Skip to content

O
OpnSense
Commit c68033bc authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

ipsec: strip vpn_ prefix from backend functions for clarity

parent 1373b01a
Show whitespace changes
Inline Side-by-side
Showing with 31 additions and 39 deletions
src/etc/inc/interfaces.inc
View file @ c68033bc
...@@ -1183,7 +1183,7 @@ function interfaces_configure() ...@@ -1183,7 +1183,7 @@ function interfaces_configure()
system_routing_configure(); system_routing_configure();
/* reload IPsec tunnels */ /* reload IPsec tunnels */
vpn_ipsec_configure(); ipsec_configure();
/* reload dhcpd (interface enabled/disabled status may have changed) */ /* reload dhcpd (interface enabled/disabled status may have changed) */
services_dhcpd_configure(); services_dhcpd_configure();
...@@ -3164,7 +3164,7 @@ function interface_configure($interface = 'wan', $reloadall = false, $linkupeven ...@@ -3164,7 +3164,7 @@ function interface_configure($interface = 'wan', $reloadall = false, $linkupeven
system_routing_configure($interface); system_routing_configure($interface);
/* reload ipsec tunnels */ /* reload ipsec tunnels */
vpn_ipsec_configure(); ipsec_configure();
/* restart dnsmasq or unbound */ /* restart dnsmasq or unbound */
if (isset($config['dnsmasq']['enable'])) { if (isset($config['dnsmasq']['enable'])) {
......
src/etc/inc/ipsec.inc
View file @ c68033bc
...@@ -400,7 +400,7 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) { ...@@ -400,7 +400,7 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
} }
/* include all configuration functions */ /* include all configuration functions */
function vpn_ipsec_convert_to_modp($index) function ipsec_convert_to_modp($index)
{ {
$convertion = ""; $convertion = "";
switch ($index) { switch ($index) {
...@@ -433,7 +433,7 @@ function vpn_ipsec_convert_to_modp($index) ...@@ -433,7 +433,7 @@ function vpn_ipsec_convert_to_modp($index)
return $convertion; return $convertion;
} }
function vpn_ipsec_configure() function ipsec_configure()
{ {
global $config, $p2_ealgos, $ipsec_loglevels; global $config, $p2_ealgos, $ipsec_loglevels;
...@@ -913,7 +913,7 @@ EOD; ...@@ -913,7 +913,7 @@ EOD;
} else { } else {
$ealgosp1 = "ike = {$ealg_id}-{$ph1ent['hash-algorithm']}"; $ealgosp1 = "ike = {$ealg_id}-{$ph1ent['hash-algorithm']}";
} }
$modp = vpn_ipsec_convert_to_modp($ph1ent['dhgroup']); $modp = ipsec_convert_to_modp($ph1ent['dhgroup']);
if (!empty($modp)) { if (!empty($modp)) {
$ealgosp1 .= "-{$modp}"; $ealgosp1 .= "-{$modp}";
} }
...@@ -1086,7 +1086,7 @@ EOD; ...@@ -1086,7 +1086,7 @@ EOD;
foreach ($ph2ent['hash-algorithm-option'] as $halgo) { foreach ($ph2ent['hash-algorithm-option'] as $halgo) {
$halgo = str_replace('hmac_', '', $halgo); $halgo = str_replace('hmac_', '', $halgo);
$tmpealgo = "{$ealg_id}{$keylen}-{$halgo}"; $tmpealgo = "{$ealg_id}{$keylen}-{$halgo}";
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); $modp = ipsec_convert_to_modp($ph2ent['pfsgroup']);
if (!empty($modp)) { if (!empty($modp)) {
$tmpealgo .= "-{$modp}"; $tmpealgo .= "-{$modp}";
} }
...@@ -1094,7 +1094,7 @@ EOD; ...@@ -1094,7 +1094,7 @@ EOD;
} }
} else { } else {
$tmpealgo = "{$ealg_id}{$keylen}"; $tmpealgo = "{$ealg_id}{$keylen}";
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); $modp = ipsec_convert_to_modp($ph2ent['pfsgroup']);
if (!empty($modp)) { if (!empty($modp)) {
$tmpealgo .= "-{$modp}"; $tmpealgo .= "-{$modp}";
} }
...@@ -1107,7 +1107,7 @@ EOD; ...@@ -1107,7 +1107,7 @@ EOD;
foreach ($ph2ent['hash-algorithm-option'] as $halgo) { foreach ($ph2ent['hash-algorithm-option'] as $halgo) {
$halgo = str_replace('hmac_', '', $halgo); $halgo = str_replace('hmac_', '', $halgo);
$tmpealgo = "{$ealg_id}{$ealg_kl}-{$halgo}"; $tmpealgo = "{$ealg_id}{$ealg_kl}-{$halgo}";
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); $modp = ipsec_convert_to_modp($ph2ent['pfsgroup']);
if (!empty($modp)) { if (!empty($modp)) {
$tmpealgo .= "-{$modp}"; $tmpealgo .= "-{$modp}";
} }
...@@ -1115,7 +1115,7 @@ EOD; ...@@ -1115,7 +1115,7 @@ EOD;
} }
} else { } else {
$tmpealgo = "{$ealg_id}{$ealg_kl}"; $tmpealgo = "{$ealg_id}{$ealg_kl}";
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); $modp = ipsec_convert_to_modp($ph2ent['pfsgroup']);
if (!empty($modp)) { if (!empty($modp)) {
$tmpealgo .= "-{$modp}"; $tmpealgo .= "-{$modp}";
} }
...@@ -1128,7 +1128,7 @@ EOD; ...@@ -1128,7 +1128,7 @@ EOD;
} else if (isset($ph2ent['protocol']) && $ph2ent['protocol'] == 'ah') { } else if (isset($ph2ent['protocol']) && $ph2ent['protocol'] == 'ah') {
$ealgoAHsp2arr_details = array(); $ealgoAHsp2arr_details = array();
if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) { if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) {
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']); $modp = ipsec_convert_to_modp($ph2ent['pfsgroup']);
foreach ($ph2ent['hash-algorithm-option'] as $tmpAHalgo) { foreach ($ph2ent['hash-algorithm-option'] as $tmpAHalgo) {
$tmpAHalgo = str_replace('hmac_', '', $tmpAHalgo); $tmpAHalgo = str_replace('hmac_', '', $tmpAHalgo);
if (!empty($modp)) { if (!empty($modp)) {
...@@ -1295,10 +1295,10 @@ EOD; ...@@ -1295,10 +1295,10 @@ EOD;
/* /*
* Forcefully restart IPsec * Forcefully restart IPsec
* This is required for when dynamic interfaces reload * This is required for when dynamic interfaces reload
* For all other occasions the normal vpn_ipsec_configure() * For all other occasions the normal ipsec_configure()
* will gracefully reload the settings without restarting * will gracefully reload the settings without restarting
*/ */
function vpn_ipsec_force_reload($interface = '') function ipsec_force_reload($interface = '')
{ {
global $config; global $config;
...@@ -1321,6 +1321,6 @@ function vpn_ipsec_force_reload($interface = '') ...@@ -1321,6 +1321,6 @@ function vpn_ipsec_force_reload($interface = '')
/* if ipsec is enabled, start up again */ /* if ipsec is enabled, start up again */
if (isset($ipseccfg['enable'])) { if (isset($ipseccfg['enable'])) {
log_error(gettext("Forcefully reloading IPsec")); log_error(gettext("Forcefully reloading IPsec"));
vpn_ipsec_configure(); ipsec_configure();
} }
} }
src/etc/inc/xmlrpc/legacy.inc
View file @ c68033bc
...@@ -256,7 +256,7 @@ function restore_config_section_xmlrpc($new_config) ...@@ -256,7 +256,7 @@ function restore_config_section_xmlrpc($new_config)
} }
if (isset($old_config['ipsec']['enable']) !== isset($config['ipsec']['enable'])) { if (isset($old_config['ipsec']['enable']) !== isset($config['ipsec']['enable'])) {
vpn_ipsec_configure(); ipsec_configure();
} }
unset($old_config); unset($old_config);
......
src/etc/rc.bootup
View file @ c68033bc
...@@ -319,7 +319,7 @@ filter_configure_sync(); ...@@ -319,7 +319,7 @@ filter_configure_sync();
vpn_setup(); vpn_setup();
/* start IPsec tunnels */ /* start IPsec tunnels */
$ipsec_dynamic_hosts = vpn_ipsec_configure(); $ipsec_dynamic_hosts = ipsec_configure();
/* start SNMP service */ /* start SNMP service */
services_snmpd_configure(); services_snmpd_configure();
...@@ -360,7 +360,7 @@ system_syslogd_start(); ...@@ -360,7 +360,7 @@ system_syslogd_start();
/* If there are ipsec dynamic hosts try again to reload the tunnels as rc.newipsecdns does */ /* If there are ipsec dynamic hosts try again to reload the tunnels as rc.newipsecdns does */
if ($ipsec_dynamic_hosts) { if ($ipsec_dynamic_hosts) {
vpn_ipsec_configure(); ipsec_configure();
filter_configure(); filter_configure();
} }
......
src/etc/rc.newipsecdns
View file @ c68033bc
...@@ -50,9 +50,10 @@ if (isset($config['ipsec']['enable'])) { ...@@ -50,9 +50,10 @@ if (isset($config['ipsec']['enable'])) {
$ipseclck = lock('ipsecdns', LOCK_EX); $ipseclck = lock('ipsecdns', LOCK_EX);
vpn_ipsec_configure(); ipsec_configure();
if (isset($config['ipsec']['failoverforcereload'])) if (isset($config['ipsec']['failoverforcereload'])) {
vpn_ipsec_force_reload(); ipsec_force_reload();
}
unlock($ipseclck); unlock($ipseclck);
src/etc/rc.newwanip
View file @ c68033bc
...@@ -201,7 +201,7 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface ...@@ -201,7 +201,7 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface
services_dyndns_configure($interface); services_dyndns_configure($interface);
/* reconfigure IPsec tunnels */ /* reconfigure IPsec tunnels */
vpn_ipsec_force_reload($interface); ipsec_force_reload($interface);
/* start OpenVPN server & clients */ /* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn") { if (substr($interface_real, 0, 4) != "ovpn") {
......
src/etc/rc.newwanipv6
View file @ c68033bc
...@@ -127,7 +127,7 @@ if (is_ipaddrv6($oldipv6)) { ...@@ -127,7 +127,7 @@ if (is_ipaddrv6($oldipv6)) {
// Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing. // Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing.
if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) { if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) {
/* reconfigure IPsec tunnels */ /* reconfigure IPsec tunnels */
vpn_ipsec_force_reload($interface); ipsec_force_reload($interface);
/* start OpenVPN server & clients */ /* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn") if (substr($interface_real, 0, 4) != "ovpn")
...@@ -147,7 +147,7 @@ services_dnsupdate_process($interface); ...@@ -147,7 +147,7 @@ services_dnsupdate_process($interface);
services_dyndns_configure($interface); services_dyndns_configure($interface);
/* reconfigure IPsec tunnels */ /* reconfigure IPsec tunnels */
vpn_ipsec_force_reload($interface); ipsec_force_reload($interface);
/* start OpenVPN server & clients */ /* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn") if (substr($interface_real, 0, 4) != "ovpn")
......
src/www/vpn_ipsec.php
View file @ c68033bc
...@@ -79,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -79,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$a_phase1 = &$config['ipsec']['phase1']; $a_phase1 = &$config['ipsec']['phase1'];
$a_phase2 = &$config['ipsec']['phase2']; $a_phase2 = &$config['ipsec']['phase2'];
if (isset($_POST['apply'])) { if (isset($_POST['apply'])) {
$retval = vpn_ipsec_configure(); $retval = ipsec_configure();
/* reload the filter in the background */ /* reload the filter in the background */
filter_configure(); filter_configure();
$savemsg = get_std_save_message(); $savemsg = get_std_save_message();
...@@ -91,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -91,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} elseif (isset($_POST['save'])) { } elseif (isset($_POST['save'])) {
$config['ipsec']['enable'] = !empty($_POST['enable']) ? true : false; $config['ipsec']['enable'] = !empty($_POST['enable']) ? true : false;
write_config(); write_config();
vpn_ipsec_configure(); ipsec_configure();
header("Location: vpn_ipsec.php"); header("Location: vpn_ipsec.php");
exit; exit;
} elseif (!empty($_POST['act']) && $_POST['act'] == "delphase1" ) { } elseif (!empty($_POST['act']) && $_POST['act'] == "delphase1" ) {
......
src/www/vpn_ipsec_keys.php
View file @ c68033bc
...@@ -57,13 +57,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -57,13 +57,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} }
} elseif (isset($_POST['apply'])) { } elseif (isset($_POST['apply'])) {
// apply changes // apply changes
$retval = vpn_ipsec_configure(); ipsec_configure();
/* reload the filter in the background */
filter_configure(); filter_configure();
$savemsg = get_std_save_message(); $savemsg = get_std_save_message();
if (is_subsystem_dirty('ipsec')) {
clear_subsystem_dirty('ipsec'); clear_subsystem_dirty('ipsec');
}
} else { } else {
// nothing to post, redirect // nothing to post, redirect
header("Location: vpn_ipsec_keys.php"); header("Location: vpn_ipsec_keys.php");
......
src/www/vpn_ipsec_mobile.php
View file @ c68033bc
...@@ -90,14 +90,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -90,14 +90,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
exit; exit;
} elseif (isset($_POST['apply'])) { } elseif (isset($_POST['apply'])) {
// apply changes // apply changes
$retval = 0; ipsec_configure();
$retval = vpn_ipsec_configure();
$savemsg = get_std_save_message(); $savemsg = get_std_save_message();
if ($retval >= 0) {
if (is_subsystem_dirty('ipsec')) {
clear_subsystem_dirty('ipsec'); clear_subsystem_dirty('ipsec');
}
}
header("Location: vpn_ipsec_mobile.php?savemsg=".$savemsg); header("Location: vpn_ipsec_mobile.php?savemsg=".$savemsg);
exit; exit;
} elseif (isset($_POST['submit'])) { } elseif (isset($_POST['submit'])) {
......
src/www/vpn_ipsec_phase1.php
View file @ c68033bc
...@@ -400,7 +400,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -400,7 +400,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} }
/* if the remote gateway changed and the interface is not WAN then remove route */ /* if the remote gateway changed and the interface is not WAN then remove route */
/* the vpn_ipsec_configure() handles adding the route */ /* the ipsec_configure() handles adding the route */
if ($pconfig['interface'] <> "wan") { if ($pconfig['interface'] <> "wan") {
if ($old_ph1ent['remote-gateway'] <> $pconfig['remote-gateway']) { if ($old_ph1ent['remote-gateway'] <> $pconfig['remote-gateway']) {
mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}"); mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
......
src/www/vpn_ipsec_settings.php
View file @ c68033bc
...@@ -100,9 +100,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -100,9 +100,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
write_config(); write_config();
$savemsg = get_std_save_message(); $savemsg = get_std_save_message();
filter_configure(); filter_configure();
vpn_ipsec_configure(); ipsec_configure();
} }
$service_hook = 'ipsec'; $service_hook = 'ipsec';
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023