diff options
Diffstat (limited to 'applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources')
-rw-r--r-- | applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js | 256 |
1 files changed, 200 insertions, 56 deletions
diff --git a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js b/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js index c2aeff2a7b..c18814aac3 100644 --- a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js +++ b/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js @@ -5,6 +5,14 @@ 'require tools.widgets as widgets'; 'require strongswan_algorithms'; +function validateTimeFormat(section_id, value) { + if (value && !value.match(/^\d+[smhd]$/)) { + return _('Number must have suffix s, m, h or d'); + } + + return true; +} + function addAlgorithms(o, algorithms) { algorithms.forEach(function (algorithm) { if (strongswan_algorithms.isInsecure(algorithm)) { @@ -16,6 +24,10 @@ function addAlgorithms(o, algorithms) { } return view.extend({ + load: function () { + return uci.load('network'); + }, + render: function () { var m, s, o; @@ -51,70 +63,35 @@ return view.extend({ s.addremove = true; s.nodescriptions = true; - o = s.option(form.Flag, 'enabled', _('Enabled'), + o = s.tab('general', _('General')); + o = s.tab('authentication', _('Authentication')); + o = s.tab('advanced', _('Advanced')); + + o = s.taboption('general', form.Flag, 'enabled', _('Enabled'), _('Configuration is enabled or not')); o.rmempty = false; - o = s.option(form.Value, 'gateway', _('Gateway (Remote Endpoint)'), + o = s.taboption('general', form.Value, 'gateway', _('Gateway (Remote Endpoint)'), _('IP address or FQDN name of the tunnel remote endpoint')); o.datatype = 'or(hostname,ipaddr)'; o.rmempty = false; - o = s.option(form.Value, 'local_gateway', _('Local Gateway'), + o = s.taboption('general', form.Value, 'local_gateway', _('Local Gateway'), _('IP address or FQDN of the tunnel local endpoint')); o.datatype = 'or(hostname,ipaddr)'; o.modalonly = true; - o = s.option(form.Value, 'local_sourceip', _('Local Source IP'), + o = s.taboption('general', form.Value, 'local_sourceip', _('Local Source IP'), _('Virtual IP(s) to request in IKEv2 configuration payloads requests')); o.datatype = 'ipaddr'; o.modalonly = true; - o = s.option(form.Value, 'local_ip', _('Local IP'), + o = s.taboption('general', form.Value, 'local_ip', _('Local IP'), _('Local address(es) to use in IKE negotiation')); o.datatype = 'ipaddr'; o.modalonly = true; - o = s.option(form.Value, 'local_identifier', _('Local Identifier'), - _('Local identifier for IKE (phase 1)')); - o.datatype = 'string'; - o.placeholder = 'C=US, O=Acme Corporation, CN=headquarters'; - o.modalonly = true; - - o = s.option(form.Value, 'remote_identifier', _('Remote Identifier'), - _('Remote identifier for IKE (phase 1)')); - o.datatype = 'string'; - o.placeholder = 'C=US, O=Acme Corporation, CN=soho'; - o.modalonly = true; - - o = s.option(form.ListValue, 'authentication_method', - _('Authentication Method'), _('IKE authentication (phase 1)')); - o.modalonly = true; - o.value('psk', 'Pre-shared Key'); - o.value('pubkey', 'Public Key'); - - o = s.option(form.Value, 'pre_shared_key', _('Pre-Shared Key'), - _('The pre-shared key for the tunnel')); - o.datatype = 'string'; - o.password = true; - o.modalonly = true; - o.depends('authentication_method', 'psk'); - - o = s.option(form.Flag, 'mobike', _('MOBIKE'), - _('MOBIKE (IKEv2 Mobility and Multihoming Protocol)')); - o.default = '1'; - o.modalonly = true; - - o = s.option(form.ListValue, 'fragmentation', _('IKE Fragmentation'), - _('Use IKE fragmentation')); - o.value('yes'); - o.value('no'); - o.value('force'); - o.value('accept'); - o.default = 'yes'; - o.modalonly = true; - - o = s.option(form.MultiValue, 'crypto_proposal', _('Crypto Proposal'), + o = s.taboption('general', form.MultiValue, 'crypto_proposal', _('Crypto Proposal'), _('List of IKE (phase 1) proposals to use for authentication')); o.load = function (section_id) { this.keylist = []; @@ -135,7 +112,7 @@ return view.extend({ }; o.rmempty = false; - o = s.option(form.MultiValue, 'tunnel', _('Tunnel'), + o = s.taboption('general', form.MultiValue, 'tunnel', _('Tunnel'), _('Name of ESP (phase 2) section')); o.load = function (section_id) { this.keylist = []; @@ -154,30 +131,162 @@ return view.extend({ }; o.rmempty = false; + o = s.taboption('authentication', form.ListValue, 'authentication_method', + _('Authentication Method'), _('IKE authentication (phase 1)')); + o.modalonly = true; + o.value('psk', 'Pre-shared Key'); + o.value('pubkey', 'Public Key'); + + o = s.taboption('authentication', form.Value, 'local_identifier', _('Local Identifier'), + _('Local identifier for IKE (phase 1)')); + o.datatype = 'string'; + o.placeholder = 'C=US, O=Acme Corporation, CN=headquarters'; + o.modalonly = true; + + o = s.taboption('authentication', form.Value, 'remote_identifier', _('Remote Identifier'), + _('Remote identifier for IKE (phase 1)')); + o.datatype = 'string'; + o.placeholder = 'C=US, O=Acme Corporation, CN=soho'; + o.modalonly = true; + + o = s.taboption('authentication', form.Value, 'pre_shared_key', _('Pre-Shared Key'), + _('The pre-shared key for the tunnel')); + o.datatype = 'string'; + o.password = true; + o.modalonly = true; + o.rmempty = false; + o.depends('authentication_method', 'psk'); + + o = s.taboption('authentication', form.Value, 'local_cert', _('Local Certificate'), + _('Certificate pathname to use for authentication')); + o.datatype = 'file'; + o.depends('authentication_method', 'pubkey'); + o.modalonly = true; + + o = s.taboption('authentication', form.Value, 'local_key', _('Local Key'), + _('Private key pathname to use with above certificate')); + o.datatype = 'file'; + o.modalonly = true; + + o = s.taboption('authentication', form.Value, 'ca_cert', _('CA Certificate'), + _("CA certificate that need to lie in remote peer's certificate's path of trust")); + o.datatype = 'file'; + o.depends('authentication_method', 'pubkey'); + o.modalonly = true; + + + o = s.taboption('advanced', form.Flag, 'mobike', _('MOBIKE'), + _('MOBIKE (IKEv2 Mobility and Multihoming Protocol)')); + o.default = '1'; + o.modalonly = true; + + o = s.taboption('advanced', form.ListValue, 'fragmentation', _('IKE Fragmentation'), + _('Use IKE fragmentation')); + o.value('yes'); + o.value('no'); + o.value('force'); + o.value('accept'); + o.default = 'yes'; + o.modalonly = true; + + o = s.taboption('advanced', form.Value, 'keyingretries', _('Keying Retries'), + _('Number of retransmissions attempts during initial negotiation')); + o.datatype = 'uinteger'; + o.default = '3'; + o.modalonly = true; + + o = s.taboption('advanced', form.Value, 'dpddelay', _('DPD Delay'), + _('Interval to check liveness of a peer')); + o.validate = validateTimeFormat; + o.default = '30s'; + o.modalonly = true; + + o = s.taboption('advanced', form.Value, 'inactivity', _('Inactivity'), + _('Interval before closing an inactive CHILD_SA')); + o.validate = validateTimeFormat; + o.modalonly = true; + + o = s.taboption('advanced', form.Value, 'rekeytime', _('Rekey Time'), + _('IKEv2 interval to refresh keying material; also used to compute lifetime')); + o.validate = validateTimeFormat; + o.modalonly = true; + + o = s.taboption('advanced', form.Value, 'overtime', _('Overtime'), + _('Limit on time to complete rekeying/reauthentication')); + o.validate = validateTimeFormat; + o.modalonly = true; + + o = s.taboption('advanced', form.ListValue, 'keyexchange', _('Keyexchange'), + _('Version of IKE for negotiation')); + o.value('ikev1', 'IKEv1 (%s)', _('deprecated')); + o.value('ikev2', 'IKEv2'); + o.value('ike', 'IKE (%s, %s)'.format(_('both'), _('deprecated'))); + o.default = 'ikev2'; + o.modalonly = true; + // Tunnel Configuration s = m.section(form.GridSection, 'tunnel', _('Tunnel Configuration'), _('Define Connection Children to be used as Tunnels in Remote Configurations.')); s.addremove = true; s.nodescriptions = true; - o = s.option(form.DynamicList, 'local_subnet', _('Local Subnet'), + o = s.tab('general', _('General')); + o = s.tab('advanced', _('Advanced')); + + o = s.taboption('general', form.DynamicList, 'local_subnet', _('Local Subnet'), _('Local network(s)')); o.datatype = 'subnet'; o.placeholder = '192.168.1.1/24'; o.rmempty = false; - o = s.option(form.DynamicList, 'remote_subnet', _('Remote Subnet'), + o = s.taboption('general', form.DynamicList, 'remote_subnet', _('Remote Subnet'), _('Remote network(s)')); o.datatype = 'subnet'; o.placeholder = '192.168.2.1/24'; o.rmempty = false; - o = s.option(form.Value, 'local_nat', _('Local NAT'), + o = s.taboption('general', form.Value, 'local_nat', _('Local NAT'), _('NAT range for tunnels with overlapping IP addresses')); o.datatype = 'subnet'; o.modalonly = true; - o = s.option(form.MultiValue, 'crypto_proposal', + o = s.taboption('general', form.ListValue, 'if_id', ('XFRM Interface ID'), + _('XFRM interface ID set on input and output interfaces')); + o.load = function (section_id) { + this.keylist = []; + this.vallist = []; + + var xfrmSections = uci.sections('network').filter(function (section) { + return section.proto == 'xfrm'; + }); + + xfrmSections.forEach(L.bind(function (section) { + this.value(section.ifid, + '%s (%s)'.format(section.ifid, section['.name'])); + }, this)); + + return this.super('load', [section_id]); + } + o.optional = true; + o.modalonly = true; + + o = s.taboption('general', form.ListValue, 'startaction', _('Start Action'), + _('Action on initial configuration load')); + o.value('none'); + o.value('trap'); + o.value('start'); + o.default = 'trap'; + o.modalonly = true; + + o = s.taboption('general', form.ListValue, 'closeaction', _('Close Action'), + _('Action when CHILD_SA is closed')); + o.value('none'); + o.value('trap'); + o.value('start'); + o.optional = true; + o.modalonly = true; + + o = s.taboption('general', form.MultiValue, 'crypto_proposal', _('Crypto Proposal (Phase 2)'), _('List of ESP (phase two) proposals. Only Proposals with checked ESP flag are selectable')); o.load = function (section_id) { @@ -199,17 +308,52 @@ return view.extend({ }; o.rmempty = false; - o = s.option(form.ListValue, 'startaction', _('Start Action'), - _('Action on initial configuration load')); + o = s.taboption('advanced', form.Value, 'updown', _('Up/Down Script Path'), + _('Path to script to run on CHILD_SA up/down events')); + o.datatype = 'file'; + o.modalonly = true; + + o = s.taboption('advanced', form.Value, 'lifetime', _('Lifetime'), + _('Maximum duration of the CHILD_SA before closing')); + o.validate = validateTimeFormat; + o.modalonly = true; + + o = s.taboption('advanced', form.ListValue, 'dpdaction', _('DPD Action'), + _('Action when DPD timeout occurs')); o.value('none'); + o.value('clear'); o.value('trap'); o.value('start'); - o.default = 'trap'; + o.optional = true; o.modalonly = true; - o = s.option(form.Value, 'updown', _('Up/Down Script Path'), - _('Path to script to run on CHILD_SA up/down events')); - o.datatype = 'file'; + o = s.taboption('advanced', form.Value, 'rekeytime', _('Rekey Time'), + _('Duration of the CHILD_SA before rekeying')); + o.validate = validateTimeFormat; + o.modalonly = true; + + o = s.taboption('advanced', form.Flag, 'ipcomp', _('IPComp'), + _('Enable ipcomp compression')); + o.default = '0'; + o.modalonly = true; + + o = s.taboption('advanced', form.ListValue, 'hw_offload', _('H/W Offload'), + _('Enable Hardware offload')); + o.value('yes'); + o.value('no'); + o.value('auto'); + o.optional = true; + o.modalonly = true; + + o = s.taboption('advanced', form.Value, 'priority', _('Priority'), + _('Priority of the CHILD_SA')); + o.datatype = 'uinteger'; + o.modalonly = true; + + o = s.taboption('advanced', form.Value, 'replay_window', _('Replay Window'), + '%s; %s'.format(_('Replay Window of the CHILD_SA'), + _('Values larger than 32 are supported by the Netlink backend only'))); + o.datatype = 'uinteger'; o.modalonly = true; // Crypto Proposals |