Correct ipsec status page to make connect button work

2 files changed, 30 insertions, 2 deletions

diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index 15f3c06..da6ebcc 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -571,6 +571,22 @@ function ipsec_get_descr($ikeid) {
 	return $descr;
 }
 
+function ipsec_get_phase1($ikeid) {
+        global $config;
+
+        if (!isset($config['ipsec']['phase1']) ||
+            !is_array($config['ipsec']['phase1']))
+                return '';
+
+        $a_phase1 = $config['ipsec']['phase1'];
+        foreach ($a_phase1 as $p1) {
+                if ($p1['ikeid'] == $ikeid) {
+                        return $p1;
+                }
+        }
+        unset($a_phase1);
+}
+
 function ipsec_fixup_ip($ipaddr) {
 	if (is_ipaddrv6($ipaddr) || is_subnetv6($ipaddr))
 		return Net_IPv6::compress(Net_IPv6::uncompress($ipaddr));
diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php
index 391e29b..827837a 100644
--- a/usr/local/www/diag_ipsec.php
+++ b/usr/local/www/diag_ipsec.php
@@ -55,8 +55,20 @@ require("ipsec.inc");
 
 if ($_GET['act'] == 'connect') {
 	if (ctype_digit($_GET['ikeid'])) {
-		mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
-		mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid']));
+		$ph1ent = ipsec_get_phase1($_GET['ikeid']);
+		if (!empty($ph1ent)) {
+			if ($ph1ent['iketype'] == 'ikev1') {
+				$ph2entries = ipsec_get_number_of_phase2($_GET['ikeid']);
+				for ($i = 0; $i < $ph2entries; $i++) {
+					$connid = escapeshellarg("con{$_GET['ikeid']}00{$i}");
+					mwexec("/usr/local/sbin/ipsec down {$connid}");
+					mwexec("/usr/local/sbin/ipsec up {$connid}");
+				}
+			} else {
+				mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
+				mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid']));
+			}
+		}
 	}
 } else if ($_GET['act'] == 'ikedisconnect') {
 	if (ctype_digit($_GET['ikeid'])) {