diff options
author | hamnur <hamnur@protonmail.com> | 2017-07-17 14:14:59 +0200 |
---|---|---|
committer | hamnur <hamnur@protonmail.com> | 2017-07-17 14:14:59 +0200 |
commit | 376e6f6719e6463913045b233ca90d69254057ff (patch) | |
tree | 41a1e130971e2d5fc3713cf51dc6b240988b5ec0 /src | |
parent | 9d472f01c31f2b56a95631dcd4f49e4685f55ea6 (diff) | |
download | pfsense-376e6f6719e6463913045b233ca90d69254057ff.zip pfsense-376e6f6719e6463913045b233ca90d69254057ff.tar.gz |
Use attribute rekey_enable as usual but optionally allow to set margintime if rekeying is not disabled
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/vpn.inc | 10 | ||||
-rw-r--r-- | src/usr/local/www/vpn_ipsec_phase1.php | 30 |
2 files changed, 26 insertions, 14 deletions
diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 1f2372a..6390aed 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -1109,11 +1109,13 @@ EOD; $reauth = "reauth = yes"; } - if ($ph1ent['margintime']) { - $rekeyline = "rekey = yes"; - $rekeyline .= "\n\tmargintime = {$ph1ent['margintime']}s"; - } else { + if (isset($ph1ent['rekey_enable'])) { $rekeyline = "rekey = no"; + } else { + $rekeyline = "rekey = yes"; + if(!empty($ph1ent['margintime'])){ + $rekeyline .= "\n\tmargintime = {$ph1ent['margintime']}s"; + } } if ($ph1ent['nat_traversal'] == 'off') { diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php index 6221d82..b460991 100644 --- a/src/usr/local/www/vpn_ipsec_phase1.php +++ b/src/usr/local/www/vpn_ipsec_phase1.php @@ -112,10 +112,15 @@ if (isset($p1index) && $a_phase1[$p1index]) { if (isset($a_phase1[$p1index]['reauth_enable'])) { $pconfig['reauth_enable'] = true; } - if ($a_phase1[$p1index]['margintime']) { + + if (isset($a_phase1[$p1index]['rekey_enable'])) { $pconfig['rekey_enable'] = true; + } + + if ($a_phase1[$p1index]['margintime']) { $pconfig['margintime'] = $a_phase1[$p1index]['margintime']; } + if (isset($a_phase1[$p1index]['responderonly'])) { $pconfig['responderonly'] = true; } @@ -240,7 +245,7 @@ if ($_POST['save']) { $input_errors[] = gettext("The P1 lifetime must be an integer."); } - if ($pconfig['rekey_enable']) { + if (!isset($pconfig['rekey_enable']) && $pconfig['margintime']) { if(!is_numericint($pconfig['margintime'])){ $input_errors[] = gettext("The margintime must be an integer."); } else if(intval($pconfig['margintime']) >= intval($pconfig['lifetime'])){ @@ -476,8 +481,17 @@ if ($_POST['save']) { } else { unset($ph1ent['reauth_enable']); } + if (isset($pconfig['rekey_enable'])) { + $ph1ent['rekey_enable'] = true; + } else { + unset($ph1ent['rekey_enable']); + } + + if (!isset($pconfig['rekey_enable'])) { $ph1ent['margintime'] = $pconfig['margintime']; + } else { + unset($ph1ent['margintime']); } if (isset($pconfig['responderonly'])) { @@ -833,8 +847,8 @@ $section = new Form_Section('Advanced Options'); $section->addInput(new Form_Checkbox( 'rekey_enable', - 'Enable rekey', - 'Enables renegotiation when a connection is about to expire.', + 'Disable rekey', + 'Disables renegotiation when a connection is about to expire.', $pconfig['rekey_enable'] )); @@ -1083,14 +1097,10 @@ events.push(function() { } function rekeychkbox_change() { - hide = !$('#rekey_enable').prop('checked'); + hide = $('#rekey_enable').prop('checked'); hideInput('margintime', hide); - - if (!$('#margintime').val()) { - $('#margintime').val('540') - } - } + } function dpdchkbox_change() { hide = !$('#dpd_enable').prop('checked'); |