mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-16 09:34:39 +00:00
IPSec / routed (VTI), make sure all connections use predefined reqid, for https://github.com/opnsense/core/issues/2332
it would be good to refactor this code at some point, maybe wrap some of its logic in a class. There's just too much logic in ipsec_configure_do at the moment
This commit is contained in:
Ad Schellevis
parent
9ccabe68a6
commit
4c3d069ca4
@ -1451,9 +1451,11 @@ EOD;
|
||||
for ($idx = 0; $idx < count($leftsubnet_spec); ++$idx) {
|
||||
if (count($leftsubnet_spec) == 1) {
|
||||
$tmpconf = str_replace('<<connectionId>>', "{$ph1ent['ikeid']}", $connEntry);
|
||||
$tmpconf .= sprintf("\treqid = %d\n", (int)$ph1ent['ikeid'] * 1000 );
|
||||
} else {
|
||||
// suffix connection with sequence number
|
||||
$tmpconf = str_replace('<<connectionId>>', sprintf('%s-%03d', $ph1ent['ikeid'], $idx), $connEntry);
|
||||
$tmpconf .= sprintf("\treqid = %d\n", (int)$ph1ent['ikeid'] * 1000 + $idx );
|
||||
}
|
||||
$tmpconf .= "\trightsubnet = " . $rightsubnet_spec[$idx]. "\n";
|
||||
$tmpconf .= "\tleftsubnet = " . $leftsubnet_spec[$idx] . "\n";
|
||||
@ -1477,6 +1479,7 @@ EOD;
|
||||
// name from the first configured tunnel ($idx == 0):
|
||||
$conn_suffix = $idx ? sprintf('-%03d', $idx) : '';
|
||||
$tmpconf[] = "conn con{$ph1ent['ikeid']}{$conn_suffix}";
|
||||
$tmpconf[] = sprintf("\treqid = %d\n", (int)$ph1ent['ikeid'] * 1000 + $idx );
|
||||
if (!empty($rightsubnet_spec[$idx])) {
|
||||
$tmpconf[] = "\trightsubnet = {$rightsubnet_spec[$idx]}";
|
||||
}
|
||||
@ -1495,6 +1498,7 @@ EOD;
|
||||
}
|
||||
} else {
|
||||
$tmpconf = str_replace('<<connectionId>>', "{$ph1ent['ikeid']}", $connEntry);
|
||||
$tmpconf .= sprintf("\treqid = %d\n", (int)$ph1ent['ikeid'] * 1000 );
|
||||
if (!empty($rightsubnet_spec)) {
|
||||
$tmpconf .= "\trightsubnet = " . join(',', array_unique($rightsubnet_spec)) . "\n";
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user