diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-07-03 19:13:34 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-07-03 19:13:34 +0000 |
| commit | 17da6c791faa614c6e51976df192f07ae2d736f6 (patch) | |
| tree | 43a73873d040f0a7fe8af1b4b8b46ae8566f0e91 | |
| parent | bd9548e05a9b536806e0ade405c7327ef80954eb (diff) | |
| download | pfsense-17da6c791faa614c6e51976df192f07ae2d736f6.zip pfsense-17da6c791faa614c6e51976df192f07ae2d736f6.tar.gz | |
Import back in pfSense modifications:
* Failover IPSEC support ['ipsec']['ip']
* creategfif support for multi subnet routing
| -rw-r--r-- | etc/inc/vpn.inc | 42 |
1 files changed, 35 insertions, 7 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index b89f239..c7681de 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1,21 +1,24 @@ <?php +/* $Id$ */ /* vpn.inc - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2004 Scott Ullrich All rights reserved. - + + originally part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -35,6 +38,10 @@ function vpn_ipsec_configure($ipchg = false) { global $config, $g; $curwanip = get_current_wan_address(); + + /* if we defined a listen ip, lets set up */ + if($config['ipsec']['ip'] <> "") + $curwanip = $config['ipsec']['ip']; $syscfg = $config['system']; $ipseccfg = $config['ipsec']; @@ -106,6 +113,16 @@ function vpn_ipsec_configure($ipchg = false) { vpn_localnet_determine($tunnel['local-subnet'], $sa, $sn); + if(isset($tunnel['creategif'])) { + $number_of_gifs = find_last_gif_device(); + $number_of_gifs++; + $curwanip = get_current_wan_address(); + if($config['ipsec']['ip'] <> "") + $curwanip = $config['ipsec']['ip']; + mwexec("/sbin/ifconfig gif" . $number_of_gifs . " tunnel" . $curwanip . " " . $tunnel['remote-gateway']); + mwexec("/sbin/ifconfig gif" . $number_of_gifs . " {$lansa}/{$lansn} {$lanip}/32"); + } + $spdconf .= "spdadd {$sa}/{$sn} " . "{$tunnel['remote-subnet']} any -P out ipsec " . "{$tunnel['p2']['protocol']}/tunnel/{$ep}-" . @@ -130,6 +147,17 @@ function vpn_ipsec_configure($ipchg = false) { printf("Error: cannot open racoon.conf in vpn_ipsec_configure().\n"); return 1; } + + if($config['ipsec']['ip'] <> "") { + + $interface_ip = $config['ipsec']['ip']; + $racoonconf .= <<<EOD +listen { + isakmp {$interface_ip} [500]; +} + +EOD; + } $racoonconf = "path pre_shared_key \"{$g['varetc_path']}/psk.txt\";\n\n"; $racoonconf .= "path certificate \"{$g['varetc_path']}\";\n\n"; |
