diff options
| author | Chris Buechler <cmb@pfsense.org> | 2015-03-10 17:17:10 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2015-03-10 17:20:11 -0500 |
| commit | eb6495c3b1dfdd3639a01bb27e7bf2285f9ae2ce (patch) | |
| tree | 1c556a5206d23b28ad069384536208005d72f82d /usr | |
| parent | ea7ad4c25fcc2cf341b7ffbf478588b54d0248f6 (diff) | |
| download | pfsense-eb6495c3b1dfdd3639a01bb27e7bf2285f9ae2ce.zip pfsense-eb6495c3b1dfdd3639a01bb27e7bf2285f9ae2ce.tar.gz | |
Don't enable interfaces_use by default. Add checkbox to enable on Advanced
tab, in case there are scenarios where it's desirable. Ticket #4341
Conflicts:
etc/inc/vpn.inc
Diffstat (limited to 'usr')
| -rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 39c1862..c944ef7 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -47,6 +47,7 @@ foreach ($ipsec_loglevels as $lkey => $ldescr) { } $pconfig['unityplugin'] = isset($config['ipsec']['unityplugin']); $pconfig['compression'] = isset($config['ipsec']['compression']); +$pconfig['enableinterfacesuse'] = isset($config['ipsec']['enableinterfacesuse']); $pconfig['acceptunencryptedmainmode'] = isset($config['ipsec']['acceptunencryptedmainmode']); $pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); $pconfig['maxmss'] = $config['system']['maxmss']; @@ -134,6 +135,15 @@ if ($_POST) { $needsrestart = true; unset($config['ipsec']['compression']); } + + if($_POST['enableinterfacesuse'] == "yes") { + if (!isset($config['ipsec']['enableinterfacesuse'])) + $needsrestart = true; + $config['ipsec']['enableinterfacesuse'] = true; + } elseif (isset($config['ipsec']['enableinterfacesuse'])) { + $needsrestart = true; + unset($config['ipsec']['enableinterfacesuse']); + } if($_POST['unityplugin'] == "yes") { if (!isset($config['ipsec']['unityplugin'])) @@ -296,6 +306,15 @@ function maxmss_checked(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Strict interface binding"); ?></td> + <td width="78%" class="vtable"> + <input name="enableinterfacesuse" type="checkbox" id="enableinterfacesuse" value="yes" <?php if ($pconfig['enableinterfacesuse']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Enable strict interface binding"); ?></strong> + <br /> + <?=gettext("Enable strongSwan's interfaces_use option to bind specific interfaces only. This option is known to break IPsec with dynamic IP interfaces. This is not recommended at this time."); ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Unencrypted payloads in IKEv1 Main Mode"); ?></td> <td width="78%" class="vtable"> <input name="acceptunencryptedmainmode" type="checkbox" id="acceptunencryptedmainmode" value="yes" <?php if ($pconfig['acceptunencryptedmainmode']) echo "checked=\"checked\""; ?> /> |
