Revision 0dbc2d6a
Added by Jim Pingle over 2 years ago
| src/etc/inc/gwlb.inc | ||
|---|---|---|
| 801 | 801 |
continue 3; |
| 802 | 802 |
} |
| 803 | 803 |
$ovpnid = substr($ifcfg['if'], 5); |
| 804 |
if (is_array($config['openvpn'][$ovpntype])) {
|
|
| 805 |
foreach ($config['openvpn'][$ovpntype] as & $ovpnconf) {
|
|
| 806 |
if ($ovpnconf['vpnid'] == $ovpnid) {
|
|
| 807 |
// skip IPv6-only interfaces |
|
| 808 |
if ($ovpnconf['create_gw'] == "v6only") {
|
|
| 809 |
continue 3; |
|
| 810 |
} |
|
| 811 |
// skip tap interfaces |
|
| 812 |
if ($ovpnconf['dev_mode'] == "tap") {
|
|
| 813 |
continue 3; |
|
| 814 |
} |
|
| 804 |
foreach (config_get_path("openvpn/{$ovpntype}", []) as $ovpnconf) {
|
|
| 805 |
if (empty($ovpnconf)) {
|
|
| 806 |
continue; |
|
| 807 |
} |
|
| 808 |
if ($ovpnconf['vpnid'] == $ovpnid) {
|
|
| 809 |
// skip IPv6-only interfaces |
|
| 810 |
if ($ovpnconf['create_gw'] == "v6only") {
|
|
| 811 |
continue 3; |
|
| 812 |
} |
|
| 813 |
// skip tap interfaces |
|
| 814 |
if ($ovpnconf['dev_mode'] == "tap") {
|
|
| 815 |
continue 3; |
|
| 815 | 816 |
} |
| 816 | 817 |
} |
| 817 | 818 |
} |
| 818 | 819 |
$ctype = "VPNv4"; |
| 819 | 820 |
} elseif (substr($ifcfg['if'], 0, 5) == "ipsec") {
|
| 820 | 821 |
$ikeid = substr($ifcfg['if'], 5); |
| 821 |
if (is_array($config['ipsec']) && is_array($config['ipsec']['phase1']) && is_array($config['ipsec']['phase2'])) {
|
|
| 822 |
foreach ($config['ipsec']['phase1'] as $ph1ent) {
|
|
| 823 |
if ($ph1ent['disabled']) {
|
|
| 822 |
if (!empty(config_get_path('ipsec/phase1', [])) &&
|
|
| 823 |
!empty(config_get_path('ipsec/phase2', []))) {
|
|
| 824 |
foreach (config_get_path('ipsec/phase1', []) as $ph1ent) {
|
|
| 825 |
if (empty($ph1ent) || $ph1ent['disabled']) {
|
|
| 824 | 826 |
continue; |
| 825 | 827 |
} |
| 826 | 828 |
$vtisubnet_spec = ipsec_vti($ph1ent, true); |
| ... | ... | |
| 944 | 946 |
continue 3; |
| 945 | 947 |
} |
| 946 | 948 |
$ovpnid = substr($ifcfg['if'], 5); |
| 947 |
if (is_array($config['openvpn'][$ovpntype])) {
|
|
| 948 |
foreach ($config['openvpn'][$ovpntype] as & $ovpnconf) {
|
|
| 949 |
if ($ovpnconf['vpnid'] == $ovpnid) {
|
|
| 950 |
// skip IPv4-only interfaces |
|
| 951 |
if ($ovpnconf['create_gw'] == "v4only") {
|
|
| 952 |
continue 3; |
|
| 953 |
} |
|
| 954 |
// skip tap interfaces |
|
| 955 |
if ($ovpnconf['dev_mode'] == "tap") {
|
|
| 956 |
continue 3; |
|
| 957 |
} |
|
| 949 |
foreach (config_get_path("openvpn/{$ovpntype}", []) as $ovpnconf) {
|
|
| 950 |
if (empty($ovpnconf)) {
|
|
| 951 |
continue; |
|
| 952 |
} |
|
| 953 |
if ($ovpnconf['vpnid'] == $ovpnid) {
|
|
| 954 |
// skip IPv4-only interfaces |
|
| 955 |
if ($ovpnconf['create_gw'] == "v4only") {
|
|
| 956 |
continue 3; |
|
| 957 |
} |
|
| 958 |
// skip tap interfaces |
|
| 959 |
if ($ovpnconf['dev_mode'] == "tap") {
|
|
| 960 |
continue 3; |
|
| 958 | 961 |
} |
| 959 | 962 |
} |
| 960 | 963 |
} |
| 961 | 964 |
$ctype = "VPNv6"; |
| 962 | 965 |
} elseif (substr($ifcfg['if'], 0, 5) == "ipsec") {
|
| 963 | 966 |
$ikeid = substr($ifcfg['if'], 5); |
| 964 |
if (is_array($config['ipsec']) && is_array($config['ipsec']['phase1']) && is_array($config['ipsec']['phase2'])) {
|
|
| 965 |
foreach ($config['ipsec']['phase1'] as $ph1ent) {
|
|
| 966 |
if ($ph1ent['disabled']) {
|
|
| 967 |
if (!empty(config_get_path('ipsec/phase1', [])) &&
|
|
| 968 |
!empty(config_get_path('ipsec/phase2', []))) {
|
|
| 969 |
foreach (config_get_path('ipsec/phase1', []) as $ph1ent) {
|
|
| 970 |
if (empty($ph1ent) || $ph1ent['disabled']) {
|
|
| 967 | 971 |
continue; |
| 968 | 972 |
} |
| 969 | 973 |
$vtisubnet_spec = ipsec_vti($ph1ent, true); |
Also available in: Unified diff
GW Edit: Handle missing OpenVPN/IPsec entries better. Fixes #13973