diff options
| author | Ermal Luçi <eri@pfsense.org> | 2010-03-16 13:08:01 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2010-03-16 13:08:01 +0000 |
| commit | 63017a732e0e4f1c3459106a5ac24abfea074877 (patch) | |
| tree | 62d247d9032b8a71c76a8db40433e1b34c016f3f | |
| parent | 0b6ab3ec67c60e1c3dc51822bec8d796e21c3abf (diff) | |
| download | pfsense-63017a732e0e4f1c3459106a5ac24abfea074877.zip pfsense-63017a732e0e4f1c3459106a5ac24abfea074877.tar.gz | |
Ticket #430. Give a none option to allow for roadwarriors configs.
| -rw-r--r-- | etc/inc/ipsec.inc | 10 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 12 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 5 |
3 files changed, 19 insertions, 8 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index c55bfea..d80f1c2 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -163,6 +163,7 @@ function ipsec_idinfo_to_cidr(& $idinfo,$addrbits = false) { return $idinfo['address']; case "network": return $idinfo['address']."/".$idinfo['netbits']; + case "none": case "mobile": return "0.0.0.0/0"; default: @@ -186,11 +187,12 @@ function ipsec_idinfo_to_subnet(& $idinfo,$addrbits = false) { return $idinfo['address']."/255.255.255.255"; else return $idinfo['address']; + case "none": case "network": return $idinfo['address']."/".gen_subnet_mask($idinfo['netbits']); case "mobile": return "0.0.0.0/0"; - default: + default: $address = get_interface_ip($idinfo['type']); $netbits = get_interface_subnet($idinfo['type']); $address = gen_subnet($address,$netbits); @@ -210,8 +212,10 @@ function ipsec_idinfo_to_text(& $idinfo) { return $idinfo['address']; case "network": return $idinfo['address']."/".$idinfo['netbits']; - case "mobile": - return "Mobile Client"; + case "mobile": + return "Mobile Client"; + case "none": + return "None"; default: return strtoupper($idinfo['type']); } diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 26631d7..1ebd07a 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -610,11 +610,13 @@ EOD; if ($ph2ent['mode'] == 'tunnel') { $localid_type = $ph2ent['localid']['type']; - if ($localid_type != "address") - $localid_type = "subnet"; - $localid_data = ipsec_idinfo_to_cidr($ph2ent['localid']); - $localid_spec = $localid_type." ".$localid_data." any"; + if ($localid_type == "none") + $localid_spec = " "; + else if ($localid_type != "address") { + $localid_type = "subnet"; + $localid_spec = $localid_type." ".$localid_data." any"; + } if (!isset($ph2ent['mobile'])) { $remoteid_type = $ph2ent['remoteid']['type']; @@ -808,7 +810,7 @@ EOD; } /* static route needed? */ - if (preg_match("/^carp/i", $ph1ent['interface'])) + if (preg_match("/^carp|^vip/i", $ph1ent['interface'])) $parentinterface = link_carp_interface_to_parent($ph1ent['interface']); else $parentinterface = $ph1ent['interface']; diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index a1eb068..0058f4d 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -237,6 +237,10 @@ function typesel_change_local(bits) { document.iform.localid_netbits.value = bits; document.iform.localid_netbits.disabled = 0; break; + case 3: /* none */ + document.iform.localid_address.disabled = 1; + document.iform.localid_netbits.disabled = 1; + break; default: document.iform.localid_address.value = ""; document.iform.localid_address.disabled = 1; @@ -356,6 +360,7 @@ function change_protocol() { <option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected";?>>Address</option> <option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected";?>>Network</option> <option value="lan" <?php if ($pconfig['localid_type'] == "lan" ) echo "selected";?>>LAN subnet</option> + <option value="none" <?php if ($pconfig['localid_type'] == "none" ) echo "selected";?>>None</option> </select> </td> </tr> |
