106 lines
3.4 KiB
Lua
106 lines
3.4 KiB
Lua
local s = require "luci.sys"
|
|
local net = require"luci.model.network".init()
|
|
local ifaces = s.net:devices()
|
|
local m, s, o
|
|
mp = Map("ipsec", translate("IPSec VPN Server"))
|
|
mp.description = translate(
|
|
"IPSec VPN connectivity using the native built-in VPN Client on iOS or Andriod (IKEv1 with PSK and Xauth)")
|
|
mp.template = "ipsec-server/index"
|
|
|
|
s = mp:section(TypedSection, "service")
|
|
s.anonymous = true
|
|
o = s:option(DummyValue, "ipsec-server_status", translate("Current Condition"))
|
|
o.template = "ipsec-server/status"
|
|
enabled = s:option(Flag, "enabled", translate("Enable"))
|
|
enabled.default = 0
|
|
enabled.rmempty = false
|
|
|
|
clientip = s:option(Value, "clientip", translate("VPN Client IP"))
|
|
clientip.datatype = "ip4addr"
|
|
clientip.description = translate(
|
|
"VPN Client reserved started IP addresses with the same subnet mask")
|
|
clientip.optional = false
|
|
clientip.rmempty = false
|
|
|
|
--[[
|
|
clientdns = s:option(Value, "clientdns", translate("VPN Client DNS"))
|
|
clientdns.datatype = "ip4addr"
|
|
clientdns.description = translate("DNS using in VPN tunnel.")
|
|
clientdns.optional = false
|
|
clientdns.rmempty = false
|
|
]]--
|
|
|
|
secret = s:option(Value, "secret", translate("Secret Pre-Shared Key"))
|
|
secret.password = true
|
|
|
|
function mp.on_save(self)
|
|
require "luci.model.uci"
|
|
require "luci.sys"
|
|
|
|
local have_ike_rule = false
|
|
local have_ipsec_rule = false
|
|
local have_ah_rule = false
|
|
local have_esp_rule = false
|
|
|
|
luci.model.uci.cursor():foreach('firewall', 'rule', function(section)
|
|
if section.name == 'ike' then have_ike_rule = true end
|
|
if section.name == 'ipsec' then have_ipsec_rule = true end
|
|
if section.name == 'ah' then have_ah_rule = true end
|
|
if section.name == 'esp' then have_esp_rule = true end
|
|
end)
|
|
|
|
if not have_ike_rule then
|
|
local cursor = luci.model.uci.cursor()
|
|
local ike_rulename = cursor:add('firewall', 'rule')
|
|
cursor:tset('firewall', ike_rulename, {
|
|
['name'] = 'ike',
|
|
['target'] = 'ACCEPT',
|
|
['src'] = 'wan',
|
|
['proto'] = 'udp',
|
|
['dest_port'] = 500
|
|
})
|
|
cursor:save('firewall')
|
|
cursor:commit('firewall')
|
|
end
|
|
if not have_ipsec_rule then
|
|
local cursor = luci.model.uci.cursor()
|
|
local ipsec_rulename = cursor:add('firewall', 'rule')
|
|
cursor:tset('firewall', ipsec_rulename, {
|
|
['name'] = 'ipsec',
|
|
['target'] = 'ACCEPT',
|
|
['src'] = 'wan',
|
|
['proto'] = 'udp',
|
|
['dest_port'] = 4500
|
|
})
|
|
cursor:save('firewall')
|
|
cursor:commit('firewall')
|
|
end
|
|
if not have_ah_rule then
|
|
local cursor = luci.model.uci.cursor()
|
|
local ah_rulename = cursor:add('firewall', 'rule')
|
|
cursor:tset('firewall', ah_rulename, {
|
|
['name'] = 'ah',
|
|
['target'] = 'ACCEPT',
|
|
['src'] = 'wan',
|
|
['proto'] = 'ah'
|
|
})
|
|
cursor:save('firewall')
|
|
cursor:commit('firewall')
|
|
end
|
|
if not have_esp_rule then
|
|
local cursor = luci.model.uci.cursor()
|
|
local esp_rulename = cursor:add('firewall', 'rule')
|
|
cursor:tset('firewall', esp_rulename, {
|
|
['name'] = 'esp',
|
|
['target'] = 'ACCEPT',
|
|
['src'] = 'wan',
|
|
['proto'] = 'esp'
|
|
})
|
|
cursor:save('firewall')
|
|
cursor:commit('firewall')
|
|
end
|
|
|
|
end
|
|
|
|
return mp
|