diff options
-rw-r--r-- | etc/inc/pfsense-utils.inc | 8 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 50 | ||||
-rwxr-xr-x | usr/local/www/vpn_ipsec.php | 9 | ||||
-rwxr-xr-x | usr/local/www/vpn_ipsec_edit.php | 10 |
4 files changed, 30 insertions, 47 deletions
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index a19d3d4..66f9230 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -597,8 +597,12 @@ function get_interface_arr($flush = false) { * detected. */ function does_interface_exist($interface) { - $ints = get_interface_arr(); - + if(!$interface) + return false; + $ints = get_interface_arr(); + $carpips = find_number_of_needed_carp_interfaces(); + for($i=0; $i<$carpips; $i++) + $ints = " carp{$i}"; if(stristr($ints, $interface) !== false) return true; else diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index c506839..2ef2660 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -129,11 +129,6 @@ function vpn_ipsec_configure($ipchg = false) { } $curwanip = get_current_wan_address(); - if($config['installedpackages']['sasyncd']['config'] <> "") - foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) { - if($sasyncd['ip'] <> "") - $curwanip = $sasyncd['ip']; - } $syscfg = $config['system']; $ipseccfg = $config['ipsec']; @@ -197,8 +192,10 @@ function vpn_ipsec_configure($ipchg = false) { continue; $ep = vpn_endpoint_determine($tunnel, $curwanip); - if (!$ep) - continue; + if (!$ep) { + log_error("Could not deterimine VPN endpoint for {$tunnel['descr']}"); + continue; + } vpn_localnet_determine($tunnel['local-subnet'], $sa, $sn); @@ -221,11 +218,7 @@ function vpn_ipsec_configure($ipchg = false) { $number_of_gifs = find_last_gif_device(); $number_of_gifs++; $curwanip = get_current_wan_address(); - if($config['installedpackages']['sasyncd']['config'] <> "") - foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) { - if($sasyncd['ip'] <> "") - $curwanip = $sasyncd['ip']; - } + mwexec("/sbin/ifconfig gif" . $number_of_gifs . " tunnel" . $curwanip . " " . $tunnel['remote-gateway']); mwexec("/sbin/ifconfig gif" . $number_of_gifs . " {$lansa}/{$lansn} {$lanip}/32"); } @@ -257,35 +250,6 @@ function vpn_ipsec_configure($ipchg = false) { $racoonconf = ""; - - if($config['installedpackages']['sasyncd']['config'] <> "") - foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) { - if($sasyncd['ip'] <> "") - $curwanip = $sasyncd['ip']; - /* natt - turn on if <developer/> exists */ - if(isset($config['system']['developer']) <> "") { - $lanip = $config['interfaces']['lan']['ipaddr']; - if($lanip <> "") - $natt = "isakmp_natt {$lanip}[4500];\n"; - - } - $interface_ip = $sasyncd['ip']; - $interface_ips = split(",", $interface_ip); - if($interface_ip <> "") { - foreach($interface_ips as $intip) { - if($intip) - $racoon_ips .= "\tisakmp {$intip} [500];\n"; - } - $racoonconf .= <<<EOD -listen { -{$racoon_ips} - {$natt} -} - -EOD; - } - } - $racoonconf .= "path pre_shared_key \"{$g['varetc_path']}/psk.txt\";\n\n"; $racoonconf .= "path certificate \"{$g['varetc_path']}\";\n\n"; @@ -832,6 +796,10 @@ function vpn_endpoint_determine($tunnel, $curwanip) { return $config['interfaces']['lan']['ipaddr']; } else { $oc = $config['interfaces'][$tunnel['interface']]; + /* carp ips, etc */ + $ip = find_interface_ip($tunnel['interface']); + if($ip) + return $ip; if (isset($oc['enable']) && $oc['if']) { return $oc['ipaddr']; diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index fca3a55..e149666 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -152,9 +152,14 @@ include("head.inc"); <td class="listr" ondblclick="document.location='vpn_ipsec_edit.php?id=<?=$i;?>'"><?=$spans;?> <?php if ($ipsecent['interface']) { $iflabels = array('lan' => 'LAN', 'wan' => 'WAN'); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) + $carpips = find_number_of_needed_carp_interfaces(); + for($i=0; $i<$carpips; $i++) { + $carpip = find_interface_ip("carp" . $i); + $iflabels['carp' . $i] = "CARP{$i} - $carpip"; + } + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) $iflabels['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; - $if = htmlspecialchars($iflabels[$ipsecent['interface']]); + $if = htmlspecialchars($iflabels[$ipsecent['interface']]); } else $if = "WAN"; diff --git a/usr/local/www/vpn_ipsec_edit.php b/usr/local/www/vpn_ipsec_edit.php index 2b9ec75..d0ce5a4 100755 --- a/usr/local/www/vpn_ipsec_edit.php +++ b/usr/local/www/vpn_ipsec_edit.php @@ -316,13 +316,19 @@ function methodsel_change() { <span class="vexpl">Set this option to disable this tunnel without removing it from the list.</span></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Interface</td> <td width="78%" class="vtable"><select name="interface" class="formfld"> - <?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); + <?php + $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; } + $carpips = find_number_of_needed_carp_interfaces(); + for($i=0; $i<$carpips; $i++) { + $carpip = find_interface_ip("carp" . $i); + $interfaces['carp' . $i] = "CARP{$i} - $carpip"; + } foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> <?=htmlspecialchars($ifacename);?> |