diff options
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/filter.inc | 30 | ||||
-rw-r--r-- | src/etc/inc/globals.inc | 2 | ||||
-rw-r--r-- | src/etc/inc/ipsec.inc | 12 | ||||
-rw-r--r-- | src/etc/inc/pkg-utils.inc | 2 | ||||
-rw-r--r-- | src/etc/inc/service-utils.inc | 6 | ||||
-rw-r--r-- | src/etc/inc/upgrade_config.inc | 19 | ||||
-rw-r--r-- | src/etc/inc/vpn.inc | 2 |
7 files changed, 51 insertions, 22 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 9fcefbc..b505825 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -928,13 +928,13 @@ function filter_get_vpns_list() { $vpns_arr = array(); /* ipsec */ - if (isset($config['ipsec']['enable'])) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { if (is_array($config['ipsec']['phase2'])) { foreach ($config['ipsec']['phase2'] as $ph2ent) { if ((!$ph2ent['mobile']) && ($ph2ent['mode'] != 'transport')) { - if (!function_exists('ipsec_idinfo_to_cidr')) { - require_once("ipsec.inc"); - } if (!is_array($ph2ent['remoteid'])) { continue; } @@ -1892,13 +1892,13 @@ function filter_nat_rules_generate() { } /* ipsec nat */ - if (is_array($config['ipsec']) && isset($config['ipsec']['enable'])) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { if (is_array($config['ipsec']['phase2'])) { foreach ($config['ipsec']['phase2'] as $ph2ent) { if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid']) && !isset($ph2ent['disabled'])) { - if (!function_exists('ipsec_idinfo_to_cidr')) { - require_once("ipsec.inc"); - } ipsec_lookup_phase1($ph2ent, $ph1ent); if (!is_array($ph1ent)) { continue; @@ -3466,7 +3466,10 @@ EOD; $saved_tracker += 300; $tracker = $saved_tracker; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { $ipfrules .= "pass out {$log['pass']} on \$IPsec all tracker {$increment_tracker($tracker)} tracker {$increment_tracker($tracker)} keep state label \"IPsec internal host to host\"\n"; } @@ -3954,8 +3957,10 @@ function filter_generate_ipsec_rules($log = array()) { $increment_tracker = 'filter_rule_tracker'; $ipfrules = "\n# VPN Rules\n"; - if ((isset($config['ipsec']['enable'])) && - (is_array($config['ipsec']['phase1']))) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { /* step through all phase1 entries */ foreach ($config['ipsec']['phase1'] as $ph1ent) { $tracker += 10; @@ -3965,9 +3970,6 @@ function filter_generate_ipsec_rules($log = array()) { } /* determine local and remote peer addresses */ if (!isset($ph1ent['mobile'])) { - if (!function_exists('ipsec_get_phase1_dst')) { - require_once("ipsec.inc"); - } $rgip = ipsec_get_phase1_dst($ph1ent); if (!$rgip) { $ipfrules .= "# ERROR! Unable to determine remote IPsec peer address for {$ph1ent['remote-gateway']}\n"; diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc index 18eabf8..b7cc66b 100644 --- a/src/etc/inc/globals.inc +++ b/src/etc/inc/globals.inc @@ -71,7 +71,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "12.8", + "latest_config" => "12.9", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc index 5d45ef1..c951ed2 100644 --- a/src/etc/inc/ipsec.inc +++ b/src/etc/inc/ipsec.inc @@ -213,13 +213,19 @@ function ipsec_enabled() { if (!isset($config['ipsec']) || !is_array($config['ipsec'])) return false; + /* Check if we have at least one phase 1 entry. */ if (!isset($config['ipsec']['phase1']) || !is_array($config['ipsec']['phase1']) || empty($config['ipsec']['phase1'])) { return false; } + /* Check if at least one phase 1 entry is enabled. */ + foreach ($config['ipsec']['phase1'] as $phase1) { + if (!isset($phase1['disabled'])) + return true; + } - return true; + return false; } /* @@ -475,11 +481,9 @@ function ipsec_phase2_status(&$ipsec_status, &$phase2) { * Wrapper to call pfSense_ipsec_list_sa() when IPsec is enabled */ function ipsec_list_sa() { - global $config; - if (isset($config['ipsec']['enable'])) { + if (ipsec_enabled()) return pfSense_ipsec_list_sa(); - } return array(); } diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc index 787e33f..8c67e9f 100644 --- a/src/etc/inc/pkg-utils.inc +++ b/src/etc/inc/pkg-utils.inc @@ -59,6 +59,8 @@ require_once("globals.inc"); require_once("service-utils.inc"); +/* Do NOT remove until packages had time to get updated */ +require_once("xmlrpc.inc"); if (file_exists("/cf/conf/use_xmlreader")) { require_once("xmlreader.inc"); diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc index b40aa39..ba89053 100644 --- a/src/etc/inc/service-utils.inc +++ b/src/etc/inc/service-utils.inc @@ -155,7 +155,9 @@ function restart_service($name) { return; } - stop_service($name); + if (is_service_running($name)) { + stop_service($name); + } start_service($name); if (is_array($config['installedpackages']) && is_array($config['installedpackages']['service'])) { @@ -346,7 +348,7 @@ function get_services() { $services[] = $pconfig; } - if (isset($config['ipsec']['enable'])) { + if (ipsec_enabled()) { $pconfig = array(); $pconfig['name'] = "ipsec"; $pconfig['description'] = gettext("IPsec VPN"); diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index 06293c6..512eb16 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -4099,7 +4099,26 @@ function upgrade_127_to_128() { } unset($config['snmpd']['bindlan']); } +} + +function upgrade_128_to_129() { + global $config; + + /* net.inet.ip.fastforwarding does not exist in 2.3. */ + if (!isset($config['sysctl']['item']) || + !is_array($config['sysctl']['item'])) { + return; + } + + foreach ($config['sysctl']['item'] as $idx => $sysctl) { + if ($sysctl['tunable'] == "net.inet.ip.fastforwarding") { + unset($config['sysctl']['item'][$idx]); + } + } + /* IPSEC is always on in 2.3. */ + if (isset($config['ipsec']['enable'])) + unset($config['ipsec']['enable']); } ?> diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 937aba1..09f514b 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -144,7 +144,7 @@ function vpn_ipsec_configure($restart = false) { $syscfg = $config['system']; $ipseccfg = $config['ipsec']; - if (!isset($ipseccfg['enable'])) { + if (!ipsec_enabled()) { /* try to stop charon */ mwexec("/usr/local/sbin/ipsec stop"); /* Stop dynamic monitoring */ |