ipsec, add ike keyexchange option, for https://github.com/opnsense/core/issues/2642

2026-03-13 08:09:41 +00:00 · 2018-08-17 11:54:51 +02:00 · 2018-08-17 11:54:51 +02:00 · b693a3b99a
commit b693a3b99a
parent 6c4912cfce
3 changed files with 8 additions and 7 deletions
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@ -1161,8 +1161,8 @@ EOD;
                }

                $keyexchange = "ikev1";
-                if (!empty($ph1ent['iketype']) && $ph1ent['iketype'] != "ikev1") {
-                    $keyexchange = "ikev2";
+                if (!empty($ph1ent['iketype'])) {
+                    $keyexchange = $ph1ent['iketype'];
                    $mobike = !empty($ph1ent['mobike']) ? "mobike = no" : "mobike = yes";
                }

--- a/src/www/vpn_ipsec.php
+++ b/src/www/vpn_ipsec.php
@ -367,7 +367,8 @@ $( document ).ready(function() {
                      </td>
                      <td class="hidden-xs">
                          <?=empty($ph1ent['protocol']) || $ph1ent['protocol'] == "inet" ? "IPv4" : "IPv6"; ?>
-                          <?=empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1" ? "IKE" : "IKEv2"; ?>
+                          <?php $ph1ent_type=array("ikev1" => "IKE", "ikev2" => "IKEv2", "ike" => "auto"); ?>
+                          <?=!empty($ph1ent['iketype']) &&  isset($ph1ent_type[$ph1ent['iketype']]) ? $ph1ent_type[$ph1ent['iketype']] :"" ;?>
                      </td>
                      <td>
 <?php
--- a/src/www/vpn_ipsec_phase1.php
+++ b/src/www/vpn_ipsec_phase1.php
@ -181,7 +181,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        case "eap-mschapv2":
        case "rsa_eap-mschapv2":
        case "eap-radius":
-          if ($pconfig['iketype'] != 'ikev2') {
+          if (!in_array($pconfig['iketype'], array('ikev2', 'ike'))) {
              $input_errors[] = sprintf(gettext("%s can only be used with IKEv2 type VPNs."), strtoupper($method));
          }
          if ($method == 'eap-radius' && empty($pconfig['authservers'])) {
@ -311,7 +311,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        }
    }

-    if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2") {
+    if (!empty($pconfig['iketype']) && !in_array($pconfig['iketype'], array("ike", "ikev1", "ikev2"))) {
        $input_errors[] = gettext('Invalid argument for key exchange protocol version.');
    }

@ -421,7 +421,7 @@ include("head.inc");
 <script>
    $( document ).ready(function() {
        $("#iketype").change(function(){
-            if ($(this).val() == 'ikev2') {
+            if (['ike', 'ikev2'].includes($(this).val())) {
                $("#mode").prop( "disabled", true );
                $("#mode_tr").hide();
            } else {
@ -592,7 +592,7 @@ include("head.inc");

                      <select name="iketype" id="iketype">
 <?php
-                      $keyexchange = array("ikev1" => "V1", "ikev2" => "V2");
+                      $keyexchange = array("ike" => "auto", "ikev1" => "V1", "ikev2" => "V2");
                      foreach ($keyexchange as $kidx => $name) :
                        ?>
                        <option value="<?=$kidx;?>" <?= $kidx == $pconfig['iketype'] ? "selected=\"selected\"" : "";?> >