Skip to content

O
OpnSense
Commit 74870bbf authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

ipsec: iron out code oddities with apply/enable handling

parent 3947fff4
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 7 deletions
src/etc/inc/filter.inc
View file @ 74870bbf
...@@ -1550,7 +1550,7 @@ function filter_nat_rules_generate(&$FilterIflist) ...@@ -1550,7 +1550,7 @@ function filter_nat_rules_generate(&$FilterIflist)
} }
/* ipsec nat */ /* ipsec nat */
if (isset($config['ipsec']) && is_array($config['ipsec']) && isset($config['ipsec']['enable'])) { if (isset($config['ipsec']['enable'])) {
if (isset($config['ipsec']['phase2'])) { if (isset($config['ipsec']['phase2'])) {
foreach ($config['ipsec']['phase2'] as $ph2ent) { foreach ($config['ipsec']['phase2'] as $ph2ent) {
if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid']) && !isset($ph2ent['disabled'])) { if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid']) && !isset($ph2ent['disabled'])) {
...@@ -3187,10 +3187,8 @@ function filter_generate_ipsec_rules(&$FilterIflist, $log = array()) ...@@ -3187,10 +3187,8 @@ function filter_generate_ipsec_rules(&$FilterIflist, $log = array())
return "\n# VPN Rules not added disabled in System->Advanced.\n"; return "\n# VPN Rules not added disabled in System->Advanced.\n";
} }
$ipfrules = "\n# VPN Rules\n"; $ipfrules = "\n# VPN Rules\n";
if (isset($config['ipsec']['enable']) && if (isset($config['ipsec']['enable']) && isset($config['ipsec']['phase1'])) {
is_array($config['ipsec']['phase1'])) {
/* step through all phase1 entries */ /* step through all phase1 entries */
foreach ($config['ipsec']['phase1'] as $ph1ent) { foreach ($config['ipsec']['phase1'] as $ph1ent) {
if (isset ($ph1ent['disabled'])) { if (isset ($ph1ent['disabled'])) {
......
src/www/vpn_ipsec.php
View file @ 74870bbf
...@@ -79,15 +79,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -79,15 +79,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$a_phase2 = &$config['ipsec']['phase2']; $a_phase2 = &$config['ipsec']['phase2'];
if (isset($_POST['apply'])) { if (isset($_POST['apply'])) {
ipsec_configure(); ipsec_configure();
/* reload the filter in the background */
filter_configure(); filter_configure();
$savemsg = get_std_save_message(); $savemsg = get_std_save_message();
clear_subsystem_dirty('ipsec'); clear_subsystem_dirty('ipsec');
} elseif (isset($_POST['save'])) { } elseif (isset($_POST['save'])) {
$config['ipsec']['enable'] = !empty($_POST['enable']) ? true : false; if (!empty($_POST['enable'])) {
$config['ipsec']['enable'] = true;
} elseif (isset($config['ipsec']['enable'])) {
unset($config['ipsec']['enable']);
}
plugins_interfaces(false); plugins_interfaces(false);
write_config(); write_config();
ipsec_configure(); ipsec_configure();
filter_configure();
clear_subsystem_dirty('ipsec');
header("Location: vpn_ipsec.php"); header("Location: vpn_ipsec.php");
exit; exit;
} elseif (!empty($_POST['act']) && $_POST['act'] == "delphase1" ) { } elseif (!empty($_POST['act']) && $_POST['act'] == "delphase1" ) {
...@@ -313,7 +318,7 @@ $( document ).ready(function() { ...@@ -313,7 +318,7 @@ $( document ).ready(function() {
if (isset($savemsg)) { if (isset($savemsg)) {
print_info_box($savemsg); print_info_box($savemsg);
} }
if ($pconfig['enable'] && is_subsystem_dirty('ipsec')) { if (is_subsystem_dirty('ipsec')) {
print_info_box_apply(gettext("The IPsec tunnel configuration has been changed.") . "<br />" . gettext("You must apply the changes in order for them to take effect.")); print_info_box_apply(gettext("The IPsec tunnel configuration has been changed.") . "<br />" . gettext("You must apply the changes in order for them to take effect."));
}?> }?>
<section class="col-xs-12"> <section class="col-xs-12">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023