diff options
| author | Chris Buechler <cmb@pfsense.org> | 2015-04-04 19:50:04 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2015-04-04 19:52:10 -0500 |
| commit | c5292060a497a88bdeb5cb9325fb2a5595bbcea1 (patch) | |
| tree | cc9b1198d6621339e4250c39cef45d47b26b2391 | |
| parent | 600b4c3bb8a148032348f7d980ba2cfac683306f (diff) | |
| download | pfsense-c5292060a497a88bdeb5cb9325fb2a5595bbcea1.zip pfsense-c5292060a497a88bdeb5cb9325fb2a5595bbcea1.tar.gz | |
Fix up Ticket #4504 implementation. Match config style with other areas. Use a config setting to disable, rather than enable, this functionality since it's enabled by default so the tag isn't necessary in the default config. Remove now unnecessary config upgrade code.
| -rw-r--r-- | etc/inc/upgrade_config.inc | 3 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 12 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 18 |
3 files changed, 15 insertions, 18 deletions
diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 377e458..96f0325 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -3555,9 +3555,6 @@ function upgrade_115_to_116() { function upgrade_116_to_117() { global $config; - if (is_array($config['ipsec'])) - $config['ipsec']['shuntlaninterfaces'] = true; - if (!isset($config['ipsec']['client']) || !isset($config['ipsec']['client']['dns_split']) || empty($config['ipsec']['client']['dns_split'])) { diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 30d703a..ccfbd12 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -590,7 +590,7 @@ EOD; $ipsecconf .= "config setup\n\tuniqueids = {$uniqueids}\n"; $ipsecconf .= "\tcharondebug=\"" . vpn_ipsec_configure_loglevels(true) . "\"\n"; - if (isset($config['ipsec']['shuntlaninterfaces'])) { + if (!isset($config['ipsec']['noshuntlaninterfaces'])) { if ($config['interfaces']['lan']) { $lanip = get_interface_ip("lan"); if (!empty($lanip) && is_ipaddrv4($lanip)) { @@ -599,11 +599,11 @@ EOD; $ipsecconf .= <<<EOD conn bypasslan - leftsubnet={$lanip}/32 - rightsubnet={$lansa}/{$lansn} - authby=never - type=passthrough - auto=route + leftsubnet = {$lanip}/32 + rightsubnet = {$lansa}/{$lansn} + authby = never + type = passthrough + auto = route EOD; } diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 6c63722..7c21817 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -46,7 +46,7 @@ foreach ($ipsec_loglevels as $lkey => $ldescr) { $pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"]; } $pconfig['unityplugin'] = isset($config['ipsec']['unityplugin']); -$pconfig['shuntlaninterfaces'] = isset($config['ipsec']['shuntlaninterfaces']); +$pconfig['noshuntlaninterfaces'] = isset($config['ipsec']['noshuntlaninterfaces']); $pconfig['compression'] = isset($config['ipsec']['compression']); $pconfig['enableinterfacesuse'] = isset($config['ipsec']['enableinterfacesuse']); $pconfig['acceptunencryptedmainmode'] = isset($config['ipsec']['acceptunencryptedmainmode']); @@ -156,10 +156,10 @@ if ($_POST) { unset($config['ipsec']['unityplugin']); } - if($_POST['shuntlaninterfaces'] == "yes") { - $config['ipsec']['shuntlaninterfaces'] = true; - } elseif (isset($config['ipsec']['shuntlaninterfaces'])) { - unset($config['ipsec']['shuntlaninterfaces']); + if($_POST['noshuntlaninterfaces'] == "yes") { + $config['ipsec']['noshuntlaninterfaces'] = true; + } elseif (isset($config['ipsec']['noshuntlaninterfaces'])) { + unset($config['ipsec']['noshuntlaninterfaces']); } if($_POST['acceptunencryptedmainmode'] == "yes") { @@ -356,12 +356,12 @@ function maxmss_checked(obj) { </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Bypass LAN address"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Auto-exclude LAN address"); ?></td> <td width="78%" class="vtable"> - <input name="shuntlaninterfaces" type="checkbox" id="shuntlaninterfaces" value="yes" <?php if ($pconfig['shuntlaninterfaces'] == true) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Enable bypass for LAN interface ip"); ?></strong> + <input name="noshuntlaninterfaces" type="checkbox" id="noshuntlaninterfaces" value="yes" <?php if (!$pconfig['noshuntlaninterfaces'] == true) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Enable bypass for LAN interface IP"); ?></strong> <br /> - <?=gettext("Prevent LAN ip address to be proccessed for IPsec traffic."); ?> + <?=gettext("Exclude traffic from LAN subnet to LAN IP address from IPsec."); ?> </td> </tr> <tr> |
