luci icon indicating copy to clipboard operation
luci copied to clipboard
verified publisher icon openwrt

luci-app-libreswan: Add LuCI for Libreswan

Open jempatel opened this issue 3 years ago • 2 comments

A new app for Libreswan IPSec with LuCI Support.

We also need https://github.com/openwrt/packages/pull/19079 We also need https://github.com/openwrt/packages/pull/19233

Screenshots from the new Luci App Libreswan:

Overview: OpenWrt-Overview-LuCI

Globals: OpenWrt-IPSec-Globals-LuCI

Proposals: OpenWrt-IPSec-Proposals-LuCI

Proposals Edit: OpenWrt-IPSec-Proposals-Edit-LuCI

Tunnels: OpenWrt-IPSec-Tunnels-LuCI

Tunnels (General): OpenWrt-IPSec-Tunnels-General-LuCI

Tunnels (Authentication): OpenWrt-IPSec-Tunnels-Authentication-LuCI

Tunnels (Interface): OpenWrt-IPSec-Tunnels-Interface-LuCI

Tunnels (Advanced): OpenWrt-IPSec-Tunnels-Advanced-LuCI

jempatel avatar Aug 14 '22 08:08 jempatel

Looks good, logical. Problems with 0.0.0.0/0 masks - IPv4 only. The GUI assumes that the necessary kernel modules are installed (and loaded). Have you tested in the absence of a (configured for use) crypto module?

It's a start. Handling certs would be a good improvement, but increases complexity, ofc.

systemcrash avatar Sep 01 '22 13:09 systemcrash

Looks good, logical. Problems with 0.0.0.0/0 masks - IPv4 only. The GUI assumes that the necessary kernel modules are installed (and loaded). Have you tested in the absence of a (configured for use) crypto module?

It's a start. Handling certs would be a good improvement, but increases complexity, ofc.

Did not get you with "Problems with 0.0.0.0/0 masks - IPv4 only",

  • Remote/Local Subnets are allowed with datatype ipaddr, so it should allow ipv4 and ipv6 both.

The GUI assumes that the necessary kernel modules are installed (and loaded).

  • App is installed with LUCI_DEPENDS libreswan and libreswan has all module dependencies handled, I also have checked other apps, but could not find any app that might be checking for the module is loaded or not, Can you pls point me any reference of what you meant here?

jempatel avatar Sep 03 '22 09:09 jempatel

Just a thought, but given that libreswan and strongswan are virtually identical, can this GUI be dual purpose and used for both? I actually don't know what needs to be done in the package descriptions and/or permissions files, but maybe @jow has a tip here.

systemcrash avatar Nov 23 '22 00:11 systemcrash

wanted to test with latest, does it need some updates ?

image

lucize avatar Dec 25 '22 21:12 lucize

wanted to test with latest, does it need some updates ?

image

I have rebased the current branch with the latest master and Its working fine at my end. Can you pls check again?

jempatel avatar Jan 25 '23 10:01 jempatel

so I used the today master and still the same error on this page, I also cleared the config file and it's the same for me

image

lucize avatar Jan 27 '23 14:01 lucize

so I used the today master and still the same error on this page, I also cleared the config file and it's the same for me

image

I got it, there was actually a syntax error, and the fix is pushed. Weird, It was not reporting in private/incognito mode at my end.

jempatel avatar Jan 28 '23 17:01 jempatel

great stuff, it works

image

Sun Jan 29 16:08:44 2023 authpriv.warn pluto[8684]: "forti/1x1" #2: initiator established Child SA using #1; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [0.0.0.0-255.255.255.255:0-65535 0] {ESPinUDP=>0x6b4ab02b <0xf4081b5d xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATD=x.x.x.x:4500 DPD=active}

lucize avatar Jan 29 '23 14:01 lucize

Tested-by: Lucian [email protected]

lucize avatar Jan 29 '23 14:01 lucize

Why can't it be merged, this app is very much needed

zcracker avatar Jun 05 '23 06:06 zcracker

Error after latest main build

RPCError
RPC call to uci/get failed with ubus code 4: Resource not found
  at ClassConstructor.handleCallReply (https://192.168.79.128/luci-static/resources/rpc.js?v=git-23.156.69953-fa775ee:15:3)

sjkhsl avatar Jun 13 '23 06:06 sjkhsl

tested it today on master and I don't have that issue, all seems to work

lucize avatar Oct 02 '23 17:10 lucize

@jempatel can you address my comments, and let me know when you're done.

systemcrash avatar Oct 20 '23 17:10 systemcrash

@jempatel can you address my comments, and let me know when you're done?

Sure, Let me address the comments and test changes.

jempatel avatar Oct 20 '23 17:10 jempatel

Sure, Let me address the comments and test changes.

If you did something, nothing has changed here...

systemcrash avatar Oct 23 '23 23:10 systemcrash

Sure, Let me address the comments and test changes.

If you did something, nothing has changed here...

I've recently rebased the master branches of both luci and packages feeds in order to synchronize all the latest changes. Now I am testing my local changes with fresh firmware build and separate package installation on installed firmware. Once the testing confirms that everything is functioning correctly, I will re-request for review.

jempatel avatar Oct 24 '23 04:10 jempatel

This PR depends on https://github.com/openwrt/packages/pull/19233

jempatel avatar Oct 29 '23 11:10 jempatel

Sure, Let me address the comments and test changes.

If you did something, nothing has changed here...

@systemcrash all the comments are addressed and PR in packages is also merged now. If everything is fine, we can merge this as well

jempatel avatar Oct 31 '23 19:10 jempatel

Almost, you have the right values there, but they should be made translation (i18n) friendly.

e.g.

o.value('secret', 'Shared Secret');

should be

o.value('secret', _('Shared Secret'));

systemcrash avatar Nov 02 '23 00:11 systemcrash

@jempatel please fix these most recent additions

systemcrash avatar Nov 09 '23 00:11 systemcrash

@jempatel please fix these most recent additions

Done

jempatel avatar Nov 09 '23 06:11 jempatel

Ok good. @jow- @hnyman any other reviewers? I'm largely satisfied.

systemcrash avatar Nov 10 '23 11:11 systemcrash

I held back merging this as the underlying packages PR were open for a long time, but it seems they finally got merged last week, so let's go ahead! We can still continue polishing this in subsequent PRs if the need arises.

@jempatel - thanks a lot for your effort and patience.

jow- avatar Nov 10 '23 12:11 jow-

Merged via 9f652445355258497fd7f8c7f06dd75f58cd64ce

jow- avatar Nov 10 '23 12:11 jow-

@jempatel looks like you missed the 15m -> 15h thing I flagged in the review.

systemcrash avatar Nov 10 '23 14:11 systemcrash

@jempatel looks like you missed the 15m -> 15h thing I flagged in the review.

Ahh, Yup I missed that. Looks like someone had already updated and merged that to master.

jempatel avatar Nov 11 '23 10:11 jempatel