Revision d1f69741
Added by Jim Pingle over 7 years ago
| src/etc/inc/ipsec.inc | ||
|---|---|---|
| 277 | 277 |
} else {
|
| 278 | 278 |
$if = "wan"; |
| 279 | 279 |
} |
| 280 |
$ip6 = get_interface_ipv6($if); |
|
| 281 |
$ip4 = get_interface_ip($if); |
|
| 280 | 282 |
if ($ph1ent['protocol'] == "inet6") {
|
| 281 |
$interfaceip = get_interface_ipv6($if); |
|
| 282 |
} else {
|
|
| 283 |
$interfaceip = get_interface_ip($if); |
|
| 283 |
$interfaceip = $ip6; |
|
| 284 |
} elseif ($ph1ent['protocol'] == "inet") {
|
|
| 285 |
$interfaceip = $ip4; |
|
| 286 |
} elseif ($ph1ent['protocol'] == "both") {
|
|
| 287 |
$ifips = array(); |
|
| 288 |
if (!empty($ip4)) {
|
|
| 289 |
$ifips[] = $ip4; |
|
| 290 |
} |
|
| 291 |
if (!empty($ip6)) {
|
|
| 292 |
$ifips[] = $ip6; |
|
| 293 |
} |
|
| 294 |
$interfaceip = implode(',', $ifips);
|
|
| 284 | 295 |
} |
| 285 | 296 |
|
| 286 | 297 |
return $interfaceip; |
| ... | ... | |
| 732 | 743 |
if (!$addr) {
|
| 733 | 744 |
return array(); |
| 734 | 745 |
} |
| 746 |
/* When automatically guessing, use the first address. */ |
|
| 747 |
$addr = explode(',', $addr);
|
|
| 748 |
$addr = $addr[0]; |
|
| 735 | 749 |
} elseif ($side == "peer") {
|
| 736 | 750 |
$id_type = $ph1ent['peerid_type']; |
| 737 | 751 |
$id_data = $ph1ent['peerid_data']; |
| src/etc/inc/vpn.inc | ||
|---|---|---|
| 270 | 270 |
$ikeid = $ph1ent['ikeid']; |
| 271 | 271 |
|
| 272 | 272 |
$ep = ipsec_get_phase1_src($ph1ent); |
| 273 |
/* When automatically guessing, use the first address. */ |
|
| 274 |
$ep = explode(',', $ep);
|
|
| 275 |
$ep = $ep[0]; |
|
| 273 | 276 |
if (!is_ipaddr($ep)) {
|
| 274 | 277 |
log_error(sprintf(gettext("IPsec ERROR: Could not find phase 1 source for connection %s. Omitting from configuration file."), $ph1ent['descr']));
|
| 275 | 278 |
continue; |
| src/usr/local/www/vpn_ipsec_phase1.php | ||
|---|---|---|
| 270 | 270 |
if ($pconfig['remotegw']) {
|
| 271 | 271 |
if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw'])) {
|
| 272 | 272 |
$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
|
| 273 |
} elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet")) {
|
|
| 273 |
} elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] == "inet6")) {
|
|
| 274 | 274 |
$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or protocol needs to be changed to IPv6");
|
| 275 |
} elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6")) {
|
|
| 275 |
} elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] == "inet")) {
|
|
| 276 | 276 |
$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or protocol needs to be changed to IPv4");
|
| 277 | 277 |
} |
| 278 | 278 |
} |
| ... | ... | |
| 698 | 698 |
'protocol', |
| 699 | 699 |
'*Internet Protocol', |
| 700 | 700 |
$pconfig['protocol'], |
| 701 |
array("inet" => "IPv4", "inet6" => "IPv6")
|
|
| 701 |
array("inet" => "IPv4", "inet6" => "IPv6", "both" => "Both (Dual Stack)")
|
|
| 702 | 702 |
))->setHelp('Select the Internet Protocol family.');
|
| 703 | 703 |
|
| 704 | 704 |
$section->addInput(new Form_Select( |
Also available in: Unified diff
Allow Dual Stack IPsec P1 interface. Fixes #6886
Allow "Both" to be selected for IPv4/IPv6 on IPsec P1, in the config use both addresses as "left =" if they both exist.
Some cases where a single address was assumed (e.g. ping hosts) default to using the first address.
Doesn't make sense when selecting a VIP that is a single type, but should still handle that gracefully, only using the one that actually exists.
There might be some edge cases that this doesn't handle properly.