lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-19 19:15:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #489 from fraenki/fix_485

Browse Source 
fixes #485: make NAT type configurable for IPsec
This commit is contained in:
Ad Schellevis 2015-12-01 17:11:07 +01:00
commit 3c2430668d
2 changed files with 62 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/etc/inc/filter.inc
View File

@ -1766,10 +1766,21 @@ function filter_nat_rules_generate(&$FilterIflist)
if ($remote_subnet == "0.0.0.0/0") {
$remote_subnet = "any";
}
if (is_ipaddr($natlocal_subnet) && !is_ipaddr($local_subnet)) {
$nattype = "nat";
} else {
$nattype = "binat";
/* Try to enforce a specific NAT type or choose automatically. */
switch(isset($ph2ent['natlocalid']['nattype']) ? $ph2ent['natlocalid']['nattype'] : null) {
case "binat":
$nattype = "binat";
break;
case "nat":
$nattype = "nat";
break;
default:
if (is_ipaddr($natlocal_subnet) && !is_ipaddr($local_subnet)) {
$nattype = "nat";
} else {
$nattype = "binat";
}
break;
}
$natrules .= "{$nattype} on enc0 from {$local_subnet} to {$remote_subnet} -> {$natlocal_subnet}\n";
}

54
src/www/vpn_ipsec_phase2.php
View File

@ -82,12 +82,21 @@ function pconfig_to_idinfo($prefix, $pconfig)
$type = $pconfig[$prefix."id_type"];
$address = isset($pconfig[$prefix."id_address"]) ? $pconfig[$prefix."id_address"] : null;
$netbits = isset($pconfig[$prefix."id_netbits"]) ? $pconfig[$prefix."id_netbits"] : null;
$nattype = $pconfig[$prefix."id_nattype"];
switch ($type) {
case "address":
return array('type' => $type, 'address' => $address);
if (!empty($nattype)) {
return array('type' => $type, 'address' => $address, 'nattype' => $nattype);
} else {
return array('type' => $type, 'address' => $address);
}
case "network":
return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
if (!empty($nattype)) {
return array('type' => $type, 'address' => $address, 'netbits' => $netbits, 'nattype' => $nattype);
} else {
return array('type' => $type, 'address' => $address, 'netbits' => $netbits);
}
default:
return array('type' => $type );
}
@ -98,16 +107,21 @@ function pconfig_to_idinfo($prefix, $pconfig)
*/
function idinfo_to_pconfig($prefix, $idinfo, & $pconfig)
{
switch ($idinfo['type']) {
case "address":
$pconfig[$prefix."id_type"] = $idinfo['type'];
$pconfig[$prefix."id_address"] = $idinfo['address'];
if (isset($idinfo['nattype'])) {
$pconfig[$prefix."id_nattype"] = $idinfo['nattype'];
}
break;
case "network":
$pconfig[$prefix."id_type"] = $idinfo['type'];
$pconfig[$prefix."id_address"] = $idinfo['address'];
$pconfig[$prefix."id_netbits"] = $idinfo['netbits'];
if (isset($idinfo['nattype'])) {
$pconfig[$prefix."id_nattype"] = $idinfo['nattype'];
}
break;
default:
$pconfig[$prefix."id_type"] = $idinfo['type'];
@ -272,12 +286,19 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
case "address":
if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address'])) {
$input_errors[] = gettext("A valid NAT local network IP address must be specified.");
} elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel"))
$input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6");
elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6"))
$input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4");
} elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel")) {
$input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6");
} elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6")) {
$input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4");
}
break;
}
switch ($pconfig['natlocalid_nattype']) {
case "binat":
if ($pconfig['natlocalid_netbits'] != $pconfig['localid_netbits']) {
$input_errors[] = gettext("BINAT requires that the netmask of the local network matches the one of the NAT/BINAT network.");
}
}
}
switch ($pconfig['remoteid_type']) {
@ -721,6 +742,25 @@ if (isset($input_errors) && count($input_errors) > 0) {
<tr>
<td colspan="2"><b><?=gettext("NAT/BINAT");?></b></td>
</tr>
<tr>
<td><a id="help_for_natlocalid_nattype" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("NAT Type"); ?></td>
<td>
<select name="natlocalid_nattype" class="formselect">
<option value="auto" <?=empty($pconfig['natlocalid_nattype']) || $pconfig['natlocalid_nattype'] == "auto" ? "selected=\"selected\"" : "";?> >
<?=gettext("Auto"); ?>
</option>
<option value="nat" <?=!empty($pconfig['natlocalid_nattype']) && $pconfig['natlocalid_nattype'] == "nat" ? "selected=\"selected\"" : "";?>>
<?=gettext("NAT"); ?>
</option>
<option value="binat" <?=!empty($pconfig['natlocalid_nattype']) && $pconfig['natlocalid_nattype'] == "binat" ? "selected=\"selected\"" : "";?>>
<?=gettext("BINAT"); ?>
</option>
</select>
<div class="hidden" for="help_for_natlocalid_nattype">
<?php echo gettext("Enforce the type of NAT by choosing either NAT or BINAT. Leave it to Auto to let OPNsense automatically choose the best NAT option."); ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_natlocalid_type" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Type"); ?></td>
<td>