diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/etc/inc/vpn.inc | 15 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_ipsec_phase1.php | 43 |
2 files changed, 34 insertions, 24 deletions
diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 9eaa6c0..1f2372a 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -985,10 +985,6 @@ EOD; $ikelifeline = "ikelifetime = {$ph1ent['lifetime']}s"; } - if ($ph1ent['rekeymargin']) { - $rekeymargin = "rekeymargin = {$ph1ent['rekeymargin']}s"; - } - $rightsourceip = NULL; if (isset($ph1ent['mobile'])) { $rightsourceips = array(); @@ -1112,10 +1108,12 @@ EOD; } else { $reauth = "reauth = yes"; } - if (isset($ph1ent['rekey_enable'])) { - $rekey = "rekey = no"; + + if ($ph1ent['margintime']) { + $rekeyline = "rekey = yes"; + $rekeyline .= "\n\tmargintime = {$ph1ent['margintime']}s"; } else { - $rekey = "rekey = yes"; + $rekeyline = "rekey = no"; } if ($ph1ent['nat_traversal'] == 'off') { @@ -1314,8 +1312,7 @@ EOD; {$forceencaps} {$mobike} {$tfc} - {$rekey} - {$rekeymargin} + {$rekeyline} installpolicy = yes {$tunneltype} {$dpdline} diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php index e05845e..300ebce 100644 --- a/src/usr/local/www/vpn_ipsec_phase1.php +++ b/src/usr/local/www/vpn_ipsec_phase1.php @@ -96,7 +96,6 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup']; $pconfig['lifetime'] = $a_phase1[$p1index]['lifetime']; $pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method']; - $pconfig['rekeymargin'] = $a_phase1[$p1index]['rekeymargin']; if (($pconfig['authentication_method'] == "pre_shared_key") || ($pconfig['authentication_method'] == "xauth_psk_server")) { @@ -113,8 +112,9 @@ if (isset($p1index) && $a_phase1[$p1index]) { if (isset($a_phase1[$p1index]['reauth_enable'])) { $pconfig['reauth_enable'] = true; } - if (isset($a_phase1[$p1index]['rekey_enable'])) { + if ($a_phase1[$p1index]['margintime']) { $pconfig['rekey_enable'] = true; + $pconfig['margintime'] = $a_phase1[$p1index]['margintime']; } if (isset($a_phase1[$p1index]['responderonly'])) { $pconfig['responderonly'] = true; @@ -152,11 +152,11 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['halgo'] = "sha1"; $pconfig['dhgroup'] = "2"; $pconfig['lifetime'] = "28800"; + $pconfig['rekey_enable'] = true; $pconfig['nat_traversal'] = 'on'; $pconfig['mobike'] = 'off'; $pconfig['dpd_enable'] = true; $pconfig['iketype'] = "ikev1"; - $pconfig['rekeymargin'] = "540"; /* mobile client */ if ($_REQUEST['mobile']) { @@ -240,8 +240,8 @@ if ($_POST['save']) { $input_errors[] = gettext("The P1 lifetime must be an integer."); } - if (($pconfig['rekeymargin'] && !is_numericint($pconfig['rekeymargin']))) { - $input_errors[] = gettext("Rekey Margin must be an integer."); + if (($pconfig['margintime'] && !is_numericint($pconfig['margintime']))) { + $input_errors[] = gettext("The margintime must be an integer."); } if ($pconfig['remotegw']) { @@ -458,7 +458,6 @@ if ($_POST['save']) { $ph1ent['hash-algorithm'] = $pconfig['halgo']; $ph1ent['dhgroup'] = $pconfig['dhgroup']; $ph1ent['lifetime'] = $pconfig['lifetime']; - $ph1ent['rekeymargin'] = $pconfig['rekeymargin']; $ph1ent['pre-shared-key'] = $pconfig['pskey']; $ph1ent['private-key'] = base64_encode($pconfig['privatekey']); $ph1ent['certref'] = $pconfig['certref']; @@ -474,9 +473,7 @@ if ($_POST['save']) { unset($ph1ent['reauth_enable']); } if (isset($pconfig['rekey_enable'])) { - $ph1ent['rekey_enable'] = true; - } else { - unset($ph1ent['rekey_enable']); + $ph1ent['margintime'] = $pconfig['margintime']; } if (isset($pconfig['responderonly'])) { @@ -832,17 +829,17 @@ $section = new Form_Section('Advanced Options'); $section->addInput(new Form_Checkbox( 'rekey_enable', - 'Disable rekey', - 'Disables renegotiation when a connection is about to expire.', + 'Enable rekey', + 'Enables renegotiation when a connection is about to expire.', $pconfig['rekey_enable'] )); $section->addInput(new Form_Input( - 'rekeymargin', - '*Rekey Margin (Seconds)', + 'margintime', + 'Margintime (Seconds)', 'number', - $pconfig['rekeymargin'] -)); + $pconfig['margintime'] +))->setHelp('How long before connection expiry or keying-channel expiry should attempt to negotiate a replacement begin.'); $section->addInput(new Form_Checkbox( 'reauth_enable', @@ -1081,6 +1078,16 @@ events.push(function() { } } + function rekeychkbox_change() { + hide = !$('#rekey_enable').prop('checked'); + + hideInput('margintime', hide); + + if (!$('#margintime').val()) { + $('#margintime').val('540') + } + } + function dpdchkbox_change() { hide = !$('#dpd_enable').prop('checked'); @@ -1104,6 +1111,11 @@ events.push(function() { // ---------- Monitor elements for change and call the appropriate display functions ---------- + // Enable Rekey + $('#rekey_enable').click(function () { + rekeychkbox_change(); + }); + // Enable DPD $('#dpd_enable').click(function () { dpdchkbox_change(); @@ -1145,6 +1157,7 @@ events.push(function() { iketype_change(); methodsel_change(); ealgosel_change(<?=$keyset?>); + rekeychkbox_change(); dpdchkbox_change(); // ---------- On initial page load ------------------------------------------------------------ |
