diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/LegacySubsystemController.php b/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/LegacySubsystemController.php
index c28246132..8e27514fd 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/LegacySubsystemController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/LegacySubsystemController.php
@@ -1,6 +1,7 @@
* All rights reserved.
*
@@ -30,6 +31,8 @@ namespace OPNsense\IPsec\Api;
use OPNsense\Base\ApiControllerBase;
use OPNsense\Core\Backend;
+use OPNsense\Core\Config;
+
/**
* Class LegacySubsystemController
@@ -45,6 +48,7 @@ class LegacySubsystemController extends ApiControllerBase
public function statusAction()
{
return [
+ 'enabled' => isset(Config::getInstance()->object()->ipsec->enable),
'isDirty' => file_exists('/tmp/ipsec.dirty') // is_subsystem_dirty('ipsec')
];
}
@@ -56,28 +60,14 @@ class LegacySubsystemController extends ApiControllerBase
*/
public function applyConfigAction()
{
- try {
- if (!$this->request->isPost()) {
- throw new \Exception(gettext('Request method not allowed, expected POST'));
+ $result = ["status" => "failed"];
+ if ($this->request->isPost()) {
+ $bckresult = trim((new Backend())->configdRun('ipsec reconfigure'));
+ if ($bckresult === 'OK') {
+ $result['message'] = gettext('The changes have been applied successfully.');
+ $result['status'] = "ok";
+ @unlink('/tmp/ipsec.dirty');
}
-
- $backend = new Backend();
- $bckresult = trim($backend->configdRun('ipsec reconfigure'));
- if ($bckresult !== 'OK') {
- throw new \Exception($bckresult);
- }
-
- // clear_subsystem_dirty('ipsec')
- if (!@unlink('/tmp/ipsec.dirty')) {
- throw new \Exception(gettext('Could not remove /tmp/ipsec.dirty to mark subsystem as clean'));
- }
-
- return ['message' => gettext('The changes have been applied successfully.')];
- } catch (\Exception $e) {
- throw new \Exception(sprintf(
- gettext('Unable to apply IPsec subsystem configuration: %s'),
- $e->getMessage()
- ));
}
}
}
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/TunnelController.php b/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/TunnelController.php
index a843d20c1..93ccdbc2f 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/TunnelController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/TunnelController.php
@@ -144,6 +144,7 @@ class TunnelController extends ApiControllerBase
}
$item = [
"id" => intval((string)$p1->ikeid), // ikeid should be unique
+ "seqid" => $idx,
"enabled" => empty((string)$p1->disabled) ? "1" : "0",
"protocol" => $p1->protocol == "inet" ? "IPv4" : "IPv6",
"iketype" => $ph1type[(string)$p1->iketype],
@@ -272,6 +273,7 @@ class TunnelController extends ApiControllerBase
}
$item = [
"id" => $p2idx,
+ "uniqid" => (string)$p2->uniqid, // XXX: a bit convoluted, should probably replace id at some point
"ikeid" => $ikeid,
"enabled" => empty((string)$p2->disabled) ? "1" : "0",
"protocol" => $p2->protocol == "esp" ? "ESP" : "AH",
@@ -303,7 +305,7 @@ class TunnelController extends ApiControllerBase
if (!empty($phase)) {
$idx = 0;
foreach ($phase as $p) {
- if(intval((string)$p->ikeid) == intval($ikeid)) {
+ if (intval((string)$p->ikeid) == intval($ikeid)) {
$phase_ids[$phid][] = $idx;
}
$idx++;
@@ -326,6 +328,41 @@ class TunnelController extends ApiControllerBase
return ['status' => 'failed'];
}
+ /**
+ * toggle if phase 1 is enabled
+ */
+ public function togglePhase1Action($ikeid, $enabled = null)
+ {
+ if ($this->request->isPost()) {
+ $this->sessionClose();
+ Config::getInstance()->lock();
+ $config = Config::getInstance()->object();
+ if (!empty($config->ipsec->phase1)) {
+ $idx = 0;
+ foreach ($config->ipsec->phase1 as $p1) {
+ if (intval((string)$p1->ikeid) == intval($ikeid)) {
+ if ($enabled == "0" || $enabled == "1") {
+ $new_status = $enabled == "1" ? "0" : "1";
+ } else {
+ $new_status = $config->ipsec->phase1[$idx]->disabled == "1" ? "0" : "1";
+ }
+ if ($new_status == "1") {
+ $config->ipsec->phase1[$idx]->disabled = $new_status;
+ } elseif (isset($config->ipsec->phase1[$idx]->disabled)) {
+ unset($config->ipsec->phase1[$idx]->disabled);
+ }
+
+ Config::getInstance()->save();
+ @touch("/tmp/ipsec.dirty");
+ return ['status' => 'ok', 'disabled' => $new_status];
+ }
+ $idx++;
+ }
+ }
+ return ['status' => 'not_found'];
+ }
+ return ['status' => 'failed'];
+ }
/**
* delete phase 2 entry
@@ -333,20 +370,73 @@ class TunnelController extends ApiControllerBase
public function delPhase2Action($seqid)
{
if ($this->request->isPost()) {
- $phase_ids = [];
$this->sessionClose();
Config::getInstance()->lock();
$config = Config::getInstance()->object();
- if (isset($config->ipsec->phase2[intval($seqid)])) {
+ if ((string)intval($seqid) == $seqid && isset($config->ipsec->phase2[intval($seqid)])) {
unset($config->ipsec->phase2[intval($seqid)]);
Config::getInstance()->save();
- if (!empty($phase_ids[0])) {
- @touch("/tmp/ipsec.dirty");
- }
+ @touch("/tmp/ipsec.dirty");
return ['status' => 'ok'];
}
return ['status' => 'not_found'];
}
return ['status' => 'failed'];
}
+
+ /**
+ * toggle if phase 2 is enabled
+ */
+ public function togglePhase2Action($seqid, $enabled = null)
+ {
+ if ($this->request->isPost()) {
+ $this->sessionClose();
+ Config::getInstance()->lock();
+ $config = Config::getInstance()->object();
+ if ((string)intval($seqid) == $seqid && isset($config->ipsec->phase2[intval($seqid)])) {
+ if ($enabled == "0" || $enabled == "1") {
+ $new_status = $enabled == "1" ? "0" : "1";
+ } else {
+ $new_status = $config->ipsec->phase2[intval($seqid)]->disabled == "1" ? "0" : "1";
+ }
+ if ($new_status == "1") {
+ $config->ipsec->phase2[intval($seqid)]->disabled = $new_status;
+ } elseif (isset($config->ipsec->phase2[intval($seqid)]->disabled)) {
+ unset($config->ipsec->phase2[intval($seqid)]->disabled);
+ }
+
+ Config::getInstance()->save();
+ @touch("/tmp/ipsec.dirty");
+ return ['status' => 'ok', 'disabled' => $new_status];
+ }
+ return ['status' => 'not_found'];
+ }
+ return ['status' => 'failed'];
+ }
+
+ /**
+ * toggle if IPsec is enabled
+ */
+ public function toggleAction($enabled = null)
+ {
+ if ($this->request->isPost()) {
+ $this->sessionClose();
+ Config::getInstance()->lock();
+ $config = Config::getInstance()->object();
+ if ($enabled == "0" || $enabled == "1") {
+ $new_status = $enabled == "1";
+ } else {
+ $new_status = !isset($config->ipsec->enable);
+ }
+ if ($new_status) {
+ $config->ipsec->enable = true;
+ } elseif (isset($config->ipsec->enable)) {
+ unset($config->ipsec->enable);
+ }
+ Config::getInstance()->save();
+ @touch("/tmp/ipsec.dirty");
+ return ['status' => 'ok'];
+ }
+ return ['status' => 'failed'];
+ }
}
diff --git a/src/opnsense/mvc/app/views/OPNsense/IPsec/tunnels.volt b/src/opnsense/mvc/app/views/OPNsense/IPsec/tunnels.volt
index 9c29e19c6..2a44a5ff5 100644
--- a/src/opnsense/mvc/app/views/OPNsense/IPsec/tunnels.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/IPsec/tunnels.volt
@@ -1,11 +1,89 @@
+
+
+
+
+ {{ lang._('The IPsec tunnel configuration has been changed.') }}
+ {{ lang._('You must apply the changes in order for them to take effect.') }}
+
+
| {{ lang._('Enabled') }} |
{{ lang._('ikeid') }} |
+ {{ lang._('seqid') }} |
{{ lang._('Type') }} |
{{ lang._('Remote Gateway') }} |
{{ lang._('Mode') }} |
{{ lang._('Phase 1 Proposal') }} |
{{ lang._('Authentication') }} |
{{ lang._('Description') }} |
- {{ lang._('Commands') }} |
+ {{ lang._('Commands') }} |
@@ -93,7 +189,7 @@
|
- |
@@ -140,16 +224,10 @@
|
-
+
{{ lang._('Enable IPsec') }}
|
-
- |
-
- |
-
-