Merge branch 'robertzaage-master'

security/openconnect/Makefile

@@ -1,5 +1,5 @@
 PLUGIN_NAME=		openconnect
-PLUGIN_VERSION=		1.4.5
+PLUGIN_VERSION=		1.4.6
 PLUGIN_COMMENT=		OpenConnect Client
 PLUGIN_DEPENDS=		openconnect
 PLUGIN_MAINTAINER=	m.muenz@gmail.com

security/openconnect/pkg-descr

@@ -6,6 +6,10 @@ the Juniper SSL VPN which is now known as Pulse Connect Secure.
 Plugin Changelog
 ================
 
+1.4.6
+
+* add allowinsecure
+
 1.4.5
 
 * Allow ":" and "/" characters in user name

security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml

@@ -59,6 +59,12 @@
         <type>text</type>
         <help>Enter a secret to use with one-time password generation.</help>
     </field>
+    <field>
+        <id>general.allowinsecure</id>
+        <label>Allow Insecure Ciphers</label>
+        <type>checkbox</type>
+        <help>This option allows the use of insecure ciphers.</help>
+    </field>
     <field>
         <id>general.protocol</id>
         <label>Protocol</label>

security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml

@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/openconnect/general</mount>
     <description>Openconnect configuration</description>
-    <version>1.0.3</version>
+    <version>1.0.4</version>
     <items>
         <enabled type="BooleanField">
             <Default>0</Default>
@@ -58,6 +58,10 @@
         <tokensecret type="TextField">
             <Required>N</Required>
         </tokensecret>
+        <allowinsecure type="BooleanField">
+            <Default>0</Default>
+            <Required>N</Required>
+        </allowinsecure>
         <protocol type="OptionField">
             <Default>anyconnect</Default>
             <Required>Y</Required>

security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf

@@ -25,6 +25,9 @@ token-mode={{ OPNsense.openconnect.general.tokenmode }}
 token-secret={{ OPNsense.openconnect.general.tokensecret }}
 {%     endif %}
 {%   endif %}
+{%   if not helpers.empty('OPNsense.openconnect.general.allowinsecure') %}
+allow-insecure-crypto
+{%   endif %}
 {%   if helpers.exists('OPNsense.openconnect.general.protocol') and OPNsense.openconnect.general.protocol != '' %}
 protocol={{ OPNsense.openconnect.general.protocol }}
 {%     if OPNsense.openconnect.general.protocol == 'anyconnect' %}