| 1940 |
1940 |
* NAME
|
| 1941 |
1941 |
* ipsec_setup_userpools - Generate per-user custom pool settings for swanctl
|
| 1942 |
1942 |
* INPUTS
|
| 1943 |
|
* None
|
|
1943 |
* $ph1ent = Mobile IPsec Phase 1 entry
|
| 1944 |
1944 |
* RESULT
|
| 1945 |
1945 |
* Adds configured per-user pool settings to $scconf using the primary mobile
|
| 1946 |
1946 |
* pool as a base configuration.
|
| ... | ... | |
| 1948 |
1948 |
* Given this new flexible format, it is now possible to override any valid
|
| 1949 |
1949 |
* pool setting, so future expansion of per-user settings is possible.
|
| 1950 |
1950 |
******/
|
| 1951 |
|
function ipsec_setup_userpools() {
|
|
1951 |
function ipsec_setup_userpools($ph1ent) {
|
| 1952 |
1952 |
global $config, $scconf;
|
| 1953 |
1953 |
$a_mobilekey = $config['ipsec']['mobilekey'];
|
| 1954 |
1954 |
|
| ... | ... | |
| 1956 |
1956 |
if (!is_array($a_mobilekey) ||
|
| 1957 |
1957 |
empty($a_mobilekey) ||
|
| 1958 |
1958 |
!is_array($scconf['connections']) ||
|
| 1959 |
|
!is_array($scconf['con-mobile-defaults']) ||
|
| 1960 |
1959 |
!is_array($scconf['pools']) ||
|
| 1961 |
1960 |
!is_array($scconf['mobile-pool'])) {
|
| 1962 |
1961 |
return;
|
| ... | ... | |
| 1989 |
1988 |
|
| 1990 |
1989 |
/* Craft a cloned connection with the ID information to match */
|
| 1991 |
1990 |
$scconf['connections'][$upconn]['remote'] = array();
|
| 1992 |
|
$scconf['connections'][$upconn]['remote']['id'] = $clientid;
|
|
1991 |
if ($ph1ent['authentication_method'] != "eap-mschapv2") {
|
|
1992 |
$scconf['connections'][$upconn]['remote']['id'] = $clientid;
|
|
1993 |
}
|
| 1993 |
1994 |
$scconf['connections'][$upconn]['remote']['eap_id'] = $clienteapid;
|
| 1994 |
1995 |
$scconf['connections'][$upconn]['pools'] = $upbase;
|
| 1995 |
1996 |
|
| ... | ... | |
| 2184 |
2185 |
case 'eap-mschapv2':
|
| 2185 |
2186 |
if (isset($ph1ent['mobile'])) {
|
| 2186 |
2187 |
$local['auth'] = "pubkey";
|
|
2188 |
unset($remote['id']);
|
| 2187 |
2189 |
$remote['eap_id'] = "%any";
|
| 2188 |
2190 |
$remote['auth'] = "eap-mschapv2";
|
| 2189 |
2191 |
}
|
| ... | ... | |
| 2418 |
2420 |
* their children, authentication, etc.
|
| 2419 |
2421 |
******/
|
| 2420 |
2422 |
function ipsec_setup_tunnels($gateways_status = false) {
|
| 2421 |
|
global $aggressive_mode_psk, $a_client, $config,
|
|
2423 |
global $aggressive_mode_psk, $a_phase2, $a_client, $config,
|
| 2422 |
2424 |
$filterdns_list, $g, $ifacesuse, $ipsec_idhandling, $ipsec_log_cats,
|
| 2423 |
2425 |
$ipsec_log_sevs, $ipsec_swanctl_basedir, $ipsec_swanctl_dirs,
|
| 2424 |
2426 |
$ipseccfg, $mobile_ipsec_auth, $natfilterrules, $p1_ealgos,
|
| ... | ... | |
| 2449 |
2451 |
$scconf["{$cname}-defaults"] = $conn_defaults;
|
| 2450 |
2452 |
/* Array reference to make things easier */
|
| 2451 |
2453 |
$conn =& $scconf["{$cname}-defaults"];
|
| 2452 |
|
$scconf['connections']["{$cname} : {$cname}-defaults"] = array("# Stub to load con-mobile-defaults");
|
| 2453 |
2454 |
} else {
|
| 2454 |
2455 |
$cname = ipsec_conid($ph1ent);
|
| 2455 |
2456 |
/* Start with common default values */
|
| ... | ... | |
| 3174 |
3175 |
}
|
| 3175 |
3176 |
if (isset($p1['mobile']) && !isset($p1['disabled'])) {
|
| 3176 |
3177 |
$mobile_configured = true;
|
|
3178 |
$mobilep1 = $p1;
|
| 3177 |
3179 |
}
|
| 3178 |
3180 |
$tunnels[$p1['ikeid']] = $p1;
|
| 3179 |
3181 |
$tunnels[$p1['ikeid']]['p2'] = array();
|
| ... | ... | |
| 3239 |
3241 |
/* Setup mobile address pools */
|
| 3240 |
3242 |
ipsec_setup_pools();
|
| 3241 |
3243 |
/* Setup per-user pools */
|
| 3242 |
|
ipsec_setup_userpools();
|
|
3244 |
ipsec_setup_userpools($mobilep1);
|
|
3245 |
$scconf['connections']["con-mobile : con-mobile-defaults"] = array("# Stub to load con-mobile-defaults");
|
|
3246 |
|
| 3243 |
3247 |
}
|
| 3244 |
3248 |
/* Setup secret data */
|
| 3245 |
3249 |
$scconf['secrets'] = array();
|
.png){kind=link}