Project

General

Profile

« Previous | Next » 

Revision 31630f47

Added by Chris Buechler almost 10 years ago

Fix up strongswan logging levels. Remove charondebug since strongswan.conf settings take precedence. Set logging levels in strongswan.conf to match what's set on a running system via 'ipsec stroke loglevel', and remove log levels that were hard coded in strongswan.conf. Ticket #5242

View differences:

src/etc/inc/vpn.inc
52 52 
			mwexec("/usr/local/sbin/ipsec stroke loglevel {$lkey} -- -1", false);
53 53 
		} else if (is_numeric($config['ipsec']["ipsec_{$lkey}"]) &&
54 54 
		    intval($config['ipsec']["ipsec_{$lkey}"]) >= 0 && intval($config['ipsec']["ipsec_{$lkey}"]) <= 5) {
55 
			$forconfig ? $cfgtext[] = "${lkey} " . (intval($config['ipsec']["ipsec_{$lkey}"]) - 1) :
55 
			$forconfig ? $cfgtext[] = "${lkey} = " . (intval($config['ipsec']["ipsec_{$lkey}"]) - 1) :
56 56 
				mwexec("/usr/local/sbin/ipsec stroke loglevel {$lkey} " . (intval($config['ipsec']["ipsec_{$lkey}"]) - 1) , false);
57 57 
		}
58 58 
	}
59 59 
	if ($forconfig) {
60 
		return implode(',', $cfgtext);
60 
		return $cfgtext;
61 61 
	}
62 62 
}
63 63 

  		




  ......




  396
  396
  
    

  		




  397
  397
  
    
	unset($stronconf);


  		




  398
  398
  
    

  		




  
  399
  
    
	$strongswanlog = "";


  		




  
  400
  
    
	$ipsecloglevels = vpn_ipsec_configure_loglevels(true);


  		




  
  401
  
    
	if (is_array($ipsecloglevels)) {


  		




  
  402
  
    
		foreach ($ipsecloglevels as $loglevel) {


  		




  
  403
  
    
			$strongswanlog .= "\t\t" . $loglevel . "\n";


  		




  
  404
  
    
		}


  		




  
  405
  
    
	}


  		




  399
  406
  
    
	$strongswan = <<<EOD


  		




  400
  407
  
    

  		




  401
  408
  
    
# Automatically generated config file - DO NOT MODIFY. Changes will be overwritten.


  		




  ......




  420
  427
  
    
# to, currently one of: daemon, auth.


  		




  421
  428
  
    
syslog {


  		




  422
  429
  
    
	identifier = charon


  		




  423
  
  
    
	# default level to the LOG_DAEMON facility


  		




  424
  430
  
    
	daemon {


  		




  425
  431
  
    
		ike_name = yes


  		




  
  432
  
    
{$strongswanlog}


  		




  426
  433
  
    
	}


  		




  427
  
  
    
	# very minimalistic IKE auditing logs to LOG_AUTHPRIV


  		




  428
  434
  
    
	auth {


  		




  429
  
  
    
		default = -1


  		




  430
  
  
    
		ike = 1


  		




  431
  435
  
    
		ike_name = yes


  		




  
  436
  
    
{$strongswanlog}


  		




  432
  437
  
    
	}


  		




  433
  438
  
    
}


  		




  434
  439
  
    

  		




  ......




  724
  729
  
    

  		




  725
  730
  
    
		$ipsecconf .= "# This file is automatically generated. Do not edit\n";


  		




  726
  731
  
    
		$ipsecconf .= "config setup\n\tuniqueids = {$uniqueids}\n";


  		




  727
  
  
    
		$ipsecconf .= "\tcharondebug=\"" . vpn_ipsec_configure_loglevels(true) . "\"\n";


  		




  728
  732
  
    

  		




  729
  733
  
    
		if (isset($config['ipsec']['strictcrlpolicy'])) {


  		




  730
  734
  
    
			$ipsecconf .= "\tstrictcrlpolicy = yes \n";


  		












Also available in:  Unified diff