diff options
author | Seth Mos <seth.mos@dds.nl> | 2011-03-16 13:18:06 +0100 |
---|---|---|
committer | Seth Mos <seth.mos@dds.nl> | 2011-03-16 13:18:06 +0100 |
commit | 80c1e99fb100bf79f74a22d66a04e6fec079c35f (patch) | |
tree | 4105548e7d94ed078155be1773b7f38555ebae0a /etc/inc/vpn.inc | |
parent | 413a327e1ee4a8e3e0e8112bba8f8d8764fd4d8c (diff) | |
download | pfsense-80c1e99fb100bf79f74a22d66a04e6fec079c35f.zip pfsense-80c1e99fb100bf79f74a22d66a04e6fec079c35f.tar.gz |
Correct ping hosts functionality for > 1 tunnel. Add v6 functionality
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index ccddb80..f6557b5 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -137,6 +137,7 @@ function vpn_ipsec_configure($ipchg = false) if (is_array($a_phase1) && count($a_phase1)) { /* step through each phase1 entry */ + $ipsecpinghosts = ""; foreach ($a_phase1 as $ph1ent) { if (isset($ph1ent['disabled'])) continue; @@ -171,7 +172,6 @@ function vpn_ipsec_configure($ipchg = false) $rgmap[$ph1ent['remote-gateway']] = $rg; /* step through each phase2 entry */ - $ipsecpinghosts = ""; foreach ($a_phase2 as $ph2ent) { $ikeid = $ph2ent['ikeid']; @@ -182,19 +182,24 @@ function vpn_ipsec_configure($ipchg = false) if ($ikeid != $ph1ent['ikeid']) continue; + $ph2ent['localid']['mode'] = $ph2ent['mode']; /* add an ipsec pinghosts entry */ if ($ph2ent['pinghost']) { $iflist = get_configured_interface_list(); foreach ($iflist as $ifent => $ifname) { - if(is_ipaddrv6($ph1ent['src'])) { + if(is_ipaddrv6($ph2ent['pinghost'])) { $interface_ip = get_interface_ipv6($ifent); - $local_subnetv6 = ipsec_idinfo_to_cidr($ph2ent['localid'], true); - if (ip_in_subnetv6($interface_ip, $local_subnet)) { + if(!is_ipaddrv6($interface_ip)) + continue; + $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true); + if (ip_in_subnet($interface_ip, $local_subnet)) { $srcip = $interface_ip; break; } } else { $interface_ip = get_interface_ip($ifent); + if(!is_ipaddrv4($interface_ip)) + continue; $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true); if (ip_in_subnet($interface_ip, $local_subnet)) { $srcip = $interface_ip; @@ -203,20 +208,17 @@ function vpn_ipsec_configure($ipchg = false) } } $dstip = $ph2ent['pinghost']; - if(is_ipaddrv6($srcip)) { + if(is_ipaddrv6($dstip)) { $family = "inet6"; } else { $family = "inet"; } if (is_ipaddr($srcip)) - $ipsecpinghosts .= "{$srcip}|{$dstip}|3|{$family}\n"; + $ipsecpinghosts[] = "{$srcip}|{$dstip}|3|{$family}|\n"; + } } - $pfd = fopen("{$g['vardb_path']}/ipsecpinghosts", "w"); - if ($pfd) { - fwrite($pfd, $ipsecpinghosts); - fclose($pfd); - } + file_put_contents("{$g['vardb_path']}/ipsecpinghosts", $ipsecpinghosts); } } |