diff options
author | Renato Botelho <renato@netgate.com> | 2015-11-11 13:31:56 -0200 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-11-11 13:36:51 -0200 |
commit | 03c4effdaa768ede181ffb423961d27bc25b88bb (patch) | |
tree | cbf0a4178da43b7501deb58ab25a471236f667f3 /src/etc | |
parent | ed69a49666fa5f7e9fe1366d9f176ffba15536f1 (diff) | |
download | pfsense-03c4effdaa768ede181ffb423961d27bc25b88bb.zip pfsense-03c4effdaa768ede181ffb423961d27bc25b88bb.tar.gz |
Create symlinks of ipsec files and directories under /usr/local to deal with hardcoded paths in strongswan
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/vpn.inc | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 47d7108..b0c9dba 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -199,6 +199,38 @@ function vpn_ipsec_configure($restart = false) { mkdir("{$g['varetc_path']}/ipsec/ipsec.d/reqs"); } + if (file_exists("/usr/local/etc/ipsec.d") && + !is_link("/usr/local/etc/ipsec.d")) { + conf_mount_rw(); + rmdir_recursive("/usr/local/etc/ipsec.d"); + @symlink("{$g['varetc_path']}/ipsec/ipsec.d", + "/usr/local/etc/ipsec.d"); + conf_mount_ro(); + } + if (file_exists("/usr/local/etc/strongswan.d") && + !is_link("/usr/local/etc/strongswan.d")) { + conf_mount_rw(); + rmdir_recursive("/usr/local/etc/strongswan.d"); + @symlink("{$g['varetc_path']}/ipsec/strongswan.d", + "/usr/local/etc/strongswan.d"); + conf_mount_ro(); + } + if (file_exists("/usr/local/etc/strongswan.conf") && + !is_link("/usr/local/etc/strongswan.conf")) { + conf_mount_rw(); + @unlink("/usr/local/etc/strongswan.conf"); + @symlink("{$g['varetc_path']}/ipsec/strongswan.conf", + "/usr/local/etc/strongswan.conf"); + conf_mount_ro(); + } + if (file_exists("/usr/local/etc/ipsec.conf") && + !is_link("/usr/local/etc/ipsec.conf")) { + conf_mount_rw(); + @unlink("/usr/local/etc/ipsec.conf"); + @symlink("{$g['varetc_path']}/ipsec/ipsec.conf", + "/usr/local/etc/ipsec.conf"); + conf_mount_ro(); + } if (platform_booting()) { echo gettext("Configuring IPsec VPN... "); @@ -408,7 +440,8 @@ function vpn_ipsec_configure($restart = false) { # Automatically generated config file - DO NOT MODIFY. Changes will be overwritten. starter { -load_warning = no + load_warning = no + config_file = {$g['varetc_path']}/ipsec/ipsec.conf } charon { @@ -437,9 +470,12 @@ syslog { } } -EOD; + plugins { + stroke { + secrets_file = {$g['varetc_path']}/ipsec/ipsec.secrets + } - $strongswan .= "\tplugins {\n"; +EOD; /* Find RADIUS servers designated for Mobile IPsec user auth */ $radius_server_txt = ""; |