Revision 7dcf1cc7
Added by Jim Pingle over 13 years ago
| etc/inc/vpn.inc | ||
|---|---|---|
| 819 | 819 |
/* end racoon.conf */ |
| 820 | 820 |
|
| 821 | 821 |
/* generate IPsec policies */ |
| 822 |
if (is_array($a_phase2) && count($a_phase2)) {
|
|
| 823 |
/* generate spd.conf */ |
|
| 824 |
$fd = fopen("{$g['varetc_path']}/spd.conf", "w");
|
|
| 825 |
if (!$fd) {
|
|
| 826 |
printf(gettext("Error: cannot open spd.conf in vpn_ipsec_configure().") . "\n");
|
|
| 827 |
return 1; |
|
| 828 |
} |
|
| 829 |
|
|
| 830 |
$spdconf = ""; |
|
| 822 |
/* generate spd.conf */ |
|
| 823 |
$fd = fopen("{$g['varetc_path']}/spd.conf", "w");
|
|
| 824 |
if (!$fd) {
|
|
| 825 |
printf(gettext("Error: cannot open spd.conf in vpn_ipsec_configure().") . "\n");
|
|
| 826 |
return 1; |
|
| 827 |
} |
|
| 831 | 828 |
|
| 829 |
$spdconf = ""; |
|
| 830 |
if (is_array($a_phase2) && count($a_phase2)) {
|
|
| 832 | 831 |
/* Try to prevent people from locking themselves out of webgui. Just in case. */ |
| 833 | 832 |
if ($config['interfaces']['lan']) {
|
| 834 | 833 |
$lanip = get_interface_ip("lan");
|
| ... | ... | |
| 925 | 924 |
mwexec("/sbin/route delete -host {$rgip}", true);
|
| 926 | 925 |
} |
| 927 | 926 |
|
| 928 |
fwrite($fd, $spdconf); |
|
| 929 |
fclose($fd); |
|
| 930 | 927 |
} |
| 928 |
fwrite($fd, $spdconf); |
|
| 929 |
fclose($fd); |
|
| 931 | 930 |
|
| 932 | 931 |
/* needed for racoonctl admin socket */ |
| 933 | 932 |
if (!is_dir("/var/db/racoon"))
|
Also available in: Unified diff
Ensure we always write out a blank spd.conf if there are no phase 2 entries. If you delete the last phase 2 and then apply, it will still be in spd.conf and used by racoon even with no phase 2's configured.