From 3f33bed487f7df791c94ef1a1976a34a17dd44a0 Mon Sep 17 00:00:00 2001 From: Lukas Voegl Date: Fri, 3 Nov 2023 15:06:14 +0100 Subject: luci-app-strongswan-swanctl: improve sections and options Signed-off-by: Lukas Voegl --- .../resources/view/strongswan-swanctl/swanctl.js | 97 +++++++++++++++------- 1 file changed, 67 insertions(+), 30 deletions(-) (limited to 'applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view') diff --git a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js b/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js index 659461bbc6..59d0db3f4a 100644 --- a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js +++ b/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js @@ -1,6 +1,7 @@ 'use strict'; 'require view'; 'require form'; +'require uci'; 'require tools.widgets as widgets'; return view.extend({ @@ -9,10 +10,10 @@ return view.extend({ m = new form.Map('ipsec', _('strongSwan Configuration'), _('Configure strongSwan for secure VPN connections.')); + m.tabbed = true; // strongSwan General Settings - s = m.section(form.TypedSection, 'ipsec', - _('strongSwan General Settings')); + s = m.section(form.TypedSection, 'ipsec', _('General Settings')); s.anonymous = true; o = s.option(widgets.ZoneSelect, 'zone', _('Zone'), @@ -20,74 +21,87 @@ return view.extend({ o.default = 'lan'; o.multiple = true; - o = s.option(widgets.NetworkSelect, 'listen', _('Listen Interfaces'), + o = s.option(widgets.NetworkSelect, 'listen', _('Listening Interfaces'), _('Interfaces that accept VPN traffic')); o.datatype = 'interface'; o.placeholder = _('Select an interface or leave empty for all interfaces'); o.default = 'wan'; o.multiple = true; + o.rmempty = false; o = s.option(form.Value, 'debug', _('Debug Level'), - _('Logs written to /var/log/charon.log')); + _('Trace level: 0 is least verbose, 4 is most')); o.default = '0'; - o.datatype = 'uinteger'; + o.datatype = 'range(0,4)'; // Remote Configuration - s = m.section(form.TypedSection, 'remote', _('Remote Configuration')); - s.anonymous = false; + s = m.section(form.GridSection, 'remote', _('Remote Configuration'), + _('Define Remote IKE Configurations.')); + s.addremove = true; + s.nodescriptions = true; o = s.option(form.Flag, 'enabled', _('Enabled'), _('Configuration is enabled or not')); + o.rmempty = false; o = s.option(form.Value, 'gateway', _('Gateway (Remote Endpoint)'), - _('Public IP address or FQDN name of the tunnel remote endpoint')); + _('IP address or FQDN name of the tunnel remote endpoint')); o.datatype = 'or(hostname,ipaddr)'; + o.rmempty = false; o = s.option(form.Value, 'local_gateway', _('Local Gateway'), _('IP address or FQDN of the tunnel local endpoint')); o.datatype = 'or(hostname,ipaddr)'; + o.modalonly = true; o = s.option(form.Value, 'local_sourceip', _('Local Source IP'), _('Virtual IP(s) to request in IKEv2 configuration payloads requests')); o.datatype = 'ipaddr'; + o.modalonly = true; o = s.option(form.Value, 'local_ip', _('Local IP'), _('Local address(es) to use in IKE negotiation')); o.datatype = 'ipaddr'; + o.modalonly = true; o = s.option(form.Value, 'local_identifier', _('Local Identifier'), _('Local identifier for IKE (phase 1)')); o.datatype = 'string'; o.placeholder = 'C=US, O=Acme Corporation, CN=headquarters'; + o.modalonly = true; o = s.option(form.Value, 'remote_identifier', _('Remote Identifier'), _('Remote identifier for IKE (phase 1)')); o.datatype = 'string'; o.placeholder = 'C=US, O=Acme Corporation, CN=soho'; + o.modalonly = true; o = s.option(form.ListValue, 'authentication_method', - _('Authentication Method'), _('IKE authentication (phase 1).')); + _('Authentication Method'), _('IKE authentication (phase 1)')); + o.modalonly = true; o.value('psk', 'Pre-shared Key'); o.value('pubkey', 'Public Key'); - o.required = true; o = s.option(form.Value, 'pre_shared_key', _('Pre-Shared Key'), - _('The pre-shared key for the tunnel if authentication is psk')); + _('The pre-shared key for the tunnel')); o.datatype = 'string'; o.password = true; + o.modalonly = true; o.depends('authentication_method', 'psk'); o = s.option(form.Flag, 'mobike', _('MOBIKE'), _('MOBIKE (IKEv2 Mobility and Multihoming Protocol)')); o.default = '1'; + o.modalonly = true; o = s.option(form.ListValue, 'fragmentation', _('IKE Fragmentation'), - _('Use IKE fragmentation (yes, no, force, accept)')); + _('Use IKE fragmentation')); o.value('yes'); o.value('no'); o.value('force'); o.value('accept'); o.default = 'yes'; + o.modalonly = true; o = s.option(form.ListValue, 'crypto_proposal', _('Crypto Proposal'), _('List of IKE (phase 1) proposals to use for authentication')); @@ -96,9 +110,24 @@ return view.extend({ o.value('dh_group'); o.value('prf_algorithm'); - o = s.option(form.Value, 'tunnel', _('Tunnel'), - _('Name of ESP/AH (phase 2) section')); - o.required = true; + o = s.option(form.MultiValue, 'tunnel', _('Tunnel'), + _('Name of ESP (phase 2) section')); + o.load = function (section_id) { + this.keylist = []; + this.vallist = []; + + var sections = uci.sections('ipsec', 'tunnel'); + if (sections.length == 0) { + this.value('', _('Please create a Tunnel first')); + } else { + sections.forEach(L.bind(function (section) { + this.value(section['.name']); + }, this)); + } + + return this.super('load', [section_id]); + }; + o.rmempty = false; o = s.option(form.Value, 'authentication_method', _('Authentication Method'), _('IKE authentication (phase 1)')); @@ -109,15 +138,16 @@ return view.extend({ s.anonymous = true; o = s.option(form.ListValue, 'encryption_algorithm', - _('Encryption Algorithm'), _('Encryption method (aes128, aes192, aes256, 3des)')); + _('Encryption Algorithm'), + '%s (aes128, aes192, aes256, 3des)'.format(_('Encryption method'))); o.value('aes128'); o.value('aes192'); o.value('aes256'); o.value('3des'); - o.required = true; + o.rmempty = false; o = s.option(form.ListValue, 'hash_algorithm', _('Hash Algorithm'), - _('Hash algorithm (md5, sha1, sha2, ...)')); + '%s (md5, sha1, sha2, ...)'.format(_('Hash algorithm'))); o.value('md5'); o.value('sha1'); o.value('sha2'); @@ -133,17 +163,17 @@ return view.extend({ o.value('blake2b512'); o.value('whirlpool'); o.value('tiger'); - o.required = true; + o.rmempty = false; o = s.option(form.ListValue, 'dh_group', _('Diffie-Hellman Group'), - _('Diffie-Hellman exponentiation (modp768, modp1024, ...)')); + '%s (modp768, modp1024, ...)'.format(_('Diffie-Hellman exponentiation'))); o.value('modp768'); o.value('modp1024'); o.value('modp1536'); o.value('modp2048'); o.value('modp3072'); o.value('modp4096'); - o.required = true; + o.rmempty = false; o = s.option(form.ListValue, 'prf_algorithm', _('PRF Algorithm'), _('Pseudo-Random Functions to use with IKE')); @@ -155,22 +185,27 @@ return view.extend({ o.value('prfsha512'); // Tunnel Configuration - s = m.section(form.TypedSection, 'tunnel', _('Tunnel Configuration')); - s.anonymous = false; + s = m.section(form.GridSection, 'tunnel', _('Tunnel Configuration'), + _('Define Connection Children to be used as Tunnels in Remote Configurations.')); + s.addremove = true; + s.nodescriptions = true; - o = s.option(form.Value, 'local_subnet', _('Local Subnet'), + o = s.option(form.DynamicList, 'local_subnet', _('Local Subnet'), _('Local network(s)')); + o.datatype = 'subnet'; o.placeholder = '192.168.1.1/24'; - o.required = true; + o.rmempty = false; - o = s.option(form.Value, 'remote_subnet', _('Remote Subnet'), + o = s.option(form.DynamicList, 'remote_subnet', _('Remote Subnet'), _('Remote network(s)')); + o.datatype = 'subnet'; o.placeholder = '192.168.2.1/24'; - o.required = true; + o.rmempty = false; o = s.option(form.Value, 'local_nat', _('Local NAT'), _('NAT range for tunnels with overlapping IP addresses')); o.datatype = 'subnet'; + o.modalonly = true; o = s.option(form.ListValue, 'crypto_proposal', _('Crypto Proposal (Phase 2)'), _('List of ESP (phase two) proposals')); @@ -183,13 +218,15 @@ return view.extend({ o = s.option(form.ListValue, 'startaction', _('Start Action'), _('Action on initial configuration load')); o.value('none'); + o.value('trap'); o.value('start'); - o.value('route'); - o.default = 'route'; + o.default = 'trap'; + o.modalonly = true; o = s.option(form.Value, 'updown', _('Up/Down Script Path'), _('Path to script to run on CHILD_SA up/down events')); - o.datatype = 'filepath'; + o.datatype = 'file'; + o.modalonly = true; return m.render(); } -- cgit v1.2.3