Project

General

Profile

« Previous | Next » 

Revision 50c4282d

Added by Jim Pingle about 7 years ago

Add vpn.inc changes for IPsec VTI that missed the previous commit. Ticket #8544

View differences:

src/etc/inc/vpn.inc
1182 1182
			$rightsubnet_spec = array();
1183 1183
			$leftsubnet_spec = array();
1184 1184
			$reqids = array();
1185
			$vtireq = array();
1185 1186
			$ealgoAHsp2arr = array();
1186 1187
			$ealgoESPsp2arr = array();
1187 1188
			if (is_array($a_phase2) && count($a_phase2)) {
......
1200 1201

  
1201 1202
					if (($ph2ent['mode'] == 'tunnel') or ($ph2ent['mode'] == 'tunnel6')) {
1202 1203
						$tunneltype = "type = tunnel";
1204
						$installpolicy = "installpolicy = yes";
1203 1205

  
1204 1206
						$localid_type = $ph2ent['localid']['type'];
1205 1207
						$leftsubnet_data = ipsec_idinfo_to_cidr($ph2ent['localid'], false, $ph2ent['mode']);
......
1240 1242
						} else if (!empty($a_client['pool_address'])) {
1241 1243
							$rightsubnet_spec[] = "{$a_client['pool_address']}/{$a_client['pool_netbits']}";
1242 1244
						}
1245
					} elseif ($ph2ent['mode'] == 'vti') {
1246
						$tunneltype = "";
1247
						$installpolicy = "installpolicy = no";
1248
						$passive = 'start';
1249

  
1250
						$localid_type = $ph2ent['localid']['type'];
1251
						$leftsubnet_data = ipsec_idinfo_to_cidr($ph2ent['localid'], false, $ph2ent['mode']);
1252
						$leftsubnet_spec[] = $leftsubnet_data;
1253

  
1254
						$tmpsubnet = ipsec_idinfo_to_cidr($ph2ent['remoteid'], false, $ph2ent['mode']);
1255
						$rightsubnet_spec[] = $tmpsubnet;
1256
						$vtireq[] = $ph2ent['reqid'];
1243 1257
					} else {
1244 1258
						$tunneltype = "type = transport";
1259
						$installpolicy = "installpolicy = yes";
1245 1260

  
1246 1261
						if ((($ph1ent['authentication_method'] == "xauth_psk_server") ||
1247 1262
						    ($ph1ent['authentication_method'] == "pre_shared_key")) &&
......
1353 1368
	{$mobike}
1354 1369
	{$tfc}
1355 1370
	{$rekeyline}
1356
	installpolicy = yes
1371
	{$installpolicy}
1357 1372
	{$tunneltype}
1358 1373
	{$dpdline}
1359 1374
	auto = {$passive}
......
1404 1419
						//if (!empty($reqids[$idx])) {
1405 1420
						//	$ipsecfin .= "\treqid = " . $reqids[$idx] . "\n";
1406 1421
						//}
1422
						if (!empty($vtireq[$idx])) {
1423
							$ipsecfin .= "\treqid = " . $reqids[$idx] . "\n";
1424
						}
1407 1425
						$ipsecfin .= $ipsecconnect;
1408 1426
						$ipsecfin .= "\trightsubnet = {$rsubnet}\n";
1409 1427
						$ipsecfin .= "\tleftsubnet = " . $leftsubnet_spec[$idx] . "\n";
......
1421 1439
				//if (!empty($reqids[$idx])) {
1422 1440
				//	$ipsecfin .= "\treqid = " . $reqids[0] . "\n";
1423 1441
				//}
1442
				if (!empty($vtireq[$idx])) {
1443
					$ipsecfin .= "\treqid = " . $reqids[0] . "\n";
1444
				}
1424 1445
				$ipsecfin .= $ipsecconnect;
1425 1446
				if (!isset($ph1ent['mobile']) && !empty($rightsubnet_spec)) {
1426 1447
					$tempsubnets = array();

Also available in: Unified diff