Revision 17da6c79
Added by Scott Ullrich about 20 years ago
Import back in pfSense modifications:
- Failover IPSEC support ['ipsec']['ip']
- creategfif support for multi subnet routing
| etc/inc/vpn.inc | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
/* $Id$ */ |
|
| 2 | 3 |
/* |
| 3 | 4 |
vpn.inc |
| 4 |
part of m0n0wall (http://m0n0.ch/wall) |
|
| 5 |
|
|
| 6 |
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. |
|
| 5 |
Copyright (C) 2004 Scott Ullrich |
|
| 7 | 6 |
All rights reserved. |
| 8 |
|
|
| 7 |
|
|
| 8 |
originally part of m0n0wall (http://m0n0.ch/wall) |
|
| 9 |
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. |
|
| 10 |
All rights reserved. |
|
| 11 |
|
|
| 9 | 12 |
Redistribution and use in source and binary forms, with or without |
| 10 | 13 |
modification, are permitted provided that the following conditions are met: |
| 11 |
|
|
| 14 |
|
|
| 12 | 15 |
1. Redistributions of source code must retain the above copyright notice, |
| 13 | 16 |
this list of conditions and the following disclaimer. |
| 14 |
|
|
| 17 |
|
|
| 15 | 18 |
2. Redistributions in binary form must reproduce the above copyright |
| 16 | 19 |
notice, this list of conditions and the following disclaimer in the |
| 17 | 20 |
documentation and/or other materials provided with the distribution. |
| 18 |
|
|
| 21 |
|
|
| 19 | 22 |
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, |
| 20 | 23 |
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY |
| 21 | 24 |
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| ... | ... | |
| 35 | 38 |
global $config, $g; |
| 36 | 39 |
|
| 37 | 40 |
$curwanip = get_current_wan_address(); |
| 41 |
|
|
| 42 |
/* if we defined a listen ip, lets set up */ |
|
| 43 |
if($config['ipsec']['ip'] <> "") |
|
| 44 |
$curwanip = $config['ipsec']['ip']; |
|
| 38 | 45 |
|
| 39 | 46 |
$syscfg = $config['system']; |
| 40 | 47 |
$ipseccfg = $config['ipsec']; |
| ... | ... | |
| 106 | 113 |
|
| 107 | 114 |
vpn_localnet_determine($tunnel['local-subnet'], $sa, $sn); |
| 108 | 115 |
|
| 116 |
if(isset($tunnel['creategif'])) {
|
|
| 117 |
$number_of_gifs = find_last_gif_device(); |
|
| 118 |
$number_of_gifs++; |
|
| 119 |
$curwanip = get_current_wan_address(); |
|
| 120 |
if($config['ipsec']['ip'] <> "") |
|
| 121 |
$curwanip = $config['ipsec']['ip']; |
|
| 122 |
mwexec("/sbin/ifconfig gif" . $number_of_gifs . " tunnel" . $curwanip . " " . $tunnel['remote-gateway']);
|
|
| 123 |
mwexec("/sbin/ifconfig gif" . $number_of_gifs . " {$lansa}/{$lansn} {$lanip}/32");
|
|
| 124 |
} |
|
| 125 |
|
|
| 109 | 126 |
$spdconf .= "spdadd {$sa}/{$sn} " .
|
| 110 | 127 |
"{$tunnel['remote-subnet']} any -P out ipsec " .
|
| 111 | 128 |
"{$tunnel['p2']['protocol']}/tunnel/{$ep}-" .
|
| ... | ... | |
| 130 | 147 |
printf("Error: cannot open racoon.conf in vpn_ipsec_configure().\n");
|
| 131 | 148 |
return 1; |
| 132 | 149 |
} |
| 150 |
|
|
| 151 |
if($config['ipsec']['ip'] <> "") {
|
|
| 152 |
|
|
| 153 |
$interface_ip = $config['ipsec']['ip']; |
|
| 154 |
$racoonconf .= <<<EOD |
|
| 155 |
listen {
|
|
| 156 |
isakmp {$interface_ip} [500];
|
|
| 157 |
} |
|
| 158 |
|
|
| 159 |
EOD; |
|
| 160 |
} |
|
| 133 | 161 |
|
| 134 | 162 |
$racoonconf = "path pre_shared_key \"{$g['varetc_path']}/psk.txt\";\n\n";
|
| 135 | 163 |
$racoonconf .= "path certificate \"{$g['varetc_path']}\";\n\n";
|
Also available in: Unified diff