diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-07-08 00:51:26 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-07-08 00:51:26 +0000 |
| commit | 8f67a8e14511cccd8c08e858946cd5e78729d41b (patch) | |
| tree | 8d32c92055bd6339dc727163e2b8d0a85e669506 /etc | |
| parent | 4f8c80e5594b06eb9a898b62aea5b6035950ba88 (diff) | |
| download | pfsense-8f67a8e14511cccd8c08e858946cd5e78729d41b.zip pfsense-8f67a8e14511cccd8c08e858946cd5e78729d41b.tar.gz | |
* Back out the M0n0wall certificate import. Somehow it broke ipsec.
* Merge back in Failover VPN. It REALLY works now ;)
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/vpn.inc | 430 |
1 files changed, 164 insertions, 266 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 5798cbb..ee665e3 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -30,10 +30,10 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - + /* include all configuration functions */ require_once("functions.inc"); - + function vpn_ipsec_failover_configure() { global $config, $g; @@ -60,119 +60,139 @@ function vpn_ipsec_failover_configure() { /* launch sasyncd, oh wise one */ mwexec("/usr/local/sbin/sasyncd"); } - + +function find_last_gif_device() { + $last_gif_found = -1; + if (!($fp = popen("/sbin/ifconfig -l", "r"))) return -1; + $ifconfig_data = fread($fp, 4096); + pclose($fp); + $ifconfig_array = split(" ", $ifconfig_data); + foreach ($ifconfig_array as $ifconfig) { + ereg("gif(.)", $ifconfig, $regs); + if($regs[0]) { + if($regs[0] > $last_gif_found) + $last_gif_found = $regs[1]; + } + } + return $last_gif_found; +} + function vpn_ipsec_configure($ipchg = false) { global $config, $g; - - $curwanip = get_current_wan_address(); - /* set failover ip if defined */ + if(isset($config['ipsec']['preferredoldsa'])) { + mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); + } else { + mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); + } + + $number_of_gifs = find_last_gif_device(); + for($x=0; $x<$number_of_gifs; $x++) { + mwexec("/sbin/ifconfig gif" . $x . " delete"); + } + if($config['installedpackages']['sasyncd']['config'] <> "") foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) { if($sasyncd['ip'] <> "") $curwanip = $sasyncd['ip']; } - vpn_ipsec_failover_configure(); - + $syscfg = $config['system']; $ipseccfg = $config['ipsec']; $lancfg = $config['interfaces']['lan']; $lanip = $lancfg['ipaddr']; $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); $lansn = $lancfg['subnet']; - + if ($g['booting']) { if (!isset($ipseccfg['enable'])) return 0; - + echo "Configuring IPsec VPN... "; } else { /* kill racoon */ killbypid("{$g['varrun_path']}/racoon.pid"); - + + /* wait for process to die */ + sleep(2); + /* send a SIGKILL to be sure */ sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); } - + /* flush SPD and SAD */ mwexec("/usr/sbin/setkey -FP"); mwexec("/usr/sbin/setkey -F"); - - /* prefer old SAs only for 30 seconds, then use the new one */ - if (!isset($config['ipsec']['preferoldsa'])) - mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); - else - mwexec("/sbin/sysctl -w net.key.preferred_oldsa=1"); - + if (isset($ipseccfg['enable'])) { - + + /* fastforwarding is not compatible with ipsec tunnels */ + system("/sbin/sysctl net.inet.ip.fastforwarding=0 >/dev/null 2>&1"); + if (!$curwanip) { /* IP address not configured yet, exit */ if ($g['booting']) - echo "done\n"; + echo "done.\n"; return 0; } - + if ((is_array($ipseccfg['tunnel']) && count($ipseccfg['tunnel'])) || isset($ipseccfg['mobileclients']['enable'])) { - + if (is_array($ipseccfg['tunnel']) && count($ipseccfg['tunnel'])) { - + /* generate spd.conf */ $fd = fopen("{$g['varetc_path']}/spd.conf", "w"); if (!$fd) { printf("Error: cannot open spd.conf in vpn_ipsec_configure().\n"); return 1; } - + $spdconf = ""; - + $spdconf .= "spdadd {$lansa}/{$lansn} {$lanip}/32 any -P in none;\n"; $spdconf .= "spdadd {$lanip}/32 {$lansa}/{$lansn} any -P out none;\n"; - + foreach ($ipseccfg['tunnel'] as $tunnel) { - + if (isset($tunnel['disabled'])) continue; - + $ep = vpn_endpoint_determine($tunnel, $curwanip); if (!$ep) continue; - + vpn_localnet_determine($tunnel['local-subnet'], $sa, $sn); - + if(isset($tunnel['creategif'])) { $number_of_gifs = find_last_gif_device(); $number_of_gifs++; - $curwanip = get_current_wan_address(); - /* set failover ip if defined */ if($config['installedpackages']['sasyncd']['config'] <> "") foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) { if($sasyncd['ip'] <> "") $curwanip = $sasyncd['ip']; - } - mwexec("/sbin/ifconfig gif" . $number_of_gifs . " tunnel" . $curwanip . " " . $tunnel['remote-gateway']); + } mwexec("/sbin/ifconfig gif" . $number_of_gifs . " tunnel" . $curwanip . " " . $tunnel['remote-gateway']); mwexec("/sbin/ifconfig gif" . $number_of_gifs . " {$lansa}/{$lansn} {$lanip}/32"); } - - $spdconf .= "spdadd {$sa}/{$sn} " . - "{$tunnel['remote-subnet']} any -P out ipsec " . + + $spdconf .= "spdadd {$sa}/{$sn} " . + "{$tunnel['remote-subnet']} any -P out ipsec " . "{$tunnel['p2']['protocol']}/tunnel/{$ep}-" . "{$tunnel['remote-gateway']}/unique;\n"; - - $spdconf .= "spdadd {$tunnel['remote-subnet']} " . - "{$sa}/{$sn} any -P in ipsec " . + + $spdconf .= "spdadd {$tunnel['remote-subnet']} " . + "{$sa}/{$sn} any -P in ipsec " . "{$tunnel['p2']['protocol']}/tunnel/{$tunnel['remote-gateway']}-" . "{$ep}/unique;\n"; } - + fwrite($fd, $spdconf); fclose($fd); - + /* load SPD */ mwexec("/usr/sbin/setkey -c < {$g['varetc_path']}/spd.conf"); } - + /* generate racoon.conf */ $fd = fopen("{$g['varetc_path']}/racoon.conf", "w"); if (!$fd) { @@ -180,8 +200,12 @@ function vpn_ipsec_configure($ipchg = false) { return 1; } - if($config['installedpackages']['sasyncd']['config'] <> "") - foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) { + $racoonconf = ""; + + if($config['installedpackages']['sasyncd']['config'] <> "") + foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) { + if($sasyncd['ip'] <> "") + $curwanip = $sasyncd['ip']; $interface_ip = $sasyncd['ip']; $racoonconf .= <<<EOD @@ -190,47 +214,22 @@ listen { } EOD; - } - + } + $racoonconf .= "path pre_shared_key \"{$g['varetc_path']}/psk.txt\";\n\n"; - $racoonconf .= "path certificate \"{$g['varetc_path']}\";\n\n"; - - /* generate CA certificates files */ - $cacertnum = 0; - if (is_array($ipseccfg['cacert']) && count($ipseccfg['cacert'])) - foreach ($ipseccfg['cacert'] as $cacert) { - ++$cacertnum; - if (isset($cacert['cert'])) { - $cert = base64_decode($cacert['cert']); - $x509cert = openssl_x509_parse(openssl_x509_read($cert)); - if(is_array($x509cert) && isset($x509cert['hash'])) { - $fd1 = fopen("{$g['varetc_path']}/{$x509cert['hash']}.0", "w"); - if (!$fd1) { - printf("Error: cannot open {$x509cert['hash']}.0 in vpn.\n"); - return 1; - } - chmod("{$g['varetc_path']}/{$x509cert['hash']}.0", 0600); - fwrite($fd1, $cert); - fclose($fd1); - } - } - } - - $tunnelnumber = 0; + if (is_array($ipseccfg['tunnel']) && count($ipseccfg['tunnel'])) foreach ($ipseccfg['tunnel'] as $tunnel) { - - ++$tunnelnumber; - + if (isset($tunnel['disabled'])) continue; - + $ep = vpn_endpoint_determine($tunnel, $curwanip); if (!$ep) continue; - + vpn_localnet_determine($tunnel['local-subnet'], $sa, $sn); - + if (isset($tunnel['p1']['myident']['myaddress'])) { $myidentt = "address"; $myident = $ep; @@ -244,68 +243,11 @@ EOD; $myidentt = "user_fqdn"; $myident = $tunnel['p1']['myident']['ufqdn']; } - - if (isset($tunnel['p1']['authentication_method'])) { - $authmethod = $tunnel['p1']['authentication_method']; - } else {$authmethod = 'pre_shared_key';} - - $certline = ''; - - if ($authmethod == 'rsasig') { - if ($tunnel['p1']['cert'] && $tunnel['p1']['private-key']) { - $cert = base64_decode($tunnel['p1']['cert']); - $private_key = base64_decode($tunnel['p1']['private-key']); - } else { - /* null certificate/key */ - $cert = ''; - $private_key = ''; - } - - if ($tunnel['p1']['peercert']) - $peercert = base64_decode($tunnel['p1']['peercert']); - else - $peercert = ''; - - $fd1 = fopen("{$g['varetc_path']}/server{$tunnelnumber}-signed.pem", "w"); - if (!$fd1) { - printf("Error: cannot open server{$tunnelnumber}-signed.pem in vpn.\n"); - return 1; - } - chmod("{$g['varetc_path']}/server{$tunnelnumber}-signed.pem", 0600); - fwrite($fd1, $cert); - fclose($fd1); - - $fd1 = fopen("{$g['varetc_path']}/server{$tunnelnumber}-key.pem", "w"); - if (!$fd1) { - printf("Error: cannot open server{$tunnelnumber}-key.pem in vpn.\n"); - return 1; - } - chmod("{$g['varetc_path']}/server{$tunnelnumber}-key.pem", 0600); - fwrite($fd1, $private_key); - fclose($fd1); - - $certline = "certificate_type x509 \"server{$tunnelnumber}-signed.pem\" \"server{$tunnelnumber}-key.pem\";"; - - if ($peercert!=''){ - $fd1 = fopen("{$g['varetc_path']}/peer{$tunnelnumber}-signed.pem", "w"); - if (!$fd1) { - printf("Error: cannot open server{$tunnelnumber}-signed.pem in vpn.\n"); - return 1; - } - chmod("{$g['varetc_path']}/peer{$tunnelnumber}-signed.pem", 0600); - fwrite($fd1, $peercert); - fclose($fd1); - $certline .= <<<EOD - - peers_certfile "peer{$tunnelnumber}-signed.pem"; -EOD; - } - } + $racoonconf .= <<<EOD remote {$tunnel['remote-gateway']} \{ exchange_mode {$tunnel['p1']['mode']}; my_identifier {$myidentt} "{$myident}"; - {$certline} peers_identifier address {$tunnel['remote-gateway']}; initial_contact on; support_proxy on; @@ -314,23 +256,23 @@ remote {$tunnel['remote-gateway']} \{ proposal \{ encryption_algorithm {$tunnel['p1']['encryption-algorithm']}; hash_algorithm {$tunnel['p1']['hash-algorithm']}; - authentication_method {$authmethod}; + authentication_method pre_shared_key; dh_group {$tunnel['p1']['dhgroup']}; EOD; if ($tunnel['p1']['lifetime']) $racoonconf .= " lifetime time {$tunnel['p1']['lifetime']} secs;\n"; - + $racoonconf .= " }\n"; - + if ($tunnel['p1']['lifetime']) $racoonconf .= " lifetime time {$tunnel['p1']['lifetime']} secs;\n"; - + $racoonconf .= "}\n\n"; - + $p2ealgos = join(",", $tunnel['p2']['encryption-algorithm-option']); $p2halgos = join(",", $tunnel['p2']['hash-algorithm-option']); - + $racoonconf .= <<<EOD sainfo address {$sa}/{$sn} any address {$tunnel['remote-subnet']} any \{ encryption_algorithm {$p2ealgos}; @@ -341,18 +283,18 @@ EOD; if ($tunnel['p2']['pfsgroup']) $racoonconf .= " pfs_group {$tunnel['p2']['pfsgroup']};\n"; - + if ($tunnel['p2']['lifetime']) $racoonconf .= " lifetime time {$tunnel['p2']['lifetime']} secs;\n"; - + $racoonconf .= "}\n\n"; } - + /* mobile clients? */ if (isset($ipseccfg['mobileclients']['enable'])) { - + $tunnel = $ipseccfg['mobileclients']; - + if (isset($tunnel['p1']['myident']['myaddress'])) { $myidentt = "address"; $myident = $curwanip; @@ -366,52 +308,11 @@ EOD; $myidentt = "user_fqdn"; $myident = $tunnel['p1']['myident']['ufqdn']; } - - if (isset($tunnel['p1']['authentication_method'])) { - $authmethod = $tunnel['p1']['authentication_method']; - } else {$authmethod = 'pre_shared_key';} - - $certline = ''; - if ($authmethod == 'rsasig') { - if ($tunnel['p1']['cert'] && $tunnel['p1']['private-key']) { - $cert = base64_decode($tunnel['p1']['cert']); - $private_key = base64_decode($tunnel['p1']['private-key']); - } else { - /* null certificate/key */ - $cert = ''; - $private_key = ''; - } - - if ($tunnel['p1']['peercert']) - $peercert = base64_decode($tunnel['p1']['peercert']); - else - $peercert = ''; - - $fd1 = fopen("{$g['varetc_path']}/server-mobile{$tunnelnumber}-signed.pem", "w"); - if (!$fd1) { - printf("Error: cannot open server-mobile{$tunnelnumber}-signed.pem in vpn.\n"); - return 1; - } - chmod("{$g['varetc_path']}/server-mobile{$tunnelnumber}-signed.pem", 0600); - fwrite($fd1, $cert); - fclose($fd1); - - $fd1 = fopen("{$g['varetc_path']}/server-mobile{$tunnelnumber}-key.pem", "w"); - if (!$fd1) { - printf("Error: cannot open server-mobile{$tunnelnumber}-key.pem in vpn.\n"); - return 1; - } - chmod("{$g['varetc_path']}/server-mobile{$tunnelnumber}-key.pem", 0600); - fwrite($fd1, $private_key); - fclose($fd1); - $certline = "certificate_type x509 \"server-mobile{$tunnelnumber}-signed.pem\" \"server-mobile{$tunnelnumber}-key.pem\";"; - } $racoonconf .= <<<EOD remote anonymous \{ exchange_mode {$tunnel['p1']['mode']}; my_identifier {$myidentt} "{$myident}"; - {$certline} initial_contact on; passive on; generate_policy on; @@ -421,23 +322,23 @@ remote anonymous \{ proposal \{ encryption_algorithm {$tunnel['p1']['encryption-algorithm']}; hash_algorithm {$tunnel['p1']['hash-algorithm']}; - authentication_method {$authmethod}; + authentication_method pre_shared_key; dh_group {$tunnel['p1']['dhgroup']}; EOD; if ($tunnel['p1']['lifetime']) $racoonconf .= " lifetime time {$tunnel['p1']['lifetime']} secs;\n"; - + $racoonconf .= " }\n"; - + if ($tunnel['p1']['lifetime']) $racoonconf .= " lifetime time {$tunnel['p1']['lifetime']} secs;\n"; - + $racoonconf .= "}\n\n"; - + $p2ealgos = join(",", $tunnel['p2']['encryption-algorithm-option']); $p2halgos = join(",", $tunnel['p2']['hash-algorithm-option']); - + $racoonconf .= <<<EOD sainfo anonymous \{ encryption_algorithm {$p2ealgos}; @@ -448,25 +349,25 @@ EOD; if ($tunnel['p2']['pfsgroup']) $racoonconf .= " pfs_group {$tunnel['p2']['pfsgroup']};\n"; - + if ($tunnel['p2']['lifetime']) $racoonconf .= " lifetime time {$tunnel['p2']['lifetime']} secs;\n"; - + $racoonconf .= "}\n\n"; } - + fwrite($fd, $racoonconf); fclose($fd); - + /* generate psk.txt */ $fd = fopen("{$g['varetc_path']}/psk.txt", "w"); if (!$fd) { printf("Error: cannot open psk.txt in vpn_ipsec_configure().\n"); return 1; } - + $pskconf = ""; - + if (is_array($ipseccfg['tunnel'])) { foreach ($ipseccfg['tunnel'] as $tunnel) { if (isset($tunnel['disabled'])) @@ -474,100 +375,99 @@ EOD; $pskconf .= "{$tunnel['remote-gateway']} {$tunnel['p1']['pre-shared-key']}\n"; } } - + /* add PSKs for mobile clients */ if (is_array($ipseccfg['mobilekey'])) { foreach ($ipseccfg['mobilekey'] as $key) { $pskconf .= "{$key['ident']} {$key['pre-shared-key']}\n"; } } - + fwrite($fd, $pskconf); fclose($fd); chmod("{$g['varetc_path']}/psk.txt", 0600); - + /* start racoon */ - if($g['booting']) - echo " racoon "; mwexec("/usr/local/sbin/racoon -d -f {$g['varetc_path']}/racoon.conf"); - - if (is_array($ipseccfg['tunnel'])) { + + if(is_array($ipseccfg['tunnel'])) foreach ($ipseccfg['tunnel'] as $tunnel) { if (isset($tunnel['auto'])) { $remotehost = substr($tunnel['remote-subnet'],0,strpos($tunnel['remote-subnet'],"/")); $srchost = vpn_endpoint_determine($tunnel, $curwanip); if ($srchost) - mwexec_bg("/sbin/ping -c 5 -S {$srchost} {$remotehost}"); + mwexec_bg("/sbin/ping -c 1 -S {$srchost} {$remotehost}"); } } - } } } - + if (!$g['booting']) { - /* set the reload filter dity flag */ - touch("{$g['tmp_path']}/filter_boot_dirty"); + /* reload the filter */ + filter_configure(); } - + if ($g['booting']) - echo "done\n"; - + echo "done.\n"; + return 0; } function vpn_pptpd_configure() { global $config, $g; - + $syscfg = $config['system']; $pptpdcfg = $config['pptpd']; - + if ($g['booting']) { if (!$pptpdcfg['mode'] || ($pptpdcfg['mode'] == "off")) return 0; - - echo "Configuring PPTP VPN service... "; - } else { + + echo "Configuring PPTP VPN... "; + } else { /* kill mpd */ killbypid("{$g['varrun_path']}/mpd-vpn.pid"); - + /* wait for process to die */ sleep(2); - + /* remove mpd.conf, if it exists */ unlink_if_exists("{$g['varetc_path']}/mpd-vpn/mpd.conf"); unlink_if_exists("{$g['varetc_path']}/mpd-vpn/mpd.links"); unlink_if_exists("{$g['varetc_path']}/mpd-vpn/mpd.secret"); } - + /* make sure mpd-vpn directory exists */ - if (!file_exists("{$g['varetc_path']}/mpd-vpn")) - mkdir("{$g['varetc_path']}/mpd-vpn"); - + safe_mkdir("{$g['varetc_path']}/mpd-vpn"); + switch ($pptpdcfg['mode']) { - + case 'server': - + /* write mpd.conf */ $fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.conf", "w"); if (!$fd) { printf("Error: cannot open mpd.conf in vpn_pptpd_configure().\n"); return 1; } - + $mpdconf = <<<EOD pptpd: EOD; - for ($i = 0; $i < $g['n_pptp_units']; $i++) { + $n_pptp_units = $g['n_pptp_units']; + if($config['pptp']['n_pptp_units'] <> "") + $n_pptp_units = $config['pptp']['n_pptp_units']; + for ($i = 0; $i < $n_pptp_units; $i++) { $mpdconf .= " load pt{$i}\n"; } - - for ($i = 0; $i < $g['n_pptp_units']; $i++) { - + + for ($i = 0; $i < $n_pptp_units; $i++) { + $clientip = long2ip(ip2long($pptpdcfg['remoteip']) + $i); $ngif = "ng" . ($i+1); - + $mpdconf .= <<<EOD pt{$i}: @@ -577,7 +477,7 @@ pt{$i}: EOD; } - + $mpdconf .= <<<EOD pts: @@ -601,7 +501,7 @@ pts: set ccp yes mpp-stateless EOD; - + if (!isset($pptpdcfg['req128'])) { $mpdconf .= <<<EOD set ccp yes mpp-e40 @@ -609,10 +509,8 @@ EOD; EOD; } - - if (is_array($pptpdcfg['dnsserver']) && ($pptpdcfg['dnsserver'][0])) { - $mpdconf .= " set ipcp dns " . join(" ", $pptpdcfg['dnsserver']) . "\n"; - } else if (isset($config['dnsmasq']['enable'])) { + + if (isset($config['dnsmasq']['enable'])) { $mpdconf .= " set ipcp dns " . $config['interfaces']['lan']['ipaddr']; if ($syscfg['dnsserver'][0]) $mpdconf .= " " . $syscfg['dnsserver'][0]; @@ -620,7 +518,7 @@ EOD; } else if (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) { $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; } - + if (isset($pptpdcfg['radius']['enable'])) { $mpdconf .= <<<EOD set radius server {$pptpdcfg['radius']['server']} "{$pptpdcfg['radius']['secret']}" @@ -641,17 +539,20 @@ EOD; fwrite($fd, $mpdconf); fclose($fd); - + /* write mpd.links */ $fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.links", "w"); if (!$fd) { printf("Error: cannot open mpd.links in vpn_pptpd_configure().\n"); return 1; } - + $mpdlinks = ""; - - for ($i = 0; $i < $g['n_pptp_units']; $i++) { + + $n_pptp_units = $g['n_pptp_units']; + if($config['pptp']['n_pptp_units'] <> "") + $n_pptp_units = $config['pptp']['n_pptp_units']; + for ($i = 0; $i < $n_pptp_units; $i++) { $mpdlinks .= <<<EOD pt{$i}: @@ -666,16 +567,16 @@ EOD; fwrite($fd, $mpdlinks); fclose($fd); - + /* write mpd.secret */ $fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.secret", "w"); if (!$fd) { printf("Error: cannot open mpd.secret in vpn_pptpd_configure().\n"); return 1; } - + $mpdsecret = ""; - + if (is_array($pptpdcfg['user'])) { foreach ($pptpdcfg['user'] as $user) $mpdsecret .= "{$user['name']} \"{$user['password']}\" {$user['ip']}\n"; @@ -684,24 +585,21 @@ EOD; fwrite($fd, $mpdsecret); fclose($fd); chmod("{$g['varetc_path']}/mpd-vpn/mpd.secret", 0600); - + /* fire up mpd */ mwexec("/usr/local/sbin/mpd -b -d {$g['varetc_path']}/mpd-vpn -p {$g['varrun_path']}/mpd-vpn.pid pptpd"); - + break; - + case 'redir': break; } - - if (!$g['booting']) { - /* set the reload filter dity flag */ - touch("{$g['tmp_path']}/filter_boot_dirty"); - } - + if ($g['booting']) - echo "done\n"; - + echo "done.\n"; + else + filter_configure(); + return 0; } @@ -709,7 +607,7 @@ function vpn_localnet_determine($adr, &$sa, &$sn) { global $config, $g; if (isset($adr)) { - if ($adr['network']) { + if ($adr['network']) { switch ($adr['network']) { case 'lan': $sn = $config['interfaces']['lan']['subnet']; @@ -728,9 +626,9 @@ function vpn_localnet_determine($adr, &$sa, &$sn) { } function vpn_endpoint_determine($tunnel, $curwanip) { - + global $g, $config; - + if ((!$tunnel['interface']) || ($tunnel['interface'] == "wan")) { if ($curwanip) return $curwanip; @@ -740,13 +638,13 @@ function vpn_endpoint_determine($tunnel, $curwanip) { return $config['interfaces']['lan']['ipaddr']; } else { $oc = $config['interfaces'][$tunnel['interface']]; - + if (isset($oc['enable']) && $oc['if']) { return $oc['ipaddr']; } } - + return null; } - -?> + +?>
\ No newline at end of file |
