diff options
author | Ermal <eri@pfsense.org> | 2014-02-06 12:44:12 +0100 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2014-02-06 12:49:24 +0100 |
commit | 496acde1372686805dc0e91f32bf4b0f77c6ed4d (patch) | |
tree | bbf8d38a85b53d4d025a6b1e911012bbb17a89ad /usr/local/www/vpn_ipsec_phase1.php | |
parent | b3e1ccb5b8fbdfb41d1886847bf51e1ce8c1f979 (diff) | |
download | pfsense-496acde1372686805dc0e91f32bf4b0f77c6ed4d.zip pfsense-496acde1372686805dc0e91f32bf4b0f77c6ed4d.tar.gz |
First swing at converting from racoon to StrongSWAN.
It allows to use existing configurations on xml to generate StrongSWAN configurations.
So its only IKEv1
* Missing support for dynamic ips(hostnames)
- resolver plugin of StrongSWAN needs to be configured in strongswan.conf
* Authentication plugin with pfSense authentication framework
- New plugin almost completed
* More testing hence this being pushed now to have more broader look
TODO
* Integrate IKEv2
* Move dynamic IP allocation to an SQLite backend
* Provide more options in authenticating as a client(initiator)
* Restrict interfaces where StrongSWAN listens for incoming connections to only those configured
FUTUTE
* Move all configuration to SQLite backend
* Integrate more authentication scenarios of IKEv2
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase1.php')
-rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 76a78ae..baf761b 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -356,17 +356,6 @@ if ($_POST) { else $a_phase1[] = $ph1ent; - /* now we need to find all phase2 entries for this host */ - if (is_array($a_phase2) && (count($a_phase2))) { - foreach ($a_phase2 as $phase2) { - if($phase2['ikeid'] == $ph1ent['ikeid']) { - log_error("Reload {$ph1ent['descr']} tunnel(s)"); - $old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']); - $old_phase2 = $phase2; - reload_tunnel_spd_policy ($ph1ent, $phase2, $old_ph1ent, $old_phase2); - } - } - } write_config(); mark_subsystem_dirty('ipsec'); |