22         o = s.option(widgets.NetworkSelect, 'listen', _('Listen Interfaces'), _('Interfaces that accept VPN traffic'));
  23         o.datatype = 'interface';
  24         o.placeholder = _('Select an interface or leave empty for all interfaces');
  25         o.default = 'wan';
  26         o.multiple = true;
  27
  28         o = s.option(form.Value, 'debug', _('Debug Level'), _('Logs written to /var/log/charon.log'));
  29         o.default = '0';
  30         o.datatype = "uinteger";
  31
  32         // Remote Configuration
  33         s = m.section(form.TypedSection, 'remote', _('Remote Configuration'));
  34         s.anonymous = false;
  35
  36         o = s.option(form.Flag, 'enabled', _('Enabled'), _('Configuration is enabled or not'));
  37
  38         o = s.option(form.Value, 'gateway', _('Gateway (Remote Endpoint)'), _('Public IP address or FQDN name of the tunnel remote endpoint'));
  39         o.datatype = 'or(hostname,ipaddr)';
  40
  41         o = s.option(form.Value, 'local_gateway', _('Local Gateway'), _('IP address or FQDN of the tunnel local endpoint'));
  42         o.datatype = 'or(hostname,ipaddr)';
  43
  44         o = s.option(form.Value, 'local_sourceip', _('Local Source IP'), _('Virtual IP(s) to request in IKEv2 configuration payloads requests'));
  45         o.datatype = 'ipaddr';
  46
  47         o = s.option(form.Value, 'local_ip', _('Local IP'), _('Local address(es) to use in IKE negotiation'));
  48         o.datatype = 'ipaddr';
  49
  50         o = s.option(form.Value, 'local_identifier', _('Local Identifier'), _('Local identifier for IKE (phase 1)'));
  51         o.datatype = 'string';
  52         o.placeholder = "C=US, O=Acme Corporation, CN=headquarters"
  53
  54         o = s.option(form.Value, 'remote_identifier', _('Remote Identifier'), _('Remote identifier for IKE (phase 1)'));
  55         o.datatype = 'string';
  56         o.placeholder = "C=US, O=Acme Corporation, CN=soho"
  57
  58         o = s.option(form.ListValue, 'authentication_method', _('Authentication Method'), _('IKE authentication (phase 1).'));
  59         o.value('psk', "Pre-shared Key");
  60         o.value('pubkey', "Public Key");
  61         o.required = true;
  62
  63         o = s.option(form.Value, 'pre_shared_key', _('Pre-Shared Key'), _('The pre-shared key for the tunnel if authentication is psk'));
  64         o.datatype = 'string';
  65         o.password = true;
  66         o.depends('authentication_method', 'psk');
  67
  68         o = s.option(form.Flag, 'mobike', _('MOBIKE'), _('MOBIKE (IKEv2 Mobility and Multihoming Protocol)'));
  69         o.default = '1';
  70
  71         o = s.option(form.ListValue, 'fragmentation', _('IKE Fragmentation'), _('Use IKE fragmentation (yes, no, force, accept)'));
  72         o.value('yes');
  73         o.value('no');
  74         o.value('force');
  75         o.value('accept')
  76         o.default = 'yes';
  77
  78         o = s.option(form.ListValue, 'crypto_proposal', _('Crypto Proposal'), _('List of IKE (phase 1) proposals to use for authentication'));
  79         o.value('encryption_algorithm');
  80         o.value('hash_algorithm');
  81         o.value('dh_group');
  82         o.value('prf_algorithm');
  83
  84         o = s.option(form.Value, 'tunnel', _('Tunnel'), _('Name of ESP/AH (phase 2) section'));
  85         o.required = true
  86
  87         o = s.option(form.Value, 'authentication_method', _('Authentication Method'), _('IKE authentication (phase 1)'));
  88         o.datatype = 'string';
  89
  90         s = m.section(form.TypedSection, 'ipsec', _('strongSwan General Settings'));
  91         s.anonymous = true;
  92
  93         o = s.option(form.ListValue, 'encryption_algorithm', _('Encryption Algorithm'), _('Encryption method (aes128, aes192, aes256, 3des)'));
  94         o.value('aes128');
  95         o.value('aes192');
  96         o.value('aes256');
  97         o.value('3des');
  98         o.required = true
  99
 100         o = s.option(form.ListValue, 'hash_algorithm', _('Hash Algorithm'), _('Hash algorithm (md5, sha1, sha2, ...)'));
 101         o.value('md5');
 102         o.value('sha1');
 103         o.value('sha2');
 104         o.value('sha256');
 105         o.value('sha384');
 106         o.value('sha512');
 107         o.value('sha3_256');
 108         o.value('sha3_384');
 109         o.value('sha3_512');
 110         o.value('blake2s256');
 111         o.value('blake2b512');
 112         o.value('blake2s256');
 113         o.value('blake2b512');
 114         o.value('whirlpool');
 115         o.value('tiger');
 116         o.required = true
 117
 118         o = s.option(form.ListValue, 'dh_group', _('Diffie-Hellman Group'), _('Diffie-Hellman exponentiation (modp768, modp1024, ...)'));
 119         o.value('modp768');
 120         o.value('modp1024');
 121         o.value('modp1536');
 122         o.value('modp2048');
 123         o.value('modp3072');
 124         o.value('modp4096');
 125         o.required = true
 126
 127         o = s.option(form.ListValue, 'prf_algorithm', _('PRF Algorithm'), _('Pseudo-Random Functions to use with IKE'));
 128         o.value('prf_hmac_md5');
 129         o.value('prfmd5')
 130         o.value('prfsha1')
 131         o.value('prfsha256')
 132         o.value('pfsha384')
 133         o.value('prfsha512')
 134
 135         // Tunnel Configuration
 136         s = m.section(form.TypedSection, 'tunnel', _('Tunnel Configuration'));
 137         s.anonymous = false;
 138
 139         o = s.option(form.Value, 'local_subnet', _('Local Subnet'), _('Local network(s)'));
 140         o.placeholder = "192.168.1.1/24"
 141         o.required = true
 142
 143         o = s.option(form.Value, 'remote_subnet', _('Remote Subnet'), _('Remote network(s)'));
 144         o.placeholder = "192.168.2.1/24"
 145         o.required = true
 146
 147         o = s.option(form.Value, 'local_nat', _('Local NAT'), _('NAT range for tunnels with overlapping IP addresses'));
 148         o.datatype = 'subnet';
 149
 150         o = s.option(form.ListValue, 'crypto_proposal', _('Crypto Proposal (Phase 2)'), _('List of ESP (phase two) proposals'));
 151         o.value('encryption_algorithm');
 152         o.value('hash_algorithm');
 153         o.value('dh_group');
 154         o.value('prf_algorithm');
 155         o.required = true
 156
 157         o = s.option(form.ListValue, 'startaction', _('Start Action'), _('Action on initial configuration load'));
 158         o.value('none');
 159         o.value('start');
 160         o.value('route');
 161         o.default = 'route';
 162
 163         o = s.option(form.Value, 'updown', _('Up/Down Script Path'), _('Path to script to run on CHILD_SA up/down events'));
 164         o.datatype = 'filepath';
 165
 166         return m.render();
 167     }
 168 });