summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2011-06-03 09:50:53 -0400
committerjim-p <jimp@pfsense.org>2011-06-03 09:50:53 -0400
commit5cd9e96a426fa1d62928d93a2539376912033349 (patch)
treec42854c203a544aac87c7aa2cd5e3109d76c33ca
parent039cb9203f672bb2529e8302fb93b60b94d35fd4 (diff)
downloadpfsense-5cd9e96a426fa1d62928d93a2539376912033349.zip
pfsense-5cd9e96a426fa1d62928d93a2539376912033349.tar.gz
Add a GUI selection for racoon's generate_policy directive since it may be useful in certain configurations, especially for mobile clients.
-rw-r--r--etc/inc/vpn.inc6
-rw-r--r--usr/local/www/vpn_ipsec_phase1.php18
2 files changed, 21 insertions, 3 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 2411caf..5e014fd 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -481,7 +481,7 @@ function vpn_ipsec_configure($ipchg = false)
$natt = $ph1ent['nat_traversal'];
$init = "on";
- $genp = "off";
+ $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "off";
$pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "claim";
$passive = "";
if (isset($ph1ent['mobile'])) {
@@ -490,10 +490,10 @@ function vpn_ipsec_configure($ipchg = false)
/* Mimic 1.2.3's behavior for pure-psk mobile tunnels */
if ($ph1ent['authentication_method'] == "pre_shared_key") {
$pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey";
- $genp = "on";
+ $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "on";
} else {
$init = "off";
- $genp = "unique";
+ $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "unique";
}
}
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index 12bb235..69cb438 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -89,6 +89,7 @@ if (isset($p1index) && $a_phase1[$p1index]) {
$pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup'];
$pconfig['lifetime'] = $a_phase1[$p1index]['lifetime'];
$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
+ $pconfig['generate_policy'] = $a_phase1[$p1index]['generate_policy'];
$pconfig['proposal_check'] = $a_phase1[$p1index]['proposal_check'];
if (($pconfig['authentication_method'] == "pre_shared_key") ||
@@ -307,6 +308,7 @@ if ($_POST) {
$ph1ent['certref'] = $pconfig['certref'];
$ph1ent['caref'] = $pconfig['caref'];
$ph1ent['authentication_method'] = $pconfig['authentication_method'];
+ $ph1ent['generate_policy'] = $pconfig['generate_policy'];
$ph1ent['proposal_check'] = $pconfig['proposal_check'];
$ph1ent['descr'] = $pconfig['descr'];
$ph1ent['nat_traversal'] = $pconfig['nat_traversal'];
@@ -644,6 +646,22 @@ function dpdchkbox_change() {
</span>
</td>
</tr>
+ <tr id="generate_policy">
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Policy Generation"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="generate_policy" class="formselect">
+ <option value="" <?php if (empty($pconfig['generate_policy'])) echo "selected"; ?>>Default</option>
+ <option value="on" <?php if ($pconfig['generate_policy'] == "on") echo "selected"; ?>>On</option>
+ <option value="off" <?php if ($pconfig['generate_policy'] == "off") echo "selected"; ?>>Off</option>
+ <option value="require" <?php if ($pconfig['generate_policy'] == "require") echo "selected"; ?>>Require</option>
+ <option value="unique" <?php if ($pconfig['generate_policy'] == "unique") echo "selected"; ?>>Unique</option>
+ </select>
+ <br>
+ <span class="vexpl">
+ <?=gettext("When working as a responder (as with mobile clients), this controls how policies are generated based on SA proposals."); ?>
+ </span>
+ </td>
+ </tr>
<tr id="proposal_check">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Proposal Checking"); ?></td>
<td width="78%" class="vtable">
OpenPOWER on IntegriCloud