Commit 0a73dc88 authored by Ad Schellevis's avatar Ad Schellevis

fix strongswan ipsec paths

parent 198dc9ff
...@@ -125,33 +125,31 @@ function vpn_ipsec_configure($ipchg = false) ...@@ -125,33 +125,31 @@ function vpn_ipsec_configure($ipchg = false)
return 0; return 0;
} else { } else {
$certpath = "{$g['varetc_path']}/ipsec/ipsec.d/certs"; $certpath = "/usr/local/etc/ipsec.d/certs";
$capath = "{$g['varetc_path']}/ipsec/ipsec.d/cacerts"; $capath = "/usr/local/etc/ipsec.d/cacerts";
$keypath = "{$g['varetc_path']}/ipsec/ipsec.d/private"; $keypath = "/usr/local/etc/ipsec.d/private";
mwexec("/sbin/ifconfig enc0 up"); mwexec("/sbin/ifconfig enc0 up");
set_single_sysctl("net.inet.ip.ipsec_in_use", "1"); set_single_sysctl("net.inet.ip.ipsec_in_use", "1");
/* needed for config files */ /* needed for config files */
if (!is_dir("{$g['varetc_path']}/ipsec")) if (!is_dir("/usr/local/etc/ipsec.d"))
mkdir("{$g['varetc_path']}/ipsec"); mkdir("/usr/local/etc/ipsec.d");
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d"))
mkdir("{$g['varetc_path']}/ipsec/ipsec.d");
if (!is_dir($capath)) if (!is_dir($capath))
mkdir($capath); mkdir($capath);
if (!is_dir($keypath)) if (!is_dir($keypath))
mkdir($keypath); mkdir($keypath);
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/crls")) if (!is_dir("/usr/local/etc/ipsec.d/crls"))
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/crls"); mkdir("/usr/local/etc/ipsec.d/crls");
if (!is_dir($certpath)) if (!is_dir($certpath))
mkdir($certpath); mkdir($certpath);
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/aacerts")) if (!is_dir("/usr/local/etc/ipsec.d/aacerts"))
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/aacerts"); mkdir("/usr/local/etc/ipsec.d/aacerts");
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/acerts")) if (!is_dir("/usr/local/etc/ipsec.d/acerts"))
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/acerts"); mkdir("/usr/local/etc/ipsec.d/acerts");
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/ocspcerts")) if (!is_dir("/usr/local/etc/ipsec.d/ocspcerts"))
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/ocspcerts"); mkdir("/usr/local/etc/ipsec.d/ocspcerts");
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/reqs")) if (!is_dir("/usr/local/etc/ipsec.d/reqs"))
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/reqs"); mkdir("/usr/local/etc/ipsec.d/reqs");
if ($g['booting']) if ($g['booting'])
...@@ -401,7 +399,7 @@ EOD; ...@@ -401,7 +399,7 @@ EOD;
} }
$strongswan .= "\t}\n}\n"; $strongswan .= "\t}\n}\n";
@file_put_contents("{$g['varetc_path']}/ipsec/strongswan.conf", $strongswan); @file_put_contents("/usr/local/etc/strongswan.conf", $strongswan);
unset($strongswan); unset($strongswan);
/* generate CA certificates files */ /* generate CA certificates files */
...@@ -499,8 +497,8 @@ EOD; ...@@ -499,8 +497,8 @@ EOD;
unset($key); unset($key);
} }
@file_put_contents("{$g['varetc_path']}/ipsec/ipsec.secrets", $pskconf); @file_put_contents("/usr/local/etc/ipsec.secrets", $pskconf);
chmod("{$g['varetc_path']}/ipsec/ipsec.secrets", 0600); chmod("/usr/local/etc/ipsec.secrets", 0600);
unset($pskconf); unset($pskconf);
$natfilterrules = false; $natfilterrules = false;
...@@ -819,7 +817,7 @@ EOD; ...@@ -819,7 +817,7 @@ EOD;
} }
} }
} }
@file_put_contents("{$g['varetc_path']}/ipsec/ipsec.conf", $ipsecconf); @file_put_contents("/usr/local/etc/ipsec.conf", $ipsecconf);
unset($ipsecconf); unset($ipsecconf);
/* end ipsec.conf */ /* end ipsec.conf */
...@@ -845,13 +843,13 @@ EOD; ...@@ -845,13 +843,13 @@ EOD;
array_unique($filterdns_list); array_unique($filterdns_list);
foreach ($filterdns_list as $hostname) foreach ($filterdns_list as $hostname)
$hostnames .= "cmd {$hostname} '/usr/local/sbin/pfSctl -c \"service reload ipsecdns\"'\n"; $hostnames .= "cmd {$hostname} '/usr/local/sbin/pfSctl -c \"service reload ipsecdns\"'\n";
file_put_contents("{$g['varetc_path']}/ipsec/filterdns-ipsec.hosts", $hostnames); file_put_contents("/usr/local/etc/filterdns-ipsec.hosts", $hostnames);
unset($hostnames); unset($hostnames);
if (isvalidpid("{$g['varrun_path']}/filterdns-ipsec.pid")) if (isvalidpid("{$g['varrun_path']}/filterdns-ipsec.pid"))
sigkillbypid("{$g['varrun_path']}/filterdns-ipsec.pid", "HUP"); sigkillbypid("{$g['varrun_path']}/filterdns-ipsec.pid", "HUP");
else { else {
mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-ipsec.pid -i {$interval} -c {$g['varetc_path']}/ipsec/filterdns-ipsec.hosts -d 1"); mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-ipsec.pid -i {$interval} -c /usr/local/etc/filterdns-ipsec.hosts -d 1");
} }
} else { } else {
killbypid("{$g['varrun_path']}/filterdns-ipsec.pid"); killbypid("{$g['varrun_path']}/filterdns-ipsec.pid");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment