diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-01-31 19:36:13 +0100 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-01-31 19:36:13 +0100 |
commit | 908edbd3d17a6fac747b6583322be9e547026f7f (patch) | |
tree | 39cc00f922d019153daac1139bb92bfd2c2c11ff /usr | |
parent | b8150520dd5c980d48cff07441ade313776653a3 (diff) | |
download | pfsense-908edbd3d17a6fac747b6583322be9e547026f7f.zip pfsense-908edbd3d17a6fac747b6583322be9e547026f7f.tar.gz |
Fixes #4359 Allow controlling uniqueids
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index fa9ae0b..5c3ea27 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -159,6 +159,12 @@ if ($_POST) { unset($config['ipsec']['acceptunencryptedmainmode']); } + if(!empty($_POST['uniqueids'])) { + $config['ipsec']['uniqueids'] = $_POST['uniqueids']; + } else { + unset($config['ipsec']['uniqueids']); + } + if($_POST['maxmss_enable'] == "yes") { $config['system']['maxmss_enable'] = true; $config['system']['maxmss'] = $_POST['maxmss']; @@ -276,6 +282,29 @@ function maxmss_checked(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Unique IDs"); ?></td> + <td width="78%" class="vtable"> + <strong><?=gettext("Handle IDs as: "); ?></strong> + <?php echo "<select name=\"uniqueids\" id=\"uniqueids\">\n"; + foreach ($ipsec_idhandling as $value => $lvalue) { + echo "<option value=\"{$value}\" "; + if ($pconfig['uniqueids'] == $value) + echo "selected=\"selected\""; + echo ">{$lvalue}</option>\n"; + } + ?> + </select> + <br /> + <?=gettext("whether a particular participant ID should be kept unique, with any new IKE_SA using an ID " . + "deemed to replace all old ones using that ID. Participant IDs normally are unique, so a new " . + "IKE_SA using the same ID is almost invariably intended to replace an old one. " . + "The difference between <b>no</b> and <b>never</b> is that the old IKE_SAs will be replaced when receiving an " . + "INITIAL_CONTACT notify if the option is no but will ignore these notifies if <b>never</b> is configured. " . + "The daemon also accepts the value <b>keep</b> to reject " . + "new IKE_SA setups and keep the duplicate established earlier."); ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("IP Compression"); ?></td> <td width="78%" class="vtable"> <input name="compression" type="checkbox" id="compression" value="yes" <?php if ($pconfig['compression']) echo "checked=\"checked\""; ?> /> |