Revision 7dcf1cc7
Added by Jim Pingle over 13 years ago
etc/inc/vpn.inc | ||
---|---|---|
819 | 819 |
/* end racoon.conf */ |
820 | 820 |
|
821 | 821 |
/* generate IPsec policies */ |
822 |
if (is_array($a_phase2) && count($a_phase2)) { |
|
823 |
/* generate spd.conf */ |
|
824 |
$fd = fopen("{$g['varetc_path']}/spd.conf", "w"); |
|
825 |
if (!$fd) { |
|
826 |
printf(gettext("Error: cannot open spd.conf in vpn_ipsec_configure().") . "\n"); |
|
827 |
return 1; |
|
828 |
} |
|
829 |
|
|
830 |
$spdconf = ""; |
|
822 |
/* generate spd.conf */ |
|
823 |
$fd = fopen("{$g['varetc_path']}/spd.conf", "w"); |
|
824 |
if (!$fd) { |
|
825 |
printf(gettext("Error: cannot open spd.conf in vpn_ipsec_configure().") . "\n"); |
|
826 |
return 1; |
|
827 |
} |
|
831 | 828 |
|
829 |
$spdconf = ""; |
|
830 |
if (is_array($a_phase2) && count($a_phase2)) { |
|
832 | 831 |
/* Try to prevent people from locking themselves out of webgui. Just in case. */ |
833 | 832 |
if ($config['interfaces']['lan']) { |
834 | 833 |
$lanip = get_interface_ip("lan"); |
... | ... | |
925 | 924 |
mwexec("/sbin/route delete -host {$rgip}", true); |
926 | 925 |
} |
927 | 926 |
|
928 |
fwrite($fd, $spdconf); |
|
929 |
fclose($fd); |
|
930 | 927 |
} |
928 |
fwrite($fd, $spdconf); |
|
929 |
fclose($fd); |
|
931 | 930 |
|
932 | 931 |
/* needed for racoonctl admin socket */ |
933 | 932 |
if (!is_dir("/var/db/racoon")) |
Also available in: Unified diff
Ensure we always write out a blank spd.conf if there are no phase 2 entries. If you delete the last phase 2 and then apply, it will still be in spd.conf and used by racoon even with no phase 2's configured.