Convert all the occurrences of $config['ipsec']['enable'] in filter.inc, ipsec.inc and service-utils.inc

Fix ruleset when IPSEC is enabled but there are no Phase 1 entries.

Issue:		#5487

3 files changed, 18 insertions, 18 deletions

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 9fcefbc..b505825 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -928,13 +928,13 @@ function filter_get_vpns_list() {
 	$vpns_arr = array();
 
 	/* ipsec */
-	if (isset($config['ipsec']['enable'])) {
+	if (!function_exists('ipsec_enabled')) {
+		require_once("ipsec.inc");
+	}
+	if (ipsec_enabled()) {
 		if (is_array($config['ipsec']['phase2'])) {
 			foreach ($config['ipsec']['phase2'] as $ph2ent) {
 				if ((!$ph2ent['mobile']) && ($ph2ent['mode'] != 'transport')) {
-					if (!function_exists('ipsec_idinfo_to_cidr')) {
-						require_once("ipsec.inc");
-					}
 					if (!is_array($ph2ent['remoteid'])) {
 						continue;
 					}
@@ -1892,13 +1892,13 @@ function filter_nat_rules_generate() {
 	}
 
 	/* ipsec nat */
-	if (is_array($config['ipsec']) && isset($config['ipsec']['enable'])) {
+	if (!function_exists('ipsec_enabled')) {
+		require_once("ipsec.inc");
+	}
+	if (ipsec_enabled()) {
 		if (is_array($config['ipsec']['phase2'])) {
 			foreach ($config['ipsec']['phase2'] as $ph2ent) {
 				if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid']) && !isset($ph2ent['disabled'])) {
-					if (!function_exists('ipsec_idinfo_to_cidr')) {
-						require_once("ipsec.inc");
-					}
 					ipsec_lookup_phase1($ph2ent, $ph1ent);
 					if (!is_array($ph1ent)) {
 						continue;
@@ -3466,7 +3466,10 @@ EOD;
 	$saved_tracker += 300;
 	$tracker = $saved_tracker;
 	/* add ipsec interfaces */
-	if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) {
+	if (!function_exists('ipsec_enabled')) {
+		require_once("ipsec.inc");
+	}
+	if (ipsec_enabled()) {
 		$ipfrules .= "pass out {$log['pass']} on \$IPsec all tracker {$increment_tracker($tracker)} tracker {$increment_tracker($tracker)} keep state label \"IPsec internal host to host\"\n";
 	}
 
@@ -3954,8 +3957,10 @@ function filter_generate_ipsec_rules($log = array()) {
 	$increment_tracker = 'filter_rule_tracker';
 
 	$ipfrules = "\n# VPN Rules\n";
-	if ((isset($config['ipsec']['enable'])) &&
-	    (is_array($config['ipsec']['phase1']))) {
+	if (!function_exists('ipsec_enabled')) {
+		require_once("ipsec.inc");
+	}
+	if (ipsec_enabled()) {
 		/* step through all phase1 entries */
 		foreach ($config['ipsec']['phase1'] as $ph1ent) {
 			$tracker += 10;
@@ -3965,9 +3970,6 @@ function filter_generate_ipsec_rules($log = array()) {
 			}
 			/* determine local and remote peer addresses */
 			if (!isset($ph1ent['mobile'])) {
-				if (!function_exists('ipsec_get_phase1_dst')) {
-					require_once("ipsec.inc");
-				}
 				$rgip = ipsec_get_phase1_dst($ph1ent);
 				if (!$rgip) {
 					$ipfrules .= "# ERROR! Unable to determine remote IPsec peer address for {$ph1ent['remote-gateway']}\n";
diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc
index 5d45ef1..502cc37 100644
--- a/src/etc/inc/ipsec.inc
+++ b/src/etc/inc/ipsec.inc
@@ -475,11 +475,9 @@ function ipsec_phase2_status(&$ipsec_status, &$phase2) {
  * Wrapper to call pfSense_ipsec_list_sa() when IPsec is enabled
  */
 function ipsec_list_sa() {
-	global $config;
 
-	if (isset($config['ipsec']['enable'])) {
+	if (ipsec_enabled())
 		return pfSense_ipsec_list_sa();
-	}
 
 	return array();
 }
diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc
index b40aa39..8ccd4a9 100644
--- a/src/etc/inc/service-utils.inc
+++ b/src/etc/inc/service-utils.inc
@@ -346,7 +346,7 @@ function get_services() {
 		$services[] = $pconfig;
 	}
 
-	if (isset($config['ipsec']['enable'])) {
+	if (ipsec_enabled()) {
 		$pconfig = array();
 		$pconfig['name'] = "ipsec";
 		$pconfig['description'] = gettext("IPsec VPN");