lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 01:54:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

VPN: IPsec: Virtual Tunnel Interfaces - add secondary tunnel address pair for dual-stack purposes. closes https://github.com/opnsense/core/issues/6777

Browse Source
This commit is contained in:
Ad Schellevis 2023-11-21 16:18:57 +01:00
parent 3f5bec4a1e
commit eb74bd05ff
3 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/opnsense/mvc/app/controllers/OPNsense/IPsec/forms/dialogVTI.xml
View File

@ -37,6 +37,21 @@
The size of the subnet containing local and remote will be calculated automatically
</help>
</field>
<field>
<id>vti.tunnel_local2</id>
<label>Tunnel secondary local address</label>
<type>text</type>
<help>Inner tunnel local address to be used for routing purposes.</help>
</field>
<field>
<id>vti.tunnel_remote2</id>
<label>Tunnel secondary remote address</label>
<type>text</type>
<help>
Inner tunnel remote address to be used for routing purposes.
The size of the subnet containing local and remote will be calculated automatically
</help>
</field>
<field>
<id>vti.description</id>
<label>Name</label>

27
src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.php
View File

@ -62,8 +62,12 @@ class Swanctl extends BaseModel
}
foreach ($vtis as $key => $node) {
$vti_inets = [];
foreach (['local', 'remote', 'tunnel_local', 'tunnel_remote'] as $prop) {
$vti_inets[$prop] = strpos((string)$node->$prop, ':') > 0 ? 'inet6' : 'inet';
foreach (['local', 'remote', 'tunnel_local', 'tunnel_remote', 'tunnel_local2', 'tunnel_remote2'] as $prop) {
if (empty((string)$node->$prop)) {
$vti_inets[$prop] = '-';
} else {
$vti_inets[$prop] = strpos((string)$node->$prop, ':') > 0 ? 'inet6' : 'inet';
}
}
if ($vti_inets['local'] != $vti_inets['remote']) {
@ -72,6 +76,12 @@ class Swanctl extends BaseModel
if ($vti_inets['tunnel_local'] != $vti_inets['tunnel_remote']) {
$messages->appendMessage(new Message(gettext("Protocol families should match"), $key . ".tunnel_local"));
}
if ($vti_inets['tunnel_local2'] != $vti_inets['tunnel_remote2']) {
$messages->appendMessage(
new Message(gettext("Protocol families should match"),
$key . ".tunnel_local2")
);
}
}
foreach ($spds as $key => $node) {
@ -249,6 +259,19 @@ class Swanctl extends BaseModel
]
]
];
if (!empty((string)$node->tunnel_local2)) {
// add optional secondary address
$inet = strpos((string)$node->tunnel_local2, ':') > 0 ? 'inet6' : 'inet';
$result['ipsec' . (string)$node->reqid]['networks'][] = [
'inet' => $inet,
'tunnel_local' => (string)$node->tunnel_local2,
'tunnel_remote' => (string)$node->tunnel_remote2,
'mask' => Util::smallestCIDR(
[(string)$node->tunnel_local2, (string)$node->tunnel_remote2],
$inet
)
];
}
}
}
return $result;

10
src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.xml
View File

@ -381,6 +381,16 @@
<Required>Y</Required>
<ValidationMessage>Please specify a valid address.</ValidationMessage>
</tunnel_remote>
<tunnel_local2 type="NetworkField">
<NetMaskAllowed>N</NetMaskAllowed>
<WildcardEnabled>N</WildcardEnabled>
<ValidationMessage>Please specify a valid address.</ValidationMessage>
</tunnel_local2>
<tunnel_remote2 type="NetworkField">
<NetMaskAllowed>N</NetMaskAllowed>
<WildcardEnabled>N</WildcardEnabled>
<ValidationMessage>Please specify a valid address.</ValidationMessage>
</tunnel_remote2>
<description type="TextField"/>
</VTI>
</VTIs>