mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-20 03:16:12 +00:00
(legacy/ipsec) add "Connection method" to phase1 settings, closing https://github.com/opnsense/core/issues/477
This commit is contained in:
Ad Schellevis
parent
8c61c4f487
commit
158269e1dc
@ -512,22 +512,24 @@ EOD;
|
||||
}
|
||||
|
||||
$keyexchange = "ikev1";
|
||||
$passive = "route";
|
||||
if (!empty($ph1ent['iketype']) && $ph1ent['iketype'] != "ikev1") {
|
||||
$keyexchange = "ikev2";
|
||||
//$passive = "start";
|
||||
} else {
|
||||
$passive = "route";
|
||||
}
|
||||
|
||||
|
||||
if (isset($ph1ent['mobile'])) {
|
||||
$right_spec = "%any";
|
||||
$passive = 'add';
|
||||
} else {
|
||||
$right_spec = $ph1ent['remote-gateway'];
|
||||
}
|
||||
|
||||
if (!empty($ph1ent['auto'])) {
|
||||
$conn_auto = $ph1ent['auto'];
|
||||
} elseif (isset($ph1ent['mobile'])) {
|
||||
$conn_auto = 'add';
|
||||
} else {
|
||||
$conn_auto = 'route';
|
||||
}
|
||||
|
||||
list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
|
||||
list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
|
||||
|
||||
@ -552,7 +554,7 @@ EOD;
|
||||
}
|
||||
|
||||
if (!empty($ph1ent['dpd_delay']) && !empty($ph1ent['dpd_maxfail'])) {
|
||||
if ($passive == "route") {
|
||||
if ($conn_auto == "route") {
|
||||
$dpdline = "dpdaction = restart";
|
||||
} else {
|
||||
$dpdline = "dpdaction = clear";
|
||||
@ -791,7 +793,7 @@ conn con<<connectionId>>
|
||||
installpolicy = yes
|
||||
{$tunneltype}
|
||||
{$dpdline}
|
||||
auto = {$passive}
|
||||
auto = {$conn_auto}
|
||||
left = {$left_spec}
|
||||
right = {$right_spec}
|
||||
leftid = {$myid_data}
|
||||
|
||||
@ -87,7 +87,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$phase1_fields = "mode,protocol,myid_type,myid_data,peerid_type,peerid_data
|
||||
,encryption-algorithm,hash-algorithm,dhgroup,lifetime,authentication_method,descr,nat_traversal
|
||||
,interface,iketype,dpd_delay,dpd_maxfail,remote-gateway,pre-shared-key,certref
|
||||
,caref,reauth_enable,rekey_enable";
|
||||
,caref,reauth_enable,rekey_enable, auto";
|
||||
if (isset($p1index) && isset($config['ipsec']['phase1'][$p1index])) {
|
||||
// 1-on-1 copy
|
||||
foreach (explode(",", $phase1_fields) as $fieldname) {
|
||||
@ -359,7 +359,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$copy_fields = "ikeid,iketype,interface,mode,protocol,myid_type,myid_data
|
||||
,peerid_type,peerid_data,encryption-algorithm,hash-algorithm,dhgroup
|
||||
,lifetime,pre-shared-key,certref,caref,authentication_method,descr
|
||||
,nat_traversal";
|
||||
,nat_traversal, auto";
|
||||
|
||||
foreach (explode(",",$copy_fields) as $fieldname) {
|
||||
$fieldname = trim($fieldname);
|
||||
@ -602,6 +602,21 @@ function dpdchkbox_change() {
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_auto" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Connection method"); ?></td>
|
||||
<td>
|
||||
|
||||
<select name="auto" class="formselect">
|
||||
<option value="" <?=empty($pconfig['auto']) ? "selected=\"selected\"" : ""; ?>><?=gettext("default");?></option>
|
||||
<option value="add" <?=$pconfig['auto'] == "add" ? "selected=\"selected\"" : ""; ?>><?=gettext("Respond only");?></option>
|
||||
<option value="route" <?=$pconfig['auto'] == "route" ? "selected=\"selected\"" : ""; ?>><?=gettext("Start on traffic");?></option>
|
||||
<option value="start" <?=$pconfig['auto'] == "start" ? "selected=\"selected\"" : ""; ?>><?=gettext("Start immediate");?></option>
|
||||
</select>
|
||||
<div class="hidden" for="help_for_auto">
|
||||
<?=gettext("Choose the connect behaviour here, when using CARP you might want to consider the Repond only option here (wait for the other side to connect)."); ?>.
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_iketype" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Key Exchange version"); ?></td>
|
||||
<td>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user