diff options
-rw-r--r-- | etc/inc/ipsec.inc | 16 | ||||
-rw-r--r-- | usr/local/www/diag_ipsec.php | 16 |
2 files changed, 30 insertions, 2 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 15f3c06..da6ebcc 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -571,6 +571,22 @@ function ipsec_get_descr($ikeid) { return $descr; } +function ipsec_get_phase1($ikeid) { + global $config; + + if (!isset($config['ipsec']['phase1']) || + !is_array($config['ipsec']['phase1'])) + return ''; + + $a_phase1 = $config['ipsec']['phase1']; + foreach ($a_phase1 as $p1) { + if ($p1['ikeid'] == $ikeid) { + return $p1; + } + } + unset($a_phase1); +} + function ipsec_fixup_ip($ipaddr) { if (is_ipaddrv6($ipaddr) || is_subnetv6($ipaddr)) return Net_IPv6::compress(Net_IPv6::uncompress($ipaddr)); diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php index 391e29b..827837a 100644 --- a/usr/local/www/diag_ipsec.php +++ b/usr/local/www/diag_ipsec.php @@ -55,8 +55,20 @@ require("ipsec.inc"); if ($_GET['act'] == 'connect') { if (ctype_digit($_GET['ikeid'])) { - mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid'])); - mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid'])); + $ph1ent = ipsec_get_phase1($_GET['ikeid']); + if (!empty($ph1ent)) { + if ($ph1ent['iketype'] == 'ikev1') { + $ph2entries = ipsec_get_number_of_phase2($_GET['ikeid']); + for ($i = 0; $i < $ph2entries; $i++) { + $connid = escapeshellarg("con{$_GET['ikeid']}00{$i}"); + mwexec("/usr/local/sbin/ipsec down {$connid}"); + mwexec("/usr/local/sbin/ipsec up {$connid}"); + } + } else { + mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid'])); + mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid'])); + } + } } } else if ($_GET['act'] == 'ikedisconnect') { if (ctype_digit($_GET['ikeid'])) { |