diff options
| author | Seth Mos <seth.mos@dds.nl> | 2011-03-15 11:38:42 +0100 |
|---|---|---|
| committer | Seth Mos <seth.mos@dds.nl> | 2011-03-15 16:29:59 +0100 |
| commit | 98790f61dcf585c67d5069a2ab85e8d1c2678d10 (patch) | |
| tree | e5d3646ef32444ae994c8cfaf4fda37c9f72e4c1 /etc/inc/ipsec.inc | |
| parent | b47ceaea3aaf234c1eeb7e51facc8bf906206baa (diff) | |
| download | pfsense-98790f61dcf585c67d5069a2ab85e8d1c2678d10.zip pfsense-98790f61dcf585c67d5069a2ab85e8d1c2678d10.tar.gz | |
Try to make IPv6 feature complete for IPv6 support. Looks like ipsec-tools was built without v6 support, make sure you have a newer build
Diffstat (limited to 'etc/inc/ipsec.inc')
| -rw-r--r-- | etc/inc/ipsec.inc | 61 |
1 files changed, 42 insertions, 19 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index adfea05..fad5d6a 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -82,8 +82,8 @@ $p1_authentication_methods = array( 'pre_shared_key' => array( 'name' => 'Mutual PSK', 'mobile' => false ) ); $p2_modes = array( - 'tunnel' => 'Tunnel v4', - 'tunnel6' => 'Tunnel v6', + 'tunnel' => 'Tunnel IPv4', + 'tunnel6' => 'Tunnel IPv6', 'transport' => 'Transport'); $p2_protos = array( @@ -173,21 +173,33 @@ function ipsec_idinfo_to_cidr(& $idinfo,$addrbits = false) { switch ($idinfo['type']) { case "address": - if ($addrbits) - return $idinfo['address']."/32"; - else + if ($addrbits) { + if($idinfo['mode'] == "tunnel6") { + return $idinfo['address']."/128"; + } else { + return $idinfo['address']."/32"; + } + } else { return $idinfo['address']; + } case "network": return $idinfo['address']."/".$idinfo['netbits']; case "none": case "mobile": return "0.0.0.0/0"; default: - $address = get_interface_ip($idinfo['type']); - $netbits = get_interface_subnet($idinfo['type']); - $address = gen_subnet($address,$netbits); - return $address."/".$netbits; - } + if($idinfo['mode'] == "tunnel6") { + $address = get_interface_ipv6($idinfo['type']); + $netbits = get_interface_subnetv6($idinfo['type']); + $address = gen_subnetv6($address,$netbits); + return $address."/".$netbits; + } else { + $address = get_interface_ip($idinfo['type']); + $netbits = get_interface_subnet($idinfo['type']); + $address = gen_subnet($address,$netbits); + return $address."/".$netbits; + } + } } /* @@ -199,22 +211,33 @@ function ipsec_idinfo_to_subnet(& $idinfo,$addrbits = false) { switch ($idinfo['type']) { case "address": - if ($addrbits) - return $idinfo['address']."/255.255.255.255"; - else + if ($addrbits) { + if($idinfo['mode'] == "tunnel6") { + return $idinfo['address']."/128"; + } else { + return $idinfo['address']."/255.255.255.255"; + } + } else { return $idinfo['address']; + } case "none": case "network": return $idinfo['address']."/".gen_subnet_mask($idinfo['netbits']); case "mobile": return "0.0.0.0/0"; default: - $address = get_interface_ip($idinfo['type']); - $netbits = get_interface_subnet($idinfo['type']); - $address = gen_subnet($address,$netbits); - $netbits = gen_subnet_mask($netbits); - return $address."/".netbits; - } + if($idinfo['mode'] == "tunnel6") { + $address = get_interface_ipv6($idinfo['type']); + $netbits = get_interface_subnetv6($idinfo['type']); + $address = gen_subnetv6($address,$netbits); + return $address."/".$netbits; + } else { + $address = get_interface_ip($idinfo['type']); + $netbits = get_interface_subnet($idinfo['type']); + $address = gen_subnet($address,$netbits); + return $address."/".$netbits; + } + } } /* |
