git.99rst.org Git - openwrt-luci.git/blob

   1 'use strict';
   2 'require view';
   3 'require form';
   4 'require uci';
   5 'require tools.widgets as widgets';
   6
   7 return view.extend({
   8         render: function () {
   9                 var m, s, o;
  10
  11                 m = new form.Map('ipsec', _('strongSwan Configuration'),
  12                         _('Configure strongSwan for secure VPN connections.'));
  13                 m.tabbed = true;
  14
  15                 // strongSwan General Settings
  16                 s = m.section(form.TypedSection, 'ipsec', _('General Settings'));
  17                 s.anonymous = true;
  18
  19                 o = s.option(widgets.ZoneSelect, 'zone', _('Zone'),
  20                         _('Firewall zone that has to match the defined firewall zone'));
  21                 o.default = 'lan';
  22                 o.multiple = true;
  23
  24                 o = s.option(widgets.NetworkSelect, 'listen', _('Listening Interfaces'),
  25                         _('Interfaces that accept VPN traffic'));
  26                 o.datatype = 'interface';
  27                 o.placeholder = _('Select an interface or leave empty for all interfaces');
  28                 o.default = 'wan';
  29                 o.multiple = true;
  30                 o.rmempty = false;
  31
  32                 o = s.option(form.Value, 'debug', _('Debug Level'),
  33                         _('Trace level: 0 is least verbose, 4 is most'));
  34                 o.default = '0';
  35                 o.datatype = 'range(0,4)';
  36
  37                 // Remote Configuration
  38                 s = m.section(form.GridSection, 'remote', _('Remote Configuration'),
  39                         _('Define Remote IKE Configurations.'));
  40                 s.addremove = true;
  41                 s.nodescriptions = true;
  42
  43                 o = s.option(form.Flag, 'enabled', _('Enabled'),
  44                         _('Configuration is enabled or not'));
  45                 o.rmempty = false;
  46
  47                 o = s.option(form.Value, 'gateway', _('Gateway (Remote Endpoint)'),
  48                         _('IP address or FQDN name of the tunnel remote endpoint'));
  49                 o.datatype = 'or(hostname,ipaddr)';
  50                 o.rmempty = false;
  51
  52                 o = s.option(form.Value, 'local_gateway', _('Local Gateway'),
  53                         _('IP address or FQDN of the tunnel local endpoint'));
  54                 o.datatype = 'or(hostname,ipaddr)';
  55                 o.modalonly = true;
  56
  57                 o = s.option(form.Value, 'local_sourceip', _('Local Source IP'),
  58                         _('Virtual IP(s) to request in IKEv2 configuration payloads requests'));
  59                 o.datatype = 'ipaddr';
  60                 o.modalonly = true;
  61
  62                 o = s.option(form.Value, 'local_ip', _('Local IP'),
  63                         _('Local address(es) to use in IKE negotiation'));
  64                 o.datatype = 'ipaddr';
  65                 o.modalonly = true;
  66
  67                 o = s.option(form.Value, 'local_identifier', _('Local Identifier'),
  68                         _('Local identifier for IKE (phase 1)'));
  69                 o.datatype = 'string';
  70                 o.placeholder = 'C=US, O=Acme Corporation, CN=headquarters';
  71                 o.modalonly = true;
  72
  73                 o = s.option(form.Value, 'remote_identifier', _('Remote Identifier'),
  74                         _('Remote identifier for IKE (phase 1)'));
  75                 o.datatype = 'string';
  76                 o.placeholder = 'C=US, O=Acme Corporation, CN=soho';
  77                 o.modalonly = true;
  78
  79                 o = s.option(form.ListValue, 'authentication_method',
  80                         _('Authentication Method'), _('IKE authentication (phase 1)'));
  81                 o.modalonly = true;
  82                 o.value('psk', 'Pre-shared Key');
  83                 o.value('pubkey', 'Public Key');
  84
  85                 o = s.option(form.Value, 'pre_shared_key', _('Pre-Shared Key'),
  86                         _('The pre-shared key for the tunnel'));
  87                 o.datatype = 'string';
  88                 o.password = true;
  89                 o.modalonly = true;
  90                 o.depends('authentication_method', 'psk');
  91
  92                 o = s.option(form.Flag, 'mobike', _('MOBIKE'),
  93                         _('MOBIKE (IKEv2 Mobility and Multihoming Protocol)'));
  94                 o.default = '1';
  95                 o.modalonly = true;
  96
  97                 o = s.option(form.ListValue, 'fragmentation', _('IKE Fragmentation'),
  98                         _('Use IKE fragmentation'));
  99                 o.value('yes');
 100                 o.value('no');
 101                 o.value('force');
 102                 o.value('accept');
 103                 o.default = 'yes';
 104                 o.modalonly = true;
 105
 106                 o = s.option(form.ListValue, 'crypto_proposal', _('Crypto Proposal'),
 107                         _('List of IKE (phase 1) proposals to use for authentication'));
 108                 o.value('encryption_algorithm');
 109                 o.value('hash_algorithm');
 110                 o.value('dh_group');
 111                 o.value('prf_algorithm');
 112
 113                 o = s.option(form.MultiValue, 'tunnel', _('Tunnel'),
 114                         _('Name of ESP (phase 2) section'));
 115                 o.load = function (section_id) {
 116                         this.keylist = [];
 117                         this.vallist = [];
 118
 119                         var sections = uci.sections('ipsec', 'tunnel');
 120                         if (sections.length == 0) {
 121                                 this.value('', _('Please create a Tunnel first'));
 122                         } else {
 123                                 sections.forEach(L.bind(function (section) {
 124                                         this.value(section['.name']);
 125                                 }, this));
 126                         }
 127
 128                         return this.super('load', [section_id]);
 129                 };
 130                 o.rmempty = false;
 131
 132                 o = s.option(form.Value, 'authentication_method',
 133                         _('Authentication Method'), _('IKE authentication (phase 1)'));
 134                 o.datatype = 'string';
 135
 136                 s = m.section(form.TypedSection, 'ipsec',
 137                         _('strongSwan General Settings'));
 138                 s.anonymous = true;
 139
 140                 o = s.option(form.ListValue, 'encryption_algorithm',
 141                         _('Encryption Algorithm'),
 142                         '%s (aes128, aes192, aes256, 3des)'.format(_('Encryption method')));
 143                 o.value('aes128');
 144                 o.value('aes192');
 145                 o.value('aes256');
 146                 o.value('3des');
 147                 o.rmempty = false;
 148
 149                 o = s.option(form.ListValue, 'hash_algorithm', _('Hash Algorithm'),
 150                         '%s (md5, sha1, sha2, ...)'.format(_('Hash algorithm')));
 151                 o.value('md5');
 152                 o.value('sha1');
 153                 o.value('sha2');
 154                 o.value('sha256');
 155                 o.value('sha384');
 156                 o.value('sha512');
 157                 o.value('sha3_256');
 158                 o.value('sha3_384');
 159                 o.value('sha3_512');
 160                 o.value('blake2s256');
 161                 o.value('blake2b512');
 162                 o.value('blake2s256');
 163                 o.value('blake2b512');
 164                 o.value('whirlpool');
 165                 o.value('tiger');
 166                 o.rmempty = false;
 167
 168                 o = s.option(form.ListValue, 'dh_group', _('Diffie-Hellman Group'),
 169                         '%s (modp768, modp1024, ...)'.format(_('Diffie-Hellman exponentiation')));
 170                 o.value('modp768');
 171                 o.value('modp1024');
 172                 o.value('modp1536');
 173                 o.value('modp2048');
 174                 o.value('modp3072');
 175                 o.value('modp4096');
 176                 o.rmempty = false;
 177
 178                 o = s.option(form.ListValue, 'prf_algorithm', _('PRF Algorithm'),
 179                         _('Pseudo-Random Functions to use with IKE'));
 180                 o.value('prf_hmac_md5');
 181                 o.value('prfmd5');
 182                 o.value('prfsha1');
 183                 o.value('prfsha256');
 184                 o.value('pfsha384');
 185                 o.value('prfsha512');
 186
 187                 // Tunnel Configuration
 188                 s = m.section(form.GridSection, 'tunnel', _('Tunnel Configuration'),
 189                         _('Define Connection Children to be used as Tunnels in Remote Configurations.'));
 190                 s.addremove = true;
 191                 s.nodescriptions = true;
 192
 193                 o = s.option(form.DynamicList, 'local_subnet', _('Local Subnet'),
 194                         _('Local network(s)'));
 195                 o.datatype = 'subnet';
 196                 o.placeholder = '192.168.1.1/24';
 197                 o.rmempty = false;
 198
 199                 o = s.option(form.DynamicList, 'remote_subnet', _('Remote Subnet'),
 200                         _('Remote network(s)'));
 201                 o.datatype = 'subnet';
 202                 o.placeholder = '192.168.2.1/24';
 203                 o.rmempty = false;
 204
 205                 o = s.option(form.Value, 'local_nat', _('Local NAT'),
 206                         _('NAT range for tunnels with overlapping IP addresses'));
 207                 o.datatype = 'subnet';
 208                 o.modalonly = true;
 209
 210                 o = s.option(form.ListValue, 'crypto_proposal',
 211                         _('Crypto Proposal (Phase 2)'), _('List of ESP (phase two) proposals'));
 212                 o.value('encryption_algorithm');
 213                 o.value('hash_algorithm');
 214                 o.value('dh_group');
 215                 o.value('prf_algorithm');
 216                 o.required = true;
 217
 218                 o = s.option(form.ListValue, 'startaction', _('Start Action'),
 219                         _('Action on initial configuration load'));
 220                 o.value('none');
 221                 o.value('trap');
 222                 o.value('start');
 223                 o.default = 'trap';
 224                 o.modalonly = true;
 225
 226                 o = s.option(form.Value, 'updown', _('Up/Down Script Path'),
 227                         _('Path to script to run on CHILD_SA up/down events'));
 228                 o.datatype = 'file';
 229                 o.modalonly = true;
 230
 231                 return m.render();
 232         }
 233 });