diff options
| author | jim-p <jimp@pfsense.org> | 2011-06-03 09:50:53 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2011-06-03 09:50:53 -0400 |
| commit | 5cd9e96a426fa1d62928d93a2539376912033349 (patch) | |
| tree | c42854c203a544aac87c7aa2cd5e3109d76c33ca | |
| parent | 039cb9203f672bb2529e8302fb93b60b94d35fd4 (diff) | |
| download | pfsense-5cd9e96a426fa1d62928d93a2539376912033349.zip pfsense-5cd9e96a426fa1d62928d93a2539376912033349.tar.gz | |
Add a GUI selection for racoon's generate_policy directive since it may be useful in certain configurations, especially for mobile clients.
| -rw-r--r-- | etc/inc/vpn.inc | 6 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 18 |
2 files changed, 21 insertions, 3 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 2411caf..5e014fd 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -481,7 +481,7 @@ function vpn_ipsec_configure($ipchg = false) $natt = $ph1ent['nat_traversal']; $init = "on"; - $genp = "off"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "off"; $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "claim"; $passive = ""; if (isset($ph1ent['mobile'])) { @@ -490,10 +490,10 @@ function vpn_ipsec_configure($ipchg = false) /* Mimic 1.2.3's behavior for pure-psk mobile tunnels */ if ($ph1ent['authentication_method'] == "pre_shared_key") { $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey"; - $genp = "on"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "on"; } else { $init = "off"; - $genp = "unique"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "unique"; } } diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 12bb235..69cb438 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -89,6 +89,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup']; $pconfig['lifetime'] = $a_phase1[$p1index]['lifetime']; $pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method']; + $pconfig['generate_policy'] = $a_phase1[$p1index]['generate_policy']; $pconfig['proposal_check'] = $a_phase1[$p1index]['proposal_check']; if (($pconfig['authentication_method'] == "pre_shared_key") || @@ -307,6 +308,7 @@ if ($_POST) { $ph1ent['certref'] = $pconfig['certref']; $ph1ent['caref'] = $pconfig['caref']; $ph1ent['authentication_method'] = $pconfig['authentication_method']; + $ph1ent['generate_policy'] = $pconfig['generate_policy']; $ph1ent['proposal_check'] = $pconfig['proposal_check']; $ph1ent['descr'] = $pconfig['descr']; $ph1ent['nat_traversal'] = $pconfig['nat_traversal']; @@ -644,6 +646,22 @@ function dpdchkbox_change() { </span> </td> </tr> + <tr id="generate_policy"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Policy Generation"); ?></td> + <td width="78%" class="vtable"> + <select name="generate_policy" class="formselect"> + <option value="" <?php if (empty($pconfig['generate_policy'])) echo "selected"; ?>>Default</option> + <option value="on" <?php if ($pconfig['generate_policy'] == "on") echo "selected"; ?>>On</option> + <option value="off" <?php if ($pconfig['generate_policy'] == "off") echo "selected"; ?>>Off</option> + <option value="require" <?php if ($pconfig['generate_policy'] == "require") echo "selected"; ?>>Require</option> + <option value="unique" <?php if ($pconfig['generate_policy'] == "unique") echo "selected"; ?>>Unique</option> + </select> + <br> + <span class="vexpl"> + <?=gettext("When working as a responder (as with mobile clients), this controls how policies are generated based on SA proposals."); ?> + </span> + </td> + </tr> <tr id="proposal_check"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Proposal Checking"); ?></td> <td width="78%" class="vtable"> |
