diff options
| -rw-r--r-- | conf.default/config.xml | 2 | ||||
| -rw-r--r-- | etc/inc/ipsec.inc | 23 | ||||
| -rw-r--r-- | etc/inc/upgrade_config.inc | 13 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 4 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 8 |
5 files changed, 49 insertions, 1 deletions
diff --git a/conf.default/config.xml b/conf.default/config.xml index 5c0b484..bbb5acb 100644 --- a/conf.default/config.xml +++ b/conf.default/config.xml @@ -1,6 +1,6 @@ <?xml version="1.0"?> <pfsense> - <version>11.5</version> + <version>11.6</version> <lastchange/> <theme>pfsense_ng</theme> <system> diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 3d21753..2762616 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -671,4 +671,27 @@ function ipsec_fixup_network($network) { return $result; } +function ipsec_new_reqid() { + global $config; + + if (!is_array($config['ipsec']) || !is_array($config['ipsec']['phase2'])) + return; + + $ipsecreqid = lock('ipsecreqids', LOCK_EX); + $keyids = array(); + $keyid = 1; + foreach ($config['ipsec']['phase2'] as $ph2) + $keyids[$ph2['reqid']] = $ph2['reqid']; + + for ($i = 1; $i < 16000; $i++) { + if (!isset($keyids[$i])) { + $keyid = $i; + break; + } + } + unlock($ipsecreqid); + + return $keyid; +} + ?> diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 72fc80f..690db45 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -3539,4 +3539,17 @@ function upgrade_114_to_115() { $config['unbound']['custom_options'] = base64_encode($config['unbound']['custom_options']); } +function upgrade_115_to_116() { + global $config; + + if (!is_array($config['ipsec']) || !is_array($config['ipsec']['phase2'])) + return; + + $keyid = 1; + foreach ($config['ipsec']['phase2'] as $idx => $ph2) { + $config['ipsec']['phase2'][$idx]['reqid'] = $keyid; + $keyid++; + } +} + ?> diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index dac49bc..e0a66e0 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -668,6 +668,7 @@ EOD; $ipseclifetime = 0; $rightsubnet_spec = array(); $leftsubnet_spec = array(); + $reqids = array(); $ealgoAHsp2arr = array(); $ealgoESPsp2arr = array(); if (is_array($a_phase2) && count($a_phase2)) { @@ -807,6 +808,7 @@ EOD; } } + $reqids[] = $ph2ent['reqid']; if (!empty($ph2ent['lifetime'])) { if ($ipseclifetime == 0 || intval($ipseclifetime) > intval($ph2ent['lifetime'])) @@ -860,6 +862,7 @@ EOD; $ipsecfin = ''; foreach ($rightsubnet_spec as $idx => $rsubnet) { $ipsecfin .= "\nconn con{$ph1ent['ikeid']}00{$idx}\n"; + $ipsecfin .= "\treqid = " . $reqids[$idx] . "\n"; $ipsecfin .= $ipsecconnect; $ipsecfin .= "\trightsubnet = {$rsubnet}\n"; $ipsecfin .= "\tleftsubnet = " . $leftsubnet_spec[$idx] . "\n"; @@ -868,6 +871,7 @@ EOD; log_error("No phase2 specifications for tunnel with REQID = {$ikeid}"); } else { $ipsecfin = "\nconn con{$ph1ent['ikeid']}\n"; + $ipsecfin .= "\treqid = " . $reqids[0] . "\n"; $ipsecfin .= $ipsecconnect; if (!empty($rightsubnet_spec)) { $tempsubnets = array(); diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 6f07408..160b264 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -93,6 +93,7 @@ if ($ph2found === true) $pconfig['pfsgroup'] = $ph2['pfsgroup']; $pconfig['lifetime'] = $ph2['lifetime']; $pconfig['pinghost'] = $ph2['pinghost']; + $pconfig['reqid'] = $ph2['reqid']; if (isset($ph2['mobile'])) $pconfig['mobile'] = true; @@ -320,6 +321,10 @@ if ($_POST) { $ph2ent['uniqid'] = $pconfig['uniqid']; $ph2ent['mode'] = $pconfig['mode']; $ph2ent['disabled'] = $pconfig['disabled'] ? true : false; + if (!isset($pconfig['reqid'])) + $ph2ent['reqid'] = ipsec_new_reqid(); + else + $ph2ent['reqid'] = $pconfig['reqid']; if(($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")){ if (!empty($pconfig['natlocalid_address'])) @@ -832,6 +837,9 @@ function change_protocol() { <?php endif; ?> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>" /> + <?php if (!empty($pconfig['reqid'])): ?> + <input name="reqid" type="hidden" value="<?=htmlspecialchars($pconfig['reqid']);?>" /> + <?php endif; ?> <input name="uniqid" type="hidden" value="<?=htmlspecialchars($pconfig['uniqid']);?>" /> </td> </tr> |
