Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
c68033bc
Commit
c68033bc
authored
Feb 19, 2016
by
Franco Fichtner
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ipsec: strip vpn_ prefix from backend functions for clarity
parent
1373b01a
Changes
12
Hide whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
31 additions
and
39 deletions
+31
-39
interfaces.inc
src/etc/inc/interfaces.inc
+2
-2
ipsec.inc
src/etc/inc/ipsec.inc
+11
-11
legacy.inc
src/etc/inc/xmlrpc/legacy.inc
+1
-1
rc.bootup
src/etc/rc.bootup
+2
-2
rc.newipsecdns
src/etc/rc.newipsecdns
+4
-3
rc.newwanip
src/etc/rc.newwanip
+1
-1
rc.newwanipv6
src/etc/rc.newwanipv6
+2
-2
vpn_ipsec.php
src/www/vpn_ipsec.php
+2
-2
vpn_ipsec_keys.php
src/www/vpn_ipsec_keys.php
+2
-5
vpn_ipsec_mobile.php
src/www/vpn_ipsec_mobile.php
+2
-7
vpn_ipsec_phase1.php
src/www/vpn_ipsec_phase1.php
+1
-1
vpn_ipsec_settings.php
src/www/vpn_ipsec_settings.php
+1
-2
No files found.
src/etc/inc/interfaces.inc
View file @
c68033bc
...
@@ -1183,7 +1183,7 @@ function interfaces_configure()
...
@@ -1183,7 +1183,7 @@ function interfaces_configure()
system_routing_configure
();
system_routing_configure
();
/* reload IPsec tunnels */
/* reload IPsec tunnels */
vpn_
ipsec_configure
();
ipsec_configure
();
/* reload dhcpd (interface enabled/disabled status may have changed) */
/* reload dhcpd (interface enabled/disabled status may have changed) */
services_dhcpd_configure
();
services_dhcpd_configure
();
...
@@ -3164,7 +3164,7 @@ function interface_configure($interface = 'wan', $reloadall = false, $linkupeven
...
@@ -3164,7 +3164,7 @@ function interface_configure($interface = 'wan', $reloadall = false, $linkupeven
system_routing_configure
(
$interface
);
system_routing_configure
(
$interface
);
/* reload ipsec tunnels */
/* reload ipsec tunnels */
vpn_
ipsec_configure
();
ipsec_configure
();
/* restart dnsmasq or unbound */
/* restart dnsmasq or unbound */
if
(
isset
(
$config
[
'dnsmasq'
][
'enable'
]))
{
if
(
isset
(
$config
[
'dnsmasq'
][
'enable'
]))
{
...
...
src/etc/inc/ipsec.inc
View file @
c68033bc
...
@@ -400,7 +400,7 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
...
@@ -400,7 +400,7 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
}
}
/* include all configuration functions */
/* include all configuration functions */
function
vpn_
ipsec_convert_to_modp
(
$index
)
function
ipsec_convert_to_modp
(
$index
)
{
{
$convertion
=
""
;
$convertion
=
""
;
switch
(
$index
)
{
switch
(
$index
)
{
...
@@ -433,7 +433,7 @@ function vpn_ipsec_convert_to_modp($index)
...
@@ -433,7 +433,7 @@ function vpn_ipsec_convert_to_modp($index)
return
$convertion
;
return
$convertion
;
}
}
function
vpn_
ipsec_configure
()
function
ipsec_configure
()
{
{
global
$config
,
$p2_ealgos
,
$ipsec_loglevels
;
global
$config
,
$p2_ealgos
,
$ipsec_loglevels
;
...
@@ -913,7 +913,7 @@ EOD;
...
@@ -913,7 +913,7 @@ EOD;
}
else
{
}
else
{
$ealgosp1
=
"ike =
{
$ealg_id
}
-
{
$ph1ent
[
'hash-algorithm'
]
}
"
;
$ealgosp1
=
"ike =
{
$ealg_id
}
-
{
$ph1ent
[
'hash-algorithm'
]
}
"
;
}
}
$modp
=
vpn_
ipsec_convert_to_modp
(
$ph1ent
[
'dhgroup'
]);
$modp
=
ipsec_convert_to_modp
(
$ph1ent
[
'dhgroup'
]);
if
(
!
empty
(
$modp
))
{
if
(
!
empty
(
$modp
))
{
$ealgosp1
.=
"-
{
$modp
}
"
;
$ealgosp1
.=
"-
{
$modp
}
"
;
}
}
...
@@ -1086,7 +1086,7 @@ EOD;
...
@@ -1086,7 +1086,7 @@ EOD;
foreach
(
$ph2ent
[
'hash-algorithm-option'
]
as
$halgo
)
{
foreach
(
$ph2ent
[
'hash-algorithm-option'
]
as
$halgo
)
{
$halgo
=
str_replace
(
'hmac_'
,
''
,
$halgo
);
$halgo
=
str_replace
(
'hmac_'
,
''
,
$halgo
);
$tmpealgo
=
"
{
$ealg_id
}{
$keylen
}
-
{
$halgo
}
"
;
$tmpealgo
=
"
{
$ealg_id
}{
$keylen
}
-
{
$halgo
}
"
;
$modp
=
vpn_
ipsec_convert_to_modp
(
$ph2ent
[
'pfsgroup'
]);
$modp
=
ipsec_convert_to_modp
(
$ph2ent
[
'pfsgroup'
]);
if
(
!
empty
(
$modp
))
{
if
(
!
empty
(
$modp
))
{
$tmpealgo
.=
"-
{
$modp
}
"
;
$tmpealgo
.=
"-
{
$modp
}
"
;
}
}
...
@@ -1094,7 +1094,7 @@ EOD;
...
@@ -1094,7 +1094,7 @@ EOD;
}
}
}
else
{
}
else
{
$tmpealgo
=
"
{
$ealg_id
}{
$keylen
}
"
;
$tmpealgo
=
"
{
$ealg_id
}{
$keylen
}
"
;
$modp
=
vpn_
ipsec_convert_to_modp
(
$ph2ent
[
'pfsgroup'
]);
$modp
=
ipsec_convert_to_modp
(
$ph2ent
[
'pfsgroup'
]);
if
(
!
empty
(
$modp
))
{
if
(
!
empty
(
$modp
))
{
$tmpealgo
.=
"-
{
$modp
}
"
;
$tmpealgo
.=
"-
{
$modp
}
"
;
}
}
...
@@ -1107,7 +1107,7 @@ EOD;
...
@@ -1107,7 +1107,7 @@ EOD;
foreach
(
$ph2ent
[
'hash-algorithm-option'
]
as
$halgo
)
{
foreach
(
$ph2ent
[
'hash-algorithm-option'
]
as
$halgo
)
{
$halgo
=
str_replace
(
'hmac_'
,
''
,
$halgo
);
$halgo
=
str_replace
(
'hmac_'
,
''
,
$halgo
);
$tmpealgo
=
"
{
$ealg_id
}{
$ealg_kl
}
-
{
$halgo
}
"
;
$tmpealgo
=
"
{
$ealg_id
}{
$ealg_kl
}
-
{
$halgo
}
"
;
$modp
=
vpn_
ipsec_convert_to_modp
(
$ph2ent
[
'pfsgroup'
]);
$modp
=
ipsec_convert_to_modp
(
$ph2ent
[
'pfsgroup'
]);
if
(
!
empty
(
$modp
))
{
if
(
!
empty
(
$modp
))
{
$tmpealgo
.=
"-
{
$modp
}
"
;
$tmpealgo
.=
"-
{
$modp
}
"
;
}
}
...
@@ -1115,7 +1115,7 @@ EOD;
...
@@ -1115,7 +1115,7 @@ EOD;
}
}
}
else
{
}
else
{
$tmpealgo
=
"
{
$ealg_id
}{
$ealg_kl
}
"
;
$tmpealgo
=
"
{
$ealg_id
}{
$ealg_kl
}
"
;
$modp
=
vpn_
ipsec_convert_to_modp
(
$ph2ent
[
'pfsgroup'
]);
$modp
=
ipsec_convert_to_modp
(
$ph2ent
[
'pfsgroup'
]);
if
(
!
empty
(
$modp
))
{
if
(
!
empty
(
$modp
))
{
$tmpealgo
.=
"-
{
$modp
}
"
;
$tmpealgo
.=
"-
{
$modp
}
"
;
}
}
...
@@ -1128,7 +1128,7 @@ EOD;
...
@@ -1128,7 +1128,7 @@ EOD;
}
else
if
(
isset
(
$ph2ent
[
'protocol'
])
&&
$ph2ent
[
'protocol'
]
==
'ah'
)
{
}
else
if
(
isset
(
$ph2ent
[
'protocol'
])
&&
$ph2ent
[
'protocol'
]
==
'ah'
)
{
$ealgoAHsp2arr_details
=
array
();
$ealgoAHsp2arr_details
=
array
();
if
(
!
empty
(
$ph2ent
[
'hash-algorithm-option'
])
&&
is_array
(
$ph2ent
[
'hash-algorithm-option'
]))
{
if
(
!
empty
(
$ph2ent
[
'hash-algorithm-option'
])
&&
is_array
(
$ph2ent
[
'hash-algorithm-option'
]))
{
$modp
=
vpn_
ipsec_convert_to_modp
(
$ph2ent
[
'pfsgroup'
]);
$modp
=
ipsec_convert_to_modp
(
$ph2ent
[
'pfsgroup'
]);
foreach
(
$ph2ent
[
'hash-algorithm-option'
]
as
$tmpAHalgo
)
{
foreach
(
$ph2ent
[
'hash-algorithm-option'
]
as
$tmpAHalgo
)
{
$tmpAHalgo
=
str_replace
(
'hmac_'
,
''
,
$tmpAHalgo
);
$tmpAHalgo
=
str_replace
(
'hmac_'
,
''
,
$tmpAHalgo
);
if
(
!
empty
(
$modp
))
{
if
(
!
empty
(
$modp
))
{
...
@@ -1295,10 +1295,10 @@ EOD;
...
@@ -1295,10 +1295,10 @@ EOD;
/*
/*
* Forcefully restart IPsec
* Forcefully restart IPsec
* This is required for when dynamic interfaces reload
* This is required for when dynamic interfaces reload
* For all other occasions the normal
vpn_
ipsec_configure()
* For all other occasions the normal ipsec_configure()
* will gracefully reload the settings without restarting
* will gracefully reload the settings without restarting
*/
*/
function
vpn_
ipsec_force_reload
(
$interface
=
''
)
function
ipsec_force_reload
(
$interface
=
''
)
{
{
global
$config
;
global
$config
;
...
@@ -1321,6 +1321,6 @@ function vpn_ipsec_force_reload($interface = '')
...
@@ -1321,6 +1321,6 @@ function vpn_ipsec_force_reload($interface = '')
/* if ipsec is enabled, start up again */
/* if ipsec is enabled, start up again */
if
(
isset
(
$ipseccfg
[
'enable'
]))
{
if
(
isset
(
$ipseccfg
[
'enable'
]))
{
log_error
(
gettext
(
"Forcefully reloading IPsec"
));
log_error
(
gettext
(
"Forcefully reloading IPsec"
));
vpn_
ipsec_configure
();
ipsec_configure
();
}
}
}
}
src/etc/inc/xmlrpc/legacy.inc
View file @
c68033bc
...
@@ -256,7 +256,7 @@ function restore_config_section_xmlrpc($new_config)
...
@@ -256,7 +256,7 @@ function restore_config_section_xmlrpc($new_config)
}
}
if
(
isset
(
$old_config
[
'ipsec'
][
'enable'
])
!==
isset
(
$config
[
'ipsec'
][
'enable'
]))
{
if
(
isset
(
$old_config
[
'ipsec'
][
'enable'
])
!==
isset
(
$config
[
'ipsec'
][
'enable'
]))
{
vpn_
ipsec_configure
();
ipsec_configure
();
}
}
unset
(
$old_config
);
unset
(
$old_config
);
...
...
src/etc/rc.bootup
View file @
c68033bc
...
@@ -319,7 +319,7 @@ filter_configure_sync();
...
@@ -319,7 +319,7 @@ filter_configure_sync();
vpn_setup
();
vpn_setup
();
/* start IPsec tunnels */
/* start IPsec tunnels */
$ipsec_dynamic_hosts
=
vpn_
ipsec_configure
();
$ipsec_dynamic_hosts
=
ipsec_configure
();
/* start SNMP service */
/* start SNMP service */
services_snmpd_configure
();
services_snmpd_configure
();
...
@@ -360,7 +360,7 @@ system_syslogd_start();
...
@@ -360,7 +360,7 @@ system_syslogd_start();
/* If there are ipsec dynamic hosts try again to reload the tunnels as rc.newipsecdns does */
/* If there are ipsec dynamic hosts try again to reload the tunnels as rc.newipsecdns does */
if
(
$ipsec_dynamic_hosts
)
{
if
(
$ipsec_dynamic_hosts
)
{
vpn_
ipsec_configure
();
ipsec_configure
();
filter_configure
();
filter_configure
();
}
}
...
...
src/etc/rc.newipsecdns
View file @
c68033bc
...
@@ -50,9 +50,10 @@ if (isset($config['ipsec']['enable'])) {
...
@@ -50,9 +50,10 @@ if (isset($config['ipsec']['enable'])) {
$ipseclck
=
lock
(
'ipsecdns'
,
LOCK_EX
);
$ipseclck
=
lock
(
'ipsecdns'
,
LOCK_EX
);
vpn_
ipsec_configure
();
ipsec_configure
();
if
(
isset
(
$config
[
'ipsec'
][
'failoverforcereload'
]))
if
(
isset
(
$config
[
'ipsec'
][
'failoverforcereload'
]))
{
vpn_ipsec_force_reload
();
ipsec_force_reload
();
}
unlock
(
$ipseclck
);
unlock
(
$ipseclck
);
src/etc/rc.newwanip
View file @
c68033bc
...
@@ -201,7 +201,7 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface
...
@@ -201,7 +201,7 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface
services_dyndns_configure
(
$interface
);
services_dyndns_configure
(
$interface
);
/* reconfigure IPsec tunnels */
/* reconfigure IPsec tunnels */
vpn_
ipsec_force_reload
(
$interface
);
ipsec_force_reload
(
$interface
);
/* start OpenVPN server & clients */
/* start OpenVPN server & clients */
if
(
substr
(
$interface_real
,
0
,
4
)
!=
"ovpn"
)
{
if
(
substr
(
$interface_real
,
0
,
4
)
!=
"ovpn"
)
{
...
...
src/etc/rc.newwanipv6
View file @
c68033bc
...
@@ -127,7 +127,7 @@ if (is_ipaddrv6($oldipv6)) {
...
@@ -127,7 +127,7 @@ if (is_ipaddrv6($oldipv6)) {
// Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing.
// Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing.
if
(
in_array
(
$config
[
'interfaces'
][
$interface
][
'ipaddrv6'
],
array
(
'pppoe'
,
'pptp'
,
'ppp'
)))
{
if
(
in_array
(
$config
[
'interfaces'
][
$interface
][
'ipaddrv6'
],
array
(
'pppoe'
,
'pptp'
,
'ppp'
)))
{
/* reconfigure IPsec tunnels */
/* reconfigure IPsec tunnels */
vpn_
ipsec_force_reload
(
$interface
);
ipsec_force_reload
(
$interface
);
/* start OpenVPN server & clients */
/* start OpenVPN server & clients */
if
(
substr
(
$interface_real
,
0
,
4
)
!=
"ovpn"
)
if
(
substr
(
$interface_real
,
0
,
4
)
!=
"ovpn"
)
...
@@ -147,7 +147,7 @@ services_dnsupdate_process($interface);
...
@@ -147,7 +147,7 @@ services_dnsupdate_process($interface);
services_dyndns_configure
(
$interface
);
services_dyndns_configure
(
$interface
);
/* reconfigure IPsec tunnels */
/* reconfigure IPsec tunnels */
vpn_
ipsec_force_reload
(
$interface
);
ipsec_force_reload
(
$interface
);
/* start OpenVPN server & clients */
/* start OpenVPN server & clients */
if
(
substr
(
$interface_real
,
0
,
4
)
!=
"ovpn"
)
if
(
substr
(
$interface_real
,
0
,
4
)
!=
"ovpn"
)
...
...
src/www/vpn_ipsec.php
View file @
c68033bc
...
@@ -79,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
...
@@ -79,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$a_phase1
=
&
$config
[
'ipsec'
][
'phase1'
];
$a_phase1
=
&
$config
[
'ipsec'
][
'phase1'
];
$a_phase2
=
&
$config
[
'ipsec'
][
'phase2'
];
$a_phase2
=
&
$config
[
'ipsec'
][
'phase2'
];
if
(
isset
(
$_POST
[
'apply'
]))
{
if
(
isset
(
$_POST
[
'apply'
]))
{
$retval
=
vpn_
ipsec_configure
();
$retval
=
ipsec_configure
();
/* reload the filter in the background */
/* reload the filter in the background */
filter_configure
();
filter_configure
();
$savemsg
=
get_std_save_message
();
$savemsg
=
get_std_save_message
();
...
@@ -91,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
...
@@ -91,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
elseif
(
isset
(
$_POST
[
'save'
]))
{
}
elseif
(
isset
(
$_POST
[
'save'
]))
{
$config
[
'ipsec'
][
'enable'
]
=
!
empty
(
$_POST
[
'enable'
])
?
true
:
false
;
$config
[
'ipsec'
][
'enable'
]
=
!
empty
(
$_POST
[
'enable'
])
?
true
:
false
;
write_config
();
write_config
();
vpn_
ipsec_configure
();
ipsec_configure
();
header
(
"Location: vpn_ipsec.php"
);
header
(
"Location: vpn_ipsec.php"
);
exit
;
exit
;
}
elseif
(
!
empty
(
$_POST
[
'act'
])
&&
$_POST
[
'act'
]
==
"delphase1"
)
{
}
elseif
(
!
empty
(
$_POST
[
'act'
])
&&
$_POST
[
'act'
]
==
"delphase1"
)
{
...
...
src/www/vpn_ipsec_keys.php
View file @
c68033bc
...
@@ -57,13 +57,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
...
@@ -57,13 +57,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
}
}
elseif
(
isset
(
$_POST
[
'apply'
]))
{
}
elseif
(
isset
(
$_POST
[
'apply'
]))
{
// apply changes
// apply changes
$retval
=
vpn_ipsec_configure
();
ipsec_configure
();
/* reload the filter in the background */
filter_configure
();
filter_configure
();
$savemsg
=
get_std_save_message
();
$savemsg
=
get_std_save_message
();
if
(
is_subsystem_dirty
(
'ipsec'
))
{
clear_subsystem_dirty
(
'ipsec'
);
clear_subsystem_dirty
(
'ipsec'
);
}
}
else
{
}
else
{
// nothing to post, redirect
// nothing to post, redirect
header
(
"Location: vpn_ipsec_keys.php"
);
header
(
"Location: vpn_ipsec_keys.php"
);
...
...
src/www/vpn_ipsec_mobile.php
View file @
c68033bc
...
@@ -90,14 +90,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
...
@@ -90,14 +90,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
exit
;
exit
;
}
elseif
(
isset
(
$_POST
[
'apply'
]))
{
}
elseif
(
isset
(
$_POST
[
'apply'
]))
{
// apply changes
// apply changes
$retval
=
0
;
ipsec_configure
();
$retval
=
vpn_ipsec_configure
();
$savemsg
=
get_std_save_message
();
$savemsg
=
get_std_save_message
();
if
(
$retval
>=
0
)
{
clear_subsystem_dirty
(
'ipsec'
);
if
(
is_subsystem_dirty
(
'ipsec'
))
{
clear_subsystem_dirty
(
'ipsec'
);
}
}
header
(
"Location: vpn_ipsec_mobile.php?savemsg="
.
$savemsg
);
header
(
"Location: vpn_ipsec_mobile.php?savemsg="
.
$savemsg
);
exit
;
exit
;
}
elseif
(
isset
(
$_POST
[
'submit'
]))
{
}
elseif
(
isset
(
$_POST
[
'submit'
]))
{
...
...
src/www/vpn_ipsec_phase1.php
View file @
c68033bc
...
@@ -400,7 +400,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
...
@@ -400,7 +400,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
}
/* if the remote gateway changed and the interface is not WAN then remove route */
/* if the remote gateway changed and the interface is not WAN then remove route */
/* the
vpn_
ipsec_configure() handles adding the route */
/* the ipsec_configure() handles adding the route */
if
(
$pconfig
[
'interface'
]
<>
"wan"
)
{
if
(
$pconfig
[
'interface'
]
<>
"wan"
)
{
if
(
$old_ph1ent
[
'remote-gateway'
]
<>
$pconfig
[
'remote-gateway'
])
{
if
(
$old_ph1ent
[
'remote-gateway'
]
<>
$pconfig
[
'remote-gateway'
])
{
mwexec
(
"/sbin/route delete -host
{
$old_ph1ent
[
'remote-gateway'
]
}
"
);
mwexec
(
"/sbin/route delete -host
{
$old_ph1ent
[
'remote-gateway'
]
}
"
);
...
...
src/www/vpn_ipsec_settings.php
View file @
c68033bc
...
@@ -100,9 +100,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
...
@@ -100,9 +100,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
write_config
();
write_config
();
$savemsg
=
get_std_save_message
();
$savemsg
=
get_std_save_message
();
filter_configure
();
filter_configure
();
vpn_
ipsec_configure
();
ipsec_configure
();
}
}
$service_hook
=
'ipsec'
;
$service_hook
=
'ipsec'
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment