projects / project / luci.git / blob
? search:


59d0db3f4add274ccbc71a503056465a7d63bdd7
[project/luci.git] /
1 'use strict';
2 'require view';
3 'require form';
4 'require uci';
5 'require tools.widgets as widgets';
6
7 return view.extend({
8 render: function () {
9 var m, s, o;
10
11 m = new form.Map('ipsec', _('strongSwan Configuration'),
12 _('Configure strongSwan for secure VPN connections.'));
13 m.tabbed = true;
14
15 // strongSwan General Settings
16 s = m.section(form.TypedSection, 'ipsec', _('General Settings'));
17 s.anonymous = true;
18
19 o = s.option(widgets.ZoneSelect, 'zone', _('Zone'),
20 _('Firewall zone that has to match the defined firewall zone'));
21 o.default = 'lan';
22 o.multiple = true;
23
24 o = s.option(widgets.NetworkSelect, 'listen', _('Listening Interfaces'),
25 _('Interfaces that accept VPN traffic'));
26 o.datatype = 'interface';
27 o.placeholder = _('Select an interface or leave empty for all interfaces');
28 o.default = 'wan';
29 o.multiple = true;
30 o.rmempty = false;
31
32 o = s.option(form.Value, 'debug', _('Debug Level'),
33 _('Trace level: 0 is least verbose, 4 is most'));
34 o.default = '0';
35 o.datatype = 'range(0,4)';
36
37 // Remote Configuration
38 s = m.section(form.GridSection, 'remote', _('Remote Configuration'),
39 _('Define Remote IKE Configurations.'));
40 s.addremove = true;
41 s.nodescriptions = true;
42
43 o = s.option(form.Flag, 'enabled', _('Enabled'),
44 _('Configuration is enabled or not'));
45 o.rmempty = false;
46
47 o = s.option(form.Value, 'gateway', _('Gateway (Remote Endpoint)'),
48 _('IP address or FQDN name of the tunnel remote endpoint'));
49 o.datatype = 'or(hostname,ipaddr)';
50 o.rmempty = false;
51
52 o = s.option(form.Value, 'local_gateway', _('Local Gateway'),
53 _('IP address or FQDN of the tunnel local endpoint'));
54 o.datatype = 'or(hostname,ipaddr)';
55 o.modalonly = true;
56
57 o = s.option(form.Value, 'local_sourceip', _('Local Source IP'),
58 _('Virtual IP(s) to request in IKEv2 configuration payloads requests'));
59 o.datatype = 'ipaddr';
60 o.modalonly = true;
61
62 o = s.option(form.Value, 'local_ip', _('Local IP'),
63 _('Local address(es) to use in IKE negotiation'));
64 o.datatype = 'ipaddr';
65 o.modalonly = true;
66
67 o = s.option(form.Value, 'local_identifier', _('Local Identifier'),
68 _('Local identifier for IKE (phase 1)'));
69 o.datatype = 'string';
70 o.placeholder = 'C=US, O=Acme Corporation, CN=headquarters';
71 o.modalonly = true;
72
73 o = s.option(form.Value, 'remote_identifier', _('Remote Identifier'),
74 _('Remote identifier for IKE (phase 1)'));
75 o.datatype = 'string';
76 o.placeholder = 'C=US, O=Acme Corporation, CN=soho';
77 o.modalonly = true;
78
79 o = s.option(form.ListValue, 'authentication_method',
80 _('Authentication Method'), _('IKE authentication (phase 1)'));
81 o.modalonly = true;
82 o.value('psk', 'Pre-shared Key');
83 o.value('pubkey', 'Public Key');
84
85 o = s.option(form.Value, 'pre_shared_key', _('Pre-Shared Key'),
86 _('The pre-shared key for the tunnel'));
87 o.datatype = 'string';
88 o.password = true;
89 o.modalonly = true;
90 o.depends('authentication_method', 'psk');
91
92 o = s.option(form.Flag, 'mobike', _('MOBIKE'),
93 _('MOBIKE (IKEv2 Mobility and Multihoming Protocol)'));
94 o.default = '1';
95 o.modalonly = true;
96
97 o = s.option(form.ListValue, 'fragmentation', _('IKE Fragmentation'),
98 _('Use IKE fragmentation'));
99 o.value('yes');
100 o.value('no');
101 o.value('force');
102 o.value('accept');
103 o.default = 'yes';
104 o.modalonly = true;
105
106 o = s.option(form.ListValue, 'crypto_proposal', _('Crypto Proposal'),
107 _('List of IKE (phase 1) proposals to use for authentication'));
108 o.value('encryption_algorithm');
109 o.value('hash_algorithm');
110 o.value('dh_group');
111 o.value('prf_algorithm');
112
113 o = s.option(form.MultiValue, 'tunnel', _('Tunnel'),
114 _('Name of ESP (phase 2) section'));
115 o.load = function (section_id) {
116 this.keylist = [];
117 this.vallist = [];
118
119 var sections = uci.sections('ipsec', 'tunnel');
120 if (sections.length == 0) {
121 this.value('', _('Please create a Tunnel first'));
122 } else {
123 sections.forEach(L.bind(function (section) {
124 this.value(section['.name']);
125 }, this));
126 }
127
128 return this.super('load', [section_id]);
129 };
130 o.rmempty = false;
131
132 o = s.option(form.Value, 'authentication_method',
133 _('Authentication Method'), _('IKE authentication (phase 1)'));
134 o.datatype = 'string';
135
136 s = m.section(form.TypedSection, 'ipsec',
137 _('strongSwan General Settings'));
138 s.anonymous = true;
139
140 o = s.option(form.ListValue, 'encryption_algorithm',
141 _('Encryption Algorithm'),
142 '%s (aes128, aes192, aes256, 3des)'.format(_('Encryption method')));
143 o.value('aes128');
144 o.value('aes192');
145 o.value('aes256');
146 o.value('3des');
147 o.rmempty = false;
148
149 o = s.option(form.ListValue, 'hash_algorithm', _('Hash Algorithm'),
150 '%s (md5, sha1, sha2, ...)'.format(_('Hash algorithm')));
151 o.value('md5');
152 o.value('sha1');
153 o.value('sha2');
154 o.value('sha256');
155 o.value('sha384');
156 o.value('sha512');
157 o.value('sha3_256');
158 o.value('sha3_384');
159 o.value('sha3_512');
160 o.value('blake2s256');
161 o.value('blake2b512');
162 o.value('blake2s256');
163 o.value('blake2b512');
164 o.value('whirlpool');
165 o.value('tiger');
166 o.rmempty = false;
167
168 o = s.option(form.ListValue, 'dh_group', _('Diffie-Hellman Group'),
169 '%s (modp768, modp1024, ...)'.format(_('Diffie-Hellman exponentiation')));
170 o.value('modp768');
171 o.value('modp1024');
172 o.value('modp1536');
173 o.value('modp2048');
174 o.value('modp3072');
175 o.value('modp4096');
176 o.rmempty = false;
177
178 o = s.option(form.ListValue, 'prf_algorithm', _('PRF Algorithm'),
179 _('Pseudo-Random Functions to use with IKE'));
180 o.value('prf_hmac_md5');
181 o.value('prfmd5');
182 o.value('prfsha1');
183 o.value('prfsha256');
184 o.value('pfsha384');
185 o.value('prfsha512');
186
187 // Tunnel Configuration
188 s = m.section(form.GridSection, 'tunnel', _('Tunnel Configuration'),
189 _('Define Connection Children to be used as Tunnels in Remote Configurations.'));
190 s.addremove = true;
191 s.nodescriptions = true;
192
193 o = s.option(form.DynamicList, 'local_subnet', _('Local Subnet'),
194 _('Local network(s)'));
195 o.datatype = 'subnet';
196 o.placeholder = '192.168.1.1/24';
197 o.rmempty = false;
198
199 o = s.option(form.DynamicList, 'remote_subnet', _('Remote Subnet'),
200 _('Remote network(s)'));
201 o.datatype = 'subnet';
202 o.placeholder = '192.168.2.1/24';
203 o.rmempty = false;
204
205 o = s.option(form.Value, 'local_nat', _('Local NAT'),
206 _('NAT range for tunnels with overlapping IP addresses'));
207 o.datatype = 'subnet';
208 o.modalonly = true;
209
210 o = s.option(form.ListValue, 'crypto_proposal',
211 _('Crypto Proposal (Phase 2)'), _('List of ESP (phase two) proposals'));
212 o.value('encryption_algorithm');
213 o.value('hash_algorithm');
214 o.value('dh_group');
215 o.value('prf_algorithm');
216 o.required = true;
217
218 o = s.option(form.ListValue, 'startaction', _('Start Action'),
219 _('Action on initial configuration load'));
220 o.value('none');
221 o.value('trap');
222 o.value('start');
223 o.default = 'trap';
224 o.modalonly = true;
225
226 o = s.option(form.Value, 'updown', _('Up/Down Script Path'),
227 _('Path to script to run on CHILD_SA up/down events'));
228 o.datatype = 'file';
229 o.modalonly = true;
230
231 return m.render();
232 }
233 });
Lua Configuration Interface (mirror)