Commit 8f00c9c7 authored by Ad Schellevis's avatar Ad Schellevis

(ipsec) remove ipsec_force_reload, replace with...

(ipsec) remove ipsec_force_reload, replace with ipsec_configured_on_interface() to check if a tunnel is configured before reloading ipsec
parent 8b6108a8
...@@ -1288,35 +1288,15 @@ EOD; ...@@ -1288,35 +1288,15 @@ EOD;
return count($filterdns_list); return count($filterdns_list);
} }
/* function ipsec_configured_on_interface($interface)
* Forcefully restart IPsec
* This is required for when dynamic interfaces reload
* For all other occasions the normal ipsec_configure()
* will gracefully reload the settings without restarting
*/
function ipsec_force_reload($interface = '')
{ {
global $config; global $config;
if (!empty($config['ipsec']['phase1'][0])) {
$ipseccfg = $config['ipsec']; foreach ($config['ipsec']['phase1'] as $phase1) {
if (!isset($phase1['disabled']) && $phase1['interface'] == $interface) {
if (!empty($interface) && isset($ipseccfg['phase1']) && is_array($ipseccfg['phase1'])) { return true;
$found = false;
foreach ($ipseccfg['phase1'] as $ipsec) {
if (!isset($ipsec['disabled']) && ($ipsec['interface'] == $interface)) {
$found = true;
break;
}
} }
if (!$found) {
log_error(sprintf('Ignoring IPsec reload since there are no tunnels on interface %s', $interface));
return;
} }
} }
return false;
/* if ipsec is enabled, start up again */
if (isset($ipseccfg['enable'])) {
log_error('Forcefully reloading IPsec');
ipsec_configure();
}
} }
...@@ -200,7 +200,9 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface ...@@ -200,7 +200,9 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface
services_dyndns_configure($interface); services_dyndns_configure($interface);
/* reconfigure IPsec tunnels */ /* reconfigure IPsec tunnels */
ipsec_force_reload($interface); if (ipsec_configured_on_interface($interface)) {
ipsec_configure();
}
/* start OpenVPN server & clients */ /* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn") { if (substr($interface_real, 0, 4) != "ovpn") {
......
...@@ -125,7 +125,9 @@ if (is_ipaddrv6($oldipv6)) { ...@@ -125,7 +125,9 @@ if (is_ipaddrv6($oldipv6)) {
// Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing. // Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing.
if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) { if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) {
/* reconfigure IPsec tunnels */ /* reconfigure IPsec tunnels */
ipsec_force_reload($interface); if (ipsec_configured_on_interface($interface)) {
ipsec_configure();
}
/* start OpenVPN server & clients */ /* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn") if (substr($interface_real, 0, 4) != "ovpn")
...@@ -145,7 +147,9 @@ services_dnsupdate_process($interface); ...@@ -145,7 +147,9 @@ services_dnsupdate_process($interface);
services_dyndns_configure($interface); services_dyndns_configure($interface);
/* reconfigure IPsec tunnels */ /* reconfigure IPsec tunnels */
ipsec_force_reload($interface); if (ipsec_configured_on_interface($interface)) {
ipsec_configure();
}
/* start OpenVPN server & clients */ /* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn") if (substr($interface_real, 0, 4) != "ovpn")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment