Revision 50c4282d
Added by Jim Pingle about 7 years ago
src/etc/inc/vpn.inc | ||
---|---|---|
1182 | 1182 |
$rightsubnet_spec = array(); |
1183 | 1183 |
$leftsubnet_spec = array(); |
1184 | 1184 |
$reqids = array(); |
1185 |
$vtireq = array(); |
|
1185 | 1186 |
$ealgoAHsp2arr = array(); |
1186 | 1187 |
$ealgoESPsp2arr = array(); |
1187 | 1188 |
if (is_array($a_phase2) && count($a_phase2)) { |
... | ... | |
1200 | 1201 |
|
1201 | 1202 |
if (($ph2ent['mode'] == 'tunnel') or ($ph2ent['mode'] == 'tunnel6')) { |
1202 | 1203 |
$tunneltype = "type = tunnel"; |
1204 |
$installpolicy = "installpolicy = yes"; |
|
1203 | 1205 |
|
1204 | 1206 |
$localid_type = $ph2ent['localid']['type']; |
1205 | 1207 |
$leftsubnet_data = ipsec_idinfo_to_cidr($ph2ent['localid'], false, $ph2ent['mode']); |
... | ... | |
1240 | 1242 |
} else if (!empty($a_client['pool_address'])) { |
1241 | 1243 |
$rightsubnet_spec[] = "{$a_client['pool_address']}/{$a_client['pool_netbits']}"; |
1242 | 1244 |
} |
1245 |
} elseif ($ph2ent['mode'] == 'vti') { |
|
1246 |
$tunneltype = ""; |
|
1247 |
$installpolicy = "installpolicy = no"; |
|
1248 |
$passive = 'start'; |
|
1249 |
|
|
1250 |
$localid_type = $ph2ent['localid']['type']; |
|
1251 |
$leftsubnet_data = ipsec_idinfo_to_cidr($ph2ent['localid'], false, $ph2ent['mode']); |
|
1252 |
$leftsubnet_spec[] = $leftsubnet_data; |
|
1253 |
|
|
1254 |
$tmpsubnet = ipsec_idinfo_to_cidr($ph2ent['remoteid'], false, $ph2ent['mode']); |
|
1255 |
$rightsubnet_spec[] = $tmpsubnet; |
|
1256 |
$vtireq[] = $ph2ent['reqid']; |
|
1243 | 1257 |
} else { |
1244 | 1258 |
$tunneltype = "type = transport"; |
1259 |
$installpolicy = "installpolicy = yes"; |
|
1245 | 1260 |
|
1246 | 1261 |
if ((($ph1ent['authentication_method'] == "xauth_psk_server") || |
1247 | 1262 |
($ph1ent['authentication_method'] == "pre_shared_key")) && |
... | ... | |
1353 | 1368 |
{$mobike} |
1354 | 1369 |
{$tfc} |
1355 | 1370 |
{$rekeyline} |
1356 |
installpolicy = yes
|
|
1371 |
{$installpolicy}
|
|
1357 | 1372 |
{$tunneltype} |
1358 | 1373 |
{$dpdline} |
1359 | 1374 |
auto = {$passive} |
... | ... | |
1404 | 1419 |
//if (!empty($reqids[$idx])) { |
1405 | 1420 |
// $ipsecfin .= "\treqid = " . $reqids[$idx] . "\n"; |
1406 | 1421 |
//} |
1422 |
if (!empty($vtireq[$idx])) { |
|
1423 |
$ipsecfin .= "\treqid = " . $reqids[$idx] . "\n"; |
|
1424 |
} |
|
1407 | 1425 |
$ipsecfin .= $ipsecconnect; |
1408 | 1426 |
$ipsecfin .= "\trightsubnet = {$rsubnet}\n"; |
1409 | 1427 |
$ipsecfin .= "\tleftsubnet = " . $leftsubnet_spec[$idx] . "\n"; |
... | ... | |
1421 | 1439 |
//if (!empty($reqids[$idx])) { |
1422 | 1440 |
// $ipsecfin .= "\treqid = " . $reqids[0] . "\n"; |
1423 | 1441 |
//} |
1442 |
if (!empty($vtireq[$idx])) { |
|
1443 |
$ipsecfin .= "\treqid = " . $reqids[0] . "\n"; |
|
1444 |
} |
|
1424 | 1445 |
$ipsecfin .= $ipsecconnect; |
1425 | 1446 |
if (!isset($ph1ent['mobile']) && !empty($rightsubnet_spec)) { |
1426 | 1447 |
$tempsubnets = array(); |
Also available in: Unified diff
Add vpn.inc changes for IPsec VTI that missed the previous commit. Ticket #8544