Revision 50c4282d
Added by Jim Pingle about 7 years ago
| src/etc/inc/vpn.inc | ||
|---|---|---|
| 1182 | 1182 |
$rightsubnet_spec = array(); |
| 1183 | 1183 |
$leftsubnet_spec = array(); |
| 1184 | 1184 |
$reqids = array(); |
| 1185 |
$vtireq = array(); |
|
| 1185 | 1186 |
$ealgoAHsp2arr = array(); |
| 1186 | 1187 |
$ealgoESPsp2arr = array(); |
| 1187 | 1188 |
if (is_array($a_phase2) && count($a_phase2)) {
|
| ... | ... | |
| 1200 | 1201 |
|
| 1201 | 1202 |
if (($ph2ent['mode'] == 'tunnel') or ($ph2ent['mode'] == 'tunnel6')) {
|
| 1202 | 1203 |
$tunneltype = "type = tunnel"; |
| 1204 |
$installpolicy = "installpolicy = yes"; |
|
| 1203 | 1205 |
|
| 1204 | 1206 |
$localid_type = $ph2ent['localid']['type']; |
| 1205 | 1207 |
$leftsubnet_data = ipsec_idinfo_to_cidr($ph2ent['localid'], false, $ph2ent['mode']); |
| ... | ... | |
| 1240 | 1242 |
} else if (!empty($a_client['pool_address'])) {
|
| 1241 | 1243 |
$rightsubnet_spec[] = "{$a_client['pool_address']}/{$a_client['pool_netbits']}";
|
| 1242 | 1244 |
} |
| 1245 |
} elseif ($ph2ent['mode'] == 'vti') {
|
|
| 1246 |
$tunneltype = ""; |
|
| 1247 |
$installpolicy = "installpolicy = no"; |
|
| 1248 |
$passive = 'start'; |
|
| 1249 |
|
|
| 1250 |
$localid_type = $ph2ent['localid']['type']; |
|
| 1251 |
$leftsubnet_data = ipsec_idinfo_to_cidr($ph2ent['localid'], false, $ph2ent['mode']); |
|
| 1252 |
$leftsubnet_spec[] = $leftsubnet_data; |
|
| 1253 |
|
|
| 1254 |
$tmpsubnet = ipsec_idinfo_to_cidr($ph2ent['remoteid'], false, $ph2ent['mode']); |
|
| 1255 |
$rightsubnet_spec[] = $tmpsubnet; |
|
| 1256 |
$vtireq[] = $ph2ent['reqid']; |
|
| 1243 | 1257 |
} else {
|
| 1244 | 1258 |
$tunneltype = "type = transport"; |
| 1259 |
$installpolicy = "installpolicy = yes"; |
|
| 1245 | 1260 |
|
| 1246 | 1261 |
if ((($ph1ent['authentication_method'] == "xauth_psk_server") || |
| 1247 | 1262 |
($ph1ent['authentication_method'] == "pre_shared_key")) && |
| ... | ... | |
| 1353 | 1368 |
{$mobike}
|
| 1354 | 1369 |
{$tfc}
|
| 1355 | 1370 |
{$rekeyline}
|
| 1356 |
installpolicy = yes
|
|
| 1371 |
{$installpolicy}
|
|
| 1357 | 1372 |
{$tunneltype}
|
| 1358 | 1373 |
{$dpdline}
|
| 1359 | 1374 |
auto = {$passive}
|
| ... | ... | |
| 1404 | 1419 |
//if (!empty($reqids[$idx])) {
|
| 1405 | 1420 |
// $ipsecfin .= "\treqid = " . $reqids[$idx] . "\n"; |
| 1406 | 1421 |
//} |
| 1422 |
if (!empty($vtireq[$idx])) {
|
|
| 1423 |
$ipsecfin .= "\treqid = " . $reqids[$idx] . "\n"; |
|
| 1424 |
} |
|
| 1407 | 1425 |
$ipsecfin .= $ipsecconnect; |
| 1408 | 1426 |
$ipsecfin .= "\trightsubnet = {$rsubnet}\n";
|
| 1409 | 1427 |
$ipsecfin .= "\tleftsubnet = " . $leftsubnet_spec[$idx] . "\n"; |
| ... | ... | |
| 1421 | 1439 |
//if (!empty($reqids[$idx])) {
|
| 1422 | 1440 |
// $ipsecfin .= "\treqid = " . $reqids[0] . "\n"; |
| 1423 | 1441 |
//} |
| 1442 |
if (!empty($vtireq[$idx])) {
|
|
| 1443 |
$ipsecfin .= "\treqid = " . $reqids[0] . "\n"; |
|
| 1444 |
} |
|
| 1424 | 1445 |
$ipsecfin .= $ipsecconnect; |
| 1425 | 1446 |
if (!isset($ph1ent['mobile']) && !empty($rightsubnet_spec)) {
|
| 1426 | 1447 |
$tempsubnets = array(); |
Also available in: Unified diff
Add vpn.inc changes for IPsec VTI that missed the previous commit. Ticket #8544