Revision 3eeac256
Added by Ermal LUÇI over 11 years ago
| etc/inc/vpn.inc | ||
|---|---|---|
| 506 | 506 |
chmod("{$g['varetc_path']}/ipsec/ipsec.secrets", 0600);
|
| 507 | 507 |
unset($pskconf); |
| 508 | 508 |
|
| 509 |
$natfilterrules = false; |
|
| 509 | 510 |
/* begin ipsec.conf */ |
| 510 | 511 |
$ipsecconf = ""; |
| 511 | 512 |
if ((is_array($a_phase1) && count($a_phase1)) || (is_array($a_phase2) && count($a_phase2))) {
|
| ... | ... | |
| 675 | 676 |
continue; |
| 676 | 677 |
} |
| 677 | 678 |
$localid_spec = $ep; |
| 678 |
/* XXX: To be finished */ |
|
| 679 |
if (0 && !empty($ph2ent['natlocalid'])) {
|
|
| 679 |
if (!empty($ph2ent['natlocalid'])) {
|
|
| 680 | 680 |
$natlocalid_data = ipsec_idinfo_to_cidr($ph2ent['natlocalid'], false, $ph2ent['mode']); |
| 681 | 681 |
if ($ph2ent['natlocalid']['type'] != "address") {
|
| 682 | 682 |
if (is_subnet($natlocalid_data)) |
| 683 |
$localid_spec .= " nat subnet {$natlocalid_data} any";
|
|
| 683 |
$localid_data = "{$natlocalid_data}|{$localid_data}";
|
|
| 684 | 684 |
} else {
|
| 685 | 685 |
if (is_ipaddr($natlocalid_data)) |
| 686 |
$localid_spec .= " nat address {$natlocalid_data} any";
|
|
| 686 |
$localid_data = "{$natlocalid_data}|{$localid_data}";
|
|
| 687 | 687 |
} |
| 688 |
$natfilterrules = true; |
|
| 688 | 689 |
} |
| 689 | 690 |
} |
| 690 | 691 |
|
| ... | ... | |
| 836 | 837 |
unset($ipsecconf); |
| 837 | 838 |
/* end ipsec.conf */ |
| 838 | 839 |
|
| 839 |
/* generate IPsec policies */ |
|
| 840 |
$natfilterrules = false; |
|
| 841 | 840 |
/* mange process */ |
| 842 | 841 |
if (isvalidpid("{$g['varrun_path']}/charon.pid")) {
|
| 843 | 842 |
/* Read secrets */ |
Also available in: Unified diff
Generate nat rules for ipsec when needed