diff options
| author | Evgeny Yurchenko <ey@tm-k.com> | 2011-06-05 15:17:09 -0400 |
|---|---|---|
| committer | Evgeny Yurchenko <ey@tm-k.com> | 2011-06-05 15:17:09 -0400 |
| commit | 8527bc02a6b8b1ce89dbeeb0e333747419224b90 (patch) | |
| tree | 6ad590303605aa44b7f39d95e3696479ff4a888a /etc | |
| parent | 17d5077f61d963178f47e016b8768b768800ba68 (diff) | |
| parent | cf3711855b031d5c979188b5ebcd58e08879efe2 (diff) | |
| download | pfsense-8527bc02a6b8b1ce89dbeeb0e333747419224b90.zip pfsense-8527bc02a6b8b1ce89dbeeb0e333747419224b90.tar.gz | |
Merge remote branch 'origin/master'
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 6 | ||||
| -rw-r--r-- | etc/inc/openvpn.inc | 13 | ||||
| -rw-r--r-- | etc/inc/pkg-utils.inc | 6 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 6 | ||||
| -rwxr-xr-x | etc/rc.restart_webgui | 9 |
5 files changed, 28 insertions, 12 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e5e173c..0988093 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1384,6 +1384,12 @@ function filter_nat_rules_generate() { } } } + /* IPsec mode_cfg subnet */ + if (isset($config['ipsec']['client']['enable']) && + !empty($config['ipsec']['client']['pool_address']) && + !empty($config['ipsec']['client']['pool_netbits'])) { + $tonathosts .= "{$config['ipsec']['client']['pool_address']}/{$config['ipsec']['client']['pool_netbits']} "; + } $natrules .= "\n# Subnets to NAT \n"; $tonathosts .= "127.0.0.0/8 "; if($numberofnathosts > 4) { diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 7f82975..edd22be 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -367,8 +367,8 @@ function openvpn_reconfigure($mode, $settings) { // server specific settings if ($mode == 'server') { - list($ip, $mask) = explode('/', $settings['tunnel_network']); - $mask = gen_subnet_mask($mask); + list($ip, $cidr) = explode('/', $settings['tunnel_network']); + $mask = gen_subnet_mask($cidr); // configure tls modes switch($settings['mode']) { @@ -383,8 +383,13 @@ function openvpn_reconfigure($mode, $settings) { // configure p2p/server modes switch($settings['mode']) { case 'p2p_tls': - $conf .= "server {$ip} {$mask}\n"; - $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + // If the CIDR is less than a /30, OpenVPN will complain if you try to + // use the server directive. It works for a single client without it. + // See ticket #1417 + if ($cidr < 30) { + $conf .= "server {$ip} {$mask}\n"; + $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + } case 'p2p_shared_key': $baselong = ip2long32($ip) & ip2long($mask); $ip1 = long2ip32($baselong + 1); diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 070dade..ebc2df2 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -141,10 +141,10 @@ function get_pkg_id($pkg_name) { /****f* pkg-utils/get_pkg_info * NAME - * get_pkg_info - Retrive package information from pfsense.com. + * get_pkg_info - Retrieve package information from pfsense.com. * INPUTS - * $pkgs - 'all' to retrive all packages, an array containing package names otherwise - * $info - 'all' to retrive all information, an array containing keys otherwise + * $pkgs - 'all' to retrieve all packages, an array containing package names otherwise + * $info - 'all' to retrieve all information, an array containing keys otherwise * RESULT * $raw_versions - Array containing retrieved information, indexed by package name. ******/ diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 2411caf..5e014fd 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -481,7 +481,7 @@ function vpn_ipsec_configure($ipchg = false) $natt = $ph1ent['nat_traversal']; $init = "on"; - $genp = "off"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "off"; $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "claim"; $passive = ""; if (isset($ph1ent['mobile'])) { @@ -490,10 +490,10 @@ function vpn_ipsec_configure($ipchg = false) /* Mimic 1.2.3's behavior for pure-psk mobile tunnels */ if ($ph1ent['authentication_method'] == "pre_shared_key") { $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey"; - $genp = "on"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "on"; } else { $init = "off"; - $genp = "unique"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "unique"; } } diff --git a/etc/rc.restart_webgui b/etc/rc.restart_webgui index 463f934..e74f201 100755 --- a/etc/rc.restart_webgui +++ b/etc/rc.restart_webgui @@ -8,10 +8,15 @@ require("shaper.inc"); require("captiveportal.inc"); require("rrd.inc"); -mwexec("killall -9 lighttpd"); - echo "Restarting webConfigurator..."; +sigkillbyname("lighttpd", "INT"); + +while (is_process_running("lighttpd")) { + echo '.'; + sleep(1); +} + system_webgui_start(); captiveportal_init_webgui(); |
