diff options
author | jim-p <jimp@pfsense.org> | 2011-06-03 15:34:54 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-06-03 15:34:54 -0400 |
commit | 534375b6f0ad869022c068ef35c5c6dedcd619bd (patch) | |
tree | 7a756196aa5f720c2d4019bb1686e7ebd25bdc36 /etc | |
parent | ee0cf21f7c71cc0d7630a0d607b1082424dc725b (diff) | |
parent | bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95 (diff) | |
download | pfsense-534375b6f0ad869022c068ef35c5c6dedcd619bd.zip pfsense-534375b6f0ad869022c068ef35c5c6dedcd619bd.tar.gz |
Merge remote branch 'upstream/master'
Conflicts:
etc/inc/openvpn.inc
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 6 | ||||
-rw-r--r-- | etc/inc/ipsec.inc | 4 | ||||
-rw-r--r-- | etc/inc/openvpn.inc | 13 | ||||
-rw-r--r-- | etc/inc/system.inc | 2 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 6 | ||||
-rwxr-xr-x | etc/rc.restart_webgui | 9 |
6 files changed, 30 insertions, 10 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index a949128..fa58ef9 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1417,6 +1417,12 @@ function filter_nat_rules_generate() { } } } + /* IPsec mode_cfg subnet */ + if (isset($config['ipsec']['client']['enable']) && + !empty($config['ipsec']['client']['pool_address']) && + !empty($config['ipsec']['client']['pool_netbits'])) { + $tonathosts .= "{$config['ipsec']['client']['pool_address']}/{$config['ipsec']['client']['pool_netbits']} "; + } $natrules .= "\n# Subnets to NAT \n"; $tonathosts .= "127.0.0.0/8 "; if($numberofnathosts > 4) { diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index fad5d6a..7303dcf 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -480,6 +480,10 @@ function ipsec_dump_sad() case 3: $cursa['aalgo'] = $linea[1]; break; + case 8: + $sadata = explode("(", $linea[1]); + $cursa['data'] = $sadata[0] . " B"; + break; } } $i++; diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 87d64ce..00f15ae 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -381,9 +381,9 @@ function openvpn_reconfigure($mode, $settings) { // server specific settings if ($mode == 'server') { - list($ip, $mask) = explode('/', $settings['tunnel_network']); + list($ip, $cidr) = explode('/', $settings['tunnel_network']); list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']); - $mask = gen_subnet_mask($mask); + $mask = gen_subnet_mask($cidr); // configure tls modes switch($settings['mode']) { @@ -398,8 +398,13 @@ function openvpn_reconfigure($mode, $settings) { // configure p2p/server modes switch($settings['mode']) { case 'p2p_tls': - $conf .= "server {$ip} {$mask}\n"; - $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + // If the CIDR is less than a /30, OpenVPN will complain if you try to + // use the server directive. It works for a single client without it. + // See ticket #1417 + if ($cidr < 30) { + $conf .= "server {$ip} {$mask}\n"; + $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + } case 'p2p_shared_key': $baselong = ip2long32($ip) & ip2long($mask); $ip1 = long2ip32($baselong + 1); diff --git a/etc/inc/system.inc b/etc/inc/system.inc index a2f0598..6f79f7a 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1351,7 +1351,7 @@ function system_reboot_cleanup() { captiveportal_radius_stop_all(); require_once("voucher.inc"); voucher_save_db_to_config(); - mwexec("/etc/rc.stop_packages"); + // mwexec("/etc/rc.stop_packages"); } function system_do_shell_commands($early = 0) { diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 819d396..25b573a 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -498,7 +498,7 @@ function vpn_ipsec_configure($ipchg = false) $natt = $ph1ent['nat_traversal']; $init = "on"; - $genp = "off"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "off"; $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "claim"; $passive = ""; if (isset($ph1ent['mobile'])) { @@ -507,10 +507,10 @@ function vpn_ipsec_configure($ipchg = false) /* Mimic 1.2.3's behavior for pure-psk mobile tunnels */ if ($ph1ent['authentication_method'] == "pre_shared_key") { $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey"; - $genp = "on"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "on"; } else { $init = "off"; - $genp = "unique"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "unique"; } } diff --git a/etc/rc.restart_webgui b/etc/rc.restart_webgui index 463f934..e74f201 100755 --- a/etc/rc.restart_webgui +++ b/etc/rc.restart_webgui @@ -8,10 +8,15 @@ require("shaper.inc"); require("captiveportal.inc"); require("rrd.inc"); -mwexec("killall -9 lighttpd"); - echo "Restarting webConfigurator..."; +sigkillbyname("lighttpd", "INT"); + +while (is_process_running("lighttpd")) { + echo '.'; + sleep(1); +} + system_webgui_start(); captiveportal_init_webgui(); |