3 # Save, create or delete an ipsec connection
5 require './ipsec-lib.pl';
8 # Just redirect to export form
9 &redirect("export_form.cgi?idx=$in{'idx'}");
12 @conf = &get_config();
14 $conn = { 'name' => 'conn',
16 $conn->{'value'} = '%default' if ($in{'new'} == 2);
19 $conn = $conf[$in{'idx'}];
21 &error_setup($text{'save_err'});
23 $file = $conn->{'file'} || $config{'file'};
26 # Just remove this connection
30 # Validate and store general inputs
31 if ($conn->{'value'} ne '%default') {
32 $in{'name'} =~ /^\S+$/ || &error($text{'save_ename'});
33 $conn->{'value'} = $in{'name'};
36 $conn->{'values'}->{'auto'} = $in{'auto'};
39 delete($conn->{'values'}->{'auto'});
42 $conn->{'values'}->{'compress'} = $in{'comp'};
45 delete($conn->{'values'}->{'compress'});
48 $conn->{'values'}->{'pfs'} = $in{'pfs'};
51 delete($conn->{'values'}->{'pfs'});
54 $conn->{'values'}->{'type'} = $in{'type'};
57 delete($conn->{'values'}->{'type'});
60 $conn->{'values'}->{'authby'} = $in{'authby'};
63 delete($conn->{'values'}->{'authby'});
65 if ($in{'keying_def'}) {
66 delete($conn->{'values'}->{'keyingtries'});
69 $in{'keying'} =~ /^\d+$/ || &error($text{'save_ekeying'});
70 $conn->{'values'}->{'keyingtries'} = $in{'keying'};
73 $conn->{'values'}->{'auth'} = $in{'auth'};
76 delete($conn->{'values'}->{'auth'});
80 $conn->{'values'}->{'esp'} = $in{'esp'}.$in{'esp_only'};
83 delete($conn->{'values'}->{'esp'});
86 if ($in{'keylife_def'}) {
87 delete($conn->{'values'}->{'keylife'});
90 $in{'keylife'} =~ /^[0-9\.]+$/ ||
91 &error($text{'save_ekeylife'});
92 $conn->{'values'}->{'keylife'} =
93 $in{'keylife'}.$in{'keylife_units'};
96 if ($in{'ikelifetime_def'}) {
97 delete($conn->{'values'}->{'ikelifetime'});
100 $in{'ikelifetime'} =~ /^[0-9\.]+$/ ||
101 &error($text{'save_eikelifetime'});
102 $conn->{'values'}->{'ikelifetime'} =
103 $in{'ikelifetime'}.$in{'ikelifetime_units'};
106 # Validate and store left/right inputs
107 foreach $d ('left', 'right') {
109 if ($in{"${d}_mode"} == -1) {
110 delete($conn->{'values'}->{$d});
112 elsif ($in{"${d}_mode"} == 0) {
113 $conn->{'values'}->{$d} = '%defaultroute';
115 elsif ($in{"${d}_mode"} == 1) {
116 $conn->{'values'}->{$d} = '%any';
118 elsif ($in{"${d}_mode"} == 2) {
119 $conn->{'values'}->{$d} = '%opportunistic';
122 &to_ipaddress($in{$d}) || &error($text{"save_e${d}"});
123 $conn->{'values'}->{$d} = $in{$d};
127 if ($in{"${d}_id_mode"} == 0) {
128 delete($conn->{'values'}->{"${d}id"});
130 elsif ($in{"${d}_id_mode"} == 1) {
131 &check_ipaddress($in{"${d}_id"}) ||
132 &error($text{"save_e${d}id1"});
133 $conn->{'values'}->{"${d}id"} = $in{"${d}_id"};
136 $in{"${d}_id"} =~ /^[a-z0-9\.\-]+$/i ||
137 &error($text{"save_e${d}id2"});
138 $conn->{'values'}->{"${d}id"} = "@".$in{"${d}_id"};
141 # leftsubnet/rightsubnet
142 if ($in{"${d}_subnet_def"}) {
143 delete($conn->{'values'}->{"${d}subnet"});
146 $in{"${d}_subnet"} =~ /^(\S+)\/(\d+)$/ &&
147 &check_ipaddress("$1") && $2 <= 32 ||
148 &error($text{"save_e${d}subnet"});
149 $conn->{'values'}->{"${d}subnet"} = $in{"${d}_subnet"};
152 # leftrsasigkey/rightrsasigkey
153 if ($in{"${d}_key_mode"} == 0) {
154 delete($conn->{'values'}->{"${d}rsasigkey"});
156 elsif ($in{"${d}_key_mode"} == 1) {
157 $conn->{'values'}->{"${d}rsasigkey"} = '%dns';
160 $in{"${d}_key"} =~ s/\s//g;
161 $in{"${d}_key"} || &error($text{"save_e${d}key"});
162 $conn->{'values'}->{"${d}rsasigkey"} = $in{"${d}_key"};
165 # leftnexthop/rightnexthop
166 if ($in{"${d}_hop_mode"} == 0) {
167 delete($conn->{'values'}->{"${d}nexthop"});
169 elsif ($in{"${d}_hop_mode"} == 1) {
170 $conn->{'values'}->{"${d}nexthop"} = '%direct';
172 elsif ($in{"${d}_hop_mode"} == 3) {
173 $conn->{'values'}->{"${d}nexthop"} = '%defaultroute';
176 &check_ipaddress($in{"${d}_hop"}) ||
177 &error($text{"save_e${d}hop"});
178 $conn->{'values'}->{"${d}nexthop"} = $in{"${d}_hop"};
182 if ($in{"${d}_cert_def"}) {
183 delete($conn->{'values'}->{"${d}cert"});
186 $in{"${d}_cert"} =~ /^(\S+)$/ ||
187 &error($text{"save_e${d}cert"});
188 $conn->{'values'}->{"${d}cert"} = $in{"${d}_cert"};
201 &webmin_log($in{'new'} ? "create" : $in{'delete'} ? "delete" : "modify",
202 "conn", $conn->{'value'}, $conn->{'values'});