From 63017a732e0e4f1c3459106a5ac24abfea074877 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ermal=20Lu=E7i?= <eri@pfsense.org>
Date: Tue, 16 Mar 2010 13:08:01 +0000
Subject: Ticket #430. Give a none option to allow for roadwarriors configs.

---
 etc/inc/ipsec.inc                  | 10 +++++++---
 etc/inc/vpn.inc                    | 12 +++++++-----
 usr/local/www/vpn_ipsec_phase2.php |  5 +++++
 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index c55bfea..d80f1c2 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -163,6 +163,7 @@ function ipsec_idinfo_to_cidr(& $idinfo,$addrbits = false) {
 				return $idinfo['address'];
 		case "network":
 			return $idinfo['address']."/".$idinfo['netbits'];
+		case "none":
 		case "mobile":
 			return "0.0.0.0/0";
 		default:
@@ -186,11 +187,12 @@ function ipsec_idinfo_to_subnet(& $idinfo,$addrbits = false) {
 				return $idinfo['address']."/255.255.255.255";
 			else
 				return $idinfo['address'];
+		case "none":
 		case "network":
 			return $idinfo['address']."/".gen_subnet_mask($idinfo['netbits']);
 		case "mobile":
 			return "0.0.0.0/0";
-        default:
+		default:
 			$address = get_interface_ip($idinfo['type']);
 			$netbits = get_interface_subnet($idinfo['type']);
 			$address = gen_subnet($address,$netbits);
@@ -210,8 +212,10 @@ function ipsec_idinfo_to_text(& $idinfo) {
             return $idinfo['address'];
         case "network":
             return $idinfo['address']."/".$idinfo['netbits'];
-		case "mobile":
-			return "Mobile Client";
+	case "mobile":
+		return "Mobile Client";
+	case "none":
+		return "None";
         default:
             return strtoupper($idinfo['type']);
     }
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 26631d7..1ebd07a 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -610,11 +610,13 @@ EOD;
 					if ($ph2ent['mode'] == 'tunnel') {
 
 						$localid_type = $ph2ent['localid']['type'];
-						if ($localid_type != "address")
-							$localid_type = "subnet";
-
 						$localid_data = ipsec_idinfo_to_cidr($ph2ent['localid']);
-						$localid_spec = $localid_type." ".$localid_data." any";
+						if ($localid_type == "none")
+							$localid_spec = " ";
+						else if ($localid_type != "address") {
+							$localid_type = "subnet";
+							$localid_spec = $localid_type." ".$localid_data." any";
+						}
 
 						if (!isset($ph2ent['mobile'])) {
 							$remoteid_type = $ph2ent['remoteid']['type'];
@@ -808,7 +810,7 @@ EOD;
 				}
 
 				/* static route needed? */
-				if (preg_match("/^carp/i", $ph1ent['interface']))
+				if (preg_match("/^carp|^vip/i", $ph1ent['interface']))
 					$parentinterface = link_carp_interface_to_parent($ph1ent['interface']);
 				else
 					$parentinterface = $ph1ent['interface'];
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php
index a1eb068..0058f4d 100644
--- a/usr/local/www/vpn_ipsec_phase2.php
+++ b/usr/local/www/vpn_ipsec_phase2.php
@@ -237,6 +237,10 @@ function typesel_change_local(bits) {
 			document.iform.localid_netbits.value = bits;
 			document.iform.localid_netbits.disabled = 0;
 			break;
+		case 3:	/* none */
+			document.iform.localid_address.disabled = 1;
+			document.iform.localid_netbits.disabled = 1;
+			break;
 		default:
 			document.iform.localid_address.value = "";
 			document.iform.localid_address.disabled = 1;
@@ -356,6 +360,7 @@ function change_protocol() {
 											<option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected";?>>Address</option>
 											<option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected";?>>Network</option>
 											<option value="lan" <?php if ($pconfig['localid_type'] == "lan" ) echo "selected";?>>LAN subnet</option>
+											<option value="none" <?php if ($pconfig['localid_type'] == "none" ) echo "selected";?>>None</option>
 										</select>
 									</td>
 								</tr>
-- 
cgit v1.1