Project

General

Profile

« Previous | Next » 

Revision 7dcf1cc7

Added by Jim Pingle over 13 years ago

Ensure we always write out a blank spd.conf if there are no phase 2 entries. If you delete the last phase 2 and then apply, it will still be in spd.conf and used by racoon even with no phase 2's configured.

View differences:

etc/inc/vpn.inc
819 819
		/* end racoon.conf */
820 820

  
821 821
		/* generate IPsec policies */
822
		if (is_array($a_phase2) && count($a_phase2)) {
823
			/* generate spd.conf */
824
			$fd = fopen("{$g['varetc_path']}/spd.conf", "w");
825
			if (!$fd) {
826
				printf(gettext("Error: cannot open spd.conf in vpn_ipsec_configure().") . "\n");
827
				return 1;
828
			}
829

  
830
			$spdconf = "";
822
		/* generate spd.conf */
823
		$fd = fopen("{$g['varetc_path']}/spd.conf", "w");
824
		if (!$fd) {
825
			printf(gettext("Error: cannot open spd.conf in vpn_ipsec_configure().") . "\n");
826
			return 1;
827
		}
831 828

  
829
		$spdconf = "";
830
		if (is_array($a_phase2) && count($a_phase2)) {
832 831
			/* Try to prevent people from locking themselves out of webgui. Just in case. */
833 832
			if ($config['interfaces']['lan']) {
834 833
				$lanip = get_interface_ip("lan");
......
925 924
					mwexec("/sbin/route delete -host {$rgip}", true);
926 925
			}
927 926

  
928
			fwrite($fd, $spdconf);
929
			fclose($fd);
930 927
		}
928
		fwrite($fd, $spdconf);
929
		fclose($fd);
931 930

  
932 931
		/* needed for racoonctl admin socket */
933 932
		if (!is_dir("/var/db/racoon"))

Also available in: Unified diff