From 04e4ecad26d8d0dd2e222261f9611ed916f68f0b Mon Sep 17 00:00:00 2001 From: Paul Donald Date: Mon, 18 Dec 2023 19:12:15 +0100 Subject: [PATCH] Revert "Merge pull request #6700 from lvoegl/pr/20231021-luci-app-strongswan" This reverts commit 6fb71d48a051467c5cc54453cd74df992e9c9e65. (Not yet ready) --- .../luci-app-strongswan-swanctl/Makefile | 17 - .../resources/strongswan_algorithms.js | 143 ------ .../view/strongswan-swanctl/status.js | 189 -------- .../view/strongswan-swanctl/swanctl.js | 409 ------------------ .../menu.d/luci-app-strongswan-swanctl.json | 28 -- .../acl.d/luci-app-strongswan-swanctl.json | 16 - 6 files changed, 802 deletions(-) delete mode 100644 applications/luci-app-strongswan-swanctl/Makefile delete mode 100644 applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/strongswan_algorithms.js delete mode 100644 applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/status.js delete mode 100644 applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js delete mode 100644 applications/luci-app-strongswan-swanctl/root/usr/share/luci/menu.d/luci-app-strongswan-swanctl.json delete mode 100644 applications/luci-app-strongswan-swanctl/root/usr/share/rpcd/acl.d/luci-app-strongswan-swanctl.json diff --git a/applications/luci-app-strongswan-swanctl/Makefile b/applications/luci-app-strongswan-swanctl/Makefile deleted file mode 100644 index cadd2dacc5..0000000000 --- a/applications/luci-app-strongswan-swanctl/Makefile +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright 2021 Nicholas Smith (nicholas@nbembedded.com) -# Copyright (C) 2023 TDT AG -# -# This is free software, licensed under the GNU General Public License v2. - -include $(TOPDIR)/rules.mk - -PKG_LICENSE:=GPL-2.0-or-later -PKG_MAINTAINER:=Nicholas Smith , Lukas Voegl - -LUCI_TITLE:=LuCI support for strongSwan via swanctl -LUCI_DESCRIPTION:=Status and configuration for strongSwan based on swanctl -LUCI_DEPENDS:=+strongswan-swanctl +swanmon - -include ../../luci.mk - -# call BuildPackage - OpenWrt buildroot signature diff --git a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/strongswan_algorithms.js b/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/strongswan_algorithms.js deleted file mode 100644 index 1ebbe59084..0000000000 --- a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/strongswan_algorithms.js +++ /dev/null @@ -1,143 +0,0 @@ -'use strict'; -'require baseclass'; - -return baseclass.extend({ - - _encryptionAlgorithms: new Map([ - ['3des', true], - ['cast128', true], - ['blowfish128', true], - ['blowfish192', true], - ['blowfish256', true], - ['null', true], - ['aes128'], - ['aes192'], - ['aes256'], - ['aes128ctr'], - ['aes192ctr'], - ['aes256ctr'], - ['camellia128'], - ['camellia192'], - ['camellia256'], - ['camellia128ctr'], - ['camellia192ctr'], - ['camellia256ctr'] - ]), - - _authenticatedEncryptionAlgorithms: new Map([ - ['aes128ccm64'], - ['aes192ccm64'], - ['aes256ccm64'], - ['aes128ccm96'], - ['aes192ccm96'], - ['aes256ccm96'], - ['aes128ccm128'], - ['aes192ccm128'], - ['aes256ccm128'], - ['aes128gcm64'], - ['aes192gcm64'], - ['aes256gcm64'], - ['aes128gcm96'], - ['aes192gcm96'], - ['aes256gcm96'], - ['aes128gcm128'], - ['aes192gcm128'], - ['aes256gcm128'], - ['aes128gmac'], - ['aes192gmac'], - ['aes256gmac'], - ['camellia128ccm64'], - ['camellia192ccm64'], - ['camellia256ccm64'], - ['camellia128ccm96'], - ['camellia192ccm96'], - ['camellia256ccm96'], - ['camellia128ccm128'], - ['camellia192ccm128'], - ['camellia256ccm128'], - ['chacha20poly1305'] - ]), - - _hashAlgorithms: new Map([ - ['md5', true], - ['md5_128', true], - ['sha1', true], - ['sha1_160', true], - ['aesxcbc'], - ['aescmac'], - ['aes128gmac'], - ['aes192gmac'], - ['aes256gmac'], - ['sha256'], - ['sha384'], - ['sha512'], - ['sha256_96'] - ]), - - _dhAlgorithms: new Map([ - ['modp768', true], - ['modp1024', true], - ['modp1536', true], - ['modp2048'], - ['modp3072'], - ['modp4096'], - ['modp6144'], - ['modp8192'], - ['modp1024s160', true], - ['modp2048s224', true], - ['modp2048s256', true], - ['ecp192', true], - ['ecp224'], - ['ecp256'], - ['ecp384'], - ['ecp521'], - ['ecp224bp'], - ['ecp256bp'], - ['ecp384bp'], - ['ecp512bp'], - ['curve25519'], - ['curve448'] - ]), - - _prfAlgorithms: new Map([ - ['prfmd5', true], - ['prfsha1', true], - ['prfaesxcbc'], - ['prfaescmac'], - ['prfsha256'], - ['prfsha384'], - ['prfsha512'] - ]), - - _getAlgorithmNames: function (algorithms) { - return Array.from(algorithms.keys()); - }, - - isInsecure: function (algorithmName) { - return this._encryptionAlgorithms.get(algorithmName) == true - || this._authenticatedEncryptionAlgorithms.get(algorithmName) == true - || this._hashAlgorithms.get(algorithmName) == true - || this._dhAlgorithms.get(algorithmName) == true - || this._prfAlgorithms.get(algorithmName) == true; - }, - - getEncryptionAlgorithms: function () { - return this._getAlgorithmNames(this._encryptionAlgorithms); - }, - - getAuthenticatedEncryptionAlgorithms: function () { - return this._getAlgorithmNames(this._authenticatedEncryptionAlgorithms); - }, - - getHashAlgorithms: function () { - return this._getAlgorithmNames(this._hashAlgorithms); - }, - - getDiffieHellmanAlgorithms: function () { - return this._getAlgorithmNames(this._dhAlgorithms); - }, - - getPrfAlgorithms: function () { - return this._getAlgorithmNames(this._prfAlgorithms); - } -}); diff --git a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/status.js b/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/status.js deleted file mode 100644 index d0a936cc6e..0000000000 --- a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/status.js +++ /dev/null @@ -1,189 +0,0 @@ -'use strict'; -'require view'; -'require dom'; -'require poll'; -'require fs'; -'require ui'; - -function formatTime(seconds, selectCount) { - var days = Math.floor(seconds / (60 * 60 * 24)); - var hours = Math.floor(seconds / (60 * 60)) % 24; - var minutes = Math.floor(seconds / 60) % 60; - var seconds = Math.floor(seconds % 60); - - var times = [ - [days, _('Day'), _('Days')], - [hours, _('Hour'), _('Hours')], - [minutes, _('Minute'), _('Minutes')], - [seconds, _('Second'), _('Seconds')] - ].filter(function ([time, singular, plural]) { - return time > 0; - }); - - var selectedTimes = times.slice(0, selectCount); - return selectedTimes.map(function ([time, singular, plural]) { - var unit = time > 1 ? plural : singular; - return '%d %s'.format(time, unit); - }).join(', '); -} - -function buildSection(name, table) { - return E('div', { 'class': 'cbi-section' }, [ - E('h2', [name]), - table - ]); -} - -function buildTable(rows) { - return E('table', { 'class': 'table', }, rows); -} - -function buildKeyValueTable(kvPairs) { - var rows = kvPairs.map(function (row) { - return E('tr', { 'class': 'tr' }, [ - E('td', { 'class': 'td', 'width': '33%' }, E('strong', [row[0]])), - E('td', { 'class': 'td' }, [row[1]]) - ]); - }); - return buildTable(rows); -} - -function collectErrorMessages(results) { - var errorMessages = results.reduce(function (messages, result) { - return messages.concat(result.errors.map(function (error) { - return error.message; - })); - }, []); - var uniqueErrorMessages = new Set(errorMessages); - - return [...uniqueErrorMessages]; -} - -return view.extend({ - load: function () { - return Promise.all([ - fs.exec_direct('/usr/sbin/swanmon', ['version'], 'json'), - fs.exec_direct('/usr/sbin/swanmon', ['stats'], 'json'), - fs.exec_direct('/usr/sbin/swanmon', ['list-sas'], 'json') - ]); - }, - - pollData: function (container) { - poll.add(L.bind(function () { - return this.load().then(L.bind(function (results) { - dom.content(container, this.renderContent(results)); - }, this)); - }, this)); - }, - - renderContent: function (results) { - var node = E('div', [E('div')]); - var firstNode = node.firstElementChild; - - var errorMessages = collectErrorMessages(results); - if (errorMessages.length > 0) { - var messageEls = errorMessages.map(function (message) { - return E('li', message); - }); - - firstNode.appendChild(E('h4', _('Querying strongSwan failed'))); - firstNode.appendChild(E('ul', messageEls)); - - return node; - } - - var [version, stats, sas] = results.map(function (r) { - return r.data; - }); - - var uptimeSeconds = (new Date() - new Date(stats.uptime.since)) / 1000; - var statsSection = buildSection(_('Stats'), buildKeyValueTable([ - [_('Version'), version.version], - [_('Uptime'), formatTime(uptimeSeconds, 2)], - [_('Daemon'), version.daemon], - [_('Active IKE_SAs'), stats.ikesas.total], - [_('Half-Open IKE_SAs'), stats.ikesas['half-open']] - ])); - firstNode.appendChild(statsSection); - - var tableRows = sas.map(function (conn) { - var name = Object.keys(conn)[0]; - var data = conn[name]; - var childSas = []; - - Object.entries(data['child-sas']).forEach(function ([name, data]) { - var table = buildKeyValueTable([ - [_('State'), data.state], - [_('Mode'), data.mode], - [_('Protocol'), data.protocol], - [_('Local Traffic Selectors'), data['local-ts'].join(', ')], - [_('Remote Traffic Selectors'), data['remote-ts'].join(', ')], - [_('Encryption Algorithm'), data['encr-alg']], - [_('Encryption Keysize'), data['encr-keysize']], - [_('Bytes in'), data['bytes-in']], - [_('Bytes out'), data['bytes-out']], - [_('Life Time'), formatTime(data['life-time'], 2)], - [_('Install Time'), formatTime(data['install-time'], 2)], - [_('Rekey in'), formatTime(data['rekey-time'], 2)], - [_('SPI in'), data['spi-in']], - [_('SPI out'), data['spi-out']] - ]); - childSas.push(E('div', { 'class': 'cbi-section' }, [ - E('h4', { 'style': 'margin-top: 0; padding-top: 0;' }, [name]), - table - ])); - }); - childSas.push(E('button', { - 'class': 'btn cbi-button cbi-button-apply', - 'click': ui.hideModal - }, _('Close'))); - - return E('tr', { 'class': 'tr' }, [ - E('td', { 'class': 'td' }, [name]), - E('td', { 'class': 'td' }, [data.state]), - E('td', { 'class': 'td' }, [data['remote-host']]), - E('td', { 'class': 'td' }, [data.version]), - E('td', { 'class': 'td' }, [formatTime(data.established, 2)]), - E('td', { 'class': 'td' }, [formatTime(data['reauth-time'], 2)]), - E('td', { 'class': 'td' }, [E('button', { - 'class': 'btn cbi-button cbi-button-apply', - 'click': function (ev) { - ui.showModal(_('CHILD_SAs'), childSas) - } - }, _('Show Details'))]) - ]); - }); - var connSection = buildSection(_('Security Associations (SAs)'), buildTable([ - E('tr', { 'class': 'tr' }, [ - E('th', { 'class': 'th' }, [_('Name')]), - E('th', { 'class': 'th' }, [_('State')]), - E('th', { 'class': 'th' }, [_('Remote')]), - E('th', { 'class': 'th' }, [_('IKE Version')]), - E('th', { 'class': 'th' }, [_('Established for')]), - E('th', { 'class': 'th' }, [_('Reauthentication in')]), - E('th', { 'class': 'th' }, [_('Details')]) - ]), - ...tableRows - ])); - firstNode.appendChild(connSection); - - return node; - }, - - render: function (results) { - var content = E([], [ - E('h2', [_('strongSwan Status')]), - E('div') - ]); - var container = content.lastElementChild; - - dom.content(container, this.renderContent(results)); - this.pollData(container); - - return content; - }, - - handleSaveApply: null, - handleSave: null, - handleReset: null -}); diff --git a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js b/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js deleted file mode 100644 index c18814aac3..0000000000 --- a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js +++ /dev/null @@ -1,409 +0,0 @@ -'use strict'; -'require view'; -'require form'; -'require uci'; -'require tools.widgets as widgets'; -'require strongswan_algorithms'; - -function validateTimeFormat(section_id, value) { - if (value && !value.match(/^\d+[smhd]$/)) { - return _('Number must have suffix s, m, h or d'); - } - - return true; -} - -function addAlgorithms(o, algorithms) { - algorithms.forEach(function (algorithm) { - if (strongswan_algorithms.isInsecure(algorithm)) { - o.value(algorithm, '%s*'.format(algorithm)); - } else { - o.value(algorithm); - } - }); -} - -return view.extend({ - load: function () { - return uci.load('network'); - }, - - render: function () { - var m, s, o; - - m = new form.Map('ipsec', _('strongSwan Configuration'), - _('Configure strongSwan for secure VPN connections.')); - m.tabbed = true; - - // strongSwan General Settings - s = m.section(form.TypedSection, 'ipsec', _('General Settings')); - s.anonymous = true; - - o = s.option(widgets.ZoneSelect, 'zone', _('Zone'), - _('Firewall zone that has to match the defined firewall zone')); - o.default = 'lan'; - o.multiple = true; - - o = s.option(widgets.NetworkSelect, 'listen', _('Listening Interfaces'), - _('Interfaces that accept VPN traffic')); - o.datatype = 'interface'; - o.placeholder = _('Select an interface or leave empty for all interfaces'); - o.default = 'wan'; - o.multiple = true; - o.rmempty = false; - - o = s.option(form.Value, 'debug', _('Debug Level'), - _('Trace level: 0 is least verbose, 4 is most')); - o.default = '0'; - o.datatype = 'range(0,4)'; - - // Remote Configuration - s = m.section(form.GridSection, 'remote', _('Remote Configuration'), - _('Define Remote IKE Configurations.')); - s.addremove = true; - s.nodescriptions = true; - - o = s.tab('general', _('General')); - o = s.tab('authentication', _('Authentication')); - o = s.tab('advanced', _('Advanced')); - - o = s.taboption('general', form.Flag, 'enabled', _('Enabled'), - _('Configuration is enabled or not')); - o.rmempty = false; - - o = s.taboption('general', form.Value, 'gateway', _('Gateway (Remote Endpoint)'), - _('IP address or FQDN name of the tunnel remote endpoint')); - o.datatype = 'or(hostname,ipaddr)'; - o.rmempty = false; - - o = s.taboption('general', form.Value, 'local_gateway', _('Local Gateway'), - _('IP address or FQDN of the tunnel local endpoint')); - o.datatype = 'or(hostname,ipaddr)'; - o.modalonly = true; - - o = s.taboption('general', form.Value, 'local_sourceip', _('Local Source IP'), - _('Virtual IP(s) to request in IKEv2 configuration payloads requests')); - o.datatype = 'ipaddr'; - o.modalonly = true; - - o = s.taboption('general', form.Value, 'local_ip', _('Local IP'), - _('Local address(es) to use in IKE negotiation')); - o.datatype = 'ipaddr'; - o.modalonly = true; - - o = s.taboption('general', form.MultiValue, 'crypto_proposal', _('Crypto Proposal'), - _('List of IKE (phase 1) proposals to use for authentication')); - o.load = function (section_id) { - this.keylist = []; - this.vallist = []; - - var sections = uci.sections('ipsec', 'crypto_proposal'); - if (sections.length == 0) { - this.value('', _('Please create a Proposal first')); - } else { - sections.forEach(L.bind(function (section) { - if (section.is_esp != '1') { - this.value(section['.name']); - } - }, this)); - } - - return this.super('load', [section_id]); - }; - o.rmempty = false; - - o = s.taboption('general', form.MultiValue, 'tunnel', _('Tunnel'), - _('Name of ESP (phase 2) section')); - o.load = function (section_id) { - this.keylist = []; - this.vallist = []; - - var sections = uci.sections('ipsec', 'tunnel'); - if (sections.length == 0) { - this.value('', _('Please create a Tunnel first')); - } else { - sections.forEach(L.bind(function (section) { - this.value(section['.name']); - }, this)); - } - - return this.super('load', [section_id]); - }; - o.rmempty = false; - - o = s.taboption('authentication', form.ListValue, 'authentication_method', - _('Authentication Method'), _('IKE authentication (phase 1)')); - o.modalonly = true; - o.value('psk', 'Pre-shared Key'); - o.value('pubkey', 'Public Key'); - - o = s.taboption('authentication', form.Value, 'local_identifier', _('Local Identifier'), - _('Local identifier for IKE (phase 1)')); - o.datatype = 'string'; - o.placeholder = 'C=US, O=Acme Corporation, CN=headquarters'; - o.modalonly = true; - - o = s.taboption('authentication', form.Value, 'remote_identifier', _('Remote Identifier'), - _('Remote identifier for IKE (phase 1)')); - o.datatype = 'string'; - o.placeholder = 'C=US, O=Acme Corporation, CN=soho'; - o.modalonly = true; - - o = s.taboption('authentication', form.Value, 'pre_shared_key', _('Pre-Shared Key'), - _('The pre-shared key for the tunnel')); - o.datatype = 'string'; - o.password = true; - o.modalonly = true; - o.rmempty = false; - o.depends('authentication_method', 'psk'); - - o = s.taboption('authentication', form.Value, 'local_cert', _('Local Certificate'), - _('Certificate pathname to use for authentication')); - o.datatype = 'file'; - o.depends('authentication_method', 'pubkey'); - o.modalonly = true; - - o = s.taboption('authentication', form.Value, 'local_key', _('Local Key'), - _('Private key pathname to use with above certificate')); - o.datatype = 'file'; - o.modalonly = true; - - o = s.taboption('authentication', form.Value, 'ca_cert', _('CA Certificate'), - _("CA certificate that need to lie in remote peer's certificate's path of trust")); - o.datatype = 'file'; - o.depends('authentication_method', 'pubkey'); - o.modalonly = true; - - - o = s.taboption('advanced', form.Flag, 'mobike', _('MOBIKE'), - _('MOBIKE (IKEv2 Mobility and Multihoming Protocol)')); - o.default = '1'; - o.modalonly = true; - - o = s.taboption('advanced', form.ListValue, 'fragmentation', _('IKE Fragmentation'), - _('Use IKE fragmentation')); - o.value('yes'); - o.value('no'); - o.value('force'); - o.value('accept'); - o.default = 'yes'; - o.modalonly = true; - - o = s.taboption('advanced', form.Value, 'keyingretries', _('Keying Retries'), - _('Number of retransmissions attempts during initial negotiation')); - o.datatype = 'uinteger'; - o.default = '3'; - o.modalonly = true; - - o = s.taboption('advanced', form.Value, 'dpddelay', _('DPD Delay'), - _('Interval to check liveness of a peer')); - o.validate = validateTimeFormat; - o.default = '30s'; - o.modalonly = true; - - o = s.taboption('advanced', form.Value, 'inactivity', _('Inactivity'), - _('Interval before closing an inactive CHILD_SA')); - o.validate = validateTimeFormat; - o.modalonly = true; - - o = s.taboption('advanced', form.Value, 'rekeytime', _('Rekey Time'), - _('IKEv2 interval to refresh keying material; also used to compute lifetime')); - o.validate = validateTimeFormat; - o.modalonly = true; - - o = s.taboption('advanced', form.Value, 'overtime', _('Overtime'), - _('Limit on time to complete rekeying/reauthentication')); - o.validate = validateTimeFormat; - o.modalonly = true; - - o = s.taboption('advanced', form.ListValue, 'keyexchange', _('Keyexchange'), - _('Version of IKE for negotiation')); - o.value('ikev1', 'IKEv1 (%s)', _('deprecated')); - o.value('ikev2', 'IKEv2'); - o.value('ike', 'IKE (%s, %s)'.format(_('both'), _('deprecated'))); - o.default = 'ikev2'; - o.modalonly = true; - - // Tunnel Configuration - s = m.section(form.GridSection, 'tunnel', _('Tunnel Configuration'), - _('Define Connection Children to be used as Tunnels in Remote Configurations.')); - s.addremove = true; - s.nodescriptions = true; - - o = s.tab('general', _('General')); - o = s.tab('advanced', _('Advanced')); - - o = s.taboption('general', form.DynamicList, 'local_subnet', _('Local Subnet'), - _('Local network(s)')); - o.datatype = 'subnet'; - o.placeholder = '192.168.1.1/24'; - o.rmempty = false; - - o = s.taboption('general', form.DynamicList, 'remote_subnet', _('Remote Subnet'), - _('Remote network(s)')); - o.datatype = 'subnet'; - o.placeholder = '192.168.2.1/24'; - o.rmempty = false; - - o = s.taboption('general', form.Value, 'local_nat', _('Local NAT'), - _('NAT range for tunnels with overlapping IP addresses')); - o.datatype = 'subnet'; - o.modalonly = true; - - o = s.taboption('general', form.ListValue, 'if_id', ('XFRM Interface ID'), - _('XFRM interface ID set on input and output interfaces')); - o.load = function (section_id) { - this.keylist = []; - this.vallist = []; - - var xfrmSections = uci.sections('network').filter(function (section) { - return section.proto == 'xfrm'; - }); - - xfrmSections.forEach(L.bind(function (section) { - this.value(section.ifid, - '%s (%s)'.format(section.ifid, section['.name'])); - }, this)); - - return this.super('load', [section_id]); - } - o.optional = true; - o.modalonly = true; - - o = s.taboption('general', form.ListValue, 'startaction', _('Start Action'), - _('Action on initial configuration load')); - o.value('none'); - o.value('trap'); - o.value('start'); - o.default = 'trap'; - o.modalonly = true; - - o = s.taboption('general', form.ListValue, 'closeaction', _('Close Action'), - _('Action when CHILD_SA is closed')); - o.value('none'); - o.value('trap'); - o.value('start'); - o.optional = true; - o.modalonly = true; - - o = s.taboption('general', form.MultiValue, 'crypto_proposal', - _('Crypto Proposal (Phase 2)'), - _('List of ESP (phase two) proposals. Only Proposals with checked ESP flag are selectable')); - o.load = function (section_id) { - this.keylist = []; - this.vallist = []; - - var sections = uci.sections('ipsec', 'crypto_proposal'); - if (sections.length == 0) { - this.value('', _('Please create an ESP Proposal first')); - } else { - sections.forEach(L.bind(function (section) { - if (section.is_esp == '1') { - this.value(section['.name']); - } - }, this)); - } - - return this.super('load', [section_id]); - }; - o.rmempty = false; - - o = s.taboption('advanced', form.Value, 'updown', _('Up/Down Script Path'), - _('Path to script to run on CHILD_SA up/down events')); - o.datatype = 'file'; - o.modalonly = true; - - o = s.taboption('advanced', form.Value, 'lifetime', _('Lifetime'), - _('Maximum duration of the CHILD_SA before closing')); - o.validate = validateTimeFormat; - o.modalonly = true; - - o = s.taboption('advanced', form.ListValue, 'dpdaction', _('DPD Action'), - _('Action when DPD timeout occurs')); - o.value('none'); - o.value('clear'); - o.value('trap'); - o.value('start'); - o.optional = true; - o.modalonly = true; - - o = s.taboption('advanced', form.Value, 'rekeytime', _('Rekey Time'), - _('Duration of the CHILD_SA before rekeying')); - o.validate = validateTimeFormat; - o.modalonly = true; - - o = s.taboption('advanced', form.Flag, 'ipcomp', _('IPComp'), - _('Enable ipcomp compression')); - o.default = '0'; - o.modalonly = true; - - o = s.taboption('advanced', form.ListValue, 'hw_offload', _('H/W Offload'), - _('Enable Hardware offload')); - o.value('yes'); - o.value('no'); - o.value('auto'); - o.optional = true; - o.modalonly = true; - - o = s.taboption('advanced', form.Value, 'priority', _('Priority'), - _('Priority of the CHILD_SA')); - o.datatype = 'uinteger'; - o.modalonly = true; - - o = s.taboption('advanced', form.Value, 'replay_window', _('Replay Window'), - '%s; %s'.format(_('Replay Window of the CHILD_SA'), - _('Values larger than 32 are supported by the Netlink backend only'))); - o.datatype = 'uinteger'; - o.modalonly = true; - - // Crypto Proposals - s = m.section(form.GridSection, 'crypto_proposal', - _('Encryption Proposals'), - _('Configure Cipher Suites to define IKE (Phase 1) or ESP (Phase 2) Proposals.')); - s.addremove = true; - s.nodescriptions = true; - - o = s.option(form.Flag, 'is_esp', _('ESP Proposal'), - _('Whether this is an ESP (phase 2) proposal or not')); - - o = s.option(form.ListValue, 'encryption_algorithm', - _('Encryption Algorithm'), - _('Algorithms marked with * are considered insecure')); - o.default = 'aes256gcm128'; - addAlgorithms(o, strongswan_algorithms.getEncryptionAlgorithms()); - addAlgorithms(o, strongswan_algorithms.getAuthenticatedEncryptionAlgorithms()); - - - o = s.option(form.ListValue, 'hash_algorithm', _('Hash Algorithm'), - _('Algorithms marked with * are considered insecure')); - strongswan_algorithms.getEncryptionAlgorithms().forEach(function (algorithm) { - o.depends('encryption_algorithm', algorithm); - }); - o.default = 'sha512'; - o.rmempty = false; - addAlgorithms(o, strongswan_algorithms.getHashAlgorithms()); - - o = s.option(form.ListValue, 'dh_group', _('Diffie-Hellman Group'), - _('Algorithms marked with * are considered insecure')); - o.default = 'modp3072'; - addAlgorithms(o, strongswan_algorithms.getDiffieHellmanAlgorithms()); - - o = s.option(form.ListValue, 'prf_algorithm', _('PRF Algorithm'), - _('Algorithms marked with * are considered insecure')); - o.validate = function (section_id, value) { - var encryptionAlgorithm = this.section.formvalue(section_id, 'encryption_algorithm'); - - if (strongswan_algorithms.getAuthenticatedEncryptionAlgorithms().includes( - encryptionAlgorithm) && !value) { - return _('PRF Algorithm must be configured when using an Authenticated Encryption Algorithm'); - } - - return true; - }; - o.optional = true; - o.depends('is_esp', '0'); - addAlgorithms(o, strongswan_algorithms.getPrfAlgorithms()); - - return m.render(); - } -}); diff --git a/applications/luci-app-strongswan-swanctl/root/usr/share/luci/menu.d/luci-app-strongswan-swanctl.json b/applications/luci-app-strongswan-swanctl/root/usr/share/luci/menu.d/luci-app-strongswan-swanctl.json deleted file mode 100644 index d229869d64..0000000000 --- a/applications/luci-app-strongswan-swanctl/root/usr/share/luci/menu.d/luci-app-strongswan-swanctl.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "admin/vpn/strongswan-swanctl": { - "title": "strongSwan IPsec", - "order": 90, - "action": { - "type": "view", - "path": "strongswan-swanctl/swanctl" - }, - "depends": { - "acl": [ - "luci-app-strongswan-swanctl" - ] - } - }, - "admin/status/strongswan": { - "title": "strongSwan IPsec", - "order": 90, - "action": { - "type": "view", - "path": "strongswan-swanctl/status" - }, - "depends": { - "acl": [ - "luci-app-strongswan-swanctl" - ] - } - } -} diff --git a/applications/luci-app-strongswan-swanctl/root/usr/share/rpcd/acl.d/luci-app-strongswan-swanctl.json b/applications/luci-app-strongswan-swanctl/root/usr/share/rpcd/acl.d/luci-app-strongswan-swanctl.json deleted file mode 100644 index d3b44a27a2..0000000000 --- a/applications/luci-app-strongswan-swanctl/root/usr/share/rpcd/acl.d/luci-app-strongswan-swanctl.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "luci-app-strongswan-swanctl": { - "description": "Grant access to luci-app-strongswan-swanctl", - "read": { - "file": { - "/usr/sbin/swanmon version": [ "exec" ], - "/usr/sbin/swanmon stats": [ "exec" ], - "/usr/sbin/swanmon list-sas": [ "exec" ] - }, - "uci": [ "ipsec" ] - }, - "write": { - "uci": [ "ipsec" ] - } - } -} -- 2.30.2