From 158269e1dc371f3f7e44c9bd3745a98ddff9d882 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 8 Jan 2016 14:34:28 +0100
Subject: [PATCH] (legacy/ipsec) add "Connection method" to phase1 settings,
 closing https://github.com/opnsense/core/issues/477

---
 src/etc/inc/vpn.inc          | 18 ++++++++++--------
 src/www/vpn_ipsec_phase1.php | 19 +++++++++++++++++--
 2 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc
index 8b3f21784..4a8ba7f2b 100644
--- a/src/etc/inc/vpn.inc
+++ b/src/etc/inc/vpn.inc
@@ -512,22 +512,24 @@ EOD;
                 }
 
                 $keyexchange = "ikev1";
-                $passive = "route";
                 if (!empty($ph1ent['iketype']) && $ph1ent['iketype'] != "ikev1") {
                     $keyexchange = "ikev2";
-                    //$passive = "start";
-                } else {
-                    $passive = "route";
                 }
 
-
                 if (isset($ph1ent['mobile'])) {
                     $right_spec = "%any";
-                    $passive = 'add';
                 } else {
                     $right_spec = $ph1ent['remote-gateway'];
                 }
 
+                if (!empty($ph1ent['auto'])) {
+                    $conn_auto = $ph1ent['auto'];
+                } elseif (isset($ph1ent['mobile'])) {
+                    $conn_auto = 'add';
+                } else {
+                    $conn_auto = 'route';
+                }
+
                 list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
                 list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
 
@@ -552,7 +554,7 @@ EOD;
                 }
 
                 if (!empty($ph1ent['dpd_delay']) && !empty($ph1ent['dpd_maxfail'])) {
-                    if ($passive == "route") {
+                    if ($conn_auto == "route") {
                         $dpdline = "dpdaction = restart";
                     } else {
                         $dpdline = "dpdaction = clear";
@@ -791,7 +793,7 @@ conn con<<connectionId>>
   installpolicy = yes
   {$tunneltype}
   {$dpdline}
-  auto = {$passive}
+  auto = {$conn_auto}
   left = {$left_spec}
   right = {$right_spec}
   leftid = {$myid_data}
diff --git a/src/www/vpn_ipsec_phase1.php b/src/www/vpn_ipsec_phase1.php
index f6305e1db..d849ccbf6 100644
--- a/src/www/vpn_ipsec_phase1.php
+++ b/src/www/vpn_ipsec_phase1.php
@@ -87,7 +87,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     $phase1_fields = "mode,protocol,myid_type,myid_data,peerid_type,peerid_data
     ,encryption-algorithm,hash-algorithm,dhgroup,lifetime,authentication_method,descr,nat_traversal
     ,interface,iketype,dpd_delay,dpd_maxfail,remote-gateway,pre-shared-key,certref
-    ,caref,reauth_enable,rekey_enable";
+    ,caref,reauth_enable,rekey_enable, auto";
     if (isset($p1index) && isset($config['ipsec']['phase1'][$p1index])) {
         // 1-on-1 copy
         foreach (explode(",", $phase1_fields) as $fieldname) {
@@ -359,7 +359,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         $copy_fields = "ikeid,iketype,interface,mode,protocol,myid_type,myid_data
         ,peerid_type,peerid_data,encryption-algorithm,hash-algorithm,dhgroup
         ,lifetime,pre-shared-key,certref,caref,authentication_method,descr
-        ,nat_traversal";
+        ,nat_traversal, auto";
 
         foreach (explode(",",$copy_fields) as $fieldname) {
             $fieldname = trim($fieldname);
@@ -602,6 +602,21 @@ function dpdchkbox_change() {
                       </div>
                     </td>
                   </tr>
+                  <tr>
+                    <td><a id="help_for_auto" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Connection method"); ?></td>
+                    <td>
+
+                      <select name="auto" class="formselect">
+                        <option value="" <?=empty($pconfig['auto']) ?  "selected=\"selected\"" : ""; ?>><?=gettext("default");?></option>
+                        <option value="add" <?=$pconfig['auto'] == "add" ?  "selected=\"selected\"" : ""; ?>><?=gettext("Respond only");?></option>
+                        <option value="route" <?=$pconfig['auto'] == "route" ?  "selected=\"selected\"" : ""; ?>><?=gettext("Start on traffic");?></option>
+                        <option value="start" <?=$pconfig['auto'] == "start" ?  "selected=\"selected\"" : ""; ?>><?=gettext("Start immediate");?></option>
+                      </select>
+                      <div class="hidden" for="help_for_auto">
+                        <?=gettext("Choose the connect behaviour here, when using CARP you might want to consider the Repond only option here (wait for the other side to connect)."); ?>.
+                      </div>
+                    </td>
+                  </tr>
                   <tr>
                     <td><a id="help_for_iketype" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Key Exchange version"); ?></td>
                     <td>