summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--perl-install/standalone/drakvpn276
1 files changed, 148 insertions, 128 deletions
diff --git a/perl-install/standalone/drakvpn b/perl-install/standalone/drakvpn
index 944ab05a4..e5ea0ea9c 100644
--- a/perl-install/standalone/drakvpn
+++ b/perl-install/standalone/drakvpn
@@ -159,19 +159,6 @@ computers look as if they were on the same network.
Make sure you have configured your Network/Internet access using
drakconnect before going any further."), 1) or goto begin;
-$::direct or $in->ask_okcancel(N("Simple VPN setup."),
-N("VPN connection.
-
-This program is based on the following projects:
-
- - FreeSwan: \thttp://www.freeswan.org/
- - Super-FreeSwan: \thttp://www.freeswan.ca/
- - ipsec-tools: \thttp://ipsec-tools.sourceforge.net/
- - ipsec-howto: \thttp://www.ipsec-howto.org
-
-Please read the at least the ipsec-howto docs
-before going any further."), 1) or goto begin;
-
if ($kernel_version < 2.5) {
system("/sbin/modprobe ipsec") if -e "/sbin/modprobe";
$proc_version = cat_("/proc/net/ipsec_version") if -e "/proc/net/ipsec_version";
@@ -185,13 +172,25 @@ if ($kernel_version < 2.5) {
$proc_version = "ipsec native";
}
+$::direct or $in->ask_okcancel(N("Simple VPN setup."),
+N("VPN connection.
+
+This program is based on the following projects:
+ - FreeSwan: \t\t\thttp://www.freeswan.org/
+ - Super-FreeSwan: \t\thttp://www.freeswan.ca/
+ - ipsec-tools: \t\t\thttp://ipsec-tools.sourceforge.net/
+ - ipsec-howto: \t\thttp://www.ipsec-howto.org
+ - the docs and man pages coming with the %s package
+
+Please read AT LEAST the ipsec-howto docs
+before going any further."),$ipsec_package) or goto begin;
+
$::direct or $in->ask_okcancel(N("Kernel module."),
-N("The running kernel need to have ipsec support.\n
-The kernels 2.4 until 2.5 need to be compiled with
-Freeswan or Super/FreeSwan.
-The kernels 2.5 and above have native ipsec support.\n
-The running kernel version is %s and it has support for:
-%s", $kernel_version, $proc_version)) or goto begin;
+N("The kernel need to have ipsec support.
+
+You're running a %s kernel version.
+
+This kernel has '%s' support.", $kernel_version, $proc_version)) or goto begin;
step_detectsetup:
@@ -217,8 +216,8 @@ Examples:
#- **********************************
#- * 2nd step: configure
-$wait_configuring = $in->wait_message(N("Configuring..."),
- N("Configuring scripts, installing software, starting servers..."));
+#$wait_configuring = $in->wait_message(N("Configuring..."),
+# N("Configuring scripts, installing software, starting servers..."));
#- if the kernel has super-freeswan support, remove the freeswan package
#- and vice-versa
@@ -284,16 +283,11 @@ my $c;
if ($kernel_version > 2.5) {
$c = $in->ask_from_list_(N("Configuration file"),
-N("Welcome to the
-
- - %s and
- - %s
-
-files configuration step.
+N("Welcome to the configuration files step !
You can now configure the sections of these files.
-Which file would you like to configure ?\n", $ipsec_conf, $racoon_conf),
+Which file would you like to configure ?\n"),
[ N("configure %s", $ipsec_conf), N("configure %s", $racoon_conf) ]) or goto step_detectsetup;
} else {
@@ -397,12 +391,12 @@ N("This section has to be on top of your
Make sure all other sections follow this config
setup section.\n
Choose continue or previous when you are done.\n", $ipsec_conf),
- [ { label => N("interfaces="), val => \$config_setup->{2}[1], type => 'entry' },
- { label => N("klipsdebug="), val => \$config_setup->{3}[1], type => 'entry' },
- { label => N("plutodebug="), val => \$config_setup->{4}[1], type => 'entry' },
- { label => N("plutoload="), val => \$config_setup->{5}[1], type => 'entry' },
- { label => N("plutostart="), val => \$config_setup->{6}[1], type => 'entry' },
- { label => N("uniqueids="), val => \$config_setup->{7}[1], type => 'entry' },
+ [ { label => N("interfaces"), val => \$config_setup->{2}[1], type => 'entry' },
+ { label => N("klipsdebug"), val => \$config_setup->{3}[1], type => 'entry' },
+ { label => N("plutodebug"), val => \$config_setup->{4}[1], type => 'entry' },
+ { label => N("plutoload"), val => \$config_setup->{5}[1], type => 'entry' },
+ { label => N("plutostart"), val => \$config_setup->{6}[1], type => 'entry' },
+ { label => N("uniqueids"), val => \$config_setup->{7}[1], type => 'entry' },
]
) or goto step_configure_ipsec_conf;
@@ -443,15 +437,15 @@ All the other sections will follow this one.
The left settings are optional. If don't define
them here, globally, you can define them in each
section.\n",),
- [ { label => N("pfs="), val => \$conn_default->{2}[1], type => 'entry' },
- { label => N("keyingtries="), val => \$conn_default->{3}[1], type => 'entry' },
- { label => N("compress="), val => \$conn_default->{4}[1], type => 'entry' },
- { label => N("disablearrivalcheck="), val => \$conn_default->{5}[1], type => 'entry' },
- { label => N("left="), val => \$conn_default->{6}[1], type => 'entry' },
- { label => N("leftcert="), val => \$conn_default->{7}[1], type => 'entry' },
- { label => N("leftrsasigkey="), val => \$conn_default->{8}[1], type => 'entry' },
- { label => N("leftsubnet="), val => \$conn_default->{9}[1], type => 'entry' },
- { label => N("leftnexthop="), val => \$conn_default->{10}[1], type => 'entry' },
+ [ { label => N("pfs"), val => \$conn_default->{2}[1], type => 'entry' },
+ { label => N("keyingtries"), val => \$conn_default->{3}[1], type => 'entry' },
+ { label => N("compress"), val => \$conn_default->{4}[1], type => 'entry' },
+ { label => N("disablearrivalcheck"), val => \$conn_default->{5}[1], type => 'entry' },
+ { label => N("left"), val => \$conn_default->{6}[1], type => 'entry' },
+ { label => N("leftcert"), val => \$conn_default->{7}[1], type => 'entry' },
+ { label => N("leftrsasigkey"), val => \$conn_default->{8}[1], type => 'entry' },
+ { label => N("leftsubnet"), val => \$conn_default->{9}[1], type => 'entry' },
+ { label => N("leftnexthop"), val => \$conn_default->{10}[1], type => 'entry' },
]
) or goto step_configure_ipsec_conf;
@@ -485,17 +479,17 @@ You can now add a new section.
Choose continue when you are done to write the data.\n", $ipsec_conf),
[ { label => N("section name"), val => \$normal_conn->{1}[1], type => 'entry' },
{ label => N("authby"), val => \$normal_conn->{2}[1], type => 'entry' },
- { label => N("auto="), val => \$normal_conn->{3}[1], type => 'entry' },
- { label => N("left="), val => \$normal_conn->{4}[1], type => 'entry' },
- { label => N("leftcert="), val => \$normal_conn->{5}[1], type => 'entry' },
- { label => N("leftrsasigkey="), val => \$normal_conn->{6}[1], type => 'entry' },
- { label => N("leftsubnet="), val => \$normal_conn->{7}[1], type => 'entry' },
- { label => N("leftnexthop="), val => \$normal_conn->{8}[1], type => 'entry' },
- { label => N("right="), val => \$normal_conn->{9}[1], type => 'entry' },
- { label => N("rightcert="), val => \$normal_conn->{10}[1], type => 'entry' },
- { label => N("rightrsasigkey="), val => \$normal_conn->{11}[1], type => 'entry' },
- { label => N("rightsubnet="), val => \$normal_conn->{12}[1], type => 'entry' },
- { label => N("rightnexthop="), val => \$normal_conn->{13}[1], type => 'entry' },
+ { label => N("auto"), val => \$normal_conn->{3}[1], type => 'entry' },
+ { label => N("left"), val => \$normal_conn->{4}[1], type => 'entry' },
+ { label => N("leftcert"), val => \$normal_conn->{5}[1], type => 'entry' },
+ { label => N("leftrsasigkey"), val => \$normal_conn->{6}[1], type => 'entry' },
+ { label => N("leftsubnet"), val => \$normal_conn->{7}[1], type => 'entry' },
+ { label => N("leftnexthop"), val => \$normal_conn->{8}[1], type => 'entry' },
+ { label => N("right"), val => \$normal_conn->{9}[1], type => 'entry' },
+ { label => N("rightcert"), val => \$normal_conn->{10}[1], type => 'entry' },
+ { label => N("rightrsasigkey"), val => \$normal_conn->{11}[1], type => 'entry' },
+ { label => N("rightsubnet"), val => \$normal_conn->{12}[1], type => 'entry' },
+ { label => N("rightnexthop"), val => \$normal_conn->{13}[1], type => 'entry' },
]
) or goto step_configure_ipsec_conf;
@@ -698,13 +692,14 @@ step_configure_racoon_conf:
my $choice = $section_names[0] if $section_names[0];
my $d = $in->ask_from_list_(N("%s entries", $racoon_conf),
-N("The %s file contents
-is divided into sections.\n
-You can now :\n
- - display, add, edit, or remove sections, then
- - commit the changes\n
-
-What would you like to do ?\n", $racoon_conf),
+N("The racoon.conf file configuration.\n
+The contents of this file is divided into sections.
+You can now :
+ - display \t\t (display the file contents)
+ - add \t\t (add one section)
+ - edit \t\t\t (modify parameters of an existing section)
+ - remove \t\t (remove an existing section)
+ - commit \t\t (writes the changes to the real file)"),
[ N_("display"), N_("add"), N_("edit"), N_("remove"), N_("commit") ]) or goto step_configuration;
@@ -740,11 +735,11 @@ step_add_section_racoon:
#my $existing_section = "";
my $e = $in->ask_from_list_(N("racoonf.conf entries"),
-N("The %s file contains different sections.\n
-Here is its skeleton : 'path'
- 'remote'
- 'sainfo' \n
-You can now add one of these sections.\n
+N("The 'add' sections step.\n
+Here below is the racoon.conf file skeleton :
+\t'path'
+\t'remote'
+\t'sainfo' \n
Choose the section you would like to add.\n", $racoon_conf),
[ N_("path"), N_("remote"), N_("sainfo"), N_("dismiss") ]) or goto step_configure_racoon_conf;
if ($e eq "path") {
@@ -754,13 +749,38 @@ if ($e eq "path") {
};
$in->ask_from('',
-N("This section has to be on top of your
-%s file.\n
-Make sure all the other sections follow
-these path sections.\n
-Choose continue or previous when you are done.\n", $racoon_conf),
- [ { label => N("path_type ="), val => \$path_section->{1}[1], list => [ 'certificate', 'pre_shared_key', 'include' ] },
- { label => N("real_file ="), val => \$path_section->{1}[2], type => 'entry' },
+N("The 'add path' section step.\n
+The path sections have to be on top of your racoon.conf file.\n
+Put your mouse over the certificate entry to obtain online help."),
+ [{ label => N("path type"),
+ val => \$path_section->{1}[1],
+ list => [ 'certificate', 'pre_shared_key', 'include' ],
+ help =>
+N("Path Specification
+ path include path;
+ specifies a path to include a file. See File Inclusion.
+ Example: path include '/etc/racoon'
+
+ path pre_shared_key file;
+ specifies a file containing pre-shared key(s)
+ for various ID(s). See Pre-shared key File.
+ Example: path pre_shared_key '/etc/racoon/psk.txt' ;
+
+ path certificate path;
+ racoon(8) will search this directory if a certificate or
+ certificate request is received.
+ Example: path certificate '/etc/cert' ;
+
+File Inclusion
+ include file
+ other configuration files can be included.
+
+Pre-shared key File
+ Pre-shared key file defines a pair of the identifier and the
+ shared secret key which are used at Pre-shared key authentication
+ method in phase 1."),
+},
+ { label => N("real file"), val => \$path_section->{1}[2], type => 'entry' },
]
) or goto step_configure_racoon_conf;
@@ -784,26 +804,26 @@ network::ipsec::add_section_racoon_conf($path_section, $racoon);
};
$in->ask_from('',
N("Make sure you already have the path sections
-on the top of your %s file.
+on the top of your racoon.conf file.
You can now choose the remote settings.
Choose continue or previous when you are done.\n", $racoon_conf),
- [ { label => N("remote ="), val => \$main_remote_section->{1}[1], type => 'entry' },
- { label => N("exchange_mode ="), val => \$main_remote_section->{2}[1], type => 'entry' },
- { label => N("generate_policy ="), val => \$main_remote_section->{3}[1], type => 'entry' },
- { label => N("passive ="), val => \$main_remote_section->{4}[1], type => 'entry' },
- { label => N("certificate_type ="), val => \$main_remote_section->{5}[1], type => 'entry' },
- { label => N("my_certfile ="), val => \$main_remote_section->{5}[2], type => 'entry' },
- { label => N("my_private_key ="), val => \$main_remote_section->{5}[3], type => 'entry' },
- { label => N("peers_certfile ="), val => \$main_remote_section->{6}[1], type => 'entry' },
- { label => N("verify_cert ="), val => \$main_remote_section->{7}[1], type => 'entry' },
- { label => N("my_identifier ="), val => \$main_remote_section->{8}[1], type => 'entry' },
- { label => N("peers_identifier ="), val => \$main_remote_section->{9}[1], type => 'entry' },
- { label => N("proposal ="), val => \$proposal_remote_section->{1}[0], type => 'entry' },
- { label => N("encryption_algorithm ="), val => \$proposal_remote_section->{2}[1], type => 'entry' },
- { label => N("hash_algorithm ="), val => \$proposal_remote_section->{3}[1], type => 'entry' },
- { label => N("authentication_method ="), val => \$proposal_remote_section->{4}[1], type => 'entry' },
- { label => N("dh_group ="), val => \$proposal_remote_section->{5}[1], type => 'entry' },
+ [ { label => N("remote"), val => \$main_remote_section->{1}[1], type => 'entry' },
+ { label => N("exchange_mode"), val => \$main_remote_section->{2}[1], type => 'entry' },
+ { label => N("generate_policy"), val => \$main_remote_section->{3}[1], type => 'entry' },
+ { label => N("passive"), val => \$main_remote_section->{4}[1], type => 'entry' },
+ { label => N("certificate_type"), val => \$main_remote_section->{5}[1], type => 'entry' },
+ { label => N("my_certfile"), val => \$main_remote_section->{5}[2], type => 'entry' },
+ { label => N("my_private_key"), val => \$main_remote_section->{5}[3], type => 'entry' },
+ { label => N("peers_certfile"), val => \$main_remote_section->{6}[1], type => 'entry' },
+ { label => N("verify_cert"), val => \$main_remote_section->{7}[1], type => 'entry' },
+ { label => N("my_identifier"), val => \$main_remote_section->{8}[1], type => 'entry' },
+ { label => N("peers_identifier"), val => \$main_remote_section->{9}[1], type => 'entry' },
+ { label => N("proposal"), val => \$proposal_remote_section->{1}[0], type => 'entry' },
+ { label => N("encryption_algorithm"), val => \$proposal_remote_section->{2}[1], type => 'entry' },
+ { label => N("hash_algorithm"), val => \$proposal_remote_section->{3}[1], type => 'entry' },
+ { label => N("authentication_method"), val => \$proposal_remote_section->{4}[1], type => 'entry' },
+ { label => N("dh_group"), val => \$proposal_remote_section->{5}[1], type => 'entry' },
]
) or goto step_configure_racoon_conf;
@@ -823,16 +843,16 @@ on the top of your %s file.\n
You can now choose the sainfo settings.
Choose continue or previous when you are done.\n", $racoon_conf),
- [ { label => N("sainfo_source_address ="), val => \$sainfo_section->{1}[2], type => 'entry' },
- { label => N("sainfo_source_proto ="), val => \$sainfo_section->{1}[3], type => 'entry' },
- { label => N("sainfo_dest_address ="), val => \$sainfo_section->{1}[5], type => 'entry' },
- { label => N("sainfo_dest_proto ="), val => \$sainfo_section->{1}[6], type => 'entry' },
- { label => N("pfs_group ="), val => \$sainfo_section->{2}[1], type => 'entry' },
- { label => N("lifetime_number ="), val => \$sainfo_section->{3}[2], type => 'entry' },
- { label => N("lifetime_unit ="), val => \$sainfo_section->{3}[3], type => 'entry' },
- { label => N("encryption_algorithm ="), val => \$sainfo_section->{4}[1], type => 'entry' },
- { label => N("authentication_algorithm ="), val => \$sainfo_section->{5}[1], type => 'entry' },
- { label => N("compression_algorithm ="), val => \$sainfo_section->{6}[1], type => 'entry' },
+ [ { label => N("sainfo_source_address"), val => \$sainfo_section->{1}[2], type => 'entry' },
+ { label => N("sainfo_source_proto"), val => \$sainfo_section->{1}[3], type => 'entry' },
+ { label => N("sainfo_dest_address"), val => \$sainfo_section->{1}[5], type => 'entry' },
+ { label => N("sainfo_dest_proto"), val => \$sainfo_section->{1}[6], type => 'entry' },
+ { label => N("pfs_group"), val => \$sainfo_section->{2}[1], type => 'entry' },
+ { label => N("lifetime_number"), val => \$sainfo_section->{3}[2], type => 'entry' },
+ { label => N("lifetime_unit"), val => \$sainfo_section->{3}[3], type => 'entry' },
+ { label => N("encryption_algorithm"), val => \$sainfo_section->{4}[1], type => 'entry' },
+ { label => N("authentication_algorithm"), val => \$sainfo_section->{5}[1], type => 'entry' },
+ { label => N("compression_algorithm"), val => \$sainfo_section->{6}[1], type => 'entry' },
]
) or goto step_configure_racoon_conf;
@@ -861,22 +881,22 @@ N("Your %s file has several sctions.\n
You can now edit the remote section entries.
Choose continue when you are done to write the data.\n", $racoon_conf),
- [ { label => N("remote ="), val => \$racoon->{$number}{1}[1], type => 'entry' },
- { label => N("exchange_mode ="), val => \$racoon->{$number}{2}[1], type => 'entry' },
- { label => N("generate_policy ="), val => \$racoon->{$number}{3}[1], type => 'entry' },
- { label => N("passive ="), val => \$racoon->{$number}{4}[1], type => 'entry' },
- { label => N("certificate_type ="), val => \$racoon->{$number}{5}[1], type => 'entry' },
- { label => N("my_certfile ="), val => \$racoon->{$number}{5}[2], type => 'entry' },
- { label => N("my_private_key ="), val => \$racoon->{$number}{5}[3], type => 'entry' },
- { label => N("peers_certfile ="), val => \$racoon->{$number}{6}[1], type => 'entry' },
- { label => N("verify_cert ="), val => \$racoon->{$number}{7}[1], type => 'entry' },
- { label => N("my_identifier ="), val => \$racoon->{$number}{8}[1], type => 'entry' },
- { label => N("peers_identifier ="), val => \$racoon->{$number}{9}[1], type => 'entry' },
- { label => N("proposal ="), val => \$racoon->{$number+2}{1}[0], type => 'entry' },
- { label => N("encryption_algorithm ="), val => \$racoon->{$number+2}{2}[1], type => 'entry' },
- { label => N("hash_algorithm ="), val => \$racoon->{$number+2}{3}[1], type => 'entry' },
- { label => N("authentication_method ="), val => \$racoon->{$number+2}{4}[1], type => 'entry' },
- { label => N("dh_group ="), val => \$racoon->{$number+2}{5}[1], type => 'entry' },
+ [ { label => N("remote"), val => \$racoon->{$number}{1}[1], type => 'entry' },
+ { label => N("exchange_mode"), val => \$racoon->{$number}{2}[1], type => 'entry' },
+ { label => N("generate_policy"), val => \$racoon->{$number}{3}[1], type => 'entry' },
+ { label => N("passive"), val => \$racoon->{$number}{4}[1], type => 'entry' },
+ { label => N("certificate_type"), val => \$racoon->{$number}{5}[1], type => 'entry' },
+ { label => N("my_certfile"), val => \$racoon->{$number}{5}[2], type => 'entry' },
+ { label => N("my_private_key"), val => \$racoon->{$number}{5}[3], type => 'entry' },
+ { label => N("peers_certfile"), val => \$racoon->{$number}{6}[1], type => 'entry' },
+ { label => N("verify_cert"), val => \$racoon->{$number}{7}[1], type => 'entry' },
+ { label => N("my_identifier"), val => \$racoon->{$number}{8}[1], type => 'entry' },
+ { label => N("peers_identifier"), val => \$racoon->{$number}{9}[1], type => 'entry' },
+ { label => N("proposal"), val => \$racoon->{$number+2}{1}[0], type => 'entry' },
+ { label => N("encryption_algorithm"), val => \$racoon->{$number+2}{2}[1], type => 'entry' },
+ { label => N("hash_algorithm"), val => \$racoon->{$number+2}{3}[1], type => 'entry' },
+ { label => N("authentication_method"), val => \$racoon->{$number+2}{4}[1], type => 'entry' },
+ { label => N("dh_group"), val => \$racoon->{$number+2}{5}[1], type => 'entry' },
]
) or goto step_configure_racoon_conf;
@@ -887,16 +907,16 @@ N("Your %s file has several sctions.
You can now edit the sainfo section entries.
Choose continue when you are done to write the data.\n", $racoon_conf),
- [ { label => N("sainfo_source_address ="), val => \$racoon->{$number}{1}[2], type => 'entry' },
- { label => N("sainfo_source_proto ="), val => \$racoon->{$number}{1}[3], type => 'entry' },
- { label => N("sainfo_dest_address ="), val => \$racoon->{$number}{1}[5], type => 'entry' },
- { label => N("sainfo_dest_proto ="), val => \$racoon->{$number}{1}[6], type => 'entry' },
- { label => N("pfs_group ="), val => \$racoon->{$number}{2}[1], type => 'entry' },
- { label => N("lifetime_number ="), val => \$racoon->{$number}{3}[2], type => 'entry' },
- { label => N("lifetime_unit ="), val => \$racoon->{$number}{3}[3], type => 'entry' },
- { label => N("encryption_algorithm ="), val => \$racoon->{$number}{4}[1], type => 'entry' },
- { label => N("authentication_algorithm ="), val => \$racoon->{$number}{5}[1], type => 'entry' },
- { label => N("compression_algorithm ="), val => \$racoon->{$number}{6}[1], type => 'entry' },
+ [ { label => N("sainfo_source_address"), val => \$racoon->{$number}{1}[2], type => 'entry' },
+ { label => N("sainfo_source_proto"), val => \$racoon->{$number}{1}[3], type => 'entry' },
+ { label => N("sainfo_dest_address"), val => \$racoon->{$number}{1}[5], type => 'entry' },
+ { label => N("sainfo_dest_proto"), val => \$racoon->{$number}{1}[6], type => 'entry' },
+ { label => N("pfs_group"), val => \$racoon->{$number}{2}[1], type => 'entry' },
+ { label => N("lifetime_number"), val => \$racoon->{$number}{3}[2], type => 'entry' },
+ { label => N("lifetime_unit"), val => \$racoon->{$number}{3}[3], type => 'entry' },
+ { label => N("encryption_algorithm"), val => \$racoon->{$number}{4}[1], type => 'entry' },
+ { label => N("authentication_algorithm"), val => \$racoon->{$number}{5}[1], type => 'entry' },
+ { label => N("compression_algorithm"), val => \$racoon->{$number}{6}[1], type => 'entry' },
]
) or goto step_configure_racoon_conf;
@@ -910,8 +930,8 @@ sections.\n
You can now edit the path entries.
Choose continue or previous when you are done.\n", $racoon_conf),
- [ { label => N("path_type ="), val => \$racoon->{$number}{1}[1], list => [ 'certificate', 'pre_shared_key', 'include' ] },
- { label => N("real_file ="), val => \$racoon->{$number}{1}[2], type => 'entry' },
+ [ { label => N("path_type"), val => \$racoon->{$number}{1}[1], list => [ 'certificate', 'pre_shared_key', 'include' ] },
+ { label => N("real_file"), val => \$racoon->{$number}{1}[2], type => 'entry' },
]
) or goto step_configure_racoon_conf;
}