diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc index 220628582..27a5464b6 100644 --- a/src/etc/inc/plugins.inc.d/ipsec.inc +++ b/src/etc/inc/plugins.inc.d/ipsec.inc @@ -307,15 +307,11 @@ function ipsec_get_phase1_src(&$ph1ent) return '%any'; } elseif (!is_ipaddr($ph1ent['interface'])) { if (strpos($ph1ent['interface'], '_vip') !== false) { - // if this is a vip, set the interface to $ph1ent['interface'] + // if this is a vip, use literal interface $if = $ph1ent['interface']; } else { // not a vip, check failover interface - if ($ph1ent['protocol'] == "inet6") { - $if = get_failover_interface($ph1ent['interface'], "inet6"); - } else { - $if = get_failover_interface($ph1ent['interface']); - } + $if = get_failover_interface($ph1ent['interface'], $ph1ent['protocol'] == 'inet6' ? 'inet6' : 'all'); } } else { // interface is an ip address, return diff --git a/src/etc/inc/plugins.inc.d/openvpn.inc b/src/etc/inc/plugins.inc.d/openvpn.inc index 6af6c974a..fbc1e3d27 100644 --- a/src/etc/inc/plugins.inc.d/openvpn.inc +++ b/src/etc/inc/plugins.inc.d/openvpn.inc @@ -565,6 +565,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) // OpenVPN defaults to SHA1, so use it when unset to maintain compatibility. $digest = !empty($settings['digest']) ? $settings['digest'] : "SHA1"; + /* XXX does not support IPv6: missing 'inet6' */ $interface = get_failover_interface($settings['interface']); $ipaddr = $settings['ipaddr']; @@ -1685,6 +1686,7 @@ function openvpn_resync_if_needed($mode, $ovpn_settings, $interface) if (file_exists($fpath)) { $current_device = file_get_contents($fpath); $current_device = trim($current_device, " \t\n"); + /* XXX does not support IPv6: missing 'inet6' */ $new_device = get_failover_interface($ovpn_settings['interface']); if (isset($config['interfaces'][$interface])) { $this_device = $config['interfaces'][$interface]['if'];