lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 16:44:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix strongswan ipsec paths

Browse Source
This commit is contained in:
Ad Schellevis 2014-12-29 15:56:57 +00:00
parent 198dc9ffca
commit 0a73dc888c
1 changed files with 21 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/etc/inc/vpn.inc
View File

@ -125,33 +125,31 @@ function vpn_ipsec_configure($ipchg = false)
return 0;
} else {
$certpath = "{$g['varetc_path']}/ipsec/ipsec.d/certs";
$capath = "{$g['varetc_path']}/ipsec/ipsec.d/cacerts";
$keypath = "{$g['varetc_path']}/ipsec/ipsec.d/private";
$certpath = "/usr/local/etc/ipsec.d/certs";
$capath = "/usr/local/etc/ipsec.d/cacerts";
$keypath = "/usr/local/etc/ipsec.d/private";
mwexec("/sbin/ifconfig enc0 up");
set_single_sysctl("net.inet.ip.ipsec_in_use", "1");
/* needed for config files */
if (!is_dir("{$g['varetc_path']}/ipsec"))
mkdir("{$g['varetc_path']}/ipsec");
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d"))
mkdir("{$g['varetc_path']}/ipsec/ipsec.d");
if (!is_dir("/usr/local/etc/ipsec.d"))
mkdir("/usr/local/etc/ipsec.d");
if (!is_dir($capath))
mkdir($capath);
if (!is_dir($keypath))
mkdir($keypath);
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/crls"))
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/crls");
if (!is_dir("/usr/local/etc/ipsec.d/crls"))
mkdir("/usr/local/etc/ipsec.d/crls");
if (!is_dir($certpath))
mkdir($certpath);
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/aacerts"))
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/aacerts");
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/acerts"))
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/acerts");
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/ocspcerts"))
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/ocspcerts");
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/reqs"))
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/reqs");
if (!is_dir("/usr/local/etc/ipsec.d/aacerts"))
mkdir("/usr/local/etc/ipsec.d/aacerts");
if (!is_dir("/usr/local/etc/ipsec.d/acerts"))
mkdir("/usr/local/etc/ipsec.d/acerts");
if (!is_dir("/usr/local/etc/ipsec.d/ocspcerts"))
mkdir("/usr/local/etc/ipsec.d/ocspcerts");
if (!is_dir("/usr/local/etc/ipsec.d/reqs"))
mkdir("/usr/local/etc/ipsec.d/reqs");
if ($g['booting'])
@ -401,7 +399,7 @@ EOD;
}
$strongswan .= "\t}\n}\n";
@file_put_contents("{$g['varetc_path']}/ipsec/strongswan.conf", $strongswan);
@file_put_contents("/usr/local/etc/strongswan.conf", $strongswan);
unset($strongswan);
/* generate CA certificates files */
@ -499,8 +497,8 @@ EOD;
unset($key);
}
@file_put_contents("{$g['varetc_path']}/ipsec/ipsec.secrets", $pskconf);
chmod("{$g['varetc_path']}/ipsec/ipsec.secrets", 0600);
@file_put_contents("/usr/local/etc/ipsec.secrets", $pskconf);
chmod("/usr/local/etc/ipsec.secrets", 0600);
unset($pskconf);
$natfilterrules = false;
@ -819,7 +817,7 @@ EOD;
}
}
}
@file_put_contents("{$g['varetc_path']}/ipsec/ipsec.conf", $ipsecconf);
@file_put_contents("/usr/local/etc/ipsec.conf", $ipsecconf);
unset($ipsecconf);
/* end ipsec.conf */
@ -845,13 +843,13 @@ EOD;
array_unique($filterdns_list);
foreach ($filterdns_list as $hostname)
$hostnames .= "cmd {$hostname} '/usr/local/sbin/pfSctl -c \"service reload ipsecdns\"'\n";
file_put_contents("{$g['varetc_path']}/ipsec/filterdns-ipsec.hosts", $hostnames);
file_put_contents("/usr/local/etc/filterdns-ipsec.hosts", $hostnames);
unset($hostnames);
if (isvalidpid("{$g['varrun_path']}/filterdns-ipsec.pid"))
sigkillbypid("{$g['varrun_path']}/filterdns-ipsec.pid", "HUP");
else {
mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-ipsec.pid -i {$interval} -c {$g['varetc_path']}/ipsec/filterdns-ipsec.hosts -d 1");
mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-ipsec.pid -i {$interval} -c /usr/local/etc/filterdns-ipsec.hosts -d 1");
}
} else {
killbypid("{$g['varrun_path']}/filterdns-ipsec.pid");