luci-app-libreswan: Add LuCI for Libreswan

LuCI Support for IPSec VPN (Libreswan) Signed-off-by: Jaymin Patel <[email protected]>
openwrt · Oct 22, 2023 · 64ae849 · 64ae849
1 parent 30a8a0d
commit 64ae849
Show file tree

Hide file tree

Showing 8 changed files with 531 additions and 0 deletions.
diff --git a/applications/luci-app-libreswan/Makefile b/applications/luci-app-libreswan/Makefile
@@ -0,0 +1,19 @@
+#
+# Copyright (C) 2022 Jaymin Patel <[email protected]>
+#
+# This is free software, licensed under the GNU General Public License v2.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_MAINTAINER:=Jaymin Patel <[email protected]>
+
+LUCI_TITLE=Luci Application for IPSec VPN (Libreswan)
+LUCI_DEPENDS:=+luci-base +libreswan
+LUCI_PKGARCH:=all
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
+
diff --git a/applications/luci-app-libreswan/htdocs/luci-static/resources/view/libreswan/globals.js b/applications/luci-app-libreswan/htdocs/luci-static/resources/view/libreswan/globals.js
@@ -0,0 +1,72 @@
+'use strict';
+'require view';
+'require form';
+'require network';
+'require tools.widgets as widgets';
+
+return view.extend({
+	load: function() {
+		return Promise.all([
+			network.getDevices(),
+		]);
+	},
+
+	render: function(data) {
+		var netDevs = data[0];
+		var m, s, o;
+
+		m = new form.Map('libreswan', _('IPSec Global Settings'));
+
+		s = m.section(form.NamedSection, 'globals', 'libreswan');
+		s.anonymous = false;
+		s.addremove = false;
+
+		o = s.option(form.ListValue, 'debug', _('Debug Logs'));
+		o.default = false;
+		o.rmempty = false;
+		o.value('none', _('none - No Logging'));
+		o.value('base', _('base - Moderate Logging'));
+		o.value('cpu-usage', _('cpu-usage - Timing/Load Logging'));
+		o.value('crypto', _('crypto - All crypto related Logging'));
+		o.value('tmi', _('tmi - Too Much/Excessive Logging'));
+		o.value('private', _('private - Sensitive private-key/password Logging'));
+		o.default = 'none'
+
+		o = s.option(form.Flag, 'uniqueids', _('Uniquely Identify Remotes'),
+			_('Whether IDs should be considered identifying remote parties uniquely'));
+		o.default = false;
+		o.rmempty = false;
+
+		o = s.option(widgets.NetworkSelect, 'listen_interface', _('Listen Interface'),
+			_('Interface for IPsec to use'));
+		o.datatype = 'string';
+		o.multiple = false;
+		o.optional = true;
+
+		o = s.option(form.Value, 'listen', _('Listen Address'),
+			_('IP address to listen on, default depends on Listen Interface'));
+		o.datatype = 'ip4addr';
+		for (var i = 0; i < netDevs.length; i++) {
+			var addrs = netDevs[i].getIPAddrs();
+			for (var j = 0; j < addrs.length; j++) {
+				o.value(addrs[j].split('/')[0]);
+			}
+		}
+		o.depends({ 'listen_interface' : '' });
+
+		o = s.option(form.Value, 'nflog_all', _('Enable nflog on nfgroup'),
+			_('NFLOG group number to log all pre-crypt and post-decrypt traffic to'));
+		o.datatype = 'uinteger';
+		o.default = 0;
+		o.rmempty = true;
+		o.optional = true;
+
+		o = s.option(form.DynamicList, 'virtual_private', _('Allowed Virtual Private'),
+			_('The address ranges that may live behind a NAT router through which a client connects'));
+		o.datatype = 'neg(ip4addr)';
+		o.multiple = true;
+		o.optional = true;
+
+		return m.render();
+	}
+});
diff --git a/applications/luci-app-libreswan/htdocs/luci-static/resources/view/libreswan/overview.js b/applications/luci-app-libreswan/htdocs/luci-static/resources/view/libreswan/overview.js
@@ -0,0 +1,77 @@
+'use strict';
+'require view';
+'require rpc';
+'require form';
+'require poll';
+
+var callLibreswanStatus = rpc.declare({
+	object: 'libreswan',
+	method: 'status',
+	expect: {  },
+});
+
+function secondsToString(seconds) {
+	var str = '';
+	var numdays = Math.floor(seconds / 86400);
+	var numhours = Math.floor((seconds % 86400) / 3600);
+	var numminutes = Math.floor(((seconds % 86400) % 3600) / 60);
+	var numseconds = ((seconds % 86400) % 3600) % 60;
+
+	str = (numdays ? numdays + 'd ' : '') + (numhours ? numhours + 'h ' : '') + (numminutes ? numminutes + 'm ' : '') +  numseconds + 's';
+	return str;
+}
+
+return view.extend({
+	render: function() {
+		var table =
+			E('table', { 'class': 'table lases' }, [
+				E('tr', { 'class': 'tr table-titles' }, [
+					E('th', { 'class': 'th' }, _('Name')),
+					E('th', { 'class': 'th' }, _('Remote')),
+					E('th', { 'class': 'th' }, _('Local Subnet')),
+					E('th', { 'class': 'th' }, _('Remote Subnet')),
+					E('th', { 'class': 'th' }, _('Tx')),
+					E('th', { 'class': 'th' }, _('Rx')),
+					E('th', { 'class': 'th' }, _('Phase1')),
+					E('th', { 'class': 'th' }, _('Phase2')),
+					E('th', { 'class': 'th' }, _('Status')),
+					E('th', { 'class': 'th' }, _('Uptime')),
+					E([])
+				])
+			]);
+
+		poll.add(function() {
+			return callLibreswanStatus().then(function(tunnelsInfo) {
+				var tunnels = Array.isArray(tunnelsInfo.tunnels) ? tunnelsInfo.tunnels : [];
+
+				cbi_update_table(table,
+					tunnels.map(function(tunnel) {
+						return  [
+							tunnel.name,
+							tunnel.right,
+							tunnel.leftsubnet,
+							tunnel.rightsubnet,
+							tunnel.tx,
+							tunnel.rx,
+							tunnel.phase1 ? _('Up') : _('Down'),
+							tunnel.phase2 ? _('Up') : _('Down'),
+							tunnel.connected ? _('Up') : _('Down'),
+							secondsToString(tunnel.uptime),
+						];
+					}),
+					E('em', _('There are no active Tunnels'))
+				);
+			});
+		});
+
+		return E([
+			E('h3', _('IPSec Tunnels Summary')),
+			E('br'),
+			table
+		]);
+	},
+
+	handleSave: null,
+	handleSaveApply:null,
+	handleReset: null
+});
diff --git a/applications/luci-app-libreswan/htdocs/luci-static/resources/view/libreswan/proposals.js b/applications/luci-app-libreswan/htdocs/luci-static/resources/view/libreswan/proposals.js
@@ -0,0 +1,55 @@
+'use strict';
+'require view';
+'require ui';
+'require form';
+
+return view.extend({
+	render: function() {
+		var m, s, o;
+
+		m = new form.Map('libreswan', _('IPSec Proposals'));
+
+		s = m.section(form.GridSection, 'crypto_proposal');
+		s.anonymous = false;
+		s.addremove = true;
+		s.nodescriptions = false;
+		s.addbtntitle = _('Add Proposal');
+
+		o = s.tab('general', _('General'));
+
+		o = s.taboption('general', form.MultiValue, 'hash_algorithm', _('Hash Algorithm'));
+		o.default = 'md5';
+		o.value('md5', _('MD5'));
+		o.value('sha1', _('SHA1'));
+		o.value('sha256', _('SHA256'));
+		o.value('sha384', _('SHA384'));
+		o.value('sha512', _('SHA512'));
+
+		o = s.taboption('general', form.MultiValue, 'encryption_algorithm', _('Encryption Method'));
+		o.default = '3des';
+		o.value('3des', _('3DES'))
+		o.value('aes', _('AES'))
+		o.value('aes_ctr', _('AES_CTR'));
+		o.value('aes_cbc', _('AES_CBC'));
+		o.value('aes128', _('AES128'));
+		o.value('aes192', _('AES192'));
+		o.value('aes256', _('AES256'));
+		o.value('camellia_cbc', _('CAMELLIA_CBC'));
+
+		o = s.taboption('general', form.MultiValue, 'dh_group', _('DH Group'));
+		o.default = 'modp1536';
+		o.value('modp1536', _('DH Group 5'));
+		o.value('modp2048', _('DH Group 14'));
+		o.value('modp3072', _('DH Group 15'));
+		o.value('modp4096', _('DH Group 16'));
+		o.value('modp6144', _('DH Group 17'));
+		o.value('modp8192', _('DH Group 18'));
+		o.value('dh19', _('DH Group 19'));
+		o.value('dh20', _('DH Group 20'));
+		o.value('dh21', _('DH Group 21'));
+		o.value('dh22', _('DH Group 22'));
+		o.value('dh31', _('DH Group 31'));
+
+		return m.render();
+	}
+});