diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2015-11-22 07:21:49 -0600 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2015-11-22 07:21:49 -0600 |
commit | dc0f709e8a6ce7c6d40e8e2ae0742bda22ac642c (patch) | |
tree | 8546bb96bea21afcc74885410ee36849d9d744dd | |
parent | ea792608e8aab65bdb8635783a394c17de5ddd17 (diff) | |
download | pfsense-dc0f709e8a6ce7c6d40e8e2ae0742bda22ac642c.zip pfsense-dc0f709e8a6ce7c6d40e8e2ae0742bda22ac642c.tar.gz |
Convert all the occurrences of $config['ipsec']['enable'] in filter.inc, ipsec.inc and service-utils.inc
Fix ruleset when IPSEC is enabled but there are no Phase 1 entries.
Issue: #5487
-rw-r--r-- | src/etc/inc/filter.inc | 30 | ||||
-rw-r--r-- | src/etc/inc/ipsec.inc | 4 | ||||
-rw-r--r-- | src/etc/inc/service-utils.inc | 2 |
3 files changed, 18 insertions, 18 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 9fcefbc..b505825 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -928,13 +928,13 @@ function filter_get_vpns_list() { $vpns_arr = array(); /* ipsec */ - if (isset($config['ipsec']['enable'])) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { if (is_array($config['ipsec']['phase2'])) { foreach ($config['ipsec']['phase2'] as $ph2ent) { if ((!$ph2ent['mobile']) && ($ph2ent['mode'] != 'transport')) { - if (!function_exists('ipsec_idinfo_to_cidr')) { - require_once("ipsec.inc"); - } if (!is_array($ph2ent['remoteid'])) { continue; } @@ -1892,13 +1892,13 @@ function filter_nat_rules_generate() { } /* ipsec nat */ - if (is_array($config['ipsec']) && isset($config['ipsec']['enable'])) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { if (is_array($config['ipsec']['phase2'])) { foreach ($config['ipsec']['phase2'] as $ph2ent) { if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid']) && !isset($ph2ent['disabled'])) { - if (!function_exists('ipsec_idinfo_to_cidr')) { - require_once("ipsec.inc"); - } ipsec_lookup_phase1($ph2ent, $ph1ent); if (!is_array($ph1ent)) { continue; @@ -3466,7 +3466,10 @@ EOD; $saved_tracker += 300; $tracker = $saved_tracker; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { $ipfrules .= "pass out {$log['pass']} on \$IPsec all tracker {$increment_tracker($tracker)} tracker {$increment_tracker($tracker)} keep state label \"IPsec internal host to host\"\n"; } @@ -3954,8 +3957,10 @@ function filter_generate_ipsec_rules($log = array()) { $increment_tracker = 'filter_rule_tracker'; $ipfrules = "\n# VPN Rules\n"; - if ((isset($config['ipsec']['enable'])) && - (is_array($config['ipsec']['phase1']))) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { /* step through all phase1 entries */ foreach ($config['ipsec']['phase1'] as $ph1ent) { $tracker += 10; @@ -3965,9 +3970,6 @@ function filter_generate_ipsec_rules($log = array()) { } /* determine local and remote peer addresses */ if (!isset($ph1ent['mobile'])) { - if (!function_exists('ipsec_get_phase1_dst')) { - require_once("ipsec.inc"); - } $rgip = ipsec_get_phase1_dst($ph1ent); if (!$rgip) { $ipfrules .= "# ERROR! Unable to determine remote IPsec peer address for {$ph1ent['remote-gateway']}\n"; diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc index 5d45ef1..502cc37 100644 --- a/src/etc/inc/ipsec.inc +++ b/src/etc/inc/ipsec.inc @@ -475,11 +475,9 @@ function ipsec_phase2_status(&$ipsec_status, &$phase2) { * Wrapper to call pfSense_ipsec_list_sa() when IPsec is enabled */ function ipsec_list_sa() { - global $config; - if (isset($config['ipsec']['enable'])) { + if (ipsec_enabled()) return pfSense_ipsec_list_sa(); - } return array(); } diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc index b40aa39..8ccd4a9 100644 --- a/src/etc/inc/service-utils.inc +++ b/src/etc/inc/service-utils.inc @@ -346,7 +346,7 @@ function get_services() { $services[] = $pconfig; } - if (isset($config['ipsec']['enable'])) { + if (ipsec_enabled()) { $pconfig = array(); $pconfig['name'] = "ipsec"; $pconfig['description'] = gettext("IPsec VPN"); |