diff options
| author | Rafael Abdo <rafaelabdo@Rafaels-Mac-mini.local> | 2013-01-09 13:50:19 -0200 |
|---|---|---|
| committer | Rafael Abdo <rafael.abdo@bluepex.com> | 2013-01-09 17:53:22 +0000 |
| commit | 6fd8526b6b051529642500a38e272d4711bc6a33 (patch) | |
| tree | bf8a52610da4010a83c33c8c04774e59c3db1417 /usr | |
| parent | b13a841bc2a83061e42ecbc5c9a73fd133f054fd (diff) | |
| download | pfsense-6fd8526b6b051529642500a38e272d4711bc6a33.zip pfsense-6fd8526b6b051529642500a38e272d4711bc6a33.tar.gz | |
Delete SPDs when an IPSec tunnel is deleted.
- Add new function to delete SPDs (see 'remove_tunnel_spd_policy($phase1,$phase2)' on vpn.inc)
- Change vpn_ipsec.php to delete SPDs on phase 2 and phase 1.
- Change the method GET to delete phase 2 (needs to inform which is the phase 1)
It should fix #2719.
Diffstat (limited to 'usr')
| -rwxr-xr-x | usr/local/www/vpn_ipsec.php | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 55b601c..4f154b7 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -88,8 +88,13 @@ if ($_GET['act'] == "delph1") /* remove all phase2 entries that match the ikeid */ $ikeid = $a_phase1[$_GET['p1index']]['ikeid']; foreach ($a_phase2 as $p2index => $ph2tmp) - if ($ph2tmp['ikeid'] == $ikeid) + if ($ph2tmp['ikeid'] == $ikeid) { + remove_tunnel_spd_policy($a_phase1[$_GET['p1index']],$a_phase2[$p2index]); unset($a_phase2[$p2index]); + } + + /* needs to guarantee that SPDs will be removed before phase 1 */ + vpn_ipsec_refresh_policies(); /* remove the phase1 entry */ unset($a_phase1[$_GET['p1index']]); @@ -104,7 +109,8 @@ if ($_GET['act'] == "delph1") if ($_GET['act'] == "delph2") { - if ($a_phase2[$_GET['p2index']]) { + if ($a_phase1[$_GET['p1index']] && $a_phase2[$_GET['p2index']]) { + remove_tunnel_spd_policy($a_phase1[$_GET['p1index']],$a_phase2[$_GET['p2index']]); /* remove the phase2 entry */ unset($a_phase2[$_GET['p2index']]); vpn_ipsec_refresh_policies(); @@ -382,7 +388,7 @@ include("head.inc"); <a href="vpn_ipsec_phase2.php?p2index=<?=$j;?>"> <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit phase2 entry"); ?>" width="17" height="17" border="0"> </a> - <a href="vpn_ipsec.php?act=delph2&p2index=<?=$j;?>" onclick="return confirm('<?=gettext("Do you really want to delete this phase2 entry?"); ?>')"> + <a href="vpn_ipsec.php?act=delph2&p1index=<?=$i;?>&p2index=<?=$j;?>" onclick="return confirm('<?=gettext("Do you really want to delete this phase2 entry?"); ?>')"> <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete phase2 entry"); ?>" width="17" height="17" border="0"> </a> <a href="vpn_ipsec_phase2.php?dup=<?=$j;?>"> |
