summaryrefslogtreecommitdiffstats
path: root/src/etc
diff options
context:
space:
mode:
authorRenato Botelho <renato@netgate.com>2015-11-11 13:31:56 -0200
committerRenato Botelho <renato@netgate.com>2015-11-11 13:36:51 -0200
commit03c4effdaa768ede181ffb423961d27bc25b88bb (patch)
treecbf0a4178da43b7501deb58ab25a471236f667f3 /src/etc
parented69a49666fa5f7e9fe1366d9f176ffba15536f1 (diff)
downloadpfsense-03c4effdaa768ede181ffb423961d27bc25b88bb.zip
pfsense-03c4effdaa768ede181ffb423961d27bc25b88bb.tar.gz
Create symlinks of ipsec files and directories under /usr/local to deal with hardcoded paths in strongswan
Diffstat (limited to 'src/etc')
-rw-r--r--src/etc/inc/vpn.inc42
1 files changed, 39 insertions, 3 deletions
diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc
index 47d7108..b0c9dba 100644
--- a/src/etc/inc/vpn.inc
+++ b/src/etc/inc/vpn.inc
@@ -199,6 +199,38 @@ function vpn_ipsec_configure($restart = false) {
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/reqs");
}
+ if (file_exists("/usr/local/etc/ipsec.d") &&
+ !is_link("/usr/local/etc/ipsec.d")) {
+ conf_mount_rw();
+ rmdir_recursive("/usr/local/etc/ipsec.d");
+ @symlink("{$g['varetc_path']}/ipsec/ipsec.d",
+ "/usr/local/etc/ipsec.d");
+ conf_mount_ro();
+ }
+ if (file_exists("/usr/local/etc/strongswan.d") &&
+ !is_link("/usr/local/etc/strongswan.d")) {
+ conf_mount_rw();
+ rmdir_recursive("/usr/local/etc/strongswan.d");
+ @symlink("{$g['varetc_path']}/ipsec/strongswan.d",
+ "/usr/local/etc/strongswan.d");
+ conf_mount_ro();
+ }
+ if (file_exists("/usr/local/etc/strongswan.conf") &&
+ !is_link("/usr/local/etc/strongswan.conf")) {
+ conf_mount_rw();
+ @unlink("/usr/local/etc/strongswan.conf");
+ @symlink("{$g['varetc_path']}/ipsec/strongswan.conf",
+ "/usr/local/etc/strongswan.conf");
+ conf_mount_ro();
+ }
+ if (file_exists("/usr/local/etc/ipsec.conf") &&
+ !is_link("/usr/local/etc/ipsec.conf")) {
+ conf_mount_rw();
+ @unlink("/usr/local/etc/ipsec.conf");
+ @symlink("{$g['varetc_path']}/ipsec/ipsec.conf",
+ "/usr/local/etc/ipsec.conf");
+ conf_mount_ro();
+ }
if (platform_booting()) {
echo gettext("Configuring IPsec VPN... ");
@@ -408,7 +440,8 @@ function vpn_ipsec_configure($restart = false) {
# Automatically generated config file - DO NOT MODIFY. Changes will be overwritten.
starter {
-load_warning = no
+ load_warning = no
+ config_file = {$g['varetc_path']}/ipsec/ipsec.conf
}
charon {
@@ -437,9 +470,12 @@ syslog {
}
}
-EOD;
+ plugins {
+ stroke {
+ secrets_file = {$g['varetc_path']}/ipsec/ipsec.secrets
+ }
- $strongswan .= "\tplugins {\n";
+EOD;
/* Find RADIUS servers designated for Mobile IPsec user auth */
$radius_server_txt = "";
OpenPOWER on IntegriCloud