diff options
Diffstat (limited to 'src/etc/inc')
-rw-r--r-- | src/etc/inc/interfaces.inc | 26 | ||||
-rw-r--r-- | src/etc/inc/vpn.inc | 17 |
2 files changed, 38 insertions, 5 deletions
diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 87bad0a..472e087 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -560,6 +560,8 @@ function interface_bridge_configure(&$bridge, $checkmember = 0) { interface_bridge_configure_advanced($bridge); + interface_bridge_configure_ip6linklocal($bridge); + if ($bridge['bridgeif']) { interfaces_bring_up($bridge['bridgeif']); } else { @@ -686,6 +688,25 @@ function interface_bridge_configure_advanced($bridge) { } } +function interface_bridge_configure_ip6linklocal($bridge) { + $bridgeif = $bridge['bridgeif']; + + $members = explode(',', $bridge['members']); + if (!count($members)) { + return; + } + + $auto_linklocal = isset($bridge['ip6linklocal']); + $bridgeop = $auto_linklocal ? '' : '-'; + $memberop = $auto_linklocal ? '-' : ''; + + mwexec("/usr/sbin/ndp -i {$bridgeif} -- {$bridgeop}auto_linklocal"); + foreach ($members as $member) { + $realif = get_real_interface($member); + mwexec("/usr/sbin/ndp -i {$realif} -- {$memberop}auto_linklocal"); + } +} + function interface_bridge_add_member($bridgeif, $interface, $flagsapplied = false) { global $config; @@ -4407,10 +4428,11 @@ function DHCP6_Config_File_Advanced($interface, $wancfg, $wanif) { } $id_assoc_statement_prefix .= ";"; } - + + $realif = get_real_interface($wancfg['adv_dhcp6_prefix_selected_interface']); if (is_numeric($wancfg['adv_dhcp6_prefix_interface_statement_sla_id'])) { $id_assoc_statement_prefix .= "\n\tprefix-interface"; - $id_assoc_statement_prefix .= " {$wanif}"; + $id_assoc_statement_prefix .= " {$realif}"; $id_assoc_statement_prefix .= " {\n"; $id_assoc_statement_prefix .= "\t\tsla-id {$wancfg['adv_dhcp6_prefix_interface_statement_sla_id']};\n"; if (($wancfg['adv_dhcp6_prefix_interface_statement_sla_len'] >= 0) && diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 1398135..6390aed 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -489,12 +489,19 @@ EOD; } } + /* Activate RADIUS accounting if it was selected on the auth server view */ + $radius_accounting = ""; + if($auth_server && isset($auth_server['radius_acct_port'])){ + $radius_accounting = 'accounting = yes'; + } + /* write an eap-radius config section if appropriate */ if (strlen($radius_server_txt) && ($mobile_ipsec_auth === "eap-radius")) { $strongswan .= <<<EOD eap-radius { class_group = yes eap_start = no + {$radius_accounting} servers { {$radius_server_txt} } @@ -1101,10 +1108,14 @@ EOD; } else { $reauth = "reauth = yes"; } + if (isset($ph1ent['rekey_enable'])) { - $rekey = "rekey = no"; + $rekeyline = "rekey = no"; } else { - $rekey = "rekey = yes"; + $rekeyline = "rekey = yes"; + if(!empty($ph1ent['margintime'])){ + $rekeyline .= "\n\tmargintime = {$ph1ent['margintime']}s"; + } } if ($ph1ent['nat_traversal'] == 'off') { @@ -1303,7 +1314,7 @@ EOD; {$forceencaps} {$mobike} {$tfc} - {$rekey} + {$rekeyline} installpolicy = yes {$tunneltype} {$dpdline} |