| 1 |
cb7d18d5
|
Renato Botelho
|
#!/usr/local/bin/php-cgi -f
|
| 2 |
243f00e7
|
Scott Ullrich
|
<?php
|
| 3 |
|
|
/*
|
| 4 |
ac24dc24
|
Renato Botelho
|
* rc.newipsecdns
|
| 5 |
|
|
*
|
| 6 |
|
|
* part of pfSense (https://www.pfsense.org)
|
| 7 |
c5d81585
|
Renato Botelho
|
* Copyright (c) 2009 Seth Mos <seth.mos@dds.nl>.
|
| 8 |
38809d47
|
Renato Botelho do Couto
|
* Copyright (c) 2004-2013 BSD Perimeter
|
| 9 |
|
|
* Copyright (c) 2013-2016 Electric Sheep Fencing
|
| 10 |
a68f7a3d
|
Luiz Otavio O Souza
|
* Copyright (c) 2014-2024 Rubicon Communications, LLC (Netgate)
|
| 11 |
ac24dc24
|
Renato Botelho
|
* All rights reserved.
|
| 12 |
|
|
*
|
| 13 |
|
|
* Originally part of m0n0wall (http://m0n0.ch/wall)
|
| 14 |
c5d81585
|
Renato Botelho
|
* Copyright (c) 2007 Manuel Kasper <mk@neon1.net>.
|
| 15 |
ac24dc24
|
Renato Botelho
|
* All rights reserved.
|
| 16 |
|
|
*
|
| 17 |
b12ea3fb
|
Renato Botelho
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
| 18 |
|
|
* you may not use this file except in compliance with the License.
|
| 19 |
|
|
* You may obtain a copy of the License at
|
| 20 |
ac24dc24
|
Renato Botelho
|
*
|
| 21 |
b12ea3fb
|
Renato Botelho
|
* http://www.apache.org/licenses/LICENSE-2.0
|
| 22 |
ac24dc24
|
Renato Botelho
|
*
|
| 23 |
b12ea3fb
|
Renato Botelho
|
* Unless required by applicable law or agreed to in writing, software
|
| 24 |
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
| 25 |
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| 26 |
|
|
* See the License for the specific language governing permissions and
|
| 27 |
|
|
* limitations under the License.
|
| 28 |
ac24dc24
|
Renato Botelho
|
*/
|
| 29 |
243f00e7
|
Scott Ullrich
|
|
| 30 |
de0de382
|
Ermal
|
require_once("util.inc");
|
| 31 |
7c6f38e4
|
PiBa-NL
|
require_once("globals.inc");
|
| 32 |
|
|
|
| 33 |
|
|
/* make sure to wait until the boot scripts have finished */
|
| 34 |
|
|
if (file_exists("{$g['varrun_path']}/booting")) {
|
| 35 |
|
|
return;
|
| 36 |
|
|
}
|
| 37 |
|
|
|
| 38 |
|
|
$ipseclck_pending = try_lock('ipsecdns_pending', 0);
|
| 39 |
|
|
if (!$ipseclck_pending) {
|
| 40 |
c6220dcf
|
jim-p
|
/* if a ipsec_configure() is still pending no need to stack up another one */
|
| 41 |
7c6f38e4
|
PiBa-NL
|
return;
|
| 42 |
|
|
}
|
| 43 |
|
|
|
| 44 |
|
|
/* parse the configuration and include all functions used below */
|
| 45 |
de0de382
|
Ermal
|
require_once("config.inc");
|
| 46 |
|
|
require_once("gwlb.inc");
|
| 47 |
|
|
require_once("functions.inc");
|
| 48 |
e173dd74
|
Phil Davis
|
require_once("filter.inc");
|
| 49 |
|
|
require_once("shaper.inc");
|
| 50 |
1d75a92f
|
Ingo Bauersachs
|
require_once("auth.inc");
|
| 51 |
de0de382
|
Ermal
|
require_once("ipsec.inc");
|
| 52 |
|
|
require_once("vpn.inc");
|
| 53 |
483e6de8
|
Scott Ullrich
|
|
| 54 |
7c6f38e4
|
PiBa-NL
|
if (!ipsec_enabled()) {
|
| 55 |
|
|
unlock($ipseclck_pending);
|
| 56 |
de0de382
|
Ermal
|
return;
|
| 57 |
e173dd74
|
Phil Davis
|
}
|
| 58 |
de0de382
|
Ermal
|
|
| 59 |
|
|
$ipseclck = lock('ipsecdns', LOCK_EX);
|
| 60 |
7c6f38e4
|
PiBa-NL
|
sleep(12);
|
| 61 |
|
|
unlock($ipseclck_pending);
|
| 62 |
|
|
sleep(3);
|
| 63 |
|
|
log_error("IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.");
|
| 64 |
|
|
|
| 65 |
|
|
/* make sure we have the latest configuration changes loaded. */
|
| 66 |
435948ff
|
Reid Linnemann
|
global $config;
|
| 67 |
7c6f38e4
|
PiBa-NL
|
$config = parse_config();
|
| 68 |
de0de382
|
Ermal
|
|
| 69 |
c6220dcf
|
jim-p
|
ipsec_configure();
|
| 70 |
72bd8df5
|
Ermal Lu?i
|
|
| 71 |
de0de382
|
Ermal
|
unlock($ipseclck);
|
| 72 |
15701e03
|
jim-p
|
|
| 73 |
a264f870
|
jim-p
|
ipsec_reload_package_hook();
|