ipsec: iron out code oddities with apply/enable handling

74870bbf · Franco Fichtner · 3947fff4 · 74870bbf · 74870bbf
Commit 74870bbf authored Aug 28, 2016 by Franco Fichtner
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 7 deletions

filter.inc src/etc/inc/filter.inc +2 -4

vpn_ipsec.php src/www/vpn_ipsec.php +8 -3

No files found.
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -1550,7 +1550,7 @@ function filter_nat_rules_generate(&$FilterIflist)
    }

    /* ipsec nat */
-    if (isset($config['ipsec']) && is_array($config['ipsec']) && isset($config['ipsec']['enable'])) {
+    if (isset($config['ipsec']['enable'])) {
        if (isset($config['ipsec']['phase2'])) {
          foreach ($config['ipsec']['phase2'] as $ph2ent) {
              if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid']) && !isset($ph2ent['disabled'])) {
@@ -3187,10 +3187,8 @@ function filter_generate_ipsec_rules(&$FilterIflist, $log = array())
        return "\n# VPN Rules not added disabled in System->Advanced.\n";
    }

-
    $ipfrules = "\n# VPN Rules\n";
-    if (isset($config['ipsec']['enable']) &&
-      is_array($config['ipsec']['phase1'])) {
+    if (isset($config['ipsec']['enable']) && isset($config['ipsec']['phase1'])) {
        /* step through all phase1 entries */
        foreach ($config['ipsec']['phase1'] as $ph1ent) {
            if (isset ($ph1ent['disabled'])) {

--- a/src/www/vpn_ipsec.php
+++ b/src/www/vpn_ipsec.php
@@ -79,15 +79,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $a_phase2 = &$config['ipsec']['phase2'];
    if (isset($_POST['apply'])) {
        ipsec_configure();
-        /* reload the filter in the background */
        filter_configure();
        $savemsg = get_std_save_message();
        clear_subsystem_dirty('ipsec');
    } elseif (isset($_POST['save'])) {
-        $config['ipsec']['enable'] = !empty($_POST['enable']) ? true : false;
+        if (!empty($_POST['enable'])) {
+            $config['ipsec']['enable'] = true;
+        } elseif (isset($config['ipsec']['enable'])) {
+            unset($config['ipsec']['enable']);
+        }
        plugins_interfaces(false);
        write_config();
        ipsec_configure();
+        filter_configure();
+        clear_subsystem_dirty('ipsec');
        header("Location: vpn_ipsec.php");
        exit;
    } elseif (!empty($_POST['act']) && $_POST['act'] == "delphase1" ) {
@@ -313,7 +318,7 @@ $( document ).ready(function() {
      if (isset($savemsg)) {
          print_info_box($savemsg);
      }
-      if ($pconfig['enable'] && is_subsystem_dirty('ipsec')) {
+      if (is_subsystem_dirty('ipsec')) {
          print_info_box_apply(gettext("The IPsec tunnel configuration has been changed.") . "<br />" . gettext("You must apply the changes in order for them to take effect."));
      }?>
      <section class="col-xs-12">