Merge pull request #2222 from namezero111111/master

Enable charon.install_routes from GUI
2026-03-15 17:14:46 +00:00 · 2018-02-24 15:12:24 +01:00 · 2018-02-24 15:12:24 +01:00 · 82c07d89ac
commit 82c07d89ac
parent bb959b4576 734ad0fe0f
2 changed files with 21 additions and 0 deletions
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@ -880,6 +880,9 @@ function ipsec_configure_do($verbose = false, $interface = '')

        $cnf_add_to_charon_section = "";
        $cnf_add_to_charon_section .= $aggressive_psk ? "\ti_dont_care_about_security_and_use_aggressive_mode_psk=yes\n":"";
+		if(isset($config['ipsec']['auto_routes_disable'])) {
+		    $cnf_add_to_charon_section .= "\tinstall_routes = no\n";
+		}
        if (isset($a_client['enable']) && isset($a_client['net_list'])) {
            $cnf_add_to_charon_section .= "\tcisco_unity = yes\n";
        }
--- a/src/www/vpn_ipsec_settings.php
+++ b/src/www/vpn_ipsec_settings.php
@ -40,6 +40,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $pconfig  = array();
    $pconfig['disablevpnrules'] = isset($config['system']['disablevpnrules']);
    $pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']);
+	$pconfig['auto_routes_disable'] = isset($config['ipsec']['auto_routes_disable']);
    if (!empty($config['ipsec']['passthrough_networks'])) {
        $pconfig['passthrough_networks'] = explode(',', $config['ipsec']['passthrough_networks']);
    } else {
@ -95,6 +96,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        } elseif (isset($config['ipsec']['passthrough_networks'])) {
            unset($config['ipsec']['passthrough_networks']);
        }
+        if (isset($pconfig['auto_routes_disable']) && $pconfig['auto_routes_disable'] == "yes") {
+            $config['ipsec']['auto_routes_disable'] = true;
+        } elseif (isset($config['ipsec']['auto_routes_disable'])) {
+            unset($config['ipsec']['auto_routes_disable']);
+        }

        write_config();
        $savemsg = get_std_save_message();
@ -181,6 +187,18 @@ if (isset($input_errors) && count($input_errors) > 0) {
                        </output>
                      </td>
                    </tr>
+                    <tr>
+                      <td><a id="help_for_auto_routes_disable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Do not install routes"); ?></td>
+                      <td style="width:78%" class="vtable">
+                        <input name="auto_routes_disable" type="checkbox" id="auto_routes_disable" value="yes" <?= !empty($pconfig['auto_routes_disable']) ? "checked=\"checked\" : """;?> />
+                        <strong><?=gettext("Do not automatically install routes"); ?></strong>
+                        <output class="hidden" for="help_for_auto_routes_disable">
+                            <?=gettext("By default, IPsec installs routes when a tunnel becomes active. " .
+                                                  "Select this option to prevent automatically adding routes" .
+                                                  " to the system routing table. See charon.install_routes"); ?>
+                        </output>
+                      </td>
+                    </tr>
                    <tr>
                      <td><a id="help_for_ipsec_debug" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("IPsec Debug"); ?></td>
                      <td>