diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2013-05-10 10:35:01 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2013-05-15 11:53:06 -0400 |
| commit | 09628a0707596cb11e6608e933519eb1746b66b2 (patch) | |
| tree | 8b2e453abbe716bfc57f8b00c25529813ae21f0b /etc/inc/vpn.inc | |
| parent | c96e71d17e16f4461e142aaee801972a1098e3d0 (diff) | |
| download | pfsense-09628a0707596cb11e6608e933519eb1746b66b2.zip pfsense-09628a0707596cb11e6608e933519eb1746b66b2.tar.gz | |
Fix indent and whitespace
Diffstat (limited to 'etc/inc/vpn.inc')
| -rw-r--r-- | etc/inc/vpn.inc | 81 |
1 files changed, 40 insertions, 41 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 523a89c..f9b295a 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -37,7 +37,7 @@ pfSense_BUILDER_BINARIES: /usr/bin/killall /usr/local/sbin/sasyncd /sbin/ifconfig /sbin/sysctl pfSense_BUILDER_BINARIES: /usr/local/sbin/setkey /sbin/route /bin/mkdir pfSense_BUILDER_BINARIES: /usr/local/sbin/racoonctl /usr/local/sbin/racoon - pfSense_BUILDER_BINARIES: /usr/local/sbin/filterdns /usr/local/sbin/mpd4 + pfSense_BUILDER_BINARIES: /usr/local/sbin/filterdns /usr/local/sbin/mpd4 pfSense_MODULE: vpn */ @@ -128,7 +128,6 @@ function vpn_ipsec_configure($ipchg = false) /* needed for config files */ if (!is_dir("{$g['varetc_path']}/ipsec")) mkdir("{$g['varetc_path']}/ipsec"); - if ($g['booting']) echo gettext("Configuring IPsec VPN... "); @@ -251,7 +250,7 @@ function vpn_ipsec_configure($ipchg = false) unset($cert); } } - + $pskconf = ""; if (is_array($a_phase1) && count($a_phase1)) { @@ -304,12 +303,12 @@ function vpn_ipsec_configure($ipchg = false) @file_put_contents("{$g['varetc_path']}/ipsec/psk.txt", $pskconf); chmod("{$g['varetc_path']}/ipsec/psk.txt", 0600); unset($pskconf); - + /* begin racoon.conf */ $racoonconf = ""; if ((is_array($a_phase1) && count($a_phase1)) || (is_array($a_phase2) && count($a_phase2))) { - $racoonconf .= "# This file is automatically generated. Do not edit\n"; + $racoonconf .= "# This file is automatically generated. Do not edit\n"; $racoonconf .= "path pre_shared_key \"{$g['varetc_path']}/ipsec/psk.txt\";\n\n"; $racoonconf .= "path certificate \"{$g['varetc_path']}/ipsec\";\n\n"; @@ -411,7 +410,7 @@ function vpn_ipsec_configure($ipchg = false) $racoonconf .= "}\n\n"; } /* end mode_cfg section */ - + if ($a_client['user_source'] != "none") { $authcfgs = explode(",", $a_client['user_source']); $sed = "\$authmodes=array("; @@ -645,7 +644,7 @@ EOD; /* end remote */ } /* end remote sections */ - + /* begin sainfo sections */ if (is_array($a_phase2) && count($a_phase2)) { @@ -742,7 +741,7 @@ EOD; if( $ealg_kl == "auto" ) { /* This seems to be required on my system and was not reproducable * on other systems. For some reason $p2_ealgos is not defined - * and needs to be read back in!? -sullrich Aug 26, 2009 + * and needs to be read back in!? -sullrich Aug 26, 2009 */ if(!$p2_ealgos) require("ipsec.inc"); @@ -754,7 +753,7 @@ EOD; seconds wrecking bootup */ if($key_hi != 0 and $key_lo !=0 and $key_step !=0) { for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step) { -// Uncomment the next line if you want to test the comment 5 lines up. +// Uncomment the next line if you want to test the comment 5 lines up. // echo "$keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step \n"; if ($ealgos) $ealgos = $ealgos.", "; @@ -797,9 +796,9 @@ EOD; $lifeline = "lifetime time {$ph2ent['lifetime']} secs;"; /* add sainfo section to configuration */ - + $racoonconf .=<<<EOD - + sainfo {$localid_spec} {$remoteid_spec} { remoteid {$ikeid}; @@ -932,7 +931,7 @@ EOD; } } } - } + } } } @file_put_contents("{$g['varetc_path']}/ipsec/spd.conf", $spdconf); @@ -947,14 +946,14 @@ EOD; } else { /* flush SA + SPD entries */ mwexec("/usr/local/sbin/setkey -FP", false); - sleep("0.1"); + sleep("0.1"); mwexec("/usr/local/sbin/setkey -F", false); - sleep("0.1"); - /* start racoon */ + sleep("0.1"); + /* start racoon */ $ipsecdebug = isset($config['ipsec']['racoondebug']) ? "-d -v" : ""; mwexec("/usr/local/sbin/racoon {$ipsecdebug} -f {$g['varetc_path']}/ipsec/racoon.conf", false); - sleep("0.1"); - /* load SPD */ + sleep("0.1"); + /* load SPD */ mwexec("/usr/local/sbin/setkey -f {$g['varetc_path']}/ipsec/spd.conf", false); } @@ -982,7 +981,7 @@ EOD; killbypid("{$g['varrun_path']}/filterdns-ipsec.pid"); @unlink("{$g['varrun_path']}/filterdns-ipsec.pid"); } - + vpn_ipsec_failover_configure(); if ($g['booting']) @@ -992,7 +991,7 @@ EOD; } } -/* +/* * Forcefully restart IPsec * This is required for when dynamic interfaces reload * For all other occasions the normal vpn_ipsec_configure() @@ -1061,7 +1060,7 @@ function vpn_netgraph_support() { /* Get support for netgraph(4) from the nic */ $ifinfo = pfSense_get_interface_addresses($realif); if (!empty($ifinfo) && in_array($ifinfo['iftype'], array("ether", "vlan", "bridge"))) - pfSense_ngctl_attach(".", $realif); + pfSense_ngctl_attach(".", $realif); } } @@ -1096,7 +1095,7 @@ function vpn_pptpd_configure() { if (empty($pptpdcfg['n_pptp_units'])) { log_error("Something wrong in the PPTPd configuration. Preventing starting the daemon because issues would arise."); - return; + return; } /* make sure pptp-vpn directory exists */ @@ -1441,13 +1440,13 @@ EOD; for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) { $mpdlinks .=<<<EOD - + poes{$pppoecfg['pppoeid']}{$i}: set phys type pppoe - set pppoe iface {$pppoe_interface} - set pppoe service "*" - set pppoe disable originate - set pppoe enable incoming + set pppoe iface {$pppoe_interface} + set pppoe service "*" + set pppoe disable originate + set pppoe enable incoming EOD; } @@ -1573,20 +1572,20 @@ EOD; $mpdconf .=<<<EOD l2tp_standard: - set bundle disable multilink - set bundle enable compression - set bundle yes crypt-reqd - set ipcp yes vjcomp - # set ipcp ranges 131.188.69.161/32 131.188.69.170/28 - set ccp yes mppc - set iface disable on-demand - set iface enable proxy-arp + set bundle disable multilink + set bundle enable compression + set bundle yes crypt-reqd + set ipcp yes vjcomp + # set ipcp ranges 131.188.69.161/32 131.188.69.170/28 + set ccp yes mppc + set iface disable on-demand + set iface enable proxy-arp set iface up-script /usr/local/sbin/vpn-linkup set iface down-script /usr/local/sbin/vpn-linkdown - set link yes acfcomp protocomp - set link no pap chap - set link enable chap - set link keep-alive 10 180 + set link yes acfcomp protocomp + set link no pap chap + set link enable chap + set link keep-alive 10 180 EOD; @@ -1642,8 +1641,8 @@ EOD; l2tp{$i}: set link type l2tp - set l2tp enable incoming - set l2tp disable originate + set l2tp enable incoming + set l2tp disable originate EOD; if (!empty($l2tpcfg['secret'])) @@ -1690,7 +1689,7 @@ EOD; return 0; } -/* Walk the tunnels for hostname endpoints. If the hostnames +/* Walk the tunnels for hostname endpoints. If the hostnames * resolve to a different IP now compared to the DNS cache * we reload the policies if the endpoint has changed */ function vpn_ipsec_refresh_policies() { |
