diff options
-rw-r--r-- | etc/inc/vpn.inc | 7 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 15 |
2 files changed, 21 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 60a844f..1bbf221 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -286,6 +286,11 @@ function vpn_ipsec_configure($ipchg = false) log_error("WARNING: Setting i_dont_care_about_security_and_use_aggressive_mode_psk option because a phase 1 is configured using aggressive mode with pre-shared keys. This is not a secure configuration."); $i_dont_care_about_security_and_use_aggressive_mode_psk = "i_dont_care_about_security_and_use_aggressive_mode_psk=yes"; } + + $unity_enabled = 'no'; + if (isset($config['ipsec']['unityplugin'])) + $unity_enabled = 'yes'; + $strongswan = <<<EOD # Automatically generated config file - DO NOT MODIFY. Changes will be overwritten. @@ -302,7 +307,7 @@ init_limit_half_open = 1000 install_routes = no {$i_dont_care_about_security_and_use_aggressive_mode_psk} {$accept_unencrypted} -cisco_unity = yes +cisco_unity = {$unity_enabled} # And two loggers using syslog. The subsections define the facility to log # to, currently one of: daemon, auth. diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 3e15752..9de5a26 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -46,6 +46,7 @@ foreach ($ipsec_loglevels as $lkey => $ldescr) { if (!empty($config['ipsec']["ipsec_{$lkey}"])) $pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"]; } +$pconfig['unityplugin'] = isset($config['ipsec']['unityplugin']); $pconfig['compression'] = isset($config['ipsec']['compression']); $pconfig['acceptunencryptedmainmode'] = isset($config['ipsec']['acceptunencryptedmainmode']); $pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); @@ -134,6 +135,11 @@ if ($_POST) { elseif (isset($config['ipsec']['compression'])) unset($config['ipsec']['compression']); + if($_POST['unityplugin'] == "yes") + $config['ipsec']['unityplugin'] = true; + elseif (isset($config['ipsec']['unityplugin'])) + unset($config['ipsec']['unityplugin']); + if($_POST['acceptunencryptedmainmode'] == "yes") $config['ipsec']['acceptunencryptedmainmode'] = true; elseif (isset($config['ipsec']['acceptunencryptedmainmode'])) @@ -289,6 +295,15 @@ function maxmss_checked(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Disable Cisco Extensions"); ?></td> + <td width="78%" class="vtable"> + <input name="unityplugin" type="checkbox" id="unityplugin" value="yes" <?php if ($pconfig['unityplugin'] == true) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Disable Unity Plugin"); ?></strong> + <br /> + <?=gettext("Disable Unity Plugin which provides Cisco Extension support as Split-Include, Split-Exclude, Split-Dns, ..."); ?> + </td> + </tr> + <tr> <td width="22%" valign="top"> </td> <td width="78%"> <input name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> |