Skip to content

O
OpnSense
Commit 158269e1 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(legacy/ipsec) add "Connection method" to phase1 settings, closing... 

(legacy/ipsec) add "Connection method" to phase1 settings, closing https://github.com/opnsense/core/issues/477
parent 8c61c4f4
Show whitespace changes
Inline Side-by-side
Showing with 27 additions and 10 deletions
src/etc/inc/vpn.inc
View file @ 158269e1
...@@ -512,22 +512,24 @@ EOD; ...@@ -512,22 +512,24 @@ EOD;
} }
$keyexchange = "ikev1"; $keyexchange = "ikev1";
$passive = "route";
if (!empty($ph1ent['iketype']) && $ph1ent['iketype'] != "ikev1") { if (!empty($ph1ent['iketype']) && $ph1ent['iketype'] != "ikev1") {
$keyexchange = "ikev2"; $keyexchange = "ikev2";
//$passive = "start";
} else {
$passive = "route";
} }
if (isset($ph1ent['mobile'])) { if (isset($ph1ent['mobile'])) {
$right_spec = "%any"; $right_spec = "%any";
$passive = 'add';
} else { } else {
$right_spec = $ph1ent['remote-gateway']; $right_spec = $ph1ent['remote-gateway'];
} }
if (!empty($ph1ent['auto'])) {
$conn_auto = $ph1ent['auto'];
} elseif (isset($ph1ent['mobile'])) {
$conn_auto = 'add';
} else {
$conn_auto = 'route';
}
list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local");
list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap);
...@@ -552,7 +554,7 @@ EOD; ...@@ -552,7 +554,7 @@ EOD;
} }
if (!empty($ph1ent['dpd_delay']) && !empty($ph1ent['dpd_maxfail'])) { if (!empty($ph1ent['dpd_delay']) && !empty($ph1ent['dpd_maxfail'])) {
if ($passive == "route") { if ($conn_auto == "route") {
$dpdline = "dpdaction = restart"; $dpdline = "dpdaction = restart";
} else { } else {
$dpdline = "dpdaction = clear"; $dpdline = "dpdaction = clear";
...@@ -791,7 +793,7 @@ conn con<<connectionId>> ...@@ -791,7 +793,7 @@ conn con<<connectionId>>
installpolicy = yes installpolicy = yes
{$tunneltype} {$tunneltype}
{$dpdline} {$dpdline}
auto = {$passive} auto = {$conn_auto}
left = {$left_spec} left = {$left_spec}
right = {$right_spec} right = {$right_spec}
leftid = {$myid_data} leftid = {$myid_data}
......
src/www/vpn_ipsec_phase1.php
View file @ 158269e1
...@@ -87,7 +87,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -87,7 +87,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$phase1_fields = "mode,protocol,myid_type,myid_data,peerid_type,peerid_data $phase1_fields = "mode,protocol,myid_type,myid_data,peerid_type,peerid_data
,encryption-algorithm,hash-algorithm,dhgroup,lifetime,authentication_method,descr,nat_traversal ,encryption-algorithm,hash-algorithm,dhgroup,lifetime,authentication_method,descr,nat_traversal
,interface,iketype,dpd_delay,dpd_maxfail,remote-gateway,pre-shared-key,certref ,interface,iketype,dpd_delay,dpd_maxfail,remote-gateway,pre-shared-key,certref
,caref,reauth_enable,rekey_enable"; ,caref,reauth_enable,rekey_enable, auto";
if (isset($p1index) && isset($config['ipsec']['phase1'][$p1index])) { if (isset($p1index) && isset($config['ipsec']['phase1'][$p1index])) {
// 1-on-1 copy // 1-on-1 copy
foreach (explode(",", $phase1_fields) as $fieldname) { foreach (explode(",", $phase1_fields) as $fieldname) {
...@@ -359,7 +359,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -359,7 +359,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$copy_fields = "ikeid,iketype,interface,mode,protocol,myid_type,myid_data $copy_fields = "ikeid,iketype,interface,mode,protocol,myid_type,myid_data
,peerid_type,peerid_data,encryption-algorithm,hash-algorithm,dhgroup ,peerid_type,peerid_data,encryption-algorithm,hash-algorithm,dhgroup
,lifetime,pre-shared-key,certref,caref,authentication_method,descr ,lifetime,pre-shared-key,certref,caref,authentication_method,descr
,nat_traversal"; ,nat_traversal, auto";
foreach (explode(",",$copy_fields) as $fieldname) { foreach (explode(",",$copy_fields) as $fieldname) {
$fieldname = trim($fieldname); $fieldname = trim($fieldname);
...@@ -602,6 +602,21 @@ function dpdchkbox_change() { ...@@ -602,6 +602,21 @@ function dpdchkbox_change() {
</div> </div>
</td> </td>
</tr> </tr>
<tr>
<td><a id="help_for_auto" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Connection method"); ?></td>
<td>
<select name="auto" class="formselect">
<option value="" <?=empty($pconfig['auto']) ? "selected=\"selected\"" : ""; ?>><?=gettext("default");?></option>
<option value="add" <?=$pconfig['auto'] == "add" ? "selected=\"selected\"" : ""; ?>><?=gettext("Respond only");?></option>
<option value="route" <?=$pconfig['auto'] == "route" ? "selected=\"selected\"" : ""; ?>><?=gettext("Start on traffic");?></option>
<option value="start" <?=$pconfig['auto'] == "start" ? "selected=\"selected\"" : ""; ?>><?=gettext("Start immediate");?></option>
</select>
<div class="hidden" for="help_for_auto">
<?=gettext("Choose the connect behaviour here, when using CARP you might want to consider the Repond only option here (wait for the other side to connect)."); ?>.
</div>
</td>
</tr>
<tr> <tr>
<td><a id="help_for_iketype" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Key Exchange version"); ?></td> <td><a id="help_for_iketype" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Key Exchange version"); ?></td>
<td> <td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023