First swing at converting from racoon to StrongSWAN.

It allows to use existing configurations on xml to generate StrongSWAN configurations.
So its only IKEv1

* Missing support for dynamic ips(hostnames)
  - resolver plugin of StrongSWAN needs to be configured in strongswan.conf
* Authentication plugin with pfSense authentication framework
  - New plugin almost completed

* More testing hence this being pushed now to have more broader look

TODO
* Integrate IKEv2
* Move dynamic IP allocation to an SQLite backend
* Provide more options in authenticating as a client(initiator)
* Restrict interfaces where StrongSWAN listens for incoming connections to only those configured

FUTUTE
* Move all configuration to SQLite backend
* Integrate more authentication scenarios of IKEv2

1 files changed, 0 insertions, 11 deletions

diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index 76a78ae..baf761b 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -356,17 +356,6 @@ if ($_POST) {
 		else
 			$a_phase1[] = $ph1ent;
 
-		/* now we need to find all phase2 entries for this host */
-		if (is_array($a_phase2) && (count($a_phase2))) {
-			foreach ($a_phase2 as $phase2) {
-				if($phase2['ikeid'] == $ph1ent['ikeid']) {
-					log_error("Reload {$ph1ent['descr']} tunnel(s)");
-					$old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']);
-					$old_phase2 = $phase2;
-					reload_tunnel_spd_policy ($ph1ent, $phase2, $old_ph1ent, $old_phase2);
-				}
-			}
-		}
 		write_config();
 		mark_subsystem_dirty('ipsec');