Project

General

Profile

« Previous | Next » 

Revision aea2a0c3

Added by Jim Pingle about 7 years ago

Fix IPsec VTI gateway generation to match interface changes. Fixes #8544

View differences:

src/etc/inc/filter.inc
1704 1704
	}
1705 1705
	if (is_array($config['ipsec']) && is_array($config['ipsec']['phase1']) && is_array($config['ipsec']['phase2'])) {
1706 1706
		foreach ($config['ipsec']['phase1'] as $ph1ent) {
1707
			// Skip disabled or non-matching IPsec
1708
			if (($ikeid != $ph1ent['ikeid']) || $ph1ent['disabled']) {
1709
				continue;
1710
			}
1711 1707
			$vti_addrs = ipsec_vti($ph1ent, true);
1712 1708
			// Skip non-VTI tunnels
1713 1709
			if (!$vti_addrs || !is_array($vti_addrs)) {
src/etc/inc/gwlb.inc
734 734
					$ikeid = substr($ifcfg['if'], 5);
735 735
					if (is_array($config['ipsec']) && is_array($config['ipsec']['phase1']) && is_array($config['ipsec']['phase2'])) {
736 736
						foreach ($config['ipsec']['phase1'] as $ph1ent) {
737
							// Skip disabled or non-matching IPsec
738
							if (($ikeid != $ph1ent['ikeid']) || $ph1ent['disabled']) {
737
							if ($ph1ent['disabled']) {
739 738
								continue;
740 739
							}
741
							$vti_addrs = ipsec_vti($ph1ent, true);
740
							$vtisubnet_spec = ipsec_vti($ph1ent, true);
742 741
							// Skip non-VTI tunnels
743
							if (!$vti_addrs || !is_array($vti_addrs)) {
742
							if (!$vtisubnet_spec || !is_array($vtisubnet_spec)) {
744 743
								continue;
745 744
							}
746
							// If any of the VTI remotes is v4, then we can make a v4 gw
747
							foreach ($vti_addrs as $vtia) {
748
								if (is_ipaddrv4($vtia['right'])) {
749
									$ctype = "VTIv4";
745
							if (!isset($ph1ent['mobile']) && ($keyexchange == 'ikev1' || isset($ph1ent['splitconn']))) {
746
								foreach ($vtisubnet_spec as $idx => $vtisub) {
747
									if ($ifcfg['if'] == "ipsec{$ph1ent['ikeid']}00{$idx}") {
748
										// If this specific VTI remote is v4, then we can make a v4 gw
749
										if (is_ipaddrv4($vtisub['right'])) {
750
											$ctype = "VTIv4";
751
										}
752
									}
753
								}
754
							} else {
755
								if ($ifcfg['if'] == "ipsec{$ph1ent['ikeid']}000") {
756
									// If any of the VTI remotes are v4, then we can make a v4 gw
757
									foreach ($vtisubnet_spec as $vtisub) {
758
										if (is_ipaddrv4($vtisub['right'])) {
759
											$ctype = "VTIv4";
760
										}
761
									}
750 762
								}
751 763
							}
752 764
						}
......
864 876
					$ikeid = substr($ifcfg['if'], 5);
865 877
					if (is_array($config['ipsec']) && is_array($config['ipsec']['phase1']) && is_array($config['ipsec']['phase2'])) {
866 878
						foreach ($config['ipsec']['phase1'] as $ph1ent) {
867
							// Skip disabled or non-matching IPsec
868
							if (($ikeid != $ph1ent['ikeid']) || $ph1ent['disabled']) {
879
							if ($ph1ent['disabled']) {
869 880
								continue;
870 881
							}
871
							$vti_addrs = ipsec_vti($ph1ent, true);
882
							$vtisubnet_spec = ipsec_vti($ph1ent, true);
872 883
							// Skip non-VTI tunnels
873
							if (!$vti_addrs || !is_array($vti_addrs)) {
884
							if (!$vtisubnet_spec || !is_array($vtisubnet_spec)) {
874 885
								continue;
875 886
							}
876
							// If any of the VTI remotes is v6, then we can make a v6 gw
877
							foreach ($vti_addrs as $vtia) {
878
								if (is_ipaddrv6($vtia['right'])) {
879
									$ctype = "VTIv6";
887
							if (!isset($ph1ent['mobile']) && ($keyexchange == 'ikev1' || isset($ph1ent['splitconn']))) {
888
								foreach ($vtisubnet_spec as $idx => $vtisub) {
889
									if ($ifcfg['if'] == "ipsec{$ph1ent['ikeid']}00{$idx}") {
890
										// If this specific VTI remote is v6, then we can make a v6 gw
891
										if (is_ipaddrv6($vtisub['right'])) {
892
											$ctype = "VTIv6";
893
										}
894
									}
895
								}
896
							} else {
897
								if ($ifcfg['if'] == "ipsec{$ph1ent['ikeid']}000") {
898
									// If any of the VTI remotes are v6, then we can make a v6 gw
899
									foreach ($vtisubnet_spec as $vtisub) {
900
										if (is_ipaddrv6($vtisub['right'])) {
901
											$ctype = "VTIv6";
902
										}
903
									}
880 904
								}
881 905
							}
882 906
						}

Also available in: Unified diff