diff options
| author | Ermal <eri@pfsense.org> | 2014-08-18 21:51:35 +0200 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2014-08-18 21:51:35 +0200 |
| commit | fe12d7ea125649dde541394e10002ba9cbc136b8 (patch) | |
| tree | 7d8d9f0fca2db288e50c39e6de53f305c574d1eb /etc | |
| parent | c650b2f74932b2e7042c2d0c4e47a254918463bc (diff) | |
| download | pfsense-fe12d7ea125649dde541394e10002ba9cbc136b8.zip pfsense-fe12d7ea125649dde541394e10002ba9cbc136b8.tar.gz | |
Correct the functions for returning tunnel status to use strongswan status reports
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/ipsec.inc | 39 |
1 files changed, 14 insertions, 25 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 6c1b52c..22b95f2 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -324,11 +324,11 @@ function ipsec_lookup_phase1(& $ph2ent,& $ph1ent) { global $config; if (!is_array($config['ipsec'])) - return; + return false; if (!is_array($config['ipsec']['phase1'])) - return; + return false; if (empty($config['ipsec']['phase1'])) - return; + return false; foreach ($config['ipsec']['phase1'] as $ph1tmp) { if ($ph1tmp['ikeid'] == $ph2ent['ikeid']) { @@ -343,13 +343,15 @@ function ipsec_lookup_phase1(& $ph2ent,& $ph1ent) { /* * Check phase1 communications status */ -function ipsec_phase1_status(& $ph1ent) { +function ipsec_phase1_status($ipsec_status, $ikeid) { - $loc_ip = get_ipsec_tunnel_src($ph1ent); - $rmt_ip = $ph1ent['remote-gateway']; - - if (ipsec_lookup_ipsakmp_sa($loc_ip,$rmt_ip)) - return true; + foreach ($ipsec_status as $ike) { + if ($ike['peerconfig'] != "con{$ikeid}") + continue; + if ($ike['status'] == "established") + return true; + break; + } return false; } @@ -357,23 +359,10 @@ function ipsec_phase1_status(& $ph1ent) { /* * Check phase2 communications status */ -function ipsec_phase2_status(& $spd,& $sad,& $ph1ent,& $ph2ent) { - - $loc_ip = ipsec_get_phase1_src($ph1ent); - $rmt_ip = ipsec_get_phase1_dst($ph1ent); +function ipsec_phase2_status($ipsec_status, &$phase2) { - $loc_id = ipsec_idinfo_to_cidr($ph2ent['localid'],true,$ph2ent['mode']); - if (!empty($ph2ent['natlocalid'])) - $natloc_id = ipsec_idinfo_to_cidr($ph2ent['natlocalid'],true,$ph2ent['mode']); - $rmt_id = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true,$ph2ent['mode']); - - /* check for established SA in both directions */ - if( ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id)) { - if (empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"in",$rmt_ip,$loc_ip,$rmt_id,$loc_id)) - return true; - else if (!empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id)) - return true; - } + if (ipsec_lookup_phase1($ph2ent,$ph1ent)) + return ipsec_phase1_status($ipsec_status, $ph1ent['ikeid']); return false; } |
