3 files changed, 56 insertions, 24 deletions

diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index 8b8f1b9..8df0382 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -35,6 +35,12 @@
 */
 
 /* IPsec defines */
+$ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE SA", "chd" => "IKE Child SA",
+	"job" => "Job Processing", "cfg" => "Configuration backend", "knl" => "Kernel Interface",
+	"net" => "Networking", "asn" => "ASN encoding", "enc" => "Message encoding",
+	"imc" => "Integrity checker", "imv" => "Integrity Verifier", "pts" => "Platform Trust Service",
+	"tls" => "TLS handler", "app" => "Not daemon", "esp" => "IPSec traffic", "lib" => "StrongSWAN Lib");
+
 $my_identifier_list = array(
 	'myaddress' => array( 'desc' => gettext('My IP address'), 'mobile' => true ),
 	'address' => array( 'desc' => gettext('IP address'), 'mobile' => true ),
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 8b5354c..5a6a5e5 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -43,6 +43,19 @@
 
 require_once("ipsec.inc");
 
+function vpn_ipsec_configure_loglevels()
+{
+	global $config;
+
+	foreach ($ipsec_loglevels as $lkey => $ldescr) {
+		if (empty($config['ipsec']["ipsec_{$lkey}"]))
+			mwexec("/usr/local/sbin/ipsec stroke loglevel {$lkey} -1", false);
+		else if (is_numeric($config['ipsec']["ipsec_{$lkey}"]) &&
+		    intval($config['ipsec']["ipsec_{$lkey}"]) >= 1 && intval($config['ipsec']["ipsec_{$lkey}"]) <= 4)
+			mwexec("/usr/local/sbin/ipsec stroke loglevel {$lkey} " . (intval($config['ipsec']["ipsec_{$lkey}"]) - 1) , false);
+	}
+}
+
 /* include all configuration functions */
 function vpn_ipsec_convert_to_modp($index)
 {
@@ -269,6 +282,7 @@ charon {
 		    ike = 1
 		}
 	}
+
 EOD;
 
 		if (is_array($a_client) && isset($a_client['enable']) && !empty($a_client['net_list']))
@@ -356,9 +370,10 @@ EOD;
 
 			if ($a_client['user_source'] != "none") {
 				$strongswan .= "\txauth-generic {\n";
-				$strongswan .= "\t\tscript = /etc/inc/ipsec.auth-user.php";
+				$strongswan .= "\t\tscript = /etc/inc/ipsec.auth-user.php\n";
 				$strongswan .= "\t\tauthcfg = ";
 				$firstsed = 0;
+				$authcfgs = explode(",", $a_client['user_source']);
 				foreach ($authcfgs as $authcfg) {
 					if ($firstsed > 0)
 						$strongswan .= ",";
@@ -468,7 +483,7 @@ EOD;
 					}
 
 					if (!empty($peerid_data) && !empty($ph1ent['pre-shared-key']))
-						$pskconf .= trim($peerid_data) . ": PSK \"" . trim($ph1ent['pre-shared-key']) . "\"\n";
+						$pskconf .= trim($peerid_data) . " : PSK \"" . trim($ph1ent['pre-shared-key']) . "\"\n";
 				}
 			}
 		}
@@ -825,7 +840,7 @@ EOD;
 	/* generate IPsec policies */
 	$natfilterrules = false;
 	/* mange process */
-	if (isvalidpid("{$g['varrun_path']/charon.pid")) {
+	if (isvalidpid("{$g['varrun_path']}/charon.pid")) {
 		/* Read secrets */
 		mwexec("/usr/local/sbin/ipsec rereadall", false);
 		/* Update configuration changes */
diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php
index b3ed759..558c40d 100644
--- a/usr/local/www/system_advanced_misc.php
+++ b/usr/local/www/system_advanced_misc.php
@@ -60,7 +60,10 @@ $pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']);
 $pconfig['srctrack'] = $config['system']['srctrack'];
 $pconfig['gw_switch_default'] = isset($config['system']['gw_switch_default']);
 $pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']);
-$pconfig['racoondebug_enable'] = isset($config['ipsec']['racoondebug']);
+foreach ($ipsec_loglevel as $lkey => $ldescr) {
+	if (!empty($config['ipsec']["ipsec_{$lkey}"]))
+		$pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"];
+}
 $pconfig['failoverforcereload'] = isset($config['ipsec']['failoverforcereload']);
 $pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']);
 $pconfig['maxmss'] = $config['system']['maxmss'];
@@ -167,25 +170,17 @@ if ($_POST) {
 		elseif (isset($config['ipsec']['failoverforcereload']))
 			unset($config['ipsec']['failoverforcereload']);
 
-		$need_racoon_restart = false;
-		if($_POST['racoondebug_enable'] == "yes") {
-			if (!isset($config['ipsec']['racoondebug'])) {
-				$config['ipsec']['racoondebug'] = true;
-				$need_racoon_restart = true;
-			}
-		} else {
-			if (isset($config['ipsec']['racoondebug'])) {
-				unset($config['ipsec']['racoondebug']);
-				$need_racoon_restart = true;
-			}
+		foreach ($ipsec_loglevel as $lkey => $ldescr) {
+			if (empty($_POST["ipsec_{$lkey}"]))
+				unset($config['ipsec']["ipsec_{$lkey}"]);
+			else
+				$config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"];
 		}
 		if($_POST['noinstalllanspd'] == "yes") {
 			if (!isset($pconfig['noinstalllanspd']))
-				$need_racoon_restart = true;
 			$config['system']['noinstalllanspd'] = true;
 		} else {
 			if (isset($config['system']['noinstalllanspd']))
-				$need_racoon_restart = true;
 			unset($config['system']['noinstalllanspd']);
 		}
 
@@ -266,8 +261,8 @@ if ($_POST) {
 		load_crypto();
 		load_thermal_hardware();
 		vpn_ipsec_configure_preferoldsa();
-		if ($need_racoon_restart)
-			vpn_ipsec_force_reload();
+		vpn_ipsec_configure();
+		vpn_ipsec_configure_loglevels();
 		if ($need_relayd_restart)
 			relayd_configure();
 	}
@@ -536,12 +531,28 @@ function tmpvar_checked(obj) {
 							<tr>
 								<td width="22%" valign="top" class="vncell"><?=gettext("IPsec Debug"); ?></td>
 								<td width="78%" class="vtable">
-									<input name="racoondebug_enable" type="checkbox" id="racoondebug_enable" value="yes" <?php if ($pconfig['racoondebug_enable']) echo "checked=\"checked\""; ?> />
-									<strong><?=gettext("Start racoon in debug mode"); ?></strong>
+									<strong><?=gettext("Start IPSec in debug mode based on sections selected"); ?></strong>
 									<br />
-									<?=gettext("Launches racoon in debug mode so that more verbose logs " .
-									"will be generated to aid in troubleshooting."); ?><br/>
-									<?=gettext("NOTE: Changing this setting will restart racoon."); ?>
+									<table>
+								<?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?>
+									<tr>
+										<td width="22%" valign="top" class="vncell"><?=$ldescr;?></td>
+										<td width="78%" valign="top" class="vncell">
+										<?php	echo "<select name=\"ipsec_{$lkey}\" id=\"ipsec_{$lkey}\">\n";
+											foreach (array("Silent", "Audit", "Control", "Diag", "Raw", "Highest") as $lidx => $lvalue) {
+												echo "<option value=\"{$lidx}\" ";
+												 if ($pconfig["ipsec_{$lkey}"] == $lidx)
+													echo "\"selected\"";
+												echo ">{$lvalue}</option>\n";
+											}
+										?> />
+											</select>
+										</td>
+									</tr>
+								<?php endforeach; ?>
+									</table>
+									<br/><?=gettext("Launches IPSec in debug mode so that more verbose logs " .
+									"will be generated to aid in troubleshooting."); ?>
 								</td>
 							</tr>
 							<tr>