(legacy/ipsec) add "Connection method" to phase1 settings, closing...

(legacy/ipsec) add "Connection method" to phase1 settings, closing https://github.com/opnsense/core/issues/477

(legacy/ipsec) add "Connection method" to phase1 settings, closing...
(legacy/ipsec) add "Connection method" to phase1 settings, closing https://github.com/opnsense/core/issues/477
158269e1 · Ad Schellevis · 8c61c4f4 · 158269e1 · 158269e1
Commit 158269e1 authored Jan 08, 2016 by Ad Schellevis
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 10 deletions

vpn.inc src/etc/inc/vpn.inc +10 -8

vpn_ipsec_phase1.php src/www/vpn_ipsec_phase1.php +17 -2

No files found.
--- a/src/etc/inc/vpn.inc
+++ b/src/etc/inc/vpn.inc
@@ -512,22 +512,24 @@ EOD;
                }

                $keyexchange = "ikev1";
-                $passive = "route";
                if (!empty($ph1ent['iketype']) && $ph1ent['iketype'] != "ikev1") {
                    $keyexchange = "ikev2";
-                    //$passive = "start";
-                } else {
-                    $passive = "route";
                }

-
                if (isset($ph1ent['mobile'])) {
                    $right_spec = "%any";
-                    $passive = 'add';
                } else {
                    $right_spec = $ph1ent['remote-gateway'];
                }

+                if (!empty($ph1ent['auto'])) {
+                    $conn_auto = $ph1ent['auto'];
+                } elseif (isset($ph1ent['mobile'])) {
+                    $conn_auto = 'add';
+                } else {
+                    $conn_auto = 'route';
+                }
+
                list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
                list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);

@@ -552,7 +554,7 @@ EOD;
                }

                if (!empty($ph1ent['dpd_delay']) && !empty($ph1ent['dpd_maxfail'])) {
-                    if ($passive == "route") {
+                    if ($conn_auto == "route") {
                        $dpdline = "dpdaction = restart";
                    } else {
                        $dpdline = "dpdaction = clear";
@@ -791,7 +793,7 @@ conn con<<connectionId>>
  installpolicy = yes
  {$tunneltype}
  {$dpdline}
-  auto = {$passive}
+  auto = {$conn_auto}
  left = {$left_spec}
  right = {$right_spec}
  leftid = {$myid_data}

--- a/src/www/vpn_ipsec_phase1.php
+++ b/src/www/vpn_ipsec_phase1.php
@@ -87,7 +87,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $phase1_fields = "mode,protocol,myid_type,myid_data,peerid_type,peerid_data
    ,encryption-algorithm,hash-algorithm,dhgroup,lifetime,authentication_method,descr,nat_traversal
    ,interface,iketype,dpd_delay,dpd_maxfail,remote-gateway,pre-shared-key,certref
-    ,caref,reauth_enable,rekey_enable";
+    ,caref,reauth_enable,rekey_enable, auto";
    if (isset($p1index) && isset($config['ipsec']['phase1'][$p1index])) {
        // 1-on-1 copy
        foreach (explode(",", $phase1_fields) as $fieldname) {
@@ -359,7 +359,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        $copy_fields = "ikeid,iketype,interface,mode,protocol,myid_type,myid_data
        ,peerid_type,peerid_data,encryption-algorithm,hash-algorithm,dhgroup
        ,lifetime,pre-shared-key,certref,caref,authentication_method,descr
-        ,nat_traversal";
+        ,nat_traversal, auto";

        foreach (explode(",",$copy_fields) as $fieldname) {
            $fieldname = trim($fieldname);
@@ -602,6 +602,21 @@ function dpdchkbox_change() {
                      </div>
                    </td>
                  </tr>
+                  <tr>
+                    <td><a id="help_for_auto" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Connection method"); ?></td>
+                    <td>
+
+                      <select name="auto" class="formselect">
+                        <option value="" <?=empty($pconfig['auto']) ?  "selected=\"selected\"" : ""; ?>><?=gettext("default");?></option>
+                        <option value="add" <?=$pconfig['auto'] == "add" ?  "selected=\"selected\"" : ""; ?>><?=gettext("Respond only");?></option>
+                        <option value="route" <?=$pconfig['auto'] == "route" ?  "selected=\"selected\"" : ""; ?>><?=gettext("Start on traffic");?></option>
+                        <option value="start" <?=$pconfig['auto'] == "start" ?  "selected=\"selected\"" : ""; ?>><?=gettext("Start immediate");?></option>
+                      </select>
+                      <div class="hidden" for="help_for_auto">
+                        <?=gettext("Choose the connect behaviour here, when using CARP you might want to consider the Repond only option here (wait for the other side to connect)."); ?>.
+                      </div>
+                    </td>
+                  </tr>
                  <tr>
                    <td><a id="help_for_iketype" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Key Exchange version"); ?></td>
                    <td>