Make sure to note the limitations to gethostbyname, it does not work for Quad A records. Fix resolve_retry in the process, use that.

3 files changed, 3 insertions, 2 deletions

diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index 76f94ec..c7cbcf6 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -270,7 +270,7 @@ function ipsec_phase1_status(& $ph1ent) {
 function ipsec_phase2_status(& $spd,& $sad,& $ph1ent,& $ph2ent) {
 
 	$loc_ip = ipsec_get_phase1_src($ph1ent);
-	$rmt_ip = gethostbyname(ipsec_get_phase1_dst($ph1ent));
+	$rmt_ip = resolve_retry(ipsec_get_phase1_dst($ph1ent));
 
 	$loc_id = ipsec_idinfo_to_cidr($ph2ent['localid'],true);
 	$rmt_id = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true);
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index cf531ce..48b1de1 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -1102,6 +1102,7 @@ function resolve_retry($hostname, $retries = 5) {
                return $hostname;
 
        for ($i = 0; $i < $retries; $i++) {
+		// FIXME: gethostbyname does not work for AAAA hostnames, boo, hiss
                $ip = gethostbyname($hostname);
 
                if ($ip && $ip != $hostname) {
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 6f48820..a1d4cef 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -436,7 +436,7 @@ function vpn_ipsec_configure($ipchg = false)
 
 						case "dyn_dns":
 							$myid_type = "address";
-							$myid_data = gethostbyname($ph1ent['myid_data']);
+							$myid_data = resolve_retry($ph1ent['myid_data']);
 							break;
 
 						case "address";