diff options
| author | Ermal <eri@pfsense.org> | 2014-02-06 12:44:12 +0100 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2014-02-06 12:49:24 +0100 |
| commit | 496acde1372686805dc0e91f32bf4b0f77c6ed4d (patch) | |
| tree | bbf8d38a85b53d4d025a6b1e911012bbb17a89ad /usr/local/www/vpn_ipsec_phase2.php | |
| parent | b3e1ccb5b8fbdfb41d1886847bf51e1ce8c1f979 (diff) | |
| download | pfsense-496acde1372686805dc0e91f32bf4b0f77c6ed4d.zip pfsense-496acde1372686805dc0e91f32bf4b0f77c6ed4d.tar.gz | |
First swing at converting from racoon to StrongSWAN.
It allows to use existing configurations on xml to generate StrongSWAN configurations.
So its only IKEv1
* Missing support for dynamic ips(hostnames)
- resolver plugin of StrongSWAN needs to be configured in strongswan.conf
* Authentication plugin with pfSense authentication framework
- New plugin almost completed
* More testing hence this being pushed now to have more broader look
TODO
* Integrate IKEv2
* Move dynamic IP allocation to an SQLite backend
* Provide more options in authenticating as a client(initiator)
* Restrict interfaces where StrongSWAN listens for incoming connections to only those configured
FUTUTE
* Move all configuration to SQLite backend
* Integrate more authentication scenarios of IKEv2
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase2.php')
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index b5c0f41..9254b6b 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -301,7 +301,6 @@ if ($_POST) { ipsec_lookup_phase1($ph2ent, $ph1ent); $old_ph1ent = $ph1ent; $old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']); - reload_tunnel_spd_policy ($ph1ent, $ph2ent, $old_ph1ent, $old_ph2ent); } write_config(); |
