diff options
author | Ermal Luçi <eri@pfsense.org> | 2009-04-22 09:19:00 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2009-04-22 09:21:26 +0000 |
commit | 924876a80f9ac94a0e7b59b381312d0ffd186755 (patch) | |
tree | bfe75b77356217269c5ce54ad5bbcd18af5a807f /etc | |
parent | 03d92c4034e721bd292b4738f0d6f543dba4f4fa (diff) | |
download | pfsense-924876a80f9ac94a0e7b59b381312d0ffd186755.zip pfsense-924876a80f9ac94a0e7b59b381312d0ffd186755.tar.gz |
* Fix ipsec over carp handling.
* do not useinterface in Upper case when working on the backends.
* Do not print Configuring IPSec during bootup if there is nothing configured.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/ipsec.inc | 8 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 22 |
2 files changed, 15 insertions, 15 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 3d0c120..043a886 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -122,10 +122,12 @@ function ipsec_get_phase1_src(& $ph1ent) { if ($ph1ent['interface']) $if = $ph1ent['interface']; else - $if = "WAN"; + $if = "wan"; - $realinterface = convert_friendly_interface_to_real_interface_name($if); - $interfaceip = find_interface_ip($realinterface); + if (preg_match("/^carp/i", $ph1ent['interface'])) + find_interface_ip($if); + else + $interfaceip = get_interface_ip($if); return $interfaceip; } diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 6b6ae3c..2b5a071 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -139,10 +139,10 @@ function vpn_ipsec_configure($ipchg = false) return true; } - if ($g['booting']) - echo "Configuring IPsec VPN... "; - if (isset ($ipseccfg['enable'])) { + if ($g['booting']) + echo "Configuring IPsec VPN... "; + /* fastforwarding is not compatible with ipsec tunnels */ mwexec("/sbin/sysctl net.inet.ip.fastforwarding=0"); @@ -209,7 +209,7 @@ function vpn_ipsec_configure($ipchg = false) $pfd = fopen("/var/db/ipsecpinghosts", "a"); $iflist = get_configured_interface_list(); foreach ($iflist as $ifent => $ifname) { - $interface_ip = find_interface_ip($config['interfaces'][$ifname]['if']); + $interface_ip = get_interface_ip($ifnet); $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true); if (ip_in_subnet($interface_ip, $local_subnet)) $srcip = $interface_ip; @@ -857,18 +857,16 @@ EOD; escapeshellarg("/etc/rc.newipsecdns") . $hostnames); } } - } - vpn_ipsec_failover_configure(); + vpn_ipsec_failover_configure(); - if (!$g['booting']) { - /* reload the filter */ - filter_configure(); + if (!$g['booting']) { + /* reload the filter */ + filter_configure(); + } else + echo "done\n"; } - if ($g['booting']) - echo "done\n"; - return 0; } |