mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-14 16:44:39 +00:00
ipsec, add passthrough networks for https://github.com/opnsense/core/issues/1890
This commit is contained in:
Ad Schellevis
parent
591a089d2c
commit
76d18ef466
@ -1131,6 +1131,15 @@ EOD;
|
||||
}
|
||||
$ipsecconf .= "\tcharondebug=\"" .implode(',', $cfg_loglevels) . "\"\n";
|
||||
|
||||
if (!empty($config['ipsec']['passthrough_networks'])) {
|
||||
$ipsecconf .= "\nconn pass\n";
|
||||
$ipsecconf .= "\tright=127.0.0.1 # so this connection does not get used for other purposes\n";
|
||||
$ipsecconf .= "\tleftsubnet={$config['ipsec']['passthrough_networks']}\n";
|
||||
$ipsecconf .= "\trightsubnet={$config['ipsec']['passthrough_networks']}\n";
|
||||
$ipsecconf .= "\ttype=passthrough\n";
|
||||
$ipsecconf .= "\tauto=route\n";
|
||||
}
|
||||
|
||||
foreach ($a_phase1 as $ph1ent) {
|
||||
if (isset($ph1ent['disabled'])) {
|
||||
continue;
|
||||
|
||||
@ -40,6 +40,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$pconfig = array();
|
||||
$pconfig['disablevpnrules'] = isset($config['system']['disablevpnrules']);
|
||||
$pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']);
|
||||
if (!empty($config['ipsec']['passthrough_networks'])) {
|
||||
$pconfig['passthrough_networks'] = explode(',', $config['ipsec']['passthrough_networks']);
|
||||
} else {
|
||||
$pconfig['passthrough_networks'] = array();
|
||||
}
|
||||
foreach ($ipsec_loglevels as $lkey => $ldescr) {
|
||||
if (!empty($config['ipsec']["ipsec_{$lkey}"])) {
|
||||
$pconfig["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"];
|
||||
@ -48,42 +53,66 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
}
|
||||
}
|
||||
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
// save form data
|
||||
$pconfig = $_POST;
|
||||
if (!empty($pconfig['disablevpnrules'])) {
|
||||
$config['system']['disablevpnrules'] = true;
|
||||
} elseif (isset($config['system']['disablevpnrules'])) {
|
||||
unset($config['system']['disablevpnrules']);
|
||||
}
|
||||
if (isset($pconfig['preferoldsa_enable']) && $pconfig['preferoldsa_enable'] == "yes") {
|
||||
$config['ipsec']['preferoldsa'] = true;
|
||||
} elseif (isset($config['ipsec']['preferoldsa'])) {
|
||||
unset($config['ipsec']['preferoldsa']);
|
||||
}
|
||||
if (isset($config['ipsec']) && is_array($config['ipsec'])) {
|
||||
foreach ($ipsec_loglevels as $lkey => $ldescr) {
|
||||
if (empty($_POST["ipsec_{$lkey}"])) {
|
||||
if (isset($config['ipsec']["ipsec_{$lkey}"])) {
|
||||
unset($config['ipsec']["ipsec_{$lkey}"]);
|
||||
}
|
||||
} else {
|
||||
$config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"];
|
||||
}
|
||||
// validate
|
||||
$input_errors = array();
|
||||
foreach ($pconfig['passthrough_networks'] as $ptnet) {
|
||||
if (!is_subnet($ptnet)) {
|
||||
$input_errors[] = sprintf(gettext('Entry "%s" is not a valid network.'), $ptnet);
|
||||
}
|
||||
}
|
||||
|
||||
write_config();
|
||||
$savemsg = get_std_save_message();
|
||||
filter_configure();
|
||||
ipsec_configure_do();
|
||||
// save form data
|
||||
if (count($input_errors) == 0) {
|
||||
if (!empty($pconfig['disablevpnrules'])) {
|
||||
$config['system']['disablevpnrules'] = true;
|
||||
} elseif (isset($config['system']['disablevpnrules'])) {
|
||||
unset($config['system']['disablevpnrules']);
|
||||
}
|
||||
if (isset($pconfig['preferoldsa_enable']) && $pconfig['preferoldsa_enable'] == "yes") {
|
||||
$config['ipsec']['preferoldsa'] = true;
|
||||
} elseif (isset($config['ipsec']['preferoldsa'])) {
|
||||
unset($config['ipsec']['preferoldsa']);
|
||||
}
|
||||
if (isset($config['ipsec']) && is_array($config['ipsec'])) {
|
||||
foreach ($ipsec_loglevels as $lkey => $ldescr) {
|
||||
if (empty($pconfig["ipsec_{$lkey}"])) {
|
||||
if (isset($config['ipsec']["ipsec_{$lkey}"])) {
|
||||
unset($config['ipsec']["ipsec_{$lkey}"]);
|
||||
}
|
||||
} else {
|
||||
$config['ipsec']["ipsec_{$lkey}"] = $pconfig["ipsec_{$lkey}"];
|
||||
}
|
||||
}
|
||||
}
|
||||
$config['ipsec']['passthrough_networks'] = implode(',', $pconfig['passthrough_networks']);
|
||||
|
||||
write_config();
|
||||
$savemsg = get_std_save_message();
|
||||
filter_configure();
|
||||
ipsec_configure_do();
|
||||
}
|
||||
}
|
||||
|
||||
$service_hook = 'ipsec';
|
||||
legacy_html_escape_form_data($pconfig);
|
||||
|
||||
include("head.inc");
|
||||
|
||||
?>
|
||||
|
||||
<!-- JQuery Tokenize (http://zellerda.com/projects/tokenize) -->
|
||||
<script type="text/javascript" src="/ui/js/jquery.tokenize.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/ui/css/jquery.tokenize.css" />
|
||||
|
||||
<script type="text/javascript" src="/ui/js/opnsense_ui.js"></script>
|
||||
|
||||
<script type="text/javascript">
|
||||
$( document ).ready(function() {
|
||||
formatTokenizersUI();
|
||||
});
|
||||
</script>
|
||||
|
||||
<body>
|
||||
<?php include("fbegin.inc"); ?>
|
||||
<section class="page-content-main">
|
||||
@ -129,6 +158,21 @@ if (isset($input_errors) && count($input_errors) > 0) {
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_passthrough_networks" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Passthrough networks"); ?></td>
|
||||
<td>
|
||||
<select name="passthrough_networks[]" multiple="multiple" class="tokenize" data-width="348px" data-allownew="true" data-nbdropdownelements="10">
|
||||
<?php
|
||||
foreach ($pconfig['passthrough_networks'] as $ptnet):?>
|
||||
<option value="<?=$ptnet;?>" selected="selected"><?=$ptnet;?></option>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
<div class="hidden" for="help_for_passthrough_networks">
|
||||
<?=gettext("This exempts traffic for one or more subnets from getting processed by the IPsec stack in the kernel. ".
|
||||
"When sending all traffic to the remote location, you probably want to add your lan network(s) here"); ?>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_ipsec_debug" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("IPsec Debug"); ?></td>
|
||||
<td>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user